last executing test programs: 2m9.52475154s ago: executing program 1 (id=1017): write$auto(0x3, 0x0, 0xfffffdef) 2m9.206389514s ago: executing program 1 (id=1018): prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x9) copy_file_range$auto(r1, 0x0, r1, 0x0, 0x2, 0x0) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfff, 0x1, 0x5, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x42, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r2, 0xc0686611, &(0x7f0000000200)={0x7ff, 0xfffffffffffffffe, 0xfffffffffffffffb, 0x0, 0x8, 0x8001, 0x3, 0x9, 0x0, 0x200, 0xe21f, 0x80000000, 0x2000009, 0x7, 0x10000001000}) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x4e, 0x1, 0x0, 0x1, 0x0) 2m8.068011746s ago: executing program 1 (id=1023): mmap$auto(0x0, 0x2020009, 0x3, 0x4000000000000eb1, 0xfffffffffffffffa, 0x7ff) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) write$auto(0xffffffffffffffff, 0x0, 0x45c) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), r2) fadvise64$auto(0xffffffffffffffff, 0x7fffffffffffffff, 0x400000040000005, 0x7af) write$auto(0xca, &(0x7f0000000000)='\x04\x1d\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4Cn\xb2./jn>9\xd2\xdb\x88\xf4\x1aVj\x13j\xe1\x96\xf7\xc2\xd3qm\xe6q\xf9\xa6u\x8eZ\x00\xf8*C]\xfd)/\xf3\xa1\x92|\x06|\xd0\x82\x93\xa5\x9a5if\xd0\x8e%g,\xc5\xec\xef\x87\x19\x17\xb0\xe1s\xf6U\xc0\x90r\xc5\xc8H\xa3\x9d\xce\x98\xe7\xb1B:\x179\xdc8\xa8) \x15\xce\xd8\x86\xff-\x80\xf5jMj\xda\x8f\x03EO\xe6\xa4Q\x81+v\xc9\xb8\x00\xcf\x94_\xa7\xadV\xc9\x7f;1R\xa0\x7f\xbe\x1e\x83\an/w[i\th\x9c\xb8\xd1\xed\xba\\\v\xe1\v\x81\xcc\xba\x03-N@ \x14\x1e\n\xe9g\x9fF\x05\xc8\x9f\xe5[\xba\xd2V\x9b\xc1\x9f\xf1%\x9c\xba\xf9\xb4\xa8\xd4\x05G\xf6\x82\xf3m\xe6V\xba\xa0\xf9K\x15\xcc_H\xce\xfd\xe2\x88\"\xe0\xd5Ld\x7f\x1c\x90^\x8d%\xb4', 0xd) mmap$auto(0x0, 0x8d, 0x40004000000000df, 0xeb3, 0x401, 0x7) pwrite64$auto(0x2, 0x0, 0x0, 0x5) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ifb0/flags\x00', 0x140b02, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0x10000000000002d, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x5) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r5, r5, 0x0, 0x1000200) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1842, 0x0) write$auto(r3, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) 2m7.724784882s ago: executing program 1 (id=1025): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) 2m7.205979524s ago: executing program 1 (id=1027): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xc00, 0x2c, 0x2c, 0x3, 0x2}) sysfs$auto(0x2, 0x0, 0x0) syz_genetlink_get_family_id$auto_psample(&(0x7f0000000040), r1) recvmmsg$auto(r1, &(0x7f0000000500)={{0x0, 0x4, 0x0, 0x5, 0x0, 0x2, 0x8}, 0xd1}, 0x10a, 0x8, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000002ac0), 0x1ff}, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/misc/userfaultfd/power/control\x00', 0x668000, 0x0) socket(0x2, 0x1, 0x106) ioctl$auto_SCSI_IOCTL_GET_IDLUN2(r1, 0x5382, &(0x7f00000002c0)="2023aa3b8a11942cf9fae0bf2ca907cd1910a3dacf56f742ff53aae49aabd00700c8acac61bd10a779f5b3e867b95d4f5a698773f30997a24e757a962868e6845e8c6362d445342a3718f7f42c8749a07401154ea06fce09442942b587aac7d8e5aa639304e308199eabefe8d5172cfe03f64f63a8929189a4ec71dfb31cc4322c49d662bdd54cc5e5b33561b0190e996d11af8662") socket(0x2, 0x1, 0x0) shutdown$auto(0x200000003, 0x2) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000180)=""/286, 0x11e) mmap$auto(0xfffffffffffffffc, 0x8, 0x8, 0x7fffffffffffffff, 0xffffffffffffffff, 0xfffffffffffffffd) ioctl$auto_SOUND_MIXER_READ_DEVMASK2(0xffffffffffffffff, 0x80044dfe, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x3ff, 0x0) mmap$auto(0x0, 0x40009, 0xe1, 0x1de, 0x7, 0x27fff) setfsgid$auto(0xee00) listen$auto(0x3, 0x3) 2m5.896481615s ago: executing program 1 (id=1031): r0 = socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x8001) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x21, 0x3, 0x9) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x4, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/fs/cifs/dfscache\x00', 0x0, 0x0) pread64$auto(r3, 0x0, 0x3, 0x6c2) r4 = ioctl$auto_TUNSETGROUP(r2, 0x400454ce, &(0x7f00000002c0)=0x401) close_range$auto(r0, r4, 0x7) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mincore$auto(0x1000, 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0xb0903, 0x0) 1m50.801811198s ago: executing program 32 (id=1031): r0 = socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x8001) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x21, 0x3, 0x9) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x4, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/fs/cifs/dfscache\x00', 0x0, 0x0) pread64$auto(r3, 0x0, 0x3, 0x6c2) r4 = ioctl$auto_TUNSETGROUP(r2, 0x400454ce, &(0x7f00000002c0)=0x401) close_range$auto(r0, r4, 0x7) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mincore$auto(0x1000, 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0xb0903, 0x0) 1m1.132374631s ago: executing program 4 (id=1196): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x5, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) r1 = io_uring_setup$auto(0x6, 0x0) pwrite64$auto(0xc8, 0x0, 0x4e, 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) bind$auto(0x3, 0x0, 0x6a) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) write$auto(0xffffffffffffffff, &(0x7f0000000040)=',\x00^\xa2\x02\x00\x05\x00\x00\x00\xd8l\x00\x00\x00\x00\x00\x00\xb2s\x83\xbd\xc5_%\xc1\xa3\xd0\x95Hq\xf4zG\x01[{\x17\x05I\xe0\xb1d)\x06z8L\xe6&[\xa9X6\x7f\xec\x94\xdal\xa1\xbb\x86\x9c\xc2\xef\x02\r9%\x06\xc5\'b%m_\x96A\"\xdd\xe40\xa7\xc3\x9ah\xf3B\xc2\xec\xf8\r\f[\xe5\x9dK\xe1\x99\x86\xfc\xac\x9f\x8a', 0x1000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183841, 0x0) sendmsg$auto_NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, 0x0, 0x24000000) write$auto(r2, 0x0, 0xc) close_range$auto(r1, 0xfffffffffffff000, 0x2) socket(0x2, 0x2, 0x1) mmap$auto(0x0, 0x9, 0xffffffff, 0x8000200008011, 0xffffffffffffffff, 0x8000) read$auto(0x3, 0x0, 0x80) write$auto(0x3, 0x0, 0xfffffdef) 1m0.066241746s ago: executing program 4 (id=1199): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) r0 = socket(0xa, 0x1, 0x100) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) open_by_handle_at$auto(0xffffff9c, 0xffffffffffffffff, 0x9658) socket(0x1e, 0x1, 0x5) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) process_mrelease$auto(0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) acct$auto(0x0) close_range$auto(0x2, 0x8, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto_CEC_RECEIVE(r2, 0xc0386106, &(0x7f0000000080)={0x2, 0x8, 0x1, 0x4f1330bf, 0x9, 0xffffff00, "b3b2551984016910823df347c47bd20e", 0x9, 0x6, 0x2, 0x5, 0x2, 0x6, 0x3}) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x200007, 0x19) write$auto_ftrace_subsystem_filter_fops_trace_events(r3, &(0x7f0000000280)="0e2242fbc6500f8cf4f9031dc001d621af4553d8546728786544ae1e5fbd3d2908ff4b0abb32ac61cffa0aebbc55eac9e23d5a4c08b65c9277dfc55a0e2ddfe0ad8630c9b0bb4eaf65b9ef1f1e8ec167b32a1f95e606d8b4ea65cf501a39e1054b58df5f41256e637fd8c59ddd4b8da4a679fbfc1f933336fb981083aa69ea0c97ced3dbdb9fb42625f9d41884511cb4eec89f3f6b777fa5c359094ad041e22559a7be44b51bd7786ed625ac30ee15a86f436a19eeb57dd76b529ef9831945866710700ee9f96ab8a527af2e41ffec13a593181f3246652a05b5833d828849d5cf39a88ab6e519edd74c08185f40", 0xee) 57.614308083s ago: executing program 4 (id=1202): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) select$auto(0x3, 0x0, 0x0, 0x0, 0x0) syslog$auto(0x2, 0x0, 0xcf) mmap$auto(0x0, 0x10001, 0x80003, 0x10011, 0xffffffffffffffff, 0x8000) write$auto(0xca, &(0x7f0000000040)='\x04>2\x0f\x00\x00\x96\x18am\xea\xf4\x1b\xf8', 0x7e) close_range$auto(0x2, 0x8, 0x0) shmget$auto(0x400, 0x10563, 0x568c12f2) sendmsg$auto_NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x24048800) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0xffffffffffffffff, 0x400008, 0xe0, 0x9b72, 0xffffffffffffffff, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, 0x38) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0xfbe1) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000001300), 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) shmdt$auto(&(0x7f0000000000)=':-h!/-^@(\']@%]/\x00') mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) 55.999591637s ago: executing program 4 (id=1205): mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) socket(0x15, 0x5, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x5, 0x1) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x80, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0) mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r1 = socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(r1, 0x10000000084, 0x19, 0x0, 0x8) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd2/queue/io_timeout\x00', 0x129882, 0x0) sendfile$auto(r2, r2, 0x0, 0x8) 54.296753522s ago: executing program 4 (id=1210): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) sysfs$auto(0x2, 0x10000000000002a, 0x0) socket(0x27, 0x800, 0xa5) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r0, 0x4008af25, &(0x7f0000000000)=0x7) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r1, 0x27fff) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) socket(0x15, 0xa, 0x5) syz_clone(0x40000000, 0x0, 0x25, 0x0, 0x0, 0x0) ioperm$auto(0x3, 0x8001, 0x2000000000000149) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) 51.726500319s ago: executing program 4 (id=1214): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r0 = eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) r2 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(r2, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) write$auto(0x3, 0x0, 0x100082) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) 36.209950627s ago: executing program 33 (id=1214): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r0 = eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) r2 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(r2, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) write$auto(0x3, 0x0, 0x100082) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) 11.776121553s ago: executing program 3 (id=1280): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0xfffd, 0x8000, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sched_get_priority_min$auto(0x40) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x981e82, 0x0) socket(0x6, 0x2, 0x80000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x5f}, 0x1, 0x0, 0x0, 0x400c810}, 0x8800) sendmmsg$auto(0x3, 0x0, 0x2, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x0, &(0x7f0000000340)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0xfa, 0x80}, 0x96) r1 = openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x0, 0x0) preadv$auto(r1, &(0x7f0000000100)={&(0x7f00000001c0), 0x82}, 0x8, 0x6, 0x5) r2 = getpgid$auto(0x0) getpriority$auto_PRIO_PGRP(0x1, r2) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000b00), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000080)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x488cc}, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r3, &(0x7f0000000440)="671d2647dd69b6440843b6e6688a2b5ad9df2669e6f9cd2365", 0x19) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x18, 0x0) bpf$auto(0x7f, 0x0, 0x171) 11.751173233s ago: executing program 2 (id=1289): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x20000a, 0x4) prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1, 0x400000001, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x7f, 0x0) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x2, 0x1) 11.720190043s ago: executing program 5 (id=1283): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x8, 0x3a02, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x0, 0x0, 0x9, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x1f, 0x3, 0x400001) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[], 0x1ac}}, 0x4c041) r1 = socket(0xf, 0x5, 0xf) setsockopt$auto(r1, 0x6, 0xc, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x5) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nlbl_unlbl(0x0, r3) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r3, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10010}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=ANY=[], 0x1094}, 0x1, 0x0, 0x0, 0x4081}, 0xc000) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) pidfd_open$auto(0xffffffffffffffff, 0x5) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_clock\x00', 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000200)='/dev/audio1\x00', 0x20040, 0x0) fsopen$auto(0x0, 0x1) 10.326499282s ago: executing program 3 (id=1285): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51) socket(0xf, 0x3, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x9) copy_file_range$auto(r1, 0x0, r1, 0x0, 0x2, 0x0) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfff, 0x1, 0x5, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x42, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r2, 0xc0686611, &(0x7f0000000200)={0x7ff, 0xfffffffffffffffe, 0xfffffffffffffffb, 0x0, 0x8, 0x8001, 0x3, 0x9, 0x0, 0x200, 0xe21f, 0x80000000, 0x2000009, 0x7, 0x10000001000}) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x4e, 0x1, 0x0, 0x1, 0x0) 10.262580107s ago: executing program 2 (id=1286): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x3) socket$nl_generic(0x10, 0x3, 0x10) landlock_add_rule$auto(0xffffffffffffffff, 0x3, &(0x7f0000000140), 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) setfsgid$auto(0x9) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x5, 0x4) lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r1 = socket(0x11, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x8953, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x7ef) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usb9/9-0:1.0/ep_81/power/runtime_status\x00', 0x40040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/116, 0x74) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = io_uring_setup$auto(0x58, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), r3) r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/usbmon8\x00', 0x640, 0x0) read$auto_mon_fops_binary_mon_bin(r4, 0x0, 0x2f) ioctl$auto_MON_IOCG_STATS(r4, 0x80089203, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x1, 0x100) 10.187424367s ago: executing program 5 (id=1287): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r0, 0x0, 0x7ff, 0x400) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/ip6tnl0/bootp_relay\x00', 0x5014c0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) socket(0x23, 0x80805, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000) madvise$auto(0x0, 0x20200, 0x15) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) r3 = openat$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy3/netdev:wlan0/stations/08:02:11:00:00:01/rc_stats_csv\x00', 0x80, 0x0) read$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(r3, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 8.832826984s ago: executing program 2 (id=1288): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0) r0 = socket(0x1b, 0x3, 0x76) madvise$auto(0x0, 0x2000040080000004, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r4 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), r0) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[@ANYRESDEC=r1, @ANYBLOB="7e5a999322dcea1636da6970e84c42ec96a38586d50cf6599cd838edc2ed879dcfba767c2db982d07ac41217bcb51a278077826b443ef2458acf7304b9c384064d2975b127daebd77fcfbb8ed1f0ca84d20140a29cd720a17966780620609bb7ffb64b5548ece51a3781c2c33617e11323b9ce2d2ea935cc9fbeac3c4c72d49914619d90ee87ed117339e5489fd4b8707ca316df05880aee58670a10eeeface64c86502e1b1253e0211ee098a37056a3f8c760792be34db788c685f079c6c33ef518", @ANYRESHEX=r4, @ANYRES64=0x0, @ANYRES8=r3, @ANYRES8=r0], 0x1ac}}, 0x24048871) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)=ANY=[], 0xf5c}, 0x1, 0x0, 0x0, 0x4044055}, 0x20008811) recvmmsg$auto(r5, 0x0, 0x10c, 0x8, 0x0) readahead$auto(0xffffffffffffffff, 0xcc7f, 0x6) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HWSIM_CMD_GET_RADIO(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24044845}, 0x10) bpf$auto(0x7, &(0x7f0000000280)=@bpf_attr_7={@prog_id=0xffffffff, 0x8, 0x4, r2}, 0x90) socket(0x10, 0x5, 0x4) 8.810907625s ago: executing program 3 (id=1297): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x6, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) setsockopt$auto(0xffffffffffffffff, 0x9, 0x69ce, &(0x7f0000000040)='(%}[\x00', 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/tty/ptyqe/power/control\x00', 0xa0b02, 0x0) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/security/tomoyo/profile\x00', 0x48802, 0x0) read$auto(r2, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0x70) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) adjtimex$auto(0x0) 8.647162012s ago: executing program 5 (id=1290): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, 0x6) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r2, 0x0, 0x800003, 0x270) socket(0xf, 0x3, 0x2) madvise$auto_MADV_PAGEOUT(0xd, 0x8000, 0x15) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = open(&(0x7f0000000000)='./cgroup\x00', 0x400, 0x64) fchdir$auto(r4) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) umount2$auto(&(0x7f0000000000)='.\x00', 0x4) r5 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000100)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000001f, 0x2, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) symlinkat$auto(0x0, r5, 0x0) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, 0x0, 0x125200, 0x0) gettimeofday$auto(&(0x7f0000000080), &(0x7f00000000c0)={0x9, 0x6}) bpf$auto(0x0, 0x0, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0xc) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), r0) 8.646133116s ago: executing program 0 (id=1299): mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) connect$auto(0x3, &(0x7f0000000080)=@nl=@kern={0x10, 0x0, 0x0, 0x800000}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0xffffffffffffffff, 0xab07, 0xffffffffffffffff) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) keyctl$auto(0x1e, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1) setsockopt$auto(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x10000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) readv$auto(r2, &(0x7f0000000140)={&(0x7f0000000100)="c427412c2cbbfc4b16ed03797a7b7bf12a20d4489e6dc90cdc8d1826228dba8c7b9491", 0x489}, 0x1) connect$auto(0x3, &(0x7f00000000c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x3f) sync_file_range$auto(r1, 0x0, 0x8, 0xbeb) 6.096381176s ago: executing program 2 (id=1291): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xfffffffe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000000)=@in={0x2, 0x3, @multicast1}, 0x6a) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x23}}, 0x54) write$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_ovs_vport(0x0, r0) write$auto(0x3, 0x0, 0xfffffdf2) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda1\x00', 0xa4e00, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x14d142a943201126, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0x20000000000000d4, 0x1, 0x6, 0x0, 0x7, 0x368a, 0x20002, {0x100000000, 0x10000}, 0x5, 0x8, 0xfffffffffffffffd, 0xffff0003, 0x0, 0x1, 0x9, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x80c}) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000380), 0xffffffffffffffff) ioctl$auto(r1, 0xaccd, 0xffffffffffffffff) setresuid$auto(0x2, 0x7, 0x0) ioprio_set$auto(0x3, 0x0, 0x4b34) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r1, 0x8000) get_mempolicy$auto(0x0, 0x0, 0x3, 0x1ff, 0x3) write$auto(0xffffffffffffffff, 0x0, 0x81) connect$auto(0x3, 0x0, 0x55) 6.093950016s ago: executing program 5 (id=1292): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, 0x0, 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) modify_ldt$auto(0x1, 0x0, 0x10) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xa, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x20000003, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) sendfile$auto(r4, r4, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0x8, 0x16) ioctl$auto_BLKTRACESETUP32(r3, 0xc0401273, 0x0) madvise$auto(0x0, 0x200007, 0x19) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) close_range$auto(0x2, 0x8, 0x0) 6.09368327s ago: executing program 0 (id=1301): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) rt_tgsigqueueinfo$auto(0x3, 0x96, 0x3, &(0x7f0000000180)={@siginfo_0_0={0x80000000, 0x7, 0x8000, @_kill={0xffffffffffffffff}}}) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc2}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x2, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) r1 = prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/mem\x00', 0x10b201, 0x0) r3 = ioctl$auto_TUNSETVNETHDRSZ2(r0, 0x400454d8, &(0x7f00000001c0)=0xf) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r1) setsockopt$auto_SO_DEVMEM_DONTNEED(r3, 0x1, 0x50, &(0x7f0000000280)='$[\x00', 0x0) sendmsg$auto_NL80211_CMD_DEL_PMK(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x200, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_KEY_SEQ={0x7, 0xa, '3\v='}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc800}, 0x200488c5) mmap$auto(0x0, 0x2020009, 0x2000000000000081, 0xf8, 0xfffffffffffffffa, 0x8000) write$auto(r2, 0x0, 0x996) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000300), 0x4001, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) mmap$auto(0x0, 0x5810, 0xffb, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) execveat$auto(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x11000) 5.867001789s ago: executing program 0 (id=1293): prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) connect$auto(0x3, 0x0, 0x51) socket(0xf, 0x3, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x9) copy_file_range$auto(r1, 0x0, r1, 0x0, 0x2, 0x0) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfff, 0x1, 0x5, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x42, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r2, 0xc0686611, &(0x7f0000000200)={0x7ff, 0xfffffffffffffffe, 0xfffffffffffffffb, 0x0, 0x8, 0x8001, 0x3, 0x9, 0x0, 0x200, 0xe21f, 0x80000000, 0x2000009, 0x7, 0x10000001000}) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x4e, 0x1, 0x0, 0x1, 0x0) 4.389211776s ago: executing program 2 (id=1294): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x200408a4}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x40040) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000480)='/proc/self/maps\x00', 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x800, 0x2) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) get_mempolicy$auto(0x0, 0x0, 0x3, 0x1ff, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r4, 0x0, 0x0) sendmsg$auto_NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="20002bbd7000fedbdf25680000000c00311c0004008c0008002301000400000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20040041}, 0x8000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r5, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010023bd7000fadbdf2501000000040007800c00020005000000dd00000008000100232e0000", @ANYRESHEX=r3], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8880) 4.37956422s ago: executing program 0 (id=1305): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x5, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) io_uring_setup$auto(0x6, 0x0) pwrite64$auto(0xc8, 0x0, 0x4e, 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) mmap$auto(0x0, 0x9, 0xffffffff, 0x8000200008011, 0xffffffffffffffff, 0x8000) read$auto(0x3, 0x0, 0x80) write$auto(0x3, 0x0, 0xfffffdef) 3.10874551s ago: executing program 3 (id=1295): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r1 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$auto(r1, 0x400454ca, 0x38) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, r0, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, r0, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x6}, {0x7, 0xa, 0xf, 0x7fff, 0x3, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r3, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socket(0xa, 0x3, 0x3c) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r5, 0x5609, r4) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) ioctl$auto_NS_GET_PID_FROM_PIDNS(r3, 0x8004b706, &(0x7f0000000180)=0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xfffffffffffffe7f, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="000229bd0080fbdbdf350a0000000800fbffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x20000050}, 0x400c0) 2.898082647s ago: executing program 5 (id=1296): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x20000a, 0x4) prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1, 0x400000001, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x7f, 0x0) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x2, 0x1) 1.441328162s ago: executing program 5 (id=1298): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) r0 = socket(0xa, 0x1, 0x100) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) open_by_handle_at$auto(0xffffff9c, 0xffffffffffffffff, 0x9658) socket(0x1e, 0x1, 0x5) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) process_mrelease$auto(0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) acct$auto(0x0) close_range$auto(0x2, 0x8, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto_CEC_RECEIVE(r2, 0xc0386106, &(0x7f0000000080)={0x2, 0x8, 0x1, 0x4f1330bf, 0x9, 0xffffff00, "b3b2551984016910823df347c47bd20e", 0x9, 0x6, 0x2, 0x5, 0x2, 0x6, 0x3}) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x200007, 0x19) write$auto_ftrace_subsystem_filter_fops_trace_events(r3, &(0x7f0000000280)="0e2242fbc6500f8cf4f9031dc001d621af4553d8546728786544ae1e5fbd3d2908ff4b0abb32ac61cffa0aebbc55eac9e23d5a4c08b65c9277dfc55a0e2ddfe0ad8630c9b0bb4eaf65b9ef1f1e8ec167b32a1f95e606d8b4ea65cf501a39e1054b58df5f41256e637fd8c59ddd4b8da4a679fbfc1f933336fb981083aa69ea0c97ced3dbdb9fb42625f9d41884511cb4eec89f3f6b777fa5c359094ad041e22559a7be44b51bd7786ed625ac30ee15a86f436a19eeb57dd76b529ef9831945866710700ee9f96ab8a527af2e41ffec13a593181f3246652a05b5833d828849d5cf39a88ab6e519edd74c08185f40", 0xee) 1.440661124s ago: executing program 2 (id=1300): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) io_uring_setup$auto(0x1, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_STATUS322(r0, 0x806c4120, &(0x7f0000000100)={0x0, 0x6, 0x95d7, 0x7f, 0x3, 0x1, 0x9, 0x2, 0x2, 0x7, 0xb, 0x8, 0x100, 0x2, 0x40000003, 0x3ff, 0x400, 0x80000000, "0c1056e3480805f935e214e44f620fa9eba8238cacc3d9e6fc45cf541e509fc2457ae4ae"}) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r1, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) close_range$auto(0x2, 0x8, 0x40000000) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r2, 0xc0285629, r2) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) lsm_list_modules$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) 1.430574478s ago: executing program 3 (id=1302): prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51) socket(0xf, 0x3, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x9) copy_file_range$auto(r1, 0x0, r1, 0x0, 0x2, 0x0) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfff, 0x1, 0x5, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x42, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r2, 0xc0686611, &(0x7f0000000200)={0x7ff, 0xfffffffffffffffe, 0xfffffffffffffffb, 0x0, 0x8, 0x8001, 0x3, 0x9, 0x0, 0x200, 0xe21f, 0x80000000, 0x2000009, 0x7, 0x10000001000}) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x4e, 0x1, 0x0, 0x1, 0x0) 1.430010443s ago: executing program 0 (id=1309): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r1 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$auto(r1, 0x400454ca, 0x38) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, r0, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, r0, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x6}, {0x7, 0xa, 0xf, 0x7fff, 0x3, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r3, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socket(0xa, 0x3, 0x3c) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r5, 0x5609, r4) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) ioctl$auto_NS_GET_PID_FROM_PIDNS(r3, 0x8004b706, &(0x7f0000000180)=0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xfffffffffffffe7f, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="000229bd0080fbdbdf350a0000000800fbffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x20000050}, 0x400c0) 3.498117ms ago: executing program 0 (id=1303): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x35, 0x1, 0x4, 0x0, 0x0) r1 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0) mmap$auto(0x0, 0x20009, 0xe0, 0xeb1, 0xffffffffffffffff, 0x4) write$auto(r0, &(0x7f0000000080)='-/%\'\xef#\x00', 0x8000000000000001) readv$auto(r1, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r2, 0x560c, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000004180), r3) sendmsg$auto_OVS_VPORT_CMD_DEL(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f00000041c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010028bd7000fbdbdf25020000000800"/26, @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x80) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x4, 0x800, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000140)=ANY=[@ANYRES64=r4, @ANYRES32=r1, @ANYRES32=0x0, @ANYRESHEX=r5], 0xd4}}, 0x495) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xa901, 0x0) 0s ago: executing program 3 (id=1313): r0 = open(0x0, 0xd02, 0xc3) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xffff, 0x3, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) sendmsg$auto_NL80211_CMD_START_AP(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48010}, 0x20000800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x5, 0x0) getsockopt$auto(r0, 0x400002, 0x4, 0x0, &(0x7f00000001c0)=0x2) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd5, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0) pwrite64$auto(r1, &(0x7f0000000040)='.\'*&\x04!\x00', 0x1, 0x8) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/afs/servers\x00', 0x100, 0x0) kernel console output (not intermixed with test programs): .367166][ T6662] ? __pfx_setup_net+0x10/0x10 [ 167.367198][ T6662] ? debug_mutex_init+0x37/0x70 [ 167.367232][ T6662] copy_net_ns+0x2a6/0x5f0 [ 167.367269][ T6662] create_new_namespaces+0x3ea/0xa90 [ 167.367312][ T6662] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 167.367351][ T6662] ksys_unshare+0x45b/0xa40 [ 167.367394][ T6662] ? __pfx_ksys_unshare+0x10/0x10 [ 167.367436][ T6662] ? xfd_validate_state+0x61/0x180 [ 167.367498][ T6662] __x64_sys_unshare+0x31/0x40 [ 167.367539][ T6662] do_syscall_64+0xcd/0x490 [ 167.367593][ T6662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.367625][ T6662] RIP: 0033:0x7f5194b8e929 [ 167.367650][ T6662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.367679][ T6662] RSP: 002b:00007f5195a36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 167.367709][ T6662] RAX: ffffffffffffffda RBX: 00007f5194db5fa0 RCX: 00007f5194b8e929 [ 167.367730][ T6662] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 167.367748][ T6662] RBP: 00007f5194c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 167.367767][ T6662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.367785][ T6662] R13: 0000000000000000 R14: 00007f5194db5fa0 R15: 00007ffce0a31468 [ 167.367826][ T6662] [ 169.077434][ T5844] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 170.080243][ T6689] FAULT_INJECTION: forcing a failure. [ 170.080243][ T6689] name failslab, interval 1, probability 0, space 0, times 0 [ 170.111436][ T6689] CPU: 1 UID: 0 PID: 6689 Comm: syz.3.139 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 170.111477][ T6689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.111493][ T6689] Call Trace: [ 170.111502][ T6689] [ 170.111513][ T6689] dump_stack_lvl+0x16c/0x1f0 [ 170.111563][ T6689] should_fail_ex+0x512/0x640 [ 170.111605][ T6689] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 170.111651][ T6689] should_failslab+0xc2/0x120 [ 170.111679][ T6689] __kmalloc_cache_node_noprof+0x6d/0x420 [ 170.111741][ T6689] ? __alloc_disk_node+0x5a/0x630 [ 170.111793][ T6689] __alloc_disk_node+0x5a/0x630 [ 170.111842][ T6689] __blk_mq_alloc_disk+0x89/0x120 [ 170.111888][ T6689] loop_add+0x49e/0xb70 [ 170.111921][ T6689] ? do_vfs_ioctl+0x523/0x1a60 [ 170.111958][ T6689] ? __pfx_loop_add+0x10/0x10 [ 170.111999][ T6689] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 170.112061][ T6689] ? find_held_lock+0x2b/0x80 [ 170.112097][ T6689] loop_control_ioctl+0x13e/0x630 [ 170.112135][ T6689] ? __pfx_loop_control_ioctl+0x10/0x10 [ 170.112180][ T6689] ? __pfx_loop_control_ioctl+0x10/0x10 [ 170.112218][ T6689] __x64_sys_ioctl+0x18b/0x210 [ 170.112259][ T6689] do_syscall_64+0xcd/0x490 [ 170.112311][ T6689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.112343][ T6689] RIP: 0033:0x7f763bd8e929 [ 170.112367][ T6689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.112397][ T6689] RSP: 002b:00007f763cbef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 170.112425][ T6689] RAX: ffffffffffffffda RBX: 00007f763bfb5fa0 RCX: 00007f763bd8e929 [ 170.112445][ T6689] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000008 [ 170.112464][ T6689] RBP: 00007f763be10b39 R08: 0000000000000000 R09: 0000000000000000 [ 170.112483][ T6689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 170.112500][ T6689] R13: 0000000000000000 R14: 00007f763bfb5fa0 R15: 00007fff612e7528 [ 170.112539][ T6689] [ 171.925472][ T6715] random: crng reseeded on system resumption [ 172.473657][ T6718] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 172.689349][ T6719] process 'syz.3.144' launched './file0' with NULL argv: empty string added [ 173.019916][ T6694] kexec: Could not allocate control_code_buffer [ 175.566913][ T6755] Invalid ELF header magic: != ELF [ 175.851220][ T6755] net_ratelimit: 7 callbacks suppressed [ 175.851236][ T6755] netlink: zone id is out of range [ 175.868575][ T6755] netlink: zone id is out of range [ 175.875073][ T6755] netlink: zone id is out of range [ 175.887408][ T6755] netlink: zone id is out of range [ 175.895039][ T6755] netlink: zone id is out of range [ 177.114609][ T6761] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 177.145014][ T6761] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 177.179951][ T6761] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 177.235603][ T6761] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 178.103485][ T5844] Bluetooth: hci1: command 0x0c1a tx timeout [ 179.221521][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 179.227988][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 179.322063][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 181.592048][ T6830] netlink: 354 bytes leftover after parsing attributes in process `syz.1.163'. [ 182.276712][ T6842] netlink: 4 bytes leftover after parsing attributes in process `syz.0.167'. [ 182.749484][ T6846] FAULT_INJECTION: forcing a failure. [ 182.749484][ T6846] name failslab, interval 1, probability 0, space 0, times 0 [ 182.826678][ T6846] CPU: 0 UID: 0 PID: 6846 Comm: syz.0.168 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 182.826730][ T6846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.826747][ T6846] Call Trace: [ 182.826756][ T6846] [ 182.826768][ T6846] dump_stack_lvl+0x16c/0x1f0 [ 182.826810][ T6846] should_fail_ex+0x512/0x640 [ 182.826845][ T6846] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 182.826887][ T6846] should_failslab+0xc2/0x120 [ 182.826909][ T6846] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 182.826947][ T6846] ? __d_alloc+0x31/0xaa0 [ 182.826995][ T6846] __d_alloc+0x31/0xaa0 [ 182.827034][ T6846] d_alloc+0x4a/0x1e0 [ 182.827072][ T6846] d_alloc_parallel+0xe3/0x12e0 [ 182.827107][ T6846] ? find_held_lock+0x2b/0x80 [ 182.827131][ T6846] ? __pfx_d_alloc_parallel+0x10/0x10 [ 182.827161][ T6846] ? __d_lookup+0x266/0x4a0 [ 182.827195][ T6846] lookup_open.isra.0+0x665/0x1580 [ 182.827231][ T6846] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 182.827278][ T6846] ? mnt_get_write_access+0x20c/0x300 [ 182.827307][ T6846] path_openat+0x893/0x2cb0 [ 182.827351][ T6846] ? __pfx_path_openat+0x10/0x10 [ 182.827386][ T6846] ? __lock_acquire+0xb8a/0x1c90 [ 182.827420][ T6846] do_filp_open+0x20b/0x470 [ 182.827454][ T6846] ? __pfx_do_filp_open+0x10/0x10 [ 182.827509][ T6846] ? alloc_fd+0x471/0x7d0 [ 182.827548][ T6846] do_sys_openat2+0x11b/0x1d0 [ 182.827574][ T6846] ? __pfx_do_sys_openat2+0x10/0x10 [ 182.827611][ T6846] __x64_sys_openat+0x174/0x210 [ 182.827640][ T6846] ? __pfx___x64_sys_openat+0x10/0x10 [ 182.827678][ T6846] do_syscall_64+0xcd/0x490 [ 182.827716][ T6846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.827740][ T6846] RIP: 0033:0x7f5194b8e929 [ 182.827758][ T6846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.827781][ T6846] RSP: 002b:00007f5195a36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 182.827803][ T6846] RAX: ffffffffffffffda RBX: 00007f5194db5fa0 RCX: 00007f5194b8e929 [ 182.827818][ T6846] RDX: 0000000000001182 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 182.827833][ T6846] RBP: 00007f5194c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 182.827847][ T6846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.827861][ T6846] R13: 0000000000000000 R14: 00007f5194db5fa0 R15: 00007ffce0a31468 [ 182.827890][ T6846] [ 184.734452][ T6866] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 187.412435][ T30] audit: type=1804 audit(1750883140.968:5): pid=6901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.178" name="/newroot/45/file0" dev="tmpfs" ino=262 res=1 errno=0 [ 187.558959][ T30] audit: type=1800 audit(1750883140.968:6): pid=6901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.178" name="file0" dev="tmpfs" ino=262 res=0 errno=0 [ 191.224121][ T6941] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 191.234013][ T6941] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 191.240279][ T6941] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 191.246618][ T6941] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 191.960237][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 191.966743][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 191.985357][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 191.991998][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 192.021207][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 192.056178][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 192.078508][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 192.095559][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.147892][ T5844] Bluetooth: hci1: command 0x0c1a tx timeout [ 193.301314][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 193.307455][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 193.307471][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 193.419663][ T6976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.190'. [ 196.770687][ T7015] input: 00 [ 196.770687][ T7015] as /devices/virtual/input/input6 [ 196.779493][ T7015] FAULT_INJECTION: forcing a failure. [ 196.779493][ T7015] name failslab, interval 1, probability 0, space 0, times 0 [ 196.808803][ T7015] CPU: 1 UID: 0 PID: 7015 Comm: syz.1.198 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 196.808836][ T7015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 196.808850][ T7015] Call Trace: [ 196.808858][ T7015] [ 196.808866][ T7015] dump_stack_lvl+0x16c/0x1f0 [ 196.808906][ T7015] should_fail_ex+0x512/0x640 [ 196.808950][ T7015] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 196.808993][ T7015] should_failslab+0xc2/0x120 [ 196.809015][ T7015] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 196.809054][ T7015] ? kasprintf+0xc7/0x100 [ 196.809078][ T7015] kvasprintf+0xbc/0x160 [ 196.809098][ T7015] ? __pfx_kvasprintf+0x10/0x10 [ 196.809130][ T7015] kasprintf+0xc7/0x100 [ 196.809150][ T7015] ? __pfx_kasprintf+0x10/0x10 [ 196.809195][ T7015] ? __pfx_input_devnode+0x10/0x10 [ 196.809219][ T7015] device_get_devnode+0x163/0x2c0 [ 196.809247][ T7015] devtmpfs_create_node+0xf1/0x230 [ 196.809294][ T7015] ? __pfx_devtmpfs_create_node+0x10/0x10 [ 196.809329][ T7015] ? up_write+0x1b2/0x520 [ 196.809370][ T7015] ? kernfs_create_link+0x1bd/0x240 [ 196.809394][ T7015] ? kernfs_put+0x35/0x60 [ 196.809423][ T7015] ? sysfs_do_create_link_sd+0xbb/0x140 [ 196.809455][ T7015] device_add+0x10bd/0x1a70 [ 196.809479][ T7015] ? __pfx_device_add+0x10/0x10 [ 196.809499][ T7015] ? __pfx_exact_lock+0x10/0x10 [ 196.809535][ T7015] ? kobject_get+0xbb/0x150 [ 196.809570][ T7015] cdev_device_add+0xc2/0x1e0 [ 196.809605][ T7015] evdev_connect+0x3a4/0x4c0 [ 196.809636][ T7015] input_attach_handler.isra.0+0x181/0x260 [ 196.809668][ T7015] input_register_device+0xa84/0x1130 [ 196.809700][ T7015] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 196.809724][ T7015] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 196.809752][ T7015] ? find_held_lock+0x2b/0x80 [ 196.809785][ T7015] ? __pfx_uinput_ioctl+0x10/0x10 [ 196.809806][ T7015] __x64_sys_ioctl+0x18b/0x210 [ 196.809833][ T7015] do_syscall_64+0xcd/0x490 [ 196.809867][ T7015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.809888][ T7015] RIP: 0033:0x7fea9c78e929 [ 196.809905][ T7015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.809931][ T7015] RSP: 002b:00007fea9d652038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 196.809951][ T7015] RAX: ffffffffffffffda RBX: 00007fea9c9b5fa0 RCX: 00007fea9c78e929 [ 196.809983][ T7015] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000007 [ 196.809996][ T7015] RBP: 00007fea9c810b39 R08: 0000000000000000 R09: 0000000000000000 [ 196.810010][ T7015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 196.810023][ T7015] R13: 0000000000000000 R14: 00007fea9c9b5fa0 R15: 00007ffc5b699d38 [ 196.810051][ T7015] [ 197.157592][ C1] sd 0:0:1:0: [sda] tag#2370 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 197.168175][ C1] sd 0:0:1:0: [sda] tag#2370 CDB: Read(6) 08 00 00 00 09 00 00 00 00 00 00 00 [ 197.386495][ T5838] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 199.388400][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.401912][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.070201][ T7075] ima: policy update failed [ 200.077279][ T7075] netlink: 25 bytes leftover after parsing attributes in process `syz.0.206'. [ 200.087612][ T30] audit: type=1802 audit(1750883153.678:7): pid=7075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.206" res=0 errno=0 [ 202.834245][ T7117] FAULT_INJECTION: forcing a failure. [ 202.834245][ T7117] name failslab, interval 1, probability 0, space 0, times 0 [ 202.896044][ T7117] CPU: 1 UID: 0 PID: 7117 Comm: syz.3.212 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 202.896088][ T7117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 202.896106][ T7117] Call Trace: [ 202.896115][ T7117] [ 202.896126][ T7117] dump_stack_lvl+0x16c/0x1f0 [ 202.896176][ T7117] should_fail_ex+0x512/0x640 [ 202.896218][ T7117] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 202.896261][ T7117] should_failslab+0xc2/0x120 [ 202.896289][ T7117] __kmalloc_cache_noprof+0x6a/0x3e0 [ 202.896330][ T7117] ? x509_cert_parse+0x162/0x900 [ 202.896365][ T7117] ? kasan_save_track+0x14/0x30 [ 202.896413][ T7117] x509_cert_parse+0x162/0x900 [ 202.896466][ T7117] ? kasan_save_stack+0x42/0x60 [ 202.896529][ T7117] ? kasan_save_stack+0x33/0x60 [ 202.896572][ T7117] ? kasan_save_track+0x14/0x30 [ 202.896621][ T7117] pkcs7_extract_cert+0xa4/0x320 [ 202.896671][ T7117] asn1_ber_decoder+0xc5f/0x1df0 [ 202.896745][ T7117] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 202.896838][ T7117] pkcs7_parse_message+0x288/0x720 [ 202.896895][ T7117] verify_pkcs7_signature+0x30/0xa0 [ 202.896934][ T7117] valid_regdb+0x215/0x590 [ 202.896968][ T7117] ? __pfx___mutex_lock+0x10/0x10 [ 202.897018][ T7117] ? __pfx_valid_regdb+0x10/0x10 [ 202.897060][ T7117] reg_reload_regdb+0x11e/0x460 [ 202.897098][ T7117] ? __pfx_reg_reload_regdb+0x10/0x10 [ 202.897137][ T7117] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 202.897183][ T7117] ? nl80211_pre_doit+0x1b0/0xb10 [ 202.897234][ T7117] genl_family_rcv_msg_doit+0x209/0x2f0 [ 202.897277][ T7117] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 202.897316][ T7117] ? rcu_is_watching+0x12/0xc0 [ 202.897361][ T7117] ? bpf_lsm_capable+0x9/0x10 [ 202.897400][ T7117] ? security_capable+0x7e/0x260 [ 202.897459][ T7117] genl_rcv_msg+0x55c/0x800 [ 202.897505][ T7117] ? __pfx_genl_rcv_msg+0x10/0x10 [ 202.897544][ T7117] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 202.897588][ T7117] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 202.897622][ T7117] ? __pfx_nl80211_post_doit+0x10/0x10 [ 202.897684][ T7117] netlink_rcv_skb+0x158/0x420 [ 202.897723][ T7117] ? __pfx_genl_rcv_msg+0x10/0x10 [ 202.897771][ T7117] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 202.897834][ T7117] ? netlink_deliver_tap+0x1ae/0xd30 [ 202.897887][ T7117] genl_rcv+0x28/0x40 [ 202.897922][ T7117] netlink_unicast+0x53a/0x7f0 [ 202.897960][ T7117] ? __pfx_netlink_unicast+0x10/0x10 [ 202.898010][ T7117] netlink_sendmsg+0x8d1/0xdd0 [ 202.898051][ T7117] ? __pfx_netlink_sendmsg+0x10/0x10 [ 202.898122][ T7117] ____sys_sendmsg+0xa98/0xc70 [ 202.898160][ T7117] ? copy_msghdr_from_user+0x10a/0x160 [ 202.898211][ T7117] ? __pfx_____sys_sendmsg+0x10/0x10 [ 202.898259][ T7117] ? __pfx_futex_wake_mark+0x10/0x10 [ 202.898312][ T7117] ___sys_sendmsg+0x134/0x1d0 [ 202.898364][ T7117] ? __pfx____sys_sendmsg+0x10/0x10 [ 202.898411][ T7117] ? __lock_acquire+0x622/0x1c90 [ 202.898506][ T7117] __sys_sendmsg+0x16d/0x220 [ 202.898556][ T7117] ? __pfx___sys_sendmsg+0x10/0x10 [ 202.898605][ T7117] ? __x64_sys_futex+0x1e0/0x4c0 [ 202.898672][ T7117] do_syscall_64+0xcd/0x490 [ 202.898733][ T7117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.898766][ T7117] RIP: 0033:0x7f763bd8e929 [ 202.898792][ T7117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.898822][ T7117] RSP: 002b:00007f763cbef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 202.898851][ T7117] RAX: ffffffffffffffda RBX: 00007f763bfb5fa0 RCX: 00007f763bd8e929 [ 202.898870][ T7117] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 202.898890][ T7117] RBP: 00007f763be10b39 R08: 0000000000000000 R09: 0000000000000000 [ 202.898909][ T7117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 202.898927][ T7117] R13: 0000000000000000 R14: 00007f763bfb5fa0 R15: 00007fff612e7528 [ 202.898966][ T7117] syzkaller syzkaller login: [ 203.945739][ T7122] FAULT_INJECTION: forcing a failure. [ 203.945739][ T7122] name failslab, interval 1, probability 0, space 0, times 0 [ 204.113245][ T7122] CPU: 0 UID: 0 PID: 7122 Comm: syz.0.213 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 204.113287][ T7122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 204.113303][ T7122] Call Trace: [ 204.113312][ T7122] [ 204.113323][ T7122] dump_stack_lvl+0x16c/0x1f0 [ 204.113375][ T7122] should_fail_ex+0x512/0x640 [ 204.113416][ T7122] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 204.113465][ T7122] should_failslab+0xc2/0x120 [ 204.113492][ T7122] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 204.113535][ T7122] ? __pfx___debug_object_init+0x10/0x10 [ 204.113566][ T7122] ? __d_alloc+0x31/0xaa0 [ 204.113623][ T7122] __d_alloc+0x31/0xaa0 [ 204.113673][ T7122] d_alloc_pseudo+0x1c/0xc0 [ 204.113706][ T7122] alloc_file_pseudo+0xcf/0x230 [ 204.113740][ T7122] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 204.113772][ T7122] ? alloc_fd+0x471/0x7d0 [ 204.113817][ T7122] sock_alloc_file+0x50/0x210 [ 204.113847][ T7122] __sys_socket+0x1c0/0x260 [ 204.113882][ T7122] ? __pfx___sys_socket+0x10/0x10 [ 204.113918][ T7122] ? xfd_validate_state+0x61/0x180 [ 204.113955][ T7122] ? __task_pid_nr_ns+0x17c/0x500 [ 204.114001][ T7122] __x64_sys_socket+0x72/0xb0 [ 204.114034][ T7122] ? lockdep_hardirqs_on+0x7c/0x110 [ 204.114075][ T7122] do_syscall_64+0xcd/0x490 [ 204.114121][ T7122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.114151][ T7122] RIP: 0033:0x7f5194b8e929 [ 204.114174][ T7122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.114203][ T7122] RSP: 002b:00007f5195a36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 204.114229][ T7122] RAX: ffffffffffffffda RBX: 00007f5194db5fa0 RCX: 00007f5194b8e929 [ 204.114248][ T7122] RDX: 0000000000000001 RSI: 0000000000000002 RDI: 000000000000002a [ 204.114264][ T7122] RBP: 00007f5194c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 204.114281][ T7122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.114297][ T7122] R13: 0000000000000000 R14: 00007f5194db5fa0 R15: 00007ffce0a31468 [ 204.114333][ T7122] [ 205.943805][ T7155] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma? [ 206.066726][ T7160] netlink: 12 bytes leftover after parsing attributes in process `syz.2.217'. [ 207.206554][ T7174] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 207.393168][ T7177] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 208.986980][ T7178] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 211.566193][ T7217] kexec: Could not allocate control_code_buffer [ 212.063177][ T7216] mmap: syz.2.227 (7216) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 214.908416][ T7275] vivid-009: ================= START STATUS ================= [ 214.960246][ T7275] vivid-009: Enable Output Cropping: true grabbed [ 214.991161][ T7275] vivid-009: Enable Output Composing: true grabbed [ 215.036129][ T7275] vivid-009: Enable Output Scaler: true grabbed [ 215.091186][ T7275] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 215.098522][ T7275] vivid-009: Transmit Mode: HDMI grabbed [ 215.167112][ T7275] vivid-009: Hotplug Present: 0x00000000 [ 215.291293][ T7275] vivid-009: RxSense Present: 0x00000000 [ 215.303050][ T7275] vivid-009: EDID Present: 0x00000000 [ 215.308483][ T7275] vivid-009: ================== END STATUS ================== [ 215.502417][ T7281] block nbd7: not configured, cannot reconfigure [ 215.620874][ T7285] FAULT_INJECTION: forcing a failure. [ 215.620874][ T7285] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 215.712022][ T7285] CPU: 0 UID: 0 PID: 7285 Comm: syz.2.235 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 215.712058][ T7285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 215.712071][ T7285] Call Trace: [ 215.712078][ T7285] [ 215.712086][ T7285] dump_stack_lvl+0x16c/0x1f0 [ 215.712122][ T7285] should_fail_ex+0x512/0x640 [ 215.712158][ T7285] should_fail_alloc_page+0xe7/0x130 [ 215.712180][ T7285] prepare_alloc_pages+0x3c2/0x610 [ 215.712205][ T7285] ? __lock_acquire+0x622/0x1c90 [ 215.712236][ T7285] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 215.712277][ T7285] ? find_held_lock+0x2b/0x80 [ 215.712297][ T7285] ? mtree_load+0x309/0xa40 [ 215.712326][ T7285] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 215.712361][ T7285] ? mtree_load+0x325/0xa40 [ 215.712397][ T7285] ? __up_read+0x1f8/0x750 [ 215.712429][ T7285] ? __pfx___up_read+0x10/0x10 [ 215.712458][ T7285] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 215.712520][ T7285] ? policy_nodemask+0xea/0x4e0 [ 215.712543][ T7285] alloc_pages_mpol+0x1fb/0x550 [ 215.712565][ T7285] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 215.712587][ T7285] ? do_raw_spin_lock+0x12c/0x2b0 [ 215.712622][ T7285] ? __pfx___access_remote_vm+0x10/0x10 [ 215.712663][ T7285] alloc_pages_noprof+0x131/0x390 [ 215.712685][ T7285] get_free_pages_noprof+0x10/0xb0 [ 215.712708][ T7285] proc_pid_cmdline_read+0x46d/0x900 [ 215.712740][ T7285] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 215.712771][ T7285] ? rw_verify_area+0xcf/0x680 [ 215.712798][ T7285] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 215.712826][ T7285] vfs_read+0x1e4/0xc60 [ 215.712861][ T7285] ? __pfx___mutex_lock+0x10/0x10 [ 215.712896][ T7285] ? __pfx_vfs_read+0x10/0x10 [ 215.712934][ T7285] ? __fget_files+0x20e/0x3c0 [ 215.712973][ T7285] ksys_read+0x12a/0x250 [ 215.713004][ T7285] ? __pfx_ksys_read+0x10/0x10 [ 215.713043][ T7285] do_syscall_64+0xcd/0x490 [ 215.713079][ T7285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.713102][ T7285] RIP: 0033:0x7f772ab8e929 [ 215.713120][ T7285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.713141][ T7285] RSP: 002b:00007f772b982038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 215.713161][ T7285] RAX: ffffffffffffffda RBX: 00007f772adb5fa0 RCX: 00007f772ab8e929 [ 215.713176][ T7285] RDX: 000000000000009f RSI: 0000200000000040 RDI: 0000000000000007 [ 215.713189][ T7285] RBP: 00007f772ac10b39 R08: 0000000000000000 R09: 0000000000000000 [ 215.713203][ T7285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 215.713216][ T7285] R13: 0000000000000000 R14: 00007f772adb5fa0 R15: 00007ffd55fd5b98 [ 215.713244][ T7285] [ 216.107227][ T7293] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input9 [ 217.150028][ T7300] FAULT_INJECTION: forcing a failure. [ 217.150028][ T7300] name failslab, interval 1, probability 0, space 0, times 0 [ 217.236111][ T7300] CPU: 0 UID: 0 PID: 7300 Comm: syz.2.237 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 217.236153][ T7300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.236170][ T7300] Call Trace: [ 217.236179][ T7300] [ 217.236191][ T7300] dump_stack_lvl+0x16c/0x1f0 [ 217.236241][ T7300] should_fail_ex+0x512/0x640 [ 217.236282][ T7300] ? fs_reclaim_acquire+0xae/0x150 [ 217.236319][ T7300] should_failslab+0xc2/0x120 [ 217.236347][ T7300] __kmalloc_cache_noprof+0x6a/0x3e0 [ 217.236390][ T7300] ? tomoyo_find_next_domain+0x145/0x20b0 [ 217.236421][ T7300] ? kasan_save_track+0x14/0x30 [ 217.236469][ T7300] tomoyo_find_next_domain+0x145/0x20b0 [ 217.236516][ T7300] ? __pfx_tomoyo_find_next_domain+0x10/0x10 [ 217.236573][ T7300] tomoyo_bprm_check_security+0x12e/0x1d0 [ 217.236626][ T7300] ? tomoyo_bprm_check_security+0x120/0x1d0 [ 217.236676][ T7300] security_bprm_check+0x1b9/0x1e0 [ 217.236706][ T7300] bprm_execve+0x810/0x1650 [ 217.236752][ T7300] ? __pfx_bprm_execve+0x10/0x10 [ 217.236787][ T7300] ? copy_string_kernel+0x444/0x510 [ 217.236834][ T7300] do_execveat_common.isra.0+0x4a5/0x610 [ 217.236880][ T7300] __x64_sys_execve+0x8e/0xb0 [ 217.236921][ T7300] do_syscall_64+0xcd/0x490 [ 217.236986][ T7300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.237017][ T7300] RIP: 0033:0x7f772ab8e929 [ 217.237041][ T7300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.237071][ T7300] RSP: 002b:00007f772b961038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 217.237099][ T7300] RAX: ffffffffffffffda RBX: 00007f772adb6080 RCX: 00007f772ab8e929 [ 217.237118][ T7300] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 217.237135][ T7300] RBP: 00007f772ac10b39 R08: 0000000000000000 R09: 0000000000000000 [ 217.237153][ T7300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 217.237170][ T7300] R13: 0000000000000000 R14: 00007f772adb6080 R15: 00007ffd55fd5b98 [ 217.237210][ T7300] [ 217.237530][ T7303] FAULT_INJECTION: forcing a failure. [ 217.237530][ T7303] name failslab, interval 1, probability 0, space 0, times 0 [ 217.474445][ T7303] CPU: 1 UID: 0 PID: 7303 Comm: syz.1.238 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 217.474486][ T7303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.474502][ T7303] Call Trace: [ 217.474512][ T7303] [ 217.474522][ T7303] dump_stack_lvl+0x16c/0x1f0 [ 217.474571][ T7303] should_fail_ex+0x512/0x640 [ 217.474612][ T7303] ? __kmalloc_noprof+0xbf/0x510 [ 217.474659][ T7303] ? snd_pcm_plugin_build+0x64/0x650 [ 217.474693][ T7303] should_failslab+0xc2/0x120 [ 217.474721][ T7303] __kmalloc_noprof+0xd2/0x510 [ 217.474764][ T7303] ? __mutex_unlock_slowpath+0x91/0x6a0 [ 217.474816][ T7303] snd_pcm_plugin_build+0x64/0x650 [ 217.474856][ T7303] snd_pcm_plugin_build_rate+0x27c/0x760 [ 217.474900][ T7303] ? __pfx_snd_pcm_plugin_build_rate+0x10/0x10 [ 217.474948][ T7303] ? snd_pcm_hw_params+0xcd/0x1b40 [ 217.474989][ T7303] snd_pcm_plug_format_plugins+0x866/0x1430 [ 217.475032][ T7303] ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10 [ 217.475076][ T7303] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 217.475121][ T7303] snd_pcm_oss_change_params_locked+0x2dec/0x3a30 [ 217.475173][ T7303] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 217.475239][ T7303] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 217.475279][ T7303] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 217.475316][ T7303] ? hook_file_ioctl_common+0x145/0x410 [ 217.475371][ T7303] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 217.475428][ T7303] ? __fget_files+0x20e/0x3c0 [ 217.475477][ T7303] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 217.475516][ T7303] __x64_sys_ioctl+0x18b/0x210 [ 217.475557][ T7303] do_syscall_64+0xcd/0x490 [ 217.475609][ T7303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.475640][ T7303] RIP: 0033:0x7fea9c78e929 [ 217.475664][ T7303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.475694][ T7303] RSP: 002b:00007fea9d631038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 217.475723][ T7303] RAX: ffffffffffffffda RBX: 00007fea9c9b6080 RCX: 00007fea9c78e929 [ 217.475743][ T7303] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000008 [ 217.475761][ T7303] RBP: 00007fea9c810b39 R08: 0000000000000000 R09: 0000000000000000 [ 217.475779][ T7303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 217.475796][ T7303] R13: 0000000000000000 R14: 00007fea9c9b6080 R15: 00007ffc5b699d38 [ 217.475836][ T7303] [ 217.725048][ T7308] FAULT_INJECTION: forcing a failure. [ 217.725048][ T7308] name failslab, interval 1, probability 0, space 0, times 0 [ 217.737989][ T7308] CPU: 1 UID: 0 PID: 7308 Comm: syz.0.239 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 217.738030][ T7308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.738065][ T7308] Call Trace: [ 217.738075][ T7308] [ 217.738086][ T7308] dump_stack_lvl+0x16c/0x1f0 [ 217.738138][ T7308] should_fail_ex+0x512/0x640 [ 217.738182][ T7308] ? __kmalloc_noprof+0xbf/0x510 [ 217.738229][ T7308] ? ops_init+0x77/0x5f0 [ 217.738275][ T7308] should_failslab+0xc2/0x120 [ 217.738345][ T7308] __kmalloc_noprof+0xd2/0x510 [ 217.738394][ T7308] ? __raw_spin_lock_init+0x3a/0x110 [ 217.738448][ T7308] ops_init+0x77/0x5f0 [ 217.738499][ T7308] setup_net+0x1ff/0x510 [ 217.738525][ T7308] ? lockdep_init_map_type+0x5c/0x280 [ 217.738569][ T7308] ? __pfx_setup_net+0x10/0x10 [ 217.738600][ T7308] ? debug_mutex_init+0x37/0x70 [ 217.738634][ T7308] copy_net_ns+0x2a6/0x5f0 [ 217.738670][ T7308] create_new_namespaces+0x3ea/0xa90 [ 217.738713][ T7308] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 217.738751][ T7308] ksys_unshare+0x45b/0xa40 [ 217.738793][ T7308] ? __pfx_ksys_unshare+0x10/0x10 [ 217.738837][ T7308] ? xfd_validate_state+0x61/0x180 [ 217.738900][ T7308] __x64_sys_unshare+0x31/0x40 [ 217.738941][ T7308] do_syscall_64+0xcd/0x490 [ 217.738997][ T7308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.739030][ T7308] RIP: 0033:0x7f5194b8e929 [ 217.739056][ T7308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.739086][ T7308] RSP: 002b:00007f5195a36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 217.739116][ T7308] RAX: ffffffffffffffda RBX: 00007f5194db5fa0 RCX: 00007f5194b8e929 [ 217.739137][ T7308] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 217.739155][ T7308] RBP: 00007f5194c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 217.739174][ T7308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 217.739192][ T7308] R13: 0000000000000000 R14: 00007f5194db5fa0 R15: 00007ffce0a31468 [ 217.739233][ T7308] [ 218.566551][ T7319] netlink: 28 bytes leftover after parsing attributes in process `syz.3.241'. [ 218.675072][ T7319] team0: Port device team_slave_1 removed [ 218.964069][ T7324] tipc: Started in network mode [ 218.969219][ T7324] tipc: Node identity ee00, cluster identity 4711 [ 218.975849][ T7324] tipc: Node number set to 60928 [ 220.962988][ T7342] FAULT_INJECTION: forcing a failure. [ 220.962988][ T7342] name failslab, interval 1, probability 0, space 0, times 0 [ 220.963056][ T7342] CPU: 1 UID: 0 PID: 7342 Comm: syz.3.246 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 220.963081][ T7342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 220.963095][ T7342] Call Trace: [ 220.963102][ T7342] [ 220.963110][ T7342] dump_stack_lvl+0x16c/0x1f0 [ 220.963149][ T7342] should_fail_ex+0x512/0x640 [ 220.963181][ T7342] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 220.963218][ T7342] should_failslab+0xc2/0x120 [ 220.963239][ T7342] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 220.963272][ T7342] ? __kernfs_new_node+0xd2/0x8e0 [ 220.963305][ T7342] __kernfs_new_node+0xd2/0x8e0 [ 220.963338][ T7342] ? __pfx___kernfs_new_node+0x10/0x10 [ 220.963383][ T7342] ? find_held_lock+0x2b/0x80 [ 220.963406][ T7342] ? kernfs_root+0xee/0x2a0 [ 220.963442][ T7342] kernfs_new_node+0x13c/0x1e0 [ 220.963481][ T7342] __kernfs_create_file+0x53/0x350 [ 220.963509][ T7342] sysfs_add_file_mode_ns+0x207/0x3c0 [ 220.963544][ T7342] internal_create_group+0x578/0xf30 [ 220.963580][ T7342] ? __pfx_internal_create_group+0x10/0x10 [ 220.963616][ T7342] ? kernfs_create_link+0x1bd/0x240 [ 220.963644][ T7342] internal_create_groups+0x9d/0x150 [ 220.963679][ T7342] device_add+0x6d1/0x1a70 [ 220.963702][ T7342] ? __pfx_device_add+0x10/0x10 [ 220.963723][ T7342] ? lockdep_init_map_type+0x5c/0x280 [ 220.963754][ T7342] ? __init_waitqueue_head+0xca/0x150 [ 220.963794][ T7342] netdev_register_kobject+0x182/0x3a0 [ 220.963820][ T7342] register_netdevice+0x13dc/0x2270 [ 220.963847][ T7342] ? __pfx_register_netdevice+0x10/0x10 [ 220.963898][ T7342] __ip_tunnel_create+0x540/0x6e0 [ 220.963926][ T7342] ? __pfx___ip_tunnel_create+0x10/0x10 [ 220.963960][ T7342] ip_tunnel_init_net+0x22f/0x7d0 [ 220.963992][ T7342] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 220.964039][ T7342] ? trace_kmalloc+0x2b/0xd0 [ 220.964060][ T7342] ? __kmalloc_noprof+0x242/0x510 [ 220.964090][ T7342] ? lockdep_init_map_type+0x5c/0x280 [ 220.964123][ T7342] ? __pfx_ipgre_tap_init_net+0x10/0x10 [ 220.964158][ T7342] ops_init+0x1df/0x5f0 [ 220.964195][ T7342] setup_net+0x1ff/0x510 [ 220.964213][ T7342] ? lockdep_init_map_type+0x5c/0x280 [ 220.964241][ T7342] ? __pfx_setup_net+0x10/0x10 [ 220.964263][ T7342] ? debug_mutex_init+0x37/0x70 [ 220.964286][ T7342] copy_net_ns+0x2a6/0x5f0 [ 220.964310][ T7342] create_new_namespaces+0x3ea/0xa90 [ 220.964345][ T7342] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 220.964372][ T7342] ksys_unshare+0x45b/0xa40 [ 220.964401][ T7342] ? __pfx_ksys_unshare+0x10/0x10 [ 220.964431][ T7342] ? xfd_validate_state+0x61/0x180 [ 220.964466][ T7342] __x64_sys_unshare+0x31/0x40 [ 220.964495][ T7342] do_syscall_64+0xcd/0x490 [ 220.964537][ T7342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.964558][ T7342] RIP: 0033:0x7f763bd8e929 [ 220.964576][ T7342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.964597][ T7342] RSP: 002b:00007f763cbef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 220.964616][ T7342] RAX: ffffffffffffffda RBX: 00007f763bfb5fa0 RCX: 00007f763bd8e929 [ 220.964631][ T7342] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 220.964645][ T7342] RBP: 00007f763be10b39 R08: 0000000000000000 R09: 0000000000000000 [ 220.964675][ T7342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 220.964689][ T7342] R13: 0000000000000000 R14: 00007f763bfb5fa0 R15: 00007fff612e7528 [ 220.964718][ T7342] [ 222.707228][ T7355] Invalid ELF header magic: != ELF [ 223.775832][ T7366] FAULT_INJECTION: forcing a failure. [ 223.775832][ T7366] name failslab, interval 1, probability 0, space 0, times 0 [ 223.871229][ T7366] CPU: 0 UID: 0 PID: 7366 Comm: syz.3.252 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 223.871274][ T7366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 223.871293][ T7366] Call Trace: [ 223.871304][ T7366] [ 223.871316][ T7366] dump_stack_lvl+0x16c/0x1f0 [ 223.871371][ T7366] should_fail_ex+0x512/0x640 [ 223.871415][ T7366] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 223.871480][ T7366] should_failslab+0xc2/0x120 [ 223.871511][ T7366] __kmalloc_cache_noprof+0x6a/0x3e0 [ 223.871555][ T7366] ? ovs_dp_cmd_new+0x42e/0xe60 [ 223.871606][ T7366] ovs_dp_cmd_new+0x42e/0xe60 [ 223.871662][ T7366] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 223.871716][ T7366] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 223.871759][ T7366] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 223.871811][ T7366] genl_family_rcv_msg_doit+0x209/0x2f0 [ 223.871856][ T7366] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 223.871897][ T7366] ? trace_cap_capable+0x18d/0x200 [ 223.871938][ T7366] ? bpf_lsm_capable+0x9/0x10 [ 223.871976][ T7366] ? security_capable+0x7e/0x260 [ 223.872030][ T7366] ? ns_capable+0xd7/0x110 [ 223.872064][ T7366] genl_rcv_msg+0x55c/0x800 [ 223.872107][ T7366] ? __pfx_genl_rcv_msg+0x10/0x10 [ 223.872145][ T7366] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 223.872188][ T7366] netlink_rcv_skb+0x158/0x420 [ 223.872212][ T7366] ? __pfx_genl_rcv_msg+0x10/0x10 [ 223.872243][ T7366] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 223.872292][ T7366] ? netlink_deliver_tap+0x1ae/0xd30 [ 223.872324][ T7366] genl_rcv+0x28/0x40 [ 223.872358][ T7366] netlink_unicast+0x53a/0x7f0 [ 223.872398][ T7366] ? __pfx_netlink_unicast+0x10/0x10 [ 223.872432][ T7366] netlink_sendmsg+0x8d1/0xdd0 [ 223.872460][ T7366] ? __pfx_netlink_sendmsg+0x10/0x10 [ 223.872494][ T7366] ____sys_sendmsg+0xa98/0xc70 [ 223.872521][ T7366] ? copy_msghdr_from_user+0x10a/0x160 [ 223.872554][ T7366] ? __pfx_____sys_sendmsg+0x10/0x10 [ 223.872577][ T7366] ? preempt_schedule_thunk+0x16/0x30 [ 223.872610][ T7366] ? try_to_wake_up+0xa2f/0x1680 [ 223.872636][ T7366] ___sys_sendmsg+0x134/0x1d0 [ 223.872671][ T7366] ? __pfx____sys_sendmsg+0x10/0x10 [ 223.872703][ T7366] ? __lock_acquire+0x622/0x1c90 [ 223.872765][ T7366] __sys_sendmsg+0x16d/0x220 [ 223.872799][ T7366] ? __pfx___sys_sendmsg+0x10/0x10 [ 223.872832][ T7366] ? __x64_sys_futex+0x1e0/0x4c0 [ 223.872878][ T7366] do_syscall_64+0xcd/0x490 [ 223.872915][ T7366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.872938][ T7366] RIP: 0033:0x7f763bd8e929 [ 223.872955][ T7366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.872976][ T7366] RSP: 002b:00007f763cbef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 223.872997][ T7366] RAX: ffffffffffffffda RBX: 00007f763bfb5fa0 RCX: 00007f763bd8e929 [ 223.873011][ T7366] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000008 [ 223.873025][ T7366] RBP: 00007f763be10b39 R08: 0000000000000000 R09: 0000000000000000 [ 223.873039][ T7366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 223.873052][ T7366] R13: 0000000000000000 R14: 00007f763bfb5fa0 R15: 00007fff612e7528 [ 223.873080][ T7366] [ 225.224420][ T7378] netlink: 8 bytes leftover after parsing attributes in process `syz.3.254'. [ 225.906142][ T7396] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 225.906142][ T7396] The task syz.3.257 (7396) triggered the difference, watch for misbehavior. [ 227.443026][ T7409] netlink: 296 bytes leftover after parsing attributes in process `syz.2.259'. [ 233.904170][ T7479] FAULT_INJECTION: forcing a failure. [ 233.904170][ T7479] name failslab, interval 1, probability 0, space 0, times 0 [ 233.992446][ T7479] CPU: 0 UID: 0 PID: 7479 Comm: syz.1.271 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 233.992492][ T7479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 233.992512][ T7479] Call Trace: [ 233.992522][ T7479] [ 233.992534][ T7479] dump_stack_lvl+0x16c/0x1f0 [ 233.992589][ T7479] should_fail_ex+0x512/0x640 [ 233.992635][ T7479] ? fs_reclaim_acquire+0xae/0x150 [ 233.992678][ T7479] should_failslab+0xc2/0x120 [ 233.992710][ T7479] __kmalloc_cache_noprof+0x6a/0x3e0 [ 233.992756][ T7479] ? tomoyo_find_next_domain+0xfd/0x20b0 [ 233.992797][ T7479] tomoyo_find_next_domain+0xfd/0x20b0 [ 233.992847][ T7479] ? __pfx_tomoyo_find_next_domain+0x10/0x10 [ 233.992898][ T7479] tomoyo_bprm_check_security+0x12e/0x1d0 [ 233.992950][ T7479] ? tomoyo_bprm_check_security+0x120/0x1d0 [ 233.993005][ T7479] security_bprm_check+0x1b9/0x1e0 [ 233.993037][ T7479] bprm_execve+0x810/0x1650 [ 233.993091][ T7479] ? __pfx_bprm_execve+0x10/0x10 [ 233.993133][ T7479] ? copy_string_kernel+0x444/0x510 [ 233.993188][ T7479] do_execveat_common.isra.0+0x4a5/0x610 [ 233.993243][ T7479] __x64_sys_execve+0x8e/0xb0 [ 233.993290][ T7479] do_syscall_64+0xcd/0x490 [ 233.993344][ T7479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.993377][ T7479] RIP: 0033:0x7fea9c78e929 [ 233.993410][ T7479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.993442][ T7479] RSP: 002b:00007fea9d631038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 233.993473][ T7479] RAX: ffffffffffffffda RBX: 00007fea9c9b6080 RCX: 00007fea9c78e929 [ 233.993494][ T7479] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 233.993514][ T7479] RBP: 00007fea9c810b39 R08: 0000000000000000 R09: 0000000000000000 [ 233.993533][ T7479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 233.993551][ T7479] R13: 0000000000000000 R14: 00007fea9c9b6080 R15: 00007ffc5b699d38 [ 233.993594][ T7479] [ 237.218752][ T7513] can: request_module (can-proto-3) failed. [ 238.147174][ T5838] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 242.554821][ T7558] FAULT_INJECTION: forcing a failure. [ 242.554821][ T7558] name failslab, interval 1, probability 0, space 0, times 0 [ 242.620409][ T7558] CPU: 0 UID: 0 PID: 7558 Comm: syz.3.287 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 242.620463][ T7558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 242.620483][ T7558] Call Trace: [ 242.620494][ T7558] [ 242.620505][ T7558] dump_stack_lvl+0x16c/0x1f0 [ 242.620560][ T7558] should_fail_ex+0x512/0x640 [ 242.620606][ T7558] ? __kmalloc_noprof+0xbf/0x510 [ 242.620655][ T7558] ? constrain_params_by_rules+0x175/0xca0 [ 242.620690][ T7558] should_failslab+0xc2/0x120 [ 242.620722][ T7558] __kmalloc_noprof+0xd2/0x510 [ 242.620766][ T7558] ? kasan_quarantine_put+0x10a/0x240 [ 242.620811][ T7558] ? constrain_params_by_rules+0xa09/0xca0 [ 242.620854][ T7558] constrain_params_by_rules+0x175/0xca0 [ 242.620907][ T7558] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 242.620953][ T7558] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 242.620987][ T7558] ? intel_panel_compute_config+0x23a/0x330 [ 242.621044][ T7558] ? __mutex_trylock_common+0xe9/0x250 [ 242.621089][ T7558] ? snd_interval_refine+0x2fa/0x580 [ 242.621138][ T7558] snd_pcm_hw_refine+0x7de/0xad0 [ 242.621181][ T7558] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 242.621224][ T7558] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 242.621267][ T7558] ? snd_pcm_hw_param_value+0x266/0x5b0 [ 242.621303][ T7558] snd_pcm_hw_param_first+0x334/0x6f0 [ 242.621346][ T7558] snd_pcm_hw_params+0x5ad/0x1b40 [ 242.621393][ T7558] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 242.621433][ T7558] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 242.621496][ T7558] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 242.621533][ T7558] ? __asan_memset+0x23/0x50 [ 242.621578][ T7558] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 242.621620][ T7558] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 242.621675][ T7558] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 242.621747][ T7558] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 242.621789][ T7558] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 242.621827][ T7558] ? hook_file_ioctl_common+0x145/0x410 [ 242.621861][ T7558] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 242.621901][ T7558] ? __fget_files+0x20e/0x3c0 [ 242.621950][ T7558] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 242.621988][ T7558] __x64_sys_ioctl+0x18b/0x210 [ 242.622029][ T7558] do_syscall_64+0xcd/0x490 [ 242.622080][ T7558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.622112][ T7558] RIP: 0033:0x7f763bd8e929 [ 242.622137][ T7558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.622167][ T7558] RSP: 002b:00007f763cbce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 242.622196][ T7558] RAX: ffffffffffffffda RBX: 00007f763bfb6080 RCX: 00007f763bd8e929 [ 242.622216][ T7558] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000008 [ 242.622234][ T7558] RBP: 00007f763be10b39 R08: 0000000000000000 R09: 0000000000000000 [ 242.622252][ T7558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 242.622270][ T7558] R13: 0000000000000000 R14: 00007f763bfb6080 R15: 00007fff612e7528 [ 242.622310][ T7558] [ 243.937276][ T5838] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 244.259212][ T7578] can: request_module (can-proto-3) failed. [ 246.047163][ T5838] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 246.320272][ T7600] netlink: 28 bytes leftover after parsing attributes in process `syz.2.297'. [ 246.916222][ T7600] team0: Port device team_slave_1 removed [ 248.483542][ T5838] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 249.207827][ T7626] FAULT_INJECTION: forcing a failure. [ 249.207827][ T7626] name failslab, interval 1, probability 0, space 0, times 0 [ 249.275094][ T7626] CPU: 0 UID: 0 PID: 7626 Comm: syz.2.302 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 249.275134][ T7626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 249.275150][ T7626] Call Trace: [ 249.275159][ T7626] [ 249.275177][ T7626] dump_stack_lvl+0x16c/0x1f0 [ 249.275225][ T7626] should_fail_ex+0x512/0x640 [ 249.275264][ T7626] ? __kmalloc_noprof+0xbf/0x510 [ 249.275307][ T7626] ? ovs_vport_set_upcall_portids+0xfc/0x2f0 [ 249.275334][ T7626] should_failslab+0xc2/0x120 [ 249.275360][ T7626] __kmalloc_noprof+0xd2/0x510 [ 249.275410][ T7626] ovs_vport_set_upcall_portids+0xfc/0x2f0 [ 249.275443][ T7626] ovs_vport_alloc+0x28c/0x3d0 [ 249.275472][ T7626] internal_dev_create+0x25/0x520 [ 249.275501][ T7626] ovs_vport_add+0x144/0x4d0 [ 249.275548][ T7626] new_vport+0x16/0x1d0 [ 249.275585][ T7626] ovs_dp_cmd_new+0x6ba/0xe60 [ 249.275633][ T7626] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 249.275679][ T7626] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 249.275716][ T7626] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 249.275777][ T7626] genl_family_rcv_msg_doit+0x209/0x2f0 [ 249.275814][ T7626] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 249.275849][ T7626] ? trace_cap_capable+0x18d/0x200 [ 249.275885][ T7626] ? bpf_lsm_capable+0x9/0x10 [ 249.275919][ T7626] ? security_capable+0x7e/0x260 [ 249.275966][ T7626] ? ns_capable+0xd7/0x110 [ 249.275996][ T7626] genl_rcv_msg+0x55c/0x800 [ 249.276035][ T7626] ? __pfx_genl_rcv_msg+0x10/0x10 [ 249.276073][ T7626] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 249.276126][ T7626] netlink_rcv_skb+0x158/0x420 [ 249.276157][ T7626] ? __pfx_genl_rcv_msg+0x10/0x10 [ 249.276203][ T7626] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 249.276248][ T7626] ? netlink_deliver_tap+0x1ae/0xd30 [ 249.276283][ T7626] genl_rcv+0x28/0x40 [ 249.276313][ T7626] netlink_unicast+0x53a/0x7f0 [ 249.276348][ T7626] ? __pfx_netlink_unicast+0x10/0x10 [ 249.276389][ T7626] netlink_sendmsg+0x8d1/0xdd0 [ 249.276427][ T7626] ? __pfx_netlink_sendmsg+0x10/0x10 [ 249.276471][ T7626] ____sys_sendmsg+0xa98/0xc70 [ 249.276505][ T7626] ? copy_msghdr_from_user+0x10a/0x160 [ 249.276549][ T7626] ? __pfx_____sys_sendmsg+0x10/0x10 [ 249.276591][ T7626] ? __pfx_futex_wake_mark+0x10/0x10 [ 249.276640][ T7626] ___sys_sendmsg+0x134/0x1d0 [ 249.276687][ T7626] ? __pfx____sys_sendmsg+0x10/0x10 [ 249.276728][ T7626] ? __lock_acquire+0x622/0x1c90 [ 249.276821][ T7626] __sys_sendmsg+0x16d/0x220 [ 249.276869][ T7626] ? __pfx___sys_sendmsg+0x10/0x10 [ 249.276911][ T7626] ? rcu_is_watching+0x12/0xc0 [ 249.276965][ T7626] do_syscall_64+0xcd/0x490 [ 249.277014][ T7626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.277044][ T7626] RIP: 0033:0x7f772ab8e929 [ 249.277067][ T7626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.277094][ T7626] RSP: 002b:00007f772b982038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 249.277121][ T7626] RAX: ffffffffffffffda RBX: 00007f772adb5fa0 RCX: 00007f772ab8e929 [ 249.277139][ T7626] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000008 [ 249.277173][ T7626] RBP: 00007f772ac10b39 R08: 0000000000000000 R09: 0000000000000000 [ 249.277191][ T7626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 249.277207][ T7626] R13: 0000000000000000 R14: 00007f772adb5fa0 R15: 00007ffd55fd5b98 [ 249.277242][ T7626] syzkaller syzkaller login: [ 254.849674][ T5838] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 256.892106][ T5838] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 260.225884][ T5838] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 260.827894][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.841349][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 syzkaller syzkaller login: [ 261.078477][ T5838] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 266.925131][ T5838] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 syzkaller syzkaller login: [ 267.242298][ T5838] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 270.838709][ T7853] netlink: 4 bytes leftover after parsing attributes in process `syz.3.344'. [ 271.227520][ T5838] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 syzkaller syzkaller login: [ 271.311977][ T5838] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 274.974762][ T7908] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input14 syzkaller syzkaller login: [ 281.243347][ T5838] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 284.607904][ T8009] random: crng reseeded on system resumption [ 285.269599][ T8022] HfR: entered promiscuous mode [ 285.354981][ T8022] netlink: 12 bytes leftover after parsing attributes in process `syz.1.380'. [ 285.383739][ T8022] openvswitch: HfR: Dropping previously announced user features [ 287.802731][ T8054] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input17 [ 289.255395][ T5838] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 289.707010][ T8084] HfR: entered promiscuous mode [ 289.726550][ T8085] netlink: 12 bytes leftover after parsing attributes in process `syz.0.397'. [ 289.883039][ T8085] openvswitch: HfR: Dropping previously announced user features [ 291.404303][ T8101] sd 0:0:1:0: PR command failed: 1026 [ 291.425692][ T8101] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 291.438298][ T8101] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 295.561719][ T5838] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 299.021377][ T5838] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 299.736742][ T8196] netlink: 12 bytes leftover after parsing attributes in process `syz.2.417'. [ 299.844366][ T8196] HfR: entered promiscuous mode [ 299.844527][ T5838] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 304.246816][ T5838] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 307.652126][ T8283] random: crng reseeded on system resumption [ 310.954728][ T5838] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 311.698326][ T5838] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 314.839140][ T8384] snd_aloop snd_aloop.0: control 16781581:65533:6:é'x?F¢é/èìzFË·fCªáª:0 is already present [ 315.524628][ T5838] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 316.019189][ T5838] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 316.323226][ T5838] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 317.054700][ T8404] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 317.121637][ T8404] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 317.138446][ T8404] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 317.148586][ T8404] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 317.693310][ T8422] FAULT_INJECTION: forcing a failure. [ 317.693310][ T8422] name failslab, interval 1, probability 0, space 0, times 0 [ 317.724460][ T8422] CPU: 1 UID: 0 PID: 8422 Comm: syz.3.461 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 317.724492][ T8422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 317.724506][ T8422] Call Trace: [ 317.724513][ T8422] [ 317.724521][ T8422] dump_stack_lvl+0x16c/0x1f0 [ 317.724560][ T8422] should_fail_ex+0x512/0x640 [ 317.724594][ T8422] ? fs_reclaim_acquire+0xae/0x150 [ 317.724622][ T8422] ? tomoyo_encode2+0x100/0x3e0 [ 317.724652][ T8422] should_failslab+0xc2/0x120 [ 317.724674][ T8422] __kmalloc_noprof+0xd2/0x510 [ 317.724706][ T8422] ? d_absolute_path+0x136/0x1a0 [ 317.724736][ T8422] tomoyo_encode2+0x100/0x3e0 [ 317.724772][ T8422] tomoyo_encode+0x29/0x50 [ 317.724801][ T8422] tomoyo_realpath_from_path+0x18f/0x6e0 [ 317.724841][ T8422] tomoyo_check_open_permission+0x2ab/0x3c0 [ 317.724869][ T8422] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 317.724924][ T8422] ? find_held_lock+0x2b/0x80 [ 317.724953][ T8422] tomoyo_file_open+0x6b/0x90 [ 317.724998][ T8422] security_file_open+0x84/0x1e0 [ 317.725028][ T8422] do_dentry_open+0x596/0x1c10 [ 317.725080][ T8422] vfs_open+0x82/0x3f0 [ 317.725105][ T8422] path_openat+0x1de4/0x2cb0 [ 317.725144][ T8422] ? __pfx_path_openat+0x10/0x10 [ 317.725176][ T8422] ? __lock_acquire+0xb8a/0x1c90 [ 317.725206][ T8422] do_filp_open+0x20b/0x470 [ 317.725237][ T8422] ? __pfx_do_filp_open+0x10/0x10 [ 317.725286][ T8422] ? alloc_fd+0x471/0x7d0 [ 317.725321][ T8422] do_sys_openat2+0x11b/0x1d0 [ 317.725344][ T8422] ? __pfx_do_sys_openat2+0x10/0x10 [ 317.725369][ T8422] ? __pfx___might_resched+0x10/0x10 [ 317.725397][ T8422] __x64_sys_openat+0x174/0x210 [ 317.725422][ T8422] ? __pfx___x64_sys_openat+0x10/0x10 [ 317.725456][ T8422] do_syscall_64+0xcd/0x490 [ 317.725490][ T8422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.725512][ T8422] RIP: 0033:0x7f763bd8e929 [ 317.725528][ T8422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.725548][ T8422] RSP: 002b:00007f763cbef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 317.725568][ T8422] RAX: ffffffffffffffda RBX: 00007f763bfb5fa0 RCX: 00007f763bd8e929 [ 317.725582][ T8422] RDX: 0000000000001182 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 317.725596][ T8422] RBP: 00007f763be10b39 R08: 0000000000000000 R09: 0000000000000000 [ 317.725608][ T8422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 317.725621][ T8422] R13: 0000000000000000 R14: 00007f763bfb5fa0 R15: 00007fff612e7528 [ 317.725647][ T8422] [ 317.725667][ T8422] ERROR: Out of memory at tomoyo_realpath_from_path. [ 319.071187][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 319.151279][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 319.157339][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 319.222832][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 319.266295][ T5849] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 319.434703][ T5849] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 319.687879][ T8444] snd_aloop snd_aloop.0: control 16781581:65533:6:é'x?F¢é/èìzFË·fCªáª:0 is already present syzkaller syzkaller login: [ 322.267386][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.276241][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.332095][ T8465] GUP no longer grows the stack in syz.2.471 (8465): 14000-401000 (4000) [ 322.404844][ T8465] CPU: 0 UID: 0 PID: 8465 Comm: syz.2.471 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 322.404886][ T8465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 322.404903][ T8465] Call Trace: [ 322.404912][ T8465] [ 322.404923][ T8465] dump_stack_lvl+0x16c/0x1f0 [ 322.404974][ T8465] gup_vma_lookup+0x1d2/0x220 [ 322.405007][ T8465] __get_user_pages+0x271/0x3b80 [ 322.405054][ T8465] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 322.405102][ T8465] ? kasan_save_stack+0x42/0x60 [ 322.405147][ T8465] ? __pfx___get_user_pages+0x10/0x10 [ 322.405180][ T8465] ? register_lock_class+0x41/0x4c0 [ 322.405218][ T8465] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 322.405260][ T8465] ? do_syscall_64+0xcd/0x490 [ 322.405299][ T8465] __gup_longterm_locked+0x20d/0x1840 [ 322.405326][ T8465] ? __lock_acquire+0xb8a/0x1c90 [ 322.405357][ T8465] ? __pfx___gup_longterm_locked+0x10/0x10 [ 322.405402][ T8465] pin_user_pages_remote+0xed/0x140 [ 322.405429][ T8465] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 322.405453][ T8465] ? mm_access+0x22d/0x2e0 [ 322.405488][ T8465] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 322.405535][ T8465] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 322.405577][ T8465] ? iovec_from_user+0xbb/0x140 [ 322.405624][ T8465] ? iovec_from_user+0xbb/0x140 [ 322.405660][ T8465] process_vm_rw+0x216/0x2c0 [ 322.405696][ T8465] ? __pfx_process_vm_rw+0x10/0x10 [ 322.405736][ T8465] ? __pfx___sys_sendmmsg+0x10/0x10 [ 322.405795][ T8465] ? xfd_validate_state+0x61/0x180 [ 322.405821][ T8465] ? __task_pid_nr_ns+0x17c/0x500 [ 322.405852][ T8465] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 322.405888][ T8465] ? do_syscall_64+0x91/0x490 [ 322.405920][ T8465] ? lockdep_hardirqs_on+0x7c/0x110 [ 322.405950][ T8465] do_syscall_64+0xcd/0x490 [ 322.405984][ T8465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.406010][ T8465] RIP: 0033:0x7f772ab8e929 [ 322.406034][ T8465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.406063][ T8465] RSP: 002b:00007f772b961038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 322.406091][ T8465] RAX: ffffffffffffffda RBX: 00007f772adb6080 RCX: 00007f772ab8e929 [ 322.406110][ T8465] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 0000000000000207 [ 322.406127][ T8465] RBP: 00007f772ac10b39 R08: 0000000000000003 R09: 0000000000000000 [ 322.406144][ T8465] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 322.406162][ T8465] R13: 0000000000000000 R14: 00007f772adb6080 R15: 00007ffd55fd5b98 [ 322.406218][ T8465] [ 323.562916][ T5849] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 327.148230][ T8521] FAULT_INJECTION: forcing a failure. [ 327.148230][ T8521] name failslab, interval 1, probability 0, space 0, times 0 [ 327.228127][ T8521] CPU: 1 UID: 0 PID: 8521 Comm: syz.1.479 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 327.228192][ T8521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 327.228211][ T8521] Call Trace: [ 327.228221][ T8521] [ 327.228234][ T8521] dump_stack_lvl+0x16c/0x1f0 [ 327.228298][ T8521] should_fail_ex+0x512/0x640 [ 327.228346][ T8521] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 327.228401][ T8521] should_failslab+0xc2/0x120 [ 327.228432][ T8521] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 327.228482][ T8521] ? lockdep_init_map_type+0x5c/0x280 [ 327.228525][ T8521] ? seq_open+0x55/0x170 [ 327.228562][ T8521] seq_open+0x55/0x170 [ 327.228598][ T8521] kernfs_fop_open+0x59f/0xda0 [ 327.228635][ T8521] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 327.228687][ T8521] do_dentry_open+0x744/0x1c10 [ 327.228737][ T8521] ? __pfx_kernfs_fop_open+0x10/0x10 [ 327.228780][ T8521] vfs_open+0x82/0x3f0 [ 327.228821][ T8521] path_openat+0x1de4/0x2cb0 [ 327.228883][ T8521] ? __pfx_path_openat+0x10/0x10 [ 327.228934][ T8521] ? __lock_acquire+0xb8a/0x1c90 [ 327.228981][ T8521] do_filp_open+0x20b/0x470 [ 327.229029][ T8521] ? __pfx_do_filp_open+0x10/0x10 [ 327.229108][ T8521] ? alloc_fd+0x471/0x7d0 [ 327.229165][ T8521] do_sys_openat2+0x11b/0x1d0 [ 327.229201][ T8521] ? __pfx_do_sys_openat2+0x10/0x10 [ 327.229255][ T8521] __x64_sys_openat+0x174/0x210 [ 327.229301][ T8521] ? __pfx___x64_sys_openat+0x10/0x10 [ 327.229357][ T8521] do_syscall_64+0xcd/0x490 [ 327.229413][ T8521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.229446][ T8521] RIP: 0033:0x7fea9c78e929 [ 327.229472][ T8521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.229502][ T8521] RSP: 002b:00007fea9d652038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 327.229533][ T8521] RAX: ffffffffffffffda RBX: 00007fea9c9b5fa0 RCX: 00007fea9c78e929 [ 327.229554][ T8521] RDX: 0000000000001182 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 327.229574][ T8521] RBP: 00007fea9c810b39 R08: 0000000000000000 R09: 0000000000000000 [ 327.229593][ T8521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 327.229612][ T8521] R13: 0000000000000000 R14: 00007fea9c9b5fa0 R15: 00007ffc5b699d38 [ 327.229646][ T8521] [ 329.005808][ T8536] FAULT_INJECTION: forcing a failure. [ 329.005808][ T8536] name failslab, interval 1, probability 0, space 0, times 0 [ 329.061269][ T8536] CPU: 0 UID: 0 PID: 8536 Comm: syz.2.483 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 329.061307][ T8536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 329.061323][ T8536] Call Trace: [ 329.061333][ T8536] [ 329.061344][ T8536] dump_stack_lvl+0x16c/0x1f0 [ 329.061390][ T8536] should_fail_ex+0x512/0x640 [ 329.061428][ T8536] ? __kmalloc_noprof+0xbf/0x510 [ 329.061471][ T8536] ? __register_sysctl_table+0xb3/0x1900 [ 329.061513][ T8536] should_failslab+0xc2/0x120 [ 329.061539][ T8536] __kmalloc_noprof+0xd2/0x510 [ 329.061588][ T8536] __register_sysctl_table+0xb3/0x1900 [ 329.061632][ T8536] ? is_module_address+0x5f/0xf0 [ 329.061676][ T8536] ? __pfx___register_sysctl_table+0x10/0x10 [ 329.061718][ T8536] ? is_module_address+0x69/0xf0 [ 329.061753][ T8536] ? register_net_sysctl_sz+0x228/0x3e0 [ 329.061781][ T8536] ? __asan_memcpy+0x3c/0x60 [ 329.061821][ T8536] xfrm_sysctl_init+0x1f5/0x2d0 [ 329.061881][ T8536] xfrm_net_init+0x842/0xcc0 [ 329.061929][ T8536] ? __pfx_xfrm_net_init+0x10/0x10 [ 329.061967][ T8536] ops_init+0x1df/0x5f0 [ 329.062014][ T8536] setup_net+0x1ff/0x510 [ 329.062037][ T8536] ? lockdep_init_map_type+0x5c/0x280 [ 329.062076][ T8536] ? __pfx_setup_net+0x10/0x10 [ 329.062104][ T8536] ? debug_mutex_init+0x37/0x70 [ 329.062134][ T8536] copy_net_ns+0x2a6/0x5f0 [ 329.062165][ T8536] create_new_namespaces+0x3ea/0xa90 [ 329.062202][ T8536] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 329.062234][ T8536] ksys_unshare+0x45b/0xa40 [ 329.062269][ T8536] ? __pfx_ksys_unshare+0x10/0x10 [ 329.062327][ T8536] ? syscall_user_dispatch+0x78/0x140 [ 329.062381][ T8536] __x64_sys_unshare+0x31/0x40 [ 329.062418][ T8536] do_syscall_64+0xcd/0x490 [ 329.062464][ T8536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.062492][ T8536] RIP: 0033:0x7f772ab8e929 [ 329.062517][ T8536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.062544][ T8536] RSP: 002b:00007f772b982038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 329.062571][ T8536] RAX: ffffffffffffffda RBX: 00007f772adb5fa0 RCX: 00007f772ab8e929 [ 329.062589][ T8536] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 329.062605][ T8536] RBP: 00007f772ac10b39 R08: 0000000000000000 R09: 0000000000000000 [ 329.062621][ T8536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 329.062638][ T8536] R13: 0000000000000000 R14: 00007f772adb5fa0 R15: 00007ffd55fd5b98 [ 329.062675][ T8536] [ 334.047728][ T8592] FAULT_INJECTION: forcing a failure. [ 334.047728][ T8592] name failslab, interval 1, probability 0, space 0, times 0 [ 334.063663][ T8592] CPU: 1 UID: 0 PID: 8592 Comm: syz.2.492 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 334.063706][ T8592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 334.063724][ T8592] Call Trace: [ 334.063734][ T8592] [ 334.063747][ T8592] dump_stack_lvl+0x16c/0x1f0 [ 334.063799][ T8592] should_fail_ex+0x512/0x640 [ 334.063843][ T8592] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 334.063894][ T8592] should_failslab+0xc2/0x120 [ 334.063924][ T8592] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 334.063971][ T8592] ? lockdep_init_map_type+0x5c/0x280 [ 334.064012][ T8592] ? seq_open+0x55/0x170 [ 334.064049][ T8592] seq_open+0x55/0x170 [ 334.064082][ T8592] kernfs_fop_open+0x59f/0xda0 [ 334.064117][ T8592] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 334.064168][ T8592] do_dentry_open+0x744/0x1c10 [ 334.064216][ T8592] ? __pfx_kernfs_fop_open+0x10/0x10 [ 334.064257][ T8592] vfs_open+0x82/0x3f0 [ 334.064295][ T8592] path_openat+0x1de4/0x2cb0 [ 334.064354][ T8592] ? __pfx_path_openat+0x10/0x10 [ 334.064402][ T8592] ? __lock_acquire+0xb8a/0x1c90 [ 334.064448][ T8592] do_filp_open+0x20b/0x470 [ 334.064505][ T8592] ? __pfx_do_filp_open+0x10/0x10 [ 334.064581][ T8592] ? alloc_fd+0x471/0x7d0 [ 334.064636][ T8592] do_sys_openat2+0x11b/0x1d0 [ 334.064672][ T8592] ? __pfx_do_sys_openat2+0x10/0x10 [ 334.064724][ T8592] __x64_sys_openat+0x174/0x210 [ 334.064760][ T8592] ? __pfx___x64_sys_openat+0x10/0x10 [ 334.064813][ T8592] do_syscall_64+0xcd/0x490 [ 334.064865][ T8592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.064898][ T8592] RIP: 0033:0x7f772ab8e929 [ 334.064923][ T8592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.064953][ T8592] RSP: 002b:00007f772b982038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 334.064983][ T8592] RAX: ffffffffffffffda RBX: 00007f772adb5fa0 RCX: 00007f772ab8e929 [ 334.065004][ T8592] RDX: 0000000000001182 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 334.065023][ T8592] RBP: 00007f772ac10b39 R08: 0000000000000000 R09: 0000000000000000 [ 334.065053][ T8592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 334.065069][ T8592] R13: 0000000000000000 R14: 00007f772adb5fa0 R15: 00007ffd55fd5b98 [ 334.065106][ T8592] [ 340.207516][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 340.214095][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 340.228602][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 340.236334][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 340.244905][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 340.251536][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 340.259846][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 340.266256][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 343.022332][ T5849] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 347.635465][ T8733] netlink: 350 bytes leftover after parsing attributes in process `syz.2.519'. [ 347.678202][ T8743] FAULT_INJECTION: forcing a failure. [ 347.678202][ T8743] name failslab, interval 1, probability 0, space 0, times 0 [ 347.741171][ T8743] CPU: 0 UID: 0 PID: 8743 Comm: syz.3.523 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 347.741212][ T8743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 347.741229][ T8743] Call Trace: [ 347.741239][ T8743] [ 347.741249][ T8743] dump_stack_lvl+0x16c/0x1f0 [ 347.741300][ T8743] should_fail_ex+0x512/0x640 [ 347.741342][ T8743] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 347.741404][ T8743] should_failslab+0xc2/0x120 [ 347.741433][ T8743] __kmalloc_cache_noprof+0x6a/0x3e0 [ 347.741477][ T8743] ? cuse_channel_open+0x1de/0x7f0 [ 347.741526][ T8743] cuse_channel_open+0x1de/0x7f0 [ 347.741568][ T8743] ? __pfx_cuse_channel_open+0x10/0x10 [ 347.741611][ T8743] misc_open+0x35d/0x420 [ 347.741650][ T8743] ? __pfx_misc_open+0x10/0x10 [ 347.741691][ T8743] chrdev_open+0x231/0x6a0 [ 347.741754][ T8743] ? __pfx_apparmor_file_open+0x10/0x10 [ 347.741794][ T8743] ? __pfx_chrdev_open+0x10/0x10 [ 347.741848][ T8743] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 347.741908][ T8743] do_dentry_open+0x744/0x1c10 [ 347.741953][ T8743] ? __pfx_chrdev_open+0x10/0x10 [ 347.742007][ T8743] vfs_open+0x82/0x3f0 [ 347.742061][ T8743] path_openat+0x1de4/0x2cb0 [ 347.742121][ T8743] ? __pfx_path_openat+0x10/0x10 [ 347.742168][ T8743] ? __lock_acquire+0xb8a/0x1c90 [ 347.742214][ T8743] do_filp_open+0x20b/0x470 [ 347.742260][ T8743] ? __pfx_do_filp_open+0x10/0x10 [ 347.742336][ T8743] ? alloc_fd+0x471/0x7d0 [ 347.742389][ T8743] do_sys_openat2+0x11b/0x1d0 [ 347.742424][ T8743] ? __pfx_do_sys_openat2+0x10/0x10 [ 347.742475][ T8743] __x64_sys_openat+0x174/0x210 [ 347.742512][ T8743] ? __pfx___x64_sys_openat+0x10/0x10 [ 347.742565][ T8743] do_syscall_64+0xcd/0x490 [ 347.742643][ T8743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.742674][ T8743] RIP: 0033:0x7f763bd8e929 [ 347.742700][ T8743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.742737][ T8743] RSP: 002b:00007f763cbce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 347.742766][ T8743] RAX: ffffffffffffffda RBX: 00007f763bfb6080 RCX: 00007f763bd8e929 [ 347.742787][ T8743] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 347.742807][ T8743] RBP: 00007f763be10b39 R08: 0000000000000000 R09: 0000000000000000 [ 347.742824][ T8743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 347.742842][ T8743] R13: 0000000000000000 R14: 00007f763bfb6080 R15: 00007fff612e7528 [ 347.742882][ T8743] [ 348.667886][ T5849] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 349.371391][ T8757] snd_aloop snd_aloop.0: control 16781581:65533:6:é'x?F¢é/èìzFË·fCªáª:0 is already present [ 350.314244][ T8765] random: crng reseeded on system resumption [ 355.631559][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 355.641530][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 355.737925][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 355.744687][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 355.755345][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 355.761785][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 355.770120][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 355.776656][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 358.398558][ T8862] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 358.520213][ T8863] netlink: 'syz.1.546': attribute type 1 has an invalid length. [ 358.528531][ T8863] netlink: 33 bytes leftover after parsing attributes in process `syz.1.546'. [ 358.941394][ T8873] sd 0:0:1:0: PR command failed: 1026 [ 358.959445][ T8873] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 359.003746][ T8873] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 359.972657][ T8886] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 362.083738][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 362.091340][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 362.117282][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 362.123847][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 362.250143][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 362.258225][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 362.323628][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 362.330004][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 362.465103][ T8897] kexec: Could not allocate control_code_buffer [ 362.973882][ T5849] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 363.056862][ T8911] netlink: 'syz.0.563': attribute type 2 has an invalid length. [ 363.242225][ T5849] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 364.232702][ T8932] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 364.488383][ T8934] netlink: 'syz.0.559': attribute type 1 has an invalid length. [ 364.561776][ T8934] netlink: 33 bytes leftover after parsing attributes in process `syz.0.559'. [ 366.879086][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 366.885592][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 366.894259][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 366.903314][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 366.916257][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 366.922764][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 366.931320][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 366.937978][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 367.660419][ T5849] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 368.056622][ T5849] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 368.150825][ T30] audit: type=1804 audit(6045850617.748:8): pid=8979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.566" name="/newroot/138/file0" dev="tmpfs" ino=740 res=1 errno=0 [ 368.281457][ T30] audit: type=1800 audit(6045850617.838:9): pid=8979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.566" name="file0" dev="tmpfs" ino=740 res=0 errno=0 [ 369.361469][ T8994] sd 0:0:1:0: PR command failed: 1026 [ 369.465355][ T8994] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 369.552607][ T8994] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 370.162313][ T9003] netlink: 'syz.2.573': attribute type 2 has an invalid length. [ 375.368546][ T9059] hub 8-0:1.0: USB hub found [ 375.377330][ T9059] hub 8-0:1.0: 1 port detected [ 380.203252][ T9113] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 383.710500][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.710600][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 388.262774][ T9183] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 391.798283][ T9192] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 391.829463][ T9192] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 391.846246][ T9192] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 391.873647][ T9192] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 392.431169][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 392.966274][ T9228] netlink: 28 bytes leftover after parsing attributes in process `syz.2.612'. [ 393.083080][ T9228] bridge_slave_1: left allmulticast mode [ 393.113482][ T9228] bridge_slave_1: left promiscuous mode [ 393.129020][ T9228] bridge0: port 2(bridge_slave_1) entered disabled state [ 393.206809][ T9228] bridge_slave_0: left allmulticast mode [ 393.259287][ T9228] bridge_slave_0: left promiscuous mode [ 393.278133][ T9228] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.867642][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 393.867657][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 393.945727][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 394.522611][ T9232] netlink: 28 bytes leftover after parsing attributes in process `syz.1.613'. [ 394.601170][ T9232] team_slave_0: entered allmulticast mode [ 397.505825][ T9259] hub 8-0:1.0: USB hub found [ 397.511246][ T9259] hub 8-0:1.0: 1 port detected [ 402.008934][ T5849] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 406.081743][ T30] audit: type=1800 audit(6045850655.688:10): pid=9344 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.635" name="members" dev="configfs" ino=67811 res=0 errno=0 [ 410.881201][ T5849] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 414.612814][ T9455] netlink: 28 bytes leftover after parsing attributes in process `syz.3.657'. [ 415.272281][ T9455] bond0: (slave bond_slave_0): Releasing backup interface [ 415.419205][ T9433] kexec: Could not allocate control_code_buffer [ 417.010625][ T9476] netlink: 28 bytes leftover after parsing attributes in process `syz.1.662'. [ 417.019890][ T9476] bridge_slave_1: left allmulticast mode [ 417.026133][ T9476] bridge_slave_1: left promiscuous mode [ 417.048274][ T9476] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.217835][ T9476] bridge_slave_0: left allmulticast mode [ 417.263061][ T9476] bridge_slave_0: left promiscuous mode [ 417.308988][ T9476] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.070542][ T9604] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 433.341522][ T9638] random: crng reseeded on system resumption [ 436.620948][ T5849] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 438.156036][ T30] audit: type=1800 audit(6045850687.748:11): pid=9716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.704" name="members" dev="configfs" ino=75784 res=0 errno=0 [ 442.592891][ T5849] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 443.368048][ T9769] delete_channel: no stack [ 445.147188][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.161712][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.252500][ T9786] netlink: 20 bytes leftover after parsing attributes in process `syz.0.718'. [ 446.290948][ T9786] hsr_slave_0 (unregistering): left promiscuous mode [ 449.248345][ T9830] delete_channel: no stack [ 469.307827][T10033] delete_channel: no stack [ 475.241720][ T5849] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 479.625627][ T5849] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 482.952871][T10177] delete_channel: no stack [ 484.434310][ T5849] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 485.202946][T10183] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[10183] [ 488.799439][T10248] delete_channel: no stack [ 494.482448][T10305] delete_channel: no stack [ 498.219698][ T5849] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 506.585959][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.607012][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.689889][ T5849] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 508.801320][T10458] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[10458] [ 515.512785][ T5849] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 515.801221][T10524] netlink: 28 bytes leftover after parsing attributes in process `syz.2.849'. [ 515.993095][T10524] vcan0: entered promiscuous mode [ 516.678086][ T5849] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 521.020473][ T5849] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 523.687800][T10620] netlink: 28 bytes leftover after parsing attributes in process `syz.0.865'. [ 524.063825][T10620] vcan0: entered promiscuous mode [ 528.886067][T10681] zswap: compressor not available [ 530.363776][ T5849] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 533.603586][ T5849] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 537.320581][ T5849] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 538.119560][ T5849] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 542.287651][ T5849] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 542.698459][T10848] ptrace attach of "./syz-executor exec"[5832] was attempted by "./syz-executor exec"[10848] [ 550.209233][T10922] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[10922] [ 556.723690][ T5849] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 557.184045][T11005] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[11005] [ 560.553949][T11066] sd 0:0:1:0: PR command failed: 1026 [ 560.573464][T11066] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 560.580222][T11066] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 561.575376][T11081] bridge0: port 3(batadv0) entered blocking state [ 561.600264][T11081] bridge0: port 3(batadv0) entered disabled state [ 561.627947][T11081] batadv0: entered allmulticast mode [ 561.686590][T11081] batadv0: entered promiscuous mode [ 561.736762][T11081] bridge0: port 3(batadv0) entered blocking state [ 561.743361][T11081] bridge0: port 3(batadv0) entered forwarding state [ 561.800512][T11043] Bluetooth: hci2: unexpected event 0x1d length: 10 > 5 [ 565.723511][T11043] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 567.686247][T11043] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 568.026128][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.049805][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.275858][T11176] ptrace attach of "./syz-executor exec"[5832] was attempted by "./syz-executor exec"[11176] [ 570.265210][T11043] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 573.901467][T11248] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[11248] [ 575.838473][T11043] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 579.065627][T11043] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 581.953376][T11043] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 583.474016][T11436] ubi0: attaching mtd0 [ 583.658047][T11436] ubi0: scanning is finished [ 583.671114][T11436] ubi0: empty MTD device detected [ 584.213861][T11436] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 586.374349][T11490] .SR: entered promiscuous mode [ 586.414057][T11490] Invalid ELF header magic: != ELF [ 586.681677][T11363] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 586.692402][T11363] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 586.703171][T11363] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 586.713400][T11363] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 586.721653][T11363] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 586.968514][T11490] could not allocate digest TFM handle [ 586.981868][T11491] could not allocate digest TFM handle [ 587.266592][T11492] chnl_net:caif_netlink_parms(): no params data found [ 587.559028][T11492] bridge0: port 1(bridge_slave_0) entered blocking state [ 587.567370][T11492] bridge0: port 1(bridge_slave_0) entered disabled state [ 587.575521][T11492] bridge_slave_0: entered allmulticast mode [ 587.585423][T11492] bridge_slave_0: entered promiscuous mode [ 587.595322][T11492] bridge0: port 2(bridge_slave_1) entered blocking state [ 587.603345][T11492] bridge0: port 2(bridge_slave_1) entered disabled state [ 587.610876][T11492] bridge_slave_1: entered allmulticast mode [ 587.619728][T11492] bridge_slave_1: entered promiscuous mode [ 587.703846][T11492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 587.743528][T11492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 587.976548][T11492] team0: Port device team_slave_0 added [ 588.072997][T11492] team0: Port device team_slave_1 added [ 588.324019][T11492] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 588.331362][T11492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.378418][T11492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 588.421752][T11492] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 588.470338][T11492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.496942][T11492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 588.822092][T11363] Bluetooth: hci0: command tx timeout [ 588.880987][T11492] hsr_slave_0: entered promiscuous mode [ 588.891183][T11492] hsr_slave_1: entered promiscuous mode [ 588.902663][T11492] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 588.931270][T11492] Cannot create hsr debugfs directory [ 589.534291][T11492] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.649122][T11492] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.730406][T11492] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.878084][T11492] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.479083][T11492] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 590.506418][T11492] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 590.539386][T11492] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 590.806598][T11492] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 590.901791][T11363] Bluetooth: hci0: command tx timeout [ 591.399351][T11492] 8021q: adding VLAN 0 to HW filter on device bond0 [ 591.544215][T11492] 8021q: adding VLAN 0 to HW filter on device team0 [ 591.634393][T11036] bridge0: port 1(bridge_slave_0) entered blocking state [ 591.641584][T11036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 591.704889][T11050] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.712108][T11050] bridge0: port 2(bridge_slave_1) entered forwarding state [ 592.594555][T11492] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 592.836558][T11492] veth0_vlan: entered promiscuous mode [ 592.877102][T11492] veth1_vlan: entered promiscuous mode [ 592.948906][T11492] veth0_macvtap: entered promiscuous mode [ 592.962135][T11492] veth1_macvtap: entered promiscuous mode [ 592.981594][T11363] Bluetooth: hci0: command tx timeout [ 592.998448][T11492] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 593.023779][T11492] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 593.039376][T11492] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.049988][T11492] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.059593][T11492] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.070304][T11492] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.273156][T11036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 593.281487][T11036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 593.405959][T11050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 593.415925][T11050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 594.832466][ T30] audit: type=1800 audit(6045850844.408:12): pid=11593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1063" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 595.028310][T11596] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 595.071194][T11363] Bluetooth: hci0: command tx timeout [ 596.395721][T11615] FAULT_INJECTION: forcing a failure. [ 596.395721][T11615] name failslab, interval 1, probability 0, space 0, times 0 syzkaller [ 596.415643][T11615] CPU: 0 UID: 0 PID: 11615 Comm: syz.3.1059 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) syzkaller login[ 596.415679][T11615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 : [ 596.415694][T11615] Call Trace: [ 596.415703][T11615] [ 596.415713][T11615] dump_stack_lvl+0x16c/0x1f0 [ 596.415756][T11615] should_fail_ex+0x512/0x640 [ 596.415794][T11615] ? fs_reclaim_acquire+0xae/0x150 [ 596.415830][T11615] ? tomoyo_encode2+0x100/0x3e0 [ 596.415864][T11615] should_failslab+0xc2/0x120 [ 596.415886][T11615] __kmalloc_noprof+0xd2/0x510 [ 596.415930][T11615] tomoyo_encode2+0x100/0x3e0 [ 596.415968][T11615] tomoyo_encode+0x29/0x50 [ 596.416000][T11615] tomoyo_realpath_from_path+0x18f/0x6e0 [ 596.416046][T11615] tomoyo_check_open_permission+0x2ab/0x3c0 [ 596.416076][T11615] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 596.416142][T11615] ? find_held_lock+0x2b/0x80 [ 596.416178][T11615] tomoyo_file_open+0x6b/0x90 [ 596.416220][T11615] security_file_open+0x84/0x1e0 [ 596.416256][T11615] do_dentry_open+0x596/0x1c10 [ 596.416301][T11615] vfs_open+0x82/0x3f0 [ 596.416333][T11615] path_openat+0x1de4/0x2cb0 [ 596.416383][T11615] ? __pfx_path_openat+0x10/0x10 [ 596.416423][T11615] ? __lock_acquire+0xb8a/0x1c90 [ 596.416463][T11615] do_filp_open+0x20b/0x470 [ 596.416508][T11615] ? __pfx_do_filp_open+0x10/0x10 [ 596.416584][T11615] ? alloc_fd+0x471/0x7d0 [ 596.416640][T11615] do_sys_openat2+0x11b/0x1d0 [ 596.416674][T11615] ? __pfx_do_sys_openat2+0x10/0x10 [ 596.416720][T11615] __x64_sys_openat+0x174/0x210 [ 596.416752][T11615] ? __pfx___x64_sys_openat+0x10/0x10 [ 596.416810][T11615] do_syscall_64+0xcd/0x490 [ 596.416858][T11615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.416889][T11615] RIP: 0033:0x7ff491b8e929 [ 596.416912][T11615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.416942][T11615] RSP: 002b:00007ff48f9d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 596.416987][T11615] RAX: ffffffffffffffda RBX: 00007ff491db6080 RCX: 00007ff491b8e929 [ 596.417009][T11615] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 596.417027][T11615] RBP: 00007ff491c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 596.417045][T11615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 596.417062][T11615] R13: 0000000000000000 R14: 00007ff491db6080 R15: 00007fffc39b2e48 [ 596.417101][T11615] [ 596.418615][T11615] ERROR: Out of memory at tomoyo_realpath_from_path. [ 598.603244][T11652] FAULT_INJECTION: forcing a failure. [ 598.603244][T11652] name failslab, interval 1, probability 0, space 0, times 0 [ 598.616398][T11652] CPU: 1 UID: 0 PID: 11652 Comm: syz.2.1068 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 598.616450][T11652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 598.616469][T11652] Call Trace: [ 598.616478][T11652] [ 598.616490][T11652] dump_stack_lvl+0x16c/0x1f0 [ 598.616545][T11652] should_fail_ex+0x512/0x640 [ 598.616591][T11652] ? __kvmalloc_node_noprof+0x124/0x620 [ 598.616644][T11652] should_failslab+0xc2/0x120 [ 598.616675][T11652] __kvmalloc_node_noprof+0x137/0x620 [ 598.616724][T11652] ? sbitmap_init_node+0x1ca/0x770 [ 598.616765][T11652] ? sbitmap_init_node+0x1ca/0x770 [ 598.616798][T11652] sbitmap_init_node+0x1ca/0x770 [ 598.616839][T11652] sbitmap_queue_init_node+0x41/0x560 [ 598.616882][T11652] blk_mq_init_tags+0x12d/0x2b0 [ 598.616934][T11652] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 598.616983][T11652] ? blk_mq_map_queues+0x211/0x410 [ 598.617026][T11652] __blk_mq_alloc_map_and_rqs+0x128/0x1f0 [ 598.617076][T11652] blk_mq_alloc_tag_set+0x778/0x1260 [ 598.617134][T11652] loop_add+0x3b9/0xb70 [ 598.617167][T11652] ? do_vfs_ioctl+0x523/0x1a60 [ 598.617205][T11652] ? __pfx_loop_add+0x10/0x10 [ 598.617236][T11652] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 598.617299][T11652] ? find_held_lock+0x2b/0x80 [ 598.617337][T11652] loop_control_ioctl+0x13e/0x630 [ 598.617379][T11652] ? __pfx_loop_control_ioctl+0x10/0x10 [ 598.617425][T11652] ? update_triggers+0x550/0x5a0 [ 598.617469][T11652] ? __pfx_loop_control_ioctl+0x10/0x10 [ 598.617504][T11652] __x64_sys_ioctl+0x18b/0x210 [ 598.617539][T11652] do_syscall_64+0xcd/0x490 [ 598.617585][T11652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.617613][T11652] RIP: 0033:0x7f772ab8e929 [ 598.617635][T11652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 598.617663][T11652] RSP: 002b:00007f772b982038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 598.617690][T11652] RAX: ffffffffffffffda RBX: 00007f772adb5fa0 RCX: 00007f772ab8e929 [ 598.617709][T11652] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000005 [ 598.617727][T11652] RBP: 00007f772ac10b39 R08: 0000000000000000 R09: 0000000000000000 [ 598.617743][T11652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 598.617759][T11652] R13: 0000000000000000 R14: 00007f772adb5fa0 R15: 00007ffd55fd5b98 [ 598.617793][T11652] [ 598.620107][T11652] blk-mq: reduced tag depth (128 -> 64) [ 599.548508][T11043] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 599.557992][T11043] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 599.569812][T11043] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 599.580463][T11043] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 599.588831][T11043] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 600.357195][T11670] chnl_net:caif_netlink_parms(): no params data found [ 600.814074][T11670] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.834926][T11670] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.842379][T11670] bridge_slave_0: entered allmulticast mode [ 600.850548][T11670] bridge_slave_0: entered promiscuous mode [ 600.859687][T11670] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.867095][T11670] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.875367][T11670] bridge_slave_1: entered allmulticast mode [ 600.884751][T11670] bridge_slave_1: entered promiscuous mode [ 600.940130][T11670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 600.960049][T11670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 601.038544][T11670] team0: Port device team_slave_0 added [ 601.065475][T11670] team0: Port device team_slave_1 added [ 601.218527][T11670] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 601.241515][T11670] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 601.267978][T11670] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 601.291199][T11670] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 601.310092][T11670] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 601.336413][T11670] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 601.534884][T11670] hsr_slave_0: entered promiscuous mode [ 601.567248][T11670] hsr_slave_1: entered promiscuous mode [ 601.600370][T11670] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 601.621487][T11043] Bluetooth: hci4: command tx timeout [ 601.639068][T11670] Cannot create hsr debugfs directory [ 602.096525][T11670] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 602.112114][T11670] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 602.127044][T11670] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 602.138606][T11670] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 602.274507][T11670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 602.308630][T11670] 8021q: adding VLAN 0 to HW filter on device team0 [ 602.357579][T11553] bridge0: port 1(bridge_slave_0) entered blocking state [ 602.364854][T11553] bridge0: port 1(bridge_slave_0) entered forwarding state [ 602.407879][T11553] bridge0: port 2(bridge_slave_1) entered blocking state [ 602.415191][T11553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 603.019906][T11363] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 603.036395][T11363] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 603.048982][T11363] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 603.062613][T11363] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 603.070618][T11363] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 603.592222][T11670] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 603.704556][T11363] Bluetooth: hci4: command tx timeout [ 603.902712][T11724] chnl_net:caif_netlink_parms(): no params data found [ 604.163903][T11724] bridge0: port 1(bridge_slave_0) entered blocking state [ 604.203680][T11724] bridge0: port 1(bridge_slave_0) entered disabled state [ 604.242002][T11724] bridge_slave_0: entered allmulticast mode [ 604.258630][T11724] bridge_slave_0: entered promiscuous mode [ 604.299187][T11724] bridge0: port 2(bridge_slave_1) entered blocking state [ 604.316761][T11724] bridge0: port 2(bridge_slave_1) entered disabled state [ 604.326174][T11724] bridge_slave_1: entered allmulticast mode [ 604.334873][T11724] bridge_slave_1: entered promiscuous mode [ 604.452731][T11724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 604.525573][T11724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 604.666782][T11724] team0: Port device team_slave_0 added [ 604.729784][T11724] team0: Port device team_slave_1 added [ 604.820252][T11724] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 604.827841][T11724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 604.854534][T11724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 604.870658][T11724] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 604.877891][T11724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 604.908910][T11724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 604.988125][T11670] veth0_vlan: entered promiscuous mode [ 605.063052][T11670] veth1_vlan: entered promiscuous mode [ 605.080493][T11724] hsr_slave_0: entered promiscuous mode [ 605.102963][T11724] hsr_slave_1: entered promiscuous mode [ 605.111597][T11724] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 605.120077][T11724] Cannot create hsr debugfs directory [ 605.147426][T11363] Bluetooth: hci1: command tx timeout [ 605.278633][T11670] veth0_macvtap: entered promiscuous mode [ 605.340687][T11670] veth1_macvtap: entered promiscuous mode [ 605.465445][T11670] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 605.584840][T11670] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 605.616420][T11670] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.631653][T11670] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.640963][T11670] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.650437][T11670] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 605.735005][T11724] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.784943][T11043] Bluetooth: hci4: command tx timeout [ 605.844277][T11724] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.982787][T11724] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.020588][T11765] ptrace attach of "./syz-executor exec"[5834] was attempted by "./syz-executor exec"[11765] [ 606.073221][T11050] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 606.084579][T11050] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 606.210904][T11034] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 606.232704][T11034] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 606.333812][T11724] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 606.371955][T11724] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 606.446477][T11724] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 606.483753][T11724] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 607.009416][T11724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 607.058282][T11724] 8021q: adding VLAN 0 to HW filter on device team0 [ 607.222312][T11363] Bluetooth: hci1: command tx timeout [ 607.255725][T11078] bridge0: port 1(bridge_slave_0) entered blocking state [ 607.262931][T11078] bridge0: port 1(bridge_slave_0) entered forwarding state [ 607.294849][T11078] bridge0: port 2(bridge_slave_1) entered blocking state [ 607.302027][T11078] bridge0: port 2(bridge_slave_1) entered forwarding state [ 607.537022][T11798] snd_virmidi snd_virmidi.0: control 5:9:1:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 607.862332][T11363] Bluetooth: hci4: command tx timeout [ 608.388464][T11724] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 608.630431][T11724] veth0_vlan: entered promiscuous mode [ 608.717354][T11724] veth1_vlan: entered promiscuous mode [ 608.841439][T11724] veth0_macvtap: entered promiscuous mode [ 608.869694][T11724] veth1_macvtap: entered promiscuous mode [ 608.934352][T11724] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 608.978087][T11724] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 608.978558][T11043] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 609.012335][T11043] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 609.013368][T11724] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.020924][T11043] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 609.037756][T11043] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 609.046115][T11043] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 609.054602][T11724] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.064486][T11724] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.088757][T11724] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.301770][T11043] Bluetooth: hci1: command tx timeout [ 609.319608][T11553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 609.338634][T11553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 609.428826][T11050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 609.453178][T11050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 609.808023][T11812] chnl_net:caif_netlink_parms(): no params data found [ 609.932952][T11827] ubi0: attaching mtd0 [ 609.938470][T11827] ubi0: scanning is finished [ 610.223235][T11827] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 610.263525][T11827] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 610.271326][T11827] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 610.278830][T11827] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 610.286813][T11827] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 610.294170][T11827] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 610.303066][T11827] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2024389390 [ 610.313142][T11827] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 610.326588][T11842] ubi0: background thread "ubi_bgt0d" started, PID 11842 [ 610.602515][T11812] bridge0: port 1(bridge_slave_0) entered blocking state [ 610.614787][T11812] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.643147][T11812] bridge_slave_0: entered allmulticast mode [ 610.729126][T11812] bridge_slave_0: entered promiscuous mode [ 610.851742][T11812] bridge0: port 2(bridge_slave_1) entered blocking state [ 610.858945][T11812] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.882655][T11812] bridge_slave_1: entered allmulticast mode [ 610.890880][T11812] bridge_slave_1: entered promiscuous mode [ 611.120155][T11812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 611.142318][T11043] Bluetooth: hci2: command tx timeout [ 611.149398][T11812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 611.263422][T11812] team0: Port device team_slave_0 added [ 611.280056][T11812] team0: Port device team_slave_1 added [ 611.354643][T11812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 611.364222][T11812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 611.392270][T11043] Bluetooth: hci1: command tx timeout [ 611.400813][T11812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 611.413316][T11853] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1098'. [ 611.505477][T11853] hsr_slave_0 (unregistering): left promiscuous mode [ 611.532476][T11812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 611.549749][T11812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 611.631277][T11812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 611.738445][T11812] hsr_slave_0: entered promiscuous mode [ 611.763758][T11812] hsr_slave_1: entered promiscuous mode [ 611.771811][T11812] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 611.779692][T11812] Cannot create hsr debugfs directory [ 612.660085][T11812] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.816810][T11812] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.989269][T11812] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.174599][T11812] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.221662][T11043] Bluetooth: hci2: command tx timeout [ 613.744317][T11812] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 613.759567][T11812] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 613.775459][T11812] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 613.816207][T11812] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 614.188644][T11812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 614.221570][T11812] 8021q: adding VLAN 0 to HW filter on device team0 [ 614.239619][T11553] bridge0: port 1(bridge_slave_0) entered blocking state [ 614.246860][T11553] bridge0: port 1(bridge_slave_0) entered forwarding state [ 614.279122][T11553] bridge0: port 2(bridge_slave_1) entered blocking state [ 614.286321][T11553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 615.254477][T11812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 615.303621][T11043] Bluetooth: hci2: command tx timeout [ 615.353818][T11812] veth0_vlan: entered promiscuous mode [ 615.375762][T11812] veth1_vlan: entered promiscuous mode [ 615.492139][T11812] veth0_macvtap: entered promiscuous mode [ 615.512573][T11812] veth1_macvtap: entered promiscuous mode [ 615.534993][T11812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 615.548571][T11812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 615.570381][T11812] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.579724][T11812] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.590237][T11812] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.609034][T11812] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.851001][T11042] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 615.877861][T11042] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 615.977606][T11553] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 615.985562][T11553] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 617.318178][T11940] ubi: mtd0 is already attached to ubi0 [ 617.383106][T11043] Bluetooth: hci2: command tx timeout [ 617.766397][T11934] ptrace attach of "./syz-executor exec"[11492] was attempted by "./syz-executor exec"[11934] [ 618.577298][T11964] FAULT_INJECTION: forcing a failure. [ 618.577298][T11964] name failslab, interval 1, probability 0, space 0, times 0 [ 618.651273][T11964] CPU: 1 UID: 0 PID: 11964 Comm: syz.4.1115 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 618.651317][T11964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 618.651337][T11964] Call Trace: [ 618.651347][T11964] [ 618.651359][T11964] dump_stack_lvl+0x16c/0x1f0 [ 618.651414][T11964] should_fail_ex+0x512/0x640 [ 618.651459][T11964] ? __kvmalloc_node_noprof+0x124/0x620 [ 618.651510][T11964] should_failslab+0xc2/0x120 [ 618.651542][T11964] __kvmalloc_node_noprof+0x137/0x620 [ 618.651591][T11964] ? sbitmap_init_node+0x1ca/0x770 [ 618.651632][T11964] ? sbitmap_init_node+0x1ca/0x770 [ 618.651663][T11964] sbitmap_init_node+0x1ca/0x770 [ 618.651703][T11964] sbitmap_queue_init_node+0x41/0x560 [ 618.651745][T11964] blk_mq_init_tags+0x12d/0x2b0 [ 618.651797][T11964] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 618.651847][T11964] ? blk_mq_map_queues+0x211/0x410 [ 618.651898][T11964] __blk_mq_alloc_map_and_rqs+0x128/0x1f0 [ 618.651950][T11964] blk_mq_alloc_tag_set+0x778/0x1260 [ 618.652008][T11964] loop_add+0x3b9/0xb70 [ 618.652041][T11964] ? do_vfs_ioctl+0x523/0x1a60 [ 618.652078][T11964] ? __pfx_loop_add+0x10/0x10 [ 618.652109][T11964] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 618.652175][T11964] ? find_held_lock+0x2b/0x80 [ 618.652210][T11964] loop_control_ioctl+0x13e/0x630 [ 618.652247][T11964] ? __pfx_loop_control_ioctl+0x10/0x10 [ 618.652293][T11964] ? __pfx_loop_control_ioctl+0x10/0x10 [ 618.652333][T11964] __x64_sys_ioctl+0x18b/0x210 [ 618.652392][T11964] do_syscall_64+0xcd/0x490 [ 618.652447][T11964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.652480][T11964] RIP: 0033:0x7f30b9b8e929 [ 618.652506][T11964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 618.652538][T11964] RSP: 002b:00007f30ba93c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 618.652569][T11964] RAX: ffffffffffffffda RBX: 00007f30b9db5fa0 RCX: 00007f30b9b8e929 [ 618.652591][T11964] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000005 [ 618.652611][T11964] RBP: 00007f30b9c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 618.652631][T11964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 618.652650][T11964] R13: 0000000000000000 R14: 00007f30b9db5fa0 R15: 00007ffe81d9e638 [ 618.652691][T11964] [ 618.653660][T11964] blk-mq: reduced tag depth (128 -> 64) syzkaller syzkaller login: [ 620.951307][T12003] ubi: mtd0 is already attached to ubi0 [ 629.470761][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.478154][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.137853][T12101] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 631.039900][T12133] sd 0:0:1:0: PR command failed: 1026 [ 631.059297][T12133] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 631.113314][T12133] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 631.995230][ T30] audit: type=1800 audit(6045850881.598:13): pid=12156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1150" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 634.076053][T12178] ubi: mtd0 is already attached to ubi0 [ 637.730430][T12240] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1166'. [ 638.087057][T12240] hsr_slave_0 (unregistering): left promiscuous mode [ 643.310853][T12333] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1181'. [ 643.669708][T12333] hsr_slave_0 (unregistering): left promiscuous mode [ 643.815739][T12309] ptrace attach of "./syz-executor exec"[11724] was attempted by "./syz-executor exec"[12309] [ 645.924616][T12366] FAULT_INJECTION: forcing a failure. [ 645.924616][T12366] name failslab, interval 1, probability 0, space 0, times 0 [ 645.941513][T12366] CPU: 0 UID: 0 PID: 12366 Comm: syz.0.1187 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 645.941559][T12366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 645.941577][T12366] Call Trace: [ 645.941587][T12366] [ 645.941599][T12366] dump_stack_lvl+0x16c/0x1f0 [ 645.941654][T12366] should_fail_ex+0x512/0x640 [ 645.941688][T12366] ? fs_reclaim_acquire+0xae/0x150 [ 645.941719][T12366] should_failslab+0xc2/0x120 [ 645.941741][T12366] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 645.941777][T12366] ? security_inode_alloc+0x3b/0x2b0 [ 645.941808][T12366] security_inode_alloc+0x3b/0x2b0 [ 645.941834][T12366] inode_init_always_gfp+0xce4/0x1030 [ 645.941880][T12366] alloc_inode+0x86/0x240 [ 645.941905][T12366] new_inode+0x22/0x1c0 [ 645.941931][T12366] bdev_alloc+0x2b/0x420 [ 645.941964][T12366] __alloc_disk_node+0x116/0x630 [ 645.942003][T12366] __blk_mq_alloc_disk+0x89/0x120 [ 645.942039][T12366] nbd_dev_add+0x4a0/0xbc0 [ 645.942075][T12366] ? __pfx_nbd_dev_add+0x10/0x10 [ 645.942129][T12366] ? bpf_lsm_capable+0x9/0x10 [ 645.942159][T12366] ? __radix_tree_lookup+0x21f/0x2c0 [ 645.942197][T12366] nbd_genl_connect+0x8b0/0x1c20 [ 645.942239][T12366] ? __pfx_nbd_genl_connect+0x10/0x10 [ 645.942276][T12366] ? __nla_parse+0x40/0x60 [ 645.942303][T12366] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 645.942335][T12366] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 645.942373][T12366] genl_family_rcv_msg_doit+0x209/0x2f0 [ 645.942404][T12366] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 645.942433][T12366] ? genl_get_cmd+0x194/0x580 [ 645.942468][T12366] ? __radix_tree_lookup+0x21f/0x2c0 [ 645.942505][T12366] genl_rcv_msg+0x55c/0x800 [ 645.942536][T12366] ? __pfx_genl_rcv_msg+0x10/0x10 [ 645.942566][T12366] ? __pfx_nbd_genl_connect+0x10/0x10 [ 645.942613][T12366] netlink_rcv_skb+0x158/0x420 [ 645.942637][T12366] ? __pfx_genl_rcv_msg+0x10/0x10 [ 645.942667][T12366] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 645.942703][T12366] ? netlink_deliver_tap+0x1ae/0xd30 [ 645.942731][T12366] genl_rcv+0x28/0x40 [ 645.942754][T12366] netlink_unicast+0x53a/0x7f0 [ 645.942797][T12366] ? __pfx_netlink_unicast+0x10/0x10 [ 645.942831][T12366] netlink_sendmsg+0x8d1/0xdd0 [ 645.942865][T12366] ? __pfx_netlink_sendmsg+0x10/0x10 [ 645.942902][T12366] ____sys_sendmsg+0xa98/0xc70 [ 645.942930][T12366] ? copy_msghdr_from_user+0x10a/0x160 [ 645.942966][T12366] ? __pfx_____sys_sendmsg+0x10/0x10 [ 645.942991][T12366] ? preempt_schedule_thunk+0x16/0x30 [ 645.943025][T12366] ? try_to_wake_up+0xa2f/0x1680 [ 645.943054][T12366] ___sys_sendmsg+0x134/0x1d0 [ 645.943091][T12366] ? __pfx____sys_sendmsg+0x10/0x10 [ 645.943125][T12366] ? __lock_acquire+0x622/0x1c90 [ 645.943191][T12366] __sys_sendmsg+0x16d/0x220 [ 645.943227][T12366] ? __pfx___sys_sendmsg+0x10/0x10 [ 645.943263][T12366] ? __x64_sys_futex+0x1e0/0x4c0 [ 645.943323][T12366] do_syscall_64+0xcd/0x490 [ 645.943361][T12366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 645.943384][T12366] RIP: 0033:0x7faa0178e929 [ 645.943402][T12366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 645.943424][T12366] RSP: 002b:00007faa025a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 645.943445][T12366] RAX: ffffffffffffffda RBX: 00007faa019b6080 RCX: 00007faa0178e929 [ 645.943460][T12366] RDX: 0000000000008880 RSI: 0000200000001e00 RDI: 0000000000000005 [ 645.943474][T12366] RBP: 00007faa01810b39 R08: 0000000000000000 R09: 0000000000000000 [ 645.943488][T12366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 645.943501][T12366] R13: 0000000000000000 R14: 00007faa019b6080 R15: 00007ffe1b77a558 [ 645.943530][T12366] [ 646.343813][T12366] nbd: failed to add new device [ 648.636442][T12391] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1193'. syzkaller syzkaller login: [ 674.195878][T11363] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 674.208894][T11363] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 674.223445][T11363] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 674.234510][T11363] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 674.242901][T11363] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 674.462719][T12543] chnl_net:caif_netlink_parms(): no params data found [ 674.727379][T12543] bridge0: port 1(bridge_slave_0) entered blocking state [ 674.741255][T12543] bridge0: port 1(bridge_slave_0) entered disabled state [ 674.750390][T12543] bridge_slave_0: entered allmulticast mode [ 674.759753][T12543] bridge_slave_0: entered promiscuous mode [ 674.772002][T12543] bridge0: port 2(bridge_slave_1) entered blocking state [ 674.779192][T12543] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.787287][T12543] bridge_slave_1: entered allmulticast mode [ 674.796224][T12543] bridge_slave_1: entered promiscuous mode [ 675.064781][T12543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 675.129634][T12543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 675.301552][T12543] team0: Port device team_slave_0 added [ 675.376297][T12543] team0: Port device team_slave_1 added [ 675.529777][T12543] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 675.555746][T12543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.591383][T12543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 675.612566][T12543] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 675.619559][T12543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.647248][T12543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 675.838773][T12543] hsr_slave_0: entered promiscuous mode [ 675.892290][T12543] hsr_slave_1: entered promiscuous mode [ 675.916310][T12543] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 675.950959][T12543] Cannot create hsr debugfs directory [ 676.341680][T11363] Bluetooth: hci5: command tx timeout [ 677.054643][T12543] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 677.165829][T12543] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 677.227302][T12543] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 677.269103][T12543] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 677.517122][T12543] 8021q: adding VLAN 0 to HW filter on device bond0 [ 677.699901][T12543] 8021q: adding VLAN 0 to HW filter on device team0 [ 677.732953][T11553] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.740101][T11553] bridge0: port 1(bridge_slave_0) entered forwarding state [ 677.764135][T11553] bridge0: port 2(bridge_slave_1) entered blocking state [ 677.771329][T11553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 678.312591][T12543] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 678.421397][T11363] Bluetooth: hci5: command tx timeout [ 679.187212][T12543] veth0_vlan: entered promiscuous mode [ 679.224532][T12543] veth1_vlan: entered promiscuous mode [ 679.378324][T12543] veth0_macvtap: entered promiscuous mode [ 679.400712][T12543] veth1_macvtap: entered promiscuous mode [ 679.452594][T12543] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 679.494333][T12543] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 679.526611][T12543] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.541098][T12543] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.555382][T12543] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.579348][T12543] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.909307][T11553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 679.971164][ T30] audit: type=1800 audit(6045850929.548:14): pid=12651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1237" name="lu_gp_id" dev="configfs" ino=116698 res=0 errno=0 [ 679.992450][T11553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 680.178394][T11750] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 680.239432][T12651] ALUA LU Group already has a valid ID, ignoring request [ 680.259011][T11750] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 680.501423][T11363] Bluetooth: hci5: command tx timeout syzkaller syzkaller login: [ 682.582822][T11363] Bluetooth: hci5: command tx timeout [ 686.557833][T12756] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 690.905441][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.913269][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 692.701775][T12839] random: crng reseeded on system resumption [ 695.058640][T12839] Restarting kernel threads ... [ 695.145910][T12839] Done restarting kernel threads. [ 696.142817][T12863] ptrace attach of "./syz-executor exec"[12543] was attempted by "./syz-executor exec"[12863] [ 705.794923][T12994] FAULT_INJECTION: forcing a failure. [ 705.794923][T12994] name failslab, interval 1, probability 0, space 0, times 0 [ 705.835723][T12994] CPU: 1 UID: 0 PID: 12994 Comm: syz.2.1294 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 705.835758][T12994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 705.835772][T12994] Call Trace: [ 705.835781][T12994] [ 705.835789][T12994] dump_stack_lvl+0x16c/0x1f0 [ 705.835832][T12994] should_fail_ex+0x512/0x640 [ 705.835866][T12994] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 705.835906][T12994] should_failslab+0xc2/0x120 [ 705.835929][T12994] __kmalloc_cache_node_noprof+0x6d/0x420 [ 705.835965][T12994] ? bdi_alloc+0x44/0x170 [ 705.835990][T12994] bdi_alloc+0x44/0x170 [ 705.836011][T12994] __alloc_disk_node+0xac/0x630 [ 705.836051][T12994] __blk_mq_alloc_disk+0x89/0x120 [ 705.836086][T12994] nbd_dev_add+0x4a0/0xbc0 [ 705.836123][T12994] ? __pfx_nbd_dev_add+0x10/0x10 [ 705.836175][T12994] ? bpf_lsm_capable+0x9/0x10 [ 705.836205][T12994] ? __radix_tree_lookup+0x21f/0x2c0 [ 705.836245][T12994] nbd_genl_connect+0x8b0/0x1c20 [ 705.836290][T12994] ? __pfx_nbd_genl_connect+0x10/0x10 [ 705.836328][T12994] ? __nla_parse+0x40/0x60 [ 705.836355][T12994] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 705.836388][T12994] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 705.836425][T12994] genl_family_rcv_msg_doit+0x209/0x2f0 [ 705.836458][T12994] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 705.836488][T12994] ? genl_get_cmd+0x194/0x580 [ 705.836531][T12994] ? __radix_tree_lookup+0x21f/0x2c0 [ 705.836568][T12994] genl_rcv_msg+0x55c/0x800 [ 705.836601][T12994] ? __pfx_genl_rcv_msg+0x10/0x10 [ 705.836631][T12994] ? __pfx_nbd_genl_connect+0x10/0x10 [ 705.836679][T12994] netlink_rcv_skb+0x158/0x420 [ 705.836704][T12994] ? __pfx_genl_rcv_msg+0x10/0x10 [ 705.836734][T12994] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 705.836772][T12994] ? netlink_deliver_tap+0x1ae/0xd30 [ 705.836799][T12994] genl_rcv+0x28/0x40 [ 705.836824][T12994] netlink_unicast+0x53a/0x7f0 [ 705.836852][T12994] ? __pfx_netlink_unicast+0x10/0x10 [ 705.836885][T12994] netlink_sendmsg+0x8d1/0xdd0 [ 705.836915][T12994] ? __pfx_netlink_sendmsg+0x10/0x10 [ 705.836951][T12994] ____sys_sendmsg+0xa98/0xc70 [ 705.836979][T12994] ? copy_msghdr_from_user+0x10a/0x160 [ 705.837014][T12994] ? __pfx_____sys_sendmsg+0x10/0x10 [ 705.837048][T12994] ? __pfx_futex_wake_mark+0x10/0x10 [ 705.837087][T12994] ___sys_sendmsg+0x134/0x1d0 [ 705.837124][T12994] ? __pfx____sys_sendmsg+0x10/0x10 [ 705.837157][T12994] ? __lock_acquire+0x622/0x1c90 [ 705.837224][T12994] __sys_sendmsg+0x16d/0x220 [ 705.837260][T12994] ? __pfx___sys_sendmsg+0x10/0x10 [ 705.837295][T12994] ? __x64_sys_futex+0x1e0/0x4c0 [ 705.837341][T12994] do_syscall_64+0xcd/0x490 [ 705.837381][T12994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.837405][T12994] RIP: 0033:0x7f78b678e929 [ 705.837424][T12994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 705.837447][T12994] RSP: 002b:00007f78b75f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 705.837470][T12994] RAX: ffffffffffffffda RBX: 00007f78b69b6080 RCX: 00007f78b678e929 [ 705.837485][T12994] RDX: 0000000000008880 RSI: 0000200000001e00 RDI: 0000000000000005 [ 705.837500][T12994] RBP: 00007f78b6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 705.837515][T12994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 705.837534][T12994] R13: 0000000000000000 R14: 00007f78b69b6080 R15: 00007ffd8872a9b8 [ 705.837564][T12994] [ 706.783352][T12994] nbd: failed to add new device [ 710.667634][T13035] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1303'. [ 710.763906][ T31] INFO: task kworker/u8:2:36 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 710.831526][ T31] Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 [ 710.839239][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 710.888682][ T31] task:kworker/u8:2 state:D stack:23240 pid:36 tgid:36 ppid:2 task_flags:0x4208160 flags:0x00004000 [ 710.941225][ T31] Workqueue: netns cleanup_net [ 710.961701][ T31] Call Trace: [ 710.965839][ T31] [ 711.020390][ T31] __schedule+0x116a/0x5de0 [ 711.035685][ T31] ? __lock_acquire+0x622/0x1c90 [ 711.045805][ T31] ? __pfx___schedule+0x10/0x10 [ 711.060249][ T31] ? find_held_lock+0x2b/0x80 [ 711.074439][ T31] ? schedule+0x2d7/0x3a0 [ 711.101154][ T31] schedule+0xe7/0x3a0 [ 711.105358][ T31] schedule_timeout+0x257/0x290 [ 711.142098][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 711.161276][ T31] ? mark_held_locks+0x49/0x80 [ 711.166157][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 711.221496][ T31] __wait_for_common+0x2ff/0x4e0 [ 711.226561][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 711.251196][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 711.261769][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 711.271741][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 711.303382][ T31] __flush_workqueue+0x3e2/0x1230 [ 711.341176][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 711.375905][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 711.400664][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 711.443422][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 711.501104][ T31] rds_tcp_listen_stop+0x104/0x150 [ 711.506377][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 711.517135][ T31] rds_tcp_exit_net+0xcb/0x810 [ 711.541935][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 711.551476][ T31] ? __pfx___might_resched+0x10/0x10 [ 711.556872][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 711.611106][ T31] ops_undo_list+0x2eb/0xab0 [ 711.615800][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 711.621006][ T31] ? __local_bh_enable_ip+0xa4/0x120 [ 711.636504][ T31] cleanup_net+0x408/0x890 [ 711.640989][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 711.646672][ T31] ? rcu_is_watching+0x12/0xc0 [ 711.651808][ T31] process_one_work+0x9cc/0x1b70 [ 711.661379][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 711.666397][ T31] ? __pfx_process_one_work+0x10/0x10 [ 711.681112][ T31] ? assign_work+0x1a0/0x250 [ 711.685794][ T31] worker_thread+0x6c8/0xf10 [ 711.693081][ T31] ? __pfx_worker_thread+0x10/0x10 [ 711.698284][ T31] kthread+0x3c5/0x780 [ 711.711418][ T31] ? __pfx_kthread+0x10/0x10 [ 711.716109][ T31] ? rcu_is_watching+0x12/0xc0 [ 711.720964][ T31] ? __pfx_kthread+0x10/0x10 [ 711.730463][ T31] ret_from_fork+0x5d4/0x6f0 [ 711.735479][ T31] ? __pfx_kthread+0x10/0x10 [ 711.740180][ T31] ret_from_fork_asm+0x1a/0x30 [ 711.745451][ T31] [ 711.749002][ T31] [ 711.749002][ T31] Showing all locks held in the system: [ 711.757560][ T31] 1 lock held by khungtaskd/31: [ 711.762887][ T31] #0: ffffffff8e5c47c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 711.783436][ T31] 3 locks held by kworker/u8:2/36: [ 711.788655][ T31] #0: ffff88801c6fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 711.831351][ T31] #1: ffffc90000ac7d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 711.851103][ T31] #2: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 [ 711.860619][ T31] 3 locks held by kworker/u11:1/11043: [ 711.873796][ T31] #0: ffff888029d4b948 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 711.884578][ T31] #1: ffffc900040ffd10 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 711.898144][ T31] #2: ffff8880620d8d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x175/0x430 [ 711.911115][ T31] 1 lock held by syz.1.1031/11456: [ 711.916287][ T31] #0: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 711.926522][ T31] 5 locks held by kworker/u10:5/11553: [ 711.932487][ T31] #0: ffff8880b843a418 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 711.943247][ T31] #1: ffff88805809e018 (&pid_list->lock){-.-.}-{2:2}, at: trace_pid_list_is_set+0x4c/0x150 [ 711.953778][ T31] #2: ffff8880b8425b18 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x127/0x1d0 [ 711.963567][ T31] #3: ffffffff9afe5a68 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x14c/0x4c0 [ 711.974387][ T31] #4: ffffffff8e482d88 (text_mutex){+.+.}-{4:4}, at: arch_jump_label_transform_apply+0x17/0x30 [ 711.985329][ T31] 1 lock held by syz.4.1214/12522: [ 711.990520][ T31] #0: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 712.001758][ T31] 2 locks held by getty/12679: [ 712.006610][ T31] #0: ffff8880360020a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 712.016998][ T31] #1: ffffc900035bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 712.028301][ T31] 1 lock held by syz.2.1300/13022: [ 712.033824][ T31] #0: ffffffff90338250 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 712.043733][ T31] 1 lock held by syz.3.1313/13040: [ 712.048900][ T31] #0: ffffffff8e5cfdb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 712.060277][ T31] [ 712.110081][ T31] ============================================= [ 712.110081][ T31] [ 712.141458][ T31] NMI backtrace for cpu 1 [ 712.141482][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 712.141520][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 712.141538][ T31] Call Trace: [ 712.141547][ T31] [ 712.141559][ T31] dump_stack_lvl+0x116/0x1f0 [ 712.141611][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 712.141648][ T31] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 712.141693][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 712.141736][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 712.141794][ T31] watchdog+0xf70/0x12c0 [ 712.141848][ T31] ? __pfx_watchdog+0x10/0x10 [ 712.141893][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 712.141941][ T31] ? __kthread_parkme+0x19e/0x250 [ 712.141981][ T31] ? __pfx_watchdog+0x10/0x10 [ 712.142026][ T31] kthread+0x3c5/0x780 [ 712.142071][ T31] ? __pfx_kthread+0x10/0x10 [ 712.142117][ T31] ? rcu_is_watching+0x12/0xc0 [ 712.142151][ T31] ? __pfx_kthread+0x10/0x10 [ 712.142197][ T31] ret_from_fork+0x5d4/0x6f0 [ 712.142237][ T31] ? __pfx_kthread+0x10/0x10 [ 712.142282][ T31] ret_from_fork_asm+0x1a/0x30 [ 712.142334][ T31] [ 712.142345][ T31] Sending NMI from CPU 1 to CPUs 0: [ 712.269995][ C0] NMI backtrace for cpu 0 [ 712.270020][ C0] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 712.270052][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 712.270070][ C0] Workqueue: events drain_vmap_area_work [ 712.270101][ C0] RIP: 0010:__lock_acquire+0x2a4/0x1c90 [ 712.270136][ C0] Code: 01 0f 88 db 0d 00 00 49 63 c6 48 8d 04 80 49 8d 04 c4 eb 12 41 83 ee 01 48 83 e8 28 41 83 fe ff 0f 84 8f 04 00 00 0f b6 50 21 <31> ca 83 e2 60 74 e3 41 83 c6 01 65 8b 05 42 5b 34 12 85 c0 0f 84 [ 712.270161][ C0] RSP: 0018:ffffc900000f74f0 EFLAGS: 00000013 [ 712.270180][ C0] RAX: ffff88801e6a2918 RBX: 0000000000000004 RCX: 0000000000000000 [ 712.270196][ C0] RDX: 000000000000000a RSI: 0000000000000004 RDI: ffff88801e6a2990 [ 712.270212][ C0] RBP: ffff88801e6a1e00 R08: 0000000000000000 R09: 0000000000000000 [ 712.270228][ C0] R10: 00000000000000a0 R11: 0000000000000001 R12: ffff88801e6a28f0 [ 712.270244][ C0] R13: ffff88801e6a2990 R14: 0000000000000001 R15: 0000000000000001 [ 712.270260][ C0] FS: 0000000000000000(0000) GS:ffff888124760000(0000) knlGS:0000000000000000 [ 712.270284][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 712.270301][ C0] CR2: 00000000005c3000 CR3: 000000000e382000 CR4: 00000000003526f0 [ 712.270317][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 712.270332][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 712.270348][ C0] Call Trace: [ 712.270355][ C0] [ 712.270368][ C0] ? lock_acquire+0x179/0x350 [ 712.270403][ C0] lock_acquire+0x179/0x350 [ 712.270435][ C0] ? unwind_next_frame+0xbd/0x20a0 [ 712.270475][ C0] ? unwind_next_frame+0x3f4/0x20a0 [ 712.270513][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 712.270543][ C0] unwind_next_frame+0xd1/0x20a0 [ 712.270579][ C0] ? unwind_next_frame+0xbd/0x20a0 [ 712.270616][ C0] ? kasan_depopulate_vmalloc_pte+0x5f/0x80 [ 712.270654][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 712.270683][ C0] arch_stack_walk+0x94/0x100 [ 712.270725][ C0] ? kasan_depopulate_vmalloc_pte+0x5f/0x80 [ 712.270764][ C0] stack_trace_save+0x8e/0xc0 [ 712.270790][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 712.270819][ C0] ? __lock_acquire+0x622/0x1c90 [ 712.270853][ C0] save_stack+0x160/0x1f0 [ 712.270889][ C0] ? __pfx_save_stack+0x10/0x10 [ 712.270924][ C0] ? __free_frozen_pages+0x7fe/0x1180 [ 712.270956][ C0] ? kasan_depopulate_vmalloc_pte+0x5f/0x80 [ 712.270997][ C0] ? page_ext_put+0x3e/0xd0 [ 712.271051][ C0] __reset_page_owner+0x84/0x1a0 [ 712.271095][ C0] __free_frozen_pages+0x7fe/0x1180 [ 712.271131][ C0] ? __pfx_kasan_depopulate_vmalloc_pte+0x10/0x10 [ 712.271168][ C0] kasan_depopulate_vmalloc_pte+0x5f/0x80 [ 712.271205][ C0] __apply_to_page_range+0xa8f/0x1350 [ 712.271242][ C0] ? __pfx_kasan_depopulate_vmalloc_pte+0x10/0x10 [ 712.271280][ C0] ? __pfx___apply_to_page_range+0x10/0x10 [ 712.271311][ C0] ? do_raw_spin_lock+0x12c/0x2b0 [ 712.271349][ C0] ? find_held_lock+0x2b/0x80 [ 712.271374][ C0] ? purge_vmap_node+0x725/0xa30 [ 712.271400][ C0] kasan_release_vmalloc+0xd1/0xe0 [ 712.271435][ C0] purge_vmap_node+0x1c4/0xa30 [ 712.271465][ C0] ? __pfx_purge_vmap_node+0x10/0x10 [ 712.271489][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 712.271525][ C0] __purge_vmap_area_lazy+0xa06/0xc60 [ 712.271556][ C0] drain_vmap_area_work+0x27/0x40 [ 712.271581][ C0] process_one_work+0x9cc/0x1b70 [ 712.271627][ C0] ? __pfx_process_one_work+0x10/0x10 [ 712.271670][ C0] ? assign_work+0x1a0/0x250 [ 712.271706][ C0] worker_thread+0x6c8/0xf10 [ 712.271751][ C0] ? __pfx_worker_thread+0x10/0x10 [ 712.271790][ C0] kthread+0x3c5/0x780 [ 712.271824][ C0] ? __pfx_kthread+0x10/0x10 [ 712.271860][ C0] ? rcu_is_watching+0x12/0xc0 [ 712.271885][ C0] ? __pfx_kthread+0x10/0x10 [ 712.271920][ C0] ret_from_fork+0x5d4/0x6f0 [ 712.271953][ C0] ? __pfx_kthread+0x10/0x10 [ 712.271988][ C0] ret_from_fork_asm+0x1a/0x30 [ 712.272029][ C0] [ 712.877418][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 712.884323][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 712.896151][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 712.906235][ T31] Call Trace: [ 712.909531][ T31] [ 712.912478][ T31] dump_stack_lvl+0x3d/0x1f0 [ 712.917106][ T31] panic+0x71c/0x800 [ 712.921034][ T31] ? __pfx___irq_work_queue_local+0x10/0x10 [ 712.926999][ T31] ? __pfx_panic+0x10/0x10 [ 712.931445][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 712.936846][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 712.942864][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 712.948273][ T31] ? watchdog+0xdda/0x12c0 [ 712.952751][ T31] ? watchdog+0xdcd/0x12c0 [ 712.957209][ T31] watchdog+0xdeb/0x12c0 [ 712.961486][ T31] ? __pfx_watchdog+0x10/0x10 [ 712.966208][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 712.971442][ T31] ? __kthread_parkme+0x19e/0x250 [ 712.976505][ T31] ? __pfx_watchdog+0x10/0x10 [ 712.981220][ T31] kthread+0x3c5/0x780 [ 712.985328][ T31] ? __pfx_kthread+0x10/0x10 [ 712.989959][ T31] ? rcu_is_watching+0x12/0xc0 [ 712.994754][ T31] ? __pfx_kthread+0x10/0x10 [ 712.999397][ T31] ret_from_fork+0x5d4/0x6f0 [ 713.004032][ T31] ? __pfx_kthread+0x10/0x10 [ 713.008666][ T31] ret_from_fork_asm+0x1a/0x30 [ 713.013486][ T31] [ 713.016899][ T31] Kernel Offset: disabled [ 713.021247][ T31] Rebooting in 86400 seconds..