last executing test programs: 4.795437516s ago: executing program 3 (id=644): mmap$auto(0x0, 0x2020009, 0x0, 0x39f, 0xffffffffffffffff, 0x6) prlimit64$auto(0x0, 0x1, &(0x7f00000000c0)={0x6, 0x7}, &(0x7f0000000100)={0xfffffffffffffff8, 0x2e7}) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nlbl_unlbl(0x0, r1) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r1, 0x0, 0x20000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) close_range$auto(r0, 0xffffffffffffffff, 0x6) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000023, 0x87, 0x6d3e, 0x9, 0x2, 0x4000000006]}, 0x0) 4.106823487s ago: executing program 2 (id=645): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000340), 0x8200, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mmap$auto(0x3, 0x202000c, 0x3, 0xff, 0xfffffffffffffffa, 0x8000) get_robust_list$auto(0x1, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0xa, 0x2, 0x3a) write$auto(0x3, 0x0, 0xfffffdef) getcpu$auto(0xfffffffffffffffc, 0xffffffffffffffff, 0xfffffffffffffffd) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000009c0)='/proc/self/net/icmp6\x00', 0x8000, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) fanotify_init$auto(0x4f1, 0x1) mmap$auto(0x0, 0x202000d, 0x8000000002, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) userfaultfd$auto(0x1) socket(0xa, 0x801, 0x84) socket(0xa, 0x3, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socket(0xa, 0x2, 0x0) socket(0xa, 0x2, 0x3a) r0 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) bpf$auto(0x4, &(0x7f0000000040)=@query={@target_ifindex, 0x7, 0x6, 0x9, 0x9, @prog_cnt=0x4, 0x0, 0x80000000, 0xc, 0x9, 0xffffffffffffff66}, 0x7) 3.63437714s ago: executing program 2 (id=647): openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2d, 0x2, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x40, 0x10, 0xc}, 0x18) io_uring_setup$auto(0x6, 0x0) socket(0x23, 0x80805, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e24, @loopback}, 0x200000) socket(0x10, 0x2, 0x0) memfd_secret$auto(0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram8/dev\x00', 0x488981, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) getsockopt$auto_SO_SNDTIMEO_OLD(r0, 0x5, 0x15, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', &(0x7f0000000100)=0xfffffeff) prctl$auto(0x3e, 0x1, 0x0, 0x800000000001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) shutdown$auto(0x200000003, 0x2) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x7fffffe) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) 3.602989034s ago: executing program 3 (id=648): select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000023, 0x87, 0x6d3e, 0x9, 0x2, 0x4000000006]}, 0x0) 3.433761031s ago: executing program 3 (id=650): r0 = socket(0x10, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$[\x00\x00', @ANYRES16=0x0, @ANYBLOB="20002cbd7000fbdbdf250200000008000300800040000800030009"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x3f, 0x9}, 0x7}, 0x3, 0x0) 3.343595309s ago: executing program 0 (id=651): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/pppol2tp\x00', 0x200, 0x0) r1 = openat$auto_hwflags_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy17/hwflags\x00', 0x8000, 0x0) setitimer$auto(0x2, &(0x7f0000000080)={{0x2, 0x5}, {0x0, 0x8}}, 0x0) setitimer$auto(0x2, &(0x7f0000000000)={{0x8000, 0x6}, {0xa4b, 0x6}}, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x0, 0xe3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000300), 0xa0080, 0x0) io_uring_setup$auto(0x7e1b, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0xfffffffe, 0x5, 0x8000000000000000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) read$auto(r2, 0x0, 0x2) r3 = socket(0x10, 0x2, 0xc) r4 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffffff, &(0x7f0000000140)="d1807307", 0x4) r5 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r5, 0xffffffffffdffe00, &(0x7f0000000140)) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) pwrite64$auto(r6, &(0x7f0000000040)='+\x00', 0xfdef, 0x1ff) sendmsg$auto_CTRL_CMD_GETPOLICY(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x1c, r4, 0x10, 0x70bd2c, 0x25dfdbfa, {0xa, 0x0, 0xa00}, [@CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24050803}, 0x10004010) io_uring_register$auto_IORING_REGISTER_RESIZE_RINGS(r1, 0x21, &(0x7f0000000080)="3fb2ff5c73c86130271d2f7af03e9a24643cb4b99f6c2fa08c1ba6f7ed4613ffc8f4743671718b519254af3dff4ccd825da9ad4c81242b2908e55a73fdb91cc1ed05199fefc99e117d7d5c6ac95a99f5e976f3ecb43cf3da8ea4b6a45a5301c7f6c43299fcf3ac31a228491a7d72ed05ca4306ed9d17422e3a2a4a9b6aac9185947999cbd633273cca34a1cacf45ac153594b8bf21de866337c6eeca87904562c4df32579bead293c9abbbe3409eb133c9", 0x8001) pread64$auto(r0, &(0x7f0000000180)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\x8d\xa8\xcfM9\\\xd6\xcfUq\x05#\xed\x1c\xd1G\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xbasG\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\xfdz\xab\x91RQ7\xc4qI\xc5c.\xefQ\xfb\xf4!\xe6\xd0Pa\xb8\xb4R\xaah2\x1c\xdfEy?\xac\xc6\x122\xb0z\xdd\'\fq\x80\x1e\f\xaf\n\xad\x9f\xb4E+\x9e\xa6\xef\x03\xc7\xc1u\xa3K\xc3a\x127\xc2s\xae3\x80\x96\xf0\xc1\xff>\xec\x0eBW)\xb5I|\xaa\xb6\x1d\xbd,t\a\xff\x1e\xa67\xc1\xb5\xb5O\xe9aN|F\xb6\xd0\xf6\x19s\xf9\x9e', 0x400, 0x6) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) 3.249353905s ago: executing program 3 (id=652): mmap$auto(0xfffffffffffffffb, 0x2, 0x100000021, 0x400009b75, 0xea8a, 0x8000) r0 = socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/cards\x00', 0x2, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f00000000c0)=""/163, 0xa3) mmap$auto(0xd737, 0x2000000002020009, 0xf1, 0xcde, 0xfffffffffffffffa, 0x80000000001) sendmmsg$auto(r0, &(0x7f0000000280)={{&(0x7f0000000180)="059e4c42145db3802b2114d6c1ee9a6d0e37e80772d7a88b669273f225f26ca79d2aa5b54d220499582658d22d9b419ad42552902c53d3912e9cef236955158015cefaab8fc428c41a8e99856c44d6e7f7c818cd26500ba945ff7b8c3130518509332241f760e80c", 0xf5f41b92, &(0x7f0000000240)={&(0x7f0000001300)="597353f6e73f21b55435a7e01c442e723220ab67c9fc0b50a229b60bebdce76cbaf354e6eea1ff831c75a989c58e91a5eadd1a1b0625cbabc7683af55cda8d28988927ef31d82a171a48f604f65e8397a13e8c66439a35ec93a0f6857553d70648b08ee5872e1729c5651dca900e0f0efea25a619c243d1ccadb83db7064c58aad0fa0d5b8dea13a433a6172bf0f210a0d54dcd969e8", 0x100000000}, 0x9, &(0x7f00000013c0)="1d2f12aeb4766dc0a19088db79e8ba12b53b563825e70864e9716ddbc11c987c5c355810dec77e754ccd3f32cf18ab9c6599dece0c97c3645118c0d8c75e2bb325ab91860b075de33435b164a6a3a56760a496926ca566f71cc214886007943796319f9ba04007668207cd74527ea90d42cee7aa052809f046c52741199ffe2c62796bd8", 0x6, 0x5}, 0x8}, 0x0, 0x3) r2 = open(&(0x7f0000000040)='./file0\x00', 0x1ebe02, 0x61) mmap$auto(0x0, 0x11, 0xdf, 0x9b72, r2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x81, 0x0, 0x0, &(0x7f00000002c0)={[0x3dcbd9be, 0x80000001, 0xb7, 0x1, 0x948b, 0x3, 0x15f4de0a, 0x5, 0x8000, 0x64, 0x80000001, 0xfffffffffffffffe, 0x6d3f, 0x9, 0x2, 0x8]}, 0x0) write$auto(r3, 0x0, 0x100000a3d9) process_vm_readv$auto(0x0, 0x0, 0x6, &(0x7f0000000100)={0x0, 0x40000002001243}, 0x3, 0xfffffffffffffffc) io_uring_setup$auto(0x5a, 0x0) r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/usbmon8\x00', 0x640, 0x0) socket(0xa, 0x1, 0x84) read$auto_mon_fops_binary_mon_bin(r4, 0x0, 0x2f) close_range$auto(0x2, 0xa, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001480)='/sys/kernel/irq/12/hwirq\x00', 0x900, 0x0) read$auto(r5, 0x0, 0x20) syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(r0, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x8000000000000000, 0x2020009, 0x200000000000003, 0xffffffffffffffff, 0xffffffffffffffff, 0x8000) setrlimit$auto(0x1000000007, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) 2.663138754s ago: executing program 3 (id=654): close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) socket(0xa, 0x3, 0x3) r0 = socket(0x10, 0x2, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r2, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) r3 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000003b00)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x600, 0x0) readv$auto(r3, &(0x7f0000003dc0)={0x0, 0x1}, 0xb) 2.619854213s ago: executing program 1 (id=655): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000340), 0x8200, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mmap$auto(0x3, 0x202000c, 0x3, 0xff, 0xfffffffffffffffa, 0x8000) get_robust_list$auto(0x1, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0xa, 0x2, 0x3a) write$auto(0x3, 0x0, 0xfffffdef) getcpu$auto(0xfffffffffffffffc, 0xffffffffffffffff, 0xfffffffffffffffd) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000009c0)='/proc/self/net/icmp6\x00', 0x8000, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) fanotify_init$auto(0x4f1, 0x1) mmap$auto(0x0, 0x202000d, 0x8000000002, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) userfaultfd$auto(0x1) socket(0xa, 0x801, 0x84) socket(0xa, 0x3, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socket(0xa, 0x2, 0x0) socket(0xa, 0x2, 0x3a) r0 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) bpf$auto(0x4, &(0x7f0000000040)=@query={@target_ifindex, 0x7, 0x6, 0x9, 0x9, @prog_cnt=0x4, 0x0, 0x80000000, 0xc, 0x9, 0xffffffffffffff66}, 0x7) 2.474776288s ago: executing program 2 (id=656): r0 = socket(0x10, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$[\x00\x00', @ANYRES16=0x0, @ANYBLOB="20002cbd7000fbdbdf250200000008000300800040000800030009"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (fail_nth: 4) 2.364994498s ago: executing program 1 (id=657): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) rt_sigaction$auto(0x1, &(0x7f0000000440)={&(0x7f0000000000)=0x0, 0x7ffffffffffff7fe, 0x0, {0x5}}, 0x0, 0x8) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) select$auto(0x5, &(0x7f0000000080)={[0x4c, 0x0, 0x5, 0x7, 0x7, 0x5, 0x0, 0x7, 0x9, 0x4, 0x9, 0x8000, 0xff, 0xd8, 0x8, 0x800]}, 0x0, 0x0, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) rt_sigaction$auto(0x5, &(0x7f0000000140)={&(0x7f0000000040)=0x0, 0x9, 0x0, {0x81}}, 0x0, 0x8) bind$auto(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x9, "cc00000008f0ffffff000100"}, 0x6b) r1 = gettid() rt_sigaction$auto(0x5, &(0x7f0000000280)={&(0x7f0000000180)=&(0x7f0000000100)=0x6, 0x1, &(0x7f0000000240)=&(0x7f0000000200)=0x2}, &(0x7f00000003c0)={&(0x7f0000000300)=&(0x7f00000002c0)=0xd9, 0x6, &(0x7f0000000380)=&(0x7f0000000340), {0x2}}, 0x8) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x0, 0x1, 0x70bd26, 0x25dfdbfd, {0x2, 0x0, 0xfd}, [@NL80211_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004081}, 0x20000084) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'dvmrp1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@HSR_A_IF2_AGE={0x8, 0x4, 0xab7}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8, 0x2, r4}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @HSR_A_NODE_ADDR={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @HSR_A_NODE_ADDR={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}}, @HSR_A_IFINDEX={0x8, 0x2, r4}, @HSR_A_IF1_SEQ={0x6, 0x6, 0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x40) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'pimreg1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000540)={0x4bc, 0x0, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0xfa, 0x2, 0x0, 0x1, [@nested={0x8, 0x30, 0x0, 0x1, [@nested={0x4, 0x146}]}, @generic="fd2dc361e84e853f3ff20336cc6d2313e160761c3d95dcff02b28291a91e862eaf2364650f7437d7127b0d9aa30480de7201a1b1ebde2365a86545cda4a5885400c327e86a27ad44604e4436cf90ef4f68afa0b3f83f26b0861363c3175f73e67b95f8176fa00feb420104c7ad2e58113ca6314c12754a576432c76035309ca8e6ca427475d6b06d2011a75dc4d37558ee1af18ba1fab757a5ed10eb65ef5461ff6161758d42972c5ec66b4333e762f2521c790f97c743d1770ed9393ba701b10e25f6ddbc86d9d8cd9fabb2aacb084f1a172a161d06c0386553", @typed={0x8, 0x137, 0x0, 0x0, @fd=r0}, @nested={0xc, 0x8a, 0x0, 0x1, [@nested={0x4, 0x83}, @nested={0x4, 0x10f}]}]}, @ETHTOOL_A_DEBUG_MSGMASK={0xf2, 0x2, 0x0, 0x1, [@generic="b9d003469bd4aafb82162ba04b70cb1cb43ed049edb2901cbbe8b7f8ab201f653a2acff8974c88281d59257008c9915355f98c1c93eea5418c48fd79b8db2614f2e5c2c0d00881b22e25d5dc772ad414562131db02c208fc965afbed3b6e", @nested={0x84, 0xc3, 0x0, 0x1, [@generic="16c8c6725903b73ce707714c7f214b491145a3b338dc65d0baac38384663fce44de7fb61219bdf55e07640545759dbe698ef2aafaa4890b26fafe45bb0e08dba1097be9232a6e622f6db1b02a02d61b3aedf2a994971be3a", @typed={0xc, 0x131, 0x0, 0x0, @u64=0x8}, @typed={0x14, 0xc4, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @typed={0x8, 0x120, 0x0, 0x0, @fd}]}, @typed={0xc, 0x31, 0x0, 0x0, @u64=0xf8}]}, @ETHTOOL_A_DEBUG_HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3d}]}, @ETHTOOL_A_DEBUG_MSGMASK={0xf8, 0x2, 0x0, 0x1, [@typed={0x8, 0x122, 0x0, 0x0, @ipv4=@private=0xa010101}, @typed={0x8, 0xf9, 0x0, 0x0, @ipv4=@loopback}, @generic="1ce7e18387f3f6b33c7c4939da0c79ebb5dc1abffb1fdf0a3f1bbc92aa047caf", @typed={0xc2, 0x11b, 0x0, 0x0, @binary="f9000e60fb98d97cfb6ddeb834663be8c4edb0c4d0affa70ad1ac23f8eadf80003b7966a455d5cbea80bfc924a75bfa0756e73a6fd2a0dd2bc7944d8b3fe1a1830fe9105ff408019d8c51536cca26dd625b6b5e25603668a78ae35530cf0465972a430e98c4611bdeb1c86aca5594cea58a86eed92e28ce086198582165d37a72c47998b6d9cf94fab076eb5231fbb2d3ed25b0c90f421b36ac4f1fddf8080424e88a98a8f0efa421187964175212582a5e2d5d738625402a006ea5cbdab"}]}, @ETHTOOL_A_DEBUG_HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_DEBUG_MSGMASK={0xf6, 0x2, 0x0, 0x1, [@typed={0x11, 0x6a, 0x0, 0x0, @str=')(&+](&+{@+}\x00'}, @typed={0xc, 0x10d, 0x0, 0x0, @u64}, @typed={0xf, 0xe, 0x0, 0x0, @str='/dev/ttyS2\x00'}, @generic="bd2c7ac9d039065d546bb32a455ec6c48d1cac63c4a3d8cedca64cbf612f3b4792908354ecd12c9dfedf10383de71a7d5473a3d7c96879ab871bc06fd7bf4b6c4a5082ed3f66b80ef5512789ac1e5af87f0eac11bd2526583f99d4cfaf780a29530e55d51727795e67c917d1f25b3ff54a9be10d90d0f4b19923e42a7c896ead03db8200ff151e627f55bcbdf70cc2a6eb7c1517ed9de73691223f93a33bbc8185d57fa542c9e2fb26d5c0192d6d3a65a831aef68d4a941f41b7279a993b009d182c"]}, @ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}]}, @ETHTOOL_A_DEBUG_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x4bc}, 0x1, 0x0, 0x0, 0x10}, 0x4008001) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim2/new_port\x00', 0x183841, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x800, 0x0) read$auto(r6, 0x0, 0x1) write$auto(0x3, 0x0, 0x100082) r7 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/010/001\x00', 0x20000, 0x0) ioctl$auto_MON_IOCQ_URB_LEN(r7, 0x9201, 0x0) io_uring_setup$auto(0x52e0, 0x0) r8 = socket(0x2, 0x801, 0x84) getsockopt$auto(r8, 0x84, 0x6f, 0x0, 0x0) prctl$auto(0x400, 0x0, r1, 0x0, 0x1) rt_sigqueueinfo$auto(r1, 0x1, 0x0) 2.262826565s ago: executing program 0 (id=658): select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000023, 0x87, 0x6d3e, 0x9, 0x2, 0x4000000006]}, 0x0) 2.093635236s ago: executing program 0 (id=659): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x147602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) listmount$auto(0x0, 0x0, 0x0, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb2, 0x403, 0x8000) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) bpf$auto(0x5, 0x0, 0x1000) readv$auto(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x5}, 0x3) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x6c, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x200}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @broadcast}, @HSR_A_NODE_ADDR={0xa, 0x1, @local}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x7}, @HSR_A_IF2_AGE={0x8, 0x4, 0x973}]}, 0x6c}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x4040090) r0 = socket(0x2, 0x1, 0x0) getsockopt$auto(r0, 0x0, 0x63, 0x0, &(0x7f00000000c0)=0x44) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x8) sysfs$auto(0x2, 0x27, 0x0) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1c, 0x7, 0x8, 0x0) r2 = open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) openat$auto(r2, &(0x7f0000000000)='./file0\x00', 0xa67, 0x9) r3 = syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) shmctl$auto_SHM_LOCK(0x8000, 0xb, &(0x7f00000002c0)={{0x7ff, 0xee00, 0xee00, 0x8, 0x9, 0x101, 0x6a5b}, 0x1, 0x4, 0x5, 0x5, @inferred=r3, @inferred=r3, 0x305d, 0x0, 0x0, &(0x7f0000000280)="97b89f96653156"}) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/etherd/flush\x00', 0x1, 0x0) 1.789199928s ago: executing program 3 (id=660): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/adsp1\x00', 0x2, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000100)="000004") mmap$auto(0x0, 0xd2, 0x4000000000df, 0xeb1, 0x401, 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) select$auto(0x3, 0x0, &(0x7f0000000100)={[0x8, 0xb, 0x0, 0x9, 0xfffffffffffffffc, 0x83, 0x6, 0x2, 0x9, 0xffff, 0x4000000000000002, 0xd, 0x3, 0xfffffffffffffffe, 0x7, 0x1000000006]}, 0x0, 0x0) syslog$auto(0x2, &(0x7f0000000000)='-#:\x00[\xda\xe2\xc3L\xd30{Q\xecvP\x93\x87\x1e\xdd\x95\x1b\x19qI\vv\xacO*X0V\x93\x85\xff\xb2\xdd\xd8\xd5Kh\xfa\xa3\xc7\x9b}\xec\x1e\xdc\x80\x1fR\xc30\x9a\xae\\\'\x14\x98\x98\xc3iDv\x97\xdfTMt\xe5?\xd0\xcc\xb8\xfa\a\x7f\x7f\x00\x00\x00\x00\x00\x00\x00n_\xb1\x1c\x7f\xb0y\xec\xe2\xcc\x1a/\xfa{d\xe4BN\x9c\xb9\x87.\xfe\xe7&1j\xe6]\xc3\x9anE6\x81\xe4\xec\xfa\xefE\xf7\x17h\xf4pumR\xd55Dd(\x0f(b\x1aD\xf4\x03\xc3\\\xdf\x8f\xa8\x82\xab\x102\xd1\xaf\xcaT\x86\x171\x11Q4\x94\x9d\xf5\x9c\xe3\xaa\xf3\xd26i\xf9\xb2\xd9T\xc9\xfd\xba\x91^\x19\x95\xde\xbc \xa8\x98\xc3\xed\xe9,{\xd4\xa1\xe4p\xcf\b\f\xb4\xbe_\xf2\xbe\xef\v\xf1d\xdd\x0e\xfc\xc3\xeaqt\x94\xe7\xce\xf1\xc5\x94~\xf6Cx\x0e\x98\xc7gE>*\x9c%\xa0\\\x14\t\tv.\x1c\x1a\xf1\xba\xc0>\xf4Hc\xc3\xfa\x033\x8f\xb9(\n/\xcdo\xc2', 0xcf) close_range$auto(0x2, 0x8, 0x0) clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x6, 0x4, 0xfffffff7) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mlock$auto(0x1000, 0x6) mlockall$auto(0x800000000000005) r2 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u5r2, 0x20, 0x5, 0x8, 0x9, 0x10001, 0xffffffff, 0x8, 0x9, 0x2, 0xffffffffffffffff, 0xc8, 0xfffff000, 0x1, 0x9}, 0x3) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r3) r7 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_BATADV_CMD_SET_MESH(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="645f17731b7f53d1d3140ad9dca70028b2f9f8ffffffffcb19f09569f19cd583bcf14505ebd053c7a794f2845353ea4a31fa2d697b34ffbf51d5a623f7cd3fe3323eb8ab0fcd6f871e2fbe", @ANYRES16=r7, @ANYBLOB="010026bd7000fcdbdf250f000000050033000200000008000300", @ANYRES32=r9, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x140000e4) sendmsg$auto_NL80211_CMD_SET_REG(r5, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f00000002c0)=ANY=[@ANYBLOB="80010000", @ANYRES16=r6, @ANYBLOB="00012dbd7000ffdbdf251a0000005a00bd0085cfa6ecfac1d1b0e4059f7acdd9e6ada947e41cfc969ebf720a0940c53ada4639f2662c23258f56a9d65fa14fb931a7d48f682eb8344bde7a176e5aeb68e0ae1587e1a46e065c3d634abcda8dfd6277107a48be026f00000c005800000000000000000004003701120013008bc8", @ANYRES32=r9, @ANYBLOB="05003e00060000000600180087560000cf00480126b1124b9ca9264530fabb58c1784e0bf3a51ce4c8ec208c1281724581907da906915dbb9d14bee9d0476301018cbfd0828ed0a332c1e4264b3924e6cb0a201a345241530cdb5c75ff865a7a7ad345e53cc608341f841f82f2ec64b56c0b71ad78e77a356d7ad724c9dd28a63f3c5ce85dc425e402ed26092487096541a89363b53261a105425f2269b6da7e8f3ce8847ee11b8c03e64bebce0fb0f0855074a65be8f2da58f3f3e6a3a26f9fffad847955f329c07d7d67001d3dba33f59dd036ef42f777f7e88ec157e0290004"], 0x180}, 0x1, 0x0, 0x0, 0x4000}, 0x8844) close_range$auto(r3, 0x8, 0x0) r11 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r12 = ioctl$auto_KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$auto(0x3, 0x4038ae7a, 0x38) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'wg0\x00', 0x0}) sendmsg$auto_WG_CMD_SET_DEVICE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYRES8=0x0, @ANYRES16=r4, @ANYBLOB="010029bd6000fbdbdd250100000008000100", @ANYRES32=r13, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000811}, 0x4040041) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(r12, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000540)={&(0x7f00000005c0)={0x90, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@THERMAL_GENL_ATTR_CPU_CAPABILITY={0x7c, 0x14, 0x0, 0x1, [@typed={0x14, 0xb, 0x0, 0x0, @ipv6=@local}, @typed={0x8, 0xe5, 0x0, 0x0, @fd=r1}, @typed={0x5a, 0x44, 0x0, 0x0, @binary="b8c078eb85e20e5613eadab7ed830d9f048f5e1ac0d166757784bf87b13d7f36511cc3a0c6605b2b6e2284ff9b362a1367c8f7977e0d7f3c1146fabb3ac1f9028303c98033d72af3ad2c769018661e82255c803e70fc"}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x8014}, 0x8801) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x240000, 0x0) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/enable\x00', 0x202, 0x0) 405.760084ms ago: executing program 0 (id=669): close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) socket(0xa, 0x3, 0x3) r0 = socket(0x10, 0x2, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r2, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) r3 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000003b00)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x600, 0x0) readv$auto(r3, &(0x7f0000003dc0)={0x0, 0x1}, 0xb) 0s ago: executing program 0 (id=670): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0xc, 0x101, 0x4, 0x7f93, 0x48000, 0x4, 0x7ff, 0x7, 0x9}) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.controllers\x00', 0x2, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001100)=""/4111, 0x100f) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/net/afs/addr_prefs\x00', 0x2441, 0x0) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) lstat$auto(&(0x7f0000000180)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', &(0x7f0000000600)={0x318, 0x100000000003, 0x8, 0x2, 0x0, 0x0, 0x0, 0x6, 0xffff, 0x6, 0x100, 0x20000036, 0x7fff, 0x6, 0x7000000000, 0xd, 0x9}) madvise$auto(0x0, 0x2000040080000004, 0xe) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x5) mprotect$auto(0x200000000000, 0x806121, 0x6) write$auto(r2, &(0x7f0000000300)='/ ys -ernel/tracing/set_event_notrace_p}d\xde\xc7\xbd8\xbe\xd7\xdeN\x86\xcf\x1d\rD!U\xb4\xe4+\v\xc3\x06$\xe1\x0eA\xf3ua\x8fT\xd9J\xfd\x02\x00\x00\x00\x00\x00\x00\x00\xbf\x9f\xb0e\xfex,c-\xdf\a\x9e\x9bX\x13n\xdf\xc8\x94%\x7fp\xe0\xa0x\x1f\x17\xea\xc3\xbf\xb2(}\x7f\xd3\xf6\xc5\x9bj\xcf~\x7f)\xd2\x7f\tN\xa9m\xe8\xdc\xb1\xe3\xf3L\xad\xdd%(0c\x9d\x13\xc7\x0elZ\x87K\x14_\xbau\x88\x9f\xe2\x04\x16\xec\xfa\xad\xe0\x87G[N\xf1\xb5\xc0\xab\x00\x00\x00\x00\x00\x00\x00\x04+\xc1\xd3m\xb8\xe5\a\x92\xc2\xd4\xcc\x91\x90\x05$G\x9a\x9b\xe1I\xa9/(\xd3\xa1\\8\x1afmY\xd6m\x931\xe6\xbd\xfb\xd6\x91\xbb\xef\xa1\x03\xd8j\x06ngka\xd1\xf1\xfd\xaeX)w\x1e4\x91\xc9\xce4\x97\x00', 0x8) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r4) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)={0x34, r5, 0x1, 0x70bd25, 0x25dfd3fb, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000844}, 0x2000c840) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x200, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10b402, 0x0) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/irq/3/smp_affinity_list\x00', 0x8f3b7a51b8162d21, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.96' (ED25519) to the list of known hosts. [ 96.942758][ T921] cfg80211: failed to load regulatory.db [ 98.156047][ T5835] cgroup: Unknown subsys name 'net' [ 98.274997][ T5835] cgroup: Unknown subsys name 'cpuset' [ 98.284409][ T5835] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 100.154326][ T5835] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.420000][ T5852] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.429707][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.438767][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 102.447313][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 102.455169][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 102.480382][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 102.499330][ T5860] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.507631][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 102.507747][ T5861] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.521900][ T5858] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.529699][ T5852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 102.532627][ T5862] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 102.544818][ T5862] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 102.545737][ T5858] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.560895][ T5862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.562129][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 102.568652][ T5862] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 102.577251][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 102.593822][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 102.603219][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 103.141044][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 103.218728][ T5854] chnl_net:caif_netlink_parms(): no params data found [ 103.308658][ T5859] chnl_net:caif_netlink_parms(): no params data found [ 103.463594][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.475107][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.482732][ T5850] bridge_slave_0: entered allmulticast mode [ 103.491227][ T5850] bridge_slave_0: entered promiscuous mode [ 103.500331][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.507544][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.515275][ T5850] bridge_slave_1: entered allmulticast mode [ 103.522788][ T5850] bridge_slave_1: entered promiscuous mode [ 103.585960][ T5853] chnl_net:caif_netlink_parms(): no params data found [ 103.628862][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.669099][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.676407][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.683952][ T5854] bridge_slave_0: entered allmulticast mode [ 103.691857][ T5854] bridge_slave_0: entered promiscuous mode [ 103.701834][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.725951][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.733422][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.741602][ T5859] bridge_slave_0: entered allmulticast mode [ 103.749152][ T5859] bridge_slave_0: entered promiscuous mode [ 103.757972][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.765676][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.773584][ T5854] bridge_slave_1: entered allmulticast mode [ 103.781079][ T5854] bridge_slave_1: entered promiscuous mode [ 103.821927][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.829127][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.836834][ T5859] bridge_slave_1: entered allmulticast mode [ 103.845607][ T5859] bridge_slave_1: entered promiscuous mode [ 103.871634][ T5850] team0: Port device team_slave_0 added [ 103.915527][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.927203][ T5850] team0: Port device team_slave_1 added [ 103.956177][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.997757][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.050423][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.059683][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.067178][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.075101][ T5853] bridge_slave_0: entered allmulticast mode [ 104.083121][ T5853] bridge_slave_0: entered promiscuous mode [ 104.105999][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.113183][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.139258][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.172569][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.179690][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.187116][ T5853] bridge_slave_1: entered allmulticast mode [ 104.195378][ T5853] bridge_slave_1: entered promiscuous mode [ 104.205346][ T5854] team0: Port device team_slave_0 added [ 104.212672][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.219649][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.245939][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.274347][ T5859] team0: Port device team_slave_0 added [ 104.296827][ T5854] team0: Port device team_slave_1 added [ 104.317771][ T5859] team0: Port device team_slave_1 added [ 104.369393][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.382853][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.461947][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.468951][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.495099][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.507638][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.517222][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.543439][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.556358][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.563469][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.589689][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.621808][ T5850] hsr_slave_0: entered promiscuous mode [ 104.623623][ T5166] Bluetooth: hci2: command tx timeout [ 104.628715][ T5850] hsr_slave_1: entered promiscuous mode [ 104.640080][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.647287][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.673859][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.696831][ T5853] team0: Port device team_slave_0 added [ 104.700847][ T5166] Bluetooth: hci1: command tx timeout [ 104.702612][ T5860] Bluetooth: hci0: command tx timeout [ 104.708007][ T5166] Bluetooth: hci3: command tx timeout [ 104.718714][ T5853] team0: Port device team_slave_1 added [ 104.775047][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.782720][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.808782][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.876528][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.883937][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.910557][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.927821][ T5859] hsr_slave_0: entered promiscuous mode [ 104.935153][ T5859] hsr_slave_1: entered promiscuous mode [ 104.941503][ T5859] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 104.949269][ T5859] Cannot create hsr debugfs directory [ 104.967037][ T5854] hsr_slave_0: entered promiscuous mode [ 104.973664][ T5854] hsr_slave_1: entered promiscuous mode [ 104.979832][ T5854] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 104.987477][ T5854] Cannot create hsr debugfs directory [ 105.117418][ T5853] hsr_slave_0: entered promiscuous mode [ 105.124329][ T5853] hsr_slave_1: entered promiscuous mode [ 105.131169][ T5853] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.138796][ T5853] Cannot create hsr debugfs directory [ 105.563313][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 105.584632][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 105.597258][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 105.617524][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 105.677432][ T5854] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 105.688697][ T5854] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 105.702341][ T5854] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 105.714836][ T5854] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 105.808136][ T5859] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 105.825591][ T5859] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 105.836634][ T5859] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 105.848551][ T5859] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 105.981205][ T5853] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 105.995960][ T5853] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 106.007225][ T5853] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 106.018842][ T5853] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 106.161302][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.187245][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.225895][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.258203][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.269561][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.298109][ T5859] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.314438][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.321806][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.336906][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.344111][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.374689][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.381893][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.395813][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.403037][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.414603][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.421821][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.449540][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.456740][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.497357][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.593771][ T5853] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.620718][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.627906][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.668125][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.675428][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.701283][ T5166] Bluetooth: hci2: command tx timeout [ 106.757049][ T5853] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 106.769179][ T5853] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 106.780394][ T5166] Bluetooth: hci0: command tx timeout [ 106.785848][ T5166] Bluetooth: hci1: command tx timeout [ 106.792537][ T5858] Bluetooth: hci3: command tx timeout [ 107.323453][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.336692][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.404885][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.451922][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.466967][ T5859] veth0_vlan: entered promiscuous mode [ 107.504506][ T5859] veth1_vlan: entered promiscuous mode [ 107.524279][ T5853] veth0_vlan: entered promiscuous mode [ 107.598552][ T5859] veth0_macvtap: entered promiscuous mode [ 107.609529][ T5850] veth0_vlan: entered promiscuous mode [ 107.617815][ T5853] veth1_vlan: entered promiscuous mode [ 107.636068][ T5859] veth1_macvtap: entered promiscuous mode [ 107.649281][ T5850] veth1_vlan: entered promiscuous mode [ 107.692648][ T5854] veth0_vlan: entered promiscuous mode [ 107.716388][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.745910][ T5854] veth1_vlan: entered promiscuous mode [ 107.761759][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.785468][ T5853] veth0_macvtap: entered promiscuous mode [ 107.796988][ T5859] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.806622][ T5859] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.815595][ T5859] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.825900][ T5859] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.843613][ T5853] veth1_macvtap: entered promiscuous mode [ 107.858783][ T5850] veth0_macvtap: entered promiscuous mode [ 107.893033][ T5850] veth1_macvtap: entered promiscuous mode [ 107.966343][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.984940][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.997189][ T5853] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.006971][ T5853] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.016080][ T5853] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.025346][ T5853] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.070935][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.080108][ T5854] veth0_macvtap: entered promiscuous mode [ 108.112459][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.124773][ T5854] veth1_macvtap: entered promiscuous mode [ 108.133740][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.145231][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.164356][ T5850] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.175021][ T5850] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.184517][ T5850] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.193499][ T5850] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.274117][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.285831][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.340456][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.344989][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.348318][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.383436][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.429851][ T5854] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.438914][ T5854] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.451431][ T5854] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.456361][ T5859] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 108.466650][ T5854] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.512059][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.520906][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.696552][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.739996][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.755020][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.774175][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.790996][ T5166] Bluetooth: hci2: command tx timeout [ 108.861518][ T5166] Bluetooth: hci1: command tx timeout [ 108.867093][ T5166] Bluetooth: hci3: command tx timeout [ 108.872542][ T5858] Bluetooth: hci0: command tx timeout [ 108.913789][ T5919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.931048][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.940001][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.947702][ T5919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.972096][ T5938] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 109.060702][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.220866][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.150601][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.159718][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.249653][ T5973] program syz.3.8 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 110.281225][ T5950] zswap: compressor not available [ 110.320719][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.329515][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.340231][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.351098][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.374519][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.520468][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 110.860363][ T5166] Bluetooth: hci2: command tx timeout [ 110.942094][ T5166] Bluetooth: hci0: command tx timeout [ 110.942115][ T5860] Bluetooth: hci3: command tx timeout [ 110.942157][ T5860] Bluetooth: hci1: command tx timeout [ 110.969854][ T5989] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 111.977120][ T6002] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13'. [ 112.058868][ T6010] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 112.309252][ T6002] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13'. [ 112.810083][ T6018] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18'. [ 113.089449][ T6017] HfR: entered promiscuous mode [ 113.096474][ T6018] openvswitch: HfR: Dropping previously announced user features [ 113.141029][ T6021] openvswitch: HfR: Dropping previously announced user features [ 113.437100][ T6030] tc_dump_action: action bad kind [ 113.970452][ T6020] random: crng reseeded on system resumption [ 116.536173][ T6081] HfR: entered promiscuous mode [ 116.550358][ T6082] process 'syz.2.31' launched ':,' with NULL argv: empty string added [ 116.686322][ T6081] netlink: 12 bytes leftover after parsing attributes in process `syz.3.32'. [ 116.769469][ T6081] openvswitch: HfR: Dropping previously announced user features [ 116.848244][ T6081] openvswitch: HfR: Dropping previously announced user features [ 117.240244][ T6086] Zero length message leads to an empty skb [ 118.317972][ T6090] random: crng reseeded on system resumption [ 119.031646][ T6113] vhci_hcd: invalid port number 16 [ 119.237522][ T6113] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 119.741145][ T6124] mmap: syz.2.43 (6124) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 119.746414][ T6122] Invalid ELF header magic: != ELF [ 122.142881][ T6161] netlink: 326 bytes leftover after parsing attributes in process `syz.2.51'. [ 124.890476][ T6206] random: crng reseeded on system resumption [ 125.373533][ T6188] kexec: Could not allocate control_code_buffer [ 125.618921][ T6215] FAULT_INJECTION: forcing a failure. [ 125.618921][ T6215] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 125.643419][ T6215] CPU: 1 UID: 0 PID: 6215 Comm: syz.1.64 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 125.643461][ T6215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.643484][ T6215] Call Trace: [ 125.643495][ T6215] [ 125.643511][ T6215] dump_stack_lvl+0x16c/0x1f0 [ 125.643565][ T6215] should_fail_ex+0x512/0x640 [ 125.643625][ T6215] _copy_from_user+0x2e/0xd0 [ 125.643678][ T6215] __sys_bpf+0x21d/0x4d80 [ 125.643713][ T6215] ? __pfx___sys_bpf+0x10/0x10 [ 125.643741][ T6215] ? vfs_write+0x15d/0x1150 [ 125.643796][ T6215] ? __pfx_vfs_write+0x10/0x10 [ 125.643843][ T6215] ? do_sys_openat2+0x157/0x1d0 [ 125.643903][ T6215] ? ksys_write+0x1ac/0x250 [ 125.643953][ T6215] ? __pfx_ksys_write+0x10/0x10 [ 125.644020][ T6215] __x64_sys_bpf+0x78/0xc0 [ 125.644050][ T6215] ? lockdep_hardirqs_on+0x7c/0x110 [ 125.644094][ T6215] do_syscall_64+0xcd/0x490 [ 125.644144][ T6215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.644175][ T6215] RIP: 0033:0x7fa9ba78e929 [ 125.644205][ T6215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.644239][ T6215] RSP: 002b:00007fa9bb5c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 125.644268][ T6215] RAX: ffffffffffffffda RBX: 00007fa9ba9b5fa0 RCX: 00007fa9ba78e929 [ 125.644289][ T6215] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 0000000000000004 [ 125.644308][ T6215] RBP: 00007fa9bb5c0090 R08: 0000000000000000 R09: 0000000000000000 [ 125.644326][ T6215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.644344][ T6215] R13: 0000000000000000 R14: 00007fa9ba9b5fa0 R15: 00007ffe7587f918 [ 125.644384][ T6215] [ 126.131238][ T5860] Bluetooth: hci3: unexpected subevent 0x19 length: 252 > 28 [ 126.138773][ T5860] Bluetooth: hci3: Unable to find connection with handle 0xc3d2 [ 127.251856][ T6244] FAULT_INJECTION: forcing a failure. [ 127.251856][ T6244] name failslab, interval 1, probability 0, space 0, times 0 [ 127.290194][ T6244] CPU: 1 UID: 0 PID: 6244 Comm: syz.0.73 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 127.290235][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 127.290252][ T6244] Call Trace: [ 127.290263][ T6244] [ 127.290274][ T6244] dump_stack_lvl+0x16c/0x1f0 [ 127.290323][ T6244] should_fail_ex+0x512/0x640 [ 127.290367][ T6244] ? __kvmalloc_node_noprof+0x124/0x620 [ 127.290416][ T6244] should_failslab+0xc2/0x120 [ 127.290446][ T6244] __kvmalloc_node_noprof+0x137/0x620 [ 127.290501][ T6244] ? __sys_bpf+0x269a/0x4d80 [ 127.290535][ T6244] ? __sys_bpf+0x269a/0x4d80 [ 127.290561][ T6244] __sys_bpf+0x269a/0x4d80 [ 127.290595][ T6244] ? __pfx___sys_bpf+0x10/0x10 [ 127.290622][ T6244] ? vfs_write+0x15d/0x1150 [ 127.290675][ T6244] ? __pfx_vfs_write+0x10/0x10 [ 127.290720][ T6244] ? do_sys_openat2+0x157/0x1d0 [ 127.290777][ T6244] ? ksys_write+0x1ac/0x250 [ 127.290820][ T6244] ? __pfx_ksys_write+0x10/0x10 [ 127.290871][ T6244] __x64_sys_bpf+0x78/0xc0 [ 127.290899][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 127.290943][ T6244] do_syscall_64+0xcd/0x490 [ 127.290992][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.291024][ T6244] RIP: 0033:0x7ff2b218e929 [ 127.291064][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.291094][ T6244] RSP: 002b:00007ff2b2f15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 127.291122][ T6244] RAX: ffffffffffffffda RBX: 00007ff2b23b5fa0 RCX: 00007ff2b218e929 [ 127.291142][ T6244] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 0000000000000004 [ 127.291161][ T6244] RBP: 00007ff2b2f15090 R08: 0000000000000000 R09: 0000000000000000 [ 127.291179][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 127.291197][ T6244] R13: 0000000000000000 R14: 00007ff2b23b5fa0 R15: 00007ffdc2b2d648 [ 127.291238][ T6244] [ 128.308018][ T6264] ima: policy update failed [ 128.343719][ T30] audit: type=1802 audit(1752586460.876:2): pid=6264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.76" res=0 errno=0 [ 128.851380][ T6279] FAULT_INJECTION: forcing a failure. [ 128.851380][ T6279] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 128.870288][ T6279] CPU: 0 UID: 0 PID: 6279 Comm: syz.2.83 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 128.870332][ T6279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.870350][ T6279] Call Trace: [ 128.870360][ T6279] [ 128.870371][ T6279] dump_stack_lvl+0x16c/0x1f0 [ 128.870434][ T6279] should_fail_ex+0x512/0x640 [ 128.870484][ T6279] _copy_to_user+0x32/0xd0 [ 128.870534][ T6279] __sys_bpf+0x284f/0x4d80 [ 128.870569][ T6279] ? __pfx___sys_bpf+0x10/0x10 [ 128.870595][ T6279] ? vfs_write+0x15d/0x1150 [ 128.870649][ T6279] ? __pfx_vfs_write+0x10/0x10 [ 128.870696][ T6279] ? do_sys_openat2+0x157/0x1d0 [ 128.870755][ T6279] ? ksys_write+0x1ac/0x250 [ 128.870801][ T6279] ? __pfx_ksys_write+0x10/0x10 [ 128.870856][ T6279] __x64_sys_bpf+0x78/0xc0 [ 128.870885][ T6279] ? lockdep_hardirqs_on+0x7c/0x110 [ 128.870931][ T6279] do_syscall_64+0xcd/0x490 [ 128.870981][ T6279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.871014][ T6279] RIP: 0033:0x7f854538e929 [ 128.871038][ T6279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.871067][ T6279] RSP: 002b:00007f85461cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 128.871096][ T6279] RAX: ffffffffffffffda RBX: 00007f85455b5fa0 RCX: 00007f854538e929 [ 128.871117][ T6279] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 0000000000000004 [ 128.871135][ T6279] RBP: 00007f85461cf090 R08: 0000000000000000 R09: 0000000000000000 [ 128.871153][ T6279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.871172][ T6279] R13: 0000000000000000 R14: 00007f85455b5fa0 R15: 00007ffcc31bd678 [ 128.871214][ T6279] [ 129.495495][ T6289] netlink: 28 bytes leftover after parsing attributes in process `syz.2.87'. [ 129.528332][ T6298] netlink: 334 bytes leftover after parsing attributes in process `syz.1.88'. [ 129.549240][ T6290] delete_channel: no stack [ 129.550330][ T6298] netlink: 334 bytes leftover after parsing attributes in process `syz.1.88'. [ 129.610848][ T6299] netlink: 4 bytes leftover after parsing attributes in process `syz.2.87'. [ 129.848046][ T6302] netlink: 342 bytes leftover after parsing attributes in process `syz.1.89'. [ 129.858811][ T6302] FAULT_INJECTION: forcing a failure. [ 129.858811][ T6302] name failslab, interval 1, probability 0, space 0, times 0 [ 129.880461][ T6302] CPU: 0 UID: 0 PID: 6302 Comm: syz.1.89 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 129.880507][ T6302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.880525][ T6302] Call Trace: [ 129.880535][ T6302] [ 129.880546][ T6302] dump_stack_lvl+0x16c/0x1f0 [ 129.880609][ T6302] should_fail_ex+0x512/0x640 [ 129.880656][ T6302] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 129.880708][ T6302] should_failslab+0xc2/0x120 [ 129.880738][ T6302] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 129.880787][ T6302] ? fib_insert_alias+0x444/0xe30 [ 129.880844][ T6302] fib_insert_alias+0x444/0xe30 [ 129.880895][ T6302] ? lockdep_rtnl_is_held+0x26/0x40 [ 129.880932][ T6302] ? fib_find_node+0x22b/0x2b0 [ 129.880983][ T6302] fib_trie_unmerge+0x2f9/0xcb0 [ 129.881021][ T6302] ? __pfx_fib_trie_unmerge+0x10/0x10 [ 129.881058][ T6302] ? __pfx___mutex_lock+0x10/0x10 [ 129.881114][ T6302] fib_unmerge+0xf8/0x520 [ 129.881149][ T6302] ? __pfx_fib_nl2rule.constprop.0+0x10/0x10 [ 129.881203][ T6302] fib4_rule_configure+0x383/0x10c0 [ 129.881255][ T6302] fib_newrule+0x359/0x1e60 [ 129.881315][ T6302] ? __pfx_fib_newrule+0x10/0x10 [ 129.881364][ T6302] ? kfree_skbmem+0x1a4/0x1f0 [ 129.881439][ T6302] ? find_held_lock+0x2b/0x80 [ 129.881470][ T6302] ? __pfx_fib_nl_newrule+0x10/0x10 [ 129.881519][ T6302] ? __pfx_fib_nl_newrule+0x10/0x10 [ 129.881566][ T6302] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 129.881624][ T6302] ? __pfx_fib_nl_newrule+0x10/0x10 [ 129.881674][ T6302] rtnetlink_rcv_msg+0x95e/0xe90 [ 129.881729][ T6302] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 129.881791][ T6302] ? ref_tracker_free+0x37c/0x830 [ 129.881844][ T6302] netlink_rcv_skb+0x155/0x420 [ 129.881877][ T6302] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 129.881928][ T6302] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 129.881978][ T6302] ? netlink_deliver_tap+0x1ae/0xd30 [ 129.882038][ T6302] netlink_unicast+0x58d/0x850 [ 129.882077][ T6302] ? __pfx_netlink_unicast+0x10/0x10 [ 129.882121][ T6302] netlink_sendmsg+0x8d1/0xdd0 [ 129.882162][ T6302] ? __pfx_netlink_sendmsg+0x10/0x10 [ 129.882212][ T6302] ____sys_sendmsg+0xa95/0xc70 [ 129.882249][ T6302] ? copy_msghdr_from_user+0x10a/0x160 [ 129.882295][ T6302] ? __pfx_____sys_sendmsg+0x10/0x10 [ 129.882336][ T6302] ? kfree+0x24f/0x4d0 [ 129.882377][ T6302] ? futex_unqueue+0x133/0x2c0 [ 129.882419][ T6302] ___sys_sendmsg+0x134/0x1d0 [ 129.882470][ T6302] ? __pfx____sys_sendmsg+0x10/0x10 [ 129.882558][ T6302] ? __pfx___might_resched+0x10/0x10 [ 129.882610][ T6302] __sys_sendmmsg+0x200/0x420 [ 129.882664][ T6302] ? __pfx___sys_sendmmsg+0x10/0x10 [ 129.882725][ T6302] ? __pfx_do_futex+0x10/0x10 [ 129.882793][ T6302] ? xfd_validate_state+0x61/0x180 [ 129.882846][ T6302] __x64_sys_sendmmsg+0x9c/0x100 [ 129.882892][ T6302] ? lockdep_hardirqs_on+0x7c/0x110 [ 129.882938][ T6302] do_syscall_64+0xcd/0x490 [ 129.882990][ T6302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.883023][ T6302] RIP: 0033:0x7fa9ba78e929 [ 129.883048][ T6302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.883077][ T6302] RSP: 002b:00007fa9bb5c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 129.883106][ T6302] RAX: ffffffffffffffda RBX: 00007fa9ba9b5fa0 RCX: 00007fa9ba78e929 [ 129.883127][ T6302] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000005 [ 129.883146][ T6302] RBP: 00007fa9ba810b39 R08: 0000000000000000 R09: 0000000000000000 [ 129.883165][ T6302] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 129.883184][ T6302] R13: 0000000000000000 R14: 00007fa9ba9b5fa0 R15: 00007ffe7587f918 [ 129.883226][ T6302] [ 131.293138][ T6320] FAULT_INJECTION: forcing a failure. [ 131.293138][ T6320] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 131.335770][ T6320] CPU: 0 UID: 0 PID: 6320 Comm: syz.2.94 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 131.335827][ T6320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.335853][ T6320] Call Trace: [ 131.335864][ T6320] [ 131.335876][ T6320] dump_stack_lvl+0x16c/0x1f0 [ 131.335933][ T6320] should_fail_ex+0x512/0x640 [ 131.335988][ T6320] _copy_to_user+0x32/0xd0 [ 131.336043][ T6320] simple_read_from_buffer+0xcb/0x170 [ 131.336094][ T6320] proc_fail_nth_read+0x197/0x270 [ 131.336146][ T6320] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 131.336188][ T6320] ? rw_verify_area+0xcf/0x680 [ 131.336243][ T6320] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 131.336287][ T6320] vfs_read+0x1e4/0xc60 [ 131.336348][ T6320] ? __pfx_vfs_read+0x10/0x10 [ 131.336392][ T6320] ? do_sys_openat2+0x157/0x1d0 [ 131.336457][ T6320] ksys_read+0x12a/0x250 [ 131.336503][ T6320] ? __pfx_ksys_read+0x10/0x10 [ 131.336559][ T6320] do_syscall_64+0xcd/0x490 [ 131.336619][ T6320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.336650][ T6320] RIP: 0033:0x7f854538d33c [ 131.336679][ T6320] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 131.336707][ T6320] RSP: 002b:00007f85461cf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 131.336744][ T6320] RAX: ffffffffffffffda RBX: 00007f85455b5fa0 RCX: 00007f854538d33c [ 131.336764][ T6320] RDX: 000000000000000f RSI: 00007f85461cf0a0 RDI: 0000000000000001 [ 131.336783][ T6320] RBP: 00007f85461cf090 R08: 0000000000000000 R09: 0000000000000000 [ 131.336803][ T6320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.336826][ T6320] R13: 0000000000000000 R14: 00007f85455b5fa0 R15: 00007ffcc31bd678 [ 131.336876][ T6320] [ 131.843376][ T30] audit: type=1800 audit(1752586464.376:3): pid=6340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.97" name="lu_gp_id" dev="configfs" ino=9516 res=0 errno=0 [ 131.911405][ T6331] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x0 pfn:0x78400 [ 131.921962][ T6331] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 131.943019][ T6331] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 131.982435][ T6331] raw: 0000000000000000 0000000000000000 0000000400000002 0000000000000000 [ 132.002013][ T6331] page dumped because: unmovable page [ 132.014516][ T6331] page_owner tracks the page as allocated [ 132.058255][ T6331] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5847, tgid 5847 (syz-executor), ts 101806127789, free_ts 98472061950 [ 132.127341][ T6331] post_alloc_hook+0x1c0/0x230 [ 132.137685][ T6331] get_page_from_freelist+0x1321/0x3890 [ 132.312519][ T6331] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 132.325903][ T6331] alloc_pages_mpol+0x1fb/0x550 [ 132.335972][ T6331] alloc_pages_noprof+0x131/0x390 [ 132.352278][ T6331] __vmalloc_node_range_noprof+0x72f/0x14b0 [ 132.368033][ T6331] vmalloc_user_noprof+0x9e/0xe0 [ 132.377947][ T6331] kcov_ioctl+0x4c/0x730 [ 132.388150][ T6331] __x64_sys_ioctl+0x18b/0x210 [ 132.400266][ T6331] do_syscall_64+0xcd/0x490 [ 132.410209][ T6331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.420319][ T6331] page last free pid 5835 tgid 5835 stack trace: [ 132.430532][ T6331] __free_frozen_pages+0x7fe/0x1180 [ 132.440657][ T6331] vfree+0x1fd/0xb50 [ 132.444650][ T6331] kcov_close+0x34/0x60 [ 132.459550][ T6331] __fput+0x3ff/0xb70 [ 132.469290][ T6331] fput_close_sync+0x118/0x260 [ 132.479435][ T6331] __x64_sys_close+0x8b/0x120 [ 132.485349][ T6331] do_syscall_64+0xcd/0x490 [ 132.500493][ T6331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.975538][ T6392] netlink: 8 bytes leftover after parsing attributes in process `syz.3.110'. [ 135.334343][ T6396] vivid-003: ================= START STATUS ================= [ 135.474232][ T6396] vivid-003: Radio HW Seek Mode: Bounded [ 135.487082][ T6396] vivid-003: Radio Programmable HW Seek: false [ 135.494081][ T6396] vivid-003: RDS Rx I/O Mode: Block I/O [ 135.501565][ T6396] vivid-003: Generate RBDS Instead of RDS: false [ 135.510693][ T6396] vivid-003: RDS Reception: true [ 135.524387][ T6396] vivid-003: RDS Program Type: 0 inactive [ 135.533378][ T6396] vivid-003: RDS PS Name: inactive [ 135.539055][ T6396] vivid-003: RDS Radio Text: inactive [ 135.546222][ T6396] vivid-003: RDS Traffic Announcement: false inactive [ 135.556430][ T6396] vivid-003: RDS Traffic Program: false inactive [ 135.564197][ T6396] vivid-003: RDS Music: false inactive [ 135.569947][ T6396] vivid-003: ================== END STATUS ================== [ 137.060209][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.069218][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.082515][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.092686][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.166150][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.173386][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.215289][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.232077][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.911954][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.918337][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 140.255519][ T6469] capability: warning: `syz.2.126' uses 32-bit capabilities (legacy support in use) [ 140.907163][ T6476] can: request_module (can-proto-3) failed. [ 141.215499][ T6485] syz.1.133 (6485) used greatest stack depth: 17768 bytes left [ 141.229224][ T6493] FAULT_INJECTION: forcing a failure. [ 141.229224][ T6493] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 141.260263][ T6493] CPU: 1 UID: 0 PID: 6493 Comm: syz.0.135 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 141.260306][ T6493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 141.260326][ T6493] Call Trace: [ 141.260335][ T6493] [ 141.260347][ T6493] dump_stack_lvl+0x16c/0x1f0 [ 141.260402][ T6493] should_fail_ex+0x512/0x640 [ 141.260455][ T6493] should_fail_alloc_page+0xe7/0x130 [ 141.260490][ T6493] prepare_alloc_pages+0x3c2/0x610 [ 141.260536][ T6493] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 141.260598][ T6493] ? __schedule+0x1181/0x5de0 [ 141.260639][ T6493] ? arch_stack_walk+0xa6/0x100 [ 141.260675][ T6493] ? __lock_acquire+0xb01/0x1c90 [ 141.260727][ T6493] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 141.260783][ T6493] ? __pfx___schedule+0x10/0x10 [ 141.260837][ T6493] ? find_held_lock+0x2b/0x80 [ 141.260871][ T6493] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 141.260922][ T6493] ? policy_nodemask+0xea/0x4e0 [ 141.260957][ T6493] alloc_pages_mpol+0x1fb/0x550 [ 141.260990][ T6493] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 141.261032][ T6493] folio_alloc_mpol_noprof+0x36/0x2f0 [ 141.261072][ T6493] vma_alloc_folio_noprof+0xed/0x1e0 [ 141.261108][ T6493] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 141.261144][ T6493] ? find_held_lock+0x2b/0x80 [ 141.261176][ T6493] ? __handle_mm_fault+0x1092/0x5490 [ 141.261225][ T6493] __handle_mm_fault+0x2f21/0x5490 [ 141.261278][ T6493] ? __pfx___handle_mm_fault+0x10/0x10 [ 141.261322][ T6493] ? lock_vma_under_rcu+0x47d/0x970 [ 141.261366][ T6493] ? lock_vma_under_rcu+0x47d/0x970 [ 141.261439][ T6493] handle_mm_fault+0x589/0xd10 [ 141.261485][ T6493] ? __pkru_allows_pkey+0x51/0xb0 [ 141.261531][ T6493] do_user_addr_fault+0x60c/0x1370 [ 141.261591][ T6493] ? rcu_is_watching+0x12/0xc0 [ 141.261631][ T6493] exc_page_fault+0x5c/0xb0 [ 141.261675][ T6493] asm_exc_page_fault+0x26/0x30 [ 141.261704][ T6493] RIP: 0033:0x7ff2b205a33b [ 141.261729][ T6493] Code: 00 00 00 48 8d 3d fd 2b 19 00 48 89 c1 31 c0 e8 fb 3c ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 31 2c 19 00 48 89 34 24 48 8b 14 24 48 8b [ 141.261760][ T6493] RSP: 002b:00007ff2b2f13fb0 EFLAGS: 00010202 [ 141.261786][ T6493] RAX: 0000000000000000 RBX: 00007ff2b23b5fa0 RCX: 0000000000000000 [ 141.261804][ T6493] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00002000000002c0 [ 141.261822][ T6493] RBP: 00007ff2b2210b39 R08: 0000000000000000 R09: 0000000000000000 [ 141.261842][ T6493] R10: 00002000000002c0 R11: 0000000000000000 R12: 0000000000000000 [ 141.261861][ T6493] R13: 0000000000000000 R14: 00007ff2b23b5fa0 R15: 00007ffdc2b2d648 [ 141.261901][ T6493] [ 141.262100][ T6493] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 141.643878][ T5860] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 141.643925][ T5860] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 141.659611][ T5860] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 141.659670][ T5860] Bluetooth: hci2: adv larger than maximum supported [ 141.667015][ T5860] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 141.673770][ T5860] Bluetooth: hci2: adv larger than maximum supported [ 141.680929][ T5860] Bluetooth: hci2: adv larger than maximum supported [ 141.687653][ T5860] Bluetooth: hci2: Malformed LE Event: 0x0d [ 143.969515][ T6543] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 145.576108][ T6545] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 145.718424][ T6575] Invalid ELF header magic: != ELF [ 152.680781][ T6781] syz.0.173 uses obsolete (PF_INET,SOCK_PACKET) [ 153.386399][ T6783] Invalid ELF header magic: != ELF [ 154.443026][ T6801] netlink: 'syz.1.179': attribute type 17 has an invalid length. [ 154.453379][ T6801] netlink: 16 bytes leftover after parsing attributes in process `syz.1.179'. [ 156.085977][ T6839] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input8 [ 159.700547][ T6893] netlink: 28 bytes leftover after parsing attributes in process `syz.3.199'. [ 161.748774][ T6922] vivid-003: ================= START STATUS ================= [ 161.756930][ T6922] vivid-003: Radio HW Seek Mode: Bounded [ 161.762770][ T6922] vivid-003: Radio Programmable HW Seek: false [ 161.769357][ T6922] vivid-003: RDS Rx I/O Mode: Block I/O [ 161.782390][ T6922] vivid-003: Generate RBDS Instead of RDS: false [ 161.866030][ T6922] vivid-003: RDS Reception: true [ 161.874064][ T6922] vivid-003: RDS Program Type: 0 inactive [ 161.937029][ T6922] vivid-003: RDS PS Name: inactive [ 161.947138][ T6922] vivid-003: RDS Radio Text: inactive [ 161.974356][ T6922] vivid-003: RDS Traffic Announcement: false inactive [ 161.995103][ T6922] vivid-003: RDS Traffic Program: false inactive [ 162.012723][ T6922] vivid-003: RDS Music: false inactive [ 162.018791][ T6922] vivid-003: ================== END STATUS ================== [ 164.067317][ T6941] FAULT_INJECTION: forcing a failure. [ 164.067317][ T6941] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 164.170724][ T6941] CPU: 0 UID: 0 PID: 6941 Comm: syz.1.211 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 164.170767][ T6941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 164.170785][ T6941] Call Trace: [ 164.170795][ T6941] [ 164.170808][ T6941] dump_stack_lvl+0x16c/0x1f0 [ 164.170861][ T6941] should_fail_ex+0x512/0x640 [ 164.170911][ T6941] should_fail_alloc_page+0xe7/0x130 [ 164.170944][ T6941] prepare_alloc_pages+0x3c2/0x610 [ 164.170999][ T6941] ? rcu_is_watching+0x12/0xc0 [ 164.171037][ T6941] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 164.171090][ T6941] ? __lock_acquire+0xb8a/0x1c90 [ 164.171150][ T6941] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 164.171210][ T6941] ? do_raw_spin_lock+0x12c/0x2b0 [ 164.171263][ T6941] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 164.171316][ T6941] ? find_held_lock+0x2b/0x80 [ 164.171362][ T6941] ? __lock_acquire+0xb8a/0x1c90 [ 164.171405][ T6941] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 164.171457][ T6941] ? policy_nodemask+0xea/0x4e0 [ 164.171490][ T6941] alloc_pages_mpol+0x1fb/0x550 [ 164.171522][ T6941] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 164.171565][ T6941] folio_alloc_mpol_noprof+0x36/0x2f0 [ 164.171605][ T6941] shmem_alloc_folio+0x135/0x160 [ 164.171645][ T6941] shmem_alloc_and_add_folio+0x499/0xc20 [ 164.171701][ T6941] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 164.171752][ T6941] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 164.171808][ T6941] shmem_get_folio_gfp+0x67f/0x1600 [ 164.171864][ T6941] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 164.171915][ T6941] ? __lock_acquire+0x622/0x1c90 [ 164.171962][ T6941] shmem_fault+0x1fe/0xa30 [ 164.172011][ T6941] ? __pfx_shmem_fault+0x10/0x10 [ 164.172066][ T6941] ? __lock_acquire+0xb8a/0x1c90 [ 164.172118][ T6941] __do_fault+0x10a/0x490 [ 164.172166][ T6941] ? __pfx_filemap_map_pages+0x10/0x10 [ 164.172224][ T6941] __handle_mm_fault+0x374c/0x5490 [ 164.172278][ T6941] ? __pfx___handle_mm_fault+0x10/0x10 [ 164.172324][ T6941] ? __pte_offset_map_lock+0x174/0x310 [ 164.172358][ T6941] ? find_held_lock+0x2b/0x80 [ 164.172390][ T6941] ? find_held_lock+0x2b/0x80 [ 164.172433][ T6941] ? follow_page_pte+0x3af/0x14c0 [ 164.172488][ T6941] handle_mm_fault+0x589/0xd10 [ 164.172535][ T6941] __get_user_pages+0x589/0x3b80 [ 164.172585][ T6941] ? __pfx___get_user_pages+0x10/0x10 [ 164.172618][ T6941] ? __pfx_down_read_killable+0x10/0x10 [ 164.172668][ T6941] ? __lock_acquire+0xb8a/0x1c90 [ 164.172720][ T6941] faultin_page_range+0x249/0x980 [ 164.172769][ T6941] madvise_do_behavior+0x268/0x3f0 [ 164.172816][ T6941] ? __pfx_madvise_do_behavior+0x10/0x10 [ 164.172883][ T6941] ? find_held_lock+0x2b/0x80 [ 164.172924][ T6941] do_madvise+0x161/0x230 [ 164.172962][ T6941] ? __pfx_do_madvise+0x10/0x10 [ 164.172995][ T6941] ? rcu_is_watching+0x12/0xc0 [ 164.173030][ T6941] ? __rseq_handle_notify_resume+0x681/0x10e0 [ 164.173103][ T6941] ? xfd_validate_state+0x61/0x180 [ 164.173147][ T6941] ? __pfx_do_writev+0x10/0x10 [ 164.173208][ T6941] __x64_sys_madvise+0xa9/0x110 [ 164.173242][ T6941] ? lockdep_hardirqs_on+0x7c/0x110 [ 164.173289][ T6941] do_syscall_64+0xcd/0x490 [ 164.173342][ T6941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.173374][ T6941] RIP: 0033:0x7fa9ba78e929 [ 164.173399][ T6941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.173429][ T6941] RSP: 002b:00007fa9bb5c0038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 164.173458][ T6941] RAX: ffffffffffffffda RBX: 00007fa9ba9b5fa0 RCX: 00007fa9ba78e929 [ 164.173480][ T6941] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 164.173499][ T6941] RBP: 00007fa9ba810b39 R08: 0000000000000000 R09: 0000000000000000 [ 164.173519][ T6941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.173537][ T6941] R13: 0000000000000000 R14: 00007fa9ba9b5fa0 R15: 00007ffe7587f918 [ 164.173581][ T6941] [ 168.360044][ T7003] syz.0.226 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 169.417268][ T7018] mkiss: ax0: crc mode is auto. [ 169.665159][ T7024] netlink: set zone limit has 8 unknown bytes [ 170.194246][ T7035] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 170.694186][ T7036] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 173.551369][ T7092] netlink: 8 bytes leftover after parsing attributes in process `syz.2.246'. [ 173.622702][ T7092] netlink: 28 bytes leftover after parsing attributes in process `syz.2.246'. [ 173.640605][ T7092] nbd: must specify at least one socket [ 173.661749][ T7083] vhci_hcd: invalid port number 16 [ 173.690276][ T7083] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 173.880057][ T7098] ima: policy update failed [ 173.935378][ T30] audit: type=1802 audit(1752586506.466:4): pid=7098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.247" res=0 errno=0 [ 179.136606][ T7234] MTRR 1 not used [ 183.692857][ T7299] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 184.134627][ T7300] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 187.824783][ T7374] random: crng reseeded on system resumption [ 189.032782][ T7399] FAULT_INJECTION: forcing a failure. [ 189.032782][ T7399] name fail_futex, interval 1, probability 0, space 0, times 1 [ 189.089707][ T7399] CPU: 0 UID: 0 PID: 7399 Comm: syz.2.310 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 189.089740][ T7399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 189.089754][ T7399] Call Trace: [ 189.089762][ T7399] [ 189.089770][ T7399] dump_stack_lvl+0x16c/0x1f0 [ 189.089810][ T7399] should_fail_ex+0x512/0x640 [ 189.089848][ T7399] get_futex_key+0x1d0/0x1540 [ 189.089879][ T7399] ? __pfx_get_futex_key+0x10/0x10 [ 189.089902][ T7399] ? sock_write_iter+0x325/0x5b0 [ 189.089928][ T7399] ? __pfx_sock_write_iter+0x10/0x10 [ 189.089952][ T7399] ? __pfx____sys_sendmsg+0x10/0x10 [ 189.089991][ T7399] futex_wake+0xe7/0x4e0 [ 189.090023][ T7399] ? bpf_lsm_file_permission+0x9/0x10 [ 189.090049][ T7399] ? __pfx_futex_wake+0x10/0x10 [ 189.090086][ T7399] ? vfs_write+0x15d/0x1150 [ 189.090134][ T7399] ? __pfx_sock_write_iter+0x10/0x10 [ 189.090173][ T7399] do_futex+0x1e3/0x350 [ 189.090213][ T7399] ? __pfx_do_futex+0x10/0x10 [ 189.090264][ T7399] __x64_sys_futex+0x1e0/0x4c0 [ 189.090306][ T7399] ? fput+0x70/0xf0 [ 189.090336][ T7399] ? __pfx___x64_sys_futex+0x10/0x10 [ 189.090375][ T7399] ? ksys_write+0x1ac/0x250 [ 189.090429][ T7399] ? __pfx_ksys_write+0x10/0x10 [ 189.090488][ T7399] do_syscall_64+0xcd/0x490 [ 189.090542][ T7399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.090574][ T7399] RIP: 0033:0x7f854538e929 [ 189.090600][ T7399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.090631][ T7399] RSP: 002b:00007f85461ae0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 189.090661][ T7399] RAX: ffffffffffffffda RBX: 00007f85455b6088 RCX: 00007f854538e929 [ 189.090682][ T7399] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f85455b608c [ 189.090702][ T7399] RBP: 00007f85455b6080 R08: 00007f85461d0000 R09: 0000000000000000 [ 189.090722][ T7399] R10: 00000000000002fb R11: 0000000000000246 R12: 00007f85455b608c [ 189.090742][ T7399] R13: 0000000000000000 R14: 00007ffcc31bd590 R15: 00007ffcc31bd678 [ 189.090782][ T7399] [ 189.668472][ T7395] lo: entered allmulticast mode [ 189.682276][ T7395] lo: left allmulticast mode [ 190.799788][ T7409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.313'. [ 191.881525][ T7436] netlink: 24 bytes leftover after parsing attributes in process `syz.3.323'. [ 191.945064][ T7443] capability: warning: `syz.3.323' uses deprecated v2 capabilities in a way that may be insecure [ 193.611415][ T7502] netlink: 342 bytes leftover after parsing attributes in process `syz.3.332'. [ 193.661404][ T7488] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x0 pfn:0x78400 [ 193.730423][ T7488] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 193.952831][ T7488] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 194.117922][ T7488] raw: 0000000000000000 0000000000000000 0000000400000002 0000000000000000 [ 194.148753][ T7488] page dumped because: unmovable page [ 194.182365][ T7512] ubi0: attaching mtd0 [ 194.205435][ T7488] page_owner tracks the page as allocated [ 194.217526][ T7488] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5847, tgid 5847 (syz-executor), ts 101806127789, free_ts 98472061950 [ 194.294662][ T7488] post_alloc_hook+0x1c0/0x230 [ 194.305332][ T7488] get_page_from_freelist+0x1321/0x3890 [ 194.319717][ T7488] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 194.336163][ T7488] alloc_pages_mpol+0x1fb/0x550 [ 194.356468][ T7488] alloc_pages_noprof+0x131/0x390 [ 194.366581][ T7488] __vmalloc_node_range_noprof+0x72f/0x14b0 [ 194.389492][ T7512] ubi0: scanning is finished [ 194.399380][ T7512] ubi0: empty MTD device detected [ 194.439121][ T7488] vmalloc_user_noprof+0x9e/0xe0 [ 194.481985][ T7488] kcov_ioctl+0x4c/0x730 [ 194.486393][ T7488] __x64_sys_ioctl+0x18b/0x210 [ 194.491952][ T7488] do_syscall_64+0xcd/0x490 [ 194.496543][ T7488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.540320][ T7488] page last free pid 5835 tgid 5835 stack trace: [ 194.572383][ T7488] __free_frozen_pages+0x7fe/0x1180 [ 194.631087][ T7488] vfree+0x1fd/0xb50 [ 194.635045][ T7488] kcov_close+0x34/0x60 [ 194.639369][ T7488] __fput+0x3ff/0xb70 [ 194.647127][ T7488] fput_close_sync+0x118/0x260 [ 194.652291][ T7488] __x64_sys_close+0x8b/0x120 [ 194.657024][ T7488] do_syscall_64+0xcd/0x490 [ 194.666709][ T7488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.153426][ T7512] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 195.230374][ T7512] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 195.246315][ T7512] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 195.281501][ T7512] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 195.314652][ T7512] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 195.327737][ T7512] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 195.338306][ T7512] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1980513773 [ 195.348496][ T7512] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 195.359428][ T7541] ubi0: background thread "ubi_bgt0d" started, PID 7541 [ 199.315026][ T7597] vhci_hcd: invalid port number 16 [ 199.331609][ T7597] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 199.346943][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.353572][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.430541][ T7599] netlink: 4 bytes leftover after parsing attributes in process `syz.3.350'. [ 199.451660][ T30] audit: type=1400 audit(1752586531.986:5): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=7600 comm="syz.1.351" [ 201.704095][ T7649] vhci_hcd: invalid port number 16 [ 201.729144][ T7649] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 202.036364][ T7655] aoe: can't write to that file. [ 204.268584][ T7715] snd_aloop snd_aloop.0: control 16781581:65533:1073741830:'x?F/zF˷fC:45170 is already present [ 205.092211][ T7742] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 205.393732][ T7751] netlink: 28 bytes leftover after parsing attributes in process `syz.2.378'. [ 205.718454][ T7751] netlink: 4 bytes leftover after parsing attributes in process `syz.2.378'. [ 205.900881][ T7743] netlink: 8 bytes leftover after parsing attributes in process `syz.1.377'. [ 206.380975][ T7745] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 209.152125][ T7808] netlink: 504 bytes leftover after parsing attributes in process `syz.0.387'. [ 209.205860][ T7808] netlink: 350 bytes leftover after parsing attributes in process `syz.0.387'. [ 209.267975][ T7810] netlink: 354 bytes leftover after parsing attributes in process `syz.1.388'. [ 209.958547][ T7831] ubi: mtd0 is already attached to ubi0 [ 209.982951][ T7831] ubi0: detaching mtd0 [ 210.022097][ T7831] ubi0: mtd0 is detached [ 210.557998][ T7831] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 211.150231][ T5860] Bluetooth: hci1: unexpected subevent 0x01 length: 5 < 18 [ 212.518615][ T7848] kexec: Could not allocate control_code_buffer [ 212.966035][ T7893] netlink: 28 bytes leftover after parsing attributes in process `syz.1.403'. [ 213.076060][ T7893] team0: Port device team_slave_1 removed [ 213.908613][ T30] audit: type=1804 audit(1752586546.436:6): pid=7915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.406" name="/newroot/103/file0" dev="tmpfs" ino=567 res=1 errno=0 [ 215.737425][ T7956] netlink: 12 bytes leftover after parsing attributes in process `syz.1.412'. [ 215.739590][ T7954] HfR: entered promiscuous mode [ 215.774308][ T7956] openvswitch: HfR: Dropping previously announced user features [ 215.865421][ T7954] openvswitch: HfR: Dropping previously announced user features [ 217.900063][ T7988] FAULT_INJECTION: forcing a failure. [ 217.900063][ T7988] name failslab, interval 1, probability 0, space 0, times 0 [ 217.927980][ T7988] CPU: 1 UID: 0 PID: 7988 Comm: syz.3.424 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 217.928020][ T7988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.928037][ T7988] Call Trace: [ 217.928047][ T7988] [ 217.928058][ T7988] dump_stack_lvl+0x16c/0x1f0 [ 217.928120][ T7988] should_fail_ex+0x512/0x640 [ 217.928164][ T7988] ? fs_reclaim_acquire+0xae/0x150 [ 217.928203][ T7988] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 217.928245][ T7988] should_failslab+0xc2/0x120 [ 217.928274][ T7988] __kmalloc_noprof+0xd2/0x510 [ 217.928330][ T7988] tomoyo_realpath_from_path+0xc2/0x6e0 [ 217.928379][ T7988] ? tomoyo_profile+0x47/0x60 [ 217.928439][ T7988] tomoyo_path_number_perm+0x245/0x580 [ 217.928472][ T7988] ? tomoyo_path_number_perm+0x237/0x580 [ 217.928510][ T7988] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 217.928566][ T7988] ? find_held_lock+0x2b/0x80 [ 217.928635][ T7988] ? find_held_lock+0x2b/0x80 [ 217.928666][ T7988] ? hook_file_ioctl_common+0x145/0x410 [ 217.928708][ T7988] ? __fget_files+0x20e/0x3c0 [ 217.928759][ T7988] security_file_ioctl+0x9b/0x240 [ 217.928800][ T7988] __x64_sys_ioctl+0xb7/0x210 [ 217.928839][ T7988] do_syscall_64+0xcd/0x490 [ 217.928890][ T7988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.928920][ T7988] RIP: 0033:0x7fef5c98e929 [ 217.928944][ T7988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.928974][ T7988] RSP: 002b:00007fef5d7d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 217.929002][ T7988] RAX: ffffffffffffffda RBX: 00007fef5cbb5fa0 RCX: 00007fef5c98e929 [ 217.929022][ T7988] RDX: 0000000000000000 RSI: 0000000040084146 RDI: 0000000000000003 [ 217.929041][ T7988] RBP: 00007fef5d7d8090 R08: 0000000000000000 R09: 0000000000000000 [ 217.929059][ T7988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 217.929077][ T7988] R13: 0000000000000000 R14: 00007fef5cbb5fa0 R15: 00007ffd7f64c938 [ 217.929127][ T7988] [ 217.929139][ T7988] ERROR: Out of memory at tomoyo_realpath_from_path. [ 218.862377][ T8014] netlink: 334 bytes leftover after parsing attributes in process `syz.3.431'. [ 218.985260][ T8015] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 220.036263][ T8021] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 220.277224][ T8039] netlink: 'syz.0.437': attribute type 21 has an invalid length. [ 220.360229][ T8039] netlink: 334 bytes leftover after parsing attributes in process `syz.0.437'. [ 220.658085][ T8038] netlink: 334 bytes leftover after parsing attributes in process `syz.0.437'. [ 221.859639][ T8069] FAULT_INJECTION: forcing a failure. [ 221.859639][ T8069] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 221.930229][ T8069] CPU: 1 UID: 0 PID: 8069 Comm: syz.0.442 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 221.930270][ T8069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 221.930287][ T8069] Call Trace: [ 221.930297][ T8069] [ 221.930309][ T8069] dump_stack_lvl+0x16c/0x1f0 [ 221.930361][ T8069] should_fail_ex+0x512/0x640 [ 221.930412][ T8069] _copy_from_user+0x2e/0xd0 [ 221.930460][ T8069] copy_msghdr_from_user+0x98/0x160 [ 221.930508][ T8069] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 221.930561][ T8069] ? __pfx__kstrtoull+0x10/0x10 [ 221.930605][ T8069] ___sys_sendmsg+0xfe/0x1d0 [ 221.930654][ T8069] ? __pfx____sys_sendmsg+0x10/0x10 [ 221.930718][ T8069] ? find_held_lock+0x2b/0x80 [ 221.930775][ T8069] __sys_sendmmsg+0x200/0x420 [ 221.930826][ T8069] ? __pfx___sys_sendmmsg+0x10/0x10 [ 221.930885][ T8069] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 221.930958][ T8069] ? fput+0x70/0xf0 [ 221.930988][ T8069] ? ksys_write+0x1ac/0x250 [ 221.931032][ T8069] ? __pfx_ksys_write+0x10/0x10 [ 221.931084][ T8069] __x64_sys_sendmmsg+0x9c/0x100 [ 221.931129][ T8069] ? lockdep_hardirqs_on+0x7c/0x110 [ 221.931173][ T8069] do_syscall_64+0xcd/0x490 [ 221.931228][ T8069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.931258][ T8069] RIP: 0033:0x7ff2b218e929 [ 221.931282][ T8069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 221.931312][ T8069] RSP: 002b:00007ff2afff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 221.931340][ T8069] RAX: ffffffffffffffda RBX: 00007ff2b23b6080 RCX: 00007ff2b218e929 [ 221.931360][ T8069] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000003 [ 221.931378][ T8069] RBP: 00007ff2afff6090 R08: 0000000000000000 R09: 0000000000000000 [ 221.931396][ T8069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 221.931413][ T8069] R13: 0000000000000000 R14: 00007ff2b23b6080 R15: 00007ffdc2b2d648 [ 221.931452][ T8069] [ 223.163762][ T8095] FAULT_INJECTION: forcing a failure. [ 223.163762][ T8095] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 223.190285][ T8095] CPU: 0 UID: 0 PID: 8095 Comm: syz.1.451 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 223.190327][ T8095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 223.190344][ T8095] Call Trace: [ 223.190354][ T8095] [ 223.190365][ T8095] dump_stack_lvl+0x16c/0x1f0 [ 223.190416][ T8095] should_fail_ex+0x512/0x640 [ 223.190466][ T8095] _copy_from_user+0x2e/0xd0 [ 223.190516][ T8095] copy_from_sockptr_offset.constprop.0+0x136/0x170 [ 223.190557][ T8095] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 223.190600][ T8095] ? _kstrtoull+0x145/0x200 [ 223.190636][ T8095] ? __pfx__kstrtoull+0x10/0x10 [ 223.190677][ T8095] sk_setsockopt+0x170/0x3e40 [ 223.190706][ T8095] ? find_held_lock+0x2b/0x80 [ 223.190742][ T8095] ? __pfx_sk_setsockopt+0x10/0x10 [ 223.190806][ T8095] udp_lib_setsockopt+0x653/0xcf0 [ 223.190841][ T8095] ? __pfx_udp_push_pending_frames+0x10/0x10 [ 223.190874][ T8095] ? __pfx_udp_lib_setsockopt+0x10/0x10 [ 223.190908][ T8095] ? aa_sk_perm+0x2f4/0xb10 [ 223.190948][ T8095] ? __pfx_aa_sk_perm+0x10/0x10 [ 223.191007][ T8095] udp_setsockopt+0xbc/0xd0 [ 223.191037][ T8095] ? __pfx_udp_push_pending_frames+0x10/0x10 [ 223.191069][ T8095] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 223.191101][ T8095] do_sock_setsockopt+0x221/0x470 [ 223.191130][ T8095] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 223.191181][ T8095] __sys_setsockopt+0x120/0x1a0 [ 223.191226][ T8095] __x64_sys_setsockopt+0xbd/0x160 [ 223.191266][ T8095] ? do_syscall_64+0x91/0x490 [ 223.191307][ T8095] ? lockdep_hardirqs_on+0x7c/0x110 [ 223.191347][ T8095] do_syscall_64+0xcd/0x490 [ 223.191392][ T8095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.191420][ T8095] RIP: 0033:0x7fa9ba78e929 [ 223.191442][ T8095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.191469][ T8095] RSP: 002b:00007fa9bb5c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 223.191495][ T8095] RAX: ffffffffffffffda RBX: 00007fa9ba9b5fa0 RCX: 00007fa9ba78e929 [ 223.191514][ T8095] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000003 [ 223.191531][ T8095] RBP: 00007fa9bb5c0090 R08: 0000000000000009 R09: 0000000000000000 [ 223.191548][ T8095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 223.191565][ T8095] R13: 0000000000000000 R14: 00007fa9ba9b5fa0 R15: 00007ffe7587f918 [ 223.191601][ T8095] [ 223.896566][ T8114] FAULT_INJECTION: forcing a failure. [ 223.896566][ T8114] name failslab, interval 1, probability 0, space 0, times 0 [ 223.960419][ T8114] CPU: 0 UID: 0 PID: 8114 Comm: syz.2.457 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 223.960458][ T8114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 223.960474][ T8114] Call Trace: [ 223.960483][ T8114] [ 223.960494][ T8114] dump_stack_lvl+0x16c/0x1f0 [ 223.960550][ T8114] should_fail_ex+0x512/0x640 [ 223.960617][ T8114] should_failslab+0xc2/0x120 [ 223.960649][ T8114] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 223.960699][ T8114] ? dst_alloc+0x99/0x1a0 [ 223.960746][ T8114] dst_alloc+0x99/0x1a0 [ 223.960789][ T8114] rt_dst_alloc+0x35/0x3a0 [ 223.960827][ T8114] ip_route_output_key_hash_rcu+0x87a/0x28f0 [ 223.960886][ T8114] ip_route_output_key_hash+0x137/0x2e0 [ 223.960932][ T8114] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 223.960998][ T8114] ? find_held_lock+0x2b/0x80 [ 223.961036][ T8114] ip_route_output_flow+0x27/0x150 [ 223.961085][ T8114] udp_sendmsg+0x1bdd/0x29f0 [ 223.961125][ T8114] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 223.961167][ T8114] ? __pfx_udp_sendmsg+0x10/0x10 [ 223.961225][ T8114] ? __lock_acquire+0xb8a/0x1c90 [ 223.961268][ T8114] ? __pfx___might_resched+0x10/0x10 [ 223.961303][ T8114] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 223.961359][ T8114] ? aa_sk_perm+0x2f4/0xb10 [ 223.961404][ T8114] ? __import_iovec+0x1dd/0x650 [ 223.961431][ T8114] ? __might_fault+0xe3/0x190 [ 223.961475][ T8114] ? __might_fault+0x13b/0x190 [ 223.961520][ T8114] ? __pfx_udp_sendmsg+0x10/0x10 [ 223.961555][ T8114] inet_sendmsg+0x105/0x140 [ 223.961600][ T8114] ____sys_sendmsg+0x973/0xc70 [ 223.961636][ T8114] ? copy_msghdr_from_user+0x10a/0x160 [ 223.961681][ T8114] ? __pfx_____sys_sendmsg+0x10/0x10 [ 223.961725][ T8114] ? __pfx__kstrtoull+0x10/0x10 [ 223.961772][ T8114] ___sys_sendmsg+0x134/0x1d0 [ 223.961834][ T8114] ? __pfx____sys_sendmsg+0x10/0x10 [ 223.961898][ T8114] ? find_held_lock+0x2b/0x80 [ 223.961963][ T8114] __sys_sendmmsg+0x200/0x420 [ 223.962014][ T8114] ? __pfx___sys_sendmmsg+0x10/0x10 [ 223.962074][ T8114] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 223.962140][ T8114] ? fput+0x70/0xf0 [ 223.962169][ T8114] ? ksys_write+0x1ac/0x250 [ 223.962212][ T8114] ? __pfx_ksys_write+0x10/0x10 [ 223.962263][ T8114] __x64_sys_sendmmsg+0x9c/0x100 [ 223.962309][ T8114] ? lockdep_hardirqs_on+0x7c/0x110 [ 223.962357][ T8114] do_syscall_64+0xcd/0x490 [ 223.962407][ T8114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.962437][ T8114] RIP: 0033:0x7f854538e929 [ 223.962462][ T8114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.962502][ T8114] RSP: 002b:00007f85461ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 223.962528][ T8114] RAX: ffffffffffffffda RBX: 00007f85455b6080 RCX: 00007f854538e929 [ 223.962547][ T8114] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000003 [ 223.962563][ T8114] RBP: 00007f85461ae090 R08: 0000000000000000 R09: 0000000000000000 [ 223.962580][ T8114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 223.962597][ T8114] R13: 0000000000000000 R14: 00007f85455b6080 R15: 00007ffcc31bd678 [ 223.962635][ T8114] [ 227.023012][ T5852] Bluetooth: hci1: command 0x0406 tx timeout [ 227.029111][ T5852] Bluetooth: hci2: command 0x0406 tx timeout [ 227.035310][ T5856] Bluetooth: hci0: command 0x0406 tx timeout [ 227.035735][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 230.390050][ T8222] ovs_: entered promiscuous mode [ 231.214343][ T8243] netlink: 4 bytes leftover after parsing attributes in process `syz.2.495'. [ 231.226368][ T8243] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 231.437836][ T8245] netlink: 28 bytes leftover after parsing attributes in process `syz.1.494'. [ 231.554251][ T8253] netlink: 4 bytes leftover after parsing attributes in process `syz.1.494'. [ 231.690199][ T8256] futex_wake_op: syz.3.496 tries to shift op by 64; fix this program [ 232.713594][ T8265] ubi0: attaching mtd0 [ 232.771714][ T8265] ubi0 error: validate_ec_hdr: bad VID header offset 64, expected 3965 [ 232.852763][ T8265] ubi0 error: validate_ec_hdr: bad EC header [ 232.858972][ T8265] Erase counter header dump: [ 232.863920][ T8265] magic 0x55424923 [ 232.868557][ T8265] version 1 [ 232.872499][ T8265] ec 1 [ 232.876478][ T8265] vid_hdr_offset 64 [ 232.880477][ T8265] data_offset 128 [ 232.884578][ T8265] image_seq 1980513773 [ 232.889933][ T8265] hdr_crc 0xf3a55822 [ 232.894774][ T8265] erase counter header hexdump: [ 232.899837][ T8265] CPU: 1 UID: 0 PID: 8265 Comm: syz.0.500 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 232.899872][ T8265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 232.899888][ T8265] Call Trace: [ 232.899897][ T8265] [ 232.899921][ T8265] dump_stack_lvl+0x16c/0x1f0 [ 232.899991][ T8265] validate_ec_hdr+0x28c/0x330 [ 232.900040][ T8265] ubi_io_read_ec_hdr+0x63b/0x6c0 [ 232.900090][ T8265] ubi_attach+0x5e7/0x4bd0 [ 232.900138][ T8265] ? __pfx_ubi_msg+0x10/0x10 [ 232.900174][ T8265] ? __pfx_ubi_attach+0x10/0x10 [ 232.900208][ T8265] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 232.900241][ T8265] ? __vmalloc_node_noprof+0xad/0xf0 [ 232.900281][ T8265] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 232.900320][ T8265] ubi_attach_mtd_dev+0x15a7/0x35d0 [ 232.900376][ T8265] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 232.900417][ T8265] ? __pfx_get_mtd_device+0x10/0x10 [ 232.900474][ T8265] ctrl_cdev_ioctl+0x337/0x3d0 [ 232.900510][ T8265] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 232.900558][ T8265] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 232.900595][ T8265] __x64_sys_ioctl+0x18b/0x210 [ 232.900637][ T8265] do_syscall_64+0xcd/0x490 [ 232.900689][ T8265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.900721][ T8265] RIP: 0033:0x7ff2b218e929 [ 232.900746][ T8265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.900776][ T8265] RSP: 002b:00007ff2b2f15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 232.900805][ T8265] RAX: ffffffffffffffda RBX: 00007ff2b23b5fa0 RCX: 00007ff2b218e929 [ 232.900825][ T8265] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000005 [ 232.900845][ T8265] RBP: 00007ff2b2210b39 R08: 0000000000000000 R09: 0000000000000000 [ 232.900864][ T8265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 232.900883][ T8265] R13: 0000000000000000 R14: 00007ff2b23b5fa0 R15: 00007ffdc2b2d648 [ 232.900924][ T8265] [ 233.095544][ C1] vkms_vblank_simulate: vblank timer overrun [ 233.116965][ T8265] ubi0 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 233.252782][ T8265] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 233.805322][ T8291] syz.3.504 (8291): attempted to duplicate a private mapping with mremap. This is not supported. [ 233.898755][ T8285] netlink: 8 bytes leftover after parsing attributes in process `syz.3.504'. [ 234.362970][ T8301] netlink: 334 bytes leftover after parsing attributes in process `syz.1.508'. [ 234.964055][ T8302] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 235.262861][ T8293] ima: policy update failed [ 235.267767][ T30] audit: type=1802 audit(1752586567.796:7): pid=8293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.507" res=0 errno=0 [ 236.198321][ T8330] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 236.234333][ T8313] vivid-003: ================= START STATUS ================= [ 236.276138][ T8313] vivid-003: Radio HW Seek Mode: Bounded [ 236.285258][ T8313] vivid-003: Radio Programmable HW Seek: false [ 236.316889][ T8313] vivid-003: RDS Rx I/O Mode: Block I/O [ 236.358325][ T8313] vivid-003: Generate RBDS Instead of RDS: false [ 236.365840][ T8313] vivid-003: RDS Reception: true [ 236.371766][ T8313] vivid-003: RDS Program Type: 0 inactive [ 236.489435][ T8313] vivid-003: RDS PS Name: inactive [ 236.529958][ T8313] vivid-003: RDS Radio Text: inactive [ 236.535823][ T8313] vivid-003: RDS Traffic Announcement: false inactive [ 236.542974][ T8313] vivid-003: RDS Traffic Program: false inactive [ 236.549421][ T8313] vivid-003: RDS Music: false inactive [ 236.571512][ T8313] vivid-003: ================== END STATUS ================== [ 241.082717][ T8396] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 241.859590][ T8413] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 242.614890][ T8425] virtio-pci 0000:00:04.0: [Firmware Bug]: Overriding NUMA node to 0. Contact your vendor for updates. [ 242.957182][ T8420] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 246.028309][ T8465] ima: policy update failed [ 246.033515][ T30] audit: type=1802 audit(1752586578.566:8): pid=8465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.543" res=0 errno=0 [ 246.649686][ T8505] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 247.928888][ T8530] FAULT_INJECTION: forcing a failure. [ 247.928888][ T8530] name failslab, interval 1, probability 0, space 0, times 0 [ 248.020241][ T8530] CPU: 0 UID: 0 PID: 8530 Comm: syz.1.559 Tainted: G I 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 248.020289][ T8530] Tainted: [I]=FIRMWARE_WORKAROUND [ 248.020300][ T8530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 248.020317][ T8530] Call Trace: [ 248.020327][ T8530] [ 248.020343][ T8530] dump_stack_lvl+0x16c/0x1f0 [ 248.020394][ T8530] should_fail_ex+0x512/0x640 [ 248.020449][ T8530] should_failslab+0xc2/0x120 [ 248.020480][ T8530] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 248.020529][ T8530] ? dst_alloc+0x99/0x1a0 [ 248.020574][ T8530] dst_alloc+0x99/0x1a0 [ 248.020619][ T8530] rt_dst_alloc+0x35/0x3a0 [ 248.020655][ T8530] ip_route_output_key_hash_rcu+0x87a/0x28f0 [ 248.020715][ T8530] ip_route_output_key_hash+0x137/0x2e0 [ 248.020761][ T8530] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 248.020817][ T8530] ? find_held_lock+0x2b/0x80 [ 248.020856][ T8530] ip_route_output_flow+0x27/0x150 [ 248.020905][ T8530] udp_sendmsg+0x1bdd/0x29f0 [ 248.020944][ T8530] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 248.020985][ T8530] ? __pfx_udp_sendmsg+0x10/0x10 [ 248.021040][ T8530] ? __lock_acquire+0xb8a/0x1c90 [ 248.021080][ T8530] ? __pfx___might_resched+0x10/0x10 [ 248.021113][ T8530] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 248.021167][ T8530] ? aa_sk_perm+0x2f4/0xb10 [ 248.021210][ T8530] ? __import_iovec+0x1dd/0x650 [ 248.021246][ T8530] ? __might_fault+0xe3/0x190 [ 248.021288][ T8530] ? __might_fault+0x13b/0x190 [ 248.021333][ T8530] ? __pfx_udp_sendmsg+0x10/0x10 [ 248.021368][ T8530] inet_sendmsg+0x105/0x140 [ 248.021411][ T8530] ____sys_sendmsg+0x973/0xc70 [ 248.021448][ T8530] ? copy_msghdr_from_user+0x10a/0x160 [ 248.021494][ T8530] ? __pfx_____sys_sendmsg+0x10/0x10 [ 248.021535][ T8530] ? kfree+0x24f/0x4d0 [ 248.021570][ T8530] ? __pfx__kstrtoull+0x10/0x10 [ 248.021616][ T8530] ___sys_sendmsg+0x134/0x1d0 [ 248.021665][ T8530] ? __pfx____sys_sendmsg+0x10/0x10 [ 248.021752][ T8530] ? __pfx___might_resched+0x10/0x10 [ 248.021795][ T8530] __sys_sendmmsg+0x200/0x420 [ 248.021848][ T8530] ? __pfx___sys_sendmmsg+0x10/0x10 [ 248.021910][ T8530] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 248.021975][ T8530] ? fput+0x70/0xf0 [ 248.022004][ T8530] ? ksys_write+0x1ac/0x250 [ 248.022046][ T8530] ? __pfx_ksys_write+0x10/0x10 [ 248.022096][ T8530] __x64_sys_sendmmsg+0x9c/0x100 [ 248.022160][ T8530] ? lockdep_hardirqs_on+0x7c/0x110 [ 248.022201][ T8530] do_syscall_64+0xcd/0x490 [ 248.022261][ T8530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.022292][ T8530] RIP: 0033:0x7fa9ba78e929 [ 248.022318][ T8530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 248.022348][ T8530] RSP: 002b:00007fa9bb59f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 248.022377][ T8530] RAX: ffffffffffffffda RBX: 00007fa9ba9b6080 RCX: 00007fa9ba78e929 [ 248.022397][ T8530] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000003 [ 248.022415][ T8530] RBP: 00007fa9bb59f090 R08: 0000000000000000 R09: 0000000000000000 [ 248.022445][ T8530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 248.022463][ T8530] R13: 0000000000000000 R14: 00007fa9ba9b6080 R15: 00007ffe7587f918 [ 248.022504][ T8530] [ 251.938086][ T8590] misc userio: No port type given on /dev/userio [ 252.019865][ T8590] usb usb35: usbfs: process 8590 (syz.1.574) did not claim interface 0 before use [ 252.568631][ T8607] vhci_hcd: invalid port number 21 [ 252.946940][ T8613] random: crng reseeded on system resumption [ 257.131449][ T8673] FAULT_INJECTION: forcing a failure. [ 257.131449][ T8673] name failslab, interval 1, probability 0, space 0, times 0 [ 257.160691][ T8673] CPU: 0 UID: 0 PID: 8673 Comm: syz.0.596 Tainted: G I 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 257.160742][ T8673] Tainted: [I]=FIRMWARE_WORKAROUND [ 257.160754][ T8673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 257.160771][ T8673] Call Trace: [ 257.160781][ T8673] [ 257.160793][ T8673] dump_stack_lvl+0x16c/0x1f0 [ 257.160842][ T8673] should_fail_ex+0x512/0x640 [ 257.160894][ T8673] should_failslab+0xc2/0x120 [ 257.160924][ T8673] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 257.160972][ T8673] ? dst_alloc+0x99/0x1a0 [ 257.161017][ T8673] dst_alloc+0x99/0x1a0 [ 257.161062][ T8673] rt_dst_alloc+0x35/0x3a0 [ 257.161097][ T8673] ip_route_output_key_hash_rcu+0x87a/0x28f0 [ 257.161165][ T8673] ip_route_output_key_hash+0x137/0x2e0 [ 257.161206][ T8673] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 257.161260][ T8673] ? find_held_lock+0x2b/0x80 [ 257.161295][ T8673] ip_route_output_flow+0x27/0x150 [ 257.161340][ T8673] udp_sendmsg+0x1bdd/0x29f0 [ 257.161376][ T8673] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 257.161414][ T8673] ? __pfx_udp_sendmsg+0x10/0x10 [ 257.161467][ T8673] ? __lock_acquire+0xb8a/0x1c90 [ 257.161505][ T8673] ? __pfx___might_resched+0x10/0x10 [ 257.161536][ T8673] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 257.161593][ T8673] ? aa_sk_perm+0x2f4/0xb10 [ 257.161634][ T8673] ? __import_iovec+0x1dd/0x650 [ 257.161658][ T8673] ? __might_fault+0xe3/0x190 [ 257.161698][ T8673] ? __might_fault+0x13b/0x190 [ 257.161740][ T8673] ? __pfx_udp_sendmsg+0x10/0x10 [ 257.161772][ T8673] inet_sendmsg+0x105/0x140 [ 257.161813][ T8673] ____sys_sendmsg+0x973/0xc70 [ 257.161847][ T8673] ? copy_msghdr_from_user+0x10a/0x160 [ 257.161890][ T8673] ? __pfx_____sys_sendmsg+0x10/0x10 [ 257.161944][ T8673] ? kfree+0x24f/0x4d0 [ 257.161981][ T8673] ? __pfx__kstrtoull+0x10/0x10 [ 257.162026][ T8673] ___sys_sendmsg+0x134/0x1d0 [ 257.162074][ T8673] ? __pfx____sys_sendmsg+0x10/0x10 [ 257.162161][ T8673] ? __pfx___might_resched+0x10/0x10 [ 257.162203][ T8673] __sys_sendmmsg+0x200/0x420 [ 257.162254][ T8673] ? __pfx___sys_sendmmsg+0x10/0x10 [ 257.162315][ T8673] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 257.162381][ T8673] ? fput+0x70/0xf0 [ 257.162410][ T8673] ? ksys_write+0x1ac/0x250 [ 257.162451][ T8673] ? __pfx_ksys_write+0x10/0x10 [ 257.162501][ T8673] __x64_sys_sendmmsg+0x9c/0x100 [ 257.162547][ T8673] ? lockdep_hardirqs_on+0x7c/0x110 [ 257.162596][ T8673] do_syscall_64+0xcd/0x490 [ 257.162645][ T8673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.162676][ T8673] RIP: 0033:0x7ff2b218e929 [ 257.162700][ T8673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.162729][ T8673] RSP: 002b:00007ff2afff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 257.162757][ T8673] RAX: ffffffffffffffda RBX: 00007ff2b23b6080 RCX: 00007ff2b218e929 [ 257.162777][ T8673] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000003 [ 257.162795][ T8673] RBP: 00007ff2afff6090 R08: 0000000000000000 R09: 0000000000000000 [ 257.162814][ T8673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 257.162832][ T8673] R13: 0000000000000000 R14: 00007ff2b23b6080 R15: 00007ffdc2b2d648 [ 257.162872][ T8673] [ 259.785046][ T8685] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 260.014443][ T8722] FAULT_INJECTION: forcing a failure. [ 260.014443][ T8722] name failslab, interval 1, probability 0, space 0, times 0 [ 260.100265][ T8722] CPU: 1 UID: 0 PID: 8722 Comm: syz.3.610 Tainted: G I 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 260.100315][ T8722] Tainted: [I]=FIRMWARE_WORKAROUND [ 260.100326][ T8722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.100344][ T8722] Call Trace: [ 260.100354][ T8722] [ 260.100365][ T8722] dump_stack_lvl+0x16c/0x1f0 [ 260.100416][ T8722] should_fail_ex+0x512/0x640 [ 260.100466][ T8722] should_failslab+0xc2/0x120 [ 260.100496][ T8722] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 260.100545][ T8722] ? dst_alloc+0x99/0x1a0 [ 260.100590][ T8722] dst_alloc+0x99/0x1a0 [ 260.100639][ T8722] rt_dst_alloc+0x35/0x3a0 [ 260.100675][ T8722] ip_route_output_key_hash_rcu+0x87a/0x28f0 [ 260.100733][ T8722] ip_route_output_key_hash+0x137/0x2e0 [ 260.100777][ T8722] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 260.100834][ T8722] ? find_held_lock+0x2b/0x80 [ 260.100872][ T8722] ip_route_output_flow+0x27/0x150 [ 260.100920][ T8722] udp_sendmsg+0x1bdd/0x29f0 [ 260.100959][ T8722] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 260.100998][ T8722] ? __pfx_udp_sendmsg+0x10/0x10 [ 260.101054][ T8722] ? __lock_acquire+0xb8a/0x1c90 [ 260.101096][ T8722] ? __pfx___might_resched+0x10/0x10 [ 260.101129][ T8722] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 260.101183][ T8722] ? aa_sk_perm+0x2f4/0xb10 [ 260.101235][ T8722] ? __import_iovec+0x1dd/0x650 [ 260.101272][ T8722] ? __might_fault+0xe3/0x190 [ 260.101329][ T8722] ? __might_fault+0x13b/0x190 [ 260.101375][ T8722] ? __pfx_udp_sendmsg+0x10/0x10 [ 260.101408][ T8722] inet_sendmsg+0x105/0x140 [ 260.101445][ T8722] ____sys_sendmsg+0x973/0xc70 [ 260.101469][ T8722] ? copy_msghdr_from_user+0x10a/0x160 [ 260.101501][ T8722] ? __pfx_____sys_sendmsg+0x10/0x10 [ 260.101529][ T8722] ? kfree+0x24f/0x4d0 [ 260.101553][ T8722] ? __pfx__kstrtoull+0x10/0x10 [ 260.101584][ T8722] ___sys_sendmsg+0x134/0x1d0 [ 260.101618][ T8722] ? __pfx____sys_sendmsg+0x10/0x10 [ 260.101676][ T8722] ? __pfx___might_resched+0x10/0x10 [ 260.101705][ T8722] __sys_sendmmsg+0x200/0x420 [ 260.101741][ T8722] ? __pfx___sys_sendmmsg+0x10/0x10 [ 260.101782][ T8722] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 260.101828][ T8722] ? fput+0x70/0xf0 [ 260.101849][ T8722] ? ksys_write+0x1ac/0x250 [ 260.101879][ T8722] ? __pfx_ksys_write+0x10/0x10 [ 260.101915][ T8722] __x64_sys_sendmmsg+0x9c/0x100 [ 260.101947][ T8722] ? lockdep_hardirqs_on+0x7c/0x110 [ 260.101977][ T8722] do_syscall_64+0xcd/0x490 [ 260.102012][ T8722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.102033][ T8722] RIP: 0033:0x7fef5c98e929 [ 260.102050][ T8722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.102074][ T8722] RSP: 002b:00007fef5d7b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 260.102095][ T8722] RAX: ffffffffffffffda RBX: 00007fef5cbb6080 RCX: 00007fef5c98e929 [ 260.102109][ T8722] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000003 [ 260.102121][ T8722] RBP: 00007fef5d7b7090 R08: 0000000000000000 R09: 0000000000000000 [ 260.102134][ T8722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 260.102147][ T8722] R13: 0000000000000000 R14: 00007fef5cbb6080 R15: 00007ffd7f64c938 [ 260.102174][ T8722] [ 260.497745][ T30] audit: type=1326 audit(1752586592.996:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8710 comm="syz.2.609" exe="/root/syz-executor" sig=9 arch=c000003e syscall=157 compat=0 ip=0x7f854538e929 code=0x0 [ 260.784808][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.791267][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.138497][ T8745] random: crng reseeded on system resumption [ 262.624933][ T8765] netlink: 334 bytes leftover after parsing attributes in process `syz.0.618'. [ 262.675900][ T8765] FAULT_INJECTION: forcing a failure. [ 262.675900][ T8765] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 262.723268][ T8765] CPU: 0 UID: 0 PID: 8765 Comm: syz.0.618 Tainted: G I 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 262.723321][ T8765] Tainted: [I]=FIRMWARE_WORKAROUND [ 262.723332][ T8765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 262.723349][ T8765] Call Trace: [ 262.723359][ T8765] [ 262.723371][ T8765] dump_stack_lvl+0x16c/0x1f0 [ 262.723421][ T8765] should_fail_ex+0x512/0x640 [ 262.723473][ T8765] _copy_from_user+0x2e/0xd0 [ 262.723525][ T8765] copy_msghdr_from_user+0x98/0x160 [ 262.723574][ T8765] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 262.723628][ T8765] ? __pfx__kstrtoull+0x10/0x10 [ 262.723672][ T8765] ___sys_sendmsg+0xfe/0x1d0 [ 262.723721][ T8765] ? __pfx____sys_sendmsg+0x10/0x10 [ 262.723789][ T8765] ? find_held_lock+0x2b/0x80 [ 262.723845][ T8765] __sys_sendmmsg+0x200/0x420 [ 262.723898][ T8765] ? __pfx___sys_sendmmsg+0x10/0x10 [ 262.723959][ T8765] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 262.724026][ T8765] ? fput+0x70/0xf0 [ 262.724056][ T8765] ? ksys_write+0x1ac/0x250 [ 262.724112][ T8765] ? __pfx_ksys_write+0x10/0x10 [ 262.724159][ T8765] __x64_sys_sendmmsg+0x9c/0x100 [ 262.724212][ T8765] ? lockdep_hardirqs_on+0x7c/0x110 [ 262.724252][ T8765] do_syscall_64+0xcd/0x490 [ 262.724294][ T8765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.724323][ T8765] RIP: 0033:0x7ff2b218e929 [ 262.724344][ T8765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.724370][ T8765] RSP: 002b:00007ff2b2f15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 262.724394][ T8765] RAX: ffffffffffffffda RBX: 00007ff2b23b5fa0 RCX: 00007ff2b218e929 [ 262.724412][ T8765] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 262.724427][ T8765] RBP: 00007ff2b2f15090 R08: 0000000000000000 R09: 0000000000000000 [ 262.724443][ T8765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.724458][ T8765] R13: 0000000000000000 R14: 00007ff2b23b5fa0 R15: 00007ffdc2b2d648 [ 262.724493][ T8765] [ 263.641788][ T8786] FAULT_INJECTION: forcing a failure. [ 263.641788][ T8786] name failslab, interval 1, probability 0, space 0, times 0 [ 263.700266][ T8786] CPU: 1 UID: 0 PID: 8786 Comm: syz.0.622 Tainted: G I 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 263.700314][ T8786] Tainted: [I]=FIRMWARE_WORKAROUND [ 263.700325][ T8786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.700342][ T8786] Call Trace: [ 263.700352][ T8786] [ 263.700363][ T8786] dump_stack_lvl+0x16c/0x1f0 [ 263.700414][ T8786] should_fail_ex+0x512/0x640 [ 263.700457][ T8786] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 263.700508][ T8786] should_failslab+0xc2/0x120 [ 263.700538][ T8786] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 263.700587][ T8786] ? __alloc_skb+0x2b2/0x380 [ 263.700637][ T8786] __alloc_skb+0x2b2/0x380 [ 263.700681][ T8786] ? __pfx___alloc_skb+0x10/0x10 [ 263.700731][ T8786] ? is_bpf_text_address+0x8a/0x1a0 [ 263.700779][ T8786] alloc_skb_with_frags+0xe0/0x860 [ 263.700813][ T8786] ? __lock_acquire+0xb8a/0x1c90 [ 263.700868][ T8786] sock_alloc_send_pskb+0x7fb/0x990 [ 263.700927][ T8786] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 263.700978][ T8786] ? __lock_acquire+0x622/0x1c90 [ 263.701025][ T8786] __ip_append_data+0x21c6/0x4240 [ 263.701065][ T8786] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 263.701111][ T8786] ? ip_dst_mtu_maybe_forward.constprop.0+0x311/0x6e0 [ 263.701154][ T8786] ? __pfx___ip_append_data+0x10/0x10 [ 263.701185][ T8786] ? dst_alloc+0xc0/0x1a0 [ 263.701234][ T8786] ip_make_skb+0x27f/0x300 [ 263.701278][ T8786] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 263.701316][ T8786] ? __pfx_ip_make_skb+0x10/0x10 [ 263.701349][ T8786] ? ip_route_output_key_hash+0x16b/0x2e0 [ 263.701417][ T8786] ? udp_sendmsg+0x18b4/0x29f0 [ 263.701448][ T8786] udp_sendmsg+0x18b4/0x29f0 [ 263.701489][ T8786] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 263.701529][ T8786] ? __pfx_udp_sendmsg+0x10/0x10 [ 263.701584][ T8786] ? __lock_acquire+0xb8a/0x1c90 [ 263.701626][ T8786] ? __pfx___might_resched+0x10/0x10 [ 263.701668][ T8786] ? aa_sk_perm+0x2f4/0xb10 [ 263.701710][ T8786] ? __import_iovec+0x1dd/0x650 [ 263.701737][ T8786] ? __might_fault+0xe3/0x190 [ 263.701779][ T8786] ? __might_fault+0x13b/0x190 [ 263.701824][ T8786] ? __pfx_udp_sendmsg+0x10/0x10 [ 263.701931][ T8786] inet_sendmsg+0x105/0x140 [ 263.701974][ T8786] ____sys_sendmsg+0x973/0xc70 [ 263.702011][ T8786] ? copy_msghdr_from_user+0x10a/0x160 [ 263.702059][ T8786] ? __pfx_____sys_sendmsg+0x10/0x10 [ 263.702102][ T8786] ? kfree+0x24f/0x4d0 [ 263.702139][ T8786] ? __pfx__kstrtoull+0x10/0x10 [ 263.702187][ T8786] ___sys_sendmsg+0x134/0x1d0 [ 263.702237][ T8786] ? __pfx____sys_sendmsg+0x10/0x10 [ 263.702325][ T8786] ? __pfx___might_resched+0x10/0x10 [ 263.702370][ T8786] __sys_sendmmsg+0x200/0x420 [ 263.702425][ T8786] ? __pfx___sys_sendmmsg+0x10/0x10 [ 263.702483][ T8786] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 263.702551][ T8786] ? fput+0x70/0xf0 [ 263.702593][ T8786] ? ksys_write+0x1ac/0x250 [ 263.702637][ T8786] ? __pfx_ksys_write+0x10/0x10 [ 263.702689][ T8786] __x64_sys_sendmmsg+0x9c/0x100 [ 263.702737][ T8786] ? lockdep_hardirqs_on+0x7c/0x110 [ 263.702781][ T8786] do_syscall_64+0xcd/0x490 [ 263.702831][ T8786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.702869][ T8786] RIP: 0033:0x7ff2b218e929 [ 263.702912][ T8786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.702942][ T8786] RSP: 002b:00007ff2afff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 263.702971][ T8786] RAX: ffffffffffffffda RBX: 00007ff2b23b6080 RCX: 00007ff2b218e929 [ 263.702993][ T8786] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000003 [ 263.703011][ T8786] RBP: 00007ff2afff6090 R08: 0000000000000000 R09: 0000000000000000 [ 263.703030][ T8786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 263.703049][ T8786] R13: 0000000000000000 R14: 00007ff2b23b6080 R15: 00007ffdc2b2d648 [ 263.703091][ T8786] [ 265.473405][ T8807] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 265.679070][ T8813] netlink: 334 bytes leftover after parsing attributes in process `syz.0.629'. [ 265.693765][ T8813] netlink: 334 bytes leftover after parsing attributes in process `syz.0.629'. [ 265.883918][ T8817] netlink: 334 bytes leftover after parsing attributes in process `syz.0.630'. [ 265.970029][ T8817] FAULT_INJECTION: forcing a failure. [ 265.970029][ T8817] name failslab, interval 1, probability 0, space 0, times 0 [ 266.040255][ T8817] CPU: 0 UID: 0 PID: 8817 Comm: syz.0.630 Tainted: G I 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 266.040303][ T8817] Tainted: [I]=FIRMWARE_WORKAROUND [ 266.040314][ T8817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 266.040331][ T8817] Call Trace: [ 266.040341][ T8817] [ 266.040352][ T8817] dump_stack_lvl+0x16c/0x1f0 [ 266.040408][ T8817] should_fail_ex+0x512/0x640 [ 266.040454][ T8817] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 266.040504][ T8817] should_failslab+0xc2/0x120 [ 266.040533][ T8817] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 266.040579][ T8817] ? __alloc_skb+0x2b2/0x380 [ 266.040629][ T8817] __alloc_skb+0x2b2/0x380 [ 266.040672][ T8817] ? __pfx___alloc_skb+0x10/0x10 [ 266.040721][ T8817] ? __lock_acquire+0xb8a/0x1c90 [ 266.040768][ T8817] netlink_alloc_large_skb+0x69/0x130 [ 266.040803][ T8817] netlink_sendmsg+0x6a1/0xdd0 [ 266.040860][ T8817] ? __pfx_netlink_sendmsg+0x10/0x10 [ 266.040922][ T8817] ____sys_sendmsg+0xa95/0xc70 [ 266.040958][ T8817] ? copy_msghdr_from_user+0x10a/0x160 [ 266.041002][ T8817] ? __pfx_____sys_sendmsg+0x10/0x10 [ 266.041051][ T8817] ? __pfx__kstrtoull+0x10/0x10 [ 266.041095][ T8817] ___sys_sendmsg+0x134/0x1d0 [ 266.041142][ T8817] ? __pfx____sys_sendmsg+0x10/0x10 [ 266.041205][ T8817] ? find_held_lock+0x2b/0x80 [ 266.041264][ T8817] __sys_sendmmsg+0x200/0x420 [ 266.041316][ T8817] ? __pfx___sys_sendmmsg+0x10/0x10 [ 266.041377][ T8817] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 266.041441][ T8817] ? fput+0x70/0xf0 [ 266.041470][ T8817] ? ksys_write+0x1ac/0x250 [ 266.041532][ T8817] ? __pfx_ksys_write+0x10/0x10 [ 266.041584][ T8817] __x64_sys_sendmmsg+0x9c/0x100 [ 266.041649][ T8817] ? lockdep_hardirqs_on+0x7c/0x110 [ 266.041719][ T8817] do_syscall_64+0xcd/0x490 [ 266.041769][ T8817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.041800][ T8817] RIP: 0033:0x7ff2b218e929 [ 266.041826][ T8817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.041856][ T8817] RSP: 002b:00007ff2b2f15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 266.041886][ T8817] RAX: ffffffffffffffda RBX: 00007ff2b23b5fa0 RCX: 00007ff2b218e929 [ 266.041907][ T8817] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 266.041926][ T8817] RBP: 00007ff2b2f15090 R08: 0000000000000000 R09: 0000000000000000 [ 266.041946][ T8817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 266.041964][ T8817] R13: 0000000000000000 R14: 00007ff2b23b5fa0 R15: 00007ffdc2b2d648 [ 266.042014][ T8817] [ 267.962934][ T8852] netlink: 334 bytes leftover after parsing attributes in process `syz.0.641'. [ 268.013689][ T8852] netlink: 330 bytes leftover after parsing attributes in process `syz.0.641'. [ 268.028453][ T8852] netlink: 330 bytes leftover after parsing attributes in process `syz.0.641'. [ 269.698780][ T8880] netlink: 334 bytes leftover after parsing attributes in process `syz.3.650'. [ 270.289251][ T8894] netlink: 334 bytes leftover after parsing attributes in process `syz.1.653'. [ 270.308502][ T8894] netlink: 334 bytes leftover after parsing attributes in process `syz.1.653'. [ 270.801422][ T8902] netlink: 334 bytes leftover after parsing attributes in process `syz.2.656'. [ 270.841433][ T8902] FAULT_INJECTION: forcing a failure. [ 270.841433][ T8902] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 270.890618][ T8902] CPU: 0 UID: 0 PID: 8902 Comm: syz.2.656 Tainted: G I 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 270.890670][ T8902] Tainted: [I]=FIRMWARE_WORKAROUND [ 270.890682][ T8902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 270.890700][ T8902] Call Trace: [ 270.890709][ T8902] [ 270.890722][ T8902] dump_stack_lvl+0x16c/0x1f0 [ 270.890779][ T8902] should_fail_ex+0x512/0x640 [ 270.890832][ T8902] _copy_from_iter+0x29f/0x16f0 [ 270.890887][ T8902] ? __alloc_skb+0x200/0x380 [ 270.890932][ T8902] ? __pfx__copy_from_iter+0x10/0x10 [ 270.890988][ T8902] ? __lock_acquire+0xb8a/0x1c90 [ 270.891044][ T8902] netlink_sendmsg+0x829/0xdd0 [ 270.891084][ T8902] ? __pfx_netlink_sendmsg+0x10/0x10 [ 270.891133][ T8902] ____sys_sendmsg+0xa95/0xc70 [ 270.891169][ T8902] ? copy_msghdr_from_user+0x10a/0x160 [ 270.891216][ T8902] ? __pfx_____sys_sendmsg+0x10/0x10 [ 270.891257][ T8902] ? __pfx__kstrtoull+0x10/0x10 [ 270.891304][ T8902] ___sys_sendmsg+0x134/0x1d0 [ 270.891353][ T8902] ? __pfx____sys_sendmsg+0x10/0x10 [ 270.891422][ T8902] ? find_held_lock+0x2b/0x80 [ 270.891482][ T8902] __sys_sendmmsg+0x200/0x420 [ 270.891531][ T8902] ? __pfx___sys_sendmmsg+0x10/0x10 [ 270.891589][ T8902] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 270.891663][ T8902] ? fput+0x70/0xf0 [ 270.891693][ T8902] ? ksys_write+0x1ac/0x250 [ 270.891738][ T8902] ? __pfx_ksys_write+0x10/0x10 [ 270.891792][ T8902] __x64_sys_sendmmsg+0x9c/0x100 [ 270.891845][ T8902] ? lockdep_hardirqs_on+0x7c/0x110 [ 270.891890][ T8902] do_syscall_64+0xcd/0x490 [ 270.891941][ T8902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.891974][ T8902] RIP: 0033:0x7f854538e929 [ 270.891999][ T8902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.892029][ T8902] RSP: 002b:00007f85461cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 270.892058][ T8902] RAX: ffffffffffffffda RBX: 00007f85455b5fa0 RCX: 00007f854538e929 [ 270.892079][ T8902] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 270.892099][ T8902] RBP: 00007f85461cf090 R08: 0000000000000000 R09: 0000000000000000 [ 270.892124][ T8902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 270.892143][ T8902] R13: 0000000000000000 R14: 00007f85455b5fa0 R15: 00007ffcc31bd678 [ 270.892183][ T8902] [ 272.075575][ T8936] netlink: 334 bytes leftover after parsing attributes in process `syz.1.664'. [ 273.223972][ T8954] ================================================================== [ 273.232113][ T8954] BUG: KASAN: slab-out-of-bounds in afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 273.240853][ T8954] Read of size 1 at addr ffff8880254b9849 by task syz.0.670/8954 [ 273.248627][ T8954] [ 273.250997][ T8954] CPU: 1 UID: 0 PID: 8954 Comm: syz.0.670 Tainted: G I 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 273.251051][ T8954] Tainted: [I]=FIRMWARE_WORKAROUND [ 273.251064][ T8954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 273.251084][ T8954] Call Trace: [ 273.251095][ T8954] [ 273.251107][ T8954] dump_stack_lvl+0x116/0x1f0 [ 273.251161][ T8954] print_report+0xcd/0x610 [ 273.251191][ T8954] ? __virt_addr_valid+0x81/0x610 [ 273.251228][ T8954] ? __phys_addr+0xe8/0x180 [ 273.251265][ T8954] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 273.251303][ T8954] kasan_report+0xe0/0x110 [ 273.251335][ T8954] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 273.251378][ T8954] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 273.251422][ T8954] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 273.251471][ T8954] ? find_held_lock+0x2b/0x80 [ 273.251504][ T8954] ? __might_fault+0xe3/0x190 [ 273.251553][ T8954] ? __might_fault+0xe3/0x190 [ 273.251609][ T8954] ? __might_fault+0x13b/0x190 [ 273.251668][ T8954] ? proc_simple_write+0x117/0x1b0 [ 273.251703][ T8954] proc_simple_write+0x117/0x1b0 [ 273.251737][ T8954] ? __pfx_proc_simple_write+0x10/0x10 [ 273.251772][ T8954] proc_reg_write+0x240/0x330 [ 273.251822][ T8954] ? __pfx_proc_reg_write+0x10/0x10 [ 273.251872][ T8954] vfs_write+0x29d/0x1150 [ 273.251923][ T8954] ? __pfx___mutex_lock+0x10/0x10 [ 273.251974][ T8954] ? __pfx_vfs_write+0x10/0x10 [ 273.252027][ T8954] ? __fget_files+0x20e/0x3c0 [ 273.252077][ T8954] ksys_write+0x12a/0x250 [ 273.252124][ T8954] ? __pfx_ksys_write+0x10/0x10 [ 273.252178][ T8954] do_syscall_64+0xcd/0x490 [ 273.252231][ T8954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.252264][ T8954] RIP: 0033:0x7ff2b218e929 [ 273.252290][ T8954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.252322][ T8954] RSP: 002b:00007ff2b2f15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 273.252353][ T8954] RAX: ffffffffffffffda RBX: 00007ff2b23b5fa0 RCX: 00007ff2b218e929 [ 273.252376][ T8954] RDX: 0000000000000008 RSI: 0000200000000300 RDI: 0000000000000005 [ 273.252397][ T8954] RBP: 00007ff2b2210b39 R08: 0000000000000000 R09: 0000000000000000 [ 273.252418][ T8954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 273.252445][ T8954] R13: 0000000000000000 R14: 00007ff2b23b5fa0 R15: 00007ffdc2b2d648 [ 273.252477][ T8954] [ 273.252489][ T8954] [ 273.494781][ T8954] Allocated by task 8954: [ 273.499134][ T8954] kasan_save_stack+0x33/0x60 [ 273.503877][ T8954] kasan_save_track+0x14/0x30 [ 273.508594][ T8954] __kasan_kmalloc+0xaa/0xb0 [ 273.513224][ T8954] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 273.519680][ T8954] memdup_user_nul+0x2b/0x120 [ 273.524380][ T8954] proc_simple_write+0xc7/0x1b0 [ 273.529276][ T8954] proc_reg_write+0x240/0x330 [ 273.534001][ T8954] vfs_write+0x29d/0x1150 [ 273.538382][ T8954] ksys_write+0x12a/0x250 [ 273.542754][ T8954] do_syscall_64+0xcd/0x490 [ 273.547299][ T8954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.553241][ T8954] [ 273.555580][ T8954] The buggy address belongs to the object at ffff8880254b9840 [ 273.555580][ T8954] which belongs to the cache kmalloc-16 of size 16 [ 273.569481][ T8954] The buggy address is located 0 bytes to the right of [ 273.569481][ T8954] allocated 9-byte region [ffff8880254b9840, ffff8880254b9849) [ 273.583826][ T8954] [ 273.586161][ T8954] The buggy address belongs to the physical page: [ 273.592575][ T8954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x254b9 [ 273.601350][ T8954] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 273.608929][ T8954] page_type: f5(slab) [ 273.612950][ T8954] raw: 00fff00000000000 ffff88801b841640 0000000000000000 dead000000000001 [ 273.621557][ T8954] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 273.630152][ T8954] page dumped because: kasan: bad access detected [ 273.636584][ T8954] page_owner tracks the page as allocated [ 273.642321][ T8954] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5859, tgid 5859 (syz-executor), ts 136623507280, free_ts 136623443413 [ 273.662086][ T8954] post_alloc_hook+0x1c0/0x230 [ 273.666921][ T8954] get_page_from_freelist+0x1321/0x3890 [ 273.672512][ T8954] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 273.678449][ T8954] new_slab+0x94/0x330 [ 273.682544][ T8954] ___slab_alloc+0xd9c/0x1940 [ 273.687266][ T8954] __slab_alloc.constprop.0+0x56/0xb0 [ 273.692673][ T8954] __kvmalloc_node_noprof+0x3b1/0x620 [ 273.698087][ T8954] xt_replace_table+0x1e3/0x950 [ 273.702985][ T8954] __do_replace+0x1cf/0x9f0 [ 273.707526][ T8954] do_ip6t_set_ctl+0x806/0xa70 [ 273.712342][ T8954] nf_setsockopt+0x8d/0xf0 [ 273.716832][ T8954] ipv6_setsockopt+0x135/0x170 [ 273.721721][ T8954] tcp_setsockopt+0xa7/0x100 [ 273.726349][ T8954] do_sock_setsockopt+0x221/0x470 [ 273.731413][ T8954] __sys_setsockopt+0x120/0x1a0 [ 273.736292][ T8954] __x64_sys_setsockopt+0xbd/0x160 [ 273.741442][ T8954] page last free pid 5859 tgid 5859 stack trace: [ 273.747804][ T8954] __free_frozen_pages+0x7fe/0x1180 [ 273.753037][ T8954] kasan_populate_vmalloc+0x18c/0x1f0 [ 273.758451][ T8954] alloc_vmap_area+0x959/0x29c0 [ 273.763325][ T8954] __get_vm_area_node+0x1ca/0x330 [ 273.768376][ T8954] __vmalloc_node_range_noprof+0x271/0x14b0 [ 273.774301][ T8954] __vmalloc_node_noprof+0xad/0xf0 [ 273.779453][ T8954] xt_counters_alloc+0x4c/0x70 [ 273.784263][ T8954] __do_replace+0x97/0x9f0 [ 273.788714][ T8954] do_ip6t_set_ctl+0x806/0xa70 [ 273.793509][ T8954] nf_setsockopt+0x8d/0xf0 [ 273.797952][ T8954] ipv6_setsockopt+0x135/0x170 [ 273.802750][ T8954] tcp_setsockopt+0xa7/0x100 [ 273.807373][ T8954] do_sock_setsockopt+0x221/0x470 [ 273.812429][ T8954] __sys_setsockopt+0x120/0x1a0 [ 273.817330][ T8954] __x64_sys_setsockopt+0xbd/0x160 [ 273.822547][ T8954] do_syscall_64+0xcd/0x490 [ 273.827116][ T8954] [ 273.829465][ T8954] Memory state around the buggy address: [ 273.835117][ T8954] ffff8880254b9700: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 273.843249][ T8954] ffff8880254b9780: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 273.851342][ T8954] >ffff8880254b9800: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 273.859433][ T8954] ^ [ 273.865867][ T8954] ffff8880254b9880: 00 00 fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc [ 273.873955][ T8954] ffff8880254b9900: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 273.882038][ T8954] ================================================================== [ 273.976105][ T8954] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 273.983400][ T8954] CPU: 0 UID: 0 PID: 8954 Comm: syz.0.670 Tainted: G I 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 273.996921][ T8954] Tainted: [I]=FIRMWARE_WORKAROUND [ 274.002058][ T8954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 274.012152][ T8954] Call Trace: [ 274.015475][ T8954] [ 274.018470][ T8954] dump_stack_lvl+0x3d/0x1f0 [ 274.023131][ T8954] panic+0x71c/0x800 [ 274.027105][ T8954] ? __pfx_panic+0x10/0x10 [ 274.031590][ T8954] ? mark_held_locks+0x49/0x80 [ 274.036424][ T8954] ? preempt_schedule_thunk+0x16/0x30 [ 274.041860][ T8954] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 274.047885][ T8954] ? preempt_schedule_common+0x44/0xc0 [ 274.053406][ T8954] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 274.059450][ T8954] check_panic_on_warn+0xab/0xb0 [ 274.064458][ T8954] end_report+0x107/0x170 [ 274.068820][ T8954] kasan_report+0xee/0x110 [ 274.073275][ T8954] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 274.079323][ T8954] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 274.085208][ T8954] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 274.091493][ T8954] ? find_held_lock+0x2b/0x80 [ 274.096201][ T8954] ? __might_fault+0xe3/0x190 [ 274.100928][ T8954] ? __might_fault+0xe3/0x190 [ 274.105659][ T8954] ? __might_fault+0x13b/0x190 [ 274.110475][ T8954] ? proc_simple_write+0x117/0x1b0 [ 274.115613][ T8954] proc_simple_write+0x117/0x1b0 [ 274.120582][ T8954] ? __pfx_proc_simple_write+0x10/0x10 [ 274.126096][ T8954] proc_reg_write+0x240/0x330 [ 274.130829][ T8954] ? __pfx_proc_reg_write+0x10/0x10 [ 274.136161][ T8954] vfs_write+0x29d/0x1150 [ 274.140535][ T8954] ? __pfx___mutex_lock+0x10/0x10 [ 274.145605][ T8954] ? __pfx_vfs_write+0x10/0x10 [ 274.150415][ T8954] ? __fget_files+0x20e/0x3c0 [ 274.155136][ T8954] ksys_write+0x12a/0x250 [ 274.159514][ T8954] ? __pfx_ksys_write+0x10/0x10 [ 274.164409][ T8954] do_syscall_64+0xcd/0x490 [ 274.168956][ T8954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.174894][ T8954] RIP: 0033:0x7ff2b218e929 [ 274.179355][ T8954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.199097][ T8954] RSP: 002b:00007ff2b2f15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 274.207545][ T8954] RAX: ffffffffffffffda RBX: 00007ff2b23b5fa0 RCX: 00007ff2b218e929 [ 274.215542][ T8954] RDX: 0000000000000008 RSI: 0000200000000300 RDI: 0000000000000005 [ 274.223533][ T8954] RBP: 00007ff2b2210b39 R08: 0000000000000000 R09: 0000000000000000 [ 274.231529][ T8954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 274.239522][ T8954] R13: 0000000000000000 R14: 00007ff2b23b5fa0 R15: 00007ffdc2b2d648 [ 274.247538][ T8954] [ 274.250918][ T8954] Kernel Offset: disabled [ 274.255258][ T8954] Rebooting in 86400 seconds..