last executing test programs: 10.196469305s ago: executing program 0 (id=4911): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) socket(0x15, 0x5, 0x0) (async) r0 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x4d4140, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptybd\x00', 0x6202, 0x0) (async) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x109302, 0x0) (async) prctl$auto(0x3e, 0x3, 0x0, 0x1, 0x0) (async) r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) socket(0x2b, 0x5, 0x1) (async) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket(0xa, 0x5, 0x94) openat$auto_dai_list_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x140, 0x0) (async) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000040)={0x7, 0x0}) (async) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(r3, 0x0, 0x2004c894) close_range$auto(0x2, 0x8, 0x0) (async) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) (async) mmap$auto(0x40000000000000, 0x20009, 0x8000000000000e3, 0x100000eb1, 0x40000000000a1, 0x7ffc) ioctl$auto(r2, 0x8927, 0xffffffffffffffff) mmap$auto(0x1000000000003, 0x810001, 0x8004, 0x8000000008011, r0, 0x88000) preadv2$auto(r4, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0x8000000000000001, 0x4, 0x7ff) (async) ioctl$auto_BLKFLSBUF(r4, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x60802, 0x0) (async) socket(0x1e, 0x6, 0x0) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0xfffffffffffffffd, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) 8.723498615s ago: executing program 0 (id=4916): syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0xc, 0x400007, 0xe2, 0x9b78, 0x2, 0x4) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) madvise$auto(0x0, 0x1de0, 0x10000) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram8/dev\x00', 0x6a8800, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) semget$auto(0x0, 0x13c, 0x1ff) semtimedop$auto(0x40, &(0x7f0000000300)={0x7, 0xffff, 0x70}, 0x1f4, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x800000000001, 0x0) write$auto(r0, &(0x7f00000005c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D_#\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc^:\xd1\xe3\xf1@\xc0\x93^:Mn#Oi\xaa[X\x93)\x8f\x03K\xe6\xa4\x11?\xf1\x02+\\\xf9\x8b\xe5l5\x11\x006c\x907E\xeb\x81\fB\xe3\xf8n\x8f\x94V\xbcB\x9cm\x9f\x15\x00Q\xf8\x8fFW#?\xd5Z~\xa51\x832\xbd|\x19\xda\x8e\xff\x17\r\x96\xa3\xcc+\xf4a\xffN\xd2_\xe5\\\xf8Lzc\xd4\xa0\x1f\x04_\xf1\xc6\fO\xbe?)Q\xc7\\B\xdb\xeaI\xde\xe9m\xf5\xf9\x19\xd3@IK\xe3c\x0ek\x8drZ\xad\xdc\xbb\xfc\xd4\x1f\xdaOW\x87\xb6Fm\x12\xadw(z\\j\xcc0P\xaeC\x9f\xbf\xd5\xf9\xe3\x85~cG\f\x85\xd6\x84ma\xfd\xdayNj\x80\xdd3^\x87,\x14\x8e\xbe$\x05\x8a\xb0 M\xf6$B TCs\xa9\x91dil[\xfc\a\xbfD\xd9\x8d(F\x1e\f\xec\xe9K|h\xf5\xcaUI\x18#\xbed\xa8C\x8a\xbb\fE\xe6\xa3|\xf7\xa8\xbb\xd3\x97l.V/uc\xb5Q\x1eY\xe0\x03\xa1\xc1\xc8\xe2=RK\x7fWV;\xe4\xccTsf\xa7[\xdd\x9cR\xab\xf81s\xbc\x9c\xaaSGH\x9al\xb9%u\v\xb4\x9d\x95\x16\x01\xbbT\x99S\xf8A\xcd\bRC\xf4\xb0\x1a%\xdd+1\x81\x9d6\x90\xe8\xc6\xc1\x1e\xf0~\xaf\x10g&\xd6\x01l::V\xdbJiVW\xab4G\x97\x9cl', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/rose7/flags\x00', 0x2262, 0x0) write$auto(r2, &(0x7f0000000100)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\xfc\xb2\x00\x00\x00\x00y\x113!\x05\xa7\xd6M\xce\xd6\'\xdf@\x9f\xf5 \x8b_hw\x8em\xd0\b\xe7~15\x9dv\xb2H', 0x81) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000002c0)={{0x0, 0x88, &(0x7f00000001c0)={&(0x7f00000007c0)="455865ef03d2bb1a91a58b3fa7db953f0e0cb5689515bfe46de401532540ad5e909ddcd10efd8a6336048958d8f40931274c9ca1d4e9e7376611c48e18b733b991607f70d21cd47bc3a1a82cd3cafdbef3cd5f88838232bee62f749cbb42e5bffa79e4fe619f5a8527ce1a7038bfb50f5e10049fcd274e8399972514f9da2d46e1d0812fd9dabc135742e19f24d3677522aa8f486f91ab88cf434e13939330fcab5909a0d4286f172c3440201b38ba552e5dd8dd28200f165df0097f21261f163f56fb7d807aaa6ef48b4c3252", 0x2}, 0x3, &(0x7f0000001940)="532912c0373ff7013bfc5b2abae591cf438c1c20cb04ece7d76b1e89870cf73e171ad4727be525f21d64dfcec775f4cc7c258a10fe0f0881fe426ef3239f18287af1a3943238d1d663c481862bb6fd81be670a4306bbe9524c264b9a44c464ad9bf66badddfc8e4c35f5492d171aea3cdfdd04584a941f872a8e163e8d3238622c", 0x5, 0x3}, 0x2}, 0xfffffff9, 0x10001) ioctl$auto_TUNSETVNETHDRSZ2(r1, 0x400454d8, &(0x7f0000000240)=0x29) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rxrpc/peers\x00', 0x101000, 0x0) pread64$auto(r3, 0x0, 0x80, 0xffff) madvise$auto(0x0, 0x200007, 0x8) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000180)='/dev/usbmon9\x00', 0x80000, 0x0) syz_clone3(0x0, 0x0) sysfs$auto(0x2, 0x4b, 0x0) 7.527135542s ago: executing program 1 (id=4921): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0x8208ae63, 0x38) 7.101490296s ago: executing program 1 (id=4923): r0 = socket(0xa, 0x2, 0x0) setsockopt$auto(r0, 0x29, 0x37, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) init_module$auto(0x0, 0xfffff, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0x3, 0x4b71, 0x38) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x6, 0x8000) get_mempolicy$auto(&(0x7f0000000000)=0x3, &(0x7f0000000040)=0x7, 0x8001, 0x3, 0x8) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/pagemap\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) ioctl$auto(0x3, 0xc018aec0, r1) write$auto(0x3, 0x0, 0xfffffdef) connect$auto(r0, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0xee8c, 0x4) 7.056789164s ago: executing program 3 (id=4924): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Virtual-1/edid_override\x00', 0x2082, 0x0) write$auto_drm_edid_fops_drm_debugfs(r1, 0x0, 0x0) link$auto(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r2) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x14, r3, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x44004811}, 0x40000c0) 6.982824231s ago: executing program 0 (id=4925): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x16100, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0xa001, 0x0) write$auto(r1, &(0x7f0000000140)='7\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x462080, 0x0) ioctl$auto_UI_SET_PROPBIT(r2, 0x4004556e, &(0x7f0000000040)=0x4) io_uring_setup$auto(0x2008, 0x0) r3 = socket(0x2, 0x2, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRESDEC=r0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000080004000900000008000200", @ANYRES32=0x0, @ANYRES64=r1, @ANYRES16=r2], 0x68}, 0x1, 0x0, 0x0, 0x40081}, 0x40090) socket(0x2, 0x3, 0x100) mremap$auto(0x0, 0x7f39, 0xb15, 0x4, 0xb6a) socket(0x10, 0x2, 0x0) r4 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/v4l-subdev0\x00', 0x200, 0x0) ioctl$auto(0x3, 0xc040564a, 0x38) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="0000000028019a500fcbe5c3b7b95599bcf2c4768b131fc5587ca9c203faf55e1025269b5695f7dc5721ce95352e0d23ca411b26b47bcac18f15be78", @ANYRESHEX=r3, @ANYBLOB="00082dbd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32, @ANYRESHEX=r5, @ANYRES32=r4, @ANYBLOB="060006000500dfff08000d"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40040) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) getsockopt$auto(r3, 0x1, 0x4, &(0x7f0000000040)='/dev/cec27\x00', &(0x7f0000000080)=0x9) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x403c6f2b, 0x0) 6.464861311s ago: executing program 3 (id=4926): r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event1\x00', 0x401c0, 0x0) fchmod$auto(r0, 0x7d29) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/tcp\x00', 0x181800, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x20800, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000180), 0x88100, 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f000000e680), 0x2, 0x0) r2 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r2, 0x29, 0x21, 0x0, 0x0) close_range$auto(r1, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r3, 0x540a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x2, 0x4, 0x8) mmap$auto(0x0, 0x40009, 0xdf, 0x10009b72, 0x7, 0x28000) r5 = socket(0x22, 0x2, 0x24) getsockopt$auto(r5, 0x3, 0x1, 0x0, &(0x7f00000000c0)=0x1) r6 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r6, 0x40047438, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) getsockopt$auto_SO_PEEK_OFF(r4, 0x2b, 0x2a, &(0x7f0000000000)=',,,(!\x00', &(0x7f0000000040)) ioctl$auto(0x3, 0xff09, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x3c1001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd41, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xfffffffffffffffe, 0x3, 0x62, 0x80000001, 0x80000000, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyq7\x00', 0x1c7080, 0x0) 6.328689383s ago: executing program 0 (id=4927): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x1, 0x106) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD_OLD(0xffffffffffffffff, 0x40045402, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) write$auto(0x3, 0x0, 0x100082) shmctl$auto_IPC_RMID(0xa5, 0x0, &(0x7f00000001c0)={{0x8000, 0xee00, 0xee01, 0x60d1, 0xffffff65, 0x7, 0xf}, 0x10, 0xfffffffffffffff8, 0x2, 0x9, @raw=0x5, @raw=0x6, 0x5, 0x0, &(0x7f0000000380)="f9ca908374a8903da0187c6cb26c49124768c1285f8fdb83073deee6b7a5e90f4421ea160bdea3da7df72e47ddf3bab04390f5dc943b9f943aa715661b3224d7e19026f265c7ae18a409b75065a1fcdac98733f41dfb9b27823350180d0076ce6a083d992a357859bbf31ed7637748554366d1b43feff686291fc3e95f2a1fcda8fabd7147b54a86ed68e5a901f2655444a28333d4c7737a09ee02386ad246cd7b49af871d0b8dcf20ea8213b807c2cd5b7b335cf587866667e40cb37047", &(0x7f0000000440)="a4df5f65a526e649d7527628697d6f446dd51fdb6757309bb3c8dc71e08168ae1189a7d71b08aa21d54ac5880e515eb635179c4bad719d2190da46221f70fdd4ce3d0ffd1787a3b234eae4a27a980dcde213cf5ca4fbcf5d74fda00f44fd9a2f6d24d2bac08984389ceef3e5aac3d8506b10687a227bc8b67a17e362fb6354524b0279367bcdece956df3a56f76cdfd5be60ccdb3cc990922225b8916ad3e8adbe04025fcc3d2359b2a1f9e146dca7d683f58d924e9cd921f905763a"}) msgctl$auto_MSG_STAT_ANY(0xfff, 0xd, &(0x7f0000000500)={{0x7, 0x0, 0xee00, 0x4, 0xf, 0x2, 0x4}, &(0x7f0000000080)=0xe9, &(0x7f0000000100)=0x7f, 0xfff, 0x5, 0x997, 0x6, 0x81, 0x0, 0x0, 0xfa, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff}) capset$auto(&(0x7f0000000600)={0x4, 0x0}, &(0x7f0000000640)={0xdd10, 0x3, 0x3}) msgctl$auto_MSG_INFO(0x9, 0xc, &(0x7f0000000680)={{0x7, r1, r2, 0x2, 0x6, 0xfffffffe, 0x9}, &(0x7f0000000580)=0x60, &(0x7f00000005c0)=0x1, 0x6, 0x9, 0x4, 0x2, 0x5, 0x0, 0x9, 0x2, @inferred=r3}) socket(0x2, 0x801, 0x100) bind$auto(0x3, &(0x7f0000000140), 0xd) syz_genetlink_get_family_id$auto_ovs_flow(0x0, r0) r4 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="1b0026bd7000fddbdf2503000000040008000c00038008000c000400000012000100898771f1c19f17790485908286dd000004000280040008"], 0x40}, 0x1, 0x0, 0x0, 0x44000884}, 0xc880) prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_ON(0x30d9, 0x1, 0xffffffffffffffff, 0x40, 0x603) r6 = socket(0xa, 0x801, 0x84) setsockopt$auto(r6, 0x10000000084, 0x9, 0x0, 0xa0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/cpu.weight.nice\x00', 0x10b142, 0x0) sendfile$auto(r7, r7, 0x0, 0x2f2) prctl$auto_PR_SET_MM_END_DATA(0x8, 0x4, 0x0, 0x6, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) setsockopt$auto(r0, 0x6, 0xc, &(0x7f0000000280)='l\xa7\xe4]U(\x01\x89=\x1e\x00\x00\x05 \x00\x00\x00\x00\x00\x00\x00\xb5\xbb\xf5\xe8=%yO.\x9d<\x9e\xa3\xdf\xf6,\xbb\x03\x9dB\x98T\xec\xb3]}}z\x90\x83P\xb7\xdez9:\x91\xe3opB\xe7\xa0a\xaf\xb9\xfe\xbd.\x02\xd4\x94\xab\xde;[\x11\xc0&\xcf\xcc\xf6x_$sN\xc5\xd0}\x94@E,\xb3\xf6\x80\xdajP\x17\xf8\xe2 \xc4\x87\x8c\x8c\xa5\xed\xd4-K\xe26+\x8dY\x96\xfa\x871WF\xfe2\xe4\x0f\\\x85\xca\xe3\xe7\x0e\xfd`\xa6R;?D\xc8\x03\x0e\xc36\xbbw\x1d\xe3\xd0hI\x1e\x85m\xbc\xfd\x9f\a\xd2A\xa0\v\xb0\\\xae(\xdb(\x93Z\xf7\x1c\x86\xa88\x9b\x89\xb9l=i\xc0\xdd\xb7M\xd0}.\xa9\xad\xc0\xfcG\x9f\x96<', 0x4) 6.099890182s ago: executing program 1 (id=4929): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x6, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = syz_open_procfs$namespace(0x0, 0x0) getdents$auto(r1, 0x0, 0xfff) msync$auto(0x7f, 0x6, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r2 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto_IORING_REGISTER_RESIZE_RINGS(r2, 0x21, 0x0, 0x400) 6.091185054s ago: executing program 3 (id=4930): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xf, 0x4, 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000a00)={'wlan1\x00'}) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x20100, 0x0) socket(0xa, 0x3, 0x106) r0 = socket(0x2, 0x3, 0xa) setsockopt$auto(r0, 0x0, 0x4000072, 0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, 0x0, 0x1fe, 0xd) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vlan1\x00'}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2000, 0x0) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000600)='/dev/ttye1\x00', 0x101001, 0x0) ioctl$auto_TIOCSWINSZ(r1, 0x5414, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) semget$auto(0x8, 0x3, 0xfffffffe) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x3d, 0x65f, 0x1ffde, 0x7, 0x3, 0x2, 0xd, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x6, 0x7ff, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x68, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x1fe, 0xd) mmap$auto(0x0, 0x2020005, 0x2, 0x110, 0xffffffffffffffff, 0x7fff) setsockopt$auto(0xffffffffffffffff, 0x107, 0x7, 0x0, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) 5.922019211s ago: executing program 0 (id=4931): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) socket(0x2, 0x1, 0x106) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) socket(0x1d, 0x2, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000580)='/dev/audio\x00', 0x0, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x8a001, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010026bd7000fcdbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="130001002e52526fb55cd326701381000000000008000200", @ANYRES32=0x9, @ANYBLOB="11b2fc0f57a0191f90e336309b80c34d235003f0dd299d25d305dd81d0c8b7f600509cb21f23d3f1f6221b1d5ea82d4407ad765c29cee086bafa2861cc0f063781ecfbb7a1f14e2c74efe08635c867f27c5edf247ecd152df5bcf0e255eafc39a8154caa4fef7228b0bd148142491ae16e7c4b02b537546ee73cf5550c29490ef82db6eba2dbd0297bf54861e79345c15e9547a56852133a4d675a8d4884cabd7cea12bae623df1fe9bb5b07839850da5f0e7f604dd0d939ed9ebe3e42b6cbef43e7f96618b9f4d7a3f3a74bfdb7f90ca4"], 0x38}, 0x1, 0x0, 0x0, 0x20000800}, 0x80) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_SET_BEACON(r3, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="64010000", @ANYBLOB, @ANYRES32=r1, @ANYBLOB="0400bc800400748008000600b1000080000000000000000000"], 0x164}, 0x1, 0x0, 0x0, 0x8015}, 0x4000000) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x0, 0xf2cf, 0x1ff, 0x4}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0x8}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) r6 = openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/mounts\x00', 0x212203, 0x0) read$auto_proc_mounts_operations_mnt_namespace(r6, &(0x7f0000000340)=""/12, 0xc) socket(0xa, 0x3, 0x8) socket(0x2b, 0x1, 0x1) r7 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) socket(0x2b, 0x1, 0x0) recvmmsg$auto(0x5, &(0x7f0000000580)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x80000001}, 0x4}, 0x3, 0x6, 0x0) 5.481006021s ago: executing program 3 (id=4932): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) socket(0x2, 0x1, 0x106) mq_getsetattr$auto(0xffffffffffffffff, &(0x7f0000000000)={0x81, 0x25, 0x5, 0x80}, 0x0) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) socket(0x1d, 0x2, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000580)='/dev/audio\x00', 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x8a001, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd7000fcdbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="130001002e52526fb55cd326701381000000000008000200", @ANYRES32=0x9, @ANYBLOB="11b2fc0f57a0191f90e336309b80c34d235003f0dd299d25d305dd81d0c8b7f600509cb21f23d3f1f6221b1d5ea82d4407ad765c29cee086bafa2861cc0f063781ecfbb7a1f14e2c74efe08635c867f27c5edf247ecd152df5bcf0e255eafc39a8154caa4fef7228b0bd148142491ae16e7c4b02b537546ee73cf5550c29490ef82db6eba2dbd0297bf54861e79345c15e9547a56852133a4d675a8d4884cabd7cea12bae623df1fe9bb5b07839850da5f0e7f604dd0d939ed9ebe3e42b6cbef43e7f96618b9f4d7a3f3a74bfdb7f90ca4"], 0x38}, 0x1, 0x0, 0x0, 0x20000800}, 0x80) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_SET_BEACON(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="64010000", @ANYBLOB, @ANYRES32, @ANYBLOB="0400bc800400748008000600b1000080000000000000000000"], 0x164}, 0x1, 0x0, 0x0, 0x8015}, 0x4000000) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x0, 0xf2cf, 0x1ff, 0x4}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0x8}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) r5 = openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/mounts\x00', 0x212203, 0x0) read$auto_proc_mounts_operations_mnt_namespace(r5, &(0x7f0000000340)=""/12, 0xc) socket(0xa, 0x3, 0x8) socket(0x2b, 0x1, 0x1) r6 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) socket(0x2b, 0x1, 0x0) recvmmsg$auto(0x5, &(0x7f0000000580)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x80000001}, 0x4}, 0x3, 0x6, 0x0) 4.43692187s ago: executing program 2 (id=4934): mount$auto(0x0, 0x0, &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) socket(0x22, 0x2, 0x1) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(0x0, 0x1494c3, 0x102) r0 = socket(0x22, 0x2, 0x1) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x340, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) fstat$auto(r0, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0x4048aecb, 0x0) syz_genetlink_get_family_id$auto_nfc(0x0, 0xffffffffffffffff) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000080)={0x8, "2ba20800", @inferred=r3}) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) setsockopt$auto(0x3, 0x0, 0x60, 0x0, 0x10001) ioctl$auto(0xffffffffffffffff, 0x90006442, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x6, 0x5, 0x0) 4.365648278s ago: executing program 0 (id=4935): mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x580f, 0x1, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/pcmC1D0c\x00', 0x80080, 0x0) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) newfstatat$auto(0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x8, 0x6, 0x5, 0x0, 0x0, 0xee01, 0x0, 0x2000000006, 0x20000000000003, 0x0, 0x7, 0x8, 0x5, 0x1000000001, 0x4, 0x1, 0x53}, 0x1) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) socket(0x3, 0x80000, 0x6) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2164, 0x8000000000000000, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x28, 0x1, 0x0) r1 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f0000001380)={0x2, 0x0, [{0x277, 0x400, 0xffffffffffffffff}]}) write$auto(0x3, 0x0, 0x7fffffff) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) socket(0x15, 0x5, 0x0) ioctl$auto_OSS_GETVERSION2(r3, 0x80044d76, &(0x7f0000000080)) lseek$auto(0x3, 0x0, 0x1) munmap$auto(0x8000, 0xffffffff) 4.067711063s ago: executing program 1 (id=4936): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) r0 = socket(0xa, 0x1, 0x100) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, &(0x7f00000001c0)='/dev/virtual_nci\x00', 0x0) ioperm$auto(0x7, 0x5ad2, 0xc1) pread64$auto(0xffffffffffffffff, 0x0, 0x7fd, 0x401) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) ioctl$auto_BTRFS_IOC_DEVICES_READY(r2, 0x90009427, &(0x7f0000000340)={@inferred, "6aad5579148e18eeeec9eeb9aaebde603d3aa53a9b35446978fec1ee37d7c1cfeb470a9fa4e2a0ce3ef847832123af8a4d27b733bb1b0974434eabadc09dba07c27ce0f697cb618e2a10242c4e7be688587e3940079eb965cde47cd0ab696b4e7640de8af33b87eb5e09fca7a53489f74d98eff919f895df7c18a840ad61b17a7306423340c9664f2d9d62fef2e79136f12615442093be3680defb6c707bdd6f979ca669a9e7079311ecb76222ace9c768aca5aab43d9d666b0a3579b657c44f6e5b6b130f84fe3543ead2a202fc1d1456e5ea4766bad05e2c24693b1b29acc9bff932bff11d48074c7509f37c49122378a9d28b9a20b90c5b4a40e39d2984c8725616024c54e9f00b480a1cca0c47b0a21263f0a781cebb7a93366a9411d5449e9f6a65013f372b045e67b7c3959c86580cdd3081ccf7d0e3d90be7de4a0f511973cffb83cae1beb143a4ff74a4a09e7d1edf695525013ce11cb09c7a2413705d772b3c7ba1fb99a415937cdb42d2178364acfd10c0dc609cc8cb586e8f19ef71a923a4045d87311a6336f73ea7e7873d553dea891dd5b5676f3b7c1a3ec6b8a4c740c4f19ff407833a7477352aa14061994a826f55d6d91b813084245b3fdbea590123c6b8c773ad00fedcd12fe5d24fed29d28a6036db3c64e7b67de32135f4c3295a938fe0163edbe8eb1b4b44f99a4f735b15925d1a6ca2f23dde39637e7a7ff71a1fd790932dfa7b2e67755400415ca6d51d5f904e1a62fbbddda4e31b006980b23a2dac9e3e67ad3ab1a8659d192bd9ebe6691481925c6fbb34940b49ceb3db22812082fd23884507f1c632898dd717b73ef64e7c0668113060c1850a4bd298f4f76e13f005d0d55b88588551aa02b1c772bf0a73986603ca539d11be5e8e0451e0b08f1a59e34cec7c1d19661628dcdfbf0dd1cb80c611f695f9afa9031e4cd4b6eaac00c58b9b8af701c61e37dd074763aa04c2eb000a1fe1a07917803f233ebdf74035e31729d5b8ae538c74da521a1b5b97448b5640ab3e83a958d992206a9cf1b063799e63da9d0e19125b0a0849ee52c660f439475866f8bbdb9541b91c421c256f07230414e9c700cb2a202aab57bc3dfc9d637332852bc5c25bad70b6591c94d438ec04fdbafab93a00ebb1e66d0a8bd8c3a8a3c9645e7124964bebca092f7160f79c4fec0447b883f2a13f76423b2cde48646be230758fa4dfa3d9630b28e659c41084db3ca772271daec33f76c62a8e833b3a696c5e9c23f01568b307a9ea0fd2ff1ec75ff02369ca3bbe851ed78072f464cb2b378b6f33dae62460aaa1cc830f25c5869a35982dc8e287a1fab8278d1c762816ae0b712395631982e95e44a8d77e7ce662b3b8fc7b2d3d33fe9a57dcfeaf709764d29dc436977e5678a28db2a7c14e7f52250ae7ad167daa8771a617d3b51a7d1863c7bdda9bcff9e8e3594a9a69b07d8308391c74dfc3287119f640f137a7297029a3eb242c43f0641e30ebfc9b4045626afd15b0857ffa178ff8d03820a281e0db30adfe2a4545764e20cab4ab94bf14a8570c740aa6005d674add02e9d92d2567c53303e9bb5e4ed3ce59d8c492d2588575d1018678f6c39b7601bcc0ce618020c373919d61fd6c226468f63176ec12d2fbb54fca004f1c1b2b7d6b41ba535c6b3af21da65d3fa5a1d5a4fb396bbcf26915fc0af19d6256f81dd2eb20552548203fe3ff60d77f0f0ea82c5ef2d1b06e335c1c26472a8c41f4d1dc0fdb48d0837371168a807e1de38db5b0c04a9becb57e39b4ed13773d64496e0e78b9b8e37802cf0d06faeb339533726ca36f3f117edf82ff9be1e332a4eca5454aa588911dfc1fb95b971e811fb24eda581a0c60d8c3b617c577465e4cfb63bb413d467fc80cc2d7a8d1ef1becc7f3716e9bfa4090faee8bb8067334983daf1503fc04fbb7cf83ec4d2e27e91d82d6510007fdc3f52633f0532d95121a8bcf6bbd4cf618fe1e48d17e713cd213586fafedc1be885b395ac35e4384cf08f8fb271199fada4b84f791013a950a7e8d7b2219ba2ebf9a15ef2c935c1ca07ad27f1d08661b9c32810ef5a0e355a88b3d52e2e36ffc92ccba485d92c3a04d45399d2c68995c3e0e0a574d318ffa32352c03a3dc2da3a8c1a7dd3b5149069cf56400a9158c75d37824b1139a117321de30cd7d333d405219112f97f08e9ce6ecbcc18fe3cb85ee1cf0021763b563cc91e8957dc4c78cea45d6f99be698cb1c1c778e4c89c9b270327588ecaf44cdbe01daae0a7d8fbc99a5d2f470ed257b768d92dfc727881912a458b8c82788005c18f1874a7eb4798803f0ebf8cc1156990213c3c888a7316eed9812581c971df9314a76cb07fe915983fc33f857fe6c54620b28a8cf90429f648ce758eda489fb1e28c2afd3a5580e82a2906c9ba83af271c96a7d0cf3e854275f48f2164eba6a73492c58e19b397321a8520f7c18da1944023e0ea2b2d17cb2902ed9faf4c00c6fa9a2935ddf856e1009c0a71732de164d60a96ee597800013fb99fbe1af89ac3eca08fbe28149673d8e20bb053774c91afc03b89e8863887259f42ff8c70dacf494e91f81b47cf322790c295e8e41a5c163c5a5590c970f5eb6ec841b65b6aeaad1284f9625b567ee6c2976ff2681320870e826c43573359c74e0fa6bd85911aa00ff8236679a97f1265853aa0bbaa548be37d1f00746978522aa468fea93764b50ed1ce295070931a3b0d8cf63f56af59406b8094e7d5a6545d3dbc94619581b567d9744cad0d3995217a05f61d92138ce3ec6abd8a010dd068fde9ac3915875481a6a8509b7dd7a5a509b1fac61d5f643b4e9a4d8b33892697ad181b9ebed71b4b12ccf613a2db60d538c1d7fc4c8056ad1b42d58b9d0f3089bc1e1ad3d5da4c883c32914561a1502282d57fe50047ebde81162fe1d7ce94c83c09f5ae0ff076cdee7289a1b3043bbb687f2981552e591c052b8def38bfe7ac73eb959c076d2c407a1d2fdb558b73bf23ece2102ab13aa7a3ddc0cf82e8ba07fc48773486063d6ee1b6404888c46cb0cd18807bf45cd6c8fe24dbc55b787f43ebb090ed74c8ede3cfb987cf28b6d7ebd91df5a07afeeda9c77e595063a7eba905f1c9d22f744a39f8447c5e8232d59b6c10045bda7ebfa1da4205ddd752b521b3f2860bdf113bf19bc7a2460a301c9fe5bf0f05c946c3910a312b678a4768db36c323da592206d0fbce836313635c561d1cfed0d4df9995d81bd12009fb99d654131a67ae3f1c71aa45986663c73847437691ca0ae260e468fb711687e7a5ef43f7c1269c44daa16caac9c723f243b5c00d979732502467b8199fa17cdc07194b17cb3a484fc88251e313e4d0494bf21df7098700dd77b33ec3853fdc9545137d4ee57ce40761ca65dbe257436bcac5b84fcfb3c625c678f8ca4c78dfbe53bfb049895b3b3d9b78b1197cab07831931e9d4a4ab398af53839608308c51425903d9f79509b180162a339c9bfcf5a6a83190869dcf2a682dc964babbfb84970d53219a5a5668a8eb7d540bbaf4cf9b84a6c54ae20506af4a9009c4c0bce6c6ac0f8e468467a7e45a55f3381ac0a947266582cf28a79a272725180a6591977c08a12b18e94628a37631a14c8ee69af1d13dc5a30ac7b2b12f8dc67dfa96444202630efafb7515f74179cb996eefe3d9caf913ebdde85f070294bba25fd504a89f0dddb9c467e4dab3724be2d427cdda14feb230407caaefcd3c5277eb0f400c3081038cadf514d65b3f5c018f6e13cb7c7e8ed23e5b4cfe5e2d095cdca15d82406dfbdfdcfb44cf3b4eb727bff8d0b69cc3ed9cade899459a0a44ef8a55aff2f8d2d7f60ac1865db6f45693bd89448d3498d1fbf9401d5cfb53064095c98895266cb803cefe320156482e6842474150a4dedc29599f24d437cdca1061727bc3d93fafd3222f93e5ec452986b74c2965843eefe94d33568181d13b893f553f64d8868120f120ec3ec7ab6ddef288bef032caa270d6903223c01a51fe290312ed0d10652561fbda71caec08ebde9e980d405e53ff568fe14e08e58c82111265708c372c51907008cc16be7cf2d4960aca0a70dccbc612607e3735305ee373e16b40562f58aa236e710a7296d8dd2782c48067ea202c5c1c231ceaf66e690de871c0bbfaa13b02a9f71428d9a5ce1bc699de4047745302fd8a4abce7b23e8db8424b4d3fa14132e4216ab93b823c8eea6e14d7426f6618990290a32da99186dd95c4088628c939b6390359122bb4cb8635f1ab68b440305a9990e3ecf5f63e2d7d4ba87772dc0d79dc60486595c1d9a30fe2778af987bbdee768824e5913088e83685e3584f2ffb46cabb56dd68634fbe795690c1fef1c8819072b6528d97720cc445464fcc73e381da015260cf3f89e9693d25b482a67ab2502d4b1c9a7c465441dcfa5d767fd743ba4fc1ea642bb5a8cd60f0755f82b9730f12fc9e2836b12136b3688c512efb5d7afd881be447e65b2a805f93a1f5cd59effd0ef916f226985278e62e69542545e9ce884645d4ce6b36bd4a6d88a9a0aac8bd0cb397bd2c465a6bcfa0cdc38dcb1fd969ebbd90b67cd41fd7d801deb22b15ebc3027917c9a1aef1863f0657aeff441eda4bc17a5525a1353dbc484163815660cb5efcd114ec7a2ec8a45b084ff95e8480aaceec7f4c9403945255a755214e6a438efea70cc9be1b96d95ba0d1894dcbf150be35795c31b39592ec50f5cb0c0b1f502a00ec921544e6cdb1d221edf613694a86f1bc7c4ab207dbd9beb1270eb6b25877e6fbc78d642a67e78be4c976a2b5b6915d029e9820db8f30bbd7ff60cdf855dfb81203313572ff876e4695fdb5f0dbb6b425c45dd0da65f56441276f201d7aac1576b72c30e2a5a35facea08b07bbce2f0730aae47b8db87576915d43286b9577c3bd72ea982537489267206a08c29fcf859cced68288c01e3cb714e72df4822fbb77a823715628a48c5d2c24f4950e4e14411b82da38904d819d0cde385b0dca001713150ef516c72e0e4c3d40b2830a93aa2c07e960de48ae0f4a52cffa4839a60a3f1680da86583e97bdcd2226747ed4dfe1732429d4ad5310a9370969a792c0ec5acca26223687c495f09d3dda9cd2644baccbd03ad0c78bcaec24e2c8ae69d98136d23935aca15c772b95000e760227f9eef603b2e3956a5b519b9856e71a4549147b891abf3c0292bab79b60b91f769b69c20771f15fffe718a4187e6338c0ea09a41096d9d8f62b38b180dcaa360edfe451f5755c2e11fd0753cd16292944c4e798a53f4b6eab1355961cfad51d1509382f1ee1e62e0c3594f34eb460be19808045f489aafd31467ed68ec3900946d1fae1cab7684792a5cfc14850431b79a68a9e4c0ced2a2e03af4629cb95ab0b482e7bce77fb1d1da991d08792d56cef951e901f63c16255f0ce0f08bd454a0734b3d9400f8727af0f57afe49b8f119eecef9d7158e4e9d475196dbc6814ce41a00ada767e63aa091af6cbfc2aabb1beee6a65703b3310b0ea5f6ccfa1a51db66d94cb248edd01d29ad17f13fea572cbe60585df5f63c51eb81752fc468c6076870cba1e657bb4f70e9dca07c561a5a19be0408fb944233de60a71ee9f701fa50b9c118ffa559b0ff4d1fb19f8c3a5fd9c440eb9dcf140f798afcd0a5e733bc7ecf5b327d5fb136e0be15dfbecb2f710463ebb1ea6503cc3f9eb85def568867277515abbe9edfc2490668c413ad906b07312ed877e170531ab564b7e2b50b61627fe4379d364563ff23635ff8"}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x40000000000094ab, 0x3, 0x15f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000001340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d5) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x8000000015f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x5b919aae, 0x10000006d3e, 0x9, 0x2, 0x7]}, 0x0) process_mrelease$auto(0xffffffffffffffff, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) inotify_init1$auto(0x403) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2, 0xdf, 0x9b72, 0xffffffffffffffff, 0x5) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mincore$auto(0x1000, 0x8001, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r3) sendmsg$auto_ETHTOOL_MSG_FEC_GET(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)={0x14, r4, 0x311, 0x70bd2c, 0x25dfdc01}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x800) mmap$auto(0x8000000000000001, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x9) socketpair$auto(0x200008, 0x1000007, 0x5, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0x1c3481, 0x0) 3.875142358s ago: executing program 3 (id=4937): r0 = prctl$auto(0x3a, 0x1, 0x0, 0x2, 0x203) bind$auto(r0, 0x0, 0x7fffffff) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) openat$auto_virtual_ncidev_fops_virtual_ncidev(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0xecc6, 0x0, 0x7352, 0x2d, 0x200000000045f, 0x6, 0x7, 0x3, 0x2, 0x9, 0x36e, 0x6, 0x2, 0x3000, 0x9, 0x8, 0x10003, 0x8, 0xffffffffffffffff, 0x0, 0x5, 0x1ffb, 0x203, 0x400, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x9, 0x4, 0x0, 0xffffffffffffff00, 0x0, 0x0, 0x3, 0x3ba0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3, 0x0, 0xfffffffffffffff3, 0x0, 0x0, 0xffffffffffffffff]}, 0x9, 0x11) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, 0x0, 0x7, 0x4008) memfd_create$auto(0x0, 0xb) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'ip6tnl0\x00'}) rt_sigqueueinfo$auto(0x0, 0xc74, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x14, 0x7e73, @_timer={0x0, 0x80000001, @sival_ptr=0x0, 0x5}}}) pipe$auto(&(0x7f0000000500)=0xffffffffffffffff) flock$auto(r4, 0x5) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r5, &(0x7f0000000540)=""/259, 0x103) close_range$auto(0x2, 0x8000, 0x0) r6 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r6, 0x0, 0x5, 0x100) connect$auto(0x3, 0x0, 0x54) ioctl$auto_BLKTRACETEARDOWN(r0, 0x1276, 0x0) clock_nanosleep$auto(0x8, 0x1, 0x0, 0xffffffffffffffff) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x40000, 0x0) ioctl$auto_BLKIOMIN(r2, 0x1278, 0x0) 3.81031553s ago: executing program 2 (id=4938): mmap$auto(0x0, 0x40000a, 0xdf, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) memfd_create$auto(0x0, 0x9) write$auto(0x3, 0x0, 0x1) (async) finit_module$auto(0x3, 0xfffffffffffffffe, 0x0) (async) setsockopt$auto_SO_PEEK_OFF(0xffffffffffffffff, 0xffffffff, 0x2a, &(0x7f0000000000)='/dev/kvm\x00', 0x8db) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0x4020aed2, r0) 2.570766434s ago: executing program 1 (id=4939): sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2000d, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0xc8, 0x800454d7, 0x5c8d) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x5, 0x0) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0x1a, @new_prog_fd=0x4, 0x4, @old_map_fd=0x3ff}, 0xa3) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) unshare$auto(0x40000080) r2 = socket(0x10, 0x2, 0x2) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) write$auto(r3, &(0x7f0000004240)='\x01', 0x10000000004) sendmsg$auto_NL802154_CMD_TRIGGER_SCAN(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000780)={0x14, 0x0, 0x100, 0x70bd26}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4040000) 2.570586179s ago: executing program 2 (id=4940): socket(0x9, 0x80000, 0x3) mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x1) socketpair$auto(0x7f, 0x4, 0xf9e, 0x0) r0 = socket(0x11, 0x3, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000180)="e9fa89a53e03ac7aa2861c8e9d", 0x5ea}, 0x5, 0x0, 0x0, 0x1001}, 0x5}, 0x2, 0x140) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/dummy_hcd.2/usb3/authorized\x00', 0x81, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x9, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x5, 0x40, 0x76c8, 0x8, 0x100000000}}) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) write$auto(r1, &(0x7f0000000080)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0x48da548d) newfstatat$auto(0xffffffffffffff9c, 0x0, &(0x7f00000005c0)={0x10003, 0xfffffffffffbffff, 0x3, 0x4, 0xee01, 0xee00, 0x0, 0x8, 0x7, 0x1000, 0x4, 0x26e2de87, 0xa, 0x9, 0x5, 0x0, 0x5}, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0xd97f760c479e8c8e, 0x0) pread64$auto(r3, 0x0, 0x3, 0x1000007ffe) keyctl$auto(0x4, 0xfffffffffffffffc, 0x0, 0x0, 0x1) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) adjtimex$auto(&(0x7f0000000380)={0x1, 0x0, 0x5, 0x0, 0x8, 0xc66a, 0x8000, 0x0, 0x1, 0xe7e, 0x6, {0x7, 0x8}, 0x7, 0x6, 0x7, 0x4, 0x0, 0xe0a, 0x1dad, 0x5, 0x0, 0x9, 0xffffffff}) r4 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r4, 0x4018bc13, 0x0) unshare$auto(0x20000080) syz_clone3(&(0x7f0000000300)={0x2c022000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyx3\x00', 0x50142, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) 2.53872316s ago: executing program 3 (id=4941): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) ioctl$auto_SG_GET_COMMAND_Q2(0xffffffffffffffff, 0x2270, &(0x7f0000000100)='+\f') r1 = socket(0x2b, 0x1, 0x1) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f00000000c0)={0x6, &(0x7f0000000040)={0x5, 0x4, 0x10, @inferred=r0}}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001480)={'veth0_virt_wifi\x00'}) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x0) io_uring_setup$auto(0x2, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x1b) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r3 = socket(0xa, 0x3, 0xff) connect$auto(r3, &(0x7f00000018c0)=@generic={0xa}, 0x55) munmap$auto(0x8000, 0xffffffff) getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) 2.190024549s ago: executing program 1 (id=4942): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x6, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = syz_open_procfs$namespace(0x0, 0x0) getdents$auto(r1, 0x0, 0xfff) msync$auto(0x7f, 0x6, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r2 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto_IORING_REGISTER_RESIZE_RINGS(r2, 0x21, &(0x7f0000000240), 0x400) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x24008001) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000180), 0x8200, 0x0) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x4, 0x5, 0x1001, 0x100000001, 0xc, 0xf, 0x0, 0x40, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x80080001]}, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 2.082152112s ago: executing program 2 (id=4943): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) socket(0x2, 0x1, 0x106) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) socket(0x1d, 0x2, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000580)='/dev/audio\x00', 0x0, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x8a001, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010026bd7000fcdbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="130001002e52526fb55cd326701381000000000008000200", @ANYRES32=0x9, @ANYBLOB="11b2fc0f57a0191f90e336309b80c34d235003f0dd299d25d305dd81d0c8b7f600509cb21f23d3f1f6221b1d5ea82d4407ad765c29cee086bafa2861cc0f063781ecfbb7a1f14e2c74efe08635c867f27c5edf247ecd152df5bcf0e255eafc39a8154caa4fef7228b0bd148142491ae16e7c4b02b537546ee73cf5550c29490ef82db6eba2dbd0297bf54861e79345c15e9547a56852133a4d675a8d4884cabd7cea12bae623df1fe9bb5b07839850da5f0e7f604dd0d939ed9ebe3e42b6cbef43e7f96618b9f4d7a3f3a74bfdb7f90ca4"], 0x38}, 0x1, 0x0, 0x0, 0x20000800}, 0x80) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_SET_BEACON(r3, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="64010000", @ANYBLOB, @ANYRES32=r1, @ANYBLOB="0400bc800400748008000600b1000080000000000000000000"], 0x164}, 0x1, 0x0, 0x0, 0x8015}, 0x4000000) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x0, 0xf2cf, 0x1ff, 0x4}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0x8}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) r6 = openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/mounts\x00', 0x212203, 0x0) read$auto_proc_mounts_operations_mnt_namespace(r6, &(0x7f0000000340)=""/12, 0xc) socket(0xa, 0x3, 0x8) socket(0x2b, 0x1, 0x1) r7 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) socket(0x2b, 0x1, 0x0) recvmmsg$auto(0x5, &(0x7f0000000580)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x80000001}, 0x4}, 0x3, 0x6, 0x0) 915.316145ms ago: executing program 2 (id=4945): mmap$auto(0x0, 0x20009, 0x804000000000df, 0xeb1, 0xffffffffffffffff, 0x1000000008000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$auto(r0, &(0x7f00000001c0)='\\\x00', 0x8000) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r0) sendmsg$auto_NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)={0x14, r1, 0x0, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x240008d0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000af"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x1, 0x9}, 0xfffffff7}, 0x3, 0x4000000) (fail_nth: 23) 0s ago: executing program 2 (id=4946): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0xc0502, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8, 0x3, 0x0, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x3]}, 0x0) (async) socket(0x10, 0x2, 0xc) (async) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0xa, 0x3, 0x100) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0xa, 0x801, 0x100) (async) socket(0xa, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f00000000c0)=@link_update={r1, @new_prog_fd=0x4, 0x91e, @old_map_fd=r0}, 0xa3) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) close_range$auto(0x2, 0x8, 0x0) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket(0x9, 0x2, 0x3) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010029bd7000fbdbdf2502ff"], 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x800) (async) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2404c000) (async) write$auto(r3, &(0x7f0000000000)='-\x00', 0x2fb) kernel console output (not intermixed with test programs): nd_aloop.0: Parsing timer source '' failed with -22 [ 1139.628627][T24646] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4402'. [ 1139.908938][T24656] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1140.176027][T24667] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4407'. [ 1140.255531][ T5840] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1143.494430][T24734] random: crng reseeded on system resumption [ 1143.658002][T24737] can: request_module (can-proto-0) failed. [ 1143.703957][T24737] openvswitch: .RRo\&p: Dropping previously announced user features [ 1143.810760][T24742] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input50 [ 1144.741187][ T5840] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1145.362555][T24758] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4433'. [ 1145.426980][T24758] netlink: 25 bytes leftover after parsing attributes in process `syz.1.4433'. [ 1146.579411][T24799] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4445'. [ 1147.069201][T24811] FAULT_INJECTION: forcing a failure. [ 1147.069201][T24811] name failslab, interval 1, probability 0, space 0, times 0 [ 1147.119385][T24811] CPU: 1 UID: 0 PID: 24811 Comm: syz.0.4448 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1147.119433][T24811] Tainted: [U]=USER [ 1147.119442][T24811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1147.119458][T24811] Call Trace: [ 1147.119468][T24811] [ 1147.119479][T24811] dump_stack_lvl+0x16c/0x1f0 [ 1147.119525][T24811] should_fail_ex+0x512/0x640 [ 1147.119561][T24811] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 1147.119606][T24811] should_failslab+0xc2/0x120 [ 1147.119632][T24811] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 1147.119674][T24811] ? kvasprintf_const+0x66/0x1a0 [ 1147.119703][T24811] kvasprintf+0xbc/0x160 [ 1147.119726][T24811] ? __pfx_kvasprintf+0x10/0x10 [ 1147.119754][T24811] ? lockdep_init_map_type+0x5c/0x280 [ 1147.119798][T24811] kvasprintf_const+0x66/0x1a0 [ 1147.119825][T24811] kobject_set_name_vargs+0x5a/0x140 [ 1147.119855][T24811] device_create_groups_vargs+0x1b1/0x270 [ 1147.119891][T24811] device_create+0xed/0x130 [ 1147.119920][T24811] ? __pfx_device_create+0x10/0x10 [ 1147.119961][T24811] ? do_init_timer+0xc9/0x110 [ 1147.119994][T24811] ? ieee80211_roc_setup+0x136/0x270 [ 1147.120034][T24811] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1147.120070][T24811] mac80211_hwsim_new_radio+0x369/0x54d0 [ 1147.120125][T24811] ? __asan_memset+0x23/0x50 [ 1147.120160][T24811] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1147.120210][T24811] hwsim_new_radio_nl+0xb51/0x12c0 [ 1147.120252][T24811] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1147.120301][T24811] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1147.120337][T24811] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1147.120379][T24811] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1147.120415][T24811] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1147.120448][T24811] ? trace_cap_capable+0x18d/0x200 [ 1147.120484][T24811] ? bpf_lsm_capable+0x9/0x10 [ 1147.120514][T24811] ? security_capable+0x7e/0x260 [ 1147.120556][T24811] ? ns_capable+0xd7/0x110 [ 1147.120586][T24811] genl_rcv_msg+0x55c/0x800 [ 1147.120623][T24811] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1147.120656][T24811] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1147.120706][T24811] netlink_rcv_skb+0x158/0x420 [ 1147.120734][T24811] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1147.120768][T24811] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1147.120812][T24811] ? netlink_deliver_tap+0x1ae/0xd30 [ 1147.120845][T24811] genl_rcv+0x28/0x40 [ 1147.120873][T24811] netlink_unicast+0x53d/0x7f0 [ 1147.120906][T24811] ? __pfx_netlink_unicast+0x10/0x10 [ 1147.120952][T24811] netlink_sendmsg+0x8d1/0xdd0 [ 1147.120988][T24811] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1147.121033][T24811] ____sys_sendmsg+0xa98/0xc70 [ 1147.121065][T24811] ? copy_msghdr_from_user+0x10a/0x160 [ 1147.121103][T24811] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1147.121142][T24811] ? __pfx_futex_wake_mark+0x10/0x10 [ 1147.121185][T24811] ___sys_sendmsg+0x134/0x1d0 [ 1147.121225][T24811] ? __pfx____sys_sendmsg+0x10/0x10 [ 1147.121262][T24811] ? __lock_acquire+0x622/0x1c90 [ 1147.121342][T24811] __sys_sendmsg+0x16d/0x220 [ 1147.121381][T24811] ? __pfx___sys_sendmsg+0x10/0x10 [ 1147.121419][T24811] ? __x64_sys_futex+0x1e0/0x4c0 [ 1147.121473][T24811] do_syscall_64+0xcd/0x490 [ 1147.121515][T24811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1147.121543][T24811] RIP: 0033:0x7f386718e929 [ 1147.121565][T24811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1147.121591][T24811] RSP: 002b:00007f3867fec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1147.121618][T24811] RAX: ffffffffffffffda RBX: 00007f38673b5fa0 RCX: 00007f386718e929 [ 1147.121637][T24811] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000006 [ 1147.121655][T24811] RBP: 00007f3867210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1147.121672][T24811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1147.121687][T24811] R13: 0000000000000000 R14: 00007f38673b5fa0 R15: 00007fff2d51a378 [ 1147.121722][T24811] [ 1148.528085][T24840] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 2, inode_bitmap = 139 [ 1148.606938][T24834] zswap: compressor not available [ 1149.735080][T24605] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1149.746029][T24605] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1149.757107][T24605] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1149.768440][T24605] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1149.786267][T24605] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1150.575721][T10669] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1150.709178][T24864] chnl_net:caif_netlink_parms(): no params data found [ 1150.950881][T10669] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1151.423674][T10669] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1151.699183][T10669] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1151.837993][T24864] bridge0: port 1(bridge_slave_0) entered blocking state [ 1151.861059][ T5840] Bluetooth: hci3: command tx timeout [ 1151.878205][T24864] bridge0: port 1(bridge_slave_0) entered disabled state [ 1151.932672][T24864] bridge_slave_0: entered allmulticast mode [ 1151.982701][T24864] bridge_slave_0: entered promiscuous mode [ 1152.028877][T24864] bridge0: port 2(bridge_slave_1) entered blocking state [ 1152.069877][T24864] bridge0: port 2(bridge_slave_1) entered disabled state [ 1152.099606][T24864] bridge_slave_1: entered allmulticast mode [ 1152.146319][T24864] bridge_slave_1: entered promiscuous mode [ 1152.802001][T24937] FAULT_INJECTION: forcing a failure. [ 1152.802001][T24937] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1152.829874][T24937] CPU: 1 UID: 0 PID: 24937 Comm: syz.3.4473 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1152.829913][T24937] Tainted: [U]=USER [ 1152.829920][T24937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1152.829934][T24937] Call Trace: [ 1152.829943][T24937] [ 1152.829952][T24937] dump_stack_lvl+0x16c/0x1f0 [ 1152.829991][T24937] should_fail_ex+0x512/0x640 [ 1152.830028][T24937] _copy_from_user+0x2e/0xd0 [ 1152.830065][T24937] copy_msghdr_from_user+0x98/0x160 [ 1152.830098][T24937] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1152.830135][T24937] ? kfree+0x24f/0x4d0 [ 1152.830159][T24937] ? __pfx__kstrtoull+0x10/0x10 [ 1152.830193][T24937] ___sys_sendmsg+0xfe/0x1d0 [ 1152.830228][T24937] ? __pfx____sys_sendmsg+0x10/0x10 [ 1152.830298][T24937] ? __pfx___might_resched+0x10/0x10 [ 1152.830332][T24937] __sys_sendmmsg+0x200/0x420 [ 1152.830372][T24937] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1152.830415][T24937] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1152.830466][T24937] ? fput+0x70/0xf0 [ 1152.830489][T24937] ? ksys_write+0x1ac/0x250 [ 1152.830519][T24937] ? __pfx_ksys_write+0x10/0x10 [ 1152.830555][T24937] __x64_sys_sendmmsg+0x9c/0x100 [ 1152.830589][T24937] ? lockdep_hardirqs_on+0x7c/0x110 [ 1152.830623][T24937] do_syscall_64+0xcd/0x490 [ 1152.830662][T24937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1152.830687][T24937] RIP: 0033:0x7fe87b78e929 [ 1152.830707][T24937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1152.830732][T24937] RSP: 002b:00007fe87c53d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1152.830755][T24937] RAX: ffffffffffffffda RBX: 00007fe87b9b5fa0 RCX: 00007fe87b78e929 [ 1152.830773][T24937] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 1152.830788][T24937] RBP: 00007fe87c53d090 R08: 0000000000000000 R09: 0000000000000000 [ 1152.830804][T24937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1152.830819][T24937] R13: 0000000000000000 R14: 00007fe87b9b5fa0 R15: 00007ffc75d3a478 [ 1152.830853][T24937] [ 1153.194794][T24864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1153.258362][T24864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1153.521932][T24864] team0: Port device team_slave_0 added [ 1153.568781][T24864] team0: Port device team_slave_1 added [ 1153.775113][T10669] bridge_slave_1: left allmulticast mode [ 1153.787676][T10669] bridge_slave_1: left promiscuous mode [ 1153.805915][T10669] bridge0: port 2(bridge_slave_1) entered disabled state [ 1153.830902][T10669] bridge_slave_0: left allmulticast mode [ 1153.837713][T10669] bridge_slave_0: left promiscuous mode [ 1153.845538][T10669] bridge0: port 1(bridge_slave_0) entered disabled state [ 1153.934076][ T30] audit: type=1326 audit(4294967356.611:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24953 comm="syz.1.4476" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3d1f38e929 code=0x0 [ 1153.972180][ T5840] Bluetooth: hci3: command tx timeout [ 1154.439064][T24964] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4478'. [ 1154.497911][T24965] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4478'. [ 1155.009407][T10669] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1155.027983][T10669] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1155.044858][T10669] bond0 (unregistering): Released all slaves [ 1155.063941][T24864] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1155.073572][T24864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1155.102343][T24864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1155.129403][T24864] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1155.144376][T24864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1155.181698][T24864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1155.190870][T24964] ipvlan1: entered allmulticast mode [ 1155.278174][T10669] .SR: left promiscuous mode [ 1155.304108][T24965] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4478'. [ 1155.363751][T10669] .RRo\&p: left promiscuous mode [ 1155.468284][T24864] hsr_slave_0: entered promiscuous mode [ 1155.491848][T24864] hsr_slave_1: entered promiscuous mode [ 1155.521207][T24864] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1155.549799][T24864] Cannot create hsr debugfs directory [ 1156.034210][ T5840] Bluetooth: hci3: command tx timeout [ 1156.713073][T10669] hsr_slave_1: left promiscuous mode [ 1156.721464][T10669] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1156.734253][T10669] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1156.745106][T10669] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1156.752562][T10669] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1156.802974][T10669] veth1_macvtap: left promiscuous mode [ 1156.815192][T10669] veth0_macvtap: left promiscuous mode [ 1157.319736][T10669] team0 (unregistering): Port device team_slave_1 removed [ 1157.388826][T10669] team0 (unregistering): Port device team_slave_0 removed [ 1158.104295][ T5840] Bluetooth: hci3: command tx timeout [ 1158.481518][T25020] Invalid ELF header magic: != ELF [ 1158.683747][T25030] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 1158.709597][T25030] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 1158.969291][T25034] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1159.474438][T24864] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1159.527477][T24864] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1159.557958][T24864] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1159.609022][T24864] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1159.864858][T24864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1159.929357][T24864] 8021q: adding VLAN 0 to HW filter on device team0 [ 1159.960942][T10670] bridge0: port 1(bridge_slave_0) entered blocking state [ 1159.968180][T10670] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1159.991717][T10669] bridge0: port 2(bridge_slave_1) entered blocking state [ 1159.998958][T10669] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1160.521788][T24864] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1160.583788][T24864] veth0_vlan: entered promiscuous mode [ 1160.597617][T24864] veth1_vlan: entered promiscuous mode [ 1160.673743][T24864] veth0_macvtap: entered promiscuous mode [ 1160.727922][T24864] veth1_macvtap: entered promiscuous mode [ 1160.871997][T24864] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1160.952009][T24864] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1161.060666][T25088] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input51 [ 1161.117791][T24864] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1161.183612][T25079] can: request_module (can-proto-0) failed. [ 1161.237909][T24864] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1161.255819][T24864] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1161.264853][T24864] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1161.871401][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1161.912227][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1162.013347][T10670] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1162.040212][T10670] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1163.425303][T25131] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4501'. [ 1164.115581][T25161] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1164.270896][T25166] Setting dangerous option i915.mitigations - tainting kernel [ 1164.866526][T25181] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4511'. [ 1166.105044][T25201] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1166.349304][T25209] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4518'. [ 1167.446207][T25228] FAULT_INJECTION: forcing a failure. [ 1167.446207][T25228] name failslab, interval 1, probability 0, space 0, times 0 [ 1167.516549][T25228] CPU: 0 UID: 0 PID: 25228 Comm: syz.1.4524 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1167.516593][T25228] Tainted: [U]=USER [ 1167.516603][T25228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1167.516623][T25228] Call Trace: [ 1167.516633][T25228] [ 1167.516643][T25228] dump_stack_lvl+0x16c/0x1f0 [ 1167.516690][T25228] should_fail_ex+0x512/0x640 [ 1167.516726][T25228] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1167.516769][T25228] should_failslab+0xc2/0x120 [ 1167.516798][T25228] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1167.516835][T25228] ? do_raw_write_lock+0x11c/0x3a0 [ 1167.516874][T25228] ? sock_alloc_inode+0x25/0x1c0 [ 1167.516906][T25228] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1167.516931][T25228] sock_alloc_inode+0x25/0x1c0 [ 1167.516955][T25228] alloc_inode+0x64/0x240 [ 1167.516980][T25228] sock_alloc+0x40/0x280 [ 1167.517006][T25228] __sock_create+0xc1/0x8d0 [ 1167.517037][T25228] ? proc_create_reg+0xe3/0x180 [ 1167.517064][T25228] inet_ctl_sock_create+0x94/0x230 [ 1167.517099][T25228] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 1167.517132][T25228] ? lockdep_init_map_type+0x5c/0x280 [ 1167.517169][T25228] ? lockdep_init_map_type+0x5c/0x280 [ 1167.517204][T25228] ? __pfx_igmp_net_init+0x10/0x10 [ 1167.517240][T25228] igmp_net_init+0xd0/0x1a0 [ 1167.517277][T25228] ops_init+0x1df/0x5f0 [ 1167.517305][T25228] setup_net+0x1ff/0x510 [ 1167.517328][T25228] ? lockdep_init_map_type+0x5c/0x280 [ 1167.517361][T25228] ? __pfx_setup_net+0x10/0x10 [ 1167.517388][T25228] ? debug_mutex_init+0x37/0x70 [ 1167.517417][T25228] copy_net_ns+0x2a6/0x5f0 [ 1167.517447][T25228] create_new_namespaces+0x3ea/0xa90 [ 1167.517492][T25228] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1167.517524][T25228] ksys_unshare+0x45b/0xa40 [ 1167.517558][T25228] ? __pfx_ksys_unshare+0x10/0x10 [ 1167.517592][T25228] ? xfd_validate_state+0x61/0x180 [ 1167.517635][T25228] __x64_sys_unshare+0x31/0x40 [ 1167.517667][T25228] do_syscall_64+0xcd/0x490 [ 1167.517709][T25228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1167.517736][T25228] RIP: 0033:0x7f3d1f38e929 [ 1167.517758][T25228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1167.517785][T25228] RSP: 002b:00007f3d202ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1167.517810][T25228] RAX: ffffffffffffffda RBX: 00007f3d1f5b5fa0 RCX: 00007f3d1f38e929 [ 1167.517830][T25228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1167.517847][T25228] RBP: 00007f3d1f410b39 R08: 0000000000000000 R09: 0000000000000000 [ 1167.517864][T25228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1167.517881][T25228] R13: 0000000000000000 R14: 00007f3d1f5b5fa0 R15: 00007fff18637d68 [ 1167.517918][T25228] [ 1167.793465][T25228] socket: no more sockets [ 1167.798758][T25228] Failed to initialize the IGMP autojoin socket (err -23) [ 1167.830617][T25223] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4523'. [ 1169.674007][T25256] FAULT_INJECTION: forcing a failure. [ 1169.674007][T25256] name failslab, interval 1, probability 0, space 0, times 0 [ 1169.691698][T25256] CPU: 1 UID: 0 PID: 25256 Comm: syz.0.4530 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1169.691758][T25256] Tainted: [U]=USER [ 1169.691767][T25256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1169.691780][T25256] Call Trace: [ 1169.691789][T25256] [ 1169.691800][T25256] dump_stack_lvl+0x16c/0x1f0 [ 1169.691841][T25256] should_fail_ex+0x512/0x640 [ 1169.691874][T25256] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1169.691914][T25256] should_failslab+0xc2/0x120 [ 1169.691938][T25256] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1169.691975][T25256] ? __d_alloc+0x31/0xaa0 [ 1169.692015][T25256] __d_alloc+0x31/0xaa0 [ 1169.692054][T25256] d_alloc+0x4a/0x1e0 [ 1169.692097][T25256] d_alloc_parallel+0xe3/0x12e0 [ 1169.692132][T25256] ? look_up_lock_class+0x59/0x150 [ 1169.692169][T25256] ? register_lock_class+0x41/0x4c0 [ 1169.692202][T25256] ? __pfx_d_alloc_parallel+0x10/0x10 [ 1169.692234][T25256] ? lockdep_init_map_type+0x5c/0x280 [ 1169.692268][T25256] ? lockdep_init_map_type+0x5c/0x280 [ 1169.692307][T25256] __lookup_slow+0x193/0x460 [ 1169.692335][T25256] ? __pfx___lookup_slow+0x10/0x10 [ 1169.692386][T25256] ? lookup_fast+0x156/0x610 [ 1169.692421][T25256] walk_component+0x353/0x5b0 [ 1169.692454][T25256] link_path_walk+0x627/0xe20 [ 1169.692499][T25256] path_lookupat+0x15a/0x6d0 [ 1169.692535][T25256] filename_lookup+0x224/0x5f0 [ 1169.692570][T25256] ? __pfx_filename_lookup+0x10/0x10 [ 1169.692633][T25256] ? getname_kernel+0x52/0x370 [ 1169.692658][T25256] ? __asan_memcpy+0x3c/0x60 [ 1169.692694][T25256] kern_path+0x35/0x50 [ 1169.692725][T25256] lookup_bdev+0xd8/0x280 [ 1169.692753][T25256] ? __pfx_lookup_bdev+0x10/0x10 [ 1169.692781][T25256] ? __pfx___might_resched+0x10/0x10 [ 1169.692814][T25256] bdev_file_open_by_path+0x82/0x330 [ 1169.692846][T25256] ? __pfx_bdev_file_open_by_path+0x10/0x10 [ 1169.692889][T25256] btrfs_scan_one_device+0xcf/0x680 [ 1169.692925][T25256] ? __might_fault+0x13b/0x190 [ 1169.692963][T25256] ? __pfx_btrfs_scan_one_device+0x10/0x10 [ 1169.693011][T25256] btrfs_control_ioctl+0x1f4/0x3c0 [ 1169.693042][T25256] ? __pfx_btrfs_control_ioctl+0x10/0x10 [ 1169.693085][T25256] ? __pfx_btrfs_control_ioctl+0x10/0x10 [ 1169.693118][T25256] __x64_sys_ioctl+0x18b/0x210 [ 1169.693149][T25256] do_syscall_64+0xcd/0x490 [ 1169.693188][T25256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1169.693214][T25256] RIP: 0033:0x7f386718e929 [ 1169.693234][T25256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1169.693258][T25256] RSP: 002b:00007f3867fec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1169.693282][T25256] RAX: ffffffffffffffda RBX: 00007f38673b5fa0 RCX: 00007f386718e929 [ 1169.693299][T25256] RDX: 0000200000000140 RSI: 0000000090009427 RDI: 0000000000000007 [ 1169.693315][T25256] RBP: 00007f3867fec090 R08: 0000000000000000 R09: 0000000000000000 [ 1169.693330][T25256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1169.693345][T25256] R13: 0000000000000000 R14: 00007f38673b5fa0 R15: 00007fff2d51a378 [ 1169.693380][T25256] [ 1171.426944][T25297] FAULT_INJECTION: forcing a failure. [ 1171.426944][T25297] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1171.459382][T25297] CPU: 0 UID: 0 PID: 25297 Comm: syz.3.4541 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1171.459419][T25297] Tainted: [U]=USER [ 1171.459426][T25297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1171.459439][T25297] Call Trace: [ 1171.459448][T25297] [ 1171.459457][T25297] dump_stack_lvl+0x16c/0x1f0 [ 1171.459495][T25297] should_fail_ex+0x512/0x640 [ 1171.459532][T25297] _copy_to_user+0x32/0xd0 [ 1171.459571][T25297] simple_read_from_buffer+0xcb/0x170 [ 1171.459603][T25297] proc_fail_nth_read+0x197/0x270 [ 1171.459632][T25297] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1171.459663][T25297] ? rw_verify_area+0xcf/0x680 [ 1171.459691][T25297] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1171.459718][T25297] vfs_read+0x1e4/0xc60 [ 1171.459754][T25297] ? __pfx_vfs_read+0x10/0x10 [ 1171.459783][T25297] ? __do_sys_clock_adjtime+0x18f/0x290 [ 1171.459814][T25297] ? __pfx___do_sys_clock_adjtime+0x10/0x10 [ 1171.459841][T25297] ? do_sys_openat2+0x157/0x1d0 [ 1171.459902][T25297] ksys_read+0x12a/0x250 [ 1171.459933][T25297] ? __pfx_ksys_read+0x10/0x10 [ 1171.459973][T25297] do_syscall_64+0xcd/0x490 [ 1171.460008][T25297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1171.460031][T25297] RIP: 0033:0x7fe87b78d33c [ 1171.460051][T25297] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1171.460075][T25297] RSP: 002b:00007fe87c53d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1171.460098][T25297] RAX: ffffffffffffffda RBX: 00007fe87b9b5fa0 RCX: 00007fe87b78d33c [ 1171.460112][T25297] RDX: 000000000000000f RSI: 00007fe87c53d0a0 RDI: 0000000000000001 [ 1171.460126][T25297] RBP: 00007fe87c53d090 R08: 0000000000000000 R09: 0000000000000000 [ 1171.460139][T25297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1171.460153][T25297] R13: 0000000000000000 R14: 00007fe87b9b5fa0 R15: 00007ffc75d3a478 [ 1171.460183][T25297] [ 1172.390849][T25311] FAULT_INJECTION: forcing a failure. [ 1172.390849][T25311] name failslab, interval 1, probability 0, space 0, times 0 [ 1172.411929][T25311] CPU: 1 UID: 0 PID: 25311 Comm: syz.0.4546 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1172.411970][T25311] Tainted: [U]=USER [ 1172.411979][T25311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1172.411992][T25311] Call Trace: [ 1172.412001][T25311] [ 1172.412011][T25311] dump_stack_lvl+0x16c/0x1f0 [ 1172.412053][T25311] should_fail_ex+0x512/0x640 [ 1172.412086][T25311] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1172.412136][T25311] should_failslab+0xc2/0x120 [ 1172.412162][T25311] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1172.412196][T25311] ? __proc_create+0xc3/0x8c0 [ 1172.412231][T25311] ? __proc_create+0x2ce/0x8c0 [ 1172.412272][T25311] __proc_create+0x2ce/0x8c0 [ 1172.412309][T25311] ? __pfx___proc_create+0x10/0x10 [ 1172.412359][T25311] _proc_mkdir+0xb9/0x200 [ 1172.412396][T25311] ? __pfx__proc_mkdir+0x10/0x10 [ 1172.412433][T25311] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 1172.412476][T25311] proc_net_ns_init+0x265/0x410 [ 1172.412501][T25311] ? __pfx_proc_net_ns_init+0x10/0x10 [ 1172.412523][T25311] ops_init+0x1df/0x5f0 [ 1172.412551][T25311] setup_net+0x1ff/0x510 [ 1172.412572][T25311] ? lockdep_init_map_type+0x5c/0x280 [ 1172.412603][T25311] ? __pfx_setup_net+0x10/0x10 [ 1172.412627][T25311] ? debug_mutex_init+0x37/0x70 [ 1172.412653][T25311] copy_net_ns+0x2a6/0x5f0 [ 1172.412681][T25311] create_new_namespaces+0x3ea/0xa90 [ 1172.412716][T25311] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1172.412746][T25311] ksys_unshare+0x45b/0xa40 [ 1172.412779][T25311] ? __pfx_ksys_unshare+0x10/0x10 [ 1172.412810][T25311] ? ksys_write+0x1ac/0x250 [ 1172.412855][T25311] __x64_sys_unshare+0x31/0x40 [ 1172.412884][T25311] do_syscall_64+0xcd/0x490 [ 1172.412923][T25311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.412949][T25311] RIP: 0033:0x7f386718e929 [ 1172.412969][T25311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1172.412993][T25311] RSP: 002b:00007f3867fec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1172.413017][T25311] RAX: ffffffffffffffda RBX: 00007f38673b5fa0 RCX: 00007f386718e929 [ 1172.413034][T25311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1172.413049][T25311] RBP: 00007f3867fec090 R08: 0000000000000000 R09: 0000000000000000 [ 1172.413064][T25311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1172.413079][T25311] R13: 0000000000000000 R14: 00007f38673b5fa0 R15: 00007fff2d51a378 [ 1172.413114][T25311] [ 1173.216358][T25324] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1173.543722][T25336] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1175.235926][T25368] FAULT_INJECTION: forcing a failure. [ 1175.235926][T25368] name failslab, interval 1, probability 0, space 0, times 0 [ 1175.384426][T25368] CPU: 1 UID: 0 PID: 25368 Comm: syz.1.4560 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1175.384476][T25368] Tainted: [U]=USER [ 1175.384486][T25368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1175.384503][T25368] Call Trace: [ 1175.384512][T25368] [ 1175.384523][T25368] dump_stack_lvl+0x16c/0x1f0 [ 1175.384571][T25368] should_fail_ex+0x512/0x640 [ 1175.384606][T25368] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1175.384649][T25368] should_failslab+0xc2/0x120 [ 1175.384685][T25368] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1175.384724][T25368] ? __kernfs_new_node+0xd2/0x8e0 [ 1175.384765][T25368] __kernfs_new_node+0xd2/0x8e0 [ 1175.384804][T25368] ? __pfx___kernfs_new_node+0x10/0x10 [ 1175.384848][T25368] ? find_held_lock+0x2b/0x80 [ 1175.384875][T25368] ? kernfs_root+0xee/0x2a0 [ 1175.384916][T25368] kernfs_new_node+0x13c/0x1e0 [ 1175.384961][T25368] __kernfs_create_file+0x53/0x350 [ 1175.384994][T25368] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1175.385038][T25368] sysfs_merge_group+0x1aa/0x340 [ 1175.385075][T25368] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1175.385115][T25368] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1175.385156][T25368] ? bus_to_subsys+0x131/0x160 [ 1175.385190][T25368] dpm_sysfs_add+0x237/0x280 [ 1175.385217][T25368] device_add+0x9a6/0x1a70 [ 1175.385247][T25368] ? __pfx_device_add+0x10/0x10 [ 1175.385270][T25368] ? kfree+0x24f/0x4d0 [ 1175.385314][T25368] device_create_groups_vargs+0x1f8/0x270 [ 1175.385346][T25368] device_create+0xed/0x130 [ 1175.385374][T25368] ? __pfx_device_create+0x10/0x10 [ 1175.385404][T25368] ? do_init_timer+0xc9/0x110 [ 1175.385435][T25368] ? ieee80211_roc_setup+0x136/0x270 [ 1175.385472][T25368] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1175.385506][T25368] mac80211_hwsim_new_radio+0x369/0x54d0 [ 1175.385561][T25368] ? __asan_memset+0x23/0x50 [ 1175.385595][T25368] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1175.385644][T25368] hwsim_new_radio_nl+0xb51/0x12c0 [ 1175.385693][T25368] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1175.385744][T25368] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1175.385779][T25368] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1175.385821][T25368] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1175.385856][T25368] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1175.385888][T25368] ? trace_cap_capable+0x18d/0x200 [ 1175.385923][T25368] ? bpf_lsm_capable+0x9/0x10 [ 1175.385953][T25368] ? security_capable+0x7e/0x260 [ 1175.385994][T25368] ? ns_capable+0xd7/0x110 [ 1175.386023][T25368] genl_rcv_msg+0x55c/0x800 [ 1175.386059][T25368] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1175.386091][T25368] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1175.386141][T25368] netlink_rcv_skb+0x158/0x420 [ 1175.386168][T25368] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1175.386202][T25368] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1175.386245][T25368] ? netlink_deliver_tap+0x1ae/0xd30 [ 1175.386276][T25368] genl_rcv+0x28/0x40 [ 1175.386303][T25368] netlink_unicast+0x53d/0x7f0 [ 1175.386336][T25368] ? __pfx_netlink_unicast+0x10/0x10 [ 1175.386375][T25368] netlink_sendmsg+0x8d1/0xdd0 [ 1175.386409][T25368] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1175.386452][T25368] ____sys_sendmsg+0xa98/0xc70 [ 1175.386483][T25368] ? copy_msghdr_from_user+0x10a/0x160 [ 1175.386520][T25368] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1175.386546][T25368] ? preempt_schedule_thunk+0x16/0x30 [ 1175.386586][T25368] ? try_to_wake_up+0xa2f/0x1680 [ 1175.386618][T25368] ___sys_sendmsg+0x134/0x1d0 [ 1175.386664][T25368] ? __pfx____sys_sendmsg+0x10/0x10 [ 1175.386701][T25368] ? __lock_acquire+0x622/0x1c90 [ 1175.386783][T25368] __sys_sendmsg+0x16d/0x220 [ 1175.386822][T25368] ? __pfx___sys_sendmsg+0x10/0x10 [ 1175.386859][T25368] ? __x64_sys_futex+0x1e0/0x4c0 [ 1175.386913][T25368] do_syscall_64+0xcd/0x490 [ 1175.386954][T25368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1175.386981][T25368] RIP: 0033:0x7f3d1f38e929 [ 1175.387003][T25368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1175.387046][T25368] RSP: 002b:00007f3d202ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1175.387072][T25368] RAX: ffffffffffffffda RBX: 00007f3d1f5b5fa0 RCX: 00007f3d1f38e929 [ 1175.387086][T25368] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000006 [ 1175.387102][T25368] RBP: 00007f3d1f410b39 R08: 0000000000000000 R09: 0000000000000000 [ 1175.387118][T25368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1175.387134][T25368] R13: 0000000000000000 R14: 00007f3d1f5b5fa0 R15: 00007fff18637d68 [ 1175.387170][T25368] [ 1175.926232][T25372] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1176.379040][T25394] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1176.570266][T25400] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1177.627844][T25406] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4568'. [ 1177.961797][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.968161][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1179.171374][T25429] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1179.294430][T25431] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1179.912416][T25421] ubi0: attaching mtd0 [ 1179.965452][T25421] ubi0: scanning is finished [ 1179.970222][T25421] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1180.299364][T25421] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1181.156889][T25467] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4580'. [ 1181.509608][T25471] debugfs: Directory '!PjE r҄y*"l-y–L̓]' with parent 'ieee80211' already present! [ 1181.699619][T25478] FAULT_INJECTION: forcing a failure. [ 1181.699619][T25478] name failslab, interval 1, probability 0, space 0, times 0 [ 1181.712439][T25478] CPU: 1 UID: 0 PID: 25478 Comm: syz.0.4583 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1181.712483][T25478] Tainted: [U]=USER [ 1181.712492][T25478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1181.712509][T25478] Call Trace: [ 1181.712519][T25478] [ 1181.712531][T25478] dump_stack_lvl+0x16c/0x1f0 [ 1181.712577][T25478] should_fail_ex+0x512/0x640 [ 1181.712615][T25478] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1181.712657][T25478] should_failslab+0xc2/0x120 [ 1181.712682][T25478] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1181.712720][T25478] ? __kernfs_new_node+0xd2/0x8e0 [ 1181.712761][T25478] __kernfs_new_node+0xd2/0x8e0 [ 1181.712800][T25478] ? __pfx___kernfs_new_node+0x10/0x10 [ 1181.712844][T25478] ? find_held_lock+0x2b/0x80 [ 1181.712871][T25478] ? kernfs_root+0xee/0x2a0 [ 1181.712913][T25478] kernfs_new_node+0x13c/0x1e0 [ 1181.712958][T25478] __kernfs_create_file+0x53/0x350 [ 1181.712991][T25478] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1181.713034][T25478] sysfs_merge_group+0x1aa/0x340 [ 1181.713071][T25478] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1181.713112][T25478] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1181.713153][T25478] ? bus_to_subsys+0x131/0x160 [ 1181.713186][T25478] dpm_sysfs_add+0x237/0x280 [ 1181.713213][T25478] device_add+0x9a6/0x1a70 [ 1181.713245][T25478] ? __pfx_device_add+0x10/0x10 [ 1181.713269][T25478] ? kfree+0x24f/0x4d0 [ 1181.713313][T25478] device_create_groups_vargs+0x1f8/0x270 [ 1181.713346][T25478] device_create+0xed/0x130 [ 1181.713376][T25478] ? __pfx_device_create+0x10/0x10 [ 1181.713406][T25478] ? do_init_timer+0xc9/0x110 [ 1181.713445][T25478] ? ieee80211_roc_setup+0x136/0x270 [ 1181.713485][T25478] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1181.713520][T25478] mac80211_hwsim_new_radio+0x369/0x54d0 [ 1181.713575][T25478] ? __asan_memset+0x23/0x50 [ 1181.713610][T25478] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1181.713660][T25478] hwsim_new_radio_nl+0xb51/0x12c0 [ 1181.713700][T25478] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1181.713749][T25478] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1181.713784][T25478] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1181.713826][T25478] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1181.713861][T25478] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1181.713893][T25478] ? trace_cap_capable+0x18d/0x200 [ 1181.713928][T25478] ? bpf_lsm_capable+0x9/0x10 [ 1181.713959][T25478] ? security_capable+0x7e/0x260 [ 1181.714000][T25478] ? ns_capable+0xd7/0x110 [ 1181.714030][T25478] genl_rcv_msg+0x55c/0x800 [ 1181.714068][T25478] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1181.714102][T25478] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1181.714153][T25478] netlink_rcv_skb+0x158/0x420 [ 1181.714180][T25478] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1181.714214][T25478] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1181.714258][T25478] ? netlink_deliver_tap+0x1ae/0xd30 [ 1181.714290][T25478] genl_rcv+0x28/0x40 [ 1181.714317][T25478] netlink_unicast+0x53d/0x7f0 [ 1181.714350][T25478] ? __pfx_netlink_unicast+0x10/0x10 [ 1181.714389][T25478] netlink_sendmsg+0x8d1/0xdd0 [ 1181.714424][T25478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1181.714475][T25478] ____sys_sendmsg+0xa98/0xc70 [ 1181.714507][T25478] ? copy_msghdr_from_user+0x10a/0x160 [ 1181.714544][T25478] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1181.714583][T25478] ? __pfx_futex_wake_mark+0x10/0x10 [ 1181.714625][T25478] ___sys_sendmsg+0x134/0x1d0 [ 1181.714665][T25478] ? __pfx____sys_sendmsg+0x10/0x10 [ 1181.714699][T25478] ? __lock_acquire+0x622/0x1c90 [ 1181.714780][T25478] __sys_sendmsg+0x16d/0x220 [ 1181.714820][T25478] ? __pfx___sys_sendmsg+0x10/0x10 [ 1181.714858][T25478] ? __x64_sys_futex+0x1e0/0x4c0 [ 1181.714911][T25478] do_syscall_64+0xcd/0x490 [ 1181.714954][T25478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1181.714981][T25478] RIP: 0033:0x7f386718e929 [ 1181.715003][T25478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1181.715028][T25478] RSP: 002b:00007f3867fec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1181.715055][T25478] RAX: ffffffffffffffda RBX: 00007f38673b5fa0 RCX: 00007f386718e929 [ 1181.715074][T25478] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000006 [ 1181.715092][T25478] RBP: 00007f3867210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1181.715109][T25478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1181.715126][T25478] R13: 0000000000000000 R14: 00007f38673b5fa0 R15: 00007fff2d51a378 [ 1181.715163][T25478] [ 1182.717958][T25498] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1183.575934][T25507] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4590'. [ 1183.611417][T25508] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4589'. [ 1183.932593][T25507] team0: Port device team_slave_1 removed [ 1184.145935][T25522] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1184.149596][T25523] FAULT_INJECTION: forcing a failure. [ 1184.149596][T25523] name failslab, interval 1, probability 0, space 0, times 0 [ 1184.166765][T25523] CPU: 1 UID: 0 PID: 25523 Comm: syz.0.4594 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1184.166806][T25523] Tainted: [U]=USER [ 1184.166815][T25523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1184.166831][T25523] Call Trace: [ 1184.166841][T25523] [ 1184.166851][T25523] dump_stack_lvl+0x16c/0x1f0 [ 1184.166896][T25523] should_fail_ex+0x512/0x640 [ 1184.166931][T25523] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1184.166973][T25523] should_failslab+0xc2/0x120 [ 1184.166998][T25523] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1184.167034][T25523] ? __kernfs_new_node+0xd2/0x8e0 [ 1184.167077][T25523] __kernfs_new_node+0xd2/0x8e0 [ 1184.167116][T25523] ? __pfx___kernfs_new_node+0x10/0x10 [ 1184.167158][T25523] ? find_held_lock+0x2b/0x80 [ 1184.167183][T25523] ? kernfs_root+0xee/0x2a0 [ 1184.167225][T25523] kernfs_new_node+0x13c/0x1e0 [ 1184.167279][T25523] __kernfs_create_file+0x53/0x350 [ 1184.167313][T25523] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1184.167357][T25523] sysfs_merge_group+0x1aa/0x340 [ 1184.167394][T25523] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1184.167435][T25523] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1184.167476][T25523] ? bus_to_subsys+0x131/0x160 [ 1184.167511][T25523] dpm_sysfs_add+0x237/0x280 [ 1184.167538][T25523] device_add+0x9a6/0x1a70 [ 1184.167568][T25523] ? __pfx_device_add+0x10/0x10 [ 1184.167592][T25523] ? kfree+0x24f/0x4d0 [ 1184.167637][T25523] device_create_groups_vargs+0x1f8/0x270 [ 1184.167670][T25523] device_create+0xed/0x130 [ 1184.167699][T25523] ? __pfx_device_create+0x10/0x10 [ 1184.167730][T25523] ? do_init_timer+0xc9/0x110 [ 1184.167761][T25523] ? ieee80211_roc_setup+0x136/0x270 [ 1184.167798][T25523] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1184.167833][T25523] mac80211_hwsim_new_radio+0x369/0x54d0 [ 1184.167889][T25523] ? __asan_memset+0x23/0x50 [ 1184.167923][T25523] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1184.167972][T25523] hwsim_new_radio_nl+0xb51/0x12c0 [ 1184.168012][T25523] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1184.168062][T25523] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1184.168096][T25523] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1184.168138][T25523] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1184.168173][T25523] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1184.168207][T25523] ? trace_cap_capable+0x18d/0x200 [ 1184.168243][T25523] ? bpf_lsm_capable+0x9/0x10 [ 1184.168281][T25523] ? security_capable+0x7e/0x260 [ 1184.168325][T25523] ? ns_capable+0xd7/0x110 [ 1184.168356][T25523] genl_rcv_msg+0x55c/0x800 [ 1184.168394][T25523] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1184.168427][T25523] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1184.168478][T25523] netlink_rcv_skb+0x158/0x420 [ 1184.168506][T25523] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1184.168540][T25523] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1184.168584][T25523] ? netlink_deliver_tap+0x1ae/0xd30 [ 1184.168617][T25523] genl_rcv+0x28/0x40 [ 1184.168644][T25523] netlink_unicast+0x53d/0x7f0 [ 1184.168677][T25523] ? __pfx_netlink_unicast+0x10/0x10 [ 1184.168716][T25523] netlink_sendmsg+0x8d1/0xdd0 [ 1184.168752][T25523] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1184.168794][T25523] ____sys_sendmsg+0xa98/0xc70 [ 1184.168827][T25523] ? copy_msghdr_from_user+0x10a/0x160 [ 1184.168865][T25523] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1184.168892][T25523] ? preempt_schedule_thunk+0x16/0x30 [ 1184.168952][T25523] ? try_to_wake_up+0xa2f/0x1680 [ 1184.168987][T25523] ___sys_sendmsg+0x134/0x1d0 [ 1184.169027][T25523] ? __pfx____sys_sendmsg+0x10/0x10 [ 1184.169062][T25523] ? __lock_acquire+0x622/0x1c90 [ 1184.169144][T25523] __sys_sendmsg+0x16d/0x220 [ 1184.169182][T25523] ? __pfx___sys_sendmsg+0x10/0x10 [ 1184.169218][T25523] ? __x64_sys_futex+0x1e0/0x4c0 [ 1184.169279][T25523] do_syscall_64+0xcd/0x490 [ 1184.169321][T25523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1184.169348][T25523] RIP: 0033:0x7f386718e929 [ 1184.169370][T25523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1184.169397][T25523] RSP: 002b:00007f3867fec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1184.169425][T25523] RAX: ffffffffffffffda RBX: 00007f38673b5fa0 RCX: 00007f386718e929 [ 1184.169444][T25523] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000006 [ 1184.169462][T25523] RBP: 00007f3867210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1184.169479][T25523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1184.169495][T25523] R13: 0000000000000000 R14: 00007f38673b5fa0 R15: 00007fff2d51a378 [ 1184.169526][T25523] [ 1185.109377][T25529] sysfs_service_op_show: Client not running :-5: [ 1187.041604][T25574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4608'. [ 1187.107451][T25578] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1187.260095][T25384] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 925 with max blocks 10 with error 117 [ 1187.351034][T25384] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1187.351034][T25384] [ 1188.920263][T25606] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4617'. [ 1189.091919][T25609] can: request_module (can-proto-0) failed. [ 1189.216908][T25615] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4619'. [ 1189.238137][T25609] .RRo\&p: entered promiscuous mode [ 1189.331027][T25621] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1189.343293][T25609] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input52 [ 1191.369687][T25657] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4627'. [ 1192.095567][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1192.103649][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1192.114973][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1192.121453][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1192.139020][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1192.146117][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1192.169239][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1192.175763][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1192.296713][T25677] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4632'. [ 1192.745165][T25684] netlink: zone id is out of range [ 1192.750661][T25684] netlink: zone id is out of range [ 1192.757369][T25684] netlink: zone id is out of range [ 1192.762748][T25684] netlink: zone id is out of range [ 1192.768021][T25684] netlink: zone id is out of range [ 1192.773251][T25684] netlink: zone id is out of range [ 1192.778451][T25684] netlink: zone id is out of range [ 1192.783737][T25684] netlink: zone id is out of range [ 1192.788976][T25684] netlink: zone id is out of range [ 1192.794342][T25684] netlink: set zone limit has 4 unknown bytes [ 1193.434276][T25691] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1193.474479][T25693] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4636'. [ 1193.834554][T25707] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1193.929609][T25705] FAULT_INJECTION: forcing a failure. [ 1193.929609][T25705] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1193.952621][T25705] CPU: 0 UID: 0 PID: 25705 Comm: syz.0.4637 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1193.952665][T25705] Tainted: [U]=USER [ 1193.952675][T25705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1193.952690][T25705] Call Trace: [ 1193.952700][T25705] [ 1193.952711][T25705] dump_stack_lvl+0x16c/0x1f0 [ 1193.952755][T25705] should_fail_ex+0x512/0x640 [ 1193.952798][T25705] get_futex_key+0x1d0/0x1540 [ 1193.952834][T25705] ? __pfx_get_futex_key+0x10/0x10 [ 1193.952876][T25705] futex_wait_setup+0x9d/0x550 [ 1193.952923][T25705] __futex_wait+0x194/0x2f0 [ 1193.952961][T25705] ? __pfx___futex_wait+0x10/0x10 [ 1193.952994][T25705] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1193.953036][T25705] ? __pfx_futex_wake_mark+0x10/0x10 [ 1193.953092][T25705] futex_wait+0xe8/0x380 [ 1193.953127][T25705] ? __pfx_futex_wait+0x10/0x10 [ 1193.953170][T25705] ? __do_sys_mremap+0x5d4/0x1590 [ 1193.953207][T25705] ? kmem_cache_free+0x2d1/0x4d0 [ 1193.953244][T25705] do_futex+0x229/0x350 [ 1193.953276][T25705] ? __pfx_do_futex+0x10/0x10 [ 1193.953298][T25705] ? do_linkat+0x340/0x5a0 [ 1193.953322][T25705] __x64_sys_futex+0x1e0/0x4c0 [ 1193.953342][T25705] ? __pfx___x64_sys_futex+0x10/0x10 [ 1193.953366][T25705] do_syscall_64+0xcd/0x490 [ 1193.953388][T25705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1193.953402][T25705] RIP: 0033:0x7f386718e929 [ 1193.953415][T25705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1193.953429][T25705] RSP: 002b:00007f3867fec0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1193.953451][T25705] RAX: ffffffffffffffda RBX: 00007f38673b5fa8 RCX: 00007f386718e929 [ 1193.953461][T25705] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f38673b5fa8 [ 1193.953470][T25705] RBP: 00007f38673b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1193.953479][T25705] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f38673b5fac [ 1193.953491][T25705] R13: 0000000000000000 R14: 00007fff2d51a290 R15: 00007fff2d51a378 [ 1193.953522][T25705] [ 1194.166990][ C0] vkms_vblank_simulate: vblank timer overrun [ 1194.589432][T25709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4640'. [ 1194.948016][T25733] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4643'. [ 1195.460974][T25745] netlink: 326 bytes leftover after parsing attributes in process `syz.1.4646'. [ 1195.599352][T25749] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1195.879587][T25756] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1196.131477][T25760] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1196.438954][T25761] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 896 with max blocks 39 with error 117 [ 1196.451991][T25761] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1196.451991][T25761] [ 1196.774827][T25768] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.4651'. [ 1196.919389][T25770] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1197.032366][T25772] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1197.139099][T25775] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1198.536450][T25806] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1199.833711][T25817] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4661'. [ 1199.900747][T25818] hub 8-0:1.0: USB hub found [ 1199.927449][T25818] hub 8-0:1.0: 1 port detected [ 1199.937542][T25820] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1199.961363][T25821] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4661'. [ 1204.752199][T25873] Process accounting resumed [ 1204.896667][T25884] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1206.370832][T25910] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1207.177204][T25931] FAULT_INJECTION: forcing a failure. [ 1207.177204][T25931] name failslab, interval 1, probability 0, space 0, times 0 [ 1207.221708][T25932] FAULT_INJECTION: forcing a failure. [ 1207.221708][T25932] name failslab, interval 1, probability 0, space 0, times 0 [ 1207.234582][T25931] CPU: 1 UID: 0 PID: 25931 Comm: syz.1.4688 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1207.234608][T25931] Tainted: [U]=USER [ 1207.234613][T25931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1207.234623][T25931] Call Trace: [ 1207.234630][T25931] [ 1207.234636][T25931] dump_stack_lvl+0x16c/0x1f0 [ 1207.234664][T25931] should_fail_ex+0x512/0x640 [ 1207.234685][T25931] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1207.234709][T25931] should_failslab+0xc2/0x120 [ 1207.234723][T25931] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1207.234743][T25931] ? __asan_memcpy+0x3c/0x60 [ 1207.234761][T25931] ? __kernfs_new_node+0xd2/0x8e0 [ 1207.234783][T25931] __kernfs_new_node+0xd2/0x8e0 [ 1207.234804][T25931] ? __pfx___kernfs_new_node+0x10/0x10 [ 1207.234828][T25931] ? find_held_lock+0x2b/0x80 [ 1207.234843][T25931] ? kernfs_root+0xee/0x2a0 [ 1207.234865][T25931] kernfs_new_node+0x13c/0x1e0 [ 1207.234890][T25931] kernfs_create_link+0xcc/0x240 [ 1207.234907][T25931] sysfs_do_create_link_sd+0x90/0x140 [ 1207.234927][T25931] sysfs_create_link+0x61/0xc0 [ 1207.234946][T25931] device_add+0x62c/0x1a70 [ 1207.234964][T25931] ? __pfx_device_add+0x10/0x10 [ 1207.234976][T25931] ? kfree+0x24f/0x4d0 [ 1207.235000][T25931] device_create_groups_vargs+0x1f8/0x270 [ 1207.235018][T25931] device_create+0xed/0x130 [ 1207.235033][T25931] ? __pfx_device_create+0x10/0x10 [ 1207.235050][T25931] ? do_init_timer+0xc9/0x110 [ 1207.235067][T25931] ? ieee80211_roc_setup+0x136/0x270 [ 1207.235088][T25931] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1207.235106][T25931] mac80211_hwsim_new_radio+0x369/0x54d0 [ 1207.235136][T25931] ? __asan_memset+0x23/0x50 [ 1207.235155][T25931] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1207.235181][T25931] hwsim_new_radio_nl+0xb51/0x12c0 [ 1207.235203][T25931] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1207.235228][T25931] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1207.235248][T25931] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1207.235270][T25931] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1207.235289][T25931] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1207.235316][T25931] ? trace_cap_capable+0x18d/0x200 [ 1207.235336][T25931] ? bpf_lsm_capable+0x9/0x10 [ 1207.235353][T25931] ? security_capable+0x7e/0x260 [ 1207.235376][T25931] ? ns_capable+0xd7/0x110 [ 1207.235392][T25931] genl_rcv_msg+0x55c/0x800 [ 1207.235413][T25931] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1207.235431][T25931] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1207.235457][T25931] netlink_rcv_skb+0x158/0x420 [ 1207.235472][T25931] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1207.235490][T25931] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1207.235513][T25931] ? netlink_deliver_tap+0x1ae/0xd30 [ 1207.235530][T25931] genl_rcv+0x28/0x40 [ 1207.235545][T25931] netlink_unicast+0x53d/0x7f0 [ 1207.235563][T25931] ? __pfx_netlink_unicast+0x10/0x10 [ 1207.235583][T25931] netlink_sendmsg+0x8d1/0xdd0 [ 1207.235602][T25931] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1207.235625][T25931] ____sys_sendmsg+0xa98/0xc70 [ 1207.235642][T25931] ? copy_msghdr_from_user+0x10a/0x160 [ 1207.235662][T25931] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1207.235683][T25931] ? __pfx_futex_wake_mark+0x10/0x10 [ 1207.235706][T25931] ___sys_sendmsg+0x134/0x1d0 [ 1207.235728][T25931] ? __pfx____sys_sendmsg+0x10/0x10 [ 1207.235747][T25931] ? __lock_acquire+0x622/0x1c90 [ 1207.235789][T25931] __sys_sendmsg+0x16d/0x220 [ 1207.235810][T25931] ? __pfx___sys_sendmsg+0x10/0x10 [ 1207.235830][T25931] ? __x64_sys_futex+0x1e0/0x4c0 [ 1207.235859][T25931] do_syscall_64+0xcd/0x490 [ 1207.235882][T25931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1207.235897][T25931] RIP: 0033:0x7f3d1f38e929 [ 1207.235910][T25931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1207.235925][T25931] RSP: 002b:00007f3d202ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1207.235939][T25931] RAX: ffffffffffffffda RBX: 00007f3d1f5b5fa0 RCX: 00007f3d1f38e929 [ 1207.235949][T25931] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000006 [ 1207.235958][T25931] RBP: 00007f3d1f410b39 R08: 0000000000000000 R09: 0000000000000000 [ 1207.235966][T25931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1207.235975][T25931] R13: 0000000000000000 R14: 00007f3d1f5b5fa0 R15: 00007fff18637d68 [ 1207.235994][T25931] [ 1207.793684][T25932] CPU: 1 UID: 0 PID: 25932 Comm: syz.2.4689 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1207.793728][T25932] Tainted: [U]=USER [ 1207.793738][T25932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1207.793756][T25932] Call Trace: [ 1207.793766][T25932] [ 1207.793777][T25932] dump_stack_lvl+0x16c/0x1f0 [ 1207.793823][T25932] should_fail_ex+0x512/0x640 [ 1207.793858][T25932] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1207.793901][T25932] should_failslab+0xc2/0x120 [ 1207.793926][T25932] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1207.793965][T25932] ? __kernfs_new_node+0xd2/0x8e0 [ 1207.794005][T25932] __kernfs_new_node+0xd2/0x8e0 [ 1207.794044][T25932] ? __pfx___kernfs_new_node+0x10/0x10 [ 1207.794087][T25932] ? find_held_lock+0x2b/0x80 [ 1207.794115][T25932] ? kernfs_root+0xee/0x2a0 [ 1207.794156][T25932] kernfs_new_node+0x13c/0x1e0 [ 1207.794201][T25932] __kernfs_create_file+0x53/0x350 [ 1207.794234][T25932] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1207.794275][T25932] internal_create_group+0x578/0xf30 [ 1207.794320][T25932] ? __pfx_internal_create_group+0x10/0x10 [ 1207.794362][T25932] ? kernfs_create_link+0x1bd/0x240 [ 1207.794396][T25932] internal_create_groups+0x9d/0x150 [ 1207.794436][T25932] device_add+0x6d1/0x1a70 [ 1207.794468][T25932] ? __pfx_device_add+0x10/0x10 [ 1207.794494][T25932] ? lockdep_init_map_type+0x5c/0x280 [ 1207.794546][T25932] ? __init_waitqueue_head+0xca/0x150 [ 1207.794595][T25932] rfkill_register+0x1ad/0xb40 [ 1207.794631][T25932] nfc_register_device+0x11f/0x3c0 [ 1207.794674][T25932] nci_register_device+0x7f1/0xb80 [ 1207.794710][T25932] ? __pfx_nci_register_device+0x10/0x10 [ 1207.794749][T25932] ? lockdep_init_map_type+0x5c/0x280 [ 1207.794790][T25932] virtual_ncidev_open+0x141/0x220 [ 1207.794821][T25932] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1207.794851][T25932] misc_open+0x35a/0x420 [ 1207.794883][T25932] ? __pfx_misc_open+0x10/0x10 [ 1207.794914][T25932] chrdev_open+0x231/0x6a0 [ 1207.794950][T25932] ? __pfx_apparmor_file_open+0x10/0x10 [ 1207.794982][T25932] ? __pfx_chrdev_open+0x10/0x10 [ 1207.795024][T25932] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1207.795064][T25932] do_dentry_open+0x744/0x1c10 [ 1207.795102][T25932] ? __pfx_chrdev_open+0x10/0x10 [ 1207.795147][T25932] vfs_open+0x82/0x3f0 [ 1207.795180][T25932] path_openat+0x1de4/0x2cb0 [ 1207.795229][T25932] ? __pfx_path_openat+0x10/0x10 [ 1207.795265][T25932] ? __lock_acquire+0xb8a/0x1c90 [ 1207.795302][T25932] do_filp_open+0x20b/0x470 [ 1207.795338][T25932] ? __pfx_do_filp_open+0x10/0x10 [ 1207.795402][T25932] ? alloc_fd+0x471/0x7d0 [ 1207.795448][T25932] do_sys_openat2+0x11b/0x1d0 [ 1207.795476][T25932] ? __pfx_do_sys_openat2+0x10/0x10 [ 1207.795527][T25932] __x64_sys_openat+0x174/0x210 [ 1207.795558][T25932] ? __pfx___x64_sys_openat+0x10/0x10 [ 1207.795605][T25932] do_syscall_64+0xcd/0x490 [ 1207.795648][T25932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1207.795675][T25932] RIP: 0033:0x7f6ed4d8e929 [ 1207.795698][T25932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1207.795724][T25932] RSP: 002b:00007f6ed5b8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1207.795751][T25932] RAX: ffffffffffffffda RBX: 00007f6ed4fb6080 RCX: 00007f6ed4d8e929 [ 1207.795770][T25932] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 1207.795788][T25932] RBP: 00007f6ed4e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1207.795806][T25932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1207.795822][T25932] R13: 0000000000000000 R14: 00007f6ed4fb6080 R15: 00007ffe019c2598 [ 1207.795860][T25932] [ 1209.868867][ T30] audit: type=1326 audit(4294967321.269:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25973 comm="syz.3.4700" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe87b78e929 code=0x0 [ 1209.904159][T25978] FAULT_INJECTION: forcing a failure. [ 1209.904159][T25978] name failslab, interval 1, probability 0, space 0, times 0 [ 1209.917475][T25978] CPU: 1 UID: 0 PID: 25978 Comm: syz.2.4699 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1209.917517][T25978] Tainted: [U]=USER [ 1209.917527][T25978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1209.917544][T25978] Call Trace: [ 1209.917553][T25978] [ 1209.917564][T25978] dump_stack_lvl+0x16c/0x1f0 [ 1209.917606][T25978] should_fail_ex+0x512/0x640 [ 1209.917642][T25978] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1209.917684][T25978] should_failslab+0xc2/0x120 [ 1209.917703][T25978] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1209.917724][T25978] ? __kernfs_new_node+0xd2/0x8e0 [ 1209.917746][T25978] __kernfs_new_node+0xd2/0x8e0 [ 1209.917767][T25978] ? __pfx___kernfs_new_node+0x10/0x10 [ 1209.917791][T25978] ? find_held_lock+0x2b/0x80 [ 1209.917806][T25978] ? kernfs_root+0xee/0x2a0 [ 1209.917828][T25978] kernfs_new_node+0x13c/0x1e0 [ 1209.917852][T25978] kernfs_create_dir_ns+0x4c/0x1a0 [ 1209.917876][T25978] internal_create_group+0x34d/0xf30 [ 1209.917899][T25978] ? kernfs_add_one+0x14e/0x840 [ 1209.917920][T25978] ? __pfx_internal_create_group+0x10/0x10 [ 1209.917942][T25978] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1209.917964][T25978] ? bus_to_subsys+0x131/0x160 [ 1209.917988][T25978] dpm_sysfs_add+0x80/0x280 [ 1209.918004][T25978] device_add+0x9a6/0x1a70 [ 1209.918020][T25978] ? __pfx_device_add+0x10/0x10 [ 1209.918041][T25978] ? kfree+0x24f/0x4d0 [ 1209.918073][T25978] device_create_groups_vargs+0x1f8/0x270 [ 1209.918092][T25978] device_create+0xed/0x130 [ 1209.918108][T25978] ? __pfx_device_create+0x10/0x10 [ 1209.918125][T25978] ? do_init_timer+0xc9/0x110 [ 1209.918143][T25978] ? ieee80211_roc_setup+0x136/0x270 [ 1209.918165][T25978] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1209.918183][T25978] mac80211_hwsim_new_radio+0x369/0x54d0 [ 1209.918214][T25978] ? __asan_memset+0x23/0x50 [ 1209.918233][T25978] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1209.918259][T25978] hwsim_new_radio_nl+0xb51/0x12c0 [ 1209.918281][T25978] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1209.918310][T25978] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1209.918330][T25978] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1209.918352][T25978] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1209.918371][T25978] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1209.918389][T25978] ? trace_cap_capable+0x18d/0x200 [ 1209.918407][T25978] ? bpf_lsm_capable+0x9/0x10 [ 1209.918425][T25978] ? security_capable+0x7e/0x260 [ 1209.918447][T25978] ? ns_capable+0xd7/0x110 [ 1209.918463][T25978] genl_rcv_msg+0x55c/0x800 [ 1209.918483][T25978] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1209.918501][T25978] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1209.918527][T25978] netlink_rcv_skb+0x158/0x420 [ 1209.918542][T25978] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1209.918564][T25978] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1209.918587][T25978] ? netlink_deliver_tap+0x1ae/0xd30 [ 1209.918604][T25978] genl_rcv+0x28/0x40 [ 1209.918619][T25978] netlink_unicast+0x53d/0x7f0 [ 1209.918636][T25978] ? __pfx_netlink_unicast+0x10/0x10 [ 1209.918657][T25978] netlink_sendmsg+0x8d1/0xdd0 [ 1209.918675][T25978] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1209.918701][T25978] ____sys_sendmsg+0xa98/0xc70 [ 1209.918731][T25978] ? copy_msghdr_from_user+0x10a/0x160 [ 1209.918768][T25978] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1209.918793][T25978] ? preempt_schedule_thunk+0x16/0x30 [ 1209.918829][T25978] ? try_to_wake_up+0xa2f/0x1680 [ 1209.918862][T25978] ___sys_sendmsg+0x134/0x1d0 [ 1209.918901][T25978] ? __pfx____sys_sendmsg+0x10/0x10 [ 1209.918939][T25978] ? __lock_acquire+0x622/0x1c90 [ 1209.918987][T25978] __sys_sendmsg+0x16d/0x220 [ 1209.919014][T25978] ? __pfx___sys_sendmsg+0x10/0x10 [ 1209.919042][T25978] ? __x64_sys_futex+0x1e0/0x4c0 [ 1209.919090][T25978] do_syscall_64+0xcd/0x490 [ 1209.919115][T25978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1209.919130][T25978] RIP: 0033:0x7f6ed4d8e929 [ 1209.919144][T25978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1209.919158][T25978] RSP: 002b:00007f6ed5bb0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1209.919173][T25978] RAX: ffffffffffffffda RBX: 00007f6ed4fb5fa0 RCX: 00007f6ed4d8e929 [ 1209.919183][T25978] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000006 [ 1209.919193][T25978] RBP: 00007f6ed4e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1209.919203][T25978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1209.919212][T25978] R13: 0000000000000000 R14: 00007f6ed4fb5fa0 R15: 00007ffe019c2598 [ 1209.919231][T25978] [ 1211.398461][T26006] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4707'. [ 1212.065748][ T30] audit: type=1800 audit(4294967323.478:94): pid=26019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4709" name="dbroot" dev="configfs" ino=100605 res=0 errno=0 [ 1212.549172][T26031] FAULT_INJECTION: forcing a failure. [ 1212.549172][T26031] name failslab, interval 1, probability 0, space 0, times 0 [ 1212.564417][T26031] CPU: 0 UID: 0 PID: 26031 Comm: syz.3.4713 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1212.564458][T26031] Tainted: [U]=USER [ 1212.564466][T26031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1212.564481][T26031] Call Trace: [ 1212.564490][T26031] [ 1212.564500][T26031] dump_stack_lvl+0x16c/0x1f0 [ 1212.564541][T26031] should_fail_ex+0x512/0x640 [ 1212.564574][T26031] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1212.564614][T26031] should_failslab+0xc2/0x120 [ 1212.564638][T26031] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1212.564677][T26031] ? __proc_create+0xc3/0x8c0 [ 1212.564714][T26031] ? __proc_create+0x2ce/0x8c0 [ 1212.564755][T26031] __proc_create+0x2ce/0x8c0 [ 1212.564791][T26031] ? __pfx___proc_create+0x10/0x10 [ 1212.564834][T26031] ? _raw_write_unlock+0x28/0x50 [ 1212.564867][T26031] ? proc_register+0x314/0x5f0 [ 1212.564915][T26031] _proc_mkdir+0xb9/0x200 [ 1212.564951][T26031] ? __pfx__proc_mkdir+0x10/0x10 [ 1212.564986][T26031] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 1212.565027][T26031] ? __pfx_netfilter_net_init+0x10/0x10 [ 1212.565065][T26031] netfilter_net_init+0x37b/0x4b0 [ 1212.565097][T26031] ? sysctl_net_init+0x27/0x30 [ 1212.565120][T26031] ops_init+0x1df/0x5f0 [ 1212.565147][T26031] setup_net+0x1ff/0x510 [ 1212.565169][T26031] ? lockdep_init_map_type+0x5c/0x280 [ 1212.565201][T26031] ? __pfx_setup_net+0x10/0x10 [ 1212.565228][T26031] ? debug_mutex_init+0x37/0x70 [ 1212.565256][T26031] copy_net_ns+0x2a6/0x5f0 [ 1212.565285][T26031] create_new_namespaces+0x3ea/0xa90 [ 1212.565322][T26031] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1212.565353][T26031] ksys_unshare+0x45b/0xa40 [ 1212.565389][T26031] ? __pfx_ksys_unshare+0x10/0x10 [ 1212.565419][T26031] ? ksys_write+0x1ac/0x250 [ 1212.565464][T26031] __x64_sys_unshare+0x31/0x40 [ 1212.565495][T26031] do_syscall_64+0xcd/0x490 [ 1212.565534][T26031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1212.565559][T26031] RIP: 0033:0x7fe87b78e929 [ 1212.565580][T26031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1212.565605][T26031] RSP: 002b:00007fe87c53d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1212.565629][T26031] RAX: ffffffffffffffda RBX: 00007fe87b9b5fa0 RCX: 00007fe87b78e929 [ 1212.565647][T26031] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1212.565662][T26031] RBP: 00007fe87c53d090 R08: 0000000000000000 R09: 0000000000000000 [ 1212.565678][T26031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1212.565692][T26031] R13: 0000000000000000 R14: 00007fe87b9b5fa0 R15: 00007ffc75d3a478 [ 1212.565727][T26031] [ 1212.568024][T26031] cannot create netfilter proc entry [ 1212.845665][ T30] audit: type=1326 audit(4294967324.067:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26027 comm="syz.2.4712" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6ed4d8e929 code=0x0 [ 1213.568239][T26042] FAULT_INJECTION: forcing a failure. [ 1213.568239][T26042] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.585969][T26042] CPU: 0 UID: 0 PID: 26042 Comm: syz.1.4716 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1213.586015][T26042] Tainted: [U]=USER [ 1213.586023][T26042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1213.586039][T26042] Call Trace: [ 1213.586049][T26042] [ 1213.586059][T26042] dump_stack_lvl+0x16c/0x1f0 [ 1213.586103][T26042] should_fail_ex+0x512/0x640 [ 1213.586138][T26042] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1213.586181][T26042] should_failslab+0xc2/0x120 [ 1213.586205][T26042] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1213.586242][T26042] ? sock_alloc_inode+0x25/0x1c0 [ 1213.586275][T26042] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1213.586301][T26042] sock_alloc_inode+0x25/0x1c0 [ 1213.586327][T26042] alloc_inode+0x64/0x240 [ 1213.586355][T26042] sock_alloc+0x40/0x280 [ 1213.586379][T26042] sock_create_lite+0x82/0x120 [ 1213.586406][T26042] __netlink_kernel_create+0xbd/0x750 [ 1213.586436][T26042] ? trace_kmalloc+0x2b/0xd0 [ 1213.586461][T26042] ? __kvmalloc_node_noprof+0x298/0x620 [ 1213.586497][T26042] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1213.586523][T26042] ? fib4_semantics_init+0x25/0x100 [ 1213.586568][T26042] fib_net_init+0x26d/0x3f0 [ 1213.586595][T26042] ? __pfx___register_sysctl_table+0x10/0x10 [ 1213.586634][T26042] ? __pfx_fib_net_init+0x10/0x10 [ 1213.586661][T26042] ? lockdep_init_map_type+0x5c/0x280 [ 1213.586695][T26042] ? __pfx_nl_fib_input+0x10/0x10 [ 1213.586825][T26042] ? devinet_init_net+0x5c2/0x910 [ 1213.586862][T26042] ? __pfx_fib_net_init+0x10/0x10 [ 1213.586887][T26042] ops_init+0x1df/0x5f0 [ 1213.586916][T26042] setup_net+0x1ff/0x510 [ 1213.586938][T26042] ? lockdep_init_map_type+0x5c/0x280 [ 1213.586972][T26042] ? __pfx_setup_net+0x10/0x10 [ 1213.586995][T26042] ? debug_mutex_init+0x37/0x70 [ 1213.587021][T26042] copy_net_ns+0x2a6/0x5f0 [ 1213.587052][T26042] create_new_namespaces+0x3ea/0xa90 [ 1213.587089][T26042] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1213.587121][T26042] ksys_unshare+0x45b/0xa40 [ 1213.587154][T26042] ? __pfx_ksys_unshare+0x10/0x10 [ 1213.587189][T26042] ? xfd_validate_state+0x61/0x180 [ 1213.587231][T26042] __x64_sys_unshare+0x31/0x40 [ 1213.587263][T26042] do_syscall_64+0xcd/0x490 [ 1213.587301][T26042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.587327][T26042] RIP: 0033:0x7f3d1f38e929 [ 1213.587349][T26042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1213.587373][T26042] RSP: 002b:00007f3d202ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1213.587400][T26042] RAX: ffffffffffffffda RBX: 00007f3d1f5b5fa0 RCX: 00007f3d1f38e929 [ 1213.587419][T26042] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1213.587436][T26042] RBP: 00007f3d1f410b39 R08: 0000000000000000 R09: 0000000000000000 [ 1213.587452][T26042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1213.587467][T26042] R13: 0000000000000000 R14: 00007f3d1f5b5fa0 R15: 00007fff18637d68 [ 1213.587503][T26042] [ 1214.170165][T26054] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4716'. [ 1215.243399][T26073] FAULT_INJECTION: forcing a failure. [ 1215.243399][T26073] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1215.316174][T26073] CPU: 0 UID: 0 PID: 26073 Comm: syz.1.4723 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1215.316219][T26073] Tainted: [U]=USER [ 1215.316227][T26073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1215.316241][T26073] Call Trace: [ 1215.316250][T26073] [ 1215.316260][T26073] dump_stack_lvl+0x16c/0x1f0 [ 1215.316303][T26073] should_fail_ex+0x512/0x640 [ 1215.316343][T26073] _copy_from_iter+0x463/0x16f0 [ 1215.316388][T26073] ? __pfx__copy_from_iter+0x10/0x10 [ 1215.316425][T26073] ? rcu_is_watching+0x12/0xc0 [ 1215.316450][T26073] ? trace_kmalloc+0x2b/0xd0 [ 1215.316473][T26073] ? __kmalloc_noprof+0x242/0x510 [ 1215.316515][T26073] kernfs_fop_write_iter+0x19a/0x510 [ 1215.316547][T26073] do_iter_readv_writev+0x657/0x950 [ 1215.316582][T26073] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1215.316631][T26073] vfs_writev+0x35f/0xde0 [ 1215.316659][T26073] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1215.316702][T26073] ? __pfx_vfs_writev+0x10/0x10 [ 1215.316732][T26073] ? __mutex_lock+0x1ca/0xb90 [ 1215.316776][T26073] ? __pfx___mutex_lock+0x10/0x10 [ 1215.316824][T26073] ? __fget_files+0x20e/0x3c0 [ 1215.316853][T26073] ? __fget_files+0x140/0x3c0 [ 1215.316893][T26073] ? do_writev+0x132/0x340 [ 1215.316927][T26073] do_writev+0x132/0x340 [ 1215.316956][T26073] ? __pfx_do_writev+0x10/0x10 [ 1215.316993][T26073] do_syscall_64+0xcd/0x490 [ 1215.317027][T26073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1215.317048][T26073] RIP: 0033:0x7f3d1f38e929 [ 1215.317068][T26073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1215.317089][T26073] RSP: 002b:00007f3d202ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1215.317113][T26073] RAX: ffffffffffffffda RBX: 00007f3d1f5b5fa0 RCX: 00007f3d1f38e929 [ 1215.317130][T26073] RDX: 0000000000000003 RSI: 0000200000000200 RDI: 0000000000000003 [ 1215.317146][T26073] RBP: 00007f3d202ad090 R08: 0000000000000000 R09: 0000000000000000 [ 1215.317162][T26073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1215.317177][T26073] R13: 0000000000000000 R14: 00007f3d1f5b5fa0 R15: 00007fff18637d68 [ 1215.317213][T26073] [ 1215.909134][ T30] audit: type=1326 audit(4294967327.316:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26077 comm="syz.2.4725" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6ed4d8e929 code=0x0 [ 1216.073710][T26087] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1216.768969][T26098] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1218.640081][ T30] audit: type=1326 audit(4294967330.044:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26133 comm="syz.0.4739" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f386718e929 code=0x0 [ 1220.099243][T26164] FAULT_INJECTION: forcing a failure. [ 1220.099243][T26164] name failslab, interval 1, probability 0, space 0, times 0 [ 1220.111952][T26164] CPU: 0 UID: 0 PID: 26164 Comm: syz.1.4744 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1220.111975][T26164] Tainted: [U]=USER [ 1220.111980][T26164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1220.111990][T26164] Call Trace: [ 1220.111996][T26164] [ 1220.112002][T26164] dump_stack_lvl+0x16c/0x1f0 [ 1220.112027][T26164] should_fail_ex+0x512/0x640 [ 1220.112047][T26164] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1220.112071][T26164] should_failslab+0xc2/0x120 [ 1220.112084][T26164] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1220.112104][T26164] ? __alloc_skb+0x2b2/0x380 [ 1220.112127][T26164] __alloc_skb+0x2b2/0x380 [ 1220.112146][T26164] ? __pfx___alloc_skb+0x10/0x10 [ 1220.112168][T26164] ? __lock_acquire+0xb8a/0x1c90 [ 1220.112188][T26164] netlink_alloc_large_skb+0x69/0x130 [ 1220.112205][T26164] netlink_sendmsg+0x6a1/0xdd0 [ 1220.112223][T26164] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1220.112245][T26164] ____sys_sendmsg+0xa98/0xc70 [ 1220.112261][T26164] ? copy_msghdr_from_user+0x10a/0x160 [ 1220.112282][T26164] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1220.112300][T26164] ? kfree+0x24f/0x4d0 [ 1220.112318][T26164] ? __pfx__kstrtoull+0x10/0x10 [ 1220.112337][T26164] ___sys_sendmsg+0x134/0x1d0 [ 1220.112359][T26164] ? __pfx____sys_sendmsg+0x10/0x10 [ 1220.112396][T26164] ? __pfx___might_resched+0x10/0x10 [ 1220.112414][T26164] __sys_sendmmsg+0x200/0x420 [ 1220.112437][T26164] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1220.112463][T26164] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1220.112493][T26164] ? fput+0x70/0xf0 [ 1220.112506][T26164] ? ksys_write+0x1ac/0x250 [ 1220.112525][T26164] ? __pfx_ksys_write+0x10/0x10 [ 1220.112547][T26164] __x64_sys_sendmmsg+0x9c/0x100 [ 1220.112581][T26164] ? lockdep_hardirqs_on+0x7c/0x110 [ 1220.112601][T26164] do_syscall_64+0xcd/0x490 [ 1220.112623][T26164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1220.112638][T26164] RIP: 0033:0x7f3d1f38e929 [ 1220.112650][T26164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1220.112664][T26164] RSP: 002b:00007f3d202ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1220.112678][T26164] RAX: ffffffffffffffda RBX: 00007f3d1f5b5fa0 RCX: 00007f3d1f38e929 [ 1220.112687][T26164] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 1220.112695][T26164] RBP: 00007f3d202ad090 R08: 0000000000000000 R09: 0000000000000000 [ 1220.112704][T26164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1220.112712][T26164] R13: 0000000000000000 R14: 00007f3d1f5b5fa0 R15: 00007fff18637d68 [ 1220.112729][T26164] [ 1220.756592][T26171] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1221.019139][T26178] can: request_module (can-proto-0) failed. [ 1221.055247][T26185] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4750'. [ 1221.133029][T26187] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4751'. [ 1221.285857][T26184] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input54 [ 1222.589232][T26209] nfs4: Unknown parameter '' [ 1223.648485][T26224] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1223.762556][T26222] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4759'. [ 1223.809386][ T30] audit: type=1800 audit(4294967335.192:98): pid=26226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4761" name="dbroot" dev="configfs" ino=100106 res=0 errno=0 [ 1224.460444][T26237] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4764'. [ 1226.207009][T26257] can: request_module (can-proto-0) failed. [ 1226.359624][T26263] openvswitch: .RRo\&p: Dropping previously announced user features [ 1226.430114][T26263] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input56 [ 1226.591692][T26264] sd 0:0:1:0: PR command failed: 1026 [ 1226.629962][T26264] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1226.651902][T26264] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1227.352724][T26282] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1227.395469][T26283] FAULT_INJECTION: forcing a failure. [ 1227.395469][T26283] name failslab, interval 1, probability 0, space 0, times 0 [ 1227.505787][T26283] CPU: 0 UID: 0 PID: 26283 Comm: syz.3.4774 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1227.505814][T26283] Tainted: [U]=USER [ 1227.505819][T26283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1227.505829][T26283] Call Trace: [ 1227.505835][T26283] [ 1227.505841][T26283] dump_stack_lvl+0x16c/0x1f0 [ 1227.505867][T26283] should_fail_ex+0x512/0x640 [ 1227.505887][T26283] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 1227.505913][T26283] should_failslab+0xc2/0x120 [ 1227.505928][T26283] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 1227.505950][T26283] ? kstrdup_const+0x63/0x80 [ 1227.505982][T26283] kstrdup+0x53/0x100 [ 1227.506004][T26283] kstrdup_const+0x63/0x80 [ 1227.506031][T26283] __kernfs_new_node+0x9b/0x8e0 [ 1227.506054][T26283] ? __pfx___kernfs_new_node+0x10/0x10 [ 1227.506079][T26283] ? find_held_lock+0x2b/0x80 [ 1227.506094][T26283] ? kernfs_root+0xee/0x2a0 [ 1227.506117][T26283] kernfs_new_node+0x13c/0x1e0 [ 1227.506141][T26283] kernfs_create_dir_ns+0x4c/0x1a0 [ 1227.506165][T26283] sysfs_create_dir_ns+0x13a/0x2b0 [ 1227.506185][T26283] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1227.506203][T26283] ? find_held_lock+0x2b/0x80 [ 1227.506220][T26283] ? class_dir_child_ns_type+0xd/0x60 [ 1227.506235][T26283] kobject_add_internal+0x2c4/0x9b0 [ 1227.506253][T26283] kobject_add+0x16e/0x240 [ 1227.506267][T26283] ? __pfx_kobject_add+0x10/0x10 [ 1227.506282][T26283] ? get_device_parent+0x1c5/0x4e0 [ 1227.506304][T26283] ? kobject_put+0xab/0x5a0 [ 1227.506322][T26283] device_add+0x288/0x1a70 [ 1227.506338][T26283] ? __pfx_device_add+0x10/0x10 [ 1227.506351][T26283] ? kfree+0x24f/0x4d0 [ 1227.506375][T26283] device_create_groups_vargs+0x1f8/0x270 [ 1227.506393][T26283] device_create+0xed/0x130 [ 1227.506408][T26283] ? __pfx_device_create+0x10/0x10 [ 1227.506424][T26283] ? do_init_timer+0xc9/0x110 [ 1227.506441][T26283] ? ieee80211_roc_setup+0x136/0x270 [ 1227.506462][T26283] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1227.506480][T26283] mac80211_hwsim_new_radio+0x369/0x54d0 [ 1227.506509][T26283] ? __asan_memset+0x23/0x50 [ 1227.506529][T26283] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1227.506555][T26283] hwsim_new_radio_nl+0xb51/0x12c0 [ 1227.506577][T26283] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1227.506603][T26283] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1227.506622][T26283] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1227.506645][T26283] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1227.506664][T26283] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1227.506681][T26283] ? trace_cap_capable+0x18d/0x200 [ 1227.506700][T26283] ? bpf_lsm_capable+0x9/0x10 [ 1227.506716][T26283] ? security_capable+0x7e/0x260 [ 1227.506739][T26283] ? ns_capable+0xd7/0x110 [ 1227.506755][T26283] genl_rcv_msg+0x55c/0x800 [ 1227.506774][T26283] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1227.506792][T26283] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1227.506819][T26283] netlink_rcv_skb+0x158/0x420 [ 1227.506834][T26283] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1227.506852][T26283] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1227.506875][T26283] ? netlink_deliver_tap+0x1ae/0xd30 [ 1227.506893][T26283] genl_rcv+0x28/0x40 [ 1227.506907][T26283] netlink_unicast+0x53d/0x7f0 [ 1227.506925][T26283] ? __pfx_netlink_unicast+0x10/0x10 [ 1227.506945][T26283] netlink_sendmsg+0x8d1/0xdd0 [ 1227.506963][T26283] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1227.506995][T26283] ____sys_sendmsg+0xa98/0xc70 [ 1227.507013][T26283] ? copy_msghdr_from_user+0x10a/0x160 [ 1227.507034][T26283] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1227.507056][T26283] ? __pfx_futex_wake_mark+0x10/0x10 [ 1227.507079][T26283] ___sys_sendmsg+0x134/0x1d0 [ 1227.507101][T26283] ? __pfx____sys_sendmsg+0x10/0x10 [ 1227.507120][T26283] ? __lock_acquire+0x622/0x1c90 [ 1227.507162][T26283] __sys_sendmsg+0x16d/0x220 [ 1227.507183][T26283] ? __pfx___sys_sendmsg+0x10/0x10 [ 1227.507204][T26283] ? __x64_sys_futex+0x1e0/0x4c0 [ 1227.507232][T26283] do_syscall_64+0xcd/0x490 [ 1227.507255][T26283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1227.507270][T26283] RIP: 0033:0x7fe87b78e929 [ 1227.507284][T26283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1227.507297][T26283] RSP: 002b:00007fe87c53d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1227.507312][T26283] RAX: ffffffffffffffda RBX: 00007fe87b9b5fa0 RCX: 00007fe87b78e929 [ 1227.507322][T26283] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000006 [ 1227.507332][T26283] RBP: 00007fe87b810b39 R08: 0000000000000000 R09: 0000000000000000 [ 1227.507341][T26283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1227.507350][T26283] R13: 0000000000000000 R14: 00007fe87b9b5fa0 R15: 00007ffc75d3a478 [ 1227.507369][T26283] [ 1227.507380][T26283] kobject: kobject_add_internal failed for hwsim58 (error: -12 parent: mac80211_hwsim) [ 1228.317525][T26293] can: request_module (can-proto-0) failed. [ 1228.354423][T26293] openvswitch: .RRo\&p: Dropping previously announced user features [ 1228.430542][T26299] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input57 [ 1230.443785][T26334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4782'. [ 1230.898930][T26342] FAULT_INJECTION: forcing a failure. [ 1230.898930][T26342] name failslab, interval 1, probability 0, space 0, times 0 [ 1230.930257][T26342] CPU: 0 UID: 0 PID: 26342 Comm: syz.0.4784 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1230.930303][T26342] Tainted: [U]=USER [ 1230.930313][T26342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1230.930329][T26342] Call Trace: [ 1230.930339][T26342] [ 1230.930350][T26342] dump_stack_lvl+0x16c/0x1f0 [ 1230.930395][T26342] should_fail_ex+0x512/0x640 [ 1230.930432][T26342] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1230.930471][T26342] should_failslab+0xc2/0x120 [ 1230.930495][T26342] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1230.930533][T26342] ? __kernfs_new_node+0xd2/0x8e0 [ 1230.930575][T26342] __kernfs_new_node+0xd2/0x8e0 [ 1230.930611][T26342] ? __pfx___kernfs_new_node+0x10/0x10 [ 1230.930655][T26342] ? find_held_lock+0x2b/0x80 [ 1230.930682][T26342] ? kernfs_root+0xee/0x2a0 [ 1230.930723][T26342] kernfs_new_node+0x13c/0x1e0 [ 1230.930779][T26342] kernfs_create_dir_ns+0x4c/0x1a0 [ 1230.930823][T26342] internal_create_group+0x34d/0xf30 [ 1230.930866][T26342] ? kernfs_add_one+0x14e/0x840 [ 1230.930903][T26342] ? __pfx_internal_create_group+0x10/0x10 [ 1230.930944][T26342] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1230.930984][T26342] ? bus_to_subsys+0x131/0x160 [ 1230.931020][T26342] dpm_sysfs_add+0x80/0x280 [ 1230.931046][T26342] device_add+0x9a6/0x1a70 [ 1230.931076][T26342] ? __pfx_device_add+0x10/0x10 [ 1230.931099][T26342] ? kfree+0x24f/0x4d0 [ 1230.931144][T26342] device_create_groups_vargs+0x1f8/0x270 [ 1230.931177][T26342] device_create+0xed/0x130 [ 1230.931206][T26342] ? __pfx_device_create+0x10/0x10 [ 1230.931237][T26342] ? do_init_timer+0xc9/0x110 [ 1230.931268][T26342] ? ieee80211_roc_setup+0x136/0x270 [ 1230.931304][T26342] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1230.931339][T26342] mac80211_hwsim_new_radio+0x369/0x54d0 [ 1230.931393][T26342] ? __asan_memset+0x23/0x50 [ 1230.931427][T26342] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1230.931475][T26342] hwsim_new_radio_nl+0xb51/0x12c0 [ 1230.931515][T26342] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1230.931563][T26342] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1230.931598][T26342] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1230.931639][T26342] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1230.931674][T26342] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1230.931706][T26342] ? trace_cap_capable+0x18d/0x200 [ 1230.931745][T26342] ? bpf_lsm_capable+0x9/0x10 [ 1230.931777][T26342] ? security_capable+0x7e/0x260 [ 1230.931818][T26342] ? ns_capable+0xd7/0x110 [ 1230.931848][T26342] genl_rcv_msg+0x55c/0x800 [ 1230.931885][T26342] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1230.931918][T26342] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1230.931967][T26342] netlink_rcv_skb+0x158/0x420 [ 1230.931995][T26342] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1230.932028][T26342] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1230.932071][T26342] ? netlink_deliver_tap+0x1ae/0xd30 [ 1230.932104][T26342] genl_rcv+0x28/0x40 [ 1230.932130][T26342] netlink_unicast+0x53d/0x7f0 [ 1230.932162][T26342] ? __pfx_netlink_unicast+0x10/0x10 [ 1230.932200][T26342] netlink_sendmsg+0x8d1/0xdd0 [ 1230.932234][T26342] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1230.932276][T26342] ____sys_sendmsg+0xa98/0xc70 [ 1230.932307][T26342] ? copy_msghdr_from_user+0x10a/0x160 [ 1230.932342][T26342] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1230.932381][T26342] ? __pfx_futex_wake_mark+0x10/0x10 [ 1230.932422][T26342] ___sys_sendmsg+0x134/0x1d0 [ 1230.932461][T26342] ? __pfx____sys_sendmsg+0x10/0x10 [ 1230.932495][T26342] ? __lock_acquire+0x622/0x1c90 [ 1230.932574][T26342] __sys_sendmsg+0x16d/0x220 [ 1230.932613][T26342] ? __pfx___sys_sendmsg+0x10/0x10 [ 1230.932648][T26342] ? __x64_sys_futex+0x1e0/0x4c0 [ 1230.932701][T26342] do_syscall_64+0xcd/0x490 [ 1230.932748][T26342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1230.932776][T26342] RIP: 0033:0x7f386718e929 [ 1230.932797][T26342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1230.932822][T26342] RSP: 002b:00007f3867fec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1230.932850][T26342] RAX: ffffffffffffffda RBX: 00007f38673b5fa0 RCX: 00007f386718e929 [ 1230.932868][T26342] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1230.932885][T26342] RBP: 00007f3867210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1230.932902][T26342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1230.932917][T26342] R13: 0000000000000000 R14: 00007f38673b5fa0 R15: 00007fff2d51a378 [ 1230.932953][T26342] [ 1232.141139][T24605] Bluetooth: hci4: command 0x1003 tx timeout [ 1232.141189][ T5840] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1232.645589][T26360] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1234.093220][T26386] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4795'. [ 1234.123818][ T7524] Bluetooth: hci4: Frame reassembly failed (-84) [ 1234.892360][T26394] Process accounting paused [ 1235.111076][T26393] FAULT_INJECTION: forcing a failure. [ 1235.111076][T26393] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1235.135963][T26393] CPU: 0 UID: 0 PID: 26393 Comm: syz.1.4799 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1235.136003][T26393] Tainted: [U]=USER [ 1235.136012][T26393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1235.136024][T26393] Call Trace: [ 1235.136033][T26393] [ 1235.136043][T26393] dump_stack_lvl+0x16c/0x1f0 [ 1235.136086][T26393] should_fail_ex+0x512/0x640 [ 1235.136125][T26393] get_futex_key+0x1d0/0x1540 [ 1235.136159][T26393] ? __pfx_get_futex_key+0x10/0x10 [ 1235.136211][T26393] ? mas_next_slot+0x12d3/0x21b0 [ 1235.136237][T26393] ? __up_read+0x1f8/0x750 [ 1235.136278][T26393] futex_wait_setup+0x9d/0x550 [ 1235.136326][T26393] __futex_wait+0x194/0x2f0 [ 1235.136365][T26393] ? __pfx___futex_wait+0x10/0x10 [ 1235.136406][T26393] ? __pfx_futex_wake_mark+0x10/0x10 [ 1235.136456][T26393] futex_wait+0xe8/0x380 [ 1235.136497][T26393] ? __pfx_futex_wait+0x10/0x10 [ 1235.136544][T26393] ? up_write+0x1b2/0x520 [ 1235.136585][T26393] do_futex+0x229/0x350 [ 1235.136617][T26393] ? __pfx_do_futex+0x10/0x10 [ 1235.136658][T26393] __x64_sys_futex+0x1e0/0x4c0 [ 1235.136694][T26393] ? __pfx___x64_sys_futex+0x10/0x10 [ 1235.136725][T26393] ? ksys_mmap_pgoff+0x85/0x5c0 [ 1235.136752][T26393] ? xfd_validate_state+0x61/0x180 [ 1235.136783][T26393] ? getname_flags.part.0+0x1c5/0x550 [ 1235.136824][T26393] do_syscall_64+0xcd/0x490 [ 1235.136872][T26393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1235.136900][T26393] RIP: 0033:0x7f3d1f38e929 [ 1235.136922][T26393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1235.136949][T26393] RSP: 002b:00007f3d202ad0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1235.136974][T26393] RAX: ffffffffffffffda RBX: 00007f3d1f5b5fa8 RCX: 00007f3d1f38e929 [ 1235.136994][T26393] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3d1f5b5fa8 [ 1235.137011][T26393] RBP: 00007f3d1f5b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1235.137028][T26393] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d1f5b5fac [ 1235.137045][T26393] R13: 0000000000000000 R14: 00007fff18637c80 R15: 00007fff18637d68 [ 1235.137081][T26393] [ 1236.143137][ T5840] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1236.148070][T24605] Bluetooth: hci4: command 0x1003 tx timeout [ 1236.499160][T26423] FAULT_INJECTION: forcing a failure. [ 1236.499160][T26423] name failslab, interval 1, probability 0, space 0, times 0 [ 1236.531137][T26423] CPU: 1 UID: 0 PID: 26423 Comm: syz.2.4808 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1236.531178][T26423] Tainted: [U]=USER [ 1236.531187][T26423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1236.531201][T26423] Call Trace: [ 1236.531210][T26423] [ 1236.531219][T26423] dump_stack_lvl+0x16c/0x1f0 [ 1236.531260][T26423] should_fail_ex+0x512/0x640 [ 1236.531291][T26423] ? fs_reclaim_acquire+0xae/0x150 [ 1236.531322][T26423] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1236.531353][T26423] should_failslab+0xc2/0x120 [ 1236.531377][T26423] __kmalloc_noprof+0xd2/0x510 [ 1236.531424][T26423] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1236.531460][T26423] ? tomoyo_profile+0x47/0x60 [ 1236.531497][T26423] tomoyo_path_number_perm+0x245/0x580 [ 1236.531523][T26423] ? tomoyo_path_number_perm+0x237/0x580 [ 1236.531554][T26423] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1236.531584][T26423] ? find_held_lock+0x2b/0x80 [ 1236.531641][T26423] ? find_held_lock+0x2b/0x80 [ 1236.531663][T26423] ? hook_file_ioctl_common+0x145/0x410 [ 1236.531697][T26423] ? __fget_files+0x20e/0x3c0 [ 1236.531734][T26423] security_file_ioctl+0x9b/0x240 [ 1236.531765][T26423] __x64_sys_ioctl+0xb7/0x210 [ 1236.531796][T26423] do_syscall_64+0xcd/0x490 [ 1236.531834][T26423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1236.531859][T26423] RIP: 0033:0x7f6ed4d8e929 [ 1236.531879][T26423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1236.531902][T26423] RSP: 002b:00007f6ed5bb0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1236.531926][T26423] RAX: ffffffffffffffda RBX: 00007f6ed4fb5fa0 RCX: 00007f6ed4d8e929 [ 1236.531942][T26423] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 000000000000000e [ 1236.531957][T26423] RBP: 00007f6ed5bb0090 R08: 0000000000000000 R09: 0000000000000000 [ 1236.531973][T26423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1236.531988][T26423] R13: 0000000000000000 R14: 00007f6ed4fb5fa0 R15: 00007ffe019c2598 [ 1236.532022][T26423] [ 1236.532033][T26423] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1236.970491][T26432] tipc: Started in network mode [ 1236.994835][T26432] tipc: Node identity ee00, cluster identity 4711 [ 1237.037942][T26432] tipc: Node number set to 60928 [ 1237.053200][T26436] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1237.170493][T26440] openvswitch: .RRo\&p: Dropping previously announced user features [ 1237.336242][T26447] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input58 [ 1237.679481][ T30] audit: type=1804 audit(4294967349.075:99): pid=26431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4809" name="/newroot/550/file0" dev="tmpfs" ino=2875 res=1 errno=0 [ 1237.820852][ T30] audit: type=1800 audit(4294967349.075:100): pid=26431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4809" name="file0" dev="tmpfs" ino=2875 res=0 errno=0 [ 1238.848687][T26478] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1239.430863][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.437731][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.838286][T26484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4821'. [ 1239.872158][T26484] netlink: 25 bytes leftover after parsing attributes in process `syz.1.4821'. [ 1240.183363][T26491] FAULT_INJECTION: forcing a failure. [ 1240.183363][T26491] name failslab, interval 1, probability 0, space 0, times 0 [ 1240.225028][T26491] CPU: 0 UID: 0 PID: 26491 Comm: syz.1.4823 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1240.225074][T26491] Tainted: [U]=USER [ 1240.225089][T26491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1240.225105][T26491] Call Trace: [ 1240.225115][T26491] [ 1240.225126][T26491] dump_stack_lvl+0x16c/0x1f0 [ 1240.225170][T26491] should_fail_ex+0x512/0x640 [ 1240.225205][T26491] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1240.225248][T26491] should_failslab+0xc2/0x120 [ 1240.225274][T26491] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1240.225311][T26491] ? __kernfs_new_node+0xd2/0x8e0 [ 1240.225353][T26491] __kernfs_new_node+0xd2/0x8e0 [ 1240.225393][T26491] ? __pfx___kernfs_new_node+0x10/0x10 [ 1240.225437][T26491] ? find_held_lock+0x2b/0x80 [ 1240.225465][T26491] ? kernfs_root+0xee/0x2a0 [ 1240.225506][T26491] kernfs_new_node+0x13c/0x1e0 [ 1240.225551][T26491] __kernfs_create_file+0x53/0x350 [ 1240.225584][T26491] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1240.225627][T26491] sysfs_merge_group+0x1aa/0x340 [ 1240.225665][T26491] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1240.225705][T26491] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1240.225745][T26491] ? bus_to_subsys+0x131/0x160 [ 1240.225779][T26491] dpm_sysfs_add+0x237/0x280 [ 1240.225807][T26491] device_add+0x9a6/0x1a70 [ 1240.225836][T26491] ? __pfx_device_add+0x10/0x10 [ 1240.225859][T26491] ? kfree+0x24f/0x4d0 [ 1240.225904][T26491] device_create_groups_vargs+0x1f8/0x270 [ 1240.225937][T26491] device_create+0xed/0x130 [ 1240.225966][T26491] ? __pfx_device_create+0x10/0x10 [ 1240.225997][T26491] ? do_init_timer+0xc9/0x110 [ 1240.226028][T26491] ? ieee80211_roc_setup+0x136/0x270 [ 1240.226065][T26491] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1240.226106][T26491] mac80211_hwsim_new_radio+0x369/0x54d0 [ 1240.226163][T26491] ? __asan_memset+0x23/0x50 [ 1240.226200][T26491] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1240.226251][T26491] hwsim_new_radio_nl+0xb51/0x12c0 [ 1240.226292][T26491] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1240.226341][T26491] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1240.226376][T26491] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1240.226418][T26491] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1240.226454][T26491] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1240.226487][T26491] ? trace_cap_capable+0x18d/0x200 [ 1240.226522][T26491] ? bpf_lsm_capable+0x9/0x10 [ 1240.226552][T26491] ? security_capable+0x7e/0x260 [ 1240.226593][T26491] ? ns_capable+0xd7/0x110 [ 1240.226623][T26491] genl_rcv_msg+0x55c/0x800 [ 1240.226660][T26491] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1240.226694][T26491] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1240.226744][T26491] netlink_rcv_skb+0x158/0x420 [ 1240.226771][T26491] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1240.226805][T26491] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1240.226848][T26491] ? netlink_deliver_tap+0x1ae/0xd30 [ 1240.226881][T26491] genl_rcv+0x28/0x40 [ 1240.226908][T26491] netlink_unicast+0x53d/0x7f0 [ 1240.226941][T26491] ? __pfx_netlink_unicast+0x10/0x10 [ 1240.226980][T26491] netlink_sendmsg+0x8d1/0xdd0 [ 1240.227016][T26491] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1240.227059][T26491] ____sys_sendmsg+0xa98/0xc70 [ 1240.227096][T26491] ? copy_msghdr_from_user+0x10a/0x160 [ 1240.227136][T26491] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1240.227176][T26491] ? __pfx_futex_wake_mark+0x10/0x10 [ 1240.227219][T26491] ___sys_sendmsg+0x134/0x1d0 [ 1240.227261][T26491] ? __pfx____sys_sendmsg+0x10/0x10 [ 1240.227296][T26491] ? __lock_acquire+0x622/0x1c90 [ 1240.227377][T26491] __sys_sendmsg+0x16d/0x220 [ 1240.227416][T26491] ? __pfx___sys_sendmsg+0x10/0x10 [ 1240.227453][T26491] ? __x64_sys_futex+0x1e0/0x4c0 [ 1240.227508][T26491] do_syscall_64+0xcd/0x490 [ 1240.227550][T26491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1240.227577][T26491] RIP: 0033:0x7f3d1f38e929 [ 1240.227599][T26491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1240.227626][T26491] RSP: 002b:00007f3d202ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1240.227652][T26491] RAX: ffffffffffffffda RBX: 00007f3d1f5b5fa0 RCX: 00007f3d1f38e929 [ 1240.227670][T26491] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1240.227688][T26491] RBP: 00007f3d1f410b39 R08: 0000000000000000 R09: 0000000000000000 [ 1240.227705][T26491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1240.227721][T26491] R13: 0000000000000000 R14: 00007f3d1f5b5fa0 R15: 00007fff18637d68 [ 1240.227757][T26491] [ 1241.121033][T26504] FAULT_INJECTION: forcing a failure. [ 1241.121033][T26504] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1241.163952][T26504] CPU: 0 UID: 0 PID: 26504 Comm: syz.1.4828 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1241.163978][T26504] Tainted: [U]=USER [ 1241.163984][T26504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1241.163993][T26504] Call Trace: [ 1241.163999][T26504] [ 1241.164005][T26504] dump_stack_lvl+0x16c/0x1f0 [ 1241.164034][T26504] should_fail_ex+0x512/0x640 [ 1241.164059][T26504] get_futex_key+0x1d0/0x1540 [ 1241.164079][T26504] ? __pfx_get_futex_key+0x10/0x10 [ 1241.164096][T26504] ? __fget_files+0x204/0x3c0 [ 1241.164119][T26504] futex_wake+0xea/0x530 [ 1241.164141][T26504] ? __pfx_futex_wake+0x10/0x10 [ 1241.164160][T26504] ? __sys_sendmmsg+0x35f/0x420 [ 1241.164184][T26504] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1241.164208][T26504] do_futex+0x1e3/0x350 [ 1241.164224][T26504] ? __pfx_do_futex+0x10/0x10 [ 1241.164246][T26504] __x64_sys_futex+0x1e0/0x4c0 [ 1241.164265][T26504] ? __pfx___x64_sys_futex+0x10/0x10 [ 1241.164282][T26504] ? xfd_validate_state+0x61/0x180 [ 1241.164305][T26504] do_syscall_64+0xcd/0x490 [ 1241.164328][T26504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1241.164342][T26504] RIP: 0033:0x7f3d1f38e929 [ 1241.164355][T26504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1241.164368][T26504] RSP: 002b:00007f3d202ad0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1241.164383][T26504] RAX: ffffffffffffffda RBX: 00007f3d1f5b5fa8 RCX: 00007f3d1f38e929 [ 1241.164392][T26504] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3d1f5b5fac [ 1241.164401][T26504] RBP: 00007f3d1f5b5fa0 R08: 00007f3d202ae000 R09: 0000000000000000 [ 1241.164410][T26504] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f3d1f5b5fac [ 1241.164419][T26504] R13: 0000000000000000 R14: 00007fff18637c80 R15: 00007fff18637d68 [ 1241.164438][T26504] [ 1241.564562][T26496] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 1241.837019][T26521] FAULT_INJECTION: forcing a failure. [ 1241.837019][T26521] name failslab, interval 1, probability 0, space 0, times 0 [ 1241.855970][T26521] CPU: 0 UID: 0 PID: 26521 Comm: syz.0.4833 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1241.855997][T26521] Tainted: [U]=USER [ 1241.856002][T26521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1241.856012][T26521] Call Trace: [ 1241.856018][T26521] [ 1241.856025][T26521] dump_stack_lvl+0x16c/0x1f0 [ 1241.856050][T26521] should_fail_ex+0x512/0x640 [ 1241.856071][T26521] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1241.856095][T26521] should_failslab+0xc2/0x120 [ 1241.856108][T26521] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1241.856129][T26521] ? __kernfs_new_node+0xd2/0x8e0 [ 1241.856152][T26521] __kernfs_new_node+0xd2/0x8e0 [ 1241.856173][T26521] ? __pfx___kernfs_new_node+0x10/0x10 [ 1241.856196][T26521] ? find_held_lock+0x2b/0x80 [ 1241.856211][T26521] ? kernfs_root+0xee/0x2a0 [ 1241.856233][T26521] kernfs_new_node+0x13c/0x1e0 [ 1241.856258][T26521] __kernfs_create_file+0x53/0x350 [ 1241.856276][T26521] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1241.856299][T26521] sysfs_merge_group+0x1aa/0x340 [ 1241.856319][T26521] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1241.856341][T26521] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1241.856364][T26521] ? bus_to_subsys+0x131/0x160 [ 1241.856383][T26521] dpm_sysfs_add+0x237/0x280 [ 1241.856397][T26521] device_add+0x9a6/0x1a70 [ 1241.856414][T26521] ? __pfx_device_add+0x10/0x10 [ 1241.856426][T26521] ? kfree+0x24f/0x4d0 [ 1241.856450][T26521] device_create_groups_vargs+0x1f8/0x270 [ 1241.856468][T26521] device_create+0xed/0x130 [ 1241.856483][T26521] ? __pfx_device_create+0x10/0x10 [ 1241.856499][T26521] ? do_init_timer+0xc9/0x110 [ 1241.856516][T26521] ? ieee80211_roc_setup+0x136/0x270 [ 1241.856537][T26521] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1241.856555][T26521] mac80211_hwsim_new_radio+0x369/0x54d0 [ 1241.856585][T26521] ? __asan_memset+0x23/0x50 [ 1241.856604][T26521] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1241.856629][T26521] hwsim_new_radio_nl+0xb51/0x12c0 [ 1241.856665][T26521] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1241.856691][T26521] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1241.856712][T26521] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1241.856734][T26521] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1241.856753][T26521] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1241.856776][T26521] ? trace_cap_capable+0x18d/0x200 [ 1241.856796][T26521] ? bpf_lsm_capable+0x9/0x10 [ 1241.856814][T26521] ? security_capable+0x7e/0x260 [ 1241.856837][T26521] ? ns_capable+0xd7/0x110 [ 1241.856853][T26521] genl_rcv_msg+0x55c/0x800 [ 1241.856872][T26521] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1241.856893][T26521] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1241.856919][T26521] netlink_rcv_skb+0x158/0x420 [ 1241.856934][T26521] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1241.856953][T26521] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1241.856976][T26521] ? netlink_deliver_tap+0x1ae/0xd30 [ 1241.856993][T26521] genl_rcv+0x28/0x40 [ 1241.857007][T26521] netlink_unicast+0x53d/0x7f0 [ 1241.857024][T26521] ? __pfx_netlink_unicast+0x10/0x10 [ 1241.857045][T26521] netlink_sendmsg+0x8d1/0xdd0 [ 1241.857063][T26521] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1241.857086][T26521] ____sys_sendmsg+0xa98/0xc70 [ 1241.857103][T26521] ? copy_msghdr_from_user+0x10a/0x160 [ 1241.857123][T26521] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1241.857138][T26521] ? preempt_schedule_thunk+0x16/0x30 [ 1241.857158][T26521] ? try_to_wake_up+0xa2f/0x1680 [ 1241.857176][T26521] ___sys_sendmsg+0x134/0x1d0 [ 1241.857198][T26521] ? __pfx____sys_sendmsg+0x10/0x10 [ 1241.857217][T26521] ? __lock_acquire+0x622/0x1c90 [ 1241.857259][T26521] __sys_sendmsg+0x16d/0x220 [ 1241.857280][T26521] ? __pfx___sys_sendmsg+0x10/0x10 [ 1241.857300][T26521] ? __x64_sys_futex+0x1e0/0x4c0 [ 1241.857330][T26521] do_syscall_64+0xcd/0x490 [ 1241.857353][T26521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1241.857367][T26521] RIP: 0033:0x7f386718e929 [ 1241.857380][T26521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1241.857395][T26521] RSP: 002b:00007f3867fec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1241.857409][T26521] RAX: ffffffffffffffda RBX: 00007f38673b5fa0 RCX: 00007f386718e929 [ 1241.857419][T26521] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000006 [ 1241.857428][T26521] RBP: 00007f3867210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1241.857438][T26521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1241.857447][T26521] R13: 0000000000000000 R14: 00007f38673b5fa0 R15: 00007fff2d51a378 [ 1241.857466][T26521] [ 1242.999658][T26538] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4839'. [ 1243.137649][T26541] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1244.501961][T25385] Bluetooth: hci4: Frame reassembly failed (-84) [ 1245.571523][T26585] openvswitch: .RRo\&p: Dropping previously announced user features [ 1245.667066][T26589] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input59 [ 1246.558494][T24605] Bluetooth: hci4: command 0x1003 tx timeout [ 1246.559997][ T5840] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1247.549407][T26612] Scaler: ================= START STATUS ================= [ 1247.556849][T26612] Scaler: ================== END STATUS ================== [ 1248.811090][T26630] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4862'. [ 1248.974243][T26630] team0: Port device team_slave_1 removed [ 1249.283475][T26635] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4864'. [ 1249.403094][T26643] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4864'. [ 1250.021808][T26650] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1250.817438][T26661] can: request_module (can-proto-0) failed. [ 1250.874280][T26661] openvswitch: .RRo\&p: Dropping previously announced user features [ 1251.073695][T26661] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input60 [ 1251.430830][ T5840] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1251.432666][T24605] Bluetooth: hci4: command 0x1003 tx timeout [ 1251.990062][T26671] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1252.204280][T24605] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1252.216636][T24605] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1252.225481][T24605] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1252.235670][T24605] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1252.261493][T24605] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1252.415729][T26682] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1252.889529][ T10] Process accounting resumed [ 1252.918963][T26672] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input61 [ 1253.529986][ T7524] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1253.894275][ T7524] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1254.344003][ T7524] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1254.412396][T24605] Bluetooth: hci4: command tx timeout [ 1254.925685][ T7524] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1255.136696][T26678] chnl_net:caif_netlink_parms(): no params data found [ 1255.464607][T26713] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1255.798539][T26678] bridge0: port 1(bridge_slave_0) entered blocking state [ 1255.809801][T26678] bridge0: port 1(bridge_slave_0) entered disabled state [ 1255.817632][T26678] bridge_slave_0: entered allmulticast mode [ 1255.825843][T26678] bridge_slave_0: entered promiscuous mode [ 1255.844343][T26678] bridge0: port 2(bridge_slave_1) entered blocking state [ 1255.857302][T26678] bridge0: port 2(bridge_slave_1) entered disabled state [ 1255.865946][T26678] bridge_slave_1: entered allmulticast mode [ 1255.875149][T26678] bridge_slave_1: entered promiscuous mode [ 1255.930317][ T7524] bridge_slave_1: left allmulticast mode [ 1255.936133][ T7524] bridge_slave_1: left promiscuous mode [ 1255.957972][ T7524] bridge0: port 2(bridge_slave_1) entered disabled state [ 1256.019388][ T7524] bridge_slave_0: left allmulticast mode [ 1256.063463][ T7524] bridge_slave_0: left promiscuous mode [ 1256.069321][ T7524] bridge0: port 1(bridge_slave_0) entered disabled state [ 1256.254068][T26727] FAULT_INJECTION: forcing a failure. [ 1256.254068][T26727] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1256.267080][T26727] CPU: 1 UID: 0 PID: 26727 Comm: syz.2.4880 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1256.267112][T26727] Tainted: [U]=USER [ 1256.267117][T26727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1256.267128][T26727] Call Trace: [ 1256.267134][T26727] [ 1256.267140][T26727] dump_stack_lvl+0x16c/0x1f0 [ 1256.267168][T26727] should_fail_ex+0x512/0x640 [ 1256.267195][T26727] get_futex_key+0x1d0/0x1540 [ 1256.267215][T26727] ? __import_iovec+0x1dd/0x650 [ 1256.267238][T26727] ? __pfx_get_futex_key+0x10/0x10 [ 1256.267252][T26727] ? rcu_is_watching+0x12/0xc0 [ 1256.267267][T26727] ? kfree+0x24f/0x4d0 [ 1256.267285][T26727] ? import_iovec+0x86/0xb0 [ 1256.267308][T26727] futex_wake+0xea/0x530 [ 1256.267329][T26727] ? __pfx_futex_wake+0x10/0x10 [ 1256.267347][T26727] ? kasan_quarantine_put+0x10a/0x240 [ 1256.267371][T26727] ? kmem_cache_free+0x2d1/0x4d0 [ 1256.267392][T26727] do_futex+0x1e3/0x350 [ 1256.267409][T26727] ? __pfx_do_futex+0x10/0x10 [ 1256.267425][T26727] ? do_linkat+0x340/0x5a0 [ 1256.267449][T26727] __x64_sys_futex+0x1e0/0x4c0 [ 1256.267469][T26727] ? __pfx___x64_sys_futex+0x10/0x10 [ 1256.267486][T26727] ? xfd_validate_state+0x61/0x180 [ 1256.267510][T26727] do_syscall_64+0xcd/0x490 [ 1256.267533][T26727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1256.267547][T26727] RIP: 0033:0x7f6ed4d8e929 [ 1256.267560][T26727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1256.267574][T26727] RSP: 002b:00007f6ed5bb00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1256.267588][T26727] RAX: ffffffffffffffda RBX: 00007f6ed4fb5fa8 RCX: 00007f6ed4d8e929 [ 1256.267598][T26727] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6ed4fb5fac [ 1256.267608][T26727] RBP: 00007f6ed4fb5fa0 R08: 00007f6ed5bb1000 R09: 0000000000000000 [ 1256.267617][T26727] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ed4fb5fac [ 1256.267626][T26727] R13: 0000000000000000 R14: 00007ffe019c24b0 R15: 00007ffe019c2598 [ 1256.267646][T26727] [ 1256.475813][T24605] Bluetooth: hci4: command tx timeout [ 1256.940474][T26730] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1258.003494][T26740] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1258.379579][ T7524] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1258.389817][ T7524] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1258.434022][ T7524] bond0 (unregistering): Released all slaves [ 1258.554717][T24605] Bluetooth: hci4: command tx timeout [ 1258.640145][ T7524] .RRo\&p: left promiscuous mode [ 1258.657895][T26678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1258.685779][T26678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1258.745077][ T7524] tipc: Left network mode [ 1258.945981][T26678] team0: Port device team_slave_0 added [ 1259.026551][T26678] team0: Port device team_slave_1 added [ 1259.040935][T26747] can: request_module (can-proto-0) failed. [ 1259.216004][T26755] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input62 [ 1259.918024][T26747] openvswitch: .RRo\&p: Dropping previously announced user features [ 1260.008666][T26678] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1260.034211][T26678] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1260.164574][T26678] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1260.232024][T26678] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1260.239919][T26678] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1260.350746][T26678] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1260.635542][T24605] Bluetooth: hci4: command tx timeout [ 1260.947696][T26678] hsr_slave_0: entered promiscuous mode [ 1260.987436][T26678] hsr_slave_1: entered promiscuous mode [ 1260.994567][T26678] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1261.003301][T26678] Cannot create hsr debugfs directory [ 1261.952776][T26795] can: request_module (can-proto-0) failed. [ 1262.086405][T26803] openvswitch: .RRo\&p: Dropping previously announced user features [ 1262.169699][T26806] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input63 [ 1262.448969][ T7524] hsr_slave_1: left promiscuous mode [ 1262.525578][ T7524] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1262.587316][ T7524] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1262.596661][ T7524] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1262.604104][ T7524] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1262.742634][ T7524] veth1_macvtap: left promiscuous mode [ 1262.765013][ T7524] veth1_vlan: left promiscuous mode [ 1262.770577][ T7524] veth0_vlan: left promiscuous mode [ 1263.470405][ T7524] team0 (unregistering): Port device team_slave_1 removed [ 1263.541497][ T7524] team0 (unregistering): Port device team_slave_0 removed [ 1264.683593][T26829] can: request_module (can-proto-0) failed. [ 1265.073083][T26678] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1265.103166][T26678] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1265.176382][T26678] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1265.193653][T26678] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1265.513739][T26678] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1265.589273][T26678] 8021q: adding VLAN 0 to HW filter on device team0 [ 1265.622201][ T7520] bridge0: port 1(bridge_slave_0) entered blocking state [ 1265.629471][ T7520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1265.664568][ T7520] bridge0: port 2(bridge_slave_1) entered blocking state [ 1265.671811][ T7520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1266.617376][T26678] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1266.962235][T26678] veth0_vlan: entered promiscuous mode [ 1267.004715][T26678] veth1_vlan: entered promiscuous mode [ 1267.228164][T26678] veth0_macvtap: entered promiscuous mode [ 1267.292956][T26678] veth1_macvtap: entered promiscuous mode [ 1267.421901][T26678] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1267.622373][T26678] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1267.703524][T26678] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1267.752239][T26678] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1267.786395][T26678] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1267.808890][T26678] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1268.837903][ T7520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1268.862054][ T7520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1269.081584][T25378] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1269.089459][T25378] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1269.308536][T26900] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1269.864756][T26911] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1270.126388][T26925] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1270.328222][T26922] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1271.521688][T26943] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1272.241220][ T5840] Bluetooth: hci3: command 0x0406 tx timeout [ 1272.312890][T26961] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1272.636788][T26970] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1272.752196][T26973] FAULT_INJECTION: forcing a failure. [ 1272.752196][T26973] name failslab, interval 1, probability 0, space 0, times 0 [ 1272.809387][T26973] CPU: 1 UID: 0 PID: 26973 Comm: syz.2.4914 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1272.809428][T26973] Tainted: [U]=USER [ 1272.809437][T26973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1272.809451][T26973] Call Trace: [ 1272.809460][T26973] [ 1272.809470][T26973] dump_stack_lvl+0x16c/0x1f0 [ 1272.809510][T26973] should_fail_ex+0x512/0x640 [ 1272.809544][T26973] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1272.809584][T26973] should_failslab+0xc2/0x120 [ 1272.809607][T26973] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1272.809642][T26973] ? __alloc_skb+0x2b2/0x380 [ 1272.809680][T26973] __alloc_skb+0x2b2/0x380 [ 1272.809714][T26973] ? __pfx___alloc_skb+0x10/0x10 [ 1272.809760][T26973] netlink_alloc_large_skb+0x69/0x130 [ 1272.809791][T26973] netlink_sendmsg+0x6a1/0xdd0 [ 1272.809823][T26973] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1272.809862][T26973] __sys_sendto+0x4a0/0x520 [ 1272.809896][T26973] ? __pfx___sys_sendto+0x10/0x10 [ 1272.809957][T26973] ? ksys_write+0x1ac/0x250 [ 1272.809990][T26973] ? __pfx_ksys_write+0x10/0x10 [ 1272.810028][T26973] __x64_sys_sendto+0xe0/0x1c0 [ 1272.810059][T26973] ? do_syscall_64+0x91/0x490 [ 1272.810095][T26973] ? lockdep_hardirqs_on+0x7c/0x110 [ 1272.810128][T26973] do_syscall_64+0xcd/0x490 [ 1272.810167][T26973] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1272.810192][T26973] RIP: 0033:0x7f6ed4d907bc [ 1272.810212][T26973] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 1272.810235][T26973] RSP: 002b:00007f6ed5baeec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1272.810259][T26973] RAX: ffffffffffffffda RBX: 00007f6ed5baefc0 RCX: 00007f6ed4d907bc [ 1272.810276][T26973] RDX: 0000000000000020 RSI: 00007f6ed5baf010 RDI: 0000000000000003 [ 1272.810291][T26973] RBP: 0000000000000000 R08: 00007f6ed5baef14 R09: 000000000000000c [ 1272.810306][T26973] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 1272.810321][T26973] R13: 00007f6ed5baef68 R14: 00007f6ed5baf010 R15: 0000000000000000 [ 1272.810360][T26973] [ 1273.340519][T26979] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4915'. [ 1273.396734][T26976] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4915'. [ 1273.480827][T26982] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1273.812075][T26994] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4917'. [ 1276.513534][T27043] can: request_module (can-proto-0) failed. [ 1276.683160][T27043] openvswitch: .RRo\&p: Dropping previously announced user features [ 1276.842222][T27043] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input64 [ 1277.270826][T27053] can: request_module (can-proto-0) failed. [ 1277.673334][T27058] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input65 [ 1278.142371][T27067] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1278.389574][T27065] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1279.216370][T27028] delete_channel: no stack [ 1280.371927][T27110] openvswitch: .RRo\&p: Dropping previously announced user features [ 1280.452971][T27105] can: request_module (can-proto-0) failed. [ 1280.605681][T27110] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input66 [ 1281.343250][ T5840] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1281.356382][ T5840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1281.364944][ T5840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1281.371777][T27117] netlink: 'syz.2.4945': attribute type 16 has an invalid length. [ 1281.391116][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1281.398937][T27117] netlink: 'syz.2.4945': attribute type 17 has an invalid length. [ 1281.407220][T27117] netlink: 'syz.2.4945': attribute type 19 has an invalid length. [ 1281.415249][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1281.422983][T27117] netlink: 94 bytes leftover after parsing attributes in process `syz.2.4945'. [ 1281.698209][T27117] FAULT_INJECTION: forcing a failure. [ 1281.698209][T27117] name failslab, interval 1, probability 0, space 0, times 0 [ 1281.715947][T27117] CPU: 1 UID: 0 PID: 27117 Comm: syz.2.4945 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1281.715991][T27117] Tainted: [U]=USER [ 1281.715999][T27117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1281.716012][T27117] Call Trace: [ 1281.716021][T27117] [ 1281.716031][T27117] dump_stack_lvl+0x16c/0x1f0 [ 1281.716072][T27117] should_fail_ex+0x512/0x640 [ 1281.716112][T27117] should_failslab+0xc2/0x120 [ 1281.716137][T27117] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1281.716173][T27117] ? skb_clone+0x190/0x3f0 [ 1281.716215][T27117] skb_clone+0x190/0x3f0 [ 1281.716252][T27117] netlink_deliver_tap+0xabd/0xd30 [ 1281.716286][T27117] netlink_unicast+0x6b2/0x7f0 [ 1281.716318][T27117] ? __pfx_netlink_unicast+0x10/0x10 [ 1281.716355][T27117] netlink_ack+0x696/0xb80 [ 1281.716393][T27117] netlink_rcv_skb+0x332/0x420 [ 1281.716420][T27117] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1281.716446][T27117] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1281.716486][T27117] ? netlink_deliver_tap+0x1ae/0xd30 [ 1281.716518][T27117] netlink_unicast+0x53d/0x7f0 [ 1281.716549][T27117] ? __pfx_netlink_unicast+0x10/0x10 [ 1281.716586][T27117] netlink_sendmsg+0x8d1/0xdd0 [ 1281.716619][T27117] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1281.716660][T27117] ____sys_sendmsg+0xa98/0xc70 [ 1281.716690][T27117] ? copy_msghdr_from_user+0x10a/0x160 [ 1281.716723][T27117] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1281.716756][T27117] ? kfree+0x24f/0x4d0 [ 1281.716782][T27117] ? __pfx__kstrtoull+0x10/0x10 [ 1281.716819][T27117] ___sys_sendmsg+0x134/0x1d0 [ 1281.716857][T27117] ? __pfx____sys_sendmsg+0x10/0x10 [ 1281.716932][T27117] ? __pfx___might_resched+0x10/0x10 [ 1281.716971][T27117] __sys_sendmmsg+0x200/0x420 [ 1281.717012][T27117] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1281.717060][T27117] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1281.717113][T27117] ? fput+0x70/0xf0 [ 1281.717137][T27117] ? ksys_write+0x1ac/0x250 [ 1281.717169][T27117] ? __pfx_ksys_write+0x10/0x10 [ 1281.717209][T27117] __x64_sys_sendmmsg+0x9c/0x100 [ 1281.717244][T27117] ? lockdep_hardirqs_on+0x7c/0x110 [ 1281.717278][T27117] do_syscall_64+0xcd/0x490 [ 1281.717316][T27117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1281.717341][T27117] RIP: 0033:0x7f6ed4d8e929 [ 1281.717361][T27117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1281.717385][T27117] RSP: 002b:00007f6ed5bb0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1281.717409][T27117] RAX: ffffffffffffffda RBX: 00007f6ed4fb5fa0 RCX: 00007f6ed4d8e929 [ 1281.717426][T27117] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 1281.717442][T27117] RBP: 00007f6ed5bb0090 R08: 0000000000000000 R09: 0000000000000000 [ 1281.717458][T27117] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000002 [ 1281.717474][T27117] R13: 0000000000000000 R14: 00007f6ed4fb5fa0 R15: 00007ffe019c2598 [ 1281.717509][T27117] [ 1282.224286][T27118] chnl_net:caif_netlink_parms(): no params data found [ 1282.261030][T25440] ------------[ cut here ]------------ [ 1282.266581][T25440] ODEBUG: free active (active state 0) object: ffff88802a725318 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 [ 1282.314102][T27128] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1282.331048][T25440] WARNING: CPU: 0 PID: 25440 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 [ 1282.340970][T25440] Modules linked in: [ 1282.344910][T25440] CPU: 0 UID: 0 PID: 25440 Comm: syz.0.4574 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1282.357619][T25440] Tainted: [U]=USER [ 1282.361446][T25440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1282.371562][T25440] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 1282.377430][T25440] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 00 77 15 8c 4c 89 e6 48 c7 c7 80 6b 15 8c e8 4f 22 9c fc 90 <0f> 0b 90 90 58 83 05 16 dc c9 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 1282.397252][T25440] RSP: 0000:ffffc9000c327768 EFLAGS: 00010286 [ 1282.403345][T25440] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1f8 [ 1282.412064][T25440] RDX: ffff8880792a3c00 RSI: ffffffff817aa205 RDI: 0000000000000001 [ 1282.420661][T25440] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 1282.428690][T25440] R10: 0000000000000001 R11: 0000000000054bd8 R12: ffffffff8c157220 [ 1282.436710][T25440] R13: ffffffff8bafe800 R14: ffffffff8a886550 R15: ffffc9000c327868 [ 1282.444966][T25440] FS: 0000000000000000(0000) GS:ffff88812475f000(0000) knlGS:0000000000000000 [ 1282.454157][T25440] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1282.460968][T25440] CR2: 0000001b2ecbcff8 CR3: 000000006c6b8000 CR4: 00000000003526f0 [ 1282.469014][T25440] Call Trace: [ 1282.472313][T25440] [ 1282.475258][T25440] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 1282.480798][T25440] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1282.486818][T25440] debug_check_no_obj_freed+0x4b7/0x600 [ 1282.492418][T25440] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 1282.498545][T25440] ? rcu_is_watching+0x12/0xc0 [ 1282.503348][T25440] ? kmem_cache_free+0x2d1/0x4d0 [ 1282.508799][T25440] kfree+0x28f/0x4d0 [ 1282.513279][T25440] ? hci_release_dev+0x4d8/0x600 [ 1282.518522][T25440] hci_release_dev+0x4d8/0x600 [ 1282.523323][T25440] ? __pfx_hci_release_dev+0x10/0x10 [ 1282.528778][T25440] ? rcu_is_watching+0x12/0xc0 [ 1282.533576][T25440] ? kfree+0x24f/0x4d0 [ 1282.537807][T25440] bt_host_release+0x6a/0xb0 [ 1282.542429][T25440] ? __pfx_bt_host_release+0x10/0x10 [ 1282.548011][T25440] device_release+0xa4/0x240 [ 1282.552648][T25440] kobject_put+0x1e7/0x5a0 [ 1282.557524][T25440] ? __pfx_vhci_release+0x10/0x10 [ 1282.562593][T25440] put_device+0x1f/0x30 [ 1282.567029][T25440] vhci_release+0x81/0xf0 [ 1282.571488][T25440] __fput+0x402/0xb70 [ 1282.575507][T25440] task_work_run+0x14d/0x240 [ 1282.580183][T25440] ? __pfx_task_work_run+0x10/0x10 [ 1282.585347][T25440] do_exit+0x86c/0x2bd0 [ 1282.589585][T25440] ? __pfx_do_exit+0x10/0x10 [ 1282.594208][T25440] ? do_raw_spin_lock+0x12c/0x2b0 [ 1282.599298][T25440] ? find_held_lock+0x2b/0x80 [ 1282.604007][T25440] do_group_exit+0xd3/0x2a0 [ 1282.608582][T25440] get_signal+0x2673/0x26d0 [ 1282.613612][T25440] ? __pfx_get_signal+0x10/0x10 [ 1282.619128][T25440] ? do_futex+0x122/0x350 [ 1282.623694][T25440] ? __pfx_do_futex+0x10/0x10 [ 1282.628465][T25440] arch_do_signal_or_restart+0x8f/0x790 [ 1282.634048][T25440] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1282.640303][T25440] exit_to_user_mode_loop+0x84/0x110 [ 1282.645638][T25440] do_syscall_64+0x3f6/0x490 [ 1282.650625][T25440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1282.656786][T25440] RIP: 0033:0x7f386718e929 [ 1282.661423][T25440] Code: Unable to access opcode bytes at 0x7f386718e8ff. [ 1282.668489][T25440] RSP: 002b:00007f3867fec0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1282.676975][T25440] RAX: fffffffffffffe00 RBX: 00007f38673b5fa8 RCX: 00007f386718e929 [ 1282.684971][T25440] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f38673b5fa8 [ 1282.693047][T25440] RBP: 00007f38673b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1282.701080][T25440] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f38673b5fac SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1282.709132][T25440] R13: 0000000000000000 R14: 00007fff2d51a290 R15: 00007fff2d51a378 [ 1282.717924][T25440] [ 1282.720970][T25440] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1282.728277][T25440] CPU: 0 UID: 0 PID: 25440 Comm: syz.0.4574 Tainted: G U 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1282.740206][T25440] Tainted: [U]=USER [ 1282.744029][T25440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1282.754108][T25440] Call Trace: [ 1282.757411][T25440] [ 1282.760356][T25440] dump_stack_lvl+0x3d/0x1f0 [ 1282.764985][T25440] panic+0x71c/0x800 [ 1282.768922][T25440] ? __pfx_panic+0x10/0x10 [ 1282.773372][T25440] ? show_trace_log_lvl+0x29b/0x3e0 [ 1282.778611][T25440] ? check_panic_on_warn+0x1f/0xb0 [ 1282.783754][T25440] ? debug_print_object+0x1a2/0x2b0 [ 1282.788973][T25440] check_panic_on_warn+0xab/0xb0 [ 1282.793950][T25440] __warn+0xf6/0x3c0 [ 1282.797880][T25440] ? debug_print_object+0x1a2/0x2b0 [ 1282.803103][T25440] report_bug+0x3c3/0x580 [ 1282.807457][T25440] ? debug_print_object+0x1a2/0x2b0 [ 1282.812659][T25440] handle_bug+0x184/0x210 [ 1282.816992][T25440] exc_invalid_op+0x17/0x50 [ 1282.821499][T25440] asm_exc_invalid_op+0x1a/0x20 [ 1282.826357][T25440] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 1282.832173][T25440] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 00 77 15 8c 4c 89 e6 48 c7 c7 80 6b 15 8c e8 4f 22 9c fc 90 <0f> 0b 90 90 58 83 05 16 dc c9 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 1282.851790][T25440] RSP: 0000:ffffc9000c327768 EFLAGS: 00010286 [ 1282.857870][T25440] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1f8 [ 1282.866379][T25440] RDX: ffff8880792a3c00 RSI: ffffffff817aa205 RDI: 0000000000000001 [ 1282.874370][T25440] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 1282.882343][T25440] R10: 0000000000000001 R11: 0000000000054bd8 R12: ffffffff8c157220 [ 1282.890315][T25440] R13: ffffffff8bafe800 R14: ffffffff8a886550 R15: ffffc9000c327868 [ 1282.898291][T25440] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 1282.903765][T25440] ? __warn_printk+0x198/0x350 [ 1282.908535][T25440] ? __warn_printk+0x1a5/0x350 [ 1282.913332][T25440] ? debug_print_object+0x1a1/0x2b0 [ 1282.918550][T25440] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 1282.924038][T25440] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1282.929872][T25440] debug_check_no_obj_freed+0x4b7/0x600 [ 1282.935448][T25440] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 1282.941522][T25440] ? rcu_is_watching+0x12/0xc0 [ 1282.946301][T25440] ? kmem_cache_free+0x2d1/0x4d0 [ 1282.951250][T25440] kfree+0x28f/0x4d0 [ 1282.955237][T25440] ? hci_release_dev+0x4d8/0x600 [ 1282.960188][T25440] hci_release_dev+0x4d8/0x600 [ 1282.964976][T25440] ? __pfx_hci_release_dev+0x10/0x10 [ 1282.970290][T25440] ? rcu_is_watching+0x12/0xc0 [ 1282.975069][T25440] ? kfree+0x24f/0x4d0 [ 1282.979154][T25440] bt_host_release+0x6a/0xb0 [ 1282.983750][T25440] ? __pfx_bt_host_release+0x10/0x10 [ 1282.989035][T25440] device_release+0xa4/0x240 [ 1282.993633][T25440] kobject_put+0x1e7/0x5a0 [ 1282.998053][T25440] ? __pfx_vhci_release+0x10/0x10 [ 1283.003090][T25440] put_device+0x1f/0x30 [ 1283.007248][T25440] vhci_release+0x81/0xf0 [ 1283.011587][T25440] __fput+0x402/0xb70 [ 1283.015587][T25440] task_work_run+0x14d/0x240 [ 1283.020189][T25440] ? __pfx_task_work_run+0x10/0x10 [ 1283.025318][T25440] do_exit+0x86c/0x2bd0 [ 1283.029491][T25440] ? __pfx_do_exit+0x10/0x10 [ 1283.034088][T25440] ? do_raw_spin_lock+0x12c/0x2b0 [ 1283.039119][T25440] ? find_held_lock+0x2b/0x80 [ 1283.043802][T25440] do_group_exit+0xd3/0x2a0 [ 1283.048318][T25440] get_signal+0x2673/0x26d0 [ 1283.052834][T25440] ? __pfx_get_signal+0x10/0x10 [ 1283.057703][T25440] ? do_futex+0x122/0x350 [ 1283.062050][T25440] ? __pfx_do_futex+0x10/0x10 [ 1283.066743][T25440] arch_do_signal_or_restart+0x8f/0x790 [ 1283.072316][T25440] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1283.078493][T25440] exit_to_user_mode_loop+0x84/0x110 [ 1283.083792][T25440] do_syscall_64+0x3f6/0x490 [ 1283.088396][T25440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1283.094286][T25440] RIP: 0033:0x7f386718e929 [ 1283.098696][T25440] Code: Unable to access opcode bytes at 0x7f386718e8ff. [ 1283.105709][T25440] RSP: 002b:00007f3867fec0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1283.114123][T25440] RAX: fffffffffffffe00 RBX: 00007f38673b5fa8 RCX: 00007f386718e929 [ 1283.122095][T25440] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f38673b5fa8 [ 1283.130063][T25440] RBP: 00007f38673b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1283.138040][T25440] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f38673b5fac [ 1283.146016][T25440] R13: 0000000000000000 R14: 00007fff2d51a290 R15: 00007fff2d51a378 [ 1283.154004][T25440] [ 1283.157315][T25440] Kernel Offset: disabled [ 1283.161633][T25440] Rebooting in 86400 seconds..