last executing test programs: 5.310246505s ago: executing program 2 (id=2314): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x20000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x9) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) ioctl$auto(r1, 0x5403, 0x3) close_range$auto(0x2, 0x8, 0x0) openat$auto_hpet_fops_hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x2100, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'caif0\x00'}) unshare$auto(0xfff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040071}, 0x48000) socket(0x15, 0x5, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x2a, 0x2, 0x1) r3 = openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x418000, 0x0) getitimer$auto(0x2, &(0x7f0000000040)={{0x8, 0x8001}, {0x0, 0x5}}) ioctl$auto_SCSI_IOCTL_TEST_UNIT_READY(r3, 0x2, &(0x7f00000002c0)="a3ed6f6f68d0c6c50a5921fd30c0b1cb4b65ce2686bb4643fa0b8441b754d8b0de895b6c72af8de1d04b9a139ae0b7cda50f529086d05128e263d381abbd39dec8432e216e901d2baa9372b416c7d0b10d979cd5e5e3b604f974999cb41bd6812310a9075b20953e0b09fd660aa22a7d208618340957ae8a334456ee5a96a2f7ad8e1286cb610f1c6d2e1f4d") connect$auto(r2, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) r4 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000008040), 0x2, 0x0) ioctl$auto_I2C_SMBUS(r4, 0x720, 0x0) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xca, 0x0, 0x566) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000340)={{@raw=0x6, 0xfffff376, 0x7, 0xfffff520, "24254fa23e4619126a2885a083d045026abf54c1e685ecf12a67cccde0136896384eb78fb91698aa22b4053e"}, 0x0, @integer=@value=[0x7, 0x7fffffffffffffff, 0x0, 0x0, 0x7fe000000, 0xa0, 0xe, 0x1, 0x8, 0x3, 0x1, 0xbe9f, 0x7, 0x395, 0x9, 0x800, 0x6, 0x50, 0x1, 0x6, 0x1, 0xfffffffffffff001, 0x8, 0x7, 0x1, 0xfffffffffffffff1, 0x6, 0x6, 0x1, 0xcb, 0x81, 0xc8c2, 0x101, 0x8, 0x5, 0x655, 0x80000001, 0x7, 0x3, 0x4, 0x6, 0x4c2, 0x80000001, 0x7, 0x5, 0x5, 0x10001, 0x80000000, 0x2, 0x8000000000000000, 0x480e9ca3, 0x3, 0x8000000000000001, 0x1ff, 0x5c77, 0x0, 0x52566248, 0x8001, 0x8, 0x7fffffff, 0x9, 0x7ff, 0x7, 0x3ff, 0x2, 0x7, 0x1, 0x9, 0x5, 0x2, 0xf2f0, 0x8, 0xef, 0xc87, 0x81, 0x6, 0xffffffffffffffff, 0x3235, 0x0, 0x1, 0x10000, 0x2, 0x8000000000000001, 0x5, 0x2, 0x0, 0x9, 0x10000, 0x9, 0x6, 0x8f, 0x52c59afe, 0x3, 0x5, 0x7ff, 0x3, 0x3, 0xd4c, 0x10, 0x4, 0xff, 0xaff, 0x7fffffffffffffff, 0x0, 0x3, 0x200, 0x7, 0xfffffffffffffffd, 0x5, 0xffffffffffffffff, 0x7ff, 0x282, 0xb, 0x3, 0x6, 0xb8, 0x6, 0x6, 0x0, 0x7, 0x4, 0xffff, 0x8001, 0x7, 0xa33, 0x10001, 0x7, 0x6], "ba3a8779c0e2a0d4d9b9b8feff9df3e0ea4c51bb9da2f1afc1af63571b98049a888ac6734639350d6edd8b2960d5703832193025ba0653c24fcd7e7260f8c81677ef856c90144b310ac842ba707535dddb4211cab5c244915bed09fb928ce64d2a8c6ef3628fb22ef9cf3c1b312ab6fa6d205ea86c0912a5a208787a87499025"}) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) 4.474913861s ago: executing program 3 (id=2319): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x5) sysfs$auto(0x2, 0x1d, 0x0) fsopen$auto(0x0, 0x1) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) r0 = socket(0xa, 0x1, 0x100) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC1D1c\x00', 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(r1, 0xc1004111, 0x0) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, &(0x7f00000001c0)='/dev/virtual_nci\x00', &(0x7f0000000240)=0x7) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r2, 0x0, 0x7ff, 0x400) r3 = socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f00000000c0)='/Ee\x8a/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdb\x10\x00\x00\x00\xed$\x9b}\xa0\xf4\at\xdc\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\xedG}\x12\x87\x8fI{\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x20d, 0x8001, 0x4000948c, 0x6, 0x7f, 0x0, 0x8, 0x62, 0x8000001f, 0x3, 0x6, 0x9, 0x2, 0x6]}, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) inotify_init1$auto(0x403) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) sendmsg$auto_IPVS_CMD_FLUSH(r3, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f0000000640)=ANY=[@ANYBLOB="6c010000", @ANYRES16=0x0, @ANYBLOB="080025bd7000ffdbdf25110000000800050006000000080004000900000008000400040000000800060000000000300101802901048004000d80040049800400488004002600ad5d079172db3691f31015fadd64b9c931790efa800119514b7503daebc29a40309d5c7953853d16920c55059408001e00ac1414aa0500460000000000f746e4ceb215f9ad8a0b3d3c0291e872c69279e298f2763cecc21bca1d5023aa95adcffdd1f55d17d23664c07ccd27046599633761ae38dd2d1382aff1a1163982df04f1f23275332711104e421d771ddda8fcee19e1ed3f79f52e0fe787d2f2af50f256747bd0aaa67390631906ed21ba4bfd683b69ab229223cdc1f014e2c991d7213b162d3b7c4860fb679b7e0d5cea2b70b470b6f02ceb846f60706702dd158a0d9afebd432fe560f985b78cb61d88d2b3145a74736efee47c57ec42c7cc71dd1e001047807f02e40efbd83114a8032604911d92e4df00000008000500040000002f14512caf92930d217e96cefadf49bb76f03d47280c4043f53b23c349997482ce48ca9e5a4df7a5ad42b551a84565348edcec66632a3d41d68b4b56670d136ef5f03846b49917dc3c8db202c58743b96a50d1470c9e39b5c55ee4a8da2a55cb92d310872f06ac3c1a9d4a54f06e2477d5a865e153ec55734e04ae1e28e42487315aaca6fe8958529a86adbaf94dfd3eb6dfdbaa45fb5da5a107cf55c1f33297d99bef678e0d8f2f3f86479d943472c6f862238cf80603304a563a6bd39c90cbe5185bdca470843ce01bed0fbbc892cb5a846bc02014a65019ac934f3b94a83225433f78ba3e17a960"], 0x16c}, 0x1, 0x0, 0x0, 0x20018810}, 0x44040) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x410040, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x7fff) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x3a) 4.341856619s ago: executing program 2 (id=2323): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c804}, 0x14) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, 0x0, 0x800) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) timerfd_create$auto(0x9, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) inotify_add_watch$auto(0xffffffffffffffff, 0x0, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4) bpf$auto(0x4, &(0x7f00000001c0)=@bpf_attr_1={0x3, 0xca96, @next_key=0x5, 0x6}, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x2, 0x9, 0x2, 0x6]}, 0x0) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="5c00000236dacade8b57ff539d46772930ec6296f7ec3f68a7cf13b03566b63d97af4693fa8b7d5dc356a10000000000000000000000183d6b6c61a7f1db8f71b262a7d96d49591afb67755e3ccfedd56a55ea874ee5a589c25277cce636bc9c27b0f5be38a117e33698a85d5ef8ddec0a31bfc1d07f05d5d5146efc42f3e583160b64e8003659e8cb", @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000006000700008000000a00050000000000000000000a00010000000000000000000a000100ffffffffffff0000060006000f00000008000400010000800a000100bbbbbbbbbbbb0000"], 0x5c}, 0x1, 0x0, 0x0, 0x40080}, 0xc000) clock_adjtime$auto(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x7) 4.014025309s ago: executing program 0 (id=2324): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sg0\x00', 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_SG_GET_VERSION_NUM2(r0, 0x2282, 0x0) 3.68572972s ago: executing program 0 (id=2325): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sg0\x00', 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_SG_GET_VERSION_NUM2(r0, 0x2282, 0x0) (fail_nth: 1) 3.335041042s ago: executing program 2 (id=2326): r0 = open(&(0x7f0000000100)='./file0\x00', 0x299b4bf652a26aa1, 0x111) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) msync$auto(0x100005ee5e40d, 0xd5f6, 0xffffffff) write$auto(0x3, 0x0, 0x400000010007e) mmap$auto(0x9, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0xb) mmap$auto(0x3c3794d4, 0x6, 0xdf, 0x19, 0xffffffffffffffff, 0x8000) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000080)='/proc/kpageflags\x00', 0x2, 0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\rB\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) write$auto_random_fops_random(r1, 0x0, 0x0) msgget$auto(0x0, 0x77d9) msgrcv$auto(0x0, 0x0, 0xff9, 0x0, 0xb1) mmap$auto(0xffffffffffffffff, 0x9e51, 0x100, 0xeb1, r0, 0x8002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) msgctl$auto(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYRES8=r2, @ANYRES32], 0x18}}, 0x80) sendfile$auto(0xffffffffffffffff, r2, &(0x7f0000000000)=0x6b8, 0x1ff) write$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffffff, &(0x7f0000000140)="d18073", 0x3) r4 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) mmap$auto(0x1000, 0x91, 0x4000000000df, 0xeb1, r2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_dma_heap_fops_dma_heap(r4, 0xffffffffffdffe00, &(0x7f0000000140)) mprotect$auto(0x2000000008, 0x10000004, 0x100000001) poll$auto(&(0x7f0000003640)={0xffffffffffffffff, 0x4, 0xffff}, 0x4, 0x100000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) socket(0x10, 0x80002, 0x0) 2.970823697s ago: executing program 0 (id=2328): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sg0\x00', 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) socket(0x1d, 0x3, 0x1) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) lsm_list_modules$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffffff, 0x0, 0x0) pwrite64$auto(0xffffffffffffffff, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x89\x06s\x1cJ\x99\x00:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x10, 0x6) openat$nci(0xffffffffffffff9c, &(0x7f0000000140), 0x5400, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000840)) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/usb/drivers/usbtouchscreen/new_id\x00', 0xbce02, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x6, 0x7) socket(0x2, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) 2.763288493s ago: executing program 1 (id=2330): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x8a240, 0x0) ioctl$auto(r0, 0x5646, r0) write$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffffff, &(0x7f0000000140)="d18073", 0x3) r1 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000300), 0x50100, 0x0) r2 = ioctl$auto_dma_heap_fops_dma_heap(r1, 0xffffffffffdffe00, &(0x7f0000000140)) mprotect$auto(0x0, 0x10000004, 0xffffffffffc417d5) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/014/001\x00', 0x800, 0x0) poll$auto(&(0x7f0000003640)={0xffffffffffffffff, 0x4, 0xffff}, 0x4, 0x100000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, &(0x7f00000000c0)={0x0, 0x1fffa}, 0x80007, 0x0, 0x4000002, 0xb}, 0xfff}, 0x5, 0x311) r5 = socket(0x10, 0x80002, 0x0) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/icmp\x00', 0xc0880, 0x0) read$auto(r6, &(0x7f0000000040)='/proc/self/net/icmp\x00', 0x80000001) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000007a80), 0xffffffffffffffff) r7 = gettid() r8 = getpid() rt_tgsigqueueinfo$auto(r8, r7, 0x1, &(0x7f0000000600)={@siginfo_0_0={0xffffff88, 0x1, 0x40, @_rt={0x0, 0xee01, @sival_int=0x9ae}}}) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r5, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x40) ioctl$auto_USB_RAW_IOCTL_INIT(r2, 0x41015500, &(0x7f0000000180)={"3c85e6b93c49b6674dac643330b8bf5a9dfe154ca011b700d78b35a92f99ba8dd98ae66190cdfcec887f1ae53a266f48cbf08db517f60fd2577b593c20b20debd7902857ec6961c417c882baca52e0e48275f0b93f724f13f4eae4101d27de5aaf4c6fd22e43b43b99257302263a80a00791cf828b4960529e6864765af72c3b", "1fee4eeb1c8ef8654c649d5c698cce7824ebfd7e2b9c45eb47a72b039b897b3c913e6627219ab368fec9753af45da748feeb6d8d2fd2453288bc8d14403873204a9a9402fd9c1cd746d78de0ee56532fb70e7f2d0e50fa5b8a33b6ef0d4e0dd1e5d7e490ee01d2774705d606e1acee63535dc0a4f6ff5f6d0820da1275d02c19", 0x5}) r9 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000740), 0x101000, 0x0) ioctl$auto_USB_RAW_IOCTL_RUN(r9, 0x5501, 0x0) close_range$auto(r4, r4, 0x80000001) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.68964901s ago: executing program 3 (id=2331): r0 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bluetooth/hci1/power\x00', 0xc6200, 0x0) ioctl$auto_BTRFS_IOC_DEFRAG(r0, 0x50009402, &(0x7f0000001480)={@raw=0x8, "1378ff9554ca40f01053d2427dd2cbdea5eaf98bff62d559c0a85220b0725f46fecf82f3b56bb58de5d665b56cfa90dc16ef99eff33de62334d8cc9b3ebe87aaa42342879d3b45381c93d2f4140f94a5a5749e5de39da1f6124758acc16a591b755667b2127ba268d355928f2a235636fc2e0e08deffa5091ba22a7c01adf9cd3c40d90d267438b1049053d756f812dfba963853b377309a6156159f18b013055d9eb1d76bdfa52a357df03e04a05a94e9fa37a2501298763f5950587084b2d5fb9dbc5afe51b405c4fddac8d3e188433c8237d55d6cb0cca55879fb6c84ea21fb9c46b50d9105a8747483a5f81ddb0fa6f66079664d2718fae77028f50864a84ef4da12f15e3879429b0f50bfaf22e3c0b02d131aa69a2eb18d3f23f2a94690bc1aa39b5ebb65e55010c470d4f33d25289ce98fe06da4b1dc733b2973a5c1f73000e69216f0a4cb68561a9518b4b74bf39b9cfda22ed2c446b3428b4211480aba7adb9dd06fc3f388a3dd36978fd4bd8306a61f74ecbaa54aba9bb96c1c9e11b0188250b22ea5ab39b9bfdb55b4327ca99c44e56f38b36b391ce799e593356a9fae0adfbcd34722b4a1fdbcdfd6f23ca4965bc4afcf1db5c254cae4dbfdc0ea8f9147f2d0b787cfc83c6e815645bfef35876d7ec71a9a913f096b86f95275393317d0a030160fa88c7c184e53d7f3585191d6db854b06a49103a50655e59946a060bc4246b1c35b307cf0ccebdaa8c0d6e2cd98ed237de2d91bb06aedd80bba7f320b42b74c662db22032982b7556f8b878178807fb87e3fc4d3974a94231385f16de16a664895ed677c2e6c051cdf18f96ef91a62953145cb77e5bde82e8cbc4f231f0c7e31ee21719f5c05d0ef0eef4b406da00a6c9849bdac38ea8f7d6d38c05fa5b8b2979a07bb06f07b4fcf8b5004908768e9951da840655fd99dd5fd6a0ec23e120b470d0ff0c10fba87a38dade3e0ced7d5ec95a690c4ebf2739f268920b496e3f5237f00b55e3f4073133bd199d9925f275c1a372f2b96f2e5013fc2f0f9493f300cb9f2193e0c27e0c322fcf6b6a831860b070ffa21c30ff66dc50f7036941ba2a763c228142aaa6af798341d7020c55df2702b581d560509dafa45d933dcbe9a22841e0b3e4844b761b483db60869ae67190b852b1b9e1d15975195fe2d251a0ca4fc587ff231928552d72ec08f4563cd7c8445469fb7ee24fa1ce569a8e1f0dfa295b06b073d0b0165a97bf2054b966211cf70573de76aa49eac0898506495668b1994604b9782e51cff6f7695dac82fdb5513b7d9e2ad76f329b5e7db1e663265b9309e9b6db2512853723ceac60ff378b7844297530cf184f355badbdd5d415151fd4643e64efbf6756f392bbd5bfaf882aba60e5010a642e4d59cee4c549721fb5d32ce0e2461ccbd9873f404cba66b05bb082cc655b476d2deda4b265660826512fd5efc07f2a380e753c71911d8e03890ed651da7669a081488cad2c4ddaff03f23022ca5108ce52bcb1105e58433684a4b3aded6c0af4f5f0e57387fbe10a5889e7a6f76106ee9e36bd9b27021b13500fd8547172bcbf237eb03d5f62729ac0136138b9297e4d0feb20196046dc27bb160d5f51516bce4db8734bc97fc8fc3efa2ef685dc09c56241f2157601d4a8866ced5f4dab31e7b154e8d3b3e528eb1cdd59e99347b6783bfa5798247ba46c170affa79ef9b1ced45a32cb2a92dd690d17a02f461fcdf79a85b94dc8426c5ed2cc1d4ebdd25cf837b6994b6e7d49b74331aaec34c095b432edd127ce6a572a601b22f68ec83386ca9bc5415b93c776a11cc03d5408e8f5510ebc8c88420baec7260bc8635f95b358c30c1076b49c8eb8d74e16d4fdb23b3a6aeaebc48858021e3f893317cb90dbcf5c05e0405b12354fc2b0db9ea09f07fbac9917099302e0f47a5cf7ad6526166ed4cad94dde65dd4b742a82bf790ae0dca3af758b41e29df2dd6966429423c42633c7eeb382dafa22f96e4216c315ffa9be4f0e324b00815ef0b410d7ef512315552443b63041aa207590067792d8b4d3ba493f109bbd6d4f86c8d8dbd2e974ded68866961ea4ff62d78ed057b554498df4beec314bafc46e70e626d9800a9e712f8c02a420f3f5a4e775957d1f9243ff910445de6c22aae2b0dfd5c394032112b09fc78ae4b5fa3449c20e1b914d6aaa89482640832f3fbaca81f10c6c582e40fecc82509d671b832b5470b822b6eca6fb8ed1c0264cb74929cc4f21492c0f84f94fa02536a80dd53b107b7934876a530e9c42aab70b6df5d29f1636d60dbce5a06f0e8d01c95400ca6a1d66d79d348b9b566bf6cbd1feec11d5f50929199c396940cbc35640e690330023c74b628670d7541646f6b96f9ee6a74bbe11c80be08f31c6fa1345691b46a7ab71eecdef69d2e05b55d143a1aa08da01793451fc3383e7a8a183368d70a0cf81f24a2fe96ffefff8ad623650156036e031c383a201f140886c0a47eece8d776c02e3556cd07334f20488c98a628236c340af075398e864b83b07474f783c9a732d7a0c3f2b6a48c4432f50dd0533f160f7dd6021c4ed5462c91dec3c575af9d810da53f2a3fa4c84c4ccfc39e7a07a1243051aeea34046fd5f19dd8ff8f406010fb70d5eed66211e0a8c61081908319f33bcbb41f6285ff7e6622dbc8ab60fe32f1fcb6ebba22cf75088b0807a1c92dd6d0c8af60787bbdd20835a8ad62a28baf2cb5453f7144505541b685f16296627ff582721d276c7a471593c09225fc235fc4d19b3b889963b5a0cf449e3783e4500a7f52cc434bc2e29cbae8f15d48b998a74252eafd30972fa8421295aea070216160e462d37eda37b886c695973b24da347b32d60410f72c37c9ba6df72ae4f4b54066ab1f4c6fb325632ea0ff288be661953db1de2278553e87486d64115665606feeb05a3d0dee2e82ec3a4940449165c16fe1673d995be68e25aad3d71c3681b68c512200ce0b5c8c291215d45f731e5591a8fa796155971b4b040c8d9d99502e8101f8d3dac02c086a551db065d30812765db4e4e907b05a1e8870cb71c4f873e1c5d78248d94b7a433bbde8d4af023f931e196698bf36d4a93a4a27959f41ecae95d46c47a4bfc194d8a36a4df5c76b28a207ec9625b8cc721dbc175f90c09fa0f541788133d235105145d85a51c9dec80c81a90a2ea0bca8aa0fbd984b294105e87e0aeccc93b7ab15c6b1dde5d789c8f1d715e24aa34e80b4ff0cf606f6b53a3ac9207f99618d5b6fd871e103e1943704da2501ccc75f7ecf2da03f1e2b815975ef59ac9088a65f53795c307b075f05ee9f59c7e4119483433eb84461caa0e18ef570c45a00657b0e8249974a6bd884938471201798f532523582086963938f1f2f46fc12ca0c13cfceb3bf753a142138a584170db639d9bd9434c0e2aa0a2ec533fa107be6731f93380e4c7e6a379d2169a0cf95a80f18be425e0d0500b129c822883b895d0fd3387baa38911017da84f7e64def6bcf43245cbd5d88c17c8b8a27066afd4894941d7ebb49508d768b5a1810ed8abeda3db11a72af2b1a783f40873e7b136449690b4c9a6cc4006f80762dcf5f2d8219a80eab2930d26749a7ef5e515cf8dd64e1a5b0226bbbd892f0c2d42cd62068a52c92f2bcc1ec8234607a509c079e86b051db17e638e7617e6b56a5878955d29b3c0df3ea7e92dcebc1d96c79917f6ad72a1b7e639278dcfc76e69eed9cfb24bbd37238673e4d8bd284a4dff324457ac795317bc1686affa0446e41a79c3a99137977e025181fe428c47c75b372468fa27422fed8c626a319ec9602cc56f7090b1ef26b5444cd35f788bf2138ab2c21d2212e92a2d12b5b9159244184ded3a5a913e0c6194489bf9118d257d2a679f8d52461d5c191669a37da3f6f100d1a58661c05e9f08042c46e3b62dd61e939040215fa99ef21b16aad9658a71ffeb1e70d83b432e139adb0ae0555e374731eef17f24b78f91ff73e8fecaedbf47714c54f819dbc0fb32b5b7888323b5560a85679f7716b4d0e8aca4a40e2235acba85a2f5a6098af3262286667e96092531d0c7eb103bed1cf551ba4dd99ee4fc335ceea8c29277569892d16363f061e86fe897f2aabe4196a1fe1c2d75ec9e1c0eca5f896c2d1bbe094eb581634c8ed3724e1f866f3d411a0207eea1663d63d9784da13e5b2da433990c685a8e206c726575d851aa03c039fb0a5b98a0d31414f4321532457b09a0b34bfeab1886b3d96a8dfb879e193858e7e9de1cabd576fdf5cb3d193b89596a33b71c9fd0d3a808cf48e77fa5514356eea796190a403acf692481cc15859a6f522629475b9e1e2a85bc0bb46ff5e6a724ac48b33fc3b3064deee333b4e09d682e074ca1913b445f2c0a95a6d0059066041a2e6d3a04229e01f83932a12e31a782803098bc7209e6e30f1c43aa7fb057432d1a9dd95b8c0c0d636b48c5c2ceea4369fc3943beb4a48a199af903c4c9330411c1ed80a6cdd3eefa3b5121d68a605ed53423d27fbd07f479df7d4ada90aa3411356afbcbb51420ac01e055add52a37d0b40c383dd67bd025c042f63156dbb168c3d6b47d0a3c24a1330f752087b502b822a5d6a015687c90ab685a01819040bd50359f22f077830bc59305a06aca472a7615d3f70c9b56ffe27f392915bbc47555e60ffd9917895ffac6a65aa5803a4e10221b1dcaed917646a4a53fa2bd250b4bcb9b63dbfb54e05d49b0c18a2f332dbdc5e8bcfe2aa5db41394110f9a3c1d184e0a8824c2604a26c55f57f0d94824b0dd49b0022c62e422998ec40105cce3d6996232e61f50553d74786d8935b324e1d6ffc00a2cdfb0ed280004564be6e2c58c716f30625f0df11b4d4c4c00bf8cbaa4501460cc8694689b267d6a7631d03893246082c778da76f7586d5cdb6ccca77a400f4e0f6e4e887121c42baca8bf22e9d9b2d2a19d8bede82e57d97ef7e92cc37d726556a14bca3ddbdc6c729a31ee5988264bc1432cc2a079575bf8adf064eb3821e0672c5a28224c046ba7cc235dbec5337d084d9083e3d9ced5cbeb82ccfe4066c600e8d51a1a4da7684909a95d6c0f53f22cf2fa6b89c1fbee065f913b654524f4d46795077eb62f92a6219113a69ab5faaf3f5d2e48cb2aa7b3d6aee6155b4408b0b6eec1211b748d5fc3c28640824c5df8bfab00e3f1e76bf7272f774b5243158f7a11118474d6d8fc7f77b014d33bf06e0bcde329760adad82c5aadde9f25b5222208675e1ba653ac4261728d45933d40ec092893ad0997e29f34dac35b45fff0f7699eb19f5372d10e3d76840ff9d00ee6a50314ce4db2cfe24782b625c4fc1b42363b7d247aeb0ac0130705cee950a4464500dc5a43827260ee742b8184f7cb08e023964e2361ff39c14713a7f4732371ec782e7d2a570f25d8632141a29b3a0baa94b347ee3b91e178bf38451109894bfb05126c5522b9758bd3bbd610a97af5fdb1f02ad914f31135959557752b6d0424ee37d8bddc3719c9f270e60b7fb01e3d8422da5d8564fa2b0c461535d68046b69a2c87c5cd9003a5c4a8f15ffb360f24154b36ec123d48dbeb30029002cadd7fe5ad918d79cb2f5b540f9fa21d9bccbfe0783b86a417f544a8b767c4e7166d49cec7b60c7f9cd1f23fbb3d47c09f250ea2b657af0f64c575ce3cf64164504635de161f288825f6ef1475451926afbfd4ce0419249999b2a8d3f32655275c29335188ca717baa967ab758192eb6d639afe0265ac5bab3429882998c034b70a57fd87b03ab"}) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x1, 0x6) mmap$auto(0x1, 0x6, 0x3, 0x200007e, r0, 0x28000) ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) shmctl$auto(0x0, 0xd, 0x0) getrandom$auto(0x0, 0xe06, 0x3) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) sendfile$auto(r1, 0x3, 0x0, 0xc03) setreuid$auto(0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000480)=""/4096, 0x1000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmsg$auto(r2, &(0x7f0000000180)={&(0x7f0000000100)="d93b96e4b2e90000000000000000edd11e02eee82c05cb495770dbe01d2b7f49b8cd40724d409250a3a0a8a3ea027396699f785ca737", 0x7fc, 0x0, 0x200008, 0x0, 0x3, 0x4}, 0x0) writev$auto(r2, 0x0, 0x3) readahead$auto(0xffffffffffffffff, 0x6, 0x2) r3 = socket(0x23, 0x5, 0x0) listen$auto(r3, 0x5ed) unshare$auto(0x40000080) r4 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x42842, 0x9d) read$auto(r4, 0x0, 0x1) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/use-gss-proxy\x00', 0x48041, 0x0) write$auto(r5, 0x0, 0x6) r6 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r6, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r6, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r6, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x9c, 0xf4, 0xb0, @raw=0x89de}}) 2.234203871s ago: executing program 0 (id=2332): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r0 = open(0x0, 0xeee00, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) r1 = socket(0xa, 0x2, 0x73) sendto$auto(r1, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) close_range$auto(0x2, 0x8, 0x0) unlink$auto(&(0x7f0000000380)='./file0\x00') read$auto_ptdump_fops_(r0, &(0x7f00000005c0)=""/4096, 0x1000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a) sendmsg$auto_NETDEV_CMD_BIND_RX(r1, &(0x7f0000000440)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x2c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@NETDEV_A_DMABUF_IFINDEX={0x8, 0x1, r2}, @NETDEV_A_DMABUF_FD={0x8, 0x3, r0}, @NETDEV_A_DMABUF_FD={0x8, 0x3, r0}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x804) read$auto_l2cap_debugfs_fops_(0xffffffffffffffff, &(0x7f0000000240)=""/177, 0xb1) timer_settime$auto(0x0, 0xd80, &(0x7f0000000040)={{0x40000000000026b, 0x4}, {0x0, 0x83}}, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) 2.154525974s ago: executing program 2 (id=2333): sendmsg$auto_NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x814}, 0x80) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c030000000000fe002f", 0x49}, 0x5, &(0x7f0000000700), 0x5, 0x1}, 0x5}, 0x2, 0x100) 1.896951663s ago: executing program 0 (id=2334): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sg0\x00', 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_SG_GET_VERSION_NUM2(r0, 0x2282, 0x0) 1.828375604s ago: executing program 0 (id=2335): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c804}, 0x14) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, 0x0, 0x800) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) timerfd_create$auto(0x9, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) inotify_add_watch$auto(0xffffffffffffffff, 0x0, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4) bpf$auto(0x4, &(0x7f00000001c0)=@bpf_attr_1={0x3, 0xca96, @next_key=0x5, 0x6}, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x2, 0x9, 0x2, 0x6]}, 0x0) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="5c00000236dacade8b57ff539d46772930ec6296f7ec3f68a7cf13b03566b63d97af4693fa8b7d5dc356a10000000000000000000000183d6b6c61a7f1db8f71b262a7d96d49591afb67755e3ccfedd56a55ea874ee5a589c25277cce636bc9c27b0f5be38a117e33698a85d5ef8ddec0a31bfc1d07f05d5d5146efc42f3e583160b64e8003659e8cb", @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000006000700008000000a00050000000000000000000a00010000000000000000000a000100ffffffffffff0000060006000f00000008000400010000800a000100bbbbbbbbbbbb0000"], 0x5c}, 0x1, 0x0, 0x0, 0x40080}, 0xc000) clock_adjtime$auto(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x7) 1.814220011s ago: executing program 1 (id=2336): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) read$auto(r0, &(0x7f0000000100)='nl80211\x00', 0xbe62) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000000000600010000000a0005000000000000000000b3fc010000000000000000000a0001000000000000000000060006000500000008000200", @ANYRES32=0x0, @ANYBLOB="080004000301"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) socket(0x2, 0x3, 0x6) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x8000000) 1.804502856s ago: executing program 2 (id=2337): openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) socket(0xf, 0x3, 0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) pipe$auto(0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) r1 = semctl$auto_GETPID(0x35, 0x400, 0xb, 0x3) prctl$auto(0x42, 0x5, r1, 0x59, 0x5) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = prctl$auto(0x1, 0x400000001, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x7f, 0x0) close_range$auto(r2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x2, 0x1) 1.441212375s ago: executing program 3 (id=2338): mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/block/zram0/mm_stat\x00', 0x8900, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) 1.362325859s ago: executing program 1 (id=2339): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) socket(0x1d, 0x2, 0x6) r0 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1, 0xfd}, 0x6a) setsockopt$auto(r0, 0x2, 0x5, 0x0, 0xffffffff) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe4643, 0x0) mmap$auto(0x0, 0x9, 0xe3, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = ioctl$auto_TUNSETSNDBUF2(0xffffffffffffffff, 0x400454d4, &(0x7f0000000100)=0x1) read$auto_btrfs_dir_file_operations_inode(r4, &(0x7f0000000140)=""/31, 0x1f) waitid$auto(0x42, 0xffffffffffffffff, &(0x7f0000000240)={@siginfo_0_0={0x7, 0x7d2, 0xd5ae, @_sigfault={0x0, @_addr_lsb=0x8}}}, 0x2, 0x0) bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xa901, 0x0) 1.121357709s ago: executing program 1 (id=2340): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/rose9/phys_port_id\x00', 0x100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000000)=""/150, 0x96) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="130026bd7000dddbcfc23e16000008000300", @ANYRES32=r3], 0x24}, 0x1, 0x0, 0x0, 0x8880}, 0x20040894) 1.105941346s ago: executing program 3 (id=2341): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sg0\x00', 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd}, 0xa3) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000dc0), r2) sendmsg$auto_IPVS_CMD_GET_DEST(r2, &(0x7f0000003a40)={0x0, 0x0, &(0x7f0000003a00)={&(0x7f0000000e80)={0x14, r3, 0xc0dce8a66cb0a7ff, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4040011}, 0x40010) shmctl$auto_IPC_STAT(0x1, 0x2, &(0x7f0000000100)={{0xffff, 0xffffffffffffffff, 0xee01, 0x8, 0x2c3, 0x0, 0x7}, 0x6, 0x5, 0x8, 0x46ebd0b3, @raw=0x4800, @inferred=0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000740)="17706b0f8d412f2638f8b177f4184ac88d786801da2d1571880000e5c27ceede00a32eb30f7125b7e6d4a55014079ea5dc980a1daa3d5eab00d686f2", &(0x7f0000000080)="f86642a2debbafcad58aaf451bf566b82b7d2355320162eea6ca37c2c9567dbc5c715fc9998332800b8d390b1a5d0dcc05bafa9d0d952e5fe3998de389c44020175c4f3c96b3a026c4ef8cbf2f72f4fe"}) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r5 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r6 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r6, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x5}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r5, 0x0, 0xffffff4b) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000005c0), 0x40, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r7) ioctl$auto_KVM_CREATE_VM(r4, 0xaece, 0x0) close_range$auto(0x2, 0xa, 0x0) r8 = fcntl$auto_F_GETOWN(r0, 0x9, 0x8) tkill$auto(r8, 0x800) waitid$auto_P_ALL(0x0, 0x3e, &(0x7f00000001c0)={@siginfo_0_0={0x85, 0x5, 0x1}}, 0xb, &(0x7f0000000240)={{0xd1a, 0x9}, {0x9, 0x8}, 0x5, 0xc1b, 0x3, 0x5, 0x8, 0x0, 0x146, 0xfffffffffffffff7, 0x3, 0xb, 0x4, 0x1, 0xfffffffffffffffe, 0x2}) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) 612.477599ms ago: executing program 3 (id=2343): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r0 = open(0x0, 0xeee00, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) r1 = socket(0xa, 0x2, 0x73) sendto$auto(r1, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) close_range$auto(0x2, 0x8, 0x0) unlink$auto(&(0x7f0000000380)='./file0\x00') read$auto_ptdump_fops_(r0, &(0x7f00000005c0)=""/4096, 0x1000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a) sendmsg$auto_NETDEV_CMD_BIND_RX(r1, &(0x7f0000000440)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x2c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@NETDEV_A_DMABUF_IFINDEX={0x8, 0x1, r2}, @NETDEV_A_DMABUF_FD={0x8, 0x3, r0}, @NETDEV_A_DMABUF_FD={0x8, 0x3, r0}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x804) read$auto_l2cap_debugfs_fops_(0xffffffffffffffff, &(0x7f0000000240)=""/177, 0xb1) timer_settime$auto(0x0, 0xd80, &(0x7f0000000040)={{0x40000000000026b, 0x4}, {0x0, 0x83}}, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) 611.663532ms ago: executing program 1 (id=2350): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c804}, 0x14) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, 0x0, 0x800) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) timerfd_create$auto(0x9, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) inotify_add_watch$auto(0xffffffffffffffff, 0x0, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4) bpf$auto(0x4, &(0x7f00000001c0)=@bpf_attr_1={0x3, 0xca96, @next_key=0x5, 0x6}, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x2, 0x9, 0x2, 0x6]}, 0x0) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="5c00000236dacade8b57ff539d46772930ec6296f7ec3f68a7cf13b03566b63d97af4693fa8b7d5dc356a10000000000000000000000183d6b6c61a7f1db8f71b262a7d96d49591afb67755e3ccfedd56a55ea874ee5a589c25277cce636bc9c27b0f5be38a117e33698a85d5ef8ddec0a31bfc1d07f05d5d5146efc42f3e583160b64e8003659e8cb", @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000006000700008000000a00050000000000000000000a00010000000000000000000a000100ffffffffffff0000060006000f00000008000400010000800a000100bbbbbbbbbbbb0000"], 0x5c}, 0x1, 0x0, 0x0, 0x40080}, 0xc000) clock_adjtime$auto(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x7) 239.066191ms ago: executing program 2 (id=2344): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r0 = open(0x0, 0xeee00, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) r1 = socket(0xa, 0x2, 0x73) sendto$auto(r1, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) close_range$auto(0x2, 0x8, 0x0) unlink$auto(&(0x7f0000000380)='./file0\x00') read$auto_ptdump_fops_(r0, &(0x7f00000005c0)=""/4096, 0x1000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a) sendmsg$auto_NETDEV_CMD_BIND_RX(r1, &(0x7f0000000440)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x2c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@NETDEV_A_DMABUF_IFINDEX={0x8, 0x1, r2}, @NETDEV_A_DMABUF_FD={0x8, 0x3, r0}, @NETDEV_A_DMABUF_FD={0x8, 0x3, r0}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x804) read$auto_l2cap_debugfs_fops_(0xffffffffffffffff, &(0x7f0000000240)=""/177, 0xb1) timer_settime$auto(0x0, 0xd80, &(0x7f0000000040)={{0x40000000000026b, 0x4}, {0x0, 0x83}}, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) 232.263264ms ago: executing program 1 (id=2345): mmap$auto(0x4e34, 0x200020009, 0x40004000000000df, 0xeb1, 0x401, 0x8000) keyctl$auto(0x2000000000000017, 0x8000, 0x2d, 0xc4, 0x20803) mmap$auto(0x0, 0x20007, 0x7ff, 0x19, 0xffffffffffffffff, 0x1) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket(0xf, 0x2, 0xfffffffd) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x9) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace\x00', 0x1a6b75d638a86990, 0x0) socket(0x2b, 0x1, 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/traceSMB\x00', 0x40c01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2000c, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) unshare$auto(0x40000080) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0) mmap$auto(0x1, 0x2120009, 0x3, 0xebd, 0xffffffffffffffff, 0x8000) r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, 0x0) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/current_tracer\x00', 0x1a3642, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) unshare$auto(0x40000080) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x481bf, 0x7352, 0x34, 0x65f, 0x7fffffff, 0x7, 0x3, 0x20000002, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0xd3a, 0x10003, 0x80, 0x4, 0x0, 0xffffffff, 0x2000, 0x206, 0x8, 0x84, 0x4669, 0x6624e55, 0x0, 0x0, 0x0, [0x4, 0x0, 0x0, 0x3, 0x0, 0x10, 0x0, 0x0, 0x4000000000, 0x0, 0x439abe64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7cf0, 0x1, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fd, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) userfaultfd$auto(0x5) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYRES64=r0, @ANYRESDEC=0x0], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) unshare$auto(0x40000080) prctl$auto(0x1d, 0x8000000000000001, 0x0, 0x5, 0x1) 0s ago: executing program 3 (id=2346): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000000)={0x24, r1, 0x301, 0x70bd25, 0x25dfdbff, {}, [@CTRL_ATTR_FAMILY_NAME={0xd, 0x2, 'nl802154\x00'}]}, 0x24}, 0x1, 0x12, 0x0, 0x20000800}, 0xc040810) kernel console output (not intermixed with test programs): 156.986201][ T7505] process_vm_rw+0x216/0x2c0 [ 156.986224][ T7505] ? __pfx_process_vm_rw+0x10/0x10 [ 156.986250][ T7505] ? task_mm_cid_work+0x6b9/0x910 [ 156.986282][ T7505] ? xfd_validate_state+0x61/0x180 [ 156.986299][ T7505] ? __task_pid_nr_ns+0x17c/0x500 [ 156.986320][ T7505] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 156.986343][ T7505] ? do_syscall_64+0x91/0x490 [ 156.986362][ T7505] ? lockdep_hardirqs_on+0x7c/0x110 [ 156.986382][ T7505] do_syscall_64+0xcd/0x490 [ 156.986404][ T7505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.986419][ T7505] RIP: 0033:0x7fa926d8e929 [ 156.986431][ T7505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.986444][ T7505] RSP: 002b:00007fa927bd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 156.986459][ T7505] RAX: ffffffffffffffda RBX: 00007fa926fb5fa0 RCX: 00007fa926d8e929 [ 156.986468][ T7505] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 0000000000000174 [ 156.986476][ T7505] RBP: 00007fa926e10b39 R08: 0000000000000003 R09: 0000000000000000 [ 156.986484][ T7505] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 156.986497][ T7505] R13: 0000000000000000 R14: 00007fa926fb5fa0 R15: 00007ffea0918748 [ 156.986514][ T7505] [ 157.993582][ T5151] Bluetooth: hci1: unexpected event 0x03 length: 725 > 11 [ 158.334737][ T7555] netlink: 338 bytes leftover after parsing attributes in process `syz.3.459'. [ 158.362071][ T7547] netlink: 338 bytes leftover after parsing attributes in process `syz.3.459'. [ 158.503097][ T7550] zswap: compressor 000 not available [ 158.627814][ T7565] netlink: 4 bytes leftover after parsing attributes in process `syz.2.463'. [ 159.113576][ T7581] netlink: 4 bytes leftover after parsing attributes in process `syz.2.468'. [ 159.275706][ T7589] FAULT_INJECTION: forcing a failure. [ 159.275706][ T7589] name failslab, interval 1, probability 0, space 0, times 0 [ 159.345527][ T7589] CPU: 1 UID: 0 PID: 7589 Comm: syz.3.471 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 159.345564][ T7589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 159.345577][ T7589] Call Trace: [ 159.345585][ T7589] [ 159.345594][ T7589] dump_stack_lvl+0x16c/0x1f0 [ 159.345633][ T7589] should_fail_ex+0x512/0x640 [ 159.345663][ T7589] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 159.345701][ T7589] should_failslab+0xc2/0x120 [ 159.345723][ T7589] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 159.345757][ T7589] ? __alloc_skb+0x2b2/0x380 [ 159.345794][ T7589] __alloc_skb+0x2b2/0x380 [ 159.345825][ T7589] ? __pfx___alloc_skb+0x10/0x10 [ 159.345855][ T7589] ? __pfx___mutex_trylock_common+0x10/0x10 [ 159.345889][ T7589] ? __pfx___might_resched+0x10/0x10 [ 159.345916][ T7589] ? rcu_is_watching+0x12/0xc0 [ 159.345944][ T7589] netlink_dump+0x678/0xce0 [ 159.345967][ T7589] ? __rhashtable_lookup.constprop.0+0x3a5/0x760 [ 159.345992][ T7589] ? __netlink_dump_start+0x150/0x990 [ 159.346016][ T7589] ? __pfx_netlink_dump+0x10/0x10 [ 159.346072][ T7589] __netlink_dump_start+0x6d6/0x990 [ 159.346103][ T7589] vsock_diag_handler_dump+0x1a8/0x240 [ 159.346128][ T7589] ? __pfx_vsock_diag_handler_dump+0x10/0x10 [ 159.346152][ T7589] ? __pfx_vsock_diag_dump+0x10/0x10 [ 159.346177][ T7589] ? sock_diag_lock_handler+0x10f/0x2e0 [ 159.346218][ T7589] sock_diag_rcv_msg+0x435/0x790 [ 159.346253][ T7589] netlink_rcv_skb+0x158/0x420 [ 159.346278][ T7589] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 159.346311][ T7589] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 159.346350][ T7589] ? netlink_deliver_tap+0x1ae/0xd30 [ 159.346381][ T7589] netlink_unicast+0x53a/0x7f0 [ 159.346411][ T7589] ? __pfx_netlink_unicast+0x10/0x10 [ 159.346447][ T7589] netlink_sendmsg+0x8d1/0xdd0 [ 159.346478][ T7589] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.346517][ T7589] sock_write_iter+0x4fc/0x5b0 [ 159.346546][ T7589] ? __pfx_sock_write_iter+0x10/0x10 [ 159.346585][ T7589] ? bpf_lsm_file_permission+0x9/0x10 [ 159.346610][ T7589] ? security_file_permission+0x71/0x210 [ 159.346640][ T7589] ? rw_verify_area+0xcf/0x680 [ 159.346673][ T7589] vfs_write+0x6c4/0x1150 [ 159.346705][ T7589] ? __pfx_sock_write_iter+0x10/0x10 [ 159.346736][ T7589] ? __pfx_vfs_write+0x10/0x10 [ 159.346764][ T7589] ? find_held_lock+0x2b/0x80 [ 159.346810][ T7589] ksys_write+0x1f8/0x250 [ 159.346842][ T7589] ? __pfx_ksys_write+0x10/0x10 [ 159.346884][ T7589] do_syscall_64+0xcd/0x490 [ 159.346921][ T7589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.346945][ T7589] RIP: 0033:0x7f89e0b8e929 [ 159.346965][ T7589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.346987][ T7589] RSP: 002b:00007f89e1a1d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 159.347009][ T7589] RAX: ffffffffffffffda RBX: 00007f89e0db5fa0 RCX: 00007f89e0b8e929 [ 159.347026][ T7589] RDX: 00000000000002fb RSI: 0000200000000000 RDI: 0000000000000004 [ 159.347046][ T7589] RBP: 00007f89e1a1d090 R08: 0000000000000000 R09: 0000000000000000 [ 159.347060][ T7589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.347074][ T7589] R13: 0000000000000000 R14: 00007f89e0db5fa0 R15: 00007ffeddfa5638 [ 159.347108][ T7589] [ 160.149443][ T7604] netlink: 28 bytes leftover after parsing attributes in process `syz.0.475'. [ 160.265761][ T7609] FAULT_INJECTION: forcing a failure. [ 160.265761][ T7609] name failslab, interval 1, probability 0, space 0, times 0 [ 160.280634][ T7609] CPU: 1 UID: 0 PID: 7609 Comm: syz.1.477 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 160.280665][ T7609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.280678][ T7609] Call Trace: [ 160.280685][ T7609] [ 160.280693][ T7609] dump_stack_lvl+0x16c/0x1f0 [ 160.280729][ T7609] should_fail_ex+0x512/0x640 [ 160.280767][ T7609] should_failslab+0xc2/0x120 [ 160.280790][ T7609] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 160.280823][ T7609] ? skb_clone+0x190/0x3f0 [ 160.280860][ T7609] skb_clone+0x190/0x3f0 [ 160.280896][ T7609] netlink_deliver_tap+0xabd/0xd30 [ 160.280928][ T7609] netlink_unicast+0x5df/0x7f0 [ 160.280956][ T7609] ? __pfx_netlink_unicast+0x10/0x10 [ 160.280990][ T7609] netlink_sendmsg+0x8d1/0xdd0 [ 160.281017][ T7609] ? __pfx_netlink_sendmsg+0x10/0x10 [ 160.281050][ T7609] ____sys_sendmsg+0xa98/0xc70 [ 160.281073][ T7609] ? copy_msghdr_from_user+0x10a/0x160 [ 160.281101][ T7609] ? __pfx_____sys_sendmsg+0x10/0x10 [ 160.281143][ T7609] ___sys_sendmsg+0x134/0x1d0 [ 160.281176][ T7609] ? __pfx____sys_sendmsg+0x10/0x10 [ 160.281200][ T7609] ? __lock_acquire+0x622/0x1c90 [ 160.281270][ T7609] __sys_sendmsg+0x16d/0x220 [ 160.281304][ T7609] ? __pfx___sys_sendmsg+0x10/0x10 [ 160.281361][ T7609] do_syscall_64+0xcd/0x490 [ 160.281396][ T7609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.281420][ T7609] RIP: 0033:0x7f93ebb8e929 [ 160.281439][ T7609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.281458][ T7609] RSP: 002b:00007f93ec9e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 160.281476][ T7609] RAX: ffffffffffffffda RBX: 00007f93ebdb5fa0 RCX: 00007f93ebb8e929 [ 160.281487][ T7609] RDX: 0000000020004010 RSI: 0000200000000300 RDI: 0000000000000003 [ 160.281497][ T7609] RBP: 00007f93ec9e9090 R08: 0000000000000000 R09: 0000000000000000 [ 160.281507][ T7609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.281516][ T7609] R13: 0000000000000000 R14: 00007f93ebdb5fa0 R15: 00007ffddf8a02c8 [ 160.281539][ T7609] [ 160.496151][ T7604] team0: Port device team_slave_0 removed [ 160.522211][ T7610] random: crng reseeded on system resumption                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           [ 352.384406][T11078] netlink: 'syz.0.1430': attribute type 10 has an invalid length. [ 352.392301][T11078] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1430'. [ 352.421932][T11078] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 353.146087][T11103] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 353.401620][T11110] FAULT_INJECTION: forcing a failure. [ 353.401620][T11110] name failslab, interval 1, probability 0, space 0, times 0 [ 353.415068][T11110] CPU: 0 UID: 0 PID: 11110 Comm: syz.2.1437 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 353.415100][T11110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 353.415114][T11110] Call Trace: [ 353.415119][T11110] [ 353.415125][T11110] dump_stack_lvl+0x16c/0x1f0 [ 353.415151][T11110] should_fail_ex+0x512/0x640 [ 353.415175][T11110] should_failslab+0xc2/0x120 [ 353.415189][T11110] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 353.415212][T11110] ? skb_clone+0x190/0x3f0 [ 353.415237][T11110] skb_clone+0x190/0x3f0 [ 353.415259][T11110] netlink_deliver_tap+0xabd/0xd30 [ 353.415277][T11110] netlink_unicast+0x5df/0x7f0 [ 353.415295][T11110] ? __pfx_netlink_unicast+0x10/0x10 [ 353.415315][T11110] netlink_sendmsg+0x8d1/0xdd0 [ 353.415333][T11110] ? __pfx_netlink_sendmsg+0x10/0x10 [ 353.415355][T11110] ____sys_sendmsg+0xa98/0xc70 [ 353.415372][T11110] ? copy_msghdr_from_user+0x10a/0x160 [ 353.415394][T11110] ? __pfx_____sys_sendmsg+0x10/0x10 [ 353.415418][T11110] ___sys_sendmsg+0x134/0x1d0 [ 353.415441][T11110] ? __pfx____sys_sendmsg+0x10/0x10 [ 353.415461][T11110] ? __lock_acquire+0x622/0x1c90 [ 353.415502][T11110] __sys_sendmsg+0x16d/0x220 [ 353.415524][T11110] ? __pfx___sys_sendmsg+0x10/0x10 [ 353.415557][T11110] do_syscall_64+0xcd/0x490 [ 353.415581][T11110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.415596][T11110] RIP: 0033:0x7f449f78e929 [ 353.415607][T11110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 353.415621][T11110] RSP: 002b:00007f44a06b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 353.415635][T11110] RAX: ffffffffffffffda RBX: 00007f449f9b5fa0 RCX: 00007f449f78e929 [ 353.415644][T11110] RDX: 0000000000000080 RSI: 00002000000006c0 RDI: 0000000000000003 [ 353.415653][T11110] RBP: 00007f44a06b0090 R08: 0000000000000000 R09: 0000000000000000 [ 353.415662][T11110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 353.415670][T11110] R13: 0000000000000000 R14: 00007f449f9b5fa0 R15: 00007ffce121f1b8 [ 353.415688][T11110] [ 355.744616][T11168] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1452'. [ 355.822430][T11168] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1452'. [ 356.104057][T11180] FAULT_INJECTION: forcing a failure. [ 356.104057][T11180] name failslab, interval 1, probability 0, space 0, times 0 [ 356.123313][T11180] CPU: 0 UID: 0 PID: 11180 Comm: syz.3.1455 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 356.123349][T11180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 356.123362][T11180] Call Trace: [ 356.123371][T11180] [ 356.123380][T11180] dump_stack_lvl+0x16c/0x1f0 [ 356.123417][T11180] should_fail_ex+0x512/0x640 [ 356.123449][T11180] ? __kmalloc_noprof+0xbf/0x510 [ 356.123485][T11180] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 356.123523][T11180] should_failslab+0xc2/0x120 [ 356.123546][T11180] __kmalloc_noprof+0xd2/0x510 [ 356.123587][T11180] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 356.123626][T11180] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 356.123658][T11180] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 356.123686][T11180] ? rcu_is_watching+0x12/0xc0 [ 356.123722][T11180] ? bpf_lsm_capable+0x9/0x10 [ 356.123750][T11180] ? security_capable+0x7e/0x260 [ 356.123793][T11180] genl_rcv_msg+0x55c/0x800 [ 356.123826][T11180] ? __pfx_genl_rcv_msg+0x10/0x10 [ 356.123856][T11180] ? __pfx_ioam6_genl_ns_set_schema+0x10/0x10 [ 356.123896][T11180] netlink_rcv_skb+0x158/0x420 [ 356.123921][T11180] ? __pfx_genl_rcv_msg+0x10/0x10 [ 356.123951][T11180] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 356.123991][T11180] ? netlink_deliver_tap+0x1ae/0xd30 [ 356.124021][T11180] genl_rcv+0x28/0x40 [ 356.124046][T11180] netlink_unicast+0x53a/0x7f0 [ 356.124075][T11180] ? __pfx_netlink_unicast+0x10/0x10 [ 356.124111][T11180] netlink_sendmsg+0x8d1/0xdd0 [ 356.124142][T11180] ? __pfx_netlink_sendmsg+0x10/0x10 [ 356.124181][T11180] ____sys_sendmsg+0xa98/0xc70 [ 356.124208][T11180] ? copy_msghdr_from_user+0x10a/0x160 [ 356.124242][T11180] ? __pfx_____sys_sendmsg+0x10/0x10 [ 356.124285][T11180] ___sys_sendmsg+0x134/0x1d0 [ 356.124321][T11180] ? __pfx____sys_sendmsg+0x10/0x10 [ 356.124352][T11180] ? __lock_acquire+0x622/0x1c90 [ 356.124426][T11180] __sys_sendmsg+0x16d/0x220 [ 356.124460][T11180] ? __pfx___sys_sendmsg+0x10/0x10 [ 356.124523][T11180] do_syscall_64+0xcd/0x490 [ 356.124560][T11180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.124584][T11180] RIP: 0033:0x7f89e0b8e929 [ 356.124603][T11180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.124626][T11180] RSP: 002b:00007f89e1a1d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 356.124649][T11180] RAX: ffffffffffffffda RBX: 00007f89e0db5fa0 RCX: 00007f89e0b8e929 [ 356.124665][T11180] RDX: 0000000000000080 RSI: 00002000000006c0 RDI: 0000000000000003 [ 356.124680][T11180] RBP: 00007f89e1a1d090 R08: 0000000000000000 R09: 0000000000000000 [ 356.124695][T11180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 356.124709][T11180] R13: 0000000000000000 R14: 00007f89e0db5fa0 R15: 00007ffeddfa5638 [ 356.124742][T11180] [ 356.562153][T11184] Invalid ELF header magic: != ELF [ 356.765901][T11190] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 356.792296][T11192] netlink: 'syz.1.1460': attribute type 10 has an invalid length. [ 356.800363][T11192] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1460'. [ 356.810484][T11192] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 358.048182][T11227] openvswitch: netlink: IP tunnel dst address not specified [ 359.212684][T11247] FAULT_INJECTION: forcing a failure. [ 359.212684][T11247] name failslab, interval 1, probability 0, space 0, times 0 [ 359.238836][T11247] CPU: 0 UID: 0 PID: 11247 Comm: syz.3.1475 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 359.238870][T11247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 359.238884][T11247] Call Trace: [ 359.238892][T11247] [ 359.238902][T11247] dump_stack_lvl+0x16c/0x1f0 [ 359.238942][T11247] should_fail_ex+0x512/0x640 [ 359.238975][T11247] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 359.239009][T11247] should_failslab+0xc2/0x120 [ 359.239032][T11247] __kmalloc_cache_noprof+0x6a/0x3e0 [ 359.239063][T11247] ? fsnotify_alloc_group+0x92/0x330 [ 359.239099][T11247] fsnotify_alloc_group+0x92/0x330 [ 359.239131][T11247] do_inotify_init+0x49/0x5f0 [ 359.239164][T11247] ? rcu_is_watching+0x12/0xc0 [ 359.239188][T11247] __x64_sys_inotify_init1+0x30/0x40 [ 359.239224][T11247] do_syscall_64+0xcd/0x490 [ 359.239261][T11247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.239286][T11247] RIP: 0033:0x7f89e0b8e929 [ 359.239306][T11247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 359.239329][T11247] RSP: 002b:00007f89e1a1d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 359.239352][T11247] RAX: ffffffffffffffda RBX: 00007f89e0db5fa0 RCX: 00007f89e0b8e929 [ 359.239369][T11247] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0003000000000000 [ 359.239384][T11247] RBP: 00007f89e0c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 359.239399][T11247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 359.239413][T11247] R13: 0000000000000000 R14: 00007f89e0db5fa0 R15: 00007ffeddfa5638 [ 359.239452][T11247] [ 359.448208][T11243] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 359.595824][T11252] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 360.580276][T11283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1486'. [ 360.621830][T11283] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1486'. [ 361.624771][T11310] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 362.748345][T11325] FAULT_INJECTION: forcing a failure. [ 362.748345][T11325] name failslab, interval 1, probability 0, space 0, times 0 [ 362.823070][T11325] CPU: 1 UID: 0 PID: 11325 Comm: syz.0.1494 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 362.823116][T11325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 362.823130][T11325] Call Trace: [ 362.823138][T11325] [ 362.823147][T11325] dump_stack_lvl+0x16c/0x1f0 [ 362.823186][T11325] should_fail_ex+0x512/0x640 [ 362.823218][T11325] ? __kmalloc_noprof+0xbf/0x510 [ 362.823253][T11325] ? lsm_blob_alloc+0x68/0x90 [ 362.823289][T11325] should_failslab+0xc2/0x120 [ 362.823312][T11325] __kmalloc_noprof+0xd2/0x510 [ 362.823353][T11325] lsm_blob_alloc+0x68/0x90 [ 362.823388][T11325] security_sk_alloc+0x30/0x270 [ 362.823416][T11325] sk_prot_alloc+0xfb/0x2a0 [ 362.823445][T11325] sk_alloc+0x36/0xc20 [ 362.823479][T11325] unix_create1+0xa6/0x700 [ 362.823512][T11325] unix_create+0x10e/0x1d0 [ 362.823542][T11325] __sock_create+0x338/0x8d0 [ 362.823577][T11325] __sys_socketpair+0x25c/0x5a0 [ 362.823608][T11325] ? __pfx___sys_socketpair+0x10/0x10 [ 362.823642][T11325] ? __pfx_ksys_write+0x10/0x10 [ 362.823681][T11325] __x64_sys_socketpair+0x96/0x100 [ 362.823709][T11325] ? lockdep_hardirqs_on+0x7c/0x110 [ 362.823742][T11325] do_syscall_64+0xcd/0x490 [ 362.823779][T11325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.823803][T11325] RIP: 0033:0x7fa926d8e929 [ 362.823824][T11325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.823846][T11325] RSP: 002b:00007fa927bb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 362.823869][T11325] RAX: ffffffffffffffda RBX: 00007fa926fb6080 RCX: 00007fa926d8e929 [ 362.823885][T11325] RDX: 8000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 362.823901][T11325] RBP: 00007fa927bb7090 R08: 0000000000000000 R09: 0000000000000000 [ 362.823916][T11325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 362.823930][T11325] R13: 0000000000000001 R14: 00007fa926fb6080 R15: 00007ffea0918748 [ 362.823963][T11325] [ 363.214749][T11335] random: crng reseeded on system resumption [ 363.582426][T11341] netlink: 'syz.0.1499': attribute type 10 has an invalid length. [ 363.599159][T11341] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1499'. [ 363.621218][T11341] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 364.924247][T11387] FAULT_INJECTION: forcing a failure. [ 364.924247][T11387] name failslab, interval 1, probability 0, space 0, times 0 [ 364.941734][T11387] CPU: 0 UID: 0 PID: 11387 Comm: syz.2.1512 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 364.941770][T11387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 364.941784][T11387] Call Trace: [ 364.941790][T11387] [ 364.941796][T11387] dump_stack_lvl+0x16c/0x1f0 [ 364.941822][T11387] should_fail_ex+0x512/0x640 [ 364.941843][T11387] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 364.941877][T11387] should_failslab+0xc2/0x120 [ 364.941891][T11387] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 364.941912][T11387] ? find_held_lock+0x2b/0x80 [ 364.941925][T11387] ? pidfs_alloc_inode+0x25/0x80 [ 364.941944][T11387] ? __pfx_pidfs_alloc_inode+0x10/0x10 [ 364.941959][T11387] pidfs_alloc_inode+0x25/0x80 [ 364.941975][T11387] alloc_inode+0x64/0x240 [ 364.941989][T11387] path_from_stashed+0x2be/0xb00 [ 364.942014][T11387] ? __pfx_path_from_stashed+0x10/0x10 [ 364.942035][T11387] ? __pfx___might_resched+0x10/0x10 [ 364.942054][T11387] pidfs_register_pid+0x10b/0x1a0 [ 364.942072][T11387] ? __pfx_pidfs_register_pid+0x10/0x10 [ 364.942090][T11387] ? do_raw_spin_unlock+0x172/0x230 [ 364.942114][T11387] unix_socketpair+0x126/0x860 [ 364.942134][T11387] ? bpf_lsm_socket_post_create+0x9/0x10 [ 364.942157][T11387] ? security_socket_post_create+0x21d/0x260 [ 364.942172][T11387] ? __pfx_unix_socketpair+0x10/0x10 [ 364.942191][T11387] ? __sock_create+0xa2/0x8d0 [ 364.942211][T11387] __sys_socketpair+0x2f2/0x5a0 [ 364.942230][T11387] ? __pfx___sys_socketpair+0x10/0x10 [ 364.942249][T11387] ? __pfx_ksys_write+0x10/0x10 [ 364.942273][T11387] __x64_sys_socketpair+0x96/0x100 [ 364.942290][T11387] ? lockdep_hardirqs_on+0x7c/0x110 [ 364.942311][T11387] do_syscall_64+0xcd/0x490 [ 364.942334][T11387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.942349][T11387] RIP: 0033:0x7f449f78e929 [ 364.942360][T11387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.942374][T11387] RSP: 002b:00007f44a06b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 364.942388][T11387] RAX: ffffffffffffffda RBX: 00007f449f9b5fa0 RCX: 00007f449f78e929 [ 364.942398][T11387] RDX: 8000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 364.942406][T11387] RBP: 00007f44a06b0090 R08: 0000000000000000 R09: 0000000000000000 [ 364.942415][T11387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 364.942423][T11387] R13: 0000000000000000 R14: 00007f449f9b5fa0 R15: 00007ffce121f1b8 [ 364.942441][T11387] [ 366.009039][T11414] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 366.321049][T11422] netlink: 'syz.3.1520': attribute type 10 has an invalid length. [ 366.329128][T11422] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1520'. [ 366.413003][T11422] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 366.906323][T11427] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1523'. [ 367.469283][T11454] FAULT_INJECTION: forcing a failure. [ 367.469283][T11454] name failslab, interval 1, probability 0, space 0, times 0 [ 367.506594][T11454] CPU: 1 UID: 0 PID: 11454 Comm: syz.2.1531 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 367.506643][T11454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 367.506654][T11454] Call Trace: [ 367.506661][T11454] [ 367.506667][T11454] dump_stack_lvl+0x16c/0x1f0 [ 367.506693][T11454] should_fail_ex+0x512/0x640 [ 367.506715][T11454] ? fs_reclaim_acquire+0xae/0x150 [ 367.506733][T11454] should_failslab+0xc2/0x120 [ 367.506748][T11454] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 367.506770][T11454] ? security_inode_alloc+0x3b/0x2b0 [ 367.506789][T11454] security_inode_alloc+0x3b/0x2b0 [ 367.506804][T11454] inode_init_always_gfp+0xce4/0x1030 [ 367.506828][T11454] alloc_inode+0x86/0x240 [ 367.506843][T11454] path_from_stashed+0x2be/0xb00 [ 367.506866][T11454] ? __pfx_path_from_stashed+0x10/0x10 [ 367.506891][T11454] ? __pfx___might_resched+0x10/0x10 [ 367.506911][T11454] pidfs_register_pid+0x10b/0x1a0 [ 367.506929][T11454] ? __pfx_pidfs_register_pid+0x10/0x10 [ 367.506948][T11454] ? do_raw_spin_unlock+0x172/0x230 [ 367.506972][T11454] unix_socketpair+0x126/0x860 [ 367.506992][T11454] ? bpf_lsm_socket_post_create+0x9/0x10 [ 367.507015][T11454] ? security_socket_post_create+0x21d/0x260 [ 367.507030][T11454] ? __pfx_unix_socketpair+0x10/0x10 [ 367.507049][T11454] ? __sock_create+0xa2/0x8d0 [ 367.507070][T11454] __sys_socketpair+0x2f2/0x5a0 [ 367.507088][T11454] ? __pfx___sys_socketpair+0x10/0x10 [ 367.507108][T11454] ? __pfx_ksys_write+0x10/0x10 [ 367.507128][T11454] ? xfd_validate_state+0x61/0x180 [ 367.507150][T11454] __x64_sys_socketpair+0x96/0x100 [ 367.507167][T11454] ? lockdep_hardirqs_on+0x7c/0x110 [ 367.507188][T11454] do_syscall_64+0xcd/0x490 [ 367.507211][T11454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.507226][T11454] RIP: 0033:0x7f449f78e929 [ 367.507238][T11454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.507252][T11454] RSP: 002b:00007f44a06b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 367.507266][T11454] RAX: ffffffffffffffda RBX: 00007f449f9b5fa0 RCX: 00007f449f78e929 [ 367.507275][T11454] RDX: 8000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 367.507284][T11454] RBP: 00007f44a06b0090 R08: 0000000000000000 R09: 0000000000000000 [ 367.507293][T11454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 367.507301][T11454] R13: 0000000000000000 R14: 00007f449f9b5fa0 R15: 00007ffce121f1b8 [ 367.507318][T11454] [ 368.063653][T11461] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 369.045513][T11484] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1538'. [ 369.074734][T11484] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1538'. [ 369.880898][T11511] FAULT_INJECTION: forcing a failure. [ 369.880898][T11511] name failslab, interval 1, probability 0, space 0, times 0 [ 369.944496][T11511] CPU: 1 UID: 0 PID: 11511 Comm: syz.2.1547 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 369.944532][T11511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 369.944547][T11511] Call Trace: [ 369.944555][T11511] [ 369.944565][T11511] dump_stack_lvl+0x16c/0x1f0 [ 369.944605][T11511] should_fail_ex+0x512/0x640 [ 369.944637][T11511] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 369.944678][T11511] should_failslab+0xc2/0x120 [ 369.944702][T11511] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 369.944738][T11511] ? __d_alloc+0x31/0xaa0 [ 369.944778][T11511] __d_alloc+0x31/0xaa0 [ 369.944816][T11511] path_from_stashed+0x500/0xb00 [ 369.944855][T11511] ? __pfx_path_from_stashed+0x10/0x10 [ 369.944890][T11511] ? __pfx___might_resched+0x10/0x10 [ 369.944924][T11511] pidfs_register_pid+0x10b/0x1a0 [ 369.944953][T11511] ? __pfx_pidfs_register_pid+0x10/0x10 [ 369.944985][T11511] ? do_raw_spin_unlock+0x172/0x230 [ 369.945022][T11511] unix_socketpair+0x126/0x860 [ 369.945055][T11511] ? bpf_lsm_socket_post_create+0x9/0x10 [ 369.945090][T11511] ? security_socket_post_create+0x21d/0x260 [ 369.945116][T11511] ? __pfx_unix_socketpair+0x10/0x10 [ 369.945146][T11511] ? __sock_create+0xa2/0x8d0 [ 369.945181][T11511] __sys_socketpair+0x2f2/0x5a0 [ 369.945212][T11511] ? __pfx___sys_socketpair+0x10/0x10 [ 369.945246][T11511] ? __pfx_ksys_write+0x10/0x10 [ 369.945284][T11511] __x64_sys_socketpair+0x96/0x100 [ 369.945317][T11511] ? lockdep_hardirqs_on+0x7c/0x110 [ 369.945350][T11511] do_syscall_64+0xcd/0x490 [ 369.945393][T11511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.945418][T11511] RIP: 0033:0x7f449f78e929 [ 369.945438][T11511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.945461][T11511] RSP: 002b:00007f44a06b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 369.945484][T11511] RAX: ffffffffffffffda RBX: 00007f449f9b5fa0 RCX: 00007f449f78e929 [ 369.945501][T11511] RDX: 8000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 369.945516][T11511] RBP: 00007f44a06b0090 R08: 0000000000000000 R09: 0000000000000000 [ 369.945531][T11511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 369.945545][T11511] R13: 0000000000000000 R14: 00007f449f9b5fa0 R15: 00007ffce121f1b8 [ 369.945578][T11511] [ 370.513773][ T5838] Bluetooth: hci2: unexpected event 0x3e length: 728 > 260 [ 370.513953][ T5838] Bluetooth: hci2: unexpected subevent 0x03 length: 727 > 9 [ 370.679148][T11522] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 371.201063][T11530] netlink: 'syz.1.1552': attribute type 10 has an invalid length. [ 371.209049][T11530] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1552'. [ 371.368231][T11530] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 371.865419][T11547] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 371.951071][T11549] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1559'. [ 373.549409][T11587] netlink: 'syz.0.1568': attribute type 10 has an invalid length. [ 373.572902][T11587] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1568'. [ 373.610509][T11587] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 373.979704][T11598] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1571'. [ 375.481777][ T5838] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 377.836893][T11661] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 378.535454][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.541851][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.819257][T11673] FAULT_INJECTION: forcing a failure. [ 378.819257][T11673] name failslab, interval 1, probability 0, space 0, times 0 [ 378.983300][T11673] CPU: 1 UID: 0 PID: 11673 Comm: syz.3.1587 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 378.983340][T11673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 378.983357][T11673] Call Trace: [ 378.983366][T11673] [ 378.983376][T11673] dump_stack_lvl+0x16c/0x1f0 [ 378.983419][T11673] should_fail_ex+0x512/0x640 [ 378.983452][T11673] ? __kmalloc_noprof+0xbf/0x510 [ 378.983501][T11673] ? ops_init+0x77/0x5f0 [ 378.983537][T11673] should_failslab+0xc2/0x120 [ 378.983562][T11673] __kmalloc_noprof+0xd2/0x510 [ 378.983601][T11673] ? net_generic+0xf4/0x2a0 [ 378.983629][T11673] ops_init+0x77/0x5f0 [ 378.983671][T11673] setup_net+0x1ff/0x510 [ 378.983692][T11673] ? lockdep_init_map_type+0x5c/0x280 [ 378.983726][T11673] ? __pfx_setup_net+0x10/0x10 [ 378.983752][T11673] ? debug_mutex_init+0x37/0x70 [ 378.983780][T11673] copy_net_ns+0x2a6/0x5f0 [ 378.983809][T11673] create_new_namespaces+0x3ea/0xa90 [ 378.983845][T11673] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 378.983876][T11673] ksys_unshare+0x45b/0xa40 [ 378.983908][T11673] ? __pfx_ksys_unshare+0x10/0x10 [ 378.983940][T11673] ? xfd_validate_state+0x61/0x180 [ 378.983982][T11673] __x64_sys_unshare+0x31/0x40 [ 378.984013][T11673] do_syscall_64+0xcd/0x490 [ 378.984052][T11673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.984078][T11673] RIP: 0033:0x7f89e0b8e929 [ 378.984098][T11673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.984124][T11673] RSP: 002b:00007f89e1a1d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 378.984148][T11673] RAX: ffffffffffffffda RBX: 00007f89e0db5fa0 RCX: 00007f89e0b8e929 [ 378.984166][T11673] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 378.984182][T11673] RBP: 00007f89e0c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 378.984196][T11673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 378.984209][T11673] R13: 0000000000000000 R14: 00007f89e0db5fa0 R15: 00007ffeddfa5638 [ 378.984240][T11673] [ 380.792862][T11722] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 381.169983][T11730] netlink: 'syz.0.1605': attribute type 10 has an invalid length. [ 381.201334][T11730] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1605'. [ 381.256374][T11730] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 381.746719][T11748] program syz.2.1613 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 383.185791][T11792] netlink: 'syz.2.1623': attribute type 10 has an invalid length. [ 383.220597][T11792] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1623'. [ 383.286853][T11792] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 385.980049][T10795] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.231080][T10795] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.415411][T10795] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.522564][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 386.532213][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 386.540732][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 386.550607][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 386.558804][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 386.934208][T10795] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.002904][T11889] FAULT_INJECTION: forcing a failure. [ 387.002904][T11889] name failslab, interval 1, probability 0, space 0, times 0 [ 387.091401][T11889] CPU: 1 UID: 0 PID: 11889 Comm: syz.2.1655 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 387.091444][T11889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 387.091459][T11889] Call Trace: [ 387.091468][T11889] [ 387.091478][T11889] dump_stack_lvl+0x16c/0x1f0 [ 387.091520][T11889] should_fail_ex+0x512/0x640 [ 387.091553][T11889] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 387.091589][T11889] should_failslab+0xc2/0x120 [ 387.091614][T11889] __kmalloc_cache_noprof+0x6a/0x3e0 [ 387.091647][T11889] ? drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 387.091684][T11889] drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 387.091715][T11889] drm_atomic_get_connector_state+0x38b/0x740 [ 387.091751][T11889] drm_atomic_add_affected_connectors+0x2e0/0x3f0 [ 387.091785][T11889] ? __pfx_drm_atomic_add_affected_connectors+0x10/0x10 [ 387.091812][T11889] ? ww_mutex_lock+0x37/0x160 [ 387.091849][T11889] ? modeset_lock+0x114/0x6e0 [ 387.091890][T11889] __drm_atomic_helper_set_config+0x5ef/0xea0 [ 387.091925][T11889] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 387.091961][T11889] ? drm_client_rotation+0x4da/0x6a0 [ 387.091994][T11889] drm_client_modeset_commit_atomic+0x53d/0x7e0 [ 387.092035][T11889] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 387.092099][T11889] drm_client_modeset_commit_locked+0x14d/0x580 [ 387.092132][T11889] drm_client_modeset_commit+0x4f/0x80 [ 387.092159][T11889] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 387.092198][T11889] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 387.092232][T11889] drm_fbdev_client_restore+0x2c/0x40 [ 387.092262][T11889] drm_client_dev_restore+0x1f3/0x2a0 [ 387.092297][T11889] drm_release+0x2c4/0x360 [ 387.092325][T11889] ? __pfx_drm_release+0x10/0x10 [ 387.092348][T11889] __fput+0x402/0xb70 [ 387.092383][T11889] task_work_run+0x14d/0x240 [ 387.092421][T11889] ? __pfx_task_work_run+0x10/0x10 [ 387.092465][T11889] ? __pfx___do_sys_close_range+0x10/0x10 [ 387.092510][T11889] exit_to_user_mode_loop+0xeb/0x110 [ 387.092551][T11889] do_syscall_64+0x3f6/0x490 [ 387.092590][T11889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.092616][T11889] RIP: 0033:0x7f449f78e929 [ 387.092638][T11889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.092663][T11889] RSP: 002b:00007f44a06b0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 387.092687][T11889] RAX: 0000000000000000 RBX: 00007f449f9b5fa0 RCX: 00007f449f78e929 [ 387.092703][T11889] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 387.092718][T11889] RBP: 00007f449f810b39 R08: 0000000000000000 R09: 0000000000000000 [ 387.092732][T11889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 387.092747][T11889] R13: 0000000000000000 R14: 00007f449f9b5fa0 R15: 00007ffce121f1b8 [ 387.092777][T11889] [ 387.768095][T11884] chnl_net:caif_netlink_parms(): no params data found [ 387.817950][T10795] bridge_slave_1: left allmulticast mode [ 387.830763][T10795] bridge_slave_1: left promiscuous mode [ 387.851697][T10795] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.888214][T10795] bridge_slave_0: left allmulticast mode [ 387.904322][T10795] bridge_slave_0: left promiscuous mode [ 387.924552][T10795] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.980469][T11912] zswap: compressor not available [ 388.280648][T10795] ip_vti0 (unregistering): left allmulticast mode [ 388.612253][ T51] Bluetooth: hci3: command tx timeout [ 388.678553][T10795] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 388.682989][T11940] netlink: 'syz.1.1664': attribute type 10 has an invalid length. [ 388.695864][T11940] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1664'. [ 388.706149][T10795] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 388.719366][T10795] bond0 (unregistering): Released all slaves [ 388.757679][T11940] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 389.114080][T11884] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.129969][T11884] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.166669][T11884] bridge_slave_0: entered allmulticast mode [ 389.183945][T11884] bridge_slave_0: entered promiscuous mode [ 389.231470][T11884] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.244900][T11884] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.271397][T11884] bridge_slave_1: entered allmulticast mode [ 389.280941][T11884] bridge_slave_1: entered promiscuous mode [ 389.363451][T11962] FAULT_INJECTION: forcing a failure. [ 389.363451][T11962] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 389.393363][T11962] CPU: 0 UID: 0 PID: 11962 Comm: syz.0.1672 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 389.393397][T11962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 389.393411][T11962] Call Trace: [ 389.393419][T11962] [ 389.393428][T11962] dump_stack_lvl+0x16c/0x1f0 [ 389.393475][T11962] should_fail_ex+0x512/0x640 [ 389.393513][T11962] _copy_from_user+0x2e/0xd0 [ 389.393549][T11962] copy_msghdr_from_user+0x98/0x160 [ 389.393585][T11962] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 389.393635][T11962] ___sys_sendmsg+0xfe/0x1d0 [ 389.393671][T11962] ? __pfx____sys_sendmsg+0x10/0x10 [ 389.393703][T11962] ? __lock_acquire+0x622/0x1c90 [ 389.393777][T11962] __sys_sendmsg+0x16d/0x220 [ 389.393812][T11962] ? __pfx___sys_sendmsg+0x10/0x10 [ 389.393869][T11962] do_syscall_64+0xcd/0x490 [ 389.393905][T11962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.393930][T11962] RIP: 0033:0x7fa926d8e929 [ 389.393950][T11962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 389.393972][T11962] RSP: 002b:00007fa927bd8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 389.393995][T11962] RAX: ffffffffffffffda RBX: 00007fa926fb5fa0 RCX: 00007fa926d8e929 [ 389.394011][T11962] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 389.394026][T11962] RBP: 00007fa927bd8090 R08: 0000000000000000 R09: 0000000000000000 [ 389.394041][T11962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 389.394056][T11962] R13: 0000000000000000 R14: 00007fa926fb5fa0 R15: 00007ffea0918748 [ 389.394089][T11962] [ 389.708844][T11884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 389.724238][T11884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 389.864508][T11884] team0: Port device team_slave_0 added [ 389.884363][T11884] team0: Port device team_slave_1 added [ 389.973875][T10795] hsr_slave_0: left promiscuous mode [ 389.980106][T10795] hsr_slave_1: left promiscuous mode [ 389.986671][T10795] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 390.015698][T10795] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 390.043612][T10795] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 390.060338][T10795] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 390.693716][ T51] Bluetooth: hci3: command tx timeout [ 390.936653][T10795] team0 (unregistering): Port device team_slave_1 removed [ 391.004370][T10795] team0 (unregistering): Port device team_slave_0 removed [ 391.117217][T12012] FAULT_INJECTION: forcing a failure. [ 391.117217][T12012] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 391.147401][T12012] CPU: 1 UID: 0 PID: 12012 Comm: syz.2.1683 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 391.147435][T12012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 391.147447][T12012] Call Trace: [ 391.147454][T12012] [ 391.147463][T12012] dump_stack_lvl+0x16c/0x1f0 [ 391.147500][T12012] should_fail_ex+0x512/0x640 [ 391.147533][T12012] _copy_from_user+0x2e/0xd0 [ 391.147566][T12012] move_addr_to_kernel+0x65/0x170 [ 391.147593][T12012] __copy_msghdr+0x386/0x470 [ 391.147625][T12012] copy_msghdr_from_user+0xc1/0x160 [ 391.147654][T12012] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 391.147700][T12012] ___sys_sendmsg+0xfe/0x1d0 [ 391.147733][T12012] ? __pfx____sys_sendmsg+0x10/0x10 [ 391.147762][T12012] ? __lock_acquire+0x622/0x1c90 [ 391.147828][T12012] __sys_sendmsg+0x16d/0x220 [ 391.147861][T12012] ? __pfx___sys_sendmsg+0x10/0x10 [ 391.147913][T12012] do_syscall_64+0xcd/0x490 [ 391.147947][T12012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.147970][T12012] RIP: 0033:0x7f449f78e929 [ 391.147988][T12012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 391.148025][T12012] RSP: 002b:00007f44a06b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 391.148048][T12012] RAX: ffffffffffffffda RBX: 00007f449f9b5fa0 RCX: 00007f449f78e929 [ 391.148065][T12012] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 391.148078][T12012] RBP: 00007f44a06b0090 R08: 0000000000000000 R09: 0000000000000000 [ 391.148091][T12012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 391.148105][T12012] R13: 0000000000000000 R14: 00007f449f9b5fa0 R15: 00007ffce121f1b8 [ 391.148135][T12012] [ 391.815363][T11884] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 391.841478][T11884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 391.899556][T11884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 391.935047][T11884] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 391.944793][T11884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 391.991887][T11884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 392.213051][T11884] hsr_slave_0: entered promiscuous mode [ 392.231674][T11884] hsr_slave_1: entered promiscuous mode [ 392.237955][T11884] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 392.282368][T11884] Cannot create hsr debugfs directory [ 392.782148][ T51] Bluetooth: hci3: command tx timeout [ 393.390271][T12065] FAULT_INJECTION: forcing a failure. [ 393.390271][T12065] name failslab, interval 1, probability 0, space 0, times 0 [ 393.472595][T12065] CPU: 1 UID: 0 PID: 12065 Comm: syz.0.1697 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 393.472627][T12065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 393.472636][T12065] Call Trace: [ 393.472642][T12065] [ 393.472647][T12065] dump_stack_lvl+0x16c/0x1f0 [ 393.472674][T12065] should_fail_ex+0x512/0x640 [ 393.472695][T12065] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 393.472719][T12065] should_failslab+0xc2/0x120 [ 393.472733][T12065] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 393.472754][T12065] ? __alloc_skb+0x2b2/0x380 [ 393.472779][T12065] __alloc_skb+0x2b2/0x380 [ 393.472799][T12065] ? __pfx___alloc_skb+0x10/0x10 [ 393.472822][T12065] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 393.472841][T12065] netlink_alloc_large_skb+0x69/0x130 [ 393.472858][T12065] netlink_sendmsg+0x6a1/0xdd0 [ 393.472875][T12065] ? __pfx_netlink_sendmsg+0x10/0x10 [ 393.472897][T12065] ____sys_sendmsg+0xa98/0xc70 [ 393.472914][T12065] ? copy_msghdr_from_user+0x10a/0x160 [ 393.472936][T12065] ? __pfx_____sys_sendmsg+0x10/0x10 [ 393.472960][T12065] ___sys_sendmsg+0x134/0x1d0 [ 393.472983][T12065] ? __pfx____sys_sendmsg+0x10/0x10 [ 393.473002][T12065] ? __lock_acquire+0x622/0x1c90 [ 393.473051][T12065] __sys_sendmsg+0x16d/0x220 [ 393.473073][T12065] ? __pfx___sys_sendmsg+0x10/0x10 [ 393.473106][T12065] do_syscall_64+0xcd/0x490 [ 393.473130][T12065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.473145][T12065] RIP: 0033:0x7fa926d8e929 [ 393.473156][T12065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.473170][T12065] RSP: 002b:00007fa927bd8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 393.473185][T12065] RAX: ffffffffffffffda RBX: 00007fa926fb5fa0 RCX: 00007fa926d8e929 [ 393.473195][T12065] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 393.473204][T12065] RBP: 00007fa927bd8090 R08: 0000000000000000 R09: 0000000000000000 [ 393.473213][T12065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 393.473221][T12065] R13: 0000000000000000 R14: 00007fa926fb5fa0 R15: 00007ffea0918748 [ 393.473238][T12065] [ 394.713071][T11884] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 394.749524][T11884] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 394.891266][ T51] Bluetooth: hci3: command tx timeout [ 395.199172][T11884] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 395.302043][T11884] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 396.696046][T11884] 8021q: adding VLAN 0 to HW filter on device bond0 [ 396.748424][T11884] 8021q: adding VLAN 0 to HW filter on device team0 [ 396.811744][T11008] bridge0: port 1(bridge_slave_0) entered blocking state [ 396.818952][T11008] bridge0: port 1(bridge_slave_0) entered forwarding state [ 396.882556][T11008] bridge0: port 2(bridge_slave_1) entered blocking state [ 396.889686][T11008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 397.070994][T11884] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 397.719859][T11884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 397.830147][T11884] veth0_vlan: entered promiscuous mode [ 397.886616][T11884] veth1_vlan: entered promiscuous mode [ 397.983770][T11884] veth0_macvtap: entered promiscuous mode [ 398.024399][T11884] veth1_macvtap: entered promiscuous mode [ 398.149528][T11884] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 398.463259][T11884] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 398.550443][T11884] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.571297][T11884] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.626150][T11884] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.648077][T11884] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.946890][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 398.996813][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 399.108649][T11004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 399.222267][T11004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.224027][T12211] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1726'. [ 403.073471][T12295] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1743'. [ 403.348579][T12308] netlink: 'syz.1.1748': attribute type 10 has an invalid length. [ 403.367998][T12308] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1748'. [ 403.401292][T12308] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 403.783364][T12329] FAULT_INJECTION: forcing a failure. [ 403.783364][T12329] name failslab, interval 1, probability 0, space 0, times 0 [ 403.796291][T12329] CPU: 1 UID: 0 PID: 12329 Comm: syz.3.1757 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 403.796312][T12329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 403.796321][T12329] Call Trace: [ 403.796325][T12329] [ 403.796331][T12329] dump_stack_lvl+0x16c/0x1f0 [ 403.796358][T12329] should_fail_ex+0x512/0x640 [ 403.796382][T12329] should_failslab+0xc2/0x120 [ 403.796396][T12329] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 403.796420][T12329] ? skb_clone+0x190/0x3f0 [ 403.796444][T12329] skb_clone+0x190/0x3f0 [ 403.796467][T12329] netlink_deliver_tap+0xabd/0xd30 [ 403.796485][T12329] netlink_unicast+0x6b2/0x7f0 [ 403.796503][T12329] ? __pfx_netlink_unicast+0x10/0x10 [ 403.796523][T12329] nl_fib_input+0x2aa/0x350 [ 403.796541][T12329] netlink_unicast+0x53a/0x7f0 [ 403.796558][T12329] ? __pfx_netlink_unicast+0x10/0x10 [ 403.796578][T12329] netlink_sendmsg+0x8d1/0xdd0 [ 403.796596][T12329] ? __pfx_netlink_sendmsg+0x10/0x10 [ 403.796618][T12329] ____sys_sendmsg+0xa98/0xc70 [ 403.796635][T12329] ? copy_msghdr_from_user+0x10a/0x160 [ 403.796657][T12329] ? __pfx_____sys_sendmsg+0x10/0x10 [ 403.796681][T12329] ___sys_sendmsg+0x134/0x1d0 [ 403.796704][T12329] ? __pfx____sys_sendmsg+0x10/0x10 [ 403.796723][T12329] ? __lock_acquire+0x622/0x1c90 [ 403.796766][T12329] __sys_sendmsg+0x16d/0x220 [ 403.796789][T12329] ? __pfx___sys_sendmsg+0x10/0x10 [ 403.796823][T12329] do_syscall_64+0xcd/0x490 [ 403.796846][T12329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.796861][T12329] RIP: 0033:0x7fdff598e929 [ 403.796873][T12329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.796887][T12329] RSP: 002b:00007fdff67c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 403.796901][T12329] RAX: ffffffffffffffda RBX: 00007fdff5bb5fa0 RCX: 00007fdff598e929 [ 403.796910][T12329] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 403.796918][T12329] RBP: 00007fdff67c7090 R08: 0000000000000000 R09: 0000000000000000 [ 403.796927][T12329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 403.796935][T12329] R13: 0000000000000000 R14: 00007fdff5bb5fa0 R15: 00007ffc0cd2a3c8 [ 403.796953][T12329] [ 404.188472][T12338] netlink: 'syz.3.1760': attribute type 10 has an invalid length. [ 404.196493][T12338] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1760'. [ 404.207886][T12326] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1755'. [ 404.219333][T12338] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 404.256720][T12326] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1755'. [ 404.747262][T12367] binder: 12366:12367 ioctl c0306201 2000000000c0 returned -14 [ 404.767651][T12363] netlink: 'syz.3.1767': attribute type 1 has an invalid length. [ 404.780436][T12364] HfR: entered promiscuous mode [ 404.787917][T12363] nbd: error processing sock list [ 405.078547][T12373] FAULT_INJECTION: forcing a failure. [ 405.078547][T12373] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 405.101508][T12373] CPU: 0 UID: 0 PID: 12373 Comm: syz.3.1769 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 405.101544][T12373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 405.101557][T12373] Call Trace: [ 405.101564][T12373] [ 405.101573][T12373] dump_stack_lvl+0x16c/0x1f0 [ 405.101612][T12373] should_fail_ex+0x512/0x640 [ 405.101657][T12373] _copy_to_user+0x32/0xd0 [ 405.101694][T12373] simple_read_from_buffer+0xcb/0x170 [ 405.101725][T12373] proc_fail_nth_read+0x197/0x270 [ 405.101753][T12373] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 405.101780][T12373] ? rw_verify_area+0xcf/0x680 [ 405.101807][T12373] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 405.101832][T12373] vfs_read+0x1e4/0xc60 [ 405.101868][T12373] ? __pfx___mutex_lock+0x10/0x10 [ 405.101902][T12373] ? __pfx_vfs_read+0x10/0x10 [ 405.101943][T12373] ? __fget_files+0x20e/0x3c0 [ 405.101983][T12373] ksys_read+0x12a/0x250 [ 405.102013][T12373] ? __pfx_ksys_read+0x10/0x10 [ 405.102055][T12373] do_syscall_64+0xcd/0x490 [ 405.102090][T12373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.102113][T12373] RIP: 0033:0x7fdff598d33c [ 405.102132][T12373] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 405.102155][T12373] RSP: 002b:00007fdff67c7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 405.102178][T12373] RAX: ffffffffffffffda RBX: 00007fdff5bb5fa0 RCX: 00007fdff598d33c [ 405.102194][T12373] RDX: 000000000000000f RSI: 00007fdff67c70a0 RDI: 0000000000000004 [ 405.102207][T12373] RBP: 00007fdff67c7090 R08: 0000000000000000 R09: 0000000000000000 [ 405.102222][T12373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 405.102236][T12373] R13: 0000000000000000 R14: 00007fdff5bb5fa0 R15: 00007ffc0cd2a3c8 [ 405.102268][T12373] [ 405.372458][T12376] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 405.678966][T12381] netlink: 'syz.2.1772': attribute type 10 has an invalid length. [ 405.687825][T12381] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1772'. [ 405.716429][T12381] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 406.699560][T12408] netlink: 'syz.2.1781': attribute type 10 has an invalid length. [ 406.728448][T12408] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1781'. [ 406.765304][T12408] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 406.912650][T12413] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 407.448722][T12424] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 408.586737][T12440] netlink: 'syz.2.1791': attribute type 10 has an invalid length. [ 408.597720][T12440] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1791'. [ 408.607211][T12440] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 409.268269][T12468] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 412.905713][T12535] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1816'. [ 415.704832][T12577] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 415.994074][T12586] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1829'. [ 416.016717][T12585] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1828'. [ 419.057720][T12638] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 419.063565][T12640] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 419.083851][T12641] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 420.287843][T12654] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 420.437477][T12659] [U]  [ 420.440581][T12659] [U] [ 420.443311][T12659] [U] [ 420.446044][T12659] [U] [ 420.481076][T12659] [U] [ 420.483861][T12659] [U] [ 420.486581][T12659] [U] [ 420.489304][T12659] [U] [ 420.494023][T12659] [U] [ 420.496740][T12659] [U] [ 420.499416][T12659] [U] [ 420.502093][T12659] [U] [ 420.514251][T12659] [U] [ 420.516990][T12659] [U] [ 420.519715][T12659] [U] [ 420.522435][T12659] [U] [ 420.545458][T12665] [U] [ 422.151057][T12690] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 423.203273][T12709] nbd: failed to add new device [ 423.319995][T12715] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1860'. [ 423.333627][T12715] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1860'. [ 423.398389][T12716] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1860'. [ 423.730539][T12726] sctp: [Deprecated]: syz.2.1863 (pid 12726) Use of struct sctp_assoc_value in delayed_ack socket option. [ 423.730539][T12726] Use struct sctp_sack_info instead [ 423.980261][T12730] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 424.405113][T12733] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 425.195381][T12741] ip_vti0: entered allmulticast mode [ 426.377708][T12769] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 427.266619][T12788] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 427.342852][T12790] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 427.350964][T12783] ubi: mtd0 is already attached to ubi0 [ 429.802760][T12839] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 430.158412][T12849] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 430.672983][T12852] ubi: mtd0 is already attached to ubi0 [ 430.950783][T12859] FAULT_INJECTION: forcing a failure. [ 430.950783][T12859] name failslab, interval 1, probability 0, space 0, times 0 [ 431.045284][T12859] CPU: 1 UID: 0 PID: 12859 Comm: syz.2.1900 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 431.045315][T12859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 431.045324][T12859] Call Trace: [ 431.045330][T12859] [ 431.045337][T12859] dump_stack_lvl+0x16c/0x1f0 [ 431.045363][T12859] should_fail_ex+0x512/0x640 [ 431.045384][T12859] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 431.045407][T12859] should_failslab+0xc2/0x120 [ 431.045422][T12859] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 431.045443][T12859] ? lockdep_init_map_type+0x5c/0x280 [ 431.045461][T12859] ? seq_open+0x55/0x170 [ 431.045477][T12859] seq_open+0x55/0x170 [ 431.045492][T12859] kernfs_fop_open+0x59f/0xda0 [ 431.045508][T12859] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 431.045530][T12859] do_dentry_open+0x744/0x1c10 [ 431.045551][T12859] ? __pfx_kernfs_fop_open+0x10/0x10 [ 431.045570][T12859] vfs_open+0x82/0x3f0 [ 431.045587][T12859] path_openat+0x1de4/0x2cb0 [ 431.045614][T12859] ? __pfx_path_openat+0x10/0x10 [ 431.045635][T12859] ? __lock_acquire+0xb8a/0x1c90 [ 431.045655][T12859] do_filp_open+0x20b/0x470 [ 431.045675][T12859] ? __pfx_do_filp_open+0x10/0x10 [ 431.045708][T12859] ? alloc_fd+0x471/0x7d0 [ 431.045732][T12859] do_sys_openat2+0x11b/0x1d0 [ 431.045747][T12859] ? __pfx_do_sys_openat2+0x10/0x10 [ 431.045769][T12859] __x64_sys_openat+0x174/0x210 [ 431.045785][T12859] ? __pfx___x64_sys_openat+0x10/0x10 [ 431.045809][T12859] do_syscall_64+0xcd/0x490 [ 431.045831][T12859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.045846][T12859] RIP: 0033:0x7f449f78e929 [ 431.045858][T12859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.045872][T12859] RSP: 002b:00007f44a06b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 431.045886][T12859] RAX: ffffffffffffffda RBX: 00007f449f9b5fa0 RCX: 00007f449f78e929 [ 431.045896][T12859] RDX: 0000000000000102 RSI: 00002000000003c0 RDI: ffffffffffffff9c [ 431.045904][T12859] RBP: 00007f449f810b39 R08: 0000000000000000 R09: 0000000000000000 [ 431.045912][T12859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.045920][T12859] R13: 0000000000000000 R14: 00007f449f9b5fa0 R15: 00007ffce121f1b8 [ 431.045938][T12859] [ 433.364782][T12919] FAULT_INJECTION: forcing a failure. [ 433.364782][T12919] name failslab, interval 1, probability 0, space 0, times 0 [ 433.394253][T12919] CPU: 1 UID: 0 PID: 12919 Comm: syz.0.1915 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 433.394290][T12919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 433.394305][T12919] Call Trace: [ 433.394313][T12919] [ 433.394323][T12919] dump_stack_lvl+0x16c/0x1f0 [ 433.394363][T12919] should_fail_ex+0x512/0x640 [ 433.394395][T12919] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 433.394434][T12919] should_failslab+0xc2/0x120 [ 433.394459][T12919] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 433.394493][T12919] ? tracefs_alloc_inode+0x2c/0x140 [ 433.394526][T12919] ? __pfx_tracefs_alloc_inode+0x10/0x10 [ 433.394553][T12919] tracefs_alloc_inode+0x2c/0x140 [ 433.394581][T12919] ? __pfx_tracefs_alloc_inode+0x10/0x10 [ 433.394611][T12919] alloc_inode+0x64/0x240 [ 433.394636][T12919] new_inode+0x22/0x1c0 [ 433.394664][T12919] tracefs_get_inode+0x19/0x80 [ 433.394694][T12919] eventfs_get_inode+0x53/0x520 [ 433.394728][T12919] eventfs_root_lookup+0x6f4/0xa50 [ 433.394761][T12919] ? __pfx_eventfs_root_lookup+0x10/0x10 [ 433.394796][T12919] ? lockdep_init_map_type+0x5c/0x280 [ 433.394838][T12919] ? lockdep_init_map_type+0x5c/0x280 [ 433.394877][T12919] __lookup_slow+0x251/0x460 [ 433.394905][T12919] ? __pfx___lookup_slow+0x10/0x10 [ 433.394956][T12919] ? lookup_fast+0x156/0x610 [ 433.394989][T12919] walk_component+0x353/0x5b0 [ 433.395021][T12919] path_lookupat+0x142/0x6d0 [ 433.395057][T12919] path_openat+0x16f1/0x2cb0 [ 433.395086][T12919] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.395126][T12919] ? __pfx_path_openat+0x10/0x10 [ 433.395164][T12919] ? __lock_acquire+0xb8a/0x1c90 [ 433.395200][T12919] do_filp_open+0x20b/0x470 [ 433.395234][T12919] ? __pfx_do_filp_open+0x10/0x10 [ 433.395296][T12919] ? alloc_fd+0x471/0x7d0 [ 433.395338][T12919] do_sys_openat2+0x11b/0x1d0 [ 433.395366][T12919] ? __pfx_do_sys_openat2+0x10/0x10 [ 433.395407][T12919] __x64_sys_openat+0x174/0x210 [ 433.395435][T12919] ? __pfx___x64_sys_openat+0x10/0x10 [ 433.395478][T12919] do_syscall_64+0xcd/0x490 [ 433.395517][T12919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.395542][T12919] RIP: 0033:0x7fa926d8e929 [ 433.395563][T12919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.395587][T12919] RSP: 002b:00007fa927bd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 433.395612][T12919] RAX: ffffffffffffffda RBX: 00007fa926fb5fa0 RCX: 00007fa926d8e929 [ 433.395630][T12919] RDX: 0000000000600900 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 433.395646][T12919] RBP: 00007fa926e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 433.395661][T12919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 433.395676][T12919] R13: 0000000000000000 R14: 00007fa926fb5fa0 R15: 00007ffea0918748 [ 433.395711][T12919] [ 434.090933][T12939] FAULT_INJECTION: forcing a failure. [ 434.090933][T12939] name fail_futex, interval 1, probability 0, space 0, times 1 [ 434.106064][T12939] CPU: 1 UID: 0 PID: 12939 Comm: syz.0.1918 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 434.106101][T12939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 434.106116][T12939] Call Trace: [ 434.106124][T12939] [ 434.106134][T12939] dump_stack_lvl+0x16c/0x1f0 [ 434.106173][T12939] should_fail_ex+0x512/0x640 [ 434.106213][T12939] get_futex_key+0x1d0/0x1540 [ 434.106246][T12939] ? __pfx_get_futex_key+0x10/0x10 [ 434.106273][T12939] ? trace_pid_list_is_set+0xfb/0x150 [ 434.106306][T12939] ? do_raw_spin_unlock+0x172/0x230 [ 434.106348][T12939] futex_wait_setup+0x9d/0x550 [ 434.106390][T12939] __futex_wait+0x194/0x2f0 [ 434.106424][T12939] ? __pfx___futex_wait+0x10/0x10 [ 434.106454][T12939] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 434.106487][T12939] ? lockdep_hardirqs_on+0x7c/0x110 [ 434.106522][T12939] ? __pfx_futex_wake_mark+0x10/0x10 [ 434.106583][T12939] futex_wait+0xe8/0x380 [ 434.106615][T12939] ? __pfx_futex_wait+0x10/0x10 [ 434.106657][T12939] ? kmem_cache_free+0x2d1/0x4d0 [ 434.106691][T12939] ? fd_install+0x225/0x750 [ 434.106719][T12939] ? putname+0x154/0x1a0 [ 434.106748][T12939] do_futex+0x229/0x350 [ 434.106776][T12939] ? __pfx_do_futex+0x10/0x10 [ 434.106813][T12939] __x64_sys_futex+0x1e0/0x4c0 [ 434.106843][T12939] ? __x64_sys_openat+0x174/0x210 [ 434.106870][T12939] ? __pfx___x64_sys_futex+0x10/0x10 [ 434.106897][T12939] ? xfd_validate_state+0x61/0x180 [ 434.106939][T12939] do_syscall_64+0xcd/0x490 [ 434.106974][T12939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.107000][T12939] RIP: 0033:0x7fa926d8e929 [ 434.107029][T12939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.107055][T12939] RSP: 002b:00007fa927bd80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 434.107078][T12939] RAX: ffffffffffffffda RBX: 00007fa926fb5fa8 RCX: 00007fa926d8e929 [ 434.107094][T12939] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa926fb5fa8 [ 434.107110][T12939] RBP: 00007fa926fb5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 434.107125][T12939] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa926fb5fac [ 434.107141][T12939] R13: 0000000000000000 R14: 00007ffea0918660 R15: 00007ffea0918748 [ 434.107175][T12939] [ 434.773665][T12946] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 435.051904][T12958] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 436.065940][T12973] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 437.721723][T13017] synth uevent: /bus/mei: unknown uevent action string [ 437.943509][T13023] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 438.770977][T13044] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 439.702915][T13053] usb usb24: check_ctrlrecip: process 13053 (syz.3.1944) requesting ep 01 but needs 81 [ 439.714973][T13051] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 439.741839][T13053] usb usb24: usbfs: process 13053 (syz.3.1944) did not claim interface 0 before use [ 439.944886][T13059] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 439.978196][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.991057][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.854800][T13065] netlink: 'syz.1.1946': attribute type 10 has an invalid length. [ 440.884908][T13065] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1946'. [ 440.926071][T13065] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 441.516594][T13077] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 442.193960][T13092] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 443.002984][T13109] random: crng reseeded on system resumption [ 443.945409][T13132] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 444.731643][T13155] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 445.389622][T13172] Invalid ELF header magic: != ELF [ 445.863576][T13185] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 446.217952][T13188] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 446.620519][T13194] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1987'. [ 446.664036][T13196] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1987'. [ 446.834327][T13199] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1987'. [ 448.109464][T13234] openvswitch: netlink: IP tunnel dst address not specified [ 448.210195][T13237] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 448.322157][T13239] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2001'. [ 448.335006][T13239] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2001'. [ 448.354024][T13239] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2001'. [ 449.203192][T13251] netlink: 'syz.3.2005': attribute type 10 has an invalid length. [ 449.280935][T13251] netlink: 230 bytes leftover after parsing attributes in process `syz.3.2005'. [ 449.297768][T13251] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 450.592261][T13285] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2013'. [ 450.605230][T13285] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2013'. [ 450.617042][T13285] netlink: 210 bytes leftover after parsing attributes in process `syz.1.2013'. [ 451.108581][T13293] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 451.789152][T13310] netlink: 'syz.3.2022': attribute type 10 has an invalid length. [ 451.815394][T13310] netlink: 230 bytes leftover after parsing attributes in process `syz.3.2022'. [ 451.865495][T13310] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 452.420227][T13330] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 453.408611][T13339] Process accounting resumed [ 454.984044][T13394] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 457.273303][T13431] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 459.033733][T13465] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2067'. [ 459.729911][T13477] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 460.024792][T13483] nfsd: Unknown parameter '˜ÛZØ' [ 460.911869][T13495] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 461.498212][T13505] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 461.932032][T13524] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2081'. [ 462.324394][T13537] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 462.470659][T13533] kafs: addr_prefs: Invalid Command [ 462.631622][T13541] kafs: addr_prefs: Invalid Command [ 462.717166][T13546] netlink: 'syz.3.2088': attribute type 10 has an invalid length. [ 462.801368][T13546] netlink: 230 bytes leftover after parsing attributes in process `syz.3.2088'. [ 462.822857][T13546] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 463.226888][T13558] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 463.674775][ T51] Bluetooth: hci3: unexpected event 0x3e length: 728 > 260 [ 463.674813][ T51] Bluetooth: hci3: unexpected subevent 0x03 length: 727 > 9 [ 464.619407][T13597] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 465.097163][T13612] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 466.569506][T13634] netlink: 'syz.0.2112': attribute type 10 has an invalid length. [ 466.581259][T13634] netlink: 230 bytes leftover after parsing attributes in process `syz.0.2112'. [ 466.711325][T13634] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 467.555213][T13659] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 469.209341][T13685] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 469.360630][T13687] netlink: 'syz.1.2127': attribute type 10 has an invalid length. [ 469.403937][T13687] netlink: 230 bytes leftover after parsing attributes in process `syz.1.2127'. [ 469.442160][T13687] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 472.883255][T13734] netlink: 'syz.2.2139': attribute type 10 has an invalid length. [ 472.910670][T13734] netlink: 230 bytes leftover after parsing attributes in process `syz.2.2139'. [ 473.008406][T13734] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 475.650187][T13783] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 477.065213][T13804] netlink: 'syz.3.2156': attribute type 10 has an invalid length. [ 477.073412][T13804] netlink: 230 bytes leftover after parsing attributes in process `syz.3.2156'. [ 477.082610][T13804] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 478.712881][T13849] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 480.425218][T13876] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 480.898867][T13890] netlink: 'syz.2.2179': attribute type 10 has an invalid length. [ 480.929141][T13890] netlink: 230 bytes leftover after parsing attributes in process `syz.2.2179'. [ 480.977971][T13890] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 481.896221][ T30] audit: type=1800 audit(6045873620.699:7): pid=13924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2187" name="dbroot" dev="configfs" ino=44073 res=0 errno=0 [ 482.164123][T13930] FAULT_INJECTION: forcing a failure. [ 482.164123][T13930] name fail_futex, interval 1, probability 0, space 0, times 0 [ 482.179092][T13930] CPU: 0 UID: 0 PID: 13930 Comm: syz.0.2194 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 482.179126][T13930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 482.179141][T13930] Call Trace: [ 482.179148][T13930] [ 482.179158][T13930] dump_stack_lvl+0x16c/0x1f0 [ 482.179198][T13930] should_fail_ex+0x512/0x640 [ 482.179235][T13930] get_futex_key+0x1d0/0x1540 [ 482.179265][T13930] ? find_held_lock+0x2b/0x80 [ 482.179288][T13930] ? __pfx_get_futex_key+0x10/0x10 [ 482.179316][T13930] ? __mutex_trylock_common+0xe9/0x250 [ 482.179356][T13930] futex_wake+0xea/0x530 [ 482.179390][T13930] ? __pfx_futex_wake+0x10/0x10 [ 482.179419][T13930] ? __lock_acquire+0xb8a/0x1c90 [ 482.179465][T13930] do_futex+0x1e3/0x350 [ 482.179493][T13930] ? __pfx_do_futex+0x10/0x10 [ 482.179518][T13930] ? __might_fault+0xe3/0x190 [ 482.179560][T13930] mm_release+0x24e/0x300 [ 482.179587][T13930] do_exit+0x68b/0x2bd0 [ 482.179623][T13930] ? __pfx_do_exit+0x10/0x10 [ 482.179652][T13930] ? do_raw_spin_lock+0x12c/0x2b0 [ 482.179684][T13930] ? find_held_lock+0x2b/0x80 [ 482.179712][T13930] do_group_exit+0xd3/0x2a0 [ 482.179744][T13930] get_signal+0x2673/0x26d0 [ 482.179773][T13930] ? kmem_cache_free+0x2d1/0x4d0 [ 482.179804][T13930] ? fd_install+0x225/0x750 [ 482.179839][T13930] ? __pfx_get_signal+0x10/0x10 [ 482.179863][T13930] ? do_futex+0x122/0x350 [ 482.179891][T13930] ? __pfx_do_futex+0x10/0x10 [ 482.179920][T13930] arch_do_signal_or_restart+0x8f/0x790 [ 482.179948][T13930] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 482.179989][T13930] ? xfd_validate_state+0x61/0x180 [ 482.180025][T13930] exit_to_user_mode_loop+0x84/0x110 [ 482.180057][T13930] do_syscall_64+0x3f6/0x490 [ 482.180090][T13930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.180111][T13930] RIP: 0033:0x7fa926d8e929 [ 482.180128][T13930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 482.180148][T13930] RSP: 002b:00007fa927bd80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 482.180168][T13930] RAX: fffffffffffffe00 RBX: 00007fa926fb5fa8 RCX: 00007fa926d8e929 [ 482.180182][T13930] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa926fb5fa8 [ 482.180195][T13930] RBP: 00007fa926fb5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 482.180208][T13930] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa926fb5fac [ 482.180221][T13930] R13: 0000000000000000 R14: 00007ffea0918660 R15: 00007ffea0918748 [ 482.180249][T13930] [ 484.040530][T13960] Process accounting paused [ 484.224623][T13982] FAULT_INJECTION: forcing a failure. [ 484.224623][T13982] name failslab, interval 1, probability 0, space 0, times 0 [ 484.241246][T13982] CPU: 1 UID: 0 PID: 13982 Comm: syz.0.2212 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 484.241285][T13982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 484.241300][T13982] Call Trace: [ 484.241308][T13982] [ 484.241319][T13982] dump_stack_lvl+0x16c/0x1f0 [ 484.241363][T13982] should_fail_ex+0x512/0x640 [ 484.241397][T13982] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 484.241434][T13982] should_failslab+0xc2/0x120 [ 484.241459][T13982] __kmalloc_cache_noprof+0x6a/0x3e0 [ 484.241491][T13982] ? ww_mutex_lock+0x37/0x160 [ 484.241524][T13982] ? ww_mutex_lock+0x37/0x160 [ 484.241557][T13982] ? vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 484.241597][T13982] vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 484.241630][T13982] drm_atomic_get_crtc_state+0x171/0x450 [ 484.241661][T13982] drm_atomic_get_plane_state+0x436/0x590 [ 484.241687][T13982] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 484.241716][T13982] ? __pfx___might_resched+0x10/0x10 [ 484.241752][T13982] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 484.241828][T13982] drm_client_modeset_commit_locked+0x14d/0x580 [ 484.241862][T13982] drm_client_modeset_commit+0x4f/0x80 [ 484.241891][T13982] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 484.241934][T13982] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 484.241967][T13982] drm_fbdev_client_restore+0x2c/0x40 [ 484.241998][T13982] drm_client_dev_restore+0x1f3/0x2a0 [ 484.242028][T13982] drm_release+0x2c4/0x360 [ 484.242055][T13982] ? __pfx_drm_release+0x10/0x10 [ 484.242078][T13982] __fput+0x402/0xb70 [ 484.242113][T13982] task_work_run+0x14d/0x240 [ 484.242148][T13982] ? __pfx_task_work_run+0x10/0x10 [ 484.242182][T13982] ? __pfx___do_sys_close_range+0x10/0x10 [ 484.242225][T13982] exit_to_user_mode_loop+0xeb/0x110 [ 484.242266][T13982] do_syscall_64+0x3f6/0x490 [ 484.242306][T13982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.242330][T13982] RIP: 0033:0x7fa926d8e929 [ 484.242351][T13982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 484.242374][T13982] RSP: 002b:00007fa927bd8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 484.242398][T13982] RAX: 0000000000000000 RBX: 00007fa926fb5fa0 RCX: 00007fa926d8e929 [ 484.242414][T13982] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 484.242429][T13982] RBP: 00007fa926e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 484.242444][T13982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 484.242457][T13982] R13: 0000000000000000 R14: 00007fa926fb5fa0 R15: 00007ffea0918748 [ 484.242493][T13982] [ 484.507720][ C1] vkms_vblank_simulate: vblank timer overrun [ 484.578745][T13993] netlink: 'syz.2.2213': attribute type 10 has an invalid length. [ 484.586922][T13993] netlink: 230 bytes leftover after parsing attributes in process `syz.2.2213'. [ 484.596475][T13993] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 486.224767][T14004] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 486.354856][T14008] Invalid ELF header magic: != ELF [ 487.872220][T14024] FAULT_INJECTION: forcing a failure. [ 487.872220][T14024] name failslab, interval 1, probability 0, space 0, times 0 [ 487.898649][T14024] CPU: 1 UID: 0 PID: 14024 Comm: syz.2.2222 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 487.898686][T14024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 487.898701][T14024] Call Trace: [ 487.898709][T14024] [ 487.898718][T14024] dump_stack_lvl+0x16c/0x1f0 [ 487.898760][T14024] should_fail_ex+0x512/0x640 [ 487.898793][T14024] ? fs_reclaim_acquire+0xae/0x150 [ 487.898826][T14024] should_failslab+0xc2/0x120 [ 487.898852][T14024] __kmalloc_cache_noprof+0x6a/0x3e0 [ 487.898886][T14024] ? hub_ext_port_status+0x5e/0x670 [ 487.898918][T14024] ? usb_control_msg+0xbc/0x4a0 [ 487.898948][T14024] usb_control_msg+0xbc/0x4a0 [ 487.898976][T14024] ? __pfx_usb_control_msg+0x10/0x10 [ 487.899012][T14024] hub_ext_port_status+0x14e/0x670 [ 487.899061][T14024] hub_activate+0x6e5/0x1be0 [ 487.899097][T14024] ? __pfx_hub_activate+0x10/0x10 [ 487.899121][T14024] ? find_held_lock+0x2b/0x80 [ 487.899148][T14024] ? do_proc_control+0xde0/0x10a0 [ 487.899171][T14024] ? usbfs_notify_resume+0x25/0xf0 [ 487.899202][T14024] hub_resume+0xa8/0x3f0 [ 487.899228][T14024] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 487.899265][T14024] ? __pfx_hub_resume+0x10/0x10 [ 487.899292][T14024] ? __pfx_hcd_bus_resume+0x10/0x10 [ 487.899335][T14024] usb_resume_interface.constprop.0.isra.0+0x2c2/0x3e0 [ 487.899374][T14024] usb_resume_both+0x273/0x800 [ 487.899419][T14024] ? __pfx_usb_resume_both+0x10/0x10 [ 487.899452][T14024] ? __pfx_usb_runtime_resume+0x10/0x10 [ 487.899488][T14024] ? __pfx_usb_runtime_resume+0x10/0x10 [ 487.899525][T14024] __rpm_callback+0xc5/0x610 [ 487.899561][T14024] ? __pfx_usb_runtime_resume+0x10/0x10 [ 487.899598][T14024] rpm_callback+0x1b7/0x200 [ 487.899630][T14024] ? __pfx_usb_runtime_resume+0x10/0x10 [ 487.899665][T14024] rpm_resume+0xd0a/0x1310 [ 487.899707][T14024] ? __pfx_rpm_resume+0x10/0x10 [ 487.899739][T14024] ? do_raw_spin_lock+0x12c/0x2b0 [ 487.899775][T14024] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 487.899824][T14024] __pm_runtime_resume+0xb6/0x170 [ 487.899862][T14024] usb_autoresume_device+0x23/0xe0 [ 487.899899][T14024] usbdev_open+0x228/0x8b0 [ 487.899935][T14024] ? kobject_get_unless_zero+0x156/0x1e0 [ 487.899974][T14024] ? __pfx_usbdev_open+0x10/0x10 [ 487.900009][T14024] ? chrdev_open+0x10b/0x6a0 [ 487.900051][T14024] ? __pfx_usbdev_open+0x10/0x10 [ 487.900084][T14024] chrdev_open+0x231/0x6a0 [ 487.900119][T14024] ? __pfx_apparmor_file_open+0x10/0x10 [ 487.900151][T14024] ? __pfx_chrdev_open+0x10/0x10 [ 487.900189][T14024] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 487.900229][T14024] do_dentry_open+0x744/0x1c10 [ 487.900263][T14024] ? __pfx_chrdev_open+0x10/0x10 [ 487.900303][T14024] vfs_open+0x82/0x3f0 [ 487.900330][T14024] path_openat+0x1de4/0x2cb0 [ 487.900378][T14024] ? __pfx_path_openat+0x10/0x10 [ 487.900420][T14024] ? __lock_acquire+0xb8a/0x1c90 [ 487.900460][T14024] do_filp_open+0x20b/0x470 [ 487.900494][T14024] ? __pfx_do_filp_open+0x10/0x10 [ 487.900553][T14024] ? alloc_fd+0x471/0x7d0 [ 487.900594][T14024] do_sys_openat2+0x11b/0x1d0 [ 487.900621][T14024] ? __pfx_do_sys_openat2+0x10/0x10 [ 487.900645][T14024] ? map_id_range_up+0x2ce/0x3b0 [ 487.900695][T14024] __x64_sys_openat+0x174/0x210 [ 487.900722][T14024] ? __pfx___x64_sys_openat+0x10/0x10 [ 487.900765][T14024] do_syscall_64+0xcd/0x490 [ 487.900803][T14024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.900828][T14024] RIP: 0033:0x7f449f78e929 [ 487.900849][T14024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 487.900872][T14024] RSP: 002b:00007f44a06b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 487.900898][T14024] RAX: ffffffffffffffda RBX: 00007f449f9b5fa0 RCX: 00007f449f78e929 [ 487.900915][T14024] RDX: 000000000000a901 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 487.900933][T14024] RBP: 00007f449f810b39 R08: 0000000000000000 R09: 0000000000000000 [ 487.900949][T14024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 487.900964][T14024] R13: 0000000000000000 R14: 00007f449f9b5fa0 R15: 00007ffce121f1b8 [ 487.900999][T14024] [ 487.901054][T14024] hub 37-0:1.0: hub_ext_port_status failed (err = -12) [ 489.187840][T14050] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 489.352331][ T5875] Process accounting resumed [ 489.868391][T14057] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 492.627119][T14099] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 496.272606][T14151] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 497.191981][T14168] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2262'. [ 498.401388][T14183] netlink: 'syz.3.2269': attribute type 10 has an invalid length. [ 498.409426][T14183] netlink: 230 bytes leftover after parsing attributes in process `syz.3.2269'. [ 498.418505][T14183] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 498.839200][T14194] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 499.478865][T14207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2276'. [ 500.886315][T14221] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 501.414486][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.420878][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.394249][T14275] netlink: 'syz.3.2295': attribute type 10 has an invalid length. [ 503.423358][T14275] netlink: 230 bytes leftover after parsing attributes in process `syz.3.2295'. [ 503.446497][T14275] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 505.907984][T14321] netlink: 'syz.2.2308': attribute type 10 has an invalid length. [ 505.979125][T14321] netlink: 230 bytes leftover after parsing attributes in process `syz.2.2308'. [ 506.220190][T14321] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 508.558423][ T51] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 508.558458][ T51] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 508.573690][ T51] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 508.573721][ T51] Bluetooth: hci1: adv larger than maximum supported [ 508.581003][ T51] Bluetooth: hci1: Unknown advertising packet type: 0x30 [ 508.587688][ T51] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 508.595025][ T51] Bluetooth: hci1: Malformed LE Event: 0x0d [ 508.640705][T14389] FAULT_INJECTION: forcing a failure. [ 508.640705][T14389] name failslab, interval 1, probability 0, space 0, times 0 [ 508.787068][T14389] CPU: 1 UID: 0 PID: 14389 Comm: syz.0.2325 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 508.787105][T14389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 508.787119][T14389] Call Trace: [ 508.787127][T14389] [ 508.787142][T14389] dump_stack_lvl+0x16c/0x1f0 [ 508.787181][T14389] should_fail_ex+0x512/0x640 [ 508.787213][T14389] ? fs_reclaim_acquire+0xae/0x150 [ 508.787243][T14389] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 508.787274][T14389] should_failslab+0xc2/0x120 [ 508.787298][T14389] __kmalloc_noprof+0xd2/0x510 [ 508.787344][T14389] tomoyo_realpath_from_path+0xc2/0x6e0 [ 508.787390][T14389] ? tomoyo_profile+0x47/0x60 [ 508.787427][T14389] tomoyo_path_number_perm+0x245/0x580 [ 508.787454][T14389] ? tomoyo_path_number_perm+0x237/0x580 [ 508.787484][T14389] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 508.787518][T14389] ? find_held_lock+0x2b/0x80 [ 508.787577][T14389] ? find_held_lock+0x2b/0x80 [ 508.787600][T14389] ? hook_file_ioctl_common+0x145/0x410 [ 508.787637][T14389] ? __fget_files+0x20e/0x3c0 [ 508.787675][T14389] security_file_ioctl+0x9b/0x240 [ 508.787705][T14389] __x64_sys_ioctl+0xb7/0x210 [ 508.787734][T14389] do_syscall_64+0xcd/0x490 [ 508.787769][T14389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.787790][T14389] RIP: 0033:0x7fa926d8e929 [ 508.787807][T14389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.787826][T14389] RSP: 002b:00007fa927bd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 508.787853][T14389] RAX: ffffffffffffffda RBX: 00007fa926fb5fa0 RCX: 00007fa926d8e929 [ 508.787869][T14389] RDX: 0000000000000000 RSI: 0000000000002282 RDI: 0000000000000003 [ 508.787882][T14389] RBP: 00007fa927bd8090 R08: 0000000000000000 R09: 0000000000000000 [ 508.787895][T14389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 508.787907][T14389] R13: 0000000000000000 R14: 00007fa926fb5fa0 R15: 00007ffea0918748 [ 508.787941][T14389] [ 508.788049][T14389] ERROR: Out of memory at tomoyo_realpath_from_path. [ 510.390394][T14435] netlink: 'syz.1.2336': attribute type 10 has an invalid length. [ 510.429544][T14435] netlink: 230 bytes leftover after parsing attributes in process `syz.1.2336'. [ 510.494745][T14435] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 511.073566][T14447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2340'. [ 511.876851][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 511.887836][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 511.896238][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 511.906067][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 511.914597][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 512.077563][ T7654] ------------[ cut here ]------------ [ 512.083134][ T7654] ODEBUG: free active (active state 0) object: ffff88807c3a52d8 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 [ 512.173836][ T7654] WARNING: CPU: 1 PID: 7654 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 [ 512.183610][ T7654] Modules linked in: [ 512.187542][ T7654] CPU: 1 UID: 0 PID: 7654 Comm: syz.0.487 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 512.199630][ T7654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 512.209892][ T7654] RIP: 0010:debug_print_object+0x1a2/0x2b0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 512.215729][ T7654] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 80 76 15 8c 4c 89 e6 48 c7 c7 00 6b 15 8c e8 5f 75 9c fc 90 <0f> 0b 90 90 58 83 05 76 34 ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 512.235694][ T7654] RSP: 0018:ffffc900032d7768 EFLAGS: 00010286 [ 512.242048][ T7654] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8 [ 512.250135][ T7654] RDX: ffff88807c148000 RSI: ffffffff817aa1b5 RDI: 0000000000000001 [ 512.258129][ T7654] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 512.266266][ T7654] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c1571a0 [ 512.274335][ T7654] R13: ffffffff8bafe840 R14: ffffffff8a880fd0 R15: ffffc900032d7868 [ 512.282419][ T7654] FS: 0000000000000000(0000) GS:ffff888124860000(0000) knlGS:0000000000000000 [ 512.292192][ T7654] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 512.298842][ T7654] CR2: 0000200000000000 CR3: 0000000077774000 CR4: 00000000003526f0 [ 512.306928][ T7654] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 512.314988][ T7654] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 512.323195][ T7654] Call Trace: [ 512.326491][ T7654] [ 512.329513][ T7654] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 512.335009][ T7654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 512.340887][ T7654] debug_check_no_obj_freed+0x4b7/0x600 [ 512.347290][ T7654] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 512.353454][ T7654] ? rcu_is_watching+0x12/0xc0 [ 512.358248][ T7654] ? kmem_cache_free+0x2d1/0x4d0 [ 512.363274][ T7654] kfree+0x28f/0x4d0 [ 512.367200][ T7654] ? hci_release_dev+0x4d8/0x600 [ 512.373115][ T7654] hci_release_dev+0x4d8/0x600 [ 512.377912][ T7654] ? __pfx_hci_release_dev+0x10/0x10 [ 512.383287][ T7654] ? rcu_is_watching+0x12/0xc0 [ 512.388073][ T7654] ? kfree+0x24f/0x4d0 [ 512.392305][ T7654] bt_host_release+0x6a/0xb0 [ 512.396919][ T7654] ? __pfx_bt_host_release+0x10/0x10 [ 512.402296][ T7654] device_release+0xa1/0x240 [ 512.406917][ T7654] kobject_put+0x1e7/0x5a0 [ 512.411453][ T7654] ? __pfx_vhci_release+0x10/0x10 [ 512.416511][ T7654] put_device+0x1f/0x30 [ 512.420755][ T7654] vhci_release+0x81/0xf0 [ 512.425285][ T7654] __fput+0x402/0xb70 [ 512.429351][ T7654] task_work_run+0x14d/0x240 [ 512.433977][ T7654] ? __pfx_task_work_run+0x10/0x10 [ 512.439173][ T7654] do_exit+0x86c/0x2bd0 [ 512.443360][ T7654] ? __pfx_do_exit+0x10/0x10 [ 512.447982][ T7654] ? do_raw_spin_lock+0x12c/0x2b0 [ 512.453108][ T7654] ? find_held_lock+0x2b/0x80 [ 512.457822][ T7654] do_group_exit+0xd3/0x2a0 [ 512.462392][ T7654] get_signal+0x2673/0x26d0 [ 512.466928][ T7654] ? hash_netiface6_del+0x1708/0x18d0 [ 512.472410][ T7654] ? __pfx_get_signal+0x10/0x10 [ 512.477296][ T7654] ? do_futex+0x122/0x350 [ 512.481715][ T7654] ? __pfx_do_futex+0x10/0x10 [ 512.486419][ T7654] arch_do_signal_or_restart+0x8f/0x790 [ 512.492067][ T7654] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 512.498275][ T7654] exit_to_user_mode_loop+0x84/0x110 [ 512.503635][ T7654] do_syscall_64+0x3f6/0x490 [ 512.508264][ T7654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.514243][ T7654] RIP: 0033:0x7fa926d8e929 [ 512.518730][ T7654] Code: Unable to access opcode bytes at 0x7fa926d8e8ff. [ 512.525934][ T7654] RSP: 002b:00007fa927b960e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 512.534501][ T7654] RAX: fffffffffffffe00 RBX: 00007fa926fb6168 RCX: 00007fa926d8e929 [ 512.542683][ T7654] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa926fb6168 [ 512.550767][ T7654] RBP: 00007fa926fb6160 R08: 0000000000000000 R09: 0000000000000000 [ 512.558923][ T7654] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa926fb616c [ 512.566919][ T7654] R13: 0000000000000000 R14: 00007ffea0918660 R15: 00007ffea0918748 [ 512.575038][ T7654] [ 512.578075][ T7654] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 512.585376][ T7654] CPU: 1 UID: 0 PID: 7654 Comm: syz.0.487 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 512.597297][ T7654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 512.607375][ T7654] Call Trace: [ 512.610668][ T7654] [ 512.613610][ T7654] dump_stack_lvl+0x3d/0x1f0 [ 512.618243][ T7654] panic+0x71c/0x800 [ 512.622173][ T7654] ? __pfx_panic+0x10/0x10 [ 512.626622][ T7654] ? show_trace_log_lvl+0x29b/0x3e0 [ 512.631860][ T7654] ? check_panic_on_warn+0x1f/0xb0 [ 512.636994][ T7654] ? debug_print_object+0x1a2/0x2b0 [ 512.642200][ T7654] check_panic_on_warn+0xab/0xb0 [ 512.647156][ T7654] __warn+0xf6/0x3c0 [ 512.651065][ T7654] ? debug_print_object+0x1a2/0x2b0 [ 512.656266][ T7654] report_bug+0x3c3/0x580 [ 512.660615][ T7654] ? debug_print_object+0x1a2/0x2b0 [ 512.665836][ T7654] handle_bug+0x184/0x210 [ 512.670167][ T7654] exc_invalid_op+0x17/0x50 [ 512.674676][ T7654] asm_exc_invalid_op+0x1a/0x20 [ 512.679535][ T7654] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 512.685354][ T7654] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 80 76 15 8c 4c 89 e6 48 c7 c7 00 6b 15 8c e8 5f 75 9c fc 90 <0f> 0b 90 90 58 83 05 76 34 ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 512.705009][ T7654] RSP: 0018:ffffc900032d7768 EFLAGS: 00010286 [ 512.711085][ T7654] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8 [ 512.719056][ T7654] RDX: ffff88807c148000 RSI: ffffffff817aa1b5 RDI: 0000000000000001 [ 512.727055][ T7654] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 512.735037][ T7654] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c1571a0 [ 512.743010][ T7654] R13: ffffffff8bafe840 R14: ffffffff8a880fd0 R15: ffffc900032d7868 [ 512.750987][ T7654] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 512.756464][ T7654] ? __warn_printk+0x198/0x350 [ 512.761238][ T7654] ? __warn_printk+0x1a5/0x350 [ 512.766015][ T7654] ? debug_print_object+0x1a1/0x2b0 [ 512.771213][ T7654] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 512.776684][ T7654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 512.782506][ T7654] debug_check_no_obj_freed+0x4b7/0x600 [ 512.788074][ T7654] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 512.794146][ T7654] ? rcu_is_watching+0x12/0xc0 [ 512.798923][ T7654] ? kmem_cache_free+0x2d1/0x4d0 [ 512.803882][ T7654] kfree+0x28f/0x4d0 [ 512.807787][ T7654] ? hci_release_dev+0x4d8/0x600 [ 512.812740][ T7654] hci_release_dev+0x4d8/0x600 [ 512.817516][ T7654] ? __pfx_hci_release_dev+0x10/0x10 [ 512.822810][ T7654] ? rcu_is_watching+0x12/0xc0 [ 512.827579][ T7654] ? kfree+0x24f/0x4d0 [ 512.831659][ T7654] bt_host_release+0x6a/0xb0 [ 512.836258][ T7654] ? __pfx_bt_host_release+0x10/0x10 [ 512.841544][ T7654] device_release+0xa1/0x240 [ 512.846141][ T7654] kobject_put+0x1e7/0x5a0 [ 512.850586][ T7654] ? __pfx_vhci_release+0x10/0x10 [ 512.855648][ T7654] put_device+0x1f/0x30 [ 512.859819][ T7654] vhci_release+0x81/0xf0 [ 512.864160][ T7654] __fput+0x402/0xb70 [ 512.868153][ T7654] task_work_run+0x14d/0x240 [ 512.872767][ T7654] ? __pfx_task_work_run+0x10/0x10 [ 512.877901][ T7654] do_exit+0x86c/0x2bd0 [ 512.882086][ T7654] ? __pfx_do_exit+0x10/0x10 [ 512.886688][ T7654] ? do_raw_spin_lock+0x12c/0x2b0 [ 512.891725][ T7654] ? find_held_lock+0x2b/0x80 [ 512.896410][ T7654] do_group_exit+0xd3/0x2a0 [ 512.900933][ T7654] get_signal+0x2673/0x26d0 [ 512.905447][ T7654] ? hash_netiface6_del+0x1708/0x18d0 [ 512.910837][ T7654] ? __pfx_get_signal+0x10/0x10 [ 512.915690][ T7654] ? do_futex+0x122/0x350 [ 512.920028][ T7654] ? __pfx_do_futex+0x10/0x10 [ 512.924713][ T7654] arch_do_signal_or_restart+0x8f/0x790 [ 512.930275][ T7654] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 512.936452][ T7654] exit_to_user_mode_loop+0x84/0x110 [ 512.941754][ T7654] do_syscall_64+0x3f6/0x490 [ 512.946363][ T7654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.952257][ T7654] RIP: 0033:0x7fa926d8e929 [ 512.956671][ T7654] Code: Unable to access opcode bytes at 0x7fa926d8e8ff. [ 512.963684][ T7654] RSP: 002b:00007fa927b960e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 512.972114][ T7654] RAX: fffffffffffffe00 RBX: 00007fa926fb6168 RCX: 00007fa926d8e929 [ 512.980090][ T7654] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa926fb6168 [ 512.988060][ T7654] RBP: 00007fa926fb6160 R08: 0000000000000000 R09: 0000000000000000 [ 512.996053][ T7654] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa926fb616c [ 513.004025][ T7654] R13: 0000000000000000 R14: 00007ffea0918660 R15: 00007ffea0918748 [ 513.012013][ T7654] [ 513.015271][ T7654] Kernel Offset: disabled [ 513.019595][ T7654] Rebooting in 86400 seconds..