last executing test programs: 2m32.250700411s ago: executing program 3 (id=311): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto_MADV_GUARD_REMOVE(0x0, 0x2, 0x67) 2m31.842823899s ago: executing program 3 (id=316): r0 = socket(0x1d, 0x3, 0x1) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a) setsockopt$auto(r0, 0x65, 0x1, 0x0, 0x0) 2m31.570412898s ago: executing program 3 (id=320): memfd_create$auto(&(0x7f0000000000)='{-:+\xf6@[-,#.i+*\x00', 0x6) 2m31.369022953s ago: executing program 3 (id=324): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$auto_TCP_METRICS_CMD_DEL(0xffffffffffffffff, 0x0, 0x4002000) sendmsg$auto_TCP_METRICS_CMD_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x3c, r1, 0x101, 0x70bd27, 0x25dfdbfe, {}, [@TCP_METRICS_ATTR_ADDR_IPV6={0x14, 0x2, @local}, @TCP_METRICS_ATTR_SADDR_IPV6={0x14, 0xc, @mcast1}]}, 0x3c}}, 0x800) 2m31.240530951s ago: executing program 3 (id=327): tkill$auto(0x1, 0x7) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79) 2m30.603182095s ago: executing program 3 (id=338): unshare$auto(0x200) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r0, 0x0) setresuid$auto(0x2, 0x7, 0x8080) r1 = syz_clone(0x98280000, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0) fallocate$auto(r2, 0x1, 0xd, 0x20cbd5d) prlimit64$auto(r1, 0x3, 0x0, 0x0) 2m30.09076509s ago: executing program 32 (id=338): unshare$auto(0x200) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r0, 0x0) setresuid$auto(0x2, 0x7, 0x8080) r1 = syz_clone(0x98280000, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0) fallocate$auto(r2, 0x1, 0xd, 0x20cbd5d) prlimit64$auto(r1, 0x3, 0x0, 0x0) 1m51.295428992s ago: executing program 2 (id=841): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/security/tomoyo/profile\x00', 0x1, 0x0) write$auto_tomoyo_operations_securityfs_if(r0, &(0x7f0000001300), 0x0) 1m51.054752417s ago: executing program 2 (id=845): openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) close_range$auto(0x2, 0x8000, 0x0) 1m50.806718674s ago: executing program 2 (id=849): r0 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto_severities_coverage_fops_severity(r0, &(0x7f0000000240)=""/189, 0xbd) read$auto(r0, 0x0, 0x1) 1m50.681819178s ago: executing program 2 (id=852): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010026bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000080003003800000008", @ANYRES32=0x0], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) mq_notify$auto(r1, &(0x7f0000000100)={@sival_int=0xff, @raw=0x7, 0x5}) socket(0x10, 0x2, 0x0) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, 0x0, 0x800, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 1m50.472215408s ago: executing program 2 (id=855): tkill$auto(0x1, 0x7) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79) 1m50.058615826s ago: executing program 4 (id=861): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/scsi/scsi\x00', 0x400, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000000)=""/120, 0x78) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000100)=""/223, 0xdf) 1m49.945911509s ago: executing program 2 (id=864): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) r1 = socket(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendfile$auto(0x1, r0, 0x0, 0xef75) 1m49.945299426s ago: executing program 4 (id=865): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x801, 0x106) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) setsockopt$auto(r0, 0x6, 0x19, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfdf3) connect$auto(0x3, &(0x7f00000000c0), 0x55) read$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0xfdef) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m49.572246779s ago: executing program 33 (id=864): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) r1 = socket(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendfile$auto(0x1, r0, 0x0, 0xef75) 1m49.551812129s ago: executing program 4 (id=870): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xc004ae02, 0x88) ioctl$auto_KVM_CREATE_VM(r2, 0xc008ae88, 0x88) ioctl$auto_KVM_CREATE_VM(r0, 0x4140aecd, 0x0) 1m49.334113763s ago: executing program 4 (id=872): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010026bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000080003003800000008", @ANYRES32=0x0], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) mq_notify$auto(r1, &(0x7f0000000100)={@sival_int=0xff, @raw=0x7, 0x5}) socket(0x10, 0x2, 0x0) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, 0x0, 0x800, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m49.135470531s ago: executing program 4 (id=874): tkill$auto(0x1, 0x7) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79) 1m47.984234846s ago: executing program 4 (id=891): openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x14a402, 0x0) read$auto(0x3, 0x0, 0x1f40) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0xffffffffffff10ab, 0x6, 0x4, 0x15, 0xffffffffffffffff, 0xb) syz_clone3(&(0x7f0000000340)={0x8000, 0x0, 0x0, 0x0, {0x1d}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x58) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000080)='/dev/binderfs/binder1\x00', 0x103102, 0x0) 1m47.581547923s ago: executing program 34 (id=891): openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x14a402, 0x0) read$auto(0x3, 0x0, 0x1f40) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0xffffffffffff10ab, 0x6, 0x4, 0x15, 0xffffffffffffffff, 0xb) syz_clone3(&(0x7f0000000340)={0x8000, 0x0, 0x0, 0x0, {0x1d}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0], 0x1}, 0x58) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000080)='/dev/binderfs/binder1\x00', 0x103102, 0x0) 1m34.206666149s ago: executing program 5 (id=997): setsockopt$auto(0x400000000000003, 0x29, 0x1c, 0x0, 0x56b) 1m34.086764105s ago: executing program 5 (id=1000): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) r0 = socket(0x10, 0x2, 0x0) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000000000)="351ff6218163cce8505bf40fca856149f185354f86f6766b73aeb066b2a65290e689cb5a9cd45a63766508ae821ea42a555887244ce3a5676c4a8f62c1dadfd6efc8b8dd0eae0c03292f536b2b5042c9", 0x50) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="180027"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m33.769503499s ago: executing program 5 (id=1004): r0 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x10a) open_by_handle_at$auto(r0, &(0x7f0000000040)={0x7, 0x2, "06000000000000"}, 0x405459) 1m33.530353673s ago: executing program 5 (id=1007): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x121d02, 0x0) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x622340, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000002180), 0x100, 0x0) eventfd$auto(0x3) pipe$auto(0x0) socket(0xa, 0x2, 0x88) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, r0, 0x8000) ioctl$auto_TCFLSH2(r1, 0xc0384707, 0x0) 1m33.153444845s ago: executing program 5 (id=1013): mmap$auto(0x0, 0x8, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) tkill$auto(0x1, 0x7) 1m32.433521869s ago: executing program 5 (id=1023): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/security/tomoyo/profile\x00', 0x1, 0x0) write$auto_tomoyo_operations_securityfs_if(r0, &(0x7f0000001300)="25e259507fb9509d0ce72d7f3d9df70fb0b24a3e71c5a22312cb4b20c67d837c40bb00766f5a399d2963bb98c87d7c0d37dff2bfebd2b3fb76bbdd59caff3eea77aa81a52333cfe068b2e942ee187872b20cd153be81685a37bcc58b73712aa9a57eb98392c121766623125a8814dcb7dc4dfa345808da34b7505c28c0322152cc1f3c42b8c095891b24ee67cd8e33f1e0ec92d86df456c28ae68ba72ab680a5593d9ceef13c2c8eea382ddf3268079d5c64b49a7261de3978f7dcb61c6275a6552b0925d20ff921139c9ee6bee806df4a90ec8ca9779e639167eb7fec19e247ba0cca4da18c918992bddf5efdde517cce33174d08e6488052b2bf1a6b40c5611ef4af2bc59f6b6e9e49e22094d6d0e129dc8935f70ef3ced0f98e4f829191f6090c9741ecfe38be19cb2df0b4ab03b34f08b7fc906cd6197a9955ab6f5c117d72cf26efc16636ab09946555f7dc0f5bd81f7f7f6f8b260a89bd95c9900ee9f65bfda8a3daa9c337d2e5691708f251771b710b1facaaff72e680a9b695303c408b15c329551ef2b4c9ffaf52217b4286a48edca1911f6c127ba423dcc2150dbd64fd8d5efebeda5bda144626ba3184861d8f865138caef202779c665db08ed90e776ace1d7c6ed7a2c5ddc5baeeed981785f570a5d13e01fe99471b769c46a1c54ba6244139ed57e5b5776f85e8f60ce29ce87540f20009834fbdb52aaa94246c8b8bf2bdaf04c8162c9cfb38d9534d6474a9657170fc52d6c09daaf5f68273cc1ced6790f952e6ceaaf050597a1311618d41a503f97cb5417f5577486a5f0a81fbbf6d54e23a51b7ab87c75c86496fcb0ce18083d59b1b53cd385365ff966353d326fff39c02832f1b73dd367881d9aa9a63b1a687cccd5031e0530948b6f92321ce87b79e64828d5a2197133113d741f7ed4affb08196970a75879525f66b9312634ffd46000d5c464e711f43a87bfc936514bdf671911189fa0b998e4da2904d61318135a40554339d34e79b8c0c9dee1ab05e9b1faa5ca88869c8ecf41a6a0b4a110caf39dfb43d8fc3f469db64a09e693cf396a606065e6fea1aede34b90cc6bd79903baeead161da0ebbb1469faa7d52328db82ac4793f7feb16033b8902516f68661031d9c90bef9897654772cdae5a7ff1aef8bfd4d52ff11e7ae8eb23e222bcdcd0205d11f6535552d721bfdb3709febb96a3f7cd39d2e7b58dc5b5f060fadea7a8c74ffe1ff41a0c2fda9012c768660e2d8ef92c8006bf64f87e27a641e72719a13be6a0300eb9db973fbe9aea1878e84fffc3c22a4d88ce458fb043466d951631b323fdd5fc4f5661bb3ed8b0a5a48bfa6b89935a2e781fde31e3bd71d92bf5a29eebf781b7a8ace95cf69a10f5bfc313cc27d6ecef697fb5f84cdea10a0024dc66c4a47adba718d056e5357c55332f370518a066b4be54535a1a489744918e13c53b74ab0cb9d2326551499217f543805cd66397c7b517a8422d15575e2af87b335622559a2edaef84b4e9595bcd7c472f1a6d3ac2585d01829c2c2ff26e1dc72c53174acd8d817f4912baaa3732dcdc695559ed49fdfe951eea779b62e3ef071806c19ded607cea630dff87b811ed6dd63458d9ce5482346c9b5ee84178fc3c9a79a931859e61960e97fbc19126bfe4f552dcf8a5955fcb405e7a91bf679b8d6a797b3f9f15ec6441407f5b4fabefc7e6f0f7830c5c49bd97f87048b0df64b32d5d40d02d95003d78db89f88c41a8c278a109fcb24b341b7c8e13828b6fa50c3ba1caef5e237bbc2a18cab35105083d45d76bfdf42d077f8a870c697c2a932f0dc97c8778a9f9dc13235099e224f8a825dedb1465a59dad5b69285cab2b5084d69f0f37e6416ed771200fc05c48dbf220fddfa8f229fe1b9524698a6926c0194373f2697a08f6134c8b82c0fe2bd87e27923a16ec7c6bb53855d87723c86d8ac73ab733fc04af4534c967cacdf09b1acb914541880363b873655e6ef01f221f469f3f477265b9caa63949b8673226f4fc6e4ed823a4194a82327a1e7d6ef7e0420749304df76c808a1c9583907afe3f8538b34e2655a3b21932a17939f654b616e50fec9d188c234da9c0d8aebe0cf2ad5add478f928e7f641f1c7020a5e3e3a919d218b68de374da17792bfa73bfa5d0fecb17772c690b6d6d5e38496737bc6142ad684c4a8fc2bd6238b20e0725ffb8a024abff98872bbfd09529c5d8c796931c5f92bd128ffaa4f67a1e1c6f3e1cacac8cffa165f7662450c119c0802442b7c478ba500bf95401caa0bfbe985dc531e3daa728cf5c502e9422c7518d3f9eba9c3d47cfbfaed00782e8f06d6748ca612bd17fe913adf1734a20c6f4c66cce71eee7e06f63f3e76d5dbfba3b6c675239b3da01a0cf673b66d3683c2785f9524813b91c65a423625c3cdcb250594a61359bf5922e4c8d8b6a02b7f8667f82164546d5a0aea33f06bf19ba5a8b27642aeb6ebede40204cf9bfab910150aafaa66b568b63e6f1299d1760e0ad97df89d835851277ad155924d354a8389396012a1e4c3d6b2d6491aa4cecc9ade4382e1eac59c5b9c5960826bb2eabe89172bb535cf970524100d6ff0648c9216b6d9a40389d1911def22d0b89b779068dc27b7abe769cea231c22217eee04121fc9be691922c26ce7578a84dc0d341de951c76a8fae6b525022ab70747e2e05eb4935657c95b0a3ec6d6c0a3a2fde941bbdeb1e697062b8c057eb1f12820a7d0ed0b98ccc5096d90a6d7e880bd6e728e0fb85aac52c1d540a97e3b4c7e9936768ff0420e48229a598d15a5cb834b3007abee4129bedcef197dd91c154d2cc85e9029a4ea78b875ea4115cb36c1e87aa7aad47aaca2ab63044f9ebf3320964f934769ff615ba2eaf08ff3babcf927e5e1b8fbfcbe07fb55f6f1a96e44069d738b391d58662d29a64c1d016abdded6503a439ef4503bc4563d152ba55d07b0759a79e6568ad3a4000e4cf7f3a1e22b9e9c74e50435a0bb6cf9fc266072202e374794d674b798a8d14178c288f8edd274d7a578520acc68b0eb7771948e614bf42240e51800bb3596bebd74d6a4009a8f3ddb2e0c982dc286eb57b671100b54dfa035ad997caf570041db7be0f6fd39bcbfe32127051450be7e503c28053ac95a6c13ec1b68d9fd4452367e71149e9b1e4f4a89ebebc22c9f86447a261dea1242067c288453d6d6cb80444cf040b7598c04b55d10b3c8f6cf6c197f8c9102cd8c316e1ff805ea42c5700ab3551c69a458b7f2dc9e70acfd794532c6197e7ac44ceb766f0f567d511e4acfca601e6f8623eb835a71bcc3772480700d7d6c49847f02b0863dab4c19a85841e4b7901627d5804a145d1be399e26f10e6d969bffd051c9502786c86c8264e5f8e6395ccb3b770a7b778697b7f5bb78a837747b588b0b86a9753179728050a5bf9dd57691fd50b5df61ad797b059b6bc1d754b30a2b146077f319669bee0760e386f0c97abbdbbc7ed5970d66e093203fd83dfe74e6bb94bc9c2c9213b1f33e6f879e8d88c97ef788a95065f8f22467ced75b8f77ef9c2e2a0d1a536dc6b566d151dd91bc3540dd52e1f1b6a0252c0fef63e18616f3a69004e29e5bd3697664402004a0f854b8bf9c8bc4ad7bf836eee360fd3b5a02ae8b834eae6934756f66ad8819cb9bacbe8c9c788ce336c6a9c23dbefad3b27d4b4052834fa65496175a64b444f44b42c19e72b22e056af2de7f6f117d82655bb1cfa4985a8bede8a6252db93d", 0xa5e) 1m31.945801188s ago: executing program 35 (id=1023): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/security/tomoyo/profile\x00', 0x1, 0x0) write$auto_tomoyo_operations_securityfs_if(r0, &(0x7f0000001300)="25e259507fb9509d0ce72d7f3d9df70fb0b24a3e71c5a22312cb4b20c67d837c40bb00766f5a399d2963bb98c87d7c0d37dff2bfebd2b3fb76bbdd59caff3eea77aa81a52333cfe068b2e942ee187872b20cd153be81685a37bcc58b73712aa9a57eb98392c121766623125a8814dcb7dc4dfa345808da34b7505c28c0322152cc1f3c42b8c095891b24ee67cd8e33f1e0ec92d86df456c28ae68ba72ab680a5593d9ceef13c2c8eea382ddf3268079d5c64b49a7261de3978f7dcb61c6275a6552b0925d20ff921139c9ee6bee806df4a90ec8ca9779e639167eb7fec19e247ba0cca4da18c918992bddf5efdde517cce33174d08e6488052b2bf1a6b40c5611ef4af2bc59f6b6e9e49e22094d6d0e129dc8935f70ef3ced0f98e4f829191f6090c9741ecfe38be19cb2df0b4ab03b34f08b7fc906cd6197a9955ab6f5c117d72cf26efc16636ab09946555f7dc0f5bd81f7f7f6f8b260a89bd95c9900ee9f65bfda8a3daa9c337d2e5691708f251771b710b1facaaff72e680a9b695303c408b15c329551ef2b4c9ffaf52217b4286a48edca1911f6c127ba423dcc2150dbd64fd8d5efebeda5bda144626ba3184861d8f865138caef202779c665db08ed90e776ace1d7c6ed7a2c5ddc5baeeed981785f570a5d13e01fe99471b769c46a1c54ba6244139ed57e5b5776f85e8f60ce29ce87540f20009834fbdb52aaa94246c8b8bf2bdaf04c8162c9cfb38d9534d6474a9657170fc52d6c09daaf5f68273cc1ced6790f952e6ceaaf050597a1311618d41a503f97cb5417f5577486a5f0a81fbbf6d54e23a51b7ab87c75c86496fcb0ce18083d59b1b53cd385365ff966353d326fff39c02832f1b73dd367881d9aa9a63b1a687cccd5031e0530948b6f92321ce87b79e64828d5a2197133113d741f7ed4affb08196970a75879525f66b9312634ffd46000d5c464e711f43a87bfc936514bdf671911189fa0b998e4da2904d61318135a40554339d34e79b8c0c9dee1ab05e9b1faa5ca88869c8ecf41a6a0b4a110caf39dfb43d8fc3f469db64a09e693cf396a606065e6fea1aede34b90cc6bd79903baeead161da0ebbb1469faa7d52328db82ac4793f7feb16033b8902516f68661031d9c90bef9897654772cdae5a7ff1aef8bfd4d52ff11e7ae8eb23e222bcdcd0205d11f6535552d721bfdb3709febb96a3f7cd39d2e7b58dc5b5f060fadea7a8c74ffe1ff41a0c2fda9012c768660e2d8ef92c8006bf64f87e27a641e72719a13be6a0300eb9db973fbe9aea1878e84fffc3c22a4d88ce458fb043466d951631b323fdd5fc4f5661bb3ed8b0a5a48bfa6b89935a2e781fde31e3bd71d92bf5a29eebf781b7a8ace95cf69a10f5bfc313cc27d6ecef697fb5f84cdea10a0024dc66c4a47adba718d056e5357c55332f370518a066b4be54535a1a489744918e13c53b74ab0cb9d2326551499217f543805cd66397c7b517a8422d15575e2af87b335622559a2edaef84b4e9595bcd7c472f1a6d3ac2585d01829c2c2ff26e1dc72c53174acd8d817f4912baaa3732dcdc695559ed49fdfe951eea779b62e3ef071806c19ded607cea630dff87b811ed6dd63458d9ce5482346c9b5ee84178fc3c9a79a931859e61960e97fbc19126bfe4f552dcf8a5955fcb405e7a91bf679b8d6a797b3f9f15ec6441407f5b4fabefc7e6f0f7830c5c49bd97f87048b0df64b32d5d40d02d95003d78db89f88c41a8c278a109fcb24b341b7c8e13828b6fa50c3ba1caef5e237bbc2a18cab35105083d45d76bfdf42d077f8a870c697c2a932f0dc97c8778a9f9dc13235099e224f8a825dedb1465a59dad5b69285cab2b5084d69f0f37e6416ed771200fc05c48dbf220fddfa8f229fe1b9524698a6926c0194373f2697a08f6134c8b82c0fe2bd87e27923a16ec7c6bb53855d87723c86d8ac73ab733fc04af4534c967cacdf09b1acb914541880363b873655e6ef01f221f469f3f477265b9caa63949b8673226f4fc6e4ed823a4194a82327a1e7d6ef7e0420749304df76c808a1c9583907afe3f8538b34e2655a3b21932a17939f654b616e50fec9d188c234da9c0d8aebe0cf2ad5add478f928e7f641f1c7020a5e3e3a919d218b68de374da17792bfa73bfa5d0fecb17772c690b6d6d5e38496737bc6142ad684c4a8fc2bd6238b20e0725ffb8a024abff98872bbfd09529c5d8c796931c5f92bd128ffaa4f67a1e1c6f3e1cacac8cffa165f7662450c119c0802442b7c478ba500bf95401caa0bfbe985dc531e3daa728cf5c502e9422c7518d3f9eba9c3d47cfbfaed00782e8f06d6748ca612bd17fe913adf1734a20c6f4c66cce71eee7e06f63f3e76d5dbfba3b6c675239b3da01a0cf673b66d3683c2785f9524813b91c65a423625c3cdcb250594a61359bf5922e4c8d8b6a02b7f8667f82164546d5a0aea33f06bf19ba5a8b27642aeb6ebede40204cf9bfab910150aafaa66b568b63e6f1299d1760e0ad97df89d835851277ad155924d354a8389396012a1e4c3d6b2d6491aa4cecc9ade4382e1eac59c5b9c5960826bb2eabe89172bb535cf970524100d6ff0648c9216b6d9a40389d1911def22d0b89b779068dc27b7abe769cea231c22217eee04121fc9be691922c26ce7578a84dc0d341de951c76a8fae6b525022ab70747e2e05eb4935657c95b0a3ec6d6c0a3a2fde941bbdeb1e697062b8c057eb1f12820a7d0ed0b98ccc5096d90a6d7e880bd6e728e0fb85aac52c1d540a97e3b4c7e9936768ff0420e48229a598d15a5cb834b3007abee4129bedcef197dd91c154d2cc85e9029a4ea78b875ea4115cb36c1e87aa7aad47aaca2ab63044f9ebf3320964f934769ff615ba2eaf08ff3babcf927e5e1b8fbfcbe07fb55f6f1a96e44069d738b391d58662d29a64c1d016abdded6503a439ef4503bc4563d152ba55d07b0759a79e6568ad3a4000e4cf7f3a1e22b9e9c74e50435a0bb6cf9fc266072202e374794d674b798a8d14178c288f8edd274d7a578520acc68b0eb7771948e614bf42240e51800bb3596bebd74d6a4009a8f3ddb2e0c982dc286eb57b671100b54dfa035ad997caf570041db7be0f6fd39bcbfe32127051450be7e503c28053ac95a6c13ec1b68d9fd4452367e71149e9b1e4f4a89ebebc22c9f86447a261dea1242067c288453d6d6cb80444cf040b7598c04b55d10b3c8f6cf6c197f8c9102cd8c316e1ff805ea42c5700ab3551c69a458b7f2dc9e70acfd794532c6197e7ac44ceb766f0f567d511e4acfca601e6f8623eb835a71bcc3772480700d7d6c49847f02b0863dab4c19a85841e4b7901627d5804a145d1be399e26f10e6d969bffd051c9502786c86c8264e5f8e6395ccb3b770a7b778697b7f5bb78a837747b588b0b86a9753179728050a5bf9dd57691fd50b5df61ad797b059b6bc1d754b30a2b146077f319669bee0760e386f0c97abbdbbc7ed5970d66e093203fd83dfe74e6bb94bc9c2c9213b1f33e6f879e8d88c97ef788a95065f8f22467ced75b8f77ef9c2e2a0d1a536dc6b566d151dd91bc3540dd52e1f1b6a0252c0fef63e18616f3a69004e29e5bd3697664402004a0f854b8bf9c8bc4ad7bf836eee360fd3b5a02ae8b834eae6934756f66ad8819cb9bacbe8c9c788ce336c6a9c23dbefad3b27d4b4052834fa65496175a64b444f44b42c19e72b22e056af2de7f6f117d82655bb1cfa4985a8bede8a6252db93d", 0xa5e) 1m29.189108633s ago: executing program 0 (id=1052): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r0) sendmsg$auto_NET_SHAPER_CMD_GROUP(r0, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000200)={0x3c, r1, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x1}]}, @NET_SHAPER_A_LEAVES={0x8, 0xa, 0x0, 0x1, [@NET_SHAPER_A_HANDLE={0x4}]}, @NET_SHAPER_A_IFINDEX={0x8}, @NET_SHAPER_A_PARENT={0xc, 0x9, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x1}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44000}, 0x10) 1m28.934652306s ago: executing program 0 (id=1061): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3b) r0 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xaece, 0xffffffffffffffff) read$auto_severities_coverage_fops_severity(r0, &(0x7f0000000240)=""/189, 0xbd) read$auto(r0, 0x0, 0x1) 1m28.750753347s ago: executing program 0 (id=1056): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'ipvlan1\x00'}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0xa, 0xa) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) setsockopt$auto(0x3, 0x1, 0x29, 0x0, 0x28) sendmmsg$auto(r0, &(0x7f0000000300)={{&(0x7f0000000140), 0x12, &(0x7f0000000280)={0x0, 0x4e}, 0x7, 0x0, 0x3, 0x1}, 0x7}, 0x8, 0x7fff) 1m28.661665049s ago: executing program 0 (id=1058): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xc004ae02, 0x88) ioctl$auto_KVM_CREATE_VM(r2, 0xc008ae88, 0x88) ioctl$auto_KVM_CREATE_VM(r0, 0x4140aecd, 0x0) 1m28.485302092s ago: executing program 0 (id=1059): mmap$auto(0x0, 0x8, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) tkill$auto(0x1, 0x7) 1m27.841388076s ago: executing program 0 (id=1063): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GROUP(r0, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000200)={0x3c, 0x0, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x1}]}, @NET_SHAPER_A_LEAVES={0x8, 0xa, 0x0, 0x1, [@NET_SHAPER_A_HANDLE={0x4}]}, @NET_SHAPER_A_IFINDEX={0x8, 0x8, r1}, @NET_SHAPER_A_PARENT={0xc, 0x9, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x1}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44000}, 0x10) 1m27.430426375s ago: executing program 36 (id=1063): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GROUP(r0, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000200)={0x3c, 0x0, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x1}]}, @NET_SHAPER_A_LEAVES={0x8, 0xa, 0x0, 0x1, [@NET_SHAPER_A_HANDLE={0x4}]}, @NET_SHAPER_A_IFINDEX={0x8, 0x8, r1}, @NET_SHAPER_A_PARENT={0xc, 0x9, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x1}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44000}, 0x10) 7.131395004s ago: executing program 1 (id=2036): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000200), 0x0) 6.946728322s ago: executing program 1 (id=2039): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xc18, 0x8000) socket(0xa, 0x5, 0x84) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x4e21, @rand_addr=0xfffffffe}, 0x55) connect$auto(0x3, 0x0, 0x55) io_uring_setup$auto(0x2, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8) 5.99095612s ago: executing program 1 (id=2050): acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') acct$auto(&(0x7f0000000000)='./cgroup/cgroup.subtree_control\x00') 5.797853771s ago: executing program 1 (id=2054): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x3}, 0x7, 0x6, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00', @ANYRES16=0x0, @ANYBLOB="000336bd7000fedb"], 0x24}, 0x1, 0x0, 0x0, 0xc045}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00'], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5.602368249s ago: executing program 1 (id=2057): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) sendmsg$auto_ILA_CMD_ADD(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000080)={0x1c, r4, 0x201, 0x70bd28, 0x25dfdbff, {}, [@ILA_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8080}, 0x38) sendmsg$auto_ILA_CMD_ADD(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x14, r4, 0x1, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x48884}, 0x4) sendmsg$auto_ILA_CMD_FLUSH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x0) 5.403322606s ago: executing program 1 (id=2060): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002f40), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_GET(r0, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000001b00)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="ffff2b2c9e088fdbdf250b0000001800018014000200776731"], 0x2c}, 0x1, 0x0, 0x0, 0x20004800}, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000003b40)={0x0, 0x0, &(0x7f0000003b00)={&(0x7f0000000040)={0x14, 0x0, 0x1, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40080}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='Z'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) 2.473255963s ago: executing program 6 (id=2085): r0 = pidfd_open$auto(0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) setns(r0, 0x60020000) open_tree$auto(0xffffffffffffffff, 0x0, 0x1001) 2.116141292s ago: executing program 6 (id=2088): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060006000000000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500bbbbbbbbbbbb0000080003003800000008000200", @ANYRES32=0x0, @ANYBLOB="0800040002c9"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.85762048s ago: executing program 6 (id=2091): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) setresuid$auto(0x2, 0x7, 0x8080) fstat$auto(0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 1.624342888s ago: executing program 6 (id=2094): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@NFSD_A_SERVER_LEASETIME={0x8}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbdf250200000008000300000000001b0004"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) r0 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="8b0500000000fedbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) 1.409171416s ago: executing program 8 (id=2098): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 1.40067655s ago: executing program 6 (id=2099): socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 1.259976767s ago: executing program 7 (id=2100): r0 = socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) gettid() close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @loopback}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) setsockopt$auto(r0, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 1.241237837s ago: executing program 8 (id=2101): open(0x0, 0x149443, 0x0) mount$auto(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='ufs\x00', 0x9, 0x0) 1.127299205s ago: executing program 8 (id=2102): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/mtd/mtd0/ecc_strength\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x8000) 1.072236337s ago: executing program 8 (id=2103): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x5, 0x0) setxattr$auto(0x0, &(0x7f00000002c0)=')+S\xb6:\x00', &(0x7f0000000300), 0x8fa4, 0x2) 931.351313ms ago: executing program 8 (id=2104): r0 = socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/ram2/queue/fua\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) sysfs$auto(0x2, 0x2, 0x0) read$auto(0x3, 0x0, 0x7) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a) setsockopt$auto(r0, 0x1, 0x6, 0x0, 0xc089) sendmsg$auto_BATADV_CMD_TP_METER(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0xc045}, 0x4) 925.07438ms ago: executing program 7 (id=2105): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000380)='/dev/audio1\x00', 0x100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat$auto_fault_around_bytes_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x2282, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) socket$nl_generic(0x10, 0x3, 0x10) rt_sigprocmask$auto(0x2, 0x0, 0x0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/lockd/parameters/nlm_grace_period\x00', 0x8001, 0x0) write$auto(r0, 0x0, 0x2) 703.272837ms ago: executing program 7 (id=2106): open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322cf3) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x4, 0x8) 678.146057ms ago: executing program 7 (id=2107): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card1/pcm0c/oss\x00', 0x40c01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000800), 0x0) close_range$auto(0x2, 0x8, 0x0) 589.301448ms ago: executing program 7 (id=2108): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 486.880059ms ago: executing program 7 (id=2109): open(0x0, 0x149443, 0x0) mount$auto(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='ufs\x00', 0x9, 0x0) 462.014294ms ago: executing program 6 (id=2110): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/mtd/mtd0/ecc_strength\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x8000) 0s ago: executing program 8 (id=2111): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x424, 0x0, 0x4, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0xb1, 0x1, 0x0, 0x1, [@generic="f5c53c7461b64f8c60fb90f69a1d13d52d6da3527ec7b5be48e686e7364c12793198cdcb6a78253c3bdd7916ced602b5b19762a916baa53c0411bfbf1477407c42963b5791e719e91567d82c697af89370f6f7872979c6713c9b4265a481e529d40b485bc24dac0ed112ebaf8e0f59b20e48f9cffcaa0bed04dad70c00c2d584eb40a6d01a4f463f88d47ae307e73bfd4123c7765a43faedde7088214666ba0cf2c894acec", @typed={0x8, 0x5c, 0x0, 0x0, @fd=r0}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x401}, @IPVS_CMD_ATTR_DEST={0x31, 0x2, 0x0, 0x1, [@generic="d4be153da166c458b9b2308fa624c5a258dd8411eedd84f49c6823c6746b27b48103756607cfa938405425973d"]}, @IPVS_CMD_ATTR_DEST={0x31d, 0x2, 0x0, 0x1, [@nested={0x255, 0xf0, 0x0, 0x1, [@generic="0a6fa3351f19895db908dc2eb63c4ab8a3f76c1a8d12eaef22d89e198adf992ff39372eba766ac8dc8af7036a0f41600498d0961c80836d35a4de4a267fbb4d44033598f163c16ff0baac9443c3adbcb38a5556dcbd6caafa873beac597e3549117aa2826751a9df53cca518ed71a370295130dbe1517b0caf761c10c754595f50e459e3ded2e2509a94a275953b885d5f24cefe2b2ed1cfad1e43286d96c40efe294aff6012be455090c2faf06239d982ba445386f5739abc7022d737883f0357e320f0daf5ddc7096e9a8ceaaeaab5745c9aa0", @generic="ab130acd9cb6bf4d0ce133427a6e43162a1b639bc1fb6e7b65ce5bd14c82c187204c21c539d17cbcc6bb06b19d606a378438f3c9cd39f76cff70187741e3ec29010224b878432ba3d5b4da59a1ec5dc6ddec78a139893794651d130cec07474fe3082ddebd6b5b864fb7951c3399b28ec85e3c7e08498fff13f210d6e6b78674f60fa62c623bbe58300fe9b4acf3a338f73df7bcef64915ce13cfcfd7d36a9142c46d97af537c5e7947c45324ca8400ab5b5ba0d4020ffec28e7f931d7c3fe6c843c035b0e34da48c7832d23", @nested={0x4, 0x8a}, @typed={0xc, 0x5d, 0x0, 0x0, @u64=0x2}, @typed={0x4, 0x140}, @generic="c886f8015014a8ab5a22ddea1d75aedb9348910e10eca3bd95082ddfbc9f21fb2585f79df45e74b9e1b25875949dbc0d7257b3f5a706d39c7b34432a8cced13ad769aaffc4203344cf16db953793a509e64662a4bad731b5e5ed28db9b9470b95261f064c107b813e381e56ac859", @generic="c21660bd18bb039a0f4cc658604ff430329f7ecefb6ddd92cd71da84c8a119b185b41069ceb5fb980efc1f416e9526"]}, @generic="c98b3127f7383183a21650a4a703856fe2f2bc4f4b2c06b9a7a3f2a9d3a3f8738525e7d828751d3a9416c9cc4c229d3566697baa7a77878e23f5f6a3fd4e44b38975aec2221ddc650227ce5ed8a43e83d19f931e8de88cd8716b28bbac75ebbd7b5ffe03e3141b3adae4bac62d417d696f5f7f50e2cd688dc3d73832d58ffb9a1a1a1bbc4193bd63494c6c091c13f5bd57195f443dd6fd6297eff0495f52ab81fb451938764464be1d3db46e6755525d5973959e14c15b4531fe069b26f2bfc7d0"]}]}, 0x424}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x59e, 0x0, 0x0, 0x9}, 0x207}, 0x40, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) kernel console output (not intermixed with test programs): 0 [ 94.008945][ T6039] ? __pfx_genl_rcv_msg+0x10/0x10 [ 94.008977][ T6039] ? __pfx_nbd_genl_connect+0x10/0x10 [ 94.009019][ T6039] netlink_rcv_skb+0x158/0x420 [ 94.009049][ T6039] ? __pfx_genl_rcv_msg+0x10/0x10 [ 94.009084][ T6039] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 94.009130][ T6039] ? netlink_deliver_tap+0x1ae/0xd30 [ 94.009164][ T6039] genl_rcv+0x28/0x40 [ 94.009193][ T6039] netlink_unicast+0x58a/0x850 [ 94.009229][ T6039] ? __pfx_netlink_unicast+0x10/0x10 [ 94.009271][ T6039] netlink_sendmsg+0x8d1/0xdd0 [ 94.009308][ T6039] ? __pfx_netlink_sendmsg+0x10/0x10 [ 94.009354][ T6039] ____sys_sendmsg+0xa95/0xc70 [ 94.009389][ T6039] ? copy_msghdr_from_user+0x10a/0x160 [ 94.009423][ T6039] ? __pfx_____sys_sendmsg+0x10/0x10 [ 94.009467][ T6039] ? __pfx_futex_wake_mark+0x10/0x10 [ 94.009510][ T6039] ___sys_sendmsg+0x134/0x1d0 [ 94.009540][ T6039] ? __pfx____sys_sendmsg+0x10/0x10 [ 94.009564][ T6039] ? __lock_acquire+0x622/0x1c90 [ 94.009646][ T6039] __sys_sendmsg+0x16d/0x220 [ 94.009674][ T6039] ? __pfx___sys_sendmsg+0x10/0x10 [ 94.009700][ T6039] ? __x64_sys_futex+0x1e0/0x4c0 [ 94.009754][ T6039] do_syscall_64+0xcd/0x490 [ 94.009783][ T6039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.009809][ T6039] RIP: 0033:0x7ff45178e9a9 [ 94.009831][ T6039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.009854][ T6039] RSP: 002b:00007ff452619038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.009879][ T6039] RAX: ffffffffffffffda RBX: 00007ff4519b5fa0 RCX: 00007ff45178e9a9 [ 94.009896][ T6039] RDX: 0000000000008880 RSI: 0000200000001e00 RDI: 0000000000000006 [ 94.009912][ T6039] RBP: 00007ff451810d69 R08: 0000000000000000 R09: 0000000000000000 [ 94.009926][ T6039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.009939][ T6039] R13: 0000000000000000 R14: 00007ff4519b5fa0 R15: 00007ffcbe9e8238 [ 94.009972][ T6039] [ 94.010056][ T6039] block (null): Could not allocate knbd recv work queue. [ 94.099133][ T6046] netlink: 342 bytes leftover after parsing attributes in process `syz.1.43'. [ 94.148833][ T6039] nbd: failed to add new device [ 94.342916][ T6040] ima: policy update failed [ 94.456914][ T30] audit: type=1802 audit(1753719536.491:2): pid=6040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.43" res=0 errno=0 [ 94.712847][ T6061] netlink: 'syz.3.52': attribute type 4 has an invalid length. [ 94.733303][ T6061] netlink: 314 bytes leftover after parsing attributes in process `syz.3.52'. [ 94.743144][ T6063] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 94.772558][ T6061] netlink: 'syz.3.52': attribute type 4 has an invalid length. [ 94.780275][ T6061] netlink: 314 bytes leftover after parsing attributes in process `syz.3.52'. [ 95.238521][ T6084] netlink: 342 bytes leftover after parsing attributes in process `syz.1.60'. [ 95.252351][ T6076] ima: policy update failed [ 95.261220][ T30] audit: type=1802 audit(1753719537.301:3): pid=6076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.60" res=0 errno=0 [ 95.325242][ T6087] zero sized request [ 95.581673][ T6094] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 96.065377][ T6114] netlink: 342 bytes leftover after parsing attributes in process `syz.0.73'. [ 96.115306][ T6108] ima: policy update failed [ 96.144314][ T30] audit: type=1802 audit(1753719538.171:4): pid=6108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.73" res=0 errno=0 [ 96.345218][ T6123] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 98.287512][ T6204] netlink: 342 bytes leftover after parsing attributes in process `syz.2.115'. [ 98.297595][ T6198] ima: policy update failed [ 98.321365][ T30] audit: type=1802 audit(1753719540.351:5): pid=6198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.115" res=0 errno=0 [ 98.500340][ T6212] netlink: 330 bytes leftover after parsing attributes in process `syz.0.121'. [ 99.074476][ T6235] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.472264][ T6248] FAULT_INJECTION: forcing a failure. [ 99.472264][ T6248] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 99.511573][ T6248] CPU: 0 UID: 0 PID: 6248 Comm: syz.2.137 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 99.511611][ T6248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 99.511626][ T6248] Call Trace: [ 99.511634][ T6248] [ 99.511644][ T6248] dump_stack_lvl+0x16c/0x1f0 [ 99.511677][ T6248] should_fail_ex+0x512/0x640 [ 99.511709][ T6248] _copy_from_user+0x2e/0xd0 [ 99.511739][ T6248] copy_msghdr_from_user+0x98/0x160 [ 99.511787][ T6248] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 99.511823][ T6248] ? kfree+0x24f/0x4d0 [ 99.511877][ T6248] ___sys_sendmsg+0xfe/0x1d0 [ 99.511906][ T6248] ? __pfx____sys_sendmsg+0x10/0x10 [ 99.511967][ T6248] ? __pfx___might_resched+0x10/0x10 [ 99.512003][ T6248] __sys_sendmmsg+0x200/0x420 [ 99.512035][ T6248] ? __pfx___sys_sendmmsg+0x10/0x10 [ 99.512060][ T6248] ? ip4_datagram_connect+0x38/0x50 [ 99.512104][ T6248] ? __pfx_do_futex+0x10/0x10 [ 99.512133][ T6248] ? fput+0x70/0xf0 [ 99.512179][ T6248] ? xfd_validate_state+0x61/0x180 [ 99.512220][ T6248] __x64_sys_sendmmsg+0x9c/0x100 [ 99.512246][ T6248] ? lockdep_hardirqs_on+0x7c/0x110 [ 99.512270][ T6248] do_syscall_64+0xcd/0x490 [ 99.512299][ T6248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.512325][ T6248] RIP: 0033:0x7f4577d8e9a9 [ 99.512346][ T6248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.512370][ T6248] RSP: 002b:00007f4578b71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 99.512395][ T6248] RAX: ffffffffffffffda RBX: 00007f4577fb5fa0 RCX: 00007f4577d8e9a9 [ 99.512412][ T6248] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 99.512427][ T6248] RBP: 00007f4577e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 99.512441][ T6248] R10: 0000000000000a00 R11: 0000000000000246 R12: 0000000000000000 [ 99.512456][ T6248] R13: 0000000000000000 R14: 00007f4577fb5fa0 R15: 00007fff4908fb18 [ 99.512491][ T6248] [ 100.397771][ T6277] netlink: 342 bytes leftover after parsing attributes in process `syz.2.148'. [ 100.449519][ T6280] netlink: 342 bytes leftover after parsing attributes in process `syz.2.148'. [ 100.486106][ T6275] ima: policy update failed [ 100.490871][ T30] audit: type=1802 audit(1753719542.531:6): pid=6275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.148" res=0 errno=0 [ 100.582493][ T6284] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 102.138000][ T6339] FAULT_INJECTION: forcing a failure. [ 102.138000][ T6339] name failslab, interval 1, probability 0, space 0, times 0 [ 102.190708][ T6339] CPU: 0 UID: 0 PID: 6339 Comm: syz.0.175 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 102.190746][ T6339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 102.190763][ T6339] Call Trace: [ 102.190773][ T6339] [ 102.190785][ T6339] dump_stack_lvl+0x16c/0x1f0 [ 102.190820][ T6339] should_fail_ex+0x512/0x640 [ 102.190848][ T6339] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 102.190882][ T6339] should_failslab+0xc2/0x120 [ 102.190913][ T6339] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 102.190939][ T6339] ? find_held_lock+0x2b/0x80 [ 102.190966][ T6339] ? __alloc_skb+0x2b2/0x380 [ 102.190998][ T6339] __alloc_skb+0x2b2/0x380 [ 102.191024][ T6339] ? __pfx___alloc_skb+0x10/0x10 [ 102.191056][ T6339] ? __lock_acquire+0x622/0x1c90 [ 102.191094][ T6339] __ip_append_data+0x3128/0x4240 [ 102.191135][ T6339] ? __pfx_raw_getfrag+0x10/0x10 [ 102.191184][ T6339] ? ip_dst_mtu_maybe_forward.constprop.0+0x311/0x6e0 [ 102.191221][ T6339] ? __pfx___ip_append_data+0x10/0x10 [ 102.191257][ T6339] ip_append_data+0x10f/0x1a0 [ 102.191287][ T6339] ? __pfx_raw_getfrag+0x10/0x10 [ 102.191318][ T6339] raw_sendmsg+0xf01/0x3820 [ 102.191360][ T6339] ? page_table_check_set+0x5b0/0x750 [ 102.191387][ T6339] ? __pfx_raw_sendmsg+0x10/0x10 [ 102.191424][ T6339] ? __page_table_check_ptes_set+0x1ae/0x420 [ 102.191453][ T6339] ? find_held_lock+0x2b/0x80 [ 102.191477][ T6339] ? find_held_lock+0x2b/0x80 [ 102.191502][ T6339] ? do_wp_page+0x17ab/0x4f20 [ 102.191548][ T6339] ? __pfx___might_resched+0x10/0x10 [ 102.191576][ T6339] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 102.191616][ T6339] ? aa_sk_perm+0x2f4/0xb10 [ 102.191668][ T6339] ? __import_iovec+0x1dd/0x650 [ 102.191696][ T6339] ? __might_fault+0xe3/0x190 [ 102.191719][ T6339] ? __might_fault+0x13b/0x190 [ 102.191745][ T6339] ? __pfx_raw_sendmsg+0x10/0x10 [ 102.191785][ T6339] inet_sendmsg+0x11c/0x140 [ 102.191820][ T6339] ____sys_sendmsg+0x973/0xc70 [ 102.191855][ T6339] ? copy_msghdr_from_user+0x10a/0x160 [ 102.191879][ T6339] ? __pfx_____sys_sendmsg+0x10/0x10 [ 102.191916][ T6339] ? kfree+0x24f/0x4d0 [ 102.191958][ T6339] ___sys_sendmsg+0x134/0x1d0 [ 102.191988][ T6339] ? __pfx____sys_sendmsg+0x10/0x10 [ 102.192050][ T6339] ? __pfx___might_resched+0x10/0x10 [ 102.192086][ T6339] __sys_sendmmsg+0x200/0x420 [ 102.192119][ T6339] ? __pfx___sys_sendmmsg+0x10/0x10 [ 102.192143][ T6339] ? ip4_datagram_connect+0x38/0x50 [ 102.192283][ T6339] ? __pfx_do_futex+0x10/0x10 [ 102.192315][ T6339] ? fput+0x70/0xf0 [ 102.192361][ T6339] ? xfd_validate_state+0x61/0x180 [ 102.192402][ T6339] __x64_sys_sendmmsg+0x9c/0x100 [ 102.192430][ T6339] ? lockdep_hardirqs_on+0x7c/0x110 [ 102.192457][ T6339] do_syscall_64+0xcd/0x490 [ 102.192485][ T6339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.192511][ T6339] RIP: 0033:0x7f6cafb8e9a9 [ 102.192533][ T6339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.192559][ T6339] RSP: 002b:00007f6cb09fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 102.192598][ T6339] RAX: ffffffffffffffda RBX: 00007f6cafdb5fa0 RCX: 00007f6cafb8e9a9 [ 102.192616][ T6339] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 102.192632][ T6339] RBP: 00007f6cafc10d69 R08: 0000000000000000 R09: 0000000000000000 [ 102.192649][ T6339] R10: 0000000000000a00 R11: 0000000000000246 R12: 0000000000000000 [ 102.192665][ T6339] R13: 0000000000000000 R14: 00007f6cafdb5fa0 R15: 00007fff661caaf8 [ 102.192712][ T6339] [ 103.559821][ T6370] delete_channel: no stack [ 104.425349][ T6393] netlink: 342 bytes leftover after parsing attributes in process `syz.3.199'. [ 104.448328][ T6393] netlink: 342 bytes leftover after parsing attributes in process `syz.3.199'. [ 104.462010][ T6392] ima: policy update failed [ 104.466742][ T30] audit: type=1802 audit(1753719546.511:7): pid=6392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.199" res=0 errno=0 [ 105.462720][ T6421] netlink: 342 bytes leftover after parsing attributes in process `syz.1.212'. [ 105.505516][ T6421] netlink: 342 bytes leftover after parsing attributes in process `syz.1.212'. [ 105.562748][ T6417] ima: policy update failed [ 105.594718][ T30] audit: type=1802 audit(1753719547.641:8): pid=6417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.212" res=0 errno=0 [ 106.568943][ T5855] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 106.568985][ T5855] Bluetooth: hci1: unexpected subevent 0x0f length: 725 > 260 [ 107.626035][ T6483] netlink: 342 bytes leftover after parsing attributes in process `syz.1.237'. [ 107.667561][ T6483] netlink: 342 bytes leftover after parsing attributes in process `syz.1.237'. [ 107.725767][ T6482] ima: policy update failed [ 107.730506][ T30] audit: type=1802 audit(1753719549.771:9): pid=6482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.237" res=0 errno=0 [ 107.843352][ T6487] kfence: disabled [ 107.868925][ T6490] kfence: re-enabled [ 108.798826][ T6512] netlink: 342 bytes leftover after parsing attributes in process `syz.1.250'. [ 108.842123][ T6512] netlink: 342 bytes leftover after parsing attributes in process `syz.1.250'. [ 108.878640][ T6511] ima: policy update failed [ 108.921260][ T30] audit: type=1802 audit(1753719550.951:10): pid=6511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.250" res=0 errno=0 [ 109.162386][ T6520] netlink: 338 bytes leftover after parsing attributes in process `syz.0.255'. [ 109.201449][ T6520] FAULT_INJECTION: forcing a failure. [ 109.201449][ T6520] name failslab, interval 1, probability 0, space 0, times 0 [ 109.214505][ T6520] CPU: 1 UID: 0 PID: 6520 Comm: syz.0.255 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 109.214541][ T6520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 109.214557][ T6520] Call Trace: [ 109.214566][ T6520] [ 109.214578][ T6520] dump_stack_lvl+0x16c/0x1f0 [ 109.214611][ T6520] should_fail_ex+0x512/0x640 [ 109.214644][ T6520] should_failslab+0xc2/0x120 [ 109.214676][ T6520] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 109.214704][ T6520] ? __alloc_skb+0x2b2/0x380 [ 109.214744][ T6520] __alloc_skb+0x2b2/0x380 [ 109.214769][ T6520] ? __pfx___alloc_skb+0x10/0x10 [ 109.214799][ T6520] ? do_raw_write_lock+0x11c/0x3a0 [ 109.214833][ T6520] __neigh_notify+0xe6/0x380 [ 109.214868][ T6520] neigh_flush_dev.isra.0+0x478/0x710 [ 109.214912][ T6520] __neigh_ifdown.isra.0+0x7f/0x440 [ 109.214955][ T6520] neigh_ifdown+0x1e/0x30 [ 109.214985][ T6520] rt6_disable_ip+0x295/0x990 [ 109.215030][ T6520] ? __pfx___mutex_trylock_common+0x10/0x10 [ 109.215068][ T6520] ? __pfx_rt6_disable_ip+0x10/0x10 [ 109.215105][ T6520] ? rcu_is_watching+0x12/0xc0 [ 109.215137][ T6520] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 109.215171][ T6520] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 109.215202][ T6520] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 109.215246][ T6520] addrconf_notify+0x220/0x19e0 [ 109.215278][ T6520] ? ip6mr_device_event+0x1bc/0x230 [ 109.215318][ T6520] notifier_call_chain+0xb9/0x410 [ 109.215347][ T6520] ? __pfx_addrconf_notify+0x10/0x10 [ 109.215387][ T6520] call_netdevice_notifiers_info+0xbe/0x140 [ 109.215424][ T6520] __dev_notify_flags+0x1f7/0x2e0 [ 109.215453][ T6520] ? __pfx___dev_notify_flags+0x10/0x10 [ 109.215477][ T6520] ? __dev_change_flags+0x3d5/0x720 [ 109.215507][ T6520] ? __pfx___dev_change_flags+0x10/0x10 [ 109.215536][ T6520] ? __pfx___schedule+0x10/0x10 [ 109.215571][ T6520] ? __pfx_validate_linkmsg+0x10/0x10 [ 109.215602][ T6520] netif_change_flags+0x108/0x160 [ 109.215634][ T6520] do_setlink.constprop.0+0xb53/0x4380 [ 109.215696][ T6520] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 109.215735][ T6520] ? __wake_up_klogd.part.0+0x99/0xf0 [ 109.215779][ T6520] ? __lock_acquire+0xb8a/0x1c90 [ 109.215825][ T6520] ? __mutex_trylock_common+0xe9/0x250 [ 109.215861][ T6520] ? __pfx___mutex_trylock_common+0x10/0x10 [ 109.215898][ T6520] ? __pfx___might_resched+0x10/0x10 [ 109.215928][ T6520] ? rcu_is_watching+0x12/0xc0 [ 109.215954][ T6520] ? trace_contention_end+0xdd/0x130 [ 109.215988][ T6520] ? __mutex_lock+0x1ca/0xb90 [ 109.216016][ T6520] ? rcu_is_watching+0x12/0xc0 [ 109.216041][ T6520] ? rtnl_setlink+0x2b0/0x770 [ 109.216066][ T6520] ? trace_cap_capable+0x18d/0x200 [ 109.216098][ T6520] ? __pfx___mutex_lock+0x10/0x10 [ 109.216123][ T6520] ? apparmor_capable+0x114/0x1d0 [ 109.216167][ T6520] ? netlink_ns_capable+0xfa/0x130 [ 109.216201][ T6520] rtnl_setlink+0x3cb/0x770 [ 109.216235][ T6520] ? __pfx_rtnl_setlink+0x10/0x10 [ 109.216261][ T6520] ? netlink_sendmsg+0x8d1/0xdd0 [ 109.216292][ T6520] ? do_syscall_64+0xcd/0x490 [ 109.216316][ T6520] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.216411][ T6520] ? __lock_acquire+0x622/0x1c90 [ 109.216447][ T6520] ? rcu_is_watching+0x12/0xc0 [ 109.216473][ T6520] ? trace_cap_capable+0x18d/0x200 [ 109.216513][ T6520] ? find_held_lock+0x2b/0x80 [ 109.216537][ T6520] ? __pfx_rtnl_setlink+0x10/0x10 [ 109.216563][ T6520] ? __pfx_rtnl_setlink+0x10/0x10 [ 109.216589][ T6520] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 109.216618][ T6520] ? __pfx_rtnl_setlink+0x10/0x10 [ 109.216648][ T6520] rtnetlink_rcv_msg+0x95b/0xe90 [ 109.216680][ T6520] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 109.216720][ T6520] ? ref_tracker_free+0x37c/0x830 [ 109.216760][ T6520] netlink_rcv_skb+0x158/0x420 [ 109.216791][ T6520] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 109.216825][ T6520] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 109.216870][ T6520] ? netlink_deliver_tap+0x1ae/0xd30 [ 109.216908][ T6520] netlink_unicast+0x58a/0x850 [ 109.216945][ T6520] ? __pfx_netlink_unicast+0x10/0x10 [ 109.216984][ T6520] netlink_sendmsg+0x8d1/0xdd0 [ 109.217021][ T6520] ? __pfx_netlink_sendmsg+0x10/0x10 [ 109.217067][ T6520] ____sys_sendmsg+0xa95/0xc70 [ 109.217103][ T6520] ? copy_msghdr_from_user+0x10a/0x160 [ 109.217130][ T6520] ? __pfx_____sys_sendmsg+0x10/0x10 [ 109.217160][ T6520] ? __pfx___schedule+0x10/0x10 [ 109.217201][ T6520] ? kfree+0x24f/0x4d0 [ 109.217245][ T6520] ___sys_sendmsg+0x134/0x1d0 [ 109.217275][ T6520] ? __pfx____sys_sendmsg+0x10/0x10 [ 109.217338][ T6520] ? __pfx___might_resched+0x10/0x10 [ 109.217374][ T6520] __sys_sendmmsg+0x200/0x420 [ 109.217406][ T6520] ? __pfx___sys_sendmmsg+0x10/0x10 [ 109.217444][ T6520] ? __pfx_do_futex+0x10/0x10 [ 109.217496][ T6520] ? xfd_validate_state+0x61/0x180 [ 109.217536][ T6520] __x64_sys_sendmmsg+0x9c/0x100 [ 109.217562][ T6520] ? lockdep_hardirqs_on+0x7c/0x110 [ 109.217587][ T6520] do_syscall_64+0xcd/0x490 [ 109.217616][ T6520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.217642][ T6520] RIP: 0033:0x7f6cafb8e9a9 [ 109.217664][ T6520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.217690][ T6520] RSP: 002b:00007f6cb09fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 109.217715][ T6520] RAX: ffffffffffffffda RBX: 00007f6cafdb5fa0 RCX: 00007f6cafb8e9a9 [ 109.217738][ T6520] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 109.217754][ T6520] RBP: 00007f6cafc10d69 R08: 0000000000000000 R09: 0000000000000000 [ 109.217770][ T6520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.217786][ T6520] R13: 0000000000000000 R14: 00007f6cafdb5fa0 R15: 00007fff661caaf8 [ 109.217823][ T6520] [ 110.272994][ T6538] netlink: 342 bytes leftover after parsing attributes in process `syz.3.263'. [ 110.283178][ T6538] netlink: 342 bytes leftover after parsing attributes in process `syz.3.263'. [ 110.293139][ T6537] ima: policy update failed [ 110.297838][ T30] audit: type=1802 audit(1753719552.341:11): pid=6537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.263" res=0 errno=0 [ 110.578384][ T6548] netlink: 338 bytes leftover after parsing attributes in process `syz.1.267'. [ 110.754372][ T6555] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 111.024973][ T6563] netlink: 342 bytes leftover after parsing attributes in process `syz.0.274'. [ 111.037891][ T6563] netlink: 342 bytes leftover after parsing attributes in process `syz.0.274'. [ 111.106533][ T6562] ima: policy update failed [ 111.111260][ T30] audit: type=1802 audit(1753720576.150:12): pid=6562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.274" res=0 errno=0 [ 111.280639][ T6574] netlink: 338 bytes leftover after parsing attributes in process `syz.0.279'. [ 111.292142][ T6575] random: crng reseeded on system resumption [ 111.646725][ T6591] netlink: 342 bytes leftover after parsing attributes in process `syz.3.287'. [ 111.656743][ T6591] netlink: 342 bytes leftover after parsing attributes in process `syz.3.287'. [ 111.666627][ T6589] ima: policy update failed [ 111.671639][ T30] audit: type=1802 audit(1753720576.710:13): pid=6589 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.287" res=0 errno=0 [ 112.213805][ T6616] netlink: 342 bytes leftover after parsing attributes in process `syz.2.300'. [ 112.243676][ T6616] netlink: 342 bytes leftover after parsing attributes in process `syz.2.300'. [ 112.256010][ T6614] ima: policy update failed [ 112.260727][ T30] audit: type=1802 audit(1753720577.299:14): pid=6614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.300" res=0 errno=0 [ 113.555137][ T6661] openvswitch: netlink: VXLAN extension message has 16 unknown bytes. [ 113.757982][ T6670] device-mapper: ioctl: device name cannot contain '/' [ 114.548320][ T6696] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 114.629802][ T60] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.766605][ T60] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.855200][ T60] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.976897][ T60] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.315211][ T60] bridge_slave_1: left allmulticast mode [ 115.325930][ T60] bridge_slave_1: left promiscuous mode [ 115.342844][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.434881][ T60] bridge_slave_0: left allmulticast mode [ 115.457391][ T60] bridge_slave_0: left promiscuous mode [ 115.494409][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.602946][ T5167] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 115.614920][ T5167] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 115.623595][ T5167] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 115.632953][ T5167] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 115.641323][ T5167] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 116.403810][ T6751] netlink: 342 bytes leftover after parsing attributes in process `syz.1.356'. [ 116.476466][ T6747] ima: policy update failed [ 116.520126][ T30] audit: type=1802 audit(1753720581.567:15): pid=6747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.356" res=0 errno=0 [ 116.749563][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 116.761611][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 116.772102][ T60] bond0 (unregistering): Released all slaves [ 117.333893][ T60] hsr_slave_0: left promiscuous mode [ 117.348507][ T60] hsr_slave_1: left promiscuous mode [ 117.381192][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 117.425777][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 117.470732][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 117.518378][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.584189][ T60] veth1_macvtap: left promiscuous mode [ 117.612606][ T60] veth0_macvtap: left promiscuous mode [ 117.620086][ T60] veth1_vlan: left promiscuous mode [ 117.627968][ T60] veth0_vlan: left promiscuous mode [ 117.694660][ T5855] Bluetooth: hci1: command tx timeout [ 118.747417][ T6814] syz.2.376 uses obsolete (PF_INET,SOCK_PACKET) [ 119.012195][ T60] team0 (unregistering): Port device team_slave_1 removed [ 119.110514][ T60] team0 (unregistering): Port device team_slave_0 removed [ 119.671089][ T6841] netlink: 28 bytes leftover after parsing attributes in process `syz.2.387'. [ 119.778065][ T5855] Bluetooth: hci1: command tx timeout [ 120.141901][ T6722] chnl_net:caif_netlink_parms(): no params data found [ 120.761461][ T6722] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.785678][ T6722] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.815344][ T6722] bridge_slave_0: entered allmulticast mode [ 120.828328][ T6722] bridge_slave_0: entered promiscuous mode [ 120.844588][ T6877] capability: warning: `syz.2.394' uses 32-bit capabilities (legacy support in use) [ 120.858124][ T6722] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.875668][ T6722] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.917829][ T6722] bridge_slave_1: entered allmulticast mode [ 120.956580][ T6722] bridge_slave_1: entered promiscuous mode [ 121.120554][ T6722] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 121.164782][ T6722] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.321466][ T6722] team0: Port device team_slave_0 added [ 121.393369][ T6722] team0: Port device team_slave_1 added [ 121.544093][ T6722] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 121.577041][ T6722] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.690343][ T6722] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 121.732698][ T6897] netlink: 342 bytes leftover after parsing attributes in process `syz.2.399'. [ 121.758918][ T6895] ima: policy update failed [ 121.791959][ T30] audit: type=1802 audit(1753720586.835:16): pid=6895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.399" res=0 errno=0 [ 121.852916][ T5855] Bluetooth: hci1: command tx timeout [ 121.869188][ T6722] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 121.869234][ T6722] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.869278][ T6722] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.219845][ T6722] hsr_slave_0: entered promiscuous mode [ 122.254300][ T6722] hsr_slave_1: entered promiscuous mode [ 123.264908][ T6722] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 123.281180][ T6931] netlink: 342 bytes leftover after parsing attributes in process `syz.0.409'. [ 123.289339][ T6722] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 123.296815][ T6926] ima: policy update failed [ 123.310517][ T30] audit: type=1802 audit(1753720588.354:17): pid=6926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.409" res=0 errno=0 [ 123.344576][ T6722] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 123.373085][ T6722] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 123.674091][ T6722] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.769393][ T6722] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.793440][ T3423] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.800711][ T3423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.892176][ T3423] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.899454][ T3423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.012790][ T5855] Bluetooth: hci1: command tx timeout [ 124.120456][ T6964] netlink: 342 bytes leftover after parsing attributes in process `syz.1.419'. [ 124.357763][ T6972] netlink: 24 bytes leftover after parsing attributes in process `syz.1.420'. [ 124.785456][ T6722] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 125.284003][ T7012] netlink: 342 bytes leftover after parsing attributes in process `syz.1.427'. [ 125.626343][ T6722] veth0_vlan: entered promiscuous mode [ 125.667805][ T6722] veth1_vlan: entered promiscuous mode [ 125.754943][ T6722] veth0_macvtap: entered promiscuous mode [ 125.792655][ T6722] veth1_macvtap: entered promiscuous mode [ 125.881650][ T6722] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 125.922910][ T6722] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 126.111510][ T6722] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.126954][ T6722] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.149842][ T6722] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.158699][ T6722] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.305913][ T7037] netlink: 342 bytes leftover after parsing attributes in process `syz.1.436'. [ 126.357583][ T7038] netlink: 342 bytes leftover after parsing attributes in process `syz.1.436'. [ 126.383125][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.408143][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.474693][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.508188][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.465979][ T7081] netlink: 'syz.2.450': attribute type 4 has an invalid length. [ 127.494118][ T7081] netlink: 314 bytes leftover after parsing attributes in process `syz.2.450'. [ 133.057540][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.064647][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.510039][ T7294] netlink: 342 bytes leftover after parsing attributes in process `syz.1.520'. [ 135.612024][ T7331] FAULT_INJECTION: forcing a failure. [ 135.612024][ T7331] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 135.649190][ T7331] CPU: 0 UID: 0 PID: 7331 Comm: syz.0.537 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 135.649233][ T7331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 135.649251][ T7331] Call Trace: [ 135.649260][ T7331] [ 135.649270][ T7331] dump_stack_lvl+0x16c/0x1f0 [ 135.649396][ T7331] should_fail_ex+0x512/0x640 [ 135.649439][ T7331] _copy_from_user+0x2e/0xd0 [ 135.649477][ T7331] copy_msghdr_from_user+0x98/0x160 [ 135.649504][ T7331] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 135.649535][ T7331] ? kfree+0x24f/0x4d0 [ 135.649573][ T7331] ___sys_sendmsg+0xfe/0x1d0 [ 135.649622][ T7331] ? __pfx____sys_sendmsg+0x10/0x10 [ 135.649682][ T7331] ? __pfx___might_resched+0x10/0x10 [ 135.649717][ T7331] __sys_sendmmsg+0x200/0x420 [ 135.649747][ T7331] ? __pfx___sys_sendmmsg+0x10/0x10 [ 135.649772][ T7331] ? ip4_datagram_connect+0x38/0x50 [ 135.649816][ T7331] ? __pfx_do_futex+0x10/0x10 [ 135.649846][ T7331] ? fput+0x70/0xf0 [ 135.649891][ T7331] ? xfd_validate_state+0x61/0x180 [ 135.649929][ T7331] __x64_sys_sendmmsg+0x9c/0x100 [ 135.649955][ T7331] ? lockdep_hardirqs_on+0x7c/0x110 [ 135.649980][ T7331] do_syscall_64+0xcd/0x490 [ 135.650007][ T7331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.650034][ T7331] RIP: 0033:0x7f6cafb8e9a9 [ 135.650058][ T7331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.650082][ T7331] RSP: 002b:00007f6cb09fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 135.650107][ T7331] RAX: ffffffffffffffda RBX: 00007f6cafdb5fa0 RCX: 00007f6cafb8e9a9 [ 135.650125][ T7331] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 135.650141][ T7331] RBP: 00007f6cafc10d69 R08: 0000000000000000 R09: 0000000000000000 [ 135.650157][ T7331] R10: 0000000000000a00 R11: 0000000000000246 R12: 0000000000000000 [ 135.650173][ T7331] R13: 0000000000000000 R14: 00007f6cafdb5fa0 R15: 00007fff661caaf8 [ 135.650207][ T7331] [ 135.694187][ T7334] delete_channel: no stack [ 136.232470][ T7353] netlink: 342 bytes leftover after parsing attributes in process `syz.0.544'. [ 136.250449][ T7353] netlink: 342 bytes leftover after parsing attributes in process `syz.0.544'. [ 136.289174][ T7348] ima: policy update failed [ 136.296111][ T30] audit: type=1802 audit(1753720601.327:18): pid=7348 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.544" res=0 errno=0 [ 136.946537][ T7385] netlink: 342 bytes leftover after parsing attributes in process `syz.0.558'. [ 136.978685][ T7380] ima: policy update failed [ 136.993245][ T30] audit: type=1802 audit(1753720602.027:19): pid=7380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.558" res=0 errno=0 [ 137.310666][ T7399] FAULT_INJECTION: forcing a failure. [ 137.310666][ T7399] name failslab, interval 1, probability 0, space 0, times 0 [ 137.335257][ T7399] CPU: 0 UID: 0 PID: 7399 Comm: syz.2.566 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 137.335296][ T7399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 137.335313][ T7399] Call Trace: [ 137.335321][ T7399] [ 137.335332][ T7399] dump_stack_lvl+0x16c/0x1f0 [ 137.335366][ T7399] should_fail_ex+0x512/0x640 [ 137.335392][ T7399] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 137.335433][ T7399] should_failslab+0xc2/0x120 [ 137.335462][ T7399] __kmalloc_cache_noprof+0x6a/0x3e0 [ 137.335499][ T7399] ? binder_open+0x148/0xde0 [ 137.335531][ T7399] binder_open+0x148/0xde0 [ 137.335559][ T7399] ? __pfx_apparmor_file_open+0x10/0x10 [ 137.335599][ T7399] ? __pfx_binder_open+0x10/0x10 [ 137.335627][ T7399] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 137.335671][ T7399] do_dentry_open+0x744/0x1c10 [ 137.335699][ T7399] ? __pfx_binder_open+0x10/0x10 [ 137.335733][ T7399] vfs_open+0x82/0x3f0 [ 137.335769][ T7399] path_openat+0x1de4/0x2cb0 [ 137.335806][ T7399] ? __pfx_path_openat+0x10/0x10 [ 137.335833][ T7399] ? __lock_acquire+0xb8a/0x1c90 [ 137.335868][ T7399] do_filp_open+0x20b/0x470 [ 137.335891][ T7399] ? __pfx_do_filp_open+0x10/0x10 [ 137.335942][ T7399] ? alloc_fd+0x471/0x7d0 [ 137.335989][ T7399] do_sys_openat2+0x11b/0x1d0 [ 137.336018][ T7399] ? __pfx_do_sys_openat2+0x10/0x10 [ 137.336061][ T7399] __x64_sys_openat+0x174/0x210 [ 137.336107][ T7399] ? __pfx___x64_sys_openat+0x10/0x10 [ 137.336154][ T7399] do_syscall_64+0xcd/0x490 [ 137.336184][ T7399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.336209][ T7399] RIP: 0033:0x7f4577d8e9a9 [ 137.336230][ T7399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.336254][ T7399] RSP: 002b:00007f4578b71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 137.336278][ T7399] RAX: ffffffffffffffda RBX: 00007f4577fb5fa0 RCX: 00007f4577d8e9a9 [ 137.336295][ T7399] RDX: 0000000000103102 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 137.336312][ T7399] RBP: 00007f4577e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 137.336325][ T7399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.336339][ T7399] R13: 0000000000000000 R14: 00007f4577fb5fa0 R15: 00007fff4908fb18 [ 137.336373][ T7399] [ 138.065519][ T7421] FAULT_INJECTION: forcing a failure. [ 138.065519][ T7421] name failslab, interval 1, probability 0, space 0, times 0 [ 138.078728][ T7421] CPU: 0 UID: 0 PID: 7421 Comm: syz.0.576 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 138.078764][ T7421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 138.078780][ T7421] Call Trace: [ 138.078788][ T7421] [ 138.078799][ T7421] dump_stack_lvl+0x16c/0x1f0 [ 138.078832][ T7421] should_fail_ex+0x512/0x640 [ 138.078859][ T7421] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 138.078903][ T7421] should_failslab+0xc2/0x120 [ 138.078933][ T7421] __kmalloc_cache_noprof+0x6a/0x3e0 [ 138.078970][ T7421] ? binder_open+0x148/0xde0 [ 138.079001][ T7421] binder_open+0x148/0xde0 [ 138.079029][ T7421] ? __pfx_apparmor_file_open+0x10/0x10 [ 138.079066][ T7421] ? __pfx_binder_open+0x10/0x10 [ 138.079095][ T7421] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 138.079139][ T7421] do_dentry_open+0x744/0x1c10 [ 138.079167][ T7421] ? __pfx_binder_open+0x10/0x10 [ 138.079201][ T7421] vfs_open+0x82/0x3f0 [ 138.079236][ T7421] path_openat+0x1de4/0x2cb0 [ 138.079283][ T7421] ? __pfx_path_openat+0x10/0x10 [ 138.079311][ T7421] ? __lock_acquire+0xb8a/0x1c90 [ 138.079348][ T7421] do_filp_open+0x20b/0x470 [ 138.079372][ T7421] ? __pfx_do_filp_open+0x10/0x10 [ 138.079420][ T7421] ? alloc_fd+0x471/0x7d0 [ 138.079466][ T7421] do_sys_openat2+0x11b/0x1d0 [ 138.079497][ T7421] ? __pfx_do_sys_openat2+0x10/0x10 [ 138.079541][ T7421] __x64_sys_openat+0x174/0x210 [ 138.079573][ T7421] ? __pfx___x64_sys_openat+0x10/0x10 [ 138.079618][ T7421] do_syscall_64+0xcd/0x490 [ 138.079646][ T7421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.079671][ T7421] RIP: 0033:0x7f6cafb8e9a9 [ 138.079691][ T7421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.079715][ T7421] RSP: 002b:00007f6cb09fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 138.079739][ T7421] RAX: ffffffffffffffda RBX: 00007f6cafdb5fa0 RCX: 00007f6cafb8e9a9 [ 138.079756][ T7421] RDX: 0000000000103102 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 138.079770][ T7421] RBP: 00007f6cafc10d69 R08: 0000000000000000 R09: 0000000000000000 [ 138.079786][ T7421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.079800][ T7421] R13: 0000000000000000 R14: 00007f6cafdb5fa0 R15: 00007fff661caaf8 [ 138.079834][ T7421] [ 140.558146][ T7537] netlink: 342 bytes leftover after parsing attributes in process `syz.1.626'. [ 140.568025][ T7537] netlink: 342 bytes leftover after parsing attributes in process `syz.1.626'. [ 140.578079][ T7539] FAULT_INJECTION: forcing a failure. [ 140.578079][ T7539] name failslab, interval 1, probability 0, space 0, times 0 [ 140.603308][ T7539] CPU: 0 UID: 0 PID: 7539 Comm: syz.2.627 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 140.603347][ T7539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 140.603363][ T7539] Call Trace: [ 140.603373][ T7539] [ 140.603384][ T7539] dump_stack_lvl+0x16c/0x1f0 [ 140.603417][ T7539] should_fail_ex+0x512/0x640 [ 140.603443][ T7539] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 140.603485][ T7539] should_failslab+0xc2/0x120 [ 140.603515][ T7539] __kmalloc_cache_noprof+0x6a/0x3e0 [ 140.603552][ T7539] ? binder_open+0x148/0xde0 [ 140.603584][ T7539] binder_open+0x148/0xde0 [ 140.603611][ T7539] ? __pfx_apparmor_file_open+0x10/0x10 [ 140.603650][ T7539] ? __pfx_binder_open+0x10/0x10 [ 140.603681][ T7539] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 140.603736][ T7539] do_dentry_open+0x744/0x1c10 [ 140.603764][ T7539] ? __pfx_binder_open+0x10/0x10 [ 140.603799][ T7539] vfs_open+0x82/0x3f0 [ 140.603836][ T7539] path_openat+0x1de4/0x2cb0 [ 140.603875][ T7539] ? __pfx_path_openat+0x10/0x10 [ 140.603902][ T7539] ? __lock_acquire+0xb8a/0x1c90 [ 140.603940][ T7539] do_filp_open+0x20b/0x470 [ 140.603965][ T7539] ? __pfx_do_filp_open+0x10/0x10 [ 140.604017][ T7539] ? alloc_fd+0x471/0x7d0 [ 140.604064][ T7539] do_sys_openat2+0x11b/0x1d0 [ 140.604096][ T7539] ? __pfx_do_sys_openat2+0x10/0x10 [ 140.604142][ T7539] __x64_sys_openat+0x174/0x210 [ 140.604174][ T7539] ? __pfx___x64_sys_openat+0x10/0x10 [ 140.604222][ T7539] do_syscall_64+0xcd/0x490 [ 140.604251][ T7539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.604277][ T7539] RIP: 0033:0x7f4577d8e9a9 [ 140.604298][ T7539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.604322][ T7539] RSP: 002b:00007f4578b71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 140.604346][ T7539] RAX: ffffffffffffffda RBX: 00007f4577fb5fa0 RCX: 00007f4577d8e9a9 [ 140.604364][ T7539] RDX: 0000000000103102 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 140.604380][ T7539] RBP: 00007f4577e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 140.604395][ T7539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 140.604409][ T7539] R13: 0000000000000000 R14: 00007f4577fb5fa0 R15: 00007fff4908fb18 [ 140.604443][ T7539] [ 140.913577][ T7541] netlink: 'syz.4.628': attribute type 4 has an invalid length. [ 140.927150][ T7541] netlink: 314 bytes leftover after parsing attributes in process `syz.4.628'. [ 140.950209][ T7541] netlink: 'syz.4.628': attribute type 4 has an invalid length. [ 140.958056][ T7541] netlink: 314 bytes leftover after parsing attributes in process `syz.4.628'. [ 141.399418][ T7566] netlink: 342 bytes leftover after parsing attributes in process `syz.2.639'. [ 141.416348][ T7566] netlink: 342 bytes leftover after parsing attributes in process `syz.2.639'. [ 141.429487][ T7565] ima: policy update failed [ 141.434302][ T30] audit: type=1802 audit(1753720606.465:20): pid=7565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.639" res=0 errno=0 [ 142.814240][ T7633] netlink: 28 bytes leftover after parsing attributes in process `syz.1.669'. [ 143.151962][ T7646] netlink: 330 bytes leftover after parsing attributes in process `syz.1.675'. [ 143.428097][ T7660] netlink: 28 bytes leftover after parsing attributes in process `syz.4.682'. [ 144.480594][ T7700] netlink: 'syz.1.695': attribute type 4 has an invalid length. [ 144.510785][ T7700] netlink: 314 bytes leftover after parsing attributes in process `syz.1.695'. [ 145.738222][ T7755] netlink: 342 bytes leftover after parsing attributes in process `syz.1.715'. [ 145.826030][ T7755] netlink: 342 bytes leftover after parsing attributes in process `syz.1.715'. [ 146.642960][ T7787] netlink: 342 bytes leftover after parsing attributes in process `syz.4.725'. [ 146.675142][ T7787] netlink: 342 bytes leftover after parsing attributes in process `syz.4.725'. [ 146.702833][ T7785] ima: policy update failed [ 146.709489][ T30] audit: type=1802 audit(1753720611.732:21): pid=7785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.725" res=0 errno=0 [ 146.713788][ T7795] nbd: must specify a size in bytes for the device [ 147.685408][ T7833] ima: policy update failed [ 147.700461][ T30] audit: type=1802 audit(1753720612.722:22): pid=7833 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.739" res=0 errno=0 [ 148.202317][ T7856] nbd: must specify at least one socket [ 148.455463][ T7865] ima: policy update failed [ 148.468143][ T30] audit: type=1802 audit(1753720613.491:23): pid=7865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.751" res=0 errno=0 [ 148.936301][ T7884] nbd: must specify at least one socket [ 149.079572][ T7889] ima: policy update failed [ 149.107238][ T30] audit: type=1802 audit(1753720614.131:24): pid=7889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.761" res=0 errno=0 [ 151.299471][ T7996] ima: policy update failed [ 151.308898][ T30] audit: type=1802 audit(1753720616.340:25): pid=7996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.800" res=0 errno=0 [ 151.661906][ T8014] netlink: 'syz.0.807': attribute type 4 has an invalid length. [ 151.695523][ T8014] netlink: 314 bytes leftover after parsing attributes in process `syz.0.807'. [ 152.200293][ T8040] random: crng reseeded on system resumption [ 152.919126][ T8069] netlink: 54 bytes leftover after parsing attributes in process `syz.1.826'. [ 152.967689][ T8069] netlink: 54 bytes leftover after parsing attributes in process `syz.1.826'. [ 153.908252][ T8116] random: crng reseeded on system resumption [ 154.608074][ T8149] netlink: 334 bytes leftover after parsing attributes in process `syz.4.856'. [ 155.119171][ T8172] netlink: 334 bytes leftover after parsing attributes in process `syz.1.867'. [ 155.135649][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.276549][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.395837][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.517552][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.871645][ T36] bridge_slave_1: left allmulticast mode [ 155.880152][ T36] bridge_slave_1: left promiscuous mode [ 155.906300][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.984754][ T36] bridge_slave_0: left allmulticast mode [ 155.991450][ T36] bridge_slave_0: left promiscuous mode [ 156.002216][ T5167] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 156.011425][ T5167] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 156.028742][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.038399][ T5167] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 156.057861][ T5167] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 156.065763][ T5167] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 156.211832][ T8194] netlink: 334 bytes leftover after parsing attributes in process `syz.1.877'. [ 156.732494][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 156.754515][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 156.776376][ T36] bond0 (unregistering): Released all slaves [ 157.314912][ T36] hsr_slave_0: left promiscuous mode [ 157.326306][ T36] hsr_slave_1: left promiscuous mode [ 157.344544][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 157.352043][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 157.368428][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 157.404714][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 157.508476][ T36] veth1_macvtap: left promiscuous mode [ 157.514102][ T36] veth0_macvtap: left promiscuous mode [ 157.548569][ T36] veth1_vlan: left promiscuous mode [ 157.553988][ T36] veth0_vlan: left promiscuous mode [ 157.935281][ T5167] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 157.944560][ T5167] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 157.953306][ T5167] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 157.963840][ T5167] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 157.975826][ T5167] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 158.106754][ T5167] Bluetooth: hci2: command tx timeout [ 158.184056][ T8256] netlink: 'syz.0.898': attribute type 4 has an invalid length. [ 158.192047][ T8256] netlink: 314 bytes leftover after parsing attributes in process `syz.0.898'. [ 158.485699][ T36] team0 (unregistering): Port device team_slave_1 removed [ 158.527988][ T36] team0 (unregistering): Port device team_slave_0 removed [ 159.030091][ T8261] ima: policy update failed [ 159.035281][ T30] audit: type=1802 audit(1753720624.056:26): pid=8261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.901" res=0 errno=0 [ 159.134825][ T8273] netlink: 'syz.0.905': attribute type 4 has an invalid length. [ 159.143219][ T8273] netlink: 314 bytes leftover after parsing attributes in process `syz.0.905'. [ 159.209204][ T8275] netlink: 28 bytes leftover after parsing attributes in process `syz.0.906'. [ 159.374876][ T8187] chnl_net:caif_netlink_parms(): no params data found [ 159.785151][ T8187] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.795584][ T8187] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.814253][ T8187] bridge_slave_0: entered allmulticast mode [ 159.829734][ T8187] bridge_slave_0: entered promiscuous mode [ 159.892220][ T36] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.943608][ T8187] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.961826][ T8187] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.976848][ T8187] bridge_slave_1: entered allmulticast mode [ 159.984718][ T8187] bridge_slave_1: entered promiscuous mode [ 160.026115][ T5167] Bluetooth: hci1: command tx timeout [ 160.052451][ T36] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.186933][ T5167] Bluetooth: hci2: command tx timeout [ 160.244694][ T36] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.275010][ T8187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.304306][ T8187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 160.371167][ T36] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.461417][ T8250] chnl_net:caif_netlink_parms(): no params data found [ 160.520160][ T8187] team0: Port device team_slave_0 added [ 160.538405][ T8187] team0: Port device team_slave_1 added [ 160.618659][ T8319] netlink: 54 bytes leftover after parsing attributes in process `syz.1.915'. [ 160.666869][ T8187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 160.673882][ T8187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.700018][ T8187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 160.711005][ T8320] netlink: 54 bytes leftover after parsing attributes in process `syz.1.915'. [ 160.722863][ T8187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 160.731233][ T8187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.757830][ T8187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 161.061769][ T8187] hsr_slave_0: entered promiscuous mode [ 161.089901][ T8187] hsr_slave_1: entered promiscuous mode [ 161.112171][ T8187] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 161.130771][ T8187] Cannot create hsr debugfs directory [ 161.181700][ T8250] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.196639][ T8250] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.215727][ T8250] bridge_slave_0: entered allmulticast mode [ 161.248001][ T8250] bridge_slave_0: entered promiscuous mode [ 161.282676][ T8250] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.308570][ T8250] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.332011][ T8250] bridge_slave_1: entered allmulticast mode [ 161.349659][ T8250] bridge_slave_1: entered promiscuous mode [ 161.635217][ T8250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 161.733449][ T8250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 161.758787][ T36] bridge_slave_1: left allmulticast mode [ 161.764503][ T36] bridge_slave_1: left promiscuous mode [ 161.834553][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.862214][ T36] bridge_slave_0: left allmulticast mode [ 161.875918][ T36] bridge_slave_0: left promiscuous mode [ 161.891542][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.111072][ T5167] Bluetooth: hci1: command tx timeout [ 162.279827][ T5167] Bluetooth: hci2: command tx timeout [ 162.476084][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 162.495825][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 162.512635][ T36] bond0 (unregistering): Released all slaves [ 162.639411][ T8378] ima: policy update failed [ 162.644636][ T30] audit: type=1802 audit(1753720627.664:27): pid=8378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.933" res=0 errno=0 [ 162.676906][ T8250] team0: Port device team_slave_0 added [ 162.780302][ T8250] team0: Port device team_slave_1 added [ 162.895478][ T8250] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 162.910591][ T8250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 162.954904][ T8250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.097166][ T8250] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.112064][ T8250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.147869][ T8250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.276785][ T36] hsr_slave_0: left promiscuous mode [ 163.294723][ T36] hsr_slave_1: left promiscuous mode [ 163.307372][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.326092][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.356662][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.370176][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.414865][ T36] veth1_macvtap: left promiscuous mode [ 163.423139][ T36] veth0_macvtap: left promiscuous mode [ 163.432057][ T36] veth1_vlan: left promiscuous mode [ 163.437534][ T36] veth0_vlan: left promiscuous mode [ 164.190993][ T5167] Bluetooth: hci1: command tx timeout [ 164.355935][ T5167] Bluetooth: hci2: command tx timeout [ 164.371620][ T36] team0 (unregistering): Port device team_slave_1 removed [ 164.412597][ T36] team0 (unregistering): Port device team_slave_0 removed [ 164.906716][ T8250] hsr_slave_0: entered promiscuous mode [ 164.920167][ T8250] hsr_slave_1: entered promiscuous mode [ 165.122188][ T8187] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 165.204134][ T8187] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 165.242144][ T8187] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 165.282908][ T8187] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 165.693715][ T8187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.736353][ T8250] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 165.744177][ T8464] netlink: 54 bytes leftover after parsing attributes in process `syz.1.955'. [ 165.767231][ T8250] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 165.787879][ T8464] netlink: 54 bytes leftover after parsing attributes in process `syz.1.955'. [ 165.789639][ T8250] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 165.839705][ T8187] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.851646][ T8250] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 165.910509][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.917741][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.990979][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.998191][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.238672][ T8250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.282888][ T5167] Bluetooth: hci1: command tx timeout [ 166.305270][ T8250] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.339327][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.346564][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.367683][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.374918][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.646265][ T8187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.017487][ T8506] netlink: 'syz.0.961': attribute type 4 has an invalid length. [ 167.045064][ T8250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.059695][ T8506] netlink: 314 bytes leftover after parsing attributes in process `syz.0.961'. [ 167.633801][ T8187] veth0_vlan: entered promiscuous mode [ 167.669582][ T8187] veth1_vlan: entered promiscuous mode [ 167.776919][ T8187] veth0_macvtap: entered promiscuous mode [ 167.792961][ T8187] veth1_macvtap: entered promiscuous mode [ 167.845839][ T8187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 167.889224][ T8187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 167.935128][ T8187] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.959981][ T8187] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.979003][ T8187] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.990346][ T8187] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.067479][ T8546] netlink: 'syz.0.970': attribute type 4 has an invalid length. [ 168.079508][ T8546] netlink: 314 bytes leftover after parsing attributes in process `syz.0.970'. [ 168.172045][ T8250] veth0_vlan: entered promiscuous mode [ 168.205312][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.226442][ T8250] veth1_vlan: entered promiscuous mode [ 168.252582][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.345797][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.368051][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.385369][ T8250] veth0_macvtap: entered promiscuous mode [ 168.418389][ T8250] veth1_macvtap: entered promiscuous mode [ 168.473530][ T8250] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 168.511501][ T8250] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 168.533999][ T8250] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.560527][ T8250] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.584971][ T8250] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.640708][ T8250] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.944914][ T3423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.991493][ T3423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.075530][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.106805][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 170.924402][ T8641] netlink: 338 bytes leftover after parsing attributes in process `syz.1.998'. [ 171.020742][ T8646] netlink: 54 bytes leftover after parsing attributes in process `syz.5.1000'. [ 171.047197][ T8646] netlink: 54 bytes leftover after parsing attributes in process `syz.5.1000'. [ 171.093021][ T8644] ima: policy update failed [ 171.108692][ T30] audit: type=1802 audit(1753720636.120:28): pid=8644 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.1000" res=0 errno=0 [ 171.765289][ T8675] netlink: 338 bytes leftover after parsing attributes in process `syz.6.1010'. [ 171.963355][ T8685] binder: 8679:8685 ioctl 4018620d 9 returned -22 [ 172.588729][ T13] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.780571][ T13] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.937990][ T13] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.106298][ T13] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.438727][ T13] bridge_slave_1: left allmulticast mode [ 173.456242][ T13] bridge_slave_1: left promiscuous mode [ 173.481359][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.540578][ T13] bridge_slave_0: left allmulticast mode [ 173.568181][ T13] bridge_slave_0: left promiscuous mode [ 173.574743][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.746214][ T8743] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1033'. [ 173.816301][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 173.833263][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 173.842207][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 173.857751][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 173.877304][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 174.276454][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 174.292673][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 174.303515][ T13] bond0 (unregistering): Released all slaves [ 174.889618][ T8773] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1041'. [ 174.915591][ T13] hsr_slave_0: left promiscuous mode [ 174.932622][ T13] hsr_slave_1: left promiscuous mode [ 174.947829][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 174.964617][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 174.985267][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 175.003313][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 175.020666][ T8778] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1043'. [ 175.038717][ T13] veth1_macvtap: left promiscuous mode [ 175.044980][ T13] veth0_macvtap: left promiscuous mode [ 175.050775][ T13] veth1_vlan: left promiscuous mode [ 175.056854][ T13] veth0_vlan: left promiscuous mode [ 175.718942][ T8796] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1051'. [ 175.865513][ T13] team0 (unregistering): Port device team_slave_1 removed [ 175.932162][ T13] team0 (unregistering): Port device team_slave_0 removed [ 175.958668][ T5167] Bluetooth: hci2: command tx timeout [ 176.810678][ T8823] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1060'. [ 177.030095][ T8744] chnl_net:caif_netlink_parms(): no params data found [ 177.341776][ T8744] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.365380][ T8744] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.372689][ T8744] bridge_slave_0: entered allmulticast mode [ 177.401831][ T8744] bridge_slave_0: entered promiscuous mode [ 177.425453][ T8744] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.433152][ T8744] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.455030][ T8744] bridge_slave_1: entered allmulticast mode [ 177.463628][ T8744] bridge_slave_1: entered promiscuous mode [ 177.539585][ T8744] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.571960][ T8744] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.780724][ T8744] team0: Port device team_slave_0 added [ 177.804484][ T8744] team0: Port device team_slave_1 added [ 177.891906][ T8851] netlink: 334 bytes leftover after parsing attributes in process `syz.6.1069'. [ 177.965249][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.038278][ T5167] Bluetooth: hci2: command tx timeout [ 178.087686][ T8744] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 178.118785][ T8744] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.169781][ T8744] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 178.204465][ T5855] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 178.217758][ T5855] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 178.232168][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 178.243311][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 178.251403][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 178.284082][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.312833][ T8744] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 178.321069][ T8744] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.352736][ T8744] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 178.397241][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.512078][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.546180][ T8744] hsr_slave_0: entered promiscuous mode [ 178.558864][ T8744] hsr_slave_1: entered promiscuous mode [ 178.602801][ T8744] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 178.621563][ T8744] Cannot create hsr debugfs directory [ 178.846407][ T8878] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1078'. [ 179.112305][ T13] bridge_slave_1: left allmulticast mode [ 179.158742][ T13] bridge_slave_1: left promiscuous mode [ 179.164621][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.231647][ T13] bridge_slave_0: left allmulticast mode [ 179.245674][ T13] bridge_slave_0: left promiscuous mode [ 179.251675][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.286390][ T8890] netlink: 330 bytes leftover after parsing attributes in process `syz.6.1080'. [ 179.752719][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 179.767757][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 179.778586][ T13] bond0 (unregistering): Released all slaves [ 180.116272][ T5167] Bluetooth: hci2: command tx timeout [ 180.129449][ T13] hsr_slave_0: left promiscuous mode [ 180.137310][ T13] hsr_slave_1: left promiscuous mode [ 180.143203][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 180.152775][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 180.160897][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 180.168628][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 180.184733][ T13] veth1_macvtap: left promiscuous mode [ 180.190463][ T13] veth0_macvtap: left promiscuous mode [ 180.196159][ T13] veth1_vlan: left promiscuous mode [ 180.201795][ T13] veth0_vlan: left promiscuous mode [ 180.282932][ T5167] Bluetooth: hci0: command tx timeout [ 180.603779][ T13] team0 (unregistering): Port device team_slave_1 removed [ 180.642721][ T13] team0 (unregistering): Port device team_slave_0 removed [ 181.012167][ T8744] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 181.033866][ T8744] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 181.051215][ T8744] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 181.074125][ T8744] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 181.105843][ T8856] chnl_net:caif_netlink_parms(): no params data found [ 181.348649][ T8856] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.357126][ T8856] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.364479][ T8856] bridge_slave_0: entered allmulticast mode [ 181.373703][ T8856] bridge_slave_0: entered promiscuous mode [ 181.403317][ T8856] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.412496][ T8856] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.419934][ T8856] bridge_slave_1: entered allmulticast mode [ 181.427908][ T8856] bridge_slave_1: entered promiscuous mode [ 181.539806][ T8856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 181.575681][ T8856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 181.644144][ T8744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.661842][ T8856] team0: Port device team_slave_0 added [ 181.679914][ T8856] team0: Port device team_slave_1 added [ 181.712451][ T8744] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.748104][ T8856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 181.755136][ T8856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.783284][ T8856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 181.803431][ T8856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 181.813710][ T8856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.849715][ T8856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 181.875620][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.882903][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.910713][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.917947][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.974932][ T8856] hsr_slave_0: entered promiscuous mode [ 181.982086][ T8856] hsr_slave_1: entered promiscuous mode [ 181.990211][ T8856] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 181.997918][ T8856] Cannot create hsr debugfs directory [ 182.198064][ T5167] Bluetooth: hci2: command tx timeout [ 182.311971][ T8856] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 182.340407][ T8856] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 182.358620][ T5167] Bluetooth: hci0: command tx timeout [ 182.380920][ T8856] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 182.405848][ T8856] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 182.509244][ T8744] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.664481][ T8856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.721516][ T8856] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.744805][ T3423] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.752180][ T3423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.793484][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.800719][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.186187][ T8744] veth0_vlan: entered promiscuous mode [ 183.210576][ T8744] veth1_vlan: entered promiscuous mode [ 183.280637][ T8744] veth0_macvtap: entered promiscuous mode [ 183.302187][ T8744] veth1_macvtap: entered promiscuous mode [ 183.344709][ T8856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.361860][ T8744] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.384592][ T8744] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 183.396304][ T8744] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.412646][ T8744] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.422869][ T8744] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.435298][ T8744] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.611418][ T3423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.627638][ T3423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.690552][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.707726][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.926504][ T8974] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1091'. [ 183.980975][ T8856] veth0_vlan: entered promiscuous mode [ 183.990899][ T8976] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 184.011835][ T8976] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 184.039632][ T8856] veth1_vlan: entered promiscuous mode [ 184.051585][ T8976] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 184.066576][ T8976] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 184.074757][ T8976] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 184.122778][ T8856] veth0_macvtap: entered promiscuous mode [ 184.134734][ T8976] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 184.161299][ T8856] veth1_macvtap: entered promiscuous mode [ 184.181797][ T8976] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 184.187848][ T8976] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 184.203073][ T8983] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1094'. [ 184.247753][ T8987] netlink: 334 bytes leftover after parsing attributes in process `syz.7.1086'. [ 184.259542][ T8856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 184.283582][ T8976] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 184.333223][ T8856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 184.354051][ T8976] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 184.373610][ T8976] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 184.375353][ T8856] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.414237][ T8856] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.423260][ T8856] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.433072][ T8856] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.481528][ T8976] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 184.673257][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.687577][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.799079][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.822742][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.553025][ T9024] netlink: 334 bytes leftover after parsing attributes in process `syz.7.1098'. [ 186.040679][ T5167] Bluetooth: hci3: command 0x0c1a tx timeout [ 186.123407][ T5167] Bluetooth: hci1: command 0x0c1a tx timeout [ 186.199144][ T5167] Bluetooth: hci2: command 0x0c1a tx timeout [ 186.359478][ T5167] Bluetooth: hci0: command 0x0419 tx timeout [ 186.634218][ T9060] ima: policy update failed [ 186.647255][ T30] audit: type=1802 audit(1753720651.652:29): pid=9060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.1109" res=0 errno=0 [ 187.910565][ T9113] netlink: 330 bytes leftover after parsing attributes in process `syz.8.1126'. [ 188.130294][ T5167] Bluetooth: hci3: command 0x0c1a tx timeout [ 188.200177][ T5167] Bluetooth: hci1: command 0x0c1a tx timeout [ 188.283700][ T5167] Bluetooth: hci2: command 0x0c1a tx timeout [ 188.396614][ T9127] ima: policy update failed [ 188.407672][ T30] audit: type=1802 audit(1753720653.411:30): pid=9127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.8.1132" res=0 errno=0 [ 188.440859][ T5167] Bluetooth: hci0: command 0x0419 tx timeout [ 189.027024][ T9151] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 189.043784][ T9151] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 189.061128][ T9151] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 189.069996][ T9151] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 190.786867][ T9213] ima: policy update failed [ 190.802025][ T30] audit: type=1802 audit(1753720655.810:31): pid=9213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.1156" res=0 errno=0 [ 191.082323][ T5167] Bluetooth: hci0: command 0x0419 tx timeout [ 191.089179][ T5855] Bluetooth: hci2: command 0x0c1a tx timeout [ 191.095515][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 191.102797][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 191.166922][ T9229] netlink: 338 bytes leftover after parsing attributes in process `syz.6.1161'. [ 191.781276][ T9246] binder: 9245:9246 ioctl 4018620d 9 returned -22 [ 191.792548][ T9243] ima: policy update failed [ 191.797268][ T30] audit: type=1802 audit(1753720656.800:32): pid=9243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.7.1167" res=0 errno=0 [ 191.827253][ T9246] binder: 9245:9246 ioctl 4018620d 9 returned -22 [ 192.851237][ T9283] binder: 9282:9283 ioctl 4018620d 9 returned -22 [ 192.885969][ T9283] binder: 9282:9283 ioctl 4018620d 9 returned -22 [ 192.889488][ T9284] ima: policy update failed [ 192.907051][ T30] audit: type=1802 audit(1753720657.909:33): pid=9284 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.1179" res=0 errno=0 [ 193.163194][ T5847] Bluetooth: hci0: command 0x0419 tx timeout [ 193.822080][ T9317] ima: policy update failed [ 193.843639][ T30] audit: type=1802 audit(1753720658.858:34): pid=9317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.8.1193" res=0 errno=0 [ 194.513007][ T9346] ima: policy update failed [ 194.531350][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.539019][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.550476][ T30] audit: type=1802 audit(1753720659.528:35): pid=9346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.7.1204" res=0 errno=0 [ 194.976606][ T9365] netlink: 334 bytes leftover after parsing attributes in process `syz.7.1210'. [ 195.365550][ T9378] ima: policy update failed [ 195.371056][ T30] audit: type=1802 audit(1753720660.378:36): pid=9378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.1216" res=0 errno=0 [ 195.938135][ T9399] netlink: 334 bytes leftover after parsing attributes in process `syz.7.1223'. [ 196.203906][ T9407] ima: policy update failed [ 196.234151][ T30] audit: type=1802 audit(1753720661.237:37): pid=9407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.7.1226" res=0 errno=0 [ 198.055928][ T9477] ima: policy update failed [ 198.065307][ T30] audit: type=1802 audit(1753720663.066:38): pid=9477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.1251" res=0 errno=0 [ 198.247833][ T9487] netlink: 334 bytes leftover after parsing attributes in process `syz.7.1255'. [ 199.020232][ T9513] ima: policy update failed [ 199.041096][ T30] audit: type=1802 audit(1753720664.046:39): pid=9513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.1265" res=0 errno=0 [ 199.171628][ T9519] netlink: 334 bytes leftover after parsing attributes in process `syz.7.1268'. [ 199.978576][ T9551] netlink: 334 bytes leftover after parsing attributes in process `syz.6.1282'. [ 201.325067][ T9592] netlink: 338 bytes leftover after parsing attributes in process `syz.7.1301'. [ 201.712296][ T9608] netlink: 334 bytes leftover after parsing attributes in process `syz.7.1305'. [ 201.990006][ T9617] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 202.591886][ T9640] netlink: 334 bytes leftover after parsing attributes in process `syz.8.1318'. [ 202.781171][ T9645] ima: policy update failed [ 202.792114][ T30] audit: type=1802 audit(1753720667.794:40): pid=9645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.1320" res=0 errno=0 [ 202.941241][ T9652] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 203.299231][ T9664] netlink: 338 bytes leftover after parsing attributes in process `syz.7.1326'. [ 203.600293][ T9677] netlink: 314 bytes leftover after parsing attributes in process `syz.7.1330'. [ 203.807345][ T9682] FAULT_INJECTION: forcing a failure. [ 203.807345][ T9682] name failslab, interval 1, probability 0, space 0, times 0 [ 203.853147][ T9682] CPU: 0 UID: 0 PID: 9682 Comm: syz.6.1333 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 203.853189][ T9682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 203.853205][ T9682] Call Trace: [ 203.853215][ T9682] [ 203.853225][ T9682] dump_stack_lvl+0x16c/0x1f0 [ 203.853259][ T9682] should_fail_ex+0x512/0x640 [ 203.853286][ T9682] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 203.853319][ T9682] should_failslab+0xc2/0x120 [ 203.853348][ T9682] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 203.853377][ T9682] ? __d_alloc+0x31/0xaa0 [ 203.853410][ T9682] __d_alloc+0x31/0xaa0 [ 203.853435][ T9682] ? do_raw_spin_lock+0x12c/0x2b0 [ 203.853476][ T9682] d_alloc+0x4a/0x1e0 [ 203.853506][ T9682] d_alloc_name+0x83/0xb0 [ 203.853532][ T9682] ? __pfx_d_alloc_name+0x10/0x10 [ 203.853568][ T9682] simple_fill_super+0x2eb/0x720 [ 203.853598][ T9682] ? __pfx_nfsd_fill_super+0x10/0x10 [ 203.853632][ T9682] nfsd_fill_super+0x90/0x530 [ 203.853663][ T9682] ? __pfx_set_anon_super_fc+0x10/0x10 [ 203.853700][ T9682] ? __pfx_nfsd_fill_super+0x10/0x10 [ 203.853732][ T9682] get_tree_keyed+0x10b/0x1d0 [ 203.853770][ T9682] vfs_get_tree+0x8e/0x340 [ 203.853803][ T9682] path_mount+0x1414/0x2020 [ 203.853833][ T9682] ? kmem_cache_free+0x2d1/0x4d0 [ 203.853857][ T9682] ? __pfx_path_mount+0x10/0x10 [ 203.853889][ T9682] ? putname+0x154/0x1a0 [ 203.853923][ T9682] __x64_sys_mount+0x28d/0x310 [ 203.853951][ T9682] ? __pfx___x64_sys_mount+0x10/0x10 [ 203.853991][ T9682] do_syscall_64+0xcd/0x490 [ 203.854027][ T9682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.854055][ T9682] RIP: 0033:0x7fc7ea78e9a9 [ 203.854077][ T9682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.854102][ T9682] RSP: 002b:00007fc7eb6db038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 203.854128][ T9682] RAX: ffffffffffffffda RBX: 00007fc7ea9b5fa0 RCX: 00007fc7ea78e9a9 [ 203.854145][ T9682] RDX: 0000200000000140 RSI: 00002000000000c0 RDI: 0000000000000000 [ 203.854162][ T9682] RBP: 00007fc7ea810d69 R08: 0000000000000000 R09: 0000000000000000 [ 203.854178][ T9682] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000000 [ 203.854192][ T9682] R13: 0000000000000000 R14: 00007fc7ea9b5fa0 R15: 00007ffe84ae9e18 [ 203.854236][ T9682] [ 204.706768][ T9706] ima: policy update failed [ 204.722463][ T30] audit: type=1802 audit(1753720669.723:41): pid=9706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.1343" res=0 errno=0 [ 204.760926][ T9711] netlink: 314 bytes leftover after parsing attributes in process `syz.7.1342'. [ 205.117084][ T9725] netlink: 'syz.7.1349': attribute type 11 has an invalid length. [ 205.428583][ T9734] netlink: 338 bytes leftover after parsing attributes in process `syz.8.1352'. [ 206.255357][ T9769] netlink: 330 bytes leftover after parsing attributes in process `syz.7.1365'. [ 206.387428][ T9772] ima: policy update failed [ 206.422474][ T30] audit: type=1802 audit(1753720671.422:42): pid=9772 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.1366" res=0 errno=0 [ 207.140990][ T9801] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1377'. [ 207.277238][ T9806] netlink: 'syz.8.1378': attribute type 1 has an invalid length. [ 207.317987][ T9806] netlink: 54 bytes leftover after parsing attributes in process `syz.8.1378'. [ 207.358780][ T9804] ima: policy update failed [ 207.382212][ T30] audit: type=1802 audit(1753720672.382:43): pid=9804 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.8.1378" res=0 errno=0 [ 208.011353][ T9832] process 'syz.6.1387' launched ':,' with NULL argv: empty string added [ 208.155263][ T9833] svc: failed to register nfsdv3 RPC service (errno 111). [ 208.189873][ T9833] svc: failed to register nfsaclv3 RPC service (errno 111). [ 208.924720][ T9864] netlink: 334 bytes leftover after parsing attributes in process `syz.7.1400'. [ 209.949159][ T9908] netlink: 'syz.7.1417': attribute type 1 has an invalid length. [ 210.001051][ T9908] netlink: 54 bytes leftover after parsing attributes in process `syz.7.1417'. [ 210.051927][ T9907] ima: policy update failed [ 210.065738][ T30] audit: type=1802 audit(1753720675.050:44): pid=9907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.7.1417" res=0 errno=0 [ 210.916870][ T9940] netlink: 'syz.7.1430': attribute type 1 has an invalid length. [ 210.962392][ T9942] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1431'. [ 210.971514][ T9940] netlink: 54 bytes leftover after parsing attributes in process `syz.7.1430'. [ 210.972183][ T9937] ima: policy update failed [ 211.048691][ T30] audit: type=1802 audit(1753720676.030:45): pid=9937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.7.1430" res=0 errno=0 [ 211.722198][ T9969] ima: policy update failed [ 211.726968][ T30] audit: type=1802 audit(1753720676.720:46): pid=9969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.7.1442" res=0 errno=0 [ 211.968430][ T9981] FAULT_INJECTION: forcing a failure. [ 211.968430][ T9981] name failslab, interval 1, probability 0, space 0, times 0 [ 212.062224][ T9981] CPU: 0 UID: 0 PID: 9981 Comm: syz.6.1444 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 212.062264][ T9981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 212.062280][ T9981] Call Trace: [ 212.062289][ T9981] [ 212.062300][ T9981] dump_stack_lvl+0x16c/0x1f0 [ 212.062333][ T9981] should_fail_ex+0x512/0x640 [ 212.062358][ T9981] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 212.062399][ T9981] should_failslab+0xc2/0x120 [ 212.062425][ T9981] __kmalloc_cache_noprof+0x6a/0x3e0 [ 212.062459][ T9981] ? lockdep_init_map_type+0x5c/0x280 [ 212.062492][ T9981] ? dummy_hrtimer_create+0x45/0x170 [ 212.062529][ T9981] dummy_hrtimer_create+0x45/0x170 [ 212.062559][ T9981] ? __pfx_dummy_hrtimer_create+0x10/0x10 [ 212.062590][ T9981] dummy_pcm_open+0xd4/0x5b0 [ 212.062622][ T9981] snd_pcm_open_substream+0xa60/0x17f0 [ 212.062660][ T9981] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 212.062704][ T9981] snd_pcm_oss_open+0x735/0x1400 [ 212.062744][ T9981] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 212.062774][ T9981] ? __lock_acquire+0xb8a/0x1c90 [ 212.062803][ T9981] ? __pfx_default_wake_function+0x10/0x10 [ 212.062832][ T9981] ? __lock_acquire+0xb8a/0x1c90 [ 212.062875][ T9981] ? do_raw_spin_lock+0x12c/0x2b0 [ 212.062917][ T9981] ? soundcore_open+0x35a/0x580 [ 212.062946][ T9981] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 212.062978][ T9981] soundcore_open+0x409/0x580 [ 212.063010][ T9981] ? __pfx_soundcore_open+0x10/0x10 [ 212.063037][ T9981] chrdev_open+0x231/0x6a0 [ 212.063067][ T9981] ? __pfx_chrdev_open+0x10/0x10 [ 212.063098][ T9981] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 212.063142][ T9981] do_dentry_open+0x744/0x1c10 [ 212.063170][ T9981] ? __pfx_chrdev_open+0x10/0x10 [ 212.063205][ T9981] vfs_open+0x82/0x3f0 [ 212.063252][ T9981] path_openat+0x1de4/0x2cb0 [ 212.063291][ T9981] ? __pfx_path_openat+0x10/0x10 [ 212.063319][ T9981] ? __lock_acquire+0xb8a/0x1c90 [ 212.063356][ T9981] do_filp_open+0x20b/0x470 [ 212.063381][ T9981] ? __pfx_do_filp_open+0x10/0x10 [ 212.063434][ T9981] ? alloc_fd+0x471/0x7d0 [ 212.063481][ T9981] do_sys_openat2+0x11b/0x1d0 [ 212.063513][ T9981] ? __pfx_do_sys_openat2+0x10/0x10 [ 212.063560][ T9981] __x64_sys_openat+0x174/0x210 [ 212.063593][ T9981] ? __pfx___x64_sys_openat+0x10/0x10 [ 212.063640][ T9981] do_syscall_64+0xcd/0x490 [ 212.063671][ T9981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.063697][ T9981] RIP: 0033:0x7fc7ea78e9a9 [ 212.063719][ T9981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.063745][ T9981] RSP: 002b:00007fc7eb6db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 212.063771][ T9981] RAX: ffffffffffffffda RBX: 00007fc7ea9b5fa0 RCX: 00007fc7ea78e9a9 [ 212.063789][ T9981] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 212.063805][ T9981] RBP: 00007fc7ea810d69 R08: 0000000000000000 R09: 0000000000000000 [ 212.063820][ T9981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 212.063835][ T9981] R13: 0000000000000000 R14: 00007fc7ea9b5fa0 R15: 00007ffe84ae9e18 [ 212.063870][ T9981] [ 212.720058][ T30] audit: type=1800 audit(1753720677.709:47): pid=9997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.1450" name="features" dev="configfs" ino=24527 res=0 errno=0 [ 213.830927][T10043] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1469'. [ 213.847793][T10045] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1470'. [ 214.594948][T10074] netlink: 330 bytes leftover after parsing attributes in process `syz.8.1482'. [ 215.877070][T10127] FAULT_INJECTION: forcing a failure. [ 215.877070][T10127] name failslab, interval 1, probability 0, space 0, times 0 [ 215.926644][T10127] CPU: 0 UID: 0 PID: 10127 Comm: syz.8.1499 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 215.926683][T10127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 215.926700][T10127] Call Trace: [ 215.926709][T10127] [ 215.926721][T10127] dump_stack_lvl+0x16c/0x1f0 [ 215.926754][T10127] should_fail_ex+0x512/0x640 [ 215.926782][T10127] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 215.926824][T10127] should_failslab+0xc2/0x120 [ 215.926852][T10127] __kmalloc_cache_noprof+0x6a/0x3e0 [ 215.926886][T10127] ? lockdep_hardirqs_on+0x7c/0x110 [ 215.926906][T10127] ? cec_queue_event_fh+0x4ba/0xb40 [ 215.926950][T10127] cec_queue_event_fh+0x4ba/0xb40 [ 215.926997][T10127] cec_ioctl+0x20cc/0x2970 [ 215.927028][T10127] ? __pfx_cec_ioctl+0x10/0x10 [ 215.927056][T10127] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 215.927091][T10127] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 215.927129][T10127] ? do_vfs_ioctl+0x523/0x1a60 [ 215.927162][T10127] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 215.927225][T10127] ? hook_file_ioctl_common+0x145/0x410 [ 215.927265][T10127] ? __fget_files+0x20e/0x3c0 [ 215.927306][T10127] ? __pfx_cec_ioctl+0x10/0x10 [ 215.927332][T10127] __x64_sys_ioctl+0x18e/0x210 [ 215.927369][T10127] do_syscall_64+0xcd/0x490 [ 215.927398][T10127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.927426][T10127] RIP: 0033:0x7fc3fb98e9a9 [ 215.927448][T10127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.927472][T10127] RSP: 002b:00007fc3fc80d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 215.927497][T10127] RAX: ffffffffffffffda RBX: 00007fc3fbbb5fa0 RCX: 00007fc3fb98e9a9 [ 215.927514][T10127] RDX: 0000200000002c40 RSI: 0000000040046109 RDI: 0000000000000005 [ 215.927529][T10127] RBP: 00007fc3fba10d69 R08: 0000000000000000 R09: 0000000000000000 [ 215.927545][T10127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 215.927559][T10127] R13: 0000000000000000 R14: 00007fc3fbbb5fa0 R15: 00007ffebb16add8 [ 215.927595][T10127] [ 216.446135][T10141] block2mtd: error: cannot open device [ 216.666207][T10153] sctp: [Deprecated]: syz.1.1506 (pid 10153) Use of struct sctp_assoc_value in delayed_ack socket option. [ 216.666207][T10153] Use struct sctp_sack_info instead [ 217.003227][T10164] FAULT_INJECTION: forcing a failure. [ 217.003227][T10164] name failslab, interval 1, probability 0, space 0, times 0 [ 217.043516][T10164] CPU: 1 UID: 0 PID: 10164 Comm: syz.8.1512 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 217.043554][T10164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 217.043570][T10164] Call Trace: [ 217.043578][T10164] [ 217.043588][T10164] dump_stack_lvl+0x16c/0x1f0 [ 217.043622][T10164] should_fail_ex+0x512/0x640 [ 217.043650][T10164] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 217.043680][T10164] should_failslab+0xc2/0x120 [ 217.043709][T10164] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 217.043746][T10164] ? __kernfs_new_node+0xd2/0x8e0 [ 217.043792][T10164] __kernfs_new_node+0xd2/0x8e0 [ 217.043836][T10164] ? __pfx___kernfs_new_node+0x10/0x10 [ 217.043880][T10164] ? find_held_lock+0x2b/0x80 [ 217.043908][T10164] ? kernfs_root+0xee/0x2a0 [ 217.043936][T10164] kernfs_new_node+0x13c/0x1e0 [ 217.043970][T10164] __kernfs_create_file+0x53/0x350 [ 217.044007][T10164] sysfs_add_file_mode_ns+0x207/0x3c0 [ 217.044051][T10164] internal_create_group+0x578/0xf30 [ 217.044086][T10164] ? __pfx_internal_create_group+0x10/0x10 [ 217.044116][T10164] ? kernfs_create_link+0x1bd/0x240 [ 217.044154][T10164] internal_create_groups+0x9d/0x150 [ 217.044184][T10164] device_add+0x6d1/0x1a70 [ 217.044219][T10164] ? __pfx_device_add+0x10/0x10 [ 217.044252][T10164] ? lockdep_init_map_type+0x5c/0x280 [ 217.044288][T10164] ? __init_waitqueue_head+0xca/0x150 [ 217.044321][T10164] netdev_register_kobject+0x182/0x3a0 [ 217.044356][T10164] register_netdevice+0x13dc/0x2270 [ 217.044391][T10164] ? idr_alloc+0xdd/0x130 [ 217.044430][T10164] ? __pfx_register_netdevice+0x10/0x10 [ 217.044469][T10164] ppp_dev_configure+0x99b/0xc80 [ 217.044546][T10164] ppp_ioctl+0x17e0/0x2660 [ 217.044586][T10164] ? find_held_lock+0x2b/0x80 [ 217.044612][T10164] ? __pfx_ppp_ioctl+0x10/0x10 [ 217.044663][T10164] ? __fget_files+0x20e/0x3c0 [ 217.044713][T10164] ? __pfx_ppp_ioctl+0x10/0x10 [ 217.044748][T10164] __x64_sys_ioctl+0x18e/0x210 [ 217.044787][T10164] do_syscall_64+0xcd/0x490 [ 217.044818][T10164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.044845][T10164] RIP: 0033:0x7fc3fb98e9a9 [ 217.044866][T10164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.044887][T10164] RSP: 002b:00007fc3fc80d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 217.044912][T10164] RAX: ffffffffffffffda RBX: 00007fc3fbbb5fa0 RCX: 00007fc3fb98e9a9 [ 217.044930][T10164] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000007 [ 217.044945][T10164] RBP: 00007fc3fba10d69 R08: 0000000000000000 R09: 0000000000000000 [ 217.044964][T10164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 217.044979][T10164] R13: 0000000000000000 R14: 00007fc3fbbb5fa0 R15: 00007ffebb16add8 [ 217.045019][T10164] [ 218.020886][T10198] netlink: 342 bytes leftover after parsing attributes in process `syz.8.1524'. [ 218.282445][T10207] sctp: [Deprecated]: syz.8.1525 (pid 10207) Use of struct sctp_assoc_value in delayed_ack socket option. [ 218.282445][T10207] Use struct sctp_sack_info instead [ 218.716971][T10224] usb usb24: check_ctrlrecip: process 10224 (syz.6.1531) requesting ep 01 but needs 81 [ 218.738506][T10224] usb usb24: usbfs: process 10224 (syz.6.1531) did not claim interface 0 before use [ 220.409697][T10297] input: f, as /devices/virtual/input/input6 [ 220.645354][T10308] FAULT_INJECTION: forcing a failure. [ 220.645354][T10308] name failslab, interval 1, probability 0, space 0, times 0 [ 220.672532][T10308] CPU: 1 UID: 0 PID: 10308 Comm: syz.8.1558 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 220.672572][T10308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 220.672589][T10308] Call Trace: [ 220.672598][T10308] [ 220.672609][T10308] dump_stack_lvl+0x16c/0x1f0 [ 220.672642][T10308] should_fail_ex+0x512/0x640 [ 220.672669][T10308] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 220.672702][T10308] should_failslab+0xc2/0x120 [ 220.672732][T10308] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 220.672759][T10308] ? __kernfs_new_node+0xd2/0x8e0 [ 220.672803][T10308] __kernfs_new_node+0xd2/0x8e0 [ 220.672845][T10308] ? __pfx___kernfs_new_node+0x10/0x10 [ 220.672892][T10308] ? find_held_lock+0x2b/0x80 [ 220.672920][T10308] ? kernfs_root+0xee/0x2a0 [ 220.672952][T10308] kernfs_new_node+0x13c/0x1e0 [ 220.672987][T10308] __kernfs_create_file+0x53/0x350 [ 220.673024][T10308] sysfs_add_file_mode_ns+0x207/0x3c0 [ 220.673071][T10308] internal_create_group+0x578/0xf30 [ 220.673106][T10308] ? __pfx_internal_create_group+0x10/0x10 [ 220.673139][T10308] ? kernfs_create_link+0x1bd/0x240 [ 220.673177][T10308] internal_create_groups+0x9d/0x150 [ 220.673206][T10308] device_add+0x6d1/0x1a70 [ 220.673243][T10308] ? __pfx_device_add+0x10/0x10 [ 220.673275][T10308] ? lockdep_init_map_type+0x5c/0x280 [ 220.673310][T10308] ? __init_waitqueue_head+0xca/0x150 [ 220.673343][T10308] netdev_register_kobject+0x182/0x3a0 [ 220.673381][T10308] register_netdevice+0x13dc/0x2270 [ 220.673419][T10308] ? __pfx_register_netdevice+0x10/0x10 [ 220.673469][T10308] ? __pfx_loopback_net_init+0x10/0x10 [ 220.673510][T10308] register_netdev+0x34/0x50 [ 220.673541][T10308] loopback_net_init+0x7a/0x170 [ 220.673578][T10308] ? __pfx_loopback_net_init+0x10/0x10 [ 220.673612][T10308] ops_init+0x1df/0x5f0 [ 220.673646][T10308] setup_net+0x1ff/0x510 [ 220.673672][T10308] ? lockdep_init_map_type+0x5c/0x280 [ 220.673706][T10308] ? __pfx_setup_net+0x10/0x10 [ 220.673737][T10308] ? debug_mutex_init+0x37/0x70 [ 220.673768][T10308] copy_net_ns+0x2a6/0x5f0 [ 220.673803][T10308] create_new_namespaces+0x3ea/0xa90 [ 220.673843][T10308] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 220.673876][T10308] ksys_unshare+0x45b/0xa40 [ 220.673911][T10308] ? __pfx_ksys_unshare+0x10/0x10 [ 220.673946][T10308] ? xfd_validate_state+0x61/0x180 [ 220.673990][T10308] __x64_sys_unshare+0x31/0x40 [ 220.674022][T10308] do_syscall_64+0xcd/0x490 [ 220.674054][T10308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.674081][T10308] RIP: 0033:0x7fc3fb98e9a9 [ 220.674102][T10308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.674128][T10308] RSP: 002b:00007fc3fc80d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 220.674153][T10308] RAX: ffffffffffffffda RBX: 00007fc3fbbb5fa0 RCX: 00007fc3fb98e9a9 [ 220.674172][T10308] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 220.674188][T10308] RBP: 00007fc3fba10d69 R08: 0000000000000000 R09: 0000000000000000 [ 220.674204][T10308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 220.674220][T10308] R13: 0000000000000000 R14: 00007fc3fbbb5fa0 R15: 00007ffebb16add8 [ 220.674256][T10308] [ 223.094499][T10403] perf: Dynamic interrupt throttling disabled, can hang your system! [ 223.393466][T10416] input: f, as /devices/virtual/input/input7 [ 225.424295][T10489] FAULT_INJECTION: forcing a failure. [ 225.424295][T10489] name failslab, interval 1, probability 0, space 0, times 0 [ 225.445848][T10489] CPU: 1 UID: 0 PID: 10489 Comm: syz.8.1619 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 225.445890][T10489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 225.445916][T10489] Call Trace: [ 225.445925][T10489] [ 225.445935][T10489] dump_stack_lvl+0x16c/0x1f0 [ 225.445967][T10489] should_fail_ex+0x512/0x640 [ 225.445996][T10489] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 225.446029][T10489] should_failslab+0xc2/0x120 [ 225.446060][T10489] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 225.446086][T10489] ? kernfs_add_one+0x37d/0x840 [ 225.446113][T10489] ? __kernfs_new_node+0xd2/0x8e0 [ 225.446157][T10489] __kernfs_new_node+0xd2/0x8e0 [ 225.446197][T10489] ? kernfs_add_one+0x14e/0x840 [ 225.446224][T10489] ? __pfx___kernfs_new_node+0x10/0x10 [ 225.446271][T10489] ? find_held_lock+0x2b/0x80 [ 225.446300][T10489] ? kernfs_root+0xee/0x2a0 [ 225.446332][T10489] kernfs_new_node+0x13c/0x1e0 [ 225.446367][T10489] kernfs_create_link+0xcc/0x240 [ 225.446403][T10489] sysfs_do_create_link_sd+0x90/0x140 [ 225.446444][T10489] sysfs_create_link+0x61/0xc0 [ 225.446480][T10489] device_add+0x50a/0x1a70 [ 225.446516][T10489] ? __pfx_device_add+0x10/0x10 [ 225.446548][T10489] ? lockdep_init_map_type+0x5c/0x280 [ 225.446583][T10489] ? __init_waitqueue_head+0xca/0x150 [ 225.446617][T10489] netdev_register_kobject+0x182/0x3a0 [ 225.446653][T10489] register_netdevice+0x13dc/0x2270 [ 225.446691][T10489] ? __pfx_register_netdevice+0x10/0x10 [ 225.446732][T10489] ? __pfx_loopback_net_init+0x10/0x10 [ 225.446768][T10489] register_netdev+0x34/0x50 [ 225.446797][T10489] loopback_net_init+0x7a/0x170 [ 225.446838][T10489] ? __pfx_loopback_net_init+0x10/0x10 [ 225.446872][T10489] ops_init+0x1df/0x5f0 [ 225.446917][T10489] setup_net+0x1ff/0x510 [ 225.446945][T10489] ? lockdep_init_map_type+0x5c/0x280 [ 225.446981][T10489] ? __pfx_setup_net+0x10/0x10 [ 225.447013][T10489] ? debug_mutex_init+0x37/0x70 [ 225.447043][T10489] copy_net_ns+0x2a6/0x5f0 [ 225.447078][T10489] create_new_namespaces+0x3ea/0xa90 [ 225.447117][T10489] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 225.447150][T10489] ksys_unshare+0x45b/0xa40 [ 225.447184][T10489] ? __pfx_ksys_unshare+0x10/0x10 [ 225.447219][T10489] ? xfd_validate_state+0x61/0x180 [ 225.447263][T10489] __x64_sys_unshare+0x31/0x40 [ 225.447295][T10489] do_syscall_64+0xcd/0x490 [ 225.447326][T10489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.447353][T10489] RIP: 0033:0x7fc3fb98e9a9 [ 225.447375][T10489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.447400][T10489] RSP: 002b:00007fc3fc80d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 225.447427][T10489] RAX: ffffffffffffffda RBX: 00007fc3fbbb5fa0 RCX: 00007fc3fb98e9a9 [ 225.447446][T10489] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 225.447464][T10489] RBP: 00007fc3fba10d69 R08: 0000000000000000 R09: 0000000000000000 [ 225.447480][T10489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 225.447496][T10489] R13: 0000000000000000 R14: 00007fc3fbbb5fa0 R15: 00007ffebb16add8 [ 225.447533][T10489] [ 229.207095][T10643] netlink: 334 bytes leftover after parsing attributes in process `syz.7.1666'. [ 229.306188][T10649] netlink: 342 bytes leftover after parsing attributes in process `syz.7.1669'. [ 229.319942][T10649] netlink: 242 bytes leftover after parsing attributes in process `syz.7.1669'. [ 229.334620][T10649] netlink: 306 bytes leftover after parsing attributes in process `syz.7.1669'. [ 231.498812][T10728] FAULT_INJECTION: forcing a failure. [ 231.498812][T10728] name failslab, interval 1, probability 0, space 0, times 0 [ 231.564667][T10728] CPU: 0 UID: 0 PID: 10728 Comm: syz.7.1695 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 231.564705][T10728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 231.564719][T10728] Call Trace: [ 231.564728][T10728] [ 231.564739][T10728] dump_stack_lvl+0x16c/0x1f0 [ 231.564772][T10728] should_fail_ex+0x512/0x640 [ 231.564799][T10728] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 231.564831][T10728] should_failslab+0xc2/0x120 [ 231.564861][T10728] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 231.564887][T10728] ? __kernfs_new_node+0xd2/0x8e0 [ 231.564930][T10728] __kernfs_new_node+0xd2/0x8e0 [ 231.564972][T10728] ? __pfx___kernfs_new_node+0x10/0x10 [ 231.565020][T10728] ? find_held_lock+0x2b/0x80 [ 231.565048][T10728] ? kernfs_root+0xee/0x2a0 [ 231.565078][T10728] kernfs_new_node+0x13c/0x1e0 [ 231.565112][T10728] __kernfs_create_file+0x53/0x350 [ 231.565147][T10728] sysfs_add_file_mode_ns+0x207/0x3c0 [ 231.565195][T10728] internal_create_group+0x578/0xf30 [ 231.565231][T10728] ? __pfx_internal_create_group+0x10/0x10 [ 231.565263][T10728] ? kernfs_create_link+0x1bd/0x240 [ 231.565300][T10728] internal_create_groups+0x9d/0x150 [ 231.565328][T10728] device_add+0x6d1/0x1a70 [ 231.565366][T10728] ? __pfx_device_add+0x10/0x10 [ 231.565408][T10728] ? lockdep_init_map_type+0x5c/0x280 [ 231.565446][T10728] ? __init_waitqueue_head+0xca/0x150 [ 231.565480][T10728] netdev_register_kobject+0x182/0x3a0 [ 231.565519][T10728] register_netdevice+0x13dc/0x2270 [ 231.565556][T10728] ? __pfx_register_netdevice+0x10/0x10 [ 231.565588][T10728] ? __pfx_loopback_net_init+0x10/0x10 [ 231.565623][T10728] register_netdev+0x34/0x50 [ 231.565652][T10728] loopback_net_init+0x7a/0x170 [ 231.565692][T10728] ? __pfx_loopback_net_init+0x10/0x10 [ 231.565727][T10728] ops_init+0x1df/0x5f0 [ 231.565763][T10728] setup_net+0x1ff/0x510 [ 231.565791][T10728] ? lockdep_init_map_type+0x5c/0x280 [ 231.565828][T10728] ? __pfx_setup_net+0x10/0x10 [ 231.565860][T10728] ? debug_mutex_init+0x37/0x70 [ 231.565891][T10728] copy_net_ns+0x2a6/0x5f0 [ 231.565926][T10728] create_new_namespaces+0x3ea/0xa90 [ 231.565966][T10728] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 231.565996][T10728] ksys_unshare+0x45b/0xa40 [ 231.566030][T10728] ? __pfx_ksys_unshare+0x10/0x10 [ 231.566061][T10728] ? xfd_validate_state+0x61/0x180 [ 231.566105][T10728] __x64_sys_unshare+0x31/0x40 [ 231.566137][T10728] do_syscall_64+0xcd/0x490 [ 231.566168][T10728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.566194][T10728] RIP: 0033:0x7f431838e9a9 [ 231.566215][T10728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.566240][T10728] RSP: 002b:00007f431922a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 231.566267][T10728] RAX: ffffffffffffffda RBX: 00007f43185b5fa0 RCX: 00007f431838e9a9 [ 231.566285][T10728] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 231.566303][T10728] RBP: 00007f4318410d69 R08: 0000000000000000 R09: 0000000000000000 [ 231.566318][T10728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 231.566333][T10728] R13: 0000000000000000 R14: 00007f43185b5fa0 R15: 00007fffc6e10f98 [ 231.566369][T10728] [ 233.336690][T10794] netlink: 334 bytes leftover after parsing attributes in process `syz.8.1720'. [ 234.052581][T10821] FAULT_INJECTION: forcing a failure. [ 234.052581][T10821] name failslab, interval 1, probability 0, space 0, times 0 [ 234.101632][T10821] CPU: 1 UID: 0 PID: 10821 Comm: syz.8.1728 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 234.101668][T10821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 234.101684][T10821] Call Trace: [ 234.101693][T10821] [ 234.101704][T10821] dump_stack_lvl+0x16c/0x1f0 [ 234.101736][T10821] should_fail_ex+0x512/0x640 [ 234.101763][T10821] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 234.101791][T10821] should_failslab+0xc2/0x120 [ 234.101820][T10821] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 234.101846][T10821] ? __kernfs_new_node+0xd2/0x8e0 [ 234.101891][T10821] __kernfs_new_node+0xd2/0x8e0 [ 234.101945][T10821] ? __pfx___kernfs_new_node+0x10/0x10 [ 234.101996][T10821] ? find_held_lock+0x2b/0x80 [ 234.102025][T10821] ? kernfs_root+0xee/0x2a0 [ 234.102058][T10821] kernfs_new_node+0x13c/0x1e0 [ 234.102093][T10821] __kernfs_create_file+0x53/0x350 [ 234.102131][T10821] sysfs_add_file_mode_ns+0x207/0x3c0 [ 234.102177][T10821] internal_create_group+0x578/0xf30 [ 234.102212][T10821] ? __pfx_internal_create_group+0x10/0x10 [ 234.102244][T10821] ? kernfs_create_link+0x1bd/0x240 [ 234.102283][T10821] internal_create_groups+0x9d/0x150 [ 234.102312][T10821] device_add+0x6d1/0x1a70 [ 234.102348][T10821] ? __pfx_device_add+0x10/0x10 [ 234.102380][T10821] ? lockdep_init_map_type+0x5c/0x280 [ 234.102418][T10821] ? __init_waitqueue_head+0xca/0x150 [ 234.102452][T10821] netdev_register_kobject+0x182/0x3a0 [ 234.102490][T10821] register_netdevice+0x13dc/0x2270 [ 234.102527][T10821] ? __pfx_register_netdevice+0x10/0x10 [ 234.102563][T10821] ? __pfx_loopback_net_init+0x10/0x10 [ 234.102596][T10821] register_netdev+0x34/0x50 [ 234.102622][T10821] loopback_net_init+0x7a/0x170 [ 234.102657][T10821] ? __pfx_loopback_net_init+0x10/0x10 [ 234.102688][T10821] ops_init+0x1df/0x5f0 [ 234.102720][T10821] setup_net+0x1ff/0x510 [ 234.102745][T10821] ? lockdep_init_map_type+0x5c/0x280 [ 234.102779][T10821] ? __pfx_setup_net+0x10/0x10 [ 234.102811][T10821] ? debug_mutex_init+0x37/0x70 [ 234.102838][T10821] copy_net_ns+0x2a6/0x5f0 [ 234.102877][T10821] create_new_namespaces+0x3ea/0xa90 [ 234.102923][T10821] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 234.102956][T10821] ksys_unshare+0x45b/0xa40 [ 234.102987][T10821] ? __pfx_ksys_unshare+0x10/0x10 [ 234.103021][T10821] ? fput+0x70/0xf0 [ 234.103051][T10821] __x64_sys_unshare+0x31/0x40 [ 234.103082][T10821] do_syscall_64+0xcd/0x490 [ 234.103112][T10821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.103136][T10821] RIP: 0033:0x7fc3fb98e9a9 [ 234.103156][T10821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.103181][T10821] RSP: 002b:00007fc3fc80d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 234.103204][T10821] RAX: ffffffffffffffda RBX: 00007fc3fbbb5fa0 RCX: 00007fc3fb98e9a9 [ 234.103219][T10821] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 234.103232][T10821] RBP: 00007fc3fba10d69 R08: 0000000000000000 R09: 0000000000000000 [ 234.103245][T10821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 234.103258][T10821] R13: 0000000000000000 R14: 00007fc3fbbb5fa0 R15: 00007ffebb16add8 [ 234.103287][T10821] [ 234.494164][T10836] mmap: syz.7.1733 (10836) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 234.681892][T10841] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1736'. [ 234.764542][T10841] netlink: 242 bytes leftover after parsing attributes in process `syz.1.1736'. [ 235.475129][T10877] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1750'. [ 235.516754][T10877] netlink: 242 bytes leftover after parsing attributes in process `syz.1.1750'. [ 236.292725][T10912] netlink: 342 bytes leftover after parsing attributes in process `syz.7.1761'. [ 236.405026][T10912] netlink: 242 bytes leftover after parsing attributes in process `syz.7.1761'. [ 236.473661][T10923] FAULT_INJECTION: forcing a failure. [ 236.473661][T10923] name fail_futex, interval 1, probability 0, space 0, times 1 [ 236.490317][T10923] CPU: 0 UID: 0 PID: 10923 Comm: syz.6.1765 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 236.490356][T10923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 236.490373][T10923] Call Trace: [ 236.490383][T10923] [ 236.490394][T10923] dump_stack_lvl+0x16c/0x1f0 [ 236.490429][T10923] should_fail_ex+0x512/0x640 [ 236.490463][T10923] get_futex_key+0x1d0/0x1540 [ 236.490499][T10923] ? __pfx_get_futex_key+0x10/0x10 [ 236.490543][T10923] futex_wake+0xe7/0x4e0 [ 236.490581][T10923] ? __pfx_futex_wake+0x10/0x10 [ 236.490618][T10923] ? errseq_sample+0x53/0x70 [ 236.490645][T10923] ? file_init_path+0x4fe/0x760 [ 236.490683][T10923] do_futex+0x1e3/0x350 [ 236.490713][T10923] ? __pfx_do_futex+0x10/0x10 [ 236.490742][T10923] ? fd_install+0x225/0x750 [ 236.490785][T10923] __x64_sys_futex+0x1e0/0x4c0 [ 236.490817][T10923] ? __sys_socket+0xac/0x260 [ 236.490851][T10923] ? __pfx___x64_sys_futex+0x10/0x10 [ 236.490890][T10923] ? xfd_validate_state+0x61/0x180 [ 236.490938][T10923] do_syscall_64+0xcd/0x490 [ 236.490968][T10923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.490994][T10923] RIP: 0033:0x7fc7ea78e9a9 [ 236.491017][T10923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.491042][T10923] RSP: 002b:00007fc7eb6db0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 236.491068][T10923] RAX: ffffffffffffffda RBX: 00007fc7ea9b5fa8 RCX: 00007fc7ea78e9a9 [ 236.491086][T10923] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc7ea9b5fac [ 236.491102][T10923] RBP: 00007fc7ea9b5fa0 R08: 00007fc7eb6dc000 R09: 0000000000000000 [ 236.491119][T10923] R10: 0000000000000005 R11: 0000000000000246 R12: 00007fc7ea9b5fac [ 236.491135][T10923] R13: 0000000000000000 R14: 00007ffe84ae9d30 R15: 00007ffe84ae9e18 [ 236.491170][T10923] [ 237.374564][ T30] audit: type=1326 audit(1753720702.357:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10954 comm="syz.6.1775" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc7ea78e9a9 code=0x0 [ 237.951851][T10973] netlink: 326 bytes leftover after parsing attributes in process `syz.7.1779'. [ 238.813149][T11006] netlink: 'syz.6.1790': attribute type 4 has an invalid length. [ 238.822644][T11006] netlink: 314 bytes leftover after parsing attributes in process `syz.6.1790'. [ 240.422822][T11075] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1813'. [ 240.470579][T11077] netlink: 'syz.6.1814': attribute type 4 has an invalid length. [ 240.496336][T11077] netlink: 314 bytes leftover after parsing attributes in process `syz.6.1814'. [ 242.461900][T11156] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1839'. [ 246.844711][T11343] netlink: 342 bytes leftover after parsing attributes in process `syz.6.1905'. [ 246.887702][T11343] netlink: 342 bytes leftover after parsing attributes in process `syz.6.1905'. [ 247.292180][T11361] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1911'. [ 247.376153][T11366] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1913'. [ 247.673542][T11378] netlink: 'syz.7.1917': attribute type 3 has an invalid length. [ 248.491715][T11412] writes to the poll attribute are ignored. [ 248.498995][T11412] please use driver specific parameters instead. [ 250.456285][T11487] netlink: 'syz.8.1949': attribute type 3 has an invalid length. [ 251.948569][T11542] random: crng reseeded on system resumption [ 251.995071][T11542] Unrecognized hibernate image header format! [ 252.018818][T11542] PM: hibernation: Image mismatch: architecture specific data [ 255.534171][T11682] netlink: 'syz.1.2007': attribute type 11 has an invalid length. [ 255.567080][T11682] netlink: 'syz.1.2007': attribute type 11 has an invalid length. [ 255.615577][T11682] netlink: 'syz.1.2007': attribute type 11 has an invalid length. [ 255.623472][T11682] netlink: 'syz.1.2007': attribute type 11 has an invalid length. [ 255.679419][T11682] netlink: 'syz.1.2007': attribute type 11 has an invalid length. [ 256.005238][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.012147][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.719490][T11729] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2021'. [ 257.486599][T11754] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2031'. [ 257.692567][T11764] netlink: 'syz.7.2033': attribute type 3 has an invalid length. [ 258.227404][T11787] netlink: 326 bytes leftover after parsing attributes in process `syz.6.2041'. [ 258.330303][T11790] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2042'. [ 258.776448][T11805] : Can't lookup blockdev [ 261.792912][ T5855] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 261.807023][ T5855] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 261.821701][ T5855] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 261.863486][ T5855] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 261.894222][ T5855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 261.954448][T11910] FAULT_INJECTION: forcing a failure. [ 261.954448][T11910] name failslab, interval 1, probability 0, space 0, times 0 [ 262.005178][T11910] CPU: 1 UID: 0 PID: 11910 Comm: syz.6.2081 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 262.005213][T11910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 262.005228][T11910] Call Trace: [ 262.005237][T11910] [ 262.005247][T11910] dump_stack_lvl+0x16c/0x1f0 [ 262.005277][T11910] should_fail_ex+0x512/0x640 [ 262.005316][T11910] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 262.005358][T11910] should_failslab+0xc2/0x120 [ 262.005394][T11910] __kmalloc_cache_node_noprof+0x6d/0x420 [ 262.005432][T11910] ? __alloc_workqueue+0x506/0x1810 [ 262.005470][T11910] __alloc_workqueue+0x506/0x1810 [ 262.005523][T11910] alloc_workqueue+0xd2/0x200 [ 262.005555][T11910] ? __pfx_alloc_workqueue+0x10/0x10 [ 262.005593][T11910] ? rcu_is_watching+0x12/0xc0 [ 262.005620][T11910] ? trace_kmalloc+0x2b/0xd0 [ 262.005652][T11910] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 262.005691][T11910] ieee80211_register_hw+0x1e92/0x4140 [ 262.005732][T11910] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 262.005767][T11910] ? find_held_lock+0x2b/0x80 [ 262.005792][T11910] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 262.005825][T11910] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 262.005855][T11910] ? __hrtimer_setup+0x176/0x280 [ 262.005890][T11910] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 262.005935][T11910] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 262.005972][T11910] hwsim_new_radio_nl+0xb51/0x12c0 [ 262.006000][T11910] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 262.006037][T11910] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 262.006075][T11910] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 262.006119][T11910] genl_family_rcv_msg_doit+0x209/0x2f0 [ 262.006155][T11910] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 262.006188][T11910] ? trace_cap_capable+0x18d/0x200 [ 262.006225][T11910] ? bpf_lsm_capable+0x9/0x10 [ 262.006257][T11910] ? security_capable+0x7e/0x260 [ 262.006284][T11910] ? ns_capable+0xd7/0x110 [ 262.006311][T11910] genl_rcv_msg+0x55c/0x800 [ 262.006350][T11910] ? __pfx_genl_rcv_msg+0x10/0x10 [ 262.006385][T11910] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 262.006425][T11910] netlink_rcv_skb+0x158/0x420 [ 262.006454][T11910] ? __pfx_genl_rcv_msg+0x10/0x10 [ 262.006500][T11910] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 262.006548][T11910] ? netlink_deliver_tap+0x1ae/0xd30 [ 262.006584][T11910] genl_rcv+0x28/0x40 [ 262.006614][T11910] netlink_unicast+0x58a/0x850 [ 262.006651][T11910] ? __pfx_netlink_unicast+0x10/0x10 [ 262.006694][T11910] netlink_sendmsg+0x8d1/0xdd0 [ 262.006732][T11910] ? __pfx_netlink_sendmsg+0x10/0x10 [ 262.006779][T11910] ____sys_sendmsg+0xa95/0xc70 [ 262.006814][T11910] ? copy_msghdr_from_user+0x10a/0x160 [ 262.006841][T11910] ? __pfx_____sys_sendmsg+0x10/0x10 [ 262.006884][T11910] ? __pfx_futex_wake_mark+0x10/0x10 [ 262.006925][T11910] ___sys_sendmsg+0x134/0x1d0 [ 262.006952][T11910] ? __pfx____sys_sendmsg+0x10/0x10 [ 262.006974][T11910] ? __lock_acquire+0x622/0x1c90 [ 262.007055][T11910] __sys_sendmsg+0x16d/0x220 [ 262.007083][T11910] ? __pfx___sys_sendmsg+0x10/0x10 [ 262.007106][T11910] ? __x64_sys_futex+0x1e0/0x4c0 [ 262.007156][T11910] do_syscall_64+0xcd/0x490 [ 262.007186][T11910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.007211][T11910] RIP: 0033:0x7fc7ea78e9a9 [ 262.007233][T11910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.007259][T11910] RSP: 002b:00007fc7eb6db038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 262.007283][T11910] RAX: ffffffffffffffda RBX: 00007fc7ea9b5fa0 RCX: 00007fc7ea78e9a9 [ 262.007299][T11910] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000007 [ 262.007316][T11910] RBP: 00007fc7ea810d69 R08: 0000000000000000 R09: 0000000000000000 [ 262.007332][T11910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 262.007347][T11910] R13: 0000000000000000 R14: 00007fc7ea9b5fa0 R15: 00007ffe84ae9e18 [ 262.007384][T11910] [ 262.928747][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.975439][T11907] chnl_net:caif_netlink_parms(): no params data found [ 263.200037][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.362288][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.619851][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.934490][T11907] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.945389][T11907] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.957775][T11907] bridge_slave_0: entered allmulticast mode [ 263.972394][T11907] bridge_slave_0: entered promiscuous mode [ 264.000311][T11907] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.008244][ T5847] Bluetooth: hci3: command tx timeout [ 264.044855][T11907] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.084934][T11907] bridge_slave_1: entered allmulticast mode [ 264.093941][T11907] bridge_slave_1: entered promiscuous mode [ 264.166297][T11907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 264.214950][T11907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 264.304804][T11907] team0: Port device team_slave_0 added [ 264.335195][T11907] team0: Port device team_slave_1 added [ 264.411552][T11907] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 264.419807][T11907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 264.463041][T11907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 264.491948][T11907] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 264.508273][T11907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 264.563903][T11907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 264.581712][ T12] bridge_slave_1: left allmulticast mode [ 264.587451][ T12] bridge_slave_1: left promiscuous mode [ 264.593833][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.603613][ T12] bridge_slave_0: left allmulticast mode [ 264.610139][ T12] bridge_slave_0: left promiscuous mode [ 264.615935][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.031787][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 265.043158][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 265.054993][ T12] bond0 (unregistering): Released all slaves [ 265.134329][T11907] hsr_slave_0: entered promiscuous mode [ 265.143086][T11907] hsr_slave_1: entered promiscuous mode [ 265.149885][T11907] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 265.159939][T11907] Cannot create hsr debugfs directory [ 265.403900][ T12] hsr_slave_0: left promiscuous mode [ 265.411173][ T12] hsr_slave_1: left promiscuous mode [ 265.417599][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 265.425710][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 265.435527][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 265.445017][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 265.475610][ T12] veth1_macvtap: left promiscuous mode [ 265.484741][ T12] veth0_macvtap: left promiscuous mode [ 265.493573][ T12] veth1_vlan: left promiscuous mode [ 265.501157][ T12] veth0_vlan: left promiscuous mode [ 266.084979][ T5847] Bluetooth: hci3: command tx timeout [ 266.184247][ T12] team0 (unregistering): Port device team_slave_1 removed [ 266.238006][ T12] team0 (unregistering): Port device team_slave_0 removed [ 267.266747][T11907] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 267.291352][T11907] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 267.305497][T11907] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 267.317762][T11907] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 267.434667][T11907] 8021q: adding VLAN 0 to HW filter on device bond0 [ 267.467133][T11907] 8021q: adding VLAN 0 to HW filter on device team0 [ 267.484445][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.491738][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 267.519382][ T4478] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.526669][ T4478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 267.894429][T11907] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 267.966819][T11907] veth0_vlan: entered promiscuous mode [ 267.986346][T11907] veth1_vlan: entered promiscuous mode [ 268.052071][T11907] veth0_macvtap: entered promiscuous mode [ 268.068644][T11907] veth1_macvtap: entered promiscuous mode [ 268.101994][T11907] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 268.127040][T11907] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 268.148637][T11907] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.158032][T11907] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.171938][ T5847] Bluetooth: hci3: command tx timeout [ 268.172157][T11907] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.186770][T11907] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.316545][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.342433][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.393398][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.402381][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.246462][ T5847] Bluetooth: hci3: command tx timeout [ 317.472921][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.479400][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 325.659567][ T5217] udevd[5217]: worker [5846] /devices/pci0000:00/0000:00:03.0/virtio0/host0/target0:0:1/0:0:1:0/block/sda is taking a long time [ 378.941064][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.947756][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 386.139364][ T5855] Bluetooth: hci3: command 0x0406 tx timeout [ 408.390523][ T31] INFO: task syz.7.2109:11986 blocked for more than 143 seconds. [ 408.398336][ T31] Not tainted 6.16.0-syzkaller #0 [ 408.409337][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 408.418187][ T31] task:syz.7.2109 state:D stack:28360 pid:11986 tgid:11986 ppid:8744 task_flags:0x440040 flags:0x00004004 [ 408.430332][ T31] Call Trace: [ 408.433657][ T31] [ 408.436619][ T31] __schedule+0x116a/0x5dd0 [ 408.442563][ T31] ? __lock_acquire+0x622/0x1c90 [ 408.447594][ T31] ? __pfx___schedule+0x10/0x10 [ 408.452713][ T31] ? find_held_lock+0x2b/0x80 [ 408.457550][ T31] ? schedule+0x2d7/0x3a0 [ 408.463138][ T31] schedule+0xe7/0x3a0 [ 408.467280][ T31] io_schedule+0xbf/0x130 [ 408.472280][ T31] bit_wait_io+0x15/0xe0 [ 408.476588][ T31] __wait_on_bit+0x62/0x180 [ 408.482513][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 408.487527][ T31] out_of_line_wait_on_bit+0xd9/0x110 [ 408.493400][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 408.499439][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 408.505164][ T31] do_get_write_access+0x93d/0x1320 [ 408.510498][ T31] jbd2_journal_get_write_access+0x1d6/0x280 [ 408.516527][ T31] __ext4_journal_get_write_access+0x6a/0x340 [ 408.522797][ T31] ext4_reserve_inode_write+0x1be/0x340 [ 408.528492][ T31] __ext4_mark_inode_dirty+0x197/0x870 [ 408.534139][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 408.540245][ T31] ? rcu_is_watching+0x12/0xc0 [ 408.545070][ T31] ? trace_jbd2_handle_start+0x1a8/0x230 [ 408.551103][ T31] ? jbd2__journal_start+0xf6/0x6a0 [ 408.556710][ T31] ? __ext4_journal_start_sb+0x195/0x690 [ 408.562533][ T31] ? __ext4_journal_start_sb+0x19e/0x690 [ 408.568683][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 408.574305][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 408.579726][ T31] ext4_dirty_inode+0xd9/0x130 [ 408.584933][ T31] ? rcu_is_watching+0x12/0xc0 [ 408.589783][ T31] __mark_inode_dirty+0x1eb/0xe50 [ 408.595495][ T31] generic_update_time+0xcf/0xf0 [ 408.600831][ T31] file_update_time+0x17d/0x1c0 [ 408.605740][ T31] ext4_page_mkwrite+0x35e/0x1760 [ 408.610929][ T31] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 408.616436][ T31] ? pte_alloc_one+0x2b6/0x3a0 [ 408.621262][ T31] do_page_mkwrite+0x174/0x380 [ 408.626142][ T31] __handle_mm_fault+0x3829/0x5490 [ 408.631492][ T31] ? __pfx___handle_mm_fault+0x10/0x10 [ 408.637043][ T31] ? lock_vma_under_rcu+0x47d/0x970 [ 408.642355][ T31] ? lock_vma_under_rcu+0x47d/0x970 [ 408.647668][ T31] handle_mm_fault+0x589/0xd10 [ 408.652619][ T31] ? __pkru_allows_pkey+0x51/0xb0 [ 408.657787][ T31] do_user_addr_fault+0x60c/0x1370 [ 408.663001][ T31] ? rcu_is_watching+0x12/0xc0 [ 408.668727][ T31] exc_page_fault+0x5c/0xb0 [ 408.673578][ T31] asm_exc_page_fault+0x26/0x30 [ 408.678493][ T31] RIP: 0033:0x7f43182654cb [ 408.682987][ T31] RSP: 002b:00007fffc6e11100 EFLAGS: 00010246 [ 408.689155][ T31] RAX: 00000000003ffde8 RBX: 0000000000000000 RCX: 0000000000000000 [ 408.697749][ T31] RDX: 0000001b2cb20000 RSI: 0000000000400000 RDI: 00007f4318499750 [ 408.706224][ T31] RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000040000 [ 408.714587][ T31] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 408.723557][ T31] R13: 00000000000927c0 R14: 0000000000040869 R15: 00007fffc6e113b0 [ 408.731917][ T31] [ 408.735134][ T31] INFO: task syz.6.2110:11987 blocked for more than 143 seconds. [ 408.742978][ T31] Not tainted 6.16.0-syzkaller #0 [ 408.748554][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 408.757516][ T31] task:syz.6.2110 state:D stack:27816 pid:11987 tgid:11987 ppid:8250 task_flags:0x440040 flags:0x00004004 [ 408.770176][ T31] Call Trace: [ 408.775335][ T31] [ 408.778329][ T31] __schedule+0x116a/0x5dd0 [ 408.782988][ T31] ? __lock_acquire+0x622/0x1c90 [ 408.787979][ T31] ? __pfx___schedule+0x10/0x10 [ 408.794926][ T31] ? find_held_lock+0x2b/0x80 [ 408.799704][ T31] ? schedule+0x2d7/0x3a0 [ 408.804598][ T31] schedule+0xe7/0x3a0 [ 408.808724][ T31] io_schedule+0xbf/0x130 [ 408.813211][ T31] bit_wait_io+0x15/0xe0 [ 408.817776][ T31] __wait_on_bit+0x62/0x180 [ 408.823242][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 408.828313][ T31] out_of_line_wait_on_bit+0xd9/0x110 [ 408.833864][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 408.839962][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 408.845584][ T31] do_get_write_access+0x93d/0x1320 [ 408.850861][ T31] jbd2_journal_get_write_access+0x1d6/0x280 [ 408.856888][ T31] __ext4_journal_get_write_access+0x6a/0x340 [ 408.863082][ T31] ext4_reserve_inode_write+0x1be/0x340 [ 408.868799][ T31] __ext4_mark_inode_dirty+0x197/0x870 [ 408.875222][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 408.881454][ T31] ? rcu_is_watching+0x12/0xc0 [ 408.886274][ T31] ? trace_jbd2_handle_start+0x1a8/0x230 [ 408.892010][ T31] ? jbd2__journal_start+0xf6/0x6a0 [ 408.897268][ T31] ? __ext4_journal_start_sb+0x195/0x690 [ 408.904040][ T31] ? __ext4_journal_start_sb+0x19e/0x690 [ 408.909754][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 408.914766][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 408.920193][ T31] ext4_dirty_inode+0xd9/0x130 [ 408.925042][ T31] ? rcu_is_watching+0x12/0xc0 [ 408.929935][ T31] __mark_inode_dirty+0x1eb/0xe50 [ 408.935106][ T31] generic_update_time+0xcf/0xf0 [ 408.940185][ T31] file_update_time+0x17d/0x1c0 [ 408.946463][ T31] ext4_page_mkwrite+0x35e/0x1760 [ 408.951637][ T31] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 408.957172][ T31] ? pte_alloc_one+0x2b6/0x3a0 [ 408.962091][ T31] do_page_mkwrite+0x174/0x380 [ 408.966909][ T31] __handle_mm_fault+0x3829/0x5490 [ 408.972140][ T31] ? __pfx___handle_mm_fault+0x10/0x10 [ 408.978189][ T31] ? lock_vma_under_rcu+0x47d/0x970 [ 408.983502][ T31] ? lock_vma_under_rcu+0x47d/0x970 [ 408.988771][ T31] handle_mm_fault+0x589/0xd10 [ 408.993683][ T31] ? __pkru_allows_pkey+0x51/0xb0 [ 408.998759][ T31] do_user_addr_fault+0x60c/0x1370 [ 409.003992][ T31] ? rcu_is_watching+0x12/0xc0 [ 409.008891][ T31] exc_page_fault+0x5c/0xb0 [ 409.013629][ T31] asm_exc_page_fault+0x26/0x30 [ 409.018541][ T31] RIP: 0033:0x7fc7ea6654cb [ 409.023067][ T31] RSP: 002b:00007ffe84ae9f80 EFLAGS: 00010246 [ 409.029165][ T31] RAX: 00000000003ffde8 RBX: 0000000000000000 RCX: 0000000000000000 [ 409.037221][ T31] RDX: 0000001b2e520000 RSI: 0000000000400000 RDI: 00007fc7ea899750 [ 409.045562][ T31] RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000040000 [ 409.053867][ T31] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 409.062038][ T31] R13: 00000000000927c0 R14: 0000000000040894 R15: 00007ffe84aea230 [ 409.070173][ T31] [ 409.073631][ T31] [ 409.073631][ T31] Showing all locks held in the system: [ 409.082333][ T31] 1 lock held by khungtaskd/31: [ 409.087235][ T31] #0: ffffffff8e5c4c80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 409.097419][ T31] 1 lock held by klogd/5206: [ 409.102113][ T31] #0: ffff8880b843a418 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 409.112227][ T31] 2 locks held by getty/5607: [ 409.116956][ T31] #0: ffff8880364220a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 409.126883][ T31] #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 409.137178][ T31] 3 locks held by syz-executor/5834: [ 409.142551][ T31] #0: ffff888032d31948 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370 [ 409.151983][ T31] #1: ffff88803425a520 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x174/0x380 [ 409.161605][ T31] #2: ffff88803425e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410 [ 409.171546][ T31] 3 locks held by syz-executor/11907: [ 409.176933][ T31] #0: ffff88803425a428 (sb_writers#4){.+.+}-{0:0}, at: filename_create+0x10e/0x4a0 [ 409.187119][ T31] #1: ffff88805b5e33b0 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1bb/0x4a0 [ 409.198082][ T31] #2: ffff88803425e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410 [ 409.207904][ T31] 3 locks held by syz.7.2109/11986: [ 409.213177][ T31] #0: ffff88805ecb1948 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370 [ 409.222615][ T31] #1: ffff88803425a520 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x174/0x380 [ 409.232421][ T31] #2: ffff88803425e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410 [ 409.242143][ T31] 3 locks held by syz.6.2110/11987: [ 409.247377][ T31] #0: ffff888064c61588 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370 [ 409.256842][ T31] #1: ffff88803425a520 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x174/0x380 [ 409.266428][ T31] #2: ffff88803425e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410 [ 409.276199][ T31] 3 locks held by syz.8.2111/11988: [ 409.282199][ T31] #0: ffff8880616bdbc8 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370 [ 409.291686][ T31] #1: ffff88803425a520 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x174/0x380 [ 409.301563][ T31] #2: ffff88803425e950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410 [ 409.311323][ T31] [ 409.313700][ T31] ============================================= [ 409.313700][ T31] [ 409.322235][ T31] NMI backtrace for cpu 1 [ 409.322258][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 409.322286][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 409.322308][ T31] Call Trace: [ 409.322315][ T31] [ 409.322322][ T31] dump_stack_lvl+0x116/0x1f0 [ 409.322353][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 409.322383][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 409.322496][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 409.322532][ T31] watchdog+0xf70/0x12c0 [ 409.322568][ T31] ? __pfx_watchdog+0x10/0x10 [ 409.322596][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 409.322622][ T31] ? __kthread_parkme+0x19e/0x250 [ 409.322651][ T31] ? __pfx_watchdog+0x10/0x10 [ 409.322682][ T31] kthread+0x3c5/0x780 [ 409.322717][ T31] ? __pfx_kthread+0x10/0x10 [ 409.322752][ T31] ? rcu_is_watching+0x12/0xc0 [ 409.322864][ T31] ? __pfx_kthread+0x10/0x10 [ 409.322906][ T31] ret_from_fork+0x5d4/0x6f0 [ 409.322937][ T31] ? __pfx_kthread+0x10/0x10 [ 409.322966][ T31] ret_from_fork_asm+0x1a/0x30 [ 409.323006][ T31] [ 409.323016][ T31] Sending NMI from CPU 1 to CPUs 0: [ 409.440795][ C0] NMI backtrace for cpu 0 [ 409.440813][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 409.440841][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 409.440855][ C0] RIP: 0010:unwind_next_frame+0xbd4/0x20a0 [ 409.440895][ C0] Code: 80 3c 16 00 0f 85 29 11 00 00 48 8b 14 24 49 89 45 48 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 50 11 00 00 <4c> 89 e2 4d 89 75 38 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 [ 409.440917][ C0] RSP: 0018:ffffc900000077d0 EFLAGS: 00000046 [ 409.440936][ C0] RAX: dffffc0000000000 RBX: 0000000000000002 RCX: ffffffff91437178 [ 409.440951][ C0] RDX: 1ffff92000000f0f RSI: 1ffff92000000f11 RDI: ffffc90000007f18 [ 409.440967][ C0] RBP: ffffc90000007888 R08: ffffffff9143717c R09: 0000000000000001 [ 409.440982][ C0] R10: 0000000000000000 R11: 000000000000a812 R12: ffffc90000007890 [ 409.440996][ C0] R13: ffffc90000007840 R14: ffffc90000007f20 R15: ffffc90000007874 [ 409.441012][ C0] FS: 0000000000000000(0000) GS:ffff88812472d000(0000) knlGS:0000000000000000 [ 409.441033][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 409.441048][ C0] CR2: 0000558af6129168 CR3: 000000000e382000 CR4: 00000000003526f0 [ 409.441063][ C0] Call Trace: [ 409.441070][ C0] [ 409.441078][ C0] ? run_timer_base+0x114/0x190 [ 409.441109][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 409.441136][ C0] arch_stack_walk+0x94/0x100 [ 409.441160][ C0] ? run_timer_softirq+0x1a/0x40 [ 409.441190][ C0] stack_trace_save+0x8e/0xc0 [ 409.441214][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 409.441241][ C0] ? __lock_acquire+0xb8a/0x1c90 [ 409.441271][ C0] kasan_save_stack+0x33/0x60 [ 409.441293][ C0] ? kasan_save_stack+0x33/0x60 [ 409.441313][ C0] ? kasan_record_aux_stack+0xa7/0xc0 [ 409.441343][ C0] ? insert_work+0x36/0x230 [ 409.441373][ C0] ? __queue_work+0x3f8/0x10f0 [ 409.441402][ C0] ? call_timer_fn+0x19a/0x620 [ 409.441426][ C0] ? __run_timers+0x569/0x960 [ 409.441452][ C0] ? run_timer_base+0x114/0x190 [ 409.441508][ C0] kasan_record_aux_stack+0xa7/0xc0 [ 409.441538][ C0] insert_work+0x36/0x230 [ 409.441569][ C0] __queue_work+0x3f8/0x10f0 [ 409.441605][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 409.441627][ C0] call_timer_fn+0x19a/0x620 [ 409.441652][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 409.441681][ C0] ? __run_timers+0x559/0x960 [ 409.441708][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 409.441731][ C0] __run_timers+0x569/0x960 [ 409.441761][ C0] ? __pfx___run_timers+0x10/0x10 [ 409.441799][ C0] run_timer_base+0x114/0x190 [ 409.441825][ C0] ? __pfx_run_timer_base+0x10/0x10 [ 409.441852][ C0] ? rcu_is_watching+0x12/0xc0 [ 409.441877][ C0] run_timer_softirq+0x1a/0x40 [ 409.441904][ C0] handle_softirqs+0x219/0x8e0 [ 409.441931][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 409.441959][ C0] __irq_exit_rcu+0x109/0x170 [ 409.441982][ C0] irq_exit_rcu+0x9/0x30 [ 409.442004][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 409.442039][ C0] [ 409.442046][ C0] [ 409.442054][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 409.442079][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 409.442112][ C0] Code: bb 70 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 57 27 00 fb f4 8c fb 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 409.442134][ C0] RSP: 0018:ffffffff8e207e08 EFLAGS: 000002c6 [ 409.442150][ C0] RAX: 000000000016ad8d RBX: 0000000000000000 RCX: ffffffff8b82bc69 [ 409.442165][ C0] RDX: 0000000000000000 RSI: ffffffff8de29ce7 RDI: ffffffff8c155e60 [ 409.442180][ C0] RBP: fffffbfff1c52ef0 R08: 0000000000000001 R09: ffffed1017086645 [ 409.442194][ C0] R10: ffff8880b843322b R11: 0000000000000001 R12: 0000000000000000 [ 409.442209][ C0] R13: ffffffff8e297780 R14: ffffffff90a95d50 R15: 0000000000000000 [ 409.442228][ C0] ? ct_kernel_exit+0x139/0x190 [ 409.442253][ C0] default_idle+0x13/0x20 [ 409.442276][ C0] default_idle_call+0x6d/0xb0 [ 409.442300][ C0] do_idle+0x391/0x510 [ 409.442323][ C0] ? __pfx_do_idle+0x10/0x10 [ 409.442346][ C0] ? trace_sched_exit_tp+0x31/0x130 [ 409.442376][ C0] cpu_startup_entry+0x4f/0x60 [ 409.442399][ C0] rest_init+0x16b/0x2b0 [ 409.442424][ C0] ? acpi_subsystem_init+0x133/0x180 [ 409.442452][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 409.442486][ C0] start_kernel+0x3ee/0x4d0 [ 409.442531][ C0] x86_64_start_reservations+0x18/0x30 [ 409.442562][ C0] x86_64_start_kernel+0x130/0x190 [ 409.442594][ C0] common_startup_64+0x13e/0x148 [ 409.442624][ C0] [ 409.443308][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 409.897279][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 409.907024][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 409.917275][ T31] Call Trace: [ 409.920649][ T31] [ 409.923582][ T31] dump_stack_lvl+0x3d/0x1f0 [ 409.928286][ T31] panic+0x71c/0x800 [ 409.932371][ T31] ? __pfx_panic+0x10/0x10 [ 409.936888][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 409.942279][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 409.948390][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 409.953777][ T31] ? watchdog+0xdda/0x12c0 [ 409.958217][ T31] ? watchdog+0xdcd/0x12c0 [ 409.962755][ T31] watchdog+0xdeb/0x12c0 [ 409.967030][ T31] ? __pfx_watchdog+0x10/0x10 [ 409.971733][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 409.977036][ T31] ? __kthread_parkme+0x19e/0x250 [ 409.982088][ T31] ? __pfx_watchdog+0x10/0x10 [ 409.986879][ T31] kthread+0x3c5/0x780 [ 409.990964][ T31] ? __pfx_kthread+0x10/0x10 [ 409.995579][ T31] ? rcu_is_watching+0x12/0xc0 [ 410.000361][ T31] ? __pfx_kthread+0x10/0x10 [ 410.005082][ T31] ret_from_fork+0x5d4/0x6f0 [ 410.009723][ T31] ? __pfx_kthread+0x10/0x10 [ 410.014365][ T31] ret_from_fork_asm+0x1a/0x30 [ 410.019196][ T31] [ 410.022554][ T31] Kernel Offset: disabled [ 410.026896][ T31] Rebooting in 86400 seconds..