last executing test programs: 6.696442847s ago: executing program 0 (id=526): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="7ef30000921e8df74e63949a68ea27f2150f8a71e2d6a9eb048497090000000000000058b8faac1dc2a2e2c41382c2a4c9c7b1c633204ee6a6c4bb9cce90cea1132ba2d531e98e94945297631a0ef49515b828ff66791d74a1f300bc3c9c59f6e6016d21bc0b5332b2ee521cdd5785201c08ff60", @ANYBLOB="1b0026bd7400fddbdf2503000000040008001400038010000b800c000180080008000a0101021200"], 0x44}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000a, 0x8e051, r0, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/pppol2tp\x00', 0x200, 0x0) pread64$auto(r2, &(0x7f0000000180)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\x8d\xa8\xcfM9\\\xd6\xcfUq\x05#\xed\x1c\xd1G\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xbasG\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\xfdz\xab\x91RQ7\xc4qI\xc5c.\xefQ\xfb\xf4!\xe6\xd0Pa\xb8\xb4R\xaah2\x1c\xdfEy?\xac\xc6\x122\xb0z\xdd\'\fq\x80\x1e\f\xaf\n\xad\x9f\xb4E+\x9e\xa6\xef\x03\xc7\xc1u\xa3K\xc3a\x127\xc2s\xae3\x80\x96\xf0\xc1\xff>\xec\x0eBW)\xb5I|\xaa\xb6\x1d\xbd,t\a\xff\x1e\xa67\xc1\xb5\xb5O\xe9aN|F\xb6\xd0\xf6\x19s\xf9\x9e', 0x400, 0x6) socket(0xa, 0xa, 0x5) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, &(0x7f0000000000)) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x5410, 0xffffffffffffffff) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x10000, 0x7, 0xf, 0x40000000008fd6, 0x948b, 0x7, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2000040080000004, 0xe) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x169780, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x6) write$auto(0xffffffffffffffff, 0x0, 0x0) 5.269508065s ago: executing program 2 (id=531): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) unshare$auto(0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r0) sendmsg$auto_TIPC_NL_NET_SET(r0, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000ffdbdf250f0000000c00078008000200", @ANYRES32=0xee00, @ANYBLOB="d56e417a"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) r2 = setfsuid$auto(0xee01) keyctl$auto(0x1d, 0xffffffffffffffff, r2, 0x0, 0x6) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xc2481, 0x0) write$auto(r3, 0x0, 0x81) msgctl$auto_IPC_RMID(0xdda7, 0x0, 0x0) sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x10) r4 = open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f0000000040)='I\xb7\x1dF\xbfB\xd1\x10\x7fz\x053g\xa5,\xfcf\xfb\xa6\xf6\x02\xa1\x7f>\xf7s\x04\"\x87\x16\xe9/\xc9\xa8|\xec\xbe9+\x1af\x1b\x1f\xee\xe9=\xa2\xb7B^{\x1d^:t\xb0\xc9\xe2\x14\xa0\xec\x89)\xe7\xa0\xd2\xcd>y\xa4\x88\xa8,\xe8\x80O\xc3\x9d\x0e\xe2P\xa5d\xa5b\x95\xdb\xf2\x1a\x82o\xc9\x03W\x8e\xc4,\x1b\xb6\xac\xd2Djr \xc5\x93\xc1\x7f\xa8b)9\xf4\x97\xd1\x9e\xd2I\xf8rc\x832\xdbR\x13\rXHw\xe0\xb1\x01\xb8\xd5^\xbas\xe8\xd6_\x95\xb4\xb4\x04\x00\xe5\xf5\x06\x83<\xea\'k\xbe\xd1f7\xb72\xed\r%\xb1*:9\xc0\x11\x80l\xadkL\xb6\xe3&\x11\x94\x97\xad\xc9\x17j\xb3\xabO\x0fOx_\xe9w9\xc7\xef\xbeC\tah,\a\xf6b\xaaXgL\xee7F%\xf7L*\x03K\xab\xdc\xcaP\x9f\xdb&f\xf6r7\x81\xc6', 0x4) execveat$auto(r4, &(0x7f0000000200)='\x00', 0x0, 0x0, 0x11000) r5 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto(r5, 0x4004556e, 0x1f) unshare$auto(0x40000080) fremovexattr$auto(r0, &(0x7f0000000080)='TIPCv2\x00') mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) 5.193683796s ago: executing program 0 (id=532): madvise$auto(0x0, 0xffffffffffff0001, 0x11) syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000080), 0xffffffffffffffff) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x0, 0xa, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x2000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0x200d) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x3, 0x84, 0x17, 0x0, 0x27) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0xa0000, 0x0) read$auto_tomoyo_operations_securityfs_if(r0, 0x0, 0x0) pread64$auto(r0, 0x0, 0xb69c, 0x2) 4.961386219s ago: executing program 3 (id=534): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x8) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(r0, 0xffffffffffffffff, 0xfffffff3) r1 = socket(0xa, 0x1, 0x84) mmap$auto(0x3, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x7ffd) close_range$auto(0x2, 0x8, 0x0) r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYRESDEC=r2, @ANYRES8=0x0, @ANYRES8=r1, @ANYRESDEC=r2, @ANYRES16=r3, @ANYRES64=r2], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x2400c080) r4 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x2, 0x400002) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), r5) r6 = gettid() sendmsg$auto_TASKSTATS_CMD_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x2400c8c1}, 0x8050) waitid$auto_P_PID(0x1, r6, &(0x7f00000001c0)={@_si_pad}, 0x100, &(0x7f0000000240)={{0x4, 0x4}, {0x2, 0x100}, 0x6, 0x3c3e1a7f, 0x6a, 0x1000000001, 0x800, 0x8, 0x5, 0x6, 0x6, 0xff, 0x8, 0x5841, 0xfffffffffffffc00}) write$auto(0x6, 0x0, 0x100000001) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) recvmmsg$auto(r1, &(0x7f0000000100)={{0x0, 0xbb, 0x0, 0x8, &(0x7f0000000040), 0x81, 0x6}, 0xfffffff9}, 0x5, 0x6586, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) open(&(0x7f0000000040)='.\x00', 0x100, 0x161) socket(0xa, 0x3, 0x3a) getdents64$auto(0x0, 0x0, 0x18) ioctl$auto(0x1, 0x8941, 0x8) 4.610226893s ago: executing program 0 (id=535): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) r0 = io_uring_setup$auto(0x9e6, 0x0) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/ext4/sda1/options\x00', 0x48302, 0x0) pread64$auto(r1, 0x0, 0x100000001, 0x400000000000100) setsockopt$auto(r1, 0x1000001, 0x3e, 0x0, 0x8) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88000, 0x0) read$auto(r2, 0x0, 0x20) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, 0x0, 0x24008804) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x734f, 0x35, 0x67f, 0x1ffde, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x40080, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x0, 0x7}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/user\x00') sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) sysfs$auto(0xfffffffe, 0x60000, 0x0) ioctl$auto_TCFLSH2(r0, 0x540b, &(0x7f00000003c0)="42a89a9860dffd7569a049344cbad2f7447a6ba28ebebe285c73b2024e55a7d3a00f13019acfe9dc0d93d8c6fd2c31873ec9417a424a43192076f2432cec2cde9ffe1bf874c2ff5479bf3b77556a5f2cbb169b6d4610cc5d0f16626e43f3524c7140c34fd1b114cf0ea5838a9bc04c68eed628d4d76c4765b78cde9db047acab4fd9cf3ebd11ce50cb") execveat$auto(r3, 0x0, 0x0, 0x0, 0x39) keyctl$auto(0x1d, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) r4 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), r4) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, &(0x7f0000000140), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) close_range$auto(0x2, 0x8, 0x0) 4.402511612s ago: executing program 1 (id=536): setsockopt$auto_SO_NOFCS(0xffffffffffffffff, 0xf1c, 0x2b, 0x0, 0x2) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) syslog$auto_SYSLOG_ACTION_READ(0x2, 0x0, 0x4) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x400800}, 0x8) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0xa, 0x1, 0x84) r3 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0x200d) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r3, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r4], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4.230625059s ago: executing program 2 (id=537): sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) setsockopt$auto_SO_NOFCS(0xffffffffffffffff, 0xf1c, 0x2b, 0x0, 0x2) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) prctl$auto_PR_SET_SYSCALL_USER_DISPATCH(0x3b, 0x7, 0x8, 0x40, 0x3) syslog$auto_SYSLOG_ACTION_READ(0x2, &(0x7f0000000040)='(:}\xe0-(,%\x00', 0x4) r0 = ioctl$auto_TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, &(0x7f00000000c0)=0x8) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x400800}, 0x8) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r3 = socket(0x2, 0x5, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0x202, 0x0) sendfile$auto(r4, r4, 0x0, 0x1) setsockopt$auto(r0, 0x10000000084, 0x7, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{0x0, 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) 3.93083944s ago: executing program 3 (id=538): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x20800, 0x0) fcntl$auto(0x3, 0x4, 0xa553) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f00000000c0)="fad91fc69b2adfdde1749ce0ed83292b6443141c6c5ed82768ff80cdc3322f679123f3617e893fb5f94513ffdf7f565c8ec5a4c16f73a496c20cbaa7a6600ce2ede842003ab1b52c8e045de3eec377d7c673aa278e368c9f8aa18ea0bf180d9105ba57bb12290cc4207a3df42738ce32691d6aa6ef0b322d690775db93b9644a") socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) close_range$auto(0x0, 0xfffffffffffff000, 0x0) mremap$auto(0x6, 0x8, 0x0, 0x0, 0xffffffffffffffff) 3.843515587s ago: executing program 1 (id=539): pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/223, 0xfffffffffffffffd, 0x82) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x4, 0x1d, 0x3000, 0x9, 0x9, 0x400a, 0xffffffffffffffff, [], {0x400a, 0x8, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x200, 0x4}, {0x100, 0x1, 0x4e, 0x80000085, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x0, 0x33, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x7) r0 = openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev$auto(r0, &(0x7f0000000100)={0x0, 0x10}, 0x1) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0x5}, 0x5, 0x80000000) close_range$auto(0x2, 0x8, 0x0) 3.580454368s ago: executing program 2 (id=540): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="7ef30000921e8df74e63949a68ea27f2150f8a71e2d6a9eb048497090000000000000058b8faac1dc2a2e2c41382c2a4c9c7b1c633204ee6a6c4bb9cce90cea1132ba2d531e98e94945297631a0ef49515b828ff66791d74a1f300bc3c9c59f6e6016d21bc0b5332b2ee521cdd5785201c08ff60", @ANYBLOB="1b0026bd7400fddbdf2503000000040008001400038010000b800c000180080008000a0101021200"], 0x44}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000a, 0x8e051, r0, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/pppol2tp\x00', 0x200, 0x0) pread64$auto(r2, &(0x7f0000000180)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\x8d\xa8\xcfM9\\\xd6\xcfUq\x05#\xed\x1c\xd1G\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xbasG\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\xfdz\xab\x91RQ7\xc4qI\xc5c.\xefQ\xfb\xf4!\xe6\xd0Pa\xb8\xb4R\xaah2\x1c\xdfEy?\xac\xc6\x122\xb0z\xdd\'\fq\x80\x1e\f\xaf\n\xad\x9f\xb4E+\x9e\xa6\xef\x03\xc7\xc1u\xa3K\xc3a\x127\xc2s\xae3\x80\x96\xf0\xc1\xff>\xec\x0eBW)\xb5I|\xaa\xb6\x1d\xbd,t\a\xff\x1e\xa67\xc1\xb5\xb5O\xe9aN|F\xb6\xd0\xf6\x19s\xf9\x9e', 0x400, 0x6) socket(0xa, 0xa, 0x5) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, &(0x7f0000000000)) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x5410, 0xffffffffffffffff) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x10000, 0x7, 0xf, 0x40000000008fd6, 0x948b, 0x7, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2000040080000004, 0xe) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x169780, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x6) write$auto(0xffffffffffffffff, 0x0, 0x0) 3.461371893s ago: executing program 1 (id=541): socket(0xa, 0x3, 0x3b) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x18, 0x10, 0x808, 0x7fb, &(0x7f0000000340)="2e87ae255faea9bca16821e73660a43c98f81f056a20818dde63d3c3436ada5521c127417b70c848d2f0b41c9954b52c56fd29b722f89cb8e96cfabaead96bc484c33f7fb2b8e8aeaeeb962fd2017e70de4a4892c560daf3d83461a5c527c6ca6471a2d3bb0714224c0002a6ed62432b4a635d9cb072fba6cc4049f67aced3906e0af971d833a8a1d53e32a133a5b4c89ec915deff549042f4d94e13d7855e68b736ec90d98b3cc7629a"}) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)="5cedd9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x19) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) keyctl$auto(0x2000000000000016, 0x0, 0xfffffffe, 0x400040, 0xa8) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x2, 0x20000020009, 0x7, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto(0xffffffffffffffff, 0x3, r1) setsockopt$auto(r2, 0x80, 0xfffffffe, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x3ff) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x407, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3b, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, 0x0, 0x100000a3d9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r4, 0x4, 0x7ff) open(&(0x7f00000000c0)='./file0\x00', 0x200000, 0x60) io_uring_setup$auto(0x25a8c, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) pipe2$auto(0x0, 0x80) ioctl$auto(0x1, 0x5761, 0x4) madvise$auto(0x0, 0xffffffffffff0006, 0x17) 2.505956486s ago: executing program 2 (id=542): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)="5cedd9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x19) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) keyctl$auto(0x2000000000000016, 0x0, 0xfffffffe, 0x400040, 0xa8) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x2, 0x20000020009, 0x7, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto(0xffffffffffffffff, 0x3, r1) setsockopt$auto(r2, 0x80, 0xfffffffe, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x3ff) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x407, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3b, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, 0x0, 0x100000a3d9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r4, 0x4, 0x7ff) open(&(0x7f00000000c0)='./file0\x00', 0x200000, 0x60) io_uring_setup$auto(0x25a8c, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) pipe2$auto(0x0, 0x80) ioctl$auto(0x1, 0x5761, 0x4) madvise$auto(0x0, 0xffffffffffff0006, 0x17) 1.841774749s ago: executing program 3 (id=543): close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/pci0000:00/0000:00:04.0/broken_parity_status\x00', 0xc3002, 0x0) r0 = socket(0x2, 0x2, 0x4) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) (async) mmap$auto(0x0, 0x1, 0x37eb, 0x40eb2, 0x4, 0x300000000000) mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) (async) splice$auto(0xffffffffffffffff, &(0x7f0000001d00)=0x1, 0xffffffffffffffff, 0x0, 0x6, 0x2) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) io_getevents$auto(0x26, 0xffffffff, 0x4, 0x0, 0xfffffffffffffffd) (async) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) (async) sendfile$auto(0x1, 0x3, 0x0, 0xc01) (async) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x802, 0x0, 0x1, 0x0, 0x2, 0x3}, 0x7}, 0x5, 0xcad7) (async) bind$auto(0xffffffffffffffff, 0x0, 0x6a) (async) shutdown$auto(0x200000003, 0x2) 1.721236491s ago: executing program 1 (id=544): mmap$auto(0x200000, 0x402008, 0x8, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r0, 0x0, 0xb4d3) (async, rerun: 32) socket(0x10, 0x4, 0xffffffc0) (rerun: 32) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 32) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) (rerun: 32) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) (async, rerun: 32) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r3 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) fchdir$auto(r3) mkdir$auto(&(0x7f0000000480)='./cgroup\x00', 0x6) (async) inotify_init1$auto(0x3000000000000) (async) socket(0x15, 0x5, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/cgroup.type\x00', 0x103042, 0x0) (async) rmdir$auto(&(0x7f0000000300)='./cgroup\x00') (async) close_range$auto(0x2, 0x8, 0x0) getuid() (async) socket(0xa, 0x1, 0x0) (async) socket(0x2, 0x1, 0x84) (async, rerun: 64) listen$auto(0x3, 0x81) (async, rerun: 64) listen$auto(0x3, 0x0) listen$auto(0x3, 0x81) 1.687536982s ago: executing program 0 (id=545): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x60000054}, 0x24000044) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYBLOB='j\x00Q'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r2 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_STATUS(r0, &(0x7f0000000300)={0x0, 0xffffffffffffffb7, &(0x7f00000002c0)={&(0x7f0000000340)={0x1c, r2, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0xffffffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x40) 1.389144483s ago: executing program 2 (id=546): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) rt_sigprocmask$auto(0x6, &(0x7f0000000080)={0x6}, 0xffffffffffffffff, 0x8) shmctl$auto_SHM_STAT_ANY(0x1, 0xf, &(0x7f0000000240)={{0xb3, 0xee00, 0xee00, 0x8, 0x0, 0x8, 0x4}, 0x3ff, 0x2, 0x1, 0x9, @raw=0x80000001, @inferred, 0x0, 0x0, &(0x7f0000000100)="f581dffcf707da68d0969c922a1a14f6cc56387bf4651bf29a1d3de066eca8b41ca2b91e0f5929684d36035148a33231492dd113bad82aa8930bb110321e57cc463c0065108a558dbeb597cf451f670a27a0c620445883191457a323bfb6cf9ad597d3a2c5a550f3e07669d1c37f2b7423e10bbd", &(0x7f0000000180)="1d276b756e1179998bea35acff351011cc6a3eae3df06a22041a3e27d91d009ad3eebd08b4e161d425f842a5b85dddc3678ee7c7eaebf42f96196a66b575de68cbec92cf171b47a89c4e016fc3d48bbd9ab51571330d3d98a0d846b9a9d3cd958c3684ef74ac8a79b0165f132b19904bb2cdc2fd95a7373597ae9ac041e71c5ad4c88e8b2a62783bf7a2e111045eb9017db5348c862e39d9bb48"}) sendmsg$auto_IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000d40)={&(0x7f0000001680)=ANY=[@ANYBLOB="fc080000", @ANYRES16=0x0, @ANYBLOB="20002dbd7000fcdbdf25020000003d030280e08ac4b4f5b6cd423fee74435d11a3a53e5f74e26bd56d591df5e7ae63f5f50d4082ee4434f1942c4eb222d0d8182f43bfa51e78434855b894e8356f3d913ba1d1d62997ba6d39563d3631eeb0905a76c60f1477d07c1039b87501f51e4eb1e7b3e204351b54c7fa98b56aac37be9cd9bdfed9f985f4d9f17ea40e25c62a161bd1d588ec2d599132954521c0d46d8487e35f5d3c89b4a2d091d2d47c35c4d6b0ed96dd89bf8f300114dde14c362694f2ac2a33d6e3a544f2163542e5e48ccea7afc8bc591511824f71efa51eff5ed129ebc64655f70c00270001000000000000000e01668004004d800400df808565a39a34d3204b98f9ae60a6d2fdc75556ab5878c4ff776f24663260a1128dec4e7adc250e28dd56fcf8b91a264b74df67c49041d933c608c59811dc19346e42a10e3102baf8c48711fd4d78532a3682df0f08726cea638195a5a6da1942ef25b6ac86c7085e83e5340244878e2b7da3c896006b4a4697f98d43f9d72f703cdf22dc35315f6501c7e7499d00c81673df078a8bb9c109ccfbb927fbe322ce11d6decd408aea8be35b2ec91d073249395a59a1a10c99f1a7490ca1c1af70b841d3d4b7e450dea271e837a32dec7afcae2e2e70ed020ed4fc522784389acb7327ade2383ed2706c2bedfc65e9d46444b4fbbbbd5049efcc75fb34080010", @ANYRES32, @ANYBLOB="000046011a804f82cdaab403976cf4ba448b4c83b577dddf71a4d92d250a03d90bad6bf6433b61b50c34fe57b88443d4b314473a80bffd39236417c53340a32ac34f9a83883b07b31abb9218abc63c20ab18aa4ad864017a13343737d6d419a27bd449e0722968f4d8b4ddddae2faf09ebb571d08b4e90c359724f5f6d70d3313c2b5fa1b6d757064da4cd87e80b6a526443c2c93c73b39ede4a8e54cf35a9393cca0e10ce5323871034f30f0c4e44578d81070b7aba346491335178c50a1609b88cb90c2b191ad38ee0c47392add67b59843586e175247f15f83eb50dbb073443dcdb93427294f374b50f989e9c7f166168a85e2690c301dbfad3b28094635775b62f19898040fab529fc103354dd2138786e94f00afa7833694d48131a0059f0efb9dbdfefcb256ee7caf4a2424bd5c65f11b3b71c077daf8f694eae03e9393bbb52145f9d2bd6000000000008000500000000000800060008000000b80303801c011f80040072808fb14d83aca583fe06fa808162276997b84e28ac1a09018e882cb3d5fa54f6cdd3f9e868a356b5a3c494f7151cd7942c1e71cd53985c7ea00800bd000000000004004580a0d6570df4308db3956b502d54b7a37712ac316a03433556f4c67f40f747eb9071a5f99b75bbcd4ece57b1a5378e275f6e09690d974804d5afb1b8025f36d43fac5a5c06037def29e39aea1341ca5f8d7b625ad344e1bc9eed33b705d9b97401176543c553fd8fdaab8875b7d7976a9e763e8fa5bba9ba7498462c2e5a0f5d2e54b56066a485eeeabeb9ae288a48c25d99cbba69573a1b1a5363116341302f45914c1e0806f553e72e892bbcec1d9af4db3f1fefb7197be04131c33d5be058b94eaf87a611bd4931469eaa44b2c2ec20a8010e80080034006401010220759f47dac22c4c395c409f7a78222a5f8091c2eb514f726c84e393147df77d57ac4330418c2e65fa7d32811d535c98a61be739dbe8a41ea2227fe44995b4e93183b59f82734cbefccc0142dd63ffea8f1ca9667a842442fbda37262877c21968ef61f9b9857620d70bcfed572c97eabd23e4c30244cff7c4f7b5dca241730d0efc50dcaaa8b559477145e943271237edf8d346d5651f68bc84b5484ac6c092b185145d6e3ee1a79e3a17e7ceeda38bc69da07fd24428fd4845169287cd5eac554b2f9e823cd7e4e5e51e0c9d71f5b18f5fe6caa19e31a36e35835ef1c12d8b09e342f3896adabb705a74082076a828588f0361df588389916d1eb82da21aafe4ce5c7fa19ab173cc4aed4b35a1c0530a2a5ddd5175f6493028c0114163ef31df4597f6d270737f641476a561150ffb6cdc5c952ff383a9e65717a852657a15cfa27f3e59c267b776f9656d49164ff583f21ad0cb5f27a6040040808e47add39c333239903750c67aa6ae8aa03b3e85804f8d343690f46d47132d1aeb7b5ce239baf89e6df6d5461d7126963f9c9ae95ea15e4d67ddb0e3fc686d910400100008003e00", @ANYRES32=r1, @ANYBLOB="69c8b6603e315bbd832c50b4293c21f125d5dc10c74b41a7190e91aad994b781765fb68e9354aa828ab5d3be3f327206ccc243ef806db2c0f17db9094b535bc0f74e11c0c12c2370dc0071d0eee1569ae7094536e9bab689400d54fce8196b066503dbe2452e59af1ff7cdc762d537ec82a180441091b7f24e51ed23f99b7d5ae2b93332300a3aee6441e4f30f77ba2e98cef5761c3e8f25da38d1ed66307af69ac777ff3bb16ed644a30ba1f4fa5fb75921c8600c888fbc2400fc801800b8801400db0000000000000000000000ffffe000000108002300", @ANYRES32, @ANYBLOB="0800420096553a4b32695179f2374d3e8d7bcdb77ebd8c7b3cb4b379439155b0646c89fb2d", @ANYRES32, @ANYBLOB="cd0101809353826809545b09186e865644bd2c36eb84eccc248f87e11da894792c67b74318bff46c4f1c79942e76b972135b4eeb6019d9c728a26875c997be62ecba10d2b678d4979fdcba858b361b66fa1a3e495856da5d0ed564738e931a7a3510eb2396a86c22efeaa18daf8cbf6111925b62b46e40f157d026b5735db600522dc3918deaa4eadc41193d3239ecc553fc48340446269dd5636aa5e2c7730b4243d4539b072c2ae9608af94cc9e0813bffe0808d5391772ee883398a52523384f10b18985003784f7145150507053868fbd442f0721836d20e2afa720c74b20b816ed7103049c3bbdde3f926afc9308e178623cf8fd9d9a51479f1766823fb30832eb5429173d32c597548ee48a457df901af4f339cd2ef8b58024c260f157efce452be0a9df607fb293fe952b2f507b95385a8f35c2d6ada35047204ce8e70b86162e1040a55f0116a1f5e8b2bd88a65eedfdc30b4b663335a1962e9113ab8afb2520d8f2b50c9a6300da0037f84d5163dd8452288f01eb79628e488fee3b9d79cb131880c801da23ec0a978c48ee29d5469ac5458ee76328e744211e11150d72de7d7c79378da108c2c4b933092a9b80d46ceb3fcc0b0912f441cca2c37cd3ff2aefda01f2939ea68f45000000000800040000000000080005006b000000"], 0x8fc}, 0x1, 0x0, 0x0, 0x4000}, 0x4) unshare$auto(0x4) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x0, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) sendfile$auto(r3, r2, 0x0, 0x1000202) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) 1.36830453s ago: executing program 3 (id=547): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop6\x00', 0x480, 0x0) r1 = socket(0x2, 0xa, 0x80000001) write$auto(0x3, 0x0, 0xfffffdee) fdatasync$auto(r0) mmap$auto(0x6, 0x40009, 0xdf, 0x10, 0x7, 0x28000) mmap$auto(0x0, 0x2020009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) socket(0x1d, 0x2, 0x2) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x8) prctl$auto(0x3e, 0x6, 0x0, 0x1, 0x0) close_range$auto(r0, r1, 0x2) mmap$auto(0x0, 0x2020009, 0x200, 0x8000000000eb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0xf, 0x0) close_range$auto(0x2, r1, 0x0) open(0x0, 0x62240, 0x154) r2 = socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4) semtimedop$auto(0x8000, &(0x7f00000000c0)={0x6713, 0x5e, 0x80}, 0x3e, &(0x7f0000000180)={0xfffffffffffffff5, 0xb87}) r3 = open(&(0x7f00000001c0)='./file0\x00', 0x8c901, 0x161) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x20008, 0x4, 0x1e, r2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x10, &(0x7f0000000000)={0x0, 0xd6c6}, 0x2, 0x0, 0xe, 0x4}, 0x3}, 0x200, 0xb07e) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x1a, 0xa, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="f2000000", @ANYBLOB='O\x00', @ANYBLOB="edd2cb1af6b69aed5f16093845"], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ttyu8\x00', 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(r3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x4, 0x9}, 0x5}, 0x3, 0x20000000) getdents64$auto(0x0, 0x0, 0x18) 1.367499645s ago: executing program 0 (id=548): socket(0xa, 0x801, 0x84) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) select$auto(0xd, 0x0, 0x0, 0x0, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x7, 0x2, 0xdf, 0x410, 0x0, 0x8000000000000001) syslog$auto(0x4, 0x0, 0x0) (async) syslog$auto(0x4, 0x0, 0x0) sendmsg$auto_NL802154_CMD_SEND_BEACONS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x11, 0x80003, 0x300) socket(0x11, 0xa, 0x300) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0xc013, 0x4000000000df, 0xeb1, r1, 0x4) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x3a) (async) r2 = socket(0xa, 0x2, 0x3a) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x0) socket(0x7, 0x2, 0xd010) (async) socket(0x7, 0x2, 0xd010) setsockopt$auto(r2, 0x29, 0x4e, &(0x7f0000000180)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5', 0x10000110) (async) setsockopt$auto(r2, 0x29, 0x4e, &(0x7f0000000180)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5', 0x10000110) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) (async) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@generic={0xa, "02d0ac0c00e435826339c7328903"}, 0x6a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/snd_seq_oss/parameters/maxqlen\x00', 0x88802, 0x0) (async) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/snd_seq_oss/parameters/maxqlen\x00', 0x88802, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) read$auto(r3, 0x0, 0x8) (async) read$auto(r3, 0x0, 0x8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) 933.457655ms ago: executing program 3 (id=549): sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) setsockopt$auto_SO_NOFCS(0xffffffffffffffff, 0xf1c, 0x2b, 0x0, 0x2) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) prctl$auto_PR_SET_SYSCALL_USER_DISPATCH(0x3b, 0x7, 0x8, 0x40, 0x3) syslog$auto_SYSLOG_ACTION_READ(0x2, &(0x7f0000000040)='(:}\xe0-(,%\x00', 0x4) r0 = ioctl$auto_TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, &(0x7f00000000c0)=0x8) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x400800}, 0x8) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r3 = socket(0x2, 0x5, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0x202, 0x0) sendfile$auto(r4, r4, 0x0, 0x1) setsockopt$auto(r0, 0x10000000084, 0x7, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{0x0, 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) 701.481628ms ago: executing program 0 (id=550): fcntl$auto(0xffffffffffffffff, 0x409, 0x40003f) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) (async) r0 = socket(0x2b, 0x1, 0x1) (async, rerun: 32) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (rerun: 32) ioctl$auto(r0, 0x89a0, 0x4) (async, rerun: 32) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) (rerun: 32) unshare$auto(0x40000080) (async) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) (async) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) (async) r1 = openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/cmdline\x00', 0x60502, 0x0) read$auto_proc_pid_cmdline_ops_base(r1, &(0x7f0000000040)=""/159, 0x9f) 618.525482ms ago: executing program 1 (id=551): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.14/usb38/38-0:1.0/usb38-port7/power/pm_qos_no_power_off\x00', 0x80000, 0x0) writev$auto(r0, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) 441.774272ms ago: executing program 1 (id=552): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) keyctl$auto(0x2000000000000017, 0x8000, 0x2d, 0xc4, 0x20803) mmap$auto(0x0, 0x400004, 0xb, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) (async) select$auto(0x5, 0x0, &(0x7f0000000100)={[0x9, 0x200, 0x0, 0x8000000000000201, 0x9, 0x3, 0x6, 0x7, 0xd886, 0x5e58296b, 0x341, 0x41, 0x7, 0x200, 0x8, 0xc]}, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/acpi/hotplug/pci_root/enabled\x00', 0x8001, 0x0) write$auto(r0, 0x0, 0x7d) (async) socket(0x2b, 0x1, 0x1) (async) unshare$auto(0x40000080) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/neigh/macvlan1/app_solicit\x00', 0xd2000, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x2) (async) r1 = set_tid_address$auto(0x0) ioprio_get$auto_IOPRIO_WHO_PROCESS(0x1, r1) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x3, 0x400008, 0xdf, 0x9b72, r0, 0x100000000) (async) open(0x0, 0x7ffd, 0x12) (async) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) (async) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) (async) madvise$auto(0x0, 0x2000040080000004, 0xe) (async, rerun: 32) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x10) (rerun: 32) unshare$auto(0x40000080) (async) io_uring_setup$auto(0x4c2, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 351.870691ms ago: executing program 2 (id=553): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f00000000c0)={0x10001, "7624556d5a72abd3cf1831c3791745bdccafcefd4aa5f2066c8a9433d3503ed3", @inferred=r0}) (async) r1 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r1, &(0x7f00000001c0)={{&(0x7f0000000000), 0x1aa, &(0x7f0000000100)={&(0x7f0000000040)="4a67d23edb3100000000000000000075210d2de48306c2fb", 0x49}, 0x5, 0x0, 0x5}, 0x1}, 0x2, 0x3) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) lseek$auto(0x3, 0x2, 0x4) (async) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x66ab80, 0x0) (async) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000400), 0x101000, 0x0) ioctl$auto_UI_SET_EVBIT(r2, 0x40045564, &(0x7f0000000140)=0xfffffffd) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) socket(0x2, 0xa, 0xe) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) readv$auto(0x3, 0x0, 0x87) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0) write$auto(0x3, 0x0, 0x100082) (async) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) write$auto(0x3, 0x0, 0xfdef) 0s ago: executing program 3 (id=554): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)="5cedd9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x19) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) keyctl$auto(0x2000000000000016, 0x0, 0xfffffffe, 0x400040, 0xa8) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x2, 0x20000020009, 0x7, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto(0xffffffffffffffff, 0x3, r1) setsockopt$auto(r2, 0x80, 0xfffffffe, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x3ff) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x407, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3b, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, 0x0, 0x100000a3d9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r4, 0x4, 0x7ff) open(&(0x7f00000000c0)='./file0\x00', 0x200000, 0x60) io_uring_setup$auto(0x25a8c, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) pipe2$auto(0x0, 0x80) ioctl$auto(0x1, 0x5761, 0x4) madvise$auto(0x0, 0xffffffffffff0006, 0x17) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.146' (ED25519) to the list of known hosts. [ 89.921488][ T5835] cgroup: Unknown subsys name 'net' [ 90.061922][ T5835] cgroup: Unknown subsys name 'cpuset' [ 90.071173][ T5835] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.174919][ T5835] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 94.449159][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 94.458417][ T5854] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 94.466806][ T5854] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 94.475275][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 94.483474][ T5854] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 94.491550][ T5854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 94.499813][ T5854] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 94.507605][ T5854] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 94.511537][ T5861] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 94.516559][ T5854] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 94.532703][ T5861] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 94.548784][ T5861] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 94.558717][ T5862] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 94.580236][ T5862] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 94.584039][ T5863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 94.588739][ T5862] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 94.595092][ T5863] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 94.619026][ T5862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 94.630813][ T5863] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.631696][ T5862] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.268273][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 95.286967][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 95.312869][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 95.415191][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 95.542555][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.550719][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.558711][ T5845] bridge_slave_0: entered allmulticast mode [ 95.566463][ T5845] bridge_slave_0: entered promiscuous mode [ 95.587251][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.594486][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.602117][ T5846] bridge_slave_0: entered allmulticast mode [ 95.609906][ T5846] bridge_slave_0: entered promiscuous mode [ 95.640555][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.647732][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.655332][ T5845] bridge_slave_1: entered allmulticast mode [ 95.662673][ T5845] bridge_slave_1: entered promiscuous mode [ 95.670622][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.677796][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.685792][ T5846] bridge_slave_1: entered allmulticast mode [ 95.693119][ T5846] bridge_slave_1: entered promiscuous mode [ 95.777112][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.784553][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.792961][ T5851] bridge_slave_0: entered allmulticast mode [ 95.800528][ T5851] bridge_slave_0: entered promiscuous mode [ 95.824697][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.839579][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.861713][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.869256][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.876415][ T5851] bridge_slave_1: entered allmulticast mode [ 95.884745][ T5851] bridge_slave_1: entered promiscuous mode [ 95.894607][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.918762][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.925942][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.933945][ T5852] bridge_slave_0: entered allmulticast mode [ 95.941189][ T5852] bridge_slave_0: entered promiscuous mode [ 95.964340][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.998857][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.006673][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.014141][ T5852] bridge_slave_1: entered allmulticast mode [ 96.021749][ T5852] bridge_slave_1: entered promiscuous mode [ 96.073900][ T5845] team0: Port device team_slave_0 added [ 96.082255][ T5846] team0: Port device team_slave_0 added [ 96.091382][ T5845] team0: Port device team_slave_1 added [ 96.113710][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.125339][ T5846] team0: Port device team_slave_1 added [ 96.148575][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.161647][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.204107][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.211344][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.237848][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.254215][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.290141][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.297226][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.323543][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.337647][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.344763][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.371821][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.412559][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.419735][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.445857][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.484066][ T5851] team0: Port device team_slave_0 added [ 96.521293][ T5852] team0: Port device team_slave_0 added [ 96.530739][ T5851] team0: Port device team_slave_1 added [ 96.557051][ T5846] hsr_slave_0: entered promiscuous mode [ 96.564604][ T5846] hsr_slave_1: entered promiscuous mode [ 96.573809][ T5852] team0: Port device team_slave_1 added [ 96.618780][ T5850] Bluetooth: hci1: command tx timeout [ 96.618786][ T5169] Bluetooth: hci3: command tx timeout [ 96.652919][ T5845] hsr_slave_0: entered promiscuous mode [ 96.659808][ T5845] hsr_slave_1: entered promiscuous mode [ 96.666305][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.674254][ T5845] Cannot create hsr debugfs directory [ 96.681363][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.688375][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.714574][ T5850] Bluetooth: hci2: command tx timeout [ 96.714583][ T5169] Bluetooth: hci0: command tx timeout [ 96.717361][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.741633][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.749271][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.778390][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.810433][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.817421][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.843446][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.894895][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.902126][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.928909][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.031446][ T5851] hsr_slave_0: entered promiscuous mode [ 97.037783][ T5851] hsr_slave_1: entered promiscuous mode [ 97.044776][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.052507][ T5851] Cannot create hsr debugfs directory [ 97.118621][ T5852] hsr_slave_0: entered promiscuous mode [ 97.124953][ T5852] hsr_slave_1: entered promiscuous mode [ 97.132213][ T5852] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.139958][ T5852] Cannot create hsr debugfs directory [ 97.185651][ T978] cfg80211: failed to load regulatory.db [ 97.534020][ T5846] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 97.556803][ T5846] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 97.576230][ T5846] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 97.602634][ T5846] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 97.655246][ T5845] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 97.693150][ T5845] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 97.715377][ T5845] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 97.736068][ T5845] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 97.821099][ T5851] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.838784][ T5851] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.876687][ T5851] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.886580][ T5851] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.964143][ T5852] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 97.996660][ T5852] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.010958][ T5852] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.024041][ T5852] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.128608][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.146290][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.217144][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.241892][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.253478][ T2980] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.260783][ T2980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.280165][ T2980] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.287357][ T2980] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.307402][ T1168] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.314625][ T1168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.377749][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.384973][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.403589][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.450644][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.481205][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.500563][ T1168] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.507877][ T1168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.550627][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.557878][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.634708][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.686935][ T1168] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.694256][ T1168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.703433][ T5850] Bluetooth: hci3: command tx timeout [ 98.710695][ T5169] Bluetooth: hci1: command tx timeout [ 98.734643][ T1168] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.741901][ T1168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.782572][ T5169] Bluetooth: hci0: command tx timeout [ 98.782939][ T5850] Bluetooth: hci2: command tx timeout [ 98.866588][ T5851] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 98.966710][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.195071][ T5846] veth0_vlan: entered promiscuous mode [ 99.240070][ T5846] veth1_vlan: entered promiscuous mode [ 99.340091][ T5846] veth0_macvtap: entered promiscuous mode [ 99.399920][ T5846] veth1_macvtap: entered promiscuous mode [ 99.456880][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.487615][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.515197][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.532137][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.563218][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.590468][ T5846] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.601230][ T5846] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.611165][ T5846] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.620674][ T5846] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.685395][ T5851] veth0_vlan: entered promiscuous mode [ 99.735067][ T5851] veth1_vlan: entered promiscuous mode [ 99.755265][ T5845] veth0_vlan: entered promiscuous mode [ 99.762665][ T5852] veth0_vlan: entered promiscuous mode [ 99.822837][ T5845] veth1_vlan: entered promiscuous mode [ 99.864403][ T1086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.870431][ T5852] veth1_vlan: entered promiscuous mode [ 99.886101][ T1086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.931826][ T5851] veth0_macvtap: entered promiscuous mode [ 99.960579][ T5851] veth1_macvtap: entered promiscuous mode [ 99.971466][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.981336][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.006049][ T5845] veth0_macvtap: entered promiscuous mode [ 100.052704][ T5845] veth1_macvtap: entered promiscuous mode [ 100.066950][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 100.070971][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.114097][ T5852] veth0_macvtap: entered promiscuous mode [ 100.127599][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.156740][ T5852] veth1_macvtap: entered promiscuous mode [ 100.176604][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.189143][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.249211][ T5851] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.269116][ T5851] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.279684][ T5851] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.291426][ T5851] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.316117][ T5845] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.327195][ T5845] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.341731][ T5845] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.362398][ T5845] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.381932][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.406274][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.494386][ T5852] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.517580][ T5852] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.541219][ T5852] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.562973][ T5852] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.788825][ T5169] Bluetooth: hci3: command tx timeout [ 100.789922][ T5850] Bluetooth: hci1: command tx timeout [ 100.821433][ T1098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.830988][ T1098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.859414][ T5850] Bluetooth: hci0: command tx timeout [ 100.869862][ T5850] Bluetooth: hci2: command tx timeout [ 100.944153][ T1168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.000276][ T1168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.051818][ T1168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.060829][ T1168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.144935][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.182648][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.237819][ T1168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.246139][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.255247][ T1168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.513522][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.545803][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.558177][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 101.578211][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 101.823789][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.019435][ T5952] Zero length message leads to an empty skb [ 102.858344][ T5850] Bluetooth: hci3: command tx timeout [ 102.868218][ T5850] Bluetooth: hci1: command tx timeout [ 102.938050][ T5850] Bluetooth: hci2: command tx timeout [ 103.011924][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 103.106842][ T5968] mmap: syz.0.6 (5968) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 103.142919][ T30] audit: type=1326 audit(1752022801.930:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5961 comm="syz.3.5" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f25c8b8e929 code=0x0 [ 103.610302][ T5981] svc: failed to register nfsdv3 RPC service (errno 111). [ 103.666551][ T5981] svc: failed to register nfsaclv3 RPC service (errno 111). [ 104.138405][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 104.158321][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.300282][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.340577][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 104.698636][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.797233][ T5965] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 104.875311][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 104.895666][ T5965] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 105.293937][ T5965] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 105.718579][ T5965] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 105.742533][ T5965] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 105.919594][ T5965] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 105.977785][ T5965] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 105.999467][ T5965] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 106.062619][ T5965] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 106.120293][ T5965] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 106.136564][ T5965] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 106.212343][ T5965] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 106.349196][ T5982] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 106.938481][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 107.190790][ T6007] binder: 6002:6007 ioctl c00c620f 200000000340 returned -22 [ 107.212189][ T5850] Bluetooth: hci2: Malformed Event: 0x13 [ 107.738197][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 108.058897][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 108.138811][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 109.021643][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 109.818242][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 110.141094][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 110.227235][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 110.271371][ T6055] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[6055] [ 110.476691][ T6040] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[6040] [ 110.881899][ T6067] netlink: 48 bytes leftover after parsing attributes in process `syz.2.24'. [ 111.902752][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 112.187217][ T6093] FAULT_INJECTION: forcing a failure. [ 112.187217][ T6093] name failslab, interval 1, probability 0, space 0, times 1 [ 112.202908][ T6093] CPU: 0 UID: 0 PID: 6093 Comm: syz.3.28 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 112.202949][ T6093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.202965][ T6093] Call Trace: [ 112.202976][ T6093] [ 112.202987][ T6093] dump_stack_lvl+0x16c/0x1f0 [ 112.203036][ T6093] should_fail_ex+0x512/0x640 [ 112.203084][ T6093] should_failslab+0xc2/0x120 [ 112.203113][ T6093] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 112.203169][ T6093] ? skb_clone+0x190/0x3f0 [ 112.203220][ T6093] skb_clone+0x190/0x3f0 [ 112.203266][ T6093] sctp_ulpevent_make_rcvmsg+0x2fa/0xab0 [ 112.203308][ T6093] ? __pfx_sctp_ulpq_tail_data+0x10/0x10 [ 112.203346][ T6093] sctp_ulpq_tail_data+0xc2/0xf70 [ 112.203383][ T6093] ? sctp_eat_data+0xbb3/0x1920 [ 112.203433][ T6093] ? __pfx_sctp_ulpq_tail_data+0x10/0x10 [ 112.203489][ T6093] ? sctp_sf_eat_data_6_2+0x56b/0xba0 [ 112.203526][ T6093] ? __pfx_sctp_ulpq_tail_data+0x10/0x10 [ 112.203564][ T6093] sctp_do_sm+0x1dc4/0x5c80 [ 112.203619][ T6093] ? __pfx_sctp_do_sm+0x10/0x10 [ 112.203720][ T6093] ? ktime_get+0x200/0x310 [ 112.203755][ T6093] ? lockdep_hardirqs_on+0x7c/0x110 [ 112.203805][ T6093] sctp_assoc_bh_rcv+0x392/0x6f0 [ 112.203853][ T6093] sctp_inq_push+0x1db/0x270 [ 112.203884][ T6093] sctp_backlog_rcv+0x169/0x590 [ 112.203923][ T6093] ? __pfx_sctp_backlog_rcv+0x10/0x10 [ 112.203959][ T6093] __release_sock+0x362/0x400 [ 112.204001][ T6093] ? lockdep_hardirqs_on+0x7c/0x110 [ 112.204048][ T6093] release_sock+0x5a/0x220 [ 112.204089][ T6093] sctp_wait_for_connect+0x1c4/0x5c0 [ 112.204121][ T6093] ? __pfx_sctp_wait_for_connect+0x10/0x10 [ 112.204148][ T6093] ? skb_set_owner_w+0x31f/0x710 [ 112.204189][ T6093] ? __pfx_autoremove_wake_function+0x10/0x10 [ 112.204223][ T6093] ? sctp_datamsg_put+0x58/0x5f0 [ 112.204260][ T6093] ? sctp_primitive_SEND+0x9f/0xd0 [ 112.204297][ T6093] sctp_sendmsg_to_asoc+0x182b/0x1bf0 [ 112.204341][ T6093] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 112.204370][ T6093] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 112.204404][ T6093] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 112.204445][ T6093] sctp_sendmsg+0xef5/0x1ee0 [ 112.204489][ T6093] ? __pfx_sctp_sendmsg+0x10/0x10 [ 112.204527][ T6093] ? __pfx___might_resched+0x10/0x10 [ 112.204581][ T6093] ? __pfx_aa_sk_perm+0x10/0x10 [ 112.204621][ T6093] ? __pfx_sctp_sendmsg+0x10/0x10 [ 112.204654][ T6093] inet_sendmsg+0x11c/0x140 [ 112.204692][ T6093] ____sys_sendmsg+0x973/0xc70 [ 112.204726][ T6093] ? __pfx_____sys_sendmsg+0x10/0x10 [ 112.204761][ T6093] ? find_held_lock+0x2b/0x80 [ 112.204792][ T6093] ? futex_unqueue+0x133/0x2c0 [ 112.204834][ T6093] ___sys_sendmsg+0x134/0x1d0 [ 112.204880][ T6093] ? __pfx____sys_sendmsg+0x10/0x10 [ 112.204940][ T6093] ? find_held_lock+0x2b/0x80 [ 112.204996][ T6093] __sys_sendmmsg+0x200/0x420 [ 112.205044][ T6093] ? __pfx___sys_sendmmsg+0x10/0x10 [ 112.205082][ T6093] ? __pfx_inet_bind_sk+0x10/0x10 [ 112.205130][ T6093] ? __pfx_do_futex+0x10/0x10 [ 112.205193][ T6093] ? xfd_validate_state+0x61/0x180 [ 112.205231][ T6093] ? __sys_setsockopt+0x140/0x1a0 [ 112.205275][ T6093] __x64_sys_sendmmsg+0x9c/0x100 [ 112.205319][ T6093] ? lockdep_hardirqs_on+0x7c/0x110 [ 112.205360][ T6093] do_syscall_64+0xcd/0x490 [ 112.205405][ T6093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.205433][ T6093] RIP: 0033:0x7f25c8b8e929 [ 112.205455][ T6093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.205479][ T6093] RSP: 002b:00007f25c9960038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 112.205505][ T6093] RAX: ffffffffffffffda RBX: 00007f25c8db6080 RCX: 00007f25c8b8e929 [ 112.205523][ T6093] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000003 [ 112.205540][ T6093] RBP: 00007f25c8c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 112.205556][ T6093] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 112.205572][ T6093] R13: 0000000000000000 R14: 00007f25c8db6080 R15: 00007ffe6a352058 [ 112.205610][ T6093] [ 112.206355][ T6095] tipc: Started in network mode [ 112.288949][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 112.298906][ T5169] Bluetooth: hci3: command 0x0c1a tx timeout [ 112.368321][ T6095] tipc: Node identity ee00, cluster identity 4711 [ 112.645402][ T6095] tipc: Node number set to 60928 [ 113.421008][ T6105] netlink: 48 bytes leftover after parsing attributes in process `syz.1.32'. [ 114.116358][ T6114] QAT: failed to copy from user. [ 114.898710][ T6125] netlink: 48 bytes leftover after parsing attributes in process `syz.2.37'. [ 115.193646][ T6114] syz.3.34 (6114) used greatest stack depth: 19304 bytes left [ 116.738265][ T6147] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 119.687383][ T6171] ptrace attach of "./syz-executor exec"[5852] was attempted by "./syz-executor exec"[6171] [ 119.988657][ T6193] netlink: 48 bytes leftover after parsing attributes in process `syz.0.49'. [ 120.807671][ T6182] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[6182] [ 122.505232][ T6222] netlink: 'syz.0.54': attribute type 1 has an invalid length. [ 123.195437][ T6237] netlink: 48 bytes leftover after parsing attributes in process `syz.0.58'. [ 125.073740][ T6264] process 'syz.3.63' launched './file0' with NULL argv: empty string added [ 125.716886][ T6257] ima: policy update failed [ 125.722148][ T30] audit: type=1802 audit(4294967313.940:3): pid=6257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.63" res=0 errno=0 [ 126.219483][ T6273] netlink: 338 bytes leftover after parsing attributes in process `syz.1.65'. [ 126.253563][ T6277] random: crng reseeded on system resumption [ 126.320039][ T6278] netlink: 338 bytes leftover after parsing attributes in process `syz.1.65'. [ 126.606521][ T6284] kafs: addr_prefs: Invalid Command [ 126.961145][ T6287] vhci_hcd: invalid port number 16 [ 126.976176][ T6284] netlink: 'syz.2.67': attribute type 1 has an invalid length. [ 126.995053][ T6287] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 127.429324][ T6298] FAULT_INJECTION: forcing a failure. [ 127.429324][ T6298] name failslab, interval 1, probability 0, space 0, times 0 [ 127.442029][ T6298] CPU: 0 UID: 0 PID: 6298 Comm: syz.3.69 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 127.442053][ T6298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 127.442064][ T6298] Call Trace: [ 127.442070][ T6298] [ 127.442077][ T6298] dump_stack_lvl+0x16c/0x1f0 [ 127.442105][ T6298] should_fail_ex+0x512/0x640 [ 127.442129][ T6298] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 127.442157][ T6298] should_failslab+0xc2/0x120 [ 127.442173][ T6298] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 127.442196][ T6298] ? vm_area_alloc+0x1f/0x160 [ 127.442220][ T6298] vm_area_alloc+0x1f/0x160 [ 127.442242][ T6298] create_init_stack_vma+0x29/0x700 [ 127.442271][ T6298] alloc_bprm+0x420/0x6f0 [ 127.442294][ T6298] do_execveat_common.isra.0+0x1ce/0x610 [ 127.442321][ T6298] __x64_sys_execve+0x8e/0xb0 [ 127.442343][ T6298] do_syscall_64+0xcd/0x490 [ 127.442368][ T6298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.442384][ T6298] RIP: 0033:0x7f25c8b8e929 [ 127.442398][ T6298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.442413][ T6298] RSP: 002b:00007f25c9960038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 127.442429][ T6298] RAX: ffffffffffffffda RBX: 00007f25c8db6080 RCX: 00007f25c8b8e929 [ 127.442439][ T6298] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 127.442448][ T6298] RBP: 00007f25c8c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 127.442457][ T6298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.442466][ T6298] R13: 0000000000000000 R14: 00007f25c8db6080 R15: 00007ffe6a352058 [ 127.442486][ T6298] [ 128.180473][ T6307] netlink: 48 bytes leftover after parsing attributes in process `syz.2.70'. [ 130.745563][ T6345] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 131.091912][ T6351] netlink: 16 bytes leftover after parsing attributes in process `syz.3.76'. [ 131.220082][ T6346] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 131.290516][ T6351] netlink: 93 bytes leftover after parsing attributes in process `syz.3.76'. [ 132.185447][ T6363] capability: warning: `syz.1.80' uses 32-bit capabilities (legacy support in use) [ 133.121595][ T6375] FAULT_INJECTION: forcing a failure. [ 133.121595][ T6375] name failslab, interval 1, probability 0, space 0, times 0 [ 133.138077][ T6375] CPU: 1 UID: 0 PID: 6375 Comm: syz.2.84 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 133.138119][ T6375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 133.138137][ T6375] Call Trace: [ 133.138147][ T6375] [ 133.138158][ T6375] dump_stack_lvl+0x16c/0x1f0 [ 133.138207][ T6375] should_fail_ex+0x512/0x640 [ 133.138247][ T6375] ? __kmalloc_noprof+0xbf/0x510 [ 133.138289][ T6375] ? lsm_blob_alloc+0x68/0x90 [ 133.138332][ T6375] should_failslab+0xc2/0x120 [ 133.138359][ T6375] __kmalloc_noprof+0xd2/0x510 [ 133.138408][ T6375] lsm_blob_alloc+0x68/0x90 [ 133.138453][ T6375] security_sk_alloc+0x30/0x270 [ 133.138486][ T6375] sk_prot_alloc+0xfb/0x2a0 [ 133.138519][ T6375] sk_alloc+0x36/0xc20 [ 133.138560][ T6375] unix_create1+0xa6/0x700 [ 133.138599][ T6375] unix_create+0x10e/0x1d0 [ 133.138636][ T6375] __sock_create+0x335/0x8d0 [ 133.138676][ T6375] __sys_socketpair+0x1d8/0x5a0 [ 133.138713][ T6375] ? __pfx___sys_socketpair+0x10/0x10 [ 133.138754][ T6375] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 133.138796][ T6375] ? xfd_validate_state+0x61/0x180 [ 133.138833][ T6375] ? __pfx___do_sys_close_range+0x10/0x10 [ 133.138888][ T6375] __x64_sys_socketpair+0x96/0x100 [ 133.138924][ T6375] ? lockdep_hardirqs_on+0x7c/0x110 [ 133.138967][ T6375] do_syscall_64+0xcd/0x490 [ 133.139010][ T6375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.139038][ T6375] RIP: 0033:0x7ff12bb8e929 [ 133.139061][ T6375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.139088][ T6375] RSP: 002b:00007ff12ca36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 133.139116][ T6375] RAX: ffffffffffffffda RBX: 00007ff12bdb5fa0 RCX: 00007ff12bb8e929 [ 133.139135][ T6375] RDX: 8000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 133.139152][ T6375] RBP: 00007ff12bc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 133.139169][ T6375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.139185][ T6375] R13: 0000000000000000 R14: 00007ff12bdb5fa0 R15: 00007fff905c1398 [ 133.139223][ T6375] [ 135.782657][ T6426] netlink: 48 bytes leftover after parsing attributes in process `syz.2.96'. [ 137.237200][ T6420] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[6420] [ 137.883222][ T6452] vivid-007: ================= START STATUS ================= [ 137.939479][ T6452] vivid-007: Generate PTS: true [ 137.990078][ T6452] vivid-007: Generate SCR: true [ 137.995414][ T6452] tpg source WxH: 320x240 (Y'CbCr) [ 138.002896][ T6452] tpg field: 1 [ 138.025779][ T6452] tpg crop: (0,0)/320x240 [ 138.036632][ T6452] tpg compose: (0,0)/320x240 [ 138.063162][ T6452] tpg colorspace: 8 [ 138.088305][ T6452] tpg transfer function: 0/0 [ 138.097747][ T6452] tpg Y'CbCr encoding: 0/0 [ 138.120982][ T6452] tpg quantization: 0/0 [ 138.127694][ T6452] tpg RGB range: 0/2 [ 138.133284][ T6452] vivid-007: ================== END STATUS ================== [ 138.148839][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.155284][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.411853][ T6443] ptrace attach of "./syz-executor exec"[5852] was attempted by "./syz-executor exec"[6443] [ 139.457587][ T6494] vhci_hcd: invalid port number 16 [ 139.476598][ T6494] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 139.485946][ T6471] Invalid ELF header magic: != ELF [ 141.528298][ T6485] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[6485] [ 141.618497][ T6498] ptrace attach of "./syz-executor exec"[5852] was attempted by "./syz-executor exec"[6498] [ 142.145693][ T6530] binder: 6529:6530 ioctl 600004 6 returned -22 [ 142.525533][ T6547] netlink: 338 bytes leftover after parsing attributes in process `syz.2.116'. [ 142.583187][ T6532] netlink: 338 bytes leftover after parsing attributes in process `syz.2.116'. [ 144.102129][ T6566] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 144.760345][ T6566] netlink: 28 bytes leftover after parsing attributes in process `syz.0.120'. [ 144.786646][ T6566] veth1_macvtap: left promiscuous mode [ 144.949986][ T6565] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[6565] [ 146.522467][ T6591] [ 147.679269][ T6581] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[6581] [ 149.084081][ T6619] vivid-007: ================= START STATUS ================= [ 149.118446][ T6619] vivid-007: Generate PTS: true [ 149.123388][ T6619] vivid-007: Generate SCR: true [ 149.153091][ T6619] tpg source WxH: 320x240 (Y'CbCr) [ 149.168954][ T6619] tpg field: 1 [ 149.172354][ T6619] tpg crop: (0,0)/320x240 [ 149.176775][ T6619] tpg compose: (0,0)/320x240 [ 149.184346][ T6619] tpg colorspace: 8 [ 149.192918][ T6619] tpg transfer function: 0/0 [ 149.202733][ T6619] tpg Y'CbCr encoding: 0/0 [ 149.209560][ T6619] tpg quantization: 0/0 [ 149.214260][ T6619] tpg RGB range: 0/2 [ 149.230685][ T6626] syz.2.130 uses obsolete (PF_INET,SOCK_PACKET) [ 149.237141][ T6619] vivid-007: ================== END STATUS ================== [ 152.144757][ T6659] program syz.3.137 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 152.690961][ T6665] FAULT_INJECTION: forcing a failure. [ 152.690961][ T6665] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 152.718645][ T6665] CPU: 0 UID: 0 PID: 6665 Comm: syz.0.139 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 152.718686][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 152.718701][ T6665] Call Trace: [ 152.718711][ T6665] [ 152.718721][ T6665] dump_stack_lvl+0x16c/0x1f0 [ 152.718768][ T6665] should_fail_ex+0x512/0x640 [ 152.718814][ T6665] _copy_to_iter+0x29f/0x16f0 [ 152.718860][ T6665] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 152.718907][ T6665] ? __pfx__copy_to_iter+0x10/0x10 [ 152.718957][ T6665] ? mark_held_locks+0x49/0x80 [ 152.718994][ T6665] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 152.719031][ T6665] ? lockdep_hardirqs_on+0x7c/0x110 [ 152.719075][ T6665] simple_copy_to_iter+0x46/0x90 [ 152.719111][ T6665] __skb_datagram_iter+0x5af/0x900 [ 152.719144][ T6665] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 152.719192][ T6665] skb_copy_datagram_iter+0x40/0x50 [ 152.719229][ T6665] mptcp_recvmsg+0x5ac/0x2230 [ 152.719271][ T6665] ? lock_acquire+0x179/0x350 [ 152.719322][ T6665] ? __pfx_mptcp_recvmsg+0x10/0x10 [ 152.719368][ T6665] ? __pfx___might_resched+0x10/0x10 [ 152.719417][ T6665] ? aa_sk_perm+0x2f4/0xb10 [ 152.719457][ T6665] ? __pfx_mptcp_recvmsg+0x10/0x10 [ 152.719500][ T6665] inet_recvmsg+0x46f/0x6a0 [ 152.719539][ T6665] ? __pfx_inet_recvmsg+0x10/0x10 [ 152.719591][ T6665] sock_recvmsg+0x1b2/0x250 [ 152.719623][ T6665] sock_read_iter+0x2b9/0x3b0 [ 152.719659][ T6665] ? __pfx_sock_read_iter+0x10/0x10 [ 152.719707][ T6665] ? bpf_lsm_file_permission+0x9/0x10 [ 152.719735][ T6665] ? security_file_permission+0x71/0x210 [ 152.719773][ T6665] ? rw_verify_area+0xcf/0x680 [ 152.719814][ T6665] vfs_read+0xa95/0xc60 [ 152.719863][ T6665] ? __pfx_vfs_read+0x10/0x10 [ 152.719897][ T6665] ? find_held_lock+0x2b/0x80 [ 152.719958][ T6665] ksys_read+0x1f8/0x250 [ 152.719997][ T6665] ? __pfx_ksys_read+0x10/0x10 [ 152.720051][ T6665] do_syscall_64+0xcd/0x490 [ 152.720096][ T6665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.720124][ T6665] RIP: 0033:0x7f5455f8e929 [ 152.720145][ T6665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.720171][ T6665] RSP: 002b:00007f5456e49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 152.720197][ T6665] RAX: ffffffffffffffda RBX: 00007f54561b5fa0 RCX: 00007f5455f8e929 [ 152.720215][ T6665] RDX: 0000000000000f34 RSI: 0000000000000000 RDI: 0000000000000003 [ 152.720231][ T6665] RBP: 00007f5456e49090 R08: 0000000000000000 R09: 0000000000000000 [ 152.720246][ T6665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.720262][ T6665] R13: 0000000000000000 R14: 00007f54561b5fa0 R15: 00007ffdfe5b7298 [ 152.720299][ T6665] [ 153.130201][ T6668] vhci_hcd: invalid port number 16 [ 153.135955][ T6668] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 153.366115][ T6672] netlink: 48 bytes leftover after parsing attributes in process `syz.1.140'. [ 155.654059][ T6697] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 155.713363][ T6697] netlink: 338 bytes leftover after parsing attributes in process `syz.0.148'. [ 155.740064][ T6697] netlink: 338 bytes leftover after parsing attributes in process `syz.0.148'. [ 155.754017][ T6699] vhci_hcd: invalid port number 16 [ 155.763322][ T6699] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 155.790001][ T6697] netlink: 210 bytes leftover after parsing attributes in process `syz.0.148'. [ 155.829374][ T6697] veth0_macvtap: left promiscuous mode [ 155.912899][ T6695] ubi0: attaching mtd0 [ 156.346712][ T6695] ubi0: scanning is finished [ 156.352004][ T6695] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 156.850014][ T6695] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 158.570828][ T6744] FAULT_INJECTION: forcing a failure. [ 158.570828][ T6744] name failslab, interval 1, probability 0, space 0, times 0 [ 158.700273][ T6744] CPU: 0 UID: 0 PID: 6744 Comm: syz.1.157 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 158.700315][ T6744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.700332][ T6744] Call Trace: [ 158.700341][ T6744] [ 158.700352][ T6744] dump_stack_lvl+0x16c/0x1f0 [ 158.700407][ T6744] should_fail_ex+0x512/0x640 [ 158.700446][ T6744] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 158.700488][ T6744] should_failslab+0xc2/0x120 [ 158.700515][ T6744] __kmalloc_cache_noprof+0x6a/0x3e0 [ 158.700551][ T6744] ? __genradix_ptr_alloc+0x340/0x5f0 [ 158.700576][ T6744] ? sctp_auth_shkey_create+0x9e/0x210 [ 158.700610][ T6744] sctp_auth_shkey_create+0x9e/0x210 [ 158.700640][ T6744] sctp_auth_asoc_copy_shkeys+0x1f2/0x360 [ 158.700676][ T6744] sctp_association_new+0x19ad/0x2a00 [ 158.700720][ T6744] sctp_connect_new_asoc+0x1b6/0x790 [ 158.700757][ T6744] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 158.700792][ T6744] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 158.700836][ T6744] __sctp_connect+0x3f3/0xc60 [ 158.700874][ T6744] ? do_raw_spin_lock+0x12c/0x2b0 [ 158.700921][ T6744] ? __pfx___sctp_connect+0x10/0x10 [ 158.700959][ T6744] ? __pfx_sctp_inet_connect+0x10/0x10 [ 158.700994][ T6744] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 158.701040][ T6744] ? __pfx_sctp_inet_connect+0x10/0x10 [ 158.701069][ T6744] sctp_inet_connect+0x15f/0x200 [ 158.701102][ T6744] __sys_connect_file+0x13e/0x1a0 [ 158.701140][ T6744] __sys_connect+0x13b/0x160 [ 158.701172][ T6744] ? __pfx___sys_connect+0x10/0x10 [ 158.701229][ T6744] ? __pfx_ksys_write+0x10/0x10 [ 158.701274][ T6744] __x64_sys_connect+0x72/0xb0 [ 158.701305][ T6744] ? lockdep_hardirqs_on+0x7c/0x110 [ 158.701343][ T6744] do_syscall_64+0xcd/0x490 [ 158.701380][ T6744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.701417][ T6744] RIP: 0033:0x7f8f6378e929 [ 158.701440][ T6744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.701465][ T6744] RSP: 002b:00007f8f645ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 158.701492][ T6744] RAX: ffffffffffffffda RBX: 00007f8f639b5fa0 RCX: 00007f8f6378e929 [ 158.701510][ T6744] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 158.701526][ T6744] RBP: 00007f8f645ca090 R08: 0000000000000000 R09: 0000000000000000 [ 158.701541][ T6744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.701556][ T6744] R13: 0000000000000000 R14: 00007f8f639b5fa0 R15: 00007fff4ee2f258 [ 158.701593][ T6744] [ 159.093833][ T6751] random: crng reseeded on system resumption [ 159.707366][ T6760] vhci_hcd: invalid port number 16 [ 159.796746][ T6760] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 161.138785][ T6783] FAULT_INJECTION: forcing a failure. [ 161.138785][ T6783] name failslab, interval 1, probability 0, space 0, times 0 [ 161.218792][ T6783] CPU: 1 UID: 0 PID: 6783 Comm: syz.0.164 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 161.218834][ T6783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.218850][ T6783] Call Trace: [ 161.218860][ T6783] [ 161.218871][ T6783] dump_stack_lvl+0x16c/0x1f0 [ 161.218918][ T6783] should_fail_ex+0x512/0x640 [ 161.218955][ T6783] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 161.218996][ T6783] should_failslab+0xc2/0x120 [ 161.219023][ T6783] __kmalloc_cache_noprof+0x6a/0x3e0 [ 161.219065][ T6783] ? sctp_datamsg_from_user+0x8d/0x1320 [ 161.219114][ T6783] sctp_datamsg_from_user+0x8d/0x1320 [ 161.219156][ T6783] ? __sk_mem_raise_allocated+0x94d/0x1670 [ 161.219216][ T6783] ? sctp_primitive_ASSOCIATE+0x9c/0xd0 [ 161.219261][ T6783] sctp_sendmsg_to_asoc+0xaf5/0x1bf0 [ 161.219292][ T6783] ? sctp_assoc_set_primary+0x177/0x300 [ 161.219339][ T6783] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 161.219374][ T6783] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 161.219436][ T6783] sctp_sendmsg+0xef5/0x1ee0 [ 161.219486][ T6783] ? __pfx_sctp_sendmsg+0x10/0x10 [ 161.219525][ T6783] ? __pfx___might_resched+0x10/0x10 [ 161.219577][ T6783] ? __pfx_aa_sk_perm+0x10/0x10 [ 161.219621][ T6783] ? __pfx_sctp_sendmsg+0x10/0x10 [ 161.219658][ T6783] inet_sendmsg+0x11c/0x140 [ 161.219701][ T6783] ____sys_sendmsg+0x973/0xc70 [ 161.219739][ T6783] ? __pfx_____sys_sendmsg+0x10/0x10 [ 161.219770][ T6783] ? __pfx___schedule+0x10/0x10 [ 161.219828][ T6783] ___sys_sendmsg+0x134/0x1d0 [ 161.219875][ T6783] ? __pfx____sys_sendmsg+0x10/0x10 [ 161.219939][ T6783] ? find_held_lock+0x2b/0x80 [ 161.219997][ T6783] __sys_sendmmsg+0x200/0x420 [ 161.220046][ T6783] ? __pfx___sys_sendmmsg+0x10/0x10 [ 161.220100][ T6783] ? __pfx_do_futex+0x10/0x10 [ 161.220154][ T6783] ? xfd_validate_state+0x61/0x180 [ 161.220189][ T6783] ? __sys_setsockopt+0x140/0x1a0 [ 161.220235][ T6783] __x64_sys_sendmmsg+0x9c/0x100 [ 161.220274][ T6783] ? lockdep_hardirqs_on+0x7c/0x110 [ 161.220309][ T6783] do_syscall_64+0xcd/0x490 [ 161.220351][ T6783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.220378][ T6783] RIP: 0033:0x7f5455f8e929 [ 161.220410][ T6783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.220436][ T6783] RSP: 002b:00007f5456e28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 161.220464][ T6783] RAX: ffffffffffffffda RBX: 00007f54561b6080 RCX: 00007f5455f8e929 [ 161.220482][ T6783] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000006 [ 161.220498][ T6783] RBP: 00007f5456010b39 R08: 0000000000000000 R09: 0000000000000000 [ 161.220514][ T6783] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 161.220529][ T6783] R13: 0000000000000000 R14: 00007f54561b6080 R15: 00007ffdfe5b7298 [ 161.220566][ T6783] [ 161.536765][ T6786] ptrace attach of "./syz-executor exec"[5852] was attempted by "./syz-executor exec"[6786] [ 162.161762][ T6781] kexec: Could not allocate control_code_buffer [ 162.507831][ T6795] netlink: 'syz.3.166': attribute type 35 has an invalid length. [ 162.559264][ T6801] netlink: 48 bytes leftover after parsing attributes in process `syz.1.167'. [ 163.384634][ T6811] netlink: 342 bytes leftover after parsing attributes in process `syz.3.169'. [ 164.362193][ T6836] device-mapper: ioctl: Invalid data size in the ioctl structure: 1 [ 165.622954][ T6816] ptrace attach of "./syz-executor exec"[5852] was attempted by "./syz-executor exec"[6816] [ 167.103390][ T6862] netlink: 342 bytes leftover after parsing attributes in process `syz.1.183'. [ 167.417162][ T6851] ptrace attach of "./syz-executor exec"[5852] was attempted by "./syz-executor exec"[6851] [ 169.349091][ T6907] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[6907] [ 170.530799][ T6911] netlink: 342 bytes leftover after parsing attributes in process `syz.1.194'. [ 171.590949][ T6933] sd 0:0:1:0: PR command failed: 1026 [ 171.606866][ T6933] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 171.614368][ T6933] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 171.801421][ T6943] vhci_hcd: invalid port number 16 [ 171.806714][ T6943] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 175.534254][ T6987] FAULT_INJECTION: forcing a failure. [ 175.534254][ T6987] name fail_futex, interval 1, probability 0, space 0, times 1 [ 175.573227][ T6987] CPU: 0 UID: 0 PID: 6987 Comm: syz.0.208 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 175.573265][ T6987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 175.573281][ T6987] Call Trace: [ 175.573290][ T6987] [ 175.573301][ T6987] dump_stack_lvl+0x16c/0x1f0 [ 175.573347][ T6987] should_fail_ex+0x512/0x640 [ 175.573389][ T6987] get_futex_key+0x1d0/0x1540 [ 175.573427][ T6987] ? __pfx_get_futex_key+0x10/0x10 [ 175.573459][ T6987] ? __mutex_trylock_common+0xe9/0x250 [ 175.573506][ T6987] futex_wake+0xe7/0x4e0 [ 175.573548][ T6987] ? __pfx_futex_wake+0x10/0x10 [ 175.573594][ T6987] ? __lock_acquire+0xb8a/0x1c90 [ 175.573653][ T6987] do_futex+0x1e3/0x350 [ 175.573688][ T6987] ? __pfx_do_futex+0x10/0x10 [ 175.573718][ T6987] ? __might_fault+0xe3/0x190 [ 175.573769][ T6987] mm_release+0x24e/0x300 [ 175.573802][ T6987] do_exit+0x68b/0x2bd0 [ 175.573847][ T6987] ? __pfx_do_exit+0x10/0x10 [ 175.573884][ T6987] ? do_raw_spin_lock+0x12c/0x2b0 [ 175.573926][ T6987] ? find_held_lock+0x2b/0x80 [ 175.573962][ T6987] do_group_exit+0xd3/0x2a0 [ 175.574003][ T6987] get_signal+0x2673/0x26d0 [ 175.574049][ T6987] ? __pfx_get_signal+0x10/0x10 [ 175.574081][ T6987] ? do_futex+0x122/0x350 [ 175.574114][ T6987] ? __pfx_do_futex+0x10/0x10 [ 175.574150][ T6987] arch_do_signal_or_restart+0x8f/0x790 [ 175.574184][ T6987] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 175.574228][ T6987] ? __pfx_do_writev+0x10/0x10 [ 175.574273][ T6987] exit_to_user_mode_loop+0x84/0x110 [ 175.574318][ T6987] do_syscall_64+0x3f6/0x490 [ 175.574362][ T6987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.574391][ T6987] RIP: 0033:0x7f5455f8e929 [ 175.574413][ T6987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.574438][ T6987] RSP: 002b:00007f5456e280e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 175.574464][ T6987] RAX: fffffffffffffe00 RBX: 00007f54561b6088 RCX: 00007f5455f8e929 [ 175.574482][ T6987] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f54561b6088 [ 175.574500][ T6987] RBP: 00007f54561b6080 R08: 0000000000000000 R09: 0000000000000000 [ 175.574517][ T6987] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f54561b608c [ 175.574533][ T6987] R13: 0000000000000000 R14: 00007ffdfe5b71b0 R15: 00007ffdfe5b7298 [ 175.574578][ T6987] [ 175.971987][ T7000] netlink: 48 bytes leftover after parsing attributes in process `syz.3.212'. [ 179.511953][ T7047] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[7047] [ 179.538614][ T7029] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[7029] [ 179.772085][ T7049] vhci_hcd: invalid port number 16 [ 179.786517][ T7049] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 180.298693][ T7056] netlink: 48 bytes leftover after parsing attributes in process `syz.0.221'. [ 182.992609][ T7089] vhci_hcd: invalid port number 16 [ 183.012349][ T7090] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[7090] [ 183.067447][ T7089] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 183.195122][ T7080] [U] [ 183.198098][ T7080] [U] [ 183.200901][ T7080] [U] [ 183.203598][ T7080] [U] [ 183.332084][ T7080] [U] [ 183.334853][ T7080] [U] [ 183.337592][ T7080] [U] [ 183.340308][ T7080] [U] [ 183.429490][ T7080] [U] [ 183.432297][ T7080] [U] [ 183.435058][ T7080] [U] [ 183.437812][ T7080] [U] [ 183.501229][ T7080] [U] [ 183.503973][ T7080] [U] [ 183.506668][ T7080] [U] [ 183.509367][ T7080] [U] [ 183.619685][ T7080] [U] [ 183.622505][ T7080] [U] [ 183.625256][ T7080] [U] [ 183.627997][ T7080] [U] [ 183.784466][ T7080] [U] [ 183.787247][ T7080] [U] [ 183.789950][ T7080] [U] [ 183.792692][ T7080] [U] [ 183.833052][ T7080] [U] [ 183.835871][ T7080] [U] [ 183.838622][ T7080] [U] [ 183.841377][ T7080] [U] [ 183.995895][ T7080] [U] [ 183.998689][ T7080] [U] [ 184.001440][ T7080] [U] [ 184.004160][ T7080] [U] [ 184.051752][ T7080] [U] [ 184.054560][ T7080] [U] [ 184.057324][ T7080] [U] [ 184.060086][ T7080] [U] [ 184.107317][ T7080] [U] [ 184.110117][ T7080] [U] [ 184.112871][ T7080] [U] [ 184.115632][ T7080] [U] [ 184.149977][ T7109] FAULT_INJECTION: forcing a failure. [ 184.149977][ T7109] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 184.168276][ T7080] [U] [ 184.171064][ T7080] [U] [ 184.173821][ T7080] [U] [ 184.176577][ T7080] [U] [ 184.211195][ T7109] CPU: 1 UID: 0 PID: 7109 Comm: syz.3.230 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 184.211235][ T7109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 184.211250][ T7109] Call Trace: [ 184.211260][ T7109] [ 184.211271][ T7109] dump_stack_lvl+0x16c/0x1f0 [ 184.211317][ T7109] should_fail_ex+0x512/0x640 [ 184.211363][ T7109] _copy_from_user+0x2e/0xd0 [ 184.211408][ T7109] do_sys_poll+0x1d5/0xdf0 [ 184.211447][ T7109] ? kernel_text_address+0x8d/0x100 [ 184.211504][ T7109] ? arch_stack_walk+0xa6/0x100 [ 184.211532][ T7109] ? __pfx_do_sys_poll+0x10/0x10 [ 184.211568][ T7109] ? __lock_acquire+0x622/0x1c90 [ 184.211643][ T7109] ? __lock_acquire+0x622/0x1c90 [ 184.211753][ T7109] ? __pfx_timespec64_add_safe+0x10/0x10 [ 184.211797][ T7109] ? ktime_get_ts64+0x2d2/0x400 [ 184.211831][ T7109] ? read_tsc+0x9/0x20 [ 184.211859][ T7109] ? ktime_get_ts64+0x256/0x400 [ 184.211905][ T7109] __x64_sys_poll+0x1a6/0x450 [ 184.211942][ T7109] ? __pfx___x64_sys_poll+0x10/0x10 [ 184.211991][ T7109] do_syscall_64+0xcd/0x490 [ 184.212047][ T7109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.212074][ T7109] RIP: 0033:0x7f25c8b8e929 [ 184.212097][ T7109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.212121][ T7109] RSP: 002b:00007f25c9981038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 184.212148][ T7109] RAX: ffffffffffffffda RBX: 00007f25c8db5fa0 RCX: 00007f25c8b8e929 [ 184.212165][ T7109] RDX: 0000000000000108 RSI: 0000000000000005 RDI: 0000200000000040 [ 184.212182][ T7109] RBP: 00007f25c9981090 R08: 0000000000000000 R09: 0000000000000000 [ 184.212198][ T7109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 184.212214][ T7109] R13: 0000000000000000 R14: 00007f25c8db5fa0 R15: 00007ffe6a352058 [ 184.212250][ T7109] [ 184.651391][ T7080] [U] [ 186.090657][ T7131] netlink: 48 bytes leftover after parsing attributes in process `syz.2.236'. [ 190.391836][ T7184] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[7184] [ 191.027473][ T7190] netlink: 48 bytes leftover after parsing attributes in process `syz.1.249'. [ 191.068530][ T7191] netlink: 'syz.0.250': attribute type 1 has an invalid length. syzkaller syzkaller login: [ 195.656861][ T7234] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[7234] [ 198.893114][ T7339] netlink: 504 bytes leftover after parsing attributes in process `syz.3.281'. [ 198.921558][ T7339] netlink: 350 bytes leftover after parsing attributes in process `syz.3.281'. [ 199.299381][ T7314] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[7314] [ 199.339413][ T7351] vivid-003: ================= START STATUS ================= [ 199.347463][ T7351] vivid-003: Radio HW Seek Mode: Bounded [ 199.354369][ T7351] vivid-003: Radio Programmable HW Seek: false [ 199.360877][ T7351] vivid-003: RDS Rx I/O Mode: Block I/O [ 199.366760][ T7351] vivid-003: Generate RBDS Instead of RDS: false [ 199.375520][ T7351] vivid-003: RDS Reception: true [ 199.382834][ T7351] vivid-003: RDS Program Type: 0 inactive [ 199.388892][ T7351] vivid-003: RDS PS Name: inactive [ 199.401890][ T7351] vivid-003: RDS Radio Text: inactive [ 199.469859][ T7351] vivid-003: RDS Traffic Announcement: false inactive [ 199.479674][ T7351] vivid-003: RDS Traffic Program: false inactive [ 199.486228][ T7351] vivid-003: RDS Music: false inactive [ 199.494549][ T7351] vivid-003: ================== END STATUS ================== [ 199.591423][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.601617][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.196153][ T5169] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 201.909214][ T7393] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 202.581857][ T7402] netlink: 20 bytes leftover after parsing attributes in process `syz.2.294'. [ 203.533900][ T7423] netlink: 48 bytes leftover after parsing attributes in process `syz.1.298'. [ 203.940072][ T7405] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[7405] [ 204.499897][ T7426] cgroup: fork rejected by pids controller in /syz0 [ 205.113459][ T7467] UHID_CREATE from different security context by process 328 (syz.1.301), this is not allowed. [ 205.525169][ T7467] netlink: 28 bytes leftover after parsing attributes in process `syz.1.301'. [ 210.588746][ T7503] netlink: 48 bytes leftover after parsing attributes in process `syz.1.311'. [ 214.078604][ T7534] ptrace attach of "./syz-executor exec"[5852] was attempted by "./syz-executor exec"[7534] [ 216.182181][ T7584] netlink: 'syz.3.328': attribute type 21 has an invalid length. [ 216.211559][ T7584] netlink: 326 bytes leftover after parsing attributes in process `syz.3.328'. [ 217.024359][ T7603] openvswitch: netlink: Key type 320 is out of range max 32 [ 217.739253][ T7612] netlink: 338 bytes leftover after parsing attributes in process `syz.3.334'. [ 217.776835][ T7614] FAULT_INJECTION: forcing a failure. [ 217.776835][ T7614] name fail_futex, interval 1, probability 0, space 0, times 0 [ 217.791405][ T7614] CPU: 0 UID: 0 PID: 7614 Comm: syz.1.333 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 217.791447][ T7614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.791466][ T7614] Call Trace: [ 217.791476][ T7614] [ 217.791488][ T7614] dump_stack_lvl+0x16c/0x1f0 [ 217.791540][ T7614] should_fail_ex+0x512/0x640 [ 217.791580][ T7614] get_futex_key+0x1d0/0x1540 [ 217.791610][ T7614] ? __pfx_get_futex_key+0x10/0x10 [ 217.791637][ T7614] ? pick_eevdf+0x175/0x5b0 [ 217.791663][ T7614] ? update_curr_se+0x8b/0x270 [ 217.791692][ T7614] ? update_curr+0x74/0x800 [ 217.791728][ T7614] futex_wait_setup+0x84/0x510 [ 217.791768][ T7614] __futex_wait+0x194/0x2f0 [ 217.791802][ T7614] ? __pfx___futex_wait+0x10/0x10 [ 217.791834][ T7614] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 217.791877][ T7614] ? __pfx_futex_wake_mark+0x10/0x10 [ 217.791913][ T7614] ? plist_check_head+0xa3/0x150 [ 217.791938][ T7614] ? find_held_lock+0x2b/0x80 [ 217.791970][ T7614] futex_wait+0xe8/0x380 [ 217.792001][ T7614] ? __pfx_futex_wait+0x10/0x10 [ 217.792042][ T7614] ? __pfx___sys_sendmmsg+0x10/0x10 [ 217.792074][ T7614] ? __pfx_inet_bind_sk+0x10/0x10 [ 217.792109][ T7614] do_futex+0x229/0x350 [ 217.792137][ T7614] ? __pfx_do_futex+0x10/0x10 [ 217.792173][ T7614] __x64_sys_futex+0x1e0/0x4c0 [ 217.792204][ T7614] ? __pfx___x64_sys_futex+0x10/0x10 [ 217.792231][ T7614] ? xfd_validate_state+0x61/0x180 [ 217.792260][ T7614] ? __sys_setsockopt+0x140/0x1a0 [ 217.792298][ T7614] do_syscall_64+0xcd/0x490 [ 217.792333][ T7614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.792356][ T7614] RIP: 0033:0x7f8f6378e929 [ 217.792374][ T7614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.792395][ T7614] RSP: 002b:00007f8f645a90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 217.792423][ T7614] RAX: ffffffffffffffda RBX: 00007f8f639b6088 RCX: 00007f8f6378e929 [ 217.792437][ T7614] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8f639b6088 [ 217.792450][ T7614] RBP: 00007f8f639b6080 R08: 0000000000000000 R09: 0000000000000000 [ 217.792463][ T7614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8f639b608c [ 217.792476][ T7614] R13: 0000000000000000 R14: 00007fff4ee2f170 R15: 00007fff4ee2f258 [ 217.792504][ T7614] [ 217.793880][ T7612] netlink: 338 bytes leftover after parsing attributes in process `syz.3.334'. [ 218.157623][ T7612] netlink: 290 bytes leftover after parsing attributes in process `syz.3.334'. [ 218.338782][ T7619] FAULT_INJECTION: forcing a failure. [ 218.338782][ T7619] name fail_futex, interval 1, probability 0, space 0, times 0 [ 218.418489][ T7619] CPU: 0 UID: 0 PID: 7619 Comm: syz.1.337 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 218.418534][ T7619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 218.418552][ T7619] Call Trace: [ 218.418561][ T7619] [ 218.418573][ T7619] dump_stack_lvl+0x16c/0x1f0 [ 218.418625][ T7619] should_fail_ex+0x512/0x640 [ 218.418674][ T7619] get_futex_key+0x1d0/0x1540 [ 218.418715][ T7619] ? __pfx_get_futex_key+0x10/0x10 [ 218.418760][ T7619] futex_wake+0xe7/0x4e0 [ 218.418806][ T7619] ? __pfx_futex_wake+0x10/0x10 [ 218.418863][ T7619] ? kmem_cache_free+0x2d1/0x4d0 [ 218.418906][ T7619] ? fd_install+0x225/0x750 [ 218.418945][ T7619] ? putname+0x154/0x1a0 [ 218.418980][ T7619] do_futex+0x1e3/0x350 [ 218.419018][ T7619] ? __pfx_do_futex+0x10/0x10 [ 218.419068][ T7619] __x64_sys_futex+0x1e0/0x4c0 [ 218.419106][ T7619] ? __x64_sys_openat+0x174/0x210 [ 218.419138][ T7619] ? __pfx___x64_sys_futex+0x10/0x10 [ 218.419191][ T7619] do_syscall_64+0xcd/0x490 [ 218.419239][ T7619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.419269][ T7619] RIP: 0033:0x7f8f6378e929 [ 218.419293][ T7619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.419321][ T7619] RSP: 002b:00007f8f645ca0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 218.419350][ T7619] RAX: ffffffffffffffda RBX: 00007f8f639b5fa8 RCX: 00007f8f6378e929 [ 218.419369][ T7619] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8f639b5fac [ 218.419386][ T7619] RBP: 00007f8f639b5fa0 R08: 00007f8f645cb000 R09: 0000000000000000 [ 218.419403][ T7619] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f8f639b5fac [ 218.419426][ T7619] R13: 0000000000000000 R14: 00007fff4ee2f170 R15: 00007fff4ee2f258 [ 218.419466][ T7619] [ 219.402564][ T7630] netlink: 48 bytes leftover after parsing attributes in process `syz.3.338'. [ 220.544903][ T30] audit: type=1400 audit(4294967302.000:4): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=7645 comm="syz.1.343" [ 220.829294][ T7641] mkiss: ax0: crc mode is auto. [ 221.157539][ T7636] kexec: Could not allocate control_code_buffer [ 221.900317][ T7663] futex_wake_op: syz.2.347 tries to shift op by 64; fix this program [ 224.123334][ T7693] netlink: 28 bytes leftover after parsing attributes in process `syz.2.354'. [ 224.668116][ T7696] netlink: 338 bytes leftover after parsing attributes in process `syz.1.356'. [ 224.744762][ T7696] netlink: 342 bytes leftover after parsing attributes in process `syz.1.356'. [ 225.170142][ T7696] FAULT_INJECTION: forcing a failure. [ 225.170142][ T7696] name fail_futex, interval 1, probability 0, space 0, times 0 [ 225.244034][ T7696] CPU: 1 UID: 0 PID: 7696 Comm: syz.1.356 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 225.244059][ T7696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 225.244069][ T7696] Call Trace: [ 225.244074][ T7696] [ 225.244081][ T7696] dump_stack_lvl+0x16c/0x1f0 [ 225.244110][ T7696] should_fail_ex+0x512/0x640 [ 225.244138][ T7696] get_futex_key+0x1d0/0x1540 [ 225.244161][ T7696] ? __pfx_get_futex_key+0x10/0x10 [ 225.244180][ T7696] ? __mutex_trylock_common+0xe9/0x250 [ 225.244210][ T7696] futex_wake+0xe7/0x4e0 [ 225.244234][ T7696] ? __pfx_futex_wake+0x10/0x10 [ 225.244256][ T7696] ? __lock_acquire+0xb8a/0x1c90 [ 225.244286][ T7696] do_futex+0x1e3/0x350 [ 225.244307][ T7696] ? __pfx_do_futex+0x10/0x10 [ 225.244325][ T7696] ? __might_fault+0xe3/0x190 [ 225.244355][ T7696] mm_release+0x24e/0x300 [ 225.244374][ T7696] do_exit+0x68b/0x2bd0 [ 225.244401][ T7696] ? __pfx_do_exit+0x10/0x10 [ 225.244423][ T7696] ? do_raw_spin_lock+0x12c/0x2b0 [ 225.244448][ T7696] ? find_held_lock+0x2b/0x80 [ 225.244468][ T7696] do_group_exit+0xd3/0x2a0 [ 225.244492][ T7696] get_signal+0x2673/0x26d0 [ 225.244519][ T7696] ? __pfx_get_signal+0x10/0x10 [ 225.244537][ T7696] ? do_futex+0x122/0x350 [ 225.244557][ T7696] ? __pfx_do_futex+0x10/0x10 [ 225.244578][ T7696] arch_do_signal_or_restart+0x8f/0x790 [ 225.244600][ T7696] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 225.244625][ T7696] ? xfd_validate_state+0x61/0x180 [ 225.244652][ T7696] exit_to_user_mode_loop+0x84/0x110 [ 225.244679][ T7696] do_syscall_64+0x3f6/0x490 [ 225.244705][ T7696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.244722][ T7696] RIP: 0033:0x7f8f6378e929 [ 225.244739][ T7696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.244755][ T7696] RSP: 002b:00007f8f645ca0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 225.244772][ T7696] RAX: fffffffffffffe00 RBX: 00007f8f639b5fa8 RCX: 00007f8f6378e929 [ 225.244782][ T7696] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8f639b5fa8 [ 225.244792][ T7696] RBP: 00007f8f639b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 225.244801][ T7696] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8f639b5fac [ 225.244811][ T7696] R13: 0000000000000000 R14: 00007fff4ee2f170 R15: 00007fff4ee2f258 [ 225.244831][ T7696] [ 225.537575][ T7429] syz.0.299 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 225.547989][ T7429] CPU: 1 UID: 0 PID: 7429 Comm: syz.0.299 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 225.548025][ T7429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 225.548040][ T7429] Call Trace: [ 225.548048][ T7429] [ 225.548058][ T7429] dump_stack_lvl+0x16c/0x1f0 [ 225.548101][ T7429] dump_header+0x101/0x930 [ 225.548146][ T7429] oom_kill_process+0x270/0xa60 [ 225.548190][ T7429] out_of_memory+0x350/0x1700 [ 225.548241][ T7429] ? __pfx_out_of_memory+0x10/0x10 [ 225.548291][ T7429] mem_cgroup_out_of_memory+0x118/0x130 [ 225.548326][ T7429] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 225.548371][ T7429] ? do_raw_spin_unlock+0x172/0x230 [ 225.548406][ T7429] try_charge_memcg+0x72b/0xd50 [ 225.548437][ T7429] ? __pfx_try_charge_memcg+0x10/0x10 [ 225.548463][ T7429] ? __print_lock_name+0xb1/0xe0 [ 225.548493][ T7429] ? rcu_read_unlock+0x17/0x60 [ 225.548531][ T7429] charge_memcg+0x8a/0x230 [ 225.548560][ T7429] __mem_cgroup_charge+0x2b/0x1e0 [ 225.548594][ T7429] shmem_alloc_and_add_folio+0x514/0xc20 [ 225.548645][ T7429] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 225.548692][ T7429] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 225.548742][ T7429] shmem_get_folio_gfp+0x67f/0x1600 [ 225.548793][ T7429] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 225.548847][ T7429] ? __pte_offset_map_lock+0x174/0x310 [ 225.548883][ T7429] shmem_write_begin+0x160/0x300 [ 225.548926][ T7429] ? find_held_lock+0x2b/0x80 [ 225.548955][ T7429] ? __pfx_shmem_write_begin+0x10/0x10 [ 225.548999][ T7429] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 225.549033][ T7429] ? __pfx_timestamp_truncate+0x10/0x10 [ 225.549080][ T7429] generic_perform_write+0x3d0/0x930 [ 225.549136][ T7429] ? __pfx_generic_perform_write+0x10/0x10 [ 225.549179][ T7429] ? inode_needs_update_time.part.0+0x191/0x270 [ 225.549235][ T7429] shmem_file_write_iter+0x10e/0x140 [ 225.549267][ T7429] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 225.549293][ T7429] __kernel_write_iter+0x317/0xa90 [ 225.549338][ T7429] ? __pfx___kernel_write_iter+0x10/0x10 [ 225.549378][ T7429] ? __up_read+0x1f8/0x750 [ 225.549427][ T7429] ? dump_user_range+0x745/0xb60 [ 225.549457][ T7429] ? dump_interrupted+0x4b/0xf0 [ 225.549492][ T7429] dump_user_range+0x41f/0xb60 [ 225.549524][ T7429] ? __pfx_dump_user_range+0x10/0x10 [ 225.549550][ T7429] ? elf_coredump_extra_notes_write+0xbd/0x4f0 [ 225.549589][ T7429] ? __pfx_writenote+0x10/0x10 [ 225.549623][ T7429] elf_core_dump+0x288a/0x3a90 [ 225.549667][ T7429] ? __pfx_elf_core_dump+0x10/0x10 [ 225.549692][ T7429] ? kasan_save_stack+0x42/0x60 [ 225.549721][ T7429] ? kasan_save_stack+0x33/0x60 [ 225.549750][ T7429] ? kasan_save_track+0x14/0x30 [ 225.549778][ T7429] ? __kasan_kmalloc+0xaa/0xb0 [ 225.549814][ T7429] ? do_coredump+0x1c9a/0x4f10 [ 225.549834][ T7429] ? get_signal+0x22e3/0x26d0 [ 225.549857][ T7429] ? arch_do_signal_or_restart+0x8f/0x790 [ 225.549888][ T7429] ? 0xffffffffff600000 [ 225.549962][ T7429] ? do_coredump+0x399c/0x4f10 [ 225.549983][ T7429] do_coredump+0x399c/0x4f10 [ 225.550019][ T7429] ? __pfx_do_coredump+0x10/0x10 [ 225.550043][ T7429] ? find_held_lock+0x2b/0x80 [ 225.550067][ T7429] ? is_bpf_text_address+0x8a/0x1a0 [ 225.550100][ T7429] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 225.550126][ T7429] ? is_bpf_text_address+0x94/0x1a0 [ 225.550155][ T7429] ? kernel_text_address+0x8d/0x100 [ 225.550188][ T7429] ? __kernel_text_address+0xd/0x40 [ 225.550207][ T7429] ? unwind_get_return_address+0x59/0xa0 [ 225.550262][ T7429] ? stack_depot_save_flags+0x28/0xa40 [ 225.550296][ T7429] ? __lock_acquire+0xb8a/0x1c90 [ 225.550328][ T7429] ? kasan_save_stack+0x42/0x60 [ 225.550357][ T7429] ? kasan_save_stack+0x33/0x60 [ 225.550385][ T7429] ? kasan_save_track+0x14/0x30 [ 225.550414][ T7429] ? kasan_save_free_info+0x3b/0x60 [ 225.550437][ T7429] ? __kasan_slab_free+0x51/0x70 [ 225.550467][ T7429] ? kmem_cache_free+0x2d1/0x4d0 [ 225.550494][ T7429] ? __sigqueue_free+0xba/0x2a0 [ 225.550522][ T7429] ? get_signal+0xcba/0x26d0 [ 225.550543][ T7429] ? arch_do_signal_or_restart+0x8f/0x790 [ 225.550614][ T7429] ? proc_coredump_connector+0x2d1/0x4f0 [ 225.550641][ T7429] ? __pfx_proc_coredump_connector+0x10/0x10 [ 225.550675][ T7429] ? rcu_is_watching+0x12/0xc0 [ 225.550703][ T7429] get_signal+0x22e3/0x26d0 [ 225.550740][ T7429] ? __pfx_get_signal+0x10/0x10 [ 225.550766][ T7429] ? rcu_is_watching+0x12/0xc0 [ 225.550787][ T7429] ? trace_irq_disable.constprop.0+0xd4/0x120 [ 225.550835][ T7429] arch_do_signal_or_restart+0x8f/0x790 [ 225.550862][ T7429] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 225.550910][ T7429] irqentry_exit_to_user_mode+0x12a/0x270 [ 225.550944][ T7429] asm_exc_page_fault+0x26/0x30 [ 225.550965][ T7429] RIP: 0033:0x0 [ 225.550980][ T7429] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 225.550989][ T7429] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 225.551007][ T7429] RAX: 0000000000000000 RBX: 00007f54561b5fa0 RCX: 00007f5455f8e929 [ 225.551021][ T7429] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 225.551033][ T7429] RBP: 00007f5456010b39 R08: 0000000000000002 R09: 0000000000000000 [ 225.551046][ T7429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 225.551059][ T7429] R13: 0000000000000000 R14: 00007f54561b5fa0 R15: 00007ffdfe5b7298 [ 225.551089][ T7429] [ 225.551377][ T7429] memory: usage 307076kB, limit 307200kB, failcnt 18764 [ 226.194960][ T7429] memory+swap: usage 432172kB, limit 9007199254740988kB, failcnt 0 [ 226.869398][ T7429] kmem: usage 3224kB, limit 9007199254740988kB, failcnt 0 [ 226.876650][ T7429] Memory cgroup stats for /syz0: [ 226.876869][ T7429] cache 311013376 [ 227.053631][ T7429] rss 155648 [ 227.056978][ T7429] rss_huge 0 [ 227.347244][ T7429] shmem 311013376 [ 227.498108][ T7429] mapped_file 10780672 [ 227.788376][ T7429] dirty 0 [ 227.975530][ T7429] writeback 0 [ 228.348042][ T7429] workingset_refault_anon 764 [ 228.422028][ T7429] workingset_refault_file 47 [ 228.426711][ T7429] swap 127971328 [ 228.475766][ T7429] swapcached 24576 [ 228.488027][ T7429] pgpgin 168258 [ 228.491713][ T7429] pgpgout 93305 [ 228.495215][ T7429] pgfault 112631 [ 228.526306][ T7429] pgmajfault 226 [ 228.553173][ T7429] inactive_anon 159543296 [ 228.563856][ T7429] active_anon 149250048 [ 228.582874][ T7429] inactive_file 0 [ 228.586745][ T7429] active_file 0 [ 228.593040][ T7429] unevictable 0 [ 228.596596][ T7429] hierarchical_memory_limit 314572800 [ 228.618288][ T7429] hierarchical_memsw_limit 9223372036854771712 [ 228.624535][ T7429] total_cache 311013376 [ 228.647987][ T7429] total_rss 155648 [ 228.659420][ T7429] total_rss_huge 0 [ 228.667634][ T7429] total_shmem 311013376 [ 228.686211][ T7429] total_mapped_file 10780672 [ 228.700504][ T7734] FAULT_INJECTION: forcing a failure. [ 228.700504][ T7734] name failslab, interval 1, probability 0, space 0, times 0 [ 228.717252][ T7429] total_dirty 0 [ 228.724372][ T7429] total_writeback 0 [ 228.729267][ T7429] total_workingset_refault_anon 764 [ 228.734663][ T7734] CPU: 1 UID: 0 PID: 7734 Comm: syz.1.364 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 228.734702][ T7734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 228.734717][ T7734] Call Trace: [ 228.734736][ T7734] [ 228.734747][ T7734] dump_stack_lvl+0x16c/0x1f0 [ 228.734793][ T7734] should_fail_ex+0x512/0x640 [ 228.734837][ T7734] should_failslab+0xc2/0x120 [ 228.734864][ T7734] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 228.734902][ T7734] ? __alloc_skb+0x2b2/0x380 [ 228.734945][ T7734] __alloc_skb+0x2b2/0x380 [ 228.734979][ T7734] ? __pfx___alloc_skb+0x10/0x10 [ 228.735011][ T7734] ? find_held_lock+0x2b/0x80 [ 228.735052][ T7734] ? __lock_acquire+0x622/0x1c90 [ 228.735091][ T7734] sctp_packet_transmit+0x1ca/0x3040 [ 228.735141][ T7734] ? find_held_lock+0x2b/0x80 [ 228.735170][ T7734] ? sctp_outq_flush+0xb4e/0x3350 [ 228.735207][ T7734] sctp_outq_flush+0xb68/0x3350 [ 228.735251][ T7734] ? __pfx_sctp_make_sack+0x10/0x10 [ 228.735294][ T7734] ? __pfx_sctp_outq_flush+0x10/0x10 [ 228.735333][ T7734] ? sctp_outq_tail+0x671/0xa30 [ 228.735371][ T7734] sctp_do_sm+0x1792/0x5c80 [ 228.735419][ T7734] ? __pfx_sctp_do_sm+0x10/0x10 [ 228.735501][ T7734] ? ktime_get+0x200/0x310 [ 228.735532][ T7734] ? lockdep_hardirqs_on+0x7c/0x110 [ 228.735576][ T7734] sctp_assoc_bh_rcv+0x392/0x6f0 [ 228.735617][ T7734] sctp_inq_push+0x1db/0x270 [ 228.735648][ T7734] sctp_backlog_rcv+0x169/0x590 [ 228.735685][ T7734] ? __pfx_sctp_backlog_rcv+0x10/0x10 [ 228.735717][ T7734] __release_sock+0x362/0x400 [ 228.735761][ T7734] ? lockdep_hardirqs_on+0x7c/0x110 [ 228.735803][ T7734] release_sock+0x5a/0x220 [ 228.735842][ T7734] sctp_wait_for_connect+0x1c4/0x5c0 [ 228.735876][ T7734] ? __pfx_sctp_wait_for_connect+0x10/0x10 [ 228.735902][ T7734] ? skb_set_owner_w+0x31f/0x710 [ 228.735935][ T7734] ? __pfx_autoremove_wake_function+0x10/0x10 [ 228.735967][ T7734] ? sctp_datamsg_put+0x58/0x5f0 [ 228.736004][ T7734] ? sctp_primitive_SEND+0x9f/0xd0 [ 228.736041][ T7734] sctp_sendmsg_to_asoc+0x182b/0x1bf0 [ 228.736086][ T7734] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 228.736117][ T7734] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 228.736150][ T7734] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 228.736191][ T7734] sctp_sendmsg+0xef5/0x1ee0 [ 228.736236][ T7734] ? __pfx_sctp_sendmsg+0x10/0x10 [ 228.736270][ T7734] ? __pfx___might_resched+0x10/0x10 [ 228.736319][ T7734] ? __pfx_aa_sk_perm+0x10/0x10 [ 228.736356][ T7734] ? __pfx_sctp_sendmsg+0x10/0x10 [ 228.736388][ T7734] inet_sendmsg+0x11c/0x140 [ 228.736424][ T7734] ____sys_sendmsg+0x973/0xc70 [ 228.736458][ T7734] ? __pfx_____sys_sendmsg+0x10/0x10 [ 228.736492][ T7734] ? find_held_lock+0x2b/0x80 [ 228.736521][ T7734] ? futex_unqueue+0x133/0x2c0 [ 228.736558][ T7734] ___sys_sendmsg+0x134/0x1d0 [ 228.736598][ T7734] ? __pfx____sys_sendmsg+0x10/0x10 [ 228.736657][ T7734] ? find_held_lock+0x2b/0x80 [ 228.736713][ T7734] __sys_sendmmsg+0x200/0x420 [ 228.736764][ T7734] ? __pfx___sys_sendmmsg+0x10/0x10 [ 228.736800][ T7734] ? __pfx_inet_bind_sk+0x10/0x10 [ 228.736846][ T7734] ? __pfx_do_futex+0x10/0x10 [ 228.736905][ T7734] ? xfd_validate_state+0x61/0x180 [ 228.736940][ T7734] ? __sys_setsockopt+0x140/0x1a0 [ 228.736983][ T7734] __x64_sys_sendmmsg+0x9c/0x100 [ 228.737018][ T7734] ? lockdep_hardirqs_on+0x7c/0x110 [ 228.737052][ T7734] do_syscall_64+0xcd/0x490 [ 228.737093][ T7734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.737119][ T7734] RIP: 0033:0x7f8f6378e929 [ 228.737142][ T7734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.737165][ T7734] RSP: 002b:00007f8f645ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 228.737192][ T7734] RAX: ffffffffffffffda RBX: 00007f8f639b5fa0 RCX: 00007f8f6378e929 [ 228.737209][ T7734] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000003 [ 228.737226][ T7734] RBP: 00007f8f63810b39 R08: 0000000000000000 R09: 0000000000000000 [ 228.737243][ T7734] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 228.737260][ T7734] R13: 0000000000000000 R14: 00007f8f639b5fa0 R15: 00007fff4ee2f258 [ 228.737297][ T7734] [ 228.737426][ T7429] total_workingset_refault_file 47 [ 229.323382][ T7429] total_swap 127971328 [ 229.327616][ T7429] total_swapcached 24576 [ 229.395504][ T7429] total_pgpgin 168258 [ 229.415111][ T7429] total_pgpgout 93305 [ 229.420979][ T7429] total_pgfault 112631 [ 229.425135][ T7429] total_pgmajfault 226 [ 229.425192][ T7745] netlink: 338 bytes leftover after parsing attributes in process `syz.1.368'. [ 229.451275][ T7429] total_inactive_anon 159543296 [ 229.456222][ T7429] total_active_anon 149250048 [ 229.471456][ T7429] total_inactive_file 0 [ 229.498311][ T7429] total_active_file 0 [ 229.502387][ T7429] total_unevictable 0 [ 229.545329][ T7429] anon_cost 0 [ 229.566588][ T7429] file_cost 0 [ 229.583416][ T7429] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.299,pid=7460,uid=0 [ 229.607154][ T7429] Memory cgroup out of memory: Killed process 7460 (syz.0.299) total-vm:131144kB, anon-rss:920kB, file-rss:21668kB, shmem-rss:10496kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 232.366672][ T7773] netlink: 338 bytes leftover after parsing attributes in process `syz.1.372'. [ 232.380149][ T7773] netlink: 342 bytes leftover after parsing attributes in process `syz.1.372'. [ 232.636566][ T32] oom_reaper: reaped process 7460 (syz.0.299), now anon-rss:52kB, file-rss:20556kB, shmem-rss:10112kB [ 232.740882][ T7783] FAULT_INJECTION: forcing a failure. [ 232.740882][ T7783] name failslab, interval 1, probability 0, space 0, times 0 [ 232.798301][ T7783] CPU: 0 UID: 0 PID: 7783 Comm: syz.1.374 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 232.798344][ T7783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 232.798363][ T7783] Call Trace: [ 232.798372][ T7783] [ 232.798384][ T7783] dump_stack_lvl+0x16c/0x1f0 [ 232.798435][ T7783] should_fail_ex+0x512/0x640 [ 232.798477][ T7783] ? __kmalloc_noprof+0xbf/0x510 [ 232.798522][ T7783] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 232.798561][ T7783] should_failslab+0xc2/0x120 [ 232.798591][ T7783] __kmalloc_noprof+0xd2/0x510 [ 232.798645][ T7783] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 232.798692][ T7783] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 232.798726][ T7783] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 232.798754][ T7783] ? trace_cap_capable+0x18d/0x200 [ 232.798785][ T7783] ? bpf_lsm_capable+0x9/0x10 [ 232.798820][ T7783] ? security_capable+0x7e/0x260 [ 232.798850][ T7783] ? ns_capable+0xd7/0x110 [ 232.798885][ T7783] genl_rcv_msg+0x55c/0x800 [ 232.798924][ T7783] ? __pfx_genl_rcv_msg+0x10/0x10 [ 232.798969][ T7783] ? __pfx_ovs_meter_cmd_set+0x10/0x10 [ 232.799029][ T7783] netlink_rcv_skb+0x158/0x420 [ 232.799059][ T7783] ? __pfx_genl_rcv_msg+0x10/0x10 [ 232.799096][ T7783] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 232.799144][ T7783] ? netlink_deliver_tap+0x1ae/0xd30 [ 232.799198][ T7783] genl_rcv+0x28/0x40 [ 232.799227][ T7783] netlink_unicast+0x53a/0x7f0 [ 232.799263][ T7783] ? __pfx_netlink_unicast+0x10/0x10 [ 232.799307][ T7783] netlink_sendmsg+0x8d1/0xdd0 [ 232.799345][ T7783] ? __pfx_netlink_sendmsg+0x10/0x10 [ 232.799393][ T7783] ____sys_sendmsg+0xa98/0xc70 [ 232.799433][ T7783] ? copy_msghdr_from_user+0x10a/0x160 [ 232.799476][ T7783] ? __pfx_____sys_sendmsg+0x10/0x10 [ 232.799519][ T7783] ? __pfx_futex_wake_mark+0x10/0x10 [ 232.799568][ T7783] ___sys_sendmsg+0x134/0x1d0 [ 232.799614][ T7783] ? __pfx____sys_sendmsg+0x10/0x10 [ 232.799653][ T7783] ? __lock_acquire+0x622/0x1c90 [ 232.799744][ T7783] __sys_sendmsg+0x16d/0x220 [ 232.799787][ T7783] ? __pfx___sys_sendmsg+0x10/0x10 [ 232.799829][ T7783] ? __x64_sys_futex+0x1e0/0x4c0 [ 232.799891][ T7783] do_syscall_64+0xcd/0x490 [ 232.799938][ T7783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.799976][ T7783] RIP: 0033:0x7f8f6378e929 [ 232.800000][ T7783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.800027][ T7783] RSP: 002b:00007f8f645ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 232.800055][ T7783] RAX: ffffffffffffffda RBX: 00007f8f639b5fa0 RCX: 00007f8f6378e929 [ 232.800074][ T7783] RDX: 0000000000000040 RSI: 0000200000000080 RDI: 0000000000000009 [ 232.800092][ T7783] RBP: 00007f8f63810b39 R08: 0000000000000000 R09: 0000000000000000 [ 232.800109][ T7783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 232.800126][ T7783] R13: 0000000000000000 R14: 00007f8f639b5fa0 R15: 00007fff4ee2f258 [ 232.800166][ T7783] [ 233.576667][ T7793] netlink: 48 bytes leftover after parsing attributes in process `syz.2.375'. [ 233.698474][ T7789] netlink: 48 bytes leftover after parsing attributes in process `syz.3.376'. [ 234.562486][ T7806] random: crng reseeded on system resumption [ 234.760227][ T5907] Process accounting resumed [ 234.820427][ T7800] hub 8-0:1.0: USB hub found [ 234.829294][ T7800] hub 8-0:1.0: 1 port detected [ 235.479427][ T7818] FAULT_INJECTION: forcing a failure. [ 235.479427][ T7818] name fail_futex, interval 1, probability 0, space 0, times 0 [ 235.500427][ T7818] CPU: 0 UID: 0 PID: 7818 Comm: syz.2.390 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 235.500454][ T7818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 235.500464][ T7818] Call Trace: [ 235.500471][ T7818] [ 235.500477][ T7818] dump_stack_lvl+0x16c/0x1f0 [ 235.500506][ T7818] should_fail_ex+0x512/0x640 [ 235.500533][ T7818] get_futex_key+0x1d0/0x1540 [ 235.500556][ T7818] ? __pfx_get_futex_key+0x10/0x10 [ 235.500577][ T7818] ? __pfx_wake_up_new_task+0x10/0x10 [ 235.500594][ T7818] ? kernel_clone+0x599/0x960 [ 235.500618][ T7818] futex_wake+0xe7/0x4e0 [ 235.500640][ T7818] ? put_pid+0x1f/0x30 [ 235.500662][ T7818] ? __pfx_futex_wake+0x10/0x10 [ 235.500696][ T7818] do_futex+0x1e3/0x350 [ 235.500716][ T7818] ? __pfx_do_futex+0x10/0x10 [ 235.500734][ T7818] ? 0xffffffff81000000 [ 235.500748][ T7818] ? __pfx___do_sys_clone+0x10/0x10 [ 235.500768][ T7818] ? __pfx_aa_get_newest_label+0x10/0x10 [ 235.500787][ T7818] __x64_sys_futex+0x1e0/0x4c0 [ 235.500810][ T7818] ? __pfx___x64_sys_futex+0x10/0x10 [ 235.500830][ T7818] ? xfd_validate_state+0x61/0x180 [ 235.500850][ T7818] ? bpf_lsm_capable+0x9/0x10 [ 235.500877][ T7818] do_syscall_64+0xcd/0x490 [ 235.500902][ T7818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.500918][ T7818] RIP: 0033:0x7ff12bb8e929 [ 235.500940][ T7818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.500955][ T7818] RSP: 002b:00007ff12ca150e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 235.500973][ T7818] RAX: ffffffffffffffda RBX: 00007ff12bdb6088 RCX: 00007ff12bb8e929 [ 235.500984][ T7818] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff12bdb608c [ 235.500993][ T7818] RBP: 00007ff12bdb6080 R08: 00007ff12ca37000 R09: 0000000000000000 [ 235.501004][ T7818] R10: 000000000000019e R11: 0000000000000246 R12: 00007ff12bdb608c [ 235.501013][ T7818] R13: 0000000000000000 R14: 00007fff905c12b0 R15: 00007fff905c1398 [ 235.501034][ T7818] [ 236.272564][ T7451] syz.0.299 (7451) used greatest stack depth: 18168 bytes left [ 236.686444][ T7443] syz.0.299 (7443) used greatest stack depth: 17912 bytes left [ 236.969970][ T7825] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[7825] [ 237.751737][ T7837] netlink: 338 bytes leftover after parsing attributes in process `syz.2.384'. [ 237.762501][ T7837] netlink: 338 bytes leftover after parsing attributes in process `syz.2.384'. [ 237.793454][ T7837] netlink: 290 bytes leftover after parsing attributes in process `syz.2.384'. [ 238.448369][ T7849] netlink: 48 bytes leftover after parsing attributes in process `syz.1.388'. [ 239.689183][ T7862] netlink: 28 bytes leftover after parsing attributes in process `syz.1.392'. [ 239.871422][ T5169] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 239.871458][ T5169] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 239.871564][ T5169] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 239.871649][ T5169] Bluetooth: hci2: Unknown advertising packet type: 0x20 [ 239.871676][ T5169] Bluetooth: hci2: Malformed LE Event: 0x0d [ 240.056038][ T7870] hub 8-0:1.0: USB hub found [ 240.056511][ T7870] hub 8-0:1.0: 1 port detected [ 240.108232][ T7860] hub 8-0:1.0: USB hub found [ 240.209769][ T7860] hub 8-0:1.0: 1 port detected [ 240.279665][ T7862] netlink: 4 bytes leftover after parsing attributes in process `syz.1.392'. [ 240.728535][ T7879] FAULT_INJECTION: forcing a failure. [ 240.728535][ T7879] name failslab, interval 1, probability 0, space 0, times 0 [ 240.768075][ T7879] CPU: 0 UID: 0 PID: 7879 Comm: syz.3.395 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 240.768118][ T7879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 240.768134][ T7879] Call Trace: [ 240.768156][ T7879] [ 240.768167][ T7879] dump_stack_lvl+0x16c/0x1f0 [ 240.768215][ T7879] should_fail_ex+0x512/0x640 [ 240.768265][ T7879] should_failslab+0xc2/0x120 [ 240.768293][ T7879] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 240.768339][ T7879] ? __alloc_skb+0x2b2/0x380 [ 240.768388][ T7879] __alloc_skb+0x2b2/0x380 [ 240.768429][ T7879] ? __pfx___alloc_skb+0x10/0x10 [ 240.768475][ T7879] ? __asan_memcpy+0x3c/0x60 [ 240.768520][ T7879] skb_copy+0x1c9/0x3a0 [ 240.768564][ T7879] sctp_make_reassembled_event+0x4b0/0xb60 [ 240.768608][ T7879] ? sctp_ulpevent_make_rcvmsg+0x81b/0xab0 [ 240.768648][ T7879] sctp_ulpq_tail_data+0xd8d/0xf70 [ 240.768703][ T7879] ? __pfx_sctp_ulpq_tail_data+0x10/0x10 [ 240.768758][ T7879] ? sctp_sf_eat_data_6_2+0x56b/0xba0 [ 240.768794][ T7879] ? __pfx_sctp_ulpq_tail_data+0x10/0x10 [ 240.768833][ T7879] sctp_do_sm+0x1dc4/0x5c80 [ 240.768887][ T7879] ? __pfx_sctp_do_sm+0x10/0x10 [ 240.768973][ T7879] ? ktime_get+0x200/0x310 [ 240.769004][ T7879] ? lockdep_hardirqs_on+0x7c/0x110 [ 240.769053][ T7879] sctp_assoc_bh_rcv+0x392/0x6f0 [ 240.769095][ T7879] sctp_inq_push+0x1db/0x270 [ 240.769128][ T7879] sctp_backlog_rcv+0x169/0x590 [ 240.769161][ T7879] ? __pfx_sctp_backlog_rcv+0x10/0x10 [ 240.769190][ T7879] __release_sock+0x362/0x400 [ 240.769222][ T7879] ? lockdep_hardirqs_on+0x7c/0x110 [ 240.769269][ T7879] release_sock+0x5a/0x220 [ 240.769303][ T7879] sctp_wait_for_connect+0x1c4/0x5c0 [ 240.769331][ T7879] ? __pfx_sctp_wait_for_connect+0x10/0x10 [ 240.769354][ T7879] ? skb_set_owner_w+0x31f/0x710 [ 240.769384][ T7879] ? __pfx_autoremove_wake_function+0x10/0x10 [ 240.769416][ T7879] ? sctp_datamsg_put+0x58/0x5f0 [ 240.769450][ T7879] ? sctp_primitive_SEND+0x9f/0xd0 [ 240.769481][ T7879] sctp_sendmsg_to_asoc+0x182b/0x1bf0 [ 240.769517][ T7879] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 240.769542][ T7879] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 240.769570][ T7879] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 240.769604][ T7879] sctp_sendmsg+0xef5/0x1ee0 [ 240.769641][ T7879] ? __pfx_sctp_sendmsg+0x10/0x10 [ 240.769679][ T7879] ? __pfx___might_resched+0x10/0x10 [ 240.769719][ T7879] ? __pfx_aa_sk_perm+0x10/0x10 [ 240.769750][ T7879] ? __pfx_sctp_sendmsg+0x10/0x10 [ 240.769778][ T7879] inet_sendmsg+0x11c/0x140 [ 240.769810][ T7879] ____sys_sendmsg+0x973/0xc70 [ 240.769840][ T7879] ? __pfx_____sys_sendmsg+0x10/0x10 [ 240.769871][ T7879] ? find_held_lock+0x2b/0x80 [ 240.769894][ T7879] ? futex_unqueue+0x133/0x2c0 [ 240.769926][ T7879] ___sys_sendmsg+0x134/0x1d0 [ 240.769960][ T7879] ? __pfx____sys_sendmsg+0x10/0x10 [ 240.770008][ T7879] ? find_held_lock+0x2b/0x80 [ 240.770052][ T7879] __sys_sendmmsg+0x200/0x420 [ 240.770088][ T7879] ? __pfx___sys_sendmmsg+0x10/0x10 [ 240.770119][ T7879] ? __pfx_inet_bind_sk+0x10/0x10 [ 240.770158][ T7879] ? __pfx_do_futex+0x10/0x10 [ 240.770203][ T7879] ? xfd_validate_state+0x61/0x180 [ 240.770232][ T7879] ? __sys_setsockopt+0x140/0x1a0 [ 240.770268][ T7879] __x64_sys_sendmmsg+0x9c/0x100 [ 240.770301][ T7879] ? lockdep_hardirqs_on+0x7c/0x110 [ 240.770332][ T7879] do_syscall_64+0xcd/0x490 [ 240.770368][ T7879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.770391][ T7879] RIP: 0033:0x7f25c8b8e929 [ 240.770410][ T7879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.770432][ T7879] RSP: 002b:00007f25c9981038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 240.770454][ T7879] RAX: ffffffffffffffda RBX: 00007f25c8db5fa0 RCX: 00007f25c8b8e929 [ 240.770468][ T7879] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000003 [ 240.770481][ T7879] RBP: 00007f25c8c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 240.770494][ T7879] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 240.770507][ T7879] R13: 0000000000000000 R14: 00007f25c8db5fa0 R15: 00007ffe6a352058 [ 240.770538][ T7879] [ 241.219991][ T7886] netlink: 338 bytes leftover after parsing attributes in process `syz.1.397'. [ 241.231826][ T7886] netlink: 342 bytes leftover after parsing attributes in process `syz.1.397'. [ 244.240987][ T7919] netlink: 48 bytes leftover after parsing attributes in process `syz.2.402'. [ 245.279193][ T7932] FAULT_INJECTION: forcing a failure. [ 245.279193][ T7932] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 245.328966][ T7932] CPU: 1 UID: 0 PID: 7932 Comm: syz.3.408 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 245.329015][ T7932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 245.329031][ T7932] Call Trace: [ 245.329041][ T7932] [ 245.329051][ T7932] dump_stack_lvl+0x16c/0x1f0 [ 245.329101][ T7932] should_fail_ex+0x512/0x640 [ 245.329150][ T7932] _copy_from_user+0x2e/0xd0 [ 245.329196][ T7932] copy_msghdr_from_user+0x98/0x160 [ 245.329241][ T7932] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 245.329292][ T7932] ? kfree+0x24f/0x4d0 [ 245.329329][ T7932] ? futex_unqueue+0x133/0x2c0 [ 245.329370][ T7932] ___sys_sendmsg+0xfe/0x1d0 [ 245.329415][ T7932] ? __pfx____sys_sendmsg+0x10/0x10 [ 245.329493][ T7932] ? __pfx___might_resched+0x10/0x10 [ 245.329535][ T7932] __sys_sendmmsg+0x200/0x420 [ 245.329583][ T7932] ? __pfx___sys_sendmmsg+0x10/0x10 [ 245.329623][ T7932] ? __pfx_inet_bind_sk+0x10/0x10 [ 245.329672][ T7932] ? __pfx_do_futex+0x10/0x10 [ 245.329731][ T7932] ? xfd_validate_state+0x61/0x180 [ 245.329770][ T7932] ? __sys_setsockopt+0x140/0x1a0 [ 245.329818][ T7932] __x64_sys_sendmmsg+0x9c/0x100 [ 245.329861][ T7932] ? lockdep_hardirqs_on+0x7c/0x110 [ 245.329911][ T7932] do_syscall_64+0xcd/0x490 [ 245.329958][ T7932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.329987][ T7932] RIP: 0033:0x7f25c8b8e929 [ 245.330013][ T7932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.330041][ T7932] RSP: 002b:00007f25c9981038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 245.330070][ T7932] RAX: ffffffffffffffda RBX: 00007f25c8db5fa0 RCX: 00007f25c8b8e929 [ 245.330089][ T7932] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000003 [ 245.330106][ T7932] RBP: 00007f25c8c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 245.330123][ T7932] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 245.330139][ T7932] R13: 0000000000000000 R14: 00007f25c8db5fa0 R15: 00007ffe6a352058 [ 245.330177][ T7932] [ 246.248957][ T7942] netlink: 342 bytes leftover after parsing attributes in process `syz.2.409'. [ 246.500788][ T7942] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 246.538967][ T7942] CIFS mount error: No usable UNC path provided in device string! [ 246.538967][ T7942] [ 246.549763][ T7942] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 246.642430][ T7942] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 247.809538][ T7947] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[7947] [ 248.194329][ T7964] netlink: 48 bytes leftover after parsing attributes in process `syz.2.414'. [ 248.848163][ T7971] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input8 [ 250.408714][ T8006] vhci_hcd: invalid port number 16 [ 250.436782][ T7985] netlink: 28 bytes leftover after parsing attributes in process `syz.3.420'. [ 250.455256][ T8006] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 250.502210][ T8005] nfs4: Unknown parameter '' [ 251.017646][ T8008] [U] [ 251.020521][ T8008] [U] [ 251.023248][ T8008] [U] [ 251.026007][ T8008] [U] [ 251.141669][ T8008] [U] [ 251.144516][ T8008] [U] [ 251.147221][ T8008] [U] [ 251.149964][ T8008] [U] [ 251.208078][ T8008] [U] [ 251.210966][ T8008] [U] [ 251.213775][ T8008] [U] [ 251.216519][ T8008] [U] [ 251.330855][ T8008] [U] [ 251.333664][ T8008] [U] [ 251.336406][ T8008] [U] [ 251.339156][ T8008] [U] [ 251.488139][ T8008] [U] [ 251.491061][ T8008] [U] [ 251.493794][ T8008] [U] [ 251.496509][ T8008] [U] [ 251.614957][ T8008] [U] [ 251.617716][ T8008] [U] [ 251.620422][ T8008] [U] [ 251.623158][ T8008] [U] [ 251.719049][ T8008] [U] [ 251.721849][ T8008] [U] [ 251.724607][ T8008] [U] [ 251.727360][ T8008] [U] [ 251.730396][ T8008] [U] [ 251.733156][ T8008] [U] [ 251.735918][ T8008] [U] [ 251.738673][ T8008] [U] [ 251.748246][ T8008] [U] [ 251.751024][ T8008] [U] [ 251.753772][ T8008] [U] [ 251.756516][ T8008] [U] [ 251.759498][ T8008] [U] [ 251.762273][ T8008] [U] [ 251.764992][ T8008] [U] [ 251.767734][ T8008] [U] [ 251.770905][ T8008] [U] [ 251.773665][ T8008] [U] [ 251.776416][ T8008] [U] [ 251.779173][ T8008] [U] [ 251.782134][ T8008] [U] [ 251.784884][ T8008] [U] [ 251.787651][ T8008] [U] [ 251.790429][ T8008] [U] [ 251.820946][ T8008] [U] [ 251.823764][ T8008] [U] [ 251.826519][ T8008] [U] [ 251.829279][ T8008] [U] [ 251.951641][ T8008] [U] [ 251.954418][ T8008] [U] [ 251.957137][ T8008] [U] [ 251.959857][ T8008] [U] [ 252.048524][ T8008] [U] [ 252.051337][ T8008] [U] [ 252.054097][ T8008] [U] [ 252.056912][ T8008] [U] [ 252.076586][ T8024] random: crng reseeded on system resumption [ 252.188526][ T8008] [U] [ 252.191322][ T8008] [U] [ 252.194081][ T8008] [U] [ 252.196842][ T8008] [U] [ 252.200053][ T8008] [U] [ 252.202837][ T8008] [U] [ 252.205592][ T8008] [U] [ 252.208328][ T8008] [U] [ 252.209773][ T8008] [U] [ 252.214779][ T8008] [U] [ 252.217540][ T8008] [U] [ 252.220295][ T8008] [U] [ 252.223450][ T8008] [U] [ 252.226207][ T8008] [U] [ 252.228962][ T8008] [U] [ 252.231837][ T8008] [U] [ 252.234980][ T8008] [U] [ 252.237932][ T8008] [U] [ 252.240674][ T8008] [U] [ 252.243432][ T8008] [U] [ 252.246518][ T8008] [U] [ 252.249281][ T8008] [U] [ 252.252013][ T8008] [U] [ 252.254742][ T8008] [U] [ 252.258715][ T8008] [U] [ 252.261561][ T8008] [U] [ 252.264348][ T8008] [U] [ 252.267054][ T8008] [U] [ 252.270294][ T8008] [U] [ 252.273063][ T8008] [U] [ 252.275904][ T8008] [U] [ 252.278846][ T8008] [U] [ 252.285615][ T8008] [U] [ 252.288375][ T8008] [U] [ 252.291243][ T8008] [U] [ 252.293941][ T8008] [U] [ 252.297985][ T8008] [U] [ 252.300754][ T8008] [U] [ 252.303623][ T8008] [U] [ 252.306413][ T8008] [U] [ 252.334597][ T8008] [U] [ 252.337445][ T8008] [U] [ 252.340205][ T8008] [U] [ 252.342976][ T8008] [U] [ 252.403770][ T8008] [U] [ 252.406557][ T8008] [U] [ 252.409553][ T8008] [U] [ 252.412304][ T8008] [U] [ 252.416846][ T8008] [U] [ 252.419578][ T8008] [U] [ 252.422280][ T8008] [U] [ 252.424980][ T8008] [U] [ 252.428704][ T8008] [U] [ 252.431418][ T8008] [U] [ 252.434136][ T8008] [U] [ 252.436862][ T8008] [U] [ 252.454517][ T8008] [U] [ 252.457429][ T8008] [U] [ 252.460134][ T8008] [U] [ 252.462838][ T8008] [U] [ 252.498648][ T8026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.425'. [ 252.538268][ T8008] [U] [ 252.541076][ T8008] [U] [ 252.543851][ T8008] [U] [ 252.546640][ T8008] [U] [ 252.549593][ T8008] [U] [ 252.552361][ T8008] [U] [ 252.555124][ T8008] [U] [ 252.676656][ T8004] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[8004] [ 252.816095][ T8000] [U] [ 253.147487][ T8034] vhci_hcd: invalid port number 16 [ 253.170152][ T8034] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 253.299559][ T8033] FAULT_INJECTION: forcing a failure. [ 253.299559][ T8033] name fail_futex, interval 1, probability 0, space 0, times 0 [ 253.345510][ T8033] CPU: 0 UID: 0 PID: 8033 Comm: syz.1.428 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 253.345566][ T8033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.345583][ T8033] Call Trace: [ 253.345594][ T8033] [ 253.345606][ T8033] dump_stack_lvl+0x16c/0x1f0 [ 253.345655][ T8033] should_fail_ex+0x512/0x640 [ 253.345703][ T8033] get_futex_key+0x1d0/0x1540 [ 253.345745][ T8033] ? __pfx_get_futex_key+0x10/0x10 [ 253.345780][ T8033] ? __destroy_inode+0x2e4/0x730 [ 253.345808][ T8033] ? __pfx_sock_free_inode+0x10/0x10 [ 253.345846][ T8033] futex_wake+0xe7/0x4e0 [ 253.345885][ T8033] ? __pfx_evict+0x10/0x10 [ 253.345912][ T8033] ? __pfx_futex_wake+0x10/0x10 [ 253.345958][ T8033] ? iput+0x519/0x880 [ 253.345996][ T8033] do_futex+0x1e3/0x350 [ 253.346032][ T8033] ? __pfx_do_futex+0x10/0x10 [ 253.346065][ T8033] ? __sock_release+0x20b/0x270 [ 253.346113][ T8033] __x64_sys_futex+0x1e0/0x4c0 [ 253.346148][ T8033] ? __sys_socket+0xac/0x260 [ 253.346179][ T8033] ? fput+0x70/0xf0 [ 253.346205][ T8033] ? __pfx___x64_sys_futex+0x10/0x10 [ 253.346240][ T8033] ? xfd_validate_state+0x61/0x180 [ 253.346277][ T8033] ? __pfx_ksys_write+0x10/0x10 [ 253.346329][ T8033] do_syscall_64+0xcd/0x490 [ 253.346375][ T8033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.346404][ T8033] RIP: 0033:0x7f8f6378e929 [ 253.346429][ T8033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.346456][ T8033] RSP: 002b:00007f8f645ca0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 253.346485][ T8033] RAX: ffffffffffffffda RBX: 00007f8f639b5fa8 RCX: 00007f8f6378e929 [ 253.346503][ T8033] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8f639b5fac [ 253.346521][ T8033] RBP: 00007f8f639b5fa0 R08: 00007f8f645cb000 R09: 0000000000000000 [ 253.346547][ T8033] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f8f639b5fac [ 253.346564][ T8033] R13: 0000000000000000 R14: 00007fff4ee2f170 R15: 00007fff4ee2f258 [ 253.346602][ T8033] [ 254.114585][ T8031] FAULT_INJECTION: forcing a failure. [ 254.114585][ T8031] name failslab, interval 1, probability 0, space 0, times 0 [ 254.127367][ T8031] CPU: 1 UID: 0 PID: 8031 Comm: syz.3.427 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 254.127392][ T8031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 254.127403][ T8031] Call Trace: [ 254.127409][ T8031] [ 254.127416][ T8031] dump_stack_lvl+0x16c/0x1f0 [ 254.127446][ T8031] should_fail_ex+0x512/0x640 [ 254.127475][ T8031] should_failslab+0xc2/0x120 [ 254.127493][ T8031] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 254.127533][ T8031] ? __alloc_skb+0x2b2/0x380 [ 254.127560][ T8031] __alloc_skb+0x2b2/0x380 [ 254.127582][ T8031] ? __pfx___alloc_skb+0x10/0x10 [ 254.127603][ T8031] ? find_held_lock+0x2b/0x80 [ 254.127625][ T8031] ? __lock_acquire+0x622/0x1c90 [ 254.127650][ T8031] sctp_packet_transmit+0x1ca/0x3040 [ 254.127679][ T8031] ? find_held_lock+0x2b/0x80 [ 254.127696][ T8031] ? sctp_outq_flush+0xb4e/0x3350 [ 254.127720][ T8031] sctp_outq_flush+0xb68/0x3350 [ 254.127744][ T8031] ? __pfx_sctp_make_sack+0x10/0x10 [ 254.127769][ T8031] ? __pfx_sctp_outq_flush+0x10/0x10 [ 254.127799][ T8031] ? sctp_outq_tail+0x671/0xa30 [ 254.127822][ T8031] sctp_do_sm+0x1792/0x5c80 [ 254.127849][ T8031] ? __pfx_sctp_do_sm+0x10/0x10 [ 254.127925][ T8031] ? ktime_get+0x200/0x310 [ 254.127958][ T8031] ? lockdep_hardirqs_on+0x7c/0x110 [ 254.127993][ T8031] sctp_assoc_bh_rcv+0x392/0x6f0 [ 254.128017][ T8031] sctp_inq_push+0x1db/0x270 [ 254.128037][ T8031] sctp_backlog_rcv+0x169/0x590 [ 254.128061][ T8031] ? __pfx_sctp_backlog_rcv+0x10/0x10 [ 254.128082][ T8031] __release_sock+0x362/0x400 [ 254.128106][ T8031] ? lockdep_hardirqs_on+0x7c/0x110 [ 254.128132][ T8031] release_sock+0x5a/0x220 [ 254.128156][ T8031] sctp_wait_for_connect+0x1c4/0x5c0 [ 254.128175][ T8031] ? __pfx_sctp_wait_for_connect+0x10/0x10 [ 254.128191][ T8031] ? skb_set_owner_w+0x31f/0x710 [ 254.128212][ T8031] ? __pfx_autoremove_wake_function+0x10/0x10 [ 254.128232][ T8031] ? sctp_datamsg_put+0x58/0x5f0 [ 254.128255][ T8031] ? sctp_primitive_SEND+0x9f/0xd0 [ 254.128277][ T8031] sctp_sendmsg_to_asoc+0x182b/0x1bf0 [ 254.128303][ T8031] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 254.128321][ T8031] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 254.128342][ T8031] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 254.128366][ T8031] sctp_sendmsg+0xef5/0x1ee0 [ 254.128392][ T8031] ? __pfx_sctp_sendmsg+0x10/0x10 [ 254.128413][ T8031] ? __pfx___might_resched+0x10/0x10 [ 254.128441][ T8031] ? __pfx_aa_sk_perm+0x10/0x10 [ 254.128463][ T8031] ? __pfx_sctp_sendmsg+0x10/0x10 [ 254.128485][ T8031] inet_sendmsg+0x11c/0x140 [ 254.128508][ T8031] ____sys_sendmsg+0x973/0xc70 [ 254.128530][ T8031] ? __pfx_____sys_sendmsg+0x10/0x10 [ 254.128551][ T8031] ? find_held_lock+0x2b/0x80 [ 254.128568][ T8031] ? futex_unqueue+0x133/0x2c0 [ 254.128591][ T8031] ___sys_sendmsg+0x134/0x1d0 [ 254.128616][ T8031] ? __pfx____sys_sendmsg+0x10/0x10 [ 254.128651][ T8031] ? find_held_lock+0x2b/0x80 [ 254.128681][ T8031] __sys_sendmmsg+0x200/0x420 [ 254.128708][ T8031] ? __pfx___sys_sendmmsg+0x10/0x10 [ 254.128730][ T8031] ? __pfx_inet_bind_sk+0x10/0x10 [ 254.128758][ T8031] ? __pfx_do_futex+0x10/0x10 [ 254.128797][ T8031] ? xfd_validate_state+0x61/0x180 [ 254.128819][ T8031] ? __sys_setsockopt+0x140/0x1a0 [ 254.128845][ T8031] __x64_sys_sendmmsg+0x9c/0x100 [ 254.128868][ T8031] ? lockdep_hardirqs_on+0x7c/0x110 [ 254.128890][ T8031] do_syscall_64+0xcd/0x490 [ 254.128915][ T8031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.128932][ T8031] RIP: 0033:0x7f25c8b8e929 [ 254.128947][ T8031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.128962][ T8031] RSP: 002b:00007f25c9981038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 254.128978][ T8031] RAX: ffffffffffffffda RBX: 00007f25c8db5fa0 RCX: 00007f25c8b8e929 [ 254.128989][ T8031] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000003 [ 254.128998][ T8031] RBP: 00007f25c8c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 254.129007][ T8031] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 254.129016][ T8031] R13: 0000000000000000 R14: 00007f25c8db5fa0 R15: 00007ffe6a352058 [ 254.129038][ T8031] [ 255.051620][ T8052] netlink: 338 bytes leftover after parsing attributes in process `syz.0.431'. [ 255.093081][ T8052] netlink: 338 bytes leftover after parsing attributes in process `syz.0.431'. [ 255.152664][ T8052] netlink: 290 bytes leftover after parsing attributes in process `syz.0.431'. [ 255.351808][ T8063] hub 8-0:1.0: USB hub found [ 255.366167][ T8063] hub 8-0:1.0: 1 port detected [ 256.301453][ T8071] netlink: 28 bytes leftover after parsing attributes in process `syz.0.436'. [ 256.370045][ T8075] nfs4: Unknown parameter '' syzkaller syzkaller login: [ 257.073001][ T8083] ptrace attach of "./syz-executor exec"[5852] was attempted by "./syz-executor exec"[8083] [ 257.444672][ T8095] netlink: 338 bytes leftover after parsing attributes in process `syz.3.439'. [ 257.730872][ T8102] Invalid ELF header magic: != ELF [ 257.912916][ T8103] FAULT_INJECTION: forcing a failure. [ 257.912916][ T8103] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 257.973983][ T8103] CPU: 0 UID: 0 PID: 8103 Comm: syz.1.440 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 257.974028][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 257.974044][ T8103] Call Trace: [ 257.974055][ T8103] [ 257.974066][ T8103] dump_stack_lvl+0x16c/0x1f0 [ 257.974114][ T8103] should_fail_ex+0x512/0x640 [ 257.974163][ T8103] _copy_from_user+0x2e/0xd0 [ 257.974211][ T8103] copy_msghdr_from_user+0x98/0x160 [ 257.974256][ T8103] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 257.974306][ T8103] ? kfree+0x24f/0x4d0 [ 257.974344][ T8103] ? futex_unqueue+0x133/0x2c0 [ 257.974385][ T8103] ___sys_sendmsg+0xfe/0x1d0 [ 257.974431][ T8103] ? __pfx____sys_sendmsg+0x10/0x10 [ 257.974511][ T8103] ? __pfx___might_resched+0x10/0x10 [ 257.974552][ T8103] __sys_sendmmsg+0x200/0x420 [ 257.974601][ T8103] ? __pfx___sys_sendmmsg+0x10/0x10 [ 257.974641][ T8103] ? __pfx_inet_bind_sk+0x10/0x10 [ 257.974692][ T8103] ? __pfx_do_futex+0x10/0x10 [ 257.974750][ T8103] ? xfd_validate_state+0x61/0x180 [ 257.974793][ T8103] ? __sys_setsockopt+0x140/0x1a0 [ 257.974837][ T8103] __x64_sys_sendmmsg+0x9c/0x100 [ 257.974874][ T8103] ? lockdep_hardirqs_on+0x7c/0x110 [ 257.974909][ T8103] do_syscall_64+0xcd/0x490 [ 257.974952][ T8103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.974985][ T8103] RIP: 0033:0x7f8f6378e929 [ 257.975006][ T8103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.975034][ T8103] RSP: 002b:00007f8f645a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 257.975060][ T8103] RAX: ffffffffffffffda RBX: 00007f8f639b6080 RCX: 00007f8f6378e929 [ 257.975076][ T8103] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000003 [ 257.975090][ T8103] RBP: 00007f8f63810b39 R08: 0000000000000000 R09: 0000000000000000 [ 257.975104][ T8103] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 257.975119][ T8103] R13: 0000000000000000 R14: 00007f8f639b6080 R15: 00007fff4ee2f258 [ 257.975153][ T8103] [ 258.546918][ T8113] sp0: Synchronizing with TNC [ 258.653006][ T8113] i2c i2c-0: delete_device: Can't find device in list [ 259.110711][ T8131] netlink: 338 bytes leftover after parsing attributes in process `syz.2.450'. [ 259.151638][ T8131] netlink: 338 bytes leftover after parsing attributes in process `syz.2.450'. [ 259.172616][ T8132] rtc_cmos 00:00: in use; can't configure [ 259.189894][ T8128] netlink: 290 bytes leftover after parsing attributes in process `syz.2.450'. [ 260.456798][ T8161] blktrace: Concurrent blktraces are not allowed on loop2 [ 261.029087][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.035562][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 263.328686][ T8212] netlink: 342 bytes leftover after parsing attributes in process `syz.3.462'. [ 263.336937][ T8201] hub 8-0:1.0: USB hub found [ 263.346791][ T8201] hub 8-0:1.0: 1 port detected [ 263.553189][ T8211] CIFS mount error: No usable UNC path provided in device string! [ 263.553189][ T8211] [ 263.563865][ T8211] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 264.571179][ T8231] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 265.016642][ T8232] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 266.868894][ T8258] netlink: 'syz.3.470': attribute type 4 has an invalid length. [ 266.877099][ T8258] netlink: 314 bytes leftover after parsing attributes in process `syz.3.470'. [ 267.183786][ T8262] vhci_hcd: invalid port number 16 [ 267.193304][ T8262] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 267.383295][ T8261] hub 8-0:1.0: USB hub found [ 267.391860][ T8261] hub 8-0:1.0: 1 port detected [ 270.035062][ T8328] netlink: 48 bytes leftover after parsing attributes in process `syz.3.485'. [ 270.285620][ T8327] hub 8-0:1.0: USB hub found [ 270.370321][ T8327] hub 8-0:1.0: 1 port detected [ 270.506648][ T8333] vhci_hcd: invalid port number 16 [ 270.559777][ T8333] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 271.008699][ T5860] udevd[5860]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 271.563834][ T8347] netlink: 342 bytes leftover after parsing attributes in process `syz.1.490'. [ 272.403185][ T8368] vcan0: tx drop: invalid da for name 0x000000000000003f [ 272.480840][ T8361] netlink: 504 bytes leftover after parsing attributes in process `syz.0.492'. [ 273.730497][ T8403] vhci_hcd: invalid port number 16 [ 273.790076][ T8403] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 275.194205][ T8435] netlink: 206 bytes leftover after parsing attributes in process `syz.3.510'. [ 275.326589][ T8435] netlink: 206 bytes leftover after parsing attributes in process `syz.3.510'. [ 275.365437][ T8435] netlink: 206 bytes leftover after parsing attributes in process `syz.3.510'. [ 275.468054][ T8435] netlink: 206 bytes leftover after parsing attributes in process `syz.3.510'. [ 275.514398][ T8435] netlink: 206 bytes leftover after parsing attributes in process `syz.3.510'. [ 275.602269][ T8435] netlink: 206 bytes leftover after parsing attributes in process `syz.3.510'. [ 275.611917][ T8435] netlink: 206 bytes leftover after parsing attributes in process `syz.3.510'. [ 275.622590][ T8435] netlink: 206 bytes leftover after parsing attributes in process `syz.3.510'. [ 275.632573][ T8435] netlink: 206 bytes leftover after parsing attributes in process `syz.3.510'. [ 275.643533][ T8435] netlink: 206 bytes leftover after parsing attributes in process `syz.3.510'. [ 277.979056][ T8478] CIFS mount error: No usable UNC path provided in device string! [ 277.979056][ T8478] [ 277.991982][ T8478] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 281.224228][ T8527] __nla_validate_parse: 24 callbacks suppressed [ 281.224284][ T8527] netlink: 48 bytes leftover after parsing attributes in process `syz.2.528'. [ 282.633500][ T8551] netlink: 342 bytes leftover after parsing attributes in process `syz.1.536'. [ 282.665568][ T8551] netlink: 218 bytes leftover after parsing attributes in process `syz.1.536'. [ 282.927551][ T8550] netlink: 28 bytes leftover after parsing attributes in process `syz.0.535'. [ 283.299049][ T8571] vhci_hcd: invalid port number 16 [ 283.310332][ T8571] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub syzkaller syzkaller login: [ 284.332330][ T8582] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 285.863547][ T8594] sctp: failed to load transform for md5: -4 [ 286.439900][ T8638] Console: switching to colour VGA+ 80x25 [ 286.696365][ T8632] could not allocate digest TFM handle [ 286.891517][ T8646] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 287.757972][ T8636] ================================================================== [ 287.757992][ T8636] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 287.758036][ T8636] Read of size 256 at addr ffff888029386860 by task syz.2.553/8636 [ 287.758050][ T8636] [ 287.758059][ T8636] CPU: 1 UID: 0 PID: 8636 Comm: syz.2.553 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 287.758081][ T8636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 287.758091][ T8636] Call Trace: [ 287.758097][ T8636] [ 287.758103][ T8636] dump_stack_lvl+0x116/0x1f0 [ 287.758129][ T8636] print_report+0xcd/0x680 [ 287.758144][ T8636] ? __virt_addr_valid+0x81/0x610 [ 287.758162][ T8636] ? __phys_addr+0xe8/0x180 [ 287.758179][ T8636] ? fbcon_prepare_logo+0xa03/0xc70 [ 287.758203][ T8636] kasan_report+0xe0/0x110 [ 287.758220][ T8636] ? fbcon_prepare_logo+0xa03/0xc70 [ 287.758246][ T8636] kasan_check_range+0x100/0x1b0 [ 287.758265][ T8636] __asan_memcpy+0x23/0x60 [ 287.758286][ T8636] fbcon_prepare_logo+0xa03/0xc70 [ 287.758313][ T8636] fbcon_init+0xd77/0x1900 [ 287.758342][ T8636] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 287.758384][ T8636] visual_init+0x31d/0x620 [ 287.758415][ T8636] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 287.758465][ T8636] store_bind+0x61d/0x760 [ 287.758490][ T8636] ? sysfs_file_kobj+0xe4/0x290 [ 287.758510][ T8636] ? __pfx_store_bind+0x10/0x10 [ 287.758532][ T8636] dev_attr_store+0x58/0x80 [ 287.758549][ T8636] ? __pfx_dev_attr_store+0x10/0x10 [ 287.758564][ T8636] sysfs_kf_write+0xef/0x150 [ 287.758583][ T8636] kernfs_fop_write_iter+0x351/0x510 [ 287.758600][ T8636] ? __pfx_sysfs_kf_write+0x10/0x10 [ 287.758620][ T8636] vfs_write+0x6c7/0x1150 [ 287.758642][ T8636] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 287.758660][ T8636] ? __pfx___mutex_lock+0x10/0x10 [ 287.758684][ T8636] ? __pfx_vfs_write+0x10/0x10 [ 287.758712][ T8636] ksys_write+0x12a/0x250 [ 287.758734][ T8636] ? __pfx_ksys_write+0x10/0x10 [ 287.758759][ T8636] do_syscall_64+0xcd/0x490 [ 287.758784][ T8636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.758801][ T8636] RIP: 0033:0x7ff12bb8e929 [ 287.758814][ T8636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 287.758831][ T8636] RSP: 002b:00007ff12ca36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 287.758847][ T8636] RAX: ffffffffffffffda RBX: 00007ff12bdb5fa0 RCX: 00007ff12bb8e929 [ 287.758858][ T8636] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 287.758867][ T8636] RBP: 00007ff12bc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 287.758877][ T8636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 287.758887][ T8636] R13: 0000000000000000 R14: 00007ff12bdb5fa0 R15: 00007fff905c1398 [ 287.758901][ T8636] [ 287.758907][ T8636] [ 287.758911][ T8636] Allocated by task 8641: [ 287.758919][ T8636] kasan_save_stack+0x33/0x60 [ 287.758942][ T8636] kasan_save_track+0x14/0x30 [ 287.758964][ T8636] __kasan_kmalloc+0xaa/0xb0 [ 287.758985][ T8636] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 287.759010][ T8636] kmalloc_reserve+0xef/0x2c0 [ 287.759025][ T8636] __alloc_skb+0x166/0x380 [ 287.759045][ T8636] rtmsg_ifinfo_build_skb+0x81/0x280 [ 287.759061][ T8636] rtmsg_ifinfo+0x9f/0x1a0 [ 287.759074][ T8636] register_netdevice+0x1bd9/0x2270 [ 287.759088][ T8636] __ip_tunnel_create+0x540/0x6e0 [ 287.759105][ T8636] ip_tunnel_init_net+0x22f/0x7d0 [ 287.759122][ T8636] ops_init+0x1df/0x5f0 [ 287.759144][ T8636] setup_net+0x1ff/0x510 [ 287.759166][ T8636] copy_net_ns+0x2a6/0x5f0 [ 287.759179][ T8636] create_new_namespaces+0x3ea/0xa90 [ 287.759196][ T8636] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 287.759216][ T8636] ksys_unshare+0x45b/0xa40 [ 287.759236][ T8636] __x64_sys_unshare+0x31/0x40 [ 287.759256][ T8636] do_syscall_64+0xcd/0x490 [ 287.759278][ T8636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.759293][ T8636] [ 287.759297][ T8636] Freed by task 8641: [ 287.759304][ T8636] kasan_save_stack+0x33/0x60 [ 287.759325][ T8636] kasan_save_track+0x14/0x30 [ 287.759347][ T8636] kasan_save_free_info+0x3b/0x60 [ 287.759365][ T8636] __kasan_slab_free+0x51/0x70 [ 287.759387][ T8636] kfree+0x2b4/0x4d0 [ 287.759405][ T8636] skb_free_head+0x114/0x210 [ 287.759424][ T8636] skb_release_data+0x776/0x9c0 [ 287.759445][ T8636] consume_skb+0xbf/0x100 [ 287.759464][ T8636] netlink_broadcast_filtered+0x3d5/0xf10 [ 287.759489][ T8636] nlmsg_notify+0x9e/0x220 [ 287.759503][ T8636] rtmsg_ifinfo+0x174/0x1a0 [ 287.759517][ T8636] register_netdevice+0x1bd9/0x2270 [ 287.759530][ T8636] __ip_tunnel_create+0x540/0x6e0 [ 287.759546][ T8636] ip_tunnel_init_net+0x22f/0x7d0 [ 287.759564][ T8636] ops_init+0x1df/0x5f0 [ 287.759596][ T8636] setup_net+0x1ff/0x510 [ 287.759630][ T8636] copy_net_ns+0x2a6/0x5f0 [ 287.759651][ T8636] create_new_namespaces+0x3ea/0xa90 [ 287.759676][ T8636] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 287.759703][ T8636] ksys_unshare+0x45b/0xa40 [ 287.759729][ T8636] __x64_sys_unshare+0x31/0x40 [ 287.759749][ T8636] do_syscall_64+0xcd/0x490 [ 287.759771][ T8636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.759786][ T8636] [ 287.759790][ T8636] The buggy address belongs to the object at ffff888029386000 [ 287.759790][ T8636] which belongs to the cache kmalloc-2k of size 2048 [ 287.759803][ T8636] The buggy address is located 96 bytes to the right of [ 287.759803][ T8636] allocated 2048-byte region [ffff888029386000, ffff888029386800) [ 287.759819][ T8636] [ 287.759824][ T8636] The buggy address belongs to the physical page: [ 287.759830][ T8636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29380 [ 287.759844][ T8636] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 287.759857][ T8636] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 287.759872][ T8636] page_type: f5(slab) [ 287.759886][ T8636] raw: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 287.759901][ T8636] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 287.759916][ T8636] head: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 287.759931][ T8636] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 287.759945][ T8636] head: 00fff00000000003 ffffea0000a4e001 00000000ffffffff 00000000ffffffff [ 287.759959][ T8636] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 287.759968][ T8636] page dumped because: kasan: bad access detected [ 287.759976][ T8636] page_owner tracks the page as allocated [ 287.759981][ T8636] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5944, tgid 5944 (kworker/1:5), ts 101508625281, free_ts 101419006500 [ 287.760010][ T8636] post_alloc_hook+0x1c0/0x230 [ 287.760031][ T8636] get_page_from_freelist+0x1321/0x3890 [ 287.760053][ T8636] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 287.760076][ T8636] alloc_pages_mpol+0x1fb/0x550 [ 287.760089][ T8636] new_slab+0x23b/0x330 [ 287.760107][ T8636] ___slab_alloc+0xd9c/0x1940 [ 287.760125][ T8636] __slab_alloc.constprop.0+0x56/0xb0 [ 287.760144][ T8636] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 287.760169][ T8636] kmalloc_reserve+0xef/0x2c0 [ 287.760183][ T8636] __alloc_skb+0x166/0x380 [ 287.760202][ T8636] mld_newpack.isra.0+0x18e/0xa20 [ 287.760221][ T8636] add_grhead+0x299/0x340 [ 287.760238][ T8636] add_grec+0x112a/0x1680 [ 287.760257][ T8636] mld_send_initial_cr.part.0+0xe2/0x260 [ 287.760278][ T8636] mld_dad_work+0x51/0x2d0 [ 287.760297][ T8636] process_one_work+0x9cf/0x1b70 [ 287.760321][ T8636] page last free pid 5856 tgid 5856 stack trace: [ 287.760329][ T8636] __free_frozen_pages+0x7fe/0x1180 [ 287.760348][ T8636] qlist_free_all+0x4d/0x120 [ 287.760368][ T8636] kasan_quarantine_reduce+0x195/0x1e0 [ 287.760390][ T8636] __kasan_slab_alloc+0x69/0x90 [ 287.760413][ T8636] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 287.760433][ T8636] nsim_fib_event_work+0x17f5/0x2e80 [ 287.760447][ T8636] process_one_work+0x9cf/0x1b70 [ 287.760477][ T8636] worker_thread+0x6c8/0xf10 [ 287.760500][ T8636] kthread+0x3c2/0x780 [ 287.760520][ T8636] ret_from_fork+0x5d7/0x6f0 [ 287.760541][ T8636] ret_from_fork_asm+0x1a/0x30 [ 287.760558][ T8636] [ 287.760562][ T8636] Memory state around the buggy address: [ 287.760570][ T8636] ffff888029386700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 287.760582][ T8636] ffff888029386780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 287.760593][ T8636] >ffff888029386800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 287.760602][ T8636] ^ [ 287.760611][ T8636] ffff888029386880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 287.760623][ T8636] ffff888029386900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 287.760632][ T8636] ================================================================== [ 287.769868][ T8636] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 287.769885][ T8636] CPU: 1 UID: 0 PID: 8636 Comm: syz.2.553 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 287.769908][ T8636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 287.769919][ T8636] Call Trace: [ 287.769925][ T8636] [ 287.769931][ T8636] dump_stack_lvl+0x3d/0x1f0 [ 287.769959][ T8636] panic+0x71c/0x800 [ 287.769983][ T8636] ? __pfx_panic+0x10/0x10 [ 287.770005][ T8636] ? irqentry_exit+0x3b/0x90 [ 287.770028][ T8636] ? lockdep_hardirqs_on+0x7c/0x110 [ 287.770051][ T8636] ? preempt_schedule_thunk+0x16/0x30 [ 287.770074][ T8636] ? fbcon_prepare_logo+0xa03/0xc70 [ 287.770099][ T8636] ? preempt_schedule_common+0x44/0xc0 [ 287.770122][ T8636] ? check_panic_on_warn+0x1f/0xb0 [ 287.770147][ T8636] ? fbcon_prepare_logo+0xa03/0xc70 [ 287.770171][ T8636] check_panic_on_warn+0xab/0xb0 [ 287.770195][ T8636] end_report+0x107/0x170 [ 287.770213][ T8636] kasan_report+0xee/0x110 [ 287.770229][ T8636] ? fbcon_prepare_logo+0xa03/0xc70 [ 287.770255][ T8636] kasan_check_range+0x100/0x1b0 [ 287.770274][ T8636] __asan_memcpy+0x23/0x60 [ 287.770295][ T8636] fbcon_prepare_logo+0xa03/0xc70 [ 287.770323][ T8636] fbcon_init+0xd77/0x1900 [ 287.770347][ T8636] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 287.770376][ T8636] visual_init+0x31d/0x620 [ 287.770397][ T8636] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 287.770424][ T8636] store_bind+0x61d/0x760 [ 287.770448][ T8636] ? sysfs_file_kobj+0xe4/0x290 [ 287.770476][ T8636] ? __pfx_store_bind+0x10/0x10 [ 287.770498][ T8636] dev_attr_store+0x58/0x80 [ 287.770514][ T8636] ? __pfx_dev_attr_store+0x10/0x10 [ 287.770529][ T8636] sysfs_kf_write+0xef/0x150 [ 287.770549][ T8636] kernfs_fop_write_iter+0x351/0x510 [ 287.770566][ T8636] ? __pfx_sysfs_kf_write+0x10/0x10 [ 287.770586][ T8636] vfs_write+0x6c7/0x1150 [ 287.770609][ T8636] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 287.770633][ T8636] ? __pfx___mutex_lock+0x10/0x10 [ 287.770658][ T8636] ? __pfx_vfs_write+0x10/0x10 [ 287.770685][ T8636] ksys_write+0x12a/0x250 [ 287.770708][ T8636] ? __pfx_ksys_write+0x10/0x10 [ 287.770733][ T8636] do_syscall_64+0xcd/0x490 [ 287.770757][ T8636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.770775][ T8636] RIP: 0033:0x7ff12bb8e929 [ 287.770789][ T8636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 287.770805][ T8636] RSP: 002b:00007ff12ca36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 287.770822][ T8636] RAX: ffffffffffffffda RBX: 00007ff12bdb5fa0 RCX: 00007ff12bb8e929 [ 287.770838][ T8636] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 287.770848][ T8636] RBP: 00007ff12bc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 287.770858][ T8636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 287.770868][ T8636] R13: 0000000000000000 R14: 00007ff12bdb5fa0 R15: 00007fff905c1398 [ 287.770883][ T8636] [ 287.771041][ T8636] Kernel Offset: disabled