last executing test programs: 12.820366143s ago: executing program 3 (id=2827): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) socket(0x2c, 0x3, 0x0) mmap$auto(0x0, 0xe980, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x7, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0x800eb0, 0x401, 0x9) mknod$auto(&(0x7f0000000040)='./file0\x00', 0xc9f, 0xcf) connect$auto(0x3, 0x0, 0x54) get_robust_list$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) semtimedop$auto(0x0, &(0x7f0000000300)={0x4, 0xffff, 0x70}, 0x1f4, 0x0) 10.71558816s ago: executing program 3 (id=2834): openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/arch_status\x00', 0x120682, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0xa140, 0x0) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'virt_wifi0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r1, @ANYBLOB="0a0005000180c200000e00000a07000000000000000e00000a000100000000000000000008000200", @ANYRES32=r1, @ANYRES8=r0], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4008810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x89}, 0x7}, 0x3, 0x0) 10.134954857s ago: executing program 3 (id=2835): socket(0x2, 0x1, 0x84) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0x64010101}, 0x55) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(0xffffffffffffffff, 0x0, 0x810) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x1, 0x233, 0x0, 0x0, 0x0, 0x8000000000000000) r0 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r0, 0x4018bc13, &(0x7f0000000100)={0x0, 0x9d, 0x1, [0x0]}) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sda\x00', 0x202, 0x0) ioctl$auto_IOC_PR_RELEASE(r1, 0x401070ca, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) 9.777783054s ago: executing program 2 (id=2836): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x203, 0x7, 0xd, 0x8fd6, 0x948b, 0x6, 0x6, 0x3, 0x3, 0x62, 0x80000001, 0x800, 0x1, 0x9, 0x200000000001, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x120e2, 0x0) write$auto(r1, 0x0, 0x81) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r2, 0x0, 0xfffffdef) madvise$auto(0x0, 0xffffffffffff0005, 0x17) shmget$auto(0x400, 0x10563, 0x568c12f2) 8.489125586s ago: executing program 1 (id=2840): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioperm$auto(0x7, 0x5ad2, 0xc) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x4) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r0, &(0x7f00000005c0)='/Eev/audio1\x00VI\xa3\xaa\xb1\xcb\b\xd7lW\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C\x15\xc4D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x91\xc1\xef(,\b\x83\xf1I\'Z:\x8d\xa0o\xf3\xe0\xb4R\x18\xec\x05\x89[\xfd\xa8\xef[\xe6\xe4*f\xfa\xe9\b\xec t\x95\xf8A\xc1\xa9YVA\x80\xd4I)G\xd9\xffz\x1e/\xd4\xfd\x1e\xdf\xf6\xe6\x95\"q\x80\x8a\xab\xb2\x99\xff\x96c+\x8b\xb6\x11\x95\x02\xf1K\x12\xcb\xaa\\Q\xb1\xd7\xe4\xaaP\b\xc6a\xbf\xed\xfa b\x1d\xde\x13)E\xf8\xa0\xc0I\xba&\xac\x17\x0f\xd3k\x1a\xfc?\x7f\x8f\xa7\xd7\xfc\x11\xc6\xb8\xe1l\x8b\xfbN\x02\x16u\xdb\xee\xbdYN$\x9c&\xa0^K\v\xfd\xdd\xc1\xfe\xcd\xb1\f\x8f^\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x86\xdf\x98\xaf\x8a\x19%\xce\x8e*qIOR\x04\"\xb0\xfaV\xde/5H\xeb\x1aW*\x82J\xa2\x0f_+;_\xfb\x02\xab\xe2A\xe2z\xeab\xc7\xc4\xed(\xeaQM\xeb\x83(Nx\xa9\xed[c\xf2\xb9\r\x8b=o\xb5\x15\xb8\x1b\x8aO\xe1\xa9\xedk\xac\t\xae\x8c\x95K\xe1\xbf\xfb\xecqc\x16\x0f\x0f\xf9\xe3uZ\xc8\xf3\x94\x1d\t\x00\x00\x00\x00\x00\x00\x00\xbc\xc5\xac\xfc_\x18a\xcd\xc3z%\xf5?\xab\xe1\xd0WD:\x12\xba\xcd\xf8\xd5\xa1j\xba\v b\x92m\x8c\xae\x9c^\xcd\x127,u\xf5U\xd6\xd7.X\x9e\x9e\xfb\xa8\x1f\xf2\xf8\x04\xc0\xa7w\xf4\x02\xe3\xc7K\xa6\xc9\xea\x88\x94\xb6\xcb&\xddx\xf6!D\xcc\xe2\xe9\xea\x043\x16C\xd9\x7f:\x81\xd8\x83\xb3;T\xeaH\x92\xbf\x10j\b\xf2\xe7\xc5}\x0e\xb0?\x89\xc5Bu\xf0\x03\xa1,\xb6\xef\x04\x04\x85\x13m\xb6\a\xce\xfb\xf1\x00\xc2\x038h\xf3\xe8\xfcp\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe01K\x81\xc5\x89u\xaf\x03\xd1\xd9\x97G \x8f\xb5\x9f\xea=K\xdb3\xad\\\xbb\x80\xf0\xe4\x17 \xf6\xc9\xfe>\xcf\xe9T\x1a\x82\x1fi\xfe\xcf\xdd\xd8O\x85E\xe1H\xc2\x96\x1e\xc6?t\xec\x9c\x1a\':\xd5\x89\x9f\xc9rSk\x96`\x19\x96\xd8xO\xa7+\xefB\x10\xab\xe0\xdf\x8e\':\xca\xe4v.3\xf6\'G\xff\xee\xfdT\xd9>4\xc3\x8c\x1aNZM\x87\x9c$\x8b \xe5\xbf\f\xa1\x7f0\xccLQ\xc38\xe4\x8c+\xa6\x19@\x9f\x136', 0x100000a3d5) bpf$auto_BPF_BTF_LOAD(0x12, 0x0, 0x2) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(r1, 0x0, 0x2, 0x8000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) 8.314498792s ago: executing program 2 (id=2841): unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x568) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x101142, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) move_pages$auto(0xffffffffffffffff, 0xf54, 0x0, 0x0, 0x0, 0x2) execve$auto(0x0, 0x0, 0x0) capget$auto(0x0, 0x0) symlink$auto(0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) getsockopt$auto(0xffffffffffffffff, 0xff, 0x7, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 7.074764874s ago: executing program 2 (id=2843): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x5, 0x0) socketpair$auto(0x1, 0x0, 0xfffffffc, 0x0) shmat$auto(0x0, 0x0, 0xfffffffe) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r0, 0x0, 0x4008004) socket(0xa, 0x801, 0x84) socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/dummy_hcd.2/usb3/authorized\x00', 0x81, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0xfffffffe, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x16, 0x9, 0xf, 0x8000, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x5, 0x42, 0x76c5, 0x8, 0x100000000}}) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) write$auto(r1, &(0x7f0000000080)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0x48da548d) 6.971326733s ago: executing program 0 (id=2844): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x59, 0x0) r0 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto(r0, 0x0, 0x80000000006) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0xa, 0x1, 0x84) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x10, 0xa, 0x0, 0x7, 0x2) socket(0x11, 0x80003, 0x0) socket(0x2, 0x5, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) 5.950921032s ago: executing program 0 (id=2845): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) socket(0x3, 0x3, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) select$auto(0x32fa, &(0x7f0000000240)={[0x9, 0x5, 0x3, 0x5, 0x800, 0x2, 0x5, 0x1000, 0x9, 0x9, 0x8, 0x47, 0xd, 0x8, 0x5013, 0x1]}, 0x0, &(0x7f0000000340)={[0x9, 0x7, 0x1, 0x3, 0xd6b, 0xc, 0x0, 0x1, 0x3b4, 0x1, 0x6b68, 0xeacb, 0x26, 0x99, 0xd5f, 0x3]}, &(0x7f0000000180)={0x8, 0x51a}) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000000c0)={0x3c, r3, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfffffffffffffff7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x8880) 5.354511344s ago: executing program 1 (id=2846): close_range$auto(0x0, 0xfffffffffffff000, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/pci/rescan\x00', 0x20681, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x11, 0x3, 0x9) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x48001, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 4.859923462s ago: executing program 2 (id=2847): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x103700, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8) unshare$auto(0x40000080) sendto$auto(0x3, 0x0, 0x100000000, 0x8, 0x0, 0x1c) 4.745831082s ago: executing program 1 (id=2848): bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x0) socket(0x2, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x106) r0 = socket(0x10, 0x2, 0xf) close_range$auto(0x0, 0xffffeffe, 0x2) pipe$auto(0x0) socket(0xa, 0x3, 0xff) pipe$auto(0x0) bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r0, 0xffffffff}, 0xd) bpf$auto(0x2, &(0x7f0000000080)=@bpf_attr_3={0x5, 0x0, 0x702955be, 0x40000, 0x4, 0x5, 0x80, 0xe4, 0xfffff800, "0566c8ee7c78a925488276d7697a12bd", 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x9, 0x4, 0x7, 0x10001, 0x0, 0x8001, @attach_prog_fd=r0, 0x7e, 0x4, 0x1, 0x5, 0x3}, 0x5) 4.627957942s ago: executing program 3 (id=2849): socket$nl_generic(0x10, 0x3, 0x10) memfd_create$auto(&(0x7f00000000c0)='..\x007\x10t\x1a\xf9,\xe1\x8b\x02k\x8e\v\xb04\x01\x92\xa5\xb5W\xce\x93yE\x97l\xecw/\x1f\xb4\xf7&\x7f%\x1a', 0x5) socket(0x10, 0x2, 0x0) userfaultfd$auto(0x1) socket(0xa, 0x801, 0x84) socket(0xa, 0x3, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socket(0xa, 0x2, 0x0) socket(0xa, 0x2, 0x3a) r0 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) 4.614801477s ago: executing program 1 (id=2850): mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, 0x0, 0x7ef) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$auto(0xffffffffffffffff, 0x400454cb, 0x5) mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0) unshare$auto(0x40000080) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb9, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xffff34e6, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x40000007, 0xffffffff, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r2, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) 4.522086659s ago: executing program 3 (id=2851): readv$auto(0x3, 0x0, 0x4) unshare$auto(0x40000080) r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) ptrace$auto(0x11, 0x0, 0x4, 0x0) ptrace$auto(0x5, 0x0, 0xfffffffffffffffa, 0x8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) mmap$auto(0x0, 0x100000001, 0xfd5, 0x12, r1, 0x0) writev$auto(0x3, &(0x7f0000004100)={0x0, 0xb}, 0x3ff) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x42, 0x0) write$auto(r2, 0x0, 0xa3d9) unshare$auto(0xa4) unshare$auto(0x40000080) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, 0x0, 0x10004010) 4.2094375s ago: executing program 0 (id=2852): write$auto(0xffffffffffffffff, 0x0, 0x81) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x82002, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x3, 0x0, 0x7fffffff) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/pcmC1D0c\x00', 0x80080, 0x0) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) newfstatat$auto(0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x8, 0x6, 0xa9, 0x0, 0x0, 0xee01, 0x0, 0x2000000006, 0x20000000000003, 0x0, 0x7, 0x8, 0x5, 0x1000000001, 0x4, 0x1, 0x53}, 0x1) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) socket(0x21, 0x80000, 0x3) prctl$auto(0x21, 0x0, 0x1, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) lseek$auto(0x3, 0x0, 0x1) 2.928800067s ago: executing program 0 (id=2853): mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x80000000000001, 0x5, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.743647528s ago: executing program 2 (id=2854): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0xfffd, 0x8000, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sched_get_priority_min$auto(0x40) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x981e82, 0x0) socket(0x6, 0x2, 0x80000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x5f}, 0x1, 0x0, 0x0, 0x400c810}, 0x8800) sendmmsg$auto(0x3, 0x0, 0x2, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x0, &(0x7f0000000340)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0xfa, 0x80}, 0x96) r0 = openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x0, 0x0) preadv$auto(r0, &(0x7f0000000100)={&(0x7f00000001c0), 0x82}, 0x8, 0x6, 0x5) 2.513974282s ago: executing program 1 (id=2855): mmap$auto(0xffffffffffffffff, 0x20005, 0xa, 0x15, 0x400, 0x18002) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000040)='{\x00', 0xfff) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket(0x10, 0x2, 0x0) write$auto_fops_x16_ro_(r2, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r3, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vivid.0/video4linux/video30/dev_debug\x00', 0x129102, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) 1.156535903s ago: executing program 1 (id=2856): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) shmctl$auto(0x9, 0xd, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0xe8) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0xe8) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) madvise$auto(0x0, 0x100000, 0x17) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f00000000c0)="0a1b9a3c3e3efd6ea3d31791840bd70c00000082574c58e9865c42d76e1cadd6a7b7b426b7fcdc8e357080d70b5ab848770dc8f745d1c76eedaa12b9db4b519958c62bf692d2c9df7a9a2e8a556b30aeb5dfce3531f694dabdbc08f62cb37e5bc82e660cfd70f603b20416c7bf0e95345b899b4466bf6a70b1274b19782b41ac172a25e65be53e69c6369b67a4cbd638", 0x90) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/security/tomoyo/stat\x00', 0x40802, 0x0) syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000000), 0xffffffffffffffff) 1.153143154s ago: executing program 0 (id=2857): r0 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/set_event_notrace_pid\x00', 0x80800, 0x0) shmctl$auto_SHM_STAT_ANY(0xc, 0xf, &(0x7f0000000340)={{0x4, 0xee01, 0xee01, 0x80, 0x80, 0xfffffff8, 0x7fff}, 0x6, 0x6, 0x9, 0xcd, @raw=0x1000, @inferred=0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000140), &(0x7f00000001c0)="87206c8b1b7fb37ea771ea589f1cc62e50c829c4f476b9a871da5fa138fc6a8e9d3abf7923207febe7156f057d500ce28e1d6e85afd5dda59cc211366f02e34e48cb0cc453875ba6170dcf5fac74747d7abd0c42e078a66dc862672efa45dc431117ee473f0585befeab640e2f4a7db1"}) fstat$auto(r0, &(0x7f0000000440)={0x2, 0x7, 0xffffffffffff2073, 0x4, 0xee01, r1, 0x0, 0x401, 0x2, 0x10000, 0x5a5b, 0x10000, 0x1, 0x5, 0x6, 0x800, 0xffffffff}) socket(0xa, 0x6, 0x3f) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x100000009) connect$auto(r0, 0x0, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x40200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) set_mempolicy$auto(0x5, &(0x7f0000000280)=0xfffffffffffffffb, 0x3) semctl$auto_IPC_INFO(0x8, 0x5, 0x3, 0x7) 953.921241ms ago: executing program 2 (id=2858): mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x8001, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vbi10\x00', 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r0, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x751c1009, 0x7000000) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, 0x0, 0x810) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) 91.470845ms ago: executing program 3 (id=2859): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/dev_snmp6/team_slave_1\x00', 0x86fb16d8bb90233e, 0x0) pread64$auto(r1, 0x0, 0x8100000041, 0x413e) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0xe0742, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) syz_genetlink_get_family_id$auto_ovs_vport(0xfffffffffffffffe, 0xffffffffffffffff) unshare$auto(0x40000080) mmap$auto(0x80000001, 0x580f, 0x112f4a02, 0x8000000008011, 0x3, 0x1) madvise$auto(0x0, 0x2003f0, 0x15) getresgid$auto(0x0, &(0x7f0000000a40)=0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0x80000000eb1, 0xffffffffffffffff, 0x8000000000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) write$auto_proc_pid_attr_operations_base(0xffffffffffffffff, &(0x7f0000000240)="c837b82802749ee4f24b4e9af6634e3353e6", 0x12) fcntl$auto(0xff80000000000000, 0x409, 0x3f) 0s ago: executing program 0 (id=2860): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r0 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x100) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x10b}, 0x800009}, 0x5, 0x20000000) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0x6}, 0x5, 0x400) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               syzkaller syzkaller login: [ 530.527047][T12965] netlink: zone id is out of range [ 530.553247][T12965] netlink: del zone limit has 4 unknown bytes [ 530.613718][T12955] netlink: set zone limit has 8 unknown bytes [ 531.550147][T12983] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2290'. [ 531.570456][T12985] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2289'. [ 531.674487][T12985] veth1_macvtap: entered promiscuous mode [ 531.680318][T12985] macsec0: entered promiscuous mode [ 531.696365][T12985] macsec0: entered allmulticast mode [ 531.701833][T12985] veth1_macvtap: entered allmulticast mode [ 532.846469][T13001] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2294'. [ 533.662164][T13007] could not allocate digest TFM handle [ 534.401248][T13025] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2300'. [ 534.430668][T13031] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2301'. [ 534.597762][T13029] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2300'. [ 536.705015][T13066] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2312'. [ 536.758532][T13066] netlink: 13 bytes leftover after parsing attributes in process `syz.2.2312'. [ 537.083050][T13075] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 539.001917][T13095] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 541.270579][T13121] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2329'. [ 541.334920][T13124] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2329'. [ 541.353240][T13124] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2329'. [ 541.370676][T13124] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2329'. [ 541.421632][T13124] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2329'. [ 541.465590][T13121] netlink: 306 bytes leftover after parsing attributes in process `syz.1.2329'. [ 541.949895][T13124] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2329'. [ 541.970115][T13124] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2329'. [ 542.000072][T13124] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2329'. [ 542.866081][T13146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2336'. [ 542.879917][T13146] netlink: 13 bytes leftover after parsing attributes in process `syz.3.2336'. [ 543.019015][T13149] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2337'. [ 543.035051][T13149] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2337'. [ 543.057478][T13149] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2337'. [ 543.071052][T13149] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2337'. [ 543.081340][T13149] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2337'. [ 543.287715][T13156] netlink: 'syz.1.2339': attribute type 1 has an invalid length. [ 543.745706][T13161] [U] [ 543.748678][T13161] [U] [ 543.751524][T13161] [U] [ 543.754279][T13161] [U] [ 543.815822][T13161] [U] [ 543.818659][T13161] [U] [ 543.822035][T13161] [U] [ 543.824793][T13161] [U] [ 543.869699][T13161] [U] [ 543.872518][T13161] [U] [ 543.875282][T13161] [U] [ 543.878043][T13161] [U] [ 543.898244][T13161] [U] [ 543.901064][T13161] [U] [ 543.903819][T13161] [U] [ 543.907106][T13161] [U] [ 543.917266][T13161] [U] [ 543.920075][T13161] [U] [ 543.922835][T13161] [U] [ 543.925587][T13161] [U] [ 543.928665][T13161] [U] [ 543.931432][T13161] [U] [ 543.934197][T13161] [U] [ 543.936946][T13161] [U] [ 544.148843][T13161] [U] [ 544.151728][T13161] [U] [ 544.154459][T13161] [U] [ 544.157198][T13161] [U] [ 544.160126][T13161] [U] [ 544.162892][T13161] [U] [ 544.165820][T13161] [U] [ 544.168575][T13161] [U] [ 544.173493][T13161] [U] [ 544.176275][T13161] [U] [ 544.179033][T13161] [U] [ 544.181870][T13161] [U] [ 544.185302][T13161] [U] [ 544.188198][T13161] [U] [ 544.190952][T13161] [U] [ 544.193803][T13161] [U] [ 544.240024][T13161] [U] [ 544.242847][T13161] [U] [ 544.245613][T13161] [U] [ 544.248361][T13161] [U] [ 544.269359][T13161] [U] [ 544.272112][T13161] [U] [ 544.274837][T13161] [U] [ 544.277542][T13161] [U] [ 544.444038][T13161] [U] [ 544.446843][T13161] [U] [ 544.449608][T13161] [U] [ 544.452350][T13161] [U] [ 544.502906][T13161] [U] [ 544.505658][T13161] [U] [ 544.508372][T13161] [U] [ 544.511071][T13161] [U] [ 544.678424][T13161] [U] [ 544.681315][T13161] [U] [ 544.684022][T13161] [U] [ 544.686740][T13161] [U] [ 544.689714][T13161] [U] [ 544.692470][T13161] [U] [ 544.695239][T13161] [U] [ 544.698121][T13161] [U] [ 544.701683][T13161] [U] [ 544.704472][T13161] [U] [ 544.707689][T13161] [U] [ 544.710414][T13161] [U] [ 544.713500][T13161] [U] [ 544.716232][T13161] [U] [ 544.719106][T13161] [U] [ 544.721829][T13161] [U] [ 544.724888][T13161] [U] [ 544.727725][T13161] [U] [ 544.730461][T13161] [U] [ 544.733212][T13161] [U] [ 544.736883][T13161] [U] [ 544.739628][T13161] [U] [ 544.742468][T13161] [U] [ 544.745376][T13161] [U] [ 544.853463][T13161] [U] [ 544.856268][T13161] [U] [ 544.859111][T13161] [U] [ 544.861856][T13161] [U] [ 544.867461][T13161] [U] [ 544.870321][T13161] [U] [ 544.873087][T13161] [U] [ 544.876018][T13161] [U] [ 544.881209][T13161] [U] [ 544.883991][T13161] [U] [ 544.886749][T13161] [U] [ 544.889507][T13161] [U] [ 544.893539][T13161] [U] [ 544.896335][T13161] [U] [ 544.899100][T13161] [U] [ 544.902034][T13161] [U] [ 544.905904][T13161] [U] [ 544.908659][T13161] [U] [ 544.911469][T13161] [U] [ 544.914250][T13161] [U] [ 544.920517][T13161] [U] [ 544.923287][T13161] [U] [ 544.926027][T13161] [U] [ 544.928758][T13161] [U] [ 544.957393][T13161] [U] [ 544.960190][T13161] [U] [ 544.962940][T13161] [U] [ 544.965699][T13161] [U] [ 545.093566][T13161] [U] [ 545.096553][T13161] [U] [ 545.099307][T13161] [U] [ 545.102144][T13161] [U] [ 545.153675][T13161] [U] [ 545.156543][T13161] [U] [ 545.159340][T13161] [U] [ 545.162091][T13161] [U] [ 545.263597][T13161] [U] [ 545.266401][T13161] [U] [ 545.269152][T13161] [U] [ 545.271897][T13161] [U] [ 545.332590][T13161] [U] [ 545.335388][T13161] [U] [ 545.338225][T13161] [U] [ 545.340965][T13161] [U] [ 545.370458][T13161] [U] [ 545.373251][T13161] [U] [ 545.376007][T13161] [U] [ 545.443235][T13195] FAULT_INJECTION: forcing a failure. [ 545.443235][T13195] name failslab, interval 1, probability 0, space 0, times 0 [ 545.451670][T13161] [U] [ 545.459934][T13195] CPU: 1 UID: 0 PID: 13195 Comm: syz.1.2353 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 545.459997][T13195] Tainted: [U]=USER [ 545.460009][T13195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 545.460027][T13195] Call Trace: [ 545.460038][T13195] [ 545.460050][T13195] dump_stack_lvl+0x16c/0x1f0 [ 545.460098][T13195] should_fail_ex+0x512/0x640 [ 545.460138][T13195] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 545.460180][T13195] should_failslab+0xc2/0x120 [ 545.460210][T13195] __kmalloc_cache_noprof+0x6a/0x3e0 [ 545.460246][T13195] ? lockdep_init_map_type+0x5c/0x280 [ 545.460286][T13195] ? slip_open+0x846/0x1150 [ 545.460319][T13195] ? do_init_timer+0xc9/0x110 [ 545.460354][T13195] slip_open+0x846/0x1150 [ 545.460391][T13195] ? __pfx_n_tty_close+0x10/0x10 [ 545.460427][T13195] ? find_held_lock+0x2b/0x80 [ 545.460457][T13195] ? __pfx_slip_open+0x10/0x10 [ 545.460494][T13195] ? down_write+0x14d/0x200 [ 545.460527][T13195] ? __pfx_slip_open+0x10/0x10 [ 545.460567][T13195] tty_ldisc_open+0x9c/0x120 [ 545.460611][T13195] tty_set_ldisc+0x32b/0x780 [ 545.460662][T13195] tty_ioctl+0xc2e/0x1640 [ 545.460712][T13195] ? __pfx_tty_ioctl+0x10/0x10 [ 545.460772][T13195] ? find_held_lock+0x2b/0x80 [ 545.460804][T13195] ? hook_file_ioctl_common+0x145/0x410 [ 545.460848][T13195] ? __fget_files+0x20e/0x3c0 [ 545.460898][T13195] ? __pfx_tty_ioctl+0x10/0x10 [ 545.460949][T13195] __x64_sys_ioctl+0x18e/0x210 [ 545.461000][T13195] do_syscall_64+0xcd/0x490 [ 545.461050][T13195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.461083][T13195] RIP: 0033:0x7f7741f8e929 [ 545.461109][T13195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 545.461142][T13195] RSP: 002b:00007f7742d85038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 545.461173][T13195] RAX: ffffffffffffffda RBX: 00007f77421b5fa0 RCX: 00007f7741f8e929 [ 545.461194][T13195] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000006 [ 545.461213][T13195] RBP: 00007f7742010b39 R08: 0000000000000000 R09: 0000000000000000 [ 545.461233][T13195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 545.461251][T13195] R13: 0000000000000000 R14: 00007f77421b5fa0 R15: 00007ffc1c1fe858 [ 545.461300][T13195] [ 547.339370][T13220] FAULT_INJECTION: forcing a failure. [ 547.339370][T13220] name failslab, interval 1, probability 0, space 0, times 0 [ 547.401442][T13220] CPU: 1 UID: 0 PID: 13220 Comm: syz.0.2361 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 547.401494][T13220] Tainted: [U]=USER [ 547.401506][T13220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 547.401524][T13220] Call Trace: [ 547.401535][T13220] [ 547.401548][T13220] dump_stack_lvl+0x16c/0x1f0 [ 547.401599][T13220] should_fail_ex+0x512/0x640 [ 547.401642][T13220] ? __kmalloc_noprof+0xbf/0x510 [ 547.401692][T13220] ? __alloc_workqueue+0xd5c/0x1810 [ 547.401731][T13220] should_failslab+0xc2/0x120 [ 547.401761][T13220] __kmalloc_noprof+0xd2/0x510 [ 547.401817][T13220] __alloc_workqueue+0xd5c/0x1810 [ 547.401899][T13220] alloc_workqueue+0xd2/0x200 [ 547.401938][T13220] ? __pfx_alloc_workqueue+0x10/0x10 [ 547.401988][T13220] ? rcu_is_watching+0x12/0xc0 [ 547.402023][T13220] ? __kmalloc_noprof+0x242/0x510 [ 547.402066][T13220] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 547.402123][T13220] ieee80211_register_hw+0x1e92/0x4140 [ 547.402173][T13220] ? __debug_object_init+0x281/0x3d0 [ 547.402213][T13220] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 547.402253][T13220] ? find_held_lock+0x2b/0x80 [ 547.402287][T13220] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 547.402351][T13220] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 547.402387][T13220] ? __hrtimer_setup+0x176/0x280 [ 547.402449][T13220] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 547.402524][T13220] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 547.402586][T13220] hwsim_new_radio_nl+0xb51/0x12c0 [ 547.402646][T13220] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 547.402711][T13220] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 547.402753][T13220] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 547.402805][T13220] genl_family_rcv_msg_doit+0x209/0x2f0 [ 547.402847][T13220] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 547.402885][T13220] ? trace_cap_capable+0x18d/0x200 [ 547.402929][T13220] ? bpf_lsm_capable+0x9/0x10 [ 547.402967][T13220] ? security_capable+0x7e/0x260 [ 547.402999][T13220] ? ns_capable+0xd7/0x110 [ 547.403038][T13220] genl_rcv_msg+0x55c/0x800 [ 547.403083][T13220] ? __pfx_genl_rcv_msg+0x10/0x10 [ 547.403123][T13220] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 547.403195][T13220] netlink_rcv_skb+0x158/0x420 [ 547.403228][T13220] ? __pfx_genl_rcv_msg+0x10/0x10 [ 547.403265][T13220] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 547.403317][T13220] ? netlink_deliver_tap+0x1ae/0xd30 [ 547.403374][T13220] genl_rcv+0x28/0x40 [ 547.403406][T13220] netlink_unicast+0x53a/0x7f0 [ 547.403443][T13220] ? __pfx_netlink_unicast+0x10/0x10 [ 547.403490][T13220] netlink_sendmsg+0x8d1/0xdd0 [ 547.403530][T13220] ? __pfx_netlink_sendmsg+0x10/0x10 [ 547.403579][T13220] ____sys_sendmsg+0xa98/0xc70 [ 547.403616][T13220] ? copy_msghdr_from_user+0x10a/0x160 [ 547.403661][T13220] ? __pfx_____sys_sendmsg+0x10/0x10 [ 547.403708][T13220] ? __pfx_futex_wake_mark+0x10/0x10 [ 547.403759][T13220] ___sys_sendmsg+0x134/0x1d0 [ 547.403808][T13220] ? __pfx____sys_sendmsg+0x10/0x10 [ 547.403849][T13220] ? __lock_acquire+0x622/0x1c90 [ 547.403945][T13220] __sys_sendmsg+0x16d/0x220 [ 547.403992][T13220] ? __pfx___sys_sendmsg+0x10/0x10 [ 547.404037][T13220] ? __x64_sys_futex+0x1e0/0x4c0 [ 547.404104][T13220] do_syscall_64+0xcd/0x490 [ 547.404162][T13220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.404194][T13220] RIP: 0033:0x7f8df058e929 [ 547.404221][T13220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 547.404252][T13220] RSP: 002b:00007f8df1432038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 547.404283][T13220] RAX: ffffffffffffffda RBX: 00007f8df07b5fa0 RCX: 00007f8df058e929 [ 547.404304][T13220] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 547.404325][T13220] RBP: 00007f8df0610b39 R08: 0000000000000000 R09: 0000000000000000 [ 547.404345][T13220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 547.404364][T13220] R13: 0000000000000000 R14: 00007f8df07b5fa0 R15: 00007fffa5fb12d8 [ 547.404407][T13220] [ 548.358923][T13223] binder: 13222:13223 ioctl c00c620f 200000000180 returned -22 [ 548.626070][T13236] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 548.681573][T13232] __nla_validate_parse: 11 callbacks suppressed [ 548.681604][T13232] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2364'. [ 548.698245][T13233] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2364'. [ 548.984696][T13245] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2368'. [ 549.244897][T13250] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2369'. [ 549.486815][T13260] sctp: [Deprecated]: syz.2.2372 (pid 13260) Use of struct sctp_assoc_value in delayed_ack socket option. [ 549.486815][T13260] Use struct sctp_sack_info instead [ 549.777620][T13267] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2375'. [ 549.792581][T13267] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2375'. [ 549.808104][T13267] netlink: 290 bytes leftover after parsing attributes in process `syz.3.2375'. [ 550.388632][T13279] FAULT_INJECTION: forcing a failure. [ 550.388632][T13279] name failslab, interval 1, probability 0, space 0, times 0 [ 550.413789][T13279] CPU: 0 UID: 0 PID: 13279 Comm: syz.2.2378 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 550.413841][T13279] Tainted: [U]=USER [ 550.413852][T13279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 550.413870][T13279] Call Trace: [ 550.413881][T13279] [ 550.413894][T13279] dump_stack_lvl+0x16c/0x1f0 [ 550.413949][T13279] should_fail_ex+0x512/0x640 [ 550.413994][T13279] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 550.414046][T13279] should_failslab+0xc2/0x120 [ 550.414076][T13279] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 550.414125][T13279] ? __d_alloc+0x31/0xaa0 [ 550.414199][T13279] __d_alloc+0x31/0xaa0 [ 550.414252][T13279] path_from_stashed+0x500/0xb00 [ 550.414329][T13279] ? __pfx_path_from_stashed+0x10/0x10 [ 550.414380][T13279] ? __pfx___might_resched+0x10/0x10 [ 550.414424][T13279] pidfs_register_pid+0x10b/0x1a0 [ 550.414465][T13279] ? __pfx_pidfs_register_pid+0x10/0x10 [ 550.414507][T13279] ? do_raw_spin_unlock+0x172/0x230 [ 550.414541][T13279] unix_socketpair+0x126/0x860 [ 550.414584][T13279] ? bpf_lsm_socket_post_create+0x9/0x10 [ 550.414633][T13279] ? security_socket_post_create+0x21d/0x260 [ 550.414666][T13279] ? __pfx_unix_socketpair+0x10/0x10 [ 550.414708][T13279] ? __sock_create+0xa2/0x8d0 [ 550.414751][T13279] __sys_socketpair+0x2f2/0x5a0 [ 550.414791][T13279] ? __pfx___sys_socketpair+0x10/0x10 [ 550.414834][T13279] ? xfd_validate_state+0x61/0x180 [ 550.414872][T13279] ? do_execveat_common.isra.0+0x4c6/0x610 [ 550.414918][T13279] __x64_sys_socketpair+0x96/0x100 [ 550.414962][T13279] ? lockdep_hardirqs_on+0x7c/0x110 [ 550.415013][T13279] do_syscall_64+0xcd/0x490 [ 550.415064][T13279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.415095][T13279] RIP: 0033:0x7f1acff8e929 [ 550.415122][T13279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 550.415161][T13279] RSP: 002b:00007f1ad0e51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 550.415191][T13279] RAX: ffffffffffffffda RBX: 00007f1ad01b5fa0 RCX: 00007f1acff8e929 [ 550.415213][T13279] RDX: 8000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 550.415232][T13279] RBP: 00007f1ad0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 550.415251][T13279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 550.415270][T13279] R13: 0000000000000000 R14: 00007f1ad01b5fa0 R15: 00007ffd97d46188 [ 550.415310][T13279] [ 552.359471][T13299] FAULT_INJECTION: forcing a failure. [ 552.359471][T13299] name failslab, interval 1, probability 0, space 0, times 0 [ 552.372839][T13300] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 552.391001][T13299] CPU: 1 UID: 0 PID: 13299 Comm: syz.1.2385 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 552.391053][T13299] Tainted: [U]=USER [ 552.391063][T13299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 552.391079][T13299] Call Trace: [ 552.391089][T13299] [ 552.391102][T13299] dump_stack_lvl+0x16c/0x1f0 [ 552.391153][T13299] should_fail_ex+0x512/0x640 [ 552.391197][T13299] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 552.391251][T13299] should_failslab+0xc2/0x120 [ 552.391288][T13299] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 552.391339][T13299] ? kstrdup_const+0x63/0x80 [ 552.391391][T13299] kstrdup+0x53/0x100 [ 552.391434][T13299] kstrdup_const+0x63/0x80 [ 552.391478][T13299] __kernfs_new_node+0x9b/0x8e0 [ 552.391525][T13299] ? __pfx___kernfs_new_node+0x10/0x10 [ 552.391580][T13299] ? find_held_lock+0x2b/0x80 [ 552.391615][T13299] ? kernfs_root+0xee/0x2a0 [ 552.391665][T13299] kernfs_new_node+0x13c/0x1e0 [ 552.391722][T13299] kernfs_create_link+0xcc/0x240 [ 552.391762][T13299] sysfs_do_create_link_sd+0x90/0x140 [ 552.391807][T13299] sysfs_create_link+0x61/0xc0 [ 552.391849][T13299] device_add+0x62c/0x1a70 [ 552.391888][T13299] ? __pfx_device_add+0x10/0x10 [ 552.391931][T13299] ? kfree+0x24f/0x4d0 [ 552.391986][T13299] device_create_groups_vargs+0x1f8/0x270 [ 552.392029][T13299] device_create+0xed/0x130 [ 552.392065][T13299] ? __pfx_device_create+0x10/0x10 [ 552.392104][T13299] ? do_init_timer+0xc9/0x110 [ 552.392144][T13299] ? ieee80211_roc_setup+0x136/0x270 [ 552.392189][T13299] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 552.392230][T13299] mac80211_hwsim_new_radio+0x369/0x54d0 [ 552.392298][T13299] ? __asan_memset+0x23/0x50 [ 552.392339][T13299] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 552.392408][T13299] hwsim_new_radio_nl+0xb51/0x12c0 [ 552.392460][T13299] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 552.392519][T13299] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 552.392561][T13299] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 552.392611][T13299] genl_family_rcv_msg_doit+0x209/0x2f0 [ 552.392652][T13299] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 552.392689][T13299] ? trace_cap_capable+0x18d/0x200 [ 552.392730][T13299] ? bpf_lsm_capable+0x9/0x10 [ 552.392768][T13299] ? security_capable+0x7e/0x260 [ 552.392800][T13299] ? ns_capable+0xd7/0x110 [ 552.392838][T13299] genl_rcv_msg+0x55c/0x800 [ 552.392881][T13299] ? __pfx_genl_rcv_msg+0x10/0x10 [ 552.392928][T13299] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 552.392990][T13299] netlink_rcv_skb+0x158/0x420 [ 552.393023][T13299] ? __pfx_genl_rcv_msg+0x10/0x10 [ 552.393061][T13299] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 552.393113][T13299] ? netlink_deliver_tap+0x1ae/0xd30 [ 552.393169][T13299] genl_rcv+0x28/0x40 [ 552.393201][T13299] netlink_unicast+0x53a/0x7f0 [ 552.393238][T13299] ? __pfx_netlink_unicast+0x10/0x10 [ 552.393284][T13299] netlink_sendmsg+0x8d1/0xdd0 [ 552.393325][T13299] ? __pfx_netlink_sendmsg+0x10/0x10 [ 552.393376][T13299] ____sys_sendmsg+0xa98/0xc70 [ 552.393413][T13299] ? copy_msghdr_from_user+0x10a/0x160 [ 552.393459][T13299] ? __pfx_____sys_sendmsg+0x10/0x10 [ 552.393505][T13299] ? __pfx_futex_wake_mark+0x10/0x10 [ 552.393557][T13299] ___sys_sendmsg+0x134/0x1d0 [ 552.393606][T13299] ? __pfx____sys_sendmsg+0x10/0x10 [ 552.393648][T13299] ? __lock_acquire+0x622/0x1c90 [ 552.393745][T13299] __sys_sendmsg+0x16d/0x220 [ 552.393792][T13299] ? __pfx___sys_sendmsg+0x10/0x10 [ 552.393837][T13299] ? __x64_sys_futex+0x1e0/0x4c0 [ 552.393911][T13299] do_syscall_64+0xcd/0x490 [ 552.393962][T13299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.393993][T13299] RIP: 0033:0x7f7741f8e929 [ 552.394021][T13299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 552.394053][T13299] RSP: 002b:00007f7742d85038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 552.394085][T13299] RAX: ffffffffffffffda RBX: 00007f77421b5fa0 RCX: 00007f7741f8e929 [ 552.394107][T13299] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000006 [ 552.394125][T13299] RBP: 00007f7742010b39 R08: 0000000000000000 R09: 0000000000000000 [ 552.394143][T13299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 552.394161][T13299] R13: 0000000000000000 R14: 00007f77421b5fa0 R15: 00007ffc1c1fe858 [ 552.394203][T13299] [ 552.859988][T13302] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2386'. [ 554.111099][T13324] netlink: 50 bytes leftover after parsing attributes in process `syz.0.2392'. [ 554.361254][T13331] FAULT_INJECTION: forcing a failure. [ 554.361254][T13331] name failslab, interval 1, probability 0, space 0, times 0 [ 554.379128][T13331] CPU: 1 UID: 0 PID: 13331 Comm: syz.0.2396 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 554.379208][T13331] Tainted: [U]=USER [ 554.379219][T13331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 554.379238][T13331] Call Trace: [ 554.379249][T13331] [ 554.379261][T13331] dump_stack_lvl+0x16c/0x1f0 [ 554.379315][T13331] should_fail_ex+0x512/0x640 [ 554.379359][T13331] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 554.379404][T13331] should_failslab+0xc2/0x120 [ 554.379431][T13331] __kmalloc_cache_noprof+0x6a/0x3e0 [ 554.379471][T13331] ? kobject_uevent_env+0x265/0x1870 [ 554.379510][T13331] kobject_uevent_env+0x265/0x1870 [ 554.379544][T13331] ? __pfx_dev_uevent_name+0x10/0x10 [ 554.379590][T13331] ? kfree+0x2b4/0x4d0 [ 554.379627][T13331] ? kvm_uevent_notify_change.part.0+0x32d/0x450 [ 554.379671][T13331] kvm_uevent_notify_change.part.0+0x3ae/0x450 [ 554.379711][T13331] ? __pfx_kvm_vm_release+0x10/0x10 [ 554.379739][T13331] kvm_put_kvm+0xe4/0xb40 [ 554.379765][T13331] ? lockdep_hardirqs_on+0x7c/0x110 [ 554.379816][T13331] ? __pfx_kvm_vm_release+0x10/0x10 [ 554.379845][T13331] kvm_vm_release+0x3c/0x50 [ 554.379873][T13331] __fput+0x402/0xb70 [ 554.379912][T13331] task_work_run+0x150/0x240 [ 554.379964][T13331] ? __pfx_task_work_run+0x10/0x10 [ 554.380014][T13331] ? __pfx___do_sys_close_range+0x10/0x10 [ 554.380071][T13331] exit_to_user_mode_loop+0xeb/0x110 [ 554.380124][T13331] do_syscall_64+0x3f6/0x490 [ 554.380184][T13331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.380218][T13331] RIP: 0033:0x7f8df058e929 [ 554.380245][T13331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 554.380278][T13331] RSP: 002b:00007f8df1432038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 554.380310][T13331] RAX: 0000000000000000 RBX: 00007f8df07b5fa0 RCX: 00007f8df058e929 [ 554.380331][T13331] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 554.380350][T13331] RBP: 00007f8df0610b39 R08: 0000000000000000 R09: 0000000000000000 [ 554.380371][T13331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 554.380391][T13331] R13: 0000000000000000 R14: 00007f8df07b5fa0 R15: 00007fffa5fb12d8 [ 554.380432][T13331] [ 554.893139][T13343] FAULT_INJECTION: forcing a failure. [ 554.893139][T13343] name failslab, interval 1, probability 0, space 0, times 0 [ 554.911684][T13343] CPU: 0 UID: 0 PID: 13343 Comm: syz.0.2407 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 554.911720][T13343] Tainted: [U]=USER [ 554.911726][T13343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 554.911737][T13343] Call Trace: [ 554.911746][T13343] [ 554.911754][T13343] dump_stack_lvl+0x16c/0x1f0 [ 554.911786][T13343] should_fail_ex+0x512/0x640 [ 554.911814][T13343] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 554.911842][T13343] should_failslab+0xc2/0x120 [ 554.911860][T13343] __kmalloc_cache_noprof+0x6a/0x3e0 [ 554.911885][T13343] ? __percpu_counter_init_many+0x2c1/0x3b0 [ 554.911917][T13343] ? io_uring_alloc_task_context+0x469/0x650 [ 554.911941][T13343] io_uring_alloc_task_context+0x469/0x650 [ 554.911963][T13343] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 554.911983][T13343] ? alloc_file_pseudo+0x1b3/0x230 [ 554.912009][T13343] __io_uring_add_tctx_node+0x2dd/0x500 [ 554.912028][T13343] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 554.912049][T13343] ? __anon_inode_getfile+0x17c/0x280 [ 554.912078][T13343] io_uring_setup+0x1579/0x2080 [ 554.912105][T13343] ? __pfx_io_uring_setup+0x10/0x10 [ 554.912147][T13343] ? xfd_validate_state+0x61/0x180 [ 554.912173][T13343] ? __pfx_do_writev+0x10/0x10 [ 554.912202][T13343] __x64_sys_io_uring_setup+0xc2/0x170 [ 554.912228][T13343] do_syscall_64+0xcd/0x490 [ 554.912257][T13343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.912290][T13343] RIP: 0033:0x7f8df058e929 [ 554.912317][T13343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 554.912348][T13343] RSP: 002b:00007f8df1432038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 554.912378][T13343] RAX: ffffffffffffffda RBX: 00007f8df07b5fa0 RCX: 00007f8df058e929 [ 554.912399][T13343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000052 [ 554.912418][T13343] RBP: 00007f8df0610b39 R08: 0000000000000000 R09: 0000000000000000 [ 554.912437][T13343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 554.912454][T13343] R13: 0000000000000000 R14: 00007f8df07b5fa0 R15: 00007fffa5fb12d8 [ 554.912495][T13343] [ 556.161692][T13356] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2411'. [ 556.175411][T13356] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2411'. [ 556.409243][T13361] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2403'. [ 556.492469][ T5851] Bluetooth: hci1: unexpected event 0x3e length: 728 > 260 [ 556.492515][ T5851] Bluetooth: hci1: unexpected subevent 0x0c length: 727 > 5 [ 558.247064][T13409] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2422'. [ 558.279142][T13409] netlink: 274 bytes leftover after parsing attributes in process `syz.3.2422'. [ 558.668395][ T5851] Bluetooth: hci3: unexpected event 0x03 length: 17 > 11 [ 564.255610][T13518] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2445'. [ 564.264934][T13518] bond_slave_1: entered allmulticast mode [ 564.613318][T13528] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 566.617987][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 566.626973][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.210948][T13571] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2462'. [ 569.544444][T13620] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2479'. [ 571.055455][T13622] kexec: Could not allocate control_code_buffer [ 572.626712][T13667] HfR: entered promiscuous mode [ 572.646185][T13669] blktrace: Concurrent blktraces are not allowed on loop2 [ 572.666938][T13669] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2495'. [ 572.679547][T13669] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 572.687683][T13669] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 575.717121][T13723] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2505'. [ 575.744124][T13723] veth0_macvtap: entered allmulticast mode [ 576.078685][T13731] netlink: 226 bytes leftover after parsing attributes in process `syz.3.2509'. [ 576.119685][T13731] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2509'. [ 577.711018][T13765] netlink: 226 bytes leftover after parsing attributes in process `syz.0.2520'. [ 577.753360][T13765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2520'. [ 577.931964][T13775] Dead loop on virtual device ip6_vti0, fix it urgently! [ 577.943763][T13775] Dead loop on virtual device ip6_vti0, fix it urgently! [ 578.001964][T13775] Dead loop on virtual device ip6_vti0, fix it urgently! [ 578.011040][T13775] Dead loop on virtual device ip6_vti0, fix it urgently! [ 578.021583][T13775] Dead loop on virtual device ip6_vti0, fix it urgently! [ 578.053943][T13775] Dead loop on virtual device ip6_vti0, fix it urgently! [ 581.742674][T13847] netlink: 306 bytes leftover after parsing attributes in process `syz.0.2543'. [ 583.070219][T13864] FAULT_INJECTION: forcing a failure. [ 583.070219][T13864] name failslab, interval 1, probability 0, space 0, times 0 [ 583.135407][T13864] CPU: 1 UID: 0 PID: 13864 Comm: syz.0.2549 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 583.135450][T13864] Tainted: [U]=USER [ 583.135456][T13864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 583.135468][T13864] Call Trace: [ 583.135475][T13864] [ 583.135483][T13864] dump_stack_lvl+0x16c/0x1f0 [ 583.135528][T13864] should_fail_ex+0x512/0x640 [ 583.135568][T13864] ? __kmalloc_noprof+0xbf/0x510 [ 583.135616][T13864] ? kvm_io_bus_register_dev+0x1b9/0x7f0 [ 583.135648][T13864] should_failslab+0xc2/0x120 [ 583.135679][T13864] __kmalloc_noprof+0xd2/0x510 [ 583.135734][T13864] kvm_io_bus_register_dev+0x1b9/0x7f0 [ 583.135777][T13864] kvm_pic_init+0x1fd/0x380 [ 583.135808][T13864] kvm_arch_vm_ioctl+0x8fd/0x1cf0 [ 583.135831][T13864] ? __schedule+0x1181/0x5de0 [ 583.135856][T13864] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 583.135880][T13864] ? __lock_acquire+0x622/0x1c90 [ 583.135917][T13864] ? __lock_acquire+0x622/0x1c90 [ 583.135948][T13864] ? __lock_acquire+0x622/0x1c90 [ 583.135978][T13864] ? __lock_acquire+0x622/0x1c90 [ 583.136022][T13864] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 583.136046][T13864] ? is_bpf_text_address+0x94/0x1a0 [ 583.136072][T13864] ? kernel_text_address+0x8d/0x100 [ 583.136103][T13864] ? __kernel_text_address+0xd/0x40 [ 583.136120][T13864] ? unwind_get_return_address+0x59/0xa0 [ 583.136150][T13864] ? arch_stack_walk+0xa6/0x100 [ 583.136177][T13864] ? stack_trace_save+0x8e/0xc0 [ 583.136198][T13864] ? __pfx_stack_trace_save+0x10/0x10 [ 583.136219][T13864] ? stack_depot_save_flags+0x28/0xa40 [ 583.136248][T13864] ? __lock_acquire+0xb8a/0x1c90 [ 583.136276][T13864] ? kasan_save_stack+0x42/0x60 [ 583.136301][T13864] ? kasan_save_stack+0x33/0x60 [ 583.136327][T13864] ? kasan_save_track+0x14/0x30 [ 583.136352][T13864] ? kasan_save_free_info+0x3b/0x60 [ 583.136374][T13864] ? __kasan_slab_free+0x51/0x70 [ 583.136400][T13864] ? kfree+0x2b4/0x4d0 [ 583.136421][T13864] ? tomoyo_path_number_perm+0x470/0x580 [ 583.136443][T13864] ? security_file_ioctl+0x9b/0x240 [ 583.136464][T13864] ? __x64_sys_ioctl+0xb7/0x210 [ 583.136484][T13864] ? do_syscall_64+0xcd/0x490 [ 583.136514][T13864] kvm_vm_ioctl+0x19bb/0x3da0 [ 583.136553][T13864] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 583.136595][T13864] ? kasan_quarantine_put+0x10a/0x240 [ 583.136621][T13864] ? lockdep_hardirqs_on+0x7c/0x110 [ 583.136650][T13864] ? find_held_lock+0x2b/0x80 [ 583.136669][T13864] ? tomoyo_path_number_perm+0x295/0x580 [ 583.136695][T13864] ? tomoyo_path_number_perm+0x18d/0x580 [ 583.136719][T13864] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 583.136744][T13864] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 583.136774][T13864] ? do_vfs_ioctl+0x523/0x1a60 [ 583.136795][T13864] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 583.136833][T13864] ? find_held_lock+0x2b/0x80 [ 583.136852][T13864] ? hook_file_ioctl_common+0x145/0x410 [ 583.136877][T13864] ? __fget_files+0x20e/0x3c0 [ 583.136912][T13864] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 583.136943][T13864] __x64_sys_ioctl+0x18e/0x210 [ 583.136967][T13864] do_syscall_64+0xcd/0x490 [ 583.136996][T13864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.137015][T13864] RIP: 0033:0x7f8df058e929 [ 583.137032][T13864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.137050][T13864] RSP: 002b:00007f8df1432038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 583.137069][T13864] RAX: ffffffffffffffda RBX: 00007f8df07b5fa0 RCX: 00007f8df058e929 [ 583.137082][T13864] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 583.137093][T13864] RBP: 00007f8df0610b39 R08: 0000000000000000 R09: 0000000000000000 [ 583.137105][T13864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 583.137116][T13864] R13: 0000000000000000 R14: 00007f8df07b5fa0 R15: 00007fffa5fb12d8 [ 583.137140][T13864] [ 584.407195][T13888] netlink: 13 bytes leftover after parsing attributes in process `syz.2.2558'. [ 584.856334][T13879] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2555'. [ 585.288562][T13904] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2563'. [ 585.300608][T13904] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2563'. [ 585.642787][T13912] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2566'. [ 585.674254][T13912] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2566'. [ 585.763283][T13913] netlink: 290 bytes leftover after parsing attributes in process `syz.2.2566'. [ 586.164326][T13924] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2571'. [ 586.184275][T13924] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2571'. [ 586.256643][T13924] veth0_macvtap: left promiscuous mode [ 586.791659][T13940] FAULT_INJECTION: forcing a failure. [ 586.791659][T13940] name failslab, interval 1, probability 0, space 0, times 0 [ 586.896536][T13940] CPU: 1 UID: 0 PID: 13940 Comm: syz.1.2573 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 586.896591][T13940] Tainted: [U]=USER [ 586.896602][T13940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 586.896620][T13940] Call Trace: [ 586.896632][T13940] [ 586.896644][T13940] dump_stack_lvl+0x16c/0x1f0 [ 586.896702][T13940] should_fail_ex+0x512/0x640 [ 586.896744][T13940] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 586.896797][T13940] should_failslab+0xc2/0x120 [ 586.896829][T13940] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 586.896872][T13940] ? __proc_create+0xc3/0x8c0 [ 586.896918][T13940] ? __proc_create+0x2ce/0x8c0 [ 586.896973][T13940] __proc_create+0x2ce/0x8c0 [ 586.897024][T13940] ? __pfx___proc_create+0x10/0x10 [ 586.897068][T13940] ? _raw_write_unlock+0x28/0x50 [ 586.897124][T13940] ? proc_register+0x314/0x5f0 [ 586.897187][T13940] _proc_mkdir+0xb9/0x200 [ 586.897216][T13940] ? __pfx__proc_mkdir+0x10/0x10 [ 586.897243][T13940] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 586.897300][T13940] ? __pfx_netfilter_net_init+0x10/0x10 [ 586.897348][T13940] netfilter_net_init+0x37b/0x4b0 [ 586.897392][T13940] ? sysctl_net_init+0x27/0x30 [ 586.897439][T13940] ops_init+0x1df/0x5f0 [ 586.897493][T13940] setup_net+0x1ff/0x510 [ 586.897538][T13940] ? lockdep_init_map_type+0x5c/0x280 [ 586.897583][T13940] ? __pfx_setup_net+0x10/0x10 [ 586.897634][T13940] ? debug_mutex_init+0x37/0x70 [ 586.897672][T13940] copy_net_ns+0x2a6/0x5f0 [ 586.897708][T13940] create_new_namespaces+0x3ea/0xa90 [ 586.897755][T13940] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 586.897795][T13940] ksys_unshare+0x45b/0xa40 [ 586.897839][T13940] ? __pfx_ksys_unshare+0x10/0x10 [ 586.897955][T13940] ? xfd_validate_state+0x61/0x180 [ 586.898017][T13940] __x64_sys_unshare+0x31/0x40 [ 586.898061][T13940] do_syscall_64+0xcd/0x490 [ 586.898132][T13940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.898165][T13940] RIP: 0033:0x7f7741f8e929 [ 586.898194][T13940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 586.898226][T13940] RSP: 002b:00007f7742d85038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 586.898257][T13940] RAX: ffffffffffffffda RBX: 00007f77421b5fa0 RCX: 00007f7741f8e929 [ 586.898279][T13940] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 586.898298][T13940] RBP: 00007f7742010b39 R08: 0000000000000000 R09: 0000000000000000 [ 586.898317][T13940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 586.898335][T13940] R13: 0000000000000000 R14: 00007f77421b5fa0 R15: 00007ffc1c1fe858 [ 586.898377][T13940] [ 586.898532][T13940] cannot create netfilter proc entry [ 588.900038][T13981] FAULT_INJECTION: forcing a failure. [ 588.900038][T13981] name failslab, interval 1, probability 0, space 0, times 0 [ 588.975425][T13981] CPU: 1 UID: 0 PID: 13981 Comm: syz.0.2583 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 588.975485][T13981] Tainted: [U]=USER [ 588.975496][T13981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 588.975516][T13981] Call Trace: [ 588.975527][T13981] [ 588.975540][T13981] dump_stack_lvl+0x16c/0x1f0 [ 588.975592][T13981] should_fail_ex+0x512/0x640 [ 588.975638][T13981] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 588.975690][T13981] should_failslab+0xc2/0x120 [ 588.975720][T13981] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 588.975768][T13981] ? __kernfs_new_node+0xd2/0x8e0 [ 588.975814][T13981] __kernfs_new_node+0xd2/0x8e0 [ 588.975863][T13981] ? __pfx___kernfs_new_node+0x10/0x10 [ 588.975919][T13981] ? find_held_lock+0x2b/0x80 [ 588.975953][T13981] ? kernfs_root+0xee/0x2a0 [ 588.976005][T13981] kernfs_new_node+0x13c/0x1e0 [ 588.976071][T13981] __kernfs_create_file+0x53/0x350 [ 588.976112][T13981] sysfs_add_file_mode_ns+0x207/0x3c0 [ 588.976165][T13981] internal_create_group+0x578/0xf30 [ 588.976222][T13981] ? __pfx_internal_create_group+0x10/0x10 [ 588.976275][T13981] ? kernfs_create_link+0x1bd/0x240 [ 588.976319][T13981] internal_create_groups+0x9d/0x150 [ 588.976369][T13981] device_add+0x6d1/0x1a70 [ 588.976411][T13981] ? __pfx_device_add+0x10/0x10 [ 588.976443][T13981] ? lockdep_init_map_type+0x5c/0x280 [ 588.976485][T13981] ? __init_waitqueue_head+0xca/0x150 [ 588.976524][T13981] netdev_register_kobject+0x182/0x3a0 [ 588.976561][T13981] register_netdevice+0x13dc/0x2270 [ 588.976599][T13981] ? __pfx_register_netdevice+0x10/0x10 [ 588.976641][T13981] __ip_tunnel_create+0x540/0x6e0 [ 588.976678][T13981] ? __pfx___ip_tunnel_create+0x10/0x10 [ 588.976726][T13981] ip_tunnel_init_net+0x22f/0x7d0 [ 588.976766][T13981] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 588.976810][T13981] ? trace_kmalloc+0x2b/0xd0 [ 588.976840][T13981] ? __kmalloc_noprof+0x242/0x510 [ 588.976884][T13981] ? lockdep_init_map_type+0x5c/0x280 [ 588.976933][T13981] ? __pfx_ipgre_tap_init_net+0x10/0x10 [ 588.976983][T13981] ops_init+0x1df/0x5f0 [ 588.977035][T13981] setup_net+0x1ff/0x510 [ 588.977091][T13981] ? lockdep_init_map_type+0x5c/0x280 [ 588.977135][T13981] ? __pfx_setup_net+0x10/0x10 [ 588.977189][T13981] ? debug_mutex_init+0x37/0x70 [ 588.977227][T13981] copy_net_ns+0x2a6/0x5f0 [ 588.977264][T13981] create_new_namespaces+0x3ea/0xa90 [ 588.977311][T13981] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 588.977352][T13981] ksys_unshare+0x45b/0xa40 [ 588.977396][T13981] ? __pfx_ksys_unshare+0x10/0x10 [ 588.977440][T13981] ? xfd_validate_state+0x61/0x180 [ 588.977496][T13981] __x64_sys_unshare+0x31/0x40 [ 588.977538][T13981] do_syscall_64+0xcd/0x490 [ 588.977587][T13981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 588.977618][T13981] RIP: 0033:0x7f8df058e929 [ 588.977644][T13981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 588.977673][T13981] RSP: 002b:00007f8df1432038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 588.977701][T13981] RAX: ffffffffffffffda RBX: 00007f8df07b5fa0 RCX: 00007f8df058e929 [ 588.977720][T13981] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 588.977738][T13981] RBP: 00007f8df0610b39 R08: 0000000000000000 R09: 0000000000000000 [ 588.977755][T13981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 588.977771][T13981] R13: 0000000000000000 R14: 00007f8df07b5fa0 R15: 00007fffa5fb12d8 [ 588.977809][T13981] [ 589.773978][ T30] audit: type=1804 audit(1752154547.141:27): pid=13990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2586" name="file0" dev="tmpfs" ino=3438 res=1 errno=0 [ 591.625616][T14018] __nla_validate_parse: 1 callbacks suppressed [ 591.625645][T14018] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2594'. [ 592.251748][T14040] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2599'. [ 592.271188][T14040] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2599'. [ 592.343304][T14043] netlink: 504 bytes leftover after parsing attributes in process `syz.0.2600'. [ 592.364591][T14043] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2600'. [ 592.456558][T14045] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2601'. [ 593.492653][T14069] netlink: 246 bytes leftover after parsing attributes in process `syz.0.2609'. [ 593.863520][T14078] : Can't lookup blockdev [ 593.876094][T14078] FAULT_INJECTION: forcing a failure. [ 593.876094][T14078] name failslab, interval 1, probability 0, space 0, times 0 [ 593.909811][T14078] CPU: 0 UID: 0 PID: 14078 Comm: syz.1.2613 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 593.909866][T14078] Tainted: [U]=USER [ 593.909877][T14078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 593.909896][T14078] Call Trace: [ 593.909907][T14078] [ 593.909920][T14078] dump_stack_lvl+0x16c/0x1f0 [ 593.909969][T14078] should_fail_ex+0x512/0x640 [ 593.910012][T14078] ? __kvmalloc_node_noprof+0x124/0x620 [ 593.910069][T14078] should_failslab+0xc2/0x120 [ 593.910100][T14078] __kvmalloc_node_noprof+0x137/0x620 [ 593.910138][T14078] ? rcu_is_watching+0x12/0xc0 [ 593.910174][T14078] ? kfree+0x24f/0x4d0 [ 593.910207][T14078] ? snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 593.910252][T14078] ? snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 593.910285][T14078] snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 593.910329][T14078] snd_pcm_plug_alloc+0x146/0x330 [ 593.910368][T14078] snd_pcm_oss_change_params_locked+0x19b8/0x3a30 [ 593.910424][T14078] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 593.910489][T14078] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 593.910532][T14078] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 593.910568][T14078] ? hook_file_ioctl_common+0x145/0x410 [ 593.910604][T14078] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 593.910643][T14078] ? __fget_files+0x20e/0x3c0 [ 593.910691][T14078] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 593.910728][T14078] __x64_sys_ioctl+0x18e/0x210 [ 593.910769][T14078] do_syscall_64+0xcd/0x490 [ 593.910816][T14078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.910847][T14078] RIP: 0033:0x7f7741f8e929 [ 593.910873][T14078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 593.910904][T14078] RSP: 002b:00007f7742d85038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 593.910935][T14078] RAX: ffffffffffffffda RBX: 00007f77421b5fa0 RCX: 00007f7741f8e929 [ 593.910956][T14078] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000006 [ 593.910975][T14078] RBP: 00007f7742010b39 R08: 0000000000000000 R09: 0000000000000000 [ 593.910994][T14078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 593.911013][T14078] R13: 0000000000000000 R14: 00007f77421b5fa0 R15: 00007ffc1c1fe858 [ 593.911062][T14078] [ 594.452121][T14065] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2607'. [ 594.549546][T14088] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2616'. [ 594.562724][T14088] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2616'. [ 595.798291][T14115] [U]  [ 595.801198][T14115] [U] [ 595.803957][T14115] [U] [ 595.806716][T14115] [U] [ 595.871368][T14118] [U] [ 596.804968][T14135] netlink: 'syz.2.2631': attribute type 1 has an invalid length. [ 596.834863][T14135] netlink: 150 bytes leftover after parsing attributes in process `syz.2.2631'. [ 596.854764][T14135] netlink: 'syz.2.2631': attribute type 1 has an invalid length. [ 596.878844][T14135] netlink: 54 bytes leftover after parsing attributes in process `syz.2.2631'. [ 596.937851][T14134] FAULT_INJECTION: forcing a failure. [ 596.937851][T14134] name failslab, interval 1, probability 0, space 0, times 0 [ 596.980389][T14134] CPU: 0 UID: 0 PID: 14134 Comm: syz.0.2630 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 596.980448][T14134] Tainted: [U]=USER [ 596.980460][T14134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 596.980480][T14134] Call Trace: [ 596.980492][T14134] [ 596.980506][T14134] dump_stack_lvl+0x16c/0x1f0 [ 596.980558][T14134] should_fail_ex+0x512/0x640 [ 596.980603][T14134] ? __kmalloc_noprof+0xbf/0x510 [ 596.980652][T14134] ? __register_sysctl_table+0xb3/0x1900 [ 596.980700][T14134] should_failslab+0xc2/0x120 [ 596.980732][T14134] __kmalloc_noprof+0xd2/0x510 [ 596.980798][T14134] __register_sysctl_table+0xb3/0x1900 [ 596.980850][T14134] ? is_module_address+0x5f/0xf0 [ 596.980902][T14134] ? __pfx___register_sysctl_table+0x10/0x10 [ 596.980953][T14134] ? is_module_address+0x69/0xf0 [ 596.980997][T14134] ? register_net_sysctl_sz+0x228/0x3e0 [ 596.981039][T14134] brnf_init_net+0x289/0x450 [ 596.981092][T14134] ? __pfx_brnf_init_net+0x10/0x10 [ 596.981139][T14134] ops_init+0x1df/0x5f0 [ 596.981193][T14134] setup_net+0x1ff/0x510 [ 596.981240][T14134] ? lockdep_init_map_type+0x5c/0x280 [ 596.981285][T14134] ? __pfx_setup_net+0x10/0x10 [ 596.981337][T14134] ? debug_mutex_init+0x37/0x70 [ 596.981375][T14134] copy_net_ns+0x2a6/0x5f0 [ 596.981410][T14134] create_new_namespaces+0x3ea/0xa90 [ 596.981458][T14134] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 596.981500][T14134] ksys_unshare+0x45b/0xa40 [ 596.981545][T14134] ? __pfx_ksys_unshare+0x10/0x10 [ 596.981590][T14134] ? xfd_validate_state+0x61/0x180 [ 596.981648][T14134] __x64_sys_unshare+0x31/0x40 [ 596.981691][T14134] do_syscall_64+0xcd/0x490 [ 596.981743][T14134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.981803][T14134] RIP: 0033:0x7f8df058e929 [ 596.981831][T14134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.981864][T14134] RSP: 002b:00007f8df1432038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 596.981898][T14134] RAX: ffffffffffffffda RBX: 00007f8df07b5fa0 RCX: 00007f8df058e929 [ 596.981920][T14134] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 596.981940][T14134] RBP: 00007f8df0610b39 R08: 0000000000000000 R09: 0000000000000000 [ 596.981960][T14134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 596.981979][T14134] R13: 0000000000000000 R14: 00007f8df07b5fa0 R15: 00007fffa5fb12d8 [ 596.982021][T14134] [ 598.424072][T14151] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2635'. [ 598.938556][T14157] netlink: 86 bytes leftover after parsing attributes in process `syz.0.2639'. [ 600.632678][T14185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2647'. [ 600.683831][T14185] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2647'. [ 602.306774][T14210] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2654'. [ 602.335613][T14210] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2654'. [ 602.836642][T14218] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2657'. [ 603.599314][T14234] netlink: 'syz.3.2662': attribute type 1 has an invalid length. [ 603.607141][T14234] netlink: 150 bytes leftover after parsing attributes in process `syz.3.2662'. [ 603.681538][T14237] netlink: 'syz.3.2662': attribute type 1 has an invalid length. [ 603.690787][T14237] netlink: 54 bytes leftover after parsing attributes in process `syz.3.2662'. [ 604.528942][T14252] netlink: 246 bytes leftover after parsing attributes in process `syz.2.2668'. [ 606.282601][T14282] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2676'. [ 606.432797][T14281] mkiss: ax0: crc mode is auto. [ 606.777852][T14298] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2679'. [ 606.977100][T14302] ======================================================= [ 606.977100][T14302] WARNING: The mand mount option has been deprecated and [ 606.977100][T14302] and is ignored by this kernel. Remove the mand [ 606.977100][T14302] option from the mount to silence this warning. [ 606.977100][T14302] ======================================================= [ 607.418588][ T5851] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 607.418635][ T5851] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 607.436725][ T5851] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 607.436765][ T5851] Bluetooth: hci3: adv larger than maximum supported [ 607.445117][ T5851] Bluetooth: hci3: adv larger than maximum supported [ 607.452808][ T5851] Bluetooth: hci3: Malformed LE Event: 0x0d [ 607.470594][T14311] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2689'. [ 607.517916][T14311] veth1_macvtap: left allmulticast mode [ 607.526661][T14311] veth1_macvtap: left promiscuous mode [ 607.534062][T14311] macsec0: entered promiscuous mode [ 608.418172][T14327] netlink: set zone limit has 8 unknown bytes [ 608.479175][ T1106] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.625047][ T1106] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.736531][ T1106] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.835093][ T5856] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 608.844820][ T5856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 608.853330][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 608.862901][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 608.872117][ T5856] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 608.969189][ T1106] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 609.625218][T14357] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 609.658878][T14357] FAULT_INJECTION: forcing a failure. [ 609.658878][T14357] name failslab, interval 1, probability 0, space 0, times 0 [ 609.807305][T14357] CPU: 0 UID: 0 PID: 14357 Comm: syz.1.2695 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 609.807365][T14357] Tainted: [U]=USER [ 609.807377][T14357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 609.807396][T14357] Call Trace: [ 609.807408][T14357] [ 609.807422][T14357] dump_stack_lvl+0x16c/0x1f0 [ 609.807474][T14357] should_fail_ex+0x512/0x640 [ 609.807520][T14357] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 609.807573][T14357] should_failslab+0xc2/0x120 [ 609.807604][T14357] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 609.807655][T14357] ? __d_alloc+0x31/0xaa0 [ 609.807710][T14357] __d_alloc+0x31/0xaa0 [ 609.807856][T14357] d_alloc+0x4a/0x1e0 [ 609.807909][T14357] d_alloc_parallel+0xe3/0x12e0 [ 609.807960][T14357] ? find_held_lock+0x2b/0x80 [ 609.807997][T14357] ? __pfx_d_alloc_parallel+0x10/0x10 [ 609.808040][T14357] ? __d_lookup+0x266/0x4a0 [ 609.808089][T14357] lookup_open.isra.0+0x665/0x1580 [ 609.808141][T14357] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 609.808205][T14357] ? __pfx_down_write+0x10/0x10 [ 609.808233][T14357] ? mnt_get_write_access+0x20c/0x300 [ 609.808275][T14357] path_openat+0x893/0x2cb0 [ 609.808342][T14357] ? __pfx_path_openat+0x10/0x10 [ 609.808391][T14357] ? __lock_acquire+0xb8a/0x1c90 [ 609.808440][T14357] do_filp_open+0x20b/0x470 [ 609.808488][T14357] ? __pfx_do_filp_open+0x10/0x10 [ 609.808568][T14357] ? alloc_fd+0x471/0x7d0 [ 609.808624][T14357] do_sys_openat2+0x11b/0x1d0 [ 609.808661][T14357] ? __pfx_do_sys_openat2+0x10/0x10 [ 609.808715][T14357] __x64_sys_openat+0x174/0x210 [ 609.808753][T14357] ? __pfx___x64_sys_openat+0x10/0x10 [ 609.808819][T14357] do_syscall_64+0xcd/0x490 [ 609.808871][T14357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.808904][T14357] RIP: 0033:0x7f7741f8e929 [ 609.808931][T14357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 609.808972][T14357] RSP: 002b:00007f7742d85038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 609.809003][T14357] RAX: ffffffffffffffda RBX: 00007f77421b5fa0 RCX: 00007f7741f8e929 [ 609.809025][T14357] RDX: 0000000000183841 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 609.809045][T14357] RBP: 00007f7742010b39 R08: 0000000000000000 R09: 0000000000000000 [ 609.809066][T14357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 609.809086][T14357] R13: 0000000000000000 R14: 00007f77421b5fa0 R15: 00007ffc1c1fe858 [ 609.809130][T14357] [ 610.463070][T14361] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2696'. [ 610.472912][T14361] netlink: 13 bytes leftover after parsing attributes in process `syz.1.2696'. [ 610.948423][ T5856] Bluetooth: hci0: command tx timeout [ 611.219080][ T1106] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 611.238380][ T1106] bond_slave_0: left allmulticast mode [ 611.255927][ T1106] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 611.276544][ T1106] bond_slave_1: left allmulticast mode [ 611.292980][ T1106] bond0 (unregistering): Released all slaves [ 611.543640][T14333] chnl_net:caif_netlink_parms(): no params data found [ 612.268304][T14333] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.292229][T14333] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.340446][T14333] bridge_slave_0: entered allmulticast mode [ 612.361362][T14399] cougar: G6 mapped to space [ 612.385318][T14333] bridge_slave_0: entered promiscuous mode [ 612.456598][T14333] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.464026][T14333] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.471344][T14333] bridge_slave_1: entered allmulticast mode [ 612.479623][T14333] bridge_slave_1: entered promiscuous mode [ 613.010614][ T5856] Bluetooth: hci0: command tx timeout [ 613.094025][T14333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 613.273008][T14333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 613.582290][T14333] team0: Port device team_slave_0 added [ 613.814047][T14333] team0: Port device team_slave_1 added [ 613.912985][ T1106] hsr_slave_0: left promiscuous mode [ 613.921031][ T1106] hsr_slave_1: left promiscuous mode [ 613.974777][ T1106] veth1_vlan: left promiscuous mode [ 613.998747][ T1106] veth0_vlan: left promiscuous mode [ 614.907557][T14333] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 614.941585][T14333] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 614.974427][T14333] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 615.039508][T14333] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 615.058990][T14333] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 615.093073][ T5856] Bluetooth: hci0: command tx timeout [ 615.121404][T14333] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 615.335345][T14333] hsr_slave_0: entered promiscuous mode [ 615.352375][T14333] hsr_slave_1: entered promiscuous mode [ 617.152064][ T5856] Bluetooth: hci0: command tx timeout [ 617.303002][T14456] HfR: entered promiscuous mode [ 617.868748][T14333] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 617.883328][T14333] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 617.915957][T14333] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 617.948835][T14333] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 618.476292][T14333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 618.523097][T14333] 8021q: adding VLAN 0 to HW filter on device team0 [ 618.568109][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.575319][ T5943] bridge0: port 1(bridge_slave_0) entered forwarding state [ 618.667147][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.674377][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 619.455011][T14333] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 619.605404][T14333] veth0_vlan: entered promiscuous mode [ 619.664458][T14333] veth1_vlan: entered promiscuous mode [ 619.939914][T14333] veth0_macvtap: entered promiscuous mode [ 619.972646][T14333] veth1_macvtap: entered promiscuous mode [ 620.086930][T14333] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 620.145912][T14333] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 620.187322][T14333] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.205083][T14333] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.222878][T14333] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.237250][T14333] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.581346][T14293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 620.589259][T14293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 620.847786][ T1106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 620.899593][ T1106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 622.141824][T14555] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2727'. [ 624.089814][ T5856] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 624.089865][ T5856] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 624.109506][ T5856] Bluetooth: hci3: Dropping invalid advertising data [ 624.116499][ T5856] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 624.116543][ T5856] Bluetooth: hci3: Dropping invalid advertising data [ 624.131113][ T5856] Bluetooth: hci3: Dropping invalid advertising data [ 624.138499][ T5856] Bluetooth: hci3: Malformed LE Event: 0x02 [ 626.612950][T14639] cougar: G6 mapped to space [ 627.745344][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 627.752054][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.597155][ T5856] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 628.597202][ T5856] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 628.612571][ T5856] Bluetooth: hci3: Dropping invalid advertising data [ 628.619837][ T5856] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 630.023970][T14680] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2759'. [ 630.057156][T14680] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2759'. [ 630.128562][T14683] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2759'. [ 630.832319][T14688] netlink: 'syz.2.2762': attribute type 5 has an invalid length. [ 630.840661][T14688] netlink: 'syz.2.2762': attribute type 1 has an invalid length. [ 630.849051][T14688] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2762'. [ 630.885691][T14688] netlink: 'syz.2.2762': attribute type 5 has an invalid length. [ 630.894160][T14688] netlink: 'syz.2.2762': attribute type 1 has an invalid length. [ 630.921045][T14688] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2762'. [ 631.392006][T14703] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2765'. [ 631.842793][T14707] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2765'. [ 632.977120][T14721] FAULT_INJECTION: forcing a failure. [ 632.977120][T14721] name failslab, interval 1, probability 0, space 0, times 0 [ 633.030103][T14721] CPU: 1 UID: 0 PID: 14721 Comm: syz.0.2770 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 633.030160][T14721] Tainted: [U]=USER [ 633.030171][T14721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 633.030190][T14721] Call Trace: [ 633.030202][T14721] [ 633.030215][T14721] dump_stack_lvl+0x16c/0x1f0 [ 633.030264][T14721] should_fail_ex+0x512/0x640 [ 633.030305][T14721] ? __kvmalloc_node_noprof+0x124/0x620 [ 633.030353][T14721] should_failslab+0xc2/0x120 [ 633.030381][T14721] __kvmalloc_node_noprof+0x137/0x620 [ 633.030423][T14721] ? do_setup+0x2bd/0x3a0 [ 633.030451][T14721] ? alloc_netdev_mqs+0xb5b/0x1570 [ 633.030506][T14721] ? alloc_netdev_mqs+0xb5b/0x1570 [ 633.030548][T14721] alloc_netdev_mqs+0xb5b/0x1570 [ 633.030597][T14721] ? ovs_vport_alloc+0x2a0/0x3d0 [ 633.030629][T14721] internal_dev_create+0x8a/0x520 [ 633.030661][T14721] ovs_vport_add+0x147/0x4d0 [ 633.030709][T14721] new_vport+0x16/0x1d0 [ 633.030761][T14721] ovs_dp_cmd_new+0x6ba/0xe60 [ 633.030813][T14721] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 633.030863][T14721] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 633.030901][T14721] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 633.030948][T14721] genl_family_rcv_msg_doit+0x209/0x2f0 [ 633.030986][T14721] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 633.031022][T14721] ? trace_cap_capable+0x18d/0x200 [ 633.031062][T14721] ? bpf_lsm_capable+0x9/0x10 [ 633.031097][T14721] ? security_capable+0x7e/0x260 [ 633.031128][T14721] ? ns_capable+0xd7/0x110 [ 633.031164][T14721] genl_rcv_msg+0x55c/0x800 [ 633.031203][T14721] ? __pfx_genl_rcv_msg+0x10/0x10 [ 633.031239][T14721] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 633.031293][T14721] netlink_rcv_skb+0x158/0x420 [ 633.031323][T14721] ? __pfx_genl_rcv_msg+0x10/0x10 [ 633.031360][T14721] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 633.031406][T14721] ? netlink_deliver_tap+0x1ae/0xd30 [ 633.031459][T14721] genl_rcv+0x28/0x40 [ 633.031488][T14721] netlink_unicast+0x53a/0x7f0 [ 633.031523][T14721] ? __pfx_netlink_unicast+0x10/0x10 [ 633.031567][T14721] netlink_sendmsg+0x8d1/0xdd0 [ 633.031608][T14721] ? __pfx_netlink_sendmsg+0x10/0x10 [ 633.031655][T14721] ____sys_sendmsg+0xa98/0xc70 [ 633.031690][T14721] ? copy_msghdr_from_user+0x10a/0x160 [ 633.031740][T14721] ? __pfx_____sys_sendmsg+0x10/0x10 [ 633.031783][T14721] ? try_to_wake_up+0xa2f/0x1680 [ 633.031821][T14721] ___sys_sendmsg+0x134/0x1d0 [ 633.031866][T14721] ? __pfx____sys_sendmsg+0x10/0x10 [ 633.031904][T14721] ? __lock_acquire+0x622/0x1c90 [ 633.031994][T14721] __sys_sendmsg+0x16d/0x220 [ 633.032037][T14721] ? __pfx___sys_sendmsg+0x10/0x10 [ 633.032076][T14721] ? __x64_sys_futex+0x1e0/0x4c0 [ 633.032138][T14721] do_syscall_64+0xcd/0x490 [ 633.032182][T14721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.032212][T14721] RIP: 0033:0x7f880f38e929 [ 633.032236][T14721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 633.032266][T14721] RSP: 002b:00007f881016b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 633.032297][T14721] RAX: ffffffffffffffda RBX: 00007f880f5b5fa0 RCX: 00007f880f38e929 [ 633.032319][T14721] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000006 [ 633.032338][T14721] RBP: 00007f880f410b39 R08: 0000000000000000 R09: 0000000000000000 [ 633.032357][T14721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 633.032377][T14721] R13: 0000000000000000 R14: 00007f880f5b5fa0 R15: 00007ffe53910c28 [ 633.032419][T14721] [ 634.469029][T14733] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2774'. [ 634.514788][T14733] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2774'. [ 638.298179][T14801] netlink: 252 bytes leftover after parsing attributes in process `syz.2.2790'. [ 638.362412][T14802] netlink: 252 bytes leftover after parsing attributes in process `syz.2.2790'. [ 639.007819][T14816] netlink: zone id is out of range [ 639.025601][T14816] netlink: del zone limit has 4 unknown bytes [ 639.149294][T14809] netlink: set zone limit has 8 unknown bytes [ 639.580368][T14827] FAULT_INJECTION: forcing a failure. [ 639.580368][T14827] name failslab, interval 1, probability 0, space 0, times 0 [ 639.602273][T14827] CPU: 1 UID: 0 PID: 14827 Comm: syz.0.2806 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 639.602325][T14827] Tainted: [U]=USER [ 639.602336][T14827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 639.602353][T14827] Call Trace: [ 639.602363][T14827] [ 639.602375][T14827] dump_stack_lvl+0x16c/0x1f0 [ 639.602422][T14827] should_fail_ex+0x512/0x640 [ 639.602462][T14827] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 639.602504][T14827] should_failslab+0xc2/0x120 [ 639.602532][T14827] __kmalloc_cache_noprof+0x6a/0x3e0 [ 639.602569][T14827] ? vsnprintf+0x318/0x1160 [ 639.602603][T14827] ? __alloc_workqueue+0xda2/0x1810 [ 639.602645][T14827] __alloc_workqueue+0xda2/0x1810 [ 639.602682][T14827] ? __pfx_vsnprintf+0x10/0x10 [ 639.602718][T14827] ? lockdep_hardirqs_on+0x7c/0x110 [ 639.602757][T14827] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 639.602799][T14827] alloc_workqueue+0xd2/0x200 [ 639.602835][T14827] ? __pfx_alloc_workqueue+0x10/0x10 [ 639.602881][T14827] ? __pfx___debug_object_init+0x10/0x10 [ 639.602928][T14827] nci_register_device+0x511/0xb80 [ 639.602978][T14827] ? __pfx_nci_register_device+0x10/0x10 [ 639.603021][T14827] ? lockdep_init_map_type+0x5c/0x280 [ 639.603067][T14827] virtual_ncidev_open+0x141/0x220 [ 639.603103][T14827] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 639.603136][T14827] misc_open+0x35d/0x420 [ 639.603172][T14827] ? __pfx_misc_open+0x10/0x10 [ 639.603205][T14827] chrdev_open+0x234/0x6a0 [ 639.603245][T14827] ? __pfx_apparmor_file_open+0x10/0x10 [ 639.603281][T14827] ? __pfx_chrdev_open+0x10/0x10 [ 639.603326][T14827] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 639.603371][T14827] do_dentry_open+0x741/0x1c10 [ 639.603412][T14827] ? __pfx_chrdev_open+0x10/0x10 [ 639.603461][T14827] vfs_open+0x82/0x3f0 [ 639.603496][T14827] path_openat+0x1de4/0x2cb0 [ 639.603549][T14827] ? __pfx_path_openat+0x10/0x10 [ 639.603591][T14827] ? __lock_acquire+0xb8a/0x1c90 [ 639.603634][T14827] do_filp_open+0x20b/0x470 [ 639.603675][T14827] ? __pfx_do_filp_open+0x10/0x10 [ 639.603744][T14827] ? alloc_fd+0x471/0x7d0 [ 639.603794][T14827] do_sys_openat2+0x11b/0x1d0 [ 639.603826][T14827] ? __pfx_do_sys_openat2+0x10/0x10 [ 639.603876][T14827] __x64_sys_openat+0x174/0x210 [ 639.603909][T14827] ? __pfx___x64_sys_openat+0x10/0x10 [ 639.603967][T14827] do_syscall_64+0xcd/0x490 [ 639.604014][T14827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.604044][T14827] RIP: 0033:0x7f880f38e929 [ 639.604069][T14827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.604098][T14827] RSP: 002b:00007f881016b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 639.604127][T14827] RAX: ffffffffffffffda RBX: 00007f880f5b5fa0 RCX: 00007f880f38e929 [ 639.604147][T14827] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 639.604166][T14827] RBP: 00007f880f410b39 R08: 0000000000000000 R09: 0000000000000000 [ 639.604184][T14827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 639.604202][T14827] R13: 0000000000000000 R14: 00007f880f5b5fa0 R15: 00007ffe53910c28 [ 639.604241][T14827] [ 640.282388][T14834] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2799'. [ 640.310838][T14834] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2799'. [ 640.322681][T14834] netlink: 134 bytes leftover after parsing attributes in process `syz.1.2799'. [ 640.402213][T14837] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2801'. [ 640.729848][T14837] team0: Port device team_slave_1 removed [ 641.690669][T14862] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 641.752956][T14862] netlink: 'syz.1.2809': attribute type 10 has an invalid length. [ 641.762905][T14862] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2809'. [ 642.090992][T14874] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2812'. [ 643.769004][T14891] kexec: Could not allocate control_code_buffer [ 644.397846][T14909] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2819'. [ 644.516760][T14911] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2822'. [ 644.554013][T14908] ima: policy update failed [ 644.596311][ T30] audit: type=1802 audit(1752154602.225:28): pid=14908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2822" res=0 errno=0 [ 647.181038][T14952] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2834'. [ 652.113770][T14997] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 652.642609][T15002] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2846'. [ 652.846996][T15002] ima: policy update failed [ 652.929515][ T30] audit: type=1802 audit(1752154610.619:29): pid=15002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2846" res=0 errno=0 [ 653.124103][T14998] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 653.663928][ T30] audit: type=1804 audit(1752154611.363:30): pid=15016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2851" name="file0" dev="tmpfs" ino=3873 res=1 errno=0 [ 654.156721][T15021] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 654.158783][T15024] zswap: compressor not available [ 654.522700][T15024] zswap: compressor not available [ 656.685276][T15053] FAULT_INJECTION: forcing a failure. [ 656.685276][T15053] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 656.753099][T15053] CPU: 0 UID: 0 PID: 15053 Comm: syz.1.2856 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 656.753155][T15053] Tainted: [U]=USER [ 656.753166][T15053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 656.753184][T15053] Call Trace: [ 656.753195][T15053] [ 656.753208][T15053] dump_stack_lvl+0x16c/0x1f0 [ 656.753257][T15053] should_fail_ex+0x512/0x640 [ 656.753309][T15053] should_fail_alloc_page+0xe7/0x130 [ 656.753343][T15053] prepare_alloc_pages+0x3c2/0x610 [ 656.753381][T15053] ? rcu_is_watching+0x12/0xc0 [ 656.753420][T15053] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 656.753470][T15053] ? __lock_acquire+0xb8a/0x1c90 [ 656.753529][T15053] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 656.753578][T15053] ? do_raw_spin_lock+0x12c/0x2b0 [ 656.753627][T15053] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 656.753686][T15053] ? find_held_lock+0x2b/0x80 [ 656.753733][T15053] ? __lock_acquire+0xb8a/0x1c90 [ 656.753775][T15053] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 656.753827][T15053] ? policy_nodemask+0xea/0x4e0 [ 656.753863][T15053] alloc_pages_mpol+0x1fb/0x550 [ 656.753894][T15053] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 656.753937][T15053] folio_alloc_mpol_noprof+0x36/0x2f0 [ 656.753977][T15053] shmem_alloc_folio+0x135/0x160 [ 656.754016][T15053] shmem_alloc_and_add_folio+0x499/0xc20 [ 656.754068][T15053] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 656.754119][T15053] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 656.754172][T15053] shmem_get_folio_gfp+0x67f/0x1600 [ 656.754227][T15053] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 656.754275][T15053] ? __lock_acquire+0x622/0x1c90 [ 656.754324][T15053] shmem_fault+0x1fe/0xa30 [ 656.754370][T15053] ? __pfx_shmem_fault+0x10/0x10 [ 656.754424][T15053] ? __lock_acquire+0xb8a/0x1c90 [ 656.754478][T15053] __do_fault+0x10d/0x490 [ 656.754526][T15053] ? __pfx_filemap_map_pages+0x10/0x10 [ 656.754572][T15053] __handle_mm_fault+0x374c/0x5490 [ 656.754627][T15053] ? __pfx___handle_mm_fault+0x10/0x10 [ 656.754680][T15053] ? __pte_offset_map_lock+0x174/0x310 [ 656.754711][T15053] ? find_held_lock+0x2b/0x80 [ 656.754739][T15053] ? find_held_lock+0x2b/0x80 [ 656.754783][T15053] ? follow_page_pte+0x3af/0x14c0 [ 656.754826][T15053] handle_mm_fault+0x589/0xd10 [ 656.754874][T15053] __get_user_pages+0x589/0x3b80 [ 656.754926][T15053] ? __pfx___get_user_pages+0x10/0x10 [ 656.754961][T15053] ? __pfx_down_read_killable+0x10/0x10 [ 656.754994][T15053] ? __lock_acquire+0xb8a/0x1c90 [ 656.755043][T15053] faultin_page_range+0x249/0x980 [ 656.755091][T15053] madvise_do_behavior+0x268/0x3f0 [ 656.755130][T15053] ? __pfx_madvise_do_behavior+0x10/0x10 [ 656.755189][T15053] do_madvise+0x161/0x230 [ 656.755223][T15053] ? __pfx_do_madvise+0x10/0x10 [ 656.755276][T15053] ? xfd_validate_state+0x61/0x180 [ 656.755317][T15053] ? __pfx_do_writev+0x10/0x10 [ 656.755366][T15053] __x64_sys_madvise+0xa9/0x110 [ 656.755399][T15053] ? lockdep_hardirqs_on+0x7c/0x110 [ 656.755442][T15053] do_syscall_64+0xcd/0x490 [ 656.755492][T15053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.755523][T15053] RIP: 0033:0x7f7741f8e929 [ 656.755549][T15053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 656.755580][T15053] RSP: 002b:00007f7742d85038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 656.755612][T15053] RAX: ffffffffffffffda RBX: 00007f77421b5fa0 RCX: 00007f7741f8e929 [ 656.755642][T15053] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 656.755661][T15053] RBP: 00007f7742010b39 R08: 0000000000000000 R09: 0000000000000000 [ 656.755681][T15053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 656.755700][T15053] R13: 0000000000000000 R14: 00007f77421b5fa0 R15: 00007ffc1c1fe858 [ 656.755741][T15053] [ 657.803468][T15066] [ 657.805844][T15066] ====================================================== [ 657.812899][T15066] WARNING: possible circular locking dependency detected [ 657.819933][T15066] 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 Tainted: G U [ 657.828885][T15066] ------------------------------------------------------ [ 657.835995][T15066] syz.0.2860/15066 is trying to acquire lock: [ 657.842163][T15066] ffff888012a1e558 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x4d0/0xcc0 [ 657.853685][T15066] [ 657.853685][T15066] but task is already holding lock: [ 657.861150][T15066] ffff88805a75de58 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x378/0x5f0 [ 657.870143][T15066] [ 657.870143][T15066] which lock already depends on the new lock. [ 657.870143][T15066] [ 657.880636][T15066] [ 657.880636][T15066] the existing dependency chain (in reverse order) is: [ 657.889756][T15066] [ 657.889756][T15066] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 657.897592][T15066] lock_sock_nested+0x41/0xf0 [ 657.902812][T15066] smc_listen_out+0x202/0x4a0 [ 657.908108][T15066] smc_listen_work+0x5a3/0x50e0 [ 657.913511][T15066] process_one_work+0x9cf/0x1b70 [ 657.919258][T15066] worker_thread+0x6c8/0xf10 [ 657.924393][T15066] kthread+0x3c2/0x780 [ 657.928999][T15066] ret_from_fork+0x5d7/0x6f0 [ 657.934324][T15066] ret_from_fork_asm+0x1a/0x30 [ 657.939620][T15066] [ 657.939620][T15066] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 657.949826][T15066] __lock_acquire+0x126f/0x1c90 [ 657.955225][T15066] lock_acquire+0x179/0x350 [ 657.960259][T15066] __flush_work+0x4e4/0xcc0 [ 657.965298][T15066] __cancel_work_sync+0x10c/0x130 [ 657.970850][T15066] smc_clcsock_release+0x5f/0xe0 [ 657.976385][T15066] __smc_release+0x5c2/0x880 [ 657.981513][T15066] smc_close_non_accepted+0xda/0x200 [ 657.987332][T15066] smc_close_active+0xc3c/0x1070 [ 657.992860][T15066] __smc_release+0x634/0x880 [ 657.998067][T15066] smc_release+0x1fc/0x5f0 [ 658.003026][T15066] __sock_release+0xb0/0x270 [ 658.008152][T15066] sock_close+0x1c/0x30 [ 658.012840][T15066] __fput+0x402/0xb70 [ 658.017368][T15066] task_work_run+0x150/0x240 [ 658.022503][T15066] exit_to_user_mode_loop+0xeb/0x110 [ 658.028430][T15066] do_syscall_64+0x3f6/0x490 [ 658.033556][T15066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.040072][T15066] [ 658.040072][T15066] other info that might help us debug this: [ 658.040072][T15066] [ 658.050314][T15066] Possible unsafe locking scenario: [ 658.050314][T15066] [ 658.057854][T15066] CPU0 CPU1 [ 658.063234][T15066] ---- ---- [ 658.068603][T15066] lock(sk_lock-AF_SMC/1); [ 658.073250][T15066] lock((work_completion)(&new_smc->smc_listen_work)); [ 658.082819][T15066] lock(sk_lock-AF_SMC/1); [ 658.089861][T15066] lock((work_completion)(&new_smc->smc_listen_work)); [ 658.096849][T15066] [ 658.096849][T15066] *** DEADLOCK *** [ 658.096849][T15066] [ 658.105341][T15066] 3 locks held by syz.0.2860/15066: [ 658.110538][T15066] #0: ffff88807590e208 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release+0x86/0x270 [ 658.121105][T15066] #1: ffff88805a75de58 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x378/0x5f0 [ 658.130526][T15066] #2: ffffffff8e5c4d00 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfb/0xcc0 [ 658.139763][T15066] [ 658.139763][T15066] stack backtrace: [ 658.145664][T15066] CPU: 0 UID: 0 PID: 15066 Comm: syz.0.2860 Tainted: G U 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 658.145693][T15066] Tainted: [U]=USER [ 658.145700][T15066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 658.145711][T15066] Call Trace: [ 658.145718][T15066] [ 658.145725][T15066] dump_stack_lvl+0x116/0x1f0 [ 658.145754][T15066] print_circular_bug+0x275/0x350 [ 658.145780][T15066] check_noncircular+0x14c/0x170 [ 658.145805][T15066] __lock_acquire+0x126f/0x1c90 [ 658.145833][T15066] lock_acquire+0x179/0x350 [ 658.145857][T15066] ? __flush_work+0x4d0/0xcc0 [ 658.145876][T15066] ? mark_held_locks+0x49/0x80 [ 658.145900][T15066] ? __flush_work+0x4d0/0xcc0 [ 658.145917][T15066] __flush_work+0x4e4/0xcc0 [ 658.145933][T15066] ? __flush_work+0x4d0/0xcc0 [ 658.145952][T15066] ? __pfx___flush_work+0x10/0x10 [ 658.145970][T15066] ? __pfx_wq_barrier_func+0x10/0x10 [ 658.145995][T15066] ? do_raw_spin_lock+0x12c/0x2b0 [ 658.146023][T15066] ? __pfx___might_resched+0x10/0x10 [ 658.146046][T15066] __cancel_work_sync+0x10c/0x130 [ 658.146065][T15066] smc_clcsock_release+0x5f/0xe0 [ 658.146089][T15066] __smc_release+0x5c2/0x880 [ 658.146111][T15066] ? __pfx_sock_def_readable+0x10/0x10 [ 658.146136][T15066] smc_close_non_accepted+0xda/0x200 [ 658.146159][T15066] smc_close_active+0xc3c/0x1070 [ 658.146184][T15066] __smc_release+0x634/0x880 [ 658.146205][T15066] smc_release+0x1fc/0x5f0 [ 658.146226][T15066] __sock_release+0xb0/0x270 [ 658.146254][T15066] ? __pfx_sock_close+0x10/0x10 [ 658.146281][T15066] sock_close+0x1c/0x30 [ 658.146308][T15066] __fput+0x402/0xb70 [ 658.146328][T15066] task_work_run+0x150/0x240 [ 658.146356][T15066] ? __pfx_task_work_run+0x10/0x10 [ 658.146384][T15066] ? __pfx___do_sys_close_range+0x10/0x10 [ 658.146413][T15066] exit_to_user_mode_loop+0xeb/0x110 [ 658.146442][T15066] do_syscall_64+0x3f6/0x490 [ 658.146471][T15066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.146490][T15066] RIP: 0033:0x7f880f38e929 [ 658.146505][T15066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 658.146523][T15066] RSP: 002b:00007ffe53910d88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 658.146541][T15066] RAX: 0000000000000000 RBX: 00000000000a11a6 RCX: 00007f880f38e929 [ 658.146553][T15066] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 658.146564][T15066] RBP: 00007f880f5b7ba0 R08: 0000000000000001 R09: 0000000f5391107f [ 658.146575][T15066] R10: 00007f880f200000 R11: 0000000000000246 R12: 00007f880f5b5fac [ 658.146586][T15066] R13: 00007f880f5b5fa0 R14: ffffffffffffffff R15: 00007ffe53910ea0 [ 658.146602][T15066] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 659.361214][ T1149] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.477900][ T1149] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.548677][ T1149] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.662720][ T1149] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.794001][ T1149] bridge_slave_1: left allmulticast mode [ 659.804396][ T1149] bridge_slave_1: left promiscuous mode [ 659.813553][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 659.822673][ T1149] bridge_slave_0: left allmulticast mode [ 659.829436][ T1149] bridge_slave_0: left promiscuous mode [ 659.835196][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 660.083156][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 660.093432][ T1149] bond0 (unregistering): (slave ): Releasing backup interface [ 660.103106][ T1149] bond0 (unregistering): Released all slaves [ 660.401066][ T1149] hsr_slave_0: left promiscuous mode [ 660.407245][ T1149] hsr_slave_1: left promiscuous mode [ 660.413073][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 660.420833][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 660.429707][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 660.437202][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 660.449453][ T1149] veth1_vlan: left promiscuous mode [ 660.454815][ T1149] veth0_vlan: left promiscuous mode [ 660.598873][ T1149] team0 (unregistering): Port device team_slave_1 removed [ 660.610720][ T1149] team0 (unregistering): Port device team_slave_0 removed [ 660.974354][ T1149] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.030950][ T1149] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.078577][ T1149] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.128536][ T1149] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.236334][ T1149] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.287424][ T1149] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.346920][ T1149] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.434742][ T1149] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.594824][ T1149] bridge_slave_1: left allmulticast mode [ 661.606582][ T1149] bridge_slave_1: left promiscuous mode [ 661.613659][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.622619][ T1149] bridge_slave_0: left allmulticast mode [ 661.629707][ T1149] bridge_slave_0: left promiscuous mode [ 661.635465][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.761427][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 661.773761][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 661.790442][ T1149] bond0 (unregistering): Released all slaves [ 661.892996][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 661.902988][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 661.912610][ T1149] bond0 (unregistering): Released all slaves [ 661.987796][ T1149] HfR: left promiscuous mode [ 662.046112][ T1149] HfR: left promiscuous mode [ 662.691575][ T1149] hsr_slave_1: left promiscuous mode [ 662.700395][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 662.708013][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 662.716994][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 662.724543][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 662.735392][ T1149] hsr_slave_0: left promiscuous mode [ 662.741228][ T1149] hsr_slave_1: left promiscuous mode [ 662.747189][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 662.754816][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 662.769687][ T1149] veth1_macvtap: left promiscuous mode [ 662.775965][ T1149] veth1_vlan: left promiscuous mode [ 662.781308][ T1149] veth0_vlan: left promiscuous mode [ 662.787633][ T1149] veth1_macvtap: left allmulticast mode [ 662.794077][ T1149] veth1_macvtap: left promiscuous mode [ 662.799632][ T1149] veth0_macvtap: left promiscuous mode [ 662.805360][ T1149] veth1_vlan: left promiscuous mode [ 662.810779][ T1149] veth0_vlan: left promiscuous mode [ 663.040354][ T1149] team0 (unregistering): Port device team_slave_1 removed [ 663.069450][ T1149] team0 (unregistering): Port device team_slave_0 removed