last executing test programs: 4.650214537s ago: executing program 2 (id=2821): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b80ebd01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)="785ca020027e0dc0023af105000000abfa2037020000dd2b8eddc1464659269d1dae9c9d395dfa672b915daea9e139b4514252ce3b445c299703686d4948cc95afd915259ef4d6b0bde08483880fe164c3c4a1e072fb6762a4a7150281605bc1e4a04af02f7ea2cd404f29f0142eb2575ab23b928231512a797e76821b002438d00052cd78c9854d59c006f4a0ab7f92c8659235eda9671c6b", 0x99) 4.427029873s ago: executing program 2 (id=2822): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@l2tp={0x2, 0x0, @loopback, 0x3}, 0xfffffff9) bind$auto(0x3, 0x0, 0x6a) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0xffffffffffffffff, 0x23, 0x65, 0x8000001f, 0x8, 0x6d40, 0xa, 0x3, 0x8]}, 0x0) mmap$auto(0xfffffffffffffffd, 0x4, 0x1, 0xeb2, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2003f0, 0x3) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x9, 0x3, 0xeb3, 0xfffefffffffffffa, 0x8000) r2 = open(0x0, 0x5db443, 0x180) fcntl$auto(r2, 0x5, 0x40003f) mmap$auto(0x1, 0x400008, 0xe0, 0x634, r1, 0xfcb2) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/batman_adv/parameters/routing_algo\x00', 0x8182, 0x0) write$auto(r3, 0x0, 0x9) mmap$auto(0x0, 0xe983, 0x7, 0xeb1, r3, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x69e200, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0xdcf01, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) 4.051697623s ago: executing program 1 (id=2824): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) 2.973720512s ago: executing program 2 (id=2827): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mtd0ro\x00', 0x2c00, 0x0) ioctl$auto_MEMREADOOB(r1, 0xc0104d04, &(0x7f0000000040)={0x20007763, 0x80, 0x0}) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_fastopen_key\x00', 0x8300, 0x0) read$auto(r2, &(0x7f0000000240)='nl80211\x00', 0x7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00', @ANYRES16, @ANYBLOB="010026bd7000fcdbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="0800010048530400080002f273004d5b27e0b385a3c67e6997759a6fd4d9d33938fb10e9237ec8f6087f969ced53d772298282153b732f01e71230c35587361ac5b804f2da79c20a26b23ddf571a404e11b12c5108b831381ea194923f8b918d21026e07bc2cd8ecafd9e3bcf0bf45c83cdc95e3aa8de5ceb29095afcfd824c92d0f8a8e569e03ba72883b82a3cb888c10951264e475202eaf3ac0aae52c5cc58842d6d7528211e73baf5fe47fe0f8f3e726edf7356b7fbe5949ea4cc17b2c0dfd7e9c85ad2b0834de830561ecc8b4b48ea3eef99d36354074852486041be4dfa459a2d8d85cc9a8798f73ecbca4650fe0d7f9c0e5fe3703609a9152bb533f460d46d0e14f6314ebb1a1466b72922800d4db0263e59fde186cf3eb6f79196704000d08d65f7be9b37d1dac18d0ff386147db0e2146ba33c3597d352c6c4ef77ff7d4e7e8334393f68cc3821d658db6c3954eae579da0b10befc57660de7eed3f060d8f3b7e3bb14eeb44285dc5a4b98cbfe17329"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x80) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r3 = socket(0x2, 0x1, 0x106) bind$auto(r3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) r4 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_notify$auto(r4, 0x0) futimesat$auto(r4, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x3, 0x10000}) clock_settime$auto(0xa, 0x0) futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4002, 0x4}, 0x77, 0xfffffffc, 0x0, 0x62bd) setitimer$auto(0x2, &(0x7f0000000040)={{}, {0x0, 0x8}}, 0x0) r5 = socket(0x2, 0x1, 0x106) r6 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000500), r0) shmctl$auto_IPC_SET(0x6, 0x1, &(0x7f0000000700)={{0x1, 0xffffffffffffffff, 0xee01, 0x7, 0x8, 0x9, 0x7}, 0x1, 0x0, 0x59c0, 0x3, @raw=0x4, @inferred, 0x6, 0x0, &(0x7f0000000540)="9f09195ea10b72a68782d42b5d4e8b9f8ad4e4143c9639d768d55f2f6886f3e27b613c89b35d7161604b7eb9de9a6d845e5bc7c359a2f935865a4c4b26ef3af0ecc5d4099a81bc352e977b5df1b4040c2e56474187b644b7f7f4ed8f93022499674ff0ffcc496fcec46cd2fc147bb3e3255c160f483b125f38eb03fde1ed2071b2989e4cf212892e352b715fc7fcb7790ddef946eefcf99f451b8910247591fd0a27de85f5d13ceba9d2164dc1053dc8bc3e51f688bafb1d03f0f25acb096f6b2c20c183511bb5", &(0x7f0000000640)="15abf6a8d820e0515e38fc326fc8deb19668c9054db5b12d4cdbe5e4d8e1d48faf3fc3895a4beb538e0bc133c6d10bd315762e81bc35c5f82632078bd7a206fc30a3e12643f819626b828f598f03cc0bc83e7645e62c31f749cec80c026fe16b01aa42f9f06c1ad5eb36992ef1474662f2cab081eb2d95ccbaf25460d4422592d54be7b7be5f42eeb6a630d0c5ea947ef72f"}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000780)={'veth1_to_batadv\x00', 0x0}) shmctl$auto_IPC_RMID(0x101, 0x0, &(0x7f00000008c0)={{0x5, 0xee01, 0xee01, 0x6, 0x6, 0xfff, 0xfffc}, 0x5, 0x5, 0x9, 0x2, @inferred=0xffffffffffffffff, @raw=0x8, 0x4, 0x0, &(0x7f00000007c0)="b3d41bc0d6fc29be803ce3b4f468a832cea507ad6d9cceb5d35ec675ed0236522c98cd9ae3065368c94196428c1ed0387f004626c4bdf880cfee4c67bd50f5e9f2cbfc3a7cc9df0c2c449517c6", &(0x7f0000000840)="8140fdeab5f1c432167eec2897ad7261fe58b5dc057bb3263c17e1263bff3a92b65cc25bf81353becc4f5928e8587397744718df0553e169dd8aa6316e4ad93506e8"}) shmctl$auto_SHM_UNLOCK(0x0, 0xc, &(0x7f0000000ac0)={{0x7, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xe, 0x4, 0x1}, 0x3e43, 0x7, 0xff, 0x3, @inferred=0xffffffffffffffff, @raw=0x1, 0x5, 0x0, &(0x7f0000000940)="226e54d4fce80dca70489144442cd4773cff473e07ddf463f419f301f47da6991387438868e685665a262f22f031931a809debf7ce874729e4342302c3978737e590e6efdddb3d8263563c1af20c66d3909e3872aee1f06c04310c629aaba599e67ef344cef5568d9b16f3d4a6e1a5aa0e534a1f2c42617b4dfcb376e561c34c90f04d5dc60f1937d0b021645f6a068e7bb432878c626ef1988ad671c8832e15838ef1e9e6785fec24fa297bddad462edbf3467fbd5a49b3278b3c623995c6a1c2e4862439da17b6dbef090536899dee969b099921d5823d93fd03f44c", &(0x7f0000000a40)="8cebb0e3f3fd4fdc5224129c311e5b1d1b07aab3d300da73ead513bbf2278a1b55832729418e1c7c44fe3db11503a48a0ed31af268413cf97d3ffd77a482ce9e06219fffe2692bc8a86f807b9d1bd1edd9476050ce1083ce3eb12a727178ff235194da59b113388cd881a44d5872c9"}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000b40)={'syzkaller0\x00', 0x0}) sendmsg$auto_MACSEC_CMD_UPD_RXSA(r4, &(0x7f0000002740)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000002700)={&(0x7f0000000b80)={0x1b6c, r6, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [@MACSEC_ATTR_SA_CONFIG={0x12b3, 0x3, 0x0, 0x1, [@nested={0x1a3, 0xe5, 0x0, 0x1, [@nested={0x4, 0x23}, @nested={0x4, 0xaa}, @nested={0x4, 0x27}, @typed={0x14, 0x17, 0x0, 0x0, @ipv6=@mcast2}, @generic="5495cff8d599f58207859bcb7976faedf8596440bca21a88dda657bef9e4f7c5d8a79498d5e2c987e626f270d55ca43de9d500927e32c70d9327475b978c9d7a9f2b5c4ff19b6b977008fec9e15bc72a68d849c998d25e7681ded44757af49860f32eeffce65a96f75d7ad111ac8b9742e531ccd3509e224f6a093af1af0f9ff59e22ff62ace6ebbec0f702c3dc7ddfdffae4c4978ca2131ed74decb75b8f29cc41edba5a33ae49e7e7aaccbc72fa8728b1be1375f5c24e4d26fb5ba58822a72280745dec7431c4b3f1c85fd4607951609731f34f1fc1d0e0bd118d93e36868b649b66e452055fa5addb6445f8d0ac0c35776ff2ba", @typed={0x8, 0x87, 0x0, 0x0, @uid=r7}, @generic="aef78a0ec577a6f6c352380378fc46786ab9b94078c3ea91a1dcdf39725376d47706084794f58e2f16d26b9cda2fe1dfd66629ef12377b7ea33b80f8e92c57d854b2388bc1187aebbec3f5c2f30caad5ef0d2e675c58cde0327272a5d7ad7d7697d420fbe30362e2b7357616498cf02a66c919672429", @typed={0x5, 0xcd, 0x0, 0x0, @str='\x00'}, @typed={0x4, 0x6e}]}, @generic="6a8a3a132ea71ce134577d56891ee024ccaf13da79f0285add67fa3cc23ebee4d6515698cde9a3d6809cab9ce2e9884b5633c3624dd998a11e1e5d0d8fbd25e1f62babe0438d7d36091509ac4a6c07414262e0101227887712d4a2d1017af3da060dd84b85ff4c0714483c426c721653238c9b4606c1b7c58aeb8dc4e62d4c06262c", @generic="f35d83021e162aa2d80f694b7f764dbdd0af3d97d0a9027d1a4fda7b3dc1a68cc6f5b6e870e7e62541cef6db94f0850518839f19dc687c43b80c687a52c5195c5b5c9bd5bb579d3621c49fdd47ee2688fc0a9385df0f335a1bef66df99239788fc248f7658dca2965954f627cea4cb31f1d1f2718b6b7c5d197ecda60de3baa804b8f4f83a7dcedcb72b5bd02b8f78dbeae56ed7bc1279738d0fd27f97b98246a610eadd2e82b0a255546ada7e2a77791f47dbd2b20c737b9480f0155c8078137a25738703f63ee21e6c64a47f86f6cb961c89f73cdcdab71e827e70c31e15d50b4eba7f9eac44d7fdaa97bb2c50d064e86ace976ed8400e773a55c96872c778fd0a858e96eefca5522ef7491f1c4546bcdf941c310f5d7104cad91acc6aa4e38a8ba291f8a4ec270ff09bc132fb21e97b7c9be6b936d27aa438fd4496fc2667e68e3296a3eb2ef3e9afd0bbb2553d15a3d3c7548ffccf6021b2657cbc80607affd1819a8d27a328e94b05384b36fdc769dbfaf5a048eeda11d8f831a7c78ef888c926a4a9162c94d8053c919bcfd7c752daa70226a2da26aa985ece42d1662559607c42f8b8f57cd66fc708f6ae020e37d077b3f796a7d9271c5c12ee350f69724ae3495670e0d6c02a695e3d077a0929ed692018f4049727a1d7efde93b49ee87850e1759366f998424e2e839e9705fe652b2279da6f8395e180e911c51eb908beea6b420bba2997c291888ccac0a0109f29a3eba47db9ca332522f4005fd3c3f2e8a925dd5ac979460d3bfadd7dcc6b029d7733c9a5661ae9f6a89a7d8120358391e423fca24491f75b8ae0dd03e71fab181e2467d15c40f0d5fc94de3c317226d6e56aba9ea76f8afde4f20a3e31293c6951448fa5be78c4c643f9f1c3c4bc20c46bdd866d30a808b48d212dcca67c28e2020d265ae4a1407f8f56b42c3223eeb06359c4d8fbea4a75a5bc695a632fede55c512c12116b3c4e602b8d36fe33c647d090992c012e1d432ab7ba66003b65bb6eb4d2cefa558ed07642f8af7ec21ee5a49de6d1bcc38272027e566e9f8357500df3ee07f3086ac2e6e706e43e16e8435aa42a7cc4d7ffbbfe13893e3e00e3919d77b6864fa987d7ee0905de3bc684272c9a29869c262fd7a5a9ebcbf6ef4dea2585ff95784cf7b6d05910b2881a26813b2378a0a310b2a522f96ae2698b031affbc630b197ee7c0c4fda85501f1a439af0c200c238b3739f419d925f810064307f4c72ba37249a4ca4f97edc8bdcccd61f631b6b4ae1385f83e1ada3e4058077da2af011168a64d4b894894b235aebe86ed3b19439472fc31e594cacf06ea423f5f2825f9ad4fc632251de35935b0877384f555fc5c707599972955a0da2dbce7187f733ed9264febf245b2efca610a6584e167a6ff921f6b4619bf02596a200c46770d7b542151b5d3e57cc7ff009a48c5e96add62cf73b894ea141b0e8e9c3af04b04a3e13312aa3422f3b188e32de70e588d467912e615f5830f082930a43f219fc1ad3efd1eb6395e89b46f402e5fb8ecf82dbb9a253a6ef116b0ed4648fb1692fb3684919bb7e71723ea27756f5d0b778da2dc10704d8fbe4966a01a48255389dad757b0592ef479ace9ebf8b068e44f91a4ea7f849fa7cc6358ca5a43012a9c97d19ea4bc2076bf3b10c1d23d2a7944f49308c4312d288c2fb45d4ecce2edbf975934696e901021c53df6dccfacf9fed09584ab34b93c634f0d959e02cc0329b4cdc023b46f8a5aed12c19e999a6e86af1c478eb37118beec2e17ad64178bdfc609e77e217620724be3f009cd7ad01f72f7c6cac60e1e2d48abb5e55cec75d8fad51ab0309f46cbe947e1565e2cd31d4c32c1255ec9649b232e164452e1badc52e2d44989290ea502d2260fd44226f25b8430b0009d0ca7fd0d0cbf4e214ebfdf01987d810d40532f2d9931a0ed269357d336408faf40265523cdb913e61391c6362ab4fe79536dfa0feac747e34eda2501062f560319c06f9c36d61d366879c7de9ba150ddb05a557e7f4c966779cb3fa88343c7b58a5829c613dcd2f98e855e727ac9892ed57e8d205997fdd803fae323906d5e876a361ad64339e3c47425a243de297683502a2c0dd96300f8fdbade62e1461cf28a65992e6bc81c3c4a709817c394d93db9ad7021ddd6335253a4235a7be4b0060aea4251ce32492da2f51920468cfdec2c02877e5c3c59e1e2cad55746904ac7c89c6cc3759e3e77ab475b26591011510f178aed8f20a9d7c321835175f4b5cf42cda75b3c471b1bb9346eafa58165d382896ffc0da608130ab89d41d00b3616f7556e3ebb356b90382a37380749eac4d233d7de07faa0213ea0d83f4910c9f3fc6275233f8f076982108863fe24e58f61a375dedd6436d62261a78378c1dbbfcfc60b43c4c747acf97502c4391efbafcdad43503c8239dd711b273b83ea1618ed1ee42e3ba1bc5062ddd13bd3ea9b5300171f06cff4a1c81406c98cc362c91d50b482f7671d642b95958b7d079d6692b2c5755a00a8f396803e03a1dcf4c202c9e861ce6fa9b92011ebfe57c3e974c128d027382e9edf432c738a9ecc7b463a507c0f1c1c5e095c0a9697957bfaffd521b6ae2e620f38adfe5a64a3b40c812a0ffc45a29bf43835b6892a6bd0966ad5428eb198650ac1ec3a2c2b357a6c8f8401cb3524e26a937dec058eb8f200aa7ce2e19c509519613fad855cf85e66134f5ff561ee2359dc5afd9183ad89d239d799fe349b3214d12e5cde94b814fec2f2375eb0819e2b85849501623f00face1b12fff3a47464b46d4051493805c9ce3bd522d111094f694d6f375151ef81636985e72dcff683850b2b88dfd76a2aedb51470b355ddec2b0a42dbe4652d14407978a5320143fe84def6d43e0fc1ce52f0ebdc8b8937d2a2811bdfb17d6a652397805709bb666d82bd1bf50e8fc42271dff743a76b7211635468cfb769c743fe96647c89e9801c570717e9f879dc97ed893abae519f67f4b821d967227388e4a3ad7801d2279ce468bdad9e3a54f819d75bf84e07fcbae3864e2544d72c17758bc86884991613b4b7547c15dd4483cc773184ea512eed3910d8709acb5086fb72266eae3f10fcd309f7c81e2f8a13ea27ca5405a71e34e2f8b62ca8d393a79d2447ba65bbd28a63e903d3343324b3610c671813eafdae0f5ed9877895081f08ea06fad01d90baa70a8ee48779b62b97560ccfa0a6d5efeec071bb3ebddfc4fb94f58894f90ba13c34d6be95e5d2609d30f4083e8f6c98bab7e54f899782ebc7d1f9e2e2cc80c71af139c421a3468817d10b66586455d23bee49bec30e17a607571f61649765f14da775a325b7acb90604e4be773f006e447ed9da36600164229a04fb015e5c2ea15ccc020374e1cfa901423394f8dcc33ef5876d830a78fc442c546e7bd0e1eabf165d76df21aed08b1a93895a566f06b98550bdf57d8cf4711e92ac77c072227808f67ebac61c28a99c61fac8c7ee64702e629a6edb38f0c13e40a57d9bf7ba43a6ab78e0008a6cafed30fb0cb3d27bb232b96cbeb3533f6b3f2a70ed1d3c93c1fa273f46fe8b6943fed96d19b2432e8046e3971f5016d9b900e5f01963d812f2d48e5af6b00dcbe41f0ae080aedbb4098594fcd295f57f525e60e34285d5b7df9ebcf9d319e42fcf85342703f361776be1f4bee940ab6cbeb03f8e4347cc9e22fe96c7ac49a0c68168ae1aa6c26638b1e1c533e97898e0b0ad9f47de9b7ef8ac33ec1dcb227ce6933157cdb3a4db8656b30ac719ea2b33f91116b2df5b5fa4ef00a4d8468f5c900a33908ed522f2081ff5a348fd6b95deb9f1525c17e25834873af3f0459336fbdd14ca40fe173866da99d26d912e4f00cc571473dce064d2cd2dcbf0c4b3c342c81d369ead7a56eb4081cbe0500c17fff86845c59422d7972306bedf3a03371fb69cc414c20c0a65a49a6ac1faa77576db7a5d779c3abf1638880f01c6a973f1018364fb9727a8bb1ba8f1373e9a67aae03bd9709c53293fad0d58c9200749667bb96674ce3023d506b916259edb38fd19d670044494be0871eac67c389f6c32b2bb8fd0351927ab5e94a9c5858c0eac5b76e13303a263a26d88906b29bbe92621b4a5cdd74b2439a0817375b55e1e44c89d143a9a347be67780873c7a6062431504877f27352d9b8338bf67e66e2563f7199505263b243faf9598c8f09a14abe3aeafd99b2850acb351052a5046f75995d21fcb9f4a35d9b3a6abe5d282fdf8021e8ab96ca9b393c8548b5f0b3db0076f2c7ba27f9f5506019e089b020edca31a8be1a01bf329812c83c4b44cc6f7b82e49493be5442e727eab09259816d02f034d65264f8a9f2f44ab127ddd0faa353f4228d2979ee1ec61b721e137b8f707882126e6347ededb62666a077c7346a4a5962a4391fad3e5cf3de86d141a448cebe33399c687c34e5f6581e5cc4f792543a8ab99440d3c2a7fecffa0858347f2cb665761e1df666d37f28572f12f2b3b849297f843acf303c85d7b468fa97dedc9fcc4283dfbabd7c86c4f607d15cd21034492cab6e3c3408a29f06ba18724a6cc95343bd79c63d62174c97241998ad54972f67e651a110cd09f7ed05cdd3d9a9aedafc3706ac08c9cce6dc5d00dc6e71928c16a04cc5ea2a46d3cd1ee57ddba4b0fbb40d5619774fba4d6f5f6a7dd96946ce809927427b0bc10840a4773c2c4dce88a37431dab091c5108aa53d717ac7627b14216b45d6c5d00abe7319042625265e0d64cee8a227e2d9771ed5fb8ef7fddf6cb091c0601e22135a41ab392fd4169bafc5f9c60787039ffe31499811007496acfc475ae0bd66e67588f40407aa8a89442c0ecc847c371143e4aed2e382e94e6f3c50b1f137a90bba58a4a85a6e4eb176638777209bcde731a21b89697b44a0108bcfc042dc29ee8880fe9588fec8324c7d3ee9f11e523ef85e7b023802dadc847ee4b4ec16eb1eff33e2acfbc89ff40cdb98943b18e5405242e6b21f637bf283a07ec51481d140ad8264250dbfb9097e89f2257e1db53d5133003bbc4c3d014d17c09a1470a947dd7901b43c14534468321e310db01c14ae4514edd68a6ecb4298188f76eafc846eb3d41df29bb00d11debca4815b0e86fa714e1a7b19ece18506591e48bb086c8a980b9f2c37b517e12be32ad3295a6d5727b026bc1468aa590308e1edf23896f87f9e4b8945d7c6fba5a53a4e2a6f8dc345839857fccd17b2be1b2d929fee5525bf741f4b669557b2b62a3e68189e4a83828d0ff2b4d1f2ea9510c5d4147a54b97246645727ae7e3c780804a53935474b4c7890e9c28982c78d500091f0ed4d475192fa2eef6751fba2754a876b3e434d1126956445f11f7846abc9d0c1f09aa94cdac48fbf2fbd76635b3b419b46c8487ede36354208e5b5edc6262d20bdbbf76aa64ba786a081bec6defdfc2cbd416bf612ae09d443bb2ab9d32fff17a709197b18ed9684656b024944215843d0d8e16e8f438e8528c6ad5ea4a6cec82fdba4e0ef29be2c14a0efdc20d06e030978cbf415e508730535b1086e5e3694319b11cf63dd748a9c0b1e8bddb873b302c33b36f11913ecc1ebe766eb7cff1f352d00dd4aa9bd7e5adb7c81a6bd5575796674faba03164846010843778a5d8a2bf98b2ebbbde4094f80b7e45c184dd8b37885030b5864ccbe5b7a84d3e8c10b1faad03f517f3a734cceafd65ad57dc9013032f523767d183ed68d4c5367823077f99cf2b98004b2f6678200becc649ea8213cc5d54340d45f3f4946239e", @generic="ce4846136635fe755563f3d7b844805eb51a736ddf4d82632400a27acb14e84abc744da20e76a9c84f96c34d0f47e457fa4c002e38501277e80c810e59a32a837e5b45939d03478ea7509f8322c48405800fa51cab76fc2d62b8af763541174ae6f2cca952f95cb76d68d03a7b0e52a8dfe025bc3967e356dfa3371a54a36f3770761053e4b5c3f9d3"]}, @MACSEC_ATTR_IFINDEX={0x8, 0x1, r8}, @MACSEC_ATTR_OFFLOAD={0x1e2, 0x9, 0x0, 0x1, [@typed={0x8, 0xcd, 0x0, 0x0, @uid=r9}, @typed={0x4, 0x107}, @generic="5a400211309b49a4dfe55309518319ca026e58d234607839fd0c4aaae3e93d62815f267b21eb9cbd41485e9abf3afd9527d6e3078033875962edd29322aaa92bb7231478340442e845aa19052938e7e6b684555dc65aab136c945778659fdc8dfa2949cc218b3a0cd5f6f783146c401170758c2f123d897231aa63009b2b23eab40c8c61aa1add6f32ae4cc88a871be7b84ad04b41550ef1bd795abcc51c69059157bf", @typed={0xa4, 0xf0, 0x0, 0x0, @binary="b2c7546190376ccf0a31a1375a7058943e46953a7e8fa362c15babbbcd037e13f15dee8caea5744a471eeab0a8c28931646535b55bda3642fb9d1bf2a35e73a25629f885db46b5910e5e3a87f8f02c3aeeb3203903fe3237e7253d68c97aa2675eff12ad6ae26b1758f687c4332e0ebd80ad594dfc094fb51ca8347dc0bb37cdf2267a33f01f2c5874cbe778fee9b7ffc03f87b6c5dd202201b743f1d113bc91"}, @typed={0x8, 0x94, 0x0, 0x0, @uid=r10}, @generic="8d04d7c4e67486c1179875c7f9a8ca432036023fb09c06fc6c0044a14bf7c3e1e7b37c27c49949f028c494bffc0ca95da7c7b103588ead285d61688393acd16966422f558c6819f07964c902ac23b3c7512111d28dd4a4006b5353eb576b8c4dd75efed1640be6f4053db5a026758e7adbf70c758845b1efb26ed640a5", @generic="cd3d300ee029"]}, @MACSEC_ATTR_RXSC_CONFIG={0x3c7, 0x2, 0x0, 0x1, [@generic="512196c1c449c3e1146e8228d0dc82f7af8f34d46a6e5400d36d52bd5835e3f452b093a65403ecd87fcc3fb530c377c5f6c39846d2e2889ef5b0f2c77dad02c95556f9137ab31771bbaccc7c56f2f3a693042cc6cd6c9a94d3f02e7d86f128435b44d48b9cddf7517861eef3016fc999a05d0c80bd761bb8d6aba690b00b71c7e10c48fe4c68092ba05b395497bc060186bea61550f540a419ad968087882ab3de484841daac49b5cadd0ba86280b6cb93f0878bfcd5051c26346042f14f7270870eecc9986b6f7e757fc4090301755b05a43455521e352880499952d147302561e2da7274f2a60aed8c9f149100c052b8f0", @generic="c0ec6ea7743b425f249d6c50743e9dee52723f93371d791d08962655bf132e4b9abb8b65428406b6c1c668700f7b58ce94ea31ad1a9b2db19fb5a04e9c63bb329166266e456d029ab7e7b0a00d7a7335dce8be28939e88638646249ed7938c117ea863f22b38b72d3ae6f0f66f5650d96a9eb8eff00c36273ac4281dce2faa9e58cf1fdb93b6711b2ab058b61da20bbd6e8c1e5c60ba7aaaa374b204da8a87fcc40c8bf93f615af4979f702c4f671695cb935b760686dde0d7563a36ac87f96b4d1dc2b4ee2e9f83bc31ca0320c9082f492d78e5937617e0bd4771ee1412c38d7fdff6408c1739d1fca93f9e26da369502ba3c25", @generic="f31c3ef40748955699398bf0fb155034d38d0c69b05fb7a62c4c4e999605d5a4c5f3d06ed6b6b66df27aba8c300c9ce67cca2b4aeea6e02501d96f5f8bd096d7f20e2c52b5476e792a329fd126b25751cdd715431b2a936f30bbd7171520b444423ff843b76d4bab811605194e27fd7496fd799745359958d5d45fbcd275540994b031967f2a43c0bf2d6a722541ae656b0b2e17d8b07584ae8a304feb1b49e73593f0a71c4e6375ee450c81cf4f283828ad6cc909feee043a1335c737c5bcb74de73e3374591634832f5f664ca4830dcf081ab17f0b3823d6639e9623", @nested={0x100, 0xc1, 0x0, 0x1, [@typed={0x28, 0xb, 0x0, 0x0, @str='/proc/sys/net/ipv4/tcp_fastopen_key\x00'}, @nested={0x4, 0x85}, @typed={0x8, 0xdb, 0x0, 0x0, @ipv4=@remote}, @typed={0x8, 0x13c, 0x0, 0x0, @u32}, @generic="5937ebb37c326874cef647c7f33763577cc27f4fd862f92f0bf4169fe8f22531ee22fc33443601f0a82522681e22348d3490bae26bd03d8c5dc5c6e8518e2acd33105387301d297f8c51631369dfac48b7f50a3afdf45698516ca01a7c2c24cf565963e4f3905fc4ff567b0bca5b18a1a5fb821154aa5f178cc16f5f0420ac7db33b6ba71514b09f94591de39e1d4390b496c29951d60435156dd88bbf6ed10b", @typed={0x14, 0xc4, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}}, @typed={0x9, 0xb6, 0x0, 0x0, @str='\\*)A\x00'}]}]}, @MACSEC_ATTR_OFFLOAD={0x22e, 0x9, 0x0, 0x1, [@generic="cb1b5df40a6a5f64de07ceca9604890308bd0e233822a4bfb2d4d54795482a7f655bd0f7bf311dd96f994da8bc5806c9c448f6bd20a5a244fca7416fe6555bc023401afda9ab4e08450d27843ba9526c8f850dceb85939bc232de89b9231c457c9589136fe7227dcf10216845d173bd6cae7541cf7c039a2aefa9a765df7da2debb780d47eb6bf8462f52906394e82ff6d62fdb4b88086a5ed521de5a8761275377e64be63f0eb95952d6d19f6aecee91374ac44f47b85cae4123d371a64c7a746ab9c63ed2cc6c0489e5f239760fafd004244b056ef535c12e26e89380617403af560d3e29f489d4879129a23ca585e", @nested={0x5b, 0xb, 0x0, 0x1, [@typed={0x8, 0x8b, 0x0, 0x0, @ipv4=@local}, @generic="904c67c25b544009a3018c39ae8c162f7b37600e87f20df82158ff5a6a7b6a22bd86c8bd839699df0056257ec15d7d6856c36dd81201e81f5a5cb6c946262cb78fc5b97d6c60a9be66ffac", @nested={0x4, 0x107}]}, @nested={0x10, 0x29, 0x0, 0x1, [@typed={0xc, 0x38, 0x0, 0x0, @u64=0x4a2}]}, @generic="fe5112189f33b33df384b6cc2ae8616a91ca447ebd3b5faee88c7abb8c3b100ada6535716ac39bbf539810b8fd4c904d84e35ea4f6e07d8281d84b91cd64cb62e798d8fbcedbb98c6cb917245c073fcfe018f0083a3f3806ef41bffd2d5f9bad075d70a41fe9f133a69e9e1953436db3c57053e1f8e1137b2121cf0065c26762f35d45549d487a124c89c8b3576068d4dd1c591eee92e0a837a2a78618d59e4d4301ac12f290db9881f3cae7655c5695ba6b882d853801e9a67dd79c08c5fc87fbee86c9d864c5ddd7e0a35b2388"]}, @MACSEC_ATTR_SA_CONFIG={0x99, 0x3, 0x0, 0x1, [@typed={0x8, 0x75, 0x0, 0x0, @fd=r4}, @generic="11e9c61df75d88731bb909c342956463eb4399fbaccc7c986b258e5b4219d357f80adead918ae8a3d0957a2abe7452339ddd5e8bfbc9c4f4ae230bbdfd5ac98b8bf3b8e8a4b0a8a328cd42ce312e8d03a1c10ee7308a13cf82a9a7895bad45f912d73ebb2486452b43c2c23d1583907ba25a704cf01b0c4e63408d51df855205eff8b98c942e121b120712c07d"]}, @MACSEC_ATTR_RXSC_CONFIG={0x1c, 0x2, 0x0, 0x1, [@typed={0x14, 0xb1, 0x0, 0x0, @ipv6=@mcast1}, @typed={0x4, 0x106}]}, @MACSEC_ATTR_IFINDEX={0x8, 0x1, r11}]}, 0x1b6c}, 0x1, 0x0, 0x0, 0x40440c4}, 0x40881) shutdown$auto(r5, 0x80000) mmap$auto(0x0, 0x20000a, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c003b"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.837546218s ago: executing program 1 (id=2829): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000540)={"ef65ce7cb454168d6c0000000000002713df81000000ffffffffffffffff00", 0x3ff, 0x8, 0x1000, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r0, 0x1276, 0x0) 2.569643839s ago: executing program 1 (id=2830): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) mmap$auto(0x0, 0xffffffff, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto_SO_RCVMARK(r0, 0xfffffffb, 0x4b, &(0x7f0000000100)='\x00', 0x1) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x40000, 0x0) adjtimex$auto(&(0x7f0000000000)={0xffffeff0, 0x0, 0x7, 0x21f8, 0xe1d, 0x3, 0x3, 0x0, 0xfffffffffffffff7, 0x4, 0x80000000004, {0x5, 0x2}, 0x8000000252, 0x5, 0x400000003, 0x1, 0x0, 0x4, 0x9, 0xc578, 0x6, 0x400, 0x7ff}) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) ioctl$auto_KVM_GET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x3a, 0x400, 0x2}]}) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r1, 0xc004510e, 0x0) read$auto(r0, 0x0, 0x9) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/raw\x00', 0x8f3b7a51b84ef701, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000003fc0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETFAMILY2(r6, &(0x7f00000040c0)={0x0, 0x0, &(0x7f0000004080)={&(0x7f0000004000)={0x24, r7, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@CTRL_ATTR_FAMILY_NAME={0xf, 0x2, 'veth0_vlan\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4000050) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x200000000000, 0x7, 0x3fd6, 0x3, 0x200000) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r8, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x14, r9, 0x1, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) r10 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r10, 0xc10c5541, r2) write$auto_proc_reg_file_ops_compat_inode(r5, &(0x7f0000000040)="202020d1027e0dc0023af10e9bfa1babfa3a3753ca9a20370a", 0x19) 2.492504969s ago: executing program 2 (id=2831): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0) clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r3 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0xa, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000001900), 0xffffffffffffffff) sendmsg$auto_TASKSTATS_CMD_GET(r6, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001a40)={0x14, r7, 0x1, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x4000000) r8 = openat$auto_trace_fops_debugfs(0xffffffffffffff9c, &(0x7f0000000080), 0x680000, 0x0) sendmsg$auto_CGROUPSTATS_CMD_GET(r5, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r7, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@CGROUPSTATS_CMD_ATTR_FD={0x8, 0x1, r3}, @CGROUPSTATS_CMD_ATTR_FD={0x8, 0x1, r1}, @CGROUPSTATS_CMD_ATTR_FD={0x8, 0x1, r8}, @CGROUPSTATS_CMD_ATTR_FD={0x8, 0x1, r4}, @CGROUPSTATS_CMD_ATTR_FD={0x8, 0x1, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20040084}, 0x24000800) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) dup2$auto(0x0, 0x4) 2.330055934s ago: executing program 3 (id=2832): r0 = gettid() r1 = getpid() rt_tgsigqueueinfo$auto(r1, r0, 0x1, 0x0) 2.217261561s ago: executing program 3 (id=2833): open(0x0, 0x4140, 0x0) readlink$auto(&(0x7f0000000200)='./file0\x00', 0x0, 0x6) lstat$auto(&(0x7f0000000180)='./file0\x00', 0x0) truncate$auto(&(0x7f0000000080)='./file0\x00', 0x7fff) 2.133969575s ago: executing program 1 (id=2834): r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x400) io_uring_setup$auto(0x5, &(0x7f0000000300)={0x40000006, 0x8001, 0x8, 0x4, 0xb46, 0xffff277f, r0, [0x0, 0x10000, 0xd7a], {0x9, 0x80, 0x783, 0x7, 0x81, 0x8, 0x1, 0x828, 0x4cbd8407}, {0x3, 0x39e, 0x1, 0x8, 0x760, 0x7a750cbe, 0x756, 0xadfd, 0x2}}) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x200040, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x581840, 0x0) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x5, 0x3) socket(0x26, 0x80805, 0x0) socket(0x10, 0x2, 0xc) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim3/ports/3/pp_hold\x00', 0xc0b02, 0x0) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) r3 = getpgrp(0x0) process_vm_writev$auto(r3, &(0x7f0000000140)={&(0x7f00000000c0)="ed141bc13666ecc227e02dc62ba2c38b69a1c395c890740e6e3c36f60b5039502c9dfc89b8eed2dc86903a2242db2001241239beaccf31dd9714d55f2504268154336e2013187e6bcbb608f69a3657", 0xffffffffffffffff}, 0x9, &(0x7f00000002c0)={&(0x7f0000000180)="a57697ac0f354ae957a60bed49b1d25ba27b6e5cae192d2f5fc096aa85b74c6285f6e40063dc662a129e4a90f79dc31405ee78086cc9fce37df37d898162804ed0f05a1cd33324350050", 0x1}, 0xc5d8, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) pwritev$auto(r4, &(0x7f0000000100)={&(0x7f0000000080), 0xe001}, 0x3, 0xe, 0x3) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid$auto_P_ALL(0x0, 0x5b4, 0x0, 0x9, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000380)={0x2, 0x0, [{0x5, 0xf921, 0x1}, {0xa, 0x3, 0x80000003}, {0x10001, 0x2}, {0x3, 0x600, 0x18000000000000}, {0x3, 0xf, 0x1ff}, {0xfffffffc, 0x8000, 0x7fff}, {0x2, 0x9, 0xe4b}, {0x3ff, 0x0, 0x3c2}, {0x2, 0xc, 0xa5b0}]}) ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)) 2.122645832s ago: executing program 3 (id=2835): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) mmap$auto(0x0, 0xffffffff, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x40000, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r1, 0xc004510e, 0x0) read$auto(r0, 0x0, 0x9) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rpc/nfsd.fh/channel\x00', 0x8f3b7a51b80ebd01, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r4, 0x40405514, r3) write$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000040)="202020d1027e0dc0023af10e9bfa1babfa3a3753ca9a20370a", 0x19) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/acpi/interrupts/ff_pwr_btn\x00', 0x10b142, 0x0) write$auto(r5, 0x0, 0x8) 1.804767867s ago: executing program 3 (id=2836): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event2\x00', 0x0, 0x0) ioperm$auto(0x7, 0x5ad2, 0x8) name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000000c0)='/\x00R\xa6\x00\xc8\xda\xdc\xb1\xb4#\xe4\xeb\xe1c_\x1b/\xb9L\xc6P\x82\xba\x90@\xb8\xb5\xb1\xe8\"\x88s\xdf\x15\xaa\x18\xa9\x86\xc7\x87g>8\xae\x99\xd4~\xc6\xa7\\\xcc\xfeV\x83\f\xdc\xdc~\x8e\xd5\x18\x13\x16\xc5\x93E\x10\xcb\x1c\x02\x00\xd2\xa4_\xa3\xdcS\xe2\xe2\xc6\x85p\xfa\xc3/G\x86\xea\x9f\xb0\x9a\xcc6\x1a\x06\x91\x9f\xcfC\xedU\x00f`\x02\x04\xef\xfe\x10\xec\x17\x83%K\x04\xd5s\x86\xe4\x9d\x15\f\x8c\xd9wj\xe5t\x82o7\xc05ul\xacU\xbf\xc0\xee\xb4\xd7\t\xe0s]\xcd\xac\x87\xa5\xa6.t\xa9\xe8\xa6>\xf2\xd0\xb1\x83\x83\x91\a\xdc\xe9\xaa\x1dx\x06\xa77\xd6\xe1\xe9\x94\xb9Xi\xbbv_\x9a_bv%\xcb\xc7\xdd\xa3\xb4\tpr%\xdf\xc9\x06\xa2\xe7\xe1\xde\x16\xf7\x03x\xf8\v\v\x1a\xfcm\x87r\xc1\b\xca\x97\xb0\xeb\xd6F\x8f^\x94\xdf\x9ax\xf4\x03e[l\xa5', &(0x7f0000000200)={0x2c, 0x6}, 0x0, 0x1001) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x403c6f2b, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket(0x2, 0x2, 0x88) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x0, 0xa, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x2000, 0x200, 0x0, 0x84}, 0x1fe, 0x200d) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x3) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) 1.354911799s ago: executing program 0 (id=2838): r0 = socket(0x29, 0x2, 0x0) getsockopt$auto(r0, 0x119, 0x6, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xfffffffd, 0x401bf, 0x7, 0x3c, 0x65f, 0x1ffde, 0x5, 0x7, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb2, 0x80000000009, 0x6, 0xdec3, 0xb, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x185c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0xd) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf2503000000060007000800000006000700008000000800", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060006004000000006000600"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x44801) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_BATADV_CMD_GET_HARDIF(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x6c, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_HARD_ADDRESS={0xa, 0x8, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfffffffa}, @BATADV_ATTR_BLA_BACKBONE={0xa, 0x21, @remote}, @BATADV_ATTR_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_TT_LAST_TTVN={0x5, 0x12, 0x71}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8}]}, 0x6c}}, 0x4008800) write$auto(0xffffffffffffffff, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) keyctl$auto(0x4, 0xfffffffe, 0x6, 0xffffffffffffffff, 0xe) 1.048465263s ago: executing program 0 (id=2839): r0 = getpgid$auto(0x0) getpriority$auto_PRIO_PGRP(0x1, r0) prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_ON(0x6c7ecbb5, 0x1, r0, 0x0, 0xfffffffffffff9e8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r1) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000700)={0x1c, r2, 0xb11, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x1000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_HSR_C_GET_NODE_STATUS(r3, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000001280)={0x28, r4, 0x929, 0x70bd28, 0x25dfdbfb, {}, [@HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR={0xa, 0x1, @multicast}]}, 0x28}, 0x1, 0x0, 0x0, 0x240008c5}, 0xc0) r5 = inotify_init1$auto(0x7ff) r6 = ioctl$auto_UDMABUF_CREATE_LIST(r5, 0x40087543, &(0x7f00000001c0)={0x6, 0x2, [{r5, 0x0, 0x7, 0x6}, {r5, 0x0, 0xc5, 0xffffffff}, {r5, 0x0, 0xa, 0x7}, {r5, 0x0, 0x7, 0x80000000}, {r5, 0x0, 0x6, 0x10001}, {r5, 0x0, 0x8, 0x4}]}) read$auto_btrfs_dir_file_operations_inode(r6, &(0x7f00000000c0)=""/99, 0x63) close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x2, 0x2) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/netdevsim/netdevsim5/hwstats/l3/disable_ifindex\x00', 0x10000, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x4f, 0x5) ioctl$auto(0x3, 0x40044900, 0xffffffffffffffff) 984.800449ms ago: executing program 1 (id=2840): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x54) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, &(0x7f0000000000), 0xa0042, 0x0) write$auto(0x3, 0x0, 0xfffffdef) prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setsockopt$auto_SO_RESERVE_MEM(r0, 0x200, 0x49, 0x0, 0x5) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40000, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x10000040eb2, 0x402, 0x300000000000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r2, 0x5425, 0x0) io_uring_setup$auto(0x7, 0x0) fcntl$auto_F_DUPFD_CLOEXEC(r2, 0x406, r1) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r3, 0x5408, 0x0) 868.832628ms ago: executing program 3 (id=2841): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0x10, 0x2, 0x0) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x2001, 0x0) ioctl$auto_BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) r1 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x1e9482, 0x0) read$auto_state_fops_(r1, &(0x7f0000000180)=""/61, 0xfffffeeb) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="016949d15900fbdbdf250a00000008000300040000000000000000000000080001007f"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="10000000", @ANYRES16=0x0, @ANYBLOB="20002cbd7000fbdbdf250200000008000300800040000800030009"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/net/nr1/dev_id\x00', 0x800, 0x0) read$auto(r2, 0x0, 0x7) 688.955549ms ago: executing program 2 (id=2842): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x742, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) memfd_secret$auto(0x0) pipe2$auto(0x0, 0x80) sendfile$auto(0x6, 0x3, 0x0, 0xc01) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.1/usb2/2-0:1.0/usb2-port1/disable\x00', 0x102, 0x0) sendfile$auto(r1, r1, 0x0, 0x7) 639.484555ms ago: executing program 0 (id=2843): open(0x0, 0x4140, 0x0) readlink$auto(&(0x7f0000000200)='./file0\x00', 0x0, 0x6) lstat$auto(&(0x7f0000000180)='./file0\x00', 0x0) truncate$auto(&(0x7f0000000080)='./file0\x00', 0x7fff) 576.669408ms ago: executing program 1 (id=2844): mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r0 = socketpair$auto(0x7b, 0xfffffffd, 0xff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) ioctl$auto(r1, 0x2, 0x9) ioctl$auto(0x3, 0x400c4d05, 0x5) ioctl$auto(0x3, 0x400c4d05, 0x5) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow\x00', 0x40, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000380)=""/11, 0xb) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000dc0), r3) sendmsg$auto_IPVS_CMD_GET_DEST(r3, &(0x7f0000003a40)={0x0, 0x0, &(0x7f0000003a00)={&(0x7f0000000e80)={0x14, r4, 0xc0dce8a66cb0a7ff, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4040011}, 0x40010) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/pci/devices\x00', 0x10b402, 0x0) read$auto_proc_iter_file_ops_compat_inode(r5, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r6, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0) 436.624116ms ago: executing program 0 (id=2845): mmap$auto(0x0, 0x4, 0x10000000000000, 0xeb1, 0xfffffffffffffffa, 0x7fff) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyd0\x00', 0x40, 0x0) openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim0/ports/3/ipsec\x00', 0xc2040, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r1 = socket(0x2, 0x3, 0x1) ioprio_set$auto(0x81b, 0xff, 0xffffffff) connect$auto(r1, &(0x7f0000000000), 0x55) io_uring_enter$auto(r1, 0x200, 0x5, 0xcb4, &(0x7f0000000040)="5e307f306ba2aec784fbe6e6d19312cc1e79f025fd7054d1cb7a859b27033b61e5915bb08b65beca64fe2603d582fa1cc438a5e092d114d4d26299aa83dcde349bade38b", 0x4) ioctl$auto(r0, 0x7fff, r0) 283.075888ms ago: executing program 0 (id=2846): mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio1/protocol\x00', 0x40880, 0x0) r0 = socket(0x18, 0x80000, 0x0) connect$auto(r0, 0x0, 0x1e) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/nr11/tx_queue_len\x00', 0x2000, 0x0) read$auto(r1, 0x0, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x3c, r3, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828847"}, @OVS_PACKET_ATTR_KEY={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x1d, 0x0, 0x0, @u32=0xd}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket(0x10, 0x3, 0x9) write$auto(r5, 0x0, 0x5) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x68a80, 0x0) mmap$auto(0x100000000, 0x2020007, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(0xffffffffffffffff, 0x4018bc13, 0x0) 232.708663ms ago: executing program 2 (id=2847): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x2, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x3, 0x0) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb1\x00', 0x20401, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000140)="58fcb282bcbc38bfaef257e019406ea6c445cd4f7f7662ac0f8834baa918d5b3cea133243c4f2b9a39e536b67f5a1a2bfdf589da2b1c980e1ce53883444996d1721d7f3ae627c6c604000000000000007910fbc02d899ab93d002d849884a5377ff11be2ed012110f2f520") r2 = socket(0x10, 0x2, 0x4) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/ip6gre0/power/control\x00', 0x10b142, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0xc, 0x3, 0x0, 0x0, 0x2) socket(0x3, 0x3, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x5e, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r4, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r4, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9 \xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x10, 0x2, 0x0) 34.559918ms ago: executing program 0 (id=2848): lseek$auto(0x3, 0x7ffffffffffffffd, 0x2) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) capget$auto(0x0, 0xfffffffffffffffe) r0 = socket(0xa, 0x5, 0x84) getsockopt$auto(r0, 0x84, 0x14, 0x0, 0x0) (async) mmap$auto(0x0, 0x20009, 0x7ffffffb, 0xb1, 0x401, 0x8000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) (async) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async) setresuid$auto(0xffffffffffffffff, 0x8, 0xffffffff) (async) mremap$auto(0x0, 0x2, 0x3fd6, 0x0, 0x7fffffffb000) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/maps\x00', 0x22000, 0x0) ioctl$auto_PROCMAP_QUERY(r1, 0xc0686611, &(0x7f0000000180)={0x7f, 0x3b, 0x9, 0x2, 0x736, 0x8001, 0x7d6, 0x9a, 0x1, 0xbfaf, 0x7, 0x1, 0x10d9b, 0x8000000000, 0x2}) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/ext4/sda1/mb_prefetch_limit\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) (async) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8005) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x1000005, 0x0) (async) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 32) rename$auto(&(0x7f0000000440)=':,\x00', &(0x7f0000000100)=':,\x00') (rerun: 32) ioctl$auto(r4, 0x4004556e, 0x1f) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_ehash_entries\x00', 0x40100, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r6, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r8 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) (rerun: 64) sendmsg$auto_TCP_METRICS_CMD_GET(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x30, r8, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@TCP_METRICS_ATTR_SADDR_IPV6={0x14, 0xc, @private1={0xfc, 0x1, '\x00', 0x1}}, @TCP_METRICS_ATTR_ADDR_IPV4={0x8, 0x1, @loopback}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004055}, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRESOCT=0x0, @ANYRES32=r6, @ANYRES32=0x4, @ANYBLOB="521627669a7a1291830f5638251eca57034defaef0a7227ee8a11e4828fd8ca894e941589e56ba8fae4f6811f89e5a6318446be0ae72c048ac56aea4e7eca2cbedbdafc29e8812cd8fbfe8b4491271d2a23280c544892666c7527f02ee7976db10f995aa778d0e52da059b0e2495fe98fbb4004562c0c4a76f1c650718bf1ef71b68a1793758232aae5bd51674cbfb9cea65966f8da6381c4b", @ANYBLOB="b015c1f6ec959a9ce4c42837544a556c097af92da87a944f5dae86bb1ca4f14d050c2e27d16f5adb9b38fc9741909c9b8a4e158bfbec5c0a2995f41b2a627cc1c3b7485d91d696551f3cacc412e24ff245da311c2fd52f1bc5ab5b98a9c0580a1291b17a33c77caeea766d9ef8265d34351652637aad1a146558507d89facf1a8974611b47e03f199fee28ca3114dd6b9c422934436e9edcc00b4bb2ae5b8f184dd6d2ee2d4a94c2528e3ff5cbd10345f557f4378d8b8d6d3f351facb9161699af634ee46691cb70e475a4a9a4dd736ece836450a0b7dedc61d13f365194233f24790e3a944b634dcc", @ANYBLOB="080007689e5cb40005536eab114729c2c1a0d8b67585618e61e583414794aaa195298db603b8177c94bb23c5e4a597df381fbbe564efb2e3004d135b93ba06e1"], 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x80) 0s ago: executing program 3 (id=2849): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) ioctl$auto_RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x1, 0x84) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x0, 0xa, 0x2, 0x9, 0x3, 0x9, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x2000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xadd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff]}, 0x1fe, 0x200d) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_genetlink_get_family_id$auto_nl80211(0x0, r3) tgkill$auto(0x1, 0x1, 0x5) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_GET_MSRS(r4, 0x4008ae89, &(0x7f00000000c0)={0xfffffffe}) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r2], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x0, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x6}, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): th: hci2: unexpected event for opcode 0x7c89 [ 564.834472][T14527] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2104'. [ 565.669197][ T5841] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 565.683279][T14539] ima: policy update failed [ 565.694060][ T30] audit: type=1802 audit(6045767590.746:11): pid=14539 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.2109" res=0 errno=0 [ 566.282954][T14557] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2111'. [ 566.965050][T14583] FAULT_INJECTION: forcing a failure. [ 566.965050][T14583] name failslab, interval 1, probability 0, space 0, times 0 [ 567.006793][T14583] CPU: 1 UID: 0 PID: 14583 Comm: syz.0.2120 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 567.006828][T14583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 567.006843][T14583] Call Trace: [ 567.006851][T14583] [ 567.006860][T14583] dump_stack_lvl+0x16c/0x1f0 [ 567.006899][T14583] should_fail_ex+0x512/0x640 [ 567.006930][T14583] ? __kmalloc_noprof+0xbf/0x510 [ 567.006965][T14583] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 567.006996][T14583] should_failslab+0xc2/0x120 [ 567.007019][T14583] __kmalloc_noprof+0xd2/0x510 [ 567.007061][T14583] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 567.007100][T14583] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 567.007131][T14583] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 567.007161][T14583] ? trace_cap_capable+0x18d/0x200 [ 567.007193][T14583] ? bpf_lsm_capable+0x9/0x10 [ 567.007227][T14583] ? security_capable+0x7e/0x260 [ 567.007263][T14583] ? ns_capable+0xd7/0x110 [ 567.007291][T14583] genl_rcv_msg+0x55c/0x800 [ 567.007324][T14583] ? __pfx_genl_rcv_msg+0x10/0x10 [ 567.007354][T14583] ? __pfx_ethnl_act_cable_test_tdr+0x10/0x10 [ 567.007403][T14583] netlink_rcv_skb+0x158/0x420 [ 567.007429][T14583] ? __pfx_genl_rcv_msg+0x10/0x10 [ 567.007459][T14583] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 567.007500][T14583] ? netlink_deliver_tap+0x1ae/0xd30 [ 567.007531][T14583] genl_rcv+0x28/0x40 [ 567.007555][T14583] netlink_unicast+0x53a/0x7f0 [ 567.007584][T14583] ? __pfx_netlink_unicast+0x10/0x10 [ 567.007621][T14583] netlink_sendmsg+0x8d1/0xdd0 [ 567.007652][T14583] ? __pfx_netlink_sendmsg+0x10/0x10 [ 567.007691][T14583] ____sys_sendmsg+0xa98/0xc70 [ 567.007719][T14583] ? copy_msghdr_from_user+0x10a/0x160 [ 567.007753][T14583] ? __pfx_____sys_sendmsg+0x10/0x10 [ 567.007797][T14583] ___sys_sendmsg+0x134/0x1d0 [ 567.007833][T14583] ? __pfx____sys_sendmsg+0x10/0x10 [ 567.007863][T14583] ? __lock_acquire+0x622/0x1c90 [ 567.007935][T14583] __sys_sendmsg+0x16d/0x220 [ 567.007969][T14583] ? __pfx___sys_sendmsg+0x10/0x10 [ 567.008025][T14583] do_syscall_64+0xcd/0x490 [ 567.008062][T14583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.008087][T14583] RIP: 0033:0x7f9aa238e929 [ 567.008107][T14583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 567.008130][T14583] RSP: 002b:00007f9aa32aa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 567.008153][T14583] RAX: ffffffffffffffda RBX: 00007f9aa25b5fa0 RCX: 00007f9aa238e929 [ 567.008169][T14583] RDX: 0000000000000000 RSI: 0000200000002f40 RDI: 0000000000000004 [ 567.008184][T14583] RBP: 00007f9aa32aa090 R08: 0000000000000000 R09: 0000000000000000 [ 567.008199][T14583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 567.008219][T14583] R13: 0000000000000000 R14: 00007f9aa25b5fa0 R15: 00007ffddcb9ffa8 [ 567.008252][T14583] [ 567.961283][T14595] program syz.2.2123 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 569.431899][T14633] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 569.456783][T14630] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2133'. [ 571.892743][T14678] FAULT_INJECTION: forcing a failure. [ 571.892743][T14678] name failslab, interval 1, probability 0, space 0, times 0 [ 571.933755][T14678] CPU: 0 UID: 0 PID: 14678 Comm: syz.2.2143 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 571.933791][T14678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 571.933805][T14678] Call Trace: [ 571.933812][T14678] [ 571.933821][T14678] dump_stack_lvl+0x16c/0x1f0 [ 571.933860][T14678] should_fail_ex+0x512/0x640 [ 571.933891][T14678] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 571.933929][T14678] should_failslab+0xc2/0x120 [ 571.933953][T14678] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 571.933989][T14678] ? mas_alloc_nodes+0x18b/0x8b0 [ 571.934025][T14678] mas_alloc_nodes+0x18b/0x8b0 [ 571.934063][T14678] mas_node_count_gfp+0x105/0x130 [ 571.934098][T14678] mas_preallocate+0x7e0/0xde0 [ 571.934125][T14678] ? __pfx_mas_preallocate+0x10/0x10 [ 571.934156][T14678] ? rcu_read_unlock+0x17/0x60 [ 571.934188][T14678] vma_link+0x135/0x6a0 [ 571.934224][T14678] ? __pfx_vma_link+0x10/0x10 [ 571.934254][T14678] ? rcu_is_watching+0x12/0xc0 [ 571.934280][T14678] ? anon_vma_clone+0x405/0x5c0 [ 571.934309][T14678] ? anon_vma_name+0x75/0x100 [ 571.934337][T14678] copy_vma+0x6c2/0xaa0 [ 571.934372][T14678] ? __pfx_copy_vma+0x10/0x10 [ 571.934411][T14678] ? register_lock_class+0x41/0x4c0 [ 571.934438][T14678] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 571.934485][T14678] copy_vma_and_data+0x1cf/0x750 [ 571.934519][T14678] ? __pfx_copy_vma_and_data+0x10/0x10 [ 571.934557][T14678] ? __vma_enter_locked+0x163/0x3f0 [ 571.934590][T14678] ? find_held_lock+0x2b/0x80 [ 571.934612][T14678] ? move_vma+0x536/0x1740 [ 571.934649][T14678] move_vma+0x548/0x1740 [ 571.934684][T14678] ? __pfx_move_vma+0x10/0x10 [ 571.934721][T14678] ? mm_get_unmapped_area+0x95/0xe0 [ 571.934748][T14678] ? shmem_get_unmapped_area+0x170/0xa00 [ 571.934778][T14678] ? cap_mmap_addr+0x4b/0x120 [ 571.934800][T14678] ? bpf_lsm_mmap_addr+0x9/0x10 [ 571.934823][T14678] ? security_mmap_addr+0x6c/0x1e0 [ 571.934850][T14678] ? __get_unmapped_area+0x267/0x440 [ 571.934879][T14678] ? vrm_set_new_addr+0x208/0x290 [ 571.934915][T14678] __do_sys_mremap+0xe07/0x1590 [ 571.934954][T14678] ? __pfx___do_sys_mremap+0x10/0x10 [ 571.934988][T14678] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 571.935028][T14678] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 571.935068][T14678] ? __fget_files+0x20e/0x3c0 [ 571.935123][T14678] do_syscall_64+0xcd/0x490 [ 571.935158][T14678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.935181][T14678] RIP: 0033:0x7fc79fb8e929 [ 571.935200][T14678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 571.935222][T14678] RSP: 002b:00007fc7a0968038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 571.935244][T14678] RAX: ffffffffffffffda RBX: 00007fc79fdb6160 RCX: 00007fc79fb8e929 [ 571.935258][T14678] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 00000000fffff000 [ 571.935272][T14678] RBP: 00007fc7a0968090 R08: 00000001001ff000 R09: 0000000000000000 [ 571.935287][T14678] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 571.935301][T14678] R13: 0000000000000000 R14: 00007fc79fdb6160 R15: 00007ffcca626138 [ 571.935333][T14678] [ 572.242087][ C0] vkms_vblank_simulate: vblank timer overrun [ 572.385975][T14679] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2144'. [ 573.200493][T14692] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 573.528151][T14697] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 573.947117][T14710] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2153'. [ 574.567301][T14717] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2154'. [ 575.599135][T14732] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 576.492839][T14734] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 576.818987][T14737] FAULT_INJECTION: forcing a failure. [ 576.818987][T14737] name failslab, interval 1, probability 0, space 0, times 0 [ 576.905469][T14737] CPU: 0 UID: 0 PID: 14737 Comm: syz.0.2160 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 576.905508][T14737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 576.905523][T14737] Call Trace: [ 576.905533][T14737] [ 576.905543][T14737] dump_stack_lvl+0x16c/0x1f0 [ 576.905587][T14737] should_fail_ex+0x512/0x640 [ 576.905621][T14737] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 576.905662][T14737] should_failslab+0xc2/0x120 [ 576.905686][T14737] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 576.905724][T14737] ? devinet_init_net+0xeb/0x910 [ 576.905758][T14737] kmemdup_noprof+0x29/0x60 [ 576.905793][T14737] devinet_init_net+0xeb/0x910 [ 576.905824][T14737] ? __pfx_devinet_init_net+0x10/0x10 [ 576.905852][T14737] ops_init+0x1df/0x5f0 [ 576.905893][T14737] setup_net+0x1ff/0x510 [ 576.905913][T14737] ? lockdep_init_map_type+0x5c/0x280 [ 576.905944][T14737] ? __pfx_setup_net+0x10/0x10 [ 576.905967][T14737] ? debug_mutex_init+0x37/0x70 [ 576.905993][T14737] copy_net_ns+0x2a6/0x5f0 [ 576.906022][T14737] create_new_namespaces+0x3ea/0xa90 [ 576.906056][T14737] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 576.906087][T14737] ksys_unshare+0x45b/0xa40 [ 576.906118][T14737] ? __pfx_ksys_unshare+0x10/0x10 [ 576.906148][T14737] ? xfd_validate_state+0x61/0x180 [ 576.906189][T14737] __x64_sys_unshare+0x31/0x40 [ 576.906228][T14737] do_syscall_64+0xcd/0x490 [ 576.906267][T14737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.906292][T14737] RIP: 0033:0x7f9aa238e929 [ 576.906313][T14737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 576.906338][T14737] RSP: 002b:00007f9aa3289038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 576.906362][T14737] RAX: ffffffffffffffda RBX: 00007f9aa25b6080 RCX: 00007f9aa238e929 [ 576.906379][T14737] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 576.906395][T14737] RBP: 00007f9aa2410b39 R08: 0000000000000000 R09: 0000000000000000 [ 576.906410][T14737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 576.906425][T14737] R13: 0000000000000000 R14: 00007f9aa25b6080 R15: 00007ffddcb9ffa8 [ 576.906459][T14737] [ 577.132032][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.398025][T14746] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.101182][T14775] FAULT_INJECTION: forcing a failure. [ 578.101182][T14775] name failslab, interval 1, probability 0, space 0, times 0 [ 578.129002][T14775] CPU: 1 UID: 0 PID: 14775 Comm: syz.3.2171 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 578.129026][T14775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 578.129036][T14775] Call Trace: [ 578.129041][T14775] [ 578.129047][T14775] dump_stack_lvl+0x16c/0x1f0 [ 578.129072][T14775] should_fail_ex+0x512/0x640 [ 578.129094][T14775] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 578.129118][T14775] should_failslab+0xc2/0x120 [ 578.129132][T14775] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 578.129154][T14775] ? __d_alloc+0x31/0xaa0 [ 578.129174][T14775] ? stack_trace_save+0x8e/0xc0 [ 578.129191][T14775] __d_alloc+0x31/0xaa0 [ 578.129214][T14775] d_alloc+0x4a/0x1e0 [ 578.129236][T14775] d_alloc_parallel+0xe3/0x12e0 [ 578.129257][T14775] ? find_held_lock+0x2b/0x80 [ 578.129272][T14775] ? __pfx_d_alloc_parallel+0x10/0x10 [ 578.129290][T14775] ? __d_lookup+0x266/0x4a0 [ 578.129310][T14775] lookup_open.isra.0+0x665/0x1580 [ 578.129332][T14775] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 578.129361][T14775] ? lookup_fast+0x156/0x610 [ 578.129381][T14775] path_openat+0x893/0x2cb0 [ 578.129406][T14775] ? __pfx_path_openat+0x10/0x10 [ 578.129427][T14775] ? __lock_acquire+0xb8a/0x1c90 [ 578.129447][T14775] do_filp_open+0x20b/0x470 [ 578.129467][T14775] ? __pfx_do_filp_open+0x10/0x10 [ 578.129501][T14775] ? alloc_fd+0x471/0x7d0 [ 578.129524][T14775] do_sys_openat2+0x11b/0x1d0 [ 578.129539][T14775] ? __pfx_do_sys_openat2+0x10/0x10 [ 578.129562][T14775] __x64_sys_openat+0x174/0x210 [ 578.129578][T14775] ? __pfx___x64_sys_openat+0x10/0x10 [ 578.129602][T14775] do_syscall_64+0xcd/0x490 [ 578.129624][T14775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.129639][T14775] RIP: 0033:0x7f748a18e929 [ 578.129650][T14775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 578.129664][T14775] RSP: 002b:00007f748afa2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 578.129678][T14775] RAX: ffffffffffffffda RBX: 00007f748a3b5fa0 RCX: 00007f748a18e929 [ 578.129687][T14775] RDX: 0000000000101000 RSI: 0000200000001500 RDI: ffffffffffffff9c [ 578.129696][T14775] RBP: 00007f748a210b39 R08: 0000000000000000 R09: 0000000000000000 [ 578.129705][T14775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 578.129713][T14775] R13: 0000000000000000 R14: 00007f748a3b5fa0 R15: 00007fffe4a74028 [ 578.129730][T14775] [ 579.461984][T14789] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2172'. [ 579.612636][T14789] ipvlan0: entered allmulticast mode [ 579.621590][T14789] veth0_vlan: entered allmulticast mode [ 580.244379][T14822] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2176'. [ 582.936232][ T5841] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 583.101381][T14861] netlink: 'syz.0.2186': attribute type 16 has an invalid length. [ 583.110224][T14861] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2186'. [ 583.555539][T14869] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2189'. [ 583.721016][T14874] hub 8-0:1.0: USB hub found [ 583.732541][T14874] hub 8-0:1.0: 1 port detected [ 583.767007][T14869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2189'. [ 585.358129][T14896] syz.2.2194 (14896) used greatest stack depth: 19800 bytes left [ 585.430436][ T5841] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 585.799589][T14905] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 586.187102][T14914] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2198'. [ 586.667218][T14927] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2202'. [ 586.757601][T14930] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2202'. [ 586.908483][T14927] geneve1: entered promiscuous mode [ 586.908510][T14927] geneve1: entered allmulticast mode [ 588.960410][T14963] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2209'. [ 589.034837][T14960] FAULT_INJECTION: forcing a failure. [ 589.034837][T14960] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 589.060487][T14960] CPU: 1 UID: 0 PID: 14960 Comm: syz.3.2210 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 589.060523][T14960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 589.060537][T14960] Call Trace: [ 589.060545][T14960] [ 589.060555][T14960] dump_stack_lvl+0x16c/0x1f0 [ 589.060595][T14960] should_fail_ex+0x512/0x640 [ 589.060634][T14960] _copy_to_user+0x32/0xd0 [ 589.060671][T14960] simple_read_from_buffer+0xcb/0x170 [ 589.060709][T14960] proc_fail_nth_read+0x197/0x270 [ 589.060738][T14960] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 589.060770][T14960] ? rw_verify_area+0xcf/0x680 [ 589.060798][T14960] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 589.060827][T14960] vfs_read+0x1e4/0xc60 [ 589.060863][T14960] ? __pfx___mutex_lock+0x10/0x10 [ 589.060898][T14960] ? __pfx_vfs_read+0x10/0x10 [ 589.060939][T14960] ? __fget_files+0x20e/0x3c0 [ 589.060985][T14960] ksys_read+0x12a/0x250 [ 589.061015][T14960] ? __pfx_ksys_read+0x10/0x10 [ 589.061046][T14960] ? fput+0x70/0xf0 [ 589.061073][T14960] do_syscall_64+0xcd/0x490 [ 589.061110][T14960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.061134][T14960] RIP: 0033:0x7f748a18d33c [ 589.061154][T14960] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 589.061176][T14960] RSP: 002b:00007f748afa2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 589.061199][T14960] RAX: ffffffffffffffda RBX: 00007f748a3b5fa0 RCX: 00007f748a18d33c [ 589.061214][T14960] RDX: 000000000000000f RSI: 00007f748afa20a0 RDI: 0000000000000005 [ 589.061229][T14960] RBP: 00007f748afa2090 R08: 0000000000000000 R09: 0000000000000000 [ 589.061243][T14960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 589.061256][T14960] R13: 0000000000000000 R14: 00007f748a3b5fa0 R15: 00007fffe4a74028 [ 589.061289][T14960] [ 589.683663][T14982] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2215'. [ 589.979335][T14971] FAULT_INJECTION: forcing a failure. [ 589.979335][T14971] name failslab, interval 1, probability 0, space 0, times 0 [ 589.992482][T14971] CPU: 1 UID: 0 PID: 14971 Comm: syz.2.2213 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 589.992513][T14971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 589.992523][T14971] Call Trace: [ 589.992528][T14971] [ 589.992534][T14971] dump_stack_lvl+0x16c/0x1f0 [ 589.992562][T14971] should_fail_ex+0x512/0x640 [ 589.992584][T14971] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 589.992610][T14971] should_failslab+0xc2/0x120 [ 589.992623][T14971] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 589.992654][T14971] ? __devinet_sysctl_register+0xbc/0x360 [ 589.992676][T14971] kmemdup_noprof+0x29/0x60 [ 589.992698][T14971] __devinet_sysctl_register+0xbc/0x360 [ 589.992718][T14971] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 589.992737][T14971] ? devinet_init_net+0xeb/0x910 [ 589.992754][T14971] ? __asan_memcpy+0x3c/0x60 [ 589.992773][T14971] devinet_init_net+0x315/0x910 [ 589.992791][T14971] ? __pfx_devinet_init_net+0x10/0x10 [ 589.992807][T14971] ops_init+0x1df/0x5f0 [ 589.992832][T14971] setup_net+0x1ff/0x510 [ 589.992843][T14971] ? lockdep_init_map_type+0x5c/0x280 [ 589.992863][T14971] ? __pfx_setup_net+0x10/0x10 [ 589.992877][T14971] ? debug_mutex_init+0x37/0x70 [ 589.992895][T14971] copy_net_ns+0x2a6/0x5f0 [ 589.992912][T14971] create_new_namespaces+0x3ea/0xa90 [ 589.992931][T14971] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 589.992947][T14971] ksys_unshare+0x45b/0xa40 [ 589.992966][T14971] ? __pfx_ksys_unshare+0x10/0x10 [ 589.992984][T14971] ? xfd_validate_state+0x61/0x180 [ 589.993008][T14971] __x64_sys_unshare+0x31/0x40 [ 589.993026][T14971] do_syscall_64+0xcd/0x490 [ 589.993048][T14971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.993062][T14971] RIP: 0033:0x7fc79fb8e929 [ 589.993074][T14971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 589.993089][T14971] RSP: 002b:00007fc7a09aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 589.993103][T14971] RAX: ffffffffffffffda RBX: 00007fc79fdb5fa0 RCX: 00007fc79fb8e929 [ 589.993112][T14971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 589.993120][T14971] RBP: 00007fc79fc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 589.993129][T14971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 589.993138][T14971] R13: 0000000000000000 R14: 00007fc79fdb5fa0 R15: 00007ffcca626138 [ 589.993156][T14971] [ 590.758114][T14998] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2218'. [ 591.342873][T14992] Process accounting resumed [ 594.094702][T15052] FAULT_INJECTION: forcing a failure. [ 594.094702][T15052] name failslab, interval 1, probability 0, space 0, times 0 [ 594.185268][T15052] CPU: 1 UID: 0 PID: 15052 Comm: syz.0.2235 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 594.185306][T15052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 594.185322][T15052] Call Trace: [ 594.185330][T15052] [ 594.185340][T15052] dump_stack_lvl+0x16c/0x1f0 [ 594.185384][T15052] should_fail_ex+0x512/0x640 [ 594.185418][T15052] ? __kmalloc_noprof+0xbf/0x510 [ 594.185467][T15052] ? ring_buffer_read_prepare+0x171/0x320 [ 594.185497][T15052] should_failslab+0xc2/0x120 [ 594.185523][T15052] __kmalloc_noprof+0xd2/0x510 [ 594.185561][T15052] ? kasan_save_track+0x14/0x30 [ 594.185599][T15052] ring_buffer_read_prepare+0x171/0x320 [ 594.185634][T15052] tracing_open+0xbe8/0xf90 [ 594.185667][T15052] do_dentry_open+0x744/0x1c10 [ 594.185702][T15052] ? __pfx_tracing_open+0x10/0x10 [ 594.185737][T15052] vfs_open+0x82/0x3f0 [ 594.185768][T15052] path_openat+0x1de4/0x2cb0 [ 594.185814][T15052] ? __pfx_path_openat+0x10/0x10 [ 594.185852][T15052] ? __lock_acquire+0xb8a/0x1c90 [ 594.185888][T15052] do_filp_open+0x20b/0x470 [ 594.185923][T15052] ? __pfx_do_filp_open+0x10/0x10 [ 594.185984][T15052] ? alloc_fd+0x471/0x7d0 [ 594.186028][T15052] do_sys_openat2+0x11b/0x1d0 [ 594.186055][T15052] ? __pfx_do_sys_openat2+0x10/0x10 [ 594.186098][T15052] __x64_sys_openat+0x174/0x210 [ 594.186127][T15052] ? __pfx___x64_sys_openat+0x10/0x10 [ 594.186170][T15052] do_syscall_64+0xcd/0x490 [ 594.186209][T15052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.186235][T15052] RIP: 0033:0x7f9aa238e929 [ 594.186256][T15052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 594.186281][T15052] RSP: 002b:00007f9aa32aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 594.186306][T15052] RAX: ffffffffffffffda RBX: 00007f9aa25b5fa0 RCX: 00007f9aa238e929 [ 594.186323][T15052] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 594.186341][T15052] RBP: 00007f9aa2410b39 R08: 0000000000000000 R09: 0000000000000000 [ 594.186357][T15052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 594.186371][T15052] R13: 0000000000000000 R14: 00007f9aa25b5fa0 R15: 00007ffddcb9ffa8 [ 594.186404][T15052] [ 594.965844][T15076] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 595.036360][T15062] mkiss: ax0: crc mode is auto. [ 596.635362][T15109] netlink: 'syz.1.2251': attribute type 16 has an invalid length. [ 596.644280][T15109] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2251'. [ 596.712287][T15109] veth1_macvtap: left promiscuous mode [ 598.615842][T15140] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2258'. [ 598.664509][T15139] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2260'. [ 599.870427][T15155] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2262'. [ 600.118688][ T5841] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 600.974624][T15176] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input15 [ 601.046376][T15175] zram: Cannot change disksize for initialized device [ 601.165027][T15180] FAULT_INJECTION: forcing a failure. [ 601.165027][T15180] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 601.178329][T15180] CPU: 0 UID: 0 PID: 15180 Comm: syz.2.2269 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 601.178368][T15180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 601.178378][T15180] Call Trace: [ 601.178383][T15180] [ 601.178389][T15180] dump_stack_lvl+0x16c/0x1f0 [ 601.178415][T15180] should_fail_ex+0x512/0x640 [ 601.178439][T15180] _copy_from_iter+0x29f/0x16f0 [ 601.178464][T15180] ? __alloc_skb+0x200/0x380 [ 601.178486][T15180] ? __pfx__copy_from_iter+0x10/0x10 [ 601.178509][T15180] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 601.178537][T15180] netlink_sendmsg+0x829/0xdd0 [ 601.178555][T15180] ? __pfx_netlink_sendmsg+0x10/0x10 [ 601.178577][T15180] ____sys_sendmsg+0xa98/0xc70 [ 601.178595][T15180] ? copy_msghdr_from_user+0x10a/0x160 [ 601.178616][T15180] ? __pfx_____sys_sendmsg+0x10/0x10 [ 601.178640][T15180] ___sys_sendmsg+0x134/0x1d0 [ 601.178663][T15180] ? __pfx____sys_sendmsg+0x10/0x10 [ 601.178682][T15180] ? __lock_acquire+0x622/0x1c90 [ 601.178723][T15180] __sys_sendmsg+0x16d/0x220 [ 601.178745][T15180] ? __pfx___sys_sendmsg+0x10/0x10 [ 601.178782][T15180] do_syscall_64+0xcd/0x490 [ 601.178806][T15180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.178821][T15180] RIP: 0033:0x7fc79fb8e929 [ 601.178833][T15180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 601.178847][T15180] RSP: 002b:00007fc7a09aa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 601.178862][T15180] RAX: ffffffffffffffda RBX: 00007fc79fdb5fa0 RCX: 00007fc79fb8e929 [ 601.178871][T15180] RDX: 0000000020040894 RSI: 0000200000000080 RDI: 0000000000000003 [ 601.178879][T15180] RBP: 00007fc7a09aa090 R08: 0000000000000000 R09: 0000000000000000 [ 601.178888][T15180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.178896][T15180] R13: 0000000000000000 R14: 00007fc79fdb5fa0 R15: 00007ffcca626138 [ 601.178913][T15180] [ 601.377291][ C0] vkms_vblank_simulate: vblank timer overrun [ 601.643833][T15189] FAULT_INJECTION: forcing a failure. [ 601.643833][T15189] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 601.710696][T15189] CPU: 1 UID: 0 PID: 15189 Comm: syz.0.2271 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 601.710719][T15189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 601.710728][T15189] Call Trace: [ 601.710734][T15189] [ 601.710740][T15189] dump_stack_lvl+0x16c/0x1f0 [ 601.710766][T15189] should_fail_ex+0x512/0x640 [ 601.710791][T15189] _copy_to_user+0x32/0xd0 [ 601.710815][T15189] simple_read_from_buffer+0xcb/0x170 [ 601.710835][T15189] proc_fail_nth_read+0x197/0x270 [ 601.710853][T15189] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 601.710871][T15189] ? rw_verify_area+0xcf/0x680 [ 601.710888][T15189] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 601.710905][T15189] vfs_read+0x1e4/0xc60 [ 601.710928][T15189] ? __pfx___mutex_lock+0x10/0x10 [ 601.710950][T15189] ? __pfx_vfs_read+0x10/0x10 [ 601.710975][T15189] ? __fget_files+0x20e/0x3c0 [ 601.711000][T15189] ksys_read+0x12a/0x250 [ 601.711019][T15189] ? __pfx_ksys_read+0x10/0x10 [ 601.711045][T15189] do_syscall_64+0xcd/0x490 [ 601.711068][T15189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.711083][T15189] RIP: 0033:0x7f9aa238d33c [ 601.711095][T15189] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 601.711110][T15189] RSP: 002b:00007f9aa32aa030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 601.711123][T15189] RAX: ffffffffffffffda RBX: 00007f9aa25b5fa0 RCX: 00007f9aa238d33c [ 601.711133][T15189] RDX: 000000000000000f RSI: 00007f9aa32aa0a0 RDI: 0000000000000004 [ 601.711141][T15189] RBP: 00007f9aa32aa090 R08: 0000000000000000 R09: 0000000000000000 [ 601.711150][T15189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.711158][T15189] R13: 0000000000000000 R14: 00007f9aa25b5fa0 R15: 00007ffddcb9ffa8 [ 601.711176][T15189] [ 601.931988][T15192] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2270'. [ 602.988991][T15196] FAULT_INJECTION: forcing a failure. [ 602.988991][T15196] name failslab, interval 1, probability 0, space 0, times 0 [ 603.001972][T15196] CPU: 0 UID: 0 PID: 15196 Comm: syz.1.2274 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 603.002009][T15196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 603.002024][T15196] Call Trace: [ 603.002034][T15196] [ 603.002044][T15196] dump_stack_lvl+0x16c/0x1f0 [ 603.002085][T15196] should_fail_ex+0x512/0x640 [ 603.002117][T15196] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 603.002159][T15196] should_failslab+0xc2/0x120 [ 603.002183][T15196] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 603.002208][T15196] ? __devinet_sysctl_register+0xbc/0x360 [ 603.002229][T15196] kmemdup_noprof+0x29/0x60 [ 603.002251][T15196] __devinet_sysctl_register+0xbc/0x360 [ 603.002270][T15196] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 603.002289][T15196] ? devinet_init_net+0xeb/0x910 [ 603.002314][T15196] ? __asan_memcpy+0x3c/0x60 [ 603.002335][T15196] devinet_init_net+0x315/0x910 [ 603.002354][T15196] ? __pfx_devinet_init_net+0x10/0x10 [ 603.002371][T15196] ops_init+0x1df/0x5f0 [ 603.002397][T15196] setup_net+0x1ff/0x510 [ 603.002408][T15196] ? lockdep_init_map_type+0x5c/0x280 [ 603.002428][T15196] ? __pfx_setup_net+0x10/0x10 [ 603.002442][T15196] ? debug_mutex_init+0x37/0x70 [ 603.002458][T15196] copy_net_ns+0x2a6/0x5f0 [ 603.002474][T15196] create_new_namespaces+0x3ea/0xa90 [ 603.002494][T15196] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 603.002511][T15196] ksys_unshare+0x45b/0xa40 [ 603.002529][T15196] ? __pfx_ksys_unshare+0x10/0x10 [ 603.002548][T15196] ? xfd_validate_state+0x61/0x180 [ 603.002574][T15196] __x64_sys_unshare+0x31/0x40 [ 603.002592][T15196] do_syscall_64+0xcd/0x490 [ 603.002615][T15196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.002629][T15196] RIP: 0033:0x7f8243d8e929 [ 603.002642][T15196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 603.002656][T15196] RSP: 002b:00007f8244c45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 603.002669][T15196] RAX: ffffffffffffffda RBX: 00007f8243fb5fa0 RCX: 00007f8243d8e929 [ 603.002679][T15196] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 603.002687][T15196] RBP: 00007f8243e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 603.002696][T15196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 603.002705][T15196] R13: 0000000000000000 R14: 00007f8243fb5fa0 R15: 00007fff2e8d3e38 [ 603.002723][T15196] [ 603.243968][ C0] vkms_vblank_simulate: vblank timer overrun [ 605.520217][T15268] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2292'. [ 608.027522][T15326] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2306'. [ 608.488192][T15330] FAULT_INJECTION: forcing a failure. [ 608.488192][T15330] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 608.593434][T15330] CPU: 1 UID: 0 PID: 15330 Comm: syz.3.2308 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 608.593476][T15330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 608.593492][T15330] Call Trace: [ 608.593501][T15330] [ 608.593511][T15330] dump_stack_lvl+0x16c/0x1f0 [ 608.593556][T15330] should_fail_ex+0x512/0x640 [ 608.593598][T15330] strncpy_from_user+0x3b/0x2e0 [ 608.593639][T15330] getname_flags.part.0+0x8f/0x550 [ 608.593674][T15330] getname_flags+0x93/0xf0 [ 608.593708][T15330] do_sys_openat2+0xb8/0x1d0 [ 608.593737][T15330] ? __pfx_do_sys_openat2+0x10/0x10 [ 608.593791][T15330] __x64_sys_open+0x153/0x1e0 [ 608.593823][T15330] ? __pfx___x64_sys_open+0x10/0x10 [ 608.593861][T15330] ? rcu_is_watching+0x12/0xc0 [ 608.593891][T15330] do_syscall_64+0xcd/0x490 [ 608.593932][T15330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.593963][T15330] RIP: 0033:0x7f748a18e929 [ 608.593984][T15330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 608.594010][T15330] RSP: 002b:00007f748afa2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 608.594034][T15330] RAX: ffffffffffffffda RBX: 00007f748a3b5fa0 RCX: 00007f748a18e929 [ 608.594051][T15330] RDX: 0000000000000134 RSI: 0000000000000000 RDI: 0000000000000000 [ 608.594067][T15330] RBP: 00007f748a210b39 R08: 0000000000000000 R09: 0000000000000000 [ 608.594083][T15330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 608.594098][T15330] R13: 0000000000000000 R14: 00007f748a3b5fa0 R15: 00007fffe4a74028 [ 608.594133][T15330] [ 608.969257][T15333] ecryptfs_parse_packet_length: Error parsing packet length [ 609.003856][T15333] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 610.340490][T15362] FAULT_INJECTION: forcing a failure. [ 610.340490][T15362] name failslab, interval 1, probability 0, space 0, times 0 [ 610.376379][T15362] CPU: 0 UID: 0 PID: 15362 Comm: syz.2.2316 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 610.376415][T15362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 610.376431][T15362] Call Trace: [ 610.376439][T15362] [ 610.376449][T15362] dump_stack_lvl+0x16c/0x1f0 [ 610.376492][T15362] should_fail_ex+0x512/0x640 [ 610.376525][T15362] ? __kmalloc_noprof+0xbf/0x510 [ 610.376562][T15362] ? __register_sysctl_table+0xea2/0x1900 [ 610.376608][T15362] should_failslab+0xc2/0x120 [ 610.376633][T15362] __kmalloc_noprof+0xd2/0x510 [ 610.376668][T15362] ? __register_sysctl_table+0xe8e/0x1900 [ 610.376712][T15362] __register_sysctl_table+0xea2/0x1900 [ 610.376757][T15362] ? __pfx___register_sysctl_table+0x10/0x10 [ 610.376793][T15362] ? is_module_address+0x69/0xf0 [ 610.376826][T15362] ? register_net_sysctl_sz+0x228/0x3e0 [ 610.376859][T15362] __devinet_sysctl_register+0x1b9/0x360 [ 610.376895][T15362] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 610.376928][T15362] ? devinet_init_net+0xeb/0x910 [ 610.376959][T15362] ? __asan_memcpy+0x3c/0x60 [ 610.376993][T15362] devinet_init_net+0x315/0x910 [ 610.377025][T15362] ? __pfx_devinet_init_net+0x10/0x10 [ 610.377054][T15362] ops_init+0x1df/0x5f0 [ 610.377095][T15362] setup_net+0x1ff/0x510 [ 610.377116][T15362] ? lockdep_init_map_type+0x5c/0x280 [ 610.377148][T15362] ? __pfx_setup_net+0x10/0x10 [ 610.377174][T15362] ? debug_mutex_init+0x37/0x70 [ 610.377203][T15362] copy_net_ns+0x2a6/0x5f0 [ 610.377233][T15362] create_new_namespaces+0x3ea/0xa90 [ 610.377269][T15362] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 610.377299][T15362] ksys_unshare+0x45b/0xa40 [ 610.377328][T15362] ? __pfx_ksys_unshare+0x10/0x10 [ 610.377357][T15362] ? xfd_validate_state+0x61/0x180 [ 610.377396][T15362] __x64_sys_unshare+0x31/0x40 [ 610.377426][T15362] do_syscall_64+0xcd/0x490 [ 610.377463][T15362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.377487][T15362] RIP: 0033:0x7fc79fb8e929 [ 610.377508][T15362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 610.377532][T15362] RSP: 002b:00007fc7a0989038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 610.377556][T15362] RAX: ffffffffffffffda RBX: 00007fc79fdb6080 RCX: 00007fc79fb8e929 [ 610.377572][T15362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 610.377595][T15362] RBP: 00007fc79fc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 610.377610][T15362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 610.377626][T15362] R13: 0000000000000000 R14: 00007fc79fdb6080 R15: 00007ffcca626138 [ 610.377660][T15362] [ 610.378760][T15362] sysctl could not get directory: /net/ipv4/conf -12 [ 610.756344][T15379] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2320'. [ 611.452186][T15388] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2321'. [ 611.841452][T15390] zram: Cannot change disksize for initialized device [ 613.272320][T15406] FAULT_INJECTION: forcing a failure. [ 613.272320][T15406] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 613.300418][T15406] CPU: 1 UID: 0 PID: 15406 Comm: syz.3.2326 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 613.300453][T15406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 613.300466][T15406] Call Trace: [ 613.300474][T15406] [ 613.300482][T15406] dump_stack_lvl+0x16c/0x1f0 [ 613.300520][T15406] should_fail_ex+0x512/0x640 [ 613.300558][T15406] core_sys_select+0x4c5/0xc10 [ 613.300597][T15406] ? __pfx_core_sys_select+0x10/0x10 [ 613.300634][T15406] ? proc_fail_nth_write+0x9f/0x250 [ 613.300691][T15406] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 613.300735][T15406] kern_select+0x15d/0x1e0 [ 613.300764][T15406] ? __pfx_kern_select+0x10/0x10 [ 613.300798][T15406] ? __pfx_ksys_write+0x10/0x10 [ 613.300833][T15406] __x64_sys_select+0xbd/0x160 [ 613.300860][T15406] ? do_syscall_64+0x91/0x490 [ 613.300893][T15406] ? lockdep_hardirqs_on+0x7c/0x110 [ 613.300925][T15406] do_syscall_64+0xcd/0x490 [ 613.300961][T15406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.300980][T15406] RIP: 0033:0x7f748a18e929 [ 613.300995][T15406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 613.301011][T15406] RSP: 002b:00007f748afa2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 613.301032][T15406] RAX: ffffffffffffffda RBX: 00007f748a3b5fa0 RCX: 00007f748a18e929 [ 613.301047][T15406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 613.301060][T15406] RBP: 00007f748afa2090 R08: 0000000000000000 R09: 0000000000000000 [ 613.301074][T15406] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 613.301089][T15406] R13: 0000000000000000 R14: 00007f748a3b5fa0 R15: 00007fffe4a74028 [ 613.301119][T15406] [ 613.892961][T15434] FAULT_INJECTION: forcing a failure. [ 613.892961][T15434] name failslab, interval 1, probability 0, space 0, times 0 [ 613.912116][T15433] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2331'. [ 613.934223][T15434] CPU: 1 UID: 0 PID: 15434 Comm: syz.0.2332 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 613.934258][T15434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 613.934272][T15434] Call Trace: [ 613.934280][T15434] [ 613.934289][T15434] dump_stack_lvl+0x16c/0x1f0 [ 613.934319][T15434] should_fail_ex+0x512/0x640 [ 613.934341][T15434] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 613.934365][T15434] should_failslab+0xc2/0x120 [ 613.934380][T15434] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 613.934401][T15434] ? security_file_alloc+0x34/0x2b0 [ 613.934423][T15434] security_file_alloc+0x34/0x2b0 [ 613.934441][T15434] init_file+0x93/0x4c0 [ 613.934458][T15434] alloc_empty_file+0x73/0x1e0 [ 613.934474][T15434] path_openat+0xda/0x2cb0 [ 613.934494][T15434] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.934515][T15434] ? __pfx_path_openat+0x10/0x10 [ 613.934536][T15434] ? __lock_acquire+0xb8a/0x1c90 [ 613.934558][T15434] do_filp_open+0x20b/0x470 [ 613.934579][T15434] ? __pfx_do_filp_open+0x10/0x10 [ 613.934612][T15434] ? alloc_fd+0x471/0x7d0 [ 613.934637][T15434] do_sys_openat2+0x11b/0x1d0 [ 613.934653][T15434] ? __pfx_do_sys_openat2+0x10/0x10 [ 613.934671][T15434] ? __fget_files+0x20e/0x3c0 [ 613.934694][T15434] __x64_sys_openat+0x174/0x210 [ 613.934710][T15434] ? __pfx___x64_sys_openat+0x10/0x10 [ 613.934726][T15434] ? ksys_write+0x1ac/0x250 [ 613.934752][T15434] do_syscall_64+0xcd/0x490 [ 613.934776][T15434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.934790][T15434] RIP: 0033:0x7f9aa238e929 [ 613.934802][T15434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 613.934816][T15434] RSP: 002b:00007f9aa3268038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 613.934830][T15434] RAX: ffffffffffffffda RBX: 00007f9aa25b6160 RCX: 00007f9aa238e929 [ 613.934839][T15434] RDX: 0000000000004700 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 613.934848][T15434] RBP: 00007f9aa3268090 R08: 0000000000000000 R09: 0000000000000000 [ 613.934856][T15434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 613.934864][T15434] R13: 0000000000000000 R14: 00007f9aa25b6160 R15: 00007ffddcb9ffa8 [ 613.934882][T15434] [ 614.654254][T15447] FAULT_INJECTION: forcing a failure. [ 614.654254][T15447] name failslab, interval 1, probability 0, space 0, times 0 [ 614.702066][T15447] CPU: 0 UID: 0 PID: 15447 Comm: syz.0.2334 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 614.702102][T15447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 614.702116][T15447] Call Trace: [ 614.702124][T15447] [ 614.702133][T15447] dump_stack_lvl+0x16c/0x1f0 [ 614.702180][T15447] should_fail_ex+0x512/0x640 [ 614.702212][T15447] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 614.702250][T15447] should_failslab+0xc2/0x120 [ 614.702273][T15447] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 614.702307][T15447] ? security_file_alloc+0x34/0x2b0 [ 614.702342][T15447] security_file_alloc+0x34/0x2b0 [ 614.702372][T15447] init_file+0x93/0x4c0 [ 614.702396][T15447] alloc_empty_file+0x73/0x1e0 [ 614.702422][T15447] path_openat+0xda/0x2cb0 [ 614.702451][T15447] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.702489][T15447] ? __pfx_path_openat+0x10/0x10 [ 614.702531][T15447] do_filp_open+0x20b/0x470 [ 614.702563][T15447] ? __pfx_do_filp_open+0x10/0x10 [ 614.702620][T15447] ? _raw_spin_unlock+0x28/0x50 [ 614.702649][T15447] ? alloc_fd+0x471/0x7d0 [ 614.702689][T15447] do_sys_openat2+0x11b/0x1d0 [ 614.702715][T15447] ? __pfx_do_sys_openat2+0x10/0x10 [ 614.702744][T15447] ? __fget_files+0x20e/0x3c0 [ 614.702782][T15447] __x64_sys_open+0x153/0x1e0 [ 614.702808][T15447] ? __pfx___x64_sys_open+0x10/0x10 [ 614.702842][T15447] ? rcu_is_watching+0x12/0xc0 [ 614.702870][T15447] do_syscall_64+0xcd/0x490 [ 614.702906][T15447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.702930][T15447] RIP: 0033:0x7f9aa238e929 [ 614.702950][T15447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 614.702973][T15447] RSP: 002b:00007f9aa32aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 614.702996][T15447] RAX: ffffffffffffffda RBX: 00007f9aa25b5fa0 RCX: 00007f9aa238e929 [ 614.703012][T15447] RDX: 0000000000000154 RSI: 0000000000022240 RDI: 0000200000000040 [ 614.703028][T15447] RBP: 00007f9aa32aa090 R08: 0000000000000000 R09: 0000000000000000 [ 614.703043][T15447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 614.703057][T15447] R13: 0000000000000000 R14: 00007f9aa25b5fa0 R15: 00007ffddcb9ffa8 [ 614.703089][T15447] [ 615.621522][T15465] lo: entered allmulticast mode [ 615.794769][T15469] FAULT_INJECTION: forcing a failure. [ 615.794769][T15469] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 615.912657][T15469] CPU: 0 UID: 0 PID: 15469 Comm: syz.3.2339 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 615.912692][T15469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 615.912705][T15469] Call Trace: [ 615.912713][T15469] [ 615.912722][T15469] dump_stack_lvl+0x16c/0x1f0 [ 615.912761][T15469] should_fail_ex+0x512/0x640 [ 615.912798][T15469] _copy_from_user+0x2e/0xd0 [ 615.912831][T15469] get_bitmap+0x6d/0x110 [ 615.912866][T15469] get_nodes+0x1df/0x210 [ 615.912898][T15469] ? __pfx_get_nodes+0x10/0x10 [ 615.912930][T15469] ? __fget_files+0x20e/0x3c0 [ 615.912966][T15469] kernel_migrate_pages+0xeb/0x750 [ 615.912985][T15469] ? __pfx_kernel_migrate_pages+0x10/0x10 [ 615.913009][T15469] ? ksys_write+0x1ac/0x250 [ 615.913030][T15469] ? __pfx_ksys_write+0x10/0x10 [ 615.913053][T15469] __x64_sys_migrate_pages+0x96/0x100 [ 615.913068][T15469] ? lockdep_hardirqs_on+0x7c/0x110 [ 615.913089][T15469] do_syscall_64+0xcd/0x490 [ 615.913112][T15469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.913127][T15469] RIP: 0033:0x7f748a18e929 [ 615.913143][T15469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 615.913157][T15469] RSP: 002b:00007f748af60038 EFLAGS: 00000246 ORIG_RAX: 0000000000000100 [ 615.913171][T15469] RAX: ffffffffffffffda RBX: 00007f748a3b6160 RCX: 00007f748a18e929 [ 615.913181][T15469] RDX: 00002000000000c0 RSI: 000000000000007f RDI: 0000000000000000 [ 615.913190][T15469] RBP: 00007f748af60090 R08: 0000000000000000 R09: 0000000000000000 [ 615.913199][T15469] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001 [ 615.913208][T15469] R13: 0000000000000000 R14: 00007f748a3b6160 R15: 00007fffe4a74028 [ 615.913225][T15469] [ 616.230502][T15462] lo: left allmulticast mode [ 616.667609][T15486] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2344'. [ 618.639307][T15511] netlink: 'syz.0.2348': attribute type 3 has an invalid length. [ 618.693665][T15514] zram: Cannot change disksize for initialized device [ 619.585780][T15530] can: request_module (can-proto-0) failed. [ 620.147280][T15542] netlink: 'syz.2.2356': attribute type 16 has an invalid length. [ 620.215410][T15542] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2356'. [ 620.805318][T15560] netlink: 'syz.3.2360': attribute type 16 has an invalid length. [ 620.825435][T15553] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2359'. [ 620.834751][T15560] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2360'. [ 621.014812][T15565] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2361'. [ 621.401647][T15546] Process accounting paused [ 621.710771][T15581] netlink: 'syz.0.2366': attribute type 16 has an invalid length. [ 621.722753][T15581] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2366'. [ 623.536907][ T5152] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 623.548009][ T5152] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 623.557442][ T5152] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 623.589855][ T5152] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 623.605307][ T5152] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 623.770953][ T999] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.960119][ T5152] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 624.193929][ T999] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.308494][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.314870][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.519517][ T999] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.801863][ T999] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.839649][T15614] chnl_net:caif_netlink_parms(): no params data found [ 624.997774][T15635] FAULT_INJECTION: forcing a failure. [ 624.997774][T15635] name failslab, interval 1, probability 0, space 0, times 0 [ 625.065846][T15635] CPU: 0 UID: 0 PID: 15635 Comm: syz.0.2380 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 625.065887][T15635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 625.065904][T15635] Call Trace: [ 625.065912][T15635] [ 625.065922][T15635] dump_stack_lvl+0x16c/0x1f0 [ 625.065965][T15635] should_fail_ex+0x512/0x640 [ 625.065999][T15635] ? __kmalloc_noprof+0xbf/0x510 [ 625.066035][T15635] ? ptp_open+0x103/0x520 [ 625.066061][T15635] should_failslab+0xc2/0x120 [ 625.066096][T15635] __kmalloc_noprof+0xd2/0x510 [ 625.066141][T15635] ptp_open+0x103/0x520 [ 625.066176][T15635] ? __pfx_ptp_open+0x10/0x10 [ 625.066216][T15635] ? __pfx_ptp_open+0x10/0x10 [ 625.066243][T15635] posix_clock_open+0x17b/0x290 [ 625.066272][T15635] ? __pfx_posix_clock_open+0x10/0x10 [ 625.066298][T15635] chrdev_open+0x231/0x6a0 [ 625.066333][T15635] ? __pfx_apparmor_file_open+0x10/0x10 [ 625.066364][T15635] ? __pfx_chrdev_open+0x10/0x10 [ 625.066401][T15635] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 625.066440][T15635] do_dentry_open+0x744/0x1c10 [ 625.066476][T15635] ? __pfx_chrdev_open+0x10/0x10 [ 625.066519][T15635] vfs_open+0x82/0x3f0 [ 625.066548][T15635] path_openat+0x1de4/0x2cb0 [ 625.066594][T15635] ? __pfx_path_openat+0x10/0x10 [ 625.066630][T15635] ? __lock_acquire+0xb8a/0x1c90 [ 625.066667][T15635] do_filp_open+0x20b/0x470 [ 625.066701][T15635] ? __pfx_do_filp_open+0x10/0x10 [ 625.066762][T15635] ? alloc_fd+0x471/0x7d0 [ 625.066805][T15635] do_sys_openat2+0x11b/0x1d0 [ 625.066833][T15635] ? __pfx_do_sys_openat2+0x10/0x10 [ 625.066875][T15635] __x64_sys_openat+0x174/0x210 [ 625.066903][T15635] ? __pfx___x64_sys_openat+0x10/0x10 [ 625.066945][T15635] do_syscall_64+0xcd/0x490 [ 625.066985][T15635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.067011][T15635] RIP: 0033:0x7f9aa238e929 [ 625.067033][T15635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.067059][T15635] RSP: 002b:00007f9aa3289038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 625.067095][T15635] RAX: ffffffffffffffda RBX: 00007f9aa25b6080 RCX: 00007f9aa238e929 [ 625.067113][T15635] RDX: 0000000000000440 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 625.067129][T15635] RBP: 00007f9aa2410b39 R08: 0000000000000000 R09: 0000000000000000 [ 625.067145][T15635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 625.067162][T15635] R13: 0000000000000000 R14: 00007f9aa25b6080 R15: 00007ffddcb9ffa8 [ 625.067197][T15635] [ 625.530759][ T999] netdevsim netdevsim15 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.652843][T15614] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.690451][ T5152] Bluetooth: hci2: command tx timeout [ 625.696986][T15614] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.724394][T15614] bridge_slave_0: entered allmulticast mode [ 625.732231][T15614] bridge_slave_0: entered promiscuous mode [ 625.798545][T15614] bridge0: port 2(bridge_slave_1) entered blocking state [ 625.807423][T15614] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.815174][T15614] bridge_slave_1: entered allmulticast mode [ 625.822887][T15614] bridge_slave_1: entered promiscuous mode [ 625.937289][T15614] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 626.055731][T15614] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 626.197834][ T999] bridge_slave_1: left allmulticast mode [ 626.211866][ T999] bridge_slave_1: left promiscuous mode [ 626.230067][ T999] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.292628][ T999] bridge_slave_0: left allmulticast mode [ 626.309540][ T999] bridge_slave_0: left promiscuous mode [ 626.326617][ T999] bridge0: port 1(bridge_slave_0) entered disabled state [ 627.484551][ T999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 627.509113][ T999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 627.528625][ T999] bond0 (unregistering): Released all slaves [ 627.562490][T15614] team0: Port device team_slave_0 added [ 627.578696][T15657] bridge0: port 3(veth0_to_bridge) entered blocking state [ 627.594990][T15657] bridge0: port 3(veth0_to_bridge) entered disabled state [ 627.615614][T15657] veth0_to_bridge: entered allmulticast mode [ 627.629384][T15657] veth0_to_bridge: entered promiscuous mode [ 627.638513][T15657] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 627.672548][T15657] bridge0: port 3(veth0_to_bridge) entered blocking state [ 627.681852][T15657] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 627.732229][T15614] team0: Port device team_slave_1 added [ 627.744101][ T5152] Bluetooth: hci2: command tx timeout [ 628.066280][T15614] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 628.086691][T15614] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 628.086751][T15614] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 628.117394][ C0] vkms_vblank_simulate: vblank timer overrun [ 628.131425][T15614] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 628.131445][T15614] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 628.131486][T15614] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 628.555618][T15614] hsr_slave_0: entered promiscuous mode [ 628.568490][T15614] hsr_slave_1: entered promiscuous mode [ 629.827393][ T5152] Bluetooth: hci2: command tx timeout [ 631.248966][ T999] hsr_slave_0: left promiscuous mode [ 631.277429][ T999] hsr_slave_1: left promiscuous mode [ 631.294049][ T999] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 631.311704][ T999] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 631.337156][ T999] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 631.354234][ T999] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 631.436334][ T999] veth0_macvtap: left promiscuous mode [ 631.442565][ T999] veth1_vlan: left promiscuous mode [ 631.454500][ T999] veth0_vlan: left promiscuous mode [ 631.904229][ T5152] Bluetooth: hci2: command tx timeout [ 632.428777][ T999] team0 (unregistering): Port device team_slave_1 removed [ 632.512282][ T999] team0 (unregistering): Port device team_slave_0 removed [ 633.841830][T15614] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 633.892837][T15614] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 633.931482][T15614] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 633.948391][T15614] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 634.225924][T15614] 8021q: adding VLAN 0 to HW filter on device bond0 [ 634.287163][T15614] 8021q: adding VLAN 0 to HW filter on device team0 [ 634.323386][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.330624][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 634.382198][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.389456][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 634.540763][T15775] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 635.087765][T15614] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 635.201866][T15614] veth0_vlan: entered promiscuous mode [ 635.243249][T15614] veth1_vlan: entered promiscuous mode [ 635.386065][T15787] FAULT_INJECTION: forcing a failure. [ 635.386065][T15787] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 635.404337][T15787] CPU: 0 UID: 0 PID: 15787 Comm: syz.0.2400 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 635.404376][T15787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 635.404391][T15787] Call Trace: [ 635.404400][T15787] [ 635.404410][T15787] dump_stack_lvl+0x16c/0x1f0 [ 635.404453][T15787] should_fail_ex+0x512/0x640 [ 635.404491][T15787] should_fail_alloc_page+0xe7/0x130 [ 635.404519][T15787] prepare_alloc_pages+0x3c2/0x610 [ 635.404548][T15787] ? rcu_is_watching+0x12/0xc0 [ 635.404577][T15787] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 635.404624][T15787] ? stack_trace_save+0x8e/0xc0 [ 635.404651][T15787] ? __pfx_stack_trace_save+0x10/0x10 [ 635.404677][T15787] ? stack_depot_save_flags+0x28/0xa40 [ 635.404710][T15787] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 635.404745][T15787] ? kasan_save_stack+0x42/0x60 [ 635.404773][T15787] ? kasan_save_stack+0x33/0x60 [ 635.404803][T15787] ? kasan_save_track+0x14/0x30 [ 635.404832][T15787] ? __kasan_kmalloc+0xaa/0xb0 [ 635.404862][T15787] ? mon_bin_open+0x1a8/0x4a0 [ 635.404888][T15787] ? do_sys_openat2+0x11b/0x1d0 [ 635.404913][T15787] ? __x64_sys_openat+0x174/0x210 [ 635.404939][T15787] ? do_syscall_64+0xcd/0x490 [ 635.404972][T15787] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.405005][T15787] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 635.405043][T15787] ? policy_nodemask+0xea/0x4e0 [ 635.405070][T15787] alloc_pages_mpol+0x1fb/0x550 [ 635.405095][T15787] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 635.405130][T15787] alloc_pages_noprof+0x131/0x390 [ 635.405156][T15787] get_zeroed_page_noprof+0x18/0xb0 [ 635.405184][T15787] mon_alloc_buff+0xce/0x1b0 [ 635.405219][T15787] ? kasan_save_track+0x14/0x30 [ 635.405257][T15787] mon_bin_open+0x207/0x4a0 [ 635.405281][T15787] ? __pfx_mon_bin_open+0x10/0x10 [ 635.405304][T15787] chrdev_open+0x231/0x6a0 [ 635.405349][T15787] ? __pfx_chrdev_open+0x10/0x10 [ 635.405389][T15787] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 635.405428][T15787] do_dentry_open+0x744/0x1c10 [ 635.405464][T15787] ? __pfx_chrdev_open+0x10/0x10 [ 635.405507][T15787] vfs_open+0x82/0x3f0 [ 635.405539][T15787] path_openat+0x1de4/0x2cb0 [ 635.405585][T15787] ? __pfx_path_openat+0x10/0x10 [ 635.405622][T15787] ? __lock_acquire+0xb8a/0x1c90 [ 635.405657][T15787] do_filp_open+0x20b/0x470 [ 635.405692][T15787] ? __pfx_do_filp_open+0x10/0x10 [ 635.405753][T15787] ? alloc_fd+0x471/0x7d0 [ 635.405797][T15787] do_sys_openat2+0x11b/0x1d0 [ 635.405824][T15787] ? __pfx_do_sys_openat2+0x10/0x10 [ 635.405867][T15787] __x64_sys_openat+0x174/0x210 [ 635.405894][T15787] ? __pfx___x64_sys_openat+0x10/0x10 [ 635.405938][T15787] do_syscall_64+0xcd/0x490 [ 635.405976][T15787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.406002][T15787] RIP: 0033:0x7f9aa238e929 [ 635.406022][T15787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 635.406046][T15787] RSP: 002b:00007f9aa32aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 635.406071][T15787] RAX: ffffffffffffffda RBX: 00007f9aa25b5fa0 RCX: 00007f9aa238e929 [ 635.406088][T15787] RDX: 0000000000080080 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 635.406104][T15787] RBP: 00007f9aa2410b39 R08: 0000000000000000 R09: 0000000000000000 [ 635.406120][T15787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 635.406134][T15787] R13: 0000000000000000 R14: 00007f9aa25b5fa0 R15: 00007ffddcb9ffa8 [ 635.406169][T15787] [ 635.752135][ C0] vkms_vblank_simulate: vblank timer overrun [ 635.779363][T15614] veth0_macvtap: entered promiscuous mode [ 635.819262][T15614] veth1_macvtap: entered promiscuous mode [ 635.900594][T15614] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 635.915189][T15614] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 635.926186][T15614] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.935169][T15614] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.944784][T15614] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 635.953497][T15614] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.135210][ T999] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 636.171510][ T999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 636.272156][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 636.316564][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 637.141191][T15828] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2406'. [ 637.182930][T15828] netlink: 214 bytes leftover after parsing attributes in process `syz.1.2406'. [ 637.229862][T15828] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 637.237695][T15828] IPv6: NLM_F_CREATE should be set when creating new route [ 637.245054][T15828] IPv6: NLM_F_CREATE should be set when creating new route [ 637.252478][T15828] IPv6: NLM_F_CREATE should be set when creating new route [ 637.968443][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 637.977072][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 637.989340][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 638.010974][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 638.022160][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 638.148741][T15850] netlink: 'syz.1.2409': attribute type 16 has an invalid length. [ 638.172936][T15850] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2409'. [ 638.688141][T15865] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2411'. [ 638.811500][ T2981] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.167079][ T2981] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.459494][ T2981] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.528729][T15845] chnl_net:caif_netlink_parms(): no params data found [ 640.051780][ T2981] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.064051][ T5152] Bluetooth: hci4: command tx timeout [ 640.545387][T15845] bridge0: port 1(bridge_slave_0) entered blocking state [ 640.568254][T15845] bridge0: port 1(bridge_slave_0) entered disabled state [ 640.604224][T15845] bridge_slave_0: entered allmulticast mode [ 640.665920][T15845] bridge_slave_0: entered promiscuous mode [ 640.688838][T15845] bridge0: port 2(bridge_slave_1) entered blocking state [ 640.708223][T15845] bridge0: port 2(bridge_slave_1) entered disabled state [ 640.733775][T15907] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2416'. [ 640.748434][T15845] bridge_slave_1: entered allmulticast mode [ 640.765852][T15845] bridge_slave_1: entered promiscuous mode [ 640.834158][T15907] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2416'. [ 640.844511][T15907] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2416'. [ 640.865659][T15907] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2416'. [ 640.875933][T15907] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2416'. [ 641.171714][T15845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 641.259074][T15915] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 641.271845][T15845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 641.501824][ T2981] veth0_to_bridge: left allmulticast mode [ 641.511884][ T2981] veth0_to_bridge: left promiscuous mode [ 641.554360][ T2981] bridge0: port 3(veth0_to_bridge) entered disabled state [ 641.638870][ T2981] bridge_slave_1: left allmulticast mode [ 641.653036][ T2981] bridge_slave_1: left promiscuous mode [ 641.663130][ T2981] bridge0: port 2(bridge_slave_1) entered disabled state [ 641.683795][ T2981] bridge_slave_0: left allmulticast mode [ 641.718440][ T2981] bridge_slave_0: left promiscuous mode [ 641.744206][ T2981] bridge0: port 1(bridge_slave_0) entered disabled state [ 642.144524][ T5152] Bluetooth: hci4: command tx timeout [ 642.826890][ T2981] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 642.837170][ T2981] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 642.847114][ T2981] bond0 (unregistering): Released all slaves [ 642.910880][T15845] team0: Port device team_slave_0 added [ 642.941653][T15938] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2421'. [ 642.997505][T15845] team0: Port device team_slave_1 added [ 643.205485][T15952] FAULT_INJECTION: forcing a failure. [ 643.205485][T15952] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 643.255558][T15952] CPU: 0 UID: 0 PID: 15952 Comm: syz.2.2424 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 643.255594][T15952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 643.255608][T15952] Call Trace: [ 643.255616][T15952] [ 643.255626][T15952] dump_stack_lvl+0x16c/0x1f0 [ 643.255665][T15952] should_fail_ex+0x512/0x640 [ 643.255702][T15952] _copy_from_user+0x2e/0xd0 [ 643.255738][T15952] do_sock_getsockopt+0x5f4/0x800 [ 643.255769][T15952] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 643.255793][T15952] ? __fget_files+0x204/0x3c0 [ 643.255840][T15952] __sys_getsockopt+0x123/0x1b0 [ 643.255880][T15952] __x64_sys_getsockopt+0xbd/0x160 [ 643.255911][T15952] ? do_syscall_64+0x91/0x490 [ 643.255944][T15952] ? lockdep_hardirqs_on+0x7c/0x110 [ 643.255976][T15952] do_syscall_64+0xcd/0x490 [ 643.256012][T15952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.256037][T15952] RIP: 0033:0x7f6e9e58e929 [ 643.256056][T15952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 643.256079][T15952] RSP: 002b:00007f6e9f3c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 643.256101][T15952] RAX: ffffffffffffffda RBX: 00007f6e9e7b5fa0 RCX: 00007f6e9e58e929 [ 643.256117][T15952] RDX: 000000000000001d RSI: 0000000000000084 RDI: 0000000000000003 [ 643.256130][T15952] RBP: 00007f6e9f3c4090 R08: 0000000000000000 R09: 0000000000000000 [ 643.256144][T15952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 643.256158][T15952] R13: 0000000000000000 R14: 00007f6e9e7b5fa0 R15: 00007ffc3ffba7f8 [ 643.256190][T15952] [ 643.426893][ C0] vkms_vblank_simulate: vblank timer overrun [ 643.564025][T15845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 643.580834][T15845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 643.615680][T15845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 643.815806][T15845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 643.836823][T15845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 643.874125][T15845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 644.057263][T15845] hsr_slave_0: entered promiscuous mode [ 644.066707][T15845] hsr_slave_1: entered promiscuous mode [ 644.073204][T15845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 644.081588][T15845] Cannot create hsr debugfs directory [ 644.224407][ T5152] Bluetooth: hci4: command tx timeout [ 645.029406][ T2981] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 645.062736][ T2981] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 645.091055][ T2981] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 645.115646][ T2981] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 645.236862][ T2981] veth0_macvtap: left promiscuous mode [ 645.278127][ T2981] veth1_vlan: left promiscuous mode [ 645.307251][ T2981] veth0_vlan: left promiscuous mode [ 646.255104][T16026] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2434'. [ 646.304280][ T5152] Bluetooth: hci4: command tx timeout [ 646.349343][T16026] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2434'. [ 647.219978][ T2981] team0 (unregistering): Port device team_slave_1 removed [ 647.389571][ T2981] team0 (unregistering): Port device team_slave_0 removed [ 649.359396][T16079] ima: policy update failed [ 649.405901][ T30] audit: type=1802 audit(6045767674.446:12): pid=16079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2440" res=0 errno=0 [ 649.868583][T15845] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 649.910495][T15845] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 649.940132][T15845] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 649.977795][T15845] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 650.306608][T15845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 650.387007][T15845] 8021q: adding VLAN 0 to HW filter on device team0 [ 650.448724][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state [ 650.456038][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 650.557519][ T3017] bridge0: port 2(bridge_slave_1) entered blocking state [ 650.564754][ T3017] bridge0: port 2(bridge_slave_1) entered forwarding state [ 650.591974][T15845] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 650.686610][T15845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 651.567802][T16123] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2446'. [ 651.908450][T15845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 652.287447][T15845] veth0_vlan: entered promiscuous mode [ 652.379151][T15845] veth1_vlan: entered promiscuous mode [ 652.526040][T15845] veth0_macvtap: entered promiscuous mode [ 652.574547][T15845] veth1_macvtap: entered promiscuous mode [ 652.591896][T15845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 652.602495][T15845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 652.612123][T15845] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.621234][T15845] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.634142][T15845] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.642839][T15845] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.990701][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 653.004079][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 653.173502][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 653.189724][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 654.387892][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 654.407749][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 654.415925][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 654.425380][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 654.433698][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 654.464065][T16179] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 655.332832][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.396592][T16181] chnl_net:caif_netlink_parms(): no params data found [ 655.539311][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.056319][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.329654][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.465022][ T5841] Bluetooth: hci1: command tx timeout [ 656.672619][T16181] bridge0: port 1(bridge_slave_0) entered blocking state [ 656.684208][T16181] bridge0: port 1(bridge_slave_0) entered disabled state [ 656.704208][T16181] bridge_slave_0: entered allmulticast mode [ 656.711902][T16181] bridge_slave_0: entered promiscuous mode [ 656.763190][T16181] bridge0: port 2(bridge_slave_1) entered blocking state [ 656.798870][T16181] bridge0: port 2(bridge_slave_1) entered disabled state [ 656.822164][T16181] bridge_slave_1: entered allmulticast mode [ 656.866148][T16181] bridge_slave_1: entered promiscuous mode [ 657.125458][T16181] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 657.320088][T16181] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 657.487090][T16227] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2461'. [ 657.622923][T16181] team0: Port device team_slave_0 added [ 657.788800][T16231] program syz.2.2463 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 657.818391][T16181] team0: Port device team_slave_1 added [ 657.856996][ T12] bridge_slave_1: left allmulticast mode [ 657.869350][ T12] bridge_slave_1: left promiscuous mode [ 657.876471][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.893140][ T12] bridge_slave_0: left allmulticast mode [ 657.899071][ T12] bridge_slave_0: left promiscuous mode [ 657.911455][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 658.492629][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 658.503210][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 658.526936][ T12] bond0 (unregistering): Released all slaves [ 658.544239][ T5841] Bluetooth: hci1: command tx timeout [ 658.573265][T16181] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 658.600808][T16181] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 658.626808][ C0] vkms_vblank_simulate: vblank timer overrun [ 658.650671][T16181] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 658.676509][ T12] ovs_: left promiscuous mode [ 658.704194][T16181] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 658.712207][T16181] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 658.738122][ C0] vkms_vblank_simulate: vblank timer overrun [ 658.757255][T16181] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 659.009244][T16181] hsr_slave_0: entered promiscuous mode [ 659.041067][T16181] hsr_slave_1: entered promiscuous mode [ 659.095039][T16181] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 659.114136][T16181] Cannot create hsr debugfs directory [ 660.059608][ T12] hsr_slave_0: left promiscuous mode [ 660.089663][ T12] hsr_slave_1: left promiscuous mode [ 660.111987][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 660.139505][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 660.170427][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 660.190749][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 660.265657][ T12] veth1_vlan: left promiscuous mode [ 660.278811][ T12] veth0_vlan: left promiscuous mode [ 660.292078][T16278] can: request_module (can-proto-0) failed. [ 660.295460][T16282] FAULT_INJECTION: forcing a failure. [ 660.295460][T16282] name failslab, interval 1, probability 0, space 0, times 0 [ 660.317041][T16282] CPU: 0 UID: 0 PID: 16282 Comm: syz.2.2471 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 660.317076][T16282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 660.317092][T16282] Call Trace: [ 660.317100][T16282] [ 660.317109][T16282] dump_stack_lvl+0x16c/0x1f0 [ 660.317149][T16282] should_fail_ex+0x512/0x640 [ 660.317181][T16282] ? __kvmalloc_node_noprof+0x124/0x620 [ 660.317219][T16282] should_failslab+0xc2/0x120 [ 660.317243][T16282] __kvmalloc_node_noprof+0x137/0x620 [ 660.317278][T16282] ? v4l2_ctrl_new+0x97d/0x2180 [ 660.317320][T16282] ? v4l2_ctrl_new+0x97d/0x2180 [ 660.317352][T16282] v4l2_ctrl_new+0x97d/0x2180 [ 660.317387][T16282] ? vfs_open+0x60/0x3f0 [ 660.317417][T16282] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 660.317460][T16282] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 660.317499][T16282] v4l2_ctrl_new_std+0x1be/0x290 [ 660.317587][T16282] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 660.317624][T16282] ? rcu_is_watching+0x12/0xc0 [ 660.317645][T16282] ? trace_kmalloc+0x2b/0xd0 [ 660.317664][T16282] ? __kvmalloc_node_noprof+0x298/0x620 [ 660.317694][T16282] ? v4l2_ctrl_handler_init_class+0x1fc/0x340 [ 660.317727][T16282] ? media_request_object_init+0x100/0x180 [ 660.317756][T16282] vicodec_open+0x1d0/0xf90 [ 660.317792][T16282] v4l2_open+0x222/0x490 [ 660.317823][T16282] ? __pfx_v4l2_open+0x10/0x10 [ 660.317851][T16282] chrdev_open+0x231/0x6a0 [ 660.317881][T16282] ? __pfx_apparmor_file_open+0x10/0x10 [ 660.317912][T16282] ? __pfx_chrdev_open+0x10/0x10 [ 660.317948][T16282] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 660.317980][T16282] do_dentry_open+0x744/0x1c10 [ 660.318010][T16282] ? __pfx_chrdev_open+0x10/0x10 [ 660.318050][T16282] vfs_open+0x82/0x3f0 [ 660.318081][T16282] path_openat+0x1de4/0x2cb0 [ 660.318129][T16282] ? __pfx_path_openat+0x10/0x10 [ 660.318168][T16282] ? __lock_acquire+0xb8a/0x1c90 [ 660.318210][T16282] do_filp_open+0x20b/0x470 [ 660.318253][T16282] ? __pfx_do_filp_open+0x10/0x10 [ 660.318308][T16282] ? alloc_fd+0x471/0x7d0 [ 660.318351][T16282] do_sys_openat2+0x11b/0x1d0 [ 660.318379][T16282] ? __pfx_do_sys_openat2+0x10/0x10 [ 660.318421][T16282] __x64_sys_openat+0x174/0x210 [ 660.318448][T16282] ? __pfx___x64_sys_openat+0x10/0x10 [ 660.318489][T16282] do_syscall_64+0xcd/0x490 [ 660.318536][T16282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.318564][T16282] RIP: 0033:0x7f6e9e58e929 [ 660.318585][T16282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 660.318610][T16282] RSP: 002b:00007f6e9f3a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 660.318635][T16282] RAX: ffffffffffffffda RBX: 00007f6e9e7b6080 RCX: 00007f6e9e58e929 [ 660.318652][T16282] RDX: 00000000000c4400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 660.318670][T16282] RBP: 00007f6e9e610b39 R08: 0000000000000000 R09: 0000000000000000 [ 660.318686][T16282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 660.318702][T16282] R13: 0000000000000000 R14: 00007f6e9e7b6080 R15: 00007ffc3ffba7f8 [ 660.318738][T16282] [ 660.626407][ C0] vkms_vblank_simulate: vblank timer overrun [ 660.644942][ T5841] Bluetooth: hci1: command tx timeout [ 660.865119][T16291] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2473'. [ 660.885135][T16291] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2473'. [ 660.905332][T16291] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2473'. [ 660.916870][T16291] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2473'. [ 660.926935][T16291] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2473'. [ 661.449756][ T12] team0 (unregistering): Port device team_slave_1 removed [ 661.543376][ T12] team0 (unregistering): Port device team_slave_0 removed [ 662.705250][ T5841] Bluetooth: hci1: command tx timeout [ 663.704677][T16181] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 663.727382][T16181] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 663.812981][T16181] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 663.887422][T16181] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 664.349484][T16181] 8021q: adding VLAN 0 to HW filter on device bond0 [ 664.405618][T16181] 8021q: adding VLAN 0 to HW filter on device team0 [ 664.450886][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 664.458018][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 664.488879][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 664.496004][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 664.758484][ T5841] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 665.289533][T16181] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 665.392584][T16181] veth0_vlan: entered promiscuous mode [ 665.433843][T16181] veth1_vlan: entered promiscuous mode [ 665.527774][T16181] veth0_macvtap: entered promiscuous mode [ 665.603888][T16181] veth1_macvtap: entered promiscuous mode [ 665.768367][T16181] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 666.107146][T16181] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 666.143425][T16181] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 666.169192][T16181] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 666.179005][T16181] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 666.195981][T16181] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 666.580117][ T3017] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 666.619013][ T3017] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 666.747002][ T999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 666.763455][ T999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 668.257278][T16434] sg_write: data in/out 2037591871/34135 bytes for SCSI command 0x70-- guessing data in; [ 668.257278][T16434] program syz.0.2493 not setting count and/or reply_len properly [ 668.302641][ T5152] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 668.319846][ T5152] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 668.340065][ T5152] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 668.349876][ T5152] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 668.358299][ T5152] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 668.922912][T16440] chnl_net:caif_netlink_parms(): no params data found [ 669.323666][T16466] can: request_module (can-proto-0) failed. [ 669.372451][T16440] bridge0: port 1(bridge_slave_0) entered blocking state [ 669.442078][T16440] bridge0: port 1(bridge_slave_0) entered disabled state [ 669.493706][T16440] bridge_slave_0: entered allmulticast mode [ 669.519425][T16440] bridge_slave_0: entered promiscuous mode [ 669.563650][T16440] bridge0: port 2(bridge_slave_1) entered blocking state [ 669.579669][T16481] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2500'. [ 669.579740][T16440] bridge0: port 2(bridge_slave_1) entered disabled state [ 669.620406][T16440] bridge_slave_1: entered allmulticast mode [ 669.638745][T16440] bridge_slave_1: entered promiscuous mode [ 669.849411][T16440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 669.936740][T16440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 670.209127][T16440] team0: Port device team_slave_0 added [ 670.390039][ T5841] Bluetooth: hci0: command tx timeout [ 670.451660][T16440] team0: Port device team_slave_1 added [ 670.592533][T16440] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 670.630963][T16440] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 670.756644][T16440] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 670.787393][T16440] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 670.795035][T16440] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 670.823544][T16440] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 671.103343][ T3017] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 671.300154][ T3017] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 671.463298][T16440] hsr_slave_0: entered promiscuous mode [ 671.495221][T16440] hsr_slave_1: entered promiscuous mode [ 671.501270][T16440] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 671.510962][T16440] Cannot create hsr debugfs directory [ 671.570847][ T3017] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 671.822570][ T3017] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.468570][ T5841] Bluetooth: hci0: command tx timeout [ 672.695843][ T3017] bridge_slave_1: left allmulticast mode [ 672.716061][ T3017] bridge_slave_1: left promiscuous mode [ 672.745408][ T3017] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.777994][ T3017] bridge_slave_0: left allmulticast mode [ 672.788918][ T3017] bridge_slave_0: left promiscuous mode [ 672.817493][ T3017] bridge0: port 1(bridge_slave_0) entered disabled state [ 674.138615][T16580] netlink: 296 bytes leftover after parsing attributes in process `syz.3.2515'. [ 674.201831][ T3017] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 674.213726][ T3017] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 674.229567][ T3017] bond0 (unregistering): Released all slaves [ 674.269886][T16569] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2513'. [ 674.361780][ T3017] tipc: Left network mode [ 674.544953][ T5841] Bluetooth: hci0: command tx timeout [ 674.700126][T16598] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2518'. [ 674.721998][T16598] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2518'. [ 674.755309][T16598] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2518'. [ 674.787018][T16598] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2518'. [ 674.803675][T16598] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2518'. [ 675.157840][ T3017] hsr_slave_0: left promiscuous mode [ 675.231554][ T3017] hsr_slave_1: left promiscuous mode [ 675.248089][ T3017] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 675.282950][ T3017] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 675.311834][ T3017] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 675.331426][ T3017] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 675.402350][ T3017] veth1_vlan: left promiscuous mode [ 675.435285][ T3017] veth0_vlan: left promiscuous mode [ 676.264527][ T3017] team0 (unregistering): Port device team_slave_1 removed [ 676.307960][ T3017] team0 (unregistering): Port device team_slave_0 removed [ 676.626995][ T5841] Bluetooth: hci0: command tx timeout [ 676.688788][T16633] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2524'. [ 676.842581][T16440] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 676.994518][T16440] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 677.056166][T16440] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 677.172005][T16440] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 677.888107][T16665] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2528'. [ 677.967942][T16668] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2529'. [ 678.553914][T16440] 8021q: adding VLAN 0 to HW filter on device bond0 [ 678.691267][T16440] 8021q: adding VLAN 0 to HW filter on device team0 [ 678.757543][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state [ 678.764846][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 678.882346][ T2981] bridge0: port 2(bridge_slave_1) entered blocking state [ 678.889577][ T2981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 679.441730][T16700] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2534'. [ 679.522453][T16699] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2534'. [ 679.687876][T16440] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 679.853125][T16440] veth0_vlan: entered promiscuous mode [ 679.976141][T16440] veth1_vlan: entered promiscuous mode [ 680.130833][T16440] veth0_macvtap: entered promiscuous mode [ 680.201468][T16440] veth1_macvtap: entered promiscuous mode [ 680.286173][T16440] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 680.328368][T16440] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 680.348855][T16440] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.376552][T16440] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.396342][T16440] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.638929][T16440] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.873763][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 680.892045][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 680.969561][ T2981] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 680.988126][ T2981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 682.874613][ T30] audit: type=1800 audit(6045767707.926:13): pid=16735 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2543" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 684.394877][ T30] audit: type=1804 audit(6045767709.436:14): pid=16762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2549" name="/newroot/36/file0" dev="tmpfs" ino=204 res=1 errno=0 [ 685.553808][T16782] zram: Cannot change disksize for initialized device [ 685.767223][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.774017][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.225647][T16797] __nla_validate_parse: 3 callbacks suppressed [ 686.225668][T16797] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2560'. [ 686.275038][T16797] HfR: entered promiscuous mode [ 686.991775][T16812] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 687.309025][T16817] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2565'. [ 688.603876][T16830] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2567'. [ 690.793124][ T30] audit: type=1326 audit(6045767715.846:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16882 comm="syz.3.2580" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff51538e929 code=0x0 [ 691.210181][T16896] usbip-vudc usbip-vudc.0: gadget not bound [ 691.696585][T16901] zram: Cannot change disksize for initialized device [ 691.984670][T16914] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2591'. [ 692.006575][T16914] macsec0: entered allmulticast mode [ 692.011938][T16914] veth1_macvtap: entered allmulticast mode [ 692.125759][T16917] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2590'. [ 692.151042][T16917] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2590'. [ 692.162377][T16917] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2590'. [ 692.172065][T16917] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2590'. [ 692.181824][T16917] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2590'. [ 692.555382][T16929] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2594'. [ 693.391566][T16948] netlink: 'syz.2.2600': attribute type 1 has an invalid length. [ 693.470343][T16948] netlink: 'syz.2.2600': attribute type 1 has an invalid length. [ 693.639223][T16961] zram: Cannot change disksize for initialized device [ 694.442636][T16970] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2604'. [ 694.473577][T16970] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2604'. [ 694.514729][T16970] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2604'. [ 694.886075][T16984] macsec0: entered allmulticast mode [ 694.911485][T16984] veth1_macvtap: entered allmulticast mode [ 695.693605][T17004] batman_adv: Routing algorithm '' is not supported [ 697.238584][T17039] __nla_validate_parse: 1 callbacks suppressed [ 697.238599][T17039] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2622'. [ 697.997556][T17048] FAULT_INJECTION: forcing a failure. [ 697.997556][T17048] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 698.061976][T17048] CPU: 1 UID: 0 PID: 17048 Comm: syz.1.2625 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 698.062017][T17048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 698.062033][T17048] Call Trace: [ 698.062042][T17048] [ 698.062052][T17048] dump_stack_lvl+0x16c/0x1f0 [ 698.062094][T17048] should_fail_ex+0x512/0x640 [ 698.062132][T17048] strncpy_from_user+0x3b/0x2e0 [ 698.062166][T17048] getname_flags.part.0+0x8f/0x550 [ 698.062200][T17048] getname_flags+0x93/0xf0 [ 698.062233][T17048] do_sys_openat2+0xb8/0x1d0 [ 698.062261][T17048] ? __pfx_do_sys_openat2+0x10/0x10 [ 698.062303][T17048] __x64_sys_open+0x153/0x1e0 [ 698.062330][T17048] ? __pfx___x64_sys_open+0x10/0x10 [ 698.062365][T17048] ? rcu_is_watching+0x12/0xc0 [ 698.062393][T17048] do_syscall_64+0xcd/0x490 [ 698.062431][T17048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 698.062457][T17048] RIP: 0033:0x7f204298e929 [ 698.062478][T17048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 698.062503][T17048] RSP: 002b:00007f20437df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 698.062527][T17048] RAX: ffffffffffffffda RBX: 00007f2042bb5fa0 RCX: 00007f204298e929 [ 698.062543][T17048] RDX: 0000000000000134 RSI: 0000000000000000 RDI: 0000000000000000 [ 698.062558][T17048] RBP: 00007f2042a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 698.062573][T17048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 698.062588][T17048] R13: 0000000000000000 R14: 00007f2042bb5fa0 R15: 00007fff0ca22288 [ 698.062622][T17048] [ 698.225788][ C1] vkms_vblank_simulate: vblank timer overrun [ 698.573360][T17060] FAULT_INJECTION: forcing a failure. [ 698.573360][T17060] name failslab, interval 1, probability 0, space 0, times 0 [ 698.602118][T17060] CPU: 1 UID: 0 PID: 17060 Comm: syz.0.2629 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 698.602158][T17060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 698.602173][T17060] Call Trace: [ 698.602182][T17060] [ 698.602193][T17060] dump_stack_lvl+0x16c/0x1f0 [ 698.602237][T17060] should_fail_ex+0x512/0x640 [ 698.602271][T17060] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 698.602307][T17060] ? __pfx_mon_text_open+0x10/0x10 [ 698.602342][T17060] should_failslab+0xc2/0x120 [ 698.602368][T17060] __kmalloc_cache_noprof+0x6a/0x3e0 [ 698.602402][T17060] ? mon_text_open+0xd5/0x4f0 [ 698.602439][T17060] ? __pfx_mon_text_open+0x10/0x10 [ 698.602473][T17060] mon_text_open+0xd5/0x4f0 [ 698.602508][T17060] ? __pfx_mon_text_open+0x10/0x10 [ 698.602541][T17060] ? __debugfs_file_get+0x1fe/0x840 [ 698.602566][T17060] ? __pfx___debugfs_file_get+0x10/0x10 [ 698.602592][T17060] ? __pfx_apparmor_file_open+0x10/0x10 [ 698.602620][T17060] ? lockdown_is_locked_down+0x3f/0x130 [ 698.602653][T17060] ? bpf_lsm_locked_down+0x9/0x10 [ 698.602699][T17060] ? __pfx_mon_text_open+0x10/0x10 [ 698.602733][T17060] full_proxy_open_regular+0x1b6/0x360 [ 698.602764][T17060] do_dentry_open+0x744/0x1c10 [ 698.602800][T17060] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 698.602835][T17060] vfs_open+0x82/0x3f0 [ 698.602867][T17060] path_openat+0x1de4/0x2cb0 [ 698.602912][T17060] ? __pfx_path_openat+0x10/0x10 [ 698.602948][T17060] ? __lock_acquire+0xb8a/0x1c90 [ 698.602985][T17060] do_filp_open+0x20b/0x470 [ 698.603020][T17060] ? __pfx_do_filp_open+0x10/0x10 [ 698.603080][T17060] ? alloc_fd+0x471/0x7d0 [ 698.603123][T17060] do_sys_openat2+0x11b/0x1d0 [ 698.603156][T17060] ? __pfx_do_sys_openat2+0x10/0x10 [ 698.603199][T17060] __x64_sys_openat+0x174/0x210 [ 698.603228][T17060] ? __pfx___x64_sys_openat+0x10/0x10 [ 698.603273][T17060] do_syscall_64+0xcd/0x490 [ 698.603313][T17060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 698.603341][T17060] RIP: 0033:0x7f731358e929 [ 698.603362][T17060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 698.603389][T17060] RSP: 002b:00007f7314380038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 698.603414][T17060] RAX: ffffffffffffffda RBX: 00007f73137b5fa0 RCX: 00007f731358e929 [ 698.603431][T17060] RDX: 0000000000000800 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 698.603448][T17060] RBP: 00007f7313610b39 R08: 0000000000000000 R09: 0000000000000000 [ 698.603464][T17060] R10: 000000000000003f R11: 0000000000000246 R12: 0000000000000000 [ 698.603480][T17060] R13: 0000000000000000 R14: 00007f73137b5fa0 R15: 00007ffe0593c1c8 [ 698.603516][T17060] [ 698.867165][ C1] vkms_vblank_simulate: vblank timer overrun [ 699.203118][T17073] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2632'. [ 699.213214][T17073] veth1_macvtap: left allmulticast mode [ 699.220696][T17076] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2633'. [ 699.223154][T17073] veth1_macvtap: left promiscuous mode [ 699.271107][T17073] macsec0: left allmulticast mode [ 699.283194][T17076] veth1_macvtap: left promiscuous mode [ 702.702705][T17139] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2646'. [ 702.742448][T17139] bridge_slave_1: left allmulticast mode [ 702.756812][T17139] bridge_slave_1: left promiscuous mode [ 702.767248][T17139] bridge0: port 2(bridge_slave_1) entered disabled state [ 702.816046][T17139] bridge_slave_0: left allmulticast mode [ 702.850459][T17139] bridge_slave_0: left promiscuous mode [ 702.891815][T17139] bridge0: port 1(bridge_slave_0) entered disabled state [ 705.431355][T17180] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2652'. [ 705.925485][T17189] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2654'. [ 706.014977][T17189] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2654'. [ 706.043258][T17189] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2654'. [ 706.073442][T17189] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2654'. [ 706.083280][T17189] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2654'. [ 707.648237][T17217] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2660'. [ 708.204517][ T30] audit: type=1326 audit(6045767733.266:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17227 comm="syz.1.2663" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f204298e929 code=0x0 [ 708.870237][T17236] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2665'. [ 709.859048][T17263] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2670'. [ 709.875698][T17263] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2670'. [ 710.222388][T17267] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2671'. [ 710.240044][T17267] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2671'. [ 710.250092][T17267] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2671'. [ 710.260162][T17267] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2671'. [ 710.270117][T17267] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2671'. [ 711.834720][ T30] audit: type=1806 audit(6045767736.886:17): xattr="0x00060000" res=-22 [ 712.513740][ T30] audit: type=1800 audit(6045767737.566:18): pid=17298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2679" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 713.152626][T17315] program syz.0.2684 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 713.446740][T17323] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2685'. [ 716.974645][T17368] net_ratelimit: 102 callbacks suppressed [ 716.974668][T17368] openvswitch: netlink: Key type 29 is not supported [ 718.338968][T17400] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2703'. [ 718.646873][T17404] FAULT_INJECTION: forcing a failure. [ 718.646873][T17404] name failslab, interval 1, probability 0, space 0, times 0 [ 718.696205][T17404] CPU: 0 UID: 0 PID: 17404 Comm: syz.3.2704 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 718.696237][T17404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 718.696251][T17404] Call Trace: [ 718.696258][T17404] [ 718.696267][T17404] dump_stack_lvl+0x16c/0x1f0 [ 718.696309][T17404] should_fail_ex+0x512/0x640 [ 718.696345][T17404] should_failslab+0xc2/0x120 [ 718.696369][T17404] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 718.696404][T17404] ? skb_clone+0x190/0x3f0 [ 718.696442][T17404] skb_clone+0x190/0x3f0 [ 718.696476][T17404] netlink_deliver_tap+0xabd/0xd30 [ 718.696507][T17404] netlink_unicast+0x5df/0x7f0 [ 718.696536][T17404] ? __pfx_netlink_unicast+0x10/0x10 [ 718.696571][T17404] netlink_sendmsg+0x8d1/0xdd0 [ 718.696602][T17404] ? __pfx_netlink_sendmsg+0x10/0x10 [ 718.696649][T17404] ____sys_sendmsg+0xa98/0xc70 [ 718.696677][T17404] ? copy_msghdr_from_user+0x10a/0x160 [ 718.696710][T17404] ? __pfx_____sys_sendmsg+0x10/0x10 [ 718.696752][T17404] ___sys_sendmsg+0x134/0x1d0 [ 718.696787][T17404] ? __pfx____sys_sendmsg+0x10/0x10 [ 718.696818][T17404] ? __lock_acquire+0x622/0x1c90 [ 718.696890][T17404] __sys_sendmsg+0x16d/0x220 [ 718.696924][T17404] ? __pfx___sys_sendmsg+0x10/0x10 [ 718.696981][T17404] do_syscall_64+0xcd/0x490 [ 718.697016][T17404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 718.697041][T17404] RIP: 0033:0x7ff51538e929 [ 718.697060][T17404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 718.697082][T17404] RSP: 002b:00007ff516185038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 718.697104][T17404] RAX: ffffffffffffffda RBX: 00007ff5155b5fa0 RCX: 00007ff51538e929 [ 718.697120][T17404] RDX: 0000000000008080 RSI: 0000200000000140 RDI: 0000000000000003 [ 718.697135][T17404] RBP: 00007ff516185090 R08: 0000000000000000 R09: 0000000000000000 [ 718.697148][T17404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 718.697161][T17404] R13: 0000000000000000 R14: 00007ff5155b5fa0 R15: 00007ffc1290cc48 [ 718.697194][T17404] [ 720.317740][T17428] openvswitch: netlink: Key type 29 is not supported [ 720.797930][T17435] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2711'. [ 720.811116][T17435] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2711'. [ 720.820793][T17435] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2711'. [ 720.831168][T17435] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2711'. [ 720.841485][T17435] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2711'. [ 721.556075][T17454] FAULT_INJECTION: forcing a failure. [ 721.556075][T17454] name failslab, interval 1, probability 0, space 0, times 0 [ 721.601544][T17454] CPU: 1 UID: 0 PID: 17454 Comm: syz.3.2717 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 721.601581][T17454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 721.601595][T17454] Call Trace: [ 721.601604][T17454] [ 721.601613][T17454] dump_stack_lvl+0x16c/0x1f0 [ 721.601653][T17454] should_fail_ex+0x512/0x640 [ 721.601684][T17454] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 721.601721][T17454] should_failslab+0xc2/0x120 [ 721.601743][T17454] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 721.601776][T17454] ? __alloc_skb+0x2b2/0x380 [ 721.601814][T17454] __alloc_skb+0x2b2/0x380 [ 721.601845][T17454] ? __pfx___alloc_skb+0x10/0x10 [ 721.601882][T17454] ? __lock_acquire+0xb8a/0x1c90 [ 721.601921][T17454] netlink_alloc_large_skb+0x69/0x130 [ 721.601950][T17454] netlink_sendmsg+0x6a1/0xdd0 [ 721.601981][T17454] ? __pfx_netlink_sendmsg+0x10/0x10 [ 721.602019][T17454] ____sys_sendmsg+0xa98/0xc70 [ 721.602048][T17454] ? copy_msghdr_from_user+0x10a/0x160 [ 721.602081][T17454] ? __pfx_____sys_sendmsg+0x10/0x10 [ 721.602125][T17454] ___sys_sendmsg+0x134/0x1d0 [ 721.602162][T17454] ? __pfx____sys_sendmsg+0x10/0x10 [ 721.602192][T17454] ? __lock_acquire+0x622/0x1c90 [ 721.602263][T17454] __sys_sendmsg+0x16d/0x220 [ 721.602297][T17454] ? __pfx___sys_sendmsg+0x10/0x10 [ 721.602361][T17454] do_syscall_64+0xcd/0x490 [ 721.602398][T17454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.602422][T17454] RIP: 0033:0x7ff51538e929 [ 721.602443][T17454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.602465][T17454] RSP: 002b:00007ff516185038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 721.602487][T17454] RAX: ffffffffffffffda RBX: 00007ff5155b5fa0 RCX: 00007ff51538e929 [ 721.602503][T17454] RDX: 0000000000000004 RSI: 0000200000000000 RDI: 0000000000000003 [ 721.602519][T17454] RBP: 00007ff516185090 R08: 0000000000000000 R09: 0000000000000000 [ 721.602533][T17454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 721.602548][T17454] R13: 0000000000000000 R14: 00007ff5155b5fa0 R15: 00007ffc1290cc48 [ 721.602581][T17454] [ 724.188240][T17499] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2726'. [ 724.279075][T17496] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2726'. [ 725.393218][ T30] audit: type=1326 audit(6045767750.446:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17511 comm="syz.2.2732" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6e9e58e929 code=0x0 [ 725.912407][ T30] audit: type=1326 audit(6045767750.966:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17521 comm="syz.1.2733" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f204298e929 code=0x0 [ 725.934102][ C1] vkms_vblank_simulate: vblank timer overrun [ 727.030252][T17538] program syz.0.2738 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 728.316222][T17559] batman_adv: Routing algorithm '' is not supported [ 729.429599][T17576] FAULT_INJECTION: forcing a failure. [ 729.429599][T17576] name failslab, interval 1, probability 0, space 0, times 0 [ 729.475134][T17576] CPU: 0 UID: 0 PID: 17576 Comm: syz.3.2744 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 729.475172][T17576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 729.475187][T17576] Call Trace: [ 729.475196][T17576] [ 729.475207][T17576] dump_stack_lvl+0x16c/0x1f0 [ 729.475247][T17576] should_fail_ex+0x512/0x640 [ 729.475281][T17576] ? fs_reclaim_acquire+0xae/0x150 [ 729.475311][T17576] ? ima_alloc_init_template+0x19d/0x720 [ 729.475349][T17576] should_failslab+0xc2/0x120 [ 729.475374][T17576] __kmalloc_noprof+0xd2/0x510 [ 729.475408][T17576] ? __print_lock_name+0xb1/0xe0 [ 729.475433][T17576] ima_alloc_init_template+0x19d/0x720 [ 729.475470][T17576] ? take_dentry_name_snapshot+0x319/0x7d0 [ 729.475498][T17576] ima_store_measurement+0x1eb/0x5c0 [ 729.475534][T17576] ? __pfx_ima_store_measurement+0x10/0x10 [ 729.475558][T17576] ? vfs_getxattr_alloc+0xec/0x340 [ 729.475597][T17576] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 729.475636][T17576] process_measurement+0x1ddb/0x23e0 [ 729.475681][T17576] ? __pfx_process_measurement+0x10/0x10 [ 729.475718][T17576] ? alloc_empty_file+0x73/0x1e0 [ 729.475739][T17576] ? hugetlb_file_setup+0x4cd/0x620 [ 729.475762][T17576] ? ksys_mmap_pgoff+0x189/0x5c0 [ 729.475786][T17576] ? __x64_sys_mmap+0x125/0x190 [ 729.475870][T17576] ima_file_mmap+0x1b1/0x1d0 [ 729.475903][T17576] ? __pfx_ima_file_mmap+0x10/0x10 [ 729.475946][T17576] security_mmap_file+0x88c/0x990 [ 729.475979][T17576] vm_mmap_pgoff+0xec/0x450 [ 729.476007][T17576] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 729.476030][T17576] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 729.476057][T17576] ? hugetlbfs_get_inode+0x31f/0x730 [ 729.476090][T17576] ksys_mmap_pgoff+0x1c8/0x5c0 [ 729.476123][T17576] __x64_sys_mmap+0x125/0x190 [ 729.476160][T17576] do_syscall_64+0xcd/0x490 [ 729.476199][T17576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 729.476223][T17576] RIP: 0033:0x7ff51538e929 [ 729.476244][T17576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 729.476267][T17576] RSP: 002b:00007ff516185038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 729.476290][T17576] RAX: ffffffffffffffda RBX: 00007ff5155b5fa0 RCX: 00007ff51538e929 [ 729.476305][T17576] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 729.476319][T17576] RBP: 00007ff515410b39 R08: 0000000000000401 R09: 0000300000000000 [ 729.476335][T17576] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 729.476349][T17576] R13: 0000000000000000 R14: 00007ff5155b5fa0 R15: 00007ffc1290cc48 [ 729.476380][T17576] [ 729.491860][ T30] audit: type=1804 audit(6045767754.536:21): pid=17576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.3.2744" name="anon_hugepage" dev="hugetlbfs" ino=66975 res=0 errno=0 [ 730.036146][T17585] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2746'. [ 732.091202][ T30] audit: type=1800 audit(6045767757.146:22): pid=17624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2758" name="dbroot" dev="configfs" ino=67098 res=0 errno=0 [ 733.194378][T17649] random: crng reseeded on system resumption [ 733.895961][T17657] Unrecognized hibernate image header format! [ 733.902574][T17657] PM: hibernation: Image mismatch: architecture specific data [ 734.006169][T17660] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2769'. [ 734.665911][T17676] batman_adv: Routing algorithm ' ªªªªª' is not supported [ 734.704661][T17676] batman_adv: Routing algorithm ' ªªªªª' is not supported [ 734.752030][T17676] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2772'. [ 734.764935][T17680] openvswitch: netlink: Key type 29 is not supported [ 735.317929][T17703] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2777'. [ 735.593728][T17708] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2779'. [ 735.636765][T17693] FAULT_INJECTION: forcing a failure. [ 735.636765][T17693] name failslab, interval 1, probability 0, space 0, times 0 [ 735.650639][T17693] CPU: 0 UID: 0 PID: 17693 Comm: syz.1.2776 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 735.650675][T17693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 735.650693][T17693] Call Trace: [ 735.650702][T17693] [ 735.650712][T17693] dump_stack_lvl+0x16c/0x1f0 [ 735.650756][T17693] should_fail_ex+0x512/0x640 [ 735.650790][T17693] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 735.650828][T17693] should_failslab+0xc2/0x120 [ 735.650853][T17693] __kmalloc_cache_noprof+0x6a/0x3e0 [ 735.650886][T17693] ? find_held_lock+0x2b/0x80 [ 735.650908][T17693] ? audit_log_d_path+0xe7/0x200 [ 735.650930][T17693] audit_log_d_path+0xe7/0x200 [ 735.650949][T17693] audit_log_d_path_exe+0x46/0x70 [ 735.650968][T17693] audit_log_task+0x31d/0x3f0 [ 735.650990][T17693] ? __pfx_audit_log_task+0x10/0x10 [ 735.651012][T17693] ? arch_do_signal_or_restart+0x211/0x790 [ 735.651032][T17693] audit_seccomp+0x79/0x1f0 [ 735.651050][T17693] __secure_computing+0x2bf/0x320 [ 735.651068][T17693] syscall_trace_enter+0x89/0x260 [ 735.651091][T17693] do_syscall_64+0x347/0x490 [ 735.651114][T17693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.651128][T17693] RIP: 0033:0x7f204298e929 [ 735.651141][T17693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 735.651155][T17693] RSP: 002b:00007f20437de9f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 735.651170][T17693] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f204298e929 [ 735.651186][T17693] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 000000000000000b [ 735.651195][T17693] RBP: 00007f20437df040 R08: 00007f20437e0000 R09: 000000000000000b [ 735.651205][T17693] R10: 0000000000022b8c R11: 0000000000000246 R12: 0000000000000000 [ 735.651214][T17693] R13: 0000000000000000 R14: 00007f2042bb5fa0 R15: 00007fff0ca22288 [ 735.651233][T17693] [ 735.653223][ T30] audit: type=1326 audit(6045767760.696:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17692 comm="syz.1.2776" exe="" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f204298e929 code=0x0 [ 737.618917][T17729] FAULT_INJECTION: forcing a failure. [ 737.618917][T17729] name fail_futex, interval 1, probability 0, space 0, times 0 [ 737.632198][T17729] CPU: 1 UID: 0 PID: 17729 Comm: syz.3.2783 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 737.632233][T17729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 737.632248][T17729] Call Trace: [ 737.632256][T17729] [ 737.632266][T17729] dump_stack_lvl+0x16c/0x1f0 [ 737.632305][T17729] should_fail_ex+0x512/0x640 [ 737.632341][T17729] get_futex_key+0x1d0/0x1540 [ 737.632371][T17729] ? find_held_lock+0x2b/0x80 [ 737.632394][T17729] ? __pfx_get_futex_key+0x10/0x10 [ 737.632423][T17729] ? __mutex_trylock_common+0xe9/0x250 [ 737.632454][T17729] futex_wake+0xea/0x530 [ 737.632488][T17729] ? __pfx_futex_wake+0x10/0x10 [ 737.632517][T17729] ? __lock_acquire+0xb8a/0x1c90 [ 737.632559][T17729] do_futex+0x1e3/0x350 [ 737.632587][T17729] ? __pfx_do_futex+0x10/0x10 [ 737.632613][T17729] ? __might_fault+0xe3/0x190 [ 737.632656][T17729] mm_release+0x24e/0x300 [ 737.632683][T17729] do_exit+0x68b/0x2bd0 [ 737.632720][T17729] ? __pfx_do_exit+0x10/0x10 [ 737.632750][T17729] ? do_raw_spin_lock+0x12c/0x2b0 [ 737.632782][T17729] ? find_held_lock+0x2b/0x80 [ 737.632812][T17729] do_group_exit+0xd3/0x2a0 [ 737.632844][T17729] get_signal+0x2673/0x26d0 [ 737.632875][T17729] ? __pfx_keyctl_pkey_params_get_2+0x10/0x10 [ 737.632916][T17729] ? __pfx_get_signal+0x10/0x10 [ 737.632942][T17729] ? do_futex+0x122/0x350 [ 737.632978][T17729] ? __pfx_do_futex+0x10/0x10 [ 737.633011][T17729] arch_do_signal_or_restart+0x8f/0x790 [ 737.633042][T17729] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 737.633079][T17729] ? xfd_validate_state+0x61/0x180 [ 737.633109][T17729] ? __pfx_ksys_write+0x10/0x10 [ 737.633148][T17729] exit_to_user_mode_loop+0x84/0x110 [ 737.633184][T17729] do_syscall_64+0x3f6/0x490 [ 737.633222][T17729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.633247][T17729] RIP: 0033:0x7ff51538e929 [ 737.633268][T17729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 737.633292][T17729] RSP: 002b:00007ff5161850e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 737.633316][T17729] RAX: fffffffffffffe00 RBX: 00007ff5155b5fa8 RCX: 00007ff51538e929 [ 737.633332][T17729] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff5155b5fa8 [ 737.633347][T17729] RBP: 00007ff5155b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 737.633363][T17729] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff5155b5fac [ 737.633378][T17729] R13: 0000000000000000 R14: 00007ffc1290cb60 R15: 00007ffc1290cc48 [ 737.633411][T17729] [ 737.882819][ C1] vkms_vblank_simulate: vblank timer overrun [ 738.076799][T17733] openvswitch: netlink: Key type 29 is not supported [ 738.328139][ T30] audit: type=1326 audit(6045767763.376:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17730 comm="syz.1.2784" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f204298e929 code=0x0 [ 741.197642][T17783] FAULT_INJECTION: forcing a failure. [ 741.197642][T17783] name failslab, interval 1, probability 0, space 0, times 0 [ 741.210716][T17783] CPU: 0 UID: 0 PID: 17783 Comm: syz.1.2798 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 741.210749][T17783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 741.210764][T17783] Call Trace: [ 741.210773][T17783] [ 741.210783][T17783] dump_stack_lvl+0x16c/0x1f0 [ 741.210822][T17783] should_fail_ex+0x512/0x640 [ 741.210855][T17783] ? fs_reclaim_acquire+0xae/0x150 [ 741.210884][T17783] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 741.210915][T17783] should_failslab+0xc2/0x120 [ 741.210939][T17783] __kmalloc_noprof+0xd2/0x510 [ 741.210995][T17783] tomoyo_realpath_from_path+0xc2/0x6e0 [ 741.211030][T17783] ? tomoyo_profile+0x47/0x60 [ 741.211069][T17783] tomoyo_path_number_perm+0x245/0x580 [ 741.211095][T17783] ? tomoyo_path_number_perm+0x237/0x580 [ 741.211125][T17783] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 741.211154][T17783] ? find_held_lock+0x2b/0x80 [ 741.211210][T17783] ? find_held_lock+0x2b/0x80 [ 741.211232][T17783] ? hook_file_ioctl_common+0x145/0x410 [ 741.211265][T17783] ? __fget_files+0x20e/0x3c0 [ 741.211301][T17783] security_file_ioctl+0x9b/0x240 [ 741.211336][T17783] __x64_sys_ioctl+0xb7/0x210 [ 741.211367][T17783] do_syscall_64+0xcd/0x490 [ 741.211404][T17783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 741.211428][T17783] RIP: 0033:0x7f204298e929 [ 741.211449][T17783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 741.211471][T17783] RSP: 002b:00007f20437df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 741.211495][T17783] RAX: ffffffffffffffda RBX: 00007f2042bb5fa0 RCX: 00007f204298e929 [ 741.211510][T17783] RDX: 0000000000000005 RSI: 000000000000ae41 RDI: 0000000000000003 [ 741.211525][T17783] RBP: 00007f20437df090 R08: 0000000000000000 R09: 0000000000000000 [ 741.211538][T17783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 741.211551][T17783] R13: 0000000000000000 R14: 00007f2042bb5fa0 R15: 00007fff0ca22288 [ 741.211578][T17783] [ 741.211596][T17783] ERROR: Out of memory at tomoyo_realpath_from_path. [ 742.689718][T17816] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2809'. [ 742.719383][T17816] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2809'. [ 742.987036][T17827] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2811'. [ 743.032822][T17824] hub 8-0:1.0: USB hub found [ 743.051920][T17824] hub 8-0:1.0: 1 port detected [ 743.352558][T17837] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2813'. [ 743.835396][T17841] random: crng reseeded on system resumption [ 743.986311][T17847] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 744.550805][T17859] FAULT_INJECTION: forcing a failure. [ 744.550805][T17859] name failslab, interval 1, probability 0, space 0, times 0 [ 744.573841][T17859] CPU: 1 UID: 0 PID: 17859 Comm: syz.1.2820 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 744.573877][T17859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 744.573895][T17859] Call Trace: [ 744.573904][T17859] [ 744.573913][T17859] dump_stack_lvl+0x16c/0x1f0 [ 744.573953][T17859] should_fail_ex+0x512/0x640 [ 744.573985][T17859] ? __kmalloc_noprof+0xbf/0x510 [ 744.574041][T17859] ? alloc_pipe_info+0x1ec/0x590 [ 744.574074][T17859] should_failslab+0xc2/0x120 [ 744.574098][T17859] __kmalloc_noprof+0xd2/0x510 [ 744.574139][T17859] alloc_pipe_info+0x1ec/0x590 [ 744.574184][T17859] splice_direct_to_actor+0x77d/0xa30 [ 744.574217][T17859] ? __pfx_direct_splice_actor+0x10/0x10 [ 744.574251][T17859] ? __pfx_aa_file_perm+0x10/0x10 [ 744.574283][T17859] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 744.574312][T17859] ? get_pid_task+0xfc/0x250 [ 744.574352][T17859] do_splice_direct+0x174/0x240 [ 744.574383][T17859] ? __pfx_do_splice_direct+0x10/0x10 [ 744.574415][T17859] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 744.574450][T17859] ? rw_verify_area+0xcf/0x680 [ 744.574484][T17859] do_sendfile+0xb06/0xe50 [ 744.574521][T17859] ? __pfx_do_sendfile+0x10/0x10 [ 744.574552][T17859] ? __fget_files+0x20e/0x3c0 [ 744.574593][T17859] __x64_sys_sendfile64+0x1d8/0x220 [ 744.574615][T17859] ? ksys_write+0x1ac/0x250 [ 744.574646][T17859] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 744.574681][T17859] do_syscall_64+0xcd/0x490 [ 744.574719][T17859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 744.574744][T17859] RIP: 0033:0x7f204298e929 [ 744.574764][T17859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 744.574787][T17859] RSP: 002b:00007f20437df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 744.574811][T17859] RAX: ffffffffffffffda RBX: 00007f2042bb5fa0 RCX: 00007f204298e929 [ 744.574828][T17859] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 744.574843][T17859] RBP: 00007f20437df090 R08: 0000000000000000 R09: 0000000000000000 [ 744.574859][T17859] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 744.574874][T17859] R13: 0000000000000000 R14: 00007f2042bb5fa0 R15: 00007fff0ca22288 [ 744.574908][T17859] [ 745.732560][T17874] openvswitch: netlink: Key type 29 is not supported [ 746.609102][T17878] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2827'. [ 747.199091][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.205487][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.265267][T17901] FAULT_INJECTION: forcing a failure. [ 747.265267][T17901] name fail_futex, interval 1, probability 0, space 0, times 0 [ 747.283434][T17901] CPU: 1 UID: 0 PID: 17901 Comm: syz.0.2826 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 747.283467][T17901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 747.283483][T17901] Call Trace: [ 747.283491][T17901] [ 747.283502][T17901] dump_stack_lvl+0x16c/0x1f0 [ 747.283545][T17901] should_fail_ex+0x512/0x640 [ 747.283584][T17901] get_futex_key+0x1d0/0x1540 [ 747.283618][T17901] ? __pfx_get_futex_key+0x10/0x10 [ 747.283659][T17901] futex_wake+0xea/0x530 [ 747.283693][T17901] ? rcu_is_watching+0x12/0xc0 [ 747.283719][T17901] ? __pfx_futex_wake+0x10/0x10 [ 747.283767][T17901] ? kmem_cache_free+0x2d1/0x4d0 [ 747.283801][T17901] ? fd_install+0x225/0x750 [ 747.283831][T17901] ? putname+0x154/0x1a0 [ 747.283861][T17901] do_futex+0x1e3/0x350 [ 747.283895][T17901] ? __pfx_do_futex+0x10/0x10 [ 747.283932][T17901] __x64_sys_futex+0x1e0/0x4c0 [ 747.283964][T17901] ? __x64_sys_openat+0x174/0x210 [ 747.283992][T17901] ? __pfx___x64_sys_futex+0x10/0x10 [ 747.284042][T17901] do_syscall_64+0xcd/0x490 [ 747.284083][T17901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.284108][T17901] RIP: 0033:0x7f731358e929 [ 747.284130][T17901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 747.284155][T17901] RSP: 002b:00007f73143800e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 747.284180][T17901] RAX: ffffffffffffffda RBX: 00007f73137b5fa8 RCX: 00007f731358e929 [ 747.284198][T17901] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f73137b5fac [ 747.284215][T17901] RBP: 00007f73137b5fa0 R08: 00007f7314381000 R09: 0000000000000000 [ 747.284233][T17901] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f73137b5fac [ 747.284249][T17901] R13: 0000000000000000 R14: 00007ffe0593c0e0 R15: 00007ffe0593c1c8 [ 747.284283][T17901] [ 747.518445][T17908] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2836'. [ 747.869010][T17913] Process accounting resumed [ 748.628029][T17930] binder: 17928:17930 ioctl c018620b 0 returned -14 [ 748.830865][T17929] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2841'. [ 749.104412][T17944] openvswitch: netlink: Key type 29 is not supported [ 749.204572][T17946] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2847'. [ 749.216183][T17946] netlink: 274 bytes leftover after parsing attributes in process `syz.2.2847'. [ 749.276114][ T5152] Bluetooth: hci2: command 0x0406 tx timeout [ 749.307060][T17947] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 749.482933][T17953] kernel tried to execute NX-protected page - exploit attempt? (uid: 0) [ 749.491279][T17953] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 749.499059][T17953] #PF: supervisor instruction fetch in kernel mode [ 749.505536][T17953] #PF: error_code(0x0011) - permissions violation [ 749.511927][T17953] PGD 8000000068b68067 P4D 8000000068b68067 PUD 69bc1067 PMD 7615f067 PTE 4a961867 [ 749.521210][T17953] Oops: Oops: 0011 [#1] SMP KASAN PTI [ 749.526601][T17953] CPU: 0 UID: 0 PID: 17953 Comm: syz.0.2848 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 749.538651][T17953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 749.548704][T17953] RIP: 0010:0x0 [ 749.552181][T17953] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 749.559527][T17953] RSP: 0018:ffffc9000bb079c8 EFLAGS: 00010293 [ 749.565579][T17953] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81f2661e [ 749.573541][T17953] RDX: ffff8880274a5a00 RSI: ffffea0002e169c0 RDI: ffff8880345cba40 [ 749.581501][T17953] RBP: ffffea0002e169c0 R08: 0000000000000007 R09: 0000000000000000 [ 749.589461][T17953] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff92001760f3a [ 749.597423][T17953] R13: ffff8880345cba40 R14: 0000000000000000 R15: dffffc0000000000 [ 749.605379][T17953] FS: 00007f73143806c0(0000) GS:ffff888124760000(0000) knlGS:0000000000000000 [ 749.614297][T17953] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 749.620866][T17953] CR2: ffffffffffffffd6 CR3: 00000000738fc000 CR4: 00000000003526f0 [ 749.628825][T17953] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 749.636780][T17953] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 749.644739][T17953] Call Trace: [ 749.648011][T17953] [ 749.650938][T17953] filemap_read_folio+0xc5/0x2a0 [ 749.655912][T17953] ? __pfx_filemap_read_folio+0x10/0x10 [ 749.661470][T17953] ? __filemap_get_folio+0x32b/0xc30 [ 749.666756][T17953] ? down_read+0x13d/0x480 [ 749.671173][T17953] do_read_cache_folio+0x263/0x5c0 [ 749.676286][T17953] freader_get_folio+0x337/0x930 [ 749.681232][T17953] freader_fetch+0xc2/0x5e0 [ 749.685741][T17953] ? mt_find+0x3ef/0xa30 [ 749.689981][T17953] __build_id_parse.isra.0+0xec/0x7a0 [ 749.695360][T17953] ? __pfx___build_id_parse.isra.0+0x10/0x10 [ 749.701349][T17953] ? __pfx_find_vma+0x10/0x10 [ 749.706031][T17953] do_procmap_query+0xd96/0x1090 [ 749.710974][T17953] ? __pfx_do_procmap_query+0x10/0x10 [ 749.716368][T17953] ? __fget_files+0x20e/0x3c0 [ 749.721054][T17953] procfs_procmap_ioctl+0x7d/0xb0 [ 749.726081][T17953] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 749.731804][T17953] __x64_sys_ioctl+0x18b/0x210 [ 749.736570][T17953] do_syscall_64+0xcd/0x490 [ 749.741085][T17953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.746977][T17953] RIP: 0033:0x7f731358e929 [ 749.751392][T17953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 749.771003][T17953] RSP: 002b:00007f7314380038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 749.779416][T17953] RAX: ffffffffffffffda RBX: 00007f73137b5fa0 RCX: 00007f731358e929 [ 749.787385][T17953] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000004 [ 749.795351][T17953] RBP: 00007f7313610b39 R08: 0000000000000000 R09: 0000000000000000 [ 749.803316][T17953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 749.811284][T17953] R13: 0000000000000000 R14: 00007f73137b5fa0 R15: 00007ffe0593c1c8 [ 749.819259][T17953] [ 749.822273][T17953] Modules linked in: [ 749.826162][T17953] CR2: 0000000000000000 [ 749.830305][T17953] ---[ end trace 0000000000000000 ]--- [ 749.835751][T17953] RIP: 0010:0x0 [ 749.839216][T17953] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 749.846576][T17953] RSP: 0018:ffffc9000bb079c8 EFLAGS: 00010293 [ 749.852640][T17953] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81f2661e [ 749.860610][T17953] RDX: ffff8880274a5a00 RSI: ffffea0002e169c0 RDI: ffff8880345cba40 [ 749.868583][T17953] RBP: ffffea0002e169c0 R08: 0000000000000007 R09: 0000000000000000 [ 749.876554][T17953] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff92001760f3a [ 749.884521][T17953] R13: ffff8880345cba40 R14: 0000000000000000 R15: dffffc0000000000 [ 749.892491][T17953] FS: 00007f73143806c0(0000) GS:ffff888124760000(0000) knlGS:0000000000000000 [ 749.901420][T17953] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 749.908005][T17953] CR2: ffffffffffffffd6 CR3: 00000000738fc000 CR4: 00000000003526f0 [ 749.915978][T17953] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 749.923948][T17953] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 749.931917][T17953] Kernel panic - not syncing: Fatal exception [ 749.938197][T17953] Kernel Offset: disabled [ 749.942513][T17953] Rebooting in 86400 seconds..