last executing test programs: 15.903766739s ago: executing program 1 (id=1682): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/irq/0/smp_affinity\x00', 0x149441, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/pcie_aspm/parameters/policy\x00', 0xc0800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000)=""/208, 0xd0) 15.77341456s ago: executing program 1 (id=1683): openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0c\x00', 0x200, 0x0) r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x60801, 0x0) listen$auto(r0, 0x611e) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) fcntl$auto_F_SETSIG(r1, 0xa, 0xfffffffffffffeff) poll$auto(0x0, 0xa, 0x8) socketpair$auto(0x20, 0x5, 0x4000, 0x0) mmap$auto(0x0, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) r2 = open(0x0, 0x5ab582, 0x0) madvise$auto(0x0, 0x200007, 0x19) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x9, 0x3) close_range$auto(0x2, 0x8, 0x0) select$auto(0x6, &(0x7f0000000040)={[0xb, 0x4, 0x0, 0x6, 0x5, 0x800000cab, 0x8001, 0x100000000, 0xffff, 0x0, 0x1, 0x80000002, 0x7, 0x9, 0x9, 0x1]}, &(0x7f0000000140)={[0xfffffffffffffffb, 0x404000000000000, 0x1000, 0x6, 0x6, 0x7, 0x7, 0x9, 0xff, 0x6, 0x9, 0x4, 0x82f, 0x9, 0x8, 0x2]}, &(0x7f0000000240)={[0x8, 0x5, 0xc, 0xc000000000000, 0x3, 0x4, 0x8, 0xbf2, 0x4, 0x0, 0x2, 0x8, 0x2, 0x7c9, 0x10000, 0x4dff]}, &(0x7f00000002c0)={0xfffffffffffffff9, 0xd}) socket(0x2c, 0x6, 0x73) read$auto(0x3, 0x0, 0x80) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) socket(0x11, 0x80003, 0x300) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYRESOCT, @ANYRES32=r0, @ANYRES8=r3], 0x5c}, 0x1, 0x0, 0x0, 0xc398a2a63f7c8f44}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r4, 0x0, 0x400) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) 14.383144954s ago: executing program 1 (id=1686): open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clone$auto(0x20003b4b, 0x8000000000000000, 0x0, 0x0, 0x1b0) (async) clone$auto(0x20003b4b, 0x8000000000000000, 0x0, 0x0, 0x1b0) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0xae841, 0x1fb) socket(0x0, 0x1, 0xff) socket(0x2, 0x1, 0x106) (async) r1 = socket(0x2, 0x1, 0x106) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/nfsd.export/channel\x00', 0x8f3b7a51b8162d21, 0x0) setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000040)='nsKcg>', 0x2) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0x10}, 0x55) sendmsg$auto_NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f0000000240)={&(0x7f00000000c0), 0xc, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="180000df00", @ANYRES16=0x0, @ANYBLOB="020028bd7000fddbdf256f0000000400d800"], 0x18}, 0x1, 0x0, 0x0, 0x4040091}, 0x20008000) (async) sendmsg$auto_NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f0000000240)={&(0x7f00000000c0), 0xc, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="180000df00", @ANYRES16=0x0, @ANYBLOB="020028bd7000fddbdf256f0000000400d800"], 0x18}, 0x1, 0x0, 0x0, 0x4040091}, 0x20008000) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x0) fstat$auto(0x1, &(0x7f0000001a40)={0x2, 0x3, 0x1, 0x2, 0x3, 0x0, 0x0, 0x6, 0xe, 0x7, 0x3, 0x7, 0x7ff, 0xffffffff80000000, 0x7, 0x400000000007ff, 0x81}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0x100082) (async) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x7, 0x4000a, 0x0, 0x9b72, 0x7, 0x28000) (async) mmap$auto(0x7, 0x4000a, 0x0, 0x9b72, 0x7, 0x28000) r2 = socket(0x1d, 0x3, 0x1) getsockopt$auto(r2, 0x65, 0x4, 0xffffffffffffffff, 0x0) (async) getsockopt$auto(r2, 0x65, 0x4, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto_PR_SET_MM_START_DATA(0x80000001, 0x3, 0xffffffffffffffff, 0xa3, 0x1000) socket(0x1d, 0x2, 0x6) socket(0x2, 0x1, 0x0) (async) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xa, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x4, 0x2, 0x9, 0x5, 0x6, 0x8, 0x1001000, 0x8, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8, 0x9]}, 0x4, 0x40000081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40810}, 0x8044) 13.098126332s ago: executing program 1 (id=1693): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0xa, 0x5, 0x1007181, 0x8a0d, 0x7, 0x7, 0x7ff, 0x0, 0x26, 0x4, 0x200004000001, 0x384, 0xfffffffffffffffa, 0x3, 0x0, 0x30, 0x0, 0x864, 0xe, 0x22000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0xb, 0xd) r1 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r1, 0xfffffff7effffd0e, &(0x7f00000001c0)) capset$auto(&(0x7f0000000080)={0x8, 0xffffffffffffffff}, &(0x7f00000000c0)={0x2, 0xeb, 0x10}) r3 = openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) ioctl$auto_IOCTL_VM_SOCKETS_GET_LOCAL_CID(r3, 0x7b9, 0x700000000000000) r4 = getpgrp(0x0) sendmsg$auto_TASKSTATS_CMD_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x58, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK={0xd, 0x4, '/dev/sg0\x00'}, @TASKSTATS_CMD_ATTR_TGID={0x8, 0x2, r2}, @TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK={0xd, 0x4, '/dev/sg0\x00'}, @TASKSTATS_CMD_ATTR_TGID={0x8, 0x2, 0xffffffffffffffff}, @TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK={0x0, 0x4, '/\xac.*\\/-'}, @TASKSTATS_CMD_ATTR_PID={0x8, 0x1, r4}]}, 0x58}, 0x1, 0x0, 0x0, 0x48401}, 0x20048010) unshare$auto(0x40000080) socket(0x2, 0x3, 0xa) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mincore$auto(0x0, 0x10000, 0x0) getsockopt$auto(0x6, 0x84, 0x84, 0x0, 0x0) mseal$auto(0x0, 0x7dda, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) utimensat$auto(r0, 0x0, 0x0, 0x400) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x24300, 0x0) 7.981428506s ago: executing program 1 (id=1711): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) readv$auto(0xca, &(0x7f0000000140)={&(0x7f0000000180), 0xb}, 0x7f) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/bond_slave_1/disable_policy\x00', 0x202, 0x0) sendfile$auto(r3, r2, 0x0, 0x48) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r4, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0009, 0x13) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'tunl0\x00'}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r5 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r5, 0x43403d05, 0x0) madvise$auto(0x0, 0x53, 0x9) 6.210354261s ago: executing program 0 (id=1713): fcntl$auto(0xffffffffffffffff, 0x409, 0x40003f) capset$auto(0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) r2 = openat$auto_fops_u32_(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/netdevsim/netdevsim2/ports/3/ethtool/ring/rx_mini_max_pending\x00', 0x208c00, 0x0) io_uring_setup$auto(0x3, &(0x7f00000002c0)={0x8, 0x5, 0x101, 0x0, 0xffffffff, 0x3, r2, [0x1000, 0x6, 0x3], {0x5, 0x4, 0x9be, 0xfa, 0x9, 0x6, 0xb022, 0xfffffffd, 0x6}, {0x2, 0x8, 0xd9, 0xd, 0x513d, 0x1000, 0x6, 0x8, 0x8}}) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) setsockopt$auto(0x3, 0x0, 0x1a, 0x0, 0x28) quotactl$auto(0x2, &(0x7f0000000040)='/dev/sda1\x00', 0x62a0, 0x0) io_uring_setup$auto(0x6, 0x0) mknod$auto(&(0x7f0000000040)=':,\x00', 0xc9, 0xcb) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) 5.580718622s ago: executing program 0 (id=1717): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x66) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = socket(0x10, 0x2, 0x0) mmap$auto(0x8000000000000, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000000000008000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x6, 0x40a7a9, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x400053, 0x9) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000280), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x24, r2, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r2, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_BLA_CRC={0x6, 0x22, 0xb}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x30040000}, 0x24040084) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x11e0}, 0x1, 0x0, 0x0, 0x90}, 0x0) recvmmsg$auto(r5, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) read$auto_null_fops_mem(0xffffffffffffffff, &(0x7f0000000100)=""/98, 0x62) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range$auto(r1, 0x8, 0xfffffffd) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r6) mmap$auto(0x0, 0x8, 0x3, 0x10, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) setgroups$auto(0xe32, 0x0) 5.104912468s ago: executing program 2 (id=1719): keyctl$auto_KEYCTL_PKEY_ENCRYPT(0x19, 0x1, 0x81, 0x10, 0x80) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000100)=@link_create={@map_fd=r0, @target_ifindex=r1, 0x8001, 0x376, @tcx={@relative_fd=r0, 0x4}}, 0xa3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r3 = openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000b80)='/sys/kernel/debug/dri/vkms/Writeback-1/force\x00', 0x2, 0x0) pread64$auto(r3, 0x0, 0x4, 0x200000000005) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) ioctl$auto_BTRFS_IOC_SNAP_CREATE_V2(r2, 0x50009417, &(0x7f0000000640)={@raw=0x8, 0x9, 0x8, @unused, @subvolid=0x1}) writev$auto(0x3, &(0x7f00000000c0)={0x0, 0x7111}, 0x8) 4.513572081s ago: executing program 2 (id=1720): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x900, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb3, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = geteuid() ioprio_get$auto(0x760, r0) read$auto(0xffffffffffffffff, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0x2) write$auto(0x3, 0x0, 0xffd8) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) bpf$auto(0x6, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_ECHOREQ(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) mmap$auto(0xca, 0x4020c, 0x800000000008, 0x9b72, 0x7, 0x28003) write$auto(0x3, 0x0, 0x7fffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, 0x0, 0x4000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000000)=""/112, 0x70) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r2 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f00000001c0), 0x88080, 0x0) pread64$auto(r2, 0x0, 0x5, 0x5) 4.222652702s ago: executing program 2 (id=1721): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) syz_open_procfs$namespace(0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mtd/mtd0/mtdblock0/mq/0/nr_tags\x00', 0x666100, 0x0) 4.027154549s ago: executing program 1 (id=1722): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, 0x0, 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x800001e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x51) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x4, 0x948b, 0x1, 0x3, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x4000006d3e, 0x9, 0x2, 0x6]}, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) madvise$auto(0x0, 0x200007, 0x19) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x481) 3.56071907s ago: executing program 0 (id=1723): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000440), 0x20100, 0x0) ioctl$auto_LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x28082, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10000, 0x0) read$auto_lsm_ops_inode(0xffffffffffffffff, &(0x7f0000001040)=""/163, 0xa3) socket(0x1e, 0x80000, 0x5c) clock_nanosleep$auto(0x0, 0x1000, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) select$auto(0x80000001, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x800, 0x8000000000000000}) sendmsg$auto_NL80211_CMD_REMOVE_LINK_STA(0xffffffffffffffff, 0x0, 0x4000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0xfffffffffffffffd, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0xf, 0x80805, 0x0) memfd_secret$auto(0x0) socket(0x2b, 0x1, 0x1) setsockopt$auto(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r3, 0x5452, &(0x7f0000000080)={0x80, 0xbed0}) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r2) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x4000840}, 0x48c8) madvise$auto(0x108000, 0x800034, 0x4) madvise$auto(0x0, 0x5, 0x15) madvise$auto(0x0, 0x200007, 0x19) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)=""/4070, 0xffffff7d) 3.300583342s ago: executing program 2 (id=1724): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0006, 0x6) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3fff, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) open(0x0, 0x22240, 0x154) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x400008, 0xdc, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/tcp\x00', 0x181800, 0x0) pread64$auto(r1, &(0x7f0000000000)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xba*G\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90~Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\x00'/232, 0x3ef, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000100)={0x5eea, 0x7, [{r2, 0x0, 0x4, 0x6}]}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd4, 0x0, 0x4) prctl$auto(0x23, 0x20000000000000b, 0x7fffffffefff, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002cbd7000fedbdf250400000004001d0004000e00097efb5516142cd2ca0f510b9d75b6061fc3ae4c0e410c60da15653e421a1ed6512b7e1d6bd72e6bb436d14b879ed4c8559cb8128e7b80cbea7886b46fa20c490bcc03e57d99a20eb69a698bc0710f67473cb1c73f46eca1"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r5 = socket(0xa, 0x801, 0x84) clock_nanosleep$auto(0x5, 0x1ff, &(0x7f0000000000)={0x7, 0x8}, &(0x7f0000000040)={0x7, 0x7}) getsockopt$auto(r5, 0x84, 0x6f, 0x0, 0x0) syz_genetlink_get_family_id$auto_ioam6(0x0, 0xffffffffffffffff) 3.28294481s ago: executing program 3 (id=1725): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) r1 = bpf$auto_BPF_MAP_CREATE(0x0, &(0x7f0000000040)=@link_detach={r0}, 0x4) ioctl$auto(0x1, 0x5761, 0x4) ioctl$auto(r1, 0x5410, 0xffffffffffffffff) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x600201, 0x0) 3.11123581s ago: executing program 3 (id=1726): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/mdio_bus/drivers/RTL8251B 5Gbps PHY/uevent\x00', 0xd0800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000004c0)=""/206, 0xce) r2 = ioctl$auto_TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000040)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'macvtap0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x34, r4, 0x936355e497c8b7e5, 0x70bd26, 0x25dddbfc, {}, [@ETHTOOL_A_TSINFO_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x4048800) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) madvise$auto(0x0, 0x3, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) memfd_secret$auto(0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) pipe2$auto(0x0, 0x80) getsockopt$auto(0x6, 0x84, 0x84, 0x0, &(0x7f00000000c0)=0x10000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'lo\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_STATS_GET(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x110, r4, 0x20, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_STATS_GROUPS={0xcf, 0x3, 0x0, 0x1, [@generic="e750f3c1ee8fef436b909ea22dfff78c968ef0edf6ef07e7d80afd241fffda1264d60e5df0d065b340c36027859fbd527129b5acea51180c0e5d567f6aac635038b85536aa1e9a6da28444616087b3cf407035d7cc0e962e233ae34b38dc20d7ddec44e617dae3d544be82cc32bd82a7948a806c0d7f3d685d6a0f18b8514eb20ea376bfc7db7d73f7bbb29ed69be314e4373b25bbb553ebf36d493294e3ba8d39aad18991a4966d6daeddc91aef7334c5367fa80cdefb690397287aee53a350b69554", @nested={0x8, 0x6c, 0x0, 0x1, [@nested={0x4, 0x105}]}]}, @ETHTOOL_A_STATS_HEADER={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_STATS_SRC={0x8, 0x5, 0x5}, @ETHTOOL_A_STATS_SRC={0x8, 0x5, 0x1}, @ETHTOOL_A_STATS_SRC={0x8, 0x5, 0x5}, @ETHTOOL_A_STATS_SRC={0x8, 0x5, 0xffff}]}, 0x110}, 0x1, 0x0, 0x0, 0x44804}, 0x4000800) 2.735491085s ago: executing program 3 (id=1727): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/psmouse/parameters/a4tech_workaround\x00', 0x1a1042, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) pipe2$auto(0x0, 0x80) ioctl$auto(0x1, 0x5761, 0x4) ioctl$auto(0x1, 0x5761, 0x4) r1 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/block/nbd14/zone_wplugs\x00', 0xa000, 0x0) exit$auto(0x50e0) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r1, &(0x7f0000000040)=""/124, 0x7c) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:01.3/vendor\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000018c0)=""/219, 0xdb) write$auto_tomoyo_operations_securityfs_if(r2, &(0x7f00000012c0)="0a1b9a3c3e3efd6ea3d31791840bd7886d8ea582574c58e9865c33d76e1cadd6a7b7b426b7fcdc8e357080d70b5ab848770dc8f745d1c76eedaa12b9db050000000000000030aeb5dfce3531f694dabdbc08f62cb37e5bc82e660cfd70f603b20416c7bf0e95345b899b4466bf6a70b1274b19782b41ac172a25e65be53e69c6369b67a4cbd6383a0d767d84516183587530a17dbfd83a7678c6dad9917b91c7c9de3d61af452f90cf22400c4bcbb841f7d7641b3bccd058f9f2bad31f2ce81e389e210b34f43b4a5af377a6d4353989b4e9d49b2537b0a63a5cf6ae230d1296ef8b30c6bcdf7a6edf5c3258be46ae9d15fc0417e6070000007b9a8b05b4ad586c7b72db5ae55e9d149330720a", 0x10d) sendfile$auto(r0, r0, 0x0, 0xe00000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/psmouse/parameters/a4tech_workaround\x00', 0x1a1042, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) pipe2$auto(0x0, 0x80) (async) ioctl$auto(0x1, 0x5761, 0x4) (async) ioctl$auto(0x1, 0x5761, 0x4) (async) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/block/nbd14/zone_wplugs\x00', 0xa000, 0x0) (async) exit$auto(0x50e0) (async) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r1, &(0x7f0000000040)=""/124, 0x7c) (async) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:01.3/vendor\x00', 0x0, 0x0) (async) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000018c0)=""/219, 0xdb) (async) write$auto_tomoyo_operations_securityfs_if(r2, &(0x7f00000012c0)="0a1b9a3c3e3efd6ea3d31791840bd7886d8ea582574c58e9865c33d76e1cadd6a7b7b426b7fcdc8e357080d70b5ab848770dc8f745d1c76eedaa12b9db050000000000000030aeb5dfce3531f694dabdbc08f62cb37e5bc82e660cfd70f603b20416c7bf0e95345b899b4466bf6a70b1274b19782b41ac172a25e65be53e69c6369b67a4cbd6383a0d767d84516183587530a17dbfd83a7678c6dad9917b91c7c9de3d61af452f90cf22400c4bcbb841f7d7641b3bccd058f9f2bad31f2ce81e389e210b34f43b4a5af377a6d4353989b4e9d49b2537b0a63a5cf6ae230d1296ef8b30c6bcdf7a6edf5c3258be46ae9d15fc0417e6070000007b9a8b05b4ad586c7b72db5ae55e9d149330720a", 0x10d) (async) sendfile$auto(r0, r0, 0x0, 0xe00000000) (async) 2.526706206s ago: executing program 0 (id=1728): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x20000010) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/loginuid\x00', 0x331f02, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) socket(0xa, 0x5, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) socket(0x11, 0x2, 0x73) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x6, 0x0) open(0x0, 0x22240, 0x155) io_uring_setup$auto(0x30000, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, 0x0, 0x121080, 0x0) socket(0x2, 0x5, 0x0) openat$auto_stat_fops_(0xffffffffffffff9c, 0x0, 0x202802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40080, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc2dc0, 0x0) socket(0x11, 0x2, 0x14) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) read$auto(0x3, 0x0, 0x30) 2.188840156s ago: executing program 0 (id=1729): mmap$auto(0x200000000000f400, 0x9, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x4001, 0x0) recvmmsg$auto(r0, &(0x7f0000000280)={{0x0, 0x1d, &(0x7f0000000180)={&(0x7f0000000100), 0x80000000}, 0x10000, &(0x7f00000001c0)="d7cd776347984e13077263bfd5f9f5abd994085367e723ee8dd0f7dfe8708ad83c9fecd395", 0x962, 0x9}, 0x2e6}, 0x9a, 0x69ac, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0xb8b42, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x94100, 0x154) execveat$auto(r1, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x11000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x106000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/pagemap\x00', 0x20000, 0x0) read$auto(r2, 0x0, 0x39b8) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0x4fffffdf2) ioctl$auto(0x3, 0x402c542b, 0x38) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r3, 0x0, 0x7) 1.693221358s ago: executing program 3 (id=1730): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/inject\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) r1 = openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000080), 0x109001, 0x0) ioctl$auto_IOCTL_STOP_ACCEL_DEV(r1, 0x40096101, &(0x7f00000000c0)={@padding, 0x7}) r2 = io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) fcntl$auto_F_WRLCK(r2, 0x6, 0x1) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x3, 0x3a) ioctl$auto(0x20000000000003, 0x8936, 0x2) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/ib_srp/parameters/reconnect_delay\x00', 0x521683, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, 0x0, 0x0) setsockopt$auto(0x3, 0x6, 0x13, 0x0, 0xfb3) r4 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000540)='/sys/kernel/tracing/events/vmalloc/enable\x00', 0x181841, 0x0) write$auto(r4, &(0x7f0000000100)='9\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) shmctl$auto_IPC_RMID(0x7, 0x0, &(0x7f0000000100)={{0x3, 0x0, 0xee01, 0x5, 0x9, 0xb, 0x2}, 0x4, 0x100, 0x1a56, 0x1, @inferred, @raw=0x8000, 0xe7d, 0x0, &(0x7f0000000000), &(0x7f0000000040)="1783a8"}) sendmsg$auto_NBD_CMD_CONNECT(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="cc010000", @ANYRES16=r6, @ANYBLOB="01002dbd7000fbdbdf25010000000800010020100000a401078080017e802200bd00a7379b928b2fe53f4a96cc49fa078eb62dca03ca1694ea60fe7c14e53bd8000058019a80080034000a0101019ce33631f7ee0db308f1ab53fc9c76be817695013927ad4113eca8e76411453f0a1b001e478dede8caa63dd08eb7e3133e5fe9d217e7d4ac8c8ac4e9939612325b086b44ca38d564b1270dde6896b57fc3e2adb113ee40037a1101ddbff709000000354bb8cfe5d934b8c300ff21bec3196ce55e6bcb0c00b30001000000000000002774aab728502a57573cca72c294ab3a169cbd89d85dd854ae5446655e12e934571e740bb6d94206b78b78d60949b0f237cc6bfc3726d07ef11e79fc8459bbde98aa418a380ce342b791f12c7643b7634ea9e053172adf003ad098d6814598ba056a52fa156caf9a220f236df36341922fa4eb6c76adc1aa8d3ba5bc7f730bf8dfdeff14a17e0700e616f33b30f9b9c5861d0219bbe565a6c4dd9202d70b797f898518d6f4135de27939b11d5217f539702b7b18bfb9032b1e7e11620c30", @ANYRES32=r7, @ANYBLOB="050086000000000020003b8014001a00000000000000000000000000000000010800f4002b262b000c0002000100000000000000"], 0x1cc}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) mknod$auto(&(0x7f0000000100)='./file0\x00', 0x0, 0x2) mmap$auto(0x7f5, 0x402000a, 0xcf, 0x10000000000eb1, 0xffffffffffffffff, 0x4) 1.685623166s ago: executing program 2 (id=1738): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x100, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO2(r0, 0x80184132, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/security/tomoyo/manager\x00', 0x200, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/pcmC1D0p\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xdd01, 0x0) ioctl$auto_BLKRRPART(r3, 0x125f, 0x700000000000000) open(0x0, 0x161342, 0x100) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) open(0x0, 0xeee00, 0x31) mmap$auto(0x1, 0x2020006, 0x3, 0xeb1, r2, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000080)='}[,&*}\x00', &(0x7f00000000c0)='nfsd\x00', 0xf, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000180)='/dev/cec23\x00', 0x4700, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') socket(0x21, 0x2, 0x2) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0xffffffffffffc318, 0x948b, 0x3, 0x15f4da06, 0x3, 0x40000003, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) socket(0x1, 0x1, 0x6) socket(0xa, 0x800, 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x5) 920.624872ms ago: executing program 3 (id=1731): mmap$auto(0x4, 0x8, 0x9, 0x18, 0xfffefffffffffffa, 0x9) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r1, r1, 0x0) sendmsg$auto_NLBL_CIPSOV4_C_LISTALL(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="204923cd2f1e385d4b16798f2edfa1665ff176cf566ffc12f1939adeb5fc39ecf97209786dfd527a415852d8122e47a55f171d752bbe0449c294a5aaff5b6f985905200ee60c084afa87aa6bedbcb6fabed8a5", @ANYRES16=0x0, @ANYBLOB="080029bd7000fddbdf25040000000500030007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20048016}, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x2, 0x96a5, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/block/loop9/hctx0/tags\x00', 0x80000, 0x0) pread64$auto(r4, &(0x7f0000000040)='/&\x00', 0x5, 0x9) ptrace$auto(0x10, r3, 0x4, 0x8000040006) ptrace$auto(0x8, r3, 0xfffffffffffffffa, 0x8) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x10000, 0x0) socket(0x23, 0xf, 0x1) listen$auto(0x3, 0x81) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x4) ioctl$auto_USBDEVFS_SUBMITURB32(0xffffffffffffffff, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="ba8000000110000000feff7daaee0f93270da1e92e8c30db00d87dffc355c63250432a78931e6498719b4f00"]) socket(0x2b, 0x1, 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x114, 0xa, 0x0, 0x4) unshare$auto(0x5) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyq0\x00', 0x1f9180, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e28782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f293", 0xbe8) mmap$auto(0x0, 0x2060009, 0x3, 0xeb2, 0xffffffffffffffff, 0x8000) 260.290167ms ago: executing program 3 (id=1732): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2, 0x4, 0x0, 0x9, 0x2) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) fchdir$auto(r0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, 0x0, 0x1721, 0x70bd29, 0x25dfdbff, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r0}, @GTPA_PEER_ADDRESS={0x8, 0x4, @private=0xa010102}, @GTPA_LINK={0x8, 0x1, 0xffffff80}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40094}, 0x8004) r1 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/block/loop1/queue/wbt_lat_usec\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x9) ioctl$auto(r1, 0x400454ca, 0x38) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x80, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, 0xffffffffffffffff, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, 0xffffffffffffffff, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x6}, {0x7, 0xa, 0xf, 0x7fff, 0x3, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r4, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0xe0180, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r5, 0x5609, 0xffffffffffffffff) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) ioctl$auto_NS_GET_PID_FROM_PIDNS(r4, 0x8004b706, &(0x7f0000000180)=0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000050}, 0x400c0) 94.366546ms ago: executing program 2 (id=1733): adjtimex$auto(&(0x7f00000004c0)={0xf332b6c, 0x0, 0x0, 0xfffffffffffffffd, 0x4ea, 0x1, 0x6, 0x0, 0x1, 0x0, 0x8, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x6, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) (async) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nbd9\x00', 0x8201, 0x0) (async, rerun: 64) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) (rerun: 64) sendfile$auto(r0, r1, 0x0, 0x1) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0xc0282, 0x0) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000500)='/dev/video0\x00', 0x0, 0x0) clock_adjtime$auto(0x80000001, &(0x7f00000000c0)={0x6, 0x0, 0x9, 0x6, 0x2, 0x0, 0x5, 0x0, 0x6, 0x642, 0x0, {0x8, 0x9}, 0x0, 0x100000000, 0x6, 0x200, 0x0, 0x4f, 0x3, 0x9, 0x7, 0x7f, 0xfffffff7}) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r3 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/current_tracer\x00', 0x40482, 0x0) pwrite64$auto(r3, 0x0, 0x0, 0x80000000000444c) (async) ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f00000001c0)={0x100, 0x3, 0x200, 0x43a9, 0x6f, 0xffffffffffffffff}) rt_sigqueueinfo$auto(r4, 0x5, &(0x7f0000000200)={@_si_pad}) (async) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1fc, 0x200000000807, 0xd, 0x1, 0x948b, 0x3, 0x7f, 0x3, 0x3, 0x9, 0x4, 0x5, 0x6d3f, 0x9, 0x9, 0xfffffffffffffffd]}, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x40, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x3b) 0s ago: executing program 0 (id=1734): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) ioctl$auto_FIOQSIZE(r0, 0x5460, 0x9686) r1 = bpf$auto(0x18, &(0x7f0000000040)=@link_create={@prog_fd, @target_fd, 0x7fff, 0x40000, @kprobe_multi={0x6, 0x80000001, 0xb70, 0x733, 0x4}}, 0x92) sendmsg$auto_NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x440d1}, 0x4084) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff) getsockopt$auto(r1, 0x6, 0x2, &(0x7f00000002c0)='IPVS\x00', &(0x7f0000000300)=0x5) socket(0x2, 0xa, 0x0) mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x19, 0x0, 0x0) r2 = socket(0x11, 0x3, 0x9) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/mem\x00', 0x88000, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x4d}) sendmmsg$auto(r2, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000040), 0x49}, 0x4, &(0x7f0000000200)="673774564a2acb7b5262f70ed254be8dfbc42451e3742512a1199ac5d5254ac32415730fa0789f4ea81113eb2e18d8891a8e1f4c1a8cffdd1dbd660965278bf495620b82ad5e38575ba36ca10f1b7fa5fb878c669bb251c8dbdc86c19e6285f31a55dbc43024e4b067a8ab0e79439ced8013ad5325d847f9fa74d1a24d69f4194cf2e6c6d62f9e3b698c93865682a818e1d054aa91cd3a003daa52496a960e1009649174000000000000000000", 0x5, 0x1000}, 0x5}, 0x0, 0x100) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         syzkaller syzkaller login: [ 339.204082][T10508] netlink: 40 bytes leftover after parsing attributes in process `syz.3.908'. [ 340.093406][T10525] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32 [ 341.935089][T10526] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 343.647253][T10557] block nbd7: not configured, cannot reconfigure [ 343.814203][T10558] FAULT_INJECTION: forcing a failure. [ 343.814203][T10558] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 344.139328][T10558] CPU: 1 UID: 0 PID: 10558 Comm: syz.0.918 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 344.139371][T10558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 344.139388][T10558] Call Trace: [ 344.139399][T10558] [ 344.139411][T10558] dump_stack_lvl+0x16c/0x1f0 [ 344.139466][T10558] should_fail_ex+0x512/0x640 [ 344.139520][T10558] _copy_from_user+0x2e/0xd0 [ 344.139572][T10558] kstrtouint_from_user+0xd6/0x1d0 [ 344.139614][T10558] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 344.139653][T10558] ? __lock_acquire+0xb8a/0x1c90 [ 344.139715][T10558] proc_fail_nth_write+0x83/0x250 [ 344.139755][T10558] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 344.139806][T10558] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 344.139842][T10558] vfs_write+0x29d/0x1150 [ 344.139900][T10558] ? __pfx___mutex_lock+0x10/0x10 [ 344.139930][T10558] ? __pfx_vfs_write+0x10/0x10 [ 344.139987][T10558] ? __fget_files+0x20e/0x3c0 [ 344.140043][T10558] ksys_write+0x12a/0x250 [ 344.140088][T10558] ? __pfx_ksys_write+0x10/0x10 [ 344.140143][T10558] do_syscall_64+0xcd/0x490 [ 344.140180][T10558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.140213][T10558] RIP: 0033:0x7f5a2e58d3df [ 344.140249][T10558] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 344.140277][T10558] RSP: 002b:00007f5a2f402030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 344.140306][T10558] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5a2e58d3df [ 344.140325][T10558] RDX: 0000000000000001 RSI: 00007f5a2f4020a0 RDI: 0000000000000004 [ 344.140344][T10558] RBP: 00007f5a2f402090 R08: 0000000000000000 R09: 0000000000000000 [ 344.140362][T10558] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 344.140380][T10558] R13: 0000000000000000 R14: 00007f5a2e7b5fa0 R15: 00007ffcb1f79178 [ 344.140439][T10558] [ 344.549174][T10552] netlink: 504 bytes leftover after parsing attributes in process `syz.1.916'. [ 344.662564][T10570] netlink: 40 bytes leftover after parsing attributes in process `syz.2.921'. [ 347.094397][T10604] netlink: 4 bytes leftover after parsing attributes in process `syz.0.929'. [ 347.782123][ T5966] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 350.371442][T10651] netlink: 12 bytes leftover after parsing attributes in process `syz.2.939'. [ 350.423024][T10651] nbd: must specify a size in bytes for the device [ 351.334771][T10680] netlink: 40 bytes leftover after parsing attributes in process `syz.1.948'. [ 351.522789][T10686] netlink: 68 bytes leftover after parsing attributes in process `syz.0.947'. [ 351.865428][T10698] FAULT_INJECTION: forcing a failure. [ 351.865428][T10698] name failslab, interval 1, probability 0, space 0, times 0 [ 352.017835][T10698] CPU: 1 UID: 0 PID: 10698 Comm: syz.2.950 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 352.017881][T10698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 352.017900][T10698] Call Trace: [ 352.017910][T10698] [ 352.017922][T10698] dump_stack_lvl+0x16c/0x1f0 [ 352.017979][T10698] should_fail_ex+0x512/0x640 [ 352.018027][T10698] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 352.018079][T10698] should_failslab+0xc2/0x120 [ 352.018117][T10698] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 352.018167][T10698] ? security_file_alloc+0x34/0x2b0 [ 352.018215][T10698] security_file_alloc+0x34/0x2b0 [ 352.018254][T10698] init_file+0x93/0x4c0 [ 352.018286][T10698] alloc_empty_file+0x73/0x1e0 [ 352.018320][T10698] alloc_file_pseudo+0x13a/0x230 [ 352.018354][T10698] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 352.018387][T10698] ? tipc_sk_finish_conn+0x580/0x790 [ 352.018427][T10698] sock_alloc_file+0x50/0x210 [ 352.018463][T10698] __sys_socketpair+0x34e/0x5a0 [ 352.018508][T10698] ? __pfx___sys_socketpair+0x10/0x10 [ 352.018548][T10698] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 352.018595][T10698] ? xfd_validate_state+0x61/0x180 [ 352.018645][T10698] __x64_sys_socketpair+0x96/0x100 [ 352.018687][T10698] ? lockdep_hardirqs_on+0x7c/0x110 [ 352.018734][T10698] do_syscall_64+0xcd/0x490 [ 352.018766][T10698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.018797][T10698] RIP: 0033:0x7f7935d8e929 [ 352.018821][T10698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 352.018869][T10698] RSP: 002b:00007f7933bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 352.018898][T10698] RAX: ffffffffffffffda RBX: 00007f7935fb6080 RCX: 00007f7935d8e929 [ 352.018919][T10698] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 352.018937][T10698] RBP: 00007f7935e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 352.018955][T10698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 352.018973][T10698] R13: 0000000000000000 R14: 00007f7935fb6080 R15: 00007ffd2112c058 [ 352.019013][T10698] [ 355.352366][T10744] netlink: 40 bytes leftover after parsing attributes in process `syz.1.958'. [ 355.512605][T10748] binder: 10747:10748 ioctl c018620c 0 returned -14 [ 355.740919][T10757] netlink: 338 bytes leftover after parsing attributes in process `syz.3.963'. [ 355.761835][T10757] netlink: 338 bytes leftover after parsing attributes in process `syz.3.963'. [ 356.067487][T10766] netlink: 40 bytes leftover after parsing attributes in process `syz.3.966'. [ 356.323701][T10772] netlink: 'syz.3.968': attribute type 28 has an invalid length. [ 356.343268][T10772] netlink: 334 bytes leftover after parsing attributes in process `syz.3.968'. [ 356.450646][T10772] device-mapper: ioctl: only supply one of name or uuid, cmd(15) [ 357.448496][T10801] netlink: 40 bytes leftover after parsing attributes in process `syz.1.977'. [ 358.098531][T10798] netlink: 12 bytes leftover after parsing attributes in process `syz.0.975'. [ 358.107979][T10798] nbd: must specify a size in bytes for the device [ 361.260985][T10884] netlink: 8 bytes leftover after parsing attributes in process `syz.1.987'. [ 362.713046][T10912] netlink: 'syz.1.992': attribute type 1 has an invalid length. [ 362.721280][T10912] netlink: 318 bytes leftover after parsing attributes in process `syz.1.992'. [ 362.881197][T10914] netlink: 12 bytes leftover after parsing attributes in process `syz.0.989'. [ 362.917304][T10914] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 364.477117][T10937] netlink: 40 bytes leftover after parsing attributes in process `syz.1.997'. [ 364.947985][T10948] FAULT_INJECTION: forcing a failure. [ 364.947985][T10948] name failslab, interval 1, probability 0, space 0, times 0 [ 365.042999][T10948] CPU: 1 UID: 0 PID: 10948 Comm: syz.2.998 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 365.043039][T10948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 365.043056][T10948] Call Trace: [ 365.043066][T10948] [ 365.043078][T10948] dump_stack_lvl+0x16c/0x1f0 [ 365.043130][T10948] should_fail_ex+0x512/0x640 [ 365.043175][T10948] ? __kmalloc_noprof+0xbf/0x510 [ 365.043227][T10948] ? sk_prot_alloc+0x1a8/0x2a0 [ 365.043259][T10948] should_failslab+0xc2/0x120 [ 365.043288][T10948] __kmalloc_noprof+0xd2/0x510 [ 365.043332][T10948] ? evm_inode_alloc_security+0x49/0xc0 [ 365.043389][T10948] sk_prot_alloc+0x1a8/0x2a0 [ 365.043428][T10948] sk_alloc+0x36/0xc20 [ 365.043476][T10948] __netlink_create+0x5e/0x2c0 [ 365.043528][T10948] __netlink_kernel_create+0xed/0x750 [ 365.043566][T10948] ? __pfx___netlink_kernel_create+0x10/0x10 [ 365.043615][T10948] uevent_net_init+0xf8/0x350 [ 365.043649][T10948] ? __pfx_uevent_net_init+0x10/0x10 [ 365.043687][T10948] ? __pfx_uevent_net_rcv+0x10/0x10 [ 365.043734][T10948] ? __pfx_uevent_net_init+0x10/0x10 [ 365.043766][T10948] ops_init+0x1df/0x5f0 [ 365.043807][T10948] setup_net+0x1ff/0x510 [ 365.043843][T10948] ? lockdep_init_map_type+0x5c/0x280 [ 365.043885][T10948] ? __pfx_setup_net+0x10/0x10 [ 365.043919][T10948] ? debug_mutex_init+0x37/0x70 [ 365.043953][T10948] copy_net_ns+0x2a6/0x5f0 [ 365.043992][T10948] create_new_namespaces+0x3ea/0xa90 [ 365.044036][T10948] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 365.044093][T10948] ksys_unshare+0x45b/0xa40 [ 365.044133][T10948] ? native_tss_update_io_bitmap+0x3e1/0x770 [ 365.044180][T10948] ? __pfx_ksys_unshare+0x10/0x10 [ 365.044224][T10948] ? xfd_validate_state+0x61/0x180 [ 365.044278][T10948] __x64_sys_unshare+0x31/0x40 [ 365.044319][T10948] do_syscall_64+0xcd/0x490 [ 365.044352][T10948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.044384][T10948] RIP: 0033:0x7f7935d8e929 [ 365.044409][T10948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 365.044439][T10948] RSP: 002b:00007f7936b20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 365.044469][T10948] RAX: ffffffffffffffda RBX: 00007f7935fb5fa0 RCX: 00007f7935d8e929 [ 365.044490][T10948] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 365.044515][T10948] RBP: 00007f7935e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 365.044533][T10948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 365.044552][T10948] R13: 0000000000000000 R14: 00007f7935fb5fa0 R15: 00007ffd2112c058 [ 365.044593][T10948] [ 365.353156][T10948] kobject_uevent: unable to create netlink socket! [ 365.758042][ T5966] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 366.303570][T10972] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1004'. [ 366.940962][T10987] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1015'. [ 368.034339][T10996] could not allocate digest TFM handle [ 368.147669][T10994] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078002dc0 pfn:0x78002 [ 368.190859][T10994] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 368.232027][T10994] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 368.255059][T10994] raw: ffff888078002dc0 0000000000000000 00000001ffffffff 0000000000000000 [ 368.332727][T10994] page dumped because: unmovable page [ 368.390736][T10994] page_owner tracks the page as allocated [ 368.431279][T10994] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 5845, tgid 5845 (syz-executor), ts 166047329501, free_ts 165998742765 [ 368.512076][T10994] post_alloc_hook+0x1c0/0x230 [ 368.529406][T10994] get_page_from_freelist+0x1321/0x3890 [ 368.557287][T10994] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 368.580059][T10994] alloc_pages_bulk_noprof+0x71c/0x1410 [ 368.599284][T10994] kasan_populate_vmalloc+0xf1/0x1f0 [ 368.611966][T10994] alloc_vmap_area+0x959/0x29c0 [ 368.616872][T10994] __get_vm_area_node+0x1ca/0x330 [ 368.645029][T10994] __vmalloc_node_range_noprof+0x271/0x14b0 [ 368.662033][T10994] __vmalloc_node_noprof+0xad/0xf0 [ 368.667215][T10994] xt_counters_alloc+0x4c/0x70 [ 368.702043][T10994] __do_replace+0x97/0x9f0 [ 368.706577][T10994] do_ip6t_set_ctl+0x806/0xa70 [ 368.711391][T10994] nf_setsockopt+0x8d/0xf0 [ 368.742083][T10994] ipv6_setsockopt+0x135/0x170 [ 368.775558][T10994] tcp_setsockopt+0xa7/0x100 [ 368.780214][T10994] do_sock_setsockopt+0x221/0x470 [ 368.817167][T10994] page last free pid 6956 tgid 6956 stack trace: [ 368.847847][T10994] __free_frozen_pages+0x7fe/0x1180 [ 368.867611][T10994] tlb_finish_mmu+0x237/0x7c0 [ 368.886524][T10994] exit_mmap+0x403/0xb90 [ 368.899274][T10994] __mmput+0x12a/0x410 [ 368.905553][T10994] mmput+0x62/0x70 [ 368.919513][T10994] do_exit+0x7bc/0x2bd0 [ 368.923921][T10994] do_group_exit+0xd3/0x2a0 [ 368.928917][T10994] __x64_sys_exit_group+0x3e/0x50 [ 368.942014][T10994] x64_sys_call+0x1530/0x1730 [ 368.958997][T10994] do_syscall_64+0xcd/0x490 [ 368.964037][T10994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.994982][T11026] ptp ptp0: only physical clock in use now [ 370.064080][ T5966] Bluetooth: hci3: ACL packet too small [ 370.140616][T11026] ima: policy update failed [ 370.167358][T11028] netlink: 504 bytes leftover after parsing attributes in process `syz.1.1017'. [ 370.181237][ T30] audit: type=1802 audit(4294967308.860:15): pid=11026 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1016" res=0 errno=0 [ 371.341132][T11066] netlink: 'syz.3.1022': attribute type 11 has an invalid length. [ 371.351549][T11066] netlink: 4108 bytes leftover after parsing attributes in process `syz.3.1022'. [ 371.362111][T11066] netlink: 240 bytes leftover after parsing attributes in process `syz.3.1022'. [ 371.819456][T11067] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078002dc0 pfn:0x78002 [ 371.873004][T11067] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 371.880303][T11067] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 371.891109][T11067] raw: ffff888078002dc0 0000000000000000 00000001ffffffff 0000000000000000 [ 371.982242][T11067] page dumped because: unmovable page [ 372.002162][T11067] page_owner tracks the page as allocated [ 372.007931][T11067] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 5845, tgid 5845 (syz-executor), ts 166047329501, free_ts 165998742765 [ 372.052971][T11067] post_alloc_hook+0x1c0/0x230 [ 372.057828][T11067] get_page_from_freelist+0x1321/0x3890 [ 372.085694][T11067] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 372.100845][T11067] alloc_pages_bulk_noprof+0x71c/0x1410 [ 372.116498][T11067] kasan_populate_vmalloc+0xf1/0x1f0 [ 372.141984][T11067] alloc_vmap_area+0x959/0x29c0 [ 372.162025][T11067] __get_vm_area_node+0x1ca/0x330 [ 372.181986][T11067] __vmalloc_node_range_noprof+0x271/0x14b0 [ 372.204173][T11067] __vmalloc_node_noprof+0xad/0xf0 [ 372.220766][T11067] xt_counters_alloc+0x4c/0x70 [ 372.240996][T11067] __do_replace+0x97/0x9f0 [ 372.252031][T11067] do_ip6t_set_ctl+0x806/0xa70 [ 372.263278][T11067] nf_setsockopt+0x8d/0xf0 [ 372.274969][T11067] ipv6_setsockopt+0x135/0x170 [ 372.290007][T11067] tcp_setsockopt+0xa7/0x100 [ 372.301968][T11067] do_sock_setsockopt+0x221/0x470 [ 372.316406][T11067] page last free pid 6956 tgid 6956 stack trace: [ 372.332148][T11067] __free_frozen_pages+0x7fe/0x1180 [ 372.342273][T11067] tlb_finish_mmu+0x237/0x7c0 [ 372.352010][T11067] exit_mmap+0x403/0xb90 [ 372.361982][T11067] __mmput+0x12a/0x410 [ 372.372034][T11067] mmput+0x62/0x70 [ 372.375826][T11067] do_exit+0x7bc/0x2bd0 [ 372.382294][T11067] do_group_exit+0xd3/0x2a0 [ 372.390295][T11067] __x64_sys_exit_group+0x3e/0x50 [ 372.400447][T11067] x64_sys_call+0x1530/0x1730 [ 372.410567][T11067] do_syscall_64+0xcd/0x490 [ 372.420698][T11067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.462492][T11102] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input35 [ 375.016890][T11103] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 376.684004][T11158] sp0: Synchronizing with TNC [ 376.716150][ T5892] Process accounting resumed [ 377.437134][T11171] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1037'. [ 380.085285][ T5824] smpboot: CPU 1 is now offline [ 380.098311][ T5824] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 381.283672][T11243] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1050'. [ 381.474951][T11243] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 381.610198][T11199] kexec: Could not allocate control_code_buffer [ 382.102751][T11266] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1052'. [ 382.748252][T11274] FAULT_INJECTION: forcing a failure. [ 382.748252][T11274] name failslab, interval 1, probability 0, space 0, times 0 [ 382.836697][T11274] CPU: 0 UID: 0 PID: 11274 Comm: syz.2.1054 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 382.836730][T11274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 382.836744][T11274] Call Trace: [ 382.836752][T11274] [ 382.836760][T11274] dump_stack_lvl+0x16c/0x1f0 [ 382.836805][T11274] should_fail_ex+0x512/0x640 [ 382.836842][T11274] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 382.836882][T11274] should_failslab+0xc2/0x120 [ 382.836913][T11274] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 382.836950][T11274] ? alloc_empty_file+0x55/0x1e0 [ 382.836979][T11274] alloc_empty_file+0x55/0x1e0 [ 382.837005][T11274] path_openat+0xda/0x2cb0 [ 382.837038][T11274] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.837073][T11274] ? __pfx_path_openat+0x10/0x10 [ 382.837115][T11274] do_filp_open+0x20b/0x470 [ 382.837151][T11274] ? __pfx_do_filp_open+0x10/0x10 [ 382.837206][T11274] ? _raw_spin_unlock+0x28/0x50 [ 382.837239][T11274] ? alloc_fd+0x471/0x7d0 [ 382.837279][T11274] do_sys_openat2+0x11b/0x1d0 [ 382.837306][T11274] ? __pfx_do_sys_openat2+0x10/0x10 [ 382.837334][T11274] ? __pfx___might_resched+0x10/0x10 [ 382.837367][T11274] __x64_sys_open+0x153/0x1e0 [ 382.837393][T11274] ? __pfx___x64_sys_open+0x10/0x10 [ 382.837439][T11274] ? rcu_is_watching+0x12/0xc0 [ 382.837464][T11274] do_syscall_64+0xcd/0x490 [ 382.837488][T11274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.837510][T11274] RIP: 0033:0x7f7935d8e929 [ 382.837528][T11274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.837551][T11274] RSP: 002b:00007f7936b20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 382.837572][T11274] RAX: ffffffffffffffda RBX: 00007f7935fb5fa0 RCX: 00007f7935d8e929 [ 382.837587][T11274] RDX: 0000000000000155 RSI: 0000000000022240 RDI: 0000000000000000 [ 382.837601][T11274] RBP: 00007f7935e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 382.837615][T11274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 382.837628][T11274] R13: 0000000000000000 R14: 00007f7935fb5fa0 R15: 00007ffd2112c058 [ 382.837657][T11274] [ 383.672665][T11289] ubi: mtd0 is already attached to ubi0 [ 383.776867][T11270] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1053'. [ 383.776904][T11270] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 384.758565][T11281] tty tty53: ldisc open failed (-12), clearing slot 52 [ 387.110061][T11361] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1067'. [ 387.232251][T11361] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 388.994297][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 389.000638][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 391.894629][T11421] ubi: mtd0 is already attached to ubi0 [ 392.609556][T11438] vhci_hcd: invalid port number 21 [ 393.556659][ T5966] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 393.556692][ T5966] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 393.573115][ T5966] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 393.573143][ T5966] Bluetooth: hci1: adv larger than maximum supported [ 393.580312][ T5966] Bluetooth: hci1: adv larger than maximum supported [ 393.587085][ T5966] Bluetooth: hci1: Malformed LE Event: 0x0d [ 393.700761][T11452] QAT: Invalid ioctl 21531 [ 395.995677][T11479] zram0: detected capacity change from 0 to 8 [ 396.923236][T11490] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1092'. [ 398.485805][T11509] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1098'. [ 398.844753][T11514] bridge0: port 3(ipvlan1) entered blocking state [ 398.872013][T11514] bridge0: port 3(ipvlan1) entered disabled state [ 398.891148][T11514] ipvlan1: entered allmulticast mode [ 398.909805][T11514] veth0_vlan: entered allmulticast mode [ 398.941106][T11514] ipvlan1: left allmulticast mode [ 398.962013][T11514] veth0_vlan: left allmulticast mode [ 399.261421][T11516] can: request_module (can-proto-0) failed. [ 400.465108][T11544] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1105'. [ 400.493742][T11546] FAULT_INJECTION: forcing a failure. [ 400.493742][T11546] name failslab, interval 1, probability 0, space 0, times 0 [ 400.703970][T11546] CPU: 0 UID: 0 PID: 11546 Comm: syz.0.1103 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 400.704004][T11546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 400.704019][T11546] Call Trace: [ 400.704026][T11546] [ 400.704034][T11546] dump_stack_lvl+0x16c/0x1f0 [ 400.704077][T11546] should_fail_ex+0x512/0x640 [ 400.704112][T11546] ? fs_reclaim_acquire+0xae/0x150 [ 400.704142][T11546] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 400.704181][T11546] should_failslab+0xc2/0x120 [ 400.704203][T11546] __kmalloc_noprof+0xd2/0x510 [ 400.704245][T11546] tomoyo_realpath_from_path+0xc2/0x6e0 [ 400.704282][T11546] ? tomoyo_profile+0x47/0x60 [ 400.704322][T11546] tomoyo_path_number_perm+0x245/0x580 [ 400.704349][T11546] ? tomoyo_path_number_perm+0x237/0x580 [ 400.704379][T11546] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 400.704437][T11546] ? find_held_lock+0x2b/0x80 [ 400.704459][T11546] ? hook_file_ioctl_common+0x145/0x410 [ 400.704491][T11546] ? __fget_files+0x20e/0x3c0 [ 400.704527][T11546] security_file_ioctl+0x9b/0x240 [ 400.704558][T11546] __x64_sys_ioctl+0xb7/0x210 [ 400.704588][T11546] do_syscall_64+0xcd/0x490 [ 400.704611][T11546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.704635][T11546] RIP: 0033:0x7f5a2e58e929 [ 400.704654][T11546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.704676][T11546] RSP: 002b:00007f5a2f3c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 400.704697][T11546] RAX: ffffffffffffffda RBX: 00007f5a2e7b6160 RCX: 00007f5a2e58e929 [ 400.704712][T11546] RDX: 0000000000000000 RSI: 000000000000125f RDI: 0000000000000003 [ 400.704726][T11546] RBP: 00007f5a2e610b39 R08: 0000000000000000 R09: 0000000000000000 [ 400.704740][T11546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 400.704754][T11546] R13: 0000000000000000 R14: 00007f5a2e7b6160 R15: 00007ffcb1f79178 [ 400.704783][T11546] [ 400.704792][T11546] ERROR: Out of memory at tomoyo_realpath_from_path. [ 401.170785][T11548] syz.3.1106 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 401.229990][T11548] syz.3.1106: vmalloc error: size 16384, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 401.302589][T11550] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek [ 401.391988][T11548] dump_stack_lvl+0x16c/0x1f0 [ 401.392032][T11548] warn_alloc+0x248/0x3a0 [ 401.392070][T11548] ? __pfx_warn_alloc+0x10/0x10 [ 401.392114][T11548] ? alloc_pages_mpol+0x25a/0x550 [ 401.392139][T11548] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 401.392173][T11548] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 401.392214][T11548] ? kernel_clone+0xfc/0x960 [ 401.392255][T11548] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 401.392297][T11548] ? kernel_clone+0xfc/0x960 [ 401.392325][T11548] __vmalloc_node_noprof+0xad/0xf0 [ 401.392354][T11548] ? kernel_clone+0xfc/0x960 [ 401.392386][T11548] copy_process+0x2c70/0x76a0 [ 401.392413][T11548] ? preempt_schedule_thunk+0x16/0x30 [ 401.392448][T11548] ? try_to_wake_up+0xa2f/0x1680 [ 401.392474][T11548] ? __pfx_copy_process+0x10/0x10 [ 401.392502][T11548] ? plist_check_head+0xa3/0x150 [ 401.392539][T11548] ? futex_private_hash_put+0xc7/0x240 [ 401.392570][T11548] kernel_clone+0xfc/0x960 [ 401.392599][T11548] ? __pfx_futex_wake+0x10/0x10 [ 401.392632][T11548] ? __pfx_kernel_clone+0x10/0x10 [ 401.392659][T11548] ? __pfx_vfs_writev+0x10/0x10 [ 401.392708][T11548] __do_sys_clone+0xce/0x120 [ 401.392736][T11548] ? __pfx___do_sys_clone+0x10/0x10 [ 401.392779][T11548] ? xfd_validate_state+0x61/0x180 [ 401.392809][T11548] ? __pfx_do_writev+0x10/0x10 [ 401.392849][T11548] do_syscall_64+0xcd/0x490 [ 401.392873][T11548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.392898][T11548] RIP: 0033:0x7f4d5f98e929 [ 401.392916][T11548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 401.392939][T11548] RSP: 002b:00007f4d608d7fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 401.392961][T11548] RAX: ffffffffffffffda RBX: 00007f4d5fbb5fa0 RCX: 00007f4d5f98e929 [ 401.392980][T11548] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040011 [ 401.392995][T11548] RBP: 00007f4d5fa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 401.393009][T11548] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 401.393023][T11548] R13: 0000000000000000 R14: 00007f4d5fbb5fa0 R15: 00007fff91ae3078 [ 401.393053][T11548] [ 401.393086][T11548] Mem-Info: [ 402.342170][T11548] active_anon:44075 inactive_anon:5 isolated_anon:0 [ 402.342170][T11548] active_file:4531 inactive_file:53467 isolated_file:0 [ 402.342170][T11548] unevictable:768 dirty:648 writeback:0 [ 402.342170][T11548] slab_reclaimable:10880 slab_unreclaimable:97086 [ 402.342170][T11548] mapped:43559 shmem:34426 pagetables:1261 [ 402.342170][T11548] sec_pagetables:0 bounce:0 [ 402.342170][T11548] kernel_misc_reclaimable:0 [ 402.342170][T11548] free:1270528 free_pcp:25245 free_cma:0 [ 402.568834][T11548] Node 0 active_anon:182852kB inactive_anon:20kB active_file:18124kB inactive_file:213664kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:176628kB dirty:2592kB writeback:0kB shmem:138560kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12560kB pagetables:4880kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 402.743886][T11548] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 402.900865][T11548] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 403.033042][T11548] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 403.070488][T11548] Node 0 DMA32 free:1172704kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:186484kB inactive_anon:20kB active_file:18124kB inactive_file:212068kB unevictable:1536kB writepending:2352kB present:3129332kB managed:2540900kB mlocked:0kB bounce:0kB free_pcp:63272kB local_pcp:63272kB free_cma:0kB [ 403.211810][T11548] lowmem_reserve[]: 0 0 1 1 1 [ 403.234803][T11548] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1584kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 403.362049][T11548] lowmem_reserve[]: 0 0 0 0 0 [ 403.366849][T11548] Node 1 Normal free:3893632kB boost:0kB min:55788kB low:69732kB high:83676kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:31360kB local_pcp:31360kB free_cma:0kB [ 403.525921][T11548] lowmem_reserve[]: 0 0 0 0 0 [ 403.530708][T11548] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 403.603946][T11548] Node 0 DMA32: 10980*4kB (UME) 1652*8kB (UME) 1105*16kB (UME) 1173*32kB (UME) 331*64kB (UME) 129*128kB (UME) 51*256kB (UME) 15*512kB (UM) 6*1024kB (UME) 10*2048kB (UM) 238*4096kB (UM) = 1172256kB [ 403.682166][T11548] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 403.725722][T11548] Node 1 Normal: 60*4kB (UME) 34*8kB (UME) 60*16kB (UME) 238*32kB (UME) 62*64kB (UME) 21*128kB (UM) 12*256kB (M) 6*512kB (UME) 3*1024kB (M) 5*2048kB (UM) 942*4096kB (M) = 3893632kB [ 403.837790][T11548] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 403.878329][T11548] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 403.926139][T11548] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 403.970840][T11548] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 404.024187][T11548] 96349 total pagecache pages [ 404.028944][T11548] 41 pages in swap cache [ 404.051997][T11548] Free swap = 124848kB [ 404.056284][T11548] Total swap = 124996kB [ 404.060453][T11548] 2097051 pages RAM [ 404.134145][T11548] 0 pages HighMem/MovableOnly [ 404.149416][T11548] 429784 pages reserved [ 404.163700][T11548] 0 pages cma reserved [ 405.235205][T11589] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1116'. [ 406.237432][T11597] [U]  [ 406.240295][T11597] [U] [ 406.243015][T11597] [U] [ 406.245730][T11597] [U] [ 406.393888][T11597] [U] [ 406.396616][T11597] [U] file ioctl /dev/null 0x5401 [ 406.401683][T11597] [U] file execute /bin/ln exec.realpath="/bin/ln" exec.argv[0]="/bin/ln" [ 406.410193][T11597] [U] file execute /bin/hostname exec.realpath="/bin/hostname" exec.argv[0]="/bin/hostname" [ 406.420274][T11597] [U] file execute /etc/init.d/rcS exec.realpath="/etc/init.d/rcS" exec.argv[0]="/etc/init.d/rcS" [ 406.430864][T11597] [U] file read/write /dev/ttyS0 [ 406.435806][T11597] [U] file ioctl /dev/ttyS0 0x5401 [ 406.440928][T11597] [U] file ioctl /dev/ttyS0 0x5402 [ 406.446047][T11597] [U] file execute /sbin/getty exec.realpath="/sbin/getty" exec.argv[0]="/sbin/getty" [ 406.455597][T11597] [U] /sbin/init /bin/mount [ 406.460891][T11597] [U] use_profile 0 [ 406.464703][T11597] [U] misc env HOME [ 406.468516][T11597] [U] misc env TERM [ 406.472333][T11597] [U] misc env spec_store_bypass_disable [ 406.477969][T11597] [U] misc env nbds_max [ 406.482126][T11597] [U] misc env BOOT_IMAGE [ 406.486458][T11597] [U] misc env PATH [ 406.490289][T11597] [U] misc env SHELL [ 406.494185][T11597] [U] misc env USER [ 406.497993][T11597] [U] misc env SELINUX_INIT [ 406.502500][T11597] [U] file read/getattr /lib/libbusybox.so.1.37.0 [ 406.508923][T11597] [U] file read/getattr /lib/libc.so.6 [ 406.514387][T11597] [U] file read/getattr /lib/libpam.so.0.85.1 [ 406.520459][T11597] [U] file read/getattr /lib/libpam_misc.so.0.82.1 [ 406.526965][T11597] [U] file read/getattr /lib/libresolv.so.2 [ 406.532866][T11597] [U] file read/getattr /usr/lib/libselinux.so.1 [ 406.539200][T11597] [U] file read/getattr /lib/libatomic.so.1.2.0 [ 406.545448][T11597] [U] file read/getattr /usr/lib/libpcre2-8.so.0.13.0 [ 406.552216][T11597] [U] file getattr /proc/ [ 406.556554][T11597] [U] file mount proc /proc/ proc 0x8000 [ 406.562190][T11597] [U] file read/getattr proc:/filesystems [ 406.567916][T11597] [U] file read/getattr proc:/self/mounts [ 406.573646][T11597] [U] file mount /dev/root / --remount 0x208000 [ 406.579894][T11597] [U] file mount devtmpfs /dev/ devtmpfs 0x8000 [ 406.586139][T11597] [U] file read/getattr /etc/fstab [ 406.591256][T11597] [U] file getattr proc:/ [ 406.595587][T11597] [U] file getattr /dev/pts/ [ 406.600182][T11597] [U] file mount devpts /dev/pts/ devpts 0x8000 [ 406.606426][T11597] [U] file getattr /dev/shm/ [ 406.611018][T11597] [U] file mount tmpfs /dev/shm/ tmpfs 0x8000 [ 406.617089][T11597] [U] file getattr /tmp/ [ 406.621338][T11597] [U] file mount tmpfs /tmp/ tmpfs 0x8000 [ 406.627063][T11597] [U] file getattr /run/ [ 406.631312][T11597] [U] file mount tmpfs /run/ tmpfs 0x8006 [ 406.637036][T11597] [U] file getattr /sys/ [ 406.641285][T11597] [U] file getattr /sys/kernel/debug/ [ 406.646662][T11597] [U] file mount debugfs /sys/kernel/debug/ debugfs 0x8000 [ 406.653894][T11597] [U] file getattr /sys/kernel/security/ [ 406.659555][T11597] [U] file mount securityfs /sys/kernel/security/ securityfs 0x8000 [ 406.667545][T11597] [U] file getattr /sys/kernel/config/ [ 406.673008][T11597] [U] file mount configfs /sys/kernel/config/ configfs 0x8000 [ 406.680472][T11597] [U] file getattr proc:/sys/fs/binfmt_misc/ [ 406.686456][T11597] [U] file mount binfmt_misc proc:/sys/fs/binfmt_misc/ binfmt_misc 0x8000 [ 406.694962][T11597] [U] file getattr /sys/fs/fuse/connections/ [ 406.700948][T11597] [U] file mount fusectl /sys/fs/fuse/connections/ fusectl 0x8000 [ 406.708763][T11597] [U] file getattr /sys/fs/pstore/ [ 407.817903][T11620] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1124'. [ 409.072126][T11597] [U] file mount pstore /sys/ [ 409.963966][T11627] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1127'. [ 414.123120][T11666] FAULT_INJECTION: forcing a failure. [ 414.123120][T11666] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 414.289193][T11666] CPU: 0 UID: 0 PID: 11666 Comm: syz.1.1135 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 414.289228][T11666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 414.289243][T11666] Call Trace: [ 414.289250][T11666] [ 414.289260][T11666] dump_stack_lvl+0x16c/0x1f0 [ 414.289304][T11666] should_fail_ex+0x512/0x640 [ 414.289347][T11666] should_fail_alloc_page+0xe7/0x130 [ 414.289373][T11666] prepare_alloc_pages+0x3c2/0x610 [ 414.289402][T11666] ? rcu_is_watching+0x12/0xc0 [ 414.289429][T11666] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 414.289468][T11666] ? __lock_acquire+0xb8a/0x1c90 [ 414.289511][T11666] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 414.289549][T11666] ? do_raw_spin_lock+0x12c/0x2b0 [ 414.289587][T11666] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 414.289624][T11666] ? find_held_lock+0x2b/0x80 [ 414.289656][T11666] ? __lock_acquire+0xb8a/0x1c90 [ 414.289687][T11666] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 414.289726][T11666] ? policy_nodemask+0xea/0x4e0 [ 414.289751][T11666] alloc_pages_mpol+0x1fb/0x550 [ 414.289775][T11666] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 414.289806][T11666] folio_alloc_mpol_noprof+0x36/0x2f0 [ 414.289835][T11666] shmem_alloc_folio+0x135/0x160 [ 414.289872][T11666] shmem_alloc_and_add_folio+0x499/0xc20 [ 414.289913][T11666] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 414.289952][T11666] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 414.289994][T11666] shmem_get_folio_gfp+0x67f/0x1600 [ 414.290036][T11666] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 414.290074][T11666] ? filemap_map_pages+0xf6f/0x1680 [ 414.290114][T11666] shmem_fault+0x1fe/0xa30 [ 414.290150][T11666] ? __pfx_shmem_fault+0x10/0x10 [ 414.290190][T11666] ? __pfx_filemap_map_pages+0x10/0x10 [ 414.290236][T11666] __do_fault+0x10a/0x490 [ 414.290275][T11666] __handle_mm_fault+0x3c2a/0x5490 [ 414.290316][T11666] ? __pfx___handle_mm_fault+0x10/0x10 [ 414.290358][T11666] ? __pfx_mt_find+0x10/0x10 [ 414.290399][T11666] ? find_vma+0xbf/0x140 [ 414.290421][T11666] ? __pfx_find_vma+0x10/0x10 [ 414.290447][T11666] handle_mm_fault+0x589/0xd10 [ 414.290480][T11666] ? __pkru_allows_pkey+0x21/0xb0 [ 414.290513][T11666] do_user_addr_fault+0x7a6/0x1370 [ 414.290548][T11666] ? rcu_is_watching+0x12/0xc0 [ 414.290574][T11666] exc_page_fault+0x5c/0xb0 [ 414.290615][T11666] asm_exc_page_fault+0x26/0x30 [ 414.290638][T11666] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 414.290670][T11666] Code: 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 8f 10 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 414.290693][T11666] RSP: 0018:ffffc90003acf420 EFLAGS: 00050202 [ 414.290711][T11666] RAX: 0000000000000001 RBX: 0000000000003e38 RCX: 00000000000003e0 [ 414.290726][T11666] RDX: ffffed10053edcbd RSI: 0000000000004000 RDI: ffff888029f6e208 [ 414.290741][T11666] RBP: 00000000000005a8 R08: 0000000000000001 R09: ffffed10053edcbc [ 414.290756][T11666] R10: ffff888029f6e5e7 R11: 0000000000000000 R12: 0000000000000000 [ 414.290770][T11666] R13: ffff888029f6e040 R14: 0000000000003e38 R15: 00000000000005a8 [ 414.290799][T11666] _copy_from_user+0x98/0xd0 [ 414.290839][T11666] csum_and_copy_from_iter_full+0x21a/0x1f70 [ 414.290890][T11666] ? __pfx_csum_and_copy_from_iter_full+0x10/0x10 [ 414.290924][T11666] ? rcu_is_watching+0x12/0xc0 [ 414.290947][T11666] ? trace_kmalloc+0x2b/0xd0 [ 414.290969][T11666] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 414.291009][T11666] ? __alloc_skb+0x166/0x380 [ 414.291045][T11666] ? trace_kmem_cache_alloc+0x28/0xc0 [ 414.291074][T11666] ip_generic_getfrag+0x170/0x270 [ 414.291103][T11666] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 414.291130][T11666] ? __alloc_skb+0x200/0x380 [ 414.291166][T11666] ? __pfx___alloc_skb+0x10/0x10 [ 414.291206][T11666] raw6_getfrag+0x22d/0x2a0 [ 414.291230][T11666] ? find_held_lock+0x2b/0x80 [ 414.291256][T11666] __ip6_append_data+0x3e81/0x4780 [ 414.291293][T11666] ? __pfx_raw6_getfrag+0x10/0x10 [ 414.291331][T11666] ? __pfx___ip6_append_data+0x10/0x10 [ 414.291362][T11666] ? __pfx_ip6_mtu+0x10/0x10 [ 414.291384][T11666] ? ip6_setup_cork+0xc51/0x1530 [ 414.291417][T11666] ip6_append_data+0x1bd/0x4c0 [ 414.291447][T11666] ? __pfx_raw6_getfrag+0x10/0x10 [ 414.291476][T11666] rawv6_sendmsg+0x1642/0x47a0 [ 414.291503][T11666] ? lockdep_hardirqs_on+0x7c/0x110 [ 414.291550][T11666] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 414.291582][T11666] ? __lock_acquire+0x622/0x1c90 [ 414.291627][T11666] ? __pfx___might_resched+0x10/0x10 [ 414.291684][T11666] ? __pfx_aa_sk_perm+0x10/0x10 [ 414.291716][T11666] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 414.291746][T11666] ? inet_sendmsg+0x11c/0x140 [ 414.291780][T11666] inet_sendmsg+0x11c/0x140 [ 414.291817][T11666] sock_write_iter+0x4aa/0x5b0 [ 414.291855][T11666] ? __pfx_sock_write_iter+0x10/0x10 [ 414.291897][T11666] ? bpf_lsm_file_permission+0x9/0x10 [ 414.291922][T11666] ? security_file_permission+0x71/0x210 [ 414.291957][T11666] ? rw_verify_area+0xcf/0x680 [ 414.291991][T11666] vfs_write+0x6c4/0x1150 [ 414.292026][T11666] ? __pfx_sock_write_iter+0x10/0x10 [ 414.292059][T11666] ? __pfx_vfs_write+0x10/0x10 [ 414.292091][T11666] ? find_held_lock+0x2b/0x80 [ 414.292133][T11666] ksys_write+0x1f8/0x250 [ 414.292167][T11666] ? __pfx_ksys_write+0x10/0x10 [ 414.292211][T11666] do_syscall_64+0xcd/0x490 [ 414.292235][T11666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.292259][T11666] RIP: 0033:0x7ff87778e929 [ 414.292277][T11666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.292300][T11666] RSP: 002b:00007ff878666038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 414.292321][T11666] RAX: ffffffffffffffda RBX: 00007ff8779b5fa0 RCX: 00007ff87778e929 [ 414.292336][T11666] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 414.292351][T11666] RBP: 00007ff877810b39 R08: 0000000000000000 R09: 0000000000000000 [ 414.292365][T11666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.292379][T11666] R13: 0000000000000000 R14: 00007ff8779b5fa0 R15: 00007fffadc512a8 [ 414.292410][T11666] [ 415.009424][T11675] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma? [ 415.359667][T11675] zswap: compressor not available [ 416.051064][T11683] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 416.180882][T11683] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 416.262653][T11683] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 416.403300][T11683] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 416.412392][T11683] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 416.867005][T11697] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1141'. [ 417.621972][ T5966] Bluetooth: hci0: command 0x0c1a tx timeout [ 418.262879][ T5966] Bluetooth: hci1: command 0x0c1a tx timeout [ 418.422189][ T5966] Bluetooth: hci3: command 0x0c1a tx timeout [ 419.435033][T11748] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1153'. [ 419.659795][T11754] netlink: 5816 bytes leftover after parsing attributes in process `syz.1.1156'. [ 419.741406][T11738] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 419.757171][T11738] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 419.792495][T11738] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 419.822197][T11738] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 421.302281][ T5966] Bluetooth: hci0: command 0x0c1a tx timeout [ 421.530877][T11795] ptrace attach of "./syz-executor exec"[5839] was attempted by "./syz-executor exec"[11795] [ 421.782075][ T5966] Bluetooth: hci1: command 0x0c1a tx timeout [ 421.862005][ T5966] Bluetooth: hci2: command 0x0c1a tx timeout [ 421.868108][ T5938] Bluetooth: hci3: command 0x0c1a tx timeout [ 422.208440][T11817] block nbd8: NBD_DISCONNECT [ 422.248988][T11817] block nbd8: NBD_DISCONNECT [ 422.312447][T11817] block nbd8: NBD_DISCONNECT [ 422.384567][T11817] block nbd8: NBD_DISCONNECT [ 422.435505][T11817] block nbd8: NBD_DISCONNECT [ 422.508976][T11817] block nbd8: NBD_DISCONNECT [ 422.559179][T11817] block nbd8: NBD_DISCONNECT [ 422.625007][T11817] block nbd8: NBD_DISCONNECT [ 422.662071][T11817] block nbd8: NBD_DISCONNECT [ 422.693961][T11817] block nbd8: NBD_DISCONNECT [ 422.735213][T11817] block nbd8: NBD_DISCONNECT [ 422.742961][T11838] FAULT_INJECTION: forcing a failure. [ 422.742961][T11838] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 422.771467][T11838] CPU: 0 UID: 0 PID: 11838 Comm: syz.0.1167 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 422.771498][T11838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 422.771512][T11838] Call Trace: [ 422.771519][T11838] [ 422.771527][T11838] dump_stack_lvl+0x16c/0x1f0 [ 422.771567][T11838] should_fail_ex+0x512/0x640 [ 422.771605][T11838] _copy_from_user+0x2e/0xd0 [ 422.771642][T11838] copy_msghdr_from_user+0x98/0x160 [ 422.771680][T11838] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 422.771722][T11838] ? __pfx__kstrtoull+0x10/0x10 [ 422.771755][T11838] ___sys_sendmsg+0xfe/0x1d0 [ 422.771792][T11838] ? __pfx____sys_sendmsg+0x10/0x10 [ 422.771842][T11838] ? find_held_lock+0x2b/0x80 [ 422.771885][T11838] __sys_sendmmsg+0x200/0x420 [ 422.771910][T11838] ? __pfx___sys_sendmmsg+0x10/0x10 [ 422.771940][T11838] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 422.771974][T11838] ? fput+0x70/0xf0 [ 422.771995][T11838] ? ksys_write+0x1ac/0x250 [ 422.772026][T11838] ? __pfx_ksys_write+0x10/0x10 [ 422.772068][T11838] __x64_sys_sendmmsg+0x9c/0x100 [ 422.772088][T11838] ? lockdep_hardirqs_on+0x7c/0x110 [ 422.772123][T11838] do_syscall_64+0xcd/0x490 [ 422.772146][T11838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.772169][T11838] RIP: 0033:0x7f5a2e58e929 [ 422.772187][T11838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 422.772209][T11838] RSP: 002b:00007f5a2f402038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 422.772230][T11838] RAX: ffffffffffffffda RBX: 00007f5a2e7b5fa0 RCX: 00007f5a2e58e929 [ 422.772246][T11838] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 422.772260][T11838] RBP: 00007f5a2f402090 R08: 0000000000000000 R09: 0000000000000000 [ 422.772274][T11838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.772287][T11838] R13: 0000000000000000 R14: 00007f5a2e7b5fa0 R15: 00007ffcb1f79178 [ 422.772315][T11838] [ 424.308831][T11881] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input40 [ 425.372553][T11896] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1175'. [ 425.739036][T11900] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1176'. [ 427.055317][T11917] FAULT_INJECTION: forcing a failure. [ 427.055317][T11917] name failslab, interval 1, probability 0, space 0, times 0 [ 427.212709][T11917] CPU: 0 UID: 0 PID: 11917 Comm: syz.2.1180 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 427.212742][T11917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 427.212756][T11917] Call Trace: [ 427.212764][T11917] [ 427.212772][T11917] dump_stack_lvl+0x16c/0x1f0 [ 427.212812][T11917] should_fail_ex+0x512/0x640 [ 427.212846][T11917] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 427.212884][T11917] should_failslab+0xc2/0x120 [ 427.212906][T11917] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 427.212940][T11917] ? __alloc_skb+0x2b2/0x380 [ 427.212979][T11917] __alloc_skb+0x2b2/0x380 [ 427.213013][T11917] ? __pfx___alloc_skb+0x10/0x10 [ 427.213050][T11917] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 427.213082][T11917] netlink_alloc_large_skb+0x69/0x130 [ 427.213110][T11917] netlink_sendmsg+0x6a1/0xdd0 [ 427.213141][T11917] ? __pfx_netlink_sendmsg+0x10/0x10 [ 427.213177][T11917] ____sys_sendmsg+0xa95/0xc70 [ 427.213206][T11917] ? copy_msghdr_from_user+0x10a/0x160 [ 427.213242][T11917] ? __pfx_____sys_sendmsg+0x10/0x10 [ 427.213275][T11917] ? __pfx__kstrtoull+0x10/0x10 [ 427.213308][T11917] ___sys_sendmsg+0x134/0x1d0 [ 427.213346][T11917] ? __pfx____sys_sendmsg+0x10/0x10 [ 427.213396][T11917] ? find_held_lock+0x2b/0x80 [ 427.213436][T11917] __sys_sendmmsg+0x200/0x420 [ 427.213461][T11917] ? __pfx___sys_sendmmsg+0x10/0x10 [ 427.213491][T11917] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 427.213525][T11917] ? fput+0x70/0xf0 [ 427.213546][T11917] ? ksys_write+0x1ac/0x250 [ 427.213578][T11917] ? __pfx_ksys_write+0x10/0x10 [ 427.213614][T11917] __x64_sys_sendmmsg+0x9c/0x100 [ 427.213636][T11917] ? lockdep_hardirqs_on+0x7c/0x110 [ 427.213676][T11917] do_syscall_64+0xcd/0x490 [ 427.213698][T11917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.213721][T11917] RIP: 0033:0x7f7935d8e929 [ 427.213741][T11917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.213763][T11917] RSP: 002b:00007f7936b20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 427.213784][T11917] RAX: ffffffffffffffda RBX: 00007f7935fb5fa0 RCX: 00007f7935d8e929 [ 427.213800][T11917] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 427.213814][T11917] RBP: 00007f7936b20090 R08: 0000000000000000 R09: 0000000000000000 [ 427.213828][T11917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 427.213842][T11917] R13: 0000000000000000 R14: 00007f7935fb5fa0 R15: 00007ffd2112c058 [ 427.213870][T11917] [ 427.692262][T11934] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1184'. [ 428.262504][ T5966] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 430.293141][T11985] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1195'. [ 430.489329][T11994] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input41 [ 430.581821][T11997] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1197'. [ 431.207380][T12008] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input42 [ 432.194743][T12020] FAULT_INJECTION: forcing a failure. [ 432.194743][T12020] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 432.248260][T12020] CPU: 0 UID: 0 PID: 12020 Comm: syz.2.1203 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 432.248291][T12020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 432.248306][T12020] Call Trace: [ 432.248313][T12020] [ 432.248322][T12020] dump_stack_lvl+0x16c/0x1f0 [ 432.248365][T12020] should_fail_ex+0x512/0x640 [ 432.248405][T12020] _copy_from_iter+0x29f/0x16f0 [ 432.248447][T12020] ? __alloc_skb+0x200/0x380 [ 432.248483][T12020] ? __pfx__copy_from_iter+0x10/0x10 [ 432.248523][T12020] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 432.248560][T12020] netlink_sendmsg+0x829/0xdd0 [ 432.248592][T12020] ? __pfx_netlink_sendmsg+0x10/0x10 [ 432.248630][T12020] ____sys_sendmsg+0xa95/0xc70 [ 432.248660][T12020] ? copy_msghdr_from_user+0x10a/0x160 [ 432.248698][T12020] ? __pfx_____sys_sendmsg+0x10/0x10 [ 432.248731][T12020] ? __pfx__kstrtoull+0x10/0x10 [ 432.248766][T12020] ___sys_sendmsg+0x134/0x1d0 [ 432.248805][T12020] ? __pfx____sys_sendmsg+0x10/0x10 [ 432.248856][T12020] ? find_held_lock+0x2b/0x80 [ 432.248897][T12020] __sys_sendmmsg+0x200/0x420 [ 432.248923][T12020] ? __pfx___sys_sendmmsg+0x10/0x10 [ 432.248955][T12020] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 432.248989][T12020] ? fput+0x70/0xf0 [ 432.249011][T12020] ? ksys_write+0x1ac/0x250 [ 432.249043][T12020] ? __pfx_ksys_write+0x10/0x10 [ 432.249081][T12020] __x64_sys_sendmmsg+0x9c/0x100 [ 432.249103][T12020] ? lockdep_hardirqs_on+0x7c/0x110 [ 432.249139][T12020] do_syscall_64+0xcd/0x490 [ 432.249162][T12020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.249202][T12020] RIP: 0033:0x7f7935d8e929 [ 432.249220][T12020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.249248][T12020] RSP: 002b:00007f7936b20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 432.249275][T12020] RAX: ffffffffffffffda RBX: 00007f7935fb5fa0 RCX: 00007f7935d8e929 [ 432.249291][T12020] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 432.249305][T12020] RBP: 00007f7936b20090 R08: 0000000000000000 R09: 0000000000000000 [ 432.249377][T12020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 432.249397][T12020] R13: 0000000000000000 R14: 00007f7935fb5fa0 R15: 00007ffd2112c058 [ 432.249430][T12020] [ 432.640374][T12028] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1208'. [ 433.012636][T12039] sctp: [Deprecated]: syz.1.1209 (pid 12039) Use of struct sctp_assoc_value in delayed_ack socket option. [ 433.012636][T12039] Use struct sctp_sack_info instead [ 433.157087][T12037] FAULT_INJECTION: forcing a failure. [ 433.157087][T12037] name failslab, interval 1, probability 0, space 0, times 0 [ 433.232557][T12037] CPU: 0 UID: 0 PID: 12037 Comm: syz.1.1209 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 433.232591][T12037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 433.232606][T12037] Call Trace: [ 433.232613][T12037] [ 433.232622][T12037] dump_stack_lvl+0x16c/0x1f0 [ 433.232666][T12037] should_fail_ex+0x512/0x640 [ 433.232701][T12037] ? fs_reclaim_acquire+0xae/0x150 [ 433.232732][T12037] should_failslab+0xc2/0x120 [ 433.232754][T12037] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 433.232790][T12037] ? security_inode_alloc+0x3b/0x2b0 [ 433.232821][T12037] security_inode_alloc+0x3b/0x2b0 [ 433.232848][T12037] inode_init_always_gfp+0xce4/0x1030 [ 433.232886][T12037] alloc_inode+0x86/0x240 [ 433.232909][T12037] new_inode+0x22/0x1c0 [ 433.232930][T12037] ? trace_cap_capable+0x18d/0x200 [ 433.232955][T12037] shmem_get_inode+0x19a/0xfb0 [ 433.232983][T12037] ? __vm_enough_memory+0x184/0x3f0 [ 433.233009][T12037] __shmem_file_setup+0x279/0x330 [ 433.233041][T12037] shmem_zero_setup+0x93/0x1a0 [ 433.233078][T12037] __mmap_region+0x1ed0/0x25e0 [ 433.233124][T12037] ? __pfx___mmap_region+0x10/0x10 [ 433.233160][T12037] ? rcu_is_watching+0x12/0xc0 [ 433.233189][T12037] ? rcu_is_watching+0x12/0xc0 [ 433.233211][T12037] ? trace_sched_exit_tp+0xde/0x130 [ 433.233239][T12037] ? __schedule+0x1181/0x5de0 [ 433.233289][T12037] ? __pfx___schedule+0x10/0x10 [ 433.233356][T12037] ? trace_cap_capable+0x18d/0x200 [ 433.233388][T12037] mmap_region+0x1ab/0x3f0 [ 433.233423][T12037] ? __get_unmapped_area+0x267/0x440 [ 433.233453][T12037] do_mmap+0xa3e/0x1210 [ 433.233483][T12037] ? __pfx_do_mmap+0x10/0x10 [ 433.233509][T12037] ? __pfx_down_write_killable+0x10/0x10 [ 433.233534][T12037] ? __sys_recvfrom+0x26c/0x310 [ 433.233574][T12037] vm_mmap_pgoff+0x281/0x450 [ 433.233602][T12037] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 433.233626][T12037] ? find_held_lock+0x2b/0x80 [ 433.233651][T12037] ? __x64_sys_futex+0x1e0/0x4c0 [ 433.233679][T12037] ? __x64_sys_futex+0x1e9/0x4c0 [ 433.233711][T12037] ksys_mmap_pgoff+0x7d/0x5c0 [ 433.233736][T12037] ? syscall_user_dispatch+0x78/0x140 [ 433.233776][T12037] __x64_sys_mmap+0x125/0x190 [ 433.233811][T12037] do_syscall_64+0xcd/0x490 [ 433.233834][T12037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.233858][T12037] RIP: 0033:0x7ff87778e929 [ 433.233878][T12037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.233900][T12037] RSP: 002b:00007ff878666038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 433.233923][T12037] RAX: ffffffffffffffda RBX: 00007ff8779b5fa0 RCX: 00007ff87778e929 [ 433.233938][T12037] RDX: 00000000000000df RSI: 0000000004020009 RDI: 0000000000000000 [ 433.233953][T12037] RBP: 00007ff877810b39 R08: 0000000000000401 R09: 0000000000008000 [ 433.233968][T12037] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 433.233982][T12037] R13: 0000000000000000 R14: 00007ff8779b5fa0 R15: 00007fffadc512a8 [ 433.234030][T12037] [ 435.188244][T12061] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1215'. [ 435.254674][T12060] netlink: 2300 bytes leftover after parsing attributes in process `syz.3.1215'. [ 435.458225][T12061] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 435.481254][T12067] FAULT_INJECTION: forcing a failure. [ 435.481254][T12067] name failslab, interval 1, probability 0, space 0, times 0 [ 435.526083][T12067] CPU: 0 UID: 0 PID: 12067 Comm: syz.2.1216 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 435.526117][T12067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 435.526130][T12067] Call Trace: [ 435.526138][T12067] [ 435.526147][T12067] dump_stack_lvl+0x16c/0x1f0 [ 435.526191][T12067] should_fail_ex+0x512/0x640 [ 435.526233][T12067] should_failslab+0xc2/0x120 [ 435.526255][T12067] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 435.526293][T12067] ? skb_clone+0x190/0x3f0 [ 435.526320][T12067] skb_clone+0x190/0x3f0 [ 435.526343][T12067] netlink_deliver_tap+0xabd/0xd30 [ 435.526376][T12067] netlink_unicast+0x5df/0x7f0 [ 435.526408][T12067] ? __pfx_netlink_unicast+0x10/0x10 [ 435.526445][T12067] netlink_sendmsg+0x8d1/0xdd0 [ 435.526476][T12067] ? __pfx_netlink_sendmsg+0x10/0x10 [ 435.526516][T12067] ____sys_sendmsg+0xa95/0xc70 [ 435.526546][T12067] ? copy_msghdr_from_user+0x10a/0x160 [ 435.526586][T12067] ? __pfx_____sys_sendmsg+0x10/0x10 [ 435.526621][T12067] ? __pfx__kstrtoull+0x10/0x10 [ 435.526657][T12067] ___sys_sendmsg+0x134/0x1d0 [ 435.526698][T12067] ? __pfx____sys_sendmsg+0x10/0x10 [ 435.526752][T12067] ? find_held_lock+0x2b/0x80 [ 435.526794][T12067] __sys_sendmmsg+0x200/0x420 [ 435.526820][T12067] ? __pfx___sys_sendmmsg+0x10/0x10 [ 435.526859][T12067] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 435.526894][T12067] ? fput+0x70/0xf0 [ 435.526915][T12067] ? ksys_write+0x1ac/0x250 [ 435.526947][T12067] ? __pfx_ksys_write+0x10/0x10 [ 435.526984][T12067] __x64_sys_sendmmsg+0x9c/0x100 [ 435.527006][T12067] ? lockdep_hardirqs_on+0x7c/0x110 [ 435.527040][T12067] do_syscall_64+0xcd/0x490 [ 435.527063][T12067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.527087][T12067] RIP: 0033:0x7f7935d8e929 [ 435.527105][T12067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.527132][T12067] RSP: 002b:00007f7936b20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 435.527154][T12067] RAX: ffffffffffffffda RBX: 00007f7935fb5fa0 RCX: 00007f7935d8e929 [ 435.527170][T12067] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 435.527185][T12067] RBP: 00007f7936b20090 R08: 0000000000000000 R09: 0000000000000000 [ 435.527199][T12067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 435.527213][T12067] R13: 0000000000000000 R14: 00007f7935fb5fa0 R15: 00007ffd2112c058 [ 435.527243][T12067] [ 435.771297][ C0] vkms_vblank_simulate: vblank timer overrun [ 436.988712][T12091] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1222'. [ 437.466680][T12104] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 439.286720][T12128] FAULT_INJECTION: forcing a failure. [ 439.286720][T12128] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 439.372293][T12128] CPU: 0 UID: 0 PID: 12128 Comm: syz.1.1228 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 439.372325][T12128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 439.372339][T12128] Call Trace: [ 439.372346][T12128] [ 439.372354][T12128] dump_stack_lvl+0x16c/0x1f0 [ 439.372396][T12128] should_fail_ex+0x512/0x640 [ 439.372435][T12128] _copy_from_user+0x2e/0xd0 [ 439.372473][T12128] copy_msghdr_from_user+0x98/0x160 [ 439.372510][T12128] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 439.372552][T12128] ? kfree+0x24f/0x4d0 [ 439.372577][T12128] ? __pfx__kstrtoull+0x10/0x10 [ 439.372611][T12128] ___sys_sendmsg+0xfe/0x1d0 [ 439.372648][T12128] ? __pfx____sys_sendmsg+0x10/0x10 [ 439.372711][T12128] ? __pfx___might_resched+0x10/0x10 [ 439.372740][T12128] __sys_sendmmsg+0x200/0x420 [ 439.372765][T12128] ? __pfx___sys_sendmmsg+0x10/0x10 [ 439.372801][T12128] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 439.372834][T12128] ? fput+0x70/0xf0 [ 439.372855][T12128] ? ksys_write+0x1ac/0x250 [ 439.372886][T12128] ? __pfx_ksys_write+0x10/0x10 [ 439.372923][T12128] __x64_sys_sendmmsg+0x9c/0x100 [ 439.372944][T12128] ? lockdep_hardirqs_on+0x7c/0x110 [ 439.372978][T12128] do_syscall_64+0xcd/0x490 [ 439.373000][T12128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.373024][T12128] RIP: 0033:0x7ff87778e929 [ 439.373041][T12128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 439.373063][T12128] RSP: 002b:00007ff878666038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 439.373084][T12128] RAX: ffffffffffffffda RBX: 00007ff8779b5fa0 RCX: 00007ff87778e929 [ 439.373100][T12128] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 439.373114][T12128] RBP: 00007ff878666090 R08: 0000000000000000 R09: 0000000000000000 [ 439.373128][T12128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 439.373142][T12128] R13: 0000000000000000 R14: 00007ff8779b5fa0 R15: 00007fffadc512a8 [ 439.373170][T12128] [ 440.705539][T12154] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 440.849699][ T30] audit: type=1800 audit(4294967379.530:16): pid=12153 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1231" name="dummy_udc" dev="gadgetfs" ino=5706 res=0 errno=0 [ 440.942135][T12150] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input43 [ 441.161225][T12161] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1235'. [ 441.782398][T12169] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 442.023400][T12179] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 442.089235][T12176] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1239'. [ 442.164073][T12169] CIFS mount error: No usable UNC path provided in device string! [ 442.164073][T12169] [ 442.206509][T12183] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1238'. [ 442.232370][T12169] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 442.891368][T12193] FAULT_INJECTION: forcing a failure. [ 442.891368][T12193] name failslab, interval 1, probability 0, space 0, times 0 [ 442.966720][T12193] CPU: 0 UID: 0 PID: 12193 Comm: syz.3.1241 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 442.966752][T12193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 442.966767][T12193] Call Trace: [ 442.966774][T12193] [ 442.966783][T12193] dump_stack_lvl+0x16c/0x1f0 [ 442.966826][T12193] should_fail_ex+0x512/0x640 [ 442.966860][T12193] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 442.966900][T12193] should_failslab+0xc2/0x120 [ 442.966922][T12193] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 442.966957][T12193] ? __alloc_skb+0x2b2/0x380 [ 442.966999][T12193] __alloc_skb+0x2b2/0x380 [ 442.967034][T12193] ? __pfx___alloc_skb+0x10/0x10 [ 442.967074][T12193] ? __lock_acquire+0xb8a/0x1c90 [ 442.967108][T12193] netlink_alloc_large_skb+0x69/0x130 [ 442.967144][T12193] netlink_sendmsg+0x6a1/0xdd0 [ 442.967176][T12193] ? __pfx_netlink_sendmsg+0x10/0x10 [ 442.967215][T12193] ____sys_sendmsg+0xa95/0xc70 [ 442.967244][T12193] ? copy_msghdr_from_user+0x10a/0x160 [ 442.967282][T12193] ? __pfx_____sys_sendmsg+0x10/0x10 [ 442.967315][T12193] ? kfree+0x24f/0x4d0 [ 442.967341][T12193] ? __pfx__kstrtoull+0x10/0x10 [ 442.967376][T12193] ___sys_sendmsg+0x134/0x1d0 [ 442.967415][T12193] ? __pfx____sys_sendmsg+0x10/0x10 [ 442.967479][T12193] ? __pfx___might_resched+0x10/0x10 [ 442.967510][T12193] __sys_sendmmsg+0x200/0x420 [ 442.967535][T12193] ? __pfx___sys_sendmmsg+0x10/0x10 [ 442.967567][T12193] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 442.967602][T12193] ? fput+0x70/0xf0 [ 442.967624][T12193] ? ksys_write+0x1ac/0x250 [ 442.967656][T12193] ? __pfx_ksys_write+0x10/0x10 [ 442.967694][T12193] __x64_sys_sendmmsg+0x9c/0x100 [ 442.967716][T12193] ? lockdep_hardirqs_on+0x7c/0x110 [ 442.967757][T12193] do_syscall_64+0xcd/0x490 [ 442.967780][T12193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.967806][T12193] RIP: 0033:0x7f4d5f98e929 [ 442.967824][T12193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 442.967847][T12193] RSP: 002b:00007f4d608d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 442.967870][T12193] RAX: ffffffffffffffda RBX: 00007f4d5fbb5fa0 RCX: 00007f4d5f98e929 [ 442.967886][T12193] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 442.967900][T12193] RBP: 00007f4d608d8090 R08: 0000000000000000 R09: 0000000000000000 [ 442.967915][T12193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 442.967929][T12193] R13: 0000000000000000 R14: 00007f4d5fbb5fa0 R15: 00007fff91ae3078 [ 442.967959][T12193] [ 444.010597][T12214] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1246'. [ 444.305352][T12195] tty tty26: ldisc open failed (-12), clearing slot 25 [ 444.332348][T12204] tty tty1: ldisc open failed (-12), clearing slot 0 [ 445.224767][T12238] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1252'. [ 447.541128][T12287] FAULT_INJECTION: forcing a failure. [ 447.541128][T12287] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 447.623142][T12287] CPU: 0 UID: 0 PID: 12287 Comm: syz.0.1263 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 447.623176][T12287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 447.623190][T12287] Call Trace: [ 447.623197][T12287] [ 447.623206][T12287] dump_stack_lvl+0x16c/0x1f0 [ 447.623247][T12287] should_fail_ex+0x512/0x640 [ 447.623284][T12287] _copy_from_iter+0x29f/0x16f0 [ 447.623324][T12287] ? __alloc_skb+0x200/0x380 [ 447.623360][T12287] ? __pfx__copy_from_iter+0x10/0x10 [ 447.623400][T12287] ? __lock_acquire+0xb8a/0x1c90 [ 447.623436][T12287] netlink_sendmsg+0x829/0xdd0 [ 447.623469][T12287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 447.623506][T12287] ____sys_sendmsg+0xa95/0xc70 [ 447.623535][T12287] ? copy_msghdr_from_user+0x10a/0x160 [ 447.623571][T12287] ? __pfx_____sys_sendmsg+0x10/0x10 [ 447.623603][T12287] ? kfree+0x24f/0x4d0 [ 447.623630][T12287] ? __pfx__kstrtoull+0x10/0x10 [ 447.623664][T12287] ___sys_sendmsg+0x134/0x1d0 [ 447.623707][T12287] ? __pfx____sys_sendmsg+0x10/0x10 [ 447.623770][T12287] ? __pfx___might_resched+0x10/0x10 [ 447.623800][T12287] __sys_sendmmsg+0x200/0x420 [ 447.623824][T12287] ? __pfx___sys_sendmmsg+0x10/0x10 [ 447.623855][T12287] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 447.623889][T12287] ? fput+0x70/0xf0 [ 447.623910][T12287] ? ksys_write+0x1ac/0x250 [ 447.623942][T12287] ? __pfx_ksys_write+0x10/0x10 [ 447.623978][T12287] __x64_sys_sendmmsg+0x9c/0x100 [ 447.623999][T12287] ? lockdep_hardirqs_on+0x7c/0x110 [ 447.624034][T12287] do_syscall_64+0xcd/0x490 [ 447.624057][T12287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.624079][T12287] RIP: 0033:0x7f5a2e58e929 [ 447.624097][T12287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 447.624120][T12287] RSP: 002b:00007f5a2f402038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 447.624141][T12287] RAX: ffffffffffffffda RBX: 00007f5a2e7b5fa0 RCX: 00007f5a2e58e929 [ 447.624156][T12287] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 447.624174][T12287] RBP: 00007f5a2f402090 R08: 0000000000000000 R09: 0000000000000000 [ 447.624188][T12287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.624202][T12287] R13: 0000000000000000 R14: 00007f5a2e7b5fa0 R15: 00007ffcb1f79178 [ 447.624230][T12287] [ 447.862125][ C0] vkms_vblank_simulate: vblank timer overrun [ 450.426142][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 450.436518][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 452.138033][T12360] FAULT_INJECTION: forcing a failure. [ 452.138033][T12360] name failslab, interval 1, probability 0, space 0, times 0 [ 452.250365][T12360] CPU: 0 UID: 0 PID: 12360 Comm: syz.1.1273 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 452.250402][T12360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 452.250418][T12360] Call Trace: [ 452.250427][T12360] [ 452.250437][T12360] dump_stack_lvl+0x16c/0x1f0 [ 452.250484][T12360] should_fail_ex+0x512/0x640 [ 452.250530][T12360] should_failslab+0xc2/0x120 [ 452.250556][T12360] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 452.250597][T12360] ? skb_clone+0x190/0x3f0 [ 452.250628][T12360] skb_clone+0x190/0x3f0 [ 452.250655][T12360] netlink_deliver_tap+0xabd/0xd30 [ 452.250692][T12360] netlink_unicast+0x5df/0x7f0 [ 452.250722][T12360] ? __pfx_netlink_unicast+0x10/0x10 [ 452.250756][T12360] netlink_sendmsg+0x8d1/0xdd0 [ 452.250787][T12360] ? __pfx_netlink_sendmsg+0x10/0x10 [ 452.250824][T12360] ____sys_sendmsg+0xa95/0xc70 [ 452.250853][T12360] ? copy_msghdr_from_user+0x10a/0x160 [ 452.250890][T12360] ? __pfx_____sys_sendmsg+0x10/0x10 [ 452.250922][T12360] ? kfree+0x24f/0x4d0 [ 452.250946][T12360] ? __pfx__kstrtoull+0x10/0x10 [ 452.250981][T12360] ___sys_sendmsg+0x134/0x1d0 [ 452.251019][T12360] ? __pfx____sys_sendmsg+0x10/0x10 [ 452.251082][T12360] ? __pfx___might_resched+0x10/0x10 [ 452.251112][T12360] __sys_sendmmsg+0x200/0x420 [ 452.251137][T12360] ? __pfx___sys_sendmmsg+0x10/0x10 [ 452.251169][T12360] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 452.251203][T12360] ? fput+0x70/0xf0 [ 452.251230][T12360] ? ksys_write+0x1ac/0x250 [ 452.251261][T12360] ? __pfx_ksys_write+0x10/0x10 [ 452.251298][T12360] __x64_sys_sendmmsg+0x9c/0x100 [ 452.251319][T12360] ? lockdep_hardirqs_on+0x7c/0x110 [ 452.251353][T12360] do_syscall_64+0xcd/0x490 [ 452.251381][T12360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.251404][T12360] RIP: 0033:0x7ff87778e929 [ 452.251422][T12360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 452.251444][T12360] RSP: 002b:00007ff878666038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 452.251466][T12360] RAX: ffffffffffffffda RBX: 00007ff8779b5fa0 RCX: 00007ff87778e929 [ 452.251482][T12360] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 452.251496][T12360] RBP: 00007ff878666090 R08: 0000000000000000 R09: 0000000000000000 [ 452.251510][T12360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 452.251524][T12360] R13: 0000000000000000 R14: 00007ff8779b5fa0 R15: 00007fffadc512a8 [ 452.251552][T12360] [ 452.858943][T12359] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input44 [ 453.281340][T12377] zswap: compressor not available [ 453.399528][T12384] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1278'. [ 453.855689][T12390] zram: Added device: zram1 [ 454.304438][T12408] FAULT_INJECTION: forcing a failure. [ 454.304438][T12408] name failslab, interval 1, probability 0, space 0, times 0 [ 454.371109][T12408] CPU: 0 UID: 0 PID: 12408 Comm: syz.0.1284 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 454.371142][T12408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 454.371157][T12408] Call Trace: [ 454.371165][T12408] [ 454.371174][T12408] dump_stack_lvl+0x16c/0x1f0 [ 454.371216][T12408] should_fail_ex+0x512/0x640 [ 454.371251][T12408] ? fs_reclaim_acquire+0xae/0x150 [ 454.371281][T12408] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 454.371315][T12408] should_failslab+0xc2/0x120 [ 454.371337][T12408] __kmalloc_noprof+0xd2/0x510 [ 454.371378][T12408] tomoyo_realpath_from_path+0xc2/0x6e0 [ 454.371414][T12408] ? tomoyo_profile+0x47/0x60 [ 454.371453][T12408] tomoyo_path_number_perm+0x245/0x580 [ 454.371480][T12408] ? tomoyo_path_number_perm+0x237/0x580 [ 454.371510][T12408] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 454.371540][T12408] ? find_held_lock+0x2b/0x80 [ 454.371588][T12408] ? find_held_lock+0x2b/0x80 [ 454.371609][T12408] ? hook_file_ioctl_common+0x145/0x410 [ 454.371653][T12408] ? __fget_files+0x20e/0x3c0 [ 454.371687][T12408] security_file_ioctl+0x9b/0x240 [ 454.371716][T12408] __x64_sys_ioctl+0xb7/0x210 [ 454.371743][T12408] do_syscall_64+0xcd/0x490 [ 454.371785][T12408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.371810][T12408] RIP: 0033:0x7f5a2e58e929 [ 454.371828][T12408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.371851][T12408] RSP: 002b:00007f5a2f402038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 454.371877][T12408] RAX: ffffffffffffffda RBX: 00007f5a2e7b5fa0 RCX: 00007f5a2e58e929 [ 454.371893][T12408] RDX: 0000000000000002 RSI: 000000000000540a RDI: 0000000000000003 [ 454.371907][T12408] RBP: 00007f5a2f402090 R08: 0000000000000000 R09: 0000000000000000 [ 454.371922][T12408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 454.371936][T12408] R13: 0000000000000000 R14: 00007f5a2e7b5fa0 R15: 00007ffcb1f79178 [ 454.371966][T12408] [ 455.186494][T12408] ERROR: Out of memory at tomoyo_realpath_from_path. [ 455.218591][T12417] CIFS mount error: No usable UNC path provided in device string! [ 455.218591][T12417] [ 455.292132][T12417] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 455.328518][T12420] FAULT_INJECTION: forcing a failure. [ 455.328518][T12420] name failslab, interval 1, probability 0, space 0, times 0 [ 455.386295][T12420] CPU: 0 UID: 0 PID: 12420 Comm: syz.2.1287 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 455.386328][T12420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 455.386343][T12420] Call Trace: [ 455.386351][T12420] [ 455.386359][T12420] dump_stack_lvl+0x16c/0x1f0 [ 455.386402][T12420] should_fail_ex+0x512/0x640 [ 455.386436][T12420] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 455.386474][T12420] should_failslab+0xc2/0x120 [ 455.386497][T12420] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 455.386532][T12420] ? __alloc_skb+0x2b2/0x380 [ 455.386574][T12420] __alloc_skb+0x2b2/0x380 [ 455.386609][T12420] ? __pfx___alloc_skb+0x10/0x10 [ 455.386642][T12420] ? __pfx___mutex_trylock_common+0x10/0x10 [ 455.386681][T12420] ? rcu_is_watching+0x12/0xc0 [ 455.386708][T12420] netlink_dump+0x678/0xce0 [ 455.386734][T12420] ? __rhashtable_lookup.constprop.0+0x3a5/0x760 [ 455.386760][T12420] ? __netlink_dump_start+0x150/0x990 [ 455.386786][T12420] ? __pfx_netlink_dump+0x10/0x10 [ 455.386808][T12420] ? __pfx___mutex_lock+0x10/0x10 [ 455.386850][T12420] __netlink_dump_start+0x6d6/0x990 [ 455.386879][T12420] ? __pfx_fib_nl_dumprule+0x10/0x10 [ 455.386903][T12420] rtnetlink_rcv_msg+0xb3e/0xe90 [ 455.386926][T12420] ? __pfx_fib_nl_dumprule+0x10/0x10 [ 455.386951][T12420] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 455.386986][T12420] ? __pfx_fib_nl_dumprule+0x10/0x10 [ 455.387016][T12420] ? ref_tracker_free+0x37c/0x830 [ 455.387056][T12420] netlink_rcv_skb+0x155/0x420 [ 455.387083][T12420] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 455.387109][T12420] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 455.387147][T12420] ? netlink_deliver_tap+0x1ae/0xd30 [ 455.387179][T12420] netlink_unicast+0x53d/0x7f0 [ 455.387209][T12420] ? __pfx_netlink_unicast+0x10/0x10 [ 455.387245][T12420] netlink_sendmsg+0x8d1/0xdd0 [ 455.387277][T12420] ? __pfx_netlink_sendmsg+0x10/0x10 [ 455.387316][T12420] ____sys_sendmsg+0xa95/0xc70 [ 455.387349][T12420] ? copy_msghdr_from_user+0x10a/0x160 [ 455.387387][T12420] ? __pfx_____sys_sendmsg+0x10/0x10 [ 455.387421][T12420] ? kfree+0x24f/0x4d0 [ 455.387459][T12420] ? __pfx__kstrtoull+0x10/0x10 [ 455.387494][T12420] ___sys_sendmsg+0x134/0x1d0 [ 455.387532][T12420] ? __pfx____sys_sendmsg+0x10/0x10 [ 455.387597][T12420] ? __pfx___might_resched+0x10/0x10 [ 455.387627][T12420] __sys_sendmmsg+0x200/0x420 [ 455.387652][T12420] ? __pfx___sys_sendmmsg+0x10/0x10 [ 455.387684][T12420] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 455.387718][T12420] ? fput+0x70/0xf0 [ 455.387739][T12420] ? ksys_write+0x1ac/0x250 [ 455.387771][T12420] ? __pfx_ksys_write+0x10/0x10 [ 455.387809][T12420] __x64_sys_sendmmsg+0x9c/0x100 [ 455.387830][T12420] ? lockdep_hardirqs_on+0x7c/0x110 [ 455.387866][T12420] do_syscall_64+0xcd/0x490 [ 455.387889][T12420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.387912][T12420] RIP: 0033:0x7f7935d8e929 [ 455.387930][T12420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 455.387952][T12420] RSP: 002b:00007f7936b20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 455.387977][T12420] RAX: ffffffffffffffda RBX: 00007f7935fb5fa0 RCX: 00007f7935d8e929 [ 455.387992][T12420] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 455.388006][T12420] RBP: 00007f7936b20090 R08: 0000000000000000 R09: 0000000000000000 [ 455.388021][T12420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 455.388034][T12420] R13: 0000000000000000 R14: 00007f7935fb5fa0 R15: 00007ffd2112c058 [ 455.388063][T12420] [ 457.243659][T12433] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input45 [ 458.358999][T12454] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1295'. [ 458.735730][T12457] sg_write: data in/out 3292/1 bytes for SCSI command 0xa3-- guessing data in; [ 458.735730][T12457] program syz.3.1297 not setting count and/or reply_len properly [ 459.789514][T12470] zswap: compressor not available [ 459.824986][T12477] FAULT_INJECTION: forcing a failure. [ 459.824986][T12477] name failslab, interval 1, probability 0, space 0, times 0 [ 459.909747][T12477] CPU: 0 UID: 0 PID: 12477 Comm: syz.3.1301 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 459.909779][T12477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 459.909793][T12477] Call Trace: [ 459.909800][T12477] [ 459.909808][T12477] dump_stack_lvl+0x16c/0x1f0 [ 459.909848][T12477] should_fail_ex+0x512/0x640 [ 459.909882][T12477] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 459.909918][T12477] should_failslab+0xc2/0x120 [ 459.909939][T12477] __kmalloc_cache_node_noprof+0x6d/0x420 [ 459.909972][T12477] ? __alloc_workqueue+0x506/0x1810 [ 459.910004][T12477] __alloc_workqueue+0x506/0x1810 [ 459.910040][T12477] alloc_workqueue+0xd2/0x200 [ 459.910066][T12477] ? __pfx_alloc_workqueue+0x10/0x10 [ 459.910097][T12477] ? rcu_is_watching+0x12/0xc0 [ 459.910119][T12477] ? __kmalloc_noprof+0x242/0x510 [ 459.910151][T12477] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 459.910189][T12477] ieee80211_register_hw+0x1e92/0x4140 [ 459.910221][T12477] ? __debug_object_init+0x221/0x3d0 [ 459.910249][T12477] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 459.910279][T12477] ? find_held_lock+0x2b/0x80 [ 459.910301][T12477] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 459.910335][T12477] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 459.910361][T12477] ? __hrtimer_setup+0x176/0x280 [ 459.910396][T12477] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 459.910447][T12477] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 459.910516][T12477] hwsim_new_radio_nl+0xb51/0x12c0 [ 459.910557][T12477] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 459.910603][T12477] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 459.910639][T12477] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 459.910679][T12477] genl_family_rcv_msg_doit+0x206/0x2f0 [ 459.910714][T12477] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 459.910747][T12477] ? trace_cap_capable+0x18d/0x200 [ 459.910777][T12477] ? bpf_lsm_capable+0x9/0x10 [ 459.910806][T12477] ? security_capable+0x7e/0x260 [ 459.910829][T12477] ? ns_capable+0xd7/0x110 [ 459.910855][T12477] genl_rcv_msg+0x55c/0x800 [ 459.910890][T12477] ? __pfx_genl_rcv_msg+0x10/0x10 [ 459.910922][T12477] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 459.910969][T12477] netlink_rcv_skb+0x155/0x420 [ 459.910997][T12477] ? __pfx_genl_rcv_msg+0x10/0x10 [ 459.911030][T12477] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 459.911070][T12477] ? netlink_deliver_tap+0x1ae/0xd30 [ 459.911100][T12477] genl_rcv+0x28/0x40 [ 459.911127][T12477] netlink_unicast+0x53d/0x7f0 [ 459.911158][T12477] ? __pfx_netlink_unicast+0x10/0x10 [ 459.911194][T12477] netlink_sendmsg+0x8d1/0xdd0 [ 459.911226][T12477] ? __pfx_netlink_sendmsg+0x10/0x10 [ 459.911265][T12477] ____sys_sendmsg+0xa95/0xc70 [ 459.911296][T12477] ? copy_msghdr_from_user+0x10a/0x160 [ 459.911335][T12477] ? __pfx_____sys_sendmsg+0x10/0x10 [ 459.911362][T12477] ? preempt_schedule_thunk+0x16/0x30 [ 459.911396][T12477] ? try_to_wake_up+0xa2f/0x1680 [ 459.911424][T12477] ___sys_sendmsg+0x134/0x1d0 [ 459.911464][T12477] ? __pfx____sys_sendmsg+0x10/0x10 [ 459.911513][T12477] ? __lock_acquire+0x622/0x1c90 [ 459.911587][T12477] __sys_sendmsg+0x16d/0x220 [ 459.911609][T12477] ? __pfx___sys_sendmsg+0x10/0x10 [ 459.911631][T12477] ? __x64_sys_futex+0x1e0/0x4c0 [ 459.911678][T12477] do_syscall_64+0xcd/0x490 [ 459.911703][T12477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.911727][T12477] RIP: 0033:0x7f4d5f98e929 [ 459.911746][T12477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.911772][T12477] RSP: 002b:00007f4d608d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 459.911793][T12477] RAX: ffffffffffffffda RBX: 00007f4d5fbb5fa0 RCX: 00007f4d5f98e929 [ 459.911808][T12477] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000007 [ 459.911823][T12477] RBP: 00007f4d5fa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 459.911837][T12477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.911854][T12477] R13: 0000000000000000 R14: 00007f4d5fbb5fa0 R15: 00007fff91ae3078 [ 459.911883][T12477] [ 461.378720][T12495] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 461.465090][T12480] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 461.595857][T12503] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1307'. [ 461.722070][T12480] could not allocate digest TFM handle [ 464.149106][T12534] zswap: compressor not available [ 464.283901][T12550] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1318'. [ 464.813857][T12566] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 466.992182][T12592] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input46 [ 467.401152][T12593] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1327'. [ 467.829518][T12597] zswap: compressor not available [ 467.988362][T12604] netlink: 13 bytes leftover after parsing attributes in process `syz.2.1327'. [ 468.115646][T12607] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 468.151557][T12608] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1329'. [ 468.167307][T12607] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1330'. [ 468.195791][T12610] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 468.219917][T12607] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1330'. [ 468.248402][T12610] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 469.798611][T12641] random: crng reseeded on system resumption [ 469.924148][T12645] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1340'. [ 470.145372][T12643] could not allocate digest TFM handle [ 470.223764][T12645] veth1_macvtap: left promiscuous mode [ 470.242184][T12645] macsec0: entered allmulticast mode [ 470.756758][T12654] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1342'. [ 471.055665][T12662] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1344'. [ 471.835513][T12661] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 471.871436][T12661] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 471.890541][T12661] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 471.919252][T12661] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 471.980861][T12678] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 473.222291][ T5966] Bluetooth: hci0: command 0x0c1a tx timeout [ 473.378258][T12696] ubi: mtd0 is already attached to ubi0 [ 473.385983][T12710] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1353'. [ 473.523090][T12716] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 473.942728][ T5966] Bluetooth: hci2: command 0x0c1a tx timeout [ 473.948886][ T5938] Bluetooth: hci3: command 0x0c1a tx timeout [ 473.956507][ T5938] Bluetooth: hci1: command 0x0c1a tx timeout [ 474.131646][T12727] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 474.720008][T12736] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1360'. [ 475.088294][T12736] team0: Port device team_slave_0 removed [ 475.992437][T12758] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1365'. [ 476.935402][T12770] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 478.644088][ T30] audit: type=1804 audit(4294967417.320:17): pid=12793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1371" name="/newroot/331/file0" dev="tmpfs" ino=1754 res=1 errno=0 [ 479.185973][T12808] __vm_enough_memory: pid: 12808, comm: syz.2.1373, bytes: 4398046511104 not enough memory for the allocation [ 479.256115][T12807] __vm_enough_memory: pid: 12807, comm: syz.2.1373, bytes: 4398046511104 not enough memory for the allocation [ 479.432203][T12816] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1375'. [ 479.923536][T12833] can: request_module (can-proto-0) failed. [ 480.423546][T12832] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 480.475601][T12832] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 480.768036][T12832] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 480.826085][T12832] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 481.415852][T12850] FAULT_INJECTION: forcing a failure. [ 481.415852][T12850] name failslab, interval 1, probability 0, space 0, times 0 [ 481.560673][T12851] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 481.604864][T12850] CPU: 0 UID: 0 PID: 12850 Comm: syz.2.1380 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 481.604899][T12850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 481.604915][T12850] Call Trace: [ 481.604923][T12850] [ 481.604932][T12850] dump_stack_lvl+0x16c/0x1f0 [ 481.604977][T12850] should_fail_ex+0x512/0x640 [ 481.605013][T12850] ? __kmalloc_noprof+0xbf/0x510 [ 481.605051][T12850] ? ops_init+0x77/0x5f0 [ 481.605072][T12850] should_failslab+0xc2/0x120 [ 481.605095][T12850] __kmalloc_noprof+0xd2/0x510 [ 481.605129][T12850] ? lockdep_init_map_type+0x5c/0x280 [ 481.605170][T12850] ops_init+0x77/0x5f0 [ 481.605197][T12850] setup_net+0x1ff/0x510 [ 481.605220][T12850] ? lockdep_init_map_type+0x5c/0x280 [ 481.605253][T12850] ? __pfx_setup_net+0x10/0x10 [ 481.605280][T12850] ? debug_mutex_init+0x37/0x70 [ 481.605306][T12850] copy_net_ns+0x2a6/0x5f0 [ 481.605336][T12850] create_new_namespaces+0x3ea/0xa90 [ 481.605369][T12850] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 481.605398][T12850] ksys_unshare+0x45b/0xa40 [ 481.605430][T12850] ? __pfx_ksys_unshare+0x10/0x10 [ 481.605469][T12850] ? xfd_validate_state+0x61/0x180 [ 481.605511][T12850] __x64_sys_unshare+0x31/0x40 [ 481.605542][T12850] do_syscall_64+0xcd/0x490 [ 481.605566][T12850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.605592][T12850] RIP: 0033:0x7f7935d8e929 [ 481.605611][T12850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 481.605635][T12850] RSP: 002b:00007f7933bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 481.605658][T12850] RAX: ffffffffffffffda RBX: 00007f7935fb6080 RCX: 00007f7935d8e929 [ 481.605674][T12850] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 481.605689][T12850] RBP: 00007f7935e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 481.605704][T12850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 481.605718][T12850] R13: 0000000000000000 R14: 00007f7935fb6080 R15: 00007ffd2112c058 [ 481.605748][T12850] [ 482.086842][T12726] Bluetooth: hci0: command 0x0c1a tx timeout [ 482.502024][T12726] Bluetooth: hci3: command 0x0c1a tx timeout [ 482.508136][ T5945] Bluetooth: hci1: command 0x0c1a tx timeout [ 482.552725][T12861] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 482.878969][T12869] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 482.902168][T12726] Bluetooth: hci2: command 0x0c1a tx timeout [ 483.055907][T12875] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1387'. [ 483.585150][T12895] random: crng reseeded on system resumption [ 486.125309][T12941] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1398'. [ 486.154752][T12935] zswap: compressor not available [ 487.276081][T12960] can: request_module (can-proto-3) failed. [ 487.719113][T12959] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1403'. [ 487.947537][ T30] audit: type=1800 audit(4294967426.630:18): pid=12971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1406" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 489.173433][T12991] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1411'. [ 489.243577][T12991] nbd: must specify a device to reconfigure [ 489.759741][T13000] program syz.3.1413 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 489.870889][T13000] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 490.337806][T13020] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 490.937588][T13028] netlink: 'syz.1.1418': attribute type 2 has an invalid length. [ 491.080287][ T30] audit: type=1800 audit(4294967429.760:19): pid=13037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1420" name="lu_gp_id" dev="configfs" ino=42744 res=0 errno=0 [ 492.526928][T13069] netlink: 'syz.3.1428': attribute type 1 has an invalid length. [ 493.161510][T13080] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 494.346058][ T30] audit: type=1800 audit(4294967433.030:20): pid=13105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1437" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 495.521411][T13134] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[13134] [ 496.199400][T13135] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 497.097895][T13162] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 497.266092][T13162] random: crng reseeded on system resumption [ 497.326282][T13167] Setting dangerous option i915.mitigations - tainting kernel                                                                                                                                                                                                               [ 521.186991][T13602] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 521.322838][T13613] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 525.011776][T13670] syz.1.1553 (13670): attempted to duplicate a private mapping with mremap. This is not supported. [ 525.466418][T13673] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 528.209521][T13679] sp0: Synchronizing with TNC [ 528.589589][T13679] vivid-003: ================= START STATUS ================= [ 528.710634][T13679] vivid-003: Radio HW Seek Mode: Bounded [ 528.847051][T13679] vivid-003: Radio Programmable HW Seek: false [ 528.977361][T13679] vivid-003: RDS Rx I/O Mode: Block I/O [ 529.089961][T13679] vivid-003: Generate RBDS Instead of RDS: false [ 529.169322][T13679] vivid-003: RDS Reception: true [ 529.274221][T13679] vivid-003: RDS Program Type: 0 inactive [ 529.280020][T13679] vivid-003: RDS PS Name: inactive [ 529.448237][T13679] vivid-003: RDS Radio Text: inactive [ 529.514745][T13679] vivid-003: RDS Traffic Announcement: false inactive [ 529.521631][T13679] vivid-003: RDS Traffic Program: false inactive [ 529.723606][T13679] vivid-003: RDS Music: false inactive [ 529.729149][T13679] vivid-003: ================== END STATUS ================== [ 533.382378][T13728] random: crng reseeded on system resumption [ 536.492636][T13760] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 536.617533][T13758] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 538.152390][T13785] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1579'. [ 538.292662][T13788] netlink: 'syz.1.1580': attribute type 2 has an invalid length. [ 538.342821][T13788] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1580'. [ 538.437063][T13792] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 538.763572][T13786] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1577'. [ 539.458362][T13786] bond0: (slave bond_slave_1): Releasing backup interface [ 541.903408][T13838] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 542.082372][T13833] zswap: compressor not available [ 542.286068][T13842] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 543.132007][T13848] can: request_module (can-proto-0) failed. [ 544.544553][T13883] zswap: compressor not available [ 545.164896][T13905] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1608'. [ 545.207956][T13905] vlan1: entered allmulticast mode [ 545.234366][T13905] veth0_vlan: entered allmulticast mode [ 545.653552][T13914] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 546.726164][T13945] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 547.287899][T13952] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 547.440568][T13957] FAULT_INJECTION: forcing a failure. [ 547.440568][T13957] name failslab, interval 1, probability 0, space 0, times 0 [ 547.522038][T13957] CPU: 0 UID: 0 PID: 13957 Comm: syz.2.1619 Tainted: G U 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 547.522078][T13957] Tainted: [U]=USER [ 547.522085][T13957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 547.522100][T13957] Call Trace: [ 547.522108][T13957] [ 547.522118][T13957] dump_stack_lvl+0x16c/0x1f0 [ 547.522168][T13957] should_fail_ex+0x512/0x640 [ 547.522204][T13957] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 547.522243][T13957] should_failslab+0xc2/0x120 [ 547.522265][T13957] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 547.522300][T13957] ? alloc_empty_file+0x55/0x1e0 [ 547.522328][T13957] alloc_empty_file+0x55/0x1e0 [ 547.522354][T13957] path_openat+0xda/0x2cb0 [ 547.522385][T13957] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.522420][T13957] ? __pfx_path_openat+0x10/0x10 [ 547.522455][T13957] ? __lock_acquire+0xb8a/0x1c90 [ 547.522490][T13957] do_filp_open+0x20b/0x470 [ 547.522524][T13957] ? __pfx_do_filp_open+0x10/0x10 [ 547.522580][T13957] ? alloc_fd+0x471/0x7d0 [ 547.522620][T13957] do_sys_openat2+0x11b/0x1d0 [ 547.522647][T13957] ? __pfx_do_sys_openat2+0x10/0x10 [ 547.522684][T13957] __x64_sys_openat+0x174/0x210 [ 547.522711][T13957] ? __pfx___x64_sys_openat+0x10/0x10 [ 547.522749][T13957] do_syscall_64+0xcd/0x490 [ 547.522774][T13957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.522799][T13957] RIP: 0033:0x7f7935d8d290 [ 547.522820][T13957] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 547.522844][T13957] RSP: 002b:00007f7936b1ff10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 547.522867][T13957] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7935d8d290 [ 547.522882][T13957] RDX: 0000000000000002 RSI: 00007f7936b1ffa0 RDI: 00000000ffffff9c [ 547.522897][T13957] RBP: 00007f7936b1ffa0 R08: 0000000000000000 R09: 0000000000000000 [ 547.522912][T13957] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 547.522926][T13957] R13: 0000000000000000 R14: 00007f7935fb5fa0 R15: 00007ffd2112c058 [ 547.522955][T13957] [ 547.875373][T13962] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 549.110567][ T30] audit: type=1804 audit(4294967487.790:23): pid=13974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1620" name="file0" dev="tmpfs" ino=2240 res=1 errno=0 [ 549.221907][ T30] audit: type=1800 audit(4294967487.830:24): pid=13974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1620" name="file0" dev="tmpfs" ino=2240 res=0 errno=0 [ 549.514115][T13976] Process accounting resumed [ 549.598341][T13967] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 550.427758][T13997] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 550.602821][T13987] zswap: compressor not available [ 551.037656][T14011] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1628'. [ 552.035895][T14031] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1632'. [ 552.342136][T14040] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input48 [ 552.780267][T14050] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1634'. [ 553.055974][T14047] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 556.664138][T14134] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 557.870779][T14168] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1656'. [ 560.472741][T14221] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input50 [ 561.456536][T14236] netlink: zone id is out of range [ 561.456536][T14235] netlink: zone id is out of range [ 561.456558][T14235] netlink: zone id is out of range [ 561.456570][T14235] netlink: zone id is out of range [ 561.461707][T14236] netlink: zone id is out of range [ 561.466911][T14235] netlink: zone id is out of range [ 561.466927][T14235] netlink: zone id is out of range [ 561.466938][T14235] netlink: zone id is out of range [ 561.466949][T14235] netlink: zone id is out of range [ 561.466961][T14235] netlink: zone id is out of range [ 561.466973][T14235] netlink: zone id is out of range [ 561.618543][T14244] futex_wake_op: syz.0.1668 tries to shift op by 64; fix this program [ 562.630762][T14253] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 563.038234][T14261] netlink: 'syz.0.1673': attribute type 2 has an invalid length. [ 563.538058][T14273] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input51 [ 563.983262][T14280] zswap: compressor not available [ 567.079903][T14341] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1686'. [ 567.139652][T14366] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1691'. [ 568.197546][T14383] futex_wake_op: syz.3.1696 tries to shift op by 64; fix this program [ 568.933267][T14391] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 569.841085][T14397] device-mapper: ioctl: only supply one of name or uuid, cmd(17) [ 570.590641][T14417] aoe: could not set interface list: too many interfaces [ 570.670602][T14419] zswap: compressor not available [ 572.208535][T14449] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 572.852319][T12726] Bluetooth: hci0: unexpected subevent 0x03 length: 253 > 9 [ 574.565449][T14480] zswap: compressor not available [ 577.290450][T14519] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 577.688891][T14525] zswap: compressor not available [ 578.976206][T14554] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 579.075433][T14551] QAT: Device 7 not found [ 579.262241][T14551] nbd: socks must be embedded in a SOCK_ITEM attr [ 579.557221][T14556] Process accounting paused [ 580.363641][T14543] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 580.502716][T14571] [ 580.505135][T14571] ====================================================== [ 580.512176][T14571] WARNING: possible circular locking dependency detected [ 580.519224][T14571] 6.16.0-rc1-syzkaller #0 Tainted: G U [ 580.526180][T14571] ------------------------------------------------------ [ 580.533226][T14571] syz.3.1732/14571 is trying to acquire lock: [ 580.539310][T14571] ffffffff8e52ea68 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470 [ 580.548938][T14571] [ 580.548938][T14571] but task is already holding lock: [ 580.556334][T14571] ffff888142bea7c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 580.567628][T14571] [ 580.567628][T14571] which lock already depends on the new lock. [ 580.567628][T14571] [ 580.578046][T14571] [ 580.578046][T14571] the existing dependency chain (in reverse order) is: [ 580.587180][T14571] [ 580.587180][T14571] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 580.595836][T14571] blk_alloc_queue+0x619/0x760 [ 580.601155][T14571] blk_mq_alloc_queue+0x175/0x290 [ 580.606745][T14571] __blk_mq_alloc_disk+0x29/0x120 [ 580.612332][T14571] loop_add+0x49e/0xb70 [ 580.617036][T14571] loop_init+0x164/0x270 [ 580.621834][T14571] do_one_initcall+0x120/0x6e0 [ 580.627150][T14571] kernel_init_freeable+0x5c2/0x900 [ 580.632910][T14571] kernel_init+0x1c/0x2b0 [ 580.637790][T14571] ret_from_fork+0x5d4/0x6f0 [ 580.642945][T14571] ret_from_fork_asm+0x1a/0x30 [ 580.648258][T14571] [ 580.648258][T14571] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 580.655507][T14571] fs_reclaim_acquire+0x102/0x150 [ 580.661085][T14571] prepare_alloc_pages+0x162/0x610 [ 580.666766][T14571] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 580.673234][T14571] __alloc_pages_noprof+0xb/0x1b0 [ 580.678815][T14571] pcpu_populate_chunk+0x110/0xb00 [ 580.684474][T14571] pcpu_alloc_noprof+0x86a/0x1470 [ 580.690053][T14571] xt_percpu_counter_alloc+0x13e/0x1b0 [ 580.696074][T14571] find_check_entry.constprop.0+0xbc/0x9b0 [ 580.702440][T14571] translate_table+0xc98/0x1720 [ 580.707846][T14571] ipt_register_table+0x102/0x430 [ 580.713425][T14571] iptable_mangle_table_init+0x40/0x60 [ 580.719446][T14571] xt_find_table_lock+0x2e1/0x520 [ 580.725039][T14571] xt_request_find_table_lock+0x28/0xf0 [ 580.731145][T14571] get_info+0x190/0x610 [ 580.735863][T14571] do_ipt_get_ctl+0x169/0xa10 [ 580.741105][T14571] nf_getsockopt+0x7c/0xe0 [ 580.746081][T14571] ip_getsockopt+0x18c/0x1e0 [ 580.751233][T14571] tcp_getsockopt+0xa1/0x100 [ 580.756379][T14571] do_sock_getsockopt+0x3fc/0x800 [ 580.761980][T14571] __sys_getsockopt+0x123/0x1b0 [ 580.767400][T14571] __x64_sys_getsockopt+0xbd/0x160 [ 580.773077][T14571] do_syscall_64+0xcd/0x490 [ 580.778127][T14571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.784574][T14571] [ 580.784574][T14571] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 580.792349][T14571] __lock_acquire+0x126f/0x1c90 [ 580.797759][T14571] lock_acquire+0x179/0x350 [ 580.802821][T14571] __mutex_lock+0x199/0xb90 [ 580.807869][T14571] pcpu_alloc_noprof+0xb4c/0x1470 [ 580.813459][T14571] blk_stat_alloc_callback+0xc8/0x280 [ 580.819470][T14571] wbt_init+0xac/0x540 [ 580.824087][T14571] queue_wb_lat_store+0x354/0x3d0 [ 580.829669][T14571] queue_attr_store+0x279/0x320 [ 580.835100][T14571] sysfs_kf_write+0xf2/0x150 [ 580.840243][T14571] kernfs_fop_write_iter+0x351/0x510 [ 580.846093][T14571] vfs_write+0x6c4/0x1150 [ 580.850984][T14571] ksys_write+0x12a/0x250 [ 580.855869][T14571] do_syscall_64+0xcd/0x490 [ 580.860927][T14571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.867369][T14571] [ 580.867369][T14571] other info that might help us debug this: [ 580.867369][T14571] [ 580.877613][T14571] Chain exists of: [ 580.877613][T14571] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#18 [ 580.877613][T14571] [ 580.891319][T14571] Possible unsafe locking scenario: [ 580.891319][T14571] [ 580.898786][T14571] CPU0 CPU1 [ 580.904171][T14571] ---- ---- [ 580.909553][T14571] lock(&q->q_usage_counter(io)#18); [ 580.914964][T14571] lock(fs_reclaim); [ 580.921513][T14571] lock(&q->q_usage_counter(io)#18); [ 580.929468][T14571] lock(pcpu_alloc_mutex); [ 580.934022][T14571] [ 580.934022][T14571] *** DEADLOCK *** [ 580.934022][T14571] [ 580.942277][T14571] 6 locks held by syz.3.1732/14571: [ 580.947500][T14571] #0: ffff8880355d62b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 580.956636][T14571] #1: ffff8880316b0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 580.965701][T14571] #2: ffff88805cd07c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 580.975553][T14571] #3: ffff888025b10e18 (kn->active#264){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 580.985736][T14571] #4: ffff888142bea7c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 580.997469][T14571] #5: ffff888142bea800 (&q->q_usage_counter(queue)#23){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 581.009461][T14571] [ 581.009461][T14571] stack backtrace: [ 581.015374][T14571] CPU: 1 UID: 0 PID: 14571 Comm: syz.3.1732 Tainted: G U 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 581.015413][T14571] Tainted: [U]=USER [ 581.015422][T14571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 581.015438][T14571] Call Trace: [ 581.015446][T14571] [ 581.015456][T14571] dump_stack_lvl+0x116/0x1f0 [ 581.015502][T14571] print_circular_bug+0x275/0x350 [ 581.015538][T14571] check_noncircular+0x14c/0x170 [ 581.015575][T14571] __lock_acquire+0x126f/0x1c90 [ 581.015615][T14571] lock_acquire+0x179/0x350 [ 581.015649][T14571] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 581.015687][T14571] ? __pfx___might_resched+0x10/0x10 [ 581.015714][T14571] ? ksys_write+0x12a/0x250 [ 581.015750][T14571] ? do_syscall_64+0xcd/0x490 [ 581.015773][T14571] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.015803][T14571] __mutex_lock+0x199/0xb90 [ 581.015827][T14571] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 581.015864][T14571] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 581.015901][T14571] ? __pfx___mutex_lock+0x10/0x10 [ 581.015935][T14571] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 581.015971][T14571] pcpu_alloc_noprof+0xb4c/0x1470 [ 581.016014][T14571] ? __pfx_wbt_data_dir+0x10/0x10 [ 581.016054][T14571] ? __pfx_wb_timer_fn+0x10/0x10 [ 581.016087][T14571] blk_stat_alloc_callback+0xc8/0x280 [ 581.016113][T14571] ? kasan_save_track+0x14/0x30 [ 581.016153][T14571] wbt_init+0xac/0x540 [ 581.016181][T14571] queue_wb_lat_store+0x354/0x3d0 [ 581.016232][T14571] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 581.016278][T14571] ? __mutex_trylock_common+0xe9/0x250 [ 581.016314][T14571] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 581.016357][T14571] queue_attr_store+0x279/0x320 [ 581.016400][T14571] ? __pfx_queue_attr_store+0x10/0x10 [ 581.016442][T14571] ? __lock_acquire+0x622/0x1c90 [ 581.016482][T14571] ? find_held_lock+0x2b/0x80 [ 581.016507][T14571] ? sysfs_file_kobj+0xe4/0x290 [ 581.016541][T14571] ? __pfx_queue_attr_store+0x10/0x10 [ 581.016583][T14571] sysfs_kf_write+0xf2/0x150 [ 581.016615][T14571] kernfs_fop_write_iter+0x351/0x510 [ 581.016641][T14571] ? __pfx_sysfs_kf_write+0x10/0x10 [ 581.016675][T14571] vfs_write+0x6c4/0x1150 [ 581.016711][T14571] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 581.016740][T14571] ? __pfx___mutex_lock+0x10/0x10 [ 581.016764][T14571] ? __pfx_vfs_write+0x10/0x10 [ 581.016811][T14571] ksys_write+0x12a/0x250 [ 581.016848][T14571] ? __pfx_ksys_write+0x10/0x10 [ 581.016891][T14571] do_syscall_64+0xcd/0x490 [ 581.016916][T14571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.016944][T14571] RIP: 0033:0x7f4d5f98e929 [ 581.016964][T14571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 581.016991][T14571] RSP: 002b:00007f4d608b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 581.017015][T14571] RAX: ffffffffffffffda RBX: 00007f4d5fbb6080 RCX: 00007f4d5f98e929 [ 581.017033][T14571] RDX: 0000000000000009 RSI: 00002000000001c0 RDI: 0000000000000005 [ 581.017049][T14571] RBP: 00007f4d5fa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 581.017065][T14571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 581.017081][T14571] R13: 0000000000000000 R14: 00007f4d5fbb6080 R15: 00007fff91ae3078 [ 581.017107][T14571]