last executing test programs: 11.218949888s ago: executing program 1 (id=2584): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/tasks\x00', 0x63102, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/vrf/strict_mode\x00', 0x80202, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x110) fcntl$auto(r1, 0x400, 0x1) fcntl$auto(r1, 0xb, 0x0) sendfile$auto(r0, 0x3, 0x0, 0x100000000000009) 10.93858744s ago: executing program 1 (id=2585): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0xc) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f00000008c0)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) socket(0xf, 0x1, 0xfff) madvise$auto(0x192ad524, 0x1, 0x19) listxattrat$auto(0xffffffffffffffff, &(0x7f0000001c80)='./file0\x00', 0x1000, 0x0, 0x3) kill$auto(0x0, 0x21) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/enabled\x00', 0xb02, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) pread64$auto(r1, 0x0, 0x20000000001, 0x7fff) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_MACSEC_CMD_ADD_RXSA(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x2cb8}, 0x1, 0x0, 0x0, 0x40}, 0x2404c084) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x88) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x3fd, 0x8000) 9.364253466s ago: executing program 2 (id=2587): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = memfd_create$auto(0x0, 0x9) socket(0x1a, 0x6, 0x968c) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) sendmsg$auto_NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, 0x0, 0x51) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x9, 0x3, 0x16, 0x93f, 0x1ffe0, 0x3, 0x6, 0x2, 0x0, 0x5, 0xfff, 0xf, 0xb0, 0x1, 0x5, 0x7, 0x9, 0x7, 0x0, 0x0, 0x0, 0x200, 0xfffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, [0x6, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000, 0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3043, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x10000000000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x11, 0x8000000000000001]}, 0x1fe, 0x10081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa503}, 0x800}, 0x7, 0x4008) socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xffffffffffffffff, &(0x7f0000000040)='\xce*+#\x00', 0x80) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.7/usb8/bConfigurationValue\x00', 0x10b042, 0x0) sendfile$auto(r2, r2, 0x0, 0x2) socket(0x1d, 0x2, 0x6) mmap$auto(0x0, 0x40009, 0xde, 0x9b72, 0x7, 0x28000) capset$auto(0x0, 0x0) socket(0x6, 0x5, 0x88) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wg1\x00'}) bpf$auto(0x101, 0x0, 0x8) r3 = syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x10, 0x2, 0x2, 0x1000, 0x0, 0x0, 0x0, 0xfa98, 0x8, 0x7fffffffffffffff, 0x8000000004, 0x100000007fffefff, 0x5, 0x0, 0x7, 0x4, 0x5}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) sendmsg$auto_NL802154_CMD_SET_MAX_FRAME_RETRIES(r0, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="4000100000", @ANYRES16=r3], 0x240}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 8.385231572s ago: executing program 1 (id=2589): shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) mprotect$auto(0x0, 0x8000000000000001, 0x1) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000180), 0x200b00, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) io_uring_setup$auto(0x1, 0x0) close_range$auto(r0, 0xffffffffffffffff, 0xff) r1 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r1, 0xffffffffffdffe00, &(0x7f0000000140)=';') r2 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer1\x00', 0x0, 0x0) r3 = dup$auto(r2) ioctl$auto_ECCGETLAYOUT(r3, 0x81484d11, &(0x7f0000000340)={0x101, [0x5, 0x1, 0x80000000, 0x3, 0xa, 0x5, 0x1, 0x5, 0x8090, 0xe, 0x5, 0x7, 0x2, 0xf, 0x57, 0x8dbc, 0x8, 0x7, 0x3e, 0x72944006, 0x1, 0xfe54, 0x0, 0xfffff645, 0x9, 0x6, 0x9, 0x80, 0x80000000, 0x8dc, 0x4, 0x8, 0xfffff0bf, 0xa, 0x575e6e2c, 0x101, 0xff, 0x2, 0xffff0000, 0x3, 0x71c7, 0x1, 0x8, 0x90, 0xfffefffb, 0x7, 0x3, 0x5, 0x200, 0x100, 0x71d1, 0xffff, 0x9, 0x1ff, 0x8, 0x3, 0x2, 0x81, 0x2, 0x17, 0xe0b, 0x1, 0x0, 0x57a1], 0x6, [{0xff, 0x6e14}, {0x9, 0x8}, {0x4d1, 0xb9bc}, {0xe, 0x8}, {0x4, 0x24}, {0x1, 0x8}, {0x1, 0x1ff}, {0x8, 0x40}]}) mmap$auto(0x2, 0x8, 0xdf, 0x10, 0x2, 0x8001) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) unshare$auto(0x40000080) ioctl$auto(0x3, 0x4008ae48, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) mmap$auto(0x0, 0x7, 0x2, 0x40ebe, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x20100, 0x0) r5 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/dri/vgem/clients\x00', 0x60000, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r5, &(0x7f0000000100)=""/140, 0x8c) 6.911572205s ago: executing program 2 (id=2591): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0xc) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f00000008c0)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) socket(0xf, 0x1, 0xfff) madvise$auto(0x192ad524, 0x1, 0x19) listxattrat$auto(0xffffffffffffffff, &(0x7f0000001c80)='./file0\x00', 0x1000, 0x0, 0x3) kill$auto(0x0, 0x21) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/enabled\x00', 0xb02, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) pread64$auto(r1, 0x0, 0x20000000001, 0x7fff) write$auto(0x3, 0x0, 0x7fffffff) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_MACSEC_CMD_ADD_RXSA(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x2cb8}, 0x1, 0x0, 0x0, 0x40}, 0x2404c084) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x88) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x3fd, 0x8000) 6.643216815s ago: executing program 1 (id=2592): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x2000, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x0, 0x31) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen_full\x00', 0xc0200, 0x0) r1 = socket(0x1e, 0x6, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f00000002c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x8010) mmap$auto(0x0, 0x2020009, 0x8000000007, 0x11, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r3, 0x0, 0xfff) msync$auto(0x7f, 0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) clock_nanosleep$auto(0x8001, 0x9, &(0x7f0000000240)={0xf5f, 0x7f}, &(0x7f0000000040)={0x9, 0xfffffffffffffffe}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r4 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/default/drop_gratuitous_arp\x00', 0x141241, 0x0) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x8000000000000000, 0x3, 0x4, 0x5, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x3d, 0xe, 0x3, 0x101, 0x100000000000ff, 0x1000000002, 0x80080001]}, 0x0, 0x0) write$auto(r4, &(0x7f0000000000)='-\x00', 0x2fb) unshare$auto(0x10000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) 5.690385026s ago: executing program 0 (id=2595): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x3, 0x0, 0x8009) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) mmap$auto(0x3, 0x402000b, 0x2000006, 0xeb1, 0x401, 0xfff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/lru_gen_full\x00', 0x2085c2, 0x0) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0xe8) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) write$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffffff, &(0x7f0000000140)="d1807307", 0x4) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x90040, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, &(0x7f0000000140)) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x81, 0x0, 0x0, 0x0, 0x0) write$auto(r3, &(0x7f0000000240)='//ev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x0, 0x0) pread64$auto(r4, 0x0, 0x8, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0xc058) io_uring_setup$auto(0x1, 0x0) 4.631935302s ago: executing program 3 (id=2598): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0xfffffffffffffffd, 0x6003ef, 0x14) 4.231378967s ago: executing program 3 (id=2599): socket(0x2, 0x801, 0x106) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0) futex_wake$auto(0x0, 0x5, 0x4, 0xa) mmap$auto(0xfffffffffffffffb, 0x2, 0xdc, 0x1a, 0x2, 0x80000008000) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454d0, 0x3) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) fstatfs$auto(0x3, 0x0) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(r2, 0x7ab, 0x0) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/v4l-subdev5\x00', 0x20281, 0x0) ioctl$auto(r3, 0xc008561b, r1) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000016c0)=ANY=[@ANYRESHEX=r0, @ANYRES16=0x0, @ANYRES32, @ANYBLOB="160083002f6465762f736e642f6d69646943324430000000da0007802000bfce062815f545559fc8d84ace66131a61e94d4312d5526980b59522515bed2964108b25cf3c7d786f063913e41b6fc985884b34a0b9fe37c723f18c9005d89f151a60e94c9466f90ab85fc59a7b46f7e955fea3de2067bb953f32cfb7222c9a2a47c2e892f07f82d3b2f2d06ad035d1c588c2f5765db2f7f397c1a83373c1f9efa03f922ddf229f8d9d2f8814a5bb1a83c631d7b9d30e4a2b71df74bc3c5265453817124399f70ef893a5fd804a5167279d493db4a5777234fa8b2c17003e806a8d081ec0dff4809e8b2649b4f87b65717f7a000000ab00000053cf50a230226fbddca25c4c2bb35e87f5ff38e53103a03f04e8bbcae5a0851a17d0ed73968695ba48a1bdbebc3f14da08633393c70e2113369825f224298f622b3c141cdd062533521aae276b2caf11475591bc152779bffc7586cae4f4d5e35587a640339882b5e892accfb78bf2dc4e8a64871cc7e5abf0381f5fe6f3aee15318b1b33016a9e21757463a8c96e1ffb9406048dc7018089a9c071cf0364600c8dae7bf36214a0004000180fa03078008007f", @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYBLOB="b3e67044bcf124f4ae5a8c142f1c08cfef935f31d64642812b325f8ba228d1885adaebfcbdeacd9cc9d8850e8a0d2c35ea58bb923e317dc8a8b78d582ef877d9619377e0f3874f6e30d73c34cae5707277d95b7bc958720e7bc81aa45cd500bb54e63f58c202e0061eb947261c28edfbd4c8afc79a125f4fba082cff47c347a4aaaee6bd0596117fdd3af953214fb6601b225dd8164a6b7f65cc7b81b6b06c32962267ac8872fa95fd84035286dba99db2a1caa9fe2d3e39c7c6f9cf7bb4db41191cb29f1b3c83eb908883626a9b6aa830c2dff419e149fe8bae80c926ed21a951531996b88a714c12d350006d0054be64ec9d48d9467d96afddc688e231c40d5b2ef7361a745029bd418ff7b81c028c5ffb8234b39c972e2be416b8105f28541fe299e9efcadfe6ac9f9a6d93980fa556cebd4d64bb423da2821600df002f6465762f736e642f6d696469433244300000008b020780040005800400d8800939cb597170d79cc940c0b0d598baa4a5d46de9cbefcd6ec57276f6698682a7e2c98ef3f419daa529de65a29e0a254028686e33237b292724dc292d094dfe17500ee2a166de5899e820af64920f843b2ddef99f9607ea5b13df0a6772cee1e34a0e474e2e74ece94f7e888d21e58cca3a6d6a99a153af848cd8b5d78e4e37bac65e140fcb5ea6d8c092132ef0a41745488558a4b39db294fa306e3eeb14abf699ea41ad50f33181965f66ae2af82517cd57ff0c8742559440238a8ce1a407000000000000001b33439538d62755f41191aeb62160334dbdf8ed7b81a0a8255168b997c20c22c32c54aeafe12146", @ANYRESHEX=r3], 0x226c}, 0x1, 0x0, 0x0, 0xc4}, 0x1880) socket(0x2d, 0x2, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) capset$auto(0x0, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r5, 0x40045431, 0x0) write$auto_proc_mem_operations_base(r4, &(0x7f0000001680)="a7", 0x80000) 4.062447118s ago: executing program 1 (id=2600): openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x1a, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/pci0000:00/0000:00:01.3/local_cpus\x00', 0x402000, 0x0) socket(0x2c, 0x3, 0x0) sysfs$auto(0x2, 0x10000000000048, 0x0) r2 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) ioctl$auto(0x3, 0x4188aec6, r2) 3.792029837s ago: executing program 2 (id=2601): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0xf4, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0xdf, 0x4, "090d5f8273d7c42efddda42500c5fd71918b2323af4e470682a14e53c0c47ba78649d9a0a4f082f27d5c05310000a4b2823bb2c99a6850d4d768e3b172ff71dbb3a0ab367b9bf1b6e53d31ee95cc36f630dfdbc937385b81fb94a4e585d751bc73f1421030f449de9bea73cb83f2312f4d49705ab681cd16211c3b5cbd289187242df362d28ec1d0b424795047919e902d3a13d9243f715866f09bf5ec42b451560806fb14efa373c86cce7cc382a6ef0133e40eb33a1020ca6a1eb6f2f848444f7bb0b0972fd1bec9580448aac056b7fa13cc2adc3b1da3ea3028"}]}, 0xf4}, 0x1, 0x0, 0x0, 0x40000}, 0x800) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0xf4, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0xdf, 0x4, "090d5f8273d7c42efddda42500c5fd71918b2323af4e470682a14e53c0c47ba78649d9a0a4f082f27d5c05310000a4b2823bb2c99a6850d4d768e3b172ff71dbb3a0ab367b9bf1b6e53d31ee95cc36f630dfdbc937385b81fb94a4e585d751bc73f1421030f449de9bea73cb83f2312f4d49705ab681cd16211c3b5cbd289187242df362d28ec1d0b424795047919e902d3a13d9243f715866f09bf5ec42b451560806fb14efa373c86cce7cc382a6ef0133e40eb33a1020ca6a1eb6f2f848444f7bb0b0972fd1bec9580448aac056b7fa13cc2adc3b1da3ea3028"}]}, 0xf4}, 0x1, 0x0, 0x0, 0x40000}, 0x800) (async) 3.769313252s ago: executing program 0 (id=2602): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, 0x0, 0x800) sendmsg$auto_HSR_C_GET_NODE_STATUS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x20040084}, 0x40090) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x3f3, 0x9}, 0x7}, 0x3, 0x0) 3.533329994s ago: executing program 2 (id=2603): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0xa, 0x2, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r1, &(0x7f00000030c0)={0x0, 0x0, &(0x7f0000003080)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYBLOB="045626"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r1) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r1) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000002cc0)={0x0, 0xff9e, &(0x7f0000002c80)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fcdbdf250a0000ff15000000140001"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/system/node/node0/numastat\x00', 0xa000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000300)=""/33, 0x21) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) mmap$auto(0x7, 0x1000, 0xffb, 0x8000000008011, r0, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) fcntl$auto(r4, 0x402, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000140), 0x1000) 3.138386982s ago: executing program 0 (id=2604): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001000)={'veth0_vlan\x00', 0x0}) sendto$auto(0xffffffffffffffff, &(0x7f0000000000)="fc2349b84821ad59ad71b321a25ccc506cf3f0e70ed4f612b2635f7031ac0df61984b57442ddc00386473d3727038fad288c8e02cc891e2c5048c9dc1843623cdd475abb9f9a3222a54f1377e7159a424f956ad413a9a98b61b512033544632f56a576721ebac588e243b34e1f909cc97d73985bbb1d58d24581c482d5f9f71de1c933928d4c1eb4650e4567efe129f473e31be8e0fc88cf507529f904b4b21d5b9840280d57760878ebbb3fdb7d3205e7944467484ba1a1ac69b10c87afe4c332c16985cff958417c181ace1d0432d8927dc2b0d6a30a8f7dce71b098335d4b9e3665e6f277519d235ff0b8b138338c5fb93496963135e1b434f04e9c184524dbd4b6cb02a05fe1b7577a7410b2745434ba3882d38200dc2feb6bf57caba94026a7aadf1bcb64904ffb5065eaee8c53cbcc1acf194d4516abb21bad82dbb3d19b24b650ce68017bf1f46c664af04936730bec0498d529a2e33a4220a9123843f05b272c5ea0892810ea6fa033bd7d5f4da5f6f76679685109ebdce80f397b48397b6bffbff9a71d4606f2dfe247a5652cd911a6ba7cf6f765bea9b9676a5c6512d93d33ddbd5128f5f248d5cc8939a890e58885639ab236e0611ee23f48f8c171207ec969a688341f21b600711dcf8a0920a08edb4bb43a21589ff0e37139b81b761fdf4bd5de4a962e722c1a2fb34393a3ab37b673f5bd539fe2d1f1f02c8e93d6b50a3f5d6f109362b6581c0be5c23ecc054e7bb5847755d14d6edff1ddbcafff8ae077a2203d04554888492ec12a3f30527d3937eed9b88cb17200c009c79d1210028a9b50e41a4836a736df87a65ef1aa419ef78ecff0c18937c63e4c465abcc33526462fd714965ce57d7662a437e142360055b33b8c6f5ba14d41b496e4021a38d4277dee99462303eb9ee7a4d4c77d3788de26f8650fe30b22458382ac8795b040ec9e9b46793591ce02acacfa7cad50dc8749b3dd07f57e1a2fb9904e0658a73f2823947993b03d73dc1276340a7c39e7c278cdb5e3a38cf9683ab0533cb22ddbfaff1a4866c08fd10c66ac9b375f00dbd4a42ebfbf2876e0cd4d0edcd4cbb98f2c7c6ea90fdfbd4f23f61423d73dfd56e1fe1c79456f3d0800ce1783a752d448d3f7019070a06a7311c96f3a71b0618481319e0b7506e1bba6795f60a41644f48bd51139a94463ab344d6880d1a9a633c07d05190a97d3c07c03627b15bdade1fdd845266a3599ea3a928100923e96b827225ec27f8cd89126b7894ce1c05e0165e50237dcd44690da947f63fed233851a3d29a0b5f3a5de9f6f82c98a184ca08a5917ecd2762dfb6c7cf68d998c2d856a8f82d6899adfa306459c0721a90cf165af599e4da8293b988e063544fdbe20a77a2c80557bbf77ef254bf1a00a3b338ee0bfd4a8c386d39ecd678a65e26daad2f165d8f11f28fa2e717886d86a3dbd2dfc9a210895f4001a75ddf365592e5341625cd0c7f21f0648e56735a1a1a7a4de151d3e2f45e05ad78bd73723362d1ffd0e185a2f6083dcacc9e5e65951fb3763ccc8cc7ea120106eea0d020cdccdb8e94929b11b7b3654d7c3e03e35dce904a3d01067cf63b3dea53f412f8063396366752e1773d8148ac7f641818b73b639d96527b30b08d5065251f6b99e5efa96ef3f9e8fe94ed50799a1319273005dcfd6ff5771d75c2a846546ce7473ccb6432e5949d9750a3c6c48b2d7b351cfb373b441a419326e175505aa7d7e4957aa62a4a13cc8faeef56af02e7209507dd2e59e961473a358675e5e94f9136fd7931a598745cfb7b3e6cb57217aee1f152359496d37de0d82ee2aa6da6bf5342946c406e0daa11786b024b9aac3e44b0c995777d5dbf0800566fc18be1972b1db886a1dabcb01e1bc3f499588df14ea5112271f17567f1bbf328f4359651c45592dd0db928b88f5f482ed5e7dc7e1cec56bf93457f23891d9cb594aece6b87c3332ca02bf4955d70c6cb4acbdc2e98154ac0c5a68059eb7de4c26543730b331ecf8386b77719cbaecc37c80b2b29bd0e352856b007948d34cf90a540122033b1a341d4cdb186209aa1da787c8c1e33221adb41c7480b40e0ff476fec9b36af2e887da96130423a50bff3e0d8ff75e3ea8590f47a6d8189d407ed0fe6f9271dc8303ed23c737c967483706cee15d842bbc781d7471731845e5ae52484eaf137b4c9b8de9cc44c078ec26f47043e18d9e411aab74607f274a41c248b2c0e007e20a2d41d1a355316c3f7c562164b0b97ced0e174add8074c4688fde17fd1244f757fce41984ef489f43b96000bbe03d8782175acc76b3941deaf59c623c712c3bfc19ac5c9127b92bb0df133eb222885a24d710e020fd799bb767433f84f4e520af74a91a73c235ff3bbaf9ef3a1d8a042d235b043344ef3edafd32678eb5be779e9c3cce94b294c30aa0d1cd353f57e0241ed7ed5d43e7c5bc88c2e6c8f741476b84142a4b8cf48d239abb6d404a3edea921613fbec70f2b7b12528f034896bd383e484ee635c16772471771300105723a53d9ec7b390e2691cd9d4c9c55d050e200a677be4ae9228251f6051f0100e22ec050cf8de5772f8f422b9fedc22be548a3bf4cb029791640abb27725ca3085b5f0cbd7e617f98ad39ddaea1b7720910f07679e90ac3727aa34e7ff91ec315a1ab145525062fdcb8d6e603b6cb11467cd461d3ba717cb1ace0eae462620bd38d55390823881a8be92adf8d25824d363e28ef5bcab21df35da01fdcc1e99df3732d793c071f2ddf432cafe52545662e331fdffed90bb39e3c0c85bb02e708383e398d194c0cd436e8e63eabeb4eebc8b12ee219737b21af43270357fa8b17896f377df7c30e944d2d949eef29ef47c2bd6e18cd8b05a81fbeff89204419f19790fbda949c72e090e607d9c1893333d20a657a0b404dd42b8433954650d7f87f2fe961d1bf87259f816f850c0b889f4e86a095763d3b18b822fcd4fba964c00d33e57eb6525c9c6b99410aa220997a6b488a213930faf7e41c1d96bbb479fa3dc0a2d7cd912a8f21dd6fd7c35aea5677ef5a89b119710dae9f182dea31cfa4f568278bb7dbace620ddd16c16e272d03c766162534d869ede73ae8ce5c8312a1c071f9d9d23c1fe648c5b818fade6290373317f017b0ba9121ae93cbb93392dee5fa8cca76a124d924d85d2b97215aab7f9c8ff462bc79f8f44ea2a29de03c48e06323ce4195b04ed25b75b0ba748ed1280a9d92533f65e97f8dd239281028f8a94f32e6bf1d9f985bf8225f20baff17b7164c8c3dfb5cf213ae324ad158eb13613f7d45fdf8eca3ff41061f1d5d4fc6f27613c168a8ecff7c93d266900bf7679e09cb49152ae3dc0694815d53032c09391186a6d19be6303901ac81db240f09e007618e8fcd1ed6100e5f26071118f085ddb0a43a23fbcb746ecd039c37af88953f467828f70e406a2c1d22cc6548df98f941c56ca634e4a2b8908ee73957b3b8b832ee0b4bd1f4c18515d3e9d4a3a4b0c8d998697f7447917cacb8aae710bcabe8796a4079ad861e8f0ece386b47f9ab2c18c8718e6d3fa73287a351b8de9380d32c122de464388ba14774fac2b49f2b6f58df7a6375e528d35941ce5353c604ff9d5d04451c5a1b4a8b258e7f730c2aa74f20767a5683592454d38e903d83fa4fe7e04c0a3fcb807799f1febf1576265061157cb012e0d5707786c8ced6e5b96a568ff152ecbfd9c682c4048487233e7f96a4f970abdeccff27869ef21da619f7bbd06e00a5f490b69dc4150f6130af38a816936c10d6194963c43487980aef1cfacc9dad7cf4e16cbf8dbc252b98f29f96a94cd982906f387bd8b818661b1ef0e4a7ea356dee79b263b3977edf0b3b5accc5fdbbc913b59af0d01a897880aedd45b2aa1271911d8ef9e167504e8fb254848b0151549778a16eb2eb32ba9e7c24e7968240f07a1dbef3f6ca7fbba6f997f961eb97d24b737370a3f70c63751125482b1c9a49bdabe1ec542031e38af91cefb50ebfd73e08af154558205d5807b771c5c29a537a5cb650ebf4e83cbd208a44499cc6033419221936d13b08f5d9491fa3aa2dfee53c4b2031fa56a0fef057fda9ce573b6c4dabffabd52c7d3172706655c1990907d7ef5e47409e0ad4bd6583f9cccaf2b9a3c3006f1d0023c36f2d7ea60e7f1010181f688022834d8b8102de627489adf987b4d24f99b38dc9a2bee8abd42fb68925f095cedce521a02da596b643d165a6ef25343fd8a787c0139de95b931b91da2214c0f8e2337afe5d5f827fd6a6dde500eb92951916d8e4cef8ccac820f91bfc396c33b1833125397bde9533db7259233ae4cdb2f2232735e2c8504acbc8b93d088465a789ab0133debbdb2aa90e2db395799973b31ee8f7372862f2fbb46f6ce167d4db0a01a09841f7fe3532fdafbade45aa2a4d37cbd904d9d712e00fe8ed6609713f985da336432299a061f1227b9958def844e1da4fd8eb402efebb257b6d9d18d2a4839a8d8c290dcd0181d622c2bc2ecd87e220524a446d0040b9673313cb4ff2f32774914d142fb572160e5808fa5304ff86907f6d892cfb5614986bf0979d7d421d7cc493862e21b7f0e83884c7734c1f98c3a97e87504b7e8c5f65d8dea494e3ad737f9bbb37cc8a4f2aa2385d9f57f7b3d6a1b572b1f2d539abf52bf794ebb44aeca8364a2188605a000f73e6f7c537e4f30437c64d488aaa59e449761e4590f2d6ece2af183bf76d0412dc15961e4f01a5ef1839e67c41b22006a333900e789c0a0e4f7fd88818452be973cc968806b3e962d6bb6022343aaf7b9a1da25215f7a765489ae8808004c720246048e205cfaec58ad5d463450ddbe08a5eaad2068d916c1ec43c2c1c629ba06cc1f29ae88a0405f4987527724937a197c17b7d5153b428f68eee3960740af954a73863a372851933374ed2856069c30a0c0a087eff65a5ef4816027f0cd9732beb44e0452524a3caf8d237c2486e573e793b7d2ccce49a01be141cfaaa269b95efc084a72fe47647862c2fcd8b40bca8c06fb79cd06bf6df9b9a0a9da4c2273250f1201490e50886c1076483d8ec5f18d0d4b62751e7cd6d933a7a5ed5194c378d63a8be1d0410bb886859e5150f256eeba3b945eef78bd7402750ea20022ebfcc85217bf6e8e99b0a48098124315555a77e19c92bed65417bff3b948d5dda5057c0a4754d3d8a2da8e5b4493931dfa49a17d29d17038d8165f07d6172b1715a23d25de0ef74d89481c727e08bcf7d1841ad0cac992255fdf2dda82511f405e731ebb8a52d2cb8f2cda1ce4959616102c5e6c0b156b8d83bdcd7b0d3b7dbf32bd9044eea594f3e813f6714bd9488471034cdf963dfa2a0ccd8c5e3b9987b31135d36c35f4d1f2eee6ebe54d651dd3a56e5d2b3ac1bb1218a673b9e35cbd349a70bd55f4e2d4fd97ffc86f02f3600b2cedfce333d9155888eb4e2cf556c1171168c1cf45eeafb6654bdeea906be3ae22aec225746318c9fdbf354e2991fb74782fe43ab6d2c90acfe99430c8a96252e2644a8397c68af2f33bc92b8539123b54c4d7cb5febc30152b8ec489e5ee61a7507ead51975c2a203945d4ed215d5c1df54ab856e443062bb767e2423f917954a4fa325af9eafdb4587d19df6d1c754349bed9a3c0960c09116e1501e2c49d9e13998401b04c927553db4e31d3007995d15bb7fc80602c33ae00302cbeaf986651c6bb0adc8bc55e02bd6b83775944f50902dfb68377d5a7493200482ce14a02f29eca9827137605bdcc981ed8d15b31e19f498636312", 0x9c80, 0x6, &(0x7f0000001040)=@xdp={0x2c, 0x3, r0, 0x9}, 0x0) r2 = bpf$auto_BPF_MAP_CREATE(0x0, &(0x7f0000001080)=@link_update={0xffffffffffffffff, @new_prog_fd=0xffffffffffffffff, 0x2, @old_prog_fd=0xffffffffffffffff}, 0x7f) fsconfig$auto_FSCONFIG_SET_FLAG(r5, 0x0, &(0x7f0000001140)='veth0_vlan\x00', &(0x7f0000001180)="d678f1764ccca617125e03b1126814fe04c8611039407e6899db85609135f0f3aa924b4175b7e9b6cd5a891afc9f22082bb09a8f3fe45dbceed6beeb8cc6231c029112a2bae41d2d498ce90869af3ae61cafac7c892dfbdfb4d750099a99f40aeedf5e43e094eedd6b02e498f976b14e02e2fe93e450393fdada9ae8da19f7010f29a2414abfa415459efc9e54c0f46d66d36a61f7c4fb5cdd39a16ea256a20f73134de577fb553dc68d35f9ae1783a426df7c8600aecef0960d1308a1d78ca82bac65a0ffead9de2547e8", 0x9) r6 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000012c0), r5) sendmsg$auto_IPVS_CMD_GET_INFO(r4, &(0x7f00000015c0)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001580)={&(0x7f0000001300)={0x25c, r6, 0xad1d32da840fed4e, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x22d, 0x1, 0x0, 0x1, [@nested={0xb4, 0x1e, 0x0, 0x1, [@nested={0x4, 0x4c}, @generic="2fa768292c106d8a315628f035cde4b970f1fd199e15585571b6d8cfb2b48c8fd7438d9b97815a94d44612ad678bd76beeb3352876fe66db963a816f0f208456158ea3c2753be18677dc75f0fc316dc398a8f8800e7ff6c9345c565690e0005f326a0f4b722e568d840129809bfa5158be0bd3308d4b5fccc7f0e96f805acd6f9a95258748a201c0059d0024bbedf31af28dcf9f7cf1acac8d007cc47c9204421817de1e1c013b9bfb4f07b0"]}, @nested={0xb2, 0xc0, 0x0, 0x1, [@generic="2fbf511da0c1215df7a48cc3122a09bc8b25c33f9af81978795f77567c94c7c0cd6204013e1a67286525930003ae54e1a3cb51b850284e86d3e79247021a0b7c10ac4395bc585cbcfdeadafe750c2f483307b60c768124a55d2bb68d1ecc6a6140061572670424d1b6ab340e610829834cf4130ec0fe212a61970086f2dc03a4e36b1561a9f8c801feeef0dd2762e098816d2436687da2a1c63e9df1bfb85add89d8b7cd55ce", @nested={0x4, 0xb0}, @nested={0x4, 0x80}]}, @nested={0x97, 0xdd, 0x0, 0x1, [@generic="ac0e16b80d44d5d849d00ca4f84e7d493298e0d9933dfdb58b81d98e5b4ff08d22ef59307e779d3c8fc82d21ff00cf804c88468b6cc55feb2fcc8de03cb08962d6f2ddeccdbcef7260b68fc3cb0fedbbd6256599c5c632e1f09a28ec8dad5ccd77e904875b98feaf569e0b4e45a11900b17d4477b0de5a5927b5f7b1804d3347edf3e9a25794cd", @generic, @nested={0x4, 0x5c}, @typed={0x8, 0x95, 0x0, 0x0, @pid=0xffffffffffffffff}]}, @typed={0x8, 0xb2, 0x0, 0x0, @u32=0x7}, @typed={0x14, 0x67, 0x0, 0x0, @ipv6=@mcast1}, @generic="eedb63e7f9c163c6874d44df38"]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x41}]}, 0x25c}, 0x1, 0x0, 0x0, 0x20000499}, 0x0) r7 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000001640), r2) sendmsg$auto_NFC_CMD_SE_IO(r2, &(0x7f0000001740)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001700)={&(0x7f0000001680)={0x4c, r7, 0x4, 0x70bd29, 0x25dfdbfb, {}, [@NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x3}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x7}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x7}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x5}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x4}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x2}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x20000000) r8 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) select$auto(0x7fffffff, &(0x7f0000001780)={[0x1, 0x2, 0x9, 0x9, 0xffffffff, 0x540f, 0x1, 0x2, 0x6, 0x5, 0x0, 0xfffffffffffffffe, 0x1, 0xc29e, 0x5, 0xe]}, &(0x7f0000001800)={[0x0, 0x401, 0x7e8b, 0xfffffffffffff46d, 0x52db, 0x0, 0x3, 0x7, 0x87a3, 0xfffffffffffff801, 0x80000000, 0x9, 0x9, 0x4, 0x2, 0x4]}, &(0x7f0000001880)={[0x6, 0x9, 0x6, 0x5, 0x5, 0x7, 0x8, 0x68, 0xd5d, 0x8, 0xb6, 0x1, 0x2a6, 0x8f7, 0xe2f, 0x3c]}, &(0x7f0000001900)={0x3, 0x5}) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001980), 0xffffffffffffffff) ioctl$auto_BLKTRACESETUP(r8, 0xc0481273, &(0x7f00000019c0)={"f731a58fd424d1605a022d73e20e7061f8b59288a1c7e3789701318922b37666", 0x7, 0x8, 0x9, 0x2, 0xa, 0xffffffffffffffff}) r12 = openat$auto_ima_htable_violations_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000001a40), 0x200, 0x0) sendmsg$auto_TIPC_NL_KEY_SET(r9, &(0x7f0000001d00)={&(0x7f0000001940)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001cc0)={&(0x7f0000001a80)={0x22c, r10, 0x2, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x218, 0x3, 0x0, 0x1, [@typed={0x8, 0x143, 0x0, 0x0, @pid=r11}, @nested={0x20b, 0xb, 0x0, 0x1, [@typed={0x4, 0xc9}, @nested={0x4, 0xa4}, @generic="f700", @typed={0x8, 0xc7, 0x0, 0x0, @fd=r12}, @generic="9469b8ae1bcc67314350d0e2a398ecd5abd5ccdf9dc3b830241d18160d4792290ab7158fca42b8b96b84544b170e2dfc4681e526392ebc687f7e45236d4e79becee5cd92976d852e24b8d6b3d99a9b22362ead497bff1fa0b5cdb6ce7a419063cb2cbb0776704c21671ad2bd7fcecda836d906454495356e525e5f50964be7356afbd89c4a5dbc3f55c10208d3eb718e51f8dbf95ed95d5ee215fe", @generic="11e3e699a1417ba09156f35ed8cf6b466b5cb08bfb5965bf5ef9e0fa6573e82fd076b5", @generic="c8aa3784531484cf38c8334f726e10da08fcf91cb7232b57d24d80a6c318317a860b21272939b678937dc139babffc29872afa43c3df63d67ca59484973ade31f4b0b0affaaf7f1fd389b3c54f3016267730790c6fdd8701065ffc5b689c713784e9fd34c68670773a6ba27f5a99f2ab89e4ecc1541a18cc83579e5384a97f66a3c9445cbe240a3ca3af24bfe26bbb42232202ca6faed7481c6162f86eda9b9258a3d8617d706370dcd3a27a54191a383bc41d701cd9f2d87301c9081b2358f8ab277ccbb4440622b4c95ed121aa056667b9d0e4feef01626999d762d402e83c66e901", @nested={0x4, 0xbe}, @generic="9a6e23b260abe40e38936db13f4cdd1c5944afd960db4a594657c05d864c13e068e48ea4b3a97d52c6696ec323973f71350a2a6dffc5948d4f87df08478afba911883dab4addaf1d8b007c9e6ba8130d"]}]}]}, 0x22c}, 0x1, 0x0, 0x0, 0x4}, 0x400d1) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$auto_thermal(&(0x7f0000001d80), r9) msgctl$auto(0x80, 0x3, &(0x7f0000001e40)={{0x1, 0xee00, 0xee01, 0x4, 0x6, 0x40, 0x800}, &(0x7f0000001dc0)=0xac, &(0x7f0000001e00)=0xb, 0xec8, 0xfffffffffffff558, 0xdb, 0x2, 0x4c60000, 0x8, 0x9, 0x1ff, @raw=0x2, @raw=0xf66}) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(r13, &(0x7f0000002080)={&(0x7f0000001d40)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000002040)={&(0x7f0000001ec0)={0x160, r14, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@THERMAL_GENL_ATTR_TZ_TRIP_TEMP={0x8}, @THERMAL_GENL_ATTR_TZ_NAME={0xb, 0xa, 'TIPCv2\x00'}, @THERMAL_GENL_ATTR_CPU_CAPABILITY_PERFORMANCE={0x8, 0x16, 0x3}, @THERMAL_GENL_ATTR_THRESHOLD={0x120, 0x18, 0x0, 0x1, [@nested={0x6d, 0x31, 0x0, 0x1, [@generic="a9e47af47e88f4702509e6a1fe1089004a92266790fc49f96873712d882db7ef3d9cd3ece7f59dd4a2dafd04bc0d91814b643c8689b6830f7180a1e1adb208498599c1e6908acc336963dd053ba38a459121b18fb30138bf2be1a42d8d2a585ee85e3d2523e365b5b2"]}, @nested={0x6e, 0x7e, 0x0, 0x1, [@nested={0x4, 0xd2}, @generic="a2de300923ac1b63f65c2d2a670278cdf314a156acd7dc019f9758093577dca70e285563b39fb84f9fd6bb47fd6e812e2084bb9cc53b4b8fa90dcd92b66fd5ca3e93bc5bd3fa14125033", @nested={0x4, 0x76}, @nested={0x4, 0xc6}, @nested={0x4, 0x7}, @typed={0x9, 0x119, 0x0, 0x0, @str='IPVS\x00'}, @nested={0x4, 0x104}]}, @typed={0x8, 0x3b, 0x0, 0x0, @uid=0xee00}, @typed={0x9, 0xa3, 0x0, 0x0, @str='IPVS\x00'}, @typed={0x5, 0x37, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0x89, 0x0, 0x0, @fd=r8}, @nested={0x18, 0xd9, 0x0, 0x1, [@typed={0x8, 0x6d, 0x0, 0x0, @uid=r15}, @typed={0x4, 0xe8}, @nested={0x4, 0xd3}, @nested={0x4, 0xfa}]}]}, @THERMAL_GENL_ATTR_TZ_NAME={0x7, 0xa, '\\!-'}, @THERMAL_GENL_ATTR_THRESHOLD_DIRECTION={0x8, 0x1a, 0x800}]}, 0x160}, 0x1, 0x0, 0x0, 0x20000800}, 0x44000) ioctl$auto_MEMGETREGIONCOUNT(r5, 0x80044d07, &(0x7f00000020c0)=0x6) r16 = openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000002100), 0x40800, 0x0) bpf$auto_BPF_MAP_GET_NEXT_KEY(0x4, &(0x7f0000002140)=@bpf_attr_11={0x3, 0x7f, 0x4, 0x80000000, 0x7, 0x400, 0xfffffffc, r16}, 0x6) r18 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000002240), r5) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000002280)={'veth1\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_DELETE(r4, &(0x7f0000002340)={&(0x7f0000002200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000002300)={&(0x7f00000022c0)={0x24, r18, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [@NET_SHAPER_A_IFINDEX={0x8, 0x8, r1}, @NET_SHAPER_A_IFINDEX={0x8, 0x8, r19}]}, 0x24}, 0x1, 0x0, 0x0, 0x4800}, 0x40000) bpf$auto_BPF_PROG_BIND_MAP(0x23, &(0x7f0000002380)=@bpf_attr_11={0x6, 0xffffffffffffffff, 0x4, 0xefba, 0x8, 0x401, 0x9, r16}, 0x4) ioctl$auto_FIBMAP(0xffffffffffffffff, 0x1, 0x5) ioctl$auto_PPPIOCSMRU(r17, 0x40047452, &(0x7f0000002440)=0x13a5) getsockopt$auto_SO_TIMESTAMPING_NEW(r4, 0x6, 0x41, &(0x7f0000002480)='#{\x00', &(0x7f00000024c0)=0x7) mmap$auto(0x9, 0x8001, 0x5, 0xd4b4, r2, 0x100) 2.850380567s ago: executing program 0 (id=2605): socketpair$auto(0x80000000, 0x0, 0x5, 0xfffffffffffffffe) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xffff, 0x3, 0x3) r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/numa_maps\x00', 0x40080, 0x0) lseek$auto(r0, 0x7ff, 0x1) r1 = openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ubifs/chk_general\x00', 0x24581, 0x0) read$auto_dfs_global_fops_debug(r1, 0x0, 0x0) ioctl$auto_RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f00000000c0)={0x9, 0x9, 0x8, 0x4b, 0xb828, 0xffffffff, 0x7, 0x4, 0x400}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0x8, 0xeb1, 0x7f, 0x8000) rseq$auto(0x0, 0xfffffff5, 0x0, 0x5) sysfs$auto(0x2, 0x10000000000002a, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x48041, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_STALL(r2, 0x550c, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x8000800) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r3 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001580)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x204, 0x1a00) read$auto_show_traces_fops_trace(0xffffffffffffffff, &(0x7f0000000640)=""/188, 0xbc) read$auto(r3, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket(0x27, 0x3, 0xfffffffe) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x18080, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x60040, 0x0) 2.214397598s ago: executing program 3 (id=2606): openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x800, 0x0) removexattr$auto(&(0x7f00000003c0)='./cgroup\x00', &(0x7f0000000400)='/djv/mtdb\x81ock<\x00') ioctl$auto(0x3, 0x80000541b, 0x38) 1.946395578s ago: executing program 3 (id=2607): r0 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x2, 0x80002, 0x73) getsockopt$auto_SO_RCVTIMEO_OLD(r3, 0x1, 0x14, &(0x7f0000000000)='\x00', &(0x7f0000000100)=0x68) r4 = socket(0x10, 0x2, 0x0) ioctl$auto(r2, 0x4, r4) sendmsg$auto_NL80211_CMD_GET_REG(r4, 0x0, 0x40000) statmount$auto(0x0, 0x0, 0x65, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYBLOB="200025bd7000fedbdf251f0000000800100101010000080035000000000008000900040000000800a00002000000"], 0x34}, 0x1, 0x0, 0x0, 0x40124}, 0x40080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r5, 0x0, 0x9) r6 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x542, 0x0) r7 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010025bd7000fbdbdf0002"], 0x1c}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'veth0_virt_wifi\x00', 0x0}) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r4, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="00012bbd7000ffdbdf250a00000008000300c4de000008000200", @ANYRES32=r1, @ANYBLOB="0800030ed7f6671939c50aa6", @ANYRES32=r8, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x8004}, 0x810) write$auto_dynamic_events_ops_trace_dynevent(r6, &(0x7f0000000140)="65507307ff6587a725ca87720ef9769f20592e77", 0x14) 1.76093994s ago: executing program 2 (id=2608): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x1, 0x20009, 0x8, 0xeb1, 0x7f, 0x8000) rseq$auto(0x0, 0xfffffff5, 0x0, 0x5) sysfs$auto(0x2, 0x10000000000002a, 0x0) (async) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) (async, rerun: 32) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async, rerun: 32) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) (async) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x8000800) (async, rerun: 64) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) (async, rerun: 64) r0 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001580)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x204, 0x1a00) read$auto(r0, 0x0, 0x0) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) (async, rerun: 32) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (rerun: 32) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) (async) socket(0x2, 0x1, 0x0) socket(0x2, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x10, 0x2, 0x0) (async, rerun: 64) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) (async, rerun: 64) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) 1.729447905s ago: executing program 0 (id=2609): syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, 0x0, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x180, 0x0) epoll_create$auto(0x3e) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) io_uring_setup$auto(0xd364, &(0x7f0000000000)={0x400, 0x10002, 0x7f, 0x7, 0x6, 0x5, r0, [], {0x2, 0x4, 0x6, 0x2, 0x40, 0x4, 0x7, 0x7, 0x80000000}, {0x7, 0x1ff, 0x80000001, 0x8, 0x6b, 0x9, 0x0, 0xfffffffa, 0xb1}}) io_uring_enter$auto(0x3, 0x5, 0xffffffff, 0x3, 0x0, 0x2) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xd4, 0x1, 0x40006, 0x0, 0xffffffffffffff7f, 0x368e, 0x2, {0xffffffff, 0x20000000010000}, 0x5, 0x6, 0xfffffffffffffffd, 0x3, 0x0, 0x9, 0x81, 0x8, 0xa747, 0xdead, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$auto_XFS_IOC_ALLOCSP(0xffffffffffffffff, 0x4030580a, &(0x7f0000000440)={0xfff, 0x1, 0x1, 0x2, 0x7, 0xffffffffffffffff}) inotify_init1$auto(0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) sendmmsg$auto(r2, &(0x7f0000000000)={{0x0, 0x6, 0x0, 0x106, 0x0, 0x1, 0x3}, 0x57177fc5}, 0x9, 0x0) r3 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r3, @new_prog_fd=0x4, 0x4, @old_map_fd=r2}, 0xa3) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/net/rxrpc/calls\x00', 0x40380, 0x0) socket(0x1d, 0x2, 0x7) pread64$auto(r4, 0x0, 0x10001, 0xffffffffffff0000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/phonet\x00', 0x42000, 0x0) bpf$auto(0xe, &(0x7f00000001c0)=@query={@target_ifindex, 0xff, 0x1b18, 0x6, 0xdef0, @count=0x3, 0x0, 0x1, 0xffffffff80000001, 0xffffffff, 0xffffffffffffffff}, 0x9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) 1.570650562s ago: executing program 3 (id=2610): socket$nl_generic(0x10, 0x3, 0x10) socket(0x22, 0x2, 0x24) socket(0x22, 0x2, 0x4) close_range$auto(0x0, 0xfffffffffffff000, 0x0) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/conf/batadv0/disable_policy\x00', 0xa2202, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x8) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x840, 0xc) socket(0x1d, 0x2, 0x6) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x900, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x7, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) socket(0x10, 0x2, 0x0) io_uring_setup$auto(0x4, 0x0) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x60c40, 0x0) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0x7, 0x4, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NBD_CMD_CONNECT(r1, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000002800)={0x1c, 0x0, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0xfffffffb}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x8080) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x5408, 0x0) 575.5006ms ago: executing program 0 (id=2611): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) socket(0x1d, 0x2, 0x6) r0 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1, 0xfd}, 0x6a) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0x206c}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000006700), 0x181c00, 0x0) ioctl$auto_RNDADDTOENTCNT2(r2, 0x40045201, 0x0) setrlimit$auto(0x7, &(0x7f0000001380)={0x5, 0x6}) close_range$auto(0x2, 0xa, 0x0) r3 = socket(0xa, 0x2, 0x88) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ptyv0/power/runtime_suspended_time\x00', 0x224980, 0x0) socket(0x10, 0x2, 0xa) io_uring_setup$auto(0x2, 0x0) setsockopt$auto(0x5, 0x104000000000010e, 0x2, 0x0, 0x16) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r4, r5, 0x4, 0x1ff, r3, @relative_fd, 0xe600}, 0xf) r6 = socket(0x1d, 0x3, 0x5) getsockopt$auto(r6, 0x67, 0x805, 0x0, 0x0) r7 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r7, &(0x7f0000000440)="671d2647dd69b6440843b6e6688a2b5ad9df2669e6f9cd23", 0x18) 478.982607ms ago: executing program 1 (id=2612): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2b, 0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x30, 0x0, 0x7fff0060) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40002, 0x300) unshare$auto(0x20000080) io_uring_setup$auto(0x58, &(0x7f0000000080)={0x7fffffff, 0x2000d, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x23d8, 0x6, 0xf, 0x4000029f, 0x10000, 0x7f, 0x80000, 0x6, 0x2}, {0x203, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x7, 0x100000000}}) mmap$auto(0x0, 0x20009, 0x2, 0xeb1, 0x401, 0x8004) getrandom$auto(0x0, 0x6000000, 0x3) madvise$auto(0x0, 0xf663, 0x15) mmap$auto(0x0, 0x8, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/ad_num_ports\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) timerfd_create$auto(0x9, 0x0) semctl$auto(0x1ff, 0x2, 0x13, 0x4) mmap$auto(0x98, 0x20006, 0x4000000000df, 0xeb1, r0, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="0e000000", @ANYRES16=0x0, @ANYBLOB="000229bd7000fbdbdf250200000008000300000000000800010005000000"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r2, 0x4b66, r3) 264.450147ms ago: executing program 3 (id=2613): mmap$auto(0x80000001, 0x401, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, 0x0, 0x40001, 0x0) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0x400, 0x0) write$auto_console_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) openat$auto_force_wakeup_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/hci7/force_wakeup\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x1f42) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f00000000c0)={0x0, 0x7}, 0x3) shmctl$auto(0x7ff, 0x7270, 0x0) msgctl$auto_IPC_SET(0xfffffffc, 0x1, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000180), 0x1001, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') r3 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$auto(0x3, 0x40086200, r3) 0s ago: executing program 2 (id=2614): openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) unshare$auto(0x40000080) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r0, 0x8000) adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0xcea4, 0xfffffffffffffffd, 0xd4, 0x1, 0x0, 0x0, 0x1, 0x368e, 0x200000002, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1007bfe, 0x0, 0x9, 0x81, 0xdfffffffffff628c, 0x2, 0xdeb1, 0x808}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0xb, 0xa, 0xbfd) getsockopt$auto(r1, 0x6, 0xc, 0xfffffffffffffffc, 0x0) r2 = getsid$auto(0xffffffffffffffff) prctl$auto(0xbbb, 0xfffffffffffffff7, r2, 0xffff0000000, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x4a801, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x12000, 0x0) socket(0x3, 0x5, 0x5) mmap$auto(0x0, 0x7f, 0x4000000000df, 0x40eb1, 0x401, 0x4) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) read$auto(r4, 0x0, 0x20) r5 = openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x109002, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000540)='/proc/sys/kernel/kexec_load_limit_panic\x00', 0x40141, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r6, 0x0, 0x0) sendfile$auto(r5, r5, 0x0, 0x10000800000003) clone$auto(0xd6, 0x9, 0x0, 0x0, 0x2) r7 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/pagemap\x00', 0x4225e0, 0x0) read$auto(r7, 0x0, 0x39b8) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) kernel console output (not intermixed with test programs): 810263][T13423] watch_queue_init+0x45/0x170 [ 592.810311][T13423] create_pipe_files+0x676/0x9a0 [ 592.810360][T13423] do_pipe2+0xaf/0x1c0 [ 592.810391][T13423] ? __pfx_do_pipe2+0x10/0x10 [ 592.810422][T13423] ? xfd_validate_state+0x61/0x180 [ 592.810467][T13423] __x64_sys_pipe2+0x54/0x80 [ 592.810499][T13423] do_syscall_64+0xcd/0x490 [ 592.810526][T13423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.810551][T13423] RIP: 0033:0x7fe306b8eb69 [ 592.810569][T13423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 592.810604][T13423] RSP: 002b:00007fe307999038 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 592.810634][T13423] RAX: ffffffffffffffda RBX: 00007fe306db5fa0 RCX: 00007fe306b8eb69 [ 592.810657][T13423] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000 [ 592.810676][T13423] RBP: 00007fe306c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 592.810690][T13423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 592.810705][T13423] R13: 0000000000000000 R14: 00007fe306db5fa0 R15: 00007ffc2b483c68 [ 592.810734][T13423] [ 593.738999][T13439] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1807'. [ 594.782993][T13461] random: crng reseeded on system resumption [ 595.016844][T13464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1812'. [ 595.308774][T13471] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1816'. [ 595.576045][T13469] block nbd0: Unsupported socket: shutdown callout must be supported. [ 601.782804][T13576] random: crng reseeded on system resumption [ 604.829565][T13630] FAULT_INJECTION: forcing a failure. [ 604.829565][T13630] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 604.870672][T13630] CPU: 0 UID: 0 PID: 13630 Comm: syz.2.1856 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 604.870720][T13630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 604.870740][T13630] Call Trace: [ 604.870751][T13630] [ 604.870764][T13630] dump_stack_lvl+0x16c/0x1f0 [ 604.870804][T13630] should_fail_ex+0x512/0x640 [ 604.870851][T13630] should_fail_alloc_page+0xe7/0x130 [ 604.870899][T13630] prepare_alloc_pages+0x3c2/0x610 [ 604.870950][T13630] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.870991][T13630] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 604.871054][T13630] ? __lock_acquire+0xb97/0x1ce0 [ 604.871100][T13630] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 604.871159][T13630] ? __pfx___mutex_trylock_common+0x10/0x10 [ 604.871209][T13630] ? __pfx___might_resched+0x10/0x10 [ 604.871246][T13630] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 604.871301][T13630] ? policy_nodemask+0xea/0x4e0 [ 604.871351][T13630] alloc_pages_mpol+0x1fb/0x550 [ 604.871399][T13630] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 604.871444][T13630] ? __pfx___mutex_lock+0x10/0x10 [ 604.871490][T13630] ___kmalloc_large_node+0xed/0x160 [ 604.871549][T13630] __kmalloc_large_noprof+0x1c/0x70 [ 604.871606][T13630] uhid_char_open+0x24/0x250 [ 604.871664][T13630] ? __pfx_uhid_char_open+0x10/0x10 [ 604.871712][T13630] misc_open+0x35a/0x420 [ 604.871767][T13630] ? __pfx_misc_open+0x10/0x10 [ 604.871818][T13630] chrdev_open+0x234/0x6a0 [ 604.871861][T13630] ? __pfx_apparmor_file_open+0x10/0x10 [ 604.871917][T13630] ? __pfx_chrdev_open+0x10/0x10 [ 604.871964][T13630] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 604.872011][T13630] do_dentry_open+0x982/0x1530 [ 604.872054][T13630] ? __pfx_chrdev_open+0x10/0x10 [ 604.872108][T13630] vfs_open+0x82/0x3f0 [ 604.872163][T13630] path_openat+0x1de4/0x2cb0 [ 604.872217][T13630] ? __pfx_path_openat+0x10/0x10 [ 604.872265][T13630] do_filp_open+0x20b/0x470 [ 604.872300][T13630] ? __pfx_do_filp_open+0x10/0x10 [ 604.872360][T13630] ? alloc_fd+0x471/0x7d0 [ 604.872400][T13630] do_sys_openat2+0x11b/0x1d0 [ 604.872446][T13630] ? __pfx_do_sys_openat2+0x10/0x10 [ 604.872503][T13630] __x64_sys_openat+0x174/0x210 [ 604.872548][T13630] ? __pfx___x64_sys_openat+0x10/0x10 [ 604.872607][T13630] do_syscall_64+0xcd/0x490 [ 604.872649][T13630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.872678][T13630] RIP: 0033:0x7f7ecb98eb69 [ 604.872702][T13630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 604.872730][T13630] RSP: 002b:00007f7ecc8ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 604.872757][T13630] RAX: ffffffffffffffda RBX: 00007f7ecbbb6080 RCX: 00007f7ecb98eb69 [ 604.872775][T13630] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 604.872794][T13630] RBP: 00007f7ecba11df1 R08: 0000000000000000 R09: 0000000000000000 [ 604.872812][T13630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 604.872830][T13630] R13: 0000000000000000 R14: 00007f7ecbbb6080 R15: 00007ffd830be3b8 [ 604.872865][T13630] [ 607.234580][ T5867] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 607.496800][T13667] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1865'. [ 608.156662][T13676] FAULT_INJECTION: forcing a failure. [ 608.156662][T13676] name failslab, interval 1, probability 0, space 0, times 0 [ 608.214914][T13676] CPU: 1 UID: 0 PID: 13676 Comm: syz.1.1867 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 608.214962][T13676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 608.214980][T13676] Call Trace: [ 608.214990][T13676] [ 608.215000][T13676] dump_stack_lvl+0x16c/0x1f0 [ 608.215038][T13676] should_fail_ex+0x512/0x640 [ 608.215074][T13676] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 608.215108][T13676] should_failslab+0xc2/0x120 [ 608.215148][T13676] __kmalloc_cache_noprof+0x6a/0x3e0 [ 608.215177][T13676] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 608.215210][T13676] ? watch_queue_init+0x45/0x170 [ 608.215254][T13676] watch_queue_init+0x45/0x170 [ 608.215294][T13676] create_pipe_files+0x676/0x9a0 [ 608.215337][T13676] do_pipe2+0xaf/0x1c0 [ 608.215372][T13676] ? __pfx_do_pipe2+0x10/0x10 [ 608.215409][T13676] ? xfd_validate_state+0x61/0x180 [ 608.215461][T13676] __x64_sys_pipe2+0x54/0x80 [ 608.215497][T13676] do_syscall_64+0xcd/0x490 [ 608.215530][T13676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.215558][T13676] RIP: 0033:0x7fe306b8eb69 [ 608.215587][T13676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 608.215616][T13676] RSP: 002b:00007fe307999038 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 608.215643][T13676] RAX: ffffffffffffffda RBX: 00007fe306db5fa0 RCX: 00007fe306b8eb69 [ 608.215663][T13676] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000 [ 608.215680][T13676] RBP: 00007fe306c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 608.215698][T13676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 608.215716][T13676] R13: 0000000000000000 R14: 00007fe306db5fa0 R15: 00007ffc2b483c68 [ 608.215750][T13676] [ 608.398552][T13678] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1868'. [ 608.880525][T13686] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1871'. [ 612.157342][T13731] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1882'. [ 614.291466][T13768] vhci_hcd: invalid port number 16 [ 614.307936][T13768] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 615.872345][T13812] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1905'. [ 616.217070][T13819] netlink: 'syz.3.1904': attribute type 11 has an invalid length. [ 616.848397][T13810] sysfs_service_op_show: Client not running :-5: [ 619.460175][T13849] nfsd: Unknown parameter 'Z' [ 620.610016][T13862] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1915'. [ 622.675036][ T43] Process accounting resumed [ 625.936376][T13939] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 627.950180][T13962] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1940'. [ 629.364838][T13982] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1944'. [ 629.412772][T13982] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 629.627623][T13982] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 630.235956][T13989] openvswitch: netlink: IP tunnel dst address not specified [ 631.856329][T14010] ovs_: entered promiscuous mode [ 633.167884][T14023] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1951'. [ 633.191282][T14025] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1956'. [ 633.988416][T14041] random: crng reseeded on system resumption [ 635.058363][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 635.067825][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 636.857881][ T9] Process accounting resumed [ 638.139981][T14085] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 642.516082][ T31] audit: type=1400 audit(1843104584.510:13): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=14162 comm="syz.1.1995" [ 643.954997][T14184] netlink: 'syz.3.2001': attribute type 1 has an invalid length. [ 646.439774][T14223] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2013'. [ 648.980920][T14265] nfsd: Unknown parameter 'Z' [ 648.989285][T14266] kvm_intel: kvm [14263]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x1 [ 649.836849][T14281] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2027'. [ 650.237211][T14274] binder: 14273:14274 ioctl c018620c 200000000080 returned -22 [ 651.811356][T14315] sctp: Failed to create the SCTP UDP tunneling v4 sock [ 652.063140][T14320] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2037'. [ 653.649298][T14353] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2045'. [ 653.857552][T14356] sd 0:0:1:0: PR command failed: 1026 [ 653.863172][T14356] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 653.881267][T14356] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 653.924722][T14357] sd 0:0:1:0: PR command failed: 1026 [ 653.953899][T14357] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 653.983552][T14357] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 660.358284][T14479] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2075'. [ 660.565169][T14485] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2076'. [ 661.045819][T14495] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2080'. [ 664.172130][ T5867] Bluetooth: hci3: Malformed LE Event: 0x1d [ 665.683396][T14576] can: request_module (can-proto-0) failed. [ 665.790379][T14583] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2102'. [ 668.844342][T14620] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2112'. [ 673.285637][T14700] netlink: 'syz.2.2129': attribute type 11 has an invalid length. [ 674.716749][T14720] tipc: Enabling of bearer <@):^\/\> rejected, media not registered [ 679.859656][T14791] Setting dangerous option i915.mitigations - tainting kernel [ 681.171764][T14812] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2160'. [ 682.461999][T14828] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 682.502064][T14828] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 682.555935][T14828] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 682.582175][T14828] page_type: f5(slab) [ 682.599905][T14828] raw: 00fff00000000040 ffff8881404bb8c0 dead000000000122 0000000000000000 [ 682.612948][T14828] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 682.644570][T14828] head: 00fff00000000040 ffff8881404bb8c0 dead000000000122 0000000000000000 [ 682.661375][T14828] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 682.680375][T14828] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 682.710199][T14828] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 682.751397][T14828] page dumped because: unmovable page [ 682.765389][T14828] page_owner tracks the page as allocated [ 682.838069][T14828] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5249, tgid 5249 (udevadm), ts 47970792392, free_ts 39362658346 [ 682.938338][T14828] post_alloc_hook+0x1c0/0x230 [ 682.943811][T14828] get_page_from_freelist+0x132b/0x38e0 [ 682.953014][T14828] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 682.959044][T14828] alloc_pages_mpol+0x1fb/0x550 [ 682.971737][T14828] new_slab+0x247/0x330 [ 682.976037][T14828] ___slab_alloc+0xcf2/0x1740 [ 682.982401][T14828] __slab_alloc.constprop.0+0x56/0xb0 [ 682.987835][T14828] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 683.025259][T14828] alloc_inode+0xc3/0x240 [ 683.068600][T14828] iget_locked+0x2e4/0x830 [ 683.151139][T14828] kernfs_get_inode+0x48/0x460 [ 683.156458][T14828] kernfs_iop_lookup+0x1a7/0x2d0 [ 683.212619][T14828] __lookup_slow+0x24e/0x460 [ 683.224304][T14828] walk_component+0x353/0x5b0 [ 683.239376][T14828] path_lookupat+0x142/0x6d0 [ 683.290711][T14828] filename_lookup+0x224/0x5f0 [ 683.295681][T14828] page last free pid 1 tgid 1 stack trace: [ 683.353498][T14828] __free_frozen_pages+0x7d5/0x10f0 [ 683.381719][T14828] free_contig_range+0x183/0x4b0 [ 683.386760][T14828] destroy_args+0x7f6/0xa60 [ 683.405093][T14828] debug_vm_pgtable+0x1a32/0x3640 [ 683.410231][T14828] do_one_initcall+0x120/0x6e0 [ 683.464209][T14828] kernel_init_freeable+0x5c2/0x910 [ 683.484713][T14828] kernel_init+0x1c/0x2b0 [ 683.489168][T14828] ret_from_fork+0x5d4/0x6f0 [ 683.530978][T14828] ret_from_fork_asm+0x1a/0x30 [ 683.755213][ T3545] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.219547][ T5865] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 684.231170][ T5865] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 684.241112][ T5865] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 684.261045][ T5865] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 684.270069][T14862] FAULT_INJECTION: forcing a failure. [ 684.270069][T14862] name failslab, interval 1, probability 0, space 0, times 0 [ 684.284023][ T5865] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 684.311143][T14862] CPU: 0 UID: 0 PID: 14862 Comm: syz.2.2175 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 684.311206][T14862] Tainted: [U]=USER [ 684.311218][T14862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 684.311239][T14862] Call Trace: [ 684.311250][T14862] [ 684.311263][T14862] dump_stack_lvl+0x16c/0x1f0 [ 684.311306][T14862] should_fail_ex+0x512/0x640 [ 684.311347][T14862] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 684.311393][T14862] should_failslab+0xc2/0x120 [ 684.311438][T14862] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 684.311477][T14862] ? __proc_create+0xc3/0x8e0 [ 684.311526][T14862] ? __proc_create+0x2ce/0x8e0 [ 684.311580][T14862] __proc_create+0x2ce/0x8e0 [ 684.311630][T14862] ? __pfx___proc_create+0x10/0x10 [ 684.311686][T14862] ? mark_held_locks+0x49/0x80 [ 684.311737][T14862] proc_create_reg+0x7d/0x180 [ 684.311792][T14862] proc_create_net_data+0x8e/0x1c0 [ 684.311857][T14862] ? __pfx_proc_create_net_data+0x10/0x10 [ 684.311910][T14862] ? __pfx___netlink_kernel_create+0x10/0x10 [ 684.311945][T14862] ? fib4_semantics_init+0x25/0x100 [ 684.312006][T14862] fib_proc_init+0x58/0x1b0 [ 684.312040][T14862] fib_net_init+0x2af/0x3f0 [ 684.312146][T14862] ? __pfx___register_sysctl_table+0x10/0x10 [ 684.312217][T14862] ? __pfx_fib_net_init+0x10/0x10 [ 684.312259][T14862] ? lockdep_init_map_type+0x5c/0x280 [ 684.312309][T14862] ? __pfx_nl_fib_input+0x10/0x10 [ 684.312353][T14862] ? devinet_init_net+0x5c2/0x910 [ 684.312401][T14862] ? __pfx_fib_net_init+0x10/0x10 [ 684.312437][T14862] ops_init+0x1df/0x5f0 [ 684.312479][T14862] setup_net+0x10f/0x380 [ 684.312512][T14862] ? lockdep_init_map_type+0x5c/0x280 [ 684.312560][T14862] ? __pfx_setup_net+0x10/0x10 [ 684.312599][T14862] ? debug_mutex_init+0x37/0x70 [ 684.312636][T14862] copy_net_ns+0x2a6/0x5f0 [ 684.312682][T14862] create_new_namespaces+0x3ea/0xa90 [ 684.312732][T14862] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 684.312776][T14862] ksys_unshare+0x45b/0xa40 [ 684.312825][T14862] ? __pfx_ksys_unshare+0x10/0x10 [ 684.312901][T14862] ? xfd_validate_state+0x61/0x180 [ 684.312965][T14862] __x64_sys_unshare+0x31/0x40 [ 684.313012][T14862] do_syscall_64+0xcd/0x490 [ 684.313054][T14862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 684.313088][T14862] RIP: 0033:0x7f7ecb98eb69 [ 684.313170][T14862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 684.313210][T14862] RSP: 002b:00007f7ecc8db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 684.313246][T14862] RAX: ffffffffffffffda RBX: 00007f7ecbbb5fa0 RCX: 00007f7ecb98eb69 [ 684.313270][T14862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 684.313291][T14862] RBP: 00007f7ecba11df1 R08: 0000000000000000 R09: 0000000000000000 [ 684.313312][T14862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 684.313332][T14862] R13: 0000000000000000 R14: 00007f7ecbbb5fa0 R15: 00007ffd830be3b8 [ 684.313376][T14862] [ 684.613939][ C0] vkms_vblank_simulate: vblank timer overrun [ 685.600831][T14865] chnl_net:caif_netlink_parms(): no params data found [ 686.020282][T10780] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.128186][T10780] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.146529][T14865] bridge0: port 1(bridge_slave_0) entered blocking state [ 686.154970][T14865] bridge0: port 1(bridge_slave_0) entered disabled state [ 686.163010][T14865] bridge_slave_0: entered allmulticast mode [ 686.171366][T14865] bridge_slave_0: entered promiscuous mode [ 686.180927][T14865] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.188216][T14865] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.200887][T14865] bridge_slave_1: entered allmulticast mode [ 686.209101][T14865] bridge_slave_1: entered promiscuous mode [ 686.229193][T10780] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.278692][T14865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 686.294164][T14865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 686.332334][T10780] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.416338][T14865] team0: Port device team_slave_0 added [ 686.430531][T14865] team0: Port device team_slave_1 added [ 686.497803][T14865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 686.510798][T14865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 686.540840][T14865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 686.590438][T14865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 686.598337][T14865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 686.625156][T14865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 686.761198][ T5867] Bluetooth: hci4: command tx timeout [ 686.773530][T14865] hsr_slave_0: entered promiscuous mode [ 686.785256][T14865] hsr_slave_1: entered promiscuous mode [ 686.866824][T10780] bridge_slave_1: left allmulticast mode [ 686.877781][T10780] bridge_slave_1: left promiscuous mode [ 686.887163][T10780] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.972359][T10780] bridge_slave_0: left allmulticast mode [ 686.978114][T10780] bridge_slave_0: left promiscuous mode [ 687.000619][T10780] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.746109][T10780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 687.764788][T10780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 687.775772][T10780] bond0 (unregistering): Released all slaves [ 688.649414][T10780] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 688.683780][T10780] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 688.767965][T10780] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 688.808761][T10780] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 688.841511][ T5867] Bluetooth: hci4: command tx timeout [ 688.959051][T10780] veth1_macvtap: left promiscuous mode [ 688.989880][T10780] veth0_macvtap: left promiscuous mode [ 689.027557][T10780] veth1_vlan: left promiscuous mode [ 689.056031][T10780] veth0_vlan: left promiscuous mode [ 690.387409][T10780] team0 (unregistering): Port device team_slave_1 removed [ 690.443061][T10780] team0 (unregistering): Port device team_slave_0 removed [ 690.720719][ T5940] Process accounting resumed [ 690.923076][ T5867] Bluetooth: hci4: command tx timeout [ 692.141569][T14986] usb usb2: usbfs: process 14986 (syz.1.2198) did not claim interface 1 before use [ 692.691700][T14865] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 692.929518][T14865] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 693.000719][ T5867] Bluetooth: hci4: command tx timeout [ 693.047760][T14865] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 693.092918][T14865] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 693.223691][T15007] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2201'. [ 693.482660][T14865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 693.595933][T14865] 8021q: adding VLAN 0 to HW filter on device team0 [ 693.688942][T10773] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.697069][T10773] bridge0: port 1(bridge_slave_0) entered forwarding state [ 693.835985][T10780] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.843231][T10780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 695.067890][T14865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 695.195843][T14865] veth0_vlan: entered promiscuous mode [ 695.254386][T14865] veth1_vlan: entered promiscuous mode [ 695.309569][T15046] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2207'. [ 695.376728][T14865] veth0_macvtap: entered promiscuous mode [ 695.393561][T14865] veth1_macvtap: entered promiscuous mode [ 695.568222][T14865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 695.683127][T14865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 695.775979][ T3575] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.776057][ T3575] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.776110][ T3575] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.776165][ T3575] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.124644][ T133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 696.124676][ T133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 696.447007][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 696.447086][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 696.489574][T10780] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 696.489609][T10780] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 697.573900][T15092] random: crng reseeded on system resumption [ 699.018150][T15110] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 700.716986][T15141] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2229'. [ 702.347998][T15168] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2235'. [ 702.469792][T15171] tty tty46: ldisc open failed (-12), clearing slot 45 [ 702.674382][T15184] FAULT_INJECTION: forcing a failure. [ 702.674382][T15184] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 702.706845][T15184] CPU: 1 UID: 0 PID: 15184 Comm: syz.2.2242 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 702.706898][T15184] Tainted: [U]=USER [ 702.706908][T15184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 702.706928][T15184] Call Trace: [ 702.706938][T15184] [ 702.706950][T15184] dump_stack_lvl+0x16c/0x1f0 [ 702.706988][T15184] should_fail_ex+0x512/0x640 [ 702.707034][T15184] should_fail_alloc_page+0xe7/0x130 [ 702.707088][T15184] prepare_alloc_pages+0x3c2/0x610 [ 702.707144][T15184] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 702.707187][T15184] ? __pfx_stack_trace_save+0x10/0x10 [ 702.707221][T15184] ? stack_depot_save_flags+0x29/0x9c0 [ 702.707260][T15184] ? iovec_from_user+0x108/0x140 [ 702.707297][T15184] ? kasan_save_stack+0x42/0x60 [ 702.707329][T15184] ? kasan_save_stack+0x33/0x60 [ 702.707360][T15184] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 702.707399][T15184] ? __lock_acquire+0x62e/0x1ce0 [ 702.707449][T15184] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 702.707494][T15184] ? policy_nodemask+0xea/0x4e0 [ 702.707534][T15184] alloc_pages_mpol+0x1fb/0x550 [ 702.707573][T15184] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 702.707618][T15184] ? __pfx_vcs_write+0x10/0x10 [ 702.707660][T15184] alloc_pages_noprof+0x131/0x390 [ 702.707698][T15184] get_free_pages_noprof+0x10/0xb0 [ 702.707736][T15184] vcs_write+0x11a/0xdb0 [ 702.707778][T15184] ? copy_iovec_from_user+0x131/0x170 [ 702.707819][T15184] ? iovec_from_user+0xbb/0x140 [ 702.707864][T15184] ? __pfx_vcs_write+0x10/0x10 [ 702.707905][T15184] ? common_file_perm+0x1a9/0x340 [ 702.707937][T15184] ? bpf_lsm_file_permission+0x9/0x10 [ 702.707978][T15184] ? security_file_permission+0x71/0x210 [ 702.708012][T15184] ? rw_verify_area+0xcf/0x6c0 [ 702.708043][T15184] ? __pfx_vcs_write+0x10/0x10 [ 702.708094][T15184] vfs_writev+0x5df/0xde0 [ 702.708133][T15184] ? __pfx_vfs_writev+0x10/0x10 [ 702.708162][T15184] ? find_held_lock+0x2b/0x80 [ 702.708210][T15184] ? __fget_files+0x20e/0x3c0 [ 702.708238][T15184] ? __fget_files+0x1e0/0x3c0 [ 702.708275][T15184] ? do_writev+0x132/0x340 [ 702.708302][T15184] do_writev+0x132/0x340 [ 702.708332][T15184] ? __pfx_do_writev+0x10/0x10 [ 702.708371][T15184] do_syscall_64+0xcd/0x490 [ 702.708404][T15184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.708432][T15184] RIP: 0033:0x7f7ecb98eb69 [ 702.708453][T15184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 702.708481][T15184] RSP: 002b:00007f7ecc8db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 702.708507][T15184] RAX: ffffffffffffffda RBX: 00007f7ecbbb5fa0 RCX: 00007f7ecb98eb69 [ 702.708526][T15184] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000003 [ 702.708542][T15184] RBP: 00007f7ecc8db090 R08: 0000000000000000 R09: 0000000000000000 [ 702.708559][T15184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 702.708575][T15184] R13: 0000000000000000 R14: 00007f7ecbbb5fa0 R15: 00007ffd830be3b8 [ 702.708608][T15184] [ 705.528097][T15236] FAULT_INJECTION: forcing a failure. [ 705.528097][T15236] name failslab, interval 1, probability 0, space 0, times 0 [ 705.561986][T15236] CPU: 0 UID: 0 PID: 15236 Comm: syz.0.2255 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 705.562030][T15236] Tainted: [U]=USER [ 705.562037][T15236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 705.562052][T15236] Call Trace: [ 705.562059][T15236] [ 705.562068][T15236] dump_stack_lvl+0x16c/0x1f0 [ 705.562098][T15236] should_fail_ex+0x512/0x640 [ 705.562127][T15236] ? __kmalloc_noprof+0xbf/0x510 [ 705.562158][T15236] ? vb2_core_allocated_buffers_storage+0x184/0x220 [ 705.562193][T15236] should_failslab+0xc2/0x120 [ 705.562238][T15236] __kmalloc_noprof+0xd2/0x510 [ 705.562287][T15236] vb2_core_allocated_buffers_storage+0x184/0x220 [ 705.562336][T15236] vb2_core_reqbufs+0x398/0xfe0 [ 705.562391][T15236] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 705.562466][T15236] __vb2_init_fileio+0x3f1/0x1100 [ 705.562520][T15236] ? __pfx___futex_wait+0x10/0x10 [ 705.562582][T15236] __vb2_perform_fileio+0x9c2/0x1660 [ 705.562644][T15236] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 705.562709][T15236] vb2_fop_write+0x207/0x3f0 [ 705.562773][T15236] v4l2_write+0x229/0x360 [ 705.562808][T15236] ? __pfx_v4l2_write+0x10/0x10 [ 705.562840][T15236] vfs_write+0x2a0/0x1150 [ 705.562890][T15236] ? __pfx_vfs_write+0x10/0x10 [ 705.562927][T15236] ? find_held_lock+0x2b/0x80 [ 705.562963][T15236] ? __fget_files+0x204/0x3c0 [ 705.563006][T15236] ? __fget_files+0x20e/0x3c0 [ 705.563057][T15236] ksys_write+0x12a/0x250 [ 705.563097][T15236] ? __pfx_ksys_write+0x10/0x10 [ 705.563150][T15236] do_syscall_64+0xcd/0x490 [ 705.563192][T15236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.563227][T15236] RIP: 0033:0x7fd311b8eb69 [ 705.563254][T15236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 705.563289][T15236] RSP: 002b:00007fd312a96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 705.563322][T15236] RAX: ffffffffffffffda RBX: 00007fd311db5fa0 RCX: 00007fd311b8eb69 [ 705.563345][T15236] RDX: 0000000000000099 RSI: 0000200000000080 RDI: 0000000000000005 [ 705.563366][T15236] RBP: 00007fd311c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 705.563387][T15236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 705.563407][T15236] R13: 0000000000000000 R14: 00007fd311db5fa0 R15: 00007ffd0e9c7d18 [ 705.563452][T15236] [ 706.606089][T15268] FAULT_INJECTION: forcing a failure. [ 706.606089][T15268] name failslab, interval 1, probability 0, space 0, times 0 [ 706.695757][T15268] CPU: 0 UID: 0 PID: 15268 Comm: syz.1.2261 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 706.695818][T15268] Tainted: [U]=USER [ 706.695831][T15268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 706.695852][T15268] Call Trace: [ 706.695864][T15268] [ 706.695877][T15268] dump_stack_lvl+0x16c/0x1f0 [ 706.695920][T15268] should_fail_ex+0x512/0x640 [ 706.695964][T15268] ? __kmalloc_node_noprof+0xc5/0x500 [ 706.696015][T15268] should_failslab+0xc2/0x120 [ 706.696064][T15268] __kmalloc_node_noprof+0xd8/0x500 [ 706.696109][T15268] ? ___slab_alloc+0x5f/0x1740 [ 706.696140][T15268] ? alloc_slab_obj_exts+0x41/0xa0 [ 706.696182][T15268] alloc_slab_obj_exts+0x41/0xa0 [ 706.696218][T15268] __memcg_slab_post_alloc_hook+0x255/0x960 [ 706.696276][T15268] ? kasan_unpoison+0x27/0x60 [ 706.696317][T15268] ? alloc_pipe_info+0x1ec/0x590 [ 706.696359][T15268] __kmalloc_noprof+0x3f9/0x510 [ 706.696402][T15268] ? kasan_save_track+0x14/0x30 [ 706.696446][T15268] alloc_pipe_info+0x1ec/0x590 [ 706.696498][T15268] create_pipe_files+0x8c/0x9a0 [ 706.696552][T15268] do_pipe2+0xaf/0x1c0 [ 706.696611][T15268] ? __pfx_do_pipe2+0x10/0x10 [ 706.696661][T15268] ? xfd_validate_state+0x61/0x180 [ 706.696722][T15268] __x64_sys_pipe2+0x54/0x80 [ 706.696755][T15268] do_syscall_64+0xcd/0x490 [ 706.696783][T15268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.696807][T15268] RIP: 0033:0x7fe306b8eb69 [ 706.696828][T15268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 706.696854][T15268] RSP: 002b:00007fe307999038 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 706.696877][T15268] RAX: ffffffffffffffda RBX: 00007fe306db5fa0 RCX: 00007fe306b8eb69 [ 706.696894][T15268] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000 [ 706.696909][T15268] RBP: 00007fe306c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 706.696924][T15268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 706.696938][T15268] R13: 0000000000000000 R14: 00007fe306db5fa0 R15: 00007ffc2b483c68 [ 706.696967][T15268] [ 707.860280][T15281] __vm_enough_memory: pid: 15281, comm: syz.1.2264, bytes: 4398046511104 not enough memory for the allocation [ 712.420661][T15365] FAULT_INJECTION: forcing a failure. [ 712.420661][T15365] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 712.757138][T15365] CPU: 0 UID: 0 PID: 15365 Comm: syz.0.2284 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 712.757181][T15365] Tainted: [U]=USER [ 712.757189][T15365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 712.757203][T15365] Call Trace: [ 712.757210][T15365] [ 712.757219][T15365] dump_stack_lvl+0x16c/0x1f0 [ 712.757247][T15365] should_fail_ex+0x512/0x640 [ 712.757280][T15365] _copy_from_iter+0x29f/0x16f0 [ 712.757314][T15365] ? __pfx___mutex_lock+0x10/0x10 [ 712.757337][T15365] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 712.757372][T15365] ? __pfx__copy_from_iter+0x10/0x10 [ 712.757417][T15365] file_tty_write.constprop.0+0x488/0x9b0 [ 712.757453][T15365] redirected_tty_write+0xd4/0x150 [ 712.757479][T15365] vfs_write+0x6c7/0x1150 [ 712.757507][T15365] ? __pfx_redirected_tty_write+0x10/0x10 [ 712.757537][T15365] ? __pfx_vfs_write+0x10/0x10 [ 712.757560][T15365] ? find_held_lock+0x2b/0x80 [ 712.757603][T15365] ksys_write+0x12a/0x250 [ 712.757628][T15365] ? __pfx_ksys_write+0x10/0x10 [ 712.757663][T15365] do_syscall_64+0xcd/0x490 [ 712.757689][T15365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.757712][T15365] RIP: 0033:0x7fd311b8eb69 [ 712.757729][T15365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 712.757751][T15365] RSP: 002b:00007fd312a75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 712.757772][T15365] RAX: ffffffffffffffda RBX: 00007fd311db6080 RCX: 00007fd311b8eb69 [ 712.757787][T15365] RDX: 000000000000fdef RSI: 0000200000000440 RDI: 0000000000000003 [ 712.757801][T15365] RBP: 00007fd312a75090 R08: 0000000000000000 R09: 0000000000000000 [ 712.757815][T15365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 712.757828][T15365] R13: 0000000000000000 R14: 00007fd311db6080 R15: 00007ffd0e9c7d18 [ 712.757856][T15365] [ 714.084303][T15378] Line length is too long: Should be less than 4094 [ 715.077827][T15403] sd 0:0:1:0: PR command failed: 1026 [ 715.084269][T15403] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 715.094487][T15403] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 717.494749][T15440] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2304'. [ 720.830454][ T5865] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 720.856834][ T5865] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 720.871265][ T5865] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 720.879600][ T5865] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 720.889335][ T5865] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 720.965317][ T5865] Bluetooth: hci4: unexpected event 0x14 length: 16 > 6 [ 721.979465][T10773] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 722.052857][T15482] chnl_net:caif_netlink_parms(): no params data found [ 722.215747][T10773] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 722.396342][T10773] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 722.502307][T10773] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 722.768458][T15482] bridge0: port 1(bridge_slave_0) entered blocking state [ 722.804658][T15482] bridge0: port 1(bridge_slave_0) entered disabled state [ 722.845631][T15482] bridge_slave_0: entered allmulticast mode [ 722.861981][T15482] bridge_slave_0: entered promiscuous mode [ 722.875521][T15482] bridge0: port 2(bridge_slave_1) entered blocking state [ 722.882844][T15482] bridge0: port 2(bridge_slave_1) entered disabled state [ 722.890285][T15482] bridge_slave_1: entered allmulticast mode [ 722.898453][T15482] bridge_slave_1: entered promiscuous mode [ 722.925297][ T5865] Bluetooth: hci1: command tx timeout [ 723.082180][T15482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 723.167809][T15536] FAULT_INJECTION: forcing a failure. [ 723.167809][T15536] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 723.195734][T15536] CPU: 0 UID: 0 PID: 15536 Comm: syz.0.2329 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 723.195791][T15536] Tainted: [U]=USER [ 723.195804][T15536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 723.195826][T15536] Call Trace: [ 723.195836][T15536] [ 723.195849][T15536] dump_stack_lvl+0x16c/0x1f0 [ 723.195891][T15536] should_fail_ex+0x512/0x640 [ 723.195941][T15536] should_fail_alloc_page+0xe7/0x130 [ 723.195991][T15536] prepare_alloc_pages+0x3c2/0x610 [ 723.196061][T15536] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 723.196125][T15536] ? lock_acquire+0x179/0x350 [ 723.196170][T15536] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 723.196216][T15536] ? finish_task_switch.isra.0+0x21c/0xc10 [ 723.196255][T15536] ? rcu_is_watching+0x12/0xc0 [ 723.196294][T15536] ? finish_task_switch.isra.0+0x221/0xc10 [ 723.196332][T15536] ? rcu_is_watching+0x12/0xc0 [ 723.196366][T15536] ? trace_sched_exit_tp+0xd1/0x120 [ 723.196420][T15536] ? __schedule+0x11a3/0x5de0 [ 723.196472][T15536] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 723.196526][T15536] ? policy_nodemask+0xea/0x4e0 [ 723.196575][T15536] alloc_pages_mpol+0x1fb/0x550 [ 723.196623][T15536] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 723.196681][T15536] alloc_pages_noprof+0x131/0x390 [ 723.196738][T15536] __pmd_alloc+0x3b/0x930 [ 723.196795][T15536] __handle_mm_fault+0xa06/0x2a50 [ 723.196838][T15536] ? mt_find+0x3ef/0xa30 [ 723.196878][T15536] ? __pfx___handle_mm_fault+0x10/0x10 [ 723.196911][T15536] ? __pfx_mt_find+0x10/0x10 [ 723.196974][T15536] ? find_vma+0xbf/0x140 [ 723.197029][T15536] ? __pfx_find_vma+0x10/0x10 [ 723.197081][T15536] handle_mm_fault+0x589/0xd10 [ 723.197117][T15536] ? trace_raw_output_exceptions+0x121/0x150 [ 723.197184][T15536] do_user_addr_fault+0x7a6/0x1370 [ 723.197243][T15536] ? rcu_is_watching+0x12/0xc0 [ 723.197282][T15536] exc_page_fault+0x5c/0xb0 [ 723.197316][T15536] asm_exc_page_fault+0x26/0x30 [ 723.197349][T15536] RIP: 0010:__put_user_4+0xd/0x20 [ 723.197384][T15536] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 c7 6c 03 00 0f 1f 80 00 00 00 00 90 90 90 [ 723.197417][T15536] RSP: 0018:ffffc900040afe28 EFLAGS: 00050246 [ 723.197445][T15536] RAX: 0000000000000004 RBX: 0000000000000000 RCX: 0000000000000000 [ 723.197471][T15536] RDX: 0000000000080000 RSI: ffffffff895f59d4 RDI: ffffffff8c161180 [ 723.197494][T15536] RBP: 1ffff92000815fc9 R08: 3b8f596bbd88045d R09: 0000000000000001 [ 723.197516][T15536] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004 [ 723.197536][T15536] R13: 0000000000000005 R14: 0000000000000005 R15: dffffc0000000000 [ 723.197571][T15536] ? __sys_socketpair+0x114/0x5a0 [ 723.197629][T15536] __sys_socketpair+0x120/0x5a0 [ 723.197683][T15536] ? __pfx___sys_socketpair+0x10/0x10 [ 723.197737][T15536] ? xfd_validate_state+0x61/0x180 [ 723.197787][T15536] ? __pfx_ksys_write+0x10/0x10 [ 723.197836][T15536] __x64_sys_socketpair+0x96/0x100 [ 723.197885][T15536] ? lockdep_hardirqs_on+0x7c/0x110 [ 723.197917][T15536] do_syscall_64+0xcd/0x490 [ 723.197956][T15536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.197987][T15536] RIP: 0033:0x7fd311b8eb69 [ 723.198023][T15536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 723.198057][T15536] RSP: 002b:00007fd312a96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 723.198088][T15536] RAX: ffffffffffffffda RBX: 00007fd311db5fa0 RCX: 00007fd311b8eb69 [ 723.198111][T15536] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 723.198133][T15536] RBP: 00007fd311c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 723.198153][T15536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 723.198173][T15536] R13: 0000000000000000 R14: 00007fd311db5fa0 R15: 00007ffd0e9c7d18 [ 723.198217][T15536] [ 723.583738][ C0] vkms_vblank_simulate: vblank timer overrun [ 723.708468][T15482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 724.017344][T15482] team0: Port device team_slave_0 added [ 724.128998][T15482] team0: Port device team_slave_1 added [ 724.439759][T15482] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 724.454571][T15482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 724.480743][ C0] vkms_vblank_simulate: vblank timer overrun [ 724.491732][T15482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 724.677496][T15482] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 724.706106][T15482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 724.740500][T15482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 724.764703][T10773] bridge_slave_1: left allmulticast mode [ 724.790472][T10773] bridge_slave_1: left promiscuous mode [ 724.803194][T10773] bridge0: port 2(bridge_slave_1) entered disabled state [ 724.824506][T10773] bridge_slave_0: left allmulticast mode [ 724.830233][T10773] bridge_slave_0: left promiscuous mode [ 724.850180][T10773] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.000761][ T5865] Bluetooth: hci1: command tx timeout [ 725.472119][T10773] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 725.487785][T10773] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 725.500526][T10773] bond0 (unregistering): Released all slaves [ 725.633618][T10773] HfR: left promiscuous mode [ 726.140081][T15482] hsr_slave_0: entered promiscuous mode [ 726.166740][T15482] hsr_slave_1: entered promiscuous mode [ 726.175008][T15482] debugfs: 'hsr0' already exists in 'hsr' [ 726.181281][T15482] Cannot create hsr debugfs directory [ 727.094894][ T5865] Bluetooth: hci1: command tx timeout [ 727.175510][T10773] hsr_slave_0: left promiscuous mode [ 727.187494][T10773] hsr_slave_1: left promiscuous mode [ 727.193885][T10773] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 727.210897][T10773] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 727.322081][T10773] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 727.347755][T10773] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 727.499080][T10773] veth1_macvtap: left promiscuous mode [ 727.527919][T10773] veth1_vlan: left promiscuous mode [ 727.570950][T10773] veth0_vlan: left promiscuous mode [ 729.160896][ T5865] Bluetooth: hci1: command tx timeout [ 730.094517][T10773] team0 (unregistering): Port device team_slave_1 removed [ 730.326103][T10773] team0 (unregistering): Port device team_slave_0 removed [ 730.448242][T15616] overlayfs: missing 'lowerdir' [ 731.886867][T15639] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input11 [ 732.945996][T15482] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 732.975493][T15482] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 733.006905][T15482] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 733.049621][T15482] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 733.356494][T15482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 733.400520][T15482] 8021q: adding VLAN 0 to HW filter on device team0 [ 733.441363][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state [ 733.448633][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 733.534541][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state [ 733.541816][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 734.770286][T15686] random: crng reseeded on system resumption [ 735.326277][T15482] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 735.487939][T15482] veth0_vlan: entered promiscuous mode [ 735.597520][T15482] veth1_vlan: entered promiscuous mode [ 735.704889][T15482] veth0_macvtap: entered promiscuous mode [ 735.956630][T15707] FAULT_INJECTION: forcing a failure. [ 735.956630][T15707] name failslab, interval 1, probability 0, space 0, times 0 [ 735.971278][T15707] CPU: 1 UID: 0 PID: 15707 Comm: syz.1.2361 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 735.971334][T15707] Tainted: [U]=USER [ 735.971345][T15707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 735.971366][T15707] Call Trace: [ 735.971376][T15707] [ 735.971388][T15707] dump_stack_lvl+0x16c/0x1f0 [ 735.971429][T15707] should_fail_ex+0x512/0x640 [ 735.971470][T15707] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 735.971508][T15707] should_failslab+0xc2/0x120 [ 735.971546][T15707] __kmalloc_cache_noprof+0x6a/0x3e0 [ 735.971579][T15707] ? evm_inode_alloc_security+0x49/0xc0 [ 735.971629][T15707] ? alloc_pipe_info+0x10e/0x590 [ 735.971688][T15707] alloc_pipe_info+0x10e/0x590 [ 735.971733][T15707] create_pipe_files+0x8c/0x9a0 [ 735.971778][T15707] do_pipe2+0xaf/0x1c0 [ 735.971816][T15707] ? __pfx_do_pipe2+0x10/0x10 [ 735.971866][T15707] ? xfd_validate_state+0x61/0x180 [ 735.971926][T15707] __x64_sys_pipe2+0x54/0x80 [ 735.971980][T15707] do_syscall_64+0xcd/0x490 [ 735.972020][T15707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.972052][T15707] RIP: 0033:0x7fe306b8eb69 [ 735.972077][T15707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 735.972111][T15707] RSP: 002b:00007fe307999038 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 735.972142][T15707] RAX: ffffffffffffffda RBX: 00007fe306db5fa0 RCX: 00007fe306b8eb69 [ 735.972164][T15707] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000 [ 735.972184][T15707] RBP: 00007fe306c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 735.972206][T15707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 735.972226][T15707] R13: 0000000000000000 R14: 00007fe306db5fa0 R15: 00007ffc2b483c68 [ 735.972269][T15707] [ 736.238305][T15482] veth1_macvtap: entered promiscuous mode [ 736.375630][T15482] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 736.427328][T15482] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 736.584042][T10780] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.714514][T10780] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.753160][T10780] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.791110][T10780] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 737.854883][ T3575] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 737.913149][ T3575] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 738.192124][T10771] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 738.220413][T10771] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 739.191115][T15752] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 740.195009][T15771] nfsd: Unknown parameter 'Z' [ 740.545888][T15782] ubi0: attaching mtd0 [ 740.565965][T15782] ubi0: scanning is finished [ 740.574745][T15782] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 741.146660][T15782] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 742.676285][T15807] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2377'. [ 745.260342][T15872] FAULT_INJECTION: forcing a failure. [ 745.260342][T15872] name failslab, interval 1, probability 0, space 0, times 0 [ 745.340664][T15872] CPU: 0 UID: 0 PID: 15872 Comm: syz.3.2396 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 745.340705][T15872] Tainted: [U]=USER [ 745.340712][T15872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 745.340727][T15872] Call Trace: [ 745.340735][T15872] [ 745.340744][T15872] dump_stack_lvl+0x16c/0x1f0 [ 745.340773][T15872] should_fail_ex+0x512/0x640 [ 745.340801][T15872] ? fs_reclaim_acquire+0xae/0x150 [ 745.340840][T15872] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 745.340881][T15872] should_failslab+0xc2/0x120 [ 745.340917][T15872] __kmalloc_noprof+0xd2/0x510 [ 745.340951][T15872] tomoyo_realpath_from_path+0xc2/0x6e0 [ 745.340985][T15872] ? tomoyo_profile+0x47/0x60 [ 745.341021][T15872] tomoyo_path_number_perm+0x245/0x580 [ 745.341045][T15872] ? tomoyo_path_number_perm+0x237/0x580 [ 745.341073][T15872] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 745.341101][T15872] ? find_held_lock+0x2b/0x80 [ 745.341151][T15872] ? find_held_lock+0x2b/0x80 [ 745.341173][T15872] ? hook_file_ioctl_common+0x145/0x410 [ 745.341207][T15872] ? __fget_files+0x20e/0x3c0 [ 745.341238][T15872] security_file_ioctl+0x9b/0x240 [ 745.341266][T15872] __x64_sys_ioctl+0xb7/0x210 [ 745.341307][T15872] do_syscall_64+0xcd/0x490 [ 745.341335][T15872] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.341359][T15872] RIP: 0033:0x7ff52358eb69 [ 745.341377][T15872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 745.341400][T15872] RSP: 002b:00007ff5243f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 745.341423][T15872] RAX: ffffffffffffffda RBX: 00007ff5237b5fa0 RCX: 00007ff52358eb69 [ 745.341439][T15872] RDX: 0000000000000000 RSI: 0000000040247007 RDI: 0000000000000003 [ 745.341453][T15872] RBP: 00007ff5243f5090 R08: 0000000000000000 R09: 0000000000000000 [ 745.341467][T15872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 745.341481][T15872] R13: 0000000000000000 R14: 00007ff5237b5fa0 R15: 00007ffe5ec69578 [ 745.341511][T15872] [ 745.341521][T15872] ERROR: Out of memory at tomoyo_realpath_from_path. [ 746.092286][T15860] FAULT_INJECTION: forcing a failure. [ 746.092286][T15860] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 746.140712][T15860] CPU: 1 UID: 0 PID: 15860 Comm: syz.0.2394 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 746.140777][T15860] Tainted: [U]=USER [ 746.140787][T15860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 746.140806][T15860] Call Trace: [ 746.140817][T15860] [ 746.140829][T15860] dump_stack_lvl+0x16c/0x1f0 [ 746.140872][T15860] should_fail_ex+0x512/0x640 [ 746.140920][T15860] _copy_to_user+0x32/0xd0 [ 746.140969][T15860] simple_read_from_buffer+0xcb/0x170 [ 746.141007][T15860] proc_fail_nth_read+0x197/0x240 [ 746.141044][T15860] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 746.141084][T15860] ? rw_verify_area+0xcf/0x6c0 [ 746.141115][T15860] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 746.141151][T15860] vfs_read+0x1e1/0xc60 [ 746.141193][T15860] ? __pfx___mutex_lock+0x10/0x10 [ 746.141229][T15860] ? __pfx_vfs_read+0x10/0x10 [ 746.141277][T15860] ? __fget_files+0x20e/0x3c0 [ 746.141324][T15860] ksys_read+0x12a/0x250 [ 746.141360][T15860] ? __pfx_ksys_read+0x10/0x10 [ 746.141410][T15860] do_syscall_64+0xcd/0x490 [ 746.141448][T15860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.141481][T15860] RIP: 0033:0x7fd311b8d57c [ 746.141506][T15860] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 746.141538][T15860] RSP: 002b:00007fd312a96030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 746.141568][T15860] RAX: ffffffffffffffda RBX: 00007fd311db5fa0 RCX: 00007fd311b8d57c [ 746.141590][T15860] RDX: 000000000000000f RSI: 00007fd312a960a0 RDI: 0000000000000004 [ 746.141610][T15860] RBP: 00007fd312a96090 R08: 0000000000000000 R09: 0000000000000000 [ 746.141630][T15860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 746.141649][T15860] R13: 0000000000000000 R14: 00007fd311db5fa0 R15: 00007ffd0e9c7d18 [ 746.141690][T15860] [ 746.337878][ C1] vkms_vblank_simulate: vblank timer overrun [ 749.974202][T15932] synth uevent: /devices/platform/dummy_hcd.3/usb4/ep_00: unknown uevent action string [ 750.004605][T15932] ep_00: uevent: failed to send synthetic uevent: -22 [ 750.048107][T15935] random: crng reseeded on system resumption [ 750.478256][T15948] netlink: 'syz.2.2413': attribute type 8 has an invalid length. [ 752.698301][T15972] FAULT_INJECTION: forcing a failure. [ 752.698301][T15972] name failslab, interval 1, probability 0, space 0, times 0 [ 752.722083][T15972] CPU: 0 UID: 0 PID: 15972 Comm: syz.3.2420 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 752.722150][T15972] Tainted: [U]=USER [ 752.722162][T15972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 752.722183][T15972] Call Trace: [ 752.722194][T15972] [ 752.722207][T15972] dump_stack_lvl+0x16c/0x1f0 [ 752.722249][T15972] should_fail_ex+0x512/0x640 [ 752.722290][T15972] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 752.722339][T15972] should_failslab+0xc2/0x120 [ 752.722386][T15972] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 752.722430][T15972] ? sock_alloc_inode+0x25/0x1c0 [ 752.722478][T15972] ? __pfx_sock_alloc_inode+0x10/0x10 [ 752.722519][T15972] sock_alloc_inode+0x25/0x1c0 [ 752.722557][T15972] alloc_inode+0x64/0x240 [ 752.722605][T15972] sock_alloc+0x40/0x280 [ 752.722644][T15972] sock_create_lite+0x82/0x120 [ 752.722688][T15972] __netlink_kernel_create+0xbd/0x750 [ 752.722728][T15972] ? __pfx___netlink_kernel_create+0x10/0x10 [ 752.722775][T15972] ? __pfx_crypto_netlink_init+0x10/0x10 [ 752.722829][T15972] crypto_netlink_init+0xb7/0x140 [ 752.722881][T15972] ? cpus_read_unlock+0x83/0x150 [ 752.722919][T15972] ? __pfx_crypto_netlink_init+0x10/0x10 [ 752.722970][T15972] ? __nf_register_net_hook+0x371/0x730 [ 752.723006][T15972] ? __pfx_crypto_netlink_rcv+0x10/0x10 [ 752.723062][T15972] ? nf_register_net_hook+0x117/0x160 [ 752.723104][T15972] ? nf_register_net_hooks+0xb1/0xd0 [ 752.723142][T15972] ops_init+0x1df/0x5f0 [ 752.723183][T15972] setup_net+0x10f/0x380 [ 752.723217][T15972] ? lockdep_init_map_type+0x5c/0x280 [ 752.723266][T15972] ? __pfx_setup_net+0x10/0x10 [ 752.723305][T15972] ? debug_mutex_init+0x37/0x70 [ 752.723344][T15972] copy_net_ns+0x2a6/0x5f0 [ 752.723389][T15972] create_new_namespaces+0x3ea/0xa90 [ 752.723437][T15972] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 752.723481][T15972] ksys_unshare+0x45b/0xa40 [ 752.723529][T15972] ? __pfx_ksys_unshare+0x10/0x10 [ 752.723577][T15972] ? xfd_validate_state+0x61/0x180 [ 752.723641][T15972] __x64_sys_unshare+0x31/0x40 [ 752.723687][T15972] do_syscall_64+0xcd/0x490 [ 752.723727][T15972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.723761][T15972] RIP: 0033:0x7ff52358eb69 [ 752.723787][T15972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 752.723821][T15972] RSP: 002b:00007ff5243f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 752.723852][T15972] RAX: ffffffffffffffda RBX: 00007ff5237b5fa0 RCX: 00007ff52358eb69 [ 752.723875][T15972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 752.723896][T15972] RBP: 00007ff523611df1 R08: 0000000000000000 R09: 0000000000000000 [ 752.723917][T15972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 752.723937][T15972] R13: 0000000000000000 R14: 00007ff5237b5fa0 R15: 00007ffe5ec69578 [ 752.723980][T15972] [ 754.448687][T16001] nfsd: Unknown parameter 'Z' [ 754.972881][T16006] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 756.650749][T16028] FAULT_INJECTION: forcing a failure. [ 756.650749][T16028] name failslab, interval 1, probability 0, space 0, times 0 [ 756.687597][T16028] CPU: 0 UID: 0 PID: 16028 Comm: syz.2.2434 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 756.687637][T16028] Tainted: [U]=USER [ 756.687644][T16028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 756.687659][T16028] Call Trace: [ 756.687666][T16028] [ 756.687675][T16028] dump_stack_lvl+0x16c/0x1f0 [ 756.687704][T16028] should_fail_ex+0x512/0x640 [ 756.687733][T16028] ? fs_reclaim_acquire+0xae/0x150 [ 756.687771][T16028] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 756.687801][T16028] should_failslab+0xc2/0x120 [ 756.687833][T16028] __kmalloc_noprof+0xd2/0x510 [ 756.687868][T16028] tomoyo_realpath_from_path+0xc2/0x6e0 [ 756.687907][T16028] tomoyo_check_open_permission+0x2ab/0x3c0 [ 756.687934][T16028] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 756.687996][T16028] ? find_held_lock+0x2b/0x80 [ 756.688028][T16028] tomoyo_file_open+0x6b/0x90 [ 756.688063][T16028] security_file_open+0x84/0x1e0 [ 756.688092][T16028] do_dentry_open+0x596/0x1530 [ 756.688131][T16028] vfs_open+0x82/0x3f0 [ 756.688170][T16028] path_openat+0x1de4/0x2cb0 [ 756.688208][T16028] ? __pfx_path_openat+0x10/0x10 [ 756.688244][T16028] do_filp_open+0x20b/0x470 [ 756.688272][T16028] ? __pfx_do_filp_open+0x10/0x10 [ 756.688311][T16028] ? __pfx_kfree_link+0x10/0x10 [ 756.688356][T16028] ? alloc_fd+0x471/0x7d0 [ 756.688388][T16028] do_sys_openat2+0x11b/0x1d0 [ 756.688425][T16028] ? __pfx_do_sys_openat2+0x10/0x10 [ 756.688473][T16028] __x64_sys_openat+0x174/0x210 [ 756.688531][T16028] ? __pfx___x64_sys_openat+0x10/0x10 [ 756.688592][T16028] do_syscall_64+0xcd/0x490 [ 756.688620][T16028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.688644][T16028] RIP: 0033:0x7f7ecb98d4d0 [ 756.688663][T16028] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 756.688685][T16028] RSP: 002b:00007f7ecc8dafe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 756.688706][T16028] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7ecb98d4d0 [ 756.688722][T16028] RDX: 0000000000000002 RSI: 00007f7ecba120d6 RDI: 00000000ffffff9c [ 756.688736][T16028] RBP: 00007f7ecba120d6 R08: 0000000000000000 R09: 00007f7ecc8dc000 [ 756.688750][T16028] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 756.688764][T16028] R13: 0000000000000000 R14: 00007f7ecbbb5fa0 R15: 00007ffd830be3b8 [ 756.688792][T16028] [ 756.688801][T16028] ERROR: Out of memory at tomoyo_realpath_from_path. [ 756.947039][T16028] FAULT_INJECTION: forcing a failure. [ 756.947039][T16028] name failslab, interval 1, probability 0, space 0, times 0 [ 756.963350][T16028] CPU: 0 UID: 0 PID: 16028 Comm: syz.2.2434 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 756.963404][T16028] Tainted: [U]=USER [ 756.963413][T16028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 756.963432][T16028] Call Trace: [ 756.963442][T16028] [ 756.963455][T16028] dump_stack_lvl+0x16c/0x1f0 [ 756.963494][T16028] should_fail_ex+0x512/0x640 [ 756.963534][T16028] ? __kmalloc_noprof+0xbf/0x510 [ 756.963575][T16028] ? alloc_pipe_info+0x1ec/0x590 [ 756.963615][T16028] should_failslab+0xc2/0x120 [ 756.963659][T16028] __kmalloc_noprof+0xd2/0x510 [ 756.963700][T16028] ? kasan_save_track+0x14/0x30 [ 756.963750][T16028] alloc_pipe_info+0x1ec/0x590 [ 756.963796][T16028] create_pipe_files+0x8c/0x9a0 [ 756.963844][T16028] do_pipe2+0xaf/0x1c0 [ 756.963885][T16028] ? __pfx_do_pipe2+0x10/0x10 [ 756.963924][T16028] ? ksys_write+0x1ac/0x250 [ 756.963972][T16028] __x64_sys_pipe2+0x54/0x80 [ 756.964015][T16028] do_syscall_64+0xcd/0x490 [ 756.964054][T16028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.964088][T16028] RIP: 0033:0x7f7ecb98eb69 [ 756.964114][T16028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 756.964146][T16028] RSP: 002b:00007f7ecc8db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 756.964176][T16028] RAX: ffffffffffffffda RBX: 00007f7ecbbb5fa0 RCX: 00007f7ecb98eb69 [ 756.964198][T16028] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000 [ 756.964218][T16028] RBP: 00007f7ecc8db090 R08: 0000000000000000 R09: 0000000000000000 [ 756.964237][T16028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 756.964256][T16028] R13: 0000000000000000 R14: 00007f7ecbbb5fa0 R15: 00007ffd830be3b8 [ 756.964286][T16028] [ 757.229578][T16031] vivid-000: ================= START STATUS ================= [ 757.238900][T16031] vivid-000: ================== END STATUS ================== [ 757.886375][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 757.892859][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 759.090117][T16045] random: crng reseeded on system resumption [ 759.353813][T16064] kafs: addr_prefs: Invalid Command [ 759.919915][T16045] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 759.932235][T16045] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 762.837917][T16110] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 763.352282][T16110] svc: failed to register nfsdv3 RPC service (errno 111). [ 763.366778][T16110] svc: failed to register nfsaclv3 RPC service (errno 111). [ 766.808152][T16157] ovs_: entered promiscuous mode [ 767.288331][T16168] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2466'. [ 767.304226][T16168] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2466'. [ 773.551021][ T5867] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 773.564819][ T5867] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 773.573578][ T5867] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 773.585051][ T5867] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 773.593431][ T5867] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 774.322540][T16255] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 774.495690][T16247] chnl_net:caif_netlink_parms(): no params data found [ 775.640808][ T5867] Bluetooth: hci2: command tx timeout [ 775.746379][T16266] FAULT_INJECTION: forcing a failure. [ 775.746379][T16266] name failslab, interval 1, probability 0, space 0, times 0 [ 775.798839][T10775] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 775.805670][T16266] CPU: 0 UID: 0 PID: 16266 Comm: syz.1.2488 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 775.805735][T16266] Tainted: [U]=USER [ 775.805748][T16266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 775.805778][T16266] Call Trace: [ 775.805790][T16266] [ 775.805803][T16266] dump_stack_lvl+0x16c/0x1f0 [ 775.805863][T16266] should_fail_ex+0x512/0x640 [ 775.805910][T16266] ? __kmalloc_noprof+0xbf/0x510 [ 775.805959][T16266] ? fib_default_rule_add+0x4f/0x420 [ 775.806000][T16266] should_failslab+0xc2/0x120 [ 775.806053][T16266] __kmalloc_noprof+0xd2/0x510 [ 775.806107][T16266] fib_default_rule_add+0x4f/0x420 [ 775.806153][T16266] fib4_rules_init+0xa6/0x1c0 [ 775.806214][T16266] fib_net_init+0x1dc/0x3f0 [ 775.806257][T16266] ? __pfx___register_sysctl_table+0x10/0x10 [ 775.806318][T16266] ? __pfx_fib_net_init+0x10/0x10 [ 775.806361][T16266] ? lockdep_init_map_type+0x5c/0x280 [ 775.806415][T16266] ? do_init_timer+0xc9/0x110 [ 775.806465][T16266] ? devinet_init_net+0x5c2/0x910 [ 775.806516][T16266] ? __pfx_fib_net_init+0x10/0x10 [ 775.806559][T16266] ops_init+0x1df/0x5f0 [ 775.806604][T16266] setup_net+0x10f/0x380 [ 775.806664][T16266] ? lockdep_init_map_type+0x5c/0x280 [ 775.806719][T16266] ? __pfx_setup_net+0x10/0x10 [ 775.806765][T16266] ? debug_mutex_init+0x37/0x70 [ 775.806815][T16266] copy_net_ns+0x2a6/0x5f0 [ 775.806867][T16266] create_new_namespaces+0x3ea/0xa90 [ 775.806922][T16266] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 775.806974][T16266] ksys_unshare+0x45b/0xa40 [ 775.807027][T16266] ? __pfx_ksys_unshare+0x10/0x10 [ 775.807081][T16266] ? xfd_validate_state+0x61/0x180 [ 775.807151][T16266] __x64_sys_unshare+0x31/0x40 [ 775.807204][T16266] do_syscall_64+0xcd/0x490 [ 775.807247][T16266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.807287][T16266] RIP: 0033:0x7fe306b8eb69 [ 775.807317][T16266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 775.807355][T16266] RSP: 002b:00007fe307999038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 775.807390][T16266] RAX: ffffffffffffffda RBX: 00007fe306db5fa0 RCX: 00007fe306b8eb69 [ 775.807417][T16266] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 775.807441][T16266] RBP: 00007fe306c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 775.807464][T16266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 775.807488][T16266] R13: 0000000000000000 R14: 00007fe306db5fa0 R15: 00007ffc2b483c68 [ 775.807537][T16266] [ 776.767267][T16247] bridge0: port 1(bridge_slave_0) entered blocking state [ 776.789635][T16247] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.805131][T16247] bridge_slave_0: entered allmulticast mode [ 776.806057][T16268] syz.1.2488: vmalloc error: size 268435456, failed to allocated page array size 524288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 776.834407][T16247] bridge_slave_0: entered promiscuous mode [ 776.950918][T16268] CPU: 0 UID: 0 PID: 16268 Comm: syz.1.2488 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 776.950977][T16268] Tainted: [U]=USER [ 776.950989][T16268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 776.951010][T16268] Call Trace: [ 776.951021][T16268] [ 776.951034][T16268] dump_stack_lvl+0x16c/0x1f0 [ 776.951076][T16268] warn_alloc+0x248/0x3a0 [ 776.951122][T16268] ? __pfx_warn_alloc+0x10/0x10 [ 776.951178][T16268] ? packet_set_ring+0xb07/0x18d0 [ 776.951227][T16268] ? __vmalloc_node_noprof+0xad/0xf0 [ 776.951289][T16268] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 776.951336][T16268] ? packet_set_ring+0xb07/0x18d0 [ 776.951394][T16268] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 776.951426][T16268] ? alloc_pages_mpol+0x25a/0x550 [ 776.951471][T16268] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 776.951521][T16268] ? packet_set_ring+0xb07/0x18d0 [ 776.951568][T16268] __vmalloc_node_noprof+0xad/0xf0 [ 776.951621][T16268] ? packet_set_ring+0xb07/0x18d0 [ 776.951673][T16268] packet_set_ring+0xb07/0x18d0 [ 776.951746][T16268] packet_setsockopt+0x121b/0x33c0 [ 776.951799][T16268] ? __pfx___might_resched+0x10/0x10 [ 776.951834][T16268] ? __lock_acquire+0x62e/0x1ce0 [ 776.951881][T16268] ? __pfx_packet_setsockopt+0x10/0x10 [ 776.951933][T16268] ? aa_sk_perm+0x2f4/0xb10 [ 776.951969][T16268] ? file_init_path+0x4fe/0x760 [ 776.952018][T16268] ? __pfx_aa_sk_perm+0x10/0x10 [ 776.952056][T16268] ? find_held_lock+0x2b/0x80 [ 776.952094][T16268] ? aa_sock_opt_perm+0xfd/0x1c0 [ 776.952145][T16268] ? __pfx_packet_setsockopt+0x10/0x10 [ 776.952201][T16268] do_sock_setsockopt+0xf0/0x1d0 [ 776.952248][T16268] __sys_setsockopt+0x120/0x1a0 [ 776.952287][T16268] __x64_sys_setsockopt+0xbd/0x160 [ 776.952317][T16268] ? do_syscall_64+0x91/0x490 [ 776.952351][T16268] ? lockdep_hardirqs_on+0x7c/0x110 [ 776.952383][T16268] do_syscall_64+0xcd/0x490 [ 776.952422][T16268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 776.952455][T16268] RIP: 0033:0x7fe306b8eb69 [ 776.952482][T16268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 776.952515][T16268] RSP: 002b:00007fe307957038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 776.952546][T16268] RAX: ffffffffffffffda RBX: 00007fe306db6160 RCX: 00007fe306b8eb69 [ 776.952567][T16268] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000008 [ 776.952587][T16268] RBP: 00007fe306c11df1 R08: 000000000000ce24 R09: 0000000000000000 [ 776.952608][T16268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 776.952627][T16268] R13: 0000000000000000 R14: 00007fe306db6160 R15: 00007ffc2b483c68 [ 776.952669][T16268] [ 776.955904][T16268] Mem-Info: [ 777.244751][T16268] active_anon:9771 inactive_anon:29248 isolated_anon:0 [ 777.244751][T16268] active_file:24118 inactive_file:37048 isolated_file:0 [ 777.244751][T16268] unevictable:768 dirty:756 writeback:0 [ 777.244751][T16268] slab_reclaimable:11730 slab_unreclaimable:97433 [ 777.244751][T16268] mapped:35995 shmem:25798 pagetables:1137 [ 777.244751][T16268] sec_pagetables:0 bounce:0 [ 777.244751][T16268] kernel_misc_reclaimable:0 [ 777.244751][T16268] free:1262097 free_pcp:24739 free_cma:0 [ 777.345469][T16268] Node 0 active_anon:39084kB inactive_anon:114224kB active_file:86176kB inactive_file:148064kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:144032kB dirty:2776kB writeback:0kB shmem:98592kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11436kB pagetables:4476kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 777.387730][T10775] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 777.440855][T16268] Node 1 active_anon:0kB inactive_anon:0kB active_file:10296kB inactive_file:128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:484kB dirty:248kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:80kB pagetables:172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 777.489971][T16247] bridge0: port 2(bridge_slave_1) entered blocking state [ 777.503151][T16247] bridge0: port 2(bridge_slave_1) entered disabled state [ 777.510066][T16268] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 777.520964][T16247] bridge_slave_1: entered allmulticast mode [ 777.598128][T16247] bridge_slave_1: entered promiscuous mode [ 777.605487][T16268] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 777.622955][T16268] Node 0 DMA32 free:1173856kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39032kB inactive_anon:108824kB active_file:84948kB inactive_file:147992kB unevictable:1536kB writepending:2876kB present:3129332kB managed:2539676kB mlocked:0kB bounce:0kB free_pcp:60952kB local_pcp:22612kB free_cma:0kB [ 777.717456][T16268] lowmem_reserve[]: 0 0 1 1 1 [ 777.730806][ T5867] Bluetooth: hci2: command tx timeout [ 777.737691][T16268] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:1228kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB [ 777.812400][T16268] lowmem_reserve[]: 0 0 0 0 0 [ 777.833363][T16268] Node 1 Normal free:3870956kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:10296kB inactive_file:128kB unevictable:1536kB writepending:248kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:34308kB local_pcp:26384kB free_cma:0kB [ 777.950639][T16268] lowmem_reserve[]: 0 0 0 0 0 [ 777.956923][T16278] FAULT_INJECTION: forcing a failure. [ 777.956923][T16278] name failslab, interval 1, probability 0, space 0, times 0 [ 777.969786][T16268] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 777.998128][T16268] Node 0 DMA32: 1976*4kB (UME) 1851*8kB (UME) 1319*16kB (UM) 919*32kB (M) 438*64kB (UME) 187*128kB (UM) 48*256kB (UM) 24*512kB (UM) 50*1024kB (UME) 3*2048kB (UME) 236*4096kB (UM) = 1173768kB [ 778.027316][T16278] CPU: 1 UID: 0 PID: 16278 Comm: syz.0.2490 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 778.027375][T16278] Tainted: [U]=USER [ 778.027386][T16278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 778.027405][T16278] Call Trace: [ 778.027416][T16278] [ 778.027429][T16278] dump_stack_lvl+0x16c/0x1f0 [ 778.027469][T16278] should_fail_ex+0x512/0x640 [ 778.027516][T16278] should_failslab+0xc2/0x120 [ 778.027562][T16278] __kmalloc_cache_noprof+0x6a/0x3e0 [ 778.027608][T16278] ? proc_thread_self_get_link+0x1c6/0x240 [ 778.027660][T16278] proc_thread_self_get_link+0x1c6/0x240 [ 778.027705][T16278] ? __pfx_proc_thread_self_get_link+0x10/0x10 [ 778.027749][T16278] step_into+0x195e/0x2270 [ 778.027792][T16278] ? __pfx_step_into+0x10/0x10 [ 778.027832][T16278] ? lookup_fast+0x156/0x610 [ 778.027871][T16278] walk_component+0xfc/0x5b0 [ 778.027908][T16278] link_path_walk+0x627/0xe20 [ 778.027957][T16278] path_openat+0x1b0/0x2cb0 [ 778.027990][T16278] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 778.028040][T16278] ? __pfx_path_openat+0x10/0x10 [ 778.028091][T16278] do_filp_open+0x20b/0x470 [ 778.028130][T16278] ? __pfx_do_filp_open+0x10/0x10 [ 778.028201][T16278] ? alloc_fd+0x471/0x7d0 [ 778.028247][T16278] do_sys_openat2+0x11b/0x1d0 [ 778.028298][T16278] ? __pfx_do_sys_openat2+0x10/0x10 [ 778.028369][T16278] __x64_sys_openat+0x174/0x210 [ 778.028420][T16278] ? __pfx___x64_sys_openat+0x10/0x10 [ 778.028490][T16278] do_syscall_64+0xcd/0x490 [ 778.028528][T16278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 778.028561][T16278] RIP: 0033:0x7fd311b8d4d0 [ 778.028593][T16278] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 778.028626][T16278] RSP: 002b:00007fd312a95fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 778.028657][T16278] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd311b8d4d0 [ 778.028678][T16278] RDX: 0000000000000002 RSI: 00007fd311c120d6 RDI: 00000000ffffff9c [ 778.028698][T16278] RBP: 00007fd311c120d6 R08: 0000000000000000 R09: 00007fd312a97000 [ 778.028718][T16278] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 778.028737][T16278] R13: 0000000000000000 R14: 00007fd311db5fa0 R15: 00007ffd0e9c7d18 [ 778.028777][T16278] [ 778.053500][T16268] Node 0 [ 778.058628][T16278] FAULT_INJECTION: forcing a failure. [ 778.058628][T16278] name failslab, interval 1, probability 0, space 0, times 0 [ 778.071390][T16268] Normal: [ 778.078171][T16278] CPU: 1 UID: 0 PID: 16278 Comm: syz.0.2490 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 778.078233][T16278] Tainted: [U]=USER [ 778.078245][T16278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 778.078268][T16278] Call Trace: [ 778.078279][T16278] [ 778.078293][T16278] dump_stack_lvl+0x16c/0x1f0 [ 778.078334][T16278] should_fail_ex+0x512/0x640 [ 778.078371][T16278] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 778.078409][T16278] should_failslab+0xc2/0x120 [ 778.078452][T16278] __kmalloc_cache_noprof+0x6a/0x3e0 [ 778.078485][T16278] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 778.078521][T16278] ? watch_queue_init+0x45/0x170 [ 778.078573][T16278] watch_queue_init+0x45/0x170 [ 778.078628][T16278] create_pipe_files+0x676/0x9a0 [ 778.078676][T16278] do_pipe2+0xaf/0x1c0 [ 778.078717][T16278] ? __pfx_do_pipe2+0x10/0x10 [ 778.078757][T16278] ? ksys_write+0x1ac/0x250 [ 778.078813][T16278] __x64_sys_pipe2+0x54/0x80 [ 778.078861][T16278] do_syscall_64+0xcd/0x490 [ 778.078906][T16278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 778.078943][T16278] RIP: 0033:0x7fd311b8eb69 [ 778.078971][T16278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 778.079007][T16278] RSP: 002b:00007fd312a96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 778.079041][T16278] RAX: ffffffffffffffda RBX: 00007fd311db5fa0 RCX: 00007fd311b8eb69 [ 778.079065][T16278] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000 [ 778.079086][T16278] RBP: 00007fd312a96090 R08: 0000000000000000 R09: 0000000000000000 [ 778.079109][T16278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 778.079131][T16278] R13: 0000000000000000 R14: 00007fd311db5fa0 R15: 00007ffd0e9c7d18 [ 778.079181][T16278] [ 778.165655][T10775] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 778.240678][T16268] 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 778.590944][T16268] Node 1 Normal: 1697*4kB (UME) 225*8kB (UME) 159*16kB (UM) 321*32kB (UME) 172*64kB (UM) 35*128kB (UME) 26*256kB (UME) 18*512kB (ME) 17*1024kB (ME) 12*2048kB (ME) 922*4096kB (M) = 3871260kB [ 778.662479][T16268] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 778.666897][T16247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 778.695967][T16268] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 778.733595][T16268] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 778.752907][T10775] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 778.780630][T16268] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 778.800298][T16268] 86310 total pagecache pages [ 778.810421][T16268] 0 pages in swap cache [ 778.821884][T16268] Free swap = 124996kB [ 778.833738][T16247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 778.841034][T16268] Total swap = 124996kB [ 778.862001][T16268] 2097051 pages RAM [ 778.865978][T16268] 0 pages HighMem/MovableOnly [ 778.890740][T16268] 430170 pages reserved [ 778.895775][T16268] 0 pages cma reserved [ 779.090302][T16247] team0: Port device team_slave_0 added [ 779.120325][T16247] team0: Port device team_slave_1 added [ 779.400983][T16247] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 779.408418][T16247] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 779.550681][T16247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 779.612313][T16247] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 779.619333][T16247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 779.752103][T16247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 779.802062][ T5867] Bluetooth: hci2: command tx timeout [ 780.089285][T16304] fanotify: failed to encode fid (type=0, len=0, err=-2) g&[ 780.365431][T16247] hsr_slave_0: entered promiscuous mode [ 780.389828][T16247] hsr_slave_1: entered promiscuous mode [ 780.416965][T16247] debugfs: 'hsr0' already exists in 'hsr' [ 780.444496][T16247] Cannot create hsr debugfs directory [ 781.053487][T10775] netdevsim netdevsim15 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 781.848802][T10775] bridge_slave_1: left allmulticast mode [ 781.856803][T10775] bridge_slave_1: left promiscuous mode [ 781.866194][T10775] bridge0: port 2(bridge_slave_1) entered disabled state [ 781.880824][ T5867] Bluetooth: hci2: command tx timeout [ 781.895037][T10775] bridge_slave_0: left allmulticast mode [ 781.904481][T10775] bridge_slave_0: left promiscuous mode [ 781.915548][T10775] bridge0: port 1(bridge_slave_0) entered disabled state [ 782.070449][T16332] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 782.079456][T16332] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 782.154814][T16332] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 782.161931][T16332] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 782.214803][T16332] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 782.241081][T16332] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 782.256192][T16332] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 782.289653][T16332] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 782.311001][T16332] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 782.328715][T16332] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 782.349959][T16332] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 782.965349][T10775] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 782.979321][T10775] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 782.998028][T10775] bond0 (unregistering): Released all slaves [ 783.297854][T10775] .SR: left promiscuous mode [ 783.401468][ T5867] Bluetooth: hci0: command 0x0406 tx timeout [ 783.430502][T10775] ovs_: left promiscuous mode [ 783.651524][T10775] tipc: Left network mode [ 783.656232][T16365] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 783.990249][T16247] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 784.147326][T16247] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 784.200658][ T5867] Bluetooth: hci4: command 0x0c1a tx timeout [ 784.211372][T16247] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 784.256318][T16247] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 784.284283][ T5867] Bluetooth: hci1: command 0x0c1a tx timeout [ 784.361085][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 785.481179][ T5867] Bluetooth: hci0: command 0x0406 tx timeout [ 785.595277][T10775] hsr_slave_0: left promiscuous mode [ 785.645755][T10775] hsr_slave_1: left promiscuous mode [ 785.778671][T10775] veth1_macvtap: left promiscuous mode [ 785.809190][T10775] veth0_macvtap: left promiscuous mode [ 785.829487][T10775] veth1_vlan: left promiscuous mode [ 785.843352][T10775] veth0_vlan: left promiscuous mode [ 786.285089][ T5867] Bluetooth: hci4: command 0x0c1a tx timeout [ 786.364336][ T5867] Bluetooth: hci1: command 0x0c1a tx timeout [ 786.441095][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 787.350372][T16409] kexec: Could not allocate control_code_buffer [ 787.480408][T10775] team0 (unregistering): Port device team_slave_1 removed [ 787.538008][T10775] team0 (unregistering): Port device team_slave_0 removed [ 788.269439][T16247] 8021q: adding VLAN 0 to HW filter on device bond0 [ 788.360278][T16247] 8021q: adding VLAN 0 to HW filter on device team0 [ 788.367899][ T5867] Bluetooth: hci4: command 0x0c1a tx timeout [ 788.436174][ T133] bridge0: port 1(bridge_slave_0) entered blocking state [ 788.441405][ T5867] Bluetooth: hci1: command 0x0c1a tx timeout [ 788.443439][ T133] bridge0: port 1(bridge_slave_0) entered forwarding state [ 788.495875][ T133] bridge0: port 2(bridge_slave_1) entered blocking state [ 788.503130][ T133] bridge0: port 2(bridge_slave_1) entered forwarding state [ 788.520772][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 789.651353][T16247] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 790.003164][T16441] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2515'. [ 790.145423][T16247] veth0_vlan: entered promiscuous mode [ 790.454880][T16247] veth1_vlan: entered promiscuous mode [ 791.589703][T16476] program syz.3.2521 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 791.722958][T16247] veth0_macvtap: entered promiscuous mode [ 791.832821][T16247] veth1_macvtap: entered promiscuous mode [ 792.008277][T16247] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 792.095084][T16247] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 792.159230][T10778] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 792.187389][T10778] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 792.222764][T10778] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 792.252624][T10778] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 792.475800][T10773] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 792.501174][T10773] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 792.666419][T10773] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 792.696640][T10773] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 792.746068][ T5940] smpboot: CPU 0 is now offline [ 793.588104][T16514] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 793.588104][T16514] M' is too long [ 793.706069][T16513] FAULT_INJECTION: forcing a failure. [ 793.706069][T16513] name fail_futex, interval 1, probability 0, space 0, times 0 [ 793.719122][T16513] CPU: 1 UID: 0 PID: 16513 Comm: syz.0.2526 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 793.719161][T16513] Tainted: [U]=USER [ 793.719168][T16513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 793.719182][T16513] Call Trace: [ 793.719190][T16513] [ 793.719198][T16513] dump_stack_lvl+0x16c/0x1f0 [ 793.719227][T16513] should_fail_ex+0x512/0x640 [ 793.719260][T16513] should_fail_futex+0x4c/0x60 [ 793.719289][T16513] futex_lock_pi_atomic+0x148/0xd50 [ 793.719331][T16513] futex_lock_pi+0x23f/0x7c0 [ 793.719372][T16513] ? __pfx_futex_lock_pi+0x10/0x10 [ 793.719406][T16513] ? __futex_wait+0x24c/0x2f0 [ 793.719446][T16513] ? lockdep_hardirqs_on+0x7c/0x110 [ 793.719487][T16513] ? futex_private_hash_put+0x18a/0x300 [ 793.719521][T16513] ? __pfx_futex_wake_mark+0x10/0x10 [ 793.719566][T16513] ? ksys_write+0x190/0x250 [ 793.719605][T16513] do_futex+0x11a/0x350 [ 793.719637][T16513] ? __pfx_do_futex+0x10/0x10 [ 793.719675][T16513] __x64_sys_futex+0x1e0/0x4c0 [ 793.719707][T16513] ? fput+0x9b/0xd0 [ 793.719740][T16513] ? __pfx___x64_sys_futex+0x10/0x10 [ 793.719771][T16513] ? xfd_validate_state+0x61/0x180 [ 793.719806][T16513] ? __pfx_ksys_write+0x10/0x10 [ 793.719842][T16513] do_syscall_64+0xcd/0x490 [ 793.719869][T16513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.719893][T16513] RIP: 0033:0x7fd311b8eb69 [ 793.719912][T16513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 793.719935][T16513] RSP: 002b:00007fd312a96038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 793.719958][T16513] RAX: ffffffffffffffda RBX: 00007fd311db5fa0 RCX: 00007fd311b8eb69 [ 793.719974][T16513] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 793.719988][T16513] RBP: 00007fd311c11df1 R08: 0000000000000000 R09: 000000008000fff2 [ 793.720003][T16513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 793.720024][T16513] R13: 0000000000000000 R14: 00007fd311db5fa0 R15: 00007ffd0e9c7d18 [ 793.720054][T16513] [ 794.800058][T16528] random: crng reseeded on system resumption [ 794.814205][T16514] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 794.814205][T16514] W ' is too long [ 794.969336][T16523] nvme_fabrics: missing parameter 'transport=%s' [ 795.092928][T16523] nvme_fabrics: missing parameter 'nqn=%s' [ 796.500863][T16527] binder: 16520:16527 ioctl c018620c 0 returned -1 [ 798.735505][T16581] Invalid ELF header magic: != ELF [ 799.020973][T16587] nfsd: Unknown parameter 'Z' [ 799.371000][T16593] random: crng reseeded on system resumption [ 800.206934][T16601] bond0: option all_slaves_active: invalid value () [ 800.523462][T16601] bond0: option all_slaves_active: invalid value () [ 801.913347][T16620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 802.170608][T16620] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 802.384449][T16620] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 802.501196][T16620] page_type: f5(slab) [ 802.505244][T16620] raw: 00fff00000000040 ffff8881404bb8c0 dead000000000122 0000000000000000 [ 802.755456][T16620] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 802.946625][T16620] head: 00fff00000000040 ffff8881404bb8c0 dead000000000122 0000000000000000 [ 803.097830][T16620] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 803.228622][T16620] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 803.368590][T16620] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 803.459564][T16620] page dumped because: unmovable page [ 803.524285][T16620] page_owner tracks the page as allocated [ 803.582893][T16620] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5249, tgid 5249 (udevadm), ts 47970792392, free_ts 39362658346 [ 805.071673][T16620] post_alloc_hook+0x1c0/0x230 [ 805.781354][T16620] get_page_from_freelist+0x132b/0x38e0 [ 805.805320][T16620] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 805.836877][T16620] alloc_pages_mpol+0x1fb/0x550 [ 805.862622][T16620] new_slab+0x247/0x330 [ 805.867952][T16651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2545'. [ 805.890482][T16620] ___slab_alloc+0xcf2/0x1740 [ 805.905132][T16620] __slab_alloc.constprop.0+0x56/0xb0 [ 805.916643][T16620] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 805.932455][T16620] alloc_inode+0xc3/0x240 [ 805.945071][T16620] iget_locked+0x2e4/0x830 [ 805.968068][T16620] kernfs_get_inode+0x48/0x460 [ 805.994462][T16620] kernfs_iop_lookup+0x1a7/0x2d0 [ 806.025045][T16620] __lookup_slow+0x24e/0x460 [ 806.050143][T16620] walk_component+0x353/0x5b0 [ 806.072823][T16620] path_lookupat+0x142/0x6d0 [ 806.108947][T16620] filename_lookup+0x224/0x5f0 [ 806.116265][T16620] page last free pid 1 tgid 1 stack trace: [ 806.130622][T16620] __free_frozen_pages+0x7d5/0x10f0 [ 806.147262][T16620] free_contig_range+0x183/0x4b0 [ 806.190629][T16620] destroy_args+0x7f6/0xa60 [ 806.195208][T16620] debug_vm_pgtable+0x1a32/0x3640 [ 806.228536][T16620] do_one_initcall+0x120/0x6e0 [ 806.257678][T16620] kernel_init_freeable+0x5c2/0x910 [ 806.273073][T16620] kernel_init+0x1c/0x2b0 [ 806.302796][T16620] ret_from_fork+0x5d4/0x6f0 [ 806.310828][T16620] ret_from_fork_asm+0x1a/0x30 [ 806.673314][T16658] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2546'. [ 809.305301][T16694] random: crng reseeded on system resumption [ 809.697507][ T5865] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 809.708924][ T5865] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 809.718196][ T5865] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 809.728690][ T5865] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 809.736397][ T5865] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 809.993164][T10780] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 810.120078][T16701] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 811.094150][T10780] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 811.617301][T16702] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 811.804069][ T5865] Bluetooth: hci0: command tx timeout [ 811.869820][T10780] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.066549][T10780] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.320357][T16697] chnl_net:caif_netlink_parms(): no params data found [ 812.406811][T16716] FAULT_INJECTION: forcing a failure. [ 812.406811][T16716] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 812.543354][T16716] CPU: 1 UID: 0 PID: 16716 Comm: syz.2.2554 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 812.543394][T16716] Tainted: [U]=USER [ 812.543403][T16716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 812.543417][T16716] Call Trace: [ 812.543425][T16716] [ 812.543434][T16716] dump_stack_lvl+0x16c/0x1f0 [ 812.543463][T16716] should_fail_ex+0x512/0x640 [ 812.543498][T16716] should_fail_alloc_page+0xe7/0x130 [ 812.543534][T16716] prepare_alloc_pages+0x3c2/0x610 [ 812.543576][T16716] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 812.543612][T16716] ? find_held_lock+0x2b/0x80 [ 812.543638][T16716] ? is_bpf_text_address+0x8a/0x1a0 [ 812.543668][T16716] ? bpf_ksym_find+0x124/0x1c0 [ 812.543693][T16716] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 812.543722][T16716] ? is_bpf_text_address+0x94/0x1a0 [ 812.543754][T16716] ? __kernel_text_address+0xd/0x40 [ 812.543777][T16716] ? unwind_get_return_address+0x59/0xa0 [ 812.543815][T16716] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 812.543855][T16716] ? policy_nodemask+0xea/0x4e0 [ 812.543890][T16716] alloc_pages_mpol+0x1fb/0x550 [ 812.543924][T16716] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 812.543954][T16716] ? kasan_save_stack+0x33/0x60 [ 812.543981][T16716] ? __kasan_kmalloc+0xaa/0xb0 [ 812.544006][T16716] ? __get_vm_area_node+0x101/0x330 [ 812.544050][T16716] alloc_pages_noprof+0x131/0x390 [ 812.544084][T16716] get_free_pages_noprof+0x10/0xb0 [ 812.544117][T16716] kasan_populate_vmalloc+0x89/0x1f0 [ 812.544151][T16716] alloc_vmap_area+0x959/0x29c0 [ 812.544207][T16716] ? __pfx_alloc_vmap_area+0x10/0x10 [ 812.544251][T16716] __get_vm_area_node+0x1ca/0x330 [ 812.544296][T16716] __vmalloc_node_range_noprof+0x271/0x14b0 [ 812.544321][T16716] ? n_tty_open+0x1a/0x170 [ 812.544353][T16716] ? look_up_lock_class+0x59/0x150 [ 812.544390][T16716] ? n_tty_open+0x1a/0x170 [ 812.544430][T16716] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 812.544453][T16716] ? console_unlock+0x184/0x210 [ 812.544476][T16716] ? __pfx_console_unlock+0x10/0x10 [ 812.544502][T16716] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 812.544541][T16716] ? n_tty_open+0x1a/0x170 [ 812.544573][T16716] __vmalloc_node_noprof+0xad/0xf0 [ 812.544613][T16716] ? n_tty_open+0x1a/0x170 [ 812.544645][T16716] ? __pfx_n_tty_open+0x10/0x10 [ 812.544679][T16716] n_tty_open+0x1a/0x170 [ 812.544711][T16716] ? __pfx_n_tty_open+0x10/0x10 [ 812.544742][T16716] tty_ldisc_open+0x9c/0x120 [ 812.544766][T16716] tty_ldisc_setup+0x40/0x100 [ 812.544793][T16716] tty_init_dev.part.0+0x1ec/0x500 [ 812.544826][T16716] tty_open+0xa50/0xf90 [ 812.544861][T16716] ? __pfx_tty_open+0x10/0x10 [ 812.544892][T16716] ? chrdev_open+0x10b/0x6a0 [ 812.544927][T16716] ? __pfx_tty_open+0x10/0x10 [ 812.544957][T16716] chrdev_open+0x234/0x6a0 [ 812.544988][T16716] ? __pfx_apparmor_file_open+0x10/0x10 [ 812.545028][T16716] ? __pfx_chrdev_open+0x10/0x10 [ 812.545061][T16716] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 812.545095][T16716] do_dentry_open+0x982/0x1530 [ 812.545126][T16716] ? __pfx_chrdev_open+0x10/0x10 [ 812.545164][T16716] vfs_open+0x82/0x3f0 [ 812.545210][T16716] path_openat+0x1de4/0x2cb0 [ 812.545249][T16716] ? __pfx_path_openat+0x10/0x10 [ 812.545286][T16716] do_filp_open+0x20b/0x470 [ 812.545317][T16716] ? __pfx_do_filp_open+0x10/0x10 [ 812.545367][T16716] ? alloc_fd+0x471/0x7d0 [ 812.545402][T16716] do_sys_openat2+0x11b/0x1d0 [ 812.545439][T16716] ? __pfx_do_sys_openat2+0x10/0x10 [ 812.545490][T16716] __x64_sys_openat+0x174/0x210 [ 812.545528][T16716] ? __pfx___x64_sys_openat+0x10/0x10 [ 812.545580][T16716] do_syscall_64+0xcd/0x490 [ 812.545608][T16716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.545632][T16716] RIP: 0033:0x7f7b9bb8eb69 [ 812.545652][T16716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 812.545675][T16716] RSP: 002b:00007f7b9ca4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 812.545698][T16716] RAX: ffffffffffffffda RBX: 00007f7b9bdb6080 RCX: 00007f7b9bb8eb69 [ 812.545714][T16716] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 812.545729][T16716] RBP: 00007f7b9bc11df1 R08: 0000000000000000 R09: 0000000000000000 [ 812.545744][T16716] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 812.545759][T16716] R13: 0000000000000000 R14: 00007f7b9bdb6080 R15: 00007fff5e9379b8 [ 812.545789][T16716] [ 813.013395][T16716] syz.2.2554: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 813.028452][T16716] CPU: 1 UID: 0 PID: 16716 Comm: syz.2.2554 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 813.028491][T16716] Tainted: [U]=USER [ 813.028499][T16716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 813.028513][T16716] Call Trace: [ 813.028522][T16716] [ 813.028530][T16716] dump_stack_lvl+0x16c/0x1f0 [ 813.028559][T16716] warn_alloc+0x248/0x3a0 [ 813.028591][T16716] ? __pfx_warn_alloc+0x10/0x10 [ 813.028623][T16716] ? kfree+0x2b4/0x4d0 [ 813.028652][T16716] ? __get_vm_area_node+0x208/0x330 [ 813.028698][T16716] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 813.028722][T16716] ? look_up_lock_class+0x59/0x150 [ 813.028754][T16716] ? n_tty_open+0x1a/0x170 [ 813.028795][T16716] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 813.028818][T16716] ? console_unlock+0x184/0x210 [ 813.028841][T16716] ? __pfx_console_unlock+0x10/0x10 [ 813.028867][T16716] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 813.028905][T16716] ? n_tty_open+0x1a/0x170 [ 813.028936][T16716] __vmalloc_node_noprof+0xad/0xf0 [ 813.028976][T16716] ? n_tty_open+0x1a/0x170 [ 813.029008][T16716] ? __pfx_n_tty_open+0x10/0x10 [ 813.029042][T16716] n_tty_open+0x1a/0x170 [ 813.029074][T16716] ? __pfx_n_tty_open+0x10/0x10 [ 813.029106][T16716] tty_ldisc_open+0x9c/0x120 [ 813.029130][T16716] tty_ldisc_setup+0x40/0x100 [ 813.029155][T16716] tty_init_dev.part.0+0x1ec/0x500 [ 813.029189][T16716] tty_open+0xa50/0xf90 [ 813.029232][T16716] ? __pfx_tty_open+0x10/0x10 [ 813.029262][T16716] ? chrdev_open+0x10b/0x6a0 [ 813.029299][T16716] ? __pfx_tty_open+0x10/0x10 [ 813.029328][T16716] chrdev_open+0x234/0x6a0 [ 813.029360][T16716] ? __pfx_apparmor_file_open+0x10/0x10 [ 813.029401][T16716] ? __pfx_chrdev_open+0x10/0x10 [ 813.029434][T16716] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 813.029468][T16716] do_dentry_open+0x982/0x1530 [ 813.029498][T16716] ? __pfx_chrdev_open+0x10/0x10 [ 813.029536][T16716] vfs_open+0x82/0x3f0 [ 813.029576][T16716] path_openat+0x1de4/0x2cb0 [ 813.029615][T16716] ? __pfx_path_openat+0x10/0x10 [ 813.029652][T16716] do_filp_open+0x20b/0x470 [ 813.029682][T16716] ? __pfx_do_filp_open+0x10/0x10 [ 813.029733][T16716] ? alloc_fd+0x471/0x7d0 [ 813.029767][T16716] do_sys_openat2+0x11b/0x1d0 [ 813.029805][T16716] ? __pfx_do_sys_openat2+0x10/0x10 [ 813.029855][T16716] __x64_sys_openat+0x174/0x210 [ 813.029894][T16716] ? __pfx___x64_sys_openat+0x10/0x10 [ 813.029945][T16716] do_syscall_64+0xcd/0x490 [ 813.029973][T16716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.029998][T16716] RIP: 0033:0x7f7b9bb8eb69 [ 813.030017][T16716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 813.030040][T16716] RSP: 002b:00007f7b9ca4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 813.030062][T16716] RAX: ffffffffffffffda RBX: 00007f7b9bdb6080 RCX: 00007f7b9bb8eb69 [ 813.030078][T16716] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 813.030093][T16716] RBP: 00007f7b9bc11df1 R08: 0000000000000000 R09: 0000000000000000 [ 813.030109][T16716] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 813.030124][T16716] R13: 0000000000000000 R14: 00007f7b9bdb6080 R15: 00007fff5e9379b8 [ 813.030154][T16716] [ 813.030163][T16716] Mem-Info: [ 813.361847][T16716] active_anon:7903 inactive_anon:4784 isolated_anon:0 [ 813.361847][T16716] active_file:22098 inactive_file:37064 isolated_file:0 [ 813.361847][T16716] unevictable:768 dirty:724 writeback:0 [ 813.361847][T16716] slab_reclaimable:11779 slab_unreclaimable:95569 [ 813.361847][T16716] mapped:27153 shmem:1359 pagetables:1119 [ 813.361847][T16716] sec_pagetables:0 bounce:0 [ 813.361847][T16716] kernel_misc_reclaimable:0 [ 813.361847][T16716] free:1312242 free_pcp:11609 free_cma:0 [ 813.408225][T16716] Node 0 active_anon:31612kB inactive_anon:19136kB active_file:78096kB inactive_file:148128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:108068kB dirty:2892kB writeback:0kB shmem:3900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11344kB pagetables:4304kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 813.457852][T16716] Node 1 active_anon:0kB inactive_anon:0kB active_file:10296kB inactive_file:128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:544kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:80kB pagetables:172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 813.488567][T16716] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 813.518143][T16716] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 813.524453][T16716] Node 0 DMA32 free:1335700kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:31560kB inactive_anon:19136kB active_file:76868kB inactive_file:148056kB unevictable:1536kB writepending:2944kB present:3129332kB managed:2539676kB mlocked:0kB bounce:0kB free_pcp:38888kB local_pcp:38888kB free_cma:0kB [ 813.557827][T16716] lowmem_reserve[]: 0 0 1 1 1 [ 813.563913][T16716] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:1228kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:16kB free_cma:0kB [ 813.630201][T16716] lowmem_reserve[]: 0 0 0 0 0 [ 813.635064][T16716] Node 1 Normal free:3897888kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:10296kB inactive_file:128kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:7476kB local_pcp:7476kB free_cma:0kB [ 813.742842][T16716] lowmem_reserve[]: 0 0 0 0 0 [ 813.747646][T16716] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 813.820923][T16716] Node 0 DMA32: 3009*4kB (ME) 1320*8kB (ME) 902*16kB (UME) 1094*32kB (UME) 740*64kB (UME) 403*128kB (UME) 168*256kB (UM) 93*512kB (UM) 64*1024kB (UME) 14*2048kB (UME) 239*4096kB (UM) = 1334756kB [ 813.879831][T16716] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 813.904536][T16716] Node 1 Normal: 400*4kB (UME) 152*8kB (UME) 144*16kB (UME) 347*32kB (UME) 169*64kB (UME) 39*128kB (UME) 21*256kB (UME) 16*512kB (ME) 12*1024kB (ME) 11*2048kB (UME) 932*4096kB (M) = 3897888kB [ 813.955574][T16716] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 813.968172][ T5865] Bluetooth: hci0: command tx timeout [ 813.986844][T16716] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 814.006815][T16716] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 814.026730][T16716] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 814.046319][T16716] 60518 total pagecache pages [ 814.056459][T16716] 0 pages in swap cache [ 814.066572][T16716] Free swap = 124996kB [ 814.076703][T16716] Total swap = 124996kB [ 814.087043][T16716] 2097051 pages RAM [ 814.098147][T16716] 0 pages HighMem/MovableOnly [ 814.108153][T16716] 430170 pages reserved [ 814.120643][T16716] 0 pages cma reserved [ 814.128138][T16716] tty tty26: ldisc open failed (-12), clearing slot 25 [ 814.725789][T10780] bridge_slave_1: left allmulticast mode [ 814.758322][T10780] bridge_slave_1: left promiscuous mode [ 814.788848][T10780] bridge0: port 2(bridge_slave_1) entered disabled state [ 814.852040][T10780] bridge_slave_0: left allmulticast mode [ 814.887646][T10780] bridge_slave_0: left promiscuous mode [ 814.908317][T10780] bridge0: port 1(bridge_slave_0) entered disabled state [ 815.970428][T10780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 815.984682][T10780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 815.996677][T10780] bond0 (unregistering): Released all slaves [ 816.025861][T16697] bridge0: port 1(bridge_slave_0) entered blocking state [ 816.040324][T16697] bridge0: port 1(bridge_slave_0) entered disabled state [ 816.048240][ T5865] Bluetooth: hci0: command tx timeout [ 816.057824][T16697] bridge_slave_0: entered allmulticast mode [ 816.081261][T16697] bridge_slave_0: entered promiscuous mode [ 816.126098][T16697] bridge0: port 2(bridge_slave_1) entered blocking state [ 816.155054][T16697] bridge0: port 2(bridge_slave_1) entered disabled state [ 816.183278][T16697] bridge_slave_1: entered allmulticast mode [ 816.198865][T16697] bridge_slave_1: entered promiscuous mode [ 816.268445][T10780] HfR: left promiscuous mode [ 816.497501][T16697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 816.571797][T16697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 816.972755][T16697] team0: Port device team_slave_0 added [ 817.029628][T16697] team0: Port device team_slave_1 added [ 817.430883][T16697] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 817.464298][T16697] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 817.597954][T16697] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 817.861208][T16697] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 817.868218][T16697] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 818.048147][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 818.056499][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 818.084570][T16697] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 818.121296][ T5865] Bluetooth: hci0: command tx timeout [ 818.343375][T10780] hsr_slave_0: left promiscuous mode [ 818.367846][T10780] hsr_slave_1: left promiscuous mode [ 818.401837][T10780] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 818.447002][T10780] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 818.519442][T10780] veth0_macvtap: left promiscuous mode [ 818.582601][T10780] veth1_vlan: left promiscuous mode [ 818.587946][T10780] veth0_vlan: left promiscuous mode [ 818.711947][T16777] binder_alloc: binder_alloc_mmap_handler: 16776 0-1000 already mapped failed -16 [ 818.748259][T16759] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2558'. [ 820.135893][T10780] team0 (unregistering): Port device team_slave_1 removed [ 820.254973][T10780] team0 (unregistering): Port device team_slave_0 removed [ 821.190381][T16697] hsr_slave_0: entered promiscuous mode [ 821.229242][T16697] hsr_slave_1: entered promiscuous mode [ 821.258255][T16697] debugfs: 'hsr0' already exists in 'hsr' [ 821.268994][T16697] Cannot create hsr debugfs directory [ 821.848492][T16809] FAULT_INJECTION: forcing a failure. [ 821.848492][T16809] name failslab, interval 1, probability 0, space 0, times 0 [ 821.945549][T16809] CPU: 1 UID: 0 PID: 16809 Comm: syz.0.2567 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 821.945591][T16809] Tainted: [U]=USER [ 821.945599][T16809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 821.945614][T16809] Call Trace: [ 821.945621][T16809] [ 821.945631][T16809] dump_stack_lvl+0x16c/0x1f0 [ 821.945661][T16809] should_fail_ex+0x512/0x640 [ 821.945690][T16809] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 821.945724][T16809] should_failslab+0xc2/0x120 [ 821.945757][T16809] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 821.945786][T16809] ? __pfx_stack_trace_save+0x10/0x10 [ 821.945814][T16809] ? __d_alloc+0x32/0xae0 [ 821.945848][T16809] __d_alloc+0x32/0xae0 [ 821.945881][T16809] d_alloc_parallel+0x111/0x1480 [ 821.945928][T16809] ? find_held_lock+0x2b/0x80 [ 821.945953][T16809] ? __pfx_d_alloc_parallel+0x10/0x10 [ 821.945996][T16809] ? __d_lookup+0x266/0x4a0 [ 821.946040][T16809] lookup_open.isra.0+0x665/0x1580 [ 821.946071][T16809] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 821.946111][T16809] ? mnt_get_write_access+0x20c/0x300 [ 821.946152][T16809] path_openat+0x893/0x2cb0 [ 821.946190][T16809] ? __pfx_path_openat+0x10/0x10 [ 821.946226][T16809] do_filp_open+0x20b/0x470 [ 821.946267][T16809] ? __pfx_do_filp_open+0x10/0x10 [ 821.946318][T16809] ? alloc_fd+0x471/0x7d0 [ 821.946353][T16809] do_sys_openat2+0x11b/0x1d0 [ 821.946391][T16809] ? __pfx_do_sys_openat2+0x10/0x10 [ 821.946440][T16809] __x64_sys_openat+0x174/0x210 [ 821.946479][T16809] ? __pfx___x64_sys_openat+0x10/0x10 [ 821.946530][T16809] do_syscall_64+0xcd/0x490 [ 821.946558][T16809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.946581][T16809] RIP: 0033:0x7fd311b8eb69 [ 821.946600][T16809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 821.946623][T16809] RSP: 002b:00007fd312a75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 821.946646][T16809] RAX: ffffffffffffffda RBX: 00007fd311db6080 RCX: 00007fd311b8eb69 [ 821.946661][T16809] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 821.946676][T16809] RBP: 00007fd311c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 821.946690][T16809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 821.946704][T16809] R13: 0000000000000000 R14: 00007fd311db6080 R15: 00007ffd0e9c7d18 [ 821.946734][T16809] [ 823.689662][T16829] FAULT_INJECTION: forcing a failure. [ 823.689662][T16829] name failslab, interval 1, probability 0, space 0, times 0 [ 823.861949][T16829] CPU: 1 UID: 0 PID: 16829 Comm: syz.2.2570 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 823.861991][T16829] Tainted: [U]=USER [ 823.861999][T16829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 823.862014][T16829] Call Trace: [ 823.862021][T16829] [ 823.862037][T16829] dump_stack_lvl+0x16c/0x1f0 [ 823.862068][T16829] should_fail_ex+0x512/0x640 [ 823.862098][T16829] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 823.862132][T16829] should_failslab+0xc2/0x120 [ 823.862166][T16829] __kmalloc_cache_noprof+0x6a/0x3e0 [ 823.862192][T16829] ? fqdir_init+0x4f/0x1f0 [ 823.862224][T16829] fqdir_init+0x4f/0x1f0 [ 823.862253][T16829] ipv6_frags_init_net+0x2b/0x350 [ 823.862287][T16829] ? __pfx_ipv6_frags_init_net+0x10/0x10 [ 823.862318][T16829] ops_init+0x1df/0x5f0 [ 823.862349][T16829] setup_net+0x10f/0x380 [ 823.862373][T16829] ? lockdep_init_map_type+0x5c/0x280 [ 823.862409][T16829] ? __pfx_setup_net+0x10/0x10 [ 823.862437][T16829] ? debug_mutex_init+0x37/0x70 [ 823.862464][T16829] copy_net_ns+0x2a6/0x5f0 [ 823.862496][T16829] create_new_namespaces+0x3ea/0xa90 [ 823.862532][T16829] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 823.862564][T16829] ksys_unshare+0x45b/0xa40 [ 823.862598][T16829] ? __pfx_ksys_unshare+0x10/0x10 [ 823.862633][T16829] ? xfd_validate_state+0x61/0x180 [ 823.862679][T16829] __x64_sys_unshare+0x31/0x40 [ 823.862712][T16829] do_syscall_64+0xcd/0x490 [ 823.862741][T16829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.862765][T16829] RIP: 0033:0x7f7b9bb8eb69 [ 823.862784][T16829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 823.862807][T16829] RSP: 002b:00007f7b9ca6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 823.862830][T16829] RAX: ffffffffffffffda RBX: 00007f7b9bdb5fa0 RCX: 00007f7b9bb8eb69 [ 823.862846][T16829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 823.862860][T16829] RBP: 00007f7b9bc11df1 R08: 0000000000000000 R09: 0000000000000000 [ 823.862874][T16829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 823.862889][T16829] R13: 0000000000000000 R14: 00007f7b9bdb5fa0 R15: 00007fff5e9379b8 [ 823.862918][T16829] [ 824.898094][T16697] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 824.994195][T16697] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 825.055878][T16697] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 825.134902][T16697] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 825.415645][T16851] FAULT_INJECTION: forcing a failure. [ 825.415645][T16851] name failslab, interval 1, probability 0, space 0, times 0 [ 825.508676][T16851] CPU: 1 UID: 0 PID: 16851 Comm: syz.2.2573 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 825.508717][T16851] Tainted: [U]=USER [ 825.508724][T16851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 825.508739][T16851] Call Trace: [ 825.508747][T16851] [ 825.508756][T16851] dump_stack_lvl+0x16c/0x1f0 [ 825.508786][T16851] should_fail_ex+0x512/0x640 [ 825.508816][T16851] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 825.508850][T16851] should_failslab+0xc2/0x120 [ 825.508892][T16851] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 825.508922][T16851] ? kasan_quarantine_put+0x10a/0x240 [ 825.508949][T16851] ? rpc_new_task+0x709/0x990 [ 825.508985][T16851] rpc_new_task+0x709/0x990 [ 825.509016][T16851] ? rpc_task_get_xprt+0xef/0x2c0 [ 825.509046][T16851] ? mempool_free+0xff/0x710 [ 825.509081][T16851] ? __pfx_rpc_new_task+0x10/0x10 [ 825.509121][T16851] rpc_run_task+0x1e/0x660 [ 825.509154][T16851] rpc_call_sync+0xc9/0x1b0 [ 825.509187][T16851] ? __pfx_rpc_call_sync+0x10/0x10 [ 825.509227][T16851] ? net_generic+0xea/0x2a0 [ 825.509257][T16851] rpcb_register+0x21e/0x4f0 [ 825.509284][T16851] ? __pfx_rpcb_register+0x10/0x10 [ 825.509322][T16851] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 825.509358][T16851] svc_unregister+0x55b/0x7b0 [ 825.509394][T16851] svc_bind+0x20a/0x260 [ 825.509423][T16851] nfsd_create_serv+0x2d2/0x480 [ 825.509462][T16851] ? __pfx_nfsd_create_serv+0x10/0x10 [ 825.509501][T16851] ? __nla_validate_parse+0x600/0x2880 [ 825.509542][T16851] nfsd_nl_listener_set_doit+0xdd/0x1b10 [ 825.509582][T16851] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 825.509612][T16851] ? __nla_parse+0x40/0x60 [ 825.509649][T16851] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 825.509683][T16851] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 825.509723][T16851] genl_family_rcv_msg_doit+0x209/0x2f0 [ 825.509756][T16851] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 825.509786][T16851] ? rcu_is_watching+0x12/0xc0 [ 825.509821][T16851] ? bpf_lsm_capable+0x9/0x10 [ 825.509843][T16851] ? security_capable+0x7e/0x260 [ 825.509890][T16851] genl_rcv_msg+0x55c/0x800 [ 825.509926][T16851] ? __pfx_genl_rcv_msg+0x10/0x10 [ 825.509957][T16851] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 825.509997][T16851] netlink_rcv_skb+0x158/0x420 [ 825.510023][T16851] ? __pfx_genl_rcv_msg+0x10/0x10 [ 825.510056][T16851] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 825.510094][T16851] ? netlink_deliver_tap+0x1ae/0xd30 [ 825.510123][T16851] genl_rcv+0x28/0x40 [ 825.510150][T16851] netlink_unicast+0x5a7/0x870 [ 825.510180][T16851] ? __pfx_netlink_unicast+0x10/0x10 [ 825.510206][T16851] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 825.510231][T16851] ? __lock_acquire+0xb97/0x1ce0 [ 825.510270][T16851] netlink_sendmsg+0x8d1/0xdd0 [ 825.510301][T16851] ? __pfx_netlink_sendmsg+0x10/0x10 [ 825.510331][T16851] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 825.510375][T16851] ____sys_sendmsg+0xa98/0xc70 [ 825.510408][T16851] ? copy_msghdr_from_user+0x10a/0x160 [ 825.510433][T16851] ? __pfx_____sys_sendmsg+0x10/0x10 [ 825.510472][T16851] ? __pfx_futex_wake_mark+0x10/0x10 [ 825.510519][T16851] ___sys_sendmsg+0x134/0x1d0 [ 825.510545][T16851] ? __pfx____sys_sendmsg+0x10/0x10 [ 825.510607][T16851] __sys_sendmsg+0x16d/0x220 [ 825.510632][T16851] ? __pfx___sys_sendmsg+0x10/0x10 [ 825.510657][T16851] ? __x64_sys_futex+0x1e0/0x4c0 [ 825.510706][T16851] do_syscall_64+0xcd/0x490 [ 825.510734][T16851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.510765][T16851] RIP: 0033:0x7f7b9bb8eb69 [ 825.510785][T16851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 825.510809][T16851] RSP: 002b:00007f7b9ca6e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 825.510831][T16851] RAX: ffffffffffffffda RBX: 00007f7b9bdb5fa0 RCX: 00007f7b9bb8eb69 [ 825.510847][T16851] RDX: 0000000000000000 RSI: 0000200000003140 RDI: 0000000000000004 [ 825.510861][T16851] RBP: 00007f7b9bc11df1 R08: 0000000000000000 R09: 0000000000000000 [ 825.510876][T16851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 825.510896][T16851] R13: 0000000000000000 R14: 00007f7b9bdb5fa0 R15: 00007fff5e9379b8 [ 825.510926][T16851] [ 826.770421][T16697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 826.879521][T16697] 8021q: adding VLAN 0 to HW filter on device team0 [ 827.052948][T16871] ubi0: attaching mtd0 [ 827.058425][T16871] ubi0: scanning is finished [ 827.087522][T10775] bridge0: port 1(bridge_slave_0) entered blocking state [ 827.094782][T10775] bridge0: port 1(bridge_slave_0) entered forwarding state [ 827.123022][T16871] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 827.278820][ T133] bridge0: port 2(bridge_slave_1) entered blocking state [ 827.286516][ T133] bridge0: port 2(bridge_slave_1) entered forwarding state [ 827.529969][T16871] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 828.758635][T16697] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 829.057990][T16697] veth0_vlan: entered promiscuous mode [ 829.155913][T16697] veth1_vlan: entered promiscuous mode [ 829.369680][T16697] veth0_macvtap: entered promiscuous mode [ 829.462153][T16697] veth1_macvtap: entered promiscuous mode [ 829.558353][T16697] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 829.660732][T16697] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 829.773025][ T3545] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 829.862407][ T3545] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 829.925661][ T3545] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 829.987347][ T3545] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.402894][T10778] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 830.454608][T10778] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 830.701753][ T133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 830.710430][ T133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 830.854831][T16917] input: jJǸ-9%vJ86 as /devices/virtual/input/input16 [ 831.306725][T16926] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input17 [ 833.767331][ T5865] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 835.870662][T16970] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2587'. [ 837.052178][T16992] ptrace attach of "./syz-executor exec"[15482] was attempted by "./syz-executor exec"[16992] [ 842.282629][T17053] binder: 17052:17053 ioctl 541b 38 returned -22 [ 842.728398][T17064] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 843.648063][T17070] delete_channel: no stack [ 844.235327][T17077] can: request_module (can-proto-5) failed. [ 844.265493][T17084] random: crng reseeded on system resumption [ 844.306206][T17084] FAULT_INJECTION: forcing a failure. [ 844.306206][T17084] name failslab, interval 1, probability 0, space 0, times 0 [ 844.367862][T17084] CPU: 1 UID: 0 PID: 17084 Comm: syz.3.2613 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 844.367904][T17084] Tainted: [U]=USER [ 844.367912][T17084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 844.367926][T17084] Call Trace: [ 844.367934][T17084] [ 844.367943][T17084] dump_stack_lvl+0x16c/0x1f0 [ 844.367973][T17084] should_fail_ex+0x512/0x640 [ 844.368007][T17084] should_failslab+0xc2/0x120 [ 844.368040][T17084] __kmalloc_cache_noprof+0x6a/0x3e0 [ 844.368075][T17084] ? do_raw_spin_lock+0x12c/0x2b0 [ 844.368114][T17084] ? find_held_lock+0x2b/0x80 [ 844.368136][T17084] ? async_schedule_node_domain+0x54/0x120 [ 844.368169][T17084] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 844.368196][T17084] async_schedule_node_domain+0x54/0x120 [ 844.368229][T17084] dev_cache_fw_image+0x38e/0x490 [ 844.368254][T17084] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 844.368282][T17084] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 844.368306][T17084] dpm_for_each_dev+0x5d/0xb0 [ 844.368344][T17084] fw_pm_notify+0x81/0x150 [ 844.368413][T17084] notifier_call_chain+0xbc/0x410 [ 844.368444][T17084] ? __pfx_fw_pm_notify+0x10/0x10 [ 844.368489][T17084] blocking_notifier_call_chain_robust+0xc8/0x160 [ 844.368529][T17084] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 844.368575][T17084] pm_notifier_call_chain_robust+0x27/0x60 [ 844.368609][T17084] snapshot_open+0x218/0x2b0 [ 844.368638][T17084] ? __pfx_snapshot_open+0x10/0x10 [ 844.368669][T17084] misc_open+0x35a/0x420 [ 844.368708][T17084] ? __pfx_misc_open+0x10/0x10 [ 844.368745][T17084] chrdev_open+0x234/0x6a0 [ 844.368776][T17084] ? __pfx_apparmor_file_open+0x10/0x10 [ 844.368816][T17084] ? __pfx_chrdev_open+0x10/0x10 [ 844.368849][T17084] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 844.368883][T17084] do_dentry_open+0x982/0x1530 [ 844.368914][T17084] ? __pfx_chrdev_open+0x10/0x10 [ 844.368952][T17084] vfs_open+0x82/0x3f0 [ 844.368992][T17084] path_openat+0x1de4/0x2cb0 [ 844.369031][T17084] ? __pfx_path_openat+0x10/0x10 [ 844.369075][T17084] do_filp_open+0x20b/0x470 [ 844.369105][T17084] ? __pfx_do_filp_open+0x10/0x10 [ 844.369157][T17084] ? alloc_fd+0x471/0x7d0 [ 844.369191][T17084] do_sys_openat2+0x11b/0x1d0 [ 844.369230][T17084] ? __pfx_do_sys_openat2+0x10/0x10 [ 844.369281][T17084] __x64_sys_openat+0x174/0x210 [ 844.369320][T17084] ? __pfx___x64_sys_openat+0x10/0x10 [ 844.369372][T17084] do_syscall_64+0xcd/0x490 [ 844.369414][T17084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.369439][T17084] RIP: 0033:0x7ff52358eb69 [ 844.369458][T17084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 844.369482][T17084] RSP: 002b:00007ff5243f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 844.369505][T17084] RAX: ffffffffffffffda RBX: 00007ff5237b5fa0 RCX: 00007ff52358eb69 [ 844.369520][T17084] RDX: 0000000000001001 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 844.369536][T17084] RBP: 00007ff523611df1 R08: 0000000000000000 R09: 0000000000000000 [ 844.369551][T17084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 844.369565][T17084] R13: 0000000000000000 R14: 00007ff5237b5fa0 R15: 00007ffe5ec69578 [ 844.369597][T17084] [ 845.031479][T17084] [ 845.033846][T17084] ====================================================== [ 845.040869][T17084] WARNING: possible circular locking dependency detected [ 845.047906][T17084] 6.16.0-syzkaller-11699-g7e161a991ea7 #0 Tainted: G U [ 845.056248][T17084] ------------------------------------------------------ [ 845.063268][T17084] syz.3.2613/17084 is trying to acquire lock: [ 845.069354][T17084] ffff888076dbad28 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}, at: process_measurement+0x7e0/0x23e0 [ 845.080002][T17084] [ 845.080002][T17084] but task is already holding lock: [ 845.087469][T17084] ffffffff8f513588 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 845.096374][T17084] [ 845.096374][T17084] which lock already depends on the new lock. [ 845.096374][T17084] [ 845.106861][T17084] [ 845.106861][T17084] the existing dependency chain (in reverse order) is: [ 845.115870][T17084] [ 845.115870][T17084] -> #4 (dpm_list_mtx){+.+.}-{4:4}: [ 845.123281][T17084] __mutex_lock+0x193/0x10b0 [ 845.128563][T17084] device_pm_add+0x87/0x3e0 [ 845.133601][T17084] device_add+0x9cd/0x1aa0 [ 845.138562][T17084] device_create_groups_vargs+0x1f8/0x270 [ 845.144820][T17084] device_create+0xed/0x130 [ 845.149859][T17084] msr_device_create+0x31/0x70 [ 845.155158][T17084] cpuhp_invoke_callback+0x3d5/0xa10 [ 845.160974][T17084] cpuhp_thread_fun+0x47e/0x6f0 [ 845.166367][T17084] smpboot_thread_fn+0x3f4/0xae0 [ 845.171838][T17084] kthread+0x3c5/0x780 [ 845.176447][T17084] ret_from_fork+0x5d4/0x6f0 [ 845.181577][T17084] ret_from_fork_asm+0x1a/0x30 [ 845.186899][T17084] [ 845.186899][T17084] -> #3 (cpuhp_state-up){+.+.}-{0:0}: [ 845.194503][T17084] cpuhp_thread_fun+0x193/0x6f0 [ 845.199904][T17084] smpboot_thread_fn+0x3f4/0xae0 [ 845.205433][T17084] kthread+0x3c5/0x780 [ 845.210050][T17084] ret_from_fork+0x5d4/0x6f0 [ 845.215189][T17084] ret_from_fork_asm+0x1a/0x30 [ 845.220501][T17084] [ 845.220501][T17084] -> #2 (cpu_hotplug_lock){++++}-{0:0}: [ 845.228259][T17084] cpus_read_lock+0x42/0x160 [ 845.233400][T17084] ring_buffer_resize+0x105/0x15c0 [ 845.239055][T17084] tracing_update_buffers+0x15e/0x1f0 [ 845.244971][T17084] ftrace_event_write+0x14a/0x290 [ 845.250529][T17084] vfs_write+0x2a0/0x1150 [ 845.255458][T17084] ksys_write+0x12a/0x250 [ 845.260328][T17084] do_syscall_64+0xcd/0x490 [ 845.265375][T17084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.271825][T17084] [ 845.271825][T17084] -> #1 (trace_types_lock){+.+.}-{4:4}: [ 845.279577][T17084] __mutex_lock+0x193/0x10b0 [ 845.284713][T17084] tracing_check_open_get_tr.part.0+0x49/0x190 [ 845.291413][T17084] tracing_check_open_get_tr+0x34/0x50 [ 845.297430][T17084] ftrace_event_set_open+0x50/0x380 [ 845.303198][T17084] do_dentry_open+0x982/0x1530 [ 845.308525][T17084] vfs_open+0x82/0x3f0 [ 845.313144][T17084] dentry_open+0x71/0xd0 [ 845.317940][T17084] ima_calc_file_hash+0x2b6/0x490 [ 845.323506][T17084] ima_collect_measurement+0x899/0xa40 [ 845.329532][T17084] process_measurement+0x11fa/0x23e0 [ 845.335375][T17084] ima_file_mmap+0x1b1/0x1d0 [ 845.340531][T17084] security_mmap_file+0x88c/0x990 [ 845.346122][T17084] vm_mmap_pgoff+0xec/0x470 [ 845.351178][T17084] ksys_mmap_pgoff+0x32c/0x5c0 [ 845.356491][T17084] __x64_sys_mmap+0x125/0x190 [ 845.361715][T17084] do_syscall_64+0xcd/0x490 [ 845.366754][T17084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.373175][T17084] [ 845.373175][T17084] -> #0 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}: [ 845.381806][T17084] __lock_acquire+0x12a6/0x1ce0 [ 845.387196][T17084] lock_acquire+0x179/0x350 [ 845.392236][T17084] __mutex_lock+0x193/0x10b0 [ 845.397353][T17084] process_measurement+0x7e0/0x23e0 [ 845.403094][T17084] ima_file_check+0xc5/0x110 [ 845.408232][T17084] security_file_post_open+0x8e/0x210 [ 845.414145][T17084] path_openat+0x1404/0x2cb0 [ 845.419268][T17084] do_file_open_root+0x322/0x610 [ 845.424741][T17084] file_open_root+0x2a7/0x450 [ 845.429952][T17084] kernel_read_file_from_path_initns+0x189/0x260 [ 845.436820][T17084] _request_firmware+0x744/0x1470 [ 845.442370][T17084] __async_dev_cache_fw_image+0xb1/0x340 [ 845.448529][T17084] async_schedule_node_domain+0xd1/0x120 [ 845.454692][T17084] dev_cache_fw_image+0x38e/0x490 [ 845.460242][T17084] dpm_for_each_dev+0x5d/0xb0 [ 845.465455][T17084] fw_pm_notify+0x81/0x150 [ 845.470411][T17084] notifier_call_chain+0xbc/0x410 [ 845.475968][T17084] blocking_notifier_call_chain_robust+0xc8/0x160 [ 845.482919][T17084] pm_notifier_call_chain_robust+0x27/0x60 [ 845.489273][T17084] snapshot_open+0x218/0x2b0 [ 845.494392][T17084] misc_open+0x35a/0x420 [ 845.499176][T17084] chrdev_open+0x234/0x6a0 [ 845.504129][T17084] do_dentry_open+0x982/0x1530 [ 845.509440][T17084] vfs_open+0x82/0x3f0 [ 845.514050][T17084] path_openat+0x1de4/0x2cb0 [ 845.519169][T17084] do_filp_open+0x20b/0x470 [ 845.524289][T17084] do_sys_openat2+0x11b/0x1d0 [ 845.529504][T17084] __x64_sys_openat+0x174/0x210 [ 845.534895][T17084] do_syscall_64+0xcd/0x490 [ 845.539925][T17084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.546343][T17084] [ 845.546343][T17084] other info that might help us debug this: [ 845.546343][T17084] [ 845.556586][T17084] Chain exists of: [ 845.556586][T17084] &ima_iint_mutex_key[depth] --> cpuhp_state-up --> dpm_list_mtx [ 845.556586][T17084] [ 845.570331][T17084] Possible unsafe locking scenario: [ 845.570331][T17084] [ 845.577777][T17084] CPU0 CPU1 [ 845.583144][T17084] ---- ---- [ 845.588520][T17084] lock(dpm_list_mtx); [ 845.592682][T17084] lock(cpuhp_state-up); [ 845.599534][T17084] lock(dpm_list_mtx); [ 845.606230][T17084] lock(&ima_iint_mutex_key[depth]); [ 845.611604][T17084] [ 845.611604][T17084] *** DEADLOCK *** [ 845.611604][T17084] [ 845.619740][T17084] 5 locks held by syz.3.2613/17084: [ 845.624959][T17084] #0: ffffffff8f303108 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420 [ 845.633443][T17084] #1: ffffffff8e484768 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 [ 845.643840][T17084] #2: ffffffff8e4c4bd0 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160 [ 845.655744][T17084] #3: ffffffff8f518b88 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 845.664417][T17084] #4: ffffffff8f513588 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 845.673766][T17084] [ 845.673766][T17084] stack backtrace: [ 845.679686][T17084] CPU: 1 UID: 0 PID: 17084 Comm: syz.3.2613 Tainted: G U 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 845.679724][T17084] Tainted: [U]=USER [ 845.679732][T17084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 845.679746][T17084] Call Trace: [ 845.679756][T17084] [ 845.679777][T17084] dump_stack_lvl+0x116/0x1f0 [ 845.679810][T17084] print_circular_bug+0x275/0x350 [ 845.679843][T17084] check_noncircular+0x14c/0x170 [ 845.679877][T17084] __lock_acquire+0x12a6/0x1ce0 [ 845.679927][T17084] lock_acquire+0x179/0x350 [ 845.679958][T17084] ? process_measurement+0x7e0/0x23e0 [ 845.679997][T17084] ? __pfx___might_resched+0x10/0x10 [ 845.680024][T17084] ? process_measurement+0x7e0/0x23e0 [ 845.680060][T17084] __mutex_lock+0x193/0x10b0 [ 845.680084][T17084] ? process_measurement+0x7e0/0x23e0 [ 845.680125][T17084] ? __pfx___mutex_lock+0x10/0x10 [ 845.680149][T17084] ? __pfx___might_resched+0x10/0x10 [ 845.680173][T17084] ? find_held_lock+0x2b/0x80 [ 845.680196][T17084] ? down_write+0x14d/0x200 [ 845.680226][T17084] ? process_measurement+0x7e0/0x23e0 [ 845.680263][T17084] process_measurement+0x7e0/0x23e0 [ 845.680304][T17084] ? __pfx_process_measurement+0x10/0x10 [ 845.680345][T17084] ? find_held_lock+0x2b/0x80 [ 845.680367][T17084] ? fscrypt_file_open+0x47c/0x590 [ 845.680410][T17084] ? __pfx___fsnotify_parent+0x10/0x10 [ 845.680434][T17084] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 845.680464][T17084] ima_file_check+0xc5/0x110 [ 845.680500][T17084] ? __pfx_ima_file_check+0x10/0x10 [ 845.680538][T17084] ? vfs_open+0x2e3/0x3f0 [ 845.680576][T17084] security_file_post_open+0x8e/0x210 [ 845.680603][T17084] path_openat+0x1404/0x2cb0 [ 845.680634][T17084] ? trace_kmem_cache_alloc+0x28/0xc0 [ 845.680672][T17084] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 845.680701][T17084] ? __pfx_path_openat+0x10/0x10 [ 845.680729][T17084] ? __asan_memcpy+0x3c/0x60 [ 845.680754][T17084] do_file_open_root+0x322/0x610 [ 845.680789][T17084] ? __pfx_do_file_open_root+0x10/0x10 [ 845.680831][T17084] ? vsnprintf+0x318/0x1160 [ 845.680853][T17084] file_open_root+0x2a7/0x450 [ 845.680883][T17084] ? __pfx_file_open_root+0x10/0x10 [ 845.680915][T17084] ? find_held_lock+0x2b/0x80 [ 845.680939][T17084] ? kernel_read_file_from_path_initns+0x17a/0x260 [ 845.680983][T17084] kernel_read_file_from_path_initns+0x189/0x260 [ 845.681022][T17084] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 845.681059][T17084] ? trace_kmem_cache_alloc+0x28/0xc0 [ 845.681096][T17084] ? _request_firmware+0x503/0x1470 [ 845.681122][T17084] _request_firmware+0x744/0x1470 [ 845.681151][T17084] ? __pfx__request_firmware+0x10/0x10 [ 845.681176][T17084] ? dump_stack_lvl+0x1a3/0x1f0 [ 845.681200][T17084] __async_dev_cache_fw_image+0xb1/0x340 [ 845.681227][T17084] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 845.681254][T17084] ? mark_held_locks+0x49/0x80 [ 845.681284][T17084] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 845.681324][T17084] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 845.681351][T17084] async_schedule_node_domain+0xd1/0x120 [ 845.681381][T17084] dev_cache_fw_image+0x38e/0x490 [ 845.681404][T17084] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 845.681428][T17084] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 845.681451][T17084] dpm_for_each_dev+0x5d/0xb0 [ 845.681487][T17084] fw_pm_notify+0x81/0x150 [ 845.681523][T17084] notifier_call_chain+0xbc/0x410 [ 845.681553][T17084] ? __pfx_fw_pm_notify+0x10/0x10 [ 845.681593][T17084] blocking_notifier_call_chain_robust+0xc8/0x160 [ 845.681627][T17084] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 845.681666][T17084] pm_notifier_call_chain_robust+0x27/0x60 [ 845.681700][T17084] snapshot_open+0x218/0x2b0 [ 845.681729][T17084] ? __pfx_snapshot_open+0x10/0x10 [ 845.681758][T17084] misc_open+0x35a/0x420 [ 845.681795][T17084] ? __pfx_misc_open+0x10/0x10 [ 845.681831][T17084] chrdev_open+0x234/0x6a0 [ 845.681862][T17084] ? __pfx_apparmor_file_open+0x10/0x10 [ 845.681917][T17084] ? __pfx_chrdev_open+0x10/0x10 [ 845.681949][T17084] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 845.681978][T17084] do_dentry_open+0x982/0x1530 [ 845.682007][T17084] ? __pfx_chrdev_open+0x10/0x10 [ 845.682040][T17084] vfs_open+0x82/0x3f0 [ 845.682076][T17084] path_openat+0x1de4/0x2cb0 [ 845.682108][T17084] ? __pfx_path_openat+0x10/0x10 [ 845.682139][T17084] do_filp_open+0x20b/0x470 [ 845.682166][T17084] ? __pfx_do_filp_open+0x10/0x10 [ 845.682204][T17084] ? alloc_fd+0x471/0x7d0 [ 845.682232][T17084] do_sys_openat2+0x11b/0x1d0 [ 845.682269][T17084] ? __pfx_do_sys_openat2+0x10/0x10 [ 845.682312][T17084] __x64_sys_openat+0x174/0x210 [ 845.682350][T17084] ? __pfx___x64_sys_openat+0x10/0x10 [ 845.682394][T17084] do_syscall_64+0xcd/0x490 [ 845.682420][T17084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.682445][T17084] RIP: 0033:0x7ff52358eb69 [ 845.682464][T17084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 845.682488][T17084] RSP: 002b:00007ff5243f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 845.682510][T17084] RAX: ffffffffffffffda RBX: 00007ff5237b5fa0 RCX: 00007ff52358eb69 [ 845.682526][T17084] RDX: 0000000000001001 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 845.682541][T17084] RBP: 00007ff523611df1 R08: 0000000000000000 R09: 0000000000000000 [ 845.682556][T17084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 845.682570][T17084] R13: 0000000000000000 R14: 00007ff5237b5fa0 R15: 00007ffe5ec69578 [ 845.682592][T17084] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 846.804468][T17079] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2612'. [ 847.463222][T17084] (NULL device *): loading /lib/firmware/regulatory.db failed with error -12 [ 847.473428][T17084] (NULL device *): Direct firmware load for regulatory.db failed with error -12 [ 847.483980][T17084] (NULL device *): Falling back to sysfs fallback for: regulatory.db