last executing test programs: 17.976096898s ago: executing program 3 (id=2342): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r0 = socket(0x10, 0x4, 0xffffffc0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x120e2, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r3, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000046a65d9d7c9d41c16aaac048b9119f7c7660cab6ae7c86", @ANYRES16=r4, @ANYBLOB="010325bd7040ffdbdf250a0000000c0002006e6c38303231310008000a00ef010000"], 0x28}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0004, 0x1a) setsockopt$auto_SO_SNDBUF(r0, 0x1, 0x7, &(0x7f0000000280)='{!\'\\}\x00', 0xceb3) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(0xffffffffffffffff, &(0x7f00000010c0)=""/4082, 0xff2) setgroups$auto(0x1e9, &(0x7f0000000180)=0x400000) madvise$auto(0x6, 0x3, 0xffffff33) 14.91372544s ago: executing program 3 (id=2345): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/bpq3/power/control\x00', 0x149b01, 0x0) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/ksm/merge_across_nodes\x00', 0x80202, 0x0) read$auto(r1, 0x0, 0x80) write$auto(r1, 0x0, 0x5) r2 = socket(0x10, 0x2, 0x0) r3 = wait4$auto(0xffffffffffffffff, &(0x7f00000001c0)=0xbf, 0xc3, &(0x7f0000000400)={{0x0, 0x10000}, {0x8, 0x7}, 0x2, 0x4, 0x3ff, 0x10, 0x6, 0xfffffffffffffffc, 0x6, 0x3, 0x180, 0xf, 0x3, 0x401, 0x8001, 0x401}) ioctl$auto_FIFREEZE(r0, 0xc0045878, 0xfffffffffffffff9) r4 = waitid$auto_P_ALL(0x0, 0x3, &(0x7f00000004c0)={@_si_pad}, 0x0, &(0x7f0000000540)={{0x0, 0x1}, {0x8001, 0xfffffffffffffffd}, 0x3, 0x3ff, 0x94, 0x8, 0x0, 0xd644, 0x7fff, 0xa2f, 0x8c, 0x9, 0x5b01, 0x0, 0x5, 0x1}) r5 = semctl$auto_GETPID(0xaf3, 0x0, 0xb, 0x6) syz_open_procfs$namespace(r5, &(0x7f0000000000)='ns/net\x00') pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0xc63e, &(0x7f0000000100)={@siginfo_0_0={0x2, 0x1, 0x2, @_timer={r5, 0xffff301b, @sival_ptr=&(0x7f0000000040)="c2f1d294d0a78cd4802407883214456010c3522ecb728d7b1feece6b02bfbebced76866daba9160d4c03feca9e187dbe53160f22552a264f3be61503be21f07445f7ac1d6fc393f0ab844c73fc45287bd10f7dc5963d9c0e6af1569535d3c09f3c0fe323d65e304dc56c03ce347a01d6025d65ce8a", 0xf182}}}, 0x6dc6) tkill$auto(r5, 0xffffff73) r6 = clone$auto(0x9, 0x7, &(0x7f0000000200)=0x80000001, &(0x7f0000000600)=0x9, 0x6) capset$auto(&(0x7f0000000640)={0x9753, 0x0}, &(0x7f0000000680)={0x101, 0x0, 0x7f}) r8 = getpid() process_vm_readv$auto(r8, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) r9 = semctl$auto_GETPID(0x5, 0x3, 0xb, 0x6) r10 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r10, 0x1002, 0x0, 0x0, 0x0, 0x2) kill$auto(r10, 0x7) r11 = gettid() process_vm_writev$auto(r11, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) syz_clone3(&(0x7f0000000700)={0x83104000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000100), {0x19}, &(0x7f0000000300)=""/226, 0xe2, &(0x7f0000000140)=""/56, &(0x7f00000006c0)=[r3, r4, r5, r6, r7, r8, r9, r10, r11], 0x9}, 0x58) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df"], 0x1ac}}, 0x0) getsockname$auto(0x3, &(0x7f00000002c0), &(0x7f0000000180)=0x4) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) 12.532681293s ago: executing program 3 (id=2353): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) arch_prctl$auto(0x1022, 0xff) (async) arch_prctl$auto_ARCH_SHSTK_ENABLE(0x5001, 0x9) (async) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0xa480, 0x0) (async) readv$auto(0x3, &(0x7f0000000280)={0x0, 0xf7}, 0x87) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) (async) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x9, 0x63, 0x0, 0x0, 0x0, 0x8000008, 0x7, 0x2, 0x40000402, 0x9, 0x9, 0x2, 0xd, 0x80000007ff, 0xe}) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x0, 0x0) (async) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f000001f300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES32=r1], 0x1ac}}, 0x40000) (async) r2 = openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) (async) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000200)='/proc/uptime\x00', 0x2800, 0x0) sendfile$auto(0x2, 0x3, &(0x7f0000000040)=0x80, 0xc3e0) (async) readv$auto(r2, &(0x7f0000000140)={&(0x7f0000000240)="db9b1c5f41ee979901b9c3940bad4c402d259ef377cb46f78880900d6b95ab58cc1675868eb8948657a22247ce0a536bf92c57ff0ea313bf01e5048ec537516a110f17b22d9c8e834f87166162b4106b271a8c0cb4d92c2b4261d1d6d197057a2021ccd8f182ec12b6d8fa5e5e2492a4f73db9733eeb14791d2a1eb7fad9b842da7b9b0f62946d5d4f8ebd542c7a9287fca891cfe5489d669a70d55935d3982ce2dd59fcf89b1e0cf9d62d08e1b06b7b795a82a318e4302b4e23437f59506d5dc43c9aa1c3c6f6898faa202237930ecbc6294efc", 0x80}, 0x7) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x30, 0xff, 0x0, @raw=0xfffff020}}) 11.372295706s ago: executing program 3 (id=2356): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x40146f2c, 0x0) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) read$auto_force_wakeup_fops_hci_vhci(r1, &(0x7f0000000080)=""/216, 0xd8) sendmsg$auto_L2TP_CMD_TUNNEL_GET(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x0, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0xfffc}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x80}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004000}, 0x24004000) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x403c6f2b, 0x0) close_range$auto(0x2, 0x8, 0x0) 11.046796088s ago: executing program 3 (id=2357): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x801, 0x106) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000380), 0xffffffffffffffff) getsockopt$auto(0x3, 0x6, 0xb, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred=0xffffffffffffffff, 0x1, 0x1, 0x81, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d", @inferred=0x0}, 0x2, 0x5, 0x4, @raw, @integer={0x100000000000007, 0x5, 0x1}, "7adec199a16a2311eacf2fc7ae6e9858eeb78db8d04fdd73340238d212b6debe0eda71bdd709254592b67f9ca1adb17884a16f7ce8cbce0bb32791702b8d7c38"}) rt_sigqueueinfo$auto(r1, 0x7e, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x41, 0x7e73, @_sigfault={0x0, @_perf={0xc, 0x40009, 0x9}}}}) r2 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r2, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x49}, 0x5, &(0x7f0000000180), 0x5, 0xe}, 0x5}, 0x2, 0x100) r3 = socket(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptycc\x00', 0xa0840, 0x0) ioctl$auto(r4, 0x540a, 0x2) r5 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r6 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2c, 0x3, 0x0) r7 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0) sendfile$auto(0x3, r7, 0x0, 0x2) close_range$auto(r0, 0x8, 0x0) r8 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01002dbd7000fddbdf25030000000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES8=r8, @ANYBLOB="18000000", @ANYRES8=r5], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0) r9 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000480), r6) sendmsg$auto_NL80211_CMD_STOP_AP(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f00000004c0)={0x180, r9, 0x0, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_REG_RULES={0x16c, 0x22, 0x0, 0x1, [@generic="9adcbc588b083c6dabb63e75c2ad46ad328bad33e35a124f87ec7be33a31f47c2b0ecd99231ae1f46fcb88467e46fd45bf687f070525babd4e1493be3e0606838c857c7f11bda3a15e1a2b8c", @generic="8361ad4e293e6d508ec7b2277032a5b7c6bf7247a826020039ab1f06c7b7588f74eaebd56482013ba3675836b2abf92e23578b3d6a5e41e1b695", @generic="f10055310d55a56c71f80a7210fa2f8d2251d4d47c28b5e90ead8cbb92e7dbb47b2cb72b2e4450c2f58ad80664a8041dd57054df08d92372640710fbf07eebe5dc3bcf687a7887b3fd796896f731bba89b4d", @nested={0x8f, 0x20, 0x0, 0x1, [@generic="b405da7838ca25904f951730b6691a9d149d635f17eba96c3654bb60de5dc934634a5228daff24b634dc1fb2b41aa631f8254ae7a6f3f497da94d9e267049a22091b4457faddc28f36866cd7ca213b42fa6cdffca90f2b723710f655a34270309917f745a9ff14a5946a3d4e3a37f77e9d6287d4d6ced89c765c06", @nested={0x4, 0xed}, @nested={0x4, 0xbb}, @typed={0x8, 0x2, 0x0, 0x0, @fd=r5}]}]}]}, 0x180}, 0x1, 0x0, 0x0, 0x4}, 0x40005) write$auto(r6, &(0x7f0000000000)='-\x00', 0xfdef) 10.579857534s ago: executing program 3 (id=2361): fstat$auto(0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x7) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/dummy0/addr_gen_mode\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000001680)='\v\x90\xd1\xda\xbc>1\x8ag\x14\x18\xbe\xdc\x00', 0x1) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000000)={{0xe, 0x7fffffff, 0x3, 0x4, 0x1}, "6289312960d0d615bbacb03e98ee14ccf0726dd92281ef16c6066aecc19a1782"}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x1d, 0x3, 0x1) arch_prctl$auto(0x5003, 0x5) socketpair$auto(0x1, 0x3, 0x5, 0x0) ioctl$auto(0x3, 0xc048aec8, 0xffffffffffffffff) 5.524194479s ago: executing program 2 (id=2375): mlockall$auto(0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x103002, 0x0) read$auto_nvram_misc_fops_nvram(r0, 0x0, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r1, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x34, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@OVS_VPORT_ATTR_OPTIONS={0x4}, @OVS_VPORT_ATTR_NAME={0x6, 0x3, '*\x00'}, @OVS_VPORT_ATTR_UPCALL_PID={0x4}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0x2}, @OVS_VPORT_ATTR_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040010}, 0x800) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x807ff0000000000, 0x0, 0x40100000000aa) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) read$auto(r4, 0x0, 0x20) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r5 = socket(0x10, 0x2, 0x6) r6 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x40, r6, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_COORDINATOR={0x2c, 0x1e, 0x0, 0x1, [@nested={0x28, 0x5e, 0x0, 0x1, [@nested={0x8, 0x46, 0x0, 0x1, [@nested={0x4, 0xf7}]}, @nested={0x1c, 0x10, 0x0, 0x1, [@nested={0x18, 0x127, 0x0, 0x1, [@typed={0x14, 0x3f, 0x0, 0x0, @ipv6=@loopback}]}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008000}, 0x8044) r7 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r7, 0x107, 0x12, 0x0, 0x4) r8 = socket(0x11, 0x80003, 0x300) mmap$auto(0x3, 0x8001, 0x62, 0x10, r7, 0x7) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb2, 0x40000000000a1, 0x8000) setsockopt$auto(r8, 0x107, 0x12, 0x0, 0x4) writev$auto(r3, &(0x7f0000000200)={0x0, 0x3}, 0x3) 4.762728561s ago: executing program 2 (id=2378): socket(0x2, 0x5, 0x0) sendto$auto(0x3, 0x0, 0xe70, 0x3, &(0x7f0000000200), 0xfffffffc) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xd0, 0xfffffffffffffffc, 0x4) 4.353632834s ago: executing program 1 (id=2380): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x4, 0x8000040006) ptrace$auto(0x9, r0, 0xfffffffffffffffe, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x1, 0x5, 0x0) socket(0x2, 0x2, 0x0) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, r1, 0x0) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) r2 = openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000001380), 0x20000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mlockall$auto(0x7) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000000c0)=""/4096, 0x1000) preadv$auto(r2, 0x0, 0x2, 0x5, 0x19) socket$auto(0x1ff, 0xd, 0x9) 4.335920851s ago: executing program 2 (id=2381): syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff) prctl$auto(0x23, 0x7, 0x2008, 0x0, 0x0) (async) socket(0xa, 0x1, 0x100) (async) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x101100, 0x0) r1 = ioctl$auto_SW_SYNC_GET_DEADLINE(r0, 0xc0105702, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) rt_sigaction$auto(0x4, 0x0, 0x0, 0x8) r2 = waitid$auto_P_PID(0x1, 0x0, &(0x7f0000000240)={@_si_pad}, 0xfffffffc, &(0x7f00000002c0)={{0x6, 0x9}, {0x8, 0x5}, 0x6, 0x5, 0x5, 0xff, 0x35e, 0x2, 0x74, 0x5, 0x6, 0xd, 0x2, 0x4, 0x100000000, 0x4}) rt_sigqueueinfo$auto(r2, 0x1, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) (async) r3 = socket(0x26, 0xa, 0x7) (async, rerun: 32) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (rerun: 32) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r4, &(0x7f0000003280)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_psample(&(0x7f00000001c0), r3) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYRES8=r1, @ANYRES16=r5, @ANYBLOB="01002dbd7000fcdbdf257e000000e15a7ccb6fa6b96cc80660970127c28a92a6deed4168a16fd9acc9b80c2a50539598961c15a540343d129ac72a21902225626581f169f95bc07cc552c38aaa5c866acee6534eff72a1670f506568c3c8280e458a665702d23dda5a45bd6ca1f64844aa8558831ffc963a098faa4971fe0609dd320f3b68b03bbe1df3a7000000f7cf1a327a29031e91453b3952877943601351b0f7b23b51af956081f449d483989542ef6244adc1045117d9a08bbfb202f117bf9bb62f8455afbdd3d0fdd8cf8a00729eeb33ddd0dd4045bd266fc26a4cc7dff38f6d56721ae23ed3cf9417bde50e890b4ddd2130c165bd57bea6433bb349babfbffb3899f74d8575afaecb66011959da53ec91bba140b60a60c8272f6d40ac5cd62cc12a5cbc66f08fe9579eb6ec716503647d53f4ec615402192935f36a0c87dbcb07ced65663752648bc5f7f068f8767b30000"], 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) 3.764164273s ago: executing program 0 (id=2384): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, 0x0, 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) modify_ldt$auto(0x1, 0x0, 0x10) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000003c0)={[0x1ff, 0x6, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x20000003, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) socket(0xa, 0x3, 0x2c) r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000380), 0x82002, 0x0) ioctl$auto_RTC_AIE_OFF(r3, 0x7002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r4 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x0, 0x0) fcntl$auto_F_CREATED_QUERY(r4, 0x404, 0x3) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/saved_tgids\x00', 0x40001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/max_page_sharing\x00', 0x1ab101, 0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\rBBJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) socket(0x24, 0x0, 0x0) openat$auto_proc_coredump_filter_operations_base(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) open(&(0x7f00000004c0)='./cgroup\x00', 0x181080, 0x118) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/ieee80211/phy9/netdev:wlan1/stations/08:02:11:00:00:00/rc_stats_csv\x00', 0x0, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) 3.191876389s ago: executing program 0 (id=2385): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) socket(0x28, 0x5, 0x0) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec4\x00', 0x101901, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x9b3, 0x9, "0200000002000000997e763f227311", '\x00', "0400", "ffffffe7", ["f5404de9641f0000000060c1", 'p\x00', "ef5ac4927ad89c5c00"]}) 3.152602606s ago: executing program 2 (id=2386): r0 = openat$auto_lowpan_control_fops_6lowpan(0xffffffffffffff9c, &(0x7f0000000000), 0x220000, 0x0) read$auto_lowpan_control_fops_6lowpan(r0, &(0x7f0000000040)=""/134, 0x86) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x20499d, 0x9) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44b, 0x7, 0x5, 0x1007181, 0xd1, 0x7, 0x7, 0x7ff, 0x9, 0x80000001, 0x4, 0x200000000001, 0x384, 0xfffffffffffffffb, 0x8, 0x0, 0x2, 0x0, 0x864, 0xe, 0x22000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x4, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x2800000000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x200000000000]}, 0x80000a, 0xd) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioperm$auto(0x3, 0xe, 0x2000000000000149) pkey_free$auto(0xfffffffd) 3.104388285s ago: executing program 0 (id=2387): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f00000004c0)="445cc19989fb9c017005051c9085b524b7c0cc9b1a9f4edddfe162b01f9fe8f5adae095ec393ca717c2e4c6a64d1d08a304bb9528310c110129f6c575f67b4582a5f62b8e838fc6962c99765e6f49df32fe5fe58b9a26a37ef5d9c5f4789c742ab66cb019c4301e062dfeb918dbdb211b041bbeb9917bb2bb6c1bc1698a8d82139d84da0968c422c55239a2ed6bde3ec686e5fb78e80ee4c0045438d4f7fce23399079ece10b7e9e60185e97a0676ea0dbb2c14613f246f3089a1d9bbfd3dcc242b13e8ec303971c06b8e20f6f22820a23f0c642d9669ff73d85bf1c393f8d2f3a6755b5f222ee91f7f39c7eda4deaeeab296687a36914ac53eb6af38743eb03339bd94f3d9669adf2058b18648dc7306351ad5aada08450f3278cc2035282941542a4f2d70c1758b45a53fa2e016f57dd89629b5d2b7f5929c73da5f436ba0efec93deb7ccca0795176bb80d2afaea3bddec1d935a7c0fd9f41a3e180d19544b84b76d195ca07c9f88f0ffdf7e7831c01094133518941b5344c6b0771f9bda9af9ea4a571eba33acc91a32fd5240e06f5fc28f8b648b0d51d6efc66dbaaeed0bf3bc186093eaa6d060ef2001c298812c598be6cae0ca8ef5d4141224828f698daae1ffabfad67167dd5b5c3c91a496890ad9b3af588de8b8b58c220464c9695e815223e68c670361fff443114a49c738e42709de97dd192d3360cd0227023c9676339b7d10fe70c2509f13a011dcc19bd447478499e1727ca5457f8b69fd7193dd3a93ee1df99e541713e00d4c85aa04b79b2b7505a09d5e6867440c152cb2b4eb9f56618ca7dbeef37e8c95b5fbe2b3bcc521c75a5f3007e784ad4d2a93102e35e346635f54c0484e69171e4a8e7ab5a3f2e9cdfdc30ca0a6805c61bfabee48105cfd94284eef5", 0x288) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x1, 0x9, 0xdf, 0x1a, r1, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mbind$auto(0x0, 0x100000004, 0x4, 0x0, 0x20000000000006, 0x2) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) rt_sigqueueinfo$auto(0x0, 0x1, 0x0) acct$auto(&(0x7f0000000000)='/p\x00n\x05\x00\x00\x00\x00\x00\x00\t\x01\x05\xef\x16\x06\xd91\x00\x00\x00\x00\x00\x00\xda\x1a?\xde\xe9LJ^\xc6\x98-\xb3\x8e\xa8\xfc\x9e\xfc*\x18 \x9b=\x06\x00\x00X\x9d\x06\xaf\xb6\xcf?\xa1\xd0Cadu\xf21\x96\xd0#{\x1b\x99\xe3\xe9\x00\x00\x00\x00\xf6\xfb\xd8\xf7\xa1\xbf\x89\xb2\\f\xa6J\xb6\xc5\x00\xc9\x00\x00\a\x00\x00\x00\xecU\x9e\x00\x00\x00\x00\x00=rGAo\xdb\xb4\a\xf7\x9fF\xc1\x88\xca\xcbG\xdd\xa8\xc7L\xbf\x9b9p\xce8M5;\xb7\x03\xe9\xb23>\xf3\xd2\xc8\xb6?\xdd\a\xda\xc5Zfq\x93\xca6\x9f%4\xa8;d\x98)\x12\x10\xd5\xd9cc\x1d\x8dz(^\x8c*[\xe0\xcc\xa5=\\\xe6\xd3\xe6\xad\x11\xb4L\xbaf+\xeep\xd9p\xcd\xf1\xca\xf7d\x8d{Dr\xcc\xe2\xe3\xb2[vF\xe1\x8a9\xf8^\x13\xb6L \xca\xb3\xd1\xde\xf5g\x1f\x84;o#\xfb\n\x12\xfb\'\xaf\f\xc0\x85\x1bVRr\xf0\xf6\xbb\xacs\x97(T}v\xa4\xebp\xae\x9b\xf9I>Q\xe2\xe1t\x19z\x9fg\xbd\xc8*\x80c\xb2ZG\xdd\"\x04\\\x91\xd7\x17<+\x95\xef\xd0>[\xd4\x01(%\xb2\nU\x8d\x86(\xb7\x1e\x1f\x80\xe9\xc3=q o\xb6\xa5R\xc0\xa2\x8b\xb4') mmap$auto(0x0, 0x40009, 0x5, 0x9b72, r0, 0x28000) write$auto(0x1, 0x0, 0x80000000) 2.702545214s ago: executing program 1 (id=2388): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) setreuid$auto(0x0, 0x0) sysfs$auto(0x2, 0x41, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/nfsd.fh/content\x00', 0x100, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002abd7400fcdbdf251405000000000180080001002c88dd60bf5f8d3f3b7b5d5360f281949d299ae640d5b30dcc4d3978ca6ded189512030c4aa3ed02a15bedf9f4", @ANYRES32=r3, @ANYBLOB="0500180000000000"], 0x28}, 0x1, 0x0, 0x0, 0x24010881}, 0x0) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) close_range$auto(0x0, 0x5, 0x0) 2.563711731s ago: executing program 2 (id=2389): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) r2 = socket(0x2b, 0x1, 0x1) ioctl$auto(r2, 0x89a0, r0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) recvmmsg$auto(r1, &(0x7f00000002c0)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0xc}, 0x801}, 0x3, 0x6, 0x0) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f00000000c0), r0) sendmsg$auto_BATADV_CMD_GET_GATEWAYS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r3, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x220080c4}, 0x40800) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) 2.42279009s ago: executing program 0 (id=2390): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, 0x38) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/modules\x00', 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r1, &(0x7f00000010c0)=""/4096, 0x1000) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) ioctl$auto_TCFLSH2(0xffffffffffffffff, 0x540b, 0xfffffffffffffffd) socket(0xf, 0x3, 0x2) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000200)='/dev/usbmon7\x00', 0x1039c1, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x3a99, 0x0, 0x0, &(0x7f00000002c0)={[0x0, 0x9, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0x3568]}, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0x7, 0x10, 0x1, 0x948b, 0x600000000, 0x15f4da06, 0x5, 0x3, 0x80000002, 0x8000001f, 0x2, 0x6d3e, 0x4, 0x1, 0x6]}, 0x0) fsopen$auto(0x0, 0x1) socket(0xa, 0x5, 0x94) io_uring_setup$auto(0x6, &(0x7f0000000080)={0x1681, 0x54c24071, 0x6, 0xfffffff8, 0x5, 0x7, r3, [0x2, 0x20000, 0x9], {0x6, 0x7f, 0x0, 0x4, 0x1, 0x1, 0x60100, 0x1, 0x6}, {0x6, 0x3, 0x3, 0xfffffff7, 0x3fdd, 0x763e, 0x5, 0xd2de, 0x81}}) ioctl$auto_BLKSECDISCARD(r5, 0x127d, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.228827876s ago: executing program 1 (id=2391): openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) (async) io_uring_setup$auto(0x9e6, 0x0) (async, rerun: 32) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) (rerun: 32) mmap$auto(0x0, 0xe980, 0xdd, 0xeb1, 0x401, 0xfffffffd) (async) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) open(0x0, 0x22240, 0x155) (async) socket(0xa, 0x3, 0x3b) (async, rerun: 64) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) (async, rerun: 64) pipe$auto(0x0) (async) pipe$auto(0x0) (async) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) (async, rerun: 32) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0) (rerun: 32) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x3, 0x6b7b}, 0xed71389}, 0x986, 0xe000) (async) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0009, 0x1) (async, rerun: 64) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88000, 0x0) read$auto(r1, 0x0, 0x20) (async) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, 0x0, 0x24008804) statmount$auto(0x0, &(0x7f0000000180)={0x7fff, 0x1, 0x401c0, 0x734f, 0x35, 0x67f, 0x1ffdf, 0x7, 0x3, 0x20000002, 0xd, 0x9, 0x800000000001, 0x2091, 0xb4, 0x9, 0x2, 0x6, 0x40080, 0x4, 0x1cd7, 0x1000, 0x2000, 0x7fff, 0xde3a, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0xfff0000000000000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x91088cc, 0xfffffffffffffffc]}, 0x5, 0xd) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20008001}, 0x40800) (async) syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/user\x00') (async) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="bcee4b20", @ANYBLOB='&\x00-'], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) (async) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) (async) sysfs$auto(0xfffffffe, 0x60000, 0x0) (async) execveat$auto(r0, 0x0, 0x0, 0x0, 0x3c) (async) keyctl$auto(0x1d, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) socket(0x10, 0x2, 0x0) 1.984243475s ago: executing program 1 (id=2392): r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) mmap$auto(0x7f, 0x6, 0xd, 0x19, r0, 0x7) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x9, 0xf2cf, 0x300, 0x7f}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d6189100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000002100), 0x40444, 0x0) ioctl$auto_IOCTL_VMCI_DATAGRAM_RECEIVE(r1, 0x7ac, 0x0) mmap$auto(0xfffffffffffffffd, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) fcntl$auto_F_DUPFD(0xffffffffffffffff, 0x0, 0xffffffffffffffff) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) io_uring_setup$auto(0x6, 0x0) ioctl$auto(r2, 0x400c4d06, r2) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/pagemap\x00', 0x80800, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) (async) mmap$auto(0x7f, 0x6, 0xd, 0x19, r0, 0x7) (async) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x9, 0xf2cf, 0x300, 0x7f}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d6189100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa}) (async) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) (async) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) (async) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000002100), 0x40444, 0x0) (async) ioctl$auto_IOCTL_VMCI_DATAGRAM_RECEIVE(r1, 0x7ac, 0x0) (async) mmap$auto(0xfffffffffffffffd, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) (async) fcntl$auto_F_DUPFD(0xffffffffffffffff, 0x0, 0xffffffffffffffff) (async) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) (async) io_uring_setup$auto(0x6, 0x0) (async) ioctl$auto(r2, 0x400c4d06, r2) (async) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/pagemap\x00', 0x80800, 0x0) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x0) (async) 1.297976157s ago: executing program 0 (id=2393): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x535391c7, 0x7, 0x8) mmap$auto(0x0, 0x20004, 0x1ff, 0x10, 0x8000000000000024, 0x8000) sendmsg$auto_MACSEC_CMD_ADD_RXSC(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="780000001cdb2003caf2e431fe69cf14319fdf73036b0bacd60200000039364a2499e3304bdb688317f940b7f549fed7259e4ea0f6bf63b207e51cdeea26f4aa83dc86843dad5c5a3a65d2cd71e62b13acb5433aa064e06e756761417566b31afd8856696dcfad481075d1945f1fa7227c8112b009e565b9637844b6521ed7153ec150ea2398590050ab000000000000006b1e5cab21630fac39b3664f3a5b771260fa24e42ddf5401e226ef381dc11df8a86de438c6968b863534c32542fda4b62d4e62387612de4026633963526fa21617ce4a4f66de439aa2367ec4aafe083a7756744a9f337ab3016c4f385ecd653a8e559075625289c3272b00"/266, @ANYRES16=0x0, @ANYBLOB="200029bd7000fddbdf250100000008000100", @ANYRES32=0x0, @ANYBLOB="5c00098014008700fc0200000000000000000000000000000c006000040000000000000035003c80299e57995c9484564ef090f0bb7c2fa31229a4b50143ddf51e695578b7a5909a9501237fa2040029800800920006000000000000"], 0x78}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000000) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x65, 0x2) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r1, 0x0, 0x800003, 0x270) socket(0xf, 0x3, 0x2) madvise$auto_MADV_PAGEOUT(0xd, 0x8000, 0x15) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = open(&(0x7f0000000000)='./cgroup\x00', 0x400, 0x64) fchdir$auto(r2) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) umount2$auto(&(0x7f0000000040)='.\x00', 0x4) 898.125999ms ago: executing program 1 (id=2394): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="93a3d019b4065f58bb63000325bd7000fddbdf258600000005001901080000000500200103000000248dec31799217158fc53f194e749edc6a8772c33ff286da9230e8bf4a53735458d8baa7796b8221f0055e7de65626d6e7520fc143a3bfff6e962f305925312bf5d9ee5e1f"], 0x24}, 0x1, 0x0, 0x0, 0x8011}, 0x0) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) listen$auto(0x3, 0x83) listen$auto(0x3, 0x81) 652.655508ms ago: executing program 1 (id=2395): mmap$auto(0x0, 0x99, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0xe, 0x0, 0x8) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x800, 0x0) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000040)='/wys/kernel/ru_gen\x00\x00\x00\x00\x00\x00\x00\x00', 0x1003) read$auto(r1, 0x0, 0x7) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) ioctl$auto_FIOQSIZE(r1, 0x5460, 0x2) socket(0x11, 0x3, 0x7fffffff) landlock_create_ruleset$auto(&(0x7f0000000140)={0x4d8, 0x0, 0x101}, 0xe, 0x3) openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) capset$auto(0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) timer_create$auto(0x8, 0x0, 0x0) r4 = openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$auto_vga_arb_device_fops_vgaarb(r4, &(0x7f00000005c0)="d06f0b0b4950fa2645c5a15eea0b104db2ce9ae78d314ca52c728e27440d1e2aedf6559febee2b79f2beba9981e0659269ce6def59c8e06ce6ec059aa7fd8abd", 0x40) timer_settime$auto(0x0, 0x9, &(0x7f00000000c0)={{0x7fff, 0x30d}, {0x7, 0x4}}, 0x0) rt_sigaction$auto(0xe, &(0x7f0000000580)={&(0x7f00000004c0)=0x0, 0x100000001, 0x0, {0x7}}, 0x0, 0x8) sendmmsg$auto(r1, &(0x7f0000000040)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000080)="4c03000000", 0x49}, 0x7ff, &(0x7f0000000700), 0x40000000000005, 0x1}, 0x5}, 0x9, 0x100) unshare$auto(0x40000080) 622.963055ms ago: executing program 0 (id=2396): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dri/card0\x00', 0x80002, 0x0) ioctl$auto(r0, 0x64ce, 0xffffffffffffd4b4) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x24044010}, 0xc0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, &(0x7f0000000300)={{0x44, 0x1000, 0x516, 0xc, 0x8001}, 0x14, 0x3, "5393ec9ee1a359ebfd8ab328822966de770f81de9f3030ba72c3b9c470485b313ccdeaddb7375192d283434ccd7a4fcf610580ee3b0185518e192083050cd1b8", "29774fd7b1e0e15bcf05caaf9afe786e57ec0bfb5782b209660488a102c53621f044ecd2bd2af7d001796fb96cbdeff731bb082f904846051a6a2ed69e23fa2d172db24aa917ef4dd19d8ee1a932b433", 0x3, 0xfff, 0x539, 0x6, 0x1, "10600318de32c333f90a43191e2c46fbb952d53ece834088177df1a9a52340b7"}) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendmmsg$auto(r2, &(0x7f0000000240)={{&(0x7f0000000000), 0x6, &(0x7f0000000140)={&(0x7f0000000100)="bf8a68d37abbe7e466a54f047d0c92a965c588f507b9e6d99958ed2b285eeb05713fa6bf6d8618313e638801e32f6b8fe0f551cc", 0x3}, 0x3ff, &(0x7f0000000180)="40bac76176108e543d9735827bbcc226e57b046d29f9fcf3bcb5f3b84c8be73e8a948583285e42e42049c745df6bb778b995d06cb4e566a28f11b201e8c3316814050b245dd6a2261b1f48ad76d293f348919c67ecfcf9e8f97df51b0c0adc6d3999f9c7f1c611b778de67dd3c1a2eb5268806fa688802c0fd3d8fd6fa6abd03fbbbfcaf6a8ba10e4a883f39e4096058e688a02b2a64ccbef4a5897790d09d6abec06fbb", 0xffffffff00000000, 0x4}, 0x2}, 0x6, 0xfffffff1) r3 = socket(0x22, 0x2, 0x2) socket$nl_generic(0x10, 0x3, 0x10) connect$auto(0x3, 0x0, 0x51) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2200, 0x0) write$auto(0x3, 0x0, 0x81) r4 = openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000003540)='/proc/thread-self/setgroups\x00', 0x2, 0x0) writev$auto(r4, 0x0, 0x8) syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000340), r3) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0xa, 0x3, 0x3b) r6 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000280), r6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3b, 0x2, 0x948b, 0x3, 0x1000000095f4da0a, 0x4, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x9, 0x20000000000002, 0xa9]}, 0x0) write$auto(r5, &(0x7f0000000040)='/Aev/audio1\x00', 0x100000a3d9) read$auto_mISDN_fops_timerdev(0xffffffffffffffff, &(0x7f0000001a00)=""/4097, 0x1001) ioctl$auto_KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f0000000440)={0x3fd, 0x0, [{0x401, 0x8, 0x5, 0x1, 0x6, 0xffff, 0x7}, {0x9, 0x8, 0x8, 0xd, 0x0, 0xffff, 0x401}]}) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000400), r7) iopl$auto(0x3) 0s ago: executing program 2 (id=2397): mmap$auto(0x0, 0xf9, 0x7fffffff, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0xf9, 0x7fffffff, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/nbd4/queue/optimal_io_size\x00', 0x40000, 0x0) read$auto(r0, 0x0, 0x20) (async) read$auto(r0, 0x0, 0x20) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/pressure/cpu\x00', 0x85d7b51c471c1fb4, 0x0) (async) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/pressure/cpu\x00', 0x85d7b51c471c1fb4, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)=""/248, 0xf8) (async) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)=""/248, 0xf8) mmap$auto(0x0, 0x400009, 0xfffffffffffffffa, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) (async) r2 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getsockopt$auto(r2, 0x0, 0x62, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) (async) r4 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0) ioctl$auto(0x3, 0xc0303e03, r3) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x240009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r5 = openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x153b42, 0x0) write$auto_uhid_fops_uhid(r5, 0x0, 0xfccd) (async) write$auto_uhid_fops_uhid(r5, 0x0, 0xfccd) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/card0/pcm0c/sub3/status\x00', 0x20000, 0x0) r7 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x902, 0x0) ioctl$auto(r7, 0x80004d00, r6) openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000400), 0x40002, 0x0) (async) r8 = openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000400), 0x40002, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) mmap$auto(0x2, 0x8, 0x3f6, 0x15, r8, 0x4) kernel console output (not intermixed with test programs): > [ 496.427390][T13545] sysctl could not get directory: /net -12 [ 496.716218][T13562] netlink: 'syz.0.1631': attribute type 11 has an invalid length. [ 496.994757][T13568] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1633'. [ 499.077681][T13622] FAULT_INJECTION: forcing a failure. [ 499.077681][T13622] name fail_futex, interval 1, probability 0, space 0, times 0 [ 499.101443][T13622] CPU: 1 UID: 0 PID: 13622 Comm: syz.0.1640 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 499.101473][T13622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 499.101486][T13622] Call Trace: [ 499.101493][T13622] [ 499.101501][T13622] dump_stack_lvl+0x16c/0x1f0 [ 499.101536][T13622] should_fail_ex+0x512/0x640 [ 499.101571][T13622] get_futex_key+0x1d0/0x1540 [ 499.101596][T13622] ? __pfx_try_to_wake_up+0x10/0x10 [ 499.101616][T13622] ? __pfx_get_futex_key+0x10/0x10 [ 499.101638][T13622] ? plist_check_head+0xa3/0x150 [ 499.101672][T13622] futex_wake+0xea/0x530 [ 499.101703][T13622] ? __pfx_futex_wake+0x10/0x10 [ 499.101732][T13622] ? rcu_is_watching+0x12/0xc0 [ 499.101755][T13622] ? __lock_acquire+0x622/0x1c90 [ 499.101788][T13622] do_futex+0x1e3/0x350 [ 499.101813][T13622] ? __pfx_do_futex+0x10/0x10 [ 499.101840][T13622] ? find_held_lock+0x2b/0x80 [ 499.101863][T13622] __x64_sys_futex+0x1e0/0x4c0 [ 499.101890][T13622] ? __fget_files+0x20e/0x3c0 [ 499.101918][T13622] ? __pfx___x64_sys_futex+0x10/0x10 [ 499.101948][T13622] ? fdget+0x187/0x210 [ 499.101979][T13622] do_syscall_64+0xcd/0x490 [ 499.102013][T13622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.102035][T13622] RIP: 0033:0x7fbedbb8e929 [ 499.102051][T13622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.102071][T13622] RSP: 002b:00007fbedca650e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 499.102105][T13622] RAX: ffffffffffffffda RBX: 00007fbedbdb6088 RCX: 00007fbedbb8e929 [ 499.102118][T13622] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbedbdb608c [ 499.102130][T13622] RBP: 00007fbedbdb6080 R08: 00007fbedca87000 R09: 0000000000000000 [ 499.102142][T13622] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fbedbdb608c [ 499.102155][T13622] R13: 0000000000000000 R14: 00007ffe1f4a6780 R15: 00007ffe1f4a6868 [ 499.102179][T13622] [ 499.296673][ C1] vkms_vblank_simulate: vblank timer overrun [ 499.538295][ T30] audit: type=1800 audit(4294967330.110:54): pid=13622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1640" name="features" dev="configfs" ino=43454 res=0 errno=0 [ 499.982981][T13636] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1643'. [ 500.347705][T13607] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 502.516995][T13694] FAULT_INJECTION: forcing a failure. [ 502.516995][T13694] name failslab, interval 1, probability 0, space 0, times 0 [ 502.572845][T13694] CPU: 1 UID: 0 PID: 13694 Comm: syz.0.1656 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 502.572883][T13694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 502.572899][T13694] Call Trace: [ 502.572908][T13694] [ 502.572918][T13694] dump_stack_lvl+0x16c/0x1f0 [ 502.572963][T13694] should_fail_ex+0x512/0x640 [ 502.573001][T13694] ? __kmalloc_noprof+0xbf/0x510 [ 502.573068][T13694] ? tracing_log_err+0x4b4/0x6a0 [ 502.573104][T13694] should_failslab+0xc2/0x120 [ 502.573131][T13694] __kmalloc_noprof+0xd2/0x510 [ 502.573175][T13694] ? kasan_save_track+0x14/0x30 [ 502.573221][T13694] tracing_log_err+0x4b4/0x6a0 [ 502.573267][T13694] append_filter_err+0x380/0x5e0 [ 502.573386][T13694] apply_subsystem_event_filter+0x740/0x17a0 [ 502.573439][T13694] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 502.573485][T13694] ? _copy_from_user+0x59/0xd0 [ 502.573536][T13694] subsystem_filter_write+0x95/0x120 [ 502.573576][T13694] ? __pfx_subsystem_filter_write+0x10/0x10 [ 502.573612][T13694] vfs_write+0x29d/0x1150 [ 502.573660][T13694] ? __pfx___mutex_lock+0x10/0x10 [ 502.573705][T13694] ? __pfx_vfs_write+0x10/0x10 [ 502.573754][T13694] ? __rcu_read_unlock+0x2b4/0x580 [ 502.573797][T13694] ? __fget_files+0x20e/0x3c0 [ 502.573850][T13694] ksys_write+0x12a/0x250 [ 502.573891][T13694] ? __pfx_ksys_write+0x10/0x10 [ 502.573945][T13694] do_syscall_64+0xcd/0x490 [ 502.573993][T13694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.574023][T13694] RIP: 0033:0x7fbedbb8e929 [ 502.574047][T13694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 502.574076][T13694] RSP: 002b:00007fbedca86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 502.574104][T13694] RAX: ffffffffffffffda RBX: 00007fbedbdb5fa0 RCX: 00007fbedbb8e929 [ 502.574123][T13694] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006 [ 502.574140][T13694] RBP: 00007fbedbc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 502.574159][T13694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 502.574176][T13694] R13: 0000000000000000 R14: 00007fbedbdb5fa0 R15: 00007ffe1f4a6868 [ 502.574226][T13694] [ 502.801016][ C1] vkms_vblank_simulate: vblank timer overrun [ 502.977256][T13694] ptp ptp0: only physical clock in use now [ 503.351740][T13705] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 503.970243][T13719] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 504.297798][T13710] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 504.311105][T13710] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 504.318963][T13710] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 504.325745][T13710] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 505.719891][T13749] FAULT_INJECTION: forcing a failure. [ 505.719891][T13749] name failslab, interval 1, probability 0, space 0, times 0 [ 505.743742][T13749] CPU: 1 UID: 0 PID: 13749 Comm: syz.3.1668 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 505.743784][T13749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 505.743801][T13749] Call Trace: [ 505.743811][T13749] [ 505.743822][T13749] dump_stack_lvl+0x16c/0x1f0 [ 505.743873][T13749] should_fail_ex+0x512/0x640 [ 505.743912][T13749] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 505.743952][T13749] should_failslab+0xc2/0x120 [ 505.743985][T13749] __kmalloc_cache_noprof+0x6a/0x3e0 [ 505.744022][T13749] ? find_held_lock+0x2b/0x80 [ 505.744045][T13749] ? __configfs_open_file+0xcb/0x9c0 [ 505.744087][T13749] ? __pfx_apparmor_file_open+0x10/0x10 [ 505.744125][T13749] __configfs_open_file+0xcb/0x9c0 [ 505.744166][T13749] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 505.744209][T13749] do_dentry_open+0x744/0x1c10 [ 505.744250][T13749] ? __pfx_configfs_open_file+0x10/0x10 [ 505.744299][T13749] vfs_open+0x82/0x3f0 [ 505.744331][T13749] dentry_open+0x71/0xd0 [ 505.744359][T13749] ima_calc_file_hash+0x2b6/0x490 [ 505.744407][T13749] ima_collect_measurement+0x897/0xa40 [ 505.744443][T13749] ? __pfx_ima_collect_measurement+0x10/0x10 [ 505.744491][T13749] ? __mutex_lock+0x1ca/0xb90 [ 505.744532][T13749] ? is_bad_inode+0xd/0x40 [ 505.744563][T13749] ? xattr_resolve_name+0x27b/0x3f0 [ 505.744604][T13749] ? vfs_getxattr_alloc+0xec/0x340 [ 505.744660][T13749] ? ima_get_hash_algo+0x27c/0x400 [ 505.744695][T13749] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 505.744743][T13749] ? process_measurement+0x11fa/0x23e0 [ 505.744781][T13749] process_measurement+0x11fa/0x23e0 [ 505.744839][T13749] ? __pfx_process_measurement+0x10/0x10 [ 505.744872][T13749] ? __lock_acquire+0xb8a/0x1c90 [ 505.744938][T13749] ? __configfs_open_file+0x79a/0x9c0 [ 505.744978][T13749] ? inode_to_bdi+0x9e/0x160 [ 505.745019][T13749] ima_file_check+0xc5/0x110 [ 505.745052][T13749] ? __pfx_ima_file_check+0x10/0x10 [ 505.745093][T13749] security_file_post_open+0x8e/0x210 [ 505.745123][T13749] path_openat+0x1404/0x2cb0 [ 505.745165][T13749] ? __pfx_path_openat+0x10/0x10 [ 505.745200][T13749] ? __lock_acquire+0xb8a/0x1c90 [ 505.745232][T13749] do_filp_open+0x20b/0x470 [ 505.745265][T13749] ? __pfx_do_filp_open+0x10/0x10 [ 505.745319][T13749] ? alloc_fd+0x471/0x7d0 [ 505.745357][T13749] do_sys_openat2+0x11b/0x1d0 [ 505.745381][T13749] ? __pfx_do_sys_openat2+0x10/0x10 [ 505.745410][T13749] ? __fget_files+0x20e/0x3c0 [ 505.745446][T13749] __x64_sys_openat+0x174/0x210 [ 505.745472][T13749] ? __pfx___x64_sys_openat+0x10/0x10 [ 505.745496][T13749] ? ksys_write+0x1ac/0x250 [ 505.745539][T13749] do_syscall_64+0xcd/0x490 [ 505.745576][T13749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.745600][T13749] RIP: 0033:0x7f7d6518e929 [ 505.745617][T13749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 505.745640][T13749] RSP: 002b:00007f7d66051038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 505.745661][T13749] RAX: ffffffffffffffda RBX: 00007f7d653b5fa0 RCX: 00007f7d6518e929 [ 505.745677][T13749] RDX: 0000000000101003 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 505.745691][T13749] RBP: 00007f7d66051090 R08: 0000000000000000 R09: 0000000000000000 [ 505.745706][T13749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 505.745720][T13749] R13: 0000000000000001 R14: 00007f7d653b5fa0 R15: 00007ffdbcf8d418 [ 505.745748][T13749] [ 505.745889][ T7992] Bluetooth: hci0: command 0x0c1a tx timeout [ 506.100190][ T30] audit: type=1800 audit(4294967336.330:55): pid=13749 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1668" name="features" dev="configfs" ino=43662 res=0 errno=0 [ 506.362518][ T7992] Bluetooth: hci3: command 0x0c1a tx timeout [ 506.368637][ T7992] Bluetooth: hci2: command 0x0c1a tx timeout [ 506.374750][ T7978] Bluetooth: hci1: command 0x0c1a tx timeout [ 506.463004][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.482380][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.533676][ T30] audit: type=1800 audit(4294967338.120:56): pid=13786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1677" name="features" dev="configfs" ino=43714 res=0 errno=0 [ 510.361057][T13834] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1684'. [ 510.544171][T13834] veth1_macvtap: left promiscuous mode [ 511.582292][ T30] audit: type=1800 audit(4294967342.140:57): pid=13866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1689" name="features" dev="configfs" ino=43902 res=0 errno=0 [ 511.833601][T13870] binder: 13867:13870 ioctl c0306201 200000000240 returned -14 [ 512.533186][T13895] syz.1.1695(13895): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 512.796402][T13903] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 512.815622][T13903] audit: out of memory in audit_log_start [ 514.243125][T13932] FAULT_INJECTION: forcing a failure. [ 514.243125][T13932] name failslab, interval 1, probability 0, space 0, times 0 [ 514.272447][T13932] CPU: 1 UID: 0 PID: 13932 Comm: syz.2.1706 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 514.272483][T13932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 514.272499][T13932] Call Trace: [ 514.272507][T13932] [ 514.272518][T13932] dump_stack_lvl+0x16c/0x1f0 [ 514.272562][T13932] should_fail_ex+0x512/0x640 [ 514.272605][T13932] ? aa_label_asxprint+0x75/0x140 [ 514.272629][T13932] should_failslab+0xc2/0x120 [ 514.272654][T13932] __kmalloc_noprof+0xd2/0x510 [ 514.272703][T13932] aa_label_asxprint+0x75/0x140 [ 514.272732][T13932] apparmor_lsmprop_to_secctx+0xb2/0x1a0 [ 514.272770][T13932] security_lsmprop_to_secctx+0x94/0x260 [ 514.272808][T13932] audit_log_task_context+0x134/0x1a0 [ 514.272843][T13932] ? __pfx_audit_log_task_context+0x10/0x10 [ 514.272885][T13932] ? from_kuid+0x8d/0xd0 [ 514.272926][T13932] ? __pfx_from_kuid+0x10/0x10 [ 514.272975][T13932] integrity_audit_message+0x269/0x580 [ 514.273012][T13932] ? take_dentry_name_snapshot+0x314/0x7d0 [ 514.273041][T13932] ? __pfx_integrity_audit_message+0x10/0x10 [ 514.273079][T13932] ? take_dentry_name_snapshot+0x319/0x7d0 [ 514.273114][T13932] integrity_audit_msg+0x41/0x60 [ 514.273152][T13932] ima_collect_measurement+0x784/0xa40 [ 514.273191][T13932] ? __pfx_ima_collect_measurement+0x10/0x10 [ 514.273262][T13932] ? __mutex_lock+0x1ca/0xb90 [ 514.273304][T13932] ? is_bad_inode+0xd/0x40 [ 514.273336][T13932] ? xattr_resolve_name+0x27b/0x3f0 [ 514.273379][T13932] ? vfs_getxattr_alloc+0xec/0x340 [ 514.273434][T13932] ? ima_get_hash_algo+0x27c/0x400 [ 514.273472][T13932] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 514.273520][T13932] ? process_measurement+0x11fa/0x23e0 [ 514.273571][T13932] process_measurement+0x11fa/0x23e0 [ 514.273623][T13932] ? __pfx_process_measurement+0x10/0x10 [ 514.273661][T13932] ? __lock_acquire+0xb8a/0x1c90 [ 514.273744][T13932] ? __configfs_open_file+0x79a/0x9c0 [ 514.273787][T13932] ? inode_to_bdi+0x9e/0x160 [ 514.273836][T13932] ima_file_check+0xc5/0x110 [ 514.273876][T13932] ? __pfx_ima_file_check+0x10/0x10 [ 514.273924][T13932] security_file_post_open+0x8e/0x210 [ 514.273959][T13932] path_openat+0x1404/0x2cb0 [ 514.274009][T13932] ? __pfx_path_openat+0x10/0x10 [ 514.274050][T13932] ? __lock_acquire+0xb8a/0x1c90 [ 514.274088][T13932] do_filp_open+0x20b/0x470 [ 514.274126][T13932] ? __pfx_do_filp_open+0x10/0x10 [ 514.274193][T13932] ? alloc_fd+0x471/0x7d0 [ 514.274237][T13932] do_sys_openat2+0x11b/0x1d0 [ 514.274268][T13932] ? __pfx_do_sys_openat2+0x10/0x10 [ 514.274301][T13932] ? __fget_files+0x20e/0x3c0 [ 514.274343][T13932] __x64_sys_openat+0x174/0x210 [ 514.274374][T13932] ? __pfx___x64_sys_openat+0x10/0x10 [ 514.274408][T13932] ? ksys_write+0x1ac/0x250 [ 514.274459][T13932] do_syscall_64+0xcd/0x490 [ 514.274519][T13932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.274548][T13932] RIP: 0033:0x7fea3118e929 [ 514.274570][T13932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 514.274593][T13932] RSP: 002b:00007fea31f8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 514.274616][T13932] RAX: ffffffffffffffda RBX: 00007fea313b5fa0 RCX: 00007fea3118e929 [ 514.274632][T13932] RDX: 0000000000101003 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 514.274647][T13932] RBP: 00007fea31f8f090 R08: 0000000000000000 R09: 0000000000000000 [ 514.274662][T13932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 514.274676][T13932] R13: 0000000000000001 R14: 00007fea313b5fa0 R15: 00007ffc75d2de48 [ 514.274706][T13932] [ 514.274717][T13932] audit: error in audit_log_task_context [ 514.672485][ T30] audit: type=1800 audit(4294967344.830:58): pid=13932 uid=0 auid=4294967295 ses=4294967295 op=collect_data cause=failed comm="syz.2.1706" name="features" dev="configfs" ino=44937 res=0 errno=0 [ 516.422840][T13973] perf: Dynamic interrupt throttling disabled, can hang your system! [ 517.015632][ T30] audit: type=1800 audit(4294967347.600:59): pid=13988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1715" name="features" dev="configfs" ino=44988 res=0 errno=0 [ 517.042362][T13988] FAULT_INJECTION: forcing a failure. [ 517.042362][T13988] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 517.066288][T13988] CPU: 1 UID: 0 PID: 13988 Comm: syz.2.1715 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 517.066330][T13988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 517.066349][T13988] Call Trace: [ 517.066359][T13988] [ 517.066371][T13988] dump_stack_lvl+0x16c/0x1f0 [ 517.066422][T13988] should_fail_ex+0x512/0x640 [ 517.066472][T13988] _copy_to_user+0x32/0xd0 [ 517.066523][T13988] simple_read_from_buffer+0xcb/0x170 [ 517.066565][T13988] proc_fail_nth_read+0x197/0x270 [ 517.066603][T13988] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 517.066643][T13988] ? rw_verify_area+0xcf/0x680 [ 517.066681][T13988] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 517.066718][T13988] vfs_read+0x1e4/0xc60 [ 517.066766][T13988] ? __pfx___mutex_lock+0x10/0x10 [ 517.066813][T13988] ? __pfx_vfs_read+0x10/0x10 [ 517.066867][T13988] ? __fget_files+0x20e/0x3c0 [ 517.066920][T13988] ksys_read+0x12a/0x250 [ 517.066961][T13988] ? __pfx_ksys_read+0x10/0x10 [ 517.067018][T13988] do_syscall_64+0xcd/0x490 [ 517.067068][T13988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.067117][T13988] RIP: 0033:0x7fea3118d33c [ 517.067141][T13988] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 517.067173][T13988] RSP: 002b:00007fea31f8f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 517.067202][T13988] RAX: ffffffffffffffda RBX: 00007fea313b5fa0 RCX: 00007fea3118d33c [ 517.067229][T13988] RDX: 000000000000000f RSI: 00007fea31f8f0a0 RDI: 0000000000000003 [ 517.067247][T13988] RBP: 00007fea31f8f090 R08: 0000000000000000 R09: 0000000000000000 [ 517.067266][T13988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 517.067284][T13988] R13: 0000000000000001 R14: 00007fea313b5fa0 R15: 00007ffc75d2de48 [ 517.067325][T13988] [ 518.193093][T14015] random: crng reseeded on system resumption [ 518.206492][T14015] FAULT_INJECTION: forcing a failure. [ 518.206492][T14015] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 518.223465][T14015] CPU: 1 UID: 0 PID: 14015 Comm: syz.1.1723 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 518.223510][T14015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 518.223529][T14015] Call Trace: [ 518.223539][T14015] [ 518.223551][T14015] dump_stack_lvl+0x16c/0x1f0 [ 518.223605][T14015] should_fail_ex+0x512/0x640 [ 518.223659][T14015] should_fail_alloc_page+0xe7/0x130 [ 518.223694][T14015] prepare_alloc_pages+0x3c2/0x610 [ 518.223735][T14015] ? rcu_is_watching+0x12/0xc0 [ 518.223772][T14015] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 518.223835][T14015] ? stack_trace_save+0x8e/0xc0 [ 518.223870][T14015] ? __pfx_stack_trace_save+0x10/0x10 [ 518.223906][T14015] ? stack_depot_save_flags+0x28/0xa40 [ 518.223958][T14015] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 518.224013][T14015] ? kasan_save_stack+0x42/0x60 [ 518.224057][T14015] ? kasan_save_stack+0x33/0x60 [ 518.224110][T14015] ? do_dentry_open+0x744/0x1c10 [ 518.224163][T14015] ? vfs_open+0x82/0x3f0 [ 518.224193][T14015] ? path_openat+0x1de4/0x2cb0 [ 518.224237][T14015] ? do_filp_open+0x20b/0x470 [ 518.224280][T14015] ? do_sys_openat2+0x11b/0x1d0 [ 518.224314][T14015] ? __x64_sys_openat+0x174/0x210 [ 518.224349][T14015] ? do_syscall_64+0xcd/0x490 [ 518.224397][T14015] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.224432][T14015] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 518.224481][T14015] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 518.224532][T14015] ? policy_nodemask+0xea/0x4e0 [ 518.224567][T14015] alloc_pages_mpol+0x1fb/0x550 [ 518.224601][T14015] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 518.224645][T14015] alloc_pages_noprof+0x131/0x390 [ 518.224677][T14015] get_zeroed_page_noprof+0x18/0xb0 [ 518.224725][T14015] get_image_page+0x18/0x190 [ 518.224756][T14015] alloc_rtree_node+0x3c/0xb0 [ 518.224788][T14015] memory_bm_create+0x519/0x810 [ 518.224846][T14015] create_basic_memory_bitmaps+0xbd/0x320 [ 518.224886][T14015] snapshot_open+0x235/0x2b0 [ 518.224920][T14015] ? __pfx_snapshot_open+0x10/0x10 [ 518.224957][T14015] misc_open+0x35d/0x420 [ 518.224993][T14015] ? __pfx_misc_open+0x10/0x10 [ 518.225029][T14015] chrdev_open+0x231/0x6a0 [ 518.225074][T14015] ? __pfx_apparmor_file_open+0x10/0x10 [ 518.225111][T14015] ? __pfx_chrdev_open+0x10/0x10 [ 518.225167][T14015] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 518.225216][T14015] do_dentry_open+0x744/0x1c10 [ 518.225259][T14015] ? __pfx_chrdev_open+0x10/0x10 [ 518.225312][T14015] vfs_open+0x82/0x3f0 [ 518.225349][T14015] path_openat+0x1de4/0x2cb0 [ 518.225404][T14015] ? __pfx_path_openat+0x10/0x10 [ 518.225460][T14015] ? __lock_acquire+0xb8a/0x1c90 [ 518.225501][T14015] do_filp_open+0x20b/0x470 [ 518.225541][T14015] ? __pfx_do_filp_open+0x10/0x10 [ 518.225607][T14015] ? alloc_fd+0x471/0x7d0 [ 518.225654][T14015] do_sys_openat2+0x11b/0x1d0 [ 518.225684][T14015] ? __pfx_do_sys_openat2+0x10/0x10 [ 518.225729][T14015] __x64_sys_openat+0x174/0x210 [ 518.225760][T14015] ? __pfx___x64_sys_openat+0x10/0x10 [ 518.225807][T14015] do_syscall_64+0xcd/0x490 [ 518.225851][T14015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.225878][T14015] RIP: 0033:0x7f343c98e929 [ 518.225901][T14015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 518.225930][T14015] RSP: 002b:00007f343d73f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 518.225956][T14015] RAX: ffffffffffffffda RBX: 00007f343cbb5fa0 RCX: 00007f343c98e929 [ 518.225975][T14015] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 518.225992][T14015] RBP: 00007f343ca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 518.226008][T14015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 518.226024][T14015] R13: 0000000000000000 R14: 00007f343cbb5fa0 R15: 00007fff408ffa88 [ 518.226060][T14015] [ 519.698729][T14010] Process accounting resumed [ 520.558767][T14024] netlink: set zone limit has 8 unknown bytes [ 521.054231][T14062] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1731'. [ 521.432521][ T30] audit: type=1806 audit(4294967352.000:60): xattr="." res=0 [ 522.013721][ T30] audit: type=1800 audit(4294967352.600:61): pid=14075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1735" name="version" dev="configfs" ino=45702 res=0 errno=0 [ 523.617300][T14107] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 523.633364][T14086] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 523.687354][T14109] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 523.860422][ T30] audit: type=1800 audit(4294967354.440:62): pid=14112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1744" name="features" dev="configfs" ino=46471 res=0 errno=0 [ 524.133606][T14121] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 525.785853][T14143] vhci_hcd: invalid port number 21 [ 528.537625][T14214] ptrace attach of "./syz-executor exec"[14221] was attempted by "./syz-executor exec"[14214] [ 528.606341][T14220] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 530.528853][T14268] netlink: get zone limit has 8 unknown bytes [ 530.964953][T14277] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1780'. [ 531.005371][T14277] ipvlan1: entered allmulticast mode [ 531.036565][T14277] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1780'. [ 531.118801][T14277] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1780'. [ 531.284453][T14272] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 531.535774][T14295] FAULT_INJECTION: forcing a failure. [ 531.535774][T14295] name failslab, interval 1, probability 0, space 0, times 0 [ 531.635747][ T7992] Bluetooth: hci0: unexpected subevent 0x19 length: 252 > 28 [ 531.643474][ T7992] Bluetooth: hci0: Unable to find connection with handle 0xc3d2 [ 531.651379][T14294] netlink: 'syz.0.1784': attribute type 5 has an invalid length. [ 531.671428][T14295] CPU: 1 UID: 0 PID: 14295 Comm: syz.0.1784 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 531.671463][T14295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 531.671479][T14295] Call Trace: [ 531.671488][T14295] [ 531.671498][T14295] dump_stack_lvl+0x16c/0x1f0 [ 531.671545][T14295] should_fail_ex+0x512/0x640 [ 531.671582][T14295] ? fs_reclaim_acquire+0xae/0x150 [ 531.671615][T14295] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 531.671652][T14295] should_failslab+0xc2/0x120 [ 531.671678][T14295] __kmalloc_noprof+0xd2/0x510 [ 531.671727][T14295] tomoyo_realpath_from_path+0xc2/0x6e0 [ 531.671775][T14295] tomoyo_check_open_permission+0x2ab/0x3c0 [ 531.671824][T14295] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 531.671856][T14295] ? __pfx_stack_trace_save+0x10/0x10 [ 531.671922][T14295] ? find_held_lock+0x2b/0x80 [ 531.671958][T14295] tomoyo_file_open+0x6b/0x90 [ 531.672001][T14295] security_file_open+0x84/0x1e0 [ 531.672037][T14295] do_dentry_open+0x596/0x1c10 [ 531.672088][T14295] vfs_open+0x82/0x3f0 [ 531.672122][T14295] path_openat+0x1de4/0x2cb0 [ 531.672171][T14295] ? __pfx_path_openat+0x10/0x10 [ 531.672211][T14295] ? stack_trace_save+0x8e/0xc0 [ 531.672242][T14295] ? __pfx_stack_trace_save+0x10/0x10 [ 531.672275][T14295] do_filp_open+0x20b/0x470 [ 531.672316][T14295] ? __pfx_do_filp_open+0x10/0x10 [ 531.672354][T14295] ? kasan_save_stack+0x42/0x60 [ 531.672391][T14295] ? kasan_save_stack+0x33/0x60 [ 531.672441][T14295] ? __pfx_kfree_link+0x10/0x10 [ 531.672497][T14295] file_open_name+0x2a3/0x450 [ 531.672546][T14295] ? __pfx_file_open_name+0x10/0x10 [ 531.672593][T14295] acct_on+0x77/0x870 [ 531.672636][T14295] __x64_sys_acct+0xaf/0x230 [ 531.672674][T14295] ? lockdep_hardirqs_on+0x7c/0x110 [ 531.672715][T14295] do_syscall_64+0xcd/0x490 [ 531.672762][T14295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.672817][T14295] RIP: 0033:0x7fbedbb8e929 [ 531.672842][T14295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 531.672884][T14295] RSP: 002b:00007fbedca44038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 531.672912][T14295] RAX: ffffffffffffffda RBX: 00007fbedbdb6160 RCX: 00007fbedbb8e929 [ 531.672948][T14295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000000c0 [ 531.672966][T14295] RBP: 00007fbedbc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 531.672985][T14295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 531.673003][T14295] R13: 0000000000000000 R14: 00007fbedbdb6160 R15: 00007ffe1f4a6868 [ 531.673043][T14295] [ 531.694492][T14294] netlink: 'syz.0.1784': attribute type 1 has an invalid length. [ 531.831010][T14295] ERROR: Out of memory at tomoyo_realpath_from_path. [ 531.990187][T14294] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1784'. [ 532.771116][T14311] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1787'. [ 532.790949][T14311] vcan0: entered promiscuous mode [ 532.977105][T14314] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 534.212110][T14348] ubi: mtd0 is already attached to ubi0 [ 534.228188][T14348] ubi0: detaching mtd0 [ 534.253998][T14348] ubi0: mtd0 is detached [ 534.509609][T14340] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 535.020879][T14360] can: request_module (can-proto-0) failed. [ 535.779160][T14375] FAULT_INJECTION: forcing a failure. [ 535.779160][T14375] name failslab, interval 1, probability 0, space 0, times 0 [ 535.802866][T14375] CPU: 1 UID: 0 PID: 14375 Comm: syz.0.1799 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 535.802917][T14375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 535.802935][T14375] Call Trace: [ 535.802945][T14375] [ 535.802957][T14375] dump_stack_lvl+0x16c/0x1f0 [ 535.803013][T14375] should_fail_ex+0x512/0x640 [ 535.803060][T14375] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 535.803109][T14375] should_failslab+0xc2/0x120 [ 535.803143][T14375] __kmalloc_cache_noprof+0x6a/0x3e0 [ 535.803191][T14375] ? raw_ioctl+0x819/0x2c30 [ 535.803234][T14375] raw_ioctl+0x819/0x2c30 [ 535.803277][T14375] ? __pfx_raw_ioctl+0x10/0x10 [ 535.803320][T14375] ? __pfx_raw_ioctl+0x10/0x10 [ 535.803359][T14375] __x64_sys_ioctl+0x18b/0x210 [ 535.803401][T14375] do_syscall_64+0xcd/0x490 [ 535.803455][T14375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.803487][T14375] RIP: 0033:0x7fbedbb8e929 [ 535.803514][T14375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 535.803547][T14375] RSP: 002b:00007fbedca86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 535.803578][T14375] RAX: ffffffffffffffda RBX: 00007fbedbdb5fa0 RCX: 00007fbedbb8e929 [ 535.803598][T14375] RDX: 0000000000000000 RSI: 0000000083c0550b RDI: 0000000000000006 [ 535.803617][T14375] RBP: 00007fbedbc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 535.803637][T14375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 535.803655][T14375] R13: 0000000000000000 R14: 00007fbedbdb5fa0 R15: 00007ffe1f4a6868 [ 535.803698][T14375] [ 536.342189][T14385] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1803'. [ 538.890870][T14436] futex_wake_op: syz.1.1813 tries to shift op by -9; fix this program [ 539.961965][T14444] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.964394][T14490] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 542.511397][T14503] binder: 14498:14503 ioctl 400c620e 0 returned -22 [ 542.598445][T14501] FAULT_INJECTION: forcing a failure. [ 542.598445][T14501] name failslab, interval 1, probability 0, space 0, times 0 [ 542.646049][T14501] CPU: 1 UID: 0 PID: 14501 Comm: syz.3.1828 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 542.646118][T14501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 542.646174][T14501] Call Trace: [ 542.646186][T14501] [ 542.646199][T14501] dump_stack_lvl+0x16c/0x1f0 [ 542.646270][T14501] should_fail_ex+0x512/0x640 [ 542.646354][T14501] ? __kmalloc_noprof+0xbf/0x510 [ 542.646405][T14501] ? xfrm_hash_alloc+0xd1/0x100 [ 542.646446][T14501] should_failslab+0xc2/0x120 [ 542.646477][T14501] __kmalloc_noprof+0xd2/0x510 [ 542.646525][T14501] ? xfrm_nat_keepalive_net_init+0xb1/0x140 [ 542.646566][T14501] xfrm_hash_alloc+0xd1/0x100 [ 542.646610][T14501] xfrm_state_init+0x11e/0x630 [ 542.646660][T14501] ? __pfx_xfrm_net_init+0x10/0x10 [ 542.646718][T14501] xfrm_net_init+0x210/0xcc0 [ 542.646790][T14501] ? __pfx_xfrm_net_init+0x10/0x10 [ 542.646835][T14501] ops_init+0x1df/0x5f0 [ 542.646891][T14501] setup_net+0x1ff/0x510 [ 542.646917][T14501] ? lockdep_init_map_type+0x5c/0x280 [ 542.646961][T14501] ? __pfx_setup_net+0x10/0x10 [ 542.646992][T14501] ? debug_mutex_init+0x37/0x70 [ 542.647076][T14501] copy_net_ns+0x2a6/0x5f0 [ 542.647133][T14501] create_new_namespaces+0x3ea/0xa90 [ 542.647180][T14501] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 542.647221][T14501] ksys_unshare+0x45b/0xa40 [ 542.647264][T14501] ? __pfx_ksys_unshare+0x10/0x10 [ 542.647309][T14501] ? xfd_validate_state+0x61/0x180 [ 542.647362][T14501] __x64_sys_unshare+0x31/0x40 [ 542.647402][T14501] do_syscall_64+0xcd/0x490 [ 542.647455][T14501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.647487][T14501] RIP: 0033:0x7f7d6518e929 [ 542.647512][T14501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 542.647543][T14501] RSP: 002b:00007f7d66030038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 542.647569][T14501] RAX: ffffffffffffffda RBX: 00007f7d653b6080 RCX: 00007f7d6518e929 [ 542.647588][T14501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 542.647604][T14501] RBP: 00007f7d65210b39 R08: 0000000000000000 R09: 0000000000000000 [ 542.647621][T14501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 542.647638][T14501] R13: 0000000000000000 R14: 00007f7d653b6080 R15: 00007ffdbcf8d418 [ 542.647673][T14501] [ 543.283188][T14515] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 545.251927][T14588] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:4 is already present [ 546.833196][T14630] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 547.586945][T14646] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 548.488636][T14670] FAULT_INJECTION: forcing a failure. [ 548.488636][T14670] name failslab, interval 1, probability 0, space 0, times 0 [ 548.532051][T14670] CPU: 0 UID: 0 PID: 14670 Comm: syz.3.1865 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 548.532091][T14670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 548.532107][T14670] Call Trace: [ 548.532116][T14670] [ 548.532126][T14670] dump_stack_lvl+0x16c/0x1f0 [ 548.532174][T14670] should_fail_ex+0x512/0x640 [ 548.532217][T14670] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 548.532264][T14670] should_failslab+0xc2/0x120 [ 548.532291][T14670] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 548.532334][T14670] ? sk_prot_alloc+0x60/0x2a0 [ 548.532369][T14670] sk_prot_alloc+0x60/0x2a0 [ 548.532401][T14670] sk_alloc+0x36/0xc20 [ 548.532442][T14670] rds_create+0x9e/0x5f0 [ 548.532480][T14670] __sock_create+0x338/0x8d0 [ 548.532518][T14670] __sys_socket+0x14d/0x260 [ 548.532551][T14670] ? __pfx___sys_socket+0x10/0x10 [ 548.532584][T14670] ? xfd_validate_state+0x61/0x180 [ 548.532628][T14670] __x64_sys_socket+0x72/0xb0 [ 548.532660][T14670] ? lockdep_hardirqs_on+0x7c/0x110 [ 548.532700][T14670] do_syscall_64+0xcd/0x490 [ 548.532744][T14670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.532773][T14670] RIP: 0033:0x7f7d6518e929 [ 548.532795][T14670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.532822][T14670] RSP: 002b:00007f7d66051038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 548.532856][T14670] RAX: ffffffffffffffda RBX: 00007f7d653b5fa0 RCX: 00007f7d6518e929 [ 548.532875][T14670] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000015 [ 548.532891][T14670] RBP: 00007f7d65210b39 R08: 0000000000000000 R09: 0000000000000000 [ 548.532907][T14670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 548.532923][T14670] R13: 0000000000000000 R14: 00007f7d653b5fa0 R15: 00007ffdbcf8d418 [ 548.532956][T14670] [ 548.718751][ C0] vkms_vblank_simulate: vblank timer overrun [ 548.845111][T14676] vivid-003: ================= START STATUS ================= [ 548.939894][T14676] vivid-003: Radio HW Seek Mode: Bounded [ 548.949930][T14676] vivid-003: Radio Programmable HW Seek: false [ 548.965855][T14679] FAULT_INJECTION: forcing a failure. [ 548.965855][T14679] name fail_futex, interval 1, probability 0, space 0, times 0 [ 548.988637][T14677] usbcore.quirks: string doesn't fit in 127 chars. [ 548.992537][T14679] CPU: 0 UID: 0 PID: 14679 Comm: syz.0.1867 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 548.992589][T14679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 548.992609][T14679] Call Trace: [ 548.992620][T14679] [ 548.992632][T14679] dump_stack_lvl+0x16c/0x1f0 [ 548.992696][T14679] should_fail_ex+0x512/0x640 [ 548.992747][T14679] get_futex_key+0x1d0/0x1540 [ 548.992788][T14679] ? __pfx_get_futex_key+0x10/0x10 [ 548.992824][T14679] ? pick_eevdf+0x175/0x5b0 [ 548.992859][T14679] ? update_curr_se+0x8b/0x270 [ 548.992905][T14679] futex_wait_setup+0x9d/0x550 [ 548.992963][T14679] __futex_wait+0x194/0x2f0 [ 548.993011][T14679] ? __pfx___futex_wait+0x10/0x10 [ 548.993052][T14679] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 548.993096][T14679] ? lockdep_hardirqs_on+0x7c/0x110 [ 548.993144][T14679] ? __pfx_futex_wake_mark+0x10/0x10 [ 548.993211][T14679] futex_wait+0xe8/0x380 [ 548.993254][T14679] ? __pfx_futex_wait+0x10/0x10 [ 548.993306][T14679] ? kmem_cache_free+0x2d1/0x4d0 [ 548.993348][T14679] ? fd_install+0x225/0x750 [ 548.993386][T14679] ? putname+0x154/0x1a0 [ 548.993420][T14679] do_futex+0x229/0x350 [ 548.993457][T14679] ? __pfx_do_futex+0x10/0x10 [ 548.993505][T14679] __x64_sys_futex+0x1e0/0x4c0 [ 548.993545][T14679] ? __x64_sys_openat+0x174/0x210 [ 548.993586][T14679] ? __pfx___x64_sys_futex+0x10/0x10 [ 548.993639][T14679] do_syscall_64+0xcd/0x490 [ 548.993688][T14679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.993719][T14679] RIP: 0033:0x7fbedbb8e929 [ 548.993743][T14679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.993772][T14679] RSP: 002b:00007fbedca650e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 548.993801][T14679] RAX: ffffffffffffffda RBX: 00007fbedbdb6088 RCX: 00007fbedbb8e929 [ 548.993820][T14679] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbedbdb6088 [ 548.993838][T14679] RBP: 00007fbedbdb6080 R08: 0000000000000000 R09: 0000000000000000 [ 548.993856][T14679] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbedbdb608c [ 548.993876][T14679] R13: 0000000000000000 R14: 00007ffe1f4a6780 R15: 00007ffe1f4a6868 [ 548.993914][T14679] [ 548.998183][T14676] vivid-003: RDS Rx I/O Mode: Block I/O [ 549.298110][T14676] vivid-003: Generate RBDS Instead of RDS: false [ 549.309223][T14676] vivid-003: RDS Reception: true [ 549.334367][T14676] vivid-003: RDS Program Type: 0 inactive [ 549.393143][T14676] vivid-003: RDS PS Name: inactive [ 549.418057][T14676] vivid-003: RDS Radio Text: inactive [ 549.426620][T14676] vivid-003: RDS Traffic Announcement: false inactive [ 549.437156][T14676] vivid-003: RDS Traffic Program: false inactive [ 549.452978][T14676] vivid-003: RDS Music: false inactive [ 549.458552][T14676] vivid-003: ================== END STATUS ================== [ 549.822047][T14701] Process accounting paused [ 550.564588][T14728] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 550.779394][T14735] ima: policy update failed [ 550.790015][ T30] audit: type=1802 audit(4294967381.370:63): pid=14735 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1881" res=0 errno=0 [ 551.435984][T14752] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 551.808234][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 551.814759][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 551.837516][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 551.853155][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 551.876663][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 551.883513][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 551.895090][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 551.904093][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 syzkaller syzkaller login: [ 552.975528][T14789] zram0: detected capacity change from 8 to 0 [ 553.293747][T14793] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1892'. [ 553.332802][T14793] nbd: socks must be embedded in a SOCK_ITEM attr [ 553.342044][T14793] block nbd0: shutting down sockets [ 553.627186][ T7992] Bluetooth: hci1: unexpected event 0x3e length: 1020 > 260 [ 553.627227][ T7992] Bluetooth: hci1: unexpected subevent 0x01 length: 1019 > 18 [ 554.757029][T14849] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input30 [ 556.253355][T14861] WARNING! power/level is deprecated; use power/control instead [ 556.637621][T14878] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 557.507255][T14881] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 557.516458][T14881] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 557.528682][T14881] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 557.555434][T14881] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 557.796067][T14897] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 557.946932][T14898] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 558.377404][T14917] netlink: 206 bytes leftover after parsing attributes in process `syz.1.1916'. [ 558.949074][ T7992] Bluetooth: hci0: command 0x0c1a tx timeout [ 559.564995][T10640] Bluetooth: hci2: command 0x0c1a tx timeout [ 559.571515][ T7978] Bluetooth: hci1: command 0x0c1a tx timeout [ 559.577859][ T7992] Bluetooth: hci3: command 0x0c1a tx timeout [ 560.840110][T14980] FAULT_INJECTION: forcing a failure. [ 560.840110][T14980] name failslab, interval 1, probability 0, space 0, times 0 [ 560.872453][T14980] CPU: 1 UID: 0 PID: 14980 Comm: syz.2.1924 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 560.872497][T14980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 560.872515][T14980] Call Trace: [ 560.872525][T14980] [ 560.872536][T14980] dump_stack_lvl+0x16c/0x1f0 [ 560.872587][T14980] should_fail_ex+0x512/0x640 [ 560.872628][T14980] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 560.872680][T14980] should_failslab+0xc2/0x120 [ 560.872709][T14980] __kmalloc_cache_noprof+0x6a/0x3e0 [ 560.872751][T14980] ? query_regdb+0x916/0xca0 [ 560.872786][T14980] query_regdb+0x916/0xca0 [ 560.872828][T14980] query_regdb_file+0xb0/0x140 [ 560.872858][T14980] reg_process_hint+0x291/0x1410 [ 560.872893][T14980] ? kasan_save_track+0x14/0x30 [ 560.872942][T14980] reg_reload_regdb+0x38d/0x460 [ 560.872977][T14980] ? __pfx_reg_reload_regdb+0x10/0x10 [ 560.873016][T14980] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 560.873058][T14980] ? nl80211_pre_doit+0x1b0/0xb10 [ 560.873108][T14980] genl_family_rcv_msg_doit+0x209/0x2f0 [ 560.873151][T14980] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 560.873188][T14980] ? rcu_is_watching+0x12/0xc0 [ 560.873231][T14980] ? bpf_lsm_capable+0x9/0x10 [ 560.873267][T14980] ? security_capable+0x7e/0x260 [ 560.873325][T14980] genl_rcv_msg+0x55c/0x800 [ 560.873366][T14980] ? __pfx_genl_rcv_msg+0x10/0x10 [ 560.873403][T14980] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 560.873449][T14980] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 560.873501][T14980] ? __pfx_nl80211_post_doit+0x10/0x10 [ 560.873564][T14980] netlink_rcv_skb+0x158/0x420 [ 560.873598][T14980] ? __pfx_genl_rcv_msg+0x10/0x10 [ 560.873638][T14980] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 560.873706][T14980] ? netlink_deliver_tap+0x1ae/0xd30 [ 560.873741][T14980] genl_rcv+0x28/0x40 [ 560.873772][T14980] netlink_unicast+0x53a/0x7f0 [ 560.873808][T14980] ? __pfx_netlink_unicast+0x10/0x10 [ 560.873849][T14980] netlink_sendmsg+0x8d1/0xdd0 [ 560.873886][T14980] ? __pfx_netlink_sendmsg+0x10/0x10 [ 560.873931][T14980] ____sys_sendmsg+0xa98/0xc70 [ 560.873967][T14980] ? copy_msghdr_from_user+0x10a/0x160 [ 560.874010][T14980] ? __pfx_____sys_sendmsg+0x10/0x10 [ 560.874053][T14980] ? __pfx_futex_wake_mark+0x10/0x10 [ 560.874100][T14980] ___sys_sendmsg+0x134/0x1d0 [ 560.874148][T14980] ? __pfx____sys_sendmsg+0x10/0x10 [ 560.874210][T14980] ? __lock_acquire+0x622/0x1c90 [ 560.874299][T14980] __sys_sendmsg+0x16d/0x220 [ 560.874348][T14980] ? __pfx___sys_sendmsg+0x10/0x10 [ 560.874394][T14980] ? __x64_sys_futex+0x1e0/0x4c0 [ 560.874458][T14980] do_syscall_64+0xcd/0x490 [ 560.874511][T14980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.874542][T14980] RIP: 0033:0x7fea3118e929 [ 560.874567][T14980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 560.874598][T14980] RSP: 002b:00007fea31f8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 560.874628][T14980] RAX: ffffffffffffffda RBX: 00007fea313b5fa0 RCX: 00007fea3118e929 [ 560.874657][T14980] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 560.874676][T14980] RBP: 00007fea31210b39 R08: 0000000000000000 R09: 0000000000000000 [ 560.874695][T14980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 560.874713][T14980] R13: 0000000000000000 R14: 00007fea313b5fa0 R15: 00007ffc75d2de48 [ 560.874755][T14980] [ 561.714317][T14986] FAULT_INJECTION: forcing a failure. [ 561.714317][T14986] name failslab, interval 1, probability 0, space 0, times 0 [ 561.756633][T14986] CPU: 1 UID: 0 PID: 14986 Comm: syz.2.1926 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 561.756674][T14986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 561.756692][T14986] Call Trace: [ 561.756702][T14986] [ 561.756713][T14986] dump_stack_lvl+0x16c/0x1f0 [ 561.756765][T14986] should_fail_ex+0x512/0x640 [ 561.756807][T14986] ? __kmalloc_noprof+0xbf/0x510 [ 561.756854][T14986] ? kobject_get_path+0xd2/0x2a0 [ 561.756907][T14986] should_failslab+0xc2/0x120 [ 561.756935][T14986] __kmalloc_noprof+0xd2/0x510 [ 561.756989][T14986] kobject_get_path+0xd2/0x2a0 [ 561.757053][T14986] kobject_uevent_env+0x289/0x1870 [ 561.757094][T14986] ? internal_create_groups+0x11a/0x150 [ 561.757138][T14986] netdev_queue_update_kobjects+0x1a7/0x720 [ 561.757180][T14986] netdev_register_kobject+0x28c/0x3a0 [ 561.757216][T14986] register_netdevice+0x13dc/0x2270 [ 561.757248][T14986] ? idr_alloc+0xdd/0x130 [ 561.757284][T14986] ? __pfx_register_netdevice+0x10/0x10 [ 561.757341][T14986] ppp_dev_configure+0x99b/0xc80 [ 561.757384][T14986] ppp_ioctl+0x17e0/0x2660 [ 561.757421][T14986] ? find_held_lock+0x2b/0x80 [ 561.757448][T14986] ? __pfx_ppp_ioctl+0x10/0x10 [ 561.757507][T14986] ? __fget_files+0x20e/0x3c0 [ 561.757556][T14986] ? __pfx_ppp_ioctl+0x10/0x10 [ 561.757593][T14986] __x64_sys_ioctl+0x18b/0x210 [ 561.757645][T14986] do_syscall_64+0xcd/0x490 [ 561.757721][T14986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.757754][T14986] RIP: 0033:0x7fea3118e929 [ 561.757780][T14986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 561.757812][T14986] RSP: 002b:00007fea31f8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 561.757841][T14986] RAX: ffffffffffffffda RBX: 00007fea313b5fa0 RCX: 00007fea3118e929 [ 561.757869][T14986] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 000000000000000b [ 561.757889][T14986] RBP: 00007fea31210b39 R08: 0000000000000000 R09: 0000000000000000 [ 561.757908][T14986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 561.757926][T14986] R13: 0000000000000000 R14: 00007fea313b5fa0 R15: 00007ffc75d2de48 [ 561.757967][T14986] [ 562.130695][T15002] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input31 [ 563.516633][T15026] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 564.020255][T15045] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 564.308731][T15048] FAULT_INJECTION: forcing a failure. [ 564.308731][T15048] name fail_futex, interval 1, probability 0, space 0, times 0 [ 564.382725][T15048] CPU: 1 UID: 0 PID: 15048 Comm: syz.0.1937 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 564.382765][T15048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 564.382782][T15048] Call Trace: [ 564.382792][T15048] [ 564.382803][T15048] dump_stack_lvl+0x16c/0x1f0 [ 564.382851][T15048] should_fail_ex+0x512/0x640 [ 564.382899][T15048] get_futex_key+0x1d0/0x1540 [ 564.382935][T15048] ? find_held_lock+0x2b/0x80 [ 564.382964][T15048] ? __pfx_get_futex_key+0x10/0x10 [ 564.382998][T15048] ? __mutex_trylock_common+0xe9/0x250 [ 564.383047][T15048] futex_wake+0xea/0x530 [ 564.383090][T15048] ? __pfx_futex_wake+0x10/0x10 [ 564.383137][T15048] ? __lock_acquire+0xb8a/0x1c90 [ 564.383187][T15048] do_futex+0x1e3/0x350 [ 564.383221][T15048] ? __pfx_do_futex+0x10/0x10 [ 564.383251][T15048] ? __might_fault+0xe3/0x190 [ 564.383300][T15048] mm_release+0x24e/0x300 [ 564.383331][T15048] do_exit+0x68b/0x2bd0 [ 564.383373][T15048] ? __pfx_do_exit+0x10/0x10 [ 564.383409][T15048] ? do_raw_spin_lock+0x12c/0x2b0 [ 564.383449][T15048] ? find_held_lock+0x2b/0x80 [ 564.383480][T15048] do_group_exit+0xd3/0x2a0 [ 564.383518][T15048] get_signal+0x2673/0x26d0 [ 564.383560][T15048] ? __pfx_get_signal+0x10/0x10 [ 564.383588][T15048] ? do_futex+0x122/0x350 [ 564.383620][T15048] ? __pfx_do_futex+0x10/0x10 [ 564.383664][T15048] arch_do_signal_or_restart+0x8f/0x790 [ 564.383697][T15048] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 564.383738][T15048] ? xfd_validate_state+0x61/0x180 [ 564.383772][T15048] ? __pfx___do_sys_close_range+0x10/0x10 [ 564.383819][T15048] exit_to_user_mode_loop+0x84/0x110 [ 564.383864][T15048] do_syscall_64+0x3f6/0x490 [ 564.383907][T15048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.383935][T15048] RIP: 0033:0x7fbedbb8e929 [ 564.383956][T15048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 564.383982][T15048] RSP: 002b:00007fbedca860e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 564.384007][T15048] RAX: fffffffffffffe00 RBX: 00007fbedbdb5fa8 RCX: 00007fbedbb8e929 [ 564.384025][T15048] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbedbdb5fa8 [ 564.384040][T15048] RBP: 00007fbedbdb5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 564.384056][T15048] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbedbdb5fac [ 564.384072][T15048] R13: 0000000000000000 R14: 00007ffe1f4a6780 R15: 00007ffe1f4a6868 [ 564.384106][T15048] syzkaller syzkaller login: [ 565.086009][T15066] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 565.092766][T15066] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 565.098934][T15066] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 565.119044][T15066] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 565.307784][ T30] audit: type=1800 audit(4294967395.890:64): pid=15080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1945" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 565.660666][T15090] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 567.172319][ T7992] Bluetooth: hci3: command 0x0c1a tx timeout [ 567.178532][T14945] Bluetooth: hci2: command 0x0c1a tx timeout [ 567.184753][ T7992] Bluetooth: hci1: command 0x0c1a tx timeout [ 567.190804][ T7992] Bluetooth: hci0: command 0x0c1a tx timeout [ 567.271599][T15107] could not allocate digest TFM handle [ 567.891339][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.897859][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.277131][T15152] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 569.110563][T15167] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 570.136096][T15198] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 571.040765][T15196] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 573.030978][T15255] ALSA: mixer_oss: invalid OSS volume '' [ 573.934619][T15274] can: request_module (can-proto-0) failed. [ 574.594133][T15295] netlink: 93 bytes leftover after parsing attributes in process `syz.0.1988'. [ 574.697505][T15302] netlink: 93 bytes leftover after parsing attributes in process `syz.0.1988'. [ 574.932036][T15310] FAULT_INJECTION: forcing a failure. [ 574.932036][T15310] name failslab, interval 1, probability 0, space 0, times 0 [ 575.072296][T15310] CPU: 1 UID: 0 PID: 15310 Comm: syz.1.1991 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 575.072340][T15310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 575.072357][T15310] Call Trace: [ 575.072366][T15310] [ 575.072377][T15310] dump_stack_lvl+0x16c/0x1f0 [ 575.072426][T15310] should_fail_ex+0x512/0x640 [ 575.072467][T15310] ? fs_reclaim_acquire+0xae/0x150 [ 575.072503][T15310] ? tomoyo_encode2+0x100/0x3e0 [ 575.072539][T15310] should_failslab+0xc2/0x120 [ 575.072566][T15310] __kmalloc_noprof+0xd2/0x510 [ 575.072618][T15310] tomoyo_encode2+0x100/0x3e0 [ 575.072661][T15310] tomoyo_encode+0x29/0x50 [ 575.072698][T15310] tomoyo_realpath_from_path+0x18f/0x6e0 [ 575.072749][T15310] tomoyo_check_open_permission+0x2ab/0x3c0 [ 575.072785][T15310] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 575.072868][T15310] ? find_held_lock+0x2b/0x80 [ 575.072911][T15310] tomoyo_file_open+0x6b/0x90 [ 575.072954][T15310] security_file_open+0x84/0x1e0 [ 575.072990][T15310] do_dentry_open+0x596/0x1c10 [ 575.073043][T15310] vfs_open+0x82/0x3f0 [ 575.073077][T15310] path_openat+0x1de4/0x2cb0 [ 575.073127][T15310] ? __pfx_path_openat+0x10/0x10 [ 575.073168][T15310] ? __lock_acquire+0xb8a/0x1c90 [ 575.073207][T15310] do_filp_open+0x20b/0x470 [ 575.073246][T15310] ? __pfx_do_filp_open+0x10/0x10 [ 575.073299][T15310] ? __pfx_kfree_link+0x10/0x10 [ 575.073341][T15310] ? alloc_fd+0x471/0x7d0 [ 575.073387][T15310] do_sys_openat2+0x11b/0x1d0 [ 575.073417][T15310] ? __pfx_do_sys_openat2+0x10/0x10 [ 575.073461][T15310] __x64_sys_openat+0x174/0x210 [ 575.073491][T15310] ? __pfx___x64_sys_openat+0x10/0x10 [ 575.073537][T15310] do_syscall_64+0xcd/0x490 [ 575.073580][T15310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.073607][T15310] RIP: 0033:0x7f343c98d290 [ 575.073628][T15310] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 575.073658][T15310] RSP: 002b:00007f343d73efe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 575.073684][T15310] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f343c98d290 [ 575.073702][T15310] RDX: 0000000000000002 RSI: 00007f343ca10e1e RDI: 00000000ffffff9c [ 575.073718][T15310] RBP: 00007f343ca10e1e R08: 0000000000000000 R09: 00007f343d740000 [ 575.073734][T15310] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 575.073749][T15310] R13: 0000000000000000 R14: 00007f343cbb5fa0 R15: 00007fff408ffa88 [ 575.073784][T15310] [ 575.321497][T15310] ERROR: Out of memory at tomoyo_realpath_from_path. [ 575.328985][T15310] FAULT_INJECTION: forcing a failure. [ 575.328985][T15310] name failslab, interval 1, probability 0, space 0, times 0 [ 575.341664][T15310] CPU: 1 UID: 0 PID: 15310 Comm: syz.1.1991 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 575.341701][T15310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 575.341719][T15310] Call Trace: [ 575.341728][T15310] [ 575.341739][T15310] dump_stack_lvl+0x16c/0x1f0 [ 575.341786][T15310] should_fail_ex+0x512/0x640 [ 575.341834][T15310] should_failslab+0xc2/0x120 [ 575.341869][T15310] __kmalloc_cache_noprof+0x6a/0x3e0 [ 575.341908][T15310] ? nfc_genl_rcv_nl_event+0xc1/0x2e0 [ 575.341945][T15310] nfc_genl_rcv_nl_event+0xc1/0x2e0 [ 575.341980][T15310] notifier_call_chain+0xb9/0x410 [ 575.342011][T15310] ? __pfx_nfc_genl_rcv_nl_event+0x10/0x10 [ 575.342053][T15310] blocking_notifier_call_chain+0x69/0xa0 [ 575.342091][T15310] netlink_release+0x186b/0x2020 [ 575.342127][T15310] ? netlink_release+0x1de/0x2020 [ 575.342159][T15310] ? __pfx_netlink_release+0x10/0x10 [ 575.342192][T15310] ? __pfx_locks_remove_file+0x10/0x10 [ 575.342235][T15310] __sock_release+0xb0/0x270 [ 575.342282][T15310] ? __pfx_sock_close+0x10/0x10 [ 575.342305][T15310] sock_close+0x1c/0x30 [ 575.342328][T15310] __fput+0x402/0xb70 [ 575.342358][T15310] ? _raw_spin_unlock_irq+0x23/0x50 [ 575.342400][T15310] task_work_run+0x14d/0x240 [ 575.342446][T15310] ? __pfx_task_work_run+0x10/0x10 [ 575.342490][T15310] ? __pfx___do_sys_close_range+0x10/0x10 [ 575.342541][T15310] exit_to_user_mode_loop+0xeb/0x110 [ 575.342588][T15310] do_syscall_64+0x3f6/0x490 [ 575.342637][T15310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.342666][T15310] RIP: 0033:0x7f343c98e929 [ 575.342688][T15310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.342715][T15310] RSP: 002b:00007f343d73f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 575.342742][T15310] RAX: 0000000000000000 RBX: 00007f343cbb5fa0 RCX: 00007f343c98e929 [ 575.342760][T15310] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 575.342777][T15310] RBP: 00007f343d73f090 R08: 0000000000000000 R09: 0000000000000000 [ 575.342794][T15310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 575.342811][T15310] R13: 0000000000000000 R14: 00007f343cbb5fa0 R15: 00007fff408ffa88 [ 575.342847][T15310] [ 576.354367][T15341] FAULT_INJECTION: forcing a failure. [ 576.354367][T15341] name failslab, interval 1, probability 0, space 0, times 0 [ 576.426637][T15341] CPU: 0 UID: 0 PID: 15341 Comm: syz.1.1998 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 576.426671][T15341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 576.426686][T15341] Call Trace: [ 576.426693][T15341] [ 576.426702][T15341] dump_stack_lvl+0x16c/0x1f0 [ 576.426742][T15341] should_fail_ex+0x512/0x640 [ 576.426780][T15341] should_failslab+0xc2/0x120 [ 576.426803][T15341] __kmalloc_cache_noprof+0x6a/0x3e0 [ 576.426835][T15341] ? nfc_genl_rcv_nl_event+0xc1/0x2e0 [ 576.426867][T15341] nfc_genl_rcv_nl_event+0xc1/0x2e0 [ 576.426895][T15341] notifier_call_chain+0xb9/0x410 [ 576.426921][T15341] ? __pfx_nfc_genl_rcv_nl_event+0x10/0x10 [ 576.426955][T15341] blocking_notifier_call_chain+0x69/0xa0 [ 576.426986][T15341] netlink_release+0x186b/0x2020 [ 576.427015][T15341] ? netlink_release+0x1de/0x2020 [ 576.427042][T15341] ? __pfx_netlink_release+0x10/0x10 [ 576.427069][T15341] ? __pfx_locks_remove_file+0x10/0x10 [ 576.427099][T15341] __sock_release+0xb0/0x270 [ 576.427140][T15341] ? __pfx_sock_close+0x10/0x10 [ 576.427158][T15341] sock_close+0x1c/0x30 [ 576.427177][T15341] __fput+0x402/0xb70 [ 576.427213][T15341] task_work_run+0x14d/0x240 [ 576.427250][T15341] ? __pfx_task_work_run+0x10/0x10 [ 576.427287][T15341] ? __pfx___do_sys_close_range+0x10/0x10 [ 576.427329][T15341] exit_to_user_mode_loop+0xeb/0x110 [ 576.427367][T15341] do_syscall_64+0x3f6/0x490 [ 576.427407][T15341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.427431][T15341] RIP: 0033:0x7f343c98e929 [ 576.427450][T15341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 576.427473][T15341] RSP: 002b:00007f343d73f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 576.427502][T15341] RAX: 0000000000000000 RBX: 00007f343cbb5fa0 RCX: 00007f343c98e929 [ 576.427517][T15341] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 576.427531][T15341] RBP: 00007f343ca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 576.427546][T15341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 576.427559][T15341] R13: 0000000000000000 R14: 00007f343cbb5fa0 R15: 00007fff408ffa88 [ 576.427588][T15341] [ 576.652199][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.337374][T15355] can: request_module (can-proto-0) failed. [ 578.600122][T15387] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2004'. [ 579.961707][T15427] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32 [ 580.136769][T15428] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 580.653894][T15437] FAULT_INJECTION: forcing a failure. [ 580.653894][T15437] name fail_futex, interval 1, probability 0, space 0, times 0 [ 580.667121][T15437] CPU: 1 UID: 0 PID: 15437 Comm: syz.1.2015 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 580.667164][T15437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 580.667198][T15437] Call Trace: [ 580.667209][T15437] [ 580.667221][T15437] dump_stack_lvl+0x16c/0x1f0 [ 580.667273][T15437] should_fail_ex+0x512/0x640 [ 580.667322][T15437] get_futex_key+0x1d0/0x1540 [ 580.667362][T15437] ? __pfx_get_futex_key+0x10/0x10 [ 580.667409][T15437] ? __fget_files+0x204/0x3c0 [ 580.667455][T15437] futex_wake+0xea/0x530 [ 580.667498][T15437] ? __pfx_futex_wake+0x10/0x10 [ 580.667537][T15437] ? __sys_sendmmsg+0x35f/0x420 [ 580.667584][T15437] ? __pfx___sys_sendmmsg+0x10/0x10 [ 580.667633][T15437] do_futex+0x1e3/0x350 [ 580.667668][T15437] ? __pfx_do_futex+0x10/0x10 [ 580.667712][T15437] __x64_sys_futex+0x1e0/0x4c0 [ 580.667752][T15437] ? __pfx___x64_sys_futex+0x10/0x10 [ 580.667787][T15437] ? xfd_validate_state+0x61/0x180 [ 580.667822][T15437] ? __sys_setsockopt+0x140/0x1a0 [ 580.667871][T15437] do_syscall_64+0xcd/0x490 [ 580.667921][T15437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.667950][T15437] RIP: 0033:0x7f343c98e929 [ 580.667973][T15437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 580.668018][T15437] RSP: 002b:00007f343d73f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 580.668047][T15437] RAX: ffffffffffffffda RBX: 00007f343cbb5fa8 RCX: 00007f343c98e929 [ 580.668065][T15437] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f343cbb5fac [ 580.668083][T15437] RBP: 00007f343cbb5fa0 R08: 00007f343d740000 R09: 0000000000000000 [ 580.668101][T15437] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f343cbb5fac [ 580.668120][T15437] R13: 0000000000000000 R14: 00007fff408ff9a0 R15: 00007fff408ffa88 [ 580.668157][T15437] [ 582.457562][T15446] Process accounting resumed [ 583.127717][T15477] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 583.142446][T15477] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 583.148732][T15477] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 583.172468][T15477] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 583.277646][T15501] netlink: 'syz.3.2028': attribute type 1 has an invalid length. [ 583.288237][T15500] netlink: 'syz.3.2028': attribute type 1 has an invalid length. [ 583.517701][T15512] delete_channel: no stack [ 583.582886][T15512] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 583.592081][T15514] ubi0: attaching mtd0 [ 583.604185][T15514] ubi0 warning: ubi_attach: valid VID header but corrupted EC header at PEB 0 [ 583.617891][T15513] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 583.641128][T15514] ubi0 warning: ubi_attach: valid VID header but corrupted EC header at PEB 1 [ 583.681498][T15514] ubi0 error: ubi_add_to_av: two LEBs with same sequence number 1 [ 583.761061][T15514] eraseblock attaching information dump: [ 583.866516][T15514] ec -1 [ 584.038848][T15514] pnum 0 [ 584.076448][T15514] lnum 0 [ 584.213375][T15514] scrub 1 [ 584.255033][T15514] sqnum 1 [ 584.258422][T15514] Volume identifier header dump: [ 584.402088][T15514] magic 55424921 [ 584.406680][T15514] version 1 [ 584.410189][T15514] vol_type 1 [ 584.414124][T15514] copy_flag 0 [ 584.417635][T15514] compat 5 [ 584.421140][T15514] vol_id 2147479551 [ 584.523128][ T7992] Bluetooth: hci0: command 0x0c1a tx timeout [ 584.530950][T15514] lnum 0 [ 584.541310][T15514] data_size 0 [ 584.561970][T15514] used_ebs 0 [ 584.582495][T15514] data_pad 0 [ 584.585995][T15514] sqnum 1 [ 584.589388][T15514] hdr_crc 65b3bd2d [ 584.642330][T15514] Volume identifier header hexdump: [ 584.823789][T15514] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 585.162463][ T7992] Bluetooth: hci2: command 0x0c1a tx timeout [ 585.168662][ T7992] Bluetooth: hci1: command 0x0c1a tx timeout [ 585.242572][ T7992] Bluetooth: hci3: command 0x0c1a tx timeout [ 585.343487][T15554] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 585.409870][T15547] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 585.441903][ T7992] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 585.441943][ T7992] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 585.461525][ T7992] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 585.461601][ T7992] Bluetooth: hci2: adv larger than maximum supported [ 585.470126][ T7992] Bluetooth: hci2: Malformed LE Event: 0x0d [ 586.424819][T15572] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 587.837171][T15577] sp0: Synchronizing with TNC [ 590.090449][T15621] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 590.407828][T15646] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 591.808408][T15685] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 591.818558][T15685] FAULT_INJECTION: forcing a failure. [ 591.818558][T15685] name fail_futex, interval 1, probability 0, space 0, times 0 [ 591.832619][T15685] CPU: 1 UID: 0 PID: 15685 Comm: syz.1.2068 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 591.832649][T15685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 591.832662][T15685] Call Trace: [ 591.832668][T15685] [ 591.832677][T15685] dump_stack_lvl+0x16c/0x1f0 [ 591.832715][T15685] should_fail_ex+0x512/0x640 [ 591.832749][T15685] get_futex_key+0x293/0x1540 [ 591.832775][T15685] ? find_held_lock+0x2b/0x80 [ 591.832795][T15685] ? __pfx_get_futex_key+0x10/0x10 [ 591.832820][T15685] ? __mutex_trylock_common+0xe9/0x250 [ 591.832854][T15685] futex_wake+0xea/0x530 [ 591.832885][T15685] ? __pfx_futex_wake+0x10/0x10 [ 591.832912][T15685] ? __lock_acquire+0xb8a/0x1c90 [ 591.832951][T15685] do_futex+0x1e3/0x350 [ 591.832977][T15685] ? __pfx_do_futex+0x10/0x10 [ 591.833000][T15685] ? __might_fault+0xe3/0x190 [ 591.833037][T15685] mm_release+0x24e/0x300 [ 591.833060][T15685] do_exit+0x68b/0x2bd0 [ 591.833093][T15685] ? __pfx_do_exit+0x10/0x10 [ 591.833119][T15685] ? do_raw_spin_lock+0x12c/0x2b0 [ 591.833149][T15685] ? find_held_lock+0x2b/0x80 [ 591.833184][T15685] do_group_exit+0xd3/0x2a0 [ 591.833211][T15685] get_signal+0x2673/0x26d0 [ 591.833247][T15685] ? __lock_acquire+0x622/0x1c90 [ 591.833275][T15685] ? __pfx_get_signal+0x10/0x10 [ 591.833296][T15685] ? do_futex+0x122/0x350 [ 591.833319][T15685] ? __pfx_do_futex+0x10/0x10 [ 591.833345][T15685] arch_do_signal_or_restart+0x8f/0x790 [ 591.833374][T15685] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 591.833410][T15685] exit_to_user_mode_loop+0x84/0x110 [ 591.833442][T15685] do_syscall_64+0x3f6/0x490 [ 591.833474][T15685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.833494][T15685] RIP: 0033:0x7f343c98e929 [ 591.833512][T15685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 591.833531][T15685] RSP: 002b:00007f343d73f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 591.833549][T15685] RAX: fffffffffffffe00 RBX: 00007f343cbb5fa8 RCX: 00007f343c98e929 [ 591.833562][T15685] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f343cbb5fa8 [ 591.833574][T15685] RBP: 00007f343cbb5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 591.833587][T15685] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f343cbb5fac [ 591.833599][T15685] R13: 0000000000000000 R14: 00007fff408ff9a0 R15: 00007fff408ffa88 [ 591.833651][T15685] [ 592.080863][ C1] vkms_vblank_simulate: vblank timer overrun [ 592.489453][T15682] could not allocate digest TFM handle binfmt_misc [ 594.065193][T15718] random: crng reseeded on system resumption [ 594.706506][T15707] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 596.042453][T15749] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2081'. [ 596.091907][T15749] GUP no longer grows the stack in syz.3.2081 (15749): 14000-401000 (4000) [ 596.121004][T15755] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2083'. [ 596.130370][T15749] CPU: 0 UID: 0 PID: 15749 Comm: syz.3.2081 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 596.130401][T15749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 596.130414][T15749] Call Trace: [ 596.130421][T15749] [ 596.130429][T15749] dump_stack_lvl+0x16c/0x1f0 [ 596.130468][T15749] gup_vma_lookup+0x1d2/0x220 [ 596.130494][T15749] __get_user_pages+0x271/0x3b80 [ 596.130528][T15749] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 596.130566][T15749] ? kasan_save_stack+0x42/0x60 [ 596.130599][T15749] ? __pfx___get_user_pages+0x10/0x10 [ 596.130625][T15749] ? register_lock_class+0x41/0x4c0 [ 596.130655][T15749] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 596.130691][T15749] ? do_syscall_64+0xcd/0x490 [ 596.130734][T15749] __gup_longterm_locked+0x20d/0x1840 [ 596.130762][T15749] ? __lock_acquire+0xb8a/0x1c90 [ 596.130796][T15749] ? __pfx___gup_longterm_locked+0x10/0x10 [ 596.130837][T15749] pin_user_pages_remote+0xed/0x140 [ 596.130866][T15749] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 596.130892][T15749] ? mm_access+0x22d/0x2e0 [ 596.130929][T15749] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 596.130980][T15749] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 596.131021][T15749] ? iovec_from_user+0xbb/0x140 [ 596.131071][T15749] ? iovec_from_user+0xbb/0x140 [ 596.131109][T15749] process_vm_rw+0x216/0x2c0 [ 596.131156][T15749] ? __pfx_process_vm_rw+0x10/0x10 [ 596.131192][T15749] ? __pfx_futex_wake+0x10/0x10 [ 596.131245][T15749] ? fput+0x70/0xf0 [ 596.131280][T15749] ? xfd_validate_state+0x61/0x180 [ 596.131326][T15749] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 596.131361][T15749] ? do_syscall_64+0x91/0x490 [ 596.131393][T15749] ? lockdep_hardirqs_on+0x7c/0x110 [ 596.131423][T15749] do_syscall_64+0xcd/0x490 [ 596.131458][T15749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.131479][T15749] RIP: 0033:0x7f7d6518e929 [ 596.131496][T15749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.131517][T15749] RSP: 002b:00007f7d66030038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 596.131537][T15749] RAX: ffffffffffffffda RBX: 00007f7d653b6080 RCX: 00007f7d6518e929 [ 596.131551][T15749] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 000000000000086d [ 596.131564][T15749] RBP: 00007f7d65210b39 R08: 0000000000000003 R09: 0000000000000000 [ 596.131577][T15749] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 596.131591][T15749] R13: 0000000000000000 R14: 00007f7d653b6080 R15: 00007ffdbcf8d418 [ 596.131618][T15749] [ 596.817819][T15755] bond0: (slave bond_slave_1): Releasing backup interface [ 596.940525][T15761] vcan0: tx drop: invalid da for name 0x000000000000003f [ 597.307417][T15768] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 597.362392][T15768] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 597.405865][T15768] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 597.415502][T15768] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 598.421463][T15799] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 598.771009][T15805] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2095'. [ 598.892024][T15805] bond0: (slave bond_slave_1): Releasing backup interface [ 598.939815][T15801] copy_params: 53 callbacks suppressed [ 598.939830][T15801] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 599.321028][T15814] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 599.322411][ T7992] Bluetooth: hci0: command 0x0c1a tx timeout [ 599.402310][ T7992] Bluetooth: hci1: command 0x0c1a tx timeout [ 599.485176][ T7992] Bluetooth: hci3: command 0x0c1a tx timeout [ 599.491283][ T7992] Bluetooth: hci2: command 0x0c1a tx timeout [ 599.527393][T15808] Invalid ELF header magic: != ELF [ 599.811240][T15823] netlink: 'syz.3.2097': attribute type 11 has an invalid length. [ 599.821928][T15823] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 600.083731][T15836] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 600.630549][T15847] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k [ 606.362479][T15946] dump_stack_lvl+0x16c/0x1f0 [ 606.362526][T15946] should_fail_ex+0x512/0x640 [ 606.362575][T15946] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 606.362606][T15946] should_failslab+0xc2/0x120 [ 606.362626][T15946] __kmalloc_cache_noprof+0x6a/0x3e0 [ 606.362653][T15946] ? tracing_open+0x328/0xf90 [ 606.362679][T15946] tracing_open+0x328/0xf90 [ 606.362700][T15946] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 606.362731][T15946] do_dentry_open+0x744/0x1c10 [ 606.362761][T15946] ? __pfx_tracing_open+0x10/0x10 [ 606.362787][T15946] vfs_open+0x82/0x3f0 [ 606.362811][T15946] path_openat+0x1de4/0x2cb0 [ 606.362848][T15946] ? __pfx_path_openat+0x10/0x10 [ 606.362878][T15946] ? __lock_acquire+0xb8a/0x1c90 [ 606.362915][T15946] do_filp_open+0x20b/0x470 [ 606.362945][T15946] ? __pfx_do_filp_open+0x10/0x10 [ 606.362992][T15946] ? alloc_fd+0x471/0x7d0 [ 606.363025][T15946] do_sys_openat2+0x11b/0x1d0 [ 606.363047][T15946] ? __pfx_do_sys_openat2+0x10/0x10 [ 606.363070][T15946] ? find_held_lock+0x2b/0x80 [ 606.363095][T15946] __x64_sys_openat+0x174/0x210 [ 606.363118][T15946] ? __pfx___x64_sys_openat+0x10/0x10 [ 606.363169][T15946] do_syscall_64+0xcd/0x490 [ 606.363203][T15946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.363225][T15946] RIP: 0033:0x7fea3118e929 [ 606.363241][T15946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 606.363261][T15946] RSP: 002b:00007fea31f8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 606.363280][T15946] RAX: ffffffffffffffda RBX: 00007fea313b5fa0 RCX: 00007fea3118e929 [ 606.363294][T15946] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 606.363307][T15946] RBP: 00007fea31210b39 R08: 0000000000000000 R09: 0000000000000000 [ 606.363320][T15946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 606.363332][T15946] R13: 0000000000000000 R14: 00007fea313b5fa0 R15: 00007ffc75d2de48 [ 606.363357][T15946] [ 608.276488][T15989] FAULT_INJECTION: forcing a failure. [ 608.276488][T15989] name failslab, interval 1, probability 0, space 0, times 0 [ 608.302284][T15989] CPU: 0 UID: 0 PID: 15989 Comm: syz.3.2131 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 608.302325][T15989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 608.302342][T15989] Call Trace: [ 608.302351][T15989] [ 608.302361][T15989] dump_stack_lvl+0x16c/0x1f0 [ 608.302417][T15989] should_fail_ex+0x512/0x640 [ 608.302457][T15989] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 608.302503][T15989] should_failslab+0xc2/0x120 [ 608.302531][T15989] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 608.302573][T15989] ? acpi_ut_create_generic_state+0x5c/0xb0 [ 608.302620][T15989] acpi_ut_create_generic_state+0x5c/0xb0 [ 608.302657][T15989] acpi_ps_push_scope+0x22/0x230 [ 608.302702][T15989] acpi_ps_parse_loop+0x9f3/0x1d00 [ 608.302753][T15989] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 608.302792][T15989] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 608.302835][T15989] ? acpi_ut_create_thread_state+0x63/0x170 [ 608.302897][T15989] acpi_ps_parse_aml+0x3c1/0xcb0 [ 608.302948][T15989] acpi_ps_execute_method+0x55a/0xb30 [ 608.302999][T15989] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 608.303035][T15989] acpi_ns_evaluate+0x76c/0xca0 [ 608.303066][T15989] ? kasan_save_track+0x14/0x30 [ 608.303112][T15989] acpi_evaluate_object+0x1fa/0xa90 [ 608.303157][T15989] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.303189][T15989] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 608.303232][T15989] ? __mutex_trylock_common+0xe9/0x250 [ 608.303282][T15989] acpi_evaluate_integer+0xdd/0x200 [ 608.303318][T15989] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 608.303370][T15989] ? __pfx_status_show+0x10/0x10 [ 608.303418][T15989] status_show+0xa0/0x120 [ 608.303461][T15989] ? __pfx_status_show+0x10/0x10 [ 608.303516][T15989] dev_attr_show+0x56/0xe0 [ 608.303546][T15989] ? __pfx_dev_attr_show+0x10/0x10 [ 608.303572][T15989] sysfs_kf_seq_show+0x213/0x3e0 [ 608.303618][T15989] seq_read_iter+0x509/0x12c0 [ 608.303674][T15989] kernfs_fop_read_iter+0x40f/0x5a0 [ 608.303705][T15989] ? rw_verify_area+0xcf/0x680 [ 608.303746][T15989] vfs_read+0x8bc/0xc60 [ 608.303792][T15989] ? __pfx___mutex_lock+0x10/0x10 [ 608.303837][T15989] ? __pfx_vfs_read+0x10/0x10 [ 608.303905][T15989] ksys_read+0x12a/0x250 [ 608.303947][T15989] ? __pfx_ksys_read+0x10/0x10 [ 608.303999][T15989] do_syscall_64+0xcd/0x490 [ 608.304047][T15989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.304076][T15989] RIP: 0033:0x7f7d6518e929 [ 608.304099][T15989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 608.304128][T15989] RSP: 002b:00007f7d66051038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 608.304158][T15989] RAX: ffffffffffffffda RBX: 00007f7d653b5fa0 RCX: 00007f7d6518e929 [ 608.304178][T15989] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 608.304195][T15989] RBP: 00007f7d65210b39 R08: 0000000000000000 R09: 0000000000000000 [ 608.304213][T15989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 608.304229][T15989] R13: 0000000000000000 R14: 00007f7d653b5fa0 R15: 00007ffdbcf8d418 [ 608.304268][T15989] [ 608.306569][T15989] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20250404/psparse-529) [ 609.081587][T16000] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2134'. [ 610.397185][T16020] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2139'. [ 610.538853][T16020] vcan0: entered promiscuous mode [ 611.637851][T16062] hub 8-0:1.0: USB hub found [ 611.736571][T16062] hub 8-0:1.0: 1 port detected [ 612.136309][T16070] FAULT_INJECTION: forcing a failure. [ 612.136309][T16070] name failslab, interval 1, probability 0, space 0, times 0 [ 612.212364][T16070] CPU: 0 UID: 0 PID: 16070 Comm: syz.2.2152 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 612.212394][T16070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 612.212406][T16070] Call Trace: [ 612.212413][T16070] [ 612.212420][T16070] dump_stack_lvl+0x16c/0x1f0 [ 612.212455][T16070] should_fail_ex+0x512/0x640 [ 612.212485][T16070] ? __kmalloc_noprof+0xbf/0x510 [ 612.212517][T16070] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 612.212546][T16070] should_failslab+0xc2/0x120 [ 612.212565][T16070] __kmalloc_noprof+0xd2/0x510 [ 612.212592][T16070] ? __pfx___mutex_trylock_common+0x10/0x10 [ 612.212627][T16070] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 612.212660][T16070] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 612.212687][T16070] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 612.212712][T16070] ? __pfx___mutex_lock+0x10/0x10 [ 612.212742][T16070] ? genl_get_cmd+0x194/0x580 [ 612.212777][T16070] ? __radix_tree_lookup+0x21f/0x2c0 [ 612.212809][T16070] genl_rcv_msg+0x55c/0x800 [ 612.212837][T16070] ? __pfx_genl_rcv_msg+0x10/0x10 [ 612.212864][T16070] ? __pfx_ctrl_getfamily+0x10/0x10 [ 612.212899][T16070] netlink_rcv_skb+0x158/0x420 [ 612.212920][T16070] ? __pfx_genl_rcv_msg+0x10/0x10 [ 612.212946][T16070] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 612.212977][T16070] ? netlink_deliver_tap+0x1ae/0xd30 [ 612.213000][T16070] genl_rcv+0x28/0x40 [ 612.213021][T16070] netlink_unicast+0x53a/0x7f0 [ 612.213045][T16070] ? __pfx_netlink_unicast+0x10/0x10 [ 612.213073][T16070] netlink_sendmsg+0x8d1/0xdd0 [ 612.213098][T16070] ? __pfx_netlink_sendmsg+0x10/0x10 [ 612.213135][T16070] __sys_sendto+0x4a0/0x520 [ 612.213165][T16070] ? __pfx___sys_sendto+0x10/0x10 [ 612.213200][T16070] ? find_held_lock+0x2b/0x80 [ 612.213238][T16070] __x64_sys_sendto+0xe0/0x1c0 [ 612.213265][T16070] ? do_syscall_64+0x91/0x490 [ 612.213295][T16070] ? lockdep_hardirqs_on+0x7c/0x110 [ 612.213324][T16070] do_syscall_64+0xcd/0x490 [ 612.213375][T16070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.213397][T16070] RIP: 0033:0x7fea311907bc [ 612.213414][T16070] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 612.213435][T16070] RSP: 002b:00007fea31f8dec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 612.213455][T16070] RAX: ffffffffffffffda RBX: 00007fea31f8dfc0 RCX: 00007fea311907bc [ 612.213469][T16070] RDX: 0000000000000028 RSI: 00007fea31f8e010 RDI: 0000000000000003 [ 612.213482][T16070] RBP: 0000000000000000 R08: 00007fea31f8df14 R09: 000000000000000c [ 612.213494][T16070] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 612.213506][T16070] R13: 00007fea31f8df68 R14: 00007fea31f8e010 R15: 0000000000000000 [ 612.213532][T16070] [ 612.565831][T16070] Process accounting paused [ 613.218358][T16093] : Can't lookup blockdev [ 616.178393][T16180] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.2173' sets config #0 [ 616.800785][T16211] binder: 16206:16211 ioctl c0306201 2000000003c0 returned -14 [ 617.830804][ T7992] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 617.903552][T16242] futex_wake_op: syz.3.2183 tries to shift op by -9; fix this program [ 618.078370][T16237] sg_write: data in/out 476/16086 bytes for SCSI command 0x0-- guessing data in; [ 618.078370][T16237] program syz.1.2182 not setting count and/or reply_len properly [ 618.265729][T16247] FAULT_INJECTION: forcing a failure. [ 618.265729][T16247] name failslab, interval 1, probability 0, space 0, times 0 [ 618.278605][T16247] CPU: 0 UID: 0 PID: 16247 Comm: syz.0.2184 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 618.278637][T16247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 618.278651][T16247] Call Trace: [ 618.278659][T16247] [ 618.278667][T16247] dump_stack_lvl+0x16c/0x1f0 [ 618.278708][T16247] should_fail_ex+0x512/0x640 [ 618.278742][T16247] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 618.278780][T16247] should_failslab+0xc2/0x120 [ 618.278802][T16247] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 618.278837][T16247] ? __proc_create+0xc3/0x8c0 [ 618.278872][T16247] ? __proc_create+0x2ce/0x8c0 [ 618.278913][T16247] __proc_create+0x2ce/0x8c0 [ 618.278950][T16247] ? __pfx___proc_create+0x10/0x10 [ 618.278992][T16247] ? _raw_write_unlock+0x28/0x50 [ 618.279024][T16247] ? proc_register+0x314/0x5f0 [ 618.279065][T16247] proc_create_reg+0x7d/0x180 [ 618.279087][T16247] ? __pfx_can_rcvlist_proc_show+0x10/0x10 [ 618.279113][T16247] proc_create_net_single+0x86/0x170 [ 618.279135][T16247] ? __pfx_proc_create_net_single+0x10/0x10 [ 618.279167][T16247] can_init_proc+0x2b3/0x4d0 [ 618.279192][T16247] can_pernet_init+0x1e4/0x370 [ 618.279215][T16247] ? __pfx_can_pernet_init+0x10/0x10 [ 618.279235][T16247] ops_init+0x1df/0x5f0 [ 618.279277][T16247] setup_net+0x1ff/0x510 [ 618.279296][T16247] ? lockdep_init_map_type+0x5c/0x280 [ 618.279330][T16247] ? __pfx_setup_net+0x10/0x10 [ 618.279353][T16247] ? debug_mutex_init+0x37/0x70 [ 618.279379][T16247] copy_net_ns+0x2a6/0x5f0 [ 618.279406][T16247] create_new_namespaces+0x3ea/0xa90 [ 618.279446][T16247] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 618.279475][T16247] ksys_unshare+0x45b/0xa40 [ 618.279507][T16247] ? __pfx_ksys_unshare+0x10/0x10 [ 618.279540][T16247] ? xfd_validate_state+0x61/0x180 [ 618.279580][T16247] __x64_sys_unshare+0x31/0x40 [ 618.279613][T16247] do_syscall_64+0xcd/0x490 [ 618.279653][T16247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.279677][T16247] RIP: 0033:0x7fbedbb8e929 [ 618.279696][T16247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 618.279719][T16247] RSP: 002b:00007fbedca86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 618.279740][T16247] RAX: ffffffffffffffda RBX: 00007fbedbdb5fa0 RCX: 00007fbedbb8e929 [ 618.279767][T16247] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 618.279781][T16247] RBP: 00007fbedbc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 618.279795][T16247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 618.279808][T16247] R13: 0000000000000000 R14: 00007fbedbdb5fa0 R15: 00007ffe1f4a6868 [ 618.279845][T16247] [ 618.544659][ C0] vkms_vblank_simulate: vblank timer overrun [ 618.893109][T16248] random: crng reseeded on system resumption [ 619.406148][T16269] ima: policy update failed [ 619.435797][ T30] audit: type=1802 audit(4294967449.990:65): pid=16269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2187" res=0 errno=0 [ 619.655951][T16275] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2188'. [ 619.768178][T16275] ipvlan1: entered allmulticast mode [ 619.790953][T16277] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2188'. [ 619.800188][T16275] veth0_vlan: entered allmulticast mode [ 619.839833][T16275] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2188'. [ 620.370065][T16289] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 621.001621][T16305] FAULT_INJECTION: forcing a failure. [ 621.001621][T16305] name failslab, interval 1, probability 0, space 0, times 0 [ 621.089626][T16305] CPU: 0 UID: 0 PID: 16305 Comm: syz.0.2196 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 621.089669][T16305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 621.089683][T16305] Call Trace: [ 621.089690][T16305] [ 621.089699][T16305] dump_stack_lvl+0x16c/0x1f0 [ 621.089762][T16305] should_fail_ex+0x512/0x640 [ 621.089792][T16305] ? __kvmalloc_node_noprof+0x124/0x620 [ 621.089823][T16305] should_failslab+0xc2/0x120 [ 621.089842][T16305] __kvmalloc_node_noprof+0x137/0x620 [ 621.089872][T16305] ? v4l2_ctrl_new+0x97d/0x2180 [ 621.089901][T16305] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 621.089936][T16305] ? v4l2_ctrl_new+0x97d/0x2180 [ 621.089965][T16305] v4l2_ctrl_new+0x97d/0x2180 [ 621.090004][T16305] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 621.090032][T16305] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 621.090069][T16305] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 621.090101][T16305] v4l2_ctrl_new_std+0x1be/0x290 [ 621.090139][T16305] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 621.090169][T16305] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 621.090203][T16305] ? rcu_is_watching+0x12/0xc0 [ 621.090222][T16305] ? trace_kmalloc+0x2b/0xd0 [ 621.090241][T16305] ? __kvmalloc_node_noprof+0x298/0x620 [ 621.090276][T16305] ? media_request_object_init+0x100/0x180 [ 621.090304][T16305] vicodec_open+0x1f7/0xf90 [ 621.090336][T16305] v4l2_open+0x222/0x490 [ 621.090362][T16305] ? __pfx_v4l2_open+0x10/0x10 [ 621.090388][T16305] chrdev_open+0x231/0x6a0 [ 621.090418][T16305] ? __pfx_apparmor_file_open+0x10/0x10 [ 621.090444][T16305] ? __pfx_chrdev_open+0x10/0x10 [ 621.090486][T16305] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 621.090518][T16305] do_dentry_open+0x744/0x1c10 [ 621.090548][T16305] ? __pfx_chrdev_open+0x10/0x10 [ 621.090584][T16305] vfs_open+0x82/0x3f0 [ 621.090610][T16305] path_openat+0x1de4/0x2cb0 [ 621.090650][T16305] ? __pfx_path_openat+0x10/0x10 [ 621.090680][T16305] ? __lock_acquire+0xb8a/0x1c90 [ 621.090710][T16305] do_filp_open+0x20b/0x470 [ 621.090740][T16305] ? __pfx_do_filp_open+0x10/0x10 [ 621.090788][T16305] ? alloc_fd+0x471/0x7d0 [ 621.090822][T16305] do_sys_openat2+0x11b/0x1d0 [ 621.090860][T16305] ? __pfx_do_sys_openat2+0x10/0x10 [ 621.090894][T16305] __x64_sys_openat+0x174/0x210 [ 621.090919][T16305] ? __pfx___x64_sys_openat+0x10/0x10 [ 621.090953][T16305] do_syscall_64+0xcd/0x490 [ 621.090988][T16305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.091010][T16305] RIP: 0033:0x7fbedbb8e929 [ 621.091027][T16305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.091048][T16305] RSP: 002b:00007fbedca86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 621.091068][T16305] RAX: ffffffffffffffda RBX: 00007fbedbdb5fa0 RCX: 00007fbedbb8e929 [ 621.091082][T16305] RDX: 00000000000c4400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 621.091096][T16305] RBP: 00007fbedbc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 621.091109][T16305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 621.091121][T16305] R13: 0000000000000000 R14: 00007fbedbdb5fa0 R15: 00007ffe1f4a6868 [ 621.091148][T16305] [ 621.393681][T16304] ptrace attach of "./syz-executor exec"[16306] was attempted by "./syz-executor exec"[16304] [ 621.555195][T16309] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 622.778862][T16332] ICMPv6: process `syz.3.2202' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 623.240185][T16338] sp0: Synchronizing with TNC [ 625.947833][ T7985] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.137345][ T7985] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.295640][ T7985] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.412482][T16383] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 626.456337][T16383] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 626.503948][T16383] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 626.695914][ T7985] bridge_slave_1: left allmulticast mode [ 626.756171][ T7985] bridge_slave_1: left promiscuous mode [ 626.802974][ T7985] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.936748][ T7985] bridge_slave_0: left allmulticast mode [ 626.965963][ T7985] bridge_slave_0: left promiscuous mode [ 626.971780][ T7985] bridge0: port 1(bridge_slave_0) entered disabled state [ 627.350988][ T7978] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 627.393437][ T7978] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 627.411687][ T7978] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 627.420661][ T7978] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 627.430861][ T7978] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 628.302636][ T7985] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 628.336677][ T7985] bond0 (unregistering): Released all slaves [ 628.865590][T16424] binder: BINDER_SET_CONTEXT_MGR already set [ 628.891376][T16424] binder: 16420:16424 ioctl 4018620d 200000001e40 returned -16 [ 629.275326][T16436] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 629.331875][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.341112][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.482524][ T7978] Bluetooth: hci0: command tx timeout [ 630.033594][T16457] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2227'. [ 630.154154][T16460] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2227'. [ 630.289545][T16460] veth0_macvtap: left promiscuous mode [ 630.454777][T16403] chnl_net:caif_netlink_parms(): no params data found [ 630.609885][T16467] FAULT_INJECTION: forcing a failure. [ 630.609885][T16467] name failslab, interval 1, probability 0, space 0, times 0 [ 630.643402][T16467] CPU: 1 UID: 0 PID: 16467 Comm: syz.2.2230 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 630.643446][T16467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 630.643466][T16467] Call Trace: [ 630.643476][T16467] [ 630.643488][T16467] dump_stack_lvl+0x16c/0x1f0 [ 630.643551][T16467] should_fail_ex+0x512/0x640 [ 630.643604][T16467] should_failslab+0xc2/0x120 [ 630.643635][T16467] __kmalloc_cache_noprof+0x6a/0x3e0 [ 630.643681][T16467] ? nfc_genl_rcv_nl_event+0xc1/0x2e0 [ 630.643723][T16467] nfc_genl_rcv_nl_event+0xc1/0x2e0 [ 630.643763][T16467] notifier_call_chain+0xb9/0x410 [ 630.643798][T16467] ? __pfx_nfc_genl_rcv_nl_event+0x10/0x10 [ 630.643844][T16467] blocking_notifier_call_chain+0x69/0xa0 [ 630.643888][T16467] netlink_release+0x186b/0x2020 [ 630.643925][T16467] ? netlink_release+0x1de/0x2020 [ 630.643958][T16467] ? __pfx_netlink_release+0x10/0x10 [ 630.643990][T16467] ? __pfx_locks_remove_file+0x10/0x10 [ 630.644027][T16467] __sock_release+0xb0/0x270 [ 630.644079][T16467] ? __pfx_sock_close+0x10/0x10 [ 630.644104][T16467] sock_close+0x1c/0x30 [ 630.644140][T16467] __fput+0x402/0xb70 [ 630.644177][T16467] task_work_run+0x14d/0x240 [ 630.644225][T16467] ? __pfx_task_work_run+0x10/0x10 [ 630.644269][T16467] ? __pfx___do_sys_close_range+0x10/0x10 [ 630.644322][T16467] exit_to_user_mode_loop+0xeb/0x110 [ 630.644368][T16467] do_syscall_64+0x3f6/0x490 [ 630.644418][T16467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.644449][T16467] RIP: 0033:0x7fea3118e929 [ 630.644473][T16467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 630.644513][T16467] RSP: 002b:00007fea31f8f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 630.644541][T16467] RAX: 0000000000000000 RBX: 00007fea313b5fa0 RCX: 00007fea3118e929 [ 630.644558][T16467] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 630.644575][T16467] RBP: 00007fea31210b39 R08: 0000000000000000 R09: 0000000000000000 [ 630.644593][T16467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 630.644610][T16467] R13: 0000000000000000 R14: 00007fea313b5fa0 R15: 00007ffc75d2de48 [ 630.644648][T16467] [ 630.875778][T16469] program syz.3.2231 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 630.885268][ T7985] hsr_slave_0: left promiscuous mode [ 630.891616][ T7985] hsr_slave_1: left promiscuous mode [ 630.918254][ T7985] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 630.927553][ T7985] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 630.958174][ T7985] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 630.976443][ T7985] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 631.059590][ T7985] veth1_macvtap: left promiscuous mode [ 631.076315][ T7985] veth0_macvtap: left promiscuous mode [ 631.101457][ T7985] veth1_vlan: left promiscuous mode [ 631.121469][ T7985] veth0_vlan: left promiscuous mode [ 631.562830][ T7978] Bluetooth: hci0: command tx timeout [ 632.289639][ T7985] team0 (unregistering): Port device team_slave_1 removed [ 632.461777][ T7985] team0 (unregistering): Port device team_slave_0 removed [ 633.328532][T16492] futex_wake_op: syz.2.2237 tries to shift op by -9; fix this program [ 633.645670][ T7978] Bluetooth: hci0: command tx timeout [ 634.672440][T16403] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.679645][T16403] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.701192][T16403] bridge_slave_0: entered allmulticast mode [ 634.732516][T16403] bridge_slave_0: entered promiscuous mode [ 634.866884][T16403] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.874459][T16403] bridge0: port 2(bridge_slave_1) entered disabled state [ 634.881786][T16403] bridge_slave_1: entered allmulticast mode [ 634.922560][T16403] bridge_slave_1: entered promiscuous mode [ 635.075731][T16403] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 635.131319][T16403] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 635.305396][T16403] team0: Port device team_slave_0 added [ 635.341967][T16403] team0: Port device team_slave_1 added [ 635.540246][T16403] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 635.567933][T16403] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 635.620086][T16403] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 635.657423][T16403] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 635.688138][T16403] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 635.736044][ T7978] Bluetooth: hci0: command tx timeout [ 635.785495][T16403] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 636.213066][T16403] hsr_slave_0: entered promiscuous mode [ 636.239134][T16403] hsr_slave_1: entered promiscuous mode [ 636.535292][T16543] Invalid ELF header magic: != ELF [ 637.486040][T16564] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input38 [ 639.115403][T16403] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 639.136140][T16403] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 639.171520][T16403] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 639.211378][T16403] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 639.540111][T16603] FAULT_INJECTION: forcing a failure. [ 639.540111][T16603] name failslab, interval 1, probability 0, space 0, times 0 [ 639.563203][T16603] CPU: 1 UID: 0 PID: 16603 Comm: syz.2.2253 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 639.563245][T16603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 639.563263][T16603] Call Trace: [ 639.563272][T16603] [ 639.563283][T16603] dump_stack_lvl+0x16c/0x1f0 [ 639.563332][T16603] should_fail_ex+0x512/0x640 [ 639.563371][T16603] ? __kmalloc_noprof+0xbf/0x510 [ 639.563415][T16603] ? iovec_from_user+0x108/0x140 [ 639.563456][T16603] should_failslab+0xc2/0x120 [ 639.563483][T16603] __kmalloc_noprof+0xd2/0x510 [ 639.563534][T16603] iovec_from_user+0x108/0x140 [ 639.563585][T16603] __import_iovec+0x88/0x650 [ 639.563639][T16603] import_iovec+0x86/0xb0 [ 639.563677][T16603] copy_msghdr_from_user+0xf9/0x160 [ 639.563710][T16603] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 639.563756][T16603] ___sys_sendmsg+0xfe/0x1d0 [ 639.563790][T16603] ? __pfx____sys_sendmsg+0x10/0x10 [ 639.563853][T16603] ? find_held_lock+0x2b/0x80 [ 639.563890][T16603] __sys_sendmmsg+0x200/0x420 [ 639.563924][T16603] ? __pfx___sys_sendmmsg+0x10/0x10 [ 639.563953][T16603] ? __pfx_inet_bind_sk+0x10/0x10 [ 639.563988][T16603] ? __pfx_do_futex+0x10/0x10 [ 639.564027][T16603] ? xfd_validate_state+0x61/0x180 [ 639.564058][T16603] __x64_sys_sendmmsg+0x9c/0x100 [ 639.564088][T16603] ? lockdep_hardirqs_on+0x7c/0x110 [ 639.564118][T16603] do_syscall_64+0xcd/0x490 [ 639.564150][T16603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.564170][T16603] RIP: 0033:0x7fea3118e929 [ 639.564186][T16603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.564206][T16603] RSP: 002b:00007fea31f8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 639.564225][T16603] RAX: ffffffffffffffda RBX: 00007fea313b5fa0 RCX: 00007fea3118e929 [ 639.564239][T16603] RDX: 0000000000000002 RSI: 0000200000000140 RDI: 0000000000000003 [ 639.564251][T16603] RBP: 00007fea31210b39 R08: 0000000000000000 R09: 0000000000000000 [ 639.564263][T16603] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000000 [ 639.564276][T16603] R13: 0000000000000000 R14: 00007fea313b5fa0 R15: 00007ffc75d2de48 [ 639.564300][T16603] [ 639.998313][T16403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 640.246486][T16403] 8021q: adding VLAN 0 to HW filter on device team0 [ 640.318857][ T9945] bridge0: port 1(bridge_slave_0) entered blocking state [ 640.326019][ T9945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 640.378301][ T9945] bridge0: port 2(bridge_slave_1) entered blocking state [ 640.385459][ T9945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 640.651863][T16615] delete_channel: no stack [ 641.221980][T16403] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 641.385827][T16403] veth0_vlan: entered promiscuous mode [ 641.427436][T16403] veth1_vlan: entered promiscuous mode [ 641.532166][T16403] veth0_macvtap: entered promiscuous mode [ 641.580521][T16403] veth1_macvtap: entered promiscuous mode [ 641.660033][T16403] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 641.720473][T16403] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 641.784855][T16403] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.816465][T16403] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.842737][T16403] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.851487][T16403] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 642.373366][ T7985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 642.412792][ T7985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 642.469482][ T7981] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 642.480814][ T7981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 643.244283][T16663] Process accounting resumed [ 644.942705][T16698] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2264'. [ 645.222258][T16698] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 645.725591][T16744] random: crng reseeded on system resumption [ 646.110933][T16750] block2mtd: illegal erase size [ 648.194846][T16793] FAULT_INJECTION: forcing a failure. [ 648.194846][T16793] name failslab, interval 1, probability 0, space 0, times 0 [ 648.252344][T16793] CPU: 1 UID: 0 PID: 16793 Comm: syz.0.2281 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 648.252409][T16793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 648.252430][T16793] Call Trace: [ 648.252440][T16793] [ 648.252452][T16793] dump_stack_lvl+0x16c/0x1f0 [ 648.252516][T16793] should_fail_ex+0x512/0x640 [ 648.252559][T16793] ? __kmalloc_noprof+0xbf/0x510 [ 648.252622][T16793] ? mpi_alloc_limb_space+0x31/0x60 [ 648.252656][T16793] should_failslab+0xc2/0x120 [ 648.252685][T16793] __kmalloc_noprof+0xd2/0x510 [ 648.252737][T16793] mpi_alloc_limb_space+0x31/0x60 [ 648.252773][T16793] mpi_alloc+0x199/0x230 [ 648.252804][T16793] ? mpi_free+0x14/0x160 [ 648.252836][T16793] mpi_read_raw_data+0x133/0x4a0 [ 648.252873][T16793] rsa_set_pub_key+0x149/0x270 [ 648.252920][T16793] ? __pfx_rsa_set_pub_key+0x10/0x10 [ 648.252982][T16793] ? __asan_memcpy+0x3c/0x60 [ 648.253030][T16793] rsassa_pkcs1_set_pub_key+0xcb/0x1f0 [ 648.253084][T16793] public_key_verify_signature+0x779/0x970 [ 648.253147][T16793] ? __pfx_public_key_verify_signature+0x10/0x10 [ 648.253220][T16793] ? __pfx_public_key_verify_signature_2+0x10/0x10 [ 648.253265][T16793] verify_signature+0xdf/0x130 [ 648.253314][T16793] pkcs7_validate_trust+0x220/0x7e0 [ 648.253367][T16793] verify_pkcs7_message_sig+0x12c/0x250 [ 648.253408][T16793] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 648.253440][T16793] ? kfree+0x2b4/0x4d0 [ 648.253485][T16793] ? public_key_signature_free+0xda/0x110 [ 648.253522][T16793] ? pkcs7_parse_message+0x531/0x720 [ 648.253574][T16793] ? pkcs7_parse_message+0x536/0x720 [ 648.253622][T16793] verify_pkcs7_signature+0x6d/0xa0 [ 648.253661][T16793] valid_regdb+0x215/0x590 [ 648.253695][T16793] ? __pfx___mutex_lock+0x10/0x10 [ 648.253742][T16793] ? __pfx_valid_regdb+0x10/0x10 [ 648.253783][T16793] reg_reload_regdb+0x11e/0x460 [ 648.253820][T16793] ? __pfx_reg_reload_regdb+0x10/0x10 [ 648.253860][T16793] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 648.253903][T16793] ? nl80211_pre_doit+0x1b0/0xb10 [ 648.253956][T16793] genl_family_rcv_msg_doit+0x209/0x2f0 [ 648.254001][T16793] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 648.254038][T16793] ? rcu_is_watching+0x12/0xc0 [ 648.254081][T16793] ? bpf_lsm_capable+0x9/0x10 [ 648.254119][T16793] ? security_capable+0x7e/0x260 [ 648.254179][T16793] genl_rcv_msg+0x55c/0x800 [ 648.254224][T16793] ? __pfx_genl_rcv_msg+0x10/0x10 [ 648.254263][T16793] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 648.254317][T16793] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 648.254356][T16793] ? __pfx_nl80211_post_doit+0x10/0x10 [ 648.254412][T16793] netlink_rcv_skb+0x158/0x420 [ 648.254441][T16793] ? __pfx_genl_rcv_msg+0x10/0x10 [ 648.254487][T16793] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 648.254531][T16793] ? netlink_deliver_tap+0x1ae/0xd30 [ 648.254563][T16793] genl_rcv+0x28/0x40 [ 648.254591][T16793] netlink_unicast+0x53a/0x7f0 [ 648.254624][T16793] ? __pfx_netlink_unicast+0x10/0x10 [ 648.254664][T16793] netlink_sendmsg+0x8d1/0xdd0 [ 648.254700][T16793] ? __pfx_netlink_sendmsg+0x10/0x10 [ 648.254745][T16793] ____sys_sendmsg+0xa98/0xc70 [ 648.254778][T16793] ? copy_msghdr_from_user+0x10a/0x160 [ 648.254819][T16793] ? __pfx_____sys_sendmsg+0x10/0x10 [ 648.254859][T16793] ? __pfx_futex_wake_mark+0x10/0x10 [ 648.254905][T16793] ___sys_sendmsg+0x134/0x1d0 [ 648.254950][T16793] ? __pfx____sys_sendmsg+0x10/0x10 [ 648.254989][T16793] ? __lock_acquire+0x622/0x1c90 [ 648.255070][T16793] __sys_sendmsg+0x16d/0x220 [ 648.255113][T16793] ? __pfx___sys_sendmsg+0x10/0x10 [ 648.255153][T16793] ? __x64_sys_futex+0x1e0/0x4c0 [ 648.255207][T16793] do_syscall_64+0xcd/0x490 [ 648.255253][T16793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.255281][T16793] RIP: 0033:0x7f2dd7d8e929 [ 648.255304][T16793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 648.255350][T16793] RSP: 002b:00007f2dd8b70038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 648.255377][T16793] RAX: ffffffffffffffda RBX: 00007f2dd7fb5fa0 RCX: 00007f2dd7d8e929 [ 648.255406][T16793] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000006 [ 648.255424][T16793] RBP: 00007f2dd7e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 648.255441][T16793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 648.255465][T16793] R13: 0000000000000000 R14: 00007f2dd7fb5fa0 R15: 00007ffd8e108268 [ 648.255503][T16793] [ 648.958656][ T7978] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 649.296927][T16806] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2284'. [ 650.201899][T16833] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.2.2286: bg 4: bad block bitmap checksum [ 650.270121][T16833] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 74 [ 650.323107][T16833] EXT4-fs (sda1): This should not happen!! Data will be lost [ 650.323107][T16833] [ 651.057268][T16840] rnbd_client L213: map_device: Parameters missing [ 651.137693][T16838] svc: failed to register nfsdv3 RPC service (errno 101). [ 651.215476][T16838] svc: failed to register nfsaclv3 RPC service (errno 101). [ 653.126763][T16889] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 653.199200][T16889] EXT4-fs (sda1): This should not happen!! Data will be lost [ 653.199200][T16889] [ 653.556779][T16893] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2299'. [ 654.287618][ T30] audit: type=1804 audit(4294967484.865:66): pid=16904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2300" name="/newroot/581/file0" dev="tmpfs" ino=3043 res=1 errno=0 [ 654.382256][ T30] audit: type=1800 audit(4294967484.865:67): pid=16904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2300" name="file0" dev="tmpfs" ino=3043 res=0 errno=0 [ 654.842080][ T7992] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 654.858501][ T7992] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 654.871002][ T7992] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 654.883407][ T7992] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 654.891159][ T7992] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 655.695077][T16944] netlink: 'syz.0.2307': attribute type 2 has an invalid length. [ 655.718062][T16939] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 655.732413][T16939] EXT4-fs (sda1): This should not happen!! Data will be lost [ 655.732413][T16939] [ 656.428736][T16924] chnl_net:caif_netlink_parms(): no params data found [ 656.671525][ T9523] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.932239][ T7992] Bluetooth: hci4: command tx timeout [ 657.198215][ T9523] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.574457][ T9523] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.693211][T16924] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.700396][T16924] bridge0: port 1(bridge_slave_0) entered disabled state [ 657.715794][T16924] bridge_slave_0: entered allmulticast mode [ 657.739029][T16924] bridge_slave_0: entered promiscuous mode [ 657.854216][ T9523] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.941484][T16924] bridge0: port 2(bridge_slave_1) entered blocking state [ 657.966476][T16924] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.982655][T16924] bridge_slave_1: entered allmulticast mode [ 657.994882][T16924] bridge_slave_1: entered promiscuous mode [ 658.209391][T16924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 658.250984][T16984] Console: switching to colour frame buffer device 128x48 [ 658.308408][T16924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 658.446173][T16924] team0: Port device team_slave_0 added [ 658.568421][T16924] team0: Port device team_slave_1 added [ 658.741222][T16924] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 658.754543][T16924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 658.786281][T16924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 658.838343][T16924] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 658.870946][T16924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 658.987592][T16924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 659.007804][ T7992] Bluetooth: hci4: command tx timeout [ 659.133759][ T9523] gretap0: left allmulticast mode [ 659.150760][ T9523] gretap0: left promiscuous mode [ 659.167639][ T9523] bridge0: port 3(gretap0) entered disabled state [ 659.219080][ T9523] bridge_slave_1: left allmulticast mode [ 659.248581][ T9523] bridge_slave_1: left promiscuous mode [ 659.303838][ T9523] bridge0: port 2(bridge_slave_1) entered disabled state [ 659.361559][ T9523] bridge_slave_0: left allmulticast mode [ 659.401105][ T9523] bridge_slave_0: left promiscuous mode [ 659.445567][ T9523] bridge0: port 1(bridge_slave_0) entered disabled state [ 660.374818][T17028] ima: policy update failed [ 660.385344][ T30] audit: type=1802 audit(4294967490.955:68): pid=17028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2319" res=0 errno=0 [ 660.418158][ T9523] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 660.434453][ T9523] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 660.448829][ T9523] bond0 (unregistering): Released all slaves [ 660.670693][ T9523] tipc: Left network mode [ 660.858432][T16924] hsr_slave_0: entered promiscuous mode [ 660.870109][T16924] hsr_slave_1: entered promiscuous mode [ 660.882824][T16924] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 660.900630][T16924] Cannot create hsr debugfs directory [ 661.082646][ T7992] Bluetooth: hci4: command tx timeout [ 662.301799][ T9523] hsr_slave_0: left promiscuous mode [ 662.330301][ T9523] hsr_slave_1: left promiscuous mode [ 662.349499][ T9523] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 662.372443][ T9523] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 662.394009][ T9523] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 662.401543][ T9523] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 662.448959][ T9523] veth1_macvtap: left promiscuous mode [ 662.466177][ T9523] veth0_macvtap: left promiscuous mode [ 662.471903][ T9523] veth1_vlan: left promiscuous mode [ 662.481363][ T9523] veth0_vlan: left promiscuous mode [ 663.146460][T17064] program syz.0.2325 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 663.162557][ T7992] Bluetooth: hci4: command tx timeout [ 663.837686][ T9523] team0 (unregistering): Port device team_slave_1 removed [ 663.947302][ T9523] team0 (unregistering): Port device team_slave_0 removed [ 666.712287][T16924] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 666.767779][T16924] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 666.785386][T16924] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 666.842882][T16924] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 667.271244][ T7981] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 667.287766][ T7981] EXT4-fs (sda1): This should not happen!! Data will be lost [ 667.287766][ T7981] [ 667.771851][T16924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 667.805667][T17125] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2331'. [ 667.904280][T16924] 8021q: adding VLAN 0 to HW filter on device team0 [ 667.994366][ T7981] bridge0: port 1(bridge_slave_0) entered blocking state [ 668.001515][ T7981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 668.060212][T17133] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2334'. [ 668.091799][ T7981] bridge0: port 2(bridge_slave_1) entered blocking state [ 668.099049][ T7981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 668.161050][T17133] netlink: 274 bytes leftover after parsing attributes in process `syz.0.2334'. [ 668.751181][T16924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 668.886474][T16924] veth0_vlan: entered promiscuous mode [ 668.927613][T16924] veth1_vlan: entered promiscuous mode [ 668.935397][T17165] netlink: 'syz.3.2340': attribute type 27 has an invalid length. [ 668.956170][T17165] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2340'. [ 669.061914][T16924] veth0_macvtap: entered promiscuous mode [ 669.076933][T17172] netlink: 'syz.3.2340': attribute type 27 has an invalid length. [ 669.100342][T17172] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2340'. [ 669.119782][T16924] veth1_macvtap: entered promiscuous mode [ 669.301935][T16924] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 669.350836][T17185] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 669.371831][T17185] EXT4-fs (sda1): This should not happen!! Data will be lost [ 669.371831][T17185] [ 669.438973][T16924] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 669.486746][T16924] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.572373][T16924] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.581130][T16924] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.670407][T16924] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.470917][T16115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 670.510287][T16115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 670.890669][ T7985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 670.910895][ T7985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 671.302046][T17201] bond0: option primary_reselect: invalid value () [ 674.463575][T17248] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 680.138449][ T7978] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 680.158146][ T7978] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 680.165963][ T7978] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 680.175006][ T7978] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 680.212419][ T7978] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 680.935902][T17371] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 681.490462][ T7981] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 681.691578][T17350] chnl_net:caif_netlink_parms(): no params data found [ 682.101136][ T7981] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 682.270082][ T7981] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 682.291505][ T7978] Bluetooth: hci2: command tx timeout [ 682.540695][ T7981] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 682.570048][T17350] bridge0: port 1(bridge_slave_0) entered blocking state [ 682.589534][T17350] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.604747][T17350] bridge_slave_0: entered allmulticast mode [ 682.632310][T17350] bridge_slave_0: entered promiscuous mode [ 682.671672][T17350] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.689192][T17350] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.699384][T17350] bridge_slave_1: entered allmulticast mode [ 682.721439][T17350] bridge_slave_1: entered promiscuous mode [ 682.854760][T17350] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 682.894598][T17350] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 683.015259][T17399] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2382'. [ 683.181355][T17350] team0: Port device team_slave_0 added [ 683.217215][T17350] team0: Port device team_slave_1 added [ 683.434401][T17350] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 683.449399][T17350] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 683.549805][T17350] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 684.114310][T17350] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 684.142112][T17350] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 684.206352][T17350] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 684.363516][ T7978] Bluetooth: hci2: command tx timeout [ 684.393659][ T7981] vlan1: left allmulticast mode [ 684.411356][ T7981] vlan1: left promiscuous mode [ 684.421707][ T7981] bridge0: port 3(vlan1) entered disabled state [ 684.505677][ T7981] bridge_slave_1: left allmulticast mode [ 684.519874][ T7981] bridge_slave_1: left promiscuous mode [ 684.535776][ T7981] bridge0: port 2(bridge_slave_1) entered disabled state [ 684.586795][ T7981] bridge_slave_0: left allmulticast mode [ 684.601501][ T7981] bridge_slave_0: left promiscuous mode [ 684.618060][ T7981] bridge0: port 1(bridge_slave_0) entered disabled state [ 684.797210][T17423] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2388'. [ 685.228921][T17446] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input39 [ 685.803452][T17446] mtrr: base(0x100000000) is not aligned on a size(0x0000) boundary [ 686.108029][T17460] zero sized request [ 686.443193][ T7978] Bluetooth: hci2: command tx timeout [ 686.503557][ T7981] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 686.548886][ T7981] bond0 (unregistering): Released all slaves [ 686.652443][T17350] hsr_slave_0: entered promiscuous mode [ 686.663737][T17350] hsr_slave_1: entered promiscuous mode [ 686.680603][T17350] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 686.695853][T17350] Cannot create hsr debugfs directory [ 686.753936][T17470] FAULT_INJECTION: forcing a failure. [ 686.753936][T17470] name failslab, interval 1, probability 0, space 0, times 0 [ 686.767144][ T7981] ovs_: left promiscuous mode [ 686.773633][T17470] CPU: 0 UID: 0 PID: 17470 Comm: syz.1.2395 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 686.773678][T17470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 686.773709][T17470] Call Trace: [ 686.773718][T17470] [ 686.773729][T17470] dump_stack_lvl+0x16c/0x1f0 [ 686.773780][T17470] should_fail_ex+0x512/0x640 [ 686.773821][T17470] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 686.773871][T17470] should_failslab+0xc2/0x120 [ 686.773898][T17470] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 686.773940][T17470] ? __proc_create+0xc3/0x8c0 [ 686.773984][T17470] ? __proc_create+0x2ce/0x8c0 [ 686.774053][T17470] __proc_create+0x2ce/0x8c0 [ 686.774103][T17470] ? __pfx___proc_create+0x10/0x10 [ 686.774159][T17470] ? _raw_write_unlock+0x28/0x50 [ 686.774229][T17470] ? proc_register+0x314/0x5f0 [ 686.774283][T17470] proc_create_reg+0x7d/0x180 [ 686.774316][T17470] proc_create_net_data+0x8e/0x1b0 [ 686.774369][T17470] ? __pfx_proc_create_net_data+0x10/0x10 [ 686.774433][T17470] nfs_fs_proc_net_init+0xf3/0x1e0 [ 686.774477][T17470] nfs_net_init+0x130/0x300 [ 686.774516][T17470] ? __pfx_nfs_net_init+0x10/0x10 [ 686.774553][T17470] ops_init+0x1df/0x5f0 [ 686.774612][T17470] setup_net+0x1ff/0x510 [ 686.774638][T17470] ? lockdep_init_map_type+0x5c/0x280 [ 686.774688][T17470] ? __pfx_setup_net+0x10/0x10 [ 686.774719][T17470] ? debug_mutex_init+0x37/0x70 [ 686.774752][T17470] copy_net_ns+0x2a6/0x5f0 [ 686.774790][T17470] create_new_namespaces+0x3ea/0xa90 [ 686.774835][T17470] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 686.774872][T17470] ksys_unshare+0x45b/0xa40 [ 686.774914][T17470] ? __pfx_ksys_unshare+0x10/0x10 [ 686.774957][T17470] ? xfd_validate_state+0x61/0x180 [ 686.775008][T17470] __x64_sys_unshare+0x31/0x40 [ 686.775048][T17470] do_syscall_64+0xcd/0x490 [ 686.775099][T17470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.775131][T17470] RIP: 0033:0x7f343c98e929 [ 686.775157][T17470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 686.775188][T17470] RSP: 002b:00007f343d73f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 686.775218][T17470] RAX: ffffffffffffffda RBX: 00007f343cbb5fa0 RCX: 00007f343c98e929 [ 686.775239][T17470] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 686.775259][T17470] RBP: 00007f343ca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 686.775278][T17470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 686.775296][T17470] R13: 0000000000000000 R14: 00007f343cbb5fa0 R15: 00007fff408ffa88 [ 686.775337][T17470] [ 687.291529][T17470] ------------[ cut here ]------------ [ 687.297196][T17470] remove_proc_entry: removing non-empty directory 'net/rpc', leaking at least 'nfs' [ 687.308018][T17470] WARNING: CPU: 0 PID: 17470 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 [ 687.318316][T17470] Modules linked in: [ 687.323755][T17470] CPU: 0 UID: 0 PID: 17470 Comm: syz.1.2395 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 687.335966][T17470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 687.346433][T17470] RIP: 0010:remove_proc_entry+0x45e/0x530 [ 687.352481][T17470] Code: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 00 bc c2 8b 48 c7 c7 20 bb c2 8b e8 23 71 1d ff 90 <0f> 0b 90 90 e9 5f fe ff ff e8 04 5b 5e ff 90 48 b8 00 00 00 00 00 [ 687.372294][T17470] RSP: 0018:ffffc900040efb08 EFLAGS: 00010282 [ 687.378433][T17470] RAX: 0000000000000000 RBX: ffff88805bfa0a00 RCX: ffffc900048f2000 [ 687.386535][T17470] RDX: 0000000000080000 RSI: ffffffff817aa1b5 RDI: 0000000000000001 [ 687.394675][T17470] RBP: ffff88805e4c2700 R08: 0000000000000001 R09: 0000000000000000 [ 687.402745][T17470] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88805e4c2640 [ 687.410789][T17470] R13: ffff88805e4c2724 R14: ffff88807c992ea4 R15: dffffc0000000000 [ 687.419780][T17470] FS: 00007f343d73f6c0(0000) GS:ffff888124760000(0000) knlGS:0000000000000000 [ 687.429552][T17470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 687.436272][T17470] CR2: 00007f343c9c1180 CR3: 00000000686b8000 CR4: 00000000003526f0 [ 687.444629][T17470] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 687.452721][T17470] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 687.460742][T17470] Call Trace: [ 687.464100][T17470] [ 687.467089][T17470] ? __pfx_remove_proc_entry+0x10/0x10 [ 687.472682][T17470] ? cache_destroy_net+0x31/0x50 [ 687.477694][T17470] ? sunrpc_exit_net+0x37/0x90 [ 687.482947][T17470] sunrpc_exit_net+0x46/0x90 [ 687.487620][T17470] ? __pfx_sunrpc_exit_net+0x10/0x10 [ 687.493065][T17470] ops_undo_list+0x2eb/0xab0 [ 687.497754][T17470] ? __pfx_ops_undo_list+0x10/0x10 [ 687.503004][T17470] ? ops_init+0x2fa/0x5f0 [ 687.507421][T17470] setup_net+0x2e1/0x510 [ 687.511723][T17470] ? __pfx_setup_net+0x10/0x10 [ 687.516622][T17470] ? debug_mutex_init+0x37/0x70 [ 687.522304][T17470] copy_net_ns+0x2a6/0x5f0 [ 687.526797][T17470] create_new_namespaces+0x3ea/0xa90 [ 687.532833][T17470] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 687.538571][T17470] ksys_unshare+0x45b/0xa40 [ 687.543500][T17470] ? __pfx_ksys_unshare+0x10/0x10 [ 687.548688][T17470] ? xfd_validate_state+0x61/0x180 [ 687.553983][T17470] __x64_sys_unshare+0x31/0x40 [ 687.558825][T17470] do_syscall_64+0xcd/0x490 [ 687.563729][T17470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.569690][T17470] RIP: 0033:0x7f343c98e929 [ 687.574251][T17470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 687.593981][T17470] RSP: 002b:00007f343d73f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 687.602586][T17470] RAX: ffffffffffffffda RBX: 00007f343cbb5fa0 RCX: 00007f343c98e929 [ 687.610610][T17470] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 687.618710][T17470] RBP: 00007f343ca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 687.627670][T17470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 687.636392][T17470] R13: 0000000000000000 R14: 00007f343cbb5fa0 R15: 00007fff408ffa88 [ 687.644534][T17470] [ 687.647880][T17470] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 687.655208][T17470] CPU: 0 UID: 0 PID: 17470 Comm: syz.1.2395 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 687.667325][T17470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 687.677422][T17470] Call Trace: [ 687.680744][T17470] [ 687.683717][T17470] dump_stack_lvl+0x3d/0x1f0 [ 687.688390][T17470] panic+0x71c/0x800 [ 687.692364][T17470] ? __pfx_panic+0x10/0x10 [ 687.696873][T17470] ? show_trace_log_lvl+0x29b/0x3e0 [ 687.702162][T17470] ? remove_proc_entry+0x45e/0x530 [ 687.707341][T17470] check_panic_on_warn+0xab/0xb0 [ 687.712355][T17470] __warn+0xf6/0x3c0 [ 687.716470][T17470] ? remove_proc_entry+0x45e/0x530 [ 687.721644][T17470] report_bug+0x3c3/0x580 [ 687.726049][T17470] ? remove_proc_entry+0x45e/0x530 [ 687.731222][T17470] handle_bug+0x184/0x210 [ 687.735625][T17470] exc_invalid_op+0x17/0x50 [ 687.740185][T17470] asm_exc_invalid_op+0x1a/0x20 [ 687.745084][T17470] RIP: 0010:remove_proc_entry+0x45e/0x530 [ 687.750867][T17470] Code: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 00 bc c2 8b 48 c7 c7 20 bb c2 8b e8 23 71 1d ff 90 <0f> 0b 90 90 e9 5f fe ff ff e8 04 5b 5e ff 90 48 b8 00 00 00 00 00 [ 687.770544][T17470] RSP: 0018:ffffc900040efb08 EFLAGS: 00010282 [ 687.776685][T17470] RAX: 0000000000000000 RBX: ffff88805bfa0a00 RCX: ffffc900048f2000 [ 687.784705][T17470] RDX: 0000000000080000 RSI: ffffffff817aa1b5 RDI: 0000000000000001 [ 687.792733][T17470] RBP: ffff88805e4c2700 R08: 0000000000000001 R09: 0000000000000000 [ 687.800754][T17470] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88805e4c2640 [ 687.808782][T17470] R13: ffff88805e4c2724 R14: ffff88807c992ea4 R15: dffffc0000000000 [ 687.816827][T17470] ? __warn_printk+0x1a5/0x350 [ 687.821663][T17470] ? remove_proc_entry+0x45d/0x530 [ 687.826822][T17470] ? __pfx_remove_proc_entry+0x10/0x10 [ 687.832336][T17470] ? cache_destroy_net+0x31/0x50 [ 687.837328][T17470] ? sunrpc_exit_net+0x37/0x90 [ 687.842268][T17470] sunrpc_exit_net+0x46/0x90 [ 687.846909][T17470] ? __pfx_sunrpc_exit_net+0x10/0x10 [ 687.852234][T17470] ops_undo_list+0x2eb/0xab0 [ 687.856868][T17470] ? __pfx_ops_undo_list+0x10/0x10 [ 687.862008][T17470] ? ops_init+0x2fa/0x5f0 [ 687.866401][T17470] setup_net+0x2e1/0x510 [ 687.870678][T17470] ? __pfx_setup_net+0x10/0x10 [ 687.875479][T17470] ? debug_mutex_init+0x37/0x70 [ 687.880359][T17470] copy_net_ns+0x2a6/0x5f0 [ 687.884841][T17470] create_new_namespaces+0x3ea/0xa90 [ 687.890180][T17470] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 687.895874][T17470] ksys_unshare+0x45b/0xa40 [ 687.900440][T17470] ? __pfx_ksys_unshare+0x10/0x10 [ 687.905507][T17470] ? xfd_validate_state+0x61/0x180 [ 687.910674][T17470] __x64_sys_unshare+0x31/0x40 [ 687.915493][T17470] do_syscall_64+0xcd/0x490 [ 687.920068][T17470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.926000][T17470] RIP: 0033:0x7f343c98e929 [ 687.930452][T17470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 687.950091][T17470] RSP: 002b:00007f343d73f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 687.958553][T17470] RAX: ffffffffffffffda RBX: 00007f343cbb5fa0 RCX: 00007f343c98e929 [ 687.966624][T17470] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 687.974620][T17470] RBP: 00007f343ca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 687.982613][T17470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 687.990614][T17470] R13: 0000000000000000 R14: 00007f343cbb5fa0 R15: 00007fff408ffa88 [ 687.998655][T17470] [ 688.002083][T17470] Kernel Offset: disabled [ 688.006430][T17470] Rebooting in 86400 seconds..