last executing test programs: 4.599273406s ago: executing program 2 (id=2673): sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYRES64=0xffffffffffffffff, @ANYRES16=0x0, @ANYRESHEX=0x0], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x800b) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYRES64=r0, @ANYRES16=0x0, @ANYRESHEX], 0x24}, 0x1, 0x0, 0x0, 0xc005}, 0x84) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x24004804}, 0x40000) r1 = socket(0x29, 0x2, 0x6b) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44814}, 0x4c0c4) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)="ace4b30b7d6c27ceaf6360d0f2bbef5322e86e8d55fe921430b2fc93c4069386379d606e0a762159f56132f799b3292cef357bb2482336f16ee697813fd6c6d955c3b243ca60fcdd0f79a5f41922775978c271dd35c4cbc60506a83bdf388546164e28b926d0d80de9d90c80ec446a725f8e4f4f852aeba429dd97fd4f2efac5d37a78e609a2e02b467627cbbc746ad1106b759594548d8abccf109830fed3a3b380552d8996a783ac89e7693cd4ee8425d025087f9fb07a9cf4a83545619b471418068b0bce3f1b445d3a2eff3c00d3ee3db5efe7e3a57a50c5de", 0xfbe}, 0x2, &(0x7f00000001c0), 0x7, 0xa507}, 0x800}, 0x7, 0xc) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast1}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video49\x00', 0x8a603, 0x0) r2 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/loop12/hctx0/tags\x00', 0x8080, 0x0) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000020000008000) pread64$auto(r2, 0x0, 0x800, 0x4) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) prctl$auto(0x53564d41, 0x5, 0x0, 0xfffffffffffffeb4, 0x100000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0xbd4, 0xffffefffffff0001, 0x92ca) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x402942, 0x0) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r3, 0xc1105511, &(0x7f0000000080)={{@raw=0x6, 0x5, 0xfffff7bb, 0x2f, "984e784f697ebcc30053822c357eb55df43e9e037b650dfc7a3df9aa20e32749384f515111de5da4403cab68", @raw=0x7}, 0x200000, 0x1, 0x4, @raw=0x3, @integer64={0x9, 0xec, 0x340}, "b210e8ae72f3052d09004297cc39fbd4fe51f972eb62ed41cec2ea5c1e45264907d818e9711e2b57cd159b796ab9e6c81a2f47680e3d2a7f677dccfd260d82fe"}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r4, 0x0, 0x1f40) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x11, 0x80003, 0x300) socket(0x2c, 0x4, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0) 4.023271453s ago: executing program 2 (id=2678): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyu3\x00', 0x1, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, &(0x7f0000000080)="f5c94556d7b994ee4c7d6b000087cfce41d8b86d8574badcc9a0191d856056") mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0xfffffffffffffffe, 0x580f, 0x112f4a03, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) getresgid$auto(0x0, &(0x7f0000000a40), 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0002, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sequencer\x00', 0x40, 0x0) r4 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x581500, 0x0) ioctl$auto_TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000140)={0x40, &(0x7f0000000100)={0xfff8, 0xc0, 0x8, @raw=0x5b}}) setsockopt$auto(r3, 0x1, 0x10, &(0x7f0000000280)='\x00\x15\x8d\xca`\xbcgY\xd2w\xf6\xaedN\x00\x00\x00\x00\x04\x00\x00\x00*\xaaL\'\xab>q\x9e\xdd`\x84_\r\xc2\x17\xb1\xaf\xd2\f\xfd[Iy\xbb*$\xec\xca\x8b\xde\xdcV@\x04+\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xc3\xa2\x1a\xf1\xdf\x12\b?Q\xec*\b`\'\xfe\xcb\xe9\xc0\xf4\x119\xf6f\v\xf7\x13\xe6\xd8\xa2\xd3\xfd\xa7', 0xba) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/midi2\x00', 0x280, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_DRAIN(r5, 0x40045731, &(0x7f0000000200)=0x5) mmap$auto(0x0, 0x5, 0x4000000000df, 0x40eb1, 0x401, 0x9) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r6 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r6, 0x0, 0xb4d3) write$auto(r0, 0x0, 0x7ff) prctl$auto_PR_SET_SHADOW_STACK_STATUS(0x4b, 0x100000001, 0x0, 0xc, 0xd) r7 = getuid() r8 = gettid() sendmsg$auto_NL802154_CMD_ASSOCIATE(r2, &(0x7f00000008c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000a80)={0x364, 0x0, 0x100, 0x70bd27, 0x25dfdbff, {}, [@NL802154_ATTR_PAGE={0x5, 0x7, 0x5}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x310, 0x2b, 0x0, 0x1, [@nested={0x1c, 0x81, 0x0, 0x1, [@nested={0x4, 0x3c}, @nested={0x4, 0x5f}, @typed={0x8, 0x93, 0x0, 0x0, @pid}, @typed={0x8, 0x128, 0x0, 0x0, @pid}]}, @typed={0x8, 0xff, 0x0, 0x0, @fd=r1}, @typed={0x14, 0xad, 0x0, 0x0, @ipv6=@mcast1}, @nested={0x2a5, 0xda, 0x0, 0x1, [@nested={0x4, 0xc5}, @generic="f8e442d59a4895665fe4f163ab4e64d805ea6977b14b7a1dab2e6202c6b4b59c233472f0a1eff4c33048374ef5cc612525cc6ef0ba4703ec59e2eab1cb0420bfd01bb77481a6b1e55ce6901e1deb2699805aa729471553668e704cc09fff40f20ed4928fc2a23e30d0d29a317ae7c1189dbf061c86097bf49b273a03a8b7bc6e27931f37e9be6f90493b", @generic="77930220fe3a2bfade8a09a5f9fe3a0e5a947fdef14ffdb590d46b626108f316cec98dc786dd1f7ffa667f6e43ac41615ea3143789ffb054d3", @typed={0xc, 0x134, 0x0, 0x0, @u64=0x6}, @generic="32703c1dc82db2cbb3cd042a2936b5634f3f19531d060186182810b5b3fd04bada02b3ce5cda1eff11b11e289be00c899c2e31fff2980314dff89831c0a2ae8be43323f8ccd30023661acf6b610d69847c848193a9b270b259bb2463b3409ae5c930dab6248e726d6f8315b089de2a9ab1710d8d08c16187d24720b07294adf35091e13d25ff8c55ec32c021736ee1cb88d0e38212f4b95938210630b469cb6e55d2f6cfd7080cbdff0e12e172a928b6d2a4df8a3a9d8f1a82c51c06be78aed3e053cf89b528309c07b89d425596be1fa68aca8d2e7a3d74769cf23a9dbd088c1e3d80f5817a0af8fffcbcbfb11250442aec31db3107", @typed={0x8, 0xfc, 0x0, 0x0, @fd=r3}, @nested={0x4, 0x10}, @typed={0x11, 0xfd, 0x0, 0x0, @str='/dev/net/tun\x00'}, @generic="d8226a7ad37823d510731cc7a42f2a355f25109c0a4fc9bac0c75aa76fbcb46188d544a6cd4e99c8c3eb0b0366834c13733adf97ad7ddbc782696bfaad668eb8e1dc9a5b34f899dccdd0e606cea272f8bacb070262ba7ec63f3794ea5efe1701a6a45d6d90b616d1789e56fbdf46152beaf6cc9d7e3b3e1e9d44cd4e85991e36282c49d910fbf3e5b203bc4b9e58f4fdd57aadb95615cdcb8c12689da8ff490ab9478f046ccdeb1a5e3ef2fe3ff6233682d8c64ecef1a9e4"]}, @nested={0x2c, 0x14, 0x0, 0x1, [@nested={0x4, 0x143}, @nested={0x4, 0xac}, @typed={0x5, 0x7d, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0xce, 0x0, 0x0, @uid=r7}, @typed={0x8, 0x78, 0x0, 0x0, @pid=r8}, @nested={0x4, 0xdc}, @nested={0x4, 0xe9}]}]}, @NL802154_ATTR_SUPPORTED_CHANNEL={0x8, 0x16, 0xc}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x18, 0x2b, 0x0, 0x1, [@typed={0x14, 0x101, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}]}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0x400}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x200}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x2}]}, 0x364}, 0x1, 0x0, 0x0, 0xc0}, 0x800) write$auto(0x3, 0x0, 0x70) write$auto_hwsim_fops_group_(0xffffffffffffffff, &(0x7f00000001c0)="45dfa1fbb23c7e199abfc5f8bc7f47c7", 0x10) 3.852928684s ago: executing program 3 (id=2679): r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioprio_get$auto(0x2, 0xee00) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r1 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x22, &(0x7f0000000000), 0x1) ioctl$auto_EXT4_IOC_SETVERSION(r1, 0x40086604, &(0x7f0000000040)=0x8) capget$auto(0x0, 0xfffffffffffffffe) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x5601, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0x2, 0x2, 0x0, 0x50b301a, 0x2c, 0x2c, 0x4}) 3.36626604s ago: executing program 3 (id=2682): mmap$auto(0x81, 0x4000000000400008, 0xdf, 0x2000000000009b71, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x2000000007, 0x4000000000000, 0x9) r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r0, &(0x7f00000000c0)=""/4096, 0x1000) r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x200, 0x8c, 0x525425b579531c2b}, 0x18) mount_setattr$auto(r1, &(0x7f00000010c0)='./file0\x00', 0x0, &(0x7f0000001100)={0x6, 0x4, 0x2, @raw=0x80000001}, 0x100080000000) fcntl$auto_F_SETFD(r0, 0x2, 0xffffffffffffffff) seccomp$auto(0x2, 0x10, &(0x7f0000000040)="c868ac3c7d6e1e08bbc96ff1dc2f99") madvise$auto(0xffffffffffffffff, 0x8000000000000005, 0x10115) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) memfd_create$auto(0x0, 0x9) timer_create$auto(0x3, 0x0, 0x0) unshare$auto(0x1) timer_settime$auto(0x0, 0xd80, &(0x7f0000000040)={{0x40000000000026b, 0x1}, {0x0, 0x83}}, 0x0) mbind$auto(0x2800000000000000, 0x3, 0x8000000000000001, &(0x7f0000001140)=0x7, 0xa, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x220080, 0x0) lseek$auto(0x3, 0x20000, 0x1) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/pcm0p/oss\x00', 0x480, 0x0) close_range$auto(r2, r2, 0x800) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) dup2$auto(r3, r3) syz_clone3(&(0x7f0000000340)={0x240000, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x5}, &(0x7f0000000240)=""/35, 0x23, &(0x7f0000000280)=""/87, &(0x7f0000000300)=[0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0], 0x8, {r3}}, 0x58) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x3, 0x3e) socket(0x2, 0x1, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, 0x0, 0x101002, 0x0) seccomp$auto(0x4, 0x8, 0x0) write$auto_ucma_fops_ucma(0xffffffffffffffff, 0x0, 0x0) 2.912735967s ago: executing program 1 (id=2684): socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x20499d, 0x9) statmount$auto(0x0, 0x0, 0xa, 0xd) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffff7effffd01, &(0x7f00000001c0)) timerfd_create$auto(0x7, 0x0) openat$auto_trace_fops_debugfs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto_MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, &(0x7f00000000c0)={&(0x7f0000000000)={0x5, 0x9, 0x58, 0x4, 0x6, 0x1000, 0x4, 0x0, 0x9, 0x6a, 0x7, 0x8, 0xfffffffe, @setup="8d166a4254df2a8c", 0x7fff, 0x5eb6, 0xda, 0x8}, 0x0, 0x800}) ioctl$auto(0x3, 0x80045438, 0x10000000000402) mlockall$auto(0x7) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram14\x00', 0x20201, 0x0) ioctl$auto(0x3, 0x127c, 0x38) 2.739861936s ago: executing program 0 (id=2685): mmap$auto(0x0, 0x2020007, 0xffffffffffffffff, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xe3, 0xbb72, 0x2, 0x8000) socket(0x15, 0x2, 0x3) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040)="11ce06d2b8", 0x40000100000001}, 0x6, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r1, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(r0, 0x89f2, r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000008000) socket(0x21, 0x1, 0x47f) sysfs$auto(0x2, 0x10000000000048, 0x0) r2 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0x4020aeb2, r2) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x2, &(0x7f00000000c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0x91) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) name_to_handle_at$auto(0x1010, &(0x7f00000001c0)='/\x00', &(0x7f0000000000)={0xc, 0x75c0237c, "6d962c000400003344980946"}, 0x0, 0x200) r4 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/pcmC1D0c\x00', 0x2, 0x0) mmap$auto_snd_pcm_f_ops_pcm1(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0x13, r4, 0x0) ioctl$auto_VHOST_SET_LOG_FD2(0xffffffffffffffff, 0x4004af07, &(0x7f0000000000)=r4) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) 2.64849851s ago: executing program 2 (id=2686): sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYRES64=0xffffffffffffffff, @ANYRES16=0x0, @ANYRESHEX=0x0], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x800b) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYRES64=r0, @ANYRES16=0x0, @ANYRESHEX], 0x24}, 0x1, 0x0, 0x0, 0xc005}, 0x84) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x24004804}, 0x40000) r1 = socket(0x29, 0x2, 0x6b) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44814}, 0x4c0c4) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)="ace4b30b7d6c27ceaf6360d0f2bbef5322e86e8d55fe921430b2fc93c4069386379d606e0a762159f56132f799b3292cef357bb2482336f16ee697813fd6c6d955c3b243ca60fcdd0f79a5f41922775978c271dd35c4cbc60506a83bdf388546164e28b926d0d80de9d90c80ec446a725f8e4f4f852aeba429dd97fd4f2efac5d37a78e609a2e02b467627cbbc746ad1106b759594548d8abccf109830fed3a3b380552d8996a783ac89e7693cd4ee8425d025087f9fb07a9cf4a83545619b471418068b0bce3f1b445d3a2eff3c00d3ee3db5efe7e3a57a50c5de", 0xfbe}, 0x2, &(0x7f00000001c0), 0x7, 0xa507}, 0x800}, 0x7, 0xc) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast1}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video49\x00', 0x8a603, 0x0) r2 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/loop12/hctx0/tags\x00', 0x8080, 0x0) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000020000008000) pread64$auto(r2, 0x0, 0x800, 0x4) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) prctl$auto(0x53564d41, 0x5, 0x0, 0xfffffffffffffeb4, 0x100000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0xbd4, 0xffffefffffff0001, 0x92ca) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x402942, 0x0) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r3, 0xc1105511, &(0x7f0000000080)={{@raw=0x6, 0x5, 0xfffff7bb, 0x2f, "984e784f697ebcc30053822c357eb55df43e9e037b650dfc7a3df9aa20e32749384f515111de5da4403cab68", @raw=0x7}, 0x200000, 0x1, 0x4, @raw=0x3, @integer64={0x9, 0xec, 0x340}, "b210e8ae72f3052d09004297cc39fbd4fe51f972eb62ed41cec2ea5c1e45264907d818e9711e2b57cd159b796ab9e6c81a2f47680e3d2a7f677dccfd260d82fe"}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r4, 0x0, 0x1f40) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x11, 0x80003, 0x300) socket(0x2c, 0x4, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0) 2.637946198s ago: executing program 1 (id=2687): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r0 = socket(0x2b, 0x1, 0x0) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) timer_create$auto(0x9, 0x0, 0x0) (async) timer_delete$auto(0x1) write$auto(0x3, 0x0, 0xfffffdef) (async) close_range$auto(0x2, 0x8, 0x0) memfd_secret$auto(0x0) (async) sendmsg$auto_NFC_CMD_LLC_GET_PARAMS(r0, &(0x7f0000000340)={&(0x7f00000000c0), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010028bd7000d1383dd7625493490015000008000008001e000200000008000d0006000000"], 0x34}, 0x1, 0x0, 0x0, 0x40004}, 0x20000000) (async) socket(0xa, 0x1, 0x84) (async) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) semctl$auto(0x7, 0x2, 0x13, 0x1) (async) lsm_list_modules$auto(0x0, 0x0, 0x0) (async) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a2, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) recvmmsg$auto(0x3, 0x0, 0x8, 0x0, 0x0) (async) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) (async) sendmsg$auto_NL80211_CMD_DISASSOCIATE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x54}, 0x1) (async) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) (async) r1 = socket(0x2, 0x1, 0x0) (async) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x8000, 0x0, 0xfffffffffffffffd) (async) execve$auto(0x0, 0x0, 0x0) (async) write$auto(0x3, 0x0, 0x100082) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) (async) syz_clone3(&(0x7f0000000200)={0x122000080, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff3b}, 0x58) (async) kill$auto(0x0, 0x21) (async) signalfd4$auto(r1, &(0x7f0000000000)={0x5}, 0x1, 0x7) 2.519268995s ago: executing program 3 (id=2688): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000040), r0) sendmsg$auto_OVS_FLOW_CMD_GET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r1, 0x20, 0x70bd25, 0x25dfdbfc, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_CLEAR={0x4}, @OVS_FLOW_ATTR_CLEAR={0x4}, @OVS_FLOW_ATTR_CLEAR={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x80) r2 = socket(0x10, 0x2, 0x15) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x6044814}, 0x81) close_range$auto(r2, r2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1300"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r3 = socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendto$auto(0x3, 0x0, 0xf, 0xe, &(0x7f0000000100)=@in={0x2, 0x4e20, @broadcast}, 0x1d) r4 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000300), r3) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'pim6reg0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), r6) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) sendmsg$auto_OVS_VPORT_CMD_DEL(r0, &(0x7f0000000500)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000380)={0x118, r4, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@OVS_VPORT_ATTR_OPTIONS={0xeb, 0x4, 0x0, 0x1, [@nested={0x35, 0xea, 0x0, 0x1, [@typed={0xc, 0x12, 0x0, 0x0, @u64=0x4}, @generic="31d9cdeb66d5b3ae65484c077d", @typed={0x14, 0x43, 0x0, 0x0, @ipv6=@mcast2}, @nested={0x4, 0xe1}]}, @generic="aaa257b8c49ace936a861aa00558e2d91fd55077e82a1c9f3e53521cf23d82ee10fd9a60423053d2a72aa2", @nested={0x84, 0x54, 0x0, 0x1, [@generic="33fbf874537bc700511ed840147e539b027a0685e2a635ec82cfa2c33072f8d5525b3b40effda67a5d9a3aedc561426cf75b5a518c0f1c9bc749a2d2bc516287e77cbbb20b4d3708aeaf0ef8a7019ae518a3f7d3726bf9cd667749b102727c664ecbb333f1933b8a", @typed={0xc, 0x32, 0x0, 0x0, @u64=0xfffffffffffffffa}, @typed={0x8, 0x38, 0x0, 0x0, @fd}, @nested={0x4, 0xfa}]}]}, @OVS_VPORT_ATTR_IFINDEX={0x8, 0x8, r5}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x3}, @OVS_VPORT_ATTR_IFINDEX={0x8, 0x8, r7}]}, 0x118}, 0x1, 0x0, 0x0, 0x20000804}, 0x42001) close_range$auto(0x2, 0x8, 0x0) 2.227199467s ago: executing program 3 (id=2689): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/devices/pci0000:00/0000:00:01.3/broken_parity_status\x00', 0x141183, 0x0) write$auto(r0, &(0x7f0000000700)='*f\x00', 0x81) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x2, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram12\x00', 0x400, 0x0) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x3, &(0x7f0000000140)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) ioperm$auto(0x3, 0x5, 0x67a) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={"acf221c76f16d5c26c90a142b4ac275120bf9bef6b91a8abe88bf9dac02cda56", 0x5a, 0x9, 0x2, 0x0, 0x7, r2}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) readv$auto(r1, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x3, 0x400008, 0xdf, 0x9b7e, 0x2, 0x8000) socket(0x2, 0x801, 0x100) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000001640), r3) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000500), r3) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'macvtap0\x00', 0x0}) r7 = fcntl$auto_F_ADD_SEALS(r1, 0x409, r2) ioctl$auto_XFS_IOC_FSGROWFSLOG(r7, 0x4008586f, &(0x7f0000000640)={0x8, 0x8}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000580)={'ip6gre0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r7, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000001180)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="100026bd7000fedbdf250a000000940202807e47e6d4b56b991bbdc10940470888fc360bc6aa7d29ee6238c324c2247e19b2f67e6a67f67a63867b34ebe08fcc4ecab179bda0de71680c4f4427ba8851397ee309957b554ac23b3d11b1140eefd36a9a5bfe85c2a578d3232d35381dfe33bbbd386b0200f633ccc65e2be440000000000000000000000016023a80040040800400408004000380bd5835e2e5ea482b2a532f3f3c402b47a50e4ab8f55c13b467e0d138ebdf48bd65d1d6aad0992066aa0e06e633acc4af88bd453242c95578823676de3503f007d013de02ebc36ad002a45ca349ff0bd61afec40156832c2e7d0ef6027b5c132d0fef15a814998047e03d4ce105a78dd8e511809dc7527f7347fe09fa0dc1a8a735db54e9e57009dff8043ccc17935aa97f61184461e81c2373d6f73fdb8908d505f613ced4e785c9c8675d818a2a9becc50efdfa70a6eea65e7a6ca9ec350593f12e27628a36edf3790324828c6332ff45c73df3ed20132edff7f51bc9251876df6520f13bd61d7e58ec9f67e8b2e2797c9755b633034156d9644c1f0c0effd8fdff7ba8d421fc4867d44126f335de9cfc9e10ba5c380219d92e14a74e5a120a239ee006d4532398de3f9490e45b9cce4ee2d595788c51ff553b6a55f53ee972ff766d039297cac162eb0c17154516e75957f505a08c61a497c970b81bd72470336c878032c1ce82329efb0c23487753d55233e6361489e52b3c8d75a4a5cf2e87dffb5d2f689b25d05730a70f8962330b9ac8916edc0e98bd86c8f4669fc76052c524681cb76a7996aec6d7fc0a1a9da8fd78392e1a18705b096b0df4d1b0dc3f0a632084acf1f4be014afcf4d1dfb4b4585a707e870907981ee0d5938bbd9f99d0cebe685d281869403167b63e63c59b19299ecde14f9beb615c862dd00c7ec57c93ea1660000014010280fb00388004005780b700058096b37495b58f277d1169a79718f89b9a10eb583928c6e55e85b48554fee88fd6cc77f82345045042ded573424acdf9f9894ae6a8d098bfa91c70383450ed2c677f6e75635c96a08ee197478d64518019ac9bec28480c4d845b3eca744b2ed8ea790ce698e155c69fe775c47d68bd7ddfb447344e4f27cee6079caea138c868f4f4be7ab60588447cac85f65434d9d08c6b9b3cecb1c8845117cb0347d5b38f3d7a1fd75df591e2e776da0f8d7393ca20f1996500020c3a8ae5373f3cfb0b161a15b3e6cc818c738c5ad33d95cf537b162c246df3fd522ac64f9aae0f5ffc4d05d9f80d26ded962a221722db9eb8805000800f900010000000c00990004000000000000004c0001801400020074756e6c3000000000000000000000001400020067656e6576653000000000000000000008000100", @ANYRES32=r6, @ANYBLOB="080003000d74000008000100", @ANYRES32=r8, @ANYBLOB="080003008d000000"], 0x408}, 0x1, 0x0, 0x0, 0x40}, 0x8000) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r3, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000000680)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7000fedbdf250d0200400c00060009000da7c5fd43e630ed6f37440000000000000800010009000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r9 = socket(0xa, 0x6, 0x0) setsockopt$auto(0x4, 0x4, 0x5, &(0x7f00000002c0)='\x05\x00\x06J\xd4~&\xe3a\xe9\x14\x01\xdc\x85\r\x00\x00\x00\x00\x00\xee\xcc8\xe2\x7fi\x01\xaf\x06E\xff\xff\xff\xff\xff\xff\xff\xff\tL\xb9\x8dv\xf2\x93\x7f\xe18\b\x00\x00\x00\x00\x00\x00\x00\xbd\x94\x06\xc3\xac\xc0\xd9\xa1J2_\xe3\xae\x00\x00\x00\x00a\x93d$\x05\x8a\a\x00R\b\x0e\xfd\x06\xca`\xf6\xfc\x91 g\xa5m\x1a9H\x14\x14\x97\xc1\xc5\x94\x91 \x968C\xc1v!w\x0f\xcc\xf5\xb5!F$\xa4\x9e\xf7\x98~\x98\x88\x06\x14@N\xddM*\xfd\x85R\xb6koe\xe8\xfaF\xf0\\\x9c\x85\xc7+\x81\xa4+\x9f-\x00\xedS\xeb\x1c2\xffy\xaa\x14n#\x1f\xde\x02\xd4\x87I\xb5V(\x00\xa9E\x14\xe3\xf8*\xfd\xcc\x0e\xe4\xbc\xa0\nv\xd9n\xf3\xf9\xed\xc5\x95\fT\xe4\xd6\xfa\x99I\x81\xb4\xb2\xff\xa2\xb3BL\xc1\x9c\x80U\x88\xdb\xcap\xcf\v\x00\x00\x00\x00\x00\x9f\xcf\xa4?\x86\x8d\x10\\\xc7\xb6\x93\t\x98\x8f\xb9B\xdb\x11\xae\xef/\xd5f7ok\x84\xcbddf\xe3\x9c\x1b\x13\xf3\xbdv\x83\xa3\x95o@\xe6\xb8B\x06k\x83\xd4\xad\'\x8b\xa9\xb2\xd38\xe3\xb6\xfb\xa0x\x06\xc7B4\x9e12\\\xd6\xecD\x8bV7D\x8a\x97\xa5\x17\xf6HC\xe0\x03\x00\x00\x00\"S\xc9\x01&\xb0S+\xa0\xf4\xb07o\x12{Q\xe5\xeb\x9b\x9d\xc2\xee0\xa7Y\x12\x1d\xcd\xfb', 0xd) listen$auto(r9, 0x26da) 2.122444809s ago: executing program 2 (id=2690): r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) 2.054157471s ago: executing program 0 (id=2691): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/devices/pci0000:00/0000:00:01.3/broken_parity_status\x00', 0x141183, 0x0) write$auto(r0, &(0x7f0000000700)='*f\x00', 0x81) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x2, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram12\x00', 0x400, 0x0) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x3, &(0x7f0000000140)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) ioperm$auto(0x3, 0x5, 0x67a) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={"acf221c76f16d5c26c90a142b4ac275120bf9bef6b91a8abe88bf9dac02cda56", 0x5a, 0x9, 0x2, 0x0, 0x7, r2}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) readv$auto(r1, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x3, 0x400008, 0xdf, 0x9b7e, 0x2, 0x8000) socket(0x2, 0x801, 0x100) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000001640), r3) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000500), r3) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'macvtap0\x00', 0x0}) r7 = fcntl$auto_F_ADD_SEALS(r1, 0x409, r2) ioctl$auto_XFS_IOC_FSGROWFSLOG(r7, 0x4008586f, &(0x7f0000000640)={0x8, 0x8}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000580)={'ip6gre0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r7, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000001180)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="100026bd7000fedbdf250a000000940202807e47e6d4b56b991bbdc10940470888fc360bc6aa7d29ee6238c324c2247e19b2f67e6a67f67a63867b34ebe08fcc4ecab179bda0de71680c4f4427ba8851397ee309957b554ac23b3d11b1140eefd36a9a5bfe85c2a578d3232d35381dfe33bbbd386b0200f633ccc65e2be440000000000000000000000016023a80040040800400408004000380bd5835e2e5ea482b2a532f3f3c402b47a50e4ab8f55c13b467e0d138ebdf48bd65d1d6aad0992066aa0e06e633acc4af88bd453242c95578823676de3503f007d013de02ebc36ad002a45ca349ff0bd61afec40156832c2e7d0ef6027b5c132d0fef15a814998047e03d4ce105a78dd8e511809dc7527f7347fe09fa0dc1a8a735db54e9e57009dff8043ccc17935aa97f61184461e81c2373d6f73fdb8908d505f613ced4e785c9c8675d818a2a9becc50efdfa70a6eea65e7a6ca9ec350593f12e27628a36edf3790324828c6332ff45c73df3ed20132edff7f51bc9251876df6520f13bd61d7e58ec9f67e8b2e2797c9755b633034156d9644c1f0c0effd8fdff7ba8d421fc4867d44126f335de9cfc9e10ba5c380219d92e14a74e5a120a239ee006d4532398de3f9490e45b9cce4ee2d595788c51ff553b6a55f53ee972ff766d039297cac162eb0c17154516e75957f505a08c61a497c970b81bd72470336c878032c1ce82329efb0c23487753d55233e6361489e52b3c8d75a4a5cf2e87dffb5d2f689b25d05730a70f8962330b9ac8916edc0e98bd86c8f4669fc76052c524681cb76a7996aec6d7fc0a1a9da8fd78392e1a18705b096b0df4d1b0dc3f0a632084acf1f4be014afcf4d1dfb4b4585a707e870907981ee0d5938bbd9f99d0cebe685d281869403167b63e63c59b19299ecde14f9beb615c862dd00c7ec57c93ea1660000014010280fb00388004005780b700058096b37495b58f277d1169a79718f89b9a10eb583928c6e55e85b48554fee88fd6cc77f82345045042ded573424acdf9f9894ae6a8d098bfa91c70383450ed2c677f6e75635c96a08ee197478d64518019ac9bec28480c4d845b3eca744b2ed8ea790ce698e155c69fe775c47d68bd7ddfb447344e4f27cee6079caea138c868f4f4be7ab60588447cac85f65434d9d08c6b9b3cecb1c8845117cb0347d5b38f3d7a1fd75df591e2e776da0f8d7393ca20f1996500020c3a8ae5373f3cfb0b161a15b3e6cc818c738c5ad33d95cf537b162c246df3fd522ac64f9aae0f5ffc4d05d9f80d26ded962a221722db9eb8805000800f900010000000c00990004000000000000004c0001801400020074756e6c3000000000000000000000001400020067656e6576653000000000000000000008000100", @ANYRES32=r6, @ANYBLOB="080003000d74000008000100", @ANYRES32=r8, @ANYBLOB="080003008d000000"], 0x408}, 0x1, 0x0, 0x0, 0x40}, 0x8000) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r3, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000000680)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7000fedbdf250d0200400c00060009000da7c5fd43e630ed6f37440000000000000800010009000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r9 = socket(0xa, 0x6, 0x0) setsockopt$auto(0x4, 0x4, 0x5, &(0x7f00000002c0)='\x05\x00\x06J\xd4~&\xe3a\xe9\x14\x01\xdc\x85\r\x00\x00\x00\x00\x00\xee\xcc8\xe2\x7fi\x01\xaf\x06E\xff\xff\xff\xff\xff\xff\xff\xff\tL\xb9\x8dv\xf2\x93\x7f\xe18\b\x00\x00\x00\x00\x00\x00\x00\xbd\x94\x06\xc3\xac\xc0\xd9\xa1J2_\xe3\xae\x00\x00\x00\x00a\x93d$\x05\x8a\a\x00R\b\x0e\xfd\x06\xca`\xf6\xfc\x91 g\xa5m\x1a9H\x14\x14\x97\xc1\xc5\x94\x91 \x968C\xc1v!w\x0f\xcc\xf5\xb5!F$\xa4\x9e\xf7\x98~\x98\x88\x06\x14@N\xddM*\xfd\x85R\xb6koe\xe8\xfaF\xf0\\\x9c\x85\xc7+\x81\xa4+\x9f-\x00\xedS\xeb\x1c2\xffy\xaa\x14n#\x1f\xde\x02\xd4\x87I\xb5V(\x00\xa9E\x14\xe3\xf8*\xfd\xcc\x0e\xe4\xbc\xa0\nv\xd9n\xf3\xf9\xed\xc5\x95\fT\xe4\xd6\xfa\x99I\x81\xb4\xb2\xff\xa2\xb3BL\xc1\x9c\x80U\x88\xdb\xcap\xcf\v\x00\x00\x00\x00\x00\x9f\xcf\xa4?\x86\x8d\x10\\\xc7\xb6\x93\t\x98\x8f\xb9B\xdb\x11\xae\xef/\xd5f7ok\x84\xcbddf\xe3\x9c\x1b\x13\xf3\xbdv\x83\xa3\x95o@\xe6\xb8B\x06k\x83\xd4\xad\'\x8b\xa9\xb2\xd38\xe3\xb6\xfb\xa0x\x06\xc7B4\x9e12\\\xd6\xecD\x8bV7D\x8a\x97\xa5\x17\xf6HC\xe0\x03\x00\x00\x00\"S\xc9\x01&\xb0S+\xa0\xf4\xb07o\x12{Q\xe5\xeb\x9b\x9d\xc2\xee0\xa7Y\x12\x1d\xcd\xfb', 0xd) listen$auto(r9, 0x26da) 1.897336462s ago: executing program 2 (id=2692): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) socket(0x2, 0x1, 0x84) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/19, 0x13) socket(0x21, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x2000000000000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, 0x0, 0x54) sendto$auto(0x3, 0x0, 0x18, 0x101, 0x0, 0x1c) sched_get_priority_min$auto(0x40) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory0/state\x00', 0x1e1842, 0x0) mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa) execve$auto(&(0x7f0000000040)=':,\x00', &(0x7f00000000c0)=&(0x7f0000000080)='\x17+[-+\x98%(,\x00', &(0x7f0000000200)=&(0x7f00000001c0)=':,\x00') openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) 1.678269603s ago: executing program 1 (id=2693): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x80, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r0, 0x5404, 0x0) ioctl$auto_SNDCTL_SEQ_PANIC(r0, 0x5111, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ptyd0\x00', 0x111001, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7fffffffffffffff, 0x4) setsockopt$auto_SO_MARK(r3, 0xd, 0x24, &(0x7f0000000100)=']}&##/\'.\x00', 0x6) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/udp_early_demux\x00', 0x28802, 0x0) read$auto(0x3, 0x0, 0x80) r4 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim3/ports/3/pp_hold\x00', 0xc0b02, 0x0) write$auto(r4, 0x0, 0xc70) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=r3, 0x4007, @old_prog_fd=0x13b}, 0xa3) ioctl$auto_TIOCSTI2(r2, 0x5412, &(0x7f0000000080)) setresuid$auto(0x8, 0x8, 0x0) setfsuid$auto(0x0) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x20009, 0x6, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0x7, 0x0, 0x4) r5 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000003880), 0x20000, 0x0) ioctl$auto_BTRFS_IOC_FORGET_DEV(r5, 0x50009405, 0x0) ioctl$auto_FBIOPAN_DISPLAY(0xffffffffffffffff, 0x4606, &(0x7f0000000440)="9b58b4fccbcd800000100000000000000025000000d1627cc84d61f3d07771b09e2c91eb271fd2f826dcc129e3a136d030996f8769497d9621bcd869c6f014922a060000000000000028a0784539e00ad178298ec54bf55f716653ee64518c92a24409be055f93546773a695c31a9a53ef754e8ca43619e9a71b76f8e8aeb15a4019883dbfd1") ioctl$auto_TIOCSTI2(r2, 0x5412, &(0x7f0000000100)='W') 1.675064744s ago: executing program 3 (id=2694): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x80, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r0, 0x5404, 0x0) ioctl$auto_SNDCTL_SEQ_PANIC(r0, 0x5111, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ptyd0\x00', 0x111001, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7fffffffffffffff, 0x4) setsockopt$auto_SO_MARK(r3, 0xd, 0x24, &(0x7f0000000100)=']}&##/\'.\x00', 0x6) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/udp_early_demux\x00', 0x28802, 0x0) read$auto(0x3, 0x0, 0x80) r4 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim3/ports/3/pp_hold\x00', 0xc0b02, 0x0) write$auto(r4, 0x0, 0xc70) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=r3, 0x4007, @old_prog_fd=0x13b}, 0xa3) ioctl$auto_TIOCSTI2(r2, 0x5412, &(0x7f0000000080)) setresuid$auto(0x8, 0x8, 0x0) setfsuid$auto(0x0) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x20009, 0x6, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0x7, 0x0, 0x4) r5 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000003880), 0x20000, 0x0) ioctl$auto_BTRFS_IOC_FORGET_DEV(r5, 0x50009405, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x2, 0x0) ioctl$auto_TIOCSTI2(r2, 0x5412, &(0x7f0000000100)='W') 1.449669783s ago: executing program 0 (id=2695): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000) (async) socketpair$auto(0x1e, 0x5, 0x200000, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) r0 = open(0x0, 0x22240, 0x55) (async) r1 = socket(0x2, 0x3, 0xa) (async) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x206a1, 0x6) socket(0x26, 0x80805, 0x0) (async) socket(0x28, 0x1, 0x0) socket(0x1, 0x1, 0x1) (async) open(&(0x7f0000000380)='./file0\x00', 0x22042, 0x4d) (async) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) (async) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x60}, 0x3) r2 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) fallocate$auto(r2, 0x0, 0x11, 0x22) (async) mmap$auto(0x0, 0xc, 0xbc5, 0x13, 0x3, 0x8000) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0xbb, 0x0, 0x8, &(0x7f0000000040), 0x81, 0x9}, 0xfffffffb}, 0x5, 0x6586, 0x0) (async) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(r0, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0}, 0x4000080) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) (async) socket(0x10, 0x2, 0x0) (async) statmount$auto(0x0, &(0x7f0000000040)={0x0, 0x0, 0x38, 0xffffff01, 0x9, 0x9, 0x80000009, 0x7, 0x8, 0x5, 0x5, 0x9, 0x2, 0x8, 0x5, 0xc, 0xffffffffffffffff, 0x9, 0x1, 0x5, 0x40010, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x800, 0x0) (async) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRES16=r1, @ANYRES16=0x0, @ANYBLOB="00022abd7000dddbdf25020001000800030000000000080015"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x47, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x4000000) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000300)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x1}, 0x40000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0xffc, 0x8000009}, 0x3}, 0x33c6246f, 0x0) 1.056449481s ago: executing program 0 (id=2696): socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x20499d, 0x9) statmount$auto(0x0, 0x0, 0xa, 0xd) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffff7effffd01, &(0x7f00000001c0)) timerfd_create$auto(0x7, 0x0) openat$auto_trace_fops_debugfs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto_MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, &(0x7f00000000c0)={&(0x7f0000000000)={0x5, 0x9, 0x58, 0x4, 0x6, 0x1000, 0x4, 0x0, 0x9, 0x6a, 0x7, 0x8, 0xfffffffe, @setup="8d166a4254df2a8c", 0x7fff, 0x5eb6, 0xda, 0x8}, 0x0, 0x800}) mmap$auto(0x0, 0x200004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) mlockall$auto(0x7) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram14\x00', 0x20201, 0x0) ioctl$auto(0x3, 0x127c, 0x38) 796.878433ms ago: executing program 1 (id=2697): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000040), r0) sendmsg$auto_OVS_FLOW_CMD_GET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r1, 0x20, 0x70bd25, 0x25dfdbfc, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_CLEAR={0x4}, @OVS_FLOW_ATTR_CLEAR={0x4}, @OVS_FLOW_ATTR_CLEAR={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x80) r2 = socket(0x10, 0x2, 0x15) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x6044814}, 0x81) close_range$auto(r2, r2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1300"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r3 = socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendto$auto(0x3, 0x0, 0xf, 0xe, &(0x7f0000000100)=@in={0x2, 0x4e20, @broadcast}, 0x1d) r4 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000300), r3) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'pim6reg0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), r6) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) sendmsg$auto_OVS_VPORT_CMD_DEL(r0, &(0x7f0000000500)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000380)={0x118, r4, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@OVS_VPORT_ATTR_OPTIONS={0xeb, 0x4, 0x0, 0x1, [@nested={0x35, 0xea, 0x0, 0x1, [@typed={0xc, 0x12, 0x0, 0x0, @u64=0x4}, @generic="31d9cdeb66d5b3ae65484c077d", @typed={0x14, 0x43, 0x0, 0x0, @ipv6=@mcast2}, @nested={0x4, 0xe1}]}, @generic="aaa257b8c49ace936a861aa00558e2d91fd55077e82a1c9f3e53521cf23d82ee10fd9a60423053d2a72aa2", @nested={0x84, 0x54, 0x0, 0x1, [@generic="33fbf874537bc700511ed840147e539b027a0685e2a635ec82cfa2c33072f8d5525b3b40effda67a5d9a3aedc561426cf75b5a518c0f1c9bc749a2d2bc516287e77cbbb20b4d3708aeaf0ef8a7019ae518a3f7d3726bf9cd667749b102727c664ecbb333f1933b8a", @typed={0xc, 0x32, 0x0, 0x0, @u64=0xfffffffffffffffa}, @typed={0x8, 0x38, 0x0, 0x0, @fd}, @nested={0x4, 0xfa}]}]}, @OVS_VPORT_ATTR_IFINDEX={0x8, 0x8, r5}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x3}, @OVS_VPORT_ATTR_IFINDEX={0x8, 0x8, r7}]}, 0x118}, 0x1, 0x0, 0x0, 0x20000804}, 0x42001) close_range$auto(0x2, 0x8, 0x0) 686.083457ms ago: executing program 2 (id=2698): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/lockdep_stats\x00', 0x181100, 0x0) r0 = socket(0x2b, 0x1, 0x1) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000580)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x20000000000004, 0x80000001}, 0x4}, 0x3, 0x8, 0x0) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000000), r0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) read$auto(0x3, 0x0, 0x7d) r1 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x3b64, 0x0) mmap$auto(0x8000, 0x6, 0x40000000080000df, 0xfffffffffffffffa, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, 0x0) 547.813417ms ago: executing program 1 (id=2699): sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYRES64=0xffffffffffffffff, @ANYRES16=0x0, @ANYRESHEX=0x0], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x800b) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYRES64=r0, @ANYRES16=0x0, @ANYRESHEX], 0x24}, 0x1, 0x0, 0x0, 0xc005}, 0x84) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x24004804}, 0x40000) r1 = socket(0x29, 0x2, 0x6b) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x4c0c4) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)="ace4b30b7d6c27ceaf6360d0f2bbef5322e86e8d55fe921430b2fc93c4069386379d606e0a762159f56132f799b3292cef357bb2482336f16ee697813fd6c6d955c3b243ca60fcdd0f79a5f41922775978c271dd35c4cbc60506a83bdf388546164e28b926d0d80de9d90c80ec446a725f8e4f4f852aeba429dd97fd4f2efac5d37a78e609a2e02b467627cbbc746ad1106b759594548d8abccf109830fed3a3b380552d8996a783ac89e7693cd4ee8425d025087f9fb07a9cf4a83545619b471418068b0bce3f1b445d3a2eff3c00d3ee3db5efe7e3a57a50c5de", 0xfbe}, 0x2, &(0x7f00000001c0), 0x7, 0xa507}, 0x800}, 0x7, 0xc) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast1}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video49\x00', 0x8a603, 0x0) r2 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/loop12/hctx0/tags\x00', 0x8080, 0x0) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000020000008000) pread64$auto(r2, 0x0, 0x800, 0x4) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) prctl$auto(0x53564d41, 0x5, 0x0, 0xfffffffffffffeb4, 0x100000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0xbd4, 0xffffefffffff0001, 0x92ca) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x402942, 0x0) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r3, 0xc1105511, &(0x7f0000000080)={{@raw=0x6, 0x5, 0xfffff7bb, 0x2f, "984e784f697ebcc30053822c357eb55df43e9e037b650dfc7a3df9aa20e32749384f515111de5da4403cab68", @raw=0x7}, 0x200000, 0x1, 0x4, @raw=0x3, @integer64={0x9, 0xec, 0x340}, "b210e8ae72f3052d09004297cc39fbd4fe51f972eb62ed41cec2ea5c1e45264907d818e9711e2b57cd159b796ab9e6c81a2f47680e3d2a7f677dccfd260d82fe"}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r4, 0x0, 0x1f40) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x11, 0x80003, 0x300) socket(0x2c, 0x4, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0) 527.913954ms ago: executing program 3 (id=2700): sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="3ae90f7c", @ANYRES16=0x0, @ANYBLOB="01002bbd7000ffdbdf2502"], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x4001090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) read$auto_snapshot_fops_user(0xffffffffffffffff, &(0x7f0000000040)=""/2, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) eventfd$auto(0x3) socketpair$auto(0x9, 0x2, 0xb, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x40002, 0x0) mmap$auto(0x0, 0x8, 0xffb, 0x8000000008011, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/23, 0x17) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) socket(0x2, 0x80002, 0x73) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x200, 0x0) read$auto(r2, 0x0, 0x20) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x1, 0x9, 0x0, 0x9) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 449.187102ms ago: executing program 0 (id=2701): r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) 119.863328ms ago: executing program 0 (id=2702): r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/set_event\x00', 0x40, 0x0) pread64$auto(r0, &(0x7f0000000000)='\xae\xa9\x16\xee\xb5\x84\xde\xff\x9f_\a\xa9\x89N\x86\xbc\xb1\xfe\xf6&\v\xe9\xac\',Yd[\xac\x94C\x93\xe8\'-\x92N\xc6\xeaKZA\xde\x98j\x10\xe0f\xc7\x81\xa1\xf3L\xec\'c\xe4\xe8\xe5\xfdU\xa39\x11a\xb7\xf7\xef\xf3^w\xbeP\xfbynT|l;\xf2\xc7u\xcd\x17', 0xf, 0x5af) (fail_nth: 2) 0s ago: executing program 1 (id=2703): ioctl$auto_BTRFS_IOC_SEND_32(0xffffffffffffffff, 0x40449426, &(0x7f0000000100)={@inferred, 0x8001, 0x101, 0x6, 0x16a438ee, 0x2, "f32aa28ef5e22be5d28c5aaa9d90a0a0507846271d1c0c7ae21217e4"}) r0 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x8a581, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000001240), 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) semctl$auto(0x80000201, 0xfffffffb, 0x8003, 0x0) ioctl$auto(0xc8, 0x400454d4, 0xe) socket(0xc, 0x80009, 0x4) quotactl_fd$auto(0xffffffffffffffff, 0x4, 0x0, 0x0) adjtimex$auto(&(0x7f0000000440)={0xf332a6e, 0x0, 0x0, 0x1, 0xd4, 0x401, 0x6, 0x0, 0x800000000005, 0x10, 0x20002, {0x40100000000, 0x10000}, 0xe8, 0x6, 0x0, 0x1008400, 0x0, 0x80000008, 0x10001, 0xffffffffffff628c, 0x1, 0xdeb1, 0x804}) socket(0x11, 0xa, 0x4001) writev$auto(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x9}, 0xff) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) ioperm$auto(0x7, 0x6, 0x2) shutdown$auto(0x200000003, 0x2) getsid$auto(0x0) mmap$auto(0x0, 0x20009, 0xe, 0xeb1, 0x403, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x100, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x5, 0x0) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/zram-control/hot_add\x00', 0x20800, 0x0) bind$auto(r4, &(0x7f0000000040)=@l2={0x1f, 0x800, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x4}, 0x7) kernel console output (not intermixed with test programs): 36773][T10476] ? __pfx_dev_set_name+0x10/0x10 [ 399.436827][T10476] add_disk_fwnode+0x35f/0x1320 [ 399.436882][T10476] zram_add+0x486/0x6b0 [ 399.436934][T10476] ? __pfx_zram_add+0x10/0x10 [ 399.437011][T10476] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 399.437064][T10476] ? rcu_is_watching+0x12/0xc0 [ 399.437113][T10476] ? __pfx_hot_add_show+0x10/0x10 [ 399.437165][T10476] hot_add_show+0x21/0x80 [ 399.437216][T10476] class_attr_show+0x6f/0xa0 [ 399.437265][T10476] ? __pfx_class_attr_show+0x10/0x10 [ 399.437312][T10476] sysfs_kf_seq_show+0x23e/0x410 [ 399.437360][T10476] seq_read_iter+0x4f4/0x12b0 [ 399.437433][T10476] kernfs_fop_read_iter+0x414/0x580 [ 399.437470][T10476] ? rw_verify_area+0xcf/0x680 [ 399.437518][T10476] vfs_read+0x886/0xbf0 [ 399.437573][T10476] ? __pfx_vfs_read+0x10/0x10 [ 399.437649][T10476] ksys_read+0x12b/0x250 [ 399.437695][T10476] ? __pfx_ksys_read+0x10/0x10 [ 399.437755][T10476] do_syscall_64+0xcd/0x250 [ 399.437809][T10476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.437856][T10476] RIP: 0033:0x7f847498d169 [ 399.437883][T10476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 399.437915][T10476] RSP: 002b:00007f8475766038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 399.437946][T10476] RAX: ffffffffffffffda RBX: 00007f8474ba5fa0 RCX: 00007f847498d169 [ 399.437967][T10476] RDX: 000000000000103f RSI: 0000200000000ec0 RDI: 0000000000000006 [ 399.437988][T10476] RBP: 00007f8474a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 399.438009][T10476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 399.438028][T10476] R13: 0000000000000000 R14: 00007f8474ba5fa0 R15: 00007fff66c6d248 [ 399.438074][T10476] [ 399.701907][ C0] vkms_vblank_simulate: vblank timer overrun [ 400.647308][T10488] zswap: compressor not available [ 401.202318][T10488] Invalid ELF header magic: != ELF [ 401.204623][T10499] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 401.298787][T10499] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 402.105130][T10521] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1131'. [ 404.299266][T10543] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 404.327755][T10543] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 406.527400][T10594] netlink: 544 bytes leftover after parsing attributes in process `syz.2.1149'. [ 407.000548][T10598] netlink: 544 bytes leftover after parsing attributes in process `syz.1.1150'. [ 407.440652][T10609] FAULT_INJECTION: forcing a failure. [ 407.440652][T10609] name failslab, interval 1, probability 0, space 0, times 0 [ 407.505085][T10609] CPU: 0 UID: 0 PID: 10609 Comm: syz.0.1153 Tainted: G U 6.14.0-syzkaller #0 [ 407.505132][T10609] Tainted: [U]=USER [ 407.505143][T10609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 407.505187][T10609] Call Trace: [ 407.505197][T10609] [ 407.505208][T10609] dump_stack_lvl+0x16c/0x1f0 [ 407.505262][T10609] should_fail_ex+0x50a/0x650 [ 407.505293][T10609] ? fs_reclaim_acquire+0xae/0x150 [ 407.505336][T10609] ? sk_prot_alloc+0x1a8/0x2a0 [ 407.505370][T10609] should_failslab+0xc2/0x120 [ 407.505402][T10609] __kmalloc_noprof+0xcb/0x510 [ 407.505464][T10609] ? __pfx___mutex_lock+0x10/0x10 [ 407.505519][T10609] sk_prot_alloc+0x1a8/0x2a0 [ 407.505569][T10609] sk_alloc+0x36/0xc20 [ 407.505618][T10609] tun_chr_open+0x80/0x5e0 [ 407.505669][T10609] ? __pfx_tun_chr_open+0x10/0x10 [ 407.505718][T10609] misc_open+0x35a/0x420 [ 407.505751][T10609] ? __pfx_misc_open+0x10/0x10 [ 407.505783][T10609] chrdev_open+0x237/0x6a0 [ 407.505831][T10609] ? __pfx_apparmor_file_open+0x10/0x10 [ 407.505873][T10609] ? __pfx_chrdev_open+0x10/0x10 [ 407.505925][T10609] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 407.505978][T10609] do_dentry_open+0x735/0x1c40 [ 407.506023][T10609] ? __pfx_chrdev_open+0x10/0x10 [ 407.506074][T10609] ? inode_permission+0xdd/0x5f0 [ 407.506113][T10609] vfs_open+0x82/0x3f0 [ 407.506142][T10609] ? may_open+0x1f2/0x400 [ 407.506180][T10609] path_openat+0x1e88/0x2d80 [ 407.506241][T10609] ? __pfx_path_openat+0x10/0x10 [ 407.506289][T10609] ? __pfx___lock_acquire+0x10/0x10 [ 407.506332][T10609] ? lock_acquire.part.0+0x11b/0x380 [ 407.506377][T10609] ? find_held_lock+0x2d/0x110 [ 407.506417][T10609] do_filp_open+0x20c/0x470 [ 407.506464][T10609] ? __pfx_do_filp_open+0x10/0x10 [ 407.506509][T10609] ? find_held_lock+0x2d/0x110 [ 407.506576][T10609] ? alloc_fd+0x41f/0x760 [ 407.506636][T10609] do_sys_openat2+0x17a/0x1e0 [ 407.506669][T10609] ? __pfx_do_sys_openat2+0x10/0x10 [ 407.506707][T10609] ? __fget_files+0x206/0x3a0 [ 407.506762][T10609] __x64_sys_openat+0x175/0x210 [ 407.506798][T10609] ? __pfx___x64_sys_openat+0x10/0x10 [ 407.506833][T10609] ? ksys_write+0x1ba/0x250 [ 407.506893][T10609] do_syscall_64+0xcd/0x250 [ 407.506944][T10609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.506990][T10609] RIP: 0033:0x7f847498d169 [ 407.507016][T10609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.507047][T10609] RSP: 002b:00007f8475766038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 407.507077][T10609] RAX: ffffffffffffffda RBX: 00007f8474ba5fa0 RCX: 00007f847498d169 [ 407.507109][T10609] RDX: 0000000000002002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 407.507129][T10609] RBP: 00007f8475766090 R08: 0000000000000000 R09: 0000000000000000 [ 407.507147][T10609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 407.507165][T10609] R13: 0000000000000001 R14: 00007f8474ba5fa0 R15: 00007fff66c6d248 [ 407.507203][T10609] [ 407.801567][ C0] vkms_vblank_simulate: vblank timer overrun [ 410.023950][T10627] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 410.069221][T10627] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 410.282811][T10652] FAULT_INJECTION: forcing a failure. [ 410.282811][T10652] name failslab, interval 1, probability 0, space 0, times 0 [ 410.317852][T10652] CPU: 1 UID: 0 PID: 10652 Comm: syz.3.1163 Tainted: G U 6.14.0-syzkaller #0 [ 410.317904][T10652] Tainted: [U]=USER [ 410.317919][T10652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 410.317939][T10652] Call Trace: [ 410.317949][T10652] [ 410.317963][T10652] dump_stack_lvl+0x16c/0x1f0 [ 410.318020][T10652] should_fail_ex+0x50a/0x650 [ 410.318052][T10652] ? fs_reclaim_acquire+0xae/0x150 [ 410.318098][T10652] ? percpu_ref_init+0xd9/0x400 [ 410.318157][T10652] should_failslab+0xc2/0x120 [ 410.318200][T10652] __kmalloc_cache_noprof+0x68/0x410 [ 410.318256][T10652] ? __pfx_blkg_release+0x10/0x10 [ 410.318314][T10652] percpu_ref_init+0xd9/0x400 [ 410.318360][T10652] ? kasan_save_track+0x14/0x30 [ 410.318414][T10652] blkg_alloc+0xea/0xaf0 [ 410.318478][T10652] blkcg_init_disk+0x51/0x160 [ 410.318516][T10652] __alloc_disk_node+0x295/0x610 [ 410.318568][T10652] __blk_alloc_disk+0xd8/0x170 [ 410.318708][T10652] ? __pfx___blk_alloc_disk+0x10/0x10 [ 410.318783][T10652] ? __pfx_idr_alloc+0x10/0x10 [ 410.318834][T10652] ? __raw_spin_lock_init+0x3a/0x110 [ 410.318873][T10652] ? __pfx_hot_add_show+0x10/0x10 [ 410.318922][T10652] zram_add+0x160/0x6b0 [ 410.318975][T10652] ? __pfx_zram_add+0x10/0x10 [ 410.319050][T10652] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 410.319101][T10652] ? rcu_is_watching+0x12/0xc0 [ 410.319144][T10652] ? __pfx_hot_add_show+0x10/0x10 [ 410.319197][T10652] hot_add_show+0x21/0x80 [ 410.319248][T10652] class_attr_show+0x6f/0xa0 [ 410.319294][T10652] ? __pfx_class_attr_show+0x10/0x10 [ 410.319339][T10652] sysfs_kf_seq_show+0x23e/0x410 [ 410.319390][T10652] seq_read_iter+0x4f4/0x12b0 [ 410.319452][T10652] kernfs_fop_read_iter+0x414/0x580 [ 410.319488][T10652] ? rw_verify_area+0xcf/0x680 [ 410.319547][T10652] vfs_read+0x886/0xbf0 [ 410.319604][T10652] ? __pfx_vfs_read+0x10/0x10 [ 410.319683][T10652] ksys_read+0x12b/0x250 [ 410.319728][T10652] ? __pfx_ksys_read+0x10/0x10 [ 410.319791][T10652] do_syscall_64+0xcd/0x250 [ 410.319848][T10652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.319899][T10652] RIP: 0033:0x7fc9a4d8d169 [ 410.319926][T10652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.319959][T10652] RSP: 002b:00007fc9a5c39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 410.319991][T10652] RAX: ffffffffffffffda RBX: 00007fc9a4fa5fa0 RCX: 00007fc9a4d8d169 [ 410.320014][T10652] RDX: 0000000000001020 RSI: 0000200000000ec0 RDI: 0000000000000007 [ 410.320034][T10652] RBP: 00007fc9a4e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 410.320054][T10652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 410.320073][T10652] R13: 0000000000000000 R14: 00007fc9a4fa5fa0 R15: 00007fffdc8cc728 [ 410.320118][T10652] [ 410.637265][T10652] zram: Error allocating disk structure for device 2 [ 411.041259][T10667] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1165'. [ 413.307794][T10694] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 413.419121][T10694] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 417.432551][T10780] netlink: 544 bytes leftover after parsing attributes in process `syz.2.1191'. [ 418.205969][T10766] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 418.256437][T10766] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 422.011041][T10846] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 422.022261][T10846] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 423.796989][T10861] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1212'. [ 426.139294][T10894] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 426.193437][T10894] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 428.082896][T10937] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1229'. [ 429.976929][T10955] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 430.018671][T10955] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 438.007987][T11079] netlink: 544 bytes leftover after parsing attributes in process `syz.1.1262'. [ 439.355807][T11098] netlink: 544 bytes leftover after parsing attributes in process `syz.1.1264'. [ 441.399594][T11139] netlink: 544 bytes leftover after parsing attributes in process `syz.2.1273'. [ 443.029739][T11151] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 443.062982][T11151] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 443.805593][T11170] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1282'. [ 445.578222][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.588616][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.874498][T11178] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1284'. [ 445.969141][T11194] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1296'. [ 448.141041][T11228] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1295'. [ 462.024544][T11422] netlink: 544 bytes leftover after parsing attributes in process `syz.1.1340'. [ 464.096653][T11453] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1345'. [ 469.780825][T11529] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 469.802107][T11529] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 471.914560][T11572] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1376'. [ 472.961749][T11591] netlink: 544 bytes leftover after parsing attributes in process `syz.1.1378'. [ 473.794357][T11605] FAULT_INJECTION: forcing a failure. [ 473.794357][T11605] name failslab, interval 1, probability 0, space 0, times 0 [ 473.818076][T11605] CPU: 0 UID: 0 PID: 11605 Comm: syz.3.1383 Tainted: G U 6.14.0-syzkaller #0 [ 473.818124][T11605] Tainted: [U]=USER [ 473.818134][T11605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 473.818152][T11605] Call Trace: [ 473.818162][T11605] [ 473.818174][T11605] dump_stack_lvl+0x16c/0x1f0 [ 473.818230][T11605] should_fail_ex+0x50a/0x650 [ 473.818263][T11605] ? fs_reclaim_acquire+0xae/0x150 [ 473.818311][T11605] should_failslab+0xc2/0x120 [ 473.818344][T11605] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 473.818410][T11605] ? alloc_vfsmnt+0x23/0x6f0 [ 473.818446][T11605] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 473.818502][T11605] alloc_vfsmnt+0x23/0x6f0 [ 473.818566][T11605] clone_mnt+0x6d/0xf90 [ 473.818607][T11605] ? lock_acquire+0x2f/0xb0 [ 473.818652][T11605] ? copy_mnt_ns+0x14d/0xa70 [ 473.818689][T11605] copy_tree+0xeb/0x9c0 [ 473.818738][T11605] ? __pfx_down_write+0x10/0x10 [ 473.818774][T11605] ? alloc_mnt_ns+0x325/0x520 [ 473.818821][T11605] copy_mnt_ns+0x1b5/0xa70 [ 473.818852][T11605] ? kmem_cache_alloc_noprof+0x279/0x3d0 [ 473.818914][T11605] ? create_new_namespaces+0x30/0xad0 [ 473.818977][T11605] create_new_namespaces+0xd3/0xad0 [ 473.819032][T11605] ? bpf_lsm_capable+0x9/0x10 [ 473.819066][T11605] ? security_capable+0x7e/0x260 [ 473.819106][T11605] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 473.819168][T11605] ksys_unshare+0x45d/0xa40 [ 473.819204][T11605] ? __pfx_ksys_unshare+0x10/0x10 [ 473.819237][T11605] ? xfd_validate_state+0x5d/0x180 [ 473.819300][T11605] __x64_sys_unshare+0x31/0x40 [ 473.819340][T11605] do_syscall_64+0xcd/0x250 [ 473.819393][T11605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.819441][T11605] RIP: 0033:0x7fc9a4d8d169 [ 473.819467][T11605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.819500][T11605] RSP: 002b:00007fc9a5c39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 473.819531][T11605] RAX: ffffffffffffffda RBX: 00007fc9a4fa5fa0 RCX: 00007fc9a4d8d169 [ 473.819553][T11605] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 473.819573][T11605] RBP: 00007fc9a4e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 473.819594][T11605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 473.819613][T11605] R13: 0000000000000000 R14: 00007fc9a4fa5fa0 R15: 00007fffdc8cc728 [ 473.819661][T11605] [ 474.105488][T11605] syz.3.1383 (11605): drop_caches: 0 [ 474.773380][T11615] netlink: 544 bytes leftover after parsing attributes in process `syz.2.1385'. [ 477.523030][T11636] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 477.532809][T11636] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 480.687486][T11711] netlink: 544 bytes leftover after parsing attributes in process `syz.1.1409'. [ 481.752684][T11738] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1415'. [ 483.839186][T11779] netlink: 544 bytes leftover after parsing attributes in process `syz.2.1427'. [ 485.451052][T11812] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 485.465995][T11812] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 486.201882][T11829] FAULT_INJECTION: forcing a failure. [ 486.201882][T11829] name failslab, interval 1, probability 0, space 0, times 0 [ 486.224221][T11829] CPU: 0 UID: 0 PID: 11829 Comm: syz.2.1441 Tainted: G U 6.14.0-syzkaller #0 [ 486.224274][T11829] Tainted: [U]=USER [ 486.224285][T11829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 486.224304][T11829] Call Trace: [ 486.224313][T11829] [ 486.224325][T11829] dump_stack_lvl+0x16c/0x1f0 [ 486.224382][T11829] should_fail_ex+0x50a/0x650 [ 486.224415][T11829] ? fs_reclaim_acquire+0xae/0x150 [ 486.224472][T11829] should_failslab+0xc2/0x120 [ 486.224517][T11829] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 486.224575][T11829] ? kstrdup_const+0x63/0x80 [ 486.224620][T11829] kstrdup+0x53/0x100 [ 486.224661][T11829] kstrdup_const+0x63/0x80 [ 486.224699][T11829] alloc_vfsmnt+0xdf/0x6f0 [ 486.224737][T11829] clone_mnt+0x6d/0xf90 [ 486.224774][T11829] ? lock_acquire+0x2f/0xb0 [ 486.224815][T11829] ? copy_mnt_ns+0x14d/0xa70 [ 486.224848][T11829] copy_tree+0xeb/0x9c0 [ 486.224891][T11829] ? __pfx_down_write+0x10/0x10 [ 486.224925][T11829] ? alloc_mnt_ns+0x325/0x520 [ 486.224971][T11829] copy_mnt_ns+0x1b5/0xa70 [ 486.225004][T11829] ? kmem_cache_alloc_noprof+0x279/0x3d0 [ 486.225055][T11829] ? create_new_namespaces+0x30/0xad0 [ 486.225114][T11829] create_new_namespaces+0xd3/0xad0 [ 486.225165][T11829] ? bpf_lsm_capable+0x9/0x10 [ 486.225217][T11829] ? security_capable+0x7e/0x260 [ 486.225257][T11829] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 486.225316][T11829] ksys_unshare+0x45d/0xa40 [ 486.225352][T11829] ? __pfx_ksys_unshare+0x10/0x10 [ 486.225385][T11829] ? xfd_validate_state+0x5d/0x180 [ 486.225454][T11829] __x64_sys_unshare+0x31/0x40 [ 486.225489][T11829] do_syscall_64+0xcd/0x250 [ 486.225544][T11829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.225593][T11829] RIP: 0033:0x7f8a38d8d169 [ 486.225619][T11829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 486.225650][T11829] RSP: 002b:00007f8a39bae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 486.225681][T11829] RAX: ffffffffffffffda RBX: 00007f8a38fa5fa0 RCX: 00007f8a38d8d169 [ 486.225704][T11829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 486.225723][T11829] RBP: 00007f8a38e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 486.225743][T11829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 486.225762][T11829] R13: 0000000000000000 R14: 00007f8a38fa5fa0 R15: 00007fffcae34008 [ 486.225801][T11829] [ 487.988263][T11846] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 488.064501][T11846] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 493.729542][T11959] netlink: 544 bytes leftover after parsing attributes in process `syz.2.1474'. [ 503.886680][T12165] netlink: 544 bytes leftover after parsing attributes in process `syz.1.1521'. [ 507.038562][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.045137][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.650316][T12224] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 507.691148][T12224] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 509.011958][T12269] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1540'. [ 525.797078][T12638] netlink: 544 bytes leftover after parsing attributes in process `syz.2.1609'. [ 529.601992][T12699] netlink: 544 bytes leftover after parsing attributes in process `syz.1.1625'. [ 533.536423][T12780] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1639'. [ 539.612734][T12871] FAULT_INJECTION: forcing a failure. [ 539.612734][T12871] name failslab, interval 1, probability 0, space 0, times 0 [ 539.626002][T12871] CPU: 0 UID: 0 PID: 12871 Comm: syz.2.1660 Tainted: G U 6.14.0-syzkaller #0 [ 539.626058][T12871] Tainted: [U]=USER [ 539.626069][T12871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 539.626088][T12871] Call Trace: [ 539.626098][T12871] [ 539.626110][T12871] dump_stack_lvl+0x16c/0x1f0 [ 539.626174][T12871] should_fail_ex+0x50a/0x650 [ 539.626216][T12871] ? fs_reclaim_acquire+0xae/0x150 [ 539.626264][T12871] should_failslab+0xc2/0x120 [ 539.626297][T12871] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 539.626369][T12871] ? kstrdup_const+0x63/0x80 [ 539.626416][T12871] kstrdup+0x53/0x100 [ 539.626459][T12871] kstrdup_const+0x63/0x80 [ 539.626500][T12871] alloc_vfsmnt+0xdf/0x6f0 [ 539.626538][T12871] clone_mnt+0x6d/0xf90 [ 539.626577][T12871] ? lock_acquire+0x2f/0xb0 [ 539.626628][T12871] ? copy_mnt_ns+0x14d/0xa70 [ 539.626665][T12871] copy_tree+0xeb/0x9c0 [ 539.626712][T12871] ? __pfx_down_write+0x10/0x10 [ 539.626747][T12871] ? alloc_mnt_ns+0x325/0x520 [ 539.626792][T12871] copy_mnt_ns+0x1b5/0xa70 [ 539.626822][T12871] ? kmem_cache_alloc_noprof+0x279/0x3d0 [ 539.626877][T12871] ? create_new_namespaces+0x30/0xad0 [ 539.626938][T12871] create_new_namespaces+0xd3/0xad0 [ 539.626999][T12871] ? bpf_lsm_capable+0x9/0x10 [ 539.627035][T12871] ? security_capable+0x7e/0x260 [ 539.627081][T12871] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 539.627140][T12871] ksys_unshare+0x45d/0xa40 [ 539.627181][T12871] ? __pfx_ksys_unshare+0x10/0x10 [ 539.627215][T12871] ? xfd_validate_state+0x5d/0x180 [ 539.627279][T12871] __x64_sys_unshare+0x31/0x40 [ 539.627315][T12871] do_syscall_64+0xcd/0x250 [ 539.627374][T12871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.627420][T12871] RIP: 0033:0x7f8a38d8d169 [ 539.627446][T12871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 539.627479][T12871] RSP: 002b:00007f8a39bae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 539.627509][T12871] RAX: ffffffffffffffda RBX: 00007f8a38fa5fa0 RCX: 00007f8a38d8d169 [ 539.627531][T12871] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 539.627551][T12871] RBP: 00007f8a38e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 539.627575][T12871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 539.627595][T12871] R13: 0000000000000000 R14: 00007f8a38fa5fa0 R15: 00007fffcae34008 [ 539.627641][T12871] [ 539.877587][ C0] vkms_vblank_simulate: vblank timer overrun [ 544.118781][T12947] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1679'. [ 544.854715][T12957] FAULT_INJECTION: forcing a failure. [ 544.854715][T12957] name failslab, interval 1, probability 0, space 0, times 0 [ 544.890439][T12957] CPU: 1 UID: 0 PID: 12957 Comm: syz.0.1684 Tainted: G U 6.14.0-syzkaller #0 [ 544.890489][T12957] Tainted: [U]=USER [ 544.890499][T12957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 544.890525][T12957] Call Trace: [ 544.890547][T12957] [ 544.890559][T12957] dump_stack_lvl+0x16c/0x1f0 [ 544.890613][T12957] should_fail_ex+0x50a/0x650 [ 544.890645][T12957] ? fs_reclaim_acquire+0xae/0x150 [ 544.890691][T12957] should_failslab+0xc2/0x120 [ 544.890723][T12957] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 544.890775][T12957] ? alloc_vfsmnt+0x23/0x6f0 [ 544.890811][T12957] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 544.890864][T12957] alloc_vfsmnt+0x23/0x6f0 [ 544.890900][T12957] clone_mnt+0x6d/0xf90 [ 544.890939][T12957] ? lock_acquire+0x2f/0xb0 [ 544.890982][T12957] ? copy_mnt_ns+0x14d/0xa70 [ 544.891017][T12957] copy_tree+0xeb/0x9c0 [ 544.891069][T12957] ? __pfx_down_write+0x10/0x10 [ 544.891103][T12957] ? alloc_mnt_ns+0x325/0x520 [ 544.891184][T12957] copy_mnt_ns+0x1b5/0xa70 [ 544.891215][T12957] ? kmem_cache_alloc_noprof+0x279/0x3d0 [ 544.891268][T12957] ? create_new_namespaces+0x30/0xad0 [ 544.891329][T12957] create_new_namespaces+0xd3/0xad0 [ 544.891383][T12957] ? bpf_lsm_capable+0x9/0x10 [ 544.891418][T12957] ? security_capable+0x7e/0x260 [ 544.891459][T12957] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 544.891527][T12957] ksys_unshare+0x45d/0xa40 [ 544.891563][T12957] ? __pfx_ksys_unshare+0x10/0x10 [ 544.891597][T12957] ? xfd_validate_state+0x5d/0x180 [ 544.891661][T12957] __x64_sys_unshare+0x31/0x40 [ 544.891695][T12957] do_syscall_64+0xcd/0x250 [ 544.891750][T12957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.891799][T12957] RIP: 0033:0x7f847498d169 [ 544.891826][T12957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.891857][T12957] RSP: 002b:00007f8475766038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 544.891888][T12957] RAX: ffffffffffffffda RBX: 00007f8474ba5fa0 RCX: 00007f847498d169 [ 544.891910][T12957] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 544.891929][T12957] RBP: 00007f8474a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 544.891949][T12957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 544.891969][T12957] R13: 0000000000000000 R14: 00007f8474ba5fa0 R15: 00007fff66c6d248 [ 544.892010][T12957] [ 545.308041][T12962] FAULT_INJECTION: forcing a failure. [ 545.308041][T12962] name failslab, interval 1, probability 0, space 0, times 0 [ 545.352600][T12962] CPU: 1 UID: 0 PID: 12962 Comm: syz.0.1693 Tainted: G U 6.14.0-syzkaller #0 [ 545.352650][T12962] Tainted: [U]=USER [ 545.352660][T12962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 545.352678][T12962] Call Trace: [ 545.352688][T12962] [ 545.352700][T12962] dump_stack_lvl+0x16c/0x1f0 [ 545.352755][T12962] should_fail_ex+0x50a/0x650 [ 545.352787][T12962] ? fs_reclaim_acquire+0xae/0x150 [ 545.352832][T12962] should_failslab+0xc2/0x120 [ 545.352864][T12962] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 545.352916][T12962] ? alloc_vfsmnt+0x23/0x6f0 [ 545.352951][T12962] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 545.353005][T12962] alloc_vfsmnt+0x23/0x6f0 [ 545.353044][T12962] clone_mnt+0x6d/0xf90 [ 545.353084][T12962] ? lock_acquire+0x2f/0xb0 [ 545.353129][T12962] ? copy_mnt_ns+0x14d/0xa70 [ 545.353162][T12962] copy_tree+0xeb/0x9c0 [ 545.353208][T12962] ? __pfx_down_write+0x10/0x10 [ 545.353242][T12962] ? alloc_mnt_ns+0x325/0x520 [ 545.353299][T12962] copy_mnt_ns+0x1b5/0xa70 [ 545.353329][T12962] ? kmem_cache_alloc_noprof+0x279/0x3d0 [ 545.353383][T12962] ? create_new_namespaces+0x30/0xad0 [ 545.353444][T12962] create_new_namespaces+0xd3/0xad0 [ 545.353498][T12962] ? bpf_lsm_capable+0x9/0x10 [ 545.353532][T12962] ? security_capable+0x7e/0x260 [ 545.353571][T12962] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 545.353632][T12962] ksys_unshare+0x45d/0xa40 [ 545.353669][T12962] ? __pfx_ksys_unshare+0x10/0x10 [ 545.353701][T12962] ? xfd_validate_state+0x5d/0x180 [ 545.353763][T12962] __x64_sys_unshare+0x31/0x40 [ 545.353798][T12962] do_syscall_64+0xcd/0x250 [ 545.353851][T12962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.353897][T12962] RIP: 0033:0x7f847498d169 [ 545.353922][T12962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 545.353954][T12962] RSP: 002b:00007f8475766038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 545.353984][T12962] RAX: ffffffffffffffda RBX: 00007f8474ba5fa0 RCX: 00007f847498d169 [ 545.354005][T12962] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 545.354024][T12962] RBP: 00007f8474a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 545.354043][T12962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 545.354062][T12962] R13: 0000000000000000 R14: 00007f8474ba5fa0 R15: 00007fff66c6d248 [ 545.354113][T12962] [ 547.706494][T12990] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1692'. [ 560.741294][T13226] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1744'. [ 563.590698][T13273] netlink: 544 bytes leftover after parsing attributes in process `syz.1.1756'. [ 566.016232][T13335] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1767'. [ 568.466842][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.473280][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 570.490911][T13422] netlink: 544 bytes leftover after parsing attributes in process `syz.1.1778'. [ 570.863535][T13440] netlink: 544 bytes leftover after parsing attributes in process `syz.2.1779'. [ 576.263429][T13560] netlink: 544 bytes leftover after parsing attributes in process `syz.1.1806'. [ 581.763387][T13643] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1822'. [ 586.738394][T13734] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1834'. [ 587.669756][T13746] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1838'. [ 597.731469][T13948] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1876'. [ 601.509096][T14017] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1887'. [ 603.710495][T14067] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1897'. [ 607.080266][T14141] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1908'. [ 609.559904][T14193] netlink: 544 bytes leftover after parsing attributes in process `syz.2.1921'. [ 613.617306][T14245] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1931'. [ 622.771966][T14431] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1962'. [ 623.721116][T14450] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1966'. [ 626.914925][T14503] netlink: 544 bytes leftover after parsing attributes in process `syz.0.1977'. [ 629.902111][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.916086][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 633.596369][T14649] netlink: 544 bytes leftover after parsing attributes in process `syz.3.1998'. [ 634.880005][T14676] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2001'. [ 640.116896][T14761] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2020'. [ 642.672940][T14809] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2027'. [ 646.491400][T14896] netlink: 544 bytes leftover after parsing attributes in process `syz.3.2038'. [ 649.621870][T14951] netlink: 544 bytes leftover after parsing attributes in process `syz.0.2048'. [ 654.234548][T15049] netlink: 544 bytes leftover after parsing attributes in process `syz.3.2064'. [ 677.902308][T15467] netlink: 544 bytes leftover after parsing attributes in process `syz.3.2146'. [ 690.103239][T15679] netlink: 544 bytes leftover after parsing attributes in process `syz.3.2184'. [ 690.176475][T15683] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2183'. [ 691.037428][T15695] netlink: 544 bytes leftover after parsing attributes in process `syz.1.2186'. [ 691.317257][T15701] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2187'. [ 691.351257][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.357759][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 693.627300][T15748] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2196'. [ 699.329454][T15831] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2213'. [ 703.222720][T15908] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2229'. [ 711.346472][T16079] netlink: 544 bytes leftover after parsing attributes in process `syz.1.2259'. [ 714.539424][T16149] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2268'. [ 715.646430][T16157] netlink: 544 bytes leftover after parsing attributes in process `syz.0.2271'. [ 723.926376][T16300] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2296'. [ 724.794421][T16322] FAULT_INJECTION: forcing a failure. [ 724.794421][T16322] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 724.825965][T16322] CPU: 0 UID: 0 PID: 16322 Comm: syz.2.2302 Tainted: G U 6.14.0-syzkaller #0 [ 724.826009][T16322] Tainted: [U]=USER [ 724.826019][T16322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 724.826036][T16322] Call Trace: [ 724.826046][T16322] [ 724.826058][T16322] dump_stack_lvl+0x16c/0x1f0 [ 724.826111][T16322] should_fail_ex+0x50a/0x650 [ 724.826149][T16322] _copy_to_user+0x32/0xd0 [ 724.826190][T16322] simple_read_from_buffer+0xd0/0x160 [ 724.826237][T16322] proc_fail_nth_read+0x198/0x270 [ 724.826281][T16322] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 724.826325][T16322] ? rw_verify_area+0xcf/0x680 [ 724.826376][T16322] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 724.826414][T16322] vfs_read+0x1df/0xbf0 [ 724.826458][T16322] ? __fget_files+0x1fc/0x3a0 [ 724.826505][T16322] ? __pfx___mutex_lock+0x10/0x10 [ 724.826560][T16322] ? __pfx_vfs_read+0x10/0x10 [ 724.826613][T16322] ? __fget_files+0x206/0x3a0 [ 724.826670][T16322] ksys_read+0x12b/0x250 [ 724.826713][T16322] ? __pfx_ksys_read+0x10/0x10 [ 724.826768][T16322] do_syscall_64+0xcd/0x250 [ 724.826819][T16322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 724.826864][T16322] RIP: 0033:0x7f8a38d8bb7c [ 724.826888][T16322] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 724.826917][T16322] RSP: 002b:00007f8a39bae030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 724.826946][T16322] RAX: ffffffffffffffda RBX: 00007f8a38fa5fa0 RCX: 00007f8a38d8bb7c [ 724.826965][T16322] RDX: 000000000000000f RSI: 00007f8a39bae0a0 RDI: 0000000000000004 [ 724.826983][T16322] RBP: 00007f8a39bae090 R08: 0000000000000000 R09: 0000000000000000 [ 724.827000][T16322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 724.827016][T16322] R13: 0000000000000000 R14: 00007f8a38fa5fa0 R15: 00007fffcae34008 [ 724.827054][T16322] [ 724.833165][T16320] openvswitch: netlink: Multiple metadata blocks provided [ 725.446742][T16341] netlink: 'syz.0.2305': attribute type 2 has an invalid length. [ 727.066315][T16350] netlink: 544 bytes leftover after parsing attributes in process `syz.3.2306'. [ 728.038531][T16391] vivid-007: kernel_thread() failed [ 728.846003][T16409] netlink: 544 bytes leftover after parsing attributes in process `syz.3.2315'. [ 729.658045][T16428] FAULT_INJECTION: forcing a failure. [ 729.658045][T16428] name failslab, interval 1, probability 0, space 0, times 0 [ 729.730467][T16428] CPU: 0 UID: 0 PID: 16428 Comm: syz.3.2317 Tainted: G U 6.14.0-syzkaller #0 [ 729.730509][T16428] Tainted: [U]=USER [ 729.730517][T16428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 729.730532][T16428] Call Trace: [ 729.730541][T16428] [ 729.730551][T16428] dump_stack_lvl+0x16c/0x1f0 [ 729.730613][T16428] should_fail_ex+0x50a/0x650 [ 729.730640][T16428] ? fs_reclaim_acquire+0xae/0x150 [ 729.730677][T16428] ? kernfs_fop_open+0x28b/0xdb0 [ 729.730703][T16428] should_failslab+0xc2/0x120 [ 729.730729][T16428] __kmalloc_cache_noprof+0x68/0x410 [ 729.730774][T16428] kernfs_fop_open+0x28b/0xdb0 [ 729.730803][T16428] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 729.730845][T16428] do_dentry_open+0x735/0x1c40 [ 729.730884][T16428] ? __pfx_kernfs_fop_open+0x10/0x10 [ 729.730914][T16428] ? inode_permission+0xdd/0x5f0 [ 729.730947][T16428] vfs_open+0x82/0x3f0 [ 729.730973][T16428] ? may_open+0x1f2/0x400 [ 729.731006][T16428] path_openat+0x1e88/0x2d80 [ 729.731059][T16428] ? __pfx_path_openat+0x10/0x10 [ 729.731098][T16428] ? __pfx___lock_acquire+0x10/0x10 [ 729.731133][T16428] ? lock_acquire.part.0+0x11b/0x380 [ 729.731170][T16428] ? find_held_lock+0x2d/0x110 [ 729.731202][T16428] do_filp_open+0x20c/0x470 [ 729.731241][T16428] ? __pfx_do_filp_open+0x10/0x10 [ 729.731287][T16428] ? find_held_lock+0x2d/0x110 [ 729.731338][T16428] ? alloc_fd+0x41f/0x760 [ 729.731385][T16428] do_sys_openat2+0x17a/0x1e0 [ 729.731413][T16428] ? __pfx_do_sys_openat2+0x10/0x10 [ 729.731445][T16428] ? __fget_files+0x206/0x3a0 [ 729.731490][T16428] __x64_sys_openat+0x175/0x210 [ 729.731519][T16428] ? __pfx___x64_sys_openat+0x10/0x10 [ 729.731547][T16428] ? ksys_write+0x1ba/0x250 [ 729.731595][T16428] do_syscall_64+0xcd/0x250 [ 729.731637][T16428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 729.731674][T16428] RIP: 0033:0x7fc9a4d8d169 [ 729.731696][T16428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 729.731722][T16428] RSP: 002b:00007fc9a5c39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 729.731746][T16428] RAX: ffffffffffffffda RBX: 00007fc9a4fa5fa0 RCX: 00007fc9a4d8d169 [ 729.731764][T16428] RDX: 0000000000088442 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 729.731780][T16428] RBP: 00007fc9a5c39090 R08: 0000000000000000 R09: 0000000000000000 [ 729.731795][T16428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 729.731811][T16428] R13: 0000000000000000 R14: 00007fc9a4fa5fa0 R15: 00007fffdc8cc728 [ 729.731844][T16428] [ 730.434112][T16443] FAULT_INJECTION: forcing a failure. [ 730.434112][T16443] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 730.466595][T16443] CPU: 0 UID: 0 PID: 16443 Comm: syz.1.2320 Tainted: G U 6.14.0-syzkaller #0 [ 730.466638][T16443] Tainted: [U]=USER [ 730.466648][T16443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 730.466664][T16443] Call Trace: [ 730.466672][T16443] [ 730.466681][T16443] dump_stack_lvl+0x16c/0x1f0 [ 730.466727][T16443] should_fail_ex+0x50a/0x650 [ 730.466761][T16443] _copy_from_user+0x2e/0xd0 [ 730.466798][T16443] mon_bin_ioctl+0x168/0xcd0 [ 730.466835][T16443] ? __pfx_mon_bin_ioctl+0x10/0x10 [ 730.466872][T16443] ? __fget_files+0x206/0x3a0 [ 730.466933][T16443] ? __pfx_mon_bin_ioctl+0x10/0x10 [ 730.466967][T16443] __x64_sys_ioctl+0x190/0x200 [ 730.467004][T16443] do_syscall_64+0xcd/0x250 [ 730.467048][T16443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.467091][T16443] RIP: 0033:0x7fa41918d169 [ 730.467115][T16443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 730.467143][T16443] RSP: 002b:00007fa416ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 730.467170][T16443] RAX: ffffffffffffffda RBX: 00007fa4193a5fa0 RCX: 00007fa41918d169 [ 730.467189][T16443] RDX: 0000200000000100 RSI: 00000000c0109207 RDI: 0000000000000003 [ 730.467207][T16443] RBP: 00007fa416ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 730.467224][T16443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 730.467241][T16443] R13: 0000000000000000 R14: 00007fa4193a5fa0 R15: 00007ffd0002bda8 [ 730.467277][T16443] [ 735.944287][T16530] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2338'. [ 737.253328][ T56] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 737.283224][ T56] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 737.296057][ T56] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 737.304138][ T56] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 737.312164][ T56] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 737.329934][ T56] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 737.559958][T16557] netlink: 544 bytes leftover after parsing attributes in process `syz.1.2343'. [ 738.433119][T16562] chnl_net:caif_netlink_parms(): no params data found [ 738.739145][T16562] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.768937][T16562] bridge0: port 1(bridge_slave_0) entered disabled state [ 738.816382][T16562] bridge_slave_0: entered allmulticast mode [ 738.832694][T16562] bridge_slave_0: entered promiscuous mode [ 738.873708][T16562] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.888922][T16562] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.906173][T16562] bridge_slave_1: entered allmulticast mode [ 738.920415][T16562] bridge_slave_1: entered promiscuous mode [ 738.987839][T16562] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 739.018691][T16562] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 739.230743][T16562] team0: Port device team_slave_0 added [ 739.269011][T16562] team0: Port device team_slave_1 added [ 739.416144][ T5147] Bluetooth: hci0: command tx timeout [ 739.492177][T16562] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 739.515969][T16562] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 739.581625][T16562] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 739.650332][T16562] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 739.665907][T16562] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 739.722707][T16562] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 739.860974][T16562] hsr_slave_0: entered promiscuous mode [ 739.874414][T16562] hsr_slave_1: entered promiscuous mode [ 739.893680][T16562] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 739.911918][T16562] Cannot create hsr debugfs directory [ 740.381680][T16562] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.558869][T16562] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.734448][T16562] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.018804][T16562] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.496080][ T5147] Bluetooth: hci0: command tx timeout [ 741.665174][T16562] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 741.780881][T16562] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 741.818547][T16562] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 741.854830][T16562] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 742.205920][T16562] 8021q: adding VLAN 0 to HW filter on device bond0 [ 742.228405][T16562] 8021q: adding VLAN 0 to HW filter on device team0 [ 742.244861][ T83] bridge0: port 1(bridge_slave_0) entered blocking state [ 742.252135][ T83] bridge0: port 1(bridge_slave_0) entered forwarding state [ 742.982807][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 742.989992][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 743.275353][T16562] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 743.576316][ T5147] Bluetooth: hci0: command tx timeout [ 744.917977][T16562] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 744.954576][T16562] veth0_vlan: entered promiscuous mode [ 744.968078][T16562] veth1_vlan: entered promiscuous mode [ 745.180652][T16562] veth0_macvtap: entered promiscuous mode [ 745.202279][T16562] veth1_macvtap: entered promiscuous mode [ 745.291326][T16562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 745.316610][T16562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.333766][T16562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 745.345643][T16562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.366798][T16562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 745.377932][T16562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.398156][T16562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 745.416406][T16562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.439260][T16562] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 745.535802][T16562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 745.555959][T16562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.576249][T16562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 745.590990][T16562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.612512][T16562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 745.656346][ T5147] Bluetooth: hci0: command tx timeout [ 745.678508][T16562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.689042][T16562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 745.699984][T16562] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 745.724716][T16562] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 745.743451][T16562] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 745.765132][T16562] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 745.777747][T16562] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 745.794502][T16562] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.077858][ T1323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 746.085791][ T1323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 746.155758][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 746.164743][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 747.097389][T16683] Setting dangerous option i915.request_timeout_ms - tainting kernel [ 747.591546][T16688] netlink: 544 bytes leftover after parsing attributes in process `syz.0.2364'. [ 748.409885][ T56] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 748.420431][ T56] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 748.429221][ T56] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 748.438317][ T56] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 748.448738][ T56] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 748.456331][ T56] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 748.897897][T16700] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2367'. [ 749.537145][ T1323] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 749.829566][T16693] chnl_net:caif_netlink_parms(): no params data found [ 750.007757][ T1323] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 750.157296][ T1323] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 750.543765][ T56] Bluetooth: hci1: command tx timeout [ 750.593323][ T1323] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 750.803280][T16693] bridge0: port 1(bridge_slave_0) entered blocking state [ 750.824001][T16693] bridge0: port 1(bridge_slave_0) entered disabled state [ 750.851795][T16693] bridge_slave_0: entered allmulticast mode [ 750.860258][T16693] bridge_slave_0: entered promiscuous mode [ 750.909250][T16693] bridge0: port 2(bridge_slave_1) entered blocking state [ 750.926000][T16693] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.933501][T16693] bridge_slave_1: entered allmulticast mode [ 750.958803][T16693] bridge_slave_1: entered promiscuous mode [ 751.043018][T16725] random: crng reseeded on system resumption [ 751.058752][T16693] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 751.061756][T16693] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 751.155557][ T1323] bridge_slave_1: left allmulticast mode [ 751.171805][ T1323] bridge_slave_1: left promiscuous mode [ 751.174112][ T1323] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.204352][ T1323] bridge_slave_0: left allmulticast mode [ 751.204387][ T1323] bridge_slave_0: left promiscuous mode [ 751.204566][ T1323] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.880324][ T1323] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 751.892780][ T1323] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 751.908412][ T1323] bond0 (unregistering): Released all slaves [ 751.932525][T16693] team0: Port device team_slave_0 added [ 751.972318][T16693] team0: Port device team_slave_1 added [ 752.335808][T16739] random: crng reseeded on system resumption [ 752.615950][ T56] Bluetooth: hci1: command tx timeout [ 752.629930][T16693] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 752.654169][T16693] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 752.683350][T16693] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 752.696861][T16693] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 752.703858][T16693] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 752.751736][T16693] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 752.786413][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.792890][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 753.268198][T16693] hsr_slave_0: entered promiscuous mode [ 753.369731][T16693] hsr_slave_1: entered promiscuous mode [ 753.405501][T16693] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 753.459670][T16693] Cannot create hsr debugfs directory [ 753.882960][ T1323] hsr_slave_0: left promiscuous mode [ 753.908551][ T1323] hsr_slave_1: left promiscuous mode [ 753.928610][ T1323] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 753.957481][ T1323] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 753.994077][ T1323] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 754.026131][ T1323] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 754.109360][ T1323] veth1_macvtap: left promiscuous mode [ 754.115566][ T1323] veth0_macvtap: left promiscuous mode [ 754.130029][ T1323] veth1_vlan: left promiscuous mode [ 754.135680][ T1323] veth0_vlan: left promiscuous mode [ 754.310732][T16771] netlink: 544 bytes leftover after parsing attributes in process `syz.3.2379'. [ 754.696672][ T56] Bluetooth: hci1: command tx timeout [ 755.718125][ T1323] team0 (unregistering): Port device team_slave_1 removed [ 755.769044][ T1323] team0 (unregistering): Port device team_slave_0 removed [ 756.776370][ T56] Bluetooth: hci1: command tx timeout [ 758.055657][T16693] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 758.132939][T16693] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 758.144659][T16693] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 758.164375][T16693] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 758.466873][T16693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 758.505576][T16693] 8021q: adding VLAN 0 to HW filter on device team0 [ 758.528838][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 758.536073][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 758.678648][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 758.685912][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 759.541457][T16693] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 759.691934][T16693] veth0_vlan: entered promiscuous mode [ 759.734312][T16693] veth1_vlan: entered promiscuous mode [ 759.842960][T16693] veth0_macvtap: entered promiscuous mode [ 759.872652][T16693] veth1_macvtap: entered promiscuous mode [ 759.922480][T16693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 759.953930][T16693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 759.974075][T16693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 760.049069][T16693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.059597][T16693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 760.070466][T16693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.080810][T16693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 760.096226][T16693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.107727][T16693] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 760.121573][T16693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 760.133312][T16693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.144592][T16693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 760.155454][T16693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.165642][T16693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 760.188960][T16693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.215985][T16693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 760.262518][T16693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 760.297141][T16693] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 760.373979][T16693] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.405334][T16693] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.438972][T16693] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.459430][T16693] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 760.874799][T10565] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 760.912154][T10565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 761.178286][T10565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 761.192128][T10565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 764.418014][T16951] netlink: 544 bytes leftover after parsing attributes in process `syz.1.2403'. [ 764.522741][T16950] netlink: 544 bytes leftover after parsing attributes in process `syz.0.2402'. [ 766.141300][T16982] netlink: 544 bytes leftover after parsing attributes in process `syz.1.2410'. [ 766.367132][T16984] FAULT_INJECTION: forcing a failure. [ 766.367132][T16984] name failslab, interval 1, probability 0, space 0, times 0 [ 766.440484][T16985] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2411'. [ 766.529638][T16984] CPU: 0 UID: 0 PID: 16984 Comm: syz.1.2410 Tainted: G U 6.14.0-syzkaller #0 [ 766.529685][T16984] Tainted: [U]=USER [ 766.529695][T16984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 766.529714][T16984] Call Trace: [ 766.529723][T16984] [ 766.529734][T16984] dump_stack_lvl+0x16c/0x1f0 [ 766.529785][T16984] should_fail_ex+0x50a/0x650 [ 766.529816][T16984] ? fs_reclaim_acquire+0xae/0x150 [ 766.529860][T16984] ? constrain_params_by_rules+0x176/0xca0 [ 766.529914][T16984] should_failslab+0xc2/0x120 [ 766.529943][T16984] __kmalloc_noprof+0xcb/0x510 [ 766.529987][T16984] ? unwind_get_return_address+0x59/0xa0 [ 766.530036][T16984] ? arch_stack_walk+0xa7/0x100 [ 766.530071][T16984] constrain_params_by_rules+0x176/0xca0 [ 766.530121][T16984] ? stack_trace_save+0x95/0xd0 [ 766.530158][T16984] ? stack_depot_save_flags+0x28/0x9c0 [ 766.530189][T16984] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 766.530241][T16984] ? __kasan_kmalloc+0xaa/0xb0 [ 766.530290][T16984] ? snd_pcm_oss_change_params_locked+0x6d9/0x3a60 [ 766.530331][T16984] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 766.530369][T16984] ? snd_pcm_oss_sync+0x326/0x7f0 [ 766.530421][T16984] ? snd_interval_refine+0x2fa/0x580 [ 766.530456][T16984] snd_pcm_hw_refine+0x7e8/0xad0 [ 766.530502][T16984] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 766.530563][T16984] ? snd_interval_refine+0x2fa/0x580 [ 766.530598][T16984] snd_pcm_oss_change_params_locked+0x211e/0x3a60 [ 766.530658][T16984] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 766.530702][T16984] ? snd_pcm_oss_sync+0x306/0x7f0 [ 766.530767][T16984] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 766.530810][T16984] snd_pcm_oss_sync+0x326/0x7f0 [ 766.530855][T16984] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 766.530896][T16984] snd_pcm_oss_release+0x28b/0x310 [ 766.530939][T16984] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 766.530978][T16984] __fput+0x3ff/0xb70 [ 766.531018][T16984] task_work_run+0x14e/0x250 [ 766.531062][T16984] ? __pfx_task_work_run+0x10/0x10 [ 766.531104][T16984] ? __pfx___do_sys_close_range+0x10/0x10 [ 766.531164][T16984] syscall_exit_to_user_mode+0x27b/0x2a0 [ 766.531214][T16984] do_syscall_64+0xda/0x250 [ 766.531270][T16984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.531315][T16984] RIP: 0033:0x7fc59d38d169 [ 766.531339][T16984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 766.531369][T16984] RSP: 002b:00007fc59b1d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 766.531397][T16984] RAX: 0000000000000000 RBX: 00007fc59d5a6160 RCX: 00007fc59d38d169 [ 766.531416][T16984] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 766.531433][T16984] RBP: 00007fc59b1d5090 R08: 0000000000000000 R09: 0000000000000000 [ 766.531450][T16984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 766.531467][T16984] R13: 0000000000000000 R14: 00007fc59d5a6160 R15: 00007ffe2c4bd698 [ 766.531505][T16984] [ 767.301253][T16994] FAULT_INJECTION: forcing a failure. [ 767.301253][T16994] name failslab, interval 1, probability 0, space 0, times 0 [ 767.315175][T16994] CPU: 1 UID: 0 PID: 16994 Comm: syz.1.2412 Tainted: G U 6.14.0-syzkaller #0 [ 767.315224][T16994] Tainted: [U]=USER [ 767.315235][T16994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 767.315254][T16994] Call Trace: [ 767.315263][T16994] [ 767.315276][T16994] dump_stack_lvl+0x16c/0x1f0 [ 767.315333][T16994] should_fail_ex+0x50a/0x650 [ 767.315367][T16994] ? fs_reclaim_acquire+0xae/0x150 [ 767.315415][T16994] ? percpu_ref_init+0xd9/0x400 [ 767.315462][T16994] should_failslab+0xc2/0x120 [ 767.315495][T16994] __kmalloc_cache_noprof+0x68/0x410 [ 767.315548][T16994] ? __pfx_free_ioctx_users+0x10/0x10 [ 767.315593][T16994] percpu_ref_init+0xd9/0x400 [ 767.315639][T16994] ? __init_waitqueue_head+0xca/0x150 [ 767.315682][T16994] ioctx_alloc+0x2d7/0x2010 [ 767.315732][T16994] ? __might_fault+0x13b/0x190 [ 767.315766][T16994] ? __pfx_lock_release+0x10/0x10 [ 767.315817][T16994] ? trace_lock_acquire+0x14e/0x1f0 [ 767.315855][T16994] ? lockdep_hardirqs_on+0x7c/0x110 [ 767.315903][T16994] ? __pfx_ioctx_alloc+0x10/0x10 [ 767.315943][T16994] ? lock_acquire+0x2f/0xb0 [ 767.315985][T16994] ? __might_fault+0xe3/0x190 [ 767.316017][T16994] ? __might_fault+0xe3/0x190 [ 767.316057][T16994] __x64_sys_io_setup+0xc9/0x210 [ 767.316115][T16994] do_syscall_64+0xcd/0x250 [ 767.316169][T16994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 767.316216][T16994] RIP: 0033:0x7fc59d38d169 [ 767.316243][T16994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 767.316276][T16994] RSP: 002b:00007fc59e10b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 767.316308][T16994] RAX: ffffffffffffffda RBX: 00007fc59d5a5fa0 RCX: 00007fc59d38d169 [ 767.316331][T16994] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff [ 767.316351][T16994] RBP: 00007fc59d40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 767.316372][T16994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 767.316392][T16994] R13: 0000000000000000 R14: 00007fc59d5a5fa0 R15: 00007ffe2c4bd698 [ 767.316433][T16994] [ 770.273527][ T5147] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 770.284415][ T5147] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 770.293515][ T5147] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 770.326671][ T5147] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 770.330664][T16989] delete_channel: no stack [ 770.346420][ T5147] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 770.353835][ T5147] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 770.434505][ T7852] ima: policy update failed [ 770.455870][ T30] audit: type=1802 audit(6037840689.428:8): pid=7852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.461" res=0 errno=0 [ 770.718503][T17023] chnl_net:caif_netlink_parms(): no params data found [ 770.804241][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 770.910728][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 771.103718][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 771.213524][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 771.236613][T17023] bridge0: port 1(bridge_slave_0) entered blocking state [ 771.243952][T17023] bridge0: port 1(bridge_slave_0) entered disabled state [ 771.256639][T17023] bridge_slave_0: entered allmulticast mode [ 771.277376][T17023] bridge_slave_0: entered promiscuous mode [ 771.297932][T17023] bridge0: port 2(bridge_slave_1) entered blocking state [ 771.305120][T17023] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.338327][T17023] bridge_slave_1: entered allmulticast mode [ 771.345590][T17023] bridge_slave_1: entered promiscuous mode [ 771.431409][T17023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 771.443996][T17023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 771.528774][T17023] team0: Port device team_slave_0 added [ 771.540178][T17023] team0: Port device team_slave_1 added [ 771.649586][T17023] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 771.665021][T17023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 771.692306][T17023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 771.704809][ T12] bridge_slave_1: left allmulticast mode [ 771.711368][ T12] bridge_slave_1: left promiscuous mode [ 771.717950][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.727241][ T12] bridge_slave_0: left allmulticast mode [ 771.732953][ T12] bridge_slave_0: left promiscuous mode [ 771.739460][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 772.465465][ T56] Bluetooth: hci2: command tx timeout [ 772.601533][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 772.618994][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 772.699023][ T12] bond0 (unregistering): Released all slaves [ 772.774236][T17023] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 772.795587][T17023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 772.851308][T17023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 773.248092][T17023] hsr_slave_0: entered promiscuous mode [ 773.269952][T17023] hsr_slave_1: entered promiscuous mode [ 773.283707][T17023] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 773.293003][T17023] Cannot create hsr debugfs directory [ 774.111345][ T12] hsr_slave_0: left promiscuous mode [ 774.163924][ T12] hsr_slave_1: left promiscuous mode [ 774.184407][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 774.206437][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 774.236134][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 774.243639][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 774.304100][ T12] veth1_macvtap: left promiscuous mode [ 774.316973][ T12] veth1_vlan: left promiscuous mode [ 774.322505][ T12] veth0_vlan: left promiscuous mode [ 774.538525][ T56] Bluetooth: hci2: command tx timeout [ 775.412328][ T12] team0 (unregistering): Port device team_slave_1 removed [ 775.485767][ T12] team0 (unregistering): Port device team_slave_0 removed [ 776.616256][ T56] Bluetooth: hci2: command tx timeout [ 777.600317][T17023] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 777.669091][T17023] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 777.741359][T17023] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 777.797652][T17091] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2429'. [ 777.808165][T17023] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 777.859926][T17091] zram: Added device: zram2 [ 778.250254][T17023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 778.413699][T17023] 8021q: adding VLAN 0 to HW filter on device team0 [ 778.489859][T10565] bridge0: port 1(bridge_slave_0) entered blocking state [ 778.497115][T10565] bridge0: port 1(bridge_slave_0) entered forwarding state [ 778.608223][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 778.615448][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 778.696140][ T56] Bluetooth: hci2: command tx timeout [ 779.348619][T17023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 779.631038][T17023] veth0_vlan: entered promiscuous mode [ 779.762967][T17023] veth1_vlan: entered promiscuous mode [ 779.904839][T17023] veth0_macvtap: entered promiscuous mode [ 779.934758][T17023] veth1_macvtap: entered promiscuous mode [ 780.020857][T17023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.086013][T17023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.101816][T17023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.177425][T17023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.216167][T17023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.246025][T17023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.266862][T17023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.293420][T17023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.320726][T17023] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 780.359313][T17023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.359349][T17023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.359368][T17023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.359391][T17023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.359410][T17023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.359435][T17023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.359453][T17023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.359476][T17023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.367371][T17023] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 780.388204][T17023] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.388290][T17023] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.388336][T17023] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.388383][T17023] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.550038][T17165] FAULT_INJECTION: forcing a failure. [ 780.550038][T17165] name failslab, interval 1, probability 0, space 0, times 0 [ 780.550102][T17165] CPU: 1 UID: 0 PID: 17165 Comm: syz.2.2442 Tainted: G U 6.14.0-syzkaller #0 [ 780.550143][T17165] Tainted: [U]=USER [ 780.550153][T17165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 780.550172][T17165] Call Trace: [ 780.550181][T17165] [ 780.550192][T17165] dump_stack_lvl+0x16c/0x1f0 [ 780.550245][T17165] should_fail_ex+0x50a/0x650 [ 780.550276][T17165] ? fs_reclaim_acquire+0xae/0x150 [ 780.550321][T17165] ? device_add+0xccf/0x1a70 [ 780.550367][T17165] should_failslab+0xc2/0x120 [ 780.550398][T17165] __kmalloc_cache_noprof+0x68/0x410 [ 780.550455][T17165] device_add+0xccf/0x1a70 [ 780.550499][T17165] ? dev_set_name+0xc8/0x100 [ 780.550528][T17165] ? __pfx_dev_set_name+0x10/0x10 [ 780.550559][T17165] ? __pfx_device_add+0x10/0x10 [ 780.550625][T17165] add_disk_fwnode+0x468/0x1320 [ 780.550681][T17165] zram_add+0x486/0x6b0 [ 780.550731][T17165] ? __pfx_zram_add+0x10/0x10 [ 780.550811][T17165] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 780.550863][T17165] ? rcu_is_watching+0x12/0xc0 [ 780.550906][T17165] ? __pfx_hot_add_show+0x10/0x10 [ 780.550956][T17165] hot_add_show+0x21/0x80 [ 780.551006][T17165] class_attr_show+0x6f/0xa0 [ 780.551052][T17165] ? __pfx_class_attr_show+0x10/0x10 [ 780.551098][T17165] sysfs_kf_seq_show+0x23e/0x410 [ 780.551148][T17165] seq_read_iter+0x4f4/0x12b0 [ 780.551212][T17165] kernfs_fop_read_iter+0x414/0x580 [ 780.551248][T17165] ? rw_verify_area+0xcf/0x680 [ 780.551295][T17165] vfs_read+0x886/0xbf0 [ 780.551348][T17165] ? __pfx_vfs_read+0x10/0x10 [ 780.551421][T17165] ksys_read+0x12b/0x250 [ 780.551461][T17165] ? __pfx_ksys_read+0x10/0x10 [ 780.551519][T17165] do_syscall_64+0xcd/0x250 [ 780.551573][T17165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 780.551621][T17165] RIP: 0033:0x7f8a38d8d169 [ 780.551647][T17165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 780.551679][T17165] RSP: 002b:00007f8a39b8d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 780.551710][T17165] RAX: ffffffffffffffda RBX: 00007f8a38fa6080 RCX: 00007f8a38d8d169 [ 780.551730][T17165] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000008 [ 780.551749][T17165] RBP: 00007f8a38e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 780.551767][T17165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 780.551796][T17165] R13: 0000000000000000 R14: 00007f8a38fa6080 R15: 00007fffcae34008 [ 780.551841][T17165] [ 780.766700][T10565] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 780.766733][T10565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 781.149546][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 781.193297][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 784.714683][T17252] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(1) [ 785.185459][ T5843] bridge0: port 3(syz_tun) entered disabled state [ 785.348232][ T5843] syz_tun (unregistering): left allmulticast mode [ 785.354830][ T5843] syz_tun (unregistering): left promiscuous mode [ 785.377547][ T5843] bridge0: port 3(syz_tun) entered disabled state [ 785.573105][ T5147] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 785.583057][ T5147] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 785.592319][ T5147] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 785.601542][ T5147] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 785.609494][ T5147] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 785.619951][ T5147] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 785.810408][T17263] FAULT_INJECTION: forcing a failure. [ 785.810408][T17263] name failslab, interval 1, probability 0, space 0, times 0 [ 785.857441][T17263] CPU: 1 UID: 0 PID: 17263 Comm: syz.0.2455 Tainted: G U 6.14.0-syzkaller #0 [ 785.857495][T17263] Tainted: [U]=USER [ 785.857506][T17263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 785.857524][T17263] Call Trace: [ 785.857532][T17263] [ 785.857544][T17263] dump_stack_lvl+0x16c/0x1f0 [ 785.857599][T17263] should_fail_ex+0x50a/0x650 [ 785.857629][T17263] ? fs_reclaim_acquire+0xae/0x150 [ 785.857674][T17263] ? tomoyo_realpath_from_path+0xb9/0x720 [ 785.857722][T17263] should_failslab+0xc2/0x120 [ 785.857753][T17263] __kmalloc_noprof+0xcb/0x510 [ 785.857803][T17263] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 785.857859][T17263] tomoyo_realpath_from_path+0xb9/0x720 [ 785.857906][T17263] ? tomoyo_path_number_perm+0x235/0x590 [ 785.857949][T17263] ? tomoyo_path_number_perm+0x235/0x590 [ 785.857995][T17263] tomoyo_path_number_perm+0x248/0x590 [ 785.858034][T17263] ? tomoyo_path_number_perm+0x235/0x590 [ 785.858077][T17263] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 785.858155][T17263] ? __pfx_lock_release+0x10/0x10 [ 785.858201][T17263] ? trace_lock_acquire+0x14e/0x1f0 [ 785.858244][T17263] ? lock_acquire+0x2f/0xb0 [ 785.858287][T17263] ? __fget_files+0x40/0x3a0 [ 785.858340][T17263] ? __fget_files+0x206/0x3a0 [ 785.858393][T17263] security_file_ioctl+0x9b/0x240 [ 785.858439][T17263] __x64_sys_ioctl+0xb7/0x200 [ 785.858488][T17263] do_syscall_64+0xcd/0x250 [ 785.858542][T17263] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 785.858590][T17263] RIP: 0033:0x7f677598d169 [ 785.858615][T17263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 785.858645][T17263] RSP: 002b:00007f67767f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 785.858675][T17263] RAX: ffffffffffffffda RBX: 00007f6775ba5fa0 RCX: 00007f677598d169 [ 785.858696][T17263] RDX: 0000000000000000 RSI: 0000000050009404 RDI: 0000000000000004 [ 785.858716][T17263] RBP: 00007f67767f5090 R08: 0000000000000000 R09: 0000000000000000 [ 785.858735][T17263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 785.858755][T17263] R13: 0000000000000000 R14: 00007f6775ba5fa0 R15: 00007ffe7dcdb648 [ 785.858796][T17263] [ 785.858808][T17263] ERROR: Out of memory at tomoyo_realpath_from_path. [ 786.193792][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.347422][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.427377][T17259] chnl_net:caif_netlink_parms(): no params data found [ 786.507458][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.747886][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.878547][T17279] netlink: 544 bytes leftover after parsing attributes in process `syz.0.2458'. [ 787.299404][T17259] bridge0: port 1(bridge_slave_0) entered blocking state [ 787.330978][T17259] bridge0: port 1(bridge_slave_0) entered disabled state [ 787.356444][T17259] bridge_slave_0: entered allmulticast mode [ 787.363767][T17259] bridge_slave_0: entered promiscuous mode [ 787.378880][T17259] bridge0: port 2(bridge_slave_1) entered blocking state [ 787.406648][T17259] bridge0: port 2(bridge_slave_1) entered disabled state [ 787.414038][T17259] bridge_slave_1: entered allmulticast mode [ 787.422865][T17293] FAULT_INJECTION: forcing a failure. [ 787.422865][T17293] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 787.457285][T17259] bridge_slave_1: entered promiscuous mode [ 787.506289][T17293] CPU: 0 UID: 0 PID: 17293 Comm: syz.1.2459 Tainted: G U 6.14.0-syzkaller #0 [ 787.506335][T17293] Tainted: [U]=USER [ 787.506344][T17293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 787.506362][T17293] Call Trace: [ 787.506370][T17293] [ 787.506382][T17293] dump_stack_lvl+0x16c/0x1f0 [ 787.506435][T17293] should_fail_ex+0x50a/0x650 [ 787.506472][T17293] _copy_from_user+0x2e/0xd0 [ 787.506511][T17293] core_sys_select+0x361/0xb80 [ 787.506565][T17293] ? __pfx_core_sys_select+0x10/0x10 [ 787.506620][T17293] ? find_held_lock+0x2d/0x110 [ 787.506688][T17293] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 787.506748][T17293] kern_select+0x15e/0x1e0 [ 787.506794][T17293] ? __pfx_kern_select+0x10/0x10 [ 787.506846][T17293] ? __pfx_ksys_write+0x10/0x10 [ 787.506898][T17293] __x64_sys_select+0xbd/0x160 [ 787.506941][T17293] ? do_syscall_64+0x91/0x250 [ 787.506984][T17293] ? lockdep_hardirqs_on+0x7c/0x110 [ 787.507029][T17293] do_syscall_64+0xcd/0x250 [ 787.507089][T17293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.507136][T17293] RIP: 0033:0x7fc59d38d169 [ 787.507160][T17293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 787.507192][T17293] RSP: 002b:00007fc59b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 787.507221][T17293] RAX: ffffffffffffffda RBX: 00007fc59d5a6080 RCX: 00007fc59d38d169 [ 787.507241][T17293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 787.507258][T17293] RBP: 00007fc59b1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 787.507275][T17293] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 787.507292][T17293] R13: 0000000000000001 R14: 00007fc59d5a6080 R15: 00007ffe2c4bd698 [ 787.507329][T17293] [ 787.695573][ C0] vkms_vblank_simulate: vblank timer overrun [ 787.763423][ T56] Bluetooth: hci3: command tx timeout [ 787.957026][T17259] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 788.040753][T17259] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 788.308153][T17259] team0: Port device team_slave_0 added [ 788.359284][ T12] bridge_slave_1: left allmulticast mode [ 788.365013][ T12] bridge_slave_1: left promiscuous mode [ 788.376390][T17302] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2461'. [ 788.419033][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 788.497210][ T12] bridge_slave_0: left allmulticast mode [ 788.507971][ T12] bridge_slave_0: left promiscuous mode [ 788.513778][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 789.816319][ T56] Bluetooth: hci3: command tx timeout [ 790.076583][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 790.088799][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 790.099677][ T12] bond0 (unregistering): Released all slaves [ 790.122786][T17259] team0: Port device team_slave_1 added [ 790.259693][ T12] HfR: left promiscuous mode [ 790.329302][T17259] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 790.357361][T17259] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 790.425346][T17259] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 790.473250][T17259] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 790.491390][T17259] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 790.556435][T17259] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 791.018625][T17259] hsr_slave_0: entered promiscuous mode [ 791.025161][T17259] hsr_slave_1: entered promiscuous mode [ 791.317969][ T12] hsr_slave_0: left promiscuous mode [ 791.332566][ T12] hsr_slave_1: left promiscuous mode [ 791.346763][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 791.357145][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 791.365280][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 791.378747][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 791.405168][ T12] veth1_macvtap: left promiscuous mode [ 791.435318][ T12] veth0_macvtap: left promiscuous mode [ 791.455751][ T12] veth1_vlan: left promiscuous mode [ 791.476186][ T12] veth0_vlan: left promiscuous mode [ 791.896102][ T56] Bluetooth: hci3: command tx timeout [ 792.218769][ T12] team0 (unregistering): Port device team_slave_1 removed [ 792.290510][ T12] team0 (unregistering): Port device team_slave_0 removed [ 793.981529][ T56] Bluetooth: hci3: command tx timeout [ 794.378631][T17394] netlink: 544 bytes leftover after parsing attributes in process `syz.3.2474'. [ 794.525744][ T56] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 794.678438][ T30] audit: type=1800 audit(6037840721.653:9): pid=17401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2475" name="dbroot" dev="configfs" ino=63090 res=0 errno=0 [ 794.811282][T17401] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input10 [ 794.921464][ T30] audit: type=1804 audit(6037840721.673:10): pid=17401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2475" name="/newroot/sys/kernel/config/target/dbroot" dev="configfs" ino=63090 res=1 errno=0 [ 795.148302][T17259] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 795.259505][T17259] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 795.344202][T17259] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 795.406581][T17259] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 795.599936][T17410] FAULT_INJECTION: forcing a failure. [ 795.599936][T17410] name failslab, interval 1, probability 0, space 0, times 0 [ 795.664646][T17410] CPU: 0 UID: 0 PID: 17410 Comm: syz.3.2477 Tainted: G U 6.14.0-syzkaller #0 [ 795.664696][T17410] Tainted: [U]=USER [ 795.664707][T17410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 795.664726][T17410] Call Trace: [ 795.664735][T17410] [ 795.664748][T17410] dump_stack_lvl+0x16c/0x1f0 [ 795.664804][T17410] should_fail_ex+0x50a/0x650 [ 795.664836][T17410] ? fs_reclaim_acquire+0xae/0x150 [ 795.664883][T17410] should_failslab+0xc2/0x120 [ 795.664915][T17410] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 795.664973][T17410] ? kstrdup_const+0x63/0x80 [ 795.665036][T17410] kstrdup+0x53/0x100 [ 795.665078][T17410] kstrdup_const+0x63/0x80 [ 795.665117][T17410] alloc_vfsmnt+0xdf/0x6f0 [ 795.665163][T17410] clone_mnt+0x6d/0xf90 [ 795.665212][T17410] copy_tree+0x39e/0x9c0 [ 795.665272][T17410] copy_mnt_ns+0x1b5/0xa70 [ 795.665302][T17410] ? kmem_cache_alloc_noprof+0x279/0x3d0 [ 795.665354][T17410] ? create_new_namespaces+0x30/0xad0 [ 795.665416][T17410] create_new_namespaces+0xd3/0xad0 [ 795.665468][T17410] ? bpf_lsm_capable+0x9/0x10 [ 795.665503][T17410] ? security_capable+0x7e/0x260 [ 795.665540][T17410] copy_namespaces+0x468/0x560 [ 795.665595][T17410] copy_process+0x29fc/0x8c50 [ 795.665656][T17410] ? __pfx_copy_process+0x10/0x10 [ 795.665687][T17410] ? __pfx___futex_wait+0x10/0x10 [ 795.665769][T17410] ? 0xffffffffff600000 [ 795.665798][T17410] kernel_clone+0xfd/0x960 [ 795.665830][T17410] ? __pfx_kernel_clone+0x10/0x10 [ 795.665881][T17410] ? 0xffffffffff600000 [ 795.665904][T17410] ? 0xffffffffff600000 [ 795.665925][T17410] __do_sys_clone+0xcf/0x120 [ 795.665956][T17410] ? __pfx___do_sys_clone+0x10/0x10 [ 795.665986][T17410] ? do_raw_spin_unlock+0x172/0x230 [ 795.666019][T17410] ? 0xffffffffff600000 [ 795.666040][T17410] ? 0xffffffffff600000 [ 795.666062][T17410] ? 0xffffffffff600000 [ 795.666096][T17410] ? rcu_is_watching+0x12/0xc0 [ 795.666150][T17410] do_syscall_64+0xcd/0x250 [ 795.666205][T17410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.666251][T17410] RIP: 0033:0x7f2d5df8d169 [ 795.666275][T17410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 795.666320][T17410] RSP: 002b:00007f2d5eec2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 795.666350][T17410] RAX: ffffffffffffffda RBX: 00007f2d5e1a5fa0 RCX: 00007f2d5df8d169 [ 795.666370][T17410] RDX: ffffffffff600000 RSI: 0000000000000002 RDI: 000fffffffe22000 [ 795.666390][T17410] RBP: 00007f2d5e00e2a0 R08: 00000800fffffffc R09: 0000000000000000 [ 795.666409][T17410] R10: ffffffffff600000 R11: 0000000000000246 R12: 0000000000000000 [ 795.666427][T17410] R13: 0000000000000000 R14: 00007f2d5e1a5fa0 R15: 00007ffca0c35008 [ 795.666452][T17410] ? 0xffffffffff600000 [ 795.666478][T17410] ? 0xffffffffff600000 [ 795.666505][T17410] [ 796.270296][T17259] 8021q: adding VLAN 0 to HW filter on device bond0 [ 796.365189][T17259] 8021q: adding VLAN 0 to HW filter on device team0 [ 796.397291][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 796.404446][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 796.465385][T10565] bridge0: port 2(bridge_slave_1) entered blocking state [ 796.472632][T10565] bridge0: port 2(bridge_slave_1) entered forwarding state [ 796.781096][T17423] bond0: no command found in slaves file - use +ifname or -ifname [ 796.997946][T17259] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 797.485057][T17451] FAULT_INJECTION: forcing a failure. [ 797.485057][T17451] name failslab, interval 1, probability 0, space 0, times 0 [ 797.536084][T17451] CPU: 1 UID: 0 PID: 17451 Comm: syz.0.2484 Tainted: G U 6.14.0-syzkaller #0 [ 797.536135][T17451] Tainted: [U]=USER [ 797.536146][T17451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 797.536164][T17451] Call Trace: [ 797.536174][T17451] [ 797.536185][T17451] dump_stack_lvl+0x16c/0x1f0 [ 797.536247][T17451] should_fail_ex+0x50a/0x650 [ 797.536277][T17451] ? fs_reclaim_acquire+0xae/0x150 [ 797.536338][T17451] ? sk_prot_alloc+0x1a8/0x2a0 [ 797.536374][T17451] should_failslab+0xc2/0x120 [ 797.536408][T17451] __kmalloc_noprof+0xcb/0x510 [ 797.536456][T17451] ? find_held_lock+0x2d/0x110 [ 797.536498][T17451] sk_prot_alloc+0x1a8/0x2a0 [ 797.536549][T17451] sk_alloc+0x36/0xc20 [ 797.536600][T17451] mISDN_sock_create+0x275/0x410 [ 797.536650][T17451] __sock_create+0x335/0x8d0 [ 797.536699][T17451] __sys_socket+0x14f/0x260 [ 797.536741][T17451] ? __pfx___sys_socket+0x10/0x10 [ 797.536784][T17451] ? rcu_is_watching+0x12/0xc0 [ 797.536825][T17451] __x64_sys_socket+0x72/0xb0 [ 797.536865][T17451] ? lockdep_hardirqs_on+0x7c/0x110 [ 797.536914][T17451] do_syscall_64+0xcd/0x250 [ 797.536966][T17451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.537011][T17451] RIP: 0033:0x7f677598d169 [ 797.537036][T17451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 797.537068][T17451] RSP: 002b:00007f67767f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 797.537098][T17451] RAX: ffffffffffffffda RBX: 00007f6775ba5fa0 RCX: 00007f677598d169 [ 797.537118][T17451] RDX: 0000000000000024 RSI: 0000000000000002 RDI: 0000000000000022 [ 797.537136][T17451] RBP: 00007f6775a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 797.537154][T17451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 797.537172][T17451] R13: 0000000000000000 R14: 00007f6775ba5fa0 R15: 00007ffe7dcdb648 [ 797.537215][T17451] [ 797.854472][T17466] [ 797.865547][T17466] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2485'. [ 798.129521][T17259] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 798.485730][T17259] veth0_vlan: entered promiscuous mode [ 798.524548][T17259] veth1_vlan: entered promiscuous mode [ 798.544550][T17481] ======================================================= [ 798.544550][T17481] WARNING: The mand mount option has been deprecated and [ 798.544550][T17481] and is ignored by this kernel. Remove the mand [ 798.544550][T17481] option from the mount to silence this warning. [ 798.544550][T17481] ======================================================= [ 798.742420][T17259] veth0_macvtap: entered promiscuous mode [ 798.774726][T17259] veth1_macvtap: entered promiscuous mode [ 798.869239][T17259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 798.905963][T17259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.918880][T17259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 798.932371][T17259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.947788][T17259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 799.005835][T17259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.015761][T17259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 799.055963][T17259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.077220][T17259] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 799.196364][T17259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 799.220540][T17495] FAULT_INJECTION: forcing a failure. [ 799.220540][T17495] name fail_futex, interval 1, probability 0, space 0, times 0 [ 799.243992][T17259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.262964][T17495] CPU: 0 UID: 0 PID: 17495 Comm: syz.3.2491 Tainted: G U 6.14.0-syzkaller #0 [ 799.263016][T17495] Tainted: [U]=USER [ 799.263028][T17495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 799.263046][T17495] Call Trace: [ 799.263056][T17495] [ 799.263067][T17495] dump_stack_lvl+0x16c/0x1f0 [ 799.263123][T17495] should_fail_ex+0x50a/0x650 [ 799.263161][T17495] get_futex_key+0x4a3/0x1000 [ 799.263205][T17495] ? __pfx_get_futex_key+0x10/0x10 [ 799.263259][T17495] futex_wake+0xe8/0x4e0 [ 799.263303][T17495] ? __pfx___lock_acquire+0x10/0x10 [ 799.263349][T17495] ? lockdep_init_map_type+0x16d/0x7d0 [ 799.263402][T17495] ? __pfx_futex_wake+0x10/0x10 [ 799.263456][T17495] ? lock_acquire.part.0+0x11b/0x380 [ 799.263503][T17495] ? find_held_lock+0x2d/0x110 [ 799.263549][T17495] do_futex+0x1e5/0x350 [ 799.263590][T17495] ? __pfx_do_futex+0x10/0x10 [ 799.263655][T17495] __x64_sys_futex+0x1e1/0x4c0 [ 799.263697][T17495] ? __sys_socket+0xad/0x260 [ 799.263740][T17495] ? __pfx___x64_sys_futex+0x10/0x10 [ 799.263781][T17495] ? rcu_is_watching+0x12/0xc0 [ 799.263827][T17495] do_syscall_64+0xcd/0x250 [ 799.263889][T17495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.263936][T17495] RIP: 0033:0x7f2d5df8d169 [ 799.263961][T17495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 799.263991][T17495] RSP: 002b:00007f2d5eea10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 799.264021][T17495] RAX: ffffffffffffffda RBX: 00007f2d5e1a6088 RCX: 00007f2d5df8d169 [ 799.264042][T17495] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2d5e1a608c [ 799.264061][T17495] RBP: 00007f2d5e1a6080 R08: 00007f2d5eec3000 R09: 0000000000000000 [ 799.264079][T17495] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f2d5e1a608c [ 799.264098][T17495] R13: 0000000000000000 R14: 00007ffca0c34f20 R15: 00007ffca0c35008 [ 799.264135][T17495] [ 799.460660][T17259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 799.472140][T17259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.482075][T17259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 799.492666][T17259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.502838][T17259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 799.513432][T17259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.524542][T17259] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 799.534924][T17259] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.543754][T17259] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.552618][T17259] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.562696][T17259] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.843760][ T1323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 799.874349][ T1323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 800.151249][ T1323] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 800.214485][ T1323] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 801.495032][T17551] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(1) [ 802.041356][T17562] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2500'. [ 802.054918][T17562] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2500'. [ 802.886516][T17570] netlink: 544 bytes leftover after parsing attributes in process `syz.1.2501'. [ 805.006389][T17606] FAULT_INJECTION: forcing a failure. [ 805.006389][T17606] name failslab, interval 1, probability 0, space 0, times 0 [ 805.019412][T17606] CPU: 0 UID: 0 PID: 17606 Comm: syz.0.2510 Tainted: G U 6.14.0-syzkaller #0 [ 805.019456][T17606] Tainted: [U]=USER [ 805.019466][T17606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 805.019493][T17606] Call Trace: [ 805.019502][T17606] [ 805.019513][T17606] dump_stack_lvl+0x16c/0x1f0 [ 805.019567][T17606] should_fail_ex+0x50a/0x650 [ 805.019598][T17606] ? fs_reclaim_acquire+0xae/0x150 [ 805.019643][T17606] should_failslab+0xc2/0x120 [ 805.019675][T17606] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 805.019727][T17606] ? seq_open+0x55/0x170 [ 805.019766][T17606] seq_open+0x55/0x170 [ 805.019802][T17606] kernfs_fop_open+0x5e4/0xdb0 [ 805.019838][T17606] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 805.019891][T17606] do_dentry_open+0x735/0x1c40 [ 805.019938][T17606] ? __pfx_kernfs_fop_open+0x10/0x10 [ 805.019974][T17606] ? inode_permission+0xdd/0x5f0 [ 805.020013][T17606] vfs_open+0x82/0x3f0 [ 805.020043][T17606] ? may_open+0x1f2/0x400 [ 805.020084][T17606] path_openat+0x1e88/0x2d80 [ 805.020147][T17606] ? __pfx_path_openat+0x10/0x10 [ 805.020196][T17606] ? __pfx___lock_acquire+0x10/0x10 [ 805.020239][T17606] ? lock_acquire.part.0+0x11b/0x380 [ 805.020286][T17606] ? find_held_lock+0x2d/0x110 [ 805.020326][T17606] do_filp_open+0x20c/0x470 [ 805.020373][T17606] ? __pfx_do_filp_open+0x10/0x10 [ 805.020426][T17606] ? find_held_lock+0x2d/0x110 [ 805.020511][T17606] ? alloc_fd+0x41f/0x760 [ 805.020569][T17606] do_sys_openat2+0x17a/0x1e0 [ 805.020603][T17606] ? __pfx_do_sys_openat2+0x10/0x10 [ 805.020643][T17606] ? __fget_files+0x206/0x3a0 [ 805.020698][T17606] __x64_sys_openat+0x175/0x210 [ 805.020732][T17606] ? __pfx___x64_sys_openat+0x10/0x10 [ 805.020766][T17606] ? ksys_write+0x1ba/0x250 [ 805.020827][T17606] do_syscall_64+0xcd/0x250 [ 805.020880][T17606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.020925][T17606] RIP: 0033:0x7f677598d169 [ 805.020950][T17606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 805.020981][T17606] RSP: 002b:00007f67767f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 805.021010][T17606] RAX: ffffffffffffffda RBX: 00007f6775ba5fa0 RCX: 00007f677598d169 [ 805.021030][T17606] RDX: 0000000000088442 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 805.021050][T17606] RBP: 00007f67767f5090 R08: 0000000000000000 R09: 0000000000000000 [ 805.021068][T17606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 805.021086][T17606] R13: 0000000000000000 R14: 00007f6775ba5fa0 R15: 00007ffe7dcdb648 [ 805.021124][T17606] [ 807.966663][T17642] Console: switching to colour VGA+ 80x25 [ 808.309247][T17660] FAULT_INJECTION: forcing a failure. [ 808.309247][T17660] name failslab, interval 1, probability 0, space 0, times 0 [ 808.363479][T17660] CPU: 1 UID: 0 PID: 17660 Comm: syz.0.2522 Tainted: G U 6.14.0-syzkaller #0 [ 808.363525][T17660] Tainted: [U]=USER [ 808.363535][T17660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 808.363552][T17660] Call Trace: [ 808.363561][T17660] [ 808.363572][T17660] dump_stack_lvl+0x16c/0x1f0 [ 808.363625][T17660] should_fail_ex+0x50a/0x650 [ 808.363656][T17660] ? fs_reclaim_acquire+0xae/0x150 [ 808.363718][T17660] ? mon_bin_open+0x1a8/0x4a0 [ 808.363747][T17660] should_failslab+0xc2/0x120 [ 808.363777][T17660] __kmalloc_cache_noprof+0x68/0x410 [ 808.363821][T17660] ? lockdep_init_map_type+0x16d/0x7d0 [ 808.363869][T17660] ? __raw_spin_lock_init+0x3a/0x110 [ 808.363906][T17660] mon_bin_open+0x1a8/0x4a0 [ 808.363939][T17660] ? __pfx_mon_bin_open+0x10/0x10 [ 808.363970][T17660] chrdev_open+0x237/0x6a0 [ 808.364019][T17660] ? __pfx_apparmor_file_open+0x10/0x10 [ 808.364061][T17660] ? __pfx_chrdev_open+0x10/0x10 [ 808.364113][T17660] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 808.364170][T17660] do_dentry_open+0x735/0x1c40 [ 808.364216][T17660] ? __pfx_chrdev_open+0x10/0x10 [ 808.364266][T17660] ? inode_permission+0xdd/0x5f0 [ 808.364305][T17660] vfs_open+0x82/0x3f0 [ 808.364335][T17660] ? may_open+0x1f2/0x400 [ 808.364374][T17660] path_openat+0x1e88/0x2d80 [ 808.364435][T17660] ? __pfx_path_openat+0x10/0x10 [ 808.364483][T17660] ? __pfx___lock_acquire+0x10/0x10 [ 808.364527][T17660] ? lock_acquire.part.0+0x11b/0x380 [ 808.364574][T17660] ? find_held_lock+0x2d/0x110 [ 808.364614][T17660] do_filp_open+0x20c/0x470 [ 808.364663][T17660] ? __pfx_do_filp_open+0x10/0x10 [ 808.364713][T17660] ? find_held_lock+0x2d/0x110 [ 808.364774][T17660] ? alloc_fd+0x41f/0x760 [ 808.364831][T17660] do_sys_openat2+0x17a/0x1e0 [ 808.364865][T17660] ? __pfx_do_sys_openat2+0x10/0x10 [ 808.364904][T17660] ? __fget_files+0x206/0x3a0 [ 808.364959][T17660] __x64_sys_openat+0x175/0x210 [ 808.365007][T17660] ? __pfx___x64_sys_openat+0x10/0x10 [ 808.365041][T17660] ? ksys_write+0x1ba/0x250 [ 808.365097][T17660] do_syscall_64+0xcd/0x250 [ 808.365147][T17660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 808.365200][T17660] RIP: 0033:0x7f677598d169 [ 808.365224][T17660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 808.365253][T17660] RSP: 002b:00007f67767f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 808.365282][T17660] RAX: ffffffffffffffda RBX: 00007f6775ba5fa0 RCX: 00007f677598d169 [ 808.365302][T17660] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 808.365321][T17660] RBP: 00007f67767f5090 R08: 0000000000000000 R09: 0000000000000000 [ 808.365339][T17660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 808.365358][T17660] R13: 0000000000000000 R14: 00007f6775ba5fa0 R15: 00007ffe7dcdb648 [ 808.365396][T17660] syzkaller syzkaller login: [ 810.251789][T17696] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(1) [ 810.374953][T17703] netlink: 202 bytes leftover after parsing attributes in process `syz.2.2529'. [ 814.149139][T17767] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(1) [ 814.218226][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.224899][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 816.524587][T17801] ima: policy update failed [ 816.585881][ T30] audit: type=1802 audit(6037840743.553:11): pid=17801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2551" res=0 errno=0 [ 819.722772][T17881] FAULT_INJECTION: forcing a failure. [ 819.722772][T17881] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 819.786183][T17881] CPU: 1 UID: 0 PID: 17881 Comm: syz.2.2566 Tainted: G U 6.14.0-syzkaller #0 [ 819.786226][T17881] Tainted: [U]=USER [ 819.786235][T17881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 819.786252][T17881] Call Trace: [ 819.786261][T17881] [ 819.786271][T17881] dump_stack_lvl+0x16c/0x1f0 [ 819.786344][T17881] should_fail_ex+0x50a/0x650 [ 819.786381][T17881] _copy_to_user+0x32/0xd0 [ 819.786419][T17881] simple_read_from_buffer+0xd0/0x160 [ 819.786467][T17881] proc_fail_nth_read+0x198/0x270 [ 819.786505][T17881] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 819.786548][T17881] ? rw_verify_area+0xcf/0x680 [ 819.786587][T17881] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 819.786627][T17881] vfs_read+0x1df/0xbf0 [ 819.786672][T17881] ? __fget_files+0x1fc/0x3a0 [ 819.786718][T17881] ? __pfx___mutex_lock+0x10/0x10 [ 819.786765][T17881] ? __pfx_vfs_read+0x10/0x10 [ 819.786818][T17881] ? __fget_files+0x206/0x3a0 [ 819.786875][T17881] ksys_read+0x12b/0x250 [ 819.786924][T17881] ? __pfx_ksys_read+0x10/0x10 [ 819.786980][T17881] do_syscall_64+0xcd/0x250 [ 819.787032][T17881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.787076][T17881] RIP: 0033:0x7f3b6a98bb7c [ 819.787101][T17881] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 819.787132][T17881] RSP: 002b:00007f3b6b77f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 819.787161][T17881] RAX: ffffffffffffffda RBX: 00007f3b6aba5fa0 RCX: 00007f3b6a98bb7c [ 819.787180][T17881] RDX: 000000000000000f RSI: 00007f3b6b77f0a0 RDI: 0000000000000004 [ 819.787198][T17881] RBP: 00007f3b6b77f090 R08: 0000000000000000 R09: 0000000000000000 [ 819.787222][T17881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 819.787239][T17881] R13: 0000000000000000 R14: 00007f3b6aba5fa0 R15: 00007ffd60bc2db8 [ 819.787276][T17881] [ 821.209476][T17915] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(1) [ 824.604448][T17966] FAULT_INJECTION: forcing a failure. [ 824.604448][T17966] name failslab, interval 1, probability 0, space 0, times 0 [ 824.629099][T17966] CPU: 0 UID: 0 PID: 17966 Comm: syz.2.2588 Tainted: G U 6.14.0-syzkaller #0 [ 824.629151][T17966] Tainted: [U]=USER [ 824.629162][T17966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 824.629181][T17966] Call Trace: [ 824.629190][T17966] [ 824.629202][T17966] dump_stack_lvl+0x16c/0x1f0 [ 824.629259][T17966] should_fail_ex+0x50a/0x650 [ 824.629299][T17966] should_failslab+0xc2/0x120 [ 824.629335][T17966] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 824.629400][T17966] ? dst_alloc+0x99/0x1a0 [ 824.629451][T17966] dst_alloc+0x99/0x1a0 [ 824.629504][T17966] rt_dst_alloc+0x35/0x3a0 [ 824.629558][T17966] ip_route_output_key_hash_rcu+0x88d/0x2930 [ 824.629608][T17966] ip_route_output_key_hash+0x138/0x2e0 [ 824.629647][T17966] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 824.629683][T17966] ? __pfx_stack_trace_save+0x10/0x10 [ 824.629736][T17966] tcp_v4_connect+0x7df/0x1b80 [ 824.629783][T17966] ? __pfx_tcp_v4_connect+0x10/0x10 [ 824.629828][T17966] __inet_stream_connect+0x3c7/0x1020 [ 824.629872][T17966] ? __pfx___inet_stream_connect+0x10/0x10 [ 824.629924][T17966] tcp_sendmsg_fastopen+0x3d7/0x700 [ 824.629969][T17966] tcp_sendmsg_locked+0x2075/0x37c0 [ 824.630005][T17966] ? btrfs_chunk_alloc_add_chunk_item+0x3cf/0x10b0 [ 824.630049][T17966] ? hlock_class+0x4e/0x130 [ 824.630082][T17966] ? mark_lock+0xb5/0xc60 [ 824.630124][T17966] ? __pfx___lock_acquire+0x10/0x10 [ 824.630167][T17966] ? smc_switch_to_fallback+0x5a6/0xa00 [ 824.630218][T17966] ? __pfx_lock_release+0x10/0x10 [ 824.630260][T17966] ? __pfx_mark_lock+0x10/0x10 [ 824.630303][T17966] ? lock_acquire.part.0+0x11b/0x380 [ 824.630365][T17966] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 824.630407][T17966] ? tcp_sendmsg+0x20/0x50 [ 824.630442][T17966] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 824.630487][T17966] ? mark_held_locks+0x9f/0xe0 [ 824.630537][T17966] ? __local_bh_enable_ip+0xa4/0x120 [ 824.630594][T17966] tcp_sendmsg+0x2e/0x50 [ 824.630626][T17966] ? __pfx_tcp_sendmsg+0x10/0x10 [ 824.630662][T17966] inet_sendmsg+0xb9/0x140 [ 824.630697][T17966] smc_sendmsg+0x221/0x520 [ 824.630751][T17966] ____sys_sendmsg+0xaaf/0xc90 [ 824.630798][T17966] ? __pfx_____sys_sendmsg+0x10/0x10 [ 824.630838][T17966] ? __lock_acquire+0xcc5/0x3c40 [ 824.630906][T17966] ___sys_sendmsg+0x135/0x1e0 [ 824.630964][T17966] ? __pfx____sys_sendmsg+0x10/0x10 [ 824.631039][T17966] ? trace_lock_acquire+0x14e/0x1f0 [ 824.631108][T17966] __sys_sendmmsg+0x201/0x420 [ 824.631147][T17966] ? __pfx___sys_sendmmsg+0x10/0x10 [ 824.631193][T17966] ? __pfx_do_futex+0x10/0x10 [ 824.631255][T17966] ? xfd_validate_state+0x5d/0x180 [ 824.631303][T17966] ? rcu_is_watching+0x12/0xc0 [ 824.631347][T17966] __x64_sys_sendmmsg+0x9c/0x100 [ 824.631379][T17966] ? lockdep_hardirqs_on+0x7c/0x110 [ 824.631428][T17966] do_syscall_64+0xcd/0x250 [ 824.631490][T17966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 824.631539][T17966] RIP: 0033:0x7f3b6a98d169 [ 824.631565][T17966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 824.631598][T17966] RSP: 002b:00007f3b6b75e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 824.631628][T17966] RAX: ffffffffffffffda RBX: 00007f3b6aba6080 RCX: 00007f3b6a98d169 [ 824.631648][T17966] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000009 [ 824.631667][T17966] RBP: 00007f3b6aa0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 824.631687][T17966] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000000 [ 824.631706][T17966] R13: 0000000000000000 R14: 00007f3b6aba6080 R15: 00007ffd60bc2db8 [ 824.631746][T17966] [ 825.877738][T17985] netlink: 544 bytes leftover after parsing attributes in process `syz.3.2593'. [ 830.197688][T18058] FAULT_INJECTION: forcing a failure. [ 830.197688][T18058] name failslab, interval 1, probability 0, space 0, times 0 [ 830.275738][T18058] CPU: 1 UID: 0 PID: 18058 Comm: syz.0.2613 Tainted: G U 6.14.0-syzkaller #0 [ 830.275799][T18058] Tainted: [U]=USER [ 830.275810][T18058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 830.275829][T18058] Call Trace: [ 830.275838][T18058] [ 830.275850][T18058] dump_stack_lvl+0x16c/0x1f0 [ 830.275905][T18058] should_fail_ex+0x50a/0x650 [ 830.275938][T18058] ? fs_reclaim_acquire+0xae/0x150 [ 830.275985][T18058] should_failslab+0xc2/0x120 [ 830.276019][T18058] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 830.276075][T18058] ? security_inode_alloc+0x3b/0x2b0 [ 830.276121][T18058] security_inode_alloc+0x3b/0x2b0 [ 830.276162][T18058] inode_init_always_gfp+0xce4/0x1030 [ 830.276228][T18058] alloc_inode+0x82/0x230 [ 830.276266][T18058] sock_alloc+0x40/0x280 [ 830.276303][T18058] __sock_create+0xc1/0x8d0 [ 830.276346][T18058] ? crng_make_state+0x27d/0x6d0 [ 830.276405][T18058] udp_sock_create4+0xa7/0x450 [ 830.276453][T18058] ? __pfx_udp_sock_create4+0x10/0x10 [ 830.276499][T18058] ? mark_held_locks+0x9f/0xe0 [ 830.276552][T18058] ? lockdep_hardirqs_on+0x7c/0x110 [ 830.276601][T18058] ? crng_make_state+0x48e/0x6d0 [ 830.276659][T18058] rxrpc_open_socket+0x500/0x6c0 [ 830.276705][T18058] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 830.276766][T18058] ? lockdep_init_map_type+0x16d/0x7d0 [ 830.276824][T18058] ? rcu_is_watching+0x12/0xc0 [ 830.276867][T18058] rxrpc_lookup_local+0xa02/0x1220 [ 830.276919][T18058] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 830.276967][T18058] ? __local_bh_enable_ip+0xa4/0x120 [ 830.277028][T18058] rxrpc_sendmsg+0x375/0x5f0 [ 830.277081][T18058] ____sys_sendmsg+0xaaf/0xc90 [ 830.277124][T18058] ? copy_msghdr_from_user+0x10b/0x160 [ 830.277179][T18058] ? __pfx_____sys_sendmsg+0x10/0x10 [ 830.277242][T18058] ___sys_sendmsg+0x135/0x1e0 [ 830.277300][T18058] ? __pfx____sys_sendmsg+0x10/0x10 [ 830.277374][T18058] ? __pfx_lock_release+0x10/0x10 [ 830.277421][T18058] ? trace_lock_acquire+0x14e/0x1f0 [ 830.277475][T18058] ? __fget_files+0x206/0x3a0 [ 830.277537][T18058] __sys_sendmsg+0x16e/0x220 [ 830.277570][T18058] ? __pfx___sys_sendmsg+0x10/0x10 [ 830.277602][T18058] ? __x64_sys_futex+0x1e1/0x4c0 [ 830.277671][T18058] do_syscall_64+0xcd/0x250 [ 830.277727][T18058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 830.277775][T18058] RIP: 0033:0x7f677598d169 [ 830.277809][T18058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 830.277842][T18058] RSP: 002b:00007f67767f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 830.277873][T18058] RAX: ffffffffffffffda RBX: 00007f6775ba5fa0 RCX: 00007f677598d169 [ 830.277907][T18058] RDX: 0000000000000130 RSI: 0000000000000000 RDI: 0000000000000005 [ 830.277926][T18058] RBP: 00007f6775a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 830.277944][T18058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 830.277963][T18058] R13: 0000000000000000 R14: 00007f6775ba5fa0 R15: 00007ffe7dcdb648 [ 830.278004][T18058] [ 830.756174][T18058] socket: no more sockets [ 831.021746][T18066] FAULT_INJECTION: forcing a failure. [ 831.021746][T18066] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 831.090539][T18066] CPU: 0 UID: 0 PID: 18066 Comm: syz.3.2616 Tainted: G U 6.14.0-syzkaller #0 [ 831.090593][T18066] Tainted: [U]=USER [ 831.090603][T18066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 831.090622][T18066] Call Trace: [ 831.090632][T18066] [ 831.090644][T18066] dump_stack_lvl+0x16c/0x1f0 [ 831.090700][T18066] should_fail_ex+0x50a/0x650 [ 831.090732][T18066] ? __pfx___might_resched+0x10/0x10 [ 831.090791][T18066] should_fail_alloc_page+0xe7/0x130 [ 831.090828][T18066] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 831.090883][T18066] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 831.090943][T18066] ? find_held_lock+0x2d/0x110 [ 831.090984][T18066] ? weighted_interleave_nid+0x3ec/0x5b0 [ 831.091018][T18066] ? __pfx_lock_release+0x10/0x10 [ 831.091065][T18066] ? trace_lock_acquire+0x14e/0x1f0 [ 831.091104][T18066] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 831.091177][T18066] ? __pfx_weighted_interleave_nid+0x10/0x10 [ 831.091235][T18066] ? hlock_class+0x4e/0x130 [ 831.091270][T18066] ? __lock_acquire+0xcc5/0x3c40 [ 831.091325][T18066] ? policy_nodemask+0xea/0x4e0 [ 831.091362][T18066] alloc_pages_mpol+0x1fc/0x540 [ 831.091396][T18066] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 831.091429][T18066] ? hlock_class+0x4e/0x130 [ 831.091488][T18066] folio_alloc_mpol_noprof+0x36/0x2f0 [ 831.091531][T18066] vma_alloc_folio_noprof+0xee/0x1b0 [ 831.091569][T18066] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 831.091610][T18066] ? find_held_lock+0x2d/0x110 [ 831.091655][T18066] do_pte_missing+0x202f/0x3e10 [ 831.091721][T18066] __handle_mm_fault+0x103c/0x2a40 [ 831.091785][T18066] ? __pfx___handle_mm_fault+0x10/0x10 [ 831.091835][T18066] ? follow_page_pte+0x3ac/0x1490 [ 831.091884][T18066] ? __pfx_lock_release+0x10/0x10 [ 831.091964][T18066] handle_mm_fault+0x3fa/0xaa0 [ 831.092023][T18066] __get_user_pages+0x773/0x36f0 [ 831.092083][T18066] ? __pfx_mt_find+0x10/0x10 [ 831.092135][T18066] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 831.092186][T18066] ? __pfx___get_user_pages+0x10/0x10 [ 831.092239][T18066] ? __mm_populate+0x21d/0x380 [ 831.092299][T18066] populate_vma_page_range+0x27f/0x3a0 [ 831.092354][T18066] ? __pfx_populate_vma_page_range+0x10/0x10 [ 831.092406][T18066] ? __pfx_find_vma_intersection+0x10/0x10 [ 831.092459][T18066] ? vm_mmap_pgoff+0x31a/0x440 [ 831.092513][T18066] __mm_populate+0x1d6/0x380 [ 831.092566][T18066] ? __pfx___mm_populate+0x10/0x10 [ 831.092623][T18066] ? up_write+0x1b2/0x520 [ 831.092680][T18066] vm_mmap_pgoff+0x352/0x440 [ 831.092733][T18066] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 831.092793][T18066] ? __x64_sys_futex+0x1e1/0x4c0 [ 831.092833][T18066] ? __x64_sys_futex+0x1ea/0x4c0 [ 831.092881][T18066] ksys_mmap_pgoff+0x7d/0x5c0 [ 831.092923][T18066] ? rcu_is_watching+0x12/0xc0 [ 831.092963][T18066] __x64_sys_mmap+0x125/0x190 [ 831.093019][T18066] do_syscall_64+0xcd/0x250 [ 831.093073][T18066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 831.093119][T18066] RIP: 0033:0x7f2d5df8d169 [ 831.093146][T18066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 831.093179][T18066] RSP: 002b:00007f2d5eec2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 831.093210][T18066] RAX: ffffffffffffffda RBX: 00007f2d5e1a5fa0 RCX: 00007f2d5df8d169 [ 831.093231][T18066] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 831.093250][T18066] RBP: 00007f2d5e00e2a0 R08: 0000000000000002 R09: 0000000000008000 [ 831.093270][T18066] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 831.093288][T18066] R13: 0000000000000000 R14: 00007f2d5e1a5fa0 R15: 00007ffca0c35008 [ 831.093330][T18066] [ 832.654838][T18096] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(1) [ 833.818768][T18109] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2626'. [ 834.406170][T18125] netlink: 544 bytes leftover after parsing attributes in process `syz.1.2629'. [ 836.071801][T18143] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(1) [ 837.148528][T18169] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(1) [ 837.731940][T18178] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2644'. [ 838.157922][T18192] FAULT_INJECTION: forcing a failure. [ 838.157922][T18192] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 838.192043][T18192] CPU: 0 UID: 0 PID: 18192 Comm: syz.2.2650 Tainted: G U 6.14.0-syzkaller #0 [ 838.192089][T18192] Tainted: [U]=USER [ 838.192099][T18192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 838.192118][T18192] Call Trace: [ 838.192126][T18192] [ 838.192137][T18192] dump_stack_lvl+0x16c/0x1f0 [ 838.192189][T18192] should_fail_ex+0x50a/0x650 [ 838.192226][T18192] _copy_to_user+0x32/0xd0 [ 838.192265][T18192] simple_read_from_buffer+0xd0/0x160 [ 838.192310][T18192] proc_fail_nth_read+0x198/0x270 [ 838.192349][T18192] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 838.192392][T18192] ? rw_verify_area+0xcf/0x680 [ 838.192431][T18192] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 838.192471][T18192] vfs_read+0x1df/0xbf0 [ 838.192516][T18192] ? __fget_files+0x1fc/0x3a0 [ 838.192562][T18192] ? __pfx___mutex_lock+0x10/0x10 [ 838.192611][T18192] ? __pfx_vfs_read+0x10/0x10 [ 838.192665][T18192] ? __fget_files+0x206/0x3a0 [ 838.192723][T18192] ksys_read+0x12b/0x250 [ 838.192796][T18192] ? __pfx_ksys_read+0x10/0x10 [ 838.192854][T18192] do_syscall_64+0xcd/0x250 [ 838.192905][T18192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.192951][T18192] RIP: 0033:0x7f3b6a98bb7c [ 838.192975][T18192] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 838.193005][T18192] RSP: 002b:00007f3b6b77f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 838.193034][T18192] RAX: ffffffffffffffda RBX: 00007f3b6aba5fa0 RCX: 00007f3b6a98bb7c [ 838.193056][T18192] RDX: 000000000000000f RSI: 00007f3b6b77f0a0 RDI: 0000000000000003 [ 838.193076][T18192] RBP: 00007f3b6b77f090 R08: 0000000000000000 R09: 0000000000000000 [ 838.193095][T18192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 838.193114][T18192] R13: 0000000000000001 R14: 00007f3b6aba5fa0 R15: 00007ffd60bc2db8 [ 838.193153][T18192] [ 838.569524][T18196] netlink: 544 bytes leftover after parsing attributes in process `syz.1.2649'. [ 838.608312][T18198] FAULT_INJECTION: forcing a failure. [ 838.608312][T18198] name failslab, interval 1, probability 0, space 0, times 0 [ 838.623775][T18198] CPU: 0 UID: 0 PID: 18198 Comm: syz.0.2652 Tainted: G U 6.14.0-syzkaller #0 [ 838.623824][T18198] Tainted: [U]=USER [ 838.623834][T18198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 838.623853][T18198] Call Trace: [ 838.623863][T18198] [ 838.623888][T18198] dump_stack_lvl+0x16c/0x1f0 [ 838.623964][T18198] should_fail_ex+0x50a/0x650 [ 838.623997][T18198] ? fs_reclaim_acquire+0xae/0x150 [ 838.624046][T18198] should_failslab+0xc2/0x120 [ 838.624092][T18198] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 838.624159][T18198] ? __asan_memcpy+0x3c/0x60 [ 838.624205][T18198] ? __kernfs_new_node+0xd3/0x890 [ 838.624260][T18198] __kernfs_new_node+0xd3/0x890 [ 838.624310][T18198] ? hlock_class+0x4e/0x130 [ 838.624347][T18198] ? __pfx___kernfs_new_node+0x10/0x10 [ 838.624414][T18198] ? __pfx___lock_acquire+0x10/0x10 [ 838.624473][T18198] kernfs_new_node+0x186/0x240 [ 838.624526][T18198] ? lock_acquire.part.0+0x11b/0x380 [ 838.624579][T18198] kernfs_create_dir_ns+0x4c/0x150 [ 838.624640][T18198] sysfs_create_dir_ns+0x13b/0x2b0 [ 838.624686][T18198] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 838.624738][T18198] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 838.624773][T18198] ? kobject_add_internal+0x12d/0x990 [ 838.624809][T18198] ? class_dir_child_ns_type+0xd/0x60 [ 838.624863][T18198] kobject_add_internal+0x2c8/0x990 [ 838.624905][T18198] kobject_add+0x16f/0x240 [ 838.624937][T18198] ? __pfx_kobject_add+0x10/0x10 [ 838.624973][T18198] ? lock_acquire+0x2f/0xb0 [ 838.625018][T18198] ? get_device_parent+0x11f/0x4e0 [ 838.625065][T18198] ? kobject_put+0xab/0x5a0 [ 838.625132][T18198] device_add+0x289/0x1a70 [ 838.625183][T18198] ? __pfx_dev_set_name+0x10/0x10 [ 838.625215][T18198] ? __pfx_device_add+0x10/0x10 [ 838.625285][T18198] add_disk_fwnode+0x468/0x1320 [ 838.625340][T18198] zram_add+0x486/0x6b0 [ 838.625391][T18198] ? __pfx_zram_add+0x10/0x10 [ 838.625469][T18198] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 838.625520][T18198] ? rcu_is_watching+0x12/0xc0 [ 838.625564][T18198] ? __pfx_hot_add_show+0x10/0x10 [ 838.625615][T18198] hot_add_show+0x21/0x80 [ 838.625666][T18198] class_attr_show+0x6f/0xa0 [ 838.625736][T18198] ? __pfx_class_attr_show+0x10/0x10 [ 838.625783][T18198] sysfs_kf_seq_show+0x23e/0x410 [ 838.625831][T18198] seq_read_iter+0x4f4/0x12b0 [ 838.625893][T18198] kernfs_fop_read_iter+0x414/0x580 [ 838.625930][T18198] ? rw_verify_area+0xcf/0x680 [ 838.625976][T18198] vfs_read+0x886/0xbf0 [ 838.626031][T18198] ? __pfx_vfs_read+0x10/0x10 [ 838.626109][T18198] ksys_read+0x12b/0x250 [ 838.626155][T18198] ? __pfx_ksys_read+0x10/0x10 [ 838.626217][T18198] do_syscall_64+0xcd/0x250 [ 838.626273][T18198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.626321][T18198] RIP: 0033:0x7f677598d169 [ 838.626349][T18198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 838.626383][T18198] RSP: 002b:00007f67767f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 838.626413][T18198] RAX: ffffffffffffffda RBX: 00007f6775ba5fa0 RCX: 00007f677598d169 [ 838.626434][T18198] RDX: 0000000000001097 RSI: 0000200000000ec0 RDI: 0000000000000007 [ 838.626454][T18198] RBP: 00007f6775a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 838.626473][T18198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 838.626492][T18198] R13: 0000000000000000 R14: 00007f6775ba5fa0 R15: 00007ffe7dcdb648 [ 838.626536][T18198] [ 838.977408][T18198] kobject: kobject_add_internal failed for zram3 (error: -12 parent: block) [ 840.114359][T18211] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2654'. [ 840.518871][T18224] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2659'. [ 841.101382][T18236] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2663'. [ 841.111282][T18237] nbd: socks must be embedded in a SOCK_ITEM attr [ 841.120231][T18237] block nbd1: shutting down sockets [ 841.146217][T18236] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2663'. [ 841.406556][T18238] netlink: 544 bytes leftover after parsing attributes in process `syz.2.2664'. [ 842.591345][T18268] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(1) [ 843.050858][T18275] blktrace: Concurrent blktraces are not allowed on ram12 [ 843.107863][T18275] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2677'. [ 843.480785][T18286] netlink: 544 bytes leftover after parsing attributes in process `syz.1.2680'. [ 844.114198][T18297] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(1) [ 845.112103][T18320] blktrace: Concurrent blktraces are not allowed on ram12 [ 845.174530][T18320] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2689'. [ 845.267102][T18322] blktrace: Concurrent blktraces are not allowed on ram12 [ 845.349323][T18322] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2691'. [ 846.229046][T18358] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(1) [ 846.957394][T18382] FAULT_INJECTION: forcing a failure. [ 846.957394][T18382] name failslab, interval 1, probability 0, space 0, times 0 [ 847.053228][T18382] CPU: 0 UID: 0 PID: 18382 Comm: syz.0.2702 Tainted: G U 6.14.0-syzkaller #0 [ 847.053277][T18382] Tainted: [U]=USER [ 847.053287][T18382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 847.053304][T18382] Call Trace: [ 847.053314][T18382] [ 847.053326][T18382] dump_stack_lvl+0x16c/0x1f0 [ 847.053379][T18382] should_fail_ex+0x50a/0x650 [ 847.053409][T18382] ? fs_reclaim_acquire+0xae/0x150 [ 847.053451][T18382] ? s_start+0x7b/0x320 [ 847.053493][T18382] should_failslab+0xc2/0x120 [ 847.053523][T18382] __kmalloc_cache_noprof+0x68/0x410 [ 847.053567][T18382] ? rcu_is_watching+0x12/0xc0 [ 847.053602][T18382] ? trace_kmalloc+0x2d/0xd0 [ 847.053645][T18382] s_start+0x7b/0x320 [ 847.053696][T18382] traverse.part.0.constprop.0+0xac/0x640 [ 847.053753][T18382] seq_read_iter+0x934/0x12b0 [ 847.053823][T18382] seq_read+0x39f/0x4e0 [ 847.053863][T18382] ? __pfx_seq_read+0x10/0x10 [ 847.053925][T18382] ? rw_verify_area+0xcf/0x680 [ 847.053964][T18382] ? __pfx_seq_read+0x10/0x10 [ 847.054004][T18382] vfs_read+0x1df/0xbf0 [ 847.054057][T18382] ? __fget_files+0x1fc/0x3a0 [ 847.054103][T18382] ? __pfx_lock_release+0x10/0x10 [ 847.054147][T18382] ? __pfx_vfs_read+0x10/0x10 [ 847.054191][T18382] ? lock_acquire+0x2f/0xb0 [ 847.054232][T18382] ? __fget_files+0x40/0x3a0 [ 847.054280][T18382] ? __fget_files+0x206/0x3a0 [ 847.054332][T18382] __x64_sys_pread64+0x1f6/0x250 [ 847.054377][T18382] ? __pfx___x64_sys_pread64+0x10/0x10 [ 847.054435][T18382] do_syscall_64+0xcd/0x250 [ 847.054486][T18382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.054532][T18382] RIP: 0033:0x7f677598d169 [ 847.054556][T18382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 847.054587][T18382] RSP: 002b:00007f67767f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 847.054616][T18382] RAX: ffffffffffffffda RBX: 00007f6775ba5fa0 RCX: 00007f677598d169 [ 847.054636][T18382] RDX: 000000000000000f RSI: 0000200000000000 RDI: 0000000000000003 [ 847.054655][T18382] RBP: 00007f67767f5090 R08: 0000000000000000 R09: 0000000000000000 [ 847.054674][T18382] R10: 00000000000005af R11: 0000000000000246 R12: 0000000000000001 [ 847.054693][T18382] R13: 0000000000000000 R14: 00007f6775ba5fa0 R15: 00007ffe7dcdb648 [ 847.054733][T18382] [ 847.054761][T18382] [ 847.286995][T18382] ===================================== [ 847.292547][T18382] WARNING: bad unlock balance detected! [ 847.298097][T18382] 6.14.0-syzkaller #0 Tainted: G U [ 847.304602][T18382] ------------------------------------- [ 847.310150][T18382] syz.0.2702/18382 is trying to release lock (event_mutex) at: [ 847.317723][T18382] [] traverse.part.0.constprop.0+0x2bd/0x640 [ 847.325306][T18382] but there are no more locks to release! [ 847.331124][T18382] [ 847.331124][T18382] other info that might help us debug this: [ 847.339203][T18382] 1 lock held by syz.0.2702/18382: [ 847.344344][T18382] #0: ffff8880607a1540 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xd8/0x12b0 [ 847.353311][T18382] [ 847.353311][T18382] stack backtrace: [ 847.359222][T18382] CPU: 0 UID: 0 PID: 18382 Comm: syz.0.2702 Tainted: G U 6.14.0-syzkaller #0 [ 847.359258][T18382] Tainted: [U]=USER [ 847.359266][T18382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 847.359282][T18382] Call Trace: [ 847.359289][T18382] [ 847.359298][T18382] dump_stack_lvl+0x116/0x1f0 [ 847.359341][T18382] ? traverse.part.0.constprop.0+0x2bd/0x640 [ 847.359376][T18382] print_unlock_imbalance_bug+0x1aa/0x1f0 [ 847.359413][T18382] lock_release+0x525/0x6f0 [ 847.359447][T18382] ? traverse.part.0.constprop.0+0x2bd/0x640 [ 847.359481][T18382] ? __pfx_lock_release+0x10/0x10 [ 847.359516][T18382] ? mark_held_locks+0x9f/0xe0 [ 847.359551][T18382] ? dump_stack_lvl+0x185/0x1f0 [ 847.359587][T18382] ? lockdep_hardirqs_on+0x7c/0x110 [ 847.359641][T18382] __mutex_unlock_slowpath+0xa3/0x6a0 [ 847.359681][T18382] ? rcu_is_watching+0x12/0xc0 [ 847.359708][T18382] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 847.359747][T18382] ? rcu_is_watching+0x12/0xc0 [ 847.359773][T18382] ? rcu_is_watching+0x12/0xc0 [ 847.359804][T18382] ? kfree+0x260/0x4d0 [ 847.359836][T18382] ? __kasan_kmalloc+0x8a/0xb0 [ 847.359877][T18382] traverse.part.0.constprop.0+0x2bd/0x640 [ 847.359917][T18382] seq_read_iter+0x934/0x12b0 [ 847.359955][T18382] seq_read+0x39f/0x4e0 [ 847.359987][T18382] ? __pfx_seq_read+0x10/0x10 [ 847.360026][T18382] ? rw_verify_area+0xcf/0x680 [ 847.360057][T18382] ? __pfx_seq_read+0x10/0x10 [ 847.360089][T18382] vfs_read+0x1df/0xbf0 [ 847.360123][T18382] ? __fget_files+0x1fc/0x3a0 [ 847.360160][T18382] ? __pfx_lock_release+0x10/0x10 [ 847.360195][T18382] ? __pfx_vfs_read+0x10/0x10 [ 847.360230][T18382] ? lock_acquire+0x2f/0xb0 [ 847.360265][T18382] ? __fget_files+0x40/0x3a0 [ 847.360302][T18382] ? __fget_files+0x206/0x3a0 [ 847.360342][T18382] __x64_sys_pread64+0x1f6/0x250 [ 847.360380][T18382] ? __pfx___x64_sys_pread64+0x10/0x10 [ 847.360421][T18382] do_syscall_64+0xcd/0x250 [ 847.360460][T18382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.360498][T18382] RIP: 0033:0x7f677598d169 [ 847.360517][T18382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 847.360543][T18382] RSP: 002b:00007f67767f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 847.360567][T18382] RAX: ffffffffffffffda RBX: 00007f6775ba5fa0 RCX: 00007f677598d169 [ 847.360584][T18382] RDX: 000000000000000f RSI: 0000200000000000 RDI: 0000000000000003 [ 847.360602][T18382] RBP: 00007f67767f5090 R08: 0000000000000000 R09: 0000000000000000 [ 847.360618][T18382] R10: 00000000000005af R11: 0000000000000246 R12: 0000000000000001 [ 847.360635][T18382] R13: 0000000000000000 R14: 00007f6775ba5fa0 R15: 00007ffe7dcdb648 [ 847.360659][T18382] [ 848.058839][T18387] caif:caif_disconnect_client(): nothing to disconnect