last executing test programs: 1m14.474957072s ago: executing program 0 (id=214): socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xffffeffe, 0x2) r0 = socket(0x10, 0x3, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES16=0x0, @ANYBLOB="20002cbd7000fbdbdf250200000008000300800040000800030009"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) 1m14.17806374s ago: executing program 0 (id=217): r0 = socket(0x25, 0x1, 0x5) recvfrom$auto(r0, 0x0, 0x0, 0x40, 0x0, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x3, 0x300) ustat$auto(0x801, 0x0) recvmmsg$auto(0x3, 0x0, 0xb94, 0x20, 0x0) mknod$auto(&(0x7f0000000180)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x81, 0x8) lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x125441, 0x0) ioctl$auto(r2, 0x6, r1) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000000), 0xffffffffffffffff) mmap$auto(0x0, 0x5, 0x4000000000e2, 0xeb1, 0x401, 0x8000) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) ioctl$auto(r3, 0xc0045401, r3) close_range$auto(0x2, r2, 0x0) r4 = socket(0x15, 0x4, 0xa) close_range$auto(0x2, 0x8, 0x80000000) r5 = open(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x401c5820, 0x0) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8000, 0x0) setresuid$auto(0x0, 0x7, 0x8080) read$auto_nsim_dev_trap_fa_cookie_fops_dev(r6, &(0x7f0000000000)=""/156, 0x9c) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) syz_clone3(&(0x7f00000002c0)={0x104004000, 0x0, 0x0, 0x0, {0x43}, 0x0, 0x40, 0x0, 0x0, 0x0, {r5}}, 0x58) r7 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x6, 0x20007, 0x5, 0xebf, r7, 0x0) 1m13.076083171s ago: executing program 0 (id=223): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x1d, 0xa, 0x4) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0) ioctl$auto_USB_RAW_IOCTL_EP_ENABLE(r1, 0x40095505, &(0x7f00000000c0)={0x3c, 0x0, 0x7, 0x7, 0x9, 0x8, 0x1}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="7201", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) mmap$auto(0x2, 0x2020009, 0xffffffffffffffff, 0xebf, r0, 0x2000000000007fff) r2 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x2840, 0x0) read$auto_proc_mountinfo_operations_mnt_namespace(r2, &(0x7f0000001100)=""/4096, 0x1000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) r3 = openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev$auto(r3, &(0x7f0000000100)={0x0, 0x10}, 0x1) madvise$auto(0x0, 0x20499d, 0x9) r4 = openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000140), 0x100, 0x0) ioctl$auto_RNDGETENTCNT(r4, 0x80045200, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x24040cd1) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/binderfs/binder0\x00', 0x100, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x5, 0x800, 0x4) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x200000, 0x0) io_uring_register$auto(0x2, 0x0, 0x0, 0x5) shmctl$auto_SHM_STAT_ANY(0x7ff, 0xf, 0x0) ioctl$auto_SG_SET_DEBUG(0xffffffffffffffff, 0x227e, 0x0) unshare$auto(0x40000080) madvise$auto(0x0, 0x200004, 0x15) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m11.235596318s ago: executing program 0 (id=234): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000001200)='/dev/ttyS3\x00', 0xa080, 0x0) 1m10.791516211s ago: executing program 0 (id=235): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/192, 0xc0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) mmap$auto(0x0, 0x400008, 0x40, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x801, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) epoll_create$auto(0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r0, 0xc0b45545, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_MPATH(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000480)={0x29c, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x6}, @NL80211_ATTR_S1G_CAPABILITY_MASK={0xad, 0x129, "981a7ccaed0e5c2ff95f095d119f259c580588ae45f12baa54af57f6721277e3bd98ff0b1c6cae3640c5dab46e1d86b21573363cab3cfc6c25f00ef5f8ab5c4db4ea2ccfcc8807765fb8e43b750bd15cf1acb51e9e3de21389124400e0ea93e8c1f572f2e6d409326c9b4e1db70e1430eaa158f985b10c924da21ddfedaa56935529f465cc1913e14312319188eb283fb6f0abcbdbdd15dddc6e96d070d4dc505696b4a72fc540b9e3"}, @NL80211_ATTR_SAR_SPEC={0x1d0, 0x12c, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS={0x68, 0x2, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x1000}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xffff}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x800}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x3}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xffffffff}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x5}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x3}]}]}, @NL80211_SAR_ATTR_SPECS={0x58, 0x2, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x2}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x3}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x4}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x4}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x3}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xfce}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xa44}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}]}]}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x5}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x7}, @NL80211_SAR_ATTR_SPECS={0x64, 0x2, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x4}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x4}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x97}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x20}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x3}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x400}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x5}]}]}, @NL80211_SAR_ATTR_SPECS={0x98, 0x2, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x2}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xfb0}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x1ff}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x3177}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x2}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xe}]}, {0x4c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x3}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xc22}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6e6c}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x2}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x8}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x39}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xf662}]}]}]}]}, 0x29c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40001) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', 0x0}) bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x6, 0x4, 0x7, 0x67, 0x400, 0x0, 0x0, 0x80f0c8, 0x20, "2fc1d5cbcb9f6b5e511f0dd8d6068f65", r3, 0x113e33f2, 0xffffffffffffffff, 0xe4, 0x6, 0x5, 0x3ad, 0x3, 0x0, 0x3, @attach_prog_fd, 0x4, 0xffff, 0x8, 0x81, 0xfffffffe}, 0x4a) mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0) 1m9.583070253s ago: executing program 0 (id=243): unshare$auto(0x40000080) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffffff, &(0x7f0000000340)=""/179, 0xb3) socket(0xa, 0x2, 0x88) socket(0x11, 0x3, 0x9) openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0) select$auto(0x1d8cd6be, &(0x7f0000000040)={[0xa4, 0x0, 0xe7b, 0x5, 0x6, 0x6, 0xfffffffeffffffff, 0x36, 0x0, 0x7, 0x4, 0x2aff, 0x4000000000000, 0x4, 0x1, 0x6]}, 0x0, 0x0, &(0x7f0000000240)={0x4, 0x7}) mbind$auto(0x300000000000000, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/platform/dummy_hcd.7/usb8/8-0:1.0/bInterfaceNumber\x00', 0xa000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4088, 0xff8) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/stat/rt_cache\x00', 0x20000, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x4, 0x4}, {0x0, 0x83}}, 0x0) 1m8.788144438s ago: executing program 32 (id=243): unshare$auto(0x40000080) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffffff, &(0x7f0000000340)=""/179, 0xb3) socket(0xa, 0x2, 0x88) socket(0x11, 0x3, 0x9) openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0) select$auto(0x1d8cd6be, &(0x7f0000000040)={[0xa4, 0x0, 0xe7b, 0x5, 0x6, 0x6, 0xfffffffeffffffff, 0x36, 0x0, 0x7, 0x4, 0x2aff, 0x4000000000000, 0x4, 0x1, 0x6]}, 0x0, 0x0, &(0x7f0000000240)={0x4, 0x7}) mbind$auto(0x300000000000000, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/platform/dummy_hcd.7/usb8/8-0:1.0/bInterfaceNumber\x00', 0xa000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4088, 0xff8) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/stat/rt_cache\x00', 0x20000, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x4, 0x4}, {0x0, 0x83}}, 0x0) 7.160979954s ago: executing program 1 (id=452): socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xffffeffe, 0x2) r0 = socket(0x10, 0x3, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$[\x00\x00', @ANYRES16=0x0, @ANYBLOB="20002cbd7000fbdbdf250200000008000300800040000800030009"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) 6.826507647s ago: executing program 1 (id=454): r0 = openat$auto_ima_htable_violations_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000004040), 0x80840, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) preadv2$auto(r0, &(0x7f0000004100)={0x0, 0x865}, 0x3, 0x6, 0x92, 0x1) (async) close_range$auto(0x2, 0x8, 0x0) openat$auto_vrr_range_fops_(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/dri/vkms/Virtual-1/vrr_range\x00', 0x100, 0x0) socket(0xa, 0x801, 0x84) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) (async) io_uring_setup$auto(0x6, 0x0) (async) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb0\x00', 0x0, 0x0) (async) r1 = socket(0xa, 0x801, 0x84) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x10000a, 0x1, 0x948a, 0xc00000000000000, 0x15f4da07, 0x80000003, 0x2, 0x62, 0x8000001f, 0x2007, 0x6d42, 0x9, 0x2, 0x6]}, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000015c0), r4) sendmsg$auto_NL80211_CMD_GET_STATION(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000002440)={0x28, r5, 0x4bcedae9142a5f4d, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_MLO_LINKS={0x13, 0x138, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_ATTR_MAC={0xb, 0x6, "519c7b1e0c977a"}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40004001}, 0x800) (async) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/hugepages-512kB/enabled\x00', 0x129302, 0x0) write$auto(r6, &(0x7f0000000180)='\\\x00\xd7\x86\xa5*\xe5\x16\x17\x1f\b\x81\xb8Pk2\x97/f\xc1\xe3\x80\x1dc\b&\xdcW{\x18(\xae\xfd\xe4 (\xa1\x1e#\xee$\xcf\xe0*\x0fZ\xb3h5\xdc)y<\xe4\xe6\xf1\x1c\x82|\xe0\xd8Q\xa1_\x8e\xb4\xad)\xc7\xce\xafpz\xef`w\xee\x87\xfeZ\xd0\xb2\x16g9\xf6\xb4\xd9\xc0\x85\xb24V\x98\xafj9\xb9\xea*\x9b\x9c\xac\xa6*\xc9\x83\x8d\x13\xb4\xb1\x93$\xa3\xbf\xd7*7)\xba\xf4R4Xj+`\x1a\xbf\x91\xb7\xb5\xe0\xf1\x88\x0e\xcdp\x8b\x8d\xd3\xcdE\xab\xd8,\xf4dU\xc2\x940\x8a\xd0\xff;\x9cL\xb5\xef\xda\xdc9\x98V\xb2\xae:\xcf\x856\xf2\x15\x10%7:\xbd\xf7\xb2Jw`\b!\xf47\x01XX\xc5\xaca\x16\x17\xfdH@\xd6w\x04\xaa/\x1b\a\xf0\xdb\x7f\xd2\xdd\xbb\x19\xea,~\x9bB\x85\xea\xd0;\x15gj\x1d[k \x7fw^4\x81\xf6\x00', 0x800f) (async) r7 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f00000000c0), r1) sendmsg$auto_OVS_FLOW_CMD_NEW(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000080)=ANY=[@ANYBLOB="00ef0000", @ANYRES16=r7, @ANYBLOB="01002cbd7000fcdbdf2501000000040008000800"], 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4008844) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) madvise$auto(0x0, 0x20499d, 0x9) (async) r8 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r8, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) (async) fcntl$auto_F_OFD_SETLKW(r8, 0x26, 0x2) 6.666792355s ago: executing program 3 (id=455): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/key-users\x00', 0x18b800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0x23, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r1, 0x10e, 0x1, 0x0, 0xe) pread64$auto(r0, 0x0, 0x8100000041, 0x1) r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r2, 0x901064b2, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x771, 0x1, 0x201, 0x1, 0x5, 0x3, 0x3ffde, 0x400, 0x3, 0x9, 0x6, 0x80005, 0x4, 0x11ffffffffffb, 0xb2, 0x2, 0x9, 0x10, 0x80, 0x80000002a0, 0x0, 0x1, 0x1, 0x202, 0x9, 0xbca7, 0x4, 0x0, 0x0, 0x0, 0x0, [0x0, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x65f9, 0x7fffffff, 0x0, 0x0, 0x9, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0x5, 0xfffffffffffffffd, 0xfffe, 0x0, 0x9, 0x4, 0xe17, 0xfffffffffffffffe, 0x2]}, 0x1fe, 0x2000000c) read$auto_fops_u8_(0xffffffffffffffff, 0x0, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1258, 0x1, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x5, 0x80003, 0x4, 0x1ffffffffffd, 0xb4, 0x3, 0x7, 0x10007, 0x80, 0x2a0, 0x0, 0xa, 0x22000, 0x200, 0x4, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0xd) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0xf, &(0x7f0000000380)="1b0d9200002aa6779045affa9931dd87d13cbe45776f37a68d387a9e55e114e3a06c97d769df3a69fbf7d75ef12cb251a918c4eef1cfa4de977f09e1ff8ba8bf1bfa21adaa61f1cc00"/87) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) read$auto(0xffffffffffffffff, &(0x7f0000000000)='/dev/mapper/control\x00', 0x1) ioctl$auto__ctl_fops_dm_ioctl(r3, 0xfffffffffffffd02, &(0x7f00000001c0)) socket(0x6, 0x80000, 0x800) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x800, &(0x7f0000000500)={[0x7, 0x80000001, 0x8, 0x7, 0x2, 0x4, 0x152, 0x8, 0x6, 0x5, 0x3, 0x5, 0x9ad, 0x7, 0x8, 0x6]}, &(0x7f0000000580)={[0x3, 0x3ff, 0x101, 0x5, 0x8, 0x40, 0x80000000, 0x6e6, 0x9, 0x3ff, 0x1ff, 0x0, 0x4, 0x7, 0x3, 0x5]}, &(0x7f0000000600)={[0x6, 0x0, 0x0, 0x4, 0x282, 0xb1, 0x8, 0x8, 0xfffffffffffffff9, 0x100000000, 0xfffffffffffffffc, 0x3, 0x3, 0x9f5, 0x0, 0x8]}, &(0x7f0000000340)={0x10000, 0x4}) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 5.784966053s ago: executing program 1 (id=459): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000000c0), r0) r1 = socket(0x10, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x1b54}, 0x1, 0x0, 0x0, 0x4000004}, 0x5) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) recvmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x8, 0x0, 0x1, 0x0, 0x1000002, 0x8}, 0x800}, 0x4000005, 0x8, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) sendmsg$auto_IPVS_CMD_NEW_DAEMON(r0, 0x0, 0x40000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket(0x2, 0x1, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/workqueue/nf_ft_offload_stats/affinity_scope\x00', 0x2, 0x0) read$auto(0x3, 0x0, 0x20f34) write$auto(0x3, 0x0, 0xfffffdef) 5.496719851s ago: executing program 4 (id=461): openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0) sendfile$auto(r0, r0, 0x0, 0x200) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'veth1_to_team\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r1, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x104200}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, r2, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_BLA_VID={0x6, 0x20, 0x7f}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_MESH_ADDRESS={0xa, 0x5, @local}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x36}, @BATADV_ATTR_LOG_LEVEL={0x8, 0x36, 0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10f, 0x7f, 0x0, 0x14) r5 = getpgid(0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptybf\x00', 0x28b40, 0x0) ioctl$auto_TIOCVHANGUP2(r6, 0x5437, 0x0) read$auto(0x3, 0x0, 0x7fffffff) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x1, @old_prog_fd=0x13b}, 0x8742) syz_clone3(&(0x7f0000000640)={0x20000, 0x0, &(0x7f0000000480)=0x0, &(0x7f00000004c0), {0x28}, &(0x7f0000000500)=""/107, 0x6b, &(0x7f0000000840)=""/250, &(0x7f0000000580)=[r5, 0xffffffffffffffff, r5], 0x3, {r8}}, 0x58) msgctl$auto_IPC_SET(0x0, 0x1, &(0x7f0000000100)={{0x8, 0x0, 0xffffffffffffffff, 0x9, 0x4, 0x4, 0x3}, &(0x7f0000000080)=0xda, &(0x7f00000000c0), 0x80000000, 0xffffffffffffffff, 0x4, 0x1, 0x41a8e154, 0x5, 0xa1c9, 0x9f, @inferred=r9, @raw=0xffff815a}) getpgid(r9) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) r10 = syz_genetlink_get_family_id$auto_net_dm(&(0x7f0000000240), r4) sendmsg$auto_NET_DM_CMD_START(r7, &(0x7f00000005c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x42c40250}, 0xc, &(0x7f0000000440)={&(0x7f0000000280)={0x14, r10, 0xccbe1fa41a52243e, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20058081}, 0x20000005) 5.365716564s ago: executing program 3 (id=463): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x141000, 0x0) poll$auto(&(0x7f0000000180)={r0, 0xa0b, 0x9816}, 0x7f, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) ioctl$auto(0x3, 0x4008af02, r1) capset$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setresuid$auto(0x0, 0x7, 0x8080) setfsuid$auto(0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto_VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) 4.880033326s ago: executing program 3 (id=464): sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x20008000) r0 = socket(0xa, 0x1, 0x100) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, &(0x7f00000001c0)='/dev/virtual_nci\x00', &(0x7f0000000240)=0x7) syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000080), 0xffffffffffffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) capget$auto(&(0x7f0000000000)={0x19980330}, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff004) mmap$auto(0x0, 0x810004, 0xffc, 0x13, r0, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), r1) sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="fcff0000", @ANYRES16=r4, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="080001004866520008000200", @ANYRES32=0x9, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) r5 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002abd7000"], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000500)={'wg1\x00', 0x0}) socket(0xa, 0x23af690fef30229, 0x9) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) statmount$auto(0x0, &(0x7f00000005c0)={0x9ca1, 0x1, 0x452, 0x807, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000001, 0x384, 0x9, 0x8, 0x10006, 0x400007f, 0x7, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x1, 0x0, 0x0, [0x0, 0x0, 0x7d5d, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xed69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80]}, 0x1fa, 0xd) r9 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2802, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r9, 0x2, &(0x7f0000000380)="dc0400d7054bed139fb7f9fb1dca8fe1d81c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed70ac2154c20171b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f735af5229f4c3168226346e3087026d3d2c8aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d25131f44185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacbd96910496cad7010b9b526135e84") sendmsg$auto_OVS_DP_CMD_GET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="050029bd7000fcdbdf250300000008000900", @ANYRES32=r8, @ANYBLOB="2347d8a6219c1b57e3fb92"], 0x1c}, 0x1, 0x0, 0x0, 0x4000c000}, 0x4000024) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MON_SET(r10, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000000)={0x20, r11, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @pid}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000010}, 0xc050) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0x100082) 4.769010649s ago: executing program 1 (id=466): openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="3ae90f7c", @ANYRES16=0x0, @ANYBLOB="01002bbd"], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x4001090) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) madvise$auto(0xfff, 0x7, 0xab8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r1 = socket(0x1e, 0x1, 0x0) setsockopt$auto(r1, 0x6, 0x5, 0xfffffffffffffffc, 0x5) socket(0x1a, 0xa, 0xfe) mmap$auto(0x1, 0x3, 0x3, 0x55, r0, 0x8001) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/system/node/has_memory\x00', 0x22100, 0x0) read$auto_check_wx_fops_(r2, &(0x7f0000000300)=""/244, 0xf4) mlockall$auto(0x5) r3 = io_uring_setup$auto(0x400, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="01002dbd7400fcdb6937ca840000"], 0x14}, 0x1, 0x68, 0x0, 0x4004080}, 0x0) 4.319892097s ago: executing program 4 (id=467): mmap$auto(0x20000, 0x8, 0x4000000000df, 0x1a, 0xffffffffffffffff, 0xfffffffffffffffc) close_range$auto(0x2, 0x8, 0x0) socket(0x22, 0x6, 0x4) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x41, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram8\x00', 0x81, 0x0) socket(0x2c, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, &(0x7f0000000080)) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x2, 0x1) r1 = socketpair$auto(0x4001, 0x1, 0x4, 0x0) close_range$auto(r0, r1, 0x0) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x1, 0x0, 0x8004) socket(0xa, 0x801, 0x84) r3 = open(&(0x7f00000001c0)='./file0\x00', 0x13b040, 0x154) execveat$auto(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r4 = socket(0x10, 0x2, 0x14) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYRESOCT=r0, @ANYRESHEX=r4, @ANYBLOB="01002dbd7000bddbdf250800030008000300", @ANYRESOCT=r4, @ANYBLOB="90c2565b1511b888b5f4a9e9977ec8f6dbe09080301f54f41773b0489d9e0954b131766b4174131f46a93b7bb3f6ddff5780ff120f226d67bde0c4a2a9137a732b6f09359ae64dce778cdde052c6092c56b15c87fbe6c06845a7834342d575d9a43a5fc9777cd78a9ff8591f90d0ae5b6066e8d0fb3e37249d567802b0b85d6f1a1a4dc1e9927453b9460953ec1225cdbab9ffd94b4ec54c26bc0404b5678a2b4ee0e0042c77b0494ce882427f99e00af23456e0a932d5a85960821d6469342d5b1c84bb2e5db505ab59b0052da111ae1e6677b5bea91c44b27638b60c0d099a0371ab3e226c3f666e860d36a798ddb8c72d64c2c1788708ab63f5e2d5e7f968a4cc25b705fec0241813dacac58cf8a51cdb36087aa505829123f52d4c1185e8f3f1d23aff676cdba45b2a9cb632cefff307f36a46bc4ec379dd0f9990fab6e369b8b9a322c267d4eb116ed46f2f78d19b4284f8306cf1f4f9d61470ff7d522e031ab79e64d886648e24072d54d9405fb47c48641510e0630d7f2a9fb6bf0d9389cbbfac994f9d67cacbca9d2d492258de8b6e2ca8744f52d60ce988f7c511d2bcb2c87388fa847ce211082a5034ba88c320f00269bbb700eb3f1afde49ac8ef1e078eefa6414584cb4d13a918a43fb664168dd1cc642c6b0e0afbffca725073ea71ccd0c065e4c33004596f9fb959d2826730db3c5f434c089b910d87d372c99650d281dbc4de8e1e32d1114cccc6f0b5387ffc556c9c65ec324474876f7f39c332545034d82ff0355076ab5ced6676880077eb83f966cdc74d0686ed3dc80ef33794e2134ee32852d2530ddc37b9ea7e7bde7e17d80290298647ba6ebc700894f19e9a0ae8f5a7e8a2c0aceec7742d0f949be7bdb9cc9dd73e6da4cb5e2df1902be88ad92830260d49fbde9593bf651488decfcf07b65a488e6e74b0a7bc4dc8e7c10812f643c7dfb3ed3c4e01f168831939c35a4863ca2366544bffc60d5ec322e9687f404557f9455fabcd93f6295606d8892dde66e3da444fc462761359d1b2d8776341b8e5b1185ee811ef3f0b2ce94a181f85b10a7f35080fd72ae5a8b3626b5c53eda990348bde11a668dd64feec317bb4b16c37eea150367b80f9220d39f4ad5a0b7147be9c387116981e9e9f3be712f9511ce2666e0782b8658869e8333f9a58c35fd554d483ad1fcaf5903b58f9565b9a568f8c47b529f5d69f5eb6a433e37cd8fc1aa404510c4767628de4cafa183f106b86caded00dbd73b0671ee1ce9a4e2a9471f902db23d79a5e21f884952e4628ecaa041ce28cd84c77291dcd2c009136dba16bb663dda3297958904ce0f17504ea3c9ef423ecbaa130f5833ab79e9ce0adf2ef2b93a9244025c2db0b87ff7960a453d723e4156bdb267ff516b371d9cb4630afa4e27c0d84cef1e53fdf80ecb3948ef29aa155ad23c2fcbef55dd313a402941b875f594391b2a9c8a365d4180aee94cf4f88c2ac6f57fb6c8ddcd7bcf9353785024b68daba375e389b0ac11186768052ba9c02e4670b08106c0ba877dd144ce6c0dda73c12380ad1190f7cf99c106770e6e20b8191938be10dd9d41a3a2875c25d5801f5bcc7559735a18850193de94de878d87cc7a025c0381b2ef16e00a1d740892cfa23ea386896cc5294b5f85cbe0088c860a0a851588d66a97d2a513e7c582abfc39236f5a4fc4b44d993c60528b371d19a14310d4a2ee6eada6aabd3df5ea012b42ece3f891e227457687e84315dcf5f075231b6edc3956128aa87b19dd2017aa92a403a08d3e5827990258ebf1d189324cad197d9a648f2762f7a7341dfd7ef579f8b4515f7b9b81c776e26fb70d35f1f50f075ccb20ce5155d62e7d92ffa5555a299ae0144170ab522dd107bd4c7addeed14081110126d02c96c2799b0a2adf2247338f25a852a2e29e89382efcfb5d122baeb6c3d756269a22c45f34ef788735ef6927712888d86867117161293d482eeded48e8be3fc94c160fc8686598f709a664061a84a157f0d50660fdec34291828dd26ca8302516f38a4c3142aea7925630e3a952e3c243d4b9dd8531811f9563f0ed9ad7dfc81cd6ae6a0979c0b938fca115d8444625fb45f075b1b06c5e856496ed2057b9719fecda78860c81a7f965742a3a83f2dc8a14548cce7f5fdac621535e0834d476b85531914522fbbcbc9d2262e3b998bdf6616c186865cc919187940f80cd965598c9695e518f1af89f4512cb8153b28645bab1390abe4565317c218ec4b5b6f0d5fb538cb45d51d431addffa48f091fe2096575fc23a0650d1b420312d502d99cf30be041be149134683cb838fd2118d6d5837fc947b10a4f7ca5a621f54ea4587bbbef61a617b6e8fb94d176f984cf4830b42b2b622883ef67ca376ad6c50c2f2945a3727ed850054c98c5eeb7c242ac1265bfa33134d2f3926e111f18327fdfc6c497c3bde3376dc5cb887223b6030e15abffc5282513d80d922614ef3723894fbe7c7b63adc6682709dff83edaa4e26974898780fd5e247a2b7cdb7a12c6f06dc52d1e4f83e226cfd17f85a5378ae0a7e5a5a45b7f496d0edaa6c90caa47227a1344c77097780bf5fc61d2da341edbe174d9bbc20ef224ad1fb008f16b5db30cd6c4f0c0c38ef9071b72962a9372f80fb8a12a9cdf1759f0344b8a191e2072e9b0a993e9a2a5df05dfa3629e7084a103e56ba74ee41696437f997359bb727ebcf3f112b8fd1664690795ca6365ea06864cb3acbe10f5a5ba3c25e2782064fbeef32db6359d07b626ab595d133977fecda27dc27f7a256220eb4f89b61de8dcded6b4f482b9bc08e2fb859247a10ad846e83608ecfb2b565ba3147130638f5f142564582ac12c2d8e61a830a9908f246e562f6a57a7d6ee8104309a7b412c041b1e47adb26b767387786601f9b637044c0bad8026618d4865deab1cf3a1c9584b9e964d306702d92720383b0d7f09fb81817e5fce367fde5564de675e714e1d9988fd4a83dc8e988bffb368482f340ef84593ace6be7ff10e3cfbf5e3720ef84b28cd035a58aad12c1652872394ed9689ab472fe0b2bbbe4846c7a03bf3ca1137a9ca7498fe6e0ae77037aebe821fce29d094ad070f502e2671f3d115d26339bbbf080981cb640073b9e0a4fb88127e5154ff51569aaa12f839be2e5ffcc66b0aadf43be700ae9daed9144caadef4ce605ea00ca59cf938be891d7ad0ebf986942659dc2093d416fb2d1a0e05ffabb0033f50d670beb083e7b5dc8f05b5bfb86a01d89e42b7ad137746e2e85cbded3e69dab178d2956f08d198978e4469860dc8e3cf5b736dcf4313fe50ded306afdef43b53ce72543f107b5d45277230f849b9fdfcd20d949ea6e8255d1d31f353b78223107e37d1f0f8b3f8cb3d7b0f2fa1c42553e330d8e54fc27db2913d6e52a6edf0cd2872a3b5b9abd2df6f216ac767a9de72b7c768beb1baba29a1d45acfab8601558c839b131b2aa779291a1c351ca4eec1557085f8573999182e6488ca72e26ce9a4e899155444cf33f9c32c0afc3f0af8e8f40c79aff29bac4caed49dca406655432ffd96e20d385c7df82d5db1c2516158f9cbf15240445380e0bae27fc357c307fd16399e53210f922e7afb8ab330f586737864e72f3102efb87da47d6ae7d448086819cdfec6d0a906459acc152ecf44229e9e41f4672aef2f4f31dce60eecbc569ec42af6286f81325255b3f458938e8f9e71bd82138deeb7f16556afd9685479d4732fab18cfd85e6e077ec5c9c0c2e9be4578712a0ac4e3b2136bbd61b58a44be215b1e7d8ab642f6b69e45744e0d8f757cecd9e40decde3b6648e9282e30ee474714268921781322686934735be96912239f1aee0fb1584e1b3d62489bb803e086f694359efb90638115abbf6043fd936a416aa746578ea0b294a7763ad99bbfbab1e6ca4be83068f5c5741aeaee319e088e5244e70b0017fb7782570e686849ea17d43415695343f4ae3edb6154c35116bd4843c5fb2a30e94cefa2824c211d9b6d10ed6f62dc7ee8af2b5f13cb58b6f5c8a713138b87fb03fb1ac52b74d11bd75cdb11d20bcb18d5d5f33feb0d503ab5bf4800267580ee0258f3553f043d402269635ea2839467b9cf687877ab0c26f7fa669e011c864bac61498742a35848b7271118a84f2e79bfdc4f8ccd28f813f135497f5c6dcce2c5aad99932b051be85e83a1f0b802dd6751046e5fa3bd58cee2f398396637b76d9fa8c44f193bb5a0ae797e61b8ac077efef62b62bcc90f930597446d6cc69f31a6f1678d7d2e7b34d16144a0677c246186c631a2df2425a71657c106c2042f0147bd6c9a77e8944b92325db7df1173534906653ac8efe50a123b0ec6289f22dc6d70b288049ede8b56b7c8c3d8917253d2847d88b86489abd8df8cd2a0e476a493915709243b8efa902f0f3810ba8e5acc65c7c1e2530d26e17912e92b2b6bd98992dc637d81399c918d057a254e07c78b589e8eba28c922751aa763e5b0148e524b74cb0801325f4e6c1474707622117c19018cb6531f69abb8e4bf7c79e6046a5db2c3913c7bc3ef75db9008eb012a6ca036d27c25ed37c180bc7fdc381832d24f9bf4a740048ac8937f95bf4c172e5afc45d07eb4200d28c1192ab0f3ce3d39d412840707ab2445ec6ff0d19b320915fe3547667586490170a2236d4a3389ef184915b1c39896e97fe9d888f42bb6948ff22b30080ace3c401359cc64f327296d8f21bb06f755735694fe802fd733362867b6c8ded482a1002c2d3cc39d9b9e49e72b21746035ca44844b55a773d3fbd44006ec3d1c17e0b47e80e8123a46d3f1d6ae4766f2afa425bb697e606ab5bc7748f1b0b393a47115ca652cc95c9c968681c350cb017ff483f19e91ad9f9e80073db08194718ee9c09d4d2cf02662c2286bb9dac81094365cd6047b2e0644649d5b629994e7d7b8707842e817cb27b9a2f32715502713cdf66ae5b922b3b42959d715a56ab083313173915e2306de43f2706f060340937e394b9e1d978fcb0131a1e4138947be79dce135cc9fc78cb6af92614d815ee5cca3615b254ab2848e5e78ecd20a927a8a81b94f103f62ca5e58df0c66e6a9b948baa2cc06d3e3f11e55d04beacb99fdecb8c300c41f617d249eb6e5e54312a6e4e6a093aa61252362d0ecc74f471b778c8b4b464f85a8bb90686fb8ee8188ae493d6b5d915c66834c392c9e9d2d7104eab2ebe408a03dd8266f004d908f3ee95c39d9a3f79e1c2f21130e3a28d977da5f8056928208513230d81161ec0f8e01bef9f8ae08bb4bf2c78aea4d0de7eff20e49460230e70790d64001d9e4d2317965beea9e91f0de57805830ae4fde729d2d755a5095cdb105009e25e017d7c9ffef46a6e407803483f7457e27c3256cec4c62f8c817049bf929b4f532208f4c3634556cea21cec9342ded820f863ab91f6689233d933d7d84d42a52202dd7955a0e0a16789b276dbcc6a4295dc087f4d17a61e552c0d4101cc630dad75395efdeea5ca8949bf628777c5ae61c5a6c8c131687090ededdeb143bace59d8ae8dd04f67564d33a7a3b3c4a8293a0c0f950c5ef5d9738c2848490f1db5ae8a59583e45b7fb16b14e0d474018e25c82b6512e0ea88671567943aba78083f30ae880f411ee3cbab39f6db4c0770dffe9e09266eb63c79e1c042011fe49e3932b4ff969317cab2c4639b9cc4081f32b28c7777a28f30241667ee8d74dd011b8079505e66201e13ebfd356c320d3d4ea6748866b3bf8c93d2d42ee2f7ab63fe59efd3baa249226674f6"], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097f751b33e}, 0x80) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vivid.0/video4linux/radio20/power/runtime_suspended_time\x00', 0x44100, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab/kmalloc-64/reclaim_account\x00', 0x22200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f00000000c0)=""/17, 0x11) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) 4.251312358s ago: executing program 2 (id=468): bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@ax25={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x2}, 0x8) mmap$auto(0x0, 0xd3, 0xffffffffffffffff, 0x40eb2, 0x401, 0x300000000000) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0x6, 0x2}, 0x8000, 0x0, 0x6) seccomp$auto_SECCOMP_SET_MODE_FILTER(0x1, 0x8, &(0x7f0000000080)="c20c6d955eba76314e") socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001500), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r0, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f00000015c0)=ANY=[@ANYBLOB="11000040", @ANYRES16=r1, @ANYBLOB="010026bd7000fddbdf250a000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x810) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, 0x0, 0x7, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f0000000080)={[0x9, 0x7, 0xd, 0xfffffffffffffffd, 0x948b, 0x8, 0x15f4da0a, 0x3, 0xffffffff80000001, 0x62, 0x40000080000001, 0x7, 0xfffffffffffffff9, 0x8000000009, 0x2, 0x40]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r5, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000003240)={0x28, r6, 0x1, 0x50bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x8, 0x7, 0x0, 0x1, [@generic="fdffffff"]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x200000000006}]}, 0x28}, 0x1, 0x100000000000000, 0x0, 0x4}, 0x8c0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x100000000000037, 0x0) fsopen$auto(0x0, 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x80502, 0x0) 4.009017297s ago: executing program 3 (id=469): close_range$auto(0xffffffffffffffff, 0xa, 0x9) unshare$auto(0x40000080) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0x105240, 0x0) r0 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r0, 0x0, 0x8fb5) sysfs$auto(0x1000006, 0x1, 0x0) ioctl$auto(0x3, 0x541b, 0x10000000000402) open(0x0, 0x2002, 0x1) socket(0xa, 0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = open(0x0, 0x123241, 0x155) socket(0x2, 0x3, 0x6) setsockopt$auto(0x3, 0x0, 0x31, 0x0, 0x28) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) unshare$auto(0x40000080) r2 = fcntl$auto(0x0, 0x407, 0x100000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0) unshare$auto(0x40000080) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1ac}}, 0x0) r3 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x4611, 0x0) fadvise64$auto(r2, 0x802, 0xe00000000000, 0x7ff) utimensat$auto(r1, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x4, 0x3}, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mlock$auto(0xfbe8, 0x1000000000000004) waitid$auto_P_PID(0x1, 0x0, &(0x7f00000000c0)={@_si_pad}, 0x101, 0x0) 4.00879586s ago: executing program 4 (id=470): r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/binder/parameters/stop_on_user_error\x00', 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) lsm_list_modules$auto(0x0, 0x0, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyac\x00', 0x0, 0x0) ioctl$auto(r1, 0x4b32, r2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffffff, 0x0, 0x0) pwrite64$auto(0xffffffffffffffff, &(0x7f0000000240)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x89\x06s\x1cJ\x99\x00:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@\xdd*\xd1\x14^\xbe\xa2\x00\x00\x00', 0x11, 0x6) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x5400, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/usb/drivers/usbtouchscreen/new_id\x00', 0xbce02, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0xa, 0x1, 0x0) getsockopt$auto(r3, 0x6, 0xa, &(0x7f0000000080)='$\xfe\x88\xc8\x91\x8bo\xc6#\x93\x91^\x01<\xc81\xc0\x80\xd6\xdb>f\x8c\xf7\xb6\xca\xcdi\xa6\x91R\x7f\x00B\x93H9\x19\xb4x\xb1\xb7\xd3\xe4\x00'/60, &(0x7f0000000040)=0xaa) socket(0x80000000000000a, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x6, 0x7) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) fcntl$auto_F_GET_SEALS(r0, 0x40a, 0x1) 2.403941249s ago: executing program 2 (id=471): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/key-users\x00', 0x18b800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0x23, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r1, 0x10e, 0x1, 0x0, 0xe) pread64$auto(r0, 0x0, 0x8100000041, 0x1) r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r2, 0x901064b2, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x771, 0x1, 0x201, 0x1, 0x5, 0x3, 0x3ffde, 0x400, 0x3, 0x9, 0x6, 0x80005, 0x4, 0x11ffffffffffb, 0xb2, 0x2, 0x9, 0x10, 0x80, 0x80000002a0, 0x0, 0x1, 0x1, 0x202, 0x9, 0xbca7, 0x4, 0x0, 0x0, 0x0, 0x0, [0x0, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x65f9, 0x7fffffff, 0x0, 0x0, 0x9, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0x5, 0xfffffffffffffffd, 0xfffe, 0x0, 0x9, 0x4, 0xe17, 0xfffffffffffffffe, 0x2]}, 0x1fe, 0x2000000c) read$auto_fops_u8_(0xffffffffffffffff, 0x0, 0x0) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r3, 0xf, &(0x7f0000000380)="1b0d9200002aa6779045affa9931dd87d13cbe45776f37a68d387a9e55e114e3a06c97d769df3a69fbf7d75ef12cb251a918c4eef1cfa4de977f09e1ff8ba8bf1bfa21adaa61f1cc00"/87) r4 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) read$auto(r3, &(0x7f0000000000)='/dev/mapper/control\x00', 0x1) ioctl$auto__ctl_fops_dm_ioctl(r4, 0xfffffffffffffd02, &(0x7f00000001c0)) socket(0x6, 0x80000, 0x800) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x800, &(0x7f0000000500)={[0x7, 0x80000001, 0x8, 0x7, 0x2, 0x4, 0x152, 0x8, 0x6, 0x5, 0x3, 0x5, 0x9ad, 0x7, 0x8, 0x6]}, &(0x7f0000000580)={[0x3, 0x3ff, 0x101, 0x5, 0x8, 0x40, 0x80000000, 0x6e6, 0x9, 0x3ff, 0x1ff, 0x0, 0x4, 0x7, 0x3, 0x5]}, &(0x7f0000000600)={[0x6, 0x0, 0x0, 0x4, 0x282, 0xb1, 0x8, 0x8, 0xfffffffffffffff9, 0x100000000, 0xfffffffffffffffc, 0x3, 0x3, 0x9f5, 0x0, 0x8]}, &(0x7f0000000340)={0x10000, 0x4}) write$auto(r5, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 947.231363ms ago: executing program 2 (id=472): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x20000, 0x0) r1 = clone3$auto(&(0x7f00000002c0)={0x6, 0x2, 0x8, 0x4, 0xd14, 0x8, 0x8027, 0x7, 0x6, 0x9f90, 0x4}, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000340)={{@raw=0x6, 0xfffff376, 0x7, 0xfffff520, "24254fa23e4619126a2885a083d045026abf54c1e685ecf12a67cccde0136896384eb78fb91698aa22b4053e", @inferred=r1}, 0x0, @integer=@value=[0x7, 0x7fffffffffffffff, 0x0, 0x0, 0x7fe000000, 0xa0, 0xe, 0x1, 0x8, 0x3, 0x1, 0xbe9f, 0x7, 0x395, 0x9, 0x800, 0x6, 0x50, 0x1, 0x6, 0x1, 0xfffffffffffff001, 0x8, 0x7, 0x1, 0xfffffffffffffff1, 0x6, 0x6, 0x1, 0xcb, 0x81, 0xc8c2, 0x101, 0x8, 0x5, 0x655, 0x80000001, 0x7, 0x3, 0x4, 0x6, 0x4c2, 0x80000001, 0x7, 0x5, 0x5, 0x10001, 0x80000000, 0x2, 0x8000000000000000, 0x480e9ca3, 0x3, 0x8000000000000001, 0x1ff, 0x5c77, 0x0, 0x52566248, 0x8001, 0x8, 0x7fffffff, 0x9, 0x7ff, 0x7, 0x3ff, 0x2, 0x7, 0x1, 0x9, 0x5, 0x2, 0xf2f0, 0x8, 0xef, 0xc87, 0x81, 0x6, 0xffffffffffffffff, 0x3235, 0x0, 0x1, 0x10000, 0x2, 0x8000000000000001, 0x5, 0x2, 0x0, 0x9, 0x10000, 0x9, 0x6, 0x8f, 0x52c59afe, 0x3, 0x5, 0x7ff, 0x3, 0x3, 0xd4c, 0x10, 0x4, 0xff, 0xaff, 0x7fffffffffffffff, 0x0, 0x3, 0x200, 0x7, 0xfffffffffffffffd, 0x5, 0xffffffffffffffff, 0x7ff, 0x282, 0xb, 0x3, 0x6, 0xb8, 0x6, 0x6, 0x0, 0x7, 0x4, 0xffff, 0x8001, 0x7, 0xa33, 0x10001, 0x7, 0x6], "ba3a8779c0e2a0d4d9b9b8feff9df3e0ea4c51bb9da2f1afc1af63571b98049a888ac6734639350d6edd8b2960d5703832193025ba0653c24fcd7e7260f8c81677ef856c90144b310ac842ba707535dddb4211cab5c244915bed09fb928ce64d2a8c6ef3628fb22ef9cf3c1b312ab6fa6d205ea86c0912a5a208787a87499025"}) 862.068166ms ago: executing program 3 (id=473): socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xffffeffe, 0x2) r0 = socket(0x10, 0x3, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$[\x00\x00', @ANYRES16=0x0, @ANYBLOB="20002cbd7000fbdbdf250200000008000300800040000800030009"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) 852.104795ms ago: executing program 1 (id=474): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x11, 0x0, 0x100000000000009, 0x0, 0x1f, 0x101}, 0x4}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) setsockopt$auto(0x3, 0x1, 0x7, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, 0x0, 0x20008810) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/scsi/device_info\x00', 0x8002, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000240)="22edd92f26639ec07e6e5d09f20c7c160a4dc5023a92446435820bd54b8004043262db0a8686bd579dcf16f50e9bfa20abfa3a", 0x33) r2 = socket(0x10, 0x2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) ioctl$auto_SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000001c0)={0x7, r1, 0x6, "b0da52f72bf53b1b4dad0988af438583"}) read$auto_evdev_fops_evdev(r3, &(0x7f0000000280)=""/11, 0xb) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRESDEC=r2, @ANYRES16=r2, @ANYRESOCT=r2, @ANYRESDEC=r2, @ANYRES32=r2, @ANYRES16=r1, @ANYRESHEX=r1, @ANYRESHEX=r0], 0x1ac}}, 0x48044) r4 = socket(0x10, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) r6 = syz_genetlink_get_family_id$auto_hsr(&(0x7f00000011c0), r5) move_mount$auto(0xffffffffffffffff, &(0x7f0000002cc0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000002d00)='./file0\x00', 0x40) close_range$auto(r4, r5, 0x10000000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB=')\t'], 0x28}, 0x1, 0x0, 0x0, 0x240008c5}, 0xc0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x132, 0x0, 0xfffffffffffffffd) sendmmsg$auto(r4, &(0x7f0000000080)={{0x0, 0x8001, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x2, 0x0) 699.769238ms ago: executing program 3 (id=475): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/lru_gen\x00', 0x49c080, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r1, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) write$auto(0x3, 0x0, 0xfdef) write$auto_console_fops_tty_io(r0, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9", 0x268) 568.352196ms ago: executing program 2 (id=476): close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='./cgroup/cgroup.freeze\x00', 0xb02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) eventfd$auto(0x3) socketpair$auto(0x9, 0x2, 0xb, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(0x3, 0x540b, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/block/ram6/queue/atomic_write_unit_max_bytes\x00', 0x20000, 0x0) socket(0x2, 0x1, 0x84) setresuid$auto(0xd, 0x0, 0x0) socket(0x1a, 0x80003, 0x0) socket(0x2, 0x3, 0x100) openat$auto_nst_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x8, 0x6, 0x0) getsockopt$auto(r1, 0x84, 0xf, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop3/queue/zone_append_max_bytes\x00', 0x102, 0x0) sendfile$auto(r2, r2, 0x0, 0x1000000000001) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x28082, 0x0) sendfile$auto(0x6, 0xffffffffffffffff, 0x0, 0xfdef) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendto$auto(0xffffffffffffffff, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) 457.764119ms ago: executing program 4 (id=477): mmap$auto(0x0, 0x2020009, 0x3, 0xa71, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x11, 0x80003, 0x300) openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_marker_raw\x00', 0x401, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) write$auto(0x3, 0x0, 0x7) 305.020869ms ago: executing program 2 (id=478): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x80802, 0x0) statx$auto(0xffffffffffffffff, 0x0, 0x2, 0x4, &(0x7f0000000300)={0x7, 0x1, 0xfffffffffffffff9, 0x7, 0xffffffffffffffff, 0xffffffffffffffff, 0x3, 0x0, 0x401, 0x1, 0x1, 0x200, {0x80000001, 0x8}, {0x5, 0x8}, {0xffffffffffffffff, 0x1ff}, {0xffffffffffffff60, 0x9}, 0x2, 0x6, 0x80000000, 0x17e9, 0x709c, 0x101, 0x5, 0x938, 0x8, 0x5, 0xb6a, 0xde55, [0x6, 0x6, 0x80000001, 0x5, 0xffffffff, 0x1c9fb31b, 0xfffffffffffffffc, 0x800, 0x3]}) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1f000000", @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) 144.932578ms ago: executing program 4 (id=479): r0 = socketcall$auto_SYS_SOCKETPAIR(0x8, &(0x7f0000000000)=0x8) (async) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x180, r1, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_FILS_DISCOVERY={0x150, 0x126, 0x0, 0x1, [@NL80211_FILS_DISCOVERY_ATTR_INT_MAX={0x8, 0x2, 0x8}, @NL80211_FILS_DISCOVERY_ATTR_TMPL={0x66, 0x3, "91fe14a1222c298c4dc375f2346c21a04ad59314407a37d35b99bfc43c20a8e271ae7a6cc1c2b08cccc8c3b1dfea56c6276cf7a1991dceee5829bcce14628c6524faa523e1f4e76579f53540c599c330945df2a2d49f950de70acc189a667db0c7a7"}, @NL80211_FILS_DISCOVERY_ATTR_INT_MIN={0x8, 0x1, 0x4863}, @NL80211_FILS_DISCOVERY_ATTR_INT_MAX={0x8, 0x2, 0xfdbd}, @NL80211_FILS_DISCOVERY_ATTR_INT_MAX={0x8, 0x2, 0x9}, @NL80211_FILS_DISCOVERY_ATTR_TMPL={0xb4, 0x3, "ab55684f79563c7aeda0bd56f3271381d36163f06e80653afd9c0eaf2cdc4386088ee5906e1857059e328962c6f92853b2300ca8923f9ee5c8cebfa47ddde1357c7c938d8a9482b72849285f9d2318f1d6d21c4d75dfb0bab2793793cbd12acf6a6c914cfdbb7eba85b29cab323a4b3b8b91d7b45aa54c020a79134a36f0186fb671e3187e57ca4410ebc19d63dcdeacf8ce86cfb6c5c9b787783e0836a633d94848c1d3b0e3d849de951cd6054191ed"}, @NL80211_FILS_DISCOVERY_ATTR_INT_MIN={0x8, 0x1, 0x7}, @NL80211_FILS_DISCOVERY_ATTR_INT_MIN={0x8, 0x1, 0x200}]}, @NL80211_ATTR_PUNCT_BITMAP={0x8, 0x142, 0x800}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x81}, @NL80211_ATTR_FILS_ERP_RRK={0xb, 0xfc, "c70788bd809813"}]}, 0x180}, 0x1, 0x0, 0x0, 0x4044850}, 0x20000800) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/workqueue/raid5wq/power/control\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/blkio.throttle.write_iops_device\x00', 0x121002, 0x0) (async) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) 144.664336ms ago: executing program 1 (id=480): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/key-users\x00', 0x18b800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0x23, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r1, 0x10e, 0x1, 0x0, 0xe) pread64$auto(r0, 0x0, 0x8100000041, 0x1) r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r2, 0x901064b2, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x771, 0x1, 0x201, 0x1, 0x5, 0x3, 0x3ffde, 0x400, 0x3, 0x9, 0x6, 0x80005, 0x4, 0x11ffffffffffb, 0xb2, 0x2, 0x9, 0x10, 0x80, 0x80000002a0, 0x0, 0x1, 0x1, 0x202, 0x9, 0xbca7, 0x4, 0x0, 0x0, 0x0, 0x0, [0x0, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x65f9, 0x7fffffff, 0x0, 0x0, 0x9, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0x5, 0xfffffffffffffffd, 0xfffe, 0x0, 0x9, 0x4, 0xe17, 0xfffffffffffffffe, 0x2]}, 0x1fe, 0x2000000c) read$auto_fops_u8_(0xffffffffffffffff, 0x0, 0x0) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r3, 0xf, &(0x7f0000000380)="1b0d9200002aa6779045affa9931dd87d13cbe45776f37a68d387a9e55e114e3a06c97d769df3a69fbf7d75ef12cb251a918c4eef1cfa4de977f09e1ff8ba8bf1bfa21adaa61f1cc00"/87) r4 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) read$auto(r3, &(0x7f0000000000)='/dev/mapper/control\x00', 0x1) ioctl$auto__ctl_fops_dm_ioctl(r4, 0xfffffffffffffd02, &(0x7f00000001c0)) socket(0x6, 0x80000, 0x800) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x800, &(0x7f0000000500)={[0x7, 0x80000001, 0x8, 0x7, 0x2, 0x4, 0x152, 0x8, 0x6, 0x5, 0x3, 0x5, 0x9ad, 0x7, 0x8, 0x6]}, &(0x7f0000000580)={[0x3, 0x3ff, 0x101, 0x5, 0x8, 0x40, 0x80000000, 0x6e6, 0x9, 0x3ff, 0x1ff, 0x0, 0x4, 0x7, 0x3, 0x5]}, &(0x7f0000000600)={[0x6, 0x0, 0x0, 0x4, 0x282, 0xb1, 0x8, 0x8, 0xfffffffffffffff9, 0x100000000, 0xfffffffffffffffc, 0x3, 0x3, 0x9f5, 0x0, 0x8]}, &(0x7f0000000340)={0x10000, 0x4}) write$auto(r5, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 64.621309ms ago: executing program 2 (id=481): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ttyS2\x00', 0x3d9bc1, 0x0) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x1094}, 0x1, 0x0, 0x0, 0x80}, 0x40001) r1 = openat$auto_deferred_devs_fops_(0xffffffffffffff9c, &(0x7f0000000200), 0x2002, 0x0) splice$auto(r1, &(0x7f0000000300)=0x6e7, r0, &(0x7f0000000380)=0x7, 0xffffffffffff3552, 0x6) open(&(0x7f00000003c0)='./file0\x00', 0x100, 0xd) writev$auto(r0, &(0x7f0000000080)={&(0x7f0000000500), 0x200}, 0x9) socket(0x2, 0x1, 0x106) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0xaa501, 0x0) write$auto(r2, &(0x7f0000000040)=':[{!\xed@\x00', 0xa) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x34000}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x3f3) io_uring_setup$auto(0x59, 0x0) recvfrom$auto(0x3, 0x0, 0x8000000012, 0x100, 0x0, 0xfffffffffffffffd) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) acct$auto(&(0x7f0000000040)='/dev/ttyS1\x00') getsockopt$auto_SO_PASSPIDFD(r0, 0x5, 0x4c, &(0x7f0000000140)='{\x00', &(0x7f00000001c0)=0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="1b0026bd7000fddbdf250300ff0300000000000000000000400000000000000000000112020100898771f1c19f1779048590928602000004000280"], 0x48}, 0x1, 0x0, 0x0, 0x44000884}, 0xc800) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 4 (id=482): mmap$auto(0x0, 0x2020009, 0x4000000000000003, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, 0x0, 0x781002, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/uniq\x00', 0x100640, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000c80)=""/74, 0x4a) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) mount$auto(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='@\x00', 0x3, 0x0) futex_wake$auto(&(0x7f0000000080)="1e3f7385d9ef21a8dd78baaf578fe4d75ce887538abb99a1840a24e84ca09423ce56098ea0844b7d676edd8fc1a9b4e6926d586ab953b145fc3dd489356e453fcf66c31aa10b865fb8238fbafab3", 0x3ff, 0x6, 0x6) ioctl$auto_FIFREEZE(r0, 0xc0045878, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.149' (ED25519) to the list of known hosts. [ 100.717212][ T5820] cgroup: Unknown subsys name 'net' [ 100.897197][ T5820] cgroup: Unknown subsys name 'cpuset' [ 100.908156][ T5820] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 102.284506][ T55] cfg80211: failed to load regulatory.db [ 102.846962][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 105.234820][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 105.243524][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 105.254427][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 105.262301][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 105.271358][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 105.281376][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 105.289976][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 105.311146][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 105.319304][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 105.328603][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 105.337311][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 105.355218][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 105.400426][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 105.400484][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 105.410108][ T5847] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 105.424562][ T5847] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 105.432692][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 105.440306][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 105.451811][ T5152] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 105.459861][ T5152] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 106.018516][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 106.188713][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 106.216715][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 106.317398][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.326194][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.333908][ T5834] bridge_slave_0: entered allmulticast mode [ 106.342764][ T5834] bridge_slave_0: entered promiscuous mode [ 106.395316][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.403951][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.411852][ T5834] bridge_slave_1: entered allmulticast mode [ 106.419324][ T5834] bridge_slave_1: entered promiscuous mode [ 106.506491][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 106.536872][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.549722][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.574687][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.581960][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.589218][ T5840] bridge_slave_0: entered allmulticast mode [ 106.596674][ T5840] bridge_slave_0: entered promiscuous mode [ 106.659321][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.666783][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.674136][ T5832] bridge_slave_0: entered allmulticast mode [ 106.682224][ T5832] bridge_slave_0: entered promiscuous mode [ 106.690283][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.697624][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.705407][ T5840] bridge_slave_1: entered allmulticast mode [ 106.713232][ T5840] bridge_slave_1: entered promiscuous mode [ 106.737322][ T5834] team0: Port device team_slave_0 added [ 106.759120][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.766414][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.774244][ T5832] bridge_slave_1: entered allmulticast mode [ 106.781665][ T5832] bridge_slave_1: entered promiscuous mode [ 106.805523][ T5834] team0: Port device team_slave_1 added [ 106.875345][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.922456][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.940351][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.951717][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.960035][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.986355][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.034435][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.044618][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.051608][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.078696][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.159712][ T5840] team0: Port device team_slave_0 added [ 107.166733][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.177228][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.184574][ T5833] bridge_slave_0: entered allmulticast mode [ 107.192391][ T5833] bridge_slave_0: entered promiscuous mode [ 107.202950][ T5832] team0: Port device team_slave_0 added [ 107.213311][ T5832] team0: Port device team_slave_1 added [ 107.221315][ T5840] team0: Port device team_slave_1 added [ 107.228079][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.236040][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.243673][ T5833] bridge_slave_1: entered allmulticast mode [ 107.250993][ T5833] bridge_slave_1: entered promiscuous mode [ 107.382111][ T5834] hsr_slave_0: entered promiscuous mode [ 107.388597][ T5834] hsr_slave_1: entered promiscuous mode [ 107.399500][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.413962][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.425070][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.432356][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.458481][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.470730][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.478132][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.505231][ T5849] Bluetooth: hci1: command tx timeout [ 107.505237][ T5836] Bluetooth: hci2: command tx timeout [ 107.505547][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.516343][ T5849] Bluetooth: hci0: command tx timeout [ 107.558413][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.565680][ T5849] Bluetooth: hci3: command tx timeout [ 107.571499][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.598228][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.610078][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.617101][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.643308][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.694683][ T5833] team0: Port device team_slave_0 added [ 107.705854][ T5833] team0: Port device team_slave_1 added [ 107.819047][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.826328][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.853944][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.870929][ T5840] hsr_slave_0: entered promiscuous mode [ 107.878377][ T5840] hsr_slave_1: entered promiscuous mode [ 107.885312][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.893165][ T5840] Cannot create hsr debugfs directory [ 107.920773][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.928218][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.954912][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.024581][ T5832] hsr_slave_0: entered promiscuous mode [ 108.031001][ T5832] hsr_slave_1: entered promiscuous mode [ 108.037409][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 108.045891][ T5832] Cannot create hsr debugfs directory [ 108.183807][ T5833] hsr_slave_0: entered promiscuous mode [ 108.190254][ T5833] hsr_slave_1: entered promiscuous mode [ 108.196675][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 108.205747][ T5833] Cannot create hsr debugfs directory [ 108.482261][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 108.516275][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 108.535053][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 108.565154][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 108.669851][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 108.691863][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 108.706988][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 108.718325][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 108.807686][ T5832] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 108.833216][ T5832] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 108.848371][ T5832] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 108.860537][ T5832] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 108.979784][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 109.001016][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 109.015193][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 109.026970][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 109.149588][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.185763][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.249367][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.286617][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.301981][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.309276][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.325385][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.344079][ T146] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.351268][ T146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.388975][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.396186][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.419911][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.427121][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.450478][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.496875][ T146] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.504127][ T146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.527630][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.534828][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.562334][ T5849] Bluetooth: hci2: command tx timeout [ 109.563372][ T5836] Bluetooth: hci0: command tx timeout [ 109.568394][ T5849] Bluetooth: hci1: command tx timeout [ 109.600213][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.643742][ T5849] Bluetooth: hci3: command tx timeout [ 109.756724][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.788002][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.795247][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.857080][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.864356][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.121516][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.291314][ T5834] veth0_vlan: entered promiscuous mode [ 110.343532][ T5834] veth1_vlan: entered promiscuous mode [ 110.388948][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.480416][ T5834] veth0_macvtap: entered promiscuous mode [ 110.504327][ T5834] veth1_macvtap: entered promiscuous mode [ 110.548244][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.569424][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.615200][ T5840] veth0_vlan: entered promiscuous mode [ 110.628985][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.658342][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.677584][ T5840] veth1_vlan: entered promiscuous mode [ 110.696037][ T5834] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.706176][ T5834] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.715149][ T5834] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.724206][ T5834] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.828231][ T5832] veth0_vlan: entered promiscuous mode [ 110.881655][ T5840] veth0_macvtap: entered promiscuous mode [ 110.900625][ T5833] veth0_vlan: entered promiscuous mode [ 110.913692][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.921682][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.943165][ T5840] veth1_macvtap: entered promiscuous mode [ 110.956493][ T5832] veth1_vlan: entered promiscuous mode [ 110.995100][ T5833] veth1_vlan: entered promiscuous mode [ 111.028363][ T146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.052138][ T146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.096112][ T5833] veth0_macvtap: entered promiscuous mode [ 111.117990][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.127993][ T5832] veth0_macvtap: entered promiscuous mode [ 111.149337][ T5833] veth1_macvtap: entered promiscuous mode [ 111.163381][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.173949][ T5832] veth1_macvtap: entered promiscuous mode [ 111.204516][ T5840] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.213892][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 111.217241][ T5840] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.239471][ T5840] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.249540][ T5840] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.271677][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.298041][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.328616][ T5833] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.337940][ T5833] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.355303][ T5833] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.364529][ T5833] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.388721][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.426994][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.440136][ T5832] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.454866][ T5832] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.463876][ T5832] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.473125][ T5832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.642302][ T5849] Bluetooth: hci0: command tx timeout [ 111.643213][ T5152] Bluetooth: hci1: command tx timeout [ 111.655148][ T5836] Bluetooth: hci2: command tx timeout [ 111.732249][ T5836] Bluetooth: hci3: command tx timeout [ 111.800468][ T1325] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.840188][ T1325] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.925681][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 111.970080][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.981128][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.107711][ T1325] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.112461][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.120999][ T1325] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.264552][ T146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.287073][ T146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.375670][ T146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.393918][ T146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.450441][ T146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.485799][ T146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.745489][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 112.775684][ T5933] Zero length message leads to an empty skb [ 112.893863][ T5935] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2'. [ 112.946213][ T5935] ipvlan1: entered allmulticast mode [ 112.970385][ T5935] veth0_vlan: entered allmulticast mode [ 113.026059][ T5937] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2'. [ 113.723612][ T5836] Bluetooth: hci2: command tx timeout [ 113.729223][ T5836] Bluetooth: hci1: command tx timeout [ 113.734737][ T5152] Bluetooth: hci0: command tx timeout [ 113.802831][ T5836] Bluetooth: hci3: command tx timeout [ 114.381577][ T5974] FAULT_INJECTION: forcing a failure. [ 114.381577][ T5974] name fail_futex, interval 1, probability 0, space 0, times 1 [ 114.416564][ T5974] CPU: 1 UID: 0 PID: 5974 Comm: syz.3.11 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 114.416609][ T5974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.416632][ T5974] Call Trace: [ 114.416643][ T5974] [ 114.416659][ T5974] dump_stack_lvl+0x16c/0x1f0 [ 114.416729][ T5974] should_fail_ex+0x512/0x640 [ 114.416785][ T5974] get_futex_key+0x1d0/0x1540 [ 114.416825][ T5974] ? find_held_lock+0x2b/0x80 [ 114.416857][ T5974] ? __pfx_get_futex_key+0x10/0x10 [ 114.416901][ T5974] ? tomoyo_path_number_perm+0x18d/0x580 [ 114.416946][ T5974] futex_wake+0xea/0x530 [ 114.416991][ T5974] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 114.417045][ T5974] ? __pfx_futex_wake+0x10/0x10 [ 114.417109][ T5974] do_futex+0x1e3/0x350 [ 114.417148][ T5974] ? __pfx_do_futex+0x10/0x10 [ 114.417188][ T5974] ? find_held_lock+0x2b/0x80 [ 114.417224][ T5974] __x64_sys_futex+0x1e0/0x4c0 [ 114.417268][ T5974] ? __fget_files+0x20e/0x3c0 [ 114.417313][ T5974] ? __pfx___x64_sys_futex+0x10/0x10 [ 114.417361][ T5974] ? fput+0x70/0xf0 [ 114.417398][ T5974] do_syscall_64+0xcd/0x490 [ 114.417453][ T5974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.417486][ T5974] RIP: 0033:0x7f8deb98e929 [ 114.417517][ T5974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.417549][ T5974] RSP: 002b:00007f8dec8430e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 114.417581][ T5974] RAX: ffffffffffffffda RBX: 00007f8debbb5fa8 RCX: 00007f8deb98e929 [ 114.417603][ T5974] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8debbb5fac [ 114.417623][ T5974] RBP: 00007f8debbb5fa0 R08: 00007f8dec844000 R09: 0000000000000000 [ 114.417644][ T5974] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f8debbb5fac [ 114.417666][ T5974] R13: 0000000000000000 R14: 00007ffe739b7960 R15: 00007ffe739b7a48 [ 114.417714][ T5974] [ 114.987131][ T5971] zswap: compressor not available [ 114.992964][ T5983] FAULT_INJECTION: forcing a failure. [ 114.992964][ T5983] name failslab, interval 1, probability 0, space 0, times 1 [ 115.007241][ T5983] CPU: 0 UID: 0 PID: 5983 Comm: syz.0.13 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 115.007285][ T5983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.007305][ T5983] Call Trace: [ 115.007315][ T5983] [ 115.007328][ T5983] dump_stack_lvl+0x16c/0x1f0 [ 115.007384][ T5983] should_fail_ex+0x512/0x640 [ 115.007436][ T5983] ? __kmalloc_noprof+0xbf/0x510 [ 115.007490][ T5983] ? lsm_blob_alloc+0x68/0x90 [ 115.007539][ T5983] should_failslab+0xc2/0x120 [ 115.007596][ T5983] __kmalloc_noprof+0xd2/0x510 [ 115.007655][ T5983] lsm_blob_alloc+0x68/0x90 [ 115.007706][ T5983] security_sk_alloc+0x30/0x270 [ 115.007743][ T5983] sk_prot_alloc+0xfb/0x2a0 [ 115.007783][ T5983] sk_alloc+0x36/0xc20 [ 115.007833][ T5983] unix_create1+0xa6/0x700 [ 115.007888][ T5983] unix_create+0x10e/0x1d0 [ 115.007939][ T5983] __sock_create+0x338/0x8d0 [ 115.007988][ T5983] __sys_socketpair+0x25c/0x5a0 [ 115.008033][ T5983] ? __pfx___sys_socketpair+0x10/0x10 [ 115.008073][ T5983] ? fput+0x70/0xf0 [ 115.008106][ T5983] ? xfd_validate_state+0x61/0x180 [ 115.008147][ T5983] ? __pfx_do_writev+0x10/0x10 [ 115.008198][ T5983] __x64_sys_socketpair+0x96/0x100 [ 115.008241][ T5983] ? lockdep_hardirqs_on+0x7c/0x110 [ 115.008291][ T5983] do_syscall_64+0xcd/0x490 [ 115.008347][ T5983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.008381][ T5983] RIP: 0033:0x7faa1ad8e929 [ 115.008409][ T5983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.008441][ T5983] RSP: 002b:00007faa1bb7a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 115.008473][ T5983] RAX: ffffffffffffffda RBX: 00007faa1afb6080 RCX: 00007faa1ad8e929 [ 115.008495][ T5983] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 115.008515][ T5983] RBP: 00007faa1ae10b39 R08: 0000000000000000 R09: 0000000000000000 [ 115.008535][ T5983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.008554][ T5983] R13: 0000000000000000 R14: 00007faa1afb6080 R15: 00007ffde761f9b8 [ 115.008596][ T5983] [ 115.220089][ C0] vkms_vblank_simulate: vblank timer overrun [ 115.396783][ T5985] hub 8-0:1.0: USB hub found [ 115.402513][ T5985] hub 8-0:1.0: 1 port detected [ 115.650965][ T5989] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 115.802448][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.811855][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.022564][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 116.333179][ T6008] FAULT_INJECTION: forcing a failure. [ 116.333179][ T6008] name failslab, interval 1, probability 0, space 0, times 0 [ 116.386638][ T6008] CPU: 1 UID: 0 PID: 6008 Comm: syz.3.19 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 116.386683][ T6008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.386701][ T6008] Call Trace: [ 116.386712][ T6008] [ 116.386724][ T6008] dump_stack_lvl+0x16c/0x1f0 [ 116.386786][ T6008] should_fail_ex+0x512/0x640 [ 116.386831][ T6008] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 116.386891][ T6008] should_failslab+0xc2/0x120 [ 116.386921][ T6008] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 116.386973][ T6008] ? __pfx_simple_offset_add+0x10/0x10 [ 116.387019][ T6008] ? shmem_symlink+0x257/0x9f0 [ 116.387074][ T6008] kmemdup_noprof+0x29/0x60 [ 116.387122][ T6008] shmem_symlink+0x257/0x9f0 [ 116.387173][ T6008] ? __pfx_shmem_symlink+0x10/0x10 [ 116.387221][ T6008] ? bpf_lsm_inode_permission+0x9/0x10 [ 116.387251][ T6008] ? security_inode_permission+0xbf/0x260 [ 116.387291][ T6008] ? inode_permission+0x156/0x630 [ 116.387331][ T6008] vfs_symlink+0x403/0x680 [ 116.387376][ T6008] do_symlinkat+0x261/0x310 [ 116.387429][ T6008] ? __pfx_do_symlinkat+0x10/0x10 [ 116.387500][ T6008] ? getname_flags.part.0+0x1c5/0x550 [ 116.387546][ T6008] __x64_sys_symlink+0x75/0x90 [ 116.387596][ T6008] do_syscall_64+0xcd/0x490 [ 116.387650][ T6008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.387688][ T6008] RIP: 0033:0x7f8deb98e929 [ 116.387714][ T6008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.387751][ T6008] RSP: 002b:00007f8dec822038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 116.387780][ T6008] RAX: ffffffffffffffda RBX: 00007f8debbb6080 RCX: 00007f8deb98e929 [ 116.387801][ T6008] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000200000000100 [ 116.387821][ T6008] RBP: 00007f8dec822090 R08: 0000000000000000 R09: 0000000000000000 [ 116.387840][ T6008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 116.387858][ T6008] R13: 0000000000000001 R14: 00007f8debbb6080 R15: 00007ffe739b7a48 [ 116.387901][ T6008] [ 117.060308][ T6003] syz.2.18 (6003) used greatest stack depth: 19800 bytes left [ 118.132767][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 118.202585][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 118.512156][ T6040] bond0: mtu greater than device maximum [ 118.542593][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.565920][ T6040] ======================================================= [ 118.565920][ T6040] WARNING: The mand mount option has been deprecated and [ 118.565920][ T6040] and is ignored by this kernel. Remove the mand [ 118.565920][ T6040] option from the mount to silence this warning. [ 118.565920][ T6040] ======================================================= [ 118.601007][ C0] vkms_vblank_simulate: vblank timer overrun [ 118.642126][ T6040] nfsd: Unknown parameter 'Z' [ 118.772207][ T6046] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 118.834196][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.869102][ T6047] process 'syz.3.27' launched './file0' with NULL argv: empty string added [ 120.240997][ T6065] can: request_module (can-proto-4) failed. [ 120.827196][ T6075] mmap: syz.2.31 (6075) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 122.179998][ T6093] netlink: 8 bytes leftover after parsing attributes in process `syz.2.36'. [ 123.221467][ T6091] FAULT_INJECTION: forcing a failure. [ 123.221467][ T6091] name failslab, interval 1, probability 0, space 0, times 0 [ 123.278383][ T6091] CPU: 0 UID: 0 PID: 6091 Comm: syz.3.35 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 123.278431][ T6091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.278451][ T6091] Call Trace: [ 123.278462][ T6091] [ 123.278475][ T6091] dump_stack_lvl+0x16c/0x1f0 [ 123.278535][ T6091] should_fail_ex+0x512/0x640 [ 123.278581][ T6091] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 123.278637][ T6091] should_failslab+0xc2/0x120 [ 123.278668][ T6091] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 123.278717][ T6091] ? do_raw_spin_unlock+0x172/0x230 [ 123.278774][ T6091] ? alloc_inode+0xc3/0x240 [ 123.278815][ T6091] alloc_inode+0xc3/0x240 [ 123.278852][ T6091] new_inode+0x22/0x1c0 [ 123.278890][ T6091] nfsd_get_inode+0x1a/0x190 [ 123.278926][ T6091] nfsd_fill_super+0x18e/0x530 [ 123.278966][ T6091] ? __pfx_nfsd_fill_super+0x10/0x10 [ 123.279003][ T6091] get_tree_keyed+0x10e/0x1d0 [ 123.279053][ T6091] vfs_get_tree+0x8e/0x340 [ 123.279092][ T6091] path_mount+0x1414/0x2020 [ 123.279147][ T6091] ? kmem_cache_free+0x2d1/0x4d0 [ 123.279195][ T6091] ? __pfx_path_mount+0x10/0x10 [ 123.279260][ T6091] ? putname+0x154/0x1a0 [ 123.279296][ T6091] __x64_sys_mount+0x28d/0x310 [ 123.279350][ T6091] ? __pfx___x64_sys_mount+0x10/0x10 [ 123.279418][ T6091] do_syscall_64+0xcd/0x490 [ 123.279476][ T6091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.279510][ T6091] RIP: 0033:0x7f8deb98e929 [ 123.279545][ T6091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.279576][ T6091] RSP: 002b:00007f8dec843038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 123.279612][ T6091] RAX: ffffffffffffffda RBX: 00007f8debbb5fa0 RCX: 00007f8deb98e929 [ 123.279634][ T6091] RDX: 00002000000004c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 123.279655][ T6091] RBP: 00007f8deba10b39 R08: 0000000000000000 R09: 0000000000000000 [ 123.279674][ T6091] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000000 [ 123.279692][ T6091] R13: 0000000000000000 R14: 00007f8debbb5fa0 R15: 00007ffe739b7a48 [ 123.279735][ T6091] [ 123.960442][ T6119] netlink: 4 bytes leftover after parsing attributes in process `syz.0.42'. [ 125.247934][ T6137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.46'. [ 126.626197][ T6160] FAULT_INJECTION: forcing a failure. [ 126.626197][ T6160] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 126.672619][ T6160] CPU: 1 UID: 0 PID: 6160 Comm: syz.2.53 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 126.672663][ T6160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 126.672682][ T6160] Call Trace: [ 126.672692][ T6160] [ 126.672703][ T6160] dump_stack_lvl+0x16c/0x1f0 [ 126.672758][ T6160] should_fail_ex+0x512/0x640 [ 126.672811][ T6160] _copy_to_user+0x32/0xd0 [ 126.672864][ T6160] simple_read_from_buffer+0xcb/0x170 [ 126.672908][ T6160] proc_fail_nth_read+0x197/0x270 [ 126.672948][ T6160] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 126.672989][ T6160] ? rw_verify_area+0xcf/0x680 [ 126.673030][ T6160] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 126.673078][ T6160] vfs_read+0x1e1/0xc60 [ 126.673130][ T6160] ? __pfx___mutex_lock+0x10/0x10 [ 126.673215][ T6160] ? __pfx_vfs_read+0x10/0x10 [ 126.673274][ T6160] ? __fget_files+0x20e/0x3c0 [ 126.673331][ T6160] ksys_read+0x12a/0x250 [ 126.673376][ T6160] ? __pfx_ksys_read+0x10/0x10 [ 126.673419][ T6160] ? syscall_user_dispatch+0x78/0x140 [ 126.673482][ T6160] do_syscall_64+0xcd/0x490 [ 126.673537][ T6160] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.673570][ T6160] RIP: 0033:0x7f84f5b8d33c [ 126.673596][ T6160] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 126.673626][ T6160] RSP: 002b:00007f84f39f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 126.673654][ T6160] RAX: ffffffffffffffda RBX: 00007f84f5db5fa0 RCX: 00007f84f5b8d33c [ 126.673674][ T6160] RDX: 000000000000000f RSI: 00007f84f39f60a0 RDI: 0000000000000003 [ 126.673691][ T6160] RBP: 00007f84f39f6090 R08: 0000000000000000 R09: 0000000000000000 [ 126.673708][ T6160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.673726][ T6160] R13: 0000000000000000 R14: 00007f84f5db5fa0 R15: 00007ffd724974c8 [ 126.673767][ T6160] [ 127.201656][ T6167] netlink: 8 bytes leftover after parsing attributes in process `syz.1.57'. [ 128.317803][ T6184] netlink: set zone limit has 8 unknown bytes [ 129.455380][ T6203] netlink: 8 bytes leftover after parsing attributes in process `syz.1.67'. [ 129.639813][ T6197] ubi0: attaching mtd0 [ 129.687496][ T6197] ubi0: scanning is finished [ 129.699094][ T6197] ubi0: empty MTD device detected [ 129.825064][ T6210] ima: policy update failed [ 129.859816][ T30] audit: type=1802 audit(1750597995.494:2): pid=6210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.69" res=0 errno=0 [ 130.372565][ T6197] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 130.380139][ T6197] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 130.433872][ T6197] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 130.441071][ T6197] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 130.475773][ T6197] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 130.535084][ T6197] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 130.586551][ T6197] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 442437005 [ 130.609468][ T6197] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 130.682699][ T6220] ubi0: background thread "ubi_bgt0d" started, PID 6220 [ 132.358695][ T6245] FAULT_INJECTION: forcing a failure. [ 132.358695][ T6245] name failslab, interval 1, probability 0, space 0, times 0 [ 132.371612][ T6245] CPU: 1 UID: 0 PID: 6245 Comm: syz.2.74 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 132.371644][ T6245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.371658][ T6245] Call Trace: [ 132.371665][ T6245] [ 132.371673][ T6245] dump_stack_lvl+0x16c/0x1f0 [ 132.371714][ T6245] should_fail_ex+0x512/0x640 [ 132.371747][ T6245] ? __kmalloc_node_noprof+0xc5/0x500 [ 132.371787][ T6245] should_failslab+0xc2/0x120 [ 132.371809][ T6245] __kmalloc_node_noprof+0xd8/0x500 [ 132.371844][ T6245] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 132.371870][ T6245] ? is_bpf_text_address+0x8a/0x1a0 [ 132.371915][ T6245] ? alloc_slab_obj_exts+0x41/0xa0 [ 132.371963][ T6245] alloc_slab_obj_exts+0x41/0xa0 [ 132.372005][ T6245] new_slab+0x283/0x330 [ 132.372046][ T6245] ___slab_alloc+0xd9c/0x1940 [ 132.372077][ T6245] ? kvm_vm_ioctl+0xb99/0x3da0 [ 132.372114][ T6245] ? ___slab_alloc+0x41/0x1940 [ 132.372153][ T6245] ? kvm_vm_ioctl+0xb99/0x3da0 [ 132.372188][ T6245] ? __slab_alloc.constprop.0+0x56/0xb0 [ 132.372218][ T6245] __slab_alloc.constprop.0+0x56/0xb0 [ 132.372253][ T6245] kmem_cache_alloc_noprof+0xef/0x3b0 [ 132.372294][ T6245] ? kfree+0x2b4/0x4d0 [ 132.372321][ T6245] ? tomoyo_path_number_perm+0x470/0x580 [ 132.372347][ T6245] ? kvm_vm_ioctl+0xb99/0x3da0 [ 132.372387][ T6245] kvm_vm_ioctl+0xb99/0x3da0 [ 132.372434][ T6245] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 132.372485][ T6245] ? kasan_quarantine_put+0x10a/0x240 [ 132.372519][ T6245] ? lockdep_hardirqs_on+0x7c/0x110 [ 132.372557][ T6245] ? find_held_lock+0x2b/0x80 [ 132.372580][ T6245] ? tomoyo_path_number_perm+0x295/0x580 [ 132.372612][ T6245] ? tomoyo_path_number_perm+0x18d/0x580 [ 132.372641][ T6245] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 132.372668][ T6245] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 132.372705][ T6245] ? do_vfs_ioctl+0x523/0x1a60 [ 132.372733][ T6245] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 132.372779][ T6245] ? find_held_lock+0x2b/0x80 [ 132.372800][ T6245] ? hook_file_ioctl_common+0x145/0x410 [ 132.372831][ T6245] ? __fget_files+0x20e/0x3c0 [ 132.372867][ T6245] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 132.372904][ T6245] __x64_sys_ioctl+0x18e/0x210 [ 132.372933][ T6245] do_syscall_64+0xcd/0x490 [ 132.372971][ T6245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.372995][ T6245] RIP: 0033:0x7f84f5b8e929 [ 132.373014][ T6245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.373037][ T6245] RSP: 002b:00007f84f39f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 132.373059][ T6245] RAX: ffffffffffffffda RBX: 00007f84f5db5fa0 RCX: 00007f84f5b8e929 [ 132.373075][ T6245] RDX: 0000000000000002 RSI: 000000000000ae41 RDI: 0000000000000003 [ 132.373088][ T6245] RBP: 00007f84f5c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 132.373103][ T6245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.373117][ T6245] R13: 0000000000000000 R14: 00007f84f5db5fa0 R15: 00007ffd724974c8 [ 132.373146][ T6245] [ 133.191686][ T6258] netlink: 8 bytes leftover after parsing attributes in process `syz.3.77'. [ 133.640561][ T6269] FAULT_INJECTION: forcing a failure. [ 133.640561][ T6269] name failslab, interval 1, probability 0, space 0, times 0 [ 133.653449][ T6269] CPU: 1 UID: 0 PID: 6269 Comm: syz.3.81 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 133.653494][ T6269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 133.653514][ T6269] Call Trace: [ 133.653525][ T6269] [ 133.653537][ T6269] dump_stack_lvl+0x16c/0x1f0 [ 133.653595][ T6269] should_fail_ex+0x512/0x640 [ 133.653650][ T6269] should_failslab+0xc2/0x120 [ 133.653682][ T6269] __kmalloc_cache_noprof+0x6a/0x3e0 [ 133.653729][ T6269] ? proc_self_get_link+0x1a9/0x230 [ 133.653782][ T6269] proc_self_get_link+0x1a9/0x230 [ 133.653829][ T6269] ? __pfx_proc_self_get_link+0x10/0x10 [ 133.653874][ T6269] step_into+0x195e/0x2270 [ 133.653927][ T6269] ? __pfx_step_into+0x10/0x10 [ 133.653978][ T6269] ? lookup_fast+0x156/0x610 [ 133.654026][ T6269] walk_component+0xfc/0x5b0 [ 133.654072][ T6269] link_path_walk+0x627/0xe20 [ 133.654132][ T6269] path_openat+0x1b0/0x2cb0 [ 133.654176][ T6269] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.654227][ T6269] ? __pfx_path_openat+0x10/0x10 [ 133.654279][ T6269] ? __lock_acquire+0xb8a/0x1c90 [ 133.654328][ T6269] do_filp_open+0x20b/0x470 [ 133.654378][ T6269] ? __pfx_do_filp_open+0x10/0x10 [ 133.654467][ T6269] ? alloc_fd+0x471/0x7d0 [ 133.654525][ T6269] do_sys_openat2+0x11b/0x1d0 [ 133.654564][ T6269] ? __pfx_do_sys_openat2+0x10/0x10 [ 133.654619][ T6269] __x64_sys_openat+0x174/0x210 [ 133.654657][ T6269] ? __pfx___x64_sys_openat+0x10/0x10 [ 133.654714][ T6269] do_syscall_64+0xcd/0x490 [ 133.654770][ T6269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.654803][ T6269] RIP: 0033:0x7f8deb98d290 [ 133.654830][ T6269] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 133.654863][ T6269] RSP: 002b:00007f8dec842f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 133.654893][ T6269] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f8deb98d290 [ 133.654913][ T6269] RDX: 0000000000000002 RSI: 00007f8dec842fa0 RDI: 00000000ffffff9c [ 133.654933][ T6269] RBP: 00007f8dec842fa0 R08: 0000000000000000 R09: 0000000000000000 [ 133.654953][ T6269] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 133.654972][ T6269] R13: 0000000000000000 R14: 00007f8debbb5fa0 R15: 00007ffe739b7a48 [ 133.655015][ T6269] [ 134.073854][ T6269] netlink: 20 bytes leftover after parsing attributes in process `syz.3.81'. [ 134.963392][ T6292] netlink: 8 bytes leftover after parsing attributes in process `syz.0.89'. [ 135.321031][ T6304] netlink: 16 bytes leftover after parsing attributes in process `syz.2.92'. [ 136.056291][ T30] audit: type=1800 audit(1750598001.724:3): pid=6316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.94" name="lu_gp_id" dev="configfs" ino=9217 res=0 errno=0 [ 136.149172][ T6320] netlink: 8 bytes leftover after parsing attributes in process `syz.1.98'. [ 136.729044][ T6329] FAULT_INJECTION: forcing a failure. [ 136.729044][ T6329] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 136.770740][ T6329] CPU: 0 UID: 0 PID: 6329 Comm: syz.2.100 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 136.770795][ T6329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 136.770816][ T6329] Call Trace: [ 136.770827][ T6329] [ 136.770839][ T6329] dump_stack_lvl+0x16c/0x1f0 [ 136.770903][ T6329] should_fail_ex+0x512/0x640 [ 136.770961][ T6329] should_fail_alloc_page+0xe7/0x130 [ 136.771048][ T6329] prepare_alloc_pages+0x3c2/0x610 [ 136.771091][ T6329] ? rcu_is_watching+0x12/0xc0 [ 136.771130][ T6329] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 136.771189][ T6329] ? rcu_is_watching+0x12/0xc0 [ 136.771232][ T6329] ? trace_mm_page_alloc+0x11f/0x1a0 [ 136.771271][ T6329] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 136.771321][ T6329] ? lockdep_hardirqs_on+0x7c/0x110 [ 136.771371][ T6329] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 136.771421][ T6329] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 136.771487][ T6329] ? alloc_vmap_area+0xdc8/0x29c0 [ 136.771521][ T6329] ? __vmalloc_node_range_noprof+0x271/0x14b0 [ 136.771564][ T6329] ? __do_sys_listmount+0x1c2/0xec0 [ 136.771604][ T6329] ? do_syscall_64+0xcd/0x490 [ 136.771653][ T6329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.771709][ T6329] alloc_pages_bulk_noprof+0x71c/0x1410 [ 136.771759][ T6329] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 136.771813][ T6329] ? policy_nodemask+0xea/0x4e0 [ 136.771878][ T6329] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 136.771939][ T6329] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 136.772018][ T6329] kasan_populate_vmalloc+0xf1/0x1f0 [ 136.772078][ T6329] alloc_vmap_area+0x959/0x29c0 [ 136.772129][ T6329] ? __pfx_alloc_vmap_area+0x10/0x10 [ 136.772179][ T6329] __get_vm_area_node+0x1ca/0x330 [ 136.772227][ T6329] __vmalloc_node_range_noprof+0x271/0x14b0 [ 136.772270][ T6329] ? __do_sys_listmount+0x1c2/0xec0 [ 136.772321][ T6329] ? __lock_acquire+0xb8a/0x1c90 [ 136.772364][ T6329] ? __do_sys_listmount+0x1c2/0xec0 [ 136.772416][ T6329] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 136.772461][ T6329] ? __alloc_pages_noprof+0xb/0x1b0 [ 136.772508][ T6329] ? ___kmalloc_large_node+0x84/0x1e0 [ 136.772544][ T6329] ? find_held_lock+0x2b/0x80 [ 136.772584][ T6329] __kvmalloc_node_noprof+0x30a/0x620 [ 136.772631][ T6329] ? __do_sys_listmount+0x1c2/0xec0 [ 136.772673][ T6329] ? __do_sys_listmount+0x1c2/0xec0 [ 136.772721][ T6329] ? __do_sys_listmount+0x1c2/0xec0 [ 136.772760][ T6329] __do_sys_listmount+0x1c2/0xec0 [ 136.772809][ T6329] ? __x64_sys_futex+0x1e0/0x4c0 [ 136.772848][ T6329] ? __x64_sys_futex+0x1e9/0x4c0 [ 136.772889][ T6329] ? __pfx___do_sys_listmount+0x10/0x10 [ 136.772951][ T6329] do_syscall_64+0xcd/0x490 [ 136.773017][ T6329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.773050][ T6329] RIP: 0033:0x7f84f5b8e929 [ 136.773078][ T6329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.773110][ T6329] RSP: 002b:00007f84f39d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 136.773141][ T6329] RAX: ffffffffffffffda RBX: 00007f84f5db6080 RCX: 00007f84f5b8e929 [ 136.773163][ T6329] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 136.773182][ T6329] RBP: 00007f84f5c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 136.773201][ T6329] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 136.773221][ T6329] R13: 0000000000000000 R14: 00007f84f5db6080 R15: 00007ffd724974c8 [ 136.773263][ T6329] [ 137.194954][ T6329] syz.2.100: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 137.211777][ T6329] CPU: 0 UID: 0 PID: 6329 Comm: syz.2.100 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 137.211824][ T6329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 137.211844][ T6329] Call Trace: [ 137.211854][ T6329] [ 137.211869][ T6329] dump_stack_lvl+0x16c/0x1f0 [ 137.211935][ T6329] warn_alloc+0x248/0x3a0 [ 137.211987][ T6329] ? __pfx_warn_alloc+0x10/0x10 [ 137.212041][ T6329] ? kfree+0x2b4/0x4d0 [ 137.212092][ T6329] ? __get_vm_area_node+0x208/0x330 [ 137.212141][ T6329] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 137.212196][ T6329] ? __lock_acquire+0xb8a/0x1c90 [ 137.212238][ T6329] ? __do_sys_listmount+0x1c2/0xec0 [ 137.212292][ T6329] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 137.212337][ T6329] ? __alloc_pages_noprof+0xb/0x1b0 [ 137.212386][ T6329] ? ___kmalloc_large_node+0x84/0x1e0 [ 137.212422][ T6329] ? find_held_lock+0x2b/0x80 [ 137.212463][ T6329] __kvmalloc_node_noprof+0x30a/0x620 [ 137.212510][ T6329] ? __do_sys_listmount+0x1c2/0xec0 [ 137.212552][ T6329] ? __do_sys_listmount+0x1c2/0xec0 [ 137.212601][ T6329] ? __do_sys_listmount+0x1c2/0xec0 [ 137.212640][ T6329] __do_sys_listmount+0x1c2/0xec0 [ 137.212690][ T6329] ? __x64_sys_futex+0x1e0/0x4c0 [ 137.212728][ T6329] ? __x64_sys_futex+0x1e9/0x4c0 [ 137.212770][ T6329] ? __pfx___do_sys_listmount+0x10/0x10 [ 137.212833][ T6329] do_syscall_64+0xcd/0x490 [ 137.212888][ T6329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.212930][ T6329] RIP: 0033:0x7f84f5b8e929 [ 137.212956][ T6329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.212989][ T6329] RSP: 002b:00007f84f39d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 137.213020][ T6329] RAX: ffffffffffffffda RBX: 00007f84f5db6080 RCX: 00007f84f5b8e929 [ 137.213042][ T6329] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 137.213062][ T6329] RBP: 00007f84f5c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 137.213081][ T6329] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 137.213100][ T6329] R13: 0000000000000000 R14: 00007f84f5db6080 R15: 00007ffd724974c8 [ 137.213143][ T6329] [ 137.231830][ T6347] netlink: 48 bytes leftover after parsing attributes in process `syz.3.104'. [ 137.236006][ T6329] Mem-Info: [ 137.444796][ T6329] active_anon:6066 inactive_anon:0 isolated_anon:0 [ 137.444796][ T6329] active_file:10473 inactive_file:42472 isolated_file:0 [ 137.444796][ T6329] unevictable:768 dirty:2742 writeback:0 [ 137.444796][ T6329] slab_reclaimable:10042 slab_unreclaimable:93857 [ 137.444796][ T6329] mapped:25456 shmem:1361 pagetables:1106 [ 137.444796][ T6329] sec_pagetables:0 bounce:0 [ 137.444796][ T6329] kernel_misc_reclaimable:0 [ 137.444796][ T6329] free:1330099 free_pcp:13645 free_cma:0 [ 137.520826][ T6329] Node 0 active_anon:24264kB inactive_anon:0kB active_file:41892kB inactive_file:171800kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101824kB dirty:10968kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11680kB pagetables:4264kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 137.738884][ T6329] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:160kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 137.819158][ T6329] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 137.932074][ T6329] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 138.045789][ T6329] Node 0 DMA32 free:1396164kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:26872kB inactive_anon:0kB active_file:41892kB inactive_file:174584kB unevictable:1536kB writepending:17140kB present:3129332kB managed:2540892kB mlocked:0kB bounce:0kB free_pcp:32712kB local_pcp:19440kB free_cma:0kB [ 138.241150][ T6329] lowmem_reserve[]: 0 0 1 1 1 [ 138.294332][ T6329] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:8kB free_cma:0kB [ 138.417887][ T6329] lowmem_reserve[]: 0 0 0 0 0 [ 138.427134][ T6329] Node 1 Normal free:3899476kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:22440kB local_pcp:11556kB free_cma:0kB [ 138.482210][ T6329] lowmem_reserve[]: 0 0 0 0 0 [ 138.496938][ T6329] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 138.510018][ T6329] Node 0 DMA32: 252*4kB (UM) 553*8kB (UM) 454*16kB (UM) 346*32kB (UME) 268*64kB (ME) 48*128kB (UM) 30*256kB (UM) 15*512kB (ME) 4*1024kB (M) 5*2048kB (UME) 321*4096kB (M) = 1391576kB [ 138.528705][ T6329] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 138.540818][ T6329] Node 1 Normal: 227*4kB (UME) 63*8kB (UME) 33*16kB (UME) 68*32kB (UME) 21*64kB (UME) 10*128kB (UME) 4*256kB (UME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 948*4096kB (M) = 3899476kB [ 138.562415][ T6329] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 138.592046][ T6329] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 138.601439][ T6329] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 138.661989][ T6329] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 138.726735][ T6329] 55839 total pagecache pages [ 138.731463][ T6329] 0 pages in swap cache [ 138.780217][ T6329] Free swap = 124996kB [ 138.802988][ T6329] Total swap = 124996kB [ 138.848111][ T6329] 2097051 pages RAM [ 138.852459][ T6329] 0 pages HighMem/MovableOnly [ 138.858263][ T6329] 429850 pages reserved [ 138.862856][ T6329] 0 pages cma reserved [ 139.492462][ T6369] kvm: kvm [6367]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x40000025) = 0x2 [ 139.936628][ T6371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.109'. [ 140.899113][ T6390] hub 3-0:1.0: USB hub found [ 140.936876][ T6390] hub 3-0:1.0: 1 port detected [ 140.984473][ T6390] usb usb3: authorized to connect [ 141.616590][ T6405] FAULT_INJECTION: forcing a failure. [ 141.616590][ T6405] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 141.638470][ T6405] CPU: 1 UID: 0 PID: 6405 Comm: syz.0.119 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 141.638522][ T6405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 141.638543][ T6405] Call Trace: [ 141.638554][ T6405] [ 141.638566][ T6405] dump_stack_lvl+0x16c/0x1f0 [ 141.638626][ T6405] should_fail_ex+0x512/0x640 [ 141.638684][ T6405] should_fail_alloc_page+0xe7/0x130 [ 141.638718][ T6405] prepare_alloc_pages+0x3c2/0x610 [ 141.638758][ T6405] ? rcu_is_watching+0x12/0xc0 [ 141.638797][ T6405] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 141.638850][ T6405] ? __lock_acquire+0xb8a/0x1c90 [ 141.638917][ T6405] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 141.638974][ T6405] ? do_raw_spin_lock+0x12c/0x2b0 [ 141.639027][ T6405] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 141.639080][ T6405] ? find_held_lock+0x2b/0x80 [ 141.639127][ T6405] ? __lock_acquire+0xb8a/0x1c90 [ 141.639171][ T6405] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 141.639228][ T6405] ? policy_nodemask+0xea/0x4e0 [ 141.639289][ T6405] alloc_pages_mpol+0x1fb/0x550 [ 141.639323][ T6405] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 141.639369][ T6405] folio_alloc_mpol_noprof+0x36/0x2f0 [ 141.639419][ T6405] shmem_alloc_folio+0x135/0x160 [ 141.639465][ T6405] shmem_alloc_and_add_folio+0x499/0xc20 [ 141.639527][ T6405] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 141.639583][ T6405] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 141.639642][ T6405] shmem_get_folio_gfp+0x67f/0x1600 [ 141.639705][ T6405] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 141.639761][ T6405] ? __lock_acquire+0x622/0x1c90 [ 141.639814][ T6405] shmem_fault+0x1fe/0xa30 [ 141.639868][ T6405] ? __pfx_shmem_fault+0x10/0x10 [ 141.639937][ T6405] ? __lock_acquire+0xb8a/0x1c90 [ 141.639997][ T6405] __do_fault+0x10d/0x490 [ 141.640052][ T6405] ? __pfx_filemap_map_pages+0x10/0x10 [ 141.640108][ T6405] __handle_mm_fault+0x374c/0x5490 [ 141.640167][ T6405] ? __pfx___handle_mm_fault+0x10/0x10 [ 141.640216][ T6405] ? __pte_offset_map_lock+0x174/0x310 [ 141.640253][ T6405] ? find_held_lock+0x2b/0x80 [ 141.640283][ T6405] ? find_held_lock+0x2b/0x80 [ 141.640327][ T6405] ? follow_page_pte+0x3af/0x14c0 [ 141.640377][ T6405] handle_mm_fault+0x589/0xd10 [ 141.640432][ T6405] __get_user_pages+0x589/0x3b80 [ 141.640488][ T6405] ? __pfx___get_user_pages+0x10/0x10 [ 141.640528][ T6405] ? __pfx_down_read_killable+0x10/0x10 [ 141.640566][ T6405] ? __lock_acquire+0xb8a/0x1c90 [ 141.640620][ T6405] faultin_page_range+0x249/0x980 [ 141.640675][ T6405] madvise_do_behavior+0x268/0x3f0 [ 141.640717][ T6405] ? __pfx_madvise_do_behavior+0x10/0x10 [ 141.640779][ T6405] do_madvise+0x161/0x230 [ 141.640816][ T6405] ? __pfx_do_madvise+0x10/0x10 [ 141.640873][ T6405] ? xfd_validate_state+0x61/0x180 [ 141.640923][ T6405] ? __pfx_do_writev+0x10/0x10 [ 141.640976][ T6405] __x64_sys_madvise+0xa9/0x110 [ 141.641012][ T6405] ? lockdep_hardirqs_on+0x7c/0x110 [ 141.641063][ T6405] do_syscall_64+0xcd/0x490 [ 141.641122][ T6405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.641157][ T6405] RIP: 0033:0x7faa1ad8e929 [ 141.641185][ T6405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.641216][ T6405] RSP: 002b:00007faa1bb9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 141.641246][ T6405] RAX: ffffffffffffffda RBX: 00007faa1afb5fa0 RCX: 00007faa1ad8e929 [ 141.641266][ T6405] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 141.641285][ T6405] RBP: 00007faa1ae10b39 R08: 0000000000000000 R09: 0000000000000000 [ 141.641304][ T6405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 141.641323][ T6405] R13: 0000000000000000 R14: 00007faa1afb5fa0 R15: 00007ffde761f9b8 [ 141.641366][ T6405] [ 141.656696][ T6407] netlink: 8 bytes leftover after parsing attributes in process `syz.2.120'. [ 142.110738][ T6413] : Can't lookup blockdev [ 142.218847][ T6413] ubi: mtd0 is already attached to ubi0 [ 142.545479][ T6425] netlink: 28 bytes leftover after parsing attributes in process `syz.0.124'. [ 142.666993][ T30] audit: type=1800 audit(1750598008.334:4): pid=6408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.118" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 142.885170][ T6425] team0: Port device team_slave_1 removed [ 143.252891][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.260373][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 143.937024][ T6451] netlink: 'syz.1.129': attribute type 2 has an invalid length. [ 144.245290][ T6457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.131'. [ 145.838793][ T6476] cgroup: fork rejected by pids controller in /syz0 [ 146.613409][ T6545] QAT: Stopping all acceleration devices. [ 146.651250][ T6545] netlink: 28 bytes leftover after parsing attributes in process `syz.3.138'. [ 147.115487][ T6586] netlink: 8 bytes leftover after parsing attributes in process `syz.1.141'. [ 149.231193][ T6654] netlink: 334 bytes leftover after parsing attributes in process `syz.2.145'. [ 149.787579][ T6545] team0: Port device team_slave_1 removed [ 149.958751][ T6659] FAULT_INJECTION: forcing a failure. [ 149.958751][ T6659] name failslab, interval 1, probability 0, space 0, times 0 [ 149.976046][ T6659] CPU: 1 UID: 0 PID: 6659 Comm: syz.2.147 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 149.976098][ T6659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 149.976118][ T6659] Call Trace: [ 149.976129][ T6659] [ 149.976142][ T6659] dump_stack_lvl+0x16c/0x1f0 [ 149.976201][ T6659] should_fail_ex+0x512/0x640 [ 149.976259][ T6659] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 149.976322][ T6659] should_failslab+0xc2/0x120 [ 149.976356][ T6659] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 149.976406][ T6659] ? __proc_create+0xc3/0x8c0 [ 149.976457][ T6659] ? __proc_create+0x2ce/0x8c0 [ 149.976516][ T6659] __proc_create+0x2ce/0x8c0 [ 149.976576][ T6659] ? __pfx___proc_create+0x10/0x10 [ 149.976627][ T6659] ? __register_sysctl_table+0x736/0x1900 [ 149.976687][ T6659] ? _raw_spin_unlock+0x28/0x50 [ 149.976736][ T6659] proc_create_reg+0x7d/0x180 [ 149.976767][ T6659] proc_create_net_data+0x8e/0x1b0 [ 149.976820][ T6659] ? __pfx_proc_create_net_data+0x10/0x10 [ 149.976883][ T6659] ? __pfx_arp_net_init+0x10/0x10 [ 149.976929][ T6659] arp_net_init+0x53/0x70 [ 149.976971][ T6659] ops_init+0x1e2/0x5f0 [ 149.977006][ T6659] setup_net+0x1ff/0x510 [ 149.977036][ T6659] ? lockdep_init_map_type+0x5c/0x280 [ 149.977088][ T6659] ? __pfx_setup_net+0x10/0x10 [ 149.977123][ T6659] ? debug_mutex_init+0x37/0x70 [ 149.977158][ T6659] copy_net_ns+0x2a6/0x5f0 [ 149.977197][ T6659] create_new_namespaces+0x3ea/0xa90 [ 149.977250][ T6659] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 149.977298][ T6659] ksys_unshare+0x45b/0xa40 [ 149.977344][ T6659] ? __pfx_ksys_unshare+0x10/0x10 [ 149.977390][ T6659] ? xfd_validate_state+0x61/0x180 [ 149.977447][ T6659] __x64_sys_unshare+0x31/0x40 [ 149.977491][ T6659] do_syscall_64+0xcd/0x490 [ 149.977547][ T6659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.977586][ T6659] RIP: 0033:0x7f84f5b8e929 [ 149.977614][ T6659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.977647][ T6659] RSP: 002b:00007f84f39f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 149.977679][ T6659] RAX: ffffffffffffffda RBX: 00007f84f5db5fa0 RCX: 00007f84f5b8e929 [ 149.977701][ T6659] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 149.977721][ T6659] RBP: 00007f84f5c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 149.977741][ T6659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 149.977761][ T6659] R13: 0000000000000000 R14: 00007f84f5db5fa0 R15: 00007ffd724974c8 [ 149.977804][ T6659] [ 150.235240][ C1] vkms_vblank_simulate: vblank timer overrun [ 150.782149][ T6670] netlink: 8 bytes leftover after parsing attributes in process `syz.1.150'. [ 151.415438][ T6689] random: crng reseeded on system resumption [ 152.469454][ T6701] netlink: 8 bytes leftover after parsing attributes in process `syz.0.161'. [ 152.480657][ T6703] netlink: 8 bytes leftover after parsing attributes in process `syz.2.160'. [ 152.496739][ T6702] netlink: 8 bytes leftover after parsing attributes in process `syz.2.160'. [ 152.951040][ T6714] 0x000200000001-0xa29656a63616329 : "" [ 153.034792][ T6714] mtd: partition "" is out of reach -- disabled [ 153.143048][ T6714] ftl_cs: FTL header not found. [ 153.595311][ T6728] netlink: 8 bytes leftover after parsing attributes in process `syz.2.170'. [ 154.132517][ T6741] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 155.086979][ T6755] binder: 6754:6755 ioctl 600004 4 returned -22 [ 155.645515][ T6762] netlink: 342 bytes leftover after parsing attributes in process `syz.1.178'. [ 155.991845][ T6767] netlink: 8 bytes leftover after parsing attributes in process `syz.0.180'. [ 156.836929][ T6790] FAULT_INJECTION: forcing a failure. [ 156.836929][ T6790] name failslab, interval 1, probability 0, space 0, times 0 [ 156.861204][ T6790] CPU: 1 UID: 0 PID: 6790 Comm: syz.2.187 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 156.861237][ T6790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.861250][ T6790] Call Trace: [ 156.861258][ T6790] [ 156.861266][ T6790] dump_stack_lvl+0x16c/0x1f0 [ 156.861306][ T6790] should_fail_ex+0x512/0x640 [ 156.861338][ T6790] ? __kmalloc_noprof+0xbf/0x510 [ 156.861374][ T6790] ? kernfs_fop_write_iter+0x237/0x510 [ 156.861396][ T6790] should_failslab+0xc2/0x120 [ 156.861418][ T6790] __kmalloc_noprof+0xd2/0x510 [ 156.861466][ T6790] kernfs_fop_write_iter+0x237/0x510 [ 156.861494][ T6790] vfs_write+0x6c4/0x1150 [ 156.861528][ T6790] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 156.861554][ T6790] ? __pfx___mutex_lock+0x10/0x10 [ 156.861590][ T6790] ? __pfx_vfs_write+0x10/0x10 [ 156.861642][ T6790] ksys_write+0x12a/0x250 [ 156.861674][ T6790] ? __pfx_ksys_write+0x10/0x10 [ 156.861717][ T6790] do_syscall_64+0xcd/0x490 [ 156.861756][ T6790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.861781][ T6790] RIP: 0033:0x7f84f5b8e929 [ 156.861799][ T6790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.861820][ T6790] RSP: 002b:00007f84f39f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 156.861841][ T6790] RAX: ffffffffffffffda RBX: 00007f84f5db5fa0 RCX: 00007f84f5b8e929 [ 156.861863][ T6790] RDX: 0000000000000081 RSI: 0000200000000040 RDI: 0000000000000003 [ 156.861881][ T6790] RBP: 00007f84f39f6090 R08: 0000000000000000 R09: 0000000000000000 [ 156.861898][ T6790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 156.861916][ T6790] R13: 0000000000000000 R14: 00007f84f5db5fa0 R15: 00007ffd724974c8 [ 156.861955][ T6790] [ 157.664945][ T6801] netlink: 8 bytes leftover after parsing attributes in process `syz.1.190'. [ 158.232631][ T6813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.195'. [ 159.557341][ T6835] netlink: 8 bytes leftover after parsing attributes in process `syz.0.201'. [ 159.804023][ T6839] delete_channel: no stack [ 160.115599][ T6844] netlink: 'syz.3.204': attribute type 4 has an invalid length. [ 160.123603][ T6844] netlink: 314 bytes leftover after parsing attributes in process `syz.3.204'. [ 161.856836][ T6869] netlink: 20 bytes leftover after parsing attributes in process `syz.1.209'. [ 161.868975][ T6869] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 162.550679][ T6876] netlink: 8 bytes leftover after parsing attributes in process `syz.2.210'. [ 163.063205][ T6887] netlink: 330 bytes leftover after parsing attributes in process `syz.0.214'. [ 163.157982][ T6890] random: crng reseeded on system resumption [ 163.718847][ T6904] netlink: 8 bytes leftover after parsing attributes in process `syz.1.220'. [ 164.589209][ T6921] can: request_module (can-proto-4) failed. [ 164.665190][ T6909] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 164.686305][ T6909] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 164.737950][ T6909] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 164.762805][ T6909] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 164.771518][ T6909] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 164.799118][ T6909] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 164.814004][ T6909] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 164.820644][ T6909] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 164.845738][ T6909] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 164.876115][ T6909] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 164.883384][ T6909] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 164.910280][ T6909] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 165.097114][ T6932] netlink: 330 bytes leftover after parsing attributes in process `syz.2.225'. [ 165.190584][ T6934] capability: warning: `syz.1.226' uses 32-bit capabilities (legacy support in use) [ 165.456974][ T6942] netlink: 8 bytes leftover after parsing attributes in process `syz.2.229'. [ 165.727274][ T6939] delete_channel: no stack [ 165.847327][ T6954] FAULT_INJECTION: forcing a failure. [ 165.847327][ T6954] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 165.882414][ T6954] CPU: 0 UID: 0 PID: 6954 Comm: syz.1.232 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 165.882459][ T6954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.882479][ T6954] Call Trace: [ 165.882489][ T6954] [ 165.882502][ T6954] dump_stack_lvl+0x16c/0x1f0 [ 165.882560][ T6954] should_fail_ex+0x512/0x640 [ 165.882616][ T6954] should_fail_alloc_page+0xe7/0x130 [ 165.882651][ T6954] prepare_alloc_pages+0x3c2/0x610 [ 165.882698][ T6954] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 165.882763][ T6954] ? mas_next_slot+0x12d3/0x21b0 [ 165.882799][ T6954] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 165.882879][ T6954] ? validate_mm+0x40a/0x570 [ 165.882933][ T6954] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 165.882987][ T6954] ? policy_nodemask+0xea/0x4e0 [ 165.883047][ T6954] alloc_pages_mpol+0x1fb/0x550 [ 165.883082][ T6954] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 165.883127][ T6954] alloc_pages_noprof+0x131/0x390 [ 165.883160][ T6954] pte_alloc_one+0x1c/0x3a0 [ 165.883212][ T6954] __pte_alloc+0x6d/0x3c0 [ 165.883244][ T6954] ? __pfx___pte_alloc+0x10/0x10 [ 165.883278][ T6954] ? find_held_lock+0x2b/0x80 [ 165.883314][ T6954] __handle_mm_fault+0x4358/0x5490 [ 165.883371][ T6954] ? __pfx___handle_mm_fault+0x10/0x10 [ 165.883454][ T6954] handle_mm_fault+0x589/0xd10 [ 165.883508][ T6954] __get_user_pages+0x589/0x3b80 [ 165.883558][ T6954] ? __pfx_mt_find+0x10/0x10 [ 165.883591][ T6954] ? __pfx___get_user_pages+0x10/0x10 [ 165.883644][ T6954] populate_vma_page_range+0x278/0x3a0 [ 165.883689][ T6954] ? __pfx_populate_vma_page_range+0x10/0x10 [ 165.883730][ T6954] ? __pfx_find_vma_intersection+0x10/0x10 [ 165.883792][ T6954] ? do_mmap+0x69c/0x1210 [ 165.883840][ T6954] __mm_populate+0x1d8/0x380 [ 165.883882][ T6954] ? __pfx___mm_populate+0x10/0x10 [ 165.883927][ T6954] ? up_write+0x1b2/0x520 [ 165.883981][ T6954] vm_mmap_pgoff+0x362/0x450 [ 165.884020][ T6954] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 165.884064][ T6954] ? __x64_sys_futex+0x1e0/0x4c0 [ 165.884104][ T6954] ? __x64_sys_futex+0x1e9/0x4c0 [ 165.884151][ T6954] ksys_mmap_pgoff+0x7d/0x5c0 [ 165.884186][ T6954] ? xfd_validate_state+0x61/0x180 [ 165.884235][ T6954] __x64_sys_mmap+0x125/0x190 [ 165.884286][ T6954] do_syscall_64+0xcd/0x490 [ 165.884343][ T6954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.884376][ T6954] RIP: 0033:0x7fded898e929 [ 165.884405][ T6954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.884438][ T6954] RSP: 002b:00007fded987d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 165.884470][ T6954] RAX: ffffffffffffffda RBX: 00007fded8bb5fa0 RCX: 00007fded898e929 [ 165.884492][ T6954] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 165.884512][ T6954] RBP: 00007fded8a10b39 R08: 0000000000000002 R09: 0000000000008000 [ 165.884531][ T6954] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 165.884550][ T6954] R13: 0000000000000000 R14: 00007fded8bb5fa0 R15: 00007fff61d23bd8 [ 165.884593][ T6954] [ 166.193493][ C0] vkms_vblank_simulate: vblank timer overrun [ 166.249454][ T6957] FAULT_INJECTION: forcing a failure. [ 166.249454][ T6957] name failslab, interval 1, probability 0, space 0, times 0 [ 166.296579][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 166.313150][ T6957] CPU: 0 UID: 0 PID: 6957 Comm: syz.2.233 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 166.313199][ T6957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.313218][ T6957] Call Trace: [ 166.313229][ T6957] [ 166.313241][ T6957] dump_stack_lvl+0x16c/0x1f0 [ 166.313298][ T6957] should_fail_ex+0x512/0x640 [ 166.313344][ T6957] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 166.313400][ T6957] should_failslab+0xc2/0x120 [ 166.313431][ T6957] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 166.313482][ T6957] ? alloc_empty_file+0x55/0x1e0 [ 166.313523][ T6957] alloc_empty_file+0x55/0x1e0 [ 166.313559][ T6957] path_openat+0xda/0x2cb0 [ 166.313604][ T6957] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.313654][ T6957] ? __pfx_path_openat+0x10/0x10 [ 166.313706][ T6957] ? __lock_acquire+0xb8a/0x1c90 [ 166.313763][ T6957] do_filp_open+0x20b/0x470 [ 166.313820][ T6957] ? __pfx_do_filp_open+0x10/0x10 [ 166.313902][ T6957] ? alloc_fd+0x471/0x7d0 [ 166.313961][ T6957] do_sys_openat2+0x11b/0x1d0 [ 166.314006][ T6957] ? __pfx_do_sys_openat2+0x10/0x10 [ 166.314046][ T6957] ? __sys_sendmsg+0x18c/0x220 [ 166.314109][ T6957] __x64_sys_openat+0x174/0x210 [ 166.314147][ T6957] ? __pfx___x64_sys_openat+0x10/0x10 [ 166.314204][ T6957] do_syscall_64+0xcd/0x490 [ 166.314259][ T6957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.314292][ T6957] RIP: 0033:0x7f84f5b8e929 [ 166.314319][ T6957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.314350][ T6957] RSP: 002b:00007f84f39f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 166.314381][ T6957] RAX: ffffffffffffffda RBX: 00007f84f5db5fa0 RCX: 00007f84f5b8e929 [ 166.314403][ T6957] RDX: 0000000000000100 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 166.314424][ T6957] RBP: 00007f84f5c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 166.314444][ T6957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.314463][ T6957] R13: 0000000000000000 R14: 00007f84f5db5fa0 R15: 00007ffd724974c8 [ 166.314505][ T6957] [ 166.530354][ C0] vkms_vblank_simulate: vblank timer overrun [ 166.862330][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 166.869515][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 166.924656][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 166.954737][ T6965] FAULT_INJECTION: forcing a failure. [ 166.954737][ T6965] name fail_futex, interval 1, probability 0, space 0, times 0 [ 166.968032][ T6965] CPU: 0 UID: 0 PID: 6965 Comm: syz.2.236 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 166.968077][ T6965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.968096][ T6965] Call Trace: [ 166.968106][ T6965] [ 166.968118][ T6965] dump_stack_lvl+0x16c/0x1f0 [ 166.968185][ T6965] should_fail_ex+0x512/0x640 [ 166.968240][ T6965] get_futex_key+0x1d0/0x1540 [ 166.968285][ T6965] ? __pfx_get_futex_key+0x10/0x10 [ 166.968339][ T6965] futex_wake+0xea/0x530 [ 166.968389][ T6965] ? rcu_is_watching+0x12/0xc0 [ 166.968422][ T6965] ? __pfx_futex_wake+0x10/0x10 [ 166.968475][ T6965] ? kmem_cache_free+0x2d1/0x4d0 [ 166.968519][ T6965] ? fd_install+0x225/0x750 [ 166.968559][ T6965] ? putname+0x154/0x1a0 [ 166.968596][ T6965] do_futex+0x1e3/0x350 [ 166.968635][ T6965] ? __pfx_do_futex+0x10/0x10 [ 166.968684][ T6965] __x64_sys_futex+0x1e0/0x4c0 [ 166.968725][ T6965] ? __x64_sys_openat+0x174/0x210 [ 166.968760][ T6965] ? __pfx___x64_sys_futex+0x10/0x10 [ 166.968817][ T6965] do_syscall_64+0xcd/0x490 [ 166.968874][ T6965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.968908][ T6965] RIP: 0033:0x7f84f5b8e929 [ 166.968933][ T6965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.968964][ T6965] RSP: 002b:00007f84f39f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 166.969002][ T6965] RAX: ffffffffffffffda RBX: 00007f84f5db5fa8 RCX: 00007f84f5b8e929 [ 166.969024][ T6965] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f84f5db5fac [ 166.969043][ T6965] RBP: 00007f84f5db5fa0 R08: 00007f84f6903000 R09: 0000000000000000 [ 166.969064][ T6965] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f84f5db5fac [ 166.969083][ T6965] R13: 0000000000000000 R14: 00007ffd724973e0 R15: 00007ffd724974c8 [ 166.969124][ T6965] [ 167.158079][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.697721][ T6977] netlink: 8 bytes leftover after parsing attributes in process `syz.1.239'. [ 168.361966][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 168.427452][ T4397] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.775248][ T4397] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.922019][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 168.928149][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 169.352644][ T4397] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.557755][ T7012] syz.1.246 uses obsolete (PF_INET,SOCK_PACKET) [ 169.791936][ T7017] sp0: Synchronizing with TNC [ 169.797378][ T5849] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 169.868383][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 169.884861][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 169.892750][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 169.900687][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 169.908367][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 169.951274][ T7007] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 170.184906][ T4397] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.445068][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 171.004820][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 171.012245][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 171.253609][ T4397] bridge_slave_1: left allmulticast mode [ 171.259654][ T4397] bridge_slave_1: left promiscuous mode [ 171.283908][ T4397] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.328990][ T4397] bridge_slave_0: left allmulticast mode [ 171.353526][ T4397] bridge_slave_0: left promiscuous mode [ 171.359726][ T4397] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.968629][ T5836] Bluetooth: hci3: command tx timeout [ 172.196203][ T4397] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 172.219000][ T4397] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 172.244907][ T4397] bond0 (unregistering): Released all slaves [ 172.981754][ T30] audit: type=1806 audit(1750598038.644:5): xattr="" res=-22 [ 173.443473][ T7054] block nbd7: not configured, cannot reconfigure [ 173.861171][ T7023] chnl_net:caif_netlink_parms(): no params data found [ 174.044077][ T5836] Bluetooth: hci3: command tx timeout [ 174.469765][ T4397] hsr_slave_0: left promiscuous mode [ 174.527873][ T4397] hsr_slave_1: left promiscuous mode [ 174.543657][ T4397] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 174.561557][ T4397] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 174.604219][ T4397] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 174.634002][ T4397] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 174.698190][ T4397] veth1_macvtap: left promiscuous mode [ 174.713603][ T4397] veth0_macvtap: left promiscuous mode [ 174.729663][ T4397] veth1_vlan: left promiscuous mode [ 174.739823][ T4397] veth0_vlan: left promiscuous mode [ 174.991257][ T7087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.259'. [ 175.600169][ T4397] team0 (unregistering): Port device team_slave_0 removed [ 175.855374][ T7092] netlink: 342 bytes leftover after parsing attributes in process `syz.1.260'. [ 176.126463][ T5849] Bluetooth: hci3: command tx timeout [ 176.387061][ T7023] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.395189][ T7023] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.403756][ T7023] bridge_slave_0: entered allmulticast mode [ 176.419426][ T7023] bridge_slave_0: entered promiscuous mode [ 176.469184][ T7023] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.478240][ T7023] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.486299][ T7023] bridge_slave_1: entered allmulticast mode [ 176.494973][ T7023] bridge_slave_1: entered promiscuous mode [ 176.635047][ T7023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.677520][ T7023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.871358][ T7023] team0: Port device team_slave_0 added [ 176.906294][ T7023] team0: Port device team_slave_1 added [ 177.013468][ T7023] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.020518][ T7023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 177.085807][ T7023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 177.104166][ T7023] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 177.111184][ T7023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 177.137146][ C1] vkms_vblank_simulate: vblank timer overrun [ 177.147184][ T7023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 177.407974][ T7023] hsr_slave_0: entered promiscuous mode [ 177.423438][ T7023] hsr_slave_1: entered promiscuous mode [ 177.440694][ T7023] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 177.460397][ T7023] Cannot create hsr debugfs directory [ 177.827152][ T5836] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 178.204937][ T5836] Bluetooth: hci3: command tx timeout [ 178.830174][ T7023] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 178.878392][ T7023] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 178.924457][ T7023] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 178.979848][ T7023] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 180.071044][ T7023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.195583][ T7023] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.255883][ T4397] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.263760][ T4397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.337421][ T4397] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.344727][ T4397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.595433][ T7023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.694073][ T7231] netlink: 8 bytes leftover after parsing attributes in process `syz.3.280'. [ 183.207922][ T7023] veth0_vlan: entered promiscuous mode [ 183.246400][ T7023] veth1_vlan: entered promiscuous mode [ 183.525770][ T7023] veth0_macvtap: entered promiscuous mode [ 183.567483][ T7023] veth1_macvtap: entered promiscuous mode [ 183.646603][ T7023] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.714961][ T7023] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 183.755941][ T7023] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.772109][ T7023] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.787145][ T7023] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.811334][ T7023] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.263639][ T146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.290490][ T146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.394807][ T4397] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.423326][ T4397] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.485727][ T7266] FAULT_INJECTION: forcing a failure. [ 184.485727][ T7266] name failslab, interval 1, probability 0, space 0, times 0 [ 184.712425][ T7266] CPU: 0 UID: 0 PID: 7266 Comm: syz.1.287 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 184.712476][ T7266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 184.712496][ T7266] Call Trace: [ 184.712507][ T7266] [ 184.712519][ T7266] dump_stack_lvl+0x16c/0x1f0 [ 184.712577][ T7266] should_fail_ex+0x512/0x640 [ 184.712624][ T7266] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 184.712696][ T7266] should_failslab+0xc2/0x120 [ 184.712728][ T7266] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 184.712782][ T7266] ? __d_alloc+0x31/0xaa0 [ 184.712839][ T7266] __d_alloc+0x31/0xaa0 [ 184.712896][ T7266] d_alloc+0x4a/0x1e0 [ 184.712950][ T7266] d_alloc_parallel+0xe3/0x12e0 [ 184.712994][ T7266] ? __lock_acquire+0xb8a/0x1c90 [ 184.713038][ T7266] ? look_up_lock_class+0x59/0x150 [ 184.713089][ T7266] ? register_lock_class+0x41/0x4c0 [ 184.713137][ T7266] ? __pfx_d_alloc_parallel+0x10/0x10 [ 184.713181][ T7266] ? lockdep_init_map_type+0x5c/0x280 [ 184.713229][ T7266] ? lockdep_init_map_type+0x5c/0x280 [ 184.713283][ T7266] __lookup_slow+0x193/0x460 [ 184.713321][ T7266] ? __pfx___lookup_slow+0x10/0x10 [ 184.713387][ T7266] ? lookup_fast+0x156/0x610 [ 184.713426][ T7266] ? __pfx_kernfs_iop_permission+0x10/0x10 [ 184.713479][ T7266] walk_component+0x353/0x5b0 [ 184.713527][ T7266] link_path_walk+0x627/0xe20 [ 184.713593][ T7266] path_openat+0x1b0/0x2cb0 [ 184.713638][ T7266] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.713695][ T7266] ? __pfx_path_openat+0x10/0x10 [ 184.713749][ T7266] ? __lock_acquire+0xb8a/0x1c90 [ 184.713797][ T7266] do_filp_open+0x20b/0x470 [ 184.713847][ T7266] ? __pfx_do_filp_open+0x10/0x10 [ 184.713928][ T7266] ? alloc_fd+0x471/0x7d0 [ 184.713993][ T7266] do_sys_openat2+0x11b/0x1d0 [ 184.714030][ T7266] ? __pfx_do_sys_openat2+0x10/0x10 [ 184.714085][ T7266] __x64_sys_openat+0x174/0x210 [ 184.714124][ T7266] ? __pfx___x64_sys_openat+0x10/0x10 [ 184.714186][ T7266] do_syscall_64+0xcd/0x490 [ 184.714242][ T7266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.714276][ T7266] RIP: 0033:0x7fded898e929 [ 184.714303][ T7266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.714335][ T7266] RSP: 002b:00007fded987d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 184.714373][ T7266] RAX: ffffffffffffffda RBX: 00007fded8bb5fa0 RCX: 00007fded898e929 [ 184.714395][ T7266] RDX: 0000000000183841 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 184.714416][ T7266] RBP: 00007fded8a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 184.714435][ T7266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 184.714455][ T7266] R13: 0000000000000000 R14: 00007fded8bb5fa0 R15: 00007fff61d23bd8 [ 184.714498][ T7266] [ 185.476493][ T7275] netlink: 8 bytes leftover after parsing attributes in process `syz.2.289'. [ 187.663354][ T7328] can: request_module (can-proto-4) failed. [ 188.284328][ T7345] netlink: 8 bytes leftover after parsing attributes in process `syz.3.301'. [ 188.912241][ T7362] netlink: 326 bytes leftover after parsing attributes in process `syz.1.307'. [ 189.979733][ T7369] netlink: 28 bytes leftover after parsing attributes in process `syz.3.309'. [ 190.100966][ T7389] netlink: 8 bytes leftover after parsing attributes in process `syz.1.312'. [ 190.718906][ T7402] netlink: zone id is out of range [ 190.779072][ T7402] netlink: zone id is out of range [ 190.880676][ T7402] netlink: zone id is out of range [ 190.885959][ T7402] netlink: zone id is out of range [ 190.891209][ T7402] netlink: zone id is out of range [ 190.896507][ T7402] netlink: zone id is out of range [ 190.901778][ T7402] netlink: zone id is out of range [ 190.907029][ T7402] netlink: zone id is out of range [ 190.941995][ T7402] netlink: zone id is out of range [ 190.973017][ T7402] netlink: zone id is out of range [ 192.652696][ T7439] can: request_module (can-proto-4) failed. [ 192.943042][ T7450] netlink: 8 bytes leftover after parsing attributes in process `syz.3.324'. [ 194.225617][ T7476] snd_aloop snd_aloop.0: control 16781581:65535:512:'?F/zF˷fC:1037 is already present [ 195.648617][ T7491] netlink: 8 bytes leftover after parsing attributes in process `syz.4.334'. [ 195.744902][ T7493] FAULT_INJECTION: forcing a failure. [ 195.744902][ T7493] name failslab, interval 1, probability 0, space 0, times 0 [ 195.793050][ T7493] CPU: 0 UID: 0 PID: 7493 Comm: syz.3.333 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 195.793099][ T7493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 195.793119][ T7493] Call Trace: [ 195.793130][ T7493] [ 195.793143][ T7493] dump_stack_lvl+0x16c/0x1f0 [ 195.793203][ T7493] should_fail_ex+0x512/0x640 [ 195.793252][ T7493] ? __kmalloc_noprof+0xbf/0x510 [ 195.793305][ T7493] ? realloc_user_queue+0x270/0x310 [ 195.793342][ T7493] should_failslab+0xc2/0x120 [ 195.793374][ T7493] __kmalloc_noprof+0xd2/0x510 [ 195.793432][ T7493] realloc_user_queue+0x270/0x310 [ 195.793472][ T7493] ? __pfx_snd_timer_user_open+0x10/0x10 [ 195.793511][ T7493] snd_timer_user_open+0xfc/0x180 [ 195.793559][ T7493] snd_open+0x1fe/0x450 [ 195.793590][ T7493] ? __pfx_snd_open+0x10/0x10 [ 195.793620][ T7493] chrdev_open+0x234/0x6a0 [ 195.793672][ T7493] ? __pfx_apparmor_file_open+0x10/0x10 [ 195.793715][ T7493] ? __pfx_chrdev_open+0x10/0x10 [ 195.793771][ T7493] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 195.793826][ T7493] do_dentry_open+0x741/0x1c10 [ 195.793877][ T7493] ? __pfx_chrdev_open+0x10/0x10 [ 195.793939][ T7493] vfs_open+0x82/0x3f0 [ 195.793980][ T7493] path_openat+0x1de4/0x2cb0 [ 195.794043][ T7493] ? __pfx_path_openat+0x10/0x10 [ 195.794095][ T7493] ? __lock_acquire+0xb8a/0x1c90 [ 195.794146][ T7493] do_filp_open+0x20b/0x470 [ 195.794195][ T7493] ? __pfx_do_filp_open+0x10/0x10 [ 195.794276][ T7493] ? alloc_fd+0x471/0x7d0 [ 195.794334][ T7493] do_sys_openat2+0x11b/0x1d0 [ 195.794372][ T7493] ? __pfx_do_sys_openat2+0x10/0x10 [ 195.794427][ T7493] __x64_sys_openat+0x174/0x210 [ 195.794466][ T7493] ? __pfx___x64_sys_openat+0x10/0x10 [ 195.794522][ T7493] do_syscall_64+0xcd/0x490 [ 195.794590][ T7493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.794624][ T7493] RIP: 0033:0x7f8deb98e929 [ 195.794655][ T7493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.794688][ T7493] RSP: 002b:00007f8dec822038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 195.794721][ T7493] RAX: ffffffffffffffda RBX: 00007f8debbb6080 RCX: 00007f8deb98e929 [ 195.794742][ T7493] RDX: 0000000000101802 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 195.794764][ T7493] RBP: 00007f8deba10b39 R08: 0000000000000000 R09: 0000000000000000 [ 195.794784][ T7493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 195.794803][ T7493] R13: 0000000000000000 R14: 00007f8debbb6080 R15: 00007ffe739b7a48 [ 195.794846][ T7493] [ 196.053679][ C0] vkms_vblank_simulate: vblank timer overrun [ 198.187406][ T7519] netlink: 'syz.2.339': attribute type 11 has an invalid length. [ 198.252048][ T7519] netlink: 'syz.2.339': attribute type 11 has an invalid length. [ 198.261929][ T7519] netlink: 'syz.2.339': attribute type 11 has an invalid length. [ 198.902611][ T7524] relay: one or more items not logged [item size (56) > sub-buffer size (4)] [ 199.302224][ T7515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 199.357190][ T7515] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 199.408443][ T7515] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 199.462116][ T7515] page_type: f5(slab) [ 199.469255][ T7519] could not allocate digest TFM handle binfmt_misc [ 199.482134][ T7515] raw: 00fff00000000040 ffff88801ce95780 dead000000000122 0000000000000000 [ 199.532013][ T7515] raw: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 199.540736][ T7537] can: request_module (can-proto-4) failed. [ 199.550776][ T7515] head: 00fff00000000040 ffff88801ce95780 dead000000000122 0000000000000000 [ 199.559963][ T7515] head: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 199.701951][ T7515] head: 00fff00000000001 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 199.742222][ T7515] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 199.750946][ T7515] page dumped because: unmovable page [ 199.829454][ T7515] page_owner tracks the page as allocated [ 199.872221][ T7515] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5216, tgid 5216 (udevadm), ts 46115271902, free_ts 37214482549 [ 199.895227][ C0] vkms_vblank_simulate: vblank timer overrun [ 199.984846][ T7515] post_alloc_hook+0x1c0/0x230 [ 199.991232][ T7515] get_page_from_freelist+0x1321/0x3890 [ 199.997527][ T7515] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 200.003964][ T7515] alloc_pages_mpol+0x1fb/0x550 [ 200.009084][ T7515] new_slab+0x23b/0x330 [ 200.014012][ T7515] ___slab_alloc+0xd9c/0x1940 [ 200.018915][ T7515] __slab_alloc.constprop.0+0x56/0xb0 [ 200.025078][ T7515] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 200.031128][ T7515] __d_alloc+0x31/0xaa0 [ 200.039634][ T7515] d_alloc+0x4a/0x1e0 [ 200.045227][ T7515] d_alloc_parallel+0xe3/0x12e0 [ 200.052318][ T7515] __lookup_slow+0x193/0x460 [ 200.057106][ T7515] walk_component+0x353/0x5b0 [ 200.062758][ T7515] link_path_walk+0x627/0xe20 [ 200.067617][ T7515] path_lookupat+0x15a/0x6d0 [ 200.073882][ T7515] filename_lookup+0x224/0x5f0 [ 200.078844][ T7515] page last free pid 1 tgid 1 stack trace: [ 200.082360][ T7549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.344'. [ 200.098098][ T7515] __free_frozen_pages+0x7fe/0x1180 [ 200.105801][ T7515] free_contig_range+0x183/0x4b0 [ 200.132063][ T7515] destroy_args+0x7f6/0xa60 [ 200.182177][ T7515] debug_vm_pgtable+0x13b8/0x2d00 [ 200.187310][ T7515] do_one_initcall+0x120/0x6e0 [ 200.222140][ T7515] kernel_init_freeable+0x5c2/0x900 [ 200.233121][ T7515] kernel_init+0x1c/0x2b0 [ 200.237526][ T7515] ret_from_fork+0x5d7/0x6f0 [ 200.640902][ T7515] ret_from_fork_asm+0x1a/0x30 [ 202.556520][ T7589] netlink: 16 bytes leftover after parsing attributes in process `syz.4.353'. [ 202.706477][ T5836] Bluetooth: hci1: unexpected subevent 0x19 length: 252 > 28 [ 202.715308][ T5836] Bluetooth: hci1: Unable to find connection with handle 0xc3d2 [ 203.485437][ T7607] ceph: Failed to parse sending metrics switch value 'P^' [ 204.704076][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.710551][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 207.500899][ T7662] Invalid ELF header magic: != ELF [ 208.004542][ T7681] binder: 7680:7681 ioctl c0306201 0 returned -14 [ 209.927801][ T30] audit: type=1800 audit(1750598075.594:6): pid=7705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.374" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 210.284795][ T7721] netlink: 16 bytes leftover after parsing attributes in process `syz.2.376'. [ 211.832277][ T7753] netlink: 4 bytes leftover after parsing attributes in process `syz.4.382'. [ 212.303924][ T7771] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 214.924870][ T7808] Console: switching to colour VGA+ 80x25 [ 216.841594][ T7849] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xeffffd32 [ 220.168554][ T7916] netlink: 334 bytes leftover after parsing attributes in process `syz.4.410'. [ 221.306016][ T7939] FAULT_INJECTION: forcing a failure. [ 221.306016][ T7939] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 221.392013][ T7939] CPU: 1 UID: 0 PID: 7939 Comm: syz.4.411 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 221.392062][ T7939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 221.392081][ T7939] Call Trace: [ 221.392091][ T7939] [ 221.392103][ T7939] dump_stack_lvl+0x16c/0x1f0 [ 221.392165][ T7939] should_fail_ex+0x512/0x640 [ 221.392219][ T7939] _copy_to_iter+0x463/0x16f0 [ 221.392282][ T7939] ? __pfx__copy_to_iter+0x10/0x10 [ 221.392336][ T7939] ? const_folio_flags+0x5b/0x100 [ 221.392383][ T7939] ? folio_mark_accessed+0xc1/0xc00 [ 221.392414][ T7939] ? __pfx_folio_mark_accessed+0x10/0x10 [ 221.392453][ T7939] copy_page_to_iter+0x12a/0x1e0 [ 221.392511][ T7939] filemap_read+0x6b1/0xe40 [ 221.392583][ T7939] ? __pfx_filemap_read+0x10/0x10 [ 221.392631][ T7939] ? arch_stack_walk+0xa6/0x100 [ 221.392711][ T7939] ? __pfx_down_read+0x10/0x10 [ 221.392756][ T7939] blkdev_read_iter+0x1ac/0x500 [ 221.392811][ T7939] do_iter_readv_writev+0x738/0x950 [ 221.392865][ T7939] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 221.392916][ T7939] ? bpf_lsm_file_permission+0x9/0x10 [ 221.392948][ T7939] ? security_file_permission+0x71/0x210 [ 221.392992][ T7939] ? rw_verify_area+0xcf/0x680 [ 221.393037][ T7939] vfs_readv+0x4cb/0x8b0 [ 221.393089][ T7939] ? __pfx_vfs_readv+0x10/0x10 [ 221.393135][ T7939] ? find_held_lock+0x2b/0x80 [ 221.393192][ T7939] ? __fget_files+0x20e/0x3c0 [ 221.393246][ T7939] ? do_preadv+0x1a6/0x270 [ 221.393287][ T7939] do_preadv+0x1a6/0x270 [ 221.393330][ T7939] ? __pfx_do_preadv+0x10/0x10 [ 221.393385][ T7939] do_syscall_64+0xcd/0x490 [ 221.393439][ T7939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.393472][ T7939] RIP: 0033:0x7f4d6678e929 [ 221.393498][ T7939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 221.393527][ T7939] RSP: 002b:00007f4d6764a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 221.393558][ T7939] RAX: ffffffffffffffda RBX: 00007f4d669b6080 RCX: 00007f4d6678e929 [ 221.393579][ T7939] RDX: 0000000000000006 RSI: 0000200000000080 RDI: 0040000000000003 [ 221.393599][ T7939] RBP: 00007f4d6764a090 R08: 0000000000000005 R09: 0000000000000000 [ 221.393618][ T7939] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 221.393636][ T7939] R13: 0000000000000000 R14: 00007f4d669b6080 R15: 00007ffd321cc468 [ 221.393678][ T7939] [ 221.638671][ C1] vkms_vblank_simulate: vblank timer overrun [ 222.447430][ T7958] netlink: 334 bytes leftover after parsing attributes in process `syz.3.419'. [ 224.610517][ T7994] netlink: 334 bytes leftover after parsing attributes in process `syz.4.430'. [ 224.908789][ T8000] net_ratelimit: 546 callbacks suppressed [ 224.908816][ T8000] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 226.746431][ T8024] zram: Added device: zram1 [ 227.506405][ T8034] netlink: 334 bytes leftover after parsing attributes in process `syz.3.440'. [ 228.610426][ T8047] syz.3.445 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 229.314282][ T8067] phram: not enough arguments [ 230.250537][ T8069] zswap: compressor 000 not available [ 230.337962][ T8076] netlink: 334 bytes leftover after parsing attributes in process `syz.1.452'. [ 232.237670][ T8109] netlink: 334 bytes leftover after parsing attributes in process `syz.2.462'. [ 232.677812][ T8116] netlink: 12 bytes leftover after parsing attributes in process `syz.3.464'. [ 232.712080][ T8116] HfR: entered promiscuous mode [ 232.730254][ T8116] netlink: 4 bytes leftover after parsing attributes in process `syz.3.464'. [ 235.857041][ T8120] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 236.207614][ T8151] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 236.227409][ T8151] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 236.237646][ T8151] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 236.246443][ T8151] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 236.262722][ T8151] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 236.268988][ T8151] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 236.284059][ T8151] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 236.602257][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 236.630998][ T8166] netlink: 334 bytes leftover after parsing attributes in process `syz.3.473'. [ 236.884762][ T8168] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 236.884762][ T8168] M' is too long [ 236.914303][ T8168] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 236.914303][ T8168] W ' is too long [ 237.477394][ T8186] netlink: 48 bytes leftover after parsing attributes in process `syz.2.481'. [ 237.851502][ T8188] ================================================================== [ 237.859615][ T8188] BUG: KASAN: wild-memory-access in get_futex_key+0x595/0x1540 [ 237.867185][ T8188] Read of size 8 at addr 1fffffff85ac6f98 by task syz.4.482/8188 [ 237.875021][ T8188] [ 237.877393][ T8188] CPU: 1 UID: 0 PID: 8188 Comm: syz.4.482 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 237.877437][ T8188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 237.877458][ T8188] Call Trace: [ 237.877469][ T8188] [ 237.877481][ T8188] dump_stack_lvl+0x116/0x1f0 [ 237.877546][ T8188] kasan_report+0xe0/0x110 [ 237.877577][ T8188] ? get_futex_key+0x595/0x1540 [ 237.877618][ T8188] kasan_check_range+0x100/0x1b0 [ 237.877658][ T8188] get_futex_key+0x595/0x1540 [ 237.877706][ T8188] ? __pfx_get_futex_key+0x10/0x10 [ 237.877744][ T8188] ? do_futex+0x122/0x350 [ 237.877782][ T8188] futex_wake+0xea/0x530 [ 237.877829][ T8188] ? __pfx_futex_wake+0x10/0x10 [ 237.877880][ T8188] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 237.877922][ T8188] ? syscall_user_dispatch+0x78/0x140 [ 237.877983][ T8188] __x64_sys_futex_wake+0x23d/0x2b0 [ 237.878030][ T8188] do_syscall_64+0xcd/0x490 [ 237.878084][ T8188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.878119][ T8188] RIP: 0033:0x7f4d6678e929 [ 237.878145][ T8188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.878178][ T8188] RSP: 002b:00007f4d6766b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c6 [ 237.878210][ T8188] RAX: ffffffffffffffda RBX: 00007f4d669b5fa0 RCX: 00007f4d6678e929 [ 237.878232][ T8188] RDX: 0000000000000006 RSI: 00000000000003ff RDI: 0000200000000080 [ 237.878252][ T8188] RBP: 00007f4d66810b39 R08: 0000000000000000 R09: 0000000000000000 [ 237.878271][ T8188] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 237.878291][ T8188] R13: 0000000000000000 R14: 00007f4d669b5fa0 R15: 00007ffd321cc468 [ 237.878323][ T8188] [ 237.878334][ T8188] ================================================================== [ 238.059655][ C1] vkms_vblank_simulate: vblank timer overrun [ 238.200260][ T8188] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 238.207632][ T8188] CPU: 0 UID: 0 PID: 8188 Comm: syz.4.482 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 238.219683][ T8188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 238.229800][ T8188] Call Trace: [ 238.233132][ T8188] [ 238.236110][ T8188] dump_stack_lvl+0x3d/0x1f0 [ 238.240783][ T8188] panic+0x71c/0x800 [ 238.244842][ T8188] ? __pfx_panic+0x10/0x10 [ 238.249340][ T8188] ? rcu_is_watching+0x12/0xc0 [ 238.254177][ T8188] ? irqentry_exit+0x3b/0x90 [ 238.258857][ T8188] ? lockdep_hardirqs_on+0x7c/0x110 [ 238.264143][ T8188] ? preempt_schedule_thunk+0x16/0x30 [ 238.269599][ T8188] ? get_futex_key+0x595/0x1540 [ 238.274515][ T8188] ? preempt_schedule_common+0x44/0xc0 [ 238.280052][ T8188] ? get_futex_key+0x595/0x1540 [ 238.285115][ T8188] check_panic_on_warn+0xab/0xb0 [ 238.290190][ T8188] end_report+0x107/0x170 [ 238.294570][ T8188] kasan_report+0xee/0x110 [ 238.299026][ T8188] ? get_futex_key+0x595/0x1540 [ 238.303910][ T8188] kasan_check_range+0x100/0x1b0 [ 238.308878][ T8188] get_futex_key+0x595/0x1540 [ 238.313591][ T8188] ? __pfx_get_futex_key+0x10/0x10 [ 238.318825][ T8188] ? do_futex+0x122/0x350 [ 238.323186][ T8188] futex_wake+0xea/0x530 [ 238.327491][ T8188] ? __pfx_futex_wake+0x10/0x10 [ 238.332379][ T8188] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 238.338653][ T8188] ? syscall_user_dispatch+0x78/0x140 [ 238.344085][ T8188] __x64_sys_futex_wake+0x23d/0x2b0 [ 238.349322][ T8188] do_syscall_64+0xcd/0x490 [ 238.353874][ T8188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.360316][ T8188] RIP: 0033:0x7f4d6678e929 [ 238.364775][ T8188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.384414][ T8188] RSP: 002b:00007f4d6766b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c6 [ 238.392948][ T8188] RAX: ffffffffffffffda RBX: 00007f4d669b5fa0 RCX: 00007f4d6678e929 [ 238.400941][ T8188] RDX: 0000000000000006 RSI: 00000000000003ff RDI: 0000200000000080 [ 238.408943][ T8188] RBP: 00007f4d66810b39 R08: 0000000000000000 R09: 0000000000000000 [ 238.416936][ T8188] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 238.425018][ T8188] R13: 0000000000000000 R14: 00007f4d669b5fa0 R15: 00007ffd321cc468 [ 238.433037][ T8188] [ 238.436448][ T8188] Kernel Offset: disabled [ 238.440795][ T8188] Rebooting in 86400 seconds..