last executing test programs: 6m26.334283162s ago: executing program 2 (id=738): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop13/queue/discard_max_hw_bytes\x00', 0x0, 0x0) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) ioctl$auto_BLKSECDISCARD(0xffffffffffffffff, 0x127d, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getpid() openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x101000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, 0x0, 0x800, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSA(r1, &(0x7f0000006200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="230027bd7000fedbdf25090000001800038005000180030000000c00030004000000000000000400028008"], 0x38}, 0x1, 0x0, 0x0, 0x4008008}, 0x0) read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000010c0)=""/4082, 0xff2) 6m25.722565278s ago: executing program 2 (id=740): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001900), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_GET_TXSC(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001940)={0x14, r1, 0x186f202170196f7b, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x20, 0x200008d0}, 0x40080c4) 6m25.503533417s ago: executing program 2 (id=741): mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) (async) r0 = socket(0x10, 0x2, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/devicetree/base/name\x00', 0x8000, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) read$auto(r1, 0x0, 0x9) (async) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffdcb, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x440c5) (async) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x38, 0x100000001, 0xffffffff, 0x0, 0x0, 0x0, 0x1000000006, 0x10001, 0x7, 0x400, 0x7ffffff8, 0x5, 0xffffffff80000000, 0x5, 0x61, 0x103}) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) (async) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xb8, 0x100000000, 0x5, 0x1b, 0x93c, 0x1ffdc, 0x7, 0x2000000000000006, 0x2, 0x9, 0x5, 0x2, 0x8001, 0xae, 0x9, 0x922, 0x7, 0x5, 0x5, 0x3, 0xfffffffe, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) (async) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/amidi2\x00', 0x1000, 0x0) 6m24.485776251s ago: executing program 2 (id=744): mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x20a02, 0x0) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(0x0, r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r1, 0x0, 0x4004) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_DAT_CACHE(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)={0x1c, r4, 0x99bc9625bdb7e757, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0xc00e0000, 0x4000000}, 0x10) 6m23.382393378s ago: executing program 2 (id=750): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram14/queue/physical_block_size\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/4075, 0xfd2f) 6m22.88082935s ago: executing program 2 (id=752): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cpu.pressure\x00', 0x183142, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) pread64$auto(r0, 0x0, 0x86bc090, 0x9) r1 = socket(0x10, 0x2, 0x0) r2 = socket(0x10, 0x2, 0x4) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'macvtap0\x00', 0x0}) connect$auto(r2, &(0x7f00000000c0)=@can={0x1d, r3}, 0x7) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/system/cpu/cpu0/hotplug/fail\x00', 0x808880, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000300)=""/102, 0x66) r5 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r5, r5, 0x0) r6 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/swradio11\x00', 0x0, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec4\x00', 0x101901, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nbd5\x00', 0x800, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) write$auto(0x3, 0x0, 0xe) mmap$auto_def_blk_fops_fs(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000002, 0x40010, 0xffffffffffffffff, 0x9a) pread64$auto(r6, &(0x7f0000000100)='./cgroup/cpu.pressure\x00', 0x3, 0x8) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r6, 0xc0585611, r6) mmap$auto(0x0, 0x4, 0xffffffffffffffff, 0x400eb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0x1f40) 6m7.247670132s ago: executing program 32 (id=752): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cpu.pressure\x00', 0x183142, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) pread64$auto(r0, 0x0, 0x86bc090, 0x9) r1 = socket(0x10, 0x2, 0x0) r2 = socket(0x10, 0x2, 0x4) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'macvtap0\x00', 0x0}) connect$auto(r2, &(0x7f00000000c0)=@can={0x1d, r3}, 0x7) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/system/cpu/cpu0/hotplug/fail\x00', 0x808880, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000300)=""/102, 0x66) r5 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r5, r5, 0x0) r6 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/swradio11\x00', 0x0, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec4\x00', 0x101901, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nbd5\x00', 0x800, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) write$auto(0x3, 0x0, 0xe) mmap$auto_def_blk_fops_fs(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000002, 0x40010, 0xffffffffffffffff, 0x9a) pread64$auto(r6, &(0x7f0000000100)='./cgroup/cpu.pressure\x00', 0x3, 0x8) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r6, 0xc0585611, r6) mmap$auto(0x0, 0x4, 0xffffffffffffffff, 0x400eb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0x1f40) 5m16.761300234s ago: executing program 4 (id=943): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram14/queue/physical_block_size\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000002980)=""/4075, 0xfeb) (fail_nth: 2) 5m15.229775041s ago: executing program 4 (id=947): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000229bd70001cdddf250200020008000308"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x3f00, 0x9}, 0x7}, 0x3, 0x0) 5m14.62744774s ago: executing program 4 (id=951): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x80002, 0x0) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/cgroup\x00', 0x40, 0x0) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0x141a41, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x20000, 0x0) openat$auto_fops_u16_(0xffffffffffffff9c, 0x0, 0x42002, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) inotify_init1$auto(0x3000000000000) socket(0xa, 0x2, 0x3a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram8/queue/nr_zones\x00', 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x5, 0x5, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x48001, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x202002, 0x0) 5m13.3491687s ago: executing program 4 (id=954): openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x5, 0x1, 0x80) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bluetooth/hci7/hci7:201\x00', 0x20000, 0x0) ioctl$auto_XFS_IOC_FSBULKSTAT(r0, 0xc0205865, &(0x7f0000000180)={&(0x7f00000000c0)=0x8, 0x201, &(0x7f0000000100)="126e83db", &(0x7f0000000140)=0x3}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000001680)='/sys/kernel/tracing/uprobe_events\x00', 0x2, 0x0) ioctl$auto(0x3, 0x40045542, 0xb551) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000300)='/dev/midi2\x00', 0x80b00, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x11, 0x80003, 0x300) 5m12.635646089s ago: executing program 4 (id=956): r0 = socket(0xa, 0x2, 0x0) sendto$auto(r0, 0x0, 0x402, 0xacf8, &(0x7f0000000000)=@generic={0xa, "e2e13d0ee94e00004000"}, 0x1b) 5m12.145390661s ago: executing program 4 (id=959): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x2100, 0x0) read$auto_ptdump_fops_(r0, &(0x7f0000000080)=""/222, 0xde) io_uring_setup$auto(0x6, 0x0) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r1, 0x400, 0x1) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x121241, 0x154) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) r3 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000003b00)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x600, 0x0) readv$auto(r3, &(0x7f0000003dc0)={0x0, 0x1}, 0x3) read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f0000000180)=""/250, 0xfa) close_range$auto(r0, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) 4m56.747108547s ago: executing program 33 (id=959): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x2100, 0x0) read$auto_ptdump_fops_(r0, &(0x7f0000000080)=""/222, 0xde) io_uring_setup$auto(0x6, 0x0) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r1, 0x400, 0x1) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x121241, 0x154) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) r3 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000003b00)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x600, 0x0) readv$auto(r3, &(0x7f0000003dc0)={0x0, 0x1}, 0x3) read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f0000000180)=""/250, 0xfa) close_range$auto(r0, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) 5.069472687s ago: executing program 0 (id=2413): openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) setsockopt$auto(0xffffffffffffffff, 0x0, 0xc, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x2400c884}, 0x20040894) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x1a1000, 0x0) setsockopt$auto(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x8004) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pts/ptmx\x00', 0x0, 0x0) write$auto(0x3, 0x0, 0x7ffffffa) setregid$auto(0x0, 0x3) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r1 = getpgid(0x0) shmctl$auto_IPC_SET(0x0, 0x1, &(0x7f00000003c0)={{0x6, 0xee00, 0x0, 0x0, 0x4, 0x6}, 0x1, 0x3, 0x5, 0xef1d, @inferred, @inferred, 0x5, 0x0, &(0x7f00000002c0)="c1759b94", &(0x7f0000000300)}) msgctl$auto_IPC_SET(0x0, 0x1, 0x0) rt_tgsigqueueinfo$auto(0xffffffffffffffff, r1, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0xe, 0x85, @_sigchld={r1, 0x0, 0x401, 0x5, 0x3}}}) open(&(0x7f0000000200)='./file0\x00', 0x2a4c0, 0x8) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f0000000040)='\x89\xcf\xc3b\xd0\xfb\r\\9\xc8\xb4\x95\xdbO\xb4\xeb\xf1W\x89\xf0\xdf\xd8\x8d%v\xd1\xcc4D\x7f\xe7\x9b\xd1{\xcf]l6\x10\xef\xa1\x95@l.v\xd0\xa4\x03\x00\x00\x00\x00\x00\x00\x00*w \xa1\x14`}*r\x1e\xb1\x88r\x19\x86\xcc\x00Zh\xf4\x98\xca\xad+\xb9\xf0\xfc\xa2rm\xb5\x15\xc8\xaf\x86\xb1\xa2F\'\x93\x9c\xe0\x04\xa4\xad>\xc8\x9c\xd8\xd9G\xe9K\x89\x15\x8e\xfct\x11\xa3a\xc8\x90[\x81x\xde\xb0\x1f\x80O\n\xbe\x80\xfb\xbdXO6\xf9\xd8bH\xc9f^\x94\xda]\xb7dW\x88\xd8\xa6d\xad\x92\xb7*i\a\x00\xf2\x93 \x1b\xca\x01\xc5\x00'/178, &(0x7f0000000000)=&(0x7f00000001c0)=' ') mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x7, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x141241, 0x0) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) 5.068891464s ago: executing program 3 (id=2414): r0 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x0, 0x401, 0x7}, 0x9, 0x0) ioctl$auto_TIOCGDEV2(r0, 0x5452, &(0x7f0000000200)=0x5) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), r1) sendmsg$auto_NBD_CMD_CONNECT(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)={0x2c, r2, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x1020}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) r3 = ioctl$auto_TUNGETVNETBE2(0xffffffffffffffff, 0x800454df, &(0x7f0000000000)) sendmsg$auto_OVS_VPORT_CMD_SET(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x0, 0x200, 0x70bd25, 0x25dfdbff}, 0x14}}, 0x4090) 4.873774181s ago: executing program 3 (id=2415): set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, &(0x7f0000000080)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) socket(0xa, 0x3, 0x6) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x15, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x10a, 0x8, 0x0) setsockopt$auto(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x20) move_pages$auto(0x0, 0xd0, 0x0, &(0x7f0000001140)=0x104000, 0x0, 0x2) 3.966795609s ago: executing program 1 (id=2419): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001900), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_GET_TXSC(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001940)={0x14, r1, 0x186f202170196f7b, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0xf000, 0x200008d0}, 0x40080c4) 3.894088005s ago: executing program 0 (id=2421): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x7, 0x202000c, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x22, 0x1, 0x800bfffe) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_fastopen_key\x00', 0x8300, 0x0) read$auto(r1, &(0x7f0000000240)='nl80211\x00', 0x7) recvmmsg$auto(r0, 0x0, 0x10a, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x3c, 0x65f, 0x1ffde, 0x7, 0x3, 0x1, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x9, 0x10003, 0x80, 0x4, 0x0, 0x1, 0x2000, 0x203, 0x0, 0xfffffff7, 0x400300000000000, 0xdb, 0x0, 0x80000000, 0x4000000, [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x0, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x4, 0x20009, 0xdf, 0xeb1, r2, 0x2000010001) io_uring_setup$auto(0xfff, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYRES16, @ANYBLOB="13"], 0x1ac}}, 0x40) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ppoll$auto(&(0x7f0000000040)={r2, 0x3, 0xb}, 0x200, &(0x7f0000000080)={0x101, 0x210}, 0x0, 0x8) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1100"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x200, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f00000001c0)) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 3.817429981s ago: executing program 3 (id=2422): set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, &(0x7f0000000080)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) socket(0xa, 0x3, 0x6) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x15, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x10a, 0x8, 0x0) setsockopt$auto(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x20) move_pages$auto(0x0, 0xd0, 0x0, &(0x7f0000001140)=0x800100, 0x0, 0x2) 3.745140658s ago: executing program 1 (id=2424): unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x2400c884}, 0x20040894) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x1a1000, 0x0) setsockopt$auto(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x8004) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r1, 0x4, 0x7ff) move_pages$auto(r1, 0x81, 0x0, 0x0, 0x0, 0xfffff800) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pts/ptmx\x00', 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) socket(0x10, 0x2, 0x0) write$auto(r2, 0x0, 0x5) setregid$auto(0x0, 0x3) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r4 = getpgid(0x0) shmctl$auto_IPC_SET(0x0, 0x1, &(0x7f00000003c0)={{0x6, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x6}, 0x0, 0x3, 0x5, 0xef1d, @raw=0xc35f8e3, @inferred, 0x5, 0x0, 0x0, &(0x7f0000000300)}) msgctl$auto_IPC_SET(0x0, 0x1, 0x0) rt_tgsigqueueinfo$auto(0xffffffffffffffff, r4, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0xe, 0x85, @_sigchld={r4, 0x0, 0x401, 0x5, 0x3}}}) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f0000000040)='\x89\xcf\xc3b\xd0\xfb\r\\9\xc8\xb4\x95\xdbO\xb4\xeb\xf1W\x89\xf0\xdf\xd8\x8d%v\xd1\xcc4D\x7f\xe7\x9b\xd1{\xcf]l6\x10\xef\xa1\x95@l.v\xd0\xa4\x03\x00\x00\x00\x8c\x00\x00\x00*w \xa1\x14`}*r\x1e\xb1\x88r\x19\x86\xcc\x00Zh\xf4\x98\xca\xad+\xb9\xf0\xfc\xa2rm\xb5\x15\xc8\xaf\x86\xb1\xa2F\'\x93\x9c\xe0\x04\xa4\xad>\xc8\x9c\xd8\xd9G\xe9K\x89\x15\x8e\xfct\x11\xa3a\xc8\x90[\x81x\xde\xb0\x1f\x80O\n\xbe\x80\xfb\xbdXO6\xf9\xd8bH\xc9f^\x94\xda]\xb7dW\x88\xd8\xa6d\xad\x92\xb7*i\a\x00\xf2\x93 \x1b\xca\x01\xc5\x00'/178, &(0x7f0000000000)=&(0x7f00000001c0)=' ') openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x0, 0x0) 3.641692979s ago: executing program 0 (id=2425): mmap$auto(0x0, 0x2729, 0x9, 0x800000009b72, 0x2, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/dummy_hcd.2/usb3/bConfigurationValue\x00', 0x2101, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/transparent_hugepage/hugepages-16kB/stats/anon_fault_alloc\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) read$auto(r1, 0x0, 0x20) write$auto(r0, &(0x7f0000000000)='-0\xc7\xf9\r/\xeb7\x84)\r\xd2\x9d\x95\x8c\xc1\xb2HoTCC\x00', 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x1, 0x0, 0x10) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r3, 0x0, 0x20) writev$auto(r2, &(0x7f0000000200)={0x0, 0x3}, 0x3) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x420, 0x0) r4 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r4, 0x4018bc13, &(0x7f00000005c0)={0x0, 0x9d, 0x720, [0x0]}) 3.496480706s ago: executing program 5 (id=2426): lseek$auto(0x3, 0x7ffffffffffffffd, 0x2) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) fgetxattr$auto(0xffffffffffffffff, 0x0, 0x0, 0x9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x1d, 0x2, 0x2) socket(0x10, 0x3, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x1, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker\x00', 0x201, 0x0) writev$auto(r0, &(0x7f0000000100)={0x0, 0x9}, 0xa) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xd0, 0x2) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0) faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7) read$auto(r1, 0x0, 0x20) r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48) faccessat$auto(r2, 0x0, 0x2) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0) 3.315625626s ago: executing program 5 (id=2427): mmap$auto(0x0, 0x2729, 0x9, 0x9b72, 0x2, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) r0 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r0, 0x4018bc13, &(0x7f00000005c0)={0x0, 0x9d, 0x720, [0x0]}) 2.988082363s ago: executing program 0 (id=2428): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xa083, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r1, &(0x7f0000000640)={{&(0x7f0000000000), 0x5af, &(0x7f0000000100)={&(0x7f0000000040)="4c030000400300002106004003000000005f6bba8618", 0x48}, 0x5, 0x0, 0x5}, 0x10020}, 0x6, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0x4048aecb, 0x0) 2.940486667s ago: executing program 5 (id=2429): madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/dev\x00', 0x2a0180, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0xc34, 0xe70e) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) r1 = openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) write$auto_uhid_fops_uhid(r1, 0x0, 0xfccd) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x1) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000040)={0x6, 0x0}) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) setreuid$auto(0x0, 0x0) sysfs$auto(0x2, 0x41, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) mmap$auto(0x0, 0x401, 0x7, 0x19, 0xffffffffffffffff, 0x28001) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80000, 0x3) r3 = socket(0x15, 0x5, 0x0) setsockopt$auto(r3, 0x114, 0x9, 0xffffffffffffffff, 0x7f) socket$nl_generic(0x10, 0x3, 0x10) 2.829719713s ago: executing program 1 (id=2430): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/pci0000:00/waiting_for_supplier\x00', 0x80800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)=""/32, 0x20) setfsgid$auto(0x0) 2.797527004s ago: executing program 3 (id=2431): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8000, 0xe9) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) socket(0x25, 0x1, 0x0) mmap$auto(0x0, 0x2729, 0x9, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x1, 0xd, 0x3000, 0x5, 0x4004, 0x7fffffff, 0xffffffffffffffff, [0x0, 0x20000000], {0x6, 0x6, 0x9, 0x0, 0x102, 0x7ffffffb, 0x101, 0x8, 0x3}, {0x100, 0x1, 0x52, 0x405, 0x2, 0x60, 0x76c5, 0x8, 0x100000000}}) write$auto(0xffffffffffffffff, 0x0, 0xfff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyx3\x00', 0x2200, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r0, 0x4018bc13, &(0x7f00000005c0)={0x0, 0x9d, 0x720, [0x0]}) 2.61998052s ago: executing program 0 (id=2432): set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, &(0x7f0000000080)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x1, 0x311) socket(0xa, 0x3, 0x6) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x15, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x10a, 0x8, 0x0) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r0) setsockopt$auto(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x20) move_pages$auto(0x0, 0xd0, 0x0, &(0x7f0000001140), 0x0, 0x2) init_module$auto(&(0x7f0000000100)="117facf49b6b711272525829bc9c", 0x0, &(0x7f00000001c0)='nlctrl\x00') 2.453359257s ago: executing program 1 (id=2433): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x7, 0x202000c, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x22, 0x1, 0x800bfffe) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_fastopen_key\x00', 0x8300, 0x0) read$auto(r1, &(0x7f0000000240)='nl80211\x00', 0x7) recvmmsg$auto(r0, 0x0, 0x10a, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x3c, 0x65f, 0x1ffde, 0x7, 0x3, 0x1, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x9, 0x10003, 0x80, 0x4, 0x0, 0x1, 0x2000, 0x203, 0x0, 0xfffffff7, 0x400300000000000, 0xdb, 0x0, 0x80000000, 0x4000000, [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x0, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x4, 0x20009, 0xdf, 0xeb1, r2, 0x2000010001) io_uring_setup$auto(0xfff, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYRES16, @ANYBLOB="13"], 0x1ac}}, 0x40) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ppoll$auto(&(0x7f0000000040)={r2, 0x3, 0xb}, 0x200, &(0x7f0000000080)={0x101, 0x210}, 0x0, 0x8) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1100"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x200, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f00000001c0)) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 2.383932994s ago: executing program 3 (id=2434): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) socket(0xa, 0x3, 0x73) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) io_uring_enter$auto(r1, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3) r2 = set_tid_address$auto(&(0x7f0000000340)) get_robust_list$auto(r2, &(0x7f00000001c0)=&(0x7f0000000180)={{}, 0x1b8d, &(0x7f00000000c0)={&(0x7f0000000040)}}, &(0x7f0000000200)=0x7c) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r3 = clone$auto(0x81000005, 0x6, 0xfffffffffffffffd, 0xffffffffffffffff, 0x80000001) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev7\x00', 0x1600, 0x0) r4 = getuid() shmctl$auto_SHM_LOCK(0x101, 0xb, &(0x7f00000002c0)={{0x1000, 0xee00, 0xee01, 0x9, 0x40, 0x2, 0x73}, 0x9, 0x0, 0x9, 0x3, @raw=0x9, @inferred=r3, 0x80, 0x0, &(0x7f0000000240)="6be3686e35f18084be0c35b7e120835fc9b52404e29c94ccc07dc71b2008682ba8c5003a93824531f3c829d6487a18117bf4832911ecb07f3a9eb8dc3e7d8794e3e852a0e76481da11a92d917f4074a6d41d1ab0c0151a2d3f4531ee7c48ebde8dc666491eaf16c04e45cdc193fa65e7c2e6aa", &(0x7f0000001180)="ee5f0030a7d9eece483901b8251de512e64ab3f015bd919bf00aa46e66da0a0fd05da548db2f13a53b550b32339b37b8eec4690ddd81007fc291e23f94c3fbf5d4d48b55c141608de5c18d5802d253a4e924902280c9856332e86fcb1c8ab662fd920af9e9f4379c0b7206c9e02796221fed3801933e252874842d57f172c57288e6db8ae2ddd6fd8e014908b27e16a4e30cc69ed7c261458aa965e234b1af53d8c2a8c843ff127cfa43c6f1cc8c8352fc92a80d3802e2c075218898f8f724e34cce7b8c938ea6cacd0d18c1d8963b18c3a076493a8de919c17d798c5a988db37856a3063965e454f03e2bcf0627b8e0f1d510a65ddc1af927b29ef4c2587ef63ab80b6cfb6e4cbaabace1224d404ec99d62cf52bb93ddc76df470dd3b6c47fc6d957cdf7dd1e4d32b8c9f88d6d2dc9fff84e5237759e0504b544c013f52aaac8c68695a34d978cd1112fbb88ff5df5f439b8a6802649736267f7f1d6f964ff947c4bedc0e84b12c76ab92045f3bc59197aa3b0b4f4affd7699543b87165ad8f1ebd66bf7bc1d5b2b1363705a15a21361422ad42e8cbaef626e1e9e7503632b8c936be73d580567ce767eb7bdde82cd233385b73b9a57ce6ec448c6ec2fd405ab6978d454f9ce8a21ff7bf8a12201e5adb93c6a72566e74fde17df343d41d4fa409e28e27dc4c8768534e85df5c8ce7f33fd15b03bf14605d85008e0f40b0a5475bd958e6d78fc2261535a64f4fceb003b6babd395d2b6c7d2bc27d5a676523a7a1c9d6d0b97d25b4e02d85830db54ab7d48a7250d0f502548d161bda28792f1ba2dc42b5565d5283b2ae21367887159c34db6af28f56c7232f8d4e163e7f8cebe43cc3142f033df702838a43b54a83644fab4d3999f1fa1371a19f9df6a4a96ef3df3173a63ef3a2d75c77754a81d9b5488ca44407b4197439475cbc99d4ff50ba0776f84495894b8b439ecbaa4db1bdd59593e3c5be3896556330805934b2a653e314568f0428758f30e6d9659205f47ee98208375c45d264c4fb0fdd793a740b71ea985fc647651272092b354e6b706073dffa5df0a531feb171d0ea41ca741dcc559b04e6d41489f41d46d785d07e71ecace9050397244eaeb535c19e037cfb7f83e613b9c84d4eb7dff6be28e15dbf166d7faf5b193d8c88e32f1be8fcc02214ee18bf264406373a168e45a6884c7cbd321076f5ffddbd91ea56be67eab11cfb9b21d74b0181f131b2222b1b196308e9687c520b7a0d4e0067411835116ccc0da32a47e734b2ed7a2f0ccbb094a1ad5606a701ab33a8f797707c9fe55aa03bde3ff1db94852aa3f4c05c1a8fd9290950979d31b807f1437d2a882099d23df9b3667c2ed885a34f75b9343cb25e2d4a149818f67c8ac1d9cac7fd343e83f1caead13e2582776935e51f10a1e0ea7c9eefa067433f28a573a0f71c9e50dafedc57a1380fc5cf1bb0b67f5053a764fdf9d507efe2c345a86d50e03d1add2139e74631a6a79f259690374fd747b73bccb955f1ea5498b7a9bb41fbb413fddcfb403d4e39cc36b37c8c12583fac03dc3c917d28ad2d1f73d906b549673eeafdd425c5a409a0492c050363e13a256e6ba17bda24e84d43b83d446e8c29874ec2bb3cefca11f977b06a3ac393750652ecf5e73e6e842f5a3bc1d8f9445775facc477df01b5d04643ee65728cde8f3b5819f8ba6d0bf58a2b7a4b7e20b0edba76bbd65dc74b6a07fbf0a74cdc0efd2b40e11e936fd007e28fbf744ef13afd8e611520c7b883e57ea2f521e5130028f1df3cc7e7f3ee8f23f06b0a092a1b8e5a131a48415d7e4fcdc8ab3e9126c915a501ea094704b76e6385c148ee136d895164db8e11e2b86f40b48d4e9443a55df10d1a023695e68f2fd719a6b8b471d50722b374e93ee41a09c0dca1bb47d31027f6e3d7f20379c2a6168a23e0de342817677f9f8e7082d8401240ddd23fc20ed0f697fb0d2aeb90d476d6ab3b8a9a2c828eb6720ffc048a2059106e524654a4278ac71c19a5f796d02b54cf32de2af5df3131f0ad5471daa636072fbff7789fdfe3738f4a0108252f431ec88317f8c40ee66ae8b26c8b7fa5a24b8e67a142619f51a74a6ce48d6c22a8cfd0aec0ed914f410ca2f9c6144e7b2ebd96163ebdf507d87cea8132299e99b9316f99ecddff7e9be2faabe610a7d8769aab570febc38beda3af51bb319ad04cdce2113aa9d3b3c8e0853fafc7a5f6bdbab9a3815738ae34397dd793712038ecd12afa1416e945302ac9b04a773fb7a56a77f7a9bf90e4afeca26ef0b3170c941717b02c10b81dd7e4a9510583751e97d1968ad5e36f9e67471cf00d6fae0d9a9816ebd51170e1e4940c5f279564832ddfda1f39fe159f3f594cd12da14e159af4c58e0e879481f73fcbf0fd41ba0108f315f4b6d9ea33a2fa48c3382743d2e4c67284556a674fbc26d0e98b9c0db7f093540696b94fabc9fd278b01f05fbb287791772939b74ecb0475460d0424e7284b7b09e51052c01ea08089e10809f2374b4d2a5bb61ca2cb505beb360270e2881ea3fc777c185797949d68b6db9bd353c219cb07fca63a47c301779d263895c0f428bf1f38d41395e674f40fb6aa35b63208aade7fe699c45401355b78f0c22e0eb73dfb3c07c882f811bc9ed99a3023b074a2133819a3fef72effed4080e0b7d2a93e7942b5ba07e02cad0974e7fbe0e0c0aaf75e34d37af558ffa97db0639be92d5a9132037dfbe6caa145b7c43b9cd4988e910e063853b3438bb547ab0ef23cb00c611eaf8b65ce31ce6ac0e7d18c2bd3f329def051b24289b84511675613c199b247643a5de7b834fbd51b70838e9bcfdfa1c23cdd613c0c24908b11b9cb96cad8cbce614216e81e1b3da4d54f3cf87d5a34dbf084f10f4ed4fbbcae3ff9670b44a3fb9500165b9b5cf45c31b30050a2bbf53c8bfec1804609f336813e1ee129ba0e699bf7e1912fe6040948e06591a2e9acb087151f37df3a095e32d8f34d494768d486bf15aed5335ff911a9f39ea7a31bfabaa3aa7ca3f8cd46b111cbce07838ed6c40747ae48ea318710cdbc9ae4e3e74df67d9a8d1fdb75ae6ba5b5998342012f0d690df7ccec70c9b59d34c5e341707a7834a7c4961519856f6aa614cc424e21f3b525f521333ecd543f2609ecdd1c1a3b86700f203752e0df7fa323b5a9d7987c5799cf339628f41f02ef2aad6ec4b7451ef2f4175c90399f9e6368ba08ddb6627b37ad0e3ac5dea1acad9025d8605f4f5881e1d91b5df7a6dd4351ed33341f0e937f39d287fc3e8f93066cec60af0b4b5227e74526f8011322465557387544e855fce90c47fa53f2a9b5b05853f4c6b866fc57d83dea29f1712ce19b88f9ff70a5b69fc1c142125069244077a4fd8576520f709a0c35cfdc99c8979a1f203351523747e45ad4681a04d3e49a0f7f34110ccb4825e5106a1dd1c2e559031bbb608b640f822f921fe421d7be4461c1e8c8d1bd0e2d2764608be3aceb03df7d7842fa2cb98035eeb3b5921a1ab6df7b68c4f1ad53f50f73bfae0c12cf486620d1d443669cbc2aab3adbbf5f63cdac080c6cf74df1cedc14d857baeb1c843ea1c7354005bc965d1355753b72fcf74c17e4efb52e7a38c48171ec94e85e9c86f60feab527b3b043db45c93308174516122471c1d508f217986395a2559f1f33c5ea69330a5be21a426984a1bd1634f8fbb1214a91090d9cd30b0cbd40808823215608ce4e1a7315e1bf792d69aa3bd063e98362b40474bc7df15249d12f851ba092858daeaacc8e686783dcea6a538f5cac3213d27e51d89055a639e5fd9fa8791b2cf39efb2e2aee584b826265ce06b3a3d17fc344498b8dc4f8d76e2006ac3548a7dd8093418d21760a7f82538f1ed9381ced77d0b24d7ba0c58061229e44b53f6f0c9ff53d2797848d6ba6f6b32fb3164f6fd0867832d816df9158e3a5cfdc157579ef19dd3fa5c9758c7fcf5df5b919fcdc059bd1afe382c01c503e3e456d0a9914ab50ae7791d6b0139ed53bb9a132965ac447ea0324bac46c56bec11cae8f7c0a91089f1b0bb86684cc020ee3ea0b095b2822b77354e108e80a781e12af5d2d59f89f43d37a75b8ba4e6658e88371ae8ab02735d00d879cbc7f56dd6fef717c029b868b70fb0c8458b5bd903427ece5ac75f3d1c58f7c89c93242a2c8d345012ffcdec54c2b82ff5cea3e50936e3182284b76381953e0ca7763feedc8052448881f84058c9edd2e1c17e6c50331ac9bb74e1a9f775dfd10d2161c73b0522b8b54355b2a86b696a49865fb321d79c74c3b54c5db4e91b4554f5000f9cfeb14a1b37f53b50a51bc38b7509c4567b7a4e733881d4142a030ad217782aedb6dfb14299685d1c0639815da37071db9ad32fb4767a060223740e2c3e2e63b5b8a7676fdf78172953d007924cf236ac9291a86c9fb60e5b3f3627251a15141afab1f4c0e18be80cac9ca1d7ae402c435f69e135cd33063c5446709a018ebed4ff86d26d63d616b1115d6baa5d4c46cef946033520b8e9e24d490afd9f8d4f0551e901ff007570e132e141e46df673b9e7af58f93380a7b9958374040dc726272e97700d143be8b1ad8cc0d34219fce51b28987fd8c9441837df026ff4c9c026696b73a49621ba907dee0dafb3c6aacd05c853f5ed28633bbdc5ccf8a9604a3ac39a5baea3683efcaa6dc37b7b51f07ad72bd9364f8c9df42cf4a94a6d856497baf5f8267c6caaa62b9aaaf2f7507a188148ae88bf948d34d60281976fdd54cd3f91d3e9b3da5c7f7a6c4ab89b99615ef71dae547836fb34aac1d92d20775f347df9e9475e3d99f8a7d69eef221fe46fac9a7fc51aaea6e634d89e66eb92347324090b3beac82a8f59cf57ba77554a48e818ec8eb1e286490cbda42116395e11b7f106ac45baaa9aadd3a147cdc06b8da6027ec4812bfcb62f536fd28befe79ebfba74e87327cddf60e10f28fa6355be5e39801b0f9788f98a275898c8aff0ebdc32f8b238418043c900249dcbcdcd029537b64af3c33e0388467aa0d3ddf3280155db43c3d98d25f3edbb9b9c9e69812debbce05606f9c42aa71549ab5a3e70cd2ba45b3e9fd557d20fd67ab8d9e597b274b16d08265410760c97cc64ce9b7f4b39fde1de724ce89e305c17e7130f3c59b4558926018f359acfb14fb89b3650103138d649a39790507e4d4e26f4cdcaaebc6d21c93241c3fbb2a8b6675d0dab4f6ded092d77baad2fc62641d75d7ddf5643cd71b5f0da4df357eb85d8db1b02f04f78bbf6d90bda29045fe1134ce5e0a3605da6625415e9d0c4f8cb6cd1db664faad3604069389942c13b1e12a833470890f0322b89642225e17b00a7a938454530a6f3f12648aa56e5d1b5d50f7efa31df68296b1223dd9cc3fdb42b1ad32efba736b6c074a470f4da2ae8a74797dac76a5f1ed46b8312a977f1c962c2b588289de8c11c4ec8a750fb8a5763983f4999659b8d2472a80d36e46fdb3488f04f033629478ec2b6d20e73bc5b930f9ba1379f2fdb0a41ae0abe6b290578314dc2c6b55308f164fe39a36e3b2c91b9061d7be9778852d797c49509c8bac38b8c78c0a6e2e98e63d87d5ea6b5a016e1758ee3edf69cadbaac80bfb15d862f3c1abd613a3d714c027044aa3e10772f4a3a12209ea3e0f2f20db6abf2217068628153ea9ca7bbd3fc4cbdb06fb42aeb41318800cf7fee0ee75f7d61e12816b0472b574003ccdb0a4618cde17d9bf265e1f2206e21bf58d6776f4557fb16e7ef332136eb488bbdd415bcc1a13e1bbb7496a889317a6bb7e2bd3"}) setresuid$auto(r4, 0x0, r5) read$auto(0x3, 0x0, 0x80) move_pages$auto(0x0, 0xd0, 0x0, &(0x7f0000001140), 0x0, 0x2) setsockopt$auto(0x400000000000003, 0x29, 0x7, 0x0, 0x401) write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) 2.136195117s ago: executing program 1 (id=2435): r0 = socket(0x2, 0x80002, 0x73) getpeername$auto(r0, 0x0, 0x0) r1 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0) (async) ioctl$auto_dma_heap_fops_dma_heap(r1, 0xffffffff5fdffe00, &(0x7f0000000400)=';') openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/netfilter/nf_log/3\x00', 0xa2202, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) (rerun: 32) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x8) (async) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x840, 0xc) (async) socket(0x1d, 0x2, 0x6) (async, rerun: 32) io_uring_setup$auto(0x6, 0x0) (async, rerun: 32) io_uring_setup$auto(0x7, 0x0) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) socket(0x10, 0x2, 0x0) (async) openat$auto_fops_u64_ro_(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/ramdisk_pages/ram9\x00', 0x80, 0x0) (async, rerun: 32) io_uring_setup$auto(0x4, 0x0) (async, rerun: 32) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x800, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) (async, rerun: 64) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x60c40, 0x0) (async, rerun: 64) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, &(0x7f0000000140)=';') (async, rerun: 64) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) (rerun: 64) io_uring_setup$auto(0x85, 0x0) (async) socket(0x1d, 0x2, 0x7) (async) socketpair$auto(0x4004, 0x7, 0x4, 0x0) (async) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) ioctl$auto_TCFLSH2(r3, 0x5408, 0x0) 1.952454377s ago: executing program 5 (id=2436): set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, &(0x7f0000001080)={0x0, 0x13}, 0x6, 0x0, 0x200, 0xb}, 0x5}, 0xffff, 0x311) socket(0xa, 0x3, 0x6) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x15, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x410e, 0x8, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001040)='/sys/devices/virtual/tty/tty31/dev\x00', 0x101700, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/4096, 0x1000) socket(0x0, 0xa, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x106) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0xd, 0x0, 0x9, 0x0, 0x1f, 0xf}, 0x800009}, 0x3, 0x20000000) write$auto(r2, 0x0, 0xfffffde9) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) open(&(0x7f0000000100)='.\x00', 0x595282, 0x408) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/card1/pcm1c/xrun_debug\x00', 0x20440, 0x0) socket(0x10, 0x2, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/v4l-touch13\x00', 0x280, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) 1.808560647s ago: executing program 3 (id=2437): mmap$auto(0x0, 0x2729, 0x9, 0x9b72, 0x2, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) r0 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r0, 0x4018bc13, &(0x7f00000005c0)={0x0, 0x9d, 0x720, [0x0]}) (fail_nth: 2) 1.551490409s ago: executing program 0 (id=2438): mmap$auto(0x0, 0x2020009, 0x3, 0x4000000000000eb1, 0xfffffffffffffffa, 0x7ff) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB='\rV'], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='^'], 0x1ac}, 0x1, 0x0, 0x0, 0xc000}, 0xc814) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) write$auto(0xffffffffffffffff, 0x0, 0x45c) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), r2) fadvise64$auto(0xffffffffffffffff, 0x7fffffffffffffff, 0x400000040000005, 0x7af) write$auto(0xca, &(0x7f0000000000)='\x04\x1d\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4Cn\xb2./jn>9\xd2\xdb\x88\xf4\x1aVj\x13j\xe1\x96\xf7\xc2\xd3qm\xe6q\xf9\xa6u\x8eZ\x00\xf8*C]\xfd)/\xf3\xa1\x92|\x06|\xd0\x82\x93\xa5\x9a5if\xd0\x8e%g,\xc5\xec\xef\x87\x19\x17\xb0\xe1s\xf6U\xc0\x90r\xc5\xc8H\xa3\x9d\xce\x98\xe7\xb1B:\x179\xdc8\xa8) \x15\xce\xd8\x86\xff-\x80\xf5jMj\xda\x8f\x03EO\xe6\xa4Q\x81+v\xc9\xb8\x00\xcf\x94_\xa7\xadV\xc9\x7f;1R\xa0\x7f\xbe\x1e\x83\an/w[i\th\x9c\xb8\xd1\xed\xba\\\v\xe1\v\x81\xcc\xba\x03-N@ \x14\x1e\n\xe9g\x9fF\x05\xc8\x9f\xe5[\xba\xd2V\x9b\xc1\x9f\xf1%\x9c\xba\xf9\xb4\xa8\xd4\x05G\xf6\x82\xf3m\xe6V\xba\xa0\xf9K\x15\xcc_H\xce\xfd\xe2\x88\"\xe0\xd5Ld\x7f\x1c\x90^\x8d%\xb4', 0xd) mmap$auto(0x0, 0x8d, 0x40004000000000df, 0xeb3, 0x401, 0x7) pwrite64$auto(0x2, 0x0, 0x0, 0x5) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ifb0/flags\x00', 0x140b02, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0x10000000000002d, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket(0x2, 0x1, 0x106) 693.94519ms ago: executing program 1 (id=2439): unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x1f40) stat$auto(0x0, &(0x7f0000000380)={0x3, 0x6, 0x6, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0xa, 0xff, 0x100, 0x401, 0x5f57, 0x7ffffffe, 0xaa}) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) semctl$auto_IPC_STAT(0x0, 0x8000000, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) unshare$auto(0xfffffffffffffff8) r1 = openat$auto_fops_x16_ro_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy0/netdev:wlan0/dormant_links\x00', 0x800080, 0x0) splice$auto(r1, &(0x7f00000000c0)=0x7, r0, &(0x7f0000000140)=0x2, 0x1, 0xffffff7a) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r2, 0x0, 0x1f40) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) r4 = socket(0xa, 0x3, 0x73) setsockopt$auto(r4, 0x3a, 0x9, 0x0, 0x4) bpf$auto(0xffffffff, 0x0, 0x6f4) getsockopt$auto_SO_PASSCRED(0xffffffffffffffff, 0x1, 0x10, 0x0, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000280), 0x440, 0x0) write$auto(0x3, 0x0, 0xfffffdef) 690.82212ms ago: executing program 5 (id=2440): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = open$dir(&(0x7f0000000400)='./file0\x00', 0x2000, 0xc1) open_tree$auto(r2, &(0x7f0000000440)='./file0\x00', 0x7f) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macsec0\x00', 0x0}) ioctl$auto_USB_RAW_IOCTL_INIT(r0, 0x41015500, &(0x7f00000002c0)={"74cd2b60a93d9b44d5f0d5c0d2de2be5a98021c0b554c3aab347d75c3f2eec1e5a9aacd2da0f397d00229557e35c75fbc138854bae650a12fbd35fc125c97a8bc5adec3e79ef5b20133be0a6ed915555a41a196aa85068184c04c1dc3469ed512a4c3aaad2d10d404690b3db5df122b26083fee0c842208d1823aade20059e72", "b58279d437e7c93c12d9eb0f0c37223b137926559a94e4b0ef7000ad6621f4ccfdfca3c4c8a7c5a164ced1a8bd2910ec38592074436c35358d703c74d9794e0157f660ed1b042789bf6ea27ef27e1f2bdb952dbabe68491e07518685be1dd226553d01645df2d4261f9254b73bdb30527f75ffe2bbfb5d11feeecffcd2bd25e2", 0x8}) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xc4, r3, 0x0, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_ENABLED={0x5}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x44}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0xfffffffe}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x3}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0xffffffff}, @NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x2c, 0x4}, @NL802154_ATTR_COORDINATOR={0x6e, 0x1e, 0x0, 0x1, [@generic="b0526ece5f002a7bc7a825460c3465b9791c3da8122581c6add0072b3ca68bf81718337566f0dc85984e431befd92a5f70321cc1e74f9fb3983cdab49fcb2d41bedd9a6de40aff5dfed44111a8f3192f82e632df079a2617354ad4a701fd6018cbacc23d07b09d56e445"]}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x93}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4004000}, 0x4010080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r6, 0x0, 0x20) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xa083, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram5\x00', 0x12b241, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) dup2$auto(0x5, 0x4) write$auto(0xffffffffffffffff, 0x0, 0x1a) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1013, 0xf) 0s ago: executing program 5 (id=2441): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty8\x00', 0x2b7600, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x16, 0xfffffffffffffffa, 0x8000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x1ffffffff, 0xfffdfffffffffffa, 0x1, 0x0, 0x6, 0x0, 0x7, 0x1224578b, 0x2, {0x100000000, 0x5}, 0x5, 0x1, 0x10000000000009, 0x1008000, 0x0, 0x8, 0x7f, 0xdfffffffffff6295, 0x10000000000406, 0x4, 0x808}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r1 = syz_genetlink_get_family_id$auto_ila(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ILA_CMD_DEL(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010021bd7000fbdbd025020000000c0003000d0000ba0a9eecfd8c8a9aca0008b50100000000000c000300000000000000", @ANYRES32=0x0, @ANYBLOB="0500"/14], 0x50}, 0x1, 0x0, 0x0, 0x4004804}, 0x10) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0xfffffffffffffffc) madvise$auto(0x110c230000, 0x1, 0x9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/force_release\x00', 0xc2082, 0x0) write$auto(r3, &(0x7f00000004c0)='N\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x7ff) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) r4 = open(&(0x7f0000000000)='./cgroup\x00', 0x80000, 0x61) fchdir$auto(r4) mkdir$auto(&(0x7f0000000480)='./cgroup\x00', 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/cgroup.type\x00', 0x1016c1, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x400001, 0x1ff, 0x7, 0x22, 0x7185, 0x1ffd7, 0x7, 0x4, 0x9, 0x2, 0x3, 0x2, 0x6, 0xb4, 0x5, 0x8, 0x10003, 0x80, 0x4, 0x2, 0xa, 0x22000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0xd) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket(0x2, 0x3, 0xa) socket(0x2, 0x5, 0x0) setsockopt$auto(0x4, 0x0, 0x81, 0x0, 0x10000) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r5, 0x0, 0x8000040009) kernel console output (not intermixed with test programs): ASK> [ 559.002994][T13959] dump_stack_lvl+0x16c/0x1f0 [ 559.003030][T13959] should_fail_ex+0x512/0x640 [ 559.003062][T13959] should_failslab+0xc2/0x120 [ 559.003081][T13959] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 559.003113][T13959] ? __thp_vma_allowable_orders+0x1c5/0xb10 [ 559.003136][T13959] ? ptlock_alloc+0x1f/0x70 [ 559.003164][T13959] ptlock_alloc+0x1f/0x70 [ 559.003190][T13959] pte_alloc_one+0x82/0x3a0 [ 559.003222][T13959] __handle_mm_fault+0x3a68/0x5490 [ 559.003253][T13959] ? __pfx___handle_mm_fault+0x10/0x10 [ 559.003280][T13959] ? __pfx_mt_find+0x10/0x10 [ 559.003305][T13959] ? find_vma+0xbf/0x140 [ 559.003325][T13959] ? __pfx_find_vma+0x10/0x10 [ 559.003347][T13959] handle_mm_fault+0x589/0xd10 [ 559.003375][T13959] ? __pkru_allows_pkey+0x41/0xb0 [ 559.003402][T13959] do_user_addr_fault+0x7a6/0x1370 [ 559.003432][T13959] ? rcu_is_watching+0x12/0xc0 [ 559.003454][T13959] exc_page_fault+0x5c/0xb0 [ 559.003483][T13959] asm_exc_page_fault+0x26/0x30 [ 559.003504][T13959] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 559.003530][T13959] Code: 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 8f 10 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 559.003550][T13959] RSP: 0018:ffffc90003aff7d0 EFLAGS: 00050206 [ 559.003567][T13959] RAX: 0000000000000001 RBX: 00000000000000c4 RCX: 00000000000000c4 [ 559.003580][T13959] RDX: ffffed100ed728e9 RSI: 0000000000000000 RDI: ffff888076b94680 [ 559.003593][T13959] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100ed728e8 [ 559.003606][T13959] R10: ffff888076b94743 R11: 0000000000000000 R12: ffffc90003affd60 [ 559.003619][T13959] R13: 00000000000000c4 R14: ffff888076b94680 R15: 00007ffffffff000 [ 559.003640][T13959] _copy_from_iter+0x383/0x16f0 [ 559.003674][T13959] ? __alloc_skb+0x200/0x380 [ 559.003704][T13959] ? __pfx__copy_from_iter+0x10/0x10 [ 559.003737][T13959] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 559.003764][T13959] netlink_sendmsg+0x829/0xdd0 [ 559.003787][T13959] ? __pfx_netlink_sendmsg+0x10/0x10 [ 559.003814][T13959] ____sys_sendmsg+0xa98/0xc70 [ 559.003842][T13959] ? copy_msghdr_from_user+0x10a/0x160 [ 559.003874][T13959] ? __pfx_____sys_sendmsg+0x10/0x10 [ 559.003899][T13959] ? __pfx__kstrtoull+0x10/0x10 [ 559.003922][T13959] ? aa_file_perm+0x4c7/0xfb0 [ 559.003955][T13959] ___sys_sendmsg+0x134/0x1d0 [ 559.003987][T13959] ? __pfx____sys_sendmsg+0x10/0x10 [ 559.004023][T13959] ? rcu_is_watching+0x12/0xc0 [ 559.004052][T13959] __sys_sendmmsg+0x200/0x420 [ 559.004086][T13959] ? __pfx___sys_sendmmsg+0x10/0x10 [ 559.004116][T13959] ? lock_release+0x201/0x2f0 [ 559.004146][T13959] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 559.004185][T13959] ? fput+0x70/0xf0 [ 559.004204][T13959] ? ksys_write+0x1ac/0x250 [ 559.004234][T13959] ? __pfx_ksys_write+0x10/0x10 [ 559.004266][T13959] __x64_sys_sendmmsg+0x9c/0x100 [ 559.004298][T13959] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 559.004332][T13959] do_syscall_64+0xcd/0x490 [ 559.004383][T13959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.004405][T13959] RIP: 0033:0x7f44c678e929 [ 559.004422][T13959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 559.004444][T13959] RSP: 002b:00007f44c7537038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 559.004464][T13959] RAX: ffffffffffffffda RBX: 00007f44c69b5fa0 RCX: 00007f44c678e929 [ 559.004480][T13959] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 559.004494][T13959] RBP: 00007f44c7537090 R08: 0000000000000000 R09: 0000000000000000 [ 559.004508][T13959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 559.004522][T13959] R13: 0000000000000000 R14: 00007f44c69b5fa0 R15: 00007fff42cd9028 [ 559.004543][T13959] [ 559.403263][ C1] vkms_vblank_simulate: vblank timer overrun [ 560.326484][T13973] QAT: Invalid ioctl 21531 [ 560.612995][T13981] netlink: 'syz.1.1890': attribute type 8 has an invalid length. [ 561.199071][T13987] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1893'. [ 561.499601][T13998] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1896'. [ 561.538688][T14001] ima: policy update failed [ 561.550196][T14002] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1896'. [ 561.580648][T14001] netlink: 25 bytes leftover after parsing attributes in process `syz.5.1897'. [ 561.601708][ T30] audit: type=1802 audit(1390.178:27): pid=14001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.1897" res=0 errno=0 [ 561.949383][T14005] Process accounting paused [ 562.027472][T14009] syz.1.1898 (14009): /proc/14008/oom_adj is deprecated, please use /proc/14008/oom_score_adj instead. [ 563.273165][T14048] sp0: Synchronizing with TNC [ 565.028352][T14095] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1918'. [ 567.515603][T14151] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1936'. [ 567.602059][T14155] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1936'. [ 568.004491][T14158] Invalid ELF header magic: != ELF [ 568.327536][T14165] FAULT_INJECTION: forcing a failure. [ 568.327536][T14165] name failslab, interval 1, probability 0, space 0, times 0 [ 568.401383][T14165] CPU: 1 UID: 0 PID: 14165 Comm: syz.0.1939 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 568.401422][T14165] Tainted: [U]=USER [ 568.401429][T14165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 568.401443][T14165] Call Trace: [ 568.401449][T14165] [ 568.401457][T14165] dump_stack_lvl+0x16c/0x1f0 [ 568.401495][T14165] should_fail_ex+0x512/0x640 [ 568.401529][T14165] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 568.401561][T14165] should_failslab+0xc2/0x120 [ 568.401582][T14165] __kmalloc_noprof+0xd2/0x510 [ 568.401615][T14165] ? __pfx___mutex_trylock_common+0x10/0x10 [ 568.401650][T14165] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 568.401683][T14165] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 568.401711][T14165] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 568.401739][T14165] ? genl_get_cmd+0x194/0x580 [ 568.401768][T14165] ? __radix_tree_lookup+0x21f/0x2c0 [ 568.401801][T14165] genl_rcv_msg+0x55c/0x800 [ 568.401829][T14165] ? __pfx_genl_rcv_msg+0x10/0x10 [ 568.401856][T14165] ? __pfx_nbd_genl_connect+0x10/0x10 [ 568.401898][T14165] netlink_rcv_skb+0x158/0x420 [ 568.401921][T14165] ? __pfx_genl_rcv_msg+0x10/0x10 [ 568.401949][T14165] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 568.401978][T14165] ? netlink_deliver_tap+0x1ae/0xd30 [ 568.402000][T14165] genl_rcv+0x28/0x40 [ 568.402024][T14165] netlink_unicast+0x53a/0x7f0 [ 568.402048][T14165] ? __pfx_netlink_unicast+0x10/0x10 [ 568.402075][T14165] netlink_sendmsg+0x8d1/0xdd0 [ 568.402100][T14165] ? __pfx_netlink_sendmsg+0x10/0x10 [ 568.402129][T14165] ____sys_sendmsg+0xa98/0xc70 [ 568.402154][T14165] ? copy_msghdr_from_user+0x10a/0x160 [ 568.402188][T14165] ? __pfx_____sys_sendmsg+0x10/0x10 [ 568.402211][T14165] ? __pfx_kstrtouint+0x10/0x10 [ 568.402240][T14165] ? kstrtouint_from_user+0x13c/0x1d0 [ 568.402268][T14165] ___sys_sendmsg+0x134/0x1d0 [ 568.402302][T14165] ? __pfx____sys_sendmsg+0x10/0x10 [ 568.402352][T14165] ? __pfx_vfs_write+0x10/0x10 [ 568.402385][T14165] ? do_sys_openat2+0x157/0x1d0 [ 568.402411][T14165] __sys_sendmsg+0x16d/0x220 [ 568.402445][T14165] ? __pfx___sys_sendmsg+0x10/0x10 [ 568.402488][T14165] do_syscall_64+0xcd/0x490 [ 568.402523][T14165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.402546][T14165] RIP: 0033:0x7f608438e929 [ 568.402563][T14165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 568.402586][T14165] RSP: 002b:00007f60851e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 568.402607][T14165] RAX: ffffffffffffffda RBX: 00007f60845b5fa0 RCX: 00007f608438e929 [ 568.402623][T14165] RDX: 0000000000008880 RSI: 0000200000001e00 RDI: 0000000000000001 [ 568.402637][T14165] RBP: 00007f60851e5090 R08: 0000000000000000 R09: 0000000000000000 [ 568.402652][T14165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 568.402665][T14165] R13: 0000000000000000 R14: 00007f60845b5fa0 R15: 00007ffc74faa3d8 [ 568.402686][T14165] [ 568.705242][ C1] vkms_vblank_simulate: vblank timer overrun [ 570.748071][T14196] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1947'. [ 570.799175][T14196] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1947'. [ 570.880814][ T30] audit: type=1800 audit(1399.464:28): pid=14199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1945" name="file0" dev="tmpfs" ino=1274 res=0 errno=0 [ 571.030119][T14193] CIFS: VFS: Unsupported security flags: 0x10 [ 571.286985][T14198] base_sock_release(ffff888061bf3600) sk=ffff888027cde000 [ 571.682287][T14185] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 572.802354][T14238] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1957'. [ 572.855813][T14238] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1957'. [ 573.199462][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 573.205929][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 573.782842][T14272] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 574.193243][T14284] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1967'. [ 574.319772][T14287] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1968'. [ 574.653019][T14296] bridge0: port 4(hsr_slave_1) entered blocking state [ 574.687690][T14296] bridge0: port 4(hsr_slave_1) entered disabled state [ 574.719372][T14296] hsr_slave_1: entered allmulticast mode [ 574.768079][T14296] hsr_slave_1: left allmulticast mode [ 578.305160][T14333] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1979'. [ 579.514585][T14361] FAULT_INJECTION: forcing a failure. [ 579.514585][T14361] name failslab, interval 1, probability 0, space 0, times 0 [ 579.588451][T14361] CPU: 1 UID: 0 PID: 14361 Comm: syz.3.1986 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 579.588499][T14361] Tainted: [U]=USER [ 579.588506][T14361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 579.588517][T14361] Call Trace: [ 579.588523][T14361] [ 579.588530][T14361] dump_stack_lvl+0x16c/0x1f0 [ 579.588563][T14361] should_fail_ex+0x512/0x640 [ 579.588592][T14361] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 579.588619][T14361] should_failslab+0xc2/0x120 [ 579.588643][T14361] __kmalloc_noprof+0xd2/0x510 [ 579.588671][T14361] ? rcu_is_watching+0x12/0xc0 [ 579.588694][T14361] tomoyo_realpath_from_path+0xc2/0x6e0 [ 579.588726][T14361] tomoyo_check_open_permission+0x2ab/0x3c0 [ 579.588752][T14361] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 579.588776][T14361] ? mntput_no_expire+0x15e/0xbb0 [ 579.588811][T14361] ? rcu_is_watching+0x12/0xc0 [ 579.588831][T14361] ? lock_release+0x201/0x2f0 [ 579.588855][T14361] ? rcu_is_watching+0x12/0xc0 [ 579.588875][T14361] tomoyo_file_open+0x6b/0x90 [ 579.588907][T14361] security_file_open+0x84/0x1e0 [ 579.588952][T14361] do_dentry_open+0x596/0x1c10 [ 579.588988][T14361] vfs_open+0x82/0x3f0 [ 579.589011][T14361] path_openat+0x1de4/0x2cb0 [ 579.589046][T14361] ? __pfx_path_openat+0x10/0x10 [ 579.589075][T14361] ? kasan_save_track+0x14/0x30 [ 579.589106][T14361] ? __kasan_slab_alloc+0x89/0x90 [ 579.589138][T14361] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 579.589169][T14361] ? getname_flags.part.0+0x4c/0x550 [ 579.589192][T14361] ? getname_flags+0x93/0xf0 [ 579.589218][T14361] ? __do_sys_swapoff+0xeb/0x2e80 [ 579.589271][T14361] ? do_syscall_64+0xcd/0x490 [ 579.589306][T14361] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.589332][T14361] do_filp_open+0x20b/0x470 [ 579.589366][T14361] ? __pfx_do_filp_open+0x10/0x10 [ 579.589409][T14361] ? rcu_is_watching+0x12/0xc0 [ 579.589432][T14361] ? __might_fault+0xe3/0x190 [ 579.589465][T14361] ? __might_fault+0x13b/0x190 [ 579.589498][T14361] ? rcu_is_watching+0x12/0xc0 [ 579.589520][T14361] ? __might_fault+0xe3/0x190 [ 579.589553][T14361] ? lock_release+0x201/0x2f0 [ 579.589585][T14361] file_open_name+0x2a3/0x450 [ 579.589611][T14361] ? __pfx_file_open_name+0x10/0x10 [ 579.589643][T14361] ? getname_flags.part.0+0x1c5/0x550 [ 579.589672][T14361] __do_sys_swapoff+0x12b/0x2e80 [ 579.589710][T14361] ? ksys_write+0x190/0x250 [ 579.589742][T14361] ? rcu_is_watching+0x12/0xc0 [ 579.589763][T14361] ? lock_release+0x201/0x2f0 [ 579.589795][T14361] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 579.589833][T14361] ? __fget_files+0x204/0x3c0 [ 579.589863][T14361] ? rcu_is_watching+0x12/0xc0 [ 579.589886][T14361] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 579.589926][T14361] ? __fget_files+0x20e/0x3c0 [ 579.589958][T14361] ? __pfx___do_sys_swapoff+0x10/0x10 [ 579.589997][T14361] ? fput+0x70/0xf0 [ 579.590017][T14361] ? ksys_write+0x1ac/0x250 [ 579.590050][T14361] ? __pfx_ksys_write+0x10/0x10 [ 579.590087][T14361] do_syscall_64+0xcd/0x490 [ 579.590124][T14361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.590148][T14361] RIP: 0033:0x7f44c678e929 [ 579.590165][T14361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 579.590188][T14361] RSP: 002b:00007f44c7537038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a8 [ 579.590211][T14361] RAX: ffffffffffffffda RBX: 00007f44c69b5fa0 RCX: 00007f44c678e929 [ 579.590227][T14361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 579.590241][T14361] RBP: 00007f44c7537090 R08: 0000000000000000 R09: 0000000000000000 [ 579.590256][T14361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 579.590270][T14361] R13: 0000000000000001 R14: 00007f44c69b5fa0 R15: 00007fff42cd9028 [ 579.590291][T14361] [ 579.593113][T14361] ERROR: Out of memory at tomoyo_realpath_from_path. [ 579.920553][ C1] vkms_vblank_simulate: vblank timer overrun [ 580.709886][T14373] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1989'. [ 581.496879][T14370] caif:caif_disconnect_client(): nothing to disconnect [ 581.548927][T14393] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1992'. [ 582.725871][ T7936] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 582.857446][T14401] kexec: Could not allocate control_code_buffer [ 582.907546][T14417] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(2644666014.2840753719.583202658), cmd(5) [ 583.246105][T14427] FAULT_INJECTION: forcing a failure. [ 583.246105][T14427] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 583.273885][T14433] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2000'. [ 583.292896][T14432] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2002'. [ 583.330309][T14427] CPU: 1 UID: 0 PID: 14427 Comm: syz.5.2001 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 583.330348][T14427] Tainted: [U]=USER [ 583.330355][T14427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 583.330369][T14427] Call Trace: [ 583.330376][T14427] [ 583.330384][T14427] dump_stack_lvl+0x16c/0x1f0 [ 583.330422][T14427] should_fail_ex+0x512/0x640 [ 583.330475][T14427] _copy_to_user+0x32/0xd0 [ 583.330510][T14427] simple_read_from_buffer+0xcb/0x170 [ 583.330540][T14427] proc_fail_nth_read+0x197/0x270 [ 583.330566][T14427] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 583.330611][T14427] ? security_file_permission+0x71/0x210 [ 583.330657][T14427] ? rw_verify_area+0xcf/0x680 [ 583.330685][T14427] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 583.330710][T14427] vfs_read+0x1e4/0xc60 [ 583.330743][T14427] ? __pfx___mutex_lock+0x10/0x10 [ 583.330778][T14427] ? __pfx_vfs_read+0x10/0x10 [ 583.330809][T14427] ? __fget_files+0x204/0x3c0 [ 583.330838][T14427] ? rcu_is_watching+0x12/0xc0 [ 583.330863][T14427] ? __fget_files+0x20e/0x3c0 [ 583.330897][T14427] ksys_read+0x12a/0x250 [ 583.330928][T14427] ? __pfx_ksys_read+0x10/0x10 [ 583.330964][T14427] do_syscall_64+0xcd/0x490 [ 583.331000][T14427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.331024][T14427] RIP: 0033:0x7f01fa18d33c [ 583.331040][T14427] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 583.331063][T14427] RSP: 002b:00007f01faf5e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 583.331084][T14427] RAX: ffffffffffffffda RBX: 00007f01fa3b5fa0 RCX: 00007f01fa18d33c [ 583.331099][T14427] RDX: 000000000000000f RSI: 00007f01faf5e0a0 RDI: 0000000000000008 [ 583.331113][T14427] RBP: 00007f01faf5e090 R08: 0000000000000000 R09: 0000000000000000 [ 583.331127][T14427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 583.331140][T14427] R13: 0000000000000000 R14: 00007f01fa3b5fa0 R15: 00007ffe1afc0018 [ 583.331161][T14427] [ 583.585011][T14432] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2002'. [ 584.804166][T14468] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2012'. [ 584.847345][T14468] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2012'. [ 585.064458][T14474] FAULT_INJECTION: forcing a failure. [ 585.064458][T14474] name failslab, interval 1, probability 0, space 0, times 0 [ 585.157393][T14474] CPU: 1 UID: 0 PID: 14474 Comm: syz.5.2015 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 585.157432][T14474] Tainted: [U]=USER [ 585.157439][T14474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 585.157452][T14474] Call Trace: [ 585.157459][T14474] [ 585.157466][T14474] dump_stack_lvl+0x16c/0x1f0 [ 585.157503][T14474] should_fail_ex+0x512/0x640 [ 585.157538][T14474] should_failslab+0xc2/0x120 [ 585.157559][T14474] __kmalloc_cache_noprof+0x6a/0x3e0 [ 585.157590][T14474] ? l2tp_tunnel_create+0x96/0x460 [ 585.157616][T14474] l2tp_tunnel_create+0x96/0x460 [ 585.157640][T14474] l2tp_nl_cmd_tunnel_create+0x3ae/0x990 [ 585.157677][T14474] ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10 [ 585.157717][T14474] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 585.157750][T14474] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 585.157783][T14474] genl_family_rcv_msg_doit+0x209/0x2f0 [ 585.157813][T14474] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 585.157841][T14474] ? trace_cap_capable+0x18d/0x200 [ 585.157881][T14474] ? bpf_lsm_capable+0x9/0x10 [ 585.157909][T14474] ? security_capable+0x7e/0x260 [ 585.157946][T14474] ? ns_capable+0xd7/0x110 [ 585.157968][T14474] genl_rcv_msg+0x55c/0x800 [ 585.157997][T14474] ? __pfx_genl_rcv_msg+0x10/0x10 [ 585.158024][T14474] ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10 [ 585.158065][T14474] netlink_rcv_skb+0x158/0x420 [ 585.158088][T14474] ? __pfx_genl_rcv_msg+0x10/0x10 [ 585.158115][T14474] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 585.158144][T14474] ? netlink_deliver_tap+0x1ae/0xd30 [ 585.158167][T14474] genl_rcv+0x28/0x40 [ 585.158191][T14474] netlink_unicast+0x53a/0x7f0 [ 585.158215][T14474] ? __pfx_netlink_unicast+0x10/0x10 [ 585.158241][T14474] netlink_sendmsg+0x8d1/0xdd0 [ 585.158266][T14474] ? __pfx_netlink_sendmsg+0x10/0x10 [ 585.158295][T14474] ____sys_sendmsg+0xa98/0xc70 [ 585.158320][T14474] ? copy_msghdr_from_user+0x10a/0x160 [ 585.158359][T14474] ? __pfx_____sys_sendmsg+0x10/0x10 [ 585.158383][T14474] ? __pfx_kstrtouint+0x10/0x10 [ 585.158411][T14474] ? kstrtouint_from_user+0x13c/0x1d0 [ 585.158439][T14474] ___sys_sendmsg+0x134/0x1d0 [ 585.158474][T14474] ? __pfx____sys_sendmsg+0x10/0x10 [ 585.158513][T14474] ? rcu_is_watching+0x12/0xc0 [ 585.158544][T14474] __sys_sendmsg+0x16d/0x220 [ 585.158579][T14474] ? __pfx___sys_sendmsg+0x10/0x10 [ 585.158621][T14474] do_syscall_64+0xcd/0x490 [ 585.158656][T14474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.158679][T14474] RIP: 0033:0x7f01fa18e929 [ 585.158695][T14474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 585.158717][T14474] RSP: 002b:00007f01faf5e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 585.158739][T14474] RAX: ffffffffffffffda RBX: 00007f01fa3b5fa0 RCX: 00007f01fa18e929 [ 585.158754][T14474] RDX: 0000000000008000 RSI: 0000200000000140 RDI: 0000000000000003 [ 585.158769][T14474] RBP: 00007f01faf5e090 R08: 0000000000000000 R09: 0000000000000000 [ 585.158783][T14474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 585.158797][T14474] R13: 0000000000000000 R14: 00007f01fa3b5fa0 R15: 00007ffe1afc0018 [ 585.158818][T14474] [ 585.953904][T14495] can: request_module (can-proto-0) failed. [ 586.013249][T14507] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2024'. [ 586.132005][T14516] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2025'. [ 586.171130][T14516] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2025'. [ 586.397911][T14520] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2027'. [ 587.008235][T14540] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 587.089636][T14542] FAULT_INJECTION: forcing a failure. [ 587.089636][T14542] name fail_futex, interval 1, probability 0, space 0, times 0 [ 587.186534][T14542] CPU: 1 UID: 0 PID: 14542 Comm: syz.3.2032 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 587.186574][T14542] Tainted: [U]=USER [ 587.186581][T14542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 587.186595][T14542] Call Trace: [ 587.186602][T14542] [ 587.186610][T14542] dump_stack_lvl+0x16c/0x1f0 [ 587.186649][T14542] should_fail_ex+0x512/0x640 [ 587.186686][T14542] get_futex_key+0x1d0/0x1540 [ 587.186713][T14542] ? __pfx_get_futex_key+0x10/0x10 [ 587.186737][T14542] ? do_raw_spin_lock+0x12c/0x2b0 [ 587.186782][T14542] futex_wait_setup+0x9d/0x550 [ 587.186820][T14542] __futex_wait+0x194/0x2f0 [ 587.186853][T14542] ? __pfx___futex_wait+0x10/0x10 [ 587.186889][T14542] ? __pfx_futex_wake_mark+0x10/0x10 [ 587.186924][T14542] ? rcu_is_watching+0x12/0xc0 [ 587.186946][T14542] ? lock_release+0x201/0x2f0 [ 587.186979][T14542] futex_wait+0xe8/0x380 [ 587.187012][T14542] ? __pfx_futex_wait+0x10/0x10 [ 587.187048][T14542] ? ksys_write+0x190/0x250 [ 587.187080][T14542] ? rcu_is_watching+0x12/0xc0 [ 587.187102][T14542] ? lock_release+0x201/0x2f0 [ 587.187134][T14542] do_futex+0x229/0x350 [ 587.187161][T14542] ? __pfx_do_futex+0x10/0x10 [ 587.187189][T14542] ? rcu_is_watching+0x12/0xc0 [ 587.187220][T14542] __x64_sys_futex+0x1e0/0x4c0 [ 587.187250][T14542] ? __fget_files+0x20e/0x3c0 [ 587.187281][T14542] ? __pfx___x64_sys_futex+0x10/0x10 [ 587.187312][T14542] ? fdget+0x187/0x210 [ 587.187345][T14542] do_syscall_64+0xcd/0x490 [ 587.187382][T14542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.187406][T14542] RIP: 0033:0x7f44c678e929 [ 587.187423][T14542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 587.187446][T14542] RSP: 002b:00007f44c75370e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 587.187468][T14542] RAX: ffffffffffffffda RBX: 00007f44c69b5fa8 RCX: 00007f44c678e929 [ 587.187483][T14542] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f44c69b5fa8 [ 587.187497][T14542] RBP: 00007f44c69b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 587.187511][T14542] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f44c69b5fac [ 587.187525][T14542] R13: 0000000000000000 R14: 00007fff42cd8f40 R15: 00007fff42cd9028 [ 587.187547][T14542] [ 587.632110][T14550] .SR: entered promiscuous mode [ 587.648202][T14550] Invalid ELF header magic: != ELF [ 587.803205][T14554] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2036'. [ 587.835261][T14554] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2036'. [ 588.417869][T14550] could not allocate digest TFM handle [ 588.443606][T14556] could not allocate digest TFM handle [ 588.549969][T14576] FAULT_INJECTION: forcing a failure. [ 588.549969][T14576] name failslab, interval 1, probability 0, space 0, times 0 [ 588.587475][T14576] CPU: 1 UID: 0 PID: 14576 Comm: syz.1.2038 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 588.587510][T14576] Tainted: [U]=USER [ 588.587516][T14576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 588.587529][T14576] Call Trace: [ 588.587535][T14576] [ 588.587543][T14576] dump_stack_lvl+0x16c/0x1f0 [ 588.587578][T14576] should_fail_ex+0x512/0x640 [ 588.587610][T14576] ? tomoyo_encode2+0x100/0x3e0 [ 588.587637][T14576] should_failslab+0xc2/0x120 [ 588.587657][T14576] __kmalloc_noprof+0xd2/0x510 [ 588.587688][T14576] ? d_absolute_path+0x136/0x1a0 [ 588.587710][T14576] tomoyo_encode2+0x100/0x3e0 [ 588.587739][T14576] tomoyo_encode+0x29/0x50 [ 588.587766][T14576] tomoyo_realpath_from_path+0x18f/0x6e0 [ 588.587799][T14576] tomoyo_path_number_perm+0x245/0x580 [ 588.587823][T14576] ? tomoyo_path_number_perm+0x237/0x580 [ 588.587848][T14576] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 588.587876][T14576] ? preempt_count_add+0x76/0x150 [ 588.587916][T14576] ? rcu_is_watching+0x12/0xc0 [ 588.587938][T14576] ? __fget_files+0x204/0x3c0 [ 588.587966][T14576] ? hook_file_ioctl_common+0x145/0x410 [ 588.587988][T14576] ? lock_release+0x201/0x2f0 [ 588.588016][T14576] ? __fget_files+0x20e/0x3c0 [ 588.588046][T14576] security_file_ioctl+0x9b/0x240 [ 588.588072][T14576] __x64_sys_ioctl+0xb7/0x210 [ 588.588097][T14576] do_syscall_64+0xcd/0x490 [ 588.588130][T14576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 588.588157][T14576] RIP: 0033:0x7fe107d8e929 [ 588.588173][T14576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 588.588193][T14576] RSP: 002b:00007fe108b33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 588.588213][T14576] RAX: ffffffffffffffda RBX: 00007fe107fb5fa0 RCX: 00007fe107d8e929 [ 588.588227][T14576] RDX: 0000000000000005 RSI: 00000000801c581f RDI: 0000000000000003 [ 588.588240][T14576] RBP: 00007fe108b33090 R08: 0000000000000000 R09: 0000000000000000 [ 588.588253][T14576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 588.588266][T14576] R13: 0000000000000000 R14: 00007fe107fb5fa0 R15: 00007fff78845b88 [ 588.588285][T14576] [ 588.810231][ C1] vkms_vblank_simulate: vblank timer overrun [ 589.025398][T14576] ERROR: Out of memory at tomoyo_realpath_from_path. [ 589.584715][T14601] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2045'. [ 589.623268][T14601] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2045'. [ 590.616498][ T30] audit: type=1804 audit(1419.194:29): pid=14621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2051" name="/newroot/519/file0" dev="tmpfs" ino=2738 res=1 errno=0 [ 590.675100][T14631] FAULT_INJECTION: forcing a failure. [ 590.675100][T14631] name failslab, interval 1, probability 0, space 0, times 0 [ 590.709761][T14633] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2055'. [ 590.719171][ T30] audit: type=1800 audit(1419.194:30): pid=14621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2051" name="file0" dev="tmpfs" ino=2738 res=0 errno=0 [ 590.739787][T14631] CPU: 1 UID: 0 PID: 14631 Comm: syz.3.2054 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 590.739826][T14631] Tainted: [U]=USER [ 590.739834][T14631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 590.739848][T14631] Call Trace: [ 590.739854][T14631] [ 590.739862][T14631] dump_stack_lvl+0x16c/0x1f0 [ 590.739903][T14631] should_fail_ex+0x512/0x640 [ 590.739940][T14631] should_failslab+0xc2/0x120 [ 590.739962][T14631] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 590.740006][T14631] ? zswap_store+0x839/0x25a0 [ 590.740036][T14631] zswap_store+0x839/0x25a0 [ 590.740069][T14631] ? __pfx_zswap_store+0x10/0x10 [ 590.740096][T14631] ? do_raw_spin_lock+0x12c/0x2b0 [ 590.740134][T14631] ? folio_free_swap+0x171/0x580 [ 590.740171][T14631] ? rcu_is_watching+0x12/0xc0 [ 590.740195][T14631] ? lock_release+0x201/0x2f0 [ 590.740226][T14631] ? do_raw_spin_unlock+0x172/0x230 [ 590.740263][T14631] ? swp_swap_info+0xce/0x130 [ 590.740285][T14631] ? __pfx_swp_swap_info+0x10/0x10 [ 590.740311][T14631] swap_writeout+0x38e/0xfe0 [ 590.740339][T14631] ? folio_clear_dirty_for_io+0x112/0x810 [ 590.740368][T14631] ? __pfx_swap_writeout+0x10/0x10 [ 590.740410][T14631] pageout+0x38f/0xa50 [ 590.740434][T14631] ? __pfx_pageout+0x10/0x10 [ 590.740483][T14631] ? __pfx_try_to_unmap_one+0x10/0x10 [ 590.740510][T14631] ? __pfx_folio_not_mapped+0x10/0x10 [ 590.740534][T14631] ? __pfx_folio_lock_anon_vma_read+0x10/0x10 [ 590.740565][T14631] ? noop_dirty_folio+0x96/0xb0 [ 590.740586][T14631] shrink_folio_list+0x2f4d/0x3fc0 [ 590.740616][T14631] ? __pfx_shrink_folio_list+0x10/0x10 [ 590.740642][T14631] ? rcu_is_watching+0x12/0xc0 [ 590.740662][T14631] ? is_bpf_text_address+0x8a/0x1a0 [ 590.740690][T14631] ? rcu_is_watching+0x12/0xc0 [ 590.740709][T14631] ? lock_release+0x201/0x2f0 [ 590.740734][T14631] ? bpf_ksym_find+0x124/0x1c0 [ 590.740755][T14631] ? is_bpf_text_address+0x94/0x1a0 [ 590.740783][T14631] ? kernel_text_address+0x8d/0x100 [ 590.740819][T14631] ? __x64_sys_mmap+0x125/0x190 [ 590.740846][T14631] ? __kernel_text_address+0xd/0x40 [ 590.740879][T14631] ? rcu_is_watching+0x12/0xc0 [ 590.740898][T14631] ? unwind_next_frame+0x3f4/0x20a0 [ 590.740929][T14631] ? rcu_is_watching+0x12/0xc0 [ 590.740957][T14631] ? unwind_get_return_address+0x59/0xa0 [ 590.740992][T14631] ? arch_stack_walk+0x88/0x100 [ 590.741028][T14631] reclaim_folio_list+0xda/0x5d0 [ 590.741055][T14631] ? stack_trace_save+0x8e/0xc0 [ 590.741077][T14631] ? css_rstat_updated+0x9d/0xd30 [ 590.741098][T14631] ? __pfx_reclaim_folio_list+0x10/0x10 [ 590.741130][T14631] ? lru_gen_update_size+0x543/0xe10 [ 590.741158][T14631] ? lru_gen_del_folio+0x32b/0x540 [ 590.741183][T14631] reclaim_pages+0x47b/0x650 [ 590.741212][T14631] ? __pfx_reclaim_pages+0x10/0x10 [ 590.741239][T14631] ? rcu_is_watching+0x12/0xc0 [ 590.741264][T14631] ? lock_release+0x201/0x2f0 [ 590.741292][T14631] madvise_cold_or_pageout_pte_range+0x1437/0x2180 [ 590.741321][T14631] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 590.741348][T14631] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 590.741380][T14631] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 590.741403][T14631] walk_pgd_range+0xc53/0x1f60 [ 590.741444][T14631] ? __pfx_walk_pgd_range+0x10/0x10 [ 590.741479][T14631] __walk_page_range+0x163/0x820 [ 590.741512][T14631] ? find_vma+0xbf/0x140 [ 590.741530][T14631] ? __pfx_find_vma+0x10/0x10 [ 590.741550][T14631] ? rcu_is_watching+0x12/0xc0 [ 590.741569][T14631] ? walk_page_test+0x9b/0x180 [ 590.741601][T14631] walk_page_range_mm+0x54d/0x8a0 [ 590.741634][T14631] ? __pfx_walk_page_range_mm+0x10/0x10 [ 590.741667][T14631] ? page_table_check_set+0x631/0x750 [ 590.741701][T14631] ? mlock_drain_local+0x22d/0x4f0 [ 590.741729][T14631] ? rcu_is_watching+0x12/0xc0 [ 590.741749][T14631] ? lock_release+0x201/0x2f0 [ 590.741775][T14631] walk_page_range+0x63/0x90 [ 590.741808][T14631] madvise_pageout+0x254/0x540 [ 590.741828][T14631] ? __pfx_madvise_pageout+0x10/0x10 [ 590.741852][T14631] ? mtree_range_walk+0x718/0xc00 [ 590.741879][T14631] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 590.741911][T14631] madvise_vma_behavior+0x460/0x2420 [ 590.741932][T14631] ? mas_prev_setup.constprop.0+0x81/0x830 [ 590.741963][T14631] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 590.741985][T14631] ? __pfx_mas_prev+0x10/0x10 [ 590.742025][T14631] ? find_vma_prev+0xda/0x160 [ 590.742047][T14631] ? __pfx_find_vma_prev+0x10/0x10 [ 590.742076][T14631] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 590.742098][T14631] madvise_walk_vmas+0x1d1/0x2c0 [ 590.742118][T14631] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 590.742136][T14631] ? futex_wake+0x456/0x530 [ 590.742168][T14631] madvise_do_behavior+0x15d/0x3f0 [ 590.742190][T14631] ? __pfx_madvise_do_behavior+0x10/0x10 [ 590.742218][T14631] do_madvise+0x161/0x230 [ 590.742238][T14631] ? __pfx_do_madvise+0x10/0x10 [ 590.742258][T14631] ? rcu_is_watching+0x12/0xc0 [ 590.742283][T14631] ? xfd_validate_state+0x61/0x180 [ 590.742312][T14631] __x64_sys_madvise+0xa9/0x110 [ 590.742333][T14631] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 590.742366][T14631] do_syscall_64+0xcd/0x490 [ 590.742398][T14631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.742419][T14631] RIP: 0033:0x7f44c678e929 [ 590.742434][T14631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 590.742455][T14631] RSP: 002b:00007f44c7537038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 590.742474][T14631] RAX: ffffffffffffffda RBX: 00007f44c69b5fa0 RCX: 00007f44c678e929 [ 590.742488][T14631] RDX: 0000000000000015 RSI: 0000000000000005 RDI: 0000000000000000 [ 590.742500][T14631] RBP: 00007f44c6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 590.742513][T14631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 590.742525][T14631] R13: 0000000000000000 R14: 00007f44c69b5fa0 R15: 00007fff42cd9028 [ 590.742544][T14631] [ 591.313307][ C1] vkms_vblank_simulate: vblank timer overrun [ 591.381582][T14633] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2055'. [ 591.984109][T14650] Process accounting resumed [ 592.243625][T14658] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2060'. [ 592.422460][T14664] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2061'. [ 593.142795][T14677] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2066'. [ 593.218227][T14677] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2066'. [ 593.581879][T14685] caif:caif_disconnect_client(): nothing to disconnect [ 595.160853][T14715] caif:caif_disconnect_client(): nothing to disconnect [ 595.668750][T14707] caif:caif_disconnect_client(): nothing to disconnect [ 595.817423][T14729] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2076'. [ 595.863636][T14728] FAULT_INJECTION: forcing a failure. [ 595.863636][T14728] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 595.905039][T14738] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2076'. [ 595.926367][T14728] CPU: 1 UID: 0 PID: 14728 Comm: syz.1.2077 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 595.926401][T14728] Tainted: [U]=USER [ 595.926408][T14728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 595.926420][T14728] Call Trace: [ 595.926426][T14728] [ 595.926434][T14728] dump_stack_lvl+0x16c/0x1f0 [ 595.926468][T14728] should_fail_ex+0x512/0x640 [ 595.926501][T14728] strncpy_from_user+0x3b/0x2e0 [ 595.926530][T14728] getname_flags.part.0+0x8f/0x550 [ 595.926554][T14728] getname_flags+0x93/0xf0 [ 595.926581][T14728] do_sys_openat2+0xb8/0x1d0 [ 595.926604][T14728] ? __pfx_do_sys_openat2+0x10/0x10 [ 595.926628][T14728] ? __fget_files+0x20e/0x3c0 [ 595.926656][T14728] ? rcu_watching_snap_stopped_since+0x80/0x110 [ 595.926683][T14728] __x64_sys_openat+0x174/0x210 [ 595.926707][T14728] ? __pfx___x64_sys_openat+0x10/0x10 [ 595.926736][T14728] ? ksys_write+0x1ac/0x250 [ 595.926770][T14728] do_syscall_64+0xcd/0x490 [ 595.926807][T14728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.926830][T14728] RIP: 0033:0x7fe107d8e929 [ 595.926845][T14728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 595.926866][T14728] RSP: 002b:00007fe108b33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 595.926885][T14728] RAX: ffffffffffffffda RBX: 00007fe107fb5fa0 RCX: 00007fe107d8e929 [ 595.926900][T14728] RDX: 0000000000080b00 RSI: 0000200000000300 RDI: ffffffffffffff9c [ 595.926913][T14728] RBP: 00007fe108b33090 R08: 0000000000000000 R09: 0000000000000000 [ 595.926926][T14728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 595.926939][T14728] R13: 0000000000000000 R14: 00007fe107fb5fa0 R15: 00007fff78845b88 [ 595.926958][T14728] [ 598.513252][T14789] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2091'. [ 598.541401][T14789] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2091'. [ 598.794067][ T7976] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 599.273966][T14797] ima: policy update failed [ 599.278951][ T30] audit: type=1802 audit(4294968723.860:31): pid=14797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.2095" res=0 errno=0 [ 599.589640][T14817] vhci_hcd: invalid port number 16 [ 599.809124][T14802] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 599.833336][T14802] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 599.869404][T14802] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 599.908586][T14802] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 599.959250][T14802] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 599.990912][T14802] CPU0 is offline. [ 600.151625][T14830] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2102'. [ 600.199322][T14830] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2102'. [ 600.450366][T14832] FAULT_INJECTION: forcing a failure. [ 600.450366][T14832] name failslab, interval 1, probability 0, space 0, times 0 [ 600.590146][T14832] CPU: 1 UID: 0 PID: 14832 Comm: syz.3.2103 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 600.590189][T14832] Tainted: [U]=USER [ 600.590197][T14832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 600.590211][T14832] Call Trace: [ 600.590218][T14832] [ 600.590226][T14832] dump_stack_lvl+0x16c/0x1f0 [ 600.590266][T14832] should_fail_ex+0x512/0x640 [ 600.590303][T14832] ? tomoyo_encode2+0x100/0x3e0 [ 600.590335][T14832] should_failslab+0xc2/0x120 [ 600.590357][T14832] __kmalloc_noprof+0xd2/0x510 [ 600.590395][T14832] tomoyo_encode2+0x100/0x3e0 [ 600.590429][T14832] tomoyo_encode+0x29/0x50 [ 600.590466][T14832] tomoyo_realpath_from_path+0x18f/0x6e0 [ 600.590504][T14832] tomoyo_check_open_permission+0x2ab/0x3c0 [ 600.590532][T14832] ? init_file+0x93/0x4c0 [ 600.590553][T14832] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 600.590582][T14832] ? do_sys_openat2+0x11b/0x1d0 [ 600.590612][T14832] ? lock_release+0x201/0x2f0 [ 600.590651][T14832] ? do_raw_spin_lock+0x12c/0x2b0 [ 600.590688][T14832] ? path_get+0x61/0x80 [ 600.590708][T14832] ? rcu_is_watching+0x12/0xc0 [ 600.590732][T14832] tomoyo_file_open+0x6b/0x90 [ 600.590770][T14832] security_file_open+0x84/0x1e0 [ 600.590813][T14832] do_dentry_open+0x596/0x1c10 [ 600.590870][T14832] vfs_open+0x82/0x3f0 [ 600.590896][T14832] path_openat+0x1de4/0x2cb0 [ 600.590935][T14832] ? __pfx_path_openat+0x10/0x10 [ 600.590973][T14832] do_filp_open+0x20b/0x470 [ 600.591007][T14832] ? __pfx_do_filp_open+0x10/0x10 [ 600.591064][T14832] ? alloc_fd+0x471/0x7d0 [ 600.591098][T14832] do_sys_openat2+0x11b/0x1d0 [ 600.591122][T14832] ? __pfx_do_sys_openat2+0x10/0x10 [ 600.591148][T14832] ? rcu_is_watching+0x12/0xc0 [ 600.591174][T14832] __x64_sys_openat+0x174/0x210 [ 600.591200][T14832] ? __pfx___x64_sys_openat+0x10/0x10 [ 600.591235][T14832] do_syscall_64+0xcd/0x490 [ 600.591271][T14832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.591295][T14832] RIP: 0033:0x7f44c678e929 [ 600.591312][T14832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 600.591334][T14832] RSP: 002b:00007f44c7537038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 600.591356][T14832] RAX: ffffffffffffffda RBX: 00007f44c69b5fa0 RCX: 00007f44c678e929 [ 600.591372][T14832] RDX: 0000000000088000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 600.591387][T14832] RBP: 00007f44c6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 600.591401][T14832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 600.591415][T14832] R13: 0000000000000000 R14: 00007f44c69b5fa0 R15: 00007fff42cd9028 [ 600.591437][T14832] [ 601.061684][T14832] ERROR: Out of memory at tomoyo_realpath_from_path. [ 601.170461][ T7976] Bluetooth: hci0: command 0x0406 tx timeout [ 601.180986][ T30] audit: type=1800 audit(4294968725.650:32): pid=14840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2105" name="dbroot" dev="configfs" ino=48726 res=0 errno=0 [ 601.269852][T14850] block nbd9: NBD_DISCONNECT [ 601.293885][T14850] block nbd9: Send disconnect failed -22 [ 601.310495][T14850] block nbd9: Disconnected due to user request. [ 601.330621][T14850] block nbd9: shutting down sockets [ 601.843455][ T7732] Bluetooth: hci2: command 0x0406 tx timeout [ 601.923489][ T7732] Bluetooth: hci3: command 0x0406 tx timeout [ 602.003754][ T7732] Bluetooth: hci1: command 0x0406 tx timeout [ 602.052067][T14868] FAULT_INJECTION: forcing a failure. [ 602.052067][T14868] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 602.081299][T14868] CPU: 1 UID: 0 PID: 14868 Comm: syz.5.2111 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 602.081335][T14868] Tainted: [U]=USER [ 602.081342][T14868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 602.081355][T14868] Call Trace: [ 602.081362][T14868] [ 602.081369][T14868] dump_stack_lvl+0x16c/0x1f0 [ 602.081410][T14868] should_fail_ex+0x512/0x640 [ 602.081444][T14868] _copy_to_iter+0x29f/0x16f0 [ 602.081480][T14868] ? chacha_block_generic+0x211/0x330 [ 602.081528][T14868] ? __pfx__copy_to_iter+0x10/0x10 [ 602.081564][T14868] ? rcu_is_watching+0x12/0xc0 [ 602.081589][T14868] ? crng_make_state+0x48e/0x6d0 [ 602.081616][T14868] get_random_bytes_user+0x17f/0x3c0 [ 602.081641][T14868] ? __pfx_get_random_bytes_user+0x10/0x10 [ 602.081670][T14868] ? do_futex+0x122/0x350 [ 602.081700][T14868] ? import_ubuf+0x1b6/0x220 [ 602.081735][T14868] __x64_sys_getrandom+0x183/0x290 [ 602.081763][T14868] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 602.081798][T14868] do_syscall_64+0xcd/0x490 [ 602.081834][T14868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.081858][T14868] RIP: 0033:0x7f01fa18e929 [ 602.081874][T14868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 602.081897][T14868] RSP: 002b:00007f01faf5e038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 602.081918][T14868] RAX: ffffffffffffffda RBX: 00007f01fa3b5fa0 RCX: 00007f01fa18e929 [ 602.081933][T14868] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 602.081947][T14868] RBP: 00007f01fa210b39 R08: 0000000000000000 R09: 0000000000000000 [ 602.081962][T14868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 602.081976][T14868] R13: 0000000000000000 R14: 00007f01fa3b5fa0 R15: 00007ffe1afc0018 [ 602.081997][T14868] [ 602.368451][T14875] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2114'. [ 602.379775][T14875] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2114'. [ 602.619049][T14883] FAULT_INJECTION: forcing a failure. [ 602.619049][T14883] name failslab, interval 1, probability 0, space 0, times 0 [ 602.636745][T14883] CPU: 1 UID: 0 PID: 14883 Comm: syz.3.2116 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 602.636783][T14883] Tainted: [U]=USER [ 602.636790][T14883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 602.636803][T14883] Call Trace: [ 602.636809][T14883] [ 602.636817][T14883] dump_stack_lvl+0x16c/0x1f0 [ 602.636855][T14883] should_fail_ex+0x512/0x640 [ 602.636890][T14883] should_failslab+0xc2/0x120 [ 602.636910][T14883] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 602.636945][T14883] ? __alloc_skb+0x2b2/0x380 [ 602.636979][T14883] __alloc_skb+0x2b2/0x380 [ 602.637011][T14883] ? __pfx___alloc_skb+0x10/0x10 [ 602.637043][T14883] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 602.637070][T14883] netlink_alloc_large_skb+0x69/0x130 [ 602.637094][T14883] netlink_sendmsg+0x6a1/0xdd0 [ 602.637119][T14883] ? __pfx_netlink_sendmsg+0x10/0x10 [ 602.637147][T14883] ____sys_sendmsg+0xa98/0xc70 [ 602.637173][T14883] ? copy_msghdr_from_user+0x10a/0x160 [ 602.637206][T14883] ? __pfx_____sys_sendmsg+0x10/0x10 [ 602.637230][T14883] ? __pfx_kstrtouint+0x10/0x10 [ 602.637259][T14883] ? kstrtouint_from_user+0x13c/0x1d0 [ 602.637287][T14883] ___sys_sendmsg+0x134/0x1d0 [ 602.637328][T14883] ? __pfx____sys_sendmsg+0x10/0x10 [ 602.637368][T14883] ? rcu_is_watching+0x12/0xc0 [ 602.637400][T14883] __sys_sendmsg+0x16d/0x220 [ 602.637434][T14883] ? __pfx___sys_sendmsg+0x10/0x10 [ 602.637476][T14883] do_syscall_64+0xcd/0x490 [ 602.637511][T14883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.637534][T14883] RIP: 0033:0x7f44c678e929 [ 602.637550][T14883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 602.637572][T14883] RSP: 002b:00007f44c7537038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 602.637594][T14883] RAX: ffffffffffffffda RBX: 00007f44c69b5fa0 RCX: 00007f44c678e929 [ 602.637609][T14883] RDX: 000000002000c800 RSI: 0000200000000040 RDI: 0000000000000003 [ 602.637624][T14883] RBP: 00007f44c7537090 R08: 0000000000000000 R09: 0000000000000000 [ 602.637638][T14883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 602.637651][T14883] R13: 0000000000000000 R14: 00007f44c69b5fa0 R15: 00007fff42cd9028 [ 602.637672][T14883] [ 603.959408][T14914] input: jJǸí¸ü;9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input31 [ 604.003596][ T7732] Bluetooth: hci3: command 0x0406 tx timeout [ 604.512660][T14924] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2124'. [ 604.589446][T14924] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2124'. [ 604.939337][T14939] FAULT_INJECTION: forcing a failure. [ 604.939337][T14939] name failslab, interval 1, probability 0, space 0, times 0 [ 605.004739][T14939] CPU: 1 UID: 0 PID: 14939 Comm: syz.0.2127 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 605.004777][T14939] Tainted: [U]=USER [ 605.004784][T14939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 605.004798][T14939] Call Trace: [ 605.004804][T14939] [ 605.004813][T14939] dump_stack_lvl+0x16c/0x1f0 [ 605.004851][T14939] should_fail_ex+0x512/0x640 [ 605.004887][T14939] should_failslab+0xc2/0x120 [ 605.004908][T14939] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 605.004943][T14939] ? mas_alloc_nodes+0x18b/0x8b0 [ 605.004975][T14939] mas_alloc_nodes+0x18b/0x8b0 [ 605.005008][T14939] mas_node_count_gfp+0x105/0x130 [ 605.005040][T14939] mas_preallocate+0x7e0/0xde0 [ 605.005064][T14939] ? __pfx_mas_preallocate+0x10/0x10 [ 605.005086][T14939] ? lock_release+0x201/0x2f0 [ 605.005120][T14939] ? __pfx_mt_find+0x10/0x10 [ 605.005139][T14939] ? rcu_is_watching+0x12/0xc0 [ 605.005168][T14939] vma_link+0x135/0x6a0 [ 605.005202][T14939] ? __pfx_vma_link+0x10/0x10 [ 605.005242][T14939] insert_vm_struct+0xf4/0x2d0 [ 605.005299][T14939] create_init_stack_vma+0x2da/0x700 [ 605.005339][T14939] alloc_bprm+0x420/0x6f0 [ 605.005370][T14939] do_execveat_common.isra.0+0x1ce/0x610 [ 605.005406][T14939] __x64_sys_execveat+0xda/0x120 [ 605.005439][T14939] do_syscall_64+0xcd/0x490 [ 605.005476][T14939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.005502][T14939] RIP: 0033:0x7f608438e929 [ 605.005519][T14939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.005542][T14939] RSP: 002b:00007f60851c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 605.005564][T14939] RAX: ffffffffffffffda RBX: 00007f60845b6080 RCX: 00007f608438e929 [ 605.005580][T14939] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 605.005593][T14939] RBP: 00007f60851c4090 R08: 0000000000011000 R09: 0000000000000000 [ 605.005608][T14939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 605.005623][T14939] R13: 0000000000000000 R14: 00007f60845b6080 R15: 00007ffc74faa3d8 [ 605.005644][T14939] [ 605.724440][T14954] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2131'. [ 606.207827][T14931] zswap: compressor 000 not available [ 606.219727][T14968] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2134'. [ 606.490232][T14973] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2136'. [ 606.544336][T14973] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2136'. [ 608.194001][T15013] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2144'. [ 608.610811][T15021] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2148'. [ 608.654388][T15021] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2148'. [ 608.933468][T15033] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2152'. [ 609.465699][T15047] FAULT_INJECTION: forcing a failure. [ 609.465699][T15047] name failslab, interval 1, probability 0, space 0, times 0 [ 609.547125][T15047] CPU: 1 UID: 0 PID: 15047 Comm: syz.0.2157 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 609.547162][T15047] Tainted: [U]=USER [ 609.547169][T15047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 609.547182][T15047] Call Trace: [ 609.547189][T15047] [ 609.547196][T15047] dump_stack_lvl+0x16c/0x1f0 [ 609.547234][T15047] should_fail_ex+0x512/0x640 [ 609.547268][T15047] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 609.547300][T15047] should_failslab+0xc2/0x120 [ 609.547321][T15047] __kmalloc_noprof+0xd2/0x510 [ 609.547356][T15047] tomoyo_realpath_from_path+0xc2/0x6e0 [ 609.547388][T15047] ? tomoyo_profile+0x47/0x60 [ 609.547423][T15047] tomoyo_path_number_perm+0x245/0x580 [ 609.547449][T15047] ? tomoyo_path_number_perm+0x237/0x580 [ 609.547475][T15047] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 609.547506][T15047] ? preempt_count_add+0x76/0x150 [ 609.547566][T15047] ? rcu_is_watching+0x12/0xc0 [ 609.547590][T15047] ? __fget_files+0x204/0x3c0 [ 609.547621][T15047] ? hook_file_ioctl_common+0x145/0x410 [ 609.547646][T15047] ? lock_release+0x201/0x2f0 [ 609.547677][T15047] ? __fget_files+0x20e/0x3c0 [ 609.547711][T15047] security_file_ioctl+0x9b/0x240 [ 609.547740][T15047] __x64_sys_ioctl+0xb7/0x210 [ 609.547768][T15047] do_syscall_64+0xcd/0x490 [ 609.547805][T15047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.547829][T15047] RIP: 0033:0x7f608438e929 [ 609.547846][T15047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 609.547869][T15047] RSP: 002b:00007f60851e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 609.547891][T15047] RAX: ffffffffffffffda RBX: 00007f60845b5fa0 RCX: 00007f608438e929 [ 609.547907][T15047] RDX: 00002000000005c0 RSI: 000000004018bc13 RDI: 0000000000000003 [ 609.547922][T15047] RBP: 00007f60851e5090 R08: 0000000000000000 R09: 0000000000000000 [ 609.547936][T15047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 609.547951][T15047] R13: 0000000000000000 R14: 00007f60845b5fa0 R15: 00007ffc74faa3d8 [ 609.547980][T15047] [ 609.548167][T15047] ERROR: Out of memory at tomoyo_realpath_from_path. [ 609.948855][T15058] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2160'. [ 609.981864][T15058] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2160'. [ 610.455032][T15071] FAULT_INJECTION: forcing a failure. [ 610.455032][T15071] name failslab, interval 1, probability 0, space 0, times 0 [ 610.526030][T15071] CPU: 1 UID: 0 PID: 15071 Comm: syz.3.2166 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 610.526068][T15071] Tainted: [U]=USER [ 610.526075][T15071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 610.526088][T15071] Call Trace: [ 610.526095][T15071] [ 610.526103][T15071] dump_stack_lvl+0x16c/0x1f0 [ 610.526140][T15071] should_fail_ex+0x512/0x640 [ 610.526175][T15071] should_failslab+0xc2/0x120 [ 610.526196][T15071] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 610.526230][T15071] ? mas_alloc_nodes+0x18b/0x8b0 [ 610.526262][T15071] mas_alloc_nodes+0x18b/0x8b0 [ 610.526294][T15071] mas_node_count_gfp+0x105/0x130 [ 610.526326][T15071] mas_preallocate+0x7e0/0xde0 [ 610.526349][T15071] ? __pfx_mas_preallocate+0x10/0x10 [ 610.526371][T15071] ? lock_release+0x201/0x2f0 [ 610.526404][T15071] ? __pfx_mt_find+0x10/0x10 [ 610.526423][T15071] ? rcu_is_watching+0x12/0xc0 [ 610.526447][T15071] vma_link+0x135/0x6a0 [ 610.526482][T15071] ? __pfx_vma_link+0x10/0x10 [ 610.526521][T15071] insert_vm_struct+0xf4/0x2d0 [ 610.526557][T15071] create_init_stack_vma+0x2da/0x700 [ 610.526595][T15071] alloc_bprm+0x420/0x6f0 [ 610.526624][T15071] do_execveat_common.isra.0+0x1ce/0x610 [ 610.526658][T15071] __x64_sys_execveat+0xda/0x120 [ 610.526690][T15071] do_syscall_64+0xcd/0x490 [ 610.526726][T15071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.526749][T15071] RIP: 0033:0x7f44c678e929 [ 610.526765][T15071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 610.526788][T15071] RSP: 002b:00007f44c7537038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 610.526809][T15071] RAX: ffffffffffffffda RBX: 00007f44c69b5fa0 RCX: 00007f44c678e929 [ 610.526824][T15071] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 610.526838][T15071] RBP: 00007f44c7537090 R08: 0000000000011000 R09: 0000000000000000 [ 610.526851][T15071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 610.526872][T15071] R13: 0000000000000000 R14: 00007f44c69b5fa0 R15: 00007fff42cd9028 [ 610.526893][T15071] [ 611.053885][T15090] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 611.089385][T15090] ieee80211 !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]: Selected rate control algorithm 'minstrel_ht' [ 611.491911][T15096] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2171'. [ 611.755498][T15104] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2176'. [ 611.797982][T15104] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2176'. [ 612.701659][T15135] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2185'. [ 612.764965][T15140] IPv6: NLM_F_CREATE should be specified when creating new route [ 612.814722][T15140] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 612.822011][T15140] IPv6: NLM_F_CREATE should be set when creating new route [ 612.829254][T15140] IPv6: NLM_F_CREATE should be set when creating new route [ 613.522551][T15159] program syz.0.2190 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 613.592539][T15159] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 614.032595][T15158] FAULT_INJECTION: forcing a failure. [ 614.032595][T15158] name failslab, interval 1, probability 0, space 0, times 0 [ 614.259796][T15158] CPU: 1 UID: 0 PID: 15158 Comm: syz.3.2191 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 614.259838][T15158] Tainted: [U]=USER [ 614.259846][T15158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 614.259860][T15158] Call Trace: [ 614.259867][T15158] [ 614.259876][T15158] dump_stack_lvl+0x16c/0x1f0 [ 614.259916][T15158] should_fail_ex+0x512/0x640 [ 614.259954][T15158] should_failslab+0xc2/0x120 [ 614.259976][T15158] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 614.260016][T15158] ? devinet_init_net+0x9c/0x910 [ 614.260046][T15158] ? __pfx_devinet_init_net+0x10/0x10 [ 614.260075][T15158] kmemdup_noprof+0x29/0x60 [ 614.260111][T15158] devinet_init_net+0x9c/0x910 [ 614.260140][T15158] ? __pfx_devinet_init_net+0x10/0x10 [ 614.260169][T15158] ops_init+0x1df/0x5f0 [ 614.260209][T15158] setup_net+0x1ff/0x510 [ 614.260228][T15158] ? lockdep_init_map_type+0x5c/0x280 [ 614.260261][T15158] ? __pfx_setup_net+0x10/0x10 [ 614.260280][T15158] ? __raw_spin_lock_init+0x3a/0x110 [ 614.260319][T15158] ? debug_mutex_init+0x37/0x70 [ 614.260341][T15158] copy_net_ns+0x2a6/0x5f0 [ 614.260367][T15158] create_new_namespaces+0x3ea/0xa90 [ 614.260395][T15158] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 614.260423][T15158] ksys_unshare+0x45b/0xa40 [ 614.260465][T15158] ? __pfx_ksys_unshare+0x10/0x10 [ 614.260497][T15158] ? xfd_validate_state+0x61/0x180 [ 614.260531][T15158] __x64_sys_unshare+0x31/0x40 [ 614.260561][T15158] do_syscall_64+0xcd/0x490 [ 614.260597][T15158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.260621][T15158] RIP: 0033:0x7f44c678e929 [ 614.260639][T15158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 614.260662][T15158] RSP: 002b:00007f44c7537038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 614.260684][T15158] RAX: ffffffffffffffda RBX: 00007f44c69b5fa0 RCX: 00007f44c678e929 [ 614.260705][T15158] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 614.260719][T15158] RBP: 00007f44c6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 614.260733][T15158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 614.260747][T15158] R13: 0000000000000000 R14: 00007f44c69b5fa0 R15: 00007fff42cd9028 [ 614.260769][T15158] [ 614.491159][ C1] vkms_vblank_simulate: vblank timer overrun [ 614.637560][T15182] __nla_validate_parse: 1 callbacks suppressed [ 614.637577][T15182] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2196'. [ 614.756478][T15180] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 615.240925][T15202] kafs: addr_prefs: Too many elements in string [ 616.435868][T15216] FAULT_INJECTION: forcing a failure. [ 616.435868][T15216] name failslab, interval 1, probability 0, space 0, times 0 [ 616.500755][T15216] CPU: 1 UID: 0 PID: 15216 Comm: syz.0.2206 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 616.500797][T15216] Tainted: [U]=USER [ 616.500805][T15216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 616.500819][T15216] Call Trace: [ 616.500826][T15216] [ 616.500834][T15216] dump_stack_lvl+0x16c/0x1f0 [ 616.500874][T15216] should_fail_ex+0x512/0x640 [ 616.500910][T15216] should_failslab+0xc2/0x120 [ 616.500932][T15216] __kmalloc_cache_noprof+0x6a/0x3e0 [ 616.500964][T15216] ? x509_cert_parse+0x162/0x900 [ 616.500993][T15216] ? kasan_save_track+0x14/0x30 [ 616.501029][T15216] x509_cert_parse+0x162/0x900 [ 616.501056][T15216] ? kasan_save_stack+0x42/0x60 [ 616.501088][T15216] ? kasan_save_stack+0x33/0x60 [ 616.501121][T15216] ? kasan_save_track+0x14/0x30 [ 616.501155][T15216] pkcs7_extract_cert+0xa4/0x320 [ 616.501190][T15216] asn1_ber_decoder+0xc5f/0x1df0 [ 616.501232][T15216] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 616.501277][T15216] pkcs7_parse_message+0x288/0x720 [ 616.501311][T15216] verify_pkcs7_signature+0x30/0xa0 [ 616.501337][T15216] valid_regdb+0x215/0x590 [ 616.501360][T15216] ? __pfx___mutex_lock+0x10/0x10 [ 616.501397][T15216] ? __pfx_valid_regdb+0x10/0x10 [ 616.501421][T15216] reg_reload_regdb+0x11e/0x460 [ 616.501448][T15216] ? __pfx_reg_reload_regdb+0x10/0x10 [ 616.501476][T15216] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 616.501511][T15216] ? nl80211_pre_doit+0x1b0/0xb10 [ 616.501554][T15216] genl_family_rcv_msg_doit+0x209/0x2f0 [ 616.501585][T15216] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 616.501614][T15216] ? rcu_is_watching+0x12/0xc0 [ 616.501641][T15216] ? bpf_lsm_capable+0x9/0x10 [ 616.501670][T15216] ? security_capable+0x7e/0x260 [ 616.501714][T15216] genl_rcv_msg+0x55c/0x800 [ 616.501743][T15216] ? __pfx_genl_rcv_msg+0x10/0x10 [ 616.501771][T15216] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 616.501805][T15216] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 616.501830][T15216] ? __pfx_nl80211_post_doit+0x10/0x10 [ 616.501871][T15216] netlink_rcv_skb+0x158/0x420 [ 616.501895][T15216] ? __pfx_genl_rcv_msg+0x10/0x10 [ 616.501924][T15216] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 616.501954][T15216] ? netlink_deliver_tap+0x1ae/0xd30 [ 616.501978][T15216] genl_rcv+0x28/0x40 [ 616.502002][T15216] netlink_unicast+0x53a/0x7f0 [ 616.502027][T15216] ? __pfx_netlink_unicast+0x10/0x10 [ 616.502054][T15216] netlink_sendmsg+0x8d1/0xdd0 [ 616.502080][T15216] ? __pfx_netlink_sendmsg+0x10/0x10 [ 616.502109][T15216] ____sys_sendmsg+0xa98/0xc70 [ 616.502136][T15216] ? copy_msghdr_from_user+0x10a/0x160 [ 616.502171][T15216] ? __pfx_____sys_sendmsg+0x10/0x10 [ 616.502200][T15216] ? __pfx_futex_wake_mark+0x10/0x10 [ 616.502236][T15216] ___sys_sendmsg+0x134/0x1d0 [ 616.502271][T15216] ? __pfx____sys_sendmsg+0x10/0x10 [ 616.502312][T15216] ? rcu_is_watching+0x12/0xc0 [ 616.502344][T15216] __sys_sendmsg+0x16d/0x220 [ 616.502379][T15216] ? __pfx___sys_sendmsg+0x10/0x10 [ 616.502414][T15216] ? __x64_sys_futex+0x1e0/0x4c0 [ 616.502450][T15216] do_syscall_64+0xcd/0x490 [ 616.502487][T15216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.502511][T15216] RIP: 0033:0x7f608438e929 [ 616.502535][T15216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 616.502557][T15216] RSP: 002b:00007f60851e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 616.502580][T15216] RAX: ffffffffffffffda RBX: 00007f60845b5fa0 RCX: 00007f608438e929 [ 616.502595][T15216] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 616.502610][T15216] RBP: 00007f6084410b39 R08: 0000000000000000 R09: 0000000000000000 [ 616.502625][T15216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 616.502638][T15216] R13: 0000000000000000 R14: 00007f60845b5fa0 R15: 00007ffc74faa3d8 [ 616.502660][T15216] [ 616.878677][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.504762][T15222] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2207'. [ 617.537432][T15222] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2207'. [ 617.795852][T15230] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2210'. [ 619.455470][T15270] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2218'. [ 619.506935][T15270] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2218'. [ 619.661479][T15250] base_sock_release(ffff88806e258600) sk=ffff88801252a000 [ 619.882811][T15277] netlink: 388 bytes leftover after parsing attributes in process `syz.3.2220'. [ 620.300572][T15286] FAULT_INJECTION: forcing a failure. [ 620.300572][T15286] name failslab, interval 1, probability 0, space 0, times 0 [ 620.354946][T15286] CPU: 1 UID: 0 PID: 15286 Comm: syz.1.2223 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 620.354987][T15286] Tainted: [U]=USER [ 620.354994][T15286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 620.355008][T15286] Call Trace: [ 620.355015][T15286] [ 620.355024][T15286] dump_stack_lvl+0x16c/0x1f0 [ 620.355062][T15286] should_fail_ex+0x512/0x640 [ 620.355098][T15286] should_failslab+0xc2/0x120 [ 620.355120][T15286] __kmalloc_cache_noprof+0x6a/0x3e0 [ 620.355151][T15286] ? idr_get_next+0xec/0x150 [ 620.355183][T15286] ? nbd_alloc_and_init_config+0x97/0x2a0 [ 620.355222][T15286] nbd_alloc_and_init_config+0x97/0x2a0 [ 620.355257][T15286] nbd_genl_connect+0x490/0x1c20 [ 620.355303][T15286] ? __pfx_nbd_genl_connect+0x10/0x10 [ 620.355342][T15286] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 620.355376][T15286] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 620.355411][T15286] genl_family_rcv_msg_doit+0x209/0x2f0 [ 620.355441][T15286] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 620.355471][T15286] ? genl_get_cmd+0x194/0x580 [ 620.355512][T15286] ? __radix_tree_lookup+0x21f/0x2c0 [ 620.355545][T15286] genl_rcv_msg+0x55c/0x800 [ 620.355574][T15286] ? __pfx_genl_rcv_msg+0x10/0x10 [ 620.355602][T15286] ? __pfx_nbd_genl_connect+0x10/0x10 [ 620.355661][T15286] netlink_rcv_skb+0x158/0x420 [ 620.355684][T15286] ? __pfx_genl_rcv_msg+0x10/0x10 [ 620.355713][T15286] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 620.355744][T15286] ? netlink_deliver_tap+0x1ae/0xd30 [ 620.355767][T15286] genl_rcv+0x28/0x40 [ 620.355792][T15286] netlink_unicast+0x53a/0x7f0 [ 620.355818][T15286] ? __pfx_netlink_unicast+0x10/0x10 [ 620.355846][T15286] netlink_sendmsg+0x8d1/0xdd0 [ 620.355872][T15286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 620.355902][T15286] ____sys_sendmsg+0xa98/0xc70 [ 620.355929][T15286] ? copy_msghdr_from_user+0x10a/0x160 [ 620.355964][T15286] ? __pfx_____sys_sendmsg+0x10/0x10 [ 620.355989][T15286] ? __pfx_kstrtouint+0x10/0x10 [ 620.356020][T15286] ? kstrtouint_from_user+0x13c/0x1d0 [ 620.356049][T15286] ___sys_sendmsg+0x134/0x1d0 [ 620.356085][T15286] ? __pfx____sys_sendmsg+0x10/0x10 [ 620.356133][T15286] ? __pfx_vfs_write+0x10/0x10 [ 620.356166][T15286] ? do_sys_openat2+0x157/0x1d0 [ 620.356193][T15286] __sys_sendmsg+0x16d/0x220 [ 620.356229][T15286] ? __pfx___sys_sendmsg+0x10/0x10 [ 620.356274][T15286] do_syscall_64+0xcd/0x490 [ 620.356315][T15286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.356339][T15286] RIP: 0033:0x7fe107d8e929 [ 620.356357][T15286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.356380][T15286] RSP: 002b:00007fe108b33038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 620.356402][T15286] RAX: ffffffffffffffda RBX: 00007fe107fb5fa0 RCX: 00007fe107d8e929 [ 620.356418][T15286] RDX: 0000000000008880 RSI: 0000200000001e00 RDI: 0000000000000001 [ 620.356433][T15286] RBP: 00007fe108b33090 R08: 0000000000000000 R09: 0000000000000000 [ 620.356447][T15286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 620.356461][T15286] R13: 0000000000000000 R14: 00007fe107fb5fa0 R15: 00007fff78845b88 [ 620.356483][T15286] [ 620.356493][T15286] nbd: couldn't allocate config [ 621.466913][T15289] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2224'. [ 622.371155][T15303] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2228'. [ 622.512606][T15305] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2228'. [ 622.566959][T15304] Invalid ELF header magic: != ELF [ 622.928320][T15273] Process accounting paused [ 623.216290][ T30] audit: type=1800 audit(4294968747.800:33): pid=15318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2232" name="file0" dev="tmpfs" ino=2975 res=0 errno=0 [ 623.303860][T15318] base_sock_release(ffff88806e281200) sk=ffff888027cd8000 [ 623.325881][T15320] ubi0: attaching mtd0 [ 624.200036][T15337] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2239'. [ 624.292350][T15337] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2239'. [ 624.673286][T15349] Invalid ELF header magic: != ELF [ 625.283718][ T5915] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 625.290091][ T7976] Bluetooth: hci2: command 0x0406 tx timeout [ 626.711497][T15389] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2251'. [ 626.820683][T15392] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2251'. [ 626.879582][T15391] bridge0: port 2(hsr_slave_1) entered blocking state [ 626.920207][T15391] bridge0: port 2(hsr_slave_1) entered disabled state [ 626.965715][T15391] hsr_slave_1: entered allmulticast mode [ 627.012731][T15391] hsr_slave_1: left allmulticast mode [ 627.235345][T15393] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2250'. [ 628.078937][T15418] KVM: debugfs: duplicate directory 15418-3 [ 628.208902][T15427] zero sized request [ 629.039369][T15429] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2262'. [ 629.081678][T15429] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2262'. [ 629.799784][T15447] ieee80211 phy18: Selected rate control algorithm 'minstrel_ht' [ 629.853668][T15455] FAULT_INJECTION: forcing a failure. [ 629.853668][T15455] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 629.911048][T15455] CPU: 1 UID: 0 PID: 15455 Comm: syz.5.2268 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 629.911081][T15455] Tainted: [U]=USER [ 629.911088][T15455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 629.911101][T15455] Call Trace: [ 629.911107][T15455] [ 629.911114][T15455] dump_stack_lvl+0x16c/0x1f0 [ 629.911149][T15455] should_fail_ex+0x512/0x640 [ 629.911181][T15455] _copy_to_user+0x32/0xd0 [ 629.911213][T15455] simple_read_from_buffer+0xcb/0x170 [ 629.911241][T15455] proc_fail_nth_read+0x197/0x270 [ 629.911264][T15455] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 629.911287][T15455] ? security_file_permission+0x71/0x210 [ 629.911315][T15455] ? rw_verify_area+0xcf/0x680 [ 629.911341][T15455] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 629.911364][T15455] vfs_read+0x1e4/0xc60 [ 629.911393][T15455] ? __pfx___mutex_lock+0x10/0x10 [ 629.911424][T15455] ? __pfx_vfs_read+0x10/0x10 [ 629.911451][T15455] ? __fget_files+0x204/0x3c0 [ 629.911478][T15455] ? rcu_is_watching+0x12/0xc0 [ 629.911505][T15455] ? __fget_files+0x20e/0x3c0 [ 629.911536][T15455] ksys_read+0x12a/0x250 [ 629.911565][T15455] ? __pfx_ksys_read+0x10/0x10 [ 629.911597][T15455] do_syscall_64+0xcd/0x490 [ 629.911631][T15455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.911652][T15455] RIP: 0033:0x7f01fa18d33c [ 629.911667][T15455] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 629.911688][T15455] RSP: 002b:00007f01faf3d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 629.911707][T15455] RAX: ffffffffffffffda RBX: 00007f01fa3b6080 RCX: 00007f01fa18d33c [ 629.911722][T15455] RDX: 000000000000000f RSI: 00007f01faf3d0a0 RDI: 0000000000000005 [ 629.911734][T15455] RBP: 00007f01faf3d090 R08: 0000000000000000 R09: 0000000000000000 [ 629.911755][T15455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 629.911767][T15455] R13: 0000000000000000 R14: 00007f01fa3b6080 R15: 00007ffe1afc0018 [ 629.911787][T15455] [ 631.781891][T15487] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2274'. [ 631.851388][T15487] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2274'. [ 632.097938][T15491] FAULT_INJECTION: forcing a failure. [ 632.097938][T15491] name failslab, interval 1, probability 0, space 0, times 0 [ 632.147941][T15491] CPU: 1 UID: 0 PID: 15491 Comm: syz.3.2276 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 632.147987][T15491] Tainted: [U]=USER [ 632.147995][T15491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 632.148009][T15491] Call Trace: [ 632.148016][T15491] [ 632.148025][T15491] dump_stack_lvl+0x16c/0x1f0 [ 632.148064][T15491] should_fail_ex+0x512/0x640 [ 632.148100][T15491] should_failslab+0xc2/0x120 [ 632.148122][T15491] __kmalloc_cache_noprof+0x6a/0x3e0 [ 632.148154][T15491] ? devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 632.148183][T15491] devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 632.148211][T15491] devlink_fmsg_u8_pair_put+0x270/0x2f0 [ 632.148239][T15491] ? __pfx_devlink_fmsg_u8_pair_put+0x10/0x10 [ 632.148268][T15491] ? __kasan_kmalloc+0x60/0xb0 [ 632.148301][T15491] ? devlink_fmsg_nest_common.part.0+0xcd/0x1e0 [ 632.148330][T15491] nsim_dev_dummy_fmsg_put+0xf8/0x1e0 [ 632.148355][T15491] devlink_health_do_dump+0x240/0x620 [ 632.148385][T15491] devlink_health_report+0x3c9/0x9c0 [ 632.148416][T15491] ? __pfx_devlink_health_report+0x10/0x10 [ 632.148446][T15491] ? _copy_from_user+0x59/0xd0 [ 632.148483][T15491] nsim_dev_health_break_write+0x166/0x210 [ 632.148507][T15491] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 632.148534][T15491] ? rcu_is_watching+0x12/0xc0 [ 632.148559][T15491] full_proxy_write+0x13c/0x200 [ 632.148582][T15491] ? __pfx_full_proxy_write+0x10/0x10 [ 632.148609][T15491] vfs_write+0x29d/0x1150 [ 632.148644][T15491] ? __pfx___mutex_lock+0x10/0x10 [ 632.148681][T15491] ? __pfx_vfs_write+0x10/0x10 [ 632.148713][T15491] ? __fget_files+0x204/0x3c0 [ 632.148743][T15491] ? rcu_is_watching+0x12/0xc0 [ 632.148768][T15491] ? __fget_files+0x20e/0x3c0 [ 632.148803][T15491] ksys_write+0x12a/0x250 [ 632.148835][T15491] ? __pfx_ksys_write+0x10/0x10 [ 632.148872][T15491] do_syscall_64+0xcd/0x490 [ 632.148908][T15491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.148931][T15491] RIP: 0033:0x7f44c678e929 [ 632.148949][T15491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 632.148971][T15491] RSP: 002b:00007f44c7537038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 632.148993][T15491] RAX: ffffffffffffffda RBX: 00007f44c69b5fa0 RCX: 00007f44c678e929 [ 632.149008][T15491] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000005 [ 632.149022][T15491] RBP: 00007f44c6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 632.149037][T15491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 632.149050][T15491] R13: 0000000000000000 R14: 00007f44c69b5fa0 R15: 00007fff42cd9028 [ 632.149072][T15491] [ 634.662478][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 634.675132][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 634.758387][T15523] FAULT_INJECTION: forcing a failure. [ 634.758387][T15523] name failslab, interval 1, probability 0, space 0, times 0 [ 634.771143][T15523] CPU: 1 UID: 0 PID: 15523 Comm: syz.3.2285 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 634.771176][T15523] Tainted: [U]=USER [ 634.771183][T15523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 634.771196][T15523] Call Trace: [ 634.771203][T15523] [ 634.771210][T15523] dump_stack_lvl+0x16c/0x1f0 [ 634.771244][T15523] should_fail_ex+0x512/0x640 [ 634.771275][T15523] ? unwind_get_return_address+0x59/0xa0 [ 634.771309][T15523] should_failslab+0xc2/0x120 [ 634.771329][T15523] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 634.771361][T15523] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 634.771391][T15523] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 634.771421][T15523] idr_get_free+0x528/0xa30 [ 634.771453][T15523] idr_alloc_u32+0x190/0x2f0 [ 634.771488][T15523] ? __pfx_idr_alloc_u32+0x10/0x10 [ 634.771516][T15523] ? do_raw_spin_lock+0x12c/0x2b0 [ 634.771553][T15523] l2tp_tunnel_register+0xf8/0xbe0 [ 634.771578][T15523] ? __debug_object_init+0x2de/0x3d0 [ 634.771601][T15523] ? __pfx___debug_object_init+0x10/0x10 [ 634.771641][T15523] ? __pfx_l2tp_tunnel_register+0x10/0x10 [ 634.771673][T15523] ? lockdep_init_map_type+0x5c/0x280 [ 634.771704][T15523] ? l2tp_tunnel_create+0x2cf/0x460 [ 634.771726][T15523] ? l2tp_tunnel_create+0x37d/0x460 [ 634.771751][T15523] l2tp_nl_cmd_tunnel_create+0x44e/0x990 [ 634.771788][T15523] ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10 [ 634.771830][T15523] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 634.771862][T15523] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 634.771896][T15523] genl_family_rcv_msg_doit+0x209/0x2f0 [ 634.771925][T15523] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 634.771953][T15523] ? trace_cap_capable+0x18d/0x200 [ 634.771994][T15523] ? bpf_lsm_capable+0x9/0x10 [ 634.772022][T15523] ? security_capable+0x7e/0x260 [ 634.772059][T15523] ? ns_capable+0xd7/0x110 [ 634.772081][T15523] genl_rcv_msg+0x55c/0x800 [ 634.772109][T15523] ? __pfx_genl_rcv_msg+0x10/0x10 [ 634.772137][T15523] ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10 [ 634.772179][T15523] netlink_rcv_skb+0x158/0x420 [ 634.772202][T15523] ? __pfx_genl_rcv_msg+0x10/0x10 [ 634.772230][T15523] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 634.772259][T15523] ? netlink_deliver_tap+0x1ae/0xd30 [ 634.772282][T15523] genl_rcv+0x28/0x40 [ 634.772305][T15523] netlink_unicast+0x53a/0x7f0 [ 634.772331][T15523] ? __pfx_netlink_unicast+0x10/0x10 [ 634.772358][T15523] netlink_sendmsg+0x8d1/0xdd0 [ 634.772383][T15523] ? __pfx_netlink_sendmsg+0x10/0x10 [ 634.772411][T15523] ____sys_sendmsg+0xa98/0xc70 [ 634.772437][T15523] ? copy_msghdr_from_user+0x10a/0x160 [ 634.772476][T15523] ? __pfx_____sys_sendmsg+0x10/0x10 [ 634.772500][T15523] ? __pfx_kstrtouint+0x10/0x10 [ 634.772528][T15523] ? kstrtouint_from_user+0x13c/0x1d0 [ 634.772556][T15523] ___sys_sendmsg+0x134/0x1d0 [ 634.772590][T15523] ? __pfx____sys_sendmsg+0x10/0x10 [ 634.772630][T15523] ? rcu_is_watching+0x12/0xc0 [ 634.772662][T15523] __sys_sendmsg+0x16d/0x220 [ 634.772697][T15523] ? __pfx___sys_sendmsg+0x10/0x10 [ 634.772740][T15523] do_syscall_64+0xcd/0x490 [ 634.772776][T15523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.772799][T15523] RIP: 0033:0x7f44c678e929 [ 634.772816][T15523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 634.772839][T15523] RSP: 002b:00007f44c7537038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 634.772860][T15523] RAX: ffffffffffffffda RBX: 00007f44c69b5fa0 RCX: 00007f44c678e929 [ 634.772874][T15523] RDX: 0000000000008000 RSI: 0000200000000140 RDI: 0000000000000003 [ 634.772888][T15523] RBP: 00007f44c7537090 R08: 0000000000000000 R09: 0000000000000000 [ 634.772902][T15523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 634.772916][T15523] R13: 0000000000000000 R14: 00007f44c69b5fa0 R15: 00007fff42cd9028 [ 634.772937][T15523] [ 635.434348][T15525] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2286'. [ 635.445811][T15525] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2286'. [ 635.651640][ T7976] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 637.454173][T15577] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2298'. [ 637.532797][T15577] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2298'. [ 637.908493][T15584] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 639.316744][T15610] FAULT_INJECTION: forcing a failure. [ 639.316744][T15610] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 639.316779][T15610] CPU: 1 UID: 0 PID: 15610 Comm: syz.3.2307 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 639.316813][T15610] Tainted: [U]=USER [ 639.316820][T15610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 639.316834][T15610] Call Trace: [ 639.316841][T15610] [ 639.316848][T15610] dump_stack_lvl+0x16c/0x1f0 [ 639.316905][T15610] should_fail_ex+0x512/0x640 [ 639.316941][T15610] _copy_to_user+0x32/0xd0 [ 639.316978][T15610] simple_read_from_buffer+0xcb/0x170 [ 639.317009][T15610] proc_fail_nth_read+0x197/0x270 [ 639.317035][T15610] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 639.317061][T15610] ? security_file_permission+0x71/0x210 [ 639.317093][T15610] ? rw_verify_area+0xcf/0x680 [ 639.317122][T15610] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 639.317148][T15610] vfs_read+0x1e4/0xc60 [ 639.317182][T15610] ? __pfx___mutex_lock+0x10/0x10 [ 639.317218][T15610] ? __pfx_vfs_read+0x10/0x10 [ 639.317261][T15610] ? __fget_files+0x204/0x3c0 [ 639.317292][T15610] ? rcu_is_watching+0x12/0xc0 [ 639.317318][T15610] ? __fget_files+0x20e/0x3c0 [ 639.317353][T15610] ksys_read+0x12a/0x250 [ 639.317385][T15610] ? __pfx_ksys_read+0x10/0x10 [ 639.317418][T15610] ? fput+0x70/0xf0 [ 639.317440][T15610] do_syscall_64+0xcd/0x490 [ 639.317477][T15610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.317501][T15610] RIP: 0033:0x7f44c678d33c [ 639.317518][T15610] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 639.317542][T15610] RSP: 002b:00007f44c7537030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 639.317564][T15610] RAX: ffffffffffffffda RBX: 00007f44c69b5fa0 RCX: 00007f44c678d33c [ 639.317580][T15610] RDX: 000000000000000f RSI: 00007f44c75370a0 RDI: 0000000000000004 [ 639.317594][T15610] RBP: 00007f44c7537090 R08: 0000000000000000 R09: 0000000000000000 [ 639.317608][T15610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 639.317622][T15610] R13: 0000000000000000 R14: 00007f44c69b5fa0 R15: 00007fff42cd9028 [ 639.317644][T15610] [ 639.476032][T15613] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2308'. [ 639.486258][T15613] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2308'. [ 639.816836][T15623] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2310'. [ 639.817170][T15623] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2310'. [ 641.012645][T15647] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2318'. [ 641.018499][T15647] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2318'. [ 641.594046][ T7936] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 641.594252][ T7936] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 641.594433][ T7936] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 641.594886][ T7936] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 641.595202][ T7936] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 641.981030][T15659] chnl_net:caif_netlink_parms(): no params data found [ 642.301989][T15659] bridge0: port 1(bridge_slave_0) entered blocking state [ 642.302092][T15659] bridge0: port 1(bridge_slave_0) entered disabled state [ 642.302191][T15659] bridge_slave_0: entered allmulticast mode [ 642.304920][T15659] bridge_slave_0: entered promiscuous mode [ 642.306531][T15659] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.306607][T15659] bridge0: port 2(bridge_slave_1) entered disabled state [ 642.306694][T15659] bridge_slave_1: entered allmulticast mode [ 642.307383][T15659] bridge_slave_1: entered promiscuous mode [ 642.437622][T15659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 642.439198][T15659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 642.469046][T15684] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2328'. [ 642.529421][T15685] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2328'. [ 642.553302][T15659] team0: Port device team_slave_0 added [ 642.555147][T15659] team0: Port device team_slave_1 added [ 642.688720][T15659] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 642.688739][T15659] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 642.688780][T15659] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 642.689650][T15659] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 642.689665][T15659] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 642.689701][T15659] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 642.936897][T15659] hsr_slave_0: entered promiscuous mode [ 642.937398][T15659] hsr_slave_1: entered promiscuous mode [ 642.937725][T15659] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 642.937740][T15659] Cannot create hsr debugfs directory [ 643.366589][T15659] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.425165][T15692] caif:caif_disconnect_client(): nothing to disconnect [ 643.540490][T15659] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.605940][ T7936] Bluetooth: hci2: command tx timeout [ 643.707128][ C1] vkms_vblank_simulate: vblank timer overrun [ 643.775791][T15659] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.867168][T15659] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.029692][T15659] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 644.032746][T15659] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 644.037825][T15659] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 644.047004][T15659] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 644.260545][T15659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 644.285252][T15659] 8021q: adding VLAN 0 to HW filter on device team0 [ 644.337009][ T9216] bridge0: port 1(bridge_slave_0) entered blocking state [ 644.337071][ T9216] bridge0: port 1(bridge_slave_0) entered forwarding state [ 644.338173][ T9216] bridge0: port 2(bridge_slave_1) entered blocking state [ 644.338223][ T9216] bridge0: port 2(bridge_slave_1) entered forwarding state [ 644.372790][T15659] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 644.800137][T15659] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 644.918172][T15659] veth0_vlan: entered promiscuous mode [ 644.921160][T15659] veth1_vlan: entered promiscuous mode [ 645.016141][T15659] veth0_macvtap: entered promiscuous mode [ 645.017901][T15659] veth1_macvtap: entered promiscuous mode [ 645.074992][T15659] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 645.081424][T15659] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 645.083085][T15659] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.083122][T15659] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.083155][T15659] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.083187][T15659] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.235801][T15659] ieee80211 phy19: Selected rate control algorithm 'minstrel_ht' [ 645.324199][T15659] ieee80211 phy20: Selected rate control algorithm 'minstrel_ht' [ 645.326946][ T9217] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.326968][ T9217] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 645.426772][ T6928] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.426792][ T6928] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 645.684427][ T7936] Bluetooth: hci2: command tx timeout [ 646.267578][T15733] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2338'. [ 646.390981][T15741] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2338'. [ 647.098971][T15760] sp0: Synchronizing with TNC [ 647.270848][T15757] ima: policy update failed [ 647.309752][ T30] audit: type=1802 audit(4294968771.890:34): pid=15757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2345" res=0 errno=0 [ 647.763961][ T7936] Bluetooth: hci2: command tx timeout [ 647.773556][T15784] FAULT_INJECTION: forcing a failure. [ 647.773556][T15784] name failslab, interval 1, probability 0, space 0, times 0 [ 647.828471][T15784] CPU: 1 UID: 0 PID: 15784 Comm: syz.0.2347 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 647.828511][T15784] Tainted: [U]=USER [ 647.828520][T15784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 647.828534][T15784] Call Trace: [ 647.828542][T15784] [ 647.828550][T15784] dump_stack_lvl+0x16c/0x1f0 [ 647.828590][T15784] should_fail_ex+0x512/0x640 [ 647.828627][T15784] should_failslab+0xc2/0x120 [ 647.828650][T15784] __kmalloc_cache_noprof+0x6a/0x3e0 [ 647.828683][T15784] ? fuse_dev_alloc+0x48/0x280 [ 647.828718][T15784] fuse_dev_alloc+0x48/0x280 [ 647.828753][T15784] fuse_dev_alloc_install+0x13/0x40 [ 647.828796][T15784] cuse_channel_open+0x100/0x7f0 [ 647.828828][T15784] ? __pfx_cuse_channel_open+0x10/0x10 [ 647.828860][T15784] misc_open+0x35d/0x420 [ 647.828890][T15784] ? __pfx_misc_open+0x10/0x10 [ 647.828917][T15784] chrdev_open+0x231/0x6a0 [ 647.828953][T15784] ? __pfx_apparmor_file_open+0x10/0x10 [ 647.828984][T15784] ? __pfx_chrdev_open+0x10/0x10 [ 647.829021][T15784] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 647.829056][T15784] do_dentry_open+0x744/0x1c10 [ 647.829091][T15784] ? __pfx_chrdev_open+0x10/0x10 [ 647.829149][T15784] vfs_open+0x82/0x3f0 [ 647.829175][T15784] path_openat+0x1de4/0x2cb0 [ 647.829214][T15784] ? __pfx_path_openat+0x10/0x10 [ 647.829257][T15784] do_filp_open+0x20b/0x470 [ 647.829292][T15784] ? __pfx_do_filp_open+0x10/0x10 [ 647.829337][T15784] ? alloc_fd+0x471/0x7d0 [ 647.829373][T15784] do_sys_openat2+0x11b/0x1d0 [ 647.829399][T15784] ? __pfx_do_sys_openat2+0x10/0x10 [ 647.829431][T15784] __x64_sys_openat+0x174/0x210 [ 647.829459][T15784] ? __pfx___x64_sys_openat+0x10/0x10 [ 647.829493][T15784] do_syscall_64+0xcd/0x490 [ 647.829532][T15784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.829557][T15784] RIP: 0033:0x7f608438e929 [ 647.829576][T15784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 647.829600][T15784] RSP: 002b:00007f60851c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 647.829624][T15784] RAX: ffffffffffffffda RBX: 00007f60845b6080 RCX: 00007f608438e929 [ 647.829640][T15784] RDX: 00000000001c5041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 647.829657][T15784] RBP: 00007f6084410b39 R08: 0000000000000000 R09: 0000000000000000 [ 647.829673][T15784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 647.829688][T15784] R13: 0000000000000000 R14: 00007f60845b6080 R15: 00007ffc74faa3d8 [ 647.829711][T15784] [ 648.597869][T15803] vhci_hcd: invalid port number 16 [ 648.642427][T15777] ima: policy update failed [ 648.651807][ T30] audit: type=1802 audit(4294968773.230:35): pid=15777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2347" res=0 errno=0 [ 648.811918][T15807] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2352'. [ 648.881066][T15807] ipvlan1: entered allmulticast mode [ 648.896526][T15807] veth0_vlan: entered allmulticast mode [ 648.929337][T15809] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2352'. [ 649.840832][T15837] block nbd9: NBD_DISCONNECT [ 649.845742][ T7936] Bluetooth: hci2: command tx timeout [ 649.883563][T15837] block nbd9: Send disconnect failed -22 [ 649.924910][T15837] block nbd9: Disconnected due to user request. [ 649.985497][T15837] block nbd9: shutting down sockets [ 650.602059][T15866] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2363'. [ 650.665940][T15866] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2363'. [ 650.831064][T15840] caif:caif_disconnect_client(): nothing to disconnect [ 651.038647][T15873] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2372'. [ 651.126546][T15873] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2372'. [ 652.255671][ T7936] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 652.262901][ T7936] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 652.271678][ T7936] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 652.280969][ T7936] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 652.292801][ T7936] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 652.489080][T15910] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2376'. [ 652.510754][T15907] FAULT_INJECTION: forcing a failure. [ 652.510754][T15907] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 652.544024][T15910] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2376'. [ 652.571746][T15907] CPU: 1 UID: 0 PID: 15907 Comm: syz.0.2375 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 652.571795][T15907] Tainted: [U]=USER [ 652.571803][T15907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 652.571816][T15907] Call Trace: [ 652.571823][T15907] [ 652.571831][T15907] dump_stack_lvl+0x16c/0x1f0 [ 652.571868][T15907] should_fail_ex+0x512/0x640 [ 652.571902][T15907] should_fail_alloc_page+0xe7/0x130 [ 652.571923][T15907] prepare_alloc_pages+0x3c2/0x610 [ 652.571949][T15907] ? rcu_is_watching+0x12/0xc0 [ 652.571971][T15907] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 652.572005][T15907] ? rcu_is_watching+0x12/0xc0 [ 652.572026][T15907] ? is_bpf_text_address+0x8a/0x1a0 [ 652.572055][T15907] ? rcu_is_watching+0x12/0xc0 [ 652.572075][T15907] ? lock_release+0x201/0x2f0 [ 652.572101][T15907] ? bpf_ksym_find+0x124/0x1c0 [ 652.572124][T15907] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 652.572150][T15907] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 652.572184][T15907] ? __kernel_text_address+0xd/0x40 [ 652.572217][T15907] ? unwind_get_return_address+0x59/0xa0 [ 652.572252][T15907] ? arch_stack_walk+0xa6/0x100 [ 652.572291][T15907] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 652.572325][T15907] ? policy_nodemask+0xea/0x4e0 [ 652.572360][T15907] alloc_pages_mpol+0x1fb/0x550 [ 652.572380][T15907] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 652.572398][T15907] ? __kasan_slab_alloc+0x89/0x90 [ 652.572471][T15907] ? mas_alloc_nodes+0x18b/0x8b0 [ 652.572501][T15907] ? mas_node_count_gfp+0x105/0x130 [ 652.572533][T15907] ? mas_preallocate+0x7e0/0xde0 [ 652.572554][T15907] ? mas_next_node+0x7e0/0xf50 [ 652.572587][T15907] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 652.572626][T15907] alloc_pages_noprof+0x131/0x390 [ 652.572648][T15907] __pud_alloc+0x3b/0x750 [ 652.572676][T15907] __handle_mm_fault+0xc87/0x5490 [ 652.572711][T15907] ? __pfx___handle_mm_fault+0x10/0x10 [ 652.572750][T15907] ? find_vma+0xbf/0x140 [ 652.572772][T15907] ? __pfx_find_vma+0x10/0x10 [ 652.572798][T15907] handle_mm_fault+0x589/0xd10 [ 652.572831][T15907] __get_user_pages+0x589/0x3b80 [ 652.572864][T15907] ? __pfx___get_user_pages+0x10/0x10 [ 652.572892][T15907] ? rcu_is_watching+0x12/0xc0 [ 652.572918][T15907] get_user_pages_remote+0x258/0xb20 [ 652.572949][T15907] ? __pfx_get_user_pages_remote+0x10/0x10 [ 652.572976][T15907] ? __pfx_vma_link+0x10/0x10 [ 652.573017][T15907] get_arg_page+0xf4/0x310 [ 652.573048][T15907] ? __pfx_get_arg_page+0x10/0x10 [ 652.573078][T15907] ? up_write+0x1b2/0x520 [ 652.573111][T15907] ? insert_vm_struct+0x10c/0x2d0 [ 652.573151][T15907] copy_string_kernel+0x180/0x510 [ 652.573186][T15907] do_execveat_common.isra.0+0x2ed/0x610 [ 652.573223][T15907] __x64_sys_execveat+0xda/0x120 [ 652.573257][T15907] do_syscall_64+0xcd/0x490 [ 652.573295][T15907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.573320][T15907] RIP: 0033:0x7f608438e929 [ 652.573338][T15907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 652.573364][T15907] RSP: 002b:00007f60851e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 652.573387][T15907] RAX: ffffffffffffffda RBX: 00007f60845b5fa0 RCX: 00007f608438e929 [ 652.573404][T15907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 652.573418][T15907] RBP: 00007f60851e5090 R08: 0000000000011000 R09: 0000000000000000 [ 652.573442][T15907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 652.573456][T15907] R13: 0000000000000000 R14: 00007f60845b5fa0 R15: 00007ffc74faa3d8 [ 652.573479][T15907] [ 653.507514][T15917] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2378'. [ 653.560262][T15904] chnl_net:caif_netlink_parms(): no params data found [ 653.602515][T15917] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2378'. [ 653.998003][T15904] bridge0: port 1(bridge_slave_0) entered blocking state [ 654.023598][T15904] bridge0: port 1(bridge_slave_0) entered disabled state [ 654.048861][T15904] bridge_slave_0: entered allmulticast mode [ 654.062620][T15904] bridge_slave_0: entered promiscuous mode [ 654.105304][T15904] bridge0: port 2(bridge_slave_1) entered blocking state [ 654.144988][T15904] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.152183][T15904] bridge_slave_1: entered allmulticast mode [ 654.188097][T15904] bridge_slave_1: entered promiscuous mode [ 654.248294][T15904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 654.259036][T15938] FAULT_INJECTION: forcing a failure. [ 654.259036][T15938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 654.287070][T15904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 654.305996][T15938] CPU: 1 UID: 0 PID: 15938 Comm: syz.0.2381 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 654.306031][T15938] Tainted: [U]=USER [ 654.306039][T15938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 654.306051][T15938] Call Trace: [ 654.306058][T15938] [ 654.306065][T15938] dump_stack_lvl+0x16c/0x1f0 [ 654.306101][T15938] should_fail_ex+0x512/0x640 [ 654.306134][T15938] _copy_from_user+0x2e/0xd0 [ 654.306167][T15938] do_fcntl+0xba2/0x15a0 [ 654.306188][T15938] ? __pfx_do_fcntl+0x10/0x10 [ 654.306211][T15938] ? tomoyo_file_fcntl+0x6c/0xc0 [ 654.306247][T15938] __x64_sys_fcntl+0x163/0x200 [ 654.306270][T15938] do_syscall_64+0xcd/0x490 [ 654.306303][T15938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.306326][T15938] RIP: 0033:0x7f608438e929 [ 654.306347][T15938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.306368][T15938] RSP: 002b:00007f60851c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 654.306392][T15938] RAX: ffffffffffffffda RBX: 00007f60845b6080 RCX: 00007f608438e929 [ 654.306407][T15938] RDX: 0000000000000008 RSI: 0000000000000026 RDI: 8000000000000001 [ 654.306421][T15938] RBP: 00007f60851c4090 R08: 0000000000000000 R09: 0000000000000000 [ 654.306435][T15938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 654.306448][T15938] R13: 0000000000000000 R14: 00007f60845b6080 R15: 00007ffc74faa3d8 [ 654.306468][T15938] [ 654.473498][ T7936] Bluetooth: hci3: command tx timeout [ 654.542708][T15904] team0: Port device team_slave_0 added [ 654.549992][T15904] team0: Port device team_slave_1 added [ 654.629787][T15904] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 654.638668][T15904] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 654.709430][T15904] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 654.785838][T15904] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 654.812597][T15904] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 654.876398][T15904] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 655.042805][T15904] hsr_slave_0: entered promiscuous mode [ 655.068962][T15904] hsr_slave_1: entered promiscuous mode [ 655.081768][T15904] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 655.100964][T15904] Cannot create hsr debugfs directory [ 655.375699][T15904] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.437595][T15904] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.559628][T15904] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.655789][T15904] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.815608][T15904] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 655.847491][T15904] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 655.875837][T15904] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 655.893157][T15950] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 655.903882][T15950] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 655.919863][T15904] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 655.935652][T15950] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 655.965104][T15950] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 656.000789][T15950] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 656.022010][T15950] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 656.051725][T15950] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 656.090040][T15950] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 656.147602][T15904] 8021q: adding VLAN 0 to HW filter on device bond0 [ 656.173726][T15950] CPU0 is offline. [ 656.214136][T15949] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 656.222769][T15904] 8021q: adding VLAN 0 to HW filter on device team0 [ 656.240075][T15949] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 656.258253][ T6928] bridge0: port 1(bridge_slave_0) entered blocking state [ 656.265470][ T6928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 656.293962][T15949] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 656.300002][T15949] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 656.328834][ T9217] bridge0: port 2(bridge_slave_1) entered blocking state [ 656.335993][ T9217] bridge0: port 2(bridge_slave_1) entered forwarding state [ 656.355029][T15949] CPU0 is offline. [ 656.981985][T15979] FAULT_INJECTION: forcing a failure. [ 656.981985][T15979] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 657.038707][T15979] CPU: 1 UID: 0 PID: 15979 Comm: syz.5.2389 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 657.038746][T15979] Tainted: [U]=USER [ 657.038754][T15979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 657.038768][T15979] Call Trace: [ 657.038775][T15979] [ 657.038784][T15979] dump_stack_lvl+0x16c/0x1f0 [ 657.038821][T15979] should_fail_ex+0x512/0x640 [ 657.038856][T15979] _copy_from_iter+0x29f/0x16f0 [ 657.038893][T15979] ? __alloc_skb+0x200/0x380 [ 657.038926][T15979] ? __pfx__copy_from_iter+0x10/0x10 [ 657.038961][T15979] ? rcu_watching_snap_stopped_since+0x80/0x110 [ 657.038988][T15979] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 657.039017][T15979] netlink_sendmsg+0x829/0xdd0 [ 657.039043][T15979] ? __pfx_netlink_sendmsg+0x10/0x10 [ 657.039072][T15979] ____sys_sendmsg+0xa98/0xc70 [ 657.039098][T15979] ? copy_msghdr_from_user+0x10a/0x160 [ 657.039132][T15979] ? __pfx_____sys_sendmsg+0x10/0x10 [ 657.039169][T15979] ? __pfx_kstrtouint+0x10/0x10 [ 657.039203][T15979] ? kstrtouint_from_user+0x13c/0x1d0 [ 657.039235][T15979] ___sys_sendmsg+0x134/0x1d0 [ 657.039269][T15979] ? __pfx____sys_sendmsg+0x10/0x10 [ 657.039328][T15979] ? rcu_is_watching+0x12/0xc0 [ 657.039360][T15979] __sys_sendmsg+0x16d/0x220 [ 657.039396][T15979] ? __pfx___sys_sendmsg+0x10/0x10 [ 657.039442][T15979] do_syscall_64+0xcd/0x490 [ 657.039479][T15979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.039504][T15979] RIP: 0033:0x7f01fa18e929 [ 657.039521][T15979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 657.039545][T15979] RSP: 002b:00007f01faf5e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 657.039567][T15979] RAX: ffffffffffffffda RBX: 00007f01fa3b5fa0 RCX: 00007f01fa18e929 [ 657.039584][T15979] RDX: 0000000000000000 RSI: 0000200000006200 RDI: 0000000000000007 [ 657.039599][T15979] RBP: 00007f01faf5e090 R08: 0000000000000000 R09: 0000000000000000 [ 657.039614][T15979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 657.039629][T15979] R13: 0000000000000000 R14: 00007f01fa3b5fa0 R15: 00007ffe1afc0018 [ 657.039651][T15979] [ 657.597253][T15904] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 657.629440][T15904] veth0_vlan: entered promiscuous mode [ 657.666066][T15904] veth1_vlan: entered promiscuous mode [ 657.719978][T15904] veth0_macvtap: entered promiscuous mode [ 657.739760][T15904] veth1_macvtap: entered promiscuous mode [ 657.762792][T15904] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 657.794448][T15904] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 657.812031][T15904] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 657.831566][T15904] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 657.902900][T15904] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 658.226119][T15904] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 658.245300][ T7732] Bluetooth: hci1: command 0x0406 tx timeout [ 658.251495][ T7936] Bluetooth: hci0: command 0x0406 tx timeout [ 658.327430][ T7732] Bluetooth: hci3: command 0x040f tx timeout [ 658.333765][ T7936] Bluetooth: hci2: command 0x0c1a tx timeout [ 658.751592][T15904] ieee80211 phy21: Selected rate control algorithm 'minstrel_ht' [ 658.891060][ T6928] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 658.923816][ T6928] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 658.960115][T15904] ieee80211 phy22: Selected rate control algorithm 'minstrel_ht' [ 659.121717][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 659.151486][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 660.034768][T16031] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2402'. [ 660.151403][T16035] FAULT_INJECTION: forcing a failure. [ 660.151403][T16035] name failslab, interval 1, probability 0, space 0, times 0 [ 660.168045][T16023] overlayfs: missing 'lowerdir' [ 660.210001][T16035] CPU: 1 UID: 0 PID: 16035 Comm: syz.5.2401 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 660.210043][T16035] Tainted: [U]=USER [ 660.210051][T16035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 660.210067][T16035] Call Trace: [ 660.210074][T16035] [ 660.210093][T16035] dump_stack_lvl+0x16c/0x1f0 [ 660.210133][T16035] should_fail_ex+0x512/0x640 [ 660.210171][T16035] should_failslab+0xc2/0x120 [ 660.210194][T16035] __kmalloc_cache_noprof+0x6a/0x3e0 [ 660.210228][T16035] ? tomoyo_find_next_domain+0xfd/0x20b0 [ 660.210255][T16035] tomoyo_find_next_domain+0xfd/0x20b0 [ 660.210281][T16035] ? __pfx___kernel_read+0x10/0x10 [ 660.210318][T16035] ? __pfx_tomoyo_find_next_domain+0x10/0x10 [ 660.210344][T16035] ? lock_acquire+0x2cd/0x350 [ 660.210376][T16035] ? bpf_lsm_file_permission+0x9/0x10 [ 660.210402][T16035] ? security_file_permission+0x71/0x210 [ 660.210436][T16035] tomoyo_bprm_check_security+0x12e/0x1d0 [ 660.210488][T16035] ? tomoyo_bprm_check_security+0x120/0x1d0 [ 660.210527][T16035] security_bprm_check+0x1b9/0x1e0 [ 660.210549][T16035] bprm_execve+0x810/0x1650 [ 660.210582][T16035] ? __pfx_bprm_execve+0x10/0x10 [ 660.210613][T16035] ? copy_string_kernel+0x444/0x510 [ 660.210651][T16035] do_execveat_common.isra.0+0x4a5/0x610 [ 660.210687][T16035] __x64_sys_execve+0x8e/0xb0 [ 660.210720][T16035] do_syscall_64+0xcd/0x490 [ 660.210757][T16035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.210781][T16035] RIP: 0033:0x7f01fa18e929 [ 660.210799][T16035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 660.210822][T16035] RSP: 002b:00007f01faf3d038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 660.210844][T16035] RAX: ffffffffffffffda RBX: 00007f01fa3b6080 RCX: 00007f01fa18e929 [ 660.210861][T16035] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 660.210876][T16035] RBP: 00007f01fa210b39 R08: 0000000000000000 R09: 0000000000000000 [ 660.210890][T16035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 660.210905][T16035] R13: 0000000000000000 R14: 00007f01fa3b6080 R15: 00007ffe1afc0018 [ 660.210927][T16035] [ 660.431440][ C1] vkms_vblank_simulate: vblank timer overrun [ 660.516190][ T7936] Bluetooth: hci2: command 0x0c1a tx timeout [ 660.522323][ T7936] Bluetooth: hci3: command 0x040f tx timeout [ 661.199877][T16059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2408'. [ 661.852573][T16062] syz.5.2409 (16062): drop_caches: 0 [ 662.563526][ T7732] Bluetooth: hci3: command 0x040f tx timeout [ 662.569678][ T7936] Bluetooth: hci2: command 0x0c1a tx timeout [ 662.924882][T16096] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2418'. [ 662.945003][T16096] IPv6: NLM_F_CREATE should be specified when creating new route [ 663.394179][T16101] caif:caif_disconnect_client(): nothing to disconnect [ 663.591543][T16117] FAULT_INJECTION: forcing a failure. [ 663.591543][T16117] name fail_futex, interval 1, probability 0, space 0, times 0 [ 663.714157][T16117] CPU: 1 UID: 0 PID: 16117 Comm: syz.0.2425 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 663.714199][T16117] Tainted: [U]=USER [ 663.714208][T16117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 663.714223][T16117] Call Trace: [ 663.714244][T16117] [ 663.714253][T16117] dump_stack_lvl+0x16c/0x1f0 [ 663.714292][T16117] should_fail_ex+0x512/0x640 [ 663.714329][T16117] get_futex_key+0x1d0/0x1540 [ 663.714357][T16117] ? __pfx_get_futex_key+0x10/0x10 [ 663.714389][T16117] futex_wake+0xea/0x530 [ 663.714422][T16117] ? rcu_is_watching+0x12/0xc0 [ 663.714446][T16117] ? __pfx_futex_wake+0x10/0x10 [ 663.714480][T16117] ? kmem_cache_free+0x2d1/0x4d0 [ 663.714514][T16117] ? putname+0x154/0x1a0 [ 663.714538][T16117] do_futex+0x1e3/0x350 [ 663.714565][T16117] ? __pfx_do_futex+0x10/0x10 [ 663.714598][T16117] __x64_sys_futex+0x1e0/0x4c0 [ 663.714633][T16117] ? __x64_sys_openat+0x174/0x210 [ 663.714660][T16117] ? __pfx___x64_sys_futex+0x10/0x10 [ 663.714696][T16117] do_syscall_64+0xcd/0x490 [ 663.714734][T16117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.714759][T16117] RIP: 0033:0x7f608438e929 [ 663.714776][T16117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 663.714805][T16117] RSP: 002b:00007f60851c40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 663.714828][T16117] RAX: ffffffffffffffda RBX: 00007f60845b6088 RCX: 00007f608438e929 [ 663.714844][T16117] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f60845b608c [ 663.714859][T16117] RBP: 00007f60845b6080 R08: 00007f60851e6000 R09: 0000000000000000 [ 663.714874][T16117] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f60845b608c [ 663.714890][T16117] R13: 0000000000000000 R14: 00007ffc74faa2f0 R15: 00007ffc74faa3d8 [ 663.714912][T16117] [ 663.908663][ C1] vkms_vblank_simulate: vblank timer overrun [ 664.471347][T16130] caif:caif_disconnect_client(): nothing to disconnect [ 664.644335][ T7732] Bluetooth: hci3: command 0x040f tx timeout [ 665.308138][T16159] FAULT_INJECTION: forcing a failure. [ 665.308138][T16159] name failslab, interval 1, probability 0, space 0, times 0 [ 665.469775][T16159] CPU: 1 UID: 0 PID: 16159 Comm: syz.3.2437 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 665.469817][T16159] Tainted: [U]=USER [ 665.469825][T16159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 665.469840][T16159] Call Trace: [ 665.469848][T16159] [ 665.469856][T16159] dump_stack_lvl+0x16c/0x1f0 [ 665.469897][T16159] should_fail_ex+0x512/0x640 [ 665.469933][T16159] ? tomoyo_encode2+0x100/0x3e0 [ 665.469965][T16159] should_failslab+0xc2/0x120 [ 665.469988][T16159] __kmalloc_noprof+0xd2/0x510 [ 665.470024][T16159] ? d_absolute_path+0x136/0x1a0 [ 665.470050][T16159] tomoyo_encode2+0x100/0x3e0 [ 665.470084][T16159] tomoyo_encode+0x29/0x50 [ 665.470115][T16159] tomoyo_realpath_from_path+0x18f/0x6e0 [ 665.470153][T16159] tomoyo_path_number_perm+0x245/0x580 [ 665.470180][T16159] ? tomoyo_path_number_perm+0x237/0x580 [ 665.470209][T16159] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 665.470242][T16159] ? preempt_count_add+0x76/0x150 [ 665.470286][T16159] ? rcu_is_watching+0x12/0xc0 [ 665.470311][T16159] ? __fget_files+0x204/0x3c0 [ 665.470342][T16159] ? hook_file_ioctl_common+0x145/0x410 [ 665.470367][T16159] ? lock_release+0x201/0x2f0 [ 665.470399][T16159] ? __fget_files+0x20e/0x3c0 [ 665.470433][T16159] security_file_ioctl+0x9b/0x240 [ 665.470463][T16159] __x64_sys_ioctl+0xb7/0x210 [ 665.470491][T16159] do_syscall_64+0xcd/0x490 [ 665.470530][T16159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.470554][T16159] RIP: 0033:0x7fd0ccd8e929 [ 665.470572][T16159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 665.470596][T16159] RSP: 002b:00007fd0cdc74038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 665.470618][T16159] RAX: ffffffffffffffda RBX: 00007fd0ccfb5fa0 RCX: 00007fd0ccd8e929 [ 665.470635][T16159] RDX: 00002000000005c0 RSI: 000000004018bc13 RDI: 0000000000000003 [ 665.470650][T16159] RBP: 00007fd0cdc74090 R08: 0000000000000000 R09: 0000000000000000 [ 665.470665][T16159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 665.470686][T16159] R13: 0000000000000000 R14: 00007fd0ccfb5fa0 R15: 00007ffeaaa33408 [ 665.470708][T16159] [ 665.470724][T16159] ERROR: Out of memory at tomoyo_realpath_from_path. [ 665.740290][T16184] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2438'. [ 665.784321][T16184] FAULT_INJECTION: forcing a failure. [ 665.784321][T16184] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 665.822584][T16184] CPU: 1 UID: 0 PID: 16184 Comm: syz.0.2438 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 665.822624][T16184] Tainted: [U]=USER [ 665.822633][T16184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 665.822648][T16184] Call Trace: [ 665.822664][T16184] [ 665.822673][T16184] dump_stack_lvl+0x16c/0x1f0 [ 665.822715][T16184] should_fail_ex+0x512/0x640 [ 665.822752][T16184] should_fail_alloc_page+0xe7/0x130 [ 665.822777][T16184] prepare_alloc_pages+0x3c2/0x610 [ 665.822805][T16184] ? rcu_is_watching+0x12/0xc0 [ 665.822830][T16184] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 665.822867][T16184] ? kasan_save_stack+0x42/0x60 [ 665.822900][T16184] ? kasan_save_stack+0x33/0x60 [ 665.822935][T16184] ? css_rstat_updated+0x9d/0xd30 [ 665.822958][T16184] ? kasan_save_stack+0x42/0x60 [ 665.822992][T16184] ? __kasan_slab_alloc+0x89/0x90 [ 665.823038][T16184] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 665.823072][T16184] ? rcu_is_watching+0x12/0xc0 [ 665.823094][T16184] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 665.823128][T16184] ? __mod_zone_page_state+0xcc/0x1a0 [ 665.823156][T16184] ? lru_gen_add_folio+0x1a4/0xef0 [ 665.823192][T16184] ? rcu_is_watching+0x12/0xc0 [ 665.823213][T16184] ? lock_acquire+0x2cd/0x350 [ 665.823242][T16184] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 665.823276][T16184] ? policy_nodemask+0xea/0x4e0 [ 665.823313][T16184] alloc_pages_mpol+0x1fb/0x550 [ 665.823333][T16184] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 665.823352][T16184] ? lock_release+0x201/0x2f0 [ 665.823383][T16184] folio_alloc_mpol_noprof+0x36/0x2f0 [ 665.823409][T16184] vma_alloc_folio_noprof+0xed/0x1e0 [ 665.823433][T16184] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 665.823458][T16184] ? __handle_mm_fault+0x1092/0x5490 [ 665.823486][T16184] ? rcu_is_watching+0x12/0xc0 [ 665.823507][T16184] ? lock_release+0x201/0x2f0 [ 665.823537][T16184] __handle_mm_fault+0x2f21/0x5490 [ 665.823569][T16184] ? __pfx___handle_mm_fault+0x10/0x10 [ 665.823598][T16184] ? __pte_offset_map_lock+0x174/0x310 [ 665.823625][T16184] ? follow_page_pte+0x3af/0x14c0 [ 665.823652][T16184] handle_mm_fault+0x589/0xd10 [ 665.823688][T16184] __get_user_pages+0x589/0x3b80 [ 665.823716][T16184] ? __pfx_mt_find+0x10/0x10 [ 665.823736][T16184] ? __pfx___get_user_pages+0x10/0x10 [ 665.823762][T16184] ? __pfx___might_resched+0x10/0x10 [ 665.823785][T16184] ? cap_capable+0xb3/0x250 [ 665.823806][T16184] populate_vma_page_range+0x278/0x3a0 [ 665.823834][T16184] ? __pfx_populate_vma_page_range+0x10/0x10 [ 665.823861][T16184] ? __pfx_find_vma_intersection+0x10/0x10 [ 665.823886][T16184] ? do_mmap+0x69c/0x1210 [ 665.823911][T16184] __mm_populate+0x1d8/0x380 [ 665.823937][T16184] ? __pfx___mm_populate+0x10/0x10 [ 665.823964][T16184] ? up_write+0x1b2/0x520 [ 665.823998][T16184] vm_mmap_pgoff+0x362/0x450 [ 665.824039][T16184] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 665.824065][T16184] ? __x64_sys_futex+0x1e0/0x4c0 [ 665.824094][T16184] ? __x64_sys_futex+0x1e9/0x4c0 [ 665.824124][T16184] ksys_mmap_pgoff+0x7d/0x5c0 [ 665.824148][T16184] ? xfd_validate_state+0x61/0x180 [ 665.824181][T16184] __x64_sys_mmap+0x125/0x190 [ 665.824215][T16184] do_syscall_64+0xcd/0x490 [ 665.824252][T16184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.824277][T16184] RIP: 0033:0x7f608438e929 [ 665.824295][T16184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 665.824318][T16184] RSP: 002b:00007f60851e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 665.824341][T16184] RAX: ffffffffffffffda RBX: 00007f60845b5fa0 RCX: 00007f608438e929 [ 665.824357][T16184] RDX: 0000000000000003 RSI: 0000000000040009 RDI: 0000000000000000 [ 665.824372][T16184] RBP: 00007f6084410b39 R08: 0000000000000007 R09: 0000000000028000 [ 665.824387][T16184] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 665.824402][T16184] R13: 0000000000000000 R14: 00007f60845b5fa0 R15: 00007ffc74faa3d8 [ 665.824424][T16184] [ 666.286747][ T7732] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 666.322849][T16186] FAULT_INJECTION: forcing a failure. [ 666.322849][T16186] name failslab, interval 1, probability 0, space 0, times 0 [ 666.344985][T16186] CPU: 1 UID: 0 PID: 16186 Comm: syz.5.2440 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 666.345021][T16186] Tainted: [U]=USER [ 666.345029][T16186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 666.345043][T16186] Call Trace: [ 666.345050][T16186] [ 666.345059][T16186] dump_stack_lvl+0x16c/0x1f0 [ 666.345097][T16186] should_fail_ex+0x512/0x640 [ 666.345131][T16186] should_failslab+0xc2/0x120 [ 666.345151][T16186] __kmalloc_cache_noprof+0x6a/0x3e0 [ 666.345181][T16186] ? _raw_spin_unlock+0x28/0x50 [ 666.345210][T16186] ? snd_rawmidi_open+0x3c3/0xbf0 [ 666.345240][T16186] snd_rawmidi_open+0x3c3/0xbf0 [ 666.345270][T16186] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 666.345298][T16186] ? rcu_is_watching+0x12/0xc0 [ 666.345323][T16186] ? kobject_get_unless_zero+0x156/0x1e0 [ 666.345361][T16186] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 666.345389][T16186] snd_open+0x1fe/0x450 [ 666.345424][T16186] ? __pfx_snd_open+0x10/0x10 [ 666.345458][T16186] chrdev_open+0x231/0x6a0 [ 666.345492][T16186] ? __pfx_apparmor_file_open+0x10/0x10 [ 666.345521][T16186] ? __pfx_chrdev_open+0x10/0x10 [ 666.345556][T16186] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 666.345588][T16186] do_dentry_open+0x744/0x1c10 [ 666.345621][T16186] ? __pfx_chrdev_open+0x10/0x10 [ 666.345664][T16186] vfs_open+0x82/0x3f0 [ 666.345688][T16186] path_openat+0x1de4/0x2cb0 [ 666.345724][T16186] ? __pfx_path_openat+0x10/0x10 [ 666.345760][T16186] do_filp_open+0x20b/0x470 [ 666.345791][T16186] ? __pfx_do_filp_open+0x10/0x10 [ 666.345832][T16186] ? alloc_fd+0x471/0x7d0 [ 666.345882][T16186] do_sys_openat2+0x11b/0x1d0 [ 666.345906][T16186] ? __pfx_do_sys_openat2+0x10/0x10 [ 666.345936][T16186] __x64_sys_openat+0x174/0x210 [ 666.345961][T16186] ? __pfx___x64_sys_openat+0x10/0x10 [ 666.345992][T16186] do_syscall_64+0xcd/0x490 [ 666.346027][T16186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.346051][T16186] RIP: 0033:0x7f01fa18e929 [ 666.346068][T16186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.346090][T16186] RSP: 002b:00007f01faf5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 666.346111][T16186] RAX: ffffffffffffffda RBX: 00007f01fa3b5fa0 RCX: 00007f01fa18e929 [ 666.346126][T16186] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 666.346141][T16186] RBP: 00007f01fa210b39 R08: 0000000000000000 R09: 0000000000000000 [ 666.346155][T16186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 666.346169][T16186] R13: 0000000000000000 R14: 00007f01fa3b5fa0 R15: 00007ffe1afc0018 [ 666.346190][T16186] [ 666.695732][T16190] FAULT_INJECTION: forcing a failure. [ 666.695732][T16190] name fail_futex, interval 1, probability 0, space 0, times 0 [ 666.708577][T16190] CPU: 1 UID: 0 PID: 16190 Comm: syz.1.2439 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 666.708618][T16190] Tainted: [U]=USER [ 666.708626][T16190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 666.708640][T16190] Call Trace: [ 666.708648][T16190] [ 666.708656][T16190] dump_stack_lvl+0x16c/0x1f0 [ 666.708693][T16190] should_fail_ex+0x512/0x640 [ 666.708725][T16190] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 666.708762][T16190] get_futex_key+0x1d0/0x1540 [ 666.708788][T16190] ? __pfx_get_futex_key+0x10/0x10 [ 666.708813][T16190] ? __might_fault+0xe3/0x190 [ 666.708844][T16190] ? __might_fault+0x13b/0x190 [ 666.708875][T16190] ? rcu_is_watching+0x12/0xc0 [ 666.708897][T16190] ? __might_fault+0xe3/0x190 [ 666.708928][T16190] ? lock_release+0x201/0x2f0 [ 666.708958][T16190] futex_wake+0xea/0x530 [ 666.708987][T16190] ? bpf_lsm_bpf+0x9/0x10 [ 666.709012][T16190] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 666.709046][T16190] ? __pfx_futex_wake+0x10/0x10 [ 666.709079][T16190] ? kfree+0x24f/0x4d0 [ 666.709106][T16190] ? sock_common_setsockopt+0x2e/0xf0 [ 666.709131][T16190] do_futex+0x1e3/0x350 [ 666.709158][T16190] ? __pfx_do_futex+0x10/0x10 [ 666.709188][T16190] __x64_sys_futex+0x1e0/0x4c0 [ 666.709216][T16190] ? __pfx___x64_sys_futex+0x10/0x10 [ 666.709243][T16190] ? xfd_validate_state+0x61/0x180 [ 666.709271][T16190] ? __sys_setsockopt+0x140/0x1a0 [ 666.709344][T16190] do_syscall_64+0xcd/0x490 [ 666.709381][T16190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.709404][T16190] RIP: 0033:0x7fc58478e929 [ 666.709421][T16190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.709445][T16190] RSP: 002b:00007fc5855230e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 666.709466][T16190] RAX: ffffffffffffffda RBX: 00007fc5849b6088 RCX: 00007fc58478e929 [ 666.709483][T16190] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc5849b608c [ 666.709498][T16190] RBP: 00007fc5849b6080 R08: 00007fc585545000 R09: 0000000000000000 [ 666.709513][T16190] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fc5849b608c [ 666.709528][T16190] R13: 0000000000000000 R14: 00007ffe9e1bc280 R15: 00007ffe9e1bc368 [ 666.709550][T16190] [ 666.996711][ T7732] Bluetooth: hci3: command 0x040f tx timeout [ 667.254617][T16190] ================================================================== [ 667.254635][T16190] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 667.254682][T16190] Read of size 256 at addr ffff88807f566860 by task syz.1.2439/16190 [ 667.254703][T16190] [ 667.254716][T16190] CPU: 1 UID: 0 PID: 16190 Comm: syz.1.2439 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 667.254753][T16190] Tainted: [U]=USER [ 667.254761][T16190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 667.254777][T16190] Call Trace: [ 667.254784][T16190] [ 667.254793][T16190] dump_stack_lvl+0x116/0x1f0 [ 667.254832][T16190] print_report+0xcd/0x680 [ 667.254870][T16190] ? __virt_addr_valid+0x81/0x610 [ 667.254895][T16190] ? __phys_addr+0xe8/0x180 [ 667.254919][T16190] ? fbcon_prepare_logo+0xa03/0xc70 [ 667.254955][T16190] kasan_report+0xe0/0x110 [ 667.254977][T16190] ? fbcon_prepare_logo+0xa03/0xc70 [ 667.255028][T16190] kasan_check_range+0x100/0x1b0 [ 667.255053][T16190] __asan_memcpy+0x23/0x60 [ 667.255083][T16190] fbcon_prepare_logo+0xa03/0xc70 [ 667.255122][T16190] fbcon_init+0xd77/0x1900 [ 667.255156][T16190] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 667.255195][T16190] visual_init+0x320/0x620 [ 667.255223][T16190] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 667.255260][T16190] store_bind+0x61d/0x760 [ 667.255294][T16190] ? __pfx_store_bind+0x10/0x10 [ 667.255325][T16190] dev_attr_store+0x55/0x80 [ 667.255361][T16190] ? __pfx_dev_attr_store+0x10/0x10 [ 667.255397][T16190] sysfs_kf_write+0xef/0x150 [ 667.255424][T16190] kernfs_fop_write_iter+0x351/0x510 [ 667.255447][T16190] ? __pfx_sysfs_kf_write+0x10/0x10 [ 667.255475][T16190] vfs_write+0x6c7/0x1150 [ 667.255506][T16190] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 667.255530][T16190] ? __pfx___mutex_lock+0x10/0x10 [ 667.255565][T16190] ? __pfx_vfs_write+0x10/0x10 [ 667.255609][T16190] ksys_write+0x12a/0x250 [ 667.255641][T16190] ? __pfx_ksys_write+0x10/0x10 [ 667.255676][T16190] do_syscall_64+0xcd/0x490 [ 667.255712][T16190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.255736][T16190] RIP: 0033:0x7fc58478e929 [ 667.255753][T16190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 667.255776][T16190] RSP: 002b:00007fc585523038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 667.255797][T16190] RAX: ffffffffffffffda RBX: 00007fc5849b6080 RCX: 00007fc58478e929 [ 667.255813][T16190] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 667.255827][T16190] RBP: 00007fc584810b39 R08: 0000000000000000 R09: 0000000000000000 [ 667.255842][T16190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 667.255856][T16190] R13: 0000000000000000 R14: 00007fc5849b6080 R15: 00007ffe9e1bc368 [ 667.255878][T16190] [ 667.255886][T16190] [ 667.255892][T16190] Allocated by task 16033: [ 667.255903][T16190] kasan_save_stack+0x33/0x60 [ 667.255934][T16190] kasan_save_track+0x14/0x30 [ 667.255965][T16190] __kasan_kmalloc+0xaa/0xb0 [ 667.255995][T16190] __kmalloc_noprof+0x223/0x510 [ 667.256027][T16190] sk_prot_alloc+0x1a8/0x2a0 [ 667.256048][T16190] sk_alloc+0x36/0xc20 [ 667.256076][T16190] __netlink_create+0x5e/0x2c0 [ 667.256107][T16190] __netlink_kernel_create+0xed/0x750 [ 667.256128][T16190] xfrm_user_net_init+0xc6/0x190 [ 667.256153][T16190] ops_init+0x1df/0x5f0 [ 667.256186][T16190] setup_net+0x1ff/0x510 [ 667.256203][T16190] copy_net_ns+0x2a6/0x5f0 [ 667.256224][T16190] create_new_namespaces+0x3ea/0xa90 [ 667.256246][T16190] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 667.256279][T16190] ksys_unshare+0x45b/0xa40 [ 667.256304][T16190] __x64_sys_unshare+0x31/0x40 [ 667.256330][T16190] do_syscall_64+0xcd/0x490 [ 667.256360][T16190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.256398][T16190] [ 667.256403][T16190] Freed by task 16063: [ 667.256413][T16190] kasan_save_stack+0x33/0x60 [ 667.256444][T16190] kasan_save_track+0x14/0x30 [ 667.256475][T16190] kasan_save_free_info+0x3b/0x60 [ 667.256501][T16190] __kasan_slab_free+0x51/0x70 [ 667.256534][T16190] kfree+0x2b4/0x4d0 [ 667.256559][T16190] __sk_destruct+0x740/0x980 [ 667.256592][T16190] sk_destruct+0xc2/0xf0 [ 667.256621][T16190] __sk_free+0xf4/0x3e0 [ 667.256649][T16190] sk_free+0x6a/0x90 [ 667.256677][T16190] deferred_put_nlk_sk+0xc9/0x110 [ 667.256711][T16190] rcu_core+0x799/0x14e0 [ 667.256743][T16190] handle_softirqs+0x216/0x8e0 [ 667.256765][T16190] __irq_exit_rcu+0x109/0x170 [ 667.256786][T16190] irq_exit_rcu+0x9/0x30 [ 667.256807][T16190] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 667.256838][T16190] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 667.256861][T16190] [ 667.256867][T16190] Last potentially related work creation: [ 667.256875][T16190] kasan_save_stack+0x33/0x60 [ 667.256906][T16190] kasan_record_aux_stack+0xa7/0xc0 [ 667.256931][T16190] __call_rcu_common.constprop.0+0xa5/0xa10 [ 667.256983][T16190] netlink_release+0x12f4/0x2020 [ 667.257005][T16190] sock_release+0x91/0x1d0 [ 667.257029][T16190] netlink_kernel_release+0x4e/0x60 [ 667.257063][T16190] xfrm_user_net_exit+0x66/0xc0 [ 667.257086][T16190] ops_undo_list+0x363/0xab0 [ 667.257105][T16190] cleanup_net+0x408/0x890 [ 667.257126][T16190] process_one_work+0x9cc/0x1b70 [ 667.257161][T16190] worker_thread+0x6c8/0xf10 [ 667.257195][T16190] kthread+0x3c5/0x780 [ 667.257225][T16190] ret_from_fork+0x5d4/0x6f0 [ 667.257256][T16190] ret_from_fork_asm+0x1a/0x30 [ 667.257279][T16190] [ 667.257285][T16190] The buggy address belongs to the object at ffff88807f566000 [ 667.257285][T16190] which belongs to the cache kmalloc-2k of size 2048 [ 667.257305][T16190] The buggy address is located 96 bytes to the right of [ 667.257305][T16190] allocated 2048-byte region [ffff88807f566000, ffff88807f566800) [ 667.257329][T16190] [ 667.257335][T16190] The buggy address belongs to the physical page: [ 667.257351][T16190] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f560 [ 667.257372][T16190] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 667.257392][T16190] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 667.257413][T16190] page_type: f5(slab) [ 667.257434][T16190] raw: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 667.257456][T16190] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 667.257480][T16190] head: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 667.257502][T16190] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 667.257525][T16190] head: 00fff00000000003 ffffea0001fd5801 00000000ffffffff 00000000ffffffff [ 667.257546][T16190] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 667.257560][T16190] page dumped because: kasan: bad access detected [ 667.257572][T16190] page_owner tracks the page as allocated [ 667.257585][T16190] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5831, tgid 5831 (syz-executor), ts 100474056048, free_ts 100307754682 [ 667.257628][T16190] post_alloc_hook+0x1c0/0x230 [ 667.257660][T16190] get_page_from_freelist+0x1321/0x3890 [ 667.257694][T16190] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 667.257729][T16190] alloc_pages_mpol+0x1fb/0x550 [ 667.257749][T16190] new_slab+0x23b/0x330 [ 667.257775][T16190] ___slab_alloc+0xd9c/0x1940 [ 667.257803][T16190] __slab_alloc.constprop.0+0x56/0xb0 [ 667.257832][T16190] __kmalloc_cache_noprof+0xfb/0x3e0 [ 667.257862][T16190] rtnl_newlink+0x11b/0x2000 [ 667.257898][T16190] rtnetlink_rcv_msg+0x95b/0xe90 [ 667.257934][T16190] netlink_rcv_skb+0x158/0x420 [ 667.257956][T16190] netlink_unicast+0x53a/0x7f0 [ 667.257978][T16190] netlink_sendmsg+0x8d1/0xdd0 [ 667.258000][T16190] __sys_sendto+0x4a0/0x520 [ 667.258030][T16190] __x64_sys_sendto+0xe0/0x1c0 [ 667.258060][T16190] do_syscall_64+0xcd/0x490 [ 667.258094][T16190] page last free pid 5199 tgid 5199 stack trace: [ 667.258107][T16190] __free_frozen_pages+0x7fe/0x1180 [ 667.258135][T16190] qlist_free_all+0x4d/0x120 [ 667.258166][T16190] kasan_quarantine_reduce+0x195/0x1e0 [ 667.258200][T16190] __kasan_slab_alloc+0x69/0x90 [ 667.258235][T16190] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 667.258269][T16190] getname_flags.part.0+0x4c/0x550 [ 667.258293][T16190] getname_flags+0x93/0xf0 [ 667.258323][T16190] do_sys_openat2+0xb8/0x1d0 [ 667.258346][T16190] __x64_sys_openat+0x174/0x210 [ 667.258371][T16190] do_syscall_64+0xcd/0x490 [ 667.258406][T16190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.258429][T16190] [ 667.258434][T16190] Memory state around the buggy address: [ 667.258447][T16190] ffff88807f566700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 667.258463][T16190] ffff88807f566780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 667.258480][T16190] >ffff88807f566800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 667.258494][T16190] ^ [ 667.258507][T16190] ffff88807f566880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 667.258524][T16190] ffff88807f566900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 667.258537][T16190] ================================================================== [ 667.262705][T16190] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 667.262727][T16190] CPU: 1 UID: 0 PID: 16190 Comm: syz.1.2439 Tainted: G U 6.16.0-rc3-syzkaller-00072-gee88bddf7f2f #0 PREEMPT(full) [ 667.262764][T16190] Tainted: [U]=USER [ 667.262773][T16190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 667.262788][T16190] Call Trace: [ 667.262796][T16190] [ 667.262805][T16190] dump_stack_lvl+0x3d/0x1f0 [ 667.262844][T16190] panic+0x71c/0x800 [ 667.262877][T16190] ? __pfx_panic+0x10/0x10 [ 667.262909][T16190] ? rcu_is_watching+0x12/0xc0 [ 667.262934][T16190] ? preempt_schedule_thunk+0x16/0x30 [ 667.262963][T16190] ? fbcon_prepare_logo+0xa03/0xc70 [ 667.263000][T16190] ? preempt_schedule_common+0x44/0xc0 [ 667.263048][T16190] ? fbcon_prepare_logo+0xa03/0xc70 [ 667.263081][T16190] check_panic_on_warn+0xab/0xb0 [ 667.263114][T16190] end_report+0x107/0x170 [ 667.263150][T16190] kasan_report+0xee/0x110 [ 667.263170][T16190] ? fbcon_prepare_logo+0xa03/0xc70 [ 667.263207][T16190] kasan_check_range+0x100/0x1b0 [ 667.263233][T16190] __asan_memcpy+0x23/0x60 [ 667.263262][T16190] fbcon_prepare_logo+0xa03/0xc70 [ 667.263304][T16190] fbcon_init+0xd77/0x1900 [ 667.263338][T16190] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 667.263376][T16190] visual_init+0x320/0x620 [ 667.263404][T16190] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 667.263442][T16190] store_bind+0x61d/0x760 [ 667.263476][T16190] ? __pfx_store_bind+0x10/0x10 [ 667.263507][T16190] dev_attr_store+0x55/0x80 [ 667.263543][T16190] ? __pfx_dev_attr_store+0x10/0x10 [ 667.263587][T16190] sysfs_kf_write+0xef/0x150 [ 667.263614][T16190] kernfs_fop_write_iter+0x351/0x510 [ 667.263636][T16190] ? __pfx_sysfs_kf_write+0x10/0x10 [ 667.263664][T16190] vfs_write+0x6c7/0x1150 [ 667.263694][T16190] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 667.263718][T16190] ? __pfx___mutex_lock+0x10/0x10 [ 667.263751][T16190] ? __pfx_vfs_write+0x10/0x10 [ 667.263789][T16190] ksys_write+0x12a/0x250 [ 667.263819][T16190] ? __pfx_ksys_write+0x10/0x10 [ 667.263853][T16190] do_syscall_64+0xcd/0x490 [ 667.263892][T16190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.263915][T16190] RIP: 0033:0x7fc58478e929 [ 667.263932][T16190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 667.263954][T16190] RSP: 002b:00007fc585523038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 667.263976][T16190] RAX: ffffffffffffffda RBX: 00007fc5849b6080 RCX: 00007fc58478e929 [ 667.263992][T16190] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 667.264007][T16190] RBP: 00007fc584810b39 R08: 0000000000000000 R09: 0000000000000000 [ 667.264022][T16190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 667.264036][T16190] R13: 0000000000000000 R14: 00007fc5849b6080 R15: 00007ffe9e1bc368 [ 667.264059][T16190] [ 667.264132][T16190] Kernel Offset: disabled