last executing test programs: 6.260742216s ago: executing program 2 (id=1532): msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x1f40) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0xfffffffffffffffb) madvise$auto(0x0, 0xffffffffffff0005, 0x19) semget$auto(0x0, 0x13c, 0x1ff) semtimedop$auto(0x0, &(0x7f0000000300)={0x7, 0xffff, 0x70}, 0x1f4, 0x0) semctl$auto_GETNCNT(0x0, 0x0, 0xe, 0xa8) socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = socket(0x2, 0x800, 0x106) setsockopt$auto(r1, 0x1, 0x9, &(0x7f0000000000)='\'-+\x00\x10\xa4#\x92`\xdb\xafL\x0f\xfbUV\xa6KH]Cv\xbf\xf2a\v', 0xeb66) bind$auto(0x3, &(0x7f0000000140)=@qipcrtr={0x2a, 0x1, 0x7fff}, 0x1000006c) get_robust_list$auto(0x0, 0x0, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0) mmap$auto(0x1, 0x2020009, 0x3ff, 0xeb1, 0xfffffffffffffffa, 0x8000) setgroups$auto(0x5, &(0x7f00000000c0)=0x2) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/tty/ttyz8/power/runtime_suspended_time\x00', 0xd0441, 0x0) write$auto(r2, 0x0, 0x800f) recvmmsg$auto(0x3, 0x0, 0x10000, 0x1102, 0x0) 5.200842979s ago: executing program 1 (id=1537): lseek$auto(0x3, 0x7ffffffffffffffd, 0x2) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) write$auto(r0, &(0x7f0000000300)='.o\xd3\xa49\xaf\xa9\xe4\xe17\x12\xb3Z\x17I\x82\xdc\xbeiw\xc1\xd1\x8d\x9b\r\x9aR\xe7\x9f\xd8\xab\x16`f\nT\xaa\xfap \xe6\xdaV\xdeD\x8dR5\xd2\xe58\n\xff\x19+\xeb\xb3+\xf6\xc6\a\x00\x00\x00\xf1A\xa5\x95\x1fk\x1f\xff\x99gP\x9e\x88\x97]\x93\xf4\xdd<\xe7p\x0e\xd4C\xdc\x84\v\xafz\xfd\x81\xa3\xb2\xbb\xa4\xd9\xf2P\xa8\xe9\x8f\x13\xa7\x98\x85\xf8\v\aB\xfc\xfa\x14E\xb8y\x884<\xa7\xffyb\x8a\b\xbb\x1b\x13W\xe3\xf7\xd8\x83\xc9\xd7\x8c', 0x6) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0) faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7) read$auto(r1, 0x0, 0x20) r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48) faccessat$auto(r2, 0x0, 0x2) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0) mmap$auto(0x2, 0x401, 0x1000, 0x8000000000000011, r0, 0x5) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC2\x00', 0x880, 0x0) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000280), 0xffffffffffffffff) r4 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) write$auto(r4, 0x0, 0x1ff) unlink$auto(&(0x7f0000000640)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00') ioctl$auto_LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xfffffffffffffffd) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) 4.912338109s ago: executing program 1 (id=1538): mmap$auto(0x0, 0x2020008, 0x7, 0xb9, 0xfffffffffffffffa, 0x9) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) setgroups$auto(0xe32, 0x0) mmap$auto(0x7, 0x400008, 0x2, 0x111, r0, 0x8004) poll$auto(0x0, 0x5, 0x108) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd6\x00', 0x3a3c02, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.640672503s ago: executing program 3 (id=1540): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) socketpair$auto(0x11e, 0x1, 0x8000000000000000, 0x0) ioctl$auto_CEC_ADAP_G_LOG_ADDRS(0xffffffffffffffff, 0x805c6103, &(0x7f00000001c0)={'\x00', 0x1, 0x0, 0x6, 0x4, 0x6, "feaf587cdf4dfbff4a2988d3e40a00", "e6cf6552", "f34cae3a", "56ca91b3", ["1ae8fc7996e08d5c6b51d880", '\x00', "0149f0a7102c3fffab592db0", "0059c09dca7de9bdbbc6be07"]}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x24000, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x181002, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0xfffffffffffffff7) read$auto(0xffffffffffffffff, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0x18, r1, 0x4) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video33\x00', 0x80382, 0x0) r2 = socket(0x11, 0x80003, 0x300) socket(0x3, 0x800, 0x80000001) socket(0x1, 0x3, 0xffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/007/001\x00', 0xa901, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, 0x0) ioctl$auto_BLKCLOSEZONE(0xffffffffffffffff, 0x40101287, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/class/devcoredump/disabled\x00', 0xe3102, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffe, 0xd, 0x3000, 0x6, 0x8, 0x7fffffff, r3, [], {0x6, 0x6, 0x8c47, 0x29f, 0x100, 0x1, 0x105, 0x20000800, 0x3}, {0x8, 0x2, 0x52, 0x5, 0x9, 0x800100, 0x76c5, 0xf4, 0x100000004}}) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x40) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f0000000340)='\xa3o\a`\f\f4\xc6\xe7\x8a\x16h\x80\xb5\xed\xe4\xec\xfe\xe50\xb9\xbb1/#\xdc\xdd\xed\xa2\x85\xa1\xd5\xf5\xfeG\xdcI\xe3c\xb8BS\x04Y\xc9N\x98\xc6I_E \xc8^T\x84Mh\xf4Y\xcc\xe4\x9al\x88\x8fX\xcb\xad\x1d*\xec\x1dG@H/N\xaa\x1b\xce\x8b\xff\xcfe\xac\xda\xb0\xbe;-y\x12\x13\x93\x1d\xb5>\x1c\x02Tv\x92\xc0\x1c\xaa\x8a8\x0e_Fv\x00\xdc\nfd\x16\xa6d\xa3z\xdf\xc7o+1\xf4Q\xf7i\xd6.\t\x10\x99\xc4\x06\xa3\xbf*\xbb\xe0H\xc9u+\x17\x93!\x1c\xc3\xcd\xc1y\xaf\xf1\xd1B\xaa[\x9d\xb6\xad\xe2\xff\x9b[{\xd1z\x18\xba\x7f\xb5\x10\xdd1\xf2\x9c\xb0=\xf09\r\xc3\x1b9\xbe\xa8\xe76[/<,\xe1\x90\xb3G}\x85E\xc6\x8ak4\xc3+\xf0\x9f\xe0F\x1b\xdb\x84\x17\xc0\x99\xf1\xb5,\x1f\x8a\xe7\x0f\xd7\xc2{>\xb9q\xc3\xa7\xaaF|\\4\x03Z\xecH\x99\xber\xab\xe6+>\x95\x86\x83\xfb\x16o\x98\xe0\xe9d\xa1z^}\xc7\x12\xe6b\xa2\xb1X\x062\x12\xec\x12.\xbb\x10\x11\xdb_Xo\xfc\xcd\x8av\x80\xf0!n\x8d\xee)\rm\xc5\xee\xd6\xde\xc7\xf8\xdf\xc1?\x82\xca\xb6X\xe3\xfc\xf8\x1a\xe7U\xd6\f\x8e\x98+\x99\x1dqtV\xb4\x05\xa4ge', 0x110000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2000000003, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x9, 0x2, 0x8]}, 0x0) 3.408399727s ago: executing program 2 (id=1541): r0 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$auto_UBI_IOCATT(r0, 0x40186f40, &(0x7f0000000080)={0xffffffff, 0x0, 0xf7d, 0x4, 0x1}) 3.253140679s ago: executing program 1 (id=1542): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x4, 0x8000040006) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nbd7\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0x9, 0x8000000008011, 0x3, 0x3) preadv2$auto(r1, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) io_uring_setup$auto(0x6, 0x0) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r3, 0x1002, 0x0, 0x0, 0x0, 0x0) ustat$auto(0x801, 0x0) waitid$auto(0x0, 0x594d0417, 0x0, 0x1000004, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0xfffffffffffffffc, 0xff, 0x4000000000df, 0x7ff, 0x401, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/nbd8/make-it-fail\x00', 0xc2680, 0x0) read$auto(r4, 0x0, 0x1) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) madvise$auto(0x1, 0xe, 0x9) openat$auto_clk_summary_fops_(0xffffffffffffff9c, &(0x7f0000000440)='/sys/kernel/debug/clk/clk_summary\x00', 0x80, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dmmidi2\x00', 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/irq/24/hwirq\x00', 0x100, 0x0) 2.816624656s ago: executing program 2 (id=1543): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x1) write$auto_proc_projid_map_operations_base(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x18, 0xc000c, 0x2fe) sendfile$auto(0x1, r0, 0x0, 0x56d) r1 = open_tree_attr$auto(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x8, @inferred=r0}, 0x0) r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_RTC_UIE_ON(r3, 0x7003, 0x0) ioctl$auto_RTC_SET_TIME(r3, 0x4024700a, &(0x7f0000000040)={0x1f, 0x7, 0x0, 0x5, 0x2, 0xda, 0xcb, 0x6c35, 0x3}) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000000), r2) unshare$auto(0x8) dup2$auto(0x0, 0x3) ioctl$auto(0xffffffffffffffff, 0xdaa, r1) rseq$auto(0x0, 0x8000, 0x0, 0x6) mincore$auto(0x1000, 0x4000203, 0x0) 2.802733142s ago: executing program 3 (id=1544): settimeofday$auto(0x0, &(0x7f0000000000)={0x0, 0x6002}) 2.71430915s ago: executing program 0 (id=1545): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x3, 0xa) socket(0x11, 0x80003, 0x300) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/wakeup/wakeup8/active_count\x00', 0x8080, 0x0) r1 = io_uring_setup$auto(0x1, 0x0) socketpair$auto(0x1, 0x0, 0xfffffffc, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/user_reserve_kbytes\x00', 0x103142, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/udp_port\x00', 0x202, 0x0) sendfile$auto(r3, r2, 0x0, 0x6) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r4, 0x5437, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000013c0)='/sys/kernel/mm/transparent_hugepage/hugepages-512kB/stats/shmem_fallback\x00', 0x101700, 0x0) r5 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000240), r0) sendmsg$auto_SMC_NETLINK_GET_LINK_SMCR(r1, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x60, r5, 0x200, 0x70bd27, 0x25dfdbfc, {}, "9799a710c0e82c7e8d405305906edd7dfff878af5a1a4dcaff6ebf547028c73fc1313d24b6ead134ff953561b5d996787be5786505b890e75224f9d05c6f7836162860b21a9300a429"}, 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x881) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x94, r6, 0xf002416fbad6ca3f, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0x6e, 0xe8, "707861eee1c7558729f16d4d33ab1cad4f7efb4bbfb20000d421a93f6c87bed6a84e4958966b6b80e6e7bbb4a55daf5a1035b5192eec1047b2b9d2759a9317581d02e6e64b49f88c95800891fa43261e907a8582c1211512c690d85464035221c8c6c39f20ea40b3f580"}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x94}, 0x1, 0x0, 0x0, 0x80}, 0x1) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ttyS2\x00', 0x9a002, 0x0) 2.600058565s ago: executing program 3 (id=1546): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x1) write$auto_proc_projid_map_operations_base(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x18, 0xc000c, 0x2fe) sendfile$auto(0x1, r0, 0x0, 0x56d) r1 = open_tree_attr$auto(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x8, @inferred=r0}, 0x0) r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_RTC_UIE_ON(r3, 0x7003, 0x0) ioctl$auto_RTC_SET_TIME(r3, 0x4024700a, &(0x7f0000000040)={0x1f, 0x7, 0x0, 0x5, 0x2, 0xda, 0xcb, 0x6c35, 0x3}) gettid() syz_genetlink_get_family_id$auto_nl80211(0x0, r2) unshare$auto(0x8) dup2$auto(0x0, 0x3) ioctl$auto(0xffffffffffffffff, 0xdaa, r1) rseq$auto(0x0, 0x8000, 0x0, 0x6) mincore$auto(0x1000, 0x4000203, 0x0) 2.361006603s ago: executing program 0 (id=1547): futex_waitv$auto(0x0, 0x2, 0x0, 0x0, 0x1000623d) setresgid$auto(0x0, 0x0, 0x0) r0 = open_tree_attr$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x7, &(0x7f0000000040)={0x100000001, 0xf, 0xc, @raw=0x8001}, 0x8) mmap$auto(0x0, 0x3, 0xdf, 0xeb1, r0, 0x8004) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/net/rose13/statistics/rx_length_errors\x00', 0xa8802, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) mmap$auto(0x0, 0xff, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x800, 0x0) read$auto(r4, 0x0, 0x7) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) r6 = socket(0x11, 0x3, 0x9) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(r0, &(0x7f0000000280)="232d7efe595046ab5c98199adf260600de16baef6176e6021e1dcedc5b00e8fd324275d68f0dddead689341a2f5e98608055d5fd4d7a21452eadb21600"/75, 0x4b) syz_genetlink_get_family_id$auto_nl80211(0x0, r6) unshare$auto(0x40000080) sendmsg$auto_ETHTOOL_MSG_PLCA_SET_CFG(r2, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5d99504a9894e95736ab488a4ac091f84c14fe881aa8f1c13222400ac7ca40119330559c2b7a59c8c1f9153aed01719229e46662d4e3662e4d6ee07356e4d9abd86c55716ce84a87b8d093fe83097f3c653c9dffba3be357f85d0fca8bc98748d8172548c3ba10bec2327735076be92d96c502564833e3511e4e49ab1a7f36e670a45a11048505f208eed2e3b68d8bcc68a2997b754b04a869d7b931ef6148c2830476bcd72aa5", @ANYRES16=r1, @ANYBLOB="01002bbd7000fddbdf25280000002000018008000400ff0300001400020076657468315f746f5f68737200000000"], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x20008800) mremap$auto(0x7fd, 0xfffffffffffffffd, 0xfffffffffffffffb, 0x8, 0x7) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xffffff00, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xb, 0x29f, 0x2, 0x83, 0x8, 0x17f, 0x2}, {0x5, 0x1, 0x51, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) io_uring_register$auto(0x2, 0xd, 0x0, 0x20) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:01.0/remove\x00', 0x2f2801, 0x0) socket(0x2b, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @rand_addr=0x40020000}, 0x55) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8004) openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) 2.191224508s ago: executing program 1 (id=1548): mmap$auto(0x40, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x78581, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x6, 0x9f, 0x9b72, r0, 0x0) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000080)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) socket(0x1d, 0x2, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x40000) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000000c0), 0xffffffffffffffff) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xe3102, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) gettid() connect$auto(0x3, 0x0, 0x55) 1.926382562s ago: executing program 0 (id=1549): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x5, 0x0) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) open(&(0x7f0000000000)='./file0\x00', 0xa09c2, 0xa4) socket(0x2, 0x801, 0x100) r2 = pipe$auto(&(0x7f0000000040)) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) sendfile$auto(0x6, 0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(r1, 0x8100451b, r1) mmap$auto(0x0, 0x7, 0xdf, 0xeb2, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) r3 = socket(0xa, 0x5, 0x84) sendto$auto(r3, 0x0, 0x401, 0x120, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb8000"}, 0x1c) close_range$auto(0x2, 0x8, 0x0) r4 = getsockopt$auto(r0, 0x84, 0x10, 0x0, &(0x7f0000000240)=0x10009b) getsockopt$auto_SO_RCVBUF(r0, 0x1, 0x8, &(0x7f0000000180)='/dev/ttyprintk\x00', &(0x7f00000001c0)=0x1800000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.3/usb16/power/runtime_suspended_time\x00', 0x101100, 0x0) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) ioctl$auto_RTC_PARAM_GET(0xffffffffffffffff, 0x40187013, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x5, &(0x7f00000000c0)="159e9ff31741ec13378d9a340b2021ec2fb778ea9a9e1852f2d6fdcd8255a3ecb9428fa52fd1b680d64f5354b3fd54dfca38b22f913fe0877ab920ab8651363a0490548d97234035d23a0026df3b3a83050632a0fd9867e46f38f73646d4e8d8aaa98a9f5bcf9c37ef29f7a261cc688633f9cbea699dc9fa51d5ff6108a7f19449b742c63edd5bf3143b10728a062a290351d271ca773d0a1eacb7a2affe22f8975c4f52") mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x20, 0x0) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r2) sendmsg$auto_NL80211_CMD_DISCONNECT(r5, &(0x7f0000000700)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000006c0)={&(0x7f00000002c0)={0x3ec, r6, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_SCAN_FREQ_KHZ={0x352, 0x124, 0x0, 0x1, [@generic="16cf85f9e78a9b034d4430c72cd239a9f700dfd11a162cc15ae1df32bcc035de8e8201f6ac05eb62333760363c9e678f3b032e62dfb303b7241f8e54a8e44d2de3f3adfb9f3268deb8cbdff39c0d047ada2c380a38c29256c8c9ec803debfc598a0cb575de58943d94c7c4a011798a9629744819fc34a0a356c28dbb3ed6e16ab1d8686a91f4fde7095e6a41c68bed129834ceb8d69fe735c5075ef95e7b4ab7736840280a5a56adeb5106", @nested={0xd4, 0xb3, 0x0, 0x1, [@typed={0x14, 0x14, 0x0, 0x0, @ipv6=@private0}, @typed={0xba, 0xec, 0x0, 0x0, @binary="d24553d264162eac5bcdbafb80899034b43a79885884848e8603068385e8ad0570a3352b555b0435de4e051b34901c10ce9c1385d18f7ad40a1561a47e08ae936dad4c11e2be46cf7a7e65b91a737cf383781fb0a26a416026a34ee34af89de6154a8d8067040b90d9b5f02516271c9e5436756fcfd01afe0803b7a13e8179945a87d9ddb7153f5963d6f589f932204eee72d77d547cb7b5bc7c6404cf993e659f031a7ed81b056750ce61e6748733220ba941e52939"}]}, @generic="3463c6512cc693041f2361224e89051db11a133ac2c1fc4bfc8cb5e1022c6669ba251c2e0b68ebce6e759d4760619628ec86c1fa7d78b591fa0f5bf795afb556f1c69e38270a62e7c22c8b7dcf3fcb461b9f7d67f08287fa842b5dccb305f43443df21a1936a71953166cd8fb090ef16878ca574d67d", @generic="a8bfdf81ad860df2c9b251e2f5dbdaa810cb93a489bdcf5813c2fb651ab8d395e856bc5a759c9cb177fac927fff599413256708e6f66e28f0a06962ee239dd0bb051b64a50bb0203b3103b13f7787c30ce", @typed={0x14, 0x4c, 0x0, 0x0, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}}, @generic="7b2fcea4943e8a5a4638be73110abafc719cff3a571c3faa406a7f314199773e574199fde9ca76666828e584bfb17cb22fff43baed39cb0ede4c5b6c5a111b5ce67b079377adbe55d509422bbf5ac1a3fd81e9bc4084f281f8e2bdb64494013a7fae147d3854591f42d377c58889ac9c605031e0ffb2f7757ff6fa44536f26000b22fd77c66ccd3f6eec6b85d70e5ba12095e6b5573badd612a58b8597d738de5f9884d5ff9fefbf03c2b3a76f1b4d612f310e75c84350b20446ea08f6304073a29e67955f7c48652f63a2523de305d150ebf08221ac8483204539d9f6761c6c53324032ec8ae76ebc5ab56debdb6cccd09fc795"]}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x9}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x78, 0xcd, "259d31c4f6c038b5c0fcc2831c1977f34f7e47fe7fea81ea86a2bd0aa8a012bc2a80a15b27d084f65ba44769b616938eb609ccbae4756f6cdf87c3402b100db6d8217102792572b541e4658c316a4b585385e8f4657412526e46fa59982643019c68955b8a5ad2c644a32acbc8234628eff9a671"}, @NL80211_ATTR_EPCS={0x4}]}, 0x3ec}, 0x1, 0x0, 0x0, 0x400c000}, 0x4010) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x5402, r5) 1.870978157s ago: executing program 2 (id=1550): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x5, 0x0) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_CQM(r2, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f00000017c0)={0x40, r1, 0x181, 0x70bd25, 0x25dfdbfb, {}, [@NL80211_ATTR_BEACON_HEAD={0x29, 0xe, "8bfa17e0acc74ae55238c615d33bc7e1444386f103d4609366980c7c4195f5f93304cab47a"}]}, 0x40}, 0x1, 0x0, 0x0, 0x4c815}, 0x40000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) semctl$auto(0x2, 0x5, 0x13, 0x9) setsockopt$auto(0x3, 0x10000000084, 0xa, 0x0, 0x20) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0xe6, 0x0, 0x2, 0xb}, 0xfff}, 0x6, 0x311) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffcd}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x4) 1.720333325s ago: executing program 2 (id=1551): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) socketpair$auto(0x11e, 0x1, 0x8000000000000000, 0x0) ioctl$auto_CEC_ADAP_G_LOG_ADDRS(0xffffffffffffffff, 0x805c6103, &(0x7f00000001c0)={'\x00', 0x1, 0x0, 0x6, 0x4, 0x6, "feaf587cdf4dfbff4a2988d3e40a00", "e6cf6552", "f34cae3a", "56ca91b3", ["1ae8fc7996e08d5c6b51d880", '\x00', "0149f0a7102c3fffab592db0", "0059c09dca7de9bdbbc6be07"]}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x24000, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x181002, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0xfffffffffffffff7) read$auto(0xffffffffffffffff, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0x18, r1, 0x4) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video33\x00', 0x80382, 0x0) r2 = socket(0x11, 0x80003, 0x300) socket(0x3, 0x800, 0x80000001) socket(0x1, 0x3, 0xffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/007/001\x00', 0xa901, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, 0x0) ioctl$auto_BLKCLOSEZONE(0xffffffffffffffff, 0x40101287, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/class/devcoredump/disabled\x00', 0xe3102, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000002100)=""/4091, 0xffe2) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffe, 0xd, 0x3000, 0x6, 0x8, 0x7fffffff, r3, [], {0x6, 0x6, 0x8c47, 0x29f, 0x100, 0x1, 0x105, 0x20000800, 0x3}, {0x8, 0x2, 0x52, 0x5, 0x9, 0x800100, 0x76c5, 0xf4, 0x100000004}}) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x40) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f0000000340)='\xa3o\a`\f\f4\xc6\xe7\x8a\x16h\x80\xb5\xed\xe4\xec\xfe\xe50\xb9\xbb1/#\xdc\xdd\xed\xa2\x85\xa1\xd5\xf5\xfeG\xdcI\xe3c\xb8BS\x04Y\xc9N\x98\xc6I_E \xc8^T\x84Mh\xf4Y\xcc\xe4\x9al\x88\x8fX\xcb\xad\x1d*\xec\x1dG@H/N\xaa\x1b\xce\x8b\xff\xcfe\xac\xda\xb0\xbe;-y\x12\x13\x93\x1d\xb5>\x1c\x02Tv\x92\xc0\x1c\xaa\x8a8\x0e_Fv\x00\xdc\nfd\x16\xa6d\xa3z\xdf\xc7o+1\xf4Q\xf7i\xd6.\t\x10\x99\xc4\x06\xa3\xbf*\xbb\xe0H\xc9u+\x17\x93!\x1c\xc3\xcd\xc1y\xaf\xf1\xd1B\xaa[\x9d\xb6\xad\xe2\xff\x9b[{\xd1z\x18\xba\x7f\xb5\x10\xdd1\xf2\x9c\xb0=\xf09\r\xc3\x1b9\xbe\xa8\xe76[/<,\xe1\x90\xb3G}\x85E\xc6\x8ak4\xc3+\xf0\x9f\xe0F\x1b\xdb\x84\x17\xc0\x99\xf1\xb5,\x1f\x8a\xe7\x0f\xd7\xc2{>\xb9q\xc3\xa7\xaaF|\\4\x03Z\xecH\x99\xber\xab\xe6+>\x95\x86\x83\xfb\x16o\x98\xe0\xe9d\xa1z^}\xc7\x12\xe6b\xa2\xb1X\x062\x12\xec\x12.\xbb\x10\x11\xdb_Xo\xfc\xcd\x8av\x80\xf0!n\x8d\xee)\rm\xc5\xee\xd6\xde\xc7\xf8\xdf\xc1?\x82\xca\xb6X\xe3\xfc\xf8\x1a\xe7U\xd6\f\x8e\x98+\x99\x1dqtV\xb4\x05\xa4ge', 0x110000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2000000003, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x9, 0x2, 0x8]}, 0x0) 1.559447139s ago: executing program 3 (id=1552): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/tty/ttyx8/power/runtime_status\x00', 0x3e52c0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x25, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) socket(0x2, 0x3, 0xa) socketpair$auto(0x8, 0x0, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x2000, 0x0) ioctl$auto(r2, 0x961064a0, 0x600000000200007) sendfile$auto(r0, r1, 0x0, 0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) r5 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000040), r3) sendmsg$auto_NET_SHAPER_CMD_SET(r3, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="04002abd7000fcdbdf25020000000c0004198a090000000000002c000180080002000900000008000100ff7f0000080002000100000008000200000000000800010002000000"], 0x4c}, 0x1, 0x0, 0x0, 0xc090}, 0x20000001) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/pcrypt/pencrypt/parallel_cpumask\x00', 0x80302, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = epoll_create$auto(0x4) r7 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video48\x00', 0x18a041, 0x0) epoll_ctl$auto(r6, 0x1, r7, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x5c, r4, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x10}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x211e789c}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) 1.339646292s ago: executing program 0 (id=1553): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) open_tree_attr$auto(0xffffffffffffff9c, 0x0, 0x9, 0x0, 0xf4) 1.266210981s ago: executing program 3 (id=1554): openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) lseek$auto(0xffffffffffffffff, 0x8001, 0x4) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x4) r0 = prctl$auto(0x6, 0xe, 0x0, 0x68, 0xee43) settimeofday$auto(0x0, &(0x7f0000000000)={0x0, 0x6002}) mmap$auto(0x2000, 0x2020009, 0x80000000, 0x1e, r0, 0x6) socketpair$auto(0x1, 0x25, 0x8000000000000000, 0x0) ioctl$auto_CEC_ADAP_G_LOG_ADDRS(0xffffffffffffffff, 0x805c6103, &(0x7f00000001c0)={"0900ed00", 0x1, 0x0, 0x6, 0x4, 0x6, "feaf587cdf4d2f534a1c88d3e40a00", "eecf0052", "f34cae3a", "10a591b3", ["1ae8fc7996e08d5c6b51d880", "00014000000000000400", "0149f0a7102c3fffab592db0", "0059c09dca7de9bdbbc6be07"]}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x24000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x1, 0x20000a, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) socket(0x1a, 0x80000, 0x0) close_range$auto(0x2, r1, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x8) listen$auto(0x3, 0x83) setsockopt$auto(0x3, 0x1, 0x31, 0x0, 0x9) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) 1.108251484s ago: executing program 1 (id=1555): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x2, 0x1) socket(0x18, 0xc000c, 0x2fe) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) getsockopt$auto(r0, 0x30, 0x63, &(0x7f0000000000)='/dev/rtc0\x00', &(0x7f0000000080)=0x4) ioctl$auto_RTC_UIE_ON(r1, 0x7003, 0x0) ioctl$auto_RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000100)={0x1f, 0x49, 0x3, 0x5, 0x6, 0xda, 0xcb, 0x406c35, 0x3}) 390.560135ms ago: executing program 0 (id=1556): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xa200, 0x0) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x105182, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x519c41, 0x0) ioctl$auto(r2, 0x4b6a, 0x7) syz_clone(0x2000011, 0x0, 0xfdd1, 0x0, 0x0, 0x0) openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, 0x0, 0x228c80, 0x0) ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r3 = socket(0x1e, 0x1, 0x0) ioctl$auto_SNDCTL_DSP_STEREO(0xffffffffffffffff, 0xc0045003, &(0x7f0000000140)="a830d84b0ce8a8d42e81b7e40182d65f0f75691d4527e1592864a4cdd996add5d7bcaa3e3561c92ce8160dd4158779f855cc24fcf2e3723f70cf18b5fd9ee5a0571471a7ce6b190de75c1c3e584561d8d23f44c61f902a7054ce0137fbd869db27f5fe0e9cdc0a9d0b85662e52e5c1472febb8b8124e280d38352517ef8b309922a0e6f32684469c4f4a23695a4503805d8cf0bb9a9bf03ed5cb1137fefa54e867fb876d49e7cb58c9b981d5b78e730599dcaeb404eca1df825a2c7e595e9663ec678e08970e4faec8f3f556f29f9d9cd00bf37e") r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x20c000, 0x0) close_range$auto(0x2, 0x8000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x8, 0x1, 0x8000000000000000, 0x0) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video47\x00', 0x80382, 0x0) ioctl$auto(r5, 0xc0045627, r3) openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, 0x0, 0x55d881, 0x0) ppoll$auto(0x0, 0xf6, 0x0, 0x0, 0x8) fcntl$auto_F_GETPIPE_SZ(r4, 0x408, 0x47) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x2000, 0x0) mmap$auto(0x200, 0x8, 0x5, 0x1fb, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6002000, 0x3) ioctl$auto(0xffffffffffffffff, 0x7, r1) madvise$auto(0x110c230000, 0x1, 0x9) close_range$auto(0x0, r0, 0x2) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x40}, 0x6a) 322.151719ms ago: executing program 2 (id=1557): mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = io_uring_setup$auto(0x86, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vbi20\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x2, 0x9) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x6, 0x2, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0xff, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x76c5, 0x400008, 0x100000005}}) io_uring_enter$auto(r2, 0x9, 0x820e, 0x9, 0x0, 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000100)={"fda256c4", 0xffff, 0x6, 0x4, 0x9b4, 0x9, "0800aafc241cd010c7543bfbca2ce1", "00ff00", "01000002", "2ff43123", ['\x00', "f8ffffffffffffff00000001", "0004154db00b0004000400", "5fe10eedab2c4b353c392a92"]}) process_madvise$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, &(0x7f0000001080)={0x0, 0x9}, 0x2, 0x1000, 0x0) bpf$auto_BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)=@bpf_attr_3={0x2, 0x6, 0x2f96, 0x10001, 0xffff1f07, 0x6, 0x8, 0x9, 0x4, "5c632cffeb9d2f2480f7c341d506f3ee", 0x0, 0x1000, r0, 0xd990, 0x7ff, 0x6, 0x4, 0x0, 0x1, 0x1bf, @attach_btf_obj_fd=r3, 0x9, 0x5, 0x3, 0x7, 0xfffffffd, r1, r3}, 0xffffbec2) io_uring_setup$auto(0xffd, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) 291.517629ms ago: executing program 3 (id=1558): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFC_CMD_LLC_SET_PARAMS(r2, 0x0, 0x4000000) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x8000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x90600, 0x0) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x301802, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) ioctl$auto_TIOCVHANGUP2(r4, 0x5437, 0x0) ioctl$auto_TCFLSH2(r4, 0x8924, 0x0) mkdir$auto(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x8cd) 46.142118ms ago: executing program 0 (id=1559): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x1) write$auto_proc_projid_map_operations_base(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x18, 0xc000c, 0x2fe) sendfile$auto(0x1, r0, 0x0, 0x56d) r1 = open_tree_attr$auto(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x8, @inferred=r0}, 0x0) r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_RTC_UIE_ON(r3, 0x7003, 0x0) ioctl$auto_RTC_SET_TIME(r3, 0x4024700a, &(0x7f0000000040)={0x1f, 0x7, 0x0, 0x5, 0x2, 0xda, 0xcb, 0x6c35, 0x3}) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000000), r2) unshare$auto(0x8) dup2$auto(0x0, 0x3) ioctl$auto(0xffffffffffffffff, 0xdaa, r1) rseq$auto(0x0, 0x8000, 0x0, 0x6) mincore$auto(0x1000, 0x4000203, 0x0) 0s ago: executing program 1 (id=1560): mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = io_uring_setup$auto(0x86, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vbi20\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x2, 0x9) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x6, 0x2, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0xff, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x76c5, 0x400008, 0x100000005}}) io_uring_enter$auto(r2, 0x9, 0x820e, 0x9, 0x0, 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000100)={"fda256c4", 0xffff, 0x6, 0x4, 0x9b4, 0x9, "0800aafc241cd010c7543bfbca2ce1", "00ff00", "01000002", "2ff43123", ['\x00', "f8ffffffffffffff00000001", "0004154db00b0004000400", "5fe10eedab2c4b353c392a92"]}) process_madvise$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, &(0x7f0000001080)={0x0, 0x9}, 0x2, 0x1000, 0x0) bpf$auto_BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)=@bpf_attr_3={0x2, 0x6, 0x2f96, 0x10001, 0xffff1f07, 0x6, 0x8, 0x9, 0x4, "5c632cffeb9d2f2480f7c341d506f3ee", r4, 0x1000, r0, 0xd990, 0x7ff, 0x6, 0x4, 0x0, 0x1, 0x1bf, @attach_btf_obj_fd=r3, 0x9, 0x5, 0x3, 0x7, 0xfffffffd, r1, r3}, 0xffffbec2) io_uring_setup$auto(0xffd, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) kernel console output (not intermixed with test programs): _update cause=failed comm="syz.0.873" res=0 errno=0 [ 563.667356][T10380] FAULT_INJECTION: forcing a failure. [ 563.667356][T10380] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 563.708247][T10380] CPU: 1 UID: 0 PID: 10380 Comm: syz.3.877 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 563.708281][T10380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 563.708295][T10380] Call Trace: [ 563.708303][T10380] [ 563.708313][T10380] dump_stack_lvl+0x16c/0x1f0 [ 563.708349][T10380] should_fail_ex+0x512/0x640 [ 563.708386][T10380] _copy_from_iter+0x29f/0x16f0 [ 563.708423][T10380] ? __pfx__copy_from_iter+0x10/0x10 [ 563.708476][T10380] skb_copy_datagram_from_iter+0x124/0x740 [ 563.708508][T10380] ? find_held_lock+0x2b/0x80 [ 563.708536][T10380] tun_get_user+0x17ac/0x3b80 [ 563.708570][T10380] ? __pfx_tun_get_user+0x10/0x10 [ 563.708590][T10380] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 563.708632][T10380] ? find_held_lock+0x2b/0x80 [ 563.708657][T10380] ? tun_get+0x191/0x370 [ 563.708698][T10380] tun_chr_write_iter+0xdc/0x210 [ 563.708722][T10380] vfs_write+0x6c7/0x1150 [ 563.708756][T10380] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 563.708783][T10380] ? __pfx_vfs_write+0x10/0x10 [ 563.708813][T10380] ? find_held_lock+0x2b/0x80 [ 563.708859][T10380] __x64_sys_pwrite64+0x1eb/0x250 [ 563.708894][T10380] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 563.708926][T10380] ? syscall_user_dispatch+0x78/0x140 [ 563.708959][T10380] do_syscall_64+0xcd/0x490 [ 563.708995][T10380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.709020][T10380] RIP: 0033:0x7f79b898e929 [ 563.709040][T10380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 563.709060][T10380] RSP: 002b:00007f79b9890038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 563.709080][T10380] RAX: ffffffffffffffda RBX: 00007f79b8bb6080 RCX: 00007f79b898e929 [ 563.709094][T10380] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 00000000000000c8 [ 563.709107][T10380] RBP: 00007f79b9890090 R08: 0000000000000000 R09: 0000000000000000 [ 563.709121][T10380] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 563.709133][T10380] R13: 0000000000000000 R14: 00007f79b8bb6080 R15: 00007ffc99d371a8 [ 563.709162][T10380] [ 564.357020][T10388] bridge0: port 3(bond0) entered blocking state [ 564.357086][T10388] bridge0: port 3(bond0) entered disabled state [ 564.357211][T10388] bond0: entered allmulticast mode [ 564.357224][T10388] bond_slave_0: entered allmulticast mode [ 564.357236][T10388] bond_slave_1: entered allmulticast mode [ 564.358599][T10388] bond0: entered promiscuous mode [ 564.358620][T10388] bond_slave_0: entered promiscuous mode [ 564.358729][T10388] bond_slave_1: entered promiscuous mode [ 564.359310][T10388] bridge0: port 3(bond0) entered blocking state [ 564.359387][T10388] bridge0: port 3(bond0) entered forwarding state [ 568.015801][T10465] netlink: zone id is out of range [ 568.041014][T10465] netlink: zone id is out of range [ 568.113037][T10465] netlink: set zone limit has 8 unknown bytes [ 569.956856][T10508] netlink: 28 bytes leftover after parsing attributes in process `syz.3.905'. [ 570.474622][T10524] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 570.502322][T10524] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 570.542560][T10524] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 570.550331][T10524] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 570.865684][T10527] random: crng reseeded on system resumption [ 571.061723][T10541] FAULT_INJECTION: forcing a failure. [ 571.061723][T10541] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 571.127012][T10541] CPU: 0 UID: 0 PID: 10541 Comm: syz.2.913 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 571.127048][T10541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 571.127061][T10541] Call Trace: [ 571.127068][T10541] [ 571.127077][T10541] dump_stack_lvl+0x16c/0x1f0 [ 571.127117][T10541] should_fail_ex+0x512/0x640 [ 571.127158][T10541] should_fail_alloc_page+0xe7/0x130 [ 571.127185][T10541] prepare_alloc_pages+0x3c2/0x610 [ 571.127220][T10541] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 571.127269][T10541] ? __lock_acquire+0x622/0x1c90 [ 571.127302][T10541] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 571.127337][T10541] ? xa_load+0x153/0x2c0 [ 571.127370][T10541] ? filemap_get_entry+0x1a7/0x3b0 [ 571.127395][T10541] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 571.127432][T10541] ? policy_nodemask+0xea/0x4e0 [ 571.127457][T10541] alloc_pages_mpol+0x1fb/0x550 [ 571.127483][T10541] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 571.127505][T10541] ? _raw_spin_unlock+0x28/0x50 [ 571.127534][T10541] ? swap_entry_swapped+0x122/0x190 [ 571.127571][T10541] ? __pfx_swap_entry_swapped+0x10/0x10 [ 571.127609][T10541] folio_alloc_mpol_noprof+0x36/0x2f0 [ 571.127638][T10541] __read_swap_cache_async+0x3b6/0x5a0 [ 571.127674][T10541] ? __pfx___read_swap_cache_async+0x10/0x10 [ 571.127706][T10541] ? swp_swap_info+0xa0/0x130 [ 571.127734][T10541] ? __pfx_swp_swap_info+0x10/0x10 [ 571.127755][T10541] ? __lock_acquire+0x622/0x1c90 [ 571.127793][T10541] swap_cluster_readahead+0x3eb/0x710 [ 571.127834][T10541] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 571.127889][T10541] ? get_vma_policy+0x242/0x3c0 [ 571.127917][T10541] swapin_readahead+0x13a/0xd60 [ 571.127961][T10541] ? __pfx_swapin_readahead+0x10/0x10 [ 571.127990][T10541] ? __filemap_get_folio+0x32b/0xc30 [ 571.128022][T10541] ? swap_cache_get_folio+0x1df/0x450 [ 571.128056][T10541] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 571.128086][T10541] ? __pfx_get_swap_device+0x10/0x10 [ 571.128123][T10541] ? do_swap_page+0x125/0x65c0 [ 571.128155][T10541] do_swap_page+0x635/0x65c0 [ 571.128185][T10541] ? __lock_acquire+0x622/0x1c90 [ 571.128221][T10541] ? __pfx___page_table_check_zero+0x10/0x10 [ 571.128263][T10541] ? __pfx_do_swap_page+0x10/0x10 [ 571.128293][T10541] ? __pfx_default_wake_function+0x10/0x10 [ 571.128328][T10541] ? rcu_is_watching+0x12/0xc0 [ 571.128353][T10541] ? ___pte_offset_map+0x1d5/0x570 [ 571.128385][T10541] __handle_mm_fault+0x162f/0x5490 [ 571.128424][T10541] ? __pfx___handle_mm_fault+0x10/0x10 [ 571.128451][T10541] ? __pfx_mt_find+0x10/0x10 [ 571.128493][T10541] ? find_vma+0xbf/0x140 [ 571.128513][T10541] ? __pfx_find_vma+0x10/0x10 [ 571.128535][T10541] handle_mm_fault+0x589/0xd10 [ 571.128561][T10541] ? __pkru_allows_pkey+0x51/0xb0 [ 571.128588][T10541] do_user_addr_fault+0x7a6/0x1370 [ 571.128617][T10541] ? rcu_is_watching+0x12/0xc0 [ 571.128639][T10541] exc_page_fault+0x5c/0xb0 [ 571.128666][T10541] asm_exc_page_fault+0x26/0x30 [ 571.128684][T10541] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 571.128707][T10541] Code: 11 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 571.128731][T10541] RSP: 0018:ffffc9000f91f930 EFLAGS: 00050202 [ 571.128747][T10541] RAX: 0000000000000001 RBX: 0000000000000e80 RCX: 0000000000000e80 [ 571.128758][T10541] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888079100040 [ 571.128774][T10541] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100f2201d7 [ 571.128786][T10541] R10: ffff888079100ebf R11: 0000000000000000 R12: ffffc9000f91fd98 [ 571.128798][T10541] R13: 0000000000000e80 R14: ffff888079100040 R15: 00007ffffffff000 [ 571.128824][T10541] _copy_from_iter+0x383/0x16f0 [ 571.128860][T10541] ? __pfx__copy_from_iter+0x10/0x10 [ 571.128900][T10541] skb_copy_datagram_from_iter+0x124/0x740 [ 571.128929][T10541] ? find_held_lock+0x2b/0x80 [ 571.128953][T10541] tun_get_user+0x17ac/0x3b80 [ 571.128985][T10541] ? __pfx_tun_get_user+0x10/0x10 [ 571.129002][T10541] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 571.129039][T10541] ? find_held_lock+0x2b/0x80 [ 571.129058][T10541] ? tun_get+0x191/0x370 [ 571.129091][T10541] tun_chr_write_iter+0xdc/0x210 [ 571.129112][T10541] vfs_write+0x6c7/0x1150 [ 571.129139][T10541] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 571.129160][T10541] ? __pfx_vfs_write+0x10/0x10 [ 571.129184][T10541] ? find_held_lock+0x2b/0x80 [ 571.129220][T10541] __x64_sys_pwrite64+0x1eb/0x250 [ 571.129249][T10541] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 571.129284][T10541] do_syscall_64+0xcd/0x490 [ 571.129312][T10541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.129331][T10541] RIP: 0033:0x7f0350f8e929 [ 571.129346][T10541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 571.129363][T10541] RSP: 002b:00007f0351dcc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 571.129380][T10541] RAX: ffffffffffffffda RBX: 00007f03511b5fa0 RCX: 00007f0350f8e929 [ 571.129392][T10541] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 00000000000000c8 [ 571.129403][T10541] RBP: 00007f0351dcc090 R08: 0000000000000000 R09: 0000000000000000 [ 571.129414][T10541] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 571.129425][T10541] R13: 0000000000000000 R14: 00007f03511b5fa0 R15: 00007fff81271748 [ 571.129451][T10541] [ 572.478329][ T5892] Bluetooth: hci0: command 0x0c1a tx timeout [ 572.550539][ T5892] Bluetooth: hci2: command 0x0c1a tx timeout [ 572.557058][ T5902] Bluetooth: hci1: command 0x0c1a tx timeout [ 572.639196][ T5892] Bluetooth: hci3: command 0x0c1a tx timeout [ 572.848963][T10560] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 572.987639][T10560] CIFS mount error: No usable UNC path provided in device string! [ 572.987639][T10560] [ 573.008996][T10560] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 574.143762][T10576] netlink: 330 bytes leftover after parsing attributes in process `syz.1.920'. [ 574.203411][T10576] : renamed from gre0 (while UP) [ 574.256302][T10576] netlink: 330 bytes leftover after parsing attributes in process `syz.1.920'. [ 575.191503][T10604] netlink: 4 bytes leftover after parsing attributes in process `syz.1.924'. [ 575.280752][T10606] FAULT_INJECTION: forcing a failure. [ 575.280752][T10606] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 575.327612][T10606] CPU: 0 UID: 0 PID: 10606 Comm: syz.3.925 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 575.327635][T10606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 575.327644][T10606] Call Trace: [ 575.327649][T10606] [ 575.327655][T10606] dump_stack_lvl+0x16c/0x1f0 [ 575.327680][T10606] should_fail_ex+0x512/0x640 [ 575.327703][T10606] _copy_from_iter+0x29f/0x16f0 [ 575.327725][T10606] ? _copy_from_iter+0x15d/0x16f0 [ 575.327745][T10606] ? __pfx__copy_from_iter+0x10/0x10 [ 575.327768][T10606] ? __pfx__copy_from_iter+0x10/0x10 [ 575.327792][T10606] copy_page_from_iter+0xde/0x180 [ 575.327815][T10606] skb_copy_datagram_from_iter+0x2a0/0x740 [ 575.327840][T10606] tun_get_user+0x17ac/0x3b80 [ 575.327862][T10606] ? __pfx_tun_get_user+0x10/0x10 [ 575.327875][T10606] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 575.327900][T10606] ? find_held_lock+0x2b/0x80 [ 575.327916][T10606] ? tun_get+0x191/0x370 [ 575.327940][T10606] tun_chr_write_iter+0xdc/0x210 [ 575.327955][T10606] vfs_write+0x6c7/0x1150 [ 575.327975][T10606] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 575.327990][T10606] ? __pfx_vfs_write+0x10/0x10 [ 575.328006][T10606] ? find_held_lock+0x2b/0x80 [ 575.328031][T10606] __x64_sys_pwrite64+0x1eb/0x250 [ 575.328052][T10606] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 575.328070][T10606] ? syscall_user_dispatch+0x78/0x140 [ 575.328088][T10606] do_syscall_64+0xcd/0x490 [ 575.328110][T10606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.328129][T10606] RIP: 0033:0x7f79b898e929 [ 575.328142][T10606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.328156][T10606] RSP: 002b:00007f79b9890038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 575.328170][T10606] RAX: ffffffffffffffda RBX: 00007f79b8bb6080 RCX: 00007f79b898e929 [ 575.328179][T10606] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 00000000000000c8 [ 575.328187][T10606] RBP: 00007f79b9890090 R08: 0000000000000000 R09: 0000000000000000 [ 575.328195][T10606] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 575.328204][T10606] R13: 0000000000000000 R14: 00007f79b8bb6080 R15: 00007ffc99d371a8 [ 575.328221][T10606] [ 577.892136][T10658] FAULT_INJECTION: forcing a failure. [ 577.892136][T10658] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 577.958190][T10658] CPU: 1 UID: 0 PID: 10658 Comm: syz.0.936 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 577.958226][T10658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 577.958240][T10658] Call Trace: [ 577.958249][T10658] [ 577.958270][T10658] dump_stack_lvl+0x16c/0x1f0 [ 577.958310][T10658] should_fail_ex+0x512/0x640 [ 577.958350][T10658] _copy_from_iter+0x29f/0x16f0 [ 577.958392][T10658] ? _copy_from_iter+0x15d/0x16f0 [ 577.958428][T10658] ? __pfx__copy_from_iter+0x10/0x10 [ 577.958469][T10658] ? __pfx__copy_from_iter+0x10/0x10 [ 577.958514][T10658] copy_page_from_iter+0xde/0x180 [ 577.958555][T10658] skb_copy_datagram_from_iter+0x2a0/0x740 [ 577.958601][T10658] tun_get_user+0x17ac/0x3b80 [ 577.958641][T10658] ? __pfx_tun_get_user+0x10/0x10 [ 577.958663][T10658] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 577.958712][T10658] ? find_held_lock+0x2b/0x80 [ 577.958739][T10658] ? tun_get+0x191/0x370 [ 577.958783][T10658] tun_chr_write_iter+0xdc/0x210 [ 577.958810][T10658] vfs_write+0x6c7/0x1150 [ 577.958846][T10658] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 577.958874][T10658] ? __pfx_vfs_write+0x10/0x10 [ 577.958904][T10658] ? find_held_lock+0x2b/0x80 [ 577.958953][T10658] __x64_sys_pwrite64+0x1eb/0x250 [ 577.958989][T10658] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 577.959022][T10658] ? syscall_user_dispatch+0x78/0x140 [ 577.959056][T10658] do_syscall_64+0xcd/0x490 [ 577.959093][T10658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.959118][T10658] RIP: 0033:0x7efed3f8e929 [ 577.959137][T10658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 577.959160][T10658] RSP: 002b:00007efed4d5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 577.959188][T10658] RAX: ffffffffffffffda RBX: 00007efed41b6080 RCX: 00007efed3f8e929 [ 577.959205][T10658] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 00000000000000c8 [ 577.959220][T10658] RBP: 00007efed4d5d090 R08: 0000000000000000 R09: 0000000000000000 [ 577.959235][T10658] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 577.959249][T10658] R13: 0000000000000000 R14: 00007efed41b6080 R15: 00007ffc184c2558 [ 577.959291][T10658] [ 578.645142][T10667] sp0: Synchronizing with TNC [ 581.371640][ T5892] Bluetooth: hci1: unexpected event 0x04 length: 62 > 10 [ 581.371926][ T5892] Bluetooth: hci1: connection err: -111 [ 581.689340][T10723] sp0: Synchronizing with TNC [ 582.992075][T10744] FAULT_INJECTION: forcing a failure. [ 582.992075][T10744] name fail_futex, interval 1, probability 0, space 0, times 0 [ 583.053099][T10744] CPU: 0 UID: 0 PID: 10744 Comm: syz.2.954 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 583.053120][T10744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 583.053129][T10744] Call Trace: [ 583.053134][T10744] [ 583.053139][T10744] dump_stack_lvl+0x16c/0x1f0 [ 583.053164][T10744] should_fail_ex+0x512/0x640 [ 583.053186][T10744] get_futex_key+0x1d0/0x1540 [ 583.053205][T10744] ? __pfx_get_futex_key+0x10/0x10 [ 583.053224][T10744] ? stack_trace_save+0x8e/0xc0 [ 583.053242][T10744] futex_wait_setup+0x84/0x510 [ 583.053266][T10744] __futex_wait+0x194/0x2f0 [ 583.053286][T10744] ? __pfx___futex_wait+0x10/0x10 [ 583.053308][T10744] ? __pfx_futex_wake_mark+0x10/0x10 [ 583.053334][T10744] ? __futex_hash.constprop.0+0x1e9/0x440 [ 583.053351][T10744] futex_wait+0xe8/0x380 [ 583.053370][T10744] ? __pfx_futex_wait+0x10/0x10 [ 583.053399][T10744] do_futex+0x229/0x350 [ 583.053415][T10744] ? __pfx_do_futex+0x10/0x10 [ 583.053437][T10744] ? find_held_lock+0x2b/0x80 [ 583.053455][T10744] __x64_sys_futex+0x1e0/0x4c0 [ 583.053473][T10744] ? __do_sys_close_range+0x278/0x730 [ 583.053493][T10744] ? __pfx___x64_sys_futex+0x10/0x10 [ 583.053510][T10744] ? __pfx___do_sys_close_range+0x10/0x10 [ 583.053535][T10744] do_syscall_64+0xcd/0x490 [ 583.053556][T10744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.053571][T10744] RIP: 0033:0x7f0350f8e929 [ 583.053582][T10744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.053596][T10744] RSP: 002b:00007f0351dcc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 583.053609][T10744] RAX: ffffffffffffffda RBX: 00007f03511b5fa8 RCX: 00007f0350f8e929 [ 583.053618][T10744] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f03511b5fa8 [ 583.053627][T10744] RBP: 00007f03511b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 583.053635][T10744] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f03511b5fac [ 583.053643][T10744] R13: 0000000000000000 R14: 00007fff81271660 R15: 00007fff81271748 [ 583.053661][T10744] [ 585.228126][T10779] sp0: Synchronizing with TNC [ 585.692246][T10791] blk-mq: reduced tag depth (128 -> 64) [ 585.763148][T10791] ubi0: attaching mtd0 [ 585.768160][T10791] ubi0 error: validate_ec_hdr: bad VID header offset 64, expected 3965 [ 585.816728][T10791] ubi0 error: validate_ec_hdr: bad EC header [ 585.863941][T10791] Erase counter header dump: [ 585.920191][T10791] magic 0x55424923 [ 585.926390][T10791] version 1 [ 585.939501][T10791] ec 1 [ 585.992316][T10791] vid_hdr_offset 64 [ 586.021174][T10791] data_offset 128 [ 586.041757][T10791] image_seq -886890884 [ 586.071868][T10791] hdr_crc 0x569edbef [ 586.099432][T10791] erase counter header hexdump: [ 586.142882][T10791] CPU: 0 UID: 0 PID: 10791 Comm: syz.2.963 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 586.142914][T10791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 586.142929][T10791] Call Trace: [ 586.142939][T10791] [ 586.142950][T10791] dump_stack_lvl+0x16c/0x1f0 [ 586.142993][T10791] validate_ec_hdr+0x28c/0x330 [ 586.143032][T10791] ubi_io_read_ec_hdr+0x63b/0x6c0 [ 586.143073][T10791] ubi_attach+0x5e7/0x4bd0 [ 586.143114][T10791] ? __pfx_ubi_msg+0x10/0x10 [ 586.143142][T10791] ? __pfx_ubi_attach+0x10/0x10 [ 586.143177][T10791] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 586.143204][T10791] ? __vmalloc_node_noprof+0xad/0xf0 [ 586.143235][T10791] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 586.143255][T10791] ubi_attach_mtd_dev+0x15a7/0x35d0 [ 586.143280][T10791] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 586.143294][T10791] ? __pfx_get_mtd_device+0x10/0x10 [ 586.143319][T10791] ctrl_cdev_ioctl+0x337/0x3d0 [ 586.143334][T10791] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 586.143354][T10791] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 586.143370][T10791] __x64_sys_ioctl+0x18b/0x210 [ 586.143389][T10791] do_syscall_64+0xcd/0x490 [ 586.143411][T10791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.143425][T10791] RIP: 0033:0x7f0350f8e929 [ 586.143437][T10791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 586.143450][T10791] RSP: 002b:00007f0351dcc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 586.143464][T10791] RAX: ffffffffffffffda RBX: 00007f03511b5fa0 RCX: 00007f0350f8e929 [ 586.143473][T10791] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 000000000000000b [ 586.143482][T10791] RBP: 00007f0351010b39 R08: 0000000000000000 R09: 0000000000000000 [ 586.143490][T10791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 586.143498][T10791] R13: 0000000000000000 R14: 00007f03511b5fa0 R15: 00007fff81271748 [ 586.143517][T10791] [ 586.144708][T10791] ubi0 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 586.442878][T10791] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 syzkaller syzkaller login: [ 590.610693][T10873] netlink: 28 bytes leftover after parsing attributes in process `syz.3.981'. [ 590.671885][T10873] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 591.152832][ T30] audit: type=1800 audit(4294969539.713:7): pid=10895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.985" name="dynamic_events" dev="tracefs" ino=30 res=0 errno=0 [ 592.105510][T10910] random: crng reseeded on system resumption [ 592.496496][T10913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.989'. [ 593.666629][T10927] random: crng reseeded on system resumption [ 594.181948][T10933] syz.3.993 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 594.220293][T10936] vhci_hcd: invalid port number 16 [ 594.252357][T10936] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 594.634844][T10934] sg_write: data in/out 1685414155/2147479510 bytes for SCSI command 0x0-- guessing data in; [ 594.634844][T10934] program syz.3.993 not setting count and/or reply_len properly [ 594.674291][T10940] program syz.3.993 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 594.693705][T10940] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 595.388854][T10943] FAULT_INJECTION: forcing a failure. [ 595.388854][T10943] name failslab, interval 1, probability 0, space 0, times 0 [ 595.480362][T10943] CPU: 0 UID: 0 PID: 10943 Comm: syz.3.994 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 595.480395][T10943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 595.480410][T10943] Call Trace: [ 595.480418][T10943] [ 595.480427][T10943] dump_stack_lvl+0x16c/0x1f0 [ 595.480468][T10943] should_fail_ex+0x512/0x640 [ 595.480500][T10943] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 595.480539][T10943] should_failslab+0xc2/0x120 [ 595.480562][T10943] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 595.480598][T10943] ? __proc_create+0xc3/0x8c0 [ 595.480633][T10943] ? __proc_create+0x2ce/0x8c0 [ 595.480674][T10943] __proc_create+0x2ce/0x8c0 [ 595.480713][T10943] ? __pfx___proc_create+0x10/0x10 [ 595.480767][T10943] proc_mkdir+0x81/0x170 [ 595.480791][T10943] ? __pfx_proc_mkdir+0x10/0x10 [ 595.480815][T10943] ? cache_register_net+0x137/0x5e0 [ 595.480848][T10943] cache_register_net+0x18f/0x5e0 [ 595.480877][T10943] nfsd_idmap_init+0xb6/0x250 [ 595.480911][T10943] ? __pfx_nfsd_net_init+0x10/0x10 [ 595.480938][T10943] nfsd_net_init+0x69/0x3d0 [ 595.480967][T10943] ? __pfx_nfsd_net_init+0x10/0x10 [ 595.480994][T10943] ops_init+0x1df/0x5f0 [ 595.481036][T10943] setup_net+0x1ff/0x510 [ 595.481072][T10943] ? lockdep_init_map_type+0x5c/0x280 [ 595.481110][T10943] ? __pfx_setup_net+0x10/0x10 [ 595.481153][T10943] ? debug_mutex_init+0x37/0x70 [ 595.481195][T10943] copy_net_ns+0x2a6/0x5f0 [ 595.481226][T10943] create_new_namespaces+0x3ea/0xa90 [ 595.481267][T10943] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 595.481301][T10943] ksys_unshare+0x45b/0xa40 [ 595.481336][T10943] ? __pfx_ksys_unshare+0x10/0x10 [ 595.481375][T10943] ? xfd_validate_state+0x61/0x180 [ 595.481422][T10943] __x64_sys_unshare+0x31/0x40 [ 595.481454][T10943] do_syscall_64+0xcd/0x490 [ 595.481495][T10943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.481520][T10943] RIP: 0033:0x7f79b898e929 [ 595.481542][T10943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 595.481569][T10943] RSP: 002b:00007f79b98b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 595.481593][T10943] RAX: ffffffffffffffda RBX: 00007f79b8bb5fa0 RCX: 00007f79b898e929 [ 595.481612][T10943] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 595.481628][T10943] RBP: 00007f79b8a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 595.481644][T10943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 595.481661][T10943] R13: 0000000000000000 R14: 00007f79b8bb5fa0 R15: 00007ffc99d371a8 [ 595.481697][T10943] [ 597.539598][T10980] vhci_hcd: invalid port number 16 [ 597.545042][T10980] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 598.908361][T11015] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1005'.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                [ 645.742651][T12071] lowmem_reserve[]: 0 0 0 0 0 [ 645.747395][T12071] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB syzkaller[ 645.853984][T12071] Node 0 DMA32: 996*4kB (M) 268*8kB (M) 231*16kB (UME) 1062*32kB (UME) 629*64kB (UME) 246*128kB (UME) 152*256kB (UME) 74*512kB (UME) 36*1024kB (UME) 16*2048kB (UME) 254*4096kB (UM) = 1302368kB syzkaller login: [ 645.989741][T12089] FAULT_INJECTION: forcing a failure. [ 645.989741][T12089] name failslab, interval 1, probability 0, space 0, times 0 [ 646.023154][T12089] CPU: 1 UID: 0 PID: 12089 Comm: syz.3.1232 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 646.023182][T12089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 646.023192][T12089] Call Trace: [ 646.023197][T12089] [ 646.023203][T12089] dump_stack_lvl+0x16c/0x1f0 [ 646.023230][T12089] should_fail_ex+0x512/0x640 [ 646.023251][T12089] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 646.023276][T12089] should_failslab+0xc2/0x120 [ 646.023289][T12089] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 646.023311][T12089] ? sock_alloc_inode+0x25/0x1c0 [ 646.023328][T12089] ? __pfx_sock_alloc_inode+0x10/0x10 [ 646.023340][T12089] sock_alloc_inode+0x25/0x1c0 [ 646.023354][T12089] alloc_inode+0x64/0x240 [ 646.023369][T12089] sock_alloc+0x40/0x280 [ 646.023383][T12089] sock_create_lite+0x82/0x120 [ 646.023398][T12089] __netlink_kernel_create+0xbd/0x750 [ 646.023414][T12089] ? __pfx___netlink_kernel_create+0x10/0x10 [ 646.023433][T12089] ? __pfx_crypto_netlink_init+0x10/0x10 [ 646.023455][T12089] crypto_netlink_init+0xb7/0x140 [ 646.023474][T12089] ? cpus_read_unlock+0x83/0x150 [ 646.023490][T12089] ? __pfx_crypto_netlink_init+0x10/0x10 [ 646.023510][T12089] ? __nf_register_net_hook+0x371/0x730 [ 646.023530][T12089] ? __pfx_crypto_netlink_rcv+0x10/0x10 [ 646.023552][T12089] ? nf_register_net_hook+0x117/0x160 [ 646.023574][T12089] ? nf_register_net_hooks+0xb1/0xd0 [ 646.023597][T12089] ops_init+0x1df/0x5f0 [ 646.023621][T12089] setup_net+0x1ff/0x510 [ 646.023641][T12089] ? lockdep_init_map_type+0x5c/0x280 [ 646.023661][T12089] ? __pfx_setup_net+0x10/0x10 [ 646.023683][T12089] ? debug_mutex_init+0x37/0x70 [ 646.023700][T12089] copy_net_ns+0x2a6/0x5f0 [ 646.023716][T12089] create_new_namespaces+0x3ea/0xa90 [ 646.023736][T12089] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 646.023754][T12089] ksys_unshare+0x45b/0xa40 [ 646.023773][T12089] ? __pfx_ksys_unshare+0x10/0x10 [ 646.023793][T12089] ? xfd_validate_state+0x61/0x180 [ 646.023817][T12089] __x64_sys_unshare+0x31/0x40 [ 646.023835][T12089] do_syscall_64+0xcd/0x490 [ 646.023858][T12089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 646.023872][T12089] RIP: 0033:0x7f79b898e929 [ 646.023884][T12089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 646.023899][T12089] RSP: 002b:00007f79b98b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 646.023913][T12089] RAX: ffffffffffffffda RBX: 00007f79b8bb5fa0 RCX: 00007f79b898e929 [ 646.023923][T12089] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 646.023931][T12089] RBP: 00007f79b8a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 646.023939][T12089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 646.023948][T12089] R13: 0000000000000000 R14: 00007f79b8bb5fa0 R15: 00007ffc99d371a8 [ 646.023967][T12089] [ 646.443955][T12071] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 646.456240][T12071] Node 1 Normal: 195*4kB (UME) 55*8kB (UME) 43*16kB (UME) 260*32kB (UME) 99*64kB (UME) 27*128kB (UME) 4*256kB (UM) 3*512kB (UM) 2*1024kB (ME) 1*2048kB (E) 947*4096kB (M) = 3905588kB [ 646.474537][T12071] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 646.484828][T12071] Node 0 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 646.495304][T12071] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 646.504960][T12071] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 646.518541][T12071] 67680 total pagecache pages [ 646.523292][T12071] 0 pages in swap cache [ 646.528469][T12071] Free swap = 124988kB [ 646.532741][T12071] Total swap = 124996kB [ 646.537114][T12071] 2097051 pages RAM [ 646.540940][T12071] 0 pages HighMem/MovableOnly [ 646.550518][T12071] 429987 pages reserved [ 646.554940][T12071] 0 pages cma reserved [ 648.571013][T12130] zram: Added device: zram3 [ 651.922609][ T5892] Bluetooth: hci1: Malformed LE Event: 0x1d [ 652.097224][T12195] blktrace: Concurrent blktraces are not allowed on ram7 [ 653.274734][T12222] ptrace attach of "./syz-executor exec"[5897] was attempted by "./syz-executor exec"[12222] [ 654.741424][T12248] random: crng reseeded on system resumption [ 654.859281][T12250] sp0: Synchronizing with TNC [ 656.248877][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 656.258378][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 656.291684][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 656.325596][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 656.343920][ T24] rtc rtc0: __rtc_set_alarm: err=-22 [ 656.441521][ T5892] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 657.368703][T12302] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 658.181412][ T30] audit: type=1800 audit(4294969607.112:9): pid=12315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1280" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 658.384588][T12318] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1281'. [ 659.067916][T12335] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 660.063804][T12353] ERROR: Out of memory at tomoyo_memory_ok. [ 660.142812][T12353] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/333/file0' not defined. [ 660.339050][T12364] random: crng reseeded on system resumption [ 660.365181][T12353] FAULT_INJECTION: forcing a failure. [ 660.365181][T12353] name failslab, interval 1, probability 0, space 0, times 0 [ 660.484520][T12353] CPU: 1 UID: 0 PID: 12353 Comm: syz.2.1290 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 660.484559][T12353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 660.484575][T12353] Call Trace: [ 660.484583][T12353] [ 660.484594][T12353] dump_stack_lvl+0x16c/0x1f0 [ 660.484638][T12353] should_fail_ex+0x512/0x640 [ 660.484682][T12353] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 660.484721][T12353] should_failslab+0xc2/0x120 [ 660.484748][T12353] __kmalloc_cache_noprof+0x6a/0x3e0 [ 660.484794][T12353] ? ip_vs_est_add_kthread+0x1d5/0x850 [ 660.484829][T12353] ip_vs_est_add_kthread+0x1d5/0x850 [ 660.484864][T12353] ip_vs_start_estimator+0x250/0x430 [ 660.484897][T12353] ip_vs_control_net_init+0x158c/0x1d20 [ 660.484939][T12353] __ip_vs_init+0x217/0x520 [ 660.484976][T12353] ? __pfx___ip_vs_init+0x10/0x10 [ 660.485010][T12353] ops_init+0x1df/0x5f0 [ 660.485055][T12353] setup_net+0x1ff/0x510 [ 660.485092][T12353] ? lockdep_init_map_type+0x5c/0x280 [ 660.485128][T12353] ? __pfx_setup_net+0x10/0x10 [ 660.485169][T12353] ? debug_mutex_init+0x37/0x70 [ 660.485200][T12353] copy_net_ns+0x2a6/0x5f0 [ 660.485230][T12353] create_new_namespaces+0x3ea/0xa90 [ 660.485269][T12353] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 660.485303][T12353] ksys_unshare+0x45b/0xa40 [ 660.485338][T12353] ? __pfx_ksys_unshare+0x10/0x10 [ 660.485374][T12353] ? xfd_validate_state+0x61/0x180 [ 660.485420][T12353] __x64_sys_unshare+0x31/0x40 [ 660.485452][T12353] do_syscall_64+0xcd/0x490 [ 660.485488][T12353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.485514][T12353] RIP: 0033:0x7f0350f8e929 [ 660.485536][T12353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 660.485562][T12353] RSP: 002b:00007f0351dcc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 660.485587][T12353] RAX: ffffffffffffffda RBX: 00007f03511b5fa0 RCX: 00007f0350f8e929 [ 660.485605][T12353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 660.485621][T12353] RBP: 00007f0351010b39 R08: 0000000000000000 R09: 0000000000000000 [ 660.485638][T12353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 660.485663][T12353] R13: 0000000000000000 R14: 00007f03511b5fa0 R15: 00007fff81271748 [ 660.485701][T12353] [ 663.841149][T12418] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1302'. [ 666.353722][T12457] FAULT_INJECTION: forcing a failure. [ 666.353722][T12457] name failslab, interval 1, probability 0, space 0, times 0 [ 666.386554][T12457] CPU: 1 UID: 0 PID: 12457 Comm: syz.0.1309 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 666.386591][T12457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 666.386608][T12457] Call Trace: [ 666.386617][T12457] [ 666.386627][T12457] dump_stack_lvl+0x16c/0x1f0 [ 666.386670][T12457] should_fail_ex+0x512/0x640 [ 666.386704][T12457] ? __kvmalloc_node_noprof+0x124/0x620 [ 666.386744][T12457] should_failslab+0xc2/0x120 [ 666.386770][T12457] __kvmalloc_node_noprof+0x137/0x620 [ 666.386806][T12457] ? __pfx___mutex_lock+0x10/0x10 [ 666.386840][T12457] ? nf_hook_entries_grow+0x22b/0x860 [ 666.386875][T12457] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 666.386910][T12457] ? nf_hook_entries_grow+0x22b/0x860 [ 666.386939][T12457] nf_hook_entries_grow+0x22b/0x860 [ 666.386985][T12457] __nf_register_net_hook+0x1cd/0x730 [ 666.387029][T12457] nf_register_net_hook+0x109/0x160 [ 666.387080][T12457] nf_register_net_hooks+0x5d/0xd0 [ 666.387121][T12457] ? __pfx_apparmor_nf_register+0x10/0x10 [ 666.387161][T12457] ops_init+0x1df/0x5f0 [ 666.387205][T12457] setup_net+0x1ff/0x510 [ 666.387239][T12457] ? lockdep_init_map_type+0x5c/0x280 [ 666.387273][T12457] ? __pfx_setup_net+0x10/0x10 [ 666.387313][T12457] ? debug_mutex_init+0x37/0x70 [ 666.387343][T12457] copy_net_ns+0x2a6/0x5f0 [ 666.387372][T12457] create_new_namespaces+0x3ea/0xa90 [ 666.387410][T12457] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 666.387442][T12457] ksys_unshare+0x45b/0xa40 [ 666.387477][T12457] ? __pfx_ksys_unshare+0x10/0x10 [ 666.387512][T12457] ? xfd_validate_state+0x61/0x180 [ 666.387557][T12457] __x64_sys_unshare+0x31/0x40 [ 666.387590][T12457] do_syscall_64+0xcd/0x490 [ 666.387630][T12457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.387653][T12457] RIP: 0033:0x7efed3f8e929 [ 666.387673][T12457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.387693][T12457] RSP: 002b:00007efed4d7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 666.387715][T12457] RAX: ffffffffffffffda RBX: 00007efed41b5fa0 RCX: 00007efed3f8e929 [ 666.387734][T12457] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 666.387750][T12457] RBP: 00007efed4010b39 R08: 0000000000000000 R09: 0000000000000000 [ 666.387766][T12457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 666.387782][T12457] R13: 0000000000000000 R14: 00007efed41b5fa0 R15: 00007ffc184c2558 [ 666.387817][T12457] [ 666.890063][T12470] sp0: Synchronizing with TNC [ 667.386763][T12489] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1316'. [ 668.270860][T12508] sp0: Synchronizing with TNC [ 668.749823][T12519] FAULT_INJECTION: forcing a failure. [ 668.749823][T12519] name failslab, interval 1, probability 0, space 0, times 0 [ 668.764677][T12519] CPU: 1 UID: 0 PID: 12519 Comm: syz.1.1323 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 668.764715][T12519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 668.764731][T12519] Call Trace: [ 668.764741][T12519] [ 668.764751][T12519] dump_stack_lvl+0x16c/0x1f0 [ 668.764793][T12519] should_fail_ex+0x512/0x640 [ 668.764830][T12519] ? __kmalloc_noprof+0xbf/0x510 [ 668.764867][T12519] ? lsm_blob_alloc+0x68/0x90 [ 668.764904][T12519] should_failslab+0xc2/0x120 [ 668.764929][T12519] __kmalloc_noprof+0xd2/0x510 [ 668.764970][T12519] lsm_blob_alloc+0x68/0x90 [ 668.765003][T12519] security_sk_alloc+0x30/0x270 [ 668.765029][T12519] sk_prot_alloc+0x1c7/0x2a0 [ 668.765070][T12519] sk_alloc+0x36/0xc20 [ 668.765103][T12519] __netlink_create+0x5e/0x2c0 [ 668.765142][T12519] __netlink_kernel_create+0xed/0x750 [ 668.765170][T12519] ? __pfx___netlink_kernel_create+0x10/0x10 [ 668.765205][T12519] ? __pfx_crypto_netlink_init+0x10/0x10 [ 668.765243][T12519] crypto_netlink_init+0xb7/0x140 [ 668.765278][T12519] ? cpus_read_unlock+0x83/0x150 [ 668.765308][T12519] ? __pfx_crypto_netlink_init+0x10/0x10 [ 668.765344][T12519] ? __nf_register_net_hook+0x371/0x730 [ 668.765384][T12519] ? __pfx_crypto_netlink_rcv+0x10/0x10 [ 668.765422][T12519] ? nf_register_net_hook+0x117/0x160 [ 668.765458][T12519] ? nf_register_net_hooks+0xb1/0xd0 [ 668.765497][T12519] ops_init+0x1df/0x5f0 [ 668.765541][T12519] setup_net+0x1ff/0x510 [ 668.765573][T12519] ? lockdep_init_map_type+0x5c/0x280 [ 668.765607][T12519] ? __pfx_setup_net+0x10/0x10 [ 668.765647][T12519] ? debug_mutex_init+0x37/0x70 [ 668.765677][T12519] copy_net_ns+0x2a6/0x5f0 [ 668.765706][T12519] create_new_namespaces+0x3ea/0xa90 [ 668.765770][T12519] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 668.765806][T12519] ksys_unshare+0x45b/0xa40 [ 668.765840][T12519] ? __pfx_ksys_unshare+0x10/0x10 [ 668.765874][T12519] ? xfd_validate_state+0x61/0x180 [ 668.765917][T12519] __x64_sys_unshare+0x31/0x40 [ 668.765948][T12519] do_syscall_64+0xcd/0x490 [ 668.765985][T12519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.766009][T12519] RIP: 0033:0x7efce1b8e929 [ 668.766029][T12519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 668.766058][T12519] RSP: 002b:00007efce2a9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 668.766082][T12519] RAX: ffffffffffffffda RBX: 00007efce1db5fa0 RCX: 00007efce1b8e929 [ 668.766098][T12519] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 668.766113][T12519] RBP: 00007efce1c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 668.766127][T12519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 668.766142][T12519] R13: 0000000000000000 R14: 00007efce1db5fa0 R15: 00007fff43042de8 [ 668.766175][T12519] [ 670.221850][T12543] FAULT_INJECTION: forcing a failure. [ 670.221850][T12543] name failslab, interval 1, probability 0, space 0, times 0 [ 670.234806][T12543] CPU: 0 UID: 0 PID: 12543 Comm: syz.3.1330 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 670.234840][T12543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 670.234856][T12543] Call Trace: [ 670.234866][T12543] [ 670.234877][T12543] dump_stack_lvl+0x16c/0x1f0 [ 670.234919][T12543] should_fail_ex+0x512/0x640 [ 670.234954][T12543] ? fs_reclaim_acquire+0xae/0x150 [ 670.234989][T12543] should_failslab+0xc2/0x120 [ 670.235013][T12543] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 670.235053][T12543] ? security_inode_alloc+0x3b/0x2b0 [ 670.235087][T12543] security_inode_alloc+0x3b/0x2b0 [ 670.235118][T12543] inode_init_always_gfp+0xce4/0x1030 [ 670.235159][T12543] alloc_inode+0x86/0x240 [ 670.235187][T12543] sock_alloc+0x40/0x280 [ 670.235212][T12543] __sock_create+0xc1/0x8d0 [ 670.235249][T12543] __sys_socket+0x14d/0x260 [ 670.235278][T12543] ? __pfx___sys_socket+0x10/0x10 [ 670.235307][T12543] ? xfd_validate_state+0x61/0x180 [ 670.235336][T12543] ? __pfx_ksys_write+0x10/0x10 [ 670.235379][T12543] __x64_sys_socket+0x72/0xb0 [ 670.235415][T12543] ? lockdep_hardirqs_on+0x7c/0x110 [ 670.235452][T12543] do_syscall_64+0xcd/0x490 [ 670.235487][T12543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.235514][T12543] RIP: 0033:0x7f79b8990847 [ 670.235536][T12543] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 670.235562][T12543] RSP: 002b:00007f79b98affa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 670.235587][T12543] RAX: ffffffffffffffda RBX: 00007f79b8bb5fa0 RCX: 00007f79b8990847 [ 670.235613][T12543] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 670.235628][T12543] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 670.235644][T12543] R10: 00002000000001c0 R11: 0000000000000286 R12: 0000000000000000 [ 670.235659][T12543] R13: 0000000000000000 R14: 00007f79b8bb5fa0 R15: 00007ffc99d371a8 [ 670.235695][T12543] [ 670.235726][T12543] net_ratelimit: 3 callbacks suppressed [ 670.235740][T12543] socket: no more sockets [ 671.478012][T12549] Process accounting paused [ 672.055092][T12574] FAULT_INJECTION: forcing a failure. [ 672.055092][T12574] name failslab, interval 1, probability 0, space 0, times 0 [ 672.120017][T12574] CPU: 0 UID: 0 PID: 12574 Comm: syz.1.1336 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 672.120057][T12574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 672.120073][T12574] Call Trace: [ 672.120082][T12574] [ 672.120092][T12574] dump_stack_lvl+0x16c/0x1f0 [ 672.120132][T12574] should_fail_ex+0x512/0x640 [ 672.120166][T12574] ? __kmalloc_noprof+0xbf/0x510 [ 672.120201][T12574] ? sk_prot_alloc+0x1a8/0x2a0 [ 672.120226][T12574] should_failslab+0xc2/0x120 [ 672.120251][T12574] __kmalloc_noprof+0xd2/0x510 [ 672.120285][T12574] ? evm_inode_alloc_security+0x49/0xc0 [ 672.120325][T12574] sk_prot_alloc+0x1a8/0x2a0 [ 672.120353][T12574] sk_alloc+0x36/0xc20 [ 672.120388][T12574] __netlink_create+0x5e/0x2c0 [ 672.120421][T12574] __netlink_kernel_create+0xed/0x750 [ 672.120438][T12574] ? __pfx___netlink_kernel_create+0x10/0x10 [ 672.120457][T12574] ? __pfx_crypto_netlink_init+0x10/0x10 [ 672.120478][T12574] crypto_netlink_init+0xb7/0x140 [ 672.120498][T12574] ? cpus_read_unlock+0x83/0x150 [ 672.120514][T12574] ? __pfx_crypto_netlink_init+0x10/0x10 [ 672.120533][T12574] ? __nf_register_net_hook+0x371/0x730 [ 672.120564][T12574] ? __pfx_crypto_netlink_rcv+0x10/0x10 [ 672.120585][T12574] ? nf_register_net_hook+0x117/0x160 [ 672.120607][T12574] ? nf_register_net_hooks+0xb1/0xd0 [ 672.120629][T12574] ops_init+0x1df/0x5f0 [ 672.120653][T12574] setup_net+0x1ff/0x510 [ 672.120689][T12574] ? lockdep_init_map_type+0x5c/0x280 [ 672.120710][T12574] ? __pfx_setup_net+0x10/0x10 [ 672.120734][T12574] ? debug_mutex_init+0x37/0x70 [ 672.120751][T12574] copy_net_ns+0x2a6/0x5f0 [ 672.120768][T12574] create_new_namespaces+0x3ea/0xa90 [ 672.120789][T12574] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 672.120807][T12574] ksys_unshare+0x45b/0xa40 [ 672.120826][T12574] ? __pfx_ksys_unshare+0x10/0x10 [ 672.120845][T12574] ? xfd_validate_state+0x61/0x180 [ 672.120869][T12574] __x64_sys_unshare+0x31/0x40 [ 672.120887][T12574] do_syscall_64+0xcd/0x490 [ 672.120909][T12574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.120923][T12574] RIP: 0033:0x7efce1b8e929 [ 672.120935][T12574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 672.120949][T12574] RSP: 002b:00007efce2a9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 672.120963][T12574] RAX: ffffffffffffffda RBX: 00007efce1db5fa0 RCX: 00007efce1b8e929 [ 672.120973][T12574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 672.120981][T12574] RBP: 00007efce1c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 672.120990][T12574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 672.120998][T12574] R13: 0000000000000000 R14: 00007efce1db5fa0 R15: 00007fff43042de8 [ 672.121016][T12574] [ 673.472246][T12592] ERROR: Out of memory at tomoyo_memory_ok. [ 675.337324][T12625] sp0: Synchronizing with TNC [ 676.954364][ T5892] Bluetooth: hci2: unexpected event 0x3d length: 726 > 14 [ 677.866179][T12669] random: crng reseeded on system resumption [ 678.788079][T12676] sp0: Synchronizing with TNC [ 680.389540][T12726] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1369'. [ 680.699878][T12731] sp0: Synchronizing with TNC [ 680.747223][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805b598400: rx timeout, send abort [ 680.758122][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805b598400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 680.758490][ T5199] ERROR: Out of memory at tomoyo_memory_ok. [ 682.085868][T12760] FAULT_INJECTION: forcing a failure. [ 682.085868][T12760] name failslab, interval 1, probability 0, space 0, times 0 [ 682.099084][T12760] CPU: 1 UID: 0 PID: 12760 Comm: syz.2.1377 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 682.099115][T12760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 682.099130][T12760] Call Trace: [ 682.099139][T12760] [ 682.099148][T12760] dump_stack_lvl+0x16c/0x1f0 [ 682.099189][T12760] should_fail_ex+0x512/0x640 [ 682.099221][T12760] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 682.099261][T12760] should_failslab+0xc2/0x120 [ 682.099284][T12760] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 682.099319][T12760] ? taskstats_exit+0x654/0xbe0 [ 682.099358][T12760] taskstats_exit+0x654/0xbe0 [ 682.099394][T12760] ? __pfx_taskstats_exit+0x10/0x10 [ 682.099425][T12760] ? rcu_is_watching+0x12/0xc0 [ 682.099449][T12760] ? _raw_spin_unlock_irq+0x23/0x50 [ 682.099480][T12760] ? lockdep_hardirqs_on+0x7c/0x110 [ 682.099513][T12760] ? _raw_spin_unlock_irq+0x2e/0x50 [ 682.099547][T12760] do_exit+0x5d9/0x2bd0 [ 682.099578][T12760] ? audit_log_end+0x14a/0x2b0 [ 682.099614][T12760] ? __pfx_do_exit+0x10/0x10 [ 682.099649][T12760] ? audit_seccomp+0x194/0x1f0 [ 682.099681][T12760] __secure_computing+0x2d3/0x320 [ 682.099718][T12760] syscall_trace_enter+0x89/0x260 [ 682.099754][T12760] do_syscall_64+0x347/0x490 [ 682.099790][T12760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.099814][T12760] RIP: 0033:0x7f0350f8e929 [ 682.099832][T12760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 682.099851][T12760] RSP: 002b:00007f0351dcb9f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 682.099872][T12760] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f0350f8e929 [ 682.099886][T12760] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 000000000000000b [ 682.099900][T12760] RBP: 00007f0351dcc040 R08: 00007f0351dcd000 R09: 000000000000000b [ 682.099916][T12760] R10: 000000000001b516 R11: 0000000000000246 R12: 0000000000000000 [ 682.099930][T12760] R13: 0000000000000000 R14: 00007f03511b5fa0 R15: 00007fff81271748 [ 682.099964][T12760] [ 682.307735][ T30] audit: type=1326 audit(4294969631.136:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12757 comm="syz.2.1377" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0350f8e929 code=0x0 [ 684.534592][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 684.552169][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 684.618249][T12807] size and base must be multiples of 4 kiB [ 684.624979][T12807] CPU: 1 UID: 0 PID: 12807 Comm: syz.3.1385 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 684.625014][T12807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 684.625029][T12807] Call Trace: [ 684.625038][T12807] [ 684.625047][T12807] dump_stack_lvl+0x16c/0x1f0 [ 684.625092][T12807] mtrr_del+0xd1/0x110 [ 684.625124][T12807] mtrr_ioctl+0x922/0xcf0 [ 684.625157][T12807] ? __pfx_mtrr_ioctl+0x10/0x10 [ 684.625208][T12807] ? find_held_lock+0x2b/0x80 [ 684.625245][T12807] ? __fget_files+0x20e/0x3c0 [ 684.625280][T12807] ? __pfx_mtrr_ioctl+0x10/0x10 [ 684.625311][T12807] proc_reg_unlocked_ioctl+0x229/0x320 [ 684.625347][T12807] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 684.625387][T12807] __x64_sys_ioctl+0x18b/0x210 [ 684.625417][T12807] do_syscall_64+0xcd/0x490 [ 684.625456][T12807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 684.625481][T12807] RIP: 0033:0x7f79b898e929 [ 684.625502][T12807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 684.625526][T12807] RSP: 002b:00007f79b98b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 684.625550][T12807] RAX: ffffffffffffffda RBX: 00007f79b8bb5fa0 RCX: 00007f79b898e929 [ 684.625568][T12807] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 684.625583][T12807] RBP: 00007f79b8a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 684.625598][T12807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 684.625613][T12807] R13: 0000000000000000 R14: 00007f79b8bb5fa0 R15: 00007ffc99d371a8 [ 684.625647][T12807] [ 686.832936][T12853] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1394'. [ 687.244364][ T6016] udevd[6016]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 689.096211][T12889] FAULT_INJECTION: forcing a failure. [ 689.096211][T12889] name failslab, interval 1, probability 0, space 0, times 0 [ 689.136320][T12889] CPU: 1 UID: 0 PID: 12889 Comm: syz.1.1404 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 689.136359][T12889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 689.136375][T12889] Call Trace: [ 689.136384][T12889] [ 689.136394][T12889] dump_stack_lvl+0x16c/0x1f0 [ 689.136436][T12889] should_fail_ex+0x512/0x640 [ 689.136480][T12889] ? __kmalloc_noprof+0xbf/0x510 [ 689.136523][T12889] ? sk_prot_alloc+0x1a8/0x2a0 [ 689.136548][T12889] should_failslab+0xc2/0x120 [ 689.136574][T12889] __kmalloc_noprof+0xd2/0x510 [ 689.136611][T12889] ? evm_inode_alloc_security+0x49/0xc0 [ 689.136658][T12889] sk_prot_alloc+0x1a8/0x2a0 [ 689.136687][T12889] sk_alloc+0x36/0xc20 [ 689.136722][T12889] __netlink_create+0x5e/0x2c0 [ 689.136762][T12889] __netlink_kernel_create+0xed/0x750 [ 689.136791][T12889] ? __pfx___netlink_kernel_create+0x10/0x10 [ 689.136827][T12889] ? __pfx_crypto_netlink_init+0x10/0x10 [ 689.136866][T12889] crypto_netlink_init+0xb7/0x140 [ 689.136902][T12889] ? cpus_read_unlock+0x83/0x150 [ 689.136932][T12889] ? __pfx_crypto_netlink_init+0x10/0x10 [ 689.136978][T12889] ? __nf_register_net_hook+0x371/0x730 [ 689.137021][T12889] ? __pfx_crypto_netlink_rcv+0x10/0x10 [ 689.137062][T12889] ? nf_register_net_hook+0x117/0x160 [ 689.137101][T12889] ? nf_register_net_hooks+0xb1/0xd0 [ 689.137143][T12889] ops_init+0x1df/0x5f0 [ 689.137186][T12889] setup_net+0x1ff/0x510 [ 689.137224][T12889] ? lockdep_init_map_type+0x5c/0x280 [ 689.137260][T12889] ? __pfx_setup_net+0x10/0x10 [ 689.137302][T12889] ? debug_mutex_init+0x37/0x70 [ 689.137333][T12889] copy_net_ns+0x2a6/0x5f0 [ 689.137363][T12889] create_new_namespaces+0x3ea/0xa90 [ 689.137402][T12889] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 689.137437][T12889] ksys_unshare+0x45b/0xa40 [ 689.137472][T12889] ? __pfx_ksys_unshare+0x10/0x10 [ 689.137509][T12889] ? xfd_validate_state+0x61/0x180 [ 689.137553][T12889] __x64_sys_unshare+0x31/0x40 [ 689.137588][T12889] do_syscall_64+0xcd/0x490 [ 689.137628][T12889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.137653][T12889] RIP: 0033:0x7efce1b8e929 [ 689.137674][T12889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 689.137699][T12889] RSP: 002b:00007efce2a9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 689.137724][T12889] RAX: ffffffffffffffda RBX: 00007efce1db5fa0 RCX: 00007efce1b8e929 [ 689.137742][T12889] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 689.137758][T12889] RBP: 00007efce1c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 689.137771][T12889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 689.137784][T12889] R13: 0000000000000000 R14: 00007efce1db5fa0 R15: 00007fff43042de8 [ 689.137818][T12889] [ 689.373218][T12895] device-mapper: ioctl: Invalid ioctl structure: uuid ±, name , dev 5 [ 691.222591][T12918] netlink: 'syz.1.1408': attribute type 5 has an invalid length. [ 693.183768][T12977] ptrace attach of "./syz-executor exec"[5885] was attempted by ""[12977] [ 695.214870][T13008] Invalid ELF header magic: != ELF [ 695.457428][T13018] FAULT_INJECTION: forcing a failure. [ 695.457428][T13018] name failslab, interval 1, probability 0, space 0, times 0 [ 695.470854][T13018] CPU: 0 UID: 0 PID: 13018 Comm: syz.0.1426 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 695.470888][T13018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 695.470904][T13018] Call Trace: [ 695.470913][T13018] [ 695.470924][T13018] dump_stack_lvl+0x16c/0x1f0 [ 695.470970][T13018] should_fail_ex+0x512/0x640 [ 695.471005][T13018] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 695.471058][T13018] should_failslab+0xc2/0x120 [ 695.471085][T13018] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 695.471127][T13018] ? sock_alloc_inode+0x25/0x1c0 [ 695.471158][T13018] ? __pfx_sock_alloc_inode+0x10/0x10 [ 695.471183][T13018] sock_alloc_inode+0x25/0x1c0 [ 695.471208][T13018] alloc_inode+0x64/0x240 [ 695.471237][T13018] sock_alloc+0x40/0x280 [ 695.471261][T13018] sock_create_lite+0x82/0x120 [ 695.471288][T13018] __netlink_kernel_create+0xbd/0x750 [ 695.471316][T13018] ? __pfx___netlink_kernel_create+0x10/0x10 [ 695.471352][T13018] ? __pfx_crypto_netlink_init+0x10/0x10 [ 695.471393][T13018] crypto_netlink_init+0xb7/0x140 [ 695.471428][T13018] ? cpus_read_unlock+0x83/0x150 [ 695.471456][T13018] ? __pfx_crypto_netlink_init+0x10/0x10 [ 695.471491][T13018] ? __nf_register_net_hook+0x371/0x730 [ 695.471529][T13018] ? __pfx_crypto_netlink_rcv+0x10/0x10 [ 695.471578][T13018] ? nf_register_net_hook+0x117/0x160 [ 695.471620][T13018] ? nf_register_net_hooks+0xb1/0xd0 [ 695.471663][T13018] ops_init+0x1df/0x5f0 [ 695.471706][T13018] setup_net+0x1ff/0x510 [ 695.471743][T13018] ? lockdep_init_map_type+0x5c/0x280 [ 695.471779][T13018] ? __pfx_setup_net+0x10/0x10 [ 695.471820][T13018] ? debug_mutex_init+0x37/0x70 [ 695.471849][T13018] copy_net_ns+0x2a6/0x5f0 [ 695.471878][T13018] create_new_namespaces+0x3ea/0xa90 [ 695.471914][T13018] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 695.471944][T13018] ksys_unshare+0x45b/0xa40 [ 695.471976][T13018] ? __pfx_ksys_unshare+0x10/0x10 [ 695.472008][T13018] ? xfd_validate_state+0x61/0x180 [ 695.472063][T13018] __x64_sys_unshare+0x31/0x40 [ 695.472098][T13018] do_syscall_64+0xcd/0x490 [ 695.472141][T13018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.472168][T13018] RIP: 0033:0x7efed3f8e929 [ 695.472190][T13018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 695.472215][T13018] RSP: 002b:00007efed4d7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 695.472241][T13018] RAX: ffffffffffffffda RBX: 00007efed41b5fa0 RCX: 00007efed3f8e929 [ 695.472259][T13018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 695.472276][T13018] RBP: 00007efed4010b39 R08: 0000000000000000 R09: 0000000000000000 [ 695.472292][T13018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 695.472307][T13018] R13: 0000000000000000 R14: 00007efed41b5fa0 R15: 00007ffc184c2558 [ 695.472343][T13018] [ 695.758121][ C0] vkms_vblank_simulate: vblank timer overrun [ 696.287798][T13025] blk-mq: reduced tag depth (128 -> 64) [ 696.912844][T13031] sp0: Synchronizing with TNC [ 699.238737][T13072] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input29 [ 699.536802][T13073] FAULT_INJECTION: forcing a failure. [ 699.536802][T13073] name failslab, interval 1, probability 0, space 0, times 0 [ 699.549817][T13073] CPU: 0 UID: 0 PID: 13073 Comm: syz.1.1437 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 699.549839][T13073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 699.549849][T13073] Call Trace: [ 699.549855][T13073] [ 699.549862][T13073] dump_stack_lvl+0x16c/0x1f0 [ 699.549889][T13073] should_fail_ex+0x512/0x640 [ 699.549909][T13073] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 699.549941][T13073] should_failslab+0xc2/0x120 [ 699.549956][T13073] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 699.549977][T13073] ? find_held_lock+0x2b/0x80 [ 699.549992][T13073] ? __d_alloc+0x31/0xaa0 [ 699.550016][T13073] __d_alloc+0x31/0xaa0 [ 699.550035][T13073] ? __d_lookup+0x266/0x4a0 [ 699.550052][T13073] d_alloc+0x4a/0x1e0 [ 699.550073][T13073] lookup_one_qstr_excl_raw.part.0+0x96/0x160 [ 699.550089][T13073] ? lookup_dcache+0x66/0x170 [ 699.550105][T13073] lookup_one_qstr_excl+0x3e/0x120 [ 699.550122][T13073] filename_create+0x1e7/0x4a0 [ 699.550146][T13073] ? __pfx_filename_create+0x10/0x10 [ 699.550169][T13073] ? __might_fault+0xe3/0x190 [ 699.550189][T13073] ? __might_fault+0xe3/0x190 [ 699.550208][T13073] ? __might_fault+0x13b/0x190 [ 699.550230][T13073] do_mknodat+0x18a/0x5d0 [ 699.550253][T13073] ? __pfx_do_mknodat+0x10/0x10 [ 699.550272][T13073] ? getname_flags.part.0+0x1c5/0x550 [ 699.550292][T13073] __x64_sys_mknod+0x87/0xb0 [ 699.550312][T13073] do_syscall_64+0xcd/0x490 [ 699.550335][T13073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.550353][T13073] RIP: 0033:0x7efce1b8e929 [ 699.550367][T13073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 699.550381][T13073] RSP: 002b:00007efce2a9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 699.550395][T13073] RAX: ffffffffffffffda RBX: 00007efce1db5fa0 RCX: 00007efce1b8e929 [ 699.550404][T13073] RDX: 0000000000000008 RSI: 0000000000000005 RDI: 0000200000000000 [ 699.550412][T13073] RBP: 00007efce1c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 699.550421][T13073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 699.550429][T13073] R13: 0000000000000000 R14: 00007efce1db5fa0 R15: 00007fff43042de8 [ 699.550448][T13073] [ 700.349442][T13088] FAULT_INJECTION: forcing a failure. [ 700.349442][T13088] name failslab, interval 1, probability 0, space 0, times 0 [ 700.371398][T13088] CPU: 1 UID: 0 PID: 13088 Comm: syz.1.1439 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 700.371433][T13088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 700.371447][T13088] Call Trace: [ 700.371454][T13088] [ 700.371464][T13088] dump_stack_lvl+0x16c/0x1f0 [ 700.371505][T13088] should_fail_ex+0x512/0x640 [ 700.371537][T13088] ? __kvmalloc_node_noprof+0x124/0x620 [ 700.371575][T13088] should_failslab+0xc2/0x120 [ 700.371599][T13088] __kvmalloc_node_noprof+0x137/0x620 [ 700.371622][T13088] ? __pfx___mutex_lock+0x10/0x10 [ 700.371652][T13088] ? nf_hook_entries_grow+0x22b/0x860 [ 700.371678][T13088] ? nf_hook_entries_grow+0x22b/0x860 [ 700.371697][T13088] nf_hook_entries_grow+0x22b/0x860 [ 700.371724][T13088] __nf_register_net_hook+0x1cd/0x730 [ 700.371748][T13088] nf_register_net_hook+0x109/0x160 [ 700.371770][T13088] nf_register_net_hooks+0x5d/0xd0 [ 700.371792][T13088] ? __pfx_apparmor_nf_register+0x10/0x10 [ 700.371813][T13088] ops_init+0x1df/0x5f0 [ 700.371837][T13088] setup_net+0x1ff/0x510 [ 700.371857][T13088] ? lockdep_init_map_type+0x5c/0x280 [ 700.371877][T13088] ? __pfx_setup_net+0x10/0x10 [ 700.371903][T13088] ? debug_mutex_init+0x37/0x70 [ 700.371919][T13088] copy_net_ns+0x2a6/0x5f0 [ 700.371935][T13088] create_new_namespaces+0x3ea/0xa90 [ 700.371957][T13088] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 700.371975][T13088] ksys_unshare+0x45b/0xa40 [ 700.371994][T13088] ? __pfx_ksys_unshare+0x10/0x10 [ 700.372014][T13088] ? xfd_validate_state+0x61/0x180 [ 700.372038][T13088] __x64_sys_unshare+0x31/0x40 [ 700.372056][T13088] do_syscall_64+0xcd/0x490 [ 700.372079][T13088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 700.372093][T13088] RIP: 0033:0x7efce1b8e929 [ 700.372105][T13088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 700.372119][T13088] RSP: 002b:00007efce2a9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 700.372134][T13088] RAX: ffffffffffffffda RBX: 00007efce1db5fa0 RCX: 00007efce1b8e929 [ 700.372143][T13088] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 700.372152][T13088] RBP: 00007efce1c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 700.372161][T13088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 700.372170][T13088] R13: 0000000000000000 R14: 00007efce1db5fa0 R15: 00007fff43042de8 [ 700.372190][T13088] [ 700.809146][T13096] sp0: Synchronizing with TNC [ 702.079695][T13110] Process accounting resumed [ 703.233623][T13155] FAULT_INJECTION: forcing a failure. [ 703.233623][T13155] name failslab, interval 1, probability 0, space 0, times 0 [ 703.298035][T13155] CPU: 0 UID: 0 PID: 13155 Comm: syz.2.1451 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 703.298059][T13155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 703.298068][T13155] Call Trace: [ 703.298073][T13155] [ 703.298079][T13155] dump_stack_lvl+0x16c/0x1f0 [ 703.298106][T13155] should_fail_ex+0x512/0x640 [ 703.298126][T13155] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 703.298151][T13155] should_failslab+0xc2/0x120 [ 703.298165][T13155] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 703.298187][T13155] ? sock_alloc_inode+0x25/0x1c0 [ 703.298204][T13155] ? __pfx_sock_alloc_inode+0x10/0x10 [ 703.298217][T13155] sock_alloc_inode+0x25/0x1c0 [ 703.298231][T13155] alloc_inode+0x64/0x240 [ 703.298246][T13155] sock_alloc+0x40/0x280 [ 703.298259][T13155] sock_create_lite+0x82/0x120 [ 703.298274][T13155] __netlink_kernel_create+0xbd/0x750 [ 703.298294][T13155] ? __pfx___netlink_kernel_create+0x10/0x10 [ 703.298313][T13155] ? __pfx_crypto_netlink_init+0x10/0x10 [ 703.298340][T13155] crypto_netlink_init+0xb7/0x140 [ 703.298361][T13155] ? cpus_read_unlock+0x83/0x150 [ 703.298377][T13155] ? __pfx_crypto_netlink_init+0x10/0x10 [ 703.298396][T13155] ? __nf_register_net_hook+0x371/0x730 [ 703.298418][T13155] ? __pfx_crypto_netlink_rcv+0x10/0x10 [ 703.298438][T13155] ? nf_register_net_hook+0x117/0x160 [ 703.298459][T13155] ? nf_register_net_hooks+0xb1/0xd0 [ 703.298481][T13155] ops_init+0x1df/0x5f0 [ 703.298505][T13155] setup_net+0x1ff/0x510 [ 703.298525][T13155] ? lockdep_init_map_type+0x5c/0x280 [ 703.298552][T13155] ? __pfx_setup_net+0x10/0x10 [ 703.298576][T13155] ? debug_mutex_init+0x37/0x70 [ 703.298593][T13155] copy_net_ns+0x2a6/0x5f0 [ 703.298610][T13155] create_new_namespaces+0x3ea/0xa90 [ 703.298630][T13155] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 703.298648][T13155] ksys_unshare+0x45b/0xa40 [ 703.298667][T13155] ? __pfx_ksys_unshare+0x10/0x10 [ 703.298686][T13155] ? xfd_validate_state+0x61/0x180 [ 703.298710][T13155] __x64_sys_unshare+0x31/0x40 [ 703.298728][T13155] do_syscall_64+0xcd/0x490 [ 703.298750][T13155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.298765][T13155] RIP: 0033:0x7f0350f8e929 [ 703.298777][T13155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.298792][T13155] RSP: 002b:00007f0351dcc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 703.298806][T13155] RAX: ffffffffffffffda RBX: 00007f03511b5fa0 RCX: 00007f0350f8e929 [ 703.298815][T13155] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 703.298824][T13155] RBP: 00007f0351010b39 R08: 0000000000000000 R09: 0000000000000000 [ 703.298832][T13155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 703.298840][T13155] R13: 0000000000000000 R14: 00007f03511b5fa0 R15: 00007fff81271748 [ 703.298859][T13155] [ 703.638670][T13157] sp0: Synchronizing with TNC [ 703.799428][T13164] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1453'. [ 704.765108][T13186] FAULT_INJECTION: forcing a failure. [ 704.765108][T13186] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 704.785779][T13186] CPU: 0 UID: 0 PID: 13186 Comm: syz.1.1458 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 704.785812][T13186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 704.785826][T13186] Call Trace: [ 704.785834][T13186] [ 704.785843][T13186] dump_stack_lvl+0x16c/0x1f0 [ 704.785884][T13186] should_fail_ex+0x512/0x640 [ 704.785923][T13186] _copy_to_user+0x32/0xd0 [ 704.785963][T13186] simple_read_from_buffer+0xcb/0x170 [ 704.785996][T13186] proc_fail_nth_read+0x197/0x270 [ 704.786025][T13186] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 704.786053][T13186] ? rw_verify_area+0xcf/0x680 [ 704.786083][T13186] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 704.786110][T13186] vfs_read+0x1e4/0xc60 [ 704.786147][T13186] ? __pfx___mutex_lock+0x10/0x10 [ 704.786182][T13186] ? __pfx_vfs_read+0x10/0x10 [ 704.786225][T13186] ? __fget_files+0x20e/0x3c0 [ 704.786278][T13186] ksys_read+0x12a/0x250 [ 704.786306][T13186] ? __pfx_ksys_read+0x10/0x10 [ 704.786338][T13186] ? fdget+0x187/0x210 [ 704.786376][T13186] do_syscall_64+0xcd/0x490 [ 704.786420][T13186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 704.786445][T13186] RIP: 0033:0x7efce1b8d33c [ 704.786465][T13186] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 704.786488][T13186] RSP: 002b:00007efce2a37030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 704.786509][T13186] RAX: ffffffffffffffda RBX: 00007efce1db6240 RCX: 00007efce1b8d33c [ 704.786524][T13186] RDX: 000000000000000f RSI: 00007efce2a370a0 RDI: 0000000000000006 [ 704.786536][T13186] RBP: 00007efce2a37090 R08: 0000000000000000 R09: 0000000000000000 [ 704.786551][T13186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 704.786565][T13186] R13: 0000000000000000 R14: 00007efce1db6240 R15: 00007fff43042de8 [ 704.786600][T13186] [ 705.725991][T13203] sp0: Synchronizing with TNC [ 708.090708][T13254] sp0: Synchronizing with TNC [ 708.997423][T13275] FAULT_INJECTION: forcing a failure. [ 708.997423][T13275] name failslab, interval 1, probability 0, space 0, times 0 [ 709.026603][T13275] CPU: 1 UID: 0 PID: 13275 Comm: syz.0.1480 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 709.026641][T13275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 709.026656][T13275] Call Trace: [ 709.026665][T13275] [ 709.026675][T13275] dump_stack_lvl+0x16c/0x1f0 [ 709.026719][T13275] should_fail_ex+0x512/0x640 [ 709.026754][T13275] ? __kvmalloc_node_noprof+0x124/0x620 [ 709.026795][T13275] should_failslab+0xc2/0x120 [ 709.026821][T13275] __kvmalloc_node_noprof+0x137/0x620 [ 709.026860][T13275] ? sbitmap_init_node+0x1ca/0x770 [ 709.026893][T13275] ? sbitmap_init_node+0x1ca/0x770 [ 709.026919][T13275] sbitmap_init_node+0x1ca/0x770 [ 709.026953][T13275] sbitmap_queue_init_node+0x41/0x560 [ 709.026989][T13275] blk_mq_init_tags+0x12d/0x2b0 [ 709.027044][T13275] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 709.027085][T13275] ? blk_mq_map_queues+0x211/0x410 [ 709.027120][T13275] __blk_mq_alloc_map_and_rqs+0x128/0x1f0 [ 709.027160][T13275] blk_mq_alloc_tag_set+0x778/0x1260 [ 709.027209][T13275] loop_add+0x3b9/0xb70 [ 709.027238][T13275] ? do_vfs_ioctl+0x523/0x1a60 [ 709.027267][T13275] ? __pfx_loop_add+0x10/0x10 [ 709.027293][T13275] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 709.027346][T13275] ? find_held_lock+0x2b/0x80 [ 709.027379][T13275] loop_control_ioctl+0x13e/0x630 [ 709.027411][T13275] ? __pfx_loop_control_ioctl+0x10/0x10 [ 709.027447][T13275] ? __pfx_loop_control_ioctl+0x10/0x10 [ 709.027479][T13275] __x64_sys_ioctl+0x18b/0x210 [ 709.027513][T13275] do_syscall_64+0xcd/0x490 [ 709.027557][T13275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.027584][T13275] RIP: 0033:0x7efed3f8e929 [ 709.027605][T13275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 709.027631][T13275] RSP: 002b:00007efed4d7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 709.027656][T13275] RAX: ffffffffffffffda RBX: 00007efed41b5fa0 RCX: 00007efed3f8e929 [ 709.027673][T13275] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 000000000000000a [ 709.027690][T13275] RBP: 00007efed4010b39 R08: 0000000000000000 R09: 0000000000000000 [ 709.027706][T13275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 709.027722][T13275] R13: 0000000000000000 R14: 00007efed41b5fa0 R15: 00007ffc184c2558 [ 709.027756][T13275] [ 709.029104][T13275] blk-mq: reduced tag depth (128 -> 64) [ 710.489407][T13303] sp0: Synchronizing with TNC [ 711.004451][T13322] FAULT_INJECTION: forcing a failure. [ 711.004451][T13322] name failslab, interval 1, probability 0, space 0, times 0 [ 711.053026][T13322] CPU: 0 UID: 0 PID: 13322 Comm: syz.0.1490 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 711.053066][T13322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 711.053083][T13322] Call Trace: [ 711.053093][T13322] [ 711.053104][T13322] dump_stack_lvl+0x16c/0x1f0 [ 711.053148][T13322] should_fail_ex+0x512/0x640 [ 711.053186][T13322] ? __kmalloc_node_noprof+0xc5/0x500 [ 711.053228][T13322] should_failslab+0xc2/0x120 [ 711.053252][T13322] __kmalloc_node_noprof+0xd8/0x500 [ 711.053290][T13322] ? blk_mq_alloc_tag_set+0x534/0x1260 [ 711.053332][T13322] blk_mq_alloc_tag_set+0x534/0x1260 [ 711.053380][T13322] loop_add+0x3b9/0xb70 [ 711.053409][T13322] ? do_vfs_ioctl+0x523/0x1a60 [ 711.053439][T13322] ? __pfx_loop_add+0x10/0x10 [ 711.053464][T13322] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 711.053514][T13322] ? find_held_lock+0x2b/0x80 [ 711.053547][T13322] loop_control_ioctl+0x13e/0x630 [ 711.053578][T13322] ? __pfx_loop_control_ioctl+0x10/0x10 [ 711.053613][T13322] ? __pfx_loop_control_ioctl+0x10/0x10 [ 711.053644][T13322] __x64_sys_ioctl+0x18b/0x210 [ 711.053676][T13322] do_syscall_64+0xcd/0x490 [ 711.053716][T13322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.053742][T13322] RIP: 0033:0x7efed3f8e929 [ 711.053771][T13322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 711.053797][T13322] RSP: 002b:00007efed4d7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 711.053823][T13322] RAX: ffffffffffffffda RBX: 00007efed41b5fa0 RCX: 00007efed3f8e929 [ 711.053841][T13322] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 000000000000000a [ 711.053857][T13322] RBP: 00007efed4010b39 R08: 0000000000000000 R09: 0000000000000000 [ 711.053873][T13322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 711.053889][T13322] R13: 0000000000000000 R14: 00007efed41b5fa0 R15: 00007ffc184c2558 [ 711.053924][T13322] [ 711.250549][ C0] vkms_vblank_simulate: vblank timer overrun [ 711.503250][T13329] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1491'. [ 711.671138][T13333] sp0: Synchronizing with TNC [ 712.370287][T13351] sp0: Synchronizing with TNC [ 713.277219][T13368] blk-mq: reduced tag depth (128 -> 64) [ 716.306352][T13430] delete_channel: no stack [ 717.297007][T13448] ubi0: attaching mtd0 [ 717.356696][T13448] ubi0 error: validate_ec_hdr: bad VID header offset 64, expected 3965 [ 717.377945][T13448] ubi0 error: validate_ec_hdr: bad EC header [ 717.400711][T13448] Erase counter header dump: [ 717.473123][T13448] magic 0x55424923 [ 717.475456][T13451] sp0: Synchronizing with TNC [ 717.497438][T13448] version 1 [ 717.509619][T13448] ec 1 [ 717.518537][T13448] vid_hdr_offset 64 [ 717.529125][T13448] data_offset 128 [ 717.548574][T13448] image_seq -886890884 [ 717.577858][T13448] hdr_crc 0x569edbef [ 717.654135][T13448] erase counter header hexdump: [ 717.760360][T13448] CPU: 1 UID: 0 PID: 13448 Comm: syz.1.1519 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 717.760393][T13448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 717.760408][T13448] Call Trace: [ 717.760418][T13448] [ 717.760428][T13448] dump_stack_lvl+0x16c/0x1f0 [ 717.760472][T13448] validate_ec_hdr+0x28c/0x330 [ 717.760510][T13448] ubi_io_read_ec_hdr+0x63b/0x6c0 [ 717.760547][T13448] ubi_attach+0x5e7/0x4bd0 [ 717.760584][T13448] ? __pfx_ubi_msg+0x10/0x10 [ 717.760614][T13448] ? __pfx_ubi_attach+0x10/0x10 [ 717.760643][T13448] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 717.760671][T13448] ? __vmalloc_node_noprof+0xad/0xf0 [ 717.760705][T13448] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 717.760740][T13448] ubi_attach_mtd_dev+0x15a7/0x35d0 [ 717.760804][T13448] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 717.760835][T13448] ? __pfx_get_mtd_device+0x10/0x10 [ 717.760880][T13448] ctrl_cdev_ioctl+0x337/0x3d0 [ 717.760906][T13448] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 717.760939][T13448] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 717.760966][T13448] __x64_sys_ioctl+0x18b/0x210 [ 717.761001][T13448] do_syscall_64+0xcd/0x490 [ 717.761054][T13448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.761083][T13448] RIP: 0033:0x7efce1b8e929 [ 717.761107][T13448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 717.761132][T13448] RSP: 002b:00007efce2a9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 717.761156][T13448] RAX: ffffffffffffffda RBX: 00007efce1db5fa0 RCX: 00007efce1b8e929 [ 717.761172][T13448] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000003 [ 717.761187][T13448] RBP: 00007efce1c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 717.761204][T13448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 717.761219][T13448] R13: 0000000000000000 R14: 00007efce1db5fa0 R15: 00007fff43042de8 [ 717.761255][T13448] [ 717.761266][T13448] ubi0 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 718.052383][T13448] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 718.271781][T13462] FAULT_INJECTION: forcing a failure. [ 718.271781][T13462] name failslab, interval 1, probability 0, space 0, times 0 [ 718.313314][T13462] CPU: 0 UID: 0 PID: 13462 Comm: syz.2.1523 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 718.313353][T13462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 718.313369][T13462] Call Trace: [ 718.313377][T13462] [ 718.313387][T13462] dump_stack_lvl+0x16c/0x1f0 [ 718.313426][T13462] should_fail_ex+0x512/0x640 [ 718.313461][T13462] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 718.313498][T13462] should_failslab+0xc2/0x120 [ 718.313523][T13462] __kmalloc_cache_noprof+0x6a/0x3e0 [ 718.313558][T13462] ? blk_mq_init_allocated_queue+0xd1/0x1240 [ 718.313601][T13462] blk_mq_init_allocated_queue+0xd1/0x1240 [ 718.313643][T13462] ? blk_alloc_queue+0x630/0x760 [ 718.313670][T13462] ? blk_mq_alloc_queue+0x175/0x290 [ 718.313703][T13462] ? blk_alloc_queue+0x1a3/0x760 [ 718.313735][T13462] blk_mq_alloc_queue+0x1be/0x290 [ 718.313766][T13462] ? __pfx_blk_mq_alloc_queue+0x10/0x10 [ 718.313828][T13462] ? debug_mutex_init+0x37/0x70 [ 718.313859][T13462] ? blk_mq_alloc_tag_set+0xcfe/0x1260 [ 718.313904][T13462] __blk_mq_alloc_disk+0x29/0x120 [ 718.313942][T13462] loop_add+0x49e/0xb70 [ 718.313971][T13462] ? do_vfs_ioctl+0x523/0x1a60 [ 718.314002][T13462] ? __pfx_loop_add+0x10/0x10 [ 718.314042][T13462] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 718.314099][T13462] ? find_held_lock+0x2b/0x80 [ 718.314132][T13462] loop_control_ioctl+0x13e/0x630 [ 718.314164][T13462] ? __pfx_loop_control_ioctl+0x10/0x10 [ 718.314199][T13462] ? __pfx_loop_control_ioctl+0x10/0x10 [ 718.314231][T13462] __x64_sys_ioctl+0x18b/0x210 [ 718.314264][T13462] do_syscall_64+0xcd/0x490 [ 718.314309][T13462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 718.314339][T13462] RIP: 0033:0x7f0350f8e929 [ 718.314359][T13462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 718.314386][T13462] RSP: 002b:00007f0351dcc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 718.314411][T13462] RAX: ffffffffffffffda RBX: 00007f03511b5fa0 RCX: 00007f0350f8e929 [ 718.314430][T13462] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 000000000000000a [ 718.314446][T13462] RBP: 00007f0351010b39 R08: 0000000000000000 R09: 0000000000000000 [ 718.314462][T13462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 718.314478][T13462] R13: 0000000000000000 R14: 00007f03511b5fa0 R15: 00007fff81271748 [ 718.314512][T13462] [ 718.707795][T13469] sp0: Synchronizing with TNC [ 720.593254][T13517] sp0: Synchronizing with TNC [ 722.657853][T13553] ubi0: attaching mtd0 [ 722.666163][T13553] ubi0 error: validate_ec_hdr: bad VID header offset 64, expected 3965 [ 722.701188][T13553] ubi0 error: validate_ec_hdr: bad EC header [ 722.721024][T13553] Erase counter header dump: [ 722.732079][T13553] magic 0x55424923 [ 722.746995][T13553] version 1 [ 722.756622][T13553] ec 1 [ 722.760884][T13553] vid_hdr_offset 64 [ 722.764998][T13553] data_offset 128 [ 722.769550][T13553] image_seq -886890884 [ 722.774289][T13553] hdr_crc 0x569edbef [ 722.781341][T13553] erase counter header hexdump: [ 722.789916][T13553] CPU: 1 UID: 0 PID: 13553 Comm: syz.2.1541 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 722.789947][T13553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 722.789963][T13553] Call Trace: [ 722.789972][T13553] [ 722.789982][T13553] dump_stack_lvl+0x16c/0x1f0 [ 722.790023][T13553] validate_ec_hdr+0x28c/0x330 [ 722.790064][T13553] ubi_io_read_ec_hdr+0x63b/0x6c0 [ 722.790105][T13553] ubi_attach+0x5e7/0x4bd0 [ 722.790146][T13553] ? __pfx_ubi_msg+0x10/0x10 [ 722.790176][T13553] ? __pfx_ubi_attach+0x10/0x10 [ 722.790204][T13553] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 722.790231][T13553] ? __vmalloc_node_noprof+0xad/0xf0 [ 722.790264][T13553] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 722.790296][T13553] ubi_attach_mtd_dev+0x15a7/0x35d0 [ 722.790353][T13553] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 722.790382][T13553] ? __pfx_get_mtd_device+0x10/0x10 [ 722.790431][T13553] ctrl_cdev_ioctl+0x337/0x3d0 [ 722.790460][T13553] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 722.790499][T13553] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 722.790529][T13553] __x64_sys_ioctl+0x18b/0x210 [ 722.790564][T13553] do_syscall_64+0xcd/0x490 [ 722.790604][T13553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 722.790630][T13553] RIP: 0033:0x7f0350f8e929 [ 722.790651][T13553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 722.790676][T13553] RSP: 002b:00007f0351dcc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 722.790701][T13553] RAX: ffffffffffffffda RBX: 00007f03511b5fa0 RCX: 00007f0350f8e929 [ 722.790718][T13553] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000003 [ 722.790735][T13553] RBP: 00007f0351010b39 R08: 0000000000000000 R09: 0000000000000000 [ 722.790750][T13553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 722.790766][T13553] R13: 0000000000000000 R14: 00007f03511b5fa0 R15: 00007fff81271748 [ 722.790798][T13553] [ 722.790807][T13553] ubi0 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 723.067507][T13553] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 723.381713][T13565] sp0: Synchronizing with TNC [ 726.007392][T13624] FAULT_INJECTION: forcing a failure. [ 726.007392][T13624] name failslab, interval 1, probability 0, space 0, times 0 [ 726.022601][T13624] CPU: 1 UID: 0 PID: 13624 Comm: syz.3.1558 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 726.022634][T13624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 726.022648][T13624] Call Trace: [ 726.022658][T13624] [ 726.022669][T13624] dump_stack_lvl+0x16c/0x1f0 [ 726.022712][T13624] should_fail_ex+0x512/0x640 [ 726.022748][T13624] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 726.022785][T13624] should_failslab+0xc2/0x120 [ 726.022812][T13624] __kmalloc_cache_noprof+0x6a/0x3e0 [ 726.022848][T13624] ? percpu_ref_init+0xec/0x410 [ 726.022882][T13624] ? __pfx_css_release+0x10/0x10 [ 726.022915][T13624] percpu_ref_init+0xec/0x410 [ 726.022945][T13624] ? init_and_link_css+0x32c/0x700 [ 726.022976][T13624] cgroup_apply_control_enable+0x50b/0xbb0 [ 726.023028][T13624] cgroup_mkdir+0x5e7/0x11f0 [ 726.023074][T13624] ? __pfx_cgroup_mkdir+0x10/0x10 [ 726.023115][T13624] kernfs_iop_mkdir+0x111/0x190 [ 726.023147][T13624] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 726.023174][T13624] vfs_mkdir+0x590/0x8c0 [ 726.023209][T13624] do_mkdirat+0x304/0x3e0 [ 726.023243][T13624] ? __pfx_do_mkdirat+0x10/0x10 [ 726.023292][T13624] ? getname_flags.part.0+0x1c5/0x550 [ 726.023326][T13624] __x64_sys_mkdir+0xef/0x140 [ 726.023365][T13624] do_syscall_64+0xcd/0x490 [ 726.023405][T13624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.023432][T13624] RIP: 0033:0x7f79b898e929 [ 726.023453][T13624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 726.023478][T13624] RSP: 002b:00007f79b9890038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 726.023504][T13624] RAX: ffffffffffffffda RBX: 00007f79b8bb6080 RCX: 00007f79b898e929 [ 726.023522][T13624] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 726.023538][T13624] RBP: 00007f79b8a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 726.023554][T13624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 726.023569][T13624] R13: 0000000000000000 R14: 00007f79b8bb6080 R15: 00007ffc99d371a8 [ 726.023605][T13624] [ 726.276434][ T24] ------------[ cut here ]------------ [ 726.287173][ T24] WARNING: CPU: 1 PID: 24 at kernel/cgroup/rstat.c:497 css_rstat_exit+0x368/0x470 [ 726.297583][ T24] Modules linked in: [ 726.302937][ T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 726.313270][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 726.323427][ T24] Workqueue: cgroup_destroy css_free_rwork_fn [ 726.329547][ T24] RIP: 0010:css_rstat_exit+0x368/0x470 [ 726.335097][ T24] Code: 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 0e 01 00 00 49 c7 85 70 05 00 00 00 00 00 00 e9 00 ff ff ff e8 d9 09 07 00 90 <0f> 0b 90 e9 3e ff ff ff e8 cb 09 07 00 90 0f 0b 90 e9 30 ff ff ff [ 726.354917][ T24] RSP: 0018:ffffc900001e7bc0 EFLAGS: 00010293 [ 726.361059][ T24] RAX: 0000000000000000 RBX: ffff8880288d3400 RCX: ffff888124720000 [ 726.369026][ T24] RDX: ffff88801ea90000 RSI: ffffffff81b45507 RDI: ffffffff8df37da0 [ 726.377102][ T24] RBP: ffff8880288d3408 R08: 0000000000000005 R09: 0000000000000007 [ 726.385378][ T24] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880288d3420 [ 726.393967][ T24] R13: 0000000000000000 R14: 0000000000000003 R15: dffffc0000000000 [ 726.402393][ T24] FS: 0000000000000000(0000) GS:ffff888124820000(0000) knlGS:0000000000000000 [ 726.411481][ T24] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 726.418065][ T24] CR2: 0000001b33bf6ff8 CR3: 000000003053a000 CR4: 00000000003526f0 [ 726.426061][ T24] Call Trace: [ 726.429352][ T24] [ 726.432289][ T24] css_free_rwork_fn+0x80/0x12e0 [ 726.437241][ T24] ? rcu_is_watching+0x12/0xc0 [ 726.442042][ T24] process_one_work+0x9cf/0x1b70 [ 726.447007][ T24] ? __pfx_process_one_work+0x10/0x10 [ 726.452427][ T24] ? assign_work+0x1a0/0x250 [ 726.457042][ T24] worker_thread+0x6c8/0xf10 [ 726.461711][ T24] ? __pfx_worker_thread+0x10/0x10 [ 726.466830][ T24] kthread+0x3c2/0x780 [ 726.470964][ T24] ? __pfx_kthread+0x10/0x10 [ 726.475571][ T24] ? rcu_is_watching+0x12/0xc0 [ 726.480653][ T24] ? __pfx_kthread+0x10/0x10 [ 726.485257][ T24] ret_from_fork+0x5d7/0x6f0 [ 726.490085][ T24] ? __pfx_kthread+0x10/0x10 [ 726.494990][ T24] ret_from_fork_asm+0x1a/0x30 [ 726.500272][ T24] [ 726.503318][ T24] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 726.510607][ T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 726.520763][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 726.530818][ T24] Workqueue: cgroup_destroy css_free_rwork_fn [ 726.536903][ T24] Call Trace: [ 726.540184][ T24] [ 726.543115][ T24] dump_stack_lvl+0x3d/0x1f0 [ 726.547715][ T24] panic+0x71c/0x800 [ 726.551620][ T24] ? __pfx_panic+0x10/0x10 [ 726.556044][ T24] ? show_trace_log_lvl+0x29b/0x3e0 [ 726.561262][ T24] ? check_panic_on_warn+0x1f/0xb0 [ 726.566391][ T24] ? css_rstat_exit+0x368/0x470 [ 726.571251][ T24] check_panic_on_warn+0xab/0xb0 [ 726.576208][ T24] __warn+0xf6/0x3c0 [ 726.580112][ T24] ? css_rstat_exit+0x368/0x470 [ 726.584970][ T24] report_bug+0x3c3/0x580 [ 726.589318][ T24] ? css_rstat_exit+0x368/0x470 [ 726.594170][ T24] handle_bug+0x184/0x210 [ 726.598512][ T24] exc_invalid_op+0x17/0x50 [ 726.603028][ T24] asm_exc_invalid_op+0x1a/0x20 [ 726.607881][ T24] RIP: 0010:css_rstat_exit+0x368/0x470 [ 726.613351][ T24] Code: 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 0e 01 00 00 49 c7 85 70 05 00 00 00 00 00 00 e9 00 ff ff ff e8 d9 09 07 00 90 <0f> 0b 90 e9 3e ff ff ff e8 cb 09 07 00 90 0f 0b 90 e9 30 ff ff ff [ 726.632997][ T24] RSP: 0018:ffffc900001e7bc0 EFLAGS: 00010293 [ 726.639067][ T24] RAX: 0000000000000000 RBX: ffff8880288d3400 RCX: ffff888124720000 [ 726.647034][ T24] RDX: ffff88801ea90000 RSI: ffffffff81b45507 RDI: ffffffff8df37da0 [ 726.655022][ T24] RBP: ffff8880288d3408 R08: 0000000000000005 R09: 0000000000000007 [ 726.663000][ T24] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880288d3420 [ 726.671055][ T24] R13: 0000000000000000 R14: 0000000000000003 R15: dffffc0000000000 [ 726.679037][ T24] ? css_rstat_exit+0x367/0x470 [ 726.683905][ T24] css_free_rwork_fn+0x80/0x12e0 [ 726.688852][ T24] ? rcu_is_watching+0x12/0xc0 [ 726.693640][ T24] process_one_work+0x9cf/0x1b70 [ 726.698650][ T24] ? __pfx_process_one_work+0x10/0x10 [ 726.704056][ T24] ? assign_work+0x1a0/0x250 [ 726.708660][ T24] worker_thread+0x6c8/0xf10 [ 726.713273][ T24] ? __pfx_worker_thread+0x10/0x10 [ 726.718396][ T24] kthread+0x3c2/0x780 [ 726.722478][ T24] ? __pfx_kthread+0x10/0x10 [ 726.727076][ T24] ? rcu_is_watching+0x12/0xc0 [ 726.731843][ T24] ? __pfx_kthread+0x10/0x10 [ 726.736442][ T24] ret_from_fork+0x5d7/0x6f0 [ 726.741039][ T24] ? __pfx_kthread+0x10/0x10 [ 726.745638][ T24] ret_from_fork_asm+0x1a/0x30 [ 726.750421][ T24] [ 726.753683][ T24] Kernel Offset: disabled [ 726.758002][ T24] Rebooting in 86400 seconds..