last executing test programs: 21.022377429s ago: executing program 0 (id=2354): open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/version\x00', 0x3fbd02, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x400000, 0x4020009, 0xdf, 0x4000eb1, r0, 0x8000) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368a, 0x2, {0x100000000, 0x10000}, 0x5, 0x8, 0xfffffffffffffffd, 0x1008000, 0x0, 0x9, 0x81, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x808}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) getsockopt$auto_SO_TIMESTAMPNS_NEW(r1, 0x80000001, 0x40, &(0x7f0000000100)='/Od\xa5o1\x00\x00\xfc\xff\xff\xff', &(0x7f0000000140)=0x7) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$auto(r2, 0x5453, r2) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) socket(0x11, 0x3, 0x0) socket(0x2, 0x1, 0x84) connect$auto(0x3, 0x0, 0x55) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) remap_file_pages$auto(0x6a27, 0xfff, 0x0, 0x2000003, 0xfff) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x9, 0x1, 0x9) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x43102, 0x0) read$auto_proc_iter_file_ops_compat_inode(r3, &(0x7f00000007c0)=""/153, 0x99) mmap$auto(0x0, 0x42e, 0x736, 0xef1, r1, 0x8000) 19.955717475s ago: executing program 0 (id=2358): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) ioctl$auto(0x3, 0x4020565a, 0x38) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0) socket(0x21, 0x3, 0x9) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_BLKBSZSET(0xffffffffffffffff, 0x40081271, 0x0) unshare$auto(0x40000080) mmap$auto(0x8000000000000000, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/can/rcvlist_sff\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000140)=""/103, 0x67) getpgid(0x0) mmap$auto(0x0, 0x2000d, 0x4080000200df, 0xeb1, 0x404, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r4 = syz_genetlink_get_family_id$auto_802_15_4_mac(0x0, 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x4c, r4, 0xa06, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x8}, @IEEE802154_ATTR_STATUS={0x5, 0x3, 0xe}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x5}, @IEEE802154_ATTR_CSMA_MIN_BE={0x5, 0x26, 0xbd}, @IEEE802154_ATTR_PHY_NAME={0xe, 0x1f, 'ovs_vport\x00'}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x8}]}, 0x4c}}, 0x20004000) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f00000001c0), 0xffffffffffffffff) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f0000000000)="1f91f2c388274610e18d5fc5e5bfd9800e9b4b", 0x13) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000440), r2) 18.087692462s ago: executing program 0 (id=2362): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x106) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x40000, 0x0) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x200009, 0x2, 0x40eb1, 0x602, 0x300000000000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) madvise$auto(0x0, 0x20499d, 0x9) setsockopt$auto(r1, 0x80, 0xffffffff, 0x0, 0x4) mmap$auto(0x2, 0xa10004, 0xffb, 0x50, r1, 0x8000) ioctl$auto(0xffffffffffffffff, 0x541d, r1) sendmsg$auto_NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x4000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket(0xf, 0x3, 0x2) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xd680000000) madvise$auto(0x0, 0x240007, 0x19) 15.051033188s ago: executing program 0 (id=2371): openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0xa28c1, 0x0) clock_settime$auto(0x0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r0 = prctl$auto(0x59616d61, 0xdaffffffffffffff, 0x1, 0x4, 0xfffffffffffffffb) clone$auto(0x9002, 0x8, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) madvise$auto(0x1, 0x1, 0x2) mmap$auto(0x0, 0x200000000000003, 0xdc, 0x9b72, 0x2, 0xa) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x9, 0x19) set_mempolicy_home_node$auto(0x0, 0x10001, 0x0, 0x0) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x400c801) bind$auto(r0, &(0x7f0000000000)=@isdn={0x22, 0x40, 0x7, 0x8}, 0x9) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) prctl$auto_PR_SCHED_CORE_CREATE(0x1, 0x1, 0x0, 0x0, 0x4) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000002c0), 0x44100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40146f2c, 0x0) fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x191483, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0xeee00, 0x31) open_tree$auto(0xffffffffffffff9c, &(0x7f0000001100)='./cgroup\x00', 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x20b42, 0x0) r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000001000), 0x40580, 0x0) readv$auto(r3, &(0x7f00000012c0)={0x0, 0x6}, 0xe) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) socket(0x10, 0x2, 0x0) 13.872381642s ago: executing program 0 (id=2376): ioctl$auto(0xffffffffffffffff, 0xffffff41, 0xffffffffffffffff) (async) r0 = fcntl$auto(0xff80000000000000, 0x409, 0x3f) fallocate$auto(r0, 0x1, 0x200, 0x5) (async) ioctl$auto_EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000000)=0x80) (async) unshare$auto(0x40000080) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48a423, 0x0) (async) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/xfs/xqmstat\x00', 0x20000, 0x0) read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f0000000040)=""/4096, 0x1000) (async) write$auto(0x3, 0x0, 0x2) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r3, r1, 0x9) (async) pivot_root$auto(0x0, 0x0) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) r4 = open(&(0x7f0000000140)='./file0\x00', 0x161342, 0x100) write$auto(r4, &(0x7f0000000000)='}\x00', 0x5) (async) unshare$auto(0x40000080) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r5, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000001400)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="050725bd7000fbdbdf251c0000005c0e0d5cf373ec0012d5b3e454f21d4e93d7c725359ccb20b714f02433f1"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) (async) r8 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) (async) r9 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x2081, 0x0) ioctl$auto_USB_RAW_IOCTL_EP_WRITE(r9, 0x40085507, &(0x7f0000000080)={0x1, 0x0, 0x9}) (async) semctl$auto_GETVAL(0x0, 0x1, 0xc, 0x10000) (async) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r7, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f0000000fc0)=ANY=[@ANYBLOB="340be9ee", @ANYRES16=r8, @ANYBLOB="010029bd7000fbdbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x40c4}, 0x10004080) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 13.170394181s ago: executing program 0 (id=2377): r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) mmap$auto(0x4, 0x5, 0xdf, 0x410, 0xffffffffffffffff, 0x10008001) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) clock_gettime$auto(0x2, &(0x7f0000000000)={0x7, 0x7}) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) io_uring_register$auto(0xffffffffffffffff, 0xffff5594, 0x0, 0x1) prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x40000000000c, 0x3fffffffff) r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r2, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ram3\x00', 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(r4, &(0x7f0000002040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48018}, 0x400c880) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket(0xa, 0x1, 0x84) r6 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x121040, 0x0) preadv$auto(r6, &(0x7f0000000040)={0x0, 0x8010000}, 0x5, 0xfb, 0x8000000001) setsockopt$auto(r5, 0x29, 0x40, 0x0, 0x10000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xffffffffffffffc3, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8805}, 0x2400c804) mmap$auto(0x0, 0x6, 0x203, 0xeb1, 0xffffffffffffffff, 0xb9ea) sysfs$auto(0x0, 0x23, 0x0) r7 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r7, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) mlock2$auto(0x1, 0x8001, 0x0) 12.040313804s ago: executing program 1 (id=2380): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/pagemap\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4020aed2, r0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000400)='/proc/tty/driver/serial\x00', 0x43102, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x600002, 0x0) ptrace$auto(0x10, r2, 0x4, 0x8000040006) ioctl$auto_SNDCTL_DSP_GETTRIGGER(0xffffffffffffffff, 0x80045010, &(0x7f0000004440)) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x20000000) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1021, 0x0, 0xd) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg$auto(r4, &(0x7f00000007c0)={&(0x7f00000006c0), 0x200, &(0x7f0000000740)={&(0x7f0000000700), 0xf}, 0x400, 0x0, 0xe, 0x466d}, 0x6) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/button/parameters/lid_init_state\x00', 0x169882, 0x0) readv$auto(r5, &(0x7f0000000100)={&(0x7f0000000000), 0x6}, 0x9) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01002cbd701dfcdbdf2519000000"], 0x14}, 0x1, 0x0, 0x0, 0x4008890}, 0x4000000) 11.472019668s ago: executing program 1 (id=2385): recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) ioctl$auto(0xffffffffffffffff, 0x5408, 0xffffffffffffffff) setsockopt$auto(0xffffffffffffffff, 0x11, 0x66, 0x0, 0x8) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000400)='\x04>\x00\x19\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p\x0flzM\xa6\xab\xde!T\x9bG\x19\x9680\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R\x00\x00\x00', 0x100) close_range$auto(0x2, 0x8, 0x0) setsockopt$auto_SO_BUF_LOCK(0xffffffffffffffff, 0x0, 0x48, &(0x7f0000000240)='\x00', 0x81) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x541c, r2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xa100, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000240)="1c520b214b197e", 0x7) unshare$auto(0x40000080) r3 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/nbd0/sched/write1_fifo_list\x00', 0x2000, 0x0) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r3, &(0x7f00000000c0)=""/120, 0x78) fadvise64$auto_POSIX_FADV_SEQUENTIAL(0xffffffffffffffff, 0x40, 0x3, 0x2) 9.079238223s ago: executing program 1 (id=2390): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x6c, 0x0, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF2_AGE={0x8, 0x4, 0xab7}, @HSR_A_IF2_SEQ={0x3732ad93cefa422c, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8, 0x2, r2}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @HSR_A_NODE_ADDR={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @HSR_A_NODE_ADDR={0x6}, @HSR_A_IFINDEX={0x0, 0x2, r2}, @HSR_A_IF1_SEQ={0xfffffd18, 0x6, 0x5}, @HSR_A_NODE_ADDR={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x4d, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x2000c00c) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0x9, 0x2, 0x802007fd, 0xffffff5b, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) 8.930997466s ago: executing program 2 (id=2392): r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) mmap$auto(0x4, 0x5, 0xdf, 0x410, 0xffffffffffffffff, 0x10008001) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) clock_gettime$auto(0x2, &(0x7f0000000000)={0x7, 0x7}) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) io_uring_register$auto(0xffffffffffffffff, 0xffff5594, 0x0, 0x1) prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x40000000000c, 0x3fffffffff) r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r2, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ram3\x00', 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(r4, &(0x7f0000002040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48018}, 0x400c880) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket(0xa, 0x1, 0x84) r6 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x121040, 0x0) preadv$auto(r6, &(0x7f0000000040)={0x0, 0x8010000}, 0x5, 0xfb, 0x8000000001) setsockopt$auto(r5, 0x29, 0x40, 0x0, 0x10000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xffffffffffffffc3, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8805}, 0x2400c804) mmap$auto(0x0, 0x6, 0x203, 0xeb1, 0xffffffffffffffff, 0xb9ea) sysfs$auto(0x0, 0x23, 0x0) r7 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r7, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) mlock2$auto(0x1, 0x8001, 0x0) 7.770154122s ago: executing program 3 (id=2395): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/sys/net/ipv4/conf/all/proxy_arp\x00', 0x88302, 0x0) sendfile$auto(r1, r0, 0x0, 0x48) mmap$auto(0x0, 0x2000c, 0x9c1f, 0x20ebc, r0, 0x40000000007ffc) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/security/tomoyo/manager\x00', 0x200, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket(0xa, 0x801, 0x106) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r2 = socket(0x2, 0x2, 0x88) get_robust_list$auto(0x0, &(0x7f0000000680)=&(0x7f0000000640)={{&(0x7f0000000540)={&(0x7f0000000500)}}, 0x100000000, &(0x7f0000000600)={&(0x7f00000005c0)={&(0x7f0000000580)}}}, &(0x7f00000006c0)=0x9) setsockopt$auto(r2, 0x0, 0x20, 0x0, 0x15) listen$auto(0x3, 0x83) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='3dev/atdio1\x00', 0x100000a3dd) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/ram9/queue/write_zeroes_max_bytes\x00', 0x20400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)=""/255, 0xff) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC1D1p\x00', 0xa00, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0) mmap$auto(0xffffffffffff77b7, 0x1000, 0x3, 0x14, 0xfffffffffffffffa, 0x6) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd5\x00', 0x0, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/ram3/trace/end_lba\x00', 0x2062, 0x0) write$auto(r4, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) read$auto(0x3, 0x0, 0x80) close_range$auto(0x2, 0x8, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x4e2701, 0x0) timerfd_create$auto(0x7, 0x462b) 7.333682352s ago: executing program 2 (id=2396): timerfd_create$auto(0x6, 0x81) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc81, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1000000000001, 0x948a, 0x3, 0x3ca6, 0xffffffffdfffffff, 0x3, 0x62, 0x84000001, 0x7, 0x6d3f, 0x9, 0x8, 0x1]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) close_range$auto(r1, 0x8, 0x3) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) setsockopt$auto_SO_DEBUG(0xffffffffffffffff, 0xe38, 0x1, &(0x7f0000000000)='/dev/audio1\x00', 0x5) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/fib_triestat\x00', 0x0, 0x0) pread64$auto(r3, &(0x7f0000000040)='veth1\x00', 0x200000000006, 0x8) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC1D1p\x00', 0x40341, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x200000, 0x0) mprotect$auto(0x0, 0x8000000000000001, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) sendfile$auto(0x1, r4, 0x0, 0x7ffff000) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) socket$nl_generic(0x10, 0x3, 0x10) accept4$auto(r2, &(0x7f0000000040)=@l2={0x1f, 0x3b0, @any, 0xf}, &(0x7f0000000080)=0xf0ad, 0x3) mmap$auto(0x1, 0x680, 0x5bae, 0xeb1, 0x6, 0x8000) mmap$auto(0x8, 0x3a02, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x9, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) 6.823474315s ago: executing program 3 (id=2397): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) semctl$auto(0x80001ef, 0x804, 0x13, 0x8000000000000000) keyctl$auto(0x1, 0x7, 0x100, 0x8, 0x4) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b4a, 0x1) mmap$auto(0x0, 0xe984, 0xdf, 0xeb1, 0x401, 0x8000) 6.579245294s ago: executing program 3 (id=2398): madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bus/usb/028/001\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="24000000684c1d4a5cca530d09203f849aa81ad86801fc76a7c7e722965fa736a47079bf512f08821bfc6f91aec9cc6b00a3f49287161803643cd1283c4c5267cb7ffa47e475412f2c1f2aded817388cd964408f3b7b1fdc8451ee70ba083a084e0fa1f86df2a9b219be005540ab8c7ce42f019fd1c599f8de7bbfb8ff318c3c75038fd5a6fd490ab833cd98147a16f3e701d50fb96f028c6f1d28503cbcd8be2c7450cc0ece6e35427d9d0a8857117cacd8296613caf6e65c7687a8315e7e5ba3d023b35ac1000000000000000000", @ANYRES16=r0, @ANYBLOB="130026bd7000fcdbdf250200000008000300", @ANYRES32=r2, @ANYBLOB="08000c0100000000"], 0x24}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r3, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82060, 0x0) r4 = socket(0xa, 0x1, 0x100) ioperm$auto(0x80004, 0x1, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_MPP(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x0) r6 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r6, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r7 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x0, 0x0, 0x1, 0x1000) select$auto(0xf, 0x0, 0x0, &(0x7f00000005c0)={[0x1ff, 0x3, 0xd, 0x8fd6, 0x0, 0x6, 0x15f4da0a, 0xeb, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x6, 0x80000]}, 0x0) write$auto(r7, &(0x7f0000000500)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x8) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xa, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x20000003, 0x5, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x2, 0x2, 0x6]}, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0xc, 0x5, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0x3, 0x9b7f, r4, 0x8003) madvise$auto(0x2cbf, 0x2, 0x19) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 6.229203523s ago: executing program 2 (id=2399): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) inotify_init1$auto(0x3000000000000) r1 = socket$nl_generic(0x11, 0x3, 0x10) socket(0xa, 0x2, 0x88) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x2, 0x2, 0x1) bpf$auto(0x0, &(0x7f0000000000)=@bpf_attr_4={0x16, r3, 0x4, r1}, 0x10) bpf$auto(0x1, &(0x7f0000000080)=@bpf_attr_3={0x5, 0x0, 0x702955be, 0x2000000000005c, 0x4, 0x9, 0x80, 0xe4, 0xfffff800, "0566c8ee7c78a925488276d7697a12bd", 0x0, 0xea, 0xffffffffffffffff, 0x7, 0x5, 0x4, 0x7, 0x10001, 0x0, 0x8001, @attach_btf_obj_fd=r2, 0x17e, 0x4, 0x1, 0x5, 0x3}, 0x5) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x3e, 0xff, 0x0, 0x1, 0x4) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0xc2481, 0x0) write$auto(r4, 0x0, 0x81) acct$auto(&(0x7f0000000000)='/dev/fb0\x1f') recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) listen$auto(0x3, 0xfffffffa) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty30\x00', 0x62c00, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x3bb940, 0x0) 5.241669919s ago: executing program 2 (id=2400): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) ioctl$auto(0x3, 0x4020565a, 0x38) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0) socket(0x21, 0x3, 0x9) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_BLKBSZSET(0xffffffffffffffff, 0x40081271, 0x0) unshare$auto(0x40000080) mmap$auto(0x8000000000000000, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/can/rcvlist_sff\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000140)=""/103, 0x67) getpgid(0x0) mmap$auto(0x0, 0x2000d, 0x4080000200df, 0xeb1, 0x404, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_DEL_DEV(r0, 0x0, 0x20004000) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f00000001c0), 0xffffffffffffffff) r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r4, &(0x7f0000000000)="1f91f2c388274610e18d5fc5e5bfd9800e9b4b", 0x13) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000440), r2) 3.86813798s ago: executing program 1 (id=2401): statmount$auto(0x0, 0x0, 0xfffff7fffffffffa, 0x81) socket(0x28, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b842, 0x0) write$auto(r0, &(0x7f0000000040)='\xce*+#\x00', 0x80) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.7/usb8/bConfigurationValue\x00', 0x10b042, 0x0) sendfile$auto(r1, r1, 0x0, 0x2) pread64$auto(0xffffffffffffffff, 0x0, 0x2, 0x1ff) setsockopt$auto(0xffffffffffffffff, 0x6a, 0x3, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r2 = eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r2, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15n\x0f\x00\x00\x00\x00\x00\x00}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xb9j\x95k8\x93\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) r4 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x423680, 0x0) preadv$auto(r4, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) 3.328477819s ago: executing program 3 (id=2402): unshare$auto(0x40000080) mmap$auto(0xffffffffffffffff, 0x2022009, 0x3, 0xeb1, 0xffffffffffffffff, 0x7ffffffffffffffe) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, 0x0) unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) setuid$auto(0x800000000008) socket(0x2b, 0x1, 0x1) setsockopt$auto(0x4, 0x0, 0x480, 0xfffffffffffffffe, 0x0) r1 = socket(0x1e, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d8) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r3, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000006900)={&(0x7f0000006980)=ANY=[], 0x124c}, 0x1, 0x0, 0x0, 0x20000041}, 0x800) mmap$auto(0xfffffffffffffffd, 0x2020009, 0x8000000003, 0xeb4, r1, 0x8000) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f0000000040), 0x1800, 0x0) r4 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$auto_RTC_SET_TIME(r4, 0x4024700a, &(0x7f0000000000)={0x1, 0x7, 0x0, 0x8, 0x1, 0x63, 0x10, 0x3, 0x3}) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) mmap$auto(0x0, 0x20009, 0x4000000000e3, 0xeb5, 0x1, 0x8000) prctl$auto(0x3f, 0x7ff, 0x0, 0x5, 0x5) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/pipe-max-size\x00', 0x382, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='^\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8841}, 0x40000) read$auto(r5, 0x0, 0x10001) mkdir$auto(0x0, 0x8) 2.655669801s ago: executing program 2 (id=2403): close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x100, 0x0) socket(0x1, 0x5, 0x0) ioctl$auto(0x3, 0x5411, 0x10000000000402) pwrite64$auto(0xc8, 0x0, 0xfdef, 0x3) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) open(&(0x7f0000000280)='./cgroup\x00', 0x5d52c0, 0x0) r0 = socket(0xa, 0x2, 0x3a) open_by_handle_at$auto(r0, 0x0, 0xffffffff) prctl$auto_PR_PAC_RESET_KEYS(0x36, 0x0, 0xffffffffffffffff, 0x9, 0x7) write$auto(0xffffffffffffffff, 0x0, 0x4) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x801, 0x84) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x300, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x10000, 0x1, 0x2, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) sendmsg$auto_TCP_METRICS_CMD_GET(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000b00)={0x14, r4, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfdbfb}, 0x14}}, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/maps\x00', 0x21000, 0x0) tgkill$auto(0x1, 0x1, 0x5) select$auto(0x1, &(0x7f0000000040)={[0xffffffff00000001, 0xfffffffffffffff7, 0x100, 0x7fff, 0x75, 0x3, 0x9, 0x6, 0xa80d, 0x8000000010000, 0x0, 0x7c43, 0x9, 0x0, 0x4, 0xd133]}, 0x0, 0x0, &(0x7f00000000c0)={0x100}) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) socket$nl_generic(0x10, 0x3, 0x10) 1.414456343s ago: executing program 2 (id=2404): r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) mmap$auto(0x4, 0x5, 0xdf, 0x410, 0xffffffffffffffff, 0x10008001) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) clock_gettime$auto(0x2, &(0x7f0000000000)={0x7, 0x7}) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) io_uring_register$auto(0xffffffffffffffff, 0xffff5594, 0x0, 0x1) prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x40000000000c, 0x3fffffffff) r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r2, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ram3\x00', 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(r4, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x48018}, 0x400c880) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket(0xa, 0x1, 0x84) r6 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x121040, 0x0) preadv$auto(r6, &(0x7f0000000040)={0x0, 0x8010000}, 0x5, 0xfb, 0x8000000001) setsockopt$auto(r5, 0x29, 0x40, 0x0, 0x10000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xffffffffffffffc3, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8805}, 0x2400c804) mmap$auto(0x0, 0x6, 0x203, 0xeb1, 0xffffffffffffffff, 0xb9ea) sysfs$auto(0x0, 0x23, 0x0) r7 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r7, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) mlock2$auto(0x1, 0x8001, 0x0) 1.305570972s ago: executing program 1 (id=2405): mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x9) mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/udp6\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setrlimit$auto(0xa, &(0x7f0000000180)={0x2}) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) socket(0x1e, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x40000, 0xffffffffffffffff, 0x0, 0x1, 0x80800000) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) setrlimit$auto(0xb, 0x0) r1 = getpid() mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mincore$auto(0x1000, 0x8001, 0x0) r2 = gettid() rt_tgsigqueueinfo$auto(r1, r2, 0x21, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r3, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) capget$auto(0x0, 0xfffffffffffffffe) setsockopt$auto(0x3, 0x8000000000000006, 0x25, 0x0, 0x7ffffc) 819.484891ms ago: executing program 3 (id=2406): close_range$auto(0xffffffffffffffff, 0x8, 0x2) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000300)={{&(0x7f0000000140)="19aecd674cd4e9eda3ec87e9fb9ddc7bcd67d4770246153a9c9801eaeedfc764f1324085fd8a4ed331062b3a5e2458315b55b09680c2250569b8de257f8ff7a2d7bf3aae9bf5fe49fb5ef5af69c790175b3e27f3dc91ae590e1a502c09182897b1bf4a3126ed6dbf6a0824df3b7b595e5b215c7a7f09858598f4e5883af6f879e97c8feef6451194a259da8119b06a2faa76651eafc2b1afd5b9d30e8949c0ec885106c4acb7aacafd9a16f52bf7c2aacc217e9c9e96e9240c88490dfae9da470a6a518fe5c83668a7c8478843e9bdab993dfaf6bc026500234705", 0x3, &(0x7f0000000240)={&(0x7f0000000480)="ebfd049c754cb80681c801370191bb425548380cc656629cf66c5d7f8b9b06b26a773fc3e5f9a18bedf644bb605900ade1a73223df4193360b34b6dcd94f56ea9487f012805b7f6b18a40495b5e19ec93836646a221e27c31f5522e8161e201025c31bcb251f781268a7edf5d49f497d0201eaf13ecbcdcf7a2122dcbfe7e3e2d0af0e92a3580b87594fe26c900fd99292b633e08bb802665a790be9c788f0d24ba0b24528555b98746b09cc8f5df403d77fe4c91f7eb8f373629abd47d3e6df827fd8675c5deae621a0230aab8cff17b7df46bbcb9761b8b3a9f80f08075219d08897e7a5c9efb33755772d5d6e771d572b9c4415019948ffe03259a73593e9c30cf843f57f0d1a4c032d50a12c264e429a71ae76ff7d89c5a95bdee89555743b37903f0772ca846fb2b2497891c335e4dda6ebfa317d633342948e6cff7ab7e343f4cdfeb97478326214167c545e94964681ed13fdade586ac01a77ffe99a069f5e920bc17572e0267de1d364436f41ae49323731cd7c80744c19bc33ceb1e67f0a4d67927c76babf5ee89b037ea29f80a4ba7938d47eb4ebd4114ad160c64e066e8390bc51727be8bd5609a5d09b3f851096a244dd5ea8f1742c9063df9ea02207b42bfcfe880848abdd9e43bb0788ddb8df3b88867020fb951e254dcb3ed84764a4fe0abd2dd111205196c83865b9e56208ccc2d03e6abb03ef3bd4c64bc2feccdf61e961b49b22f8aa9bec5e4559a72e1b116030857da388b7f5765d8def90d970bc56b2b744b70767d5c8433ec5d5f431888146cb45eb6bc1d9b08768c6b4d856f3282756721dedcd18963bc7d1ce4673cd2f0f4880486cc8eb87bf14a929ae3f739cb042ead88e303383b41efe9a102af761eb34e9b5fe669b83cf6a16c5aa8791d15a7c4be4cff21f5c3e9cdc59a1484170d5ed39f62d2c8d907227eb0e91dcc0213f860905353f6f64cdf449a45d00a583389367de174ec7fba6e2f76131d2f8a9d5f3d927d0d176850bbfcebec12ba0e8c9e62a1a6667dc1c71e80279b6d304bc410c052f126e1f12e6e46a3b857d507e2112c561cfbcca25d56d2fc519b48e227c67851b57dce51b14f3c3c13b6ed75d78a8fac4decd27da5a466d473da3d0f01ea2af7fe43360b577c8fbd3fc963a22623de1e437f7f84ae9e0474f547e9e278c7a309d5e31a8b1325ceb708919a71ccca7447533883071c4d808914275cbbe00b408b31d76ebadeca34e4034959f6b754c9d80966cc988eaf7d2679e00a2241a323004da95ffb7c71db7e1345a2aa9b78db0753db6c216f7bcd11ba67123d8c869035b4794e1d379cb8c532d631c9b0f87f0c91fad2f58fec493a84658c22b0618b9d5bfeaa31b5af88130a36904c616567825318d153546e22ed90c28ce2d6f84a58903017b4abf0168b734301bd92af5e7e9306d3f7fd924fac8cf2639a1e09d0b82c7d952aac104e2406bcbf96b7125590947f830c4b9b515db85675bc5e570e196927d10d2d1e3242616692c67603f9e348e09812bf440106078fa90e750335f0245dec030b0a3d5a94821316e55e735448c9a066f0cf55bb84ffb0308d167da3d1fdf649eb71e7f36bc63e5fc437e57916b12fd392bdc3417b0f0fc5212ca0394f86c351cc7a0ddd6a92691e8ef501d9bd6a45677208dc28038378241f029abae42564d0deed97b278f63a0331148a17024331c90e812e53a92a10fccedea607f095330e377fd6ea3d34dcabd6fefdeb83c5b7e727561ce3bc8354a5f42624b482750d953d2133bc0114da9a40a997ad2a59091fd729a1ffa8404514b6f23fb2d189fc1fd7422d957d974b96235586b12c19fc5098db87614135465cf6f5a4d29eabe7d3c847873e6f7365025bc0f9b580e7e8982bae46ceaf91b256d63655ea092ad1c68105e8b95ddd968b20a25a52ebf1004959de078ef5dd643bdc5eb029d1161a52b52c0c6971717487bb1cc2cb8fa47a9cee52455bcda8d53f4aee2fe3bc4cbd864f227a030adfb236e9004ae4b9cf0a72efd0ee03245374e1e632ffd7bcd7f6588d41bfe5ba9ef444ef9449eef2682c801d5e76abdad4b11a0e729fbcef70fe10944265319c0320c75198b7af6ebc2ec1bdb4a550cb47561d4ef9ff4a94e3c0345803d52f285e2def1ecf2e778fee967d100a33ee2414516720d1de4c26797640bb8fefd4d6d90af50c35fed1aca47f8c0c217db2fa0ab9fbf8aff2e2b0d74ab20021ef9198d282a8c25e77f8eb6ffe3b42ea351701fc553bfaa61989e5989c93894239ba11b04f440635b5e9f0dd22cf59d1b274acc177b595f05a87cf811bad5aa8020d4bb5731c4d32ee45a8552365ee0789c5c0e72ed2deca362cf260b1a7ba2194a7c1606e4b4343d278c4545f7cca51298293b3ed27391ef06f42a6d2157c2c2a838537695a405a8647a05d3ee627e2fc44e46acf825a6d381bebe9b117f20551e17118347652f4ebb66d1e4391cd5784e140abc842f3f2d10635310efa3bcb920fe23566e41350d2bcb5d94a323d352cd9b2a0834df2b88a129cf4be746aa7bdabe45e18837caae8e090584384c2e9e299fee6d6d8d4b33cee66e0b2b70be20cbae6d7b58ffaf59a76a768be72091c04ab14ed7876cfe612f96df9053c5d76a7362bdc9695e4925344e2efb773bc2b41e2fa57c5053745e78773ecfcfa1287662f0cf7579b0a1ca287a0ccd1b388e10a444392126911f2058cf08f29ebad7545f93825e98a93d87fb613daf9dd5600ef443874b74582992ddca2961be182b30b875f293f0dca9470dc6042f02cf384bb2061e97346b8f183575ebbaff412344b6eb658f18a9e1c38c8bf6585a06937601f8a46587e6581d8a8022aa493b3485b8ec0f3e1b2423ed68bd540a4fecb2acfb66256174d1612278f94ab31d873fd1ae777a7e473e23ba67c7bc874dbd3e153977f967926f51c67d7508e68d7c7281b7f9c1fad28708b62abab95a1706cb032d8023cf40488f9402e5a679c1675de4b2d0942dc9646fd5ea2e8037615479064cb4b7d43b667c3de7abd592f7303acff18bb044cd23a3616942bf279091b8f396139c5f2504afdfe525feb7ed1d57772a216c53ad4c789eaf0fcefcb6bd6e28c46f58e60e330ad62654fb06d831f8fba01f587b8bd7a37821eb9c56674b23427b748d7dfd5fe251c405d7bef4ad5f69107d5d406c178a6372bad81209efb9cf90b56e42bd054d5492a28710d40c1fdde227ff9929cc137f99cfc62a76ee4dccbee42ae1b1bd133ad1832a856212af5ad54eeccb158a79d5ac8ecd29159bb7041ff5146293ee01a5792662ce066e125c2c4b0b40ccb1be1d2d5f6941f362f4b0a5c2b6561a01a429298ddb98fdd3cfec0150d682108545ab5f508a49ada4ca2b7fecd8d8fce4fd010fa96a678e1bd043b48296301c0614fa36fd201ddf25ce545fefe92dc218577257d74dea984eb274a2038ef54ed45e574a6bb1d5d88eed92387908e3c09bbda8357e9012b29e17d19b8238b24457684f1455407232aaf6172b458ba8df00362bff50bb5bf78fc186433afa073eaf1a0acbd0d2f2f782cdf3ad599e83e17b37e3327bbd66dce13419532313f6ebea9d48c5c04224e6340b1411796373e1536ef139c3318432921f0632a1881bbe5b0410f0d5b22d549a5e6160e3e6112694a2bf4b8839cc6a48e06def75743d0c85b18e217f8eccd499e41444d0b0833714df389d5ff9a27d37e8bdaca4f0d17a4def1ce68d881b75b070bb4226c24b5381a7cea4aa03a7d0ed766892fa5b200710af64d8bc30a824cc2109bbbdea38af6dcc827f3fd3bd8a51a7865e21dacbb4dade723d112154f16351eff4c5c2df3dde68513ce0d5734d36639062dc96c2582071a7c6b5b601772b94549653566428b0854feaf9e847a26d6ae792eb9a58cc82719f6ebe884bedb0836799df9a2f0bde7f0f20ba88b0104ef9f82519ad3bd06a19e6f2f17864143b19f888bc092239f6c0b3adb0c71a66df3fbb2379f4ff4b94db90ecc61998df55e49a8ac02f756ba0acc826d894b6daa4037edece344228b108157a13aa33ac241881234dc8314259ea4430b89052c8e477d63c4469ea5f5a947908637a6090caf497a1c796a29e8d78c0a00102ea3e250b560a2ee1d7c5dd57544d61c3294387e1965db75cff1e18b6288b3b8a371637185d54b70ea6ea5d8ae9d1d871d7108f124d490477e4dd68f3f7f008aa2f28b14f5330db57d3548389c7a1c73a83280761e38d4ba593b745318141212d441d576f58e72c83626a3dbacc4d0b07b76d70c1cad78c095c711404d976ac99209aa035356b28d4d8f35a25c96ad290614efdd122612dfd7dd78e024f6593143b023c0ca57ab16e4d799235d508ee2309b55ce65b00bf12d3ff71b0cae19822111890ec27d574c75e1485ab78a8f9cb8c399897a0c86d4225cd60943a91278a7724d03d6ba44744b42bdf92a01472dd7696d3f8995f9fb85b3dbe4bce3c39f7bd02bfc1374929e3550d92ae6996523e57848c967c49e040186c689ca2dc873e2d6223f5d10bd1f45984dfa6e7a809f85ed10a5b5d2e154a35cbc9962849db8aff0f093cbef249d5f222cc75da7588242fdfa97c9179f316bb650c522e61b57f0b609e7ff4dde87bbcb466aa0a3d81d952004e612b16c16532d026c029fc10b8921914f71feca247be274f9631eaa8018a83ec9039fb2df812b75bbb62aa4055eda7a29e440f07f0559e4935d9052b949b66969092f8d12596fe0ee210cee135c567204489369b17df5671112f7979e41fc1ac0886077f93c33c9384dc3321b9dbcb3380bcba65a9128fd757873c099b9ea23ed8c627bd697eaaec933050eb9d4455d69f2c03448ef3e0094f389455c2c712e75a4bf778af4ef5aa6ad5322b0908fb87fb753a8e3278c9648e06b676cada517ab5291ed41346b36f13d790386cc14358d087a187ff998050329e8bc44c1bb9f3a0ee7688ec648f9b8d25eb88725254eb0f76b06bcaec98bc50af8024eeb2934234ddbc2ae799c57a9f3545c7c8ff99289bb5d215784f806b10a2027de7d9212b523024548725272b47964a94d73a4bd33fc10553015ca631236d39d4c38de509961b9fa49bb7aadfca770a326fb1e2d5ff77cf8c338fc4a8cb2f2bd6a8934638eb1c054ff788f36b4a97cc029a7ecff6d163aeec48872d625cffaed392f8d9ac65e1eab7e380a09226bd1a40449dcabed4437795fae310e0b1ac2e83e552914c319fdb26288e75a0d430c0c666eb67ff1f3fc0cec6c3d4912303cf0da742919338b3e27ca3ffd96daf1f3e30fdefba9ee6596063883f16460f384a6dbf03954bf2302759d33d57dc2e7ed873715edb8b3aea0859ddea072e05237819e006eeeb57496700843755255f3d26be5250e6891330bfa0846c697c52473f4e2699f9e485b9db1c5b441916836a7d9d7ce6d26dda547a0a56b9e1acf5cd1e6ec4b6e3b864b9c42c0e6668f85f8512a8e0241c650e74041b61402e44ea0808e3847ff043f1064924cf13b694d2c74fe478b1b83d48c7be5d0e1ec8899d253fdd9d2e5b5030dc9196ff0fe2d8c5073004b13aab77f064f9db0d71d9d67b3bd8bedbab346b51dd24ad2cf8e1f2f1808d54495c72d5c5782ae2f57eff86c04dbab4e63887607526af5481f367596d563578d97276225fe3298b8f33d720f4db18d9df901e83551e16c9e2232bb9866013e7b214da2467f584a65dc3469704b2c49b4a843625d73262b7a8d39471f3474e8112db8eda5091d799795dabd32c15b3e198a3db9ba2320", 0x81}, 0xffffffffffffffff, &(0x7f0000001480)="741dab5db944bb51f2ec9a936ea734c50dd666ed6557ec2e14590c11991e33f25259f089722b9a7efba015b73764132ba9eeba536cabd7a2fdfc1d31d988c09d32bc1744f7ed736e54537bd99ed0a7d6d2c4572254a101fe7ba0707e8f19b21362f92f3953106460edc03829634318380098582a851945d856e4860ce7133d32169682cf1a1bd222d6735f78f856df1dab8227bf8da3a1e9c504523a63f68c41402e7ebbf55b4491c39c871b31edc143a9b0d0c3fd60dee0f2b6d67aa5ef2d6dca41", 0x7, 0x6}, 0x401}, 0xb87, 0x4, &(0x7f0000000340)={0x9, 0x1}) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/vm/nr_hugepages\x00', 0x68001, 0x0) personality$auto(0x40004010410ffc) mmap$auto(0x4, 0x7, 0xffe, 0x8000000008014, r0, 0x8000) mmap$auto(0x0, 0x4, 0xdf, 0x9b72, 0xffffffffffffffff, 0x200000008000) sysfs$auto(0x3, 0x10, 0x0) r1 = fsopen$auto(0x0, 0x1) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={"aecba2f0c96bb61d29bfdd72e98404aee230e47ade2191ab55e735448d6ab2d3", 0x7ff, 0xcfb2, 0x7ff, 0x80000000, 0x200, 0xffffffffffffffff}) mmap$auto(0x39, 0x20009, 0x20004000000000df, 0xeb1, r1, 0x7) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x3, 0x0) io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/192, 0xc0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000280)=""/65, 0x41) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0) mmap$auto(0x4, 0x8000004020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x8) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x40050) mmap$auto(0x0, 0x10000, 0x8000, 0x17, 0xffffffffffffffff, 0x100000000) madvise$auto(0x8080000008, 0x1, 0x1a) syz_clone3(0x0, 0x0) 212.69627ms ago: executing program 3 (id=2407): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/nbd4/queue/wbt_lat_usec\x00', 0x2202, 0x0) mmap$auto(0x0, 0x400009, 0xfffffffffffffffa, 0x9b72, 0xffffffffffffffff, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8001) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0xa, 0x5, 0x0) setsockopt$auto(r1, 0x10000000084, 0x9, 0x0, 0x98) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) socket(0x10, 0x1, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/udp\x00', 0x240, 0x0) pread64$auto(r2, 0x0, 0x200000000003, 0x2f4a3a23) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv6/conf/bond0/ignore_routes_with_linkdown\x00', 0x40001, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r3, 0x0, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/pcrypt/pdecrypt/serial_cpumask\x00', 0x0, 0x0) chdir$auto(&(0x7f00000001c0)='./file0\x00') bpf$auto_BPF_MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)=@bpf_attr_1={r4, 0x1000, @value=0x10000, 0x2}, 0x54d) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88000, 0x0) io_cancel$auto(0x3, 0x0, 0x0) read$auto(r4, 0x0, 0x20) write$auto_proc_pid_attr_operations_base(r0, &(0x7f0000000ec0)='9', 0x1) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={"3fb1d37519dbb981b5a418b3341f90b91860a9419c576ade1edc3d7aa69e7674", 0x40d5, 0x4, 0x1, 0x0, 0x8, 0x0}) fcntl$auto(r0, 0x7fffffff, r5) 0s ago: executing program 1 (id=2408): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) inotify_init1$auto(0x3000000000000) r1 = socket$nl_generic(0x11, 0x3, 0x10) socket(0xa, 0x2, 0x88) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x2, 0x2, 0x1) bpf$auto(0x0, &(0x7f0000000000)=@bpf_attr_4={0x16, r3, 0x4, r1}, 0x10) bpf$auto(0x1, &(0x7f0000000080)=@bpf_attr_3={0x5, 0x0, 0x702955be, 0x2000000000005c, 0x4, 0x9, 0x80, 0xe4, 0xfffff800, "0566c8ee7c78a925488276d7697a12bd", 0x0, 0xea, 0xffffffffffffffff, 0x7, 0x5, 0x4, 0x7, 0x10001, 0x0, 0x8001, @attach_btf_obj_fd=r2, 0x17e, 0x4, 0x1, 0x5, 0x3}, 0x5) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x3e, 0xff, 0x0, 0x1, 0x4) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0xc2481, 0x0) write$auto(r4, 0x0, 0x81) acct$auto(&(0x7f0000000000)='/dev/fb0\x1f') recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) listen$auto(0x3, 0xfffffffa) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty30\x00', 0x62c00, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x3bb940, 0x0) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               [ 751.288627][T14477] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1922'.                                                                                                                                                                                                                                                                                                                                                                                                                                                                   syzkaller syzkaller login: [ 813.050401][T15296] FAULT_INJECTION: forcing a failure. [ 813.050401][T15296] name failslab, interval 1, probability 0, space 0, times 0 [ 813.094399][T15296] CPU: 0 UID: 0 PID: 15296 Comm: syz.1.2092 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 813.094450][T15296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 813.094470][T15296] Call Trace: [ 813.094481][T15296] [ 813.094506][T15296] dump_stack_lvl+0x16c/0x1f0 [ 813.094571][T15296] should_fail_ex+0x512/0x640 [ 813.094623][T15296] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 813.094680][T15296] should_failslab+0xc2/0x120 [ 813.094714][T15296] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 813.094763][T15296] ? trace_kmalloc+0x2b/0xd0 [ 813.094797][T15296] ? seq_open+0x55/0x170 [ 813.094838][T15296] seq_open+0x55/0x170 [ 813.094873][T15296] __seq_open_private+0x3e/0xd0 [ 813.094915][T15296] tracing_open+0x25f/0xf90 [ 813.094953][T15296] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 813.095007][T15296] do_dentry_open+0x741/0x1c10 [ 813.095060][T15296] ? __pfx_tracing_open+0x10/0x10 [ 813.095104][T15296] vfs_open+0x82/0x3f0 [ 813.095146][T15296] path_openat+0x1de4/0x2cb0 [ 813.095211][T15296] ? __pfx_path_openat+0x10/0x10 [ 813.095261][T15296] ? __lock_acquire+0xb8a/0x1c90 [ 813.095312][T15296] do_filp_open+0x20b/0x470 [ 813.095361][T15296] ? __pfx_do_filp_open+0x10/0x10 [ 813.095441][T15296] ? alloc_fd+0x471/0x7d0 [ 813.095507][T15296] do_sys_openat2+0x11b/0x1d0 [ 813.095542][T15296] ? __pfx_do_sys_openat2+0x10/0x10 [ 813.095582][T15296] ? __fget_files+0x20e/0x3c0 [ 813.095630][T15296] __x64_sys_openat+0x174/0x210 [ 813.095667][T15296] ? __pfx___x64_sys_openat+0x10/0x10 [ 813.095700][T15296] ? ksys_write+0x1ac/0x250 [ 813.095760][T15296] do_syscall_64+0xcd/0x490 [ 813.095792][T15296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.095825][T15296] RIP: 0033:0x7f9564d8e929 [ 813.095852][T15296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 813.095885][T15296] RSP: 002b:00007f9565c52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 813.095917][T15296] RAX: ffffffffffffffda RBX: 00007f9564fb5fa0 RCX: 00007f9564d8e929 [ 813.095938][T15296] RDX: 0000000000080800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 813.095960][T15296] RBP: 00007f9565c52090 R08: 0000000000000000 R09: 0000000000000000 [ 813.095981][T15296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 813.096001][T15296] R13: 0000000000000001 R14: 00007f9564fb5fa0 R15: 00007ffc00923068 [ 813.096043][T15296] [ 813.360095][ C0] vkms_vblank_simulate: vblank timer overrun [ 814.520706][T15327] FAULT_INJECTION: forcing a failure. [ 814.520706][T15327] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 814.549604][T15327] CPU: 1 UID: 0 PID: 15327 Comm: syz.1.2099 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 814.549652][T15327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 814.549666][T15327] Call Trace: [ 814.549675][T15327] [ 814.549685][T15327] dump_stack_lvl+0x16c/0x1f0 [ 814.549732][T15327] should_fail_ex+0x512/0x640 [ 814.549773][T15327] _copy_from_user+0x2e/0xd0 [ 814.549813][T15327] copy_msghdr_from_user+0x98/0x160 [ 814.549854][T15327] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 814.549896][T15327] ? kfree+0x24f/0x4d0 [ 814.549924][T15327] ? __pfx__kstrtoull+0x10/0x10 [ 814.549957][T15327] ___sys_sendmsg+0xfe/0x1d0 [ 814.549995][T15327] ? __pfx____sys_sendmsg+0x10/0x10 [ 814.550058][T15327] ? __pfx___might_resched+0x10/0x10 [ 814.550091][T15327] __sys_sendmmsg+0x200/0x420 [ 814.550132][T15327] ? __pfx___sys_sendmmsg+0x10/0x10 [ 814.550178][T15327] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 814.550229][T15327] ? fput+0x70/0xf0 [ 814.550252][T15327] ? ksys_write+0x1ac/0x250 [ 814.550285][T15327] ? __pfx_ksys_write+0x10/0x10 [ 814.550322][T15327] __x64_sys_sendmmsg+0x9c/0x100 [ 814.550358][T15327] ? lockdep_hardirqs_on+0x7c/0x110 [ 814.550401][T15327] do_syscall_64+0xcd/0x490 [ 814.550425][T15327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 814.550450][T15327] RIP: 0033:0x7f9564d8e929 [ 814.550470][T15327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 814.550495][T15327] RSP: 002b:00007f9565c31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 814.550519][T15327] RAX: ffffffffffffffda RBX: 00007f9564fb6080 RCX: 00007f9564d8e929 [ 814.550535][T15327] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 814.550550][T15327] RBP: 00007f9565c31090 R08: 0000000000000000 R09: 0000000000000000 [ 814.550565][T15327] R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000001 [ 814.550592][T15327] R13: 0000000000000001 R14: 00007f9564fb6080 R15: 00007ffc00923068 [ 814.550621][T15327] [ 814.842350][T15326] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 814.913462][T15321] ima: policy update failed [ 814.945223][ T30] audit: type=1802 audit(4294969497.859:24): pid=15321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2100" res=0 errno=0 [ 818.980298][T15383] FAULT_INJECTION: forcing a failure. [ 818.980298][T15383] name failslab, interval 1, probability 0, space 0, times 0 [ 819.015794][T15383] CPU: 1 UID: 0 PID: 15383 Comm: syz.2.2112 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 819.015832][T15383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 819.015847][T15383] Call Trace: [ 819.015856][T15383] [ 819.015866][T15383] dump_stack_lvl+0x16c/0x1f0 [ 819.015915][T15383] should_fail_ex+0x512/0x640 [ 819.015958][T15383] should_failslab+0xc2/0x120 [ 819.015984][T15383] __kmalloc_cache_noprof+0x6a/0x3e0 [ 819.016019][T15383] ? __sctp_v6_cmp_addr+0x206/0x530 [ 819.016047][T15383] ? sctp_add_bind_addr+0xae/0x3f0 [ 819.016089][T15383] sctp_add_bind_addr+0xae/0x3f0 [ 819.016130][T15383] sctp_copy_local_addr_list+0x39d/0x5a0 [ 819.016163][T15383] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 819.016195][T15383] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 819.016236][T15383] ? sctp_bind_addr_copy+0xe0/0x530 [ 819.016274][T15383] sctp_bind_addr_copy+0xe0/0x530 [ 819.016319][T15383] sctp_connect_new_asoc+0x1d7/0x790 [ 819.016354][T15383] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 819.016388][T15383] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 819.016427][T15383] __sctp_connect+0x3f3/0xc60 [ 819.016461][T15383] ? do_raw_spin_lock+0x12c/0x2b0 [ 819.016502][T15383] ? __pfx___sctp_connect+0x10/0x10 [ 819.016536][T15383] ? __pfx_sctp_inet_connect+0x10/0x10 [ 819.016568][T15383] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 819.016610][T15383] ? __pfx_sctp_inet_connect+0x10/0x10 [ 819.016639][T15383] sctp_inet_connect+0x15f/0x200 [ 819.016672][T15383] __sys_connect_file+0x141/0x1a0 [ 819.016712][T15383] __sys_connect+0x13b/0x160 [ 819.016745][T15383] ? __pfx___sys_connect+0x10/0x10 [ 819.016790][T15383] ? __pfx_ksys_write+0x10/0x10 [ 819.016831][T15383] __x64_sys_connect+0x72/0xb0 [ 819.016863][T15383] ? lockdep_hardirqs_on+0x7c/0x110 [ 819.016900][T15383] do_syscall_64+0xcd/0x490 [ 819.016925][T15383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.016950][T15383] RIP: 0033:0x7f141218e929 [ 819.016971][T15383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 819.016995][T15383] RSP: 002b:00007f1412fd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 819.017018][T15383] RAX: ffffffffffffffda RBX: 00007f14123b5fa0 RCX: 00007f141218e929 [ 819.017033][T15383] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 819.017048][T15383] RBP: 00007f1412fd6090 R08: 0000000000000000 R09: 0000000000000000 [ 819.017064][T15383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 819.017078][T15383] R13: 0000000000000000 R14: 00007f14123b5fa0 R15: 00007fffeda272f8 [ 819.017109][T15383] [ 821.371507][T15412] FAULT_INJECTION: forcing a failure. [ 821.371507][T15412] name failslab, interval 1, probability 0, space 0, times 0 [ 821.386765][T15412] CPU: 0 UID: 0 PID: 15412 Comm: syz.1.2120 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 821.386801][T15412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 821.386818][T15412] Call Trace: [ 821.386827][T15412] [ 821.386837][T15412] dump_stack_lvl+0x16c/0x1f0 [ 821.386888][T15412] should_fail_ex+0x512/0x640 [ 821.386926][T15412] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 821.386969][T15412] should_failslab+0xc2/0x120 [ 821.386994][T15412] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 821.387029][T15412] ? __asan_memcpy+0x3c/0x60 [ 821.387062][T15412] ? __kernfs_new_node+0xd2/0x8e0 [ 821.387104][T15412] __kernfs_new_node+0xd2/0x8e0 [ 821.387151][T15412] ? __pfx___kernfs_new_node+0x10/0x10 [ 821.387194][T15412] ? find_held_lock+0x2b/0x80 [ 821.387222][T15412] ? kernfs_root+0xee/0x2a0 [ 821.387263][T15412] kernfs_new_node+0x13c/0x1e0 [ 821.387308][T15412] kernfs_create_link+0xcc/0x240 [ 821.387339][T15412] sysfs_do_create_link_sd+0x90/0x140 [ 821.387376][T15412] sysfs_create_link+0x61/0xc0 [ 821.387409][T15412] device_add+0x62c/0x1a70 [ 821.387442][T15412] ? __pfx_device_add+0x10/0x10 [ 821.387468][T15412] ? lockdep_init_map_type+0x5c/0x280 [ 821.387503][T15412] ? __init_waitqueue_head+0xca/0x150 [ 821.387550][T15412] netdev_register_kobject+0x182/0x3a0 [ 821.387585][T15412] register_netdevice+0x13dc/0x2270 [ 821.387618][T15412] ? __pfx_register_netdevice+0x10/0x10 [ 821.387652][T15412] ? __pfx_loopback_net_init+0x10/0x10 [ 821.387685][T15412] register_netdev+0x34/0x50 [ 821.387710][T15412] loopback_net_init+0x7a/0x170 [ 821.387739][T15412] ? __pfx_loopback_net_init+0x10/0x10 [ 821.387767][T15412] ops_init+0x1e2/0x5f0 [ 821.387801][T15412] setup_net+0x1ff/0x510 [ 821.387824][T15412] ? lockdep_init_map_type+0x5c/0x280 [ 821.387858][T15412] ? __pfx_setup_net+0x10/0x10 [ 821.387886][T15412] ? debug_mutex_init+0x37/0x70 [ 821.387913][T15412] copy_net_ns+0x2a6/0x5f0 [ 821.387944][T15412] create_new_namespaces+0x3ea/0xa90 [ 821.387979][T15412] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 821.388024][T15412] ksys_unshare+0x45b/0xa40 [ 821.388060][T15412] ? __pfx_ksys_unshare+0x10/0x10 [ 821.388094][T15412] ? xfd_validate_state+0x61/0x180 [ 821.388140][T15412] __x64_sys_unshare+0x31/0x40 [ 821.388172][T15412] do_syscall_64+0xcd/0x490 [ 821.388198][T15412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.388224][T15412] RIP: 0033:0x7f9564d8e929 [ 821.388247][T15412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 821.388273][T15412] RSP: 002b:00007f9565c52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 821.388297][T15412] RAX: ffffffffffffffda RBX: 00007f9564fb5fa0 RCX: 00007f9564d8e929 [ 821.388315][T15412] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 821.388332][T15412] RBP: 00007f9564e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 821.388349][T15412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 821.388365][T15412] R13: 0000000000000000 R14: 00007f9564fb5fa0 R15: 00007ffc00923068 [ 821.388396][T15412] [ 821.770868][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 821.778018][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 824.421460][T15445] FAULT_INJECTION: forcing a failure. [ 824.421460][T15445] name failslab, interval 1, probability 0, space 0, times 0 [ 824.496198][T15445] CPU: 0 UID: 0 PID: 15445 Comm: syz.3.2125 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 824.496250][T15445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 824.496272][T15445] Call Trace: [ 824.496285][T15445] [ 824.496299][T15445] dump_stack_lvl+0x16c/0x1f0 [ 824.496367][T15445] should_fail_ex+0x512/0x640 [ 824.496426][T15445] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 824.496488][T15445] should_failslab+0xc2/0x120 [ 824.496522][T15445] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 824.496579][T15445] ? ethnl_default_set_doit+0x397/0xb10 [ 824.496621][T15445] kmemdup_noprof+0x29/0x60 [ 824.496671][T15445] ethnl_default_set_doit+0x397/0xb10 [ 824.496707][T15445] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 824.496744][T15445] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 824.496796][T15445] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 824.496851][T15445] genl_family_rcv_msg_doit+0x206/0x2f0 [ 824.496896][T15445] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 824.496941][T15445] ? trace_cap_capable+0x18d/0x200 [ 824.496987][T15445] ? bpf_lsm_capable+0x9/0x10 [ 824.497028][T15445] ? security_capable+0x7e/0x260 [ 824.497063][T15445] ? ns_capable+0xd7/0x110 [ 824.497104][T15445] genl_rcv_msg+0x55c/0x800 [ 824.497155][T15445] ? __pfx_genl_rcv_msg+0x10/0x10 [ 824.497200][T15445] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 824.497241][T15445] ? rcu_is_watching+0x12/0xc0 [ 824.497276][T15445] ? irqentry_exit+0x3b/0x90 [ 824.497335][T15445] netlink_rcv_skb+0x155/0x420 [ 824.497374][T15445] ? __pfx_genl_rcv_msg+0x10/0x10 [ 824.497429][T15445] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 824.497500][T15445] genl_rcv+0x28/0x40 [ 824.497538][T15445] netlink_unicast+0x53d/0x7f0 [ 824.497582][T15445] ? __pfx_netlink_unicast+0x10/0x10 [ 824.497635][T15445] netlink_sendmsg+0x8d1/0xdd0 [ 824.497681][T15445] ? __pfx_netlink_sendmsg+0x10/0x10 [ 824.497738][T15445] ____sys_sendmsg+0xa98/0xc70 [ 824.497782][T15445] ? copy_msghdr_from_user+0x10a/0x160 [ 824.497836][T15445] ? __pfx_____sys_sendmsg+0x10/0x10 [ 824.497897][T15445] ___sys_sendmsg+0x134/0x1d0 [ 824.497951][T15445] ? __pfx____sys_sendmsg+0x10/0x10 [ 824.498001][T15445] ? __lock_acquire+0x622/0x1c90 [ 824.498093][T15445] __sys_sendmsg+0x16d/0x220 [ 824.498140][T15445] ? __pfx___sys_sendmsg+0x10/0x10 [ 824.498209][T15445] do_syscall_64+0xcd/0x490 [ 824.498238][T15445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 824.498269][T15445] RIP: 0033:0x7fc67ed8e929 [ 824.498292][T15445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 824.498321][T15445] RSP: 002b:00007fc67fc70038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 824.498348][T15445] RAX: ffffffffffffffda RBX: 00007fc67efb5fa0 RCX: 00007fc67ed8e929 [ 824.498368][T15445] RDX: 0000000020004000 RSI: 0000200000000cc0 RDI: 0000000000000003 [ 824.498392][T15445] RBP: 00007fc67fc70090 R08: 0000000000000000 R09: 0000000000000000 [ 824.498409][T15445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 824.498427][T15445] R13: 0000000000000000 R14: 00007fc67efb5fa0 R15: 00007ffd127aada8 [ 824.498463][T15445] [ 824.876698][T15421] Process accounting resumed [ 826.187688][T15467] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2132'. [ 826.335207][T15466] can: request_module (can-proto-0) failed. [ 830.742898][T15546] mkiss: ax0: crc mode is auto. [ 832.575612][T15572] FAULT_INJECTION: forcing a failure. [ 832.575612][T15572] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 832.636177][T15572] CPU: 1 UID: 0 PID: 15572 Comm: syz.1.2156 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 832.636229][T15572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 832.636250][T15572] Call Trace: [ 832.636262][T15572] [ 832.636276][T15572] dump_stack_lvl+0x16c/0x1f0 [ 832.636341][T15572] should_fail_ex+0x512/0x640 [ 832.636400][T15572] _copy_from_user+0x2e/0xd0 [ 832.636457][T15572] kstrtouint_from_user+0xd6/0x1d0 [ 832.636500][T15572] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 832.636541][T15572] ? __lock_acquire+0xb8a/0x1c90 [ 832.636608][T15572] proc_fail_nth_write+0x83/0x250 [ 832.636651][T15572] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 832.636702][T15572] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 832.636740][T15572] vfs_write+0x2a0/0x1150 [ 832.636802][T15572] ? __pfx___mutex_lock+0x10/0x10 [ 832.636834][T15572] ? __pfx_vfs_write+0x10/0x10 [ 832.636894][T15572] ? __fget_files+0x20e/0x3c0 [ 832.636953][T15572] ksys_write+0x12a/0x250 [ 832.636996][T15572] ? __pfx_ksys_write+0x10/0x10 [ 832.637045][T15572] ? fput+0x70/0xf0 [ 832.637084][T15572] do_syscall_64+0xcd/0x490 [ 832.637119][T15572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.637155][T15572] RIP: 0033:0x7f9564d8d3df [ 832.637182][T15572] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 832.637220][T15572] RSP: 002b:00007f9565c52030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 832.637252][T15572] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9564d8d3df [ 832.637273][T15572] RDX: 0000000000000001 RSI: 00007f9565c520a0 RDI: 0000000000000008 [ 832.637293][T15572] RBP: 00007f9565c52090 R08: 0000000000000000 R09: 0000000000000000 [ 832.637314][T15572] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 832.637334][T15572] R13: 0000000000000000 R14: 00007f9564fb5fa0 R15: 00007ffc00923068 [ 832.637378][T15572] [ 832.857561][ C1] vkms_vblank_simulate: vblank timer overrun [ 834.823242][T15628] FAULT_INJECTION: forcing a failure. [ 834.823242][T15628] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 834.865226][T15628] CPU: 0 UID: 0 PID: 15628 Comm: syz.2.2168 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 834.865275][T15628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 834.865294][T15628] Call Trace: [ 834.865305][T15628] [ 834.865317][T15628] dump_stack_lvl+0x16c/0x1f0 [ 834.865380][T15628] should_fail_ex+0x512/0x640 [ 834.865437][T15628] _copy_from_user+0x2e/0xd0 [ 834.865495][T15628] get_user_ifreq+0x77/0x1c0 [ 834.865532][T15628] sock_ioctl+0x586/0x6b0 [ 834.865576][T15628] ? __pfx_sock_ioctl+0x10/0x10 [ 834.865613][T15628] ? hook_file_ioctl_common+0x145/0x410 [ 834.865662][T15628] ? __fget_files+0x20e/0x3c0 [ 834.865726][T15628] ? __pfx_sock_ioctl+0x10/0x10 [ 834.865770][T15628] __x64_sys_ioctl+0x18e/0x210 [ 834.865811][T15628] do_syscall_64+0xcd/0x490 [ 834.865843][T15628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.865877][T15628] RIP: 0033:0x7f141218e929 [ 834.865903][T15628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 834.865933][T15628] RSP: 002b:00007f1412fd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 834.865963][T15628] RAX: ffffffffffffffda RBX: 00007f14123b5fa0 RCX: 00007f141218e929 [ 834.865984][T15628] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000003 [ 834.866003][T15628] RBP: 00007f1412fd6090 R08: 0000000000000000 R09: 0000000000000000 [ 834.866023][T15628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 834.866042][T15628] R13: 0000000000000000 R14: 00007f14123b5fa0 R15: 00007fffeda272f8 [ 834.866081][T15628] [ 837.640461][T15679] ICMPv6: process `syz.1.2180' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 837.756817][T15685] FAULT_INJECTION: forcing a failure. [ 837.756817][T15685] name failslab, interval 1, probability 0, space 0, times 0 [ 837.817886][T15685] CPU: 1 UID: 0 PID: 15685 Comm: syz.1.2180 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 837.817945][T15685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 837.817969][T15685] Call Trace: [ 837.817982][T15685] [ 837.817997][T15685] dump_stack_lvl+0x16c/0x1f0 [ 837.818065][T15685] should_fail_ex+0x512/0x640 [ 837.818121][T15685] ? __kmalloc_noprof+0xbf/0x510 [ 837.818179][T15685] ? ptp_open+0x103/0x520 [ 837.818222][T15685] should_failslab+0xc2/0x120 [ 837.818256][T15685] __kmalloc_noprof+0xd2/0x510 [ 837.818322][T15685] ptp_open+0x103/0x520 [ 837.818370][T15685] ? __pfx_ptp_open+0x10/0x10 [ 837.818425][T15685] ? __pfx_ptp_open+0x10/0x10 [ 837.818467][T15685] posix_clock_open+0x178/0x290 [ 837.818510][T15685] ? __pfx_posix_clock_open+0x10/0x10 [ 837.818548][T15685] chrdev_open+0x234/0x6a0 [ 837.818601][T15685] ? __pfx_apparmor_file_open+0x10/0x10 [ 837.818656][T15685] ? __pfx_chrdev_open+0x10/0x10 [ 837.818720][T15685] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 837.818777][T15685] do_dentry_open+0x741/0x1c10 [ 837.818831][T15685] ? __pfx_chrdev_open+0x10/0x10 [ 837.818894][T15685] vfs_open+0x82/0x3f0 [ 837.818938][T15685] path_openat+0x1de4/0x2cb0 [ 837.819005][T15685] ? __pfx_path_openat+0x10/0x10 [ 837.819058][T15685] ? __lock_acquire+0xb8a/0x1c90 [ 837.819108][T15685] do_filp_open+0x20b/0x470 [ 837.819151][T15685] ? __pfx_do_filp_open+0x10/0x10 [ 837.819233][T15685] ? alloc_fd+0x471/0x7d0 [ 837.819292][T15685] do_sys_openat2+0x11b/0x1d0 [ 837.819329][T15685] ? __pfx_do_sys_openat2+0x10/0x10 [ 837.819386][T15685] __x64_sys_openat+0x174/0x210 [ 837.819427][T15685] ? __pfx___x64_sys_openat+0x10/0x10 [ 837.819487][T15685] do_syscall_64+0xcd/0x490 [ 837.819525][T15685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.819561][T15685] RIP: 0033:0x7f9564d8e929 [ 837.819591][T15685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 837.819629][T15685] RSP: 002b:00007f9565c31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 837.819674][T15685] RAX: ffffffffffffffda RBX: 00007f9564fb6080 RCX: 00007f9564d8e929 [ 837.819699][T15685] RDX: 0000000000000440 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 837.819723][T15685] RBP: 00007f9564e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 837.819745][T15685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 837.819768][T15685] R13: 0000000000000000 R14: 00007f9564fb6080 R15: 00007ffc00923068 [ 837.819812][T15685] [ 842.281990][T15733] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2192'. [ 843.187733][T15747] can: request_module (can-proto-0) failed. [ 843.723586][T15757] FAULT_INJECTION: forcing a failure. [ 843.723586][T15757] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 843.784533][T15757] CPU: 1 UID: 0 PID: 15757 Comm: syz.3.2196 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 843.784584][T15757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 843.784605][T15757] Call Trace: [ 843.784616][T15757] [ 843.784629][T15757] dump_stack_lvl+0x16c/0x1f0 [ 843.784703][T15757] should_fail_ex+0x512/0x640 [ 843.784761][T15757] _copy_from_iter+0x463/0x16f0 [ 843.784827][T15757] ? __pfx__copy_from_iter+0x10/0x10 [ 843.784889][T15757] ? __pfx___might_resched+0x10/0x10 [ 843.784937][T15757] file_tty_write.constprop.0+0x488/0x9b0 [ 843.785012][T15757] redirected_tty_write+0xd4/0x150 [ 843.785067][T15757] do_iter_readv_writev+0x654/0x950 [ 843.785116][T15757] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 843.785169][T15757] ? bpf_lsm_file_permission+0x9/0x10 [ 843.785206][T15757] ? security_file_permission+0x71/0x210 [ 843.785247][T15757] ? rw_verify_area+0xcf/0x680 [ 843.785295][T15757] vfs_writev+0x35f/0xde0 [ 843.785336][T15757] ? __pfx_vfs_writev+0x10/0x10 [ 843.785389][T15757] ? __fget_files+0x20e/0x3c0 [ 843.785422][T15757] ? __fget_files+0x1e0/0x3c0 [ 843.785462][T15757] ? do_writev+0x132/0x340 [ 843.785500][T15757] do_writev+0x132/0x340 [ 843.785544][T15757] ? __pfx_do_writev+0x10/0x10 [ 843.785588][T15757] do_syscall_64+0xcd/0x490 [ 843.785613][T15757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.785638][T15757] RIP: 0033:0x7fc67ed8e929 [ 843.785663][T15757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 843.785688][T15757] RSP: 002b:00007fc67fc70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 843.785711][T15757] RAX: ffffffffffffffda RBX: 00007fc67efb5fa0 RCX: 00007fc67ed8e929 [ 843.785727][T15757] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 843.785742][T15757] RBP: 00007fc67fc70090 R08: 0000000000000000 R09: 0000000000000000 [ 843.785758][T15757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 843.785772][T15757] R13: 0000000000000000 R14: 00007fc67efb5fa0 R15: 00007ffd127aada8 [ 843.785802][T15757] [ 844.015238][ C1] vkms_vblank_simulate: vblank timer overrun [ 844.073658][T15760] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2195'. [ 844.699976][T15768] FAULT_INJECTION: forcing a failure. [ 844.699976][T15768] name fail_futex, interval 1, probability 0, space 0, times 0 [ 844.720261][T15768] CPU: 1 UID: 0 PID: 15768 Comm: syz.3.2198 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 844.720313][T15768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 844.720333][T15768] Call Trace: [ 844.720344][T15768] [ 844.720365][T15768] dump_stack_lvl+0x16c/0x1f0 [ 844.720427][T15768] should_fail_ex+0x512/0x640 [ 844.720485][T15768] get_futex_key+0x1d0/0x1540 [ 844.720530][T15768] ? __pfx_get_futex_key+0x10/0x10 [ 844.720580][T15768] futex_wake+0xea/0x530 [ 844.720629][T15768] ? rcu_is_watching+0x12/0xc0 [ 844.720665][T15768] ? __pfx_futex_wake+0x10/0x10 [ 844.720715][T15768] ? kmem_cache_free+0x2d1/0x4d0 [ 844.720758][T15768] ? fd_install+0x225/0x750 [ 844.720800][T15768] ? putname+0x154/0x1a0 [ 844.720839][T15768] do_futex+0x1e3/0x350 [ 844.720877][T15768] ? __pfx_do_futex+0x10/0x10 [ 844.720931][T15768] __x64_sys_futex+0x1e0/0x4c0 [ 844.720975][T15768] ? __x64_sys_openat+0x174/0x210 [ 844.721014][T15768] ? __pfx___x64_sys_futex+0x10/0x10 [ 844.721064][T15768] do_syscall_64+0xcd/0x490 [ 844.721096][T15768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.721125][T15768] RIP: 0033:0x7fc67ed8e929 [ 844.721151][T15768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 844.721183][T15768] RSP: 002b:00007fc67fc4f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 844.721213][T15768] RAX: ffffffffffffffda RBX: 00007fc67efb6088 RCX: 00007fc67ed8e929 [ 844.721233][T15768] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc67efb608c [ 844.721261][T15768] RBP: 00007fc67efb6080 R08: 00007fc67fc71000 R09: 0000000000000000 [ 844.721286][T15768] R10: 0000000000000007 R11: 0000000000000246 R12: 00007fc67efb608c [ 844.721305][T15768] R13: 0000000000000000 R14: 00007ffd127aacc0 R15: 00007ffd127aada8 [ 844.721345][T15768] [ 844.929476][ C1] vkms_vblank_simulate: vblank timer overrun [ 845.259589][T15768] FAULT_INJECTION: forcing a failure. [ 845.259589][T15768] name fail_futex, interval 1, probability 0, space 0, times 0 [ 845.274143][T15768] CPU: 1 UID: 0 PID: 15768 Comm: syz.3.2198 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 845.274189][T15768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 845.274210][T15768] Call Trace: [ 845.274222][T15768] [ 845.274236][T15768] dump_stack_lvl+0x16c/0x1f0 [ 845.274300][T15768] should_fail_ex+0x512/0x640 [ 845.274366][T15768] get_futex_key+0x293/0x1540 [ 845.274413][T15768] ? __pfx_get_futex_key+0x10/0x10 [ 845.274453][T15768] ? __mutex_trylock_common+0xe9/0x250 [ 845.274511][T15768] futex_wake+0xea/0x530 [ 845.274562][T15768] ? __pfx_futex_wake+0x10/0x10 [ 845.274606][T15768] ? __lock_acquire+0xb8a/0x1c90 [ 845.274670][T15768] do_futex+0x1e3/0x350 [ 845.274712][T15768] ? __pfx_do_futex+0x10/0x10 [ 845.274750][T15768] ? __might_fault+0xe3/0x190 [ 845.274811][T15768] mm_release+0x24e/0x300 [ 845.274850][T15768] do_exit+0x683/0x2bd0 [ 845.274895][T15768] ? find_held_lock+0x2b/0x80 [ 845.274933][T15768] ? __pfx_do_exit+0x10/0x10 [ 845.274987][T15768] ? do_raw_spin_lock+0x12c/0x2b0 [ 845.275035][T15768] ? find_held_lock+0x2b/0x80 [ 845.275073][T15768] do_group_exit+0xd3/0x2a0 [ 845.275119][T15768] get_signal+0x2673/0x26d0 [ 845.275172][T15768] ? __pfx_get_signal+0x10/0x10 [ 845.275218][T15768] arch_do_signal_or_restart+0x8f/0x790 [ 845.275257][T15768] ? __fget_files+0x20e/0x3c0 [ 845.275301][T15768] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 845.275356][T15768] ? __pfx_ksys_write+0x10/0x10 [ 845.275414][T15768] exit_to_user_mode_loop+0x84/0x110 [ 845.275467][T15768] do_syscall_64+0x3f6/0x490 [ 845.275505][T15768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.275539][T15768] RIP: 0033:0x7fc67ed8e929 [ 845.275564][T15768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 845.275594][T15768] RSP: 002b:00007fc67fc4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 845.275625][T15768] RAX: fffffffffffffffc RBX: 00007fc67efb6080 RCX: 00007fc67ed8e929 [ 845.275646][T15768] RDX: 0000000000000004 RSI: 0000000000400000 RDI: 0000000000001000 [ 845.275664][T15768] RBP: 00007fc67fc4f090 R08: 0000000000000000 R09: 0000000000000000 [ 845.275684][T15768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 845.275702][T15768] R13: 0000000000000000 R14: 00007fc67efb6080 R15: 00007ffd127aada8 [ 845.275738][T15768] [ 845.533305][ C1] vkms_vblank_simulate: vblank timer overrun [ 846.209412][T15790] FAULT_INJECTION: forcing a failure. [ 846.209412][T15790] name failslab, interval 1, probability 0, space 0, times 0 [ 846.225016][T15790] CPU: 0 UID: 0 PID: 15790 Comm: syz.2.2203 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 846.225071][T15790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 846.225094][T15790] Call Trace: [ 846.225106][T15790] [ 846.225120][T15790] dump_stack_lvl+0x16c/0x1f0 [ 846.225190][T15790] should_fail_ex+0x512/0x640 [ 846.225248][T15790] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 846.225303][T15790] should_failslab+0xc2/0x120 [ 846.225352][T15790] __kmalloc_cache_noprof+0x6a/0x3e0 [ 846.225406][T15790] ? v4l2_fh_open+0x4c/0xc0 [ 846.225491][T15790] v4l2_fh_open+0x4c/0xc0 [ 846.225555][T15790] v4l2_open+0x225/0x490 [ 846.225611][T15790] ? __pfx_v4l2_open+0x10/0x10 [ 846.225660][T15790] chrdev_open+0x234/0x6a0 [ 846.225715][T15790] ? __pfx_apparmor_file_open+0x10/0x10 [ 846.225768][T15790] ? __pfx_chrdev_open+0x10/0x10 [ 846.225831][T15790] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 846.225888][T15790] do_dentry_open+0x741/0x1c10 [ 846.225946][T15790] ? __pfx_chrdev_open+0x10/0x10 [ 846.226013][T15790] vfs_open+0x82/0x3f0 [ 846.226058][T15790] path_openat+0x1de4/0x2cb0 [ 846.226127][T15790] ? __pfx_path_openat+0x10/0x10 [ 846.226183][T15790] ? __lock_acquire+0xb8a/0x1c90 [ 846.226238][T15790] do_filp_open+0x20b/0x470 [ 846.226292][T15790] ? __pfx_do_filp_open+0x10/0x10 [ 846.226391][T15790] ? alloc_fd+0x471/0x7d0 [ 846.226462][T15790] do_sys_openat2+0x11b/0x1d0 [ 846.226504][T15790] ? __pfx_do_sys_openat2+0x10/0x10 [ 846.226563][T15790] __x64_sys_openat+0x174/0x210 [ 846.226607][T15790] ? __pfx___x64_sys_openat+0x10/0x10 [ 846.226669][T15790] do_syscall_64+0xcd/0x490 [ 846.226707][T15790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 846.226746][T15790] RIP: 0033:0x7f141218e929 [ 846.226776][T15790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 846.226815][T15790] RSP: 002b:00007f1412fb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 846.226853][T15790] RAX: ffffffffffffffda RBX: 00007f14123b6080 RCX: 00007f141218e929 [ 846.226878][T15790] RDX: 0000000000000802 RSI: 0000200000000480 RDI: ffffffffffffff9c [ 846.226901][T15790] RBP: 00007f1412210b39 R08: 0000000000000000 R09: 0000000000000000 [ 846.226924][T15790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 846.226946][T15790] R13: 0000000000000000 R14: 00007f14123b6080 R15: 00007fffeda272f8 [ 846.226994][T15790] [ 848.247036][ T5155] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 848.247077][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.266303][ T5155] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 848.266337][ T5155] Bluetooth: hci2: adv larger than maximum supported [ 848.274165][ T5155] Bluetooth: hci2: Unknown advertising packet type: 0x5b [ 848.281797][ T5155] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 848.289642][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.310425][ T5155] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 848.310477][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.327042][ T5155] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 848.327084][ T5155] Bluetooth: hci2: adv larger than maximum supported [ 848.334896][ T5155] Bluetooth: hci2: Unknown advertising packet type: 0x5b [ 848.342342][ T5155] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 848.350486][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.372493][ T5155] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 848.372537][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.389083][ T5155] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 848.389114][ T5155] Bluetooth: hci2: adv larger than maximum supported [ 848.396905][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.411033][ T5155] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 848.411062][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.427383][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.434054][ T5155] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 848.434080][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.450382][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.457266][ T5155] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 848.457296][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.474586][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.482334][ T5155] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 848.482364][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.498663][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.505390][ T5155] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 848.505420][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.521828][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.528600][ T5155] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 848.528629][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.547256][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.553984][ T5155] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 848.554013][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.571669][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.578398][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.586703][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.593317][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.601755][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.608772][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.617075][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.623701][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.632022][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.638680][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.647097][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.653807][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.662156][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.669501][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.678558][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.685259][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.693697][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.700402][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.708714][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.715348][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.723671][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.730389][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.738710][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.745341][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.753724][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.760506][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.769405][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.776693][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.784962][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.791836][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.800166][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.806849][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.815112][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.821784][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.830082][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.836734][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.844987][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.851660][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.859952][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.866590][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.876013][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.882582][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.890882][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.897661][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.905957][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 848.912526][ T5155] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 848.920959][ T5155] Bluetooth: hci2: Malformed LE Event: 0x0d [ 849.238046][T15826] ptm ptm1: ldisc open failed (-12), clearing slot 1 [ 853.698771][T15919] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 853.716999][T15919] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 853.718157][T15925] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2230'. [ 853.784547][T15925] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2230'. [ 853.860204][T15919] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 853.873152][T15919] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 853.887950][T15925] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078001e00 pfn:0x78000 [ 853.912176][T15919] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 853.923231][T15919] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 853.942645][T15925] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 853.952586][T15919] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 853.956588][T15925] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 853.965338][T15919] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 853.994092][T15925] raw: ffff888078001e00 0000000000000000 00000001ffffffff 0000000000000000 [ 854.005787][T15925] page dumped because: unmovable page [ 854.013919][T15925] page_owner tracks the page as allocated [ 854.025438][T15925] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 13481, tgid 13480 (syz.2.1717), ts 670223621046, free_ts 653171333214 [ 854.101121][T15925] post_alloc_hook+0x1c0/0x230 [ 854.180988][T15925] get_page_from_freelist+0x1321/0x3890 [ 854.262532][T15925] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 854.283143][T15925] alloc_pages_mpol+0x1fb/0x550 [ 854.291696][T15925] alloc_pages_noprof+0x131/0x390 [ 854.314281][T15925] __vmalloc_node_range_noprof+0x72f/0x14b0 [ 854.321573][T15925] __vmalloc_node_noprof+0xad/0xf0 [ 854.329780][T15925] pcpu_mem_zalloc+0x54/0xb0 [ 854.341682][T15925] pcpu_create_chunk+0x432/0x730 [ 854.350992][T15925] pcpu_alloc_noprof+0x11e3/0x1470 [ 854.359628][T15925] bpf_map_alloc_percpu+0x9a/0x4b0 [ 854.365459][T15925] htab_map_alloc+0x10ca/0x1570 [ 854.375935][T15925] map_create+0x592/0x1db0 [ 854.381049][T15925] __sys_bpf+0x47cc/0x4d80 [ 854.388698][T15925] __x64_sys_bpf+0x78/0xc0 [ 854.393750][T15925] do_syscall_64+0xcd/0x490 [ 854.403509][T15925] page last free pid 13258 tgid 13256 stack trace: [ 854.413711][T15925] __free_frozen_pages+0x7fe/0x1180 [ 854.421354][T15925] vfree+0x1fd/0xb50 [ 854.428059][T15925] snd_dma_free_pages+0x51/0x70 [ 854.433663][T15925] snd_pcm_lib_free_pages+0x172/0x390 [ 854.440284][T15925] snd_pcm_release_substream.part.0+0x2a8/0x340 [ 854.449895][T15925] snd_pcm_release_substream+0x5b/0x70 [ 854.456524][T15925] snd_pcm_oss_release+0x135/0x310 [ 854.462451][T15925] __fput+0x402/0xb70 [ 854.471519][T15925] task_work_run+0x150/0x240 [ 854.477445][T15925] exit_to_user_mode_loop+0xeb/0x110 [ 854.483563][T15925] do_syscall_64+0x3f6/0x490 [ 854.491673][T15925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.461620][T15941] Process accounting paused [ 855.730648][ T5155] Bluetooth: hci0: command 0x0406 tx timeout [ 855.876515][ T5155] Bluetooth: hci1: command 0x0406 tx timeout [ 855.913991][T15959] FAULT_INJECTION: forcing a failure. [ 855.913991][T15959] name failslab, interval 1, probability 0, space 0, times 0 [ 855.930616][T15959] CPU: 0 UID: 0 PID: 15959 Comm: syz.2.2237 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 855.930664][T15959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 855.930684][T15959] Call Trace: [ 855.930695][T15959] [ 855.930708][T15959] dump_stack_lvl+0x16c/0x1f0 [ 855.930774][T15959] should_fail_ex+0x512/0x640 [ 855.930833][T15959] should_failslab+0xc2/0x120 [ 855.930868][T15959] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 855.930921][T15959] ? skb_clone+0x190/0x3f0 [ 855.930962][T15959] skb_clone+0x190/0x3f0 [ 855.930993][T15959] netlink_deliver_tap+0xabd/0xd30 [ 855.931051][T15959] netlink_dump+0x618/0xce0 [ 855.931092][T15959] ? __pfx_netlink_dump+0x10/0x10 [ 855.931142][T15959] ? __asan_memset+0x23/0x50 [ 855.931188][T15959] ? genl_start+0x67f/0x980 [ 855.931237][T15959] __netlink_dump_start+0x6d6/0x990 [ 855.931280][T15959] genl_family_rcv_msg_dumpit+0x1e2/0x2e0 [ 855.931330][T15959] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 855.931375][T15959] ? genl_op_from_small+0x25/0x440 [ 855.931425][T15959] ? __pfx_genl_get_cmd+0x10/0x10 [ 855.931462][T15959] ? __pfx_genl_start+0x10/0x10 [ 855.931498][T15959] ? __pfx_genl_dumpit+0x10/0x10 [ 855.931535][T15959] ? __pfx_genl_done+0x10/0x10 [ 855.931579][T15959] ? __radix_tree_lookup+0x21f/0x2c0 [ 855.931634][T15959] genl_rcv_msg+0x46e/0x800 [ 855.931683][T15959] ? __pfx_genl_rcv_msg+0x10/0x10 [ 855.931728][T15959] ? __pfx_ovs_dp_cmd_dump+0x10/0x10 [ 855.931795][T15959] netlink_rcv_skb+0x155/0x420 [ 855.931834][T15959] ? __pfx_genl_rcv_msg+0x10/0x10 [ 855.931878][T15959] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 855.931929][T15959] ? netlink_deliver_tap+0x1ae/0xd30 [ 855.931966][T15959] genl_rcv+0x28/0x40 [ 855.932001][T15959] netlink_unicast+0x53d/0x7f0 [ 855.932048][T15959] ? __pfx_netlink_unicast+0x10/0x10 [ 855.932094][T15959] netlink_sendmsg+0x8d1/0xdd0 [ 855.932136][T15959] ? __pfx_netlink_sendmsg+0x10/0x10 [ 855.932187][T15959] ____sys_sendmsg+0xa98/0xc70 [ 855.932227][T15959] ? copy_msghdr_from_user+0x10a/0x160 [ 855.932282][T15959] ? __pfx_____sys_sendmsg+0x10/0x10 [ 855.932340][T15959] ___sys_sendmsg+0x134/0x1d0 [ 855.932395][T15959] ? __pfx____sys_sendmsg+0x10/0x10 [ 855.932446][T15959] ? __lock_acquire+0x622/0x1c90 [ 855.932539][T15959] __sys_sendmsg+0x16d/0x220 [ 855.932589][T15959] ? __pfx___sys_sendmsg+0x10/0x10 [ 855.932666][T15959] do_syscall_64+0xcd/0x490 [ 855.932700][T15959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.932736][T15959] RIP: 0033:0x7f141218e929 [ 855.932764][T15959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 855.932794][T15959] RSP: 002b:00007f1412fb5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 855.932826][T15959] RAX: ffffffffffffffda RBX: 00007f14123b6080 RCX: 00007f141218e929 [ 855.932849][T15959] RDX: 0000000020000008 RSI: 0000200000000200 RDI: 0000000000000007 [ 855.932870][T15959] RBP: 00007f1412fb5090 R08: 0000000000000000 R09: 0000000000000000 [ 855.932890][T15959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 855.932909][T15959] R13: 0000000000000000 R14: 00007f14123b6080 R15: 00007fffeda272f8 [ 855.932950][T15959] [ 856.279670][ C0] vkms_vblank_simulate: vblank timer overrun [ 856.345172][T15963] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2239'. [ 856.385896][ T5155] Bluetooth: hci3: command 0x0406 tx timeout [ 856.395816][ T5155] Bluetooth: hci2: command 0x0406 tx timeout [ 857.805774][T15965] Bluetooth: hci0: command 0x0406 tx timeout [ 857.975751][T15965] Bluetooth: hci1: command 0x0406 tx timeout [ 858.435732][ T5837] Bluetooth: hci3: command 0x0406 tx timeout [ 858.442488][T15965] Bluetooth: hci2: command 0x0406 tx timeout [ 859.803212][T16028] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2253'. [ 861.044696][ T30] audit: type=1804 audit(4294969543.969:25): pid=16034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2254" name="/newroot/sys/kernel/tracing/per_cpu/cpu1/trace" dev="tracefs" ino=1131 res=1 errno=0 [ 863.952159][T16072] FAULT_INJECTION: forcing a failure. [ 863.952159][T16072] name failslab, interval 1, probability 0, space 0, times 0 [ 863.996592][T16072] CPU: 1 UID: 0 PID: 16072 Comm: syz.0.2261 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 863.996649][T16072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 863.996672][T16072] Call Trace: [ 863.996686][T16072] [ 863.996700][T16072] dump_stack_lvl+0x16c/0x1f0 [ 863.996771][T16072] should_fail_ex+0x512/0x640 [ 863.996836][T16072] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 863.996901][T16072] should_failslab+0xc2/0x120 [ 863.996935][T16072] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 863.996986][T16072] ? alloc_empty_file+0x55/0x1e0 [ 863.997040][T16072] alloc_empty_file+0x55/0x1e0 [ 863.997080][T16072] path_openat+0xda/0x2cb0 [ 863.997126][T16072] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 863.997179][T16072] ? __pfx_path_openat+0x10/0x10 [ 863.997235][T16072] ? __lock_acquire+0xb8a/0x1c90 [ 863.997288][T16072] do_filp_open+0x20b/0x470 [ 863.997342][T16072] ? __pfx_do_filp_open+0x10/0x10 [ 863.997425][T16072] ? alloc_fd+0x471/0x7d0 [ 863.997485][T16072] do_sys_openat2+0x11b/0x1d0 [ 863.997526][T16072] ? __pfx_do_sys_openat2+0x10/0x10 [ 863.997568][T16072] ? __pfx___might_resched+0x10/0x10 [ 863.997615][T16072] __x64_sys_openat+0x174/0x210 [ 863.997656][T16072] ? __pfx___x64_sys_openat+0x10/0x10 [ 863.997714][T16072] do_syscall_64+0xcd/0x490 [ 863.997753][T16072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 863.997789][T16072] RIP: 0033:0x7f2e8318e929 [ 863.997820][T16072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 863.997857][T16072] RSP: 002b:00007f2e84070038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 863.997894][T16072] RAX: ffffffffffffffda RBX: 00007f2e833b6160 RCX: 00007f2e8318e929 [ 863.997919][T16072] RDX: 0000000000080880 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 863.997945][T16072] RBP: 00007f2e83210b39 R08: 0000000000000000 R09: 0000000000000000 [ 863.997967][T16072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 863.997990][T16072] R13: 0000000000000000 R14: 00007f2e833b6160 R15: 00007fffefceca78 [ 863.998043][T16072] [ 864.873860][T16079] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 865.236644][T16091] syz.2.2267 (16091) used obsolete PPPIOCDETACH ioctl [ 866.551368][T16108] FAULT_INJECTION: forcing a failure. [ 866.551368][T16108] name failslab, interval 1, probability 0, space 0, times 0 [ 866.595638][T16108] CPU: 1 UID: 0 PID: 16108 Comm: syz.0.2271 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 866.595698][T16108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 866.595720][T16108] Call Trace: [ 866.595732][T16108] [ 866.595744][T16108] dump_stack_lvl+0x16c/0x1f0 [ 866.595808][T16108] should_fail_ex+0x512/0x640 [ 866.595860][T16108] ? __kmalloc_noprof+0xbf/0x510 [ 866.595912][T16108] ? alloc_pipe_info+0x1ec/0x590 [ 866.595962][T16108] should_failslab+0xc2/0x120 [ 866.595996][T16108] __kmalloc_noprof+0xd2/0x510 [ 866.596050][T16108] alloc_pipe_info+0x1ec/0x590 [ 866.596102][T16108] splice_direct_to_actor+0x77d/0xa30 [ 866.596151][T16108] ? __pfx_direct_splice_actor+0x10/0x10 [ 866.596201][T16108] ? __pfx_aa_file_perm+0x10/0x10 [ 866.596249][T16108] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 866.596290][T16108] ? get_pid_task+0xfc/0x250 [ 866.596349][T16108] do_splice_direct+0x174/0x240 [ 866.596390][T16108] ? __pfx_do_splice_direct+0x10/0x10 [ 866.596431][T16108] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 866.596476][T16108] ? rw_verify_area+0xcf/0x680 [ 866.596519][T16108] do_sendfile+0xb06/0xe50 [ 866.596567][T16108] ? __pfx_do_sendfile+0x10/0x10 [ 866.596610][T16108] ? __fget_files+0x20e/0x3c0 [ 866.596662][T16108] __x64_sys_sendfile64+0x1d8/0x220 [ 866.596706][T16108] ? ksys_write+0x1ac/0x250 [ 866.596753][T16108] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 866.596800][T16108] do_syscall_64+0xcd/0x490 [ 866.596835][T16108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 866.596870][T16108] RIP: 0033:0x7f2e8318e929 [ 866.596899][T16108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 866.596933][T16108] RSP: 002b:00007f2e840b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 866.596966][T16108] RAX: ffffffffffffffda RBX: 00007f2e833b5fa0 RCX: 00007f2e8318e929 [ 866.596989][T16108] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 866.597009][T16108] RBP: 00007f2e840b2090 R08: 0000000000000000 R09: 0000000000000000 [ 866.597030][T16108] R10: 000000007fffe000 R11: 0000000000000246 R12: 0000000000000001 [ 866.597050][T16108] R13: 0000000000000000 R14: 00007f2e833b5fa0 R15: 00007fffefceca78 [ 866.597096][T16108] [ 867.579528][T16124] aoe: could not set interface list: too many interfaces [ 871.944182][T16184] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 871.951934][T16184] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 872.126871][T16184] [U] [ 872.130546][T16184] [U] [ 872.133602][T16184] [U] [ 872.136635][T16184] [U] [ 872.196450][T16184] [U] [ 872.199535][T16184] [U] [ 872.202584][T16184] [U] [ 872.205619][T16184] [U] [ 872.213665][T16184] [U] [ 872.216767][T16184] [U] [ 872.219787][T16184] [U] [ 872.222795][T16184] [U] [ 872.314928][T16184] [U] [ 872.318148][T16184] [U] [ 872.321186][T16184] [U] [ 872.324218][T16184] [U] [ 872.350043][T16184] [U] [ 872.353131][T16184] [U] [ 872.356165][T16184] [U] [ 872.359206][T16184] [U] [ 872.406078][T16184] [U] [ 872.409180][T16184] [U] [ 872.412183][T16184] [U] [ 872.415182][T16184] [U] [ 872.439247][T16184] [U] [ 872.442336][T16184] [U] [ 872.445340][T16184] [U] [ 872.448343][T16184] [U] [ 872.495636][T16184] [U] [ 872.498764][T16184] [U] [ 872.501812][T16184] [U] [ 872.504833][T16184] [U] [ 872.556784][T16184] [U] [ 872.559908][T16184] [U] [ 872.562944][T16184] [U] [ 872.565999][T16184] [U] [ 872.576298][T16184] [U] [ 872.579371][T16184] [U] [ 872.582378][T16184] [U] [ 872.585387][T16184] [U] [ 872.637085][T16184] [U] [ 872.640190][T16184] [U] [ 872.643199][T16184] [U] [ 872.646207][T16184] [U] [ 872.697341][T16184] [U] [ 872.700488][T16184] [U] [ 872.703540][T16184] [U] [ 872.706578][T16184] [U] [ 872.748117][T16184] [U] [ 872.751225][T16184] [U] [ 872.754269][T16184] [U] [ 872.757306][T16184] [U] [ 872.773489][T16184] [U] [ 872.776609][T16184] [U] [ 872.779645][T16184] [U] [ 872.782686][T16184] [U] [ 872.796871][T16184] [U] [ 872.800059][T16184] [U] [ 872.803097][T16184] [U] [ 872.806123][T16184] [U] [ 872.825832][T16184] [U] [ 872.828953][T16184] [U] [ 872.832015][T16184] [U] [ 872.835072][T16184] [U] [ 872.934626][T16184] [U] [ 872.937761][T16184] [U] [ 872.940795][T16184] [U] [ 872.943827][T16184] [U] [ 872.973390][T16184] [U] [ 872.976503][T16184] [U] [ 872.979544][T16184] [U] [ 872.982580][T16184] [U] [ 873.000080][T16184] [U] [ 875.612571][ T30] audit: type=1804 audit(4294969558.529:26): pid=16252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2305" name="/newroot/578/file0" dev="tmpfs" ino=2968 res=1 errno=0 [ 875.636143][ C1] vkms_vblank_simulate: vblank timer overrun [ 875.705629][ T30] audit: type=1800 audit(4294969558.539:27): pid=16252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2305" name="file0" dev="tmpfs" ino=2968 res=0 errno=0 [ 875.785681][ T30] audit: type=1800 audit(4294969558.579:28): pid=16252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2305" name="file0" dev="tmpfs" ino=2968 res=0 errno=0 [ 877.061548][T16286] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32 [ 877.141290][T16288] FAULT_INJECTION: forcing a failure. [ 877.141290][T16288] name failslab, interval 1, probability 0, space 0, times 0 [ 877.337457][T16288] CPU: 0 UID: 0 PID: 16288 Comm: syz.0.2312 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 877.337511][T16288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 877.337533][T16288] Call Trace: [ 877.337546][T16288] [ 877.337560][T16288] dump_stack_lvl+0x16c/0x1f0 [ 877.337625][T16288] should_fail_ex+0x512/0x640 [ 877.337677][T16288] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 877.337731][T16288] should_failslab+0xc2/0x120 [ 877.337764][T16288] __kmalloc_cache_noprof+0x6a/0x3e0 [ 877.337811][T16288] ? alloc_tty_struct+0x96/0x8c0 [ 877.337854][T16288] alloc_tty_struct+0x96/0x8c0 [ 877.337891][T16288] ? __pfx_alloc_tty_struct+0x10/0x10 [ 877.337940][T16288] tty_init_dev.part.0+0x1e/0x500 [ 877.337977][T16288] tty_open+0xa50/0xf90 [ 877.338019][T16288] ? __pfx_tty_open+0x10/0x10 [ 877.338052][T16288] ? chrdev_open+0x10b/0x6a0 [ 877.338112][T16288] ? __pfx_tty_open+0x10/0x10 [ 877.338144][T16288] chrdev_open+0x234/0x6a0 [ 877.338196][T16288] ? __pfx_apparmor_file_open+0x10/0x10 [ 877.338242][T16288] ? __pfx_chrdev_open+0x10/0x10 [ 877.338317][T16288] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 877.338373][T16288] do_dentry_open+0x741/0x1c10 [ 877.338425][T16288] ? __pfx_chrdev_open+0x10/0x10 [ 877.338487][T16288] vfs_open+0x82/0x3f0 [ 877.338529][T16288] path_openat+0x1de4/0x2cb0 [ 877.338596][T16288] ? __pfx_path_openat+0x10/0x10 [ 877.338648][T16288] ? __lock_acquire+0xb8a/0x1c90 [ 877.338700][T16288] do_filp_open+0x20b/0x470 [ 877.338751][T16288] ? __pfx_do_filp_open+0x10/0x10 [ 877.338834][T16288] ? alloc_fd+0x471/0x7d0 [ 877.338893][T16288] do_sys_openat2+0x11b/0x1d0 [ 877.338931][T16288] ? __pfx_do_sys_openat2+0x10/0x10 [ 877.338974][T16288] ? __fget_files+0x20e/0x3c0 [ 877.339029][T16288] __x64_sys_openat+0x174/0x210 [ 877.339068][T16288] ? __pfx___x64_sys_openat+0x10/0x10 [ 877.339106][T16288] ? ksys_write+0x1ac/0x250 [ 877.339170][T16288] do_syscall_64+0xcd/0x490 [ 877.339205][T16288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 877.339241][T16288] RIP: 0033:0x7f2e8318e929 [ 877.339269][T16288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 877.339311][T16288] RSP: 002b:00007f2e84091038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 877.339344][T16288] RAX: ffffffffffffffda RBX: 00007f2e833b6080 RCX: 00007f2e8318e929 [ 877.339368][T16288] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 877.339389][T16288] RBP: 00007f2e84091090 R08: 0000000000000000 R09: 0000000000000000 [ 877.339409][T16288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 877.339428][T16288] R13: 0000000000000000 R14: 00007f2e833b6080 R15: 00007fffefceca78 [ 877.339473][T16288] [ 878.949346][T16311] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2319'. [ 881.452888][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 881.465606][ T5837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 881.474522][ T5837] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 881.483506][ T5837] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 881.494466][ T5837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 882.074204][T16358] FAULT_INJECTION: forcing a failure. [ 882.074204][T16358] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 882.150346][T16358] CPU: 1 UID: 0 PID: 16358 Comm: syz.3.2330 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 882.150399][T16358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 882.150421][T16358] Call Trace: [ 882.150432][T16358] [ 882.150446][T16358] dump_stack_lvl+0x16c/0x1f0 [ 882.150511][T16358] should_fail_ex+0x512/0x640 [ 882.150569][T16358] _copy_to_user+0x32/0xd0 [ 882.150627][T16358] simple_read_from_buffer+0xcb/0x170 [ 882.150673][T16358] proc_fail_nth_read+0x197/0x270 [ 882.150719][T16358] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 882.150761][T16358] ? rw_verify_area+0xcf/0x680 [ 882.150803][T16358] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 882.150843][T16358] vfs_read+0x1e1/0xc60 [ 882.150896][T16358] ? __pfx___mutex_lock+0x10/0x10 [ 882.150929][T16358] ? __pfx_vfs_read+0x10/0x10 [ 882.150988][T16358] ? __fget_files+0x20e/0x3c0 [ 882.151046][T16358] ksys_read+0x12a/0x250 [ 882.151089][T16358] ? __pfx_ksys_read+0x10/0x10 [ 882.151140][T16358] ? fput+0x70/0xf0 [ 882.151177][T16358] do_syscall_64+0xcd/0x490 [ 882.151209][T16358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 882.151245][T16358] RIP: 0033:0x7fc67ed8d33c [ 882.151274][T16358] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 882.151308][T16358] RSP: 002b:00007fc67fc70030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 882.151341][T16358] RAX: ffffffffffffffda RBX: 00007fc67efb5fa0 RCX: 00007fc67ed8d33c [ 882.151363][T16358] RDX: 000000000000000f RSI: 00007fc67fc700a0 RDI: 0000000000000007 [ 882.151383][T16358] RBP: 00007fc67fc70090 R08: 0000000000000000 R09: 0000000000000000 [ 882.151404][T16358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 882.151423][T16358] R13: 0000000000000000 R14: 00007fc67efb5fa0 R15: 00007ffd127aada8 [ 882.151463][T16358] [ 882.370985][T15286] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 882.747376][T15286] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 882.791478][T16347] chnl_net:caif_netlink_parms(): no params data found [ 882.845887][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 882.853225][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 883.049152][T15286] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 883.348822][T15286] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 883.558457][ T5837] Bluetooth: hci4: command tx timeout [ 883.788370][T16347] bridge0: port 1(bridge_slave_0) entered blocking state [ 883.798219][T16347] bridge0: port 1(bridge_slave_0) entered disabled state [ 883.812611][T16347] bridge_slave_0: entered allmulticast mode [ 883.821328][T16347] bridge_slave_0: entered promiscuous mode [ 883.837330][T16347] bridge0: port 2(bridge_slave_1) entered blocking state [ 883.861809][T16347] bridge0: port 2(bridge_slave_1) entered disabled state [ 883.876252][T16347] bridge_slave_1: entered allmulticast mode [ 883.892256][T16347] bridge_slave_1: entered promiscuous mode [ 884.031427][T16390] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2337'. [ 884.137066][T16390] Invalid ELF header magic: != ELF [ 884.182165][T16347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 884.244317][T16347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 884.426065][T16347] team0: Port device team_slave_0 added [ 884.447496][T16347] team0: Port device team_slave_1 added [ 884.566321][T16347] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 884.585956][T16347] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 884.628321][T16347] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 884.640574][T16399] size and base must be multiples of 4 kiB [ 884.647720][T16399] CPU: 1 UID: 0 PID: 16399 Comm: syz.0.2339 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 884.647769][T16399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 884.647791][T16399] Call Trace: [ 884.647803][T16399] [ 884.647815][T16399] dump_stack_lvl+0x16c/0x1f0 [ 884.647877][T16399] mtrr_add+0xdf/0x110 [ 884.647917][T16399] mtrr_ioctl+0x7ef/0xcf0 [ 884.647957][T16399] ? __pfx_mtrr_ioctl+0x10/0x10 [ 884.648001][T16399] ? find_held_lock+0x2b/0x80 [ 884.648041][T16399] ? __fget_files+0x20e/0x3c0 [ 884.648093][T16399] ? __pfx_mtrr_ioctl+0x10/0x10 [ 884.648138][T16399] proc_reg_unlocked_ioctl+0x229/0x320 [ 884.648193][T16399] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 884.648248][T16399] __x64_sys_ioctl+0x18e/0x210 [ 884.648299][T16399] do_syscall_64+0xcd/0x490 [ 884.648334][T16399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.648368][T16399] RIP: 0033:0x7f2e8318e929 [ 884.648395][T16399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 884.648429][T16399] RSP: 002b:00007f2e84070038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 884.648461][T16399] RAX: ffffffffffffffda RBX: 00007f2e833b6160 RCX: 00007f2e8318e929 [ 884.648483][T16399] RDX: 0000000000000003 RSI: 00000000400c4d01 RDI: 0000000000000003 [ 884.648503][T16399] RBP: 00007f2e83210b39 R08: 0000000000000000 R09: 0000000000000000 [ 884.648522][T16399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 884.648541][T16399] R13: 0000000000000000 R14: 00007f2e833b6160 R15: 00007fffefceca78 [ 884.648579][T16399] [ 884.944102][T15286] macvlan0: left allmulticast mode [ 884.961695][T15286] veth1_vlan: left allmulticast mode [ 884.972545][T15286] macvlan0: left promiscuous mode [ 884.985532][T15286] bridge0: port 3(macvlan0) entered disabled state [ 885.058184][T15286] bridge_slave_1: left allmulticast mode [ 885.079836][T15286] bridge_slave_1: left promiscuous mode [ 885.093899][T15286] bridge0: port 2(bridge_slave_1) entered disabled state [ 885.102980][T16390] could not allocate digest TFM handle [ 885.121896][T15286] bridge_slave_0: left allmulticast mode [ 885.141573][T15286] bridge_slave_0: left promiscuous mode [ 885.157556][T15286] bridge0: port 1(bridge_slave_0) entered disabled state [ 885.179156][T16393] could not allocate digest TFM handle [ 885.389376][T16410] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2341'. [ 885.650182][ T5837] Bluetooth: hci4: command tx timeout [ 885.906541][T15286] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 885.920227][T15286] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 885.934128][T15286] bond0 (unregistering): Released all slaves [ 885.953168][T16347] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 885.962028][T16347] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 885.990599][ C0] vkms_vblank_simulate: vblank timer overrun [ 886.000862][T16347] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 886.065278][T16410] netlink: 262 bytes leftover after parsing attributes in process `syz.1.2341'. [ 886.122163][T15286] HfR: left promiscuous mode [ 886.302908][T15286] tipc: Left network mode [ 886.490400][T16347] hsr_slave_0: entered promiscuous mode [ 886.509153][T16347] hsr_slave_1: entered promiscuous mode [ 886.526911][T16347] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 886.546964][T16347] Cannot create hsr debugfs directory [ 887.569180][T15286] hsr_slave_0: left promiscuous mode [ 887.589409][T15286] hsr_slave_1: left promiscuous mode [ 887.606767][T15286] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 887.620210][T15286] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 887.647305][T15286] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 887.656188][T15286] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 887.703270][T15286] veth1_macvtap: left promiscuous mode [ 887.703472][T15286] veth0_macvtap: left promiscuous mode [ 887.703716][T15286] veth1_vlan: left promiscuous mode [ 887.703952][T15286] veth0_vlan: left promiscuous mode [ 887.728013][ T5837] Bluetooth: hci4: command tx timeout [ 888.826345][T15286] team0 (unregistering): Port device team_slave_1 removed [ 889.795742][ T5837] Bluetooth: hci4: command tx timeout [ 891.284574][T16347] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 891.327791][T16480] FAULT_INJECTION: forcing a failure. [ 891.327791][T16480] name failslab, interval 1, probability 0, space 0, times 0 [ 891.366162][T16480] CPU: 1 UID: 0 PID: 16480 Comm: syz.0.2349 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 891.366214][T16480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 891.366235][T16480] Call Trace: [ 891.366248][T16480] [ 891.366262][T16480] dump_stack_lvl+0x16c/0x1f0 [ 891.366329][T16480] should_fail_ex+0x512/0x640 [ 891.366381][T16480] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 891.366437][T16480] should_failslab+0xc2/0x120 [ 891.366470][T16480] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 891.366522][T16480] ? vm_area_alloc+0x1f/0x160 [ 891.366572][T16480] vm_area_alloc+0x1f/0x160 [ 891.366616][T16480] create_init_stack_vma+0x29/0x700 [ 891.366678][T16480] alloc_bprm+0x420/0x6f0 [ 891.366727][T16480] do_execveat_common.isra.0+0x1ce/0x610 [ 891.366784][T16480] __x64_sys_execve+0x8e/0xb0 [ 891.366890][T16480] do_syscall_64+0xcd/0x490 [ 891.366939][T16480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.366975][T16480] RIP: 0033:0x7f2e8318e929 [ 891.367004][T16480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 891.367037][T16480] RSP: 002b:00007f2e84070038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 891.367071][T16480] RAX: ffffffffffffffda RBX: 00007f2e833b6160 RCX: 00007f2e8318e929 [ 891.367093][T16480] RDX: 0000200000000000 RSI: 0000200000000100 RDI: 0000200000000180 [ 891.367115][T16480] RBP: 00007f2e84070090 R08: 0000000000000000 R09: 0000000000000000 [ 891.367135][T16480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 891.367156][T16480] R13: 0000000000000000 R14: 00007f2e833b6160 R15: 00007fffefceca78 [ 891.367199][T16480] [ 891.427100][T16347] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 891.648836][T16347] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 891.752805][T16347] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 892.351775][T16347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 892.470124][T16347] 8021q: adding VLAN 0 to HW filter on device team0 [ 892.605752][T15277] bridge0: port 1(bridge_slave_0) entered blocking state [ 892.613785][T15277] bridge0: port 1(bridge_slave_0) entered forwarding state [ 892.759537][T15277] bridge0: port 2(bridge_slave_1) entered blocking state [ 892.767599][T15277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 893.881259][T16347] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 894.832089][T16347] veth0_vlan: entered promiscuous mode [ 894.853340][T16347] veth1_vlan: entered promiscuous mode [ 895.699246][T16347] veth0_macvtap: entered promiscuous mode [ 895.848686][T16347] veth1_macvtap: entered promiscuous mode [ 895.943533][T16347] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 895.970008][T16347] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 896.001239][T16347] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.041468][T16347] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.061707][T16347] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.086008][T16347] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.154765][T16580] netlink: 'syz.3.2364': attribute type 1 has an invalid length. [ 896.627016][T15276] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 896.676078][T15276] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 897.567682][ T7708] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 897.591975][ T7708] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 898.049891][T16600] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2325'. [ 898.061011][T16600] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2325'. [ 898.109334][T16600] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2325'. [ 898.241199][T16600] netlink: 102 bytes leftover after parsing attributes in process `syz.2.2325'. [ 898.628820][T16616] FAULT_INJECTION: forcing a failure. [ 898.628820][T16616] name failslab, interval 1, probability 0, space 0, times 0 [ 898.645304][T16616] CPU: 1 UID: 0 PID: 16616 Comm: syz.2.2373 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 898.645352][T16616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 898.645373][T16616] Call Trace: [ 898.645385][T16616] [ 898.645398][T16616] dump_stack_lvl+0x16c/0x1f0 [ 898.645497][T16616] should_fail_ex+0x512/0x640 [ 898.645547][T16616] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 898.645606][T16616] should_failslab+0xc2/0x120 [ 898.645639][T16616] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 898.645692][T16616] ? __alloc_skb+0x2b2/0x380 [ 898.645752][T16616] __alloc_skb+0x2b2/0x380 [ 898.645801][T16616] ? __pfx___alloc_skb+0x10/0x10 [ 898.645858][T16616] ? __lock_acquire+0xb8a/0x1c90 [ 898.645917][T16616] netlink_alloc_large_skb+0x69/0x130 [ 898.645959][T16616] netlink_sendmsg+0x6a1/0xdd0 [ 898.645999][T16616] ? __pfx_netlink_sendmsg+0x10/0x10 [ 898.646045][T16616] ____sys_sendmsg+0xa98/0xc70 [ 898.646086][T16616] ? copy_msghdr_from_user+0x10a/0x160 [ 898.646139][T16616] ? __pfx_____sys_sendmsg+0x10/0x10 [ 898.646201][T16616] ___sys_sendmsg+0x134/0x1d0 [ 898.646255][T16616] ? __pfx____sys_sendmsg+0x10/0x10 [ 898.646306][T16616] ? __lock_acquire+0x622/0x1c90 [ 898.646403][T16616] __sys_sendmsg+0x16d/0x220 [ 898.646458][T16616] ? __pfx___sys_sendmsg+0x10/0x10 [ 898.646540][T16616] do_syscall_64+0xcd/0x490 [ 898.646576][T16616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.646612][T16616] RIP: 0033:0x7f54c018e929 [ 898.646639][T16616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 898.646670][T16616] RSP: 002b:00007f54c0f9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 898.646702][T16616] RAX: ffffffffffffffda RBX: 00007f54c03b5fa0 RCX: 00007f54c018e929 [ 898.646724][T16616] RDX: 0000000000000000 RSI: 0000200000002f40 RDI: 0000000000000003 [ 898.646744][T16616] RBP: 00007f54c0f9e090 R08: 0000000000000000 R09: 0000000000000000 [ 898.646764][T16616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 898.646783][T16616] R13: 0000000000000000 R14: 00007f54c03b5fa0 R15: 00007fff3a6b43d8 [ 898.646826][T16616] [ 900.988086][T16648] FAULT_INJECTION: forcing a failure. [ 900.988086][T16648] name failslab, interval 1, probability 0, space 0, times 0 [ 901.012953][T16648] CPU: 1 UID: 0 PID: 16648 Comm: syz.2.2379 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 901.013000][T16648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 901.013020][T16648] Call Trace: [ 901.013031][T16648] [ 901.013043][T16648] dump_stack_lvl+0x16c/0x1f0 [ 901.013106][T16648] should_fail_ex+0x512/0x640 [ 901.013155][T16648] ? fs_reclaim_acquire+0xae/0x150 [ 901.013199][T16648] ? tomoyo_encode2+0x100/0x3e0 [ 901.013242][T16648] should_failslab+0xc2/0x120 [ 901.013274][T16648] __kmalloc_noprof+0xd2/0x510 [ 901.013322][T16648] ? d_absolute_path+0x136/0x1a0 [ 901.013364][T16648] tomoyo_encode2+0x100/0x3e0 [ 901.013414][T16648] tomoyo_encode+0x29/0x50 [ 901.013457][T16648] tomoyo_realpath_from_path+0x18f/0x6e0 [ 901.013517][T16648] tomoyo_path_number_perm+0x245/0x580 [ 901.013557][T16648] ? tomoyo_path_number_perm+0x237/0x580 [ 901.013613][T16648] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 901.013657][T16648] ? find_held_lock+0x2b/0x80 [ 901.013734][T16648] ? find_held_lock+0x2b/0x80 [ 901.013766][T16648] ? hook_file_ioctl_common+0x145/0x410 [ 901.013815][T16648] ? __fget_files+0x20e/0x3c0 [ 901.013870][T16648] security_file_ioctl+0x9b/0x240 [ 901.013914][T16648] __x64_sys_ioctl+0xb7/0x210 [ 901.013958][T16648] do_syscall_64+0xcd/0x490 [ 901.013993][T16648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 901.014028][T16648] RIP: 0033:0x7f54c018e929 [ 901.014056][T16648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 901.014089][T16648] RSP: 002b:00007f54c0f9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 901.014120][T16648] RAX: ffffffffffffffda RBX: 00007f54c03b5fa0 RCX: 00007f54c018e929 [ 901.014141][T16648] RDX: 0000000000000003 RSI: 0000000000002272 RDI: 0000000000000003 [ 901.014161][T16648] RBP: 00007f54c0f9e090 R08: 0000000000000000 R09: 0000000000000000 [ 901.014181][T16648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 901.014200][T16648] R13: 0000000000000000 R14: 00007f54c03b5fa0 R15: 00007fff3a6b43d8 [ 901.014244][T16648] [ 901.014273][T16648] ERROR: Out of memory at tomoyo_realpath_from_path. [ 901.547723][T16651] ptrace attach of "./syz-executor exec"[16654] was attempted by "./syz-executor exec"[16651] [ 902.230378][T16661] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 902.268338][ T5837] Bluetooth: hci2: unexpected subevent 0x19 length: 252 > 28 [ 902.276773][ T5837] Bluetooth: hci2: Unable to find connection with handle 0xc3d2 [ 903.348225][T15965] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 903.354368][T15965] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 903.356885][T15965] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 903.358255][T15965] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 903.358983][T15965] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 903.551910][T15276] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 903.712899][T15276] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 903.828683][T15276] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 903.934954][T15276] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 904.240457][T16681] chnl_net:caif_netlink_parms(): no params data found [ 904.313019][T16693] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2390'. [ 904.633820][T16706] FAULT_INJECTION: forcing a failure. [ 904.633820][T16706] name failslab, interval 1, probability 0, space 0, times 0 [ 904.652083][T16706] CPU: 0 UID: 0 PID: 16706 Comm: syz.3.2393 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 904.652144][T16706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 904.652167][T16706] Call Trace: [ 904.652179][T16706] [ 904.652193][T16706] dump_stack_lvl+0x16c/0x1f0 [ 904.652258][T16706] should_fail_ex+0x512/0x640 [ 904.652310][T16706] ? fs_reclaim_acquire+0xae/0x150 [ 904.652355][T16706] ? usb_set_configuration+0x24a/0x1e20 [ 904.652422][T16706] should_failslab+0xc2/0x120 [ 904.652457][T16706] __kmalloc_noprof+0xd2/0x510 [ 904.652519][T16706] usb_set_configuration+0x24a/0x1e20 [ 904.652563][T16706] ? sscanf+0xc7/0x100 [ 904.652604][T16706] ? __pfx_sscanf+0x10/0x10 [ 904.652667][T16706] bConfigurationValue_store+0x100/0x180 [ 904.652715][T16706] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 904.652761][T16706] ? find_held_lock+0x2b/0x80 [ 904.652798][T16706] ? sysfs_file_kobj+0xe4/0x290 [ 904.652844][T16706] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 904.652889][T16706] dev_attr_store+0x55/0x80 [ 904.652924][T16706] ? __pfx_dev_attr_store+0x10/0x10 [ 904.652956][T16706] sysfs_kf_write+0xf2/0x150 [ 904.652998][T16706] kernfs_fop_write_iter+0x354/0x510 [ 904.653027][T16706] ? __pfx_sysfs_kf_write+0x10/0x10 [ 904.653066][T16706] iter_file_splice_write+0x91f/0x1150 [ 904.653132][T16706] ? __pfx_iter_file_splice_write+0x10/0x10 [ 904.653182][T16706] ? __pfx_copy_splice_read+0x10/0x10 [ 904.653245][T16706] ? __pfx_iter_file_splice_write+0x10/0x10 [ 904.653289][T16706] direct_splice_actor+0x192/0x6c0 [ 904.653336][T16706] splice_direct_to_actor+0x342/0xa30 [ 904.653381][T16706] ? __pfx_direct_splice_actor+0x10/0x10 [ 904.653440][T16706] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 904.653480][T16706] ? get_pid_task+0xfc/0x250 [ 904.653535][T16706] do_splice_direct+0x174/0x240 [ 904.653577][T16706] ? __pfx_do_splice_direct+0x10/0x10 [ 904.653620][T16706] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 904.653668][T16706] ? rw_verify_area+0xcf/0x680 [ 904.653717][T16706] do_sendfile+0xb06/0xe50 [ 904.653773][T16706] ? __pfx_do_sendfile+0x10/0x10 [ 904.653821][T16706] ? __fget_files+0x20e/0x3c0 [ 904.653879][T16706] __x64_sys_sendfile64+0x1d8/0x220 [ 904.653910][T16706] ? ksys_write+0x1ac/0x250 [ 904.653955][T16706] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 904.654002][T16706] do_syscall_64+0xcd/0x490 [ 904.654039][T16706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 904.654074][T16706] RIP: 0033:0x7fc67ed8e929 [ 904.654103][T16706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 904.654139][T16706] RSP: 002b:00007fc67fc70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 904.654172][T16706] RAX: ffffffffffffffda RBX: 00007fc67efb5fa0 RCX: 00007fc67ed8e929 [ 904.654194][T16706] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 904.654214][T16706] RBP: 00007fc67fc70090 R08: 0000000000000000 R09: 0000000000000000 [ 904.654234][T16706] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 904.654254][T16706] R13: 0000000000000000 R14: 00007fc67efb5fa0 R15: 00007ffd127aada8 [ 904.654299][T16706] [ 904.674468][T15276] bridge_slave_1: left allmulticast mode [ 905.022032][T15276] bridge_slave_1: left promiscuous mode [ 905.034703][T15276] bridge0: port 2(bridge_slave_1) entered disabled state [ 905.078763][T15276] bridge_slave_0: left allmulticast mode [ 905.085123][T15276] bridge_slave_0: left promiscuous mode [ 905.115956][T15276] bridge0: port 1(bridge_slave_0) entered disabled state [ 905.396560][T15965] Bluetooth: hci0: command tx timeout [ 905.484858][T16717] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 906.115238][T15276] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 906.145210][T15276] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 906.161918][T15276] bond0 (unregistering): Released all slaves [ 906.377408][T15276] HfR: left promiscuous mode [ 906.502161][T16681] bridge0: port 1(bridge_slave_0) entered blocking state [ 906.535813][T16681] bridge0: port 1(bridge_slave_0) entered disabled state [ 906.544171][T16681] bridge_slave_0: entered allmulticast mode [ 906.556023][T16681] bridge_slave_0: entered promiscuous mode [ 906.564897][T15276] tipc: Left network mode [ 906.702263][T16681] bridge0: port 2(bridge_slave_1) entered blocking state [ 906.718771][T16681] bridge0: port 2(bridge_slave_1) entered disabled state [ 906.730018][T16681] bridge_slave_1: entered allmulticast mode [ 906.766262][T16681] bridge_slave_1: entered promiscuous mode [ 906.948348][T16681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 907.029518][T16681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 907.292413][T16681] team0: Port device team_slave_0 added [ 907.326152][T15276] hsr_slave_0: left promiscuous mode [ 907.338198][T15276] hsr_slave_1: left promiscuous mode [ 907.373122][T15276] veth1_macvtap: left promiscuous mode [ 907.380396][T15276] veth0_macvtap: left promiscuous mode [ 907.387025][T15276] veth1_vlan: left promiscuous mode [ 907.393248][T15276] veth0_vlan: left promiscuous mode [ 907.477744][T15965] Bluetooth: hci0: command tx timeout [ 908.167898][T15276] team0 (unregistering): Port device team_slave_1 removed [ 908.235969][T15276] team0 (unregistering): Port device team_slave_0 removed [ 908.979524][T16681] team0: Port device team_slave_1 added [ 909.122126][T16681] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 909.130175][T16681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 909.159958][T16681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 909.239402][T16681] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 909.247530][T16681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 909.277152][T16681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 909.428309][T16760] hub 8-0:1.0: USB hub found [ 909.438524][T16760] hub 8-0:1.0: 1 port detected [ 909.514859][T16681] hsr_slave_0: entered promiscuous mode [ 909.522519][T16681] hsr_slave_1: entered promiscuous mode [ 909.555995][T15965] Bluetooth: hci0: command tx timeout [ 911.636260][T15965] Bluetooth: hci0: command tx timeout [ 912.588210][T16681] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 912.646568][T16681] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 912.700167][T16681] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 912.733719][T16681] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 912.961750][T16681] 8021q: adding VLAN 0 to HW filter on device bond0 [ 913.040071][T16681] 8021q: adding VLAN 0 to HW filter on device team0 [ 913.079532][T15277] bridge0: port 1(bridge_slave_0) entered blocking state [ 913.087528][T15277] bridge0: port 1(bridge_slave_0) entered forwarding state [ 913.140858][T15277] bridge0: port 2(bridge_slave_1) entered blocking state [ 913.149008][T15277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 913.347936][T16681] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 913.620162][T16827] [ 913.622905][T16827] ====================================================== [ 913.630687][T16827] WARNING: possible circular locking dependency detected [ 913.638458][T16827] 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 Not tainted [ 913.646333][T16827] ------------------------------------------------------ [ 913.654109][T16827] syz.3.2407/16827 is trying to acquire lock: [ 913.660837][T16827] ffffffff8e72ea68 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470 [ 913.671498][T16827] [ 913.671498][T16827] but task is already holding lock: [ 913.679647][T16827] ffff8881433c1e00 (&q->q_usage_counter(io)#53){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 913.692096][T16827] [ 913.692096][T16827] which lock already depends on the new lock. [ 913.692096][T16827] [ 913.703663][T16827] [ 913.703663][T16827] the existing dependency chain (in reverse order) is: [ 913.713615][T16827] [ 913.713615][T16827] -> #2 (&q->q_usage_counter(io)#53){++++}-{0:0}: [ 913.723148][T16827] blk_alloc_queue+0x619/0x760 [ 913.729014][T16827] blk_mq_alloc_queue+0x175/0x290 [ 913.735168][T16827] __blk_mq_alloc_disk+0x29/0x120 [ 913.741311][T16827] nbd_dev_add+0x4a0/0xbc0 [ 913.746785][T16827] nbd_init+0x181/0x320 [ 913.751971][T16827] do_one_initcall+0x120/0x6e0 [ 913.757828][T16827] kernel_init_freeable+0x5c2/0x900 [ 913.764160][T16827] kernel_init+0x1c/0x2b0 [ 913.769548][T16827] ret_from_fork+0x5d4/0x6f0 [ 913.775240][T16827] ret_from_fork_asm+0x1a/0x30 [ 913.781135][T16827] [ 913.781135][T16827] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 913.789130][T16827] fs_reclaim_acquire+0x102/0x150 [ 913.795277][T16827] prepare_alloc_pages+0x162/0x610 [ 913.801510][T16827] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 913.808611][T16827] __alloc_pages_noprof+0xb/0x1b0 [ 913.814749][T16827] pcpu_populate_chunk+0x110/0xb00 [ 913.820982][T16827] pcpu_alloc_noprof+0x86a/0x1470 [ 913.827124][T16827] xt_percpu_counter_alloc+0x13e/0x1b0 [ 913.833748][T16827] find_check_entry.constprop.0+0xbf/0xa20 [ 913.840748][T16827] translate_table+0xd0b/0x17b0 [ 913.846695][T16827] ip6t_register_table+0x102/0x430 [ 913.852924][T16827] ip6table_nat_table_init+0x4b/0x250 [ 913.859446][T16827] xt_find_table_lock+0x2e1/0x520 [ 913.865589][T16827] xt_request_find_table_lock+0x28/0xf0 [ 913.872302][T16827] get_info+0x190/0x620 [ 913.877502][T16827] do_ip6t_get_ctl+0x169/0xa50 [ 913.883371][T16827] nf_getsockopt+0x7c/0xe0 [ 913.888855][T16827] ipv6_getsockopt+0x1f7/0x280 [ 913.894719][T16827] tcp_getsockopt+0x9e/0x100 [ 913.900386][T16827] do_sock_getsockopt+0x3ff/0x800 [ 913.906625][T16827] __sys_getsockopt+0x123/0x1b0 [ 913.912585][T16827] __x64_sys_getsockopt+0xbd/0x160 [ 913.918825][T16827] do_syscall_64+0xcd/0x490 [ 913.924377][T16827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 913.931463][T16827] [ 913.931463][T16827] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 913.940011][T16827] __lock_acquire+0x126f/0x1c90 [ 913.945966][T16827] lock_acquire+0x179/0x350 [ 913.951528][T16827] __mutex_lock+0x199/0xb90 [ 913.957082][T16827] pcpu_alloc_noprof+0xb4c/0x1470 [ 913.963218][T16827] blk_stat_alloc_callback+0xc8/0x280 [ 913.969730][T16827] wbt_init+0xac/0x540 [ 913.974804][T16827] queue_wb_lat_store+0x354/0x3d0 [ 913.980949][T16827] queue_attr_store+0x276/0x320 [ 913.986912][T16827] sysfs_kf_write+0xf2/0x150 [ 913.992567][T16827] kernfs_fop_write_iter+0x354/0x510 [ 913.998985][T16827] vfs_write+0x6c4/0x1150 [ 914.004391][T16827] ksys_write+0x12a/0x250 [ 914.009763][T16827] do_syscall_64+0xcd/0x490 [ 914.015316][T16827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 914.022400][T16827] [ 914.022400][T16827] other info that might help us debug this: [ 914.022400][T16827] [ 914.033669][T16827] Chain exists of: [ 914.033669][T16827] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#53 [ 914.033669][T16827] [ 914.048835][T16827] Possible unsafe locking scenario: [ 914.048835][T16827] [ 914.057072][T16827] CPU0 CPU1 [ 914.062990][T16827] ---- ---- [ 914.068906][T16827] lock(&q->q_usage_counter(io)#53); [ 914.074854][T16827] lock(fs_reclaim); [ 914.082041][T16827] lock(&q->q_usage_counter(io)#53); [ 914.090771][T16827] lock(pcpu_alloc_mutex); [ 914.095752][T16827] [ 914.095752][T16827] *** DEADLOCK *** [ 914.095752][T16827] [ 914.104728][T16827] 6 locks held by syz.3.2407/16827: [ 914.110462][T16827] #0: ffff8880320c02b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 914.120581][T16827] #1: ffff8880319ba428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 914.130517][T16827] #2: ffff88805bc9a488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 914.141297][T16827] #3: ffff88802646d788 (kn->active#203){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 914.152468][T16827] #4: ffff8881433c1e00 (&q->q_usage_counter(io)#53){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 914.165363][T16827] #5: ffff8881433c1e38 (&q->q_usage_counter(queue)#5){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 914.178448][T16827] [ 914.178448][T16827] stack backtrace: [ 914.184958][T16827] CPU: 1 UID: 0 PID: 16827 Comm: syz.3.2407 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 914.184996][T16827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 914.185014][T16827] Call Trace: [ 914.185027][T16827] [ 914.185039][T16827] dump_stack_lvl+0x116/0x1f0 [ 914.185117][T16827] print_circular_bug+0x275/0x350 [ 914.185158][T16827] check_noncircular+0x14c/0x170 [ 914.185199][T16827] __lock_acquire+0x126f/0x1c90 [ 914.185243][T16827] lock_acquire+0x179/0x350 [ 914.185279][T16827] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 914.185323][T16827] ? __pfx___might_resched+0x10/0x10 [ 914.185354][T16827] ? ksys_write+0x12a/0x250 [ 914.185394][T16827] ? do_syscall_64+0xcd/0x490 [ 914.185419][T16827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 914.185452][T16827] __mutex_lock+0x199/0xb90 [ 914.185477][T16827] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 914.185523][T16827] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 914.185563][T16827] ? __pfx___mutex_lock+0x10/0x10 [ 914.185598][T16827] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 914.185636][T16827] pcpu_alloc_noprof+0xb4c/0x1470 [ 914.185683][T16827] ? __pfx_wbt_data_dir+0x10/0x10 [ 914.185726][T16827] ? __pfx_wb_timer_fn+0x10/0x10 [ 914.185752][T16827] blk_stat_alloc_callback+0xc8/0x280 [ 914.185783][T16827] wbt_init+0xac/0x540 [ 914.185813][T16827] queue_wb_lat_store+0x354/0x3d0 [ 914.185860][T16827] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 914.185906][T16827] ? __mutex_trylock_common+0xe9/0x250 [ 914.185946][T16827] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 914.185990][T16827] queue_attr_store+0x276/0x320 [ 914.186036][T16827] ? __pfx_queue_attr_store+0x10/0x10 [ 914.186085][T16827] ? __lock_acquire+0x622/0x1c90 [ 914.186130][T16827] ? find_held_lock+0x2b/0x80 [ 914.186157][T16827] ? sysfs_file_kobj+0xe4/0x290 [ 914.186193][T16827] ? __pfx_queue_attr_store+0x10/0x10 [ 914.186238][T16827] sysfs_kf_write+0xf2/0x150 [ 914.186273][T16827] kernfs_fop_write_iter+0x354/0x510 [ 914.186303][T16827] ? __pfx_sysfs_kf_write+0x10/0x10 [ 914.186339][T16827] vfs_write+0x6c4/0x1150 [ 914.186379][T16827] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 914.186411][T16827] ? __pfx___mutex_lock+0x10/0x10 [ 914.186437][T16827] ? __pfx_vfs_write+0x10/0x10 [ 914.186488][T16827] ksys_write+0x12a/0x250 [ 914.186527][T16827] ? __pfx_ksys_write+0x10/0x10 [ 914.186567][T16827] ? syscall_user_dispatch+0x78/0x140 [ 914.186621][T16827] do_syscall_64+0xcd/0x490 [ 914.186647][T16827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 914.186677][T16827] RIP: 0033:0x7fc67ed8e929 [ 914.186703][T16827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 914.186733][T16827] RSP: 002b:00007fc67fc4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 914.186760][T16827] RAX: ffffffffffffffda RBX: 00007fc67efb6080 RCX: 00007fc67ed8e929 [ 914.186779][T16827] RDX: 0000000000000001 RSI: 0000200000000ec0 RDI: 0000000000000003 [ 914.186797][T16827] RBP: 00007fc67ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 914.186815][T16827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 914.186832][T16827] R13: 0000000000000000 R14: 00007fc67efb6080 R15: 00007ffd127aada8 [ 914.186859][T16827] [ 914.533255][ C1] vkms_vblank_simulate: vblank timer overrun [ 914.737849][T16681] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 914.838284][T16681] veth0_vlan: entered promiscuous mode [ 914.942191][T16681] veth1_vlan: entered promiscuous mode [ 915.025157][T16681] veth0_macvtap: entered promiscuous mode [ 915.747748][T15286] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 915.870829][T15286] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 915.981618][T15286] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 916.062364][T15286] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 916.266390][T15286] bridge_slave_1: left allmulticast mode [ 916.296827][T15286] bridge_slave_1: left promiscuous mode [ 916.303146][T15286] bridge0: port 2(bridge_slave_1) entered disabled state [ 916.319991][T15286] bridge_slave_0: left allmulticast mode [ 916.326380][T15286] bridge_slave_0: left promiscuous mode [ 916.332774][T15286] bridge0: port 1(bridge_slave_0) entered disabled state [ 916.479279][T15286] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 916.491229][T15286] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 916.503704][T15286] bond0 (unregistering): Released all slaves [ 916.787805][T15286] hsr_slave_0: left promiscuous mode [ 916.794363][T15286] hsr_slave_1: left promiscuous mode [ 916.812273][T15286] veth1_macvtap: left promiscuous mode [ 916.818911][T15286] veth1_vlan: left promiscuous mode [ 916.824799][T15286] veth0_vlan: left promiscuous mode [ 917.154036][T15286] team0 (unregistering): Port device team_slave_1 removed [ 917.195951][T15286] team0 (unregistering): Port device team_slave_0 removed [ 917.880346][T15286] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 917.932961][T15286] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 917.983079][T15286] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 918.065317][T15286] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 918.183077][T15286] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 918.232828][T15286] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 918.284373][T15286] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 918.339579][T15286] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 918.432321][T15286] bridge_slave_1: left allmulticast mode [ 918.443658][T15286] bridge_slave_1: left promiscuous mode [ 918.457305][T15286] bridge0: port 2(bridge_slave_1) entered disabled state [ 918.468180][T15286] bridge_slave_0: left allmulticast mode [ 918.474473][T15286] bridge_slave_0: left promiscuous mode [ 918.482724][T15286] bridge0: port 1(bridge_slave_0) entered disabled state [ 918.494897][T15286] bridge_slave_1: left allmulticast mode [ 918.503749][T15286] bridge_slave_1: left promiscuous mode [ 918.510625][T15286] bridge0: port 2(bridge_slave_1) entered disabled state [ 918.521616][T15286] bridge_slave_0: left allmulticast mode [ 918.528036][T15286] bridge_slave_0: left promiscuous mode [ 918.534379][T15286] bridge0: port 1(bridge_slave_0) entered disabled state [ 918.548446][T15286] bridge_slave_1: left allmulticast mode [ 918.554796][T15286] bridge_slave_1: left promiscuous mode [ 918.563501][T15286] bridge0: port 2(bridge_slave_1) entered disabled state [ 918.574855][T15286] bridge_slave_0: left allmulticast mode [ 918.582566][T15286] bridge_slave_0: left promiscuous mode [ 918.589510][T15286] bridge0: port 1(bridge_slave_0) entered disabled state [ 918.812675][T15286] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 918.823992][T15286] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 918.835129][T15286] bond0 (unregistering): Released all slaves [ 918.936750][T15286] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 918.948733][T15286] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 918.960224][T15286] bond0 (unregistering): Released all slaves [ 919.044420][T15286] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 919.056660][T15286] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 919.067402][T15286] bond0 (unregistering): Released all slaves [ 919.521695][T15286] hsr_slave_0: left promiscuous mode [ 919.529806][T15286] hsr_slave_1: left promiscuous mode [ 919.537000][T15286] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 919.548917][T15286] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 919.563789][T15286] hsr_slave_0: left promiscuous mode [ 919.570391][T15286] hsr_slave_1: left promiscuous mode [ 919.576903][T15286] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 919.585087][T15286] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 919.593851][T15286] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 919.603286][T15286] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 919.614714][T15286] hsr_slave_0: left promiscuous mode [ 919.622096][T15286] hsr_slave_1: left promiscuous mode [ 919.628566][T15286] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 919.636797][T15286] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 919.646122][T15286] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 919.654288][T15286] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 919.671415][T15286] veth0_macvtap: left promiscuous mode [ 919.677695][T15286] veth1_vlan: left promiscuous mode [ 919.683508][T15286] veth0_vlan: left promiscuous mode [ 919.689960][T15286] veth1_macvtap: left promiscuous mode [ 919.696163][T15286] veth1_vlan: left promiscuous mode [ 919.702010][T15286] veth0_vlan: left promiscuous mode [ 919.708936][T15286] veth1_macvtap: left promiscuous mode [ 919.715021][T15286] veth0_macvtap: left promiscuous mode [ 919.721503][T15286] veth1_vlan: left promiscuous mode [ 919.727817][T15286] veth0_vlan: left promiscuous mode [ 920.013390][T15286] team0 (unregistering): Port device team_slave_1 removed [ 920.049114][T15286] team0 (unregistering): Port device team_slave_0 removed [ 920.308357][T15286] team0 (unregistering): Port device team_slave_1 removed [ 920.340237][T15286] team0 (unregistering): Port device team_slave_0 removed [ 920.588385][T15286] team0 (unregistering): Port device team_slave_1 removed [ 920.618830][T15286] team0 (unregistering): Port device team_slave_0 removed