last executing test programs: 11.115945761s ago: executing program 2 (id=4267): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330, 0x0}, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/ip_forward\x00', 0x2002, 0x0) r1 = socket(0x1b, 0x3, 0x76) madvise$auto(0x0, 0x2000040080000004, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f00000002c0)='//\xf2\x00', 0x80000000) open(&(0x7f0000000280)='./file0\x00', 0x418441, 0x20) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) rename$auto(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file0\x00') getsockopt$auto_SO_RCVPRIORITY(r1, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), r4) sendmsg$auto_NFSD_CMD_LISTENER_SET(r4, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000080)=ANY=[@ANYRES8=r2, @ANYRES16=r5, @ANYBLOB="01002bbd7008fcdbdf250600000024000180190002006e6675ef18467b590e076822f20889df8fb873640000000004000100"], 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) prctl$auto(0x3a, 0x1, r0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) io_uring_setup$auto(0x85, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40000a, 0xdf, 0x11, 0xffffffffffffffff, 0xfb) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0xb6d, 0x1, 0x100000000, 0x13, 0xfffffffffffffffa, 0x41) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r6 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r6, 0x40146f2c, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x20000002, 0x8000000000000000, 0x0) 8.709750441s ago: executing program 1 (id=4272): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8800, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x20004000) unshare$auto(0x40000080) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x88) recvmmsg$auto(0x3, 0x0, 0xfff, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) shmdt$auto(0x0) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8001) mincore$auto(0x1000, 0x4000000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) sendmsg$auto_NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x84, 0x0, 0x300, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, "96015337514b1833fd49fabab95ebc0677273bf0aa82d9c22000"}, @NL80211_ATTR_S1G_CAPABILITY={0x35, 0x128, "c09bbba5bf38b799e65113cbe8d903a4b431afc351e0dcd208e5b0f7c329af41698f70eade42850f9dcb3d237045f948b3"}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x7e}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0x7}, @NL80211_ATTR_PBSS={0x4}]}, 0x84}}, 0x80) r2 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000001040), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_GETPDP(r0, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000001080)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x24040814) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r0) r3 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) pidfd_open$auto(r3, 0x0) 8.087587023s ago: executing program 0 (id=4275): mmap$auto(0x0, 0x4, 0x45, 0x800000000015, 0x2, 0x2) (async) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000280)={0x4, 0x80003, 0xa, @state_change={0x200, 0x9, 0x3}}) (async) r1 = ioctl$auto_TUNSETVNETBE2(0xffffffffffffffff, 0x400454de, &(0x7f00000000c0)=0x401) ioctl$auto_BCH_IOCTL_DISK_ONLINE(r1, 0x4010bc06, &(0x7f0000000180)={0xbbbd, 0x0, 0x6}) (async) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0xa0d02, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)) (async) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x20400, 0x0) (async) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) mmap$auto(0x0, 0x0, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) socketpair$auto(0x4, 0x2, 0x10, &(0x7f0000000040)=0x7) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xa, 0x1, 0x948b, 0x3, 0x1, 0x572f14dc, 0x4, 0x80000000, 0x0, 0x7, 0x20000006d3c, 0x7, 0x2, 0x1]}, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x3, 0xd, 0x1, 0x948b, 0x0, 0x15f4da0a, 0x41000000003, 0x9, 0x62, 0x8000001b, 0x7, 0x6d3e, 0x9, 0x2, 0x200]}, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) r5 = getpgid$auto(0x0) getpgrp(r5) capset$auto(0x0, &(0x7f0000000000)={0xb213, 0x101, 0x6}) (async) openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) socket(0x27, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) setfsuid$auto(0x0) (async) r6 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r6, 0x1, &(0x7f0000000000)="140400000000000037") (async) io_setup$auto(0x10000, 0x0) mmap$auto(0x0, 0x2000a, 0x73, 0x40000000000eb1, r3, 0x5) (async) ioctl$auto_BCH_IOCTL_DISK_ONLINE(0xffffffffffffffff, 0x4010bc06, &(0x7f0000000280)={0x5, 0x0, 0x8}) 7.827966745s ago: executing program 0 (id=4276): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8800, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x20004000) unshare$auto(0x40000080) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x88) recvmmsg$auto(0x3, 0x0, 0xfff, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) shmdt$auto(0x0) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8001) mincore$auto(0x1000, 0x4000000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) sendmsg$auto_NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x84, 0x0, 0x300, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, "96015337514b1833fd49fabab95ebc0677273bf0aa82d9c22000"}, @NL80211_ATTR_S1G_CAPABILITY={0x35, 0x128, "c09bbba5bf38b799e65113cbe8d903a4b431afc351e0dcd208e5b0f7c329af41698f70eade42850f9dcb3d237045f948b3"}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x7e}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0x7}, @NL80211_ATTR_PBSS={0x4}]}, 0x84}}, 0x80) r2 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000001040), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_GETPDP(r0, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000001080)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x24040814) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r0) r3 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) pidfd_open$auto(r3, 0x0) 7.490423196s ago: executing program 1 (id=4277): r0 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x10a) mkdirat$auto(r0, &(0x7f0000000080)='./cgroup\x00', 0x9) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00'}) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000140)=""/156, 0x9c) unlink$auto(0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/ext4/sda1/delayed_allocation_blocks\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001040)=""/4088, 0xff8) socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x41}}, 0x6a) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd7\x00', 0x80000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r5, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001280)={0x2c, r6, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8880) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/\x98@dio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r7 = socket(0xa, 0x801, 0x84) connect$auto(0x3, 0x0, 0x54) r8 = socket(0xa, 0x5, 0x84) getsockopt$auto(r8, 0x84, 0x9, 0x0, &(0x7f0000000000)=0x9b) setsockopt$auto(r7, 0x10000000084, 0x9, 0x0, 0x9c) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 6.394451891s ago: executing program 3 (id=4279): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x303, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) ppoll$auto(&(0x7f0000000000)={r0, 0x40}, 0x2, 0x0, 0x0, 0x8) modify_ldt$auto(0x1, 0x0, 0xc) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen_full\x00', 0x0, 0x0) pread64$auto(r2, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa4\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0xe) inotify_rm_watch$auto(r1, 0x8001) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) getpid() openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000c40)='/dev/snd/pcmC1D0p\x00', 0x80000, 0x0) ioctl$auto___SNDRV_PCM_IOCTL_SYNC_PTR32(0xffffffffffffffff, 0xc0844123, &(0x7f0000000c80)={0xfffff0e2, @reserved="3bbf499add00ae9e1193e324e0709070d9d380259c6af793dcc44dd1b9113843177aabde70de590a05513636e63c9ede41882fc5aabb42b93af8ff92f9657f51", @reserved="c8c81f87f64c9a54756de83655dad52d737ef71ff932fcd56f303b8f01f79639f6d34f55aba6aa0787df7040df21d217fa213a492ce102e111ca3f5701601194"}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfbTn\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x00\x00\x00\x00\x00\x00', 0x100000a3d9) select$auto(0x202, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x10000, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x6, 0x81, 0x5, 0xd, 0x2, 0x6]}, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r4, 0x405c5503, &(0x7f00000001c0)={{0x90, 0xf2cf, 0x1ff, 0x9}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3866691c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816203df562367fe6596824588a2e3d84ba165f", 0x8}) ioctl$auto_UI_DEV_CREATE(r4, 0x5501, 0x0) ioctl$auto_UI_SET_SWBIT(r4, 0x4004556d, 0x0) fcntl$auto(r4, 0x40, 0xa553) 5.9845314s ago: executing program 0 (id=4280): r0 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x1, 0x2, 0x3c52, 0x13, 0xffffffffffffffff, 0x40) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x3, 0xff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) madvise$auto(0x0, 0x2000040080000004, 0xe) r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x401, 0x0) write$auto_proc_mem_operations_base(r1, 0x0, 0x0) listmount$auto(0x0, 0x0, 0xf4240, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/bus/pnp/drivers/rtc_cmos/unbind\x00', 0x84582, 0x0) write$auto(r2, 0x0, 0x2b6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x200, 0x0) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, 0x0, 0x0) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001b80)='/dev/input/event2\x00', 0x40800, 0x0) ioctl$auto_EVIOCSKEYCODE(r3, 0x40084504, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r4, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r4, 0x0, 0x98c7) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'caif0\x00', 0x0}) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r5, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x1c, r0, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60040440}, 0x800) 5.943177232s ago: executing program 2 (id=4281): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_SESSION_CREATE(r0, 0x0, 0x40) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) mknod$auto(0x0, 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) ioctl$auto_FIDEDUPERANGE(r1, 0xc0189436, 0x8000) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) rename$auto(&(0x7f00000000c0)=':,\x00', &(0x7f0000000100)=':,\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r4, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8, 0x7, 0x100}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x80) 5.854244891s ago: executing program 1 (id=4282): mmap$auto(0x0, 0x2000d, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)={0x34, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x20, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x14, 0x1, "5e1f970f497f9f23d63e72850177cde9"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, '-\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendto$auto(0x3, 0x0, 0x53, 0x8007, 0x0, 0xfffffffc) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) linkat$auto(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) rt_sigqueueinfo$auto(0x0, 0x4, &(0x7f0000000000)={@siginfo_0_0={0xf5, 0x14, 0x7e73, @_sigchld={0x0, 0x0, 0xc, 0x9, 0x401}}}) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/midiC2D0\x00', 0x101, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xc, 0x0, 0x0, &(0x7f0000000040)={[0x4100000001ff, 0x4, 0x5, 0x8fd6, 0x948b, 0xf57c, 0x15f4da0a, 0x3, 0x5, 0x2000000000062, 0x4, 0x20000005, 0x5, 0x800, 0x1, 0x1]}, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xa, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001b, 0x2000000007, 0x3, 0x6, 0x2, 0x6]}, 0x0) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) socket(0x2, 0x1, 0x0) fadvise64$auto_POSIX_FADV_NORMAL(0xffffffffffffffff, 0x5, 0x40000000011, 0x0) write$auto(0x3, 0x0, 0x7fffffff) 5.584960046s ago: executing program 2 (id=4283): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@HWSIM_ATTR_RADIO_NAME={0x5, 0x11, '.'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x4044820) sendmsg$auto_SMC_NETLINK_GET_FBACK_STATS(0xffffffffffffffff, 0x0, 0x40000) 5.426096059s ago: executing program 3 (id=4284): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) keyctl$auto(0x3, 0xfffffffffffffffd, 0x0, 0xee01, 0xa00002) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/nbd14/queue/iosched/prio_aging_expire\x00', 0x207a1, 0x0) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/nbd14/queue/iosched/prio_aging_expire\x00', 0x207a1, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)='-7', 0x2) (async) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)='-7', 0x2) semctl$auto(0x7, 0x2, 0x13, 0x1) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x560a, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = socket(0x28, 0x1, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x400400, 0x0) mmap$auto(0xfffd, 0x2000d, 0x7, 0x14, r2, 0x8000) (async) mmap$auto(0xfffd, 0x2000d, 0x7, 0x14, r2, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0xc2e82, 0x0) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x82802, 0x0) (async) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x82802, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) (async) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/scsi/sg/debug\x00', 0x100, 0x0) pread64$auto(r5, 0x0, 0x6, 0x3) setsockopt$auto(r4, 0x28, 0x1, 0x0, 0x8) sendmsg$auto_NET_SHAPER_CMD_GROUP(r2, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="380000004bfe22bcfdc8f9fa4bb23cd20c4cff1ca551b8c60bf9f7dec0181745532cb6b82f9d6a12399a25f27b02fba392a4ce", @ANYBLOB="010029bd7000fedbdf25040000000c000180080001000300000010000a800c000180080001000200000008000800", @ANYRES32=r3, @ANYBLOB="38df14f698f9fa936f37db4171a4e378b2b02cca032ac36b187536206ed0bf68e0b62c5dd6164c54bfc950d0db8994e4b80ec8ec92b7d1076af4344d9724ea3823929f5850779c3434b297695e2889727bce7a085e017e027b9e98be0d0000440799b7c72e23ffac3dff1282b2b8d9cec9a13dd2a2476991a694e98c16551ce2a1d0a2cf1da448f3a3ccdf5a7a8179ee2f8abacf29e8cb095e21b455e256a6d5bfff32e67aa2bb609b989e9574b373ffaa4300b976f0f69a7f59f1c3dbd4edff6e574695fd471b83a6a922b042589e6845566fa965a3f1642c7ad156d691f80f2c68dc6332587fd7eaf781c925748db9cf03f141941bfe2d2093b98a1e63d337dc15d69a05c7f754ecbde1eeeca6c6c01fd43b6c2519c3b6e0910629add3b181e879c773"], 0x38}, 0x1, 0x0, 0x0, 0x44000}, 0x14) ioctl$auto_FS_IOC_RESVSP64(r4, 0x4030582a, 0x6) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/snd_aloop.0/sound/card1/id\x00', 0x48a22, 0x0) flock$auto(r6, 0x4) write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f00000002c0)='-', 0x1) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000002140)=""/4094, 0xffe) sendmsg$auto_L2TP_CMD_SESSION_DELETE(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c040002", @ANYRES16, @ANYBLOB="000427bd7000ffdbdf25060000000800190000800000"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x10) (async) sendmsg$auto_L2TP_CMD_SESSION_DELETE(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c040002", @ANYRES16, @ANYBLOB="000427bd7000ffdbdf25060000000800190000800000"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x10) clone$auto(0x4, 0xa, &(0x7f0000000180)=0x8f, &(0x7f00000001c0)=0xfffffffe, 0x8) (async) clone$auto(0x4, 0xa, &(0x7f0000000180)=0x8f, &(0x7f00000001c0)=0xfffffffe, 0x8) 5.271689621s ago: executing program 3 (id=4285): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) membarrier$auto(0x2, 0x0, 0x9) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) mmap$auto(0x300, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) ioctl$auto(r0, 0x5646, r0) connect$auto(0x3, &(0x7f0000000000)=@xdp={0x2c, 0x0, 0x0, 0x2b}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) getpid() clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0xc8201, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040), 0xc, &(0x7f00000001c0)={&(0x7f0000000440)={0x118, 0x0, 0x8, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_MODULE_EEPROM_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x73e}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}]}, @ETHTOOL_A_MODULE_EEPROM_I2C_ADDRESS={0x5, 0x6, 0x10}, @ETHTOOL_A_MODULE_EEPROM_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x80000}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x655}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x401}]}, @ETHTOOL_A_MODULE_EEPROM_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @ETHTOOL_A_MODULE_EEPROM_I2C_ADDRESS={0x5, 0x6, 0x8}, @ETHTOOL_A_MODULE_EEPROM_LENGTH={0x8, 0x3, 0x4}, @ETHTOOL_A_MODULE_EEPROM_BANK={0x5, 0x5, 0x7f}, @ETHTOOL_A_MODULE_EEPROM_BANK={0x5, 0x5, 0x2}, @ETHTOOL_A_MODULE_EEPROM_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xcd41}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x4}, 0x40000) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x8d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0xa001, 0x0) write$auto(r3, &(0x7f0000000140)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) 5.212095331s ago: executing program 2 (id=4286): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8800, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x20004000) unshare$auto(0x40000080) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x88) recvmmsg$auto(0x3, 0x0, 0xfff, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) shmdt$auto(0x0) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8001) mincore$auto(0x1000, 0x4000000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) sendmsg$auto_NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x84, 0x0, 0x300, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, "96015337514b1833fd49fabab95ebc0677273bf0aa82d9c22000"}, @NL80211_ATTR_S1G_CAPABILITY={0x35, 0x128, "c09bbba5bf38b799e65113cbe8d903a4b431afc351e0dcd208e5b0f7c329af41698f70eade42850f9dcb3d237045f948b3"}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x7e}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0x7}, @NL80211_ATTR_PBSS={0x4}]}, 0x84}}, 0x80) r2 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000001040), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_GETPDP(r0, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000001080)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x24040814) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r0) r3 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) pidfd_open$auto(r3, 0x0) 5.1517159s ago: executing program 0 (id=4287): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001500)='/sys/kernel/irq/5/actions\x00', 0x22040, 0x0) get_mempolicy$auto(0x0, &(0x7f0000000bc0)=0x74ef, 0xa8b7, 0x5, 0x100000001) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/resend_igmp\x00', 0x1e2142, 0x0) sendfile$auto(r0, r0, 0x0, 0x7fff) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) io_setup$auto(0xe1, &(0x7f0000000180)=0x8) r1 = ioctl$auto_TUNGETVNETLE2(0xffffffffffffffff, 0x800454dd, 0x0) setsockopt$auto_SO_DEBUG(r1, 0x3, 0x1, &(0x7f00000000c0)='\x00', 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r2, 0x4601, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/scsi\x00', 0x40d81, 0x0) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000080), 0x0) mmap$auto(0x80, 0x8, 0x2, 0x40eb2, 0xffffffffffffffff, 0x300000000000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xc0c00, 0x0) adjtimex$auto(0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendmsg$auto_ILA_CMD_DEL(0xffffffffffffffff, 0x0, 0x88d4) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000001c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xda\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00O\x82\xe1\x8b\xdb<\xbak+W\xffh\x9b\xf6\x10\xc9w\xa9V\xcc2\xfb*\"\xf1c\x17', 0x10000100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty0\x00', 0x0, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/kvm/notify_window_exits\x00', 0x20000, 0x0) read$auto(0x3, 0x0, 0x80) r5 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r5, 0x0, 0x9) socket(0xa, 0x6, 0x0) 3.513480321s ago: executing program 3 (id=4288): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8800, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x20004000) unshare$auto(0x40000080) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0xa, 0x2, 0x88) recvmmsg$auto(0x3, 0x0, 0xfff, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) shmdt$auto(0x0) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8001) mincore$auto(0x1000, 0x4000000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) sendmsg$auto_NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x84, 0x0, 0x300, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, "96015337514b1833fd49fabab95ebc0677273bf0aa82d9c22000"}, @NL80211_ATTR_S1G_CAPABILITY={0x35, 0x128, "c09bbba5bf38b799e65113cbe8d903a4b431afc351e0dcd208e5b0f7c329af41698f70eade42850f9dcb3d237045f948b3"}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x7e}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0x7}, @NL80211_ATTR_PBSS={0x4}]}, 0x84}}, 0x80) r2 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000001040), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_GETPDP(r0, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000001080)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x24040814) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r0) r3 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = pidfd_open$auto(r3, 0x0) process_mrelease$auto(r4, 0x0) 2.881321066s ago: executing program 1 (id=4289): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe986, 0x100000000000004, 0xeb1, 0xffffffffffffffff, 0x8000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x101) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) close_range$auto(0x2, 0x8, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x184) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000080)='/proc/kpageflags\x00', 0x2, 0x0) r1 = socket(0x2, 0x1, 0x106) openat$auto_fops_u32_ro_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim6/ports/2/bpf_offloaded_id\x00', 0x141800, 0x0) getsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x0) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) set_mempolicy$auto(0x6, 0x0, 0x21) unshare$auto(0x40000080) msgctl$auto_IPC_RMID(0x4, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d1) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r0) sendmsg$auto_NL80211_CMD_DEL_KEY(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000001200)=ANY=[], 0x1558}, 0x1, 0x0, 0x0, 0x10}, 0x4010) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) 2.257729712s ago: executing program 0 (id=4290): mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) r0 = clone$auto(0xb74b, 0xfffffffe, 0x0, 0x0, 0xc) sendmsg$auto_NL80211_CMD_DEL_MPATH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000001200)={0x159c, 0x0, 0x2, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x8}, @NL80211_ATTR_REG_RULES={0x1576, 0x22, 0x0, 0x1, [@nested={0xcc, 0xd1, 0x0, 0x1, [@generic="3875722f631a2e1a5f6de2f81958ed9f6178b57a2bedd18274e957b3d29c73ac9a8a56e09781fe815d68a8e22e3357e7d02458fb8c0493ab4a06ace5808991bead8ae47b594b79c0d240a0c5da9360e1d4fc5df45182c7d6c5", @generic="a48e569a100ffb723ba9d0c6c3f2be3a44c05409bbaf97b215a387d3c3b1b5488b69b377534bccdba04b26b766bbcb60dfa33b9aa5172bd81917bfbe562e9b7bf24a17ae82cc8c92fb69f6dff57d3f93d37a787de5404efd4bf6c17e5bbc18d23d398e0b2118a719151de58262451b"]}, @typed={0x8, 0x121, 0x0, 0x0, @pid=r0}, @nested={0x10fa, 0xc4, 0x0, 0x1, [@nested={0x4, 0xf9}, @generic="922a0eddc9f7eb7fb3c75d619a1c8dca2a4124b889e35494fdf6267a420e71d6110cee62aa4533c16db2f489a125e9aeb6765c52b63149aff5e4a4e1d23625d0ede2ae9cd8b305704d4d43fc3a5de45f94741a134c571748f492582591e380784e2337c1ab1d5cfc9bf6f123d075ef49ddf3d35744f7bb9a41d7ee2aa862f0753f88b941528f184909bd", @typed={0x14, 0x11e, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @generic, @nested={0x4, 0xf8}, @generic="cb453df960d1316abd97581b2164ff094054eaa28524945e22e3bf08a5a0b2b5c26a62ed1e203c3372d346850fa925fdc9db7324333826d6df4a8ce0cc6a36efef387f05", @nested={0x4, 0x7b}, @generic="6860c738e4c8303cb0b18c45eb572ec7ec549eeb057ffe57e245a2c8c27576467344f3543b56ea70765127d86c31c737feca2c6a864bfd76e458a0d4c7370ec3f1778e864ca29f767a2241dd482bae01e5f719e2c82a0cb16c1a1ac18717645df7f2a22d07cb54f5fdae93ad901ab9c576499cfd6ea69dfb63c1cb51dd2b0a16932e46db61440a3fe4eef69cf1622481c37031d9e26f06efbdce37a239d1cb908f30a29cbac833d50c8ef8e5e22183c65be8f406b527c5317053d49256097fe95a9cd8096fcda3a566681edf13223a4e01a9f45e34bb4774c66b92cb5656fa412c1dda4169ec18d3bef9fdecca7486dc6d160eca4b64feeff70a4b36fb06b1e23a502e87f9c5c0c5031f47d3cf4c1ab74de0dead7833c67c33712fe70103296c017a5fbf04ad991375c7c7050dde28952c9695c3ed7c20849917ad18c98f48eed86dc6916a1a112f0628d9f2105a2d331733407eaf3c5b28010c4c50bb1122998098be76446247997b975c3e7911fab9f2f4e8c8a749dac5cb0fbb82103b5fed86e3fc908710cc87aa193828a3935c54c58812ebbd337b2f10d2d1a538c91529f110bd75d51ccceb4e524251b68529e2d884c3fbc14cabb34e5ab230a68e3fdfc2f7dee52a859db57a4d47a8e99a003a839b73c6331730931ba6f1d82166b253980a660a69977481ff1e9eb7b1665d99251b4ebef9e6ad2d0bd19b7eaab63c0eef9fcfd99b2b528beec407c64540d2f72034b1ffb86382571d1f40acd3d98c6fa2f0660242d755aa3b3b17d09ab7c694cfef987ffb37206c59fad6702a0aa7030950c9ceeac35c6b1179e3184eb97f816dde9afebf34b43997e47ae679f42e9593df6b2547df790cd98d5138a7e9d90eed1f84c4f642ba29df1e5f1eb3f0586efee549231e92ba5117f2e727b3d7735db8b34d82dc8586b0e04aeeff60b2574ecb530f5f8e5caaf55252af19d0e6cbfa210bf3859fe2ce39056813c9691ae320d47ab1cac71641a961e107434a6053b5295ff44d8cc7810076469e24d4f4b09368ca76d40b3e5714821242e23a45e776c3c9e4497a6f86315037c1d8887cf6eccac8b709862cbcb9bc04b77ea02d7c98f7e3a68401615cc3dec3565ecfc52a2c94f83d20cc5c09e9c03cff54cf0e278e18964e9bbe894b1b15cd076d2694f8f2b2a930026c140bdf6657e6a1e5b0e71419171b1433e9b354765cafdf1f009bb9d19b6593c47ff9b758dfb74a3294ac7b76728ce3580d5bac7d0975533cd156db894dde88718f552ff1a6236dfcdb85840494a936a03f165368c50ab1b6fcc64cca7e44b89dedb48dd9b93dfe5a8de56f810cd2bf9bea85ab019fa26a2bf3804c92e08137e8e67c4ad162a78cda64d4d515bc435814a1db0cb81d64187ea94dda9825f07c5d594e2c19af6e42b83149761c7ab63308866d68e653b77bac506fd986813eba66475bd5839388775eb15fcf708dc4785532df0a146e345e0ce00d3f8fd5c9d00a9e16d710266b40f9cfffaec707be7138fdf0258fb11420ba8261c0997fa1b732320b4b3ab484b9d4832e1d0e006829e81a4117b002d6915822bfd6b4e9f0b6408674a1187d23f520f1f8bbee839b1ef746d716d7998b8b24bf034e6bdc75cebaadb896e894d90f0a036526ca21cddabf92fcaf29c8174e78a4df8fd5ce6393fafcab27cc4cde596a357d332a647d04ec51274b7153a0b6f28823794eed31199e14f65e3853d74a5405026e6b17a57879a2105b6830805b7d32d2d2ba5edf62eacef3f3ffa04418f0f106058de6a8cc01e30a2e7708aecef4107f14ca2cda4490b27bc0ba956d8862784a91e47a07dd9c3480613e965df29241d2334a22578b8e97db41ec1cb27ebf6095369e842356978b9e8d1daf4a4035aa6368783edbcaaf90117238d2944f65a2f825897dc91c27b9645b82fb8c0d35ca70f8e6c509ef56a4d4fe1b688077bfd4bab6ba5a6df1179c4953646fdcf3ba4a1e8cb32ba3687a01309752d6ed5b994b4e1ce5ba77335806c9ce64ef0200a402f617cffb2439eecb716307106afdff5fb9f9a7f0e3967cad5021847c2cfd5a06ef4fcf90f84183e508802b299ed24b9f0499ebdbd18a27fac17468aea6141babe08bbb4a9f1708cfd101018c9e7d3702b7d766639580a101215bb80a51fb14b63ed084d29f45bab570e3e8b406095cda7f00219ceb752f155d7d5f5d00997be2c4dd7166b1efc4187f51c3e52338566616e8ef8d7a6c2d6aa4945f503430270d3a2d5c8f0080b0e6b8b83c8cf202717e2080e32f72e4501df8f7c6ef4d419fd47b7ea7c7372f63838ee8ef0b73eabf9499e185aa3e5f2136afe86d4fc78d57cd14498c842b77902d745a79d0b0d5c3baf8e593729ddc656a27bf4967f6a8ddfa0be79c8772a96663510382e8a8d684d220041738250c5430e22266dea2c21fbe366de298a6231df04f699fa7714cef52c1ddd26baef0885bfcdf19b7b4c2924eed6f7660aa8c38df90a90942beb01780d1abad88255fa9057efbca19da162216928ca5c9f78f7d4c29eda89664bc3191ea683501d78b96e101e237886bf9918053ceed53b5898a257496d037a7559e7d5130f417de2b92d474e8824440a06b2939d146cfef653a205da334a46824222d12c814045c0164ba142fc0eb5be712f093eaacbd730296ccdeb38d3478afb9ea6560f8aea5d464e3e4cc7f4cfd062c91c8e303dd35ccf6fd789b041fce86eded03b3cdafdac2032ebb920ac310e580262271246f3c4d6c77dd5f92ddb65b4ad520956565a39962cabfd4fe0ff6dea1f4ca06c921277bb1282ffd8ae6556197d975f0c84f8abec06643b4d87b9b2c960ddf750976d428f1b8f34eb606124e0ee06bd32aed93029201adf5990c4262b30e97a1a6d1c2142a1b68860c3416d976db0f397c8860733dce6ead6ad494bec220e1baf82e425b719f612c0cd55bb698961a3ea9bfdddc834b9add45774bc2007e090c7b942ee7fa64d6757420c277a32201a035db5091665c7c16ae869f7cdb60fe979bb34916b7d59efde4c7f4b8c192f1b5869733a318f4493d108ecdf3927ec7d7c6aa9e69ece335a8b2a384546d427ab8707e4962379a92d7eb394ff593281b6042ce308aa9bbe7f71ffcc68164a0a705a096538d6b656fa44fdf1e5630c554c75c9c95061df1b3afdf72fab5733ad650b0078049b260109c4d5274ad2eab220174f3c71aec34c1bd8488515ee78ff373e8a652399319783cb6acaeef4819c7075a9c97fa66e40430de42e2c635d312aed9ccde16450c3dcf64aff63597ac48f1d223ab7d648c370e55db20831183feb325a71ecab66d7e7ae4c097ee058605909f544b15bc14f5a31f03276342d129b694a1f3d8ec7960a08e4e37e48e36aea6692c6bcdde904a25ac1242d00ec5c83498723fdff7b8b7d5864fc086381560df083c20bdc98c8b1a74b7e36b71e3aebceea5d5303e61ccb7ecf344f07da614c08860e38383953dc67b535d7223a6f12f649ed09445beeaa8e37ae4d972f88b53c31498ea594918fcd8c78fd74095264c750270f9ea01be32fbdd7826473b1ed92de6d476472afc15bb1bd8619b325ef0b04fb6ca49a7c7cb80956ed185090017e224f4beb071780a196c08f9c469af2c6dfd36f9c426b80340d42184bb00d9dbcf01478f3e740ac8b6ba108e0e0c9d11415ce16ce4a8400f89f008b790f1f90729f9cf1083a9bc3581f60ea5ce71592f7e3357dd166a0a8faf6166da71d972d08757b51ef355ff6cd4a427adbf9d702b2fcaa0a89b4c3eb4f940d104f1ef7fc162dbcdb07e58e5c3abe206591c53540a9ee619a4096369d091c079e3ea7aef2a511d8cd09414d640d8af6be7127f46499cd8f14ae000abeb4d1bcf38d2223d8ce2aeb48769e3bbcf6fd832a56b63ad12eaf6b7b1dfa386288ba6bb2255086decf7136b5ddd1fa970d58031e569c1f48f5876490c10d902e74e0b116c8ab693a1bfe1d95f86309fe6c84717d2722c0fa1ad36b25f232015c7ea38c238bf19300bc9020453eb78d597753b8995be91508ae34f4bf9f04f10571a2a683f39310e11040876cda0a565c598db4eef478464e1ae7b336329fbe672e130e557bf9679b4cc152dbdc11b9ae8d292289bae84884c9c666dfa2b3124641bcbdabf5a088f424edb470435d25a93901ac3e288efa2a56880a6841efdd2c98443d00cdf22e4f35fe9fbd5b9fe0789d4b923bbb5143084cb44f57849f5b5658e1093f91ec126b07608a5cfda2a2557fe8febddfe9b56d6ff218eab4021b9421e2f5e6bbacc42b64e0bb3813e6abdfae06e122c0504c45c92cc44a9bea9d796631970af8c7e827cef3bfacca14da07d3bac7d35127be6f7408f751f1d71d88260ac2089cbfd7fd3b646210ca83b1cee8f790f03cee566a60d3afcee54a9abd074ee62d1d1dd6b7e70b8c59224ec64cc73f38b03729822bf60bbd3bf756771e55a06add3f9489b4706a33ae4d5a105ffdfe929aac16fc3e6b2020ff2e3791edbbcf316e39b885f584de4f6ac6e35f9da1e2c5ae8ccf71ad09e30472bac75e2e48498d254d481f7cc9f3890292edb3254bf93e99f7d39526226b6c61240c38eb6ea3a94959528e5b8db8063e9cd49618a0ab6be53968eed567a17b0401c18de1e98cf93dccd7e5db8b1cdd20d0425e5652425897bbe0ed7e09c68b0bce4a83b4fbb5952fca6f52e15791e9dd9be95e9b045ce01832ed2c81f54e086dbcc4c39ed980ae450575008c9a6f516df03d940475a93528ced79106ac96ef800af2e64a8954a9b650b3cd15dba7998da0efe198051a6d3cb93c56cc3f5b9c4d66c26d4b3d7845f15ba063ae1a03a1a5af0144e3a2c72d91fff09e9497db8025d04eb69f038a222e8c3f17a8ce9b655fa6ab91193164688d575ec1243a898dee6fb7f8d1304876c9319da081ed814fde8d1113b7bc0d38819d83863a647d39cb924144e1484a5eba835f6ed1e775374882ddbac604912d642191e74811e497b8e1af2ae7d55e475185c25d03b31c21be51376ac6f395cb21ccc6f23c5395751f10bd7ef69a8f431689da20237c9983e6abbeb310f08de150810d77af95a6f97e6ce73fb78c1d8c71f4554823f27f9b06105f1a4377c84e8e3ecad2707eb34a15601bc1b5f77b9fe0d592f2f5e757def366b6d294417a776a16ad0986429fe235783e6947d9ac256604a15415bfff08665230ca40f5f55b97291a0fd7a70165938cbc897afe74dfba51d7fdc9f909fc4aa9921d9f86947a5f1cd299888c7e5a5aaa3158a8682781759b2e06a83fb6e2b02d3604b0007908adf2c3c9a69daacd4725043f795826da78261747f694982b7715b2a142dfead50ac17f8dca021864558024cb6685460f571ca7976c16614f5eac313ccccaaafcd420f76f56e6c79eec85bf65b31070bb0869dc33bc2feca817fcc3d2baffd9294aea1ef0528ed90ab7e2e4aa21b4a9c74ab30f590567abe58653030fd052e7f2c5ead32aafd56d73acc79e4103c071060b6614966d8d4bd41a57ce7223f840034bd1b3110ccc7263ad3dea6bce49e69a31d9798e61182c6d8e1ec6d96da4c9c4684321234953c85cb52b15dfa3c1a44a611c2996aa36f87f65c110b10f24239dae91e2ee9a60e889f74d9fec96e4205adb12d9f8752025fbfb4a8bd96db2d5544ab1f1ea45f3dbf449728a713238566a545e5671d3aa4f406c4879e7d24075b8da78b4bbdfd224ce0bc5cc41a4cd02096149d9285c5577681b01114dfcdafdd356a5eddbc1e5a44fbf16a5027d0531743e71d1895ce", @typed={0x8, 0x76, 0x0, 0x0, @u32=0x5}]}, @nested={0x15d, 0x212e, 0x0, 0x1, [@generic="6118d859daaaec2e20df8ec9a477af9ff64c7357dead53eaa49888847e6edcbf71bd4e4326534999ba2c2d25850ea03026ae4c7c6b51cb34b569d2601d68da640590f5bf0fb6c5c3b472b4f5119240811aada655e8e658b213bc8bd9b5515b8fede6d144569577c1032792bfeaa055d810def8192c6b88ab40463318", @nested={0x4, 0xeb}, @generic="04b15126b6439a3d3a319e83b68ec0607aa34fc32467a4ccb772793fd836e6e3e18e51fe2dd18c1e4d64720300ab2668eb4e9de6f679de36bd84947612643e361b4cabfc2124c69b9a6245c637e84bc861b88c8647cf51b5512e60def77023b7826f7b56ddb302d22cf489ab1286fd3f6ab4054d0bdfd0a748505da59453c281302f04c2ba1b251042ff4c2492aa073f66ddc494e0108624ab5803b7e7a8fe7aecda56ad3a19449e575b544941caf161480c6ab2a57b8aa81b4e5dc8640bc16546566a1083", @typed={0x8, 0x61, 0x0, 0x0, @u32=0x8}, @nested={0x4, 0x143}, @nested={0x4, 0x4c}, @typed={0x4, 0xfb}]}, @generic="54855ed19db19ee8e14bb9d73eb067d786782907a3b0311786ce", @generic="a1f5f6b7291b16d6c59f09d1b71f509bcf50875115475b3edd9d10909e4cec1fd90f0ff9d63c5bd077a8a5008941273f04c5881eab6ab0cae25c76c7b88a725607ef289e77d01d707765d9d6950624dcd740f22764811b645280f6344f16529ed2bb3c8c00e50a68a4eaf41971f4ba32e5474787a68572cb2f04ddf2dc828ff087c45ec122bf854a61aef4ff6f479e04c093496f44b96d14afb6ba5cec79d300cb5be4dea7ee573995dc5870369892099bd0e2c3b883e9dd99ea4d592041c62946213507034b4cd7bd84a6d8b97067f6e82b617219f118fd87099d2b57b54fde0eeac5f39bc16633", @typed={0x8, 0xc6, 0x0, 0x0, @fd}, @generic="5d8b9789ca9a8a6fe29ef35185a410ec5a2c5a16cad4deb20f8570a55f62f33f756b4826bcd1e580056d666f33f696473dd4ba89bbb93159a9050876da4462ad4a081c8e144b6e1832b6819378619c38c23d2ed753156e3d0ac0b9cf43259153a883a0e5693850c27907bd09d973f75fe89e616f888f8358f9680194f383c7aa3966c96723b8136bdab8e87cea47698fd700b2dd55de66b7c2bc4302c4c6226c70e6dbab4308fe00d03f350fea2bb2ce27e1de2db616cbeb548bcbffe685729e0eeddce99a7db3ebcd69acfef99be45b", @generic="dda990a1186671d406b820530a5d9bdf64f275987f404056f730a5403cf0dbe17e64690afe73c4c7246d8fddd494f2d968c6e4f55f1752b751a7312104a7b079ac61a90df42c66519b854f5e71a1afbff79fec8d678d3548e5b879184d1eb1d738af9ccf48e52f87"]}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5}]}, 0x159c}, 0x1, 0x0, 0x0, 0xc004}, 0x4008000) openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000), 0x181441, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x80000, 0x80003b) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) ioctl$auto(r1, 0xc0184d08, r1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x2, 0x2020009, 0x5, 0x400000000eb1, 0xfffffffffffffffa, 0x6de98bd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) membarrier$auto(0x2, 0x0, 0x9) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) connect$auto(0x3, &(0x7f0000000000)=@llc={0x1a, 0x1b, 0x2, 0x5, 0x8, 0x5, @multicast}, 0x9) socket(0x25, 0x3, 0x1) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x0, 0xd2, 0x4000000000df, 0xeb1, 0x401, 0x80000000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) mmap$auto(0x0, 0x400008, 0x2, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x7, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r4 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) ioctl$auto(r4, 0x3b8b, r3) 1.237445246s ago: executing program 2 (id=4291): close_range$auto(0x0, 0xfffffffffffff000, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'ipvlan1\x00'}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x20000001) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) fcntl$auto(0xffffffffffffffff, 0x7, 0xa553) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0xc, 0x0, 0x100000000) setsockopt$auto(0xffffffffffffffff, 0x2b, 0x43b696d3, 0x0, 0x56b) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd1\x00', 0x200, 0x0) mmap$auto(0xffffffff, 0x3, 0x5, 0xeb1, 0x405, 0x8000) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) rseq$auto(&(0x7f0000000080)={0x12, 0x401, 0x8000000, 0x6, 0xffffffff, 0x2, "df7f3b5f3ff166d99410f614d1a23da8d4d41aa25886c209281b4e4e6c7a698c2834b317b3cc771d3360a511f01b6df5f17e3047890aef003cc7f0b159b0e7078dc21c69abe70ae1d080e77fd10d23586178beec6f76d1de897a91ef030353af05b42b527ce2"}, 0x8000, 0x0, 0x6) socket(0x10, 0x2, 0x0) process_mrelease$auto(0xffffffffffffffff, 0xa) mmap$auto(0x1, 0xc0, 0xdf, 0x1000009b72, 0xffffffffffffffff, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) fcntl$auto(0x8000000000000001, 0x26, 0x8) write$auto(0x3, 0x0, 0x100082) ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0xfffffffffffffffc) socket(0x2, 0xa, 0xa) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) 1.206730854s ago: executing program 1 (id=4292): mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x100000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x11, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) close_range$auto(0x2, r0, 0x0) r1 = socket(0x11, 0x2fefcea094935e85, 0x300) setsockopt$auto(r1, 0x107, 0x14, 0x0, 0x4) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x1e, 0x1, 0x0) close_range$auto(0x2, 0x8000, 0x0) socketpair$auto(0x8, 0x1, 0x8000000000000000, 0x0) r3 = socket(0x2a, 0x2, 0x1) connect$auto(r3, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x141241, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x63102, 0x0) sendfile$auto(r4, r5, 0x0, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x6, 0xb69, 0xed, 0x8, 0x3, 0x15f4da0a, 0x6, 0x3, 0x62, 0x4, 0x7, 0x200000000001, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(0x3, 0x0, 0xffd8) r6 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video33\x00', 0x80382, 0x0) ioctl$auto(r6, 0xc0045627, r2) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1060}, 0x5}, 0x2, 0x100) 1.059938111s ago: executing program 3 (id=4293): mmap$auto(0x0, 0x2000d, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)={0x34, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x20, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x14, 0x1, "5e1f970f497f9f23d63e72850177cde9"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, '-\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendto$auto(0x3, 0x0, 0x53, 0x8007, 0x0, 0xfffffffc) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) linkat$auto(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) rt_sigqueueinfo$auto(0x0, 0x4, &(0x7f0000000000)={@siginfo_0_0={0xf5, 0x14, 0x7e73, @_sigchld={0x0, 0x0, 0xc, 0x9, 0x401}}}) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/midiC2D0\x00', 0x101, 0x0) r4 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x1c1041, 0x0) select$auto(0xc, 0x0, 0x0, &(0x7f0000000040)={[0x4100000001ff, 0x4, 0x5, 0x8fd6, 0x948b, 0xf57c, 0x15f4da0a, 0x3, 0x5, 0x2000000000062, 0x4, 0x20000005, 0x5, 0x800, 0x1, 0x1]}, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xa, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001b, 0x2000000007, 0x3, 0x6, 0x2, 0x6]}, 0x0) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) socket(0x2, 0x1, 0x0) fadvise64$auto_POSIX_FADV_NORMAL(r4, 0x5, 0x40000000011, 0x0) write$auto(0x3, 0x0, 0x7fffffff) 81.541601ms ago: executing program 0 (id=4294): mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) socket(0x22, 0x2, 0x0) memfd_secret$auto(0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram8/dev\x00', 0x488981, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x800000000001, 0x0) write$auto(r0, &(0x7f00000005c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D_#\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc^:\xd1\xe3\xf1@\xc0\x93^:Mn#Oi\xaa[X\x93)\x8f\x03K\xe6\xa4\x11?\xf1\x02+\\\xf9\x8b\xe5l5\x11\x006c\x907E\xeb\x81\fB\xe3\xf8n\x8f\x94V\xbcB\x9cm\x9f\x15\x00Q\xf8\x8fFW#?\xd5Z~\xa51\x832\xbd|\x19\xda\x8e\xff\x17\r\x96\xa3\xcc+\xf4a\xffN\xd2_\xe5\\\xf8Lzc\xd4\xa0\x1f\x04_\xf1\xc6\fO\xbe?)Q\xc7\\B\xdb\xeaI\xde\xe9m\xf5\xf9\x19\xd3@IK\xe3c\x0ek\x8drZ\xad\xdc\xbb\xfc\xd4\x1f\xdaOW\x87\xb6Fm\x12\xadw(z\\j\xcc0P\xaeC\x9f\xbf\xd5\xf9\xe3\x85~cG\f\x85\xd6\x84ma\xfd\xdayNj\x80\xdd3^\x87,\x14\x8e\xbe$\x05\x8a\xb0 M\xf6$B TCs\xa9\x91dil[\xfc\a\xbfD\xd9\x8d(F\x1e\f\xec\xe9K|h\xf5\xcaUI\x18#\xbed\xa8C\x8a\xbb\fE\xe6\xa3|\xf7\xa8\xbb\xd3\x97l.V/uc\xb5Q\x1eY\xe0\x03\xa1\xc1\xc8\xe2=RK\x7fWV;\xe4\xccTsf\xa7[\xdd\x9cR\xab\xf81s\xbc\x9c\xaaSGH\x9al\xb9%u\v\xb4\x9d\x95\x16\x01\xbbT\x99S\xf8A\xcd\bRC\xf4\xb0\x1a%\xdd+1\x81\x9d6\x90\xe8\xc6\xc1\x1e\xf0~\xaf\x10g&\xd6\x01l::V\xdbJiVW\xab4G\x97\x9cl', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/lo/disable_ipv6\x00', 0x40001, 0x0) lseek$auto(r3, 0xffffffffffffffff, 0x1) write$auto(r2, 0x0, 0x98c7) r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r4, 0x0, 0xe) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000900)='/sys/kernel/debug/block/nbd0/hctx0/sched_tags\x00', 0x60100, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r1, 0x802c550a, &(0x7f0000000140)={0xd0, 0x3, 0x3, 0x8000, 0x7, 0xa6, 0x5, 0x81, 0x3, 0x0, 0x7, 0x100, [{0x401, 0xebf, 0x5}, {0x7, 0x9, 0x3572}, {0x4, 0xfffffffd, 0x4}, {0x835, 0x5, 0x3}, {0xcf, 0x3ff, 0x3ff}, {0x3, 0x401, 0xf1b6}, {0x7fffffff, 0x36, 0x7ff}]}) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r5 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r5, 0x0, 0x7, 0x6) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ipv6_route\x00', 0x101000, 0x0) read$auto(0xffffffffffffffff, 0x0, 0xb4d3) pread64$auto(r6, 0x0, 0x8, 0xffff) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, 0x0, 0x0, 0x0) r7 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0p\x00', 0x250002, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_TSTAMP(r7, 0x40044102, &(0x7f0000000100)=0x2) 65.095672ms ago: executing program 1 (id=4295): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8800, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x20004000) unshare$auto(0x40000080) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x0, 0x8000000000000000, 0x0) open(0x0, 0x163340, 0x6a) socket(0xa, 0x2, 0x88) recvmmsg$auto(0x3, 0x0, 0xfff, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) shmdt$auto(0x0) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8001) mincore$auto(0x1000, 0x4000000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) sendmsg$auto_NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x84, 0x0, 0x300, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, "96015337514b1833fd49fabab95ebc0677273bf0aa82d9c22000"}, @NL80211_ATTR_S1G_CAPABILITY={0x35, 0x128, "c09bbba5bf38b799e65113cbe8d903a4b431afc351e0dcd208e5b0f7c329af41698f70eade42850f9dcb3d237045f948b3"}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x7e}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0x7}, @NL80211_ATTR_PBSS={0x4}]}, 0x84}}, 0x80) r2 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000001040), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_GETPDP(r0, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000001080)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x24040814) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r0) r3 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) pidfd_open$auto(r3, 0x0) 17.808112ms ago: executing program 2 (id=4296): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x4040, 0x0) mmap$auto(0x0, 0x6, 0x2, 0x40eb4, r0, 0x6) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)={0x34, r2, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0xe00}, @OVS_VPORT_ATTR_NAME={0x8, 0x3, '})[\x00'}, @OVS_VPORT_ATTR_UPCALL_PID={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x80) ustat$auto(0x801, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mknod$auto(&(0x7f0000000180)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x20e9, 0x103) r4 = open(&(0x7f0000000280)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x20102, 0x100) write$auto(r4, 0x0, 0xaf0) r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r6 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x0, 0x0) fcntl$auto(r6, 0x8, 0x0) read$auto(r5, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x40, 0x0, 0x10, 0x70bd2c, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY_RTS_THRESHOLD={0x8, 0x40, 0xd86}, @NL80211_ATTR_TDLS_SUPPORT={0x4}, @NL80211_ATTR_OPMODE_NOTIF={0x5}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x9}, @NL80211_ATTR_DISABLE_VHT={0x4}, @NL80211_ATTR_STA_WME={0xc, 0x81, 0x0, 0x1, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xb}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x800) mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) semctl$auto(0x1ff, 0x100000001, 0x13, 0x9) r7 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_S_MODE(r7, 0x40046109, &(0x7f0000002c40)=0xd0) close_range$auto(0x2, 0x8, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) 0s ago: executing program 3 (id=4297): setgroups$auto(0xa1, &(0x7f0000000000)=0xc) r0 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f0000002a40)='/proc/self/uid_map\x00', 0x28400, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8e) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x22a40, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r2, 0x4020ae76, r3) close_range$auto(0x2, 0x8, 0xfeff0000) r4 = socket$nl_generic(0x10, 0x3, 0x10) setregid$auto(0x0, 0x0) fsconfig$auto(r3, 0x1, &(0x7f0000000240)='\x00', &(0x7f0000000400)="1030e45d444f82a6abd304d88b847ff0b0fa1a49fb838575da9b484ef6f64de4c79d45d76af726f32837928e8d171597677454f1a7564f8db5f038853520f93268cd307cbfcec55fc361aa", 0x0) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/fail-nth\x00', 0x0, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x1c, r5, 0x1, 0x70bd2b, 0x25dfdbfa, {}, [@HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x2}]}, 0x1c}}, 0x4044820) read$auto_proc_uid_map_operations_base(r0, &(0x7f0000002a80)=""/38, 0x26) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f00000034c0), 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/hugetlb.1GB.usage_in_bytes\x00', 0x10b142, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r8 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) read$auto(r8, 0x0, 0x2) r9 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x501, 0x0) ioctl$auto_FUSE_DEV_IOC_CLONE(r9, 0x8004e500, 0x0) sendmsg$auto_NFSD_CMD_LISTENER_SET(r6, &(0x7f0000003700)={0x0, 0x0, &(0x7f00000036c0)={&(0x7f0000003500)={0x14, r7, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0) kernel console output (not intermixed with test programs): 689179][T23685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1083.689194][T23685] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1083.689227][T23685] [ 1084.611808][T23692] FAULT_INJECTION: forcing a failure. [ 1084.611808][T23692] name failslab, interval 1, probability 0, space 0, times 0 [ 1084.624738][T23692] CPU: 0 UID: 0 PID: 23692 Comm: syz.3.3972 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1084.624785][T23692] Tainted: [U]=USER [ 1084.624795][T23692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1084.624811][T23692] Call Trace: [ 1084.624820][T23692] [ 1084.624829][T23692] dump_stack_lvl+0x16c/0x1f0 [ 1084.624867][T23692] should_fail_ex+0x512/0x640 [ 1084.624899][T23692] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1084.624931][T23692] should_failslab+0xc2/0x120 [ 1084.624965][T23692] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1084.624992][T23692] ? audit_net_init+0x190/0x440 [ 1084.625021][T23692] ? uevent_net_init+0xd3/0x350 [ 1084.625060][T23692] uevent_net_init+0xd3/0x350 [ 1084.625093][T23692] ? __pfx_uevent_net_init+0x10/0x10 [ 1084.625128][T23692] ? __pfx_uevent_net_rcv+0x10/0x10 [ 1084.625172][T23692] ? __pfx_uevent_net_init+0x10/0x10 [ 1084.625201][T23692] ops_init+0x1e2/0x5f0 [ 1084.625235][T23692] setup_net+0x10f/0x380 [ 1084.625271][T23692] ? lockdep_init_map_type+0x5c/0x280 [ 1084.625307][T23692] ? __pfx_setup_net+0x10/0x10 [ 1084.625338][T23692] ? debug_mutex_init+0x37/0x70 [ 1084.625368][T23692] copy_net_ns+0x2a6/0x5f0 [ 1084.625404][T23692] create_new_namespaces+0x3ea/0xa90 [ 1084.625442][T23692] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1084.625475][T23692] ksys_unshare+0x45b/0xa40 [ 1084.625509][T23692] ? __pfx_ksys_unshare+0x10/0x10 [ 1084.625545][T23692] ? xfd_validate_state+0x61/0x180 [ 1084.625592][T23692] __x64_sys_unshare+0x31/0x40 [ 1084.625625][T23692] do_syscall_64+0xcd/0x490 [ 1084.625656][T23692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1084.625683][T23692] RIP: 0033:0x7ff04438ebe9 [ 1084.625706][T23692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1084.625733][T23692] RSP: 002b:00007ff0451c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1084.625759][T23692] RAX: ffffffffffffffda RBX: 00007ff0445b5fa0 RCX: 00007ff04438ebe9 [ 1084.625778][T23692] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1084.625795][T23692] RBP: 00007ff044411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1084.625811][T23692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1084.625828][T23692] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1084.625867][T23692] [ 1085.147162][T23701] FAULT_INJECTION: forcing a failure. [ 1085.147162][T23701] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1085.160798][T23701] CPU: 1 UID: 0 PID: 23701 Comm: syz.3.3975 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1085.160840][T23701] Tainted: [U]=USER [ 1085.160849][T23701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1085.160864][T23701] Call Trace: [ 1085.160873][T23701] [ 1085.160883][T23701] dump_stack_lvl+0x16c/0x1f0 [ 1085.160916][T23701] should_fail_ex+0x512/0x640 [ 1085.160950][T23701] _copy_to_iter+0x463/0x16f0 [ 1085.160988][T23701] ? __pfx__copy_to_iter+0x10/0x10 [ 1085.161021][T23701] ? const_folio_flags+0x5b/0x100 [ 1085.161050][T23701] ? folio_mark_accessed+0xc1/0xc00 [ 1085.161082][T23701] ? __pfx_folio_mark_accessed+0x10/0x10 [ 1085.161121][T23701] copy_page_to_iter+0x12a/0x1e0 [ 1085.161157][T23701] filemap_read+0x6b1/0xe40 [ 1085.161203][T23701] ? __pfx_filemap_read+0x10/0x10 [ 1085.161266][T23701] ? __pfx_down_read+0x10/0x10 [ 1085.161295][T23701] ? __pfx__kstrtoull+0x10/0x10 [ 1085.161317][T23701] ? __pfx_aa_file_perm+0x10/0x10 [ 1085.161352][T23701] blkdev_read_iter+0x1ac/0x500 [ 1085.161382][T23701] do_iter_readv_writev+0x735/0x950 [ 1085.161411][T23701] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1085.161444][T23701] ? bpf_lsm_file_permission+0x9/0x10 [ 1085.161477][T23701] ? security_file_permission+0x71/0x210 [ 1085.161506][T23701] ? rw_verify_area+0xcf/0x6c0 [ 1085.161532][T23701] vfs_readv+0x4cb/0x8b0 [ 1085.161564][T23701] ? __pfx_vfs_readv+0x10/0x10 [ 1085.161614][T23701] ? __fget_files+0x20e/0x3c0 [ 1085.161650][T23701] ? do_readv+0x132/0x340 [ 1085.161672][T23701] do_readv+0x132/0x340 [ 1085.161698][T23701] ? __pfx_do_readv+0x10/0x10 [ 1085.161722][T23701] ? ksys_write+0x1ac/0x250 [ 1085.161748][T23701] ? __pfx_ksys_write+0x10/0x10 [ 1085.161780][T23701] __x64_sys_preadv2+0x11f/0x160 [ 1085.161814][T23701] do_syscall_64+0xcd/0x490 [ 1085.161843][T23701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1085.161869][T23701] RIP: 0033:0x7ff04438ebe9 [ 1085.161890][T23701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1085.161913][T23701] RSP: 002b:00007ff0451c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 1085.161938][T23701] RAX: ffffffffffffffda RBX: 00007ff0445b5fa0 RCX: 00007ff04438ebe9 [ 1085.161955][T23701] RDX: 0000000000000006 RSI: 0000200000000080 RDI: 0000000000000003 [ 1085.161970][T23701] RBP: 00007ff0451c3090 R08: 0000000000000000 R09: 000000000000002f [ 1085.161986][T23701] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002 [ 1085.162003][T23701] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1085.162038][T23701] [ 1087.059230][T23726] openvswitch: HfR: Dropping previously announced user features [ 1087.308879][T23732] tc_dump_action: action bad kind [ 1087.740346][T23735] FAULT_INJECTION: forcing a failure. [ 1087.740346][T23735] name failslab, interval 1, probability 0, space 0, times 0 [ 1087.753203][T23735] CPU: 0 UID: 0 PID: 23735 Comm: syz.3.3983 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1087.753249][T23735] Tainted: [U]=USER [ 1087.753259][T23735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1087.753275][T23735] Call Trace: [ 1087.753285][T23735] [ 1087.753296][T23735] dump_stack_lvl+0x16c/0x1f0 [ 1087.753333][T23735] should_fail_ex+0x512/0x640 [ 1087.753366][T23735] ? fs_reclaim_acquire+0xae/0x150 [ 1087.753408][T23735] should_failslab+0xc2/0x120 [ 1087.753443][T23735] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1087.753476][T23735] ? security_inode_alloc+0x3b/0x2b0 [ 1087.753507][T23735] security_inode_alloc+0x3b/0x2b0 [ 1087.753534][T23735] inode_init_always_gfp+0xce4/0x1030 [ 1087.753571][T23735] alloc_inode+0x86/0x240 [ 1087.753606][T23735] sock_alloc+0x40/0x280 [ 1087.753639][T23735] sock_create_lite+0x82/0x120 [ 1087.753676][T23735] __netlink_kernel_create+0xbd/0x750 [ 1087.753710][T23735] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1087.753748][T23735] ? __pfx_genl_pernet_init+0x10/0x10 [ 1087.753780][T23735] genl_pernet_init+0xbd/0x170 [ 1087.753812][T23735] ? __pfx_genl_pernet_init+0x10/0x10 [ 1087.753841][T23735] ? lockdep_init_map_type+0x5c/0x280 [ 1087.753876][T23735] ? __pfx_genl_rcv+0x10/0x10 [ 1087.753905][T23735] ? __pfx_genl_bind+0x10/0x10 [ 1087.753933][T23735] ? __pfx_genl_unbind+0x10/0x10 [ 1087.753962][T23735] ? __pfx_genl_release+0x10/0x10 [ 1087.753995][T23735] ? debug_mutex_init+0x37/0x70 [ 1087.754025][T23735] ops_init+0x1e2/0x5f0 [ 1087.754059][T23735] setup_net+0x10f/0x380 [ 1087.754097][T23735] ? lockdep_init_map_type+0x5c/0x280 [ 1087.754133][T23735] ? __pfx_setup_net+0x10/0x10 [ 1087.754165][T23735] ? debug_mutex_init+0x37/0x70 [ 1087.754196][T23735] copy_net_ns+0x2a6/0x5f0 [ 1087.754233][T23735] create_new_namespaces+0x3ea/0xa90 [ 1087.754273][T23735] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1087.754306][T23735] ksys_unshare+0x45b/0xa40 [ 1087.754341][T23735] ? __pfx_ksys_unshare+0x10/0x10 [ 1087.754377][T23735] ? xfd_validate_state+0x61/0x180 [ 1087.754423][T23735] __x64_sys_unshare+0x31/0x40 [ 1087.754457][T23735] do_syscall_64+0xcd/0x490 [ 1087.754490][T23735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1087.754517][T23735] RIP: 0033:0x7ff04438ebe9 [ 1087.754540][T23735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1087.754568][T23735] RSP: 002b:00007ff0451c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1087.754596][T23735] RAX: ffffffffffffffda RBX: 00007ff0445b5fa0 RCX: 00007ff04438ebe9 [ 1087.754615][T23735] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1087.754631][T23735] RBP: 00007ff044411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1087.754647][T23735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1087.754663][T23735] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1087.754698][T23735] [ 1088.049958][ C0] vkms_vblank_simulate: vblank timer overrun [ 1089.229827][T23741] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1092.016189][T23789] FAULT_INJECTION: forcing a failure. [ 1092.016189][T23789] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1092.032381][T23789] CPU: 1 UID: 0 PID: 23789 Comm: syz.1.3992 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1092.032408][T23789] Tainted: [U]=USER [ 1092.032413][T23789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1092.032422][T23789] Call Trace: [ 1092.032428][T23789] [ 1092.032434][T23789] dump_stack_lvl+0x16c/0x1f0 [ 1092.032455][T23789] should_fail_ex+0x512/0x640 [ 1092.032477][T23789] _copy_to_user+0x32/0xd0 [ 1092.032498][T23789] simple_read_from_buffer+0xcb/0x170 [ 1092.032516][T23789] proc_fail_nth_read+0x197/0x240 [ 1092.032533][T23789] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1092.032549][T23789] ? rw_verify_area+0xcf/0x6c0 [ 1092.032564][T23789] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1092.032580][T23789] vfs_read+0x1e4/0xc60 [ 1092.032601][T23789] ? __pfx___mutex_lock+0x10/0x10 [ 1092.032618][T23789] ? __pfx_vfs_read+0x10/0x10 [ 1092.032639][T23789] ? __fget_files+0x20e/0x3c0 [ 1092.032661][T23789] ksys_read+0x12a/0x250 [ 1092.032676][T23789] ? __pfx_ksys_read+0x10/0x10 [ 1092.032698][T23789] do_syscall_64+0xcd/0x490 [ 1092.032716][T23789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1092.032731][T23789] RIP: 0033:0x7fbcc758d5fc [ 1092.032744][T23789] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1092.032758][T23789] RSP: 002b:00007fbcc57f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1092.032772][T23789] RAX: ffffffffffffffda RBX: 00007fbcc77b6090 RCX: 00007fbcc758d5fc [ 1092.032782][T23789] RDX: 000000000000000f RSI: 00007fbcc57f60a0 RDI: 0000000000000004 [ 1092.032791][T23789] RBP: 00007fbcc57f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1092.032800][T23789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1092.032808][T23789] R13: 00007fbcc77b6128 R14: 00007fbcc77b6090 R15: 00007ffdbd9cb3f8 [ 1092.032828][T23789] [ 1093.198916][T23806] FAULT_INJECTION: forcing a failure. [ 1093.198916][T23806] name failslab, interval 1, probability 0, space 0, times 0 [ 1093.198993][T23806] CPU: 0 UID: 0 PID: 23806 Comm: syz.1.3998 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1093.199017][T23806] Tainted: [U]=USER [ 1093.199022][T23806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1093.199032][T23806] Call Trace: [ 1093.199038][T23806] [ 1093.199044][T23806] dump_stack_lvl+0x16c/0x1f0 [ 1093.199066][T23806] should_fail_ex+0x512/0x640 [ 1093.199084][T23806] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1093.199104][T23806] should_failslab+0xc2/0x120 [ 1093.199125][T23806] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1093.199143][T23806] ? sock_alloc_inode+0x25/0x1c0 [ 1093.199164][T23806] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1093.199181][T23806] sock_alloc_inode+0x25/0x1c0 [ 1093.199198][T23806] alloc_inode+0x61/0x240 [ 1093.199221][T23806] sock_alloc+0x40/0x280 [ 1093.199237][T23806] sock_create_lite+0x82/0x120 [ 1093.199257][T23806] __netlink_kernel_create+0xbd/0x750 [ 1093.199275][T23806] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1093.199297][T23806] uevent_net_init+0xf8/0x350 [ 1093.199315][T23806] ? __pfx_uevent_net_init+0x10/0x10 [ 1093.199334][T23806] ? __pfx_uevent_net_rcv+0x10/0x10 [ 1093.199358][T23806] ? __pfx_uevent_net_init+0x10/0x10 [ 1093.199376][T23806] ops_init+0x1e2/0x5f0 [ 1093.199394][T23806] setup_net+0x10f/0x380 [ 1093.199408][T23806] ? lockdep_init_map_type+0x5c/0x280 [ 1093.199428][T23806] ? __pfx_setup_net+0x10/0x10 [ 1093.199445][T23806] ? debug_mutex_init+0x37/0x70 [ 1093.199462][T23806] copy_net_ns+0x2a6/0x5f0 [ 1093.199481][T23806] create_new_namespaces+0x3ea/0xa90 [ 1093.199505][T23806] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1093.199524][T23806] ksys_unshare+0x45b/0xa40 [ 1093.199547][T23806] ? __pfx_ksys_unshare+0x10/0x10 [ 1093.199567][T23806] ? xfd_validate_state+0x61/0x180 [ 1093.199594][T23806] __x64_sys_unshare+0x31/0x40 [ 1093.199613][T23806] do_syscall_64+0xcd/0x490 [ 1093.199631][T23806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1093.199647][T23806] RIP: 0033:0x7fbcc758ebe9 [ 1093.199659][T23806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1093.199673][T23806] RSP: 002b:00007fbcc8315038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1093.199687][T23806] RAX: ffffffffffffffda RBX: 00007fbcc77b5fa0 RCX: 00007fbcc758ebe9 [ 1093.199697][T23806] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1093.199706][T23806] RBP: 00007fbcc7611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1093.199714][T23806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1093.199723][T23806] R13: 00007fbcc77b6038 R14: 00007fbcc77b5fa0 R15: 00007ffdbd9cb3f8 [ 1093.199743][T23806] [ 1093.292123][T23806] kobject_uevent: unable to create netlink socket! [ 1093.723922][T23816] FAULT_INJECTION: forcing a failure. [ 1093.723922][T23816] name failslab, interval 1, probability 0, space 0, times 0 [ 1093.737792][T23816] CPU: 0 UID: 0 PID: 23816 Comm: syz.3.3999 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1093.737840][T23816] Tainted: [U]=USER [ 1093.737850][T23816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1093.737866][T23816] Call Trace: [ 1093.737877][T23816] [ 1093.737888][T23816] dump_stack_lvl+0x16c/0x1f0 [ 1093.737925][T23816] should_fail_ex+0x512/0x640 [ 1093.737955][T23816] ? __kvmalloc_node_noprof+0x124/0x620 [ 1093.737989][T23816] should_failslab+0xc2/0x120 [ 1093.738022][T23816] __kvmalloc_node_noprof+0x137/0x620 [ 1093.738050][T23816] ? lockdep_init_map_type+0x5c/0x280 [ 1093.738085][T23816] ? alloc_netdev_mqs+0xc82/0x1500 [ 1093.738122][T23816] ? alloc_netdev_mqs+0xc82/0x1500 [ 1093.738149][T23816] alloc_netdev_mqs+0xc82/0x1500 [ 1093.738187][T23816] internal_dev_create+0x8a/0x520 [ 1093.738222][T23816] ovs_vport_add+0x147/0x4d0 [ 1093.738254][T23816] new_vport+0x16/0x1d0 [ 1093.738291][T23816] ovs_dp_cmd_new+0x6ba/0xe60 [ 1093.738322][T23816] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1093.738353][T23816] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1093.738386][T23816] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1093.738428][T23816] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1093.738461][T23816] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1093.738515][T23816] ? bpf_lsm_capable+0x9/0x10 [ 1093.738536][T23816] ? security_capable+0x7e/0x260 [ 1093.738572][T23816] ? ns_capable+0xd7/0x110 [ 1093.738601][T23816] genl_rcv_msg+0x55c/0x800 [ 1093.738635][T23816] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1093.738668][T23816] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1093.738707][T23816] netlink_rcv_skb+0x155/0x420 [ 1093.738735][T23816] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1093.738769][T23816] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1093.738814][T23816] ? netlink_deliver_tap+0x1ae/0xd30 [ 1093.738847][T23816] genl_rcv+0x28/0x40 [ 1093.738875][T23816] netlink_unicast+0x5aa/0x870 [ 1093.738909][T23816] ? __pfx_netlink_unicast+0x10/0x10 [ 1093.738938][T23816] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1093.738964][T23816] ? __lock_acquire+0xb97/0x1ce0 [ 1093.739007][T23816] netlink_sendmsg+0x8d1/0xdd0 [ 1093.739043][T23816] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1093.739077][T23816] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1093.739121][T23816] ____sys_sendmsg+0xa95/0xc70 [ 1093.739157][T23816] ? copy_msghdr_from_user+0x10a/0x160 [ 1093.739184][T23816] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1093.739236][T23816] ___sys_sendmsg+0x134/0x1d0 [ 1093.739266][T23816] ? __pfx____sys_sendmsg+0x10/0x10 [ 1093.739335][T23816] __sys_sendmsg+0x16d/0x220 [ 1093.739362][T23816] ? __pfx___sys_sendmsg+0x10/0x10 [ 1093.739387][T23816] ? __x64_sys_futex+0x1e0/0x4c0 [ 1093.739440][T23816] do_syscall_64+0xcd/0x490 [ 1093.739480][T23816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1093.739508][T23816] RIP: 0033:0x7ff04438ebe9 [ 1093.739529][T23816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1093.739554][T23816] RSP: 002b:00007ff0451c3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1093.739581][T23816] RAX: ffffffffffffffda RBX: 00007ff0445b5fa0 RCX: 00007ff04438ebe9 [ 1093.739598][T23816] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 1093.739615][T23816] RBP: 00007ff044411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1093.739628][T23816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1093.739643][T23816] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1093.739678][T23816] [ 1096.614280][T23874] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4011'. [ 1096.649174][T23874] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1096.649199][T23874] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1096.729295][T23874] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1096.729324][T23874] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1097.976196][T23906] random: crng reseeded on system resumption [ 1098.513933][T23910] HfR: entered promiscuous mode [ 1099.762216][T23931] vivid-003: ================= START STATUS ================= [ 1099.769966][T23931] vivid-003: Radio HW Seek Mode: Bounded [ 1099.775703][T23931] vivid-003: Radio Programmable HW Seek: false [ 1099.782075][T23931] vivid-003: RDS Rx I/O Mode: Block I/O [ 1099.787717][T23931] vivid-003: Generate RBDS Instead of RDS: false [ 1099.794241][T23931] vivid-003: RDS Reception: true [ 1099.799477][T23931] vivid-003: RDS Program Type: 0 inactive [ 1099.805309][T23931] vivid-003: RDS PS Name: inactive [ 1099.810620][T23931] vivid-003: RDS Radio Text: inactive [ 1099.824877][T23931] vivid-003: RDS Traffic Announcement: false inactive [ 1099.832098][T23931] vivid-003: RDS Traffic Program: false inactive [ 1099.838568][T23931] vivid-003: RDS Music: false inactive [ 1099.844158][T23931] vivid-003: ================== END STATUS ================== [ 1100.438603][T23938] FAULT_INJECTION: forcing a failure. [ 1100.438603][T23938] name failslab, interval 1, probability 0, space 0, times 0 [ 1100.451544][T23938] CPU: 1 UID: 0 PID: 23938 Comm: syz.3.4025 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1100.451589][T23938] Tainted: [U]=USER [ 1100.451599][T23938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1100.451616][T23938] Call Trace: [ 1100.451625][T23938] [ 1100.451637][T23938] dump_stack_lvl+0x16c/0x1f0 [ 1100.451673][T23938] should_fail_ex+0x512/0x640 [ 1100.451705][T23938] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1100.451736][T23938] should_failslab+0xc2/0x120 [ 1100.451770][T23938] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1100.451799][T23938] ? snd_card_file_add+0x52/0x340 [ 1100.451833][T23938] ? rcu_is_watching+0x12/0xc0 [ 1100.451863][T23938] snd_card_file_add+0x52/0x340 [ 1100.451903][T23938] snd_rawmidi_open+0x2cc/0xbf0 [ 1100.451928][T23938] ? __mutex_unlock_slowpath+0x163/0x800 [ 1100.451963][T23938] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1100.451996][T23938] ? kobject_get_unless_zero+0x156/0x1e0 [ 1100.452032][T23938] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1100.452057][T23938] snd_open+0x22a/0x4c0 [ 1100.452099][T23938] ? __pfx_snd_open+0x10/0x10 [ 1100.452130][T23938] chrdev_open+0x231/0x6a0 [ 1100.452160][T23938] ? __pfx_apparmor_file_open+0x10/0x10 [ 1100.452199][T23938] ? __pfx_chrdev_open+0x10/0x10 [ 1100.452234][T23938] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1100.452272][T23938] do_dentry_open+0x97f/0x1530 [ 1100.452305][T23938] ? __pfx_chrdev_open+0x10/0x10 [ 1100.452343][T23938] vfs_open+0x82/0x3f0 [ 1100.452384][T23938] path_openat+0x1de4/0x2cb0 [ 1100.452427][T23938] ? __pfx_path_openat+0x10/0x10 [ 1100.452468][T23938] do_filp_open+0x20b/0x470 [ 1100.452499][T23938] ? __pfx_do_filp_open+0x10/0x10 [ 1100.452557][T23938] ? alloc_fd+0x471/0x7d0 [ 1100.452595][T23938] do_sys_openat2+0x11b/0x1d0 [ 1100.452632][T23938] ? __pfx_do_sys_openat2+0x10/0x10 [ 1100.452684][T23938] __x64_sys_openat+0x174/0x210 [ 1100.452722][T23938] ? __pfx___x64_sys_openat+0x10/0x10 [ 1100.452775][T23938] do_syscall_64+0xcd/0x490 [ 1100.452807][T23938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1100.452833][T23938] RIP: 0033:0x7ff04438ebe9 [ 1100.452856][T23938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1100.452881][T23938] RSP: 002b:00007ff0451c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1100.452906][T23938] RAX: ffffffffffffffda RBX: 00007ff0445b5fa0 RCX: 00007ff04438ebe9 [ 1100.452925][T23938] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1100.452942][T23938] RBP: 00007ff044411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1100.452959][T23938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1100.452975][T23938] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1100.453012][T23938] [ 1101.847673][T23952] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1101.854307][T23952] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1101.996312][T23956] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1102.002488][T23956] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1102.299332][T23968] FAULT_INJECTION: forcing a failure. [ 1102.299332][T23968] name failslab, interval 1, probability 0, space 0, times 0 [ 1102.375588][T23968] CPU: 1 UID: 0 PID: 23968 Comm: syz.2.4033 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1102.375636][T23968] Tainted: [U]=USER [ 1102.375645][T23968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1102.375660][T23968] Call Trace: [ 1102.375670][T23968] [ 1102.375681][T23968] dump_stack_lvl+0x16c/0x1f0 [ 1102.375717][T23968] should_fail_ex+0x512/0x640 [ 1102.375749][T23968] ? __kmalloc_noprof+0xbf/0x510 [ 1102.375782][T23968] ? tbl_mask_array_alloc+0x38/0x160 [ 1102.375817][T23968] should_failslab+0xc2/0x120 [ 1102.375848][T23968] __kmalloc_noprof+0xd2/0x510 [ 1102.375887][T23968] tbl_mask_array_alloc+0x38/0x160 [ 1102.375926][T23968] ovs_flow_tbl_init+0x40/0x600 [ 1102.375963][T23968] ? kasan_save_track+0x14/0x30 [ 1102.375994][T23968] ovs_dp_cmd_new+0x251/0xe60 [ 1102.376030][T23968] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1102.376065][T23968] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1102.376101][T23968] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1102.376145][T23968] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1102.376191][T23968] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1102.376238][T23968] ? bpf_lsm_capable+0x9/0x10 [ 1102.376263][T23968] ? security_capable+0x7e/0x260 [ 1102.376303][T23968] ? ns_capable+0xd7/0x110 [ 1102.376335][T23968] genl_rcv_msg+0x55c/0x800 [ 1102.376373][T23968] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1102.376407][T23968] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1102.376445][T23968] netlink_rcv_skb+0x155/0x420 [ 1102.376476][T23968] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1102.376516][T23968] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1102.376562][T23968] ? netlink_deliver_tap+0x1ae/0xd30 [ 1102.376596][T23968] genl_rcv+0x28/0x40 [ 1102.376630][T23968] netlink_unicast+0x5aa/0x870 [ 1102.376666][T23968] ? __pfx_netlink_unicast+0x10/0x10 [ 1102.376697][T23968] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1102.376726][T23968] ? __lock_acquire+0xb97/0x1ce0 [ 1102.376769][T23968] netlink_sendmsg+0x8d1/0xdd0 [ 1102.376803][T23968] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1102.376837][T23968] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1102.376876][T23968] ____sys_sendmsg+0xa95/0xc70 [ 1102.376908][T23968] ? copy_msghdr_from_user+0x10a/0x160 [ 1102.376935][T23968] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1102.376985][T23968] ___sys_sendmsg+0x134/0x1d0 [ 1102.377016][T23968] ? __pfx____sys_sendmsg+0x10/0x10 [ 1102.377085][T23968] __sys_sendmsg+0x16d/0x220 [ 1102.377113][T23968] ? __pfx___sys_sendmsg+0x10/0x10 [ 1102.377139][T23968] ? __x64_sys_futex+0x1e0/0x4c0 [ 1102.377205][T23968] do_syscall_64+0xcd/0x490 [ 1102.377238][T23968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1102.377266][T23968] RIP: 0033:0x7f71f7d8ebe9 [ 1102.377288][T23968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1102.377314][T23968] RSP: 002b:00007f71f8c57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1102.377340][T23968] RAX: ffffffffffffffda RBX: 00007f71f7fb5fa0 RCX: 00007f71f7d8ebe9 [ 1102.377358][T23968] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 1102.377375][T23968] RBP: 00007f71f7e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1102.377391][T23968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1102.377406][T23968] R13: 00007f71f7fb6038 R14: 00007f71f7fb5fa0 R15: 00007ffed37d5a58 [ 1102.377438][T23968] [ 1102.389396][T23971] FAULT_INJECTION: forcing a failure. [ 1102.389396][T23971] name failslab, interval 1, probability 0, space 0, times 0 [ 1102.604981][T23958] FAULT_INJECTION: forcing a failure. [ 1102.604981][T23958] name failslab, interval 1, probability 0, space 0, times 0 [ 1102.761899][T23971] CPU: 1 UID: 0 PID: 23971 Comm: syz.3.4035 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1102.761939][T23971] Tainted: [U]=USER [ 1102.761947][T23971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1102.761960][T23971] Call Trace: [ 1102.761969][T23971] [ 1102.761978][T23971] dump_stack_lvl+0x16c/0x1f0 [ 1102.762009][T23971] should_fail_ex+0x512/0x640 [ 1102.762038][T23971] ? __kmalloc_noprof+0xbf/0x510 [ 1102.762067][T23971] ? __register_sysctl_table+0xea2/0x1900 [ 1102.762101][T23971] should_failslab+0xc2/0x120 [ 1102.762133][T23971] __kmalloc_noprof+0xd2/0x510 [ 1102.762168][T23971] ? __register_sysctl_table+0xe8e/0x1900 [ 1102.762208][T23971] __register_sysctl_table+0xea2/0x1900 [ 1102.762247][T23971] ? __pfx___register_sysctl_table+0x10/0x10 [ 1102.762279][T23971] ? is_module_address+0x69/0xf0 [ 1102.762312][T23971] ? register_net_sysctl_sz+0x228/0x3e0 [ 1102.762350][T23971] __devinet_sysctl_register+0x1b9/0x360 [ 1102.762385][T23971] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 1102.762418][T23971] ? devinet_init_net+0xeb/0x910 [ 1102.762448][T23971] ? __asan_memcpy+0x3c/0x60 [ 1102.762475][T23971] devinet_init_net+0x315/0x910 [ 1102.762508][T23971] ? __pfx_devinet_init_net+0x10/0x10 [ 1102.762536][T23971] ops_init+0x1e2/0x5f0 [ 1102.762570][T23971] setup_net+0x10f/0x380 [ 1102.762595][T23971] ? lockdep_init_map_type+0x5c/0x280 [ 1102.762631][T23971] ? __pfx_setup_net+0x10/0x10 [ 1102.762661][T23971] ? debug_mutex_init+0x37/0x70 [ 1102.762690][T23971] copy_net_ns+0x2a6/0x5f0 [ 1102.762725][T23971] create_new_namespaces+0x3ea/0xa90 [ 1102.762762][T23971] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1102.762794][T23971] ksys_unshare+0x45b/0xa40 [ 1102.762828][T23971] ? __pfx_ksys_unshare+0x10/0x10 [ 1102.762862][T23971] ? xfd_validate_state+0x61/0x180 [ 1102.762907][T23971] __x64_sys_unshare+0x31/0x40 [ 1102.762939][T23971] do_syscall_64+0xcd/0x490 [ 1102.762970][T23971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1102.762996][T23971] RIP: 0033:0x7ff04438ebe9 [ 1102.763017][T23971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1102.763042][T23971] RSP: 002b:00007ff0451c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1102.763067][T23971] RAX: ffffffffffffffda RBX: 00007ff0445b5fa0 RCX: 00007ff04438ebe9 [ 1102.763085][T23971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1102.763100][T23971] RBP: 00007ff044411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1102.763116][T23971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1102.763131][T23971] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1102.763172][T23971] [ 1102.763183][T23971] sysctl could not get directory: /net/ipv4/conf -12 [ 1103.047345][T23958] CPU: 0 UID: 0 PID: 23958 Comm: syz.0.4031 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1103.047394][T23958] Tainted: [U]=USER [ 1103.047406][T23958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1103.047422][T23958] Call Trace: [ 1103.047432][T23958] [ 1103.047444][T23958] dump_stack_lvl+0x16c/0x1f0 [ 1103.047480][T23958] should_fail_ex+0x512/0x640 [ 1103.047512][T23958] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1103.047550][T23958] should_failslab+0xc2/0x120 [ 1103.047585][T23958] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1103.047616][T23958] ? __alloc_skb+0x2b2/0x380 [ 1103.047648][T23958] __alloc_skb+0x2b2/0x380 [ 1103.047673][T23958] ? __pfx___alloc_skb+0x10/0x10 [ 1103.047698][T23958] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 1103.047735][T23958] ? tcp_send_mss+0x159/0x2c0 [ 1103.047772][T23958] mptcp_sendmsg_frag+0x4d7/0x2c70 [ 1103.047823][T23958] ? __pfx_mptcp_sendmsg_frag+0x10/0x10 [ 1103.047866][T23958] __subflow_push_pending+0x345/0xac0 [ 1103.047921][T23958] __mptcp_push_pending+0x2ce/0x550 [ 1103.047954][T23958] ? __pfx___mptcp_push_pending+0x10/0x10 [ 1103.047995][T23958] mptcp_sendmsg+0x17a4/0x1eb0 [ 1103.048040][T23958] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 1103.048076][T23958] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 1103.048104][T23958] inet_sendmsg+0x119/0x140 [ 1103.048150][T23958] ____sys_sendmsg+0x973/0xc70 [ 1103.048186][T23958] ? copy_msghdr_from_user+0x10a/0x160 [ 1103.048215][T23958] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1103.048258][T23958] ? __pfx_futex_wake_mark+0x10/0x10 [ 1103.048300][T23958] ___sys_sendmsg+0x134/0x1d0 [ 1103.048327][T23958] ? __pfx____sys_sendmsg+0x10/0x10 [ 1103.048399][T23958] __sys_sendmsg+0x16d/0x220 [ 1103.048428][T23958] ? __pfx___sys_sendmsg+0x10/0x10 [ 1103.048455][T23958] ? __x64_sys_futex+0x1e0/0x4c0 [ 1103.048510][T23958] do_syscall_64+0xcd/0x490 [ 1103.048542][T23958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1103.048569][T23958] RIP: 0033:0x7f50cf98ebe9 [ 1103.048591][T23958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1103.048616][T23958] RSP: 002b:00007f50d0845038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1103.048641][T23958] RAX: ffffffffffffffda RBX: 00007f50cfbb5fa0 RCX: 00007f50cf98ebe9 [ 1103.048659][T23958] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 0000000000000003 [ 1103.048676][T23958] RBP: 00007f50cfa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1103.048718][T23958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1103.048734][T23958] R13: 00007f50cfbb6038 R14: 00007f50cfbb5fa0 R15: 00007ffff5122028 [ 1103.048772][T23958] [ 1103.769274][T23979] vivid-003: ================= START STATUS ================= [ 1103.814809][T23979] vivid-003: Radio HW Seek Mode: Bounded [ 1103.820630][T23979] vivid-003: Radio Programmable HW Seek: false [ 1103.904386][T23979] vivid-003: RDS Rx I/O Mode: Block I/O [ 1104.064651][T16542] Bluetooth: hci0: command 0x0406 tx timeout [ 1104.070825][T22205] Bluetooth: hci4: command 0x0406 tx timeout [ 1104.081052][T23979] vivid-003: Generate RBDS Instead of RDS: false [ 1104.096935][T23979] vivid-003: RDS Reception: true [ 1104.102170][T23979] vivid-003: RDS Program Type: 0 inactive [ 1104.148587][T23979] vivid-003: RDS PS Name: inactive [ 1104.156212][T23979] vivid-003: RDS Radio Text: inactive [ 1104.199402][T23979] vivid-003: RDS Traffic Announcement: false inactive [ 1104.232374][T23979] vivid-003: RDS Traffic Program: false inactive [ 1104.339750][T23979] vivid-003: RDS Music: false inactive [ 1104.349512][T23979] vivid-003: ================== END STATUS ================== [ 1104.519396][T23998] zram: Removed device: zram0 [ 1104.844163][T24003] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1104.934669][T24003] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1106.109335][T24031] HfR: entered promiscuous mode [ 1106.456153][T24037] openvswitch: HfR: Dropping previously announced user features [ 1106.863210][T16542] Bluetooth: hci4: command 0x0406 tx timeout [ 1106.886874][T24041] openvswitch: HfR: Dropping previously announced user features [ 1107.025737][T16542] Bluetooth: hci0: command 0x0406 tx timeout [ 1107.162580][T24049] zswap: compressor not available [ 1107.258116][T24054] binder: 24051:24054 ioctl c030623e 2000000000c0 returned -22 [ 1107.360408][T24061] FAULT_INJECTION: forcing a failure. [ 1107.360408][T24061] name failslab, interval 1, probability 0, space 0, times 0 [ 1107.375384][T24061] CPU: 0 UID: 0 PID: 24061 Comm: syz.3.4056 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1107.375411][T24061] Tainted: [U]=USER [ 1107.375416][T24061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1107.375425][T24061] Call Trace: [ 1107.375431][T24061] [ 1107.375437][T24061] dump_stack_lvl+0x16c/0x1f0 [ 1107.375459][T24061] should_fail_ex+0x512/0x640 [ 1107.375477][T24061] ? fs_reclaim_acquire+0xae/0x150 [ 1107.375501][T24061] ? tomoyo_encode2+0x100/0x3e0 [ 1107.375518][T24061] should_failslab+0xc2/0x120 [ 1107.375537][T24061] __kmalloc_noprof+0xd2/0x510 [ 1107.375555][T24061] ? d_absolute_path+0x136/0x1a0 [ 1107.375578][T24061] tomoyo_encode2+0x100/0x3e0 [ 1107.375597][T24061] tomoyo_encode+0x29/0x50 [ 1107.375614][T24061] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1107.375637][T24061] tomoyo_path_number_perm+0x245/0x580 [ 1107.375652][T24061] ? tomoyo_path_number_perm+0x237/0x580 [ 1107.375677][T24061] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1107.375705][T24061] ? find_held_lock+0x2b/0x80 [ 1107.375756][T24061] ? find_held_lock+0x2b/0x80 [ 1107.375770][T24061] ? hook_file_ioctl_common+0x145/0x410 [ 1107.375791][T24061] ? __fget_files+0x20e/0x3c0 [ 1107.375810][T24061] security_file_ioctl+0x9b/0x240 [ 1107.375827][T24061] __x64_sys_ioctl+0xb7/0x210 [ 1107.375851][T24061] do_syscall_64+0xcd/0x490 [ 1107.375869][T24061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1107.375885][T24061] RIP: 0033:0x7ff04438ebe9 [ 1107.375898][T24061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1107.375918][T24061] RSP: 002b:00007ff0451c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1107.375932][T24061] RAX: ffffffffffffffda RBX: 00007ff0445b5fa0 RCX: 00007ff04438ebe9 [ 1107.375942][T24061] RDX: 0000000000000000 RSI: 0000000000005408 RDI: 000000000000000e [ 1107.375951][T24061] RBP: 00007ff0451c3090 R08: 0000000000000000 R09: 0000000000000000 [ 1107.375960][T24061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1107.375968][T24061] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1107.375987][T24061] [ 1107.376355][T24061] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1108.005910][T24072] openvswitch: HfR: Dropping previously announced user features [ 1108.100546][T24064] can: request_module (can-proto-0) failed. [ 1108.206259][T24081] snd_aloop snd_aloop.0: control 16781581:65539:5:'x?F/zF˷fC:7 is already present [ 1111.025678][T24119] FAULT_INJECTION: forcing a failure. [ 1111.025678][T24119] name failslab, interval 1, probability 0, space 0, times 0 [ 1111.050624][T24119] CPU: 0 UID: 0 PID: 24119 Comm: syz.3.4067 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1111.050653][T24119] Tainted: [U]=USER [ 1111.050658][T24119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1111.050668][T24119] Call Trace: [ 1111.050674][T24119] [ 1111.050681][T24119] dump_stack_lvl+0x16c/0x1f0 [ 1111.050711][T24119] should_fail_ex+0x512/0x640 [ 1111.050730][T24119] ? __kmalloc_noprof+0xbf/0x510 [ 1111.050750][T24119] ? tracing_log_err+0x4e4/0x6d0 [ 1111.050768][T24119] should_failslab+0xc2/0x120 [ 1111.050789][T24119] __kmalloc_noprof+0xd2/0x510 [ 1111.050810][T24119] tracing_log_err+0x4e4/0x6d0 [ 1111.050834][T24119] append_filter_err+0x380/0x5e0 [ 1111.050854][T24119] apply_subsystem_event_filter+0x75a/0x17e0 [ 1111.050879][T24119] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 1111.050902][T24119] ? _copy_from_user+0x59/0xd0 [ 1111.050924][T24119] subsystem_filter_write+0x95/0x120 [ 1111.050943][T24119] ? __pfx_subsystem_filter_write+0x10/0x10 [ 1111.050960][T24119] vfs_write+0x29d/0x1150 [ 1111.050980][T24119] ? __pfx___mutex_lock+0x10/0x10 [ 1111.050997][T24119] ? __pfx_vfs_write+0x10/0x10 [ 1111.051036][T24119] ? __fget_files+0x20e/0x3c0 [ 1111.051073][T24119] ksys_write+0x12a/0x250 [ 1111.051098][T24119] ? __pfx_ksys_write+0x10/0x10 [ 1111.051133][T24119] do_syscall_64+0xcd/0x490 [ 1111.051152][T24119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1111.051168][T24119] RIP: 0033:0x7ff04438ebe9 [ 1111.051181][T24119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1111.051195][T24119] RSP: 002b:00007ff0451a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1111.051210][T24119] RAX: ffffffffffffffda RBX: 00007ff0445b6090 RCX: 00007ff04438ebe9 [ 1111.051220][T24119] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006 [ 1111.051229][T24119] RBP: 00007ff044411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1111.051238][T24119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1111.051247][T24119] R13: 00007ff0445b6128 R14: 00007ff0445b6090 R15: 00007ffffe735a98 [ 1111.051267][T24119] [ 1111.593186][T24123] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1111.604251][T24123] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1111.652270][T24126] openvswitch: HfR: Dropping previously announced user features [ 1112.129615][T24132] vivid-003: ================= START STATUS ================= [ 1112.165467][T24132] vivid-003: Radio HW Seek Mode: Bounded [ 1112.180885][T24132] vivid-003: Radio Programmable HW Seek: false [ 1112.187312][T24132] vivid-003: RDS Rx I/O Mode: Block I/O [ 1112.193933][T24132] vivid-003: Generate RBDS Instead of RDS: false [ 1112.200352][T24132] vivid-003: RDS Reception: true [ 1112.215908][T24132] vivid-003: RDS Program Type: 0 inactive [ 1112.221815][T24132] vivid-003: RDS PS Name: inactive [ 1112.227075][T24132] vivid-003: RDS Radio Text: inactive [ 1112.262242][T24132] vivid-003: RDS Traffic Announcement: false inactive [ 1112.273385][T24132] vivid-003: RDS Traffic Program: false inactive [ 1112.287040][T24132] vivid-003: RDS Music: false inactive [ 1112.292663][T24132] vivid-003: ================== END STATUS ================== [ 1113.659984][T22205] Bluetooth: hci4: command 0x0406 tx timeout [ 1113.666094][T16542] Bluetooth: hci0: command 0x0406 tx timeout [ 1114.460778][T24159] FAULT_INJECTION: forcing a failure. [ 1114.460778][T24159] name failslab, interval 1, probability 0, space 0, times 0 [ 1114.493071][T24159] CPU: 1 UID: 0 PID: 24159 Comm: syz.3.4078 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1114.493099][T24159] Tainted: [U]=USER [ 1114.493104][T24159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1114.493114][T24159] Call Trace: [ 1114.493119][T24159] [ 1114.493126][T24159] dump_stack_lvl+0x16c/0x1f0 [ 1114.493147][T24159] should_fail_ex+0x512/0x640 [ 1114.493165][T24159] ? fs_reclaim_acquire+0xae/0x150 [ 1114.493187][T24159] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1114.493207][T24159] should_failslab+0xc2/0x120 [ 1114.493226][T24159] __kmalloc_noprof+0xd2/0x510 [ 1114.493247][T24159] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1114.493267][T24159] ? tomoyo_profile+0x47/0x60 [ 1114.493289][T24159] tomoyo_path_number_perm+0x245/0x580 [ 1114.493303][T24159] ? tomoyo_path_number_perm+0x237/0x580 [ 1114.493320][T24159] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1114.493336][T24159] ? find_held_lock+0x2b/0x80 [ 1114.493367][T24159] ? find_held_lock+0x2b/0x80 [ 1114.493380][T24159] ? hook_file_ioctl_common+0x145/0x410 [ 1114.493401][T24159] ? __fget_files+0x20e/0x3c0 [ 1114.493420][T24159] security_file_ioctl+0x9b/0x240 [ 1114.493437][T24159] __x64_sys_ioctl+0xb7/0x210 [ 1114.493461][T24159] do_syscall_64+0xcd/0x490 [ 1114.493479][T24159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1114.493500][T24159] RIP: 0033:0x7ff04438ebe9 [ 1114.493513][T24159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1114.493527][T24159] RSP: 002b:00007ff0451c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1114.493541][T24159] RAX: ffffffffffffffda RBX: 00007ff0445b5fa0 RCX: 00007ff04438ebe9 [ 1114.493551][T24159] RDX: 00002000000001c0 RSI: 0000000000000301 RDI: 0000000000000003 [ 1114.493564][T24159] RBP: 00007ff0451c3090 R08: 0000000000000000 R09: 0000000000000000 [ 1114.493573][T24159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1114.493581][T24159] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1114.493600][T24159] [ 1114.549590][T24159] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1114.851538][T24168] openvswitch: HfR: Dropping previously announced user features [ 1115.709524][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.715875][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.114621][T24197] Unable to find swap-space signature [ 1117.318238][T24228] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1117.326070][T24228] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1118.523333][T24244] FAULT_INJECTION: forcing a failure. [ 1118.523333][T24244] name failslab, interval 1, probability 0, space 0, times 0 [ 1118.537313][T24244] CPU: 1 UID: 0 PID: 24244 Comm: syz.0.4095 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1118.537356][T24244] Tainted: [U]=USER [ 1118.537365][T24244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1118.537380][T24244] Call Trace: [ 1118.537388][T24244] [ 1118.537397][T24244] dump_stack_lvl+0x16c/0x1f0 [ 1118.537429][T24244] should_fail_ex+0x512/0x640 [ 1118.537461][T24244] should_failslab+0xc2/0x120 [ 1118.537495][T24244] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1118.537523][T24244] ? tipc_nametbl_insert_publ+0x700/0x1720 [ 1118.537559][T24244] tipc_nametbl_insert_publ+0x700/0x1720 [ 1118.537597][T24244] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1118.537635][T24244] ? net_generic+0xea/0x2a0 [ 1118.537672][T24244] tipc_nametbl_publish+0x137/0x280 [ 1118.537708][T24244] tipc_sk_publish+0x1d8/0x430 [ 1118.537740][T24244] ? __pfx_tipc_sk_publish+0x10/0x10 [ 1118.537775][T24244] ? __local_bh_enable_ip+0xa4/0x120 [ 1118.537811][T24244] tipc_sk_bind+0x16f/0x380 [ 1118.537844][T24244] tipc_bind+0x190/0x2a0 [ 1118.537878][T24244] __sys_bind+0x1a7/0x260 [ 1118.537917][T24244] ? __pfx___sys_bind+0x10/0x10 [ 1118.537965][T24244] ? xfd_validate_state+0x61/0x180 [ 1118.538011][T24244] __x64_sys_bind+0x72/0xb0 [ 1118.538046][T24244] ? lockdep_hardirqs_on+0x7c/0x110 [ 1118.538071][T24244] do_syscall_64+0xcd/0x490 [ 1118.538103][T24244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1118.538130][T24244] RIP: 0033:0x7f50cf98ebe9 [ 1118.538152][T24244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1118.538178][T24244] RSP: 002b:00007f50d0845038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 1118.538214][T24244] RAX: ffffffffffffffda RBX: 00007f50cfbb5fa0 RCX: 00007f50cf98ebe9 [ 1118.538234][T24244] RDX: 0000000000000066 RSI: 0000200000000040 RDI: 0000000000000007 [ 1118.538252][T24244] RBP: 00007f50cfa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1118.538269][T24244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1118.538286][T24244] R13: 00007f50cfbb6038 R14: 00007f50cfbb5fa0 R15: 00007ffff5122028 [ 1118.538323][T24244] [ 1118.538336][T24244] tipc: Failed to bind to 65,0,0 [ 1119.337069][T16542] Bluetooth: hci0: command 0x0406 tx timeout [ 1119.343260][T22205] Bluetooth: hci4: command 0x0406 tx timeout [ 1120.599212][T24276] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4101'. [ 1120.608768][T24276] mac80211_hwsim hwsim31 : renamed from wlan0 [ 1121.340462][T24290] FAULT_INJECTION: forcing a failure. [ 1121.340462][T24290] name failslab, interval 1, probability 0, space 0, times 0 [ 1121.354283][T24290] CPU: 0 UID: 0 PID: 24290 Comm: syz.0.4105 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1121.354326][T24290] Tainted: [U]=USER [ 1121.354335][T24290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1121.354349][T24290] Call Trace: [ 1121.354358][T24290] [ 1121.354367][T24290] dump_stack_lvl+0x16c/0x1f0 [ 1121.354399][T24290] should_fail_ex+0x512/0x640 [ 1121.354427][T24290] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1121.354460][T24290] should_failslab+0xc2/0x120 [ 1121.354490][T24290] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1121.354519][T24290] ? __alloc_skb+0x2b2/0x380 [ 1121.354543][T24290] ? ip_generic_getfrag+0x115/0x270 [ 1121.354574][T24290] __alloc_skb+0x2b2/0x380 [ 1121.354598][T24290] ? __pfx___alloc_skb+0x10/0x10 [ 1121.354626][T24290] ? raw_getfrag+0x235/0x2a0 [ 1121.354664][T24290] __ip_append_data+0x30c5/0x41c0 [ 1121.354701][T24290] ? __pfx_raw_getfrag+0x10/0x10 [ 1121.354735][T24290] ? ip_dst_mtu_maybe_forward.constprop.0+0x30a/0x6e0 [ 1121.354775][T24290] ? ip_dst_mtu_maybe_forward.constprop.0+0x314/0x6e0 [ 1121.354809][T24290] ? __pfx___ip_append_data+0x10/0x10 [ 1121.354854][T24290] ip_append_data+0x10f/0x1a0 [ 1121.354885][T24290] ? __pfx_raw_getfrag+0x10/0x10 [ 1121.354920][T24290] raw_sendmsg+0xeee/0x37e0 [ 1121.354968][T24290] ? __pfx_raw_sendmsg+0x10/0x10 [ 1121.354999][T24290] ? unwind_get_return_address+0x59/0xa0 [ 1121.355025][T24290] ? arch_stack_walk+0xa6/0x100 [ 1121.355055][T24290] ? __lock_acquire+0x62e/0x1ce0 [ 1121.355130][T24290] ? __pfx_raw_sendmsg+0x10/0x10 [ 1121.355165][T24290] inet_sendmsg+0x119/0x140 [ 1121.355199][T24290] sock_write_iter+0x4aa/0x5b0 [ 1121.355232][T24290] ? __pfx_sock_write_iter+0x10/0x10 [ 1121.355277][T24290] ? bpf_lsm_file_permission+0x9/0x10 [ 1121.355309][T24290] ? security_file_permission+0x71/0x210 [ 1121.355339][T24290] ? rw_verify_area+0xcf/0x6c0 [ 1121.355367][T24290] vfs_write+0x6c4/0x1150 [ 1121.355395][T24290] ? __pfx_sock_write_iter+0x10/0x10 [ 1121.355430][T24290] ? __pfx_vfs_write+0x10/0x10 [ 1121.355453][T24290] ? find_held_lock+0x2b/0x80 [ 1121.355500][T24290] ksys_write+0x1f8/0x250 [ 1121.355526][T24290] ? __pfx_ksys_write+0x10/0x10 [ 1121.355564][T24290] do_syscall_64+0xcd/0x490 [ 1121.355594][T24290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1121.355618][T24290] RIP: 0033:0x7f50cf98ebe9 [ 1121.355639][T24290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1121.355663][T24290] RSP: 002b:00007f50d0845038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1121.355687][T24290] RAX: ffffffffffffffda RBX: 00007f50cfbb5fa0 RCX: 00007f50cf98ebe9 [ 1121.355705][T24290] RDX: 0000000000000578 RSI: 0000000000000000 RDI: 0000000000000003 [ 1121.355720][T24290] RBP: 00007f50d0845090 R08: 0000000000000000 R09: 0000000000000000 [ 1121.355734][T24290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1121.355749][T24290] R13: 00007f50cfbb6038 R14: 00007f50cfbb5fa0 R15: 00007ffff5122028 [ 1121.355782][T24290] [ 1121.651215][ T30] audit: type=1804 audit(4294968019.330:28): pid=24288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4104" name="/newroot/555/file0" dev="tmpfs" ino=2962 res=1 errno=0 [ 1121.928414][T24299] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4106'. [ 1122.488147][T24312] FAULT_INJECTION: forcing a failure. [ 1122.488147][T24312] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1122.502418][T24312] CPU: 0 UID: 0 PID: 24312 Comm: syz.0.4113 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1122.502459][T24312] Tainted: [U]=USER [ 1122.502467][T24312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1122.502482][T24312] Call Trace: [ 1122.502491][T24312] [ 1122.502501][T24312] dump_stack_lvl+0x16c/0x1f0 [ 1122.502533][T24312] should_fail_ex+0x512/0x640 [ 1122.502568][T24312] should_fail_alloc_page+0xe7/0x130 [ 1122.502603][T24312] prepare_alloc_pages+0x3c2/0x610 [ 1122.502643][T24312] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1122.502675][T24312] ? __lock_acquire+0xb97/0x1ce0 [ 1122.502733][T24312] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1122.502776][T24312] ? __lock_acquire+0x62e/0x1ce0 [ 1122.502815][T24312] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1122.502853][T24312] ? policy_nodemask+0xea/0x4e0 [ 1122.502888][T24312] alloc_pages_mpol+0x1fb/0x550 [ 1122.502921][T24312] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1122.502952][T24312] ? __lock_acquire+0x62e/0x1ce0 [ 1122.502989][T24312] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1122.503026][T24312] shmem_alloc_folio+0x135/0x160 [ 1122.503065][T24312] shmem_alloc_and_add_folio+0x499/0xc20 [ 1122.503102][T24312] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 1122.503133][T24312] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 1122.503169][T24312] shmem_get_folio_gfp+0x67f/0x1600 [ 1122.503206][T24312] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1122.503239][T24312] ? filemap_map_pages+0xf58/0x1670 [ 1122.503272][T24312] shmem_fault+0x1fe/0xa30 [ 1122.503303][T24312] ? __pfx_shmem_fault+0x10/0x10 [ 1122.503337][T24312] ? __pfx_filemap_map_pages+0x10/0x10 [ 1122.503376][T24312] ? __pfx_filemap_map_pages+0x10/0x10 [ 1122.503404][T24312] __do_fault+0x10a/0x490 [ 1122.503435][T24312] ? __pfx_filemap_map_pages+0x10/0x10 [ 1122.503462][T24312] do_pte_missing+0xf50/0x3ba0 [ 1122.503489][T24312] ? find_held_lock+0x2b/0x80 [ 1122.503514][T24312] ? __handle_mm_fault+0x14fd/0x2a50 [ 1122.503545][T24312] __handle_mm_fault+0x152a/0x2a50 [ 1122.503576][T24312] ? mt_find+0x3ef/0xa30 [ 1122.503606][T24312] ? __pfx___handle_mm_fault+0x10/0x10 [ 1122.503630][T24312] ? __pfx_mt_find+0x10/0x10 [ 1122.503679][T24312] ? find_vma+0xbf/0x140 [ 1122.503714][T24312] ? __pfx_find_vma+0x10/0x10 [ 1122.503748][T24312] handle_mm_fault+0x589/0xd10 [ 1122.503777][T24312] ? __bpf_trace_exceptions+0x1/0x40 [ 1122.503815][T24312] do_user_addr_fault+0x7a6/0x1370 [ 1122.503854][T24312] ? rcu_is_watching+0x12/0xc0 [ 1122.503884][T24312] exc_page_fault+0x5c/0xb0 [ 1122.503911][T24312] asm_exc_page_fault+0x26/0x30 [ 1122.503935][T24312] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 1122.503970][T24312] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 1122.503993][T24312] RSP: 0018:ffffc90003ddf9f8 EFLAGS: 00050206 [ 1122.504014][T24312] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000038 [ 1122.504030][T24312] RDX: fffff520007bbf50 RSI: 0000000000000000 RDI: ffffc90003ddfa48 [ 1122.504047][T24312] RBP: 0000000000000038 R08: 0000000000000001 R09: fffff520007bbf4f [ 1122.504062][T24312] R10: ffffc90003ddfa7f R11: 0000000000000000 R12: 0000000000000000 [ 1122.504078][T24312] R13: ffffc90003ddfa48 R14: ffffc90003ddfb40 R15: ffffc90003ddfa48 [ 1122.504115][T24312] _copy_from_user+0x98/0xd0 [ 1122.504150][T24312] copy_msghdr_from_user+0x98/0x160 [ 1122.504179][T24312] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1122.504213][T24312] ? __pfx__kstrtoull+0x10/0x10 [ 1122.504247][T24312] ___sys_sendmsg+0xfe/0x1d0 [ 1122.504276][T24312] ? __pfx____sys_sendmsg+0x10/0x10 [ 1122.504321][T24312] ? find_held_lock+0x2b/0x80 [ 1122.504370][T24312] __sys_sendmmsg+0x200/0x420 [ 1122.504402][T24312] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1122.504442][T24312] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1122.504485][T24312] ? fput+0x9b/0xd0 [ 1122.504518][T24312] ? ksys_write+0x1ac/0x250 [ 1122.504545][T24312] ? __pfx_ksys_write+0x10/0x10 [ 1122.504577][T24312] __x64_sys_sendmmsg+0x9c/0x100 [ 1122.504601][T24312] ? lockdep_hardirqs_on+0x7c/0x110 [ 1122.504624][T24312] do_syscall_64+0xcd/0x490 [ 1122.504649][T24312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1122.504672][T24312] RIP: 0033:0x7f50cf98ebe9 [ 1122.504692][T24312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1122.504721][T24312] RSP: 002b:00007f50d0824038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1122.504744][T24312] RAX: ffffffffffffffda RBX: 00007f50cfbb6090 RCX: 00007f50cf98ebe9 [ 1122.504761][T24312] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 1122.504776][T24312] RBP: 00007f50d0824090 R08: 0000000000000000 R09: 0000000000000000 [ 1122.504791][T24312] R10: 000000000000003f R11: 0000000000000246 R12: 0000000000000001 [ 1122.504807][T24312] R13: 00007f50cfbb6128 R14: 00007f50cfbb6090 R15: 00007ffff5122028 [ 1122.504842][T24312] [ 1123.532032][T24326] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1123.552317][T24326] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1124.529724][T24348] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4121'. [ 1124.769155][T24352] openvswitch: HfR: Dropping previously announced user features [ 1125.170009][T24363] FAULT_INJECTION: forcing a failure. [ 1125.170009][T24363] name failslab, interval 1, probability 0, space 0, times 0 [ 1125.184034][T24363] CPU: 0 UID: 0 PID: 24363 Comm: syz.1.4127 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1125.184080][T24363] Tainted: [U]=USER [ 1125.184088][T24363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1125.184099][T24363] Call Trace: [ 1125.184105][T24363] [ 1125.184111][T24363] dump_stack_lvl+0x16c/0x1f0 [ 1125.184133][T24363] should_fail_ex+0x512/0x640 [ 1125.184152][T24363] ? __kmalloc_noprof+0xbf/0x510 [ 1125.184172][T24363] ? __netlink_kernel_create+0x17f/0x750 [ 1125.184188][T24363] should_failslab+0xc2/0x120 [ 1125.184208][T24363] __kmalloc_noprof+0xd2/0x510 [ 1125.184230][T24363] __netlink_kernel_create+0x17f/0x750 [ 1125.184249][T24363] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1125.184270][T24363] ? __pfx_genl_pernet_init+0x10/0x10 [ 1125.184288][T24363] genl_pernet_init+0xbd/0x170 [ 1125.184306][T24363] ? __pfx_genl_pernet_init+0x10/0x10 [ 1125.184323][T24363] ? lockdep_init_map_type+0x5c/0x280 [ 1125.184343][T24363] ? __pfx_genl_rcv+0x10/0x10 [ 1125.184358][T24363] ? __pfx_genl_bind+0x10/0x10 [ 1125.184374][T24363] ? __pfx_genl_unbind+0x10/0x10 [ 1125.184390][T24363] ? __pfx_genl_release+0x10/0x10 [ 1125.184408][T24363] ? debug_mutex_init+0x37/0x70 [ 1125.184424][T24363] ops_init+0x1e2/0x5f0 [ 1125.184442][T24363] setup_net+0x10f/0x380 [ 1125.184458][T24363] ? lockdep_init_map_type+0x5c/0x280 [ 1125.184477][T24363] ? __pfx_setup_net+0x10/0x10 [ 1125.184494][T24363] ? debug_mutex_init+0x37/0x70 [ 1125.184510][T24363] copy_net_ns+0x2a6/0x5f0 [ 1125.184530][T24363] create_new_namespaces+0x3ea/0xa90 [ 1125.184552][T24363] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1125.184570][T24363] ksys_unshare+0x45b/0xa40 [ 1125.184589][T24363] ? __pfx_ksys_unshare+0x10/0x10 [ 1125.184609][T24363] ? xfd_validate_state+0x61/0x180 [ 1125.184635][T24363] __x64_sys_unshare+0x31/0x40 [ 1125.184654][T24363] do_syscall_64+0xcd/0x490 [ 1125.184671][T24363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1125.184686][T24363] RIP: 0033:0x7fbcc758ebe9 [ 1125.184698][T24363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1125.184712][T24363] RSP: 002b:00007fbcc8315038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1125.184727][T24363] RAX: ffffffffffffffda RBX: 00007fbcc77b5fa0 RCX: 00007fbcc758ebe9 [ 1125.184736][T24363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1125.184746][T24363] RBP: 00007fbcc7611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1125.184755][T24363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1125.184765][T24363] R13: 00007fbcc77b6038 R14: 00007fbcc77b5fa0 R15: 00007ffdbd9cb3f8 [ 1125.184784][T24363] [ 1125.472226][T24367] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4123'. [ 1125.481691][T24367] mac80211_hwsim hwsim33 : renamed from wlan0 [ 1125.573871][T16542] Bluetooth: hci0: command 0x0406 tx timeout [ 1125.573911][T16542] Bluetooth: hci4: command 0x0406 tx timeout [ 1126.145342][T24379] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4130'. [ 1126.159758][T24379] mac80211_hwsim hwsim35 : renamed from wlan0 (while UP) [ 1126.894597][T24393] FAULT_INJECTION: forcing a failure. [ 1126.894597][T24393] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1126.908268][T24393] CPU: 1 UID: 0 PID: 24393 Comm: syz.3.4135 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1126.908310][T24393] Tainted: [U]=USER [ 1126.908319][T24393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1126.908333][T24393] Call Trace: [ 1126.908342][T24393] [ 1126.908353][T24393] dump_stack_lvl+0x16c/0x1f0 [ 1126.908386][T24393] should_fail_ex+0x512/0x640 [ 1126.908420][T24393] _copy_from_user+0x2e/0xd0 [ 1126.908453][T24393] snd_seq_oss_write+0x397/0x7d0 [ 1126.908497][T24393] ? __pfx_snd_seq_oss_write+0x10/0x10 [ 1126.908541][T24393] ? common_file_perm+0x1a9/0x340 [ 1126.908571][T24393] ? bpf_lsm_file_permission+0x9/0x10 [ 1126.908609][T24393] ? __pfx_odev_write+0x10/0x10 [ 1126.908634][T24393] odev_write+0x51/0xa0 [ 1126.908664][T24393] vfs_write+0x29d/0x1150 [ 1126.908707][T24393] ? __pfx_vfs_write+0x10/0x10 [ 1126.908732][T24393] ? find_held_lock+0x2b/0x80 [ 1126.908757][T24393] ? __fget_files+0x204/0x3c0 [ 1126.908786][T24393] ? __fget_files+0x20e/0x3c0 [ 1126.908815][T24393] ksys_write+0x12a/0x250 [ 1126.908841][T24393] ? __pfx_ksys_write+0x10/0x10 [ 1126.908876][T24393] do_syscall_64+0xcd/0x490 [ 1126.908904][T24393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.908926][T24393] RIP: 0033:0x7ff04438ebe9 [ 1126.908945][T24393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1126.908967][T24393] RSP: 002b:00007ff0451c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1126.908989][T24393] RAX: ffffffffffffffda RBX: 00007ff0445b5fa0 RCX: 00007ff04438ebe9 [ 1126.909005][T24393] RDX: 000000000000fe04 RSI: 0000200000000040 RDI: 0000000000000003 [ 1126.909019][T24393] RBP: 00007ff0451c3090 R08: 0000000000000000 R09: 0000000000000000 [ 1126.909034][T24393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1126.909047][T24393] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1126.909078][T24393] [ 1129.064093][T24397] random: crng reseeded on system resumption [ 1130.601429][T24453] vivid-003: ================= START STATUS ================= [ 1130.609283][T24453] vivid-003: Radio HW Seek Mode: Bounded [ 1130.615518][T24453] vivid-003: Radio Programmable HW Seek: false [ 1130.622101][T24453] vivid-003: RDS Rx I/O Mode: Block I/O [ 1130.627657][T24453] vivid-003: Generate RBDS Instead of RDS: false [ 1130.641347][T24453] vivid-003: RDS Reception: true [ 1130.649234][T24453] vivid-003: RDS Program Type: 0 inactive [ 1130.662709][T24453] vivid-003: RDS PS Name: inactive [ 1130.681509][T24453] vivid-003: RDS Radio Text: inactive [ 1130.699620][T24453] vivid-003: RDS Traffic Announcement: false inactive [ 1130.707605][T24453] vivid-003: RDS Traffic Program: false inactive [ 1130.714815][T24453] vivid-003: RDS Music: false inactive [ 1130.720735][T24453] vivid-003: ================== END STATUS ================== [ 1134.797449][T24503] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1134.808644][T24503] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1135.110231][T24508] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1135.116464][T24508] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1135.225505][T24514] FAULT_INJECTION: forcing a failure. [ 1135.225505][T24514] name failslab, interval 1, probability 0, space 0, times 0 [ 1135.348564][T24514] CPU: 1 UID: 0 PID: 24514 Comm: syz.0.4158 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1135.348593][T24514] Tainted: [U]=USER [ 1135.348599][T24514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1135.348609][T24514] Call Trace: [ 1135.348616][T24514] [ 1135.348623][T24514] dump_stack_lvl+0x16c/0x1f0 [ 1135.348644][T24514] should_fail_ex+0x512/0x640 [ 1135.348663][T24514] ? __kvmalloc_node_noprof+0x124/0x620 [ 1135.348683][T24514] should_failslab+0xc2/0x120 [ 1135.348703][T24514] __kvmalloc_node_noprof+0x137/0x620 [ 1135.348727][T24514] ? alloc_netdev_mqs+0xf47/0x1500 [ 1135.348748][T24514] ? alloc_netdev_mqs+0xf47/0x1500 [ 1135.348763][T24514] alloc_netdev_mqs+0xf47/0x1500 [ 1135.348785][T24514] internal_dev_create+0x8a/0x520 [ 1135.348806][T24514] ovs_vport_add+0x147/0x4d0 [ 1135.348824][T24514] new_vport+0x16/0x1d0 [ 1135.348855][T24514] ovs_dp_cmd_new+0x6ba/0xe60 [ 1135.348886][T24514] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1135.348916][T24514] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1135.348948][T24514] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1135.348988][T24514] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1135.349023][T24514] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1135.349069][T24514] ? bpf_lsm_capable+0x9/0x10 [ 1135.349093][T24514] ? security_capable+0x7e/0x260 [ 1135.349131][T24514] ? ns_capable+0xd7/0x110 [ 1135.349161][T24514] genl_rcv_msg+0x55c/0x800 [ 1135.349199][T24514] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1135.349233][T24514] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1135.349275][T24514] netlink_rcv_skb+0x155/0x420 [ 1135.349295][T24514] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1135.349316][T24514] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1135.349341][T24514] ? netlink_deliver_tap+0x1ae/0xd30 [ 1135.349360][T24514] genl_rcv+0x28/0x40 [ 1135.349376][T24514] netlink_unicast+0x5aa/0x870 [ 1135.349396][T24514] ? __pfx_netlink_unicast+0x10/0x10 [ 1135.349412][T24514] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1135.349427][T24514] ? __lock_acquire+0xb97/0x1ce0 [ 1135.349452][T24514] netlink_sendmsg+0x8d1/0xdd0 [ 1135.349472][T24514] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1135.349491][T24514] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1135.349517][T24514] ____sys_sendmsg+0xa95/0xc70 [ 1135.349537][T24514] ? copy_msghdr_from_user+0x10a/0x160 [ 1135.349553][T24514] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1135.349578][T24514] ? __pfx_futex_wake_mark+0x10/0x10 [ 1135.349602][T24514] ___sys_sendmsg+0x134/0x1d0 [ 1135.349620][T24514] ? __pfx____sys_sendmsg+0x10/0x10 [ 1135.349660][T24514] __sys_sendmsg+0x16d/0x220 [ 1135.349676][T24514] ? __pfx___sys_sendmsg+0x10/0x10 [ 1135.349691][T24514] ? __x64_sys_futex+0x1e0/0x4c0 [ 1135.349722][T24514] do_syscall_64+0xcd/0x490 [ 1135.349740][T24514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1135.349755][T24514] RIP: 0033:0x7f50cf98ebe9 [ 1135.349768][T24514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1135.349783][T24514] RSP: 002b:00007f50d0845038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1135.349798][T24514] RAX: ffffffffffffffda RBX: 00007f50cfbb5fa0 RCX: 00007f50cf98ebe9 [ 1135.349808][T24514] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 1135.349818][T24514] RBP: 00007f50cfa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1135.349827][T24514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1135.349836][T24514] R13: 00007f50cfbb6038 R14: 00007f50cfbb5fa0 R15: 00007ffff5122028 [ 1135.349856][T24514] [ 1135.758539][T24506] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4155'. [ 1135.810556][T24517] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1135.838015][T24517] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1136.442679][T24530] openvswitch: HfR: Dropping previously announced user features [ 1137.487954][T24542] FAULT_INJECTION: forcing a failure. [ 1137.487954][T24542] name failslab, interval 1, probability 0, space 0, times 0 [ 1137.518114][T24542] CPU: 0 UID: 0 PID: 24542 Comm: syz.3.4165 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1137.518152][T24542] Tainted: [U]=USER [ 1137.518158][T24542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1137.518167][T24542] Call Trace: [ 1137.518173][T24542] [ 1137.518180][T24542] dump_stack_lvl+0x16c/0x1f0 [ 1137.518202][T24542] should_fail_ex+0x512/0x640 [ 1137.518220][T24542] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 1137.518243][T24542] should_failslab+0xc2/0x120 [ 1137.518264][T24542] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 1137.518283][T24542] ? kstrdup_const+0x63/0x80 [ 1137.518304][T24542] kstrdup+0x53/0x100 [ 1137.518322][T24542] kstrdup_const+0x63/0x80 [ 1137.518339][T24542] __kernfs_new_node+0x9b/0x8e0 [ 1137.518360][T24542] ? __pfx___kernfs_new_node+0x10/0x10 [ 1137.518384][T24542] ? find_held_lock+0x2b/0x80 [ 1137.518399][T24542] ? kernfs_root+0xee/0x2a0 [ 1137.518421][T24542] kernfs_new_node+0x13c/0x1e0 [ 1137.518445][T24542] kernfs_create_link+0xcc/0x240 [ 1137.518461][T24542] sysfs_do_create_link_sd+0x90/0x140 [ 1137.518481][T24542] sysfs_create_link+0x61/0xc0 [ 1137.518498][T24542] device_add+0x62c/0x1aa0 [ 1137.518521][T24542] ? __pfx_device_add+0x10/0x10 [ 1137.518539][T24542] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1137.518562][T24542] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1137.518590][T24542] wiphy_register+0x1df4/0x29f0 [ 1137.518606][T24542] ? netdev_run_todo+0x864/0x1320 [ 1137.518624][T24542] ? __dev_printk+0x190/0x270 [ 1137.518643][T24542] ? __pfx_wiphy_register+0x10/0x10 [ 1137.518666][T24542] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 1137.518686][T24542] ieee80211_register_hw+0x24a9/0x4060 [ 1137.518713][T24542] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1137.518732][T24542] ? find_held_lock+0x2b/0x80 [ 1137.518747][T24542] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1137.518768][T24542] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1137.518785][T24542] ? __hrtimer_setup+0x176/0x280 [ 1137.518808][T24542] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1137.518841][T24542] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1137.518868][T24542] hwsim_new_radio_nl+0xb51/0x12c0 [ 1137.518891][T24542] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1137.518917][T24542] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1137.518937][T24542] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1137.518961][T24542] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1137.518982][T24542] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1137.519008][T24542] ? bpf_lsm_capable+0x9/0x10 [ 1137.519021][T24542] ? security_capable+0x7e/0x260 [ 1137.519043][T24542] ? ns_capable+0xd7/0x110 [ 1137.519061][T24542] genl_rcv_msg+0x55c/0x800 [ 1137.519081][T24542] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1137.519101][T24542] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1137.519134][T24542] netlink_rcv_skb+0x155/0x420 [ 1137.519153][T24542] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1137.519173][T24542] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1137.519199][T24542] ? netlink_deliver_tap+0x1ae/0xd30 [ 1137.519222][T24542] genl_rcv+0x28/0x40 [ 1137.519238][T24542] netlink_unicast+0x5aa/0x870 [ 1137.519257][T24542] ? __pfx_netlink_unicast+0x10/0x10 [ 1137.519273][T24542] ? __pfx___might_resched+0x10/0x10 [ 1137.519289][T24542] ? __lock_acquire+0xb97/0x1ce0 [ 1137.519313][T24542] netlink_sendmsg+0x8d1/0xdd0 [ 1137.519333][T24542] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1137.519352][T24542] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1137.519377][T24542] ____sys_sendmsg+0xa95/0xc70 [ 1137.519398][T24542] ? copy_msghdr_from_user+0x10a/0x160 [ 1137.519414][T24542] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1137.519437][T24542] ? __pfx_futex_wake_mark+0x10/0x10 [ 1137.519461][T24542] ___sys_sendmsg+0x134/0x1d0 [ 1137.519478][T24542] ? __pfx____sys_sendmsg+0x10/0x10 [ 1137.519519][T24542] __sys_sendmsg+0x16d/0x220 [ 1137.519535][T24542] ? __pfx___sys_sendmsg+0x10/0x10 [ 1137.519550][T24542] ? __x64_sys_futex+0x1e0/0x4c0 [ 1137.519580][T24542] do_syscall_64+0xcd/0x490 [ 1137.519599][T24542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1137.519614][T24542] RIP: 0033:0x7ff04438ebe9 [ 1137.519628][T24542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1137.519643][T24542] RSP: 002b:00007ff0451c3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1137.519658][T24542] RAX: ffffffffffffffda RBX: 00007ff0445b5fa0 RCX: 00007ff04438ebe9 [ 1137.519669][T24542] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1137.519679][T24542] RBP: 00007ff044411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1137.519688][T24542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1137.519698][T24542] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1137.519718][T24542] [ 1137.987413][T16542] Bluetooth: hci0: command 0x0406 tx timeout [ 1137.994053][T16542] Bluetooth: hci4: command 0x0406 tx timeout [ 1138.889591][T24546] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1138.889757][T24546] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1139.757276][T24567] FAULT_INJECTION: forcing a failure. [ 1139.757276][T24567] name failslab, interval 1, probability 0, space 0, times 0 [ 1139.770080][T24567] CPU: 0 UID: 0 PID: 24567 Comm: syz.3.4170 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1139.770128][T24567] Tainted: [U]=USER [ 1139.770138][T24567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1139.770154][T24567] Call Trace: [ 1139.770164][T24567] [ 1139.770174][T24567] dump_stack_lvl+0x16c/0x1f0 [ 1139.770210][T24567] should_fail_ex+0x512/0x640 [ 1139.770240][T24567] ? __kmalloc_noprof+0xbf/0x510 [ 1139.770273][T24567] ? sk_prot_alloc+0x1a8/0x2a0 [ 1139.770305][T24567] should_failslab+0xc2/0x120 [ 1139.770339][T24567] __kmalloc_noprof+0xd2/0x510 [ 1139.770368][T24567] ? evm_inode_alloc_security+0x49/0xc0 [ 1139.770415][T24567] sk_prot_alloc+0x1a8/0x2a0 [ 1139.770452][T24567] sk_alloc+0x36/0xc20 [ 1139.770481][T24567] __netlink_create+0x5e/0x2c0 [ 1139.770522][T24567] __netlink_kernel_create+0xed/0x750 [ 1139.770553][T24567] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1139.770594][T24567] uevent_net_init+0xf8/0x350 [ 1139.770628][T24567] ? __pfx_uevent_net_init+0x10/0x10 [ 1139.770663][T24567] ? __pfx_uevent_net_rcv+0x10/0x10 [ 1139.770708][T24567] ? __pfx_uevent_net_init+0x10/0x10 [ 1139.770738][T24567] ops_init+0x1e2/0x5f0 [ 1139.770772][T24567] setup_net+0x10f/0x380 [ 1139.770799][T24567] ? lockdep_init_map_type+0x5c/0x280 [ 1139.770834][T24567] ? __pfx_setup_net+0x10/0x10 [ 1139.770866][T24567] ? debug_mutex_init+0x37/0x70 [ 1139.770901][T24567] copy_net_ns+0x2a6/0x5f0 [ 1139.770937][T24567] create_new_namespaces+0x3ea/0xa90 [ 1139.770977][T24567] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1139.771021][T24567] ksys_unshare+0x45b/0xa40 [ 1139.771056][T24567] ? __pfx_ksys_unshare+0x10/0x10 [ 1139.771089][T24567] ? xfd_validate_state+0x61/0x180 [ 1139.771135][T24567] __x64_sys_unshare+0x31/0x40 [ 1139.771168][T24567] do_syscall_64+0xcd/0x490 [ 1139.771201][T24567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1139.771227][T24567] RIP: 0033:0x7ff04438ebe9 [ 1139.771248][T24567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1139.771276][T24567] RSP: 002b:00007ff0451c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1139.771303][T24567] RAX: ffffffffffffffda RBX: 00007ff0445b5fa0 RCX: 00007ff04438ebe9 [ 1139.771322][T24567] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1139.771339][T24567] RBP: 00007ff044411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1139.771356][T24567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1139.771370][T24567] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1139.771404][T24567] [ 1139.772944][T24567] kobject_uevent: unable to create netlink socket! [ 1140.926277][T22205] Bluetooth: hci0: command 0x0406 tx timeout [ 1140.932296][T16542] Bluetooth: hci4: command 0x0406 tx timeout [ 1140.994770][T24591] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4174'. [ 1141.088936][T24585] svc: failed to register nfsdv3 RPC service (errno 111). [ 1141.136221][T24585] svc: failed to register nfsaclv3 RPC service (errno 111). [ 1142.305926][T24610] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1142.313083][T24610] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1143.676284][T24628] openvswitch: HfR: Dropping previously announced user features [ 1143.785071][T24628] FAULT_INJECTION: forcing a failure. [ 1143.785071][T24628] name failslab, interval 1, probability 0, space 0, times 0 [ 1143.867610][T24628] CPU: 1 UID: 0 PID: 24628 Comm: syz.2.4180 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1143.867642][T24628] Tainted: [U]=USER [ 1143.867647][T24628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1143.867657][T24628] Call Trace: [ 1143.867663][T24628] [ 1143.867670][T24628] dump_stack_lvl+0x16c/0x1f0 [ 1143.867692][T24628] should_fail_ex+0x512/0x640 [ 1143.867711][T24628] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1143.867740][T24628] should_failslab+0xc2/0x120 [ 1143.867760][T24628] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1143.867778][T24628] ? __alloc_skb+0x2b2/0x380 [ 1143.867796][T24628] __alloc_skb+0x2b2/0x380 [ 1143.867811][T24628] ? __pfx___alloc_skb+0x10/0x10 [ 1143.867825][T24628] ? genl_rcv_msg+0x4f0/0x800 [ 1143.867843][T24628] ? genl_rcv_msg+0x4bb/0x800 [ 1143.867867][T24628] netlink_ack+0x15d/0xb80 [ 1143.867890][T24628] netlink_rcv_skb+0x332/0x420 [ 1143.867906][T24628] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1143.867925][T24628] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1143.867949][T24628] ? netlink_deliver_tap+0x1ae/0xd30 [ 1143.867966][T24628] genl_rcv+0x28/0x40 [ 1143.867983][T24628] netlink_unicast+0x5aa/0x870 [ 1143.868001][T24628] ? __pfx_netlink_unicast+0x10/0x10 [ 1143.868018][T24628] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1143.868033][T24628] ? __lock_acquire+0xb97/0x1ce0 [ 1143.868056][T24628] netlink_sendmsg+0x8d1/0xdd0 [ 1143.868076][T24628] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1143.868094][T24628] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1143.868120][T24628] ____sys_sendmsg+0xa95/0xc70 [ 1143.868141][T24628] ? copy_msghdr_from_user+0x10a/0x160 [ 1143.868156][T24628] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1143.868184][T24628] ___sys_sendmsg+0x134/0x1d0 [ 1143.868201][T24628] ? __pfx____sys_sendmsg+0x10/0x10 [ 1143.868240][T24628] __sys_sendmsg+0x16d/0x220 [ 1143.868256][T24628] ? __pfx___sys_sendmsg+0x10/0x10 [ 1143.868272][T24628] ? __x64_sys_futex+0x1e0/0x4c0 [ 1143.868302][T24628] do_syscall_64+0xcd/0x490 [ 1143.868319][T24628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1143.868335][T24628] RIP: 0033:0x7f71f7d8ebe9 [ 1143.868348][T24628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1143.868362][T24628] RSP: 002b:00007f71f8c57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1143.868377][T24628] RAX: ffffffffffffffda RBX: 00007f71f7fb5fa0 RCX: 00007f71f7d8ebe9 [ 1143.868388][T24628] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 1143.868397][T24628] RBP: 00007f71f7e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1143.868406][T24628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1143.868415][T24628] R13: 00007f71f7fb6038 R14: 00007f71f7fb5fa0 R15: 00007ffed37d5a58 [ 1143.868435][T24628] [ 1144.366510][T22205] Bluetooth: hci0: command 0x0406 tx timeout [ 1144.372634][T16542] Bluetooth: hci4: command 0x0406 tx timeout [ 1144.541181][T24648] FAULT_INJECTION: forcing a failure. [ 1144.541181][T24648] name failslab, interval 1, probability 0, space 0, times 0 [ 1144.676387][T24648] CPU: 0 UID: 0 PID: 24648 Comm: syz.2.4183 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1144.676434][T24648] Tainted: [U]=USER [ 1144.676444][T24648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1144.676461][T24648] Call Trace: [ 1144.676470][T24648] [ 1144.676481][T24648] dump_stack_lvl+0x16c/0x1f0 [ 1144.676516][T24648] should_fail_ex+0x512/0x640 [ 1144.676548][T24648] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1144.676585][T24648] should_failslab+0xc2/0x120 [ 1144.676618][T24648] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1144.676649][T24648] ? copy_net_ns+0xe8/0x5f0 [ 1144.676688][T24648] copy_net_ns+0xe8/0x5f0 [ 1144.676724][T24648] ? copy_cgroup_ns+0x71/0x700 [ 1144.676756][T24648] create_new_namespaces+0x3ea/0xa90 [ 1144.676795][T24648] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1144.676827][T24648] ksys_unshare+0x45b/0xa40 [ 1144.676862][T24648] ? __pfx_ksys_unshare+0x10/0x10 [ 1144.676896][T24648] ? xfd_validate_state+0x61/0x180 [ 1144.676943][T24648] __x64_sys_unshare+0x31/0x40 [ 1144.676976][T24648] do_syscall_64+0xcd/0x490 [ 1144.677007][T24648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1144.677035][T24648] RIP: 0033:0x7f71f7d8ebe9 [ 1144.677056][T24648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1144.677081][T24648] RSP: 002b:00007f71f8c57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1144.677106][T24648] RAX: ffffffffffffffda RBX: 00007f71f7fb5fa0 RCX: 00007f71f7d8ebe9 [ 1144.677124][T24648] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1144.677141][T24648] RBP: 00007f71f7e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1144.677157][T24648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1144.677173][T24648] R13: 00007f71f7fb6038 R14: 00007f71f7fb5fa0 R15: 00007ffed37d5a58 [ 1144.677208][T24648] [ 1144.981385][T24652] FAULT_INJECTION: forcing a failure. [ 1144.981385][T24652] name failslab, interval 1, probability 0, space 0, times 0 [ 1144.995340][T24652] CPU: 1 UID: 0 PID: 24652 Comm: syz.3.4184 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1144.995384][T24652] Tainted: [U]=USER [ 1144.995392][T24652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1144.995419][T24652] Call Trace: [ 1144.995429][T24652] [ 1144.995439][T24652] dump_stack_lvl+0x16c/0x1f0 [ 1144.995473][T24652] should_fail_ex+0x512/0x640 [ 1144.995503][T24652] ? __kvmalloc_node_noprof+0x124/0x620 [ 1144.995538][T24652] should_failslab+0xc2/0x120 [ 1144.995572][T24652] __kvmalloc_node_noprof+0x137/0x620 [ 1144.995603][T24652] ? alloc_netdev_mqs+0xf47/0x1500 [ 1144.995639][T24652] ? alloc_netdev_mqs+0xf47/0x1500 [ 1144.995666][T24652] alloc_netdev_mqs+0xf47/0x1500 [ 1144.995705][T24652] internal_dev_create+0x8a/0x520 [ 1144.995739][T24652] ovs_vport_add+0x147/0x4d0 [ 1144.995771][T24652] new_vport+0x16/0x1d0 [ 1144.995809][T24652] ovs_dp_cmd_new+0x6ba/0xe60 [ 1144.995844][T24652] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1144.995877][T24652] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1144.995913][T24652] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1144.995955][T24652] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1144.995991][T24652] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1144.996037][T24652] ? bpf_lsm_capable+0x9/0x10 [ 1144.996060][T24652] ? security_capable+0x7e/0x260 [ 1144.996097][T24652] ? ns_capable+0xd7/0x110 [ 1144.996129][T24652] genl_rcv_msg+0x55c/0x800 [ 1144.996166][T24652] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1144.996196][T24652] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1144.996230][T24652] netlink_rcv_skb+0x155/0x420 [ 1144.996254][T24652] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1144.996284][T24652] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1144.996323][T24652] ? netlink_deliver_tap+0x1ae/0xd30 [ 1144.996350][T24652] genl_rcv+0x28/0x40 [ 1144.996373][T24652] netlink_unicast+0x5aa/0x870 [ 1144.996412][T24652] ? __pfx_netlink_unicast+0x10/0x10 [ 1144.996440][T24652] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1144.996465][T24652] ? __lock_acquire+0xb97/0x1ce0 [ 1144.996502][T24652] netlink_sendmsg+0x8d1/0xdd0 [ 1144.996538][T24652] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1144.996572][T24652] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1144.996617][T24652] ____sys_sendmsg+0xa95/0xc70 [ 1144.996651][T24652] ? copy_msghdr_from_user+0x10a/0x160 [ 1144.996680][T24652] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1144.996731][T24652] ___sys_sendmsg+0x134/0x1d0 [ 1144.996761][T24652] ? __pfx____sys_sendmsg+0x10/0x10 [ 1144.996836][T24652] __sys_sendmsg+0x16d/0x220 [ 1144.996864][T24652] ? __pfx___sys_sendmsg+0x10/0x10 [ 1144.996891][T24652] ? __x64_sys_futex+0x1e0/0x4c0 [ 1144.996945][T24652] do_syscall_64+0xcd/0x490 [ 1144.996978][T24652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1144.997004][T24652] RIP: 0033:0x7ff04438ebe9 [ 1144.997028][T24652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1144.997055][T24652] RSP: 002b:00007ff0451c3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1144.997080][T24652] RAX: ffffffffffffffda RBX: 00007ff0445b5fa0 RCX: 00007ff04438ebe9 [ 1144.997100][T24652] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 1144.997117][T24652] RBP: 00007ff044411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1144.997133][T24652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1144.997148][T24652] R13: 00007ff0445b6038 R14: 00007ff0445b5fa0 R15: 00007ffffe735a98 [ 1144.997186][T24652] [ 1145.706389][T24667] FAULT_INJECTION: forcing a failure. [ 1145.706389][T24667] name failslab, interval 1, probability 0, space 0, times 0 [ 1145.727121][T24667] CPU: 0 UID: 8 PID: 24667 Comm: syz.3.4188 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1145.727160][T24667] Tainted: [U]=USER [ 1145.727168][T24667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1145.727182][T24667] Call Trace: [ 1145.727191][T24667] [ 1145.727202][T24667] dump_stack_lvl+0x16c/0x1f0 [ 1145.727234][T24667] should_fail_ex+0x512/0x640 [ 1145.727266][T24667] should_failslab+0xc2/0x120 [ 1145.727297][T24667] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1145.727326][T24667] ? skb_clone+0x190/0x3f0 [ 1145.727357][T24667] skb_clone+0x190/0x3f0 [ 1145.727384][T24667] netlink_deliver_tap+0xabd/0xd30 [ 1145.727421][T24667] netlink_dump+0xa5f/0xd30 [ 1145.727451][T24667] ? __pfx_netlink_dump+0x10/0x10 [ 1145.727475][T24667] ? rcu_is_watching+0x12/0xc0 [ 1145.727522][T24667] ? kfree_skbmem+0x1a4/0x1f0 [ 1145.727558][T24667] netlink_recvmsg+0x7dc/0xa90 [ 1145.727587][T24667] ? __pfx_netlink_recvmsg+0x10/0x10 [ 1145.727614][T24667] ? __fget_files+0x204/0x3c0 [ 1145.727652][T24667] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1145.727697][T24667] sock_recvmsg+0x1f9/0x250 [ 1145.727730][T24667] __sys_recvfrom+0x203/0x310 [ 1145.727757][T24667] ? __pfx___sys_recvfrom+0x10/0x10 [ 1145.727814][T24667] ? ksys_write+0x1ac/0x250 [ 1145.727841][T24667] ? __pfx_ksys_write+0x10/0x10 [ 1145.727875][T24667] __x64_sys_recvfrom+0xe0/0x1c0 [ 1145.727899][T24667] ? do_syscall_64+0x91/0x490 [ 1145.727926][T24667] ? lockdep_hardirqs_on+0x7c/0x110 [ 1145.727951][T24667] do_syscall_64+0xcd/0x490 [ 1145.727981][T24667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1145.728006][T24667] RIP: 0033:0x7ff0443909b4 [ 1145.728026][T24667] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04 [ 1145.728050][T24667] RSP: 002b:00007ff04517fed0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 1145.728074][T24667] RAX: ffffffffffffffda RBX: 00007ff04517ffc0 RCX: 00007ff0443909b4 [ 1145.728092][T24667] RDX: 0000000000001000 RSI: 00007ff045180010 RDI: 0000000000000004 [ 1145.728107][T24667] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1145.728122][T24667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1145.728137][T24667] R13: 00007ff04517ff68 R14: 00007ff045180010 R15: 0000000000000000 [ 1145.728172][T24667] [ 1146.554891][T24669] binder: 24653:24669 ioctl c00c620f 200000000000 returned -22 [ 1149.676939][T24722] FAULT_INJECTION: forcing a failure. [ 1149.676939][T24722] name failslab, interval 1, probability 0, space 0, times 0 [ 1149.689726][T24722] CPU: 1 UID: 0 PID: 24722 Comm: syz.1.4199 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1149.689768][T24722] Tainted: [U]=USER [ 1149.689777][T24722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1149.689791][T24722] Call Trace: [ 1149.689800][T24722] [ 1149.689811][T24722] dump_stack_lvl+0x16c/0x1f0 [ 1149.689845][T24722] should_fail_ex+0x512/0x640 [ 1149.689873][T24722] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1149.689907][T24722] should_failslab+0xc2/0x120 [ 1149.689938][T24722] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1149.689968][T24722] ? __alloc_skb+0x2b2/0x380 [ 1149.689998][T24722] __alloc_skb+0x2b2/0x380 [ 1149.690024][T24722] ? __pfx___alloc_skb+0x10/0x10 [ 1149.690052][T24722] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1149.690078][T24722] ? __lock_acquire+0xb97/0x1ce0 [ 1149.690115][T24722] netlink_alloc_large_skb+0x69/0x130 [ 1149.690154][T24722] netlink_sendmsg+0x6a1/0xdd0 [ 1149.690187][T24722] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1149.690220][T24722] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1149.690263][T24722] ____sys_sendmsg+0xa95/0xc70 [ 1149.690297][T24722] ? copy_msghdr_from_user+0x10a/0x160 [ 1149.690324][T24722] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1149.690372][T24722] ___sys_sendmsg+0x134/0x1d0 [ 1149.690402][T24722] ? __pfx____sys_sendmsg+0x10/0x10 [ 1149.690458][T24722] ? __mutex_unlock_slowpath+0x140/0x800 [ 1149.690497][T24722] __sys_sendmsg+0x16d/0x220 [ 1149.690525][T24722] ? __pfx___sys_sendmsg+0x10/0x10 [ 1149.690576][T24722] do_syscall_64+0xcd/0x490 [ 1149.690606][T24722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1149.690633][T24722] RIP: 0033:0x7fbcc758ebe9 [ 1149.690653][T24722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1149.690677][T24722] RSP: 002b:00007fbcc8315038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1149.690701][T24722] RAX: ffffffffffffffda RBX: 00007fbcc77b5fa0 RCX: 00007fbcc758ebe9 [ 1149.690719][T24722] RDX: 00000000000000c4 RSI: 0000200000000080 RDI: 0000000000000003 [ 1149.690735][T24722] RBP: 00007fbcc8315090 R08: 0000000000000000 R09: 0000000000000000 [ 1149.690752][T24722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1149.690768][T24722] R13: 00007fbcc77b6038 R14: 00007fbcc77b5fa0 R15: 00007ffdbd9cb3f8 [ 1149.690802][T24722] [ 1151.221368][T16542] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1151.236485][T16542] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1151.249431][T16542] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1151.262748][T16542] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1151.278326][T16542] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1152.399295][T19606] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1152.675994][T19606] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1152.805094][T24742] chnl_net:caif_netlink_parms(): no params data found [ 1152.977726][T19606] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1153.400176][T22205] Bluetooth: hci3: command tx timeout [ 1153.466454][T19606] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1154.155237][T24742] bridge0: port 1(bridge_slave_0) entered blocking state [ 1154.170971][T24742] bridge0: port 1(bridge_slave_0) entered disabled state [ 1154.189750][T24742] bridge_slave_0: entered allmulticast mode [ 1154.200867][T24742] bridge_slave_0: entered promiscuous mode [ 1154.318807][T24742] bridge0: port 2(bridge_slave_1) entered blocking state [ 1154.327060][T24742] bridge0: port 2(bridge_slave_1) entered disabled state [ 1154.344029][T24742] bridge_slave_1: entered allmulticast mode [ 1154.400115][T24742] bridge_slave_1: entered promiscuous mode [ 1154.950847][T24742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1155.043858][T24742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1155.295330][T24742] team0: Port device team_slave_0 added [ 1155.499541][T22205] Bluetooth: hci3: command tx timeout [ 1155.620664][T24742] team0: Port device team_slave_1 added [ 1155.847223][T19606] bridge_slave_1: left allmulticast mode [ 1155.856135][T19606] bridge_slave_1: left promiscuous mode [ 1155.883770][T19606] bridge0: port 2(bridge_slave_1) entered disabled state [ 1155.914575][T19606] bridge_slave_0: left allmulticast mode [ 1155.914596][T19606] bridge_slave_0: left promiscuous mode [ 1155.914728][T19606] bridge0: port 1(bridge_slave_0) entered disabled state [ 1157.310937][T24835] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4215'. [ 1157.558931][T22205] Bluetooth: hci3: command tx timeout [ 1157.602336][T19606] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1157.621058][T19606] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1157.640659][T19606] bond0 (unregistering): Released all slaves [ 1157.676114][T24742] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1157.699056][T24742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1157.746001][T24742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1157.847264][T24742] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1157.861625][T24742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1157.923574][T24742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1157.950662][T19606] HfR: left promiscuous mode [ 1158.461507][T24742] hsr_slave_0: entered promiscuous mode [ 1158.509310][T24742] hsr_slave_1: entered promiscuous mode [ 1158.520055][T24742] debugfs: 'hsr0' already exists in 'hsr' [ 1158.526108][T24742] Cannot create hsr debugfs directory [ 1159.637374][T22205] Bluetooth: hci3: command tx timeout [ 1159.676141][T24875] FAULT_INJECTION: forcing a failure. [ 1159.676141][T24875] name failslab, interval 1, probability 0, space 0, times 0 [ 1159.690408][T24875] CPU: 0 UID: 0 PID: 24875 Comm: syz.0.4222 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1159.690436][T24875] Tainted: [U]=USER [ 1159.690441][T24875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1159.690451][T24875] Call Trace: [ 1159.690458][T24875] [ 1159.690464][T24875] dump_stack_lvl+0x16c/0x1f0 [ 1159.690486][T24875] should_fail_ex+0x512/0x640 [ 1159.690504][T24875] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1159.690525][T24875] should_failslab+0xc2/0x120 [ 1159.690544][T24875] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1159.690562][T24875] ? alloc_inode+0x61/0x240 [ 1159.690586][T24875] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 1159.690599][T24875] alloc_inode+0x61/0x240 [ 1159.690618][T24875] new_inode+0x22/0x1c0 [ 1159.690639][T24875] __debugfs_create_file+0x11c/0x6b0 [ 1159.690657][T24875] debugfs_create_file_full+0x41/0x60 [ 1159.690673][T24875] ? __pfx_do_setup+0x10/0x10 [ 1159.690689][T24875] ref_tracker_dir_debugfs+0x19d/0x290 [ 1159.690707][T24875] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1159.690748][T24875] ? __kvmalloc_node_noprof+0x298/0x620 [ 1159.690764][T24875] ? trace_kmalloc+0x2b/0xd0 [ 1159.690787][T24875] ? lockdep_init_map_type+0x5c/0x280 [ 1159.690812][T24875] alloc_netdev_mqs+0x30f/0x1500 [ 1159.690835][T24875] internal_dev_create+0x8a/0x520 [ 1159.690855][T24875] ovs_vport_add+0x147/0x4d0 [ 1159.690873][T24875] new_vport+0x16/0x1d0 [ 1159.690895][T24875] ovs_dp_cmd_new+0x6ba/0xe60 [ 1159.690914][T24875] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1159.690932][T24875] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1159.690953][T24875] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1159.690978][T24875] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1159.690998][T24875] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1159.691024][T24875] ? bpf_lsm_capable+0x9/0x10 [ 1159.691038][T24875] ? security_capable+0x7e/0x260 [ 1159.691060][T24875] ? ns_capable+0xd7/0x110 [ 1159.691077][T24875] genl_rcv_msg+0x55c/0x800 [ 1159.691098][T24875] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1159.691117][T24875] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1159.691138][T24875] netlink_rcv_skb+0x155/0x420 [ 1159.691154][T24875] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1159.691173][T24875] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1159.691198][T24875] ? netlink_deliver_tap+0x1ae/0xd30 [ 1159.691217][T24875] genl_rcv+0x28/0x40 [ 1159.691233][T24875] netlink_unicast+0x5aa/0x870 [ 1159.691253][T24875] ? __pfx_netlink_unicast+0x10/0x10 [ 1159.691270][T24875] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1159.691284][T24875] ? __lock_acquire+0xb97/0x1ce0 [ 1159.691308][T24875] netlink_sendmsg+0x8d1/0xdd0 [ 1159.691328][T24875] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1159.691347][T24875] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1159.691372][T24875] ____sys_sendmsg+0xa95/0xc70 [ 1159.691393][T24875] ? copy_msghdr_from_user+0x10a/0x160 [ 1159.691409][T24875] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1159.691433][T24875] ? __pfx_futex_wake_mark+0x10/0x10 [ 1159.691457][T24875] ___sys_sendmsg+0x134/0x1d0 [ 1159.691475][T24875] ? __pfx____sys_sendmsg+0x10/0x10 [ 1159.691515][T24875] __sys_sendmsg+0x16d/0x220 [ 1159.691531][T24875] ? __pfx___sys_sendmsg+0x10/0x10 [ 1159.691546][T24875] ? __x64_sys_futex+0x1e0/0x4c0 [ 1159.691575][T24875] do_syscall_64+0xcd/0x490 [ 1159.691594][T24875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1159.691610][T24875] RIP: 0033:0x7f50cf98ebe9 [ 1159.691623][T24875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1159.691638][T24875] RSP: 002b:00007f50d0845038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1159.691653][T24875] RAX: ffffffffffffffda RBX: 00007f50cfbb5fa0 RCX: 00007f50cf98ebe9 [ 1159.691664][T24875] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 1159.691674][T24875] RBP: 00007f50cfa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1159.691683][T24875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1159.691692][T24875] R13: 00007f50cfbb6038 R14: 00007f50cfbb5fa0 R15: 00007ffff5122028 [ 1159.691712][T24875] [ 1159.691720][T24875] debugfs: out of free dentries, can not create file 'netdev@ffff88807ba4c610' [ 1160.247981][T24875] openvswitch: HfR: Dropping previously announced user features [ 1161.058721][T24890] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1161.123141][T24890] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1161.151245][T24890] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1161.182585][T24890] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1161.378086][T24899] tc_dump_action: action bad kind [ 1162.166738][T24742] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1162.180360][T24742] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1162.244330][T24919] FAULT_INJECTION: forcing a failure. [ 1162.244330][T24919] name failslab, interval 1, probability 0, space 0, times 0 [ 1162.285356][T24919] CPU: 0 UID: 0 PID: 24919 Comm: syz.0.4234 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1162.285400][T24919] Tainted: [U]=USER [ 1162.285409][T24919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1162.285423][T24919] Call Trace: [ 1162.285433][T24919] [ 1162.285442][T24919] dump_stack_lvl+0x16c/0x1f0 [ 1162.285479][T24919] should_fail_ex+0x512/0x640 [ 1162.285510][T24919] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1162.285553][T24919] should_failslab+0xc2/0x120 [ 1162.285588][T24919] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1162.285621][T24919] ? sk_prot_alloc+0x60/0x2a0 [ 1162.285658][T24919] sk_prot_alloc+0x60/0x2a0 [ 1162.285692][T24919] sk_alloc+0x36/0xc20 [ 1162.285719][T24919] tipc_sk_create+0xcf/0x21a0 [ 1162.285762][T24919] ? find_held_lock+0x2b/0x80 [ 1162.285789][T24919] ? __sock_create+0x2f2/0x8d0 [ 1162.285828][T24919] __sock_create+0x335/0x8d0 [ 1162.285868][T24919] __sys_socket+0x14d/0x260 [ 1162.285903][T24919] ? __pfx___sys_socket+0x10/0x10 [ 1162.285938][T24919] ? xfd_validate_state+0x61/0x180 [ 1162.285981][T24919] __x64_sys_socket+0x72/0xb0 [ 1162.286014][T24919] ? lockdep_hardirqs_on+0x7c/0x110 [ 1162.286042][T24919] do_syscall_64+0xcd/0x490 [ 1162.286073][T24919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1162.286100][T24919] RIP: 0033:0x7f50cf98ebe9 [ 1162.286122][T24919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1162.286146][T24919] RSP: 002b:00007f50d0803038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1162.286171][T24919] RAX: ffffffffffffffda RBX: 00007f50cfbb6180 RCX: 00007f50cf98ebe9 [ 1162.286189][T24919] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 1162.286206][T24919] RBP: 00007f50cfa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1162.286222][T24919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1162.286238][T24919] R13: 00007f50cfbb6218 R14: 00007f50cfbb6180 R15: 00007ffff5122028 [ 1162.286275][T24919] [ 1162.495205][T24742] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1162.620296][T19606] hsr_slave_0: left promiscuous mode [ 1162.627324][T19606] hsr_slave_1: left promiscuous mode [ 1162.633643][T19606] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1162.641342][T19606] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1162.652829][T19606] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1162.660985][T19606] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1162.721254][T19606] veth1_macvtap: left promiscuous mode [ 1162.726997][T19606] veth0_macvtap: left promiscuous mode [ 1162.737345][T19606] veth1_vlan: left promiscuous mode [ 1162.742935][T19606] veth0_vlan: left promiscuous mode [ 1162.975439][T24923] FAULT_INJECTION: forcing a failure. [ 1162.975439][T24923] name failslab, interval 1, probability 0, space 0, times 0 [ 1162.988423][T24923] CPU: 1 UID: 0 PID: 24923 Comm: syz.1.4228 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1162.988471][T24923] Tainted: [U]=USER [ 1162.988480][T24923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1162.988496][T24923] Call Trace: [ 1162.988508][T24923] [ 1162.988520][T24923] dump_stack_lvl+0x16c/0x1f0 [ 1162.988558][T24923] should_fail_ex+0x512/0x640 [ 1162.988590][T24923] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1162.988627][T24923] should_failslab+0xc2/0x120 [ 1162.988663][T24923] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1162.988696][T24923] ? sock_alloc_inode+0x25/0x1c0 [ 1162.988734][T24923] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1162.988764][T24923] sock_alloc_inode+0x25/0x1c0 [ 1162.988791][T24923] alloc_inode+0x61/0x240 [ 1162.988826][T24923] sock_alloc+0x40/0x280 [ 1162.988858][T24923] sock_create_lite+0x82/0x120 [ 1162.988892][T24923] __netlink_kernel_create+0xbd/0x750 [ 1162.988924][T24923] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1162.988964][T24923] uevent_net_init+0xf8/0x350 [ 1162.989000][T24923] ? __pfx_uevent_net_init+0x10/0x10 [ 1162.989036][T24923] ? __pfx_uevent_net_rcv+0x10/0x10 [ 1162.989079][T24923] ? __pfx_uevent_net_init+0x10/0x10 [ 1162.989107][T24923] ops_init+0x1e2/0x5f0 [ 1162.989140][T24923] setup_net+0x10f/0x380 [ 1162.989170][T24923] ? lockdep_init_map_type+0x5c/0x280 [ 1162.989209][T24923] ? __pfx_setup_net+0x10/0x10 [ 1162.989236][T24923] ? debug_mutex_init+0x37/0x70 [ 1162.989267][T24923] copy_net_ns+0x2a6/0x5f0 [ 1162.989307][T24923] create_new_namespaces+0x3ea/0xa90 [ 1162.989368][T24923] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1162.989403][T24923] ksys_unshare+0x45b/0xa40 [ 1162.989443][T24923] ? __pfx_ksys_unshare+0x10/0x10 [ 1162.989480][T24923] ? xfd_validate_state+0x61/0x180 [ 1162.989528][T24923] __x64_sys_unshare+0x31/0x40 [ 1162.989562][T24923] do_syscall_64+0xcd/0x490 [ 1162.989595][T24923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1162.989623][T24923] RIP: 0033:0x7fbcc758ebe9 [ 1162.989649][T24923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1162.989677][T24923] RSP: 002b:00007fbcc8315038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1162.989703][T24923] RAX: ffffffffffffffda RBX: 00007fbcc77b5fa0 RCX: 00007fbcc758ebe9 [ 1162.989722][T24923] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1162.989740][T24923] RBP: 00007fbcc7611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1162.989757][T24923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1162.989774][T24923] R13: 00007fbcc77b6038 R14: 00007fbcc77b5fa0 R15: 00007ffdbd9cb3f8 [ 1162.989812][T24923] [ 1162.989828][T24923] kobject_uevent: unable to create netlink socket! [ 1163.085488][T22205] Bluetooth: hci4: command 0x0406 tx timeout [ 1163.280559][T16542] Bluetooth: hci3: command 0x0c1a tx timeout [ 1163.883251][T19606] team0 (unregistering): Port device team_slave_1 removed [ 1163.951709][T19606] team0 (unregistering): Port device team_slave_0 removed [ 1164.352038][T24938] binder: 24933:24938 ioctl c00c620f 200000000000 returned -22 [ 1164.791776][T24742] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1165.315247][T22205] Bluetooth: hci3: command 0x0c1a tx timeout [ 1165.981478][T24959] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4232'. [ 1166.029686][T24742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1166.064665][T24960] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4232'. [ 1166.119311][T24742] 8021q: adding VLAN 0 to HW filter on device team0 [ 1166.159571][T24960] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4232'. [ 1166.196146][T14344] bridge0: port 1(bridge_slave_0) entered blocking state [ 1166.203258][T14344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1166.372661][T14344] bridge0: port 2(bridge_slave_1) entered blocking state [ 1166.379921][T14344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1167.196008][T24998] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4239'. [ 1167.287223][T24742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1167.393161][T22205] Bluetooth: hci3: command 0x0c1a tx timeout [ 1167.579061][T24742] veth0_vlan: entered promiscuous mode [ 1167.589233][T24742] veth1_vlan: entered promiscuous mode [ 1167.605794][T24742] veth0_macvtap: entered promiscuous mode [ 1167.613303][T24742] veth1_macvtap: entered promiscuous mode [ 1167.622645][T24742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1167.625374][T24742] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1167.820277][T19608] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1167.820340][T19608] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1167.820378][T19608] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1167.820409][T19608] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1168.203791][T13292] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1168.222877][T13292] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1168.316077][T13292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1168.339639][T13292] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1168.480615][T25022] netlink: 'syz.3.4203': attribute type 11 has an invalid length. [ 1168.488665][T25022] netlink: 'syz.3.4203': attribute type 11 has an invalid length. [ 1168.497072][T25022] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4203'. [ 1168.509237][T25022] netlink: 67 bytes leftover after parsing attributes in process `syz.3.4203'. [ 1168.522678][T25022] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4203'. [ 1168.537953][T25022] netlink: 200 bytes leftover after parsing attributes in process `syz.3.4203'. [ 1168.784025][T25032] FAULT_INJECTION: forcing a failure. [ 1168.784025][T25032] name failslab, interval 1, probability 0, space 0, times 0 [ 1168.812485][T25032] CPU: 1 UID: 0 PID: 25032 Comm: syz.3.4243 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1168.812528][T25032] Tainted: [U]=USER [ 1168.812537][T25032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1168.812551][T25032] Call Trace: [ 1168.812560][T25032] [ 1168.812571][T25032] dump_stack_lvl+0x16c/0x1f0 [ 1168.812605][T25032] should_fail_ex+0x512/0x640 [ 1168.812633][T25032] ? fs_reclaim_acquire+0xae/0x150 [ 1168.812668][T25032] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1168.812696][T25032] should_failslab+0xc2/0x120 [ 1168.812727][T25032] __kmalloc_noprof+0xd2/0x510 [ 1168.812761][T25032] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1168.812791][T25032] ? tomoyo_profile+0x47/0x60 [ 1168.812827][T25032] tomoyo_path_number_perm+0x245/0x580 [ 1168.812852][T25032] ? tomoyo_path_number_perm+0x237/0x580 [ 1168.812882][T25032] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1168.812911][T25032] ? find_held_lock+0x2b/0x80 [ 1168.812970][T25032] ? find_held_lock+0x2b/0x80 [ 1168.812994][T25032] ? hook_file_ioctl_common+0x145/0x410 [ 1168.813027][T25032] ? __fget_files+0x20e/0x3c0 [ 1168.813060][T25032] security_file_ioctl+0x9b/0x240 [ 1168.813088][T25032] __x64_sys_ioctl+0xb7/0x210 [ 1168.813129][T25032] do_syscall_64+0xcd/0x490 [ 1168.813155][T25032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1168.813179][T25032] RIP: 0033:0x7f573958ebe9 [ 1168.813197][T25032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1168.813220][T25032] RSP: 002b:00007f573a435038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1168.813243][T25032] RAX: ffffffffffffffda RBX: 00007f57397b6090 RCX: 00007f573958ebe9 [ 1168.813258][T25032] RDX: 0000000000000000 RSI: 00000000c0105502 RDI: 0000000000000004 [ 1168.813286][T25032] RBP: 00007f573a435090 R08: 0000000000000000 R09: 0000000000000000 [ 1168.813302][T25032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1168.813317][T25032] R13: 00007f57397b6128 R14: 00007f57397b6090 R15: 00007fff64197f68 [ 1168.813352][T25032] [ 1168.813364][T25032] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1169.079475][T25030] can: request_module (can-proto-3) failed. [ 1169.501919][T25038] FAULT_INJECTION: forcing a failure. [ 1169.501919][T25038] name failslab, interval 1, probability 0, space 0, times 0 [ 1169.522168][T25038] CPU: 1 UID: 0 PID: 25038 Comm: syz.1.4244 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1169.522209][T25038] Tainted: [U]=USER [ 1169.522228][T25038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1169.522243][T25038] Call Trace: [ 1169.522253][T25038] [ 1169.522264][T25038] dump_stack_lvl+0x16c/0x1f0 [ 1169.522298][T25038] should_fail_ex+0x512/0x640 [ 1169.522330][T25038] ? __kmalloc_noprof+0xbf/0x510 [ 1169.522369][T25038] ? __netlink_kernel_create+0x17f/0x750 [ 1169.522400][T25038] should_failslab+0xc2/0x120 [ 1169.522434][T25038] __kmalloc_noprof+0xd2/0x510 [ 1169.522467][T25038] ? __netlink_create+0x208/0x2c0 [ 1169.522507][T25038] __netlink_kernel_create+0x17f/0x750 [ 1169.522539][T25038] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1169.522566][T25038] ? find_held_lock+0x2b/0x80 [ 1169.522594][T25038] ? audit_net_init+0x190/0x440 [ 1169.522629][T25038] audit_net_init+0x1ae/0x440 [ 1169.522658][T25038] ? __pfx_audit_net_init+0x10/0x10 [ 1169.522689][T25038] ? __pfx_audit_receive+0x10/0x10 [ 1169.522720][T25038] ? __pfx_audit_multicast_bind+0x10/0x10 [ 1169.522752][T25038] ? __pfx_audit_multicast_unbind+0x10/0x10 [ 1169.522786][T25038] ? __kmalloc_noprof+0x242/0x510 [ 1169.522822][T25038] ? __pfx_audit_net_init+0x10/0x10 [ 1169.522851][T25038] ops_init+0x1e2/0x5f0 [ 1169.522885][T25038] setup_net+0x10f/0x380 [ 1169.522912][T25038] ? lockdep_init_map_type+0x5c/0x280 [ 1169.522947][T25038] ? __pfx_setup_net+0x10/0x10 [ 1169.522977][T25038] ? debug_mutex_init+0x37/0x70 [ 1169.523008][T25038] copy_net_ns+0x2a6/0x5f0 [ 1169.523043][T25038] create_new_namespaces+0x3ea/0xa90 [ 1169.523082][T25038] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1169.523115][T25038] ksys_unshare+0x45b/0xa40 [ 1169.523149][T25038] ? __pfx_ksys_unshare+0x10/0x10 [ 1169.523184][T25038] ? xfd_validate_state+0x61/0x180 [ 1169.523237][T25038] __x64_sys_unshare+0x31/0x40 [ 1169.523270][T25038] do_syscall_64+0xcd/0x490 [ 1169.523303][T25038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1169.523330][T25038] RIP: 0033:0x7fbcc758ebe9 [ 1169.523352][T25038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1169.523380][T25038] RSP: 002b:00007fbcc8315038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1169.523406][T25038] RAX: ffffffffffffffda RBX: 00007fbcc77b5fa0 RCX: 00007fbcc758ebe9 [ 1169.523425][T25038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1169.523441][T25038] RBP: 00007fbcc7611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1169.523458][T25038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1169.523474][T25038] R13: 00007fbcc77b6038 R14: 00007fbcc77b5fa0 R15: 00007ffdbd9cb3f8 [ 1169.523511][T25038] [ 1169.523684][T25038] audit: cannot initialize netlink socket in namespace [ 1169.816019][T25041] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1170.512064][T25052] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1170.518413][T25052] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1172.199989][T25079] FAULT_INJECTION: forcing a failure. [ 1172.199989][T25079] name failslab, interval 1, probability 0, space 0, times 0 [ 1172.212808][T25079] CPU: 1 UID: 0 PID: 25079 Comm: syz.2.4252 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1172.212836][T25079] Tainted: [U]=USER [ 1172.212841][T25079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1172.212850][T25079] Call Trace: [ 1172.212856][T25079] [ 1172.212863][T25079] dump_stack_lvl+0x16c/0x1f0 [ 1172.212885][T25079] should_fail_ex+0x512/0x640 [ 1172.212905][T25079] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1172.212924][T25079] should_failslab+0xc2/0x120 [ 1172.212945][T25079] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1172.212960][T25079] ? ovs_dp_cmd_new+0x42e/0xe60 [ 1172.212978][T25079] ovs_dp_cmd_new+0x42e/0xe60 [ 1172.213005][T25079] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1172.213024][T25079] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1172.213046][T25079] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1172.213071][T25079] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1172.213093][T25079] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1172.213118][T25079] ? bpf_lsm_capable+0x9/0x10 [ 1172.213131][T25079] ? security_capable+0x7e/0x260 [ 1172.213153][T25079] ? ns_capable+0xd7/0x110 [ 1172.213170][T25079] genl_rcv_msg+0x55c/0x800 [ 1172.213191][T25079] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1172.213210][T25079] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1172.213230][T25079] netlink_rcv_skb+0x155/0x420 [ 1172.213246][T25079] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1172.213265][T25079] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1172.213288][T25079] ? netlink_deliver_tap+0x1ae/0xd30 [ 1172.213306][T25079] genl_rcv+0x28/0x40 [ 1172.213323][T25079] netlink_unicast+0x5aa/0x870 [ 1172.213341][T25079] ? __pfx_netlink_unicast+0x10/0x10 [ 1172.213357][T25079] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1172.213373][T25079] ? __lock_acquire+0xb97/0x1ce0 [ 1172.213396][T25079] netlink_sendmsg+0x8d1/0xdd0 [ 1172.213415][T25079] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1172.213434][T25079] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1172.213459][T25079] ____sys_sendmsg+0xa95/0xc70 [ 1172.213480][T25079] ? copy_msghdr_from_user+0x10a/0x160 [ 1172.213495][T25079] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1172.213523][T25079] ___sys_sendmsg+0x134/0x1d0 [ 1172.213540][T25079] ? __pfx____sys_sendmsg+0x10/0x10 [ 1172.213579][T25079] __sys_sendmsg+0x16d/0x220 [ 1172.213595][T25079] ? __pfx___sys_sendmsg+0x10/0x10 [ 1172.213610][T25079] ? __x64_sys_futex+0x1e0/0x4c0 [ 1172.213640][T25079] do_syscall_64+0xcd/0x490 [ 1172.213658][T25079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.213673][T25079] RIP: 0033:0x7f71f7d8ebe9 [ 1172.213686][T25079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1172.213700][T25079] RSP: 002b:00007f71f8c57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1172.213715][T25079] RAX: ffffffffffffffda RBX: 00007f71f7fb5fa0 RCX: 00007f71f7d8ebe9 [ 1172.213724][T25079] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 1172.213734][T25079] RBP: 00007f71f7e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1172.213743][T25079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1172.213753][T25079] R13: 00007f71f7fb6038 R14: 00007f71f7fb5fa0 R15: 00007ffed37d5a58 [ 1172.213773][T25079] [ 1172.907628][T22205] Bluetooth: hci3: command 0x0c1a tx timeout [ 1172.914505][T22205] Bluetooth: hci4: command 0x0406 tx timeout [ 1173.060608][T25081] HfR: entered promiscuous mode [ 1173.148798][T25083] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 1173.522418][T25085] size and base must be multiples of 4 kiB [ 1173.552618][T25085] CPU: 1 UID: 0 PID: 25085 Comm: syz.2.4253 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1173.552662][T25085] Tainted: [U]=USER [ 1173.552671][T25085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1173.552685][T25085] Call Trace: [ 1173.552695][T25085] [ 1173.552709][T25085] dump_stack_lvl+0x16c/0x1f0 [ 1173.552745][T25085] mtrr_del+0xd1/0x110 [ 1173.552783][T25085] mtrr_ioctl+0x922/0xcf0 [ 1173.552821][T25085] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1173.552865][T25085] ? find_held_lock+0x2b/0x80 [ 1173.552903][T25085] ? __fget_files+0x20e/0x3c0 [ 1173.552933][T25085] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1173.552968][T25085] proc_reg_unlocked_ioctl+0x229/0x320 [ 1173.553014][T25085] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1173.553053][T25085] __x64_sys_ioctl+0x18e/0x210 [ 1173.553097][T25085] do_syscall_64+0xcd/0x490 [ 1173.553130][T25085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1173.553156][T25085] RIP: 0033:0x7f71f7d8ebe9 [ 1173.553179][T25085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1173.553205][T25085] RSP: 002b:00007f71f8c57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1173.553231][T25085] RAX: ffffffffffffffda RBX: 00007f71f7fb5fa0 RCX: 00007f71f7d8ebe9 [ 1173.553250][T25085] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000005 [ 1173.553267][T25085] RBP: 00007f71f7e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1173.553283][T25085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1173.553299][T25085] R13: 00007f71f7fb6038 R14: 00007f71f7fb5fa0 R15: 00007ffed37d5a58 [ 1173.553336][T25085] [ 1174.175056][T25100] openvswitch: HfR: Dropping previously announced user features [ 1174.183086][T25100] FAULT_INJECTION: forcing a failure. [ 1174.183086][T25100] name failslab, interval 1, probability 0, space 0, times 0 [ 1174.195836][T25100] CPU: 0 UID: 0 PID: 25100 Comm: syz.3.4260 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1174.195864][T25100] Tainted: [U]=USER [ 1174.195870][T25100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1174.195880][T25100] Call Trace: [ 1174.195887][T25100] [ 1174.195895][T25100] dump_stack_lvl+0x16c/0x1f0 [ 1174.195918][T25100] should_fail_ex+0x512/0x640 [ 1174.195940][T25100] should_failslab+0xc2/0x120 [ 1174.195961][T25100] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1174.195980][T25100] ? skb_clone+0x190/0x3f0 [ 1174.195999][T25100] skb_clone+0x190/0x3f0 [ 1174.196016][T25100] netlink_deliver_tap+0xabd/0xd30 [ 1174.196037][T25100] netlink_unicast+0x71f/0x870 [ 1174.196057][T25100] ? __pfx_netlink_unicast+0x10/0x10 [ 1174.196075][T25100] ? genl_rcv_msg+0x4bb/0x800 [ 1174.196099][T25100] netlink_ack+0x696/0xb80 [ 1174.196121][T25100] netlink_rcv_skb+0x332/0x420 [ 1174.196138][T25100] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1174.196158][T25100] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1174.196182][T25100] ? netlink_deliver_tap+0x1ae/0xd30 [ 1174.196200][T25100] genl_rcv+0x28/0x40 [ 1174.196216][T25100] netlink_unicast+0x5aa/0x870 [ 1174.196236][T25100] ? __pfx_netlink_unicast+0x10/0x10 [ 1174.196252][T25100] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1174.196268][T25100] ? __lock_acquire+0xb97/0x1ce0 [ 1174.196292][T25100] netlink_sendmsg+0x8d1/0xdd0 [ 1174.196312][T25100] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1174.196331][T25100] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1174.196359][T25100] ____sys_sendmsg+0xa95/0xc70 [ 1174.196379][T25100] ? copy_msghdr_from_user+0x10a/0x160 [ 1174.196395][T25100] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1174.196419][T25100] ? __pfx_futex_wake_mark+0x10/0x10 [ 1174.196443][T25100] ___sys_sendmsg+0x134/0x1d0 [ 1174.196461][T25100] ? __pfx____sys_sendmsg+0x10/0x10 [ 1174.196500][T25100] __sys_sendmsg+0x16d/0x220 [ 1174.196527][T25100] ? __pfx___sys_sendmsg+0x10/0x10 [ 1174.196543][T25100] ? __x64_sys_futex+0x1e0/0x4c0 [ 1174.196574][T25100] do_syscall_64+0xcd/0x490 [ 1174.196594][T25100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.196610][T25100] RIP: 0033:0x7f573958ebe9 [ 1174.196624][T25100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1174.196639][T25100] RSP: 002b:00007f573a456038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1174.196653][T25100] RAX: ffffffffffffffda RBX: 00007f57397b5fa0 RCX: 00007f573958ebe9 [ 1174.196664][T25100] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 1174.196674][T25100] RBP: 00007f5739611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1174.196684][T25100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1174.196701][T25100] R13: 00007f57397b6038 R14: 00007f57397b5fa0 R15: 00007fff64197f68 [ 1174.196721][T25100] [ 1174.614268][T25112] netlink: 93 bytes leftover after parsing attributes in process `syz.3.4262'. [ 1175.835274][T25129] nbd: nbd7 already in use [ 1176.634872][T25139] FAULT_INJECTION: forcing a failure. [ 1176.634872][T25139] name failslab, interval 1, probability 0, space 0, times 0 [ 1176.658162][T25139] CPU: 1 UID: 0 PID: 25139 Comm: syz.3.4268 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1176.658209][T25139] Tainted: [U]=USER [ 1176.658217][T25139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1176.658231][T25139] Call Trace: [ 1176.658240][T25139] [ 1176.658250][T25139] dump_stack_lvl+0x16c/0x1f0 [ 1176.658284][T25139] should_fail_ex+0x512/0x640 [ 1176.658316][T25139] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1176.658353][T25139] should_failslab+0xc2/0x120 [ 1176.658387][T25139] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1176.658416][T25139] ? do_raw_spin_lock+0x12c/0x2b0 [ 1176.658452][T25139] ? sock_alloc_inode+0x25/0x1c0 [ 1176.658487][T25139] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1176.658517][T25139] sock_alloc_inode+0x25/0x1c0 [ 1176.658556][T25139] alloc_inode+0x61/0x240 [ 1176.658594][T25139] sock_alloc+0x40/0x280 [ 1176.658622][T25139] sock_create_lite+0x82/0x120 [ 1176.658652][T25139] __netlink_kernel_create+0xbd/0x750 [ 1176.658687][T25139] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1176.658724][T25139] ? __pfx_genl_pernet_init+0x10/0x10 [ 1176.658752][T25139] genl_pernet_init+0xbd/0x170 [ 1176.658778][T25139] ? __pfx_genl_pernet_init+0x10/0x10 [ 1176.658803][T25139] ? lockdep_init_map_type+0x5c/0x280 [ 1176.658830][T25139] ? __pfx_genl_rcv+0x10/0x10 [ 1176.658852][T25139] ? __pfx_genl_bind+0x10/0x10 [ 1176.658874][T25139] ? __pfx_genl_unbind+0x10/0x10 [ 1176.658896][T25139] ? __pfx_genl_release+0x10/0x10 [ 1176.658921][T25139] ? debug_mutex_init+0x37/0x70 [ 1176.658943][T25139] ops_init+0x1e2/0x5f0 [ 1176.658969][T25139] setup_net+0x10f/0x380 [ 1176.658990][T25139] ? lockdep_init_map_type+0x5c/0x280 [ 1176.659017][T25139] ? __pfx_setup_net+0x10/0x10 [ 1176.659041][T25139] ? debug_mutex_init+0x37/0x70 [ 1176.659064][T25139] copy_net_ns+0x2a6/0x5f0 [ 1176.659092][T25139] create_new_namespaces+0x3ea/0xa90 [ 1176.659122][T25139] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1176.659148][T25139] ksys_unshare+0x45b/0xa40 [ 1176.659175][T25139] ? __pfx_ksys_unshare+0x10/0x10 [ 1176.659207][T25139] ? fput+0x9b/0xd0 [ 1176.659237][T25139] __x64_sys_unshare+0x31/0x40 [ 1176.659263][T25139] do_syscall_64+0xcd/0x490 [ 1176.659289][T25139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1176.659310][T25139] RIP: 0033:0x7f573958ebe9 [ 1176.659328][T25139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1176.659348][T25139] RSP: 002b:00007f573a456038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1176.659368][T25139] RAX: ffffffffffffffda RBX: 00007f57397b5fa0 RCX: 00007f573958ebe9 [ 1176.659383][T25139] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1176.659396][T25139] RBP: 00007f5739611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1176.659410][T25139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1176.659423][T25139] R13: 00007f57397b6038 R14: 00007f57397b5fa0 R15: 00007fff64197f68 [ 1176.659453][T25139] [ 1177.083147][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.089885][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1179.984713][T25184] nbd: nbd7 already in use [ 1181.215186][T25197] input: jJǸ-9%vlQ J8fi as /devices/virtual/input/input37 [ 1181.610029][T25204] openvswitch: HfR: Dropping previously announced user features [ 1181.655977][T25201] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1181.672775][T25201] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1182.385832][T25224] vivid-003: ================= START STATUS ================= [ 1182.469128][T25224] vivid-003: Radio HW Seek Mode: Bounded [ 1182.485369][T25224] vivid-003: Radio Programmable HW Seek: false [ 1182.496553][T25224] vivid-003: RDS Rx I/O Mode: Block I/O [ 1182.502130][T25224] vivid-003: Generate RBDS Instead of RDS: false [ 1182.545397][T25224] vivid-003: RDS Reception: true [ 1182.555939][T25224] vivid-003: RDS Program Type: 0 inactive [ 1182.575343][T25224] vivid-003: RDS PS Name: inactive [ 1182.580635][T25224] vivid-003: RDS Radio Text: inactive [ 1182.604326][T25224] vivid-003: RDS Traffic Announcement: false inactive [ 1182.624488][T25224] vivid-003: RDS Traffic Program: false inactive [ 1182.675732][T25224] vivid-003: RDS Music: false inactive [ 1182.692540][T25224] vivid-003: ================== END STATUS ================== [ 1183.714767][T16542] Bluetooth: hci3: command 0x0c1a tx timeout [ 1183.720850][T16542] Bluetooth: hci4: command 0x0406 tx timeout [ 1187.717845][T25289] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000016: 0000 [#1] SMP KASAN PTI [ 1187.729797][T25289] KASAN: null-ptr-deref in range [0x00000000000000b0-0x00000000000000b7] [ 1187.738225][T25289] CPU: 1 UID: 0 PID: 25289 Comm: syz.0.4294 Tainted: G U 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) [ 1187.751598][T25289] Tainted: [U]=USER [ 1187.755475][T25289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1187.765521][T25289] RIP: 0010:__mutex_lock+0x14d/0x10b0 [ 1187.770899][T25289] Code: 08 84 d2 0f 85 70 0b 00 00 44 8b 05 ed 7f 53 0f 45 85 c0 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 60 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 56 0b 00 00 48 3b 5b 60 0f 85 e7 01 00 00 bf 01 [ 1187.790506][T25289] RSP: 0018:ffffc9000b8b7a70 EFLAGS: 00010202 [ 1187.796582][T25289] RAX: dffffc0000000000 RBX: 0000000000000050 RCX: 1ffffffff35c9610 [ 1187.804556][T25289] RDX: 0000000000000016 RSI: ffffffff8de23cbd RDI: 00000000000000b0 [ 1187.812532][T25289] RBP: ffffc9000b8b7bc0 R08: 0000000000000000 R09: ffffed100cf6f5b0 [ 1187.820501][T25289] R10: ffffc9000b8b7be0 R11: 0000000000000000 R12: dffffc0000000000 [ 1187.828478][T25289] R13: 0000000000000000 R14: 1ffff92001716f5a R15: ffffffff8a994037 [ 1187.836443][T25289] FS: 00007f50d08036c0(0000) GS:ffff8881247cc000(0000) knlGS:0000000000000000 [ 1187.845376][T25289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1187.851954][T25289] CR2: 0000001b2d9feff8 CR3: 0000000060e04000 CR4: 00000000003526f0 [ 1187.859946][T25289] Call Trace: [ 1187.863220][T25289] [ 1187.866153][T25289] ? rcu_is_watching+0x12/0xc0 [ 1187.870931][T25289] ? trace_kmem_cache_alloc+0x28/0xc0 [ 1187.876309][T25289] ? kmem_cache_alloc_node_noprof+0x225/0x3b0 [ 1187.882374][T25289] ? kmalloc_reserve+0x18b/0x2c0 [ 1187.887319][T25289] ? __pfx___mutex_lock+0x10/0x10 [ 1187.892348][T25289] ? __asan_memset+0x23/0x50 [ 1187.896933][T25289] ? __build_skb_around+0x278/0x3b0 [ 1187.902135][T25289] ? __alloc_skb+0x200/0x380 [ 1187.906717][T25289] ? __pfx___alloc_skb+0x10/0x10 [ 1187.911650][T25289] ? __pfx_vhci_coredump_hdr+0x10/0x10 [ 1187.917108][T25289] ? __pfx_vhci_coredump+0x10/0x10 [ 1187.922298][T25289] ? hci_devcd_register+0x47/0x170 [ 1187.927409][T25289] hci_devcd_register+0x47/0x170 [ 1187.932351][T25289] force_devcd_write+0x16c/0x340 [ 1187.937284][T25289] ? __pfx_force_devcd_write+0x10/0x10 [ 1187.942807][T25289] full_proxy_write+0x12e/0x1a0 [ 1187.947661][T25289] ? __pfx_full_proxy_write+0x10/0x10 [ 1187.953030][T25289] vfs_write+0x29d/0x1150 [ 1187.957356][T25289] ? __pfx___mutex_lock+0x10/0x10 [ 1187.962374][T25289] ? __pfx_vfs_write+0x10/0x10 [ 1187.967135][T25289] ? __fget_files+0x20e/0x3c0 [ 1187.971807][T25289] ksys_write+0x12a/0x250 [ 1187.976131][T25289] ? __pfx_ksys_write+0x10/0x10 [ 1187.980977][T25289] do_syscall_64+0xcd/0x490 [ 1187.985564][T25289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1187.991469][T25289] RIP: 0033:0x7f50cf98ebe9 [ 1187.995891][T25289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1188.015589][T25289] RSP: 002b:00007f50d0803038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1188.024000][T25289] RAX: ffffffffffffffda RBX: 00007f50cfbb6180 RCX: 00007f50cf98ebe9 [ 1188.031965][T25289] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000008 [ 1188.039922][T25289] RBP: 00007f50cfa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1188.047888][T25289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1188.055847][T25289] R13: 00007f50cfbb6218 R14: 00007f50cfbb6180 R15: 00007ffff5122028 [ 1188.063820][T25289] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1188.066864][T25289] Modules linked in: [ 1188.071486][T25289] ---[ end trace 0000000000000000 ]--- [ 1188.233004][T25289] RIP: 0010:__mutex_lock+0x14d/0x10b0 [ 1188.269342][T25289] Code: 08 84 d2 0f 85 70 0b 00 00 44 8b 05 ed 7f 53 0f 45 85 c0 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 60 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 56 0b 00 00 48 3b 5b 60 0f 85 e7 01 00 00 bf 01 [ 1188.295810][T25289] RSP: 0018:ffffc9000b8b7a70 EFLAGS: 00010202 [ 1188.302088][T25289] RAX: dffffc0000000000 RBX: 0000000000000050 RCX: 1ffffffff35c9610 [ 1188.312300][T25289] RDX: 0000000000000016 RSI: ffffffff8de23cbd RDI: 00000000000000b0 [ 1188.324503][T25289] RBP: ffffc9000b8b7bc0 R08: 0000000000000000 R09: ffffed100cf6f5b0 [ 1188.478576][T25289] R10: ffffc9000b8b7be0 R11: 0000000000000000 R12: dffffc0000000000 [ 1188.488657][T25289] R13: 0000000000000000 R14: 1ffff92001716f5a R15: ffffffff8a994037 [ 1188.496964][T25289] FS: 00007f50d08036c0(0000) GS:ffff8881247cc000(0000) knlGS:0000000000000000 [ 1188.507396][T25289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1188.765336][T25289] CR2: 00002000000fe000 CR3: 0000000060e04000 CR4: 00000000003526f0 [ 1188.778816][T25289] Kernel panic - not syncing: Fatal exception [ 1188.785256][T25289] Kernel Offset: disabled [ 1188.789573][T25289] Rebooting in 86400 seconds..