last executing test programs: 8.897348491s ago: executing program 1 (id=5298): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x20401, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SETHMAC(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000b00)={0x14, r1, 0xf1b, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x44040}, 0x8040) (fail_nth: 7) r2 = open(0x0, 0x220c0, 0x4) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r2, 0x80083314, 0x0) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) 8.520822861s ago: executing program 1 (id=5300): unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x6, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x15, 0x401, 0x2ffffffffffd) setpgid$auto(0x0, 0x0) mmap$auto(0x6aa, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x800, 0x100) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio1\x00', 0x4a4b42, 0x0) r1 = socket(0x11, 0x2, 0xffffffff) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) ioctl$auto_PROCMAP_QUERY(r2, 0xc0686611, &(0x7f0000000080)={0x67, 0x0, 0x7fff, 0x5, 0x80000000003, 0xfffbffffffffff80, 0x80000001, 0xff, 0x6, 0x7, 0xfbfffffe, 0x5, 0x0, 0x7, 0x80000005}) setsockopt$auto(r1, 0x107, 0x5, 0x0, 0x8004) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pts/ptmx\x00', 0x0, 0x0) write$auto(0x3, 0x0, 0x7ffffffa) mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) syz_clone3(&(0x7f0000000240)={0x8000000, &(0x7f0000000000), &(0x7f0000000040), 0x0, {0x3b}, 0x0, 0x0, 0x0, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x58) setregid$auto(0x0, 0x3) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r3 = getpgid(0x0) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mount$auto(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2002, 0x0) socket(0x2, 0x1, 0x0) rt_tgsigqueueinfo$auto(0xffffffffffffffff, r3, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0xe, 0x85, @_sigchld={r3, 0x0, 0x401, 0x5, 0x3}}}) open(&(0x7f0000000180)='./file0\x00', 0x20000, 0x40) 4.182444059s ago: executing program 3 (id=5310): mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x21000000, 0x7, 0x3fd6, 0x3, 0x200000) 3.881936047s ago: executing program 3 (id=5313): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x82800, 0x0) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x20100, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) rseq$auto(&(0x7f0000000040)={0xfffffff7, 0x7fffffff, 0xff, 0xd13, 0x1, 0x1, "cfa38ad194b4dc36fcf49e9690f582f022"}, 0x40, 0x80, 0x5) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/sctp/snmp\x00', 0x109002, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x18, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) memfd_secret$auto(0x0) ftruncate$auto(0x3, 0x700) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/tty/driver/usbserial\x00', 0x302, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto(r1, 0x1, 0x1, &(0x7f00000002c0)='.*+%\x00', &(0x7f0000000300)=0xfff) pread64$auto(r0, 0x0, 0x100000001, 0x100) socket(0x2b, 0x1, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x80, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) r2 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0xb, 0x200000001, 0x12, r2, 0x8000) ioctl$auto(0xffffffffffffffff, 0x5523, 0xffffffffffffffff) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) 3.714431296s ago: executing program 0 (id=5314): r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x26}}, 0x71) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000005b40)={0x1c, r3, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x1c}}, 0x4000000) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) r5 = io_uring_setup$auto(0x1, 0x0) socket(0x1f, 0x2, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r0, 0x0, 0x4008080) r6 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_clock\x00', 0x620501, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r6, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0c/sub0/sw_params\x00', 0x40, 0x0) pread64$auto(r7, 0x0, 0x10001, 0x830) close_range$auto(r5, 0x8, 0x1) r8 = socketpair$auto(0x1, 0x0, 0xfffffffc, 0x0) r9 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) ioctl$auto_TIOCSETD2(r9, 0x5423, 0x0) socketpair$auto(0x4, 0x1, 0x20000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) sendmsg$auto_NL80211_CMD_SET_WIPHY(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x20040010}, 0x2404c094) socketpair$auto(0x6000000, 0xd1d000, 0x3bfb, &(0x7f0000000180)=0x8) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp1\x00', 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x7, 0x0) 3.53977189s ago: executing program 3 (id=5315): r0 = socket(0x1d, 0x2, 0x6) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd, 0xfd000000}, 0x6a) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) (async) shmctl$auto(0x800, 0x100, &(0x7f0000000300)={{0x7, 0xee01, 0x0, 0x2757, 0x2, 0x6, 0x71b5}, 0x6, 0x3, 0xc, 0x8, @raw=0x4, @inferred, 0x2, 0x0, &(0x7f00000000c0)="c9d8fd7fa60a4d8d740e17e64a12855b4d897ada26ed1b9168053f39605b2011a018897c6734e563219d73622c58e3b1c2fcd90ab3dacb87d1ed1942fdb1398f884fdfd3ee2bd5d9a82d3f7f14d5b45fd533f29f6c7c79ccfc9f1b7c4b92671240f33d227d96c2", &(0x7f0000000200)="6dee8f8d29f4c2f97bdfcbb4fd0cfaa3f6d26edaa4207b68aed31932377b670ef4ed260726466ad4e3ec06ce1654a47a3d5ca0484ffefd49ea1b20f0e1a7bceded9b5b0cbe02f5d22bc25dd343b1455b6948186478e17386561cee2a78d9ec439131a75d0c9fcc0a6c0179329048c438b7b6e39d909364da916f7a3c21cec35d35431d11b3a66aaee8e4287415221e61c8753e106f066f8a3c67fae3dd852d6c74221c3d833ac6ab491bd1cc004768a12e4852d69aabb016b9327b022e48bc35bec6003094c205ea4b6f989be46d040e1ec14eef68b4"}) r2 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/bluetooth/hci7/power\x00', 0x10002, 0x0) (async, rerun: 64) r3 = openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/projid_map\x00', 0x412000, 0x0) (rerun: 64) ioctl$auto_XFS_IOC_SWAPEXT(r2, 0xc0c0586d, &(0x7f0000000380)={0xffffffffffffffff, @inferred=r0, @inferred=r3, 0x2, 0x9, '\x00', {0x2e, 0x0, 0x5, 0xffffffffffffffff, 0xffffffffffffffff, 0xcde, 0x3ff, 0x9f, {0x1, 0x9}, {0x0, 0xfffffffa}, {0xf, 0x5}, 0x3, 0x200, 0x2, 0xf, 0x0, 0x8000, 0x5, 0x6, 0x4, 0x5, '\x00', 0x91, 0x101, 0x80, 0xf61}}) chown$auto(&(0x7f0000000000)='./file0\x00', r1, r4) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) (async, rerun: 64) rt_sigaction$auto(0x5, &(0x7f0000000140)={&(0x7f0000000040)=0x0, 0x9, 0x0, {0x81}}, 0x0, 0x8) (async, rerun: 64) bind$auto(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x9, "cc00000008f0ffffff000100"}, 0x6b) (async, rerun: 64) r5 = gettid() (async, rerun: 64) r6 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x24, r6, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) (async, rerun: 64) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x800, 0x12) (rerun: 64) name_to_handle_at$auto(r9, &(0x7f00000004c0)='\x00', &(0x7f0000000600)={0xf5, 0x4, "c4546c233bcc4049e26929f8f51db8a5609587416e71bc79b13687845b0206720ea62e5a60cba64face2b66af14f86cd80cc4e8dac4db5d43231498ec09fbe16302f63cb0eca147251a85a03c7536e1aabab107e707090a96f41fd91bf46bb59328a99e7748cf456c4cf6e92adcbbf3d3ad65a4ca288251aaa709db40e0a095766da9ef0fac1e3901d5cd31f8e35a141f35bbc29fb01b84ee67e9ee3af1d6d6b4a85c28fe6dfa0dbd5a1cafca21872d0da82486adf612ad5f65342918411afe9d4793abbc7ee8ebae85d3d2f2627c85e6b9f02b8e6ac7c9f841ea6e4917267241fba52989a5a16fe7bdc5c4c5fc3077fb004aa04c0"}, &(0x7f0000000500)="dde658f8b37456940d536f531c343e8cb0d5a8e128c82c3862c9638be58abba8fefbb71456647f55c0b99a4ccbb8ce06b31d2a435cb95081d378d2cac57f7c8d40a46030aac8cb30f9d0c123243ffc", 0x2) rt_sigqueueinfo$auto(r5, 0x1, 0x0) 3.309771116s ago: executing program 2 (id=5316): openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x183440, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x801, 0x84) socket(0x2, 0x1, 0x0) socket(0x1, 0x2, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) fcntl$auto(0x3, 0x400, 0x2) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x183440, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 3.106461439s ago: executing program 2 (id=5317): mmap$auto(0x0, 0xdb33, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x4f1, 0x1) socket(0x80000000000000a, 0x2, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mtdblock0\x00', 0x18fc02, 0x0) ioctl$auto(0x3, 0x1274, r0) 2.953774921s ago: executing program 2 (id=5318): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) r0 = open(&(0x7f0000000100)='./cgroup\x00', 0x105040, 0x0) r1 = open_by_handle_at$auto(r0, 0x0, 0xffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x2a801, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) poll$auto(&(0x7f0000000040)={r1, 0x1, 0xa}, 0x5, 0x108) pwrite64$auto(r2, 0x0, 0x7b05, 0x5) prctl$auto_PR_PAC_RESET_KEYS(0x36, 0x0, 0xffffffffffffffff, 0x9, 0x7) write$auto(0xffffffffffffffff, &(0x7f0000000000)='\'\x00', 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0x10011, 0xfffffffffffffffa, 0x8000) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)={0x14, r3, 0x1, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) (fail_nth: 1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) prctl$auto_PR_PAC_RESET_KEYS(0x36, 0x5, 0xc79, 0xe9f2, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) ioctl$auto(r5, 0x5646, r5) mmap$auto(0x101, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x0, 0x0) ppoll$auto(&(0x7f0000000040)={r6, 0x4, 0xa7}, 0x1c, 0x0, 0x0, 0x8) read$auto_drm_debugfs_entry_fops_drm_debugfs(r7, 0x0, 0x0) socket(0xa, 0x2, 0x0) 2.919944631s ago: executing program 0 (id=5319): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu\x00', 0x108002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r1) sendmsg$auto_NL80211_CMD_VENDOR(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r2, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x82000000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x4000841) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_START(r3, &(0x7f0000000140)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r2, 0x20, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc044}, 0xc041) socketpair$auto(0x1, 0x4, 0x701, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r4 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000980), 0x400, 0x0) writev$auto(r4, &(0x7f0000000a80)={&(0x7f00000009c0)="0090d677c6a0698d0461b2d89cfd9260a00f8d6a682bb050a30f5e2810269313e34a9b9cb1de9f90d48990c98246fc1c30fb90a4da57f54723b6aafbebbfb9c6a1d351fc59ae9ebeaddf2239a4cb5d7480baf7d4f9ead0b666f4f825630322e95ca5f731c465e154762b33941dd66446ea2949ecd684efd775be645f632ec9115e", 0x2}, 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0) ioctl$auto(0x3, 0x541b, 0x10000000000402) sendmsg$auto_NL80211_CMD_SET_WIPHY(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="2400000e1260d99d301666b9b62ddb108c0000", @ANYBLOB="130026bd7000dddbdf250200000008000300", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x8880}, 0x20040894) r7 = epoll_create$auto(0x5a5d) epoll_ctl$auto(r7, 0x1, r0, 0x0) close_range$auto(r0, r6, 0x0) 2.868799757s ago: executing program 3 (id=5320): mmap$auto(0x1, 0x4002020009, 0x3, 0xeb1, 0xffffffffffffffff, 0xfffffffffffffffe) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/nfsd.export/channel\x00', 0x8f3b7a51b8162d21, 0x0) lsm_get_self_attr$auto(0x68, 0x0, &(0x7f0000000200)=0x206, 0x1) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000) socket(0x2, 0x3, 0x6) bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x1c, 0x4, 0xf, 0x63, 0x400, 0x0, 0x1, 0x80f0c8, 0x20, "38c1d5cbcb9f6b5e511f0cd8ed068f65", 0x0, 0x4, 0xffffffffffffffff, 0xe4, 0x6, 0x5, 0x8000000, 0x8, 0x0, 0x3, @attach_btf_obj_fd, 0x6, 0xffff, 0x8, 0x0, 0xfffffffe}, 0x44) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffbf, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x101000, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x7f, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x2, 0x1, 0x0) socketpair$auto(0x1e, 0x3, 0xfffffffe, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) syz_genetlink_get_family_id$auto_smc_pnetid(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_SMC_NETLINK_ENABLE_HS_LIMITATION(r0, 0x0, 0x0) 2.683394271s ago: executing program 0 (id=5321): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x286c82, 0x0) write$auto(r0, 0x0, 0x110000a3d9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/scsi/device_info\x00', 0x8002, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r1) r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), r1) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r1, &(0x7f0000002e40)={0x0, 0x0, &(0x7f0000002e00)={&(0x7f0000002d40)={0x14, r2, 0x8, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) ioctl$auto_SCSI_IOCTL_GET_IDLUN2(r3, 0x5382, &(0x7f0000000200)="47cce471099b4bb83b362ef025f6118b3a4af0bbf3a7496503d440734bf2f865573b6bec94e371d808b5633d856c2795520dc93742f5684ab176a07b6df1deb6c29111fd07c9fd6aab65a24f59a8f3bc0c4692bdc42ab76f04b7b24fc2b6dcab91ab3b36d68609f58c974d94f0c07929ca5179fd0e52b8c5342fbf8a4a031389fdc5a16d5abc8963b74467fcd067") r4 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) write$auto_seq_oss_f_ops_seq_oss(r5, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtd0ro\x00', 0x581001, 0x0) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/apparmor/exec\x00', 0x68000, 0x0) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x100, 0x0) pread64$auto(r6, 0x0, 0x40000000f42c, 0x2) read$auto_virtual_ncidev_fops_virtual_ncidev(r3, &(0x7f0000000080)=""/34, 0x22) r7 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r7, 0x107, 0x12, 0x0, 0x4) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000001c0), r4) 2.105965538s ago: executing program 3 (id=5322): r0 = semctl$auto_GETPID(0xfffffff4, 0x8, 0xb, 0x0) r1 = prctl$auto(0x7ff, 0x6f, r0, 0xffffffff, 0xc6fa) ioctl$auto_BLKTRACESETUP32(r1, 0xc0401273, &(0x7f0000000000)={"f7ff87f5d15e25e9ae8dd286046f0cd4f51c551fbebe436608fb18462fc964ed", 0x5, 0x4, 0xb8, 0x7, 0x10000000000000, r0}) read$auto_sc_seq_fops_netdebug(r1, &(0x7f0000000080)=""/7, 0x7) read$auto_proc_sessionid_operations_base(r1, &(0x7f00000000c0)=""/207, 0xcf) getsockopt$auto_SO_SNDLOWAT(r1, 0x1, 0x13, &(0x7f00000001c0)='j%\x00', &(0x7f0000000200)=0x80000001) madvise$auto(0xb9, 0x1, 0x4b57) r3 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) madvise$auto(0x8, 0x1ff80000, 0x3ff) writev$auto(r1, &(0x7f0000000340)={&(0x7f0000000240)="7d8c6ce0ccf88958b4459ef8a877bb396c88dc9cef8dac26ec2a68215a17bb733f6c64e7b656768b4039a87e2f8c4578d6788463c222b628d6486f1b6fedc5be5cb1f992b69a8c8f2dda40f67a00116352dbdf2aed6cf511cfe2fc7f8e321c478fbf3546e09f08bfc95495715a1d13fc9db341eb4a3e4336f9a1d9b9064169e49e728f4c930665ca91f6ac9822c9ace484f2be0cb10a8228fb81c4b342c7fc422c6a99347b815277e2757a8438d62205ef70bf428d9df0585668649e240100d57f03ec197ae3c0c9638b12fa1b94f6d71581d3e3fa07b9f815e7e1ce2f6142a75528b00d94", 0x1ff}, 0x0) select$auto(0x7f, &(0x7f0000000380)={[0x0, 0x0, 0x2, 0x4, 0x3a, 0x5, 0x8, 0x8, 0x8, 0xffffffffffffffff, 0x4, 0x200, 0xc, 0x3, 0x2, 0x1]}, &(0x7f0000000400)={[0x4, 0x1, 0x3ff, 0x3, 0x4b07, 0x6, 0xe7, 0x0, 0xc418, 0x8, 0x8, 0x646c, 0x81, 0x7, 0x3, 0x9]}, &(0x7f0000000480)={[0xff, 0x401, 0x7, 0x5, 0x9, 0x54e, 0xe0, 0xb, 0x691, 0xbb, 0x0, 0x4000000000000000, 0x2, 0xfe, 0x1000, 0x6]}, &(0x7f0000000500)={0xe8e4, 0x10001}) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x288000, 0x0) msgctl$auto_IPC_INFO(0xffff3e96, 0x3, &(0x7f0000000640)={{0x8000000, 0xffffffffffffffff, 0xee00, 0x8, 0x2, 0x435, 0x401}, &(0x7f00000005c0)=0x9, &(0x7f0000000600)=0xa, 0x9, 0xffffffff00000000, 0xa, 0x5, 0x4, 0x7, 0x7, 0x2, @raw=0x2, @raw=0x456}) shmctl$auto_SHM_STAT_ANY(0x3, 0xf, &(0x7f0000000800)={{0x401, 0xee01, 0x0, 0x8000, 0x3, 0x1000, 0xd}, 0x1, 0x3, 0x0, 0x3, @raw=0x5, @inferred=r2, 0xcb, 0x0, &(0x7f00000006c0)="2c4aa1ed045424fa8a5ba37b2da70b072d4e256e913b8c9564193ff2ba8417fb16666b0484422d6066084ea8faf2531606261078f140c8fb48205e411eade1674e05172b05bcb57d1d890d70dfe76ad693a54bfb8b5771d83c31a793388fcef8925fdfe75a8c96f330ef09ca85a6ccf4723be53560930f8586bacdb2ab7f408d71017441fc3f027d72acc7b915a9a86cbe2a0fbad5d330df59208baaf93372d658e911a6dda6ba0de2e934b01ba5bbda9bc39afde0e773", &(0x7f0000000780)="e0a22b81d291d9aa7626bf625b74dbaa4f9e6863499efc278798b07cfe9b580e8bda3dabf280058d534d42b2d215bbb8e41789347064f386632f48cb8ee19e2e63399fa116b1d464291e079bc5613223de0791e17d285f154521ef83ae"}) lstat$auto(&(0x7f0000000580)='./file0\x00', &(0x7f0000000880)={0x4c2, 0x3, 0x3, 0xa, r5, r6, 0x0, 0xbe, 0x7, 0xe7, 0xfffffffffffffe04, 0xfffffffffffeffff, 0x1000, 0x9, 0x4, 0x1}) madvise$auto(0x9, 0x3, 0x3) sendmsg$auto(r4, &(0x7f0000001b40)={&(0x7f0000000940)="b4a3d931909faf5d4e14103f1ab239a52cf1082dee3a6a4bafc27b1769c8028c1ea81f0551045841cb751b5b35852b93ef71a2e243231db13607bfd7b43cc0248553fb8c94a07f5790849848bc7e221e9b310195cda9ab413dd75ecd877345c2c170f1f9af08f1be394ff2425972b7daf98b36e64798c822020ef880c8ee07b3f70a2bd32cac9c464cfd5b70218a1a2c2d451b2f7ae63b153895a0471937c5db53f8b903bf8f5b1a447133738de4ce02312b3b5ff15094b894111139286596788f", 0x1, &(0x7f0000001a40)={&(0x7f0000000a40)="55df06ee8f3ce6422068b831f484dc22bbbf2f194ae09fda606a4c67bcffb40d7b01446ee13b99db5f6aac3358b6e471bcb84e7de65de0136dab7fbd63ec4332a16edcaa99d260dbf49593b6a89bc6c4b919958148139fad7b9a021f41517171c03a6c5831c44aad7dea3eb3326ca746e2a02117eb03481dfce181caadfab05682024a2f2514fc562ce7331b639811b6706bf2d45272530da5fc863c999e1d7c220cbe6197f8cb7c8f239d79ef9563c0ad90ee815bef2987c1454c90f005864d12c9cd53f9ce60d383b524069f82f4305ea33816dc98fd1561f637d436c0d6d9d392812f8dba23bcf6243bd6516906916b3195ce02c07851d0939ea9904dbc402dc18d38c3bda5046a11c6df68716d8bbf9792d8044bf5ca5aaa9d2995e80b3f52038abdfae90e0214ff0c63189064de2b829c09d0135e78e3f14b295bb8cb2993ab3cfdc125c8e2cbd69ce5f8af4b90140523c0089b64cbef61774e90d3b4382ff5674231b875c6f57cab1bf45103405a6529c11cc780e9d6031b3d6a598772910c63846ca4cd786f123966df9076afa1f00f862ae7c9a02f5d78d3cbc0e626c6b085a50df89e4515d3eac1a7e54ee0f8397587632417749c9474a2d23061d8db08c674adefde9b29a38870ada13b8d0cea7d09141e53b4ce0f49c486f61378c8a65fb738fa332f17f6c3e18078fdad37a01af4744f7c94aef0d343c70fa25583ad8a0786dcb90488b6db3771b350ca38ad8a7c3f77b5af2f3d3e727bafbe6ae62fb91cf230783be589258364ab20a0e0991dc282d63d06bb17be9bbf33d5d5119f1081d7d2448ab442e39cbd144ddd3accd4a1933ab59cfdb8be09c53020a06f1af4b3fceede8434a8926cd26df570f75e0eb222d193d53142e3681aa95e7e419ed40bfdb5a2df53833674f34ecb432ae0894ae14cb73a24eed09c5322c3181d7d9ba9588ac3be36c214206e9185a03f5b31cdb8aca619df17f22c1219570e1b6592a74baed1945eda47a70f79774379fc20b277f50cda7daa6d366a5df8bd905619a31e10747f9c012aad5d97ac84e3ba7ab2298b07d92b9e325d7f9ef41fbaf602b1ed3fcc0bb74b69c3d92ad050e6712fe6f6b0637a4ad446cb3cf80162940501834aa04a38645444ddf56fdf1d0d1f4595b4f046da311d5d5b443a84f33262c8aa7ca593332af7ee1004c5c44006a66e12414f23141d52ec73e97a547a9fc804975e383e1faec397267b32bbdf3801f2f8fff2b9382fd1d12854dead4773821c099c30d3a7d43da5fcf97e878a01dea8a41e5b2e86d09eac922cbf775eee66dd4b6fa92e8210c1d3c84b9eb2d71e413da345bc56b21fad10a5f423c9b496a79e63852d739b958b33e77d1559b1744427ae6ecb97a7987a18b20096eb094fdc808c56446e7bedb6114cc6e10c9aaea0dd438be7b1a3dd15d5f56d44be7334695f88aac8d11dac155fda42ce7eed59307d66d504b468a02bee3bf43a03ab59ade6dcd5d54b8d1ed244f36d78860e4c110f15a19e551947ae19cad409e8a7c36dd67d8fe81f5dd1f4feded342e8bc944c563cfaf83a4124fe3ab520a71b48ed91aef5effb54accbf88a5d2739458c282944440f14e86e5ded3512d53a9da20ef21ee529782d9fc1545535d4757e8ee191449fe0d9378fbf93d8652fce54992a115f7f7663e6e2c9b43a6aa6799cb22ac207708525462b3acecb98f96c3f22f212f53a9223418a5ab21ae312e993c113a459c0341902a5de79f34d91dc949b50484f246411abea2aceee0c00cbd915e9d92662d90d7f926abd53646f8af92a17494936ce4ea6e766f1364387f2e4fecf6636183550e1b0359f4171f399dc9952ecd7c814a6981343e8d3fdb56c7e7ca8795f5dd1e2afc8388b08af516636166565b52d26161ef21b725b7662818dcb623e1f000997c14bfc03527d7cc862a3b396fe437cc604f18d8dc114e0f0f701b91d77a5a553769e8012c4c756289cd99229ad8fe4594d4dc2a1cb2b82b457abc25487d3d66f525fbc1faf9a705969b1f0a93bc145730d6286ada3dd2af40e5b409824a0cf9a770335b52824e4faf43c7a2f5a66a9c345f4efd2f546cbb44c7823e50bf52d4b5b705c2bdb6fc1bf31074430aef6f108c0d7e28476eccc19679679f8ec6e8092977c89d7611bcb782ac87cc624960c089090533d869f032261176c55ed8ff32501c59577962a6751a77aa56dcabc45a8ec773b6887bf874d4b50de799a4594ab4e318d5b9ad493a175ce582905b5a23f5e9c7f49d8cf905e00e4b742a94015d7b9fc07f068c9bb21f4c234c2c7cac8dbb56e615bde944cfab5bcd430fcd348302ea41d7cc9b64fe39b50afa0f94d7af1e09470c5063140dc37e9eba13f4f2e3a7395fbdc6c9f346a5c1b1898d217bbf6cd2353bafd83dd5916fefe47e536ba7fb53160c163c384463cfcecef8d139c234643fcc0124f5e29871c66bf73697b9132a2e124e5ca8168575a6a41cb346d5aeb1dc4b261afe4404d129889cf8ecf28977f6abbe9a5ba20b291a8d87863d166756030c4420794682b548b8337a9bb5234cb5f1fd67f0c4344542a619080b235af5b78af5aa914fb12bb1fff2effd5484dcaf12eb6189b1ce89c992e9eff563f9679ff7c679ba06db75ea77f8bdfc322d2c85ad3ad475a8988172e0079788fbbbf20ed3d34f0bc9f1fc4296bdafc1baa8beb0da3cdd12e299408a8abf9117ae144728cf0797f22cd5f44c90efdcb302aba181f7975579776f39c4fa0cf65654c2c8e075752cf20c136be5a3899dcaf7d41c927a638794c3ffcc995fc8b62fdbe7043bf22d644b47b48f6196494336712c1c755c0876978fa031946134f58c3c8def544ad4f677fd91319aef214a1a4c0baa73d744cd1094ef13ebcd44a1402dc8a1e2d0e981499c97cf22acd7947fd4969aa1558e8270289a4a684e6eae06d0047239d5466a13458bb67393557bdcb0ea50c87531e1c68460257ebcef520079520304e671b823102b36295859c1e92eebb205161973314ca363325cc1597e854b22606e073b16abba1f56d1b8f6c9d9081549784689b41641ac432f32720a50721c7539462551e7a79738243f18ebdc912d2cd27c40d20989cb86dcfc3a00a8ec73962f84905b6985aaadff8e1e53d1f48347f70210ef115846a81210361b764eba225063a847402fbd0fa92d0d3932c638dbf89d8252750ccf79613b20f2447a6328d5cf2c745afe4eeba85627d92365ddad1b14c84d1dbf42cb2810ad09772e40d623af8292b1f4cef85a20a0593b80eebe090d11d5ad6c668e1b8e0156b448c656a28a747518aa50a66f74f65729fa32948831fe70a8bb326a9046ac418b62b6abee803035cb6589ae0bb5dc4489f158aeb380cd6a3e3945b3b0ee86e84074eebe494682c9b3f1ec1b75c76d0e91d1f1245dc607ff4ae10cb57fd9b42a14decfa04f12e7c97541f3ac460f2fd68f3d212f60aadfd72071712a1204248cd5343124e35c2657bd7f64437f9af87c2dd56220d1040a38f3faf89ab587170a0fd3f3672b360deae10d9add65b1d1e0b4250f945f3d769ad090aa37cf4a34ab4d79eef7e3908fbf38794950594dee23ade60c6ac02b38a3e394b338e8aebc8cabfc5653224816d45089a4e644b5db94dd93c0cb39ab4446927e9e2eb100407c304fcce0db6d48599a2cce0cd76eb48282c0be226f291204254a3eb1eb550132e5194e8d698ea9fc01da56219bea60f85d25e69df0bba0d524ef5156e2bcf5fa1d3be4298844ca69f1fd6be28b555e6b7eeb26444cdbb6bb540e5a3a7a13de3d13140bd67ab7e94d7b0164901aeba67504759734e230e97c399ab0b08b981fa9289232179118cde002569ad983e3fd43688749473e569d62fb10a1c104c9097db75035c0380c1aa5f30341da43bc50f012251d6bbda4fa242c8d50ba1fd7cc3252d0aa38ea848f5e4277c8de66d826014c6a96c16434629938f400164c934e9700218c3bef5076a2298e32a2c706f29e713f345d653327282ca721b7067ad141e397b6112ee1f294664f8e374bbe497342791bc57e6dbfcd6659962f37f861090ce5e983e18bad7cf26425e718132e24a8b2b6699221cbc7ab54a57e3248e3d816ae0c0a3d735e52c9e3d7ab779306318b0be9ed36aa2a67c6688b87709cbc02a44541d8dec140cf65b4b4c9af707b083755a8940879388208ad7bf4e6c72d21e7cb2175c52266a4d1b338cc6657eca9aa8130f5986e730c29481a5bb81adc4dc85745828dc1205164e72c179861d7ab4fa8849396300b5586ffc8b1a407d675ced1c56c8ea57e6f66203996c94fae4b6f84000ae3ba5bafcfb3a1dae29b64fb457d8f8a1d9a8c2008ad378fa1450f6c6c72426d3fe9996a9d2228e839de01026264965f93631e0825c7749778e86b9566e33c154ea58cd32510874d71706986fd2160ff560e1ce846afa9ef6d262c0eff0950a9bf2a2f8101b59d1e95c49fda210f15d8a1a8f62c41504afa340dddc16bd76945b581c9e0d1581298bbc81f467157fcc54a7f03b494947552f6351f3ed36267b0f1e0c566199466901eb0b3501185d30212b2653a6c6ecf17df57bf8a47ce59123175f78b94231a2b796c5209d59eaac94a52d874f9953a95a116764b38fe9b825e447c745fbf11a63b66aefabf5b8eff5b7f8d8666eb9fd39d5a7ceaeb5616b79d6811a80a16d0b53ed8e8d6eda19b9123b1aa6df66a8d35cedfeecd828ec4cde0bafd7730ba6e4c58bab2b6cca2427a694a8f9c7ddefc6c948ace23378fd054049d873a958671846f351ace66112c2699ddf3cf5afdfefe25a781b5f193e2d533c89755ec46c5f682abbd3c208b35300a25cc491f4458541588630109655c7b1bc8d122c373074165054fc16921f89827b82630306f9f5e56f53b51bf8d1d7b330a3c6a0e2ab3bd5b573e1c24cce6493caf6dc7ca3f8b8ea34ce55c02c7ef6533ee7a108f01ecf150c32fd62843d896958fc8b17f7bde81be8f9ded15cf7bd17364caaeed752cab325d291a807ac76a53af03d2291488c126b66ee64067ef977884019623d2e0869aca7c64b61cdbdbda041cf36b32e3470d1b7293581e97240f96bdd3a600c645409b2da724d811428f010c525e6cd1f6ae2056026f4135e8aa74a0169c3680a0747af08cf4fcec5ef9830cfd6acf1d4ad41d808a42661c0fd0f57dc3830cd8d1998a92d723811e006fbfe8aff323c6773b821829ae72e875299390596b382c8222268ac5759fc4efee29d106ea480a8029d09ab6b49547373db49b5b40b7ad10dec07c3873208c63794ff28319a81a20d387663d257566a5636c207f7d675e11534317065b28a0911e3a0acb60c9fc110f2e849bad91898e286f70aa1982048a49cdc60f350284c65087195f3352d812d0519bfc7ce82bc95b19051d769fa49771da06806c136a0249ddbe7df4f2facfde5a44c4331f2f0d41c18fa126756e5ca36f25583202e7d186e81ba768d0a6675bb6e656a5c06a6f870b855c1170030d6d5d2b155dee30816837fb07023c1a2dfaf155ebe30bb479c70b2b07144b844c23ccf46e2bde073fc18b53743e103297b178582565e84efebb6d27295a61601f21fe38d4cbf0ed41bfb9301e2867a4c11cf049b24545f3c97d7564668d6bdc79b5449f00c7e0bbe1053173f6494fb5d2b860767dcc6605b03c10a5dec9dfae9ccc90b396b86ab570cb2fa53fb3c5bb73a9b644106bb793bc59ef5cde3e781b61264effedcda629b1465e9fa109a8e06b8f852f859c427dc7d09cf11789e7003", 0x2}, 0x2, &(0x7f0000001a80)="0df5d021e57d4573619585b88adf0b3ee4d7fd1f44b830e207d080bb5c49d1a830f1cf5071cdc314c3b17bde45b465186f92c958be8c474d176d16d3abe0e9aedbe609a3139b3dc336b7d4d75b91569ce1ee9e2b2b4e867561bf8cee78e7dd40e9649f7829167a6504c8cc30216d67f5f0984f4557332df2f8cfd873ace0fb7cf85862c681e4f87f0981601d99", 0xff}, 0x4) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000001b80), 0x1590c0, 0x0) mount_setattr$auto(r1, &(0x7f0000001bc0)='./file0\x00', 0xffffffff, &(0x7f0000001c00)={0x1, 0x3, 0x5, @inferred=r3}, 0x8) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x3eab, 0x3, 0x5) openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000001c40), 0x4c642, 0x0) ioctl$auto_FS_IOC_SETFSLABEL(r3, 0x41009432, &(0x7f0000001c80)="2f37a07a9de0e9199de240db4ac91218f40eaa230714dac7444e25fb0ca4c04a85c4a50715e6efd3695c713b8544e1521a313ca5c9f8ee75fcf86d3d7c311d4b2910f3d2b892b27cc39400d75251ba85435f09cfe825f64a498fee226c7ea2b6ba13a2925c54d57e6b1c98513d0f59939c56b7aad4e86569331cfb176d1f86ed6f30aa1f9605a63bb6bf87771770ab9e6da6d8ba3fabf6e13b22839f7331725c9d2b7c570bd823dd931d2974e0afa62bf78c857c98652f6e29f984479a1881cb174dde3e6c10fa3fa04f75a9163b302b2bd99c0b1cd953ee5f298e9c7f3201e89722fb2697a08bbd8e217bda1e9ea6e30d4647e66f40deb90d3b479d8fc13f22") openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000001d80)='/dev/ptyy1\x00', 0x80000, 0x0) r8 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000001dc0), 0x101000, 0x0) ioctl$auto_TUNSETVNETHDRSZ(r8, 0x400454d8, &(0x7f0000001e00)) read$auto_proc_iter_file_ops_compat_inode(r7, &(0x7f0000001e40)=""/38, 0x26) r9 = openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000001e80)='/sys/kernel/debug/tracing/error_log\x00', 0x410000, 0x0) getsockopt$auto_SO_SNDTIMEO_NEW(r9, 0x9, 0x43, &(0x7f0000001ec0)='--\x00', &(0x7f0000001f00)=0x4) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001f40), r1) 2.046308936s ago: executing program 0 (id=5323): adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0x100, 0xb832, 0x3, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000002, 0x10000}, 0x5, 0x31, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x80002, 0x0) lseek$auto(r0, 0x5, 0x7) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) futex_waitv$auto(0x0, 0x1, 0x0, &(0x7f0000000340)={0x92, 0x6}, 0x0) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x48c03, 0x0) mmap$auto(0x2, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x7fff) r3 = open_tree$auto(0xffffffffffffff9c, &(0x7f0000001100)='./cgroup\x00', 0x1) read$auto_snd_pcm_f_ops_pcm1(r3, &(0x7f0000000640)=""/220, 0xdc) mq_notify$auto(r0, &(0x7f00000003c0)={@sival_ptr=&(0x7f0000000740)="d8f67715426cda6ef135a17ea4bc606e3c96f728d70d4534b5fd8805df8a7cead6086adbbfe51bff3e99c3b25a3b4c8bbe8cbf57e164d3895a729f3528f0624b23b6cf19773d1d8f60b2edb65dc300d9c9a16267668efb85483aa75b4a29b1f5776510a14fc505ec2f492cc038396d314ae6f9b05de26771cd1470b60b12d304537900576af31c05dcef8cd8b9025a530333bad2192206e8651792", @inferred=r2, 0x1, @_sigev_thread={&(0x7f0000000380)=&(0x7f0000000300)=0xe, &(0x7f0000000800)="31be07f9160f8c759d712912eccfef39a3392625cd8d12289656edc13e9881afe308ca5c1d213345fd63ea4bc162a162fd015cd86df05f4165a81e9310dda0de1ce597bdcd4bf380a0733fe7e2a4233df309714017e18f97a6d0114bb93d3204e9a164453a68b4796397195f0981bcf1aa74e52b2a078eb736d47f786b6671699904c9d2421889ecfcdd8f8538b9d0a348c6b8442b83bee0821941a3ce3c405f4fe23993e8a442fe4695cd"}}) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20540, 0x0) r5 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x0, 0x0) r6 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@token_create={0x74, r0}, 0xf) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000ac0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000a80)={&(0x7f0000000b00)=ANY=[@ANYBLOB="48010000", @ANYRES16=0x0, @ANYBLOB="00004000000000a155ea7851c2f92d55a7e1101b667c5724c7a76de1890723fce4", @ANYRES32=0x0, @ANYBLOB="78000180140002007465616d5f736c6176655f3000000000140002006970766c616e3000000000000000000014000200766972745f776966693000000000000008000100", @ANYRES32=0x0, @ANYBLOB="140002007663616e30000000000000000000000014000200766c616e300000000000000000000000080003004000000040000180080003000900000008000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468305f766972745f776966690008000100", @ANYRES32=0x0, @ANYBLOB="0800030001000000080003000700000018000180140002006970766c616e3000000000000000000014000180080003000ddf000008000100", @ANYRES32=r7, @ANYBLOB="4400018014000200767863616e3100000000000000000000080003006200000008000300c0000000140002007465616d5f736c6176655f30000000000800030009000000"], 0x148}}, 0x0) ioctl$auto_FUSE_DEV_IOC_BACKING_CLOSE(r5, 0x4004e502, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f00000001c0), 0x250002, 0x0) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x5420, 0x38) ioctl$auto(r4, 0x100, r5) io_setup$auto(0x7ffe, &(0x7f0000000000)) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000600)='/sys/devices/virtual/net/nr11/queues/rx-0/rps_flow_cnt\x00', 0x20681, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r8 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x82741, 0x0) read$auto(r8, 0x0, 0x1400) sendto$auto(0xffffffffffffffff, 0x0, 0x402, 0xacf8, 0x0, 0x1b) 1.886706844s ago: executing program 1 (id=5324): close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = prctl$auto(0x39, 0x1, 0x0, 0x4, 0x10004) sync_file_range$auto(r0, 0xfffffffffffffff1, 0xa, 0x1) getsockopt$auto(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), 0xffffffffffffffff) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/vmallocinfo\x00', 0x502, 0x0) pread64$auto(r1, &(0x7f0000000340)='/proc/Nes\x00'/22, 0x100000001, 0x100) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) ustat$auto(0x801, 0x0) keyctl$auto(0xa, 0xfffffffffffffffd, 0x2, 0x628, 0xfffffffffffffffd) rt_sigqueueinfo$auto(0x0, 0x9ff, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000140), r3) sendmsg$auto_OVS_VPORT_CMD_SET(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x20, r4, 0xdffe7dec83bbd25b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_VPORT_ATTR_OPTIONS={0x4}, @OVS_VPORT_ATTR_IFINDEX={0x8}]}, 0x20}}, 0x4004094) sendmsg$auto_OVS_VPORT_CMD_SET(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x150, r4, 0x8, 0x70bd26, 0x25dfdbfb, {}, [@OVS_VPORT_ATTR_OPTIONS={0x136, 0x4, 0x0, 0x1, [@nested={0x10a, 0xa, 0x0, 0x1, [@generic, @typed={0x14, 0x69, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x22}}, @generic="e5ecc9c619487121d979a80a02db359d522fb9ce73b19e1b283bd4329ed1d9faf1ad042bb48b6d61cc26316594f74afc0a788430511733c142be0d85b4d58de397eca6d2e3d783bb8eef363055fbe282b29f424e70c753c73e80cbe4915cd00cf9f9779112459a4c5418a92c9170d3891c0248304a3d44b97ca38d8cc0d344b742782d000633f936b5b24c6ccb7a84f98a8206eb092b6f117c286085c256746cb67292bdeb8d7ee6eff22f3004a9bef69a45c6b148cccb02d5ac1e34e4b7185db9c9222af0123ccbb4dd1535d88e7f5c92aacf72bb559b418abfc66f4a46e89f8b87cad5343b1de0dbee4bd461634a4a47fb"]}, @generic="c9f0a4b6e2db92d4ee02ca85d21e9466fdfc2d92f98161cfeffc3fe292ee00aab1a20a69e64b"]}, @OVS_VPORT_ATTR_NAME={0x4}]}, 0x150}, 0x1, 0x0, 0x0, 0x40800}, 0x20000051) socket$nl_generic(0x10, 0x3, 0x10) 1.61856409s ago: executing program 3 (id=5325): alarm$auto(0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, 0x0, 0x4000800) mmap$auto(0x0, 0x22009, 0x4000000000df, 0xeb1, 0x401, 0x1) socket(0x9, 0x3, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r1 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/pci0000:00/0000:00:01.1/ata1/link1/dev1.1/ata_device/dev1.1/id\x00', 0x230240, 0x0) read$auto(r3, &(0x7f0000000240)='/\x00', 0x100000001) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(0x3, 0x0, 0xfffffffffffffff7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x8800) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x5cb01, 0x0) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x8183, 0x0) writev$auto(0x3, 0x0, 0x8) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000180), 0x20c00, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mincore$auto(0x1000, 0x8001, 0x0) read$auto(0x3, 0x0, 0x80) bpf$auto(0x180, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) mmap$auto(0x0, 0x1, 0x20004000000000df, 0xeb1, r1, 0x5) unshare$auto(0x40000080) socket(0x12, 0x4, 0x440a) 1.492925402s ago: executing program 0 (id=5326): r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x12}}, 0x54) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$'], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x5, 0x0, 0x1, 0x0, 0xffff0000, 0x9}, 0x7}, 0x3, 0x10000) 1.328349762s ago: executing program 0 (id=5327): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x29, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) shmctl$auto_IPC_STAT(0x1, 0x2, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x408, 0x3, 0x20000000eb1, 0x401, 0x4000008000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x105c0, 0x0) add_key$auto(&(0x7f0000000000)='\x00', 0x0, &(0x7f0000000240), 0x2, 0x31f) madvise$auto(0x0, 0xffffffffffff0005, 0x17) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) r0 = fcntl$auto(0x3, 0x4, 0xa553) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vbi29\x00', 0xd4200, 0x0) read$auto_v4l2_fops_v4l2_dev(r2, &(0x7f00000001c0)=""/191, 0x1f8) sendmmsg$auto(r0, 0x0, 0x20012, 0xa) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000240), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0x18, r1, 0x8002) socket(0x11, 0x3, 0x9) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) 856.882833ms ago: executing program 2 (id=5328): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x80081270, 0x0) 751.226105ms ago: executing program 1 (id=5329): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop10\x00', 0x8081, 0x0) close_range$auto(0x2, 0x8, 0x0) 699.047099ms ago: executing program 2 (id=5330): mmap$auto(0x1, 0x4002020009, 0x3, 0xeb1, 0xffffffffffffffff, 0xfffffffffffffffe) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/nfsd.export/channel\x00', 0x8f3b7a51b8162d21, 0x0) lsm_get_self_attr$auto(0x68, 0x0, &(0x7f0000000200)=0x206, 0x1) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000) socket(0x2, 0x3, 0x6) bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x1c, 0x4, 0xf, 0x63, 0x400, 0x0, 0x1, 0x80f0c8, 0x20, "38c1d5cbcb9f6b5e511f0cd8ed068f65", 0x0, 0x4, 0xffffffffffffffff, 0xe4, 0x6, 0x5, 0x8000000, 0x8, 0x0, 0x3, @attach_btf_obj_fd, 0x6, 0xffff, 0x8, 0x0, 0xfffffffe}, 0x44) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffbf, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x101000, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x7f, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x2, 0x1, 0x0) socketpair$auto(0x1e, 0x3, 0xfffffffe, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) syz_genetlink_get_family_id$auto_smc_pnetid(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_SMC_NETLINK_ENABLE_HS_LIMITATION(r0, 0x0, 0x0) 488.779971ms ago: executing program 1 (id=5331): mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)='5', 0x1) timerfd_create$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = socket(0x1d, 0x2, 0x6) setsockopt$auto(r1, 0x6a, 0x5, 0x0, 0x3) close_range$auto(0x2, 0x8000, 0x0) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x6, 0x50b301a, 0x2c, 0x2c, 0x0, 0x2}) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') acct$auto(0x0) 94.963766ms ago: executing program 1 (id=5332): landlock_restrict_self$auto(0xffffffffffffffff, 0x2) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x23, @loopback}, 0x51) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim0/del_port\x00', 0xa001, 0x0) r1 = socket(0x2, 0x801, 0x100) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) sendfile$auto(r1, r2, 0x0, 0x7fffe000) write$auto(r0, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85K /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000240)=""/255, 0xff) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) recvmmsg$auto(0x3, 0x0, 0x10400, 0xfffffffe, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x101, 0x7000007) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r3, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x810) prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(r4, 0x80045017, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, 0x0, 0x110c00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@buf=&(0x7f0000000140)="76d2ff96a4080ce95e336b1c317d9e73b1e177", 0x800c000, 0x4800c000, 0x800c000}, 0x4) close_range$auto(0x2, r2, 0x0) socket(0x10, 0x3, 0x6) 0s ago: executing program 2 (id=5333): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/auth.unix.ip/flush\x00', 0x2000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x3, 0x0) r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) close_range$auto(r0, 0x8, 0x4) bpf$auto(0x800000000000001d, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/devices/virtual/ptp/ptp0/n_vclocks\x00', 0x8502, 0x0) write$auto(r1, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x14\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) open(0x0, 0x22240, 0x155) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) shutdown$auto(0x200000003, 0x2) listen$auto(0x3, 0x81) close_range$auto(0x2, 0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) kernel console output (not intermixed with test programs): 518] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1425.221901][T25518] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1425.278962][T25518] CPU0 is offline. [ 1425.492461][T25533] Invalid ELF header magic: != ELF [ 1425.881870][T25537] Invalid ELF header magic: != ELF [ 1426.323093][T25545] sctp: [Deprecated]: syz.1.4558 (pid 25545) Use of int in max_burst socket option deprecated. [ 1426.323093][T25545] Use struct sctp_assoc_value instead [ 1426.654015][T25550] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1426.855052][T25552] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1426.887483][T19437] Bluetooth: hci4: command 0x0c1a tx timeout [ 1427.195776][T19437] Bluetooth: hci2: command 0x0c1a tx timeout [ 1427.201803][T19437] Bluetooth: hci0: command 0x0c1a tx timeout [ 1427.275653][T25558] Bluetooth: hci1: command 0x0c1a tx timeout [ 1428.018584][T25566] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1428.313868][T25571] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1428.844658][T25586] Invalid ELF header magic: != ELF [ 1428.910424][T25587] Invalid ELF header magic: != ELF [ 1429.093355][T25579] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1429.116089][T25579] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1429.140376][T25579] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1429.150457][T25588] Invalid ELF header magic: != ELF [ 1429.173126][T25579] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1429.201753][T25579] CPU0 is offline. [ 1430.875909][T25558] Bluetooth: hci4: command 0x0c1a tx timeout [ 1431.197109][T14514] Bluetooth: hci2: command 0x0c1a tx timeout [ 1431.203376][T14514] Bluetooth: hci0: command 0x0c1a tx timeout [ 1431.209634][T25558] Bluetooth: hci1: command 0x0c1a tx timeout [ 1432.988086][T25641] Invalid ELF header magic: != ELF [ 1435.223998][T25660] Invalid ELF header magic: != ELF [ 1436.292241][T25671] Invalid ELF header magic: != ELF [ 1436.944301][T25684] Invalid ELF header magic: != ELF [ 1437.710223][T25690] Invalid ELF header magic: != ELF [ 1438.507533][T25696] Invalid ELF header magic: != ELF [ 1439.851218][T25717] Invalid ELF header magic: != ELF [ 1440.718877][T25731] Invalid ELF header magic: != ELF [ 1441.186145][T25736] Invalid ELF header magic: != ELF [ 1442.037009][T25751] Invalid ELF header magic: != ELF [ 1442.266438][T25756] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1443.307329][T25778] Invalid ELF header magic: != ELF [ 1443.512899][T25767] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1443.535027][T25767] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1443.561991][T25767] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1443.580924][T25767] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1443.603183][T25767] CPU0 is offline. [ 1443.874753][T25785] Invalid ELF header magic: != ELF [ 1444.302411][T25791] Invalid ELF header magic: != ELF [ 1444.320254][T25795] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1445.197096][T25620] Bluetooth: hci4: command 0x0c1a tx timeout [ 1445.222481][T25815] Invalid ELF header magic: != ELF [ 1445.596871][T25620] Bluetooth: hci1: command 0x0c1a tx timeout [ 1445.602976][T25620] Bluetooth: hci2: command 0x0c1a tx timeout [ 1445.610618][T19437] Bluetooth: hci0: command 0x0c1a tx timeout [ 1446.168108][T25830] Invalid ELF header magic: != ELF [ 1446.223047][T25836] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1446.656895][T25843] Invalid ELF header magic: != ELF [ 1446.769686][T25846] 0x000200000001-0xa29656a63616329 : "" [ 1446.775264][T25846] mtd: partition "" is out of reach -- disabled [ 1446.856917][T25846] ftl_cs: FTL header not found. [ 1447.063805][T25849] ERROR: Out of memory at tomoyo_memory_ok. [ 1447.977410][T25867] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1448.819592][T25881] 0x000200000001-0xa29656a63616329 : "" [ 1448.861860][T25881] mtd: partition "" is out of reach -- disabled [ 1448.910774][T25881] ftl_cs: FTL header not found. [ 1449.167447][T25886] ERROR: Out of memory at tomoyo_memory_ok. [ 1449.303440][T25887] Invalid ELF header magic: != ELF [ 1450.902882][T25917] Invalid ELF header magic: != ELF [ 1451.726889][T25924] 0x000200000001-0xa29656a63616329 : "" [ 1451.774415][T25924] mtd: partition "" is out of reach -- disabled [ 1451.854786][T25924] ftl_cs: FTL header not found. [ 1452.058057][T25927] ERROR: Out of memory at tomoyo_memory_ok. [ 1452.743159][T25943] Invalid ELF header magic: != ELF [ 1454.572864][T25963] sctp: [Deprecated]: syz.2.4673 (pid 25963) Use of int in max_burst socket option deprecated. [ 1454.572864][T25963] Use struct sctp_assoc_value instead [ 1454.818400][T25964] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1455.190705][T25970] 0x000200000001-0xa29656a63616329 : "" [ 1455.214544][T25970] mtd: partition "" is out of reach -- disabled [ 1455.263112][T25970] ftl_cs: FTL header not found. [ 1455.492542][T25972] ERROR: Out of memory at tomoyo_memory_ok. [ 1455.719275][T25975] Invalid ELF header magic: != ELF [ 1456.466491][T25979] Invalid ELF header magic: != ELF [ 1458.070071][T26010] Invalid ELF header magic: != ELF [ 1461.339496][T26054] Invalid ELF header magic: != ELF [ 1462.853642][T26069] 0x000200000001-0xa29656a63616329 : "" [ 1462.890461][T26069] mtd: partition "" is out of reach -- disabled [ 1462.932853][T26069] ftl_cs: FTL header not found. [ 1463.191679][T26070] ERROR: Out of memory at tomoyo_memory_ok. [ 1464.561721][T26097] Invalid ELF header magic: != ELF [ 1465.130722][T26107] 0x000200000001-0xa29656a63616329 : "" [ 1465.177852][T26107] mtd: partition "" is out of reach -- disabled [ 1465.247884][T26107] ftl_cs: FTL header not found. [ 1465.457108][T26111] ERROR: Out of memory at tomoyo_memory_ok. [ 1465.868531][T26116] ERROR: Out of memory at tomoyo_memory_ok. [ 1467.080856][T26129] 0x000200000001-0xa29656a63616329 : "" [ 1467.152005][T26129] mtd: partition "" is out of reach -- disabled [ 1467.252302][T26129] ftl_cs: FTL header not found. [ 1467.313479][T26133] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 3, inode_bitmap = 140 [ 1467.465698][T26135] ERROR: Out of memory at tomoyo_memory_ok. [ 1468.571027][T25620] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1468.588452][T25620] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1468.599168][T25620] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1468.617139][T25620] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1468.624995][T25620] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1469.410770][T26161] Invalid ELF header magic: != ELF [ 1469.507376][T26160] 0x000200000001-0xa29656a63616329 : "" [ 1469.662976][T26160] mtd: partition "" is out of reach -- disabled [ 1469.741894][T26160] ftl_cs: FTL header not found. [ 1469.956620][T26167] ERROR: Out of memory at tomoyo_memory_ok. [ 1470.725154][T25620] Bluetooth: hci3: command tx timeout [ 1470.991558][T26156] chnl_net:caif_netlink_parms(): no params data found [ 1471.860277][T26154] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1472.254720][T26154] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1472.296014][T26200] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1472.364297][T26199] 0x000200000001-0xa29656a63616329 : "" [ 1472.415442][T26199] mtd: partition "" is out of reach -- disabled [ 1472.471477][T26156] bridge0: port 1(bridge_slave_0) entered blocking state [ 1472.513254][T26199] ftl_cs: FTL header not found. [ 1472.525170][T26156] bridge0: port 1(bridge_slave_0) entered disabled state [ 1472.572737][T26156] bridge_slave_0: entered allmulticast mode [ 1472.616469][T26156] bridge_slave_0: entered promiscuous mode [ 1472.712012][T26203] ERROR: Out of memory at tomoyo_memory_ok. [ 1472.803565][T25620] Bluetooth: hci3: command tx timeout [ 1472.937331][T26194] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1473.042127][T26154] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1473.145180][T26156] bridge0: port 2(bridge_slave_1) entered blocking state [ 1473.194981][T26156] bridge0: port 2(bridge_slave_1) entered disabled state [ 1473.238340][T26156] bridge_slave_1: entered allmulticast mode [ 1473.291443][T26156] bridge_slave_1: entered promiscuous mode [ 1473.308367][T26210] Invalid ELF header magic: != ELF [ 1473.682264][T26154] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1473.968751][T26154] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1474.029580][T26156] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1474.080031][T26156] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1474.418467][T26156] team0: Port device team_slave_0 added [ 1474.471772][T26156] team0: Port device team_slave_1 added [ 1474.730963][T26156] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1474.771171][T26156] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1474.876818][T25620] Bluetooth: hci3: command tx timeout [ 1474.905132][T26156] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1474.957045][T26156] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1474.993977][T26156] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1475.019921][ C1] vkms_vblank_simulate: vblank timer overrun [ 1475.146718][T26156] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1475.270629][T26154] bridge_slave_1: left allmulticast mode [ 1475.300560][T26154] bridge_slave_1: left promiscuous mode [ 1475.348626][T26154] bridge0: port 2(bridge_slave_1) entered disabled state [ 1475.468188][T26154] bridge_slave_0: left allmulticast mode [ 1475.473858][T26154] bridge_slave_0: left promiscuous mode [ 1475.526724][T26154] bridge0: port 1(bridge_slave_0) entered disabled state [ 1475.977619][T26258] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1476.150126][T26263] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1476.433841][T26154] erspan0 (unregistering): left allmulticast mode [ 1476.957204][T25620] Bluetooth: hci3: command tx timeout [ 1476.964942][T26154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1476.995641][T26154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1477.030784][T26154] bond0 (unregistering): Released all slaves [ 1477.338785][T26156] hsr_slave_0: entered promiscuous mode [ 1477.372468][T26156] hsr_slave_1: entered promiscuous mode [ 1477.399057][T26156] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1477.432828][T26273] sctp: [Deprecated]: syz.1.4751 (pid 26273) Use of int in max_burst socket option deprecated. [ 1477.432828][T26273] Use struct sctp_assoc_value instead [ 1477.467829][T26156] Cannot create hsr debugfs directory [ 1477.744220][T26280] Invalid ELF header magic: != ELF [ 1478.264952][T26154] hsr_slave_0: left promiscuous mode [ 1478.301549][T26154] hsr_slave_1: left promiscuous mode [ 1478.324792][T26154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1478.370056][T26154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1478.426644][T26287] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1478.440486][T26287] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1478.470189][T26154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1478.485651][T26287] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1478.512746][T26287] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1478.520971][T26154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1478.550995][T26287] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1478.571059][T26299] Invalid ELF header magic: != ELF [ 1478.610019][T26287] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1478.669175][T26287] CPU0 is offline. [ 1480.037815][T26154] team0 (unregistering): Port device team_slave_1 removed [ 1480.203993][T26154] team0 (unregistering): Port device team_slave_0 removed [ 1480.227921][T26326] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1480.236543][T25620] Bluetooth: hci4: command 0x0c1a tx timeout [ 1480.440008][T26326] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1480.477064][T25620] Bluetooth: hci0: command 0x0c1a tx timeout [ 1480.556650][T25620] Bluetooth: hci3: command 0x0c1a tx timeout [ 1480.562696][T25620] Bluetooth: hci2: command 0x0c1a tx timeout [ 1481.560059][T26337] 0x000200000001-0xa29656a63616329 : "" [ 1481.589725][T26337] mtd: partition "" is out of reach -- disabled [ 1481.660602][T26337] ftl_cs: FTL header not found. [ 1481.930720][T26341] ERROR: Out of memory at tomoyo_memory_ok. [ 1482.637607][T25620] Bluetooth: hci3: command 0x0c1a tx timeout [ 1482.718116][T26348] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1482.748522][T26348] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1482.824132][T26348] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1482.875708][T26348] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1482.881679][T26348] CPU0 is offline. [ 1482.938535][T26365] 0x000200000001-0xa29656a63616329 : "" [ 1482.944106][T26365] mtd: partition "" is out of reach -- disabled [ 1483.054826][T26365] ftl_cs: FTL header not found. [ 1483.143805][T26156] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1483.272878][T26156] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1483.308115][T26373] ERROR: Out of memory at tomoyo_memory_ok. [ 1483.355181][T26156] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1483.461349][T26156] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1483.859017][T26383] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1483.908239][T26156] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1484.020294][T26156] 8021q: adding VLAN 0 to HW filter on device team0 [ 1484.109170][T10673] bridge0: port 1(bridge_slave_0) entered blocking state [ 1484.116345][T10673] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1484.149337][T26390] sctp: [Deprecated]: syz.1.4771 (pid 26390) Use of int in max_burst socket option deprecated. [ 1484.149337][T26390] Use struct sctp_assoc_value instead [ 1484.204227][T10673] bridge0: port 2(bridge_slave_1) entered blocking state [ 1484.211384][T10673] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1484.244120][T26388] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1484.337494][T26387] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1484.411313][T26156] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1484.640976][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.650313][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1484.795483][T19437] Bluetooth: hci0: command 0x0c1a tx timeout [ 1484.803056][T25620] Bluetooth: hci4: command 0x0c1a tx timeout [ 1484.878679][T25620] Bluetooth: hci2: command 0x0c1a tx timeout [ 1484.955622][T25620] Bluetooth: hci3: command 0x0c1a tx timeout [ 1485.188592][T26156] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1485.354927][T26156] veth0_vlan: entered promiscuous mode [ 1485.428885][T26156] veth1_vlan: entered promiscuous mode [ 1485.590941][T26156] veth0_macvtap: entered promiscuous mode [ 1485.658366][T26156] veth1_macvtap: entered promiscuous mode [ 1485.744578][T26156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1485.817668][T26156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1485.867592][T26156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1485.934718][T26156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1485.991781][T26156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1486.057982][T26156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1486.111723][T26156] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1486.231806][T26156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1486.305668][T26156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1486.365457][T26156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1486.419694][T26156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1486.482496][T26156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1486.544785][T26156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1486.597962][T26156] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1486.703906][T26156] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1486.765530][T26156] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1486.817240][T26156] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1486.875480][T26156] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1487.506383][T16345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1487.514224][T16345] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1487.746770][T10673] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1487.785913][T10673] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1489.060979][T26476] Invalid ELF header magic: != ELF [ 1489.331496][T26484] 0x000200000001-0xa29656a63616329 : "" [ 1489.363984][T26484] mtd: partition "" is out of reach -- disabled [ 1489.407214][T26484] ftl_cs: FTL header not found. [ 1489.615591][T26486] ERROR: Out of memory at tomoyo_memory_ok. [ 1491.195646][T25620] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1492.098475][T26533] Invalid ELF header magic: != ELF [ 1492.550371][T26540] sctp: [Deprecated]: syz.0.4789 (pid 26540) Use of int in max_burst socket option deprecated. [ 1492.550371][T26540] Use struct sctp_assoc_value instead [ 1492.702221][T26544] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1492.980414][T26549] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1493.129796][T26545] sp0: Synchronizing with TNC [ 1493.367058][T26549] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1493.772706][T26556] Invalid ELF header magic: != ELF [ 1493.868433][T26558] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1493.988538][T26558] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1494.051941][T26558] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1494.141033][T26558] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1494.229725][T26558] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1494.334068][T26558] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1494.408926][T26558] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1494.439902][T19437] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1494.453947][T19437] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1494.462488][T19437] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1494.470943][T19437] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1494.479823][T19437] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1494.542488][T26558] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1494.560802][T26561] Invalid ELF header magic: != ELF [ 1495.022705][T26562] chnl_net:caif_netlink_parms(): no params data found [ 1495.039606][T26568] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1495.066182][T26568] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1495.393541][T26562] bridge0: port 1(bridge_slave_0) entered blocking state [ 1495.445842][T26562] bridge0: port 1(bridge_slave_0) entered disabled state [ 1495.490143][T26562] bridge_slave_0: entered allmulticast mode [ 1495.545554][T26562] bridge_slave_0: entered promiscuous mode [ 1495.580782][T26562] bridge0: port 2(bridge_slave_1) entered blocking state [ 1495.627675][T26562] bridge0: port 2(bridge_slave_1) entered disabled state [ 1495.676343][T26562] bridge_slave_1: entered allmulticast mode [ 1495.684463][T26581] Invalid ELF header magic: != ELF [ 1495.724552][T26562] bridge_slave_1: entered promiscuous mode [ 1496.054194][T26562] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1496.083433][T26584] Invalid ELF header magic: != ELF [ 1496.121146][T26562] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1496.459228][T26562] team0: Port device team_slave_0 added [ 1496.501629][T26562] team0: Port device team_slave_1 added [ 1496.556064][T25620] Bluetooth: hci1: command tx timeout [ 1496.767026][T26562] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1496.779954][T26562] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1496.836020][T26589] sctp: [Deprecated]: syz.3.4800 (pid 26589) Use of int in max_burst socket option deprecated. [ 1496.836020][T26589] Use struct sctp_assoc_value instead [ 1496.900510][T26562] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1496.949688][T26590] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1496.958279][T26562] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1496.965212][T26562] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1497.104470][T26562] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1497.271260][T26562] hsr_slave_0: entered promiscuous mode [ 1497.301603][T26562] hsr_slave_1: entered promiscuous mode [ 1497.327358][T26562] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1497.366539][T26562] Cannot create hsr debugfs directory [ 1497.866074][T26562] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1498.088444][T26562] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1498.353166][T26562] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1498.567467][T26562] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1498.635468][T25620] Bluetooth: hci1: command tx timeout [ 1499.024820][T26562] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1499.075242][T26562] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1499.167446][T26562] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1499.219780][T26562] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1499.537668][T26562] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1499.589421][T26562] 8021q: adding VLAN 0 to HW filter on device team0 [ 1499.625283][T16345] bridge0: port 1(bridge_slave_0) entered blocking state [ 1499.632450][T16345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1499.712422][T16345] bridge0: port 2(bridge_slave_1) entered blocking state [ 1499.719579][T16345] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1500.042258][T26631] Invalid ELF header magic: != ELF [ 1500.471256][T26562] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1500.711448][T26562] veth0_vlan: entered promiscuous mode [ 1500.725697][T25620] Bluetooth: hci1: command tx timeout [ 1500.773463][T26562] veth1_vlan: entered promiscuous mode [ 1500.815194][T26647] 0x000200000001-0xa29656a63616329 : "" [ 1500.853396][T26647] mtd: partition "" is out of reach -- disabled [ 1500.901808][T26562] veth0_macvtap: entered promiscuous mode [ 1500.913301][T26647] ftl_cs: FTL header not found. [ 1500.996574][T26562] veth1_macvtap: entered promiscuous mode [ 1501.138267][T26562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1501.173177][T26648] ERROR: Out of memory at tomoyo_memory_ok. [ 1501.225966][T26562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1501.297764][T26562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1501.352875][T26562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1501.415444][T26562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1501.466324][T26562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1501.547485][T26562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1501.607756][T26562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1501.658548][T26562] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1501.741792][T26562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1501.814900][T26562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1501.885526][T26562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1501.937385][T26562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1501.990956][T26562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1502.047493][T26562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1502.093252][T26562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1502.140506][T26562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1502.197328][T26562] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1502.258976][T26562] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1502.306566][T26562] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1502.351251][T26562] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1502.397973][T26562] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1502.796372][T25620] Bluetooth: hci1: command tx timeout [ 1502.822114][ T5922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1502.875610][ T5922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1503.273012][ T5922] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1503.313982][ T5922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1503.651970][T26664] 0x000200000001-0xa29656a63616329 : "" [ 1503.692969][T26664] mtd: partition "" is out of reach -- disabled [ 1503.760061][T26664] ftl_cs: FTL header not found. [ 1503.932510][T26668] ERROR: Out of memory at tomoyo_memory_ok. [ 1504.518104][T26677] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1505.123781][T26679] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1505.223658][T26689] Invalid ELF header magic: != ELF [ 1507.041678][T26709] 0x000200000001-0xa29656a63616329 : "" [ 1507.068241][T26709] mtd: partition "" is out of reach -- disabled [ 1507.153387][T26709] ftl_cs: FTL header not found. [ 1507.333926][T26712] ERROR: Out of memory at tomoyo_memory_ok. [ 1507.613934][T26715] Invalid ELF header magic: != ELF [ 1510.616896][T26746] Invalid ELF header magic: != ELF [ 1510.695538][T26743] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1510.981211][T26747] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1511.629033][T19437] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1511.646103][T19437] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1511.654510][T19437] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1511.665970][T19437] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1511.674661][T19437] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1512.630607][T26757] chnl_net:caif_netlink_parms(): no params data found [ 1513.098746][T26757] bridge0: port 1(bridge_slave_0) entered blocking state [ 1513.130202][T26757] bridge0: port 1(bridge_slave_0) entered disabled state [ 1513.174475][T26757] bridge_slave_0: entered allmulticast mode [ 1513.201678][T26757] bridge_slave_0: entered promiscuous mode [ 1513.243126][T26757] bridge0: port 2(bridge_slave_1) entered blocking state [ 1513.283805][T26757] bridge0: port 2(bridge_slave_1) entered disabled state [ 1513.322950][T26757] bridge_slave_1: entered allmulticast mode [ 1513.349057][T26757] bridge_slave_1: entered promiscuous mode [ 1513.564767][T26757] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1513.729079][T26757] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1513.760299][T19437] Bluetooth: hci4: command tx timeout [ 1513.893327][T26757] team0: Port device team_slave_0 added [ 1513.925104][T26757] team0: Port device team_slave_1 added [ 1514.044546][T26757] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1514.075299][T26757] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1514.101251][ C1] vkms_vblank_simulate: vblank timer overrun [ 1514.193084][T26757] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1514.240301][T26757] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1514.270622][T26757] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1514.402195][T26757] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1514.811587][T26757] hsr_slave_0: entered promiscuous mode [ 1514.846372][T26757] hsr_slave_1: entered promiscuous mode [ 1514.878287][T26757] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1514.919228][T26757] Cannot create hsr debugfs directory [ 1515.838215][T19437] Bluetooth: hci4: command tx timeout [ 1516.112556][T26757] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1516.473339][T26757] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1516.953167][T26757] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1517.259254][T26757] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1517.721370][T26757] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1517.813493][T26757] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1517.899549][T26757] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1517.916376][T25620] Bluetooth: hci4: command tx timeout [ 1517.979421][T26757] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1518.119530][T26817] Invalid ELF header magic: != ELF [ 1518.302548][T26757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1518.379044][T26757] 8021q: adding VLAN 0 to HW filter on device team0 [ 1518.461110][T26154] bridge0: port 1(bridge_slave_0) entered blocking state [ 1518.468278][T26154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1518.528992][T26154] bridge0: port 2(bridge_slave_1) entered blocking state [ 1518.536167][T26154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1518.709517][T26757] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1519.301871][T26757] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1519.471252][T26757] veth0_vlan: entered promiscuous mode [ 1519.523470][T26757] veth1_vlan: entered promiscuous mode [ 1519.597261][T19437] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1519.642637][T26757] veth0_macvtap: entered promiscuous mode [ 1519.758322][T26757] veth1_macvtap: entered promiscuous mode [ 1519.804620][T26757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1519.885641][T26757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1519.927211][T26757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1519.980278][T26757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1519.995733][T19437] Bluetooth: hci4: command tx timeout [ 1520.008978][T26825] Invalid ELF header magic: != ELF [ 1520.034920][T26757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1520.108127][T26757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.142316][T26757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1520.185730][T26757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.251509][T26757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1520.292938][T26757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.358301][T26757] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1520.416945][T26757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1520.482771][T26757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.532662][T26757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1520.588687][T26757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.638947][T26757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1520.690309][T26757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.745793][T26757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1520.785513][T26757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.834773][T26757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1520.887543][T26757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.950676][T26757] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1521.024888][T26757] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1521.077612][T26757] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1521.126059][T26757] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1521.134776][T26757] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1521.743199][T26845] Invalid ELF header magic: != ELF [ 1521.752353][T15454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1521.808400][T15454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1521.905025][T15454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1521.960713][T15454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1522.745496][T26857] sctp: [Deprecated]: syz.0.4858 (pid 26857) Use of int in max_burst socket option deprecated. [ 1522.745496][T26857] Use struct sctp_assoc_value instead [ 1522.870912][T26860] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1523.690005][T26864] Invalid ELF header magic: != ELF [ 1525.067015][T26877] Invalid ELF header magic: != ELF [ 1525.870186][T26890] Invalid ELF header magic: != ELF [ 1525.986802][T26895] sctp: [Deprecated]: syz.3.4866 (pid 26895) Use of int in max_burst socket option deprecated. [ 1525.986802][T26895] Use struct sctp_assoc_value instead [ 1526.191641][T26895] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1526.292029][T26899] Invalid ELF header magic: != ELF [ 1526.813957][T26905] Invalid ELF header magic: != ELF [ 1527.259970][T26911] Invalid ELF header magic: != ELF [ 1529.517417][T26935] sctp: [Deprecated]: syz.1.4877 (pid 26935) Use of int in max_burst socket option deprecated. [ 1529.517417][T26935] Use struct sctp_assoc_value instead [ 1529.643483][T26933] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1529.761463][T26927] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1529.781036][T26927] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1529.798845][T26927] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1529.812617][T26927] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1529.834449][T26927] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1529.879655][T26927] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1529.899079][T26927] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1529.921519][T26927] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1529.943102][T26927] CPU0 is offline. [ 1530.208401][T26945] Invalid ELF header magic: != ELF [ 1530.657577][T26958] sctp: [Deprecated]: syz.1.4882 (pid 26958) Use of int in max_burst socket option deprecated. [ 1530.657577][T26958] Use struct sctp_assoc_value instead [ 1530.940338][T26956] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1531.226214][T26963] 0x000200000001-0xa29656a63616329 : "" [ 1531.231808][T26963] mtd: partition "" is out of reach -- disabled [ 1531.295512][T26963] ftl_cs: FTL header not found. [ 1531.518000][T19437] Bluetooth: hci2: command 0x0c1a tx timeout [ 1531.601275][T26969] ERROR: Out of memory at tomoyo_memory_ok. [ 1531.835065][T26978] Invalid ELF header magic: != ELF [ 1531.844888][T19437] Bluetooth: hci1: command 0x0c1a tx timeout [ 1531.852355][T25620] Bluetooth: hci3: command 0x0c1a tx timeout [ 1531.915667][T19437] Bluetooth: hci4: command 0x0c1a tx timeout [ 1533.031697][T26985] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1533.272243][T26989] Invalid ELF header magic: != ELF [ 1533.443499][T26984] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1533.919859][T19437] Bluetooth: hci1: command 0x0c1a tx timeout [ 1533.995848][T19437] Bluetooth: hci4: command 0x0c1a tx timeout [ 1534.281993][T27010] Invalid ELF header magic: != ELF [ 1534.781714][T27019] sctp: [Deprecated]: syz.0.4895 (pid 27019) Use of int in max_burst socket option deprecated. [ 1534.781714][T27019] Use struct sctp_assoc_value instead [ 1535.008477][T27016] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1535.463011][T27025] Invalid ELF header magic: != ELF [ 1535.884474][T27034] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1535.996328][T19437] Bluetooth: hci1: command 0x0c1a tx timeout [ 1536.075803][T19437] Bluetooth: hci4: command 0x0c1a tx timeout [ 1536.176158][T27036] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1536.927336][T27047] Invalid ELF header magic: != ELF [ 1540.265993][T27080] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1540.426695][T25620] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1540.440546][T25620] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1540.449635][T25620] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1540.458336][T25620] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1540.466008][T25620] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1541.226579][T27090] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1541.884591][T27102] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1541.948984][T27098] sctp: [Deprecated]: syz.1.4912 (pid 27098) Use of int in max_burst socket option deprecated. [ 1541.948984][T27098] Use struct sctp_assoc_value instead [ 1542.179400][T27085] chnl_net:caif_netlink_parms(): no params data found [ 1542.327590][T27104] Invalid ELF header magic: != ELF [ 1542.555594][T25620] Bluetooth: hci0: command tx timeout [ 1542.598365][T16345] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1543.065122][T16345] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1543.536600][T16345] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1543.827957][T16345] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1544.117039][T27085] bridge0: port 1(bridge_slave_0) entered blocking state [ 1544.164635][T27085] bridge0: port 1(bridge_slave_0) entered disabled state [ 1544.205642][T27085] bridge_slave_0: entered allmulticast mode [ 1544.212642][T27085] bridge_slave_0: entered promiscuous mode [ 1544.278015][T27085] bridge0: port 2(bridge_slave_1) entered blocking state [ 1544.330064][T27085] bridge0: port 2(bridge_slave_1) entered disabled state [ 1544.360092][T27085] bridge_slave_1: entered allmulticast mode [ 1544.378942][T27124] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4916'. [ 1544.403316][T27085] bridge_slave_1: entered promiscuous mode [ 1544.608352][T27085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1544.635973][T25620] Bluetooth: hci0: command tx timeout [ 1544.744101][T27085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1545.348862][T27085] team0: Port device team_slave_0 added [ 1545.399595][T27085] team0: Port device team_slave_1 added [ 1545.477267][T16345] bridge_slave_0: left allmulticast mode [ 1545.482940][T16345] bridge_slave_0: left promiscuous mode [ 1545.568765][T16345] bridge0: port 1(bridge_slave_0) entered disabled state [ 1545.692316][T16345] vlan1: left allmulticast mode [ 1545.739950][T16345] veth0_vlan: left allmulticast mode [ 1545.745278][T16345] vlan1: left promiscuous mode [ 1545.798872][T16345] bridge0: port 3(vlan1) entered disabled state [ 1545.916649][T16345] bridge_slave_1: left allmulticast mode [ 1545.960364][T16345] bridge_slave_1: left promiscuous mode [ 1545.996984][T16345] bridge0: port 2(bridge_slave_1) entered disabled state [ 1546.081145][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.090181][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.123844][T16345] bridge_slave_0: left allmulticast mode [ 1546.146188][T16345] bridge_slave_0: left promiscuous mode [ 1546.199333][T16345] bridge0: port 1(bridge_slave_0) entered disabled state [ 1546.718084][T25620] Bluetooth: hci0: command tx timeout [ 1546.805338][T27157] 0x000200000001-0xa29656a63616329 : "" [ 1546.825906][T27157] mtd: partition "" is out of reach -- disabled [ 1546.899424][T27157] ftl_cs: FTL header not found. [ 1547.106808][T27159] ERROR: Out of memory at tomoyo_memory_ok. [ 1547.776223][T27165] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1547.857319][T27163] sctp: [Deprecated]: syz.0.4922 (pid 27163) Use of int in max_burst socket option deprecated. [ 1547.857319][T27163] Use struct sctp_assoc_value instead [ 1548.524814][T16345] erspan0 (unregistering): left allmulticast mode [ 1548.801970][T25620] Bluetooth: hci0: command tx timeout [ 1549.872842][T16345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1549.894050][T16345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1549.920272][T16345] bond0 (unregistering): Released all slaves [ 1550.099960][T16345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1550.116026][T16345] bond0 (unregistering): Released all slaves [ 1550.300709][T27085] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1550.321752][T27085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1550.385665][T27085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1550.440537][T16345] .SR: left promiscuous mode [ 1550.464483][T27085] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1550.500380][T27085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1550.590317][T27085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1550.765158][T27085] hsr_slave_0: entered promiscuous mode [ 1550.799062][T27085] hsr_slave_1: entered promiscuous mode [ 1550.826032][T27085] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1550.833605][T27085] Cannot create hsr debugfs directory [ 1551.412523][T25620] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 1552.140047][T27186] ima: policy update failed [ 1552.157716][ T30] audit: type=1802 audit(4294967507.110:93): pid=27186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.4926" res=0 errno=0 [ 1552.963295][T27210] 0x000200000001-0xa29656a63616329 : "" [ 1553.002673][T27210] mtd: partition "" is out of reach -- disabled [ 1553.067596][T27210] ftl_cs: FTL header not found. [ 1553.319651][T27215] ERROR: Out of memory at tomoyo_memory_ok. [ 1554.408374][T27085] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1554.495632][T27085] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1554.594117][T27085] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1554.773003][T27247] 0x000200000001-0xa29656a63616329 : "" [ 1554.784277][T27246] Invalid ELF header magic: != ELF [ 1554.824936][T27247] mtd: partition "" is out of reach -- disabled [ 1554.878716][T27247] ftl_cs: FTL header not found. [ 1554.949309][T27085] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1555.134034][T27251] ERROR: Out of memory at tomoyo_memory_ok. [ 1555.189407][T16345] hsr_slave_0: left promiscuous mode [ 1555.274986][T16345] hsr_slave_1: left promiscuous mode [ 1555.292838][T16345] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1555.358270][T16345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1555.424014][T16345] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1555.470572][T16345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1555.518246][T16345] hsr_slave_0: left promiscuous mode [ 1555.548069][T16345] hsr_slave_1: left promiscuous mode [ 1555.562520][T16345] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1555.591294][T16345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1555.644303][T16345] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1555.674481][T16345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1555.872674][T16345] veth1_macvtap: left promiscuous mode [ 1555.911923][T16345] veth0_macvtap: left promiscuous mode [ 1555.931080][T27267] blktrace: Concurrent blktraces are not allowed on mtdblock0 [ 1555.947922][T16345] veth1_macvtap: left promiscuous mode [ 1555.960928][T16345] veth0_macvtap: left promiscuous mode [ 1555.986847][T16345] veth1_vlan: left promiscuous mode [ 1556.010203][T16345] veth0_vlan: left promiscuous mode [ 1557.532797][T16345] team0 (unregistering): Port device team_slave_1 removed [ 1559.289247][T16345] team0 (unregistering): Port device team_slave_1 removed [ 1559.349238][T16345] team0 (unregistering): Port device team_slave_0 removed [ 1560.315208][T27085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1560.448443][T27085] 8021q: adding VLAN 0 to HW filter on device team0 [ 1560.462151][T27292] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1560.541415][ T5922] bridge0: port 1(bridge_slave_0) entered blocking state [ 1560.548599][ T5922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1560.644737][ T5922] bridge0: port 2(bridge_slave_1) entered blocking state [ 1560.651897][ T5922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1560.942132][T27304] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1561.738439][T27320] sctp: [Deprecated]: syz.2.4950 (pid 27320) Use of int in max_burst socket option deprecated. [ 1561.738439][T27320] Use struct sctp_assoc_value instead [ 1561.762376][T27085] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1562.017275][T27326] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1562.145200][T27085] veth0_vlan: entered promiscuous mode [ 1562.459702][T27085] veth1_vlan: entered promiscuous mode [ 1562.694589][T27085] veth0_macvtap: entered promiscuous mode [ 1562.770421][T27085] veth1_macvtap: entered promiscuous mode [ 1562.834631][T27339] random: crng reseeded on system resumption [ 1563.245568][T27085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1563.315424][T27085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1563.377685][T27085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1563.436107][T27085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1563.491316][T27085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1563.557384][T27085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1563.618040][T27085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1563.674682][T27085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1563.747181][T27085] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1563.813356][T27085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1563.899152][T27085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1563.947403][T27085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1564.017215][T27085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1564.067333][T27085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1564.129881][T27085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1564.197450][T27085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1564.255123][T27085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1564.319461][T27085] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1564.402854][T27085] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1564.457907][T27085] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1564.505179][T27085] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1564.573880][T27085] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1565.646732][T26266] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1565.703791][T26266] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1565.973396][T26266] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1566.032191][T26266] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1566.051236][T27373] kexec: Could not allocate control_code_buffer [ 1568.913469][T27434] Invalid ELF header magic: != ELF [ 1569.211427][T27439] 0x000200000001-0xa29656a63616329 : "" [ 1569.268948][T27439] mtd: partition "" is out of reach -- disabled [ 1569.344591][T27439] ftl_cs: FTL header not found. [ 1569.583657][T27443] ERROR: Out of memory at tomoyo_memory_ok. [ 1570.449305][T27454] sctp: [Deprecated]: syz.3.4969 (pid 27454) Use of int in max_burst socket option deprecated. [ 1570.449305][T27454] Use struct sctp_assoc_value instead [ 1570.683619][T27453] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1573.303304][T27484] 0x000200000001-0xa29656a63616329 : "" [ 1573.339541][T27484] mtd: partition "" is out of reach -- disabled [ 1573.384675][T27484] ftl_cs: FTL header not found. [ 1573.658446][T27485] ERROR: Out of memory at tomoyo_memory_ok. [ 1574.926880][T27500] sctp: [Deprecated]: syz.0.4980 (pid 27500) Use of int in max_burst socket option deprecated. [ 1574.926880][T27500] Use struct sctp_assoc_value instead [ 1574.953908][T27496] Setting dangerous option i915.mitigations - tainting kernel [ 1575.189282][T27499] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1576.099339][T27510] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1576.622698][T27507] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1577.481506][T27527] 0x000200000001-0xa29656a63616329 : "" [ 1577.538513][T27527] mtd: partition "" is out of reach -- disabled [ 1577.640055][T27527] ftl_cs: FTL header not found. [ 1577.866895][T27530] ERROR: Out of memory at tomoyo_memory_ok. [ 1578.116965][T27538] FAULT_INJECTION: forcing a failure. [ 1578.116965][T27538] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1578.225947][T27538] CPU: 1 UID: 0 PID: 27538 Comm: syz.0.4990 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1578.225973][T27538] Tainted: [U]=USER [ 1578.225979][T27538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1578.225987][T27538] Call Trace: [ 1578.225993][T27538] [ 1578.225999][T27538] dump_stack_lvl+0x16c/0x1f0 [ 1578.226025][T27538] should_fail_ex+0x512/0x640 [ 1578.226050][T27538] should_fail_alloc_page+0xe7/0x130 [ 1578.226070][T27538] prepare_alloc_pages+0x3c2/0x610 [ 1578.226092][T27538] ? rcu_is_watching+0x12/0xc0 [ 1578.226109][T27538] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1578.226126][T27538] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1578.226142][T27538] ? is_bpf_text_address+0x94/0x1a0 [ 1578.226160][T27538] ? kernel_text_address+0x8d/0x100 [ 1578.226173][T27538] ? __kernel_text_address+0xd/0x40 [ 1578.226186][T27538] ? unwind_get_return_address+0x59/0xa0 [ 1578.226203][T27538] ? arch_stack_walk+0xa6/0x100 [ 1578.226222][T27538] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1578.226246][T27538] ? __lock_acquire+0x5ca/0x1ba0 [ 1578.226273][T27538] ? __lock_acquire+0x5ca/0x1ba0 [ 1578.226291][T27538] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1578.226312][T27538] ? policy_nodemask+0xea/0x4e0 [ 1578.226336][T27538] alloc_pages_mpol+0x1fb/0x550 [ 1578.226356][T27538] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1578.226381][T27538] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1578.226403][T27538] vma_alloc_folio_noprof+0xed/0x1e0 [ 1578.226423][T27538] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1578.226442][T27538] ? find_held_lock+0x2b/0x80 [ 1578.226456][T27538] ? do_wp_page+0x229a/0x58e0 [ 1578.226479][T27538] do_wp_page+0x1282/0x58e0 [ 1578.226506][T27538] ? __pfx_do_wp_page+0x10/0x10 [ 1578.226528][T27538] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1578.226549][T27538] ? ___pte_offset_map+0x1bc/0x540 [ 1578.226573][T27538] __handle_mm_fault+0x1ada/0x2a40 [ 1578.226593][T27538] ? __pfx___handle_mm_fault+0x10/0x10 [ 1578.226618][T27538] ? find_vma+0xbf/0x140 [ 1578.226638][T27538] ? __pfx_find_vma+0x10/0x10 [ 1578.226659][T27538] handle_mm_fault+0x3fe/0xad0 [ 1578.226677][T27538] do_user_addr_fault+0x7a6/0x1370 [ 1578.226694][T27538] ? rcu_is_watching+0x12/0xc0 [ 1578.226709][T27538] exc_page_fault+0x5c/0xc0 [ 1578.226729][T27538] asm_exc_page_fault+0x26/0x30 [ 1578.226743][T27538] RIP: 0010:rep_stos_alternative+0x40/0x80 [ 1578.226760][T27538] Code: c9 75 f6 c3 cc cc cc cc 48 89 07 48 83 c7 08 83 e9 08 74 ef 83 f9 08 73 ef eb de 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 <48> 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47 [ 1578.226774][T27538] RSP: 0018:ffffc9000442fca8 EFLAGS: 00050202 [ 1578.226786][T27538] RAX: 0000000000000000 RBX: 00002000000001c0 RCX: 000000000000e1bf [ 1578.226795][T27538] RDX: ffff888026720000 RSI: ffffffff88419a51 RDI: 0000200000004000 [ 1578.226804][T27538] RBP: 00002000000121bf R08: 24349432358cc39f R09: 0000000000000001 [ 1578.226813][T27538] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880718c0000 [ 1578.226822][T27538] R13: 1ffff92000885f9b R14: 0000000000000002 R15: 0000000000011fff [ 1578.226836][T27538] ? ctl_ioctl+0xa21/0xd70 [ 1578.226861][T27538] ctl_ioctl+0xa31/0xd70 [ 1578.226882][T27538] ? __pfx_list_devices+0x10/0x10 [ 1578.226904][T27538] ? __pfx_ctl_ioctl+0x10/0x10 [ 1578.226944][T27538] ? __fget_files+0x20e/0x3c0 [ 1578.226961][T27538] dm_ctl_ioctl+0x22/0x30 [ 1578.226981][T27538] ? __pfx_dm_ctl_ioctl+0x10/0x10 [ 1578.227002][T27538] __x64_sys_ioctl+0x193/0x200 [ 1578.227024][T27538] do_syscall_64+0xcd/0x230 [ 1578.227047][T27538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1578.227060][T27538] RIP: 0033:0x7f9d9a38e969 [ 1578.227072][T27538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1578.227085][T27538] RSP: 002b:00007f9d9b261038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1578.227098][T27538] RAX: ffffffffffffffda RBX: 00007f9d9a5b5fa0 RCX: 00007f9d9a38e969 [ 1578.227108][T27538] RDX: 00002000000001c0 RSI: fffffffffffffd02 RDI: 0000000000000003 [ 1578.227117][T27538] RBP: 00007f9d9b261090 R08: 0000000000000000 R09: 0000000000000000 [ 1578.227125][T27538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1578.227134][T27538] R13: 0000000000000000 R14: 00007f9d9a5b5fa0 R15: 00007ffe69d46f78 [ 1578.227152][T27538] [ 1580.060189][T27546] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1580.086122][T27546] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1580.117631][T27546] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1580.168374][T27546] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1580.199209][T27546] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1580.214878][T27563] nfsd: Unknown parameter '^BÔ-' [ 1580.240238][T27546] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1580.274229][T27546] CPU0 is offline. [ 1581.676114][T25620] Bluetooth: hci3: command 0x0c1a tx timeout [ 1582.157960][T25620] Bluetooth: hci4: command 0x0c1a tx timeout [ 1582.163995][T25620] Bluetooth: hci1: command 0x0c1a tx timeout [ 1582.245544][T25620] Bluetooth: hci0: command 0x0c1a tx timeout [ 1583.443832][T27604] sctp: [Deprecated]: syz.0.5007 (pid 27604) Use of int in max_burst socket option deprecated. [ 1583.443832][T27604] Use struct sctp_assoc_value instead [ 1583.609965][T27603] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1584.319253][T25620] Bluetooth: hci0: command 0x0c1a tx timeout [ 1584.855591][T27612] sctp: [Deprecated]: syz.0.5008 (pid 27612) Use of int in max_burst socket option deprecated. [ 1584.855591][T27612] Use struct sctp_assoc_value instead [ 1585.085044][T27611] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1585.607035][T27619] 0x000200000001-0xa29656a63616329 : "" [ 1585.635503][T27619] mtd: partition "" is out of reach -- disabled [ 1585.689345][T27619] ftl_cs: FTL header not found. [ 1585.932697][T27620] ERROR: Out of memory at tomoyo_memory_ok. [ 1586.399747][T25620] Bluetooth: hci0: command 0x0c1a tx timeout [ 1587.913071][T27633] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1588.010643][T16345] netdevsim netdevsim15 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1588.767232][T27636] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1588.807323][T27636] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1588.837802][T27636] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1588.862640][T27636] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1588.905575][T27636] CPU0 is offline. [ 1589.250551][T16345] erspan0 (unregistering): left allmulticast mode [ 1589.341510][T27665] sctp: [Deprecated]: syz.2.5021 (pid 27665) Use of int in max_burst socket option deprecated. [ 1589.341510][T27665] Use struct sctp_assoc_value instead [ 1589.512912][T27662] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1590.073258][T16345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1590.094292][T16345] bond0 (unregistering): Released all slaves [ 1590.236521][T25620] Bluetooth: hci3: command 0x0c1a tx timeout [ 1590.796042][T25620] Bluetooth: hci1: command 0x0c1a tx timeout [ 1590.877079][T25620] Bluetooth: hci0: command 0x0c1a tx timeout [ 1590.884242][T19437] Bluetooth: hci4: command 0x0c1a tx timeout [ 1591.501640][T16345] hsr_slave_0: left promiscuous mode [ 1591.514986][T27694] 0x000200000001-0xa29656a63616329 : "" [ 1591.557336][T27694] mtd: partition "" is out of reach -- disabled [ 1591.566066][T16345] hsr_slave_1: left promiscuous mode [ 1591.623219][T27694] ftl_cs: FTL header not found. [ 1591.871351][T27701] ERROR: Out of memory at tomoyo_memory_ok. [ 1592.294931][ T30] audit: type=1804 audit(4294967547.260:94): pid=27715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.5031" name="/newroot/66/file0" dev="tmpfs" ino=378 res=1 errno=0 [ 1592.336427][T27707] < [ 1592.437507][ T30] audit: type=1800 audit(4294967547.260:95): pid=27715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5031" name="file0" dev="tmpfs" ino=378 res=0 errno=0 [ 1592.663135][T27721] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5032'. [ 1592.741972][T27722] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5032'. [ 1592.813714][T27723] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5032'. [ 1593.297003][T16345] team0 (unregistering): Port device team_slave_1 removed [ 1593.517924][T16345] team0 (unregistering): Port device team_slave_0 removed [ 1594.492252][T27730] kexec: Could not allocate control_code_buffer [ 1595.332326][T27721] ipvlan1: entered allmulticast mode [ 1595.409423][T27721] veth0_vlan: entered allmulticast mode [ 1595.741568][T27755] Invalid ELF header magic: != ELF [ 1595.813553][T27759] Invalid ELF header magic: != ELF [ 1597.884696][T27779] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1597.896958][T27793] Invalid ELF header magic: != ELF [ 1597.923279][T27779] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1597.962884][T27779] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1597.990278][T27779] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1598.039839][T27779] CPU0 is offline. [ 1598.364690][T27802] 0x000200000001-0xa29656a63616329 : "" [ 1598.394156][T27802] mtd: partition "" is out of reach -- disabled [ 1598.468413][T27802] ftl_cs: FTL header not found. [ 1598.646413][T27806] ERROR: Out of memory at tomoyo_memory_ok. [ 1599.595738][T25620] Bluetooth: hci3: command 0x0c1a tx timeout [ 1599.780848][T27826] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1599.985714][T27828] zswap: compressor not available [ 1599.995822][T25620] Bluetooth: hci0: command 0x0c1a tx timeout [ 1600.001843][T25620] Bluetooth: hci4: command 0x0c1a tx timeout [ 1600.013371][T19437] Bluetooth: hci1: command 0x0c1a tx timeout [ 1600.087065][T27835] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1600.728733][ T24] Process accounting resumed [ 1600.840204][T27845] 0x000200000001-0xa29656a63616329 : "" [ 1600.870593][T27845] mtd: partition "" is out of reach -- disabled [ 1600.910821][T27845] ftl_cs: FTL header not found. [ 1601.087475][T27851] sctp: [Deprecated]: syz.2.5064 (pid 27851) Use of int in max_burst socket option deprecated. [ 1601.087475][T27851] Use struct sctp_assoc_value instead [ 1601.134066][T27850] ERROR: Out of memory at tomoyo_memory_ok. [ 1601.213316][T27854] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1602.458968][T27868] 0x000200000001-0xa29656a63616329 : "" [ 1602.512215][T27876] FAULT_INJECTION: forcing a failure. [ 1602.512215][T27876] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.537800][T27868] mtd: partition "" is out of reach -- disabled [ 1602.575904][T27876] CPU: 1 UID: 0 PID: 27876 Comm: syz.2.5072 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1602.575932][T27876] Tainted: [U]=USER [ 1602.575937][T27876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1602.575947][T27876] Call Trace: [ 1602.575952][T27876] [ 1602.575958][T27876] dump_stack_lvl+0x16c/0x1f0 [ 1602.575985][T27876] should_fail_ex+0x512/0x640 [ 1602.576006][T27876] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 1602.576028][T27876] should_failslab+0xc2/0x120 [ 1602.576046][T27876] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 1602.576065][T27876] ? unix_sysctl_register+0x3c/0x170 [ 1602.576081][T27876] ? __pfx_unix_net_init+0x10/0x10 [ 1602.576099][T27876] kmemdup_noprof+0x29/0x60 [ 1602.576118][T27876] unix_sysctl_register+0x3c/0x170 [ 1602.576133][T27876] unix_net_init+0x54/0x350 [ 1602.576153][T27876] ? __pfx_unix_net_init+0x10/0x10 [ 1602.576171][T27876] ops_init+0x1df/0x5f0 [ 1602.576191][T27876] setup_net+0x21e/0x850 [ 1602.576212][T27876] ? __pfx_setup_net+0x10/0x10 [ 1602.576228][T27876] ? lockdep_init_map_type+0x5c/0x280 [ 1602.576248][T27876] ? __pfx_down_read_killable+0x10/0x10 [ 1602.576265][T27876] ? debug_mutex_init+0x37/0x70 [ 1602.576280][T27876] copy_net_ns+0x2a6/0x5f0 [ 1602.576311][T27876] create_new_namespaces+0x3ea/0xad0 [ 1602.576334][T27876] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1602.576354][T27876] ksys_unshare+0x45b/0xa40 [ 1602.576374][T27876] ? __pfx_ksys_unshare+0x10/0x10 [ 1602.576393][T27876] ? xfd_validate_state+0x5d/0x180 [ 1602.576408][T27876] ? rcu_is_watching+0x12/0xc0 [ 1602.576426][T27876] __x64_sys_unshare+0x31/0x40 [ 1602.576445][T27876] do_syscall_64+0xcd/0x230 [ 1602.576468][T27876] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1602.576482][T27876] RIP: 0033:0x7f4d1a98e969 [ 1602.576494][T27876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1602.576509][T27876] RSP: 002b:00007f4d1b8a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1602.576523][T27876] RAX: ffffffffffffffda RBX: 00007f4d1abb5fa0 RCX: 00007f4d1a98e969 [ 1602.576533][T27876] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1602.576541][T27876] RBP: 00007f4d1aa10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1602.576550][T27876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1602.576559][T27876] R13: 0000000000000000 R14: 00007f4d1abb5fa0 R15: 00007ffe873bac38 [ 1602.576577][T27876] [ 1602.634224][T27868] ftl_cs: FTL header not found. [ 1602.821088][T27878] ERROR: Out of memory at tomoyo_memory_ok. [ 1603.598219][T27886] Invalid ELF header magic: != ELF [ 1603.794737][T27880] pty pty19: ldisc open failed (-12), clearing slot 19 [ 1604.204548][T27899] sctp: [Deprecated]: syz.2.5078 (pid 27899) Use of int in max_burst socket option deprecated. [ 1604.204548][T27899] Use struct sctp_assoc_value instead [ 1604.356397][T27898] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1604.856526][T27913] Invalid ELF header magic: != ELF [ 1606.564883][T27919] zswap: compressor not available [ 1607.520528][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.527038][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.589805][T27961] Invalid ELF header magic: != ELF [ 1607.718987][T27970] 0x000200000001-0xa29656a63616329 : "" [ 1607.755695][T27970] mtd: partition "" is out of reach -- disabled [ 1607.795030][T27970] ftl_cs: FTL header not found. [ 1608.047346][T27978] ERROR: Out of memory at tomoyo_memory_ok. [ 1608.975791][T28007] FAULT_INJECTION: forcing a failure. [ 1608.975791][T28007] name failslab, interval 1, probability 0, space 0, times 0 [ 1609.064158][T28007] CPU: 1 UID: 0 PID: 28007 Comm: syz.3.5098 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1609.064185][T28007] Tainted: [U]=USER [ 1609.064190][T28007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1609.064198][T28007] Call Trace: [ 1609.064204][T28007] [ 1609.064210][T28007] dump_stack_lvl+0x16c/0x1f0 [ 1609.064236][T28007] should_fail_ex+0x512/0x640 [ 1609.064257][T28007] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1609.064276][T28007] should_failslab+0xc2/0x120 [ 1609.064294][T28007] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1609.064310][T28007] ? ptlock_alloc+0x1f/0x70 [ 1609.064327][T28007] ptlock_alloc+0x1f/0x70 [ 1609.064341][T28007] pte_alloc_one+0x6d/0x380 [ 1609.064358][T28007] __pte_alloc+0x6d/0x3c0 [ 1609.064377][T28007] ? __pfx___pte_alloc+0x10/0x10 [ 1609.064397][T28007] ? do_raw_spin_lock+0x12c/0x2b0 [ 1609.064419][T28007] ? find_held_lock+0x2b/0x80 [ 1609.064433][T28007] do_pte_missing+0x2925/0x3fb0 [ 1609.064450][T28007] ? _raw_spin_unlock+0x28/0x50 [ 1609.064467][T28007] ? __pmd_alloc+0x3c2/0x870 [ 1609.064489][T28007] __handle_mm_fault+0x103d/0x2a40 [ 1609.064510][T28007] ? __pfx___handle_mm_fault+0x10/0x10 [ 1609.064541][T28007] handle_mm_fault+0x3fe/0xad0 [ 1609.064559][T28007] __get_user_pages+0x771/0x36f0 [ 1609.064588][T28007] ? __pfx___get_user_pages+0x10/0x10 [ 1609.064610][T28007] ? __pfx_down_read_killable+0x10/0x10 [ 1609.064630][T28007] __gup_longterm_locked+0x20d/0x1850 [ 1609.064658][T28007] ? __pfx___gup_longterm_locked+0x10/0x10 [ 1609.064683][T28007] ? find_held_lock+0x2b/0x80 [ 1609.064697][T28007] ? sanity_check_pinned_pages+0x23/0x11e0 [ 1609.064722][T28007] gup_fast_fallback+0x183d/0x2650 [ 1609.064752][T28007] ? __pfx_gup_fast_fallback+0x10/0x10 [ 1609.064774][T28007] ? is_bpf_text_address+0x94/0x1a0 [ 1609.064792][T28007] ? kernel_text_address+0x8d/0x100 [ 1609.064805][T28007] ? __kernel_text_address+0xd/0x40 [ 1609.064817][T28007] ? unwind_get_return_address+0x59/0xa0 [ 1609.064834][T28007] ? arch_stack_walk+0xa6/0x100 [ 1609.064854][T28007] pin_user_pages_fast+0xa7/0xf0 [ 1609.064867][T28007] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 1609.064880][T28007] ? __blkdev_direct_IO_simple+0x65b/0x810 [ 1609.064902][T28007] ? stack_trace_save+0x8e/0xc0 [ 1609.064920][T28007] iov_iter_extract_pages+0x3a2/0x2000 [ 1609.064946][T28007] ? __blkdev_direct_IO_simple+0x65b/0x810 [ 1609.064966][T28007] ? kasan_save_stack+0x42/0x60 [ 1609.064980][T28007] ? kasan_save_stack+0x33/0x60 [ 1609.064994][T28007] ? kasan_save_track+0x14/0x30 [ 1609.065007][T28007] ? __kasan_kmalloc+0xaa/0xb0 [ 1609.065020][T28007] ? __kmalloc_noprof+0x223/0x510 [ 1609.065034][T28007] ? __blkdev_direct_IO_simple+0x65b/0x810 [ 1609.065054][T28007] ? blkdev_direct_IO+0xa97/0x1cc0 [ 1609.065075][T28007] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 1609.065097][T28007] ? do_syscall_64+0xcd/0x230 [ 1609.065120][T28007] ? __lock_acquire+0x5ca/0x1ba0 [ 1609.065146][T28007] bio_iov_iter_get_pages+0x374/0x10e0 [ 1609.065163][T28007] ? find_held_lock+0x2b/0x80 [ 1609.065184][T28007] ? __pfx_bio_iov_iter_get_pages+0x10/0x10 [ 1609.065201][T28007] ? bio_associate_blkg+0x137/0x2a0 [ 1609.065224][T28007] __blkdev_direct_IO_simple+0x358/0x810 [ 1609.065249][T28007] ? __pfx___blkdev_direct_IO_simple+0x10/0x10 [ 1609.065287][T28007] ? ktime_get_coarse_real_ts64_mg+0x240/0x300 [ 1609.065306][T28007] ? rcu_is_watching+0x12/0xc0 [ 1609.065320][T28007] ? iov_iter_is_aligned+0xf2/0x5a0 [ 1609.065339][T28007] ? iov_iter_npages+0xf0/0x5a0 [ 1609.065363][T28007] blkdev_direct_IO+0xa97/0x1cc0 [ 1609.065392][T28007] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 1609.065414][T28007] ? rcu_is_watching+0x12/0xc0 [ 1609.065428][T28007] ? filemap_check_errors+0xa9/0x160 [ 1609.065448][T28007] blkdev_write_iter+0x6fd/0xdf0 [ 1609.065473][T28007] vfs_write+0x5bd/0x1180 [ 1609.065489][T28007] ? __pfx_blkdev_write_iter+0x10/0x10 [ 1609.065512][T28007] ? __pfx_vfs_write+0x10/0x10 [ 1609.065524][T28007] ? find_held_lock+0x2b/0x80 [ 1609.065549][T28007] ksys_write+0x12a/0x240 [ 1609.065563][T28007] ? __pfx_ksys_write+0x10/0x10 [ 1609.065575][T28007] ? rcu_is_watching+0x12/0xc0 [ 1609.065593][T28007] do_syscall_64+0xcd/0x230 [ 1609.065615][T28007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1609.065630][T28007] RIP: 0033:0x7fc5fb78e969 [ 1609.065641][T28007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1609.065655][T28007] RSP: 002b:00007fc5fc648038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1609.065669][T28007] RAX: ffffffffffffffda RBX: 00007fc5fb9b5fa0 RCX: 00007fc5fb78e969 [ 1609.065678][T28007] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1609.065687][T28007] RBP: 00007fc5fc648090 R08: 0000000000000000 R09: 0000000000000000 [ 1609.065695][T28007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1609.065704][T28007] R13: 0000000000000000 R14: 00007fc5fb9b5fa0 R15: 00007ffcd2323fd8 [ 1609.065722][T28007] [ 1609.741932][T27980] cgroup: fork rejected by pids controller in /syz1 [ 1612.314667][T28036] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1614.360664][T28040] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1614.928263][T28088] 0x000200000001-0xa29656a63616329 : "" [ 1614.959501][T28088] mtd: partition "" is out of reach -- disabled [ 1615.021722][T28088] ftl_cs: FTL header not found. [ 1615.108758][T28084] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1615.138295][T28084] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1615.180307][T28084] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1615.188914][T28091] ERROR: Out of memory at tomoyo_memory_ok. [ 1615.216285][T28084] CPU0 is offline. [ 1615.786116][T28098] sctp: [Deprecated]: syz.0.5105 (pid 28098) Use of int in max_burst socket option deprecated. [ 1615.786116][T28098] Use struct sctp_assoc_value instead [ 1615.876369][T28096] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1616.717921][T25620] Bluetooth: hci3: command 0x0c1a tx timeout [ 1617.195555][T25620] Bluetooth: hci0: command 0x0c1a tx timeout [ 1617.201654][T19437] Bluetooth: hci4: command 0x0c1a tx timeout [ 1617.390414][T28117] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1617.422559][T28117] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1617.654398][T28117] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1617.691968][T28117] CPU0 is offline. [ 1617.792059][T19437] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1617.802253][T19437] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1617.813981][T19437] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1617.825907][T19437] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1617.833330][T19437] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1618.115063][T28128] Invalid ELF header magic: != ELF [ 1618.449759][T28123] chnl_net:caif_netlink_parms(): no params data found [ 1618.741735][T28123] bridge0: port 1(bridge_slave_0) entered blocking state [ 1618.768728][T28110] ptrace attach of "./syz-executor exec"[26156] was attempted by "./syz-executor exec"[28110] [ 1618.792097][T28123] bridge0: port 1(bridge_slave_0) entered disabled state [ 1618.821291][T28123] bridge_slave_0: entered allmulticast mode [ 1618.858305][T28123] bridge_slave_0: entered promiscuous mode [ 1618.893543][T28123] bridge0: port 2(bridge_slave_1) entered blocking state [ 1618.942602][T28123] bridge0: port 2(bridge_slave_1) entered disabled state [ 1618.978174][T28123] bridge_slave_1: entered allmulticast mode [ 1619.021259][T28123] bridge_slave_1: entered promiscuous mode [ 1619.191982][T28123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1619.262116][T28123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1619.435520][T19437] Bluetooth: hci4: command 0x0c1a tx timeout [ 1619.441579][T25620] Bluetooth: hci3: command 0x0c1a tx timeout [ 1619.635704][T28123] team0: Port device team_slave_0 added [ 1619.678527][T25620] Bluetooth: hci0: command 0x0c1a tx timeout [ 1619.685013][T28123] team0: Port device team_slave_1 added [ 1619.767631][T28141] 0x000200000001-0xa29656a63616329 : "" [ 1619.773212][T28141] mtd: partition "" is out of reach -- disabled [ 1619.871123][T28141] ftl_cs: FTL header not found. [ 1619.916345][T25620] Bluetooth: hci1: command tx timeout [ 1619.933470][T28123] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1619.995657][T28123] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1620.090443][T28144] ERROR: Out of memory at tomoyo_memory_ok. [ 1620.166967][T28123] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1620.253711][T28123] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1620.298173][T28123] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1620.442092][T28123] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1620.703348][T28123] hsr_slave_0: entered promiscuous mode [ 1620.734572][T28123] hsr_slave_1: entered promiscuous mode [ 1621.522221][T28123] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1621.693789][T28155] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1621.898767][T28123] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1621.995782][T25620] Bluetooth: hci1: command tx timeout [ 1622.041532][T28168] netlink: 'syz.3.5119': attribute type 11 has an invalid length. [ 1622.507345][T28123] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1623.897253][T28123] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1624.076130][T25620] Bluetooth: hci1: command tx timeout [ 1624.444331][T28194] 0x000200000001-0xa29656a63616329 : "" [ 1624.527792][T28194] mtd: partition "" is out of reach -- disabled [ 1624.610388][T28194] ftl_cs: FTL header not found. [ 1624.809556][T28196] ERROR: Out of memory at tomoyo_memory_ok. [ 1624.905248][T28123] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1625.007469][T28123] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1625.087977][T28123] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1625.153281][T28123] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1625.339528][T28203] sctp: [Deprecated]: syz.2.5127 (pid 28203) Use of int in max_burst socket option deprecated. [ 1625.339528][T28203] Use struct sctp_assoc_value instead [ 1625.466167][T28123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1625.515193][T28206] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1625.542632][T28123] 8021q: adding VLAN 0 to HW filter on device team0 [ 1625.591243][T26266] bridge0: port 1(bridge_slave_0) entered blocking state [ 1625.598386][T26266] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1625.663824][T26266] bridge0: port 2(bridge_slave_1) entered blocking state [ 1625.670982][T26266] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1625.832821][T28123] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1625.866187][T28208] Invalid ELF header magic: != ELF [ 1626.158223][T25620] Bluetooth: hci1: command tx timeout [ 1626.472195][T28123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1626.936671][T28123] veth0_vlan: entered promiscuous mode [ 1626.975293][T28123] veth1_vlan: entered promiscuous mode [ 1627.131682][T28123] veth0_macvtap: entered promiscuous mode [ 1627.271449][T28123] veth1_macvtap: entered promiscuous mode [ 1627.785734][T28123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1627.831726][T28123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1627.888002][T28123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1627.944420][T28123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1627.998155][T28123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1628.047224][T28123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1628.091685][T28123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1628.137841][T28123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1628.153595][T28233] Invalid ELF header magic: != ELF [ 1628.185547][T28123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1628.241986][T28123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1628.318300][T28123] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1628.523252][T28123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1628.583942][T28123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1628.636576][T28123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1628.687817][T28123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1628.728888][T28123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1628.777852][T28123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1628.838040][T28123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1628.894601][T28123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1628.931467][T28123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1628.987671][T28123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1629.049270][T28123] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1629.300969][T28123] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1629.342159][T28123] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1629.373620][T28123] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1629.417938][T28123] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1629.615318][T28245] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1630.044164][T28251] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1630.315720][T16345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1630.323553][T16345] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1630.482158][T16345] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1630.520229][T16345] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1630.659424][T28256] sctp: [Deprecated]: syz.0.5138 (pid 28256) Use of int in max_burst socket option deprecated. [ 1630.659424][T28256] Use struct sctp_assoc_value instead [ 1630.801352][T28254] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1630.978070][T28261] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1631.453294][T28261] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1631.978129][T28272] FAULT_INJECTION: forcing a failure. [ 1631.978129][T28272] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1632.052732][T28272] CPU: 1 UID: 0 PID: 28272 Comm: syz.0.5141 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1632.052758][T28272] Tainted: [U]=USER [ 1632.052763][T28272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1632.052772][T28272] Call Trace: [ 1632.052777][T28272] [ 1632.052783][T28272] dump_stack_lvl+0x16c/0x1f0 [ 1632.052809][T28272] should_fail_ex+0x512/0x640 [ 1632.052833][T28272] _copy_from_iter+0x2a4/0x15b0 [ 1632.052866][T28272] ? __pfx__copy_from_iter+0x10/0x10 [ 1632.052889][T28272] ? tomoyo_audit_inet_log+0x285/0x3a0 [ 1632.052909][T28272] ? __pfx_tomoyo_audit_inet_log+0x10/0x10 [ 1632.052933][T28272] ping_common_sendmsg+0xc4/0x2e0 [ 1632.052954][T28272] ping_v4_sendmsg+0x190/0x1a10 [ 1632.052979][T28272] ? __pfx_ping_v4_sendmsg+0x10/0x10 [ 1632.053006][T28272] ? reacquire_held_locks+0xcd/0x1f0 [ 1632.053025][T28272] ? release_sock+0x21/0x220 [ 1632.053045][T28272] ? find_held_lock+0x2b/0x80 [ 1632.053063][T28272] ? inet_autobind+0x145/0x1a0 [ 1632.053081][T28272] ? __local_bh_enable_ip+0xa4/0x120 [ 1632.053098][T28272] ? inet_autobind+0x14a/0x1a0 [ 1632.053116][T28272] ? __pfx_ping_v4_sendmsg+0x10/0x10 [ 1632.053137][T28272] inet_sendmsg+0x11c/0x140 [ 1632.053158][T28272] __sys_sendto+0x431/0x510 [ 1632.053173][T28272] ? __pfx___sys_sendto+0x10/0x10 [ 1632.053204][T28272] ? ksys_write+0x1b9/0x240 [ 1632.053218][T28272] ? __pfx_ksys_write+0x10/0x10 [ 1632.053231][T28272] ? rcu_is_watching+0x12/0xc0 [ 1632.053246][T28272] __x64_sys_sendto+0xe0/0x1c0 [ 1632.053260][T28272] ? do_syscall_64+0x91/0x230 [ 1632.053281][T28272] ? lockdep_hardirqs_on+0x7c/0x110 [ 1632.053300][T28272] do_syscall_64+0xcd/0x230 [ 1632.053322][T28272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1632.053337][T28272] RIP: 0033:0x7f9d9a38e969 [ 1632.053348][T28272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1632.053362][T28272] RSP: 002b:00007f9d9b261038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1632.053375][T28272] RAX: ffffffffffffffda RBX: 00007f9d9a5b5fa0 RCX: 00007f9d9a38e969 [ 1632.053385][T28272] RDX: 000000000000000b RSI: 0000000000000000 RDI: 0000000000000003 [ 1632.053393][T28272] RBP: 00007f9d9b261090 R08: 0000200000000000 R09: 000000000000001c [ 1632.053402][T28272] R10: 0000000000000f1a R11: 0000000000000246 R12: 0000000000000001 [ 1632.053410][T28272] R13: 0000000000000000 R14: 00007f9d9a5b5fa0 R15: 00007ffe69d46f78 [ 1632.053428][T28272] [ 1632.295318][ C1] vkms_vblank_simulate: vblank timer overrun [ 1632.745297][T28270] zswap: compressor not available [ 1634.921911][ T30] audit: type=1326 audit(4294967589.890:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28315 comm="syz.1.5151" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f18cbb8e969 code=0x0 [ 1634.954381][T28311] sctp: [Deprecated]: syz.3.5148 (pid 28311) Use of int in max_burst socket option deprecated. [ 1634.954381][T28311] Use struct sctp_assoc_value instead [ 1635.040873][T28317] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1635.167712][T28314] 0x000200000001-0xa29656a63616329 : "" [ 1635.242479][T28314] mtd: partition "" is out of reach -- disabled [ 1635.370646][T28314] ftl_cs: FTL header not found. [ 1635.529258][T28322] ERROR: Out of memory at tomoyo_memory_ok. [ 1636.119031][T28325] ovs_: entered promiscuous mode [ 1636.530525][T28328] Invalid ELF header magic: != ELF [ 1636.693355][T28330] Invalid ELF header magic: != ELF [ 1636.741063][T28324] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1637.037577][T28336] 0x000200000001-0xa29656a63616329 : "" [ 1637.043152][T28336] mtd: partition "" is out of reach -- disabled [ 1637.101501][T28336] ftl_cs: FTL header not found. [ 1637.329479][T28337] ERROR: Out of memory at tomoyo_memory_ok. [ 1637.582107][T28339] ima: policy update failed [ 1637.617884][ T30] audit: type=1802 audit(4294967592.580:97): pid=28339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.5156" res=0 errno=0 [ 1637.886918][T28343] Invalid ELF header magic: != ELF [ 1642.323298][T28385] Invalid ELF header magic: != ELF [ 1643.567333][T28399] 0x000200000001-0xa29656a63616329 : "" [ 1643.597628][T28399] mtd: partition "" is out of reach -- disabled [ 1643.636445][T28399] ftl_cs: FTL header not found. [ 1643.920586][T28404] ERROR: Out of memory at tomoyo_memory_ok. [ 1645.726609][T28418] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1645.975562][T28401] ptrace attach of "./syz-executor exec"[26757] was attempted by "./syz-executor exec"[28401] [ 1646.227793][T28417] sp0: Synchronizing with TNC [ 1646.270994][T28419] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1647.343930][T28431] sctp: [Deprecated]: syz.3.5178 (pid 28431) Use of int in max_burst socket option deprecated. [ 1647.343930][T28431] Use struct sctp_assoc_value instead [ 1647.509612][T28434] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1648.613902][T28449] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5184'. [ 1648.761361][T28449] FAULT_INJECTION: forcing a failure. [ 1648.761361][T28449] name failslab, interval 1, probability 0, space 0, times 0 [ 1648.844246][T28449] CPU: 1 UID: 0 PID: 28449 Comm: syz.3.5184 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1648.844273][T28449] Tainted: [U]=USER [ 1648.844279][T28449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1648.844288][T28449] Call Trace: [ 1648.844293][T28449] [ 1648.844299][T28449] dump_stack_lvl+0x16c/0x1f0 [ 1648.844326][T28449] should_fail_ex+0x512/0x640 [ 1648.844351][T28449] should_failslab+0xc2/0x120 [ 1648.844369][T28449] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1648.844386][T28449] ? __alloc_skb+0x2b2/0x380 [ 1648.844406][T28449] __alloc_skb+0x2b2/0x380 [ 1648.844421][T28449] ? __pfx___alloc_skb+0x10/0x10 [ 1648.844438][T28449] ? devlink_nl_port_handle_size+0xfa/0x180 [ 1648.844457][T28449] ? if_nlmsg_size+0x475/0xaf0 [ 1648.844477][T28449] rtmsg_ifinfo_build_skb+0x81/0x280 [ 1648.844500][T28449] rtmsg_ifinfo+0x9f/0x1a0 [ 1648.844523][T28449] __dev_notify_flags+0x24c/0x2e0 [ 1648.844540][T28449] ? __pfx___dev_notify_flags+0x10/0x10 [ 1648.844560][T28449] ? __dev_change_flags+0x3d5/0x720 [ 1648.844578][T28449] ? __pfx___dev_change_flags+0x10/0x10 [ 1648.844596][T28449] ? __pfx_validate_linkmsg+0x10/0x10 [ 1648.844615][T28449] netif_change_flags+0x108/0x160 [ 1648.844634][T28449] do_setlink.constprop.0+0xddf/0x44b0 [ 1648.844657][T28449] ? __lock_acquire+0xaa4/0x1ba0 [ 1648.844676][T28449] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 1648.844700][T28449] ? __mutex_trylock_common+0xe9/0x250 [ 1648.844720][T28449] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1648.844741][T28449] ? __pfx___might_resched+0x10/0x10 [ 1648.844759][T28449] ? rcu_is_watching+0x12/0xc0 [ 1648.844772][T28449] ? trace_contention_end+0xdd/0x130 [ 1648.844792][T28449] ? __mutex_lock+0x1ca/0xb90 [ 1648.844814][T28449] ? rcu_is_watching+0x12/0xc0 [ 1648.844826][T28449] ? rtnl_newlink+0x600/0x2000 [ 1648.844842][T28449] ? trace_cap_capable+0x18d/0x200 [ 1648.844858][T28449] ? __pfx___mutex_lock+0x10/0x10 [ 1648.844878][T28449] ? apparmor_capable+0x114/0x1d0 [ 1648.844900][T28449] ? netlink_ns_capable+0xfa/0x130 [ 1648.844920][T28449] rtnl_newlink+0x1446/0x2000 [ 1648.844944][T28449] ? __pfx_rtnl_newlink+0x10/0x10 [ 1648.844964][T28449] ? kasan_quarantine_put+0x10a/0x240 [ 1648.844978][T28449] ? lockdep_hardirqs_on+0x7c/0x110 [ 1648.845002][T28449] ? kfree_skbmem+0x1a4/0x1f0 [ 1648.845026][T28449] ? __lock_acquire+0x5ca/0x1ba0 [ 1648.845046][T28449] ? rcu_is_watching+0x12/0xc0 [ 1648.845059][T28449] ? trace_cap_capable+0x18d/0x200 [ 1648.845079][T28449] ? find_held_lock+0x2b/0x80 [ 1648.845092][T28449] ? __pfx_rtnl_newlink+0x10/0x10 [ 1648.845108][T28449] ? __pfx_rtnl_newlink+0x10/0x10 [ 1648.845124][T28449] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 1648.845142][T28449] ? __pfx_rtnl_newlink+0x10/0x10 [ 1648.845160][T28449] rtnetlink_rcv_msg+0x95b/0xe90 [ 1648.845179][T28449] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1648.845207][T28449] netlink_rcv_skb+0x16d/0x440 [ 1648.845225][T28449] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1648.845245][T28449] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1648.845276][T28449] ? netlink_deliver_tap+0x1ae/0xd30 [ 1648.845297][T28449] netlink_unicast+0x53a/0x7f0 [ 1648.845318][T28449] ? __pfx_netlink_unicast+0x10/0x10 [ 1648.845335][T28449] ? __lock_acquire+0xaa4/0x1ba0 [ 1648.845357][T28449] netlink_sendmsg+0x8d1/0xdd0 [ 1648.845379][T28449] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1648.845405][T28449] ____sys_sendmsg+0xa98/0xc70 [ 1648.845427][T28449] ? copy_msghdr_from_user+0x10a/0x160 [ 1648.845444][T28449] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1648.845467][T28449] ? kfree+0x252/0x4d0 [ 1648.845478][T28449] ? __pfx__kstrtoull+0x10/0x10 [ 1648.845499][T28449] ___sys_sendmsg+0x134/0x1d0 [ 1648.845517][T28449] ? __pfx____sys_sendmsg+0x10/0x10 [ 1648.845555][T28449] ? __pfx___might_resched+0x10/0x10 [ 1648.845575][T28449] __sys_sendmmsg+0x200/0x420 [ 1648.845594][T28449] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1648.845616][T28449] ? do_sys_openat2+0x157/0x1d0 [ 1648.845636][T28449] ? __pfx_do_sys_openat2+0x10/0x10 [ 1648.845664][T28449] ? ksys_write+0x1b9/0x240 [ 1648.845678][T28449] ? __pfx_ksys_write+0x10/0x10 [ 1648.845690][T28449] ? rcu_is_watching+0x12/0xc0 [ 1648.845706][T28449] __x64_sys_sendmmsg+0x9c/0x100 [ 1648.845723][T28449] ? lockdep_hardirqs_on+0x7c/0x110 [ 1648.845742][T28449] do_syscall_64+0xcd/0x230 [ 1648.845765][T28449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1648.845780][T28449] RIP: 0033:0x7fc5fb78e969 [ 1648.845792][T28449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1648.845806][T28449] RSP: 002b:00007fc5fc648038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1648.845820][T28449] RAX: ffffffffffffffda RBX: 00007fc5fb9b5fa0 RCX: 00007fc5fb78e969 [ 1648.845829][T28449] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000001 [ 1648.845838][T28449] RBP: 00007fc5fc648090 R08: 0000000000000000 R09: 0000000000000000 [ 1648.845847][T28449] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000002 [ 1648.845855][T28449] R13: 0000000000000000 R14: 00007fc5fb9b5fa0 R15: 00007ffcd2323fd8 [ 1648.845874][T28449] [ 1649.330491][ C1] vkms_vblank_simulate: vblank timer overrun [ 1654.003144][T28476] 0x000200000001-0xa29656a63616329 : "" [ 1654.035986][T28476] mtd: partition "" is out of reach -- disabled [ 1654.083066][T28476] ftl_cs: FTL header not found. [ 1654.180081][T28480] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5193'. [ 1654.304182][T28482] ERROR: Out of memory at tomoyo_memory_ok. [ 1654.965599][T28495] netlink: 'syz.3.5197': attribute type 11 has an invalid length. [ 1655.549992][T28507] sctp: [Deprecated]: syz.1.5200 (pid 28507) Use of int in max_burst socket option deprecated. [ 1655.549992][T28507] Use struct sctp_assoc_value instead [ 1655.694851][T28504] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1656.677004][T28521] Invalid ELF header magic: != ELF [ 1658.373387][T28551] FAULT_INJECTION: forcing a failure. [ 1658.373387][T28551] name failslab, interval 1, probability 0, space 0, times 0 [ 1658.455120][T28551] CPU: 1 UID: 0 PID: 28551 Comm: syz.2.5210 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1658.455146][T28551] Tainted: [U]=USER [ 1658.455151][T28551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1658.455159][T28551] Call Trace: [ 1658.455165][T28551] [ 1658.455171][T28551] dump_stack_lvl+0x16c/0x1f0 [ 1658.455196][T28551] should_fail_ex+0x512/0x640 [ 1658.455217][T28551] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1658.455237][T28551] should_failslab+0xc2/0x120 [ 1658.455255][T28551] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1658.455272][T28551] ? __d_alloc+0x31/0xaa0 [ 1658.455290][T28551] __d_alloc+0x31/0xaa0 [ 1658.455311][T28551] d_alloc+0x4a/0x1e0 [ 1658.455327][T28551] d_alloc_parallel+0xe3/0x12e0 [ 1658.455352][T28551] ? register_lock_class+0x41/0x4c0 [ 1658.455373][T28551] ? __pfx_d_alloc_parallel+0x10/0x10 [ 1658.455394][T28551] ? lockdep_init_map_type+0x5c/0x280 [ 1658.455414][T28551] ? lockdep_init_map_type+0x5c/0x280 [ 1658.455436][T28551] __lookup_slow+0x193/0x460 [ 1658.455456][T28551] ? __pfx___lookup_slow+0x10/0x10 [ 1658.455487][T28551] ? lookup_fast+0x156/0x610 [ 1658.455510][T28551] walk_component+0x353/0x5b0 [ 1658.455532][T28551] link_path_walk.part.0.constprop.0+0x685/0xd60 [ 1658.455561][T28551] path_openat+0x227/0x2d40 [ 1658.455574][T28551] ? __x64_sys_openat+0x174/0x210 [ 1658.455600][T28551] ? __pfx_path_openat+0x10/0x10 [ 1658.455619][T28551] do_filp_open+0x20b/0x470 [ 1658.455634][T28551] ? __pfx_do_filp_open+0x10/0x10 [ 1658.455661][T28551] ? alloc_fd+0x471/0x7d0 [ 1658.455679][T28551] do_sys_openat2+0x11b/0x1d0 [ 1658.455698][T28551] ? __pfx_do_sys_openat2+0x10/0x10 [ 1658.455718][T28551] ? __fget_files+0x20e/0x3c0 [ 1658.455734][T28551] __x64_sys_openat+0x174/0x210 [ 1658.455776][T28551] ? __pfx___x64_sys_openat+0x10/0x10 [ 1658.455795][T28551] ? ksys_write+0x1b9/0x240 [ 1658.455815][T28551] do_syscall_64+0xcd/0x230 [ 1658.455838][T28551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1658.455853][T28551] RIP: 0033:0x7f4d1a98e969 [ 1658.455865][T28551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1658.455878][T28551] RSP: 002b:00007f4d1b8a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1658.455893][T28551] RAX: ffffffffffffffda RBX: 00007f4d1abb5fa0 RCX: 00007f4d1a98e969 [ 1658.455905][T28551] RDX: 0000000000149041 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1658.455914][T28551] RBP: 00007f4d1b8a5090 R08: 0000000000000000 R09: 0000000000000000 [ 1658.455923][T28551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1658.455932][T28551] R13: 0000000000000001 R14: 00007f4d1abb5fa0 R15: 00007ffe873bac38 [ 1658.455950][T28551] [ 1658.721360][ C1] vkms_vblank_simulate: vblank timer overrun [ 1659.672083][T28574] Invalid ELF header magic: != ELF [ 1660.551362][T28591] Invalid ELF header magic: != ELF [ 1661.046047][T28599] FAULT_INJECTION: forcing a failure. [ 1661.046047][T28599] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1661.118519][T28599] CPU: 1 UID: 0 PID: 28599 Comm: syz.2.5220 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1661.118558][T28599] Tainted: [U]=USER [ 1661.118564][T28599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1661.118574][T28599] Call Trace: [ 1661.118579][T28599] [ 1661.118586][T28599] dump_stack_lvl+0x16c/0x1f0 [ 1661.118612][T28599] should_fail_ex+0x512/0x640 [ 1661.118637][T28599] should_fail_alloc_page+0xe7/0x130 [ 1661.118658][T28599] prepare_alloc_pages+0x3c2/0x610 [ 1661.118680][T28599] ? rcu_is_watching+0x12/0xc0 [ 1661.118696][T28599] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1661.118716][T28599] ? __schedule+0x1186/0x5de0 [ 1661.118734][T28599] ? do_raw_spin_lock+0x12c/0x2b0 [ 1661.118760][T28599] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1661.118781][T28599] ? __pfx___schedule+0x10/0x10 [ 1661.118805][T28599] ? __lock_acquire+0xaa4/0x1ba0 [ 1661.118822][T28599] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1661.118843][T28599] ? policy_nodemask+0xea/0x4e0 [ 1661.118863][T28599] alloc_pages_mpol+0x1fb/0x550 [ 1661.118882][T28599] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1661.118898][T28599] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1661.118916][T28599] ? find_held_lock+0x2b/0x80 [ 1661.118933][T28599] alloc_pages_noprof+0x131/0x390 [ 1661.118951][T28599] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1661.118965][T28599] get_free_pages_noprof+0xc/0x40 [ 1661.118984][T28599] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1661.118999][T28599] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1661.119014][T28599] __apply_to_page_range+0x617/0xd60 [ 1661.119039][T28599] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1661.119056][T28599] ? __pfx___apply_to_page_range+0x10/0x10 [ 1661.119079][T28599] ? alloc_vmap_area+0x872/0x2970 [ 1661.119103][T28599] alloc_vmap_area+0x919/0x2970 [ 1661.119131][T28599] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1661.119157][T28599] __get_vm_area_node+0x1ca/0x330 [ 1661.119181][T28599] __vmalloc_node_range_noprof+0x277/0x1540 [ 1661.119196][T28599] ? __do_sys_listmount+0x1c2/0xed0 [ 1661.119222][T28599] ? __do_sys_listmount+0x1c2/0xed0 [ 1661.119247][T28599] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1661.119277][T28599] __kvmalloc_node_noprof+0x2ff/0x600 [ 1661.119293][T28599] ? __do_sys_listmount+0x1c2/0xed0 [ 1661.119314][T28599] ? __do_sys_listmount+0x1c2/0xed0 [ 1661.119338][T28599] ? __do_sys_listmount+0x1c2/0xed0 [ 1661.119357][T28599] __do_sys_listmount+0x1c2/0xed0 [ 1661.119381][T28599] ? __x64_sys_futex+0x1e0/0x4c0 [ 1661.119396][T28599] ? __x64_sys_futex+0x1e9/0x4c0 [ 1661.119412][T28599] ? __pfx___do_sys_listmount+0x10/0x10 [ 1661.119433][T28599] ? xfd_validate_state+0x5d/0x180 [ 1661.119454][T28599] do_syscall_64+0xcd/0x230 [ 1661.119477][T28599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1661.119491][T28599] RIP: 0033:0x7f4d1a98e969 [ 1661.119503][T28599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1661.119517][T28599] RSP: 002b:00007f4d1b8a5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1661.119531][T28599] RAX: ffffffffffffffda RBX: 00007f4d1abb5fa0 RCX: 00007f4d1a98e969 [ 1661.119547][T28599] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1661.119556][T28599] RBP: 00007f4d1aa10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1661.119565][T28599] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1661.119574][T28599] R13: 0000000000000000 R14: 00007f4d1abb5fa0 R15: 00007ffe873bac38 [ 1661.119593][T28599] [ 1661.119645][T28599] syz.2.5220: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1662.797615][T28599] CPU: 1 UID: 0 PID: 28599 Comm: syz.2.5220 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1662.797641][T28599] Tainted: [U]=USER [ 1662.797646][T28599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1662.797655][T28599] Call Trace: [ 1662.797660][T28599] [ 1662.797666][T28599] dump_stack_lvl+0x16c/0x1f0 [ 1662.797692][T28599] warn_alloc+0x248/0x3a0 [ 1662.797710][T28599] ? __pfx_warn_alloc+0x10/0x10 [ 1662.797727][T28599] ? kfree+0x2b6/0x4d0 [ 1662.797744][T28599] ? __get_vm_area_node+0x208/0x330 [ 1662.797770][T28599] __vmalloc_node_range_noprof+0xd31/0x1540 [ 1662.797790][T28599] ? __do_sys_listmount+0x1c2/0xed0 [ 1662.797815][T28599] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1662.797845][T28599] __kvmalloc_node_noprof+0x2ff/0x600 [ 1662.797860][T28599] ? __do_sys_listmount+0x1c2/0xed0 [ 1662.797881][T28599] ? __do_sys_listmount+0x1c2/0xed0 [ 1662.797904][T28599] ? __do_sys_listmount+0x1c2/0xed0 [ 1662.797924][T28599] __do_sys_listmount+0x1c2/0xed0 [ 1662.797948][T28599] ? __x64_sys_futex+0x1e0/0x4c0 [ 1662.797964][T28599] ? __x64_sys_futex+0x1e9/0x4c0 [ 1662.797979][T28599] ? __pfx___do_sys_listmount+0x10/0x10 [ 1662.798000][T28599] ? xfd_validate_state+0x5d/0x180 [ 1662.798021][T28599] do_syscall_64+0xcd/0x230 [ 1662.798043][T28599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1662.798058][T28599] RIP: 0033:0x7f4d1a98e969 [ 1662.798070][T28599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1662.798084][T28599] RSP: 002b:00007f4d1b8a5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1662.798098][T28599] RAX: ffffffffffffffda RBX: 00007f4d1abb5fa0 RCX: 00007f4d1a98e969 [ 1662.798108][T28599] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 1662.798117][T28599] RBP: 00007f4d1aa10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1662.798125][T28599] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1662.798133][T28599] R13: 0000000000000000 R14: 00007f4d1abb5fa0 R15: 00007ffe873bac38 [ 1662.798151][T28599] [ 1662.798156][T28599] Mem-Info: [ 1663.786171][T28599] active_anon:8991 inactive_anon:15656 isolated_anon:5 [ 1663.786171][T28599] active_file:24393 inactive_file:38876 isolated_file:0 [ 1663.786171][T28599] unevictable:768 dirty:440 writeback:0 [ 1663.786171][T28599] slab_reclaimable:13474 slab_unreclaimable:109424 [ 1663.786171][T28599] mapped:33351 shmem:9779 pagetables:933 [ 1663.786171][T28599] sec_pagetables:0 bounce:0 [ 1663.786171][T28599] kernel_misc_reclaimable:0 [ 1663.786171][T28599] free:1028315 free_pcp:919 free_cma:0 [ 1664.028345][T28599] Node 0 active_anon:35972kB inactive_anon:72552kB active_file:97568kB inactive_file:155372kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:141720kB dirty:1860kB writeback:0kB shmem:43276kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10864kB pagetables:3924kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1664.195499][T28599] Node 1 active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:5028kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1664.399434][T28599] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1664.548824][T28599] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 1664.583261][T28599] Node 0 DMA32 free:1229812kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:37948kB inactive_anon:65220kB active_file:95836kB inactive_file:155300kB unevictable:1536kB writepending:1912kB present:3129332kB managed:2544152kB mlocked:0kB bounce:0kB free_pcp:1336kB local_pcp:1336kB free_cma:0kB [ 1664.738157][T28599] lowmem_reserve[]: 0 0 1 1 1 [ 1664.771183][T28599] Node 0 Normal free:28kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:1732kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:16kB free_cma:0kB [ 1664.899554][T28599] lowmem_reserve[]: 0 0 0 0 0 [ 1664.928107][T28599] Node 1 Normal free:2866864kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:132kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1664.981680][T28632] zero sized request [ 1665.095259][T28599] lowmem_reserve[]: 0 0 0 0 0 [ 1665.119254][T28599] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1665.179359][T28599] Node 0 DMA32: 43*4kB (UME) 3911*8kB (ME) 4803*16kB (UME) 4004*32kB (UME) 2691*64kB (UME) 1303*128kB (UME) 654*256kB (UME) 208*512kB (UME) 72*1024kB (UME) 21*2048kB (UE) 60*4096kB (UM) = 1211860kB [ 1665.285304][T28599] Node 0 Normal: 1*4kB (M) 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28kB [ 1665.352317][T28599] Node 1 Normal: 268*4kB (UME) 62*8kB (UME) 45*16kB (UME) 200*32kB (UME) 91*64kB (UME) 36*128kB (UME) 20*256kB (UME) 6*512kB (UM) 3*1024kB (UM) 1*2048kB (M) 692*4096kB (M) = 2866864kB [ 1665.454544][T28599] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1665.513689][T28599] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 1665.569739][T28599] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=1048576kB [ 1665.638314][T28599] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1665.696279][T28599] 79593 total pagecache pages [ 1665.721815][T28599] 49 pages in swap cache [ 1665.745041][T28599] Free swap = 124800kB [ 1665.775485][T28599] Total swap = 124996kB [ 1665.799673][T28599] 2097051 pages RAM [ 1665.823825][T28599] 0 pages HighMem/MovableOnly [ 1665.847410][T28599] 428907 pages reserved [ 1665.869191][T28599] 0 pages cma reserved [ 1668.958934][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.965247][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.114695][T28679] FAULT_INJECTION: forcing a failure. [ 1669.114695][T28679] name failslab, interval 1, probability 0, space 0, times 0 [ 1669.178548][T28679] CPU: 1 UID: 0 PID: 28679 Comm: syz.3.5238 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1669.178575][T28679] Tainted: [U]=USER [ 1669.178580][T28679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1669.178589][T28679] Call Trace: [ 1669.178594][T28679] [ 1669.178601][T28679] dump_stack_lvl+0x16c/0x1f0 [ 1669.178630][T28679] should_fail_ex+0x512/0x640 [ 1669.178654][T28679] should_failslab+0xc2/0x120 [ 1669.178673][T28679] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1669.178688][T28679] ? __sctp_v6_cmp_addr+0x206/0x530 [ 1669.178702][T28679] ? sctp_add_bind_addr+0xae/0x3f0 [ 1669.178725][T28679] sctp_add_bind_addr+0xae/0x3f0 [ 1669.178747][T28679] sctp_copy_local_addr_list+0x39d/0x5a0 [ 1669.178772][T28679] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 1669.178797][T28679] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 1669.178815][T28679] ? sctp_bind_addr_copy+0xe0/0x530 [ 1669.178834][T28679] sctp_bind_addr_copy+0xe0/0x530 [ 1669.178858][T28679] sctp_connect_new_asoc+0x1d7/0x790 [ 1669.178877][T28679] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 1669.178894][T28679] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 1669.178919][T28679] __sctp_connect+0x3f3/0xc60 [ 1669.178937][T28679] ? do_raw_spin_lock+0x12c/0x2b0 [ 1669.178960][T28679] ? __pfx___sctp_connect+0x10/0x10 [ 1669.178977][T28679] ? __pfx_sctp_inet_connect+0x10/0x10 [ 1669.178994][T28679] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1669.179015][T28679] ? __pfx_sctp_inet_connect+0x10/0x10 [ 1669.179030][T28679] sctp_inet_connect+0x15f/0x200 [ 1669.179046][T28679] __sys_connect_file+0x13e/0x1a0 [ 1669.179064][T28679] __sys_connect+0x14d/0x170 [ 1669.179077][T28679] ? __pfx___sys_connect+0x10/0x10 [ 1669.179098][T28679] ? __pfx_ksys_write+0x10/0x10 [ 1669.179112][T28679] ? rcu_is_watching+0x12/0xc0 [ 1669.179129][T28679] __x64_sys_connect+0x72/0xb0 [ 1669.179142][T28679] ? lockdep_hardirqs_on+0x7c/0x110 [ 1669.179162][T28679] do_syscall_64+0xcd/0x230 [ 1669.179185][T28679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1669.179199][T28679] RIP: 0033:0x7fc5fb78e969 [ 1669.179212][T28679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1669.179226][T28679] RSP: 002b:00007fc5fc648038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1669.179241][T28679] RAX: ffffffffffffffda RBX: 00007fc5fb9b5fa0 RCX: 00007fc5fb78e969 [ 1669.179251][T28679] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 1669.179260][T28679] RBP: 00007fc5fc648090 R08: 0000000000000000 R09: 0000000000000000 [ 1669.179269][T28679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1669.179277][T28679] R13: 0000000000000000 R14: 00007fc5fb9b5fa0 R15: 00007ffcd2323fd8 [ 1669.179295][T28679] [ 1669.914555][T28683] Invalid ELF header magic: != ELF [ 1674.194297][T26154] bridge_slave_1: left allmulticast mode [ 1674.224090][T26154] bridge_slave_1: left promiscuous mode [ 1674.263627][T26154] bridge0: port 2(bridge_slave_1) entered disabled state [ 1674.319433][T26154] bridge_slave_0: left allmulticast mode [ 1674.349734][T26154] bridge_slave_0: left promiscuous mode [ 1674.403584][T26154] bridge0: port 1(bridge_slave_0) entered disabled state [ 1675.014313][T28752] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1675.212562][T28757] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1676.333200][T26154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1676.359809][T26154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1676.399960][T26154] bond0 (unregistering): Released all slaves [ 1676.456104][T28764] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1676.462145][T28764] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1676.517622][T28764] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1676.523670][T28764] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1676.575595][T28764] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1676.644892][T28764] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1676.688443][T28764] CPU0 is offline. [ 1676.769456][T28774] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5263'. [ 1676.944009][T26154] hsr_slave_0: left promiscuous mode [ 1676.974672][T26154] hsr_slave_1: left promiscuous mode [ 1677.003832][T26154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1677.048878][T26154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1677.088499][T26154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1677.148781][T26154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1677.242474][T26154] veth1_macvtap: left promiscuous mode [ 1677.266696][T26154] veth0_macvtap: left promiscuous mode [ 1677.291437][T26154] veth1_vlan: left promiscuous mode [ 1677.314631][T26154] veth0_vlan: left promiscuous mode [ 1678.481405][T25620] Bluetooth: hci4: command 0x0c1a tx timeout [ 1678.488276][T19437] Bluetooth: hci3: command 0x0c1a tx timeout [ 1678.558222][T25620] Bluetooth: hci1: command 0x0c1a tx timeout [ 1678.565933][T19437] Bluetooth: hci0: command 0x0c1a tx timeout [ 1678.689408][T26154] team0 (unregistering): Port device team_slave_1 removed [ 1678.804714][T26154] team0 (unregistering): Port device team_slave_0 removed [ 1680.637737][T25620] Bluetooth: hci1: command 0x0c1a tx timeout [ 1682.105304][T28817] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1682.450714][T28822] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1682.715874][T25620] Bluetooth: hci1: command 0x0c1a tx timeout [ 1685.084926][T28857] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5281'. [ 1685.203256][T28862] FAULT_INJECTION: forcing a failure. [ 1685.203256][T28862] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1685.293596][T28862] CPU: 1 UID: 0 PID: 28862 Comm: syz.3.5282 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1685.293623][T28862] Tainted: [U]=USER [ 1685.293628][T28862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1685.293636][T28862] Call Trace: [ 1685.293642][T28862] [ 1685.293648][T28862] dump_stack_lvl+0x16c/0x1f0 [ 1685.293674][T28862] should_fail_ex+0x512/0x640 [ 1685.293699][T28862] get_futex_key+0xabc/0x1000 [ 1685.293716][T28862] ? __pfx_get_futex_key+0x10/0x10 [ 1685.293738][T28862] futex_wake+0xe7/0x4e0 [ 1685.293755][T28862] ? rcu_is_watching+0x12/0xc0 [ 1685.293770][T28862] ? __pfx_futex_wake+0x10/0x10 [ 1685.293799][T28862] do_futex+0x1e3/0x350 [ 1685.293819][T28862] ? __pfx_do_futex+0x10/0x10 [ 1685.293833][T28862] ? __might_fault+0xe3/0x190 [ 1685.293855][T28862] mm_release+0x24e/0x300 [ 1685.293872][T28862] do_exit+0x898/0x2c30 [ 1685.293890][T28862] ? __pfx_futex_wake_mark+0x10/0x10 [ 1685.293911][T28862] ? __pfx_do_exit+0x10/0x10 [ 1685.293930][T28862] ? do_raw_spin_lock+0x12c/0x2b0 [ 1685.293951][T28862] ? find_held_lock+0x2b/0x80 [ 1685.293967][T28862] do_group_exit+0xd3/0x2a0 [ 1685.293988][T28862] get_signal+0x2673/0x26d0 [ 1685.294006][T28862] ? kmem_cache_free+0x2d4/0x4d0 [ 1685.294021][T28862] ? fd_install+0x225/0x750 [ 1685.294033][T28862] ? do_sigaction+0x492/0x1140 [ 1685.294053][T28862] ? __pfx_get_signal+0x10/0x10 [ 1685.294068][T28862] ? do_futex+0x122/0x350 [ 1685.294084][T28862] ? __pfx_do_futex+0x10/0x10 [ 1685.294100][T28862] arch_do_signal_or_restart+0x8f/0x7a0 [ 1685.294121][T28862] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1685.294151][T28862] syscall_exit_to_user_mode+0x150/0x2a0 [ 1685.294173][T28862] do_syscall_64+0xda/0x230 [ 1685.294195][T28862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1685.294209][T28862] RIP: 0033:0x7fc5fb78e969 [ 1685.294222][T28862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1685.294236][T28862] RSP: 002b:00007fc5fc6480e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1685.294250][T28862] RAX: fffffffffffffe00 RBX: 00007fc5fb9b5fa8 RCX: 00007fc5fb78e969 [ 1685.294260][T28862] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc5fb9b5fa8 [ 1685.294269][T28862] RBP: 00007fc5fb9b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1685.294278][T28862] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc5fb9b5fac [ 1685.294286][T28862] R13: 0000000000000000 R14: 00007ffcd2323ef0 R15: 00007ffcd2323fd8 [ 1685.294304][T28862] [ 1685.542578][ C1] vkms_vblank_simulate: vblank timer overrun [ 1685.915291][T28868] FAULT_INJECTION: forcing a failure. [ 1685.915291][T28868] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1685.965084][T28868] CPU: 1 UID: 60928 PID: 28868 Comm: syz.2.5285 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1685.965114][T28868] Tainted: [U]=USER [ 1685.965120][T28868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1685.965129][T28868] Call Trace: [ 1685.965135][T28868] [ 1685.965141][T28868] dump_stack_lvl+0x16c/0x1f0 [ 1685.965167][T28868] should_fail_ex+0x512/0x640 [ 1685.965192][T28868] copy_fpstate_to_sigframe+0x878/0xb10 [ 1685.965219][T28868] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 1685.965245][T28868] ? collect_signal+0x263/0x540 [ 1685.965270][T28868] get_sigframe+0x4a8/0x9c0 [ 1685.965295][T28868] ? __pfx_get_sigframe+0x10/0x10 [ 1685.965315][T28868] ? _raw_spin_unlock_irq+0x23/0x50 [ 1685.965333][T28868] ? siginfo_layout+0x1d2/0x290 [ 1685.965351][T28868] x64_setup_rt_frame+0x12e/0xcf0 [ 1685.965372][T28868] ? kill_pid_info_type+0xea/0x2a0 [ 1685.965391][T28868] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 1685.965410][T28868] ? kill_pid_info_type+0x102/0x2a0 [ 1685.965431][T28868] arch_do_signal_or_restart+0x5b6/0x7a0 [ 1685.965450][T28868] ? __task_pid_nr_ns+0x186/0x500 [ 1685.965470][T28868] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1685.965500][T28868] syscall_exit_to_user_mode+0x150/0x2a0 [ 1685.965529][T28868] do_syscall_64+0xda/0x230 [ 1685.965552][T28868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1685.965567][T28868] RIP: 0033:0x7f4d1a98e969 [ 1685.965580][T28868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1685.965596][T28868] RSP: 002b:00007f4d1b8a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000003e [ 1685.965615][T28868] RAX: 0000000000000000 RBX: 00007f4d1abb5fa0 RCX: 00007f4d1a98e969 [ 1685.965625][T28868] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00000000000001e4 [ 1685.965633][T28868] RBP: 00007f4d1aa10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1685.965642][T28868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1685.965650][T28868] R13: 0000000000000000 R14: 00007f4d1abb5fa0 R15: 00007ffe873bac38 [ 1685.965669][T28868] [ 1686.173391][ C1] vkms_vblank_simulate: vblank timer overrun [ 1686.539200][T28864] could not allocate digest TFM handle [ 1686.574721][T28864] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5284'. [ 1687.171484][T28886] misc userio: No port type given on /dev/userio [ 1687.250623][T28886] program syz.2.5289 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1687.671176][T28895] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1687.871028][T28901] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1688.670014][T28914] qrtr: Invalid version 24 [ 1689.140548][ T30] audit: type=1804 audit(4117.630:98): pid=28928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.5297" name="/newroot/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/trigger" dev="tracefs" ino=19680823 res=1 errno=0 [ 1690.600798][T28945] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1690.833774][T28946] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1690.916906][T28943] sp0: Synchronizing with TNC [ 1691.551420][T28936] kexec: Could not allocate control_code_buffer [ 1691.658631][T28962] sock: sock_timestamping_bind_phc: sock not bind to device [ 1692.000671][T28967] FAULT_INJECTION: forcing a failure. [ 1692.000671][T28967] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1692.000700][T28967] CPU: 1 UID: 0 PID: 28967 Comm: syz.0.5306 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1692.000721][T28967] Tainted: [U]=USER [ 1692.000726][T28967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1692.000735][T28967] Call Trace: [ 1692.000740][T28967] [ 1692.000746][T28967] dump_stack_lvl+0x16c/0x1f0 [ 1692.000770][T28967] should_fail_ex+0x512/0x640 [ 1692.000794][T28967] _copy_from_user+0x2e/0xd0 [ 1692.000817][T28967] copy_msghdr_from_user+0x98/0x160 [ 1692.000835][T28967] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1692.000854][T28967] ? kfree+0x252/0x4d0 [ 1692.000866][T28967] ? __pfx__kstrtoull+0x10/0x10 [ 1692.000886][T28967] ___sys_sendmsg+0xfe/0x1d0 [ 1692.000903][T28967] ? __pfx____sys_sendmsg+0x10/0x10 [ 1692.000936][T28967] ? __pfx___might_resched+0x10/0x10 [ 1692.000956][T28967] __sys_sendmmsg+0x200/0x420 [ 1692.000975][T28967] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1692.000997][T28967] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1692.001026][T28967] ? fput+0x70/0xf0 [ 1692.001050][T28967] ? ksys_write+0x1b9/0x240 [ 1692.001064][T28967] ? __pfx_ksys_write+0x10/0x10 [ 1692.001076][T28967] ? rcu_is_watching+0x12/0xc0 [ 1692.001093][T28967] __x64_sys_sendmmsg+0x9c/0x100 [ 1692.001109][T28967] ? lockdep_hardirqs_on+0x7c/0x110 [ 1692.001129][T28967] do_syscall_64+0xcd/0x230 [ 1692.001151][T28967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1692.001166][T28967] RIP: 0033:0x7f9d9a38e969 [ 1692.001177][T28967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1692.001191][T28967] RSP: 002b:00007f9d9b261038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1692.001205][T28967] RAX: ffffffffffffffda RBX: 00007f9d9a5b5fa0 RCX: 00007f9d9a38e969 [ 1692.001214][T28967] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 1692.001222][T28967] RBP: 00007f9d9b261090 R08: 0000000000000000 R09: 0000000000000000 [ 1692.001231][T28967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1692.001239][T28967] R13: 0000000000000000 R14: 00007f9d9a5b5fa0 R15: 00007ffe69d46f78 [ 1692.001257][T28967] [ 1692.021223][ T30] audit: type=1800 audit(4294971416.508:99): pid=28967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.5306" name="dbroot" dev="configfs" ino=115666 res=0 errno=0 [ 1693.672023][T16345] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 891 with max blocks 36 with error 117 [ 1693.672120][T16345] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1693.672120][T16345] [ 1695.070503][T28994] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1695.297872][T28993] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1695.800812][T29012] FAULT_INJECTION: forcing a failure. [ 1695.800812][T29012] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1695.862824][T29012] CPU: 1 UID: 0 PID: 29012 Comm: syz.2.5318 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1695.862851][T29012] Tainted: [U]=USER [ 1695.862857][T29012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1695.862865][T29012] Call Trace: [ 1695.862870][T29012] [ 1695.862876][T29012] dump_stack_lvl+0x16c/0x1f0 [ 1695.862902][T29012] should_fail_ex+0x512/0x640 [ 1695.862926][T29012] _copy_from_user+0x2e/0xd0 [ 1695.862950][T29012] copy_msghdr_from_user+0x98/0x160 [ 1695.862968][T29012] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1695.862993][T29012] ___sys_sendmsg+0xfe/0x1d0 [ 1695.863010][T29012] ? __pfx____sys_sendmsg+0x10/0x10 [ 1695.863048][T29012] __sys_sendmsg+0x16d/0x220 [ 1695.863066][T29012] ? __pfx___sys_sendmsg+0x10/0x10 [ 1695.863087][T29012] ? rcu_is_watching+0x12/0xc0 [ 1695.863107][T29012] do_syscall_64+0xcd/0x230 [ 1695.863129][T29012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1695.863144][T29012] RIP: 0033:0x7f4d1a98e969 [ 1695.863156][T29012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1695.863170][T29012] RSP: 002b:00007f4d1b8a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1695.863184][T29012] RAX: ffffffffffffffda RBX: 00007f4d1abb5fa0 RCX: 00007f4d1a98e969 [ 1695.863194][T29012] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 1695.863203][T29012] RBP: 00007f4d1b8a5090 R08: 0000000000000000 R09: 0000000000000000 [ 1695.863212][T29012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1695.863220][T29012] R13: 0000000000000000 R14: 00007f4d1abb5fa0 R15: 00007ffe873bac38 [ 1695.863238][T29012] [ 1696.033492][ C1] vkms_vblank_simulate: vblank timer overrun [ 1697.066309][T29034] vivid-003: ================= START STATUS ================= [ 1697.128037][T29034] vivid-003: Radio HW Seek Mode: Bounded [ 1697.178229][T29034] vivid-003: Radio Programmable HW Seek: false [ 1697.214098][T29034] vivid-003: RDS Rx I/O Mode: Block I/O [ 1697.259164][T29034] vivid-003: Generate RBDS Instead of RDS: false [ 1697.284615][T29034] vivid-003: RDS Reception: true [ 1697.319123][T29034] vivid-003: RDS Program Type: 0 inactive [ 1697.350222][T29034] vivid-003: RDS PS Name: inactive [ 1697.391250][T29034] vivid-003: RDS Radio Text: inactive [ 1697.411891][T29034] vivid-003: RDS Traffic Announcement: false inactive [ 1697.462437][T29034] vivid-003: RDS Traffic Program: false inactive [ 1697.489074][T29034] vivid-003: RDS Music: false inactive [ 1697.531550][T29034] vivid-003: ================== END STATUS ================== [ 1698.338740][ T5900] Process accounting resumed [ 1698.730518][T29065] ptp ptp0: delete virtual clock ptp1 [ 1698.823801][T29065] [ 1698.826163][T29065] ============================================ [ 1698.832293][T29065] WARNING: possible recursive locking detected [ 1698.838424][T29065] 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 Tainted: G U [ 1698.847073][T29065] -------------------------------------------- [ 1698.853201][T29065] syz.2.5333/29065 is trying to acquire lock: [ 1698.859247][T29065] ffff88807c4ba868 (&ptp->n_vclocks_mux){+.+.}-{4:4}, at: ptp_clock_unregister+0x21/0x250 [ 1698.869152][T29065] [ 1698.869152][T29065] but task is already holding lock: [ 1698.876495][T29065] ffff888030d06868 (&ptp->n_vclocks_mux){+.+.}-{4:4}, at: n_vclocks_store+0xf1/0x6d0 [ 1698.885963][T29065] [ 1698.885963][T29065] other info that might help us debug this: [ 1698.894004][T29065] Possible unsafe locking scenario: [ 1698.894004][T29065] [ 1698.901435][T29065] CPU0 [ 1698.904695][T29065] ---- [ 1698.907953][T29065] lock(&ptp->n_vclocks_mux); [ 1698.912700][T29065] lock(&ptp->n_vclocks_mux); [ 1698.917446][T29065] [ 1698.917446][T29065] *** DEADLOCK *** [ 1698.917446][T29065] [ 1698.925572][T29065] May be due to missing lock nesting notation [ 1698.925572][T29065] [ 1698.933870][T29065] 5 locks held by syz.2.5333/29065: [ 1698.939048][T29065] #0: ffff888033dc6ef8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 1698.948089][T29065] #1: ffff888032f52420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x240 [ 1698.957045][T29065] #2: ffff88807c771088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 1698.966782][T29065] #3: ffff88814c6c9e18 (kn->active#121){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 1698.976867][T29065] #4: ffff888030d06868 (&ptp->n_vclocks_mux){+.+.}-{4:4}, at: n_vclocks_store+0xf1/0x6d0 [ 1698.986772][T29065] [ 1698.986772][T29065] stack backtrace: [ 1698.992645][T29065] CPU: 1 UID: 0 PID: 29065 Comm: syz.2.5333 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 1698.992669][T29065] Tainted: [U]=USER [ 1698.992674][T29065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1698.992684][T29065] Call Trace: [ 1698.992691][T29065] [ 1698.992698][T29065] dump_stack_lvl+0x116/0x1f0 [ 1698.992721][T29065] print_deadlock_bug+0x1e9/0x240 [ 1698.992742][T29065] __lock_acquire+0xff7/0x1ba0 [ 1698.992762][T29065] lock_acquire+0x179/0x350 [ 1698.992781][T29065] ? ptp_clock_unregister+0x21/0x250 [ 1698.992797][T29065] ? __pfx___might_resched+0x10/0x10 [ 1698.992813][T29065] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1698.992836][T29065] __mutex_lock+0x199/0xb90 [ 1698.992855][T29065] ? ptp_clock_unregister+0x21/0x250 [ 1698.992870][T29065] ? ptp_clock_unregister+0x21/0x250 [ 1698.992885][T29065] ? __pfx___mutex_lock+0x10/0x10 [ 1698.992904][T29065] ? synchronize_rcu_expedited+0x3b9/0x460 [ 1698.992927][T29065] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 1698.992947][T29065] ? ptp_clock_unregister+0x21/0x250 [ 1698.992961][T29065] ptp_clock_unregister+0x21/0x250 [ 1698.992975][T29065] ptp_vclock_unregister+0x11a/0x160 [ 1698.992994][T29065] unregister_vclock+0x108/0x1a0 [ 1698.993010][T29065] ? __pfx_unregister_vclock+0x10/0x10 [ 1698.993026][T29065] device_for_each_child_reverse+0x136/0x1a0 [ 1698.993051][T29065] ? __pfx_device_for_each_child_reverse+0x10/0x10 [ 1698.993073][T29065] ? __pfx_kstrtouint+0x10/0x10 [ 1698.993092][T29065] n_vclocks_store+0x4b6/0x6d0 [ 1698.993109][T29065] ? __pfx_n_vclocks_store+0x10/0x10 [ 1698.993125][T29065] ? find_held_lock+0x2b/0x80 [ 1698.993139][T29065] ? __pfx_n_vclocks_store+0x10/0x10 [ 1698.993155][T29065] dev_attr_store+0x58/0x80 [ 1698.993172][T29065] ? __pfx_dev_attr_store+0x10/0x10 [ 1698.993189][T29065] sysfs_kf_write+0xef/0x150 [ 1698.993209][T29065] kernfs_fop_write_iter+0x354/0x510 [ 1698.993226][T29065] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1698.993246][T29065] vfs_write+0x5bd/0x1180 [ 1698.993260][T29065] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1698.993278][T29065] ? __pfx___mutex_lock+0x10/0x10 [ 1698.993297][T29065] ? __pfx_vfs_write+0x10/0x10 [ 1698.993315][T29065] ksys_write+0x12a/0x240 [ 1698.993328][T29065] ? __pfx_ksys_write+0x10/0x10 [ 1698.993340][T29065] ? rcu_is_watching+0x12/0xc0 [ 1698.993355][T29065] do_syscall_64+0xcd/0x230 [ 1698.993376][T29065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1698.993391][T29065] RIP: 0033:0x7f4d1a98e969 [ 1698.993404][T29065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1698.993418][T29065] RSP: 002b:00007f4d1b8a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1698.993431][T29065] RAX: ffffffffffffffda RBX: 00007f4d1abb5fa0 RCX: 00007f4d1a98e969 [ 1698.993441][T29065] RDX: 0000000000000004 RSI: 0000200000000100 RDI: 0000000000000002 [ 1698.993450][T29065] RBP: 00007f4d1aa10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1698.993458][T29065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1698.993466][T29065] R13: 0000000000000000 R14: 00007f4d1abb5fa0 R15: 00007ffe873bac38 [ 1698.993479][T29065] [ 1699.299937][ C1] vkms_vblank_simulate: vblank timer overrun [ 1699.307858][T29070] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1699.929247][T29062] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1700.280738][T29065] ptp ptp0: only physical clock in use now [ 1700.714428][T29062] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1700.735660][T29062] EXT4-fs error (device sda1): ext4_discard_preallocations:5601: comm syz.1.5332: Error -117 reading block bitmap for 2 [ 1700.778111][T29065] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1700.832685][T29062] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1700.849981][T29046] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1700.861207][T29041] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1700.890969][T29065] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1700.976731][T29046] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1701.013811][T29041] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1701.103128][T29041] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem