last executing test programs: 12m42.237909726s ago: executing program 2 (id=470): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xfffffffd, 0x401bf, 0x7, 0x3c, 0x65f, 0x1ffde, 0x5, 0x3, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb2, 0x80000000009, 0x6, 0xdec3, 0xb, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x185c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0xd) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf25030000000600070008000000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060006004000000006000600070000000a00"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x44801) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 12m41.95246138s ago: executing program 2 (id=471): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0xffffffffffff0001, 0x15) setgroups$auto(0xe32, 0x0) 12m41.18541768s ago: executing program 2 (id=476): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/mnt\x00') 12m40.596911947s ago: executing program 2 (id=478): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 12m39.944749075s ago: executing program 2 (id=480): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_allowed_congestion_control\x00', 0x0, 0x0) socket(0x2, 0x1, 0x0) sysfs$auto(0x2, 0x0, 0x0) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_wakeup_sources_stats_fops_wakeup(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) pread64$auto(r0, 0x0, 0x8001, 0x1964) 12m39.137687554s ago: executing program 2 (id=490): socket(0x11, 0x80003, 0x300) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/039/001\x00', 0x0, 0x0) mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) clone$auto(0x3, 0x10001, 0x0, 0x0, 0x9) mincore$auto(0x1000, 0x8001, 0x0) socketpair$auto(0xffffffff, 0x5, 0x8000000000000000, 0x0) request_key$auto(0x0, 0x0, 0x0, 0xfffffffd) keyctl$auto(0x12, 0x102000000010001, 0x7f, 0x200, 0x3) 12m38.810272582s ago: executing program 32 (id=490): socket(0x11, 0x80003, 0x300) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/039/001\x00', 0x0, 0x0) mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) clone$auto(0x3, 0x10001, 0x0, 0x0, 0x9) mincore$auto(0x1000, 0x8001, 0x0) socketpair$auto(0xffffffff, 0x5, 0x8000000000000000, 0x0) request_key$auto(0x0, 0x0, 0x0, 0xfffffffd) keyctl$auto(0x12, 0x102000000010001, 0x7f, 0x200, 0x3) 11m2.704646762s ago: executing program 0 (id=1048): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x0, 0x5, 0x0) inotify_init1$auto(0x800) io_uring_setup$auto(0x4, 0x0) open(0x0, 0x12b2c0, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x400, 0x0) ioctl$auto(0x3, 0x80286f4e, r0) 11m1.708646418s ago: executing program 0 (id=1054): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) mmap$auto(0x0, 0x400004, 0x7, 0x8000000009b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_CEC_DQEVENT(0xffffffffffffffff, 0xc0506107, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0x8, 0x1, 0x948b, 0x8003, 0x15f4da0d, 0x3, 0x3, 0x262, 0x8000001e, 0x7, 0x6d3e, 0xc, 0x2, 0x5]}, 0x0) 11m0.52106038s ago: executing program 0 (id=1061): mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x802, 0x1) socket(0x2, 0x5, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x8925, 0x0) 10m59.639718388s ago: executing program 0 (id=1067): set_mempolicy$auto(0x6, 0x0, 0x4) mmap$auto(0x1, 0x202000b, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = accept$auto(0xffffffffffffffff, &(0x7f00000001c0)=@xdp={0x2c, 0x3, 0x0, 0x16}, &(0x7f0000000200)=0x6) ioctl$auto_TCFLSH2(r1, 0x540b, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/ib_srp/parameters/fast_io_fail_tmo\x00', 0x22000, 0x0) setsockopt$auto(0x3, 0x0, 0x2b, 0xfffffffffffffffc, 0x70) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000000c0)=""/48, 0x30) 10m59.203838924s ago: executing program 0 (id=1071): mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x100000000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 10m58.986339718s ago: executing program 0 (id=1072): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_TIPC_NL_PEER_REMOVE(r1, &(0x7f00000110c0)={0x0, 0x0, &(0x7f0000011080)={&(0x7f000000e000)={0x18, r2, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x104}, 0x40) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) 10m43.834476298s ago: executing program 33 (id=1072): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_TIPC_NL_PEER_REMOVE(r1, &(0x7f00000110c0)={0x0, 0x0, &(0x7f0000011080)={&(0x7f000000e000)={0x18, r2, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x104}, 0x40) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) 9.200372127s ago: executing program 5 (id=4853): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/dummy_hcd.2/usb3/authorized\x00', 0x81, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x9, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x5, 0x40, 0x76c5, 0x8, 0x100000000}}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1e0027"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x20044000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) write$auto(r0, &(0x7f0000000080)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0x48da548d) newfstatat$auto(0xffffffffffffff9c, 0x0, &(0x7f00000001c0)={0x10000, 0x1, 0x3, 0x5, 0xee01, 0xee00, 0x0, 0x8, 0x8001, 0x43, 0x0, 0x26e2de87, 0xa, 0x9, 0x5, 0x0, 0x5}, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0xd97f760c479e8c8e, 0x0) pread64$auto(r2, 0x0, 0x3, 0x1000007ffe) setitimer$auto(0x5, 0x0, 0x0) keyctl$auto(0x4, 0xfffffffffffffffc, 0x0, 0x0, 0x1) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x20000080) syz_clone3(&(0x7f0000000300)={0x2c022000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) madvise$auto(0x7, 0x8, 0x1a) 8.542305051s ago: executing program 5 (id=4856): socket(0x2, 0x3, 0xa) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) clone$auto(0x20003b4b, 0x8000000000002001, 0x0, 0x0, 0xfffffffffffffffb) open(0x0, 0xae841, 0x1fb) socket(0x840000000002, 0x3, 0xff) connect$auto(0x3, &(0x7f0000000000), 0x55) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x7fffffe) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x73) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20b42, 0x0) socket(0xf, 0x80000, 0x0) write$auto(0x3, 0x0, 0x100082) openat$auto_hwsim_fops_ps_(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/ieee80211/phy16/hwsim/ps\x00', 0x101840, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) write$auto(0x3, 0x0, 0x100082) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, 0x0) 7.859793438s ago: executing program 5 (id=4849): bind$auto(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x2c, "d673107fab139218c3a6e4e19205"}, 0x6b) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) gettid() msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x100000000000000, 0x2, 0x4000000000df, 0x40df, 0x401, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) write$auto(0xffffffffffffffff, 0x0, 0x0) rt_sigtimedwait$auto(0x0, 0x0, 0x0, 0x8) bpf$auto(0x0, 0x0, 0xa3) ioctl$auto(0xffffffffffffffff, 0xc0404d1a, 0xffffffffffffffff) socket(0x12, 0x4, 0x440a) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\x80\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x00\x0e\v9\xb5j\x00\x04\xc8\x1fa\x1c\x1a\x05 \xfdr/D\xbf\x98\x06\xe5\xf6\x8d\x1fX\xe5\xbc\xbc\"}$', 0x7fffffff) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)) ioctl$auto(0x3, 0x80081280, 0x90000800000402) socket(0x25, 0x5, 0x0) sendfile$auto(0x6, 0x3, 0x0, 0xfdef) io_setup$auto(0x10000, 0x0) 5.914896119s ago: executing program 3 (id=4860): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) modify_ldt$auto(0x1, 0x0, 0x10) pread64$auto(0xffffffffffffffff, 0x0, 0xf311, 0x8000000000000001) socket(0x2, 0x1, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_RSS_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) rt_sigaction$auto(0x5, &(0x7f0000000140)={&(0x7f0000000040)=0x0, 0x9, 0x0, {0x81}}, 0x0, 0x8) bind$auto(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x9, "cc00000008f0ffffff000100"}, 0x6b) r1 = gettid() rt_sigqueueinfo$auto(r1, 0x1, 0x0) 5.542161208s ago: executing program 3 (id=4863): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x11, 0x80003, 0x300) r0 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000140), 0xffffffffffffffff) r1 = gettid() statx$auto(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x10000, 0x3, &(0x7f00000003c0)={0x1, 0x3b, 0x100, 0x7, 0xee00, 0xee01, 0xefbf, 0x9, 0x81, 0x8, 0xffffffff, 0x9, {0x2, 0x7}, {0x81db, 0xa3f}, {0x8001, 0x1ff}, {0x914, 0x3}, 0x0, 0xd997, 0x2, 0x0, 0x8, 0x6, 0xfffffffa, 0xd600000, 0xfa, 0x1, 0x9, 0x7fff, [0x100000001, 0x81, 0x5, 0x2, 0xffffffffffffff81, 0x2, 0x7, 0xf, 0x8]}) msgctl$auto_MSG_STAT(0x7fffffff, 0xb, &(0x7f0000000540)={{0x8, 0xffffffffffffffff, 0xee01, 0xf, 0x861, 0x6, 0x9}, &(0x7f00000004c0)=0x3, &(0x7f0000000500)=0x7f, 0x718, 0x1, 0xfffffffffffffe92, 0x4, 0xf51, 0x80, 0x800, 0xff00, @raw=0x1}) r3 = syz_clone(0xa0040000, &(0x7f00000005c0)="ae980c1f005bab01ec627cbcae784847ec687cc98bdfb28bd47a0503d47f2e4dd582c6db40216ae7b88aa087139189a26081a3c0ec1e95d6c5d431f1ba7a7e12698101f12826a2ee0fdf3eec859b04fc1614d7df2c61d74dd71144d55b5c59632d5c29901d87b9dd268fa621533f084a1e0eb94145ecbf92726713a924b5021e660d8910623128ecf8673fcbab5253fdb53fcaaf846872913e1251a88eda7d79e6ed8afb8dcefbb7a436d4a502f8f2ec551f6f3df04631153a2af93a86908f9ab97d9ce4a193e22fcd97612bec7470c6d530be42c2723c044cc6bd3786a9821f2c679f2f7277910d1d13ccfc02b05d57c626f0b6d5a37550835b", 0xfa, 0x0, &(0x7f0000000700), &(0x7f0000000740)) r4 = getuid() sendmsg$auto_MACSEC_CMD_DEL_TXSA(0xffffffffffffffff, &(0x7f0000000e40)={&(0x7f00000000c0), 0xc, &(0x7f0000000e00)={&(0x7f0000000ec0)={0x1e8, r0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@MACSEC_ATTR_OFFLOAD={0x1ce, 0x9, 0x0, 0x1, [@generic="8b78144780eeb940c554ec462c07adb814ee4787090c0f9afeac261592cf320b9b893b88aa9e86cfa92d6abb03e41bf4ac569b02ebd337f3857bf31e09a9a88f11bf95d22afec1e7ca617fa037221ec53d1264c6d9c1626401cf5a70450fad6aa96cee003d32", @typed={0x8, 0x14c, 0x0, 0x0, @pid=r1}, @typed={0x8, 0xb0, 0x0, 0x0, @fd}, @typed={0x14, 0x59, 0x0, 0x0, @ipv6=@empty}, @nested={0x4d, 0x112, 0x0, 0x1, [@nested={0x4, 0x2b}, @typed={0x8, 0x31, 0x0, 0x0, @u32=0x1000}, @typed={0x8, 0x48, 0x0, 0x0, @uid=r2}, @typed={0x26, 0x32, 0x0, 0x0, @str='/sys/kernel/config/nullb/features\x00'}, @generic="2d593d225bf6bbaaa6f9812ef5"]}, @typed={0x8, 0x4e, 0x0, 0x0, @fd}, @typed={0x8, 0x107, 0x0, 0x0, @pid=r3}, @nested={0xdf, 0x10, 0x0, 0x1, [@typed={0x4, 0x11b}, @generic="07db3fad55d8b7992a426af101471856e7b049147e24d06e439e5877039bccc7671a9d0f468fe5d20df81feff9f5d20728d08d49b32134caabed5e4aa1d644a91e7dedcc21321aed6e8838ab102c8cef2d925b7f5d342f80cea860267c8376407b48791805817301f6c11253ef186db557f83c0e2000db7d37651122afcbe413ffd3d4db320359923aa87813fbbfcfbc9b37dde4e4a0a96f6a2a7cde8ba7b16ca40e4e7f220dc4c3c72f0f4baad7d3737b30a4277deb0ab6af76a85fae4f03442d27da09bbca311a1245b9", @typed={0x8, 0x37, 0x0, 0x0, @uid=r4}, @generic, @nested={0x4, 0x51}]}]}, @MACSEC_ATTR_SA_CONFIG={0x4, 0x3, 0x0, 0x1, [@generic]}]}, 0x1e8}, 0x1, 0x0, 0x0, 0x40001}, 0x8040) socket(0x2, 0x80802, 0x0) shutdown$auto(0x200000003, 0x2) select$auto(0x5, &(0x7f0000000200)={[0xaac, 0xca48, 0x0, 0xd1, 0xb, 0x1001ff, 0x5, 0x10000, 0x8000000000000002, 0x3, 0x105, 0x10001, 0x0, 0x800, 0x7, 0x7]}, 0x0, 0x0, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1, 0x7356, 0x33, 0x65f, 0x1ffde, 0x7, 0xffffffffffffffff, 0x20000009, 0x4, 0x3, 0x6, 0x2091, 0xb4, 0x9, 0x1, 0x6, 0x83, 0x4, 0x7ff, 0x400, 0x2000, 0x203, 0x0, 0x84, 0x3}, 0x1fe, 0x11) fchmod$auto(0xffffffffffffffff, 0x7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) getsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0xfffffffb, 0xa, &(0x7f0000000040)='/sys/kernel/config/nullb/features\x00', &(0x7f0000000080)=0x8001) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0x40}, 0x4, 0x0, 0x7, 0xa509}, 0x800}, 0x1000, 0x4008) 5.276783422s ago: executing program 5 (id=4865): openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, 0x0, 0x39442, 0x0) syz_genetlink_get_family_id$auto_tcp_metrics(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x23, 0x5, 0x8106) io_uring_setup$auto(0x23ffffe, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_debugfs_devm_entry_ops_file(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/cec/cec30/status\x00', 0x0, 0x0) sysfs$auto(0x2, 0x0, 0x0) r0 = gettid() openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x8c100, 0x0) r1 = gettid() kexec_load$auto(0x5, 0x1, 0x0, 0x4) ptrace$auto_PTRACE_SYSCALL(0x18, r0, 0x2, 0x4f5) kill$auto(r1, 0x11) ppoll$auto(0x0, 0xb, 0x0, &(0x7f00000002c0)={0x5}, 0x8) pread64$auto(0xffffffffffffffff, 0x0, 0x3, 0x5) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x1) prctl$auto(0x805, 0x100000000004, 0x4, 0x3, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a3042, 0x0) madvise$auto(0x0, 0x200007, 0x19) 4.13489378s ago: executing program 1 (id=4868): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r2 = gettid() process_vm_writev$auto(r2, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) 4.134756955s ago: executing program 3 (id=4869): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x2, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(0xffffffffffffffff, 0x409, 0x40003f) io_uring_setup$auto(0x8000, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x5aa, 0x0, 0x2e, 0x0, 0x7, 0x1083}, 0x5}, 0x2, 0x100) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) acct$auto(0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mknod$auto(&(0x7f0000000040)=':,\x00', 0xc9, 0xcb) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) 3.536900661s ago: executing program 3 (id=4871): openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x108800, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) unshare$auto(0x40000080) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) syz_clone(0x40011, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone3(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, {0x1d}, 0x0, 0x0, 0x0, 0x0}, 0x58) select$auto(0xfff, 0x0, &(0x7f00000002c0)={[0x9, 0xfe0000000, 0x3, 0xfffffffffffff05b, 0xfffffffffffffff9, 0x7fff, 0x40, 0x5, 0x4, 0x5, 0x0, 0x8000000000000000, 0x0, 0x6, 0x81, 0x81]}, &(0x7f0000000340)={[0x9, 0xf, 0x40b48540, 0x876, 0x5, 0x8, 0x8000000000000000, 0x2, 0x9, 0x8, 0x29ff, 0x8c, 0x29, 0x11ce, 0x0, 0x3]}, &(0x7f00000000c0)={0x40, 0x3}) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(0x3, 0x4038ae7a, 0x38) 3.158395253s ago: executing program 4 (id=4873): mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000100), 0xc0000, 0x0) ioctl$auto_RTC_SET_TIME(r3, 0x4024700a, &(0x7f0000000140)={0x1, 0x0, 0xf, 0xc, 0x9, 0x3, 0x2, 0xfffffff9, 0x4}) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @raw=0xfffff03c}}) open(0x0, 0x2a4c0, 0x20) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r4, 0x5001, 0x0) keyctl$auto_KEY_REQKEY_DEFL_PROCESS_KEYRING(0x1, 0x2, 0x0, 0x0, 0x3) keyctl$auto(0x8, 0xfffffffffffffffd, 0xffffffffffffffff, 0x5092, 0x4ec) r5 = open(&(0x7f0000000000)='.\x00', 0x4200, 0x110) getdents64$auto(r5, 0x0, 0x400) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4008af12, r0) 2.923364091s ago: executing program 4 (id=4874): r0 = prctl$auto_PR_SET_MM_START_DATA(0x80000001, 0x3, 0xffffffffffffffff, 0xa3, 0x1000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) socket(0x1d, 0x2, 0x6) r1 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) fanotify_init$auto(0x602, 0x1) socketpair$auto(0x22, 0x5, 0xffffffff, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r2, 0x104000000000010e, 0x3, 0x0, 0x20003fe) syz_genetlink_get_family_id$auto_ipvs(0x0, r2) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3, 0xfd}, 0x6a) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xa, 0x3, 0xe, 0x940, 0xfffffff8, 0x3, 0x4, 0x1, 0x9, 0x5, 0x6, 0x7, 0x1001000, 0x8, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x4, 0x40000081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) shmctl$auto_IPC_STAT(0xfffffff6, 0x2, &(0x7f00000003c0)={{0x8, 0xee01, 0xee00, 0x401, 0x6, 0x53f5c31f, 0x1ff}, 0x80000001, 0x2, 0x800, 0x4, @raw=0x7, @raw=0x5, 0x9b85, 0x0, &(0x7f0000000100)="d7716e8566265e4f9f93cec79fa32303b12ea56fa08c2d305cb320b5d38a7e190b638598930e045b06b7a789df91826a47b485067d3800789121ec4fcac8d2a132f005b9032abe509377d8f661c970023b6971027a29b40d42e3aa275cf44412772d6a", &(0x7f0000000380)}) msgctl$auto_IPC_STAT(0x20512367, 0x2, &(0x7f00000004c0)={{0xfff, 0xee00, 0x0, 0x80, 0x1000, 0xffffffff, 0x2d}, &(0x7f0000000440)=0x7, &(0x7f0000000480)=0x4, 0x4, 0xa4, 0x5, 0x7, 0x4, 0x40, 0x76fb, 0xc, @inferred=0xffffffffffffffff, @raw}) setresuid$auto(0xffffffffffffffff, r5, r6) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x52, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x8044) 2.863282495s ago: executing program 1 (id=4875): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) ioctl$auto_SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x2272, &(0x7f0000000380)="a1a1d138c4c4b7ba26eb4ac17f230f58f3ff36ca208cd70775ddf2ca72ee086c67bff2ea6e3646c074eb784b532c33990bc22f18b013e28ded") close_range$auto(0x2, 0x8, 0x0) r1 = open(0x0, 0x261c2, 0x184) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000080)='/proc/kpageflags\x00', 0x2, 0x0) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000300), 0x450c00, 0x0) move_pages$auto(r3, 0x1002, 0x0, 0x0, 0x0, 0x2) r4 = getpid() sendmsg$auto_NL80211_CMD_DEL_TX_TS(r0, &(0x7f0000001a80)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001a40)={&(0x7f0000000440)={0x1cc, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_MLO_SUPPORT={0x4}, @NL80211_ATTR_FILS_DISCOVERY={0x1a4, 0x126, 0x0, 0x1, [@NL80211_FILS_DISCOVERY_ATTR_TMPL={0xcb, 0x3, "5cff3ab0934d61e80186cebf74ac8c591066d88a5c314407f5e3e8070ebcc21642275a99b4e900d43ac27dfd4238218671cedb24bb3bf4a6fe501e81d8044ab303410a4f398db01bb3844ea8da44d8fb87740413d80afce38be86ca10e4ba1249a5afdca05810eaa29c2aa41c1a896306e20b37235277d77e8284e3d43b47e8a1a953280080390fdd5609adc4f02a486ca8e9572176c41bece6d235711890aa2cb5a49f6070b85b859a13f6a8568180f305dfaaa9a5cea086e8a3adf10a231091b3c5acb6ccc35"}, @NL80211_FILS_DISCOVERY_ATTR_TMPL={0x4}, @NL80211_FILS_DISCOVERY_ATTR_TMPL={0x38, 0x3, "c0bb0f75177afd36a577c184da4d9be81f97a62052afa8f42300437cfc6ad4e264847ae1d445d9edf7f4cd498d3d7f9557364965"}, @NL80211_FILS_DISCOVERY_ATTR_TMPL={0x14, 0x3, "b5cf152515f1dc489d86106edcc35a41"}, @NL80211_FILS_DISCOVERY_ATTR_TMPL={0x73, 0x3, "99186bbb9e7ee653b9d78dc078f37f6261c7bbb4a240fbbd004d6ff33597508ace458ffff820d2187224210fec89f709202d86500cfa1da4d0a68f3bd981f2e542f6081121589961a36a64b2033a82282cb446b757bdb49f876d35e8e98be78a66f4eda6fb35dbc61d2369fc69d489"}, @NL80211_FILS_DISCOVERY_ATTR_INT_MIN={0x8, 0x1, 0x7}, @NL80211_FILS_DISCOVERY_ATTR_INT_MIN={0x8, 0x1, 0x8}]}, @NL80211_ATTR_SUPPORT_MESH_AUTH={0x4}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x9f9}, @NL80211_ATTR_NAN_FUNC={0x4}]}, 0x1cc}, 0x1, 0x0, 0x0, 0x4000004}, 0x24004000) kcmp$auto(r3, r4, 0x7, 0xffffffffffffffff, r2) waitid$auto_P_PIDFD(0x3, r1, &(0x7f00000001c0)={@siginfo_0_0={0x8, 0x6, 0x80, @_rt={r4, 0x0, @sival_int=0x6}}}, 0x8, &(0x7f0000000240)={{0x23bd, 0x7}, {0x9, 0x5}, 0x2, 0x4000, 0x5, 0x7f, 0x1ff, 0xe, 0x2, 0x6, 0x28, 0xc3, 0x3, 0x0, 0xffffffff, 0x1cd}) 2.573330232s ago: executing program 4 (id=4876): unshare$auto(0x40000080) mmap$auto(0xffffffffffffffff, 0x2022009, 0x3, 0xeb1, 0xffffffffffffffff, 0x7ffffffffffffffe) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, 0x0) unshare$auto(0x40000080) socket(0x1e, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) ioctl$auto(r1, 0x4bfb, 0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f0000000040), 0x1800, 0x0) r2 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$auto_RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000000)={0x1, 0x7, 0x0, 0x8, 0x1, 0x63, 0x10, 0x3, 0x3}) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/pagemap\x00', 0x1, 0x0) prctl$auto(0x3f, 0x7ff, 0x0, 0x5, 0x5) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/pipe-max-size\x00', 0x382, 0x0) r3 = socket(0x10, 0x2, 0x0) read$auto(r3, 0x0, 0x10001) 2.203363224s ago: executing program 5 (id=4877): socket(0xa, 0x2, 0x73) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x5, 0x44f, 0x759, 0x5, 0x7181, 0x1ffde, 0x400007, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000003, 0x384, 0x9, 0xb10, 0x10006, 0x400007f, 0x7, 0x0, 0x10, 0x22000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x3, 0x0, [0x0, 0x7, 0x0, 0x25c3, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x196fc46e, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffd, 0x2]}, 0x1fa, 0x10) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2802, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) ppoll$auto(&(0x7f0000000080)={r0, 0x3212, 0x4}, 0x1, &(0x7f0000000580)={0x4, 0x3}, &(0x7f00000005c0)={0x7d}, 0x8) ioctl$auto_VHOST_SET_VRING_CALL2(r1, 0x4008af21, &(0x7f0000000600)={0x6, r0}) close_range$auto(r2, 0x8, 0x4395) socket(0x2, 0x3, 0x100) r3 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/prev\x00', 0x101002, 0x0) write$auto_proc_pid_attr_operations_base(r3, &(0x7f0000000200)="a597d9ce6359203d", 0x8) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) write$auto(r4, &(0x7f0000000040)='7\x00\\\x80\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x00\x0e\v9\xb5j\x00\x04\xc8\x1fa\x1c\x1a\x05 \xfdr/D\xbf\x98\x06\xe5\xf6\x8d\x1fX\xe5\xbc\xbc\"}$', 0x7fffffff) ioctl$auto_SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000040)) r5 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x20400, 0x0) io_uring_register$auto_IORING_REGISTER_SEND_MSG_RING(0xffffffffffffffff, 0x1f, &(0x7f00000030c0), 0x7) ioctl$auto_SNDRV_PCM_IOCTL_FORWARD2(r5, 0x40084149, &(0x7f0000001080)=0x7) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) socket(0x11, 0x80003, 0x300) sendmsg$auto_NFC_CMD_STOP_POLL(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000011c0)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x20008050}, 0x4048041) 2.163586112s ago: executing program 3 (id=4878): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8000000000000000, 0x8000) capset$auto(0x0, &(0x7f0000000180)={0x1, 0x7, 0x6}) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0xb, 0x10000, 0x16, 0x401, 0x8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioperm$auto(0x3, 0x8001, 0x2000000000000149) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, 0x0, 0x4) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x89\x06s\x1cJ\x99\x00:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x10, 0x6) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000840)) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0xba6, 0x7000000) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/conf/vxcan1/forwarding\x00', 0x82002, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/virt_wifi0/ra_defrtr_metric\x00', 0x0, 0x0) sendfile$auto(r1, r2, 0x0, 0x1) 1.851423329s ago: executing program 1 (id=4879): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, 0x0, 0x3, 0x1c) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a4, 0xffff) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) sendmsg$auto_NL80211_CMD_RADAR_DETECT(0xffffffffffffffff, 0x0, 0x4008000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x80040, 0x0) open(0x0, 0x22240, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) socket(0x15, 0x5, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 1.493807681s ago: executing program 4 (id=4880): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) socket(0x2c, 0x3, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socket(0xa, 0x2, 0x0) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x8, @old_prog_fd=r0}, 0xa3) bpf$auto(0x2, &(0x7f0000000040)=@query={@target_ifindex, 0xff, 0x7, 0x9, 0x7f, @count=0xfffffff1, 0x0, 0x80000000, 0xc, 0xb, 0x7}, 0x9) 1.274823333s ago: executing program 4 (id=4881): bind$auto(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x2c, "d673107fab139218c3a6e4e19205"}, 0x6b) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) gettid() msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x100000000000000, 0x2, 0x4000000000df, 0x40df, 0x401, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) write$auto(0xffffffffffffffff, 0x0, 0x0) rt_sigtimedwait$auto(0x0, 0x0, 0x0, 0x8) bpf$auto(0x0, 0x0, 0xa3) ioctl$auto(0xffffffffffffffff, 0xc0404d1a, 0xffffffffffffffff) socket(0x12, 0x4, 0x440a) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\x80\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x00\x0e\v9\xb5j\x00\x04\xc8\x1fa\x1c\x1a\x05 \xfdr/D\xbf\x98\x06\xe5\xf6\x8d\x1fX\xe5\xbc\xbc\"}$', 0x7fffffff) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)) ioctl$auto(0x3, 0x80081280, 0x90000800000402) socket(0x25, 0x5, 0x0) sendfile$auto(0x6, 0x3, 0x0, 0xfdef) io_setup$auto(0x10000, 0x0) 1.234443385s ago: executing program 5 (id=4882): mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0xc8e, 0x2, 0x40eb1, 0x602, 0x300000000000) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) madvise$auto(0x0, 0x20499d, 0x9) r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'}) socket(0x10, 0x2, 0xc) r1 = prctl$auto_PR_SET_MM_START_DATA(0x0, 0x3, 0x0, 0x3, 0x24a3) ioctl$auto_KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f0000000040)={0x6, 0x0, [{0x8, 0xffffffff, 0x2, 0x5, 0x3, 0x8, 0x40}, {0x3, 0x1, 0x774, 0x401, 0x7fffffff, 0x80000000, 0x3}, {0x8, 0x3, 0x34fc3452, 0x287c77a1, 0x4, 0x4, 0x4}]}) ustat$auto(0x1, &(0x7f0000000000)={0xfff, 0x2, "be5705f65205", "184885ca64ad"}) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400000020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/ip6_mr_cache\x00', 0x1900, 0x0) pread64$auto(r3, 0x0, 0xe, 0x100000000007) read$auto(r2, 0x0, 0xe8) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f682, 0x0) ioctl$auto_BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000000c0)={"2252f65ca1b92f72a92538725b0694521629e8c3e6ba91c62e2e9d42cf4aef15", 0x4, 0x1ff, 0x8000, 0x6, 0xff}) 923.929067ms ago: executing program 1 (id=4883): socket(0x2, 0x3, 0xa) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) clone$auto(0x20003b4b, 0x8000000000002001, 0x0, 0x0, 0xfffffffffffffffb) open(0x0, 0xae841, 0x1fb) socket(0x840000000002, 0x3, 0xff) connect$auto(0x3, &(0x7f0000000000), 0x55) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x7fffffe) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x73) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20b42, 0x0) socket(0xf, 0x80000, 0x0) write$auto(0x3, 0x0, 0x100082) openat$auto_hwsim_fops_ps_(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/ieee80211/phy16/hwsim/ps\x00', 0x101840, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) write$auto(0x3, 0x0, 0x100082) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, 0x0) 642.84582ms ago: executing program 1 (id=4884): futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4, 0x4}, 0x77, 0x0, 0x0, 0x62bd) open(&(0x7f0000000000)='./file0\x00', 0xa240, 0x15e) r0 = socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x6) socket(0xa, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) eventfd$auto(0x0) socket(0x2, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd=r0}, 0xa3) 459.540085ms ago: executing program 3 (id=4885): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) pivot_root$auto(0x0, 0x0) open(0x0, 0x7ffd, 0x12) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x7f, 0x82020009, 0x3, 0xeb1, 0xffffffffffffffff, 0xfff) connect$auto(0x3, 0x0, 0x10) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0) pwrite64$auto(r1, 0x0, 0x1, 0x27) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 354.770199ms ago: executing program 1 (id=4886): close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x114, 0xa, 0x0, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0) unshare$auto(0x40000080) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e28782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d5574bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f3829c8a4c33fe0fbc81dd579bbdb44eda4f335d2bc512ca7f38f603c29033c94df2c9533f4422432f574a021e90a0fe3a4cf54", 0xcb6) socket(0x8, 0x2, 0x1) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x2060009, 0x8000006, 0xeb2, r1, 0x10000) mmap$auto(0x2, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/ubifs/parameters/default_version\x00', 0xa041, 0x0) write$auto(0x3, 0x0, 0xfdef) close_range$auto(r0, 0x8, 0x5) socket(0x2, 0x3, 0xa) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) 0s ago: executing program 4 (id=4887): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, &(0x7f0000002f80), 0x2, 0x0) fstat$auto(0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video13\x00', 0x20000, 0x0) ioctl$auto(0x3, 0xc0285628, 0x8) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) r0 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r1 = socket(0x10, 0x2, 0x0) fstatfs$auto(r0, &(0x7f0000000000)={0x6, 0x5, 0x7, 0x1, 0x7, 0x2, 0x9, {[0x6, 0x1ff]}, 0x7, 0x1, 0x4, [0x0, 0x8, 0xd05b, 0x7]}) sendmmsg$auto(r1, 0x0, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000004480), r2) sendmsg$auto_CGROUPSTATS_CMD_GET(r2, &(0x7f0000004540)={0x0, 0x0, &(0x7f0000004500)={&(0x7f00000044c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@CGROUPSTATS_CMD_ATTR_FD={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8014) kernel console output (not intermixed with test programs): k [ 716.318371][T18276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 716.380790][T18276] team0: Port device team_slave_0 added [ 716.393051][T18276] team0: Port device team_slave_1 added [ 716.467081][T18276] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 716.481342][T18276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 716.548928][T18276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 716.573199][T18276] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 716.580209][T18276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 716.631733][T18276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 716.768742][T18276] hsr_slave_0: entered promiscuous mode [ 716.791619][T18276] hsr_slave_1: entered promiscuous mode [ 716.813206][T18276] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 716.831741][T18276] Cannot create hsr debugfs directory [ 716.869468][T18343] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3762'. [ 716.999938][T18345] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3763'. [ 717.247714][T18352] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3764'. [ 717.260495][T18352] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3764'. [ 717.801450][T18276] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 717.811264][T18276] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 717.829198][T18276] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 717.850524][T18276] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 718.034511][T18276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 718.071310][T18276] 8021q: adding VLAN 0 to HW filter on device team0 [ 718.104518][ T149] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.111753][ T149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 718.145692][ T149] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.152962][ T149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 718.171976][T18141] Bluetooth: hci1: command tx timeout [ 718.722270][T18276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 719.269871][T18276] veth0_vlan: entered promiscuous mode [ 719.303176][T18276] veth1_vlan: entered promiscuous mode [ 719.368421][T18276] veth0_macvtap: entered promiscuous mode [ 719.386826][T18276] veth1_macvtap: entered promiscuous mode [ 719.442991][T18276] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 719.594438][T18276] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 719.631486][T18276] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 719.676003][T18276] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 719.695387][T18276] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 719.724646][T18276] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 719.910906][T18276] ieee80211 phy32: Selected rate control algorithm 'minstrel_ht' [ 719.979086][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 719.997166][T18276] ieee80211 phy33: Selected rate control algorithm 'minstrel_ht' [ 720.008089][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 720.063970][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 720.084347][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 720.213517][T18141] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 720.213558][T18141] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 720.228813][T18141] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 720.228849][T18141] Bluetooth: hci3: adv larger than maximum supported [ 720.237022][T18141] Bluetooth: hci3: adv larger than maximum supported [ 720.243856][T18141] Bluetooth: hci3: Malformed LE Event: 0x0d [ 720.257155][ T5149] Bluetooth: hci1: command tx timeout [ 721.098539][T18486] netlink: 246 bytes leftover after parsing attributes in process `syz.4.3784'. [ 721.273239][T18493] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 721.349587][T18493] Unable to find swap-space signature [ 721.585851][T18506] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3791'.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        [ 800.199811][T20185] ERROR: Out of memory at tomoyo_memory_ok. [ 800.222207][T20182] ERROR: Out of memory at tomoyo_memory_ok. [ 800.334494][T20204] can: request_module (can-proto-3) failed. [ 800.743846][T20210] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4253'. [ 800.772019][T20210] netlink: 354 bytes leftover after parsing attributes in process `syz.5.4253'. [ 802.584589][T20252] FAULT_INJECTION: forcing a failure. [ 802.584589][T20252] name failslab, interval 1, probability 0, space 0, times 0 [ 802.601700][T20252] CPU: 1 UID: 0 PID: 20252 Comm: syz.1.4261 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 802.601745][T20252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 802.601764][T20252] Call Trace: [ 802.601774][T20252] [ 802.601786][T20252] dump_stack_lvl+0x16c/0x1f0 [ 802.601835][T20252] should_fail_ex+0x512/0x640 [ 802.601877][T20252] should_failslab+0xc2/0x120 [ 802.601904][T20252] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 802.601947][T20252] ? lock_release+0x201/0x2f0 [ 802.601984][T20252] ? __proc_create+0x2ce/0x8c0 [ 802.602032][T20252] __proc_create+0x2ce/0x8c0 [ 802.602077][T20252] ? __pfx___proc_create+0x10/0x10 [ 802.602121][T20252] ? _raw_write_unlock+0x28/0x50 [ 802.602168][T20252] ? proc_register+0x314/0x5f0 [ 802.602217][T20252] _proc_mkdir+0xb9/0x200 [ 802.602263][T20252] ? __pfx__proc_mkdir+0x10/0x10 [ 802.602308][T20252] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 802.602355][T20252] ? __pfx_netfilter_net_init+0x10/0x10 [ 802.602401][T20252] netfilter_net_init+0x37b/0x4b0 [ 802.602441][T20252] ? sysctl_net_init+0x27/0x30 [ 802.602467][T20252] ops_init+0x1e2/0x5f0 [ 802.602509][T20252] setup_net+0x1ff/0x510 [ 802.602532][T20252] ? lockdep_init_map_type+0x5c/0x280 [ 802.602563][T20252] ? __pfx_setup_net+0x10/0x10 [ 802.602582][T20252] ? __raw_spin_lock_init+0x3a/0x110 [ 802.602615][T20252] ? debug_mutex_init+0x37/0x70 [ 802.602637][T20252] copy_net_ns+0x2a6/0x5f0 [ 802.602660][T20252] create_new_namespaces+0x3ea/0xa90 [ 802.602686][T20252] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 802.602711][T20252] ksys_unshare+0x45b/0xa40 [ 802.602740][T20252] ? __pfx_ksys_unshare+0x10/0x10 [ 802.602768][T20252] ? xfd_validate_state+0x61/0x180 [ 802.602801][T20252] __x64_sys_unshare+0x31/0x40 [ 802.602828][T20252] do_syscall_64+0xcd/0x490 [ 802.602862][T20252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.602885][T20252] RIP: 0033:0x7f40ecb8e929 [ 802.602902][T20252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 802.602926][T20252] RSP: 002b:00007f40edabe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 802.602948][T20252] RAX: ffffffffffffffda RBX: 00007f40ecdb5fa0 RCX: 00007f40ecb8e929 [ 802.602964][T20252] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 802.602978][T20252] RBP: 00007f40ecc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 802.602992][T20252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 802.603005][T20252] R13: 0000000000000000 R14: 00007f40ecdb5fa0 R15: 00007ffde557b268 [ 802.603026][T20252] [ 802.603041][T20252] cannot create netfilter proc entry [ 802.874202][T20250] netlink: set zone limit has 8 unknown bytes [ 803.142937][T20248] netlink: 206 bytes leftover after parsing attributes in process `syz.5.4270'. [ 803.159745][T20248] bridge0: entered allmulticast mode [ 804.257932][T20271] can0: slcan on ptm0. [ 804.342700][T20270] can0 (unregistered): slcan off ptm0. [ 804.494475][T20282] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(4294967293.4294967295.4294967293), cmd(2) [ 804.652850][T18459] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 804.652890][T18459] Bluetooth: hci1: unexpected subevent 0x0e length: 725 > 15 [ 804.667935][T18459] Bluetooth: hci1: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 805.188352][T20295] HfR: entered promiscuous mode [ 805.199229][T20295] openvswitch: HfR: Dropping previously announced user features [ 805.632972][T20303] caif:caif_disconnect_client(): nothing to disconnect [ 806.244458][T20326] ERROR: Out of memory at tomoyo_memory_ok. [ 806.254785][T20323] ERROR: Out of memory at tomoyo_memory_ok. [ 806.896388][T18459] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 807.359381][T20335] caif:caif_disconnect_client(): nothing to disconnect [ 807.827220][T20360] FAULT_INJECTION: forcing a failure. [ 807.827220][T20360] name failslab, interval 1, probability 0, space 0, times 0 [ 807.865178][T20360] CPU: 1 UID: 0 PID: 20360 Comm: syz.5.4291 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 807.865222][T20360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 807.865239][T20360] Call Trace: [ 807.865250][T20360] [ 807.865261][T20360] dump_stack_lvl+0x16c/0x1f0 [ 807.865315][T20360] should_fail_ex+0x512/0x640 [ 807.865357][T20360] should_failslab+0xc2/0x120 [ 807.865384][T20360] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 807.865431][T20360] ? kvm_sched_clock_read+0x11/0x20 [ 807.865469][T20360] ? local_clock_noinstr+0xd/0xe0 [ 807.865508][T20360] ? append_filter_err+0x3c0/0x5e0 [ 807.865542][T20360] kmemdup_nul+0x49/0xf0 [ 807.865583][T20360] append_filter_err+0x3c0/0x5e0 [ 807.865617][T20360] apply_subsystem_event_filter+0x740/0x17a0 [ 807.865654][T20360] ? rcu_is_watching+0x12/0xc0 [ 807.865685][T20360] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 807.865725][T20360] ? _copy_from_user+0x59/0xd0 [ 807.865768][T20360] subsystem_filter_write+0x95/0x120 [ 807.865803][T20360] ? __pfx_subsystem_filter_write+0x10/0x10 [ 807.865839][T20360] vfs_write+0x29d/0x1150 [ 807.865879][T20360] ? __pfx___mutex_lock+0x10/0x10 [ 807.865922][T20360] ? __pfx_vfs_write+0x10/0x10 [ 807.865959][T20360] ? __fget_files+0x204/0x3c0 [ 807.865995][T20360] ? rcu_is_watching+0x12/0xc0 [ 807.866025][T20360] ? __fget_files+0x20e/0x3c0 [ 807.866063][T20360] ksys_write+0x12a/0x250 [ 807.866098][T20360] ? __pfx_ksys_write+0x10/0x10 [ 807.866142][T20360] do_syscall_64+0xcd/0x490 [ 807.866185][T20360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.866214][T20360] RIP: 0033:0x7f7b8cf8e929 [ 807.866235][T20360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 807.866263][T20360] RSP: 002b:00007f7b8dd10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 807.866291][T20360] RAX: ffffffffffffffda RBX: 00007f7b8d1b5fa0 RCX: 00007f7b8cf8e929 [ 807.866320][T20360] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005 [ 807.866337][T20360] RBP: 00007f7b8d010b39 R08: 0000000000000000 R09: 0000000000000000 [ 807.866355][T20360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 807.866373][T20360] R13: 0000000000000000 R14: 00007f7b8d1b5fa0 R15: 00007ffdec9e7268 [ 807.866401][T20360] [ 808.609971][T18459] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 808.908137][T20376] Malformed UNC in devname [ 808.908137][T20376] [ 808.922470][T20376] CIFS: VFS: Malformed UNC in devname [ 809.232424][T20388] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 809.887309][T20397] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4304'. [ 812.011057][T20448] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4320'. [ 812.021426][T20448] bond0: entered promiscuous mode [ 812.026771][T20448] bond_slave_1: entered promiscuous mode [ 814.175831][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.182177][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.692724][ T30] audit: type=1804 audit(4294975207.156:22): pid=20480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4329" name="file0" dev="tmpfs" ino=5127 res=1 errno=0 [ 815.499787][T20512] random: crng reseeded on system resumption [ 815.509096][T20512] PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff] [ 815.522349][T20512] PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff] [ 815.569376][T20512] PM: hibernation: Marking nosave pages: [mem 0xbfffd000-0xffffffff] [ 815.578334][T20512] PM: hibernation: Basic memory bitmaps created [ 815.811900][T20509] PM: hibernation: Basic memory bitmaps freed [ 816.864383][T20535] kafs: addr_prefs: Invalid Command [ 817.801270][ T30] audit: type=1804 audit(4294975210.276:23): pid=20538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4343" name="file0" dev="tmpfs" ino=5874 res=1 errno=0 [ 817.982991][T20561] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4348'. [ 821.681578][ T30] audit: type=1804 audit(4294975214.156:24): pid=20608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4360" name="file0" dev="tmpfs" ino=5185 res=1 errno=0 [ 823.809703][T20621] ALSA: mixer_oss: invalid OSS volume '' [ 824.394627][T20645] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 825.513461][T20666] random: crng reseeded on system resumption [ 825.540695][T20666] PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff] [ 825.563707][T20666] PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff] [ 825.581892][T20666] PM: hibernation: Marking nosave pages: [mem 0xbfffd000-0xffffffff] [ 825.595809][T20666] PM: hibernation: Basic memory bitmaps created [ 825.972843][T20666] Unrecognized hibernate image header format! [ 825.978990][T20666] PM: hibernation: Image mismatch: architecture specific data [ 826.552410][T20669] netlink: 17 bytes leftover after parsing attributes in process `syz.3.4378'. [ 826.708453][T20676] overlayfs: missing 'lowerdir' [ 826.735884][T20666] PM: hibernation: Basic memory bitmaps freed [ 827.005185][T20681] FAULT_INJECTION: forcing a failure. [ 827.005185][T20681] name failslab, interval 1, probability 0, space 0, times 0 [ 827.046908][T20681] CPU: 0 UID: 0 PID: 20681 Comm: syz.5.4380 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 827.046959][T20681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 827.046979][T20681] Call Trace: [ 827.046987][T20681] [ 827.046998][T20681] dump_stack_lvl+0x16c/0x1f0 [ 827.047044][T20681] should_fail_ex+0x512/0x640 [ 827.047084][T20681] should_failslab+0xc2/0x120 [ 827.047111][T20681] __kvmalloc_node_noprof+0x137/0x620 [ 827.047152][T20681] ? rcu_is_watching+0x12/0xc0 [ 827.047180][T20681] ? kfree+0x24f/0x4d0 [ 827.047214][T20681] ? snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 827.047251][T20681] ? snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 827.047283][T20681] snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 827.047321][T20681] snd_pcm_plug_alloc+0x146/0x330 [ 827.047358][T20681] snd_pcm_oss_change_params_locked+0x19b8/0x3a30 [ 827.047402][T20681] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 827.047435][T20681] ? rcu_is_watching+0x12/0xc0 [ 827.047476][T20681] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 827.047512][T20681] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 827.047545][T20681] ? __fget_files+0x204/0x3c0 [ 827.047588][T20681] ? hook_file_ioctl_common+0x145/0x410 [ 827.047619][T20681] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 827.047653][T20681] ? __fget_files+0x20e/0x3c0 [ 827.047695][T20681] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 827.047729][T20681] __x64_sys_ioctl+0x18b/0x210 [ 827.047763][T20681] do_syscall_64+0xcd/0x490 [ 827.047808][T20681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 827.047839][T20681] RIP: 0033:0x7f7b8cf8e929 [ 827.047862][T20681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 827.047891][T20681] RSP: 002b:00007f7b8adf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 827.047931][T20681] RAX: ffffffffffffffda RBX: 00007f7b8d1b6080 RCX: 00007f7b8cf8e929 [ 827.047952][T20681] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000007 [ 827.047971][T20681] RBP: 00007f7b8d010b39 R08: 0000000000000000 R09: 0000000000000000 [ 827.047990][T20681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 827.048008][T20681] R13: 0000000000000000 R14: 00007f7b8d1b6080 R15: 00007ffdec9e7268 [ 827.048036][T20681] [ 828.132869][T20706] hub 3-0:1.0: USB hub found [ 828.143805][T20706] hub 3-0:1.0: 1 port detected [ 828.161035][T20706] usb usb3: authorized to connect [ 828.389186][T20715] FAULT_INJECTION: forcing a failure. [ 828.389186][T20715] name failslab, interval 1, probability 0, space 0, times 0 [ 828.405203][T20715] CPU: 0 UID: 0 PID: 20715 Comm: syz.1.4389 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 828.405244][T20715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 828.405262][T20715] Call Trace: [ 828.405272][T20715] [ 828.405284][T20715] dump_stack_lvl+0x16c/0x1f0 [ 828.405333][T20715] should_fail_ex+0x512/0x640 [ 828.405379][T20715] should_failslab+0xc2/0x120 [ 828.405407][T20715] __kmalloc_cache_noprof+0x6a/0x3e0 [ 828.405445][T20715] ? snd_seq_pool_new+0x44/0x230 [ 828.405478][T20715] ? __pfx_snd_seq_open+0x10/0x10 [ 828.405519][T20715] snd_seq_pool_new+0x44/0x230 [ 828.405551][T20715] seq_create_client1+0x66/0x5e0 [ 828.405598][T20715] ? __pfx_snd_seq_open+0x10/0x10 [ 828.405643][T20715] snd_seq_open+0x59/0x550 [ 828.405688][T20715] ? __pfx_snd_seq_open+0x10/0x10 [ 828.405731][T20715] snd_open+0x1fe/0x450 [ 828.405783][T20715] ? __pfx_snd_open+0x10/0x10 [ 828.405828][T20715] chrdev_open+0x231/0x6a0 [ 828.405872][T20715] ? __pfx_apparmor_file_open+0x10/0x10 [ 828.405907][T20715] ? __pfx_chrdev_open+0x10/0x10 [ 828.405962][T20715] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 828.406004][T20715] do_dentry_open+0x744/0x1c10 [ 828.406046][T20715] ? __pfx_chrdev_open+0x10/0x10 [ 828.406095][T20715] vfs_open+0x82/0x3f0 [ 828.406128][T20715] path_openat+0x1de4/0x2cb0 [ 828.406175][T20715] ? __pfx_path_openat+0x10/0x10 [ 828.406219][T20715] do_filp_open+0x20b/0x470 [ 828.406261][T20715] ? __pfx_do_filp_open+0x10/0x10 [ 828.406312][T20715] ? alloc_fd+0x471/0x7d0 [ 828.406353][T20715] do_sys_openat2+0x11b/0x1d0 [ 828.406385][T20715] ? __pfx_do_sys_openat2+0x10/0x10 [ 828.406425][T20715] __x64_sys_openat+0x174/0x210 [ 828.406457][T20715] ? __pfx___x64_sys_openat+0x10/0x10 [ 828.406496][T20715] do_syscall_64+0xcd/0x490 [ 828.406542][T20715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.406571][T20715] RIP: 0033:0x7f40ecb8e929 [ 828.406595][T20715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 828.406623][T20715] RSP: 002b:00007f40eda9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 828.406655][T20715] RAX: ffffffffffffffda RBX: 00007f40ecdb6080 RCX: 00007f40ecb8e929 [ 828.406675][T20715] RDX: 0000000000040a40 RSI: 0000200000001d40 RDI: ffffffffffffff9c [ 828.406693][T20715] RBP: 00007f40ecc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 828.406712][T20715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 828.406729][T20715] R13: 0000000000000000 R14: 00007f40ecdb6080 R15: 00007ffde557b268 [ 828.406757][T20715] [ 828.985671][T20721] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 832.434562][T20775] kexec: Could not allocate control_code_buffer [ 833.619806][T20812] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 835.007436][T20809] ovs_: entered promiscuous mode [ 835.255177][T20846] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4426'. [ 835.270017][T20846] bridge_slave_1: left allmulticast mode [ 835.280516][T20846] bridge_slave_1: left promiscuous mode [ 835.288204][T20846] bridge0: port 2(bridge_slave_1) entered disabled state [ 835.304565][T20846] bridge_slave_0: left allmulticast mode [ 835.325881][T20846] bridge_slave_0: left promiscuous mode [ 835.332205][T20846] bridge0: port 1(bridge_slave_0) entered disabled state [ 835.751355][T20855] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4428'. [ 835.769422][T20855] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4428'. [ 835.788327][T20855] netlink: 290 bytes leftover after parsing attributes in process `syz.1.4428'. [ 835.798843][T20855] veth0_macvtap: left promiscuous mode [ 835.927760][T20855] netlink: 290 bytes leftover after parsing attributes in process `syz.1.4428'. [ 835.962053][T20855] veth0_macvtap: entered promiscuous mode [ 839.938600][T20953] overlayfs: missing 'lowerdir' [ 841.415821][T20990] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 841.915637][ T30] audit: type=1804 audit(4294975234.396:25): pid=20995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.4466" name="file0" dev="tmpfs" ino=940 res=1 errno=0 [ 843.379122][T21014] kexec: Could not allocate control_code_buffer [ 844.478694][ T30] audit: type=1804 audit(4294975236.946:26): pid=21050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4481" name="file0" dev="tmpfs" ino=6021 res=1 errno=0 [ 844.793331][T21060] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4485'. [ 844.836619][T21060] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4485'. [ 845.058797][T21063] netlink: 326 bytes leftover after parsing attributes in process `syz.1.4486'. [ 845.983164][T21071] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4487'. [ 846.042674][T21071] bridge_slave_0: left allmulticast mode [ 846.086877][T21071] bridge_slave_0: left promiscuous mode [ 846.100755][T21071] bridge0: port 1(bridge_slave_0) entered disabled state [ 846.284781][T21076] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4489'. [ 846.486685][T21079] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4490'. [ 846.528118][T21082] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4492'. [ 847.736652][T21113] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4500'. [ 847.810172][T21117] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4501'. [ 849.085281][T21127] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4503'. [ 849.125657][ T30] audit: type=1804 audit(4294975241.586:27): pid=21136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4502" name="/newroot/103/file0" dev="tmpfs" ino=565 res=1 errno=0 [ 849.648273][T21122] kexec: Could not allocate control_code_buffer [ 849.678201][T21142] hsr_slave_0 (unregistering): left promiscuous mode [ 850.140232][T21158] FAULT_INJECTION: forcing a failure. [ 850.140232][T21158] name failslab, interval 1, probability 0, space 0, times 0 [ 850.177106][T21158] CPU: 1 UID: 0 PID: 21158 Comm: syz.1.4513 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 850.177152][T21158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 850.177171][T21158] Call Trace: [ 850.177182][T21158] [ 850.177193][T21158] dump_stack_lvl+0x16c/0x1f0 [ 850.177241][T21158] should_fail_ex+0x512/0x640 [ 850.177285][T21158] ? constrain_params_by_rules+0x175/0xca0 [ 850.177316][T21158] should_failslab+0xc2/0x120 [ 850.177343][T21158] __kmalloc_noprof+0xd2/0x510 [ 850.177385][T21158] ? unwind_get_return_address+0x59/0xa0 [ 850.177433][T21158] constrain_params_by_rules+0x175/0xca0 [ 850.177465][T21158] ? stack_trace_save+0x8e/0xc0 [ 850.177490][T21158] ? stack_depot_save_flags+0x28/0xa40 [ 850.177533][T21158] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 850.177565][T21158] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 850.177598][T21158] ? snd_pcm_oss_change_params_locked+0x9cd/0x3a30 [ 850.177629][T21158] ? __kasan_kmalloc+0xaa/0xb0 [ 850.177666][T21158] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 850.177695][T21158] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 850.177726][T21158] ? snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 850.177761][T21158] ? snd_interval_refine+0x2fa/0x580 [ 850.177802][T21158] snd_pcm_hw_refine+0x7de/0xad0 [ 850.177835][T21158] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 850.177885][T21158] ? _snd_pcm_hw_param_min+0x259/0x630 [ 850.177918][T21158] snd_pcm_hw_param_near.constprop.0+0x58a/0x8e0 [ 850.177953][T21158] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 850.177986][T21158] ? __asan_memset+0x23/0x50 [ 850.178019][T21158] ? calc_src_frames.isra.0+0x187/0x1d0 [ 850.178049][T21158] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 850.178087][T21158] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 850.178118][T21158] ? rcu_is_watching+0x12/0xc0 [ 850.178158][T21158] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 850.178194][T21158] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 850.178228][T21158] ? __fget_files+0x204/0x3c0 [ 850.178265][T21158] ? hook_file_ioctl_common+0x145/0x410 [ 850.178298][T21158] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 850.178333][T21158] ? __fget_files+0x20e/0x3c0 [ 850.178374][T21158] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 850.178407][T21158] __x64_sys_ioctl+0x18b/0x210 [ 850.178443][T21158] do_syscall_64+0xcd/0x490 [ 850.178488][T21158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.178519][T21158] RIP: 0033:0x7f40ecb8e929 [ 850.178542][T21158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 850.178573][T21158] RSP: 002b:00007f40eda9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 850.178603][T21158] RAX: ffffffffffffffda RBX: 00007f40ecdb6080 RCX: 00007f40ecb8e929 [ 850.178622][T21158] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000009 [ 850.178640][T21158] RBP: 00007f40ecc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 850.178658][T21158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 850.178677][T21158] R13: 0000000000000000 R14: 00007f40ecdb6080 R15: 00007ffde557b268 [ 850.178705][T21158] [ 851.103831][T21181] __nla_validate_parse: 2 callbacks suppressed [ 851.103859][T21181] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4519'. [ 851.143508][T21181] ieee80211 phy41: Selected rate control algorithm 'minstrel_ht' [ 852.911735][T21222] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4527'. [ 853.406804][T21235] netlink: 'syz.1.4537': attribute type 1 has an invalid length. [ 853.416589][T21235] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 853.786107][T21246] caif:caif_disconnect_client(): nothing to disconnect [ 855.121650][ T30] audit: type=1804 audit(4294975247.596:28): pid=21271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4540" name="file0" dev="tmpfs" ino=6103 res=1 errno=0 [ 855.680881][T21284] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4547'. [ 855.894907][T21291] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4548'. [ 855.921482][T21287] could not allocate digest TFM handle [ 857.812342][T21329] binder: 21324:21329 ioctl c018620c 0 returned -22 [ 857.829731][T18459] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 860.285745][T21369] futex_wake_op: syz.3.4570 tries to shift op by -9; fix this program [ 863.281021][T21426] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4587'. [ 863.421373][T21426] hsr_slave_0 (unregistering): left promiscuous mode [ 865.001996][T21451] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4593'. [ 866.801874][ T30] audit: type=1804 audit(4294967304.170:29): pid=21481 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4599" name="file0" dev="tmpfs" ino=5542 res=1 errno=0 [ 868.545439][T21503] netlink: 4724 bytes leftover after parsing attributes in process `syz.4.4605'. [ 868.714466][ T30] audit: type=1804 audit(4294967306.080:30): pid=21506 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.4604" name="file0" dev="tmpfs" ino=1118 res=1 errno=0 [ 869.145758][T21516] Invalid ELF header magic: != ELF [ 869.734988][T21520] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4610'. [ 871.023881][T21556] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4620'. [ 872.583231][T21582] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4627'. [ 872.611236][T21582] ieee80211 phy42: Selected rate control algorithm 'minstrel_ht' [ 873.054126][T21598] FAULT_INJECTION: forcing a failure. [ 873.054126][T21598] name failslab, interval 1, probability 0, space 0, times 0 [ 873.071759][T21598] CPU: 1 UID: 0 PID: 21598 Comm: syz.1.4631 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 873.071799][T21598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 873.071815][T21598] Call Trace: [ 873.071823][T21598] [ 873.071834][T21598] dump_stack_lvl+0x16c/0x1f0 [ 873.071880][T21598] should_fail_ex+0x512/0x640 [ 873.071924][T21598] ? __vb2_queue_alloc+0x23e/0x1280 [ 873.071951][T21598] should_failslab+0xc2/0x120 [ 873.071977][T21598] __kmalloc_noprof+0xd2/0x510 [ 873.072019][T21598] ? bitmap_find_next_zero_area_off+0xb4/0xd0 [ 873.072054][T21598] __vb2_queue_alloc+0x23e/0x1280 [ 873.072084][T21598] ? __kmalloc_noprof+0x242/0x510 [ 873.072131][T21598] vb2_core_reqbufs+0xa90/0xfe0 [ 873.072163][T21598] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 873.072200][T21598] __vb2_init_fileio+0x3f1/0x1100 [ 873.072230][T21598] ? __mutex_lock+0x1ca/0xb90 [ 873.072270][T21598] ? __pfx___futex_wait+0x10/0x10 [ 873.072303][T21598] ? vb2_fop_write+0xe6/0x3f0 [ 873.072338][T21598] __vb2_perform_fileio+0x9c2/0x1660 [ 873.072365][T21598] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 873.072405][T21598] ? futex_wake+0x456/0x530 [ 873.072439][T21598] vb2_fop_write+0x207/0x3f0 [ 873.072477][T21598] v4l2_write+0x226/0x360 [ 873.072508][T21598] ? __pfx_v4l2_write+0x10/0x10 [ 873.072536][T21598] vfs_write+0x29d/0x1150 [ 873.072569][T21598] ? __pfx_vfs_write+0x10/0x10 [ 873.072599][T21598] ? __fget_files+0x204/0x3c0 [ 873.072627][T21598] ? rcu_is_watching+0x12/0xc0 [ 873.072714][T21598] ? lock_release+0x201/0x2f0 [ 873.072751][T21598] ? __fget_files+0x20e/0x3c0 [ 873.072786][T21598] ksys_write+0x12a/0x250 [ 873.072824][T21598] ? __pfx_ksys_write+0x10/0x10 [ 873.072861][T21598] do_syscall_64+0xcd/0x490 [ 873.072896][T21598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.072919][T21598] RIP: 0033:0x7f40ecb8e929 [ 873.072937][T21598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 873.072960][T21598] RSP: 002b:00007f40edabe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 873.072982][T21598] RAX: ffffffffffffffda RBX: 00007f40ecdb5fa0 RCX: 00007f40ecb8e929 [ 873.072997][T21598] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000006 [ 873.073011][T21598] RBP: 00007f40ecc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 873.073024][T21598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 873.073039][T21598] R13: 0000000000000000 R14: 00007f40ecdb5fa0 R15: 00007ffde557b268 [ 873.073059][T21598] [ 875.583124][T21633] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4639'. [ 875.598969][T21633] ieee80211 phy43: Selected rate control algorithm 'minstrel_ht' [ 875.616956][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.623406][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.657584][T21637] netlink: 'syz.1.4640': attribute type 15 has an invalid length. [ 875.666174][T21637] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4640'. [ 875.685052][T21637] netlink: 'syz.1.4640': attribute type 15 has an invalid length. [ 875.698709][T21637] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4640'. [ 875.709938][T21636] caif:caif_disconnect_client(): nothing to disconnect [ 876.141859][T21650] futex_wake_op: syz.1.4643 tries to shift op by -9; fix this program [ 877.092529][T21666] Unable to find swap-space signature [ 877.407542][T21672] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4649'. [ 877.465285][T21672] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4649'. [ 880.641480][T21748] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input27 [ 881.667887][T21768] FAULT_INJECTION: forcing a failure. [ 881.667887][T21768] name failslab, interval 1, probability 0, space 0, times 0 [ 881.701880][T21768] CPU: 0 UID: 0 PID: 21768 Comm: syz.1.4675 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 881.701924][T21768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 881.701943][T21768] Call Trace: [ 881.701953][T21768] [ 881.701966][T21768] dump_stack_lvl+0x16c/0x1f0 [ 881.702014][T21768] should_fail_ex+0x512/0x640 [ 881.702060][T21768] should_failslab+0xc2/0x120 [ 881.702090][T21768] __kmalloc_cache_noprof+0x6a/0x3e0 [ 881.702128][T21768] ? __pfx___might_resched+0x10/0x10 [ 881.702160][T21768] ? net_generic+0xea/0x2a0 [ 881.702198][T21768] ? cfcnfg_create+0x5e/0x500 [ 881.702242][T21768] ? __pfx_caif_init_net+0x10/0x10 [ 881.702284][T21768] cfcnfg_create+0x5e/0x500 [ 881.702325][T21768] ? debug_mutex_init+0x37/0x70 [ 881.702353][T21768] ? __pfx_caif_init_net+0x10/0x10 [ 881.702391][T21768] caif_init_net+0x7d/0xe0 [ 881.702432][T21768] ops_init+0x1e2/0x5f0 [ 881.702479][T21768] setup_net+0x1ff/0x510 [ 881.702510][T21768] ? lockdep_init_map_type+0x5c/0x280 [ 881.702551][T21768] ? __pfx_setup_net+0x10/0x10 [ 881.702576][T21768] ? __raw_spin_lock_init+0x3a/0x110 [ 881.702630][T21768] ? debug_mutex_init+0x37/0x70 [ 881.702659][T21768] copy_net_ns+0x2a6/0x5f0 [ 881.702691][T21768] create_new_namespaces+0x3ea/0xa90 [ 881.702726][T21768] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 881.702760][T21768] ksys_unshare+0x45b/0xa40 [ 881.702800][T21768] ? __pfx_ksys_unshare+0x10/0x10 [ 881.702840][T21768] ? xfd_validate_state+0x61/0x180 [ 881.702883][T21768] __x64_sys_unshare+0x31/0x40 [ 881.702921][T21768] do_syscall_64+0xcd/0x490 [ 881.702966][T21768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.702998][T21768] RIP: 0033:0x7f40ecb8e929 [ 881.703020][T21768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 881.703050][T21768] RSP: 002b:00007f40eda9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 881.703079][T21768] RAX: ffffffffffffffda RBX: 00007f40ecdb6080 RCX: 00007f40ecb8e929 [ 881.703100][T21768] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 881.703118][T21768] RBP: 00007f40ecc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 881.703137][T21768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 881.703155][T21768] R13: 0000000000000000 R14: 00007f40ecdb6080 R15: 00007ffde557b268 [ 881.703182][T21768] [ 883.626950][T21794] ieee80211 phy44: Selected rate control algorithm 'minstrel_ht' [ 887.138890][T21882] FAULT_INJECTION: forcing a failure. [ 887.138890][T21882] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 887.152388][T21882] CPU: 0 UID: 0 PID: 21882 Comm: syz.1.4704 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 887.152431][T21882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 887.152519][T21882] Call Trace: [ 887.152528][T21882] [ 887.152538][T21882] dump_stack_lvl+0x16c/0x1f0 [ 887.152587][T21882] should_fail_ex+0x512/0x640 [ 887.152626][T21882] should_fail_alloc_page+0xe7/0x130 [ 887.152656][T21882] prepare_alloc_pages+0x3c2/0x610 [ 887.152687][T21882] ? stack_depot_save_flags+0x28/0xa40 [ 887.152728][T21882] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 887.152766][T21882] ? kasan_save_stack+0x42/0x60 [ 887.152801][T21882] ? kasan_save_stack+0x33/0x60 [ 887.152837][T21882] ? kasan_save_track+0x14/0x30 [ 887.152873][T21882] ? __kasan_slab_alloc+0x89/0x90 [ 887.152911][T21882] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 887.152947][T21882] ? ptlock_alloc+0x1f/0x70 [ 887.152981][T21882] ? pte_alloc_one+0x82/0x3a0 [ 887.153023][T21882] ? __pte_alloc+0x6d/0x3c0 [ 887.153049][T21882] ? copy_page_range+0x1aed/0x5740 [ 887.153080][T21882] ? dup_mmap+0xe88/0x21d0 [ 887.153111][T21882] ? rcu_is_watching+0x12/0xc0 [ 887.153138][T21882] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 887.153178][T21882] ? page_table_check_set+0x627/0x750 [ 887.153219][T21882] ? lock_release+0x201/0x2f0 [ 887.153259][T21882] ? __page_table_check_ptes_set+0x1ae/0x420 [ 887.153299][T21882] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 887.153343][T21882] ? policy_nodemask+0xea/0x4e0 [ 887.153389][T21882] alloc_pages_mpol+0x1fb/0x550 [ 887.153418][T21882] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 887.153457][T21882] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 887.153504][T21882] alloc_pages_noprof+0x131/0x390 [ 887.153531][T21882] pte_alloc_one+0x1c/0x3a0 [ 887.153575][T21882] __pte_alloc+0x6d/0x3c0 [ 887.153601][T21882] ? __pfx___pte_alloc+0x10/0x10 [ 887.153628][T21882] ? __pfx___might_resched+0x10/0x10 [ 887.153657][T21882] ? lock_release+0x201/0x2f0 [ 887.153695][T21882] copy_page_range+0x1aed/0x5740 [ 887.153751][T21882] ? __pfx_copy_page_range+0x10/0x10 [ 887.153791][T21882] ? mas_store+0x7a9/0x1160 [ 887.153820][T21882] ? rcu_is_watching+0x12/0xc0 [ 887.153850][T21882] ? __pfx___might_resched+0x10/0x10 [ 887.153881][T21882] ? __vma_enter_locked+0x163/0x3f0 [ 887.153920][T21882] ? lock_release+0x201/0x2f0 [ 887.153955][T21882] ? down_write+0x14d/0x200 [ 887.153983][T21882] ? up_write+0x1b2/0x520 [ 887.154025][T21882] dup_mmap+0xe88/0x21d0 [ 887.154063][T21882] ? __pfx_dup_mmap+0x10/0x10 [ 887.154096][T21882] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 887.154140][T21882] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 887.154182][T21882] ? __pfx___might_resched+0x10/0x10 [ 887.154211][T21882] ? mm_init+0xd3b/0x13c0 [ 887.154244][T21882] copy_process+0x4081/0x76a0 [ 887.154278][T21882] ? __pfx___futex_wait+0x10/0x10 [ 887.154325][T21882] ? __pfx_copy_process+0x10/0x10 [ 887.154360][T21882] ? lock_release+0x201/0x2f0 [ 887.154404][T21882] kernel_clone+0xfc/0x960 [ 887.154449][T21882] ? __pfx_kernel_clone+0x10/0x10 [ 887.154495][T21882] __do_sys_clone+0xce/0x120 [ 887.154528][T21882] ? __pfx___do_sys_clone+0x10/0x10 [ 887.154564][T21882] ? lock_release+0x201/0x2f0 [ 887.154606][T21882] ? xfd_validate_state+0x61/0x180 [ 887.154649][T21882] do_syscall_64+0xcd/0x490 [ 887.154692][T21882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.154723][T21882] RIP: 0033:0x7f40ecb8e929 [ 887.154747][T21882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 887.154776][T21882] RSP: 002b:00007f40edabdfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 887.154806][T21882] RAX: ffffffffffffffda RBX: 00007f40ecdb5fa0 RCX: 00007f40ecb8e929 [ 887.154826][T21882] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 887.154844][T21882] RBP: 00007f40ecc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 887.154863][T21882] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 887.154882][T21882] R13: 0000000000000000 R14: 00007f40ecdb5fa0 R15: 00007ffde557b268 [ 887.154911][T21882] [ 887.898706][ T30] audit: type=1804 audit(4294967301.040:31): pid=21889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4706" name="file0" dev="tmpfs" ino=6349 res=1 errno=0 [ 888.045124][T21894] sysfs_service_op_show: Client not running :-5: [ 888.812579][T21920] capability: warning: `syz.3.4712' uses deprecated v2 capabilities in a way that may be insecure [ 889.035628][T21923] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4713'. [ 889.084372][T21923] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4713'. [ 889.488513][T21937] random: crng reseeded on system resumption [ 889.530149][T21937] PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff] [ 889.548260][T21937] PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff] [ 889.566754][T21937] PM: hibernation: Marking nosave pages: [mem 0xbfffd000-0xffffffff] [ 889.575330][T21937] PM: hibernation: Basic memory bitmaps created [ 889.651153][T21937] PM: hibernation: Basic memory bitmaps freed [ 893.911281][T21998] Invalid ELF header magic: != ELF [ 895.559810][T22027] program syz.1.4741 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 897.043763][T22055] FAULT_INJECTION: forcing a failure. [ 897.043763][T22055] name failslab, interval 1, probability 0, space 0, times 0 [ 897.043791][T22055] CPU: 0 UID: 0 PID: 22055 Comm: syz.1.4747 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 897.043813][T22055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 897.043824][T22055] Call Trace: [ 897.043830][T22055] [ 897.043836][T22055] dump_stack_lvl+0x16c/0x1f0 [ 897.043864][T22055] should_fail_ex+0x512/0x640 [ 897.043889][T22055] ? vc_allocate+0x489/0x880 [ 897.043913][T22055] should_failslab+0xc2/0x120 [ 897.043930][T22055] __kmalloc_noprof+0xd2/0x510 [ 897.043955][T22055] vc_allocate+0x489/0x880 [ 897.043978][T22055] ? __pfx_vc_allocate+0x10/0x10 [ 897.044001][T22055] ? rcu_is_watching+0x12/0xc0 [ 897.044019][T22055] con_install+0xa1/0x600 [ 897.044043][T22055] ? __pfx_con_install+0x10/0x10 [ 897.044067][T22055] ? __pfx_con_install+0x10/0x10 [ 897.044091][T22055] tty_init_dev.part.0+0x99/0x500 [ 897.044108][T22055] tty_open+0xa50/0xf90 [ 897.044124][T22055] ? __pfx_tty_open+0x10/0x10 [ 897.044139][T22055] ? chrdev_open+0x58c/0x6a0 [ 897.044172][T22055] ? lock_release+0x201/0x2f0 [ 897.044193][T22055] ? __pfx_tty_open+0x10/0x10 [ 897.044208][T22055] chrdev_open+0x231/0x6a0 [ 897.044232][T22055] ? __pfx_chrdev_open+0x10/0x10 [ 897.044258][T22055] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 897.044283][T22055] do_dentry_open+0x744/0x1c10 [ 897.044308][T22055] ? __pfx_chrdev_open+0x10/0x10 [ 897.044335][T22055] vfs_open+0x82/0x3f0 [ 897.044352][T22055] path_openat+0x1de4/0x2cb0 [ 897.044377][T22055] ? __pfx_path_openat+0x10/0x10 [ 897.044401][T22055] do_filp_open+0x20b/0x470 [ 897.044424][T22055] ? __pfx_do_filp_open+0x10/0x10 [ 897.044452][T22055] ? alloc_fd+0x471/0x7d0 [ 897.044475][T22055] do_sys_openat2+0x11b/0x1d0 [ 897.044492][T22055] ? __pfx_do_sys_openat2+0x10/0x10 [ 897.044513][T22055] __x64_sys_openat+0x174/0x210 [ 897.044531][T22055] ? __pfx___x64_sys_openat+0x10/0x10 [ 897.044553][T22055] do_syscall_64+0xcd/0x490 [ 897.044577][T22055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 897.044594][T22055] RIP: 0033:0x7f40ecb8e929 [ 897.044608][T22055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 897.044624][T22055] RSP: 002b:00007f40edabe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 897.044640][T22055] RAX: ffffffffffffffda RBX: 00007f40ecdb5fa0 RCX: 00007f40ecb8e929 [ 897.044651][T22055] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 897.044661][T22055] RBP: 00007f40ecc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 897.044671][T22055] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 897.044681][T22055] R13: 0000000000000000 R14: 00007f40ecdb5fa0 R15: 00007ffde557b268 [ 897.044696][T22055] [ 897.627925][T22066] netlink: 330 bytes leftover after parsing attributes in process `syz.5.4748'. [ 897.717001][T22069] openvswitch: netlink: Key type 29 is not supported [ 898.210363][T22083] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4752'. [ 898.235914][T22083] netlink: 'syz.4.4752': attribute type 1 has an invalid length. [ 898.244079][T22083] netlink: 'syz.4.4752': attribute type 6 has an invalid length. [ 899.343960][T22107] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4759'. [ 899.383728][T22107] netlink: 354 bytes leftover after parsing attributes in process `syz.3.4759'. [ 900.656145][T22141] FAULT_INJECTION: forcing a failure. [ 900.656145][T22141] name failslab, interval 1, probability 0, space 0, times 0 [ 900.681096][T22137] ieee80211 phy45: Selected rate control algorithm 'minstrel_ht' [ 900.700935][T22141] CPU: 0 UID: 0 PID: 22141 Comm: syz.1.4769 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 900.700981][T22141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 900.701001][T22141] Call Trace: [ 900.701011][T22141] [ 900.701023][T22141] dump_stack_lvl+0x16c/0x1f0 [ 900.701084][T22141] should_fail_ex+0x512/0x640 [ 900.701130][T22141] should_failslab+0xc2/0x120 [ 900.701158][T22141] __kmalloc_cache_noprof+0x6a/0x3e0 [ 900.701198][T22141] ? snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 900.701236][T22141] snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 900.701271][T22141] ? preempt_count_sub+0x95/0x160 [ 900.701302][T22141] ? rcu_is_watching+0x12/0xc0 [ 900.701332][T22141] ? trace_contention_end+0xdd/0x130 [ 900.701374][T22141] ? __mutex_lock+0x1ca/0xb90 [ 900.701417][T22141] ? rcu_is_watching+0x12/0xc0 [ 900.701447][T22141] ? trace_contention_end+0xdd/0x130 [ 900.701486][T22141] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 900.701520][T22141] ? rcu_is_watching+0x12/0xc0 [ 900.701550][T22141] ? __pfx___mutex_lock+0x10/0x10 [ 900.701598][T22141] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 900.701644][T22141] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 900.701679][T22141] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 900.701711][T22141] ? __fget_files+0x204/0x3c0 [ 900.701747][T22141] ? hook_file_ioctl_common+0x145/0x410 [ 900.701778][T22141] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 900.701813][T22141] ? __fget_files+0x20e/0x3c0 [ 900.701853][T22141] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 900.701886][T22141] __x64_sys_ioctl+0x18b/0x210 [ 900.701920][T22141] do_syscall_64+0xcd/0x490 [ 900.701961][T22141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 900.701990][T22141] RIP: 0033:0x7f40ecb8e929 [ 900.702014][T22141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 900.702043][T22141] RSP: 002b:00007f40edabe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 900.702081][T22141] RAX: ffffffffffffffda RBX: 00007f40ecdb5fa0 RCX: 00007f40ecb8e929 [ 900.702103][T22141] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000009 [ 900.702123][T22141] RBP: 00007f40ecc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 900.702141][T22141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 900.702159][T22141] R13: 0000000000000000 R14: 00007f40ecdb5fa0 R15: 00007ffde557b268 [ 900.702188][T22141] [ 901.377076][T22154] netlink: zone id is out of range [ 901.382368][T22154] netlink: zone id is out of range [ 901.387510][T22154] netlink: zone id is out of range [ 901.393065][T22154] netlink: zone id is out of range [ 901.398218][T22154] netlink: zone id is out of range [ 901.419440][T22154] netlink: zone id is out of range [ 901.435811][T22154] netlink: zone id is out of range [ 901.472108][T22154] netlink: zone id is out of range [ 901.479862][T22154] netlink: zone id is out of range [ 901.525568][T22165] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4774'. [ 901.555716][T22165] ieee80211 phy46: Selected rate control algorithm 'minstrel_ht' [ 901.971218][T22174] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4776'. [ 903.802841][T22198] caif:caif_disconnect_client(): nothing to disconnect [ 904.384412][T22221] ERROR: Out of memory at tomoyo_memory_ok. [ 905.558839][T22240] netlink: 'syz.5.4795': attribute type 10 has an invalid length. [ 905.570453][T22240] netlink: 230 bytes leftover after parsing attributes in process `syz.5.4795'. [ 905.685509][T22240] team0: Port device team_slave_1 removed [ 906.783837][T22261] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 907.149615][T22247] caif:caif_disconnect_client(): nothing to disconnect [ 908.176549][T22274] ERROR: Out of memory at tomoyo_memory_ok. [ 908.604269][ T30] audit: type=1804 audit(4294967321.750:32): pid=22301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4807" name="file0" dev="tmpfs" ino=5848 res=1 errno=0 [ 908.670690][ T30] audit: type=1800 audit(4294967321.750:33): pid=22301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4807" name="file0" dev="tmpfs" ino=5848 res=0 errno=0 [ 910.705877][T22326] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4814'. [ 912.504092][T18459] Bluetooth: hci1: unexpected event 0x06 length: 11 > 3 [ 912.505019][T22362] caif:caif_disconnect_client(): nothing to disconnect [ 913.496412][T22384] net_ratelimit: 78 callbacks suppressed [ 913.496431][T22384] netlink: set zone limit has 8 unknown bytes [ 914.575964][T22405] FAULT_INJECTION: forcing a failure. [ 914.575964][T22405] name failslab, interval 1, probability 0, space 0, times 0 [ 914.588833][T22405] CPU: 0 UID: 0 PID: 22405 Comm: syz.1.4832 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 914.588859][T22405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 914.588870][T22405] Call Trace: [ 914.588876][T22405] [ 914.588900][T22405] dump_stack_lvl+0x16c/0x1f0 [ 914.588929][T22405] should_fail_ex+0x512/0x640 [ 914.588955][T22405] should_failslab+0xc2/0x120 [ 914.588972][T22405] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 914.588996][T22405] ? lock_release+0x201/0x2f0 [ 914.589016][T22405] ? __proc_create+0x2ce/0x8c0 [ 914.589042][T22405] __proc_create+0x2ce/0x8c0 [ 914.589066][T22405] ? __pfx___proc_create+0x10/0x10 [ 914.589091][T22405] ? lock_release+0x201/0x2f0 [ 914.589112][T22405] ? _raw_write_unlock+0x28/0x50 [ 914.589136][T22405] proc_create_reg+0x7d/0x180 [ 914.589151][T22405] proc_create_data+0x86/0x110 [ 914.589166][T22405] ? __pfx_proc_create_data+0x10/0x10 [ 914.589181][T22405] ? cache_register_net+0x137/0x5e0 [ 914.589199][T22405] ? lock_release+0x201/0x2f0 [ 914.589220][T22405] cache_register_net+0x1e0/0x5e0 [ 914.589237][T22405] ip_map_cache_create+0x8b/0x130 [ 914.589263][T22405] ? __pfx_sunrpc_init_net+0x10/0x10 [ 914.589295][T22405] sunrpc_init_net+0x55/0x190 [ 914.589317][T22405] ops_init+0x1e2/0x5f0 [ 914.589345][T22405] setup_net+0x1ff/0x510 [ 914.589359][T22405] ? lockdep_init_map_type+0x5c/0x280 [ 914.589382][T22405] ? __pfx_setup_net+0x10/0x10 [ 914.589396][T22405] ? __raw_spin_lock_init+0x3a/0x110 [ 914.589421][T22405] ? debug_mutex_init+0x37/0x70 [ 914.589437][T22405] copy_net_ns+0x2a6/0x5f0 [ 914.589454][T22405] create_new_namespaces+0x3ea/0xa90 [ 914.589474][T22405] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 914.589493][T22405] ksys_unshare+0x45b/0xa40 [ 914.589513][T22405] ? __pfx_ksys_unshare+0x10/0x10 [ 914.589535][T22405] ? syscall_user_dispatch+0x78/0x140 [ 914.589561][T22405] __x64_sys_unshare+0x31/0x40 [ 914.589582][T22405] do_syscall_64+0xcd/0x490 [ 914.589607][T22405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 914.589624][T22405] RIP: 0033:0x7f40ecb8e929 [ 914.589638][T22405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 914.589655][T22405] RSP: 002b:00007f40edabe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 914.589672][T22405] RAX: ffffffffffffffda RBX: 00007f40ecdb5fa0 RCX: 00007f40ecb8e929 [ 914.589683][T22405] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 914.589693][T22405] RBP: 00007f40ecc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 914.589703][T22405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 914.589713][T22405] R13: 0000000000000000 R14: 00007f40ecdb5fa0 R15: 00007ffde557b268 [ 914.589727][T22405] [ 915.145020][T22408] ieee80211 phy47: Selected rate control algorithm 'minstrel_ht' [ 915.258949][T22411] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 916.023508][T22443] ERROR: Out of memory at tomoyo_memory_ok. [ 916.141018][T22452] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4850'. [ 916.652087][T22450] ERROR: Out of memory at tomoyo_memory_ok. [ 916.939937][T22482] FAULT_INJECTION: forcing a failure. [ 916.939937][T22482] name failslab, interval 1, probability 0, space 0, times 0 [ 916.994709][T22482] CPU: 0 UID: 0 PID: 22482 Comm: syz.1.4845 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 916.994755][T22482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 916.994774][T22482] Call Trace: [ 916.994783][T22482] [ 916.994794][T22482] dump_stack_lvl+0x16c/0x1f0 [ 916.994841][T22482] should_fail_ex+0x512/0x640 [ 916.994884][T22482] should_failslab+0xc2/0x120 [ 916.994911][T22482] __kmalloc_cache_noprof+0x6a/0x3e0 [ 916.994950][T22482] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 916.994987][T22482] snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 916.995019][T22482] ? preempt_count_sub+0x95/0x160 [ 916.995051][T22482] ? trace_contention_end+0xdd/0x130 [ 916.995091][T22482] ? __mutex_lock+0x1ca/0xb90 [ 916.995141][T22482] ? rcu_is_watching+0x12/0xc0 [ 916.995170][T22482] ? trace_contention_end+0xdd/0x130 [ 916.995209][T22482] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 916.995242][T22482] ? rcu_is_watching+0x12/0xc0 [ 916.995271][T22482] ? __pfx___mutex_lock+0x10/0x10 [ 916.995320][T22482] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 916.995369][T22482] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 916.995406][T22482] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 916.995438][T22482] ? __fget_files+0x204/0x3c0 [ 916.995477][T22482] ? hook_file_ioctl_common+0x145/0x410 [ 916.995508][T22482] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 916.995543][T22482] ? __fget_files+0x20e/0x3c0 [ 916.995584][T22482] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 916.995616][T22482] __x64_sys_ioctl+0x18b/0x210 [ 916.995650][T22482] do_syscall_64+0xcd/0x490 [ 916.995693][T22482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 916.995742][T22482] RIP: 0033:0x7f40ecb8e929 [ 916.995766][T22482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 916.995794][T22482] RSP: 002b:00007f40eda9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 916.995829][T22482] RAX: ffffffffffffffda RBX: 00007f40ecdb6080 RCX: 00007f40ecb8e929 [ 916.995849][T22482] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000008 [ 916.995867][T22482] RBP: 00007f40ecc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 916.995883][T22482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 916.995898][T22482] R13: 0000000000000000 R14: 00007f40ecdb6080 R15: 00007ffde557b268 [ 916.995920][T22482] [ 918.598434][ C0] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000002) at rIP: 0xffffffff8163eaa9 (__mcheck_cpu_init_clear_banks+0x109/0x1f0) [ 918.613804][ C0] Call Trace: [ 918.617099][ C0] [ 918.619965][ C0] ? __pfx_mce_cpu_restart+0x10/0x10 [ 918.625281][ C0] mce_cpu_restart+0x98/0xb0 [ 918.629915][ C0] __flush_smp_call_function_queue+0x27d/0x8c0 [ 918.636134][ C0] __sysvec_call_function_single+0x87/0x400 [ 918.642066][ C0] sysvec_call_function_single+0x9f/0xc0 [ 918.647753][ C0] [ 918.650705][ C0] [ 918.653652][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 918.659661][ C0] RIP: 0010:_raw_read_unlock_irqrestore+0x31/0x80 [ 918.666106][ C0] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 c6 a2 18 f6 48 89 df e8 8e fa 18 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 01 00 00 00 e8 e5 16 09 f6 65 8b 05 9e c3 4c 08 85 c0 74 16 5b [ 918.685731][ C0] RSP: 0018:ffffc90003ebfb50 EFLAGS: 00000246 [ 918.691813][ C0] RAX: 0000000000000046 RBX: ffff888033e84888 RCX: ffffffff81c35b5f [ 918.699804][ C0] RDX: 0000000000000000 RSI: ffffffff8c156520 RDI: ffffffff8b7f5ca2 [ 918.707788][ C0] RBP: 0000000000000293 R08: 0000000000000000 R09: 0000000000000000 [ 918.715774][ C0] R10: ffffffff90a82e57 R11: 0000000000000000 R12: dffffc0000000000 [ 918.723762][ C0] R13: 000000000000001d R14: ffff888026d7b800 R15: 0000000000000000 [ 918.731770][ C0] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 918.737791][ C0] ? _raw_read_unlock_irqrestore+0x52/0x80 [ 918.743633][ C0] kill_fasync+0x224/0x510 [ 918.748066][ C0] anon_pipe_read+0xb3c/0x1210 [ 918.752869][ C0] ? __pfx_anon_pipe_read+0x10/0x10 [ 918.758097][ C0] ? __pfx_put_timespec64+0x10/0x10 [ 918.763315][ C0] ? apparmor_file_permission+0x251/0x400 [ 918.769054][ C0] ? bpf_lsm_file_permission+0x9/0x10 [ 918.774460][ C0] ? security_file_permission+0x71/0x210 [ 918.780129][ C0] ? rw_verify_area+0xcf/0x680 [ 918.784921][ C0] vfs_read+0xa95/0xc60 [ 918.789112][ C0] ? __pfx_vfs_read+0x10/0x10 [ 918.793816][ C0] ? __pfx_do_pselect.constprop.0+0x10/0x10 [ 918.799754][ C0] ? rcu_is_watching+0x12/0xc0 [ 918.804554][ C0] ksys_read+0x1f8/0x250 [ 918.808834][ C0] ? __pfx_ksys_read+0x10/0x10 [ 918.813652][ C0] do_syscall_64+0xcd/0x490 [ 918.818198][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 918.824115][ C0] RIP: 0033:0x7f0e6158d2fd [ 918.828546][ C0] Code: a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb b5 e8 a8 48 00 00 0f 1f 84 00 00 00 00 00 80 3d 41 82 1f 00 00 74 17 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 5b c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec [ 918.848191][ C0] RSP: 002b:00007ffdc8081db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 918.856637][ C0] RAX: ffffffffffffffda RBX: 000055555867c210 RCX: 00007f0e6158d2fd [ 918.864625][ C0] RDX: 0000000000000400 RSI: 000055555c5c3fe0 RDI: 0000000000000020 [ 918.872609][ C0] RBP: 00007ffdc80820e0 R08: 000000000002baba R09: 000055555867b390 [ 918.880590][ C0] R10: 0000000000000001 R11: 0000000000000246 R12: 000055555867c328 [ 918.888575][ C0] R13: 000055555867b380 R14: 00007ffdc8081e60 R15: 000055555867edb0 [ 918.896566][ C0] [ 918.971036][T22515] ERROR: Out of memory at tomoyo_memory_ok. [ 919.246467][T22530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4854'. [ 919.333278][T22533] nbd: must specify at least one socket [ 920.313719][T22512] caif:caif_disconnect_client(): nothing to disconnect [ 920.679598][T22556] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4863'. [ 922.119817][T22599] ERROR: Out of memory at tomoyo_memory_ok. [ 923.243565][T22635] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4874'. [ 923.757883][T22567] kexec: Could not allocate control_code_buffer [ 925.224729][T22668] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 925.476765][T22649] kexec: Could not allocate control_code_buffer [ 925.782309][T22661] caif:caif_disconnect_client(): nothing to disconnect [ 926.245807][T22680] ================================================================== [ 926.245826][T22680] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60 [ 926.245854][T22680] Write of size 8 at addr ffffc90003579000 by task syz.1.4886/22680 [ 926.245869][T22680] [ 926.245879][T22680] CPU: 1 UID: 0 PID: 22680 Comm: syz.1.4886 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 926.245901][T22680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 926.245912][T22680] Call Trace: [ 926.245919][T22680] [ 926.245926][T22680] dump_stack_lvl+0x116/0x1f0 [ 926.245952][T22680] print_report+0xcd/0x680 [ 926.245978][T22680] ? __virt_addr_valid+0x81/0x610 [ 926.245998][T22680] ? sys_imageblit+0x1a6f/0x1e60 [ 926.246016][T22680] kasan_report+0xe0/0x110 [ 926.246031][T22680] ? sys_imageblit+0x1a6f/0x1e60 [ 926.246052][T22680] sys_imageblit+0x1a6f/0x1e60 [ 926.246074][T22680] ? __pfx_sys_imageblit+0x10/0x10 [ 926.246094][T22680] ? do_raw_spin_lock+0x12c/0x2b0 [ 926.246119][T22680] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 926.246143][T22680] ? drm_fb_helper_damage.part.0+0x151/0x1f0 [ 926.246169][T22680] ? rcu_is_watching+0x12/0xc0 [ 926.246186][T22680] ? rcu_is_watching+0x12/0xc0 [ 926.246203][T22680] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 926.246228][T22680] ? queue_work_on+0x8b/0x1f0 [ 926.246253][T22680] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 926.246275][T22680] bit_putcs+0x90f/0xde0 [ 926.246304][T22680] ? __pfx_bit_putcs+0x10/0x10 [ 926.246330][T22680] ? fb_get_color_depth+0x120/0x250 [ 926.246354][T22680] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 926.246380][T22680] ? __pfx_bit_putcs+0x10/0x10 [ 926.246404][T22680] fbcon_putcs+0x383/0x4a0 [ 926.246426][T22680] ? __pfx_fbcon_putcs+0x10/0x10 [ 926.246449][T22680] do_con_write+0xff0/0x8280 [ 926.246479][T22680] ? __pfx_do_con_write+0x10/0x10 [ 926.246504][T22680] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 926.246533][T22680] con_write+0x23/0xb0 [ 926.246558][T22680] n_tty_write+0x40f/0x1160 [ 926.246579][T22680] ? __pfx_n_tty_write+0x10/0x10 [ 926.246597][T22680] ? rcu_is_watching+0x12/0xc0 [ 926.246613][T22680] ? __pfx_woken_wake_function+0x10/0x10 [ 926.246639][T22680] ? kfree+0x24f/0x4d0 [ 926.246658][T22680] ? file_tty_write.constprop.0+0x6ef/0x9b0 [ 926.246684][T22680] ? __pfx_n_tty_write+0x10/0x10 [ 926.246702][T22680] file_tty_write.constprop.0+0x504/0x9b0 [ 926.246730][T22680] redirected_tty_write+0xd4/0x150 [ 926.246761][T22680] vfs_write+0x6c7/0x1150 [ 926.246785][T22680] ? __pfx_redirected_tty_write+0x10/0x10 [ 926.246811][T22680] ? __pfx_vfs_write+0x10/0x10 [ 926.246833][T22680] ? lock_release+0x201/0x2f0 [ 926.246859][T22680] ksys_write+0x12a/0x250 [ 926.246881][T22680] ? __pfx_ksys_write+0x10/0x10 [ 926.246907][T22680] do_syscall_64+0xcd/0x490 [ 926.246934][T22680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 926.246951][T22680] RIP: 0033:0x7f40ecb8e929 [ 926.246965][T22680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 926.246982][T22680] RSP: 002b:00007f40eda9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 926.246999][T22680] RAX: ffffffffffffffda RBX: 00007f40ecdb6080 RCX: 00007f40ecb8e929 [ 926.247011][T22680] RDX: 0000000000000cb6 RSI: 0000200000000e00 RDI: 0000000000000004 [ 926.247021][T22680] RBP: 00007f40ecc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 926.247032][T22680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 926.247042][T22680] R13: 0000000000000000 R14: 00007f40ecdb6080 R15: 00007ffde557b268 [ 926.247057][T22680] [ 926.247063][T22680] [ 926.247071][T22680] The buggy address belongs to the virtual mapping at [ 926.247071][T22680] [ffffc90003279000, ffffc9000357a000) created by: [ 926.247071][T22680] drm_gem_shmem_vmap_locked+0x4bc/0x720 [ 926.247097][T22680] [ 926.247102][T22680] Memory state around the buggy address: [ 926.247111][T22680] ffffc90003578f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 926.247123][T22680] ffffc90003578f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 926.247135][T22680] >ffffc90003579000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 926.247145][T22680] ^ [ 926.247154][T22680] ffffc90003579080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 926.247166][T22680] ffffc90003579100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 926.247176][T22680] ================================================================== [ 926.247185][T22680] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 926.247197][T22680] CPU: 1 UID: 0 PID: 22680 Comm: syz.1.4886 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 926.247219][T22680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 926.247229][T22680] Call Trace: [ 926.247235][T22680] [ 926.247241][T22680] dump_stack_lvl+0x3d/0x1f0 [ 926.247265][T22680] panic+0x71c/0x800 [ 926.247288][T22680] ? __pfx_panic+0x10/0x10 [ 926.247312][T22680] ? __pfx__printk+0x10/0x10 [ 926.247332][T22680] ? rcu_is_watching+0x12/0xc0 [ 926.247349][T22680] ? end_report+0x4c/0x170 [ 926.247376][T22680] ? sys_imageblit+0x1a6f/0x1e60 [ 926.247395][T22680] check_panic_on_warn+0xab/0xb0 [ 926.247419][T22680] end_report+0x107/0x170 [ 926.247444][T22680] kasan_report+0xee/0x110 [ 926.247459][T22680] ? sys_imageblit+0x1a6f/0x1e60 [ 926.247480][T22680] sys_imageblit+0x1a6f/0x1e60 [ 926.247502][T22680] ? __pfx_sys_imageblit+0x10/0x10 [ 926.247522][T22680] ? do_raw_spin_lock+0x12c/0x2b0 [ 926.247546][T22680] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 926.247571][T22680] ? drm_fb_helper_damage.part.0+0x151/0x1f0 [ 926.247595][T22680] ? rcu_is_watching+0x12/0xc0 [ 926.247612][T22680] ? rcu_is_watching+0x12/0xc0 [ 926.247629][T22680] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 926.247654][T22680] ? queue_work_on+0x8b/0x1f0 [ 926.247679][T22680] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 926.247701][T22680] bit_putcs+0x90f/0xde0 [ 926.247729][T22680] ? __pfx_bit_putcs+0x10/0x10 [ 926.247762][T22680] ? fb_get_color_depth+0x120/0x250 [ 926.247786][T22680] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 926.247811][T22680] ? __pfx_bit_putcs+0x10/0x10 [ 926.247836][T22680] fbcon_putcs+0x383/0x4a0 [ 926.247860][T22680] ? __pfx_fbcon_putcs+0x10/0x10 [ 926.247883][T22680] do_con_write+0xff0/0x8280 [ 926.247914][T22680] ? __pfx_do_con_write+0x10/0x10 [ 926.247940][T22680] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 926.247969][T22680] con_write+0x23/0xb0 [ 926.247993][T22680] n_tty_write+0x40f/0x1160 [ 926.248015][T22680] ? __pfx_n_tty_write+0x10/0x10 [ 926.248032][T22680] ? rcu_is_watching+0x12/0xc0 [ 926.248049][T22680] ? __pfx_woken_wake_function+0x10/0x10 [ 926.248075][T22680] ? kfree+0x24f/0x4d0 [ 926.248094][T22680] ? file_tty_write.constprop.0+0x6ef/0x9b0 [ 926.248120][T22680] ? __pfx_n_tty_write+0x10/0x10 [ 926.248139][T22680] file_tty_write.constprop.0+0x504/0x9b0 [ 926.248167][T22680] redirected_tty_write+0xd4/0x150 [ 926.248192][T22680] vfs_write+0x6c7/0x1150 [ 926.248215][T22680] ? __pfx_redirected_tty_write+0x10/0x10 [ 926.248242][T22680] ? __pfx_vfs_write+0x10/0x10 [ 926.248265][T22680] ? lock_release+0x201/0x2f0 [ 926.248290][T22680] ksys_write+0x12a/0x250 [ 926.248312][T22680] ? __pfx_ksys_write+0x10/0x10 [ 926.248338][T22680] do_syscall_64+0xcd/0x490 [ 926.248362][T22680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 926.248380][T22680] RIP: 0033:0x7f40ecb8e929 [ 926.248392][T22680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 926.248409][T22680] RSP: 002b:00007f40eda9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 926.248425][T22680] RAX: ffffffffffffffda RBX: 00007f40ecdb6080 RCX: 00007f40ecb8e929 [ 926.248437][T22680] RDX: 0000000000000cb6 RSI: 0000200000000e00 RDI: 0000000000000004 [ 926.248448][T22680] RBP: 00007f40ecc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 926.248458][T22680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 926.248469][T22680] R13: 0000000000000000 R14: 00007f40ecdb6080 R15: 00007ffde557b268 [ 926.248484][T22680] [ 926.248811][T22680] Kernel Offset: disabled