last executing test programs: 2m58.869971127s ago: executing program 2 (id=1679): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r0 = syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_proc_sessionid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/sessionid\x00', 0x40000, 0x0) read$auto_proc_sessionid_operations_base(r1, &(0x7f0000000040)=""/8, 0x8) ptrace$auto(0x10, r0, 0x4, 0x8000040006) 2m58.230284426s ago: executing program 2 (id=1681): syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) ioprio_get$auto_IOPRIO_WHO_PROCESS(0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000180)='/:$]\x00', 0x0) socket$nl_generic(0x11, 0x3, 0x10) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) (fail_nth: 5) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82800, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) shmctl$auto_SHM_STAT(0x7, 0xd, &(0x7f0000000500)={{0x0, 0x0, 0x0, 0x1, 0xffffffff, 0x9, 0x3}, 0x8, 0x8, 0x6, 0x0, @raw=0x9, @inferred, 0x9, 0x0, &(0x7f0000000300)="e3ee718f91a84d2e05754b0f00cfb35643dea8d7ad6cb09877891af0b39fc0b21c623f11874c6274d8553b1c5ff6e382bacf2d88bc8323396dd8fd32c34ed975a804435ed31c25c425049f69f1b095fb5ff032aa8d70e37a02fa1e0547ef7bee3bccdb7f408469291c830d3d73ceacf3a7428c9138a573b2dd6e6d60f1f64bbfce005f1aafc2f901952a97a3f048d7a26e7a65ec83f4c52187e60c593af280", &(0x7f0000000480)="bfc33ac675e5f3bfd78a6906e0fb388893ef3aaf4c4bda5a477ea0c9bf31edf021600287d43ac61351b3d445a03bc3f030d1c66bb88d816f50e1b5d15a21d61907336ceecf"}) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttywd\x00', 0xc0200, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000000000)="1f91f2c3881f4610e18d5fc5e5bfd9800e9b50", 0x13) 2m53.534680383s ago: executing program 2 (id=1693): socket(0x2, 0x1, 0x100) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) shutdown$auto(0x200000003, 0x2) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x149443, 0x14) fcntl$auto(r0, 0x409, 0x40003f) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000100)=""/192, 0xc0) setsockopt$auto(0xffffffffffffffff, 0x8, 0xc, 0x0, 0x567) unshare$auto(0x40000080) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x8080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) unshare$auto(0x40) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mount$auto(0x0, 0x0, &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='nfs4\x00', 0x200, &(0x7f00000001c0)) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) 2m52.015150593s ago: executing program 2 (id=1699): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb2, 0x403, 0x8000) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = socket(0x2, 0x3, 0x2) socket(0x10, 0x2, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x28000, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0xa, 0x2, 0x88) setsockopt$auto(r0, 0x1, 0x6, 0x0, 0xc089) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x5) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x4e22, @broadcast}, 0x55) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/manager\x00', 0x40, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f00000001c0), 0x40200, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x10, &(0x7f0000000180)=@info={r1, 0x5, 0x3}, 0x6) socket(0x2b, 0x1, 0x0) socket(0x10, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) r2 = openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker\x00', 0x201, 0x0) writev$auto(r2, &(0x7f0000000100)={0x0, 0x80}, 0xa) clone$auto(0x7fff, 0x200, 0x0, 0x0, 0xf) process_madvise$auto(0x3, 0x0, 0xb, 0x40000c15, 0x8000000000000000) 2m50.880992304s ago: executing program 2 (id=1704): setitimer$auto_ITIMER_REAL(0x0, &(0x7f0000000180)={{0x34c, 0x9}, {0x7fffffffffffffff}}, 0x0) (async) setitimer$auto_ITIMER_REAL(0x0, &(0x7f0000000180)={{0x34c, 0x9}, {0x7fffffffffffffff}}, 0x0) r0 = openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/cmdline\x00', 0x143404, 0x0) mmap$auto(0xffffffffffffffff, 0x20020009, 0xdf, 0xeb0, r0, 0x8000) (async) mmap$auto(0xffffffffffffffff, 0x20020009, 0xdf, 0xeb0, r0, 0x8000) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) futex$auto(0x0, 0x8, 0x8243, 0x0, 0x0, 0x4) read$auto_fops_u8_(r1, &(0x7f0000000000)=""/17, 0x11) r2 = getsockopt$auto(0x3, 0x200000000001, 0x3b, 0x0, 0x0) r3 = ioctl$auto_NS_GET_PARENT(r2, 0xb702, 0x0) recvmmsg$auto(r3, &(0x7f0000000200)={{&(0x7f0000000080)="04833b169fa093f3771692c4d9bd4c7c90329cc8a0e19390379143d0541eb89d94", 0x8001, &(0x7f0000000140)={&(0x7f00000000c0)="7a653071ccc9bf481546b331dd5bc6979b8c0596539c64cd8d282100147f37b262d2d55c2931d2fcb01e5f851f93b7ea964320a7f2b30a44ee3892fc7296c62652639d3dc70b6cc67fdcbf5d5a89617c2d4d4b44413064f48e0c8e5a8e03b4b597bd95d4", 0x6}, 0x2, &(0x7f0000000180)="567c8fd4637a06b74e24a88ae09fdb9537b75ecf747461aaa671c58aa03295fc993970f7332fc238361c6b315510144e899286f5a6f69633e02a81ab70898291b59f8766", 0x7, 0x1ff}, 0x7}, 0x4912, 0x9, &(0x7f0000000240)={0x9, 0x400}) 2m48.206574537s ago: executing program 2 (id=1709): shmctl$auto_SHM_LOCK(0x7ff, 0xb, &(0x7f0000000140)={{0x6, 0xffffffffffffffff, 0xee01, 0xaf1, 0xa, 0x6, 0x1}, 0xca, 0xe42, 0x1, 0x8000000000000001, @raw=0x5, @raw=0x10000, 0x6, 0x0, 0x0, &(0x7f00000000c0)}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x400c000) r0 = bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x101a02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f00000001c0)={{@raw=0xfff, 0x9, 0x5, 0x6, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa0000000000040000660e0701000000000000008000"}, 0x8, 0x0, 0x4, @inferred, @integer64={0x8f1, 0x3, 0x5}, "a4699d30a05edbe0d28473c399a7dc1d7de94b4123f970bedd3460c667373fcc66b584d81592f6ab606c276807000000000000006e76803400"}) r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x3c3ee0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) setsockopt$auto(0x3, 0x0, 0x33, 0x0, 0x4) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) setsockopt$auto_SO_ATTACH_REUSEPORT_CBPF(r2, 0x582d, 0x33, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0xff) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000440)={{0x0, 0x2, 0x200802, 0x1, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e1ca6300ea"}) close_range$auto(r0, r1, 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) r6 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u50x9, 0x6, 0x8001}, 0x101) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x101a02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f00000001c0)={{@raw=0xfff, 0x9, 0x5, 0x6, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa0000000000040000660e0701000000000000008000"}, 0x8, 0x0, 0x4, @inferred, @integer64={0x8f1, 0x3, 0x5}, "a4699d30a05edbe0d28473c399a7dc1d7de94b4123f970bedd3460c667373fcc66b584d81592f6ab606c276807000000000000006e76803400"}) r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x3c3ee0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) setsockopt$auto(0x3, 0x0, 0x33, 0x0, 0x4) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) setsockopt$auto_SO_ATTACH_REUSEPORT_CBPF(r2, 0x582d, 0x33, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0xff) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000440)={{0x0, 0x2, 0x200802, 0x1, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e1ca6300ea"}) close_range$auto(r0, r1, 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) r6 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u5\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6\xd6z\xfa\xb8\x10hM\xe4\x15\x92R\xb9&$\x99\xb5r\xe3\xcb\\|\xff\xf8\x8d\x0f\xd1[\x19\x81\xa1\x8c\xee\xde\x9a\xe5\xbc\xcc\xec\xbdu(\xf3\xe5\x0e>u\xc9U\x8ch\xdc~\xbcg>\x06F\xc0;\xa6\x90\xe6y*\xd4\x0fT(\xd5Y\xe6B\xeaB\xab\x1b\xb0\xd1\x86h\xe0\xa6\x8c\xd7\xe3\xa0\x91\x9d\xe9)\xe1\xd0\x87V1\xb1\x9e\xd7onJ\"c\xcf\xfb\xd6\x17\x15n\xd0~~\xfd\x02Y\x9f\xb0\xc7G>fF\x89\xfc\xb54\xc6.', 0x7ff, 0x400) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) sysfs$auto(0x2, 0x358, 0x7fffffffffffffff) unshare$auto(0xf) landlock_restrict_self$auto(r3, 0x101) ioctl$auto_EVIOCSCLOCKID(0xffffffffffffffff, 0x5452, &(0x7f00000000c0)=0xca9) r8 = socket(0xa, 0x0, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r8, &(0x7f0000000180)={{&(0x7f0000000000), 0x1aa, &(0x7f0000000100)={&(0x7f0000000040)="4a67d23edb3100000000000000000075210d2de48306c2fb", 0x49}, 0x1000000000002, &(0x7f0000000180), 0x5}, 0x1}, 0x2, 0x5) 5.798678567s ago: executing program 4 (id=2202): r0 = socket(0x2, 0x5, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/wakeup/wakeup7/event_count\x00', 0x1c2580, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080)=""/86, 0x56) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/nfc/nfc1/rfkill1/soft\x00', 0xa3182, 0x0) sendfile$auto(r3, r2, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@sco={0x1f, @none}, 0x5) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) bpf$auto(0x11, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x81, 0xffffffffffffffff, 0x2, 0x8}, 0xcf) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) ioperm$auto(0x6, 0x18001, 0x80001) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x80000001, 0x8) ioperm$auto(0x3, 0x2db, 0x10000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) shutdown$auto(0x200000003, 0x2) ioprio_set$auto(0x7, 0x0, 0xfff) unshare$auto(0x40000080) recvmmsg$auto(0x3, 0x0, 0x687bcbd, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x27, 0x800000000000000, 0x17) r4 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/kvm/mmu_pde_zapped\x00', 0x2100, 0x0) read$auto_def_blk_fops_fs(r4, 0x0, 0x0) mlockall$auto(0x7) 5.766536258s ago: executing program 0 (id=2203): prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000000c0)=""/7, 0x7) socket$nl_generic(0x10, 0x3, 0x10) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51) socket(0xf, 0x3, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x9a3e, 0x0, 0x1, 0x0) r2 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x3, 0x1, 0x80) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x8a240, 0x0) ioctl$auto(r3, 0x5646, r3) read$auto_v4l2_fops_v4l2_dev(r1, &(0x7f0000000180)=""/40, 0x28) socket(0x1e, 0x1, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x9) copy_file_range$auto(r2, 0x0, r2, 0x0, 0x2, 0x0) select$auto(0xa, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xfff, 0x1, 0x9489, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0) socket(0x21, 0x2, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000001680)='/sys/kernel/tracing/uprobe_events\x00', 0x129042, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x2584, 0x0) ioctl$auto(0x3, 0x40045542, 0xb551) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/midi2\x00', 0x201, 0x0) close_range$auto(0x2, 0x8000, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/modules\x00', 0x2d2302, 0x0) 4.694937532s ago: executing program 0 (id=2204): mmap$auto(0x0, 0x400008, 0xdf, 0x33, 0x2, 0x8000) (async) r0 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) setsockopt$auto(r0, 0x5, 0xfffffffa, &(0x7f0000000080)='((]*\x00', 0x6) (async, rerun: 32) socket(0x2, 0x1, 0x0) (async, rerun: 32) socketpair$auto(0x3, 0x5, 0x7, 0x0) setsockopt$auto(0x3, 0x0, 0x18, 0x0, 0x9) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x0, @local}, 0x69) 4.446644099s ago: executing program 0 (id=2205): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) lsm_get_self_attr$auto(0x2, &(0x7f0000000440)={0x68, 0x12a3, 0x800000009, 0x70, "72366e9fbf02006b1fe977bf934bfebb262a94680000000000000000000000efe61bc7a2c7bb30b749c70dc84dbcc8a00cee78fcd191bf8850f3c9030208ed6f920b2087ddcce9632afd492e60c0b79b66ea98fd787e0a2e2579afec8b9a682481461e3afbb63773bcc5febfd618d8f4"}, &(0x7f00000008c0)=0x1ff, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x4040, 0x0) preadv2$auto(0x3, 0x0, 0x5, 0xfffffffffffffffc, 0x7, 0x2e) write$auto_tty_fops_tty_io(r0, &(0x7f0000000200)="352c8efa610c0bcf83a4ebdb040000000000000021cb244b19a48bb5e0d12df9735b745b9554dfb0ad", 0x29) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) ioctl$auto(0xffffffffffffffff, 0x8912, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) ustat$auto(0x801, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f00000018c0)='/sys/kernel/tracing/error_log\x00', 0x2, 0x0) ioctl$auto_FS_IOC_UNRESVSP64(r2, 0x4030582b, 0x5) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000) r3 = eventfd$auto(0x80) readv$auto(r3, &(0x7f0000000380)={0x0, 0x8}, 0x4) read$auto(r3, 0x0, 0xcc9c) write$auto(r3, &(0x7f0000000400)='\'\x00', 0x8) r4 = bpf$auto(0x5, 0x0, 0x102) getpid() syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x8800) r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x50, r6, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_HE_BSS_COLOR={0x20, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x7}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x80}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}]}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0x6}, @NL80211_ATTR_SAE_PWE={0x5, 0x12a, 0xc}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x800}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) read$auto(r5, 0x0, 0xb4d3) 4.419536041s ago: executing program 3 (id=2206): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x9}, 0x1, 0x0, 0x0, 0x800}, 0xc044) sendmsg$auto_NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYRES16], 0x131c}, 0x1, 0x0, 0x0, 0x24000811}, 0x2f4ffe4818a0ba49) mmap$auto(0x0, 0x20009, 0x4000000000de, 0xeb1, 0xffffffffffffffff, 0x2) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x25, 0x1, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0xa, 0x1, 0x0) (async) listen$auto(0x3, 0x81) (async) listen$auto(0x3, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183042, 0x0) (async) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x100182, 0x0) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0x240000, 0x0) (async) openat$auto_fops_u16_(0xffffffffffffff9c, 0x0, 0x42002, 0x0) (async) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0xa, 0x2, 0x0) (async) inotify_init1$auto(0x3000000000000) socket(0xa, 0x2, 0x3a) (async) r1 = io_uring_setup$auto(0x7, 0x0) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, r1, 0x0) (async) open(0x0, 0x20400, 0x58) (async) r2 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) (async) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1e043, 0x0) ioctl$auto(r2, 0x40106f52, r3) mmap$auto(0xfffffffffffffff7, 0x202000a, 0x9, 0xeb1, r0, 0x6) (async) socket(0x2, 0x5, 0x0) (async) socket(0x2, 0x80002, 0x73) (async) socket(0x2, 0x1, 0x84) 4.415509095s ago: executing program 4 (id=2207): openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsu1\x00', 0x19d141, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000480)='/proc/sys/net/ipv4/ip_early_demux\x00', 0x149c41, 0x0) write$auto(r0, &(0x7f0000000040)='\x00', 0x9) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x1d, 0x2, 0x6) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f00000000c0)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd238032b20ed763ac8caf4b9b4c30b530ac6ebbff950e1a647d6a08a1b55dde5a409b4a", 0x3a) bind$auto(r2, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x6c}, 0x1, 0x0, 0x0, 0x40084}, 0x40) io_uring_setup$auto(0x6, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) sendmsg$auto_L2TP_CMD_SESSION_GET(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x24000004) close_range$auto(r2, 0xffffffffffffffff, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x42, 0x0) socket(0x22, 0x2, 0x17) ioctl$auto_UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x17, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000500)={'gretap0\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_GET(r6, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400f900", @ANYRES16=r7, @ANYBLOB="050029bd7000fcdbdf250300000008000900", @ANYRES32=r9, @ANYBLOB="0500010000000000"], 0x24}}, 0x4000024) 4.255561417s ago: executing program 1 (id=2208): unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb2, 0xffffffffffffffff, 0x300000000000) r0 = socket(0xa, 0x1, 0x100) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) select$auto(0x2007, 0x0, 0x0, &(0x7f00000004c0)={[0xe83, 0x8, 0xfffffffffffffc01, 0x1, 0x800000000000fff9, 0x8, 0xf0, 0x7fffffff, 0xe213, 0x528, 0x2, 0x5, 0x5, 0x2, 0x5, 0x8000000000000000]}, 0x0) sendmmsg$auto(r2, &(0x7f00000003c0)={{0x0, 0x90, 0x0, 0x5, &(0x7f0000000400)="6768bebc2b4917e9a299e5bcccee2e7c39f1404dd3e4ce3656f1ed196255840afb6fc4f0629c36cfd734924a082a2e6b694e7c90fff189d28bb2246909520096cadb77657e0f0d5cb80d20074854420ed1f0c7d506af732d29a0e1d33ea3b503927a276bfacfe18580b053", 0x4, 0x208}, 0x40001a}, 0x7, 0x6) write$auto(r2, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) sendfile$auto(r1, r1, 0x0, 0x7fff) unshare$auto(0xa4) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) socket(0x0, 0x3, 0x3c) unshare$auto(0x40000080) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x42, 0x0) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) r4 = prctl$auto(0x101, 0x7, 0x0, 0x800000000001, 0x2) sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f0000000100)={0x0, 0x17, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[], 0xf8}}, 0x20000098) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x64f4040a6ccda016}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x5c}}, 0x40) close_range$auto(0x2, 0x8, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda) mmap$auto(0x2, 0xfffffffffffffffd, 0x5, 0xebd, r4, 0x2807ffc) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlockall$auto(0x2) ioctl$auto_SNDCTL_SEQ_GETINCOUNT(r3, 0x80045105, &(0x7f0000000300)="48c9c499a9a55fc2a836723fb70537445460c9f0892a287c9eb350e6b7502695a40747d57c6d503a9321dfb65dfcdd31e011f135fea8b10f802afe673cf64aa66c9f61a38fcb31374ce2e32ab0609681ba696929e2d96bb3682b03969701b37156ff8b4721ea5f896578a106c1f2650052e1d1590d649f180185beeb9d020a557604128a5fd3fffe") r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyy7\x00', 0x68a082, 0x0) ioctl$auto_TIOCSWINSZ(r5, 0x5414, &(0x7f00000000c0)="05") 4.025019794s ago: executing program 4 (id=2209): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) capset$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb1, 0x401, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x6b, 0x4, 0xfffffffffffffffe, 0x0) select$auto(0x3, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x6, 0x1, 0x1, 0xa, 0xb, 0x5, 0x100000001, 0x0, 0xcf, 0x5, 0x215, 0x805, 0xb98]}, 0x0, 0x0, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYRES32, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c80"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b67, 0x1) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r1, 0x0, 0xf) write$auto(0x3, 0x0, 0xfdef) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000400)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\x92\xa5\xe4\xdd\xe9\xf2\x0e\xc8', 0x100) r2 = socket(0x11, 0x1, 0x87) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000100), r2) close_range$auto(0x2, 0x8, 0x0) r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(0xffffffffffffffff, 0x541c, r3) 3.762798431s ago: executing program 3 (id=2210): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x801, 0x106) (async) r0 = socket(0xa, 0x801, 0x106) ioctl$auto(r0, 0x890c, 0x9) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) 3.405177033s ago: executing program 0 (id=2211): msync$auto(0x9, 0x180000000000000, 0x5) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) chdir$auto(&(0x7f00000000c0)='}[,&*}\x00') r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) lseek$auto(0x0, 0x9, 0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/swradio11\x00', 0x80002, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x5) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/disable_policy\x00', 0x202, 0x0) sendfile$auto(r1, r0, 0x0, 0x4c) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r2, r2, 0x0) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) ioctl$auto(r3, 0xc0585611, r3) openat$auto_ftrace_event_id_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/id\x00', 0xe2000, 0x0) readv$auto(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x8000000000ffff}, 0x1) write$auto(0x3, 0x0, 0x100082) madvise$auto(0x1, 0x9, 0xa) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) sendfile$auto(r4, r4, &(0x7f0000000280), 0x0) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) 3.235895707s ago: executing program 3 (id=2212): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) socket(0x10, 0x4, 0xffffffc0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x0, 0x400008fd6, 0x948b, 0x3, 0x15f4da0a, 0x1, 0x6, 0x62, 0x7, 0x7, 0x1, 0xb, 0x100, 0x18]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xd0000000, 0xd) socket(0x10, 0x2, 0xffffffff) r2 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Writeback-1/edid_override\x00', 0x40901, 0x0) write$auto(r2, &(0x7f0000000100)='/sys/kernel/debug\xd4\x00\x00\x00/vkms/Writeback-1/edid_override\x00&\x9c\xabdj\xaa\x87\xe6[J!y\x80r', 0x80) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x109500, 0x0) pread64$auto(r3, 0x0, 0x8, 0xffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="1b0026bd7400fddbdf250300000004000800100003800c001480080001808847338012000100898771f1c19f177904859082803500003f1c0280"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0xfffffffffffffffd, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) r6 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/oom_adj\x00', 0x0, 0x0) sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x4008010) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) read$auto(r6, 0x0, 0x1f40) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0xffdffffffffffffc, 0x200006, 0x0) setresuid$auto(0x2, 0x7, 0x8080) 2.554505592s ago: executing program 4 (id=2213): madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket(0x2c, 0x3, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x4) r1 = socket(0xa, 0x80007, 0x300) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4) r2 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r3 = socket$nl_generic(0x10, 0x3, 0x10) write$auto_ftrace_set_event_pid_fops_trace_events(r2, &(0x7f0000000100)="13174afb79e42c7c3081d069971f240e9e54f2b92d1ce62cd6405bebfa2940a6426c5f81e1f8db32f6", 0x29) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) pidfd_getfd$auto(0x3, 0x1, 0x100000000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r4, r3, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) bpf$auto(0x1, &(0x7f00000001c0)=@bpf_attr_11={0x7fff, 0x3ff, 0xffffffff, 0x777, 0x200, 0x8, 0xffffff01}, 0xc) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) r5 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/loop13/hctx0/sched_tags\x00', 0x40100, 0x0) lseek$auto(r5, 0x7fffffffff7fffff, 0x0) 2.219245456s ago: executing program 0 (id=2214): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(r0, 0x0, 0x10000, 0x80000000, 0x0) write$auto(0xca, 0x0, 0x2d9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020409, 0xa, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x10, 0x2, 0x0) io_uring_setup$auto(0x6, 0x0) r1 = socket(0x1e, 0x1, 0x0) listen$auto(r1, 0x9) socket(0x2b, 0x1, 0x1) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2000, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0xd5b, 0xc, 0x8001, 0x1, 0x2, 0x15f4da0a, 0x59, 0x3, 0x300000000000600, 0x8000, 0x7, 0x5, 0x5, 0x9]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2c, 0x1, 0x3) socket$nl_generic(0x10, 0x3, 0x10) sendto$auto(0xffffffffffffffff, 0x0, 0x402, 0x0, 0x0, 0x19) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xffd8) adjtimex$auto(0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) 1.778038339s ago: executing program 3 (id=2215): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0xffff) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x7, 0x5, 0x800) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) ioctl$auto(r2, 0x2283, r2) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x7fffffffffffffff, 0x4, 0x0, 0x5, 0xe) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r1, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/devices/virtual/block/ram7/queue/iostats\x00', 0x8502, 0x0) write$auto(r3, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) read$auto_clk_dump_fops_(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_BLKRRPART(r1, 0x125f, 0x0) getpeername$auto(r0, &(0x7f0000000080)=@vsock={0x28, 0x0, 0x2711, @host}, &(0x7f00000000c0)=0x4) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/domainname\x00', 0x88042, 0x0) mkdir$auto(&(0x7f0000000000)='\xe6/\x00', 0x2) utime$auto(&(0x7f0000000040)='\xe6/\x00', 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000300)='/dev/v4l-subdev0\x00', 0x200000, 0x0) madvise$auto(0x0, 0xf663, 0x15) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x1c1041, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x100000009, 0x7) ioctl$auto_FIFREEZE(r4, 0xc0045878, 0xfff) sendmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x5, 0x0, 0x200000000000001f, 0x9}, 0x800009}, 0x3, 0x20000000) mmap$auto(0x8000000000000, 0x200006, 0x3, 0x40ebe, 0x602, 0x300000000000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) 1.562314961s ago: executing program 4 (id=2216): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd6/range\x00', 0x10c140, 0x0) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0x5, 0x8) keyctl$auto(0x11, 0xdfffffffffffffff, 0x69c9, 0x0, 0xbcd) socket(0x10, 0x2, 0xc) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) getsockopt$auto_SO_RCVTIMEO_OLD(0xffffffffffffffff, 0x4, 0x14, &(0x7f0000000040)='\x00', 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/hwdep\x00', 0x0, 0x0) ioctl$auto_BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x50009401, 0x0) madvise$auto(0x110c230000, 0x8031ca, 0x9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/dev_mcast\x00', 0x44401, 0x0) prctl$auto_PR_GET_SHADOW_STACK_STATUS(0x4a, 0x7fffffffffffffff, 0x0, 0x2, 0x8f) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x108000, 0x800034, 0x9) mount$auto(0x0, 0x0, &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evm_key_ops_evm_secfs(0xffffffffffffff9c, &(0x7f00000000c0), 0x8800, 0x0) 1.172076238s ago: executing program 1 (id=2217): r0 = socket(0x2a, 0x2, 0x1) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b46, r1) sendto$auto(0x3, 0x0, 0x79, 0x0, 0x0, 0x20) 1.119335531s ago: executing program 0 (id=2218): r0 = socket(0x2, 0x1, 0x106) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) setsockopt$auto(r0, 0x8, 0x90, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x2, 0x400008, 0xdf, 0x19, 0x2, 0x8000) prctl$auto(0x10000000017, 0x1cf3, 0x4, 0x40, 0x0) remap_file_pages$auto(0x5, 0x1000, 0x0, 0x8, 0x10007) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, 0x0, 0x2000, 0x0) r1 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="01002dbd70007cdbdf257e000000"], 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x400000000006) open(0x0, 0x1e1401, 0xe5) tkill$auto(0x0, 0x7) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) setrlimit$auto(0x1000000007, 0x0) io_uring_setup$auto(0x40000005, 0x0) getxattrat$auto(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0xb91) move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x10000000001013, 0x2, 0x8000) setsockopt$auto(0x3, 0x114, 0xa, 0x0, 0x4) unshare$auto(0x40000080) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r3, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e28782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d5574bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f3829c8a4c33fe0fbc81dd579bbdb44eda4f335d2bc512ca7f38f603c29033c94df2c9533f4422432f574a021e90a0fe3a4cf54", 0xcb6) mmap$auto(0xf, 0x8, 0xdf, 0x18, 0x401, 0x1008000) 1.089307497s ago: executing program 3 (id=2219): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x13, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000003b40)={'veth0_to_hsr\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40001) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto(r2, 0x8, 0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0xa) r4 = syz_genetlink_get_family_id$auto_nlbl_calipso(&(0x7f0000000080), r3) sendmsg$auto_NLBL_CALIPSO_C_REMOVE(r3, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x5c, r4, 0x110, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0x5}, @NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0x5}, @NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0x3ff}, @NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0xd98c}, @NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0x7}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x4}, @NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x5c}, 0x1, 0x0, 0x0, 0xc010}, 0x0) sendmsg$auto_NLBL_CALIPSO_C_REMOVE(r2, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x64, r4, 0x300, 0x70bd27, 0x25dfdbfe, {}, [@NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x4}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x7}, @NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0x7}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0x7fff}, @NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0x10}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x7f}]}, 0x64}, 0x1, 0x0, 0x0, 0x4040800}, 0x400c0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 431.165955ms ago: executing program 3 (id=2220): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/tty/ptybd/power/control\x00', 0x2062, 0x0) (async) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/mptcp/pm_type\x00', 0xe0002, 0x0) sendfile$auto(0x1, r1, 0x0, 0xc01) (async) openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000100), 0xc82, 0x0) (async) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) (async) semctl$auto(0xa, 0x5, 0xe, 0x8) sendfile$auto(r0, r0, 0x0, 0x4) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000000c0), 0xffffffffffffffff) (async) r4 = wait4$auto(0xffffffffffffffff, &(0x7f0000000000), 0x1ff, &(0x7f0000000100)={{0xe27, 0xc7}, {0x3, 0xb}, 0x1, 0xffff, 0x4, 0x379, 0x1bb, 0x5, 0xa76, 0xfffffffffffffffd, 0x2, 0x2, 0x2, 0xfffffffffffffffb, 0x9, 0x1}) sendmsg$auto_MACSEC_CMD_UPD_RXSC(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a4010000", @ANYRES16=r3, @ANYBLOB="01002abd7000fedbdf2503000000890109806000c38004008c80c471c9447e2fb2b3b2db04603cefc2b40ac39d9d643930802796fbb32c75a268918d32c207428e7ab28604577afd146d1483e09fc06fb237d2627d0fce8c6840a3bebfae415ee1bf65986e3ae12a46ccc082de9deca5d7421a64a8b1ccf9064ed26ea30cd634ab741865428e348701fb9532e814347c438bda77583fc1183ef301a4f45f2316dc67a526ba261555da9d0900d149a2f90c8b538028a3ea6a18285e3a967e8867a4806dda6e5303fec108003b00", @ANYRES32=r4, @ANYBLOB="008f4e37ebb967664a7c881add12744397b7520af159099d01d54974e5a46bf07f002c5e3a930406cf5415c8448fd5176a0dfb65a86a8efda06557505cb5f25d4c174d7a4b072ca02beaba642f21b86513858887ea32eaabadb503e5c40621b90bb322e7b008f1296a9d17f786b007dec6a785199a02490400c6ede6cf5026694fc0035d059798ddb1b702f3e9ec1b934bbc5c68957cc21beaac50384f3cfe4bfe3a5a5aa81196fe9ecda139e12cc529111c9483c416a979780fa32758efaeb79d1e8eaad1b017422b226bf88eea64ad79a41fcc72080016800400a7807d540365a6bcdaa0d647591289c1d740667dbdbf2bd1ae096e76565b621cd3539c3129b9910b00d7006d616373656300000c0091000700000000002000000004000280616a93710f4855684e46ff5b21b8222772cf801415e1e4d3176dda2c44e6f57c85b79a7b45213e1ef49153dc279090b2992775bf49d1ecd83d5d70f9280eb117a01f1502115ccc756713b54d0ace13f9bb303a88b0ab5dc01a9ebfe56272edbed8c1abf5a5d4bd89bbe62a022ec4bdfa426b5d91550168deb0d2449ddc25f9c59a169ccea2d6b4a9ac8a0000"], 0x1d8}, 0x1, 0x0, 0x0, 0x200000c4}, 0x40050) 338.538288ms ago: executing program 4 (id=2221): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0xa020008, 0xdb, 0xb9, 0xfffffffffffffffa, 0xc) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x3, 0x40000000000eb1, 0x401, 0x8000) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'caif0\x00'}) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_ADAP_G_LOG_ADDRS(r2, 0x805c6103, &(0x7f00000001c0)={"8911bd3a", 0x1, 0x0, 0x6, 0x4, 0x6, "feaf587cdf4d2f534a1c88d3e40a00", "e6cf6512", "f34cae3a", "10a991b3", ["3ae887a128f1d8c79420d880", "b11feafce4d296d8c985d069", "0149f0a7102c3fffab592db0", "0059c09dca7de9bdbbc6be07"]}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) unshare$auto(0x40000080) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x4) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x800, 0x200007, 0x2) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) 0s ago: executing program 1 (id=2222): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x141201, 0x0) sendmsg$auto_OVS_FLOW_CMD_NEW(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="84040000", @ANYRES32=r0, @ANYBLOB="020029bd7000fcdbdf250100000008010a00020200000400060061040780100005800c00330002fe0000000000000008003d00", @ANYRES32=0x0, @ANYBLOB='\b\x00_\x00', @ANYRES32=0x0, @ANYBLOB="0800f200", @ANYRES32=r0, @ANYBLOB="0800078004001f00c117254d457ecf2f63c2de59201d5afcab68364e0bc5dda44528b40eafccc25707ef0d00001fbf6379f5f0f400244bc80f125915f650e819c239b965a2e450144e711cc7a3869673c63813c2c0b65306c69140ccd407ebd819526975410c9edd651caef431fead9eac87477265a415c0d495d9a55aaf1cc3a979f25ee9b0304a4ead83a05e36d202d5a7348b66a71407c530acd4f7c9f3c868510763fde9cda134564df5551938e9db4c5a6a87eb52a066ca10df45af826a0373a73783fcb957a47fa365da62a64347172d9d0303fcbd5c4560f170d8cac5f7d7cf9fba7c1559a40f09ca07906e102d6ec5db454bbb9adc79476b6fb6dccdf3efd0a491eb79b4e7d25147d63a9b9a67511e01b287e64cf31513b3f23395b788736c545a159fac9adb4c593fd9d43de405ce6e219f68bd7504842396f239ca9216927641a883e13a98c0ba94f01813442b3d5604601f521e673cb99bf9d07d0005af7893d4564f637334e5e59054f749dc669ed80bb8934fa5e1c1eaeef2e89e4f7d0fa7e5f9da47fc021014c98cd1031685ed7532c05b957cd7299b9d10461b9741de5ac0f0867c2dbf39ae6648ec556482025e800400f0807e8ef36833a43db639cef3606d3cff50b67b50844c0408bf2ad83bac8986fb38482aab878870dc01660eaf37d6c6800a77f3d1e740e8cb4fd3c88e24f88bdacd392bcfba891fd8bf072a139ce8c9fb19258c232b78c208ef02e783d6cc5aac59a024553600b28ee705ea22de506aa8e55171572a2dad616de2151e963e4a75fc5dabe23fe120fc8b124726f0bbc14ab3f19780f6dff42e5227af07e922a68139f6bd9c17f3193f3cfa137f7e25167b54cf7af5a87d582360542b7558219e6f70a68966070618b5e24790bb6da0a263e6d12beec61681e6b45138111a7bb2d7d3d403d45f51e174e6248374ff3548ef1741b5204b9974234b192178b20abe05acd17efc9c0b89fe55bc63a5bf7cff9b5596efc91803ef4d90b316c143c6e1f647258b37dd2212934e7cb828636154f71edc85360f8888ae8115dbeb87549f51992c975dab75c9c62678d429d6297abccc2df05c21ad67ecba7944fdd0c14ad1601bf56c8a7040094b81c099fce1b0ee1aab50399b69346055aac9a204004380a21a7b0010bda1806344a240e52af4b77e05c74e3b24c96245eeb7c4ce0ca4c4618d31af4b41862cad0710b7671dcb8702e8be757eec7ade762aba3d282fc24d145da5c10662e053f91e988ef78acb71f606615df7d7ea3e32f154d7ea15708a2f81b86b73cca581d565015908ba7ad2d7726a2ed5a796ad6a28ff13fb56d1b5c858ec80f09bc4679bec8999a63ab63eecbc7f10b01e0fc0cc2e89ddc2c3737256c09d0b91e535d2537463f1ee0e6d3ea491208ea58424728c737028da09d3e586423962bc3bb3ac97c1b1c3f011d1aeb755b76e24ffd12e135b7c5a4c28b6434d863c9a56ad1ffd2cb5497b98d507bcd2450b5b76a21c04000a800000f0dbfc89a2cfd3e3386dc4c1553933b69cf1f90633ae7431bbd99587ce2fd0f23c4e968fdb1ebe3cab0e72eaed24846ac05f164a5b0236598e99becb45967d3675d5ddedaebc36339dbbab4f3c2024736cac6d8f1c242e597b5ba5202665ea5bf856b2358541c7cfa4a7698267853ec485f2c939f9df3658c8b6428c223cd7b7"], 0x484}, 0x1, 0x0, 0x0, 0x80}, 0x8084) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)="1b") openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = socket(0xa, 0x1, 0x100) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_mon_fops_stat_usb_mon(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/usb/usbmon/31s\x00', 0x101502, 0x0) setsockopt$auto_SO_DOMAIN(r3, 0x2, 0x27, &(0x7f0000000240)='/dev/tap63\x00', 0x200) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x100000001ff, 0x7, 0x3, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x5, 0x62, 0x80000001, 0x5, 0x5, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) msgctl$auto_IPC_SET(0x800, 0x1, &(0x7f0000000300)={{0x8, 0xffffffffffffffff, 0xffffffffffffffff, 0xc, 0xe2, 0x800, 0x6}, &(0x7f0000000280)=0x6, &(0x7f00000002c0)=0x5, 0xa00, 0x8, 0x8, 0x100000001, 0x8, 0x4, 0xa, 0xfff, @inferred, @raw=0x5}) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x169000, 0x0) ioctl$auto(r4, 0x80405600, r4) sendfile$auto(r4, r1, &(0x7f0000000180), 0x4) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) process_madvise$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x0, 0x5, 0x4, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) readahead$auto(0xffffffffffffffff, 0x4, 0x4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0x4, 0x300000000000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) fsetxattr$auto(0xffffffffffffffff, &(0x7f0000002200)='*){\x85,\x00', &(0x7f0000002240), 0x8, 0x0) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) kernel console output (not intermixed with test programs): 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 473.588755][T11563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 473.588769][T11563] Call Trace: [ 473.588776][T11563] [ 473.588784][T11563] dump_stack_lvl+0x16c/0x1f0 [ 473.588823][T11563] should_fail_ex+0x512/0x640 [ 473.588857][T11563] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 473.588896][T11563] should_failslab+0xc2/0x120 [ 473.588918][T11563] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 473.588954][T11563] ? getname_flags.part.0+0x4c/0x550 [ 473.588985][T11563] getname_flags.part.0+0x4c/0x550 [ 473.589015][T11563] getname_flags+0x93/0xf0 [ 473.589046][T11563] do_sys_openat2+0xb8/0x1d0 [ 473.589072][T11563] ? __pfx_do_sys_openat2+0x10/0x10 [ 473.589101][T11563] ? __fget_files+0x20e/0x3c0 [ 473.589138][T11563] __x64_sys_openat+0x174/0x210 [ 473.589165][T11563] ? __pfx___x64_sys_openat+0x10/0x10 [ 473.589190][T11563] ? ksys_write+0x1ac/0x250 [ 473.589236][T11563] do_syscall_64+0xcd/0x490 [ 473.589273][T11563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.589296][T11563] RIP: 0033:0x7fbaeff8e929 [ 473.589314][T11563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.589344][T11563] RSP: 002b:00007fbaf0ed3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 473.589365][T11563] RAX: ffffffffffffffda RBX: 00007fbaf01b5fa0 RCX: 00007fbaeff8e929 [ 473.589380][T11563] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 473.589395][T11563] RBP: 00007fbaf0ed3090 R08: 0000000000000000 R09: 0000000000000000 [ 473.589408][T11563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 473.589421][T11563] R13: 0000000000000000 R14: 00007fbaf01b5fa0 R15: 00007ffcbff743b8 [ 473.589449][T11563] [ 473.821403][T11566] sp0: Synchronizing with TNC [ 474.000659][T11569] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1153'. [ 475.790227][T11588] Invalid ELF header magic: != ELF [ 476.846955][T11608] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1166'. [ 477.023137][T11613] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1167'. [ 477.310075][T11616] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1168'. [ 477.699853][T11624] device-mapper: ioctl: Invalid data size in the ioctl structure: 1 [ 479.146686][T11652] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1178'. [ 479.306689][T11662] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1178'. [ 481.141484][T11702] netlink: 346 bytes leftover after parsing attributes in process `syz.3.1188'. [ 482.790134][T11722] Process accounting resumed [ 483.712067][T11794] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1203'. [ 483.731615][T11794] bridge_slave_1: left allmulticast mode [ 483.749409][T11794] bridge_slave_1: left promiscuous mode [ 483.788712][T11794] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.914266][T11794] bridge_slave_0: left allmulticast mode [ 483.925278][T11794] bridge_slave_0: left promiscuous mode [ 483.960443][T11794] bridge0: port 1(bridge_slave_0) entered disabled state [ 484.387733][T11805] vivid-003: ================= START STATUS ================= [ 484.439819][T11805] vivid-003: Radio HW Seek Mode: Bounded [ 484.471688][T11805] vivid-003: Radio Programmable HW Seek: false [ 484.523785][T11805] vivid-003: RDS Rx I/O Mode: Block I/O [ 484.551249][T11805] vivid-003: Generate RBDS Instead of RDS: false [ 484.580024][T11805] vivid-003: RDS Reception: true [ 484.623356][T11805] vivid-003: RDS Program Type: 0 inactive [ 484.657201][T11805] vivid-003: RDS PS Name: inactive [ 484.678233][T11805] vivid-003: RDS Radio Text: inactive [ 484.706951][T11805] vivid-003: RDS Traffic Announcement: false inactive [ 484.740506][T11805] vivid-003: RDS Traffic Program: false inactive [ 484.771917][T11805] vivid-003: RDS Music: false inactive [ 484.801383][T11805] vivid-003: ================== END STATUS ================== [ 485.230567][T11820] ima: policy update failed [ 485.244480][ T30] audit: type=1802 audit(4294967526.377:11): pid=11820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1211" res=0 errno=0 [ 485.262433][T11818] Malformed UNC in devname [ 485.262433][T11818] [ 485.279476][T11818] CIFS: VFS: Malformed UNC in devname [ 486.749509][T11854] [U] [ 486.752486][T11854] [U] [ 486.755198][T11854] [U] [ 486.757913][T11854] [U] [ 486.791394][T11854] [U] [ 486.794154][T11854] [U] [ 486.796873][T11854] [U] [ 486.799591][T11854] [U] [ 486.883654][T11854] [U] [ 486.886429][T11854] [U] [ 486.889144][T11854] [U] [ 486.891862][T11854] [U] [ 486.946288][T11854] [U] [ 486.949068][T11854] [U] [ 486.951779][T11854] [U] [ 486.954482][T11854] [U] [ 487.000091][T11854] [U] [ 487.002866][T11854] [U] [ 487.005591][T11854] [U] [ 487.008312][T11854] [U] [ 487.049217][T11854] [U] [ 487.052003][T11854] [U] [ 487.054714][T11854] [U] [ 487.057428][T11854] [U] [ 487.153779][T11861] [U] [ 487.481193][T11877] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1223'. [ 487.692809][T11880] vivid-003: ================= START STATUS ================= [ 487.719297][T11880] vivid-003: Radio HW Seek Mode: Bounded [ 487.738212][T11880] vivid-003: Radio Programmable HW Seek: false [ 487.759643][T11880] vivid-003: RDS Rx I/O Mode: Block I/O [ 487.794100][T11880] vivid-003: Generate RBDS Instead of RDS: false [ 487.801858][T11883] qrtr: Invalid version 7 [ 487.838564][T11880] vivid-003: RDS Reception: true [ 487.887630][T11880] vivid-003: RDS Program Type: 0 inactive [ 487.936874][T11880] vivid-003: RDS PS Name: inactive [ 487.971795][T11880] vivid-003: RDS Radio Text: inactive [ 488.010707][T11880] vivid-003: RDS Traffic Announcement: false inactive [ 488.055926][T11880] vivid-003: RDS Traffic Program: false inactive [ 488.098385][T11880] vivid-003: RDS Music: false inactive [ 488.131793][T11880] vivid-003: ================== END STATUS ================== [ 488.356317][T11869] Process accounting resumed [ 489.415099][T11899] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1230'. [ 489.475564][T11901] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1230'. [ 490.165830][T11452] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 490.165865][T11452] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 490.180853][T11452] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 490.180904][T11452] Bluetooth: hci0: adv larger than maximum supported [ 490.188689][T11452] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 490.195410][T11452] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 490.204349][T11452] Bluetooth: hci0: Malformed LE Event: 0x0d [ 491.118990][T11922] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.1234'. [ 492.274259][T11944] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1240'. [ 493.156143][T11955] block2mtd: illegal erase size [ 493.680786][T11968] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1248'. [ 493.858716][T11968] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1248'. [ 495.198414][T11991] warning: `syz.1.1253' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 499.130511][T12022] netlink: 'syz.2.1259': attribute type 10 has an invalid length. [ 499.407981][T12030] FAULT_INJECTION: forcing a failure. [ 499.407981][T12030] name failslab, interval 1, probability 0, space 0, times 0 [ 499.468104][T12030] CPU: 1 UID: 0 PID: 12030 Comm: syz.2.1263 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 499.468136][T12030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 499.468149][T12030] Call Trace: [ 499.468156][T12030] [ 499.468164][T12030] dump_stack_lvl+0x16c/0x1f0 [ 499.468200][T12030] should_fail_ex+0x512/0x640 [ 499.468232][T12030] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 499.468276][T12030] should_failslab+0xc2/0x120 [ 499.468298][T12030] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 499.468332][T12030] ? sock_alloc_inode+0x25/0x1c0 [ 499.468358][T12030] ? __pfx_sock_alloc_inode+0x10/0x10 [ 499.468379][T12030] sock_alloc_inode+0x25/0x1c0 [ 499.468400][T12030] alloc_inode+0x61/0x240 [ 499.468423][T12030] sock_alloc+0x40/0x280 [ 499.468444][T12030] __sock_create+0xc1/0x8d0 [ 499.468473][T12030] __sys_socket+0x14d/0x260 [ 499.468498][T12030] ? __pfx___sys_socket+0x10/0x10 [ 499.468525][T12030] ? do_user_addr_fault+0x843/0x1370 [ 499.468560][T12030] __x64_sys_socket+0x72/0xb0 [ 499.468584][T12030] ? lockdep_hardirqs_on+0x7c/0x110 [ 499.468615][T12030] do_syscall_64+0xcd/0x490 [ 499.468649][T12030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.468671][T12030] RIP: 0033:0x7f8b90190847 [ 499.468687][T12030] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.468708][T12030] RSP: 002b:00007f8b8dff4fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 499.468728][T12030] RAX: ffffffffffffffda RBX: 00007f8b903b5fa0 RCX: 00007f8b90190847 [ 499.468742][T12030] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 499.468754][T12030] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 499.468767][T12030] R10: 0000200000000080 R11: 0000000000000286 R12: 0000000000000000 [ 499.468780][T12030] R13: 0000000000000000 R14: 00007f8b903b5fa0 R15: 00007ffe9d5bd108 [ 499.468805][T12030] [ 499.468815][T12030] socket: no more sockets [ 499.816263][T12025] platform regulatory.0: loading /lib/firmware/regulatory.db.p7s failed with error -4 [ 499.892062][T12025] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -4 [ 499.968453][T12025] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db.p7s [ 500.695905][T11452] Bluetooth: hci1: unexpected event 0x04 length: 504 > 10 [ 500.696160][T11452] Bluetooth: hci1: connection err: -111 [ 501.727216][T12073] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1269'. [ 505.463831][T12144] vivid-007: ================= START STATUS ================= [ 505.507619][T12144] vivid-007: Generate PTS: true [ 505.537337][T12144] vivid-007: Generate SCR: true [ 505.566073][T12144] tpg source WxH: 320x240 (Y'CbCr) [ 505.595730][T12144] tpg field: 1 [ 505.599175][T12144] tpg crop: (0,0)/320x240 [ 505.635903][T12144] tpg compose: (0,0)/320x240 [ 505.640613][T12144] tpg colorspace: 8 [ 505.644438][T12144] tpg transfer function: 0/0 [ 505.713043][T12144] tpg Y'CbCr encoding: 0/0 [ 505.747591][T12144] tpg quantization: 0/0 [ 505.761794][T12144] tpg RGB range: 0/2 [ 505.837392][T12144] vivid-007: ================== END STATUS ================== [ 506.069002][T12144] can: request_module (can-proto-3) failed. [ 507.119958][T12171] FAULT_INJECTION: forcing a failure. [ 507.119958][T12171] name failslab, interval 1, probability 0, space 0, times 0 [ 507.211101][T12171] CPU: 1 UID: 0 PID: 12171 Comm: syz.0.1290 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 507.211134][T12171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 507.211148][T12171] Call Trace: [ 507.211155][T12171] [ 507.211163][T12171] dump_stack_lvl+0x16c/0x1f0 [ 507.211202][T12171] should_fail_ex+0x512/0x640 [ 507.211236][T12171] ? fs_reclaim_acquire+0xae/0x150 [ 507.211264][T12171] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 507.211296][T12171] should_failslab+0xc2/0x120 [ 507.211318][T12171] __kmalloc_noprof+0xd2/0x510 [ 507.211358][T12171] tomoyo_realpath_from_path+0xc2/0x6e0 [ 507.211393][T12171] ? tomoyo_profile+0x47/0x60 [ 507.211419][T12171] tomoyo_path_number_perm+0x245/0x580 [ 507.211446][T12171] ? tomoyo_path_number_perm+0x237/0x580 [ 507.211476][T12171] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 507.211506][T12171] ? find_held_lock+0x2b/0x80 [ 507.211554][T12171] ? find_held_lock+0x2b/0x80 [ 507.211576][T12171] ? hook_file_ioctl_common+0x145/0x410 [ 507.211609][T12171] ? __fget_files+0x20e/0x3c0 [ 507.211654][T12171] security_file_ioctl+0x9b/0x240 [ 507.211684][T12171] __x64_sys_ioctl+0xb7/0x210 [ 507.211715][T12171] do_syscall_64+0xcd/0x490 [ 507.211753][T12171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.211776][T12171] RIP: 0033:0x7f6bc618e929 [ 507.211793][T12171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 507.211815][T12171] RSP: 002b:00007f6bc70a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 507.211836][T12171] RAX: ffffffffffffffda RBX: 00007f6bc63b5fa0 RCX: 00007f6bc618e929 [ 507.211850][T12171] RDX: 0000000000000000 RSI: 0000000040345410 RDI: 0000000000000003 [ 507.211863][T12171] RBP: 00007f6bc70a2090 R08: 0000000000000000 R09: 0000000000000000 [ 507.211877][T12171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 507.211890][T12171] R13: 0000000000000000 R14: 00007f6bc63b5fa0 R15: 00007ffd4bbb76c8 [ 507.211918][T12171] [ 507.211927][T12171] ERROR: Out of memory at tomoyo_realpath_from_path. [ 511.668423][T12247] cifs: Unknown parameter 'GTGfA]8¿RvJ.}u҃<`>S* [ 521.626379][T12440] dump_stack_lvl+0x16c/0x1f0 [ 521.626420][T12440] should_fail_ex+0x512/0x640 [ 521.626460][T12440] get_futex_key+0x1d0/0x1540 [ 521.626491][T12440] ? find_held_lock+0x2b/0x80 [ 521.626525][T12440] ? __pfx_get_futex_key+0x10/0x10 [ 521.626555][T12440] ? __mutex_trylock_common+0xe9/0x250 [ 521.626595][T12440] futex_wake+0xea/0x530 [ 521.626631][T12440] ? __pfx_futex_wake+0x10/0x10 [ 521.626662][T12440] ? __lock_acquire+0xb8a/0x1c90 [ 521.626705][T12440] do_futex+0x1e3/0x350 [ 521.626734][T12440] ? __pfx_do_futex+0x10/0x10 [ 521.626760][T12440] ? __might_fault+0xe3/0x190 [ 521.626803][T12440] mm_release+0x24e/0x300 [ 521.626842][T12440] do_exit+0x68b/0x2bd0 [ 521.626879][T12440] ? __pfx_do_exit+0x10/0x10 [ 521.626909][T12440] ? do_raw_spin_lock+0x12c/0x2b0 [ 521.626943][T12440] ? find_held_lock+0x2b/0x80 [ 521.626969][T12440] do_group_exit+0xd3/0x2a0 [ 521.627002][T12440] get_signal+0x2673/0x26d0 [ 521.627036][T12440] ? __pfx_get_signal+0x10/0x10 [ 521.627061][T12440] ? do_futex+0x122/0x350 [ 521.627089][T12440] ? __pfx_do_futex+0x10/0x10 [ 521.627119][T12440] arch_do_signal_or_restart+0x8f/0x790 [ 521.627147][T12440] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 521.627182][T12440] ? __pfx___x64_sys_clock_gettime+0x10/0x10 [ 521.627223][T12440] exit_to_user_mode_loop+0x84/0x110 [ 521.627259][T12440] do_syscall_64+0x3f6/0x490 [ 521.627296][T12440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 521.627319][T12440] RIP: 0033:0x7f6bc618e929 [ 521.627337][T12440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 521.627358][T12440] RSP: 002b:00007f6bc70a20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 521.627379][T12440] RAX: fffffffffffffe00 RBX: 00007f6bc63b5fa8 RCX: 00007f6bc618e929 [ 521.627394][T12440] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6bc63b5fa8 [ 521.627407][T12440] RBP: 00007f6bc63b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 521.627420][T12440] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6bc63b5fac [ 521.627433][T12440] R13: 0000000000000000 R14: 00007ffd4bbb75e0 R15: 00007ffd4bbb76c8 [ 521.627459][T12440] [ 523.087571][T12446] can: request_module (can-proto-4) failed. [ 523.747288][T12457] can: request_module (can-proto-3) failed. [ 527.577160][T11452] Bluetooth: hci2: unexpected event 0x1d length: 6 > 5 [ 529.792835][T12517] ima: policy update failed [ 529.927324][ T30] audit: type=1802 audit(4294967308.140:12): pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1370" res=0 errno=0 [ 532.102172][T12560] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1377'. [ 532.214326][T12569] Invalid ELF header magic: != ELF [ 533.438228][T12592] FAULT_INJECTION: forcing a failure. [ 533.438228][T12592] name failslab, interval 1, probability 0, space 0, times 0 [ 533.513789][T12592] CPU: 1 UID: 0 PID: 12592 Comm: syz.1.1382 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 533.513823][T12592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 533.513837][T12592] Call Trace: [ 533.513844][T12592] [ 533.513853][T12592] dump_stack_lvl+0x16c/0x1f0 [ 533.513893][T12592] should_fail_ex+0x512/0x640 [ 533.513929][T12592] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 533.513965][T12592] should_failslab+0xc2/0x120 [ 533.513988][T12592] __kmalloc_cache_noprof+0x6a/0x3e0 [ 533.514020][T12592] ? kstrdup_quotable_cmdline+0x52/0x210 [ 533.514053][T12592] kstrdup_quotable_cmdline+0x52/0x210 [ 533.514083][T12592] __report_access+0x4b/0x3c0 [ 533.514111][T12592] ? _raw_spin_unlock_irq+0x23/0x50 [ 533.514145][T12592] task_work_run+0x14d/0x240 [ 533.514184][T12592] ? __pfx_task_work_run+0x10/0x10 [ 533.514227][T12592] exit_to_user_mode_loop+0xeb/0x110 [ 533.514266][T12592] do_syscall_64+0x3f6/0x490 [ 533.514305][T12592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.514340][T12592] RIP: 0033:0x7fbaeff8e929 [ 533.514357][T12592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 533.514377][T12592] RSP: 002b:00007fbaf0ed3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 533.514398][T12592] RAX: ffffffffffffffff RBX: 00007fbaf01b5fa0 RCX: 00007fbaeff8e929 [ 533.514412][T12592] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000004206 [ 533.514424][T12592] RBP: 00007fbaf0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 533.514438][T12592] R10: 0000000000200005 R11: 0000000000000246 R12: 0000000000000000 [ 533.514450][T12592] R13: 0000000000000000 R14: 00007fbaf01b5fa0 R15: 00007ffcbff743b8 [ 533.514476][T12592] [ 533.514541][T12592] ptrace attach of "(null)"[5855] was attempted by "./syz-executor exec"[12592] [ 535.625041][T12626] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1391'. [ 536.425060][T12643] random: crng reseeded on system resumption [ 536.654460][T12650] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1395'. [ 536.698356][T12639] zswap: compressor not available [ 537.213523][T12648] zswap: compressor not available [ 539.637476][T12699] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1404'. [ 540.137852][ T30] audit: type=1800 audit(4294967318.350:13): pid=12706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1407" name="features" dev="configfs" ino=37770 res=0 errno=0 [ 540.438302][T12715] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1410'. [ 542.904488][T12771] FAULT_INJECTION: forcing a failure. [ 542.904488][T12771] name fail_futex, interval 1, probability 0, space 0, times 0 [ 543.007890][T12773] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1421'. [ 543.020199][T12771] CPU: 1 UID: 0 PID: 12771 Comm: syz.0.1422 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 543.020232][T12771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 543.020247][T12771] Call Trace: [ 543.020254][T12771] [ 543.020262][T12771] dump_stack_lvl+0x16c/0x1f0 [ 543.020302][T12771] should_fail_ex+0x512/0x640 [ 543.020342][T12771] get_futex_key+0x1d0/0x1540 [ 543.020375][T12771] ? __pfx_get_futex_key+0x10/0x10 [ 543.020413][T12771] futex_wake+0xea/0x530 [ 543.020450][T12771] ? __pfx_futex_wake+0x10/0x10 [ 543.020484][T12771] ? rcu_is_watching+0x12/0xc0 [ 543.020520][T12771] do_futex+0x1e3/0x350 [ 543.020551][T12771] ? __pfx_do_futex+0x10/0x10 [ 543.020582][T12771] ? __pfx___might_resched+0x10/0x10 [ 543.020612][T12771] __x64_sys_futex+0x1e0/0x4c0 [ 543.020644][T12771] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 543.020676][T12771] ? __pfx___x64_sys_futex+0x10/0x10 [ 543.020707][T12771] ? __pfx___do_sys_close_range+0x10/0x10 [ 543.020758][T12771] do_syscall_64+0xcd/0x490 [ 543.020797][T12771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.020821][T12771] RIP: 0033:0x7f6bc618e929 [ 543.020840][T12771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 543.020862][T12771] RSP: 002b:00007f6bc70a20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 543.020884][T12771] RAX: ffffffffffffffda RBX: 00007f6bc63b5fa8 RCX: 00007f6bc618e929 [ 543.020912][T12771] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6bc63b5fac [ 543.020926][T12771] RBP: 00007f6bc63b5fa0 R08: 00007f6bc70a3000 R09: 0000000000000000 [ 543.020940][T12771] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6bc63b5fac [ 543.020953][T12771] R13: 0000000000000000 R14: 00007ffd4bbb75e0 R15: 00007ffd4bbb76c8 [ 543.020992][T12771] [ 543.614954][T12781] FAULT_INJECTION: forcing a failure. [ 543.614954][T12781] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 543.676072][T12781] CPU: 1 UID: 0 PID: 12781 Comm: syz.2.1424 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 543.676106][T12781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 543.676120][T12781] Call Trace: [ 543.676128][T12781] [ 543.676137][T12781] dump_stack_lvl+0x16c/0x1f0 [ 543.676178][T12781] should_fail_ex+0x512/0x640 [ 543.676218][T12781] _copy_from_user+0x2e/0xd0 [ 543.676241][T12781] get_timespec64+0x8b/0x1b0 [ 543.676271][T12781] ? __pfx_get_timespec64+0x10/0x10 [ 543.676299][T12781] ? ktime_get+0x200/0x310 [ 543.676333][T12781] __x64_sys_futex+0x288/0x4c0 [ 543.676367][T12781] ? __pfx___x64_sys_futex+0x10/0x10 [ 543.676397][T12781] ? xfd_validate_state+0x61/0x180 [ 543.676438][T12781] do_syscall_64+0xcd/0x490 [ 543.676476][T12781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.676500][T12781] RIP: 0033:0x7f8b9018e929 [ 543.676518][T12781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 543.676541][T12781] RSP: 002b:00007ffe9d5bd268 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 543.676563][T12781] RAX: ffffffffffffffda RBX: 0000000000084b51 RCX: 00007f8b9018e929 [ 543.676579][T12781] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8b903b5fac [ 543.676593][T12781] RBP: 0000000000000032 R08: 00007f8b90efd000 R09: 000000199d5bd55f [ 543.676607][T12781] R10: 00007ffe9d5bd360 R11: 0000000000000246 R12: 00007f8b903b5fac [ 543.676622][T12781] R13: 00007ffe9d5bd360 R14: 0000000000084b83 R15: 00007ffe9d5bd380 [ 543.676650][T12781] [ 545.096093][T12777] Process accounting resumed [ 546.127456][T12821] bridge0: port 3(team0) entered blocking state [ 546.156948][T12821] bridge0: port 3(team0) entered disabled state [ 546.176322][T12819] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1433'. [ 546.205946][T12821] team0: entered allmulticast mode [ 546.211167][T12821] team_slave_0: entered allmulticast mode [ 546.245776][T12821] team_slave_1: entered allmulticast mode [ 546.261375][T12821] team0: entered promiscuous mode [ 546.295750][T12821] team_slave_0: entered promiscuous mode [ 546.322611][T12821] team_slave_1: entered promiscuous mode [ 546.352874][T12821] bridge0: port 3(team0) entered blocking state [ 546.359387][T12821] bridge0: port 3(team0) entered listening state [ 547.806726][T12851] FAULT_INJECTION: forcing a failure. [ 547.806726][T12851] name fail_futex, interval 1, probability 0, space 0, times 0 [ 547.874888][T12851] CPU: 1 UID: 0 PID: 12851 Comm: syz.2.1439 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 547.874931][T12851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 547.874949][T12851] Call Trace: [ 547.874956][T12851] [ 547.874965][T12851] dump_stack_lvl+0x16c/0x1f0 [ 547.875001][T12851] should_fail_ex+0x512/0x640 [ 547.875039][T12851] get_futex_key+0x1d0/0x1540 [ 547.875067][T12851] ? __pfx_do_wp_page+0x10/0x10 [ 547.875092][T12851] ? __pfx_get_futex_key+0x10/0x10 [ 547.875118][T12851] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 547.875160][T12851] futex_wake+0xea/0x530 [ 547.875188][T12851] ? __handle_mm_fault+0x60d/0x5490 [ 547.875221][T12851] ? __pfx_futex_wake+0x10/0x10 [ 547.875284][T12851] do_futex+0x1e3/0x350 [ 547.875314][T12851] ? __pfx_do_futex+0x10/0x10 [ 547.875351][T12851] ? find_held_lock+0x2b/0x80 [ 547.875376][T12851] ? handle_mm_fault+0x2ab/0xd10 [ 547.875410][T12851] __x64_sys_futex+0x1e0/0x4c0 [ 547.875441][T12851] ? exc_page_fault+0x5c/0xb0 [ 547.875474][T12851] ? __pfx___x64_sys_futex+0x10/0x10 [ 547.875515][T12851] do_syscall_64+0xcd/0x490 [ 547.875553][T12851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.875580][T12851] RIP: 0033:0x7f8b9018e929 [ 547.875598][T12851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 547.875621][T12851] RSP: 002b:00007f8b8dff60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 547.875661][T12851] RAX: ffffffffffffffda RBX: 00007f8b903b5fa8 RCX: 00007f8b9018e929 [ 547.875677][T12851] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8b903b5fac [ 547.875692][T12851] RBP: 00007f8b903b5fa0 R08: 00007f8b90efd000 R09: 0000000000000000 [ 547.875707][T12851] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f8b903b5fac [ 547.875721][T12851] R13: 0000000000000000 R14: 00007ffe9d5bd020 R15: 00007ffe9d5bd108 [ 547.875750][T12851] [ 548.428362][T12861] netlink: 'syz.0.1441': attribute type 11 has an invalid length. [ 548.657861][T12863] FAULT_INJECTION: forcing a failure. [ 548.657861][T12863] name failslab, interval 1, probability 0, space 0, times 0 [ 548.705546][T12863] CPU: 1 UID: 0 PID: 12863 Comm: syz.0.1442 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 548.705585][T12863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 548.705617][T12863] Call Trace: [ 548.705624][T12863] [ 548.705633][T12863] dump_stack_lvl+0x16c/0x1f0 [ 548.705696][T12863] should_fail_ex+0x512/0x640 [ 548.705732][T12863] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 548.705774][T12863] should_failslab+0xc2/0x120 [ 548.705798][T12863] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 548.705835][T12863] ? do_raw_spin_lock+0x12c/0x2b0 [ 548.705874][T12863] ? ptlock_alloc+0x1f/0x70 [ 548.705912][T12863] ptlock_alloc+0x1f/0x70 [ 548.705944][T12863] pte_alloc_one+0x82/0x3a0 [ 548.705966][T12863] __do_fault+0x320/0x490 [ 548.706005][T12863] ? __pfx_filemap_map_pages+0x10/0x10 [ 548.706046][T12863] __handle_mm_fault+0x374c/0x5490 [ 548.706088][T12863] ? __pfx___handle_mm_fault+0x10/0x10 [ 548.706120][T12863] ? __pfx_mt_find+0x10/0x10 [ 548.706159][T12863] ? find_vma+0xbf/0x140 [ 548.706184][T12863] ? __pfx_find_vma+0x10/0x10 [ 548.706213][T12863] handle_mm_fault+0x589/0xd10 [ 548.706248][T12863] ? __pkru_allows_pkey+0x41/0xb0 [ 548.706284][T12863] do_user_addr_fault+0x7a6/0x1370 [ 548.706322][T12863] ? rcu_is_watching+0x12/0xc0 [ 548.706363][T12863] exc_page_fault+0x5c/0xb0 [ 548.706400][T12863] asm_exc_page_fault+0x26/0x30 [ 548.706424][T12863] RIP: 0010:rep_movs_alternative+0x33/0x90 [ 548.706454][T12863] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb [ 548.706478][T12863] RSP: 0018:ffffc9000f12fdd0 EFLAGS: 00050212 [ 548.706497][T12863] RAX: 0000000000000224 RBX: 0000000000000010 RCX: 0000000000000010 [ 548.706512][T12863] RDX: fffff52001e25fc8 RSI: ffffc9000f12fe30 RDI: 0000000000000000 [ 548.706527][T12863] RBP: 0000000000000000 R08: 0000000000000000 R09: fffff52001e25fc7 [ 548.706542][T12863] R10: ffffc9000f12fe3f R11: 0000000000000044 R12: ffffc9000f12fe30 [ 548.706557][T12863] R13: 0000000000000010 R14: 00007ffffffff000 R15: 0000000000000000 [ 548.706586][T12863] _copy_to_user+0xbb/0xd0 [ 548.706612][T12863] put_timespec64+0xb5/0x120 [ 548.706643][T12863] ? __pfx_put_timespec64+0x10/0x10 [ 548.706674][T12863] ? __x64_sys_futex+0x1e9/0x4c0 [ 548.706710][T12863] __x64_sys_clock_gettime+0x1d3/0x270 [ 548.706761][T12863] ? __pfx___x64_sys_clock_gettime+0x10/0x10 [ 548.706803][T12863] ? rcu_is_watching+0x12/0xc0 [ 548.706830][T12863] do_syscall_64+0xcd/0x490 [ 548.706878][T12863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.706900][T12863] RIP: 0033:0x7f6bc618e929 [ 548.706918][T12863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.706938][T12863] RSP: 002b:00007f6bc70a2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4 [ 548.706957][T12863] RAX: ffffffffffffffda RBX: 00007f6bc63b5fa0 RCX: 00007f6bc618e929 [ 548.706971][T12863] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 548.706984][T12863] RBP: 00007f6bc6210b39 R08: 0000000000000000 R09: 0000000000000000 [ 548.706997][T12863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 548.707010][T12863] R13: 0000000000000000 R14: 00007f6bc63b5fa0 R15: 00007ffd4bbb76c8 [ 548.707037][T12863] [ 549.036641][T12823] ptm ptm77: ldisc open failed (-12), clearing slot 77 [ 549.677157][T12865] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1443'. [ 550.673184][T12835] kexec: Could not allocate control_code_buffer [ 550.744031][T11452] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 551.828461][T12896] FAULT_INJECTION: forcing a failure. [ 551.828461][T12896] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 551.872978][T12896] CPU: 1 UID: 0 PID: 12896 Comm: syz.1.1451 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 551.873014][T12896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 551.873029][T12896] Call Trace: [ 551.873036][T12896] [ 551.873052][T12896] dump_stack_lvl+0x16c/0x1f0 [ 551.873093][T12896] should_fail_ex+0x512/0x640 [ 551.873133][T12896] _copy_from_user+0x2e/0xd0 [ 551.873156][T12896] load_msg+0x253/0x4a0 [ 551.873194][T12896] do_msgrcv+0x202/0x16c0 [ 551.873212][T12896] ? do_futex+0x122/0x350 [ 551.873241][T12896] ? __pfx_do_msg_fill+0x10/0x10 [ 551.873276][T12896] ? __fget_files+0x204/0x3c0 [ 551.873314][T12896] ? __pfx_do_msgrcv+0x10/0x10 [ 551.873332][T12896] ? __x64_sys_futex+0x1e0/0x4c0 [ 551.873367][T12896] ? xfd_validate_state+0x61/0x180 [ 551.873397][T12896] ? __sys_setsockopt+0x140/0x1a0 [ 551.873438][T12896] ? do_syscall_64+0xcd/0x490 [ 551.873472][T12896] do_syscall_64+0xcd/0x490 [ 551.873509][T12896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.873532][T12896] RIP: 0033:0x7fbaeff8e929 [ 551.873550][T12896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 551.873572][T12896] RSP: 002b:00007fbaf0ed3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000046 [ 551.873593][T12896] RAX: ffffffffffffffda RBX: 00007fbaf01b5fa0 RCX: 00007fbaeff8e929 [ 551.873608][T12896] RDX: 0000002400000000 RSI: 0000000000000000 RDI: 00000000000000ff [ 551.873622][T12896] RBP: 00007fbaf0010b39 R08: 000000006bc2cc7d R09: 0000000000000000 [ 551.873636][T12896] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 551.873649][T12896] R13: 0000000000000000 R14: 00007fbaf01b5fa0 R15: 00007ffcbff743b8 [ 551.873676][T12896] [ 553.335261][T12915] dyndbg: expected <4096 bytes into control [ 555.026833][T12937] program syz.0.1460 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 555.416546][T12943] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 555.615839][T12946] ptrace attach of ""[12947] was attempted by "./syz-executor exec"[12946] [ 556.342174][T12937] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 556.415216][T12937] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 556.495042][T12937] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 556.525376][T12937] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 556.871119][T12937] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 556.926354][T12937] CPU0 is offline. [ 557.347045][T12964] FAULT_INJECTION: forcing a failure. [ 557.347045][T12964] name failslab, interval 1, probability 0, space 0, times 0 [ 557.428651][T12964] CPU: 1 UID: 0 PID: 12964 Comm: syz.2.1465 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 557.428684][T12964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 557.428698][T12964] Call Trace: [ 557.428705][T12964] [ 557.428713][T12964] dump_stack_lvl+0x16c/0x1f0 [ 557.428751][T12964] should_fail_ex+0x512/0x640 [ 557.428783][T12964] ? __kvmalloc_node_noprof+0x124/0x620 [ 557.428817][T12964] should_failslab+0xc2/0x120 [ 557.428839][T12964] __kvmalloc_node_noprof+0x137/0x620 [ 557.428871][T12964] ? sbitmap_init_node+0x1ca/0x770 [ 557.428899][T12964] ? sbitmap_init_node+0x1ca/0x770 [ 557.428921][T12964] sbitmap_init_node+0x1ca/0x770 [ 557.428949][T12964] sbitmap_queue_init_node+0x41/0x560 [ 557.428978][T12964] blk_mq_init_tags+0x12d/0x2b0 [ 557.429014][T12964] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 557.429047][T12964] ? blk_mq_map_queues+0x211/0x410 [ 557.429076][T12964] __blk_mq_alloc_map_and_rqs+0x128/0x1f0 [ 557.429110][T12964] blk_mq_alloc_tag_set+0x778/0x1260 [ 557.429149][T12964] loop_add+0x3b9/0xb70 [ 557.429174][T12964] ? do_vfs_ioctl+0x523/0x1a60 [ 557.429199][T12964] ? __pfx_loop_add+0x10/0x10 [ 557.429222][T12964] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 557.429264][T12964] ? find_held_lock+0x2b/0x80 [ 557.429290][T12964] loop_control_ioctl+0x13e/0x630 [ 557.429316][T12964] ? __pfx_loop_control_ioctl+0x10/0x10 [ 557.429346][T12964] ? __pfx_loop_control_ioctl+0x10/0x10 [ 557.429373][T12964] __x64_sys_ioctl+0x18e/0x210 [ 557.429401][T12964] do_syscall_64+0xcd/0x490 [ 557.429436][T12964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.429458][T12964] RIP: 0033:0x7f8b9018e929 [ 557.429474][T12964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 557.429496][T12964] RSP: 002b:00007f8b8dff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 557.429516][T12964] RAX: ffffffffffffffda RBX: 00007f8b903b5fa0 RCX: 00007f8b9018e929 [ 557.429530][T12964] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 557.429543][T12964] RBP: 00007f8b90210b39 R08: 0000000000000000 R09: 0000000000000000 [ 557.429556][T12964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 557.429568][T12964] R13: 0000000000000000 R14: 00007f8b903b5fa0 R15: 00007ffe9d5bd108 [ 557.429599][T12964] [ 557.430154][T12964] blk-mq: reduced tag depth (128 -> 64) [ 557.686563][T11452] Bluetooth: hci1: command 0x0c1a tx timeout [ 557.857589][T12974] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1467'. [ 557.933431][T12977] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1467'. [ 558.445026][T11452] Bluetooth: hci0: command 0x0c1a tx timeout [ 558.513763][T11452] Bluetooth: hci2: command 0x0c1a tx timeout [ 558.909492][T11452] Bluetooth: hci3: command 0x0c1a tx timeout [ 558.995370][T12989] ptrace attach of "./syz-executor exec"[12990] was attempted by "./syz-executor exec"[12989] [ 560.587154][T11452] Bluetooth: hci2: command 0x0c1a tx timeout [ 561.947491][ C1] bridge0: port 3(team0) entered learning state [ 562.286116][T13025] FAULT_INJECTION: forcing a failure. [ 562.286116][T13025] name failslab, interval 1, probability 0, space 0, times 0 [ 562.437902][T13025] CPU: 1 UID: 0 PID: 13025 Comm: syz.1.1478 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 562.437935][T13025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 562.437948][T13025] Call Trace: [ 562.437955][T13025] [ 562.437963][T13025] dump_stack_lvl+0x16c/0x1f0 [ 562.438001][T13025] should_fail_ex+0x512/0x640 [ 562.438033][T13025] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 562.438067][T13025] should_failslab+0xc2/0x120 [ 562.438090][T13025] __kmalloc_cache_noprof+0x6a/0x3e0 [ 562.438121][T13025] ? ima_calc_file_hash_tfm+0x231/0x350 [ 562.438146][T13025] ima_calc_file_hash_tfm+0x231/0x350 [ 562.438209][T13025] ? __pfx_ima_calc_file_hash_tfm+0x10/0x10 [ 562.438283][T13025] ? stack_trace_save+0x8e/0xc0 [ 562.438314][T13025] ? ima_alloc_tfm+0x21a/0x2e0 [ 562.438351][T13025] ? generic_fillattr+0x6bf/0x940 [ 562.438379][T13025] ima_calc_file_hash+0x1ba/0x490 [ 562.438406][T13025] ima_collect_measurement+0x897/0xa40 [ 562.438440][T13025] ? __pfx_ima_collect_measurement+0x10/0x10 [ 562.438485][T13025] ? __mutex_lock+0x1ca/0xb90 [ 562.438520][T13025] ? is_bad_inode+0xd/0x40 [ 562.438549][T13025] ? xattr_resolve_name+0x27b/0x3f0 [ 562.438586][T13025] ? vfs_getxattr_alloc+0xec/0x340 [ 562.438626][T13025] ? ima_get_hash_algo+0x27c/0x400 [ 562.438660][T13025] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 562.438701][T13025] ? process_measurement+0x11fa/0x23e0 [ 562.438737][T13025] process_measurement+0x11fa/0x23e0 [ 562.438784][T13025] ? __pfx_process_measurement+0x10/0x10 [ 562.438825][T13025] ? alloc_empty_file+0x73/0x1e0 [ 562.438850][T13025] ? hugetlb_file_setup+0x4cd/0x620 [ 562.438876][T13025] ? ksys_mmap_pgoff+0x189/0x5c0 [ 562.438901][T13025] ? __x64_sys_mmap+0x125/0x190 [ 562.438980][T13025] ima_file_mmap+0x1b1/0x1d0 [ 562.439017][T13025] ? __pfx_ima_file_mmap+0x10/0x10 [ 562.439061][T13025] security_mmap_file+0x88c/0x990 [ 562.439096][T13025] vm_mmap_pgoff+0xec/0x450 [ 562.439125][T13025] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 562.439148][T13025] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 562.439182][T13025] ? hugetlbfs_get_inode+0x31f/0x730 [ 562.439217][T13025] ksys_mmap_pgoff+0x1c8/0x5c0 [ 562.439249][T13025] __x64_sys_mmap+0x125/0x190 [ 562.439299][T13025] do_syscall_64+0xcd/0x490 [ 562.439338][T13025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.439361][T13025] RIP: 0033:0x7fbaeff8e929 [ 562.439380][T13025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 562.439402][T13025] RSP: 002b:00007fbaf0ed3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 562.439435][T13025] RAX: ffffffffffffffda RBX: 00007fbaf01b5fa0 RCX: 00007fbaeff8e929 [ 562.439449][T13025] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 562.439462][T13025] RBP: 00007fbaf0010b39 R08: 0000000000000401 R09: 0000300000000000 [ 562.439475][T13025] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 562.439488][T13025] R13: 0000000000000000 R14: 00007fbaf01b5fa0 R15: 00007ffcbff743b8 [ 562.439514][T13025] [ 563.207476][ T30] audit: type=1800 audit(4294967340.960:14): pid=13025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1478" name="anon_hugepage" dev="hugetlbfs" ino=39250 res=0 errno=0 [ 564.141361][T13054] FAULT_INJECTION: forcing a failure. [ 564.141361][T13054] name failslab, interval 1, probability 0, space 0, times 0 [ 564.299178][T13054] CPU: 1 UID: 0 PID: 13054 Comm: syz.1.1487 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 564.299212][T13054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 564.299226][T13054] Call Trace: [ 564.299245][T13054] [ 564.299253][T13054] dump_stack_lvl+0x16c/0x1f0 [ 564.299289][T13054] should_fail_ex+0x512/0x640 [ 564.299321][T13054] ? fs_reclaim_acquire+0xae/0x150 [ 564.299349][T13054] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 564.299380][T13054] should_failslab+0xc2/0x120 [ 564.299401][T13054] __kmalloc_noprof+0xd2/0x510 [ 564.299439][T13054] tomoyo_realpath_from_path+0xc2/0x6e0 [ 564.299473][T13054] ? tomoyo_profile+0x47/0x60 [ 564.299495][T13054] tomoyo_path_number_perm+0x245/0x580 [ 564.299519][T13054] ? tomoyo_path_number_perm+0x237/0x580 [ 564.299558][T13054] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 564.299584][T13054] ? find_held_lock+0x2b/0x80 [ 564.299626][T13054] ? find_held_lock+0x2b/0x80 [ 564.299646][T13054] ? hook_file_ioctl_common+0x145/0x410 [ 564.299674][T13054] ? __fget_files+0x20e/0x3c0 [ 564.299707][T13054] security_file_ioctl+0x9b/0x240 [ 564.299733][T13054] __x64_sys_ioctl+0xb7/0x210 [ 564.299760][T13054] do_syscall_64+0xcd/0x490 [ 564.299793][T13054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.299813][T13054] RIP: 0033:0x7fbaeff8e929 [ 564.299828][T13054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 564.299847][T13054] RSP: 002b:00007fbaf0ed3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 564.299865][T13054] RAX: ffffffffffffffda RBX: 00007fbaf01b5fa0 RCX: 00007fbaeff8e929 [ 564.299878][T13054] RDX: 0000000000000000 RSI: 0000000040345410 RDI: 0000000000000003 [ 564.299890][T13054] RBP: 00007fbaf0ed3090 R08: 0000000000000000 R09: 0000000000000000 [ 564.299902][T13054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 564.299913][T13054] R13: 0000000000000000 R14: 00007fbaf01b5fa0 R15: 00007ffcbff743b8 [ 564.299937][T13054] [ 564.299945][T13054] ERROR: Out of memory at tomoyo_realpath_from_path. [ 564.894786][T13067] ptrace attach of "./syz-executor exec"[13070] was attempted by "./syz-executor exec"[13067] [ 565.381751][T13077] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1492'. [ 565.466222][T13063] openvswitch: netlink: Key 2 has unexpected len 5392 expected 4 [ 565.527595][T13076] hub 8-0:1.0: USB hub found [ 565.580794][T13076] hub 8-0:1.0: 1 port detected [ 565.607550][T13082] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1492'. [ 569.779758][T13149] random: crng reseeded on system resumption [ 571.461861][T13173] vhci_hcd: invalid port number 16 [ 571.496538][T13173] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 573.456088][T13221] FAULT_INJECTION: forcing a failure. [ 573.456088][T13221] name failslab, interval 1, probability 0, space 0, times 0 [ 573.489770][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 573.496483][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 573.541905][T13221] CPU: 1 UID: 0 PID: 13221 Comm: syz.1.1523 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 573.541939][T13221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 573.541953][T13221] Call Trace: [ 573.541961][T13221] [ 573.541970][T13221] dump_stack_lvl+0x16c/0x1f0 [ 573.542009][T13221] should_fail_ex+0x512/0x640 [ 573.542047][T13221] ? __kmalloc_noprof+0xbf/0x510 [ 573.542083][T13221] ? usb_hcd_submit_urb+0x5cf/0x1c60 [ 573.542103][T13221] should_failslab+0xc2/0x120 [ 573.542126][T13221] __kmalloc_noprof+0xd2/0x510 [ 573.542161][T13221] ? mark_held_locks+0x49/0x80 [ 573.542191][T13221] ? _raw_spin_unlock_irq+0x23/0x50 [ 573.542224][T13221] usb_hcd_submit_urb+0x5cf/0x1c60 [ 573.542253][T13221] usb_submit_urb+0x87c/0x1790 [ 573.542280][T13221] ? lockdep_init_map_type+0xe3/0x280 [ 573.542330][T13221] ? __init_swait_queue_head+0xca/0x150 [ 573.542354][T13221] usb_start_wait_urb+0x104/0x4b0 [ 573.542380][T13221] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 573.542413][T13221] ? __asan_memset+0x23/0x50 [ 573.542445][T13221] usb_control_msg+0x326/0x4a0 [ 573.542471][T13221] ? __pfx_usb_control_msg+0x10/0x10 [ 573.542503][T13221] hub_ext_port_status+0x14e/0x670 [ 573.542534][T13221] hub_activate+0x6e5/0x1d60 [ 573.542567][T13221] ? __pfx_hub_activate+0x10/0x10 [ 573.542589][T13221] ? find_held_lock+0x2b/0x80 [ 573.542610][T13221] ? proc_do_submiturb+0xb70/0x3b00 [ 573.542632][T13221] ? usbfs_notify_resume+0x25/0xf0 [ 573.542660][T13221] hub_resume+0xa8/0x3f0 [ 573.542684][T13221] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 573.542718][T13221] ? __pfx_hub_resume+0x10/0x10 [ 573.542742][T13221] ? __pfx_hcd_bus_resume+0x10/0x10 [ 573.542768][T13221] usb_resume_interface.constprop.0.isra.0+0x2c2/0x3e0 [ 573.542804][T13221] usb_resume_both+0x273/0x800 [ 573.542856][T13221] ? __pfx_usb_resume_both+0x10/0x10 [ 573.542891][T13221] ? __pfx_usb_runtime_resume+0x10/0x10 [ 573.542914][T13221] ? __pfx_usb_runtime_resume+0x10/0x10 [ 573.542935][T13221] __rpm_callback+0xc8/0x610 [ 573.542972][T13221] ? __pfx_usb_runtime_resume+0x10/0x10 [ 573.542994][T13221] rpm_callback+0x1b7/0x200 [ 573.543028][T13221] ? __pfx_usb_runtime_resume+0x10/0x10 [ 573.543048][T13221] rpm_resume+0xd0a/0x1310 [ 573.543090][T13221] ? __pfx_rpm_resume+0x10/0x10 [ 573.543122][T13221] ? do_raw_spin_lock+0x12c/0x2b0 [ 573.543158][T13221] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 573.543205][T13221] __pm_runtime_resume+0xb6/0x170 [ 573.543227][T13221] usb_autoresume_device+0x23/0xe0 [ 573.543265][T13221] usbdev_open+0x228/0x8b0 [ 573.543287][T13221] ? kobject_get_unless_zero+0x156/0x1e0 [ 573.543313][T13221] ? __pfx_usbdev_open+0x10/0x10 [ 573.543334][T13221] ? chrdev_open+0x10b/0x6a0 [ 573.543359][T13221] ? __pfx_usbdev_open+0x10/0x10 [ 573.543379][T13221] chrdev_open+0x234/0x6a0 [ 573.543399][T13221] ? __pfx_apparmor_file_open+0x10/0x10 [ 573.543430][T13221] ? __pfx_chrdev_open+0x10/0x10 [ 573.543453][T13221] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 573.543509][T13221] do_dentry_open+0x741/0x1c10 [ 573.543546][T13221] ? __pfx_chrdev_open+0x10/0x10 [ 573.543574][T13221] vfs_open+0x82/0x3f0 [ 573.543604][T13221] path_openat+0x1de4/0x2cb0 [ 573.543648][T13221] ? __pfx_path_openat+0x10/0x10 [ 573.543685][T13221] ? __lock_acquire+0xb8a/0x1c90 [ 573.543720][T13221] do_filp_open+0x20b/0x470 [ 573.543755][T13221] ? __pfx_do_filp_open+0x10/0x10 [ 573.543811][T13221] ? alloc_fd+0x471/0x7d0 [ 573.543852][T13221] do_sys_openat2+0x11b/0x1d0 [ 573.543879][T13221] ? __pfx_do_sys_openat2+0x10/0x10 [ 573.543918][T13221] __x64_sys_openat+0x174/0x210 [ 573.543946][T13221] ? __pfx___x64_sys_openat+0x10/0x10 [ 573.543986][T13221] do_syscall_64+0xcd/0x490 [ 573.544024][T13221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.544048][T13221] RIP: 0033:0x7fbaeff8e929 [ 573.544066][T13221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 573.544088][T13221] RSP: 002b:00007fbaf0ed3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 573.544122][T13221] RAX: ffffffffffffffda RBX: 00007fbaf01b5fa0 RCX: 00007fbaeff8e929 [ 573.544136][T13221] RDX: 0000000000040402 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 573.544150][T13221] RBP: 00007fbaf0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 573.544163][T13221] R10: 000000000000ecff R11: 0000000000000246 R12: 0000000000000000 [ 573.544176][T13221] R13: 0000000000000000 R14: 00007fbaf01b5fa0 R15: 00007ffcbff743b8 [ 573.544203][T13221] [ 574.546017][T13221] hub 37-0:1.0: hub_ext_port_status failed (err = -12) [ 574.756519][T13230] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[13230] [ 575.729989][T13204] HfR: entered promiscuous mode [ 575.858407][T13241] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1529'. [ 575.909378][T13241] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1529'. [ 576.082337][T13199] Process accounting paused [ 576.561299][T12853] udevd[12853]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 576.609307][T13256] udevd[13256]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 577.305677][ C1] bridge0: port 3(team0) entered forwarding state [ 577.312192][ C1] bridge0: topology change detected, propagating [ 577.396367][T13266] FAULT_INJECTION: forcing a failure. [ 577.396367][T13266] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 577.503324][T13266] CPU: 1 UID: 0 PID: 13266 Comm: syz.2.1532 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 577.503359][T13266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 577.503373][T13266] Call Trace: [ 577.503380][T13266] [ 577.503389][T13266] dump_stack_lvl+0x16c/0x1f0 [ 577.503429][T13266] should_fail_ex+0x512/0x640 [ 577.503468][T13266] _copy_to_user+0x32/0xd0 [ 577.503491][T13266] simple_read_from_buffer+0xcb/0x170 [ 577.503525][T13266] proc_fail_nth_read+0x197/0x270 [ 577.503554][T13266] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 577.503584][T13266] ? rw_verify_area+0xcf/0x680 [ 577.503614][T13266] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 577.503642][T13266] vfs_read+0x1e1/0xc60 [ 577.503678][T13266] ? __pfx___mutex_lock+0x10/0x10 [ 577.503714][T13266] ? __pfx_vfs_read+0x10/0x10 [ 577.503755][T13266] ? __fget_files+0x20e/0x3c0 [ 577.503795][T13266] ksys_read+0x12a/0x250 [ 577.503828][T13266] ? __pfx_ksys_read+0x10/0x10 [ 577.503861][T13266] ? fput+0x70/0xf0 [ 577.503888][T13266] do_syscall_64+0xcd/0x490 [ 577.503927][T13266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.503957][T13266] RIP: 0033:0x7f8b9018d33c [ 577.503974][T13266] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 577.503996][T13266] RSP: 002b:00007f8b8dff6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 577.504018][T13266] RAX: ffffffffffffffda RBX: 00007f8b903b5fa0 RCX: 00007f8b9018d33c [ 577.504033][T13266] RDX: 000000000000000f RSI: 00007f8b8dff60a0 RDI: 0000000000000003 [ 577.504046][T13266] RBP: 00007f8b8dff6090 R08: 0000000000000000 R09: 0000000000000000 [ 577.504061][T13266] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 577.504074][T13266] R13: 0000000000000000 R14: 00007f8b903b5fa0 R15: 00007ffe9d5bd108 [ 577.504102][T13266] [ 578.859401][T13285] FAULT_INJECTION: forcing a failure. [ 578.859401][T13285] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 578.966409][T13285] CPU: 1 UID: 0 PID: 13285 Comm: syz.2.1538 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 578.966445][T13285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 578.966459][T13285] Call Trace: [ 578.966467][T13285] [ 578.966476][T13285] dump_stack_lvl+0x16c/0x1f0 [ 578.966518][T13285] should_fail_ex+0x512/0x640 [ 578.966560][T13285] should_fail_alloc_page+0xe7/0x130 [ 578.966587][T13285] prepare_alloc_pages+0x3c2/0x610 [ 578.966622][T13285] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 578.966663][T13285] ? find_held_lock+0x2b/0x80 [ 578.966690][T13285] ? page_table_check_set+0x627/0x750 [ 578.966718][T13285] ? page_table_check_set+0x631/0x750 [ 578.966740][T13285] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 578.966793][T13285] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 578.966845][T13285] ? const_folio_flags+0x5b/0x100 [ 578.966875][T13285] ? const_folio_flags+0x5b/0x100 [ 578.966904][T13285] ? folio_remove_rmap_pmd+0x2eb/0x7d0 [ 578.966938][T13285] ? split_huge_pmd_locked+0x731/0x3b20 [ 578.966966][T13285] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 578.967002][T13285] ? policy_nodemask+0xea/0x4e0 [ 578.967026][T13285] alloc_pages_mpol+0x1fb/0x550 [ 578.967049][T13285] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 578.967071][T13285] ? __split_huge_pmd+0x203/0x350 [ 578.967103][T13285] folio_alloc_mpol_noprof+0x36/0x2f0 [ 578.967131][T13285] vma_alloc_folio_noprof+0xed/0x1e0 [ 578.967156][T13285] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 578.967183][T13285] ? rcu_read_unlock+0x2d/0xb0 [ 578.967220][T13285] do_wp_page+0x1e5b/0x4f20 [ 578.967252][T13285] ? __pfx_do_wp_page+0x10/0x10 [ 578.967280][T13285] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 578.967322][T13285] __handle_mm_fault+0x2223/0x5490 [ 578.967359][T13285] ? __pfx___handle_mm_fault+0x10/0x10 [ 578.967387][T13285] ? kernel_text_address+0x8d/0x100 [ 578.967411][T13285] ? __lock_acquire+0xb8a/0x1c90 [ 578.967476][T13285] handle_mm_fault+0x589/0xd10 [ 578.967526][T13285] __get_user_pages+0x589/0x3b80 [ 578.967562][T13285] ? __pfx___get_user_pages+0x10/0x10 [ 578.967588][T13285] ? __pfx_down_read_killable+0x10/0x10 [ 578.967619][T13285] __gup_longterm_locked+0x20d/0x1840 [ 578.967654][T13285] ? __pfx___gup_longterm_locked+0x10/0x10 [ 578.967684][T13285] ? find_held_lock+0x2b/0x80 [ 578.967712][T13285] gup_fast_fallback+0x1ab3/0x29e0 [ 578.967758][T13285] ? __pfx_gup_fast_fallback+0x10/0x10 [ 578.967783][T13285] ? __kasan_kmalloc+0xaa/0xb0 [ 578.967814][T13285] ? refill_pi_state_cache+0x89/0x250 [ 578.967844][T13285] ? futex_lock_pi+0x175/0x7c0 [ 578.967889][T13285] ? __x64_sys_futex+0x1e0/0x4c0 [ 578.967916][T13285] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.967949][T13285] get_user_pages_fast+0xa7/0xf0 [ 578.967976][T13285] ? __pfx_get_user_pages_fast+0x10/0x10 [ 578.968010][T13285] get_futex_key+0x2c6/0x1540 [ 578.968039][T13285] ? __pfx_get_futex_key+0x10/0x10 [ 578.968068][T13285] ? kasan_save_track+0x14/0x30 [ 578.968119][T13285] ? __kasan_kmalloc+0xaa/0xb0 [ 578.968156][T13285] futex_lock_pi+0x1cc/0x7c0 [ 578.968194][T13285] ? __pfx_futex_lock_pi+0x10/0x10 [ 578.968226][T13285] ? __futex_wait+0x24c/0x2f0 [ 578.968263][T13285] ? lockdep_hardirqs_on+0x7c/0x110 [ 578.968322][T13285] ? __pfx_futex_wake_mark+0x10/0x10 [ 578.968364][T13285] ? do_writev+0x218/0x340 [ 578.968402][T13285] do_futex+0x11a/0x350 [ 578.968431][T13285] ? __pfx_do_futex+0x10/0x10 [ 578.968458][T13285] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 578.968503][T13285] __x64_sys_futex+0x1e0/0x4c0 [ 578.968534][T13285] ? fput+0x70/0xf0 [ 578.968556][T13285] ? __pfx___x64_sys_futex+0x10/0x10 [ 578.968586][T13285] ? xfd_validate_state+0x61/0x180 [ 578.968616][T13285] ? __pfx_do_writev+0x10/0x10 [ 578.968656][T13285] do_syscall_64+0xcd/0x490 [ 578.968694][T13285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.968716][T13285] RIP: 0033:0x7f8b9018e929 [ 578.968735][T13285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 578.968757][T13285] RSP: 002b:00007f8b8dfd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 578.968779][T13285] RAX: ffffffffffffffda RBX: 00007f8b903b6080 RCX: 00007f8b9018e929 [ 578.968794][T13285] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000 [ 578.968807][T13285] RBP: 00007f8b90210b39 R08: 0000000000000000 R09: 0000000000000006 [ 578.968821][T13285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 578.968834][T13285] R13: 0000000000000000 R14: 00007f8b903b6080 R15: 00007ffe9d5bd108 [ 578.968867][T13285] [ 579.844753][T13287] netlink: 'syz.1.1539': attribute type 11 has an invalid length. [ 579.852840][T13287] netlink: 'syz.1.1539': attribute type 11 has an invalid length. [ 579.860739][T13287] netlink: 'syz.1.1539': attribute type 11 has an invalid length. [ 582.283105][T13330] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1548'. [ 583.096825][ T30] audit: type=1400 audit(4294967361.300:15): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=13357 comm="syz.1.1556" [ 583.126138][T13359] batman_adv: Routing algorithm '' is not supported [ 583.430676][T13365] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1557'. [ 584.170890][T13376] Invalid ELF header magic: != ELF [ 584.196782][T13379] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1561'. [ 584.247869][T11452] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 585.273275][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.294944][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.361780][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.397124][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.421202][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.461604][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.484360][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.532049][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.549595][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.595943][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.627229][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.717713][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.775470][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.811181][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.852233][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 585.903663][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 586.032600][T13399] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 593.698136][T13548] syz.3.1597 (13548): attempted to duplicate a private mapping with mremap. This is not supported. [ 594.557286][T13571] ptrace attach of "./syz-executor exec"[13573] was attempted by "./syz-executor exec"[13571] [ 596.617642][T11452] Bluetooth: hci0: unexpected event 0x3d length: 726 > 14 [ 597.726343][T13644] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 599.467501][T13679] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1628'. [ 600.235903][T13697] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1631'. [ 600.277852][T13697] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1631'. [ 601.398359][T13715] capability: warning: `syz.3.1633' uses deprecated v2 capabilities in a way that may be insecure [ 604.963201][T13765] binder: 13762:13765 ioctl c018620c 0 returned -1 [ 606.477545][T13792] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1645'. [ 606.542278][T13799] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1645'. [ 606.692339][T13781] Process accounting resumed [ 606.844962][T13804] FAULT_INJECTION: forcing a failure. [ 606.844962][T13804] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 606.899418][T13803] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1647'. [ 606.918299][T13804] CPU: 1 UID: 0 PID: 13804 Comm: syz.0.1648 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 606.918332][T13804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 606.918346][T13804] Call Trace: [ 606.918353][T13804] [ 606.918361][T13804] dump_stack_lvl+0x16c/0x1f0 [ 606.918399][T13804] should_fail_ex+0x512/0x640 [ 606.918439][T13804] strncpy_from_user+0x3b/0x2e0 [ 606.918474][T13804] getname_flags.part.0+0x8f/0x550 [ 606.918506][T13804] getname_flags+0x93/0xf0 [ 606.918538][T13804] do_sys_openat2+0xb8/0x1d0 [ 606.918572][T13804] ? __pfx_do_sys_openat2+0x10/0x10 [ 606.918601][T13804] ? __fget_files+0x20e/0x3c0 [ 606.918639][T13804] __x64_sys_openat+0x174/0x210 [ 606.918666][T13804] ? __pfx___x64_sys_openat+0x10/0x10 [ 606.918692][T13804] ? ksys_write+0x1ac/0x250 [ 606.918734][T13804] do_syscall_64+0xcd/0x490 [ 606.918782][T13804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.918803][T13804] RIP: 0033:0x7f6bc618e929 [ 606.918838][T13804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 606.918860][T13804] RSP: 002b:00007f6bc70a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 606.918880][T13804] RAX: ffffffffffffffda RBX: 00007f6bc63b5fa0 RCX: 00007f6bc618e929 [ 606.918895][T13804] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 606.918910][T13804] RBP: 00007f6bc70a2090 R08: 0000000000000000 R09: 0000000000000000 [ 606.918923][T13804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 606.918937][T13804] R13: 0000000000000000 R14: 00007f6bc63b5fa0 R15: 00007ffd4bbb76c8 [ 606.918964][T13804] [ 607.311035][T13808] FAULT_INJECTION: forcing a failure. [ 607.311035][T13808] name failslab, interval 1, probability 0, space 0, times 0 [ 607.360716][T13808] CPU: 1 UID: 0 PID: 13808 Comm: syz.1.1647 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 607.360755][T13808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 607.360769][T13808] Call Trace: [ 607.360776][T13808] [ 607.360784][T13808] dump_stack_lvl+0x16c/0x1f0 [ 607.360823][T13808] should_fail_ex+0x512/0x640 [ 607.360857][T13808] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 607.360897][T13808] should_failslab+0xc2/0x120 [ 607.360920][T13808] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 607.360955][T13808] ? __alloc_skb+0x2b2/0x380 [ 607.360992][T13808] __alloc_skb+0x2b2/0x380 [ 607.361024][T13808] ? __pfx___alloc_skb+0x10/0x10 [ 607.361059][T13808] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 607.361089][T13808] netlink_alloc_large_skb+0x69/0x130 [ 607.361115][T13808] netlink_sendmsg+0x6a1/0xdd0 [ 607.361144][T13808] ? __pfx_netlink_sendmsg+0x10/0x10 [ 607.361178][T13808] ____sys_sendmsg+0xa98/0xc70 [ 607.361204][T13808] ? copy_msghdr_from_user+0x10a/0x160 [ 607.361238][T13808] ? __pfx_____sys_sendmsg+0x10/0x10 [ 607.361268][T13808] ? __pfx__kstrtoull+0x10/0x10 [ 607.361301][T13808] ___sys_sendmsg+0x134/0x1d0 [ 607.361336][T13808] ? __pfx____sys_sendmsg+0x10/0x10 [ 607.361383][T13808] ? find_held_lock+0x2b/0x80 [ 607.361423][T13808] __sys_sendmmsg+0x200/0x420 [ 607.361461][T13808] ? __pfx___sys_sendmmsg+0x10/0x10 [ 607.361504][T13808] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 607.361556][T13808] ? fput+0x70/0xf0 [ 607.361579][T13808] ? ksys_write+0x1ac/0x250 [ 607.361611][T13808] ? __pfx_ksys_write+0x10/0x10 [ 607.361649][T13808] __x64_sys_sendmmsg+0x9c/0x100 [ 607.361684][T13808] ? lockdep_hardirqs_on+0x7c/0x110 [ 607.361716][T13808] do_syscall_64+0xcd/0x490 [ 607.361754][T13808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.361778][T13808] RIP: 0033:0x7fbaeff8e929 [ 607.361795][T13808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 607.361816][T13808] RSP: 002b:00007fbaf0eb2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 607.361838][T13808] RAX: ffffffffffffffda RBX: 00007fbaf01b6080 RCX: 00007fbaeff8e929 [ 607.361852][T13808] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 607.361866][T13808] RBP: 00007fbaf0eb2090 R08: 0000000000000000 R09: 0000000000000000 [ 607.361879][T13808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 607.361892][T13808] R13: 0000000000000000 R14: 00007fbaf01b6080 R15: 00007ffcbff743b8 [ 607.361919][T13808] [ 610.560035][T13840] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1657'. [ 610.638279][T13840] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1657'. [ 611.836980][T13862] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1662'. [ 611.947044][T13862] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1662'. [ 612.498167][T13869] FAULT_INJECTION: forcing a failure. [ 612.498167][T13869] name failslab, interval 1, probability 0, space 0, times 0 [ 612.576064][T13869] CPU: 1 UID: 0 PID: 13869 Comm: syz.2.1665 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 612.576098][T13869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 612.576112][T13869] Call Trace: [ 612.576120][T13869] [ 612.576128][T13869] dump_stack_lvl+0x16c/0x1f0 [ 612.576175][T13869] should_fail_ex+0x512/0x640 [ 612.576211][T13869] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 612.576250][T13869] should_failslab+0xc2/0x120 [ 612.576273][T13869] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 612.576310][T13869] ? alloc_empty_file+0x55/0x1e0 [ 612.576339][T13869] alloc_empty_file+0x55/0x1e0 [ 612.576366][T13869] path_openat+0xda/0x2cb0 [ 612.576399][T13869] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.576432][T13869] ? __pfx_path_openat+0x10/0x10 [ 612.576468][T13869] ? __lock_acquire+0xb8a/0x1c90 [ 612.576504][T13869] do_filp_open+0x20b/0x470 [ 612.576539][T13869] ? __pfx_do_filp_open+0x10/0x10 [ 612.576593][T13869] ? alloc_fd+0x471/0x7d0 [ 612.576634][T13869] do_sys_openat2+0x11b/0x1d0 [ 612.576661][T13869] ? __pfx_do_sys_openat2+0x10/0x10 [ 612.576692][T13869] ? __fget_files+0x20e/0x3c0 [ 612.576729][T13869] __x64_sys_openat+0x174/0x210 [ 612.576757][T13869] ? __pfx___x64_sys_openat+0x10/0x10 [ 612.576784][T13869] ? ksys_write+0x1ac/0x250 [ 612.576839][T13869] do_syscall_64+0xcd/0x490 [ 612.576877][T13869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.576911][T13869] RIP: 0033:0x7f8b9018e929 [ 612.576927][T13869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 612.576947][T13869] RSP: 002b:00007f8b8dff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 612.576967][T13869] RAX: ffffffffffffffda RBX: 00007f8b903b5fa0 RCX: 00007f8b9018e929 [ 612.576981][T13869] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 612.576994][T13869] RBP: 00007f8b8dff6090 R08: 0000000000000000 R09: 0000000000000000 [ 612.577007][T13869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 612.577019][T13869] R13: 0000000000000000 R14: 00007f8b903b5fa0 R15: 00007ffe9d5bd108 [ 612.577044][T13869] [ 612.798389][ C1] vkms_vblank_simulate: vblank timer overrun [ 614.104133][T11452] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 615.118075][T13901] ptrace attach of ""[13902] was attempted by "./syz-executor exec"[13901] [ 617.666961][T13913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1672'. [ 617.825894][T13915] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1672'. [ 620.818789][T13946] FAULT_INJECTION: forcing a failure. [ 620.818789][T13946] name failslab, interval 1, probability 0, space 0, times 0 [ 621.058387][T13946] CPU: 1 UID: 0 PID: 13946 Comm: syz.2.1681 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 621.058421][T13946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 621.058434][T13946] Call Trace: [ 621.058442][T13946] [ 621.058451][T13946] dump_stack_lvl+0x16c/0x1f0 [ 621.058496][T13946] should_fail_ex+0x512/0x640 [ 621.058529][T13946] ? fs_reclaim_acquire+0xae/0x150 [ 621.058559][T13946] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 621.058592][T13946] should_failslab+0xc2/0x120 [ 621.058614][T13946] __kmalloc_noprof+0xd2/0x510 [ 621.058654][T13946] tomoyo_realpath_from_path+0xc2/0x6e0 [ 621.058695][T13946] tomoyo_check_open_permission+0x2ab/0x3c0 [ 621.058725][T13946] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 621.058781][T13946] ? do_raw_spin_lock+0x12c/0x2b0 [ 621.058824][T13946] tomoyo_file_open+0x6b/0x90 [ 621.058846][T13946] security_file_open+0x84/0x1e0 [ 621.058877][T13946] do_dentry_open+0x596/0x1c10 [ 621.058920][T13946] vfs_open+0x82/0x3f0 [ 621.058949][T13946] path_openat+0x1de4/0x2cb0 [ 621.058991][T13946] ? __pfx_path_openat+0x10/0x10 [ 621.059025][T13946] ? __lock_acquire+0xb8a/0x1c90 [ 621.059058][T13946] do_filp_open+0x20b/0x470 [ 621.059091][T13946] ? __pfx_do_filp_open+0x10/0x10 [ 621.059144][T13946] ? alloc_fd+0x471/0x7d0 [ 621.059183][T13946] do_sys_openat2+0x11b/0x1d0 [ 621.059208][T13946] ? __pfx_do_sys_openat2+0x10/0x10 [ 621.059236][T13946] ? __fget_files+0x20e/0x3c0 [ 621.059272][T13946] __x64_sys_openat+0x174/0x210 [ 621.059298][T13946] ? __pfx___x64_sys_openat+0x10/0x10 [ 621.059324][T13946] ? ksys_write+0x1ac/0x250 [ 621.059366][T13946] do_syscall_64+0xcd/0x490 [ 621.059403][T13946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.059426][T13946] RIP: 0033:0x7f8b9018e929 [ 621.059443][T13946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.059469][T13946] RSP: 002b:00007f8b8dff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 621.059490][T13946] RAX: ffffffffffffffda RBX: 00007f8b903b5fa0 RCX: 00007f8b9018e929 [ 621.059505][T13946] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 621.059520][T13946] RBP: 00007f8b8dff6090 R08: 0000000000000000 R09: 0000000000000000 [ 621.059544][T13946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 621.059556][T13946] R13: 0000000000000000 R14: 00007f8b903b5fa0 R15: 00007ffe9d5bd108 [ 621.059582][T13946] [ 621.059590][T13946] ERROR: Out of memory at tomoyo_realpath_from_path. [ 621.326372][T13949] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1682'. [ 621.384026][T13949] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1682'. [ 621.935956][T13961] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1680'. [ 622.047589][T13961] : renamed from hsr0 (while UP) [ 625.122856][T13999] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1690'. [ 625.289947][T13999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1690'. [ 625.617483][T14009] nfs4: Unknown parameter 'nfsd' [ 627.258970][T14028] netlink: 504 bytes leftover after parsing attributes in process `syz.1.1700'. [ 627.300002][T14025] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1698'. [ 627.825522][T14037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1702'. [ 628.875300][T14052] FAULT_INJECTION: forcing a failure. [ 628.875300][T14052] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 628.904583][T14048] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1706'. [ 628.924791][T14050] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1705'. [ 628.954532][T14052] CPU: 1 UID: 0 PID: 14052 Comm: syz.1.1707 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 628.954582][T14052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 628.954596][T14052] Call Trace: [ 628.954603][T14052] [ 628.954612][T14052] dump_stack_lvl+0x16c/0x1f0 [ 628.954652][T14052] should_fail_ex+0x512/0x640 [ 628.954692][T14052] should_fail_alloc_page+0xe7/0x130 [ 628.954719][T14052] prepare_alloc_pages+0x3c2/0x610 [ 628.954753][T14052] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 628.954792][T14052] ? __lock_acquire+0x622/0x1c90 [ 628.954838][T14052] ? __lock_acquire+0x622/0x1c90 [ 628.954873][T14052] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 628.954920][T14052] ? find_held_lock+0x2b/0x80 [ 628.954944][T14052] ? is_bpf_text_address+0x8a/0x1a0 [ 628.954978][T14052] ? bpf_ksym_find+0x124/0x1c0 [ 628.955004][T14052] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 628.955032][T14052] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 628.955069][T14052] ? policy_nodemask+0xea/0x4e0 [ 628.955094][T14052] alloc_pages_mpol+0x1fb/0x550 [ 628.955119][T14052] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 628.955150][T14052] folio_alloc_mpol_noprof+0x36/0x2f0 [ 628.955180][T14052] shmem_alloc_folio+0x135/0x160 [ 628.955210][T14052] shmem_alloc_and_add_folio+0x499/0xc20 [ 628.955251][T14052] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 628.955288][T14052] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 628.955329][T14052] shmem_get_folio_gfp+0x67f/0x1600 [ 628.955369][T14052] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 628.955412][T14052] shmem_fault+0x1fe/0xa30 [ 628.955448][T14052] ? __pfx_shmem_fault+0x10/0x10 [ 628.955486][T14052] ? mod_memcg_lruvec_state+0x394/0x610 [ 628.955519][T14052] ? find_held_lock+0x2b/0x80 [ 628.955552][T14052] ? pte_alloc_one+0x2b6/0x3a0 [ 628.955577][T14052] __do_fault+0x10d/0x490 [ 628.955617][T14052] ? __pfx_filemap_map_pages+0x10/0x10 [ 628.955654][T14052] __handle_mm_fault+0x374c/0x5490 [ 628.955712][T14052] ? __pfx___handle_mm_fault+0x10/0x10 [ 628.955744][T14052] ? __pfx_mt_find+0x10/0x10 [ 628.955783][T14052] ? find_vma+0xbf/0x140 [ 628.955808][T14052] ? __pfx_find_vma+0x10/0x10 [ 628.955842][T14052] handle_mm_fault+0x589/0xd10 [ 628.955876][T14052] ? __pkru_allows_pkey+0x41/0xb0 [ 628.955911][T14052] do_user_addr_fault+0x7a6/0x1370 [ 628.955948][T14052] ? rcu_is_watching+0x12/0xc0 [ 628.955979][T14052] exc_page_fault+0x5c/0xb0 [ 628.956014][T14052] asm_exc_page_fault+0x26/0x30 [ 628.956036][T14052] RIP: 0010:rep_movs_alternative+0x33/0x90 [ 628.956066][T14052] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb [ 628.956089][T14052] RSP: 0018:ffffc9000ae9fdd0 EFLAGS: 00050212 [ 628.956108][T14052] RAX: 0000000000000274 RBX: 0000000000000010 RCX: 0000000000000010 [ 628.956123][T14052] RDX: fffff520015d3fc8 RSI: ffffc9000ae9fe30 RDI: 0000000000000000 [ 628.956139][T14052] RBP: 0000000000000000 R08: 0000000000000000 R09: fffff520015d3fc7 [ 628.956153][T14052] R10: ffffc9000ae9fe3f R11: 0000000000000001 R12: ffffc9000ae9fe30 [ 628.956168][T14052] R13: 0000000000000010 R14: 00007ffffffff000 R15: 0000000000000000 [ 628.956198][T14052] _copy_to_user+0xbb/0xd0 [ 628.956223][T14052] put_timespec64+0xb5/0x120 [ 628.956252][T14052] ? __pfx_put_timespec64+0x10/0x10 [ 628.956283][T14052] ? __x64_sys_futex+0x1e9/0x4c0 [ 628.956319][T14052] __x64_sys_clock_gettime+0x1d3/0x270 [ 628.956358][T14052] ? __pfx___x64_sys_clock_gettime+0x10/0x10 [ 628.956400][T14052] ? rcu_is_watching+0x12/0xc0 [ 628.956427][T14052] do_syscall_64+0xcd/0x490 [ 628.956466][T14052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.956490][T14052] RIP: 0033:0x7fbaeff8e929 [ 628.956508][T14052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 628.956530][T14052] RSP: 002b:00007fbaf0ed3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4 [ 628.956552][T14052] RAX: ffffffffffffffda RBX: 00007fbaf01b5fa0 RCX: 00007fbaeff8e929 [ 628.956567][T14052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 628.956581][T14052] RBP: 00007fbaf0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 628.956595][T14052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 628.956609][T14052] R13: 0000000000000000 R14: 00007fbaf01b5fa0 R15: 00007ffcbff743b8 [ 628.956638][T14052] [ 631.486509][T14071] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1710'. [ 632.210485][T14089] kAFS: No cell specified [ 633.897864][T14104] ptrace attach of ""[14105] was attempted by "./syz-executor exec"[14104] [ 634.910321][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 634.918143][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 635.455030][T14118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1721'. [ 636.660694][T14130] random: crng reseeded on system resumption [ 637.200151][T14095] Process accounting paused [ 642.446570][T14164] sp0: Synchronizing with TNC [ 646.299174][T14199] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 646.391819][T14199] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 646.479057][T14199] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 648.784777][T14227] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 648.794679][T14227] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 648.803585][T14227] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 648.822435][T14227] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 648.830272][T14227] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 650.905997][T14227] Bluetooth: hci4: command tx timeout [ 651.861797][T14226] chnl_net:caif_netlink_parms(): no params data found [ 652.986566][T14227] Bluetooth: hci4: command tx timeout [ 653.200987][T14226] bridge0: port 1(bridge_slave_0) entered blocking state [ 653.238573][T14226] bridge0: port 1(bridge_slave_0) entered disabled state [ 653.275915][T14226] bridge_slave_0: entered allmulticast mode [ 653.301117][T14226] bridge_slave_0: entered promiscuous mode [ 653.340116][T14226] bridge0: port 2(bridge_slave_1) entered blocking state [ 653.391921][T14226] bridge0: port 2(bridge_slave_1) entered disabled state [ 653.435777][T14226] bridge_slave_1: entered allmulticast mode [ 653.476495][T14226] bridge_slave_1: entered promiscuous mode [ 653.837347][T14226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 653.962044][T14226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 654.209167][T14226] team0: Port device team_slave_0 added [ 654.336944][T14226] team0: Port device team_slave_1 added [ 654.595894][T14226] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 654.629344][T14226] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 654.740218][T14226] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 654.814859][T14226] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 654.842579][T14226] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 654.949955][T14226] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 655.065823][T14227] Bluetooth: hci4: command tx timeout [ 655.338727][T14226] hsr_slave_0: entered promiscuous mode [ 655.386508][T14226] hsr_slave_1: entered promiscuous mode [ 656.698497][T14226] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 656.814498][T14226] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 656.914422][T14226] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 656.968709][T14226] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 657.147029][T14227] Bluetooth: hci4: command tx timeout [ 657.496488][T14304] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1754'. [ 657.667317][T14226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 657.841869][T14226] 8021q: adding VLAN 0 to HW filter on device team0 [ 657.993402][T11741] bridge0: port 1(bridge_slave_0) entered blocking state [ 658.000627][T11741] bridge0: port 1(bridge_slave_0) entered forwarding state [ 658.069175][T11444] bridge0: port 2(bridge_slave_1) entered blocking state [ 658.076456][T11444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 659.398995][T14226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 660.041509][T14334] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1760'. [ 660.069133][T14325] Invalid ELF header magic: != ELF [ 660.728943][T14226] veth0_vlan: entered promiscuous mode [ 660.780748][T14226] veth1_vlan: entered promiscuous mode [ 660.941775][T14226] veth0_macvtap: entered promiscuous mode [ 660.997697][T14226] veth1_macvtap: entered promiscuous mode [ 661.101705][T14226] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 661.161947][T14226] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 661.172871][T14351] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1763'. [ 661.220901][T14351] hsr_slave_0: left promiscuous mode [ 661.275707][T14351] hsr_slave_1: left promiscuous mode [ 661.673183][T14226] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.882737][T14226] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.994971][T14226] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.040423][T14226] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.598829][T11740] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 662.644241][T11740] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 662.856170][T11740] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 662.915764][T11740] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 663.431999][T14379] random: crng reseeded on system resumption [ 663.728613][T14380] Restarting kernel threads ... [ 663.787379][T14380] Done restarting kernel threads. [ 665.494336][T14412] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1777'. [ 666.704708][T14450] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1784'. [ 667.196142][T14457] netlink: 'syz.3.1785': attribute type 1 has an invalid length. [ 667.240060][T14460] Process accounting resumed [ 667.276382][T14459] ptrace attach of ""[14460] was attempted by "./syz-executor exec"[14459] [ 667.762979][T14466] ptrace attach of "./syz-executor exec"[14470] was attempted by "./syz-executor exec"[14466] [ 669.445947][T14482] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1792'. [ 669.538986][T14482] FAULT_INJECTION: forcing a failure. [ 669.538986][T14482] name failslab, interval 1, probability 0, space 0, times 0 [ 669.608632][T14482] CPU: 1 UID: 0 PID: 14482 Comm: syz.0.1792 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 669.608663][T14482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 669.608676][T14482] Call Trace: [ 669.608682][T14482] [ 669.608690][T14482] dump_stack_lvl+0x16c/0x1f0 [ 669.608727][T14482] should_fail_ex+0x512/0x640 [ 669.608757][T14482] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 669.608788][T14482] should_failslab+0xc2/0x120 [ 669.608809][T14482] __kmalloc_cache_noprof+0x6a/0x3e0 [ 669.608838][T14482] ? copy_net_ns+0x135/0x5f0 [ 669.608863][T14482] copy_net_ns+0x135/0x5f0 [ 669.608882][T14482] ? copy_cgroup_ns+0x71/0x700 [ 669.608907][T14482] create_new_namespaces+0x3ea/0xa90 [ 669.608937][T14482] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 669.608963][T14482] ksys_unshare+0x45b/0xa40 [ 669.608992][T14482] ? __pfx_ksys_unshare+0x10/0x10 [ 669.609021][T14482] ? xfd_validate_state+0x61/0x180 [ 669.609055][T14482] __x64_sys_unshare+0x31/0x40 [ 669.609083][T14482] do_syscall_64+0xcd/0x490 [ 669.609116][T14482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.609137][T14482] RIP: 0033:0x7f6bc618e929 [ 669.609153][T14482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 669.609173][T14482] RSP: 002b:00007f6bc70a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 669.609191][T14482] RAX: ffffffffffffffda RBX: 00007f6bc63b5fa0 RCX: 00007f6bc618e929 [ 669.609204][T14482] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 669.609216][T14482] RBP: 00007f6bc6210b39 R08: 0000000000000000 R09: 0000000000000000 [ 669.609228][T14482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 669.609240][T14482] R13: 0000000000000000 R14: 00007f6bc63b5fa0 R15: 00007ffd4bbb76c8 [ 669.609264][T14482] [ 673.538127][T14509] netlink: 'syz.0.1799': attribute type 19 has an invalid length. [ 673.734193][T14509] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1799'. [ 673.746334][T14518] ptrace attach of ""[14521] was attempted by "./syz-executor exec"[14518] [ 674.205206][T14529] vivid-007: ================= START STATUS ================= [ 674.276540][T14529] vivid-007: Generate PTS: true [ 674.281468][T14529] vivid-007: Generate SCR: true [ 674.316933][T14529] tpg source WxH: 320x240 (Y'CbCr) [ 674.348752][T14529] tpg field: 1 [ 674.383447][T14529] tpg crop: (0,0)/320x240 [ 674.398041][T14529] tpg compose: (0,0)/320x240 [ 674.419425][T11740] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.441929][T14529] tpg colorspace: 8 [ 674.472501][T14529] tpg transfer function: 0/0 [ 674.544996][T14529] tpg Y'CbCr encoding: 0/0 [ 674.573588][T14529] tpg quantization: 0/0 [ 674.627043][T14529] tpg RGB range: 0/2 [ 674.651483][T14529] vivid-007: ================== END STATUS ================== [ 674.847859][T11740] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 675.273781][T14554] FAULT_INJECTION: forcing a failure. [ 675.273781][T14554] name failslab, interval 1, probability 0, space 0, times 0 [ 675.400634][T14554] CPU: 1 UID: 0 PID: 14554 Comm: syz.0.1810 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 675.400668][T14554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 675.400682][T14554] Call Trace: [ 675.400689][T14554] [ 675.400698][T14554] dump_stack_lvl+0x16c/0x1f0 [ 675.400738][T14554] should_fail_ex+0x512/0x640 [ 675.400773][T14554] ? fs_reclaim_acquire+0xae/0x150 [ 675.400816][T14554] should_failslab+0xc2/0x120 [ 675.400837][T14554] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 675.400871][T14554] ? ext4_init_io_end+0x24/0x170 [ 675.400899][T14554] ext4_init_io_end+0x24/0x170 [ 675.400922][T14554] ext4_do_writepages+0x985/0x3490 [ 675.400958][T14554] ? lock_acquire+0x179/0x350 [ 675.400988][T14554] ? find_held_lock+0x2b/0x80 [ 675.401022][T14554] ? __pfx_ext4_do_writepages+0x10/0x10 [ 675.401075][T14554] ? ext4_writepages+0x37a/0x7d0 [ 675.401106][T14554] ext4_writepages+0x37a/0x7d0 [ 675.401138][T14554] ? __pfx_ext4_writepages+0x10/0x10 [ 675.401180][T14554] ? do_writepages+0x4b7/0x600 [ 675.401210][T14554] ? __pfx_ext4_writepages+0x10/0x10 [ 675.401244][T14554] do_writepages+0x277/0x600 [ 675.401274][T14554] ? __pfx_do_writepages+0x10/0x10 [ 675.401301][T14554] ? do_raw_spin_unlock+0x172/0x230 [ 675.401321][T14554] ? _raw_spin_unlock+0x28/0x50 [ 675.401352][T14554] filemap_fdatawrite_wbc+0x104/0x160 [ 675.401383][T14554] __filemap_fdatawrite_range+0xb2/0xf0 [ 675.401419][T14554] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 675.401453][T14554] ? __lock_acquire+0x622/0x1c90 [ 675.401520][T14554] file_write_and_wait_range+0xca/0x140 [ 675.401544][T14554] ext4_sync_file+0x310/0xf10 [ 675.401573][T14554] ? __pfx___up_read+0x10/0x10 [ 675.401625][T14554] ? __pfx_ext4_sync_file+0x10/0x10 [ 675.401655][T14554] vfs_fsync_range+0x139/0x220 [ 675.401694][T14554] __do_sys_msync+0x3cb/0x5c0 [ 675.401736][T14554] do_syscall_64+0xcd/0x490 [ 675.401774][T14554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.401797][T14554] RIP: 0033:0x7f6bc618e929 [ 675.401815][T14554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 675.401839][T14554] RSP: 002b:00007f6bc70a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 675.401860][T14554] RAX: ffffffffffffffda RBX: 00007f6bc63b5fa0 RCX: 00007f6bc618e929 [ 675.401876][T14554] RDX: 0000000400000004 RSI: 0180000000000000 RDI: 000000001ffff000 [ 675.401890][T14554] RBP: 00007f6bc6210b39 R08: 0000000000000000 R09: 0000000000000000 [ 675.401904][T14554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.401917][T14554] R13: 0000000000000000 R14: 00007f6bc63b5fa0 R15: 00007ffd4bbb76c8 [ 675.401945][T14554] [ 676.478002][T11740] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.808898][T11740] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.507334][T11740] team0: left allmulticast mode [ 677.554395][T11740] team_slave_0: left allmulticast mode [ 677.625728][T11740] team_slave_1: left allmulticast mode [ 677.631807][T11740] team0: left promiscuous mode [ 677.695637][T11740] team_slave_0: left promiscuous mode [ 677.701366][T11740] team_slave_1: left promiscuous mode [ 677.764063][T11740] bridge0: port 3(team0) entered disabled state [ 677.828920][T11740] bridge_slave_1: left allmulticast mode [ 677.868343][T11740] bridge_slave_1: left promiscuous mode [ 677.884013][T11740] bridge0: port 2(bridge_slave_1) entered disabled state [ 677.937290][T11740] bridge_slave_0: left allmulticast mode [ 677.961365][T11740] bridge_slave_0: left promiscuous mode [ 677.987997][T11740] bridge0: port 1(bridge_slave_0) entered disabled state [ 679.376374][T11740] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 679.398313][T11740] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 679.427296][T11740] bond0 (unregistering): Released all slaves [ 679.557563][T14587] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1818'. [ 679.670589][T14585] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 679.679068][T14585] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 679.712422][T14585] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 679.782852][T14585] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 679.820654][T14585] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 679.855185][T14585] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 680.657510][T14585] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 680.728542][T14585] CPU0 is offline. [ 681.036640][T14635] FAULT_INJECTION: forcing a failure. [ 681.036640][T14635] name failslab, interval 1, probability 0, space 0, times 0 [ 681.117863][T14635] CPU: 1 UID: 0 PID: 14635 Comm: syz.1.1823 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 681.117895][T14635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 681.117908][T14635] Call Trace: [ 681.117915][T14635] [ 681.117922][T14635] dump_stack_lvl+0x16c/0x1f0 [ 681.117960][T14635] should_fail_ex+0x512/0x640 [ 681.117992][T14635] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 681.118026][T14635] should_failslab+0xc2/0x120 [ 681.118047][T14635] __kmalloc_cache_noprof+0x6a/0x3e0 [ 681.118077][T14635] ? debug_mutex_init+0x37/0x70 [ 681.118097][T14635] ? do_inotify_init+0xa2/0x5f0 [ 681.118120][T14635] do_inotify_init+0xa2/0x5f0 [ 681.118138][T14635] ? rcu_is_watching+0x12/0xc0 [ 681.118162][T14635] __x64_sys_inotify_init1+0x30/0x40 [ 681.118183][T14635] do_syscall_64+0xcd/0x490 [ 681.118218][T14635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.118240][T14635] RIP: 0033:0x7fbaeff8e929 [ 681.118256][T14635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 681.118277][T14635] RSP: 002b:00007fbaf0eb2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 681.118297][T14635] RAX: ffffffffffffffda RBX: 00007fbaf01b6080 RCX: 00007fbaeff8e929 [ 681.118322][T14635] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0003000000000000 [ 681.118335][T14635] RBP: 00007fbaf0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 681.118346][T14635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 681.118358][T14635] R13: 0000000000000000 R14: 00007fbaf01b6080 R15: 00007ffcbff743b8 [ 681.118381][T14635] [ 681.730147][T14227] Bluetooth: hci0: command 0x0c1a tx timeout [ 681.738661][T14227] Bluetooth: hci1: command 0x0c1a tx timeout [ 681.767829][T14644] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1827'. [ 681.797280][T11441] Bluetooth: hci3: command 0x0c1a tx timeout [ 681.869078][T11441] Bluetooth: hci4: command 0x0c1a tx timeout [ 682.957974][T14668] ovs_: entered promiscuous mode [ 682.970321][T14648] Process accounting resumed [ 683.056695][T11740] hsr_slave_0: left promiscuous mode [ 683.107034][T11740] hsr_slave_1: left promiscuous mode [ 683.133960][T11740] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 683.165668][T11740] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 683.209424][T11740] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 683.237148][T11740] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 683.345080][T11740] veth1_macvtap: left promiscuous mode [ 683.362854][T11740] veth0_macvtap: left promiscuous mode [ 683.395554][T11740] veth1_vlan: left promiscuous mode [ 683.418190][T11740] veth0_vlan: left promiscuous mode [ 683.785709][T11441] Bluetooth: hci0: command 0x0c1a tx timeout [ 683.945725][T11441] Bluetooth: hci4: command 0x0c1a tx timeout [ 686.025625][T11441] Bluetooth: hci4: command 0x0c1a tx timeout [ 686.117650][T11740] team0 (unregistering): Port device team_slave_1 removed [ 686.260820][T11740] team0 (unregistering): Port device team_slave_0 removed [ 689.432071][T14763] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1849'. [ 689.704766][T14767] .SR: entered promiscuous mode [ 689.896731][T14771] Invalid ELF header magic: != ELF [ 689.976113][T11441] Bluetooth: hci4: unexpected event for opcode 0x7c89 [ 690.758115][T14767] could not allocate digest TFM handle [ 691.214998][T14792] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 691.247131][T14792] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 691.289929][T14792] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 691.317950][T14792] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 691.323954][T14792] CPU0 is offline. [ 692.074837][T14836] blktrace: Concurrent blktraces are not allowed on loop2 [ 692.216053][T14838] ptrace attach of ""[14839] was attempted by "./syz-executor exec"[14838] [ 692.506014][T11441] Bluetooth: hci1: command 0x0c1a tx timeout [ 692.586334][T14778] kexec: Could not allocate control_code_buffer [ 693.305746][T11441] Bluetooth: hci3: command 0x0c1a tx timeout [ 693.311840][T11441] Bluetooth: hci0: command 0x0c1a tx timeout [ 693.386128][T11441] Bluetooth: hci4: command 0x0c1a tx timeout [ 693.961705][T14881] zswap: compressor Ȯ9Qz%;0*lH`Bkjwjӳ<85'.Y[`2Y$`Yvgִq"b%zN[O EiFi(Sh3Kx>ԝRS=kHɟ{?Bbޝ4)> not available [ 695.311127][T14893] bond0: option all_slaves_active: invalid value () [ 696.363867][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 696.371191][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 696.851421][T14945] Unable to find swap-space signature [ 699.324317][T11441] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 699.525799][T14997] ptrace attach of "./syz-executor exec"[15004] was attempted by "./syz-executor exec"[14997] [ 704.936099][T15097] netlink: 'syz.4.1901': attribute type 27 has an invalid length. [ 705.037163][T15097] netlink: 146 bytes leftover after parsing attributes in process `syz.4.1901'. [ 706.216204][T15127] FAULT_INJECTION: forcing a failure. [ 706.216204][T15127] name failslab, interval 1, probability 0, space 0, times 0 [ 706.387333][T15127] CPU: 1 UID: 0 PID: 15127 Comm: syz.0.1906 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 706.387369][T15127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 706.387383][T15127] Call Trace: [ 706.387390][T15127] [ 706.387399][T15127] dump_stack_lvl+0x16c/0x1f0 [ 706.387441][T15127] should_fail_ex+0x512/0x640 [ 706.387478][T15127] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 706.387519][T15127] should_failslab+0xc2/0x120 [ 706.387543][T15127] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 706.387591][T15127] ? copy_net_ns+0xe8/0x5f0 [ 706.387621][T15127] copy_net_ns+0xe8/0x5f0 [ 706.387643][T15127] ? copy_cgroup_ns+0x71/0x700 [ 706.387674][T15127] create_new_namespaces+0x3ea/0xa90 [ 706.387720][T15127] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 706.387762][T15127] ksys_unshare+0x45b/0xa40 [ 706.387793][T15127] ? __pfx_ksys_unshare+0x10/0x10 [ 706.387823][T15127] ? xfd_validate_state+0x61/0x180 [ 706.387859][T15127] __x64_sys_unshare+0x31/0x40 [ 706.387889][T15127] do_syscall_64+0xcd/0x490 [ 706.387924][T15127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.387945][T15127] RIP: 0033:0x7f6bc618e929 [ 706.387962][T15127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 706.387983][T15127] RSP: 002b:00007f6bc70a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 706.388003][T15127] RAX: ffffffffffffffda RBX: 00007f6bc63b5fa0 RCX: 00007f6bc618e929 [ 706.388017][T15127] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 706.388029][T15127] RBP: 00007f6bc6210b39 R08: 0000000000000000 R09: 0000000000000000 [ 706.388042][T15127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 706.388066][T15127] R13: 0000000000000000 R14: 00007f6bc63b5fa0 R15: 00007ffd4bbb76c8 [ 706.388090][T15127] [ 706.578127][ C1] vkms_vblank_simulate: vblank timer overrun [ 707.216109][T15141] vivid-007: ================= START STATUS ================= [ 707.265654][T15141] vivid-007: Generate PTS: true [ 707.305599][T15141] vivid-007: Generate SCR: true [ 707.353370][T15141] tpg source WxH: 320x240 (Y'CbCr) [ 707.420840][T15141] tpg field: 1 [ 707.455988][T15141] tpg crop: (0,0)/320x240 [ 707.460395][T15141] tpg compose: (0,0)/320x240 [ 707.464987][T15141] tpg colorspace: 8 [ 707.605816][T15141] tpg transfer function: 0/0 [ 707.610503][T15141] tpg Y'CbCr encoding: 0/0 [ 707.844078][T15141] tpg quantization: 0/0 [ 708.002842][T15162] can: request_module (can-proto-3) failed. [ 708.041971][T15141] tpg RGB range: 0/2 [ 708.184349][T15141] vivid-007: ================== END STATUS ================== [ 708.271601][T15154] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 708.319114][T15154] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 708.368783][T15154] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 708.374860][T15154] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 708.435892][T15154] CPU0 is offline. [ 709.162474][T14227] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 709.945851][T14227] Bluetooth: hci1: command 0x0c1a tx timeout [ 710.346185][T14227] Bluetooth: hci0: command 0x0c1a tx timeout [ 710.425884][T14227] Bluetooth: hci4: command 0x0c1a tx timeout [ 710.431981][T14227] Bluetooth: hci3: command 0x0c1a tx timeout [ 713.853698][T15333] Process accounting paused [ 714.686565][T15349] could not allocate digest TFM handle [ 715.387503][T15372] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 715.450454][T15360] HSR: entered promiscuous mode [ 717.063149][T15399] Invalid ELF header magic: != ELF [ 717.277664][T15401] netlink: 672 bytes leftover after parsing attributes in process `syz.1.1938'. [ 719.161253][T15450] sysfs_service_op_show: Client not running :-5: [ 719.179260][T15458] netlink: 'syz.1.1947': attribute type 1 has an invalid length. [ 719.533673][T15478] sysfs_service_op_show: Client not running :-5: [ 719.606220][T15455] zswap: compressor not available [ 721.845947][T15513] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[15513] [ 723.425724][T15542] Unable to find swap-space signature [ 727.277196][T15622] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input34 [ 727.323342][T15620] vivid-009: ================= START STATUS ================= [ 727.438927][T15620] vivid-009: Enable Output Cropping: true grabbed [ 727.532698][T15620] vivid-009: Enable Output Composing: true grabbed [ 727.638736][T15620] vivid-009: Enable Output Scaler: true grabbed [ 727.696050][T15633] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1968'. [ 727.736250][T15620] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 727.833721][T15620] vivid-009: Transmit Mode: HDMI grabbed [ 727.940192][T15620] vivid-009: Hotplug Present: 0x00000000 [ 728.011432][T15620] vivid-009: RxSense Present: 0x00000000 [ 728.114435][T15620] vivid-009: EDID Present: 0x00000000 [ 728.182091][T15620] vivid-009: ================== END STATUS ================== [ 728.806247][T15650] ptrace attach of "./syz-executor exec"[5855] was attempted by "./syz-executor exec"[15650] [ 731.181203][T15682] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1975'. [ 733.495333][T15737] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1984'. [ 733.527340][T15727] zswap: compressor 000 not available [ 734.006580][T15726] ima: policy update failed [ 734.014804][ T30] audit: type=1802 audit(4294967298.780:16): pid=15726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1984" res=0 errno=0 [ 734.328211][T15750] FAULT_INJECTION: forcing a failure. [ 734.328211][T15750] name failslab, interval 1, probability 0, space 0, times 0 [ 734.383547][T15750] CPU: 1 UID: 0 PID: 15750 Comm: syz.0.1987 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 734.383577][T15750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 734.383590][T15750] Call Trace: [ 734.383597][T15750] [ 734.383605][T15750] dump_stack_lvl+0x16c/0x1f0 [ 734.383642][T15750] should_fail_ex+0x512/0x640 [ 734.383673][T15750] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 734.383709][T15750] should_failslab+0xc2/0x120 [ 734.383733][T15750] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 734.383764][T15750] ? __pfx_acct_collect+0x10/0x10 [ 734.383797][T15750] ? taskstats_exit+0x654/0xbe0 [ 734.383832][T15750] taskstats_exit+0x654/0xbe0 [ 734.383864][T15750] ? __pfx_taskstats_exit+0x10/0x10 [ 734.383902][T15750] do_exit+0x5d9/0x2bd0 [ 734.383936][T15750] ? __pfx_do_exit+0x10/0x10 [ 734.383965][T15750] ? do_raw_spin_lock+0x12c/0x2b0 [ 734.383997][T15750] ? find_held_lock+0x2b/0x80 [ 734.384023][T15750] do_group_exit+0xd3/0x2a0 [ 734.384054][T15750] get_signal+0x2673/0x26d0 [ 734.384088][T15750] ? __pfx_get_signal+0x10/0x10 [ 734.384112][T15750] ? do_futex+0x122/0x350 [ 734.384138][T15750] ? __pfx_do_futex+0x10/0x10 [ 734.384167][T15750] arch_do_signal_or_restart+0x8f/0x790 [ 734.384194][T15750] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 734.384226][T15750] ? xfd_validate_state+0x61/0x180 [ 734.384253][T15750] ? __pfx_ksys_write+0x10/0x10 [ 734.384315][T15750] exit_to_user_mode_loop+0x84/0x110 [ 734.384370][T15750] do_syscall_64+0x3f6/0x490 [ 734.384406][T15750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 734.384429][T15750] RIP: 0033:0x7f6bc618e929 [ 734.384446][T15750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 734.384467][T15750] RSP: 002b:00007f6bc70a20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 734.384487][T15750] RAX: fffffffffffffe00 RBX: 00007f6bc63b5fa8 RCX: 00007f6bc618e929 [ 734.384502][T15750] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6bc63b5fa8 [ 734.384515][T15750] RBP: 00007f6bc63b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 734.384528][T15750] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6bc63b5fac [ 734.384541][T15750] R13: 0000000000000000 R14: 00007ffd4bbb75e0 R15: 00007ffd4bbb76c8 [ 734.384567][T15750] [ 734.612233][ C1] vkms_vblank_simulate: vblank timer overrun [ 735.267860][T15755] random: crng reseeded on system resumption [ 736.700254][T15782] syz_tun: tun_chr_ioctl cmd 9 [ 739.169403][T14227] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 739.338804][T15838] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input35 [ 740.023668][T15840] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 742.553260][T15888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2015'. [ 742.604611][T15888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2015'. [ 743.995120][T15897] Process accounting resumed [ 744.104559][T15910] cgroup: fork rejected by pids controller in /syz4 [ 745.822863][T16013] FAULT_INJECTION: forcing a failure. [ 745.822863][T16013] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 745.906837][T16013] CPU: 1 UID: 0 PID: 16013 Comm: syz.4.2028 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 745.906872][T16013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 745.906886][T16013] Call Trace: [ 745.906894][T16013] [ 745.906915][T16013] dump_stack_lvl+0x16c/0x1f0 [ 745.906955][T16013] should_fail_ex+0x512/0x640 [ 745.906995][T16013] should_fail_alloc_page+0xe7/0x130 [ 745.907022][T16013] prepare_alloc_pages+0x3c2/0x610 [ 745.907051][T16013] ? rcu_is_watching+0x12/0xc0 [ 745.907079][T16013] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 745.907117][T16013] ? __lock_acquire+0xb8a/0x1c90 [ 745.907160][T16013] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 745.907207][T16013] ? do_raw_spin_lock+0x12c/0x2b0 [ 745.907242][T16013] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 745.907276][T16013] ? find_held_lock+0x2b/0x80 [ 745.907306][T16013] ? __lock_acquire+0xb8a/0x1c90 [ 745.907335][T16013] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 745.907378][T16013] ? policy_nodemask+0xea/0x4e0 [ 745.907402][T16013] alloc_pages_mpol+0x1fb/0x550 [ 745.907425][T16013] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 745.907455][T16013] folio_alloc_mpol_noprof+0x36/0x2f0 [ 745.907483][T16013] shmem_alloc_folio+0x135/0x160 [ 745.907513][T16013] shmem_alloc_and_add_folio+0x499/0xc20 [ 745.907552][T16013] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 745.907587][T16013] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 745.907624][T16013] shmem_get_folio_gfp+0x67f/0x1600 [ 745.907662][T16013] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 745.907697][T16013] ? __lock_acquire+0x622/0x1c90 [ 745.907729][T16013] shmem_fault+0x1fe/0xa30 [ 745.907763][T16013] ? __pfx_shmem_fault+0x10/0x10 [ 745.907800][T16013] ? __lock_acquire+0xb8a/0x1c90 [ 745.907835][T16013] __do_fault+0x10d/0x490 [ 745.907869][T16013] ? __pfx_filemap_map_pages+0x10/0x10 [ 745.907904][T16013] __handle_mm_fault+0x374c/0x5490 [ 745.907941][T16013] ? __pfx___handle_mm_fault+0x10/0x10 [ 745.907972][T16013] ? __pte_offset_map_lock+0x174/0x310 [ 745.907996][T16013] ? find_held_lock+0x2b/0x80 [ 745.908016][T16013] ? find_held_lock+0x2b/0x80 [ 745.908055][T16013] ? follow_page_pte+0x3af/0x14c0 [ 745.908084][T16013] handle_mm_fault+0x589/0xd10 [ 745.908116][T16013] __get_user_pages+0x589/0x3b80 [ 745.908150][T16013] ? __pfx___get_user_pages+0x10/0x10 [ 745.908174][T16013] ? __pfx_down_read_killable+0x10/0x10 [ 745.908196][T16013] ? __lock_acquire+0xb8a/0x1c90 [ 745.908227][T16013] faultin_page_range+0x249/0x980 [ 745.908258][T16013] madvise_do_behavior+0x268/0x3f0 [ 745.908283][T16013] ? __pfx_madvise_do_behavior+0x10/0x10 [ 745.908320][T16013] do_madvise+0x161/0x230 [ 745.908342][T16013] ? __pfx_do_madvise+0x10/0x10 [ 745.908381][T16013] ? xfd_validate_state+0x61/0x180 [ 745.908409][T16013] ? __pfx_do_writev+0x10/0x10 [ 745.908442][T16013] __x64_sys_madvise+0xa9/0x110 [ 745.908464][T16013] ? lockdep_hardirqs_on+0x7c/0x110 [ 745.908495][T16013] do_syscall_64+0xcd/0x490 [ 745.908528][T16013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.908548][T16013] RIP: 0033:0x7fd72e78e929 [ 745.908565][T16013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 745.908584][T16013] RSP: 002b:00007fd72c5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 745.908602][T16013] RAX: ffffffffffffffda RBX: 00007fd72e9b5fa0 RCX: 00007fd72e78e929 [ 745.908615][T16013] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 745.908627][T16013] RBP: 00007fd72e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 745.908639][T16013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 745.908651][T16013] R13: 0000000000000000 R14: 00007fd72e9b5fa0 R15: 00007ffd00a277c8 [ 745.908676][T16013] [ 749.425655][T16044] can: request_module (can-proto-3) failed. [ 750.086366][T16085] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2039'. [ 750.157211][T16085] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2039'. [ 750.803994][T16106] random: crng reseeded on system resumption [ 753.095752][T16135] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input37 [ 753.140894][T16137] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2050'. [ 753.253596][T16133] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2050'. [ 753.321673][T16133] netlink: 286 bytes leftover after parsing attributes in process `syz.1.2050'. [ 753.365951][T16133] bridge: RTM_NEWNEIGH with unconfigured vlan 704 on bridge_slave_1 [ 753.452138][T16139] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2049'. [ 757.704178][T16201] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 757.797308][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 757.803674][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 757.855754][T16201] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 757.861878][T16201] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 757.931989][T16201] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 757.978385][T16201] CPU0 is offline. [ 759.060661][T16241] vhci_hcd: invalid port number 16 [ 759.080912][T16241] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 759.225738][T11441] Bluetooth: hci1: command 0x0c1a tx timeout [ 759.589806][T16248] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input38 [ 759.947073][T11441] Bluetooth: hci4: command 0x0c1a tx timeout [ 759.953227][T14227] Bluetooth: hci3: command 0x0c1a tx timeout [ 759.962052][T14227] Bluetooth: hci0: command 0x0c1a tx timeout [ 762.632139][T16290] netlink: 218 bytes leftover after parsing attributes in process `syz.0.2083'. [ 762.724471][T16290] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 762.835593][T16295] can: request_module (can-proto-0) failed. [ 763.145290][T16304] netlink: 'syz.0.2084': attribute type 1 has an invalid length. [ 763.648482][T16283] kexec: Could not allocate control_code_buffer [ 764.163117][T16316] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 764.222210][T16316] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 764.252327][T16316] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 764.279462][T16316] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 764.299550][T16316] CPU0 is offline. [ 765.185924][T16350] vhci_hcd: invalid port number 16 [ 765.215887][T16350] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 765.676477][T16366] device-mapper: ioctl: Invalid data size in the ioctl structure: 1 [ 766.025621][T11441] Bluetooth: hci1: command 0x0c1a tx timeout [ 766.265755][T11441] Bluetooth: hci3: command 0x0c1a tx timeout [ 766.272157][T11452] Bluetooth: hci0: command 0x0c1a tx timeout [ 766.345580][T11441] Bluetooth: hci4: command 0x0c1a tx timeout [ 766.434786][T16376] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2099'. [ 767.476340][T16393] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2102'. [ 767.520570][T16393] netlink: 13 bytes leftover after parsing attributes in process `syz.0.2102'. [ 767.913355][T16401] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 767.934536][T16406] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2105'. [ 767.979477][T16405] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2105'. [ 769.730817][T16456] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2116'. [ 769.878309][T16456] team_slave_1 (unregistering): left promiscuous mode [ 769.895436][T16456] team_slave_1 (unregistering): left allmulticast mode [ 769.927652][T16456] team0: Port device team_slave_1 removed [ 769.982538][T16461] sg_write: data in/out 476/16086 bytes for SCSI command 0x0-- guessing data in; [ 769.982538][T16461] program syz.1.2117 not setting count and/or reply_len properly [ 769.999513][ C1] vkms_vblank_simulate: vblank timer overrun [ 770.037776][T16445] FAULT_INJECTION: forcing a failure. [ 770.037776][T16445] name failslab, interval 1, probability 0, space 0, times 0 [ 770.063111][T11441] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 770.063141][T11441] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 770.082717][T11441] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 770.082769][T11441] Bluetooth: hci3: adv larger than maximum supported [ 770.090188][T11441] Bluetooth: hci3: Unknown advertising packet type: 0x34 [ 770.097760][T11441] Bluetooth: hci3: Malformed LE Event: 0x0d [ 770.119311][T16445] CPU: 1 UID: 0 PID: 16445 Comm: syz.4.2114 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 770.119338][T16445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 770.119349][T16445] Call Trace: [ 770.119355][T16445] [ 770.119363][T16445] dump_stack_lvl+0x16c/0x1f0 [ 770.119399][T16445] should_fail_ex+0x512/0x640 [ 770.119430][T16445] ? __kmalloc_noprof+0xbf/0x510 [ 770.119470][T16445] ? get_modalias+0xbb/0x380 [ 770.119491][T16445] should_failslab+0xc2/0x120 [ 770.119511][T16445] __kmalloc_noprof+0xd2/0x510 [ 770.119542][T16445] ? get_modalias+0x20f/0x380 [ 770.119568][T16445] get_modalias+0xbb/0x380 [ 770.119595][T16445] ? __pfx_sys_dmi_modalias_show+0x10/0x10 [ 770.119619][T16445] sys_dmi_modalias_show+0x1f/0xb0 [ 770.119643][T16445] dev_attr_show+0x53/0xe0 [ 770.119666][T16445] ? __pfx_dev_attr_show+0x10/0x10 [ 770.119685][T16445] sysfs_kf_seq_show+0x213/0x3e0 [ 770.119715][T16445] seq_read_iter+0x509/0x12c0 [ 770.119754][T16445] kernfs_fop_read_iter+0x40f/0x5a0 [ 770.119775][T16445] ? rw_verify_area+0xcf/0x680 [ 770.119804][T16445] vfs_read+0x8bc/0xc60 [ 770.119836][T16445] ? __pfx___mutex_lock+0x10/0x10 [ 770.119869][T16445] ? __pfx_vfs_read+0x10/0x10 [ 770.119914][T16445] ksys_read+0x12a/0x250 [ 770.119943][T16445] ? __pfx_ksys_read+0x10/0x10 [ 770.119980][T16445] do_syscall_64+0xcd/0x490 [ 770.120013][T16445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 770.120033][T16445] RIP: 0033:0x7fd72e78e929 [ 770.120049][T16445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 770.120069][T16445] RSP: 002b:00007fd72c5d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 770.120087][T16445] RAX: ffffffffffffffda RBX: 00007fd72e9b6080 RCX: 00007fd72e78e929 [ 770.120100][T16445] RDX: 0000000000001016 RSI: 0000200000000000 RDI: 0000000000000009 [ 770.120112][T16445] RBP: 00007fd72e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 770.120124][T16445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 770.120136][T16445] R13: 0000000000000000 R14: 00007fd72e9b6080 R15: 00007ffd00a277c8 [ 770.120161][T16445] [ 770.339331][ C1] vkms_vblank_simulate: vblank timer overrun [ 771.981607][T16498] can: request_module (can-proto-0) failed. [ 774.007369][T16558] .SR: entered promiscuous mode [ 774.110099][T16554] Process accounting paused [ 774.412245][T16562] FAULT_INJECTION: forcing a failure. [ 774.412245][T16562] name failslab, interval 1, probability 0, space 0, times 0 [ 774.479904][T16562] CPU: 1 UID: 0 PID: 16562 Comm: syz.4.2140 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 774.479932][T16562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 774.479944][T16562] Call Trace: [ 774.479950][T16562] [ 774.479958][T16562] dump_stack_lvl+0x16c/0x1f0 [ 774.479994][T16562] should_fail_ex+0x512/0x640 [ 774.480025][T16562] ? __kmalloc_noprof+0xbf/0x510 [ 774.480058][T16562] ? memcg_list_lru_alloc+0x4e9/0x740 [ 774.480097][T16562] should_failslab+0xc2/0x120 [ 774.480118][T16562] __kmalloc_noprof+0xd2/0x510 [ 774.480149][T16562] ? __lock_acquire+0x622/0x1c90 [ 774.480182][T16562] memcg_list_lru_alloc+0x4e9/0x740 [ 774.480220][T16562] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 774.480260][T16562] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 774.480293][T16562] __memcg_slab_post_alloc_hook+0x133/0x960 [ 774.480320][T16562] ? kasan_save_track+0x14/0x30 [ 774.480353][T16562] kmem_cache_alloc_lru_noprof+0x30f/0x3b0 [ 774.480386][T16562] ? __d_alloc+0x31/0xaa0 [ 774.480406][T16562] __d_alloc+0x31/0xaa0 [ 774.480427][T16562] d_alloc_pseudo+0x1c/0xc0 [ 774.480450][T16562] alloc_file_pseudo+0xcf/0x230 [ 774.480475][T16562] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 774.480498][T16562] ? security_inode_init_security_anon+0x79/0x240 [ 774.480529][T16562] secretmem_file_create.constprop.0+0x89/0x270 [ 774.480552][T16562] __x64_sys_memfd_secret+0xc5/0x1a0 [ 774.480573][T16562] do_syscall_64+0xcd/0x490 [ 774.480607][T16562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 774.480626][T16562] RIP: 0033:0x7fd72e78e929 [ 774.480643][T16562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 774.480662][T16562] RSP: 002b:00007fd72c5d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 774.480681][T16562] RAX: ffffffffffffffda RBX: 00007fd72e9b6080 RCX: 00007fd72e78e929 [ 774.480695][T16562] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 774.480707][T16562] RBP: 00007fd72e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 774.480719][T16562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 774.480731][T16562] R13: 0000000000000000 R14: 00007fd72e9b6080 R15: 00007ffd00a277c8 [ 774.480755][T16562] [ 774.786814][T16577] __vm_enough_memory: pid: 16577, comm: syz.4.2144, bytes: 9223372036854775808 not enough memory for the allocation [ 775.745124][T16587] netlink: 'syz.0.2143': attribute type 22 has an invalid length. [ 775.890324][T16593] nbd: must specify at least one socket [ 776.178380][T16603] netlink: 218 bytes leftover after parsing attributes in process `syz.4.2149'. [ 776.238858][T16603] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 778.150099][T16650] FAULT_INJECTION: forcing a failure. [ 778.150099][T16650] name failslab, interval 1, probability 0, space 0, times 0 [ 778.214698][T16650] CPU: 1 UID: 0 PID: 16650 Comm: syz.4.2159 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 778.214727][T16650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 778.214739][T16650] Call Trace: [ 778.214746][T16650] [ 778.214753][T16650] dump_stack_lvl+0x16c/0x1f0 [ 778.214799][T16650] should_fail_ex+0x512/0x640 [ 778.214829][T16650] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 778.214861][T16650] should_failslab+0xc2/0x120 [ 778.214881][T16650] __kmalloc_cache_noprof+0x6a/0x3e0 [ 778.214910][T16650] ? lockdep_init_map_type+0x5c/0x280 [ 778.214939][T16650] ? zs_create_pool+0x4d2/0xb80 [ 778.214965][T16650] zs_create_pool+0x4d2/0xb80 [ 778.214991][T16650] ? __pfx_zs_create_pool+0x10/0x10 [ 778.215016][T16650] ? disksize_store+0x117/0x670 [ 778.215043][T16650] ? __vmalloc_node_noprof+0xad/0xf0 [ 778.215069][T16650] ? disksize_store+0x117/0x670 [ 778.215097][T16650] disksize_store+0x174/0x670 [ 778.215127][T16650] ? __pfx_disksize_store+0x10/0x10 [ 778.215153][T16650] dev_attr_store+0x58/0x80 [ 778.215173][T16650] ? __pfx_dev_attr_store+0x10/0x10 [ 778.215192][T16650] sysfs_kf_write+0xef/0x150 [ 778.215220][T16650] kernfs_fop_write_iter+0x351/0x510 [ 778.215242][T16650] ? __pfx_sysfs_kf_write+0x10/0x10 [ 778.215270][T16650] vfs_write+0x6c4/0x1150 [ 778.215300][T16650] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 778.215324][T16650] ? __pfx___mutex_lock+0x10/0x10 [ 778.215356][T16650] ? __pfx_vfs_write+0x10/0x10 [ 778.215402][T16650] ksys_write+0x12a/0x250 [ 778.215432][T16650] ? __pfx_ksys_write+0x10/0x10 [ 778.215473][T16650] do_syscall_64+0xcd/0x490 [ 778.215506][T16650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 778.215527][T16650] RIP: 0033:0x7fd72e78e929 [ 778.215542][T16650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 778.215562][T16650] RSP: 002b:00007fd72c5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 778.215581][T16650] RAX: ffffffffffffffda RBX: 00007fd72e9b5fa0 RCX: 00007fd72e78e929 [ 778.215593][T16650] RDX: 0000000000000001 RSI: 0000200000000ec0 RDI: 0000000000000004 [ 778.215605][T16650] RBP: 00007fd72e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 778.215617][T16650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 778.215629][T16650] R13: 0000000000000000 R14: 00007fd72e9b5fa0 R15: 00007ffd00a277c8 [ 778.215654][T16650] [ 778.452932][ C1] vkms_vblank_simulate: vblank timer overrun [ 779.435043][T16662] random: crng reseeded on system resumption [ 779.933737][T16677] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2167'. [ 781.192193][T16697] vhci_hcd: invalid port number 16 [ 781.237084][T16697] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 784.099740][T16744] sg_write: data in/out 476/16086 bytes for SCSI command 0x0-- guessing data in; [ 784.099740][T16744] program syz.4.2181 not setting count and/or reply_len properly [ 784.218475][T11441] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 784.218504][T11441] Bluetooth: hci4: unexpected subevent 0x0d length: 725 > 260 [ 784.234029][T11441] Bluetooth: hci4: Unknown advertising packet type: 0x7f [ 784.234070][T11441] Bluetooth: hci4: adv larger than maximum supported [ 784.242386][T11441] Bluetooth: hci4: Unknown advertising packet type: 0x34 [ 784.249176][T11441] Bluetooth: hci4: Malformed LE Event: 0x0d [ 787.003292][T16780] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2187'. [ 791.336199][T16843] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2198'. [ 791.491969][T16842] HfR: entered promiscuous mode [ 791.525925][T16843] HfR: left promiscuous mode [ 793.076908][T16865] vivid-007: ================= START STATUS ================= [ 793.115232][T16865] vivid-007: Generate PTS: true [ 793.139005][T16865] vivid-007: Generate SCR: true [ 793.181435][T16865] tpg source WxH: 320x240 (Y'CbCr) [ 793.243983][T16865] tpg field: 1 [ 793.275621][T16865] tpg crop: (0,0)/320x240 [ 793.316949][T16865] tpg compose: (0,0)/320x240 [ 793.369777][T16865] tpg colorspace: 8 [ 793.402343][T16865] tpg transfer function: 0/0 [ 793.452857][T16865] tpg Y'CbCr encoding: 0/0 [ 793.499976][T16865] tpg quantization: 0/0 [ 793.539245][T16865] tpg RGB range: 0/2 [ 793.581012][T16865] vivid-007: ================== END STATUS ================== [ 795.323933][T11441] Bluetooth: hci4: Unable to find connection for big 0xd2 [ 796.362616][T16904] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2212'. [ 798.026035][T16946] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2219'. [ 799.643844][T16966] Invalid ELF header magic: != ELF [ 799.883189][T16781] ------------[ cut here ]------------ [ 799.888822][T16781] ODEBUG: free active (active state 0) object: ffff88807b3d1318 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 [ 799.973272][T11452] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 799.982666][T11452] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 799.990835][T11452] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 799.999881][T11452] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 800.009748][T11452] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 800.053283][T16781] WARNING: CPU: 1 PID: 16781 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 [ 800.062925][T16781] Modules linked in: [ 800.066894][T16781] CPU: 1 UID: 0 PID: 16781 Comm: syz.3.2187 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 800.079121][T16781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 800.089686][T16781] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 800.095974][T16781] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 80 83 15 8c 4c 89 e6 48 c7 c7 00 78 15 8c e8 2f 2f 9c fc 90 <0f> 0b 90 90 58 83 05 f6 51 cb 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 800.116021][T16781] RSP: 0018:ffffc9000c757798 EFLAGS: 00010286 [ 800.122103][T16781] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1f8 [ 800.130592][T16781] RDX: ffff888022edda00 RSI: ffffffff817aa205 RDI: 0000000000000001 [ 800.138613][T16781] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 800.146612][T16781] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c157ea0 [ 800.154590][T16781] R13: ffffffff8bafe840 R14: ffffffff8a8fd9f0 R15: ffffc9000c757898 [ 800.162596][T16781] FS: 0000000000000000(0000) GS:ffff888124822000(0000) knlGS:0000000000000000 [ 800.171551][T16781] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 800.178388][T16781] CR2: 0000200000253000 CR3: 000000007d812000 CR4: 00000000003526f0 [ 800.186457][T16781] Call Trace: [ 800.190211][T16781] [ 800.193142][T16781] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 800.198881][T16781] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 800.204982][T16781] debug_check_no_obj_freed+0x4b7/0x600 [ 800.210806][T16781] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 800.216930][T16781] ? rcu_is_watching+0x12/0xc0 [ 800.221737][T16781] ? kmem_cache_free+0x2d1/0x4d0 [ 800.226719][T16781] kfree+0x28f/0x4d0 [ 800.230709][T16781] ? hci_release_dev+0x4d8/0x600 [ 800.235690][T16781] hci_release_dev+0x4d8/0x600 [ 800.240488][T16781] ? __pfx_hci_release_dev+0x10/0x10 [ 800.245826][T16781] ? rcu_is_watching+0x12/0xc0 [ 800.250607][T16781] ? kfree+0x24f/0x4d0 [ 800.254689][T16781] bt_host_release+0x6a/0xb0 [ 800.259323][T16781] ? __pfx_bt_host_release+0x10/0x10 [ 800.264619][T16781] device_release+0xa4/0x240 [ 800.269252][T16781] kobject_put+0x1e7/0x5a0 [ 800.273674][T16781] ? __pfx_vhci_release+0x10/0x10 [ 800.278770][T16781] put_device+0x1f/0x30 [ 800.282933][T16781] vhci_release+0x81/0xf0 [ 800.287296][T16781] __fput+0x402/0xb70 [ 800.291757][T16781] task_work_run+0x14d/0x240 [ 800.296667][T16781] ? __pfx_task_work_run+0x10/0x10 [ 800.302127][T16781] do_exit+0x86c/0x2bd0 [ 800.306582][T16781] ? proc_coredump_connector+0x2d1/0x4f0 [ 800.312235][T16781] ? __pfx_do_exit+0x10/0x10 [ 800.316919][T16781] do_group_exit+0xd3/0x2a0 [ 800.321455][T16781] get_signal+0x2673/0x26d0 [ 800.326004][T16781] ? __pfx_get_signal+0x10/0x10 [ 800.330890][T16781] ? rcu_is_watching+0x12/0xc0 [ 800.335689][T16781] ? trace_irq_disable.constprop.0+0xd4/0x120 [ 800.341798][T16781] arch_do_signal_or_restart+0x8f/0x790 [ 800.347496][T16781] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 800.353695][T16781] irqentry_exit_to_user_mode+0x12a/0x270 [ 800.359484][T16781] asm_exc_page_fault+0x26/0x30 [ 800.364347][T16781] RIP: 0033:0xd0000 [ 800.368185][T16781] Code: Unable to access opcode bytes at 0xcffd6. [ 800.374593][T16781] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 800.380684][T16781] RAX: 0000000000000000 RBX: 00007f86d23b6080 RCX: 00007f86d218e929 [ 800.388680][T16781] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 800.397223][T16781] RBP: 00007f86d2210b39 R08: 0000000000000002 R09: 0000000000000000 [ 800.405736][T16781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 800.413718][T16781] R13: 0000000000000000 R14: 00007f86d23b6080 R15: 00007ffd0cd72a08 [ 800.421954][T16781] [ 800.424985][T16781] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 800.432265][T16781] CPU: 1 UID: 0 PID: 16781 Comm: syz.3.2187 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 800.444328][T16781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 800.454733][T16781] Call Trace: [ 800.458015][T16781] [ 800.460946][T16781] dump_stack_lvl+0x3d/0x1f0 [ 800.465561][T16781] panic+0x71c/0x800 [ 800.469558][T16781] ? __pfx_panic+0x10/0x10 [ 800.473991][T16781] ? show_trace_log_lvl+0x29b/0x3e0 [ 800.479225][T16781] ? check_panic_on_warn+0x1f/0xb0 [ 800.484360][T16781] ? debug_print_object+0x1a2/0x2b0 [ 800.489561][T16781] check_panic_on_warn+0xab/0xb0 [ 800.494509][T16781] __warn+0xf6/0x3c0 [ 800.498416][T16781] ? debug_print_object+0x1a2/0x2b0 [ 800.503618][T16781] report_bug+0x3c3/0x580 [ 800.507958][T16781] ? debug_print_object+0x1a2/0x2b0 [ 800.513166][T16781] handle_bug+0x184/0x210 [ 800.517499][T16781] exc_invalid_op+0x17/0x50 [ 800.522006][T16781] asm_exc_invalid_op+0x1a/0x20 [ 800.526862][T16781] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 800.532711][T16781] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 80 83 15 8c 4c 89 e6 48 c7 c7 00 78 15 8c e8 2f 2f 9c fc 90 <0f> 0b 90 90 58 83 05 f6 51 cb 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 800.552319][T16781] RSP: 0018:ffffc9000c757798 EFLAGS: 00010286 [ 800.558391][T16781] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1f8 [ 800.566364][T16781] RDX: ffff888022edda00 RSI: ffffffff817aa205 RDI: 0000000000000001 [ 800.574340][T16781] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 800.582319][T16781] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c157ea0 [ 800.590292][T16781] R13: ffffffff8bafe840 R14: ffffffff8a8fd9f0 R15: ffffc9000c757898 [ 800.598267][T16781] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 800.603757][T16781] ? __warn_printk+0x198/0x350 [ 800.608532][T16781] ? __warn_printk+0x1a5/0x350 [ 800.613314][T16781] ? debug_print_object+0x1a1/0x2b0 [ 800.618513][T16781] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 800.623982][T16781] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 800.629802][T16781] debug_check_no_obj_freed+0x4b7/0x600 [ 800.635361][T16781] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 800.641434][T16781] ? rcu_is_watching+0x12/0xc0 [ 800.646228][T16781] ? kmem_cache_free+0x2d1/0x4d0 [ 800.651205][T16781] kfree+0x28f/0x4d0 [ 800.655113][T16781] ? hci_release_dev+0x4d8/0x600 [ 800.660069][T16781] hci_release_dev+0x4d8/0x600 [ 800.664867][T16781] ? __pfx_hci_release_dev+0x10/0x10 [ 800.670161][T16781] ? rcu_is_watching+0x12/0xc0 [ 800.675026][T16781] ? kfree+0x24f/0x4d0 [ 800.679117][T16781] bt_host_release+0x6a/0xb0 [ 800.683733][T16781] ? __pfx_bt_host_release+0x10/0x10 [ 800.689019][T16781] device_release+0xa4/0x240 [ 800.693618][T16781] kobject_put+0x1e7/0x5a0 [ 800.698051][T16781] ? __pfx_vhci_release+0x10/0x10 [ 800.703091][T16781] put_device+0x1f/0x30 [ 800.707259][T16781] vhci_release+0x81/0xf0 [ 800.711606][T16781] __fput+0x402/0xb70 [ 800.715597][T16781] task_work_run+0x14d/0x240 [ 800.720228][T16781] ? __pfx_task_work_run+0x10/0x10 [ 800.725357][T16781] do_exit+0x86c/0x2bd0 [ 800.729543][T16781] ? proc_coredump_connector+0x2d1/0x4f0 [ 800.735187][T16781] ? __pfx_do_exit+0x10/0x10 [ 800.739798][T16781] do_group_exit+0xd3/0x2a0 [ 800.744321][T16781] get_signal+0x2673/0x26d0 [ 800.748839][T16781] ? __pfx_get_signal+0x10/0x10 [ 800.753692][T16781] ? rcu_is_watching+0x12/0xc0 [ 800.758455][T16781] ? trace_irq_disable.constprop.0+0xd4/0x120 [ 800.764539][T16781] arch_do_signal_or_restart+0x8f/0x790 [ 800.770092][T16781] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 800.776276][T16781] irqentry_exit_to_user_mode+0x12a/0x270 [ 800.782023][T16781] asm_exc_page_fault+0x26/0x30 [ 800.786881][T16781] RIP: 0033:0xd0000 [ 800.790707][T16781] Code: Unable to access opcode bytes at 0xcffd6. [ 800.797126][T16781] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 800.803199][T16781] RAX: 0000000000000000 RBX: 00007f86d23b6080 RCX: 00007f86d218e929 [ 800.811176][T16781] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 800.819155][T16781] RBP: 00007f86d2210b39 R08: 0000000000000002 R09: 0000000000000000 [ 800.827132][T16781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 800.835103][T16781] R13: 0000000000000000 R14: 00007f86d23b6080 R15: 00007ffd0cd72a08 [ 800.843091][T16781] [ 800.846178][T16781] Kernel Offset: disabled [ 800.850541][T16781] Rebooting in 86400 seconds..