last executing test programs: 8.972654322s ago: executing program 1 (id=2827): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x128, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0xed, 0x7, "02f4f71d26d29ffe1a91ce373441fd66972cbc1ec8e53590ea1d973289e6fe4aa30723c946b63e5514a63b43d297a2148b5326e1522db1f2f55011e59af27a769c365bce18154aca564f7dbba69ad224e027f35f3a417834ddc1f1aa9cdf14e7b044effb330e5aec8b3340ac97c3a790d64df6a74cae98f1edcd44953d2243f3967eef4978f6927ceca57e009fe7487a39ad01d4fa4ae4f9b536d6b787461911605741221b30f8ac3e415d44c7a1ad289935847d76c40e3dea919f901114659f45eed452b5ffaa9d5fe9696433599aca2bc960db499261dfa0145a2473da08303f70cf291bebcc9329"}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x128}, 0x1, 0x0, 0x0, 0x44000}, 0x40800) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000240), r0) syz_clone3(&(0x7f0000000440)={0x2000000, &(0x7f0000000280), &(0x7f00000002c0)=0x0, &(0x7f0000000300)=0x0, {0x2c}, &(0x7f0000000340)=""/84, 0x54, &(0x7f00000003c0)=""/8, &(0x7f0000000400)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x8}, 0x58) msgctl$auto_IPC_RMID(0x3, 0x0, &(0x7f0000000540)={{0x7fffffff, 0x0, 0x0, 0xde, 0x6, 0x7, 0x9}, &(0x7f00000004c0)=0xf7, &(0x7f0000000500)=0x71, 0x5, 0xfffffffffffffff7, 0x8020000000, 0x3, 0x3, 0x9, 0x200, 0x7f, @inferred=0xffffffffffffffff, @raw}) r6 = clone3$auto(&(0x7f00000005c0)={0x9, 0x9, 0xffffffffffffffff, 0x8000000000000000, 0x7, 0x100, 0x8000, 0x0, 0x9, 0x2}, 0x8000000000000000) sendmsg$auto_NL802154_CMD_NEW_SEC_LEVEL(r1, &(0x7f00000019c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001980)={&(0x7f0000000640)={0x1314, r2, 0x4, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0x4}, @NL802154_ATTR_SEC_LEVEL={0x12de, 0x2d, 0x0, 0x1, [@typed={0x8, 0xc6, 0x0, 0x0, @pid=r3}, @generic="03187746bf5c42e058436756b9a3cbfff4b0990dc28c373a7135f70b58a3a260a8edafba5a300199c934968f0058658acc31acc78ee2007d64ffe50a8148bc87eb714293f3f84a4ef21ab80cc07d421b0706edbd9caa3f5fef17e9c4e5d25e335b6490cc0de464d540a2399b8b41", @nested={0xbd, 0x13a, 0x0, 0x1, [@generic="9ee2a3ea2090c869793d9e5ec65796db729bb595715c60c582c221904762cd062cdd2d194dbfa6a075cb15e0e3019bc5a0c6001c32dc803b8680d984580973318f99010c532df08dc61a57a770f63ba3b86c0bcbeeb3f1ba3ca6ca60b6110665732db5c6852238e9a3cea83d12b08d42391ca33e1a439cfb5caa8bf504d4c3b2d1b8db760d798c1e28e0d65b74c1608c378fc1c7d8f11c80e9b26ac035f9793c265b7ca083fa1b7daf5634e0e76d5f2ed17038848c81645153"]}, @typed={0x9, 0xf5, 0x0, 0x0, @str='{(@*\x00'}, @nested={0x1196, 0xec, 0x0, 0x1, [@nested={0x4, 0x39}, @typed={0x8, 0xba, 0x0, 0x0, @uid=r5}, @typed={0x8, 0xcf, 0x0, 0x0, @pid=r6}, @typed={0x4, 0x4f}, @generic="9203f0ab84f64a43bf8ad1e8b8adfd1e09d1d1c9a70a3129a57b840f8a0722318f6ee139a244c66ec019c6e70ca4924b536a3c5e97331668613e51552257cf6ad74c3f3083b9cc4607e7b70df0adf2bec2fac24ca002ccf79d88e120269d4196ee6eaff693aa8e7f4a4e4cfe602439e817a24ed94cb8e752c6fbba624417a75c42ec2c49389091f68982e76214a38b47f3f9a91d3055d0651af88e8c1dbbe588912ce069795b0e5b96aebd1cb90730215c21ca12ca9f6179add1577e45effab265e2bd469d921bdc464ab87c69830a3fe8dd755e713c050006b1d48c9f15fb9bcd1e6657a561afeb3f204aeaeb35b4e1ecc55a20a08eba38368a", @generic="aed51468a77f880a828c2e15fdceb0c1d08f1715d69feb082f823f47934e84ba7189742c835df0f287e18d9d66dc10471ac8e909818a612255ae87a3ba92030e682133cf4d86ba0eee67f650ce9d7f26929054f759b090830c489b89e82d3fd25751ddaca7938dc569723b1656d6542d7131e30a24f87c76430e6565d917893af3d3d8248289e7e1f28dee69aae81a26564b503bca82365b24677715cd3efec5d20d1f7f74670022991059c8d61e46c3326297b09c4e486305ad1259a2f4284ae0a190542e67943c81bb1dd420fe8660bb5e88ab53b6bd0b873739ee68bc226b2535d6ef446bb1539c330c5bda30aecf3d8696b3cd1e83c6a23106118067b5657720794c390d375f89f429c2aea2ead55cc6f92b0fcf468f06e6d54acbc68abae485910d37c15b1684dc2ba0a2a4c97e49eb7beaf662a54836560b9be499a5b95d17da536fe57251fad52759460a12235b4ba67a6eb33a9efef1b437bd56516c008d2357e7043587cd5007265ad1e6edd0765bae7d703a98f79217b79a66615c4fa2c052eb5e9bc03db2cf7e2cc1232ecc3f264361e0211bf75bee2cbaff0a72f5c1229c7afa05ef286b6f5fccdb2eabb891d01a42c10803ee91aee1aaf744e305c851066093e2f3f284f860a5a1544c84c8b932a207b34c24d482198e82439d0717a175d79cef4e9d7dc1bcd5cbd1c6f76d29d099619c0624014e04ea664d6ab4c618c2943798dfd5fec8b4ce9d21bd95997d9a164cd7d6c003a2fa1a2ce8dacf0f2bdce9566cd9abe22d1f0248300ec4236d6e839533971b84e3dd752f43df79e4b899514d0706f821962ce5cf85da6d3e03a0ae8f85010c320bb2334ecec1f86fb34ef9f7bebd2a2c07b2056d1821fc18a2f9f6d20d64090d989b74de8b577645a2de0c6d62c27a84307e93abad7b2538ac42dd4d81f06fc45689102fcf8b4fff0e74c91bee1083edabbcca3a269d0349b87c4d0a7e1238c4f4578c0bad85fd953e77adcf87717629a704b8fe24b615e8d276ffdc0a250157e9d2772fdb48205ded3bbc8ae8a5da123d2d02a8a899e858536bf70ef713b615938efad491a3d417ec9d389a8435167dca2423302a7fcd4c76b510dd9b9e8de7576aa8f7e7015e26eeab01ab895992ded7c2f8a08ca33857ba7e93a762f310e5d196db25b456439b13b2da35e9cfcb27e0bd0d24fe8166109786b8d514a938fe3217949b34fdfbe78a3dade5ef0ff635f5ba551e232a87f19bc31d4087c4a4ff77d3799028fca68d25daba51e8914135ae3b3f3e5cd443f2309840b1b698188620151839650b93ff8c1b274f9f7bc5971e9c9323522ad7f5797d2804b9ed01382569131ba6262b26a19f8082924c623fea4e2873f97efb5844bbe8e7687e048de0416b195b7459d63bbed49a9d47d7d0d616939b5da78747a04f1cdda6e001c83ff82c0d1b9e5b0bf5cd66fcfe207f25745f69287f4935a5312e5f409d72c7c45f741c68142f481e52d648f2d08d228548fd0cfd446bca185990b3b5f8ae2d14f865453c3e94bbdacc921b82f5ff71d2a1a761adecabc36d6bac14763b0dd1192cca245b8eb3487ed22cbd50b4e9a701b301b4b558ca967982a18985bcb012982f10e63df8f339b3ce84198a1933a7d11f7a1ba99eec2014fca970ede903162412236a831ed6b8fb8b81e648b8aeb9afb205e49d14d34997a03aabac50abaed14a52eb61e44b9a8b437375e6c2e31909ea2ad62b3ca23ece2097718ee69c5afbdb5f2db3ca70c39e3750294aa9e203340c74ed199580ac0518180b568a0d0c2d59e7466327ada795bb6a6a0bed29ceac85093252ab1ee7138742d8e50f36e4737d006b17ae7cde731cdefee6b2139b6ec91773411f29181b9452b35218d1e50c58bf2de74565c8b854151b9b5bd2c06a41fa0eedd527ed0e45c3a01296ac1404609b7bf251c0c3b00ba44698ac528b9c3e50fb4fda5cffbe33e30958ee42d1ff6c5cf89bb7b7f08424844d13de4e8eea5b28b173e1314af431612b7b7e2a187967faa0cf00e28833c6d6de59bdb52bf7e22047690584e650814356faf1f0adecc647a0189a0fbad4d44e1f9abc46e0a38b9f700f8c6c3d354e61b4fcab66e391dc64bafe28e32f64a8dae95a2028d108361b9e89880d62f4367801e0e3c269234924ad5224298039213f67abd150a42bcaed0a988efea22113e36f24f8ef61f3159825d879d64488b208c56a317176cfc1a5746496a9d5232f05c66764b6a17bb03531cfb578ff53da69ec509af0a2bb23eb5b8a8fccac690770f2c17c5c9b00636e07298b3132e2dcabc09f3315d28864cac4fb3c8666f4df6ae4e30a7317ea115bb90f7e237a52957cd6d9e611c719fd78593d0781cf4915d83946c10b62874fa064ef089c0b16864ce3217beffcb920c8a88c7bc44ff4e0db4d1a678ecf58c1067bd61c4d02b97d3f940be399f160ed7afdf9e331893d765ed3db4acedf10b472dc6902c51f0bba67ebce305237020bf80e58eb49f82b0d18c8d35e364de42ba19fbc604109ed751dc0b98f9d721b292dc2c1266ec02073ccecb8568022ee7db64eefe42889e69588ca320812f84c1decc4617bb7a464202496ac068b6c522fee593ed459470d735950704a68eaaeef9d4ec74f627e176ce6bf775da71efca2694e8237366268d4717be0ea4a09200a95c1b3487344ba25b490cfd518884f89cfe272771bfa82d3de5096f7a6e1e101849cd839973f0fa449ceefabcb1e1fd92a5f9fa2cf39235e307494198276a4815e8d3a16f5ab51da275f7ace8ff45d559cbbf94d3e745b982673f96cf22a0ea9bc5556321c0c369c8698834db5995dbce516b4b0d4b6adc1c471b129d9b93a3865e6be9a4db9516ce5e369f848cc9efdabc70e3b747dbe02eb728688892d2f04720aa44146928b31cc17b2aa3c893863ca465dd1e143956e9367a8ff3624ad8deec6db5b215ed74749857598eba3d5b0d7ebed45ab1b4d3f0a7eb6d4d893a36dcd78e14c364d7e85753a3332b38c34d39df072f0d09b9f57d49191c702d3e8e9ad01dd80da57764c439573cf4c3e1eb92f6e3a898dfcf6c2eb1fc2414ce74af4fd33781b4d3e2a889a45b54d982291163254515138eb1978919969df4e86410b34b5ee6c4f39419451f1f0f0b482d9128987196b49d888fd9bc6938fa01859281997f87fb33354c57d0a7e6d84dd3b6962ccd479ac6fa1b273607e9515ce97d616231d367f1dcb86fa0a33bd8c6008db9d54ee5ba664409e50075e59f502ed67a53743d28a695d9a4f06da1458e2ef367f4827f243ff0fcbc6d7fb4c9c9d76b360c32a8f5a1eb9f3426fb177de46d8206a57c8a07b2d183f3317b5c8d0edaecdbe30d6373dd6286508dddced21bcbe440c8ad8225624c39b462fc9d1a4cfb562955e17e0b1f10e6c438ce711e9f1519f389ce6050ac1edfe16759d86c8995c0b7e91e9f12ef21d1a5997264eae9e16394d3c08d2635ab284d80a8f1e3847122f65f9a3b3cf5057ff3708f710fd4a28aa5ab7ed25cfb70db20f31dc3bf9d58d6fd33dcf8cb003fd3d8e6b9cab18f0a2280a8b0f137a360732161401244e66dec0053b056cb9bb14ea81620b4ab335a8c235b6c5ed70a37cfcfa8f23b53430e26668d86be306f73e67fdcad5ed4e535789239e858247e602830d4973cd3f668cac8cd57b44fe7a9c95634a24b0e6fa5a5cc91573fe4508df7d65f4988b30197f3d0628f2155acc99fe229c10fe946feb5a95cd6b4bb4fcd914d88e66661b51c0314eb1cb1eb4e1568fb2f9da065add327fa9f330f823465fa1d3ec8c1e35977f3f6514f80764e20936848c0e89299d4a34f66cd6940d7b312798106cfee1510be4b12f893f20e1e027be0c3d43aa6c1aaf20d7ea744e6ea72b90c8d0f9e3e634d6ac3737c87d450451488301287a188fbcdd0ec65c88a6c6e95c50ace89262e4a05c83a75c51a4bea278cc619a46e07c1114578c3e57d234a584eb4159d0f540dc7824231426b137ceedea80d7380e436cee8244b4bc8ff4da2e915a7506a77b71211c1e38b69bac7f8d8bb6f7aa7bcfee79604f27b3a02c0ff5e2df3a7f7ed0717fe74bf31c118eda8899b225ec39f41d92f48398799b6aea0580f5050081d79092d89ff6b41196291ab2a3be480a873f7a76a30f1ec3ad1c67ae4676a4d1909343d3828b17dd3aa21084636b650eb8e9972db474347c213c4e3a54de77d86a0964cda3136b35e13a0575fd8ebaa095186f8951df63e37c265787dde21260cfaf0e37b89b655ddaebb878dabaeb34856d72923d42896a441bc7e609c9c1d6240d4dc7fff44ea6c11f80829e5b86a99b32dd65550ab7032896ac08eb99e15810e20bb80a5b8eafd26bad7cfc3fa4f99f9b93654af2cb34644700c9267aadc57e16a9be0ef4b8bacc8246ca3c7365a8d086fd312f986ebdcec3938fb0055d893bd52a7ecd08e3c78bae71012c926f2740062745d4bc97990d886aac4ee656cea05df6fed88a90b80268b5da6e4458570bfb2f175ae7dcb695a3728d7fe325d5b71315f5baa189ba5910678c5e2d71fe2e5aa8b7d1c793f75ba096a90f9484e54cbe1289430f40ce7a44d95e38e84e6232ffd6d0195710454ab9c96cdb18df7ad2e4c93aa806c1b9732f20318e37bf45df78a33e30dce2c5ffaed745960f526a74ea816b9aa12492a1c9a7d66f33660c0a1b79245c0c7080cd5a2fed8180ac928e4d6266a475ec972be7a2e94b9506fb0730baf62c59ca36db63347e76df25d8cf4cd2cb2dc738d085accb01f2a0923c825b24701b979b7ea328d3f2b2cfd54a492d09a48e813d2d5f468ff52af6e6da9a502db6bd25db176c1099b35bfd88af03b92b4a59fb6dcf67fa73ea8487f5993b8fdf3ab39419849330f9105075ebd4c92c174d4f10838836232f29852a5ef4c33074651d6e42b6ca4ff346c6ddab426fae42f4aaeed922d2e43948cffbce7902deb29622bdaaaab97fc5cf63396a25f3c4d776c7cd69a66e656c6d2b232367ba4d5a6d4ac7ca6ed6dadd66a8320950d9224b25c947b91c6710323bb0fc1e0a540c1836dfcf1e45cfef03fbb5e70bd1156fe81d38c84251bbd3cf2d7b3b2141aafdd7b346075969be826f7fcb5ef6d5ab1668729191b7a52194db0e386114aa4642de100db7327ceb4d92d5cbb476b749d0232465693e5c9e24ab724d3979717d26925eaf458565c30c4e7b8f0c4ff6bca60838114bd4ad831a8c95f2fff7274a971e753d252fd11667c49964314d73afe54dee2f6b4ee507d9fb3683b51dbc5ac65e47e5bece514bc9b2df2ee3b399caeeaf416e0035cd653c511fd93505ec4897f316b04287e6aa3c90882f25ca6ed6f8dd8b21b276ad136e5a3313bc90752022dc325da384fe4ae0f3ec5050f8db7ad042150ed482247f3e663c931a3137aa81d91ded5d3e15bcfdba42cf35e16ac866965c46209e998aa84d3ce4034a3ed0ec3f0175480d8d0b853faa465bb6f326743880ba08c1cc99deb4fdb78ba3d54e4e55984f7356b653f8d9721e8bcb8995c7ae79b2314ad3469223020832c080d2c3f47f31d5ea0bb7ce112cf2facb07bedf8c36d49cddb04d66f5991195085727769c3591dc81b010b799027518d8c6731d634c3c75f5b47ee169b639f76dcfcfd4566886caeaf10edbccad05590067e9636becc822eb2e97dbbeddd614bd4de9f7a46c674918a2ddfef0ac1d61e508a574e24c111d11eee11e26140f24be06feb633901f3b3709de0c7eaaa8fe905aa238702b43e12cba2179097816ae45bc0bef356083508a", @typed={0x7a, 0xe8, 0x0, 0x0, @binary="840bc68010f9f646893e9daee4497bfdb81af0cb57184f78b1754f283d03a86207cfdeee7bf277f26ace6ac2704180e18347847798a776445c30c0db7cf89a741fdf0990bec78633896e3c951f95adfe8e49d07719c24a8ed8ea1403d5f0bbe12d487427a6df86fb8d68143c76059593d33e2d059b33"}, @nested={0x4, 0x13c}]}]}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0x20}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0x1}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x4}]}, 0x1314}}, 0x4008045) r7 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000001b80), r0) r8 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000001bc0), 0x18000, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(r1, &(0x7f0000002080)={&(0x7f0000001b40)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000002040)={&(0x7f0000001c00)={0x420, r7, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@OVS_VPORT_ATTR_OPTIONS={0x153, 0x4, 0x0, 0x1, [@nested={0x11a, 0x86, 0x0, 0x1, [@generic="2da44e8ced4778d540ca5343b12f4c191832074f2698ee795cfbee7971b0bf4728d0191b251544d8818e49739d8d996d100a3b10b6265aa39a7dea451d2b8afe606781d00b1ea1d70efeb2665e7bf10084512c76e41941e1161c695b3bce17d2", @nested={0x4, 0x14}, @typed={0x8, 0x131, 0x0, 0x0, @fd=r8}, @generic="1e8900adaa8e49e2cdc15dd25298a115bd44ea5e2718d55476e1084132dcc75bcfa8cd1ff24fa906e54515b11a66048202fdfed36a00213c5cc1bb9fb863af6552b44f5450298c1ff0edf0c4bdaa3292fbf2776f4fa5e9c2dabfef0a13dd31f31728d094bea3e44f7c7413958748f77ec0f5c6a03269cc5a3cfd86f0546e76ea67ca6ec726debb1f10a7209501847aafaa919a5557930c253705ded4e5151965825c1cc44878c994023a"]}, @generic="00ffe3ea31dbfc56e173b2947be27e572d477df245e981680126f530d44f92d30c9eba453a0f2f0b5d1b45d25fd1a0e1fcb89d"]}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0x1e73}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x77f}, @OVS_VPORT_ATTR_OPTIONS={0x2a5, 0x4, 0x0, 0x1, [@nested={0x223, 0x13d, 0x0, 0x1, [@generic="e2e0129d2dd90e6144c7f2e7cfcc78bd18277b496fafc996ba4c57ae17a80bd85e26607f984924d2671ec650d5d51029f4fd1b1c29140975d832253fc351f9b23710a0ea8fce97959c6d5cb214ca353ec8f0be5c231a4b983f124c09a7aceb13610e0ae8784f52fa8500a816899b1c5d1660d7c0bb1b927f5cf1d1b3e460cd678e44c134c59dd1a8df204db03bd4d1a75f2f94d79aab2f13758cd18a849d4df89718c1ed6770d18c57a19f45c6cca429cfff4ba10a988ff1829616991f3d0a0da098f4abfd2ede75a3dd20e9370d56489fcb709ea3d6843bebd35d6c177e32f509be2e5bbf", @generic="78e516139157dd8be0f6d76370ee3f4e112822b92e22cd06fdf34f51424a13ff502d62efd0a3407787b9ef114f93388a53444c431346b191fffa3e97b3caea97ad8d5035208cffcf015a5578c29a552d74d452b62a59ba355f6d3d9e6c64d60538dda47bbce78886e89be19494ad58974247fca595e18b93101b886071e15e36f7672b225d1e8df35593ead14348f7201a774f521d6ee1320f31c7dc43bd199052c7f2f3f04122880746a771", @nested={0x4, 0x6b}, @nested={0x4, 0x7d}, @generic="20ca8d5692b400e2f35b3b91fef5076b9664f84d3cc9bbdb0948b576dea04feb4e4e671f9143676a914e8410caeed347c042756f70c05de0a8949275e114f7af9771", @generic="43041e0f1095809b78d6cda86f9290f29516e458d1c935a85b0982e55c32f2cf8d547b4f7161f6645ecbde79b0838886f0058ced97281e25", @nested={0x4, 0x10a}, @generic="fc0aea33c5439440"]}, @generic="cd6b67fb380f6ea30e9d5f352ecc720e9fa4ba8c65", @nested={0x67, 0xe4, 0x0, 0x1, [@nested={0x4, 0x7b}, @generic="3ee0c825282d98d5302a4df1f14d33f1c37806b544eaf35999a831373f31aeee8f59e25ea4056a8bb22b78fde1b52edcb9cfcdd9683872bd4b0d936e41347a1ea2c92ccd1fb1a057199518025eb349e9486468e543c1c3c9d5bf29cd08670d"]}]}]}, 0x420}, 0x1, 0x0, 0x0, 0x4840}, 0x40) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000002240)='./file0\x00', 0x20000, 0x28) sendfile$auto(r8, 0xffffffffffffffff, &(0x7f0000002280)=0x5, 0x8001) mmap$auto(0x4, 0x1, 0xffff, 0x1a, r0, 0x400000000000000) r10 = prctl$auto(0x10000, 0x5e, r4, 0x401, 0x8) ioctl$auto_SNDRV_TIMER_IOCTL_STATUS64(r10, 0x80605414, &(0x7f00000032c0)={0x68f, 0xe, 0x9, 0xa08, 0x0, 0x7ff, "f19cfb198651ef047328ad1bdf33ff927176834bc50b4c104140880e82aa895b5e91098f2d47db7f4ef576fc461364e096f3bc5fe3e1fd7be4056c012f474559"}) linkat$auto(r9, &(0x7f00000035c0)='./file0\x00', r10, &(0x7f0000003600)='./file0\x00', 0x0) 7.840473721s ago: executing program 1 (id=2831): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/card0/pcm0c/sub4/xrun_injection\x00', 0x400, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setregid$auto(0xee00, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder1\x00', 0x0, 0x0) r3 = dup$auto(r2) lseek$auto(r3, 0x7, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = socket(0x0, 0x3, 0x301) setsockopt$auto(r4, 0x10a, 0x12, 0x0, 0x69e) r5 = socket(0x11, 0x80003, 0x300) sendmsg$auto_NLBL_MGMT_C_REMOVEDEF(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_MGMT_A_CV4DOI={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8}, 0x40095) setsockopt$auto(r5, 0x107, 0x12, 0x0, 0x4) ioctl$auto(0xffffffffffffffff, 0x89a0, 0x4) 6.895602741s ago: executing program 1 (id=2833): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ptyzf\x00', 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r1 = prctl$auto_PR_SET_MM_ARG_END(0x9, 0x9, 0xffffffffffffffff, 0xd, 0x13) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/pci/rescan\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000200)='5', 0x1) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, &(0x7f0000000200)={[0x8, 0x4, 0x2, 0xb, 0x1, 0x9, 0x0, 0x7fff, 0xa, 0x193, 0xfffffffffffffff9, 0x3, 0x5e4, 0x101f, 0x1, 0x1]}, &(0x7f0000000380)={[0x8000000000000001, 0x5, 0x5, 0x10001, 0xe, 0xf, 0x5, 0x3, 0x59fc8000, 0x200006, 0x8000000000000000, 0x3, 0x800, 0x7, 0x1ff, 0x5]}, &(0x7f0000000280)={0x6, 0xc8}) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) socket(0xa, 0x5, 0x94) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(r1, 0xfffffffffffff000, 0x4000000000002) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) r4 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/smaps_rollup\x00', 0x1a3000, 0x0) pread64$auto(r4, 0x0, 0x22, 0xc) ioctl$auto(r3, 0x5403, r3) 5.663546266s ago: executing program 1 (id=2837): r0 = open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0) mmap$auto(0xfffffffffffffffc, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0xeffe, 0xb, 0x2, 0x9b72, r0, 0x7) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) write$auto(0x3, 0x0, 0xffd8) 5.191864846s ago: executing program 1 (id=2839): mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x5, 0x0, 0x8004) madvise$auto(0x6d5, 0x90, 0x5985) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x2, 0x0) setxattr$auto(0x0, &(0x7f0000000200)='*\x00', 0x0, 0x800000, 0x0) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x5, 0xfffffffc) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x6, 0x80003, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) semctl$auto(0x80001ff, 0x804, 0x3, 0x4) clone$auto(0x2, 0x5feb, 0x0, 0x0, 0x2000000000003) rseq$auto(0x0, 0x8000, 0x0, 0x6) r2 = epoll_create$auto(0x2) epoll_pwait2$auto(r2, 0x0, 0x8, &(0x7f0000000000)={0x0, 0x7ff9}, 0x0, 0x8) socket(0x2b, 0x1, 0x1) sendmsg$auto_GTP_CMD_NEWPDP(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000125bd7000fddbdf250000000006000600000100000600060005000000080009000f000000080009007c0000000c000300070000000000000008000100010000000800050000000000e6e694e9490691176afd60430f7c"], 0x50}, 0x1, 0x0, 0x0, 0x4000444}, 0x40000) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(0x0, 0x80) socket$nl_generic(0x10, 0x3, 0x10) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x1e, 0x1, 0x0) socket(0x28, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff) 4.741383105s ago: executing program 0 (id=2840): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0x28, 0x1, 0x0) getsockopt$auto(r0, 0x9bb9, 0x0, 0x0, 0x0) r1 = bpf$auto(0x5, 0x0, 0x102) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_SCAN(r2, &(0x7f00000165c0)={0x0, 0x0, &(0x7f0000016580)={&(0x7f0000000140)={0x14, r3, 0xd3ac6c422733a379, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x34, r3, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_HE_BSS_COLOR={0x4}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0x6}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}, @NL80211_ATTR_SAE_PWE={0x5, 0x12a, 0xc}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, r3, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xdef6}, @NL80211_ATTR_COLOR_CHANGE_COUNT={0x5, 0x12f, 0x96}, @NL80211_ATTR_PUNCT_BITMAP={0x8, 0x142, 0x2}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x2}, @NL80211_ATTR_VIF_RADIO_MASK={0x8, 0x14d, 0x6}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x11}, 0x8080) 4.53649416s ago: executing program 3 (id=2842): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/card0/pcm0c/sub4/xrun_injection\x00', 0x400, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setregid$auto(0xee00, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder1\x00', 0x0, 0x0) r3 = dup$auto(r2) lseek$auto(r3, 0x7, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = socket(0x0, 0x3, 0x301) setsockopt$auto(r4, 0x10a, 0x12, 0x0, 0x69e) r5 = socket(0x11, 0x80003, 0x300) sendmsg$auto_NLBL_MGMT_C_REMOVEDEF(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_MGMT_A_CV4DOI={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8}, 0x40095) setsockopt$auto(r5, 0x107, 0x12, 0x0, 0x4) ioctl$auto(0xffffffffffffffff, 0x89a0, 0x4) 4.400819188s ago: executing program 0 (id=2843): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_KVM_GET_SUPPORTED_CPUID(r0, 0xc008ae05, &(0x7f0000000100)={0x3fd, 0x0, [{0x0, 0xffff5a9a, 0x7fffffff, 0x0, 0xf, 0x8, 0x6000}]}) (fail_nth: 4) r1 = socket(0x1d, 0x2, 0x6) getsockopt$auto(r1, 0x6a, 0x5, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8001, 0x0) ioctl$auto(r2, 0x401870cc, r2) 4.24708431s ago: executing program 2 (id=2844): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) ioctl$auto(0x3, 0x4020565a, 0x38) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0) r2 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x10303f, 0x0) ioctl$auto_SNAPSHOT_ATOMIC_RESTORE(r2, 0x3304, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_OSS_GETVERSION2(r3, 0x80044d76, &(0x7f00000001c0)) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x1a9382, 0x0) ioctl$auto(0x3, 0x1260, 0x7fffffffffffffff) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) r5 = socket(0x23, 0x5, 0x0) bind$auto(r5, &(0x7f0000000140)=@phonet={0x23, 0x6, 0x0, 0xa3}, 0x80) bpf$auto_BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000340)=@task_fd_query={r4, r5, 0x8, 0xc, 0x80000000, 0x7, r0, 0xef77, 0xff}, 0x2) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling\x00', 0x8000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000080)=""/135, 0x87) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 4.064571723s ago: executing program 0 (id=2845): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/midiC2D0\x00', 0x608203, 0x0) madvise$auto(0xfff, 0x8, 0xab8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa) mmap$auto(0x1, 0x3, 0x3, 0x55, r0, 0x8001) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_check_wx_fops_(0xffffffffffffff9c, 0x0, 0x400, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="3400bf32c2cdd1dd873850d2a94691a41fe7ece448c7c3edea0739dc942ffc1859bf4eca2404a8a215edcb4e58f2ce891d4a4f0474d9eef36555549fd42eed86ee78cbeb68903c182c46ab11ba6fbfe2fc9163b8665f", @ANYRES16=r3, @ANYBLOB="00042dbd7000fcdbdf25210000000400ae001c00e700264d1c7cf82183356bd3c4a1f6cfda4fe5262abdfffd5c2a"], 0x34}, 0x1, 0x0, 0x0, 0x408c1}, 0xc000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/system/node/has_memory\x00', 0x1ab841, 0x0) read$auto_check_wx_fops_(r1, &(0x7f0000000080)=""/228, 0xe4) mlockall$auto(0x5) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv6/conf/sit0/ioam6_id\x00', 0x88800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x29, 0x5, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x7) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x1}, 0xa, 0x0, 0xc, 0x401}, 0xed7138c}, 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r4 = socket(0x2, 0x80802, 0x0) setsockopt$auto(r4, 0x11, 0x67, 0x0, 0x8) setsockopt$auto(r4, 0x0, 0x42, 0x0, 0x9) connect$auto(0x3, 0x0, 0x55) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x9a6, 0xe000) 4.062433246s ago: executing program 3 (id=2846): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ptyzf\x00', 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r1 = prctl$auto_PR_SET_MM_ARG_END(0x9, 0x9, 0xffffffffffffffff, 0xd, 0x13) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/pci/rescan\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000200)='5', 0x1) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, &(0x7f0000000200)={[0x8, 0x4, 0x2, 0xb, 0x1, 0x9, 0x0, 0x7fff, 0xa, 0x193, 0xfffffffffffffff9, 0x3, 0x5e4, 0x101f, 0x1, 0x1]}, &(0x7f0000000380)={[0x8000000000000001, 0x5, 0x5, 0x10001, 0xe, 0xf, 0x5, 0x3, 0x59fc8000, 0x200006, 0x8000000000000000, 0x3, 0x800, 0x7, 0x1ff, 0x5]}, &(0x7f0000000280)={0x6, 0xc8}) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(r1, 0xfffffffffffff000, 0x4000000000002) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) r4 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/smaps_rollup\x00', 0x1a3000, 0x0) pread64$auto(r4, 0x0, 0x22, 0xc) ioctl$auto(r3, 0x5403, r3) 3.358846848s ago: executing program 0 (id=2847): mmap$auto(0x0, 0x400008, 0xdf, 0x9b76, 0x2, 0x8000) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_ADDR_LEGACY_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000007a00)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010029bd7000fedbdf2519000000"], 0x14}, 0x1, 0x0, 0x0, 0x24044081}, 0x24000800) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_LINK_RESET_STATS(r2, &(0x7f0000003e40)={0x0, 0x0, &(0x7f0000003e00)={&(0x7f000000cf40)={0x18, r3, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x40040050) mmap$auto(0x0, 0xfffffffffffffffe, 0x3, 0xeb3, 0xfffffffffffffffa, 0x0) r4 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x1) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) socket(0x1d, 0x2, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) lsm_set_self_attr$auto(0x9, 0x0, 0x80, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, 0x0, 0x100000a3d9) open_by_handle_at$auto(r4, &(0x7f0000000480)={0x92, 0x1e, "d5cb45bf3a85257cf184925b8dd3c6b4ba2f10e67122cbf74010d219333f2c634c3e01dae068eb200fac11aac7036e00eb07ace5ad056bcdf5bc266f99d6467f70017e9482374eff37af7bbecdc2d6389d2b5e78a50a4210767c870668ddcd0d3ae336ade6a363271b2fbaddc9ae97bf6ad4800dc0e850a5215973a1192b18930549f786880174c404722d369ef05a03034a"}, 0x80000403) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x800, 0x0) socket(0xa, 0x1, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) syz_clone(0x64008180, 0x0, 0x2b, 0x0, 0x0, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r7 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r6, 0x560e, r7) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[], 0x9c0}, 0x1, 0x0, 0x0, 0x400c8cc}, 0x24040854) socket(0x15, 0x5, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0) 2.970583051s ago: executing program 2 (id=2848): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_KVM_GET_SUPPORTED_CPUID(r0, 0xc008ae05, &(0x7f0000000100)={0x3fd, 0x500, [{0x0, 0xffff5a9a, 0x7fffffff, 0x0, 0xf, 0x8, 0x6000}]}) r1 = socket(0x1d, 0x2, 0x6) getsockopt$auto(r1, 0x6a, 0x5, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8001, 0x0) ioctl$auto(r2, 0x401870cc, r2) 2.878180251s ago: executing program 3 (id=2849): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) socket(0x11, 0xa, 0x300) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) syz_clone3(&(0x7f0000000440)={0x44000000, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300)=0x0, {0x23}, &(0x7f0000000340)=""/52, 0x34, &(0x7f0000000380)=""/111, &(0x7f0000000400)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58) r2 = clone3$auto(&(0x7f00000004c0)={0x603eff66, 0xfff, 0x1e07, 0x81, 0xb25, 0x3, 0x4, 0x100000001, 0x1, 0x2, 0x9}, 0x3) r3 = fcntl$auto_F_GETOWN(r0, 0x9, 0x4) r4 = getpgid$auto(0xffffffffffffffff) r5 = getpid() r6 = gettid() rt_tgsigqueueinfo$auto(r5, r6, 0x21, 0x0) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup.net/syz1\x00', 0x200002, 0x0) syz_clone3(&(0x7f00000005c0)={0x330000200, &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000100), {0x22}, &(0x7f0000000140)=""/13, 0xd, &(0x7f0000000180)=""/207, &(0x7f0000000540)=[r1, r2, r3, r4, r6], 0x5, {r7}}, 0x58) 2.601682603s ago: executing program 2 (id=2850): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/tty/console/active\x00', 0x103280, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0) prctl$auto(0x23, 0x7, 0x2008, 0x0, 0x0) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, &(0x7f0000000080)={0x4, 0x0, r0}) ioperm$auto(0x7, 0x1, 0x7) modify_ldt$auto(0x1, 0x0, 0x10) ioperm$auto(0x7, 0x6, 0x2) r2 = gettid() rt_sigqueueinfo$auto(r2, 0x2, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x26, 0xa, 0x7) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000003280)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c00000092b0f58b30a9af58e298f7b447c30d83a63463c9bb0526019f50cde4428cdc6e", @ANYBLOB="100025bd7000fbdbdf250f00000008000300", @ANYRES32=0x0, @ANYBLOB="080039000700000005002e000100"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity$auto(r2, 0x4, &(0x7f0000000240)=0x6) prctl$auto(0x6, 0x2, r2, 0x4, 0xd) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r5, &(0x7f0000000580)={0x0, 0x2100, &(0x7f0000000540)={&(0x7f0000000400)={0x14, r4, 0x1, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) mount$auto(0x0, &(0x7f0000000540)='}[,&*}\x00', &(0x7f0000000040)='nfsd\x00', 0x3, &(0x7f00000003c0)="3dd1fa31") unshare$auto(0x40000080) close_range$auto(r1, 0xa, 0x0) r6 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/exec\x00', 0x101002, 0x0) write$auto_proc_pid_attr_operations_base(r6, &(0x7f0000000200)="a597d9ce635920", 0x7) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0) 2.408400256s ago: executing program 0 (id=2851): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x6, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nlbl_unlbl(0x0, r1) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x400c0) socketpair$auto(0x7, 0x2002, 0x4, 0x0) mmap$auto(0x126acedf, 0x4020009, 0x4ddc, 0x18, 0x401, 0x9f) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x80000, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ioctl$auto(r1, 0x57, r0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00'}) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f00000000c0)={0xfffffffffffffffd, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='2 \x00}', @ANYRES16=r3, @ANYBLOB="080029bd7000fbdbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000844}, 0x4000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006400)=ANY=[@ANYBLOB="04000000", @ANYRES16=0x0, @ANYBLOB="01002ebd5100fbcbdf250100000004000180072e0180"], 0x2e20}, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) r5 = socket(0x8, 0x3, 0x0) getsockopt$auto_SO_DEBUG(r5, 0x4, 0x1, 0x0, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x42a120, 0x0) r6 = getpid() process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) 2.256984651s ago: executing program 3 (id=2852): sendmsg$auto_NETDEV_CMD_QSTATS_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x4c094) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0) socket(0x29, 0x1, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_ADD_RXSC(r0, &(0x7f0000004100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x2c, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x10, 0x2, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x6}]}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040801}, 0x4000040) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/dynamic_debug/control\x00', 0x482, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffffff, &(0x7f0000000040)="96b4de6701141fadbd7071a7783f766db7f7a2477f000ebc5d33f2102c2b539dc742c183a7d945ece677ae6cb4016049055afb8f30111d964443964731b9e1e6312dbb249fce02320e6e45659e569e3b8367c5d0b36c9393043ab8d362ab48a182ad4e1278f1429564599cf7d165806038d058c9bdc8cd986a3d96de720eb3aef95e5212c87eaabb3800d08ecb85f18d0527674e4574", 0x96) writev$auto(r2, &(0x7f0000000240)={&(0x7f0000000180), 0x9}, 0xb) 1.922346409s ago: executing program 3 (id=2853): socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x1e, 0x2, 0x0) getsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.1/usb2/2-0:1.0/usb2-port1/disable\x00', 0x102, 0x0) sendfile$auto(r1, r1, 0x0, 0x7) r2 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r2, 0x0, 0x28) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x9, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x12, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x8, 0xd, 0x2, 0x9488, 0x3, 0x15f4da0d, 0xe, 0x3, 0x4, 0x80000033, 0xfff, 0x6d3e, 0x1, 0x8, 0x6]}, 0x0) 1.27830849s ago: executing program 2 (id=2854): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x14, r1, 0x301, 0x70bd29, 0x25dfdc02}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40) 1.078209228s ago: executing program 1 (id=2855): acct$auto(&(0x7f0000000000)='/dev/tty\x00`Mx\x9d\xfa\xb3\x1f\xc6k\x01\x13\x9b\x15[\xf7\xaan\x1fOgo\xbb(\xcbx\x9bJ\x91*\xa5a\x02\xf3\x1b\x9d\xddy\xef\xee\xe4h\xd5\nH\x80\x8a\xd7Y\xb8\xcb\x90') prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x7f, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0xfffffffffffffff9, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0xfffffffffffffff9, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) (async) socket(0x10, 0x2, 0x0) select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x800000c8c1, 0x9, 0x6, 0x0, 0xb, 0x6, 0x5, 0xa, 0x5, 0x200cf, 0x45, 0x10c, 0x5, 0xb98]}, 0x0, 0x0, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) futex$auto(&(0x7f0000000080)=0x2948, 0x0, 0x2948, 0x0, 0x0, 0x5) (async) futex$auto(&(0x7f0000000080)=0x2948, 0x0, 0x2948, 0x0, 0x0, 0x5) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) futex$auto(&(0x7f0000000080)=0x3, 0x3, 0x0, 0x0, 0x0, 0x440a48d3) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sched_get_priority_min$auto(0x40) (async) sched_get_priority_min$auto(0x40) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x981082, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x1, 0x0) (async) socketpair$auto(0x1e, 0x5, 0x1, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/addr_prefs\x00', 0x102, 0x0) writev$auto(r0, &(0x7f0000000080)={&(0x7f00000000c0)="78302e01e4c45c0c0a1d", 0x6}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_hcd.2/usb3/devspec\x00', 0xa8300, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_hcd.2/usb3/devspec\x00', 0xa8300, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/nbd10/queue/zone_append_max_bytes\x00', 0x80, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/nbd10/queue/zone_append_max_bytes\x00', 0x80, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/image_size\x00', 0x181002, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) socket(0x11, 0x80003, 0x300) 880.123413ms ago: executing program 2 (id=2856): r0 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000440)='/proc/thread-self/mountinfo\x00', 0x800, 0x0) unshare$auto(0x40000080) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/de\xef\xe7auDio1\x00\f\'\x8b\xd9\xfeN\xcd#)\x8c\x89>-o\xd7\x8f$\xac\xfc\xa2\xccm\x0e \xfb\xe5\xe9\x92\xaa\xef\x84$\x84Ia>6pV;{\'\xaa\xbeS\x14\xb6\xd2\xf6\xb7\xcd\xf6P\x05X\x1dK\x18\x99\x02\xb3\x0fY0\x80\x99\xe3\x0e\xa2D\xc0\xecE\x86\xd9J\x9c\xa8\x98\x02\xdb\xf1\x81TMpS\xc5\xab\xa1\x1bG\v>\x03\xf7\xe1\xaf\xe3\x04\xc3 ffF\x0f\xa6}\xa3\xa8\xd1\xe2\xd0QG\xa6\xa6\x8e7\x80\xd9\xd0\xdf\xad\xb1\x15\xca\xbb\xd5j\x94\xc6<\x18\x15\xcc\x8d\x14\xd8\xb8L\x03\xdd~\xe7%\xcb\xdd\xda!\xd45Z\xd0\xfc\x1b\xf0\xe1\xd6:\xd7\xe9N\xc1W\xe3\xae\xe9\xb27>k\xf8\xdf\xe1\xf9\xcc\xcb\v\x01D\xc3\xa9T\xb9UY\xaf\xa4\xe4\xfec\xa3\x9bI@\xb7w\xf8\x14\xc0\xd5\xd5\x95', 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001f80), 0xffffffffffffffff) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) sendmsg$auto_TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)={0x4c8, 0x0, 0x2, 0x70bd29, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x1f4, 0x1, 0x0, 0x1, [@nested={0x1d1, 0xfa, 0x0, 0x1, [@generic="813f2fd340778c88bf4935f8d3588bd5156734e49ca44406088908dcd7fc9e0b7eecce9526c8d300df73760a3d42a648b6d58f1c8d52146255617d3aebb0de22ee46282b1d14e4a931f33e44078c418f9d8981c4dd7d70e56062377f3c29af2938f2acde8e52ba0ae11bb24c1b33a737cb59c66b251840937e6da65bd5423644eb7a4c3da4233d9a14a35a84ddd7f28de48c837cc4384d885bcd8691a004ee74ecfb8a0a8d3e89daf2b4e0bf5edcb2cf964572f4", @typed={0x4, 0xbe}, @generic="0ecd0b8823909290e2c1f7821f326778c60d84a0d399b90804ce687b6e238e35d0632d73d3c66ad853b22d21df1d70b2fd48a4625211c1dcc2487b17ae450adc553128a155e377572b5447e63f778bda1ae740129ca02a7fab0498e3d1f16044c8ed4680591569421d9b2a16b3b5", @nested={0x4, 0x42}, @generic="0b193019682c3bd6890e13516ce6097f4828a1279a9f9d7ca8447ba8816be1b7c7c953bcc140cf80fcf3e514f7c21d11b6c36738cf895653a967164c6d4b566417477683d46377dc4cf176fdf77543b6bfd93c0570e9bf4e772a0a312eea0e0035209007ffe4d69f50334709bce2a477dea84720852b77a2374ac47b8ca331cc69667c3c5c5f27a31f10de6135c46f368025a003fd6b497c0f0ee92c3a8285732f793f"]}, @typed={0x14, 0xc3, 0x0, 0x0, @ipv6=@empty}, @typed={0x8, 0x7d, 0x0, 0x0, @uid}]}, @TIPC_NLA_PUBL={0x200, 0x3, 0x0, 0x1, [@generic="59f846d58376ae6269ffbec7a7325cef11554a70ae9a295bb1e17e2624485277f6019337a441f4e2ddaf92caf26678773fb7294c2f657a5563594372563b00472ea13cf203cd01373d0f3c4e6645cf4cc869dc7e5784008828f87d0b7c7ad24c11c48c290f8e782b2600db4b9d5b47acbf1d3e6a544f2e1e8d6a24825b4f94f78773b8a3e07cc8280669feef21e201bf4fbe9cd4a69fe3b402a19e475ba007875ba0531d8e5049704f2cbca81b294d220586317a1e3268d554dc", @generic="b2c2b7fd19eed6e05036ba9ba0e875f663edbe9da3b162aad004a147fb8a37c70af73af1c803a77fe7bb02a006eb34d8ef794b5281791a71966cdf91d6a2147299314c9e9435331cf8", @generic="f8403b79e78d222d20f0641a2b4391c336ce41268a4f030693fe6aefb1fc2dca819f3ee1b8f88a4bf0fe233b73160bc25aacd154f582d649cb2526ce6168f2e1ce5e7d56fa9e2a7ba100da6f6643a450a2783908dfd3d1ae6c771a25648e571ddb748b8bdff69c0417989f69e7ca5b1581d8bf2bbef6264cace8fd684484c402f02aeabf471e73131036d43d25bc8b51863a32ba42030c17ab91b33e01c554aefbfaa937d6fcaf8e81bbbac5e2b2b176961bd672c361949278cda33fb289ec316b2d290ca7949ea48893d43b50eacd2a3a60106012b831c35ceacb427d63cd4397f21efcee0ad2bc0d51052c17d17db0e6", @typed={0x6, 0xc7, 0x0, 0x0, @str='^\x00'}]}, @TIPC_NLA_UNSPEC={0xc0, 0x0, "f2b7cb0b248d0a9348b58f3cb0efd5200f454f8d9be17dc426615403aa25eefd0515696a67e7430c3fe6ffa44ed3a9cf6982682f666adae3776bc0e1df3a73bdb5c6d5f0894c2cb23ac6a553d9714c8ce5a1bea11798a09362f7c2a9b679fd2c604df64049ace1ce14dd07c22f20ea7ee1c62a695c4e42d25538020c5b23707bb0062c70be80850b319266ddc31420ab511f7322a46a8bd819ef16b012c703953fa40ebfbb7b97a1bfbf87d2466574dbb5829706623efa5e35b45a41"}]}, 0x4c8}, 0x1, 0x0, 0x0, 0x4000040}, 0x4001) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mq_getsetattr$auto(0x3, 0x0, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x810) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x10, 0x9, 0x63, 0x0, 0x0, 0x0, 0x0, 0x40000000000f, 0x1000, 0xfffffffffffffffd, 0x59, 0x5, 0xffffffff7ffffffc, 0x9, 0x7, 0x200000100103}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000440)='/proc/fs/cifs/DebugData\x00', 0x2000, 0x0) pread64$auto(r2, &(0x7f0000000040)='/proc/scsi/sg/devices\x00', 0x10001, 0x3) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r3, 0x0, 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) readahead$auto(r0, 0x7fffffffffffffff, 0x8000) socket(0x9, 0x5, 0x800) mmap$auto(0x0, 0xdf33, 0xe2, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x400008, 0x7fb, 0x80000011, 0x2, 0x208000) madvise$auto(0x0, 0x8, 0x16) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mprotect$auto(0x8, 0x12, 0x4) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x2003f0, 0x15) read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f00000010c0)=""/22, 0x16) 781.405475ms ago: executing program 3 (id=2857): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ptyzf\x00', 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r1 = prctl$auto_PR_SET_MM_ARG_END(0x9, 0x9, 0xffffffffffffffff, 0xd, 0x13) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/pci/rescan\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000200)='5', 0x1) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, &(0x7f0000000200)={[0x8, 0x4, 0x2, 0xb, 0x1, 0x9, 0x0, 0x7fff, 0xa, 0x193, 0xfffffffffffffff9, 0x3, 0x5e4, 0x101f, 0x1, 0x1]}, &(0x7f0000000380)={[0x8000000000000001, 0x5, 0x5, 0x10001, 0xe, 0xf, 0x5, 0x3, 0x59fc8000, 0x200006, 0x8000000000000000, 0x3, 0x800, 0x7, 0x1ff, 0x5]}, &(0x7f0000000280)={0x6, 0xc8}) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(r1, 0xfffffffffffff000, 0x4000000000002) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) r4 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/smaps_rollup\x00', 0x1a3000, 0x0) pread64$auto(r4, 0x0, 0x22, 0xc) ioctl$auto(r3, 0x5403, r3) 474.564579ms ago: executing program 0 (id=2858): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/rose7/queues/rx-0/rps_cpus\x00', 0x1c1002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xe, 0x0, 0x1, 0x0, 0x0, 0x24040004}, 0x44041) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r0, 0x5408, r0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/ip_vs_conn\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000240)="1c520b214b197e", 0x7) unshare$auto(0x40000080) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) close_range$auto(0xffffffffffffffff, r1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = open(&(0x7f0000000140)='./file0\x00', 0x40, 0xa2) write$auto_cachefiles_daemon_fops_internal(r2, &(0x7f0000000040)="05a9986fc1735ed3a0c61c9055e3116914b8702bf81064a062bfc4e669139a1ad2", 0x21) mbind$auto(0x0, 0x7, 0x8, 0x0, 0x6, 0x2) fadvise64$auto_POSIX_FADV_SEQUENTIAL(0xffffffffffffffff, 0xca, 0x7, 0x2) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/seq/queues\x00', 0x200100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40102, 0x0) pread64$auto(r3, 0x0, 0x40000000f42c, 0x585) write$auto(0x3, 0x0, 0xfffffdef) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x9, 0x4000000000df, 0xeb1, 0x4, 0x8000) r4 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r5 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto(r5, 0x0, 0x80000000006) tkill$auto(r4, 0x9) unshare$auto(0x40000080) r6 = socket(0x10, 0x2, 0x0) r7 = syz_genetlink_get_family_id$auto_handshake(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ddffffff", @ANYRES16=r7, @ANYBLOB="c75922bd7000fcdbdf250216aa3b086db916528634000000fed17d5809dc05c37dd93f53b74720c485117da84c61746975fd3db7671d2ef418b29aebf0e3781037ac9321098a23ae3fbf1aa7af46ee881346a925ac409d9a230634e602daf0f08e"], 0x14}}, 0x40810) 0s ago: executing program 2 (id=2859): r0 = socket(0x23, 0x80805, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram11\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r1, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0xf500) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) sysfs$auto(0xfffffffe, 0x10000000000002a, 0x4) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000040), r0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(0xffffffffffffffff, 0x4008af25, 0x0) ioctl$auto(0x3, 0x89e0, 0x38) kernel console output (not intermixed with test programs): e 05/07/2025 [ 677.206731][T15395] Call Trace: [ 677.206741][T15395] [ 677.206753][T15395] dump_stack_lvl+0x16c/0x1f0 [ 677.206808][T15395] should_fail_ex+0x512/0x640 [ 677.206861][T15395] _copy_from_user+0x2e/0xd0 [ 677.206912][T15395] kstrtouint_from_user+0xd6/0x1d0 [ 677.206952][T15395] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 677.206992][T15395] ? __lock_acquire+0xb8a/0x1c90 [ 677.207054][T15395] proc_fail_nth_write+0x83/0x250 [ 677.207095][T15395] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 677.207145][T15395] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 677.207182][T15395] vfs_write+0x29d/0x1150 [ 677.207242][T15395] ? __pfx___mutex_lock+0x10/0x10 [ 677.207291][T15395] ? __pfx_vfs_write+0x10/0x10 [ 677.207350][T15395] ? __fget_files+0x20e/0x3c0 [ 677.207406][T15395] ksys_write+0x12a/0x250 [ 677.207461][T15395] ? __pfx_ksys_write+0x10/0x10 [ 677.207518][T15395] do_syscall_64+0xcd/0x490 [ 677.207570][T15395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.207603][T15395] RIP: 0033:0x7fb56458d3df [ 677.207629][T15395] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 677.207660][T15395] RSP: 002b:00007fb5653d2030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 677.207689][T15395] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb56458d3df [ 677.207709][T15395] RDX: 0000000000000001 RSI: 00007fb5653d20a0 RDI: 0000000000000004 [ 677.207729][T15395] RBP: 00007fb5653d2090 R08: 0000000000000000 R09: 0000000000000000 [ 677.207749][T15395] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 677.207769][T15395] R13: 0000000000000001 R14: 00007fb5647b6080 R15: 00007ffc5a5636f8 [ 677.207811][T15395] [ 677.452352][T15396] warn_alloc: 2 callbacks suppressed [ 677.452367][T15396] syz.2.2146: vmalloc error: size 303104, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 677.487204][T15396] CPU: 0 UID: 0 PID: 15396 Comm: syz.2.2146 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 677.487251][T15396] Tainted: [U]=USER [ 677.487262][T15396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 677.487279][T15396] Call Trace: [ 677.487289][T15396] [ 677.487301][T15396] dump_stack_lvl+0x16c/0x1f0 [ 677.487353][T15396] warn_alloc+0x248/0x3a0 [ 677.487401][T15396] ? __pfx_warn_alloc+0x10/0x10 [ 677.487449][T15396] ? __kmalloc_cache_node_noprof+0x272/0x420 [ 677.487500][T15396] ? __kasan_kmalloc+0x8a/0xb0 [ 677.487545][T15396] ? __get_vm_area_node+0x208/0x330 [ 677.487588][T15396] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 677.487630][T15396] ? find_held_lock+0x2b/0x80 [ 677.487662][T15396] ? is_bpf_text_address+0x8a/0x1a0 [ 677.487714][T15396] ? bpf_ksym_find+0x124/0x1c0 [ 677.487744][T15396] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 677.487789][T15396] ? __kernel_text_address+0xd/0x40 [ 677.487816][T15396] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 677.487852][T15396] ? aa_get_newest_label+0x375/0x680 [ 677.487903][T15396] ? __pfx_aa_get_newest_label+0x10/0x10 [ 677.487941][T15396] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 677.487979][T15396] __vmalloc_node_noprof+0xad/0xf0 [ 677.488018][T15396] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 677.488064][T15396] bpf_prog_alloc_no_stats+0x54/0x630 [ 677.488105][T15396] ? security_capable+0x7e/0x260 [ 677.488138][T15396] bpf_prog_alloc+0x3b/0x230 [ 677.488182][T15396] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 677.488239][T15396] bpf_prog_load+0x1a04/0x2490 [ 677.488310][T15396] ? __pfx_bpf_prog_load+0x10/0x10 [ 677.488384][T15396] ? bpf_lsm_bpf+0x9/0x10 [ 677.488421][T15396] __sys_bpf+0x433c/0x4d80 [ 677.488452][T15396] ? __pfx___sys_bpf+0x10/0x10 [ 677.488478][T15396] ? ksys_write+0x190/0x250 [ 677.488546][T15396] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 677.488619][T15396] ? fput+0x70/0xf0 [ 677.488648][T15396] ? ksys_write+0x1ac/0x250 [ 677.488692][T15396] ? __pfx_ksys_write+0x10/0x10 [ 677.488744][T15396] __x64_sys_bpf+0x78/0xc0 [ 677.488773][T15396] ? lockdep_hardirqs_on+0x7c/0x110 [ 677.488817][T15396] do_syscall_64+0xcd/0x490 [ 677.488864][T15396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.488894][T15396] RIP: 0033:0x7f837e58e929 [ 677.488919][T15396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 677.488950][T15396] RSP: 002b:00007f837f31c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 677.488980][T15396] RAX: ffffffffffffffda RBX: 00007f837e7b6080 RCX: 00007f837e58e929 [ 677.489001][T15396] RDX: 000000000000000a RSI: 0000200000001080 RDI: 0000000000000005 [ 677.489021][T15396] RBP: 00007f837f31c090 R08: 0000000000000000 R09: 0000000000000000 [ 677.489040][T15396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 677.489070][T15396] R13: 0000000000000001 R14: 00007f837e7b6080 R15: 00007ffe2b74c6e8 [ 677.489107][T15396] [ 677.489190][T15396] Mem-Info: [ 677.603592][T15399] random: crng reseeded on system resumption [ 677.801520][T15396] active_anon:13876 inactive_anon:1 isolated_anon:0 [ 677.801520][T15396] active_file:16108 inactive_file:42071 isolated_file:0 [ 677.801520][T15396] unevictable:768 dirty:1261 writeback:0 [ 677.801520][T15396] slab_reclaimable:11640 slab_unreclaimable:99163 [ 677.801520][T15396] mapped:32317 shmem:1956 pagetables:1303 [ 677.801520][T15396] sec_pagetables:0 bounce:0 [ 677.801520][T15396] kernel_misc_reclaimable:0 [ 677.801520][T15396] free:1302601 free_pcp:16395 free_cma:0 [ 677.940803][T15396] Node 0 active_anon:53184kB inactive_anon:4kB active_file:64432kB inactive_file:168080kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:129224kB dirty:5076kB writeback:0kB shmem:3988kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11216kB pagetables:4912kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 678.044378][T15396] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 678.081501][T15396] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 678.110839][T15396] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 678.117031][T15396] Node 0 DMA32 free:1293728kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:53120kB inactive_anon:4kB active_file:64432kB inactive_file:166764kB unevictable:1536kB writepending:5076kB present:3129332kB managed:2540344kB mlocked:0kB bounce:0kB free_pcp:52392kB local_pcp:32000kB free_cma:0kB [ 678.161194][T15396] lowmem_reserve[]: 0 0 1 1 1 [ 678.176601][T15396] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1316kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 678.259009][T15396] lowmem_reserve[]: 0 0 0 0 0 [ 678.270079][T15396] Node 1 Normal free:3902252kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:14240kB local_pcp:9024kB free_cma:0kB [ 678.317657][T15396] lowmem_reserve[]: 0 0 0 0 0 [ 678.364736][T15396] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 678.493334][T15396] Node 0 DMA32: 26*4kB (UME) 769*8kB (UME) 1397*16kB (UME) 877*32kB (UM) 457*64kB (UME) 187*128kB (UME) 85*256kB (UM) 36*512kB (ME) 13*1024kB (ME) 1*2048kB (M) 275*4096kB (UM) = 1291808kB [ 678.513513][T15396] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 678.527915][T15396] Node 1 Normal: 209*4kB (UME) 57*8kB (UME) 58*16kB (UME) 188*32kB (UME) 56*64kB (UME) 10*128kB (UM) 4*256kB (UM) 4*512kB (UM) 3*1024kB (ME) 2*2048kB (ME) 947*4096kB (M) = 3902252kB [ 678.546483][T15396] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 678.556382][T15396] Node 0 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 678.568417][T15396] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 678.578224][T15396] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 678.587911][T15396] 60496 total pagecache pages [ 678.592778][T15396] 1 pages in swap cache [ 678.599344][T15396] Free swap = 124992kB [ 678.603675][T15396] Total swap = 124996kB [ 678.610269][T15396] 2097051 pages RAM [ 678.614256][T15396] 0 pages HighMem/MovableOnly [ 678.620889][T15396] 429987 pages reserved [ 678.625178][T15396] 0 pages cma reserved [ 680.651223][T15423] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2156'. [ 683.591947][T15453] random: crng reseeded on system resumption [ 684.976298][T15475] FAULT_INJECTION: forcing a failure. [ 684.976298][T15475] name failslab, interval 1, probability 0, space 0, times 0 [ 684.999752][T15475] CPU: 1 UID: 0 PID: 15475 Comm: syz.2.2165 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 684.999795][T15475] Tainted: [U]=USER [ 684.999805][T15475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 684.999819][T15475] Call Trace: [ 684.999828][T15475] [ 684.999838][T15475] dump_stack_lvl+0x16c/0x1f0 [ 684.999881][T15475] should_fail_ex+0x512/0x640 [ 684.999922][T15475] should_failslab+0xc2/0x120 [ 684.999948][T15475] __kmalloc_cache_noprof+0x6a/0x3e0 [ 684.999980][T15475] ? __pfx_sctp_get_port_local+0x10/0x10 [ 685.000002][T15475] ? sctp_bind_addr_match+0x193/0x300 [ 685.000035][T15475] ? sctp_add_bind_addr+0xae/0x3f0 [ 685.000074][T15475] sctp_add_bind_addr+0xae/0x3f0 [ 685.000113][T15475] sctp_do_bind+0x2d6/0x700 [ 685.000150][T15475] sctp_inet_listen+0x60b/0xaf0 [ 685.000180][T15475] ? __pfx_sctp_inet_listen+0x10/0x10 [ 685.000212][T15475] ? __pfx_aa_sk_perm+0x10/0x10 [ 685.000243][T15475] ? __fget_files+0x20e/0x3c0 [ 685.000283][T15475] __sys_listen_socket+0x114/0x160 [ 685.000315][T15475] __sys_listen+0xa7/0x130 [ 685.000345][T15475] __x64_sys_listen+0x53/0x80 [ 685.000380][T15475] do_syscall_64+0xcd/0x490 [ 685.000418][T15475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.000443][T15475] RIP: 0033:0x7f837e58e929 [ 685.000463][T15475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 685.000488][T15475] RSP: 002b:00007f837f33d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000032 [ 685.000511][T15475] RAX: ffffffffffffffda RBX: 00007f837e7b5fa0 RCX: 00007f837e58e929 [ 685.000528][T15475] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 685.000542][T15475] RBP: 00007f837f33d090 R08: 0000000000000000 R09: 0000000000000000 [ 685.000557][T15475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 685.000588][T15475] R13: 0000000000000000 R14: 00007f837e7b5fa0 R15: 00007ffe2b74c6e8 [ 685.000622][T15475] [ 685.610633][T15454] Process accounting resumed [ 685.751689][T15487] random: crng reseeded on system resumption [ 685.797683][T15488] FAULT_INJECTION: forcing a failure. [ 685.797683][T15488] name failslab, interval 1, probability 0, space 0, times 0 [ 685.811226][T15488] CPU: 1 UID: 0 PID: 15488 Comm: syz.0.2167 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 685.811286][T15488] Tainted: [U]=USER [ 685.811297][T15488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 685.811318][T15488] Call Trace: [ 685.811329][T15488] [ 685.811342][T15488] dump_stack_lvl+0x16c/0x1f0 [ 685.811395][T15488] should_fail_ex+0x512/0x640 [ 685.811449][T15488] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 685.811498][T15488] should_failslab+0xc2/0x120 [ 685.811530][T15488] __kmalloc_cache_noprof+0x6a/0x3e0 [ 685.811571][T15488] ? __asan_memset+0x23/0x50 [ 685.811613][T15488] ? snd_pcm_oss_change_params_locked+0x6f4/0x3a30 [ 685.811659][T15488] snd_pcm_oss_change_params_locked+0x6f4/0x3a30 [ 685.811708][T15488] ? rcu_is_watching+0x12/0xc0 [ 685.811744][T15488] ? trace_contention_end+0xdd/0x130 [ 685.811796][T15488] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 685.811836][T15488] ? snd_pcm_oss_sync+0x30c/0x840 [ 685.811899][T15488] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 685.811940][T15488] snd_pcm_oss_sync+0x32e/0x840 [ 685.811980][T15488] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 685.812016][T15488] snd_pcm_oss_release+0x28b/0x310 [ 685.812055][T15488] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 685.812090][T15488] __fput+0x3ff/0xb70 [ 685.812132][T15488] task_work_run+0x150/0x240 [ 685.812185][T15488] ? __pfx_task_work_run+0x10/0x10 [ 685.812236][T15488] ? __pfx___do_sys_close_range+0x10/0x10 [ 685.812292][T15488] ? syscall_user_dispatch+0x78/0x140 [ 685.812332][T15488] exit_to_user_mode_loop+0xeb/0x110 [ 685.812388][T15488] do_syscall_64+0x3f6/0x490 [ 685.812442][T15488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.812476][T15488] RIP: 0033:0x7f194f98e929 [ 685.812502][T15488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 685.812535][T15488] RSP: 002b:00007f195086c038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 685.812567][T15488] RAX: 0000000000000000 RBX: 00007f194fbb6080 RCX: 00007f194f98e929 [ 685.812589][T15488] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 685.812610][T15488] RBP: 00007f194fa10ca1 R08: 0000000000000000 R09: 0000000000000000 [ 685.812631][T15488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 685.812652][T15488] R13: 0000000000000000 R14: 00007f194fbb6080 R15: 00007ffd6057c8c8 [ 685.812695][T15488] [ 686.507478][T15495] FAULT_INJECTION: forcing a failure. [ 686.507478][T15495] name fail_futex, interval 1, probability 0, space 0, times 0 [ 686.521081][T15495] CPU: 1 UID: 0 PID: 15495 Comm: syz.3.2169 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 686.521129][T15495] Tainted: [U]=USER [ 686.521139][T15495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 686.521155][T15495] Call Trace: [ 686.521165][T15495] [ 686.521176][T15495] dump_stack_lvl+0x16c/0x1f0 [ 686.521234][T15495] should_fail_ex+0x512/0x640 [ 686.521280][T15495] should_fail_futex+0x4c/0x60 [ 686.521311][T15495] futex_lock_pi_atomic+0x101/0xdb0 [ 686.521358][T15495] futex_lock_pi+0x23d/0x740 [ 686.521402][T15495] ? __pfx_futex_lock_pi+0x10/0x10 [ 686.521434][T15495] ? __futex_wait+0x24c/0x2f0 [ 686.521472][T15495] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 686.521554][T15495] ? __pfx_futex_wake_mark+0x10/0x10 [ 686.521609][T15495] do_futex+0x11a/0x350 [ 686.521641][T15495] ? __pfx_do_futex+0x10/0x10 [ 686.521672][T15495] ? rcu_read_unlock+0x17/0x60 [ 686.521700][T15495] ? __pfx_aa_get_newest_label+0x10/0x10 [ 686.521737][T15495] __x64_sys_futex+0x1e0/0x4c0 [ 686.521778][T15495] ? __pfx___x64_sys_futex+0x10/0x10 [ 686.521815][T15495] ? syscall_user_dispatch+0x78/0x140 [ 686.521852][T15495] do_syscall_64+0xcd/0x490 [ 686.521898][T15495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.521927][T15495] RIP: 0033:0x7fb56458e929 [ 686.521951][T15495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 686.521982][T15495] RSP: 002b:00007fb5653d2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 686.522012][T15495] RAX: ffffffffffffffda RBX: 00007fb5647b6080 RCX: 00007fb56458e929 [ 686.522034][T15495] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 686.522053][T15495] RBP: 00007fb564610ca1 R08: 0000000000000000 R09: 0000000080000001 [ 686.522072][T15495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 686.522091][T15495] R13: 0000000000000000 R14: 00007fb5647b6080 R15: 00007ffc5a5636f8 [ 686.522131][T15495] [ 690.261920][T15535] random: crng reseeded on system resumption [ 690.818244][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.826393][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.094964][T15545] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 691.366284][T15553] netlink: 748 bytes leftover after parsing attributes in process `syz.0.2182'. [ 691.609231][T15556] random: crng reseeded on system resumption [ 692.151443][T15571] random: crng reseeded on system resumption [ 694.054358][T15598] kAFS: Invalid Command on /proc/fs/afs/cells file [ 694.258795][T15601] random: crng reseeded on system resumption [ 696.755376][T15632] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 697.364199][T15636] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2198'. [ 698.351346][ T30] audit: type=1806 audit(6047702267.369:13): xattr=2EC7871B res=-22 [ 698.566020][T15653] random: crng reseeded on system resumption [ 699.683339][T15667] FAULT_INJECTION: forcing a failure. [ 699.683339][T15667] name failslab, interval 1, probability 0, space 0, times 0 [ 699.698483][T15655] FAULT_INJECTION: forcing a failure. [ 699.698483][T15655] name failslab, interval 1, probability 0, space 0, times 0 [ 699.744601][T15655] CPU: 1 UID: 0 PID: 15655 Comm: syz.2.2203 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 699.744657][T15655] Tainted: [U]=USER [ 699.744666][T15655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 699.744679][T15655] Call Trace: [ 699.744687][T15655] [ 699.744696][T15655] dump_stack_lvl+0x16c/0x1f0 [ 699.744736][T15655] should_fail_ex+0x512/0x640 [ 699.744770][T15655] ? __kvmalloc_node_noprof+0x124/0x620 [ 699.744808][T15655] should_failslab+0xc2/0x120 [ 699.744837][T15655] __kvmalloc_node_noprof+0x137/0x620 [ 699.744872][T15655] ? alloc_fdtable+0x158/0x2b0 [ 699.744908][T15655] ? alloc_fdtable+0x158/0x2b0 [ 699.744936][T15655] alloc_fdtable+0x158/0x2b0 [ 699.744968][T15655] dup_fd+0x83b/0xb90 [ 699.745003][T15655] ? apparmor_task_alloc+0x2c2/0x3b0 [ 699.745030][T15655] copy_process+0x230c/0x7650 [ 699.745060][T15655] ? __pfx___futex_wait+0x10/0x10 [ 699.745094][T15655] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 699.745135][T15655] ? __pfx_copy_process+0x10/0x10 [ 699.745166][T15655] ? find_held_lock+0x2b/0x80 [ 699.745201][T15655] kernel_clone+0xfc/0x960 [ 699.745233][T15655] ? __pfx_kernel_clone+0x10/0x10 [ 699.745278][T15655] __do_sys_clone+0xce/0x120 [ 699.745308][T15655] ? __pfx___do_sys_clone+0x10/0x10 [ 699.745351][T15655] ? xfd_validate_state+0x61/0x180 [ 699.745392][T15655] do_syscall_64+0xcd/0x490 [ 699.745429][T15655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.745453][T15655] RIP: 0033:0x7f837e58e929 [ 699.745471][T15655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 699.745494][T15655] RSP: 002b:00007f837f33d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 699.745515][T15655] RAX: ffffffffffffffda RBX: 00007f837e7b5fa0 RCX: 00007f837e58e929 [ 699.745531][T15655] RDX: 0000200000000340 RSI: 0000000000000001 RDI: 0000000000000001 [ 699.745545][T15655] RBP: 00007f837e610ca1 R08: 0000000000000000 R09: 0000000000000000 [ 699.745559][T15655] R10: 0000200000000380 R11: 0000000000000246 R12: 0000000000000000 [ 699.745573][T15655] R13: 0000000000000000 R14: 00007f837e7b5fa0 R15: 00007ffe2b74c6e8 [ 699.745602][T15655] [ 700.247377][T15667] CPU: 1 UID: 0 PID: 15667 Comm: syz.1.2204 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 700.247436][T15667] Tainted: [U]=USER [ 700.247447][T15667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 700.247468][T15667] Call Trace: [ 700.247479][T15667] [ 700.247493][T15667] dump_stack_lvl+0x16c/0x1f0 [ 700.247555][T15667] should_fail_ex+0x512/0x640 [ 700.247601][T15667] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 700.247656][T15667] should_failslab+0xc2/0x120 [ 700.247688][T15667] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 700.247737][T15667] ? alloc_empty_file+0x55/0x1e0 [ 700.247787][T15667] alloc_empty_file+0x55/0x1e0 [ 700.247824][T15667] path_openat+0xda/0x2cb0 [ 700.247869][T15667] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 700.247919][T15667] ? __pfx_path_openat+0x10/0x10 [ 700.247970][T15667] ? __lock_acquire+0xb8a/0x1c90 [ 700.248019][T15667] do_filp_open+0x20b/0x470 [ 700.248068][T15667] ? __pfx_do_filp_open+0x10/0x10 [ 700.248147][T15667] ? alloc_fd+0x471/0x7d0 [ 700.248204][T15667] do_sys_openat2+0x11b/0x1d0 [ 700.248243][T15667] ? __pfx_do_sys_openat2+0x10/0x10 [ 700.248299][T15667] __x64_sys_openat+0x174/0x210 [ 700.248339][T15667] ? __pfx___x64_sys_openat+0x10/0x10 [ 700.248397][T15667] do_syscall_64+0xcd/0x490 [ 700.248451][T15667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 700.248485][T15667] RIP: 0033:0x7f39f5f8e929 [ 700.248526][T15667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 700.248559][T15667] RSP: 002b:00007f39f6d6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 700.248591][T15667] RAX: ffffffffffffffda RBX: 00007f39f61b5fa0 RCX: 00007f39f5f8e929 [ 700.248613][T15667] RDX: 0000000000002841 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 700.248634][T15667] RBP: 00007f39f6010ca1 R08: 0000000000000000 R09: 0000000000000000 [ 700.248654][T15667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 700.248674][T15667] R13: 0000000000000000 R14: 00007f39f61b5fa0 R15: 00007ffc47a86958 [ 700.248714][T15667] [ 703.235135][T15699] FAULT_INJECTION: forcing a failure. [ 703.235135][T15699] name failslab, interval 1, probability 0, space 0, times 0 [ 703.380532][T15699] CPU: 0 UID: 0 PID: 15699 Comm: syz.3.2211 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 703.380584][T15699] Tainted: [U]=USER [ 703.380595][T15699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 703.380613][T15699] Call Trace: [ 703.380624][T15699] [ 703.380636][T15699] dump_stack_lvl+0x16c/0x1f0 [ 703.380686][T15699] should_fail_ex+0x512/0x640 [ 703.380731][T15699] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 703.380784][T15699] should_failslab+0xc2/0x120 [ 703.380815][T15699] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 703.380866][T15699] ? fib_rules_register+0x30/0x500 [ 703.380917][T15699] kmemdup_noprof+0x29/0x60 [ 703.380963][T15699] fib_rules_register+0x30/0x500 [ 703.381016][T15699] fib4_rules_init+0x1f/0x1c0 [ 703.381061][T15699] fib_net_init+0x1dc/0x3f0 [ 703.381097][T15699] ? __pfx___register_sysctl_table+0x10/0x10 [ 703.381159][T15699] ? __pfx_fib_net_init+0x10/0x10 [ 703.381192][T15699] ? lockdep_init_map_type+0x5c/0x280 [ 703.381239][T15699] ? do_init_timer+0xc9/0x110 [ 703.381280][T15699] ? devinet_init_net+0x5c2/0x910 [ 703.381322][T15699] ? __pfx_fib_net_init+0x10/0x10 [ 703.381354][T15699] ops_init+0x1e2/0x5f0 [ 703.381407][T15699] setup_net+0x1ff/0x510 [ 703.381455][T15699] ? lockdep_init_map_type+0x5c/0x280 [ 703.381501][T15699] ? __pfx_setup_net+0x10/0x10 [ 703.381552][T15699] ? debug_mutex_init+0x37/0x70 [ 703.381590][T15699] copy_net_ns+0x2a6/0x5f0 [ 703.381626][T15699] create_new_namespaces+0x3ea/0xa90 [ 703.381666][T15699] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 703.381694][T15699] ksys_unshare+0x45b/0xa40 [ 703.381725][T15699] ? __pfx_ksys_unshare+0x10/0x10 [ 703.381758][T15699] ? syscall_user_dispatch+0x78/0x140 [ 703.381785][T15699] __x64_sys_unshare+0x31/0x40 [ 703.381815][T15699] do_syscall_64+0xcd/0x490 [ 703.381851][T15699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.381873][T15699] RIP: 0033:0x7fb56458e929 [ 703.381891][T15699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.381912][T15699] RSP: 002b:00007fb5653f3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 703.381933][T15699] RAX: ffffffffffffffda RBX: 00007fb5647b5fa0 RCX: 00007fb56458e929 [ 703.381947][T15699] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 703.381961][T15699] RBP: 00007fb564610ca1 R08: 0000000000000000 R09: 0000000000000000 [ 703.381975][T15699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 703.381987][T15699] R13: 0000000000000000 R14: 00007fb5647b5fa0 R15: 00007ffc5a5636f8 [ 703.382014][T15699] [ 705.601341][T15728] usb usb2: usbfs: process 15728 (syz.3.2217) did not claim interface 1 before use [ 705.630807][T15730] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2218'. [ 707.273734][T15748] db_root: cannot open: x [ 708.266667][T10588] Bluetooth: hci1: unexpected event 0x09 length: 440 > 3 [ 710.730724][T15788] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2230'. [ 711.968032][T15803] random: crng reseeded on system resumption [ 712.563953][T15813] random: crng reseeded on system resumption [ 713.104698][T15822] random: crng reseeded on system resumption [ 715.783095][T15865] random: crng reseeded on system resumption [ 716.882618][T15879] FAULT_INJECTION: forcing a failure. [ 716.882618][T15879] name failslab, interval 1, probability 0, space 0, times 0 [ 716.901316][T15879] CPU: 1 UID: 0 PID: 15879 Comm: syz.3.2249 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 716.901354][T15879] Tainted: [U]=USER [ 716.901362][T15879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 716.901376][T15879] Call Trace: [ 716.901384][T15879] [ 716.901394][T15879] dump_stack_lvl+0x16c/0x1f0 [ 716.901433][T15879] should_fail_ex+0x512/0x640 [ 716.901466][T15879] ? fs_reclaim_acquire+0xae/0x150 [ 716.901495][T15879] ? tomoyo_encode2+0x100/0x3e0 [ 716.901525][T15879] should_failslab+0xc2/0x120 [ 716.901547][T15879] __kmalloc_noprof+0xd2/0x510 [ 716.901581][T15879] ? d_absolute_path+0x136/0x1a0 [ 716.901610][T15879] tomoyo_encode2+0x100/0x3e0 [ 716.901646][T15879] tomoyo_encode+0x29/0x50 [ 716.901687][T15879] tomoyo_realpath_from_path+0x18f/0x6e0 [ 716.901725][T15879] tomoyo_path_number_perm+0x245/0x580 [ 716.901750][T15879] ? tomoyo_path_number_perm+0x237/0x580 [ 716.901778][T15879] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 716.901805][T15879] ? find_held_lock+0x2b/0x80 [ 716.901850][T15879] ? find_held_lock+0x2b/0x80 [ 716.901871][T15879] ? hook_file_ioctl_common+0x145/0x410 [ 716.901900][T15879] ? __fget_files+0x20e/0x3c0 [ 716.901940][T15879] security_file_ioctl+0x9b/0x240 [ 716.901968][T15879] __x64_sys_ioctl+0xb7/0x210 [ 716.901995][T15879] do_syscall_64+0xcd/0x490 [ 716.902030][T15879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 716.902052][T15879] RIP: 0033:0x7fb56458e929 [ 716.902069][T15879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 716.902090][T15879] RSP: 002b:00007fb5653d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 716.902110][T15879] RAX: ffffffffffffffda RBX: 00007fb5647b6080 RCX: 00007fb56458e929 [ 716.902124][T15879] RDX: 0000200000000100 RSI: 00000000c008ae05 RDI: 0000000000000004 [ 716.902138][T15879] RBP: 00007fb5653d2090 R08: 0000000000000000 R09: 0000000000000000 [ 716.902151][T15879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 716.902164][T15879] R13: 0000000000000000 R14: 00007fb5647b6080 R15: 00007ffc5a5636f8 [ 716.902190][T15879] [ 716.902208][T15879] ERROR: Out of memory at tomoyo_realpath_from_path. [ 717.225690][T15853] Process accounting paused [ 717.331524][T15884] ptrace attach of "./syz-executor exec"[5854] was attempted by "./syz-executor exec"[15884] [ 717.455070][T15884] sd 0:0:1:0: device reset [ 717.477735][T15891] netlink: 756 bytes leftover after parsing attributes in process `syz.0.2251'. [ 718.643124][T15910] random: crng reseeded on system resumption [ 718.892710][T15919] random: crng reseeded on system resumption [ 720.368816][T15941] FAULT_INJECTION: forcing a failure. [ 720.368816][T15941] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 720.383416][T15941] CPU: 1 UID: 0 PID: 15941 Comm: syz.1.2264 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 720.383465][T15941] Tainted: [U]=USER [ 720.383477][T15941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 720.383495][T15941] Call Trace: [ 720.383507][T15941] [ 720.383520][T15941] dump_stack_lvl+0x16c/0x1f0 [ 720.383574][T15941] should_fail_ex+0x512/0x640 [ 720.383627][T15941] _copy_from_user+0x2e/0xd0 [ 720.383680][T15941] core_sys_select+0x35b/0xc10 [ 720.383735][T15941] ? __pfx_core_sys_select+0x10/0x10 [ 720.383790][T15941] ? proc_fail_nth_write+0x9f/0x250 [ 720.383866][T15941] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 720.383931][T15941] kern_select+0x15d/0x1e0 [ 720.383976][T15941] ? __pfx_kern_select+0x10/0x10 [ 720.384028][T15941] ? __pfx_ksys_write+0x10/0x10 [ 720.384083][T15941] __x64_sys_select+0xbd/0x160 [ 720.384126][T15941] ? do_syscall_64+0x91/0x490 [ 720.384175][T15941] ? lockdep_hardirqs_on+0x7c/0x110 [ 720.384223][T15941] do_syscall_64+0xcd/0x490 [ 720.384283][T15941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.384318][T15941] RIP: 0033:0x7f39f5f8e929 [ 720.384345][T15941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 720.384377][T15941] RSP: 002b:00007f39f3db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 720.384409][T15941] RAX: ffffffffffffffda RBX: 00007f39f61b6400 RCX: 00007f39f5f8e929 [ 720.384431][T15941] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 720.384452][T15941] RBP: 00007f39f3db4090 R08: 0000000000000000 R09: 0000000000000000 [ 720.384473][T15941] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 720.384494][T15941] R13: 0000000000000001 R14: 00007f39f61b6400 R15: 00007ffc47a86958 [ 720.384550][T15941] [ 721.697645][T15960] random: crng reseeded on system resumption [ 723.027244][T15979] random: crng reseeded on system resumption [ 724.081331][T15996] random: crng reseeded on system resumption [ 724.842630][T15999] random: crng reseeded on system resumption [ 725.919214][T16024] random: crng reseeded on system resumption [ 726.566896][T16029] FAULT_INJECTION: forcing a failure. [ 726.566896][T16029] name failslab, interval 1, probability 0, space 0, times 0 [ 726.626531][T16029] CPU: 1 UID: 0 PID: 16029 Comm: syz.3.2283 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 726.626586][T16029] Tainted: [U]=USER [ 726.626594][T16029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 726.626614][T16029] Call Trace: [ 726.626622][T16029] [ 726.626631][T16029] dump_stack_lvl+0x16c/0x1f0 [ 726.626669][T16029] should_fail_ex+0x512/0x640 [ 726.626712][T16029] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 726.626748][T16029] should_failslab+0xc2/0x120 [ 726.626768][T16029] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 726.626801][T16029] ? security_file_alloc+0x34/0x2b0 [ 726.626833][T16029] security_file_alloc+0x34/0x2b0 [ 726.626860][T16029] init_file+0x93/0x4c0 [ 726.626882][T16029] alloc_empty_file+0x73/0x1e0 [ 726.626905][T16029] path_openat+0xda/0x2cb0 [ 726.626934][T16029] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.626965][T16029] ? __pfx_path_openat+0x10/0x10 [ 726.626997][T16029] ? __lock_acquire+0xb8a/0x1c90 [ 726.627030][T16029] do_filp_open+0x20b/0x470 [ 726.627061][T16029] ? __pfx_do_filp_open+0x10/0x10 [ 726.627110][T16029] ? alloc_fd+0x471/0x7d0 [ 726.627146][T16029] do_sys_openat2+0x11b/0x1d0 [ 726.627170][T16029] ? __pfx_do_sys_openat2+0x10/0x10 [ 726.627203][T16029] __x64_sys_openat+0x174/0x210 [ 726.627228][T16029] ? __pfx___x64_sys_openat+0x10/0x10 [ 726.627263][T16029] do_syscall_64+0xcd/0x490 [ 726.627297][T16029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.627317][T16029] RIP: 0033:0x7fb56458d290 [ 726.627333][T16029] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 726.627355][T16029] RSP: 002b:00007fb5653f2fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 726.627375][T16029] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fb56458d290 [ 726.627389][T16029] RDX: 0000000000000002 RSI: 00007fb564610f86 RDI: 00000000ffffff9c [ 726.627402][T16029] RBP: 00007fb564610f86 R08: 0000000000000000 R09: 00007fb5653f4000 [ 726.627415][T16029] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 726.627428][T16029] R13: 0000000000000000 R14: 00007fb5647b5fa0 R15: 00007ffc5a5636f8 [ 726.627454][T16029] [ 726.928181][T16032] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2284'. [ 728.346909][T16052] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2288'. [ 732.853084][T16105] bond0: option mode: unable to set because the bond device is up [ 733.344031][T16117] ptrace attach of "./syz-executor exec"[5843] was attempted by ""[16117] [ 733.370885][T16116] random: crng reseeded on system resumption [ 734.666325][T16134] random: crng reseeded on system resumption [ 735.893635][T16147] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2311'. [ 735.967040][T16151] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2313'. [ 736.022108][T16154] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2311'. [ 736.218784][T16158] random: crng reseeded on system resumption [ 737.236715][T16181] netlink: 'syz.3.2320': attribute type 1 has an invalid length. [ 739.342226][T16215] FAULT_INJECTION: forcing a failure. [ 739.342226][T16215] name failslab, interval 1, probability 0, space 0, times 0 [ 739.402738][T16215] CPU: 1 UID: 0 PID: 16215 Comm: syz.2.2329 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 739.402792][T16215] Tainted: [U]=USER [ 739.402804][T16215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 739.402824][T16215] Call Trace: [ 739.402836][T16215] [ 739.402849][T16215] dump_stack_lvl+0x16c/0x1f0 [ 739.402905][T16215] should_fail_ex+0x512/0x640 [ 739.402952][T16215] ? __kmalloc_noprof+0xbf/0x510 [ 739.403006][T16215] ? lsm_blob_alloc+0x68/0x90 [ 739.403054][T16215] should_failslab+0xc2/0x120 [ 739.403085][T16215] __kmalloc_noprof+0xd2/0x510 [ 739.403144][T16215] lsm_blob_alloc+0x68/0x90 [ 739.403194][T16215] security_sk_alloc+0x30/0x270 [ 739.403232][T16215] sk_prot_alloc+0x1c7/0x2a0 [ 739.403270][T16215] sk_alloc+0x36/0xc20 [ 739.403323][T16215] __netlink_create+0x5e/0x2c0 [ 739.403393][T16215] __netlink_kernel_create+0xed/0x750 [ 739.403432][T16215] ? __pfx___netlink_kernel_create+0x10/0x10 [ 739.403473][T16215] ? proc_create_reg+0xe3/0x180 [ 739.403517][T16215] xfrm_user_net_init+0xc6/0x190 [ 739.403557][T16215] ? __pfx_xfrm_user_net_init+0x10/0x10 [ 739.403600][T16215] ? __pfx_xfrm_netlink_rcv+0x10/0x10 [ 739.403641][T16215] ? __pfx_tls_init_net+0x10/0x10 [ 739.403694][T16215] ? tls_proc_init+0x58/0x70 [ 739.403738][T16215] ? __pfx_xfrm_user_net_init+0x10/0x10 [ 739.403775][T16215] ops_init+0x1e2/0x5f0 [ 739.403833][T16215] setup_net+0x1ff/0x510 [ 739.403885][T16215] ? lockdep_init_map_type+0x5c/0x280 [ 739.403935][T16215] ? __pfx_setup_net+0x10/0x10 [ 739.403990][T16215] ? debug_mutex_init+0x37/0x70 [ 739.404031][T16215] copy_net_ns+0x2a6/0x5f0 [ 739.404071][T16215] create_new_namespaces+0x3ea/0xa90 [ 739.404121][T16215] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 739.404165][T16215] ksys_unshare+0x45b/0xa40 [ 739.404213][T16215] ? __pfx_ksys_unshare+0x10/0x10 [ 739.404263][T16215] ? xfd_validate_state+0x61/0x180 [ 739.404323][T16215] __x64_sys_unshare+0x31/0x40 [ 739.404369][T16215] do_syscall_64+0xcd/0x490 [ 739.404427][T16215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.404462][T16215] RIP: 0033:0x7f837e58e929 [ 739.404501][T16215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 739.404541][T16215] RSP: 002b:00007f837f33d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 739.404574][T16215] RAX: ffffffffffffffda RBX: 00007f837e7b5fa0 RCX: 00007f837e58e929 [ 739.404597][T16215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 739.404618][T16215] RBP: 00007f837e610ca1 R08: 0000000000000000 R09: 0000000000000000 [ 739.404640][T16215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 739.404661][T16215] R13: 0000000000000000 R14: 00007f837e7b5fa0 R15: 00007ffe2b74c6e8 [ 739.404703][T16215] [ 740.039228][T16218] FAULT_INJECTION: forcing a failure. [ 740.039228][T16218] name failslab, interval 1, probability 0, space 0, times 0 [ 740.092686][T16218] CPU: 1 UID: 0 PID: 16218 Comm: syz.3.2331 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 740.092726][T16218] Tainted: [U]=USER [ 740.092733][T16218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 740.092746][T16218] Call Trace: [ 740.092753][T16218] [ 740.092761][T16218] dump_stack_lvl+0x16c/0x1f0 [ 740.092818][T16218] should_fail_ex+0x512/0x640 [ 740.092855][T16218] should_failslab+0xc2/0x120 [ 740.092878][T16218] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 740.092914][T16218] ? skb_clone+0x190/0x3f0 [ 740.092952][T16218] skb_clone+0x190/0x3f0 [ 740.092987][T16218] netlink_deliver_tap+0xabd/0xd30 [ 740.093031][T16218] netlink_dump+0xa3b/0xd00 [ 740.093055][T16218] ? __pfx_netlink_dump+0x10/0x10 [ 740.093085][T16218] ? __asan_memset+0x23/0x50 [ 740.093115][T16218] ? genl_start+0x67f/0x980 [ 740.093144][T16218] __netlink_dump_start+0x6d6/0x990 [ 740.093176][T16218] genl_family_rcv_msg_dumpit+0x1e2/0x2e0 [ 740.093208][T16218] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 740.093238][T16218] ? genl_op_from_small+0x25/0x440 [ 740.093274][T16218] ? __pfx_genl_get_cmd+0x10/0x10 [ 740.093303][T16218] ? __pfx_genl_start+0x10/0x10 [ 740.093351][T16218] ? __pfx_genl_dumpit+0x10/0x10 [ 740.093380][T16218] ? __pfx_genl_done+0x10/0x10 [ 740.093413][T16218] ? __radix_tree_lookup+0x21f/0x2c0 [ 740.093450][T16218] genl_rcv_msg+0x46e/0x800 [ 740.093481][T16218] ? __pfx_genl_rcv_msg+0x10/0x10 [ 740.093510][T16218] ? __pfx_batadv_netlink_dump_hardif+0x10/0x10 [ 740.093554][T16218] netlink_rcv_skb+0x155/0x420 [ 740.093578][T16218] ? __pfx_genl_rcv_msg+0x10/0x10 [ 740.093607][T16218] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 740.093652][T16218] genl_rcv+0x28/0x40 [ 740.093676][T16218] netlink_unicast+0x58d/0x850 [ 740.093707][T16218] ? __pfx_netlink_unicast+0x10/0x10 [ 740.093740][T16218] netlink_sendmsg+0x8d1/0xdd0 [ 740.093769][T16218] ? __pfx_netlink_sendmsg+0x10/0x10 [ 740.093804][T16218] ____sys_sendmsg+0xa95/0xc70 [ 740.093832][T16218] ? copy_msghdr_from_user+0x10a/0x160 [ 740.093867][T16218] ? __pfx_____sys_sendmsg+0x10/0x10 [ 740.093907][T16218] ___sys_sendmsg+0x134/0x1d0 [ 740.093944][T16218] ? __pfx____sys_sendmsg+0x10/0x10 [ 740.093976][T16218] ? __lock_acquire+0x622/0x1c90 [ 740.094045][T16218] __sys_sendmsg+0x16d/0x220 [ 740.094081][T16218] ? __pfx___sys_sendmsg+0x10/0x10 [ 740.094135][T16218] do_syscall_64+0xcd/0x490 [ 740.094178][T16218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.094203][T16218] RIP: 0033:0x7fb56458e929 [ 740.094222][T16218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 740.094245][T16218] RSP: 002b:00007fb5653f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 740.094267][T16218] RAX: ffffffffffffffda RBX: 00007fb5647b5fa0 RCX: 00007fb56458e929 [ 740.094283][T16218] RDX: 0000000004008000 RSI: 0000200000000980 RDI: 0000000000000003 [ 740.094298][T16218] RBP: 00007fb5653f3090 R08: 0000000000000000 R09: 0000000000000000 [ 740.094313][T16218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 740.094327][T16218] R13: 0000000000000000 R14: 00007fb5647b5fa0 R15: 00007ffc5a5636f8 [ 740.094357][T16218] [ 741.001534][T16223] random: crng reseeded on system resumption [ 743.486354][T16248] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2337'. [ 743.663893][T16250] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 743.828292][T16252] .SR: entered promiscuous mode [ 743.888041][T16250] Invalid ELF header magic: != ELF [ 744.317354][T16251] could not allocate digest TFM handle [ 744.327840][T16266] netlink: 700 bytes leftover after parsing attributes in process `syz.0.2340'. [ 744.389558][T16250] could not allocate digest TFM handle [ 745.643741][T16282] loop6: detected capacity change from 0 to 8 [ 746.876103][T16302] ubi0: attaching mtd0 [ 746.899909][T16302] ubi0 error: validate_ec_hdr: bad VID header offset 64, expected 514 [ 746.913929][T16302] ubi0 error: validate_ec_hdr: bad EC header [ 746.961707][T16302] Erase counter header dump: [ 746.978218][T16302] magic 0x55424923 [ 747.008086][T16302] version 1 [ 747.012465][T16302] ec 1 [ 747.048012][T16302] vid_hdr_offset 64 [ 747.058923][T16302] data_offset 128 [ 747.070666][T16302] image_seq 1061835135 [ 747.095569][T16302] hdr_crc 0x71c06b17 [ 747.119274][T16302] erase counter header hexdump: [ 747.191261][T16302] CPU: 0 UID: 0 PID: 16302 Comm: syz.1.2349 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 747.191303][T16302] Tainted: [U]=USER [ 747.191311][T16302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 747.191325][T16302] Call Trace: [ 747.191333][T16302] [ 747.191342][T16302] dump_stack_lvl+0x16c/0x1f0 [ 747.191381][T16302] validate_ec_hdr+0x28c/0x330 [ 747.191425][T16302] ubi_io_read_ec_hdr+0x63b/0x6c0 [ 747.191462][T16302] ubi_attach+0x5e7/0x4bd0 [ 747.191496][T16302] ? irqentry_exit+0x3b/0x90 [ 747.191530][T16302] ? lockdep_hardirqs_on+0x7c/0x110 [ 747.191564][T16302] ? __pfx_ubi_attach+0x10/0x10 [ 747.191589][T16302] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 747.191614][T16302] ? __vmalloc_node_noprof+0xad/0xf0 [ 747.191644][T16302] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 747.191672][T16302] ubi_attach_mtd_dev+0x15a7/0x35d0 [ 747.191710][T16302] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 747.191735][T16302] ? __pfx_get_mtd_device+0x10/0x10 [ 747.191776][T16302] ctrl_cdev_ioctl+0x337/0x3d0 [ 747.191802][T16302] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 747.191835][T16302] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 747.191862][T16302] __x64_sys_ioctl+0x18b/0x210 [ 747.191893][T16302] do_syscall_64+0xcd/0x490 [ 747.191931][T16302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.191954][T16302] RIP: 0033:0x7f39f5f8e929 [ 747.191973][T16302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 747.191996][T16302] RSP: 002b:00007f39f6d6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 747.192018][T16302] RAX: ffffffffffffffda RBX: 00007f39f61b5fa0 RCX: 00007f39f5f8e929 [ 747.192034][T16302] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000003 [ 747.192048][T16302] RBP: 00007f39f6010ca1 R08: 0000000000000000 R09: 0000000000000000 [ 747.192063][T16302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 747.192077][T16302] R13: 0000000000000000 R14: 00007f39f61b5fa0 R15: 00007ffc47a86958 [ 747.192105][T16302] [ 747.192115][T16302] ubi0 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 747.504564][T16302] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 748.140533][T16316] Process accounting resumed [ 749.189897][T16334] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 749.198628][T16334] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 749.206747][T16334] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 749.220509][T16334] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 749.228349][T16334] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 750.000182][T16332] chnl_net:caif_netlink_parms(): no params data found [ 750.456784][T11204] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 750.558893][T16350] random: crng reseeded on system resumption [ 750.570220][T16348] syz.1.2354 (16348): /proc/16347/oom_adj is deprecated, please use /proc/16347/oom_score_adj instead. [ 750.594367][T16332] bridge0: port 1(bridge_slave_0) entered blocking state [ 750.620302][T16332] bridge0: port 1(bridge_slave_0) entered disabled state [ 750.637101][T16332] bridge_slave_0: entered allmulticast mode [ 750.662046][T16332] bridge_slave_0: entered promiscuous mode [ 750.765183][T11204] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 750.818226][T16332] bridge0: port 2(bridge_slave_1) entered blocking state [ 750.868455][T16332] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.876035][T16332] bridge_slave_1: entered allmulticast mode [ 750.884218][T16332] bridge_slave_1: entered promiscuous mode [ 751.000369][T11204] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.197265][T16332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 751.280433][T11204] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.318776][T16332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 751.451513][T16334] Bluetooth: hci4: command tx timeout [ 751.559853][T16332] team0: Port device team_slave_0 added [ 751.577192][T16332] team0: Port device team_slave_1 added [ 751.730230][T16361] random: crng reseeded on system resumption [ 751.737356][T16332] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 751.747021][T16332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 751.784802][T16332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 751.808613][T16332] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 751.820202][T16332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 751.854883][T16332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 752.255640][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.262114][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.300517][T16332] hsr_slave_0: entered promiscuous mode [ 752.316612][T16332] hsr_slave_1: entered promiscuous mode [ 752.323000][T16370] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2359'. [ 752.377163][T11204] netdevsim netdevsim15 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.798100][T16379] random: crng reseeded on system resumption [ 752.913862][T16381] usb usb2: usbfs: process 16381 (syz.3.2361) did not claim interface 1 before use [ 752.975544][T11204] bridge_slave_1: left allmulticast mode [ 752.981578][T11204] bridge_slave_1: left promiscuous mode [ 752.988949][T11204] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.005063][T11204] bridge_slave_0: left allmulticast mode [ 753.021273][T11204] bridge_slave_0: left promiscuous mode [ 753.032050][T11204] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.542292][T16334] Bluetooth: hci4: command tx timeout [ 754.784076][T11204] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 754.793011][T16406] can: request_module (can-proto-3) failed. [ 754.892992][T11204] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 754.925948][T11204] bond0 (unregistering): Released all slaves [ 755.118161][T16410] random: crng reseeded on system resumption [ 755.329394][T11204] : left promiscuous mode [ 755.611500][T16334] Bluetooth: hci4: command tx timeout [ 757.691590][T16334] Bluetooth: hci4: command tx timeout [ 757.861981][T16460] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2371'. [ 758.034268][T16332] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 758.132672][T16332] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 758.269680][T11204] hsr_slave_0: left promiscuous mode [ 758.402814][T11204] hsr_slave_1: left promiscuous mode [ 758.417942][T11204] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 758.462329][T11204] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 758.493773][T11204] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 758.514561][T11204] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 758.677178][T11204] veth1_macvtap: left promiscuous mode [ 758.683482][T11204] veth0_macvtap: left promiscuous mode [ 758.689207][T11204] veth1_vlan: left promiscuous mode [ 758.694810][T11204] veth0_vlan: left promiscuous mode [ 759.905739][T16479] random: crng reseeded on system resumption [ 760.293954][T11204] team0 (unregistering): Port device team_slave_1 removed [ 760.393365][T11204] team0 (unregistering): Port device team_slave_0 removed [ 760.449781][T16483] random: crng reseeded on system resumption [ 761.190244][T16489] random: crng reseeded on system resumption [ 761.245190][T16332] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 761.259027][T16332] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 762.027658][T16332] 8021q: adding VLAN 0 to HW filter on device bond0 [ 762.096344][T16503] netlink: 728 bytes leftover after parsing attributes in process `syz.3.2378'. [ 762.115155][T16332] 8021q: adding VLAN 0 to HW filter on device team0 [ 762.206005][T10804] bridge0: port 1(bridge_slave_0) entered blocking state [ 762.213208][T10804] bridge0: port 1(bridge_slave_0) entered forwarding state [ 762.255648][T10804] bridge0: port 2(bridge_slave_1) entered blocking state [ 762.262812][T10804] bridge0: port 2(bridge_slave_1) entered forwarding state [ 762.695341][T16522] openvswitch: netlink: IP tunnel dst address not specified [ 762.957054][T16332] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 764.190332][T16332] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 764.424544][T16332] veth0_vlan: entered promiscuous mode [ 764.497057][T16557] FAULT_INJECTION: forcing a failure. [ 764.497057][T16557] name failslab, interval 1, probability 0, space 0, times 0 [ 764.547699][T16557] CPU: 1 UID: 0 PID: 16557 Comm: syz.3.2384 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 764.547741][T16557] Tainted: [U]=USER [ 764.547749][T16557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 764.547763][T16557] Call Trace: [ 764.547771][T16557] [ 764.547780][T16557] dump_stack_lvl+0x16c/0x1f0 [ 764.547821][T16557] should_fail_ex+0x512/0x640 [ 764.547854][T16557] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 764.547893][T16557] should_failslab+0xc2/0x120 [ 764.547914][T16557] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 764.547950][T16557] ? do_epoll_ctl+0x2302/0x35b0 [ 764.547984][T16557] do_epoll_ctl+0x2302/0x35b0 [ 764.548025][T16557] ? __pfx_do_epoll_ctl+0x10/0x10 [ 764.548053][T16557] ? find_held_lock+0x2b/0x80 [ 764.548076][T16557] ? __might_fault+0xe3/0x190 [ 764.548109][T16557] ? __might_fault+0xe3/0x190 [ 764.548153][T16557] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 764.548181][T16557] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 764.548212][T16557] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 764.548251][T16557] do_syscall_64+0xcd/0x490 [ 764.548288][T16557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 764.548312][T16557] RIP: 0033:0x7fb56458e929 [ 764.548330][T16557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 764.548352][T16557] RSP: 002b:00007fb5653f3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 764.548373][T16557] RAX: ffffffffffffffda RBX: 00007fb5647b5fa0 RCX: 00007fb56458e929 [ 764.548389][T16557] RDX: 8000000000000000 RSI: 0000000000000001 RDI: 0000000000000005 [ 764.548403][T16557] RBP: 00007fb5653f3090 R08: 0000000000000000 R09: 0000000000000000 [ 764.548417][T16557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 764.548431][T16557] R13: 0000000000000000 R14: 00007fb5647b5fa0 R15: 00007ffc5a5636f8 [ 764.548460][T16557] [ 765.024799][T16332] veth1_vlan: entered promiscuous mode [ 765.306659][T16332] veth0_macvtap: entered promiscuous mode [ 765.324158][T16332] veth1_macvtap: entered promiscuous mode [ 765.539445][T16332] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 765.586193][T16332] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 765.676825][T16332] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 765.701195][T16332] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 765.741294][T16332] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 765.750075][T16332] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.339418][T10627] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 766.371275][T10627] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 766.545242][T10804] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 766.572428][T10804] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 767.631366][T16608] random: crng reseeded on system resumption [ 768.301813][T16615] random: crng reseeded on system resumption [ 769.887157][T16642] usb usb2: usbfs: process 16642 (syz.0.2394) did not claim interface 1 before use [ 770.961818][T10588] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 770.981247][T10588] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 770.989227][T10588] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 771.021289][T10588] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 771.039455][T10588] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 771.937601][T16658] chnl_net:caif_netlink_parms(): no params data found [ 772.087546][T16687] FAULT_INJECTION: forcing a failure. [ 772.087546][T16687] name failslab, interval 1, probability 0, space 0, times 0 [ 772.101769][T16687] CPU: 1 UID: 0 PID: 16687 Comm: syz.2.2401 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 772.101820][T16687] Tainted: [U]=USER [ 772.101831][T16687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 772.101850][T16687] Call Trace: [ 772.101861][T16687] [ 772.101873][T16687] dump_stack_lvl+0x16c/0x1f0 [ 772.101923][T16687] should_fail_ex+0x512/0x640 [ 772.101968][T16687] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 772.102021][T16687] should_failslab+0xc2/0x120 [ 772.102051][T16687] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 772.102098][T16687] ? __kernfs_new_node+0xd2/0x8e0 [ 772.102148][T16687] __kernfs_new_node+0xd2/0x8e0 [ 772.102195][T16687] ? __pfx___kernfs_new_node+0x10/0x10 [ 772.102249][T16687] ? find_held_lock+0x2b/0x80 [ 772.102283][T16687] ? kernfs_root+0xee/0x2a0 [ 772.102332][T16687] kernfs_new_node+0x13c/0x1e0 [ 772.102387][T16687] __kernfs_create_file+0x53/0x350 [ 772.102428][T16687] sysfs_add_file_mode_ns+0x207/0x3c0 [ 772.102498][T16687] sysfs_merge_group+0x1aa/0x340 [ 772.102548][T16687] ? __pfx_sysfs_merge_group+0x10/0x10 [ 772.102603][T16687] ? __pfx_dev_add_physical_location+0x10/0x10 [ 772.102638][T16687] ? bus_to_subsys+0x131/0x160 [ 772.102683][T16687] dpm_sysfs_add+0x237/0x280 [ 772.102727][T16687] device_add+0x9a6/0x1a70 [ 772.102771][T16687] ? __pfx_device_add+0x10/0x10 [ 772.102823][T16687] nfc_register_device+0x41/0x3c0 [ 772.102880][T16687] nci_register_device+0x7f1/0xb80 [ 772.102926][T16687] ? __pfx_nci_register_device+0x10/0x10 [ 772.102977][T16687] ? lockdep_init_map_type+0x5c/0x280 [ 772.103033][T16687] virtual_ncidev_open+0x141/0x220 [ 772.103076][T16687] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 772.103116][T16687] misc_open+0x35d/0x420 [ 772.103156][T16687] ? __pfx_misc_open+0x10/0x10 [ 772.103198][T16687] chrdev_open+0x231/0x6a0 [ 772.103251][T16687] ? __pfx_apparmor_file_open+0x10/0x10 [ 772.103290][T16687] ? __pfx_chrdev_open+0x10/0x10 [ 772.103340][T16687] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 772.103404][T16687] do_dentry_open+0x744/0x1c10 [ 772.103447][T16687] ? __pfx_chrdev_open+0x10/0x10 [ 772.103497][T16687] vfs_open+0x82/0x3f0 [ 772.103531][T16687] path_openat+0x1de4/0x2cb0 [ 772.103582][T16687] ? __pfx_path_openat+0x10/0x10 [ 772.103625][T16687] ? __lock_acquire+0xb8a/0x1c90 [ 772.103667][T16687] do_filp_open+0x20b/0x470 [ 772.103715][T16687] ? __pfx_do_filp_open+0x10/0x10 [ 772.103781][T16687] ? alloc_fd+0x471/0x7d0 [ 772.103829][T16687] do_sys_openat2+0x11b/0x1d0 [ 772.103860][T16687] ? __pfx_do_sys_openat2+0x10/0x10 [ 772.103906][T16687] __x64_sys_openat+0x174/0x210 [ 772.103939][T16687] ? __pfx___x64_sys_openat+0x10/0x10 [ 772.103987][T16687] do_syscall_64+0xcd/0x490 [ 772.104032][T16687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 772.104062][T16687] RIP: 0033:0x7f65ecf8e929 [ 772.104085][T16687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 772.104115][T16687] RSP: 002b:00007f65edd44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 772.104143][T16687] RAX: ffffffffffffffda RBX: 00007f65ed1b5fa0 RCX: 00007f65ecf8e929 [ 772.104162][T16687] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 772.104180][T16687] RBP: 00007f65ed010ca1 R08: 0000000000000000 R09: 0000000000000000 [ 772.104199][T16687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 772.104217][T16687] R13: 0000000000000000 R14: 00007f65ed1b5fa0 R15: 00007ffc705fbb58 [ 772.104253][T16687] [ 773.131703][T10588] Bluetooth: hci3: command tx timeout [ 773.522058][T16658] bridge0: port 1(bridge_slave_0) entered blocking state [ 773.551256][T16658] bridge0: port 1(bridge_slave_0) entered disabled state [ 773.558658][T16658] bridge_slave_0: entered allmulticast mode [ 773.573101][T16658] bridge_slave_0: entered promiscuous mode [ 773.727959][T16658] bridge0: port 2(bridge_slave_1) entered blocking state [ 773.741556][T16658] bridge0: port 2(bridge_slave_1) entered disabled state [ 773.748853][T16658] bridge_slave_1: entered allmulticast mode [ 773.809829][T16658] bridge_slave_1: entered promiscuous mode [ 774.110904][T16658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 774.205361][T16658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 774.429828][T16658] team0: Port device team_slave_0 added [ 774.676342][T16658] team0: Port device team_slave_1 added [ 774.880116][T16658] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 774.901105][T16658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 774.971573][T16658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 775.007415][T16658] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 775.041368][T16658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 775.138607][T16658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 775.211485][T10588] Bluetooth: hci3: command tx timeout [ 775.572758][T16658] hsr_slave_0: entered promiscuous mode [ 775.600049][T16658] hsr_slave_1: entered promiscuous mode [ 775.606668][T16658] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 775.625440][T16658] Cannot create hsr debugfs directory [ 776.157351][T16749] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2405'. [ 777.256222][T16658] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 777.291616][T10588] Bluetooth: hci3: command tx timeout [ 777.749624][T16658] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 778.933718][T16658] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.371405][T10588] Bluetooth: hci3: command tx timeout [ 779.742814][T16658] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 780.011636][T16800] random: crng reseeded on system resumption [ 781.127126][T16658] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 781.591668][T16658] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 781.618170][T16658] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 781.667910][T16658] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 781.757705][T16823] random: crng reseeded on system resumption [ 782.215931][T16834] random: crng reseeded on system resumption [ 782.356833][T16835] binder: 16833:16835 ioctl 1260 7fffffffffffffff returned -22 [ 782.786739][T16658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 782.870690][T16658] 8021q: adding VLAN 0 to HW filter on device team0 [ 782.914553][T10804] bridge0: port 1(bridge_slave_0) entered blocking state [ 782.921866][T10804] bridge0: port 1(bridge_slave_0) entered forwarding state [ 782.977802][T10804] bridge0: port 2(bridge_slave_1) entered blocking state [ 782.985007][T10804] bridge0: port 2(bridge_slave_1) entered forwarding state [ 783.024775][T16837] random: crng reseeded on system resumption [ 783.117446][T16658] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 783.756767][T16852] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2421'. [ 783.792072][T16658] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 784.053423][T16658] veth0_vlan: entered promiscuous mode [ 784.143594][T16658] veth1_vlan: entered promiscuous mode [ 784.397597][T16658] veth0_macvtap: entered promiscuous mode [ 784.424510][T16658] veth1_macvtap: entered promiscuous mode [ 784.818991][T16658] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 784.828739][T16867] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 784.866125][T16658] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 784.878361][T16658] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.891414][T16658] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.900197][T16658] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.941201][T16658] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 785.531769][T10804] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 785.541387][T10804] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 785.862819][T11204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 785.910055][T11204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 786.168040][T16884] random: crng reseeded on system resumption [ 786.419020][T16889] binder: 16883:16889 ioctl 1260 7fffffffffffffff returned -22 [ 787.998543][T16334] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 788.013284][T16334] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 788.029598][T16334] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 788.070409][T16334] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 788.079630][T16334] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 788.755713][T16915] random: crng reseeded on system resumption [ 789.356556][T10804] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.567749][T10804] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.621512][T16910] chnl_net:caif_netlink_parms(): no params data found [ 789.778364][T10804] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.201160][T16334] Bluetooth: hci1: command tx timeout [ 790.215263][T10804] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.500202][T16910] bridge0: port 1(bridge_slave_0) entered blocking state [ 790.561222][T16910] bridge0: port 1(bridge_slave_0) entered disabled state [ 790.568440][T16910] bridge_slave_0: entered allmulticast mode [ 790.616684][T16910] bridge_slave_0: entered promiscuous mode [ 790.635792][T16910] bridge0: port 2(bridge_slave_1) entered blocking state [ 790.691325][T16910] bridge0: port 2(bridge_slave_1) entered disabled state [ 790.717324][T16910] bridge_slave_1: entered allmulticast mode [ 790.752411][T16910] bridge_slave_1: entered promiscuous mode [ 790.832932][T16949] random: crng reseeded on system resumption [ 791.286931][T16910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 791.348965][T16910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 791.446469][T16958] random: crng reseeded on system resumption [ 791.672107][T16910] team0: Port device team_slave_0 added [ 791.746924][T16910] team0: Port device team_slave_1 added [ 792.096855][T16910] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 792.125733][T16910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 792.160414][T16910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 792.187017][T16910] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 792.235045][T16910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 792.261230][T16334] Bluetooth: hci1: command tx timeout [ 792.311862][T16970] usb usb2: usbfs: process 16970 (syz.3.2439) did not claim interface 1 before use [ 792.421150][T16910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 792.690522][T10804] bridge_slave_1: left allmulticast mode [ 792.708197][T10804] bridge_slave_1: left promiscuous mode [ 792.714569][T10804] bridge0: port 2(bridge_slave_1) entered disabled state [ 792.977644][T10804] bridge_slave_0: left allmulticast mode [ 792.986318][T10804] bridge_slave_0: left promiscuous mode [ 792.995673][T10804] bridge0: port 1(bridge_slave_0) entered disabled state [ 793.282762][T16975] netlink: 756 bytes leftover after parsing attributes in process `syz.2.2440'. [ 793.748632][T10804] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 793.770774][T10804] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 793.787448][T10804] bond0 (unregistering): Released all slaves [ 793.903590][T16910] hsr_slave_0: entered promiscuous mode [ 793.946628][T16910] hsr_slave_1: entered promiscuous mode [ 793.964184][T16910] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 793.981794][T16910] Cannot create hsr debugfs directory [ 794.331211][T16334] Bluetooth: hci1: command tx timeout [ 795.777984][T17019] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2448'. [ 796.223740][T17021] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2447'. [ 796.414756][T16334] Bluetooth: hci1: command tx timeout [ 796.554129][T10804] hsr_slave_1: left promiscuous mode [ 796.705554][T10804] veth1_vlan: left promiscuous mode [ 796.711263][T10804] veth0_vlan: left promiscuous mode [ 797.920085][T17039] netlink: 756 bytes leftover after parsing attributes in process `syz.1.2450'. [ 798.905174][T10804] team0 (unregistering): Port device team_slave_1 removed [ 799.051367][T10804] team0 (unregistering): Port device team_slave_0 removed [ 800.519278][T16910] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 800.567538][T16910] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 800.683756][T16910] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 800.729146][T16910] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 801.288476][T16910] 8021q: adding VLAN 0 to HW filter on device bond0 [ 801.455147][T16910] 8021q: adding VLAN 0 to HW filter on device team0 [ 801.543155][T10817] bridge0: port 1(bridge_slave_0) entered blocking state [ 801.550398][T10817] bridge0: port 1(bridge_slave_0) entered forwarding state [ 801.627933][T10817] bridge0: port 2(bridge_slave_1) entered blocking state [ 801.635240][T10817] bridge0: port 2(bridge_slave_1) entered forwarding state [ 802.586060][T16910] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 802.756304][T16910] veth0_vlan: entered promiscuous mode [ 802.815142][T16910] veth1_vlan: entered promiscuous mode [ 803.010532][T16910] veth0_macvtap: entered promiscuous mode [ 803.026547][T16910] veth1_macvtap: entered promiscuous mode [ 803.097504][T16910] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 803.193539][T16910] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 803.236744][T16910] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.281276][T16910] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.314641][T16910] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.326166][T16910] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.852659][T10590] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 803.860644][T10590] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 804.016714][T17103] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2462'. [ 804.248885][T10804] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 804.299271][T10804] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 804.844906][T17109] zswap: compressor not available [ 805.551944][T10588] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 805.562089][T10588] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 805.573134][T10588] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 805.583249][T10588] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 805.592644][T10588] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 805.946798][T17133] random: crng reseeded on system resumption [ 806.534204][T17129] chnl_net:caif_netlink_parms(): no params data found [ 807.075940][T17146] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2467'. [ 807.157575][T17150] random: crng reseeded on system resumption [ 807.314391][T10582] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 807.429266][T17157] netlink: 692 bytes leftover after parsing attributes in process `syz.0.2469'. [ 807.641300][T10588] Bluetooth: hci0: command tx timeout [ 807.780385][T17129] bridge0: port 1(bridge_slave_0) entered blocking state [ 807.800237][T17129] bridge0: port 1(bridge_slave_0) entered disabled state [ 807.811384][T17129] bridge_slave_0: entered allmulticast mode [ 807.834231][T17129] bridge_slave_0: entered promiscuous mode [ 807.932776][T10582] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 807.948835][T17129] bridge0: port 2(bridge_slave_1) entered blocking state [ 807.966423][T17129] bridge0: port 2(bridge_slave_1) entered disabled state [ 808.009417][T17129] bridge_slave_1: entered allmulticast mode [ 808.078923][T17129] bridge_slave_1: entered promiscuous mode [ 808.324085][T10582] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.412519][T17129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 808.557215][T10582] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.627524][T17129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 808.956998][T17129] team0: Port device team_slave_0 added [ 808.966512][T17129] team0: Port device team_slave_1 added [ 809.328087][T17129] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 809.341244][T17129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 809.418023][T17129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 809.454562][T17129] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 809.471100][T17129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 809.524234][T17175] random: crng reseeded on system resumption [ 809.541967][T17129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 809.702978][T10588] Bluetooth: hci0: command tx timeout [ 810.158182][T17129] hsr_slave_0: entered promiscuous mode [ 810.188890][T17129] hsr_slave_1: entered promiscuous mode [ 810.224743][T17129] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 810.232863][T17129] Cannot create hsr debugfs directory [ 810.466672][T17191] random: crng reseeded on system resumption [ 810.540988][T10582] bridge_slave_1: left allmulticast mode [ 810.546966][T10582] bridge_slave_1: left promiscuous mode [ 810.553290][T10582] bridge0: port 2(bridge_slave_1) entered disabled state [ 810.566436][T10582] bridge_slave_0: left allmulticast mode [ 810.572415][T10582] bridge_slave_0: left promiscuous mode [ 810.578389][T10582] bridge0: port 1(bridge_slave_0) entered disabled state [ 810.701426][T17192] binder: 17190:17192 ioctl 1260 7fffffffffffffff returned -22 [ 811.121896][T17198] random: crng reseeded on system resumption [ 811.356377][T17208] random: crng reseeded on system resumption [ 811.520166][T17212] binder: 17206:17212 ioctl 1260 7fffffffffffffff returned -22 [ 811.772539][T10588] Bluetooth: hci0: command tx timeout [ 812.130628][T10582] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 812.327541][T10582] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 812.353221][T10582] bond0 (unregistering): Released all slaves [ 812.813880][T10582] ovs_: left promiscuous mode [ 813.697747][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.704358][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 813.851327][T10588] Bluetooth: hci0: command tx timeout [ 813.937700][T17241] ceph: Failed to parse sending metrics switch value 'P^' [ 814.650343][T17129] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 814.711870][T17129] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 814.935987][T17129] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 814.978037][T17129] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 816.667634][T17291] netlink: zone id is out of range [ 816.685760][T17291] netlink: zone id is out of range [ 816.720633][T10582] hsr_slave_0: left promiscuous mode [ 816.749109][T17291] netlink: zone id is out of range [ 816.762851][T17291] netlink: zone id is out of range [ 816.781657][T10582] hsr_slave_1: left promiscuous mode [ 816.932685][T10582] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 816.946894][T10582] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 816.990321][T10582] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 817.001184][T10582] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 817.015979][T17291] netlink: set zone limit has 8 unknown bytes [ 817.190397][T10582] veth1_macvtap: left promiscuous mode [ 817.205371][T10582] veth0_macvtap: left promiscuous mode [ 817.224169][T10582] veth1_vlan: left promiscuous mode [ 817.229601][T10582] veth0_vlan: left promiscuous mode [ 817.236520][T17301] random: crng reseeded on system resumption [ 817.354530][T17303] binder: 17300:17303 ioctl 1260 7fffffffffffffff returned -22 [ 817.447417][T17305] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 817.643994][T17308] netlink: 'syz.2.2492': attribute type 1 has an invalid length. [ 817.707444][T17308] netlink: 33 bytes leftover after parsing attributes in process `syz.2.2492'. [ 818.353851][T17316] netlink: 692 bytes leftover after parsing attributes in process `syz.1.2494'. [ 819.201326][T10582] team0 (unregistering): Port device team_slave_1 removed [ 819.312299][T10582] team0 (unregistering): Port device team_slave_0 removed [ 819.699406][T17330] random: crng reseeded on system resumption [ 820.087111][T17129] 8021q: adding VLAN 0 to HW filter on device bond0 [ 820.289635][T17129] 8021q: adding VLAN 0 to HW filter on device team0 [ 820.389074][T10590] bridge0: port 1(bridge_slave_0) entered blocking state [ 820.397360][T10590] bridge0: port 1(bridge_slave_0) entered forwarding state [ 820.437604][T10590] bridge0: port 2(bridge_slave_1) entered blocking state [ 820.444901][T10590] bridge0: port 2(bridge_slave_1) entered forwarding state [ 820.478338][T17129] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 820.489236][T17129] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 820.686634][T10582] bridge_slave_1: left allmulticast mode [ 820.696889][T10582] bridge_slave_1: left promiscuous mode [ 820.724777][T10582] bridge0: port 2(bridge_slave_1) entered disabled state [ 820.763994][T10582] bridge_slave_0: left allmulticast mode [ 820.769707][T10582] bridge_slave_0: left promiscuous mode [ 820.794440][T10582] bridge0: port 1(bridge_slave_0) entered disabled state [ 821.076296][T17357] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2503'. [ 821.249387][T17360] random: crng reseeded on system resumption [ 823.566007][T17380] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff8163ed79 (__mcheck_cpu_init_clear_banks+0x109/0x1f0) [ 823.581626][T17380] Call Trace: [ 823.584949][T17380] [ 823.587932][T17380] ? __pfx_mce_cpu_restart+0x10/0x10 [ 823.593289][T17380] mce_cpu_restart+0x98/0xb0 [ 823.598053][T17380] smp_call_function_many_cond+0xef9/0x1510 [ 823.604006][T17380] ? __pfx_mce_cpu_restart+0x10/0x10 [ 823.609374][T17380] ? lockdep_hardirqs_on+0x7c/0x110 [ 823.614651][T17380] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 823.620518][T17380] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 823.626889][T17380] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 823.632935][T17380] ? __pfx_mce_cpu_restart+0x10/0x10 [ 823.638635][T17380] on_each_cpu_cond_mask+0x40/0x90 [ 823.643816][T17380] set_bank+0x240/0x3a0 [ 823.648044][T17380] ? __pfx_set_bank+0x10/0x10 [ 823.652798][T17380] ? find_held_lock+0x2b/0x80 [ 823.657535][T17380] ? __pfx_set_bank+0x10/0x10 [ 823.662270][T17380] dev_attr_store+0x55/0x80 [ 823.666846][T17380] ? __pfx_dev_attr_store+0x10/0x10 [ 823.672101][T17380] sysfs_kf_write+0xef/0x150 [ 823.676761][T17380] kernfs_fop_write_iter+0x351/0x510 [ 823.682112][T17380] ? __pfx_sysfs_kf_write+0x10/0x10 [ 823.687380][T17380] vfs_write+0x6c7/0x1150 [ 823.691778][T17380] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 823.697657][T17380] ? __pfx___mutex_lock+0x10/0x10 [ 823.702748][T17380] ? __pfx_vfs_write+0x10/0x10 [ 823.707605][T17380] ksys_write+0x12a/0x250 [ 823.712004][T17380] ? __pfx_ksys_write+0x10/0x10 [ 823.716928][T17380] do_syscall_64+0xcd/0x490 [ 823.721509][T17380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.727466][T17380] RIP: 0033:0x7f65ecf8e929 [ 823.731923][T17380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 823.751576][T17380] RSP: 002b:00007f65edd44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 823.760021][T17380] RAX: ffffffffffffffda RBX: 00007f65ed1b5fa0 RCX: 00007f65ecf8e929 [ 823.768026][T17380] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000005 [ 823.776025][T17380] RBP: 00007f65ed010ca1 R08: 0000000000000000 R09: 0000000000000000 [ 823.784025][T17380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 823.792028][T17380] R13: 0000000000000000 R14: 00007f65ed1b5fa0 R15: 00007ffc705fbb58 [ 823.800037][T17380] [ 823.972051][T10582] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 824.104495][T10582] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 824.192975][T10582] bond0 (unregistering): Released all slaves [ 824.295568][T17378] FAULT_INJECTION: forcing a failure. [ 824.295568][T17378] name failslab, interval 1, probability 0, space 0, times 0 [ 824.308459][T17378] CPU: 1 UID: 0 PID: 17378 Comm: syz.0.2506 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 824.308509][T17378] Tainted: [U]=USER [ 824.308521][T17378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 824.308540][T17378] Call Trace: [ 824.308550][T17378] [ 824.308563][T17378] dump_stack_lvl+0x16c/0x1f0 [ 824.308626][T17378] should_fail_ex+0x512/0x640 [ 824.308668][T17378] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 824.308721][T17378] should_failslab+0xc2/0x120 [ 824.308750][T17378] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 824.308797][T17378] ? proc_create_reg+0xe3/0x180 [ 824.308824][T17378] ? fib_notifier_ops_register+0x32/0x270 [ 824.308874][T17378] ? __pfx_ipmr_net_init+0x10/0x10 [ 824.308905][T17378] kmemdup_noprof+0x29/0x60 [ 824.308949][T17378] fib_notifier_ops_register+0x32/0x270 [ 824.308996][T17378] ? __pfx_ipmr_net_init+0x10/0x10 [ 824.309025][T17378] ipmr_net_init+0x57/0x4e0 [ 824.309055][T17378] ? __pfx_ipmr_net_init+0x10/0x10 [ 824.309084][T17378] ops_init+0x1e2/0x5f0 [ 824.309133][T17378] setup_net+0x1ff/0x510 [ 824.309195][T17378] ? lockdep_init_map_type+0x5c/0x280 [ 824.309241][T17378] ? __pfx_setup_net+0x10/0x10 [ 824.309294][T17378] ? debug_mutex_init+0x37/0x70 [ 824.309331][T17378] copy_net_ns+0x2a6/0x5f0 [ 824.309375][T17378] create_new_namespaces+0x3ea/0xa90 [ 824.309422][T17378] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 824.309464][T17378] ksys_unshare+0x45b/0xa40 [ 824.309507][T17378] ? __pfx_ksys_unshare+0x10/0x10 [ 824.309553][T17378] ? xfd_validate_state+0x61/0x180 [ 824.309613][T17378] __x64_sys_unshare+0x31/0x40 [ 824.309655][T17378] do_syscall_64+0xcd/0x490 [ 824.309706][T17378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 824.309737][T17378] RIP: 0033:0x7f8fc918e929 [ 824.309763][T17378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 824.309795][T17378] RSP: 002b:00007f8fc9f7a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 824.309825][T17378] RAX: ffffffffffffffda RBX: 00007f8fc93b6240 RCX: 00007f8fc918e929 [ 824.309846][T17378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 824.309866][T17378] RBP: 00007f8fc9210ca1 R08: 0000000000000000 R09: 0000000000000000 [ 824.309886][T17378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 824.309905][T17378] R13: 0000000000000000 R14: 00007f8fc93b6240 R15: 00007fffb033dc18 [ 824.309945][T17378] [ 824.816918][T10582] ovs_: left promiscuous mode [ 824.938008][T17129] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 825.043999][T17129] veth0_vlan: entered promiscuous mode [ 825.079682][T17129] veth1_vlan: entered promiscuous mode [ 825.124055][T10582] .SR: left promiscuous mode [ 825.254120][T17129] veth0_macvtap: entered promiscuous mode [ 825.354494][T17129] veth1_macvtap: entered promiscuous mode [ 825.416955][T17129] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 825.452528][T17383] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 825.460320][T17383] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 825.461122][T17129] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 825.523163][T17391] FAULT_INJECTION: forcing a failure. [ 825.523163][T17391] name failslab, interval 1, probability 0, space 0, times 0 [ 825.551563][T17383] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 825.560078][T17129] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.591152][T17129] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.612517][T17129] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.641304][T17129] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.655730][T17391] CPU: 1 UID: 0 PID: 17391 Comm: syz.1.2508 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 825.655780][T17391] Tainted: [U]=USER [ 825.655789][T17391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 825.655805][T17391] Call Trace: [ 825.655814][T17391] [ 825.655824][T17391] dump_stack_lvl+0x16c/0x1f0 [ 825.655869][T17391] should_fail_ex+0x512/0x640 [ 825.655908][T17391] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 825.655954][T17391] should_failslab+0xc2/0x120 [ 825.655980][T17391] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 825.656022][T17391] ? alloc_empty_file+0x55/0x1e0 [ 825.656053][T17391] alloc_empty_file+0x55/0x1e0 [ 825.656081][T17391] path_openat+0xda/0x2cb0 [ 825.656115][T17391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.656152][T17391] ? __pfx_path_openat+0x10/0x10 [ 825.656196][T17391] ? __lock_acquire+0xb8a/0x1c90 [ 825.656236][T17391] do_filp_open+0x20b/0x470 [ 825.656275][T17391] ? __pfx_do_filp_open+0x10/0x10 [ 825.656334][T17391] ? alloc_fd+0x471/0x7d0 [ 825.656378][T17391] do_sys_openat2+0x11b/0x1d0 [ 825.656406][T17391] ? __pfx_do_sys_openat2+0x10/0x10 [ 825.656447][T17391] __x64_sys_openat+0x174/0x210 [ 825.656476][T17391] ? __pfx___x64_sys_openat+0x10/0x10 [ 825.656517][T17391] do_syscall_64+0xcd/0x490 [ 825.656557][T17391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.656583][T17391] RIP: 0033:0x7fed6e58d290 [ 825.656603][T17391] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 825.656628][T17391] RSP: 002b:00007fed6f3cdf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 825.656653][T17391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fed6e58d290 [ 825.656670][T17391] RDX: 0000000000000002 RSI: 00007fed6f3cdfa0 RDI: 00000000ffffff9c [ 825.656686][T17391] RBP: 00007fed6f3cdfa0 R08: 0000000000000000 R09: 00007fed6f3cdcd5 [ 825.656702][T17391] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 825.656718][T17391] R13: 0000000000000000 R14: 00007fed6e7b5fa0 R15: 00007fffc7fcb6c8 [ 825.656753][T17391] [ 826.114813][T17383] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 826.131280][T17383] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 826.232229][T17383] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 826.432979][T17383] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 826.477986][T17383] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 826.730103][T17402] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2510'. [ 826.736989][T17383] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 826.876549][T17383] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 826.901201][T10588] Bluetooth: hci4: command 0x0c1a tx timeout [ 826.917711][T17383] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 827.126831][T17383] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 827.364345][T10817] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 827.382330][T10817] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 827.777980][T10817] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 827.823874][T10817] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 828.171197][T16334] Bluetooth: hci3: command 0x0c1a tx timeout [ 828.504185][T16334] Bluetooth: hci1: command 0x0c1a tx timeout [ 828.891689][T16334] Bluetooth: hci0: command 0x0c1a tx timeout [ 828.971713][T16334] Bluetooth: hci4: command 0x0c1a tx timeout [ 829.592555][T10582] hsr_slave_0: left promiscuous mode [ 829.633450][T17435] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input22 [ 829.667778][T10582] hsr_slave_1: left promiscuous mode [ 829.716812][T10582] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 829.770123][T10582] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 829.845539][T10582] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 829.884422][T10582] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 830.030648][T17442] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 830.030648][T17442] M' is too long [ 830.049565][T17442] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 830.049565][T17442] W ' is too long [ 830.149192][T10582] veth1_macvtap: left promiscuous mode [ 830.168104][T10582] veth0_macvtap: left promiscuous mode [ 830.179808][T10582] veth1_vlan: left promiscuous mode [ 830.195089][T10582] veth0_vlan: left promiscuous mode [ 830.206841][T17447] usb usb2: usbfs: process 17447 (syz.1.2520) did not claim interface 1 before use [ 830.271172][T16334] Bluetooth: hci3: command 0x0c1a tx timeout [ 830.571839][T16334] Bluetooth: hci1: command 0x0c1a tx timeout [ 830.766853][T17454] usb usb2: usbfs: process 17454 (syz.1.2522) did not claim interface 1 before use [ 830.956984][T17456] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2523'. [ 830.977725][T16334] Bluetooth: hci0: command 0x0c1a tx timeout [ 831.065757][T16334] Bluetooth: hci4: command 0x0c1a tx timeout [ 831.777508][T17463] random: crng reseeded on system resumption [ 832.331163][T16334] Bluetooth: hci3: command 0x0c1a tx timeout [ 832.659577][T16334] Bluetooth: hci1: command 0x0c1a tx timeout [ 833.051585][T16334] Bluetooth: hci0: command 0x0c1a tx timeout [ 833.989492][T10582] team0 (unregistering): Port device team_slave_1 removed [ 834.086394][T10582] team0 (unregistering): Port device team_slave_0 removed [ 835.271824][T17492] random: crng reseeded on system resumption [ 835.883251][T17500] random: crng reseeded on system resumption [ 837.237521][T17514] random: crng reseeded on system resumption [ 837.712521][T17522] Unable to find swap-space signature [ 839.594832][T17558] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2543'. [ 839.791708][T17564] random: crng reseeded on system resumption [ 842.048093][T17605] random: crng reseeded on system resumption [ 842.259230][T17598] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2553'. [ 842.400252][T17611] random: crng reseeded on system resumption [ 842.452792][T17598] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 842.466805][T17598] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 842.483780][T17598] bond0 (unregistering): Released all slaves [ 845.146546][T17660] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2566'. [ 845.190977][T17660] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2566'. [ 845.600298][T17661] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2566'. [ 846.017825][T17666] random: crng reseeded on system resumption [ 846.458207][T17675] netlink: 740 bytes leftover after parsing attributes in process `syz.2.2568'. [ 847.471100][T17686] random: crng reseeded on system resumption [ 848.500872][T17711] usb usb2: usbfs: process 17711 (syz.0.2578) did not claim interface 1 before use [ 849.205578][T17720] usb usb2: usbfs: process 17720 (syz.3.2580) did not claim interface 1 before use [ 849.463363][T17727] random: crng reseeded on system resumption [ 849.953612][T17715] zswap: compressor 000 not available [ 850.574440][T17742] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2584'. [ 853.360590][T17787] random: crng reseeded on system resumption [ 854.982530][T17800] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2595'. [ 855.035205][T17803] random: crng reseeded on system resumption [ 855.410659][T17812] random: crng reseeded on system resumption [ 858.102251][T17847] random: crng reseeded on system resumption [ 858.367842][T17850] syz.0.2607 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 860.002285][T17885] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2613'. [ 860.227871][T17889] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2614'. [ 861.752624][T17908] random: crng reseeded on system resumption [ 864.268213][T17934] FAULT_INJECTION: forcing a failure. [ 864.268213][T17934] name failslab, interval 1, probability 0, space 0, times 0 [ 864.427488][T17934] CPU: 0 UID: 0 PID: 17934 Comm: syz.1.2624 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 864.427544][T17934] Tainted: [U]=USER [ 864.427556][T17934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 864.427576][T17934] Call Trace: [ 864.427587][T17934] [ 864.427600][T17934] dump_stack_lvl+0x16c/0x1f0 [ 864.427674][T17934] should_fail_ex+0x512/0x640 [ 864.427731][T17934] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 864.427793][T17934] should_failslab+0xc2/0x120 [ 864.427836][T17934] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 864.427889][T17934] ? proc_create_reg+0xe3/0x180 [ 864.427917][T17934] ? fib_notifier_ops_register+0x32/0x270 [ 864.427970][T17934] ? __pfx_ipmr_net_init+0x10/0x10 [ 864.428004][T17934] kmemdup_noprof+0x29/0x60 [ 864.428053][T17934] fib_notifier_ops_register+0x32/0x270 [ 864.428104][T17934] ? __pfx_ipmr_net_init+0x10/0x10 [ 864.428136][T17934] ipmr_net_init+0x57/0x4e0 [ 864.428169][T17934] ? __pfx_ipmr_net_init+0x10/0x10 [ 864.428200][T17934] ops_init+0x1e2/0x5f0 [ 864.428254][T17934] setup_net+0x1ff/0x510 [ 864.428301][T17934] ? lockdep_init_map_type+0x5c/0x280 [ 864.428348][T17934] ? __pfx_setup_net+0x10/0x10 [ 864.428399][T17934] ? debug_mutex_init+0x37/0x70 [ 864.428437][T17934] copy_net_ns+0x2a6/0x5f0 [ 864.428472][T17934] create_new_namespaces+0x3ea/0xa90 [ 864.428518][T17934] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 864.428556][T17934] ksys_unshare+0x45b/0xa40 [ 864.428599][T17934] ? __pfx_ksys_unshare+0x10/0x10 [ 864.428644][T17934] ? xfd_validate_state+0x61/0x180 [ 864.428700][T17934] __x64_sys_unshare+0x31/0x40 [ 864.428751][T17934] do_syscall_64+0xcd/0x490 [ 864.428804][T17934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.428836][T17934] RIP: 0033:0x7fed6e58e929 [ 864.428862][T17934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 864.428893][T17934] RSP: 002b:00007fed6f36b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 864.428923][T17934] RAX: ffffffffffffffda RBX: 00007fed6e7b6240 RCX: 00007fed6e58e929 [ 864.428944][T17934] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 864.428964][T17934] RBP: 00007fed6e610ca1 R08: 0000000000000000 R09: 0000000000000000 [ 864.428983][T17934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 864.429003][T17934] R13: 0000000000000000 R14: 00007fed6e7b6240 R15: 00007fffc7fcb6c8 [ 864.429043][T17934] [ 864.675946][ C0] vkms_vblank_simulate: vblank timer overrun [ 866.334496][T17945] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2626'. [ 866.422415][T17947] random: crng reseeded on system resumption [ 866.792049][T17953] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2630'. [ 866.811521][T17953] ipvlan1: entered allmulticast mode [ 866.816953][T17953] veth0_vlan: entered allmulticast mode [ 867.439954][T17960] warning: `syz.1.2631' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 868.686739][ C1] vcan0: j1939_tp_rxtimer: 0xffff888032c23c00: rx timeout, send abort [ 868.697301][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888032c23c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 869.098485][T17981] FAULT_INJECTION: forcing a failure. [ 869.098485][T17981] name failslab, interval 1, probability 0, space 0, times 0 [ 869.222040][T17981] CPU: 1 UID: 0 PID: 17981 Comm: syz.1.2636 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 869.222098][T17981] Tainted: [U]=USER [ 869.222110][T17981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 869.222131][T17981] Call Trace: [ 869.222142][T17981] [ 869.222155][T17981] dump_stack_lvl+0x16c/0x1f0 [ 869.222219][T17981] should_fail_ex+0x512/0x640 [ 869.222267][T17981] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 869.222344][T17981] should_failslab+0xc2/0x120 [ 869.222375][T17981] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 869.222427][T17981] ? proc_create_reg+0xe3/0x180 [ 869.222456][T17981] ? fib_notifier_ops_register+0x32/0x270 [ 869.222509][T17981] ? __pfx_ipmr_net_init+0x10/0x10 [ 869.222541][T17981] kmemdup_noprof+0x29/0x60 [ 869.222589][T17981] fib_notifier_ops_register+0x32/0x270 [ 869.222638][T17981] ? __pfx_ipmr_net_init+0x10/0x10 [ 869.222669][T17981] ipmr_net_init+0x57/0x4e0 [ 869.222701][T17981] ? __pfx_ipmr_net_init+0x10/0x10 [ 869.222732][T17981] ops_init+0x1e2/0x5f0 [ 869.222784][T17981] setup_net+0x1ff/0x510 [ 869.222828][T17981] ? lockdep_init_map_type+0x5c/0x280 [ 869.222873][T17981] ? __pfx_setup_net+0x10/0x10 [ 869.222924][T17981] ? debug_mutex_init+0x37/0x70 [ 869.222960][T17981] copy_net_ns+0x2a6/0x5f0 [ 869.222995][T17981] create_new_namespaces+0x3ea/0xa90 [ 869.223041][T17981] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 869.223099][T17981] ksys_unshare+0x45b/0xa40 [ 869.223144][T17981] ? __pfx_ksys_unshare+0x10/0x10 [ 869.223192][T17981] ? xfd_validate_state+0x61/0x180 [ 869.223259][T17981] __x64_sys_unshare+0x31/0x40 [ 869.223306][T17981] do_syscall_64+0xcd/0x490 [ 869.223359][T17981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.223411][T17981] RIP: 0033:0x7fed6e58e929 [ 869.223438][T17981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 869.223474][T17981] RSP: 002b:00007fed6f36b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 869.223508][T17981] RAX: ffffffffffffffda RBX: 00007fed6e7b6240 RCX: 00007fed6e58e929 [ 869.223532][T17981] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 869.223554][T17981] RBP: 00007fed6e610ca1 R08: 0000000000000000 R09: 0000000000000000 [ 869.223576][T17981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 869.223598][T17981] R13: 0000000000000000 R14: 00007fed6e7b6240 R15: 00007fffc7fcb6c8 [ 869.223643][T17981] [ 869.902856][T17994] random: crng reseeded on system resumption [ 870.247672][T17999] FAULT_INJECTION: forcing a failure. [ 870.247672][T17999] name failslab, interval 1, probability 0, space 0, times 0 [ 870.264888][T17999] CPU: 0 UID: 0 PID: 17999 Comm: syz.3.2640 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 870.264945][T17999] Tainted: [U]=USER [ 870.264954][T17999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 870.264971][T17999] Call Trace: [ 870.264979][T17999] [ 870.264990][T17999] dump_stack_lvl+0x16c/0x1f0 [ 870.265035][T17999] should_fail_ex+0x512/0x640 [ 870.265072][T17999] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 870.265124][T17999] should_failslab+0xc2/0x120 [ 870.265151][T17999] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 870.265192][T17999] ? __alloc_skb+0x2b2/0x380 [ 870.265253][T17999] __alloc_skb+0x2b2/0x380 [ 870.265291][T17999] ? __pfx___alloc_skb+0x10/0x10 [ 870.265333][T17999] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 870.265370][T17999] netlink_alloc_large_skb+0x69/0x130 [ 870.265401][T17999] netlink_sendmsg+0x6a1/0xdd0 [ 870.265435][T17999] ? __pfx_netlink_sendmsg+0x10/0x10 [ 870.265479][T17999] ____sys_sendmsg+0xa95/0xc70 [ 870.265512][T17999] ? copy_msghdr_from_user+0x10a/0x160 [ 870.265556][T17999] ? __pfx_____sys_sendmsg+0x10/0x10 [ 870.265605][T17999] ___sys_sendmsg+0x134/0x1d0 [ 870.265651][T17999] ? __pfx____sys_sendmsg+0x10/0x10 [ 870.265692][T17999] ? __lock_acquire+0x622/0x1c90 [ 870.265776][T17999] __sys_sendmsg+0x16d/0x220 [ 870.265820][T17999] ? __pfx___sys_sendmsg+0x10/0x10 [ 870.265887][T17999] do_syscall_64+0xcd/0x490 [ 870.265935][T17999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.265966][T17999] RIP: 0033:0x7ff029b8e929 [ 870.265990][T17999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 870.266020][T17999] RSP: 002b:00007ff02aa75038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 870.266056][T17999] RAX: ffffffffffffffda RBX: 00007ff029db5fa0 RCX: 00007ff029b8e929 [ 870.266074][T17999] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 870.266098][T17999] RBP: 00007ff02aa75090 R08: 0000000000000000 R09: 0000000000000000 [ 870.266114][T17999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 870.266131][T17999] R13: 0000000000000000 R14: 00007ff029db5fa0 R15: 00007ffd03212268 [ 870.266167][T17999] [ 871.141379][T18004] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2643'. [ 871.182403][T18007] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2644'. [ 873.130429][T18041] netlink: 752 bytes leftover after parsing attributes in process `syz.2.2648'. [ 874.655513][T18040] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 875.146710][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.161138][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 877.646838][T18078] usb usb2: usbfs: process 18078 (syz.0.2660) did not claim interface 1 before use [ 881.756680][T18129] usb usb2: usbfs: process 18129 (syz.2.2671) did not claim interface 1 before use [ 883.147127][T18138] ALSA: mixer_oss: invalid OSS volume '' [ 883.369141][T18147] random: crng reseeded on system resumption [ 885.835366][T18170] usb usb2: usbfs: process 18170 (syz.0.2681) did not claim interface 1 before use [ 886.962676][T18192] random: crng reseeded on system resumption [ 889.048460][T18221] random: crng reseeded on system resumption [ 890.111587][T18233] usb usb2: usbfs: process 18233 (syz.3.2693) did not claim interface 1 before use [ 893.688586][T18276] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2703'. [ 893.791882][T18269] netlink: 756 bytes leftover after parsing attributes in process `syz.1.2701'. [ 894.253766][T18282] random: crng reseeded on system resumption [ 896.400135][T18294] FAULT_INJECTION: forcing a failure. [ 896.400135][T18294] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 896.499617][T18294] CPU: 0 UID: 0 PID: 18294 Comm: syz.0.2707 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 896.499659][T18294] Tainted: [U]=USER [ 896.499666][T18294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 896.499678][T18294] Call Trace: [ 896.499685][T18294] [ 896.499693][T18294] dump_stack_lvl+0x16c/0x1f0 [ 896.499727][T18294] should_fail_ex+0x512/0x640 [ 896.499760][T18294] core_sys_select+0x4c5/0xc10 [ 896.499793][T18294] ? __pfx_core_sys_select+0x10/0x10 [ 896.499824][T18294] ? proc_fail_nth_write+0x9f/0x250 [ 896.499868][T18294] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 896.499905][T18294] kern_select+0x15d/0x1e0 [ 896.499931][T18294] ? __pfx_kern_select+0x10/0x10 [ 896.499961][T18294] ? __pfx_ksys_write+0x10/0x10 [ 896.499993][T18294] __x64_sys_select+0xbd/0x160 [ 896.500018][T18294] ? do_syscall_64+0x91/0x490 [ 896.500047][T18294] ? lockdep_hardirqs_on+0x7c/0x110 [ 896.500093][T18294] do_syscall_64+0xcd/0x490 [ 896.500138][T18294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 896.500159][T18294] RIP: 0033:0x7f8fc918e929 [ 896.500175][T18294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 896.500213][T18294] RSP: 002b:00007f8fc9f9b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 896.500234][T18294] RAX: ffffffffffffffda RBX: 00007f8fc93b6160 RCX: 00007f8fc918e929 [ 896.500248][T18294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000012 [ 896.500267][T18294] RBP: 00007f8fc9f9b090 R08: 0000000000000000 R09: 0000000000000000 [ 896.500281][T18294] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 896.500294][T18294] R13: 0000000000000000 R14: 00007f8fc93b6160 R15: 00007fffb033dc18 [ 896.500321][T18294] [ 897.001786][T18301] random: crng reseeded on system resumption [ 897.914236][T18317] [U] [ 897.917055][T18317] [U] [ 897.919821][T18317] [U] [ 897.922595][T18317] [U] [ 897.956291][T18317] [U] [ 897.959104][T18317] [U] [ 897.961870][T18317] [U] [ 897.964635][T18317] [U] [ 898.061345][T18317] [U] [ 898.064169][T18317] [U] [ 898.066931][T18317] [U] [ 898.069712][T18317] [U] [ 898.163884][T18317] [U] [ 898.166702][T18317] [U] [ 898.169463][T18317] [U] [ 898.172223][T18317] [U] [ 898.267000][T18317] [U] [ 898.269816][T18317] [U] [ 898.272598][T18317] [U] [ 898.275345][T18317] [U] [ 898.335127][T18317] [U] [ 898.337938][T18317] [U] [ 898.340690][T18317] [U] [ 898.343464][T18317] [U] [ 898.394384][T18317] [U] [ 898.397198][T18317] [U] [ 898.399958][T18317] [U] [ 898.402717][T18317] [U] [ 898.471374][T18317] [U] [ 898.474271][T18317] [U] [ 898.477039][T18317] [U] [ 898.479798][T18317] [U] [ 898.531321][T18317] [U] [ 898.534123][T18317] [U] [ 898.536900][T18317] [U] [ 898.539650][T18317] [U] [ 898.571850][T18317] [U] [ 898.574640][T18317] [U] [ 898.577378][T18317] [U] [ 898.580150][T18317] [U] [ 898.621609][T18317] [U] [ 898.624425][T18317] [U] [ 898.627178][T18317] [U] [ 898.629929][T18317] [U] [ 898.686240][T18325] random: crng reseeded on system resumption [ 898.751138][T18317] [U] [ 898.753950][T18317] [U] [ 898.756716][T18317] [U] [ 898.759474][T18317] [U] [ 898.796648][T18317] [U] [ 898.799535][T18317] [U] [ 898.802299][T18317] [U] [ 898.805061][T18317] [U] [ 898.896516][T18317] [U] [ 898.899310][T18317] [U] [ 898.902111][T18317] [U] [ 898.904867][T18317] [U] [ 898.931284][T18317] [U] [ 898.934088][T18317] [U] [ 898.936841][T18317] [U] [ 898.939585][T18317] [U] [ 899.011383][T18317] [U] [ 899.014187][T18317] [U] [ 899.016942][T18317] [U] [ 899.019711][T18317] [U] [ 899.207667][T18329] [U] [ 900.532665][T18340] netlink: 752 bytes leftover after parsing attributes in process `syz.2.2719'. [ 901.681820][T18355] FAULT_INJECTION: forcing a failure. [ 901.681820][T18355] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 901.700028][T18355] CPU: 1 UID: 0 PID: 18355 Comm: syz.0.2722 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 901.700082][T18355] Tainted: [U]=USER [ 901.700093][T18355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 901.700114][T18355] Call Trace: [ 901.700126][T18355] [ 901.700139][T18355] dump_stack_lvl+0x16c/0x1f0 [ 901.700196][T18355] should_fail_ex+0x512/0x640 [ 901.700251][T18355] _copy_to_user+0x32/0xd0 [ 901.700307][T18355] __do_sys_mincore+0x28e/0x620 [ 901.700364][T18355] do_syscall_64+0xcd/0x490 [ 901.700419][T18355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 901.700453][T18355] RIP: 0033:0x7f8fc918e929 [ 901.700480][T18355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 901.700514][T18355] RSP: 002b:00007f8fc9f59038 EFLAGS: 00000246 ORIG_RAX: 000000000000001b [ 901.700546][T18355] RAX: ffffffffffffffda RBX: 00007f8fc93b6320 RCX: 00007f8fc918e929 [ 901.700569][T18355] RDX: 0000000000000000 RSI: 0000000004000000 RDI: 0000000000001000 [ 901.700591][T18355] RBP: 00007f8fc9f59090 R08: 0000000000000000 R09: 0000000000000000 [ 901.700612][T18355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 901.700633][T18355] R13: 0000000000000000 R14: 00007f8fc93b6320 R15: 00007fffb033dc18 [ 901.700676][T18355] [ 903.353226][T18386] random: crng reseeded on system resumption [ 904.516201][T18408] netlink: 206 bytes leftover after parsing attributes in process `syz.0.2733'. [ 905.398080][T18425] FAULT_INJECTION: forcing a failure. [ 905.398080][T18425] name failslab, interval 1, probability 0, space 0, times 0 [ 905.499290][T18425] CPU: 0 UID: 0 PID: 18425 Comm: syz.0.2736 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 905.499330][T18425] Tainted: [U]=USER [ 905.499338][T18425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 905.499351][T18425] Call Trace: [ 905.499359][T18425] [ 905.499368][T18425] dump_stack_lvl+0x16c/0x1f0 [ 905.499405][T18425] should_fail_ex+0x512/0x640 [ 905.499448][T18425] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 905.499480][T18425] should_failslab+0xc2/0x120 [ 905.499500][T18425] __kmalloc_cache_noprof+0x6a/0x3e0 [ 905.499527][T18425] ? snd_pcm_hw_param_first+0x30d/0x6f0 [ 905.499572][T18425] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 905.499596][T18425] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 905.499624][T18425] snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 905.499653][T18425] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 905.499679][T18425] ? __asan_memset+0x23/0x50 [ 905.499707][T18425] ? calc_src_frames.isra.0+0x187/0x1d0 [ 905.499731][T18425] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 905.499763][T18425] snd_pcm_oss_change_params_locked+0x13f9/0x3a30 [ 905.499799][T18425] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 905.499825][T18425] ? snd_pcm_oss_sync+0x30c/0x840 [ 905.499865][T18425] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 905.499891][T18425] snd_pcm_oss_sync+0x32e/0x840 [ 905.499918][T18425] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 905.499941][T18425] snd_pcm_oss_release+0x28b/0x310 [ 905.499966][T18425] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 905.499988][T18425] __fput+0x3ff/0xb70 [ 905.500016][T18425] task_work_run+0x150/0x240 [ 905.500052][T18425] ? __pfx_task_work_run+0x10/0x10 [ 905.500087][T18425] ? __pfx___do_sys_close_range+0x10/0x10 [ 905.500118][T18425] ? syscall_user_dispatch+0x78/0x140 [ 905.500143][T18425] exit_to_user_mode_loop+0xeb/0x110 [ 905.500179][T18425] do_syscall_64+0x3f6/0x490 [ 905.500215][T18425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.500237][T18425] RIP: 0033:0x7f8fc918e929 [ 905.500254][T18425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 905.500275][T18425] RSP: 002b:00007f8fc9fbc038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 905.500295][T18425] RAX: 0000000000000000 RBX: 00007f8fc93b6080 RCX: 00007f8fc918e929 [ 905.500310][T18425] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 905.500328][T18425] RBP: 00007f8fc9210ca1 R08: 0000000000000000 R09: 0000000000000000 [ 905.500341][T18425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 905.500354][T18425] R13: 0000000000000000 R14: 00007f8fc93b6080 R15: 00007fffb033dc18 [ 905.500381][T18425] [ 906.393787][T18434] random: crng reseeded on system resumption [ 908.416402][T18459] FAULT_INJECTION: forcing a failure. [ 908.416402][T18459] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 908.471260][T18459] CPU: 1 UID: 0 PID: 18459 Comm: syz.1.2745 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 908.471304][T18459] Tainted: [U]=USER [ 908.471312][T18459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 908.471325][T18459] Call Trace: [ 908.471332][T18459] [ 908.471340][T18459] dump_stack_lvl+0x16c/0x1f0 [ 908.471377][T18459] should_fail_ex+0x512/0x640 [ 908.471412][T18459] _copy_from_user+0x2e/0xd0 [ 908.471445][T18459] move_addr_to_kernel+0x65/0x170 [ 908.471472][T18459] __sys_connect+0xb1/0x160 [ 908.471499][T18459] ? __pfx___sys_connect+0x10/0x10 [ 908.471539][T18459] ? __pfx_ksys_write+0x10/0x10 [ 908.471576][T18459] __x64_sys_connect+0x72/0xb0 [ 908.471601][T18459] ? lockdep_hardirqs_on+0x7c/0x110 [ 908.471631][T18459] do_syscall_64+0xcd/0x490 [ 908.471665][T18459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 908.471686][T18459] RIP: 0033:0x7fed6e58e929 [ 908.471703][T18459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 908.471723][T18459] RSP: 002b:00007fed6f3ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 908.471743][T18459] RAX: ffffffffffffffda RBX: 00007fed6e7b6080 RCX: 00007fed6e58e929 [ 908.471757][T18459] RDX: 0000000000000055 RSI: 00002000000018c0 RDI: 0000000000000003 [ 908.471770][T18459] RBP: 00007fed6f3ad090 R08: 0000000000000000 R09: 0000000000000000 [ 908.471783][T18459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 908.471795][T18459] R13: 0000000000000000 R14: 00007fed6e7b6080 R15: 00007fffc7fcb6c8 [ 908.471821][T18459] [ 911.411046][T18499] random: crng reseeded on system resumption [ 911.428236][T18497] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input23 [ 911.956853][T18507] netlink: 752 bytes leftover after parsing attributes in process `syz.2.2752'. [ 915.587885][T18553] random: crng reseeded on system resumption [ 916.308300][T18562] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2767'. [ 917.422882][T18576] netlink: 748 bytes leftover after parsing attributes in process `syz.3.2771'. [ 918.703232][T18593] FAULT_INJECTION: forcing a failure. [ 918.703232][T18593] name failslab, interval 1, probability 0, space 0, times 0 [ 918.730495][T18593] CPU: 1 UID: 0 PID: 18593 Comm: syz.3.2775 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 918.730548][T18593] Tainted: [U]=USER [ 918.730559][T18593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 918.730579][T18593] Call Trace: [ 918.730589][T18593] [ 918.730602][T18593] dump_stack_lvl+0x16c/0x1f0 [ 918.730654][T18593] should_fail_ex+0x512/0x640 [ 918.730699][T18593] ? __kmalloc_noprof+0xbf/0x510 [ 918.730746][T18593] ? constrain_params_by_rules+0x175/0xca0 [ 918.730779][T18593] should_failslab+0xc2/0x120 [ 918.730809][T18593] __kmalloc_noprof+0xd2/0x510 [ 918.730870][T18593] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 918.730938][T18593] constrain_params_by_rules+0x175/0xca0 [ 918.730978][T18593] ? arch_stack_walk+0xa6/0x100 [ 918.731024][T18593] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 918.731064][T18593] ? stack_trace_save+0x8e/0xc0 [ 918.731102][T18593] ? __pfx_stack_trace_save+0x10/0x10 [ 918.731152][T18593] ? __kasan_slab_free+0x51/0x70 [ 918.731204][T18593] ? kfree+0x2b4/0x4d0 [ 918.731244][T18593] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 918.731291][T18593] ? snd_pcm_oss_change_params_locked+0x13f9/0x3a30 [ 918.731327][T18593] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 918.731362][T18593] ? snd_pcm_oss_sync+0x32e/0x840 [ 918.731397][T18593] ? snd_pcm_oss_release+0x28b/0x310 [ 918.731431][T18593] ? __fput+0x3ff/0xb70 [ 918.731463][T18593] ? task_work_run+0x150/0x240 [ 918.731514][T18593] ? snd_interval_refine+0x2fa/0x580 [ 918.731566][T18593] snd_pcm_hw_refine+0x7de/0xad0 [ 918.731612][T18593] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 918.731675][T18593] snd_pcm_hw_param_last+0x32d/0x710 [ 918.731718][T18593] snd_pcm_hw_param_near.constprop.0+0x570/0x8e0 [ 918.731763][T18593] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 918.731803][T18593] ? __asan_memset+0x23/0x50 [ 918.731846][T18593] ? calc_src_frames.isra.0+0x187/0x1d0 [ 918.731884][T18593] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 918.731935][T18593] snd_pcm_oss_change_params_locked+0x13f9/0x3a30 [ 918.731995][T18593] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 918.732047][T18593] ? snd_pcm_oss_sync+0x30c/0x840 [ 918.732126][T18593] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 918.732166][T18593] snd_pcm_oss_sync+0x32e/0x840 [ 918.732204][T18593] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 918.732240][T18593] snd_pcm_oss_release+0x28b/0x310 [ 918.732277][T18593] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 918.732326][T18593] __fput+0x3ff/0xb70 [ 918.732369][T18593] task_work_run+0x150/0x240 [ 918.732422][T18593] ? __pfx_task_work_run+0x10/0x10 [ 918.732476][T18593] ? __pfx___do_sys_close_range+0x10/0x10 [ 918.732524][T18593] ? syscall_user_dispatch+0x78/0x140 [ 918.732564][T18593] exit_to_user_mode_loop+0xeb/0x110 [ 918.732620][T18593] do_syscall_64+0x3f6/0x490 [ 918.732675][T18593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 918.732708][T18593] RIP: 0033:0x7ff029b8e929 [ 918.732735][T18593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 918.732768][T18593] RSP: 002b:00007ff02aa54038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 918.732799][T18593] RAX: 0000000000000000 RBX: 00007ff029db6080 RCX: 00007ff029b8e929 [ 918.732820][T18593] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 918.732841][T18593] RBP: 00007ff029c10ca1 R08: 0000000000000000 R09: 0000000000000000 [ 918.732862][T18593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 918.732882][T18593] R13: 0000000000000000 R14: 00007ff029db6080 R15: 00007ffd03212268 [ 918.732926][T18593] [ 919.658286][T18606] random: crng reseeded on system resumption [ 920.951103][ T30] audit: type=1800 audit(6442451105.986:14): pid=18629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2783" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 922.162914][T18652] ovs_: entered promiscuous mode [ 923.344323][T18668] binder: 18664:18668 ioctl c0306201 2000000011c0 returned -14 [ 927.572817][T18736] random: crng reseeded on system resumption syzkaller syzkaller login: [ 932.117604][T18816] random: crng reseeded on system resumption [ 933.930749][T18866] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2826'. [ 934.373850][T18875] FAULT_INJECTION: forcing a failure. [ 934.373850][T18875] name failslab, interval 1, probability 0, space 0, times 0 [ 934.414401][T18878] netlink: 748 bytes leftover after parsing attributes in process `syz.1.2827'. [ 934.456256][T18875] CPU: 1 UID: 0 PID: 18875 Comm: syz.3.2828 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 934.456314][T18875] Tainted: [U]=USER [ 934.456325][T18875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 934.456346][T18875] Call Trace: [ 934.456357][T18875] [ 934.456370][T18875] dump_stack_lvl+0x16c/0x1f0 [ 934.456426][T18875] should_fail_ex+0x512/0x640 [ 934.456474][T18875] ? fs_reclaim_acquire+0xae/0x150 [ 934.456518][T18875] should_failslab+0xc2/0x120 [ 934.456550][T18875] __kmalloc_cache_noprof+0x6a/0x3e0 [ 934.456597][T18875] ? tomoyo_find_next_domain+0xfd/0x20b0 [ 934.456640][T18875] tomoyo_find_next_domain+0xfd/0x20b0 [ 934.456688][T18875] ? __pfx_tomoyo_find_next_domain+0x10/0x10 [ 934.456740][T18875] tomoyo_bprm_check_security+0x12e/0x1d0 [ 934.456792][T18875] ? tomoyo_bprm_check_security+0x120/0x1d0 [ 934.456863][T18875] security_bprm_check+0x1b9/0x1e0 [ 934.456894][T18875] bprm_execve+0x810/0x1650 [ 934.456940][T18875] ? __pfx_bprm_execve+0x10/0x10 [ 934.456976][T18875] ? copy_string_kernel+0x444/0x510 [ 934.457021][T18875] do_execveat_common.isra.0+0x4a5/0x610 [ 934.457067][T18875] __x64_sys_execve+0x8e/0xb0 [ 934.457107][T18875] do_syscall_64+0xcd/0x490 [ 934.457154][T18875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 934.457199][T18875] RIP: 0033:0x7ff029b8e929 [ 934.457222][T18875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 934.457252][T18875] RSP: 002b:00007ff02aa54038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 934.457284][T18875] RAX: ffffffffffffffda RBX: 00007ff029db6080 RCX: 00007ff029b8e929 [ 934.457304][T18875] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 934.457322][T18875] RBP: 00007ff029c10ca1 R08: 0000000000000000 R09: 0000000000000000 [ 934.457340][T18875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 934.457357][T18875] R13: 0000000000000000 R14: 00007ff029db6080 R15: 00007ffd03212268 [ 934.457393][T18875] [ 935.932824][T18891] random: crng reseeded on system resumption [ 936.583373][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.589939][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 936.621318][T18899] FAULT_INJECTION: forcing a failure. [ 936.621318][T18899] name failslab, interval 1, probability 0, space 0, times 0 [ 936.701523][T18899] CPU: 1 UID: 0 PID: 18899 Comm: syz.3.2834 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 936.701575][T18899] Tainted: [U]=USER [ 936.701586][T18899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 936.701606][T18899] Call Trace: [ 936.701616][T18899] [ 936.701629][T18899] dump_stack_lvl+0x16c/0x1f0 [ 936.701679][T18899] should_fail_ex+0x512/0x640 [ 936.701724][T18899] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 936.701785][T18899] should_failslab+0xc2/0x120 [ 936.701814][T18899] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 936.701854][T18899] ? __proc_create+0xc3/0x8c0 [ 936.701899][T18899] ? __proc_create+0x2ce/0x8c0 [ 936.701958][T18899] __proc_create+0x2ce/0x8c0 [ 936.702006][T18899] ? __pfx___proc_create+0x10/0x10 [ 936.702088][T18899] proc_mkdir+0x81/0x170 [ 936.702116][T18899] ? __pfx_proc_mkdir+0x10/0x10 [ 936.702146][T18899] ? cache_register_net+0x137/0x5e0 [ 936.702184][T18899] cache_register_net+0x18f/0x5e0 [ 936.702220][T18899] gss_svc_init_net+0x151/0x660 [ 936.702265][T18899] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 936.702300][T18899] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 936.702347][T18899] ops_init+0x1e2/0x5f0 [ 936.702401][T18899] setup_net+0x1ff/0x510 [ 936.702447][T18899] ? lockdep_init_map_type+0x5c/0x280 [ 936.702491][T18899] ? __pfx_setup_net+0x10/0x10 [ 936.702544][T18899] ? debug_mutex_init+0x37/0x70 [ 936.702585][T18899] copy_net_ns+0x2a6/0x5f0 [ 936.702622][T18899] create_new_namespaces+0x3ea/0xa90 [ 936.702669][T18899] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 936.702709][T18899] ksys_unshare+0x45b/0xa40 [ 936.702753][T18899] ? __pfx_ksys_unshare+0x10/0x10 [ 936.702797][T18899] ? xfd_validate_state+0x61/0x180 [ 936.702850][T18899] __x64_sys_unshare+0x31/0x40 [ 936.702891][T18899] do_syscall_64+0xcd/0x490 [ 936.702950][T18899] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.702982][T18899] RIP: 0033:0x7ff029b8e929 [ 936.703007][T18899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 936.703038][T18899] RSP: 002b:00007ff02aa75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 936.703067][T18899] RAX: ffffffffffffffda RBX: 00007ff029db5fa0 RCX: 00007ff029b8e929 [ 936.703088][T18899] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 936.703107][T18899] RBP: 00007ff029c10ca1 R08: 0000000000000000 R09: 0000000000000000 [ 936.703127][T18899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 936.703146][T18899] R13: 0000000000000000 R14: 00007ff029db5fa0 R15: 00007ffd03212268 [ 936.703187][T18899] [ 938.762519][T18937] random: crng reseeded on system resumption [ 943.148520][T19006] ================================================================== [ 943.156649][T19006] BUG: KASAN: slab-out-of-bounds in afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 943.165362][T19006] Read of size 1 at addr ffff888075ade3a7 by task syz.1.2855/19006 [ 943.173273][T19006] [ 943.175611][T19006] CPU: 1 UID: 0 PID: 19006 Comm: syz.1.2855 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 943.175644][T19006] Tainted: [U]=USER [ 943.175651][T19006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 943.175666][T19006] Call Trace: [ 943.175673][T19006] [ 943.175682][T19006] dump_stack_lvl+0x116/0x1f0 [ 943.175722][T19006] print_report+0xcd/0x610 [ 943.175742][T19006] ? __virt_addr_valid+0x81/0x610 [ 943.175765][T19006] ? __phys_addr+0xe8/0x180 [ 943.175788][T19006] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 943.175812][T19006] kasan_report+0xe0/0x110 [ 943.175831][T19006] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 943.175861][T19006] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 943.175885][T19006] ? __lock_acquire+0xb8a/0x1c90 [ 943.175918][T19006] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 943.175944][T19006] ? find_held_lock+0x2b/0x80 [ 943.175965][T19006] ? __might_fault+0xe3/0x190 [ 943.175996][T19006] ? __might_fault+0xe3/0x190 [ 943.176025][T19006] ? __might_fault+0x13b/0x190 [ 943.176061][T19006] ? proc_simple_write+0x117/0x1b0 [ 943.176083][T19006] proc_simple_write+0x117/0x1b0 [ 943.176104][T19006] ? __pfx_proc_simple_write+0x10/0x10 [ 943.176126][T19006] proc_reg_write+0x240/0x330 [ 943.176159][T19006] ? __pfx_proc_reg_write+0x10/0x10 [ 943.176189][T19006] vfs_writev+0x5dc/0xde0 [ 943.176217][T19006] ? __pfx___mutex_trylock_common+0x10/0x10 [ 943.176253][T19006] ? __pfx_vfs_writev+0x10/0x10 [ 943.176280][T19006] ? __mutex_lock+0x1ca/0xb90 [ 943.176312][T19006] ? kmem_cache_free+0x2d1/0x4d0 [ 943.176345][T19006] ? __pfx___mutex_lock+0x10/0x10 [ 943.176381][T19006] ? __fget_files+0x20e/0x3c0 [ 943.176414][T19006] ? do_writev+0x132/0x340 [ 943.176440][T19006] do_writev+0x132/0x340 [ 943.176467][T19006] ? __pfx_do_writev+0x10/0x10 [ 943.176504][T19006] do_syscall_64+0xcd/0x490 [ 943.176537][T19006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.176560][T19006] RIP: 0033:0x7fed6e58e929 [ 943.176576][T19006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 943.176597][T19006] RSP: 002b:00007fed6c3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 943.176617][T19006] RAX: ffffffffffffffda RBX: 00007fed6e7b64e0 RCX: 00007fed6e58e929 [ 943.176632][T19006] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 000000000000000a [ 943.176645][T19006] RBP: 00007fed6e610ca1 R08: 0000000000000000 R09: 0000000000000000 [ 943.176659][T19006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.176672][T19006] R13: 0000000000000000 R14: 00007fed6e7b64e0 R15: 00007fffc7fcb6c8 [ 943.176692][T19006] [ 943.176700][T19006] [ 943.441982][T19006] Allocated by task 19006: [ 943.446502][T19006] kasan_save_stack+0x33/0x60 [ 943.451210][T19006] kasan_save_track+0x14/0x30 [ 943.455909][T19006] __kasan_kmalloc+0xaa/0xb0 [ 943.460511][T19006] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 943.466942][T19006] memdup_user_nul+0x2b/0x120 [ 943.471626][T19006] proc_simple_write+0xc7/0x1b0 [ 943.476485][T19006] proc_reg_write+0x240/0x330 [ 943.481177][T19006] vfs_writev+0x5dc/0xde0 [ 943.485519][T19006] do_writev+0x132/0x340 [ 943.489773][T19006] do_syscall_64+0xcd/0x490 [ 943.494318][T19006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.500234][T19006] [ 943.502567][T19006] The buggy address belongs to the object at ffff888075ade3a0 [ 943.502567][T19006] which belongs to the cache kmalloc-8 of size 8 [ 943.516289][T19006] The buggy address is located 0 bytes to the right of [ 943.516289][T19006] allocated 7-byte region [ffff888075ade3a0, ffff888075ade3a7) [ 943.530616][T19006] [ 943.532947][T19006] The buggy address belongs to the physical page: [ 943.539359][T19006] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75ade [ 943.548154][T19006] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 943.555307][T19006] page_type: f5(slab) [ 943.559304][T19006] raw: 00fff00000000000 ffff88801b841500 dead000000000100 dead000000000122 [ 943.567901][T19006] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 943.576489][T19006] page dumped because: kasan: bad access detected [ 943.583208][T19006] page_owner tracks the page as allocated [ 943.588932][T19006] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5854, tgid 5854 (syz-executor), ts 107791215397, free_ts 107791201674 [ 943.608405][T19006] post_alloc_hook+0x1c0/0x230 [ 943.613196][T19006] get_page_from_freelist+0x1321/0x3890 [ 943.618759][T19006] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 943.624688][T19006] alloc_pages_mpol+0x1fb/0x550 [ 943.629541][T19006] new_slab+0x23b/0x330 [ 943.633710][T19006] ___slab_alloc+0xd9c/0x1940 [ 943.638400][T19006] __slab_alloc.constprop.0+0x56/0xb0 [ 943.643786][T19006] __kmalloc_node_noprof+0x2ed/0x500 [ 943.649094][T19006] __vmalloc_node_range_noprof+0x3e5/0x14b0 [ 943.655006][T19006] __vmalloc_node_noprof+0xad/0xf0 [ 943.660131][T19006] do_ip6t_get_ctl+0x63f/0xa50 [ 943.664915][T19006] nf_getsockopt+0x7c/0xe0 [ 943.669339][T19006] ipv6_getsockopt+0x1f7/0x280 [ 943.674118][T19006] tcp_getsockopt+0x9e/0x100 [ 943.678736][T19006] do_sock_getsockopt+0x3fc/0x800 [ 943.683775][T19006] __sys_getsockopt+0x123/0x1b0 [ 943.688654][T19006] page last free pid 5854 tgid 5854 stack trace: [ 943.694985][T19006] __free_frozen_pages+0x7fe/0x1180 [ 943.700200][T19006] kasan_populate_vmalloc+0x13d/0x1f0 [ 943.705603][T19006] alloc_vmap_area+0x959/0x29c0 [ 943.710466][T19006] __get_vm_area_node+0x1ca/0x330 [ 943.715504][T19006] __vmalloc_node_range_noprof+0x271/0x14b0 [ 943.721410][T19006] __vmalloc_node_noprof+0xad/0xf0 [ 943.726546][T19006] do_ip6t_get_ctl+0x63f/0xa50 [ 943.731320][T19006] nf_getsockopt+0x7c/0xe0 [ 943.735762][T19006] ipv6_getsockopt+0x1f7/0x280 [ 943.740532][T19006] tcp_getsockopt+0x9e/0x100 [ 943.745148][T19006] do_sock_getsockopt+0x3fc/0x800 [ 943.750197][T19006] __sys_getsockopt+0x123/0x1b0 [ 943.755067][T19006] __x64_sys_getsockopt+0xbd/0x160 [ 943.760205][T19006] do_syscall_64+0xcd/0x490 [ 943.764758][T19006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.770676][T19006] [ 943.773012][T19006] Memory state around the buggy address: [ 943.778652][T19006] ffff888075ade280: 05 fc fc fc 05 fc fc fc 00 fc fc fc 00 fc fc fc [ 943.786730][T19006] ffff888075ade300: fa fc fc fc 00 fc fc fc 06 fc fc fc fa fc fc fc [ 943.794800][T19006] >ffff888075ade380: 05 fc fc fc 07 fc fc fc 05 fc fc fc 05 fc fc fc [ 943.802869][T19006] ^ [ 943.807986][T19006] ffff888075ade400: 03 fc fc fc 05 fc fc fc 05 fc fc fc fa fc fc fc [ 943.816058][T19006] ffff888075ade480: fa fc fc fc fa fc fc fc 00 fc fc fc fa fc fc fc [ 943.824126][T19006] ================================================================== [ 943.966639][T19006] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 943.973966][T19006] CPU: 0 UID: 0 PID: 19006 Comm: syz.1.2855 Tainted: G U 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 943.987615][T19006] Tainted: [U]=USER [ 943.991424][T19006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 944.001495][T19006] Call Trace: [ 944.004782][T19006] [ 944.007724][T19006] dump_stack_lvl+0x3d/0x1f0 [ 944.012358][T19006] panic+0x71c/0x800 [ 944.016315][T19006] ? __pfx_panic+0x10/0x10 [ 944.020788][T19006] ? mark_held_locks+0x49/0x80 [ 944.025615][T19006] ? preempt_schedule_thunk+0x16/0x30 [ 944.031043][T19006] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 944.037078][T19006] ? preempt_schedule_common+0x44/0xc0 [ 944.042598][T19006] ? check_panic_on_warn+0x1f/0xb0 [ 944.047785][T19006] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 944.053818][T19006] check_panic_on_warn+0xab/0xb0 [ 944.058823][T19006] end_report+0x107/0x170 [ 944.063192][T19006] kasan_report+0xee/0x110 [ 944.067647][T19006] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 944.073681][T19006] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 944.079542][T19006] ? __lock_acquire+0xb8a/0x1c90 [ 944.084563][T19006] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 944.090782][T19006] ? find_held_lock+0x2b/0x80 [ 944.095505][T19006] ? __might_fault+0xe3/0x190 [ 944.100238][T19006] ? __might_fault+0xe3/0x190 [ 944.104981][T19006] ? __might_fault+0x13b/0x190 [ 944.109817][T19006] ? proc_simple_write+0x117/0x1b0 [ 944.114981][T19006] proc_simple_write+0x117/0x1b0 [ 944.119968][T19006] ? __pfx_proc_simple_write+0x10/0x10 [ 944.125474][T19006] proc_reg_write+0x240/0x330 [ 944.130212][T19006] ? __pfx_proc_reg_write+0x10/0x10 [ 944.135476][T19006] vfs_writev+0x5dc/0xde0 [ 944.139865][T19006] ? __pfx___mutex_trylock_common+0x10/0x10 [ 944.145825][T19006] ? __pfx_vfs_writev+0x10/0x10 [ 944.150734][T19006] ? __mutex_lock+0x1ca/0xb90 [ 944.155477][T19006] ? kmem_cache_free+0x2d1/0x4d0 [ 944.160484][T19006] ? __pfx___mutex_lock+0x10/0x10 [ 944.165581][T19006] ? __fget_files+0x20e/0x3c0 [ 944.170329][T19006] ? do_writev+0x132/0x340 [ 944.174801][T19006] do_writev+0x132/0x340 [ 944.179107][T19006] ? __pfx_do_writev+0x10/0x10 [ 944.183932][T19006] do_syscall_64+0xcd/0x490 [ 944.188514][T19006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.194467][T19006] RIP: 0033:0x7fed6e58e929 [ 944.198927][T19006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 944.218588][T19006] RSP: 002b:00007fed6c3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 944.227046][T19006] RAX: ffffffffffffffda RBX: 00007fed6e7b64e0 RCX: 00007fed6e58e929 [ 944.235042][T19006] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 000000000000000a [ 944.243039][T19006] RBP: 00007fed6e610ca1 R08: 0000000000000000 R09: 0000000000000000 [ 944.251021][T19006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 944.259007][T19006] R13: 0000000000000000 R14: 00007fed6e7b64e0 R15: 00007fffc7fcb6c8 [ 944.267005][T19006] [ 944.270456][T19006] Kernel Offset: disabled [ 944.274795][T19006] Rebooting in 86400 seconds..