last executing test programs: 2m20.809702113s ago: executing program 0 (id=1130): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x10900, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48340, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000340), r0) sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x3000000, 0x0, 0x40009}, 0x400098d1) mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) mbind$auto(0x0, 0x2, 0x4, 0x0, 0x6, 0x2) r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/arch_status\x00', 0x100, 0x0) read$auto_proc_single_file_operations_base(r1, &(0x7f0000000040)=""/58, 0x20) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/oom_adj\x00', 0xec1c2, 0x0) r3 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000300), r0) sendmsg$auto_L2TP_CMD_NOOP(r0, &(0x7f0000000440)={&(0x7f0000000140), 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="04002bbd7000fddbdf25000040006806f65087fe3c6b050007000900000006001a004e230000"], 0x2c}, 0x1, 0x0, 0x0, 0x20008010}, 0x8044) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r4) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)=ANY=[@ANYRES16=r5, @ANYBLOB="2f212cbd7000fcdbdf2521000000080003", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x4000000) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0xfffffffffffffd08}, 0x1, 0x0, 0x0, 0x10}, 0x11) read$auto(r2, 0x0, 0x1f40) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x28000, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x14, 0x100000001, 0x63, 0x0, 0x0, 0x0, 0x3, 0x1, 0xf2, 0x401, 0x7ffffff3, 0x5, 0x1000, 0x7, 0x61, 0x105}) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 2m20.382978265s ago: executing program 0 (id=1132): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r0 = eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) preadv$auto(0xffffffffffffffff, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) write$auto(0x3, 0x0, 0x100082) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) 2m19.169518041s ago: executing program 0 (id=1136): close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8502, 0x0) write$auto(0x3, 0x0, 0x100082) 2m18.957032627s ago: executing program 0 (id=1137): r0 = socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x8001) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x210040, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x4, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/fs/cifs/dfscache\x00', 0x0, 0x0) pread64$auto(r3, 0x0, 0x3, 0x6c2) r4 = ioctl$auto_TUNSETGROUP(r2, 0x400454ce, &(0x7f00000002c0)=0x401) close_range$auto(r0, r4, 0x7) write$auto(0x3, 0x0, 0xffd8) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mincore$auto(0x1000, 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0xb0903, 0x0) 2m17.992655393s ago: executing program 0 (id=1142): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e21, @empty}, 0x70) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r1, 0x29, 0x6, 0x0, 0x50) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3f83, 0xfffffffb) openat$dir(0xffffffffffffff9c, 0x0, 0xc0100, 0x100) mmap$auto(0x0, 0x402000a, 0xdf, 0x10000000000eb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0xa, 0x2, 0x3a) socket(0x15, 0x5, 0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, 0x0) bind$auto(r2, 0x0, 0x66) connect$auto(0x3, 0x0, 0x54) inotify_init1$auto(0x3000000000000) close_range$auto(0x2, 0x8, 0x0) 2m17.010080358s ago: executing program 0 (id=1146): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r0 = eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) r2 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(r2, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) write$auto(0x3, 0x0, 0x100082) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) 2m1.696509618s ago: executing program 32 (id=1146): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r0 = eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) r2 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(r2, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) write$auto(0x3, 0x0, 0x100082) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) 2m1.000810799s ago: executing program 2 (id=1210): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) 2m0.890575995s ago: executing program 2 (id=1212): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x5, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) r1 = io_uring_setup$auto(0x6, 0x0) pwrite64$auto(0xc8, 0x0, 0x4e, 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) bind$auto(0x3, 0x0, 0x6a) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) write$auto(0xffffffffffffffff, &(0x7f0000000040)=',\x00^\xa2\x02\x00\x05\x00\x00\x00\xd8l\x00\x00\x00\x00\x00\x00\xb2s\x83\xbd\xc5_%\xc1\xa3\xd0\x95Hq\xf4zG\x01[{\x17\x05I\xe0\xb1d)\x06z8L\xe6&[\xa9X6\x7f\xec\x94\xdal\xa1\xbb\x86\x9c\xc2\xef\x02\r9%\x06\xc5\'b%m_\x96A\"\xdd\xe40\xa7\xc3\x9ah\xf3B\xc2\xec\xf8\r\f[\xe5\x9dK\xe1\x99\x86\xfc\xac\x9f\x8a', 0x1000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183841, 0x0) sendmsg$auto_NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, 0x0, 0x24000000) write$auto(r2, 0x0, 0xc) close_range$auto(r1, 0xfffffffffffff000, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) socket(0x2, 0x2, 0x1) mmap$auto(0x0, 0x9, 0xffffffff, 0x8000200008011, 0xffffffffffffffff, 0x8000) read$auto(0x3, 0x0, 0x80) 2m0.235540052s ago: executing program 2 (id=1215): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x5, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) r1 = io_uring_setup$auto(0x6, 0x0) pwrite64$auto(0xc8, 0x0, 0x4e, 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) bind$auto(0x3, 0x0, 0x6a) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) write$auto(0xffffffffffffffff, &(0x7f0000000040)=',\x00^\xa2\x02\x00\x05\x00\x00\x00\xd8l\x00\x00\x00\x00\x00\x00\xb2s\x83\xbd\xc5_%\xc1\xa3\xd0\x95Hq\xf4zG\x01[{\x17\x05I\xe0\xb1d)\x06z8L\xe6&[\xa9X6\x7f\xec\x94\xdal\xa1\xbb\x86\x9c\xc2\xef\x02\r9%\x06\xc5\'b%m_\x96A\"\xdd\xe40\xa7\xc3\x9ah\xf3B\xc2\xec\xf8\r\f[\xe5\x9dK\xe1\x99\x86\xfc\xac\x9f\x8a', 0x1000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183841, 0x0) sendmsg$auto_NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, 0x0, 0x24000000) write$auto(r2, 0x0, 0xc) close_range$auto(r1, 0xfffffffffffff000, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) socket(0x2, 0x2, 0x1) mmap$auto(0x0, 0x9, 0xffffffff, 0x8000200008011, 0xffffffffffffffff, 0x8000) read$auto(0x3, 0x0, 0x80) 1m59.465158624s ago: executing program 2 (id=1219): madvise$auto(0x0, 0xffffffffffff0001, 0x15) select$auto(0x3, 0x0, 0x0, 0x0, 0x0) syslog$auto(0x2, 0x0, 0xcf) mmap$auto(0x0, 0x10001, 0x80003, 0x10011, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) shmget$auto(0x400, 0x10563, 0x568c12f2) sendmsg$auto_NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x24048800) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0xffffffffffffffff, 0x400008, 0xe0, 0x9b72, 0xffffffffffffffff, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, 0x38) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0xfbe1) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000001300), 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) shmdt$auto(&(0x7f0000000000)=':-h!/-^@(\']@%]/\x00') mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) 1m58.390215247s ago: executing program 2 (id=1222): unshare$auto(0x40000080) ioctl$auto_TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptya5\x00', 0x62c00, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x101001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000500)='/dev/tty34\x00', 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x4, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mincore$auto(0x1000, 0x8001, 0x0) unshare$auto(0x20000080) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x10) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x20001000, 0x7fb3) ptrace$auto(0x10, 0x10000000000001, 0xffffffffffffff56, 0x868f) accept4$auto(0xffffffffffffffff, &(0x7f0000000180)=@l2tp={0x2, 0x0, @remote, 0x3}, &(0x7f00000001c0)=0x5, 0x8001) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) capset$auto(0x0, 0x0) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x5, 0x100000003, 0x9, 0x6, 0x1ff, 0x100000000, 0x3, 0x4, 0x401, 0x0, 0x8, 0x6, 0x9a8c, 0x9, 0x10001]}, &(0x7f0000000200)={[0x8, 0x8000000000000000, 0x2, 0xb, 0x1, 0x9, 0x0, 0x7fff, 0xa, 0x18f, 0xfffffffffffffff9, 0x3, 0x5a4, 0x1000, 0x80000001, 0x1]}, 0x0, &(0x7f0000000280)={0x10006, 0xcc}) 1m56.839567696s ago: executing program 2 (id=1226): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r0 = eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(r2, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) write$auto(0x3, 0x0, 0x100082) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) 1m49.088887637s ago: executing program 1 (id=1243): mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xd0, 0x2) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0) faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7) read$auto(r0, 0x0, 0x20) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48) faccessat$auto(r1, 0x0, 0x2) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0) mmap$auto(0x0, 0x5, 0xfff, 0x44eb2, 0x10006, 0x300000000000) mmap$auto(0x0, 0x9, 0xe3, 0xeb1, 0xffffffffffffffff, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x1ff) read$auto_rng_chrdev_ops_core(0xffffffffffffffff, 0x0, 0x0) r3 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) unlink$auto(&(0x7f00000004c0)=':,\x00') ioctl$auto_LOOP_CTL_ADD(r3, 0x4c80, 0xfffffffffffffffd) 1m48.504215205s ago: executing program 1 (id=1245): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) r0 = socket(0xa, 0x1, 0x100) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) open_by_handle_at$auto(0xffffff9c, 0xffffffffffffffff, 0x9658) socket(0x1e, 0x1, 0x5) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) process_mrelease$auto(0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) acct$auto(0x0) close_range$auto(0x2, 0x8, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto_CEC_RECEIVE(r2, 0xc0386106, &(0x7f0000000080)={0x2, 0x8, 0x1, 0x4f1330bf, 0x9, 0xffffff00, "b3b2551984016910823df347c47bd20e", 0x9, 0x6, 0x2, 0x5, 0x2, 0x6, 0x3}) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x200007, 0x19) write$auto_ftrace_subsystem_filter_fops_trace_events(r3, &(0x7f0000000280)="0e2242fbc6500f8cf4f9031dc001d621af4553d8546728786544ae1e5fbd3d2908ff4b0abb32ac61cffa0aebbc55eac9e23d5a4c08b65c9277dfc55a0e2ddfe0ad8630c9b0bb4eaf65b9ef1f1e8ec167b32a1f95e606d8b4ea65cf501a39e1054b58df5f41256e637fd8c59ddd4b8da4a679fbfc1f933336fb981083aa69ea0c97ced3dbdb9fb42625f9d41884511cb4eec89f3f6b777fa5c359094ad041e22559a7be44b51bd7786ed625ac30ee15a86f436a19eeb57dd76b529ef9831945866710700ee9f96ab8a527af2e41ffec13a593181f3246652a05b5833d828849d5cf39a88ab6e519edd74c08185f40", 0xee) 1m46.718012625s ago: executing program 1 (id=1248): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r0 = eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) r2 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(r2, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) write$auto(0x3, 0x0, 0x100082) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) 1m45.678800132s ago: executing program 1 (id=1252): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) select$auto(0x3, 0x0, 0x0, 0x0, 0x0) syslog$auto(0x2, 0x0, 0xcf) mmap$auto(0x0, 0x10001, 0x80003, 0x10011, 0xffffffffffffffff, 0x8000) write$auto(0xca, 0x0, 0x7e) close_range$auto(0x2, 0x8, 0x0) shmget$auto(0x400, 0x10563, 0x568c12f2) sendmsg$auto_NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x24048800) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0xffffffffffffffff, 0x400008, 0xe0, 0x9b72, 0xffffffffffffffff, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, 0x38) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0xfbe1) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000001300), 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) shmdt$auto(&(0x7f0000000000)=':-h!/-^@(\']@%]/\x00') mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) 1m44.482508378s ago: executing program 1 (id=1256): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/acpi/wakeup\x00', 0x48041, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/options/test_nop_accept\x00', 0x101000, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/sleep_millisecs\x00', 0x181482, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/i8042/serio1/resetafter\x00', 0x129102, 0x0) read$auto(r1, 0x0, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r2) sendmsg$auto_NL80211_CMD_DEL_STATION(r2, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001b40)={0x3c, r3, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, "65481f2f20c135159f6e09d8488f73a40fa9c4eb18f1b96c99584a9919c9702885cc8e36"}]}, 0x3c}, 0x1, 0x0, 0x0, 0x83}, 0x4880) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x750, r3, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_BEACON_HEAD={0x722, 0xe, "f477b19a45398a1f853f713d5db7a77aaa95e99109dd2f5b7da703ebeec0afde07a03f88b1e2afb212bd235264efad8771e43f03d9ecca53e49a535304102ba2edf8faa167f1fdf4f79a9b59ef9de99f2f4ae23c292691890cca3ad086e1b9ec6513b7b685ff488d5a518e8fbabb30570c99067823f4e225267eff032d96a56f23245c199dbe357fa382751a7007031cad7bbc7ec35918a07c43003338222213fba112df59477b621dd510c4b0f7389df91201682d89bda1f073a6222696a2e314d6ebb93a51dccdf2d61fb31eafbe56990100f2e5c053caa6d047cda6a903aed08f35e8f754a105151d163a6f32e02378875c4c477253ea67203cf983ce884c892eb04217577a31208f33a5af0799aa1d7c513e6d0883464c3f9b5edd205d253571c55303001a5c5e832d8a26184ba049d1af26a82c2ab576e4e8dbbe936932968cbda45e14b73ce84c468fdbf727d06eb0ea377cbc179645baf075c58cea97795e91f5a188e16b03296f5d778c29a7646a69c5bab210502bf597e746b1e533e53795b5544c9fa7b55b42eea097374d0bd6649b076ae166693f8340e28d72313b981f60f63b51d3c331e230621916650cf991672f6ba5a4f5c738ef8f6f1780d09940b6094fd441aaff8a9181c18844bcff552726593f5f57c7074d2e0f3f62231ccdb93a90d6e63baf0c74a05d834d49a6907c47fea0ecc2398603c33866fbd14d168662a7e4198998db9e8a9f66b7e656ace232272b00e5353e3634d5a74d09762ff28e5830a08f60b56588c4172915dd413c66408ab72b846b8a1524635791f517947fe993568e163c14ba7b83d893a304c60bd0734f01e0d31ef343bf1c47204b2f7107db9cd5b7f84d2c6d06942c62f09bd2d0e35e1306155d1e276b3048a3f21ba76a64230e4f48fbd6f4395718243b6ea11fa0844208ae47ffcb3a24450578cb8c055fd901049872decc2ca17c1dd4488688c55e9efe0169121c067b78c3af176677f900f68456f3abbfc62319d61163abeb74fbc0a902b7272731ac691819f2e65bd9e2e2cde17754322ceddee09a90135330532a3ce34596c3717fef5b86eac4c261bdc1d3fd37fafbd6600ed3b6430f2048d58c2fbb02342c837b8dd20fe7340ff41dd605e85de5f32c404e0a6915b3e222d771d62e5b0f8c72e7b84bc538900845a0d541bedbbdf548dcdfed425e07d3d4fa76ca10bfe243c80d0744e61b1d850194de348583258ceddc98995eb838f54e28db7116d56e89923c05f2b5f49bed2d41e241913b766ac7b502f8ca9a47d120db08f72a078f4027cfe4d5c89a83595b88d088978a3e279ca9d52f3df587a39ba493f17a5efec863a6000e1276d067f3c8870d5c78f63bc46ae6e2886aca77c824f58d6b9da490f2ab5baf8c66b04b932a570298a24f5e743c82cdb3215cc7c24222650ec404c6646885fd4091cc6427f4840c6d465ead287d7980c3b5556a675685fac38ca6117ba6fa4e8ac093e362f3d517c13cc4bc713f7be2fa3541746e4ce4dd52176d25564f5d1cc3a4a58ac85e877d4bceb993d9bc8e49c80c3730f408da5c44811424f11a2af574a506eced5d9352699b5e48faae63b42719424986e7c91d6bba59cdd9f753c88ced106895dd8991d79e9a85b3a81a462e1c3526a558c64dcca660dac259ab198c4a83db28aef1440be4821319ba73e89cd46af7a85c68a4a78acefe43e4c9205faffc6340715c8c3fa6cb055c9009f1aae546b3c607cf9c6b7ba0626c0d0ed8fd30d52e9ad7743e894291dde80ad0971e2e8550cfd5320649976e8983ba42fb994026bba0c347bbd8ec913168e1855945c71991c3c5f385757f636529a04129982a2d4e6a5ddadbed6f4c6d35957d0bb135ac07df229dd7cee864f568da5894d5e0911a575119c655a74999123430f8acd6f7d6ddf29a6bc2e1912b13c81815338ccf99eeb5dcd8943f7dea85ffede13983c54fc17a8c4f549dc8e1c38880739c5b2837665decb17a51ad850d2801bcde3fcf334006b4b7ede62b0d6d6cf4df7fbf257bc67b9a8528899ca8b6a147ee77941d57d59e790203ed274a2020ff5a03ba5a6b8b8791ee27cc17bbdadc7d28d897a44a8c1be27262ad305e426282bfe646d374f5a84860d8e1e568176e05d8734501f50aa3cf9e451982b8adcce09931a187e1d9a05eca9088be0a3258ea80f020e4c16034b5c119d6b5f4d769f098d0152f0d5a4bd24ffe6cba27cf0f83ca9362a1f67360ea467892003f199144097261803f31362535791d47d832eba80cb532a7545d79b6278a596ead0297317189793b1ecb61ff08b1218fbaa98c49dbca89f636ef73b0a0643a51f9907f4e77a1cc67274296914d8c185a39213e6b7aa8decf97834b3a3fc8e77603d56b44c56083c99892c883ff85a77a05cafcb5bcecb7f01984a1d7df073cae8dc3e197bb937e800bb569f0e29d623621f983d526734603e15254a4fca88099f0b32da40915e900392715adb911fd33e3075ca8b1db1b6c78cdbcf6150639bba8c1c3879223f7202aa4fbe7da82c82c9b7320b47d6e9b98303d424405555f8602"}, @NL80211_ATTR_TDLS_EXTERNAL_SETUP={0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x7f}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0x1}]}, 0x750}, 0x1, 0x0, 0x0, 0x40800}, 0xc044) write$auto(0x3, 0x0, 0xfdef) socket(0x1e, 0x4, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd11/queue/iostats_passthrough\x00', 0x2a001, 0x0) write$auto(r4, &(0x7f0000000040)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) socket(0x10, 0x2, 0x10) socket(0x2, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0xffd8) socket(0x2, 0x3, 0x100) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x8000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f00000000c0)=""/91, 0x5b) 1m44.236001306s ago: executing program 1 (id=1258): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) statmount$auto(&(0x7f0000000140)={0x9, @inferred=r2, 0x2, 0x3ff, 0x7f}, &(0x7f0000000440)={0x6, 0x6, 0x53, 0x4, 0x3, 0x101, 0x2, 0x3, 0x5, 0xffffffff80000001, 0x57d6, 0x8, 0x3, 0x1, 0x8, 0x3, 0x1, 0x8001, 0x400, 0x1ff, 0xfff, 0xd8, 0x4, 0x2, 0x9, 0xbef3, 0x411, 0x7, 0x0, 0x7, 0x7, [0x6, 0x7f, 0xbce7, 0x599, 0x56, 0x7, 0x6, 0x8, 0xffffffffffffffff, 0x0, 0x200000000000, 0x2, 0x1, 0x9, 0x100, 0x40004545, 0x4, 0xa, 0xb, 0xf5fd, 0x7, 0x4, 0x7fffffff, 0x1fc, 0x2, 0x5, 0x8, 0x4, 0x4, 0x7fffffff, 0x4, 0x0, 0x7, 0x80, 0x6, 0x4, 0x7, 0x4, 0xffc0000000000000, 0x1, 0x9, 0x8, 0x80000001], "73e9b0abe71d1e2aee680f7f0e812f294220578764aaba215588c48129939d0d8c6c8dcb488aeb5a653cee9f3407b9069269771811ce667d8e"}, 0x40, 0x36) msync$auto(0x2, 0x9, 0x40) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) socket(0x27, 0x5, 0x7) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x60d80, 0x0) 1m41.7955873s ago: executing program 33 (id=1226): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r0 = eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(r2, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) write$auto(0x3, 0x0, 0x100082) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) 1m29.067651863s ago: executing program 34 (id=1258): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) statmount$auto(&(0x7f0000000140)={0x9, @inferred=r2, 0x2, 0x3ff, 0x7f}, &(0x7f0000000440)={0x6, 0x6, 0x53, 0x4, 0x3, 0x101, 0x2, 0x3, 0x5, 0xffffffff80000001, 0x57d6, 0x8, 0x3, 0x1, 0x8, 0x3, 0x1, 0x8001, 0x400, 0x1ff, 0xfff, 0xd8, 0x4, 0x2, 0x9, 0xbef3, 0x411, 0x7, 0x0, 0x7, 0x7, [0x6, 0x7f, 0xbce7, 0x599, 0x56, 0x7, 0x6, 0x8, 0xffffffffffffffff, 0x0, 0x200000000000, 0x2, 0x1, 0x9, 0x100, 0x40004545, 0x4, 0xa, 0xb, 0xf5fd, 0x7, 0x4, 0x7fffffff, 0x1fc, 0x2, 0x5, 0x8, 0x4, 0x4, 0x7fffffff, 0x4, 0x0, 0x7, 0x80, 0x6, 0x4, 0x7, 0x4, 0xffc0000000000000, 0x1, 0x9, 0x8, 0x80000001], "73e9b0abe71d1e2aee680f7f0e812f294220578764aaba215588c48129939d0d8c6c8dcb488aeb5a653cee9f3407b9069269771811ce667d8e"}, 0x40, 0x36) msync$auto(0x2, 0x9, 0x40) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) socket(0x27, 0x5, 0x7) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x60d80, 0x0) 10.805234671s ago: executing program 5 (id=1504): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r0 = eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) r1 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(r1, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) write$auto(0x3, 0x0, 0x100082) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) 10.409366501s ago: executing program 4 (id=1505): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) sysfs$auto(0x2, 0x10000000000002a, 0x0) socket(0x27, 0x800, 0xa5) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r0, 0x4008af25, &(0x7f0000000000)=0x7) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r1, 0x27fff) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) socket(0x15, 0xa, 0x5) syz_clone(0x40000000, 0x0, 0x25, 0x0, 0x0, 0x0) ioperm$auto(0x3, 0x8001, 0x2000000000000149) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) 9.491993546s ago: executing program 5 (id=1506): unshare$auto(0x40000080) ioctl$auto_TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptya5\x00', 0x62c00, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x101001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000500)='/dev/tty34\x00', 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x4, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mincore$auto(0x1000, 0x8001, 0x0) unshare$auto(0x20000080) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x10) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x20001000, 0x7fb3) ptrace$auto(0x10, 0x10000000000001, 0xffffffffffffff56, 0x868f) accept4$auto(0xffffffffffffffff, &(0x7f0000000180)=@l2tp={0x2, 0x0, @remote, 0x3}, &(0x7f00000001c0)=0x5, 0x8001) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) capset$auto(0x0, 0x0) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x5, 0x100000003, 0x9, 0x6, 0x1ff, 0x100000000, 0x3, 0x4, 0x401, 0x0, 0x8, 0x6, 0x9a8c, 0x9, 0x10001]}, &(0x7f0000000200)={[0x8, 0x8000000000000000, 0x2, 0xb, 0x1, 0x9, 0x0, 0x7fff, 0xa, 0x18f, 0xfffffffffffffff9, 0x3, 0x5a4, 0x1000, 0x80000001, 0x1]}, 0x0, &(0x7f0000000280)={0x10006, 0xcc}) 8.046955753s ago: executing program 3 (id=1509): statmount$auto(0x0, &(0x7f0000000640)={0xa, 0x1, 0x1ff, 0x7, 0x1f, 0x394, 0x7, 0x7, 0x3, 0x9, 0x6, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x4, 0x0, 0xa, 0x2, 0x200, 0x0, 0x3ff, 0x0, 0x1580, 0x0, 0x0, 0xfffffd66, [0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x80, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9]}, 0x1fe, 0xd) r0 = socket(0x1d, 0x3, 0x1) fcntl$auto_F_GETOWNER_UIDS(r0, 0x11, 0xffffffffffffffff) mmap$auto(0xf, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x1e, 0x1, 0x8) setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa) getpid() mlockall$auto(0x1004) rt_sigprocmask$auto(0x26, &(0x7f0000000040)={0x80000000}, &(0x7f0000000080)={0x9}, 0x8) close_range$auto(0x2, 0x8, 0x0) writev$auto(0xc8, &(0x7f00000028c0)={&(0x7f00000000c0)="6542084a1459f5", 0x200}, 0x9) io_uring_setup$auto(0xffffff75, 0x0) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x1e, 0x4, 0x300) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) 7.465316891s ago: executing program 4 (id=1510): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51) socket(0xf, 0x3, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x9) copy_file_range$auto(r1, 0x0, r1, 0x0, 0x2, 0x0) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfff, 0x1, 0x5, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x42, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x4e, 0x1, 0x0, 0x1, 0x0) 7.158316244s ago: executing program 6 (id=1511): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) socket(0x1e, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040), 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) r1 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(r1, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) write$auto(0x3, 0x0, 0x100082) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) 6.638214s ago: executing program 3 (id=1512): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x5, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) io_uring_setup$auto(0x6, 0x0) pwrite64$auto(0xc8, 0x0, 0x4e, 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) mmap$auto(0x0, 0x9, 0xffffffff, 0x8000200008011, 0xffffffffffffffff, 0x8000) read$auto(0x3, 0x0, 0x80) write$auto(0x3, 0x0, 0xfffffdef) 6.51373735s ago: executing program 5 (id=1513): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x4040, 0x0) preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x2e) write$auto_tty_fops_tty_io(r0, &(0x7f0000000280)="352c8efa618c0bcf83a4ebdb278754e15f334a572cad539da201096bbbc2ce7db1", 0x21) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) ioctl$auto(0xffffffffffffffff, 0x8912, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) ustat$auto(0x801, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000) io_uring_setup$auto(0x1, 0x0) bpf$auto(0x5, 0x0, 0x102) getpid() r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_SCAN(r3, &(0x7f00000165c0)={0x0, 0x0, &(0x7f0000016580)={&(0x7f0000000140)={0x14, r4, 0xd3ac6c422733a379, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) read$auto(r2, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) 5.86132001s ago: executing program 4 (id=1515): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r0 = eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) r1 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(r1, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) write$auto(0x3, 0x0, 0x100082) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) 5.594020261s ago: executing program 6 (id=1516): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) select$auto(0x3, 0x0, 0x0, 0x0, 0x0) syslog$auto(0x2, 0x0, 0xcf) mmap$auto(0x0, 0x10001, 0x80003, 0x10011, 0xffffffffffffffff, 0x8000) write$auto(0xca, &(0x7f0000000040)='\x04>2\x0f\x00\x00\x96\x18am\xea\xf4\x1b\xf8', 0x7e) close_range$auto(0x2, 0x8, 0x0) shmget$auto(0x400, 0x10563, 0x568c12f2) sendmsg$auto_NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x24048800) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0xffffffffffffffff, 0x400008, 0xe0, 0x9b72, 0xffffffffffffffff, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, 0x38) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0xfbe1) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000001300), 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) shmdt$auto(0x0) mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) 5.488395902s ago: executing program 3 (id=1517): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x5, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) r1 = io_uring_setup$auto(0x6, 0x0) pwrite64$auto(0xc8, 0x0, 0x4e, 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) bind$auto(0x3, 0x0, 0x6a) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183841, 0x0) sendmsg$auto_NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, 0x0, 0x24000000) write$auto(r2, 0x0, 0xc) close_range$auto(r1, 0xfffffffffffff000, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) socket(0x2, 0x2, 0x1) mmap$auto(0x0, 0x9, 0xffffffff, 0x8000200008011, 0xffffffffffffffff, 0x8000) read$auto(0x3, 0x0, 0x80) write$auto(0x3, 0x0, 0xfffffdef) 4.842674193s ago: executing program 4 (id=1518): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x5, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) r1 = io_uring_setup$auto(0x6, 0x0) pwrite64$auto(0xc8, 0x0, 0x4e, 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) write$auto(0xffffffffffffffff, &(0x7f0000000040)=',\x00^\xa2\x02\x00\x05\x00\x00\x00\xd8l\x00\x00\x00\x00\x00\x00\xb2s\x83\xbd\xc5_%\xc1\xa3\xd0\x95Hq\xf4zG\x01[{\x17\x05I\xe0\xb1d)\x06z8L\xe6&[\xa9X6\x7f\xec\x94\xdal\xa1\xbb\x86\x9c\xc2\xef\x02\r9%\x06\xc5\'b%m_\x96A\"\xdd\xe40\xa7\xc3\x9ah\xf3B\xc2\xec\xf8\r\f[\xe5\x9dK\xe1\x99\x86\xfc\xac\x9f\x8a', 0x1000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183841, 0x0) sendmsg$auto_NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, 0x0, 0x24000000) write$auto(r2, 0x0, 0xc) close_range$auto(r1, 0xfffffffffffff000, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) socket(0x2, 0x2, 0x1) mmap$auto(0x0, 0x9, 0xffffffff, 0x8000200008011, 0xffffffffffffffff, 0x8000) read$auto(0x3, 0x0, 0x80) write$auto(0x3, 0x0, 0xfffffdef) 3.558169427s ago: executing program 6 (id=1519): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event1\x00', 0x22040, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_KVM_GET_VCPU_MMAP_SIZE(r0, 0x4008ae90, 0x0) setns(r2, 0x8000000) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x8, 0x3, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20005, 0xdf, 0xeb1, r0, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x1000000003b, 0xb9f, 0x4, 0x5, 0x7) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x22242, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x101001, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x161843, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) mmap$auto(0x0, 0xffff, 0x3, 0xeb1, r2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/mtd/mtd0/mtd0/nvmem\x00', 0x1000, 0x0) sysfs$auto(0x2, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/force_release\x00', 0xc2082, 0x0) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) 3.557941404s ago: executing program 5 (id=1520): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) sysfs$auto(0x2, 0x10000000000002a, 0x0) socket(0x27, 0x800, 0xa5) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r0, 0x4008af25, &(0x7f0000000000)=0x7) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r1, 0x27fff) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) socket(0x15, 0xa, 0x5) syz_clone(0x40000000, 0x0, 0x25, 0x0, 0x0, 0x0) ioperm$auto(0x3, 0x8001, 0x2000000000000149) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) 3.55720852s ago: executing program 3 (id=1527): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x5, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) io_uring_setup$auto(0x6, 0x0) pwrite64$auto(0xc8, 0x0, 0x4e, 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) bind$auto(0x3, 0x0, 0x6a) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) mmap$auto(0x0, 0x9, 0xffffffff, 0x8000200008011, 0xffffffffffffffff, 0x8000) read$auto(0x3, 0x0, 0x80) write$auto(0x3, 0x0, 0xfffffdef) 2.475311233s ago: executing program 6 (id=1521): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0030e5", @ANYRES16=r1, @ANYBLOB="01002dbd7000f9dbdf25010000000500070058000000080009009c781e01060002000100000008001800030000000800190006000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) mmap$auto(0x1, 0x3, 0x1, 0xe31, 0xffffffffffffffff, 0xe0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) socket(0x2, 0x5, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dmmidi2\x00', 0x101, 0x0) socket(0x10, 0x2, 0x0) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x3, 0xa00006, 0x4, 0x40eb1, 0x602, 0x300000000000) ioprio_set$auto(0x2, 0x0, 0x208) 2.474590764s ago: executing program 3 (id=1522): r0 = socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x114, 0xa, 0x0, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0) unshare$auto(0x40000080) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e28782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be1", 0xaaf) socket(0x5, 0x3, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x2060009, 0x3, 0xeb2, r0, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/ubifs/parameters/default_version\x00', 0xa041, 0x0) write$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0xa) writev$auto(0x1, 0x0, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video54\x00', 0x80000, 0x0) ioctl$auto(0x3, 0xc0285628, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) writev$auto(0xffffffffffffffff, 0x0, 0x8000000000000001) 2.461937866s ago: executing program 4 (id=1530): r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r1 = socket(0x3, 0x3, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg0\x00', 0x40200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/037/001\x00', 0x630001, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x60800, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1021, 0x0, 0xd) close_range$auto(0x2, 0xa, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000380)={0xfffffffffffffffe, 0x10001, 0x7, @state_change={0x8000, 0xd, 0xe}}) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) sendfile$auto(0xffffffffffffffff, r3, 0x0, 0x1000202) ioctl$auto(0x3, 0x541b, 0x38) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097f751b33e}, 0x80) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e883453f", @ANYRES16=0x0, @ANYBLOB="200026bd7000fedbdf251f00000075062d80cd00118023133bfb9095bb196bfc6545fc1bca5cc209df87266f25236e60bdac105038a428e2255ba4c9fbe82c111c4983c0f796c23286cacfbed49bf0dfed9d228feca9d0cecc3e4da4023383920b435ea36276ae3f1339a606da52634d85216324758370270e61bf9f7f5be77c510af60dc716115c383c7a585c7f943238f18113ed4a134b3adf80aaf246ab532ff24916a91f5a94d1653798b92bc4c46d04cbc9949c4ce29779d32ae39e1801178e1f6be6d56b332cf116532cc685bc79a7fa00341601fa8163a5c6eb35f5000000802b6df0a0d461880fa5e7f31e5214535b10e3e10c354665d757ef062d1500f6d2660edc4f0f7ceb6860847c25591e99ecba0b64e8e974b3dcea8087fe169c0393dcf40629817018d9549d52ab2d7d6874ab82278faedc7a5ec8eabb60ba0984ba9cb68189cfdaa70b7b9478b2139d04608ebbef9d588301348153796129953c55dbb8f78745ea5234554475bd641b3f8c719519c522580658dca2b7c5461f1970de722ca8c6c9272d4f2b20b727a71fba5e67f24e549ca529aff9369be42626b8d43724fb69c5779d7a9c32e309e2e6fe2a10411d73953646f955934c83393d36b99697df44a915cf947329cac7fd230de1d0a730747f22d79ce4595e307ec58c9d618db79fa3ec000efa3bf5bd9d4617c4274386bad62280aa1fe2a20a704b0471fb48b5a310f006f23479428d6f66239a3beafb43a5fcd9155a808031d48300cb5596554690668f3e011a800c00ba000900000000000000c88c6a67feb2ce25817a1cb254969c151e2b7521618b238f5ee6004bdca4899643843cd137e6707410f342509830700fd27f6dfbc79860dfafe004000d8015580a8449f24a8a1ec4125ea781f665f4554f46e0eb762c91d37fc702d931cb29ec57c9303fc868da1328db451cb0e9c0518e5dc73ed6b9acca697da1ad43d9bd91a012e9e93ab7dce6a5cf62074255808c7603e022f6931021b02f943eb029b7d348b4bda9e8ba9520698e0d5af435ff4288ebb18b869fb61df6017a1cde9a2fa389fc5f44c27cd6dc5e67a533a3c292e91ff863a33ea531ef175501e4d69b6f36c131669cab58d310ccafd07ba55ae7b19da1b07b3fd242e0045d5f6ab47f349932d91fbc95ce2a0d2e9a47b70d2fba8de1ff98d8aeb53502d837d9094b00d66c48668749f24008002c0064010101000004008e0012035680326216bf353de6024cd8507b623fef8ebb69bc1dde9229526ed6aafe86843e263e2f684e36d63c5a556b538020442f954e822fc3c0c6b3b72fbe48d9b210680608065df70927fcb4e87fc4577cc71f4209584b14bb6569fdeff8441e8221863432524c98ef40f3600f84a65f46c2cd990bb04385b3591453c63a6940095991104905292fa357b0a46391506ce3c51642164976867faa6338d0c378d00a88ab67ce4bc16c6ec1bc1e0ef5235b8762c2a768d0b6b9f130e1e87c2fac9cc05f877127b61d31caf578dd423dd587cb90825968ae8d4bcc2c039eac18b082e1ce0afa493b595b4f420bc37e52ea4aa25301dc81ce593750c555064b7e6c6705ba6300b9b93516470b3d87f4949810d5d9a783784b58cd44e84d232c1febd63312f73af3034f073a46b126422f0400d780b3c9832b9ad35f50aea9db0cc2b4073b243c2f2c1967aedeed6f1b52032f5fb0cea959f3c2d15b2545868e5555b82883e6ebfb995d0d986848d80144ef6c4be436006e97028951f0c88d16a5f4d924537ac13678b619673172f8d83d1a6671726377d537f345deb436a9613780848122b9c41ecbd05c581c61a4c0fea7faa6afe22754dd74643cc3466be65c7b2c412d3eac83781fc62ca5cb79af1be9eedc8081e30677e2e6833d3f4afc818d5d6a3a58718392ad7ddb75ee95400cece3bc3ebe242d2aa7354d8ed0839e75c2e04c97743455aab7c7e8f0a3290ad55fa249ce12ae10818dc34b2f398d4fd56d1f5f7800528a3a35ac5ad955a0d8452208ddd0178ea740b4a55c73f36304040007800800c100", @ANYRES32=0xee01, @ANYBLOB="efbe37145c7eee3ab86fd9fd2bffb7ae07251239c9c55ccf3f843356af42ec6b296595bd1a324c12b77c4546633db2d763e2c83f7e131171586eacc0bcdfbeee3983b9df903e59991a9fa6502fc5a204433ff9501e1cf5485d5405d0824d59ed71afc0608eb7e9f01d5abeac97e46d4a87d0bccd7e48f6cffc7b1e13ac395ac04697261cc0596c03e8a282cc45062e74c204d851dd6fe94937aab34f01103f43dc7fa190ed4e1931fdef3fbeb26b1aa46f7d0df6fca57d61d4f8b2e61c074d13340400088004004780000000000067003a0157970d528024196a280f0eddac3849694f7ae759f6b3e0c41092fc58bb44396856469b45b0c40812a8723ce8175ab54f80c9adc5f14a0c9672f289bfaa1fae5241e6a59b35b8e5f3f54367f4706da1f208a035ac9030907a82fbbb938907fa6b78d7140005003e0007000000930017008d9792767cb1eb649f1fa8f4fb09574889ef3fd9565eb7853d215e99f43dce328fede047c3e9e0a7b27e34ffb385bc37e80bbe4873e7e67a68c8d5b8397a1dacbe371ccf19629f0ea2ac49d90351c628e739e0cfa8ae368c4beef7a95a49a8bf226b315d15f42a125f9ce44cbaebf3995950f2f62cbd284b48db84149cd4f888cef73ba0f8451845b87a1691a6b9a70004008e00"], 0x794}}, 0x40100) 1.494600911s ago: executing program 6 (id=1523): mmap$auto(0x3, 0x40000e, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) mq_notify$auto(0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x801, 0x106) pipe2$auto(0x0, 0x4800) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/memory.kmem.tcp.limit_in_bytes\x00', 0x0, 0x0) writev$auto(r0, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x100000000df, 0xeb1, r0, 0x8000) mmap$auto(0x0, 0x1, 0x4000000000df, 0xeb1, 0x401, 0x8002) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x110c234000, 0x1, 0x9) msgget$auto(0x0, 0x5) msgsnd$auto(0x0, &(0x7f0000000000)={0x1, 0x5}, 0x8, 0x7) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000040), 0x400d01, 0x0) getitimer$auto(0x7f, &(0x7f0000000080)={{0x9, 0x8}, {0x0, 0xfffffffffffffff9}}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x80f02, 0x0) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) msgsnd$auto(0x0, &(0x7f0000000600)={0x40000007fc, 0x7}, 0x400, 0x2) msgrcv$auto(0x0, 0x0, 0x4bd, 0x1, 0xf1) 1.163518276s ago: executing program 5 (id=1524): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) rt_tgsigqueueinfo$auto(0x3, 0x96, 0x3, &(0x7f0000000180)={@siginfo_0_0={0x80000000, 0x7, 0x8000, @_kill={0xffffffffffffffff}}}) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc2}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x2, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) r1 = prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/mem\x00', 0x10b201, 0x0) r3 = ioctl$auto_TUNSETVNETHDRSZ2(r0, 0x400454d8, &(0x7f00000001c0)=0xf) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r1) setsockopt$auto_SO_DEVMEM_DONTNEED(r3, 0x1, 0x50, &(0x7f0000000280)='$[\x00', 0x0) sendmsg$auto_NL80211_CMD_DEL_PMK(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x200, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_KEY_SEQ={0x7, 0xa, '3\v='}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc800}, 0x200488c5) mmap$auto(0x0, 0x2020009, 0x2000000000000081, 0xf8, 0xfffffffffffffffa, 0x8000) write$auto(r2, 0x0, 0x996) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000300), 0x4001, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) mmap$auto(0x0, 0x5810, 0xffb, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) execveat$auto(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x11000) 1.109820436s ago: executing program 6 (id=1525): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0xffff) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x7fffffffffffffff, 0x4, 0x0, 0x5, 0xe) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r1, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/devices/virtual/block/ram7/queue/iostats\x00', 0x8502, 0x0) write$auto(r2, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) read$auto_clk_dump_fops_(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_BLKRRPART(r1, 0x125f, 0x0) getpeername$auto(r0, &(0x7f0000000080)=@hci={0x1f, 0xffffffffffffffff}, &(0x7f00000000c0)=0x4) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/domainname\x00', 0x88042, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000300)='/dev/v4l-subdev0\x00', 0x200000, 0x0) madvise$auto(0x0, 0xf663, 0x15) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x1c1041, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x100000009, 0x7) ioctl$auto_FIFREEZE(r3, 0xc0045878, 0xfff) sendmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x5, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) 964.529859ms ago: executing program 4 (id=1526): r0 = socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x8001) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x210040, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x21, 0x3, 0x9) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x4, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, 0x0, 0x100000a3d9) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/fs/cifs/dfscache\x00', 0x0, 0x0) pread64$auto(r3, 0x0, 0x3, 0x6c2) r4 = ioctl$auto_TUNSETGROUP(r2, 0x400454ce, &(0x7f00000002c0)=0x401) close_range$auto(r0, r4, 0x7) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mincore$auto(0x1000, 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0xb0903, 0x0) 872.631µs ago: executing program 3 (id=1528): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000062c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f00000000c0)={0xfffffffffffffffd, 0x0, &(0x7f0000006340)={&(0x7f0000000100)={0x28, r1, 0x38f, 0x70bd29, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4044040}, 0x4000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006400)={0x2e20, 0x0, 0x1, 0x51bd2e, 0x25dfcbfb, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x2e07}]}, 0x2e20}, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) r4 = socket(0x2c, 0x3, 0x0) getsockopt$auto_SO_DEBUG(r4, 0x4, 0x1, 0x0, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x42a120, 0x0) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, &(0x7f0000000c00)) madvise$auto(0x0, 0x2000040080000004, 0xe) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r6, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) r7 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r7, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, 0x0, 0x1) 0s ago: executing program 5 (id=1537): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xca, 0x0, 0x1ff) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2) r1 = gettid() prctl$auto(0x1000000003b, 0x1, r1, 0x5, 0x7) tkill$auto(r1, 0x7) r2 = prctl$auto_PR_SCHED_CORE_GET(0x7fffffff, 0x0, r1, 0x5a, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) socket(0x1f, 0x800, 0xffffff01) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) syz_genetlink_get_family_id$auto_netdev(&(0x7f00000000c0), r2) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(0x3, 0x0, 0x1, 0x3, 0x0, 0x2) io_uring_enter$auto(r0, 0x11, 0x2688, 0x5, 0x0, 0x7) socket(0x15, 0x5, 0x0) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): ][ T6634] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 151.695870][ T6634] netlink_rcv_skb+0x158/0x420 [ 151.695888][ T6634] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.695906][ T6634] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 151.695928][ T6634] ? netlink_deliver_tap+0x1ae/0xd30 [ 151.695945][ T6634] genl_rcv+0x28/0x40 [ 151.695959][ T6634] netlink_unicast+0x53a/0x7f0 [ 151.695976][ T6634] ? __pfx_netlink_unicast+0x10/0x10 [ 151.695996][ T6634] netlink_sendmsg+0x8d1/0xdd0 [ 151.696014][ T6634] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.696036][ T6634] ____sys_sendmsg+0xa98/0xc70 [ 151.696053][ T6634] ? copy_msghdr_from_user+0x10a/0x160 [ 151.696074][ T6634] ? __pfx_____sys_sendmsg+0x10/0x10 [ 151.696094][ T6634] ? __pfx_futex_wake_mark+0x10/0x10 [ 151.696117][ T6634] ___sys_sendmsg+0x134/0x1d0 [ 151.696139][ T6634] ? __pfx____sys_sendmsg+0x10/0x10 [ 151.696158][ T6634] ? __lock_acquire+0x622/0x1c90 [ 151.696199][ T6634] __sys_sendmsg+0x16d/0x220 [ 151.696220][ T6634] ? __pfx___sys_sendmsg+0x10/0x10 [ 151.696258][ T6634] ? __x64_sys_futex+0x1e0/0x4c0 [ 151.696287][ T6634] do_syscall_64+0xcd/0x490 [ 151.696310][ T6634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.696326][ T6634] RIP: 0033:0x7ffbae98e929 [ 151.696339][ T6634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.696353][ T6634] RSP: 002b:00007ffbaf750038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.696368][ T6634] RAX: ffffffffffffffda RBX: 00007ffbaebb6080 RCX: 00007ffbae98e929 [ 151.696378][ T6634] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000005 [ 151.696386][ T6634] RBP: 00007ffbaea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 151.696395][ T6634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 151.696403][ T6634] R13: 0000000000000000 R14: 00007ffbaebb6080 R15: 00007ffe33c10808 [ 151.696429][ T6634] [ 153.235249][ T6648] FAULT_INJECTION: forcing a failure. [ 153.235249][ T6648] name failslab, interval 1, probability 0, space 0, times 0 [ 153.248824][ T6648] CPU: 1 UID: 0 PID: 6648 Comm: syz.3.140 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 153.248859][ T6648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 153.248873][ T6648] Call Trace: [ 153.248880][ T6648] [ 153.248890][ T6648] dump_stack_lvl+0x16c/0x1f0 [ 153.248928][ T6648] should_fail_ex+0x512/0x640 [ 153.248958][ T6648] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 153.248993][ T6648] should_failslab+0xc2/0x120 [ 153.249016][ T6648] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 153.249048][ T6648] ? alloc_empty_file+0x55/0x1e0 [ 153.249074][ T6648] alloc_empty_file+0x55/0x1e0 [ 153.249098][ T6648] path_openat+0xda/0x2cb0 [ 153.249131][ T6648] ? rcu_is_watching+0x12/0xc0 [ 153.249153][ T6648] ? trace_kmem_cache_alloc+0x28/0xc0 [ 153.249177][ T6648] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 153.249208][ T6648] ? __pfx_path_openat+0x10/0x10 [ 153.249239][ T6648] ? __asan_memcpy+0x3c/0x60 [ 153.249279][ T6648] do_file_open_root+0x322/0x610 [ 153.249314][ T6648] ? __pfx_do_file_open_root+0x10/0x10 [ 153.249376][ T6648] ? vsnprintf+0x318/0x1160 [ 153.249409][ T6648] file_open_root+0x2a7/0x450 [ 153.249442][ T6648] ? __pfx_file_open_root+0x10/0x10 [ 153.249471][ T6648] ? find_held_lock+0x2b/0x80 [ 153.249499][ T6648] ? kernel_read_file_from_path_initns+0x17a/0x260 [ 153.249531][ T6648] kernel_read_file_from_path_initns+0x189/0x260 [ 153.249558][ T6648] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 153.249583][ T6648] ? trace_kmem_cache_alloc+0x28/0xc0 [ 153.249609][ T6648] ? _request_firmware+0x503/0x1470 [ 153.249642][ T6648] _request_firmware+0x744/0x1470 [ 153.249680][ T6648] ? __pfx__request_firmware+0x10/0x10 [ 153.249719][ T6648] request_firmware+0x35/0x50 [ 153.249747][ T6648] valid_regdb+0x188/0x590 [ 153.249769][ T6648] ? __pfx___mutex_lock+0x10/0x10 [ 153.249801][ T6648] ? __pfx_valid_regdb+0x10/0x10 [ 153.249831][ T6648] reg_reload_regdb+0x11e/0x460 [ 153.249856][ T6648] ? __pfx_reg_reload_regdb+0x10/0x10 [ 153.249883][ T6648] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 153.249912][ T6648] ? nl80211_pre_doit+0x1b0/0xb10 [ 153.249946][ T6648] genl_family_rcv_msg_doit+0x209/0x2f0 [ 153.249975][ T6648] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 153.250000][ T6648] ? rcu_is_watching+0x12/0xc0 [ 153.250032][ T6648] ? bpf_lsm_capable+0x9/0x10 [ 153.250056][ T6648] ? security_capable+0x7e/0x260 [ 153.250096][ T6648] genl_rcv_msg+0x55c/0x800 [ 153.250126][ T6648] ? __pfx_genl_rcv_msg+0x10/0x10 [ 153.250152][ T6648] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 153.250180][ T6648] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 153.250203][ T6648] ? __pfx_nl80211_post_doit+0x10/0x10 [ 153.250245][ T6648] netlink_rcv_skb+0x158/0x420 [ 153.250268][ T6648] ? __pfx_genl_rcv_msg+0x10/0x10 [ 153.250295][ T6648] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 153.250331][ T6648] ? netlink_deliver_tap+0x1ae/0xd30 [ 153.250358][ T6648] genl_rcv+0x28/0x40 [ 153.250380][ T6648] netlink_unicast+0x53a/0x7f0 [ 153.250406][ T6648] ? __pfx_netlink_unicast+0x10/0x10 [ 153.250438][ T6648] netlink_sendmsg+0x8d1/0xdd0 [ 153.250466][ T6648] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.250506][ T6648] ____sys_sendmsg+0xa98/0xc70 [ 153.250532][ T6648] ? copy_msghdr_from_user+0x10a/0x160 [ 153.250563][ T6648] ? __pfx_____sys_sendmsg+0x10/0x10 [ 153.250594][ T6648] ? __pfx_futex_wake_mark+0x10/0x10 [ 153.250632][ T6648] ___sys_sendmsg+0x134/0x1d0 [ 153.250665][ T6648] ? __pfx____sys_sendmsg+0x10/0x10 [ 153.250694][ T6648] ? __lock_acquire+0x622/0x1c90 [ 153.250759][ T6648] __sys_sendmsg+0x16d/0x220 [ 153.250790][ T6648] ? __pfx___sys_sendmsg+0x10/0x10 [ 153.250820][ T6648] ? __x64_sys_futex+0x1e0/0x4c0 [ 153.250865][ T6648] do_syscall_64+0xcd/0x490 [ 153.250898][ T6648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.250921][ T6648] RIP: 0033:0x7fb56458e929 [ 153.250941][ T6648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.250961][ T6648] RSP: 002b:00007fb5654ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.250983][ T6648] RAX: ffffffffffffffda RBX: 00007fb5647b5fa0 RCX: 00007fb56458e929 [ 153.250999][ T6648] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000008 [ 153.251013][ T6648] RBP: 00007fb564610b39 R08: 0000000000000000 R09: 0000000000000000 [ 153.251027][ T6648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 153.251040][ T6648] R13: 0000000000000000 R14: 00007fb5647b5fa0 R15: 00007fff23e92528 [ 153.251072][ T6648] [ 153.251124][ T6648] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc3-syzkaller-00057-g92ca6c498a5e/regulatory.db.p7s failed with error -12 [ 154.026731][ T6648] syz.3.140 (6648) used greatest stack depth: 17976 bytes left [ 154.212546][ T6660] netlink: 354 bytes leftover after parsing attributes in process `syz.3.143'. [ 155.037256][ T30] audit: type=1804 audit(6045850401.085:5): pid=6663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.144" name="/newroot/41/file0" dev="tmpfs" ino=234 res=1 errno=0 [ 155.096162][ T30] audit: type=1800 audit(6045850401.085:6): pid=6663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.144" name="file0" dev="tmpfs" ino=234 res=0 errno=0 [ 156.132271][ T6698] netlink: 4 bytes leftover after parsing attributes in process `syz.3.150'. [ 157.641554][ T6718] netlink: 4 bytes leftover after parsing attributes in process `syz.1.154'. [ 160.715766][ T6768] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 160.715766][ T6768] The task syz.1.163 (6768) triggered the difference, watch for misbehavior. [ 162.164611][ T6773] random: crng reseeded on system resumption [ 162.869866][ T6790] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 163.119044][ T6796] FAULT_INJECTION: forcing a failure. [ 163.119044][ T6796] name failslab, interval 1, probability 0, space 0, times 0 [ 163.198959][ T6796] CPU: 1 UID: 0 PID: 6796 Comm: syz.0.169 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 163.198996][ T6796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.199011][ T6796] Call Trace: [ 163.199020][ T6796] [ 163.199029][ T6796] dump_stack_lvl+0x16c/0x1f0 [ 163.199070][ T6796] should_fail_ex+0x512/0x640 [ 163.199102][ T6796] ? __kvmalloc_node_noprof+0x124/0x620 [ 163.199140][ T6796] should_failslab+0xc2/0x120 [ 163.199164][ T6796] __kvmalloc_node_noprof+0x137/0x620 [ 163.199196][ T6796] ? __pfx___mutex_lock+0x10/0x10 [ 163.199232][ T6796] ? nf_hook_entries_grow+0x22b/0x860 [ 163.199269][ T6796] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 163.199307][ T6796] ? nf_hook_entries_grow+0x22b/0x860 [ 163.199338][ T6796] nf_hook_entries_grow+0x22b/0x860 [ 163.199384][ T6796] __nf_register_net_hook+0x1cd/0x730 [ 163.199424][ T6796] nf_register_net_hook+0x109/0x160 [ 163.199459][ T6796] nf_register_net_hooks+0x5d/0xd0 [ 163.199494][ T6796] ? __pfx_apparmor_nf_register+0x10/0x10 [ 163.199538][ T6796] ops_init+0x1df/0x5f0 [ 163.199581][ T6796] setup_net+0x1ff/0x510 [ 163.199602][ T6796] ? lockdep_init_map_type+0x5c/0x280 [ 163.199633][ T6796] ? __pfx_setup_net+0x10/0x10 [ 163.199658][ T6796] ? debug_mutex_init+0x37/0x70 [ 163.199685][ T6796] copy_net_ns+0x2a6/0x5f0 [ 163.199713][ T6796] create_new_namespaces+0x3ea/0xa90 [ 163.199748][ T6796] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 163.199776][ T6796] ksys_unshare+0x45b/0xa40 [ 163.199807][ T6796] ? __pfx_ksys_unshare+0x10/0x10 [ 163.199837][ T6796] ? xfd_validate_state+0x61/0x180 [ 163.199877][ T6796] __x64_sys_unshare+0x31/0x40 [ 163.199910][ T6796] do_syscall_64+0xcd/0x490 [ 163.199949][ T6796] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.199974][ T6796] RIP: 0033:0x7f2f4f18e929 [ 163.199995][ T6796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.200019][ T6796] RSP: 002b:00007f2f4ffe8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 163.200042][ T6796] RAX: ffffffffffffffda RBX: 00007f2f4f3b5fa0 RCX: 00007f2f4f18e929 [ 163.200060][ T6796] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 163.200075][ T6796] RBP: 00007f2f4f210b39 R08: 0000000000000000 R09: 0000000000000000 [ 163.200090][ T6796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 163.200104][ T6796] R13: 0000000000000000 R14: 00007f2f4f3b5fa0 R15: 00007ffc5bead458 [ 163.200136][ T6796] syzkaller syzkaller login: [ 164.156972][ T6806] netlink: 504 bytes leftover after parsing attributes in process `syz.3.170'. [ 164.269218][ T6812] netlink: 350 bytes leftover after parsing attributes in process `syz.3.170'. [ 165.776808][ T5841] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 166.632295][ T6837] FAULT_INJECTION: forcing a failure. [ 166.632295][ T6837] name failslab, interval 1, probability 0, space 0, times 0 [ 166.667548][ T6837] CPU: 1 UID: 0 PID: 6837 Comm: syz.3.177 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 166.667588][ T6837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.667604][ T6837] Call Trace: [ 166.667613][ T6837] [ 166.667623][ T6837] dump_stack_lvl+0x16c/0x1f0 [ 166.667666][ T6837] should_fail_ex+0x512/0x640 [ 166.667700][ T6837] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 166.667741][ T6837] should_failslab+0xc2/0x120 [ 166.667766][ T6837] __kmalloc_cache_node_noprof+0x6d/0x420 [ 166.667803][ T6837] ? bdi_alloc+0x44/0x170 [ 166.667830][ T6837] bdi_alloc+0x44/0x170 [ 166.667853][ T6837] __alloc_disk_node+0xac/0x630 [ 166.667892][ T6837] __blk_mq_alloc_disk+0x89/0x120 [ 166.667928][ T6837] loop_add+0x49e/0xb70 [ 166.667955][ T6837] ? do_vfs_ioctl+0x523/0x1a60 [ 166.667999][ T6837] ? __pfx_loop_add+0x10/0x10 [ 166.668024][ T6837] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 166.668077][ T6837] ? find_held_lock+0x2b/0x80 [ 166.668108][ T6837] loop_control_ioctl+0x13e/0x630 [ 166.668137][ T6837] ? __pfx_loop_control_ioctl+0x10/0x10 [ 166.668171][ T6837] ? __pfx_loop_control_ioctl+0x10/0x10 [ 166.668202][ T6837] __x64_sys_ioctl+0x18b/0x210 [ 166.668231][ T6837] do_syscall_64+0xcd/0x490 [ 166.668270][ T6837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.668297][ T6837] RIP: 0033:0x7fb56458e929 [ 166.668319][ T6837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.668342][ T6837] RSP: 002b:00007fb5654ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 166.668366][ T6837] RAX: ffffffffffffffda RBX: 00007fb5647b5fa0 RCX: 00007fb56458e929 [ 166.668382][ T6837] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000008 [ 166.668396][ T6837] RBP: 00007fb564610b39 R08: 0000000000000000 R09: 0000000000000000 [ 166.668411][ T6837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.668425][ T6837] R13: 0000000000000000 R14: 00007fb5647b5fa0 R15: 00007fff23e92528 [ 166.668458][ T6837] [ 167.705423][ T6852] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input10 [ 171.082102][ T6909] Invalid ELF header magic: != ELF [ 171.113440][ T5841] Bluetooth: hci2: unexpected event 0x3d length: 726 > 14 [ 171.180494][ T6909] net_ratelimit: 7 callbacks suppressed [ 171.180518][ T6909] netlink: zone id is out of range [ 171.311119][ T6909] netlink: zone id is out of range [ 171.471662][ T6909] netlink: zone id is out of range [ 171.486080][ T6909] netlink: zone id is out of range [ 171.548989][ T6909] netlink: zone id is out of range [ 171.657169][ T6924] ======================================================= [ 171.657169][ T6924] WARNING: The mand mount option has been deprecated and [ 171.657169][ T6924] and is ignored by this kernel. Remove the mand [ 171.657169][ T6924] option from the mount to silence this warning. [ 171.657169][ T6924] ======================================================= [ 171.692204][ C1] vkms_vblank_simulate: vblank timer overrun [ 175.471209][ T6977] tipc: Started in network mode [ 175.487350][ T6977] tipc: Node identity ee00, cluster identity 4711 [ 175.495510][ T6977] tipc: Node number set to 60928 [ 177.763081][ T7007] netlink: 350 bytes leftover after parsing attributes in process `syz.0.208'. [ 179.674816][ T7028] syz.1.213 (7028): attempted to duplicate a private mapping with mremap. This is not supported. [ 182.219463][ T7074] netlink: 4 bytes leftover after parsing attributes in process `syz.2.222'. [ 183.029342][ T7091] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 183.521973][ T7092] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 184.407426][ T7102] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 184.436753][ T7102] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 184.477588][ T7102] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 184.502535][ T7109] Invalid ELF header magic: != ELF [ 184.510064][ T7102] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 185.694267][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 186.591357][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 186.594798][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 186.597588][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 187.655899][ T7148] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 187.675431][ T7148] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 187.681523][ T7148] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 187.694444][ T7148] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 188.538821][ T7172] netlink: 4 bytes leftover after parsing attributes in process `syz.3.241'. [ 188.620038][ T7176] netlink: 354 bytes leftover after parsing attributes in process `syz.3.241'. [ 189.694351][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 189.695817][ T5839] Bluetooth: hci2: command 0x0c1a tx timeout [ 189.700596][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 189.774902][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 191.523446][ T7206] Invalid ELF header magic: != ELF [ 191.919402][ T7207] random: crng reseeded on system resumption [ 192.634700][ T7218] FAULT_INJECTION: forcing a failure. [ 192.634700][ T7218] name failslab, interval 1, probability 0, space 0, times 0 [ 192.647960][ T7218] CPU: 0 UID: 0 PID: 7218 Comm: syz.2.250 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 192.647999][ T7218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 192.648019][ T7218] Call Trace: [ 192.648028][ T7218] [ 192.648042][ T7218] dump_stack_lvl+0x16c/0x1f0 [ 192.648086][ T7218] should_fail_ex+0x512/0x640 [ 192.648120][ T7218] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 192.648161][ T7218] should_failslab+0xc2/0x120 [ 192.648187][ T7218] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 192.648226][ T7218] ? __d_alloc+0x31/0xaa0 [ 192.648267][ T7218] __d_alloc+0x31/0xaa0 [ 192.648307][ T7218] d_alloc+0x4a/0x1e0 [ 192.648345][ T7218] d_alloc_parallel+0xe3/0x12e0 [ 192.648384][ T7218] ? find_held_lock+0x2b/0x80 [ 192.648412][ T7218] ? __pfx_d_alloc_parallel+0x10/0x10 [ 192.648445][ T7218] ? __d_lookup+0x266/0x4a0 [ 192.648476][ T7218] lookup_open.isra.0+0x665/0x1580 [ 192.648513][ T7218] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 192.648565][ T7218] ? mnt_get_write_access+0x20c/0x300 [ 192.648599][ T7218] path_openat+0x893/0x2cb0 [ 192.648645][ T7218] ? __pfx_path_openat+0x10/0x10 [ 192.648682][ T7218] ? __lock_acquire+0xb8a/0x1c90 [ 192.648732][ T7218] do_filp_open+0x20b/0x470 [ 192.648771][ T7218] ? __pfx_do_filp_open+0x10/0x10 [ 192.648835][ T7218] ? alloc_fd+0x471/0x7d0 [ 192.648877][ T7218] do_sys_openat2+0x11b/0x1d0 [ 192.648905][ T7218] ? __pfx_do_sys_openat2+0x10/0x10 [ 192.648947][ T7218] __x64_sys_openat+0x174/0x210 [ 192.648976][ T7218] ? __pfx___x64_sys_openat+0x10/0x10 [ 192.649019][ T7218] do_syscall_64+0xcd/0x490 [ 192.649059][ T7218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.649085][ T7218] RIP: 0033:0x7ffbae98e929 [ 192.649107][ T7218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.649131][ T7218] RSP: 002b:00007ffbaf771038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 192.649158][ T7218] RAX: ffffffffffffffda RBX: 00007ffbaebb5fa0 RCX: 00007ffbae98e929 [ 192.649175][ T7218] RDX: 0000000000001182 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 192.649191][ T7218] RBP: 00007ffbaea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 192.649207][ T7218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.649222][ T7218] R13: 0000000000000000 R14: 00007ffbaebb5fa0 R15: 00007ffe33c10808 [ 192.649260][ T7218] [ 194.420001][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.427351][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 syzkaller syzkaller login: [ 195.483032][ T7245] netlink: 12 bytes leftover after parsing attributes in process `syz.2.256'. [ 196.089296][ T7244] HfR: entered promiscuous mode [ 196.096883][ T7245] openvswitch: HfR: Dropping previously announced user features [ 196.653459][ T7261] FAULT_INJECTION: forcing a failure. [ 196.653459][ T7261] name failslab, interval 1, probability 0, space 0, times 0 [ 196.717164][ T7261] CPU: 1 UID: 0 PID: 7261 Comm: syz.1.257 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 196.717207][ T7261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 196.717221][ T7261] Call Trace: [ 196.717229][ T7261] [ 196.717239][ T7261] dump_stack_lvl+0x16c/0x1f0 [ 196.717284][ T7261] should_fail_ex+0x512/0x640 [ 196.717318][ T7261] ? fs_reclaim_acquire+0xae/0x150 [ 196.717360][ T7261] should_failslab+0xc2/0x120 [ 196.717386][ T7261] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 196.717425][ T7261] ? security_inode_alloc+0x3b/0x2b0 [ 196.717460][ T7261] security_inode_alloc+0x3b/0x2b0 [ 196.717488][ T7261] inode_init_always_gfp+0xce4/0x1030 [ 196.717527][ T7261] alloc_inode+0x86/0x240 [ 196.717552][ T7261] new_inode+0x22/0x1c0 [ 196.717580][ T7261] debugfs_create_dir+0xdd/0x5f0 [ 196.717615][ T7261] ptp_open+0x307/0x520 [ 196.717650][ T7261] ? __pfx_ptp_open+0x10/0x10 [ 196.717689][ T7261] ? __pfx_ptp_open+0x10/0x10 [ 196.717717][ T7261] posix_clock_open+0x17b/0x290 [ 196.717748][ T7261] ? __pfx_posix_clock_open+0x10/0x10 [ 196.717774][ T7261] chrdev_open+0x231/0x6a0 [ 196.717808][ T7261] ? __pfx_apparmor_file_open+0x10/0x10 [ 196.717838][ T7261] ? __pfx_chrdev_open+0x10/0x10 [ 196.717877][ T7261] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 196.717916][ T7261] do_dentry_open+0x744/0x1c10 [ 196.717953][ T7261] ? __pfx_chrdev_open+0x10/0x10 [ 196.717996][ T7261] vfs_open+0x82/0x3f0 [ 196.718028][ T7261] path_openat+0x1de4/0x2cb0 [ 196.718075][ T7261] ? __pfx_path_openat+0x10/0x10 [ 196.718109][ T7261] ? __lock_acquire+0xb8a/0x1c90 [ 196.718146][ T7261] do_filp_open+0x20b/0x470 [ 196.718180][ T7261] ? __pfx_do_filp_open+0x10/0x10 [ 196.718243][ T7261] ? alloc_fd+0x471/0x7d0 [ 196.718285][ T7261] do_sys_openat2+0x11b/0x1d0 [ 196.718312][ T7261] ? __pfx_do_sys_openat2+0x10/0x10 [ 196.718359][ T7261] __x64_sys_openat+0x174/0x210 [ 196.718386][ T7261] ? __pfx___x64_sys_openat+0x10/0x10 [ 196.718423][ T7261] do_syscall_64+0xcd/0x490 [ 196.718455][ T7261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.718479][ T7261] RIP: 0033:0x7f6e59d8e929 [ 196.718500][ T7261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.718522][ T7261] RSP: 002b:00007f6e5ab44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 196.718545][ T7261] RAX: ffffffffffffffda RBX: 00007f6e59fb6080 RCX: 00007f6e59d8e929 [ 196.718561][ T7261] RDX: 0000000000000440 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 196.718576][ T7261] RBP: 00007f6e59e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 196.718591][ T7261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 196.718605][ T7261] R13: 0000000000000000 R14: 00007f6e59fb6080 R15: 00007ffc1bc34d88 [ 196.718639][ T7261] [ 196.721274][ T7261] debugfs: out of free dentries, can not create directory '0xffff8880331b4000' [ 198.224963][ T7288] FAULT_INJECTION: forcing a failure. [ 198.224963][ T7288] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 198.264826][ T7288] CPU: 0 UID: 0 PID: 7288 Comm: syz.0.265 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 198.264864][ T7288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.264877][ T7288] Call Trace: [ 198.264886][ T7288] [ 198.264896][ T7288] dump_stack_lvl+0x16c/0x1f0 [ 198.264936][ T7288] should_fail_ex+0x512/0x640 [ 198.264977][ T7288] should_fail_alloc_page+0xe7/0x130 [ 198.265002][ T7288] prepare_alloc_pages+0x3c2/0x610 [ 198.265028][ T7288] ? __lock_acquire+0x622/0x1c90 [ 198.265064][ T7288] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 198.265111][ T7288] ? find_held_lock+0x2b/0x80 [ 198.265135][ T7288] ? mtree_load+0x309/0xa40 [ 198.265167][ T7288] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 198.265206][ T7288] ? mtree_load+0x325/0xa40 [ 198.265246][ T7288] ? __up_read+0x1f8/0x750 [ 198.265296][ T7288] ? __pfx___up_read+0x10/0x10 [ 198.265331][ T7288] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 198.265371][ T7288] ? policy_nodemask+0xea/0x4e0 [ 198.265398][ T7288] alloc_pages_mpol+0x1fb/0x550 [ 198.265424][ T7288] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 198.265449][ T7288] ? do_raw_spin_lock+0x12c/0x2b0 [ 198.265484][ T7288] ? __pfx___access_remote_vm+0x10/0x10 [ 198.265524][ T7288] alloc_pages_noprof+0x131/0x390 [ 198.265548][ T7288] get_free_pages_noprof+0x10/0xb0 [ 198.265573][ T7288] proc_pid_cmdline_read+0x46d/0x900 [ 198.265606][ T7288] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 198.265636][ T7288] ? rw_verify_area+0xcf/0x680 [ 198.265664][ T7288] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 198.265694][ T7288] vfs_read+0x1e4/0xc60 [ 198.265730][ T7288] ? __pfx___mutex_lock+0x10/0x10 [ 198.265765][ T7288] ? __pfx_vfs_read+0x10/0x10 [ 198.265804][ T7288] ? __fget_files+0x20e/0x3c0 [ 198.265845][ T7288] ksys_read+0x12a/0x250 [ 198.265877][ T7288] ? __pfx_ksys_read+0x10/0x10 [ 198.265921][ T7288] do_syscall_64+0xcd/0x490 [ 198.265960][ T7288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.265985][ T7288] RIP: 0033:0x7f2f4f18e929 [ 198.266005][ T7288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.266046][ T7288] RSP: 002b:00007f2f4ffe8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 198.266071][ T7288] RAX: ffffffffffffffda RBX: 00007f2f4f3b5fa0 RCX: 00007f2f4f18e929 [ 198.266086][ T7288] RDX: 000000000000009f RSI: 0000200000000040 RDI: 0000000000000007 [ 198.266099][ T7288] RBP: 00007f2f4f210b39 R08: 0000000000000000 R09: 0000000000000000 [ 198.266114][ T7288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.266127][ T7288] R13: 0000000000000000 R14: 00007f2f4f3b5fa0 R15: 00007ffc5bead458 [ 198.266161][ T7288] [ 198.625316][ T7286] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 200.407477][ T7304] netlink: 8 bytes leftover after parsing attributes in process `syz.3.269'. [ 200.928898][ T7312] netlink: 296 bytes leftover after parsing attributes in process `syz.2.271'. [ 201.928430][ T7336] FAULT_INJECTION: forcing a failure. [ 201.928430][ T7336] name failslab, interval 1, probability 0, space 0, times 0 [ 202.100955][ T7336] CPU: 0 UID: 0 PID: 7336 Comm: syz.2.274 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 202.100995][ T7336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 202.101010][ T7336] Call Trace: [ 202.101018][ T7336] [ 202.101028][ T7336] dump_stack_lvl+0x16c/0x1f0 [ 202.101073][ T7336] should_fail_ex+0x512/0x640 [ 202.101108][ T7336] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 202.101148][ T7336] should_failslab+0xc2/0x120 [ 202.101173][ T7336] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 202.101207][ T7336] ? __proc_create+0xc3/0x8c0 [ 202.101241][ T7336] ? __proc_create+0x2ce/0x8c0 [ 202.101282][ T7336] __proc_create+0x2ce/0x8c0 [ 202.101319][ T7336] ? __pfx___proc_create+0x10/0x10 [ 202.101359][ T7336] ? proc_register+0x314/0x5f0 [ 202.101402][ T7336] proc_create_reg+0x7d/0x180 [ 202.101429][ T7336] proc_create_net_data+0x8e/0x1b0 [ 202.101466][ T7336] ? __pfx_proc_create_net_data+0x10/0x10 [ 202.101494][ T7336] ? __pfx_uevent_net_rcv+0x10/0x10 [ 202.101523][ T7336] ? __pfx_dev_mc_net_init+0x10/0x10 [ 202.101553][ T7336] dev_mc_net_init+0x50/0x70 [ 202.101582][ T7336] ops_init+0x1df/0x5f0 [ 202.101633][ T7336] setup_net+0x1ff/0x510 [ 202.101656][ T7336] ? lockdep_init_map_type+0x5c/0x280 [ 202.101690][ T7336] ? __pfx_setup_net+0x10/0x10 [ 202.101715][ T7336] ? debug_mutex_init+0x37/0x70 [ 202.101744][ T7336] copy_net_ns+0x2a6/0x5f0 [ 202.101773][ T7336] create_new_namespaces+0x3ea/0xa90 [ 202.101810][ T7336] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 202.101840][ T7336] ksys_unshare+0x45b/0xa40 [ 202.101867][ T7336] ? __pfx_ksys_unshare+0x10/0x10 [ 202.101900][ T7336] ? xfd_validate_state+0x61/0x180 [ 202.101943][ T7336] __x64_sys_unshare+0x31/0x40 [ 202.101973][ T7336] do_syscall_64+0xcd/0x490 [ 202.102011][ T7336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.102037][ T7336] RIP: 0033:0x7ffbae98e929 [ 202.102059][ T7336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.102084][ T7336] RSP: 002b:00007ffbaf750038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 202.102108][ T7336] RAX: ffffffffffffffda RBX: 00007ffbaebb6080 RCX: 00007ffbae98e929 [ 202.102125][ T7336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 202.102141][ T7336] RBP: 00007ffbaea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 202.102157][ T7336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 202.102172][ T7336] R13: 0000000000000000 R14: 00007ffbaebb6080 R15: 00007ffe33c10808 [ 202.102207][ T7336] [ 204.141441][ T7351] netlink: 28 bytes leftover after parsing attributes in process `syz.0.278'. [ 205.081121][ T7351] team0: Port device team_slave_1 removed [ 208.096651][ T7400] FAULT_INJECTION: forcing a failure. [ 208.096651][ T7400] name failslab, interval 1, probability 0, space 0, times 0 [ 208.127690][ T7400] CPU: 0 UID: 0 PID: 7400 Comm: syz.0.287 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 208.127735][ T7400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 208.127751][ T7400] Call Trace: [ 208.127762][ T7400] [ 208.127773][ T7400] dump_stack_lvl+0x16c/0x1f0 [ 208.127819][ T7400] should_fail_ex+0x512/0x640 [ 208.127854][ T7400] ? fs_reclaim_acquire+0xae/0x150 [ 208.127889][ T7400] should_failslab+0xc2/0x120 [ 208.127915][ T7400] __kmalloc_cache_noprof+0x6a/0x3e0 [ 208.127949][ T7400] ? tomoyo_find_next_domain+0x145/0x20b0 [ 208.127977][ T7400] ? kasan_save_track+0x14/0x30 [ 208.128013][ T7400] tomoyo_find_next_domain+0x145/0x20b0 [ 208.128057][ T7400] ? __pfx_tomoyo_find_next_domain+0x10/0x10 [ 208.128100][ T7400] tomoyo_bprm_check_security+0x12e/0x1d0 [ 208.128140][ T7400] ? tomoyo_bprm_check_security+0x120/0x1d0 [ 208.128180][ T7400] security_bprm_check+0x1b9/0x1e0 [ 208.128206][ T7400] bprm_execve+0x810/0x1650 [ 208.128247][ T7400] ? __pfx_bprm_execve+0x10/0x10 [ 208.128292][ T7400] ? copy_string_kernel+0x444/0x510 [ 208.128336][ T7400] do_execveat_common.isra.0+0x4a5/0x610 [ 208.128380][ T7400] __x64_sys_execve+0x8e/0xb0 [ 208.128418][ T7400] do_syscall_64+0xcd/0x490 [ 208.128461][ T7400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.128488][ T7400] RIP: 0033:0x7f2f4f18e929 [ 208.128509][ T7400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.128534][ T7400] RSP: 002b:00007f2f4ffc7038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 208.128560][ T7400] RAX: ffffffffffffffda RBX: 00007f2f4f3b6080 RCX: 00007f2f4f18e929 [ 208.128578][ T7400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 208.128594][ T7400] RBP: 00007f2f4f210b39 R08: 0000000000000000 R09: 0000000000000000 [ 208.128609][ T7400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.128624][ T7400] R13: 0000000000000000 R14: 00007f2f4f3b6080 R15: 00007ffc5bead458 [ 208.128661][ T7400] [ 208.915638][ T7413] vivid-009: ================= START STATUS ================= [ 209.051370][ T7413] vivid-009: Enable Output Cropping: true grabbed [ 209.113405][ T7413] vivid-009: Enable Output Composing: true grabbed [ 209.124220][ T7413] vivid-009: Enable Output Scaler: true grabbed [ 209.130787][ T7413] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 209.168685][ T7413] vivid-009: Transmit Mode: HDMI grabbed [ 209.174731][ T7413] vivid-009: Hotplug Present: 0x00000000 [ 209.180429][ T7413] vivid-009: RxSense Present: 0x00000000 [ 209.284162][ T7413] vivid-009: EDID Present: 0x00000000 [ 209.321885][ T7416] block nbd7: not configured, cannot reconfigure [ 209.334203][ T7413] vivid-009: ================== END STATUS ================== [ 209.420091][ T7403] Invalid ELF header magic: != ELF [ 213.466634][ T7452] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 213.628174][ T7456] snd_virmidi snd_virmidi.0: control 5:9:1:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 216.231156][ T5841] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 217.424767][ T7515] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma? [ 217.961898][ T7518] netlink: 12 bytes leftover after parsing attributes in process `syz.0.308'. [ 219.156619][ T7532] input: 00 [ 219.156619][ T7532] as /devices/virtual/input/input15 [ 219.193446][ T7532] FAULT_INJECTION: forcing a failure. [ 219.193446][ T7532] name failslab, interval 1, probability 0, space 0, times 0 [ 219.279267][ T7532] CPU: 0 UID: 0 PID: 7532 Comm: syz.2.310 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 219.279305][ T7532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.279317][ T7532] Call Trace: [ 219.279325][ T7532] [ 219.279335][ T7532] dump_stack_lvl+0x16c/0x1f0 [ 219.279377][ T7532] should_fail_ex+0x512/0x640 [ 219.279409][ T7532] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 219.279448][ T7532] should_failslab+0xc2/0x120 [ 219.279473][ T7532] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 219.279508][ T7532] ? __kernfs_new_node+0xd2/0x8e0 [ 219.279545][ T7532] __kernfs_new_node+0xd2/0x8e0 [ 219.279583][ T7532] ? __pfx___kernfs_new_node+0x10/0x10 [ 219.279624][ T7532] ? find_held_lock+0x2b/0x80 [ 219.279649][ T7532] ? kernfs_root+0xee/0x2a0 [ 219.279687][ T7532] kernfs_new_node+0x13c/0x1e0 [ 219.279727][ T7532] __kernfs_create_file+0x53/0x350 [ 219.279759][ T7532] sysfs_add_file_mode_ns+0x207/0x3c0 [ 219.279798][ T7532] sysfs_create_file_ns+0x13d/0x1d0 [ 219.279829][ T7532] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 219.279863][ T7532] ? mark_held_locks+0x49/0x80 [ 219.279912][ T7532] device_create_file+0xf2/0x1e0 [ 219.279945][ T7532] device_add+0xa2b/0x1a70 [ 219.279975][ T7532] ? __pfx_device_add+0x10/0x10 [ 219.279999][ T7532] ? __pfx_exact_lock+0x10/0x10 [ 219.280038][ T7532] ? kobject_get+0xbb/0x150 [ 219.280075][ T7532] cdev_device_add+0xc2/0x1e0 [ 219.280111][ T7532] evdev_connect+0x3a4/0x4c0 [ 219.280148][ T7532] input_attach_handler.isra.0+0x181/0x260 [ 219.280184][ T7532] input_register_device+0xa84/0x1130 [ 219.280222][ T7532] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 219.280251][ T7532] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 219.280283][ T7532] ? find_held_lock+0x2b/0x80 [ 219.280326][ T7532] ? __pfx_uinput_ioctl+0x10/0x10 [ 219.280350][ T7532] __x64_sys_ioctl+0x18b/0x210 [ 219.280381][ T7532] do_syscall_64+0xcd/0x490 [ 219.280419][ T7532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.280445][ T7532] RIP: 0033:0x7ffbae98e929 [ 219.280465][ T7532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.280488][ T7532] RSP: 002b:00007ffbaf771038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 219.280511][ T7532] RAX: ffffffffffffffda RBX: 00007ffbaebb5fa0 RCX: 00007ffbae98e929 [ 219.280528][ T7532] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000007 [ 219.280543][ T7532] RBP: 00007ffbaea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 219.280558][ T7532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 219.280572][ T7532] R13: 0000000000000000 R14: 00007ffbaebb5fa0 R15: 00007ffe33c10808 [ 219.280606][ T7532] [ 219.837607][ C1] sd 0:0:1:0: [sda] tag#5643 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 219.848174][ C1] sd 0:0:1:0: [sda] tag#5643 CDB: Read(6) 08 00 00 00 09 00 00 00 00 00 00 00 [ 219.926243][ T7550] netlink: 28 bytes leftover after parsing attributes in process `syz.0.312'. [ 220.086738][ T7532] input: failed to attach handler evdev to device input15, error: -12 [ 221.971596][ T7586] ima: policy update failed [ 222.024149][ T30] audit: type=1802 audit(6045850468.105:7): pid=7586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.317" res=0 errno=0 [ 222.031377][ T7586] netlink: 25 bytes leftover after parsing attributes in process `syz.1.317'. [ 224.118661][ T7627] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma? [ 224.236164][ T7629] netlink: 12 bytes leftover after parsing attributes in process `syz.2.323'. [ 230.906018][ T7722] netlink: 28 bytes leftover after parsing attributes in process `syz.1.335'. [ 231.376504][ T7722] team0: Port device team_slave_1 removed [ 232.169730][ T7745] FAULT_INJECTION: forcing a failure. [ 232.169730][ T7745] name failslab, interval 1, probability 0, space 0, times 0 [ 232.230090][ T7747] FAULT_INJECTION: forcing a failure. [ 232.230090][ T7747] name failslab, interval 1, probability 0, space 0, times 0 [ 232.275443][ T7745] CPU: 0 UID: 0 PID: 7745 Comm: syz.1.338 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 232.275483][ T7745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 232.275498][ T7745] Call Trace: [ 232.275507][ T7745] [ 232.275516][ T7745] dump_stack_lvl+0x16c/0x1f0 [ 232.275559][ T7745] should_fail_ex+0x512/0x640 [ 232.275592][ T7745] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 232.275628][ T7745] should_failslab+0xc2/0x120 [ 232.275650][ T7745] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 232.275683][ T7745] ? __proc_create+0xc3/0x8c0 [ 232.275717][ T7745] ? __proc_create+0x2ce/0x8c0 [ 232.275758][ T7745] __proc_create+0x2ce/0x8c0 [ 232.275793][ T7745] ? __pfx___proc_create+0x10/0x10 [ 232.275825][ T7745] ? __register_sysctl_table+0x736/0x1900 [ 232.275866][ T7745] ? _raw_spin_unlock+0x28/0x50 [ 232.275911][ T7745] proc_create_reg+0x7d/0x180 [ 232.275936][ T7745] proc_create_net_data+0x8e/0x1b0 [ 232.275977][ T7745] ? __pfx_proc_create_net_data+0x10/0x10 [ 232.276022][ T7745] ? __pfx_arp_net_init+0x10/0x10 [ 232.276051][ T7745] arp_net_init+0x53/0x70 [ 232.276080][ T7745] ops_init+0x1df/0x5f0 [ 232.276121][ T7745] setup_net+0x1ff/0x510 [ 232.276143][ T7745] ? lockdep_init_map_type+0x5c/0x280 [ 232.276176][ T7745] ? __pfx_setup_net+0x10/0x10 [ 232.276201][ T7745] ? debug_mutex_init+0x37/0x70 [ 232.276228][ T7745] copy_net_ns+0x2a6/0x5f0 [ 232.276258][ T7745] create_new_namespaces+0x3ea/0xa90 [ 232.276290][ T7745] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 232.276318][ T7745] ksys_unshare+0x45b/0xa40 [ 232.276348][ T7745] ? __pfx_ksys_unshare+0x10/0x10 [ 232.276379][ T7745] ? xfd_validate_state+0x61/0x180 [ 232.276420][ T7745] __x64_sys_unshare+0x31/0x40 [ 232.276450][ T7745] do_syscall_64+0xcd/0x490 [ 232.276487][ T7745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.276512][ T7745] RIP: 0033:0x7f6e59d8e929 [ 232.276534][ T7745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.276558][ T7745] RSP: 002b:00007f6e5ab44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 232.276582][ T7745] RAX: ffffffffffffffda RBX: 00007f6e59fb6080 RCX: 00007f6e59d8e929 [ 232.276600][ T7745] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 232.276615][ T7745] RBP: 00007f6e59e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 232.276630][ T7745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 232.276643][ T7745] R13: 0000000000000000 R14: 00007f6e59fb6080 R15: 00007ffc1bc34d88 [ 232.276676][ T7745] [ 232.607762][ T7747] CPU: 0 UID: 0 PID: 7747 Comm: syz.0.339 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 232.607800][ T7747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 232.607814][ T7747] Call Trace: [ 232.607823][ T7747] [ 232.607832][ T7747] dump_stack_lvl+0x16c/0x1f0 [ 232.607877][ T7747] should_fail_ex+0x512/0x640 [ 232.607911][ T7747] ? __kmalloc_noprof+0xbf/0x510 [ 232.607946][ T7747] ? constrain_params_by_rules+0x175/0xca0 [ 232.607975][ T7747] should_failslab+0xc2/0x120 [ 232.608000][ T7747] __kmalloc_noprof+0xd2/0x510 [ 232.608032][ T7747] ? unwind_get_return_address+0x59/0xa0 [ 232.608066][ T7747] ? arch_stack_walk+0xa6/0x100 [ 232.608105][ T7747] constrain_params_by_rules+0x175/0xca0 [ 232.608138][ T7747] ? stack_trace_save+0x8e/0xc0 [ 232.608164][ T7747] ? stack_depot_save_flags+0x28/0xa40 [ 232.608199][ T7747] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 232.608234][ T7747] ? __kasan_kmalloc+0xaa/0xb0 [ 232.608266][ T7747] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 232.608289][ T7747] ? snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 232.608315][ T7747] ? snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 232.608350][ T7747] ? rcu_is_watching+0x12/0xc0 [ 232.608373][ T7747] ? snd_interval_refine+0x2fa/0x580 [ 232.608408][ T7747] snd_pcm_hw_refine+0x7de/0xad0 [ 232.608441][ T7747] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 232.608505][ T7747] ? __asan_memset+0x23/0x50 [ 232.608536][ T7747] ? _snd_pcm_hw_param_min+0x259/0x630 [ 232.608564][ T7747] snd_pcm_oss_change_params_locked+0x65e/0x3a30 [ 232.608593][ T7747] ? preempt_count_sub+0x90/0x160 [ 232.608626][ T7747] ? __mutex_lock+0x1ca/0xb90 [ 232.608658][ T7747] ? rcu_is_watching+0x12/0xc0 [ 232.608684][ T7747] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 232.608725][ T7747] ? __pfx___mutex_lock+0x10/0x10 [ 232.608783][ T7747] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 232.608819][ T7747] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 232.608849][ T7747] ? hook_file_ioctl_common+0x145/0x410 [ 232.608878][ T7747] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 232.608908][ T7747] ? __fget_files+0x20e/0x3c0 [ 232.608946][ T7747] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 232.608975][ T7747] __x64_sys_ioctl+0x18b/0x210 [ 232.609007][ T7747] do_syscall_64+0xcd/0x490 [ 232.609044][ T7747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.609072][ T7747] RIP: 0033:0x7f2f4f18e929 [ 232.609094][ T7747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.609118][ T7747] RSP: 002b:00007f2f4ffc7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 232.609142][ T7747] RAX: ffffffffffffffda RBX: 00007f2f4f3b6080 RCX: 00007f2f4f18e929 [ 232.609159][ T7747] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000008 [ 232.609175][ T7747] RBP: 00007f2f4f210b39 R08: 0000000000000000 R09: 0000000000000000 [ 232.609190][ T7747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 232.609206][ T7747] R13: 0000000000000000 R14: 00007f2f4f3b6080 R15: 00007ffc5bead458 [ 232.609242][ T7747] [ 237.590524][ T7799] vivid-009: ================= START STATUS ================= [ 237.627834][ T7799] vivid-009: Enable Output Cropping: true grabbed [ 237.674506][ T7799] vivid-009: Enable Output Composing: true grabbed [ 237.695588][ T7799] vivid-009: Enable Output Scaler: true grabbed [ 237.735976][ T7799] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 237.743203][ T7799] vivid-009: Transmit Mode: HDMI grabbed [ 238.094620][ T7799] vivid-009: Hotplug Present: 0x00000000 [ 238.119680][ T7799] vivid-009: RxSense Present: 0x00000000 [ 238.378150][ T7799] vivid-009: EDID Present: 0x00000000 [ 238.438470][ T7799] vivid-009: ================== END STATUS ================== [ 238.753632][ T7799] block nbd7: not configured, cannot reconfigure [ 239.018666][ T7814] FAULT_INJECTION: forcing a failure. [ 239.018666][ T7814] name failslab, interval 1, probability 0, space 0, times 0 [ 239.114270][ T7814] CPU: 0 UID: 0 PID: 7814 Comm: syz.1.350 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 239.114306][ T7814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 239.114321][ T7814] Call Trace: [ 239.114330][ T7814] [ 239.114340][ T7814] dump_stack_lvl+0x16c/0x1f0 [ 239.114383][ T7814] should_fail_ex+0x512/0x640 [ 239.114416][ T7814] ? __kmalloc_noprof+0xbf/0x510 [ 239.114453][ T7814] ? constrain_params_by_rules+0x175/0xca0 [ 239.114482][ T7814] should_failslab+0xc2/0x120 [ 239.114506][ T7814] __kmalloc_noprof+0xd2/0x510 [ 239.114538][ T7814] ? kasan_quarantine_put+0x10a/0x240 [ 239.114571][ T7814] ? constrain_params_by_rules+0xa09/0xca0 [ 239.114607][ T7814] constrain_params_by_rules+0x175/0xca0 [ 239.114650][ T7814] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 239.114687][ T7814] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 239.114726][ T7814] ? __mutex_trylock_common+0xe9/0x250 [ 239.114760][ T7814] ? snd_interval_refine+0x2fa/0x580 [ 239.114798][ T7814] snd_pcm_hw_refine+0x7de/0xad0 [ 239.114832][ T7814] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 239.114867][ T7814] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 239.114902][ T7814] ? snd_pcm_hw_param_value+0x266/0x5b0 [ 239.114932][ T7814] snd_pcm_hw_param_first+0x334/0x6f0 [ 239.114966][ T7814] snd_pcm_hw_params+0x5ad/0x1b40 [ 239.115002][ T7814] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 239.115033][ T7814] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 239.115079][ T7814] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 239.115109][ T7814] ? __asan_memset+0x23/0x50 [ 239.115146][ T7814] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 239.115182][ T7814] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 239.115229][ T7814] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 239.115289][ T7814] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 239.115324][ T7814] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 239.115355][ T7814] ? hook_file_ioctl_common+0x145/0x410 [ 239.115383][ T7814] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 239.115415][ T7814] ? __fget_files+0x20e/0x3c0 [ 239.115453][ T7814] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 239.115485][ T7814] __x64_sys_ioctl+0x18b/0x210 [ 239.115518][ T7814] do_syscall_64+0xcd/0x490 [ 239.115557][ T7814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.115583][ T7814] RIP: 0033:0x7f6e59d8e929 [ 239.115604][ T7814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.115627][ T7814] RSP: 002b:00007f6e5ab44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 239.115652][ T7814] RAX: ffffffffffffffda RBX: 00007f6e59fb6080 RCX: 00007f6e59d8e929 [ 239.115670][ T7814] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000008 [ 239.115685][ T7814] RBP: 00007f6e59e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 239.115700][ T7814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 239.115715][ T7814] R13: 0000000000000000 R14: 00007f6e59fb6080 R15: 00007ffc1bc34d88 [ 239.115750][ T7814] [ 241.099623][ T7842] FAULT_INJECTION: forcing a failure. [ 241.099623][ T7842] name failslab, interval 1, probability 0, space 0, times 0 [ 241.114511][ T7842] CPU: 0 UID: 0 PID: 7842 Comm: syz.0.353 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 241.114551][ T7842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 241.114566][ T7842] Call Trace: [ 241.114575][ T7842] [ 241.114585][ T7842] dump_stack_lvl+0x16c/0x1f0 [ 241.114628][ T7842] should_fail_ex+0x512/0x640 [ 241.114662][ T7842] ? __kmalloc_noprof+0xbf/0x510 [ 241.114700][ T7842] ? ovs_vport_set_upcall_portids+0xfc/0x2f0 [ 241.114724][ T7842] should_failslab+0xc2/0x120 [ 241.114749][ T7842] __kmalloc_noprof+0xd2/0x510 [ 241.114792][ T7842] ovs_vport_set_upcall_portids+0xfc/0x2f0 [ 241.114821][ T7842] ovs_vport_alloc+0x28c/0x3d0 [ 241.114848][ T7842] internal_dev_create+0x25/0x520 [ 241.114876][ T7842] ovs_vport_add+0x144/0x4d0 [ 241.114915][ T7842] new_vport+0x16/0x1d0 [ 241.114947][ T7842] ovs_dp_cmd_new+0x6ba/0xe60 [ 241.114992][ T7842] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 241.115035][ T7842] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 241.115065][ T7842] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 241.115114][ T7842] genl_family_rcv_msg_doit+0x209/0x2f0 [ 241.115145][ T7842] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 241.115174][ T7842] ? trace_cap_capable+0x18d/0x200 [ 241.115208][ T7842] ? bpf_lsm_capable+0x9/0x10 [ 241.115236][ T7842] ? security_capable+0x7e/0x260 [ 241.115274][ T7842] ? ns_capable+0xd7/0x110 [ 241.115309][ T7842] genl_rcv_msg+0x55c/0x800 [ 241.115345][ T7842] ? __pfx_genl_rcv_msg+0x10/0x10 [ 241.115377][ T7842] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 241.115423][ T7842] netlink_rcv_skb+0x158/0x420 [ 241.115450][ T7842] ? __pfx_genl_rcv_msg+0x10/0x10 [ 241.115482][ T7842] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 241.115524][ T7842] ? netlink_deliver_tap+0x1ae/0xd30 [ 241.115555][ T7842] genl_rcv+0x28/0x40 [ 241.115581][ T7842] netlink_unicast+0x53a/0x7f0 [ 241.115612][ T7842] ? __pfx_netlink_unicast+0x10/0x10 [ 241.115648][ T7842] netlink_sendmsg+0x8d1/0xdd0 [ 241.115681][ T7842] ? __pfx_netlink_sendmsg+0x10/0x10 [ 241.115722][ T7842] ____sys_sendmsg+0xa98/0xc70 [ 241.115752][ T7842] ? copy_msghdr_from_user+0x10a/0x160 [ 241.115787][ T7842] ? __pfx_____sys_sendmsg+0x10/0x10 [ 241.115812][ T7842] ? preempt_schedule_thunk+0x16/0x30 [ 241.115847][ T7842] ? try_to_wake_up+0xa2f/0x1680 [ 241.115879][ T7842] ___sys_sendmsg+0x134/0x1d0 [ 241.115915][ T7842] ? __pfx____sys_sendmsg+0x10/0x10 [ 241.115947][ T7842] ? __lock_acquire+0x622/0x1c90 [ 241.116025][ T7842] __sys_sendmsg+0x16d/0x220 [ 241.116062][ T7842] ? __pfx___sys_sendmsg+0x10/0x10 [ 241.116104][ T7842] ? __x64_sys_futex+0x1e0/0x4c0 [ 241.116155][ T7842] do_syscall_64+0xcd/0x490 [ 241.116197][ T7842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.116223][ T7842] RIP: 0033:0x7f2f4f18e929 [ 241.116244][ T7842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.116269][ T7842] RSP: 002b:00007f2f4ffe8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 241.116294][ T7842] RAX: ffffffffffffffda RBX: 00007f2f4f3b5fa0 RCX: 00007f2f4f18e929 [ 241.116311][ T7842] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000008 [ 241.116326][ T7842] RBP: 00007f2f4f210b39 R08: 0000000000000000 R09: 0000000000000000 [ 241.116341][ T7842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.116356][ T7842] R13: 0000000000000000 R14: 00007f2f4f3b5fa0 R15: 00007ffc5bead458 [ 241.116388][ T7842] [ 241.981786][ T5841] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 243.826581][ T7888] FAULT_INJECTION: forcing a failure. [ 243.826581][ T7888] name failslab, interval 1, probability 0, space 0, times 0 [ 243.964276][ T7888] CPU: 1 UID: 0 PID: 7888 Comm: syz.2.359 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 243.964316][ T7888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 243.964330][ T7888] Call Trace: [ 243.964339][ T7888] [ 243.964348][ T7888] dump_stack_lvl+0x16c/0x1f0 [ 243.964392][ T7888] should_fail_ex+0x512/0x640 [ 243.964425][ T7888] ? fs_reclaim_acquire+0xae/0x150 [ 243.964457][ T7888] should_failslab+0xc2/0x120 [ 243.964482][ T7888] __kmalloc_cache_noprof+0x6a/0x3e0 [ 243.964513][ T7888] ? tomoyo_find_next_domain+0x145/0x20b0 [ 243.964538][ T7888] ? kasan_save_track+0x14/0x30 [ 243.964577][ T7888] tomoyo_find_next_domain+0x145/0x20b0 [ 243.964617][ T7888] ? __pfx_tomoyo_find_next_domain+0x10/0x10 [ 243.964657][ T7888] tomoyo_bprm_check_security+0x12e/0x1d0 [ 243.964693][ T7888] ? tomoyo_bprm_check_security+0x120/0x1d0 [ 243.964729][ T7888] security_bprm_check+0x1b9/0x1e0 [ 243.964752][ T7888] bprm_execve+0x810/0x1650 [ 243.964799][ T7888] ? __pfx_bprm_execve+0x10/0x10 [ 243.964830][ T7888] ? copy_string_kernel+0x444/0x510 [ 243.964866][ T7888] do_execveat_common.isra.0+0x4a5/0x610 [ 243.964902][ T7888] __x64_sys_execve+0x8e/0xb0 [ 243.964932][ T7888] do_syscall_64+0xcd/0x490 [ 243.964972][ T7888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.964997][ T7888] RIP: 0033:0x7ffbae98e929 [ 243.965018][ T7888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.965042][ T7888] RSP: 002b:00007ffbaf750038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 243.965066][ T7888] RAX: ffffffffffffffda RBX: 00007ffbaebb6080 RCX: 00007ffbae98e929 [ 243.965083][ T7888] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 243.965098][ T7888] RBP: 00007ffbaea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 243.965113][ T7888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 243.965127][ T7888] R13: 0000000000000000 R14: 00007ffbaebb6080 R15: 00007ffe33c10808 [ 243.965161][ T7888] syzkaller syzkaller login: [ 247.997199][ T7934] FAULT_INJECTION: forcing a failure. [ 247.997199][ T7934] name failslab, interval 1, probability 0, space 0, times 0 [ 248.031618][ T7934] CPU: 1 UID: 0 PID: 7934 Comm: syz.1.368 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 248.031658][ T7934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 248.031672][ T7934] Call Trace: [ 248.031682][ T7934] [ 248.031692][ T7934] dump_stack_lvl+0x16c/0x1f0 [ 248.031735][ T7934] should_fail_ex+0x512/0x640 [ 248.031767][ T7934] ? __kmalloc_noprof+0xbf/0x510 [ 248.031805][ T7934] ? ovs_vport_alloc+0x30/0x3d0 [ 248.031826][ T7934] should_failslab+0xc2/0x120 [ 248.031849][ T7934] __kmalloc_noprof+0xd2/0x510 [ 248.031882][ T7934] ? ovs_dp_cmd_new+0x5d9/0xe60 [ 248.031919][ T7934] ovs_vport_alloc+0x30/0x3d0 [ 248.031946][ T7934] internal_dev_create+0x25/0x520 [ 248.031973][ T7934] ovs_vport_add+0x144/0x4d0 [ 248.032012][ T7934] new_vport+0x16/0x1d0 [ 248.032042][ T7934] ovs_dp_cmd_new+0x6ba/0xe60 [ 248.032081][ T7934] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 248.032123][ T7934] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 248.032155][ T7934] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 248.032194][ T7934] genl_family_rcv_msg_doit+0x209/0x2f0 [ 248.032224][ T7934] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 248.032254][ T7934] ? trace_cap_capable+0x18d/0x200 [ 248.032287][ T7934] ? bpf_lsm_capable+0x9/0x10 [ 248.032314][ T7934] ? security_capable+0x7e/0x260 [ 248.032349][ T7934] ? ns_capable+0xd7/0x110 [ 248.032378][ T7934] genl_rcv_msg+0x55c/0x800 [ 248.032412][ T7934] ? __pfx_genl_rcv_msg+0x10/0x10 [ 248.032452][ T7934] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 248.032498][ T7934] netlink_rcv_skb+0x158/0x420 [ 248.032526][ T7934] ? __pfx_genl_rcv_msg+0x10/0x10 [ 248.032557][ T7934] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 248.032597][ T7934] ? netlink_deliver_tap+0x1ae/0xd30 [ 248.032628][ T7934] genl_rcv+0x28/0x40 [ 248.032652][ T7934] netlink_unicast+0x53a/0x7f0 [ 248.032680][ T7934] ? __pfx_netlink_unicast+0x10/0x10 [ 248.032716][ T7934] netlink_sendmsg+0x8d1/0xdd0 [ 248.032749][ T7934] ? __pfx_netlink_sendmsg+0x10/0x10 [ 248.032790][ T7934] ____sys_sendmsg+0xa98/0xc70 [ 248.032818][ T7934] ? copy_msghdr_from_user+0x10a/0x160 [ 248.032852][ T7934] ? __pfx_____sys_sendmsg+0x10/0x10 [ 248.032887][ T7934] ? __pfx_futex_wake_mark+0x10/0x10 [ 248.032925][ T7934] ___sys_sendmsg+0x134/0x1d0 [ 248.032960][ T7934] ? __pfx____sys_sendmsg+0x10/0x10 [ 248.032992][ T7934] ? __lock_acquire+0x622/0x1c90 [ 248.033065][ T7934] __sys_sendmsg+0x16d/0x220 [ 248.033101][ T7934] ? __pfx___sys_sendmsg+0x10/0x10 [ 248.033132][ T7934] ? __x64_sys_futex+0x1e0/0x4c0 [ 248.033183][ T7934] do_syscall_64+0xcd/0x490 [ 248.033221][ T7934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.033246][ T7934] RIP: 0033:0x7f6e59d8e929 [ 248.033268][ T7934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 248.033292][ T7934] RSP: 002b:00007f6e5ab65038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 248.033316][ T7934] RAX: ffffffffffffffda RBX: 00007f6e59fb5fa0 RCX: 00007f6e59d8e929 [ 248.033333][ T7934] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000008 [ 248.033346][ T7934] RBP: 00007f6e59e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 248.033360][ T7934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 248.033374][ T7934] R13: 0000000000000000 R14: 00007f6e59fb5fa0 R15: 00007ffc1bc34d88 [ 248.033408][ T7934] [ 250.457217][ T5841] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 253.553956][ T5841] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 254.093403][ T5841] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 254.555364][ T8014] netlink: 28 bytes leftover after parsing attributes in process `syz.1.387'. [ 255.860252][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.873777][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.962383][ T8051] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input20 [ 258.765169][ T5841] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 262.640630][ T8108] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 syzkaller syzkaller login: [ 264.060269][ T8129] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input22 [ 265.008876][ T5841] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 265.615458][ T5841] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 268.479209][ T8187] Invalid ELF header magic: != ELF [ 268.766645][ T8187] netlink: zone id is out of range [ 268.789297][ T8187] netlink: zone id is out of range [ 268.910883][ T8187] netlink: zone id is out of range [ 269.107676][ T8187] netlink: zone id is out of range [ 269.112860][ T8187] netlink: zone id is out of range [ 279.588342][ T5841] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 279.732987][ T5841] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 285.029794][ T8375] FAULT_INJECTION: forcing a failure. [ 285.029794][ T8375] name failslab, interval 1, probability 0, space 0, times 0 [ 285.062448][ T8375] CPU: 0 UID: 0 PID: 8375 Comm: syz.1.463 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 285.062486][ T8375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 285.062500][ T8375] Call Trace: [ 285.062508][ T8375] [ 285.062519][ T8375] dump_stack_lvl+0x16c/0x1f0 [ 285.062573][ T8375] should_fail_ex+0x512/0x640 [ 285.062608][ T8375] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 285.062643][ T8375] should_failslab+0xc2/0x120 [ 285.062664][ T8375] __kmalloc_cache_noprof+0x6a/0x3e0 [ 285.062692][ T8375] ? x509_cert_parse+0x162/0x900 [ 285.062719][ T8375] ? kasan_save_track+0x14/0x30 [ 285.062753][ T8375] x509_cert_parse+0x162/0x900 [ 285.062781][ T8375] ? kasan_save_stack+0x42/0x60 [ 285.062812][ T8375] ? kasan_save_stack+0x33/0x60 [ 285.062844][ T8375] ? kasan_save_track+0x14/0x30 [ 285.062880][ T8375] pkcs7_extract_cert+0xa4/0x320 [ 285.062916][ T8375] asn1_ber_decoder+0xc5f/0x1df0 [ 285.062969][ T8375] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 285.063030][ T8375] pkcs7_parse_message+0x288/0x720 [ 285.063069][ T8375] verify_pkcs7_signature+0x30/0xa0 [ 285.063099][ T8375] valid_regdb+0x215/0x590 [ 285.063128][ T8375] ? __pfx___mutex_lock+0x10/0x10 [ 285.063166][ T8375] ? __pfx_valid_regdb+0x10/0x10 [ 285.063200][ T8375] reg_reload_regdb+0x11e/0x460 [ 285.063230][ T8375] ? __pfx_reg_reload_regdb+0x10/0x10 [ 285.063260][ T8375] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 285.063293][ T8375] ? nl80211_pre_doit+0x1b0/0xb10 [ 285.063331][ T8375] genl_family_rcv_msg_doit+0x209/0x2f0 [ 285.063365][ T8375] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 285.063394][ T8375] ? rcu_is_watching+0x12/0xc0 [ 285.063459][ T8375] ? bpf_lsm_capable+0x9/0x10 [ 285.063488][ T8375] ? security_capable+0x7e/0x260 [ 285.063536][ T8375] genl_rcv_msg+0x55c/0x800 [ 285.063579][ T8375] ? __pfx_genl_rcv_msg+0x10/0x10 [ 285.063611][ T8375] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 285.063645][ T8375] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 285.063672][ T8375] ? __pfx_nl80211_post_doit+0x10/0x10 [ 285.063716][ T8375] netlink_rcv_skb+0x158/0x420 [ 285.063740][ T8375] ? __pfx_genl_rcv_msg+0x10/0x10 [ 285.063769][ T8375] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 285.063807][ T8375] ? netlink_deliver_tap+0x1ae/0xd30 [ 285.063836][ T8375] genl_rcv+0x28/0x40 [ 285.063860][ T8375] netlink_unicast+0x53a/0x7f0 [ 285.063890][ T8375] ? __pfx_netlink_unicast+0x10/0x10 [ 285.063924][ T8375] netlink_sendmsg+0x8d1/0xdd0 [ 285.063955][ T8375] ? __pfx_netlink_sendmsg+0x10/0x10 [ 285.063994][ T8375] ____sys_sendmsg+0xa98/0xc70 [ 285.064022][ T8375] ? copy_msghdr_from_user+0x10a/0x160 [ 285.064056][ T8375] ? __pfx_____sys_sendmsg+0x10/0x10 [ 285.064089][ T8375] ? __pfx_futex_wake_mark+0x10/0x10 [ 285.064122][ T8375] ___sys_sendmsg+0x134/0x1d0 [ 285.064156][ T8375] ? __pfx____sys_sendmsg+0x10/0x10 [ 285.064183][ T8375] ? __lock_acquire+0x622/0x1c90 [ 285.064255][ T8375] __sys_sendmsg+0x16d/0x220 [ 285.064289][ T8375] ? __pfx___sys_sendmsg+0x10/0x10 [ 285.064321][ T8375] ? __x64_sys_futex+0x1e0/0x4c0 [ 285.064368][ T8375] do_syscall_64+0xcd/0x490 [ 285.064406][ T8375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.064430][ T8375] RIP: 0033:0x7f6e59d8e929 [ 285.064452][ T8375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.064476][ T8375] RSP: 002b:00007f6e5ab65038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 285.064501][ T8375] RAX: ffffffffffffffda RBX: 00007f6e59fb5fa0 RCX: 00007f6e59d8e929 [ 285.064517][ T8375] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 285.064530][ T8375] RBP: 00007f6e59e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 285.064541][ T8375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 285.064567][ T8375] R13: 0000000000000000 R14: 00007f6e59fb5fa0 R15: 00007ffc1bc34d88 [ 285.064601][ T8375] [ 285.545163][ T8379] sd 0:0:1:0: PR command failed: 1026 [ 285.550655][ T8379] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 285.564342][ T8379] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 285.917323][ T8387] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input23 [ 288.395983][ T5841] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 288.786158][ T5841] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 293.583417][ T8477] random: crng reseeded on system resumption [ 297.631970][ T5841] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 297.785409][ T8534] FAULT_INJECTION: forcing a failure. [ 297.785409][ T8534] name failslab, interval 1, probability 0, space 0, times 0 syzkaller syzkaller login: [ 297.816582][ T8534] CPU: 1 UID: 0 PID: 8534 Comm: syz.2.484 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 297.816633][ T8534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 297.816649][ T8534] Call Trace: [ 297.816657][ T8534] [ 297.816668][ T8534] dump_stack_lvl+0x16c/0x1f0 [ 297.816715][ T8534] should_fail_ex+0x512/0x640 [ 297.816749][ T8534] ? __kmalloc_noprof+0xbf/0x510 [ 297.816789][ T8534] ? mpi_alloc_limb_space+0x31/0x60 [ 297.816817][ T8534] should_failslab+0xc2/0x120 [ 297.816843][ T8534] __kmalloc_noprof+0xd2/0x510 [ 297.816889][ T8534] mpi_alloc_limb_space+0x31/0x60 [ 297.816917][ T8534] mpihelp_mul_karatsuba_case+0x116/0xc20 [ 297.816951][ T8534] ? mpihelp_divrem+0x66e/0x1420 [ 297.816983][ T8534] ? __pfx_mpihelp_mul_karatsuba_case+0x10/0x10 [ 297.817025][ T8534] mpi_powm+0xf63/0x1bf0 [ 297.817069][ T8534] ? __pfx_mpi_powm+0x10/0x10 [ 297.817097][ T8534] ? kfree+0x2b4/0x4d0 [ 297.817124][ T8534] ? __phys_addr+0xe8/0x180 [ 297.817156][ T8534] ? mpi_free+0xe1/0x160 [ 297.817188][ T8534] rsa_enc+0x1fe/0x3b0 [ 297.817225][ T8534] ? __pfx_rsa_enc+0x10/0x10 [ 297.817259][ T8534] ? __virt_addr_valid+0x81/0x610 [ 297.817283][ T8534] ? __phys_addr+0xe8/0x180 [ 297.817305][ T8534] ? sg_init_one+0xf5/0x1b0 [ 297.817334][ T8534] rsassa_pkcs1_verify+0x502/0xb60 [ 297.817365][ T8534] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 297.817403][ T8534] ? rsa_max_size+0xd/0x70 [ 297.817432][ T8534] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 297.817460][ T8534] public_key_verify_signature+0x672/0x970 [ 297.817492][ T8534] ? __pfx_public_key_verify_signature+0x10/0x10 [ 297.817524][ T8534] ? crypto_destroy_tfm+0x14d/0x2b0 [ 297.817574][ T8534] pkcs7_verify+0x32f/0x1b20 [ 297.817626][ T8534] verify_pkcs7_message_sig+0xdd/0x250 [ 297.817656][ T8534] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 297.817683][ T8534] ? kfree+0x2b4/0x4d0 [ 297.817708][ T8534] ? public_key_signature_free+0xda/0x110 [ 297.817735][ T8534] ? pkcs7_parse_message+0x531/0x720 [ 297.817770][ T8534] ? pkcs7_parse_message+0x536/0x720 [ 297.817806][ T8534] verify_pkcs7_signature+0x6d/0xa0 [ 297.817831][ T8534] valid_regdb+0x215/0x590 [ 297.817860][ T8534] ? __pfx___mutex_lock+0x10/0x10 [ 297.817897][ T8534] ? __pfx_valid_regdb+0x10/0x10 [ 297.817931][ T8534] reg_reload_regdb+0x11e/0x460 [ 297.817961][ T8534] ? __pfx_reg_reload_regdb+0x10/0x10 [ 297.817990][ T8534] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 297.818022][ T8534] ? nl80211_pre_doit+0x1b0/0xb10 [ 297.818060][ T8534] genl_family_rcv_msg_doit+0x209/0x2f0 [ 297.818091][ T8534] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 297.818119][ T8534] ? rcu_is_watching+0x12/0xc0 [ 297.818157][ T8534] ? bpf_lsm_capable+0x9/0x10 [ 297.818184][ T8534] ? security_capable+0x7e/0x260 [ 297.818226][ T8534] genl_rcv_msg+0x55c/0x800 [ 297.818257][ T8534] ? __pfx_genl_rcv_msg+0x10/0x10 [ 297.818285][ T8534] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 297.818318][ T8534] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 297.818342][ T8534] ? __pfx_nl80211_post_doit+0x10/0x10 [ 297.818387][ T8534] netlink_rcv_skb+0x158/0x420 [ 297.818414][ T8534] ? __pfx_genl_rcv_msg+0x10/0x10 [ 297.818443][ T8534] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 297.818479][ T8534] ? netlink_deliver_tap+0x1ae/0xd30 [ 297.818507][ T8534] genl_rcv+0x28/0x40 [ 297.818532][ T8534] netlink_unicast+0x53a/0x7f0 [ 297.818561][ T8534] ? __pfx_netlink_unicast+0x10/0x10 [ 297.818598][ T8534] netlink_sendmsg+0x8d1/0xdd0 [ 297.818640][ T8534] ? __pfx_netlink_sendmsg+0x10/0x10 [ 297.818679][ T8534] ____sys_sendmsg+0xa98/0xc70 [ 297.818708][ T8534] ? copy_msghdr_from_user+0x10a/0x160 [ 297.818740][ T8534] ? __pfx_____sys_sendmsg+0x10/0x10 [ 297.818762][ T8534] ? preempt_schedule_thunk+0x16/0x30 [ 297.818799][ T8534] ? try_to_wake_up+0xa2f/0x1680 [ 297.818829][ T8534] ___sys_sendmsg+0x134/0x1d0 [ 297.818865][ T8534] ? __pfx____sys_sendmsg+0x10/0x10 [ 297.818893][ T8534] ? __lock_acquire+0x622/0x1c90 [ 297.818969][ T8534] __sys_sendmsg+0x16d/0x220 [ 297.819005][ T8534] ? __pfx___sys_sendmsg+0x10/0x10 [ 297.819038][ T8534] ? __x64_sys_futex+0x1e0/0x4c0 [ 297.819089][ T8534] do_syscall_64+0xcd/0x490 [ 297.819128][ T8534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.819153][ T8534] RIP: 0033:0x7ffbae98e929 [ 297.819174][ T8534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.819199][ T8534] RSP: 002b:00007ffbaf771038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 297.819224][ T8534] RAX: ffffffffffffffda RBX: 00007ffbaebb5fa0 RCX: 00007ffbae98e929 [ 297.819240][ T8534] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 297.819255][ T8534] RBP: 00007ffbaea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 297.819268][ T8534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 297.819283][ T8534] R13: 0000000000000000 R14: 00007ffbaebb5fa0 R15: 00007ffe33c10808 [ 297.819315][ T8534] [ 298.620249][ T8545] netlink: 12 bytes leftover after parsing attributes in process `syz.3.488'. [ 298.659434][ T8540] HfR: entered promiscuous mode [ 298.674558][ T8545] openvswitch: HfR: Dropping previously announced user features [ 301.811222][ T5841] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 302.546133][ T5841] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 304.844273][ T5841] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 309.789175][ T8684] HfR: entered promiscuous mode [ 309.907289][ T8684] netlink: 12 bytes leftover after parsing attributes in process `syz.0.512'. [ 309.956710][ T8684] openvswitch: HfR: Dropping previously announced user features [ 311.306653][ T5841] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 314.767985][ T8735] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 317.312287][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.318679][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 325.247950][ T8872] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 326.573796][ T5841] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 326.715673][ T8877] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 329.077505][ T5841] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 330.809935][ T5841] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 331.231219][ T5841] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 331.574721][ T8960] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 332.140482][ T8961] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 333.166905][ T5841] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 334.599242][ T5841] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 335.171002][ T5841] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 335.982192][ T9029] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 336.572604][ T9032] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input29 [ 339.505499][ T5841] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 339.826792][ T9066] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 339.842475][ T9066] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 339.933311][ T9066] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 339.963172][ T9066] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 340.792679][ T9086] random: crng reseeded on system resumption [ 340.961026][ T9096] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input30 [ 340.985659][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 341.856898][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 341.933087][ T9098] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 342.014315][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 342.014428][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 342.555938][ T30] audit: type=1804 audit(6045850588.645:8): pid=9115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.591" name="/newroot/141/file0" dev="tmpfs" ino=764 res=1 errno=0 [ 342.637511][ T30] audit: type=1800 audit(6045850588.645:9): pid=9115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.591" name="file0" dev="tmpfs" ino=764 res=0 errno=0 [ 344.167228][ T5841] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 344.334474][ T5841] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 344.729722][ T9143] sd 0:0:1:0: PR command failed: 1026 [ 344.927760][ T9143] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 345.025173][ T9143] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 348.250731][ T5841] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 348.566425][ T5841] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 348.664385][ T30] audit: type=1804 audit(6045850594.745:10): pid=9195 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.605" name="/newroot/138/file0" dev="tmpfs" ino=735 res=1 errno=0 [ 348.825126][ T30] audit: type=1800 audit(6045850594.745:11): pid=9195 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.605" name="file0" dev="tmpfs" ino=735 res=0 errno=0 [ 356.416241][ T9293] sd 0:0:1:0: PR command failed: 1026 [ 356.446565][ T9293] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 356.513261][ T9293] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 356.834264][ T5841] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 357.059115][ T9301] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 360.242214][ T9349] Invalid ELF header magic: != ELF [ 360.914374][ T5841] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 362.054757][ T5841] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 367.583009][ T9432] random: crng reseeded on system resumption [ 368.124277][ T9445] sd 0:0:1:0: PR command failed: 1026 [ 368.168758][ T9445] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 368.177296][ T9445] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 368.403571][ T9441] Invalid ELF header magic: != ELF [ 368.625646][ T9447] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32 [ 369.937732][ T9452] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 371.168929][ T9482] hub 8-0:1.0: USB hub found [ 371.175911][ T9482] hub 8-0:1.0: 1 port detected [ 372.520927][ T5841] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 373.750881][ T9518] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input34 [ 374.382241][ T9519] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input35 [ 376.026872][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 376.054765][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 376.076986][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 376.083354][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 376.095346][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 376.101654][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 376.117909][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 376.125172][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.750480][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.758603][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.990462][ T9574] kexec: Could not allocate control_code_buffer [ 383.058646][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.065171][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.075789][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.082182][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.092298][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.098804][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.117916][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.124344][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 387.967554][ T9689] netlink: 28 bytes leftover after parsing attributes in process `syz.0.693'. [ 388.099877][ T9689] bond0: (slave bond_slave_0): Releasing backup interface [ 394.076287][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 394.076396][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 394.078908][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 394.078972][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 394.082557][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 394.082620][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 394.086937][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 394.086979][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 398.616702][ T9779] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 398.639515][ T9779] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 398.654508][ T9779] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 398.686993][ T9779] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 398.744934][ T9780] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 398.987022][ T30] audit: type=1800 audit(6045850645.055:12): pid=9799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.714" name="members" dev="configfs" ino=72827 res=0 errno=0 [ 399.374467][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 400.654587][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 400.735602][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 400.751107][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 401.301445][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 401.309873][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 401.353731][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 401.413317][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 401.432017][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 401.438635][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 401.455413][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 401.461796][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 402.087800][ T5839] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 402.175442][ T9834] netlink: 28 bytes leftover after parsing attributes in process `syz.2.723'. [ 402.208396][ T9832] netlink: 28 bytes leftover after parsing attributes in process `syz.1.720'. [ 402.220236][ T9834] bridge_slave_1: left allmulticast mode [ 402.228350][ T9834] bridge_slave_1: left promiscuous mode [ 402.244538][ T9834] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.299358][ T9834] bridge_slave_0: left allmulticast mode [ 402.306062][ T9834] bridge_slave_0: left promiscuous mode [ 402.315377][ T9834] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.491797][ T9832] bond0: (slave bond_slave_0): Releasing backup interface [ 407.467768][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 407.474621][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 407.507409][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 407.513772][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 407.535220][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 407.541848][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 407.595826][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 407.602732][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 409.366634][ T5839] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 409.736158][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 409.783194][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 409.811705][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 409.818308][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 409.834700][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 409.841215][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 409.857078][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 409.863606][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 409.909830][ T5839] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 412.474998][ T5839] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 414.944656][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 414.951048][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 415.037265][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 415.047929][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 415.056116][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 415.062393][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 415.071889][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 415.079010][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 420.814516][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 420.820828][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 420.832172][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 420.839053][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 420.847039][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 420.853515][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 420.911531][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 420.918157][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 426.266234][ T5839] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 431.424003][ T30] audit: type=1800 audit(6045850677.505:13): pid=10189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.800" name="members" dev="configfs" ino=82160 res=0 errno=0 [ 440.185909][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.199176][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.448851][T10312] netlink: 20 bytes leftover after parsing attributes in process `syz.2.820'. [ 442.391204][T10312] hsr_slave_0 (unregistering): left promiscuous mode [ 451.168759][ T5839] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 455.171451][ T30] audit: type=1800 audit(6045850701.255:14): pid=10480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.850" name="members" dev="configfs" ino=88517 res=0 errno=0 [ 455.984295][ T5839] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 459.561868][T10526] netlink: 20 bytes leftover after parsing attributes in process `syz.0.859'. [ 460.151700][T10526] hsr_slave_0 (unregistering): left promiscuous mode [ 463.838786][ T30] audit: type=1800 audit(6045850709.905:15): pid=10582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.868" name="members" dev="configfs" ino=90954 res=0 errno=0 [ 472.297679][T10687] netlink: 20 bytes leftover after parsing attributes in process `syz.1.880'. [ 472.670484][T10687] hsr_slave_0 (unregistering): left promiscuous mode [ 476.246018][T10712] netlink: 28 bytes leftover after parsing attributes in process `syz.1.888'. [ 476.532141][T10712] vcan0: entered promiscuous mode [ 477.022370][ T5839] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 491.099725][ T5839] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 491.657369][T10934] netlink: 20 bytes leftover after parsing attributes in process `syz.3.928'. [ 494.555963][ T5839] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 495.656570][T10997] netlink: 20 bytes leftover after parsing attributes in process `syz.0.940'. [ 501.132247][T11072] netlink: 20 bytes leftover after parsing attributes in process `syz.0.953'. [ 501.618054][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.624518][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.323402][T11095] netlink: 28 bytes leftover after parsing attributes in process `syz.2.956'. [ 503.518109][T11095] vcan0: entered promiscuous mode [ 507.794087][ T5839] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 508.387807][ T5839] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 511.287268][T11214] delete_channel: no stack [ 515.405311][ T5839] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 516.077048][T11275] delete_channel: no stack [ 530.661859][ T5839] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 532.957194][T11484] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[11484] [ 536.735833][T11519] zswap: compressor not available [ 541.083515][ T5839] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 548.889200][ T5839] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 549.509401][ T5839] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 552.123563][ T5839] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 553.323515][ T5839] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 557.253244][ T5839] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 563.070787][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.154858][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 565.076725][ T5839] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 567.342451][T11901] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 568.382681][T11901] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 569.540479][T11943] sd 0:0:1:0: PR command failed: 1026 [ 569.566049][T11943] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 569.573011][T11943] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 571.015471][T11901] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 576.207777][T11989] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 580.109512][T11989] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 583.078891][T11989] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 585.907785][T12230] FAULT_INJECTION: forcing a failure. [ 585.907785][T12230] name failslab, interval 1, probability 0, space 0, times 0 [ 585.930703][T12230] CPU: 0 UID: 0 PID: 12230 Comm: syz.2.1177 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 585.930734][T12230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 585.930743][T12230] Call Trace: [ 585.930749][T12230] [ 585.930756][T12230] dump_stack_lvl+0x16c/0x1f0 [ 585.930786][T12230] should_fail_ex+0x512/0x640 [ 585.930807][T12230] ? __kmalloc_noprof+0xbf/0x510 [ 585.930831][T12230] ? ring_buffer_read_prepare+0x171/0x320 [ 585.930847][T12230] should_failslab+0xc2/0x120 [ 585.930861][T12230] __kmalloc_noprof+0xd2/0x510 [ 585.930894][T12230] ? kasan_save_track+0x14/0x30 [ 585.930918][T12230] ring_buffer_read_prepare+0x171/0x320 [ 585.930938][T12230] tracing_open+0xbe8/0xf90 [ 585.930958][T12230] do_dentry_open+0x744/0x1c10 [ 585.930980][T12230] ? __pfx_tracing_open+0x10/0x10 [ 585.930999][T12230] vfs_open+0x82/0x3f0 [ 585.931016][T12230] path_openat+0x1de4/0x2cb0 [ 585.931043][T12230] ? __pfx_path_openat+0x10/0x10 [ 585.931064][T12230] ? __lock_acquire+0xb8a/0x1c90 [ 585.931085][T12230] do_filp_open+0x20b/0x470 [ 585.931105][T12230] ? __pfx_do_filp_open+0x10/0x10 [ 585.931138][T12230] ? alloc_fd+0x471/0x7d0 [ 585.931162][T12230] do_sys_openat2+0x11b/0x1d0 [ 585.931177][T12230] ? __pfx_do_sys_openat2+0x10/0x10 [ 585.931199][T12230] __x64_sys_openat+0x174/0x210 [ 585.931215][T12230] ? __pfx___x64_sys_openat+0x10/0x10 [ 585.931238][T12230] do_syscall_64+0xcd/0x490 [ 585.931261][T12230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.931276][T12230] RIP: 0033:0x7ffbae98e929 [ 585.931289][T12230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 585.931304][T12230] RSP: 002b:00007ffbaf750038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 585.931318][T12230] RAX: ffffffffffffffda RBX: 00007ffbaebb6080 RCX: 00007ffbae98e929 [ 585.931328][T12230] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 585.931337][T12230] RBP: 00007ffbaea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 585.931345][T12230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 585.931354][T12230] R13: 0000000000000000 R14: 00007ffbaebb6080 R15: 00007ffe33c10808 [ 585.931372][T12230] [ 588.770653][T11989] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 592.887545][T12348] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 593.151803][T11989] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 593.501809][T12369] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 593.520120][T12369] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 593.534625][T12369] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 593.546368][T12369] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 593.555530][T12369] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 594.741309][T12366] chnl_net:caif_netlink_parms(): no params data found [ 594.751032][T12369] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 594.975574][T11989] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 594.993891][T11989] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 595.003471][T11989] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 595.016096][T11989] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 595.034016][T11989] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 595.089427][T12366] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.114479][T12366] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.128563][T12366] bridge_slave_0: entered allmulticast mode [ 595.141326][T12366] bridge_slave_0: entered promiscuous mode [ 595.176453][T12366] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.183635][T12366] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.207603][T12366] bridge_slave_1: entered allmulticast mode [ 595.216473][T12366] bridge_slave_1: entered promiscuous mode [ 595.341473][T12366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 595.369057][T12366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 595.458175][T12366] team0: Port device team_slave_0 added [ 595.479900][T12366] team0: Port device team_slave_1 added [ 595.571848][T12366] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 595.579607][T12366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 595.607010][T12366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 595.619251][T11989] Bluetooth: hci4: command tx timeout [ 595.631256][T12366] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 595.638970][T12366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 595.665704][T12366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 595.798844][T12366] hsr_slave_0: entered promiscuous mode [ 595.808186][T12366] hsr_slave_1: entered promiscuous mode [ 595.818645][T12366] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 595.829245][T12366] Cannot create hsr debugfs directory [ 596.211730][T12400] chnl_net:caif_netlink_parms(): no params data found [ 596.672049][T12428] ptrace attach of "./syz-executor exec"[5827] was attempted by "./syz-executor exec"[12428] [ 596.701123][T12400] bridge0: port 1(bridge_slave_0) entered blocking state [ 596.717749][T12400] bridge0: port 1(bridge_slave_0) entered disabled state [ 596.727739][T12400] bridge_slave_0: entered allmulticast mode [ 596.745511][T12400] bridge_slave_0: entered promiscuous mode [ 596.824984][T12400] bridge0: port 2(bridge_slave_1) entered blocking state [ 596.840455][T12400] bridge0: port 2(bridge_slave_1) entered disabled state [ 596.850702][T12400] bridge_slave_1: entered allmulticast mode [ 596.865704][T12400] bridge_slave_1: entered promiscuous mode [ 597.135551][T11989] Bluetooth: hci2: command tx timeout [ 597.155432][T12400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 597.177539][T12400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 597.208317][T12366] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 597.312161][T12366] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 597.381180][T12400] team0: Port device team_slave_0 added [ 597.393010][T12366] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 597.447009][T12400] team0: Port device team_slave_1 added [ 597.475107][T12366] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 597.540109][T12400] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 597.554572][T12400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 597.582739][T12400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 597.605870][T12400] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 597.618530][T12400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 597.648294][T12400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 597.694655][T11989] Bluetooth: hci4: command tx timeout [ 597.845322][T12400] hsr_slave_0: entered promiscuous mode [ 597.852331][T12400] hsr_slave_1: entered promiscuous mode [ 597.860226][T12400] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 597.872247][T12400] Cannot create hsr debugfs directory [ 598.488395][T12366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 598.650639][T12400] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.721011][T12366] 8021q: adding VLAN 0 to HW filter on device team0 [ 598.776275][T12400] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.822452][T11997] bridge0: port 1(bridge_slave_0) entered blocking state [ 598.829697][T11997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 598.843594][T11997] bridge0: port 2(bridge_slave_1) entered blocking state [ 598.850768][T11997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 598.880341][T12400] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.031493][T12400] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.215172][T11989] Bluetooth: hci2: command tx timeout [ 599.461770][T12400] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 599.494130][T12400] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 599.531231][T12400] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 599.560824][T12400] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 599.743091][T12400] 8021q: adding VLAN 0 to HW filter on device bond0 [ 599.775379][T11989] Bluetooth: hci4: command tx timeout [ 599.810432][T12366] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 599.834082][T12400] 8021q: adding VLAN 0 to HW filter on device team0 [ 599.896491][T11979] bridge0: port 1(bridge_slave_0) entered blocking state [ 599.903702][T11979] bridge0: port 1(bridge_slave_0) entered forwarding state [ 599.960351][T11979] bridge0: port 2(bridge_slave_1) entered blocking state [ 599.967521][T11979] bridge0: port 2(bridge_slave_1) entered forwarding state [ 600.624834][T12400] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 600.637787][T12366] veth0_vlan: entered promiscuous mode [ 600.663378][T12366] veth1_vlan: entered promiscuous mode [ 600.702790][T12400] veth0_vlan: entered promiscuous mode [ 600.719139][T12400] veth1_vlan: entered promiscuous mode [ 600.760298][T12366] veth0_macvtap: entered promiscuous mode [ 600.770272][T12400] veth0_macvtap: entered promiscuous mode [ 600.781427][T12366] veth1_macvtap: entered promiscuous mode [ 600.791092][T12400] veth1_macvtap: entered promiscuous mode [ 600.822313][T12366] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 600.837420][T12400] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 600.850921][T12366] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 600.875884][T12366] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.888491][T12366] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.898781][T12366] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.913580][T12366] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.926689][T12400] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 600.940077][T12400] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.949281][T12400] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.958249][T12400] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.967528][T12400] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.156049][T12001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 601.163927][T12001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 601.221590][T12487] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 601.256085][T12487] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 601.294648][T11989] Bluetooth: hci2: command tx timeout [ 601.368003][T11997] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 601.396846][T11997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 601.446782][T11997] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 601.465356][T11997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 601.541550][T12505] ubi0: attaching mtd0 [ 601.570274][T12505] ubi0: scanning is finished [ 601.575827][T12505] ubi0: empty MTD device detected [ 601.599891][T12509] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 601.781159][T12514] snd_virmidi snd_virmidi.0: control 5:9:1:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 601.861778][T11989] Bluetooth: hci4: command tx timeout [ 601.892105][T12505] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 601.900095][T12505] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 601.914606][T12505] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 601.931969][T12505] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 601.948344][T12505] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 601.961570][T12505] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 601.970581][T12505] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2182099171 [ 601.983073][T12505] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 602.003960][T12515] ubi0: background thread "ubi_bgt0d" started, PID 12515 [ 603.375638][T11989] Bluetooth: hci2: command tx timeout [ 604.382029][T12560] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1241'. [ 605.389538][T12575] FAULT_INJECTION: forcing a failure. [ 605.389538][T12575] name failslab, interval 1, probability 0, space 0, times 0 syzkaller syzkaller login: [ 605.422964][T12575] CPU: 1 UID: 0 PID: 12575 Comm: syz.1.1243 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 605.423005][T12575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 605.423019][T12575] Call Trace: [ 605.423027][T12575] [ 605.423036][T12575] dump_stack_lvl+0x16c/0x1f0 [ 605.423083][T12575] should_fail_ex+0x512/0x640 [ 605.423115][T12575] ? __kvmalloc_node_noprof+0x124/0x620 [ 605.423149][T12575] should_failslab+0xc2/0x120 [ 605.423170][T12575] __kvmalloc_node_noprof+0x137/0x620 [ 605.423201][T12575] ? sbitmap_init_node+0x1ca/0x770 [ 605.423229][T12575] ? sbitmap_init_node+0x1ca/0x770 [ 605.423249][T12575] sbitmap_init_node+0x1ca/0x770 [ 605.423277][T12575] sbitmap_queue_init_node+0x41/0x560 [ 605.423306][T12575] blk_mq_init_tags+0x12d/0x2b0 [ 605.423340][T12575] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 605.423372][T12575] ? blk_mq_map_queues+0x211/0x410 [ 605.423401][T12575] __blk_mq_alloc_map_and_rqs+0x128/0x1f0 [ 605.423435][T12575] blk_mq_alloc_tag_set+0x778/0x1260 [ 605.423474][T12575] loop_add+0x3b9/0xb70 [ 605.423498][T12575] ? do_vfs_ioctl+0x523/0x1a60 [ 605.423522][T12575] ? __pfx_loop_add+0x10/0x10 [ 605.423543][T12575] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 605.423588][T12575] ? find_held_lock+0x2b/0x80 [ 605.423614][T12575] loop_control_ioctl+0x13e/0x630 [ 605.423639][T12575] ? __pfx_loop_control_ioctl+0x10/0x10 [ 605.423668][T12575] ? __pfx_loop_control_ioctl+0x10/0x10 [ 605.423695][T12575] __x64_sys_ioctl+0x18b/0x210 [ 605.423722][T12575] do_syscall_64+0xcd/0x490 [ 605.423756][T12575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.423779][T12575] RIP: 0033:0x7f6e59d8e929 [ 605.423796][T12575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.423819][T12575] RSP: 002b:00007f6e5ab65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 605.423840][T12575] RAX: ffffffffffffffda RBX: 00007f6e59fb5fa0 RCX: 00007f6e59d8e929 [ 605.423856][T12575] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000005 [ 605.423870][T12575] RBP: 00007f6e59e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 605.423885][T12575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 605.423902][T12575] R13: 0000000000000000 R14: 00007f6e59fb5fa0 R15: 00007ffc1bc34d88 [ 605.423931][T12575] [ 605.424195][T12575] blk-mq: reduced tag depth (128 -> 64) [ 610.186284][T12639] FAULT_INJECTION: forcing a failure. [ 610.186284][T12639] name failslab, interval 1, probability 0, space 0, times 0 [ 610.202559][T12639] CPU: 0 UID: 0 PID: 12639 Comm: syz.4.1255 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 610.202584][T12639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 610.202594][T12639] Call Trace: [ 610.202599][T12639] [ 610.202605][T12639] dump_stack_lvl+0x16c/0x1f0 [ 610.202632][T12639] should_fail_ex+0x512/0x640 [ 610.202654][T12639] ? fs_reclaim_acquire+0xae/0x150 [ 610.202673][T12639] ? tomoyo_encode2+0x100/0x3e0 [ 610.202691][T12639] should_failslab+0xc2/0x120 [ 610.202705][T12639] __kmalloc_noprof+0xd2/0x510 [ 610.202730][T12639] tomoyo_encode2+0x100/0x3e0 [ 610.202751][T12639] tomoyo_encode+0x29/0x50 [ 610.202769][T12639] tomoyo_realpath_from_path+0x18f/0x6e0 [ 610.202793][T12639] tomoyo_check_open_permission+0x2ab/0x3c0 [ 610.202811][T12639] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 610.202846][T12639] ? find_held_lock+0x2b/0x80 [ 610.202865][T12639] tomoyo_file_open+0x6b/0x90 [ 610.202887][T12639] security_file_open+0x84/0x1e0 [ 610.202906][T12639] do_dentry_open+0x596/0x1c10 [ 610.202933][T12639] vfs_open+0x82/0x3f0 [ 610.202951][T12639] path_openat+0x1de4/0x2cb0 [ 610.202977][T12639] ? __pfx_path_openat+0x10/0x10 [ 610.202998][T12639] ? __lock_acquire+0xb8a/0x1c90 [ 610.203018][T12639] do_filp_open+0x20b/0x470 [ 610.203038][T12639] ? __pfx_do_filp_open+0x10/0x10 [ 610.203072][T12639] ? alloc_fd+0x471/0x7d0 [ 610.203096][T12639] do_sys_openat2+0x11b/0x1d0 [ 610.203111][T12639] ? __pfx_do_sys_openat2+0x10/0x10 [ 610.203139][T12639] __x64_sys_openat+0x174/0x210 [ 610.203156][T12639] ? __pfx___x64_sys_openat+0x10/0x10 [ 610.203180][T12639] do_syscall_64+0xcd/0x490 [ 610.203203][T12639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.203218][T12639] RIP: 0033:0x7f7c7b98e929 [ 610.203231][T12639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 610.203254][T12639] RSP: 002b:00007f7c7c878038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 610.203269][T12639] RAX: ffffffffffffffda RBX: 00007f7c7bbb6080 RCX: 00007f7c7b98e929 [ 610.203281][T12639] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 610.203290][T12639] RBP: 00007f7c7ba10b39 R08: 0000000000000000 R09: 0000000000000000 [ 610.203298][T12639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 610.203306][T12639] R13: 0000000000000000 R14: 00007f7c7bbb6080 R15: 00007fff3dda4598 [ 610.203325][T12639] [ 610.203781][T12639] ERROR: Out of memory at tomoyo_realpath_from_path. [ 613.103336][T12369] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 613.113396][T12369] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 613.130955][T12369] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 613.140199][T12369] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 613.148944][T12369] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 613.612886][T12689] chnl_net:caif_netlink_parms(): no params data found [ 613.787852][T12689] bridge0: port 1(bridge_slave_0) entered blocking state [ 613.796506][T12689] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.803845][T12689] bridge_slave_0: entered allmulticast mode [ 613.814668][T12689] bridge_slave_0: entered promiscuous mode [ 613.823715][T12689] bridge0: port 2(bridge_slave_1) entered blocking state [ 613.833778][T12689] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.841605][T12689] bridge_slave_1: entered allmulticast mode [ 613.849797][T12689] bridge_slave_1: entered promiscuous mode [ 613.894713][T12689] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 613.918656][T12689] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 613.980305][T12689] team0: Port device team_slave_0 added [ 613.990912][T12689] team0: Port device team_slave_1 added [ 614.051507][T12689] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 614.064428][T12689] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 614.097594][T12689] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 614.124723][T12689] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 614.131715][T12689] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 614.183638][T12689] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 614.270588][T12689] hsr_slave_0: entered promiscuous mode [ 614.278220][T12689] hsr_slave_1: entered promiscuous mode [ 614.285027][T12689] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 614.293838][T12689] Cannot create hsr debugfs directory [ 614.591747][T12714] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 614.839258][T12689] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 614.900690][T12689] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 614.932952][T12689] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 615.056707][T12689] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 615.214512][T12369] Bluetooth: hci5: command tx timeout [ 615.516197][T12689] 8021q: adding VLAN 0 to HW filter on device bond0 [ 615.556885][T12735] FAULT_INJECTION: forcing a failure. [ 615.556885][T12735] name failslab, interval 1, probability 0, space 0, times 0 [ 615.569910][T12735] CPU: 1 UID: 0 PID: 12735 Comm: syz.4.1272 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 615.569950][T12735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 615.569963][T12735] Call Trace: [ 615.569972][T12735] [ 615.569981][T12735] dump_stack_lvl+0x16c/0x1f0 [ 615.570026][T12735] should_fail_ex+0x512/0x640 [ 615.570060][T12735] ? __kmalloc_noprof+0xbf/0x510 [ 615.570098][T12735] ? group_cpus_evenly+0x172/0x690 [ 615.570134][T12735] should_failslab+0xc2/0x120 [ 615.570161][T12735] __kmalloc_noprof+0xd2/0x510 [ 615.570205][T12735] group_cpus_evenly+0x172/0x690 [ 615.570233][T12735] ? __pfx_group_cpus_evenly+0x10/0x10 [ 615.570272][T12735] blk_mq_map_queues+0x4a/0x410 [ 615.570299][T12735] ? rcu_is_watching+0x12/0xc0 [ 615.570328][T12735] blk_mq_update_queue_map+0x34a/0x3e0 [ 615.570372][T12735] blk_mq_alloc_tag_set+0x61a/0x1260 [ 615.570414][T12735] loop_add+0x3b9/0xb70 [ 615.570441][T12735] ? do_vfs_ioctl+0x523/0x1a60 [ 615.570470][T12735] ? __pfx_loop_add+0x10/0x10 [ 615.570492][T12735] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 615.570529][T12689] 8021q: adding VLAN 0 to HW filter on device team0 [ 615.570543][T12735] ? find_held_lock+0x2b/0x80 [ 615.570570][T12735] loop_control_ioctl+0x13e/0x630 [ 615.570595][T12735] ? __pfx_loop_control_ioctl+0x10/0x10 [ 615.570627][T12735] ? __pfx_loop_control_ioctl+0x10/0x10 [ 615.570656][T12735] __x64_sys_ioctl+0x18b/0x210 [ 615.570688][T12735] do_syscall_64+0xcd/0x490 [ 615.570726][T12735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.570752][T12735] RIP: 0033:0x7f7c7b98e929 [ 615.570773][T12735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 615.570797][T12735] RSP: 002b:00007f7c7c899038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 615.570821][T12735] RAX: ffffffffffffffda RBX: 00007f7c7bbb5fa0 RCX: 00007f7c7b98e929 [ 615.570838][T12735] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000005 [ 615.570853][T12735] RBP: 00007f7c7ba10b39 R08: 0000000000000000 R09: 0000000000000000 [ 615.570867][T12735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 615.570883][T12735] R13: 0000000000000000 R14: 00007f7c7bbb5fa0 R15: 00007fff3dda4598 [ 615.570915][T12735] [ 615.876411][T12019] bridge0: port 1(bridge_slave_0) entered blocking state [ 615.884509][T12019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 615.932596][T12019] bridge0: port 2(bridge_slave_1) entered blocking state [ 615.939854][T12019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 616.864893][T12689] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 617.295176][T12369] Bluetooth: hci5: command tx timeout [ 617.648145][T12689] veth0_vlan: entered promiscuous mode [ 617.736888][T12689] veth1_vlan: entered promiscuous mode [ 617.877243][T12689] veth0_macvtap: entered promiscuous mode [ 617.898177][T12689] veth1_macvtap: entered promiscuous mode [ 617.976388][T12689] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 617.989528][T12689] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 618.017616][T12689] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.027849][T12689] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.038012][T12689] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.047100][T12689] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 618.300992][T12019] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 618.301019][T12019] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 618.407391][T12001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 618.424842][T12001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 619.376366][T12369] Bluetooth: hci5: command tx timeout [ 621.456671][T12369] Bluetooth: hci5: command tx timeout [ 624.519220][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.525937][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.670614][T12857] ptrace attach of "./syz-executor exec"[12400] was attempted by "./syz-executor exec"[12857] [ 626.475567][T11989] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 626.488603][T11989] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 626.517380][T11989] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 626.563169][T11989] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 626.597040][T11989] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 627.528762][T12893] chnl_net:caif_netlink_parms(): no params data found [ 628.345172][T12893] bridge0: port 1(bridge_slave_0) entered blocking state [ 628.352374][T12893] bridge0: port 1(bridge_slave_0) entered disabled state [ 628.399876][T12893] bridge_slave_0: entered allmulticast mode [ 628.428462][T12893] bridge_slave_0: entered promiscuous mode [ 628.501479][T12893] bridge0: port 2(bridge_slave_1) entered blocking state [ 628.514550][T12893] bridge0: port 2(bridge_slave_1) entered disabled state [ 628.564877][T12893] bridge_slave_1: entered allmulticast mode [ 628.573071][T12893] bridge_slave_1: entered promiscuous mode [ 628.654733][T11989] Bluetooth: hci6: command tx timeout [ 628.689218][T12893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 628.734974][T12893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 628.852272][T12929] sd 0:0:1:0: PR command failed: 1026 [ 628.861967][T12929] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 628.871256][T12929] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 628.907888][T12893] team0: Port device team_slave_0 added [ 628.928573][T12893] team0: Port device team_slave_1 added [ 629.355297][T12893] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 629.377959][T12893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 629.555586][T12893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 629.644571][T12893] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 629.651577][T12893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 629.680778][T12893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 629.960265][T12893] hsr_slave_0: entered promiscuous mode [ 630.001991][T12893] hsr_slave_1: entered promiscuous mode [ 630.024013][T12893] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 630.045467][T12893] Cannot create hsr debugfs directory [ 630.276552][T12947] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1310'. [ 630.500159][T12947] hsr_slave_0 (unregistering): left promiscuous mode [ 630.739876][T11989] Bluetooth: hci6: command tx timeout [ 631.515960][T12893] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 631.578143][T12893] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 631.674658][T12893] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 631.792735][T12893] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 632.408567][T12982] ubi: mtd0 is already attached to ubi0 [ 632.456073][T12893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 632.538530][T12893] 8021q: adding VLAN 0 to HW filter on device team0 [ 632.586377][T11990] bridge0: port 1(bridge_slave_0) entered blocking state [ 632.593570][T11990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 632.746523][T11979] bridge0: port 2(bridge_slave_1) entered blocking state [ 632.753660][T11979] bridge0: port 2(bridge_slave_1) entered forwarding state [ 632.818510][T11989] Bluetooth: hci6: command tx timeout [ 633.942727][T12893] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 634.428944][T13022] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1321'. [ 634.894949][T11989] Bluetooth: hci6: command tx timeout [ 634.907628][T13022] hsr_slave_0 (unregistering): left promiscuous mode [ 635.298329][T12893] veth0_vlan: entered promiscuous mode [ 635.519489][T12893] veth1_vlan: entered promiscuous mode [ 636.000821][T12893] veth0_macvtap: entered promiscuous mode [ 636.186572][T12893] veth1_macvtap: entered promiscuous mode [ 636.489089][T12893] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 636.648353][T12893] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 637.141503][T12893] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.168780][T12893] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.194661][T12893] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.203435][T12893] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.522344][T11997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 637.588442][T11997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 637.868672][T12956] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 637.902284][T12956] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 640.136217][ T30] audit: type=1800 audit(6045850886.225:16): pid=13107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1333" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 640.156363][ C1] vkms_vblank_simulate: vblank timer overrun [ 640.912084][T13097] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 644.376174][T13168] FAULT_INJECTION: forcing a failure. [ 644.376174][T13168] name failslab, interval 1, probability 0, space 0, times 0 [ 644.439553][T13168] CPU: 0 UID: 0 PID: 13168 Comm: syz.3.1346 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 644.439591][T13168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 644.439607][T13168] Call Trace: [ 644.439615][T13168] [ 644.439625][T13168] dump_stack_lvl+0x16c/0x1f0 [ 644.439668][T13168] should_fail_ex+0x512/0x640 [ 644.439703][T13168] ? __kmalloc_noprof+0xbf/0x510 [ 644.439739][T13168] ? memcg_list_lru_alloc+0x4e9/0x740 [ 644.439772][T13168] should_failslab+0xc2/0x120 [ 644.439795][T13168] __kmalloc_noprof+0xd2/0x510 [ 644.439826][T13168] ? __lock_acquire+0x622/0x1c90 [ 644.439862][T13168] memcg_list_lru_alloc+0x4e9/0x740 [ 644.439905][T13168] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 644.439952][T13168] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 644.439990][T13168] __memcg_slab_post_alloc_hook+0x133/0x960 [ 644.440020][T13168] ? kasan_save_track+0x14/0x30 [ 644.440055][T13168] kmem_cache_alloc_lru_noprof+0x30f/0x3b0 [ 644.440086][T13168] ? bdev_alloc_inode+0x26/0x90 [ 644.440110][T13168] ? __pfx_bdev_alloc_inode+0x10/0x10 [ 644.440129][T13168] bdev_alloc_inode+0x26/0x90 [ 644.440151][T13168] ? __pfx_bdev_alloc_inode+0x10/0x10 [ 644.440174][T13168] alloc_inode+0x64/0x240 [ 644.440196][T13168] new_inode+0x22/0x1c0 [ 644.440222][T13168] bdev_alloc+0x2b/0x420 [ 644.440250][T13168] __alloc_disk_node+0x116/0x630 [ 644.440284][T13168] __blk_mq_alloc_disk+0x89/0x120 [ 644.440332][T13168] nbd_dev_add+0x4a0/0xbc0 [ 644.440372][T13168] ? __pfx_nbd_dev_add+0x10/0x10 [ 644.440429][T13168] ? bpf_lsm_capable+0x9/0x10 [ 644.440460][T13168] ? __radix_tree_lookup+0x21f/0x2c0 [ 644.440504][T13168] nbd_genl_connect+0x8b0/0x1c20 [ 644.440543][T13168] ? __pfx_nbd_genl_connect+0x10/0x10 [ 644.440580][T13168] ? __nla_parse+0x40/0x60 [ 644.440609][T13168] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 644.440641][T13168] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 644.440679][T13168] genl_family_rcv_msg_doit+0x209/0x2f0 [ 644.440714][T13168] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 644.440745][T13168] ? genl_get_cmd+0x194/0x580 [ 644.440783][T13168] ? __radix_tree_lookup+0x21f/0x2c0 [ 644.440817][T13168] genl_rcv_msg+0x55c/0x800 [ 644.440847][T13168] ? __pfx_genl_rcv_msg+0x10/0x10 [ 644.440874][T13168] ? __pfx_nbd_genl_connect+0x10/0x10 [ 644.440923][T13168] netlink_rcv_skb+0x158/0x420 [ 644.440948][T13168] ? __pfx_genl_rcv_msg+0x10/0x10 [ 644.440979][T13168] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 644.441022][T13168] ? netlink_deliver_tap+0x1ae/0xd30 [ 644.441053][T13168] genl_rcv+0x28/0x40 [ 644.441191][T13168] netlink_unicast+0x53a/0x7f0 [ 644.441226][T13168] ? __pfx_netlink_unicast+0x10/0x10 [ 644.441268][T13168] netlink_sendmsg+0x8d1/0xdd0 [ 644.441304][T13168] ? __pfx_netlink_sendmsg+0x10/0x10 [ 644.441346][T13168] ____sys_sendmsg+0xa98/0xc70 [ 644.441379][T13168] ? copy_msghdr_from_user+0x10a/0x160 [ 644.441415][T13168] ? __pfx_____sys_sendmsg+0x10/0x10 [ 644.441454][T13168] ? __pfx_futex_wake_mark+0x10/0x10 [ 644.441494][T13168] ___sys_sendmsg+0x134/0x1d0 [ 644.441535][T13168] ? __pfx____sys_sendmsg+0x10/0x10 [ 644.441569][T13168] ? __lock_acquire+0x622/0x1c90 [ 644.441645][T13168] __sys_sendmsg+0x16d/0x220 [ 644.441682][T13168] ? __pfx___sys_sendmsg+0x10/0x10 [ 644.441716][T13168] ? __x64_sys_futex+0x1e0/0x4c0 [ 644.441759][T13168] do_syscall_64+0xcd/0x490 [ 644.441794][T13168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.441817][T13168] RIP: 0033:0x7f9d73f8e929 [ 644.441839][T13168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 644.441864][T13168] RSP: 002b:00007f9d71dd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 644.441890][T13168] RAX: ffffffffffffffda RBX: 00007f9d741b6080 RCX: 00007f9d73f8e929 [ 644.441908][T13168] RDX: 0000000000008880 RSI: 0000200000001e00 RDI: 0000000000000005 [ 644.441924][T13168] RBP: 00007f9d74010b39 R08: 0000000000000000 R09: 0000000000000000 [ 644.441941][T13168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 644.441956][T13168] R13: 0000000000000000 R14: 00007f9d741b6080 R15: 00007ffedc7b73e8 [ 644.441991][T13168] [ 645.024763][T13168] nbd: failed to add new device [ 656.684237][T13336] ptrace attach of "./syz-executor exec"[12893] was attempted by "./syz-executor exec"[13336] [ 659.256054][T13359] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 660.797743][T13401] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1390'. [ 661.701047][T13425] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1396'. [ 662.302031][T13425] hsr_slave_0 (unregistering): left promiscuous mode [ 675.321922][T13600] bridge0: port 3(batadv0) entered blocking state [ 675.362726][T13600] bridge0: port 3(batadv0) entered disabled state [ 675.393419][T13600] batadv0: entered allmulticast mode [ 675.440862][T13600] batadv0: entered promiscuous mode [ 675.457183][T13600] bridge0: port 3(batadv0) entered blocking state [ 675.463832][T13600] bridge0: port 3(batadv0) entered forwarding state [ 675.768165][T11997] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 675.778251][T11997] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 678.288758][T13655] FAULT_INJECTION: forcing a failure. [ 678.288758][T13655] name failslab, interval 1, probability 0, space 0, times 0 [ 678.302909][T13655] CPU: 1 UID: 0 PID: 13655 Comm: syz.4.1440 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 678.302946][T13655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 678.302963][T13655] Call Trace: [ 678.302972][T13655] [ 678.302983][T13655] dump_stack_lvl+0x16c/0x1f0 [ 678.303037][T13655] should_fail_ex+0x512/0x640 [ 678.303074][T13655] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 678.303118][T13655] should_failslab+0xc2/0x120 [ 678.303143][T13655] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 678.303181][T13655] ? __alloc_skb+0x2b2/0x380 [ 678.303222][T13655] __alloc_skb+0x2b2/0x380 [ 678.303255][T13655] ? __pfx___alloc_skb+0x10/0x10 [ 678.303297][T13655] ? netlink_has_listeners+0x20f/0x430 [ 678.303329][T13655] alloc_uevent_skb+0x7d/0x210 [ 678.303359][T13655] kobject_uevent_env+0xca4/0x1870 [ 678.303397][T13655] ? bus_to_subsys+0x131/0x160 [ 678.303432][T13655] device_add+0x10dd/0x1a70 [ 678.303462][T13655] ? __pfx_device_add+0x10/0x10 [ 678.303503][T13655] nfc_register_device+0x41/0x3c0 [ 678.303547][T13655] nci_register_device+0x7f1/0xb80 [ 678.303582][T13655] ? __pfx_nci_register_device+0x10/0x10 [ 678.303620][T13655] ? lockdep_init_map_type+0x5c/0x280 [ 678.303662][T13655] virtual_ncidev_open+0x141/0x220 [ 678.303693][T13655] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 678.303722][T13655] misc_open+0x35d/0x420 [ 678.303753][T13655] ? __pfx_misc_open+0x10/0x10 [ 678.303782][T13655] chrdev_open+0x231/0x6a0 [ 678.303818][T13655] ? __pfx_apparmor_file_open+0x10/0x10 [ 678.303849][T13655] ? __pfx_chrdev_open+0x10/0x10 [ 678.303888][T13655] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 678.303928][T13655] do_dentry_open+0x744/0x1c10 [ 678.303961][T13655] ? __pfx_chrdev_open+0x10/0x10 [ 678.304003][T13655] vfs_open+0x82/0x3f0 [ 678.304045][T13655] path_openat+0x1de4/0x2cb0 [ 678.304096][T13655] ? __pfx_path_openat+0x10/0x10 [ 678.304136][T13655] ? __lock_acquire+0xb8a/0x1c90 [ 678.304172][T13655] do_filp_open+0x20b/0x470 [ 678.304208][T13655] ? __pfx_do_filp_open+0x10/0x10 [ 678.304270][T13655] ? alloc_fd+0x471/0x7d0 [ 678.304316][T13655] do_sys_openat2+0x11b/0x1d0 [ 678.304342][T13655] ? __pfx_do_sys_openat2+0x10/0x10 [ 678.304384][T13655] __x64_sys_openat+0x174/0x210 [ 678.304409][T13655] ? __pfx___x64_sys_openat+0x10/0x10 [ 678.304453][T13655] do_syscall_64+0xcd/0x490 [ 678.304490][T13655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.304513][T13655] RIP: 0033:0x7f7c7b98e929 [ 678.304537][T13655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 678.304561][T13655] RSP: 002b:00007f7c7c899038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 678.304585][T13655] RAX: ffffffffffffffda RBX: 00007f7c7bbb5fa0 RCX: 00007f7c7b98e929 [ 678.304603][T13655] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 678.304617][T13655] RBP: 00007f7c7ba10b39 R08: 0000000000000000 R09: 0000000000000000 [ 678.304630][T13655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 678.304643][T13655] R13: 0000000000000000 R14: 00007f7c7bbb5fa0 R15: 00007fff3dda4598 [ 678.304674][T13655] [ 679.834103][ T30] audit: type=1800 audit(6045850925.915:17): pid=13676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1444" name="lu_gp_id" dev="configfs" ino=133815 res=0 errno=0 [ 680.206276][T13676] ALUA LU Group already has a valid ID, ignoring request [ 685.938584][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.938628][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.566436][T13786] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 688.732967][T13821] random: crng reseeded on system resumption [ 690.823178][T13821] Restarting kernel threads ... [ 690.853807][T13821] Done restarting kernel threads. [ 706.377749][T14028] ptrace attach of "./syz-executor exec"[12689] was attempted by "./syz-executor exec"[14028] [ 716.654978][ T31] INFO: task kworker/u10:1:11982 blocked for more than 143 seconds. [ 716.663046][ T31] Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 [ 716.673038][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 716.704526][ T31] task:kworker/u10:1 state:D stack:27672 pid:11982 tgid:11982 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 716.732517][ T31] Workqueue: netns cleanup_net [ 716.748519][ T31] Call Trace: [ 716.757439][ T31] [ 716.764183][ T31] __schedule+0x116a/0x5de0 [ 716.784554][ T31] ? __pfx___schedule+0x10/0x10 [ 716.797743][ T31] ? find_held_lock+0x2b/0x80 [ 716.802464][ T31] ? schedule+0x2d7/0x3a0 [ 716.834567][ T31] schedule+0xe7/0x3a0 [ 716.838719][ T31] schedule_timeout+0x257/0x290 [ 716.843609][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 716.900412][ T31] ? mark_held_locks+0x49/0x80 [ 716.914441][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 716.919722][ T31] __wait_for_common+0x2ff/0x4e0 [ 716.934608][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 716.950604][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 716.970656][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 717.074402][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 717.080274][ T31] __flush_workqueue+0x3e2/0x1230 [ 717.124437][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 717.129984][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 717.174424][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 717.180021][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 717.208412][ T31] rds_tcp_listen_stop+0x104/0x150 [ 717.234426][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 717.239873][ T31] rds_tcp_exit_net+0xcb/0x810 [ 717.274422][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 717.279855][ T31] ? __pfx___might_resched+0x10/0x10 [ 717.334413][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 717.339882][ T31] ops_undo_list+0x2eb/0xab0 [ 717.421531][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 717.444413][ T31] ? __local_bh_enable_ip+0xa4/0x120 [ 717.449786][ T31] cleanup_net+0x408/0x890 [ 717.454209][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 717.494421][ T31] ? rcu_is_watching+0x12/0xc0 [ 717.499250][ T31] process_one_work+0x9cc/0x1b70 [ 717.504216][ T31] ? __pfx_process_one_work+0x10/0x10 [ 717.544438][ T31] ? assign_work+0x1a0/0x250 [ 717.549082][ T31] worker_thread+0x6c8/0xf10 [ 717.553692][ T31] ? __kthread_parkme+0x19e/0x250 [ 717.650116][ T31] ? __pfx_worker_thread+0x10/0x10 [ 717.655453][ T31] kthread+0x3c5/0x780 [ 717.659627][ T31] ? __pfx_kthread+0x10/0x10 [ 717.664221][ T31] ? rcu_is_watching+0x12/0xc0 [ 717.683868][ T31] ? __pfx_kthread+0x10/0x10 [ 717.688645][ T31] ret_from_fork+0x5d4/0x6f0 [ 717.693289][ T31] ? __pfx_kthread+0x10/0x10 [ 717.717275][ T31] ret_from_fork_asm+0x1a/0x30 [ 717.722142][ T31] [ 717.728248][ T31] [ 717.728248][ T31] Showing all locks held in the system: [ 717.754420][ T31] 4 locks held by rcu_exp_gp_kthr/18: [ 717.777699][ T31] #0: ffff8880b843a418 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 717.794749][ T31] #1: ffff8880b8524088 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x201/0x8e0 [ 717.821159][ T31] #2: ffff8880313fc628 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0xb2/0x1680 [ 717.830776][ T31] #3: ffff8880b843a418 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 717.844667][ T31] 1 lock held by khungtaskd/31: [ 717.849574][ T31] #0: ffffffff8e5c47c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 717.940310][ T31] 2 locks held by kworker/1:2/3083: [ 717.971403][ T31] #0: ffff88801b880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 717.995090][ T31] #1: ffffc9000bac7d10 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 718.008288][ T31] 3 locks held by kworker/1:4/5892: [ 718.013511][ T31] 3 locks held by kworker/u10:1/11982: [ 718.022778][ T31] #0: ffff88801c6fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 718.041254][ T31] #1: ffffc9000bc87d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 718.064433][ T31] #2: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 [ 718.073798][ T31] 3 locks held by kworker/u11:1/11989: [ 718.104589][ T31] #0: ffff88807f564148 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 718.137507][ T31] #1: ffffc9000405fd10 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 718.164010][ T31] #2: ffff888039684d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x175/0x430 [ 718.174037][ T31] 1 lock held by syz.0.1146/12092: [ 718.185383][ T31] #0: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 718.195000][ T31] 3 locks held by kworker/u11:2/12369: [ 718.200484][ T31] #0: ffff8880567df148 ((wq_completion)hci4){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 718.210877][ T31] #1: ffffc90004e57d10 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 718.222939][ T31] #2: ffff88805f318d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x175/0x430 [ 718.232932][ T31] 1 lock held by syz.2.1226/12457: [ 718.238141][ T31] #0: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 718.247686][ T31] 2 locks held by getty/12571: [ 718.252458][ T31] #0: ffff888033d800a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 718.263459][ T31] #1: ffffc90003d122f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 718.273957][ T31] 1 lock held by syz.1.1258/12651: [ 718.279161][ T31] #0: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 718.289354][ T31] 5 locks held by syz-executor/12893: [ 718.294854][ T31] #0: ffff8880854c8d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 718.304614][ T31] #1: ffff8880854c8078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 718.314571][ T31] #2: ffffffff905bf988 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 [ 718.325066][ T31] #3: ffff888025a60b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730 [ 718.334988][ T31] #4: ffffffff8e5cfdb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 718.345436][ T31] 3 locks held by syz.5.1520/14111: [ 718.350662][ T31] #0: ffff888040948d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 718.360534][ T31] #1: ffff888040948078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 718.370308][ T31] #2: ffffffff905bf988 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 [ 718.380658][ T31] 1 lock held by syz.4.1526/14139: [ 718.387072][ T31] #0: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 718.396689][ T31] 1 lock held by syz.3.1528/14143: [ 718.401815][ T31] #0: ffffffff8e5cfdb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 718.412224][ T31] [ 718.444825][ T31] ============================================= [ 718.444825][ T31] [ 718.504409][ T31] NMI backtrace for cpu 0 [ 718.504430][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 718.504461][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 718.504475][ T31] Call Trace: [ 718.504484][ T31] [ 718.504493][ T31] dump_stack_lvl+0x116/0x1f0 [ 718.504532][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 718.504557][ T31] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 718.504590][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 718.504621][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 718.504652][ T31] watchdog+0xf70/0x12c0 [ 718.504691][ T31] ? __pfx_watchdog+0x10/0x10 [ 718.504720][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 718.504753][ T31] ? __kthread_parkme+0x19e/0x250 [ 718.504783][ T31] ? __pfx_watchdog+0x10/0x10 [ 718.504814][ T31] kthread+0x3c5/0x780 [ 718.504844][ T31] ? __pfx_kthread+0x10/0x10 [ 718.504876][ T31] ? rcu_is_watching+0x12/0xc0 [ 718.504899][ T31] ? __pfx_kthread+0x10/0x10 [ 718.504930][ T31] ret_from_fork+0x5d4/0x6f0 [ 718.504958][ T31] ? __pfx_kthread+0x10/0x10 [ 718.504989][ T31] ret_from_fork_asm+0x1a/0x30 [ 718.505028][ T31] [ 718.505037][ T31] Sending NMI from CPU 0 to CPUs 1: [ 718.631749][ C1] NMI backtrace for cpu 1 [ 718.631772][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 718.631802][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 718.631817][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 718.631857][ C1] Code: 4b 75 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 5e 2d 00 fb f4 0c fb 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 718.631880][ C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c2 [ 718.631903][ C1] RAX: 000000000072627f RBX: 0000000000000001 RCX: ffffffff8b7cac29 [ 718.631918][ C1] RDX: 0000000000000000 RSI: ffffffff8de13876 RDI: ffffffff8c1565a0 [ 718.631934][ C1] RBP: ffffed1003cd7b40 R08: 0000000000000001 R09: ffffed10170a6645 [ 718.631950][ C1] R10: ffff8880b853322b R11: 0000000000000001 R12: 0000000000000001 [ 718.631965][ C1] R13: ffff88801e6bda00 R14: ffffffff90a82d50 R15: 0000000000000000 [ 718.631980][ C1] FS: 0000000000000000(0000) GS:ffff888124860000(0000) knlGS:0000000000000000 [ 718.632003][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 718.632019][ C1] CR2: 00005583933c1000 CR3: 0000000034778000 CR4: 00000000003526f0 [ 718.632035][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 718.632049][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 718.632067][ C1] Call Trace: [ 718.632076][ C1] [ 718.632084][ C1] default_idle+0x13/0x20 [ 718.632106][ C1] default_idle_call+0x6d/0xb0 [ 718.632128][ C1] do_idle+0x391/0x510 [ 718.632154][ C1] ? __pfx_do_idle+0x10/0x10 [ 718.632184][ C1] ? trace_sched_exit_tp+0x31/0x130 [ 718.632214][ C1] cpu_startup_entry+0x4f/0x60 [ 718.632237][ C1] start_secondary+0x21d/0x2b0 [ 718.632265][ C1] ? __pfx_start_secondary+0x10/0x10 [ 718.632297][ C1] common_startup_64+0x13e/0x148 [ 718.632342][ C1] [ 718.861093][T14158] Bluetooth: hci4: command 0x0406 tx timeout [ 718.877647][T14158] Bluetooth: hci2: command 0x0406 tx timeout [ 718.962252][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 718.969177][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 718.981007][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 718.991058][ T31] Call Trace: [ 718.994327][ T31] [ 718.997261][ T31] dump_stack_lvl+0x3d/0x1f0 [ 719.001856][ T31] panic+0x71c/0x800 [ 719.005756][ T31] ? __pfx_panic+0x10/0x10 [ 719.010168][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 719.015562][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 719.021575][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 719.026971][ T31] ? watchdog+0xdda/0x12c0 [ 719.031388][ T31] ? watchdog+0xdcd/0x12c0 [ 719.035805][ T31] watchdog+0xdeb/0x12c0 [ 719.040051][ T31] ? __pfx_watchdog+0x10/0x10 [ 719.044725][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 719.049926][ T31] ? __kthread_parkme+0x19e/0x250 [ 719.054951][ T31] ? __pfx_watchdog+0x10/0x10 [ 719.059630][ T31] kthread+0x3c5/0x780 [ 719.063694][ T31] ? __pfx_kthread+0x10/0x10 [ 719.068307][ T31] ? rcu_is_watching+0x12/0xc0 [ 719.073105][ T31] ? __pfx_kthread+0x10/0x10 [ 719.077721][ T31] ret_from_fork+0x5d4/0x6f0 [ 719.082309][ T31] ? __pfx_kthread+0x10/0x10 [ 719.086904][ T31] ret_from_fork_asm+0x1a/0x30 [ 719.091669][ T31] [ 719.094973][ T31] Kernel Offset: disabled [ 719.099306][ T31] Rebooting in 86400 seconds..