last executing test programs: 2m1.02407939s ago: executing program 3 (id=1022): close_range$auto(0x2, 0xa, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), r0) sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0xffff}, @OVS_DP_ATTR_UPCALL_PID={0x8}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040}, 0x240008c0) clone$auto(0x5, 0x2c000, &(0x7f0000000180)=0xffff, &(0x7f00000001c0)=0x3, 0x8) socket(0x2, 0x801, 0x106) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000240), r0) sendmsg$auto_HWSIM_CMD_REGISTER(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="0b0325bd7000fddbdf2501000000040011003cca2108e9fc5ff888514d3d276a3ef5f9b0027e6b9bfba9bf338ccba89a2f2677bddb78bae0ad92c34fdb406783d2032f4fe5942b77b7c6360e1228c9a387138220a3e3ee0ee01086483fb65fe3833f2f71e818793032da324a19d827d4f4ee7858e3bc18107bf47d527ddbe940db4eec00ff6a1dfbe12ad8"], 0x18}, 0x1, 0x0, 0x0, 0x4008001}, 0x80) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000000)="42bf46", 0x3) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/hugepages-512kB/enabled\x00', 0x129302, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xfffff, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x8, 0x4, 0x1) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) shutdown$auto(0x200000003, 0x2) 1m57.958862231s ago: executing program 3 (id=1035): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x7ffe) r0 = socket(0xa, 0x5, 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = fanotify_init$auto(0xb6, 0x10000) fanotify_mark$auto(r2, 0x205, 0x100002, 0x4, 0x0) r3 = fanotify_init$auto(0xba, 0x0) fanotify_mark$auto(r3, 0x205, 0x100002, 0x4, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card0/pcm0c/sub6/info\x00', 0x101000, 0x0) syz_genetlink_get_family_id$auto_nlbl_calipso(&(0x7f0000000000), r0) select$auto(0x2, &(0x7f00000001c0)={[0xa, 0x2, 0x800, 0x80, 0x8000, 0x7, 0x400000000, 0x9, 0x0, 0x7, 0x1, 0x1, 0x1, 0x100, 0x4, 0x9]}, &(0x7f0000000240)={[0x8000000000000000, 0x40, 0xc44, 0x100000000, 0x9, 0x7, 0x7, 0x5, 0x0, 0x8000, 0x5, 0xcdc, 0xb35d, 0x800, 0x6, 0x7fffffff]}, &(0x7f0000000380)={[0x36c1, 0x7, 0x5, 0x6, 0x10000, 0x97, 0x0, 0x5, 0x7, 0x9, 0xfffffffffffffffe, 0x4, 0xef, 0x8000000000000001, 0x7b0c, 0x6]}, &(0x7f0000000140)={0x8, 0x71edac97}) pread64$auto(r4, 0x0, 0x10000000000b, 0x2) getsockopt$auto(r0, 0x84, 0x10, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) r5 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x801}, 0x8050) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2a801, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd4\x00', 0x40001, 0x0) socket(0xa, 0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x81, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000000, 0xe) r6 = socket(0x29, 0x5, 0x0) write$auto(r6, 0x0, 0xfffffdfa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000", @ANYRES8=r5, @ANYRES8=r5], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) r7 = socket(0x10, 0x2, 0xc) ioctl$auto_FS_IOC_FIEMAP(r5, 0xc020660b, r1) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r7, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4000000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) close_range$auto(r4, r5, 0x2) 1m54.71022877s ago: executing program 3 (id=1047): r0 = open(&(0x7f0000000000)='.\x00', 0x20000, 0x90) ioctl$auto_USBDEVFS_FORBID_SUSPEND(r0, 0x5521, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r2 = socket(0xa, 0x1, 0x84) ioperm$auto(0x7f, 0xb0f9, 0x149) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000026bd7000fedbdf250300000006000600810000000600070000800000060006000e0000000a00050000000000000000000a00010000000000000000000a000500aaaaaaaaaa400000080003004100000008000200", @ANYRES32=0x0, @ANYBLOB="0800040080007cf7000000000000005477dd7562a9b30000"], 0x68}, 0x1, 0x0, 0x0, 0x20040084}, 0x44098) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x2, 0x3, 0x100) socket(0x2, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYRES32=r3, @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getsockopt$auto(r2, 0x84, 0x85, 0x0, &(0x7f00000000c0)=0x646b) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/usbcore/parameters/quirks\x00', 0xc0202, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x40090) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r5, 0x0, 0x20) write$auto(r4, 0x0, 0x300000000000) read$auto(r1, 0x0, 0x6) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x8020009, 0xe2, 0xcb1, 0x401, 0x8040001008000) socket(0x3, 0x80002, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) 1m54.002188293s ago: executing program 3 (id=1049): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x9, 0x9) r0 = clone$auto(0xd2d2, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) r1 = gettid() r2 = fcntl$auto(0xffffffffffffffff, 0x7, r0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), r3) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000980)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="2f212cbd7000fc39ad872c00000008000300", @ANYRES32=r5], 0x40}}, 0x4000000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000180)="bff32e36240000004d836cf147c83be958edd5a94b1fd8dbaaf3403549fe0f31f810a025c4", 0x7112}, 0x8) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r6 = io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) r7 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r8 = socket(0x11, 0x80003, 0x300) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r8, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000040)={0xf4, r7, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x8001}, @NL80211_ATTR_STA_EXT_CAPABILITY={0x4a, 0xac, "6080b1a71b853ad2beb8ed2e643247a640da425cf600ea9cd8e449a87e70c1fa7274a1fbc67d231bef0133ff7271606ad2391124c12cd0937a6f31c33eb54cd67468a46084e7"}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x4}, @NL80211_ATTR_SAE_PASSWORD={0x71, 0x115, "deb97e7fd42a4279fcfa695c9e4d098e6cf6662f3de1edec5f81cdf576d97483361f80d5ce56abd13e4ba67227cd8698db4ef8867c7ca9957b8a2a6959eef53260b2143317d73c11d8051e921f4b8d532090225353df2d395fb4e0b6200b8da8758248a6d2969b6f6d7b34d171"}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x8}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x6}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4004091}, 0x40850) io_uring_enter$auto(r6, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3) move_pages$auto(0x0, 0xa, 0x0, 0x0, 0x0, 0x2) io_uring_enter$auto(0x3, 0x5, 0x5f3, 0x3, 0x0, 0x2) sendmsg$auto_NL80211_CMD_DEL_PMKSA(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r4, 0x800, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4004080}, 0x4c810) process_vm_readv$auto(r1, &(0x7f0000000040)={0x0, 0x2}, 0x4, &(0x7f00000000c0)={0x0, 0x100000000000002}, 0x6, 0x0) mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) 1m51.080451883s ago: executing program 3 (id=1058): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mremap$auto(0x0, 0x4, 0x3fd6, 0x3, 0x20000000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/set_event\x00', 0x20001, 0x0) setsockopt$auto(r0, 0x2, 0x1, &(0x7f00000000c0)='{/^!\\\x00', 0x401) write$auto(r0, &(0x7f0000009fc0)=']/\\,^-.),:\x00', 0x81a) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) munmap$auto(0x8000, 0xffffffff) 1m49.9148384s ago: executing program 3 (id=1062): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/i8042/serio0/set\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) mmap$auto(0xfffffffffffffffd, 0x400008, 0xdf, 0x51c, 0x2, 0x407ffe) set_mempolicy$auto(0x6, 0x0, 0x4) madvise$auto(0x110c230000, 0x8031ca, 0x9) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0x2) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x20499d, 0x9) r1 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r1, &(0x7f00000000c0)=""/4096, 0x1000) r2 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x200, 0x8c, 0x525425b579531c2b}, 0x18) ioctl$auto_TIOCGPTPEER2(r0, 0x5441, 0x0) mount_setattr$auto(r2, &(0x7f00000010c0)='./file0\x00', 0x0, &(0x7f0000001100)={0x6, 0x4, 0x2, @inferred=r1}, 0x80000000) r3 = fcntl$auto_F_SETFD(r1, 0x2, 0xffffffffffffffff) seccomp$auto(0x200, 0x100, &(0x7f0000001140)="d368ac3c16f41e4794de6475ecefa66f66927d6e1e08bbc96ff1dc2f99") madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) mmap$auto(0x0, 0x3, 0x400000003, 0xfffffffffffffffc, r3, 0x4) r4 = socketcall$auto_SYS_GETSOCKNAME(0x6, 0x0) fcntl$auto_F_GETOWN_EX(r4, 0x10, 0x0) memfd_create$auto(0x0, 0x9) timer_create$auto(0x3, 0x0, 0x0) timer_settime$auto(0x0, 0xd80, &(0x7f0000000040)={{0x40000000000026b, 0x4}, {0x0, 0x83}}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) lseek$auto(0x3, 0x20000, 0x1) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x2, 0x2) mknod$auto(&(0x7f0000001180)='./file0\x00', 0x73, 0x2) 1m49.281094634s ago: executing program 32 (id=1062): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/i8042/serio0/set\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) mmap$auto(0xfffffffffffffffd, 0x400008, 0xdf, 0x51c, 0x2, 0x407ffe) set_mempolicy$auto(0x6, 0x0, 0x4) madvise$auto(0x110c230000, 0x8031ca, 0x9) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0x2) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x20499d, 0x9) r1 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r1, &(0x7f00000000c0)=""/4096, 0x1000) r2 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x200, 0x8c, 0x525425b579531c2b}, 0x18) ioctl$auto_TIOCGPTPEER2(r0, 0x5441, 0x0) mount_setattr$auto(r2, &(0x7f00000010c0)='./file0\x00', 0x0, &(0x7f0000001100)={0x6, 0x4, 0x2, @inferred=r1}, 0x80000000) r3 = fcntl$auto_F_SETFD(r1, 0x2, 0xffffffffffffffff) seccomp$auto(0x200, 0x100, &(0x7f0000001140)="d368ac3c16f41e4794de6475ecefa66f66927d6e1e08bbc96ff1dc2f99") madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) mmap$auto(0x0, 0x3, 0x400000003, 0xfffffffffffffffc, r3, 0x4) r4 = socketcall$auto_SYS_GETSOCKNAME(0x6, 0x0) fcntl$auto_F_GETOWN_EX(r4, 0x10, 0x0) memfd_create$auto(0x0, 0x9) timer_create$auto(0x3, 0x0, 0x0) timer_settime$auto(0x0, 0xd80, &(0x7f0000000040)={{0x40000000000026b, 0x4}, {0x0, 0x83}}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) lseek$auto(0x3, 0x20000, 0x1) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x2, 0x2) mknod$auto(&(0x7f0000001180)='./file0\x00', 0x73, 0x2) 11.873215003s ago: executing program 0 (id=1595): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video52\x00', 0x0, 0x0) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) socket(0x18, 0x2, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x3, 0xfffffffffffffffd, 0xd4, 0x80000000000000, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/pcmC1D1p\x00', 0x200a00, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) sendmsg$auto_CTRL_CMD_GETFAMILY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x400c0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0) sendmsg$auto_CTRL_CMD_GETFAMILY(0xffffffffffffffff, 0x0, 0x1) msgctl$auto_IPC_SET(0x38d3, 0x1, 0x0) r2 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = socket(0x2, 0x801, 0x106) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(r2, &(0x7f00000000c0)=@in={0x2, 0x0, @loopback}, 0x55) setsockopt$auto(r3, 0x6, 0x1e, 0x0, 0xa1) writev$auto(r0, &(0x7f0000000140)={&(0x7f0000001680)="b6c10e29340967671d3842f084826f1e74408c166091261cb6f7c11c2094ab86cf134746878d3016e7aa9af8b0c6466236db3997949d2a146c3ec44457b352bfb0f6e238ed915ae4be31c85face435fcfc0a4fc13f3a0bd1c5aaec5cb6ffbaed95a34571915ac1c0b0431d0de06845b119cb33aec9aa2b954749d923d180e59c784ae116fc4cf75efb2b229e026d2988ae61e184533fca881072e8390658b3f4da26b0176df0b987b00023f558c72582c2088ed881c71d433f96cc0c371e140c5d86e8e326955084a12c143acc7cc00f4ca8f8bf76ddd08d7e55b40f3e9317ad9e778ac19a2b9e3ab79ead2c56f3ce019fdc62aeb6d5b10a68dd7aefa8dc5f3911bc6ba80f9e601a945a122387b1cd9a73e816d4dc658d0e1970c2e6975b0fde1602e7e653ea13183768c15b269807df2c0a42efcef00f14244c1c8fc133bae29ae02ac55b39a6dad5586d41088d21c5916fb18bc2cbe67a510826a5b2e44a12ca4273c72115c600a568c0ba6e0f0671588a7870d5ae7e2147893d0d0be8290720dbfefbbe31ee63c3ec1a7dd002a9322f0abb0cd3c5bbfff869014d1c4dec58acfd0e1949116cd233900df2efff684f794ba2d784a75f15c3e03374c059806bf4947f0d0b71971d5993f214a3ea81de7a0f6dbe9db125720603c8589abf8cd90ee8c5cbe548a6e60b07cc5c162a8be9f073b1358761d596c5837099c7aca7a5c1e642b2dde0b3063f4d19fadd7cc2fed4edca0422db7c8a28c3d7574645082bfe16731b64d708473b270bf8a553f1e411072d84e37668079cce5db729a73337f1397f76a1775c1cec45267c5f1e5a7c62c2bdc29e5d7d1492d30261bb295bfc59ec7e79e0722010403f16ff5c74f37446d4a9dae45a57b68428d7df2eaf9b119342e7aef2dfd14a4e968d50c6e2c51dd1eab11427cc709a41db34c3dd1f306f8eae0c14e369cbe71389327db4ac3c40c7cc35d078118aff57abbbc1fe123025453d58f2d77bd9cb7e18c509eefa4e2a8eb357749c2f93bbcbc29b2009639ef2fd4e5640be4f8ea5fdc1d9a42e6f1e2fa8253b0305e68a484486e864d1e4a1a2d65be023c7116b44e87830540a770c103c303e3a45f9490f9d1e376573ed5cbf12b1a0c962dd04a85f07729bbce60a9b809b0b0d43b9a888c146d8e4b4cd2eec519466f7bc91ec4313b8e71a444e4bb15aeed7bb023926784530e60b55a031f5d21dd8b92e3f248872e014271c438108333773c72aff78126fa5f68a1289c4cee56fc05adf6d8039800225ad5b6c5209772ebbfdc5f7728e1e4683fe78358ec82714da7f8537e195e75e6af5f79701ca50b973684e8943a13f81cb3b0bd572ceb07858f79b5f8bdc087d516ea64925fb67b9057a079d7b7f333ed23419f46ca7b507242c221b51da4409d0a609326bbfcefb4a1472adb25291183faaa6d7a24d3a64310ec9c0e683b245d405b1bd3c4da0e474293533e39ed4f66a205473c6855cdf07c2e1a40f0cefd092f7bff459515492bfab3afafa5d3c521b16853ec585aaee59a8be682cae8b8a9e72a341a63dd417604c406277f74ae014fd45d0373b250b245e1cd8d0ecfbb6caaeb7fd45f3dc14cfb599e24664d58bdaf2a3de4155f6fe3c96a3a689a0d647fc3dcf1ab5c3e5588b2532e7b4bc618cfacb014c506311a4b29f6f2dff0f5d7cfeaca5ab6d8002a78a7bf7e153cedb0ddaca145214638d0d7b12c5cc9dd67542e2876466d1ccbb2ef2386abb6fcc1b1e7daee299bd6bcf1093e9d45e5300a70b1d00e4b5113d91669c4bf993b693b678ccadc53aa2f96ddb102d7d3d94c6dcc495f357e318691a6f34aa1f53bf3d2e6e06d317e2e2828af9d74ca40ffe62b69aff581aa29d5539b353a4f280ead375a799f3bc63b17560dbcf8bf09c5b5de7569faad37dfac99ff81f15f64986a46d6eaae5f15f8f49b1703574ee705745e37d98b43a275daba7606f7a351f7551e0736c63456a5866e76d0a321b3e9b14bc58a47cdd31939e8ba56c482797d9ae79c2f1010b7f504b2f4ae6ae2bb00afe0706574b5047b61e2ac77448a63f194cfdab52e860b5d996a5453f4487534dd7a13f9edb60b9ba1c6ac5aeef34f70d965b489b01d5a6113ddf0d7b6bccf5112935b73b7c88d1a5eaf5efce41ccd81b34a2349a8b0e58e147ed72462b099536727d39516be62182db289df1216ec444c705f2b3e1435fb6c1dfd447a7ffa1c8c9b1c8e27267d009ab2fc7ba80ddad1c3ddd4a3b8f73dfea208f32a089cf184d8649525c5de076c04350a5e49f31facfc61db652eabe452aac1b30115ec09d2128f1a8d2dbf3bb1f75cc64b60a79a02d939284620dde705a414a7c56da9a89923cd73c527325270f6872d73d9c2adb32f56510ea6327182c8efbc7f8875fadd59e3323b04baacae87dfabad58521cff2b13bdb1eb79890aa2e1675a88946ec0f508822b776477c8ea983a1fb09f23f5193ca7d546e91fa9b0181405189e2d8d54fec5146d798784d9adeb55478a99c10c6ec1a0fc6a1bbb95aa7577bc90ccd256b98b3d94d2b7e86e0564aee44d8af41a4f380e0dce7dd03d5a903abcceb8217592a92002ef3092b549754172a2f64079a956cf6d5aad18c78774be6372ebf46d9a8ad5ace79483e3e20373dbe8ab3cd5fc4dbb9f8a8d90976d6061db14df73471c08b9163173c83bf73f7f5a75117813a920b180786130fdfb2fbd2bddd91820f161c7d395a837f59a301165533b52b309110f0a518179c6f4341622e3985381a4b05babde122e2cb871bddeed1e551430cdd08a2aa3a149aed302fc3f57914d52ed49058de86efdda8bc3df0c4f486fde1a0e276168dd317478e530deb6efa31a0249826a7ed887821bb874e11de535257e8c47ce5c5648029b49a17cd43665f0e57dae4221ca02209251a2217ea9c3a0304142c25968e76982687e2e3915b4195a1f96e9b58f3e0c3f91872a1c694d5d505460a6112c0e320408e3c51d1e87fa750bc8268468db31049f4e90e433968275a8f2cb067634754c0254b9916469f1a2bb53114c8288c7592be3964736cd4c3cefd6294bb9ff5481ae13202757d7fd78fbe3ea76d7baf6af9ce605a51acf11944a30f020000000000000083ed6dd01cd95bec1427e19439084b56d09eef79020ccefdfc98799d8cf30e42ecdfb9fc5dcaafe1fea43aa864230ca65a91e16fc9393686cee4608a663bf8142d1768ab24f008554d532afef27a83b81ed6d2214accb394ee9f75e825f75aba72c129fd1c3f65bf37ba4a85501b66d6f3ebfbfef0b986f059caa6e60e1876a245ce61e4b691ad98cd21a081b5e9b951603700ec3b31a37baeece1d5b8994805c3e89d2c4e229f25c0b68b698030067a5761988a3b60aa63d9e410998135b58c9de89164e7ae3be6769fab3bf7956419cc7af22d7d1e015f35bf94130e8cebe9cc64a260ddee2295b7abe5ce5a4fb5779ff94a28506408368a8da5aa6fb0d3770db42026395883c346c90214983ce0ff503ce615aa254f31f332d82e8c5c790be1620107b685cb42f5f13fcbb50d2da14e04e73f0f6ca962dcd161183ae73323c3d7cb3cf24993da87e539943f926b89241dbd81c3c0604c97b08163832b95cebdd993b3432c973aafcb8e47cd763a67987b63d43731d953ef667e40fe65f094aa8344daf42c0c147648a74ea24c083a97cbcb42859907c326a139e80f08f7a5c05a69a011d4574a68366503913fe75ae3173af514129f85ea2437b41e1b47d3bebdc0a7e21544cd80790619bf9b58cc773a229468fbda617d051644617e7848ab27bb88cf778c9cb8289f580d27ff8db0603a776524f984a8778f050ee88c07498879f1780de6707c1740b6f4649ae2bb461d4880c884342aa91056dcbe887a1697dc0040605764f91bbe4ec04b96de7f4e36c4d5b4e860fd95e788e696403016cc83bfcfceab50d05881cc1208488d7470c9e48095581e1e11cba8157b08ef7792eed95a1fad757345aa6ccf81666dac5396bf122a94d229691a3adcb926475277c09fe712d8f72a0fe3630b0c4b268cf20d132bb3daf8d7d30e8a9b603551ff77ef338eef5517509f2b6392c0167c937cb46cc56846e9dd1f8bfaecfa5a1b0d1557347ad2d73f34aa87cf84f13abeb9bcb06168059d97265f1531353e9e9ad81ed9261594a8831d87cb2e1bd0d880ab14f7b973f23a8999fe58f1562dc2754e8c889a044aba3b33e10f361562e368e212b4522370bf548db1c1ebaaf137ca4cab04f6bcaffbd3d6e508ec39d854f408c5591e42bf8c248e2fcddbac35624221ae14b3f8499f0be26441d79b0ddf2961f4d423d70435de7603f07de58056419596023c03599ee7202664e4f67b592b5da898feaa50a1a84ca7d107e6db63c86fb3091c8b54208512f41f28687d082b2e91872d484aefa9594249cb962ed022f1c8e456a6053bc0326b13a0f62585530f813bb093da860699b42357f8617ef01046bfe004ff18127824ec01355393d57fe14d880ecdc13dbe75a9ecc0199cbe0294b0dd6d7c7be63f7502613a70d569661aa3732ed9ba4abc0596d326c19133ea4b26cb11bd5a71ef9d8f97d9b010dab043a19b3a8a34de72e7002b7de821a02889f4c997f0f1385ba6705d43766871ede01300d11e2c01e91b47866482837caf9195d0abde77b4c4e73cf5da39e5c27d981339ad7df1179be8732963a25767a3536de10948814d1f2cf75417c83b9c5fdd17cbc0378448f877fa226d7091f1085ee9f8550e4abc679b681d9dc45ab1ff3389bd04eb51b56d9adbb5689894d4aeed6156d8991a482b2655511323a340ebd5497aaec5244d8bda818fa9e59c1841e8db5a5e094eff4b4321f2d95ece2a43a606d20a98d2417b935fc9bb5c9ae54d4080349be7c5ec4ca1d8b4f80b3f29b110a8dc91487453ba4dff9ec270c2d5e1554d316283f00be9e86828943c3d24af9eb7eb3358a738907a977c9234cc1def08771c6d11ca6988f9b6841db8a7da5dd9eb5cce3488179871d8a69be1114190c60729947aa14988b54963573d022e91a64b08c2e56811b31cd892229daf334f0533188367b825f9ab1e888b460a397a57a69152c89d0efee117a1454f93874864d4d47abc0b5a2d016334fbc1649ab6617d2bb8e133d8ec35761452ff077b6013e78207a4f73419ae7276c348c2f6c98210385a0e77914b1ba33ad1696539d6ee124dd34dad4573efbf770a0210fac0d9e685abffb19aa61d4b07cd3c263dde4cc392272b1ee4369bbbc747c487c977d56dc97f8b911f2f966c6fe3c82e30f296664fe2cc08a6beceeef5c348c3d1561c06e10ce98a8abf0d3f6189122c4e6b6f7ebceb4b6a1f5c7d7ccdcf25094bff3c9186e92f4e88de31e6779dba76aa6f0db758d94a1bc78c9bd21217714b775c343a35024fc45d4f1e896f24e870ec79b7725dc51d5657af43b4b24333776076f1a16da2b7462a0df9d69c71ade733c36e203d814300f8b46f3e5b18aec080685b65a6f2a6bdf5757488c8b67e3d142c4c32280a3096f7bf282b514e37c28414734d95fff9bc921d8cd7d5191aaf654a36641980dc5c97bd4370bb030d06c516eeb9d3855796769c6e122ce89cf31958a9d23c94f5bc19350e3ae8cb27ee2671680ac77e78e08b7e1151245fdb9835b6d82b46639ad3bc4584e8809287091a063b101514061994813f5d97da676005b9327764eb5ae8d6cee0ff19bf583d70f472418954bd8de6b2bb4638296a0b578c7f712c6eaf1c9b2ab7e6df82dde327bb17ea48a14d9dd6158b399483d9472ccda9669cb9f35aaeb3064e54b68dc964899250b2565c814a04f2e220a437f5bd3c492438185aa0e38f4745d54631ecbe53a113718225ae0acbfb50cc02ebfe7d6705233f9287f96ece1dc518072597874067cb3d61399ab54adbd25c349fab50e175e3b0b085b89e96bfb139331de74437055082d3100bc04c44255fbad85ac8d828de46812b8651c044c87440753f6d86bdc726812ec6e74a863916b0d63363e90ca71f24c32b583ce43e51b0283755903d883b4665b35ba3f17a72537c60e9875be144b120ca36b3e0ebe11c757abfa5126c924b52bb6de3c8605668789fc89565f413b1f9960ecd19ef0405682f5522a1cf92d806dac3fa5fef22f057d71ba8251dededc39f773c3ddbbe114372d49a95949337362687207940cfff2ece563c1c4daf36b04bfa59c20f9205cfb78fa4207bb7852d770ecf8cd8e1044087e84401c361e5d702a2095ad1dc903d93a88dd8f8b2c359cee73668813d8b3fddf974b917284365cacd15892493d481ebadc9ec624709da55d9d9af9ddec80f7b8abcf14b9de3139000974715fc0dd4d94a851a61b70e40c855f9776f888003276dbc7aae1aaaaa2c0471e13afb3be96ad78c84f509229c973b04a5565c0a532de8538997719a0429917b63d2a641586ff94925db513960d961d9e64bfa3960d138818281ec819624509f53", 0x402}, 0x7) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x21, 0x2, 0x2) socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0x2, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card0\x00', 0x129800, 0x0) 10.912472705s ago: executing program 0 (id=1600): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto(0x3, 0x0, 0x9) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/security/tomoyo/manager\x00', 0x280000, 0x0) read$auto(r1, 0x0, 0xb4d3) socket(0x29, 0x801, 0x84) shutdown$auto(0x200000003, 0x2) mmap$auto(0xe6eb, 0x6, 0xdf, 0x9b72, 0x5, 0x10000007fff) fstatfs$auto(0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netfilter/nfnetlink_queue\x00', 0x101000, 0x0) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0x8040ae9f, 0x0) bpf$auto(0x1, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex, 0x1da12b45, 0x8, @netfilter={0xc28, 0x581, 0x0, 0x5}}, 0x6f3) shutdown$auto(0x200000003, 0x2) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x632b491c) unshare$auto(0x40000080) setresgid$auto(0x0, 0x0, 0x0) setresgid$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x82842, 0x85) read$auto(r0, 0x0, 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/use-gss-proxy\x00', 0x48041, 0x0) 9.950716459s ago: executing program 0 (id=1603): mount$auto(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000800)='\xa1>f\x95\b\x00\xa8\xf4\x8d\x01?2\xe8\xd9\xa0\xfb\xad \xf3Pb9\xec\xf5\nD\x8b \xf5d\x00\x80\x805X\x88\xfa\x15\x94\x82s-\xbd0\x92>\x8d~\x95\xdb\x99\xce\xd6E\xda\x01\xfb\x03!\xbf\x9e/00\xd1Y(\x98p(tBv5\xb9\xf2\xe5J\xeb\xb35\xeaoV\xfc\x8c\x8c\xbf!G\x9cc\x8f\x8b\xaa\x02k\xd1\fYu\xbd\xd4\xf67\xeb$O\x17\a\x03\x02\xd0\xf0\xbe\xeb\xef\xe7l\xeav]\xa5\x1d\xdea\xc7g\xc7\x04Hcd\xa5\xcb!yE\x9cE*\'\xe8\x93;\xae\xef\r\x90n\xb8\xa9NL\x10#\xces\xb1\xd6@KV\xbf\xd5e\xb7\xa2\xd6\xad\x90\xec\xe3\xc1\xad\xe0\x99\x02\x89+\xe0 \xab\x87V\x8f\x9fpa\xf6GJ\x8f3\xa6\xa9x7\xb7\'\xaf\xbf\x1d2q?6\x84\x1dX\x7f\xcf\x80\xfd\xb3\x89r\f\x8a\xbd\xcb\xdd=\x00\x00\x00', 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) timer_create$auto(0x8, 0x0, 0x0) timer_settime$auto(0x0, 0x9, &(0x7f00000000c0)={{0x7fff, 0x30d}, {0x7, 0x4}}, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8000008, 0x4, 0x38a1, 0x3, 0x1, 0x940, 0x1ffdb, 0x8, 0x4, 0x6, 0x29, 0x7, 0x8, 0x4, 0xb0, 0x7, 0x9, 0x6, 0x7, 0x6, 0x80000000, 0xffffffff, 0x4, 0x0, 0x0, 0x7, [0x101, 0x3, 0x20000000000000d9, 0x4, 0x2000000000, 0x3903, 0x20000000000000, 0x8, 0xe, 0xb, 0x9, 0x8000, 0x0, 0x5, 0x0, 0x0, 0xbfffffffffffffba, 0x0, 0x0, 0x0, 0x4e7a, 0xffffffeffffffffc, 0x6, 0xffffffffd858e6ff, 0xceb, 0xfffffffffffffffb, 0xfffffffffffffffc, 0xe539, 0x9, 0x96f, 0x9, 0x1, 0x4001, 0x3, 0x0, 0x5, 0x8, 0x54c3, 0xfffffffffffffffd, 0x4, 0x0, 0x0, 0x40000000000002, 0x0, 0x8, 0x4]}, 0x0, 0x81) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0xfffffffffffffffd) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x1001, 0x0, 0xf, 0x0, 0x0, 0x9}, 0x7}, 0x68, 0x200002) bind$auto(0xffffffffffffffff, &(0x7f0000000080)=@llc={0x1a, 0x13, 0xfd, 0xb4, 0xa, 0xa0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x3) mlockall$auto(0x7) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x9, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x6, 0x400008, 0xe0, 0x9b75, 0xffffffffffffffff, 0x80000001) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000440), 0xffffffffffffffff) openat$auto_iommufd_fops_main(0xffffffffffffff9c, 0x0, 0x80001, 0x0) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd7000f9dbdf250100000005000d00100000000500070010000000080009009c781e2108000a400800000014001f000000000000000000c0feffff0000400214002000ff05fafffffd00000000dd202737b21910e0c39c017592b23a7765e32e11fd5603fc80cdb10bf91fdc7f2d5f0c68e447009e8e6438e23b386bb727adcc052dee223682059a42951f846e443adbf50fac5e50a9d1a902aeb2e3b8720ec8886ea296c8a033605d28707dd4f9815463cdb9f9c97952c5d27cadaf0478575b9e889d936ee5e6623b72c91a"], 0x78}, 0x1, 0x0, 0x0, 0x40010}, 0x400c004) r4 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r4, &(0x7f00000005c0)="1100000005000000000000000001000000", 0x11) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7ffe) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000280)={'veth0_to_hsr\x00', 0x0}) bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x6, 0x80000000, 0xffffffffffffffff, 0x61, 0x404, 0x0, 0x0, 0x80f0c5, 0x20, "38c1d5cbcb9f6b5e511f0cd8ed068f65", r7, 0x113e33f2, 0xffffffffffffffff, 0xe4, 0x6, 0x9, 0x3ad, 0x5, 0x0, 0x6, @attach_prog_fd, 0x6, 0xffff, 0x7fc, 0x91, 0x7ff}, 0x4a) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 9.304339425s ago: executing program 0 (id=1606): syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) gettid() mmap$auto(0x1, 0x8, 0xdf, 0x9b7e, 0x2, 0x8000) semctl$auto_IPC_INFO(0x0, 0x8, 0x3, 0x6) mmap$auto(0x2, 0x820009, 0x4000000000df, 0xeb1, 0x401, 0x8001) unshare$auto(0x40000080) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd0, 0x0, 0x4) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/ieee80211/phy2/addresses\x00', 0x8a340, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)=""/112, 0x70) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x18, r2, 0x1b, 0x70bd26, 0x25dfdbfc, {}, [@OVS_PACKET_ATTR_PROBE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4004040}, 0xc840) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\a\x00\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getrandom$auto(0x0, 0x6000000, 0x3) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000980)='/dev/snd/controlC0\x00', 0x0, 0x0) socket(0x1d, 0x3, 0x1) mount$auto(&(0x7f00000000c0)='syzkaller1\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='ovs_packet\x00', 0x0, &(0x7f00000001c0)="0cb47113516fea17b99cc7219fd0e23143bf") socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000140)='ns/user\x00') mmap$auto(0x0, 0x400007, 0x19dc, 0x13, 0x2, 0x7fff) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x31, 0x8000, 0x1ffde, 0x1, 0x2, 0x1, 0x9, 0x3, 0x5, 0x8, 0x3002, 0x9, 0xb, 0x80010002, 0x80, 0x400, 0x0, 0x7, 0x2, 0x203, 0x400, 0x84, [0xffffffffffffffff, 0x0, 0x0, 0xff, 0x4, 0x6, 0x7, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x0, 0x7, 0x1, 0x4, 0x7, 0x16128f2c, 0x5, 0x200000000000, 0x100000000, 0xffffffffefffffff, 0x3, 0x0, 0x8000, 0x2, 0x8000000000003, 0x400000000005b8, 0xc, 0x4000000000, 0x8, 0x3, 0x6, 0x6, 0x890, 0x800000000000a, 0x3, 0x1000, 0xa38, 0x6, 0x0, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x200000000009, 0x0, 0x100000]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008000) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) close_range$auto(r3, 0xffffffffffffffff, 0x6) 7.959436782s ago: executing program 0 (id=1610): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mremap$auto(0x0, 0x4, 0x3fd6, 0x3, 0x20000000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/set_event\x00', 0x20001, 0x0) setsockopt$auto(r0, 0x2, 0x1, &(0x7f00000000c0)='{/^!\\\x00', 0x401) write$auto(r0, &(0x7f0000009fc0)=']/\\,^-.),:\x00', 0x81a) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) munmap$auto(0x8000, 0xffffffff) 6.784388956s ago: executing program 0 (id=1616): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x4, 0x1ff, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0\x00', 0x28082, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/conf/geneve1/arp_filter\x00', 0x40100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(r1, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) memfd_secret$auto(0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x80800, 0x0) unshare$auto(0x40000080) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c5c87000000", @ANYRES16=0x0, @ANYBLOB="9bf22abd7000fcdbdf25010000000800090001"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) ioctl$auto(r0, 0x1269, 0x8) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) bpf$auto(0x6, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 6.382591623s ago: executing program 33 (id=1616): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x4, 0x1ff, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0\x00', 0x28082, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/conf/geneve1/arp_filter\x00', 0x40100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(r1, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) memfd_secret$auto(0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x80800, 0x0) unshare$auto(0x40000080) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c5c87000000", @ANYRES16=0x0, @ANYBLOB="9bf22abd7000fcdbdf25010000000800090001"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) ioctl$auto(r0, 0x1269, 0x8) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) bpf$auto(0x6, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 4.812586683s ago: executing program 1 (id=1623): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) poll$auto(&(0x7f00000000c0)={r0, 0x9, 0x2}, 0x7, 0x9) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/007/001\x00', 0xa901, 0x0) r2 = socket(0x21, 0x2, 0xa) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r3 = socket(0x21, 0x2, 0xa) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$auto(r1, 0x4008550c, r1) 3.682744868s ago: executing program 2 (id=1626): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) socket$nl_generic(0x10, 0x3, 0x10) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x8001, 0xa, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x1, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x8, 0x400008, 0xdf, 0x111, 0x2, 0x8004) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd6\x00', 0x1ed242, 0x0) mmap$auto(0x0, 0x1, 0x7fffffff, 0x44eb1, 0x3, 0x300000000000) ioctl$auto_SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x4c04, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2b, 0x2, 0x0) bind$auto(r1, 0x0, 0x67) rseq$auto(0x0, 0x7ffc, 0x200, 0x6) mremap$auto(0x0, 0x7, 0x3fd6, 0x0, 0x1ffffffe) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket(0xa, 0x3, 0x3) select$auto(0x3, 0x0, 0x0, 0x0, 0x0) 3.598529189s ago: executing program 1 (id=1628): socket(0x2, 0x2, 0x10001) migrate_pages$auto(0x0, 0x8cb, 0x0, &(0x7f00000001c0)=0x7b) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x10010, r0, 0xfffffffffffffffd) bpf$auto(0xb, 0x0, 0x6f5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x800f67, 0x8, 0x7) madvise$auto(0x0, 0x2000000080000001, 0x3) capget$auto(0x0, 0xfffffffffffffffe) init_module$auto(&(0x7f0000000200)="b90dc57688a37d108579fff8665599ddf5bfdd47dbbfe991b7babf69e1e2ce7b0f28f8ce12b0f925a3825aed1a8ec3692444d62f6ca05565a1d5a44c6e3cb9490ec8bf6e21cdb415ce0314b38e20bea164202bdf56854dab2b271e2cdf105837ddaa2d071e57f97cffbfc8", 0x8, &(0x7f0000000140)='{\x00') capset$auto(0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x50bd82, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b70, 0x2, 0x8000) openat$auto_wakeup_sources_stats_fops_wakeup(0xffffffffffffff9c, &(0x7f0000000180), 0x4000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/ksm_stat\x00', 0x2, 0x0) read$auto_proc_single_file_operations_base(0xffffffffffffffff, &(0x7f0000000040)=""/228, 0xe4) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x701186, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) lsm_list_modules$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x0, 0xdf, 0x17, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) 2.610704391s ago: executing program 4 (id=1630): unshare$auto(0x40000080) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/irq/6/spurious\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2003f0, 0x17) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='^\x00', @ANYRES32=r0, @ANYRESHEX, @ANYBLOB="ee2e9ff9354b7c9de5a569b1ef9700a1b22ff570456d87e987110cc5a53433d5357d1f50fd1f5b73c659990652b1a7d01d6519f91fa1cb0a0f0a5d5bf2a640090811e6a23c7236bf00390420553773205bca"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x60048051) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x10001, &(0x7f0000000200)={&(0x7f0000000440), 0x200}, 0x4, 0x0, 0x8, 0x7}, 0x7}, 0x5, 0x66a6, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0x10000000ffb, 0x8000000008011, 0x3, 0x8000) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="00000000a600b13b013ca5640dc18bbb6fe709e00043fa05c4028707ee6b058017ae767ef29f0cca43991bc9af72f57d2526c3c171622b8ccc206763def567e1a6bddae6f749c7cee8b0f3b6c1cc81e2240d38a8a3cc81a1dc68d4abaaa367cb7784206857c80f88dd7226ebc311d01478cf0658fcc77ad18105f5a55b64467ccfb34fb5a6779b31b9d1995ca965584102016ccb706d8e1ad3eeb2d34cfb83a1123b321230df", @ANYRES16=0x0, @ANYBLOB="040027bd7000fbdbdf2514000000"], 0x14}, 0x1, 0x0, 0x0, 0x48891}, 0x20) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r1) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0xffffffffffffffff, 0x1400, 0x0) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) unshare$auto(0x40000080) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x0, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) 2.019644945s ago: executing program 2 (id=1631): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x7, 0x8000000000000000, 0x0) open(0x0, 0x22240, 0x155) socket(0x0, 0x1, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, 0x0, 0x55) setsockopt$auto(0x3, 0x1, 0x5, 0x0, 0x9) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 1.8274239s ago: executing program 2 (id=1632): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0x2, 0x1, 0x0) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) sendmsg$auto_TCP_METRICS_CMD_GET(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRES8=r1, @ANYBLOB, @ANYBLOB="0000000000b2b676944700000000000000000000000000000000008149bc6a2e3dcd87d644fee2e21641e76a7cc950bbb305e81ef7df813394fcadef1c584a82fe7b2a548f79208205005da7f6c6d0042992a9c01e81dc5873aca905bf84b62b0159a4d8afbbfa672e8da1ed3c3aaf6635be3cbc76b7cad4288899500e948cd46b15be8228626cf11d572b90e38601b9311a5a4ad2fdade94bd5df4a63adf9651eeccffac7f2d215026c41"], 0x14}}, 0x4000080) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x1, 0x100) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) setregid$auto(0x0, 0x3) r3 = openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/setgroups\x00', 0x4040, 0x0) socket(0x1e, 0x80000, 0x2) mmap$auto(0x80000000, 0x9, 0xde, 0x12, r3, 0x7ff) sysfs$auto(0x2, 0x4, 0x0) r4 = socket(0xa, 0x5, 0x0) getsockopt$auto(r4, 0x84, 0x71, 0x0, 0x0) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r5 = getpgid(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) rt_tgsigqueueinfo$auto(0xffffffffffffffff, r5, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0xe, 0x5, @_sigchld={r5, 0x0, 0x401, 0x5, 0x3}}}) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f00000000c0)='\xac\x00', &(0x7f0000000000)=&(0x7f0000000340)=' \xee`\x1b\xec\xeaN\x1b\x88\x9e\x8dK\xd1U {\x14\x8d\x9b:T\x89<\xcb\xa0{\xd9\x80adyx\xf9G;\x10\t\xedd!\xbc@\t\tpJb;\x1a\x9e\xa7\x01\x8d\x98\x1f\xcbr1\x9f\'\x9e\xa3\nXe\x8d.\xa7\xaa\xda\x8b\x18\x19\xf7\x99\xe5\x89\xba`\x8c\xb0v\xcb\xe7\x88\x8fn\xc3\xfbt\'\xf6\x14\'\xe8\x12Qp\xfcJ\x98<\xb95\xcf\x83~3\x96j\x85h\xab\xc6;{p\x9d\xa2{Y0x0}) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r3, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r4, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_TX_PUSH_BUF_LEN={0x8, 0xf, 0xbcb}, @ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="130026bd7000fddbdf250200000008000300", @ANYRES32=r9, @ANYBLOB="080002"], 0x24}, 0x1, 0x0, 0x0, 0x4004080}, 0x48050) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'dvmrp1\x00', 0x0}) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'pim6reg1\x00', 0x0}) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'hsr0\x00', 0x0}) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = socket(0xa, 0x2, 0x88) (async) r15 = socket$nl_generic(0x10, 0x3, 0x10) (async) r16 = socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r17, r16, 0x4, 0x401, r14, @relative_fd=r15, 0xe600}, 0xf) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth1_to_bond\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'pim6reg\x00', 0x0}) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'wg2\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_CFG(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f00000002c0)={0x28c, 0x0, 0x10, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_PLCA_HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x800}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3e51}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x33}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x7fff}]}, @ETHTOOL_A_PLCA_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_PHY_INDEX={0x8}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}]}, @ETHTOOL_A_PLCA_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2fa}]}, @ETHTOOL_A_PLCA_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0xa14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0xb0}]}, @ETHTOOL_A_PLCA_HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x4}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}]}, @ETHTOOL_A_PLCA_HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xfffffffb}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}]}, @ETHTOOL_A_PLCA_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}]}, @ETHTOOL_A_PLCA_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0xa}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}, @ETHTOOL_A_PLCA_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8000}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x10001}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r18}]}, @ETHTOOL_A_PLCA_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1000}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r19}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r20}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x15f0f396}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}]}, 0x28c}, 0x1, 0x0, 0x0, 0x4008000}, 0x80) (async) close_range$auto(0x2, 0x8, 0x0) 301.423862ms ago: executing program 4 (id=1641): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x800, 0x0) readv$auto(r0, &(0x7f00000000c0)={0x0, 0x5}, 0x3) r1 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/etherd/flush\x00', 0x400201, 0x0) getsockopt$auto_SO_KEEPALIVE(r1, 0x4f, 0x9, &(0x7f0000000080)='\x00', &(0x7f0000000100)=0x8) 196.318435ms ago: executing program 1 (id=1642): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000002400)='/sys/devices/virtual/mtd/mtd0/mtdblock0/ro\x00', 0x20000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/156, 0x9c) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sysfs$auto(0x2, 0x10000000000002a, 0x0) close_range$auto(0x2, 0x8, 0x0) getdents$auto(r0, &(0x7f0000000100)={0x800, 0x6, 0x3, "694e35b9d41e181fcace6c00f28fdeb373a62873d9b2445d6f402374b30e6d89639b814a9306349576d6d59f6aa6b148bf30c1824e5867e9fbda6ba5356a05656ee3ab77904f800377786443351f953c2c3fc10af304b60e61b4f2ed74a3a55bcbf31611f6cea89dcd64277a4843d59dfc3b29c22050a0363c8d6d764d909a5620ee11fee823ee520398b761473fbe3adb79722e16dd4cc19af5ab19ec35df6439f000381eb1fb0176d6aa8de2d080e629f53833d92f7752d4d9755f42a330d234a94ae0e43636d168e6c6b277019f60d59732699fe3eca5dc76ea1b53b125f036"}, 0x4c3) close_range$auto(0x2, 0x8, 0xffffffff) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf250a0005000700000000000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="01007050a7f82fc634b10f00003460fac93497d76d"], 0x1c}, 0x1, 0x0, 0x0, 0x40010}, 0x2) futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4002, 0x4}, 0x77, 0xfffffffc, 0x0, 0x62bd) r1 = socket(0x10, 0x2, 0x0) madvise$auto(0x80000001, 0x101, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c003b"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) write$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0xa, 0x0) socket(0xb, 0x6, 0x9) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_NET_GET(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000400)={0x14, r3, 0x492a92567041df2f, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) write$auto(0x3, 0x0, 0xfdef) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000001500)='/proc/kpagecgroup\x00', 0x101000, 0x0) select$auto(0x5, &(0x7f0000000080)={[0x20000009, 0xfffffffffffbfffc, 0x9, 0x5, 0xc, 0x3, 0x3, 0x1ffe000, 0x2, 0x2, 0x9, 0xc, 0xa657, 0x202, 0x6, 0x1]}, 0x0, 0x0, 0x0) setfsuid$auto(0x1) mmap$auto(0x4, 0x4, 0x2, 0x1c, r1, 0x4000000000005) 195.680279ms ago: executing program 4 (id=1643): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002ac0), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), r2) sendmsg$auto_MACSEC_CMD_UPD_RXSC(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd7000fbdbdf2503000000"], 0x14}, 0x1, 0x0, 0x0, 0x5}, 0x2000c080) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) setresuid$auto(0x2, 0x7, 0x0) setfsuid$auto(0x0) r4 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000080), 0x300, 0x0) ioctl$auto_RNDZAPENTCNT2(r4, 0x5204, 0x0) mmap$auto(0x6, 0x8000000000000001, 0x44, 0x12, r0, 0x8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth0_to_bond\x00', 0x0}) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0xc80, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x2c, 0x940, 0x7fd, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, [0x0, 0x7eb6, 0x40000, 0x0, 0x9, 0x8, 0x0, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x800, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0x7) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) pipe$auto(&(0x7f0000000780)=0xffffffffffffffff) splice$auto(r6, 0x0, 0xffffffffffffffff, &(0x7f0000002100)=0x1, 0x768, 0x9) r7 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r7, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x41555856, 0x4, 0x2008, 0x0, 0x0) sysfs$auto(0x0, 0xfffffffffffffffe, 0x9) r8 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x2800, 0x0) ioctl$auto(r8, 0x560a, 0x7) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="831f2abd7000fcdbdf250100000008000300", @ANYRES32=r5, @ANYBLOB="7c7fc255493deabc78c33b7e131645c9653a7d31c8472e48531196a8c88f591342352bc8b9bb6bf0a2c413d47305c940b937cc76696b9a2976d7c8e85c1dc78b014713e8f8bd2fa93295e7103a4dd080150dd4f4edf70adbe850cfe70b04bbc87b7c97235f0ebb6be6b4217f86d0f798198992b492e5696bd1281c271c0404db03ed7349cabd477e4461d2f3c6b0de47bb8c8a6f43dd658a029a88b0ea09657f71766213144d93e6223fcd57115241eacfb6abc60d2abd37f67df9b56fb028b31f8d9b3603ecf19c00128f000a83d3b70c1dcc33ecf3ce82a6af35edda6dcc4cd7b079974bcf166ddbfbc5499db1f0a0665181b83d3e1ed1dacca2f284f9aa8203fe3da963d75f7ff4444c7e896c3563cd7f6932117c830f553f35aaefe3fbaabb28a5b034309a09d1a0c02ab63c912ebba0d8cf0cede8a4fbe0e3d2fe6a7d08c7559d8541c8624f1c240a3a03122d6fe442b4b0787f1e43b871b3e254ccd1bfe7372cf2f47a613b84de1bedbc85c2e53b6f680469e9c93ce121727b1779c08876c7d79c693dc2c2d3e11a46264106e1725c1eee11e942e8cb71ae13f5bef7e6807085915aed82fcb64b0024a726"], 0x1c}, 0x1, 0x0, 0x0, 0x20004041}, 0x40004) r9 = openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/uprobe_events\x00', 0x2002, 0x0) write$auto_uprobe_events_ops_trace_uprobe(r9, &(0x7f0000000100)="2d8d", 0x2) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000003fc0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20a02, 0x0) 86.858464ms ago: executing program 4 (id=1644): r0 = openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/o2hb/quorum_regions\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) fcntl$auto_F_ADD_SEALS(0xffffffffffffffff, 0x409, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x6) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) mmap$auto(0x0, 0x2020009, 0x10003, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x5, 0x2, 0x7, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r2, 0x0, 0xe) adjtimex$auto(&(0x7f00000004c0)={0x23, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x3, 0x4, 0x2, {0x2100000000, 0x10000}, 0xfffffffffffffffc, 0x6, 0xffffffffffffffdd, 0x1008001, 0x0, 0x80000004, 0x21b, 0xffffffff, 0xa747, 0x7}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x80001, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x9000000, 0x1, 0x4000000000df, 0x40eb1, 0xffffffffffffffff, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/ptyz1\x00', 0x20e81, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r4, 0x0, 0xfffffdef) close_range$auto(r0, r1, 0x2d) listen$auto(0x3, 0x81) socket(0xa, 0x800, 0x4009) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r5, &(0x7f0000001200)=""/4107, 0x100b) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 0s ago: executing program 5 (id=1617): getdents$auto(0x0, 0x0, 0x100) kernel console output (not intermixed with test programs): 5][ T9450] Call Trace: [ 322.265435][ T9450] [ 322.265444][ T9450] dump_stack_lvl+0x16c/0x1f0 [ 322.265477][ T9450] should_fail_ex+0x512/0x640 [ 322.265521][ T9450] _copy_from_user+0x2e/0xd0 [ 322.265564][ T9450] inet6_ioctl+0x232/0x2b0 [ 322.265605][ T9450] ? __pfx_inet6_ioctl+0x10/0x10 [ 322.265644][ T9450] ? tomoyo_path_number_perm+0x295/0x580 [ 322.265695][ T9450] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 322.265735][ T9450] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 322.265767][ T9450] sock_do_ioctl+0x115/0x280 [ 322.265801][ T9450] ? __pfx_sock_do_ioctl+0x10/0x10 [ 322.265851][ T9450] sock_ioctl+0x227/0x6b0 [ 322.265885][ T9450] ? __pfx_sock_ioctl+0x10/0x10 [ 322.265917][ T9450] ? hook_file_ioctl_common+0x145/0x410 [ 322.265961][ T9450] ? __fget_files+0x20e/0x3c0 [ 322.265997][ T9450] ? __pfx_sock_ioctl+0x10/0x10 [ 322.266033][ T9450] __x64_sys_ioctl+0x190/0x200 [ 322.266060][ T9450] do_syscall_64+0xcd/0x260 [ 322.266091][ T9450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.266118][ T9450] RIP: 0033:0x7f2079b8d169 [ 322.266138][ T9450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.266163][ T9450] RSP: 002b:00007f207a9ea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 322.266188][ T9450] RAX: ffffffffffffffda RBX: 00007f2079da5fa0 RCX: 00007f2079b8d169 [ 322.266205][ T9450] RDX: 0000000000000001 RSI: 000000000000890c RDI: 0000000000000004 [ 322.266220][ T9450] RBP: 00007f207a9ea090 R08: 0000000000000000 R09: 0000000000000000 [ 322.266235][ T9450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.266250][ T9450] R13: 0000000000000000 R14: 00007f2079da5fa0 R15: 00007ffd96906b78 [ 322.266282][ T9450] [ 322.494809][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.501507][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.682427][ T9293] Process accounting paused [ 323.497857][ T9457] syz.0.753 (9457): attempted to duplicate a private mapping with mremap. This is not supported. [ 324.283849][ T9488] netlink: 4 bytes leftover after parsing attributes in process `syz.0.758'. [ 325.847688][ T5847] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 326.038313][ T9523] netlink: 130 bytes leftover after parsing attributes in process `syz.2.768'. [ 326.049384][ T9523] netlink: 326 bytes leftover after parsing attributes in process `syz.2.768'. [ 326.059640][ T9523] netlink: 130 bytes leftover after parsing attributes in process `syz.2.768'. [ 327.226162][ T9539] FAULT_INJECTION: forcing a failure. [ 327.226162][ T9539] name failslab, interval 1, probability 0, space 0, times 0 [ 327.238977][ T9539] CPU: 1 UID: 0 PID: 9539 Comm: syz.2.774 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 327.239019][ T9539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 327.239038][ T9539] Call Trace: [ 327.239049][ T9539] [ 327.239062][ T9539] dump_stack_lvl+0x16c/0x1f0 [ 327.239107][ T9539] should_fail_ex+0x512/0x640 [ 327.239158][ T9539] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 327.239209][ T9539] should_failslab+0xc2/0x120 [ 327.239256][ T9539] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 327.239303][ T9539] ? sock_alloc_inode+0x25/0x1c0 [ 327.239348][ T9539] ? __pfx_sock_alloc_inode+0x10/0x10 [ 327.239385][ T9539] sock_alloc_inode+0x25/0x1c0 [ 327.239420][ T9539] alloc_inode+0x61/0x240 [ 327.239467][ T9539] sock_alloc+0x40/0x280 [ 327.239501][ T9539] __sock_create+0xc1/0x8d0 [ 327.239549][ T9539] __sys_socket+0x14d/0x260 [ 327.239594][ T9539] ? __pfx___sys_socket+0x10/0x10 [ 327.239643][ T9539] ? do_user_addr_fault+0x850/0x1430 [ 327.239687][ T9539] __x64_sys_socket+0x72/0xb0 [ 327.239738][ T9539] ? lockdep_hardirqs_on+0x7c/0x110 [ 327.239768][ T9539] do_syscall_64+0xcd/0x260 [ 327.239803][ T9539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.239833][ T9539] RIP: 0033:0x7f9477f8f087 [ 327.239859][ T9539] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.239889][ T9539] RSP: 002b:00007f9478d4efa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 327.239916][ T9539] RAX: ffffffffffffffda RBX: 00007f94781a6080 RCX: 00007f9477f8f087 [ 327.239935][ T9539] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 327.239953][ T9539] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 327.239971][ T9539] R10: 00002000000000c0 R11: 0000000000000286 R12: 0000000000000000 [ 327.239989][ T9539] R13: 0000000000000000 R14: 00007f94781a6080 R15: 00007ffc62cbeee8 [ 327.240028][ T9539] [ 327.485610][ T9539] socket: no more sockets [ 328.063136][ T9571] FAULT_INJECTION: forcing a failure. [ 328.063136][ T9571] name failslab, interval 1, probability 0, space 0, times 0 [ 328.153676][ T9571] CPU: 1 UID: 0 PID: 9571 Comm: syz.2.782 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 328.153721][ T9571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 328.153739][ T9571] Call Trace: [ 328.153749][ T9571] [ 328.153761][ T9571] dump_stack_lvl+0x16c/0x1f0 [ 328.153801][ T9571] should_fail_ex+0x512/0x640 [ 328.153848][ T9571] ? __kvmalloc_node_noprof+0x122/0x600 [ 328.153893][ T9571] should_failslab+0xc2/0x120 [ 328.153940][ T9571] __kvmalloc_node_noprof+0x135/0x600 [ 328.153981][ T9571] ? __pfx___mutex_lock+0x10/0x10 [ 328.154013][ T9571] ? traverse.part.0.constprop.0+0x392/0x640 [ 328.154059][ T9571] ? traverse.part.0.constprop.0+0x392/0x640 [ 328.154094][ T9571] traverse.part.0.constprop.0+0x392/0x640 [ 328.154144][ T9571] seq_read_iter+0x932/0x12c0 [ 328.154182][ T9571] ? aa_file_perm+0x4d6/0xfb0 [ 328.154227][ T9571] seq_read+0x39e/0x4e0 [ 328.154262][ T9571] ? __pfx_seq_read+0x10/0x10 [ 328.154305][ T9571] ? get_pid_task+0xfc/0x250 [ 328.154354][ T9571] ? __pfx_seq_read+0x10/0x10 [ 328.154388][ T9571] proc_reg_read+0x23d/0x330 [ 328.154433][ T9571] ? __pfx_proc_reg_read+0x10/0x10 [ 328.154481][ T9571] vfs_read+0x1de/0xc70 [ 328.154526][ T9571] ? __pfx_vfs_read+0x10/0x10 [ 328.154557][ T9571] ? find_held_lock+0x2b/0x80 [ 328.154608][ T9571] ? __fget_files+0x204/0x3c0 [ 328.154653][ T9571] ? __fget_files+0x20e/0x3c0 [ 328.154689][ T9571] ? __fget_files+0x1a0/0x3c0 [ 328.154738][ T9571] __x64_sys_pread64+0x1f4/0x250 [ 328.154778][ T9571] ? __pfx___x64_sys_pread64+0x10/0x10 [ 328.154815][ T9571] ? rcu_is_watching+0x12/0xc0 [ 328.154868][ T9571] do_syscall_64+0xcd/0x260 [ 328.154906][ T9571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.154939][ T9571] RIP: 0033:0x7f9477f8d169 [ 328.154963][ T9571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.154993][ T9571] RSP: 002b:00007f9478d71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 328.155022][ T9571] RAX: ffffffffffffffda RBX: 00007f94781a5fa0 RCX: 00007f9477f8d169 [ 328.155043][ T9571] RDX: 000000000000fffe RSI: 0000000000000000 RDI: 0000000000000006 [ 328.155061][ T9571] RBP: 00007f9478d71090 R08: 0000000000000000 R09: 0000000000000000 [ 328.155080][ T9571] R10: 0000000080000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.155099][ T9571] R13: 0000000000000000 R14: 00007f94781a5fa0 R15: 00007ffc62cbeee8 [ 328.155140][ T9571] [ 328.397522][ C1] vkms_vblank_simulate: vblank timer overrun [ 328.931574][ T9577] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe06000 pfn:0x7fe00 [ 328.945882][ T9577] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 328.985693][ T9577] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 329.018026][ T9577] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 329.026812][ T9577] raw: ffff88807fe06000 0000000000000000 00000008ffffffff 0000000000000000 [ 329.077005][ T9577] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 329.109738][ T9577] head: ffff88807fe06000 0000000000000000 00000008ffffffff 0000000000000000 [ 329.118702][ T9587] FAULT_INJECTION: forcing a failure. [ 329.118702][ T9587] name failslab, interval 1, probability 0, space 0, times 0 [ 329.135097][ T9577] head: 00fff00000000003 ffffea0001ff8001 ffffffffffffffff 0000000000000000 [ 329.148827][ T9587] CPU: 1 UID: 0 PID: 9587 Comm: syz.1.787 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 329.148873][ T9587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 329.148891][ T9587] Call Trace: [ 329.148902][ T9587] [ 329.148915][ T9587] dump_stack_lvl+0x16c/0x1f0 [ 329.148959][ T9587] should_fail_ex+0x512/0x640 [ 329.149005][ T9587] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 329.149054][ T9587] should_failslab+0xc2/0x120 [ 329.149102][ T9587] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 329.149146][ T9587] ? __kernfs_new_node+0xd2/0x8a0 [ 329.149193][ T9587] __kernfs_new_node+0xd2/0x8a0 [ 329.149238][ T9587] ? __pfx___kernfs_new_node+0x10/0x10 [ 329.149285][ T9587] ? __lock_acquire+0xaa4/0x1ba0 [ 329.149322][ T9587] ? find_held_lock+0x2b/0x80 [ 329.149364][ T9587] ? device_add+0x12ce/0x1a70 [ 329.149417][ T9587] kernfs_new_node+0x186/0x240 [ 329.149474][ T9587] kernfs_create_link+0xcc/0x240 [ 329.149512][ T9587] sysfs_do_create_link_sd+0x90/0x140 [ 329.149568][ T9587] sysfs_create_link+0x61/0xc0 [ 329.149608][ T9587] add_disk_fwnode+0x6bd/0x13a0 [ 329.149668][ T9587] zram_add+0x494/0x6c0 [ 329.149714][ T9587] ? __pfx_zram_add+0x10/0x10 [ 329.149757][ T9587] ? __pfx___might_resched+0x10/0x10 [ 329.149848][ T9587] ? __pfx_hot_add_show+0x10/0x10 [ 329.149897][ T9587] hot_add_show+0x21/0x80 [ 329.149940][ T9587] class_attr_show+0x6f/0xa0 [ 329.149983][ T9587] ? __pfx_class_attr_show+0x10/0x10 [ 329.150022][ T9587] sysfs_kf_seq_show+0x23e/0x410 [ 329.150068][ T9587] seq_read_iter+0x506/0x12c0 [ 329.150125][ T9587] kernfs_fop_read_iter+0x40f/0x5a0 [ 329.150155][ T9587] ? rw_verify_area+0xcf/0x680 [ 329.150191][ T9587] vfs_read+0x8c8/0xc70 [ 329.150234][ T9587] ? __pfx___mutex_lock+0x10/0x10 [ 329.150268][ T9587] ? __pfx_vfs_read+0x10/0x10 [ 329.150335][ T9587] ksys_read+0x12a/0x240 [ 329.150370][ T9587] ? __pfx_ksys_read+0x10/0x10 [ 329.150403][ T9587] ? rcu_is_watching+0x12/0xc0 [ 329.150457][ T9587] do_syscall_64+0xcd/0x260 [ 329.150496][ T9587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.150527][ T9587] RIP: 0033:0x7eff8a38d169 [ 329.150563][ T9587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.150594][ T9587] RSP: 002b:00007eff8b176038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 329.150624][ T9587] RAX: ffffffffffffffda RBX: 00007eff8a5a5fa0 RCX: 00007eff8a38d169 [ 329.150646][ T9587] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000005 [ 329.150665][ T9587] RBP: 00007eff8a40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 329.150685][ T9587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 329.150704][ T9587] R13: 0000000000000000 R14: 00007eff8a5a5fa0 R15: 00007fff478894b8 [ 329.150747][ T9587] [ 329.176182][ T9577] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 329.456669][ T9577] page dumped because: unmovable page [ 329.466331][ T9577] page_owner tracks the page as allocated [ 329.537091][ T9577] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5692, tgid 5692 (sshd), ts 81041661800, free_ts 80984806868 [ 329.788356][ T9577] post_alloc_hook+0x181/0x1b0 [ 329.793342][ T9577] get_page_from_freelist+0x10fc/0x35c0 [ 329.799204][ T9577] __alloc_frozen_pages_noprof+0x223/0x2370 [ 329.805343][ T9577] alloc_pages_mpol+0x1fb/0x550 [ 329.811194][ T9577] alloc_pages_noprof+0x131/0x390 [ 329.816410][ T9577] skb_page_frag_refill+0x182/0x350 [ 329.821859][ T9577] try_fill_recv+0x754/0x2150 [ 329.826724][ T9577] virtnet_poll+0x1d19/0x39e0 [ 329.831558][ T9577] __napi_poll.constprop.0+0xb7/0x550 [ 329.847022][ T9577] net_rx_action+0xa97/0x1010 [ 329.851931][ T9577] handle_softirqs+0x216/0x8e0 [ 329.856807][ T9577] __irq_exit_rcu+0x109/0x170 [ 329.886992][ T9577] irq_exit_rcu+0x9/0x30 [ 329.891475][ T9577] common_interrupt+0xbf/0xe0 [ 329.896224][ T9577] asm_common_interrupt+0x26/0x40 [ 329.907024][ T9577] page last free pid 5789 tgid 5789 stack trace: [ 329.924522][ T9577] __free_frozen_pages+0x69d/0xf90 [ 329.929968][ T9577] __put_partials+0x16d/0x1c0 [ 329.934724][ T9577] qlist_free_all+0x4e/0x120 [ 329.947077][ T9577] kasan_quarantine_reduce+0x195/0x1e0 [ 329.962889][ T9577] __kasan_slab_alloc+0x69/0x90 [ 329.968052][ T9577] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 329.973620][ T9577] getname_flags.part.0+0x48/0x540 [ 329.993961][ T9577] getname_flags+0x93/0xf0 [ 330.007172][ T9577] vfs_fstatat+0xe1/0xf0 [ 330.014003][ T9577] __do_sys_newfstatat+0xa1/0x130 [ 330.027012][ T9577] do_syscall_64+0xcd/0x260 [ 330.031605][ T9577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.670887][ T9600] netlink: 4 bytes leftover after parsing attributes in process `syz.3.790'. [ 331.179782][ T9609] FAULT_INJECTION: forcing a failure. [ 331.179782][ T9609] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 331.268850][ T9609] CPU: 1 UID: 0 PID: 9609 Comm: syz.0.792 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 331.268896][ T9609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 331.268914][ T9609] Call Trace: [ 331.268925][ T9609] [ 331.268936][ T9609] dump_stack_lvl+0x16c/0x1f0 [ 331.268976][ T9609] should_fail_ex+0x512/0x640 [ 331.269028][ T9609] _copy_to_user+0x32/0xd0 [ 331.269083][ T9609] simple_read_from_buffer+0xcb/0x170 [ 331.269123][ T9609] proc_fail_nth_read+0x197/0x270 [ 331.269161][ T9609] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 331.269200][ T9609] ? rw_verify_area+0xcf/0x680 [ 331.269230][ T9609] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 331.269267][ T9609] vfs_read+0x1de/0xc70 [ 331.269307][ T9609] ? __pfx___mutex_lock+0x10/0x10 [ 331.269341][ T9609] ? __pfx_vfs_read+0x10/0x10 [ 331.269387][ T9609] ? __fget_files+0x20e/0x3c0 [ 331.269439][ T9609] ksys_read+0x12a/0x240 [ 331.269475][ T9609] ? __pfx_ksys_read+0x10/0x10 [ 331.269507][ T9609] ? rcu_is_watching+0x12/0xc0 [ 331.269560][ T9609] do_syscall_64+0xcd/0x260 [ 331.269606][ T9609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.269638][ T9609] RIP: 0033:0x7f2079b8bb7c [ 331.269663][ T9609] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 331.269692][ T9609] RSP: 002b:00007f207a9ea030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 331.269722][ T9609] RAX: ffffffffffffffda RBX: 00007f2079da5fa0 RCX: 00007f2079b8bb7c [ 331.269743][ T9609] RDX: 000000000000000f RSI: 00007f207a9ea0a0 RDI: 0000000000000007 [ 331.269762][ T9609] RBP: 00007f207a9ea090 R08: 0000000000000000 R09: 0000000000000000 [ 331.269781][ T9609] R10: 0000000080000000 R11: 0000000000000246 R12: 0000000000000001 [ 331.269800][ T9609] R13: 0000000000000000 R14: 00007f2079da5fa0 R15: 00007ffd96906b78 [ 331.269841][ T9609] [ 331.464247][ C1] vkms_vblank_simulate: vblank timer overrun [ 331.940726][ T9611] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 332.393941][ T9624] netlink: 342 bytes leftover after parsing attributes in process `syz.0.797'. [ 332.612737][ T9630] openvswitch: netlink: IP tunnel dst address not specified [ 333.059149][ T9643] FAULT_INJECTION: forcing a failure. [ 333.059149][ T9643] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 333.172787][ T9643] CPU: 1 UID: 0 PID: 9643 Comm: syz.2.803 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 333.172836][ T9643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 333.172855][ T9643] Call Trace: [ 333.172866][ T9643] [ 333.172878][ T9643] dump_stack_lvl+0x16c/0x1f0 [ 333.172919][ T9643] should_fail_ex+0x512/0x640 [ 333.172974][ T9643] should_fail_alloc_page+0xe7/0x130 [ 333.173024][ T9643] prepare_alloc_pages+0x3c2/0x610 [ 333.173064][ T9643] __alloc_frozen_pages_noprof+0x18f/0x2370 [ 333.173113][ T9643] ? finish_task_switch.isra.0+0x21c/0xc10 [ 333.173160][ T9643] ? rcu_is_watching+0x12/0xc0 [ 333.173201][ T9643] ? finish_task_switch.isra.0+0x221/0xc10 [ 333.173246][ T9643] ? lockdep_hardirqs_on+0x7c/0x110 [ 333.173277][ T9643] ? finish_task_switch.isra.0+0x221/0xc10 [ 333.173324][ T9643] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 333.173381][ T9643] ? __schedule+0x1186/0x5de0 [ 333.173429][ T9643] ? kvm_sched_clock_read+0x11/0x20 [ 333.173484][ T9643] ? sched_clock+0x38/0x60 [ 333.173532][ T9643] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 333.173570][ T9643] ? policy_nodemask+0xea/0x4e0 [ 333.173620][ T9643] alloc_pages_mpol+0x1fb/0x550 [ 333.173669][ T9643] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 333.173717][ T9643] ? __lock_acquire+0x5ca/0x1ba0 [ 333.173755][ T9643] folio_alloc_mpol_noprof+0x36/0x2f0 [ 333.173811][ T9643] vma_alloc_folio_noprof+0xed/0x1e0 [ 333.173864][ T9643] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 333.173930][ T9643] do_pte_missing+0x2049/0x3ea0 [ 333.173986][ T9643] __handle_mm_fault+0x1043/0x2a50 [ 333.174033][ T9643] ? lock_vma_under_rcu+0x13d/0x980 [ 333.174071][ T9643] ? __pfx___handle_mm_fault+0x10/0x10 [ 333.174113][ T9643] ? lock_vma_under_rcu+0x6b7/0x980 [ 333.174181][ T9643] handle_mm_fault+0x404/0xae0 [ 333.174230][ T9643] do_user_addr_fault+0x609/0x1430 [ 333.174279][ T9643] exc_page_fault+0x5c/0xc0 [ 333.174310][ T9643] asm_exc_page_fault+0x26/0x30 [ 333.174341][ T9643] RIP: 0033:0x7f9477e58b7b [ 333.174367][ T9643] Code: 00 00 00 48 8d 3d 9d 33 19 00 48 89 c1 31 c0 e8 4b 44 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d d1 33 19 00 48 89 34 24 48 8b 14 24 48 8b [ 333.174397][ T9643] RSP: 002b:00007f9478d6ffb0 EFLAGS: 00010202 [ 333.174423][ T9643] RAX: 0000000000000000 RBX: 00007f94781a5fa0 RCX: 0000000000000000 [ 333.174451][ T9643] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000140 [ 333.174471][ T9643] RBP: 00007f947800e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 333.174490][ T9643] R10: 0000200000000140 R11: 0000000000000000 R12: 0000000000000000 [ 333.174509][ T9643] R13: 0000000000000000 R14: 00007f94781a5fa0 R15: 00007ffc62cbeee8 [ 333.174551][ T9643] [ 333.174763][ T9643] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 336.361272][ T9730] kAFS: Invalid Command on /proc/fs/afs/cells file [ 336.506845][ T9732] netlink: 28 bytes leftover after parsing attributes in process `syz.2.816'. [ 339.874676][ T5847] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 340.221062][ T9809] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 340.237361][ T9809] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 340.274763][ T9809] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 340.288404][ T9809] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 340.301828][ T9809] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 340.325198][ T9809] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 340.363031][ T9809] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 340.369331][ T9809] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 340.645789][ T9820] sctp: [Deprecated]: syz.1.834 (pid 9820) Use of int in maxseg socket option. [ 340.645789][ T9820] Use struct sctp_assoc_value instead [ 342.207331][ T9845] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[9845] [ 342.249677][ T5847] Bluetooth: hci0: command 0x0406 tx timeout [ 342.328048][ T5847] Bluetooth: hci2: command 0x0406 tx timeout [ 342.337189][ T5850] Bluetooth: hci1: command 0x0406 tx timeout [ 342.407211][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 344.272994][ T5847] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 344.273044][ T5847] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 344.291883][ T5847] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 344.291981][ T5847] Bluetooth: hci1: Malformed LE Event: 0x0d [ 344.328185][ T5847] Bluetooth: hci0: command 0x0406 tx timeout [ 344.407189][ T5847] Bluetooth: hci2: command 0x0406 tx timeout [ 344.413290][ T5847] Bluetooth: hci1: command 0x0406 tx timeout [ 344.487493][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 345.924942][ T9900] vivid-003: ================= START STATUS ================= [ 345.935787][ T9900] vivid-003: Radio HW Seek Mode: Bounded [ 345.947801][ T9900] vivid-003: Radio Programmable HW Seek: false [ 345.954285][ T9900] vivid-003: RDS Rx I/O Mode: Block I/O [ 345.964296][ T9900] vivid-003: Generate RBDS Instead of RDS: false [ 345.972282][ T9900] vivid-003: RDS Reception: true [ 345.999166][ T9900] vivid-003: RDS Program Type: 0 inactive [ 346.028500][ T9900] vivid-003: RDS PS Name: inactive [ 346.033812][ T9900] vivid-003: RDS Radio Text: inactive [ 346.059983][ T9900] vivid-003: RDS Traffic Announcement: false inactive [ 346.086624][ T9900] vivid-003: RDS Traffic Program: false inactive [ 346.094496][ T9900] vivid-003: RDS Music: false inactive [ 346.104637][ T9900] vivid-003: ================== END STATUS ================== [ 347.072634][ T9927] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 348.226894][ T9964] Invalid ELF header magic: != ELF [ 348.488627][ T9945] sp0: Synchronizing with TNC [ 349.054827][ T9982] vivid-003: ================= START STATUS ================= [ 349.092401][ T9982] vivid-003: Radio HW Seek Mode: Bounded [ 349.112277][ T9982] vivid-003: Radio Programmable HW Seek: false [ 349.154561][ T9982] vivid-003: RDS Rx I/O Mode: Block I/O [ 349.181413][ T9982] vivid-003: Generate RBDS Instead of RDS: false [ 349.213484][ T9982] vivid-003: RDS Reception: true [ 349.253508][ T9982] vivid-003: RDS Program Type: 0 inactive [ 349.273002][ T9982] vivid-003: RDS PS Name: inactive [ 349.297129][ T9982] vivid-003: RDS Radio Text: inactive [ 349.364005][ T9982] vivid-003: RDS Traffic Announcement: false inactive [ 349.424401][ T9982] vivid-003: RDS Traffic Program: false inactive [ 349.540441][ T9982] vivid-003: RDS Music: false inactive [ 349.631739][ T9982] vivid-003: ================== END STATUS ================== [ 351.063542][T10004] netlink: 334 bytes leftover after parsing attributes in process `syz.0.874'. [ 351.158555][T10004] netlink: 334 bytes leftover after parsing attributes in process `syz.0.874'. [ 351.680860][T10019] FAULT_INJECTION: forcing a failure. [ 351.680860][T10019] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 351.757254][T10019] CPU: 0 UID: 0 PID: 10019 Comm: syz.1.879 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 351.757322][T10019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 351.757352][T10019] Call Trace: [ 351.757369][T10019] [ 351.757386][T10019] dump_stack_lvl+0x16c/0x1f0 [ 351.757449][T10019] should_fail_ex+0x512/0x640 [ 351.757509][T10019] should_fail_alloc_page+0xe7/0x130 [ 351.757560][T10019] prepare_alloc_pages+0x3c2/0x610 [ 351.757608][T10019] ? rcu_is_watching+0x12/0xc0 [ 351.757656][T10019] __alloc_frozen_pages_noprof+0x18f/0x2370 [ 351.757711][T10019] ? cgroup_rstat_updated+0x2a/0xb20 [ 351.757766][T10019] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 351.757815][T10019] ? __lock_acquire+0x5ca/0x1ba0 [ 351.757863][T10019] ? lock_acquire+0x179/0x350 [ 351.757892][T10019] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 351.757931][T10019] ? policy_nodemask+0xea/0x4e0 [ 351.757981][T10019] alloc_pages_mpol+0x1fb/0x550 [ 351.758031][T10019] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 351.758080][T10019] ? __lock_acquire+0x5ca/0x1ba0 [ 351.758118][T10019] folio_alloc_mpol_noprof+0x36/0x2f0 [ 351.758174][T10019] vma_alloc_folio_noprof+0xed/0x1e0 [ 351.758228][T10019] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 351.758295][T10019] do_pte_missing+0x2049/0x3ea0 [ 351.758351][T10019] __handle_mm_fault+0x1043/0x2a50 [ 351.758406][T10019] ? __pfx___handle_mm_fault+0x10/0x10 [ 351.758445][T10019] ? __pte_offset_map_lock+0x155/0x2f0 [ 351.758499][T10019] ? find_held_lock+0x2b/0x80 [ 351.758540][T10019] ? find_held_lock+0x2b/0x80 [ 351.758616][T10019] handle_mm_fault+0x404/0xae0 [ 351.758666][T10019] __get_user_pages+0x771/0x36f0 [ 351.758717][T10019] ? __pfx_mt_find+0x10/0x10 [ 351.758757][T10019] ? __pfx___get_user_pages+0x10/0x10 [ 351.758812][T10019] populate_vma_page_range+0x278/0x3a0 [ 351.758858][T10019] ? __pfx_populate_vma_page_range+0x10/0x10 [ 351.758898][T10019] ? __pfx_find_vma_intersection+0x10/0x10 [ 351.758935][T10019] ? do_mmap+0x69c/0x11b0 [ 351.758974][T10019] __mm_populate+0x1d8/0x380 [ 351.759016][T10019] ? __pfx___mm_populate+0x10/0x10 [ 351.759060][T10019] ? up_write+0x1b2/0x520 [ 351.759100][T10019] vm_mmap_pgoff+0x362/0x450 [ 351.759143][T10019] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 351.759188][T10019] ? __x64_sys_futex+0x1e0/0x4c0 [ 351.759232][T10019] ? __x64_sys_futex+0x1e9/0x4c0 [ 351.759286][T10019] ksys_mmap_pgoff+0x7d/0x5c0 [ 351.759320][T10019] ? rcu_is_watching+0x12/0xc0 [ 351.759365][T10019] __x64_sys_mmap+0x125/0x190 [ 351.759408][T10019] do_syscall_64+0xcd/0x260 [ 351.759445][T10019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.759478][T10019] RIP: 0033:0x7eff8a38d169 [ 351.759505][T10019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.759536][T10019] RSP: 002b:00007eff8b176038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 351.759566][T10019] RAX: ffffffffffffffda RBX: 00007eff8a5a5fa0 RCX: 00007eff8a38d169 [ 351.759588][T10019] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 351.759617][T10019] RBP: 00007eff8a40e2a0 R08: 0000000000000002 R09: 0000000000008000 [ 351.759637][T10019] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 351.759657][T10019] R13: 0000000000000000 R14: 00007eff8a5a5fa0 R15: 00007fff478894b8 [ 351.759699][T10019] [ 353.093011][T10044] syz.1.881 uses obsolete (PF_INET,SOCK_PACKET) [ 353.852330][T10031] Process accounting resumed [ 355.196616][ T5847] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 355.396269][ T30] audit: type=1800 audit(4294967344.170:10): pid=10103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.894" name="dbroot" dev="configfs" ino=30426 res=0 errno=0 [ 356.605249][T10116] netlink: 24 bytes leftover after parsing attributes in process `syz.1.897'. [ 356.614814][T10116] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 358.238776][T10149] FAULT_INJECTION: forcing a failure. [ 358.238776][T10149] name failslab, interval 1, probability 0, space 0, times 0 [ 358.305850][T10149] CPU: 1 UID: 0 PID: 10149 Comm: syz.2.902 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 358.305896][T10149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 358.305915][T10149] Call Trace: [ 358.305927][T10149] [ 358.305939][T10149] dump_stack_lvl+0x16c/0x1f0 [ 358.305980][T10149] should_fail_ex+0x512/0x640 [ 358.306029][T10149] ? fs_reclaim_acquire+0xae/0x150 [ 358.306066][T10149] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 358.306101][T10149] should_failslab+0xc2/0x120 [ 358.306148][T10149] __kmalloc_noprof+0xd2/0x510 [ 358.306200][T10149] tomoyo_realpath_from_path+0xc2/0x6e0 [ 358.306255][T10149] tomoyo_check_open_permission+0x2ab/0x3c0 [ 358.306307][T10149] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 358.306402][T10149] ? do_raw_spin_lock+0x12c/0x2b0 [ 358.306452][T10149] tomoyo_file_open+0x6b/0x90 [ 358.306493][T10149] security_file_open+0x84/0x1e0 [ 358.306525][T10149] do_dentry_open+0x596/0x1c10 [ 358.306576][T10149] vfs_open+0x82/0x3f0 [ 358.306628][T10149] path_openat+0x1e5e/0x2d40 [ 358.306684][T10149] ? __pfx_path_openat+0x10/0x10 [ 358.306735][T10149] do_filp_open+0x20b/0x470 [ 358.306774][T10149] ? __pfx_do_filp_open+0x10/0x10 [ 358.306820][T10149] ? __pfx_kfree_link+0x10/0x10 [ 358.306858][T10149] ? alloc_fd+0x471/0x7d0 [ 358.306912][T10149] do_sys_openat2+0x11b/0x1d0 [ 358.306959][T10149] ? __pfx_do_sys_openat2+0x10/0x10 [ 358.307033][T10149] __x64_sys_openat+0x174/0x210 [ 358.307079][T10149] ? __pfx___x64_sys_openat+0x10/0x10 [ 358.307126][T10149] ? rcu_is_watching+0x12/0xc0 [ 358.307174][T10149] do_syscall_64+0xcd/0x260 [ 358.307208][T10149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.307247][T10149] RIP: 0033:0x7f9477f8d169 [ 358.307271][T10149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 358.307300][T10149] RSP: 002b:00007f9478d71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 358.307328][T10149] RAX: ffffffffffffffda RBX: 00007f94781a5fa0 RCX: 00007f9477f8d169 [ 358.307365][T10149] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 358.307384][T10149] RBP: 00007f947800e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 358.307402][T10149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 358.307419][T10149] R13: 0000000000000000 R14: 00007f94781a5fa0 R15: 00007ffc62cbeee8 [ 358.307459][T10149] [ 358.607406][T10149] ERROR: Out of memory at tomoyo_realpath_from_path. [ 358.826631][T10153] CIFS: VFS: Invalid SecurityFlags: 0x00 [ 359.648778][T10160] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 359.668016][T10162] netlink: 28 bytes leftover after parsing attributes in process `syz.3.904'. [ 360.261336][T10171] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 361.011932][T10181] Invalid ELF header magic: != ELF [ 361.056325][T10181] netlink: 93 bytes leftover after parsing attributes in process `syz.3.912'. [ 361.543604][T10194] input: f as /devices/virtual/input/input10 [ 361.691057][T10195] netlink: 4 bytes leftover after parsing attributes in process `syz.3.915'. [ 362.339340][T10197] netlink: 28 bytes leftover after parsing attributes in process `syz.1.917'. [ 362.348875][T10197] team_slave_0: entered allmulticast mode [ 362.852283][ T5847] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 362.940397][ T30] audit: type=1800 audit(4294967359.707:11): pid=10205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.918" name="dbroot" dev="configfs" ino=31251 res=0 errno=0 [ 366.612358][T10289] FAULT_INJECTION: forcing a failure. [ 366.612358][T10289] name failslab, interval 1, probability 0, space 0, times 0 [ 366.646764][T10289] CPU: 0 UID: 0 PID: 10289 Comm: syz.2.939 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 366.646813][T10289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 366.646833][T10289] Call Trace: [ 366.646843][T10289] [ 366.646853][T10289] dump_stack_lvl+0x16c/0x1f0 [ 366.646893][T10289] should_fail_ex+0x512/0x640 [ 366.646952][T10289] should_failslab+0xc2/0x120 [ 366.646998][T10289] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 366.647043][T10289] ? __alloc_skb+0x2b2/0x380 [ 366.647103][T10289] __alloc_skb+0x2b2/0x380 [ 366.647153][T10289] ? __pfx___alloc_skb+0x10/0x10 [ 366.647204][T10289] ? find_held_lock+0x2b/0x80 [ 366.647248][T10289] ? net_generic+0xea/0x2a0 [ 366.647312][T10289] tipc_buf_acquire+0x26/0xe0 [ 366.647358][T10289] tipc_msg_create+0x39/0x1d0 [ 366.647408][T10289] __tipc_shutdown+0xb9d/0xee0 [ 366.647460][T10289] ? __pfx___tipc_shutdown+0x10/0x10 [ 366.647503][T10289] ? do_raw_spin_lock+0x12c/0x2b0 [ 366.647542][T10289] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 366.647581][T10289] ? __pfx_woken_wake_function+0x10/0x10 [ 366.647630][T10289] ? tipc_sk_filtering+0x420/0x520 [ 366.647679][T10289] tipc_release+0xe2/0x1640 [ 366.647721][T10289] ? down_write+0x14d/0x200 [ 366.647758][T10289] ? __pfx_down_write+0x10/0x10 [ 366.647799][T10289] ? __pfx_locks_remove_file+0x10/0x10 [ 366.647842][T10289] __sock_release+0xb0/0x270 [ 366.647878][T10289] ? __pfx_sock_close+0x10/0x10 [ 366.647920][T10289] sock_close+0x1c/0x30 [ 366.647952][T10289] __fput+0x3ff/0xb70 [ 366.648012][T10289] task_work_run+0x14d/0x240 [ 366.648054][T10289] ? __pfx_task_work_run+0x10/0x10 [ 366.648095][T10289] ? __pfx___do_sys_close_range+0x10/0x10 [ 366.648137][T10289] ? rcu_is_watching+0x12/0xc0 [ 366.648188][T10289] syscall_exit_to_user_mode+0x27b/0x2a0 [ 366.648225][T10289] do_syscall_64+0xda/0x260 [ 366.648271][T10289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.648304][T10289] RIP: 0033:0x7f9477f8d169 [ 366.648330][T10289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.648362][T10289] RSP: 002b:00007f9478d71038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 366.648394][T10289] RAX: 0000000000000000 RBX: 00007f94781a5fa0 RCX: 00007f9477f8d169 [ 366.648414][T10289] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 366.648434][T10289] RBP: 00007f947800e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 366.648453][T10289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 366.648473][T10289] R13: 0000000000000000 R14: 00007f94781a5fa0 R15: 00007ffc62cbeee8 [ 366.648516][T10289] [ 368.400171][T10326] vivid-003: ================= START STATUS ================= [ 368.457173][T10326] vivid-003: Radio HW Seek Mode: Bounded [ 368.462915][T10326] vivid-003: Radio Programmable HW Seek: false [ 368.470008][T10326] vivid-003: RDS Rx I/O Mode: Block I/O [ 368.475618][T10326] vivid-003: Generate RBDS Instead of RDS: false [ 368.496679][T10326] vivid-003: RDS Reception: true [ 368.525132][T10326] vivid-003: RDS Program Type: 0 inactive [ 368.536524][T10326] vivid-003: RDS PS Name: inactive [ 368.673264][T10326] vivid-003: RDS Radio Text: inactive [ 368.687145][T10326] vivid-003: RDS Traffic Announcement: false inactive [ 368.703748][T10326] vivid-003: RDS Traffic Program: false inactive [ 368.741266][T10326] vivid-003: RDS Music: false inactive [ 368.814371][T10326] vivid-003: ================== END STATUS ================== [ 369.593077][T10356] random: crng reseeded on system resumption [ 369.619643][ T5847] Bluetooth: hci1: unexpected event 0x02 length: 726 > 260 [ 369.643570][T10358] nbd: must specify a device to reconfigure [ 369.902249][T10358] netlink: 4 bytes leftover after parsing attributes in process `syz.1.954'. [ 371.003807][T10383] FAULT_INJECTION: forcing a failure. [ 371.003807][T10383] name fail_futex, interval 1, probability 0, space 0, times 0 [ 371.020229][T10383] CPU: 1 UID: 0 PID: 10383 Comm: syz.0.960 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 371.020274][T10383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 371.020292][T10383] Call Trace: [ 371.020303][T10383] [ 371.020315][T10383] dump_stack_lvl+0x16c/0x1f0 [ 371.020353][T10383] should_fail_ex+0x512/0x640 [ 371.020406][T10383] get_futex_key+0x49e/0x1000 [ 371.020456][T10383] ? __pfx_get_futex_key+0x10/0x10 [ 371.020500][T10383] ? kfree+0x252/0x4d0 [ 371.020548][T10383] futex_wake+0xe7/0x4e0 [ 371.020585][T10383] ? __pfx_futex_wake+0x10/0x10 [ 371.020616][T10383] ? __pfx_vfs_writev+0x10/0x10 [ 371.020654][T10383] ? do_writev+0x218/0x330 [ 371.020695][T10383] do_futex+0x1e3/0x350 [ 371.020741][T10383] ? __pfx_do_futex+0x10/0x10 [ 371.020785][T10383] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 371.020831][T10383] __x64_sys_futex+0x1e0/0x4c0 [ 371.020880][T10383] ? fput+0x70/0xf0 [ 371.020924][T10383] ? __pfx___x64_sys_futex+0x10/0x10 [ 371.020980][T10383] ? __pfx_do_writev+0x10/0x10 [ 371.021010][T10383] ? rcu_is_watching+0x12/0xc0 [ 371.021061][T10383] do_syscall_64+0xcd/0x260 [ 371.021098][T10383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.021130][T10383] RIP: 0033:0x7f2079b8d169 [ 371.021155][T10383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 371.021185][T10383] RSP: 002b:00007f207a9ea0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 371.021215][T10383] RAX: ffffffffffffffda RBX: 00007f2079da5fa8 RCX: 00007f2079b8d169 [ 371.021236][T10383] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2079da5fac [ 371.021257][T10383] RBP: 00007f2079da5fa0 R08: 00007f207a9eb000 R09: 0000000000000000 [ 371.021277][T10383] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f2079da5fac [ 371.021297][T10383] R13: 0000000000000000 R14: 00007ffd96906a90 R15: 00007ffd96906b78 [ 371.021338][T10383] [ 371.226845][T10383] syz.0.960 (10383): /proc/10384/oom_adj is deprecated, please use /proc/10384/oom_score_adj instead. [ 371.917167][T10386] can: request_module (can-proto-0) failed. [ 375.300871][T10472] netlink: 20 bytes leftover after parsing attributes in process `syz.2.981'. [ 375.332493][T10470] sctp: [Deprecated]: syz.1.980 (pid 10470) Use of struct sctp_assoc_value in delayed_ack socket option. [ 375.332493][T10470] Use struct sctp_sack_info instead [ 378.922977][T10540] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 381.516003][T10580] FAULT_INJECTION: forcing a failure. [ 381.516003][T10580] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 381.665435][T10580] CPU: 0 UID: 0 PID: 10580 Comm: syz.2.1006 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 381.665486][T10580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 381.665506][T10580] Call Trace: [ 381.665517][T10580] [ 381.665530][T10580] dump_stack_lvl+0x16c/0x1f0 [ 381.665573][T10580] should_fail_ex+0x512/0x640 [ 381.665631][T10580] _copy_from_user+0x2e/0xd0 [ 381.665687][T10580] cec_ioctl+0x2da/0x2970 [ 381.665736][T10580] ? __pfx_cec_ioctl+0x10/0x10 [ 381.665779][T10580] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 381.665831][T10580] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 381.665870][T10580] ? do_vfs_ioctl+0x512/0x1990 [ 381.665904][T10580] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 381.665965][T10580] ? find_held_lock+0x2b/0x80 [ 381.666008][T10580] ? hook_file_ioctl_common+0x145/0x410 [ 381.666082][T10580] ? __pfx_cec_ioctl+0x10/0x10 [ 381.666124][T10580] __x64_sys_ioctl+0x190/0x200 [ 381.666160][T10580] do_syscall_64+0xcd/0x260 [ 381.666201][T10580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.666235][T10580] RIP: 0033:0x7f9477f8d169 [ 381.666261][T10580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 381.666293][T10580] RSP: 002b:00007f9478d0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 381.666325][T10580] RAX: ffffffffffffffda RBX: 00007f94781a6240 RCX: 00007f9477f8d169 [ 381.666347][T10580] RDX: 00002000000000c0 RSI: 00000000c05c6104 RDI: 0000000000000005 [ 381.666368][T10580] RBP: 00007f947800e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 381.666393][T10580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 381.666413][T10580] R13: 0000000000000000 R14: 00007f94781a6240 R15: 00007ffc62cbeee8 [ 381.666455][T10580] [ 382.933972][ T5847] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 382.934021][ T5847] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 383.896534][T10614] program syz.0.1015 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 383.938360][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.944754][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.357144][T10621] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1017'. [ 384.819641][T10593] [U] . [ 385.097521][T10610] Process accounting paused [ 385.539812][T10656] random: crng reseeded on system resumption [ 386.656409][T10659] Invalid ELF header magic: != ELF [ 386.701864][T10684] hugetlbfs: syz.0.1028 (10684): Using mlock ulimits for SHM_HUGETLB is obsolete [ 386.877116][T10689] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1029'. [ 389.177230][T10736] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1038'. [ 389.211295][T10736] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.340456][T10736] bridge_slave_1 (unregistering): left allmulticast mode [ 389.363866][T10736] bridge_slave_1 (unregistering): left promiscuous mode [ 389.382870][T10736] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.007862][T10781] netlink: 544 bytes leftover after parsing attributes in process `syz.2.1046'. [ 392.179775][T10766] Invalid ELF header magic: != ELF [ 393.164022][T10802] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1049'. [ 396.629747][T10869] netlink: 452 bytes leftover after parsing attributes in process `syz.2.1061'. [ 396.891115][T10860] netlink: 452 bytes leftover after parsing attributes in process `syz.2.1061'. [ 397.840269][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 397.853982][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 397.868516][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 397.879431][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 397.890938][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 398.468718][T10898] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1069'. [ 398.917752][T10907] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(1869770799.1752444771.1684104562), cmd(5) [ 399.104522][T10892] chnl_net:caif_netlink_parms(): no params data found [ 399.573068][T10892] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.595840][T10892] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.607406][T10892] bridge_slave_0: entered allmulticast mode [ 399.625304][T10892] bridge_slave_0: entered promiscuous mode [ 399.671636][T10892] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.695928][T10892] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.709252][T10892] bridge_slave_1: entered allmulticast mode [ 399.716877][T10892] bridge_slave_1: entered promiscuous mode [ 399.905823][T10892] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 399.936602][ T5850] Bluetooth: hci2: command tx timeout [ 399.962137][T10892] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 400.115590][T10892] team0: Port device team_slave_0 added [ 400.143546][T10892] team0: Port device team_slave_1 added [ 400.370988][T10892] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 400.394566][T10892] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.469997][T10892] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 400.496010][T10929] netlink: 306 bytes leftover after parsing attributes in process `syz.0.1075'. [ 400.517856][T10892] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 400.534965][T10892] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.601906][T10892] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 401.233131][T10892] hsr_slave_0: entered promiscuous mode [ 401.258181][T10892] hsr_slave_1: entered promiscuous mode [ 401.308651][T10892] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 401.316279][T10892] Cannot create hsr debugfs directory [ 402.007058][ T5850] Bluetooth: hci2: command tx timeout [ 402.389119][T10892] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 402.444490][T10892] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 402.523606][T10892] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 402.614592][T10892] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 403.426199][T10989] device-mapper: ioctl: only supply one of name or uuid, cmd(17) [ 403.613379][T10892] 8021q: adding VLAN 0 to HW filter on device bond0 [ 403.689818][T10892] 8021q: adding VLAN 0 to HW filter on device team0 [ 403.730802][ T9718] bridge0: port 1(bridge_slave_0) entered blocking state [ 403.738049][ T9718] bridge0: port 1(bridge_slave_0) entered forwarding state [ 403.796564][ T9718] bridge0: port 2(bridge_slave_1) entered blocking state [ 403.803850][ T9718] bridge0: port 2(bridge_slave_1) entered forwarding state [ 404.089167][ T5850] Bluetooth: hci2: command tx timeout [ 404.239096][T11003] random: crng reseeded on system resumption [ 404.378396][T10892] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 405.259447][T10892] veth0_vlan: entered promiscuous mode [ 405.264903][T11025] Invalid ELF header magic: != ELF [ 405.440090][T10892] veth1_vlan: entered promiscuous mode [ 405.602907][T10892] veth0_macvtap: entered promiscuous mode [ 405.635050][T10892] veth1_macvtap: entered promiscuous mode [ 405.686865][T10892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.720319][T10892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.746295][T10892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.770398][T10892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.798547][T10892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.817261][T10892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.829496][T10892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.841178][T10892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.855180][T10892] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 405.869005][T10892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 405.919688][T10892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.947077][T10892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 405.972687][T10892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.012504][T10892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.047127][T10892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.097702][T10892] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.152955][T10892] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.165192][T10892] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 406.176983][ T5850] Bluetooth: hci2: command tx timeout [ 406.262297][T10892] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.323625][T10892] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.337099][T10892] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.348775][T10892] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 407.720245][ T9694] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 407.761216][ T9694] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 407.990494][ T9718] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 408.001066][ T9718] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 409.753649][ T9719] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.015568][ T9719] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.355821][ T9719] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.524639][ T9719] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.919023][ T9719] bond0: left allmulticast mode [ 410.960967][ T9719] bond_slave_0: left allmulticast mode [ 410.977257][ T9719] bond_slave_1: left allmulticast mode [ 410.983240][ T9719] bond0: left promiscuous mode [ 410.988919][ T9719] bond_slave_0: left promiscuous mode [ 410.994634][ T9719] bond_slave_1: left promiscuous mode [ 411.010597][ T9719] bridge0: port 4(bond0) entered disabled state [ 411.037827][ T9719] team0: left allmulticast mode [ 411.042790][ T9719] team_slave_1: left allmulticast mode [ 411.055054][ T9719] team0: left promiscuous mode [ 411.064274][ T9719] team_slave_1: left promiscuous mode [ 411.072785][ T9719] bridge0: port 3(team0) entered disabled state [ 411.086568][ T9719] bridge_slave_1: left allmulticast mode [ 411.092593][ T9719] bridge_slave_1: left promiscuous mode [ 411.101827][ T9719] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.115490][ T9719] bridge_slave_0: left allmulticast mode [ 411.122394][ T9719] bridge_slave_0: left promiscuous mode [ 411.130552][ T9719] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.392575][T11134] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1105'. [ 411.423681][ T9719] erspan0 (unregistering): left allmulticast mode                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        syzkaller syzkaller login: [ 486.572869][T13301] caif:caif_disconnect_client(): nothing to disconnect [ 486.850445][T13313] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 489.553564][T13385] netlink: 504 bytes leftover after parsing attributes in process `syz.0.1556'. [ 489.621782][T13385] netlink: 350 bytes leftover after parsing attributes in process `syz.0.1556'. [ 489.696174][T13376] netlink: 226 bytes leftover after parsing attributes in process `syz.2.1554'. [ 489.721040][T13376] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1554'. [ 489.753234][T13376] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 489.974228][T13401] Invalid ELF header magic: != ELF [ 491.815104][T13453] netlink: set zone limit has 8 unknown bytes [ 492.157181][T13468] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe06000 pfn:0x7fe00 [ 492.206893][T13468] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 492.246990][T13468] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 492.296913][T13468] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 492.306466][T13468] raw: ffff88807fe06000 0000000000000000 00000008ffffffff 0000000000000000 [ 492.357196][T13472] could not allocate digest TFM handle binfmt_misc [ 492.426794][T13468] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 492.440867][T13468] head: ffff88807fe06000 0000000000000000 00000008ffffffff 0000000000000000 [ 492.451290][T13468] head: 00fff00000000003 ffffea0001ff8001 ffffffffffffffff 0000000000000000 [ 492.467083][T13468] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 492.494143][T13468] page dumped because: unmovable page [ 492.495207][T13482] zswap: compressor not available [ 492.507729][T13468] page_owner tracks the page as allocated [ 492.519059][T13468] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5692, tgid 5692 (sshd), ts 81041661800, free_ts 80984806868 [ 492.558916][T13468] post_alloc_hook+0x181/0x1b0 [ 492.568403][T13468] get_page_from_freelist+0x10fc/0x35c0 [ 492.578864][T13468] __alloc_frozen_pages_noprof+0x223/0x2370 [ 492.593875][T13468] alloc_pages_mpol+0x1fb/0x550 [ 492.602116][T13468] alloc_pages_noprof+0x131/0x390 [ 492.617092][T13468] skb_page_frag_refill+0x182/0x350 [ 492.623289][T13468] try_fill_recv+0x754/0x2150 [ 492.658058][T13468] virtnet_poll+0x1d19/0x39e0 [ 492.688656][T13468] __napi_poll.constprop.0+0xb7/0x550 [ 492.694727][T13468] net_rx_action+0xa97/0x1010 [ 492.706203][T13468] handle_softirqs+0x216/0x8e0 [ 492.716628][T13468] __irq_exit_rcu+0x109/0x170 [ 492.730723][T13468] irq_exit_rcu+0x9/0x30 [ 492.740874][T13468] common_interrupt+0xbf/0xe0 [ 492.767070][T13468] asm_common_interrupt+0x26/0x40 [ 492.786996][T13468] page last free pid 5789 tgid 5789 stack trace: [ 492.794217][T13468] __free_frozen_pages+0x69d/0xf90 [ 492.818737][T13468] __put_partials+0x16d/0x1c0 [ 492.828016][T13468] qlist_free_all+0x4e/0x120 [ 492.846967][T13468] kasan_quarantine_reduce+0x195/0x1e0 [ 492.856931][T13468] __kasan_slab_alloc+0x69/0x90 [ 492.862797][T13468] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 492.876944][T13468] getname_flags.part.0+0x48/0x540 [ 492.889408][T13468] getname_flags+0x93/0xf0 [ 492.897117][T13468] vfs_fstatat+0xe1/0xf0 [ 492.902669][T13468] __do_sys_newfstatat+0xa1/0x130 [ 492.910177][T13468] do_syscall_64+0xcd/0x260 [ 492.915273][T13468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.663250][T13531] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 3000000000 [ 494.768804][T13535] [U] [ 494.771831][T13535] [U] [ 494.774816][T13535] [U] [ 494.777796][T13535] [U] [ 494.789217][T13535] [U] [ 494.792258][T13535] [U] [ 494.795238][T13535] [U] [ 494.798219][T13535] [U] [ 494.900401][T13535] [U] [ 494.903486][T13535] [U] [ 494.906500][T13535] [U] [ 494.909511][T13535] [U] [ 494.935270][T13535] [U] [ 494.949719][T13535] [U] IO [ 494.983043][T13535] [U] |QeWdu6rc_;p&J0VQڞizPMhHU9); [ 495.045368][T13535] [U] TLZmy"c[N?AlRM*-OIm" [ 495.064154][T13535] [U] [ 495.070641][T13535] [U] YGT0< [ 495.079351][T13535] [U] QeN [ 495.086983][T13535] [U] Uİ"8Mg  [ 495.097327][T13535] [U] ma KHR0AyiNfvWVt&vxc)kji?|qс)LX%avČׂ"[И ,2Ѫa$29 CEٵ7w`R*ތku-(GyOl A#1=Qv>8d4pn-: [ 495.116960][T13535] [U] `5S˛Rt&$v;r(ԆOPW)($dWvcqE{K>IQBUy H\8u [ 495.176894][T13535] [U] Z},>nqYhg`Kv'JFfq|?& pw [ 495.208643][T13535] [U] MB'k [ 495.215526][T13535] [U] 2gP [ 495.234555][T13535] [U] /q=5gHJFU)_͐tB |4r8 L/k&T(󓢯h PA":h{R [ 495.270607][T13535] [U] >,0Z+6 E[ jPLjֱ6"ǃ7M@8#1[)#QʫO7|7I}'8ۑpՄn;xL7mw [ 495.303694][T13535] [U] ـ"4j|ڊn!g [ 495.314648][T13535] [U] Dh&BFbV [ 495.320238][T13535] [U] W nؓo%ajR$|'asm̆iE#AYie6lW_N(JMcFƝ-Ĉ]z, `C(W ؙnLNWFi/%D4a#j#>2Z|{' u⃷2۬PR8B܃MxwըEvM [ 495.345484][T13535] [U] ޗ2'puimctiw^oowyt*ކp6 %0ꤼ2%uoUU:n(7ۆ]J\L~)^b \a^ʘu7pD|q^^ڠjlڃ8ALT˺If}y2IA$1{d)qNzP+AB[wq.g+v[A 毑2#Qũ&~U򌌨]`Yv$)]񥑷)a]DP*7+Z [ 495.423633][T13535] [U] ٌ̰v˻is [ 495.428365][T13535] [U] .#-;(}"U [ 495.456485][T13549] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1599'. [ 495.474409][T13535] [U] v7։$dϐ$*@OĮq3!2 [ 495.519970][T13535] [U] JQ|4MwcoB H" TG, b7\R?Sn[ʪ}Q_obJwDVii!9k&CׁojtT1*8;H'*^#ҏjj]OVoyH|L [ 495.568115][T13535] [U] &](6{Vf\NRi.lQpe= %r [ 495.586128][T13535] [U] 040qF& >yCE7Ʃrvr"N [ 495.611359][T13535] [U] T0Աfb8o`_K?Q]ZBSթ.eewu5~TΤ`%u|K1#n\V\r+#g [ 495.664605][T13535] [U] @бтNVH'\A]j+pUYk. qxLa2G [ 495.681394][T13535] [U] 4FOoǠ!jMeP6ڷl㙛\KyS1Kjg9G2x 'ڃ, DvX@lYgu4;zA=d<^|5]?Cw"QDP17P%·o$0(m0w-Q [ 495.966908][T13535] [U] U [ 495.970333][T13535] [U] ZDr-KuY5A(:N9{7enyxRY> [ 495.977321][T13535] [U] s=m[CVۮ8>ɷqT8B)"ЗߔK!d׽PW[q [ 496.251784][T13535] [U] iXN cH,8c-Y\ڣ~E^F؋d`)nkGe3+ bDd?-; iM+Qer猶 ê^OAr7qыlȜȱ~=a1Z;SP] [ 496.364863][T13535] [U] > Mt&i!@dƅPeП{]~P)=J+;4N3GUDْIV>B{Ae$Rsu0 [ 496.462668][T13535] [U] tf<'B*vWyfQ"ًC%ZB=0zG*`w%ұ$ӡV [ 496.859502][T13568] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1603'. [ 497.528668][T13586] caif:caif_disconnect_client(): nothing to disconnect [ 497.819416][ T5847] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 497.819462][ T5847] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 498.684693][ T9840] ima: policy update failed [ 498.699048][ T30] audit: type=1802 audit(4294967375.085:18): pid=9840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.838" res=0 errno=0 [ 498.784249][T13584] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 498.784249][T13584] The task syz.2.1607 (13584) triggered the difference, watch for misbehavior. [ 500.268579][ T55] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 500.280210][ T55] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 500.288494][ T55] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 500.297359][ T55] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 500.306601][ T55] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 500.835170][T13648] chnl_net:caif_netlink_parms(): no params data found [ 500.943489][T13648] bridge0: port 1(bridge_slave_0) entered blocking state [ 500.955001][T13648] bridge0: port 1(bridge_slave_0) entered disabled state [ 500.965496][T13648] bridge_slave_0: entered allmulticast mode [ 500.974231][T13648] bridge_slave_0: entered promiscuous mode [ 501.004607][T13648] bridge0: port 2(bridge_slave_1) entered blocking state [ 501.014879][T13648] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.026947][T13648] bridge_slave_1: entered allmulticast mode [ 501.035451][T13648] bridge_slave_1: entered promiscuous mode [ 501.076655][T13648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 501.118589][T13648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 501.234690][T13648] team0: Port device team_slave_0 added [ 501.259671][T13648] team0: Port device team_slave_1 added [ 501.359675][T13648] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 501.369770][T13648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 501.475749][T13648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 501.515080][T13648] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 501.525969][T13648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 501.579149][T13648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 501.819119][T13648] hsr_slave_0: entered promiscuous mode [ 502.399005][T13648] hsr_slave_1: entered promiscuous mode [ 502.416352][T13648] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 502.426914][ T55] Bluetooth: hci4: command tx timeout [ 502.458994][T13648] Cannot create hsr debugfs directory [ 502.947807][T13699] Invalid ELF header magic: != ELF [ 502.981552][T13697] Invalid ELF header magic: != ELF [ 503.052847][T13648] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 503.085901][T13648] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 503.141487][T13648] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 503.211910][T13648] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 503.650000][T13648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 503.829708][T13648] 8021q: adding VLAN 0 to HW filter on device team0 [ 503.875718][ T9044] bridge0: port 1(bridge_slave_0) entered blocking state [ 503.883618][ T9044] bridge0: port 1(bridge_slave_0) entered forwarding state [ 503.976324][ T9710] bridge0: port 2(bridge_slave_1) entered blocking state [ 503.984210][ T9710] bridge0: port 2(bridge_slave_1) entered forwarding state [ 504.406137][T13648] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 504.487192][ T55] Bluetooth: hci4: command tx timeout [ 505.084256][T13648] veth0_vlan: entered promiscuous mode [ 505.153390][T13648] veth1_vlan: entered promiscuous mode [ 505.250992][T13648] veth0_macvtap: entered promiscuous mode [ 505.341689][T13648] veth1_macvtap: entered promiscuous mode [ 505.438913][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 505.454519][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 505.467696][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 505.480376][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 505.491326][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 505.503096][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 505.514054][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 505.526194][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 505.538713][T13648] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 505.552654][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 505.564431][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 505.575446][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 505.587760][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 505.599503][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 505.636529][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 505.649668][T13648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 505.661644][T13648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 505.680703][T13648] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 505.703772][T13648] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.716197][T13648] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.728464][T13648] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.739139][T13648] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.833571][T13648] ieee80211 phy28: Selected rate control algorithm 'minstrel_ht' [ 505.940769][ T9691] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 505.950369][ T9691] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 506.020869][T13648] ieee80211 phy29: Selected rate control algorithm 'minstrel_ht' [ 506.130512][ T9048] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 506.163264][ T9048] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 506.384524][T13776] ================================================================== [ 506.393442][T13776] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340 [ 506.402155][T13776] Read of size 8 at addr ffff88802820c800 by task syz.4.1644/13776 [ 506.410859][T13776] [ 506.413433][T13776] CPU: 0 UID: 0 PID: 13776 Comm: syz.4.1644 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 506.413472][T13776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 506.413490][T13776] Call Trace: [ 506.413500][T13776] [ 506.413511][T13776] dump_stack_lvl+0x116/0x1f0 [ 506.413544][T13776] print_report+0xc3/0x670 [ 506.413583][T13776] ? __virt_addr_valid+0x5e/0x590 [ 506.413624][T13776] ? __phys_addr+0xc6/0x150 [ 506.413665][T13776] ? force_devcd_write+0x312/0x340 [ 506.413699][T13776] kasan_report+0xe0/0x110 [ 506.413737][T13776] ? force_devcd_write+0x312/0x340 [ 506.413775][T13776] force_devcd_write+0x312/0x340 [ 506.413810][T13776] ? __pfx_force_devcd_write+0x10/0x10 [ 506.413846][T13776] ? __debugfs_file_get+0x1fe/0x840 [ 506.413882][T13776] ? __pfx___debugfs_file_get+0x10/0x10 [ 506.413920][T13776] ? rcu_is_watching+0x12/0xc0 [ 506.413957][T13776] full_proxy_write+0x13c/0x200 [ 506.413995][T13776] vfs_write+0x25c/0x1180 [ 506.414023][T13776] ? __pfx_full_proxy_write+0x10/0x10 [ 506.414062][T13776] ? __pfx___mutex_lock+0x10/0x10 [ 506.414090][T13776] ? __pfx_vfs_write+0x10/0x10 [ 506.414119][T13776] ? __fget_files+0x204/0x3c0 [ 506.414149][T13776] ? rcu_is_watching+0x12/0xc0 [ 506.414185][T13776] ? __fget_files+0x20e/0x3c0 [ 506.414227][T13776] ksys_write+0x12a/0x240 [ 506.414255][T13776] ? __pfx_ksys_write+0x10/0x10 [ 506.414284][T13776] ? rcu_is_watching+0x12/0xc0 [ 506.414319][T13776] ? rcu_is_watching+0x12/0xc0 [ 506.414355][T13776] do_syscall_64+0xcd/0x260 [ 506.414384][T13776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.414412][T13776] RIP: 0033:0x7f3ef5b8d169 [ 506.414433][T13776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 506.414463][T13776] RSP: 002b:00007f3ef6a1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 506.414489][T13776] RAX: ffffffffffffffda RBX: 00007f3ef5da5fa0 RCX: 00007f3ef5b8d169 [ 506.414507][T13776] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000008 [ 506.414523][T13776] RBP: 00007f3ef5c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 506.414540][T13776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 506.414557][T13776] R13: 0000000000000000 R14: 00007f3ef5da5fa0 R15: 00007fff7e5dbfc8 [ 506.414583][T13776] [ 506.414592][T13776] [ 506.669781][T13776] Allocated by task 5838: [ 506.674561][T13776] kasan_save_stack+0x33/0x60 [ 506.679754][T13776] kasan_save_track+0x14/0x30 [ 506.684947][T13776] __kasan_kmalloc+0xaa/0xb0 [ 506.690017][T13776] vhci_open+0x4c/0x430 [ 506.694607][T13776] misc_open+0x35a/0x420 [ 506.699286][T13776] chrdev_open+0x231/0x6a0 [ 506.704169][T13776] do_dentry_open+0x741/0x1c10 [ 506.709430][T13776] vfs_open+0x82/0x3f0 [ 506.713928][T13776] path_openat+0x1e5e/0x2d40 [ 506.718997][T13776] do_filp_open+0x20b/0x470 [ 506.723971][T13776] do_sys_openat2+0x11b/0x1d0 [ 506.729147][T13776] __x64_sys_openat+0x174/0x210 [ 506.734515][T13776] do_syscall_64+0xcd/0x260 [ 506.739484][T13776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.745982][T13776] [ 506.748543][T13776] Freed by task 13600: [ 506.753021][T13776] kasan_save_stack+0x33/0x60 [ 506.758322][T13776] kasan_save_track+0x14/0x30 [ 506.763500][T13776] kasan_save_free_info+0x3b/0x60 [ 506.769052][T13776] __kasan_slab_free+0x51/0x70 [ 506.774326][T13776] kfree+0x2b6/0x4d0 [ 506.778625][T13776] vhci_release+0xbb/0xf0 [ 506.783409][T13776] __fput+0x3ff/0xb70 [ 506.787812][T13776] task_work_run+0x14d/0x240 [ 506.792875][T13776] do_exit+0xafe/0x2d90 [ 506.797453][T13776] do_group_exit+0xd3/0x2a0 [ 506.802414][T13776] get_signal+0x2673/0x26d0 [ 506.807394][T13776] arch_do_signal_or_restart+0x8f/0x7d0 [ 506.813525][T13776] syscall_exit_to_user_mode+0x150/0x2a0 [ 506.819735][T13776] do_syscall_64+0xda/0x260 [ 506.824701][T13776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.831196][T13776] [ 506.833757][T13776] The buggy address belongs to the object at ffff88802820c800 [ 506.833757][T13776] which belongs to the cache kmalloc-1k of size 1024 [ 506.849230][T13776] The buggy address is located 0 bytes inside of [ 506.849230][T13776] freed 1024-byte region [ffff88802820c800, ffff88802820cc00) [ 506.864329][T13776] [ 506.866894][T13776] The buggy address belongs to the physical page: [ 506.873950][T13776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28208 [ 506.883594][T13776] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 506.892949][T13776] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 506.901256][T13776] page_type: f5(slab) [ 506.905649][T13776] raw: 00fff00000000040 ffff88801b441dc0 ffffea0000ed4c00 dead000000000002 [ 506.915119][T13776] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 506.924590][T13776] head: 00fff00000000040 ffff88801b441dc0 ffffea0000ed4c00 dead000000000002 [ 506.934146][T13776] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 506.943704][T13776] head: 00fff00000000003 ffffea0000a08201 ffffffffffffffff 0000000000000000 [ 506.953256][T13776] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 506.962801][T13776] page dumped because: kasan: bad access detected [ 506.969855][T13776] page_owner tracks the page as allocated [ 506.976149][T13776] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 48, tgid 48 (kworker/u8:3), ts 16237428660, free_ts 0 [ 506.996331][T13776] post_alloc_hook+0x181/0x1b0 [ 507.001606][T13776] get_page_from_freelist+0x10fc/0x35c0 [ 507.007728][T13776] __alloc_frozen_pages_noprof+0x223/0x2370 [ 507.014233][T13776] new_slab+0x94/0x330 [ 507.018720][T13776] ___slab_alloc+0xd9c/0x1940 [ 507.023881][T13776] __slab_alloc.constprop.0+0x56/0xb0 [ 507.029805][T13776] __kmalloc_cache_node_noprof+0x100/0x420 [ 507.036211][T13776] blk_mq_alloc_and_init_hctx+0x639/0x11c0 [ 507.042616][T13776] blk_mq_realloc_hw_ctxs+0x8f6/0xc00 [ 507.048544][T13776] blk_mq_init_allocated_queue+0x3af/0x1230 [ 507.055055][T13776] blk_mq_alloc_queue+0x1c2/0x290 [ 507.060609][T13776] scsi_alloc_sdev+0x88f/0xd80 [ 507.065879][T13776] scsi_probe_and_add_lun+0x76b/0xd80 [ 507.071817][T13776] __scsi_scan_target+0x1e8/0x580 [ 507.077355][T13776] scsi_scan_channel+0x149/0x1e0 [ 507.082805][T13776] scsi_scan_host_selected+0x302/0x400 [ 507.088821][T13776] page_owner free stack trace missing [ 507.094728][T13776] [ 507.097294][T13776] Memory state around the buggy address: [ 507.103488][T13776] ffff88802820c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 507.112367][T13776] ffff88802820c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 507.121246][T13776] >ffff88802820c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 507.130506][T13776] ^ [ 507.134985][T13776] ffff88802820c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 507.143862][T13776] ffff88802820c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 507.152733][T13776] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 507.184342][ T55] Bluetooth: hci4: command tx timeout [ 507.214001][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.221967][T13776] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 507.229951][T13776] CPU: 1 UID: 0 PID: 13776 Comm: syz.4.1644 Not tainted 6.14.0-syzkaller-11270-g08733088b566 #0 PREEMPT(full) [ 507.242890][T13776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 507.254056][T13776] Call Trace: [ 507.257666][T13776] [ 507.260892][T13776] dump_stack_lvl+0x3d/0x1f0 [ 507.265954][T13776] panic+0x71c/0x800 [ 507.270249][T13776] ? __pfx_panic+0x10/0x10 [ 507.275126][T13776] ? rcu_is_watching+0x12/0xc0 [ 507.280409][T13776] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 507.287010][T13776] ? preempt_schedule_thunk+0x16/0x30 [ 507.292943][T13776] ? force_devcd_write+0x312/0x340 [ 507.298592][T13776] ? preempt_schedule_common+0x44/0xc0 [ 507.304627][T13776] ? force_devcd_write+0x312/0x340 [ 507.310264][T13776] check_panic_on_warn+0xab/0xb0 [ 507.315725][T13776] end_report+0x107/0x170 [ 507.320517][T13776] kasan_report+0xee/0x110 [ 507.325413][T13776] ? force_devcd_write+0x312/0x340 [ 507.331068][T13776] force_devcd_write+0x312/0x340 [ 507.336546][T13776] ? __pfx_force_devcd_write+0x10/0x10 [ 507.342576][T13776] ? __debugfs_file_get+0x1fe/0x840 [ 507.348321][T13776] ? __pfx___debugfs_file_get+0x10/0x10 [ 507.354453][T13776] ? rcu_is_watching+0x12/0xc0 [ 507.359725][T13776] full_proxy_write+0x13c/0x200 [ 507.365092][T13776] vfs_write+0x25c/0x1180 [ 507.369880][T13776] ? __pfx_full_proxy_write+0x10/0x10 [ 507.375824][T13776] ? __pfx___mutex_lock+0x10/0x10 [ 507.381375][T13776] ? __pfx_vfs_write+0x10/0x10 [ 507.386645][T13776] ? __fget_files+0x204/0x3c0 [ 507.391816][T13776] ? rcu_is_watching+0x12/0xc0 [ 507.397083][T13776] ? __fget_files+0x20e/0x3c0 [ 507.402275][T13776] ksys_write+0x12a/0x240 [ 507.407058][T13776] ? __pfx_ksys_write+0x10/0x10 [ 507.412484][T13776] ? rcu_is_watching+0x12/0xc0 [ 507.417760][T13776] ? rcu_is_watching+0x12/0xc0 [ 507.423026][T13776] do_syscall_64+0xcd/0x260 [ 507.428031][T13776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.434550][T13776] RIP: 0033:0x7f3ef5b8d169 [ 507.439420][T13776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 507.461006][T13776] RSP: 002b:00007f3ef6a1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 507.470285][T13776] RAX: ffffffffffffffda RBX: 00007f3ef5da5fa0 RCX: 00007f3ef5b8d169 [ 507.479078][T13776] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000008 [ 507.487864][T13776] RBP: 00007f3ef5c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 507.496652][T13776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 507.505431][T13776] R13: 0000000000000000 R14: 00007f3ef5da5fa0 R15: 00007fff7e5dbfc8 [ 507.514222][T13776] [ 507.517818][T13776] Kernel Offset: disabled [ 507.522589][T13776] Rebooting in 86400 seconds..