last executing test programs: 8.548323505s ago: executing program 0 (id=3162): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 7.252719665s ago: executing program 1 (id=3165): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 7.235538864s ago: executing program 3 (id=3166): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 6.314062424s ago: executing program 2 (id=3167): r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0xa44) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) bpf$auto_BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000280)=@test={r0, 0x5, 0xfffffffd, 0x8f1, 0xfffffffffffffff9, 0x6, 0x2, 0x7, 0x6, 0xad, 0x774b, 0x4, 0xfff, 0x5, 0xb948}, 0x5) socket(0x3, 0x3, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x408) lseek$auto(r3, 0x5, 0x0) getdents$auto(r2, &(0x7f00000003c0)={0x100, 0x8000000000000003, 0x4, "374e12ef58b11c1d4bdad3b8d6b36dd93f5721a0223599ce9a04ac7c02a3bc726d20f0193d6cb1ff75530f5895b917a0271b6d905670af4c9bc94814df8406475e9f496ec36339bc8065a868aa833221c75c8d47b89f5229bb8d4716f2e2da76636c845ac312d4f7977fdc15b5486766d4ab9fd4db2aa9f5d9bcc98416d9abcbb48b83f0d116c88aaa3907b27ca2fbd449a3a848e513e25abcce85549ca14693a4f8048121b042f7a03b8ead4b36255fe45a751dca68e763f973443a355c71bf270d41c35bdae9d165"}, 0x62d4) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg0\x00', 0x40200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="010325bd7040ffdbdf250a0000000c0002006e6c3830"], 0x20}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='('], 0x28}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810) io_uring_register$auto(0xffffffffffffffff, 0x1f, &(0x7f0000000180), 0x1) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/037/001\x00', 0x630001, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0) mmap$auto(0x9, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_setup$auto(0xffff, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/misc/vmci/power/runtime_active_time\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/mempolicy/weighted_interleave/node0\x00', 0xc2082, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x60800, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) sendfile$auto(r5, r4, 0x0, 0x1000202) ioctl$auto(0x3, 0x541b, 0x38) 6.287347998s ago: executing program 0 (id=3168): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 6.215464069s ago: executing program 1 (id=3169): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socket(0x5, 0x1, 0x2) setsockopt$auto(0x3, 0x0, 0xb, 0xffffffffffffffff, 0x0) mmap$auto(0x7ff, 0xb2c1, 0xfffffffffffffff2, 0x11, 0x401, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) io_uring_setup$auto(0x59, 0x0) socket(0xa, 0x80000, 0x84) socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram8/dev\x00', 0x488981, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x402, 0x0) write$auto(r1, 0x0, 0x98c7) openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000200), 0x2000, 0x0) ioctl$auto(0x3, 0x8000541b, 0x7f) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_GET_DAEMON(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001b80)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x40000) 5.908685673s ago: executing program 3 (id=3170): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5.292736644s ago: executing program 2 (id=3171): r0 = socket(0x2, 0x3, 0xa) connect$auto(r0, &(0x7f0000000080)=@l2tp={0x2, 0x0, @loopback}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(r0, 0x0, 0x400fffd, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) ioperm$auto(0x5, 0x4, 0x800005) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x10c942, 0x0) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_START_OLD(r2, 0x5420, 0x0) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) fcntl$auto(r3, 0x402, 0x2) ioctl$auto_SNDCTL_TMR_CONTINUE(r1, 0x5404, 0x0) io_uring_setup$auto(0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) semget$auto(0x0, 0x13c, 0x1ff) semtimedop$auto(0x0, 0x0, 0x1f4, 0x0) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x8000, 0x36ec}, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) 5.161712978s ago: executing program 1 (id=3172): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5.131657908s ago: executing program 0 (id=3173): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4.80530618s ago: executing program 3 (id=3174): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4.358906388s ago: executing program 2 (id=3175): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.322576469s ago: executing program 2 (id=3176): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.083114669s ago: executing program 1 (id=3177): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.704772603s ago: executing program 3 (id=3178): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.915322176s ago: executing program 0 (id=3179): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.393122439s ago: executing program 0 (id=3180): r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0xa44) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) bpf$auto_BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000280)=@test={r0, 0x5, 0xfffffffd, 0x8f1, 0xfffffffffffffff9, 0x6, 0x2, 0x7, 0x6, 0xad, 0x774b, 0x4, 0xfff, 0x5, 0xb948}, 0x5) socket(0x3, 0x3, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x408) lseek$auto(r3, 0x5, 0x0) getdents$auto(r2, &(0x7f00000003c0)={0x100, 0x8000000000000003, 0x4, "374e12ef58b11c1d4bdad3b8d6b36dd93f5721a0223599ce9a04ac7c02a3bc726d20f0193d6cb1ff75530f5895b917a0271b6d905670af4c9bc94814df8406475e9f496ec36339bc8065a868aa833221c75c8d47b89f5229bb8d4716f2e2da76636c845ac312d4f7977fdc15b5486766d4ab9fd4db2aa9f5d9bcc98416d9abcbb48b83f0d116c88aaa3907b27ca2fbd449a3a848e513e25abcce85549ca14693a4f8048121b042f7a03b8ead4b36255fe45a751dca68e763f973443a355c71bf270d41c35bdae9d165"}, 0x62d4) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg0\x00', 0x40200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="010325bd7040ffdbdf250a0000000c0002006e6c3830"], 0x20}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='('], 0x28}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810) io_uring_register$auto(0xffffffffffffffff, 0x1f, &(0x7f0000000180), 0x1) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/037/001\x00', 0x630001, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0) mmap$auto(0x9, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_setup$auto(0xffff, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/misc/vmci/power/runtime_active_time\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/mempolicy/weighted_interleave/node0\x00', 0xc2082, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x60800, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) sendfile$auto(r5, r4, 0x0, 0x1000202) ioctl$auto(0x3, 0x541b, 0x38) 1.321392103s ago: executing program 2 (id=3181): openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0x1, 0x8fd6, 0x948b, 0x3, 0x3392, 0x4, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x9, 0x6, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r2, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100000000000000000008000200", @ANYRES32=r2, @ANYBLOB="060006ff05000000080003009b"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.263318792s ago: executing program 1 (id=3182): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 797.108637ms ago: executing program 3 (id=3183): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1400", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 312.871267ms ago: executing program 1 (id=3184): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop1/queue/scheduler\x00', 0xa001, 0x0) r0 = socket(0x22, 0x2, 0x24) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(r1, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xfffffdef) shutdown$auto(0x200000003, 0x2) close_range$auto(0x2, 0x8, 0x0) getsockopt$auto(r0, 0x3, 0x1, 0x0, 0x0) r2 = socket(0x1e, 0x1, 0x0) bind$auto(r2, &(0x7f0000000040)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x40, 0x0, 0x2}}, 0x66) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), r4) sendmsg$auto_TASKSTATS_CMD_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010a2bbd7000fbdbdf25010000000e0004004e2d4e3a", @ANYRESHEX], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x20000000) r6 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000000c0), r3) sendmsg$auto_TIPC_NL_NET_SET(r3, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000040)={0x20, r6, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @uid=0xee00}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) r7 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r7, 0x29, 0x4d, 0x0, 0x20) 269.514015ms ago: executing program 2 (id=3185): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 153.596828ms ago: executing program 0 (id=3186): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 0s ago: executing program 3 (id=3187): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/console\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d26", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22000, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r1, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x1, 0x6020009, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x8003) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x7, &(0x7f0000000180), 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210004, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x6, 0x8, 0x3, 0xa, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, [0x3, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x200]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): fd47130508 [ 791.387537][T16260] [ 791.785541][T16267] netlink: 346 bytes leftover after parsing attributes in process `syz.2.2082'. [ 792.423752][T16279] netlink: 'syz.0.2085': attribute type 33 has an invalid length. [ 792.819774][T16293] synth uevent: /devices/virtual/tty/ptyc1: unknown uevent action string [ 792.845451][T16293] tty ptyc1: uevent: failed to send synthetic uevent: -22 [ 793.381735][T16306] synth uevent: /devices/virtual/tty/ptyc1: unknown uevent action string [ 793.451781][T16306] tty ptyc1: uevent: failed to send synthetic uevent: -22 [ 794.913165][T16319] netlink: 'syz.1.2099': attribute type 33 has an invalid length. [ 794.973090][T16325] netlink: 'syz.2.2100': attribute type 33 has an invalid length. [ 795.140954][T16335] synth uevent: /devices/virtual/tty/ptyc1: unknown uevent action string [ 795.150657][T16335] tty ptyc1: uevent: failed to send synthetic uevent: -22 [ 796.646586][T16363] FAULT_INJECTION: forcing a failure. [ 796.646586][T16363] name failslab, interval 1, probability 0, space 0, times 0 [ 796.673912][T16363] CPU: 1 UID: 0 PID: 16363 Comm: syz.0.2109 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 796.673960][T16363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 796.673981][T16363] Call Trace: [ 796.673992][T16363] [ 796.674005][T16363] dump_stack_lvl+0x16c/0x1f0 [ 796.674045][T16363] should_fail_ex+0x512/0x640 [ 796.674082][T16363] ? __kmalloc_noprof+0xbf/0x510 [ 796.674118][T16363] ? lsm_blob_alloc+0x68/0x90 [ 796.674156][T16363] should_failslab+0xc2/0x120 [ 796.674194][T16363] __kmalloc_noprof+0xd2/0x510 [ 796.674233][T16363] lsm_blob_alloc+0x68/0x90 [ 796.674273][T16363] security_prepare_creds+0x30/0x270 [ 796.674311][T16363] prepare_creds+0x56f/0x7d0 [ 796.674356][T16363] __do_sys_landlock_restrict_self+0x13e/0x910 [ 796.674402][T16363] ? rcu_is_watching+0x12/0xc0 [ 796.674433][T16363] do_syscall_64+0xcd/0x490 [ 796.674467][T16363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.674495][T16363] RIP: 0033:0x7fdae2d8ebe9 [ 796.674516][T16363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 796.674544][T16363] RSP: 002b:00007fdae3b23038 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 796.674572][T16363] RAX: ffffffffffffffda RBX: 00007fdae2fb6090 RCX: 00007fdae2d8ebe9 [ 796.674590][T16363] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000005 [ 796.674606][T16363] RBP: 00007fdae2e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 796.674622][T16363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 796.674637][T16363] R13: 00007fdae2fb6128 R14: 00007fdae2fb6090 R15: 00007ffd47130508 [ 796.674671][T16363] [ 796.985056][T16368] synth uevent: /devices/virtual/tty/ptyc1: unknown uevent action string [ 797.029585][T16368] tty ptyc1: uevent: failed to send synthetic uevent: -22 [ 798.643951][T16405] netlink: 'syz.0.2124': attribute type 16 has an invalid length. [ 798.683697][T16405] netlink: 'syz.0.2124': attribute type 17 has an invalid length. [ 798.725356][T16405] netlink: 'syz.0.2124': attribute type 19 has an invalid length. [ 798.747265][T16405] netlink: 'syz.0.2124': attribute type 27 has an invalid length. [ 798.783703][T16405] netlink: 'syz.0.2124': attribute type 28 has an invalid length. [ 798.814315][T16405] netlink: 'syz.0.2124': attribute type 29 has an invalid length. [ 798.814556][T16411] netlink: 'syz.1.2123': attribute type 33 has an invalid length. [ 798.844112][T16405] netlink: 'syz.0.2124': attribute type 30 has an invalid length. [ 798.865402][T16405] netlink: 'syz.0.2124': attribute type 31 has an invalid length. [ 798.904202][T16405] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2124'. [ 798.987191][T16402] netlink: 'syz.3.2122': attribute type 33 has an invalid length. [ 799.507745][T16422] FAULT_INJECTION: forcing a failure. [ 799.507745][T16422] name failslab, interval 1, probability 0, space 0, times 0 [ 799.523072][T16422] CPU: 0 UID: 0 PID: 16422 Comm: syz.0.2127 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 799.523119][T16422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 799.523138][T16422] Call Trace: [ 799.523149][T16422] [ 799.523161][T16422] dump_stack_lvl+0x16c/0x1f0 [ 799.523203][T16422] should_fail_ex+0x512/0x640 [ 799.523253][T16422] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 799.523292][T16422] should_failslab+0xc2/0x120 [ 799.523337][T16422] __kmalloc_cache_noprof+0x6a/0x3e0 [ 799.523373][T16422] ? single_open+0x4d/0x1f0 [ 799.523427][T16422] ? __pfx_show_smaps_rollup+0x10/0x10 [ 799.523468][T16422] single_open+0x4d/0x1f0 [ 799.523520][T16422] smaps_rollup_open+0x6f/0x170 [ 799.523559][T16422] do_dentry_open+0x97f/0x1530 [ 799.523601][T16422] ? __pfx_smaps_rollup_open+0x10/0x10 [ 799.523645][T16422] vfs_open+0x82/0x3f0 [ 799.523701][T16422] path_openat+0x1de4/0x2cb0 [ 799.523755][T16422] ? __pfx_path_openat+0x10/0x10 [ 799.523807][T16422] do_filp_open+0x20b/0x470 [ 799.523848][T16422] ? __pfx_do_filp_open+0x10/0x10 [ 799.523903][T16422] ? __pfx_kfree_link+0x10/0x10 [ 799.523962][T16422] ? alloc_fd+0x471/0x7d0 [ 799.524010][T16422] do_sys_openat2+0x11b/0x1d0 [ 799.524065][T16422] ? __pfx_do_sys_openat2+0x10/0x10 [ 799.524133][T16422] __x64_sys_openat+0x174/0x210 [ 799.524187][T16422] ? __pfx___x64_sys_openat+0x10/0x10 [ 799.524262][T16422] do_syscall_64+0xcd/0x490 [ 799.524304][T16422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.524339][T16422] RIP: 0033:0x7fdae2d8ebe9 [ 799.524366][T16422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 799.524399][T16422] RSP: 002b:00007fdae3b44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 799.524431][T16422] RAX: ffffffffffffffda RBX: 00007fdae2fb5fa0 RCX: 00007fdae2d8ebe9 [ 799.524453][T16422] RDX: 00000000001a3000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 799.524476][T16422] RBP: 00007fdae2e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 799.524497][T16422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 799.524517][T16422] R13: 00007fdae2fb6038 R14: 00007fdae2fb5fa0 R15: 00007ffd47130508 [ 799.524561][T16422] [ 799.828421][T16427] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2128'. [ 799.841982][T16427] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2128'. [ 799.854892][T16427] netlink: 290 bytes leftover after parsing attributes in process `syz.1.2128'. [ 799.892642][T16428] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2130'. [ 800.609789][T16446] FAULT_INJECTION: forcing a failure. [ 800.609789][T16446] name failslab, interval 1, probability 0, space 0, times 0 [ 800.622944][T16446] CPU: 0 UID: 0 PID: 16446 Comm: syz.2.2136 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 800.622989][T16446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 800.623007][T16446] Call Trace: [ 800.623017][T16446] [ 800.623027][T16446] dump_stack_lvl+0x116/0x1f0 [ 800.623065][T16446] should_fail_ex+0x512/0x640 [ 800.623106][T16446] should_failslab+0xc2/0x120 [ 800.623150][T16446] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 800.623189][T16446] ? __send_signal_locked+0x159/0x12c0 [ 800.623221][T16446] ? sig_get_ucounts+0x1c0/0x5b0 [ 800.623270][T16446] __send_signal_locked+0x159/0x12c0 [ 800.623308][T16446] send_sig+0xd7/0x170 [ 800.623343][T16446] ? __pfx_send_sig+0x10/0x10 [ 800.623389][T16446] ? __pfx_woken_wake_function+0x10/0x10 [ 800.623442][T16446] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 800.623486][T16446] sk_stream_error+0xb8/0x120 [ 800.623538][T16446] tcp_sendmsg_locked+0xe9e/0x42a0 [ 800.623595][T16446] ? __lock_acquire+0xb97/0x1ce0 [ 800.623652][T16446] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 800.623702][T16446] ? do_raw_spin_lock+0x12c/0x2b0 [ 800.623753][T16446] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 800.623813][T16446] ? __local_bh_enable_ip+0xa4/0x120 [ 800.623857][T16446] tcp_sendmsg+0x2e/0x50 [ 800.623897][T16446] ? __pfx_tcp_sendmsg+0x10/0x10 [ 800.623940][T16446] inet_sendmsg+0xb9/0x140 [ 800.623989][T16446] sock_write_iter+0x4aa/0x5b0 [ 800.624034][T16446] ? __pfx_sock_write_iter+0x10/0x10 [ 800.624093][T16446] ? bpf_lsm_file_permission+0x9/0x10 [ 800.624143][T16446] ? security_file_permission+0x71/0x210 [ 800.624183][T16446] ? rw_verify_area+0xcf/0x6c0 [ 800.624220][T16446] vfs_write+0x6c4/0x1150 [ 800.624258][T16446] ? __pfx_sock_write_iter+0x10/0x10 [ 800.624303][T16446] ? __pfx_vfs_write+0x10/0x10 [ 800.624336][T16446] ? find_held_lock+0x2b/0x80 [ 800.624403][T16446] ksys_write+0x1f8/0x250 [ 800.624441][T16446] ? __pfx_ksys_write+0x10/0x10 [ 800.624491][T16446] do_syscall_64+0xcd/0x490 [ 800.624531][T16446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.624565][T16446] RIP: 0033:0x7fd8ba58ebe9 [ 800.624590][T16446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 800.624640][T16446] RSP: 002b:00007fd8bb482038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 800.624670][T16446] RAX: ffffffffffffffda RBX: 00007fd8ba7b5fa0 RCX: 00007fd8ba58ebe9 [ 800.624692][T16446] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 800.624712][T16446] RBP: 00007fd8ba611e19 R08: 0000000000000000 R09: 0000000000000000 [ 800.624732][T16446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 800.624751][T16446] R13: 00007fd8ba7b6038 R14: 00007fd8ba7b5fa0 R15: 00007ffd539e8438 [ 800.624793][T16446] [ 802.307487][T16474] FAULT_INJECTION: forcing a failure. [ 802.307487][T16474] name fail_futex, interval 1, probability 0, space 0, times 0 [ 802.322257][T16474] CPU: 0 UID: 0 PID: 16474 Comm: syz.1.2143 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 802.322301][T16474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 802.322320][T16474] Call Trace: [ 802.322330][T16474] [ 802.322342][T16474] dump_stack_lvl+0x16c/0x1f0 [ 802.322382][T16474] should_fail_ex+0x512/0x640 [ 802.322427][T16474] get_futex_key+0xff0/0x1560 [ 802.322471][T16474] ? __pfx_get_futex_key+0x10/0x10 [ 802.322511][T16474] ? __mutex_trylock_common+0xe9/0x250 [ 802.322565][T16474] futex_wake+0xea/0x530 [ 802.322615][T16474] ? __pfx_futex_wake+0x10/0x10 [ 802.322680][T16474] do_futex+0x1e3/0x350 [ 802.322721][T16474] ? __pfx_do_futex+0x10/0x10 [ 802.322757][T16474] ? __might_fault+0xe3/0x190 [ 802.322806][T16474] mm_release+0x24e/0x300 [ 802.322842][T16474] do_exit+0x68e/0x2bf0 [ 802.322896][T16474] ? __pfx_do_exit+0x10/0x10 [ 802.322937][T16474] ? do_raw_spin_lock+0x12c/0x2b0 [ 802.322984][T16474] ? find_held_lock+0x2b/0x80 [ 802.323021][T16474] do_group_exit+0xd3/0x2a0 [ 802.323068][T16474] get_signal+0x2673/0x26d0 [ 802.323126][T16474] ? __pfx_get_signal+0x10/0x10 [ 802.323163][T16474] ? do_futex+0x122/0x350 [ 802.323204][T16474] ? __pfx_do_futex+0x10/0x10 [ 802.323249][T16474] arch_do_signal_or_restart+0x8f/0x790 [ 802.323294][T16474] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 802.323349][T16474] ? xfd_validate_state+0x61/0x180 [ 802.323396][T16474] ? __pfx___x64_sys_pread64+0x10/0x10 [ 802.323447][T16474] exit_to_user_mode_loop+0x84/0x110 [ 802.323497][T16474] do_syscall_64+0x3f6/0x490 [ 802.323537][T16474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.323569][T16474] RIP: 0033:0x7f85a498ebe9 [ 802.323593][T16474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 802.323622][T16474] RSP: 002b:00007f85a58a80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 802.323648][T16474] RAX: fffffffffffffe00 RBX: 00007f85a4bb6098 RCX: 00007f85a498ebe9 [ 802.323667][T16474] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f85a4bb6098 [ 802.323687][T16474] RBP: 00007f85a4bb6090 R08: 0000000000000000 R09: 0000000000000000 [ 802.323707][T16474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 802.323726][T16474] R13: 00007f85a4bb6128 R14: 00007ffd40fc3d60 R15: 00007ffd40fc3e48 [ 802.323769][T16474] [ 803.163442][T16495] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2150'. [ 804.759974][T16517] validate_nla: 4 callbacks suppressed [ 804.760001][T16517] netlink: 'syz.1.2158': attribute type 33 has an invalid length. [ 805.179869][T16529] netlink: 'syz.3.2160': attribute type 33 has an invalid length. [ 805.382795][T16533] serio: Serial port pty6 [ 806.436948][T16544] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2164'. [ 806.517996][T16544] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2164'. [ 808.305014][T16578] [U] [ 808.308393][T16578] [U] [ 808.311166][T16578] [U] [ 808.313923][T16578] [U] [ 808.343717][T16578] [U] [ 808.346525][T16578] [U] [ 808.349281][T16578] [U] [ 808.352036][T16578] [U] [ 808.415217][T16578] [U] [ 808.418046][T16578] [U] [ 808.420804][T16578] [U] [ 808.423563][T16578] [U] [ 808.513864][T16578] [U] [ 808.516679][T16578] [U] [ 808.519440][T16578] [U] [ 808.522201][T16578] [U] [ 808.606846][T16578] [U] [ 808.609702][T16578] [U] [ 808.612457][T16578] [U] [ 808.615218][T16578] [U] [ 808.756374][T16578] [U] [ 808.759208][T16578] [U] [ 808.761994][T16578] [U] [ 808.764744][T16578] [U] [ 808.820966][T16586] [U] [ 808.906159][T16587] netlink: 'syz.2.2177': attribute type 33 has an invalid length. [ 809.645276][T16601] netlink: 'syz.0.2180': attribute type 33 has an invalid length. [ 811.163811][T16635] netlink: 'syz.1.2189': attribute type 33 has an invalid length. [ 811.394981][T16639] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2193'. [ 811.489320][T16641] FAULT_INJECTION: forcing a failure. [ 811.489320][T16641] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 811.503525][T16641] CPU: 1 UID: 0 PID: 16641 Comm: syz.3.2194 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 811.503572][T16641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 811.503593][T16641] Call Trace: [ 811.503604][T16641] [ 811.503618][T16641] dump_stack_lvl+0x16c/0x1f0 [ 811.503661][T16641] should_fail_ex+0x512/0x640 [ 811.503707][T16641] should_fail_alloc_page+0xe7/0x130 [ 811.503756][T16641] prepare_alloc_pages+0x3c2/0x610 [ 811.503806][T16641] ? rcu_is_watching+0x12/0xc0 [ 811.503845][T16641] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 811.503894][T16641] ? rcu_is_watching+0x12/0xc0 [ 811.503928][T16641] ? trace_mm_page_alloc+0x11f/0x1a0 [ 811.503982][T16641] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 811.504024][T16641] ? lockdep_hardirqs_on+0x7c/0x110 [ 811.504069][T16641] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 811.504128][T16641] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 811.504169][T16641] ? __get_vm_area_node+0x1ca/0x330 [ 811.504220][T16641] ? __vmalloc_node_noprof+0xad/0xf0 [ 811.504249][T16641] ? __snd_dma_alloc_pages+0x50/0x90 [ 811.504279][T16641] ? snd_dma_alloc_dir_pages+0x151/0x240 [ 811.504309][T16641] ? do_alloc_pages+0x136/0x2d0 [ 811.504356][T16641] ? snd_pcm_lib_malloc_pages+0x3df/0x980 [ 811.504408][T16641] ? snd_pcm_hw_params+0x1656/0x1ba0 [ 811.504458][T16641] ? snd_pcm_kernel_ioctl+0x147/0x2e0 [ 811.504515][T16641] ? do_syscall_64+0xcd/0x490 [ 811.504550][T16641] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 811.504592][T16641] alloc_pages_bulk_noprof+0x71c/0x1410 [ 811.504632][T16641] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 811.504685][T16641] ? policy_nodemask+0xea/0x4e0 [ 811.504734][T16641] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 811.504778][T16641] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 811.504844][T16641] kasan_populate_vmalloc+0xf1/0x1f0 [ 811.504890][T16641] alloc_vmap_area+0x959/0x29c0 [ 811.504957][T16641] ? __pfx_alloc_vmap_area+0x10/0x10 [ 811.505018][T16641] __get_vm_area_node+0x1ca/0x330 [ 811.505085][T16641] __vmalloc_node_range_noprof+0x271/0x14b0 [ 811.505119][T16641] ? __snd_dma_alloc_pages+0x50/0x90 [ 811.505157][T16641] ? __pfx___mutex_trylock_common+0x10/0x10 [ 811.505213][T16641] ? __snd_dma_alloc_pages+0x50/0x90 [ 811.505242][T16641] ? rcu_is_watching+0x12/0xc0 [ 811.505275][T16641] ? trace_contention_end+0xdd/0x130 [ 811.505323][T16641] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 811.505359][T16641] ? __mutex_unlock_slowpath+0x163/0x800 [ 811.505400][T16641] ? __snd_dma_alloc_pages+0x50/0x90 [ 811.505427][T16641] __vmalloc_node_noprof+0xad/0xf0 [ 811.505457][T16641] ? __snd_dma_alloc_pages+0x50/0x90 [ 811.505484][T16641] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 811.505519][T16641] __snd_dma_alloc_pages+0x50/0x90 [ 811.505549][T16641] snd_dma_alloc_dir_pages+0x151/0x240 [ 811.505587][T16641] do_alloc_pages+0x136/0x2d0 [ 811.505644][T16641] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 811.505706][T16641] snd_pcm_hw_params+0x1656/0x1ba0 [ 811.505766][T16641] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 811.505817][T16641] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 811.505870][T16641] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 811.505917][T16641] ? __asan_memset+0x23/0x50 [ 811.505951][T16641] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 811.506004][T16641] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 811.506079][T16641] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 811.506126][T16641] ? __pfx___mutex_lock+0x10/0x10 [ 811.506182][T16641] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 811.506226][T16641] snd_pcm_oss_set_trigger.isra.0+0x32/0x6b0 [ 811.506276][T16641] snd_pcm_oss_ioctl+0x1d0f/0x37a0 [ 811.506318][T16641] ? find_held_lock+0x2b/0x80 [ 811.506345][T16641] ? hook_file_ioctl_common+0x145/0x410 [ 811.506381][T16641] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 811.506426][T16641] ? __fget_files+0x20e/0x3c0 [ 811.506464][T16641] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 811.506508][T16641] __x64_sys_ioctl+0x18e/0x210 [ 811.506557][T16641] do_syscall_64+0xcd/0x490 [ 811.506591][T16641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 811.506621][T16641] RIP: 0033:0x7fe1ee38ebe9 [ 811.506644][T16641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 811.506673][T16641] RSP: 002b:00007fe1ef2d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 811.506700][T16641] RAX: ffffffffffffffda RBX: 00007fe1ee5b5fa0 RCX: 00007fe1ee38ebe9 [ 811.506720][T16641] RDX: 0000200000000040 RSI: 0000000040045010 RDI: 0000000000000006 [ 811.506739][T16641] RBP: 00007fe1ee411e19 R08: 0000000000000000 R09: 0000000000000000 [ 811.506756][T16641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 811.506774][T16641] R13: 00007fe1ee5b6038 R14: 00007fe1ee5b5fa0 R15: 00007ffcca706578 [ 811.506814][T16641] [ 811.987855][T16641] syz.3.2194: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 812.047069][T16641] CPU: 1 UID: 0 PID: 16641 Comm: syz.3.2194 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 812.047120][T16641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 812.047141][T16641] Call Trace: [ 812.047153][T16641] [ 812.047166][T16641] dump_stack_lvl+0x16c/0x1f0 [ 812.047208][T16641] warn_alloc+0x248/0x3a0 [ 812.047252][T16641] ? __pfx_warn_alloc+0x10/0x10 [ 812.047296][T16641] ? kfree+0x2b4/0x4d0 [ 812.047338][T16641] ? __get_vm_area_node+0x208/0x330 [ 812.047397][T16641] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 812.047436][T16641] ? __pfx___mutex_trylock_common+0x10/0x10 [ 812.047488][T16641] ? __snd_dma_alloc_pages+0x50/0x90 [ 812.047519][T16641] ? rcu_is_watching+0x12/0xc0 [ 812.047552][T16641] ? trace_contention_end+0xdd/0x130 [ 812.047602][T16641] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 812.047642][T16641] ? __mutex_unlock_slowpath+0x163/0x800 [ 812.047686][T16641] ? __snd_dma_alloc_pages+0x50/0x90 [ 812.047716][T16641] __vmalloc_node_noprof+0xad/0xf0 [ 812.047746][T16641] ? __snd_dma_alloc_pages+0x50/0x90 [ 812.047774][T16641] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 812.047810][T16641] __snd_dma_alloc_pages+0x50/0x90 [ 812.047843][T16641] snd_dma_alloc_dir_pages+0x151/0x240 [ 812.047879][T16641] do_alloc_pages+0x136/0x2d0 [ 812.047935][T16641] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 812.047994][T16641] snd_pcm_hw_params+0x1656/0x1ba0 [ 812.048061][T16641] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 812.048112][T16641] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 812.048163][T16641] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 812.048210][T16641] ? __asan_memset+0x23/0x50 [ 812.048248][T16641] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 812.048303][T16641] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 812.048371][T16641] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 812.048423][T16641] ? __pfx___mutex_lock+0x10/0x10 [ 812.048494][T16641] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 812.048546][T16641] snd_pcm_oss_set_trigger.isra.0+0x32/0x6b0 [ 812.048603][T16641] snd_pcm_oss_ioctl+0x1d0f/0x37a0 [ 812.048650][T16641] ? find_held_lock+0x2b/0x80 [ 812.048683][T16641] ? hook_file_ioctl_common+0x145/0x410 [ 812.048723][T16641] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 812.048776][T16641] ? __fget_files+0x20e/0x3c0 [ 812.048821][T16641] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 812.048870][T16641] __x64_sys_ioctl+0x18e/0x210 [ 812.048926][T16641] do_syscall_64+0xcd/0x490 [ 812.048966][T16641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.049007][T16641] RIP: 0033:0x7fe1ee38ebe9 [ 812.049035][T16641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 812.049068][T16641] RSP: 002b:00007fe1ef2d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 812.049101][T16641] RAX: ffffffffffffffda RBX: 00007fe1ee5b5fa0 RCX: 00007fe1ee38ebe9 [ 812.049124][T16641] RDX: 0000200000000040 RSI: 0000000040045010 RDI: 0000000000000006 [ 812.049145][T16641] RBP: 00007fe1ee411e19 R08: 0000000000000000 R09: 0000000000000000 [ 812.049165][T16641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 812.049185][T16641] R13: 00007fe1ee5b6038 R14: 00007fe1ee5b5fa0 R15: 00007ffcca706578 [ 812.049229][T16641] [ 812.049265][T16641] Mem-Info: [ 812.341115][T16641] active_anon:13227 inactive_anon:24 isolated_anon:0 [ 812.341115][T16641] active_file:8390 inactive_file:45625 isolated_file:0 [ 812.341115][T16641] unevictable:768 dirty:710 writeback:0 [ 812.341115][T16641] slab_reclaimable:11408 slab_unreclaimable:93540 [ 812.341115][T16641] mapped:25355 shmem:1376 pagetables:1163 [ 812.341115][T16641] sec_pagetables:0 bounce:0 [ 812.341115][T16641] kernel_misc_reclaimable:0 [ 812.341115][T16641] free:1321818 free_pcp:14551 free_cma:0 [ 812.432020][T16641] Node 0 active_anon:52832kB inactive_anon:96kB active_file:33560kB inactive_file:182372kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101508kB dirty:2844kB writeback:0kB shmem:3960kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11120kB pagetables:4500kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 812.466045][T16641] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 812.496207][T16641] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 812.525277][T16641] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 812.531116][T16641] Node 0 DMA32 free:1380028kB boost:0kB min:34320kB low:42900kB high:51480kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52784kB inactive_anon:96kB active_file:33540kB inactive_file:181080kB unevictable:1536kB writepending:2844kB present:3129332kB managed:2539672kB mlocked:0kB bounce:0kB free_pcp:48908kB local_pcp:19120kB free_cma:0kB [ 812.565445][T16641] lowmem_reserve[]: 0 0 1 1 1 [ 812.570270][T16641] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:20kB inactive_file:1292kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:8kB free_cma:0kB [ 812.600340][T16645] netlink: 'syz.1.2195': attribute type 33 has an invalid length. [ 812.605923][T16641] lowmem_reserve[]: 0 0 0 0 0 [ 812.615663][T16641] Node 1 Normal free:3895832kB boost:0kB min:55560kB low:69448kB high:83336kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:6724kB local_pcp:4288kB free_cma:0kB [ 812.652167][T16641] lowmem_reserve[]: 0 0 0 0 0 [ 812.658765][T16641] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 812.672120][T16641] Node 0 DMA32: 2357*4kB (UME) 1534*8kB (UME) 1130*16kB (UME) 997*32kB (UME) 389*64kB (UME) 309*128kB (UME) 167*256kB (UM) 88*512kB (UM) 45*1024kB (UME) 2*2048kB (U) 270*4096kB (UM) = 1380036kB [ 812.700239][T16641] Node 0 Normal: 0*4kB 2*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 812.713961][T16641] Node 1 Normal: 222*4kB (UME) 52*8kB (UME) 48*16kB (UME) 280*32kB (UME) 118*64kB (UME) 23*128kB (UM) 8*256kB (UM) 3*512kB (UM) 2*1024kB (ME) 1*2048kB (E) 944*4096kB (M) = 3895832kB [ 812.734838][T16641] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 812.750253][T16641] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 812.763811][T16641] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 812.774761][T16641] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 812.816088][T16641] 55410 total pagecache pages [ 812.821076][T16641] 23 pages in swap cache [ 812.827620][T16641] Free swap = 124596kB [ 812.870319][T16641] Total swap = 124996kB [ 812.880393][T16641] 2097051 pages RAM [ 812.884265][T16641] 0 pages HighMem/MovableOnly [ 812.895730][T16641] 430171 pages reserved [ 812.902963][T16641] 0 pages cma reserved [ 813.368707][T16650] netlink: 306 bytes leftover after parsing attributes in process `syz.0.2197'. [ 814.427233][T16678] netlink: 'syz.2.2203': attribute type 33 has an invalid length. [ 817.954624][T16727] sp0: Synchronizing with TNC [ 819.033200][T16748] : Can't lookup blockdev [ 819.085058][T16748] FAULT_INJECTION: forcing a failure. [ 819.085058][T16748] name failslab, interval 1, probability 0, space 0, times 0 [ 819.155425][T16748] CPU: 0 UID: 0 PID: 16748 Comm: syz.2.2225 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 819.155475][T16748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 819.155496][T16748] Call Trace: [ 819.155507][T16748] [ 819.155519][T16748] dump_stack_lvl+0x16c/0x1f0 [ 819.155562][T16748] should_fail_ex+0x512/0x640 [ 819.155600][T16748] ? __kmalloc_noprof+0xbf/0x510 [ 819.155642][T16748] ? snd_pcm_plugin_build+0x64/0x650 [ 819.155689][T16748] should_failslab+0xc2/0x120 [ 819.155732][T16748] __kmalloc_noprof+0xd2/0x510 [ 819.155778][T16748] snd_pcm_plugin_build+0x64/0x650 [ 819.155831][T16748] snd_pcm_plugin_build_io+0x207/0x5f0 [ 819.155885][T16748] ? __pfx_snd_pcm_plugin_build_io+0x10/0x10 [ 819.155937][T16748] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 819.155998][T16748] snd_pcm_oss_change_params_locked+0x2e62/0x3a30 [ 819.156065][T16748] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 819.156157][T16748] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 819.156213][T16748] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 819.156262][T16748] ? hook_file_ioctl_common+0x145/0x410 [ 819.156302][T16748] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 819.156353][T16748] ? __fget_files+0x20e/0x3c0 [ 819.156394][T16748] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 819.156442][T16748] __x64_sys_ioctl+0x18e/0x210 [ 819.156496][T16748] do_syscall_64+0xcd/0x490 [ 819.156533][T16748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.156565][T16748] RIP: 0033:0x7fd8ba58ebe9 [ 819.156591][T16748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 819.156623][T16748] RSP: 002b:00007fd8bb482038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 819.156655][T16748] RAX: ffffffffffffffda RBX: 00007fd8ba7b5fa0 RCX: 00007fd8ba58ebe9 [ 819.156675][T16748] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000006 [ 819.156695][T16748] RBP: 00007fd8ba611e19 R08: 0000000000000000 R09: 0000000000000000 [ 819.156714][T16748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 819.156733][T16748] R13: 00007fd8ba7b6038 R14: 00007fd8ba7b5fa0 R15: 00007ffd539e8438 [ 819.156775][T16748] [ 819.401306][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 819.409050][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 819.646207][T16752] netlink: 'syz.0.2224': attribute type 33 has an invalid length. [ 820.553588][T16761] FAULT_INJECTION: forcing a failure. [ 820.553588][T16761] name failslab, interval 1, probability 0, space 0, times 0 [ 820.605454][T16761] CPU: 0 UID: 0 PID: 16761 Comm: syz.2.2227 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 820.605504][T16761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 820.605525][T16761] Call Trace: [ 820.605537][T16761] [ 820.605551][T16761] dump_stack_lvl+0x16c/0x1f0 [ 820.605595][T16761] should_fail_ex+0x512/0x640 [ 820.605635][T16761] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 820.605686][T16761] should_failslab+0xc2/0x120 [ 820.605733][T16761] __kmalloc_cache_noprof+0x6a/0x3e0 [ 820.605771][T16761] ? sctp_auth_init+0x30d/0x570 [ 820.605822][T16761] sctp_auth_init+0x30d/0x570 [ 820.605865][T16761] sctp_setsockopt+0xa371/0xb870 [ 820.605917][T16761] ? __pfx_sctp_setsockopt+0x10/0x10 [ 820.605961][T16761] ? find_held_lock+0x2b/0x80 [ 820.605998][T16761] ? aa_sock_opt_perm+0xfd/0x1c0 [ 820.606047][T16761] ? sock_common_setsockopt+0x2e/0xf0 [ 820.606087][T16761] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 820.606136][T16761] do_sock_setsockopt+0xf0/0x1d0 [ 820.606184][T16761] __sys_setsockopt+0x120/0x1a0 [ 820.606226][T16761] __x64_sys_setsockopt+0xbd/0x160 [ 820.606258][T16761] ? do_syscall_64+0x91/0x490 [ 820.606294][T16761] ? lockdep_hardirqs_on+0x7c/0x110 [ 820.606328][T16761] do_syscall_64+0xcd/0x490 [ 820.606369][T16761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 820.606402][T16761] RIP: 0033:0x7fd8ba58ebe9 [ 820.606429][T16761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 820.606478][T16761] RSP: 002b:00007fd8bb482038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 820.606510][T16761] RAX: ffffffffffffffda RBX: 00007fd8ba7b5fa0 RCX: 00007fd8ba58ebe9 [ 820.606532][T16761] RDX: 0000000000000081 RSI: 0000010000000084 RDI: 0000000000000003 [ 820.606553][T16761] RBP: 00007fd8ba611e19 R08: 0000000000000008 R09: 0000000000000000 [ 820.606573][T16761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 820.606592][T16761] R13: 00007fd8ba7b6038 R14: 00007fd8ba7b5fa0 R15: 00007ffd539e8438 [ 820.606636][T16761] [ 820.957514][T16769] netlink: 'syz.3.2230': attribute type 33 has an invalid length. [ 822.132620][T16783] netlink: 'syz.2.2234': attribute type 33 has an invalid length. [ 823.209825][T16799] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2238'. [ 825.362220][T16821] FAULT_INJECTION: forcing a failure. [ 825.362220][T16821] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 825.393718][T16821] CPU: 0 UID: 0 PID: 16821 Comm: syz.1.2246 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 825.393770][T16821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 825.393791][T16821] Call Trace: [ 825.393802][T16821] [ 825.393815][T16821] dump_stack_lvl+0x16c/0x1f0 [ 825.393860][T16821] should_fail_ex+0x512/0x640 [ 825.393907][T16821] _copy_to_iter+0x463/0x16f0 [ 825.393966][T16821] ? __pfx__copy_to_iter+0x10/0x10 [ 825.394021][T16821] ? snd_pcm_substream_proc_hw_params_read+0x4f0/0xb20 [ 825.394077][T16821] ? seq_read_iter+0x826/0x12c0 [ 825.394119][T16821] seq_read_iter+0xcf8/0x12c0 [ 825.394172][T16821] seq_read+0x39e/0x4e0 [ 825.394204][T16821] ? __pfx_seq_read+0x10/0x10 [ 825.394265][T16821] ? __pfx_seq_read+0x10/0x10 [ 825.394296][T16821] proc_reg_read+0x240/0x330 [ 825.394341][T16821] ? __pfx_proc_reg_read+0x10/0x10 [ 825.394397][T16821] vfs_read+0x1e4/0xc60 [ 825.394443][T16821] ? __pfx___mutex_lock+0x10/0x10 [ 825.394482][T16821] ? __pfx_vfs_read+0x10/0x10 [ 825.394534][T16821] ? __fget_files+0x20e/0x3c0 [ 825.394584][T16821] ksys_read+0x12a/0x250 [ 825.394623][T16821] ? __pfx_ksys_read+0x10/0x10 [ 825.394674][T16821] do_syscall_64+0xcd/0x490 [ 825.394715][T16821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.394748][T16821] RIP: 0033:0x7f85a498ebe9 [ 825.394775][T16821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 825.394809][T16821] RSP: 002b:00007f85a58c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 825.394841][T16821] RAX: ffffffffffffffda RBX: 00007f85a4bb5fa0 RCX: 00007f85a498ebe9 [ 825.394863][T16821] RDX: 0000000000000041 RSI: 0000200000000200 RDI: 0000000000000003 [ 825.394882][T16821] RBP: 00007f85a4a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 825.394902][T16821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 825.394921][T16821] R13: 00007f85a4bb6038 R14: 00007f85a4bb5fa0 R15: 00007ffd40fc3e48 [ 825.394964][T16821] [ 826.108832][T16812] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 827.218315][T16844] netlink: 'syz.1.2250': attribute type 33 has an invalid length. [ 827.380969][T16850] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2252'. [ 827.438539][T16851] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2252'. [ 828.026442][T16858] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2255'. [ 828.134478][T16860] netlink: 'syz.3.2254': attribute type 33 has an invalid length. [ 828.489750][T16864] FAULT_INJECTION: forcing a failure. [ 828.489750][T16864] name failslab, interval 1, probability 0, space 0, times 0 [ 828.524303][T16864] CPU: 0 UID: 0 PID: 16864 Comm: syz.0.2256 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 828.524352][T16864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 828.524373][T16864] Call Trace: [ 828.524384][T16864] [ 828.524397][T16864] dump_stack_lvl+0x16c/0x1f0 [ 828.524440][T16864] should_fail_ex+0x512/0x640 [ 828.524482][T16864] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 828.524523][T16864] should_failslab+0xc2/0x120 [ 828.524570][T16864] __kmalloc_cache_noprof+0x6a/0x3e0 [ 828.524605][T16864] ? ww_mutex_lock+0x37/0x160 [ 828.524642][T16864] ? vkms_plane_duplicate_state+0x45/0x130 [ 828.524689][T16864] ? modeset_lock+0x114/0x6e0 [ 828.524735][T16864] vkms_plane_duplicate_state+0x45/0x130 [ 828.524784][T16864] drm_atomic_get_plane_state+0x20b/0x590 [ 828.524837][T16864] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 828.524891][T16864] ? __pfx___might_resched+0x10/0x10 [ 828.524939][T16864] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 828.525000][T16864] ? __mutex_lock+0x1c4/0x10b0 [ 828.525035][T16864] ? rcu_is_watching+0x12/0xc0 [ 828.525115][T16864] drm_client_modeset_commit_locked+0x14d/0x580 [ 828.525176][T16864] drm_client_modeset_commit+0x4f/0x80 [ 828.525231][T16864] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 828.525284][T16864] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 828.525327][T16864] drm_fbdev_client_restore+0x2c/0x40 [ 828.525366][T16864] drm_client_dev_restore+0x1f3/0x2a0 [ 828.525424][T16864] drm_release+0x2c4/0x360 [ 828.525475][T16864] ? __pfx_drm_release+0x10/0x10 [ 828.525520][T16864] __fput+0x3ff/0xb70 [ 828.525572][T16864] task_work_run+0x150/0x240 [ 828.525627][T16864] ? __pfx_task_work_run+0x10/0x10 [ 828.525681][T16864] ? __pfx___do_sys_close_range+0x10/0x10 [ 828.525732][T16864] exit_to_user_mode_loop+0xeb/0x110 [ 828.525785][T16864] do_syscall_64+0x3f6/0x490 [ 828.525826][T16864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.525859][T16864] RIP: 0033:0x7fdae2d8ebe9 [ 828.525887][T16864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 828.525921][T16864] RSP: 002b:00007fdae3b44038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 828.525953][T16864] RAX: 0000000000000000 RBX: 00007fdae2fb5fa0 RCX: 00007fdae2d8ebe9 [ 828.525974][T16864] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 828.526003][T16864] RBP: 00007fdae2e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 828.526024][T16864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 828.526043][T16864] R13: 00007fdae2fb6038 R14: 00007fdae2fb5fa0 R15: 00007ffd47130508 [ 828.526089][T16864] [ 829.681536][T16875] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2261'. [ 829.695515][T16874] ima: policy update failed [ 829.702131][ T31] audit: type=1802 audit(1843105118.080:8): pid=16874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2261" res=0 errno=0 [ 832.028623][T16910] FAULT_INJECTION: forcing a failure. [ 832.028623][T16910] name failslab, interval 1, probability 0, space 0, times 0 [ 832.068827][T16910] CPU: 0 UID: 0 PID: 16910 Comm: syz.2.2273 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 832.068876][T16910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 832.068897][T16910] Call Trace: [ 832.068908][T16910] [ 832.068921][T16910] dump_stack_lvl+0x16c/0x1f0 [ 832.068964][T16910] should_fail_ex+0x512/0x640 [ 832.069004][T16910] ? __kmalloc_noprof+0xbf/0x510 [ 832.069048][T16910] ? kvm_io_bus_register_dev+0x1b9/0x7f0 [ 832.069083][T16910] should_failslab+0xc2/0x120 [ 832.069128][T16910] __kmalloc_noprof+0xd2/0x510 [ 832.069179][T16910] kvm_io_bus_register_dev+0x1b9/0x7f0 [ 832.069228][T16910] kvm_pic_init+0x22f/0x380 [ 832.069264][T16910] kvm_arch_vm_ioctl+0x8a4/0x1860 [ 832.069308][T16910] ? register_lock_class+0x41/0x4c0 [ 832.069353][T16910] ? find_held_lock+0x2b/0x80 [ 832.069387][T16910] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 832.069439][T16910] ? __lock_acquire+0x62e/0x1ce0 [ 832.069492][T16910] ? __lock_acquire+0x62e/0x1ce0 [ 832.069555][T16910] ? __lock_acquire+0x62e/0x1ce0 [ 832.069609][T16910] ? __lock_acquire+0x62e/0x1ce0 [ 832.069681][T16910] ? is_bpf_text_address+0x8a/0x1a0 [ 832.069723][T16910] ? bpf_ksym_find+0x124/0x1c0 [ 832.069755][T16910] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 832.069796][T16910] ? is_bpf_text_address+0x94/0x1a0 [ 832.069838][T16910] ? kernel_text_address+0x8d/0x100 [ 832.069868][T16910] ? __kernel_text_address+0xd/0x40 [ 832.069896][T16910] ? unwind_get_return_address+0x59/0xa0 [ 832.069930][T16910] ? arch_stack_walk+0xa6/0x100 [ 832.069984][T16910] ? stack_trace_save+0x8e/0xc0 [ 832.070020][T16910] ? __pfx_stack_trace_save+0x10/0x10 [ 832.070058][T16910] ? stack_depot_save_flags+0x29/0x9c0 [ 832.070097][T16910] ? __lock_acquire+0xb97/0x1ce0 [ 832.070140][T16910] ? __entry_text_end+0xa2bc7/0x1020b9 [ 832.070184][T16910] ? kasan_save_stack+0x42/0x60 [ 832.070219][T16910] ? kasan_save_stack+0x33/0x60 [ 832.070256][T16910] ? kasan_save_track+0x14/0x30 [ 832.070292][T16910] ? kasan_save_free_info+0x3b/0x60 [ 832.070319][T16910] ? __kasan_slab_free+0x60/0x70 [ 832.070357][T16910] ? kfree+0x2b4/0x4d0 [ 832.070392][T16910] kvm_vm_ioctl+0x1a91/0x4000 [ 832.070439][T16910] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 832.070499][T16910] ? kasan_quarantine_put+0x10a/0x240 [ 832.070536][T16910] ? lockdep_hardirqs_on+0x7c/0x110 [ 832.070586][T16910] ? find_held_lock+0x2b/0x80 [ 832.070621][T16910] ? tomoyo_path_number_perm+0x295/0x580 [ 832.070664][T16910] ? tomoyo_path_number_perm+0x18d/0x580 [ 832.070703][T16910] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 832.070754][T16910] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 832.070806][T16910] ? do_vfs_ioctl+0x128/0x14f0 [ 832.070861][T16910] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 832.070924][T16910] ? find_held_lock+0x2b/0x80 [ 832.070957][T16910] ? hook_file_ioctl_common+0x145/0x410 [ 832.071005][T16910] ? __fget_files+0x20e/0x3c0 [ 832.071050][T16910] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 832.071084][T16910] __x64_sys_ioctl+0x18e/0x210 [ 832.071138][T16910] do_syscall_64+0xcd/0x490 [ 832.071177][T16910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.071211][T16910] RIP: 0033:0x7fd8ba58ebe9 [ 832.071238][T16910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 832.071269][T16910] RSP: 002b:00007fd8bb482038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 832.071299][T16910] RAX: ffffffffffffffda RBX: 00007fd8ba7b5fa0 RCX: 00007fd8ba58ebe9 [ 832.071320][T16910] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 832.071340][T16910] RBP: 00007fd8ba611e19 R08: 0000000000000000 R09: 0000000000000000 [ 832.071360][T16910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 832.071380][T16910] R13: 00007fd8ba7b6038 R14: 00007fd8ba7b5fa0 R15: 00007ffd539e8438 [ 832.071422][T16910] [ 832.699987][T16908] TCP: TCP_TX_DELAY enabled [ 832.888357][T16915] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2275'. [ 833.617512][T16928] zswap: compressor 000 not available [ 833.687807][T16937] Invalid ELF header magic: != ELF [ 834.233315][T16952] netlink: 'syz.3.2285': attribute type 33 has an invalid length. [ 834.253130][T16956] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2288'. [ 834.544023][ T5877] Bluetooth: hci3: unexpected subevent 0x0c length: 0 < 5 [ 835.994783][T16976] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2294'. [ 836.816962][T16991] netlink: 'syz.0.2299': attribute type 33 has an invalid length. [ 838.139044][T17013] netlink: 'syz.2.2302': attribute type 33 has an invalid length. [ 838.307589][T17015] FAULT_INJECTION: forcing a failure. [ 838.307589][T17015] name failslab, interval 1, probability 0, space 0, times 0 [ 838.354941][T17015] CPU: 0 UID: 0 PID: 17015 Comm: syz.3.2305 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 838.354988][T17015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 838.355008][T17015] Call Trace: [ 838.355019][T17015] [ 838.355031][T17015] dump_stack_lvl+0x16c/0x1f0 [ 838.355072][T17015] should_fail_ex+0x512/0x640 [ 838.355114][T17015] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 838.355160][T17015] should_failslab+0xc2/0x120 [ 838.355209][T17015] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 838.355254][T17015] ? sock_alloc_inode+0x25/0x1c0 [ 838.355304][T17015] ? __pfx_sock_alloc_inode+0x10/0x10 [ 838.355346][T17015] sock_alloc_inode+0x25/0x1c0 [ 838.355389][T17015] alloc_inode+0x61/0x240 [ 838.355440][T17015] sock_alloc+0x40/0x280 [ 838.355481][T17015] sock_create_lite+0x82/0x120 [ 838.355537][T17015] __netlink_kernel_create+0xbd/0x750 [ 838.355579][T17015] ? __pfx___netlink_kernel_create+0x10/0x10 [ 838.355635][T17015] uevent_net_init+0xf8/0x350 [ 838.355680][T17015] ? __pfx_uevent_net_init+0x10/0x10 [ 838.355726][T17015] ? __pfx_uevent_net_rcv+0x10/0x10 [ 838.355784][T17015] ? __pfx_uevent_net_init+0x10/0x10 [ 838.355826][T17015] ops_init+0x1df/0x5f0 [ 838.355868][T17015] setup_net+0x10f/0x380 [ 838.355903][T17015] ? lockdep_init_map_type+0x5c/0x280 [ 838.355949][T17015] ? __pfx_setup_net+0x10/0x10 [ 838.355989][T17015] ? debug_mutex_init+0x37/0x70 [ 838.356027][T17015] copy_net_ns+0x2a6/0x5f0 [ 838.356072][T17015] create_new_namespaces+0x3ea/0xa90 [ 838.356120][T17015] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 838.356164][T17015] ksys_unshare+0x45b/0xa40 [ 838.356211][T17015] ? __pfx_ksys_unshare+0x10/0x10 [ 838.356255][T17015] ? xfd_validate_state+0x61/0x180 [ 838.356317][T17015] __x64_sys_unshare+0x31/0x40 [ 838.356361][T17015] do_syscall_64+0xcd/0x490 [ 838.356401][T17015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.356434][T17015] RIP: 0033:0x7fe1ee38ebe9 [ 838.356460][T17015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 838.356492][T17015] RSP: 002b:00007fe1ef2d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 838.356533][T17015] RAX: ffffffffffffffda RBX: 00007fe1ee5b5fa0 RCX: 00007fe1ee38ebe9 [ 838.356555][T17015] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 838.356577][T17015] RBP: 00007fe1ee411e19 R08: 0000000000000000 R09: 0000000000000000 [ 838.356597][T17015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 838.356617][T17015] R13: 00007fe1ee5b6038 R14: 00007fe1ee5b5fa0 R15: 00007ffcca706578 [ 838.356661][T17015] [ 838.629978][T17015] kobject_uevent: unable to create netlink socket! [ 839.564832][T17027] FAULT_INJECTION: forcing a failure. [ 839.564832][T17027] name fail_futex, interval 1, probability 0, space 0, times 0 [ 839.655524][T17027] CPU: 1 UID: 1 PID: 17027 Comm: syz.3.2308 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 839.655572][T17027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 839.655591][T17027] Call Trace: [ 839.655603][T17027] [ 839.655667][T17027] dump_stack_lvl+0x16c/0x1f0 [ 839.655710][T17027] should_fail_ex+0x512/0x640 [ 839.655756][T17027] get_futex_key+0x1d0/0x1560 [ 839.655803][T17027] ? __pfx_get_futex_key+0x10/0x10 [ 839.655864][T17027] futex_wait_setup+0x9d/0x550 [ 839.655926][T17027] __futex_wait+0x194/0x2f0 [ 839.655977][T17027] ? __pfx___futex_wait+0x10/0x10 [ 839.656033][T17027] ? __pfx_futex_wake_mark+0x10/0x10 [ 839.656090][T17027] ? futex_private_hash_put+0x176/0x300 [ 839.656135][T17027] ? futex_private_hash_put+0x18a/0x300 [ 839.656178][T17027] futex_wait+0xe8/0x380 [ 839.656225][T17027] ? __pfx_futex_wait+0x10/0x10 [ 839.656280][T17027] ? __lock_acquire+0xb97/0x1ce0 [ 839.656335][T17027] do_futex+0x229/0x350 [ 839.656379][T17027] ? __pfx_do_futex+0x10/0x10 [ 839.656433][T17027] __x64_sys_futex+0x1e0/0x4c0 [ 839.656479][T17027] ? __pfx___x64_sys_open_tree_attr+0x10/0x10 [ 839.656530][T17027] ? __pfx___x64_sys_futex+0x10/0x10 [ 839.656574][T17027] ? xfd_validate_state+0x61/0x180 [ 839.656630][T17027] ? up_write+0x1b2/0x520 [ 839.656692][T17027] do_syscall_64+0xcd/0x490 [ 839.656733][T17027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 839.656768][T17027] RIP: 0033:0x7fe1ee38ebe9 [ 839.656794][T17027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 839.656827][T17027] RSP: 002b:00007fe1ef2b60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 839.656871][T17027] RAX: ffffffffffffffda RBX: 00007fe1ee5b6098 RCX: 00007fe1ee38ebe9 [ 839.656892][T17027] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe1ee5b6098 [ 839.656938][T17027] RBP: 00007fe1ee5b6090 R08: 0000000000000000 R09: 0000000000000000 [ 839.656959][T17027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 839.656979][T17027] R13: 00007fe1ee5b6128 R14: 00007ffcca706490 R15: 00007ffcca706578 [ 839.657021][T17027] [ 839.716440][T17037] vmstat_refresh: nr_hugetlb -2560 [ 840.338259][T17046] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2312'. [ 840.354996][T17046] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2312'. [ 841.829149][T17066] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2318'. [ 842.500771][T17081] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 843.565730][T17096] netlink: 'syz.2.2324': attribute type 33 has an invalid length. [ 844.574795][T17116] netlink: 'syz.2.2329': attribute type 33 has an invalid length. [ 844.708412][T17119] nbd: couldn't find device at index 33904 [ 844.956384][T17123] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2331'. [ 845.008609][T17118] FAULT_INJECTION: forcing a failure. [ 845.008609][T17118] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 845.025383][T17123] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2331'. [ 845.035528][T17118] CPU: 0 UID: 0 PID: 17118 Comm: syz.0.2327 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 845.035572][T17118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 845.035591][T17118] Call Trace: [ 845.035602][T17118] [ 845.035613][T17118] dump_stack_lvl+0x16c/0x1f0 [ 845.035652][T17118] should_fail_ex+0x512/0x640 [ 845.035700][T17118] should_fail_alloc_page+0xe7/0x130 [ 845.035748][T17118] prepare_alloc_pages+0x3c2/0x610 [ 845.035806][T17118] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 845.035862][T17118] ? __lock_acquire+0x62e/0x1ce0 [ 845.035910][T17118] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 845.035979][T17118] ? filemap_get_entry+0x1a7/0x3b0 [ 845.036023][T17118] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 845.036071][T17118] ? policy_nodemask+0xea/0x4e0 [ 845.036113][T17118] alloc_pages_mpol+0x1fb/0x550 [ 845.036154][T17118] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 845.036198][T17118] ? _raw_spin_unlock+0x28/0x50 [ 845.036245][T17118] ? swap_entry_swapped+0x122/0x190 [ 845.036282][T17118] ? __pfx_swap_entry_swapped+0x10/0x10 [ 845.036322][T17118] folio_alloc_mpol_noprof+0x36/0x2f0 [ 845.036369][T17118] __read_swap_cache_async+0x3b6/0x5a0 [ 845.036405][T17118] ? __pfx___read_swap_cache_async+0x10/0x10 [ 845.036437][T17118] ? swp_swap_info+0xce/0x130 [ 845.036475][T17118] ? __pfx_swp_swap_info+0x10/0x10 [ 845.036516][T17118] ? __pfx_filemap_get_entry+0x10/0x10 [ 845.036558][T17118] swap_cluster_readahead+0x3eb/0x710 [ 845.036597][T17118] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 845.036627][T17118] ? __filemap_get_folio+0x32b/0xc30 [ 845.036679][T17118] ? __pfx_get_swap_device+0x10/0x10 [ 845.036717][T17118] ? __walk_page_range+0x134/0x820 [ 845.036759][T17118] shmem_swapin_folio+0x1d4a/0x25a0 [ 845.036795][T17118] ? find_held_lock+0x2b/0x80 [ 845.036833][T17118] ? __pfx_shmem_swapin_folio+0x10/0x10 [ 845.036863][T17118] ? __pfx_filemap_get_entry+0x10/0x10 [ 845.036906][T17118] ? xas_find+0x303/0x890 [ 845.036947][T17118] shmem_get_folio_gfp+0x2c5/0x1600 [ 845.037000][T17118] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 845.037038][T17118] ? filemap_map_pages+0xf58/0x1670 [ 845.037078][T17118] shmem_fault+0x1fe/0xa30 [ 845.037114][T17118] ? __pfx_shmem_fault+0x10/0x10 [ 845.037154][T17118] ? __pfx_filemap_map_pages+0x10/0x10 [ 845.037199][T17118] ? __pfx_filemap_map_pages+0x10/0x10 [ 845.037233][T17118] __do_fault+0x10a/0x490 [ 845.037269][T17118] ? __pfx_filemap_map_pages+0x10/0x10 [ 845.037302][T17118] do_pte_missing+0xf50/0x3ba0 [ 845.037332][T17118] ? find_held_lock+0x2b/0x80 [ 845.037360][T17118] ? __handle_mm_fault+0x14fd/0x2a50 [ 845.037395][T17118] __handle_mm_fault+0x152a/0x2a50 [ 845.037429][T17118] ? mt_find+0x3ef/0xa30 [ 845.037464][T17118] ? __pfx___handle_mm_fault+0x10/0x10 [ 845.037492][T17118] ? __pfx_mt_find+0x10/0x10 [ 845.037546][T17118] ? find_vma+0xbf/0x140 [ 845.037585][T17118] ? __pfx_find_vma+0x10/0x10 [ 845.037631][T17118] handle_mm_fault+0x589/0xd10 [ 845.037666][T17118] ? __bpf_trace_exceptions+0x1/0x40 [ 845.037717][T17118] do_user_addr_fault+0x7a6/0x1370 [ 845.037763][T17118] ? do_madvise+0x1af/0x240 [ 845.037806][T17118] ? rcu_is_watching+0x12/0xc0 [ 845.037846][T17118] exc_page_fault+0x5c/0xb0 [ 845.037881][T17118] asm_exc_page_fault+0x26/0x30 [ 845.037914][T17118] RIP: 0010:__get_user_nocheck_1+0x6/0x20 [ 845.037977][T17118] Code: c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 01 cb 0f ae e8 <0f> b6 10 31 c0 0f 01 ca c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 [ 845.038010][T17118] RSP: 0018:ffffc90003b87ea8 EFLAGS: 00050202 [ 845.038036][T17118] RAX: 0000000000000007 RBX: 0000000000000020 RCX: ffffc9000dd11000 [ 845.038056][T17118] RDX: 0000000000080000 RSI: ffffffff812c3c56 RDI: ffffc90003b87f58 [ 845.038077][T17118] RBP: ffff88802f310000 R08: 0000000000000005 R09: 0000000000000000 [ 845.038095][T17118] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000000ca [ 845.038112][T17118] R13: ffffc90003b87f58 R14: 0000000000000000 R15: 0000000000000000 [ 845.038143][T17118] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 845.038199][T17118] syscall_user_dispatch+0x78/0x140 [ 845.038262][T17118] syscall_trace_enter+0x5e/0x240 [ 845.038319][T17118] do_syscall_64+0x347/0x490 [ 845.038361][T17118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.038395][T17118] RIP: 0033:0x7fdae2d8ebe9 [ 845.038420][T17118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 845.038452][T17118] RSP: 002b:00007fdae0ff60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 845.038482][T17118] RAX: ffffffffffffffda RBX: 00007fdae2fb6188 RCX: 00007fdae2d8ebe9 [ 845.038509][T17118] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdae2fb618c [ 845.038530][T17118] RBP: 00007fdae2fb6180 R08: 00007fdae3b45000 R09: 0000000000000000 [ 845.038551][T17118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 845.038571][T17118] R13: 00007fdae2fb6218 R14: 00007ffd47130420 R15: 00007ffd47130508 [ 845.038614][T17118] [ 846.401519][T17140] netlink: 'syz.0.2335': attribute type 33 has an invalid length. [ 847.022371][T17150] netlink: 'syz.2.2337': attribute type 33 has an invalid length. [ 849.947619][T17180] [U] [ 849.950509][T17180] [U] [ 849.953274][T17180] [U] [ 849.956023][T17180] [U] [ 850.016971][T17180] [U] [ 850.019744][T17180] [U] [ 850.022482][T17180] [U] [ 850.025214][T17180] [U] [ 850.051632][T17180] [U] [ 850.054395][T17180] [U] [ 850.057127][T17180] [U] [ 850.059841][T17180] [U] [ 850.119008][T17180] [U] [ 850.121762][T17180] [U] [ 850.124511][T17180] [U] [ 850.127248][T17180] [U] [ 850.172927][T17180] [U] [ 850.175707][T17180] [U] [ 850.178455][T17180] [U] [ 850.181208][T17180] [U] [ 850.193890][T17180] [U] [ 850.196679][T17180] [U] [ 850.199442][T17180] [U] [ 850.202283][T17180] [U] [ 850.221331][T17180] [U] [ 850.224115][T17180] [U] [ 850.226921][T17180] [U] [ 850.229642][T17180] [U] [ 850.275450][T17180] [U] [ 850.278246][T17180] [U] [ 850.281002][T17180] [U] [ 850.283759][T17180] [U] [ 850.287275][T17180] [U] [ 850.290052][T17180] [U] [ 850.292827][T17180] [U] [ 850.295587][T17180] [U] [ 850.307262][T17180] [U] [ 851.933743][T17221] input: f¬ as /devices/virtual/input/input15 [ 852.466222][T17216] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2355'. [ 852.692564][T17226] random: crng reseeded on system resumption [ 854.537253][T17259] FAULT_INJECTION: forcing a failure. [ 854.537253][T17259] name failslab, interval 1, probability 0, space 0, times 0 [ 854.591161][T17259] CPU: 1 UID: 0 PID: 17259 Comm: syz.2.2365 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 854.591196][T17259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 854.591210][T17259] Call Trace: [ 854.591218][T17259] [ 854.591228][T17259] dump_stack_lvl+0x16c/0x1f0 [ 854.591258][T17259] should_fail_ex+0x512/0x640 [ 854.591287][T17259] ? __kmalloc_noprof+0xbf/0x510 [ 854.591317][T17259] ? realloc_user_queue+0x288/0x320 [ 854.591355][T17259] should_failslab+0xc2/0x120 [ 854.591388][T17259] __kmalloc_noprof+0xd2/0x510 [ 854.591422][T17259] realloc_user_queue+0x288/0x320 [ 854.591457][T17259] ? __pfx_snd_timer_user_open+0x10/0x10 [ 854.591491][T17259] snd_timer_user_open+0xfc/0x180 [ 854.591525][T17259] snd_open+0x22d/0x4c0 [ 854.591553][T17259] ? __pfx_snd_open+0x10/0x10 [ 854.591581][T17259] chrdev_open+0x231/0x6a0 [ 854.591611][T17259] ? __pfx_apparmor_file_open+0x10/0x10 [ 854.591649][T17259] ? __pfx_chrdev_open+0x10/0x10 [ 854.591682][T17259] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 854.591715][T17259] do_dentry_open+0x97f/0x1530 [ 854.591744][T17259] ? __pfx_chrdev_open+0x10/0x10 [ 854.591781][T17259] vfs_open+0x82/0x3f0 [ 854.591819][T17259] path_openat+0x1de4/0x2cb0 [ 854.591857][T17259] ? __pfx_path_openat+0x10/0x10 [ 854.591900][T17259] do_filp_open+0x20b/0x470 [ 854.591929][T17259] ? __pfx_do_filp_open+0x10/0x10 [ 854.591979][T17259] ? alloc_fd+0x471/0x7d0 [ 854.592012][T17259] do_sys_openat2+0x11b/0x1d0 [ 854.592048][T17259] ? __pfx_do_sys_openat2+0x10/0x10 [ 854.592096][T17259] __x64_sys_openat+0x174/0x210 [ 854.592133][T17259] ? __pfx___x64_sys_openat+0x10/0x10 [ 854.592182][T17259] do_syscall_64+0xcd/0x490 [ 854.592210][T17259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.592235][T17259] RIP: 0033:0x7fd8ba58ebe9 [ 854.592254][T17259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 854.592277][T17259] RSP: 002b:00007fd8bb482038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 854.592298][T17259] RAX: ffffffffffffffda RBX: 00007fd8ba7b5fa0 RCX: 00007fd8ba58ebe9 [ 854.592314][T17259] RDX: 0000000000101440 RSI: 0000200000001cc0 RDI: ffffffffffffff9c [ 854.592329][T17259] RBP: 00007fd8ba611e19 R08: 0000000000000000 R09: 0000000000000000 [ 854.592343][T17259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 854.592357][T17259] R13: 00007fd8ba7b6038 R14: 00007fd8ba7b5fa0 R15: 00007ffd539e8438 [ 854.592386][T17259] [ 855.756997][T17277] netlink: 'syz.0.2370': attribute type 33 has an invalid length. [ 856.818776][ T31] audit: type=1804 audit(1843105145.200:9): pid=17288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2373" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 857.959574][T17302] netlink: 'syz.0.2374': attribute type 33 has an invalid length. [ 859.106184][T17317] netlink: 'syz.3.2379': attribute type 33 has an invalid length. [ 859.652025][T17328] zswap: compressor 000 not available [ 859.992631][T17330] zswap: compressor not available [ 861.262564][T17358] XFS: Clearing xfsstats [ 862.059564][T17372] binder: 17371:17372 unknown command 4294967282 [ 862.079624][T17372] binder: 17371:17372 ioctl c0306201 2000000000c0 returned -22 [ 867.954446][T17450] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2407'. [ 867.970498][T17450] hsr_slave_0: left promiscuous mode [ 867.978427][T17450] hsr_slave_1: left promiscuous mode [ 869.436478][T17469] [U] [ 869.439245][T17469] [U] [ 869.441971][T17469] [U] [ 869.444691][T17469] [U] [ 869.454891][T17468] netlink: 25520 bytes leftover after parsing attributes in process `syz.1.2409'. [ 869.467430][T17468] netlink: zone id is out of range [ 869.487531][T17467] netlink: 'syz.0.2411': attribute type 33 has an invalid length. [ 869.513315][T17468] netlink: zone id is out of range [ 869.544269][T17468] netlink: zone id is out of range [ 869.550914][T17468] netlink: zone id is out of range [ 869.556402][T17468] netlink: zone id is out of range [ 869.561739][T17468] netlink: zone id is out of range [ 869.567077][T17468] netlink: zone id is out of range [ 869.572332][T17468] netlink: zone id is out of range [ 869.577638][T17468] netlink: zone id is out of range [ 869.582891][T17468] netlink: zone id is out of range [ 869.612875][T17469] [U] [ 869.615688][T17469] [U] [ 869.618470][T17469] [U] [ 869.621238][T17469] [U] [ 869.735556][T17469] [U] [ 869.738356][T17469] [U] [ 869.741102][T17469] [U] [ 869.743850][T17469] [U] [ 869.789821][T17469] [U] [ 869.792639][T17469] [U] [ 869.795395][T17469] [U] [ 869.798149][T17469] [U] [ 869.811971][T17469] [U] [ 869.814759][T17469] [U] [ 869.817477][T17469] [U] [ 869.820189][T17469] [U] [ 869.886229][T17469] [U] [ 869.888982][T17469] [U] [ 869.891699][T17469] [U] [ 869.894413][T17469] [U] [ 869.908317][T17469] [U] [ 869.911109][T17469] [U] [ 869.913872][T17469] [U] [ 869.916629][T17469] [U] [ 869.923224][T17469] [U] [ 869.926015][T17469] [U] [ 869.928808][T17469] [U] [ 869.931569][T17469] [U] [ 869.940614][T17469] [U] [ 869.943408][T17469] [U] [ 869.946162][T17469] [U] [ 869.948910][T17469] [U] [ 869.994312][T17474] [U] [ 871.258621][T17497] netlink: 'syz.2.2416': attribute type 33 has an invalid length. [ 874.398172][T17523] netlink: 'syz.2.2421': attribute type 33 has an invalid length. [ 875.084698][T17516] netlink: 'syz.0.2422': attribute type 33 has an invalid length. [ 875.191425][T17531] netlink: 'syz.3.2424': attribute type 1 has an invalid length. [ 875.498487][T17538] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 876.730003][T17552] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 880.839487][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 880.846589][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 883.813642][T17632] can0: slcan on ptm0. [ 883.850289][T17630] netlink: 'syz.2.2443': attribute type 33 has an invalid length. [ 884.287162][T17631] can0 (unregistered): slcan off ptm0. [ 887.051634][T17678] zswap: compressor 000 not available [ 887.523193][T17682] zswap: compressor not available [ 889.406807][T17708] can0: slcan on pty233. [ 889.577689][T17707] can0 (unregistered): slcan off pty233. [ 889.605796][T17714] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 891.339420][T17734] netlink: 'syz.1.2457': attribute type 33 has an invalid length. [ 893.031448][T17764] ima: policy update failed [ 893.039067][T17764] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2460'. [ 893.048652][ T31] audit: type=1802 audit(1843105181.420:10): pid=17764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.2460" res=0 errno=0 [ 893.428829][T17773] FAULT_INJECTION: forcing a failure. [ 893.428829][T17773] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 893.485138][T17773] CPU: 0 UID: 0 PID: 17773 Comm: syz.2.2463 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 893.485191][T17773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 893.485210][T17773] Call Trace: [ 893.485221][T17773] [ 893.485233][T17773] dump_stack_lvl+0x16c/0x1f0 [ 893.485275][T17773] should_fail_ex+0x512/0x640 [ 893.485322][T17773] _copy_from_user+0x2e/0xd0 [ 893.485369][T17773] futex_parse_waitv+0x101/0x520 [ 893.485416][T17773] ? __pfx_futex_wake_mark+0x10/0x10 [ 893.485468][T17773] ? __pfx_futex_parse_waitv+0x10/0x10 [ 893.485515][T17773] ? futex_wait+0x120/0x380 [ 893.485564][T17773] ? __pfx_futex_wait+0x10/0x10 [ 893.485621][T17773] __do_sys_futex_requeue+0xd4/0x190 [ 893.485669][T17773] ? __pfx___do_sys_futex_requeue+0x10/0x10 [ 893.485759][T17773] ? xfd_validate_state+0x61/0x180 [ 893.485807][T17773] ? __pfx___x64_sys_pselect6+0x10/0x10 [ 893.485858][T17773] do_syscall_64+0xcd/0x490 [ 893.485909][T17773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 893.485945][T17773] RIP: 0033:0x7fd8ba58ebe9 [ 893.485972][T17773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 893.486005][T17773] RSP: 002b:00007fd8bb482038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c8 [ 893.486038][T17773] RAX: ffffffffffffffda RBX: 00007fd8ba7b5fa0 RCX: 00007fd8ba58ebe9 [ 893.486059][T17773] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000200000000040 [ 893.486079][T17773] RBP: 00007fd8ba611e19 R08: 0000000000000000 R09: 0000000000000000 [ 893.486099][T17773] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 893.486118][T17773] R13: 00007fd8ba7b6038 R14: 00007fd8ba7b5fa0 R15: 00007ffd539e8438 [ 893.486161][T17773] [ 894.738650][ T31] audit: type=1800 audit(1843105183.110:11): pid=17794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2465" name="features" dev="configfs" ino=64917 res=0 errno=0 [ 896.104508][T17803] zswap: compressor not available [ 896.556234][T17811] netlink: 'syz.3.2467': attribute type 33 has an invalid length. [ 897.065262][T17822] netlink: 'syz.2.2470': attribute type 33 has an invalid length. [ 897.564538][T17828] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2479'. [ 897.675163][T17828] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2479'. [ 898.111246][T17846] netlink: 'syz.3.2473': attribute type 33 has an invalid length. [ 902.131314][T17895] netlink: 'syz.0.2483': attribute type 33 has an invalid length. [ 902.166812][T17897] netlink: 'syz.2.2484': attribute type 33 has an invalid length. [ 903.392153][T17907] FAULT_INJECTION: forcing a failure. [ 903.392153][T17907] name failslab, interval 1, probability 0, space 0, times 0 [ 903.438841][T17907] CPU: 0 UID: 0 PID: 17907 Comm: syz.3.2488 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 903.438892][T17907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 903.438913][T17907] Call Trace: [ 903.438933][T17907] [ 903.438945][T17907] dump_stack_lvl+0x16c/0x1f0 [ 903.438991][T17907] should_fail_ex+0x512/0x640 [ 903.439031][T17907] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 903.439069][T17907] should_failslab+0xc2/0x120 [ 903.439107][T17907] __kmalloc_cache_noprof+0x6a/0x3e0 [ 903.439136][T17907] ? ww_mutex_lock+0x37/0x160 [ 903.439167][T17907] ? vkms_plane_duplicate_state+0x45/0x130 [ 903.439207][T17907] ? modeset_lock+0x114/0x6e0 [ 903.439245][T17907] vkms_plane_duplicate_state+0x45/0x130 [ 903.439284][T17907] drm_atomic_get_plane_state+0x20b/0x590 [ 903.439331][T17907] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 903.439376][T17907] ? __pfx___might_resched+0x10/0x10 [ 903.439419][T17907] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 903.439464][T17907] ? __mutex_lock+0x1c4/0x10b0 [ 903.439493][T17907] ? rcu_is_watching+0x12/0xc0 [ 903.439575][T17907] drm_client_modeset_commit_locked+0x14d/0x580 [ 903.439627][T17907] drm_client_modeset_commit+0x4f/0x80 [ 903.439673][T17907] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 903.439719][T17907] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 903.439756][T17907] drm_fbdev_client_restore+0x2c/0x40 [ 903.439790][T17907] drm_client_dev_restore+0x1f3/0x2a0 [ 903.439839][T17907] drm_release+0x2c4/0x360 [ 903.439882][T17907] ? __pfx_drm_release+0x10/0x10 [ 903.439921][T17907] __fput+0x3ff/0xb70 [ 903.439976][T17907] task_work_run+0x150/0x240 [ 903.440021][T17907] ? __pfx_task_work_run+0x10/0x10 [ 903.440068][T17907] ? __pfx___do_sys_close_range+0x10/0x10 [ 903.440110][T17907] exit_to_user_mode_loop+0xeb/0x110 [ 903.440154][T17907] do_syscall_64+0x3f6/0x490 [ 903.440189][T17907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 903.440218][T17907] RIP: 0033:0x7fe1ee38ebe9 [ 903.440241][T17907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 903.440268][T17907] RSP: 002b:00007fe1ef2d7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 903.440296][T17907] RAX: 0000000000000000 RBX: 00007fe1ee5b5fa0 RCX: 00007fe1ee38ebe9 [ 903.440315][T17907] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 903.440332][T17907] RBP: 00007fe1ee411e19 R08: 0000000000000000 R09: 0000000000000000 [ 903.440349][T17907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 903.440366][T17907] R13: 00007fe1ee5b6038 R14: 00007fe1ee5b5fa0 R15: 00007ffcca706578 [ 903.440403][T17907] [ 904.335661][T17924] netlink: 'syz.0.2490': attribute type 1 has an invalid length. [ 904.451625][T17926] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2492'. [ 905.586218][T17934] netlink: 'syz.1.2493': attribute type 33 has an invalid length. [ 906.515491][T17945] netlink: 'syz.3.2495': attribute type 33 has an invalid length. [ 907.048509][T17952] netlink: 'syz.1.2496': attribute type 33 has an invalid length. [ 907.484751][T17960] netlink: 'syz.0.2498': attribute type 33 has an invalid length. [ 908.380011][T17978] netlink: 'syz.1.2502': attribute type 33 has an invalid length. [ 908.446320][T17989] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 909.200951][T18002] vmstat_refresh: nr_hugetlb -3072 [ 909.411995][T17993] netlink: 'syz.2.2503': attribute type 33 has an invalid length. [ 909.787734][T18007] FAULT_INJECTION: forcing a failure. [ 909.787734][T18007] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 909.915438][T18007] CPU: 0 UID: 0 PID: 18007 Comm: syz.3.2507 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 909.915483][T18007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 909.915503][T18007] Call Trace: [ 909.915515][T18007] [ 909.915528][T18007] dump_stack_lvl+0x16c/0x1f0 [ 909.915570][T18007] should_fail_ex+0x512/0x640 [ 909.915618][T18007] should_fail_alloc_page+0xe7/0x130 [ 909.915667][T18007] prepare_alloc_pages+0x3c2/0x610 [ 909.915726][T18007] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 909.915777][T18007] ? __lock_acquire+0x62e/0x1ce0 [ 909.915824][T18007] ? css_rstat_updated+0x1c2/0x510 [ 909.915918][T18007] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 909.915970][T18007] ? rcu_is_watching+0x12/0xc0 [ 909.916016][T18007] ? __lock_acquire+0x62e/0x1ce0 [ 909.916059][T18007] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 909.916110][T18007] ? policy_nodemask+0xea/0x4e0 [ 909.916157][T18007] alloc_pages_mpol+0x1fb/0x550 [ 909.916202][T18007] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 909.916249][T18007] ? filemap_get_entry+0x1a7/0x3b0 [ 909.916298][T18007] folio_alloc_noprof+0x20/0x2d0 [ 909.916349][T18007] filemap_alloc_folio_noprof+0x3a1/0x470 [ 909.916387][T18007] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 909.916422][T18007] ? rcu_is_watching+0x12/0xc0 [ 909.916460][T18007] __filemap_get_folio+0x5e1/0xc30 [ 909.916513][T18007] ioctx_alloc+0x761/0x2120 [ 909.916568][T18007] ? __pfx_ioctx_alloc+0x10/0x10 [ 909.916602][T18007] ? __might_fault+0x13b/0x190 [ 909.916651][T18007] __x64_sys_io_setup+0xc9/0x210 [ 909.916692][T18007] do_syscall_64+0xcd/0x490 [ 909.916731][T18007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 909.916764][T18007] RIP: 0033:0x7fe1ee38ebe9 [ 909.916789][T18007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 909.916822][T18007] RSP: 002b:00007fe1ef2b6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 909.916853][T18007] RAX: ffffffffffffffda RBX: 00007fe1ee5b6090 RCX: 00007fe1ee38ebe9 [ 909.916887][T18007] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff [ 909.916906][T18007] RBP: 00007fe1ee411e19 R08: 0000000000000000 R09: 0000000000000000 [ 909.916925][T18007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 909.916943][T18007] R13: 00007fe1ee5b6128 R14: 00007fe1ee5b6090 R15: 00007ffcca706578 [ 909.916983][T18007] [ 910.762376][T18008] pty pty36: ldisc open failed (-12), clearing slot 36 [ 910.770597][T18006] tty tty45: ldisc open failed (-12), clearing slot 44 [ 910.913859][T18012] netlink: 'syz.1.2508': attribute type 33 has an invalid length. [ 911.359677][T18035] netlink: 'syz.2.2512': attribute type 1 has an invalid length. [ 911.398514][T18037] netlink: 'syz.3.2520': attribute type 33 has an invalid length. [ 912.655792][T18053] netlink: 'syz.0.2523': attribute type 33 has an invalid length. [ 913.105050][T18061] FAULT_INJECTION: forcing a failure. [ 913.105050][T18061] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 913.186224][T18061] CPU: 1 UID: 0 PID: 18061 Comm: syz.1.2515 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 913.186273][T18061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 913.186293][T18061] Call Trace: [ 913.186304][T18061] [ 913.186316][T18061] dump_stack_lvl+0x16c/0x1f0 [ 913.186360][T18061] should_fail_ex+0x512/0x640 [ 913.186407][T18061] _copy_from_user+0x2e/0xd0 [ 913.186455][T18061] futex_parse_waitv+0x101/0x520 [ 913.186505][T18061] ? __pfx_futex_wake_mark+0x10/0x10 [ 913.186557][T18061] ? __pfx_futex_parse_waitv+0x10/0x10 [ 913.186603][T18061] ? futex_wait+0x120/0x380 [ 913.186653][T18061] ? __pfx_futex_wait+0x10/0x10 [ 913.186710][T18061] __do_sys_futex_requeue+0xd4/0x190 [ 913.186771][T18061] ? __pfx___do_sys_futex_requeue+0x10/0x10 [ 913.186861][T18061] ? xfd_validate_state+0x61/0x180 [ 913.186910][T18061] ? __pfx___x64_sys_pselect6+0x10/0x10 [ 913.186961][T18061] do_syscall_64+0xcd/0x490 [ 913.187001][T18061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 913.187034][T18061] RIP: 0033:0x7f85a498ebe9 [ 913.187060][T18061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 913.187094][T18061] RSP: 002b:00007f85a58a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c8 [ 913.187126][T18061] RAX: ffffffffffffffda RBX: 00007f85a4bb6090 RCX: 00007f85a498ebe9 [ 913.187149][T18061] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000200000000040 [ 913.187170][T18061] RBP: 00007f85a4a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 913.187192][T18061] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 913.187212][T18061] R13: 00007f85a4bb6128 R14: 00007f85a4bb6090 R15: 00007ffd40fc3e48 [ 913.187256][T18061] [ 914.290882][T18079] netlink: 'syz.1.2518': attribute type 33 has an invalid length. [ 915.709328][T18091] netlink: 'syz.0.2524': attribute type 33 has an invalid length. [ 918.349983][T18127] netlink: 'syz.3.2539': attribute type 33 has an invalid length. [ 920.142640][T18138] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 920.548212][T18146] netlink: 'syz.0.2533': attribute type 33 has an invalid length. [ 920.707020][T18156] bond0: option all_slaves_active: invalid value () [ 921.270423][T18166] FAULT_INJECTION: forcing a failure. [ 921.270423][T18166] name failslab, interval 1, probability 0, space 0, times 0 [ 921.325549][T18166] CPU: 0 UID: 0 PID: 18166 Comm: syz.2.2541 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 921.325597][T18166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 921.325616][T18166] Call Trace: [ 921.325627][T18166] [ 921.325640][T18166] dump_stack_lvl+0x16c/0x1f0 [ 921.325680][T18166] should_fail_ex+0x512/0x640 [ 921.325719][T18166] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 921.325775][T18166] should_failslab+0xc2/0x120 [ 921.325822][T18166] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 921.325861][T18166] ? __proc_create+0xc3/0x8e0 [ 921.325909][T18166] ? __proc_create+0x2ce/0x8e0 [ 921.325966][T18166] __proc_create+0x2ce/0x8e0 [ 921.326017][T18166] ? __pfx___proc_create+0x10/0x10 [ 921.326073][T18166] ? _raw_write_unlock+0x28/0x50 [ 921.326106][T18166] ? proc_register+0x314/0x5f0 [ 921.326161][T18166] proc_create_reg+0x7d/0x180 [ 921.326218][T18166] proc_create_seq_private+0x8e/0x180 [ 921.326274][T18166] ? __pfx_proc_create_seq_private+0x10/0x10 [ 921.326328][T18166] ? __pfx_uevent_net_rcv+0x10/0x10 [ 921.326380][T18166] ? __pfx_dev_proc_net_init+0x10/0x10 [ 921.326437][T18166] dev_proc_net_init+0xa8/0x220 [ 921.326492][T18166] ops_init+0x1df/0x5f0 [ 921.326535][T18166] setup_net+0x10f/0x380 [ 921.326576][T18166] ? lockdep_init_map_type+0x5c/0x280 [ 921.326624][T18166] ? __pfx_setup_net+0x10/0x10 [ 921.326665][T18166] ? debug_mutex_init+0x37/0x70 [ 921.326705][T18166] copy_net_ns+0x2a6/0x5f0 [ 921.326754][T18166] create_new_namespaces+0x3ea/0xa90 [ 921.326813][T18166] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 921.326859][T18166] ksys_unshare+0x45b/0xa40 [ 921.326907][T18166] ? __pfx_ksys_unshare+0x10/0x10 [ 921.326957][T18166] ? xfd_validate_state+0x61/0x180 [ 921.327019][T18166] __x64_sys_unshare+0x31/0x40 [ 921.327066][T18166] do_syscall_64+0xcd/0x490 [ 921.327107][T18166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 921.327142][T18166] RIP: 0033:0x7fd8ba58ebe9 [ 921.327168][T18166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 921.327201][T18166] RSP: 002b:00007fd8bb482038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 921.327233][T18166] RAX: ffffffffffffffda RBX: 00007fd8ba7b5fa0 RCX: 00007fd8ba58ebe9 [ 921.327255][T18166] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 921.327276][T18166] RBP: 00007fd8ba611e19 R08: 0000000000000000 R09: 0000000000000000 [ 921.327296][T18166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 921.327317][T18166] R13: 00007fd8ba7b6038 R14: 00007fd8ba7b5fa0 R15: 00007ffd539e8438 [ 921.327360][T18166] [ 921.831280][T18167] netlink: 'syz.1.2540': attribute type 33 has an invalid length. [ 921.892022][ T5877] Bluetooth: hci2: unexpected subevent 0x0c length: 0 < 5 [ 922.634268][T18183] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 924.467348][T18212] netlink: 'syz.1.2549': attribute type 33 has an invalid length. [ 925.318983][T18216] netlink: 'syz.0.2550': attribute type 33 has an invalid length. [ 925.366696][T18224] FAULT_INJECTION: forcing a failure. [ 925.366696][T18224] name failslab, interval 1, probability 0, space 0, times 0 [ 925.395010][T18224] CPU: 1 UID: 0 PID: 18224 Comm: syz.1.2551 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 925.395059][T18224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 925.395079][T18224] Call Trace: [ 925.395090][T18224] [ 925.395102][T18224] dump_stack_lvl+0x16c/0x1f0 [ 925.395143][T18224] should_fail_ex+0x512/0x640 [ 925.395187][T18224] ? __kmalloc_noprof+0xbf/0x510 [ 925.395245][T18224] ? sk_prot_alloc+0x1a8/0x2a0 [ 925.395288][T18224] should_failslab+0xc2/0x120 [ 925.395333][T18224] __kmalloc_noprof+0xd2/0x510 [ 925.395372][T18224] ? evm_inode_alloc_security+0x49/0xc0 [ 925.395432][T18224] sk_prot_alloc+0x1a8/0x2a0 [ 925.395479][T18224] sk_alloc+0x36/0xc20 [ 925.395515][T18224] __netlink_create+0x5e/0x2c0 [ 925.395569][T18224] __netlink_kernel_create+0xed/0x750 [ 925.395610][T18224] ? __pfx___netlink_kernel_create+0x10/0x10 [ 925.395661][T18224] uevent_net_init+0xf8/0x350 [ 925.395706][T18224] ? __pfx_uevent_net_init+0x10/0x10 [ 925.395752][T18224] ? __pfx_uevent_net_rcv+0x10/0x10 [ 925.395808][T18224] ? __pfx_uevent_net_init+0x10/0x10 [ 925.395850][T18224] ops_init+0x1df/0x5f0 [ 925.395892][T18224] setup_net+0x10f/0x380 [ 925.395926][T18224] ? lockdep_init_map_type+0x5c/0x280 [ 925.395974][T18224] ? __pfx_setup_net+0x10/0x10 [ 925.396088][T18224] ? debug_mutex_init+0x37/0x70 [ 925.396129][T18224] copy_net_ns+0x2a6/0x5f0 [ 925.396175][T18224] create_new_namespaces+0x3ea/0xa90 [ 925.396225][T18224] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 925.396285][T18224] ksys_unshare+0x45b/0xa40 [ 925.396333][T18224] ? __pfx_ksys_unshare+0x10/0x10 [ 925.396381][T18224] ? xfd_validate_state+0x61/0x180 [ 925.396439][T18224] __x64_sys_unshare+0x31/0x40 [ 925.396479][T18224] do_syscall_64+0xcd/0x490 [ 925.396518][T18224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 925.396552][T18224] RIP: 0033:0x7f85a498ebe9 [ 925.396578][T18224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 925.396611][T18224] RSP: 002b:00007f85a58c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 925.396641][T18224] RAX: ffffffffffffffda RBX: 00007f85a4bb5fa0 RCX: 00007f85a498ebe9 [ 925.396663][T18224] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 925.396683][T18224] RBP: 00007f85a4a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 925.396701][T18224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 925.396719][T18224] R13: 00007f85a4bb6038 R14: 00007f85a4bb5fa0 R15: 00007ffd40fc3e48 [ 925.396764][T18224] [ 925.755577][T18224] kobject_uevent: unable to create netlink socket! [ 926.029313][T18225] netlink: 'syz.3.2553': attribute type 33 has an invalid length. [ 926.083717][T18229] netlink: 'syz.2.2552': attribute type 33 has an invalid length. [ 926.875493][ T5877] Bluetooth: hci0: unexpected subevent 0x0c length: 0 < 5 [ 927.546608][T18251] vhci_hcd: vhci_device speed not set [ 927.888623][T18253] FAULT_INJECTION: forcing a failure. [ 927.888623][T18253] name fail_futex, interval 1, probability 0, space 0, times 0 [ 928.115438][T18253] CPU: 0 UID: 1 PID: 18253 Comm: syz.1.2558 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 928.115487][T18253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 928.115506][T18253] Call Trace: [ 928.115518][T18253] [ 928.115531][T18253] dump_stack_lvl+0x16c/0x1f0 [ 928.115572][T18253] should_fail_ex+0x512/0x640 [ 928.115621][T18253] get_futex_key+0x1d0/0x1560 [ 928.115670][T18253] ? __pfx_get_futex_key+0x10/0x10 [ 928.115723][T18253] futex_wait_setup+0x9d/0x550 [ 928.115786][T18253] __futex_wait+0x194/0x2f0 [ 928.115838][T18253] ? __pfx___futex_wait+0x10/0x10 [ 928.115896][T18253] ? __pfx_futex_wake_mark+0x10/0x10 [ 928.115966][T18253] ? futex_private_hash_put+0x176/0x300 [ 928.116013][T18253] ? futex_private_hash_put+0x18a/0x300 [ 928.116058][T18253] futex_wait+0xe8/0x380 [ 928.116109][T18253] ? __pfx_futex_wait+0x10/0x10 [ 928.116168][T18253] ? __lock_acquire+0xb97/0x1ce0 [ 928.116223][T18253] do_futex+0x229/0x350 [ 928.116268][T18253] ? __pfx_do_futex+0x10/0x10 [ 928.116324][T18253] __x64_sys_futex+0x1e0/0x4c0 [ 928.116368][T18253] ? __pfx___x64_sys_open_tree_attr+0x10/0x10 [ 928.116420][T18253] ? __pfx___x64_sys_futex+0x10/0x10 [ 928.116465][T18253] ? xfd_validate_state+0x61/0x180 [ 928.116513][T18253] ? up_write+0x1b2/0x520 [ 928.116598][T18253] do_syscall_64+0xcd/0x490 [ 928.116640][T18253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 928.116674][T18253] RIP: 0033:0x7f85a498ebe9 [ 928.116700][T18253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 928.116732][T18253] RSP: 002b:00007f85a58a80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 928.116764][T18253] RAX: ffffffffffffffda RBX: 00007f85a4bb6098 RCX: 00007f85a498ebe9 [ 928.116786][T18253] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f85a4bb6098 [ 928.116808][T18253] RBP: 00007f85a4bb6090 R08: 0000000000000000 R09: 0000000000000000 [ 928.116828][T18253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 928.116849][T18253] R13: 00007f85a4bb6128 R14: 00007ffd40fc3d60 R15: 00007ffd40fc3e48 [ 928.116892][T18253] [ 929.292710][T18266] netlink: 'syz.1.2560': attribute type 33 has an invalid length. [ 929.608667][T18265] FAULT_INJECTION: forcing a failure. [ 929.608667][T18265] name fail_futex, interval 1, probability 0, space 0, times 0 [ 929.645251][T18265] CPU: 1 UID: 0 PID: 18265 Comm: syz.3.2561 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 929.645296][T18265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 929.645316][T18265] Call Trace: [ 929.645326][T18265] [ 929.645339][T18265] dump_stack_lvl+0x16c/0x1f0 [ 929.645379][T18265] should_fail_ex+0x512/0x640 [ 929.645424][T18265] get_futex_key+0x1d0/0x1560 [ 929.645465][T18265] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 929.645523][T18265] ? __pfx_get_futex_key+0x10/0x10 [ 929.645566][T18265] ? blk_finish_plug+0x53/0xa0 [ 929.645595][T18265] ? madvise_do_behavior+0x1f4/0x530 [ 929.645647][T18265] futex_wake+0xea/0x530 [ 929.645696][T18265] ? __pfx___up_read+0x10/0x10 [ 929.645744][T18265] ? __pfx_futex_wake+0x10/0x10 [ 929.645787][T18265] ? madvise_unlock+0x16d/0x220 [ 929.645839][T18265] ? madvise_unlock+0x7c/0x220 [ 929.645889][T18265] do_futex+0x1e3/0x350 [ 929.645930][T18265] ? __pfx_do_futex+0x10/0x10 [ 929.645982][T18265] __x64_sys_futex+0x1e0/0x4c0 [ 929.646029][T18265] ? __pfx___x64_sys_futex+0x10/0x10 [ 929.646072][T18265] ? xfd_validate_state+0x61/0x180 [ 929.646117][T18265] ? __pfx_ksys_write+0x10/0x10 [ 929.646166][T18265] do_syscall_64+0xcd/0x490 [ 929.646204][T18265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 929.646237][T18265] RIP: 0033:0x7fe1ee38ebe9 [ 929.646262][T18265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 929.646293][T18265] RSP: 002b:00007fe1ef2b60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 929.646323][T18265] RAX: ffffffffffffffda RBX: 00007fe1ee5b6098 RCX: 00007fe1ee38ebe9 [ 929.646344][T18265] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe1ee5b609c [ 929.646364][T18265] RBP: 00007fe1ee5b6090 R08: 00007fe1ef2d8000 R09: 0000000000000000 [ 929.646384][T18265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 929.646403][T18265] R13: 00007fe1ee5b6128 R14: 00007ffcca706490 R15: 00007ffcca706578 [ 929.646445][T18265] [ 930.103713][T18279] [U] [ 930.106608][T18279] [U] [ 930.109366][T18279] [U] [ 930.112123][T18279] [U] [ 930.117501][T18279] [U] [ 930.120279][T18279] [U] [ 930.123029][T18279] [U] [ 930.125782][T18279] [U] [ 930.129062][T18279] [U] [ 930.131833][T18279] [U] [ 930.134595][T18279] [U] [ 930.137350][T18279] [U] [ 930.140410][T18279] [U] [ 930.143176][T18279] [U] [ 930.145922][T18279] [U] [ 930.148677][T18279] [U] [ 930.152898][T18279] [U] [ 930.155662][T18279] [U] [ 930.158415][T18279] [U] [ 930.161171][T18279] [U] [ 930.164245][T18279] [U] [ 930.167003][T18279] [U] [ 930.169759][T18279] [U] [ 930.172522][T18279] [U] [ 930.175763][T18279] [U] [ 930.178540][T18279] [U] [ 930.181297][T18279] [U] [ 930.184156][T18279] [U] [ 930.187168][T18279] [U] [ 930.189921][T18279] [U] [ 930.192693][T18279] [U] [ 930.195489][T18279] [U] [ 930.198530][T18279] [U] [ 930.201295][T18279] [U] [ 930.204049][T18279] [U] [ 930.206787][T18279] [U] [ 930.210147][T18279] [U] [ 930.212905][T18279] [U] [ 930.215668][T18279] [U] [ 930.218424][T18279] [U] [ 930.256147][T18279] [U] [ 930.258943][T18279] [U] [ 930.261683][T18279] [U] [ 930.264432][T18279] [U] [ 930.267716][T18279] [U] [ 930.270538][T18279] [U] [ 930.273286][T18279] [U] [ 930.276041][T18279] [U] [ 930.279488][T18279] [U] [ 930.282249][T18279] [U] [ 930.284979][T18279] [U] [ 930.287705][T18279] [U] [ 930.297843][T18279] [U] [ 930.300626][T18279] [U] [ 930.303489][T18279] [U] [ 930.306225][T18279] [U] [ 930.320589][T18279] [U] [ 930.323386][T18279] [U] [ 930.326156][T18279] [U] [ 930.328907][T18279] [U] [ 930.354697][T18279] [U] [ 930.357508][T18279] [U] [ 930.360267][T18279] [U] [ 930.363013][T18279] [U] [ 930.385770][T18276] netlink: 'syz.2.2565': attribute type 33 has an invalid length. [ 930.408533][T18279] [U] [ 930.411344][T18279] [U] [ 930.414107][T18279] [U] [ 930.416960][T18279] [U] [ 930.483421][T18279] [U] [ 930.486242][T18279] [U] [ 930.489011][T18279] [U] [ 930.491770][T18279] [U] [ 930.505447][T18279] [U] [ 930.508333][T18279] [U] [ 930.511095][T18279] [U] [ 930.513855][T18279] [U] [ 930.531581][T18279] [U] [ 930.534389][T18279] [U] [ 930.537234][T18279] [U] [ 930.539993][T18279] [U] [ 930.575350][T18279] [U] [ 930.578152][T18279] [U] [ 930.580896][T18279] [U] [ 930.583641][T18279] [U] [ 930.611255][T18279] [U] [ 930.614058][T18279] [U] [ 930.616812][T18279] [U] [ 930.619568][T18279] [U] [ 930.655346][T18279] [U] [ 930.658135][T18279] [U] [ 930.660864][T18279] [U] [ 930.663588][T18279] [U] [ 930.685384][T18279] [U] [ 930.688191][T18279] [U] [ 930.690946][T18279] [U] [ 930.693695][T18279] [U] [ 930.713049][T18279] [U] [ 930.715843][T18279] [U] [ 930.718610][T18279] [U] [ 930.721357][T18279] [U] [ 930.772413][T18279] [U] [ 930.775206][T18279] [U] [ 930.777957][T18279] [U] [ 930.780713][T18279] [U] [ 930.809179][T18279] [U] [ 930.811978][T18279] [U] [ 930.814734][T18279] [U] [ 930.817493][T18279] [U] [ 930.941005][T18279] [U] [ 930.943811][T18279] [U] [ 930.946562][T18279] [U] [ 930.949339][T18279] [U] [ 930.987897][T18279] [U] [ 930.990706][T18279] [U] [ 930.993456][T18279] [U] [ 930.996224][T18279] [U] [ 931.005493][T18279] [U] [ 931.008277][T18279] [U] [ 931.011006][T18279] [U] [ 931.013729][T18279] [U] [ 931.033427][T18279] [U] [ 931.100320][T18290] netlink: 'syz.2.2567': attribute type 33 has an invalid length. [ 931.505623][T18299] FAULT_INJECTION: forcing a failure. [ 931.505623][T18299] name failslab, interval 1, probability 0, space 0, times 0 [ 931.565807][T18299] CPU: 1 UID: 1 PID: 18299 Comm: syz.2.2570 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 931.565855][T18299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 931.565875][T18299] Call Trace: [ 931.565887][T18299] [ 931.565899][T18299] dump_stack_lvl+0x16c/0x1f0 [ 931.565941][T18299] should_fail_ex+0x512/0x640 [ 931.565983][T18299] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 931.566023][T18299] should_failslab+0xc2/0x120 [ 931.566070][T18299] __kmalloc_cache_noprof+0x6a/0x3e0 [ 931.566107][T18299] ? sctp_datamsg_from_user+0x8d/0x1320 [ 931.566161][T18299] sctp_datamsg_from_user+0x8d/0x1320 [ 931.566207][T18299] ? __sk_mem_raise_allocated+0x94d/0x1670 [ 931.566251][T18299] ? sctp_sched_init_sid+0x8b/0x160 [ 931.566297][T18299] ? __sk_mem_schedule+0xd0/0x100 [ 931.566339][T18299] sctp_sendmsg_to_asoc+0xaf5/0x1bf0 [ 931.566391][T18299] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 931.566430][T18299] ? __pfx_autoremove_wake_function+0x10/0x10 [ 931.566483][T18299] ? sctp_sendmsg_check_sflags+0x176/0x320 [ 931.566542][T18299] sctp_sendmsg+0xea2/0x1e10 [ 931.566612][T18299] ? __pfx_sctp_sendmsg+0x10/0x10 [ 931.566652][T18299] ? __pfx___might_resched+0x10/0x10 [ 931.566698][T18299] ? aa_sk_perm+0x2f4/0xb10 [ 931.566741][T18299] ? __pfx_aa_sk_perm+0x10/0x10 [ 931.566789][T18299] ? __pfx_sctp_sendmsg+0x10/0x10 [ 931.566837][T18299] inet_sendmsg+0x11c/0x140 [ 931.566886][T18299] sock_write_iter+0x4aa/0x5b0 [ 931.566933][T18299] ? __pfx_sock_write_iter+0x10/0x10 [ 931.566995][T18299] ? bpf_lsm_file_permission+0x9/0x10 [ 931.567045][T18299] ? security_file_permission+0x71/0x210 [ 931.567087][T18299] ? rw_verify_area+0xcf/0x6c0 [ 931.567126][T18299] vfs_write+0x6c4/0x1150 [ 931.567163][T18299] ? __pfx_sock_write_iter+0x10/0x10 [ 931.567214][T18299] ? __pfx_vfs_write+0x10/0x10 [ 931.567249][T18299] ? find_held_lock+0x2b/0x80 [ 931.567310][T18299] ksys_write+0x1f8/0x250 [ 931.567349][T18299] ? __pfx_ksys_write+0x10/0x10 [ 931.567401][T18299] do_syscall_64+0xcd/0x490 [ 931.567443][T18299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.567477][T18299] RIP: 0033:0x7fd8ba58ebe9 [ 931.567503][T18299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 931.567537][T18299] RSP: 002b:00007fd8bb461038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 931.567568][T18299] RAX: ffffffffffffffda RBX: 00007fd8ba7b6090 RCX: 00007fd8ba58ebe9 [ 931.567598][T18299] RDX: 000000000000fdf3 RSI: 0000000000000000 RDI: 0000000000000003 [ 931.567618][T18299] RBP: 00007fd8ba611e19 R08: 0000000000000000 R09: 0000000000000000 [ 931.567639][T18299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 931.567658][T18299] R13: 00007fd8ba7b6128 R14: 00007fd8ba7b6090 R15: 00007ffd539e8438 [ 931.567702][T18299] [ 932.691633][T18316] netlink: 'syz.3.2573': attribute type 33 has an invalid length. [ 934.285411][T18338] netlink: 'syz.1.2577': attribute type 33 has an invalid length. [ 934.906440][T18346] netlink: 'syz.0.2578': attribute type 33 has an invalid length. [ 934.979720][T18350] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 934.988815][T18349] input: f¬ as /devices/virtual/input/input16 [ 936.653990][T18374] netlink: 'syz.0.2590': attribute type 33 has an invalid length. [ 936.792821][T18380] netlink: 'syz.3.2584': attribute type 33 has an invalid length. [ 937.984149][T18388] netlink: 'syz.0.2586': attribute type 33 has an invalid length. [ 939.400529][T18413] nbd: couldn't find device at index 33904 [ 939.449365][T18410] netlink: 'syz.1.2591': attribute type 33 has an invalid length. [ 939.723217][T18420] netlink: 'syz.1.2594': attribute type 1 has an invalid length. [ 941.087689][T18430] netlink: 'syz.3.2596': attribute type 33 has an invalid length. [ 941.539688][T18441] netlink: 'syz.0.2606': attribute type 33 has an invalid length. [ 941.754119][T18450] netlink: 'syz.2.2598': attribute type 33 has an invalid length. [ 941.797483][T18448] netlink: 'syz.3.2599': attribute type 33 has an invalid length. [ 942.270702][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 942.279366][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 944.306838][T18482] netlink: 'syz.2.2609': attribute type 1 has an invalid length. [ 944.709344][T18483] FAULT_INJECTION: forcing a failure. [ 944.709344][T18483] name fail_futex, interval 1, probability 0, space 0, times 0 [ 944.813184][T18483] CPU: 0 UID: 0 PID: 18483 Comm: syz.1.2608 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 944.813233][T18483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 944.813252][T18483] Call Trace: [ 944.813263][T18483] [ 944.813275][T18483] dump_stack_lvl+0x16c/0x1f0 [ 944.813318][T18483] should_fail_ex+0x512/0x640 [ 944.813363][T18483] get_futex_key+0x1d0/0x1560 [ 944.813411][T18483] ? __pfx_get_futex_key+0x10/0x10 [ 944.813451][T18483] ? __pfx_css_rstat_updated+0x10/0x10 [ 944.813499][T18483] futex_wake+0xea/0x530 [ 944.813553][T18483] ? __pfx_futex_wake+0x10/0x10 [ 944.813603][T18483] ? do_user_addr_fault+0x829/0x1370 [ 944.813665][T18483] ? do_user_addr_fault+0x843/0x1370 [ 944.813733][T18483] do_futex+0x1e3/0x350 [ 944.813776][T18483] ? __pfx_do_futex+0x10/0x10 [ 944.813816][T18483] ? irqentry_exit+0x3b/0x90 [ 944.813849][T18483] ? lockdep_hardirqs_on+0x7c/0x110 [ 944.813894][T18483] __x64_sys_futex+0x1e0/0x4c0 [ 944.813939][T18483] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 944.813986][T18483] ? __pfx___x64_sys_futex+0x10/0x10 [ 944.814030][T18483] ? syscall_user_dispatch+0x78/0x140 [ 944.814097][T18483] do_syscall_64+0xcd/0x490 [ 944.814136][T18483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.814170][T18483] RIP: 0033:0x7f85a498ebe9 [ 944.814196][T18483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 944.814230][T18483] RSP: 002b:00007f85a58870e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 944.814261][T18483] RAX: ffffffffffffffda RBX: 00007f85a4bb6188 RCX: 00007f85a498ebe9 [ 944.814282][T18483] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f85a4bb618c [ 944.814302][T18483] RBP: 00007f85a4bb6180 R08: 00007f85a58ca000 R09: 0000000000000000 [ 944.814323][T18483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 944.814343][T18483] R13: 00007f85a4bb6218 R14: 00007ffd40fc3d60 R15: 00007ffd40fc3e48 [ 944.814382][T18483] [ 945.240012][T18489] netlink: 'syz.3.2610': attribute type 33 has an invalid length. [ 945.725905][T18502] netlink: 'syz.0.2612': attribute type 33 has an invalid length. [ 946.218957][T18510] netlink: 'syz.1.2614': attribute type 33 has an invalid length. [ 946.670459][T18518] netlink: 'syz.0.2615': attribute type 33 has an invalid length. [ 948.327258][T18539] netlink: 'syz.2.2620': attribute type 1 has an invalid length. [ 949.028398][T18547] netlink: 'syz.1.2622': attribute type 33 has an invalid length. [ 949.756997][T18560] netlink: 'syz.1.2624': attribute type 33 has an invalid length. [ 950.388472][T18557] FAULT_INJECTION: forcing a failure. [ 950.388472][T18557] name failslab, interval 1, probability 0, space 0, times 0 [ 950.439901][T18557] CPU: 0 UID: 0 PID: 18557 Comm: syz.0.2623 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 950.439948][T18557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 950.439968][T18557] Call Trace: [ 950.439979][T18557] [ 950.439992][T18557] dump_stack_lvl+0x16c/0x1f0 [ 950.440032][T18557] should_fail_ex+0x512/0x640 [ 950.440082][T18557] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 950.440127][T18557] should_failslab+0xc2/0x120 [ 950.440172][T18557] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 950.440209][T18557] ? __pfx_acct_collect+0x10/0x10 [ 950.440257][T18557] ? taskstats_exit+0x654/0xbe0 [ 950.440309][T18557] taskstats_exit+0x654/0xbe0 [ 950.440360][T18557] ? __pfx_taskstats_exit+0x10/0x10 [ 950.440417][T18557] do_exit+0x5dc/0x2bf0 [ 950.440471][T18557] ? __pfx_do_exit+0x10/0x10 [ 950.440515][T18557] ? do_raw_spin_lock+0x12c/0x2b0 [ 950.440562][T18557] ? find_held_lock+0x2b/0x80 [ 950.440600][T18557] do_group_exit+0xd3/0x2a0 [ 950.440651][T18557] get_signal+0x2673/0x26d0 [ 950.440704][T18557] ? __pfx_get_signal+0x10/0x10 [ 950.440741][T18557] ? do_futex+0x122/0x350 [ 950.440781][T18557] ? __pfx_do_futex+0x10/0x10 [ 950.440825][T18557] arch_do_signal_or_restart+0x8f/0x790 [ 950.440870][T18557] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 950.440922][T18557] ? xfd_validate_state+0x61/0x180 [ 950.440967][T18557] ? __pfx_ksys_write+0x10/0x10 [ 950.441017][T18557] exit_to_user_mode_loop+0x84/0x110 [ 950.441073][T18557] do_syscall_64+0x3f6/0x490 [ 950.441112][T18557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 950.441182][T18557] RIP: 0033:0x7fdae2d8ebe9 [ 950.441207][T18557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 950.441238][T18557] RSP: 002b:00007fdae3b230e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 950.441268][T18557] RAX: fffffffffffffe00 RBX: 00007fdae2fb6098 RCX: 00007fdae2d8ebe9 [ 950.441290][T18557] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdae2fb6098 [ 950.441310][T18557] RBP: 00007fdae2fb6090 R08: 0000000000000000 R09: 0000000000000000 [ 950.441330][T18557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 950.441349][T18557] R13: 00007fdae2fb6128 R14: 00007ffd47130420 R15: 00007ffd47130508 [ 950.441390][T18557] [ 951.225004][T18574] netlink: 'syz.3.2627': attribute type 33 has an invalid length. [ 952.122708][T18594] netlink: 'syz.2.2628': attribute type 33 has an invalid length. [ 952.525087][T18591] netlink: 'syz.1.2629': attribute type 33 has an invalid length. [ 953.156835][T18598] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2631'. [ 954.408952][T18621] netlink: 'syz.0.2642': attribute type 33 has an invalid length. [ 954.459135][T18624] netlink: 'syz.1.2643': attribute type 33 has an invalid length. [ 954.726305][T18631] input: f¬ as /devices/virtual/input/input17 [ 957.275717][T18667] netlink: 'syz.3.2645': attribute type 33 has an invalid length. [ 957.863165][T18670] netlink: 'syz.1.2644': attribute type 33 has an invalid length. [ 957.942916][T18679] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2646'. [ 958.091618][T18680] netlink: 'syz.2.2647': attribute type 33 has an invalid length. [ 958.659392][T18686] netlink: 'syz.3.2648': attribute type 33 has an invalid length. [ 959.104890][T18695] netlink: 'syz.3.2649': attribute type 33 has an invalid length. [ 959.204317][T18698] netlink: 'syz.1.2650': attribute type 33 has an invalid length. [ 961.543243][T18737] netlink: 'syz.2.2657': attribute type 33 has an invalid length. [ 961.580926][T18738] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2658'. [ 962.440612][T18749] netlink: 'syz.1.2659': attribute type 33 has an invalid length. [ 962.546836][T18753] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2660'. [ 962.947704][T18757] netlink: 'syz.2.2661': attribute type 33 has an invalid length. [ 963.640938][T18768] netlink: 'syz.2.2663': attribute type 33 has an invalid length. [ 965.254748][T18801] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2668'. [ 965.689100][T18806] netlink: 'syz.1.2670': attribute type 33 has an invalid length. [ 966.088478][T18811] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2671'. [ 966.900830][T18820] netlink: 'syz.2.2672': attribute type 33 has an invalid length. [ 967.309632][T18827] netlink: 'syz.3.2674': attribute type 33 has an invalid length. [ 967.343657][T18832] netlink: 'syz.1.2675': attribute type 33 has an invalid length. [ 967.692089][T18838] netlink: 'syz.2.2676': attribute type 33 has an invalid length. [ 970.919905][T18883] netlink: 'syz.2.2684': attribute type 33 has an invalid length. [ 971.008610][T18879] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2683'. [ 971.832899][T18898] netlink: 'syz.0.2685': attribute type 33 has an invalid length. [ 972.156904][T18899] netlink: 'syz.3.2686': attribute type 33 has an invalid length. [ 972.179368][T18903] netlink: 'syz.1.2687': attribute type 33 has an invalid length. [ 972.689697][T18911] netlink: 'syz.1.2689': attribute type 33 has an invalid length. [ 975.670158][T18963] netlink: 'syz.2.2697': attribute type 33 has an invalid length. [ 975.788054][T18962] netlink: 'syz.3.2698': attribute type 33 has an invalid length. [ 976.794258][T18979] netlink: 'syz.3.2699': attribute type 33 has an invalid length. [ 976.805077][T18980] netlink: 'syz.2.2700': attribute type 33 has an invalid length. [ 979.446407][T19026] netlink: 'syz.3.2709': attribute type 33 has an invalid length. [ 979.478298][T19018] netlink: 'syz.1.2708': attribute type 33 has an invalid length. [ 980.909167][T19049] netlink: 'syz.1.2712': attribute type 33 has an invalid length. [ 981.057951][T19053] netlink: 'syz.2.2714': attribute type 33 has an invalid length. [ 981.596256][T19057] netlink: 'syz.0.2715': attribute type 33 has an invalid length. [ 983.702248][T19078] netlink: 'syz.2.2719': attribute type 33 has an invalid length. [ 983.758779][T19094] netlink: 'syz.0.2721': attribute type 33 has an invalid length. [ 984.809060][T19108] netlink: 'syz.0.2724': attribute type 33 has an invalid length. [ 985.456733][T19115] netlink: 'syz.2.2726': attribute type 33 has an invalid length. [ 985.812389][T19126] netlink: 'syz.0.2728': attribute type 33 has an invalid length. [ 987.937400][T19154] netlink: 'syz.0.2733': attribute type 33 has an invalid length. [ 988.845093][T19170] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2734'. [ 989.579267][T19171] netlink: 'syz.3.2737': attribute type 33 has an invalid length. [ 989.953979][T19180] netlink: 'syz.0.2738': attribute type 33 has an invalid length. [ 990.038321][T19181] netlink: 'syz.2.2739': attribute type 33 has an invalid length. [ 991.749335][T19210] netlink: 'syz.2.2744': attribute type 33 has an invalid length. [ 992.489621][T19226] input: f¬ as /devices/virtual/input/input18 [ 993.434625][T19240] netlink: 'syz.3.2749': attribute type 33 has an invalid length. [ 994.679031][T19251] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2752'. [ 994.694383][T19258] netlink: 'syz.3.2751': attribute type 33 has an invalid length. [ 995.501022][T19269] netlink: 'syz.1.2756': attribute type 33 has an invalid length. [ 997.178437][T19297] netlink: 'syz.2.2761': attribute type 33 has an invalid length. [ 997.955515][T19308] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2764'. [ 998.862874][T19322] netlink: 'syz.2.2766': attribute type 33 has an invalid length. [ 998.872624][T19325] netlink: 'syz.1.2767': attribute type 33 has an invalid length. [ 1000.742025][T19356] netlink: 'syz.1.2772': attribute type 33 has an invalid length. [ 1002.040216][T19377] netlink: 'syz.3.2777': attribute type 33 has an invalid length. [ 1002.573608][T19380] netlink: 'syz.2.2778': attribute type 33 has an invalid length. [ 1002.943943][T19395] netlink: 'syz.2.2781': attribute type 33 has an invalid length. [ 1003.710445][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1003.716984][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1004.272145][T19413] input: f¬ as /devices/virtual/input/input19 [ 1004.787397][T19424] netlink: 'syz.1.2785': attribute type 33 has an invalid length. [ 1006.590709][T19443] netlink: 'syz.1.2790': attribute type 33 has an invalid length. [ 1007.261318][T19449] netlink: 'syz.2.2792': attribute type 33 has an invalid length. [ 1008.309570][T19477] input: f¬ as /devices/virtual/input/input20 [ 1008.352540][T19473] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2795'. [ 1009.149663][T19485] netlink: 'syz.2.2798': attribute type 33 has an invalid length. [ 1010.330574][T19506] netlink: 'syz.2.2810': attribute type 33 has an invalid length. [ 1010.555803][T19512] netlink: 'syz.0.2803': attribute type 33 has an invalid length. [ 1010.891974][T19519] netlink: 'syz.2.2804': attribute type 33 has an invalid length. [ 1011.190940][T19523] netlink: 'syz.3.2805': attribute type 33 has an invalid length. [ 1014.210343][T19568] netlink: 'syz.2.2814': attribute type 33 has an invalid length. [ 1014.254290][T19566] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2812'. [ 1014.761661][T19579] netlink: 'syz.2.2817': attribute type 33 has an invalid length. [ 1014.948634][T19574] netlink: 'syz.0.2816': attribute type 33 has an invalid length. [ 1016.097695][T19586] netlink: 'syz.1.2819': attribute type 33 has an invalid length. [ 1018.190297][T19626] netlink: 'syz.2.2826': attribute type 33 has an invalid length. [ 1018.632830][T19637] netlink: 'syz.0.2829': attribute type 33 has an invalid length. [ 1018.681627][T19635] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2828'. [ 1019.321114][T19646] netlink: 'syz.2.2831': attribute type 1 has an invalid length. [ 1019.803155][T19643] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2830'. [ 1020.539915][T19658] netlink: 'syz.3.2833': attribute type 33 has an invalid length. [ 1023.511291][T19693] netlink: 'syz.3.2840': attribute type 33 has an invalid length. [ 1023.619113][T19699] netlink: 'syz.2.2841': attribute type 33 has an invalid length. [ 1024.193189][T19709] netlink: 'syz.2.2843': attribute type 1 has an invalid length. [ 1024.532666][T19715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2842'. [ 1025.302992][T19718] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2845'. [ 1025.792510][T19734] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1025.820641][T19729] netlink: 'syz.0.2846': attribute type 33 has an invalid length. [ 1027.426508][T19761] netlink: 'syz.3.2852': attribute type 33 has an invalid length. [ 1027.607208][T19769] netlink: 'syz.2.2854': attribute type 33 has an invalid length. [ 1027.971282][T19775] netlink: 'syz.3.2856': attribute type 1 has an invalid length. [ 1029.535671][T19787] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2857'. [ 1029.570907][T19792] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2858'. [ 1029.912938][T19800] netlink: 'syz.3.2860': attribute type 33 has an invalid length. [ 1030.668120][T19819] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1031.911165][T19831] netlink: 'syz.1.2865': attribute type 33 has an invalid length. [ 1032.948001][T19848] netlink: 'syz.0.2869': attribute type 1 has an invalid length. [ 1034.656430][T19870] netlink: 'syz.2.2872': attribute type 33 has an invalid length. [ 1035.183177][T19883] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1037.351001][T19911] netlink: 'syz.2.2879': attribute type 33 has an invalid length. [ 1037.776283][T19918] netlink: 'syz.2.2882': attribute type 1 has an invalid length. [ 1038.111662][T19926] netlink: 'syz.1.2881': attribute type 33 has an invalid length. [ 1039.094510][T19934] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2884'. [ 1039.969767][T19953] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1039.992552][T19950] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2886'. [ 1041.773217][T19969] netlink: 'syz.1.2891': attribute type 33 has an invalid length. [ 1042.083361][T19986] netlink: 'syz.2.2894': attribute type 33 has an invalid length. [ 1043.938797][T20015] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2898'. [ 1043.950124][T20010] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 1043.977074][T20010] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 1044.002737][T20010] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1044.575640][T20021] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1046.181777][T20044] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2903'. [ 1046.201814][T20043] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2905'. [ 1046.839038][T20048] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2902'. [ 1049.178099][T20078] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1050.151147][T20086] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2913'. [ 1051.238094][T20110] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2917'. [ 1051.646915][T20118] FAULT_INJECTION: forcing a failure. [ 1051.646915][T20118] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1051.661314][T20118] CPU: 0 UID: 0 PID: 20118 Comm: syz.1.2918 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 1051.661361][T20118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1051.661381][T20118] Call Trace: [ 1051.661394][T20118] [ 1051.661406][T20118] dump_stack_lvl+0x16c/0x1f0 [ 1051.661452][T20118] should_fail_ex+0x512/0x640 [ 1051.661500][T20118] should_fail_alloc_page+0xe7/0x130 [ 1051.661549][T20118] prepare_alloc_pages+0x3c2/0x610 [ 1051.661632][T20118] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1051.661684][T20118] ? __lock_acquire+0x62e/0x1ce0 [ 1051.661732][T20118] ? css_rstat_updated+0x1c2/0x510 [ 1051.661777][T20118] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1051.661828][T20118] ? rcu_is_watching+0x12/0xc0 [ 1051.661875][T20118] ? __lock_acquire+0x62e/0x1ce0 [ 1051.661920][T20118] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1051.661973][T20118] ? policy_nodemask+0xea/0x4e0 [ 1051.662021][T20118] alloc_pages_mpol+0x1fb/0x550 [ 1051.662067][T20118] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1051.662115][T20118] ? filemap_get_entry+0x1a7/0x3b0 [ 1051.662165][T20118] folio_alloc_noprof+0x20/0x2d0 [ 1051.662216][T20118] filemap_alloc_folio_noprof+0x3a1/0x470 [ 1051.662254][T20118] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 1051.662289][T20118] ? rcu_is_watching+0x12/0xc0 [ 1051.662330][T20118] __filemap_get_folio+0x5e1/0xc30 [ 1051.662385][T20118] ioctx_alloc+0x761/0x2120 [ 1051.662444][T20118] ? __pfx_ioctx_alloc+0x10/0x10 [ 1051.662479][T20118] ? __might_fault+0x13b/0x190 [ 1051.662529][T20118] __x64_sys_io_setup+0xc9/0x210 [ 1051.662571][T20118] do_syscall_64+0xcd/0x490 [ 1051.662612][T20118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1051.662646][T20118] RIP: 0033:0x7f85a498ebe9 [ 1051.662672][T20118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1051.662705][T20118] RSP: 002b:00007f85a58a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 1051.662736][T20118] RAX: ffffffffffffffda RBX: 00007f85a4bb6090 RCX: 00007f85a498ebe9 [ 1051.662757][T20118] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff [ 1051.662784][T20118] RBP: 00007f85a4a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1051.662803][T20118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1051.662821][T20118] R13: 00007f85a4bb6128 R14: 00007f85a4bb6090 R15: 00007ffd40fc3e48 [ 1051.662863][T20118] [ 1052.061392][T20120] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2919'. [ 1055.102858][T20156] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1056.574994][T20179] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2931'. [ 1056.890105][T20164] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1057.497697][T20194] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2933'. [ 1060.419976][T20230] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1065.149428][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1065.158248][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1066.516433][T20319] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1067.496984][T20332] FAULT_INJECTION: forcing a failure. [ 1067.496984][T20332] name failslab, interval 1, probability 0, space 0, times 0 [ 1067.653782][T20332] CPU: 0 UID: 0 PID: 20332 Comm: syz.2.2958 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 1067.653830][T20332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1067.653873][T20332] Call Trace: [ 1067.653885][T20332] [ 1067.653902][T20332] dump_stack_lvl+0x16c/0x1f0 [ 1067.653933][T20332] should_fail_ex+0x512/0x640 [ 1067.653961][T20332] ? __kmalloc_noprof+0xbf/0x510 [ 1067.653991][T20332] ? nfc_llcp_build_tlv+0xfd/0x230 [ 1067.654015][T20332] should_failslab+0xc2/0x120 [ 1067.654046][T20332] __kmalloc_noprof+0xd2/0x510 [ 1067.654081][T20332] nfc_llcp_build_tlv+0xfd/0x230 [ 1067.654112][T20332] nfc_llcp_build_gb.isra.0+0xed/0x400 [ 1067.654154][T20332] ? __pfx_nfc_llcp_build_gb.isra.0+0x10/0x10 [ 1067.654203][T20332] ? nfc_genl_dump_devices+0x230/0x470 [ 1067.654243][T20332] ? lockdep_init_map_type+0x5c/0x280 [ 1067.654281][T20332] nfc_llcp_register_device+0x600/0xa60 [ 1067.654309][T20332] nfc_register_device+0x6d/0x3c0 [ 1067.654338][T20332] nci_register_device+0x7f1/0xb80 [ 1067.654377][T20332] ? __pfx_nci_register_device+0x10/0x10 [ 1067.654420][T20332] ? lockdep_init_map_type+0x5c/0x280 [ 1067.654458][T20332] virtual_ncidev_open+0x141/0x220 [ 1067.654497][T20332] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1067.654534][T20332] misc_open+0x35a/0x420 [ 1067.654572][T20332] ? __pfx_misc_open+0x10/0x10 [ 1067.654608][T20332] chrdev_open+0x231/0x6a0 [ 1067.654638][T20332] ? __pfx_apparmor_file_open+0x10/0x10 [ 1067.654678][T20332] ? __pfx_chrdev_open+0x10/0x10 [ 1067.654710][T20332] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1067.654743][T20332] do_dentry_open+0x97f/0x1530 [ 1067.654773][T20332] ? __pfx_chrdev_open+0x10/0x10 [ 1067.654810][T20332] vfs_open+0x82/0x3f0 [ 1067.654855][T20332] path_openat+0x1de4/0x2cb0 [ 1067.654894][T20332] ? __pfx_path_openat+0x10/0x10 [ 1067.654931][T20332] do_filp_open+0x20b/0x470 [ 1067.654960][T20332] ? __pfx_do_filp_open+0x10/0x10 [ 1067.655010][T20332] ? alloc_fd+0x471/0x7d0 [ 1067.655044][T20332] do_sys_openat2+0x11b/0x1d0 [ 1067.655080][T20332] ? __pfx_do_sys_openat2+0x10/0x10 [ 1067.655138][T20332] __x64_sys_openat+0x174/0x210 [ 1067.655188][T20332] ? __pfx___x64_sys_openat+0x10/0x10 [ 1067.655247][T20332] do_syscall_64+0xcd/0x490 [ 1067.655276][T20332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.655299][T20332] RIP: 0033:0x7fd8ba58ebe9 [ 1067.655318][T20332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1067.655341][T20332] RSP: 002b:00007fd8bb461038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1067.655363][T20332] RAX: ffffffffffffffda RBX: 00007fd8ba7b6090 RCX: 00007fd8ba58ebe9 [ 1067.655378][T20332] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 1067.655393][T20332] RBP: 00007fd8ba611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1067.655408][T20332] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000000 [ 1067.655422][T20332] R13: 00007fd8ba7b6128 R14: 00007fd8ba7b6090 R15: 00007ffd539e8438 [ 1067.655452][T20332] [ 1071.324431][T20387] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1071.392128][T20385] netlink: 'syz.0.2968': attribute type 33 has an invalid length. [ 1073.523618][T20425] vhci_hcd: invalid port number 16 [ 1073.545893][T20425] vhci_hcd: invalid port number 16 [ 1074.220322][T20431] random: crng reseeded on system resumption [ 1075.508202][T20455] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1076.010220][T20456] netlink: 'syz.3.2981': attribute type 33 has an invalid length. [ 1079.064251][T20500] netlink: 302 bytes leftover after parsing attributes in process `syz.2.2991'. [ 1080.078707][T20516] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1081.632744][T20534] netlink: 'syz.2.2995': attribute type 33 has an invalid length. [ 1084.400760][T20580] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1085.806731][T20589] netlink: 'syz.2.3006': attribute type 33 has an invalid length. [ 1089.334964][T20645] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1091.089684][T20667] netlink: 'syz.3.3021': attribute type 33 has an invalid length. [ 1093.319816][T20700] mkiss: ax0: crc mode is auto. [ 1093.432224][ T31] audit: type=1800 audit(1843105381.810:12): pid=20699 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3026" name="dbroot" dev="configfs" ino=82225 res=0 errno=0 [ 1094.331370][T20719] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1095.993554][T20736] netlink: 'syz.2.3032': attribute type 33 has an invalid length. [ 1098.406344][T20784] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1102.958363][T20860] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1103.357586][ T31] audit: type=1800 audit(1843105391.730:13): pid=20868 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3057" name="members" dev="configfs" ino=83620 res=0 errno=0 [ 1107.193999][T20933] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1112.422318][T20998] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1114.131907][ T31] audit: type=1800 audit(1843105402.510:14): pid=21019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3087" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1114.190410][T21015] FAULT_INJECTION: forcing a failure. [ 1114.190410][T21015] name failslab, interval 1, probability 0, space 0, times 0 [ 1114.268477][T21015] CPU: 1 UID: 0 PID: 21015 Comm: syz.3.3086 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 1114.268524][T21015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1114.268545][T21015] Call Trace: [ 1114.268556][T21015] [ 1114.268569][T21015] dump_stack_lvl+0x16c/0x1f0 [ 1114.268616][T21015] should_fail_ex+0x512/0x640 [ 1114.268657][T21015] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1114.268696][T21015] should_failslab+0xc2/0x120 [ 1114.268741][T21015] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1114.268776][T21015] ? kvm_arch_vcpu_create+0x3d3/0xb20 [ 1114.268830][T21015] kvm_arch_vcpu_create+0x3d3/0xb20 [ 1114.268886][T21015] kvm_vm_ioctl+0xfec/0x4000 [ 1114.268935][T21015] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1114.268995][T21015] ? kasan_quarantine_put+0x10a/0x240 [ 1114.269031][T21015] ? lockdep_hardirqs_on+0x7c/0x110 [ 1114.269070][T21015] ? find_held_lock+0x2b/0x80 [ 1114.269104][T21015] ? tomoyo_path_number_perm+0x295/0x580 [ 1114.269147][T21015] ? tomoyo_path_number_perm+0x18d/0x580 [ 1114.269193][T21015] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1114.269244][T21015] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1114.269298][T21015] ? do_vfs_ioctl+0x128/0x14f0 [ 1114.269350][T21015] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1114.269414][T21015] ? find_held_lock+0x2b/0x80 [ 1114.269445][T21015] ? hook_file_ioctl_common+0x145/0x410 [ 1114.269493][T21015] ? __fget_files+0x20e/0x3c0 [ 1114.269535][T21015] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1114.269570][T21015] __x64_sys_ioctl+0x18e/0x210 [ 1114.269623][T21015] do_syscall_64+0xcd/0x490 [ 1114.269663][T21015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1114.269696][T21015] RIP: 0033:0x7fe1ee38ebe9 [ 1114.269721][T21015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1114.269753][T21015] RSP: 002b:00007fe1ef2d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1114.269785][T21015] RAX: ffffffffffffffda RBX: 00007fe1ee5b5fa0 RCX: 00007fe1ee38ebe9 [ 1114.269807][T21015] RDX: 0000000000000002 RSI: 000000000000ae41 RDI: 0000000000000003 [ 1114.269827][T21015] RBP: 00007fe1ee411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1114.269847][T21015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1114.269867][T21015] R13: 00007fe1ee5b6038 R14: 00007fe1ee5b5fa0 R15: 00007ffcca706578 [ 1114.269911][T21015] [ 1115.015324][T21028] netlink: 'syz.2.3089': attribute type 33 has an invalid length. [ 1115.755408][T21042] netlink: 'syz.1.3092': attribute type 33 has an invalid length. [ 1116.871571][T21052] netlink: 'syz.0.3095': attribute type 33 has an invalid length. [ 1119.622163][T21093] netlink: 'syz.0.3103': attribute type 33 has an invalid length. [ 1120.543103][T21104] netlink: 'syz.2.3105': attribute type 33 has an invalid length. [ 1121.051650][T21111] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1121.270159][T21110] netlink: 'syz.1.3106': attribute type 33 has an invalid length. [ 1124.023936][T21147] netlink: 'syz.3.3112': attribute type 33 has an invalid length. [ 1125.363896][T21162] netlink: 'syz.1.3117': attribute type 33 has an invalid length. [ 1125.826596][T21167] netlink: 'syz.0.3116': attribute type 33 has an invalid length. [ 1126.595739][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1126.602129][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1126.786755][T21180] netlink: 'syz.0.3119': attribute type 33 has an invalid length. [ 1126.920203][T21188] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1129.292711][T21220] netlink: 'syz.2.3127': attribute type 33 has an invalid length. [ 1129.658912][T21228] netlink: 'syz.0.3128': attribute type 33 has an invalid length. [ 1130.913248][T21233] netlink: 'syz.1.3130': attribute type 33 has an invalid length. [ 1130.960354][T21247] netlink: 'syz.0.3132': attribute type 33 has an invalid length. [ 1133.003729][T21285] blkio.reset_stats is deprecated [ 1134.576762][T21306] netlink: 'syz.1.3142': attribute type 33 has an invalid length. [ 1135.512935][T21319] netlink: 'syz.3.3144': attribute type 33 has an invalid length. [ 1135.687092][T21321] netlink: 'syz.1.3145': attribute type 33 has an invalid length. [ 1136.582833][T21326] netlink: 'syz.2.3146': attribute type 33 has an invalid length. [ 1139.556390][T21369] netlink: 'syz.1.3156': attribute type 33 has an invalid length. [ 1140.203920][T21384] netlink: 'syz.1.3160': attribute type 33 has an invalid length. [ 1140.557147][T21373] netlink: 'syz.2.3159': attribute type 33 has an invalid length. [ 1143.427825][T21415] netlink: 'syz.1.3165': attribute type 33 has an invalid length. [ 1144.424483][T21431] Console: switching to colour VGA+ 80x25 [ 1144.595772][T21436] netlink: 'syz.0.3168': attribute type 33 has an invalid length. [ 1145.598934][T21457] netlink: 'syz.1.3172': attribute type 33 has an invalid length. [ 1145.976318][T21465] netlink: 'syz.3.3174': attribute type 33 has an invalid length. [ 1146.090143][T21460] netlink: 'syz.0.3173': attribute type 33 has an invalid length. [ 1148.216572][T21485] netlink: 'syz.3.3178': attribute type 33 has an invalid length. [ 1149.058210][T21499] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3181'. [ 1149.255025][T21502] netlink: 'syz.1.3182': attribute type 33 has an invalid length. [ 1150.312818][T21518] delete_channel: no stack [ 1150.336315][T21521] netlink: 'syz.0.3186': attribute type 33 has an invalid length. [ 1150.377127][T21518] tipc: Started in network mode [ 1150.382890][T21518] tipc: Node identity ee00, cluster identity 4711 [ 1150.395596][T21518] tipc: Node number set to 60928 [ 1150.505808][T21511] [ 1150.508203][T21511] ====================================================== [ 1150.515250][T21511] WARNING: possible circular locking dependency detected [ 1150.522298][T21511] 6.16.0-syzkaller-11895-gcca7a0aae895 #0 Not tainted [ 1150.529102][T21511] ------------------------------------------------------ [ 1150.536158][T21511] syz.1.3184/21511 is trying to acquire lock: [ 1150.542257][T21511] ffff888143352d28 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x103/0x400 [ 1150.551780][T21511] [ 1150.551780][T21511] but task is already holding lock: [ 1150.559188][T21511] ffff8881433527e8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 1150.570503][T21511] [ 1150.570503][T21511] which lock already depends on the new lock. [ 1150.570503][T21511] [ 1150.580939][T21511] [ 1150.580939][T21511] the existing dependency chain (in reverse order) is: [ 1150.590063][T21511] [ 1150.590063][T21511] -> #3 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 1150.598716][T21511] blk_alloc_queue+0x619/0x760 [ 1150.604056][T21511] blk_mq_alloc_queue+0x172/0x280 [ 1150.609637][T21511] __blk_mq_alloc_disk+0x29/0x120 [ 1150.615214][T21511] loop_add+0x490/0xb70 [ 1150.619926][T21511] loop_init+0x164/0x270 [ 1150.624722][T21511] do_one_initcall+0x120/0x6e0 [ 1150.630042][T21511] kernel_init_freeable+0x5c2/0x910 [ 1150.635797][T21511] kernel_init+0x1c/0x2b0 [ 1150.640684][T21511] ret_from_fork+0x5d7/0x6f0 [ 1150.645831][T21511] ret_from_fork_asm+0x1a/0x30 [ 1150.651161][T21511] [ 1150.651161][T21511] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 1150.658425][T21511] fs_reclaim_acquire+0x102/0x150 [ 1150.664022][T21511] prepare_alloc_pages+0x162/0x610 [ 1150.669696][T21511] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1150.676147][T21511] __alloc_pages_noprof+0xb/0x1b0 [ 1150.681720][T21511] pcpu_populate_chunk+0x110/0xb00 [ 1150.687383][T21511] pcpu_alloc_noprof+0x86a/0x1470 [ 1150.692963][T21511] bpf_map_alloc_percpu+0x9a/0x4b0 [ 1150.698666][T21511] htab_map_alloc+0x10ca/0x1570 [ 1150.704060][T21511] map_create+0x58f/0x1f80 [ 1150.709055][T21511] __sys_bpf+0x44d2/0x4de0 [ 1150.714028][T21511] __x64_sys_bpf+0x78/0xc0 [ 1150.719003][T21511] do_syscall_64+0xcd/0x490 [ 1150.724052][T21511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1150.730486][T21511] [ 1150.730486][T21511] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 1150.738252][T21511] __mutex_lock+0x193/0x10b0 [ 1150.743392][T21511] pcpu_alloc_noprof+0xb4c/0x1470 [ 1150.748965][T21511] sbitmap_init_node+0x2fd/0x770 [ 1150.754470][T21511] sbitmap_queue_init_node+0x41/0x560 [ 1150.760433][T21511] blk_mq_init_tags+0x12d/0x2b0 [ 1150.765833][T21511] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 1150.771924][T21511] blk_mq_init_sched+0x30c/0x610 [ 1150.777422][T21511] elevator_switch+0x1e1/0x7f0 [ 1150.782741][T21511] elevator_change+0x2ac/0x400 [ 1150.788071][T21511] elevator_set_default+0x2c4/0x360 [ 1150.793877][T21511] blk_register_queue+0x393/0x4f0 [ 1150.799457][T21511] __add_disk+0x74a/0xf00 [ 1150.804334][T21511] add_disk_fwnode+0x13f/0x5d0 [ 1150.809648][T21511] nbd_dev_add+0x783/0xbb0 [ 1150.814620][T21511] nbd_init+0x181/0x320 [ 1150.819343][T21511] do_one_initcall+0x120/0x6e0 [ 1150.824665][T21511] kernel_init_freeable+0x5c2/0x910 [ 1150.830432][T21511] kernel_init+0x1c/0x2b0 [ 1150.835321][T21511] ret_from_fork+0x5d7/0x6f0 [ 1150.840487][T21511] ret_from_fork_asm+0x1a/0x30 [ 1150.845803][T21511] [ 1150.845803][T21511] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 1150.853660][T21511] __lock_acquire+0x12a6/0x1ce0 [ 1150.859070][T21511] lock_acquire+0x179/0x350 [ 1150.864133][T21511] __mutex_lock+0x193/0x10b0 [ 1150.869271][T21511] elevator_change+0x103/0x400 [ 1150.874590][T21511] elv_iosched_store+0x2eb/0x3a0 [ 1150.880092][T21511] queue_attr_store+0x26b/0x310 [ 1150.885491][T21511] sysfs_kf_write+0xf2/0x150 [ 1150.890654][T21511] kernfs_fop_write_iter+0x354/0x510 [ 1150.896480][T21511] vfs_write+0x6c4/0x1150 [ 1150.901375][T21511] ksys_write+0x12a/0x250 [ 1150.906252][T21511] do_syscall_64+0xcd/0x490 [ 1150.911325][T21511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1150.917886][T21511] [ 1150.917886][T21511] other info that might help us debug this: [ 1150.917886][T21511] [ 1150.928122][T21511] Chain exists of: [ 1150.928122][T21511] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#18 [ 1150.928122][T21511] [ 1150.941898][T21511] Possible unsafe locking scenario: [ 1150.941898][T21511] [ 1150.949360][T21511] CPU0 CPU1 [ 1150.954739][T21511] ---- ---- [ 1150.960120][T21511] lock(&q->q_usage_counter(io)#18); [ 1150.965520][T21511] lock(fs_reclaim); [ 1150.972039][T21511] lock(&q->q_usage_counter(io)#18); [ 1150.979957][T21511] lock(&q->elevator_lock); [ 1150.984570][T21511] [ 1150.984570][T21511] *** DEADLOCK *** [ 1150.984570][T21511] [ 1150.992718][T21511] 7 locks held by syz.1.3184/21511: [ 1150.997937][T21511] #0: ffff8880335055f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 1151.007059][T21511] #1: ffff88807cd9e428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1151.016090][T21511] #2: ffff88805bcb1888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 1151.025879][T21511] #3: ffff8881433a6008 (kn->active#78){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 1151.035950][T21511] #4: ffff888025d9a368 (&set->update_nr_hwq_lock){++++}-{4:4}, at: elv_iosched_store+0x337/0x3a0 [ 1151.046735][T21511] #5: ffff8881433527e8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 1151.058623][T21511] #6: ffff888143352820 (&q->q_usage_counter(queue)#22){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 1151.070622][T21511] [ 1151.070622][T21511] stack backtrace: [ 1151.076525][T21511] CPU: 1 UID: 0 PID: 21511 Comm: syz.1.3184 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(full) [ 1151.076562][T21511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1151.076578][T21511] Call Trace: [ 1151.076587][T21511] [ 1151.076598][T21511] dump_stack_lvl+0x116/0x1f0 [ 1151.076630][T21511] print_circular_bug+0x275/0x350 [ 1151.076668][T21511] check_noncircular+0x14c/0x170 [ 1151.076707][T21511] __lock_acquire+0x12a6/0x1ce0 [ 1151.076751][T21511] lock_acquire+0x179/0x350 [ 1151.076786][T21511] ? elevator_change+0x103/0x400 [ 1151.076828][T21511] ? __pfx___might_resched+0x10/0x10 [ 1151.076858][T21511] ? elevator_change+0x103/0x400 [ 1151.076896][T21511] __mutex_lock+0x193/0x10b0 [ 1151.076925][T21511] ? elevator_change+0x103/0x400 [ 1151.076970][T21511] ? enable_work+0x245/0x340 [ 1151.076995][T21511] ? __pfx_xa_find_after+0x10/0x10 [ 1151.077031][T21511] ? __pfx___mutex_lock+0x10/0x10 [ 1151.077065][T21511] ? blk_mq_cancel_work_sync+0xd8/0x110 [ 1151.077097][T21511] ? __pfx_blk_mq_cancel_work_sync+0x10/0x10 [ 1151.077134][T21511] ? elevator_change+0x103/0x400 [ 1151.077172][T21511] elevator_change+0x103/0x400 [ 1151.077213][T21511] elv_iosched_store+0x2eb/0x3a0 [ 1151.077261][T21511] ? __pfx_elv_iosched_store+0x10/0x10 [ 1151.077320][T21511] ? __mutex_trylock_common+0xe9/0x250 [ 1151.077359][T21511] ? __pfx_elv_iosched_store+0x10/0x10 [ 1151.077401][T21511] queue_attr_store+0x26b/0x310 [ 1151.077436][T21511] ? __pfx_queue_attr_store+0x10/0x10 [ 1151.077479][T21511] ? find_held_lock+0x2b/0x80 [ 1151.077505][T21511] ? sysfs_file_kobj+0xe4/0x290 [ 1151.077536][T21511] ? __pfx_queue_attr_store+0x10/0x10 [ 1151.077570][T21511] sysfs_kf_write+0xf2/0x150 [ 1151.077600][T21511] kernfs_fop_write_iter+0x354/0x510 [ 1151.077625][T21511] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1151.077657][T21511] vfs_write+0x6c4/0x1150 [ 1151.077688][T21511] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1151.077716][T21511] ? __pfx___mutex_lock+0x10/0x10 [ 1151.077746][T21511] ? __pfx_vfs_write+0x10/0x10 [ 1151.077786][T21511] ksys_write+0x12a/0x250 [ 1151.077817][T21511] ? __pfx_ksys_write+0x10/0x10 [ 1151.077853][T21511] do_syscall_64+0xcd/0x490 [ 1151.077884][T21511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1151.077912][T21511] RIP: 0033:0x7f85a498ebe9 [ 1151.077933][T21511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1151.077967][T21511] RSP: 002b:00007f85a58c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1151.077992][T21511] RAX: ffffffffffffffda RBX: 00007f85a4bb5fa0 RCX: 00007f85a498ebe9 [ 1151.078010][T21511] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1151.078026][T21511] RBP: 00007f85a4a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1151.078043][T21511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1151.078059][T21511] R13: 00007f85a4bb6038 R14: 00007f85a4bb5fa0 R15: 00007ffd40fc3e48 [ 1151.078089][T21511] [ 1151.414043][T21524] netlink: 'syz.3.3187': attribute type 33 has an invalid length.