last executing test programs: 6.627038798s ago: executing program 3 (id=840): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/controlC2\x00', 0x400, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(0x0, r1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="810b25bd7080fbdbdf250100"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r1, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x7, 0x0, 0x6, 0x6}, 0x4}, 0x10a, 0x6, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x201, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f000000c380)={0x63, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xc03, 0x10001, 0x2c, 0x3, 0xfffffffffffffffe}) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, 0x0, 0x1, 0x0) r4 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x101000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, r0, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/irq/14/smp_affinity\x00', 0x40001, 0x0) listen$auto(r4, 0x5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/misc/userfaultfd/power/control\x00', 0x2e8280, 0x0) socket(0x27, 0x8, 0x106) socket(0x2, 0x1, 0x0) 5.711864755s ago: executing program 0 (id=844): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xca, &(0x7f0000000080)='\x04>\x01\x12X\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8%6\x9c%\x96\x9a\\S\xa2(Q\xcc\xbf\r\x8d\xe3~kYHi\x1cd\x91g\xdd\\\xa4\x10\x83\xce\a', 0x7f) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), r0) newfstatat$auto(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x10, 0x7, 0x1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9, 0xffffffffffffffff, 0x6ad, 0x8000000000000000, 0x2, 0x3, 0x1, 0x0, 0x3ff, 0x8}, 0x594) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) pread64$auto(r2, &(0x7f0000000200)='/proc/self/net/ip6_tables_targets\x00', 0x34b, 0x10000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80480, 0x0) ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0) ioctl$auto_PPPIOCSMAXCID(r3, 0x40047451, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(r2, 0xffffffffffffffff, 0xffffffff) lstat$auto(&(0x7f0000002200)='./file0\x00', &(0x7f0000002240)={0x6, 0x6, 0x8, 0x8, 0x0, r1, 0x0, 0x9, 0x4, 0x3, 0x3, 0x3, 0x80, 0xa, 0x9, 0x7, 0xffff}) keyctl$auto(0x1, 0xee01, 0x0, r1, 0x1b) write$auto(0xffffffffffffffff, 0x0, 0x2b6) select$auto(0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffc) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), r2) write$auto(0x3, 0x0, 0xfffffdef) shutdown$auto(0x200000003, 0x2) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 5.510733002s ago: executing program 1 (id=845): keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab40, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x20000000) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyua\x00', 0x20a04, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x11, 0x80000, 0x300) move_pages$auto(0x1, 0x9, 0x0, 0x0, 0x0, 0x8000000000000000) setsockopt$auto(r0, 0x105, 0xe, 0x0, 0x80000009) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000031c0)='/dev/ttyua\x00', 0x109000, 0x0) read$auto(r1, 0x0, 0x42) close_range$auto(0x2, 0x8, 0x0) fcntl$auto(0x3, 0x8, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x6) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x3, 0x0, 0x1, 0x1) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv6/conf/netdevsim2/hop_limit\x00', 0x5014c0, 0x0) mmap$auto(0x0, 0x7ff, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x72) socket$nl_generic(0x10, 0x3, 0x10) 5.002895755s ago: executing program 0 (id=847): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/controlC2\x00', 0x400, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="810b25bd7080fbdbdf250100"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r1, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x7, 0x0, 0x6, 0x6}, 0x4}, 0x10a, 0x6, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x201, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f000000c380)={0x63, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xc03, 0x10001, 0x2c, 0x3, 0xfffffffffffffffe}) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, 0x0, 0x1, 0x0) r4 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x101000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, r0, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/irq/14/smp_affinity\x00', 0x40001, 0x0) listen$auto(r4, 0x5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/misc/userfaultfd/power/control\x00', 0x2e8280, 0x0) socket(0x27, 0x8, 0x106) socket(0x2, 0x1, 0x0) 4.85148911s ago: executing program 3 (id=848): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) unshare$auto(0x8000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0) r1 = prctl$auto_PR_SET_MM_START_CODE(0x7, 0x1, 0xffffffffffffffff, 0x8, 0x4) sendmsg$auto_NL80211_CMD_RADAR_DETECT(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, 0x0, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@NL80211_ATTR_FILS_ERP_USERNAME={0xe, 0xf9, "54e97aaa729a79a6ce7c"}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0xd7b}, @NL80211_ATTR_REG_INDOOR={0x4}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0xc4}]}, 0x38}, 0x1, 0x0, 0x0, 0x11}, 0x4000) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, r0, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000040)="b38fc65a6042") bpf$auto(0x0, 0x0, 0x6f4) 4.686872813s ago: executing program 1 (id=850): r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) ioctl$auto_IMDELTIMER(r0, 0x80044941, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xebe, 0x401, 0x8000) unshare$auto(0x60000080) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000540)="9e0839d502484f8af75c1000226ca59d1a2eb71caa281e1647d76bfa482b37c7e16e7536a55d10cf54d5e382c7514c70f31f5ca964180c28ca2a2827836d03e1a9e73cc343d7e9ad821727e0064bebdcf62d3b8173cc4ab3745c16c484d5bb9289c508000000f46d4369202ad194cae093fb4f086091e895c13b5c3c00000000495ee97f0d934c05e9a6c0a5b36c0783348f4bc1dfc48fbc73e97cc523b6c10a88454525699e49c5e742c2ea8b62344dc4c89bec882f52e08b3cccd3597bf4b324876476f787a4551e0e3822098e67e6c88d3b2795a3c0c6e35c1136feb6c65d7e27b52ac38897d8f27b1a03f8ab85ac24053fcd76fef86d1cb0055bb0c39564f8a6c000868a71ca6f065317273ae322c30dedf182dd796a645f8e70cb6cb687f8daa319bd8c9d2610d11d8c513fe9357cac430025cc8e82d3dc7e50") move_pages$auto(0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8000000000000000) r1 = getpgid(0x0) socket$nl_generic(0x10, 0x3, 0x10) rt_tgsigqueueinfo$auto(r1, r1, 0x208, &(0x7f0000000100)={@siginfo_0_0={0x3, 0xffff, 0x0, @_sigsys={&(0x7f0000000340)="ec74806b2476647892201c4d01266dbe7daeea4c50216dfa9bb7ac7a1af0699d5b33b0cd904da5b38dafd565d72e0a15979c507e71d5e19a9ee807300c87e310e68416d0126632feb19d5a63e6a57331396f8357c2ec0140ebeab267845b10feabcc4685663da350872a518b27d0f6eba650c6107877b146d81cb5d8fc137619e587d556043e06b0c5a0a2695a6e6010bc03eaeb5d9c089fa9b6165f7c0d2b37b834c484aa6357dafc6d5f8b59e8d04dd54f4faf8ffe2b8d90ec55662168368fa518f79c41558df8f5a192521261c118fb7f3c4fcadf1e5846cc6e4038ecce8da8aff0a7e925be3536e15bb928e25d6e7a47f8dfe35f372736de3151c85e", 0x9}}}) getsockopt$auto(0xffffffffffffffff, 0x107, 0xc, 0x0, 0x0) syz_genetlink_get_family_id$auto_ovs_vport(0x0, 0xffffffffffffffff) open(0x0, 0x2a4c0, 0x40) socket(0x6, 0x1, 0x4) pread64$auto(0xffffffffffffffff, 0x0, 0x7fe, 0x400) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000280)=0xfffffffffffffffd) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x20008000}, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000001140)='/proc/self/oom_adj\x00', 0x8042, 0x0) read$auto(r2, 0x0, 0x1f40) r3 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/buffer_size_kb\x00', 0x1, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0xa}, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) adjtimex$auto(&(0x7f0000000200)={0x5f95, 0x0, 0x2, 0x2000000a, 0xff7d, 0xbc58, 0x4000005, 0x0, 0x5, 0x8, 0x80000000, {0x7ff, 0xf423f}, 0x2744, 0x200000001, 0xff, 0x7, 0x0, 0x3c8, 0x8, 0x8, 0xffffffffffffffff, 0x1560cc85, 0x9}) sendmmsg$auto(r0, &(0x7f0000000240)={{&(0x7f0000000000)="41a01a3a1b3a80ada9917abde8538919ca952a3a221c47806572c6be036ba070da5d11406271e2e1caaca43be101152129b8fe81c1e6e804a99fbaeabd38243df64f7a1fb8b0d16d860fbed6560b733e5dccd9e6393e5811dee4a771d24c1bc6010ede0f2a3c161c0dbe2bc3ef14efc0707aaadf3368e739", 0xfffffff8, &(0x7f0000000180)={&(0x7f0000000080)="ad21c732274f944ea3775a7800abb012694bd5c65f778d24fc3ce53f42773b999ab3a6d090d02b844bebc5f85119df15f2dbb237f3e4af20d269ef6a3b9b6e4cecf7e3a4e99c80da9deabc575bd317eb97105a1a07ee84e7237c6502e2b562ffc1a1860fbe3f35b785667fd54bdea4ea23cd01925b3b377006b28a20a82a6201a2bc0711fd961e118ae37b042438b423993cf17eeff7c63bfa1326335e8e29", 0x5}, 0x5, &(0x7f00000001c0)="c70a459e5c127f5cf92a6e6f17bb7d1b10c9249f5895e2095f39c3c71244c50bfa6c12abdeeb512e0d5a87acf5191e6aee3ab0598f48611e9b140f5479130cfb94a80e21f0b9afefcb4a44a04fedeea4deb48b54bf57ef0fbc8fdf974dbc82ed5588a549d1ce8376ad34bba537e8e907ff", 0x0, 0x7ff}, 0x78}, 0xfffffffa, 0x2) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) renameat2$auto(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 4.381841398s ago: executing program 3 (id=851): close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) r0 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000004680)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x502, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r0, &(0x7f0000000040)="65a90950732f", 0x6) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r1) write$auto_fops_u8_(r1, &(0x7f00000000c0)="256d2ac478a91bace1adfd82e80721aba03379a98a7ebc2ce059fc9e43be59", 0x1f) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) 4.115206681s ago: executing program 3 (id=852): unshare$auto(0x40000080) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) (async) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x40001, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) execveat$auto(r2, 0x0, 0x0, 0x0, 0x11000) (async, rerun: 32) write$auto(r0, 0x0, 0xfff) (async, rerun: 32) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) listmount$auto(0x0, &(0x7f00000001c0)=0x4, 0x4, 0x101) (async) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) (async) pidfd_open$auto(0x1, 0x0) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) (async) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/cuse\x00', 0x1842, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/hotplug/target\x00', 0x201, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) (async) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d39, 0x5, 0x2, 0x1]}, 0x0) (async) init_module$auto(0x0, 0xffff9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), r2) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r3) openat$auto_hpet_fops_hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) 3.478300787s ago: executing program 2 (id=853): r0 = open(&(0x7f0000000140)='./file0\x00', 0x161342, 0x100) write$auto(r0, &(0x7f0000000000)='}\x00', 0x5) unshare$auto(0x40000080) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000004d40), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_DEL_RXSC(r2, &(0x7f0000007500)={0x0, 0x0, &(0x7f00000074c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fedbdf25020000000c000280080001000400000008000100", @ANYRES32=0x0, @ANYBLOB="c8380e939b0c1fb7757e60e91167cda67351c0c395dd9dd49db963e84ad2f02b1ca7313aed16686b7d4ccdbdf442db0b95a4c59ef7a2349c034c4ee2455c7608b3e4b077b0981cd8a4547fb0f0fb5a4db0a79b82198acf94a7412f52fcbce0ac2e6cea5d17dc91e16ebaf739b90bfaa2f626e0b042c3e07f8f21349f59977fd61341a0169e2c363ba65fbc81ed67a3549055"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x80) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000800)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="050725bd7000fbdbdf251c0000009ef0431d0ab45167ede823d6ae9f43ae3c9a937a9a165493b9b00e345b3b1097aa9ae03d7c86e16408baed3f60549413d71e6ff72c631b3fc588f6992a65dd20065307dbf09a99c06c15eb23f5763248f5137edf2733ea277372506319e24231a5df992ef4c8bc0193dd3449e120e73238268060f3e6964f16100741259f05585378632d960b6e6a6a0e6ff95a080382b3f7a6955ee7bea0af4db4fc82f98f90a1fb12679b19f5652a05c294d5fdefbc0f9d0debcdcadae22ff12840049df1a5bcbe8aa58b8e589f23200580fcc6b32469a9c55f4ab93cdcfebc9dee31bfea87e3c02f8de5fe9f07d348b48151b43a2a3a29f7"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x23, 0x0, 0x0, 0x1080020}, 0x1a, &(0x7f00000000c0)={&(0x7f0000000340)={0x28, 0x0, 0x20, 0x70bd29, 0x25dfdbfd}, 0x28}, 0x1, 0x0, 0x0, 0x4048800}, 0x40) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) r7 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x2081, 0x0) ioctl$auto_USB_RAW_IOCTL_EP_WRITE(r7, 0x40085507, &(0x7f0000000080)={0x1, 0x0, 0x9}) semctl$auto_GETVAL(0x0, 0x1, 0xc, 0x10000) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r5, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f0000000180)={0x520, r6, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x508, 0x1, 0x0, 0x1, [@nested={0x503, 0x2f, 0x0, 0x1, [@typed={0x80, 0x122, 0x0, 0x0, @binary="3ee6e53c4c07ea5d20478f32b73dab93bda17a38691d14cc7389d7c01028c43754a4fb5f8a12d6b77f0cde3683abeb97f5bc35d14655c93dec83474ae0e23bc53f9ad75829e2b91ff11ac72fef15a647d6cccb3152fc263d3ebc8588a7c6dfef87cbec3a9363e1a83299887f7475c25579dcaa6f4489de497816a6b3"}, @generic="2b4d02edce816134154a0f50376a72eb39", @nested={0x4, 0xf7}, @generic="2bb6aff7fd45", @nested={0x464, 0x126, 0x0, 0x1, [@typed={0x8, 0x123, 0x0, 0x0, @pid}, @nested={0x186, 0x13, 0x0, 0x1, [@typed={0x8, 0x33, 0x0, 0x0, @ipv4=@multicast1}, @nested={0xf3, 0x35, 0x0, 0x1, [@generic="251833cbb52fb6e9a8a6c734d4b32e43485e1a777ff5d38ae7d38b165bdd0ada0d5fc84472c2824af615a5b9c9d4aef4847e6cd61f302c4c84d37c389d4aee42df3fde39d2471c974947269cd1e3e1fffd060286f1ef42c152732bc0e76652410a1b3faef2f661b3a01f96e963498e7e1680995aee71840cb8d56a573fccee540455ff19054a0bdc0e49fdb498bd369ace53d516de6b953bc1400b740fdbfd09863a8396786acc83b46f8af0a99ceedc581d0507f2ddfbfc3128e82296efda855e3c5c83606a8f8988ff87fc7d7366e2a4fa16d2fe496f8132cc740e20bd90d5de040e0989894a3b4ef44c9f4eb834"]}, @typed={0x8, 0x96, 0x0, 0x0, @fd=r5}, @nested={0x4, 0xe6}, @typed={0x8, 0x136, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @nested={0x4, 0xc}, @generic="0f9d32d5079945ea8a0cbbfc8e5b5525d7e700d590fa4fb163be94295eb78970aa03c852df55ae144d3878d262da8fe7b20303dd048578017a985e4b453fd5238d53f95e41baf72169f537cb8afadd1818d300546a8674b85db33b6cb8e32f0d1a914f4b19ae0331beba", @nested={0x4, 0x2e}]}, @generic="34ffd86410324c53d21c1e5e71647d80bcc4a7d8049c8b174ab4269dcbd30585966befea69c7694d5c07d4029f4ede2ad39ce9cbb64e4f5fc72c5be01b4bf8c64da0bc6ff9f6f22b2cd76c796348536cef4e98d87d9d79b8bf4c56fa711ed70705bfe691e6b5e21c6962732f", @typed={0xc, 0x7b, 0x0, 0x0, @u64=0x7}, @typed={0x8, 0xdf, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x2e}}, @nested={0x235, 0x8e, 0x0, 0x1, [@nested={0x4, 0x147}, @generic="4d7a5e32cc45408bd5c81d2c877681e21a9dfee200a4a7cba16e66f2ffccdd7dc44ae705c22a4d912fab92f2314e8b9199ca8666e3ce403f77188ff3ba9fed574ab237a74deae64d9dbf27537bef028ef7f58b82e643218a629f01f1806702d50ca53b7e5e50b7e67ee3bc3f2af134a62c499984b62b6eaa11d937dacf907386a66b28b97f93ecddd71e1ee554758098eed0292d43dfd7a75e594efe06fe36811614e021cb270040258043db6aa750f3a496fbdb17be6dbf4ac357482347fecfef7fa1db9db7522106531defa62eac69d0b207f1a090782ff9d7cb3206129120a0073afeb8aac2be947709d25d4dfe", @generic="bd6fb101464d18c26d462f7cc40384c8faefc4c11fd20df3bdecba20b6e0f9dff72c2e1c07912a62bdb2fc5add76ba15b437119b304ea69c543fba932fdaa8fd33929d2101975ad38b510edf06007ca73a", @typed={0x8, 0x25, 0x0, 0x0, @fd=r5}, @typed={0x4, 0x50}, @generic="f87b9416806f64201a21270c0a3ff7b336f58a7b0b9018d9560bfbec945affd5dac9331511c6a463d7751882550b5a973531d670d3b1fabd9be47f231020225ee5c38bbc151f79175b29ad35f552640060228b90ef7e72a5eb3b7cfe4e604e302772050613d65a1983c85d091fbfd199cd7ac46da186efa6a0664282478ee3a362fc98609d7df18cfd5580a36e94eaaff631d7edc5e37b304de9cc2fa44fa1e7c01884a61f368712fb1ccebda65ea228e863f2ce24305412cee7907118a7134d26f019072232c5778fa5ae86c2ffefe2d0fa0cc82a3e32a2fbdd8841b26f3a0f2c"]}, @typed={0xc, 0xec, 0x0, 0x0, @u64}, @nested={0x9, 0x56, 0x0, 0x1, [@generic="382fc93a8d"]}]}]}]}]}, 0x520}, 0x1, 0x0, 0x0, 0x40c4}, 0xc000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_UI_SET_EVBIT(r0, 0x40045564, &(0x7f00000000c0)=0x3) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0xd5, 0x8, 0x4) madvise$auto(0x0, 0x2003f0, 0x15) ioperm$auto(0x7, 0x86, 0x9) r8 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/current_tracer\x00', 0x40000, 0x0) dup2$auto(r8, r8) madvise$auto(0x0, 0x200007, 0x19) lseek$auto(0x3, 0x2, 0x4) 3.34169104s ago: executing program 0 (id=854): mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='\t\x00\x00\x00', @ANYBLOB="1e00df45"], 0x1ac}, 0x1, 0x0, 0x0, 0x5}, 0x40000d0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0x0) 3.190857305s ago: executing program 0 (id=855): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xca, &(0x7f0000000080)='\x04>\x01\x12X\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8%6\x9c%\x96\x9a\\S\xa2(Q\xcc\xbf\r\x8d\xe3~kYHi\x1cd\x91g\xdd\\\xa4\x10\x83\xce\a', 0x7f) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), r0) newfstatat$auto(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x10, 0x7, 0x1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9, 0xffffffffffffffff, 0x6ad, 0x8000000000000000, 0x2, 0x3, 0x1, 0x0, 0x3ff, 0x8}, 0x594) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) pread64$auto(r2, &(0x7f0000000200)='/proc/self/net/ip6_tables_targets\x00', 0x34b, 0x10000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80480, 0x0) ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0) ioctl$auto_PPPIOCSMAXCID(r3, 0x40047451, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(r2, 0xffffffffffffffff, 0xffffffff) lstat$auto(&(0x7f0000002200)='./file0\x00', &(0x7f0000002240)={0x6, 0x6, 0x8, 0x8, 0x0, r1, 0x0, 0x9, 0x4, 0x3, 0x3, 0x3, 0x80, 0xa, 0x9, 0x7, 0xffff}) keyctl$auto(0x1, 0xee01, 0x0, r1, 0x1b) write$auto(0xffffffffffffffff, 0x0, 0x2b6) select$auto(0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffc) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), r2) write$auto(0x3, 0x0, 0xfffffdef) shutdown$auto(0x200000003, 0x2) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 2.910122835s ago: executing program 1 (id=856): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mac80211_hwsim/hwsim1/net/wlan1/mtu\x00', 0x10b042, 0x0) sendfile$auto(r0, r0, 0x0, 0xfffffffffffffffc) r1 = ioctl$auto_TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000040)=0xc2) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f00000000c0), r1) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) syslog$auto(0x0, &(0x7f0000000080)='..\x00k\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\x00\x80\x00\x00\x00\x00\x00\x00j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x011\x87l\xb9\x1e\x05\x90\xa2', 0x9) mmap$auto(0xfffffffffffffff8, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r2, 0x0, 0x400018) ioctl$auto(0x3, 0x4020565a, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2d, 0x2, 0x0) openat$auto_hwflags_ops_debugfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/ieee80211/phy17/hwflags\x00', 0x1ad881, 0x0) read$auto(0x3, 0x0, 0x80) socket(0x28, 0x5, 0x5) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) ioprio_set$auto(0x2, 0x800000000, 0x8) getdents$auto(0xffffffffffffffff, 0x0, 0xa2b0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x2, 0x7, 0xd, 0x2, 0x2, 0x3, 0x15f4da0a, 0x1, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) 2.582447392s ago: executing program 2 (id=857): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) r0 = mq_open$auto(&(0x7f0000000100)='\\*)A\x00O\xed-/uK\xd1\xfd\x1d.\x8f\x01\xa8~\x97\x93\x81B=DO\xb7C\xf5AbSv\xb8\xd7(\xc4\x87\x86}\xb5\xe2\\\x10\x1ckd\x02\xe87G\xc0\x19qpn2TgML<^EwPyg~\x9e\xa8T\"\xc0\xb1w\x92\x8ch4v\xd3\x06D\xb8a\xf2\x87\xde\xc8G\x03\xa6\xf1\xe5\x84\b#/\x13\xe6F\x06r\xe5wo', 0x7e, 0xf77, 0x0) ppoll$auto(&(0x7f0000000000)={r0, 0x8, 0x9}, 0x9, 0x0, 0x0, 0x8) 2.522261744s ago: executing program 0 (id=858): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f0000000580)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x20040104}, 0x20040041) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000540)='/sys/devices/platform/vhci_hcd.11/usb32/descriptors\x00', 0x88a82, 0x0) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000002100), 0x40444, 0x0) r2 = prctl$auto(0x59616d61, 0xdaffffffffffffff, 0x1, 0x4, 0xfffffffffffffffb) ioctl$auto_SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000000)={0x8, r1, 0x9, "9a7b9f1808c711c1f51962a9bcc018cf"}) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000280), 0xffffffffffffffff) r5 = socket(0x15, 0x5, 0x0) r6 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r6, 0x0, 0x4) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd11/queue/iostats_passthrough\x00', 0x2a001, 0x0) write$auto(r7, &(0x7f0000000040)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) setsockopt$auto(r5, 0x114, 0x2, 0xffffffffffffffff, 0x20) sendmsg$auto_BATADV_CMD_GET_HARDIF(r3, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x38, r4, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x5d}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3}, @BATADV_ATTR_HARD_ADDRESS={0xa, 0x8, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x100}]}, 0x38}, 0x1, 0x0, 0x0, 0x8010}, 0x4044c10) ioctl$auto_IOCTL_VMCI_DATAGRAM_RECEIVE(r1, 0x7ac, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000140)=""/235, 0xeb) r8 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x2, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000000, 0x13, r8, 0x1000) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), r2) sendmsg$auto_NBD_CMD_STATUS(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01002bbd7000fedbdf2505000000"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40) bpf$auto(0x1c, &(0x7f0000000040)=@link_update={r0, @new_prog_fd, 0x2c}, 0x92) r11 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/hid_cougar/parameters/g6_is_space\x00', 0x129102, 0x0) write$auto(r11, &(0x7f0000000000)='y\x8c', 0x2) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000440)=""/25, 0x19) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209d, 0x5, 0x4, 0xd, 0x250, 0x100000000, 0x2c2, 0x800002017d, 0x2, 0x40, 0xd, 0xd59, 0xfb, 0xff, 0x1d, 0x2]}, 0x0, 0x0) connect$auto(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0xdf) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getpid() 2.335153438s ago: executing program 2 (id=859): r0 = open(&(0x7f0000000140)='./file0\x00', 0x161342, 0x100) write$auto(r0, &(0x7f0000000000)='}\x00', 0x5) unshare$auto(0x40000080) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000004d40), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_DEL_RXSC(r2, &(0x7f0000007500)={0x0, 0x0, &(0x7f00000074c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fedbdf25020000000c000280080001000400000008000100", @ANYRES32=0x0, @ANYBLOB="c8380e939b0c1fb7757e60e91167cda67351c0c395dd9dd49db963e84ad2f02b1ca7313aed16686b7d4ccdbdf442db0b95a4c59ef7a2349c034c4ee2455c7608b3e4b077b0981cd8a4547fb0f0fb5a4db0a79b82198acf94a7412f52fcbce0ac2e6cea5d17dc91e16ebaf739b90bfaa2f626e0b042c3e07f8f21349f59977fd61341a0169e2c363ba65fbc81ed67a3549055"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x80) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000800)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="050725bd7000fbdbdf251c0000009ef0431d0ab45167ede823d6ae9f43ae3c9a937a9a165493b9b00e345b3b1097aa9ae03d7c86e16408baed3f60549413d71e6ff72c631b3fc588f6992a65dd20065307dbf09a99c06c15eb23f5763248f5137edf2733ea277372506319e24231a5df992ef4c8bc0193dd3449e120e73238268060f3e6964f16100741259f05585378632d960b6e6a6a0e6ff95a080382b3f7a6955ee7bea0af4db4fc82f98f90a1fb12679b19f5652a05c294d5fdefbc0f9d0debcdcadae22ff12840049df1a5bcbe8aa58b8e589f23200580fcc6b32469a9c55f4ab93cdcfebc9dee31bfea87e3c02f8de5fe9f07d348b48151b43a2a3a29f7"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) r5 = socket(0x23, 0x2, 0x0) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r5, &(0x7f0000000100)={&(0x7f0000000000)={0x23, 0x0, 0x0, 0x1080020}, 0x1a, &(0x7f00000000c0)={&(0x7f0000000340)={0x28, 0x0, 0x20, 0x70bd29, 0x25dfdbfd}, 0x28}, 0x1, 0x0, 0x0, 0x4048800}, 0x40) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x2081, 0x0) ioctl$auto_USB_RAW_IOCTL_EP_WRITE(r7, 0x40085507, &(0x7f0000000080)={0x1, 0x0, 0x9}) semctl$auto_GETVAL(0x0, 0x1, 0xc, 0x10000) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r6, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f0000000180)={0x520, 0x0, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x508, 0x1, 0x0, 0x1, [@nested={0x503, 0x2f, 0x0, 0x1, [@typed={0x80, 0x122, 0x0, 0x0, @binary="3ee6e53c4c07ea5d20478f32b73dab93bda17a38691d14cc7389d7c01028c43754a4fb5f8a12d6b77f0cde3683abeb97f5bc35d14655c93dec83474ae0e23bc53f9ad75829e2b91ff11ac72fef15a647d6cccb3152fc263d3ebc8588a7c6dfef87cbec3a9363e1a83299887f7475c25579dcaa6f4489de497816a6b3"}, @generic="2b4d02edce816134154a0f50376a72eb39", @nested={0x4, 0xf7}, @generic="2bb6aff7fd45", @nested={0x464, 0x126, 0x0, 0x1, [@typed={0x8, 0x123, 0x0, 0x0, @pid}, @nested={0x186, 0x13, 0x0, 0x1, [@typed={0x8, 0x33, 0x0, 0x0, @ipv4=@multicast1}, @nested={0xf3, 0x35, 0x0, 0x1, [@generic="251833cbb52fb6e9a8a6c734d4b32e43485e1a777ff5d38ae7d38b165bdd0ada0d5fc84472c2824af615a5b9c9d4aef4847e6cd61f302c4c84d37c389d4aee42df3fde39d2471c974947269cd1e3e1fffd060286f1ef42c152732bc0e76652410a1b3faef2f661b3a01f96e963498e7e1680995aee71840cb8d56a573fccee540455ff19054a0bdc0e49fdb498bd369ace53d516de6b953bc1400b740fdbfd09863a8396786acc83b46f8af0a99ceedc581d0507f2ddfbfc3128e82296efda855e3c5c83606a8f8988ff87fc7d7366e2a4fa16d2fe496f8132cc740e20bd90d5de040e0989894a3b4ef44c9f4eb834"]}, @typed={0x8, 0x96, 0x0, 0x0, @fd=r6}, @nested={0x4, 0xe6}, @typed={0x8, 0x136, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @nested={0x4, 0xc}, @generic="0f9d32d5079945ea8a0cbbfc8e5b5525d7e700d590fa4fb163be94295eb78970aa03c852df55ae144d3878d262da8fe7b20303dd048578017a985e4b453fd5238d53f95e41baf72169f537cb8afadd1818d300546a8674b85db33b6cb8e32f0d1a914f4b19ae0331beba", @nested={0x4, 0x2e}]}, @generic="34ffd86410324c53d21c1e5e71647d80bcc4a7d8049c8b174ab4269dcbd30585966befea69c7694d5c07d4029f4ede2ad39ce9cbb64e4f5fc72c5be01b4bf8c64da0bc6ff9f6f22b2cd76c796348536cef4e98d87d9d79b8bf4c56fa711ed70705bfe691e6b5e21c6962732f", @typed={0xc, 0x7b, 0x0, 0x0, @u64=0x7}, @typed={0x8, 0xdf, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x2e}}, @nested={0x235, 0x8e, 0x0, 0x1, [@nested={0x4, 0x147}, @generic="4d7a5e32cc45408bd5c81d2c877681e21a9dfee200a4a7cba16e66f2ffccdd7dc44ae705c22a4d912fab92f2314e8b9199ca8666e3ce403f77188ff3ba9fed574ab237a74deae64d9dbf27537bef028ef7f58b82e643218a629f01f1806702d50ca53b7e5e50b7e67ee3bc3f2af134a62c499984b62b6eaa11d937dacf907386a66b28b97f93ecddd71e1ee554758098eed0292d43dfd7a75e594efe06fe36811614e021cb270040258043db6aa750f3a496fbdb17be6dbf4ac357482347fecfef7fa1db9db7522106531defa62eac69d0b207f1a090782ff9d7cb3206129120a0073afeb8aac2be947709d25d4dfe", @generic="bd6fb101464d18c26d462f7cc40384c8faefc4c11fd20df3bdecba20b6e0f9dff72c2e1c07912a62bdb2fc5add76ba15b437119b304ea69c543fba932fdaa8fd33929d2101975ad38b510edf06007ca73a", @typed={0x8, 0x25, 0x0, 0x0, @fd=r6}, @typed={0x4, 0x50}, @generic="f87b9416806f64201a21270c0a3ff7b336f58a7b0b9018d9560bfbec945affd5dac9331511c6a463d7751882550b5a973531d670d3b1fabd9be47f231020225ee5c38bbc151f79175b29ad35f552640060228b90ef7e72a5eb3b7cfe4e604e302772050613d65a1983c85d091fbfd199cd7ac46da186efa6a0664282478ee3a362fc98609d7df18cfd5580a36e94eaaff631d7edc5e37b304de9cc2fa44fa1e7c01884a61f368712fb1ccebda65ea228e863f2ce24305412cee7907118a7134d26f019072232c5778fa5ae86c2ffefe2d0fa0cc82a3e32a2fbdd8841b26f3a0f2c"]}, @typed={0xc, 0xec, 0x0, 0x0, @u64}, @nested={0x9, 0x56, 0x0, 0x1, [@generic="382fc93a8d"]}]}]}]}]}, 0x520}, 0x1, 0x0, 0x0, 0x40c4}, 0xc000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_UI_SET_EVBIT(r0, 0x40045564, &(0x7f00000000c0)=0x3) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0xd5, 0x8, 0x4) madvise$auto(0x0, 0x2003f0, 0x15) ioperm$auto(0x7, 0x86, 0x9) r8 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/current_tracer\x00', 0x40000, 0x0) dup2$auto(r8, r8) madvise$auto(0x0, 0x200007, 0x19) lseek$auto(0x3, 0x2, 0x4) 2.321676575s ago: executing program 0 (id=860): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x108000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/loop15/integrity/format\x00', 0x0, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x80801, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000001740)='/dev/snd/controlC0\x00', 0x2100, 0x0) socket(0x2, 0x2, 0x0) r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) read$auto(r1, 0x0, 0x102) r2 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$auto(r2, 0x40246f4c, 0x38) sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x14, 0x0, 0x4, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0xfdf3) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r3, 0x4c0a, 0x0) 2.007348403s ago: executing program 1 (id=861): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/controlC2\x00', 0x400, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(0x0, r1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="810b25bd7080fbdbdf250100"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r1, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x7, 0x0, 0x6, 0x6}, 0x4}, 0x10a, 0x6, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x201, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f000000c380)={0x63, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xc03, 0x10001, 0x2c, 0x3, 0xfffffffffffffffe}) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, 0x0, 0x1, 0x0) r4 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x101000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, r0, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/irq/14/smp_affinity\x00', 0x40001, 0x0) listen$auto(r4, 0x5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/misc/userfaultfd/power/control\x00', 0x2e8280, 0x0) socket(0x27, 0x8, 0x106) socket(0x2, 0x1, 0x0) 1.263182563s ago: executing program 3 (id=862): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001840), r0) sendmsg$auto_MACSEC_CMD_UPD_TXSA(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000018c0)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@MACSEC_ATTR_SA_CONFIG={0x4}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x200480c7}, 0x80) 1.129804177s ago: executing program 2 (id=863): mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='\t\x00\x00\x00', @ANYBLOB="1e00df45"], 0x1ac}, 0x1, 0x0, 0x0, 0x5}, 0x40000d0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0x0) 949.01405ms ago: executing program 2 (id=864): r0 = socket(0xa, 0x3, 0x80) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4004af07, r1) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x8002, 0x0) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000140), r0) sendmsg$auto_NL802154_CMD_NEW_SEC_DEVKEY(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0x34, r4, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x10}, @NL802154_ATTR_BEACON_INTERVAL={0x5, 0x26, 0x8}, @NL802154_ATTR_SCAN_TYPE={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) ioctl$auto_SNDCTL_TMR_TIMEBASE(r3, 0xc0045401, &(0x7f00000000c0)="58f9fb") recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000020) r5 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r5, 0x1, 0x0) set_mempolicy$auto(0x3, &(0x7f0000000040)=0x9, 0xc72) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r6, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) 232.735671ms ago: executing program 1 (id=865): select$auto(0x9, &(0x7f0000000040)={[0x0, 0x1, 0x7, 0x8b8, 0x401, 0x8000000000000001, 0x8, 0x9, 0x4, 0x7, 0x1, 0x2, 0x81, 0x6, 0xc6c1, 0x4]}, &(0x7f00000000c0)={[0xc, 0x3, 0xfffffffffffffffe, 0x1, 0x7, 0xc5, 0x7fff, 0x3, 0x8, 0x5, 0x2, 0xe, 0x0, 0x6, 0x5, 0x3]}, &(0x7f0000000140)={[0x1, 0x65f83e80, 0x9, 0x2, 0xfffffffffffffe00, 0x24a3, 0x1ff, 0x0, 0x2, 0x2, 0x3, 0x40, 0x1, 0x9, 0x6, 0x5]}, &(0x7f00000001c0)={0x7, 0x3}) r0 = socket$nl_generic(0x10, 0x3, 0x10) nanosleep$auto(0x0, 0x0) openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0x141282, 0x0) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), r0) sendmsg$auto_NL80211_CMD_SET_SAR_SPECS(r0, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r1, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_EMA_RNR_ELEMS={0x18, 0x145, 0x0, 0x1, [@typed={0x14, 0x135, 0x0, 0x0, @ipv6=@empty}]}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x7}, @NL80211_ATTR_PMK={0x11, 0xfe, "7f2cf31689d3bf751e6a170b90"}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40800) r2 = socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x59, &(0x7f0000000240)={0x7, 0xd, 0x3000, 0x6, 0x7, 0xa, 0xffffffffffffffff, [], {0x6, 0x5, 0x8c48, 0x29b, 0x8, 0x7f, 0x5, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x7fffffff, 0x2, 0x1a7b870a, 0x76c5, 0xb, 0x100000000}}) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x55) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000180), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$auto(r4, 0x540a, r4) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r6 = setfsuid$auto(0xee00) r7 = setfsuid$auto(0xee01) setresuid$auto(r6, r7, r6) ioctl$auto_MTDFILEMODE(r3, 0x4d13, 0x0) ioctl$auto_IOC_PR_RESERVE(r5, 0x401070c9, 0x0) setresuid$auto(0x2, 0x7, 0x8080) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'vlan0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_RINGS_GET(r8, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000140)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010039bd0f0000000c00018008000100", @ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0x8004805}, 0x20004804) mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x100000000000031, 0x0) fsopen$auto(0x0, 0x1) socket$nl_generic(0x10, 0x3, 0x10) 110.726995ms ago: executing program 1 (id=866): r0 = open(&(0x7f0000000140)='./file0\x00', 0x161342, 0x100) write$auto(r0, &(0x7f0000000000)='}\x00', 0x5) unshare$auto(0x40000080) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000004d40), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_DEL_RXSC(r2, &(0x7f0000007500)={0x0, 0x0, &(0x7f00000074c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fedbdf25020000000c000280080001000400000008000100", @ANYRES32=0x0, @ANYBLOB="c8380e939b0c1fb7757e60e91167cda67351c0c395dd9dd49db963e84ad2f02b1ca7313aed16686b7d4ccdbdf442db0b95a4c59ef7a2349c034c4ee2455c7608b3e4b077b0981cd8a4547fb0f0fb5a4db0a79b82198acf94a7412f52fcbce0ac2e6cea5d17dc91e16ebaf739b90bfaa2f626e0b042c3e07f8f21349f59977fd61341a0169e2c363ba65fbc81ed67a3549055"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x80) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000800)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="050725bd7000fbdbdf251c0000009ef0431d0ab45167ede823d6ae9f43ae3c9a937a9a165493b9b00e345b3b1097aa9ae03d7c86e16408baed3f60549413d71e6ff72c631b3fc588f6992a65dd20065307dbf09a99c06c15eb23f5763248f5137edf2733ea277372506319e24231a5df992ef4c8bc0193dd3449e120e73238268060f3e6964f16100741259f05585378632d960b6e6a6a0e6ff95a080382b3f7a6955ee7bea0af4db4fc82f98f90a1fb12679b19f5652a05c294d5fdefbc0f9d0debcdcadae22ff12840049df1a5bcbe8aa58b8e589f23200580fcc6b32469a9c55f4ab93cdcfebc9dee31bfea87e3c02f8de5fe9f07d348b48151b43a2a3a29f7"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x23, 0x0, 0x0, 0x1080020}, 0x1a, &(0x7f00000000c0)={&(0x7f0000000340)={0x28, 0x0, 0x20, 0x70bd29, 0x25dfdbfd}, 0x28}, 0x1, 0x0, 0x0, 0x4048800}, 0x40) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) r7 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x2081, 0x0) ioctl$auto_USB_RAW_IOCTL_EP_WRITE(r7, 0x40085507, &(0x7f0000000080)={0x1, 0x0, 0x9}) semctl$auto_GETVAL(0x0, 0x1, 0xc, 0x10000) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r5, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f0000000180)={0x520, r6, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x508, 0x1, 0x0, 0x1, [@nested={0x503, 0x2f, 0x0, 0x1, [@typed={0x80, 0x122, 0x0, 0x0, @binary="3ee6e53c4c07ea5d20478f32b73dab93bda17a38691d14cc7389d7c01028c43754a4fb5f8a12d6b77f0cde3683abeb97f5bc35d14655c93dec83474ae0e23bc53f9ad75829e2b91ff11ac72fef15a647d6cccb3152fc263d3ebc8588a7c6dfef87cbec3a9363e1a83299887f7475c25579dcaa6f4489de497816a6b3"}, @generic="2b4d02edce816134154a0f50376a72eb39", @nested={0x4, 0xf7}, @generic="2bb6aff7fd45", @nested={0x464, 0x126, 0x0, 0x1, [@typed={0x8, 0x123, 0x0, 0x0, @pid}, @nested={0x186, 0x13, 0x0, 0x1, [@typed={0x8, 0x33, 0x0, 0x0, @ipv4=@multicast1}, @nested={0xf3, 0x35, 0x0, 0x1, [@generic="251833cbb52fb6e9a8a6c734d4b32e43485e1a777ff5d38ae7d38b165bdd0ada0d5fc84472c2824af615a5b9c9d4aef4847e6cd61f302c4c84d37c389d4aee42df3fde39d2471c974947269cd1e3e1fffd060286f1ef42c152732bc0e76652410a1b3faef2f661b3a01f96e963498e7e1680995aee71840cb8d56a573fccee540455ff19054a0bdc0e49fdb498bd369ace53d516de6b953bc1400b740fdbfd09863a8396786acc83b46f8af0a99ceedc581d0507f2ddfbfc3128e82296efda855e3c5c83606a8f8988ff87fc7d7366e2a4fa16d2fe496f8132cc740e20bd90d5de040e0989894a3b4ef44c9f4eb834"]}, @typed={0x8, 0x96, 0x0, 0x0, @fd=r5}, @nested={0x4, 0xe6}, @typed={0x8, 0x136, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @nested={0x4, 0xc}, @generic="0f9d32d5079945ea8a0cbbfc8e5b5525d7e700d590fa4fb163be94295eb78970aa03c852df55ae144d3878d262da8fe7b20303dd048578017a985e4b453fd5238d53f95e41baf72169f537cb8afadd1818d300546a8674b85db33b6cb8e32f0d1a914f4b19ae0331beba", @nested={0x4, 0x2e}]}, @generic="34ffd86410324c53d21c1e5e71647d80bcc4a7d8049c8b174ab4269dcbd30585966befea69c7694d5c07d4029f4ede2ad39ce9cbb64e4f5fc72c5be01b4bf8c64da0bc6ff9f6f22b2cd76c796348536cef4e98d87d9d79b8bf4c56fa711ed70705bfe691e6b5e21c6962732f", @typed={0xc, 0x7b, 0x0, 0x0, @u64=0x7}, @typed={0x8, 0xdf, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x2e}}, @nested={0x235, 0x8e, 0x0, 0x1, [@nested={0x4, 0x147}, @generic="4d7a5e32cc45408bd5c81d2c877681e21a9dfee200a4a7cba16e66f2ffccdd7dc44ae705c22a4d912fab92f2314e8b9199ca8666e3ce403f77188ff3ba9fed574ab237a74deae64d9dbf27537bef028ef7f58b82e643218a629f01f1806702d50ca53b7e5e50b7e67ee3bc3f2af134a62c499984b62b6eaa11d937dacf907386a66b28b97f93ecddd71e1ee554758098eed0292d43dfd7a75e594efe06fe36811614e021cb270040258043db6aa750f3a496fbdb17be6dbf4ac357482347fecfef7fa1db9db7522106531defa62eac69d0b207f1a090782ff9d7cb3206129120a0073afeb8aac2be947709d25d4dfe", @generic="bd6fb101464d18c26d462f7cc40384c8faefc4c11fd20df3bdecba20b6e0f9dff72c2e1c07912a62bdb2fc5add76ba15b437119b304ea69c543fba932fdaa8fd33929d2101975ad38b510edf06007ca73a", @typed={0x8, 0x25, 0x0, 0x0, @fd=r5}, @typed={0x4, 0x50}, @generic="f87b9416806f64201a21270c0a3ff7b336f58a7b0b9018d9560bfbec945affd5dac9331511c6a463d7751882550b5a973531d670d3b1fabd9be47f231020225ee5c38bbc151f79175b29ad35f552640060228b90ef7e72a5eb3b7cfe4e604e302772050613d65a1983c85d091fbfd199cd7ac46da186efa6a0664282478ee3a362fc98609d7df18cfd5580a36e94eaaff631d7edc5e37b304de9cc2fa44fa1e7c01884a61f368712fb1ccebda65ea228e863f2ce24305412cee7907118a7134d26f019072232c5778fa5ae86c2ffefe2d0fa0cc82a3e32a2fbdd8841b26f3a0f2c"]}, @typed={0xc, 0xec, 0x0, 0x0, @u64}, @nested={0x9, 0x56, 0x0, 0x1, [@generic="382fc93a8d"]}]}]}]}]}, 0x520}, 0x1, 0x0, 0x0, 0x40c4}, 0xc000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_UI_SET_EVBIT(r0, 0x40045564, &(0x7f00000000c0)=0x3) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0xd5, 0x8, 0x4) madvise$auto(0x0, 0x2003f0, 0x15) ioperm$auto(0x7, 0x86, 0x9) r8 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/current_tracer\x00', 0x40000, 0x0) dup2$auto(r8, r8) madvise$auto(0x0, 0x200007, 0x19) lseek$auto(0x3, 0x2, 0x4) 110.105225ms ago: executing program 3 (id=867): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x40242, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) r3 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r3, &(0x7f0000000180)={{&(0x7f00000001c0)="dd2fe40a0900", 0x5ac, &(0x7f0000000100)={&(0x7f0000000340), 0x21}, 0x5, &(0x7f0000000180), 0x5, 0xe}, 0x5}, 0x2, 0x100) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f00000000c0)={0x0, 0x10}, 0x3) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000001940), 0x80643, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, 0x0, 0x100000a3d9) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$auto(0x3, 0x0, 0x17) 0s ago: executing program 2 (id=868): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptyq5\x00', 0xa40, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) fcntl$auto(r1, 0x400, 0x1) lsetxattr$auto(&(0x7f0000000080)='./file0\x00', &(0x7f00000030c0)='-\x00', &(0x7f0000003100), 0x4, 0xff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x5, 0x7, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8) r2 = socket(0xa, 0x5, 0x0) getsockopt$auto(r2, 0x84, 0x13, 0x0, 0x0) mmap$auto(0x0, 0x810004, 0x2, 0x8000000008011, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r0, 0x28000) close_range$auto(0x0, 0x5, 0x0) fanotify_init$auto(0x5, 0x2000000000002) inotify_init1$auto(0xbc) socket(0x15, 0x5, 0x0) r3 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) getsockopt$auto(r3, 0x0, 0xcf, 0x0, 0x0) socket(0x21, 0x3, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) futex_waitv$auto(&(0x7f0000000180)={0x7fffffffffffffff, 0x23d4, 0xbc}, 0xb, 0x3, &(0x7f00000001c0)={0x9, 0x5}, 0x8) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xdffef7fc, 0x0, 0x0, 0x0, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) kernel console output (not intermixed with test programs): 4][ T7915] ? iovec_from_user+0xbb/0x140 [ 222.755433][ T7915] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 222.755448][ T7915] ? inet6_sendmsg+0x105/0x140 [ 222.755461][ T7915] inet6_sendmsg+0x105/0x140 [ 222.755475][ T7915] ____sys_sendmsg+0x705/0xc70 [ 222.755491][ T7915] ? copy_msghdr_from_user+0x10a/0x160 [ 222.755511][ T7915] ? __pfx_____sys_sendmsg+0x10/0x10 [ 222.755529][ T7915] ? kfree+0x24f/0x4d0 [ 222.755542][ T7915] ? futex_unqueue+0x133/0x2c0 [ 222.755563][ T7915] ___sys_sendmsg+0x134/0x1d0 [ 222.755584][ T7915] ? __pfx____sys_sendmsg+0x10/0x10 [ 222.755620][ T7915] ? __pfx___might_resched+0x10/0x10 [ 222.755638][ T7915] __sys_sendmmsg+0x200/0x420 [ 222.755672][ T7915] ? __pfx___sys_sendmmsg+0x10/0x10 [ 222.755699][ T7915] ? __pfx_do_futex+0x10/0x10 [ 222.755725][ T7915] ? fput+0x9b/0xd0 [ 222.755745][ T7915] ? xfd_validate_state+0x61/0x180 [ 222.755764][ T7915] ? __pfx_ksys_write+0x10/0x10 [ 222.755783][ T7915] __x64_sys_sendmmsg+0x9c/0x100 [ 222.755803][ T7915] ? lockdep_hardirqs_on+0x7c/0x110 [ 222.755823][ T7915] do_syscall_64+0xcd/0x4c0 [ 222.755838][ T7915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.755852][ T7915] RIP: 0033:0x7f067b38eec9 [ 222.755866][ T7915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.755879][ T7915] RSP: 002b:00007f067c1b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 222.755896][ T7915] RAX: ffffffffffffffda RBX: 00007f067b5e6090 RCX: 00007f067b38eec9 [ 222.755907][ T7915] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 222.755915][ T7915] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 222.755923][ T7915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 222.755931][ T7915] R13: 00007f067b5e6128 R14: 00007f067b5e6090 R15: 00007fff1ebdf8c8 [ 222.755950][ T7915] [ 223.391224][ T7917] netlink: 'syz.2.441': attribute type 1 has an invalid length. [ 223.564719][ T7924] ima: policy update failed [ 223.572512][ T30] audit: type=1802 audit(4294967371.620:2): pid=7924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.442" res=0 errno=0 [ 223.623919][ T7920] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 223.889564][ T7931] syz.2.445(7931): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 224.478858][ T7946] netlink: 'syz.1.447': attribute type 1 has an invalid length. [ 224.541383][ T7946] net_ratelimit: 308 callbacks suppressed [ 224.541407][ T7946] netlink: zone id is out of range [ 224.554374][ T7946] netlink: zone id is out of range [ 224.671291][ T7946] netlink: zone id is out of range [ 224.696832][ T7946] netlink: zone id is out of range [ 224.717111][ T7946] netlink: zone id is out of range [ 224.737399][ T7946] netlink: zone id is out of range [ 224.743041][ T7946] netlink: zone id is out of range [ 224.748594][ T7946] netlink: zone id is out of range [ 224.768265][ T7946] netlink: zone id is out of range [ 224.781333][ T7946] netlink: zone id is out of range [ 226.158314][ T7966] netlink: 4 bytes leftover after parsing attributes in process `syz.3.451'. [ 228.185831][ T51] Bluetooth: hci0: unexpected subevent 0x12 length: 123 > 5 [ 228.593306][ T8015] netlink: 'syz.1.464': attribute type 1 has an invalid length. [ 228.696422][ T8012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 229.472389][ T8022] netlink: 'syz.0.467': attribute type 1 has an invalid length. [ 229.713704][ T8022] net_ratelimit: 202 callbacks suppressed [ 229.713724][ T8022] netlink: zone id is out of range [ 229.728483][ T8022] netlink: zone id is out of range [ 229.733690][ T8022] netlink: zone id is out of range [ 229.749006][ T8022] netlink: zone id is out of range [ 229.822813][ T8022] netlink: zone id is out of range [ 229.944770][ T8022] netlink: zone id is out of range [ 229.979787][ T8022] netlink: zone id is out of range [ 230.119116][ T8022] netlink: zone id is out of range [ 230.125364][ T8022] netlink: zone id is out of range [ 230.130922][ T8022] netlink: zone id is out of range [ 230.624932][ T8034] netlink: 4 bytes leftover after parsing attributes in process `syz.1.478'. [ 231.093129][ T8048] netlink: 28 bytes leftover after parsing attributes in process `syz.2.471'. [ 231.182497][ T51] Bluetooth: hci3: unexpected subevent 0x12 length: 123 > 5 [ 231.670274][ T30] audit: type=1326 audit(4294967379.510:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8051 comm="syz.1.473" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbaeb78eec9 code=0x0 [ 232.055271][ T8066] FAULT_INJECTION: forcing a failure. [ 232.055271][ T8066] name failslab, interval 1, probability 0, space 0, times 0 [ 232.090757][ T8066] CPU: 0 UID: 0 PID: 8066 Comm: syz.0.476 Not tainted syzkaller #0 PREEMPT(full) [ 232.090798][ T8066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 232.090815][ T8066] Call Trace: [ 232.090824][ T8066] [ 232.090834][ T8066] dump_stack_lvl+0x16c/0x1f0 [ 232.090879][ T8066] should_fail_ex+0x512/0x640 [ 232.090916][ T8066] ? fs_reclaim_acquire+0xae/0x150 [ 232.090957][ T8066] ? tomoyo_open_control+0x51f/0xa30 [ 232.090981][ T8066] should_failslab+0xc2/0x120 [ 232.091014][ T8066] __kmalloc_noprof+0xd2/0x510 [ 232.091054][ T8066] tomoyo_open_control+0x51f/0xa30 [ 232.091084][ T8066] do_dentry_open+0x982/0x1530 [ 232.091116][ T8066] ? __pfx_tomoyo_open+0x10/0x10 [ 232.091160][ T8066] vfs_open+0x82/0x3f0 [ 232.091201][ T8066] path_openat+0x1de4/0x2cb0 [ 232.091245][ T8066] ? __pfx_path_openat+0x10/0x10 [ 232.091285][ T8066] do_filp_open+0x20b/0x470 [ 232.091317][ T8066] ? __pfx_do_filp_open+0x10/0x10 [ 232.091376][ T8066] ? alloc_fd+0x471/0x7d0 [ 232.091415][ T8066] do_sys_openat2+0x11b/0x1d0 [ 232.091453][ T8066] ? __pfx_do_sys_openat2+0x10/0x10 [ 232.091507][ T8066] __x64_sys_openat+0x174/0x210 [ 232.091532][ T8066] ? __pfx___x64_sys_openat+0x10/0x10 [ 232.091572][ T8066] do_syscall_64+0xcd/0x4c0 [ 232.091598][ T8066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.091624][ T8066] RIP: 0033:0x7f067b38eec9 [ 232.091645][ T8066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.091671][ T8066] RSP: 002b:00007f067c1d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 232.091696][ T8066] RAX: ffffffffffffffda RBX: 00007f067b5e5fa0 RCX: 00007f067b38eec9 [ 232.091711][ T8066] RDX: 00000000001c5a02 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 232.091726][ T8066] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 232.091740][ T8066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 232.091761][ T8066] R13: 00007f067b5e6038 R14: 00007f067b5e5fa0 R15: 00007fff1ebdf8c8 [ 232.091793][ T8066] [ 232.300049][ C0] vkms_vblank_simulate: vblank timer overrun [ 233.048710][ T8080] netlink: 4 bytes leftover after parsing attributes in process `syz.3.480'. [ 233.121314][ T8080] netlink: 25 bytes leftover after parsing attributes in process `syz.3.480'. [ 233.214655][ T8080] sctp: [Deprecated]: syz.3.480 (pid 8080) Use of struct sctp_assoc_value in delayed_ack socket option. [ 233.214655][ T8080] Use struct sctp_sack_info instead [ 234.506594][ T8102] FAULT_INJECTION: forcing a failure. [ 234.506594][ T8102] name failslab, interval 1, probability 0, space 0, times 0 [ 234.611545][ T8102] CPU: 1 UID: 0 PID: 8102 Comm: syz.0.482 Not tainted syzkaller #0 PREEMPT(full) [ 234.611584][ T8102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 234.611600][ T8102] Call Trace: [ 234.611610][ T8102] [ 234.611620][ T8102] dump_stack_lvl+0x16c/0x1f0 [ 234.611665][ T8102] should_fail_ex+0x512/0x640 [ 234.611702][ T8102] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 234.611737][ T8102] should_failslab+0xc2/0x120 [ 234.611773][ T8102] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 234.611805][ T8102] ? __alloc_skb+0x2b2/0x380 [ 234.611846][ T8102] __alloc_skb+0x2b2/0x380 [ 234.611882][ T8102] ? __pfx___alloc_skb+0x10/0x10 [ 234.611922][ T8102] ? __lock_acquire+0x62e/0x1ce0 [ 234.611964][ T8102] alloc_skb_with_frags+0xe0/0x860 [ 234.611999][ T8102] sock_alloc_send_pskb+0x7fb/0x990 [ 234.612046][ T8102] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 234.612083][ T8102] ? ip6_finish_output2+0xb30/0x2020 [ 234.612131][ T8102] __ip6_append_data+0x2a98/0x4750 [ 234.612173][ T8102] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 234.612229][ T8102] ? __pfx___ip6_append_data+0x10/0x10 [ 234.612264][ T8102] ? __pfx_ip6_mtu+0x10/0x10 [ 234.612291][ T8102] ? ip6_setup_cork+0xc51/0x1530 [ 234.612331][ T8102] ip6_make_skb+0x2c8/0x3f0 [ 234.612369][ T8102] ? ip6_dst_check+0x343/0x950 [ 234.612397][ T8102] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 234.612438][ T8102] ? __pfx_ip6_make_skb+0x10/0x10 [ 234.612483][ T8102] ? find_held_lock+0x2b/0x80 [ 234.612520][ T8102] ? sk_dst_check+0x1da/0x540 [ 234.612562][ T8102] ? udpv6_sendmsg+0x235c/0x2d20 [ 234.612586][ T8102] udpv6_sendmsg+0x235c/0x2d20 [ 234.612613][ T8102] ? aa_label_sk_perm+0x195/0x600 [ 234.612647][ T8102] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 234.612696][ T8102] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 234.612745][ T8102] ? __pfx___might_resched+0x10/0x10 [ 234.612771][ T8102] ? __lock_acquire+0xb97/0x1ce0 [ 234.612818][ T8102] ? iovec_from_user+0xbb/0x140 [ 234.612854][ T8102] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 234.612883][ T8102] ? inet6_sendmsg+0x105/0x140 [ 234.612908][ T8102] inet6_sendmsg+0x105/0x140 [ 234.612936][ T8102] ____sys_sendmsg+0x705/0xc70 [ 234.612966][ T8102] ? copy_msghdr_from_user+0x10a/0x160 [ 234.613002][ T8102] ? __pfx_____sys_sendmsg+0x10/0x10 [ 234.613036][ T8102] ? kfree+0x24f/0x4d0 [ 234.613059][ T8102] ? futex_unqueue+0x133/0x2c0 [ 234.613096][ T8102] ___sys_sendmsg+0x134/0x1d0 [ 234.613136][ T8102] ? __pfx____sys_sendmsg+0x10/0x10 [ 234.613207][ T8102] ? __pfx___might_resched+0x10/0x10 [ 234.613240][ T8102] __sys_sendmmsg+0x200/0x420 [ 234.613282][ T8102] ? __pfx___sys_sendmmsg+0x10/0x10 [ 234.613331][ T8102] ? __pfx_do_futex+0x10/0x10 [ 234.613377][ T8102] ? fput+0x9b/0xd0 [ 234.613413][ T8102] ? xfd_validate_state+0x61/0x180 [ 234.613448][ T8102] ? __pfx_ksys_write+0x10/0x10 [ 234.613490][ T8102] __x64_sys_sendmmsg+0x9c/0x100 [ 234.613528][ T8102] ? lockdep_hardirqs_on+0x7c/0x110 [ 234.613566][ T8102] do_syscall_64+0xcd/0x4c0 [ 234.613594][ T8102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.613620][ T8102] RIP: 0033:0x7f067b38eec9 [ 234.613641][ T8102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.613667][ T8102] RSP: 002b:00007f067c16f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 234.613692][ T8102] RAX: ffffffffffffffda RBX: 00007f067b5e6270 RCX: 00007f067b38eec9 [ 234.613710][ T8102] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 234.613726][ T8102] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 234.613743][ T8102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 234.613756][ T8102] R13: 00007f067b5e6308 R14: 00007f067b5e6270 R15: 00007fff1ebdf8c8 [ 234.613786][ T8102] [ 235.404489][ T51] Bluetooth: hci2: unexpected subevent 0x12 length: 123 > 5 [ 236.410668][ T8128] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 237.500463][ T8162] netlink: 'syz.2.499': attribute type 1 has an invalid length. [ 237.537968][ T8162] net_ratelimit: 96 callbacks suppressed [ 237.537983][ T8162] netlink: zone id is out of range [ 237.580883][ T8162] netlink: zone id is out of range [ 237.586060][ T8162] netlink: zone id is out of range [ 237.636476][ T8162] netlink: zone id is out of range [ 237.681354][ T8162] netlink: zone id is out of range [ 237.703988][ T8162] netlink: zone id is out of range [ 237.757422][ T8162] netlink: zone id is out of range [ 237.827474][ T8162] netlink: zone id is out of range [ 237.858733][ T8162] netlink: zone id is out of range [ 237.863894][ T8162] netlink: zone id is out of range [ 238.212505][ T8172] FAULT_INJECTION: forcing a failure. [ 238.212505][ T8172] name failslab, interval 1, probability 0, space 0, times 0 [ 238.225667][ T8172] CPU: 0 UID: 0 PID: 8172 Comm: syz.3.497 Not tainted syzkaller #0 PREEMPT(full) [ 238.225703][ T8172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 238.225718][ T8172] Call Trace: [ 238.225728][ T8172] [ 238.225738][ T8172] dump_stack_lvl+0x16c/0x1f0 [ 238.225783][ T8172] should_fail_ex+0x512/0x640 [ 238.225820][ T8172] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 238.225856][ T8172] should_failslab+0xc2/0x120 [ 238.225893][ T8172] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 238.225924][ T8172] ? alloc_empty_file+0x55/0x1e0 [ 238.225967][ T8172] alloc_empty_file+0x55/0x1e0 [ 238.226005][ T8172] path_openat+0xda/0x2cb0 [ 238.226034][ T8172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.226072][ T8172] ? __pfx_path_openat+0x10/0x10 [ 238.226111][ T8172] do_filp_open+0x20b/0x470 [ 238.226143][ T8172] ? __pfx_do_filp_open+0x10/0x10 [ 238.226199][ T8172] ? alloc_fd+0x471/0x7d0 [ 238.226238][ T8172] do_sys_openat2+0x11b/0x1d0 [ 238.226275][ T8172] ? __pfx_do_sys_openat2+0x10/0x10 [ 238.226328][ T8172] __x64_sys_openat+0x174/0x210 [ 238.226359][ T8172] ? __pfx___x64_sys_openat+0x10/0x10 [ 238.226399][ T8172] do_syscall_64+0xcd/0x4c0 [ 238.226426][ T8172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.226453][ T8172] RIP: 0033:0x7fc1c498eec9 [ 238.226475][ T8172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.226499][ T8172] RSP: 002b:00007fc1c236e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 238.226524][ T8172] RAX: ffffffffffffffda RBX: 00007fc1c4be6360 RCX: 00007fc1c498eec9 [ 238.226541][ T8172] RDX: 00000000002e8280 RSI: 0000200000000440 RDI: ffffffffffffff9c [ 238.226558][ T8172] RBP: 00007fc1c4a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 238.226574][ T8172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 238.226590][ T8172] R13: 00007fc1c4be63f8 R14: 00007fc1c4be6360 R15: 00007fff73101118 [ 238.226624][ T8172] [ 239.093749][ T8178] netlink: 4 bytes leftover after parsing attributes in process `syz.0.510'. [ 239.536173][ T8189] FAULT_INJECTION: forcing a failure. [ 239.536173][ T8189] name failslab, interval 1, probability 0, space 0, times 0 [ 239.593732][ T8189] CPU: 0 UID: 0 PID: 8189 Comm: syz.0.510 Not tainted syzkaller #0 PREEMPT(full) [ 239.593765][ T8189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 239.593779][ T8189] Call Trace: [ 239.593789][ T8189] [ 239.593801][ T8189] dump_stack_lvl+0x16c/0x1f0 [ 239.593844][ T8189] should_fail_ex+0x512/0x640 [ 239.593888][ T8189] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 239.593924][ T8189] should_failslab+0xc2/0x120 [ 239.593957][ T8189] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 239.593986][ T8189] ? __alloc_skb+0x2b2/0x380 [ 239.594027][ T8189] __alloc_skb+0x2b2/0x380 [ 239.594060][ T8189] ? __pfx___alloc_skb+0x10/0x10 [ 239.594096][ T8189] ? __lock_acquire+0x62e/0x1ce0 [ 239.594136][ T8189] alloc_skb_with_frags+0xe0/0x860 [ 239.594170][ T8189] sock_alloc_send_pskb+0x7fb/0x990 [ 239.594216][ T8189] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 239.594251][ T8189] ? ip6_finish_output2+0xb30/0x2020 [ 239.594298][ T8189] __ip6_append_data+0x2a98/0x4750 [ 239.594340][ T8189] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 239.594403][ T8189] ? __pfx___ip6_append_data+0x10/0x10 [ 239.594433][ T8189] ? __pfx_ip6_mtu+0x10/0x10 [ 239.594459][ T8189] ? ip6_setup_cork+0xc51/0x1530 [ 239.594495][ T8189] ip6_make_skb+0x2c8/0x3f0 [ 239.594531][ T8189] ? ip6_dst_check+0x343/0x950 [ 239.594558][ T8189] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 239.594599][ T8189] ? __pfx_ip6_make_skb+0x10/0x10 [ 239.594634][ T8189] ? find_held_lock+0x2b/0x80 [ 239.594668][ T8189] ? sk_dst_check+0x1da/0x540 [ 239.594710][ T8189] ? udpv6_sendmsg+0x235c/0x2d20 [ 239.594733][ T8189] udpv6_sendmsg+0x235c/0x2d20 [ 239.594756][ T8189] ? aa_label_sk_perm+0x195/0x600 [ 239.594790][ T8189] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 239.594842][ T8189] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 239.594898][ T8189] ? __pfx___might_resched+0x10/0x10 [ 239.594926][ T8189] ? __lock_acquire+0xb97/0x1ce0 [ 239.594969][ T8189] ? iovec_from_user+0xbb/0x140 [ 239.595003][ T8189] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 239.595030][ T8189] ? inet6_sendmsg+0x105/0x140 [ 239.595054][ T8189] inet6_sendmsg+0x105/0x140 [ 239.595082][ T8189] ____sys_sendmsg+0x705/0xc70 [ 239.595111][ T8189] ? copy_msghdr_from_user+0x10a/0x160 [ 239.595147][ T8189] ? __pfx_____sys_sendmsg+0x10/0x10 [ 239.595180][ T8189] ? kfree+0x24f/0x4d0 [ 239.595204][ T8189] ? futex_unqueue+0x133/0x2c0 [ 239.595240][ T8189] ___sys_sendmsg+0x134/0x1d0 [ 239.595278][ T8189] ? __pfx____sys_sendmsg+0x10/0x10 [ 239.595346][ T8189] ? __pfx___might_resched+0x10/0x10 [ 239.595379][ T8189] __sys_sendmmsg+0x200/0x420 [ 239.595420][ T8189] ? __pfx___sys_sendmmsg+0x10/0x10 [ 239.595467][ T8189] ? __pfx_do_futex+0x10/0x10 [ 239.595511][ T8189] ? fput+0x9b/0xd0 [ 239.595546][ T8189] ? xfd_validate_state+0x61/0x180 [ 239.595580][ T8189] ? __pfx_ksys_write+0x10/0x10 [ 239.595615][ T8189] __x64_sys_sendmmsg+0x9c/0x100 [ 239.595651][ T8189] ? lockdep_hardirqs_on+0x7c/0x110 [ 239.595688][ T8189] do_syscall_64+0xcd/0x4c0 [ 239.595714][ T8189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.595739][ T8189] RIP: 0033:0x7f067b38eec9 [ 239.595760][ T8189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.595785][ T8189] RSP: 002b:00007f067c190038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 239.595810][ T8189] RAX: ffffffffffffffda RBX: 00007f067b5e6180 RCX: 00007f067b38eec9 [ 239.595827][ T8189] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 239.595842][ T8189] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 239.595866][ T8189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 239.595882][ T8189] R13: 00007f067b5e6218 R14: 00007f067b5e6180 R15: 00007fff1ebdf8c8 [ 239.595916][ T8189] [ 240.133386][ T8186] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 240.630182][ T8205] netlink: 'syz.2.506': attribute type 1 has an invalid length. [ 241.557504][ T8227] process 'syz.1.513' launched ':,' with NULL argv: empty string added [ 241.634472][ T8228] FAULT_INJECTION: forcing a failure. [ 241.634472][ T8228] name failslab, interval 1, probability 0, space 0, times 0 [ 241.648390][ T8228] CPU: 1 UID: 0 PID: 8228 Comm: syz.0.511 Not tainted syzkaller #0 PREEMPT(full) [ 241.648427][ T8228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 241.648457][ T8228] Call Trace: [ 241.648466][ T8228] [ 241.648476][ T8228] dump_stack_lvl+0x16c/0x1f0 [ 241.648522][ T8228] should_fail_ex+0x512/0x640 [ 241.648561][ T8228] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 241.648596][ T8228] should_failslab+0xc2/0x120 [ 241.648628][ T8228] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 241.648657][ T8228] ? __pfx_apparmor_file_open+0x10/0x10 [ 241.648694][ T8228] ? proc_reg_open+0x23f/0x5f0 [ 241.648745][ T8228] proc_reg_open+0x23f/0x5f0 [ 241.648782][ T8228] do_dentry_open+0x982/0x1530 [ 241.648815][ T8228] ? __pfx_proc_reg_open+0x10/0x10 [ 241.648855][ T8228] vfs_open+0x82/0x3f0 [ 241.648898][ T8228] path_openat+0x1de4/0x2cb0 [ 241.648941][ T8228] ? __pfx_path_openat+0x10/0x10 [ 241.648979][ T8228] do_filp_open+0x20b/0x470 [ 241.649010][ T8228] ? __pfx_do_filp_open+0x10/0x10 [ 241.649061][ T8228] ? alloc_fd+0x471/0x7d0 [ 241.649100][ T8228] do_sys_openat2+0x11b/0x1d0 [ 241.649139][ T8228] ? __pfx_do_sys_openat2+0x10/0x10 [ 241.649175][ T8228] ? find_held_lock+0x2b/0x80 [ 241.649202][ T8228] ? handle_mm_fault+0x2ab/0xd10 [ 241.649237][ T8228] __x64_sys_openat+0x174/0x210 [ 241.649261][ T8228] ? __pfx___x64_sys_openat+0x10/0x10 [ 241.649298][ T8228] do_syscall_64+0xcd/0x4c0 [ 241.649325][ T8228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.649350][ T8228] RIP: 0033:0x7f067b38eec9 [ 241.649371][ T8228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.649396][ T8228] RSP: 002b:00007f067c14e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 241.649421][ T8228] RAX: ffffffffffffffda RBX: 00007f067b5e6360 RCX: 00007f067b38eec9 [ 241.649439][ T8228] RDX: 0000000000040001 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 241.649455][ T8228] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 241.649471][ T8228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.649487][ T8228] R13: 00007f067b5e63f8 R14: 00007f067b5e6360 R15: 00007fff1ebdf8c8 [ 241.649523][ T8228] [ 242.896494][ T8239] netlink: 4 bytes leftover after parsing attributes in process `syz.3.518'. [ 242.932027][ T8240] netlink: 4 bytes leftover after parsing attributes in process `syz.0.514'. [ 243.285486][ T8249] FAULT_INJECTION: forcing a failure. [ 243.285486][ T8249] name failslab, interval 1, probability 0, space 0, times 0 [ 243.299541][ T8249] CPU: 0 UID: 0 PID: 8249 Comm: syz.0.514 Not tainted syzkaller #0 PREEMPT(full) [ 243.299579][ T8249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 243.299595][ T8249] Call Trace: [ 243.299604][ T8249] [ 243.299614][ T8249] dump_stack_lvl+0x16c/0x1f0 [ 243.299658][ T8249] should_fail_ex+0x512/0x640 [ 243.299697][ T8249] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 243.299732][ T8249] should_failslab+0xc2/0x120 [ 243.299766][ T8249] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 243.299797][ T8249] ? __alloc_skb+0x2b2/0x380 [ 243.299855][ T8249] __alloc_skb+0x2b2/0x380 [ 243.299889][ T8249] ? __pfx___alloc_skb+0x10/0x10 [ 243.299926][ T8249] ? __lock_acquire+0x62e/0x1ce0 [ 243.299966][ T8249] alloc_skb_with_frags+0xe0/0x860 [ 243.300002][ T8249] sock_alloc_send_pskb+0x7fb/0x990 [ 243.300047][ T8249] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 243.300084][ T8249] ? ip6_finish_output2+0xb30/0x2020 [ 243.300133][ T8249] __ip6_append_data+0x2a98/0x4750 [ 243.300176][ T8249] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 243.300228][ T8249] ? __pfx___ip6_append_data+0x10/0x10 [ 243.300265][ T8249] ? __pfx_ip6_mtu+0x10/0x10 [ 243.300291][ T8249] ? ip6_setup_cork+0xc51/0x1530 [ 243.300327][ T8249] ip6_make_skb+0x2c8/0x3f0 [ 243.300359][ T8249] ? ip6_dst_check+0x343/0x950 [ 243.300385][ T8249] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 243.300428][ T8249] ? __pfx_ip6_make_skb+0x10/0x10 [ 243.300463][ T8249] ? find_held_lock+0x2b/0x80 [ 243.300498][ T8249] ? sk_dst_check+0x1da/0x540 [ 243.300541][ T8249] ? udpv6_sendmsg+0x235c/0x2d20 [ 243.300563][ T8249] udpv6_sendmsg+0x235c/0x2d20 [ 243.300589][ T8249] ? aa_label_sk_perm+0x195/0x600 [ 243.300622][ T8249] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 243.300672][ T8249] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 243.300722][ T8249] ? __pfx___might_resched+0x10/0x10 [ 243.300749][ T8249] ? __lock_acquire+0xb97/0x1ce0 [ 243.300794][ T8249] ? iovec_from_user+0xbb/0x140 [ 243.300837][ T8249] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 243.300862][ T8249] ? inet6_sendmsg+0x105/0x140 [ 243.300876][ T8249] inet6_sendmsg+0x105/0x140 [ 243.300891][ T8249] ____sys_sendmsg+0x705/0xc70 [ 243.300908][ T8249] ? copy_msghdr_from_user+0x10a/0x160 [ 243.300928][ T8249] ? __pfx_____sys_sendmsg+0x10/0x10 [ 243.300946][ T8249] ? kfree+0x24f/0x4d0 [ 243.300959][ T8249] ? futex_unqueue+0x133/0x2c0 [ 243.300978][ T8249] ___sys_sendmsg+0x134/0x1d0 [ 243.301000][ T8249] ? __pfx____sys_sendmsg+0x10/0x10 [ 243.301036][ T8249] ? __pfx___might_resched+0x10/0x10 [ 243.301054][ T8249] __sys_sendmmsg+0x200/0x420 [ 243.301076][ T8249] ? __pfx___sys_sendmmsg+0x10/0x10 [ 243.301102][ T8249] ? __pfx_do_futex+0x10/0x10 [ 243.301126][ T8249] ? fput+0x9b/0xd0 [ 243.301146][ T8249] ? xfd_validate_state+0x61/0x180 [ 243.301166][ T8249] ? __pfx_ksys_write+0x10/0x10 [ 243.301185][ T8249] __x64_sys_sendmmsg+0x9c/0x100 [ 243.301204][ T8249] ? lockdep_hardirqs_on+0x7c/0x110 [ 243.301225][ T8249] do_syscall_64+0xcd/0x4c0 [ 243.301239][ T8249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.301253][ T8249] RIP: 0033:0x7f067b38eec9 [ 243.301266][ T8249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.301279][ T8249] RSP: 002b:00007f067c16f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 243.301293][ T8249] RAX: ffffffffffffffda RBX: 00007f067b5e6270 RCX: 00007f067b38eec9 [ 243.301303][ T8249] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 243.301311][ T8249] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 243.301319][ T8249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 243.301327][ T8249] R13: 00007f067b5e6308 R14: 00007f067b5e6270 R15: 00007fff1ebdf8c8 [ 243.301345][ T8249] [ 244.386655][ T8265] netlink: 'syz.3.522': attribute type 1 has an invalid length. [ 244.584704][ T8269] cougar: G6 mapped to space [ 244.878933][ T8274] netlink: 4 bytes leftover after parsing attributes in process `syz.2.525'. [ 245.085385][ T51] Bluetooth: hci0: unexpected subevent 0x12 length: 123 > 5 [ 246.380428][ T8298] netlink: 330 bytes leftover after parsing attributes in process `syz.0.530'. [ 246.919793][ T8321] netlink: 'syz.1.536': attribute type 1 has an invalid length. [ 247.073297][ T8319] net_ratelimit: 202 callbacks suppressed [ 247.073317][ T8319] netlink: zone id is out of range [ 247.094826][ T8319] netlink: zone id is out of range [ 247.100890][ T8319] netlink: zone id is out of range [ 247.106075][ T8319] netlink: zone id is out of range [ 247.114782][ T8319] netlink: zone id is out of range [ 247.120284][ T8319] netlink: zone id is out of range [ 247.125407][ T8319] netlink: zone id is out of range [ 247.134851][ T8319] netlink: zone id is out of range [ 247.137592][ T51] Bluetooth: hci1: unexpected subevent 0x12 length: 123 > 5 [ 247.148373][ T8319] netlink: zone id is out of range [ 247.153520][ T8319] netlink: zone id is out of range [ 248.769985][ T8367] FAULT_INJECTION: forcing a failure. [ 248.769985][ T8367] name failslab, interval 1, probability 0, space 0, times 0 [ 248.838265][ T8367] CPU: 0 UID: 0 PID: 8367 Comm: syz.3.547 Not tainted syzkaller #0 PREEMPT(full) [ 248.838301][ T8367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 248.838318][ T8367] Call Trace: [ 248.838327][ T8367] [ 248.838338][ T8367] dump_stack_lvl+0x16c/0x1f0 [ 248.838383][ T8367] should_fail_ex+0x512/0x640 [ 248.838420][ T8367] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 248.838455][ T8367] should_failslab+0xc2/0x120 [ 248.838487][ T8367] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 248.838514][ T8367] ? __pfx___might_resched+0x10/0x10 [ 248.838541][ T8367] ? __anon_vma_prepare+0x344/0x5e0 [ 248.838573][ T8367] __anon_vma_prepare+0x344/0x5e0 [ 248.838599][ T8367] ? __filemap_get_folio+0x32b/0xc30 [ 248.838637][ T8367] __vmf_anon_prepare+0x11c/0x240 [ 248.838679][ T8367] hugetlb_fault+0x1ba4/0x2f40 [ 248.838715][ T8367] ? __pfx_hugetlb_fault+0x10/0x10 [ 248.838757][ T8367] ? find_vma+0xbf/0x140 [ 248.838789][ T8367] ? __pfx_find_vma+0x10/0x10 [ 248.838826][ T8367] handle_mm_fault+0xbfa/0xd10 [ 248.838855][ T8367] ? trace_raw_output_exceptions+0x131/0x150 [ 248.838908][ T8367] do_user_addr_fault+0x7a6/0x1370 [ 248.838953][ T8367] ? rcu_is_watching+0x12/0xc0 [ 248.838986][ T8367] exc_page_fault+0x5c/0xb0 [ 248.839024][ T8367] asm_exc_page_fault+0x26/0x30 [ 248.839049][ T8367] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 248.839081][ T8367] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 248.839106][ T8367] RSP: 0018:ffffc900191df950 EFLAGS: 00050246 [ 248.839128][ T8367] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000008 [ 248.839143][ T8367] RDX: fffff5200323bf43 RSI: 0000000000000000 RDI: ffffc900191dfa10 [ 248.839159][ T8367] RBP: 0000000000000008 R08: 0000000000000001 R09: fffff5200323bf42 [ 248.839174][ T8367] R10: ffffc900191dfa17 R11: 0000000000000000 R12: 0000000000000000 [ 248.839190][ T8367] R13: ffffc900191dfa10 R14: ffffffff8961a7a0 R15: ffff88807aad65c0 [ 248.839208][ T8367] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 248.839254][ T8367] _copy_from_user+0x98/0xd0 [ 248.839284][ T8367] sctp_getsockopt_local_addrs+0x106/0xcd0 [ 248.839340][ T8367] ? __pfx_sctp_getsockopt_local_addrs+0x10/0x10 [ 248.839389][ T8367] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 248.839431][ T8367] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 248.839461][ T8367] ? __local_bh_enable_ip+0xa4/0x120 [ 248.839495][ T8367] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 248.839521][ T8367] sctp_getsockopt+0x124f/0x69b0 [ 248.839556][ T8367] ? __pfx_sctp_getsockopt+0x10/0x10 [ 248.839601][ T8367] ? __lock_acquire+0xb97/0x1ce0 [ 248.839656][ T8367] ? find_held_lock+0x2b/0x80 [ 248.839680][ T8367] ? __might_fault+0xe3/0x190 [ 248.839708][ T8367] ? __might_fault+0xe3/0x190 [ 248.839735][ T8367] ? __might_fault+0x13b/0x190 [ 248.839779][ T8367] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 248.839806][ T8367] do_sock_getsockopt+0x34a/0x440 [ 248.839837][ T8367] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 248.839862][ T8367] ? __fget_files+0x204/0x3c0 [ 248.839920][ T8367] __sys_getsockopt+0x123/0x1b0 [ 248.839968][ T8367] __x64_sys_getsockopt+0xbd/0x160 [ 248.840004][ T8367] ? do_syscall_64+0x91/0x4c0 [ 248.840027][ T8367] ? lockdep_hardirqs_on+0x7c/0x110 [ 248.840063][ T8367] do_syscall_64+0xcd/0x4c0 [ 248.840089][ T8367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.840114][ T8367] RIP: 0033:0x7fc1c498eec9 [ 248.840135][ T8367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 248.840160][ T8367] RSP: 002b:00007fc1c2bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 248.840184][ T8367] RAX: ffffffffffffffda RBX: 00007fc1c4be6090 RCX: 00007fc1c498eec9 [ 248.840202][ T8367] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000002 [ 248.840217][ T8367] RBP: 00007fc1c4a11f91 R08: 0000200000000280 R09: 0000000000000000 [ 248.840234][ T8367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 248.840249][ T8367] R13: 00007fc1c4be6128 R14: 00007fc1c4be6090 R15: 00007fff73101118 [ 248.840288][ T8367] [ 248.891053][ T30] audit: type=1804 audit(4294967396.940:4): pid=8365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.548" name="file0" dev="tmpfs" ino=856 res=1 errno=0 [ 249.292823][ T8371] netlink: 4 bytes leftover after parsing attributes in process `syz.2.546'. [ 249.861054][ T8379] FAULT_INJECTION: forcing a failure. [ 249.861054][ T8379] name failslab, interval 1, probability 0, space 0, times 0 [ 249.873954][ T8379] CPU: 0 UID: 0 PID: 8379 Comm: syz.0.545 Not tainted syzkaller #0 PREEMPT(full) [ 249.873988][ T8379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 249.874001][ T8379] Call Trace: [ 249.874009][ T8379] [ 249.874019][ T8379] dump_stack_lvl+0x16c/0x1f0 [ 249.874063][ T8379] should_fail_ex+0x512/0x640 [ 249.874099][ T8379] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 249.874134][ T8379] should_failslab+0xc2/0x120 [ 249.874169][ T8379] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 249.874199][ T8379] ? __pfx_apparmor_file_open+0x10/0x10 [ 249.874229][ T8379] ? proc_reg_open+0x23f/0x5f0 [ 249.874266][ T8379] proc_reg_open+0x23f/0x5f0 [ 249.874302][ T8379] do_dentry_open+0x982/0x1530 [ 249.874334][ T8379] ? __pfx_proc_reg_open+0x10/0x10 [ 249.874373][ T8379] vfs_open+0x82/0x3f0 [ 249.874415][ T8379] path_openat+0x1de4/0x2cb0 [ 249.874459][ T8379] ? __pfx_path_openat+0x10/0x10 [ 249.874499][ T8379] do_filp_open+0x20b/0x470 [ 249.874530][ T8379] ? __pfx_do_filp_open+0x10/0x10 [ 249.874587][ T8379] ? alloc_fd+0x471/0x7d0 [ 249.874626][ T8379] do_sys_openat2+0x11b/0x1d0 [ 249.874664][ T8379] ? __pfx_do_sys_openat2+0x10/0x10 [ 249.874700][ T8379] ? find_held_lock+0x2b/0x80 [ 249.874727][ T8379] ? handle_mm_fault+0x2ab/0xd10 [ 249.874763][ T8379] __x64_sys_openat+0x174/0x210 [ 249.874787][ T8379] ? __pfx___x64_sys_openat+0x10/0x10 [ 249.874825][ T8379] do_syscall_64+0xcd/0x4c0 [ 249.874860][ T8379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.874887][ T8379] RIP: 0033:0x7f067b38eec9 [ 249.874909][ T8379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.874935][ T8379] RSP: 002b:00007f067c14e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 249.874960][ T8379] RAX: ffffffffffffffda RBX: 00007f067b5e6360 RCX: 00007f067b38eec9 [ 249.874978][ T8379] RDX: 0000000000040001 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 249.874995][ T8379] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 249.875010][ T8379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 249.875026][ T8379] R13: 00007f067b5e63f8 R14: 00007f067b5e6360 R15: 00007fff1ebdf8c8 [ 249.875062][ T8379] [ 251.092099][ T51] Bluetooth: hci1: unexpected subevent 0x12 length: 123 > 5 [ 251.863009][ T8420] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.556' sets config #0 [ 252.389874][ T8437] snd_virmidi snd_virmidi.0: control 61678:131081:32767:yªƒ>oÆ[k<÷:1 is already present [ 252.554315][ T8430] syz.1.560 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 253.147758][ T8449] netlink: 'syz.1.566': attribute type 1 has an invalid length. [ 253.323469][ T8410] Bluetooth: hci3: unexpected subevent 0x12 length: 123 > 5 [ 253.491277][ T8463] netlink: 'syz.3.570': attribute type 1 has an invalid length. [ 253.599321][ T8465] net_ratelimit: 96 callbacks suppressed [ 253.599342][ T8465] netlink: zone id is out of range [ 253.621533][ T8465] netlink: zone id is out of range [ 253.628186][ T8465] netlink: zone id is out of range [ 253.656784][ T8465] netlink: zone id is out of range [ 253.679251][ T8465] netlink: zone id is out of range [ 253.684414][ T8465] netlink: zone id is out of range [ 253.750397][ T8465] netlink: zone id is out of range [ 253.805047][ T8465] netlink: zone id is out of range [ 253.843144][ T8465] netlink: zone id is out of range [ 253.858263][ T8465] netlink: zone id is out of range [ 254.582164][ T8483] netlink: 28 bytes leftover after parsing attributes in process `syz.0.572'. [ 254.591432][ T8483] bond0: entered allmulticast mode [ 254.596581][ T8483] bond_slave_0: entered allmulticast mode [ 254.625495][ T8482] FAULT_INJECTION: forcing a failure. [ 254.625495][ T8482] name failslab, interval 1, probability 0, space 0, times 0 [ 254.643032][ T8482] CPU: 0 UID: 0 PID: 8482 Comm: syz.3.574 Not tainted syzkaller #0 PREEMPT(full) [ 254.643067][ T8482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 254.643082][ T8482] Call Trace: [ 254.643090][ T8482] [ 254.643101][ T8482] dump_stack_lvl+0x16c/0x1f0 [ 254.643143][ T8482] should_fail_ex+0x512/0x640 [ 254.643177][ T8482] ? __kmalloc_noprof+0xbf/0x510 [ 254.643210][ T8482] ? devlink_fmsg_put_name+0xf0/0x3f0 [ 254.643246][ T8482] should_failslab+0xc2/0x120 [ 254.643278][ T8482] __kmalloc_noprof+0xd2/0x510 [ 254.643317][ T8482] devlink_fmsg_put_name+0xf0/0x3f0 [ 254.643355][ T8482] devlink_fmsg_string_pair_put+0xb6/0x1b0 [ 254.643385][ T8482] nsim_dev_dummy_reporter_dump+0x54/0xa0 [ 254.643427][ T8482] devlink_health_do_dump+0x243/0x620 [ 254.643457][ T8482] devlink_health_report+0x3c9/0x9c0 [ 254.643489][ T8482] ? __pfx_devlink_health_report+0x10/0x10 [ 254.643515][ T8482] ? _copy_from_user+0x59/0xd0 [ 254.643556][ T8482] nsim_dev_health_break_write+0x166/0x210 [ 254.643590][ T8482] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 254.643638][ T8482] full_proxy_write+0x131/0x1a0 [ 254.643679][ T8482] ? __pfx_full_proxy_write+0x10/0x10 [ 254.643716][ T8482] vfs_write+0x2a0/0x11d0 [ 254.643751][ T8482] ? __pfx___mutex_lock+0x10/0x10 [ 254.643790][ T8482] ? __pfx_vfs_write+0x10/0x10 [ 254.643831][ T8482] ? __fget_files+0x20e/0x3c0 [ 254.643868][ T8482] ksys_write+0x12a/0x250 [ 254.643897][ T8482] ? __pfx_ksys_write+0x10/0x10 [ 254.643937][ T8482] do_syscall_64+0xcd/0x4c0 [ 254.643963][ T8482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.643987][ T8482] RIP: 0033:0x7fc1c498eec9 [ 254.644007][ T8482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.644033][ T8482] RSP: 002b:00007fc1c2bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 254.644057][ T8482] RAX: ffffffffffffffda RBX: 00007fc1c4be5fa0 RCX: 00007fc1c498eec9 [ 254.644074][ T8482] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000007 [ 254.644089][ T8482] RBP: 00007fc1c4a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 254.644103][ T8482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.644118][ T8482] R13: 00007fc1c4be6038 R14: 00007fc1c4be5fa0 R15: 00007fff73101118 [ 254.644153][ T8482] [ 254.646814][ T8482] FAULT_INJECTION: forcing a failure. [ 254.646814][ T8482] name failslab, interval 1, probability 0, space 0, times 0 [ 254.898531][ T8482] CPU: 0 UID: 0 PID: 8482 Comm: syz.3.574 Not tainted syzkaller #0 PREEMPT(full) [ 254.898574][ T8482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 254.898589][ T8482] Call Trace: [ 254.898597][ T8482] [ 254.898607][ T8482] dump_stack_lvl+0x16c/0x1f0 [ 254.898646][ T8482] should_fail_ex+0x512/0x640 [ 254.898678][ T8482] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 254.898710][ T8482] should_failslab+0xc2/0x120 [ 254.898741][ T8482] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 254.898769][ T8482] ? alloc_uid+0x13d/0x4c0 [ 254.898797][ T8482] ? _raw_spin_unlock_irq+0x23/0x50 [ 254.898833][ T8482] alloc_uid+0x13d/0x4c0 [ 254.898859][ T8482] ? __pfx_alloc_uid+0x10/0x10 [ 254.898875][ T8482] ? security_prepare_creds+0xa7/0x270 [ 254.898899][ T8482] __sys_setresuid+0x507/0x1160 [ 254.898919][ T8482] do_syscall_64+0xcd/0x4c0 [ 254.898933][ T8482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.898948][ T8482] RIP: 0033:0x7fc1c498eec9 [ 254.898961][ T8482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.898974][ T8482] RSP: 002b:00007fc1c2bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 254.898988][ T8482] RAX: ffffffffffffffda RBX: 00007fc1c4be5fa0 RCX: 00007fc1c498eec9 [ 254.898997][ T8482] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008 [ 254.899005][ T8482] RBP: 00007fc1c4a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 254.899013][ T8482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.899021][ T8482] R13: 00007fc1c4be6038 R14: 00007fc1c4be5fa0 R15: 00007fff73101118 [ 254.899038][ T8482] [ 254.918278][ T8483] bond_slave_1: entered allmulticast mode [ 255.262257][ T8489] netlink: 'syz.2.577': attribute type 1 has an invalid length. [ 255.633727][ T8492] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(10) [ 255.850516][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.856864][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.396161][ T8515] netlink: 'syz.2.583': attribute type 1 has an invalid length. [ 256.841469][ T8517] netlink: 'syz.0.582': attribute type 11 has an invalid length. [ 256.899627][ T8517] netlink: 'syz.0.582': attribute type 11 has an invalid length. [ 256.983004][ T8517] netlink: 'syz.0.582': attribute type 11 has an invalid length. [ 257.036532][ T8517] netlink: 'syz.0.582': attribute type 11 has an invalid length. [ 257.059487][ T8410] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 257.614171][ T8524] FAULT_INJECTION: forcing a failure. [ 257.614171][ T8524] name failslab, interval 1, probability 0, space 0, times 0 [ 257.632767][ T8524] CPU: 0 UID: 0 PID: 8524 Comm: syz.3.585 Not tainted syzkaller #0 PREEMPT(full) [ 257.632804][ T8524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 257.632821][ T8524] Call Trace: [ 257.632831][ T8524] [ 257.632841][ T8524] dump_stack_lvl+0x16c/0x1f0 [ 257.632887][ T8524] should_fail_ex+0x512/0x640 [ 257.632925][ T8524] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 257.632963][ T8524] should_failslab+0xc2/0x120 [ 257.632997][ T8524] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 257.633036][ T8524] ? __alloc_skb+0x2b2/0x380 [ 257.633080][ T8524] __alloc_skb+0x2b2/0x380 [ 257.633116][ T8524] ? __pfx___alloc_skb+0x10/0x10 [ 257.633155][ T8524] ? __lock_acquire+0x62e/0x1ce0 [ 257.633198][ T8524] alloc_skb_with_frags+0xe0/0x860 [ 257.633232][ T8524] sock_alloc_send_pskb+0x7fb/0x990 [ 257.633279][ T8524] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 257.633316][ T8524] ? ip6_finish_output2+0xb30/0x2020 [ 257.633364][ T8524] __ip6_append_data+0x2a98/0x4750 [ 257.633407][ T8524] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 257.633462][ T8524] ? __pfx___ip6_append_data+0x10/0x10 [ 257.633497][ T8524] ? __pfx_ip6_mtu+0x10/0x10 [ 257.633524][ T8524] ? ip6_setup_cork+0xc51/0x1530 [ 257.633561][ T8524] ip6_make_skb+0x2c8/0x3f0 [ 257.633597][ T8524] ? ip6_dst_check+0x343/0x950 [ 257.633625][ T8524] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 257.633667][ T8524] ? __pfx_ip6_make_skb+0x10/0x10 [ 257.633703][ T8524] ? find_held_lock+0x2b/0x80 [ 257.633737][ T8524] ? sk_dst_check+0x1da/0x540 [ 257.633779][ T8524] ? udpv6_sendmsg+0x235c/0x2d20 [ 257.633803][ T8524] udpv6_sendmsg+0x235c/0x2d20 [ 257.633829][ T8524] ? aa_label_sk_perm+0x195/0x600 [ 257.633862][ T8524] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 257.633912][ T8524] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 257.633960][ T8524] ? __pfx___might_resched+0x10/0x10 [ 257.633987][ T8524] ? __lock_acquire+0xb97/0x1ce0 [ 257.634041][ T8524] ? iovec_from_user+0xbb/0x140 [ 257.634079][ T8524] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 257.634109][ T8524] ? inet6_sendmsg+0x105/0x140 [ 257.634134][ T8524] inet6_sendmsg+0x105/0x140 [ 257.634163][ T8524] ____sys_sendmsg+0x705/0xc70 [ 257.634194][ T8524] ? copy_msghdr_from_user+0x10a/0x160 [ 257.634232][ T8524] ? __pfx_____sys_sendmsg+0x10/0x10 [ 257.634264][ T8524] ? kfree+0x24f/0x4d0 [ 257.634289][ T8524] ? futex_unqueue+0x133/0x2c0 [ 257.634325][ T8524] ___sys_sendmsg+0x134/0x1d0 [ 257.634365][ T8524] ? __pfx____sys_sendmsg+0x10/0x10 [ 257.634435][ T8524] ? __pfx___might_resched+0x10/0x10 [ 257.634470][ T8524] __sys_sendmmsg+0x200/0x420 [ 257.634511][ T8524] ? __pfx___sys_sendmmsg+0x10/0x10 [ 257.634559][ T8524] ? __pfx_do_futex+0x10/0x10 [ 257.634606][ T8524] ? fput+0x9b/0xd0 [ 257.634643][ T8524] ? xfd_validate_state+0x61/0x180 [ 257.634678][ T8524] ? __pfx_ksys_write+0x10/0x10 [ 257.634715][ T8524] __x64_sys_sendmmsg+0x9c/0x100 [ 257.634752][ T8524] ? lockdep_hardirqs_on+0x7c/0x110 [ 257.634789][ T8524] do_syscall_64+0xcd/0x4c0 [ 257.634831][ T8524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.634857][ T8524] RIP: 0033:0x7fc1c498eec9 [ 257.634879][ T8524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.634905][ T8524] RSP: 002b:00007fc1c2bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 257.634930][ T8524] RAX: ffffffffffffffda RBX: 00007fc1c4be6090 RCX: 00007fc1c498eec9 [ 257.634947][ T8524] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 257.634963][ T8524] RBP: 00007fc1c4a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 257.634980][ T8524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 257.634996][ T8524] R13: 00007fc1c4be6128 R14: 00007fc1c4be6090 R15: 00007fff73101118 [ 257.635036][ T8524] [ 258.827214][ T8541] netlink: 28 bytes leftover after parsing attributes in process `syz.0.589'. [ 259.322269][ T8555] FAULT_INJECTION: forcing a failure. [ 259.322269][ T8555] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 259.413775][ T8555] CPU: 1 UID: 0 PID: 8555 Comm: syz.0.592 Not tainted syzkaller #0 PREEMPT(full) [ 259.413806][ T8555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 259.413818][ T8555] Call Trace: [ 259.413825][ T8555] [ 259.413850][ T8555] dump_stack_lvl+0x16c/0x1f0 [ 259.413889][ T8555] should_fail_ex+0x512/0x640 [ 259.413928][ T8555] _copy_from_user+0x2e/0xd0 [ 259.413953][ T8555] vmci_host_unlocked_ioctl+0x1123/0x2040 [ 259.413988][ T8555] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 259.414023][ T8555] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 259.414059][ T8555] ? do_vfs_ioctl+0x128/0x14f0 [ 259.414094][ T8555] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 259.414153][ T8555] ? __fget_files+0x20e/0x3c0 [ 259.414185][ T8555] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 259.414222][ T8555] __x64_sys_ioctl+0x18e/0x210 [ 259.414259][ T8555] do_syscall_64+0xcd/0x4c0 [ 259.414284][ T8555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.414308][ T8555] RIP: 0033:0x7f067b38eec9 [ 259.414327][ T8555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.414350][ T8555] RSP: 002b:00007f067c1d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 259.414373][ T8555] RAX: ffffffffffffffda RBX: 00007f067b5e5fa0 RCX: 00007f067b38eec9 [ 259.414389][ T8555] RDX: 0000000000000000 RSI: 00000000000007a6 RDI: 0000000000000003 [ 259.414403][ T8555] RBP: 00007f067c1d2090 R08: 0000000000000000 R09: 0000000000000000 [ 259.414418][ T8555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 259.414432][ T8555] R13: 00007f067b5e6038 R14: 00007f067b5e5fa0 R15: 00007fff1ebdf8c8 [ 259.414465][ T8555] [ 260.219009][ T8573] netlink: 'syz.2.596': attribute type 1 has an invalid length. [ 260.500308][ T8576] netlink: 4 bytes leftover after parsing attributes in process `syz.3.595'. [ 261.127346][ T8593] FAULT_INJECTION: forcing a failure. [ 261.127346][ T8593] name failslab, interval 1, probability 0, space 0, times 0 [ 261.150290][ T8593] CPU: 1 UID: 0 PID: 8593 Comm: syz.3.595 Not tainted syzkaller #0 PREEMPT(full) [ 261.150327][ T8593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 261.150343][ T8593] Call Trace: [ 261.150352][ T8593] [ 261.150362][ T8593] dump_stack_lvl+0x16c/0x1f0 [ 261.150405][ T8593] should_fail_ex+0x512/0x640 [ 261.150443][ T8593] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 261.150479][ T8593] should_failslab+0xc2/0x120 [ 261.150513][ T8593] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 261.150543][ T8593] ? __pfx_apparmor_file_open+0x10/0x10 [ 261.150572][ T8593] ? proc_reg_open+0x23f/0x5f0 [ 261.150608][ T8593] proc_reg_open+0x23f/0x5f0 [ 261.150643][ T8593] do_dentry_open+0x982/0x1530 [ 261.150676][ T8593] ? __pfx_proc_reg_open+0x10/0x10 [ 261.150716][ T8593] vfs_open+0x82/0x3f0 [ 261.150759][ T8593] path_openat+0x1de4/0x2cb0 [ 261.150802][ T8593] ? __pfx_path_openat+0x10/0x10 [ 261.150851][ T8593] do_filp_open+0x20b/0x470 [ 261.150884][ T8593] ? __pfx_do_filp_open+0x10/0x10 [ 261.150941][ T8593] ? alloc_fd+0x471/0x7d0 [ 261.150980][ T8593] do_sys_openat2+0x11b/0x1d0 [ 261.151020][ T8593] ? __pfx_do_sys_openat2+0x10/0x10 [ 261.151055][ T8593] ? find_held_lock+0x2b/0x80 [ 261.151083][ T8593] ? handle_mm_fault+0x2ab/0xd10 [ 261.151118][ T8593] __x64_sys_openat+0x174/0x210 [ 261.151142][ T8593] ? __pfx___x64_sys_openat+0x10/0x10 [ 261.151181][ T8593] do_syscall_64+0xcd/0x4c0 [ 261.151207][ T8593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.151233][ T8593] RIP: 0033:0x7fc1c498eec9 [ 261.151255][ T8593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.151280][ T8593] RSP: 002b:00007fc1c2791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 261.151305][ T8593] RAX: ffffffffffffffda RBX: 00007fc1c4be6270 RCX: 00007fc1c498eec9 [ 261.151323][ T8593] RDX: 0000000000040001 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 261.151338][ T8593] RBP: 00007fc1c4a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 261.151354][ T8593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 261.151369][ T8593] R13: 00007fc1c4be6308 R14: 00007fc1c4be6270 R15: 00007fff73101118 [ 261.151404][ T8593] [ 261.388759][ T8598] netlink: 'syz.0.603': attribute type 1 has an invalid length. [ 261.400504][ T8598] net_ratelimit: 202 callbacks suppressed [ 261.400517][ T8598] netlink: zone id is out of range [ 261.411378][ T8598] netlink: zone id is out of range [ 261.416469][ T8598] netlink: zone id is out of range [ 261.421581][ T8598] netlink: zone id is out of range [ 261.427198][ T8598] netlink: zone id is out of range [ 261.432373][ T8598] netlink: zone id is out of range [ 261.437478][ T8598] netlink: zone id is out of range [ 261.442618][ T8598] netlink: zone id is out of range [ 261.447743][ T8598] netlink: zone id is out of range [ 261.452929][ T8598] netlink: zone id is out of range [ 262.674083][ T8623] futex_wake_op: syz.0.609 tries to shift op by -9; fix this program [ 263.421956][ T8633] random: crng reseeded on system resumption [ 263.832329][ T8645] netlink: 'syz.2.615': attribute type 1 has an invalid length. [ 264.677310][ T8654] netlink: 4 bytes leftover after parsing attributes in process `syz.3.616'. [ 265.216774][ T8661] FAULT_INJECTION: forcing a failure. [ 265.216774][ T8661] name failslab, interval 1, probability 0, space 0, times 0 [ 265.324278][ T8661] CPU: 0 UID: 0 PID: 8661 Comm: syz.3.616 Not tainted syzkaller #0 PREEMPT(full) [ 265.324317][ T8661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 265.324333][ T8661] Call Trace: [ 265.324342][ T8661] [ 265.324352][ T8661] dump_stack_lvl+0x16c/0x1f0 [ 265.324397][ T8661] should_fail_ex+0x512/0x640 [ 265.324435][ T8661] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 265.324470][ T8661] should_failslab+0xc2/0x120 [ 265.324504][ T8661] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 265.324532][ T8661] ? __pfx_apparmor_file_open+0x10/0x10 [ 265.324562][ T8661] ? proc_reg_open+0x23f/0x5f0 [ 265.324599][ T8661] proc_reg_open+0x23f/0x5f0 [ 265.324635][ T8661] do_dentry_open+0x982/0x1530 [ 265.324667][ T8661] ? __pfx_proc_reg_open+0x10/0x10 [ 265.324708][ T8661] vfs_open+0x82/0x3f0 [ 265.324749][ T8661] path_openat+0x1de4/0x2cb0 [ 265.324793][ T8661] ? __pfx_path_openat+0x10/0x10 [ 265.324833][ T8661] do_filp_open+0x20b/0x470 [ 265.324864][ T8661] ? __pfx_do_filp_open+0x10/0x10 [ 265.324921][ T8661] ? alloc_fd+0x471/0x7d0 [ 265.324958][ T8661] do_sys_openat2+0x11b/0x1d0 [ 265.324996][ T8661] ? __pfx_do_sys_openat2+0x10/0x10 [ 265.325030][ T8661] ? find_held_lock+0x2b/0x80 [ 265.325060][ T8661] ? handle_mm_fault+0x2ab/0xd10 [ 265.325097][ T8661] __x64_sys_openat+0x174/0x210 [ 265.325130][ T8661] ? __pfx___x64_sys_openat+0x10/0x10 [ 265.325170][ T8661] do_syscall_64+0xcd/0x4c0 [ 265.325198][ T8661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.325224][ T8661] RIP: 0033:0x7fc1c498eec9 [ 265.325245][ T8661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.325271][ T8661] RSP: 002b:00007fc1c2791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 265.325295][ T8661] RAX: ffffffffffffffda RBX: 00007fc1c4be6270 RCX: 00007fc1c498eec9 [ 265.325312][ T8661] RDX: 0000000000040001 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 265.325329][ T8661] RBP: 00007fc1c4a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 265.325345][ T8661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.325361][ T8661] R13: 00007fc1c4be6308 R14: 00007fc1c4be6270 R15: 00007fff73101118 [ 265.325395][ T8661] [ 266.703596][ T8694] FAULT_INJECTION: forcing a failure. [ 266.703596][ T8694] name failslab, interval 1, probability 0, space 0, times 0 [ 266.779974][ T8694] CPU: 1 UID: 0 PID: 8694 Comm: syz.0.634 Not tainted syzkaller #0 PREEMPT(full) [ 266.780010][ T8694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 266.780024][ T8694] Call Trace: [ 266.780034][ T8694] [ 266.780044][ T8694] dump_stack_lvl+0x16c/0x1f0 [ 266.780084][ T8694] should_fail_ex+0x512/0x640 [ 266.780118][ T8694] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 266.780152][ T8694] should_failslab+0xc2/0x120 [ 266.780186][ T8694] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 266.780214][ T8694] ? __alloc_skb+0x2b2/0x380 [ 266.780262][ T8694] __alloc_skb+0x2b2/0x380 [ 266.780291][ T8694] ? __pfx___alloc_skb+0x10/0x10 [ 266.780328][ T8694] ? __lock_acquire+0x62e/0x1ce0 [ 266.780368][ T8694] alloc_skb_with_frags+0xe0/0x860 [ 266.780398][ T8694] sock_alloc_send_pskb+0x7fb/0x990 [ 266.780441][ T8694] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 266.780475][ T8694] ? ip6_finish_output2+0xb30/0x2020 [ 266.780522][ T8694] __ip6_append_data+0x2a98/0x4750 [ 266.780563][ T8694] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 266.780618][ T8694] ? __pfx___ip6_append_data+0x10/0x10 [ 266.780652][ T8694] ? __pfx_ip6_mtu+0x10/0x10 [ 266.780678][ T8694] ? ip6_setup_cork+0xc51/0x1530 [ 266.780714][ T8694] ip6_make_skb+0x2c8/0x3f0 [ 266.780749][ T8694] ? ip6_dst_check+0x343/0x950 [ 266.780776][ T8694] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 266.780815][ T8694] ? __pfx_ip6_make_skb+0x10/0x10 [ 266.780849][ T8694] ? find_held_lock+0x2b/0x80 [ 266.780883][ T8694] ? sk_dst_check+0x1da/0x540 [ 266.780924][ T8694] ? udpv6_sendmsg+0x235c/0x2d20 [ 266.780947][ T8694] udpv6_sendmsg+0x235c/0x2d20 [ 266.780972][ T8694] ? aa_label_sk_perm+0x195/0x600 [ 266.781003][ T8694] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 266.781051][ T8694] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 266.781099][ T8694] ? __pfx___might_resched+0x10/0x10 [ 266.781124][ T8694] ? __lock_acquire+0xb97/0x1ce0 [ 266.781170][ T8694] ? iovec_from_user+0xbb/0x140 [ 266.781205][ T8694] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 266.781242][ T8694] ? inet6_sendmsg+0x105/0x140 [ 266.781267][ T8694] inet6_sendmsg+0x105/0x140 [ 266.781296][ T8694] ____sys_sendmsg+0x705/0xc70 [ 266.781326][ T8694] ? copy_msghdr_from_user+0x10a/0x160 [ 266.781361][ T8694] ? __pfx_____sys_sendmsg+0x10/0x10 [ 266.781394][ T8694] ? kfree+0x24f/0x4d0 [ 266.781419][ T8694] ? futex_unqueue+0x133/0x2c0 [ 266.781454][ T8694] ___sys_sendmsg+0x134/0x1d0 [ 266.781492][ T8694] ? __pfx____sys_sendmsg+0x10/0x10 [ 266.781561][ T8694] ? __pfx___might_resched+0x10/0x10 [ 266.781594][ T8694] __sys_sendmmsg+0x200/0x420 [ 266.781634][ T8694] ? __pfx___sys_sendmmsg+0x10/0x10 [ 266.781680][ T8694] ? __pfx_do_futex+0x10/0x10 [ 266.781725][ T8694] ? fput+0x9b/0xd0 [ 266.781762][ T8694] ? xfd_validate_state+0x61/0x180 [ 266.781796][ T8694] ? __pfx_ksys_write+0x10/0x10 [ 266.781832][ T8694] __x64_sys_sendmmsg+0x9c/0x100 [ 266.781868][ T8694] ? lockdep_hardirqs_on+0x7c/0x110 [ 266.781904][ T8694] do_syscall_64+0xcd/0x4c0 [ 266.781930][ T8694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.781955][ T8694] RIP: 0033:0x7f067b38eec9 [ 266.781977][ T8694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.782005][ T8694] RSP: 002b:00007f067c16f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 266.782030][ T8694] RAX: ffffffffffffffda RBX: 00007f067b5e6270 RCX: 00007f067b38eec9 [ 266.782048][ T8694] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 266.782063][ T8694] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 266.782078][ T8694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 266.782093][ T8694] R13: 00007f067b5e6308 R14: 00007f067b5e6270 R15: 00007fff1ebdf8c8 [ 266.782127][ T8694] [ 267.564212][ T8682] netlink: 28 bytes leftover after parsing attributes in process `syz.3.626'. [ 267.593685][ T8682] bond0: entered allmulticast mode [ 267.620278][ T8682] bond_slave_0: entered allmulticast mode [ 267.626179][ T8682] bond_slave_1: entered allmulticast mode [ 269.403233][ T8745] FAULT_INJECTION: forcing a failure. [ 269.403233][ T8745] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 269.442489][ T8745] CPU: 1 UID: 0 PID: 8745 Comm: syz.3.641 Not tainted syzkaller #0 PREEMPT(full) [ 269.442525][ T8745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 269.442539][ T8745] Call Trace: [ 269.442547][ T8745] [ 269.442556][ T8745] dump_stack_lvl+0x16c/0x1f0 [ 269.442597][ T8745] should_fail_ex+0x512/0x640 [ 269.442638][ T8745] _copy_from_iter+0x29f/0x1720 [ 269.442668][ T8745] ? __alloc_skb+0x200/0x380 [ 269.442702][ T8745] ? __pfx__copy_from_iter+0x10/0x10 [ 269.442730][ T8745] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 269.442764][ T8745] ? __lock_acquire+0xb97/0x1ce0 [ 269.442803][ T8745] netlink_sendmsg+0x829/0xdd0 [ 269.442845][ T8745] ? __pfx_netlink_sendmsg+0x10/0x10 [ 269.442885][ T8745] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 269.442918][ T8745] ____sys_sendmsg+0xa95/0xc70 [ 269.442946][ T8745] ? copy_msghdr_from_user+0x10a/0x160 [ 269.442980][ T8745] ? __pfx_____sys_sendmsg+0x10/0x10 [ 269.443030][ T8745] ___sys_sendmsg+0x134/0x1d0 [ 269.443067][ T8745] ? __pfx____sys_sendmsg+0x10/0x10 [ 269.443144][ T8745] __sys_sendmsg+0x16d/0x220 [ 269.443179][ T8745] ? __pfx___sys_sendmsg+0x10/0x10 [ 269.443237][ T8745] do_syscall_64+0xcd/0x4c0 [ 269.443261][ T8745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.443286][ T8745] RIP: 0033:0x7fc1c498eec9 [ 269.443305][ T8745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.443329][ T8745] RSP: 002b:00007fc1c2bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 269.443351][ T8745] RAX: ffffffffffffffda RBX: 00007fc1c4be5fa0 RCX: 00007fc1c498eec9 [ 269.443368][ T8745] RDX: 0000000000008000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 269.443383][ T8745] RBP: 00007fc1c2bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 269.443397][ T8745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 269.443411][ T8745] R13: 00007fc1c4be6038 R14: 00007fc1c4be5fa0 R15: 00007fff73101118 [ 269.443444][ T8745] [ 270.116526][ T8752] netlink: 'syz.2.642': attribute type 11 has an invalid length. [ 270.163806][ T8752] netlink: 'syz.2.642': attribute type 11 has an invalid length. [ 270.368358][ T8752] netlink: 'syz.2.642': attribute type 11 has an invalid length. [ 270.387461][ T8752] netlink: 'syz.2.642': attribute type 11 has an invalid length. [ 270.749611][ T8760] FAULT_INJECTION: forcing a failure. [ 270.749611][ T8760] name failslab, interval 1, probability 0, space 0, times 0 [ 270.762418][ T8760] CPU: 1 UID: 0 PID: 8760 Comm: syz.3.644 Not tainted syzkaller #0 PREEMPT(full) [ 270.762447][ T8760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 270.762460][ T8760] Call Trace: [ 270.762469][ T8760] [ 270.762477][ T8760] dump_stack_lvl+0x16c/0x1f0 [ 270.762506][ T8760] should_fail_ex+0x512/0x640 [ 270.762528][ T8760] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 270.762548][ T8760] should_failslab+0xc2/0x120 [ 270.762566][ T8760] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 270.762597][ T8760] ? ptlock_alloc+0x1f/0x70 [ 270.762613][ T8760] ptlock_alloc+0x1f/0x70 [ 270.762626][ T8760] pte_alloc_one+0x82/0x3a0 [ 270.762642][ T8760] __pte_alloc+0x6d/0x3c0 [ 270.762660][ T8760] ? __pfx___pte_alloc+0x10/0x10 [ 270.762682][ T8760] do_pte_missing+0x285a/0x3ba0 [ 270.762703][ T8760] __handle_mm_fault+0x152a/0x2a50 [ 270.762723][ T8760] ? __pfx___handle_mm_fault+0x10/0x10 [ 270.762737][ T8760] ? folio_mark_accessed+0xc1/0xc00 [ 270.762757][ T8760] ? __pfx_folio_mark_accessed+0x10/0x10 [ 270.762774][ T8760] ? find_held_lock+0x2b/0x80 [ 270.762800][ T8760] handle_mm_fault+0x589/0xd10 [ 270.762818][ T8760] __get_user_pages+0x551/0x34a0 [ 270.762844][ T8760] ? register_lock_class+0x41/0x4c0 [ 270.762862][ T8760] ? __pfx___get_user_pages+0x10/0x10 [ 270.762881][ T8760] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.762901][ T8760] __gup_longterm_locked+0xa92/0x17e0 [ 270.762922][ T8760] ? __lock_acquire+0xb97/0x1ce0 [ 270.762942][ T8760] ? __pfx___gup_longterm_locked+0x10/0x10 [ 270.762972][ T8760] pin_user_pages_remote+0xed/0x140 [ 270.762994][ T8760] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 270.763013][ T8760] ? mm_access+0x22d/0x2e0 [ 270.763037][ T8760] process_vm_rw_core.constprop.0+0x41b/0x970 [ 270.763064][ T8760] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 270.763093][ T8760] ? iovec_from_user+0xbb/0x140 [ 270.763111][ T8760] process_vm_rw+0x216/0x2c0 [ 270.763129][ T8760] ? __pfx_process_vm_rw+0x10/0x10 [ 270.763151][ T8760] ? ksys_write+0x190/0x250 [ 270.763184][ T8760] ? ksys_write+0x1ac/0x250 [ 270.763199][ T8760] ? __pfx_ksys_write+0x10/0x10 [ 270.763217][ T8760] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 270.763235][ T8760] ? do_syscall_64+0x91/0x4c0 [ 270.763247][ T8760] ? lockdep_hardirqs_on+0x7c/0x110 [ 270.763266][ T8760] do_syscall_64+0xcd/0x4c0 [ 270.763280][ T8760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.763294][ T8760] RIP: 0033:0x7fc1c498eec9 [ 270.763306][ T8760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.763320][ T8760] RSP: 002b:00007fc1c2bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 270.763333][ T8760] RAX: ffffffffffffffda RBX: 00007fc1c4be6090 RCX: 00007fc1c498eec9 [ 270.763342][ T8760] RDX: 0000040000000001 RSI: 0000200000000000 RDI: 000000000000022d [ 270.763351][ T8760] RBP: 00007fc1c2bd5090 R08: 000000000000000a R09: 0000000000000000 [ 270.763359][ T8760] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 270.763367][ T8760] R13: 00007fc1c4be6128 R14: 00007fc1c4be6090 R15: 00007fff73101118 [ 270.763385][ T8760] [ 271.609227][ T8765] ovs_: entered promiscuous mode [ 271.723016][ T8759] FAULT_INJECTION: forcing a failure. [ 271.723016][ T8759] name failslab, interval 1, probability 0, space 0, times 0 [ 271.748423][ T8759] CPU: 1 UID: 0 PID: 8759 Comm: syz.0.643 Not tainted syzkaller #0 PREEMPT(full) [ 271.748460][ T8759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 271.748477][ T8759] Call Trace: [ 271.748485][ T8759] [ 271.748496][ T8759] dump_stack_lvl+0x16c/0x1f0 [ 271.748539][ T8759] should_fail_ex+0x512/0x640 [ 271.748576][ T8759] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 271.748606][ T8759] should_failslab+0xc2/0x120 [ 271.748639][ T8759] __kmalloc_cache_noprof+0x6a/0x3e0 [ 271.748666][ T8759] ? devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 271.748711][ T8759] devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 271.748752][ T8759] devlink_health_do_dump+0x4ab/0x620 [ 271.748792][ T8759] devlink_health_report+0x3c9/0x9c0 [ 271.748827][ T8759] ? __pfx_devlink_health_report+0x10/0x10 [ 271.748853][ T8759] ? _copy_from_user+0x59/0xd0 [ 271.748884][ T8759] nsim_dev_health_break_write+0x166/0x210 [ 271.748923][ T8759] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 271.748972][ T8759] full_proxy_write+0x131/0x1a0 [ 271.749013][ T8759] ? __pfx_full_proxy_write+0x10/0x10 [ 271.749050][ T8759] vfs_write+0x2a0/0x11d0 [ 271.749087][ T8759] ? __pfx___mutex_lock+0x10/0x10 [ 271.749124][ T8759] ? __pfx_vfs_write+0x10/0x10 [ 271.749165][ T8759] ? __fget_files+0x20e/0x3c0 [ 271.749205][ T8759] ksys_write+0x12a/0x250 [ 271.749234][ T8759] ? __pfx_ksys_write+0x10/0x10 [ 271.749275][ T8759] do_syscall_64+0xcd/0x4c0 [ 271.749300][ T8759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.749326][ T8759] RIP: 0033:0x7f067b38eec9 [ 271.749347][ T8759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.749372][ T8759] RSP: 002b:00007f067c1d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 271.749398][ T8759] RAX: ffffffffffffffda RBX: 00007f067b5e5fa0 RCX: 00007f067b38eec9 [ 271.749416][ T8759] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000007 [ 271.749432][ T8759] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 271.749448][ T8759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 271.749464][ T8759] R13: 00007f067b5e6038 R14: 00007f067b5e5fa0 R15: 00007fff1ebdf8c8 [ 271.749502][ T8759] [ 272.109282][ T8759] FAULT_INJECTION: forcing a failure. [ 272.109282][ T8759] name failslab, interval 1, probability 0, space 0, times 0 [ 272.234281][ T8759] CPU: 0 UID: 0 PID: 8759 Comm: syz.0.643 Not tainted syzkaller #0 PREEMPT(full) [ 272.234319][ T8759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 272.234332][ T8759] Call Trace: [ 272.234340][ T8759] [ 272.234349][ T8759] dump_stack_lvl+0x16c/0x1f0 [ 272.234391][ T8759] should_fail_ex+0x512/0x640 [ 272.234427][ T8759] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 272.234460][ T8759] should_failslab+0xc2/0x120 [ 272.234504][ T8759] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 272.234530][ T8759] ? alloc_uid+0x13d/0x4c0 [ 272.234556][ T8759] ? _raw_spin_unlock_irq+0x23/0x50 [ 272.234592][ T8759] alloc_uid+0x13d/0x4c0 [ 272.234623][ T8759] ? __pfx_alloc_uid+0x10/0x10 [ 272.234651][ T8759] ? security_prepare_creds+0xa7/0x270 [ 272.234692][ T8759] __sys_setresuid+0x507/0x1160 [ 272.234725][ T8759] do_syscall_64+0xcd/0x4c0 [ 272.234750][ T8759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.234772][ T8759] RIP: 0033:0x7f067b38eec9 [ 272.234790][ T8759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.234813][ T8759] RSP: 002b:00007f067c1d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 272.234835][ T8759] RAX: ffffffffffffffda RBX: 00007f067b5e5fa0 RCX: 00007f067b38eec9 [ 272.234851][ T8759] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008 [ 272.234865][ T8759] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 272.234879][ T8759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 272.234893][ T8759] R13: 00007f067b5e6038 R14: 00007f067b5e5fa0 R15: 00007fff1ebdf8c8 [ 272.234925][ T8759] [ 272.771551][ T8783] [U] [ 272.774450][ T8783] [U] [ 272.777127][ T8783] [U] [ 272.779799][ T8783] [U] [ 272.815535][ T8783] [U] [ 272.818291][ T8783] [U] [ 272.821011][ T8783] [U] [ 272.823733][ T8783] [U] [ 272.858924][ T8783] [U] [ 272.861640][ T8783] [U] [ 272.864317][ T8783] [U] [ 272.867004][ T8783] [U] [ 272.930835][ T8783] [U] [ 272.933616][ T8783] [U] ôh›£[—kàùçMÅe€Õ†ì®G½Ö‘¼óÚ 'Œvg!‚yŸFƒd4Å„¨éÓlˆÔ»M>îK;•>¼´™þ*Mpa«¸ä‘û~ìJW¸i[Š­¼d|>éQ»îÐà [ 273.020821][ T8793] netlink: 186 bytes leftover after parsing attributes in process `syz.3.652'. [ 273.047677][ T8783] [U] öX“^J÷€Í>-?kTU0°!ß– ]£h‚qè82³Êƒ6/kqÀ [ 273.047968][ T8785] netlink: 186 bytes leftover after parsing attributes in process `syz.3.652'. [ 273.053697][ T8783] [U] ¨(tUqÓ¡5è¡ïéõŒ1¼-Žò+<¿qÄ_“É&½µ‰”"ïA4á*qû¥“*õÝÅuOPÓBɪ9þ‰izÐ_Èñ¯×7u(àƒŸ‹b™—¢bÒ¯Ôcú—/~ [ 273.053732][ T8783] [U] ÁIˆbßú)‰ÒÜzÄB8KñFýOŸ´|j±çìµ4èV§€ ÷2*Ýø8é7 W6. 'iì/ OÐ(7WÌŒp¦IË„ºAUI¯i.UÄM Èº ãû¢CcÙkÊU'± R§¢¹Õˆ•ü·ŸKö©(Ÿ}ð£cÑÕY±x [ 273.078056][ T8783] [U]  sãê“Ü䶛a²ó¨aûýMTñ”deŒgXûQ) Œ&šD<;šo 1MϵR)@Pæ™>3£5 Ü[É2ÖdŠe Cw,¢«¦Á?C=ËÅU¸WZuN_lYa×ÌJ¸½€gߪ—«ÕŸÖžéZöö_ΓÅøfd“¬ èc° [ 273.767939][ T8783] [U] G²ñBTDžS9¿±ƒuØA¾—Áˆíe—e³÷d¯¢ÿ;È„4N*Çì%ôzß`¸s2ˆ=Õ§ùT~!* ” [ 274.145160][ T8803] FAULT_INJECTION: forcing a failure. [ 274.145160][ T8803] name failslab, interval 1, probability 0, space 0, times 0 [ 274.158400][ T8803] CPU: 1 UID: 0 PID: 8803 Comm: syz.0.656 Not tainted syzkaller #0 PREEMPT(full) [ 274.158421][ T8803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 274.158429][ T8803] Call Trace: [ 274.158434][ T8803] [ 274.158440][ T8803] dump_stack_lvl+0x16c/0x1f0 [ 274.158466][ T8803] should_fail_ex+0x512/0x640 [ 274.158486][ T8803] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 274.158505][ T8803] should_failslab+0xc2/0x120 [ 274.158531][ T8803] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 274.158548][ T8803] ? __pmd_alloc+0xbf/0x930 [ 274.158571][ T8803] __pmd_alloc+0xbf/0x930 [ 274.158592][ T8803] __handle_mm_fault+0xa06/0x2a50 [ 274.158609][ T8803] ? mt_find+0x3ef/0xa30 [ 274.158623][ T8803] ? __pfx___handle_mm_fault+0x10/0x10 [ 274.158636][ T8803] ? __pfx_mt_find+0x10/0x10 [ 274.158659][ T8803] ? find_vma+0xbf/0x140 [ 274.158676][ T8803] ? __pfx_find_vma+0x10/0x10 [ 274.158695][ T8803] handle_mm_fault+0x589/0xd10 [ 274.158710][ T8803] ? trace_raw_output_exceptions+0x131/0x150 [ 274.158734][ T8803] do_user_addr_fault+0x7a6/0x1370 [ 274.158756][ T8803] ? rcu_is_watching+0x12/0xc0 [ 274.158773][ T8803] exc_page_fault+0x5c/0xb0 [ 274.158794][ T8803] asm_exc_page_fault+0x26/0x30 [ 274.158807][ T8803] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 274.158825][ T8803] Code: c4 10 e9 d4 1e 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 [ 274.158838][ T8803] RSP: 0018:ffffc9001a23fd70 EFLAGS: 00050202 [ 274.158849][ T8803] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 274.158858][ T8803] RDX: fffff52003447fbc RSI: 0000000000000000 RDI: ffffc9001a23fde0 [ 274.158866][ T8803] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52003447fbc [ 274.158874][ T8803] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 274.158882][ T8803] R13: ffffc9001a23fde0 R14: 0000000000000000 R15: 0000000000000000 [ 274.158900][ T8803] _copy_from_user+0x98/0xd0 [ 274.158915][ T8803] do_sock_getsockopt+0x3ca/0x440 [ 274.158932][ T8803] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 274.158945][ T8803] ? __fget_files+0x204/0x3c0 [ 274.158961][ T8803] ? 0xffffffffff600000 [ 274.158979][ T8803] __sys_getsockopt+0x123/0x1b0 [ 274.158998][ T8803] ? 0xffffffffff600000 [ 274.159011][ T8803] __x64_sys_getsockopt+0xbd/0x160 [ 274.159029][ T8803] ? do_syscall_64+0x91/0x4c0 [ 274.159040][ T8803] ? lockdep_hardirqs_on+0x7c/0x110 [ 274.159059][ T8803] do_syscall_64+0xcd/0x4c0 [ 274.159072][ T8803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.159086][ T8803] RIP: 0033:0x7f067b38eec9 [ 274.159096][ T8803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.159109][ T8803] RSP: 002b:00007f067c1d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 274.159121][ T8803] RAX: ffffffffffffffda RBX: 00007f067b5e5fa0 RCX: 00007f067b38eec9 [ 274.159129][ T8803] RDX: 0000000000002711 RSI: 0000000000000114 RDI: 0000000000000002 [ 274.159137][ T8803] RBP: 00007f067c1d2090 R08: 0000000000000000 R09: 0000000000000000 [ 274.159145][ T8803] R10: ffffffffff600000 R11: 0000000000000246 R12: 0000000000000001 [ 274.159154][ T8803] R13: 00007f067b5e6038 R14: 00007f067b5e5fa0 R15: 00007fff1ebdf8c8 [ 274.159165][ T8803] ? 0xffffffffff600000 [ 274.159180][ T8803] [ 274.775003][ T8801] netlink: 4 bytes leftover after parsing attributes in process `syz.1.657'. [ 275.892345][ T8827] netlink: 'syz.3.661': attribute type 1 has an invalid length. [ 276.023145][ T8833] netlink: 'syz.2.662': attribute type 1 has an invalid length. [ 276.032786][ T8827] net_ratelimit: 202 callbacks suppressed [ 276.032804][ T8827] netlink: zone id is out of range [ 276.071267][ T8827] netlink: zone id is out of range [ 276.076703][ T8827] netlink: zone id is out of range [ 276.095542][ T8827] netlink: zone id is out of range [ 276.118864][ T8827] netlink: zone id is out of range [ 276.124001][ T8827] netlink: zone id is out of range [ 276.152548][ T8833] netlink: zone id is out of range [ 276.164711][ T8833] netlink: zone id is out of range [ 276.172913][ T8827] netlink: zone id is out of range [ 276.185593][ T8827] netlink: zone id is out of range [ 276.297121][ T8837] netlink: 4 bytes leftover after parsing attributes in process `syz.0.664'. [ 277.701465][ T8402] Bluetooth: hci0: unexpected subevent 0x12 length: 123 > 5 [ 278.290876][ T8886] netlink: 'syz.3.676': attribute type 1 has an invalid length. [ 279.090533][ T8402] Bluetooth: hci1: unexpected subevent 0x12 length: 123 > 5 [ 279.206482][ T8905] FAULT_INJECTION: forcing a failure. [ 279.206482][ T8905] name failslab, interval 1, probability 0, space 0, times 0 [ 279.332643][ T8905] CPU: 1 UID: 0 PID: 8905 Comm: syz.0.678 Not tainted syzkaller #0 PREEMPT(full) [ 279.332680][ T8905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 279.332696][ T8905] Call Trace: [ 279.332704][ T8905] [ 279.332714][ T8905] dump_stack_lvl+0x16c/0x1f0 [ 279.332756][ T8905] should_fail_ex+0x512/0x640 [ 279.332789][ T8905] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 279.332822][ T8905] should_failslab+0xc2/0x120 [ 279.332856][ T8905] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 279.332884][ T8905] ? __pfx_apparmor_file_open+0x10/0x10 [ 279.332909][ T8905] ? proc_reg_open+0x23f/0x5f0 [ 279.332943][ T8905] proc_reg_open+0x23f/0x5f0 [ 279.332987][ T8905] do_dentry_open+0x982/0x1530 [ 279.333019][ T8905] ? __pfx_proc_reg_open+0x10/0x10 [ 279.333068][ T8905] vfs_open+0x82/0x3f0 [ 279.333118][ T8905] path_openat+0x1de4/0x2cb0 [ 279.333171][ T8905] ? __pfx_path_openat+0x10/0x10 [ 279.333213][ T8905] do_filp_open+0x20b/0x470 [ 279.333246][ T8905] ? __pfx_do_filp_open+0x10/0x10 [ 279.333304][ T8905] ? alloc_fd+0x471/0x7d0 [ 279.333349][ T8905] do_sys_openat2+0x11b/0x1d0 [ 279.333386][ T8905] ? __pfx_do_sys_openat2+0x10/0x10 [ 279.333423][ T8905] ? find_held_lock+0x2b/0x80 [ 279.333450][ T8905] ? handle_mm_fault+0x2ab/0xd10 [ 279.333491][ T8905] __x64_sys_openat+0x174/0x210 [ 279.333516][ T8905] ? __pfx___x64_sys_openat+0x10/0x10 [ 279.333556][ T8905] do_syscall_64+0xcd/0x4c0 [ 279.333582][ T8905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.333626][ T8905] RIP: 0033:0x7f067b38eec9 [ 279.333648][ T8905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 279.333674][ T8905] RSP: 002b:00007f067c16f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 279.333707][ T8905] RAX: ffffffffffffffda RBX: 00007f067b5e6270 RCX: 00007f067b38eec9 [ 279.333726][ T8905] RDX: 0000000000040001 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 279.333744][ T8905] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 279.333760][ T8905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 279.333777][ T8905] R13: 00007f067b5e6308 R14: 00007f067b5e6270 R15: 00007fff1ebdf8c8 [ 279.333813][ T8905] [ 280.669723][ T8929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.688'. [ 280.698658][ T8938] netlink: 'syz.0.689': attribute type 1 has an invalid length. [ 281.295439][ T8945] netlink: 4 bytes leftover after parsing attributes in process `syz.3.690'. [ 281.392514][ T8402] Bluetooth: hci0: unexpected subevent 0x12 length: 123 > 5 [ 281.854640][ T8954] FAULT_INJECTION: forcing a failure. [ 281.854640][ T8954] name failslab, interval 1, probability 0, space 0, times 0 [ 281.922540][ T8954] CPU: 1 UID: 0 PID: 8954 Comm: syz.0.692 Not tainted syzkaller #0 PREEMPT(full) [ 281.922577][ T8954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 281.922594][ T8954] Call Trace: [ 281.922603][ T8954] [ 281.922612][ T8954] dump_stack_lvl+0x16c/0x1f0 [ 281.922658][ T8954] should_fail_ex+0x512/0x640 [ 281.922697][ T8954] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 281.922733][ T8954] should_failslab+0xc2/0x120 [ 281.922768][ T8954] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 281.922800][ T8954] ? __alloc_skb+0x2b2/0x380 [ 281.922840][ T8954] __alloc_skb+0x2b2/0x380 [ 281.922874][ T8954] ? __pfx___alloc_skb+0x10/0x10 [ 281.922911][ T8954] ? __lock_acquire+0x62e/0x1ce0 [ 281.922952][ T8954] alloc_skb_with_frags+0xe0/0x860 [ 281.922988][ T8954] sock_alloc_send_pskb+0x7fb/0x990 [ 281.923034][ T8954] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 281.923070][ T8954] ? ip6_finish_output2+0xb30/0x2020 [ 281.923118][ T8954] __ip6_append_data+0x2a98/0x4750 [ 281.923161][ T8954] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 281.923217][ T8954] ? __pfx___ip6_append_data+0x10/0x10 [ 281.923251][ T8954] ? __pfx_ip6_mtu+0x10/0x10 [ 281.923278][ T8954] ? ip6_setup_cork+0xc51/0x1530 [ 281.923314][ T8954] ip6_make_skb+0x2c8/0x3f0 [ 281.923350][ T8954] ? ip6_dst_check+0x343/0x950 [ 281.923379][ T8954] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 281.923420][ T8954] ? __pfx_ip6_make_skb+0x10/0x10 [ 281.923466][ T8954] ? find_held_lock+0x2b/0x80 [ 281.923502][ T8954] ? sk_dst_check+0x1da/0x540 [ 281.923545][ T8954] ? udpv6_sendmsg+0x235c/0x2d20 [ 281.923573][ T8954] udpv6_sendmsg+0x235c/0x2d20 [ 281.923600][ T8954] ? aa_label_sk_perm+0x195/0x600 [ 281.923632][ T8954] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 281.923683][ T8954] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 281.923730][ T8954] ? __pfx___might_resched+0x10/0x10 [ 281.923756][ T8954] ? __lock_acquire+0xb97/0x1ce0 [ 281.923802][ T8954] ? iovec_from_user+0xbb/0x140 [ 281.923838][ T8954] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 281.923867][ T8954] ? inet6_sendmsg+0x105/0x140 [ 281.923891][ T8954] inet6_sendmsg+0x105/0x140 [ 281.923919][ T8954] ____sys_sendmsg+0x705/0xc70 [ 281.923948][ T8954] ? copy_msghdr_from_user+0x10a/0x160 [ 281.923985][ T8954] ? __pfx_____sys_sendmsg+0x10/0x10 [ 281.924019][ T8954] ? kfree+0x24f/0x4d0 [ 281.924043][ T8954] ? futex_unqueue+0x133/0x2c0 [ 281.924080][ T8954] ___sys_sendmsg+0x134/0x1d0 [ 281.924119][ T8954] ? __pfx____sys_sendmsg+0x10/0x10 [ 281.924190][ T8954] ? __pfx___might_resched+0x10/0x10 [ 281.924224][ T8954] __sys_sendmmsg+0x200/0x420 [ 281.924266][ T8954] ? __pfx___sys_sendmmsg+0x10/0x10 [ 281.924314][ T8954] ? __pfx_do_futex+0x10/0x10 [ 281.924361][ T8954] ? fput+0x9b/0xd0 [ 281.924397][ T8954] ? xfd_validate_state+0x61/0x180 [ 281.924439][ T8954] ? __pfx_ksys_write+0x10/0x10 [ 281.924477][ T8954] __x64_sys_sendmmsg+0x9c/0x100 [ 281.924515][ T8954] ? lockdep_hardirqs_on+0x7c/0x110 [ 281.924554][ T8954] do_syscall_64+0xcd/0x4c0 [ 281.924580][ T8954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.924607][ T8954] RIP: 0033:0x7f067b38eec9 [ 281.924628][ T8954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.924654][ T8954] RSP: 002b:00007f067c1b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 281.924678][ T8954] RAX: ffffffffffffffda RBX: 00007f067b5e6090 RCX: 00007f067b38eec9 [ 281.924696][ T8954] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 281.924712][ T8954] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 281.924727][ T8954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 281.924743][ T8954] R13: 00007f067b5e6128 R14: 00007f067b5e6090 R15: 00007fff1ebdf8c8 [ 281.924779][ T8954] [ 283.227595][ T8987] netlink: 'syz.0.701': attribute type 1 has an invalid length. [ 283.270803][ T8987] net_ratelimit: 421 callbacks suppressed [ 283.270825][ T8987] netlink: zone id is out of range [ 283.318251][ T8987] netlink: zone id is out of range [ 283.353115][ T8987] netlink: zone id is out of range [ 283.361065][ T8402] Bluetooth: hci0: unexpected subevent 0x12 length: 123 > 5 [ 283.388768][ T8987] netlink: zone id is out of range [ 283.393953][ T8987] netlink: zone id is out of range [ 283.399536][ T8987] netlink: zone id is out of range [ 283.404715][ T8987] netlink: zone id is out of range [ 283.411329][ T8987] netlink: zone id is out of range [ 283.416468][ T8987] netlink: zone id is out of range [ 283.422789][ T8987] netlink: zone id is out of range [ 284.156117][ T9010] netlink: 4 bytes leftover after parsing attributes in process `syz.1.706'. [ 284.282278][ T9011] netlink: 4 bytes leftover after parsing attributes in process `syz.0.708'. [ 284.426960][ T9011] FAULT_INJECTION: forcing a failure. [ 284.426960][ T9011] name failslab, interval 1, probability 0, space 0, times 0 [ 284.442937][ T9011] CPU: 0 UID: 0 PID: 9011 Comm: syz.0.708 Not tainted syzkaller #0 PREEMPT(full) [ 284.442973][ T9011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 284.442987][ T9011] Call Trace: [ 284.442995][ T9011] [ 284.443005][ T9011] dump_stack_lvl+0x16c/0x1f0 [ 284.443046][ T9011] should_fail_ex+0x512/0x640 [ 284.443083][ T9011] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 284.443118][ T9011] should_failslab+0xc2/0x120 [ 284.443150][ T9011] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 284.443187][ T9011] ? __alloc_skb+0x2b2/0x380 [ 284.443227][ T9011] __alloc_skb+0x2b2/0x380 [ 284.443263][ T9011] ? __pfx___alloc_skb+0x10/0x10 [ 284.443300][ T9011] ? __lock_acquire+0x62e/0x1ce0 [ 284.443341][ T9011] alloc_skb_with_frags+0xe0/0x860 [ 284.443372][ T9011] sock_alloc_send_pskb+0x7fb/0x990 [ 284.443416][ T9011] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 284.443451][ T9011] ? ip6_finish_output2+0xb30/0x2020 [ 284.443493][ T9011] __ip6_append_data+0x2a98/0x4750 [ 284.443529][ T9011] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 284.443577][ T9011] ? __pfx___ip6_append_data+0x10/0x10 [ 284.443606][ T9011] ? __pfx_ip6_mtu+0x10/0x10 [ 284.443629][ T9011] ? ip6_setup_cork+0xc51/0x1530 [ 284.443661][ T9011] ip6_make_skb+0x2c8/0x3f0 [ 284.443692][ T9011] ? ip6_dst_check+0x343/0x950 [ 284.443716][ T9011] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 284.443753][ T9011] ? __pfx_ip6_make_skb+0x10/0x10 [ 284.443787][ T9011] ? find_held_lock+0x2b/0x80 [ 284.443820][ T9011] ? sk_dst_check+0x1da/0x540 [ 284.443859][ T9011] ? udpv6_sendmsg+0x235c/0x2d20 [ 284.443880][ T9011] udpv6_sendmsg+0x235c/0x2d20 [ 284.443902][ T9011] ? aa_label_sk_perm+0x195/0x600 [ 284.443934][ T9011] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 284.443982][ T9011] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 284.444031][ T9011] ? __pfx___might_resched+0x10/0x10 [ 284.444056][ T9011] ? __lock_acquire+0xb97/0x1ce0 [ 284.444103][ T9011] ? iovec_from_user+0xbb/0x140 [ 284.444139][ T9011] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 284.444176][ T9011] ? inet6_sendmsg+0x105/0x140 [ 284.444201][ T9011] inet6_sendmsg+0x105/0x140 [ 284.444231][ T9011] ____sys_sendmsg+0x705/0xc70 [ 284.444262][ T9011] ? copy_msghdr_from_user+0x10a/0x160 [ 284.444301][ T9011] ? __pfx_____sys_sendmsg+0x10/0x10 [ 284.444336][ T9011] ? kfree+0x24f/0x4d0 [ 284.444361][ T9011] ? futex_unqueue+0x133/0x2c0 [ 284.444398][ T9011] ___sys_sendmsg+0x134/0x1d0 [ 284.444437][ T9011] ? __pfx____sys_sendmsg+0x10/0x10 [ 284.444506][ T9011] ? __pfx___might_resched+0x10/0x10 [ 284.444537][ T9011] __sys_sendmmsg+0x200/0x420 [ 284.444578][ T9011] ? __pfx___sys_sendmmsg+0x10/0x10 [ 284.444626][ T9011] ? __pfx_do_futex+0x10/0x10 [ 284.444672][ T9011] ? fput+0x9b/0xd0 [ 284.444708][ T9011] ? xfd_validate_state+0x61/0x180 [ 284.444744][ T9011] ? __pfx_ksys_write+0x10/0x10 [ 284.444780][ T9011] __x64_sys_sendmmsg+0x9c/0x100 [ 284.444817][ T9011] ? lockdep_hardirqs_on+0x7c/0x110 [ 284.444853][ T9011] do_syscall_64+0xcd/0x4c0 [ 284.444879][ T9011] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.444905][ T9011] RIP: 0033:0x7f067b38eec9 [ 284.444926][ T9011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.444951][ T9011] RSP: 002b:00007f067c1b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 284.444976][ T9011] RAX: ffffffffffffffda RBX: 00007f067b5e6090 RCX: 00007f067b38eec9 [ 284.444994][ T9011] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 284.445010][ T9011] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 284.445026][ T9011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 284.445042][ T9011] R13: 00007f067b5e6128 R14: 00007f067b5e6090 R15: 00007fff1ebdf8c8 [ 284.445077][ T9011] [ 285.746875][ T8402] Bluetooth: hci3: unexpected subevent 0x12 length: 123 > 5 [ 286.011879][ T9033] netlink: 4 bytes leftover after parsing attributes in process `syz.2.713'. [ 286.969888][ T9051] netlink: 4 bytes leftover after parsing attributes in process `syz.2.719'. [ 287.282135][ T9058] netlink: 'syz.1.720': attribute type 1 has an invalid length. [ 288.008298][ T9068] netlink: 'syz.0.723': attribute type 1 has an invalid length. [ 288.411401][ T8402] Bluetooth: hci2: unexpected subevent 0x12 length: 123 > 5 [ 289.613332][ T9105] netlink: 4 bytes leftover after parsing attributes in process `syz.0.732'. [ 290.693280][ T8402] Bluetooth: hci0: unexpected subevent 0x12 length: 123 > 5 [ 290.915305][ T9139] netlink: 'syz.1.741': attribute type 1 has an invalid length. [ 290.955702][ T9139] net_ratelimit: 308 callbacks suppressed [ 290.955718][ T9139] netlink: zone id is out of range [ 290.978530][ T9139] netlink: zone id is out of range [ 290.983656][ T9139] netlink: zone id is out of range [ 291.133558][ T9139] netlink: zone id is out of range [ 291.322610][ T9139] netlink: zone id is out of range [ 291.339304][ T9139] netlink: zone id is out of range [ 291.360024][ T9139] netlink: zone id is out of range [ 291.403913][ T9139] netlink: zone id is out of range [ 291.467140][ T9139] netlink: zone id is out of range [ 291.472963][ T9139] netlink: zone id is out of range [ 291.507217][ T9119] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 292.279549][ T9155] FAULT_INJECTION: forcing a failure. [ 292.279549][ T9155] name failslab, interval 1, probability 0, space 0, times 0 [ 292.306970][ T9155] CPU: 1 UID: 0 PID: 9155 Comm: syz.0.743 Not tainted syzkaller #0 PREEMPT(full) [ 292.307007][ T9155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 292.307024][ T9155] Call Trace: [ 292.307033][ T9155] [ 292.307042][ T9155] dump_stack_lvl+0x16c/0x1f0 [ 292.307081][ T9155] should_fail_ex+0x512/0x640 [ 292.307117][ T9155] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 292.307151][ T9155] should_failslab+0xc2/0x120 [ 292.307177][ T9155] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 292.307204][ T9155] ? __alloc_skb+0x2b2/0x380 [ 292.307243][ T9155] __alloc_skb+0x2b2/0x380 [ 292.307285][ T9155] ? __pfx___alloc_skb+0x10/0x10 [ 292.307323][ T9155] ? __lock_acquire+0x62e/0x1ce0 [ 292.307366][ T9155] alloc_skb_with_frags+0xe0/0x860 [ 292.307401][ T9155] sock_alloc_send_pskb+0x7fb/0x990 [ 292.307447][ T9155] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 292.307482][ T9155] ? ip6_finish_output2+0xb30/0x2020 [ 292.307529][ T9155] __ip6_append_data+0x2a98/0x4750 [ 292.307570][ T9155] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 292.307624][ T9155] ? __pfx___ip6_append_data+0x10/0x10 [ 292.307659][ T9155] ? __pfx_ip6_mtu+0x10/0x10 [ 292.307686][ T9155] ? ip6_setup_cork+0xc51/0x1530 [ 292.307723][ T9155] ip6_make_skb+0x2c8/0x3f0 [ 292.307759][ T9155] ? ip6_dst_check+0x343/0x950 [ 292.307786][ T9155] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 292.307826][ T9155] ? __pfx_ip6_make_skb+0x10/0x10 [ 292.307859][ T9155] ? find_held_lock+0x2b/0x80 [ 292.307894][ T9155] ? sk_dst_check+0x1da/0x540 [ 292.307935][ T9155] ? udpv6_sendmsg+0x235c/0x2d20 [ 292.307958][ T9155] udpv6_sendmsg+0x235c/0x2d20 [ 292.307984][ T9155] ? aa_label_sk_perm+0x195/0x600 [ 292.308016][ T9155] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 292.308070][ T9155] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 292.308114][ T9155] ? __pfx___might_resched+0x10/0x10 [ 292.308137][ T9155] ? __lock_acquire+0xb97/0x1ce0 [ 292.308180][ T9155] ? iovec_from_user+0xbb/0x140 [ 292.308215][ T9155] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 292.308243][ T9155] ? inet6_sendmsg+0x105/0x140 [ 292.308274][ T9155] inet6_sendmsg+0x105/0x140 [ 292.308303][ T9155] ____sys_sendmsg+0x705/0xc70 [ 292.308333][ T9155] ? copy_msghdr_from_user+0x10a/0x160 [ 292.308370][ T9155] ? __pfx_____sys_sendmsg+0x10/0x10 [ 292.308404][ T9155] ? kfree+0x24f/0x4d0 [ 292.308428][ T9155] ? futex_unqueue+0x133/0x2c0 [ 292.308463][ T9155] ___sys_sendmsg+0x134/0x1d0 [ 292.308502][ T9155] ? __pfx____sys_sendmsg+0x10/0x10 [ 292.308566][ T9155] ? __pfx___might_resched+0x10/0x10 [ 292.308597][ T9155] __sys_sendmmsg+0x200/0x420 [ 292.308638][ T9155] ? __pfx___sys_sendmmsg+0x10/0x10 [ 292.308683][ T9155] ? __pfx_do_futex+0x10/0x10 [ 292.308723][ T9155] ? fput+0x9b/0xd0 [ 292.308755][ T9155] ? xfd_validate_state+0x61/0x180 [ 292.308790][ T9155] ? __pfx_ksys_write+0x10/0x10 [ 292.308826][ T9155] __x64_sys_sendmmsg+0x9c/0x100 [ 292.308863][ T9155] ? lockdep_hardirqs_on+0x7c/0x110 [ 292.308898][ T9155] do_syscall_64+0xcd/0x4c0 [ 292.308924][ T9155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.308951][ T9155] RIP: 0033:0x7f067b38eec9 [ 292.308972][ T9155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.308996][ T9155] RSP: 002b:00007f067c1b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 292.309021][ T9155] RAX: ffffffffffffffda RBX: 00007f067b5e6090 RCX: 00007f067b38eec9 [ 292.309039][ T9155] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 292.309054][ T9155] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 292.309070][ T9155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 292.309085][ T9155] R13: 00007f067b5e6128 R14: 00007f067b5e6090 R15: 00007fff1ebdf8c8 [ 292.309120][ T9155] [ 292.753999][ T9165] netlink: 268 bytes leftover after parsing attributes in process `syz.2.747'. [ 292.790884][ T9162] netlink: 4 bytes leftover after parsing attributes in process `syz.3.745'. [ 293.084706][ T9177] netlink: 'syz.1.749': attribute type 1 has an invalid length. [ 293.421193][ T9183] netlink: 20 bytes leftover after parsing attributes in process `syz.0.751'. [ 295.234819][ T9216] netlink: 4 bytes leftover after parsing attributes in process `syz.0.760'. [ 295.245156][ T9225] netlink: 'syz.3.762': attribute type 1 has an invalid length. [ 295.598317][ T9228] FAULT_INJECTION: forcing a failure. [ 295.598317][ T9228] name failslab, interval 1, probability 0, space 0, times 0 [ 295.613534][ T8402] Bluetooth: hci2: unexpected event 0x01 length: 5 > 1 [ 295.621300][ T9228] CPU: 1 UID: 0 PID: 9228 Comm: syz.0.760 Not tainted syzkaller #0 PREEMPT(full) [ 295.621337][ T9228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 295.621351][ T9228] Call Trace: [ 295.621359][ T9228] [ 295.621368][ T9228] dump_stack_lvl+0x16c/0x1f0 [ 295.621411][ T9228] should_fail_ex+0x512/0x640 [ 295.621446][ T9228] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 295.621479][ T9228] should_failslab+0xc2/0x120 [ 295.621514][ T9228] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 295.621547][ T9228] ? __pfx_apparmor_file_open+0x10/0x10 [ 295.621577][ T9228] ? proc_reg_open+0x23f/0x5f0 [ 295.621618][ T9228] proc_reg_open+0x23f/0x5f0 [ 295.621655][ T9228] do_dentry_open+0x982/0x1530 [ 295.621687][ T9228] ? __pfx_proc_reg_open+0x10/0x10 [ 295.621728][ T9228] vfs_open+0x82/0x3f0 [ 295.621769][ T9228] path_openat+0x1de4/0x2cb0 [ 295.621811][ T9228] ? __pfx_path_openat+0x10/0x10 [ 295.621851][ T9228] do_filp_open+0x20b/0x470 [ 295.621883][ T9228] ? __pfx_do_filp_open+0x10/0x10 [ 295.621940][ T9228] ? alloc_fd+0x471/0x7d0 [ 295.621976][ T9228] do_sys_openat2+0x11b/0x1d0 [ 295.622020][ T9228] ? __pfx_do_sys_openat2+0x10/0x10 [ 295.622057][ T9228] ? find_held_lock+0x2b/0x80 [ 295.622084][ T9228] ? handle_mm_fault+0x2ab/0xd10 [ 295.622120][ T9228] __x64_sys_openat+0x174/0x210 [ 295.622145][ T9228] ? __pfx___x64_sys_openat+0x10/0x10 [ 295.622184][ T9228] do_syscall_64+0xcd/0x4c0 [ 295.622209][ T9228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.622243][ T9228] RIP: 0033:0x7f067b38eec9 [ 295.622263][ T9228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.622291][ T9228] RSP: 002b:00007f067c190038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 295.622316][ T9228] RAX: ffffffffffffffda RBX: 00007f067b5e6180 RCX: 00007f067b38eec9 [ 295.622334][ T9228] RDX: 0000000000040001 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 295.622351][ T9228] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 295.622368][ T9228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.622383][ T9228] R13: 00007f067b5e6218 R14: 00007f067b5e6180 R15: 00007fff1ebdf8c8 [ 295.622419][ T9228] [ 296.131636][ T9234] FAULT_INJECTION: forcing a failure. [ 296.131636][ T9234] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 296.248316][ T9234] CPU: 0 UID: 0 PID: 9234 Comm: syz.3.764 Not tainted syzkaller #0 PREEMPT(full) [ 296.248353][ T9234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 296.248366][ T9234] Call Trace: [ 296.248374][ T9234] [ 296.248383][ T9234] dump_stack_lvl+0x16c/0x1f0 [ 296.248421][ T9234] should_fail_ex+0x512/0x640 [ 296.248464][ T9234] should_fail_alloc_page+0xe7/0x130 [ 296.248497][ T9234] prepare_alloc_pages+0x3c2/0x610 [ 296.248538][ T9234] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 296.248571][ T9234] ? stack_trace_save+0x8e/0xc0 [ 296.248598][ T9234] ? __pfx_stack_trace_save+0x10/0x10 [ 296.248623][ T9234] ? rcu_is_watching+0x12/0xc0 [ 296.248648][ T9234] ? stack_depot_save_flags+0x29/0x9c0 [ 296.248691][ T9234] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 296.248716][ T9234] ? __kasan_slab_alloc+0x89/0x90 [ 296.248740][ T9234] ? __pmd_alloc+0xbf/0x930 [ 296.248771][ T9234] ? handle_mm_fault+0x589/0xd10 [ 296.248790][ T9234] ? do_user_addr_fault+0x7a6/0x1370 [ 296.248822][ T9234] ? exc_page_fault+0x5c/0xb0 [ 296.248852][ T9234] ? asm_exc_page_fault+0x26/0x30 [ 296.248875][ T9234] ? rep_movs_alternative+0x4a/0x90 [ 296.248908][ T9234] ? _copy_from_iter+0x383/0x1720 [ 296.248938][ T9234] ? netlink_sendmsg+0x829/0xdd0 [ 296.248977][ T9234] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.249010][ T9234] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 296.249051][ T9234] ? policy_nodemask+0xea/0x4e0 [ 296.249086][ T9234] alloc_pages_mpol+0x1fb/0x550 [ 296.249119][ T9234] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 296.249160][ T9234] alloc_pages_noprof+0x131/0x390 [ 296.249192][ T9234] pte_alloc_one+0x1c/0x3a0 [ 296.249218][ T9234] do_pte_missing+0x1afc/0x3ba0 [ 296.249245][ T9234] ? do_raw_spin_unlock+0x172/0x230 [ 296.249283][ T9234] ? __pmd_alloc+0x3fb/0x930 [ 296.249321][ T9234] __handle_mm_fault+0x152a/0x2a50 [ 296.249348][ T9234] ? mt_find+0x3ef/0xa30 [ 296.249373][ T9234] ? __pfx___handle_mm_fault+0x10/0x10 [ 296.249396][ T9234] ? __pfx_mt_find+0x10/0x10 [ 296.249438][ T9234] ? find_vma+0xbf/0x140 [ 296.249467][ T9234] ? __pfx_find_vma+0x10/0x10 [ 296.249502][ T9234] handle_mm_fault+0x589/0xd10 [ 296.249529][ T9234] ? trace_raw_output_exceptions+0x131/0x150 [ 296.249568][ T9234] do_user_addr_fault+0x7a6/0x1370 [ 296.249607][ T9234] ? rcu_is_watching+0x12/0xc0 [ 296.249635][ T9234] exc_page_fault+0x5c/0xb0 [ 296.249670][ T9234] asm_exc_page_fault+0x26/0x30 [ 296.249692][ T9234] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 296.249721][ T9234] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 296.249743][ T9234] RSP: 0018:ffffc9001aa1f7d0 EFLAGS: 00050206 [ 296.249763][ T9234] RAX: 0000000000000001 RBX: 00000000000000c4 RCX: 00000000000000c4 [ 296.249778][ T9234] RDX: ffffed100d289b59 RSI: 0000000000000000 RDI: ffff88806944da00 [ 296.249794][ T9234] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100d289b58 [ 296.249808][ T9234] R10: ffff88806944dac3 R11: 0000000000000000 R12: ffffc9001aa1fd60 [ 296.249824][ T9234] R13: 00000000000000c4 R14: ffff88806944da00 R15: 00007ffffffff000 [ 296.249864][ T9234] _copy_from_iter+0x383/0x1720 [ 296.249894][ T9234] ? __alloc_skb+0x200/0x380 [ 296.249933][ T9234] ? __pfx__copy_from_iter+0x10/0x10 [ 296.249962][ T9234] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 296.250003][ T9234] ? __lock_acquire+0xb97/0x1ce0 [ 296.250047][ T9234] netlink_sendmsg+0x829/0xdd0 [ 296.250089][ T9234] ? __pfx_netlink_sendmsg+0x10/0x10 [ 296.250134][ T9234] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 296.250167][ T9234] ____sys_sendmsg+0xa95/0xc70 [ 296.250203][ T9234] ? copy_msghdr_from_user+0x10a/0x160 [ 296.250237][ T9234] ? __pfx_____sys_sendmsg+0x10/0x10 [ 296.250271][ T9234] ? __pfx__kstrtoull+0x10/0x10 [ 296.250310][ T9234] ___sys_sendmsg+0x134/0x1d0 [ 296.250347][ T9234] ? __pfx____sys_sendmsg+0x10/0x10 [ 296.250400][ T9234] ? find_held_lock+0x2b/0x80 [ 296.250448][ T9234] __sys_sendmmsg+0x200/0x420 [ 296.250488][ T9234] ? __pfx___sys_sendmmsg+0x10/0x10 [ 296.250535][ T9234] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 296.250586][ T9234] ? fput+0x9b/0xd0 [ 296.250619][ T9234] ? ksys_write+0x1ac/0x250 [ 296.250646][ T9234] ? __pfx_ksys_write+0x10/0x10 [ 296.250680][ T9234] __x64_sys_sendmmsg+0x9c/0x100 [ 296.250731][ T9234] ? lockdep_hardirqs_on+0x7c/0x110 [ 296.250764][ T9234] do_syscall_64+0xcd/0x4c0 [ 296.250789][ T9234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.250812][ T9234] RIP: 0033:0x7fc1c498eec9 [ 296.250831][ T9234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.250853][ T9234] RSP: 002b:00007fc1c2bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 296.250879][ T9234] RAX: ffffffffffffffda RBX: 00007fc1c4be5fa0 RCX: 00007fc1c498eec9 [ 296.250895][ T9234] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 296.250910][ T9234] RBP: 00007fc1c2bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 296.250931][ T9234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 296.250944][ T9234] R13: 00007fc1c4be6038 R14: 00007fc1c4be5fa0 R15: 00007fff73101118 [ 296.250982][ T9234] [ 297.524510][ T8402] Bluetooth: hci1: unexpected subevent 0x12 length: 123 > 5 [ 298.290333][ T9265] netlink: 4 bytes leftover after parsing attributes in process `syz.3.774'. [ 298.802197][ T9272] FAULT_INJECTION: forcing a failure. [ 298.802197][ T9272] name failslab, interval 1, probability 0, space 0, times 0 [ 298.815802][ T9272] CPU: 0 UID: 0 PID: 9272 Comm: syz.3.774 Not tainted syzkaller #0 PREEMPT(full) [ 298.815837][ T9272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 298.815849][ T9272] Call Trace: [ 298.815857][ T9272] [ 298.815865][ T9272] dump_stack_lvl+0x16c/0x1f0 [ 298.815902][ T9272] should_fail_ex+0x512/0x640 [ 298.815939][ T9272] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 298.815973][ T9272] should_failslab+0xc2/0x120 [ 298.816006][ T9272] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 298.816034][ T9272] ? __alloc_skb+0x2b2/0x380 [ 298.816073][ T9272] __alloc_skb+0x2b2/0x380 [ 298.816106][ T9272] ? __pfx___alloc_skb+0x10/0x10 [ 298.816141][ T9272] ? __lock_acquire+0x62e/0x1ce0 [ 298.816179][ T9272] alloc_skb_with_frags+0xe0/0x860 [ 298.816209][ T9272] sock_alloc_send_pskb+0x7fb/0x990 [ 298.816250][ T9272] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 298.816284][ T9272] ? ip6_finish_output2+0xb30/0x2020 [ 298.816328][ T9272] __ip6_append_data+0x2a98/0x4750 [ 298.816368][ T9272] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 298.816422][ T9272] ? __pfx___ip6_append_data+0x10/0x10 [ 298.816457][ T9272] ? __pfx_ip6_mtu+0x10/0x10 [ 298.816482][ T9272] ? ip6_setup_cork+0xc51/0x1530 [ 298.816517][ T9272] ip6_make_skb+0x2c8/0x3f0 [ 298.816548][ T9272] ? ip6_dst_check+0x343/0x950 [ 298.816570][ T9272] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 298.816609][ T9272] ? __pfx_ip6_make_skb+0x10/0x10 [ 298.816652][ T9272] ? find_held_lock+0x2b/0x80 [ 298.816687][ T9272] ? sk_dst_check+0x1da/0x540 [ 298.816730][ T9272] ? udpv6_sendmsg+0x235c/0x2d20 [ 298.816755][ T9272] udpv6_sendmsg+0x235c/0x2d20 [ 298.816783][ T9272] ? aa_label_sk_perm+0x195/0x600 [ 298.816815][ T9272] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 298.816861][ T9272] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 298.816902][ T9272] ? __pfx___might_resched+0x10/0x10 [ 298.816926][ T9272] ? __lock_acquire+0xb97/0x1ce0 [ 298.816969][ T9272] ? iovec_from_user+0xbb/0x140 [ 298.817000][ T9272] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 298.817026][ T9272] ? inet6_sendmsg+0x105/0x140 [ 298.817047][ T9272] inet6_sendmsg+0x105/0x140 [ 298.817072][ T9272] ____sys_sendmsg+0x705/0xc70 [ 298.817097][ T9272] ? copy_msghdr_from_user+0x10a/0x160 [ 298.817132][ T9272] ? __pfx_____sys_sendmsg+0x10/0x10 [ 298.817164][ T9272] ? kfree+0x24f/0x4d0 [ 298.817187][ T9272] ? futex_unqueue+0x133/0x2c0 [ 298.817221][ T9272] ___sys_sendmsg+0x134/0x1d0 [ 298.817258][ T9272] ? __pfx____sys_sendmsg+0x10/0x10 [ 298.817333][ T9272] ? __pfx___might_resched+0x10/0x10 [ 298.817369][ T9272] __sys_sendmmsg+0x200/0x420 [ 298.817413][ T9272] ? __pfx___sys_sendmmsg+0x10/0x10 [ 298.817470][ T9272] ? __pfx_do_futex+0x10/0x10 [ 298.817518][ T9272] ? fput+0x9b/0xd0 [ 298.817555][ T9272] ? xfd_validate_state+0x61/0x180 [ 298.817590][ T9272] ? __pfx_ksys_write+0x10/0x10 [ 298.817626][ T9272] __x64_sys_sendmmsg+0x9c/0x100 [ 298.817673][ T9272] ? lockdep_hardirqs_on+0x7c/0x110 [ 298.817712][ T9272] do_syscall_64+0xcd/0x4c0 [ 298.817738][ T9272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.817765][ T9272] RIP: 0033:0x7fc1c498eec9 [ 298.817786][ T9272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.817811][ T9272] RSP: 002b:00007fc1c2bb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 298.817836][ T9272] RAX: ffffffffffffffda RBX: 00007fc1c4be6180 RCX: 00007fc1c498eec9 [ 298.817853][ T9272] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 298.817869][ T9272] RBP: 00007fc1c4a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 298.817884][ T9272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 298.817899][ T9272] R13: 00007fc1c4be6218 R14: 00007fc1c4be6180 R15: 00007fff73101118 [ 298.817934][ T9272] [ 300.721994][ T9302] FAULT_INJECTION: forcing a failure. [ 300.721994][ T9302] name failslab, interval 1, probability 0, space 0, times 0 [ 300.739668][ T9302] CPU: 1 UID: 0 PID: 9302 Comm: syz.0.781 Not tainted syzkaller #0 PREEMPT(full) [ 300.739703][ T9302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 300.739719][ T9302] Call Trace: [ 300.739728][ T9302] [ 300.739738][ T9302] dump_stack_lvl+0x16c/0x1f0 [ 300.739784][ T9302] should_fail_ex+0x512/0x640 [ 300.739821][ T9302] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 300.739859][ T9302] should_failslab+0xc2/0x120 [ 300.739892][ T9302] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 300.739926][ T9302] ? __alloc_skb+0x2b2/0x380 [ 300.739966][ T9302] __alloc_skb+0x2b2/0x380 [ 300.740000][ T9302] ? __pfx___alloc_skb+0x10/0x10 [ 300.740039][ T9302] ? __lock_acquire+0x62e/0x1ce0 [ 300.740080][ T9302] alloc_skb_with_frags+0xe0/0x860 [ 300.740115][ T9302] sock_alloc_send_pskb+0x7fb/0x990 [ 300.740162][ T9302] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 300.740199][ T9302] ? ip6_finish_output2+0xb30/0x2020 [ 300.740245][ T9302] __ip6_append_data+0x2a98/0x4750 [ 300.740281][ T9302] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 300.740331][ T9302] ? __pfx___ip6_append_data+0x10/0x10 [ 300.740374][ T9302] ? __pfx_ip6_mtu+0x10/0x10 [ 300.740401][ T9302] ? ip6_setup_cork+0xc51/0x1530 [ 300.740435][ T9302] ip6_make_skb+0x2c8/0x3f0 [ 300.740470][ T9302] ? ip6_dst_check+0x343/0x950 [ 300.740497][ T9302] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 300.740535][ T9302] ? __pfx_ip6_make_skb+0x10/0x10 [ 300.740569][ T9302] ? find_held_lock+0x2b/0x80 [ 300.740601][ T9302] ? sk_dst_check+0x1da/0x540 [ 300.740641][ T9302] ? udpv6_sendmsg+0x235c/0x2d20 [ 300.740664][ T9302] udpv6_sendmsg+0x235c/0x2d20 [ 300.740689][ T9302] ? aa_label_sk_perm+0x195/0x600 [ 300.740722][ T9302] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 300.740772][ T9302] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 300.740821][ T9302] ? __pfx___might_resched+0x10/0x10 [ 300.740846][ T9302] ? __lock_acquire+0xb97/0x1ce0 [ 300.740887][ T9302] ? iovec_from_user+0xbb/0x140 [ 300.740920][ T9302] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 300.740945][ T9302] ? inet6_sendmsg+0x105/0x140 [ 300.740967][ T9302] inet6_sendmsg+0x105/0x140 [ 300.740992][ T9302] ____sys_sendmsg+0x705/0xc70 [ 300.741018][ T9302] ? copy_msghdr_from_user+0x10a/0x160 [ 300.741052][ T9302] ? __pfx_____sys_sendmsg+0x10/0x10 [ 300.741086][ T9302] ? kfree+0x24f/0x4d0 [ 300.741112][ T9302] ? futex_unqueue+0x133/0x2c0 [ 300.741147][ T9302] ___sys_sendmsg+0x134/0x1d0 [ 300.741189][ T9302] ? __pfx____sys_sendmsg+0x10/0x10 [ 300.741251][ T9302] ? __pfx___might_resched+0x10/0x10 [ 300.741284][ T9302] __sys_sendmmsg+0x200/0x420 [ 300.741321][ T9302] ? __pfx___sys_sendmmsg+0x10/0x10 [ 300.741378][ T9302] ? __pfx_do_futex+0x10/0x10 [ 300.741425][ T9302] ? fput+0x9b/0xd0 [ 300.741462][ T9302] ? xfd_validate_state+0x61/0x180 [ 300.741494][ T9302] ? __pfx_ksys_write+0x10/0x10 [ 300.741527][ T9302] __x64_sys_sendmmsg+0x9c/0x100 [ 300.741564][ T9302] ? lockdep_hardirqs_on+0x7c/0x110 [ 300.741599][ T9302] do_syscall_64+0xcd/0x4c0 [ 300.741622][ T9302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.741646][ T9302] RIP: 0033:0x7f067b38eec9 [ 300.741666][ T9302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.741690][ T9302] RSP: 002b:00007f067c1b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 300.741712][ T9302] RAX: ffffffffffffffda RBX: 00007f067b5e6090 RCX: 00007f067b38eec9 [ 300.741727][ T9302] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 300.741743][ T9302] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 300.741758][ T9302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 300.741771][ T9302] R13: 00007f067b5e6128 R14: 00007f067b5e6090 R15: 00007fff1ebdf8c8 [ 300.741806][ T9302] [ 301.138847][ T8402] Bluetooth: hci1: unexpected subevent 0x12 length: 123 > 5 [ 303.138440][ T9370] netlink: 'syz.0.793': attribute type 1 has an invalid length. [ 304.060956][ T9378] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 304.119692][ T9394] net_ratelimit: 96 callbacks suppressed [ 304.119705][ T9394] Dead loop on virtual device ip6_vti0, fix it urgently! [ 304.134599][ T9394] Dead loop on virtual device ip6_vti0, fix it urgently! [ 304.143963][ T9394] Dead loop on virtual device ip6_vti0, fix it urgently! [ 304.152153][ T9394] Dead loop on virtual device ip6_vti0, fix it urgently! [ 304.160700][ T9394] Dead loop on virtual device ip6_vti0, fix it urgently! [ 304.169494][ T9394] Dead loop on virtual device ip6_vti0, fix it urgently! [ 304.368294][ T9394] Dead loop on virtual device ip6_vti0, fix it urgently! [ 305.201260][ T9413] netlink: 4 bytes leftover after parsing attributes in process `syz.1.808'. [ 305.240474][ T9409] FAULT_INJECTION: forcing a failure. [ 305.240474][ T9409] name failslab, interval 1, probability 0, space 0, times 0 [ 305.264898][ T9409] CPU: 1 UID: 0 PID: 9409 Comm: syz.0.806 Not tainted syzkaller #0 PREEMPT(full) [ 305.264933][ T9409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 305.264948][ T9409] Call Trace: [ 305.264956][ T9409] [ 305.264965][ T9409] dump_stack_lvl+0x16c/0x1f0 [ 305.265010][ T9409] should_fail_ex+0x512/0x640 [ 305.265048][ T9409] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 305.265083][ T9409] should_failslab+0xc2/0x120 [ 305.265116][ T9409] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 305.265147][ T9409] ? __alloc_skb+0x2b2/0x380 [ 305.265188][ T9409] __alloc_skb+0x2b2/0x380 [ 305.265221][ T9409] ? __pfx___alloc_skb+0x10/0x10 [ 305.265259][ T9409] ? __lock_acquire+0x62e/0x1ce0 [ 305.265299][ T9409] alloc_skb_with_frags+0xe0/0x860 [ 305.265334][ T9409] sock_alloc_send_pskb+0x7fb/0x990 [ 305.265381][ T9409] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 305.265416][ T9409] ? ip6_finish_output2+0xb30/0x2020 [ 305.265464][ T9409] __ip6_append_data+0x2a98/0x4750 [ 305.265506][ T9409] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 305.265562][ T9409] ? __pfx___ip6_append_data+0x10/0x10 [ 305.265594][ T9409] ? __pfx_ip6_mtu+0x10/0x10 [ 305.265620][ T9409] ? ip6_setup_cork+0xc51/0x1530 [ 305.265657][ T9409] ip6_make_skb+0x2c8/0x3f0 [ 305.265693][ T9409] ? ip6_dst_check+0x343/0x950 [ 305.265720][ T9409] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 305.265762][ T9409] ? __pfx_ip6_make_skb+0x10/0x10 [ 305.265797][ T9409] ? find_held_lock+0x2b/0x80 [ 305.265832][ T9409] ? sk_dst_check+0x1da/0x540 [ 305.265882][ T9409] ? udpv6_sendmsg+0x235c/0x2d20 [ 305.265907][ T9409] udpv6_sendmsg+0x235c/0x2d20 [ 305.265934][ T9409] ? aa_label_sk_perm+0x195/0x600 [ 305.265968][ T9409] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 305.266019][ T9409] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 305.266069][ T9409] ? __pfx___might_resched+0x10/0x10 [ 305.266095][ T9409] ? __lock_acquire+0xb97/0x1ce0 [ 305.266140][ T9409] ? iovec_from_user+0xbb/0x140 [ 305.266176][ T9409] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 305.266204][ T9409] ? inet6_sendmsg+0x105/0x140 [ 305.266229][ T9409] inet6_sendmsg+0x105/0x140 [ 305.266257][ T9409] ____sys_sendmsg+0x705/0xc70 [ 305.266286][ T9409] ? copy_msghdr_from_user+0x10a/0x160 [ 305.266324][ T9409] ? __pfx_____sys_sendmsg+0x10/0x10 [ 305.266358][ T9409] ? kfree+0x24f/0x4d0 [ 305.266390][ T9409] ___sys_sendmsg+0x134/0x1d0 [ 305.266430][ T9409] ? __pfx____sys_sendmsg+0x10/0x10 [ 305.266500][ T9409] ? __pfx___might_resched+0x10/0x10 [ 305.266534][ T9409] __sys_sendmmsg+0x200/0x420 [ 305.266577][ T9409] ? __pfx___sys_sendmmsg+0x10/0x10 [ 305.266626][ T9409] ? __pfx_do_futex+0x10/0x10 [ 305.266673][ T9409] ? fput+0x9b/0xd0 [ 305.266710][ T9409] ? xfd_validate_state+0x61/0x180 [ 305.266745][ T9409] ? __pfx_ksys_write+0x10/0x10 [ 305.266780][ T9409] __x64_sys_sendmmsg+0x9c/0x100 [ 305.266818][ T9409] ? lockdep_hardirqs_on+0x7c/0x110 [ 305.266854][ T9409] do_syscall_64+0xcd/0x4c0 [ 305.266887][ T9409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.266913][ T9409] RIP: 0033:0x7f067b38eec9 [ 305.266935][ T9409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.266960][ T9409] RSP: 002b:00007f067c190038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 305.266984][ T9409] RAX: ffffffffffffffda RBX: 00007f067b5e6180 RCX: 00007f067b38eec9 [ 305.267002][ T9409] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 305.267018][ T9409] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 305.267034][ T9409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 305.267050][ T9409] R13: 00007f067b5e6218 R14: 00007f067b5e6180 R15: 00007fff1ebdf8c8 [ 305.267086][ T9409] [ 305.627109][ C1] vkms_vblank_simulate: vblank timer overrun [ 305.780525][ T9419] netlink: 'syz.3.809': attribute type 1 has an invalid length. [ 305.790686][ T9419] netlink: zone id is out of range [ 305.795800][ T9419] netlink: zone id is out of range [ 305.800944][ T9419] netlink: zone id is out of range [ 306.843344][ T9444] netlink: 'syz.3.816': attribute type 1 has an invalid length. [ 307.490632][ T9452] netlink: 4 bytes leftover after parsing attributes in process `syz.0.818'. [ 307.893800][ T9468] netlink: 'syz.1.822': attribute type 1 has an invalid length. [ 308.350746][ T9478] netlink: 8 bytes leftover after parsing attributes in process `syz.0.825'. [ 309.771134][ T9489] netlink: 330 bytes leftover after parsing attributes in process `syz.3.827'. [ 310.103094][ T9499] netlink: 'syz.1.830': attribute type 1 has an invalid length. [ 310.609134][ T9511] program syz.3.832 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 311.623453][ T8402] Bluetooth: hci1: unexpected subevent 0x12 length: 123 > 5 [ 312.091497][ T9532] netlink: 'syz.0.838': attribute type 1 has an invalid length. [ 312.295390][ T9532] net_ratelimit: 218 callbacks suppressed [ 312.295413][ T9532] netlink: zone id is out of range [ 312.322607][ T9532] netlink: zone id is out of range [ 312.355168][ T9532] netlink: zone id is out of range [ 312.408868][ T9532] netlink: zone id is out of range [ 312.482482][ T9532] netlink: zone id is out of range [ 312.523230][ T9532] netlink: zone id is out of range [ 312.532074][ T9532] netlink: zone id is out of range [ 312.671474][ T9532] netlink: zone id is out of range [ 312.686358][ T9532] netlink: zone id is out of range [ 312.732019][ T9532] netlink: zone id is out of range [ 313.214474][ T8402] Bluetooth: hci3: unexpected subevent 0x12 length: 123 > 5 [ 313.228328][ T9548] FAULT_INJECTION: forcing a failure. [ 313.228328][ T9548] name failslab, interval 1, probability 0, space 0, times 0 [ 313.338456][ T9548] CPU: 0 UID: 0 PID: 9548 Comm: syz.3.840 Not tainted syzkaller #0 PREEMPT(full) [ 313.338496][ T9548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 313.338512][ T9548] Call Trace: [ 313.338521][ T9548] [ 313.338531][ T9548] dump_stack_lvl+0x16c/0x1f0 [ 313.338578][ T9548] should_fail_ex+0x512/0x640 [ 313.338612][ T9548] ? fs_reclaim_acquire+0xae/0x150 [ 313.338652][ T9548] should_failslab+0xc2/0x120 [ 313.338688][ T9548] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 313.338722][ T9548] ? security_inode_alloc+0x3b/0x2b0 [ 313.338754][ T9548] security_inode_alloc+0x3b/0x2b0 [ 313.338784][ T9548] inode_init_always_gfp+0xce4/0x1030 [ 313.338819][ T9548] alloc_inode+0x86/0x240 [ 313.338854][ T9548] new_inode+0x22/0x1c0 [ 313.338886][ T9548] ? proc_lookup_de+0x201/0x360 [ 313.338926][ T9548] proc_get_inode+0x1d/0x780 [ 313.338962][ T9548] proc_lookup_de+0x236/0x360 [ 313.339004][ T9548] proc_lookup+0xcf/0x110 [ 313.339041][ T9548] proc_root_lookup+0x3b/0x70 [ 313.339077][ T9548] __lookup_slow+0x24e/0x460 [ 313.339116][ T9548] ? __pfx___lookup_slow+0x10/0x10 [ 313.339178][ T9548] ? lookup_fast+0x156/0x610 [ 313.339209][ T9548] walk_component+0x353/0x5b0 [ 313.339239][ T9548] link_path_walk+0x627/0xe20 [ 313.339280][ T9548] path_openat+0x1b0/0x2cb0 [ 313.339316][ T9548] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.339358][ T9548] ? __pfx_path_openat+0x10/0x10 [ 313.339400][ T9548] do_filp_open+0x20b/0x470 [ 313.339432][ T9548] ? __pfx_do_filp_open+0x10/0x10 [ 313.339486][ T9548] ? alloc_fd+0x471/0x7d0 [ 313.339525][ T9548] do_sys_openat2+0x11b/0x1d0 [ 313.339564][ T9548] ? __pfx_do_sys_openat2+0x10/0x10 [ 313.339599][ T9548] ? find_held_lock+0x2b/0x80 [ 313.339627][ T9548] ? handle_mm_fault+0x2ab/0xd10 [ 313.339663][ T9548] __x64_sys_openat+0x174/0x210 [ 313.339688][ T9548] ? __pfx___x64_sys_openat+0x10/0x10 [ 313.339727][ T9548] do_syscall_64+0xcd/0x4c0 [ 313.339754][ T9548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.339780][ T9548] RIP: 0033:0x7fc1c498eec9 [ 313.339802][ T9548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.339827][ T9548] RSP: 002b:00007fc1c2791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 313.339852][ T9548] RAX: ffffffffffffffda RBX: 00007fc1c4be6270 RCX: 00007fc1c498eec9 [ 313.339870][ T9548] RDX: 0000000000040001 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 313.339888][ T9548] RBP: 00007fc1c4a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 313.339904][ T9548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 313.339929][ T9548] R13: 00007fc1c4be6308 R14: 00007fc1c4be6270 R15: 00007fff73101118 [ 313.339966][ T9548] [ 314.389384][ T9559] netlink: 4 bytes leftover after parsing attributes in process `syz.0.847'. [ 314.711041][ T9559] FAULT_INJECTION: forcing a failure. [ 314.711041][ T9559] name failslab, interval 1, probability 0, space 0, times 0 [ 314.724680][ T9559] CPU: 1 UID: 0 PID: 9559 Comm: syz.0.847 Not tainted syzkaller #0 PREEMPT(full) [ 314.724714][ T9559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 314.724731][ T9559] Call Trace: [ 314.724739][ T9559] [ 314.724748][ T9559] dump_stack_lvl+0x16c/0x1f0 [ 314.724793][ T9559] should_fail_ex+0x512/0x640 [ 314.724831][ T9559] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 314.724866][ T9559] should_failslab+0xc2/0x120 [ 314.724898][ T9559] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 314.724929][ T9559] ? __alloc_skb+0x2b2/0x380 [ 314.724978][ T9559] __alloc_skb+0x2b2/0x380 [ 314.725014][ T9559] ? __pfx___alloc_skb+0x10/0x10 [ 314.725052][ T9559] ? __lock_acquire+0x62e/0x1ce0 [ 314.725093][ T9559] alloc_skb_with_frags+0xe0/0x860 [ 314.725129][ T9559] sock_alloc_send_pskb+0x7fb/0x990 [ 314.725177][ T9559] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 314.725212][ T9559] ? ip6_finish_output2+0xb30/0x2020 [ 314.725260][ T9559] __ip6_append_data+0x2a98/0x4750 [ 314.725301][ T9559] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 314.725357][ T9559] ? __pfx___ip6_append_data+0x10/0x10 [ 314.725391][ T9559] ? __pfx_ip6_mtu+0x10/0x10 [ 314.725418][ T9559] ? ip6_setup_cork+0xc51/0x1530 [ 314.725455][ T9559] ip6_make_skb+0x2c8/0x3f0 [ 314.725490][ T9559] ? ip6_dst_check+0x343/0x950 [ 314.725519][ T9559] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 314.725560][ T9559] ? __pfx_ip6_make_skb+0x10/0x10 [ 314.725595][ T9559] ? find_held_lock+0x2b/0x80 [ 314.725629][ T9559] ? sk_dst_check+0x1da/0x540 [ 314.725671][ T9559] ? udpv6_sendmsg+0x235c/0x2d20 [ 314.725694][ T9559] udpv6_sendmsg+0x235c/0x2d20 [ 314.725720][ T9559] ? aa_label_sk_perm+0x195/0x600 [ 314.725753][ T9559] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 314.725803][ T9559] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 314.725853][ T9559] ? __pfx___might_resched+0x10/0x10 [ 314.725878][ T9559] ? __lock_acquire+0xb97/0x1ce0 [ 314.725924][ T9559] ? iovec_from_user+0xbb/0x140 [ 314.725968][ T9559] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 314.725998][ T9559] ? inet6_sendmsg+0x105/0x140 [ 314.726023][ T9559] inet6_sendmsg+0x105/0x140 [ 314.726053][ T9559] ____sys_sendmsg+0x705/0xc70 [ 314.726084][ T9559] ? copy_msghdr_from_user+0x10a/0x160 [ 314.726121][ T9559] ? __pfx_____sys_sendmsg+0x10/0x10 [ 314.726155][ T9559] ? kfree+0x24f/0x4d0 [ 314.726180][ T9559] ? futex_unqueue+0x133/0x2c0 [ 314.726216][ T9559] ___sys_sendmsg+0x134/0x1d0 [ 314.726255][ T9559] ? __pfx____sys_sendmsg+0x10/0x10 [ 314.726326][ T9559] ? __pfx___might_resched+0x10/0x10 [ 314.726360][ T9559] __sys_sendmmsg+0x200/0x420 [ 314.726402][ T9559] ? __pfx___sys_sendmmsg+0x10/0x10 [ 314.726451][ T9559] ? __pfx_do_futex+0x10/0x10 [ 314.726498][ T9559] ? fput+0x9b/0xd0 [ 314.726534][ T9559] ? xfd_validate_state+0x61/0x180 [ 314.726570][ T9559] ? __pfx_ksys_write+0x10/0x10 [ 314.726606][ T9559] __x64_sys_sendmmsg+0x9c/0x100 [ 314.726643][ T9559] ? lockdep_hardirqs_on+0x7c/0x110 [ 314.726679][ T9559] do_syscall_64+0xcd/0x4c0 [ 314.726705][ T9559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.726730][ T9559] RIP: 0033:0x7f067b38eec9 [ 314.726752][ T9559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.726777][ T9559] RSP: 002b:00007f067c1d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 314.726802][ T9559] RAX: ffffffffffffffda RBX: 00007f067b5e5fa0 RCX: 00007f067b38eec9 [ 314.726821][ T9559] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 314.726836][ T9559] RBP: 00007f067b411f91 R08: 0000000000000000 R09: 0000000000000000 [ 314.726853][ T9559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 314.726869][ T9559] R13: 00007f067b5e6038 R14: 00007f067b5e5fa0 R15: 00007fff1ebdf8c8 [ 314.726905][ T9559] [ 315.562963][ T9588] netlink: 'syz.2.853': attribute type 1 has an invalid length. [ 316.019755][ T8402] Bluetooth: hci3: unexpected subevent 0x12 length: 123 > 5 [ 316.437245][ T9600] cougar: G6 mapped to space [ 316.600507][ T9606] netlink: 'syz.2.859': attribute type 1 has an invalid length. [ 316.709662][ T9608] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 317.186761][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.196391][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.761610][ T9628] random: crng reseeded on system resumption [ 318.768008][ T9628] FAULT_INJECTION: forcing a failure. [ 318.768008][ T9628] name failslab, interval 1, probability 0, space 0, times 0 [ 318.783741][ T9628] CPU: 0 UID: 0 PID: 9628 Comm: syz.3.867 Not tainted syzkaller #0 PREEMPT(full) [ 318.783773][ T9628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 318.783789][ T9628] Call Trace: [ 318.783796][ T9628] [ 318.783806][ T9628] dump_stack_lvl+0x16c/0x1f0 [ 318.783851][ T9628] should_fail_ex+0x512/0x640 [ 318.783894][ T9628] should_failslab+0xc2/0x120 [ 318.783928][ T9628] __kmalloc_cache_noprof+0x6a/0x3e0 [ 318.783954][ T9628] ? do_raw_spin_lock+0x12c/0x2b0 [ 318.783990][ T9628] ? find_held_lock+0x2b/0x80 [ 318.784012][ T9628] ? async_schedule_node_domain+0x54/0x120 [ 318.784042][ T9628] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 318.784078][ T9628] async_schedule_node_domain+0x54/0x120 [ 318.784114][ T9628] dev_cache_fw_image+0x38e/0x490 [ 318.784150][ T9628] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 318.784190][ T9628] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 318.784222][ T9628] dpm_for_each_dev+0x5d/0xb0 [ 318.784251][ T9628] fw_pm_notify+0x81/0x150 [ 318.784280][ T9628] notifier_call_chain+0xb9/0x410 [ 318.784310][ T9628] ? __pfx_fw_pm_notify+0x10/0x10 [ 318.784350][ T9628] blocking_notifier_call_chain_robust+0xc8/0x160 [ 318.784387][ T9628] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 318.784436][ T9628] pm_notifier_call_chain_robust+0x27/0x60 [ 318.784471][ T9628] snapshot_open+0x218/0x2b0 [ 318.784501][ T9628] ? __pfx_snapshot_open+0x10/0x10 [ 318.784542][ T9628] misc_open+0x35a/0x420 [ 318.784575][ T9628] ? __pfx_misc_open+0x10/0x10 [ 318.784605][ T9628] chrdev_open+0x234/0x6a0 [ 318.784638][ T9628] ? __pfx_apparmor_file_open+0x10/0x10 [ 318.784667][ T9628] ? __pfx_chrdev_open+0x10/0x10 [ 318.784701][ T9628] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 318.784737][ T9628] do_dentry_open+0x982/0x1530 [ 318.784768][ T9628] ? __pfx_chrdev_open+0x10/0x10 [ 318.784807][ T9628] vfs_open+0x82/0x3f0 [ 318.784848][ T9628] path_openat+0x1de4/0x2cb0 [ 318.784886][ T9628] ? __pfx_path_openat+0x10/0x10 [ 318.784922][ T9628] do_filp_open+0x20b/0x470 [ 318.784951][ T9628] ? __pfx_do_filp_open+0x10/0x10 [ 318.785001][ T9628] ? alloc_fd+0x471/0x7d0 [ 318.785039][ T9628] do_sys_openat2+0x11b/0x1d0 [ 318.785074][ T9628] ? __pfx_do_sys_openat2+0x10/0x10 [ 318.785124][ T9628] __x64_sys_openat+0x174/0x210 [ 318.785148][ T9628] ? __pfx___x64_sys_openat+0x10/0x10 [ 318.785188][ T9628] do_syscall_64+0xcd/0x4c0 [ 318.785213][ T9628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.785239][ T9628] RIP: 0033:0x7fc1c498eec9 [ 318.785260][ T9628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.785285][ T9628] RSP: 002b:00007fc1c2bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 318.785309][ T9628] RAX: ffffffffffffffda RBX: 00007fc1c4be5fa0 RCX: 00007fc1c498eec9 [ 318.785325][ T9628] RDX: 0000000000080643 RSI: 0000200000001940 RDI: ffffffffffffff9c [ 318.785341][ T9628] RBP: 00007fc1c4a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 318.785356][ T9628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 318.785372][ T9628] R13: 00007fc1c4be6038 R14: 00007fc1c4be5fa0 R15: 00007fff73101118 [ 318.785406][ T9628] [ 319.103725][ T9631] netlink: 'syz.1.866': attribute type 1 has an invalid length. [ 319.116048][ T9628] [ 319.118414][ T9628] ============================================ [ 319.124572][ T9628] WARNING: possible recursive locking detected [ 319.130723][ T9628] syzkaller #0 Not tainted [ 319.135130][ T9628] -------------------------------------------- [ 319.141267][ T9628] syz.3.867/9628 is trying to acquire lock: [ 319.147145][ T9628] ffffffff8f51dc68 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x4e/0x640 [ 319.155071][ T9628] [ 319.155071][ T9628] but task is already holding lock: [ 319.162422][ T9628] ffffffff8f51dc68 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 319.170613][ T9628] [ 319.170613][ T9628] other info that might help us debug this: [ 319.178653][ T9628] Possible unsafe locking scenario: [ 319.178653][ T9628] [ 319.186084][ T9628] CPU0 [ 319.189866][ T9628] ---- [ 319.193127][ T9628] lock(fw_lock); [ 319.196839][ T9628] lock(fw_lock); [ 319.201109][ T9628] [ 319.201109][ T9628] *** DEADLOCK *** [ 319.201109][ T9628] [ 319.209674][ T9628] May be due to missing lock nesting notation [ 319.209674][ T9628] [ 319.217979][ T9628] 5 locks held by syz.3.867/9628: [ 319.222995][ T9628] #0: ffffffff8f3080e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420 [ 319.231456][ T9628] #1: ffffffff8e484b88 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 [ 319.241835][ T9628] #2: ffffffff8e4c4ff0 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160 [ 319.253684][ T9628] #3: ffffffff8f51dc68 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 319.262313][ T9628] #4: ffffffff8f518668 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 319.271653][ T9628] [ 319.271653][ T9628] stack backtrace: [ 319.277533][ T9628] CPU: 0 UID: 0 PID: 9628 Comm: syz.3.867 Not tainted syzkaller #0 PREEMPT(full) [ 319.277560][ T9628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 319.277572][ T9628] Call Trace: [ 319.277581][ T9628] [ 319.277589][ T9628] dump_stack_lvl+0x116/0x1f0 [ 319.277622][ T9628] print_deadlock_bug+0x1e9/0x240 [ 319.277654][ T9628] __lock_acquire+0x1133/0x1ce0 [ 319.277682][ T9628] ? kasan_save_track+0x14/0x30 [ 319.277708][ T9628] lock_acquire+0x179/0x350 [ 319.277732][ T9628] ? assign_fw+0x4e/0x640 [ 319.277758][ T9628] ? __pfx___might_resched+0x10/0x10 [ 319.277779][ T9628] ? path_openat+0x1de4/0x2cb0 [ 319.277801][ T9628] ? do_filp_open+0x20b/0x470 [ 319.277822][ T9628] ? do_sys_openat2+0x11b/0x1d0 [ 319.277854][ T9628] ? assign_fw+0x4e/0x640 [ 319.277878][ T9628] __mutex_lock+0x193/0x1060 [ 319.277895][ T9628] ? assign_fw+0x4e/0x640 [ 319.277923][ T9628] ? __pfx___mutex_lock+0x10/0x10 [ 319.277957][ T9628] ? kasan_quarantine_put+0x10a/0x240 [ 319.277980][ T9628] ? lockdep_hardirqs_on+0x7c/0x110 [ 319.278010][ T9628] ? assign_fw+0x4e/0x640 [ 319.278034][ T9628] assign_fw+0x4e/0x640 [ 319.278057][ T9628] ? _request_firmware+0x957/0x1470 [ 319.278084][ T9628] _request_firmware+0x988/0x1470 [ 319.278115][ T9628] ? __pfx__request_firmware+0x10/0x10 [ 319.278143][ T9628] ? dump_stack_lvl+0x1a3/0x1f0 [ 319.278173][ T9628] __async_dev_cache_fw_image+0xb1/0x340 [ 319.278201][ T9628] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 319.278230][ T9628] ? mark_held_locks+0x49/0x80 [ 319.278254][ T9628] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 319.278282][ T9628] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 319.278311][ T9628] async_schedule_node_domain+0xd4/0x120 [ 319.278336][ T9628] dev_cache_fw_image+0x38e/0x490 [ 319.278362][ T9628] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 319.278389][ T9628] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 319.278416][ T9628] dpm_for_each_dev+0x5d/0xb0 [ 319.278440][ T9628] fw_pm_notify+0x81/0x150 [ 319.278463][ T9628] notifier_call_chain+0xb9/0x410 [ 319.278489][ T9628] ? __pfx_fw_pm_notify+0x10/0x10 [ 319.278515][ T9628] blocking_notifier_call_chain_robust+0xc8/0x160 [ 319.278543][ T9628] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 319.278575][ T9628] pm_notifier_call_chain_robust+0x27/0x60 [ 319.278603][ T9628] snapshot_open+0x218/0x2b0 [ 319.278626][ T9628] ? __pfx_snapshot_open+0x10/0x10 [ 319.278656][ T9628] misc_open+0x35a/0x420 [ 319.278681][ T9628] ? __pfx_misc_open+0x10/0x10 [ 319.278704][ T9628] chrdev_open+0x234/0x6a0 [ 319.278730][ T9628] ? __pfx_apparmor_file_open+0x10/0x10 [ 319.278753][ T9628] ? __pfx_chrdev_open+0x10/0x10 [ 319.278779][ T9628] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 319.278805][ T9628] do_dentry_open+0x982/0x1530 [ 319.278829][ T9628] ? __pfx_chrdev_open+0x10/0x10 [ 319.278857][ T9628] vfs_open+0x82/0x3f0 [ 319.278887][ T9628] path_openat+0x1de4/0x2cb0 [ 319.278914][ T9628] ? __pfx_path_openat+0x10/0x10 [ 319.278940][ T9628] do_filp_open+0x20b/0x470 [ 319.278964][ T9628] ? __pfx_do_filp_open+0x10/0x10 [ 319.278996][ T9628] ? alloc_fd+0x471/0x7d0 [ 319.279021][ T9628] do_sys_openat2+0x11b/0x1d0 [ 319.279050][ T9628] ? __pfx_do_sys_openat2+0x10/0x10 [ 319.279085][ T9628] __x64_sys_openat+0x174/0x210 [ 319.279103][ T9628] ? __pfx___x64_sys_openat+0x10/0x10 [ 319.279126][ T9628] do_syscall_64+0xcd/0x4c0 [ 319.279145][ T9628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.279166][ T9628] RIP: 0033:0x7fc1c498eec9 [ 319.279183][ T9628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.279203][ T9628] RSP: 002b:00007fc1c2bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 319.279222][ T9628] RAX: ffffffffffffffda RBX: 00007fc1c4be5fa0 RCX: 00007fc1c498eec9 [ 319.279236][ T9628] RDX: 0000000000080643 RSI: 0000200000001940 RDI: ffffffffffffff9c [ 319.279250][ T9628] RBP: 00007fc1c4a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 319.279263][ T9628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 319.279275][ T9628] R13: 00007fc1c4be6038 R14: 00007fc1c4be5fa0 R15: 00007fff73101118 [ 319.279295][ T9628] [ 319.734821][ T9631] net_ratelimit: 202 callbacks suppressed [ 319.734842][ T9631] netlink: zone id is out of range [ 319.746084][ T9631] netlink: zone id is out of range [ 319.751202][ T9631] netlink: zone id is out of range [ 319.756355][ T9631] netlink: zone id is out of range [ 319.761555][ T9631] netlink: zone id is out of range [ 319.767390][ T9631] netlink: zone id is out of range [ 319.772548][ T9631] netlink: zone id is out of range [ 319.778008][ T9631] netlink: zone id is out of range [ 319.783105][ T9631] netlink: zone id is out of range [ 319.789710][ T9631] netlink: zone id is out of range