last executing test programs: 6.192844197s ago: executing program 2 (id=1172): select$auto(0x3, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mtd0\x00', 0x80000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0xfffffffffffffffc, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x801, 0x106) setsockopt$auto(r0, 0x6, 0x21, 0x0, 0x10) setsockopt$auto(r0, 0x6, 0x22, 0x0, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x7, 0x8000) socket(0x2, 0x3, 0x100) sendto$auto(0x3, 0x0, 0xfdef, 0xf950, &(0x7f0000000140), 0x1d) mremap$auto(0x49, 0x400, 0x3, 0x10000000000000, 0x1) flistxattr$auto(r0, &(0x7f0000000180)='{}\'\x00', 0x9) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) sysfs$auto(0x2, 0x6, 0x0) r1 = socket(0xa, 0x1, 0x84) getsockopt$auto(r1, 0x84, 0x14, 0x0, 0x0) madvise$auto(0x3, 0x82d, 0x17) close_range$auto(0x2, 0x8, 0x1000000) 5.805005007s ago: executing program 3 (id=1175): unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000040)='{\x00', 0xfff) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/sync_on_suspend\x00', 0x1a1942, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="12f4000047b87ca1d17bef77c41c8d2bbc418ee6f664c5c462e1fcbdd58c59aa9de14be5f46cfbeb0ff8db5fa1e9b5d8487108d4a2ee8d3099497801ff192183dd02194579cb54843d720aa85c7e2c8ad223648228de73307333cc85efd10ac99efb5d98fbf82c9cc30a657c93afc6a33bb86c996265af464df932d8365244e822b32000d843ba5c814e451f86bf21db5de16fed746952fae5cb4e2605d8acf4feb7b0cd78c1c30a8a630baf202d36edaa7330dd4d8774676ff7c40358d51a52ce808c083561a35ab5a3cb96096a25ad41e12696a88aa6e7edd00390d155587bf5ba41d409c36d", @ANYRESHEX=r3, @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r2, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/pcmC1D1p\x00', 0x20a02, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vivid.0/video4linux/video30/dev_debug\x00', 0x129102, 0x0) write$auto(r4, &(0x7f0000000000)='y\x8c', 0x2) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYRES8=r5, @ANYBLOB="140e034d8ad74f84258b1bdc2c7859fe3d6146b0ff38359e7414a0b7705728cb7031cb70bc0778910b47c61c89992ae65167e09988acd93d4b51c8c0cc07b9d2b4c9bd590963eebf14c124665dcdd2697953e4ddc9b0596d9bce8067308040d2d1d82fc392c95f4b2c04a9d193c64eef36be9eb1a043256795a53230dd664d79a733c2f6cf95ec9326f6185c5da56d6e2ff6c31f99dd4fd0743ee121e70997686bae872dd9312193fb4ffdc7599d14399d68d20fa43923fa82773a53a01ad6f455e64f4419e3d93ece1ffe5564007b129425b7c096c4af29aa21ec975df35f5d35579e9e0afb75db5b34b751b1232b0b", @ANYRES8=r5], 0x2c}, 0x1, 0x0, 0x0, 0x20008085}, 0x5e17c1cf55fb2282) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r6, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x400000ff, 0x400, 0x9}]}) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop2\x00', 0x200000, 0x0) open(0x0, 0x161342, 0x0) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) 5.549653121s ago: executing program 1 (id=1176): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/spi/drivers_autoprobe\x00', 0xca481, 0x0) write$auto(r0, &(0x7f00000000c0)='\x14\xf4\xb6\xc6\x97\xdb\x18B\f\xef\x1dQZ\xa66\xe7\x06\\\xe0)+\x86\xa7\x9bv\xe1\x18\xf5\x83\b\x11\x19\xdd\x1c', 0x8) setsockopt$auto(0x3, 0x81, 0x1, 0x0, 0x83) statmount$auto(0x0, &(0x7f0000000180)={0x80000000, 0x8, 0x1ff, 0x7c9, 0x25, 0x4909b6f3, 0x1ffde, 0x7, 0x3, 0x20000009, 0x9, 0x3, 0x4, 0x1, 0x2b4, 0x9, 0x8, 0x10003, 0x80, 0x3, 0x0, 0xa, 0x22000, 0x200, 0xffffff28, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xffff, 0x10, 0x0, 0x0, 0x10000, 0x0, 0x200000000000, 0x0, 0x7, 0x0, 0x0, 0xfffffffffffffffe]}, 0x1fe, 0x9) r1 = open(&(0x7f0000000140)='./file0\x00', 0x220c0, 0x4) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000040)=0xce) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010031bd7000fddbdf250c00000014000380100003800c007a0001000000000000001800018014000200776c616e3000000000000000979d00000000"], 0x40}}, 0x24048084) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYRES64=r2, @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) setsockopt$auto_SO_RXQ_OVFL(r4, 0x1, 0x28, 0x0, 0x7) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x1892, 0x0, 0x2, &(0x7f00000004c0)="4fb3a04acc3476318fb780bc016245ee0eb9751fd62b48ee3c25042f90e53cb9e8ac554dde8e3f22a4104e528a49a1180000a169e4d1a8ce5657b613663d63600e36a128138f6a88a7c164e4bed2bf2f763a73304218c5b4b7a74bb443fb7deaba293d9284994d32334a17f0ecfc8538c25454e2bcdcc3e3e69d", 0xb, 0xfffffffb}, 0x804}, 0x7, 0x4008) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netfilter/nfnetlink_queue\x00', 0x101000, 0x0) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x12d280, 0x0) r6 = clone$auto(0x7fff, 0x200, 0x0, 0x0, 0xf) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_GET(0x9, 0x2, r6, 0x9, 0x10001) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) socket(0xa, 0x3, 0x3a) getsockopt$auto(r5, 0x95ad, 0x3, 0x0, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x454, 0x9) syz_clone3(&(0x7f0000000300)={0x12a004080, 0x0, 0x0, 0x0, {0x3b}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x1}, 0x58) 5.430829478s ago: executing program 0 (id=1177): r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r1 = socket(0x3, 0x3, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x101081, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg0\x00', 0x40200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/037/001\x00', 0x630001, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x60800, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth0_to_team/gc_stale_time\x00', 0x4000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1021, 0x0, 0xd) close_range$auto(0x2, 0xa, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000380)={0xfffffffffffffffe, 0x10001, 0x7, @state_change={0x8000, 0xd, 0xe}}) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) sendfile$auto(r5, r4, 0x0, 0x1000202) ioctl$auto(0x3, 0x541b, 0x38) fcntl$auto_F_DUPFD_CLOEXEC(r5, 0x406, r3) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097f751b33e}, 0x80) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e883453f", @ANYRES16=0x0, @ANYBLOB="200026bd7000fedbdf251f00000075062d80cd00118023133bfb9095bb196bfc6545fc1bca5cc209df87266f25236e60bdac105038a428e2255ba4c9fbe82c111c4983c0f796c23286cacfbed49bf0dfed9d228feca9d0cecc3e4da4023383920b435ea36276ae3f1339a606da52634d85216324758370270e61bf9f7f5be77c510af60dc716115c383c7a585c7f943238f18113ed4a134b3adf80aaf246ab532ff24916a91f5a94d1653798b92bc4c46d04cbc9949c4ce29779d32ae39e1801178e1f6be6d56b332cf116532cc685bc79a7fa00341601fa8163a5c6eb35f5000000802b6df0a0d461880fa5e7f31e5214535b10e3e10c354665d757ef062d1500f6d2660edc4f0f7ceb6860847c25591e99ecba0b64e8e974b3dcea8087fe169c0393dcf40629817018d9549d52ab2d7d6874ab82278faedc7a5ec8eabb60ba0984ba9cb68189cfdaa70b7b9478b2139d04608ebbef9d588301348153796129953c55dbb8f78745ea5234554475bd641b3f8c719519c522580658dca2b7c5461f1970de722ca8c6c9272d4f2b20b727a71fba5e67f24e549ca529aff9369be42626b8d43724fb69c5779d7a9c32e309e2e6fe2a10411d73953646f955934c83393d36b99697df44a915cf947329cac7fd230de1d0a730747f22d79ce4595e307ec58c9d618db79fa3ec000efa3bf5bd9d4617c4274386bad62280aa1fe2a20a704b0471fb48b5a310f006f23479428d6f66239a3beafb43a5fcd9155a808031d48300cb5596554690668f3e011a800c00ba000900000000000000c88c6a67feb2ce25817a1cb254969c151e2b7521618b238f5ee6004bdca4899643843cd137e6707410f342509830700fd27f6dfbc79860dfafe004000d8015580a8449f24a8a1ec4125ea781f665f4554f46e0eb762c91d37fc702d931cb29ec57c9303fc868da1328db451cb0e9c0518e5dc73ed6b9acca697da1ad43d9bd91a012e9e93ab7dce6a5cf62074255808c7603e022f6931021b02f943eb029b7d348b4bda9e8ba9520698e0d5af435ff4288ebb18b869fb61df6017a1cde9a2fa389fc5f44c27cd6dc5e67a533a3c292e91ff863a33ea531ef175501e4d69b6f36c131669cab58d310ccafd07ba55ae7b19da1b07b3fd242e0045d5f6ab47f349932d91fbc95ce2a0d2e9a47b70d2fba8de1ff98d8aeb53502d837d9094b00d66c48668749f24008002c0064010101000004008e0012035680326216bf353de6024cd8507b623fef8ebb69bc1dde9229526ed6aafe86843e263e2f684e36d63c5a556b538020442f954e822fc3c0c6b3b72fbe48d9b210680608065df70927fcb4e87fc4577cc71f4209584b14bb6569fdeff8441e8221863432524c98ef40f3600f84a65f46c2cd990bb04385b3591453c63a6940095991104905292fa357b0a46391506ce3c51642164976867faa6338d0c378d00a88ab67ce4bc16c6ec1bc1e0ef5235b8762c2a768d0b6b9f130e1e87c2fac9cc05f877127b61d31caf578dd423dd587cb90825968ae8d4bcc2c039eac18b082e1ce0afa493b595b4f420bc37e52ea4aa25301dc81ce593750c555064b7e6c6705ba6300b9b93516470b3d87f4949810d5d9a783784b58cd44e84d232c1febd63312f73af3034f073a46b126422f0400d780b3c9832b9ad35f50aea9db0cc2b4073b243c2f2c1967aedeed6f1b52032f5fb0cea959f3c2d15b2545868e5555b82883e6ebfb995d0d986848d80144ef6c4be436006e97028951f0c88d16a5f4d924537ac13678b619673172f8d83d1a6671726377d537f345deb436a9613780848122b9c41ecbd05c581c61a4c0fea7faa6afe22754dd74643cc3466be65c7b2c412d3eac83781fc62ca5cb79af1be9eedc8081e30677e2e6833d3f4afc818d5d6a3a58718392ad7ddb75ee95400cece3bc3ebe242d2aa7354d8ed0839e75c2e04c97743455aab7c7e8f0a3290ad55fa249ce12ae10818dc34b2f398d4fd56d1f5f7800528a3a35ac5ad955a0d8452208ddd0178ea740b4a55c73f36304040007800800c100", @ANYRES32=0xee01, @ANYBLOB="efbe37145c7eee3ab86fd9fd2bffb7ae07251239c9c55ccf3f843356af42ec6b296595bd1a324c12b77c4546633db2d763e2c83f7e131171586eacc0bcdfbeee3983b9df903e59991a9fa6502fc5a204433ff9501e1cf5485d5405d0824d59ed71afc0608eb7e9f01d5abeac97e46d4a87d0bccd7e48f6cffc7b1e13ac395ac04697261cc0596c03e8a282cc45062e74c204d851dd6fe94937aab34f01103f43dc7fa190ed4e1931fdef3fbeb26b1aa46f7d0df6fca57d61d4f8b2e61c074d13340400088004004780000000000067003a0157970d528024196a280f0eddac3849694f7ae759f6b3e0c41092fc58bb44396856469b45b0c40812a8723ce8175ab54f80c9adc5f14a0c9672f289bfaa1fae5241e6a59b35b8e5f3f54367f4706da1f208a035ac9030907a82fbbb938907fa6b78d7140005003e0007000000930017008d9792767cb1eb649f1fa8f4fb09574889ef3fd9565eb7853d215e99f43dce328fede047c3e9e0a7b27e34ffb385bc37e80bbe4873e7e67a68c8d5b8397a1dacbe371ccf19629f0ea2ac49d90351c628e739e0cfa8ae368c4beef7a95a49a8bf226b315d15f42a125f9ce44cbaebf3995950f2f62cbd284b48db84149cd4f888cef73ba0f8451845b87a1691a6b9a70004008e00"], 0x794}}, 0x40100) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/audit\x00', 0x200, 0x0) 5.244464603s ago: executing program 1 (id=1178): r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) msync$auto(0x8, 0x4, 0x7) ioctl$auto_KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x38) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x8, 0xc0b, 0x8, 0x5, 0x4, 0xffffffffffffffff, 0xf, 0x1000, 0xb, 0x1, 0xced80000000000, 0x9, 0x6, 0x0, 0x1, 0x7fffffff]}, 0x0, 0x0) ioctl$auto_CEC_S_MODE(r3, 0x40046109, &(0x7f0000002c40)=0xd0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r5 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000080)='/dev/etherd/interfaces\x00', 0x1, 0x0) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x4, 0x0, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) writev$auto(r5, &(0x7f0000000140)={&(0x7f0000000000), 0x1}, 0x4) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="c79f25bd7000ffdbdf250700000008000300", @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0xc031}, 0x44) read$auto(r0, 0x0, 0x7) 5.005104465s ago: executing program 2 (id=1179): pidfd_open$auto(0x1, 0x0) lseek$auto(0x3, 0x7ffffffffffffffd, 0x2) mmap$auto(0x8, 0x400000400008, 0xe0, 0x14, 0x2, 0x7ffb) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xb8, 0x100000000, 0x5, 0x1b, 0x93c, 0xffdc, 0x7, 0x2000000000000006, 0x9, 0x80009, 0x5, 0x2, 0x7fab, 0xaa, 0xa, 0x922, 0x7, 0x5, 0x5, 0x3, 0x2, 0x0, 0x200, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x50b8, 0x0, 0x0, 0x8000000000000, 0x0, 0x8000000000000000, 0x0, 0x10, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x4]}, 0x4, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) pread64$auto(0xffffffffffffffff, 0x0, 0x3, 0x5) mmap$auto(0x0, 0xc, 0xdf, 0xeb1, 0xffffffffffffffff, 0x0) open(0x0, 0x60842, 0x208) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='\xf6@\xdb\x18\x0f', 0x200, &(0x7f0000000000)="2aaea12a15a8ebc702717c5d7d") mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x5, 0x1, 0x4, 0x3, 0x9) madvise$auto(0x0, 0x200007, 0x19) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) close_range$auto(0x2, 0xa, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) r1 = pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, r1, 0x0, 0x80000001, 0x4) close_range$auto(0x2, 0x8, 0x0) openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, 0x0, 0xa02, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000840)='/proc/execdomains\x00', 0x0, 0x0) 4.329558121s ago: executing program 1 (id=1180): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x50, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x200}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x2}, @HSR_A_IF1_AGE={0x8, 0x3, 0x400}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR_B={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r0, 0x80dc5521, 0xffffffffffffffff) socket(0x2, 0x3, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004c18}, 0x8894) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x6}, 0x1) r1 = openat$auto_evm_key_ops_evm_secfs(0xffffffffffffff9c, &(0x7f00000000c0), 0x40802, 0x0) write$auto(r1, 0x0, 0x881) 4.078012319s ago: executing program 3 (id=1181): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x100, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO2(r0, 0x80184132, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x101500, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/memory.kmem.tcp.limit_in_bytes\x00', 0xc2481, 0x0) sendmsg$auto_NFC_CMD_GET_SE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRESDEC], 0x3c}}, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) r3 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/pcmC1D0p\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0x20499d, 0x9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) close_range$auto(0xffffffffffffffff, r3, 0x8) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x700000000000000) open(0x0, 0x161342, 0x100) open(0x0, 0xeee00, 0x31) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000180)='/dev/cec23\x00', 0x4700, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram2\x00', 0x14f602, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x7, 0x3b, 0x4909b6fb, 0x1ffde, 0x7, 0x6, 0x3, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x5, 0x10000, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x5, 0x0, 0x0, [0x2000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000001]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="362017"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000440)="03cde6fd6944e17159274b4ba1c27fa4209206ff76147054191e5f2ab257c02ee0ef39684905ff8eedc82d0f0d588b9235099c28ac222a9ec1e923022a2bebe0826689a485616281584449fd1ca6a7f453f530a77cfee1259b239e8875d07113e8142aee8f34d49ae8b5afe9feded8541b504d8016c61748ae4d223c0cf8fd54ae8b0024d02734baf83a614a0512c5481383a87392fdaa0b1a875f76ef86f6b56282cd61acd8948f55fd19d48c93eb95d5c03053197474d2a0120f2e21", 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x810004, 0xffb, 0xa000000008011, 0x3, 0x8000) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video63\x00', 0x80800, 0x0) read$auto_v4l2_fops_v4l2_dev(r4, &(0x7f00000001c0)=""/191, 0x1f8) 3.915121621s ago: executing program 0 (id=1182): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x20800, 0x0) fcntl$auto(0x3, 0x4, 0xa553) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000040)) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) getpeername$auto(0x3, 0x0, 0x0) unshare$auto(0x40000080) r1 = open(&(0x7f0000000800)='./file0\x00', 0xa2240, 0x154) fcntl$auto(r1, 0x400, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bdi/7:11/min_ratio\x00', 0x20681, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x422a82, 0x154) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0480, 0x0) r3 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r3, 0x17, &(0x7f0000000000), 0x1) r4 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(r4, 0xae41, 0xffffffffffffffff) 3.818497191s ago: executing program 2 (id=1183): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x8c80, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2, 0x1, 0x106) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x101a01, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r4 = getsockopt$auto(r2, 0x0, 0x33, 0xfffffffffffffffe, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket$nl_generic(0x10, 0x3, 0x10) shmctl$auto_IPC_RMID(0xe, 0x0, &(0x7f00000015c0)={{0x5, 0xffffffffffffffff, 0xee01, 0xfffffffc, 0x9, 0x0, 0xf}, 0xfffffffe, 0x3, 0x9, 0x1, @raw=0x6, @raw, 0x7, 0x0, &(0x7f0000000580)="4bde", &(0x7f00000005c0)="7606d9d66e3b4e592487c99c7d6e98f4afd4e6dc8972a054237e2f723fa273691d6e2ef1f7dda2a95d7825cc3b132fb3241d694f63cdd44dbca905b3b8d7534a922dd88a91cea915ab721126c7d2fb2e545bec0445412bb27da9eab0d8144fb0ea7bdf916c652f62e9c683c2b3c8ebb492e359bfdd140ec8f0d59e9f313bb555fbe11e630fa009bc7bd4e7aaec0e62fe778c070ba7a9aee79c1b8c5652ffd019b6a17d8417da980831bcbee99369fe97e9ab7759ea329d91c1884b41879d351200ff2886e0914d6b3cf17b2555ff58f7bab2fe965e5369ad2b026fe264cc7046caf13125f584fd0d55976c8c15a51f3768b20bf91cd4cb26056bb188291f972b9dba4762ac15164f52c120068aae1f21cc276bc6d1f949cae5cfd04feaedb50d6831c0576cf5cd0826d7411922cea43262d44423498e27b87b1d99f781d7a0d62aa8f967493ec66393bbd371c774a45209aa25e24eaca7b22a4784768246f16c96e024e9ce8fbd91463e27c5ae787f8bcdb1d7fc873d3810e3625dda39152cbc8d445fb3e21cd61f6eaa790a8559f48f3ee37005f75b76a5ae82a00de44e93b6dab6e6942b16971be60bbecedfc281674edb4e1d8573cfbcb87502cb5b066be4500cc230f9b3a5a11ca38b552be9ad6d7c24cfd4df72530a96b5317997db66e672f4f033adba731a350b982a3c4b954d1532ea2cb7291c141265f323b31facc6102a391cc09b2906ce2705b5a877add499323a08c0592435613d39f8775a5442d03537c735715493fc7c5e70f67611e8a9526a9d57ab73b8e12a62c405dae19378a1fc67e82dcdca9d90d36e00f252f4e76b6b4fae0aef2830debd1f502ff11b58e380931d9c05cc3af4e302e41b3aa0407dbdad5b6ee3e11075b1666821e29dfafca2ceda29e69689092e99ee69c851daf793c281b66a93c9745e31e2d8a486bc166e01d4a1702218c0a867e0e07ce712c6bb2bd656c914c5d1bc97e32e736ce32d6cba82b5d5b8823c38b69346bafec8aacca044077c9676bb43bc91e03ea94f9a88df75e92fcfdf7d601d87fadade727a0097dd5ba20f36c162ea290d654cee92b601074f314ed0d04f878db2b696718883244f5e2dea8e1a698c53de8aadd4c1b91a9a0ec46126dc638ff8d0520ff5cfcb961b9e1e80966c5fc33d67bddcdadb77602255b8c9504db7786924124a46849a193cb454d2354e19fc8e971ef0ae2ece1764c45a41e950e548cd6f50bd42c3a9528d6767ea9b0a43cef09a29a2d101d429a2297609b9518ed3350c5445713e1feb5d02e261b32201b0708e40f2f9d35edd01471afd4e9de526a6862aad30e2f9bdad7b549a699d362aaed14c13c736af89ba94e80f53ed966a1063b9411dba2af3f7bbc5b91bdf1672cbc0024842275eaebc1b27eb40efc5c81685707c8dbfa07f3aec8fdd517f8b456b1ab0b495590f2bae7477891af58f41adab74b3273db03c74d60ceac4d39caa8ef89707a233b87cd8f4ff4a8e196f9475014b06d2a396998ded195b165755fa6a5eb6c504e50279508eb9538c2e969b0fd2b4d30ec4082f893f69cb2f44706b9816ea22747fa05bb565ba23fa3b04c1743b6bb723e9378e7189f9bb7f22495da322b120f37a8adec4e2fb6467f97a3a450282d3f53c9e2cd515e258341c1694ae16a0cde66ea608182bcc80f2869101a3c283275d65220de8f16f4bdc0cbc355598a18390b176175ab3478e8e4d9f1b46e8728d9084e30bf79e76f8840453fe8bf200b43dbf89041ddd514fc24a7805dc9311dc3fd6e9df6526aef15f9f21a8a1ba0b2d93fbc07421aa0ea79df9e76b25e702c37b5085e58177883d5ad68d7370211758e094f733f14a8f8f26fd892ff048f75fb16ed4fd83548a7505d1d60075b4ab9ba05a820b82bcbdf8d87674ddf4453d293f047de0d4f39def15ee19c0a8741ea366c4c60f7fbb8e3a9c7ecbfd1d4eac5caaf7a3efb9e250493d64c8589ffee83f78dd04d19d36ea2098e2b2412df632a6efbf10a67ce36291d0c6bdb8a103de5cae6d9cc0818ede32a5eb9480b8c060e6518188e3bc6cfe02ce0b832098c1b332562c7d87d24232589cc1548aa4a555e4463904047ec29ee398d21b90b56f8b438f65ae85356ea72f4a13d7890be03772f25cabe707ff3f0471c3fae9941c860bb09eb4ea268024fc8e45c5c82ecc683c0f8db86ef075447744d424953d72fbcaf92bd93f7a6986db2af1419dd62a6234130b88efeeb703aa6f3d7055eff3913a860f1d9018ab3fcb65cb99ed85e630385a41dabcf7119a0e7864bbe0f8a5f9d2824e2f2b544c7cb8e5a430c76b1d2846e016013be58ba5530d382859f6b4554f9062747be4b92cde63acf93e59eb05bbe20e7691bfb6910077eedd1da0e4bb368cf23861343536eec06762cc8a56d7ec20b69c2500ea590d7616562d97a3e2d566f2dd3d48778ff93ed3cdf85b0478d61b8dbaee10cbfeb27be51ef8ac56c6495fd118c8e6792605dc130c61923743807f2d91839b17c6db4b61a786a0acad1ee19965c412d47f318b03c59dac1844e470d3ab9cdb95cb00084b7a1a60d04ff9ed85a413223804d3c5e4ef6a7eaf008b4edc36d1ddf0620bdf7ef0cd8fd7de9ff49c10a5cc3f06c6f4e8434ce801cfd0106fee82b7c69c9e6a87733ba79113c3331bb5fb6606b9370860cfe1c8fb6874220734b1a3dc89d68f7218a1e8837509dbd849f285751bcc50976819a2ed1407be645ff8cf6f2f32af3aad6ef20486a615651af94d7cae6977ecccd262dd0dfa3b09d20d55d2254cddd9270a41a9fa3db1e6c51ce08e24f68c4214747b44ff8dcc09e1962098c0cd5d062b6cf74444f1b3205f5824fbec96942e274ceedefdb608707794ab480af7cc99cbae647093f1ee1bee13117a4a6cc7e0e160470093ffa0697c213010d74e3d0e235d5e5f4b9a10ee5a7ddf0eee67c15dd61fbfb6b49632f18922d5c11b9da5e074a5da09f28ff1fd626c40851fad1eb707fcadc74ad1fc9f8417a40c447889efd1d7686f0c806fc55a1503dbc22be32f4fa20710cd2251ec89a671ab7efe0c2cf50d53c3c562a0fc47af1b29b7b3c8d010efcb4bb7891463c738aa89208a0ac1ec580c34289a16dcf477a30f3a94fd49273355223ce1e7ef21120be78b27ce33ccc4785baf90496b342759d18a0bf00ea1932869f0db54b221aba786e1322eb59c0b29d19390ef4185c6504c77247956448458fc0027ff2ab11e0eb5fb6485724bc830a91489a841d1abcae237cb5e2e6656043c5cb4a88b41effd6b88c1821e0d780329d5f9f17da7c598c00915210a077f62d7366728cbdc6b49ddc06a4de0558276850014674bba709cfbc7f8b0b24206dc1d8a72bd8281fe8307616b0ec53ea7a85be62b6a616396eb243ed07b4e8c7defad537d531a6136aacedbcb775e49b0725609bba8f5ffacdf757e43e3fc9773bc544f143ed7cd259f7e359732b89da0c7a9ebac2524089478b05015724d0dd559dc05380a055fac3e3faea51c7184cfc468e670fc9deb8818c41f93879d1495c0e1d0d2987e1cd703e2a8197d09af8a169e72cbb39ea5a721c35332c997ce3ff93dd952f44f3955357f7f275e27c53689dfa2158c1a23ff9bbc1f73505144ada53ea44f927b4e267ef02e15a48639a700ff790e9a6ea7227d22621404979289bc03b6a203d214c75d598d671b4c77fec4a6c8ea878723016635745598752d4461733b0884dedf65b9a7f393917c60a777700f788eac959378ce73284cef2585a83c5a8695e78394a7c2727bdf9facebdd3b47636bad98404599359d294d7e096727ed3cad3218d56dfa12242458a1717dafe34011a1430daabf2b534f39b44b67117be74baa3bada0bd28da0444247644665c74fe651a6287016b92d56b138cdf918b375d85435c3396c22cc07cab6858854370cedf2d3801bb9670ea8df87ad5cd27872e7bd64f31424d5df3b6efdb7321d8ef2ee9c7dd6470147d70855a1a59c6c08905ad2c2ee727e3eda61d16bc0855ceeebac7a2a7f808fb1f2346196210f0dacdc1bc1a4ea95f5490c9a0a2bb5b5093a6e389986414d57d07bd5fd1d0fac4cec81438a631b76299f9c7e33d5ded75fce44a558aaa47f07252c1f7d365e3d425b803cf9b93fe008ff6465a6829af7e364b033cac1b55b1d79486e61f0fc313a2702e4819e11e0503837d7ecff48f673b548767a3b5d134f2c3d6665f7e8f0722a1c3929fc7140c2a39198de15da64d3de549af4027d1de8da42991c1142397e3af8f609bc53063cce2f11f1c86e3e84c342d5d3122d2b2daa62957f068bca79982489b05ccb63653c829882ec024c07a4dab36104e008157c0aa008b49b77859e2f58d95051d121530eef5541e824037bc27f03645f207bb6a8bbbb2d69ed928676cd79fa68aa0227928d2d02f0083bb8e6b67633c12fc911e2898e09bf834a288f61ddecee493fcdc2e82965baf9cda5ae2383742edd6d5ea4a0b90e39c92c58e60987c089b760617d8fa9fd3645ce2c026aaf118b66014938dd9e3252d6620391e17030a75e218f3e0fee4e4b68bfe29f751497f17925a9cf8aac33068cb70bf3367cc5c5cc4c78440360dd6ef9f7fb04d59261895883577293e12899901d3d2cdcc43e8e9445a6c44d57d9e4f6bfa4f5d27a0e05f6600f52f6f2884aed025f96646329f1de5d6fefecac96d18a0e8ab248ba9b08ce18aa202ddd495d19fa8c5f7e7e4b00b295b5b04cf77cfaf13ed58470fef1d0788a5ea9c028134af0e7894426a4d69dcb5337be737240b5be14af6479a0fa06221110d07214da5fd280ae90942b7947e5f5984d4177354bcd024d171bdfb433ef8106c61899def217026df080f661f69d1c47c0860c899396b808056034075119795295df15dafc43f2aa47c41f99a770bf1de3430943f75c00c04c2b77c17dff3ead652b2cedea9845412619e8200e2b18c227f3508b1a664b0ba15bd12144dce16897c149cf0aa15578380e8ec2418257f7cd19168c207d04cd70e79e8989ac1d8e15264e540b2f2db29987608bfe662e97d74ff64b8ebe924ac610afb03d30fa9ac645d4959753a41ab3ec352bebcb71aa330e33a7be30f85f174380eb68f99ce84edc6e39a6793c37cb8e3d51f80d36a9609b989641cfc42a5f1748d201cb65b5cd3d89fe1b3f56492924c66c6d7b5e93a9535e171667776b6201990b715d51f048560612acd16b3195e07c318565429ff62b6a72030582c4dd03e555926243c5038bb36667361d2ed58f5a9ca163411befc2e215d327fcd950be07d0b970929197614cb8d7318490322a18560abdbcf1958e90d7e7b83de364b99e070d7b89bd62e1018a4436cf3115392c6ad8b53e6ee841be8004d8dd57e2d7101a2852db80c55b5b6952828096bee12835e7bb2b4b9df37489bccb01bd37ae1f6205241ffe1283830cc835ca957132d6657c79a94e9e3723339f8f5eb8e0464dbe846f12e43e2436cd47cb7e152beb821f8faea05125a6a65330562e320a359c4348680c99a06323d373542f6a9eb2313ab05f2b45a279d46b7819ba0881d3cfcf3a76258eb186acbb3110e3d6d9d05ca9ce1713124d3fc30113eba6efb294d25caa0fb3fc502e4ea572ea8ec6fb81ea8310f59a024875cc79248bd57198768950ceb274118e04ad41f863d69d6d8c275fc6bf18dfe31ea68875e98e9bbc01de4c459bc4830a2f6d82eeea263e746b1b949429b34a437f6aa510fc4ed49149307d845207d44e0e1cbac40773152bf270c79ad770ced3deaf42c56342dcc"}) ioctl$auto_XFS_IOC_FREESP64(r4, 0x40305825, &(0x7f00000016c0)={0x4, 0x2, 0xfffffffffffffffb, 0x6, 0x2, 0x0}) ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000001700)={0x3ff, 0x7, 0x8, 0x80000001, 0x3, 0x0}) msgctl$auto_MSG_STAT_ANY(0x7, 0xd, &(0x7f0000001740)={{0xfffffc01, r6, 0xffffffffffffffff, 0x9, 0x8, 0x200, 0x62fa}, &(0x7f0000001640)=0xca, &(0x7f0000001680)=0xb, 0x0, 0xa, 0x3, 0x5, 0x4, 0x0, 0x8, 0x0, @inferred=r7, @inferred=r8}) r9 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001e80)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x180400, 0x0) read$auto_ftrace_subsystem_filter_fops_trace_events(r9, 0x0, 0x0) r10 = syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000100), r0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000800}, 0x4) setxattrat$auto(0xffffffffffffffff, 0x0, 0xfffffffe, 0x0, &(0x7f00000000c0)={0x6, 0x6, 0x7}, 0x5d8) r11 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/radio2\x00', 0x0, 0x0) read$auto_v4l2_fops_v4l2_dev(r11, 0x0, 0x300) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_RADIO(r5, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB="bc030400", @ANYRES16=r10, @ANYBLOB="000128bd7000fedbdf25030000000800010005000000406fed6dfe6fa342", @ANYRES32, @ANYBLOB="34005a800400218004002d800a00a7002b7d7d292600000008004000ac1414aa08001f00", @ANYRES32=r11, @ANYBLOB='\b\x00+\x00', @ANYRES32=r1, @ANYBLOB="040031005d03038041025980d4cb66e10742ee755bb34366992ba4994a7acbff7e74870f8b34024afac9494fe63f7bb9d1d05838acbb8eac7d55b38966dec7682152af9a5ae67bb05ca98a81a1898e370ffd8f442c9fd4ca86ca1a3ec21b6069ea2e14067f4647b2f9de83e7f0c5a131dfd0ac5a12eeff7769017b8840f0d6a87cf2d36ec604b76c1ec51d2155b4623174d2d73e75816336b61f70fe307e9458fc429dce56a94686c8cbf616b58341cd668f065cd03d15dcf24c5dcad14d043d38fef288f23eabe491c70cab4efecd3c492f03a2e22cfb8a6afa35892c60f6d0ef25c38f6d5bf385dd3503910c19a7608f9c3ea51a2118f0f34bc63a443d8173af9cbc5ec75a50bc699874db5f777288110eb47984f584f8f5a95797207eb9867765a3a73cd25826f9860ff5fce532560ae1eac64cb36a08b57464622e5a004c0579d673f2383e11b33e200136e8f2e53b141ddbaaa154973a4f0e2b4013190765522c7974b466cb747622a5b20cf16630f0ce6c4b6d9437a740a65325aee5ea0e27b67a0fde7c0e119b1413c139645677f01a3638ae249f7ee4745a6bc34c0c8ba333655cd138acda43aeb4721a893cc44e4e824a1885b54743e3f5195ff782a4cf3cb50be556213eb4eb2775b7f090af128f7132d6bf010983ec8645724dd08ca758ce42f5b536bce0c768ca3f7949c6d5693d0604c0aa071bbd7531893e4c7eb4006b093c7690637e51c076d60aa7179bb0c1c675cab232112a9bc0acd88a97a553a4bcb851c04c909ee773b10ffb985efa146c6e22da52efa202e714c9d5d71f1ffcabc1cccf0600000008005000ffffffff04002100a09cc65c6eff7dd113be2e32caf3eba9b43e40f4b12bb917bc31ac0ff07810fe8cd26974968b7c6a0376bc447632eec3ae1c1fe006d499a5b8d938b2d78de2049e976320d6116d4ea31eed9915c472c3baf260d0efbe2dd2693ade26e727148f4f2c4ef7fa0dd0b73d4bd52dc9baa6bf953bbca8fcced7ad93888b22337e55c3c4baf3b10642c6c8cc7373498eb922653721e9c0cf8fa15f53bb886240b94fb064ecfb8b0e7c8baa49854e7047747482ec708f6b5b67d1b4c3eaaf8f02bff9b6d5f457974a16d2bf20d2b49b8ca77683dcfdf9dbf88f45fe296b13bcccfebe18f809c41ad808159b11645c7e1e70688bc9fcc94a7c6693c17ddbfd9f6a0c000e000100"/868], 0x3bc}, 0x1, 0x0, 0x0, 0x40000}, 0x84) r12 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder0\x00', 0x0, 0x0) ioctl$auto(r12, 0x600003, r12) ioctl$auto_BINDER_WRITE_READ(r12, 0xc0306201, &(0x7f00000000c0)="5d3d4b8c60c2f201bbdecdf45a36e14cf63e57caea0fdf108d") 3.571843784s ago: executing program 0 (id=1184): r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r1 = socket(0x3, 0x3, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x101081, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg0\x00', 0x40200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/037/001\x00', 0x630001, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x60800, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth0_to_team/gc_stale_time\x00', 0x4000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1021, 0x0, 0xd) close_range$auto(0x2, 0xa, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000380)={0xfffffffffffffffe, 0x10001, 0x7, @state_change={0x8000, 0xd, 0xe}}) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) sendfile$auto(r6, r5, 0x0, 0x1000202) ioctl$auto(0x3, 0x541b, 0x38) fcntl$auto_F_DUPFD_CLOEXEC(r6, 0x406, r4) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[@ANYRES8=r3, @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097f751b33e}, 0x80) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e883453f", @ANYRES16=0x0, @ANYBLOB="200026bd7000fedbdf251f00000075062d80cd00118023133bfb9095bb196bfc6545fc1bca5cc209df87266f25236e60bdac105038a428e2255ba4c9fbe82c111c4983c0f796c23286cacfbed49bf0dfed9d228feca9d0cecc3e4da4023383920b435ea36276ae3f1339a606da52634d85216324758370270e61bf9f7f5be77c510af60dc716115c383c7a585c7f943238f18113ed4a134b3adf80aaf246ab532ff24916a91f5a94d1653798b92bc4c46d04cbc9949c4ce29779d32ae39e1801178e1f6be6d56b332cf116532cc685bc79a7fa00341601fa8163a5c6eb35f5000000802b6df0a0d461880fa5e7f31e5214535b10e3e10c354665d757ef062d1500f6d2660edc4f0f7ceb6860847c25591e99ecba0b64e8e974b3dcea8087fe169c0393dcf40629817018d9549d52ab2d7d6874ab82278faedc7a5ec8eabb60ba0984ba9cb68189cfdaa70b7b9478b2139d04608ebbef9d588301348153796129953c55dbb8f78745ea5234554475bd641b3f8c719519c522580658dca2b7c5461f1970de722ca8c6c9272d4f2b20b727a71fba5e67f24e549ca529aff9369be42626b8d43724fb69c5779d7a9c32e309e2e6fe2a10411d73953646f955934c83393d36b99697df44a915cf947329cac7fd230de1d0a730747f22d79ce4595e307ec58c9d618db79fa3ec000efa3bf5bd9d4617c4274386bad62280aa1fe2a20a704b0471fb48b5a310f006f23479428d6f66239a3beafb43a5fcd9155a808031d48300cb5596554690668f3e011a800c00ba000900000000000000c88c6a67feb2ce25817a1cb254969c151e2b7521618b238f5ee6004bdca4899643843cd137e6707410f342509830700fd27f6dfbc79860dfafe004000d8015580a8449f24a8a1ec4125ea781f665f4554f46e0eb762c91d37fc702d931cb29ec57c9303fc868da1328db451cb0e9c0518e5dc73ed6b9acca697da1ad43d9bd91a012e9e93ab7dce6a5cf62074255808c7603e022f6931021b02f943eb029b7d348b4bda9e8ba9520698e0d5af435ff4288ebb18b869fb61df6017a1cde9a2fa389fc5f44c27cd6dc5e67a533a3c292e91ff863a33ea531ef175501e4d69b6f36c131669cab58d310ccafd07ba55ae7b19da1b07b3fd242e0045d5f6ab47f349932d91fbc95ce2a0d2e9a47b70d2fba8de1ff98d8aeb53502d837d9094b00d66c48668749f24008002c0064010101000004008e0012035680326216bf353de6024cd8507b623fef8ebb69bc1dde9229526ed6aafe86843e263e2f684e36d63c5a556b538020442f954e822fc3c0c6b3b72fbe48d9b210680608065df70927fcb4e87fc4577cc71f4209584b14bb6569fdeff8441e8221863432524c98ef40f3600f84a65f46c2cd990bb04385b3591453c63a6940095991104905292fa357b0a46391506ce3c51642164976867faa6338d0c378d00a88ab67ce4bc16c6ec1bc1e0ef5235b8762c2a768d0b6b9f130e1e87c2fac9cc05f877127b61d31caf578dd423dd587cb90825968ae8d4bcc2c039eac18b082e1ce0afa493b595b4f420bc37e52ea4aa25301dc81ce593750c555064b7e6c6705ba6300b9b93516470b3d87f4949810d5d9a783784b58cd44e84d232c1febd63312f73af3034f073a46b126422f0400d780b3c9832b9ad35f50aea9db0cc2b4073b243c2f2c1967aedeed6f1b52032f5fb0cea959f3c2d15b2545868e5555b82883e6ebfb995d0d986848d80144ef6c4be436006e97028951f0c88d16a5f4d924537ac13678b619673172f8d83d1a6671726377d537f345deb436a9613780848122b9c41ecbd05c581c61a4c0fea7faa6afe22754dd74643cc3466be65c7b2c412d3eac83781fc62ca5cb79af1be9eedc8081e30677e2e6833d3f4afc818d5d6a3a58718392ad7ddb75ee95400cece3bc3ebe242d2aa7354d8ed0839e75c2e04c97743455aab7c7e8f0a3290ad55fa249ce12ae10818dc34b2f398d4fd56d1f5f7800528a3a35ac5ad955a0d8452208ddd0178ea740b4a55c73f36304040007800800c100", @ANYRES32=0xee01, @ANYBLOB="efbe37145c7eee3ab86fd9fd2bffb7ae07251239c9c55ccf3f843356af42ec6b296595bd1a324c12b77c4546633db2d763e2c83f7e131171586eacc0bcdfbeee3983b9df903e59991a9fa6502fc5a204433ff9501e1cf5485d5405d0824d59ed71afc0608eb7e9f01d5abeac97e46d4a87d0bccd7e48f6cffc7b1e13ac395ac04697261cc0596c03e8a282cc45062e74c204d851dd6fe94937aab34f01103f43dc7fa190ed4e1931fdef3fbeb26b1aa46f7d0df6fca57d61d4f8b2e61c074d13340400088004004780000000000067003a0157970d528024196a280f0eddac3849694f7ae759f6b3e0c41092fc58bb44396856469b45b0c40812a8723ce8175ab54f80c9adc5f14a0c9672f289bfaa1fae5241e6a59b35b8e5f3f54367f4706da1f208a035ac9030907a82fbbb938907fa6b78d7140005003e0007000000930017008d9792767cb1eb649f1fa8f4fb09574889ef3fd9565eb7853d215e99f43dce328fede047c3e9e0a7b27e34ffb385bc37e80bbe4873e7e67a68c8d5b8397a1dacbe371ccf19629f0ea2ac49d90351c628e739e0cfa8ae368c4beef7a95a49a8bf226b315d15f42a125f9ce44cbaebf3995950f2f62cbd284b48db84149cd4f888cef73ba0f8451845b87a1691a6b9a70004008e00"], 0x794}}, 0x40100) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/audit\x00', 0x200, 0x0) 3.267627753s ago: executing program 1 (id=1185): unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000040)='{\x00', 0xfff) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/sync_on_suspend\x00', 0x1a1942, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="12f4000047b87ca1d17bef77c41c8d2bbc418ee6f664c5c462e1fcbdd58c59aa9de14be5f46cfbeb0ff8db5fa1e9b5d8487108d4a2ee8d3099497801ff192183dd02194579cb54843d720aa85c7e2c8ad223648228de73307333cc85efd10ac99efb5d98fbf82c9cc30a657c93afc6a33bb86c996265af464df932d8365244e822b32000d843ba5c814e451f86bf21db5de16fed746952fae5cb4e2605d8acf4feb7b0cd78c1c30a8a630baf202d36edaa7330dd4d8774676ff7c40358d51a52ce808c083561a35ab5a3cb96096a25ad41e12696a88aa6e7edd00390d155587bf5ba41d409c36d", @ANYRESHEX=r3, @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r2, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/pcmC1D1p\x00', 0x20a02, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vivid.0/video4linux/video30/dev_debug\x00', 0x129102, 0x0) write$auto(r4, &(0x7f0000000000)='y\x8c', 0x2) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYRES8=r5, @ANYBLOB="140e034d8ad74f84258b1bdc2c7859fe3d6146b0ff38359e7414a0b7705728cb7031cb70bc0778910b47c61c89992ae65167e09988acd93d4b51c8c0cc07b9d2b4c9bd590963eebf14c124665dcdd2697953e4ddc9b0596d9bce8067308040d2d1d82fc392c95f4b2c04a9d193c64eef36be9eb1a043256795a53230dd664d79a733c2f6cf95ec9326f6185c5da56d6e2ff6c31f99dd4fd0743ee121e70997686bae872dd9312193fb4ffdc7599d14399d68d20fa43923fa82773a53a01ad6f455e64f4419e3d93ece1ffe5564007b129425b7c096c4af29aa21ec975df35f5d35579e9e0afb75db5b34b751b1232b0b", @ANYRES8=r5], 0x2c}, 0x1, 0x0, 0x0, 0x20008085}, 0x5e17c1cf55fb2282) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r7) ioctl$auto_KVM_GET_MSRS(r6, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x400000ff, 0x400, 0x9}]}) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop2\x00', 0x200000, 0x0) open(0x0, 0x161342, 0x0) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) 3.014863102s ago: executing program 3 (id=1186): select$auto(0x3, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mtd0\x00', 0x80000, 0x0) mmap$auto(0x4, 0x400408, 0xe3, 0x9b72, 0x2, 0x7ffd) mmap$auto(0xfffffffffffffffc, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x801, 0x106) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/zram-control/hot_remove\x00', 0x8001, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/conf/tunl0/disable_policy\x00', 0x40c00, 0x0) sendfile$auto(r1, r2, 0x0, 0x800048) setsockopt$auto(r0, 0x6, 0x21, 0x0, 0x10) setsockopt$auto(r0, 0x9, 0x20, 0x0, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x7, 0x8000) r3 = socket(0x2, 0x3, 0x100) sendto$auto(0x3, 0x0, 0xfdef, 0xf950, &(0x7f0000000140), 0x1d) mremap$auto(0xffffffffffffffff, 0x8, 0x20000000004, 0xb, 0x2080000000389d) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r3) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_CARD_INFO(r5, 0x81785501, &(0x7f0000000500)={0x4, 0x0, "9df2dd4ade94b5764c82865042a0d2e3", "a300", "25222c3aac25ccff5de7b81eefde747e7774da7f6154e6bcf81ec7dadaa39485", "12f259f2492bb43c598ef0237d522cb86954c0763131c2f67eaa6356799448a9576c948fc3fb995daec2f1fc9170a70b4b71b44f04809f3ca99cb9b4fe57d0289938f4ce01d60bfd00", "e9e7f824968ee78f73dc2749d12c7e05", "402beaf8a0dfaba5303a6efa74256963183267b80c0b5a1f17a2c919b42b4a6bc37ea4719a3e48cdbed8e3159a0fada415979b05547405d7e633a060cdb0fcaaf93331947ed257fd00", "5c84948d2c357792b0c4be9a3815ecfee836d93ae475d2bc8193e8ac53c0494bf16e9a6d85fa65416177e39fac9de9d4869f6e9602c6f01a500bf0ba3d5fef158c908f502afdfe316cf3ac63f1f4842ec3c180d103084776592ff9e4a66125f8f285cabc67891f381c9bcc345f41ee4f2d7f4bffb05d58b0377a76a50de67bb8"}) r6 = getpgid(0xffffffffffffffff) r7 = pidfd_open$auto(r6, 0xfffffffc) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f00000001c0)={{@inferred, 0x1, 0x6, 0x80000003, "a2b8e85fc56865ba529faa0000000000000000000000692a240000008000", @inferred=r6}, 0x6, 0x5, 0x7, @inferred=r6, @reserved="fb9cd3203e0de941ac3f58d7aae0c84cbe332d618e0442771e3ac6e9a9df07cf9b1c017c611ac455c01804d0d4c89bee7005c5affd5ab891b44e48364e8de3f344584996c31f9ae16c6c4f062d38f590125ed264000000000000000000000000000000000000000600", "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f4ab606c276852295e00af49090000008034"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r5, 0xc0405519, &(0x7f00000000c0)={@inferred=r6, 0x8, 0xd, 0xa4, "e3eabf11dce36a2eac9cb4682c339b3ce615a9b97386d4462bc6553245da56e4978f37368e849db4a6e0aa4e", @inferred=r8}) sendmsg$auto_NL802154_CMD_NEW_SEC_DEV(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYRESHEX, @ANYRES16=r4, @ANYRES32, @ANYRES32=r6], 0x24}, 0x1, 0x0, 0x0, 0x20000004}, 0x40105) flistxattr$auto(r0, &(0x7f0000000680)='\x00\x00\x06\x00\x00\x00\x00\x00\x12\xafq}\x1f\xb5\xf2\x04\xba\x04~\xa2\xe23\x98\x10\xd9\x17\xa6\xd5\xd4_/\xe8u<\xdc6^7\x1au\xfe\f-\xcd\xefd\xfbM\xd9/\r\x01\xcf\x8d\xe9\x9a~K\xc7PX\xb7\x1a\xc6\x91\xbc\xa1N\xba\x97\xaf\x8c\x13\xd6G\'\xe3\xffU\xc6\t\x12\xb4\b\x9c\x03\xc4\'\xa7B\xd1\xc5\x06CT\a\xbf\x885\x87\'Y{\v-\xa4\xbb\v\xcc\v\xcbT\xa3#\x01\xd7\x94\x1ah\xa5\x04\xba\fK\x99O\x97g', 0x9) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r9 = socket(0xa, 0x1, 0xa4) getsockopt$auto(r9, 0x84, 0x14, 0x0, 0x0) madvise$auto(0x3, 0x82d, 0x17) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xfffffffa) getsockopt$auto_SO_COOKIE(r7, 0x7, 0x39, &(0x7f0000000400)='/dev/mtd0\x00', &(0x7f0000000440)=0x2) 2.91565293s ago: executing program 2 (id=1187): syz_clone3(&(0x7f0000000100)={0x2100000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) fcntl$auto_F_GETFD(r0, 0x1, 0x2) ioctl$auto_VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000) read$auto(r0, 0x0, 0x3ff) mmap$auto(0x0, 0x8, 0xdd, 0x9b72, 0x2, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/58, 0x3a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) close_range$auto(0x0, 0x5, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x48041, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000400)='\x04>\x00\x19\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p\x0flzM\xa6\xab\xde!T\x9bG\x19\x9680\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R\x00\x00\x00', 0x100) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x42000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc4c85512, &(0x7f0000000300)={{@raw=0x6, 0x8, 0x8001, 0x2, "da14cf93e7670976d4df4660872c34e34ab92824711bacf3578dcec408cf5180d03a4d126edb3169db6d48ac"}, 0x1, @enumerated=@item=[0x7, 0x2, 0xfffffffc, 0xfffffc08, 0x0, 0xd, 0x80000001, 0x4, 0xe, 0xffffffff, 0x80000000, 0x7fff, 0x6, 0x1, 0x4, 0x800001, 0x87, 0x2, 0x962, 0x7, 0x2, 0xfffffff7, 0x9, 0x7, 0xfffffffb, 0x8, 0x1, 0xfff, 0x3e, 0xffffffff, 0x8, 0x4, 0x0, 0x7c2, 0x8000, 0x7, 0x4acc, 0x3ff, 0x3, 0x3, 0x1000, 0x10, 0xffffff01, 0x8, 0x5, 0x0, 0x1, 0x2, 0xd8b, 0x5b07, 0x8, 0xf, 0x9, 0x71b8, 0x0, 0xffffffff, 0x40000003, 0xfffffff8, 0x9, 0x5, 0x1, 0x20008600, 0x9, 0xfff, 0x2, 0x7f, 0x0, 0x101, 0x4, 0x8, 0xfffffff8, 0x101, 0xfffffff3, 0x6, 0x0, 0x200, 0x6, 0x5, 0x3, 0x1, 0x2, 0x4, 0x10000, 0x2, 0xffffffc5, 0xfffff801, 0x9, 0x10001, 0xa7e, 0x8, 0x2, 0x32c9, 0x3, 0x80000000, 0xe5, 0x9, 0x9, 0x0, 0x8000001, 0x6, 0xe1, 0x7, 0x7, 0x5, 0xffffff12, 0x5, 0x8, 0x6, 0x1, 0x5, 0x2, 0x7, 0x5, 0x400003, 0x6da, 0x6, 0x7, 0x7, 0xf, 0x10000, 0x9, 0x5, 0xffffff80, 0x0, 0x3, 0x0, 0x8, 0x2], "a8949c7d9c57acd66da4c5f111166031ad771c47ebfed172b36a28d7b0204e3a90e9a6e41064df452309212d9c4e61a28b8146bd0c0284d89751eb5c58cb32c2abf739599063c9a0820f08f10a6e3e64b2536dcd033a71f4ed5acc81e85a77ce2822785eeb6a2c41b6d7c00f5e965c1d00"}) ioctl$auto(r2, 0x541c, r3) 2.354607504s ago: executing program 0 (id=1188): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), r0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) pipe$auto(&(0x7f0000000080)=r0) unshare$auto(0x40000080) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r1, 0x400, 0x1) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) socket(0xa, 0x2, 0x0) unshare$auto(0x40000080) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f00000000c0)=""/4087, 0xff7) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000140)=""/12, 0xc) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0) r5 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r6 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/buffer_percent\x00', 0x1, 0x0) writev$auto(r6, 0x0, 0x9) fcntl$auto(r5, 0xfffffffd, 0x0) r7 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x101a02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f00000001c0)={{@raw=0xfff, 0x100110d, 0xfffd, 0x6, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa0000000000040000660e0701000000000000008000"}, 0x6, 0x0, 0x4, @raw=0x404, @enumerated={0x55d3, 0x7, "bf154d70dcfcea02faacb07c4222db1f207fdb681dc9b0bf2c6c9ce16d51ebc73df6a7aa16659cd5e4dc8374caf945548e604179f1f87c3bd8701d3d5c3d998c", 0xffffffffffffffff, 0x91e0}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) execve$auto(0x0, 0x0, 0x0) execve$auto(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)='-7', 0x2) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/blank\x00', 0xa001, 0x0) 2.16686801s ago: executing program 2 (id=1189): r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a40)={0x20, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_CABLE_TEST_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}}, 0x40000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'macvtap0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth1_vlan\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x88, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_RSS_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}]}, @ETHTOOL_A_RSS_CONTEXT={0x8, 0x2, 0x1}, @ETHTOOL_A_RSS_START_CONTEXT={0x8, 0x7, 0x100}, @ETHTOOL_A_RSS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x800}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xffff4463}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x20000000}, 0x40014) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r5 = socket(0x1e, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa) mlockall$auto(0x5) mmap$auto(0x2, 0x40000a, 0x2bb, 0x14, 0x2, 0x1) r6 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/status\x00', 0x40000, 0x0) read$auto_proc_single_file_operations_base(r6, &(0x7f0000000040)=""/58, 0x3a) syz_genetlink_get_family_id$auto_nlbl_mgmt(0x0, r5) sendmsg$auto_NLBL_MGMT_C_REMOVE(r1, 0x0, 0x4000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0x2, 0x7) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd8/queue/iosched/async_depth\x00', 0x40800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r7, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x9, 0x4, 0x2, 0xfffffffffffffffe) ioctl$auto(0xffffffffffffffff, 0x400454c9, r0) 1.397180441s ago: executing program 0 (id=1190): unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000040)='{\x00', 0xfff) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/sync_on_suspend\x00', 0x1a1942, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="12f4000047b87ca1d17bef77c41c8d2bbc418ee6f664c5c462e1fcbdd58c59aa9de14be5f46cfbeb0ff8db5fa1e9b5d8487108d4a2ee8d3099497801ff192183dd02194579cb54843d720aa85c7e2c8ad223648228de73307333cc85efd10ac99efb5d98fbf82c9cc30a657c93afc6a33bb86c996265af464df932d8365244e822b32000d843ba5c814e451f86bf21db5de16fed746952fae5cb4e2605d8acf4feb7b0cd78c1c30a8a630baf202d36edaa7330dd4d8774676ff7c40358d51a52ce808c083561a35ab5a3cb96096a25ad41e12696a88aa6e7edd00390d155587bf5ba41d409c36d", @ANYRESHEX=r3, @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r2, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/pcmC1D1p\x00', 0x20a02, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vivid.0/video4linux/video30/dev_debug\x00', 0x129102, 0x0) write$auto(r4, &(0x7f0000000000)='y\x8c', 0x2) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYRES8=r5, @ANYBLOB="140e034d8ad74f84258b1bdc2c7859fe3d6146b0ff38359e7414a0b7705728cb7031cb70bc0778910b47c61c89992ae65167e09988acd93d4b51c8c0cc07b9d2b4c9bd590963eebf14c124665dcdd2697953e4ddc9b0596d9bce8067308040d2d1d82fc392c95f4b2c04a9d193c64eef36be9eb1a043256795a53230dd664d79a733c2f6cf95ec9326f6185c5da56d6e2ff6c31f99dd4fd0743ee121e70997686bae872dd9312193fb4ffdc7599d14399d68d20fa43923fa82773a53a01ad6f455e64f4419e3d93ece1ffe5564007b129425b7c096c4af29aa21ec975df35f5d35579e9e0afb75db5b34b751b1232b0b", @ANYRES8=r5], 0x2c}, 0x1, 0x0, 0x0, 0x20008085}, 0x5e17c1cf55fb2282) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r6, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x400000ff, 0x400, 0x9}]}) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop2\x00', 0x200000, 0x0) open(0x0, 0x161342, 0x0) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) 1.396962838s ago: executing program 1 (id=1191): r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r1 = socket(0x3, 0x3, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x101081, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg0\x00', 0x40200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/037/001\x00', 0x630001, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x60800, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth0_to_team/gc_stale_time\x00', 0x4000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1021, 0x0, 0xd) close_range$auto(0x2, 0xa, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000380)={0xfffffffffffffffe, 0x10001, 0x7, @state_change={0x8000, 0xd, 0xe}}) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) sendfile$auto(r5, r4, 0x0, 0x1000202) ioctl$auto(0x3, 0x541b, 0x38) fcntl$auto_F_DUPFD_CLOEXEC(r5, 0x406, r3) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097f751b33e}, 0x80) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e883453f", @ANYRES16=0x0, @ANYBLOB="200026bd7000fedbdf251f00000075062d80cd00118023133bfb9095bb196bfc6545fc1bca5cc209df87266f25236e60bdac105038a428e2255ba4c9fbe82c111c4983c0f796c23286cacfbed49bf0dfed9d228feca9d0cecc3e4da4023383920b435ea36276ae3f1339a606da52634d85216324758370270e61bf9f7f5be77c510af60dc716115c383c7a585c7f943238f18113ed4a134b3adf80aaf246ab532ff24916a91f5a94d1653798b92bc4c46d04cbc9949c4ce29779d32ae39e1801178e1f6be6d56b332cf116532cc685bc79a7fa00341601fa8163a5c6eb35f5000000802b6df0a0d461880fa5e7f31e5214535b10e3e10c354665d757ef062d1500f6d2660edc4f0f7ceb6860847c25591e99ecba0b64e8e974b3dcea8087fe169c0393dcf40629817018d9549d52ab2d7d6874ab82278faedc7a5ec8eabb60ba0984ba9cb68189cfdaa70b7b9478b2139d04608ebbef9d588301348153796129953c55dbb8f78745ea5234554475bd641b3f8c719519c522580658dca2b7c5461f1970de722ca8c6c9272d4f2b20b727a71fba5e67f24e549ca529aff9369be42626b8d43724fb69c5779d7a9c32e309e2e6fe2a10411d73953646f955934c83393d36b99697df44a915cf947329cac7fd230de1d0a730747f22d79ce4595e307ec58c9d618db79fa3ec000efa3bf5bd9d4617c4274386bad62280aa1fe2a20a704b0471fb48b5a310f006f23479428d6f66239a3beafb43a5fcd9155a808031d48300cb5596554690668f3e011a800c00ba000900000000000000c88c6a67feb2ce25817a1cb254969c151e2b7521618b238f5ee6004bdca4899643843cd137e6707410f342509830700fd27f6dfbc79860dfafe004000d8015580a8449f24a8a1ec4125ea781f665f4554f46e0eb762c91d37fc702d931cb29ec57c9303fc868da1328db451cb0e9c0518e5dc73ed6b9acca697da1ad43d9bd91a012e9e93ab7dce6a5cf62074255808c7603e022f6931021b02f943eb029b7d348b4bda9e8ba9520698e0d5af435ff4288ebb18b869fb61df6017a1cde9a2fa389fc5f44c27cd6dc5e67a533a3c292e91ff863a33ea531ef175501e4d69b6f36c131669cab58d310ccafd07ba55ae7b19da1b07b3fd242e0045d5f6ab47f349932d91fbc95ce2a0d2e9a47b70d2fba8de1ff98d8aeb53502d837d9094b00d66c48668749f24008002c0064010101000004008e0012035680326216bf353de6024cd8507b623fef8ebb69bc1dde9229526ed6aafe86843e263e2f684e36d63c5a556b538020442f954e822fc3c0c6b3b72fbe48d9b210680608065df70927fcb4e87fc4577cc71f4209584b14bb6569fdeff8441e8221863432524c98ef40f3600f84a65f46c2cd990bb04385b3591453c63a6940095991104905292fa357b0a46391506ce3c51642164976867faa6338d0c378d00a88ab67ce4bc16c6ec1bc1e0ef5235b8762c2a768d0b6b9f130e1e87c2fac9cc05f877127b61d31caf578dd423dd587cb90825968ae8d4bcc2c039eac18b082e1ce0afa493b595b4f420bc37e52ea4aa25301dc81ce593750c555064b7e6c6705ba6300b9b93516470b3d87f4949810d5d9a783784b58cd44e84d232c1febd63312f73af3034f073a46b126422f0400d780b3c9832b9ad35f50aea9db0cc2b4073b243c2f2c1967aedeed6f1b52032f5fb0cea959f3c2d15b2545868e5555b82883e6ebfb995d0d986848d80144ef6c4be436006e97028951f0c88d16a5f4d924537ac13678b619673172f8d83d1a6671726377d537f345deb436a9613780848122b9c41ecbd05c581c61a4c0fea7faa6afe22754dd74643cc3466be65c7b2c412d3eac83781fc62ca5cb79af1be9eedc8081e30677e2e6833d3f4afc818d5d6a3a58718392ad7ddb75ee95400cece3bc3ebe242d2aa7354d8ed0839e75c2e04c97743455aab7c7e8f0a3290ad55fa249ce12ae10818dc34b2f398d4fd56d1f5f7800528a3a35ac5ad955a0d8452208ddd0178ea740b4a55c73f36304040007800800c100", @ANYRES32=0xee01, @ANYBLOB="efbe37145c7eee3ab86fd9fd2bffb7ae07251239c9c55ccf3f843356af42ec6b296595bd1a324c12b77c4546633db2d763e2c83f7e131171586eacc0bcdfbeee3983b9df903e59991a9fa6502fc5a204433ff9501e1cf5485d5405d0824d59ed71afc0608eb7e9f01d5abeac97e46d4a87d0bccd7e48f6cffc7b1e13ac395ac04697261cc0596c03e8a282cc45062e74c204d851dd6fe94937aab34f01103f43dc7fa190ed4e1931fdef3fbeb26b1aa46f7d0df6fca57d61d4f8b2e61c074d13340400088004004780000000000067003a0157970d528024196a280f0eddac3849694f7ae759f6b3e0c41092fc58bb44396856469b45b0c40812a8723ce8175ab54f80c9adc5f14a0c9672f289bfaa1fae5241e6a59b35b8e5f3f54367f4706da1f208a035ac9030907a82fbbb938907fa6b78d7140005003e0007000000930017008d9792767cb1eb649f1fa8f4fb09574889ef3fd9565eb7853d215e99f43dce328fede047c3e9e0a7b27e34ffb385bc37e80bbe4873e7e67a68c8d5b8397a1dacbe371ccf19629f0ea2ac49d90351c628e739e0cfa8ae368c4beef7a95a49a8bf226b315d15f42a125f9ce44cbaebf3995950f2f62cbd284b48db84149cd4f888cef73ba0f8451845b87a1691a6b9a70004008e00"], 0x794}}, 0x40100) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/audit\x00', 0x200, 0x0) 1.39681034s ago: executing program 3 (id=1192): pidfd_open$auto(0x1, 0x0) lseek$auto(0x3, 0x7ffffffffffffffd, 0x2) mmap$auto(0x8, 0x400000400008, 0xe0, 0x14, 0x2, 0x7ffb) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xb8, 0x100000000, 0x5, 0x1b, 0x93c, 0xffdc, 0x7, 0x2000000000000006, 0x9, 0x80009, 0x5, 0x2, 0x7fab, 0xaa, 0xa, 0x922, 0x7, 0x5, 0x5, 0x3, 0x2, 0x0, 0x200, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x50b8, 0x0, 0x0, 0x8000000000000, 0x0, 0x8000000000000000, 0x0, 0x10, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x4]}, 0x4, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) pread64$auto(0xffffffffffffffff, 0x0, 0x3, 0x5) mmap$auto(0x0, 0xc, 0xdf, 0xeb1, 0xffffffffffffffff, 0x0) open(0x0, 0x60842, 0x208) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='\xf6@\xdb\x18\x0f', 0x200, &(0x7f0000000000)="2aaea12a15a8ebc702717c5d7d") mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x5, 0x1, 0x4, 0x3, 0x9) madvise$auto(0x0, 0x200007, 0x19) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) close_range$auto(0x2, 0xa, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) r1 = pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, r1, 0x0, 0x80000001, 0x4) close_range$auto(0x2, 0x8, 0x0) 560.828706ms ago: executing program 2 (id=1193): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) openat$auto_check_wx_fops_(0xffffffffffffff9c, 0x0, 0x400, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8f3b7a51b8360c21, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x2, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) io_uring_setup$auto(0x1, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x80, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NL80211_CMD_DISASSOCIATE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x54}, 0x1) read$auto(0x3, 0x0, 0xfdef) sendmsg$auto_NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x878}, 0x1, 0x0, 0x0, 0x20000010}, 0x4001) 512.121967ms ago: executing program 3 (id=1194): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2b7600, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x10, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x7ffffffd, 0x0, 0x100, 0xee01, 0x0, 0x0, 0x4346, 0xfd3, 0x2, 0xffffffffffff3307, 0x4, 0x80000000081, 0x8, 0x2}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 424.921165ms ago: executing program 3 (id=1195): r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a40)={0x20, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_CABLE_TEST_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}}, 0x40000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'macvtap0\x00'}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth1_vlan\x00'}) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x14, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x40014) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket(0x1e, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa) mlockall$auto(0x5) mmap$auto(0x2, 0x40000a, 0x2bb, 0x14, 0x2, 0x1) r4 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/status\x00', 0x40000, 0x0) read$auto_proc_single_file_operations_base(r4, &(0x7f0000000040)=""/58, 0x3a) syz_genetlink_get_family_id$auto_nlbl_mgmt(0x0, r3) sendmsg$auto_NLBL_MGMT_C_REMOVE(r1, 0x0, 0x4000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0x2, 0x7) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd8/queue/iosched/async_depth\x00', 0x40800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x9, 0x4, 0x2, 0xfffffffffffffffe) ioctl$auto(0xffffffffffffffff, 0x400454c9, r0) 22.770435ms ago: executing program 0 (id=1196): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), r0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) pipe$auto(&(0x7f0000000080)=r0) unshare$auto(0x40000080) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r1, 0x400, 0x1) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) socket(0xa, 0x2, 0x0) unshare$auto(0x40000080) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f00000000c0)=""/4087, 0xff7) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000140)=""/12, 0xc) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0) r5 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r6 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/buffer_percent\x00', 0x1, 0x0) writev$auto(r6, 0x0, 0x9) fcntl$auto(r5, 0xfffffffd, 0x0) r7 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x101a02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f00000001c0)={{@raw=0xfff, 0x100110d, 0xfffd, 0x6, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa0000000000040000660e0701000000000000008000"}, 0x6, 0x0, 0x4, @raw=0x404, @enumerated={0x55d3, 0x7, "bf154d70dcfcea02faacb07c4222db1f207fdb681dc9b0bf2c6c9ce16d51ebc73df6a7aa16659cd5e4dc8374caf945548e604179f1f87c3bd8701d3d5c3d998c", 0xffffffffffffffff, 0x91e0}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) execve$auto(0x0, 0x0, 0x0) execve$auto(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)='-7', 0x2) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/blank\x00', 0xa001, 0x0) 0s ago: executing program 1 (id=1197): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/drivers/pcieport/new_id\x00', 0x8a684, 0x0) read$auto(r0, &(0x7f0000000000)='/sys/devices/platform/vhci_hcd.8/usb26/descriptors\x00', 0x9) getrandom$auto(0x0, 0x6000000, 0x3) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x200408d1) close_range$auto(r0, 0x8, 0xb) mremap$auto(0x4, 0x7f, 0x3fd6, 0x3, 0x20000000) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x700, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyua\x00', 0x20a04, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/addr_prefs\x00', 0x102, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x6}, 0x3) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0xfffffffffffffff8, 0xef3f, 0x0, 0x17, r3, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r4, 0x200, 0x1) r5 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000100)='/dev/usbmon29\x00', 0x2, 0x0) close_range$auto(r1, r5, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x5, 0x0) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) sendto$auto(0x3, 0x0, 0x2000f, 0x13f, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000700), 0xffffffffffffffff) kernel console output (not intermixed with test programs): 4410][ T7669] ? __fget_files+0x20e/0x3c0 [ 187.784451][ T7669] __x64_sys_open+0x153/0x1e0 [ 187.784484][ T7669] ? __pfx___x64_sys_open+0x10/0x10 [ 187.784520][ T7669] ? rcu_is_watching+0x12/0xc0 [ 187.784550][ T7669] do_syscall_64+0xcd/0x490 [ 187.784577][ T7669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.784602][ T7669] RIP: 0033:0x7f639cf8e929 [ 187.784622][ T7669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.784645][ T7669] RSP: 002b:00007f639ddc2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 187.784668][ T7669] RAX: ffffffffffffffda RBX: 00007f639d1b6080 RCX: 00007f639cf8e929 [ 187.784685][ T7669] RDX: 00000000000000c0 RSI: 0000000000008000 RDI: 0000200000000580 [ 187.784701][ T7669] RBP: 00007f639ddc2090 R08: 0000000000000000 R09: 0000000000000000 [ 187.784716][ T7669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 187.784731][ T7669] R13: 0000000000000001 R14: 00007f639d1b6080 R15: 00007ffc5b65f598 [ 187.784765][ T7669] syzkaller syzkaller login: [ 188.336969][ T7680] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 188.677989][ T7690] sysfs_service_op_store: Client not running :-5: [ 188.690109][ T7690] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 188.720154][ T7690] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 188.764632][ T7691] FAULT_INJECTION: forcing a failure. [ 188.764632][ T7691] name failslab, interval 1, probability 0, space 0, times 0 [ 188.777625][ T7691] CPU: 0 UID: 0 PID: 7691 Comm: syz.0.388 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 188.777663][ T7691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 188.777674][ T7691] Call Trace: [ 188.777679][ T7691] [ 188.777685][ T7691] dump_stack_lvl+0x16c/0x1f0 [ 188.777712][ T7691] should_fail_ex+0x512/0x640 [ 188.777733][ T7691] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 188.777753][ T7691] should_failslab+0xc2/0x120 [ 188.777767][ T7691] __kmalloc_cache_noprof+0x6a/0x3e0 [ 188.777785][ T7691] ? nci_allocate_device+0x105/0x430 [ 188.777806][ T7691] nci_allocate_device+0x105/0x430 [ 188.777825][ T7691] virtual_ncidev_open+0x6f/0x220 [ 188.777842][ T7691] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 188.777858][ T7691] misc_open+0x35d/0x420 [ 188.777875][ T7691] ? __pfx_misc_open+0x10/0x10 [ 188.777891][ T7691] chrdev_open+0x231/0x6a0 [ 188.777911][ T7691] ? __pfx_apparmor_file_open+0x10/0x10 [ 188.777929][ T7691] ? __pfx_chrdev_open+0x10/0x10 [ 188.777950][ T7691] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 188.777971][ T7691] do_dentry_open+0x744/0x1c10 [ 188.777991][ T7691] ? __pfx_chrdev_open+0x10/0x10 [ 188.778014][ T7691] vfs_open+0x82/0x3f0 [ 188.778031][ T7691] path_openat+0x1de4/0x2cb0 [ 188.778055][ T7691] ? __pfx_path_openat+0x10/0x10 [ 188.778075][ T7691] ? __lock_acquire+0xb8a/0x1c90 [ 188.778095][ T7691] do_filp_open+0x20b/0x470 [ 188.778114][ T7691] ? __pfx_do_filp_open+0x10/0x10 [ 188.778146][ T7691] ? alloc_fd+0x471/0x7d0 [ 188.778174][ T7691] do_sys_openat2+0x11b/0x1d0 [ 188.778189][ T7691] ? __pfx_do_sys_openat2+0x10/0x10 [ 188.778212][ T7691] __x64_sys_openat+0x174/0x210 [ 188.778228][ T7691] ? __pfx___x64_sys_openat+0x10/0x10 [ 188.778252][ T7691] do_syscall_64+0xcd/0x490 [ 188.778267][ T7691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.778282][ T7691] RIP: 0033:0x7f639cf8e929 [ 188.778294][ T7691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.778307][ T7691] RSP: 002b:00007f639dde3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 188.778320][ T7691] RAX: ffffffffffffffda RBX: 00007f639d1b5fa0 RCX: 00007f639cf8e929 [ 188.778330][ T7691] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 188.778339][ T7691] RBP: 00007f639d010b39 R08: 0000000000000000 R09: 0000000000000000 [ 188.778347][ T7691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 188.778355][ T7691] R13: 0000000000000000 R14: 00007f639d1b5fa0 R15: 00007ffc5b65f598 [ 188.778374][ T7691] [ 188.785887][ T7691] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 189.249709][ T7700] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 189.739676][ T7713] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 189.758561][ T7713] netlink: 'syz.3.396': attribute type 1 has an invalid length. [ 190.048606][ T7713] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 190.065119][ T7713] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 190.094168][ T7713] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 190.124603][ T7713] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 190.204040][ T7719] FAULT_INJECTION: forcing a failure. [ 190.204040][ T7719] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 190.241743][ T7719] CPU: 0 UID: 0 PID: 7719 Comm: syz.1.398 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 190.241778][ T7719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.241790][ T7719] Call Trace: [ 190.241798][ T7719] [ 190.241807][ T7719] dump_stack_lvl+0x16c/0x1f0 [ 190.241851][ T7719] should_fail_ex+0x512/0x640 [ 190.241893][ T7719] should_fail_alloc_page+0xe7/0x130 [ 190.241918][ T7719] prepare_alloc_pages+0x3c2/0x610 [ 190.241954][ T7719] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 190.241998][ T7719] ? __lock_acquire+0x622/0x1c90 [ 190.242034][ T7719] ? __lock_acquire+0x622/0x1c90 [ 190.242075][ T7719] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 190.242130][ T7719] ? filemap_get_entry+0x1a7/0x3b0 [ 190.242156][ T7719] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 190.242196][ T7719] ? policy_nodemask+0xea/0x4e0 [ 190.242239][ T7719] alloc_pages_mpol+0x1fb/0x550 [ 190.242264][ T7719] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 190.242287][ T7719] ? _raw_spin_unlock+0x28/0x50 [ 190.242319][ T7719] ? swap_entry_swapped+0x122/0x190 [ 190.242355][ T7719] ? __pfx_swap_entry_swapped+0x10/0x10 [ 190.242397][ T7719] folio_alloc_mpol_noprof+0x36/0x2f0 [ 190.242428][ T7719] __read_swap_cache_async+0x3b6/0x5a0 [ 190.242468][ T7719] ? __pfx___read_swap_cache_async+0x10/0x10 [ 190.242502][ T7719] ? swp_swap_info+0xce/0x130 [ 190.242526][ T7719] ? __pfx_swp_swap_info+0x10/0x10 [ 190.242559][ T7719] swap_cluster_readahead+0x3eb/0x710 [ 190.242601][ T7719] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 190.242657][ T7719] ? get_vma_policy+0x242/0x3c0 [ 190.242682][ T7719] swapin_readahead+0x13a/0xd60 [ 190.242725][ T7719] ? __pfx_swapin_readahead+0x10/0x10 [ 190.242755][ T7719] ? __filemap_get_folio+0x32b/0xc30 [ 190.242788][ T7719] ? swap_cache_get_folio+0x1df/0x450 [ 190.242822][ T7719] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 190.242852][ T7719] ? __pfx_get_swap_device+0x10/0x10 [ 190.242891][ T7719] ? do_swap_page+0x125/0x65c0 [ 190.242924][ T7719] do_swap_page+0x635/0x65c0 [ 190.242955][ T7719] ? __lock_acquire+0x622/0x1c90 [ 190.242999][ T7719] ? __pfx_do_swap_page+0x10/0x10 [ 190.243029][ T7719] ? __pfx_default_wake_function+0x10/0x10 [ 190.243063][ T7719] ? rcu_is_watching+0x12/0xc0 [ 190.243095][ T7719] ? ___pte_offset_map+0x1d5/0x570 [ 190.243129][ T7719] __handle_mm_fault+0x162f/0x5490 [ 190.243173][ T7719] ? __pfx___handle_mm_fault+0x10/0x10 [ 190.243202][ T7719] ? __pfx_mt_find+0x10/0x10 [ 190.243252][ T7719] ? find_vma+0xbf/0x140 [ 190.243276][ T7719] ? __pfx_find_vma+0x10/0x10 [ 190.243304][ T7719] handle_mm_fault+0x589/0xd10 [ 190.243335][ T7719] ? __pkru_allows_pkey+0x41/0xb0 [ 190.243370][ T7719] do_user_addr_fault+0x7a6/0x1370 [ 190.243406][ T7719] ? rcu_is_watching+0x12/0xc0 [ 190.243434][ T7719] exc_page_fault+0x5c/0xb0 [ 190.243471][ T7719] asm_exc_page_fault+0x26/0x30 [ 190.243497][ T7719] RIP: 0010:__put_user_8+0xd/0x20 [ 190.243533][ T7719] Code: 89 01 31 c9 0f 01 ca e9 81 5a 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca e9 56 5a 03 00 66 0f 1f 44 00 00 90 90 90 [ 190.243556][ T7719] RSP: 0018:ffffc9001b29fd40 EFLAGS: 00050246 [ 190.243577][ T7719] RAX: 0000000000000400 RBX: 0000000000000000 RCX: 0000000000000000 [ 190.243591][ T7719] RDX: 1ffff1100559ecc4 RSI: ffffffff87beefae RDI: ffff88802acf6620 [ 190.243608][ T7719] RBP: ffff88802acf6000 R08: 46826513d4a3981e R09: 0000000000000000 [ 190.243624][ T7719] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff92003653faf [ 190.243639][ T7719] R13: ffffc9001b29fdb8 R14: ffffc9001b29fdf8 R15: ffffc9001b29fe48 [ 190.243669][ T7719] ? rtc_dev_ioctl+0x96e/0xdd0 [ 190.243706][ T7719] rtc_dev_ioctl+0x9a7/0xdd0 [ 190.243745][ T7719] ? __pfx_rtc_dev_ioctl+0x10/0x10 [ 190.243788][ T7719] ? find_held_lock+0x2b/0x80 [ 190.243831][ T7719] ? __pfx_rtc_dev_ioctl+0x10/0x10 [ 190.243868][ T7719] __x64_sys_ioctl+0x18b/0x210 [ 190.243901][ T7719] do_syscall_64+0xcd/0x490 [ 190.243927][ T7719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.243951][ T7719] RIP: 0033:0x7fec9798e929 [ 190.243970][ T7719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.243992][ T7719] RSP: 002b:00007fec98801038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 190.244014][ T7719] RAX: ffffffffffffffda RBX: 00007fec97bb5fa0 RCX: 00007fec9798e929 [ 190.244031][ T7719] RDX: 0000000000000000 RSI: 000000008008700b RDI: 0000000000000005 [ 190.244045][ T7719] RBP: 00007fec98801090 R08: 0000000000000000 R09: 0000000000000000 [ 190.244060][ T7719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.244081][ T7719] R13: 0000000000000000 R14: 00007fec97bb5fa0 R15: 00007ffea18bdfa8 [ 190.244115][ T7719] [ 191.926297][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 192.077380][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 192.155829][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 192.155837][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 192.313136][ T7746] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 192.395153][ T7746] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 192.403325][ T7746] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 192.410500][ T7746] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 192.447329][ T7759] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 192.827451][ T7758] netlink: 8 bytes leftover after parsing attributes in process `syz.3.406'. [ 194.240991][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.248262][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.315617][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 194.395486][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 194.476299][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 194.482374][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 195.726691][ T7823] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 syzkaller syzkaller login: [ 196.217152][ T7824] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 197.029389][ T7851] FAULT_INJECTION: forcing a failure. [ 197.029389][ T7851] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 197.068602][ T7851] CPU: 1 UID: 0 PID: 7851 Comm: syz.3.427 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 197.068639][ T7851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 197.068654][ T7851] Call Trace: [ 197.068662][ T7851] [ 197.068672][ T7851] dump_stack_lvl+0x16c/0x1f0 [ 197.068716][ T7851] should_fail_ex+0x512/0x640 [ 197.068757][ T7851] should_fail_alloc_page+0xe7/0x130 [ 197.068785][ T7851] prepare_alloc_pages+0x3c2/0x610 [ 197.068821][ T7851] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 197.068867][ T7851] ? __lock_acquire+0x622/0x1c90 [ 197.068909][ T7851] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 197.068967][ T7851] ? find_held_lock+0x2b/0x80 [ 197.068993][ T7851] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 197.069033][ T7851] ? policy_nodemask+0xea/0x4e0 [ 197.069076][ T7851] alloc_pages_mpol+0x1fb/0x550 [ 197.069103][ T7851] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 197.069139][ T7851] folio_alloc_mpol_noprof+0x36/0x2f0 [ 197.069170][ T7851] shmem_alloc_folio+0x135/0x160 [ 197.069203][ T7851] shmem_alloc_and_add_folio+0x499/0xc20 [ 197.069246][ T7851] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 197.069286][ T7851] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 197.069328][ T7851] shmem_get_folio_gfp+0x67f/0x1600 [ 197.069373][ T7851] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 197.069412][ T7851] ? filemap_map_pages+0xf6f/0x1680 [ 197.069453][ T7851] shmem_fault+0x1fe/0xa30 [ 197.069487][ T7851] ? __lock_acquire+0x622/0x1c90 [ 197.069519][ T7851] ? __pfx_shmem_fault+0x10/0x10 [ 197.069557][ T7851] ? rcu_is_watching+0x12/0xc0 [ 197.069590][ T7851] ? __pfx_filemap_map_pages+0x10/0x10 [ 197.069639][ T7851] __do_fault+0x10a/0x490 [ 197.069680][ T7851] __handle_mm_fault+0x3c2a/0x5490 [ 197.069723][ T7851] ? __pfx___handle_mm_fault+0x10/0x10 [ 197.069753][ T7851] ? __pfx_mt_find+0x10/0x10 [ 197.069801][ T7851] ? find_vma+0xbf/0x140 [ 197.069825][ T7851] ? __pfx_find_vma+0x10/0x10 [ 197.069855][ T7851] handle_mm_fault+0x589/0xd10 [ 197.069889][ T7851] ? __pkru_allows_pkey+0x41/0xb0 [ 197.069925][ T7851] do_user_addr_fault+0x7a6/0x1370 [ 197.069959][ T7851] ? rcu_is_watching+0x12/0xc0 [ 197.069988][ T7851] exc_page_fault+0x5c/0xb0 [ 197.070026][ T7851] asm_exc_page_fault+0x26/0x30 [ 197.070051][ T7851] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 197.070082][ T7851] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 197.070106][ T7851] RSP: 0018:ffffc9001b30fca8 EFLAGS: 00050206 [ 197.070126][ T7851] RAX: 0000000000000001 RBX: 0000000000000004 RCX: 0000000000000038 [ 197.070142][ T7851] RDX: fffff52003661fa8 RSI: 0000000000000004 RDI: ffffc9001b30fd08 [ 197.070158][ T7851] RBP: 0000000000000038 R08: 0000000000000001 R09: fffff52003661fa7 [ 197.070173][ T7851] R10: ffffc9001b30fd3f R11: 0000000000000001 R12: 0000000000000000 [ 197.070188][ T7851] R13: ffffc9001b30fd08 R14: ffffc9001b30fd08 R15: 0000000000000004 [ 197.070225][ T7851] _copy_from_user+0x98/0xd0 [ 197.070269][ T7851] ? __pfx_vlan_ioctl_handler+0x10/0x10 [ 197.070295][ T7851] vlan_ioctl_handler+0xa4/0xa70 [ 197.070322][ T7851] ? __pfx___mutex_lock+0x10/0x10 [ 197.070345][ T7851] ? __pfx_vlan_ioctl_handler+0x10/0x10 [ 197.070392][ T7851] ? __pfx_vlan_ioctl_handler+0x10/0x10 [ 197.070419][ T7851] sock_ioctl+0x4bb/0x6b0 [ 197.070452][ T7851] ? __pfx_sock_ioctl+0x10/0x10 [ 197.070480][ T7851] ? hook_file_ioctl_common+0x145/0x410 [ 197.070517][ T7851] ? __fget_files+0x20e/0x3c0 [ 197.070556][ T7851] ? __pfx_sock_ioctl+0x10/0x10 [ 197.070598][ T7851] __x64_sys_ioctl+0x18b/0x210 [ 197.070631][ T7851] do_syscall_64+0xcd/0x490 [ 197.070657][ T7851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.070682][ T7851] RIP: 0033:0x7f90b418e929 [ 197.070702][ T7851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.070724][ T7851] RSP: 002b:00007f90b4f93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 197.070747][ T7851] RAX: ffffffffffffffda RBX: 00007f90b43b5fa0 RCX: 00007f90b418e929 [ 197.070763][ T7851] RDX: 0000000000000004 RSI: 0000000000008983 RDI: 0000000000000003 [ 197.070778][ T7851] RBP: 00007f90b4f93090 R08: 0000000000000000 R09: 0000000000000000 [ 197.070793][ T7851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.070808][ T7851] R13: 0000000000000000 R14: 00007f90b43b5fa0 R15: 00007fff1b3b5328 [ 197.070843][ T7851] [ 197.616907][ T7853] netlink: 48 bytes leftover after parsing attributes in process `syz.2.428'. [ 198.061712][ T7861] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 198.107318][ T7869] aoe: copy from user failed [ 198.120728][ T7869] aoe: could not set interface list: too many interfaces [ 198.321542][ T7872] netlink: 8 bytes leftover after parsing attributes in process `syz.1.433'. [ 198.980008][ T5848] udevd[5848]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 199.392170][ T30] audit: type=1804 audit(6045407557.459:5): pid=7893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.434" name="/newroot/104/file0" dev="tmpfs" ino=570 res=1 errno=0 [ 199.421163][ T30] audit: type=1800 audit(6045407557.489:6): pid=7893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.434" name="file0" dev="tmpfs" ino=570 res=0 errno=0 [ 200.292600][ T7911] aoe: copy from user failed [ 200.298763][ T7911] aoe: could not set interface list: too many interfaces [ 200.450188][ T7916] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 200.913377][ T7928] netlink: 48 bytes leftover after parsing attributes in process `syz.1.446'. [ 201.520948][ T7930] Process accounting paused [ 202.121689][ T7951] FAULT_INJECTION: forcing a failure. [ 202.121689][ T7951] name failslab, interval 1, probability 0, space 0, times 0 [ 202.259469][ T7951] CPU: 1 UID: 0 PID: 7951 Comm: syz.2.452 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 202.259491][ T7951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 202.259499][ T7951] Call Trace: [ 202.259504][ T7951] [ 202.259509][ T7951] dump_stack_lvl+0x16c/0x1f0 [ 202.259534][ T7951] should_fail_ex+0x512/0x640 [ 202.259553][ T7951] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 202.259575][ T7951] should_failslab+0xc2/0x120 [ 202.259588][ T7951] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 202.259607][ T7951] ? sk_prot_alloc+0x60/0x2a0 [ 202.259626][ T7951] sk_prot_alloc+0x60/0x2a0 [ 202.259641][ T7951] sk_alloc+0x36/0xc20 [ 202.259661][ T7951] inet6_create+0x381/0x1300 [ 202.259676][ T7951] ? inet6_create+0x7f/0x1300 [ 202.259691][ T7951] __sock_create+0x338/0x8d0 [ 202.259711][ T7951] __sys_socket+0x14d/0x260 [ 202.259727][ T7951] ? __pfx___sys_socket+0x10/0x10 [ 202.259743][ T7951] ? xfd_validate_state+0x61/0x180 [ 202.259760][ T7951] ? __pfx___do_sys_close_range+0x10/0x10 [ 202.259783][ T7951] __x64_sys_socket+0x72/0xb0 [ 202.259798][ T7951] ? lockdep_hardirqs_on+0x7c/0x110 [ 202.259817][ T7951] do_syscall_64+0xcd/0x490 [ 202.259831][ T7951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.259845][ T7951] RIP: 0033:0x7f16f3d8e929 [ 202.259857][ T7951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.259869][ T7951] RSP: 002b:00007f16f4cbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 202.259883][ T7951] RAX: ffffffffffffffda RBX: 00007f16f3fb5fa0 RCX: 00007f16f3d8e929 [ 202.259892][ T7951] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 080000000000000a [ 202.259900][ T7951] RBP: 00007f16f3e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 202.259908][ T7951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 202.259916][ T7951] R13: 0000000000000000 R14: 00007f16f3fb5fa0 R15: 00007ffe01c3d728 [ 202.259933][ T7951] [ 202.583603][ T7965] Scaler: ================= START STATUS ================= [ 202.607027][ T7965] Scaler: ================== END STATUS ================== [ 202.915134][ T7979] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 203.618220][ T7983] netlink: 338 bytes leftover after parsing attributes in process `syz.1.458'. [ 203.649739][ T7983] netlink: 338 bytes leftover after parsing attributes in process `syz.1.458'. [ 203.810700][ T7994] netlink: 210 bytes leftover after parsing attributes in process `syz.1.458'. [ 204.419263][ T8009] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 204.463066][ T8009] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 204.476824][ T8009] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 204.484345][ T8009] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 204.617982][ T8016] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 205.233761][ T8032] Invalid ELF header magic: != ELF [ 205.242266][ T8030] Invalid ELF header magic: != ELF [ 206.505591][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 206.505597][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 206.555635][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 206.561719][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 208.076742][ T8082] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 209.605306][ T8102] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 210.407759][ T8122] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 211.095286][ T8134] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 211.132297][ T8136] FAULT_INJECTION: forcing a failure. [ 211.132297][ T8136] name failslab, interval 1, probability 0, space 0, times 0 [ 211.175594][ T8136] CPU: 1 UID: 0 PID: 8136 Comm: syz.0.491 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 211.175630][ T8136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.175643][ T8136] Call Trace: [ 211.175652][ T8136] [ 211.175660][ T8136] dump_stack_lvl+0x16c/0x1f0 [ 211.175703][ T8136] should_fail_ex+0x512/0x640 [ 211.175739][ T8136] ? __kmalloc_noprof+0xbf/0x510 [ 211.175777][ T8136] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 211.175813][ T8136] should_failslab+0xc2/0x120 [ 211.175837][ T8136] __kmalloc_noprof+0xd2/0x510 [ 211.175881][ T8136] ? __pfx___mutex_trylock_common+0x10/0x10 [ 211.175921][ T8136] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 211.175964][ T8136] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 211.176000][ T8136] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 211.176033][ T8136] ? genl_get_cmd+0x194/0x580 [ 211.176074][ T8136] ? __radix_tree_lookup+0x21f/0x2c0 [ 211.176117][ T8136] genl_rcv_msg+0x55c/0x800 [ 211.176153][ T8136] ? __pfx_genl_rcv_msg+0x10/0x10 [ 211.176185][ T8136] ? __pfx_nbd_genl_status+0x10/0x10 [ 211.176236][ T8136] netlink_rcv_skb+0x158/0x420 [ 211.176264][ T8136] ? __pfx_genl_rcv_msg+0x10/0x10 [ 211.176298][ T8136] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 211.176343][ T8136] ? netlink_deliver_tap+0x1ae/0xd30 [ 211.176376][ T8136] genl_rcv+0x28/0x40 [ 211.176403][ T8136] netlink_unicast+0x53a/0x7f0 [ 211.176436][ T8136] ? __pfx_netlink_unicast+0x10/0x10 [ 211.176475][ T8136] netlink_sendmsg+0x8d1/0xdd0 [ 211.176510][ T8136] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.176549][ T8136] ____sys_sendmsg+0xa98/0xc70 [ 211.176581][ T8136] ? copy_msghdr_from_user+0x10a/0x160 [ 211.176616][ T8136] ? __pfx_____sys_sendmsg+0x10/0x10 [ 211.176660][ T8136] ___sys_sendmsg+0x134/0x1d0 [ 211.176692][ T8136] ? __pfx____sys_sendmsg+0x10/0x10 [ 211.176720][ T8136] ? __lock_acquire+0x622/0x1c90 [ 211.176783][ T8136] __sys_sendmsg+0x16d/0x220 [ 211.176814][ T8136] ? __pfx___sys_sendmsg+0x10/0x10 [ 211.176874][ T8136] do_syscall_64+0xcd/0x490 [ 211.176896][ T8136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.176917][ T8136] RIP: 0033:0x7f639cf8e929 [ 211.176934][ T8136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.176953][ T8136] RSP: 002b:00007f639dde3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.176972][ T8136] RAX: ffffffffffffffda RBX: 00007f639d1b5fa0 RCX: 00007f639cf8e929 [ 211.176986][ T8136] RDX: 0000000000000040 RSI: 0000200000000300 RDI: 0000000000000004 [ 211.176999][ T8136] RBP: 00007f639dde3090 R08: 0000000000000000 R09: 0000000000000000 [ 211.177012][ T8136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.177023][ T8136] R13: 0000000000000000 R14: 00007f639d1b5fa0 R15: 00007ffc5b65f598 [ 211.177052][ T8136] [ 212.461071][ T8154] netlink: 8 bytes leftover after parsing attributes in process `syz.3.495'. [ 212.518642][ T8155] ACPI: Can not change Invalid GPE/Fixed Event status [ 212.722422][ T8159] ptrace attach of "./syz-executor exec"[8160] was attempted by "./syz-executor exec"[8159] syzkaller syzkaller login: [ 212.852294][ T8164] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 213.980557][ T8183] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 214.277106][ T8191] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 214.452791][ T8191] netlink: 28 bytes leftover after parsing attributes in process `syz.1.500'. [ 214.539222][ T8195] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 214.556328][ T8195] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 214.581462][ T8195] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 214.673589][ T8195] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 215.604419][ T8214] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 216.419765][ T8234] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 216.559416][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 216.636023][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 216.642239][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 216.717386][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 216.783930][ T8246] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 216.917825][ T8250] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 218.260279][ T8270] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 218.452477][ T8275] netlink: 8 bytes leftover after parsing attributes in process `syz.0.524'. [ 218.488417][ T8276] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 219.376331][ T8300] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 219.383524][ T8300] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 219.391906][ T8300] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 219.398632][ T8300] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 219.527338][ T8307] usb usb22: usbfs: interface 0 claimed by hub while 'syz.2.533' sets config #32769 [ 219.976834][ T8317] size and base must be multiples of 4 kiB [ 219.982793][ T8317] CPU: 0 UID: 0 PID: 8317 Comm: syz.2.536 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 219.982830][ T8317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.982845][ T8317] Call Trace: [ 219.982854][ T8317] [ 219.982864][ T8317] dump_stack_lvl+0x16c/0x1f0 [ 219.982910][ T8317] mtrr_add+0xdf/0x110 [ 219.982944][ T8317] mtrr_ioctl+0x7ef/0xcf0 [ 219.983001][ T8317] ? __pfx_mtrr_ioctl+0x10/0x10 [ 219.983040][ T8317] ? find_held_lock+0x2b/0x80 [ 219.983075][ T8317] ? __fget_files+0x20e/0x3c0 [ 219.983113][ T8317] ? __pfx_mtrr_ioctl+0x10/0x10 [ 219.983145][ T8317] proc_reg_unlocked_ioctl+0x226/0x320 [ 219.983184][ T8317] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 219.983225][ T8317] __x64_sys_ioctl+0x18b/0x210 [ 219.983258][ T8317] do_syscall_64+0xcd/0x490 [ 219.983286][ T8317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.983313][ T8317] RIP: 0033:0x7f16f3d8e929 [ 219.983335][ T8317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.983360][ T8317] RSP: 002b:00007f16f4cbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 219.983385][ T8317] RAX: ffffffffffffffda RBX: 00007f16f3fb5fa0 RCX: 00007f16f3d8e929 [ 219.983403][ T8317] RDX: 0000000000000007 RSI: 0000000040104d01 RDI: 0000000000000003 [ 219.983419][ T8317] RBP: 00007f16f3e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 219.983435][ T8317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 219.983451][ T8317] R13: 0000000000000000 R14: 00007f16f3fb5fa0 R15: 00007ffe01c3d728 [ 219.983487][ T8317] [ 220.347584][ T8325] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present syzkaller syzkaller login: [ 221.436004][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 221.448727][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 221.454758][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 221.460964][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout [ 221.755106][ T8348] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 221.960256][ T8344] zswap: compressor not available [ 222.009730][ T8343] Setting dangerous option i915.mitigations - tainting kernel [ 222.777641][ T8378] blktrace: Concurrent blktraces are not allowed on nbd3 [ 223.020763][ T8383] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 223.041725][ T8383] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 223.048507][ T8383] FAULT_INJECTION: forcing a failure. [ 223.048507][ T8383] name failslab, interval 1, probability 0, space 0, times 0 [ 223.067483][ T8383] CPU: 0 UID: 0 PID: 8383 Comm: syz.2.551 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 223.067521][ T8383] Tainted: [U]=USER [ 223.067529][ T8383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 223.067542][ T8383] Call Trace: [ 223.067551][ T8383] [ 223.067560][ T8383] dump_stack_lvl+0x16c/0x1f0 [ 223.067598][ T8383] should_fail_ex+0x512/0x640 [ 223.067630][ T8383] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 223.067666][ T8383] should_failslab+0xc2/0x120 [ 223.067689][ T8383] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 223.067771][ T8383] ? __pfx___mutex_trylock_common+0x10/0x10 [ 223.067813][ T8383] ? __alloc_skb+0x2b2/0x380 [ 223.067852][ T8383] __alloc_skb+0x2b2/0x380 [ 223.067886][ T8383] ? __pfx___alloc_skb+0x10/0x10 [ 223.067921][ T8383] ? hci_suspend_dev+0x3b8/0x500 [ 223.067959][ T8383] mgmt_send_event+0x44/0x180 [ 223.068000][ T8383] mgmt_suspending+0x88/0xc0 [ 223.068034][ T8383] ? __pfx_mgmt_suspending+0x10/0x10 [ 223.068075][ T8383] hci_suspend_dev+0x3f8/0x500 [ 223.068097][ T8383] ? __pfx_hci_suspend_dev+0x10/0x10 [ 223.068119][ T8383] ? rcu_barrier+0x341/0x6e0 [ 223.068154][ T8383] ? kobject_get+0xbb/0x150 [ 223.068186][ T8383] hci_suspend_notifier+0x28d/0x2f0 [ 223.068217][ T8383] notifier_call_chain+0xb9/0x410 [ 223.068244][ T8383] ? __pfx_hci_suspend_notifier+0x10/0x10 [ 223.068279][ T8383] blocking_notifier_call_chain_robust+0xc8/0x160 [ 223.068313][ T8383] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 223.068357][ T8383] pm_notifier_call_chain_robust+0x27/0x60 [ 223.068386][ T8383] snapshot_open+0x189/0x2b0 [ 223.068409][ T8383] ? __pfx_snapshot_open+0x10/0x10 [ 223.068433][ T8383] misc_open+0x35d/0x420 [ 223.068459][ T8383] ? __pfx_misc_open+0x10/0x10 [ 223.068483][ T8383] chrdev_open+0x231/0x6a0 [ 223.068513][ T8383] ? __pfx_apparmor_file_open+0x10/0x10 [ 223.068539][ T8383] ? __pfx_chrdev_open+0x10/0x10 [ 223.068572][ T8383] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 223.068605][ T8383] do_dentry_open+0x744/0x1c10 [ 223.068634][ T8383] ? __pfx_chrdev_open+0x10/0x10 [ 223.068670][ T8383] vfs_open+0x82/0x3f0 [ 223.068695][ T8383] path_openat+0x1de4/0x2cb0 [ 223.068734][ T8383] ? __pfx_path_openat+0x10/0x10 [ 223.068763][ T8383] ? __lock_acquire+0xb8a/0x1c90 [ 223.068798][ T8383] do_filp_open+0x20b/0x470 [ 223.068827][ T8383] ? __pfx_do_filp_open+0x10/0x10 [ 223.068877][ T8383] ? alloc_fd+0x471/0x7d0 [ 223.068912][ T8383] do_sys_openat2+0x11b/0x1d0 [ 223.068934][ T8383] ? __pfx_do_sys_openat2+0x10/0x10 [ 223.068960][ T8383] ? __fget_files+0x20e/0x3c0 [ 223.068992][ T8383] __x64_sys_openat+0x174/0x210 [ 223.069015][ T8383] ? __pfx___x64_sys_openat+0x10/0x10 [ 223.069036][ T8383] ? ksys_write+0x1ac/0x250 [ 223.069075][ T8383] do_syscall_64+0xcd/0x490 [ 223.069096][ T8383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.069117][ T8383] RIP: 0033:0x7f16f3d8e929 [ 223.069134][ T8383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.069154][ T8383] RSP: 002b:00007f16f4cbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 223.069174][ T8383] RAX: ffffffffffffffda RBX: 00007f16f3fb5fa0 RCX: 00007f16f3d8e929 [ 223.069188][ T8383] RDX: 0000000000000400 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 223.069202][ T8383] RBP: 00007f16f4cbe090 R08: 0000000000000000 R09: 0000000000000000 [ 223.069214][ T8383] R10: 000000000000003f R11: 0000000000000246 R12: 0000000000000002 [ 223.069226][ T8383] R13: 0000000000000000 R14: 00007f16f3fb5fa0 R15: 00007ffe01c3d728 [ 223.069255][ T8383] [ 223.069381][ T8383] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 223.432499][ T8383] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 223.519793][ T8389] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 syzkaller syzkaller login: [ 224.118331][ T8395] FAULT_INJECTION: forcing a failure. [ 224.118331][ T8395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.133531][ T8395] CPU: 1 UID: 0 PID: 8395 Comm: syz.3.553 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 224.133570][ T8395] Tainted: [U]=USER [ 224.133578][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.133591][ T8395] Call Trace: [ 224.133599][ T8395] [ 224.133608][ T8395] dump_stack_lvl+0x16c/0x1f0 [ 224.133651][ T8395] should_fail_ex+0x512/0x640 [ 224.133677][ T8395] _copy_from_user+0x2e/0xd0 [ 224.133707][ T8395] generic_map_update_batch+0x3e9/0x610 [ 224.133734][ T8395] ? __pfx_generic_map_update_batch+0x10/0x10 [ 224.133758][ T8395] ? __pfx_generic_map_update_batch+0x10/0x10 [ 224.133779][ T8395] bpf_map_do_batch+0x5b4/0x680 [ 224.133798][ T8395] __sys_bpf+0x15f3/0x4d80 [ 224.133820][ T8395] ? __pfx___sys_bpf+0x10/0x10 [ 224.133840][ T8395] ? ksys_write+0x190/0x250 [ 224.133862][ T8395] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 224.133906][ T8395] ? fput+0x70/0xf0 [ 224.133935][ T8395] ? ksys_write+0x1ac/0x250 [ 224.133954][ T8395] ? __pfx_ksys_write+0x10/0x10 [ 224.133974][ T8395] __x64_sys_bpf+0x78/0xc0 [ 224.133987][ T8395] ? lockdep_hardirqs_on+0x7c/0x110 [ 224.134006][ T8395] do_syscall_64+0xcd/0x490 [ 224.134021][ T8395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.134035][ T8395] RIP: 0033:0x7f90b418e929 [ 224.134047][ T8395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.134060][ T8395] RSP: 002b:00007f90b4f72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 224.134074][ T8395] RAX: ffffffffffffffda RBX: 00007f90b43b6080 RCX: 00007f90b418e929 [ 224.134084][ T8395] RDX: 0000000000000092 RSI: 0000200000000380 RDI: 000000000000001a [ 224.134092][ T8395] RBP: 00007f90b4f72090 R08: 0000000000000000 R09: 0000000000000000 [ 224.134101][ T8395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 224.134109][ T8395] R13: 0000000000000000 R14: 00007f90b43b6080 R15: 00007fff1b3b5328 [ 224.134127][ T8395] [ 224.738731][ T8401] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 224.772322][ T8401] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 224.853983][ T8401] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 224.911933][ T8401] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 224.939145][ T8409] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 225.298231][ T8419] FAULT_INJECTION: forcing a failure. [ 225.298231][ T8419] name failslab, interval 1, probability 0, space 0, times 0 [ 225.327490][ T8419] CPU: 0 UID: 0 PID: 8419 Comm: syz.3.562 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 225.327536][ T8419] Tainted: [U]=USER [ 225.327545][ T8419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 225.327561][ T8419] Call Trace: [ 225.327569][ T8419] [ 225.327580][ T8419] dump_stack_lvl+0x16c/0x1f0 [ 225.327637][ T8419] should_fail_ex+0x512/0x640 [ 225.327674][ T8419] ? fs_reclaim_acquire+0xae/0x150 [ 225.327709][ T8419] should_failslab+0xc2/0x120 [ 225.327735][ T8419] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 225.327776][ T8419] ? jbd2__journal_start+0x193/0x6a0 [ 225.327817][ T8419] ? __pfx___might_resched+0x10/0x10 [ 225.327847][ T8419] jbd2__journal_start+0x193/0x6a0 [ 225.327892][ T8419] __ext4_journal_start_sb+0x195/0x690 [ 225.327927][ T8419] ? ext4_do_writepages+0xc5f/0x3490 [ 225.327968][ T8419] ext4_do_writepages+0xc5f/0x3490 [ 225.328034][ T8419] ? __pfx_ext4_do_writepages+0x10/0x10 [ 225.328090][ T8419] ? ext4_writepages+0x37a/0x7d0 [ 225.328124][ T8419] ext4_writepages+0x37a/0x7d0 [ 225.328161][ T8419] ? __pfx_ext4_writepages+0x10/0x10 [ 225.328212][ T8419] ? do_writepages+0x4b7/0x600 [ 225.328247][ T8419] ? __pfx_ext4_writepages+0x10/0x10 [ 225.328285][ T8419] do_writepages+0x277/0x600 [ 225.328321][ T8419] ? __pfx_do_writepages+0x10/0x10 [ 225.328351][ T8419] ? do_raw_spin_unlock+0x172/0x230 [ 225.328391][ T8419] ? _raw_spin_unlock+0x28/0x50 [ 225.328430][ T8419] filemap_fdatawrite_wbc+0x104/0x160 [ 225.328467][ T8419] __filemap_fdatawrite_range+0xb2/0xf0 [ 225.328506][ T8419] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 225.328545][ T8419] ? __lock_acquire+0x622/0x1c90 [ 225.328639][ T8419] file_write_and_wait_range+0xca/0x140 [ 225.328686][ T8419] ext4_sync_file+0x310/0xf10 [ 225.328721][ T8419] ? __pfx___up_read+0x10/0x10 [ 225.328759][ T8419] ? __pfx_ext4_sync_file+0x10/0x10 [ 225.328791][ T8419] vfs_fsync_range+0x139/0x220 [ 225.328832][ T8419] __do_sys_msync+0x3cb/0x5c0 [ 225.328878][ T8419] do_syscall_64+0xcd/0x490 [ 225.328906][ T8419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.328933][ T8419] RIP: 0033:0x7f90b418e929 [ 225.328954][ T8419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.328980][ T8419] RSP: 002b:00007f90b4f93038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 225.329004][ T8419] RAX: ffffffffffffffda RBX: 00007f90b43b5fa0 RCX: 00007f90b418e929 [ 225.329021][ T8419] RDX: 0000000400000004 RSI: 0180000000000000 RDI: 000000001ffff000 [ 225.329036][ T8419] RBP: 00007f90b4210b39 R08: 0000000000000000 R09: 0000000000000000 [ 225.329050][ T8419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 225.329065][ T8419] R13: 0000000000000000 R14: 00007f90b43b5fa0 R15: 00007fff1b3b5328 [ 225.329097][ T8419] [ 225.392444][ T8419] EXT4-fs (sda1): ext4_do_writepages: jbd2_start: 9223372036854775789 pages, ino 2021; err -12 [ 225.712728][ T8427] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 226.377950][ T8440] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 226.801227][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 226.801235][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 226.875702][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 226.955601][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 227.247360][ T8458] netlink: 8 bytes leftover after parsing attributes in process `syz.1.571'. [ 228.125909][ T8473] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 228.336203][ T8475] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 228.354328][ T8475] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 228.371477][ T8475] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 228.380797][ T8475] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 230.125273][ T8513] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 230.395658][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 230.395936][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 230.401770][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 230.414399][ T5154] Bluetooth: hci2: command 0x0c1a tx timeout [ 231.011137][ T8527] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 232.409640][ T8520] Process accounting resumed [ 233.003497][ T8569] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 233.105112][ T8575] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 233.419513][ T8578] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 234.479055][ T8590] netlink: 334 bytes leftover after parsing attributes in process `syz.0.597'. [ 234.718597][ T8599] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 234.824861][ T8594] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 236.188284][ T8616] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 236.287056][ T8623] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 236.770489][ T8629] bond0: no command found in slaves file - use +ifname or -ifname [ 236.786202][ T30] audit: type=1800 audit(6045409642.796:7): pid=8635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.606" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 237.826336][ T8650] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 238.180714][ T8651] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 238.596317][ T8673] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 238.854033][ T8680] blktrace: Concurrent blktraces are not allowed on nbd3 [ 239.051295][ T8689] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 239.923233][ T8705] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present syzkaller syzkaller login: [ 239.991991][ T8707] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 240.805285][ T8716] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 240.811436][ T8716] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 240.865675][ T8716] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 240.904790][ T8716] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 241.208426][ T8729] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present syzkaller syzkaller login: [ 242.495270][ T8760] netlink: 8 bytes leftover after parsing attributes in process `syz.0.637'. [ 242.835022][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 242.835029][ T5154] Bluetooth: hci2: command 0x0c1a tx timeout [ 242.917097][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout [ 242.921405][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout [ 243.294599][ T5848] udevd[5848]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 243.499744][ T8772] FAULT_INJECTION: forcing a failure. [ 243.499744][ T8772] name fail_futex, interval 1, probability 0, space 0, times 0 [ 243.580926][ T8772] CPU: 1 UID: 0 PID: 8772 Comm: syz.0.638 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 243.580953][ T8772] Tainted: [U]=USER [ 243.580958][ T8772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 243.580966][ T8772] Call Trace: [ 243.580971][ T8772] [ 243.580976][ T8772] dump_stack_lvl+0x16c/0x1f0 [ 243.581002][ T8772] should_fail_ex+0x512/0x640 [ 243.581024][ T8772] get_futex_key+0x1d0/0x1540 [ 243.581043][ T8772] ? __pfx_get_futex_key+0x10/0x10 [ 243.581059][ T8772] ? __pfx___schedule+0x10/0x10 [ 243.581082][ T8772] futex_wait_setup+0x9d/0x550 [ 243.581106][ T8772] __futex_wait+0x194/0x2f0 [ 243.581125][ T8772] ? __pfx___futex_wait+0x10/0x10 [ 243.581146][ T8772] ? __pfx_futex_wake_mark+0x10/0x10 [ 243.581167][ T8772] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 243.581186][ T8772] ? __hrtimer_setup+0x176/0x280 [ 243.581207][ T8772] ? ktime_add_safe+0x60/0x70 [ 243.581227][ T8772] futex_wait+0xe8/0x380 [ 243.581245][ T8772] ? __pfx_futex_wait+0x10/0x10 [ 243.581263][ T8772] ? __lock_acquire+0xb8a/0x1c90 [ 243.581282][ T8772] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 243.581322][ T8772] do_futex+0x229/0x350 [ 243.581344][ T8772] ? __pfx_do_futex+0x10/0x10 [ 243.581358][ T8772] ? rcu_is_watching+0x12/0xc0 [ 243.581372][ T8772] ? ktime_get+0x200/0x310 [ 243.581392][ T8772] ? lockdep_hardirqs_on+0x7c/0x110 [ 243.581411][ T8772] ? read_tsc+0x9/0x20 [ 243.581427][ T8772] __x64_sys_futex+0x1e0/0x4c0 [ 243.581446][ T8772] ? __pfx___x64_sys_futex+0x10/0x10 [ 243.581462][ T8772] ? xfd_validate_state+0x61/0x180 [ 243.581484][ T8772] do_syscall_64+0xcd/0x490 [ 243.581498][ T8772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.581513][ T8772] RIP: 0033:0x7f639cf8e929 [ 243.581525][ T8772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.581538][ T8772] RSP: 002b:00007ffc5b65f6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 243.581552][ T8772] RAX: ffffffffffffffda RBX: 000000000003b734 RCX: 00007f639cf8e929 [ 243.581561][ T8772] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f639d1b5fac [ 243.581570][ T8772] RBP: 0000000000000032 R08: 00007f639dde4000 R09: 000000185b65f9ef [ 243.581578][ T8772] R10: 00007ffc5b65f7f0 R11: 0000000000000246 R12: 00007f639d1b5fac [ 243.581587][ T8772] R13: 00007ffc5b65f7f0 R14: 000000000003b766 R15: 00007ffc5b65f810 [ 243.581605][ T8772] [ 244.178566][ T8788] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 syzkaller syzkaller login: [ 244.911891][ T8809] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 245.440127][ T8818] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 245.494379][ T8818] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 245.500542][ T8818] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 245.566013][ T8818] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 246.210411][ T8843] aoe: copy from user failed [ 246.224713][ T8843] aoe: could not set interface list: too many interfaces [ 246.588086][ T8855] netlink: 48 bytes leftover after parsing attributes in process `syz.0.654'. [ 246.899956][ T8862] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 246.936156][ T8864] netlink: 146 bytes leftover after parsing attributes in process `syz.3.656'. [ 246.972693][ T8864] netlink: 28 bytes leftover after parsing attributes in process `syz.3.656'. [ 246.984775][ T8864] bridge_slave_1: left allmulticast mode [ 246.990463][ T8864] bridge_slave_1: left promiscuous mode [ 246.996809][ T8864] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.020402][ T8864] bridge_slave_0: left allmulticast mode [ 247.030584][ T8864] bridge_slave_0: left promiscuous mode [ 247.040779][ T8864] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.053979][ T8866] FAULT_INJECTION: forcing a failure. [ 247.053979][ T8866] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 247.070056][ T8866] CPU: 0 UID: 0 PID: 8866 Comm: syz.2.657 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 247.070098][ T8866] Tainted: [U]=USER [ 247.070104][ T8866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 247.070114][ T8866] Call Trace: [ 247.070120][ T8866] [ 247.070127][ T8866] dump_stack_lvl+0x16c/0x1f0 [ 247.070164][ T8866] should_fail_ex+0x512/0x640 [ 247.070194][ T8866] should_fail_alloc_page+0xe7/0x130 [ 247.070217][ T8866] prepare_alloc_pages+0x3c2/0x610 [ 247.070243][ T8866] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 247.070270][ T8866] ? lru_gen_update_size+0x543/0xe10 [ 247.070298][ T8866] ? lru_gen_del_folio+0x32b/0x540 [ 247.070321][ T8866] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 247.070359][ T8866] ? find_held_lock+0x2b/0x80 [ 247.070377][ T8866] ? __pfx___might_resched+0x10/0x10 [ 247.070397][ T8866] ? queue_folios_pte_range+0xf95/0x17b0 [ 247.070430][ T8866] __folio_alloc_noprof+0x11/0x220 [ 247.070456][ T8866] alloc_migration_target+0x2bf/0x770 [ 247.070480][ T8866] migrate_pages_batch+0x3bc/0x31a0 [ 247.070506][ T8866] ? __pfx_alloc_migration_target+0x10/0x10 [ 247.070537][ T8866] ? __pfx_migrate_pages_batch+0x10/0x10 [ 247.070572][ T8866] migrate_pages_sync+0x12d/0x8a0 [ 247.070597][ T8866] ? __pfx_alloc_migration_target+0x10/0x10 [ 247.070626][ T8866] ? __pfx_migrate_pages_sync+0x10/0x10 [ 247.070645][ T8866] ? __pfx_queue_pages_test_walk+0x10/0x10 [ 247.070668][ T8866] ? walk_page_range_mm+0x269/0x8a0 [ 247.070700][ T8866] migrate_pages+0x1b67/0x23b0 [ 247.070725][ T8866] ? __pfx_alloc_migration_target+0x10/0x10 [ 247.070754][ T8866] ? __pfx_migrate_pages+0x10/0x10 [ 247.070775][ T8866] ? queue_pages_range+0x11e/0x180 [ 247.070815][ T8866] ? __pfx___up_read+0x10/0x10 [ 247.070847][ T8866] ? do_migrate_pages+0x458/0x750 [ 247.070875][ T8866] do_migrate_pages+0x48e/0x750 [ 247.070905][ T8866] ? __pfx_do_migrate_pages+0x10/0x10 [ 247.070929][ T8866] ? rcu_is_watching+0x12/0xc0 [ 247.070956][ T8866] ? cap_capable+0xb3/0x250 [ 247.070976][ T8866] ? get_task_mm+0xc2/0xf0 [ 247.071006][ T8866] ? security_capable+0x250/0x260 [ 247.071032][ T8866] kernel_migrate_pages+0x5b0/0x750 [ 247.071057][ T8866] ? __pfx_kernel_migrate_pages+0x10/0x10 [ 247.071087][ T8866] ? ksys_write+0x1ac/0x250 [ 247.071121][ T8866] ? __pfx_ksys_write+0x10/0x10 [ 247.071161][ T8866] __x64_sys_migrate_pages+0x96/0x100 [ 247.071186][ T8866] ? lockdep_hardirqs_on+0x7c/0x110 [ 247.071223][ T8866] do_syscall_64+0xcd/0x490 [ 247.071249][ T8866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.071273][ T8866] RIP: 0033:0x7f16f3d8e929 [ 247.071294][ T8866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.071318][ T8866] RSP: 002b:00007f16f4cbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000100 [ 247.071341][ T8866] RAX: ffffffffffffffda RBX: 00007f16f3fb5fa0 RCX: 00007f16f3d8e929 [ 247.071358][ T8866] RDX: 0000200000000100 RSI: 0000000000000003 RDI: 0000000000000000 [ 247.071374][ T8866] RBP: 00007f16f4cbe090 R08: 0000000000000000 R09: 0000000000000000 [ 247.071389][ T8866] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 247.071405][ T8866] R13: 0000000000000000 R14: 00007f16f3fb5fa0 R15: 00007ffe01c3d728 [ 247.071440][ T8866] [ 247.488771][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout [ 247.544602][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout [ 247.550778][ T5154] Bluetooth: hci2: command 0x0c1a tx timeout [ 247.612401][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout [ 247.852576][ T8880] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 248.061447][ T8885] netlink: 28 bytes leftover after parsing attributes in process `syz.3.660'. [ 249.134242][ T8902] aoe: copy from user failed [ 249.157454][ T8902] aoe: could not set interface list: too many interfaces [ 250.071604][ T8930] [U]  [ 250.074664][ T8930] [U] [ 250.077393][ T8930] [U] [ 250.080111][ T8930] [U] [ 250.085114][ T8930] [U] [ 250.087858][ T8930] [U] [ 250.090587][ T8930] [U] [ 250.093309][ T8930] [U] [ 250.097309][ T8930] [U] [ 250.100037][ T8930] [U] [ 250.102739][ T8930] [U] [ 250.105434][ T8930] [U] [ 250.164200][ T8933] [U] [ 250.451842][ T8930] netlink: 16 bytes leftover after parsing attributes in process `syz.1.674'. [ 250.892655][ T8941] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 250.923860][ T8941] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 250.940339][ T8941] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 250.974295][ T8941] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 250.998550][ T8944] aoe: copy from user failed [ 251.041345][ T8944] aoe: could not set interface list: too many interfaces [ 251.368375][ T8948] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 251.430201][ T8948] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 251.436501][ T8948] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 251.443020][ T8948] Bluetooth: hci3: Opcode 0x0c1a failed: -4 syzkaller syzkaller login: [ 251.590937][ T8953] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 251.767974][ T8964] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 252.925117][ T8995] aoe: copy from user failed [ 252.938124][ T8995] aoe: could not set interface list: too many interfaces [ 252.949067][ T8997] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 253.435969][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 253.499295][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout [ 253.499507][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout [ 253.505407][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 253.867289][ T9016] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 253.960949][ T9024] netlink: 342 bytes leftover after parsing attributes in process `syz.3.696'. [ 254.112699][ T9029] netlink: 326 bytes leftover after parsing attributes in process `syz.3.696'. [ 254.834924][ T9038] aoe: copy from user failed [ 254.862702][ T9038] aoe: could not set interface list: too many interfaces [ 255.576164][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.585238][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 syzkaller syzkaller login: [ 256.063754][ T9059] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 256.562904][ T9069] netlink: 48 bytes leftover after parsing attributes in process `syz.3.708'. [ 257.419831][ T9087] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 258.251840][ T9113] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 syzkaller syzkaller login: [ 258.577639][ T9120] netlink: 48 bytes leftover after parsing attributes in process `syz.3.721'. [ 259.593352][ T9138] netlink: 28 bytes leftover after parsing attributes in process `syz.3.726'. [ 259.714427][ T30] audit: type=1800 audit(6045409665.906:8): pid=9143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.727" name="lu_gp_id" dev="configfs" ino=22271 res=0 errno=0 [ 259.810263][ T5844] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 259.810300][ T5844] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 259.829318][ T5844] Bluetooth: hci3: adv larger than maximum supported [ 259.829361][ T5844] Bluetooth: hci3: adv larger than maximum supported [ 259.846075][ T5844] Bluetooth: hci3: adv larger than maximum supported [ 259.862976][ T5844] Bluetooth: hci3: Unknown advertising packet type: 0x20 [ 259.864638][ T9149] netlink: 48 bytes leftover after parsing attributes in process `syz.1.727'. [ 259.873058][ T5844] Bluetooth: hci3: adv larger than maximum supported [ 260.600118][ T9157] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present syzkaller syzkaller login: [ 261.264962][ T9179] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 261.302755][ T9179] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 262.184702][ T9196] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 262.209542][ T9196] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 262.305068][ T9196] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 262.329807][ T9196] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 262.421133][ T9183] Process accounting paused [ 262.654113][ T9206] nvme_fabrics: missing parameter 'transport=%s' [ 262.671479][ T9206] nvme_fabrics: missing parameter 'nqn=%s' [ 262.682992][ T9209] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 262.769918][ T9209] random: crng reseeded on system resumption [ 263.307751][ T9233] aoe: copy from user failed [ 263.312675][ T9233] aoe: could not set interface list: too many interfaces syzkaller syzkaller login: [ 264.247075][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 264.247093][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 264.322927][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 264.329489][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout [ 264.443374][ T9257] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 264.450253][ T9257] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 264.521151][ T9257] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 264.543216][ T9263] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 264.578049][ T9257] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 264.609646][ T5844] Bluetooth: hci0: unexpected subevent 0x19 length: 252 > 28 [ 264.617179][ T5844] Bluetooth: hci0: Unable to find connection with handle 0xc3d2 [ 265.024904][ T9273] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 265.783878][ T9286] aoe: copy from user failed [ 265.789250][ T9286] aoe: could not set interface list: too many interfaces [ 266.471741][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 266.478912][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 266.551312][ T5844] Bluetooth: hci1: command 0x0c1a tx timeout [ 266.630940][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout [ 266.984912][ T9306] mkiss: ax0: crc mode is auto. [ 267.190811][ T9298] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 267.212109][ T9298] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 267.237234][ T9298] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 267.251498][ T9298] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 267.496073][ T9319] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 267.848226][ T9318] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 268.541079][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 268.608537][ T9343] aoe: copy from user failed [ 268.613680][ T9344] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 268.640963][ T9343] aoe: could not set interface list: too many interfaces [ 268.653979][ T9345] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 268.720081][ T9345] netlink: 28 bytes leftover after parsing attributes in process `syz.0.776'. [ 269.035933][ T9354] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 269.267143][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout [ 269.267257][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 269.273211][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 269.295112][ T9359] FAULT_INJECTION: forcing a failure. [ 269.295112][ T9359] name failslab, interval 1, probability 0, space 0, times 0 [ 269.315521][ T9359] CPU: 0 UID: 0 PID: 9359 Comm: syz.3.778 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 269.315549][ T9359] Tainted: [U]=USER [ 269.315553][ T9359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 269.315562][ T9359] Call Trace: [ 269.315567][ T9359] [ 269.315575][ T9359] dump_stack_lvl+0x16c/0x1f0 [ 269.315601][ T9359] should_fail_ex+0x512/0x640 [ 269.315621][ T9359] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 269.315643][ T9359] should_failslab+0xc2/0x120 [ 269.315657][ T9359] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 269.315675][ T9359] ? nbd_genl_status+0xb3/0x550 [ 269.315695][ T9359] ? __alloc_skb+0x2b2/0x380 [ 269.315715][ T9359] ? __pfx___mutex_lock+0x10/0x10 [ 269.315730][ T9359] __alloc_skb+0x2b2/0x380 [ 269.315749][ T9359] ? __pfx___alloc_skb+0x10/0x10 [ 269.315767][ T9359] ? rcu_is_watching+0x12/0xc0 [ 269.315788][ T9359] nbd_genl_status+0xe2/0x550 [ 269.315810][ T9359] genl_family_rcv_msg_doit+0x209/0x2f0 [ 269.315844][ T9359] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 269.315861][ T9359] ? genl_get_cmd+0x194/0x580 [ 269.315883][ T9359] ? __radix_tree_lookup+0x21f/0x2c0 [ 269.315906][ T9359] genl_rcv_msg+0x55c/0x800 [ 269.315925][ T9359] ? __pfx_genl_rcv_msg+0x10/0x10 [ 269.315943][ T9359] ? __pfx_nbd_genl_status+0x10/0x10 [ 269.315969][ T9359] netlink_rcv_skb+0x158/0x420 [ 269.315984][ T9359] ? __pfx_genl_rcv_msg+0x10/0x10 [ 269.316002][ T9359] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 269.316025][ T9359] ? netlink_deliver_tap+0x1ae/0xd30 [ 269.316042][ T9359] genl_rcv+0x28/0x40 [ 269.316057][ T9359] netlink_unicast+0x53a/0x7f0 [ 269.316075][ T9359] ? __pfx_netlink_unicast+0x10/0x10 [ 269.316095][ T9359] netlink_sendmsg+0x8d1/0xdd0 [ 269.316114][ T9359] ? __pfx_netlink_sendmsg+0x10/0x10 [ 269.316137][ T9359] ____sys_sendmsg+0xa98/0xc70 [ 269.316153][ T9359] ? copy_msghdr_from_user+0x10a/0x160 [ 269.316174][ T9359] ? __pfx_____sys_sendmsg+0x10/0x10 [ 269.316199][ T9359] ___sys_sendmsg+0x134/0x1d0 [ 269.316221][ T9359] ? __pfx____sys_sendmsg+0x10/0x10 [ 269.316239][ T9359] ? __lock_acquire+0x622/0x1c90 [ 269.316280][ T9359] __sys_sendmsg+0x16d/0x220 [ 269.316301][ T9359] ? __pfx___sys_sendmsg+0x10/0x10 [ 269.316334][ T9359] do_syscall_64+0xcd/0x490 [ 269.316348][ T9359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.316362][ T9359] RIP: 0033:0x7f90b418e929 [ 269.316375][ T9359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.316388][ T9359] RSP: 002b:00007f90b4f93038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 269.316402][ T9359] RAX: ffffffffffffffda RBX: 00007f90b43b5fa0 RCX: 00007f90b418e929 [ 269.316412][ T9359] RDX: 0000000000000040 RSI: 0000200000000300 RDI: 0000000000000004 [ 269.316424][ T9359] RBP: 00007f90b4f93090 R08: 0000000000000000 R09: 0000000000000000 [ 269.316433][ T9359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 269.316441][ T9359] R13: 0000000000000000 R14: 00007f90b43b5fa0 R15: 00007fff1b3b5328 [ 269.316460][ T9359] [ 270.409954][ T9376] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 270.924039][ T9366] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 270.937582][ T9366] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 270.965881][ T9366] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 270.984552][ T9366] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 272.015823][ T9400] aoe: copy from user failed [ 272.025692][ T9400] aoe: could not set interface list: too many interfaces [ 272.201938][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 272.264542][ T9404] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 272.404450][ T9410] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 272.941330][ T9414] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 272.997650][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 272.997727][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout [ 273.009728][ T5154] Bluetooth: hci2: command 0x0c1a tx timeout [ 273.690704][ T9425] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 274.206379][ T9439] input: 00 [ 274.206379][ T9439] as /devices/virtual/input/input12 syzkaller syzkaller login: [ 274.855914][ T9454] aoe: copy from user failed [ 274.872170][ T9454] aoe: could not set interface list: too many interfaces [ 275.928856][ T9481] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 275.995640][ T9484] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 syzkaller syzkaller login: [ 277.165733][ T30] audit: type=1800 audit(6045409683.427:9): pid=9507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.806" name="file0" dev="tmpfs" ino=1174 res=0 errno=0 [ 277.709591][ T9528] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 277.724100][ T9527] FAULT_INJECTION: forcing a failure. [ 277.724100][ T9527] name failslab, interval 1, probability 0, space 0, times 0 [ 277.772423][ T9531] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 277.818089][ T9527] CPU: 1 UID: 0 PID: 9527 Comm: syz.2.808 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 277.818116][ T9527] Tainted: [U]=USER [ 277.818121][ T9527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 277.818130][ T9527] Call Trace: [ 277.818135][ T9527] [ 277.818141][ T9527] dump_stack_lvl+0x16c/0x1f0 [ 277.818172][ T9527] should_fail_ex+0x512/0x640 [ 277.818195][ T9527] should_failslab+0xc2/0x120 [ 277.818210][ T9527] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 277.818229][ T9527] ? find_held_lock+0x2b/0x80 [ 277.818242][ T9527] ? dst_alloc+0x99/0x1a0 [ 277.818263][ T9527] dst_alloc+0x99/0x1a0 [ 277.818283][ T9527] rt_dst_alloc+0x35/0x3a0 [ 277.818301][ T9527] ip_route_output_key_hash_rcu+0x87a/0x28f0 [ 277.818327][ T9527] ip_route_output_key_hash+0x137/0x2e0 [ 277.818347][ T9527] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 277.818372][ T9527] ? find_held_lock+0x2b/0x80 [ 277.818388][ T9527] ip_route_output_flow+0x27/0x150 [ 277.818409][ T9527] raw_sendmsg+0xd70/0x3820 [ 277.818435][ T9527] ? __pfx_raw_sendmsg+0x10/0x10 [ 277.818453][ T9527] ? __lock_acquire+0xb8a/0x1c90 [ 277.818474][ T9527] ? kvm_sched_clock_read+0x11/0x20 [ 277.818502][ T9527] ? __pfx___might_resched+0x10/0x10 [ 277.818516][ T9527] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 277.818539][ T9527] ? aa_sk_perm+0x2f4/0xb10 [ 277.818559][ T9527] ? __import_iovec+0x1dd/0x650 [ 277.818571][ T9527] ? __might_fault+0xe3/0x190 [ 277.818589][ T9527] ? __might_fault+0x13b/0x190 [ 277.818607][ T9527] ? __pfx_raw_sendmsg+0x10/0x10 [ 277.818627][ T9527] inet_sendmsg+0x11c/0x140 [ 277.818647][ T9527] ____sys_sendmsg+0x973/0xc70 [ 277.818665][ T9527] ? copy_msghdr_from_user+0x10a/0x160 [ 277.818684][ T9527] ? __pfx_____sys_sendmsg+0x10/0x10 [ 277.818703][ T9527] ? kfree+0x24f/0x4d0 [ 277.818723][ T9527] ___sys_sendmsg+0x134/0x1d0 [ 277.818745][ T9527] ? __pfx____sys_sendmsg+0x10/0x10 [ 277.818782][ T9527] ? __pfx___might_resched+0x10/0x10 [ 277.818800][ T9527] __sys_sendmmsg+0x200/0x420 [ 277.818822][ T9527] ? __pfx___sys_sendmmsg+0x10/0x10 [ 277.818849][ T9527] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 277.818889][ T9527] ? fput+0x70/0xf0 [ 277.818903][ T9527] ? ksys_write+0x1ac/0x250 [ 277.818920][ T9527] ? __pfx_ksys_write+0x10/0x10 [ 277.818941][ T9527] __x64_sys_sendmmsg+0x9c/0x100 [ 277.818961][ T9527] ? lockdep_hardirqs_on+0x7c/0x110 [ 277.818980][ T9527] do_syscall_64+0xcd/0x490 [ 277.818995][ T9527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.819010][ T9527] RIP: 0033:0x7f16f3d8e929 [ 277.819021][ T9527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.819035][ T9527] RSP: 002b:00007f16f4cbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 277.819049][ T9527] RAX: ffffffffffffffda RBX: 00007f16f3fb5fa0 RCX: 00007f16f3d8e929 [ 277.819059][ T9527] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 277.819067][ T9527] RBP: 00007f16f4cbe090 R08: 0000000000000000 R09: 0000000000000000 [ 277.819075][ T9527] R10: 000000000000e000 R11: 0000000000000246 R12: 0000000000000002 [ 277.819084][ T9527] R13: 0000000000000000 R14: 00007f16f3fb5fa0 R15: 00007ffe01c3d728 [ 277.819102][ T9527] [ 278.693476][ T9547] aoe: copy from user failed [ 278.719422][ T9547] aoe: could not set interface list: too many interfaces [ 278.741295][ T9551] FAULT_INJECTION: forcing a failure. [ 278.741295][ T9551] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 278.756784][ T9551] CPU: 1 UID: 0 PID: 9551 Comm: syz.0.813 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 278.756824][ T9551] Tainted: [U]=USER [ 278.756839][ T9551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 278.756853][ T9551] Call Trace: [ 278.756861][ T9551] [ 278.756870][ T9551] dump_stack_lvl+0x16c/0x1f0 [ 278.756913][ T9551] should_fail_ex+0x512/0x640 [ 278.756954][ T9551] _copy_from_user+0x2e/0xd0 [ 278.756994][ T9551] kstrtoint_from_user+0xd6/0x1d0 [ 278.757025][ T9551] ? __pfx_kstrtoint_from_user+0x10/0x10 [ 278.757067][ T9551] ? __lock_acquire+0xb8a/0x1c90 [ 278.757104][ T9551] nsim_dev_hwstats_do_write+0xb6/0xbb0 [ 278.757135][ T9551] ? __debugfs_file_get+0x1fe/0x840 [ 278.757157][ T9551] ? __pfx_nsim_dev_hwstats_do_write+0x10/0x10 [ 278.757194][ T9551] full_proxy_write+0x13c/0x200 [ 278.757217][ T9551] ? __pfx_full_proxy_write+0x10/0x10 [ 278.757238][ T9551] vfs_write+0x29d/0x1150 [ 278.757275][ T9551] ? __pfx___mutex_lock+0x10/0x10 [ 278.757298][ T9551] ? __pfx_vfs_write+0x10/0x10 [ 278.757341][ T9551] ? __fget_files+0x20e/0x3c0 [ 278.757383][ T9551] ksys_write+0x12a/0x250 [ 278.757415][ T9551] ? __pfx_ksys_write+0x10/0x10 [ 278.757460][ T9551] do_syscall_64+0xcd/0x490 [ 278.757485][ T9551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.757510][ T9551] RIP: 0033:0x7f639cf8e929 [ 278.757530][ T9551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.757553][ T9551] RSP: 002b:00007f639dde3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 278.757576][ T9551] RAX: ffffffffffffffda RBX: 00007f639d1b5fa0 RCX: 00007f639cf8e929 [ 278.757593][ T9551] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 278.757611][ T9551] RBP: 00007f639dde3090 R08: 0000000000000000 R09: 0000000000000000 [ 278.757626][ T9551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 278.757641][ T9551] R13: 0000000000000000 R14: 00007f639d1b5fa0 R15: 00007ffc5b65f598 [ 278.757674][ T9551] [ 279.156080][ T9558] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 279.585852][ T9567] netlink: 28 bytes leftover after parsing attributes in process `syz.1.819'. [ 279.610808][ T9567] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 279.639194][ T9567] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 279.675516][ T9567] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 279.765951][ T9567] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 280.315376][ T9580] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 281.044945][ T9595] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 281.562196][ T9607] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 282.348644][ T9620] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 283.613350][ T9631] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 283.642802][ T9631] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 283.648959][ T9631] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 283.714669][ T9631] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 283.892596][ T9638] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 285.224112][ T9675] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 285.342317][ T9673] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 285.660086][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 285.660109][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 285.666211][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout [ 285.741566][ T5154] Bluetooth: hci3: command 0x0c1a tx timeout [ 286.305640][ T9700] overlayfs: missing 'lowerdir' [ 286.464865][ T9698] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 286.471748][ T9698] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 286.507665][ T9698] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 286.565655][ T9698] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 286.971058][ T9712] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 287.788661][ T9727] type: 256 invalid [ 287.892119][ T9729] netlink: 8 bytes leftover after parsing attributes in process `syz.3.855'. [ 288.528300][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout [ 288.529237][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 288.534348][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout [ 288.607196][ T5154] Bluetooth: hci3: command 0x0c1a tx timeout [ 289.131657][ T9752] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 289.375986][ T9758] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 289.539013][ T9762] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 289.557944][ T9722] kexec: Could not allocate control_code_buffer [ 290.586809][ T9776] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 291.574394][ T9798] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 291.907182][ T9806] FAULT_INJECTION: forcing a failure. [ 291.907182][ T9806] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 291.924022][ T9806] CPU: 0 UID: 0 PID: 9806 Comm: syz.1.871 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 291.924066][ T9806] Tainted: [U]=USER [ 291.924073][ T9806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 291.924087][ T9806] Call Trace: [ 291.924095][ T9806] [ 291.924105][ T9806] dump_stack_lvl+0x16c/0x1f0 [ 291.924148][ T9806] should_fail_ex+0x512/0x640 [ 291.924198][ T9806] _copy_from_user+0x2e/0xd0 [ 291.924239][ T9806] generic_map_update_batch+0x380/0x610 [ 291.924289][ T9806] ? __pfx_generic_map_update_batch+0x10/0x10 [ 291.924334][ T9806] ? __pfx_generic_map_update_batch+0x10/0x10 [ 291.924374][ T9806] bpf_map_do_batch+0x5b4/0x680 [ 291.924411][ T9806] __sys_bpf+0x15f3/0x4d80 [ 291.924454][ T9806] ? __pfx___sys_bpf+0x10/0x10 [ 291.924493][ T9806] ? ksys_write+0x190/0x250 [ 291.924534][ T9806] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 291.924595][ T9806] ? fput+0x70/0xf0 [ 291.924618][ T9806] ? ksys_write+0x1ac/0x250 [ 291.924651][ T9806] ? __pfx_ksys_write+0x10/0x10 [ 291.924692][ T9806] __x64_sys_bpf+0x78/0xc0 [ 291.924715][ T9806] ? lockdep_hardirqs_on+0x7c/0x110 [ 291.924752][ T9806] do_syscall_64+0xcd/0x490 [ 291.924778][ T9806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.924804][ T9806] RIP: 0033:0x7fec9798e929 [ 291.924824][ T9806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.924848][ T9806] RSP: 002b:00007fec987e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 291.924872][ T9806] RAX: ffffffffffffffda RBX: 00007fec97bb6080 RCX: 00007fec9798e929 [ 291.924889][ T9806] RDX: 0000000000000092 RSI: 0000200000000380 RDI: 000000000000001a [ 291.924905][ T9806] RBP: 00007fec987e0090 R08: 0000000000000000 R09: 0000000000000000 [ 291.924920][ T9806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 291.924931][ T9806] R13: 0000000000000000 R14: 00007fec97bb6080 R15: 00007ffea18bdfa8 [ 291.924962][ T9806] [ 292.362712][ T9804] Process accounting resumed [ 292.543774][ T9819] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 292.652917][ T9824] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 292.751503][ T9827] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 293.306784][ T9839] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 293.507238][ T9846] nbd: must specify at least one socket [ 293.814699][ T9855] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 293.925079][ T9861] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 294.359168][ T9860] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 295.331921][ T9887] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 295.501409][ T9893] aoe: copy from user failed [ 295.508407][ T9893] aoe: could not set interface list: too many interfaces [ 295.529061][ T9895] aoe: copy from user failed [ 295.541578][ T9895] aoe: could not set interface list: too many interfaces [ 296.211278][ T9914] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 296.816217][ T9924] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 297.096975][ T9929] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 298.018931][ T9950] FAULT_INJECTION: forcing a failure. [ 298.018931][ T9950] name failslab, interval 1, probability 0, space 0, times 0 [ 298.066851][ T9950] CPU: 0 UID: 0 PID: 9950 Comm: syz.3.902 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 298.066896][ T9950] Tainted: [U]=USER [ 298.066904][ T9950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 298.066919][ T9950] Call Trace: [ 298.066927][ T9950] [ 298.066937][ T9950] dump_stack_lvl+0x16c/0x1f0 [ 298.066980][ T9950] should_fail_ex+0x512/0x640 [ 298.067015][ T9950] ? __kmalloc_noprof+0xbf/0x510 [ 298.067054][ T9950] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 298.067090][ T9950] should_failslab+0xc2/0x120 [ 298.067115][ T9950] __kmalloc_noprof+0xd2/0x510 [ 298.067150][ T9950] ? __pfx___mutex_trylock_common+0x10/0x10 [ 298.067193][ T9950] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 298.067236][ T9950] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 298.067272][ T9950] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 298.067303][ T9950] ? rcu_is_watching+0x12/0xc0 [ 298.067343][ T9950] ? bpf_lsm_capable+0x9/0x10 [ 298.067371][ T9950] ? security_capable+0x7e/0x260 [ 298.067403][ T9950] genl_rcv_msg+0x55c/0x800 [ 298.067440][ T9950] ? __pfx_genl_rcv_msg+0x10/0x10 [ 298.067474][ T9950] ? __pfx_macsec_del_rxsa+0x10/0x10 [ 298.067530][ T9950] netlink_rcv_skb+0x158/0x420 [ 298.067559][ T9950] ? __pfx_genl_rcv_msg+0x10/0x10 [ 298.067594][ T9950] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 298.067639][ T9950] ? netlink_deliver_tap+0x1ae/0xd30 [ 298.067672][ T9950] genl_rcv+0x28/0x40 [ 298.067705][ T9950] netlink_unicast+0x53a/0x7f0 [ 298.067738][ T9950] ? __pfx_netlink_unicast+0x10/0x10 [ 298.067778][ T9950] netlink_sendmsg+0x8d1/0xdd0 [ 298.067813][ T9950] ? __pfx_netlink_sendmsg+0x10/0x10 [ 298.067857][ T9950] ____sys_sendmsg+0xa98/0xc70 [ 298.067889][ T9950] ? copy_msghdr_from_user+0x10a/0x160 [ 298.067927][ T9950] ? __pfx_____sys_sendmsg+0x10/0x10 [ 298.067976][ T9950] ___sys_sendmsg+0x134/0x1d0 [ 298.068018][ T9950] ? __pfx____sys_sendmsg+0x10/0x10 [ 298.068054][ T9950] ? __lock_acquire+0x622/0x1c90 [ 298.068134][ T9950] __sys_sendmsg+0x16d/0x220 [ 298.068173][ T9950] ? __pfx___sys_sendmsg+0x10/0x10 [ 298.068238][ T9950] do_syscall_64+0xcd/0x490 [ 298.068265][ T9950] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.068291][ T9950] RIP: 0033:0x7f90b418e929 [ 298.068313][ T9950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.068337][ T9950] RSP: 002b:00007f90b4f72038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 298.068362][ T9950] RAX: ffffffffffffffda RBX: 00007f90b43b6080 RCX: 00007f90b418e929 [ 298.068380][ T9950] RDX: 0000000000044044 RSI: 0000200000006200 RDI: 0000000000000004 [ 298.068396][ T9950] RBP: 00007f90b4f72090 R08: 0000000000000000 R09: 0000000000000000 [ 298.068412][ T9950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.068428][ T9950] R13: 0000000000000000 R14: 00007f90b43b6080 R15: 00007fff1b3b5328 [ 298.068464][ T9950] [ 298.499191][ T9941] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 298.511693][ T9959] netlink: 'syz.0.903': attribute type 1 has an invalid length. [ 298.783476][ T9967] aoe: copy from user failed [ 298.788309][ T9967] aoe: could not set interface list: too many interfaces [ 299.893237][ T9979] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 300.069287][ T9988] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 301.577726][ T9994] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 302.057577][T10009] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 303.171375][T10015] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 303.182921][T10015] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 303.199324][T10015] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 303.249704][T10015] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 303.383771][T10016] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 303.454139][T10036] netlink: 'syz.3.920': attribute type 1 has an invalid length. [ 303.704797][T10045] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 304.441781][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout [ 305.231944][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout [ 305.238479][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 305.321382][ T5154] Bluetooth: hci3: command 0x0c1a tx timeout [ 305.797429][T10064] netlink: 48 bytes leftover after parsing attributes in process `syz.1.924'. [ 306.240061][T10063] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 306.249729][T10063] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 306.258576][T10063] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 306.275419][T10063] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 306.380011][T10070] netlink: 342 bytes leftover after parsing attributes in process `syz.2.926'. [ 307.359232][T10085] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 307.483894][T10085] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 307.587609][T10093] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 307.658379][T10095] aoe: copy from user failed [ 307.709605][T10095] aoe: could not set interface list: too many interfaces [ 308.028797][T10109] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 308.035801][T10109] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 308.064893][T10109] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 308.076544][T10109] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 308.478110][T10127] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 308.886543][T10126] blktrace: Concurrent blktraces are not allowed on nbd3 [ 309.200685][T10138] netlink: 186 bytes leftover after parsing attributes in process `syz.2.945'. [ 309.254248][T10140] Unable to find swap-space signature [ 309.416825][T10144] aoe: copy from user failed [ 309.428657][T10144] aoe: could not set interface list: too many interfaces [ 309.666171][T10153] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 309.767140][T10157] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 310.047496][T10151] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 310.059836][T10165] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 310.086702][ T5154] Bluetooth: hci3: command 0x0c1a tx timeout [ 310.086752][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 310.092831][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 310.098789][ T5844] Bluetooth: hci1: command 0x0c1a tx timeout [ 310.754158][T10174] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 310.984524][T10179] netlink: 8 bytes leftover after parsing attributes in process `syz.1.955'. [ 311.020257][T10179] FAULT_INJECTION: forcing a failure. [ 311.020257][T10179] name failslab, interval 1, probability 0, space 0, times 0 [ 311.034963][T10179] CPU: 0 UID: 0 PID: 10179 Comm: syz.1.955 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 311.035007][T10179] Tainted: [U]=USER [ 311.035015][T10179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 311.035031][T10179] Call Trace: [ 311.035038][T10179] [ 311.035050][T10179] dump_stack_lvl+0x16c/0x1f0 [ 311.035086][T10179] should_fail_ex+0x512/0x640 [ 311.035117][T10179] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 311.035152][T10179] should_failslab+0xc2/0x120 [ 311.035174][T10179] __kmalloc_cache_noprof+0x6a/0x3e0 [ 311.035191][T10179] ? __pfx___debug_object_init+0x10/0x10 [ 311.035206][T10179] ? blk_mq_alloc_tag_set+0x340/0x1260 [ 311.035228][T10179] blk_mq_alloc_tag_set+0x340/0x1260 [ 311.035253][T10179] nbd_dev_add+0x347/0xbc0 [ 311.035275][T10179] ? __pfx_nbd_dev_add+0x10/0x10 [ 311.035306][T10179] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 311.035332][T10179] nbd_genl_connect+0x8b0/0x1c20 [ 311.035356][T10179] ? __pfx_nbd_genl_connect+0x10/0x10 [ 311.035376][T10179] ? __nla_parse+0x40/0x60 [ 311.035392][T10179] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 311.035411][T10179] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 311.035434][T10179] genl_family_rcv_msg_doit+0x209/0x2f0 [ 311.035453][T10179] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 311.035470][T10179] ? genl_get_cmd+0x194/0x580 [ 311.035492][T10179] ? __radix_tree_lookup+0x21f/0x2c0 [ 311.035514][T10179] genl_rcv_msg+0x55c/0x800 [ 311.035533][T10179] ? __pfx_genl_rcv_msg+0x10/0x10 [ 311.035551][T10179] ? __pfx_nbd_genl_connect+0x10/0x10 [ 311.035585][T10179] netlink_rcv_skb+0x158/0x420 [ 311.035600][T10179] ? __pfx_genl_rcv_msg+0x10/0x10 [ 311.035618][T10179] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 311.035646][T10179] genl_rcv+0x28/0x40 [ 311.035661][T10179] netlink_unicast+0x53a/0x7f0 [ 311.035679][T10179] ? __pfx_netlink_unicast+0x10/0x10 [ 311.035700][T10179] ? __alloc_skb+0x1f2/0x380 [ 311.035722][T10179] ? netlink_sendmsg+0x6b2/0xdd0 [ 311.035739][T10179] netlink_sendmsg+0x8d1/0xdd0 [ 311.035759][T10179] ? __pfx_netlink_sendmsg+0x10/0x10 [ 311.035784][T10179] ____sys_sendmsg+0xa98/0xc70 [ 311.035802][T10179] ? copy_msghdr_from_user+0x10a/0x160 [ 311.035825][T10179] ? __pfx_____sys_sendmsg+0x10/0x10 [ 311.035849][T10179] ___sys_sendmsg+0x134/0x1d0 [ 311.035871][T10179] ? __pfx____sys_sendmsg+0x10/0x10 [ 311.035890][T10179] ? __lock_acquire+0x622/0x1c90 [ 311.035931][T10179] __sys_sendmsg+0x16d/0x220 [ 311.035952][T10179] ? __pfx___sys_sendmsg+0x10/0x10 [ 311.035985][T10179] do_syscall_64+0xcd/0x490 [ 311.035999][T10179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.036014][T10179] RIP: 0033:0x7fec9798e929 [ 311.036026][T10179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.036040][T10179] RSP: 002b:00007fec98801038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 311.036054][T10179] RAX: ffffffffffffffda RBX: 00007fec97bb5fa0 RCX: 00007fec9798e929 [ 311.036064][T10179] RDX: 0000000020040000 RSI: 0000200000000500 RDI: 000000000000000a [ 311.036074][T10179] RBP: 00007fec98801090 R08: 0000000000000000 R09: 0000000000000000 [ 311.036083][T10179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.036091][T10179] R13: 0000000000000000 R14: 00007fec97bb5fa0 R15: 00007ffea18bdfa8 [ 311.036109][T10179] [ 311.374043][T10179] nbd: failed to add new device [ 311.431173][T10185] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 311.440643][T10185] db_root: cannot open: /dev/audio1 [ 311.446284][T10186] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 311.455477][T10186] db_root: cannot open: /dev/audio1 [ 311.782112][ T30] audit: type=1800 audit(6045409727.894:10): pid=10186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.956" name="dbroot" dev="configfs" ino=26553 res=0 errno=0 [ 312.119419][T10193] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 312.138464][T10193] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 312.220721][T10193] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 312.264319][T10193] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 312.768922][T10214] FAULT_INJECTION: forcing a failure. [ 312.768922][T10214] name fail_futex, interval 1, probability 0, space 0, times 0 [ 312.788930][T10214] CPU: 0 UID: 0 PID: 10214 Comm: syz.2.963 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 312.788960][T10214] Tainted: [U]=USER [ 312.788965][T10214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 312.788973][T10214] Call Trace: [ 312.788978][T10214] [ 312.788983][T10214] dump_stack_lvl+0x16c/0x1f0 [ 312.789008][T10214] should_fail_ex+0x512/0x640 [ 312.789031][T10214] get_futex_key+0x1d0/0x1540 [ 312.789050][T10214] ? __pfx_get_futex_key+0x10/0x10 [ 312.789063][T10214] ? find_held_lock+0x2b/0x80 [ 312.789079][T10214] ? __lock_acquire+0x622/0x1c90 [ 312.789099][T10214] futex_requeue+0x1f9/0x2030 [ 312.789121][T10214] ? find_held_lock+0x2b/0x80 [ 312.789135][T10214] ? __pfx_futex_requeue+0x10/0x10 [ 312.789155][T10214] ? get_pid_task+0x106/0x250 [ 312.789174][T10214] ? find_held_lock+0x2b/0x80 [ 312.789191][T10214] ? find_held_lock+0x2b/0x80 [ 312.789204][T10214] ? ksys_write+0x190/0x250 [ 312.789225][T10214] do_futex+0x1ad/0x350 [ 312.789243][T10214] ? __pfx_do_futex+0x10/0x10 [ 312.789263][T10214] __x64_sys_futex+0x1e0/0x4c0 [ 312.789281][T10214] ? fput+0x70/0xf0 [ 312.789292][T10214] ? __pfx___x64_sys_futex+0x10/0x10 [ 312.789308][T10214] ? ksys_write+0x1ac/0x250 [ 312.789325][T10214] ? __pfx_ksys_write+0x10/0x10 [ 312.789348][T10214] do_syscall_64+0xcd/0x490 [ 312.789362][T10214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.789377][T10214] RIP: 0033:0x7f16f3d8e929 [ 312.789388][T10214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.789402][T10214] RSP: 002b:00007f16f4c9d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 312.789416][T10214] RAX: ffffffffffffffda RBX: 00007f16f3fb6080 RCX: 00007f16f3d8e929 [ 312.789426][T10214] RDX: 000000000000001f RSI: 0000000000000003 RDI: 0000200000000080 [ 312.789434][T10214] RBP: 00007f16f4c9d090 R08: 0000200000000100 R09: 00000000440a48d3 [ 312.789443][T10214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.789451][T10214] R13: 0000000000000001 R14: 00007f16f3fb6080 R15: 00007ffe01c3d728 [ 312.789469][T10214] [ 314.145690][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 314.145849][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout [ 314.225237][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout [ 314.305014][ T5154] Bluetooth: hci3: command 0x0c1a tx timeout [ 314.504491][T10235] FAULT_INJECTION: forcing a failure. [ 314.504491][T10235] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 314.523827][T10235] CPU: 1 UID: 0 PID: 10235 Comm: syz.2.969 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 314.523869][T10235] Tainted: [U]=USER [ 314.523878][T10235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 314.523892][T10235] Call Trace: [ 314.523901][T10235] [ 314.523911][T10235] dump_stack_lvl+0x16c/0x1f0 [ 314.523956][T10235] should_fail_ex+0x512/0x640 [ 314.523999][T10235] should_fail_alloc_page+0xe7/0x130 [ 314.524027][T10235] prepare_alloc_pages+0x3c2/0x610 [ 314.524065][T10235] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 314.524117][T10235] ? __lock_acquire+0x622/0x1c90 [ 314.524153][T10235] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 314.524193][T10235] ? xa_load+0x153/0x2c0 [ 314.524232][T10235] ? filemap_get_entry+0x1a7/0x3b0 [ 314.524260][T10235] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 314.524299][T10235] ? policy_nodemask+0xea/0x4e0 [ 314.524342][T10235] alloc_pages_mpol+0x1fb/0x550 [ 314.524368][T10235] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 314.524392][T10235] ? _raw_spin_unlock+0x28/0x50 [ 314.524425][T10235] ? swap_entry_swapped+0x122/0x190 [ 314.524464][T10235] ? __pfx_swap_entry_swapped+0x10/0x10 [ 314.524508][T10235] folio_alloc_mpol_noprof+0x36/0x2f0 [ 314.524550][T10235] __read_swap_cache_async+0x3b6/0x5a0 [ 314.524589][T10235] ? __pfx___read_swap_cache_async+0x10/0x10 [ 314.524625][T10235] ? swapcache_clear+0x20/0x30 [ 314.524649][T10235] ? __pfx_swp_swap_info+0x10/0x10 [ 314.524684][T10235] swap_cluster_readahead+0x3eb/0x710 [ 314.524727][T10235] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 314.524786][T10235] ? get_vma_policy+0x242/0x3c0 [ 314.524815][T10235] swapin_readahead+0x13a/0xd60 [ 314.524862][T10235] ? __pfx_swapin_readahead+0x10/0x10 [ 314.524893][T10235] ? __filemap_get_folio+0x32b/0xc30 [ 314.524926][T10235] ? swap_cache_get_folio+0x1df/0x450 [ 314.524961][T10235] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 314.524993][T10235] ? __pfx_get_swap_device+0x10/0x10 [ 314.525033][T10235] ? do_swap_page+0x125/0x65c0 [ 314.525066][T10235] do_swap_page+0x635/0x65c0 [ 314.525097][T10235] ? __lock_acquire+0x622/0x1c90 [ 314.525141][T10235] ? __pfx_do_swap_page+0x10/0x10 [ 314.525172][T10235] ? __pfx_default_wake_function+0x10/0x10 [ 314.525207][T10235] ? rcu_is_watching+0x12/0xc0 [ 314.525233][T10235] ? ___pte_offset_map+0x1d5/0x570 [ 314.525268][T10235] __handle_mm_fault+0x162f/0x5490 [ 314.525311][T10235] ? __pfx___handle_mm_fault+0x10/0x10 [ 314.525340][T10235] ? __pfx_mt_find+0x10/0x10 [ 314.525377][T10235] ? find_vma+0xbf/0x140 [ 314.525395][T10235] ? __pfx_find_vma+0x10/0x10 [ 314.525418][T10235] handle_mm_fault+0x589/0xd10 [ 314.525448][T10235] ? __pkru_allows_pkey+0x41/0xb0 [ 314.525480][T10235] do_user_addr_fault+0x7a6/0x1370 [ 314.525515][T10235] ? rcu_is_watching+0x12/0xc0 [ 314.525550][T10235] exc_page_fault+0x5c/0xb0 [ 314.525583][T10235] asm_exc_page_fault+0x26/0x30 [ 314.525606][T10235] RIP: 0010:__put_user_8+0xd/0x20 [ 314.525642][T10235] Code: 89 01 31 c9 0f 01 ca e9 81 5a 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca e9 56 5a 03 00 66 0f 1f 44 00 00 90 90 90 [ 314.525664][T10235] RSP: 0018:ffffc9000c16fd40 EFLAGS: 00050246 [ 314.525683][T10235] RAX: 0000000000000400 RBX: 0000000000000000 RCX: 0000000000000000 [ 314.525697][T10235] RDX: 1ffff1100559ecc4 RSI: ffffffff87beefae RDI: ffff88802acf6620 [ 314.525713][T10235] RBP: ffff88802acf6000 R08: 46826513d4a3981e R09: 0000000000000000 [ 314.525728][T10235] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff9200182dfaf [ 314.525742][T10235] R13: ffffc9000c16fdb8 R14: ffffc9000c16fdf8 R15: ffffc9000c16fe48 [ 314.525767][T10235] ? rtc_dev_ioctl+0x96e/0xdd0 [ 314.525803][T10235] rtc_dev_ioctl+0x9a7/0xdd0 [ 314.525837][T10235] ? __pfx_rtc_dev_ioctl+0x10/0x10 [ 314.525871][T10235] ? find_held_lock+0x2b/0x80 [ 314.525907][T10235] ? __pfx_rtc_dev_ioctl+0x10/0x10 [ 314.525936][T10235] __x64_sys_ioctl+0x18b/0x210 [ 314.525963][T10235] do_syscall_64+0xcd/0x490 [ 314.525985][T10235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.526005][T10235] RIP: 0033:0x7f16f3d8e929 [ 314.526022][T10235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.526041][T10235] RSP: 002b:00007f16f4cbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 314.526060][T10235] RAX: ffffffffffffffda RBX: 00007f16f3fb5fa0 RCX: 00007f16f3d8e929 [ 314.526074][T10235] RDX: 0000000000000000 RSI: 000000008008700b RDI: 0000000000000005 [ 314.526086][T10235] RBP: 00007f16f4cbe090 R08: 0000000000000000 R09: 0000000000000000 [ 314.526099][T10235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 314.526112][T10235] R13: 0000000000000000 R14: 00007f16f3fb5fa0 R15: 00007ffe01c3d728 [ 314.526140][T10235] [ 314.996591][ C1] vkms_vblank_simulate: vblank timer overrun [ 315.592958][T10255] FAULT_INJECTION: forcing a failure. [ 315.592958][T10255] name failslab, interval 1, probability 0, space 0, times 0 [ 315.611010][T10255] CPU: 1 UID: 0 PID: 10255 Comm: syz.1.975 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 315.611053][T10255] Tainted: [U]=USER [ 315.611061][T10255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 315.611075][T10255] Call Trace: [ 315.611083][T10255] [ 315.611093][T10255] dump_stack_lvl+0x16c/0x1f0 [ 315.611135][T10255] should_fail_ex+0x512/0x640 [ 315.611179][T10255] ? __kmalloc_noprof+0xbf/0x510 [ 315.611228][T10255] ? xfrm_hash_alloc+0xd1/0x100 [ 315.611295][T10255] should_failslab+0xc2/0x120 [ 315.611324][T10255] __kmalloc_noprof+0xd2/0x510 [ 315.611363][T10255] ? xfrm_nat_keepalive_net_fini+0x21/0x30 [ 315.611399][T10255] xfrm_hash_alloc+0xd1/0x100 [ 315.611437][T10255] xfrm_state_init+0x11e/0x630 [ 315.611478][T10255] ? __pfx_xfrm_net_init+0x10/0x10 [ 315.611515][T10255] xfrm_net_init+0x210/0xcc0 [ 315.611560][T10255] ? __pfx_xfrm_net_init+0x10/0x10 [ 315.611599][T10255] ops_init+0x1df/0x5f0 [ 315.611629][T10255] setup_net+0x1ff/0x510 [ 315.611654][T10255] ? lockdep_init_map_type+0x5c/0x280 [ 315.611691][T10255] ? __pfx_setup_net+0x10/0x10 [ 315.611719][T10255] ? debug_mutex_init+0x37/0x70 [ 315.611747][T10255] copy_net_ns+0x2a6/0x5f0 [ 315.611776][T10255] create_new_namespaces+0x3ea/0xa90 [ 315.611809][T10255] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 315.611840][T10255] ksys_unshare+0x45b/0xa40 [ 315.611873][T10255] ? __pfx_ksys_unshare+0x10/0x10 [ 315.611908][T10255] ? xfd_validate_state+0x61/0x180 [ 315.611952][T10255] __x64_sys_unshare+0x31/0x40 [ 315.611984][T10255] do_syscall_64+0xcd/0x490 [ 315.612010][T10255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.612037][T10255] RIP: 0033:0x7fec9798e929 [ 315.612059][T10255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.612085][T10255] RSP: 002b:00007fec98801038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 315.612112][T10255] RAX: ffffffffffffffda RBX: 00007fec97bb5fa0 RCX: 00007fec9798e929 [ 315.612130][T10255] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 315.612148][T10255] RBP: 00007fec97a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 315.612165][T10255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 315.612182][T10255] R13: 0000000000000000 R14: 00007fec97bb5fa0 R15: 00007ffea18bdfa8 [ 315.612228][T10255] [ 315.853260][ C1] vkms_vblank_simulate: vblank timer overrun [ 316.037523][T10259] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 316.071284][T10259] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 316.111764][T10259] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 316.118008][T10259] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 316.248871][T10266] aoe: copy from user failed [ 316.253517][T10266] aoe: could not set interface list: too many interfaces [ 316.713799][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.720176][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.760504][T10272] netlink: 8 bytes leftover after parsing attributes in process `syz.2.979'. [ 317.312454][ T5848] udevd[5848]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 318.045357][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout [ 318.129571][ T5154] Bluetooth: hci3: command 0x0c1a tx timeout [ 318.129587][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 318.129626][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 318.395844][T10311] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 318.403698][T10311] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 318.415113][T10311] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 318.428369][T10311] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 318.506120][T10321] aoe: copy from user failed [ 318.519233][T10321] aoe: could not set interface list: too many interfaces [ 318.635664][T10324] netlink: 48 bytes leftover after parsing attributes in process `syz.3.991'. [ 319.213524][T10335] netlink: 28 bytes leftover after parsing attributes in process `syz.2.995'. [ 319.381311][T10345] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 319.389591][T10335] bridge_slave_1: left allmulticast mode [ 319.399899][T10335] bridge_slave_1: left promiscuous mode [ 319.469134][T10335] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.487154][T10344] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 319.512161][T10335] bridge_slave_0: left allmulticast mode [ 319.532446][T10335] bridge_slave_0: left promiscuous mode [ 319.552098][T10335] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.433204][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 320.433722][ T5844] Bluetooth: hci1: command 0x0c1a tx timeout [ 320.439309][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 320.445325][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout [ 320.613242][T10374] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 320.647444][T10358] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 320.655331][T10358] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 320.662744][T10358] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 320.677831][T10358] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 321.832180][T10401] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 322.025643][T10406] FAULT_INJECTION: forcing a failure. [ 322.025643][T10406] name failslab, interval 1, probability 0, space 0, times 0 [ 322.071987][T10406] CPU: 1 UID: 0 PID: 10406 Comm: syz.3.1011 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 322.072032][T10406] Tainted: [U]=USER [ 322.072041][T10406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 322.072060][T10406] Call Trace: [ 322.072068][T10406] [ 322.072077][T10406] dump_stack_lvl+0x16c/0x1f0 [ 322.072127][T10406] should_fail_ex+0x512/0x640 [ 322.072162][T10406] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 322.072199][T10406] should_failslab+0xc2/0x120 [ 322.072224][T10406] __kmalloc_cache_noprof+0x6a/0x3e0 [ 322.072255][T10406] ? alloc_fs_context+0x57/0x9c0 [ 322.072297][T10406] alloc_fs_context+0x57/0x9c0 [ 322.072341][T10406] mq_init_ns+0x172/0x620 [ 322.072373][T10406] copy_ipcs+0x383/0x610 [ 322.072399][T10406] ? copy_utsname+0xab/0x470 [ 322.072437][T10406] create_new_namespaces+0x20a/0xa90 [ 322.072467][T10406] ? security_capable+0x7e/0x260 [ 322.072495][T10406] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 322.072525][T10406] ksys_unshare+0x45b/0xa40 [ 322.072560][T10406] ? __pfx_ksys_unshare+0x10/0x10 [ 322.072594][T10406] ? xfd_validate_state+0x61/0x180 [ 322.072639][T10406] __x64_sys_unshare+0x31/0x40 [ 322.072673][T10406] do_syscall_64+0xcd/0x490 [ 322.072701][T10406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.072724][T10406] RIP: 0033:0x7f90b418e929 [ 322.072742][T10406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.072766][T10406] RSP: 002b:00007f90b4f72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 322.072789][T10406] RAX: ffffffffffffffda RBX: 00007f90b43b6080 RCX: 00007f90b418e929 [ 322.072805][T10406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 322.072820][T10406] RBP: 00007f90b4210b39 R08: 0000000000000000 R09: 0000000000000000 [ 322.072836][T10406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.072851][T10406] R13: 0000000000000000 R14: 00007f90b43b6080 R15: 00007fff1b3b5328 [ 322.072885][T10406] [ 322.285649][T10386] Process accounting paused [ 322.566593][T10411] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 322.613381][T10411] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 322.648760][T10411] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 322.712209][T10411] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 322.930960][T10433] aoe: copy from user failed [ 322.935659][T10433] aoe: could not set interface list: too many interfaces [ 323.941861][T10443] binder: 10442:10443 ioctl 600003 8 returned -22 [ 324.212635][T10455] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1022'. [ 324.571233][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 324.651672][ T5844] Bluetooth: hci1: command 0x0c1a tx timeout [ 324.657750][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 324.730404][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout [ 325.411186][T10474] netlink: set zone limit has 8 unknown bytes [ 325.880759][T10489] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 326.180993][T10490] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 328.045498][T10509] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 328.076745][T10509] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 328.093282][T10509] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 328.099598][T10509] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 329.257905][T10539] aoe: copy from user failed [ 329.271479][T10539] aoe: could not set interface list: too many interfaces [ 329.391308][T10542] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 329.576377][T10546] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 329.733734][T10535] binder: 10534:10535 ioctl 600003 8 returned -22 syzkaller syzkaller login: [ 330.072770][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 330.142846][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout [ 330.149527][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout [ 330.155490][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 330.528620][T10559] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 331.129110][T10572] aoe: copy from user failed [ 331.133729][T10572] aoe: could not set interface list: too many interfaces [ 331.491994][T10583] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 331.638650][T10586] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 syzkaller syzkaller login: [ 333.565190][T10609] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 333.589998][T10612] aoe: copy from user failed [ 333.594688][T10612] aoe: could not set interface list: too many interfaces [ 334.609829][T10632] FAULT_INJECTION: forcing a failure. [ 334.609829][T10632] name failslab, interval 1, probability 0, space 0, times 0 [ 334.686947][T10632] CPU: 0 UID: 0 PID: 10632 Comm: syz.0.1058 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 334.686975][T10632] Tainted: [U]=USER [ 334.686980][T10632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 334.686989][T10632] Call Trace: [ 334.686994][T10632] [ 334.687000][T10632] dump_stack_lvl+0x16c/0x1f0 [ 334.687026][T10632] should_fail_ex+0x512/0x640 [ 334.687046][T10632] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 334.687067][T10632] should_failslab+0xc2/0x120 [ 334.687080][T10632] __kmalloc_cache_noprof+0x6a/0x3e0 [ 334.687098][T10632] ? alloc_fs_context+0x57/0x9c0 [ 334.687123][T10632] alloc_fs_context+0x57/0x9c0 [ 334.687147][T10632] mq_init_ns+0x172/0x620 [ 334.687164][T10632] copy_ipcs+0x383/0x610 [ 334.687177][T10632] ? copy_utsname+0xab/0x470 [ 334.687197][T10632] create_new_namespaces+0x20a/0xa90 [ 334.687213][T10632] ? security_capable+0x7e/0x260 [ 334.687228][T10632] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 334.687245][T10632] ksys_unshare+0x45b/0xa40 [ 334.687264][T10632] ? __pfx_ksys_unshare+0x10/0x10 [ 334.687289][T10632] ? xfd_validate_state+0x61/0x180 [ 334.687311][T10632] __x64_sys_unshare+0x31/0x40 [ 334.687327][T10632] do_syscall_64+0xcd/0x490 [ 334.687341][T10632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.687356][T10632] RIP: 0033:0x7f639cf8e929 [ 334.687367][T10632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.687381][T10632] RSP: 002b:00007f639ddc2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 334.687395][T10632] RAX: ffffffffffffffda RBX: 00007f639d1b6080 RCX: 00007f639cf8e929 [ 334.687405][T10632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 334.687414][T10632] RBP: 00007f639d010b39 R08: 0000000000000000 R09: 0000000000000000 [ 334.687422][T10632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 334.687431][T10632] R13: 0000000000000000 R14: 00007f639d1b6080 R15: 00007ffc5b65f598 [ 334.687448][T10632] [ 335.126034][T10635] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 335.325396][T10644] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 335.471668][T10645] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 syzkaller syzkaller login: [ 335.916843][T10658] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1066'. [ 336.101841][T10660] netlink: zone id is out of range [ 336.107013][T10660] netlink: zone id is out of range [ 336.259594][T10660] netlink: zone id is out of range [ 336.459563][T10660] netlink: zone id is out of range [ 336.540734][T10660] netlink: zone id is out of range [ 336.559330][T10660] netlink: zone id is out of range [ 336.600580][T10660] netlink: zone id is out of range [ 336.605842][T10660] netlink: zone id is out of range [ 336.641624][T10660] netlink: zone id is out of range [ 336.664962][T10660] netlink: zone id is out of range [ 337.228958][T10681] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1078'. [ 337.261648][T10679] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 337.261874][T10679] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 337.262037][T10679] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 337.262222][T10679] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 337.274986][T10681] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1078'. [ 337.282570][T10685] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 338.027958][T10699] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1073'. [ 338.361368][T10707] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 338.764234][ T5848] udevd[5848]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 339.112027][T10719] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 339.314542][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 339.320635][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 339.327042][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 339.327096][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout syzkaller syzkaller login: [ 339.684776][T10730] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 340.050452][T10737] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 340.677811][T10749] aoe: copy from user failed [ 340.682461][T10749] aoe: could not set interface list: too many interfaces [ 340.703490][T10744] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 340.760774][T10744] vivid-007: ================= START STATUS ================= [ 340.777104][T10744] vivid-007: Generate PTS: true [ 340.793718][T10744] vivid-007: Generate SCR: true [ 340.817956][T10744] tpg source WxH: 320x240 (Y'CbCr) [ 340.823088][T10744] tpg field: 1 [ 340.826445][T10744] tpg crop: (0,0)/320x240 [ 340.838124][T10744] tpg compose: (0,0)/320x240 [ 340.869204][T10744] tpg colorspace: 8 [ 340.875211][T10744] tpg transfer function: 0/0 [ 340.899025][T10744] tpg Y'CbCr encoding: 0/0 [ 340.914478][T10744] tpg quantization: 0/0 [ 340.929994][T10744] tpg RGB range: 0/2 [ 340.937373][T10744] vivid-007: ================== END STATUS ================== [ 341.048972][T10753] [U]  [ 341.051833][T10753] [U] [ 341.054556][T10753] [U] [ 341.057280][T10753] [U] [ 341.064720][T10753] [U] [ 341.067465][T10753] [U] [ 341.070187][T10753] [U] [ 341.072907][T10753] [U] [ 341.079568][T10753] [U] [ 341.082310][T10753] [U] [ 341.085034][T10753] [U] [ 341.087777][T10753] [U] [ 341.091587][T10753] [U] [ 341.094323][T10753] [U] [ 341.097051][T10753] [U] [ 341.099776][T10753] [U] [ 341.103814][T10753] [U] [ 341.106550][T10753] [U] [ 341.109250][T10753] [U] [ 341.111944][T10753] [U] [ 341.127029][T10753] [U] [ 341.129791][T10753] [U] [ 341.132517][T10753] [U] [ 341.135242][T10753] [U] [ 341.166697][T10754] [U] [ 341.362985][T10753] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1087'. [ 341.411196][T10753] debugfs: Directory '!PjE r҄y*"l-y–L̓' with parent 'ieee80211' already present! [ 341.679576][T10765] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 syzkaller syzkaller login: [ 342.624798][T10785] binder: 10784:10785 ioctl 600003 3 returned -22 [ 342.687456][T10785] binder: 10784:10785 ioctl c0306201 2000000000c0 returned -14 [ 343.302722][T10799] FAULT_INJECTION: forcing a failure. [ 343.302722][T10799] name failslab, interval 1, probability 0, space 0, times 0 [ 343.349492][T10788] binder: 10787:10788 ioctl 600003 8 returned -22 [ 343.381920][T10799] CPU: 0 UID: 0 PID: 10799 Comm: syz.0.1097 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 343.381963][T10799] Tainted: [U]=USER [ 343.381971][T10799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 343.381985][T10799] Call Trace: [ 343.381994][T10799] [ 343.382003][T10799] dump_stack_lvl+0x16c/0x1f0 [ 343.382047][T10799] should_fail_ex+0x512/0x640 [ 343.382083][T10799] ? fs_reclaim_acquire+0xae/0x150 [ 343.382116][T10799] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 343.382151][T10799] should_failslab+0xc2/0x120 [ 343.382175][T10799] __kmalloc_noprof+0xd2/0x510 [ 343.382218][T10799] tomoyo_realpath_from_path+0xc2/0x6e0 [ 343.382256][T10799] ? tomoyo_profile+0x47/0x60 [ 343.382292][T10799] tomoyo_path_number_perm+0x245/0x580 [ 343.382314][T10799] ? tomoyo_path_number_perm+0x237/0x580 [ 343.382347][T10799] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 343.382380][T10799] ? find_held_lock+0x2b/0x80 [ 343.382437][T10799] ? find_held_lock+0x2b/0x80 [ 343.382458][T10799] ? hook_file_ioctl_common+0x145/0x410 [ 343.382482][T10799] ? __fget_files+0x20e/0x3c0 [ 343.382503][T10799] security_file_ioctl+0x9b/0x240 [ 343.382522][T10799] __x64_sys_ioctl+0xb7/0x210 [ 343.382547][T10799] do_syscall_64+0xcd/0x490 [ 343.382562][T10799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.382576][T10799] RIP: 0033:0x7f639cf8e929 [ 343.382591][T10799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 343.382604][T10799] RSP: 002b:00007f639ddc2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 343.382618][T10799] RAX: ffffffffffffffda RBX: 00007f639d1b6080 RCX: 00007f639cf8e929 [ 343.382627][T10799] RDX: 0000000000000004 RSI: 0000000040106f52 RDI: 0000000000000003 [ 343.382636][T10799] RBP: 00007f639ddc2090 R08: 0000000000000000 R09: 0000000000000000 [ 343.382644][T10799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 343.382652][T10799] R13: 0000000000000000 R14: 00007f639d1b6080 R15: 00007ffc5b65f598 [ 343.382670][T10799] [ 343.382677][T10799] ERROR: Out of memory at tomoyo_realpath_from_path. [ 343.606496][T10799] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 343.812556][T10803] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 343.850121][T10803] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 343.891396][T10803] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 343.908265][T10803] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 344.114092][T10818] aoe: copy from user failed [ 344.133365][T10818] aoe: could not set interface list: too many interfaces [ 344.151127][T10813] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 344.172027][T10820] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 345.303086][T10841] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 345.364041][T10845] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 345.821020][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 345.910973][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 345.910998][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout [ 345.911011][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 345.993147][T10851] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 346.537322][T10864] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 346.796540][T10862] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 346.802862][T10862] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 346.810185][T10862] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 346.821559][T10862] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 347.640644][T10889] aoe: copy from user failed [ 347.645911][T10889] aoe: could not set interface list: too many interfaces [ 348.195646][T10899] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 348.424448][T10909] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 348.778842][T10919] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 348.835873][T10913] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 348.844242][T10913] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 348.850476][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 348.850486][ T5154] Bluetooth: hci3: command 0x0c1a tx timeout [ 348.875526][T10913] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 348.881674][T10913] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 350.116998][T10937] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 350.328557][T10943] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 350.786983][T10959] aoe: copy from user failed [ 350.791599][T10959] aoe: could not set interface list: too many interfaces [ 350.835237][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 350.914367][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 350.920527][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout [ 350.926703][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 351.356982][T10966] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1129'. [ 351.456713][T10967] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 352.604320][T10985] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 353.163556][T10981] Process accounting resumed [ 353.387831][T11003] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 353.426823][T11004] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 353.625364][T11008] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1136'. [ 354.288457][T11019] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 354.373553][T11014] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 354.408342][T11014] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 354.433336][T11014] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 354.461610][T11014] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 355.012282][T11029] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 355.070992][T11032] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 355.431041][T11041] aoe: copy from user failed [ 355.445617][T11041] aoe: could not set interface list: too many interfaces syzkaller syzkaller login: [ 356.309325][T11052] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 356.405892][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 356.405900][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout [ 356.497893][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 356.504550][ T5154] Bluetooth: hci3: command 0x0c1a tx timeout [ 356.520444][T11060] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 357.632102][T11075] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 357.877283][T11081] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 358.698153][T11097] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 359.441343][T11095] mkiss: ax0: crc mode is auto. syzkaller syzkaller login: [ 359.784486][T11110] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 360.005514][T11109] binder: 11108:11109 ioctl 600003 8 returned -22 [ 360.078455][T11117] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 360.761862][T11131] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 360.935978][T11130] nvme_fabrics: missing parameter 'transport=%s' [ 360.944317][T11130] nvme_fabrics: missing parameter 'nqn=%s' [ 360.968166][T11135] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 361.024648][T11139] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 361.042485][T11139] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 361.046261][T11142] .SR: entered promiscuous mode [ 361.054803][T11139] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 361.067586][T11139] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 361.193254][T11142] Invalid ELF header magic: != ELF [ 361.564198][T11142] could not allocate digest TFM handle [ 361.595335][T11156] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 361.690343][T11145] could not allocate digest TFM handle [ 361.800191][T11161] FAULT_INJECTION: forcing a failure. [ 361.800191][T11161] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 361.837804][T11161] CPU: 1 UID: 0 PID: 11161 Comm: syz.0.1167 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 361.837848][T11161] Tainted: [U]=USER [ 361.837857][T11161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 361.837871][T11161] Call Trace: [ 361.837880][T11161] [ 361.837889][T11161] dump_stack_lvl+0x16c/0x1f0 [ 361.837932][T11161] should_fail_ex+0x512/0x640 [ 361.837974][T11161] _copy_from_iter+0x29f/0x16f0 [ 361.838028][T11161] ? __pfx__copy_from_iter+0x10/0x10 [ 361.838074][T11161] ? __pfx___might_resched+0x10/0x10 [ 361.838110][T11161] file_tty_write.constprop.0+0x488/0x9b0 [ 361.838159][T11161] vfs_write+0x6c7/0x1150 [ 361.838194][T11161] ? __pfx_tty_write+0x10/0x10 [ 361.838234][T11161] ? __pfx_vfs_write+0x10/0x10 [ 361.838264][T11161] ? find_held_lock+0x2b/0x80 [ 361.838315][T11161] ksys_write+0x12a/0x250 [ 361.838348][T11161] ? __pfx_ksys_write+0x10/0x10 [ 361.838393][T11161] do_syscall_64+0xcd/0x490 [ 361.838420][T11161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.838444][T11161] RIP: 0033:0x7f639cf8e929 [ 361.838463][T11161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.838485][T11161] RSP: 002b:00007f639dda1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 361.838507][T11161] RAX: ffffffffffffffda RBX: 00007f639d1b6160 RCX: 00007f639cf8e929 [ 361.838524][T11161] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 361.838538][T11161] RBP: 00007f639dda1090 R08: 0000000000000000 R09: 0000000000000000 [ 361.838553][T11161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 361.838569][T11161] R13: 0000000000000001 R14: 00007f639d1b6160 R15: 00007ffc5b65f598 [ 361.838604][T11161] [ 362.151899][T11169] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 362.341680][T11174] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 363.088606][T11187] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1174'. [ 363.098310][ T5154] Bluetooth: hci3: command 0x0c1a tx timeout [ 363.098837][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 363.104417][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 363.104462][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 363.124385][T11187] netlink: 'syz.1.1174': attribute type 22 has an invalid length. [ 363.135509][T11187] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1174'. [ 363.394544][T11196] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 363.668757][T11206] aoe: copy from user failed [ 363.702483][T11206] aoe: could not set interface list: too many interfaces [ 363.839912][T11201] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 363.937621][T11213] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1179'. [ 364.866909][T11222] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 365.145336][T11226] binder: 11225:11226 ioctl 600003 8 returned -22 [ 365.409493][T11233] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 365.871062][T11241] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 365.947127][T11246] snd_aloop snd_aloop.0: control 1:6:-2147483645:_heR:0 is already present [ 366.191070][T11254] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 syzkaller syzkaller login: [ 366.309136][ T5838] Bluetooth: hci3: unexpected subevent 0x19 length: 252 > 28 [ 366.317719][ T5838] Bluetooth: hci3: Unable to find connection with handle 0xc3d2 [ 366.910581][T11265] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 367.423950][T11273] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1192'. [ 367.753540][T11278] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 367.769695][T11283] snd_aloop snd_aloop.0: Parsing timer source 'wdƬJz' failed with -22 [ 368.944236][T11300] ================================================================== [ 368.952339][T11300] BUG: KASAN: slab-out-of-bounds in afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 368.961030][T11300] Read of size 1 at addr ffff8880790b8647 by task syz.1.1197/11300 [ 368.968919][T11300] [ 368.971244][T11300] CPU: 0 UID: 0 PID: 11300 Comm: syz.1.1197 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 368.971280][T11300] Tainted: [U]=USER [ 368.971288][T11300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 368.971301][T11300] Call Trace: [ 368.971309][T11300] [ 368.971318][T11300] dump_stack_lvl+0x116/0x1f0 [ 368.971359][T11300] print_report+0xcd/0x680 [ 368.971392][T11300] ? __virt_addr_valid+0x81/0x610 [ 368.971414][T11300] ? __phys_addr+0xe8/0x180 [ 368.971436][T11300] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 368.971463][T11300] kasan_report+0xe0/0x110 [ 368.971483][T11300] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 368.971510][T11300] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 368.971533][T11300] ? __lock_acquire+0xb8a/0x1c90 [ 368.971565][T11300] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 368.971590][T11300] ? find_held_lock+0x2b/0x80 [ 368.971609][T11300] ? __might_fault+0xe3/0x190 [ 368.971638][T11300] ? __might_fault+0xe3/0x190 [ 368.971665][T11300] ? __might_fault+0x13b/0x190 [ 368.971699][T11300] ? proc_simple_write+0x114/0x1b0 [ 368.971721][T11300] proc_simple_write+0x114/0x1b0 [ 368.971742][T11300] ? __pfx_proc_simple_write+0x10/0x10 [ 368.971763][T11300] proc_reg_write+0x240/0x330 [ 368.971794][T11300] ? __pfx_proc_reg_write+0x10/0x10 [ 368.971821][T11300] vfs_writev+0x5dc/0xde0 [ 368.971847][T11300] ? __pfx___mutex_trylock_common+0x10/0x10 [ 368.971879][T11300] ? __pfx_vfs_writev+0x10/0x10 [ 368.971905][T11300] ? __mutex_lock+0x1ca/0xb90 [ 368.971923][T11300] ? kmem_cache_free+0x2d1/0x4d0 [ 368.971954][T11300] ? __pfx___mutex_lock+0x10/0x10 [ 368.971978][T11300] ? __fget_files+0x20e/0x3c0 [ 368.972008][T11300] ? do_writev+0x132/0x340 [ 368.972033][T11300] do_writev+0x132/0x340 [ 368.972058][T11300] ? __pfx_do_writev+0x10/0x10 [ 368.972088][T11300] do_syscall_64+0xcd/0x490 [ 368.972108][T11300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.972131][T11300] RIP: 0033:0x7fec9798e929 [ 368.972148][T11300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.972170][T11300] RSP: 002b:00007fec98801038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 368.972190][T11300] RAX: ffffffffffffffda RBX: 00007fec97bb5fa0 RCX: 00007fec9798e929 [ 368.972205][T11300] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000005 [ 368.972219][T11300] RBP: 00007fec97a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 368.972233][T11300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 368.972247][T11300] R13: 0000000000000000 R14: 00007fec97bb5fa0 R15: 00007ffea18bdfa8 [ 368.972269][T11300] [ 368.972276][T11300] [ 369.236786][T11300] Allocated by task 11300: [ 369.241193][T11300] kasan_save_stack+0x33/0x60 [ 369.245878][T11300] kasan_save_track+0x14/0x30 [ 369.250562][T11300] __kasan_kmalloc+0xaa/0xb0 [ 369.255155][T11300] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 369.261575][T11300] memdup_user_nul+0x2b/0x120 [ 369.266250][T11300] proc_simple_write+0xc7/0x1b0 [ 369.271100][T11300] proc_reg_write+0x240/0x330 [ 369.275783][T11300] vfs_writev+0x5dc/0xde0 [ 369.280114][T11300] do_writev+0x132/0x340 [ 369.284359][T11300] do_syscall_64+0xcd/0x490 [ 369.288857][T11300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.294752][T11300] [ 369.297069][T11300] The buggy address belongs to the object at ffff8880790b8640 [ 369.297069][T11300] which belongs to the cache kmalloc-8 of size 8 [ 369.310773][T11300] The buggy address is located 0 bytes to the right of [ 369.310773][T11300] allocated 7-byte region [ffff8880790b8640, ffff8880790b8647) [ 369.325090][T11300] [ 369.327404][T11300] The buggy address belongs to the physical page: [ 369.333804][T11300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x790b8 [ 369.342562][T11300] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 369.349666][T11300] page_type: f5(slab) [ 369.353646][T11300] raw: 00fff00000000000 ffff88801b841500 dead000000000100 dead000000000122 [ 369.362229][T11300] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 369.370830][T11300] page dumped because: kasan: bad access detected [ 369.377253][T11300] page_owner tracks the page as allocated [ 369.382964][T11300] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5834, tgid 5834 (syz-executor), ts 237897324389, free_ts 237897312190 [ 369.402424][T11300] post_alloc_hook+0x1c0/0x230 [ 369.407208][T11300] get_page_from_freelist+0x1321/0x3890 [ 369.412765][T11300] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 369.418665][T11300] alloc_pages_mpol+0x1fb/0x550 [ 369.423526][T11300] new_slab+0x23b/0x330 [ 369.427692][T11300] ___slab_alloc+0xd9c/0x1940 [ 369.432377][T11300] __slab_alloc.constprop.0+0x56/0xb0 [ 369.437785][T11300] __kmalloc_node_noprof+0x2ed/0x500 [ 369.443101][T11300] __vmalloc_node_range_noprof+0x3e5/0x14b0 [ 369.449011][T11300] __vmalloc_node_noprof+0xad/0xf0 [ 369.454133][T11300] do_ip6t_get_ctl+0x63f/0xa50 [ 369.458903][T11300] nf_getsockopt+0x79/0xe0 [ 369.463321][T11300] ipv6_getsockopt+0x1f7/0x280 [ 369.468094][T11300] tcp_getsockopt+0xa1/0x100 [ 369.472696][T11300] do_sock_getsockopt+0x3ff/0x800 [ 369.477728][T11300] __sys_getsockopt+0x123/0x1b0 [ 369.482598][T11300] page last free pid 5834 tgid 5834 stack trace: [ 369.488914][T11300] __free_frozen_pages+0x7fe/0x1180 [ 369.494116][T11300] kasan_populate_vmalloc+0x13d/0x1f0 [ 369.499494][T11300] alloc_vmap_area+0x959/0x29c0 [ 369.504342][T11300] __get_vm_area_node+0x1ca/0x330 [ 369.509367][T11300] __vmalloc_node_range_noprof+0x271/0x14b0 [ 369.515265][T11300] __vmalloc_node_noprof+0xad/0xf0 [ 369.520378][T11300] do_ip6t_get_ctl+0x63f/0xa50 [ 369.525143][T11300] nf_getsockopt+0x79/0xe0 [ 369.529560][T11300] ipv6_getsockopt+0x1f7/0x280 [ 369.534322][T11300] tcp_getsockopt+0xa1/0x100 [ 369.538908][T11300] do_sock_getsockopt+0x3ff/0x800 [ 369.543938][T11300] __sys_getsockopt+0x123/0x1b0 [ 369.548796][T11300] __x64_sys_getsockopt+0xbd/0x160 [ 369.553929][T11300] do_syscall_64+0xcd/0x490 [ 369.558444][T11300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.564360][T11300] [ 369.566680][T11300] Memory state around the buggy address: [ 369.572317][T11300] ffff8880790b8500: fa fc fc fc 05 fc fc fc fa fc fc fc 06 fc fc fc [ 369.580391][T11300] ffff8880790b8580: fa fc fc fc 05 fc fc fc fa fc fc fc fa fc fc fc [ 369.588459][T11300] >ffff8880790b8600: 05 fc fc fc fa fc fc fc 07 fc fc fc 05 fc fc fc [ 369.596515][T11300] ^ [ 369.602662][T11300] ffff8880790b8680: fa fc fc fc fa fc fc fc fa fc fc fc 05 fc fc fc [ 369.610726][T11300] ffff8880790b8700: 05 fc fc fc fa fc fc fc 07 fc fc fc 05 fc fc fc [ 369.618783][T11300] ================================================================== [ 369.713866][T11300] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 369.721091][T11300] CPU: 0 UID: 0 PID: 11300 Comm: syz.1.1197 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 369.734712][T11300] Tainted: [U]=USER [ 369.738500][T11300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 369.748542][T11300] Call Trace: [ 369.751810][T11300] [ 369.754725][T11300] dump_stack_lvl+0x3d/0x1f0 [ 369.759315][T11300] panic+0x71c/0x800 [ 369.763200][T11300] ? __pfx_panic+0x10/0x10 [ 369.767620][T11300] ? mark_held_locks+0x49/0x80 [ 369.772434][T11300] ? preempt_schedule_thunk+0x16/0x30 [ 369.777827][T11300] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 369.783809][T11300] ? preempt_schedule_common+0x44/0xc0 [ 369.789280][T11300] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 369.795723][T11300] check_panic_on_warn+0xab/0xb0 [ 369.800707][T11300] end_report+0x107/0x170 [ 369.805175][T11300] kasan_report+0xee/0x110 [ 369.809620][T11300] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 369.815635][T11300] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 369.821470][T11300] ? __lock_acquire+0xb8a/0x1c90 [ 369.826430][T11300] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 369.832590][T11300] ? find_held_lock+0x2b/0x80 [ 369.837269][T11300] ? __might_fault+0xe3/0x190 [ 369.841958][T11300] ? __might_fault+0xe3/0x190 [ 369.846642][T11300] ? __might_fault+0x13b/0x190 [ 369.851424][T11300] ? proc_simple_write+0x114/0x1b0 [ 369.856541][T11300] proc_simple_write+0x114/0x1b0 [ 369.861481][T11300] ? __pfx_proc_simple_write+0x10/0x10 [ 369.866943][T11300] proc_reg_write+0x240/0x330 [ 369.871647][T11300] ? __pfx_proc_reg_write+0x10/0x10 [ 369.876882][T11300] vfs_writev+0x5dc/0xde0 [ 369.881220][T11300] ? __pfx___mutex_trylock_common+0x10/0x10 [ 369.887127][T11300] ? __pfx_vfs_writev+0x10/0x10 [ 369.891998][T11300] ? __mutex_lock+0x1ca/0xb90 [ 369.896677][T11300] ? kmem_cache_free+0x2d1/0x4d0 [ 369.901637][T11300] ? __pfx___mutex_lock+0x10/0x10 [ 369.906676][T11300] ? __fget_files+0x20e/0x3c0 [ 369.911376][T11300] ? do_writev+0x132/0x340 [ 369.915798][T11300] do_writev+0x132/0x340 [ 369.920047][T11300] ? __pfx_do_writev+0x10/0x10 [ 369.924823][T11300] do_syscall_64+0xcd/0x490 [ 369.929329][T11300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.935226][T11300] RIP: 0033:0x7fec9798e929 [ 369.939646][T11300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.959260][T11300] RSP: 002b:00007fec98801038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 369.967684][T11300] RAX: ffffffffffffffda RBX: 00007fec97bb5fa0 RCX: 00007fec9798e929 [ 369.975661][T11300] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000005 [ 369.983637][T11300] RBP: 00007fec97a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 369.991616][T11300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 369.999586][T11300] R13: 0000000000000000 R14: 00007fec97bb5fa0 R15: 00007ffea18bdfa8 [ 370.007567][T11300] [ 370.010842][T11300] Kernel Offset: disabled [ 370.015155][T11300] Rebooting in 86400 seconds..