last executing test programs: 2m26.678258297s ago: executing program 1 (id=2431): mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) unshare$auto(0x40000080) socket(0x1d, 0x2, 0x6) r0 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1, 0xfd}, 0x6a) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x6}, 0x1, 0x0, 0x3, 0xa}, 0x8}, 0x5, 0xffb) listmount$auto(0x0, 0x0, 0x7fffffffffffffff, 0x0) r2 = socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) socket(0x2, 0x3, 0x2) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRES16=0x0, @ANYBLOB="0d566b3dd008e4edd96502000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$auto_SO_MAX_PACING_RATE(r2, 0x3, 0x2f, &(0x7f0000000300)='\xba\xf13\xa4o\xd3\xd2\xe0v\x95\xe6mAk\x90\xa1\xfd\xb0\xe1\xa6W\x85py\x91Q\xe7\xc9\x05\xce\x17\xe6<0e\x12\xe8/\x16\xf0\xd2\xe5\x06[\vFb\xd6\xc0sTv*\xa6\x97\xb4\xcf\xc8d^\xb1\x7f\xeeH\xd2\xa8\xeb\xad\xdfw\xad\x1e\xcf\x13\xd2\xbbh\xb7\xb1\xa2\x14\xbe=Q\xf3\xd6\x85\x8as\x04\x93\x8c3\n\x9e\xcc\xbdP\x89\xee\xa8\x82\x03\x97\xe6^\x85#\x11T\x8dE\xba\nF\xc2\xe2\x06k\xf0~\xa3\x86h\xc2\xb8\xcfk\x1f', 0x4) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mtd0ro\x00', 0x800, 0x0) ioctl$auto_OTPSELECT(r3, 0x80044d0d, &(0x7f0000000200)=0x707a) open(0x0, 0x2a4c0, 0x40) mq_timedsend$auto(0xffffffffffffffff, 0x0, 0x0, 0xfffffffe, 0x0) 2m25.926053089s ago: executing program 1 (id=2434): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) rseq$auto(&(0x7f0000000080)={0x9, 0x8, 0x0, 0x7, 0xffffffff, 0x2, "24229ba6405fe4fc8b79b54d7e17"}, 0x7ffd, 0xfffffff4, 0x6) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(0x0, 0xeee00, 0x31) mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(0x0, 0x1e1401, 0xe5) r0 = gettid() rt_sigtimedwait$auto(&(0x7f0000000000)={0x86e}, 0x0, 0x0, 0x8) tkill$auto(r0, 0x7) write$auto(0x3, 0x0, 0x100082) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0xc, 0xbc5, 0x13, 0x3, 0x8000) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) clone$auto(0x8001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) r1 = socket(0xa, 0x2, 0x73) getsockname$auto(r1, 0x0, &(0x7f0000000280)=0xaea) mlockall$auto(0x7) mmap$auto(0x0, 0x200004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) memfd_create$auto(&(0x7f0000000000)='A\x00\x00\x00\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\f\x00\x00\v\x00E\xdb\x81\xd9\xd8\xe640\xc6\xa4Sr\x82\xcc\"K\xe1IIT\x00\x00\x00', 0xe) rseq$auto(0x0, 0x8000, 0x0, 0x6) finit_module$auto(0x3, 0xfffffffffffffffe, 0x400000000004) 2m24.781841184s ago: executing program 1 (id=2436): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) futex_wake$auto(&(0x7f0000000040)="b37a6be4c34a2666976b1a481793f568dc046f7257", 0xffffffffffff8001, 0x4, 0x4) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xfdef) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/topology/die_cpus_list\x00', 0x8304, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x2001, 0x0) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0xc) socket(0x10, 0x2, 0xc) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) 2m23.770834165s ago: executing program 1 (id=2439): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r1, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x11e789c}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x3}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, 0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) mmap$auto(0x1, 0x3, 0x1, 0xe31, 0xffffffffffffffff, 0xe0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) socket(0x2, 0x5, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dmmidi2\x00', 0x101, 0x0) socket(0x10, 0x2, 0x0) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x3, 0xa00006, 0x4, 0x40eb1, 0x602, 0x300000000000) ioprio_set$auto(0x2, 0x0, 0x208) 2m22.069181943s ago: executing program 1 (id=2446): r0 = getpgid(0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x388}, 0x1, 0x0, 0x0, 0x4}, 0x400c080) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) fcntl$auto(0x3, 0x4, 0xa553) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) syz_clone3(&(0x7f0000000640)={0x20000, 0x0, &(0x7f0000000480)=0x0, &(0x7f00000004c0), {0x2b}, &(0x7f0000000500)=""/107, 0x6b, &(0x7f0000000840)=""/250, &(0x7f0000000580)=[r0, 0xffffffffffffffff, r0], 0x3, {r2}}, 0x58) shmctl$auto_IPC_INFO(0x0, 0x3, &(0x7f0000000700)={{0x7, 0x0, 0xee01, 0x5, 0x1ff, 0x5, 0x8001}, 0xda, 0x0, 0x9, 0x0, @inferred=r3, @raw=0x8, 0x8, 0x0, &(0x7f0000000940)="7c97008adbe1014b61a56afe636edb780f9a132c7d127ec857a8c7b88b18e5529c3845a61a18187e60ca45bc1feda72615ac677819e9f963eb3ed94b69c99fe264d0920a842f1dc312da0d61eb64ce64fe04a17fa520315d38a71d3278f37c5b1afe5cb5a29b3e947fd05f3ee238fdeb7a26c841a761b034f19bb7c3aa94595a8e0224372de6b0ab0092ea3a24a2747db1359ad794faf5f48d19291524b835fc37031d8cfa0c239314d34b4380f801d56d", &(0x7f0000000a00)="1ba8ae8402947a4a69b06c3264911e748d687575615b3ce3c1ce864440f0e5701188a7921314ed0b259d5ba08c9ddf1b3daa17933464289fb18862f192c9e580923a10e3bd4f6dec1a87dcac17489182cb015b62406e524e3957a0dcd5e0d094bbf9b8732482408613589cecb313697e9beeca39f4ed1e39643d68425fcb663196ce375308f4a55344ea8cc5fae35fd8237aed1ff832197e4351e411c914d38d917c4a7091882257e4d0b1ad0769c2c7f00c2a27a364ac7171279c7cd7db6cf67a23b89500326f"}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) rt_tgsigqueueinfo$auto(r0, r0, 0xe, &(0x7f0000000100)={@siginfo_0_0={0x2a, 0x5, 0xb2, @_rt={r0, 0x0, @sival_ptr=&(0x7f0000000380)="62c89a0bc2225ee5b054049908213cc431697f9ba2f348e13a794b6ba3e4ceec16073e01359b1f6ffdb710160b8a0d422d64716074fea4531148e38310343efae6efdd5cf2bd1196d0afcfc4c147fadbab8f16589a00d47f8c961715c6638edf390b3536590d48b7f27eceabb74dbc679641c8c51cd8cb185e6a58924c16a99a2ff39fa04c36d1826a616bf7f43f3b3732d9c814ebf227dfcb91e852829e90de71d89499d4ea39"}}}) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/loop15/queue/rotational\x00', 0xa081, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) io_uring_register$auto_IORING_REGISTER_CLOCK(r5, 0x1d, &(0x7f0000000200)="c4424404b6aeef06ea7a636329e959f446273b442ea4ecf593a4a34789cdaf12f137c3270dd6a1f9b5e2711595", 0x0) write$auto(r4, &(0x7f0000000040)='7\x02\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) msgctl$auto_MSG_INFO(0x7000, 0xc, &(0x7f0000000180)={{0x5, 0xee01, 0xee00, 0x7fffffff, 0x0, 0x9, 0x2}, &(0x7f0000000100)=0x3, &(0x7f0000000140)=0x5, 0x0, 0x4, 0x1, 0x3, 0xa, 0x8, 0x5, 0x0, @inferred, @raw=0x401}) getdents64$auto(0xffffffffffffffff, &(0x7f0000000000)={0x1e, 0x459b, 0x0, 0xf8}, 0x18) socket(0x2, 0x1, 0x1) 2m20.123466176s ago: executing program 1 (id=2452): write$auto(0x800000000000c8, 0x0, 0x1a) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) shutdown$auto(0x200000003, 0x2) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x6, 0x9, 0x0, 0xfb3) set_mempolicy$auto(0x8003, 0x0, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) madvise$auto(0x0, 0xffffffffffff0005, 0x19) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xf5s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r1 = socket(0xa, 0x2, 0x3a) epoll_ctl$auto(0xffffffffffffffff, 0x1, r0, 0x0) renameat2$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x4000) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PVERSION(0xffffffffffffffff, 0x80045700, &(0x7f0000000200)=0xfff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x800eb1, r1, 0x8000) openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000), 0x2480, 0x0) keyctl$auto(0x7ff, 0x0, 0xee01, 0x0, 0x0) keyctl$auto(0x15, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) mmap$auto(0x1, 0x20009, 0x4000000000e3, 0x17, 0x401, 0x8003) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0xfffffffffffffffe, 0xdf, 0xeb1, 0x401, 0x7ffc) unshare$auto(0x40000080) 2m5.008910583s ago: executing program 32 (id=2452): write$auto(0x800000000000c8, 0x0, 0x1a) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) shutdown$auto(0x200000003, 0x2) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x6, 0x9, 0x0, 0xfb3) set_mempolicy$auto(0x8003, 0x0, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) madvise$auto(0x0, 0xffffffffffff0005, 0x19) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xf5s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r1 = socket(0xa, 0x2, 0x3a) epoll_ctl$auto(0xffffffffffffffff, 0x1, r0, 0x0) renameat2$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0x4000) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PVERSION(0xffffffffffffffff, 0x80045700, &(0x7f0000000200)=0xfff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x800eb1, r1, 0x8000) openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000), 0x2480, 0x0) keyctl$auto(0x7ff, 0x0, 0xee01, 0x0, 0x0) keyctl$auto(0x15, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) mmap$auto(0x1, 0x20009, 0x4000000000e3, 0x17, 0x401, 0x8003) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0xfffffffffffffffe, 0xdf, 0xeb1, 0x401, 0x7ffc) unshare$auto(0x40000080) 59.037955001s ago: executing program 4 (id=2732): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x35, 0x1, 0x4, 0x0, 0x0) r1 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0) mmap$auto(0x0, 0x20009, 0xe0, 0xeb1, 0xffffffffffffffff, 0x4) write$auto(r0, &(0x7f0000000080)='-/%\'\xef#\x00', 0x8000000000000001) readv$auto(r1, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r2, 0x560c, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000004180), r3) sendmsg$auto_OVS_VPORT_CMD_DEL(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f00000041c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010028bd7000fbdbdf25020000000800"/26, @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x80) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x4, 0x800, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000140)=ANY=[@ANYRES64=r4, @ANYRES32=r1, @ANYRES32=0x0, @ANYRESHEX=r5], 0xd4}}, 0x495) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xa901, 0x0) 56.437576731s ago: executing program 4 (id=2730): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyw5\x00', 0x28341, 0x0) ioctl$auto_TIOCMGET2(r1, 0x5415, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080) mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mknod$auto(&(0x7f0000000280)='X))\x00', 0x63c5, 0x7bf) mknod$auto(&(0x7f0000000340)='\xe1\x9eHU\x00', 0x63c1, 0x7fc) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x66ab80, 0x0) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000400), 0x101000, 0x0) ioctl$auto_UI_SET_EVBIT(r2, 0x40045564, &(0x7f0000000440)=0x1) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x2, 0x0, 0xc) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0) sendfile$auto(r3, r3, 0x0, 0x200) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000b80)='/proc/sys/kernel/kptr_restrict\x00', 0x202, 0x0) 54.945415931s ago: executing program 4 (id=2738): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6) socket(0x10, 0x4, 0xffffffc0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x120e2, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x28, r3, 0x301, 0x4070bd25, 0x25dfdbff, {}, [@CTRL_ATTR_FAMILY_NAME={0xc, 0x2, 'nl80211\x00'}, @CTRL_ATTR_OP={0x8, 0xa, 0x1ef}]}, 0x28}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810) write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0004, 0x1a) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) r4 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r4, &(0x7f00000010c0)=""/4082, 0xff2) setgroups$auto(0x1e9, &(0x7f0000000180)=0x400000) madvise$auto(0x8, 0xc89, 0xffffff33) 52.57645399s ago: executing program 4 (id=2746): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) ppoll$auto(&(0x7f0000000000)={r0, 0x40}, 0x2, 0x0, 0x0, 0x8) ioctl$auto_SG_GET_ACCESS_COUNT(r2, 0x2289, &(0x7f00000001c0)="748c71542be98e770ba5c6ba43dff2587884738ab8c9fd79566afe07fed0766d2e8bd35c75d932c63b808ac700554d6a78d7bbe34b9917458bbc021fdb7ee40383d779897f9063e4b275c918f0673b89058d76baf95d9101d716f1deb20e64fb1855a6998b29bb21f4557521a2e6b09332284f8a1c410f8cb5237a2c2dfdf413c7896d1dbd0321cc7b0d144d5d53515e268687110969051804deb3cce3b2b0f81123e08f43a5d7120934107ad931d62e53d861d3f5e79eb900e9f537cc2f62eca0b4348aec16bb8ab6ad1463b157d37dbef4b455fead5a81a4f5149a5cd1c4") modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen_full\x00', 0x0, 0x0) pread64$auto(r3, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) getpid() prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs1\x00', 0x48080, 0x0) fcntl$auto(0x3, 0x4, 0xa553) process_mrelease$auto(0xffffffffffffffff, 0x0) 50.787655769s ago: executing program 4 (id=2753): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) futex_wake$auto(&(0x7f0000000040)="b37a6be4c34a2666976b1a481793f568dc046f7257", 0xffffffffffff8001, 0x4, 0x4) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xfdef) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/topology/die_cpus_list\x00', 0x8304, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x2001, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0xc) r0 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r0, @ANYBLOB="01"], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(0xffffffffffffffff, &(0x7f0000000000)='-\x00', 0xfdef) 49.781231334s ago: executing program 4 (id=2756): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r0, 0x0, 0x3, 0x20000000) write$auto(r0, 0x0, 0xfffffde9) shutdown$auto(0x200000003, 0x2) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xca, 0x0, 0x1ff) write$auto(0xffffffffffffffff, 0x0, 0x1) ioctl$auto_SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x3e, 0x7, 0x0, 0x1, 0x1) r2 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4020009, 0xb2, 0xeb1, r2, 0x100000000) unshare$auto(0x40000080) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) write$auto(r3, 0x0, 0x1098c7) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x44) 34.676625702s ago: executing program 33 (id=2756): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r0, 0x0, 0x3, 0x20000000) write$auto(r0, 0x0, 0xfffffde9) shutdown$auto(0x200000003, 0x2) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xca, 0x0, 0x1ff) write$auto(0xffffffffffffffff, 0x0, 0x1) ioctl$auto_SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x3e, 0x7, 0x0, 0x1, 0x1) r2 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4020009, 0xb2, 0xeb1, r2, 0x100000000) unshare$auto(0x40000080) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) write$auto(r3, 0x0, 0x1098c7) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x44) 8.420637143s ago: executing program 5 (id=2897): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event1\x00', 0x22040, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_KVM_GET_VCPU_MMAP_SIZE(r0, 0x4008ae90, 0x0) setns(r2, 0x8000000) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x8, 0x3, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x20005, 0xdf, 0xeb1, r0, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x1000000003b, 0xb9f, 0x4, 0x5, 0x7) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x22242, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x101001, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x161843, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) mmap$auto(0x0, 0xffff, 0x3, 0xeb1, r2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/mtd/mtd0/mtd0/nvmem\x00', 0x1000, 0x0) sysfs$auto(0x2, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/force_release\x00', 0xc2082, 0x0) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) 6.645411066s ago: executing program 5 (id=2906): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0xc) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYBLOB="01"], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) 6.345931709s ago: executing program 3 (id=2908): mmap$auto(0x3, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ptyzf\x00', 0x1a3200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000200), r1) r3 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) kcmp$auto(0x0, 0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)={0x38, r3, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x1020}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) io_uring_setup$auto(0xd365, &(0x7f0000000000)={0x0, 0x10002, 0x7f, 0x5, 0x6, 0x5, 0xffffffffffffffff, [0xd2, 0xfffffffc], {0x2, 0x4, 0x6, 0x2, 0x400, 0x0, 0x7, 0x5, 0x80000000}, {0x7, 0x20d, 0xfffffff8, 0x18, 0x6b, 0x9, 0x0, 0xfffffffa, 0xb1}}) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0xfffffffffffffffd, 0x6d3e, 0x7, 0x2, 0x8]}, 0x0) capset$auto(0x0, 0x0) select$auto(0x9, &(0x7f0000000180)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x1, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8f, 0x9, 0x8001]}, 0x0, &(0x7f0000000100)={[0x8000000000000001, 0x5, 0x1, 0x10001, 0xe, 0xf, 0x5, 0x3, 0x59fc8000, 0x200006, 0x8000000000000000, 0x3, 0x800, 0x7, 0x1ff, 0x5]}, &(0x7f0000000280)={0x6, 0xc8}) select$auto(0x5, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) close_range$auto(0x0, 0xfffffffffffff000, 0x2) sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080) 5.623868847s ago: executing program 5 (id=2910): unshare$auto(0x40000080) futex$auto(0x0, 0x85, 0x104, 0x0, 0x0, 0x7fffffff) getrandom$auto(&(0x7f0000000140)='/dev/loop-control\x00', 0x3, 0x7f) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0xc0502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)) prctl$auto_PR_GET_SPECULATION_CTRL(0x34, 0x10, 0xffffffffffffffff, 0x8000, 0x8acb) write$auto(0xffffffffffffffff, 0x0, 0x7) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x20400, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f00000012c0)={{@raw=0x3, 0x1, 0x6d2e99e8, 0x6, "0582a820061b5c51a65a6dd72b0b15addbdf55cb4b0f2381f2673e3a1ebe21e1bf1b26f0db7b62b67bd764f9"}, 0x0, @integer64=@value_ptr=0x0, "528d458095d42b72adda0cac2d45bdaacfc82245992af763188bf00ab57d5d73b094925aa92857fd2f672f85343275f80841c6ca41e93023ab4510269ed959a79a789527276d90375018fc08050559d8936b8d72087a5689d4338da78b8b8bdcea8188ca43202fb78dacb3fea1258074885c899d75cd52751f9be959d90fa5c2"}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0x980, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x80040, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x80000000, 0x5f, 0x80000001, 0x7, 0x6d3f, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ppoll$auto(&(0x7f0000000040)={r0, 0x3, 0x2}, 0x2f9638f3, &(0x7f0000000080)={0x66e2, 0x512d}, &(0x7f0000000100)={0x3ff}, 0x8) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8, 0x3, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x3]}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffc54, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4810}, 0x800) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/damon_reclaim/parameters/enabled\x00', 0x1eb842, 0x0) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x80080, 0x0) 5.300666472s ago: executing program 3 (id=2911): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/lru_gen\x00', 0x56640, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x11a001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x100000001ff, 0x7, 0x3, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x5, 0x62, 0x80000001, 0x5, 0x5, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) readahead$auto(r2, 0x4, 0x4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0x4, 0x300000000000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) sysfs$auto(0x5, 0x100000074e, 0x0) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) 4.378759138s ago: executing program 0 (id=2913): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_net_shaper(0x0, 0xffffffffffffffff) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c804}, 0x14) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) timerfd_create$auto(0x9, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000040)=""/49, 0x31) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(0xffffffffffffffff, 0xc1004111, &(0x7f0000000000)={0x8, [0x2, 0xffffffff, 0x80000000], [{0x80, 0x2, 0x1, 0x1, 0x1}, {0x8000, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x5, 0x6, 0x0, 0x1, 0x1}, {0x95, 0x400, 0x1, 0x1, 0x1, 0x1}, {0x1, 0x0, 0x0, 0x0, 0x1}, {0x9, 0xfffffffe, 0x1, 0x1}, {0x1, 0xc1f, 0x1, 0x0, 0x1}, {0x2, 0xfe, 0x1, 0x0, 0x0, 0x1}, {0x3ff, 0x1, 0x0, 0x1, 0x1}, {0xc12, 0x5, 0x1, 0x0, 0x1}, {0x7ff, 0x4d3c, 0x0, 0x0, 0x1}, {0x2, 0x9, 0x1, 0x1, 0x1}], 0x7f, 0xfff, 0x3, 0x3, 0x6, 0x9, 0x80000000, "64b91cc75e50f9bfb73422d302bb9262ca4383f3137e87364ff62cfa69013312b39e05e3bb4c990e99e06e310552976c2f5b0732887c3a8873bae9024b524de3"}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) readv$auto(r0, &(0x7f00000001c0)={&(0x7f0000000100)="6044bb67f5459d8e4e1e504b25452ef3e83b0b52c8f49e50044485180830a1ed51282827b917476d5ad380335434bdb1c564508879b5e5d57f2e26b641f809355a93e70dbfaf2f0b63d20cbc16247dc38b5b9a471f4ae0e2e7ba7d1b81eb247c8f12d9dc892059ba5533480195d2cf6ae62b01db81c6a987ae4049f3c8a3792bfa2ffd7fe02e4488d3f8cb44073a7975173dbeb67b1bbce6f6dbdd6b06f4236720ac56b65894942276743116", 0x4}, 0x3) r2 = ioctl$auto_SIOCGIFHWADDR2(0xffffffffffffffff, 0x8927, 0x0) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/023/001\x00', 0x201, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x27111}, 0x8) ioctl$auto(r2, 0x9, r3) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x2, 0x9, 0x2, 0x6]}, 0x0) close_range$auto(0x2, 0xa, 0x0) 4.194681781s ago: executing program 5 (id=2914): r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) r1 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x21, 0x3, 0x9) ioctl$auto_USB_RAW_IOCTL_EVENT_FETCH(r0, 0x80085502, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/events/vmalloc/enable\x00', 0x80, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xf, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x5, 0xd, 0x1, 0x56c, 0x3, 0x15f4da0a, 0x3, 0x10, 0x62, 0x8000001f, 0x4, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0xc, 0xffffffffffffff7f, 0xee2, 0xfffffffffffffffe, r1, 0x8000000000000000) unshare$auto(0x40000080) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mount$auto(0x0, &(0x7f0000001500)='./file0\x00', &(0x7f0000001540)='cifs\x00', 0x8002, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) 3.79040399s ago: executing program 3 (id=2915): syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/binder/parameters/stop_on_user_error\x00', 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffffff, 0x0, 0x0) pwrite64$auto(0xffffffffffffffff, 0x0, 0x10, 0x6) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x5400, 0x0) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/usb/drivers/usbtouchscreen/new_id\x00', 0xbce02, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000700) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x1, 0x0) getsockopt$auto(r0, 0x6, 0xa, &(0x7f00000000c0)='$\xfe\x88\xc8\x91\x8bo\xc6#\x93\x91^\x01<\xc81\xc0\x80\xd6\xdb>i\xa6\x91R\x7f\x00B\x93H9\x19\xd6x\xb1\xb7\xd3\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000040)=0xaa) socket(0x80000000000000a, 0x2, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x6, 0x7) socket(0x2, 0x5, 0x6) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) 3.485975857s ago: executing program 2 (id=2916): openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x8) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0x0, 0x19, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rpc/use-gss-proxy\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000000)=""/220, 0xdc) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) mount$auto(&(0x7f0000000180)='pimreg0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='#\x00', 0x5, &(0x7f0000000240)='<') ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r3 = socket(0x18, 0x5, 0x1) connect$auto(r3, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) getpid() openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) write$auto(0x3, 0x0, 0xb4d3) 3.161774624s ago: executing program 0 (id=2918): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/bond_slave_1/disable_policy\x00', 0x202, 0x0) sendfile$auto(r3, r2, 0x0, 0x48) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r4, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0009, 0x13) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'tunl0\x00'}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r5 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r5, 0x43403d05, 0x0) madvise$auto(0x0, 0x53, 0x9) 2.953821076s ago: executing program 2 (id=2919): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r0, 0x0, 0x3, 0x20000000) write$auto(r0, 0x0, 0xfffffde9) shutdown$auto(0x200000003, 0x2) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xca, 0x0, 0x1ff) write$auto(0xffffffffffffffff, 0x0, 0x1) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x1098c7) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x44) 2.613104021s ago: executing program 2 (id=2920): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0xc) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYBLOB="01"], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) 2.38000128s ago: executing program 5 (id=2921): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r2, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000006900)={&(0x7f0000006980)=ANY=[@ANYBLOB="36c29976", @ANYRES16=r3, @ANYBLOB="010029bd7000ffdbdf250300000038121c8084100580801000802400048008000200070000000c00030005000000000000000400050004000500040005004700010015498343c724307734086992dc1e25a2a9103e4bf48686438120218fc18eb8d92081607cef938d982b98b2ffabb3d4697d0e992a1ea9d3b471e918ae07e413f97503f800040004800800048004000500041001001fb5becd41368ab779a0b29218e67556fc4604877ebfcbd398c11fb77c35a8bf6e74ddc9b04a9138098aecf779ea7e3d541edf3023425cada97c0dc587c6fa47716dd359907f0a162a0b886614c1a7e9546da002cc83e2ed566b0379129f985c460fbbf435e700a4b5580b8a56632571928f8f21f4d11364a0ef75b476ff3956f1c7da142f79c10a4876ffcc63f2d86a0e69b888fc4f296dee02ad8557cdbfb9f0235a183eca304867b40759629cbc72b1502c43b99766ba6d68b0c0ab3c3f028eac0d0571801e5df2a1d739c243a58bf16cfb3859743e905b7ba869f46438f8ae3034bf72d5e80c5484943de2b70c62ef38e5219cc8006f282faca545419374470f9a70397a1f81bc4623e08269594bbebf9b08b81b87ccaebf876dcaf1fa4562e3163b353cb8ff91dba36cfd929ec300388d9224fe45abcc42e157398da0642301b14d590dd9a490eeb4555c64ae48caedffd84b246834f69dfa63f173ce93ba2775a6f4aba2492fe9d62fcae89dab6719935a28c2d614d93e984df4b3a292e0e5d6754a30e52d52b951092a4df3b6abb5c8b74740d551a77c41d02f0ea667e8acb61eac844c20151dac7c08ae95aed291d11cd81365501d3fb0120e11566f94afe38fb008e05536f93364d00a43b8f486bd9aeed50d5a38947982f5f700f06aa7d6783f30abda22a3c9948a274bfae36f6a66c3229520089d65cbddde93a28dd2a72e93bc6c0d9b98f49c9d771f73b1d4dcb6c06829b15422f0c596401ba563a88ded070e2a05a79c8070085502fb3ca34fc767ff2d3b490bb9a6abc3019eefaa4bd9f345f6b94d597166754c5f95140dc5fa9ce51a7cc3257885d074c7cdfd88bb400fd6dbe2d4a830134967cacad9beaff366bf7e3b0a4fa0526473a70c1f44e343a5b9fadf9fc536113772f0f7b0bf16f9b7a7dd8eaa5f7fd9cf259565247f0e58375156005c30e25691d7f8fbd489af83a18f71a38b1996be1ca10bdcbe8d850603d9b81ba828c907753483e9ff23d1d861c36d8045acadaa640a61357fcf9aed13afdf56d13861dd74ce620e592230d3c8699e9adccf2920614ae13c1e3e88a830f36bfcd40ff7c767995044f2ba1661c5f977d9754c58a0d9dd7aad1fbfd94d36dfc61c532c5cb3093ccc0c125ee0e762469f8680500675d4404db12b7062c19c4f0c81c0de489b5eb725f1d7d4cbe7a1f4b51fe8faffb6a709c0a7a4ae7efe75bc66d6c2e705fbee29c0858d9891735c97a28aa15c16fa0444ac2caeeffae42f1fbf0f17adbc9ee40236a844add60741eb64c722811c6f9fd7d614f9620d6f07914b6e7d5eb5dc3d7d6d5f5323575a7c9f864d9d5793d4ca606ab3234930a32e44d8a08d624861a6b94c72f551e7adc8daee91594175bdba18c663ced5991c0846f1c03a96b5d8f858c10dea4886e12ee90186d2130891eb1b354abb1040dd571589b4b7884b31cff7f8b3cdef5a61bc9644883c852106d9be09e5f4d649c669a64fadd3a9b129ab1c956e33dd5ac7224439feb0ccae51aa092c36b4e8d720170d20c22a49e5919d203b312096d625e4316f141f26a9257af159b3c47e025fa40d0150b7dd969d2ec67c727b81653f679f6ebbf8b3ad9c3b0acf232d1b869982879c4a2722cc1e4f0740e9d0feb661e45c5b081ad0546761e6a025529086ca4d38a4b22193e792bbfe6ceb22be5ca954210d0f93f5e38550054b6ae80e64673158815af6cd6adc3b942b4371d33d9662ac80e3ef2eb4acd44ec66cb6d8948d67c3ba8e578f52ac30ab107723e5ce51c4e6d59b20ba7085fd8dbde58cf9a0bd3385e95db6b56a9a68e3160ad36a93e26dc8b915cd4e4767d3dbd3b74052f55e3a74b1edb1068c973a5ca70809c6aeab8ad627955a815315330c51153dcdcb6e77029b0a3712a9231f0c188659e5bb9f89b6a8fd91536a47db7e5d596fa93f0719502e442417ee11bfcb364c6ddadfc8581ce7779d107d6f7aa8739c3254ce9b1e2dbbc1e75566b6d80817e1820e02e8df220e1c9b2d98a15e9db86c5a32bf52b0f1de1be7636cb21e87d777fa1e7828be02578cac204a8e9c7ca6119aa0bdd165bbf7d0f799f0d2ae118bd9037982c1fed3e223b60cc86f21e8c1d9336cb76cb521bc9791abcd99af0bf70a198de0d678cc8bdc0f74fef28407bf09d93054d5e20f5452fad596ae036bec1109e4541d5cb9d287b5498934fad3963a53030dc2264668467716afee211f4dc8082800be3829050b2e26c447b001c076dda2e2b7f17c96612b0f594b6ef5193c5dc3affa5778896e1e40a3953e5557d39799c312b4126a6086dd85393ed3322a48ca0afb9e5dd96ac9461dc7cfc8b02a23b7a1486ea8c9bb204e39298b1017a67a8c1cf1e0582c6b8d95a611c0053eccc9592e1af600e4386680be35c29acfd9033058a4842006fe429188e6a4783a9bf5fd7d1c36c0530f6a42be785419ef2192ffe02470d376f084a4352cdc7e34b9f4891304499b1e0946832b187762d191d7e9cd9cc9112ad768e5132f804f304a9ba0572d0e1c7eac6ff606baf0f0f2e1c836d9a9f7f01fe748dd5ae7b34ed6d51f6e4c8575de14c8552026c4c82516080d919a706fa62958742cc2843ce88c04a19cb66781f2b75d9a81d3f4f2c078e35bacf3a69dc717b61c9c9557d82bdaa636fe80e37f41d63f2388da0b79555f2b3d2b7b30db6d2837aecd455814118a737d3d2845704f4b8a7156dd582477d0b9f0d2622b1f963d243c73646d35dd25547446fa94f47b63637e37b9c61ed88c97b185f9b8d09ffd768cd1c79ab31ff33e82423872f4b2642a1530a248b1dac5a776d5c5d6381e38f01fe8b23921c7b52175619bfe522c945e45ea5a0d35f35fb7c7f772f32657b8b936de258ab52fcf2bc4973c7d8da82d113bd59831b658c62b6913c9162f66a92bcdba85a33796028c8285083f65eec0168039af09f83e27d94fa22f4a595702cbd51d8f48ad8aff4a74c5fd50922b3eba0341c6718f34f3a59181722e330ccfc7d1997357fbb1c95213b082d6b6f119118bb24a98c2c53de48b8b1bdd9c51c88c89acbcd4de108fb32f4beda27743b4a04e5ebc677862da939c7dfc616e765b79b1359d8e5ae4eeae5cd38954a7b6f8693496bfd2624f1a83182440510d7de981a321ccf81b75ab23317598adcb3bff8454110a056ee64a3b088c3ed6d0cd1d2e7033f872106205e95f171e347f02d9583f59113e49386e30ad92537b577e9822f3ecfc1b1374bf2911f61168f30b8f1e3af513e8248409d25c1d3bc09e93a66fa2c4bb3caaf1f4bc28e730ffd78375136e8c32d9bc26b8958c62aa7912dcdf44bbb6668c872df81c6362a679e57860484f003506ab7e1bd7344261c761bc03a7a0167047c1c07e8e46e9af814ab2b93fbdd8536448ee939188ed5a79c6d5d962efe69afde6999a5d52d71090bcb11a1eacb07185f9f5199d44c9bb5c48a09b28cc10e3f84f04677c3052e57d5426d3f5fa852a8f4ed3c8495a4f79261bbf6d1405c9ee97fe3df651819907bf93e4bd0c0a7d2d454e7ba0e84eada5731bf373ae529a6a1f17f959c77931d2ae261b588e844e8c1deae11cf6bbc1433ecabd2715cca3c7471b6f8de376a72647f7bbe11659adb21af39f0b71ae0aaee207f1811cef018fc70717c38b14948f307302bebca0450c6d1670996a92eebe691e0f7395fc20c554a171472df72761fca5a73a242f15c39b7fe6e4c013d655cdd09e319727758beb367aaadf6e70bfef6f8fce3e7c3848279f88ebe8a10f00dfe8f4dd87f9437b8bfa4b7b1517902cc06887ec5a9b9eef923c0e72e9ff82226ae8bf7cef3b3cf91e0ff8408e62421a4d88875b9f6a9382722d42aaf8fea280198a23eda48f6ddc26411825dbfadd25301735d1f9c74f61b15d3b2181dc9d77a4115c7047b9c6520b55dd2fcf343c4f1cb7cf93c10c0e01e282f28cf54575924024819409c322dce701d88f78c94416ebf4c2275bac8c75299636f3a507b7f933c5e13d853725a5ce8f9ec33de647b87a1d0775d62dfa07fead5253cc18526b5ffd90312ff098b81dd01c59f882b0223e6cf768b2ee0d5e0e8d10a2f5c04aa3b97a3dc92e102b30d60f3f0ff5b6253e49d960bc6b8d3a5daf6f3f4c06fcaa315e8315fe71023875f318934414cfd10fd7625e084b132b1c37b1b3e10777c10a3f9c47cca710012a77bf342bd64ba5fb08e24908cbf07143a49c2acf74d0c4097b0a8c2efcb6dbda4433acd0f1e2ad24cbcb4462aa7ce3d12514d4aaaec95457ec06f197c0df614d484af7987458ed2e33552b7a1cf72a4c4b016e7a7399ef9998bd52f860d2ef0751e7e96ebc472af3e666f7778f8eedb12bbac921eac8436b31ab61d72c259a2473678d88743f0f768c1782ee4702646bf349308712ea8cbad36d90b5c770971a1ff70719cdfdeb01927a561fb67d7cb6a2feec1215bac6eeedfb930d3556b5547a7e1af3199de6929a745c5323dbc34624761bb1beff6508463a5b7cac6d1d0265c733cb609b8cdaa56042d29fb70fa58c64b1fed6028d3a2ee7d6f3046cd980bea9f9e1d82fd9beafe7d66cfcbdd49caa5ea4f43faca173cba614e02f407b5c791e460a3ee590b3780ad8cbab34ff0379cc1f947201e28d0cbfa9cc5beef86ecc7090eac13ff614bf73f24b335fcff38a57bce197f67a5816f3d11bb558f0485b4441fcddb6b33c211f19f263f35462349492e26d5fc8437e09539c06fd6b14f243e0a51cc7ed7482677c5a9e7c864b81ae890e6412b6b387e887c9a70e5470c0d17800bb4e39a971a30151c2d5717a9c1183fc5e43902b25130f5fe2d85a64b77a8e64dc59d0b1e3b022efb9c1cbdfebb071c0fbd09619577bb1e18b488091d5c239589805b8df254db031aaa7751bb0b71bffe4b307ebd8359271c2376f2c75a8bea9808725cca6254f89e211cae70dce4cefa123d29238ecb0057d28eeaaabea6e99ab64ebea4c2c62806e6a9e2bccb96a4d07e816ee378e094acee3a9f31b0d1033634310baef6bc7f5e0870a2f1f7f519861834935b1073f9a5c348a46b3be82932d3cf1823a60fb9d0b269b94e58614b5cca1bf2f47ad4e15a93fce9995e06583c41b84930fc26cfe19e9ce9028c7ed8f6f701ed97a74ff3d3affcacf957946fd675240ea08b362a4c1d15aa0722f4cec99aae7d167c49c6123b1ddc36285804044883676921d8b9feed089851e819b782c1fc4025c44874f1454e53e477838e6ff0a472331da69f8e4efb474db064a4b4325c08b4db60377a142c19512b7d1e9fdcfb599662e5448ef3fed112a62bad364467613c73a3385df9766446627c2658c87b56c069440d4e0406e1220c79c2c99116c3224a7a90fee8b6c04f3ff85cbe993c3bb4f7961a801dd893557cd0be736f17e3fa2c65ecc61b907c9d919612ac73a41f91d88733b5830d135a457b3c13fceb0bd294f412bde878315b32c91529b5d55383a1f79f949a8424865b474d784a7a89153b88fc7ec11589b01b9b1aece6585de4d6dbf329c09f35426525addf3e1aa57dddace18fdb219b5e4b32c29a24de709f180b6ff5578141158f467ee9f0cccb580e5b9929c59e47cc8ff27b8401a934769d99f26cc9a9f66ecd0879df8b5becf0cb9a41006396075455306059a7dce312f4e08c54d13bd5da696b32f2c8efbdaad768e372049a3a58bb8c6972d34f859c4ea29ec46aa7752f5d7e8bd3523a10de8b876cb1d61d143d55a1f343252f0927fd5d853b663a71dbb0fff6a7ff07f9cf1e1eb23e07009ffde16778c6fb0010580380100808000048008000200f7f7ffff08000200ffffffff640001805c0001801c000c8005000b000b000000050001000000000005000a00010000000c00120000000000000000000c000f000c000000000000000c000e0000000000000000000800040000010000060014002b0000000600020009000000040001800400050004000500b3000100adcb04a58b3c2f134a15760485188573b1cab1d6ed2698c24fdf710d4b3aa02e3d7206d8e192d58f52ccb69d864b538b8c63b8931a461b0050253fe028240d8b51489a8d52d59f5088bc258b350f375c597e492406740eed2730170fcc3f336f8984bdd9509765de2517c0b82b11ee8c84f1bfcf02152e5664f172dd6025ddb37ce75221e11f3db64fbf6953ac9b5f7bf14ccddc2e65070aa3eecd7a88c038f6ae9bc539ca6b583f997fcbb21becf70074000080480004800c000300090000000000000004000500080002000400000008000200280600000c00040000000000000000000c00030001000000000000000c000400080000000000000028000480040005000c00040002000000000000000c00030007000000000000000800020001000000"], 0x124c}, 0x1, 0x0, 0x0, 0x20000041}, 0x800) mmap$auto(0xfffffffffffffffd, 0x2020009, 0x8000000003, 0xeb4, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) prctl$auto(0x3f, 0x7ff, 0x0, 0x5, 0x5) rename$auto(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='./file0/file0\x00') io_uring_setup$auto(0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) 2.115236194s ago: executing program 0 (id=2922): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/pci0000:00/0000:00:03.0/rescan\x00', 0xa901, 0x0) socket(0x10, 0x2, 0x0) userfaultfd$auto(0xfffffffe) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r1 = socket(0x2, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, 0x0, 0x22000, 0x0) socket(0x2, 0x1, 0x106) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(0x3, 0x81) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) close_range$auto(0x2, 0x8000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000) socket(0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x6, 0x6, 0x4004004c) connect$auto(0x5, 0x0, 0x9) write$auto(r0, &(0x7f0000000440)='7\x00\xf6\xf0\xef\xe4s\x95\xf2\x00\x97S\xb9O\xac\xbe\xd6\\J<\x02YK\xd6M\xe6\xe7\xa0\xb8\xc3[\x01\xc5\xe8|\xb0\xb0\x80\xbf\xa5?=i\x88UB\x1d\x8e\xd3\xc2\x949\xb6\xfb\x006\x02\x9c\x83\x14\x13\x99\xc7\xb4)M\xed\tN $\xd4\x90^?J\x92\x9a?\xf8b\x03\xd8\xdd\x84\xdf\x92\xf0\xcd\xd8\xbap\x15\x80\x9eo,\xc8\xf2\x82\xd2\x88\xbeL\xa0\x9b\x86_\xf0?\f<\xf3t7\xb6\x0f\x93\xc79@\xd8x\x9e\xef!\x006\b\xdbWB\x84\xdd\xac\xdau\x86g\x8f\x02@O7\x0f\xf8\x8d(\x9c\xf2NyD\x7f3\x14\x9eg\x86%)\xd6\b\xcd\x1f\x03\x00:\xa6\x83\'\xf4\xf2\x9dd\xf4z\x89\xc5D\xc4\x02\\\x81\xcf\x02Ep\xf6`\xde*\x1dV\x94R+\x94s\x84\xa4\xd4M\xa9\xea\\Vt\xde\xedS\xf8?\x91\xef\xb3 4^\xc9DO\x88Er\xb5\x82b\x8f\xfcd\xe3\x81\xf6\xe4\x16\xe1\x15\xaf\xf2q\xc41\xf5-\xcc\xcfj\x94\xce\xc2>\t=\xe5\"a\xde\x18\xd8\xe8', 0x4) 2.114780824s ago: executing program 3 (id=2923): mmap$auto(0x3, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ptyzf\x00', 0x1a3200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000200), r1) r3 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) kcmp$auto(0x0, 0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)={0x38, r3, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x1020}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) io_uring_setup$auto(0xd365, &(0x7f0000000000)={0x0, 0x10002, 0x7f, 0x5, 0x6, 0x5, 0xffffffffffffffff, [0xd2, 0xfffffffc], {0x2, 0x4, 0x6, 0x2, 0x400, 0x0, 0x7, 0x5, 0x80000000}, {0x7, 0x20d, 0xfffffff8, 0x18, 0x6b, 0x9, 0x0, 0xfffffffa, 0xb1}}) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0xfffffffffffffffd, 0x6d3e, 0x7, 0x2, 0x8]}, 0x0) capset$auto(0x0, 0x0) select$auto(0x9, &(0x7f0000000180)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x1, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8f, 0x9, 0x8001]}, 0x0, &(0x7f0000000100)={[0x8000000000000001, 0x5, 0x1, 0x10001, 0xe, 0xf, 0x5, 0x3, 0x59fc8000, 0x200006, 0x8000000000000000, 0x3, 0x800, 0x7, 0x1ff, 0x5]}, &(0x7f0000000280)={0x6, 0xc8}) select$auto(0x5, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) close_range$auto(0x0, 0xfffffffffffff000, 0x2) sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080) 1.256241911s ago: executing program 5 (id=2924): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) modify_ldt$auto(0x1, 0x0, 0x10) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) sendfile$auto(r3, r3, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) madvise$auto(0x0, 0x200007, 0x19) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) close_range$auto(0x2, 0x8, 0x0) 1.255764661s ago: executing program 2 (id=2925): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x3) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2000c, 0x7ff, 0xeb1, 0x401, 0x8000) mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xfffe, 0x3, 0x3) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mmap$auto(0xfffffffffffffffd, 0x400008, 0x3, 0x20009b7f, 0xc, 0x800008000) io_uring_setup$auto(0x1, 0x0) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_GINFO(r2, 0xc0f85403, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = open(0x0, 0x1652c2, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r3, 0x0) bpf$auto(0x12, &(0x7f0000000040)=@bpf_attr_7={@prog_id=0x100000, 0xf0, 0xd1, r3}, 0x80) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40602, 0x0) read$auto(r4, 0x0, 0x7ff) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) write$auto(0x3, 0x0, 0x5c8) write$auto(0x3, 0x0, 0x5c8) 1.255148303s ago: executing program 0 (id=2933): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0) r0 = socket(0x1b, 0x3, 0x76) madvise$auto(0x0, 0x2000040080000004, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x3, 0x400008, 0x3, 0x8000000000000011, r4, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r5 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), r0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[@ANYRESDEC=r1, @ANYBLOB="7e5a999322dcea1636da6970e84c42ec96a38586d50cf6599cd838edc2ed879dcfba767c2db982d07ac41217bcb51a278077826b443ef2458acf7304b9c384064d2975b127daebd77fcfbb8ed1f0ca84d20140a29cd720a17966780620609bb7ffb64b5548ece51a3781c2c33617e11323b9ce2d2ea935cc9fbeac3c4c72d49914619d90ee87ed117339e5489fd4b8707ca316df05880aee58670a10eeeface64c86502e1b1253e0211ee098a37056a3f8c760792be34db788c685f079c6c33ef518", @ANYRESHEX=r5, @ANYRES64=0x0, @ANYRES8=r3, @ANYRES8=r0], 0x1ac}}, 0x24048871) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)=ANY=[], 0xf5c}, 0x1, 0x0, 0x0, 0x4044055}, 0x20008811) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0xf240, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x50}, 0x80000}, 0x10c, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HWSIM_CMD_GET_RADIO(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24044845}, 0x10) bpf$auto(0x7, &(0x7f0000000280)=@bpf_attr_7={@prog_id=0xffffffff, 0x8, 0x4, r2}, 0x90) socket(0x10, 0x5, 0x4) 1.182186043s ago: executing program 3 (id=2926): openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, &(0x7f00000002c0), 0x8040, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) unshare$auto(0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r0) sendmsg$auto_TIPC_NL_NET_SET(r0, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000ffdbdf250f0000000c00078008000200", @ANYRES32=0xee00, @ANYBLOB="d56e417a"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) r2 = setfsuid$auto(0xee01) keyctl$auto(0x1d, 0xffffffffffffffff, r2, 0x0, 0x6) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xc2481, 0x0) write$auto(r3, 0x0, 0x81) msgctl$auto_IPC_RMID(0xdda7, 0x0, 0x0) sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x10) r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto(r4, 0x4004556e, 0x1f) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x0, &(0x7f0000000380)=@task_fd_query={0x12, 0x3, 0x4, 0x88, 0x8, 0xae85, 0x66b, 0x4, 0x7ff}, 0x6f4) r5 = open(&(0x7f00000000c0)='./cgroup\x00', 0x200102, 0xb5d1af1605322df2) execve$auto(&(0x7f0000000080)='./cgroup\x00', &(0x7f0000000180)=&(0x7f0000000100)='/sys/devices/platform/vhci_hcd.15/usb40/40-0:1.0/usb40-port3/power/autosuspend_delay_ms\x00', &(0x7f0000000240)=&(0x7f00000001c0)='/sys/devices/platform/vhci_hcd.15/usb40/40-0:1.0/usb40-port3/power/autosuspend_delay_ms\x00') fcntl$auto_F_SETPIPE_SZ(r5, 0x407, 0x772be235) socket(0x28, 0x5, 0x0) 1.05798346s ago: executing program 2 (id=2927): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r0, 0x0, 0x3, 0x20000000) write$auto(r0, 0x0, 0xfffffde9) shutdown$auto(0x200000003, 0x2) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xca, 0x0, 0x1ff) write$auto(0xffffffffffffffff, 0x0, 0x1) ioctl$auto_SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x3e, 0x7, 0x0, 0x1, 0x1) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) mmap$auto(0x0, 0x4020009, 0xb2, 0xeb1, 0xffffffffffffffff, 0x100000000) unshare$auto(0x40000080) write$auto(0xffffffffffffffff, 0x0, 0x1098c7) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) 179.67059ms ago: executing program 0 (id=2928): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x9, 0xffffffffffffffff, 0xffffffff}, 0xd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf33236e, 0x0, 0x0, 0xfffffffffffffffd, 0x20000000000000d4, 0x1, 0x6, 0x0, 0x7, 0x368a, 0x4, {0x100000000, 0x10000}, 0x7, 0x1, 0xfffffffffffffffa, 0x1007fff, 0x0, 0x8, 0xfff, 0xdfffffffffff628e, 0x6, 0x6, 0x808}) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x129001, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) r2 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/bluetooth/hci5/rfkill30/type\x00', 0x40100, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000003680)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_NEW_KEY(r5, &(0x7f00000048c0)={0x0, 0x0, &(0x7f0000004880)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7000fddbdf250b00000008000300", @ANYRES32=r6, @ANYBLOB="04000a"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x890) poll$auto(&(0x7f0000000040)={r2, 0x1000, 0x1c9}, 0x2, 0x7) bpf$auto(0xe, &(0x7f0000000700)=@bpf_attr_1={0xffffffffffffffff, 0x6, @next_key=0x6, 0x10004}, 0x24) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) setsockopt$auto(r0, 0x0, 0x4, &(0x7f0000000280)='/proc/fso\xe6\x1e)l\xcd\xa1}ats\x00:ZV\xe7\x94\x03~\xccM\x90\xf5\xf6d\xd9!\xfa\xdb\xd5Mr\xd7\x9b%8\x96\x88\x16\xff\xab\x8d\xcb\xbf\x13/.;t\xd1J\xdb', 0x8) getrandom$auto(0x0, 0x6000000, 0x3) madvise$auto(0x110c230000, 0x1, 0x9) r7 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) futex$auto(0x0, 0xf, 0xffffffff, 0x0, 0x0, 0x4) read$auto_proc_iter_file_ops_compat_inode(r7, &(0x7f00000007c0)=""/153, 0x99) 28.129759ms ago: executing program 2 (id=2929): syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/binder/parameters/stop_on_user_error\x00', 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffffff, 0x0, 0x0) pwrite64$auto(0xffffffffffffffff, 0x0, 0x10, 0x6) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x5400, 0x0) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/usb/drivers/usbtouchscreen/new_id\x00', 0xbce02, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000700) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x1, 0x0) getsockopt$auto(r0, 0x6, 0xa, &(0x7f00000000c0)='$\xfe\x88\xc8\x91\x8bo\xc6#\x93\x91^\x01<\xc81\xc0\x80\xd6\xdb>i\xa6\x91R\x7f\x00B\x93H9\x19\xd6x\xb1\xb7\xd3\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000040)=0xaa) socket(0x80000000000000a, 0x2, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x6, 0x7) socket(0x2, 0x5, 0x6) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) 27.891954ms ago: executing program 3 (id=2930): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) futex_wake$auto(&(0x7f0000000040)="b37a6be4c34a2666976b1a481793f568dc046f7257", 0xffffffffffff8001, 0x4, 0x4) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xfdef) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/topology/die_cpus_list\x00', 0x8304, 0x0) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0xc) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYBLOB="01"], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) 0s ago: executing program 0 (id=2931): r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket(0x1e, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa) mlockall$auto(0x5) mmap$auto(0x2, 0x40000a, 0x2bb, 0x14, 0x2, 0x1) r4 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/status\x00', 0x40000, 0x0) read$auto_proc_single_file_operations_base(r4, &(0x7f0000000040)=""/58, 0x3a) syz_genetlink_get_family_id$auto_nlbl_mgmt(0x0, r3) sendmsg$auto_NLBL_MGMT_C_REMOVE(r1, 0x0, 0x4000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd8/queue/iosched/async_depth\x00', 0x40800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) ioctl$auto(0xffffffffffffffff, 0x400454c9, r0) kernel console output (not intermixed with test programs): ec/sshd-session /bin/sh /root/syz-executor /root/syz-executor tmpfs:/newroot/405/file0' not defined. [ 409.474004][T11402] ERROR: Out of memory at tomoyo_memory_ok. [ 410.277437][T11409] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1640'. [ 411.588121][T11443] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1649'. [ 412.921289][ T30] audit: type=1804 audit(4294967307.930:8): pid=11464 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1655" name="/newroot/399/file0" dev="tmpfs" ino=2134 res=1 errno=0 [ 413.804065][T11485] FAULT_INJECTION: forcing a failure. [ 413.804065][T11485] name failslab, interval 1, probability 0, space 0, times 0 [ 413.883797][T11485] CPU: 0 UID: 0 PID: 11485 Comm: syz.0.1661 Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 413.883841][T11485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 413.883849][T11485] Call Trace: [ 413.883855][T11485] [ 413.883861][T11485] dump_stack_lvl+0x16c/0x1f0 [ 413.883887][T11485] should_fail_ex+0x512/0x640 [ 413.883907][T11485] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 413.883927][T11485] should_failslab+0xc2/0x120 [ 413.883940][T11485] __kmalloc_cache_noprof+0x6a/0x3e0 [ 413.883958][T11485] ? seq_create_client1+0x4d/0x5e0 [ 413.883973][T11485] ? __pfx_snd_seq_open+0x10/0x10 [ 413.883986][T11485] seq_create_client1+0x4d/0x5e0 [ 413.884002][T11485] ? __pfx_snd_seq_open+0x10/0x10 [ 413.884014][T11485] snd_seq_open+0x59/0x550 [ 413.884028][T11485] ? __pfx_snd_seq_open+0x10/0x10 [ 413.884040][T11485] snd_open+0x1fe/0x450 [ 413.884053][T11485] ? __pfx_snd_open+0x10/0x10 [ 413.884065][T11485] chrdev_open+0x231/0x6a0 [ 413.884085][T11485] ? __pfx_apparmor_file_open+0x10/0x10 [ 413.884103][T11485] ? __pfx_chrdev_open+0x10/0x10 [ 413.884124][T11485] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 413.884145][T11485] do_dentry_open+0x744/0x1c10 [ 413.884164][T11485] ? __pfx_chrdev_open+0x10/0x10 [ 413.884188][T11485] vfs_open+0x82/0x3f0 [ 413.884205][T11485] path_openat+0x1de4/0x2cb0 [ 413.884230][T11485] ? __pfx_path_openat+0x10/0x10 [ 413.884249][T11485] ? __lock_acquire+0xb8a/0x1c90 [ 413.884269][T11485] do_filp_open+0x20b/0x470 [ 413.884288][T11485] ? __pfx_do_filp_open+0x10/0x10 [ 413.884320][T11485] ? alloc_fd+0x471/0x7d0 [ 413.884343][T11485] do_sys_openat2+0x11b/0x1d0 [ 413.884357][T11485] ? __pfx_do_sys_openat2+0x10/0x10 [ 413.884379][T11485] __x64_sys_openat+0x174/0x210 [ 413.884395][T11485] ? __pfx___x64_sys_openat+0x10/0x10 [ 413.884417][T11485] do_syscall_64+0xcd/0x490 [ 413.884431][T11485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.884453][T11485] RIP: 0033:0x7fede678e929 [ 413.884466][T11485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.884481][T11485] RSP: 002b:00007fede7607038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 413.884496][T11485] RAX: ffffffffffffffda RBX: 00007fede69b6080 RCX: 00007fede678e929 [ 413.884506][T11485] RDX: 0000000000040a40 RSI: 0000200000001d40 RDI: ffffffffffffff9c [ 413.884516][T11485] RBP: 00007fede6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 413.884525][T11485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 413.884533][T11485] R13: 0000000000000000 R14: 00007fede69b6080 R15: 00007fff860b8f28 [ 413.884552][T11485] [ 417.398430][T11501] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1668'. [ 417.444971][T11500] ima: policy update failed [ 417.451828][ T30] audit: type=1802 audit(4294967312.460:9): pid=11500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1668" res=0 errno=0 [ 420.744114][T11553] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1681'. [ 422.095903][T11584] size and base must be multiples of 4 kiB [ 422.101730][T11584] CPU: 0 UID: 0 PID: 11584 Comm: syz.1.1690 Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 422.101752][T11584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 422.101760][T11584] Call Trace: [ 422.101766][T11584] [ 422.101771][T11584] dump_stack_lvl+0x16c/0x1f0 [ 422.101798][T11584] mtrr_add+0xdf/0x110 [ 422.101816][T11584] mtrr_ioctl+0x7ef/0xcf0 [ 422.101835][T11584] ? __pfx_mtrr_ioctl+0x10/0x10 [ 422.101856][T11584] ? find_held_lock+0x2b/0x80 [ 422.101874][T11584] ? __fget_files+0x20e/0x3c0 [ 422.101893][T11584] ? __pfx_mtrr_ioctl+0x10/0x10 [ 422.101909][T11584] proc_reg_unlocked_ioctl+0x226/0x320 [ 422.101932][T11584] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 422.101953][T11584] __x64_sys_ioctl+0x18b/0x210 [ 422.101970][T11584] do_syscall_64+0xcd/0x490 [ 422.101985][T11584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.101999][T11584] RIP: 0033:0x7f391c18e929 [ 422.102011][T11584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 422.102024][T11584] RSP: 002b:00007f391d015038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 422.102037][T11584] RAX: ffffffffffffffda RBX: 00007f391c3b6160 RCX: 00007f391c18e929 [ 422.102046][T11584] RDX: 0000000000000003 RSI: 00000000400c4d01 RDI: 0000000000000003 [ 422.102054][T11584] RBP: 00007f391c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 422.102062][T11584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 422.102069][T11584] R13: 0000000000000000 R14: 00007f391c3b6160 R15: 00007ffc56687618 [ 422.102087][T11584] [ 423.211555][T11598] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1693'. [ 423.232534][T11597] FAULT_INJECTION: forcing a failure. [ 423.232534][T11597] name failslab, interval 1, probability 0, space 0, times 0 [ 423.315222][T11597] CPU: 0 UID: 0 PID: 11597 Comm: syz.0.1695 Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 423.315246][T11597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 423.315255][T11597] Call Trace: [ 423.315260][T11597] [ 423.315266][T11597] dump_stack_lvl+0x16c/0x1f0 [ 423.315293][T11597] should_fail_ex+0x512/0x640 [ 423.315312][T11597] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 423.315335][T11597] should_failslab+0xc2/0x120 [ 423.315349][T11597] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 423.315369][T11597] ? seq_open+0x55/0x170 [ 423.315386][T11597] ? __pfx_sync_info_debugfs_show+0x10/0x10 [ 423.315406][T11597] seq_open+0x55/0x170 [ 423.315419][T11597] ? __pfx_sync_info_debugfs_show+0x10/0x10 [ 423.315438][T11597] single_open+0xfc/0x1f0 [ 423.315457][T11597] ? __pfx_sync_info_debugfs_open+0x10/0x10 [ 423.315477][T11597] open_proxy_open+0x272/0x3e0 [ 423.315495][T11597] do_dentry_open+0x744/0x1c10 [ 423.315517][T11597] ? __pfx_open_proxy_open+0x10/0x10 [ 423.315534][T11597] vfs_open+0x82/0x3f0 [ 423.315552][T11597] path_openat+0x1de4/0x2cb0 [ 423.315576][T11597] ? __pfx_path_openat+0x10/0x10 [ 423.315596][T11597] ? __lock_acquire+0xb8a/0x1c90 [ 423.315616][T11597] do_filp_open+0x20b/0x470 [ 423.315635][T11597] ? __pfx_do_filp_open+0x10/0x10 [ 423.315667][T11597] ? alloc_fd+0x471/0x7d0 [ 423.315690][T11597] do_sys_openat2+0x11b/0x1d0 [ 423.315704][T11597] ? __pfx_do_sys_openat2+0x10/0x10 [ 423.315726][T11597] __x64_sys_openat+0x174/0x210 [ 423.315741][T11597] ? __pfx___x64_sys_openat+0x10/0x10 [ 423.315763][T11597] do_syscall_64+0xcd/0x490 [ 423.315778][T11597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.315792][T11597] RIP: 0033:0x7fede678e929 [ 423.315804][T11597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.315817][T11597] RSP: 002b:00007fede7628038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 423.315831][T11597] RAX: ffffffffffffffda RBX: 00007fede69b5fa0 RCX: 00007fede678e929 [ 423.315840][T11597] RDX: 0000000000040000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 423.315850][T11597] RBP: 00007fede6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 423.315858][T11597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.315866][T11597] R13: 0000000000000000 R14: 00007fede69b5fa0 R15: 00007fff860b8f28 [ 423.315885][T11597] [ 423.964805][T11605] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1697'. [ 424.018501][T11604] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 424.028771][T11606] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1697'. [ 425.018175][T11628] Setting dangerous option i915.mitigations - tainting kernel [ 425.531165][ T30] audit: type=1800 audit(4294967320.540:10): pid=11637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1707" name="ram7" dev="tmpfs" ino=1416 res=0 errno=0 [ 426.724621][T11655] ima: policy update failed [ 426.759526][ T30] audit: type=1802 audit(4294967321.760:11): pid=11655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1711" res=0 errno=0 [ 426.777607][T11655] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1711'. [ 427.526104][T11666] bridge0: port 2(dummy0) entered blocking state [ 427.532608][T11666] bridge0: port 2(dummy0) entered disabled state [ 427.563101][T11666] dummy0: entered allmulticast mode [ 427.606028][T11666] dummy0: entered promiscuous mode [ 427.627102][T11666] bridge0: port 2(dummy0) entered blocking state [ 427.633568][T11666] bridge0: port 2(dummy0) entered forwarding state [ 429.175596][T11689] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1722'. [ 431.361142][T11725] random: crng reseeded on system resumption [ 435.262178][T11760] netlink: 4724 bytes leftover after parsing attributes in process `syz.0.1742'. [ 435.467080][T11737] ovs_: entered promiscuous mode [ 435.513542][T11761] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1743'. [ 436.043689][T11769] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1746'. [ 436.304002][T11772] hsr_slave_0 (unregistering): hsr_addr_subst_dest: Unknown node [ 436.311945][T11772] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 436.489963][T11776] ima: policy update failed [ 436.510216][ T30] audit: type=1802 audit(4294967331.520:12): pid=11776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1748" res=0 errno=0 [ 437.014791][T11769] hsr_slave_0 (unregistering): left promiscuous mode [ 438.500149][T11798] ima: policy update failed [ 438.554709][ T30] audit: type=1802 audit(4294967333.570:13): pid=11798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1754" res=0 errno=0 [ 438.639566][T11798] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1754'. [ 438.790281][T11806] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1756'. [ 438.912026][T11803] could not allocate digest TFM handle [ 439.108260][T11806] macsec0: entered promiscuous mode [ 439.146458][T11806] macsec0: entered allmulticast mode [ 439.154253][T11806] veth1_macvtap: entered allmulticast mode [ 439.758302][T11829] netlink: 326 bytes leftover after parsing attributes in process `syz.3.1763'. [ 439.955696][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.962007][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.091555][T11880] zswap: compressor 000 not available [ 443.615163][T11898] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1782'. [ 444.027986][T11907] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1785'. [ 446.585252][T11933] futex_wake_op: syz.3.1789 tries to shift op by -9; fix this program [ 447.060522][ T30] audit: type=1800 audit(4294967342.070:14): pid=11934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1790" name="SYSV00000014" dev="hugetlbfs" ino=0 res=0 errno=0 [ 447.477309][T11947] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input12 [ 450.110922][ T30] audit: type=1804 audit(4294967345.120:15): pid=11971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1797" name="file0" dev="tmpfs" ino=2630 res=1 errno=0 [ 450.955840][T11978] FAULT_INJECTION: forcing a failure. [ 450.955840][T11978] name failslab, interval 1, probability 0, space 0, times 0 [ 451.054836][T11978] CPU: 0 UID: 0 PID: 11978 Comm: syz.1.1799 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 451.054863][T11978] Tainted: [U]=USER [ 451.054869][T11978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 451.054878][T11978] Call Trace: [ 451.054883][T11978] [ 451.054889][T11978] dump_stack_lvl+0x16c/0x1f0 [ 451.054918][T11978] should_fail_ex+0x512/0x640 [ 451.054940][T11978] should_failslab+0xc2/0x120 [ 451.054955][T11978] __kmalloc_cache_noprof+0x6a/0x3e0 [ 451.054974][T11978] ? cfmuxl_create+0x40/0x210 [ 451.054996][T11978] ? __pfx_caif_init_net+0x10/0x10 [ 451.055016][T11978] cfmuxl_create+0x40/0x210 [ 451.055037][T11978] cfcnfg_create+0x78/0x500 [ 451.055056][T11978] ? debug_mutex_init+0x37/0x70 [ 451.055069][T11978] ? __pfx_caif_init_net+0x10/0x10 [ 451.055087][T11978] caif_init_net+0x7d/0xe0 [ 451.055106][T11978] ops_init+0x1e2/0x5f0 [ 451.055123][T11978] setup_net+0x1ff/0x510 [ 451.055135][T11978] ? lockdep_init_map_type+0x5c/0x280 [ 451.055153][T11978] ? __pfx_setup_net+0x10/0x10 [ 451.055168][T11978] ? debug_mutex_init+0x37/0x70 [ 451.055184][T11978] copy_net_ns+0x2a6/0x5f0 [ 451.055201][T11978] create_new_namespaces+0x3ea/0xa90 [ 451.055221][T11978] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 451.055237][T11978] ksys_unshare+0x45b/0xa40 [ 451.055256][T11978] ? __pfx_ksys_unshare+0x10/0x10 [ 451.055273][T11978] ? xfd_validate_state+0x61/0x180 [ 451.055296][T11978] __x64_sys_unshare+0x31/0x40 [ 451.055313][T11978] do_syscall_64+0xcd/0x490 [ 451.055327][T11978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.055341][T11978] RIP: 0033:0x7f391c18e929 [ 451.055353][T11978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.055366][T11978] RSP: 002b:00007f391d036038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 451.055380][T11978] RAX: ffffffffffffffda RBX: 00007f391c3b6080 RCX: 00007f391c18e929 [ 451.055389][T11978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 451.055397][T11978] RBP: 00007f391c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 451.055405][T11978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.055413][T11978] R13: 0000000000000000 R14: 00007f391c3b6080 R15: 00007ffc56687618 [ 451.055430][T11978] [ 451.629448][ T51] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 451.629471][ T51] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 451.644942][ T51] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 451.644962][ T51] Bluetooth: hci0: adv larger than maximum supported [ 451.652031][ T51] Bluetooth: hci0: adv larger than maximum supported [ 451.658829][ T51] Bluetooth: hci0: Malformed LE Event: 0x0d [ 452.106944][T11993] ERROR: Out of memory at tomoyo_memory_ok. [ 452.627814][T12002] netlink: 'syz.1.1805': attribute type 1 has an invalid length. [ 453.025738][T12010] FAULT_INJECTION: forcing a failure. [ 453.025738][T12010] name failslab, interval 1, probability 0, space 0, times 0 [ 453.085536][T12010] CPU: 0 UID: 0 PID: 12010 Comm: syz.1.1808 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 453.085563][T12010] Tainted: [U]=USER [ 453.085568][T12010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 453.085577][T12010] Call Trace: [ 453.085582][T12010] [ 453.085588][T12010] dump_stack_lvl+0x16c/0x1f0 [ 453.085615][T12010] should_fail_ex+0x512/0x640 [ 453.085634][T12010] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 453.085658][T12010] should_failslab+0xc2/0x120 [ 453.085673][T12010] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 453.085693][T12010] ? __pmd_alloc+0xbf/0x930 [ 453.085710][T12010] __pmd_alloc+0xbf/0x930 [ 453.085723][T12010] ? find_held_lock+0x2b/0x80 [ 453.085738][T12010] __handle_mm_fault+0xaac/0x5490 [ 453.085761][T12010] ? __pfx___handle_mm_fault+0x10/0x10 [ 453.085777][T12010] ? __pfx_mt_find+0x10/0x10 [ 453.085801][T12010] ? find_vma+0xbf/0x140 [ 453.085814][T12010] ? __pfx_find_vma+0x10/0x10 [ 453.085830][T12010] handle_mm_fault+0x589/0xd10 [ 453.085849][T12010] ? __pkru_allows_pkey+0x41/0xb0 [ 453.085868][T12010] do_user_addr_fault+0x7a6/0x1370 [ 453.085888][T12010] ? rcu_is_watching+0x12/0xc0 [ 453.085904][T12010] exc_page_fault+0x5c/0xb0 [ 453.085924][T12010] asm_exc_page_fault+0x26/0x30 [ 453.085937][T12010] RIP: 0010:strncpy_from_user+0x147/0x2e0 [ 453.085955][T12010] Code: 00 00 4d 89 74 1d 00 48 83 ed 08 bf 07 00 00 00 48 83 c3 08 48 89 ee e8 07 59 b1 fc 48 83 fd 07 76 22 e8 8c 5d b1 fc 45 31 ff <49> 8b 04 1c 31 ff 44 89 fe 49 89 c6 e8 b8 58 b1 fc 45 85 ff 0f 84 [ 453.085969][T12010] RSP: 0018:ffffc90002e77ea8 EFLAGS: 00050246 [ 453.085981][T12010] RAX: 0000000000000025 RBX: 0000000000000000 RCX: ffffc9000bbc9000 [ 453.085991][T12010] RDX: 0000000000080000 RSI: ffffffff850a2b04 RDI: 0000000000000007 [ 453.086000][T12010] RBP: 00000000000000fa R08: 0000000000000007 R09: 0000000000000007 [ 453.086008][T12010] R10: 00000000000000fa R11: 0000000000000000 R12: 0000000000000000 [ 453.086015][T12010] R13: ffff888035cd5c06 R14: 00000000000000fa R15: 0000000000000000 [ 453.086030][T12010] ? strncpy_from_user+0x144/0x2e0 [ 453.086049][T12010] ? strncpy_from_user+0x144/0x2e0 [ 453.086069][T12010] __do_sys_memfd_create+0x1b2/0x8a0 [ 453.086086][T12010] do_syscall_64+0xcd/0x490 [ 453.086100][T12010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.086114][T12010] RIP: 0033:0x7f391c18e929 [ 453.086125][T12010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.086137][T12010] RSP: 002b:00007f391d057038 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 453.086149][T12010] RAX: ffffffffffffffda RBX: 00007f391c3b5fa0 RCX: 00007f391c18e929 [ 453.086158][T12010] RDX: 0000000000000000 RSI: 000000000000000e RDI: 0000000000000000 [ 453.086166][T12010] RBP: 00007f391c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 453.086174][T12010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.086181][T12010] R13: 0000000000000000 R14: 00007f391c3b5fa0 R15: 00007ffc56687618 [ 453.086199][T12010] [ 453.935144][T12016] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1810'. [ 458.168328][T12072] random: crng reseeded on system resumption [ 458.507524][T12078] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1827'. [ 459.496402][T12098] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1835'. [ 459.580285][T12100] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1835'. [ 459.933162][T12103] sysfs_service_op_show: Client not running :-5: [ 460.663314][T12108] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1837'. [ 461.373931][T12114] Invalid ELF header magic: != ELF [ 463.107636][ T5156] Bluetooth: hci1: unexpected event 0x3d length: 726 > 14 [ 463.664581][T12137] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1844'. [ 463.761338][T12137] netlink: 'syz.0.1844': attribute type 1 has an invalid length. [ 463.806421][T12137] netlink: 'syz.0.1844': attribute type 6 has an invalid length. [ 464.178971][ T30] audit: type=1804 audit(4294967359.190:16): pid=12150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1848" name="/newroot/sys/kernel/debug/tracing/buffer_percent" dev="tracefs" ino=1167 res=1 errno=0 [ 464.567643][T12161] ima: policy update failed [ 464.591446][ T30] audit: type=1802 audit(4294967359.600:17): pid=12161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1851" res=0 errno=0 [ 464.614321][T12161] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1851'. [ 464.904877][T12164] FAULT_INJECTION: forcing a failure. [ 464.904877][T12164] name failslab, interval 1, probability 0, space 0, times 0 [ 464.979357][T12164] CPU: 0 UID: 0 PID: 12164 Comm: syz.1.1852 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 464.979383][T12164] Tainted: [U]=USER [ 464.979388][T12164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 464.979397][T12164] Call Trace: [ 464.979403][T12164] [ 464.979409][T12164] dump_stack_lvl+0x16c/0x1f0 [ 464.979435][T12164] should_fail_ex+0x512/0x640 [ 464.979455][T12164] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 464.979476][T12164] should_failslab+0xc2/0x120 [ 464.979491][T12164] __kmalloc_cache_noprof+0x6a/0x3e0 [ 464.979508][T12164] ? lockdep_init_map_type+0x5c/0x280 [ 464.979526][T12164] ? zs_create_pool+0x4d2/0xb80 [ 464.979543][T12164] zs_create_pool+0x4d2/0xb80 [ 464.979560][T12164] ? __pfx_zs_create_pool+0x10/0x10 [ 464.979576][T12164] ? disksize_store+0x117/0x670 [ 464.979592][T12164] ? __vmalloc_node_noprof+0xad/0xf0 [ 464.979609][T12164] ? disksize_store+0x117/0x670 [ 464.979627][T12164] disksize_store+0x174/0x670 [ 464.979646][T12164] ? __pfx_disksize_store+0x10/0x10 [ 464.979662][T12164] dev_attr_store+0x55/0x80 [ 464.979676][T12164] ? __pfx_dev_attr_store+0x10/0x10 [ 464.979688][T12164] sysfs_kf_write+0xef/0x150 [ 464.979707][T12164] kernfs_fop_write_iter+0x354/0x510 [ 464.979720][T12164] ? __pfx_sysfs_kf_write+0x10/0x10 [ 464.979738][T12164] vfs_write+0x6c7/0x1150 [ 464.979758][T12164] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 464.979773][T12164] ? __pfx___mutex_lock+0x10/0x10 [ 464.979786][T12164] ? __pfx_vfs_write+0x10/0x10 [ 464.979818][T12164] ksys_write+0x12a/0x250 [ 464.979836][T12164] ? __pfx_ksys_write+0x10/0x10 [ 464.979860][T12164] do_syscall_64+0xcd/0x490 [ 464.979874][T12164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.979888][T12164] RIP: 0033:0x7f391c18e929 [ 464.979900][T12164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.979913][T12164] RSP: 002b:00007f391d057038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 464.979926][T12164] RAX: ffffffffffffffda RBX: 00007f391c3b5fa0 RCX: 00007f391c18e929 [ 464.979935][T12164] RDX: 0000000000000001 RSI: 0000200000000ec0 RDI: 0000000000000004 [ 464.979944][T12164] RBP: 00007f391c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 464.979952][T12164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.979960][T12164] R13: 0000000000000000 R14: 00007f391c3b5fa0 R15: 00007ffc56687618 [ 464.979979][T12164] [ 465.268287][T12159] Invalid ELF header magic: != ELF [ 465.957705][T12177] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1856'. [ 466.170251][T12177] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1856'. [ 467.050986][T12142] netlink: 'syz.3.1845': attribute type 10 has an invalid length. [ 467.139051][T12142] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1845'. [ 467.321767][T12142] team0: Port device team_slave_1 removed [ 467.923825][T12199] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1861'. [ 468.814163][T12223] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1867'. [ 470.402511][T12237] ERROR: Out of memory at tomoyo_memory_ok. [ 472.439761][T12266] FAULT_INJECTION: forcing a failure. [ 472.439761][T12266] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 472.544341][T12266] CPU: 0 UID: 0 PID: 12266 Comm: syz.0.1879 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 472.544379][T12266] Tainted: [U]=USER [ 472.544384][T12266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 472.544393][T12266] Call Trace: [ 472.544398][T12266] [ 472.544403][T12266] dump_stack_lvl+0x16c/0x1f0 [ 472.544431][T12266] should_fail_ex+0x512/0x640 [ 472.544456][T12266] should_fail_alloc_page+0xe7/0x130 [ 472.544471][T12266] prepare_alloc_pages+0x3c2/0x610 [ 472.544488][T12266] ? rcu_is_watching+0x12/0xc0 [ 472.544505][T12266] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 472.544529][T12266] ? rcu_is_watching+0x12/0xc0 [ 472.544542][T12266] ? trace_mm_page_alloc+0x11f/0x1a0 [ 472.544557][T12266] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 472.544577][T12266] ? stack_trace_save+0x8e/0xc0 [ 472.544594][T12266] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 472.544621][T12266] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 472.544640][T12266] ? __get_vm_area_node+0x1ca/0x330 [ 472.544655][T12266] ? __vmalloc_node_noprof+0xad/0xf0 [ 472.544670][T12266] ? pcpu_mem_zalloc+0x54/0xb0 [ 472.544684][T12266] ? pcpu_create_chunk+0x432/0x730 [ 472.544700][T12266] ? pcpu_alloc_noprof+0x11e3/0x1470 [ 472.544717][T12266] ? bpf_map_alloc_percpu+0x9a/0x4b0 [ 472.544735][T12266] ? htab_map_alloc+0x10ca/0x1570 [ 472.544753][T12266] ? map_create+0x58f/0x1db0 [ 472.544778][T12266] alloc_pages_bulk_noprof+0x71c/0x1410 [ 472.544797][T12266] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 472.544818][T12266] ? policy_nodemask+0xea/0x4e0 [ 472.544841][T12266] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 472.544869][T12266] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 472.544892][T12266] kasan_populate_vmalloc+0xf1/0x1f0 [ 472.544916][T12266] alloc_vmap_area+0x959/0x29c0 [ 472.544940][T12266] ? __pfx_alloc_vmap_area+0x10/0x10 [ 472.544961][T12266] __get_vm_area_node+0x1ca/0x330 [ 472.544982][T12266] __vmalloc_node_range_noprof+0x271/0x14b0 [ 472.545000][T12266] ? pcpu_mem_zalloc+0x54/0xb0 [ 472.545021][T12266] ? pcpu_mem_zalloc+0x54/0xb0 [ 472.545042][T12266] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 472.545065][T12266] ? pcpu_mem_zalloc+0x54/0xb0 [ 472.545080][T12266] __vmalloc_node_noprof+0xad/0xf0 [ 472.545096][T12266] ? pcpu_mem_zalloc+0x54/0xb0 [ 472.545114][T12266] pcpu_mem_zalloc+0x54/0xb0 [ 472.545130][T12266] pcpu_create_chunk+0x432/0x730 [ 472.545150][T12266] pcpu_alloc_noprof+0x11e3/0x1470 [ 472.545176][T12266] bpf_map_alloc_percpu+0x9a/0x4b0 [ 472.545197][T12266] htab_map_alloc+0x10ca/0x1570 [ 472.545221][T12266] ? ns_capable+0xd7/0x110 [ 472.545237][T12266] map_create+0x58f/0x1db0 [ 472.545262][T12266] ? __pfx_map_create+0x10/0x10 [ 472.545279][T12266] ? __might_fault+0xe3/0x190 [ 472.545297][T12266] ? __might_fault+0xe3/0x190 [ 472.545314][T12266] ? __might_fault+0x13b/0x190 [ 472.545340][T12266] __sys_bpf+0x47cc/0x4d80 [ 472.545371][T12266] ? __pfx___sys_bpf+0x10/0x10 [ 472.545392][T12266] ? do_writev+0x218/0x340 [ 472.545414][T12266] ? do_futex+0x122/0x350 [ 472.545430][T12266] ? __pfx_do_futex+0x10/0x10 [ 472.545453][T12266] ? fput+0x70/0xf0 [ 472.545467][T12266] ? xfd_validate_state+0x61/0x180 [ 472.545483][T12266] ? __pfx_do_writev+0x10/0x10 [ 472.545504][T12266] __x64_sys_bpf+0x78/0xc0 [ 472.545516][T12266] ? lockdep_hardirqs_on+0x7c/0x110 [ 472.545536][T12266] do_syscall_64+0xcd/0x490 [ 472.545551][T12266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.545565][T12266] RIP: 0033:0x7fede678e929 [ 472.545578][T12266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.545591][T12266] RSP: 002b:00007fede7628038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 472.545605][T12266] RAX: ffffffffffffffda RBX: 00007fede69b5fa0 RCX: 00007fede678e929 [ 472.545616][T12266] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000 [ 472.545624][T12266] RBP: 00007fede6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 472.545633][T12266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 472.545641][T12266] R13: 0000000000000000 R14: 00007fede69b5fa0 R15: 00007fff860b8f28 [ 472.545660][T12266] [ 473.439004][T12274] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1881'. [ 473.748180][T12277] FAULT_INJECTION: forcing a failure. [ 473.748180][T12277] name failslab, interval 1, probability 0, space 0, times 0 [ 473.775366][T12277] CPU: 0 UID: 0 PID: 12277 Comm: syz.0.1882 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 473.775392][T12277] Tainted: [U]=USER [ 473.775397][T12277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 473.775405][T12277] Call Trace: [ 473.775410][T12277] [ 473.775416][T12277] dump_stack_lvl+0x16c/0x1f0 [ 473.775450][T12277] should_fail_ex+0x512/0x640 [ 473.775476][T12277] ? __kmalloc_noprof+0xbf/0x510 [ 473.775499][T12277] ? constrain_params_by_rules+0x175/0xca0 [ 473.775515][T12277] should_failslab+0xc2/0x120 [ 473.775530][T12277] __kmalloc_noprof+0xd2/0x510 [ 473.775553][T12277] constrain_params_by_rules+0x175/0xca0 [ 473.775570][T12277] ? do_raw_spin_lock+0x12c/0x2b0 [ 473.775595][T12277] ? mark_held_locks+0x49/0x80 [ 473.775611][T12277] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 473.775627][T12277] ? lockdep_hardirqs_on+0x7c/0x110 [ 473.775658][T12277] ? snd_pcm_oss_change_params_locked+0x92b/0x3a30 [ 473.775675][T12277] ? snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 473.775690][T12277] ? snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 473.775704][T12277] ? __x64_sys_ioctl+0x18b/0x210 [ 473.775719][T12277] ? do_syscall_64+0xcd/0x490 [ 473.775730][T12277] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.775743][T12277] ? snd_interval_refine+0x2fa/0x580 [ 473.775765][T12277] snd_pcm_hw_refine+0x7de/0xad0 [ 473.775784][T12277] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 473.775812][T12277] snd_pcm_hw_param_last+0x32d/0x710 [ 473.775831][T12277] snd_pcm_hw_param_near.constprop.0+0x570/0x8e0 [ 473.775851][T12277] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 473.775873][T12277] snd_pcm_oss_change_params_locked+0x92b/0x3a30 [ 473.775898][T12277] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 473.775916][T12277] ? __pfx___mutex_lock+0x10/0x10 [ 473.775941][T12277] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 473.775960][T12277] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 473.775977][T12277] ? hook_file_ioctl_common+0x145/0x410 [ 473.775993][T12277] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 473.776011][T12277] ? __fget_files+0x20e/0x3c0 [ 473.776031][T12277] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 473.776048][T12277] __x64_sys_ioctl+0x18b/0x210 [ 473.776066][T12277] do_syscall_64+0xcd/0x490 [ 473.776079][T12277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.776093][T12277] RIP: 0033:0x7fede678e929 [ 473.776105][T12277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.776118][T12277] RSP: 002b:00007fede7607038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 473.776132][T12277] RAX: ffffffffffffffda RBX: 00007fede69b6080 RCX: 00007fede678e929 [ 473.776141][T12277] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000009 [ 473.776150][T12277] RBP: 00007fede6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 473.776158][T12277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 473.776166][T12277] R13: 0000000000000000 R14: 00007fede69b6080 R15: 00007fff860b8f28 [ 473.776185][T12277] [ 475.015205][T12296] netlink: 'syz.1.1888': attribute type 15 has an invalid length. [ 475.077484][T12296] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1888'. [ 475.201020][T12298] netlink: 'syz.1.1888': attribute type 15 has an invalid length. [ 475.304915][T12298] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1888'. [ 478.030217][ T30] audit: type=1326 audit(4294967373.040:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.2.1899" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7597f8e929 code=0x0 [ 478.134971][T12347] futex_wake_op: syz.1.1900 tries to shift op by -9; fix this program [ 478.746956][ T5156] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 480.175885][T12373] random: crng reseeded on system resumption [ 481.131391][T12387] Invalid ELF header magic: != ELF [ 483.005528][T12419] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1919'. [ 483.372730][T12425] random: crng reseeded on system resumption [ 485.012851][T12449] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1926'. [ 485.057250][T12449] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1926'. [ 485.847056][T12464] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1930'. [ 486.167645][T12467] can: request_module (can-proto-0) failed. [ 486.232991][T12473] netlink: zone id is out of range [ 486.257281][T12473] netlink: zone id is out of range [ 486.315294][T12473] netlink: zone id is out of range [ 486.399160][T12473] netlink: zone id is out of range [ 486.456777][T12473] netlink: zone id is out of range [ 486.537479][T12473] netlink: zone id is out of range [ 486.577454][T12473] netlink: zone id is out of range [ 486.629750][ T5156] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 486.686442][T12473] netlink: zone id is out of range [ 486.827249][T12473] netlink: zone id is out of range [ 486.927343][T12473] netlink: zone id is out of range [ 491.557941][T12545] kexec: Could not allocate control_code_buffer [ 492.068402][T12579] ERROR: Out of memory at tomoyo_memory_ok. [ 492.795660][T12599] FAULT_INJECTION: forcing a failure. [ 492.795660][T12599] name failslab, interval 1, probability 0, space 0, times 0 [ 492.924488][T12599] CPU: 0 UID: 0 PID: 12599 Comm: syz.1.1965 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 492.924514][T12599] Tainted: [U]=USER [ 492.924519][T12599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 492.924528][T12599] Call Trace: [ 492.924539][T12599] [ 492.924546][T12599] dump_stack_lvl+0x16c/0x1f0 [ 492.924572][T12599] should_fail_ex+0x512/0x640 [ 492.924592][T12599] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 492.924612][T12599] should_failslab+0xc2/0x120 [ 492.924625][T12599] __kmalloc_cache_noprof+0x6a/0x3e0 [ 492.924643][T12599] ? apply_subsystem_event_filter+0x323/0x17a0 [ 492.924664][T12599] apply_subsystem_event_filter+0x323/0x17a0 [ 492.924688][T12599] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 492.924709][T12599] ? _copy_from_user+0x59/0xd0 [ 492.924731][T12599] subsystem_filter_write+0x95/0x120 [ 492.924750][T12599] ? __pfx_subsystem_filter_write+0x10/0x10 [ 492.924766][T12599] vfs_write+0x29d/0x1150 [ 492.924787][T12599] ? __pfx___mutex_lock+0x10/0x10 [ 492.924800][T12599] ? __pfx_vfs_write+0x10/0x10 [ 492.924824][T12599] ? __fget_files+0x20e/0x3c0 [ 492.924847][T12599] ksys_write+0x12a/0x250 [ 492.924865][T12599] ? __pfx_ksys_write+0x10/0x10 [ 492.924889][T12599] do_syscall_64+0xcd/0x490 [ 492.924903][T12599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.924917][T12599] RIP: 0033:0x7f391c18e929 [ 492.924929][T12599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 492.924942][T12599] RSP: 002b:00007f391d036038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 492.924955][T12599] RAX: ffffffffffffffda RBX: 00007f391c3b6080 RCX: 00007f391c18e929 [ 492.924964][T12599] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006 [ 492.924972][T12599] RBP: 00007f391c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 492.924980][T12599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 492.924988][T12599] R13: 0000000000000000 R14: 00007f391c3b6080 R15: 00007ffc56687618 [ 492.925006][T12599] [ 493.321974][ T30] audit: type=1804 audit(4294967388.160:19): pid=12587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1963" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 495.345692][T12642] net_ratelimit: 77 callbacks suppressed [ 495.345705][T12642] netlink: zone id is out of range [ 495.434223][T12642] netlink: zone id is out of range [ 495.439350][T12642] netlink: zone id is out of range [ 495.583182][T12642] netlink: zone id is out of range [ 495.589740][T12642] netlink: zone id is out of range [ 495.638336][T12642] netlink: zone id is out of range [ 495.735191][T12642] netlink: zone id is out of range [ 495.840523][T12642] netlink: zone id is out of range [ 495.881584][T12640] blktrace: Concurrent blktraces are not allowed on ram7 [ 495.915127][T12642] netlink: zone id is out of range [ 495.920275][T12642] netlink: zone id is out of range [ 501.164190][T12736] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1996'. [ 501.395927][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.402209][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.747335][T12754] ERROR: Out of memory at tomoyo_memory_ok. [ 503.369219][T12769] ERROR: Out of memory at tomoyo_memory_ok. [ 503.457780][T12769] FAULT_INJECTION: forcing a failure. [ 503.457780][T12769] name fail_futex, interval 1, probability 0, space 0, times 0 [ 503.538342][T12769] CPU: 0 UID: 0 PID: 12769 Comm: syz.0.2003 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 503.538370][T12769] Tainted: [U]=USER [ 503.538375][T12769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 503.538383][T12769] Call Trace: [ 503.538389][T12769] [ 503.538394][T12769] dump_stack_lvl+0x16c/0x1f0 [ 503.538420][T12769] should_fail_ex+0x512/0x640 [ 503.538443][T12769] get_futex_key+0x1d0/0x1540 [ 503.538463][T12769] ? __pfx_get_futex_key+0x10/0x10 [ 503.538478][T12769] ? kasan_quarantine_put+0x10a/0x240 [ 503.538497][T12769] ? lockdep_hardirqs_on+0x7c/0x110 [ 503.538521][T12769] futex_wake+0xea/0x530 [ 503.538541][T12769] ? __pfx_futex_wake+0x10/0x10 [ 503.538563][T12769] ? ksys_write+0x190/0x250 [ 503.538581][T12769] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 503.538598][T12769] do_futex+0x1e3/0x350 [ 503.538614][T12769] ? __pfx_do_futex+0x10/0x10 [ 503.538635][T12769] __x64_sys_futex+0x1e0/0x4c0 [ 503.538653][T12769] ? fput+0x70/0xf0 [ 503.538664][T12769] ? __pfx___x64_sys_futex+0x10/0x10 [ 503.538679][T12769] ? ksys_write+0x1ac/0x250 [ 503.538697][T12769] ? __pfx_ksys_write+0x10/0x10 [ 503.538720][T12769] do_syscall_64+0xcd/0x490 [ 503.538734][T12769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.538748][T12769] RIP: 0033:0x7fede678e929 [ 503.538760][T12769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.538773][T12769] RSP: 002b:00007fede76280e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 503.538787][T12769] RAX: ffffffffffffffda RBX: 00007fede69b5fa8 RCX: 00007fede678e929 [ 503.538797][T12769] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fede69b5fac [ 503.538805][T12769] RBP: 00007fede69b5fa0 R08: 00007fede7629000 R09: 0000000000000000 [ 503.538813][T12769] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fede69b5fac [ 503.538822][T12769] R13: 0000000000000000 R14: 00007fff860b8e40 R15: 00007fff860b8f28 [ 503.538839][T12769] [ 504.344431][T12772] zswap: compressor not available [ 506.039948][T12808] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2012'. [ 506.357134][T12808] bridge_slave_0: left allmulticast mode [ 506.713770][T12808] bridge_slave_0: left promiscuous mode [ 506.801567][ T30] audit: type=1804 audit(4294967312.012:20): pid=12817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2013" name="/newroot/483/file0" dev="tmpfs" ino=2566 res=1 errno=0 [ 506.911881][ T30] audit: type=1800 audit(4294967312.032:21): pid=12817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2013" name="file0" dev="tmpfs" ino=2566 res=0 errno=0 [ 506.951641][T12808] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.095260][T12816] kexec: Could not allocate control_code_buffer [ 507.852354][T12836] FAULT_INJECTION: forcing a failure. [ 507.852354][T12836] name failslab, interval 1, probability 0, space 0, times 0 [ 507.875174][T12833] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2019'. [ 507.928323][T12836] CPU: 0 UID: 0 PID: 12836 Comm: syz.1.2018 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 507.928350][T12836] Tainted: [U]=USER [ 507.928355][T12836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 507.928363][T12836] Call Trace: [ 507.928368][T12836] [ 507.928374][T12836] dump_stack_lvl+0x16c/0x1f0 [ 507.928401][T12836] should_fail_ex+0x512/0x640 [ 507.928420][T12836] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 507.928440][T12836] should_failslab+0xc2/0x120 [ 507.928454][T12836] __kmalloc_cache_noprof+0x6a/0x3e0 [ 507.928472][T12836] ? percpu_ref_init+0xec/0x410 [ 507.928490][T12836] ? __pfx_io_ring_ctx_ref_free+0x10/0x10 [ 507.928513][T12836] percpu_ref_init+0xec/0x410 [ 507.928532][T12836] io_uring_setup+0x453/0x2080 [ 507.928551][T12836] ? __pfx_io_uring_setup+0x10/0x10 [ 507.928567][T12836] ? do_futex+0x122/0x350 [ 507.928583][T12836] ? __pfx_do_futex+0x10/0x10 [ 507.928599][T12836] ? fd_install+0x225/0x750 [ 507.928625][T12836] ? xfd_validate_state+0x61/0x180 [ 507.928641][T12836] ? __pfx_do_writev+0x10/0x10 [ 507.928662][T12836] __x64_sys_io_uring_setup+0xc2/0x170 [ 507.928681][T12836] do_syscall_64+0xcd/0x490 [ 507.928695][T12836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.928715][T12836] RIP: 0033:0x7f391c18e929 [ 507.928728][T12836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 507.928742][T12836] RSP: 002b:00007f391d057038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 507.928756][T12836] RAX: ffffffffffffffda RBX: 00007f391c3b5fa0 RCX: 00007f391c18e929 [ 507.928765][T12836] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000001 [ 507.928774][T12836] RBP: 00007f391c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 507.928782][T12836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 507.928790][T12836] R13: 0000000000000000 R14: 00007f391c3b5fa0 R15: 00007ffc56687618 [ 507.928807][T12836] [ 508.342284][T12840] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2019'. [ 508.525321][T12847] Invalid ELF header magic: != ELF [ 510.139772][T12864] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2025'. [ 510.319003][T12853] FAULT_INJECTION: forcing a failure. [ 510.319003][T12853] name failslab, interval 1, probability 0, space 0, times 0 [ 510.396596][T12853] CPU: 0 UID: 0 PID: 12853 Comm: syz.0.2023 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 510.396622][T12853] Tainted: [U]=USER [ 510.396627][T12853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 510.396636][T12853] Call Trace: [ 510.396641][T12853] [ 510.396647][T12853] dump_stack_lvl+0x16c/0x1f0 [ 510.396673][T12853] should_fail_ex+0x512/0x640 [ 510.396692][T12853] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 510.396715][T12853] should_failslab+0xc2/0x120 [ 510.396729][T12853] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 510.396749][T12853] ? ptlock_alloc+0x1f/0x70 [ 510.396769][T12853] ptlock_alloc+0x1f/0x70 [ 510.396793][T12853] pte_alloc_one+0x82/0x3a0 [ 510.396814][T12853] __pte_alloc+0x6d/0x3c0 [ 510.396828][T12853] ? __pfx___pte_alloc+0x10/0x10 [ 510.396840][T12853] ? __pfx___might_resched+0x10/0x10 [ 510.396855][T12853] ? copy_page_range+0x13f0/0x5740 [ 510.396875][T12853] copy_page_range+0x1aed/0x5740 [ 510.396899][T12853] ? __lock_acquire+0x622/0x1c90 [ 510.396931][T12853] ? __pfx_copy_page_range+0x10/0x10 [ 510.396953][T12853] ? __pfx___might_resched+0x10/0x10 [ 510.396966][T12853] ? __vma_enter_locked+0x163/0x3f0 [ 510.396986][T12853] ? dup_mmap+0xe38/0x21d0 [ 510.397001][T12853] ? down_write+0x14d/0x200 [ 510.397016][T12853] ? up_write+0x1b2/0x520 [ 510.397037][T12853] dup_mmap+0xe88/0x21d0 [ 510.397060][T12853] ? __pfx_dup_mmap+0x10/0x10 [ 510.397089][T12853] copy_process+0x4081/0x76a0 [ 510.397104][T12853] ? preempt_schedule_thunk+0x16/0x30 [ 510.397129][T12853] ? __pfx_copy_process+0x10/0x10 [ 510.397144][T12853] ? plist_check_head+0xa3/0x150 [ 510.397165][T12853] ? futex_private_hash_put+0xc7/0x240 [ 510.397184][T12853] kernel_clone+0xfc/0x960 [ 510.397199][T12853] ? __pfx_futex_wake+0x10/0x10 [ 510.397217][T12853] ? __pfx_kernel_clone+0x10/0x10 [ 510.397244][T12853] __do_sys_clone+0xce/0x120 [ 510.397260][T12853] ? __pfx___do_sys_clone+0x10/0x10 [ 510.397276][T12853] ? ksys_unshare+0x687/0xa40 [ 510.397300][T12853] ? xfd_validate_state+0x61/0x180 [ 510.397324][T12853] do_syscall_64+0xcd/0x490 [ 510.397338][T12853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.397352][T12853] RIP: 0033:0x7fede678e929 [ 510.397364][T12853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.397376][T12853] RSP: 002b:00007fede7627fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 510.397390][T12853] RAX: ffffffffffffffda RBX: 00007fede69b5fa0 RCX: 00007fede678e929 [ 510.397399][T12853] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 510.397408][T12853] RBP: 00007fede6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 510.397416][T12853] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 510.397424][T12853] R13: 0000000000000000 R14: 00007fede69b5fa0 R15: 00007fff860b8f28 [ 510.397443][T12853] [ 511.114007][T12870] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 515.314474][T12935] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2043'. [ 515.592319][ T5156] Bluetooth: hci2: unexpected event 0x10 length: 11 > 1 [ 515.593885][ T51] Bluetooth: hci2: hardware error 0x00 [ 515.722533][T12944] FAULT_INJECTION: forcing a failure. [ 515.722533][T12944] name failslab, interval 1, probability 0, space 0, times 0 [ 515.830425][T12944] CPU: 0 UID: 0 PID: 12944 Comm: syz.0.2045 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 515.830452][T12944] Tainted: [U]=USER [ 515.830456][T12944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 515.830465][T12944] Call Trace: [ 515.830470][T12944] [ 515.830476][T12944] dump_stack_lvl+0x16c/0x1f0 [ 515.830502][T12944] should_fail_ex+0x512/0x640 [ 515.830522][T12944] ? __kmalloc_noprof+0xbf/0x510 [ 515.830545][T12944] ? lsm_blob_alloc+0x68/0x90 [ 515.830564][T12944] should_failslab+0xc2/0x120 [ 515.830578][T12944] __kmalloc_noprof+0xd2/0x510 [ 515.830603][T12944] lsm_blob_alloc+0x68/0x90 [ 515.830623][T12944] security_sk_alloc+0x30/0x270 [ 515.830647][T12944] sk_prot_alloc+0x1c7/0x2a0 [ 515.830666][T12944] sk_alloc+0x36/0xc20 [ 515.830687][T12944] tap_open+0x2f0/0x1170 [ 515.830704][T12944] ? __pfx_tap_open+0x10/0x10 [ 515.830717][T12944] chrdev_open+0x231/0x6a0 [ 515.830737][T12944] ? __pfx_apparmor_file_open+0x10/0x10 [ 515.830754][T12944] ? __pfx_chrdev_open+0x10/0x10 [ 515.830775][T12944] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 515.830796][T12944] do_dentry_open+0x744/0x1c10 [ 515.830816][T12944] ? __pfx_chrdev_open+0x10/0x10 [ 515.830840][T12944] vfs_open+0x82/0x3f0 [ 515.830856][T12944] path_openat+0x1de4/0x2cb0 [ 515.830882][T12944] ? __pfx_path_openat+0x10/0x10 [ 515.830901][T12944] ? __lock_acquire+0xb8a/0x1c90 [ 515.830928][T12944] do_filp_open+0x20b/0x470 [ 515.830948][T12944] ? __pfx_do_filp_open+0x10/0x10 [ 515.830982][T12944] ? alloc_fd+0x471/0x7d0 [ 515.831005][T12944] do_sys_openat2+0x11b/0x1d0 [ 515.831021][T12944] ? __pfx_do_sys_openat2+0x10/0x10 [ 515.831044][T12944] __x64_sys_openat+0x174/0x210 [ 515.831061][T12944] ? __pfx___x64_sys_openat+0x10/0x10 [ 515.831084][T12944] do_syscall_64+0xcd/0x490 [ 515.831098][T12944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.831113][T12944] RIP: 0033:0x7fede678e929 [ 515.831125][T12944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 515.831139][T12944] RSP: 002b:00007fede7607038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 515.831153][T12944] RAX: ffffffffffffffda RBX: 00007fede69b6080 RCX: 00007fede678e929 [ 515.831162][T12944] RDX: 0000000000020000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 515.831170][T12944] RBP: 00007fede6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 515.831179][T12944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 515.831187][T12944] R13: 0000000000000000 R14: 00007fede69b6080 R15: 00007fff860b8f28 [ 515.831206][T12944] [ 516.088659][ C0] vkms_vblank_simulate: vblank timer overrun [ 517.636789][ T51] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 517.976480][ T30] audit: type=1804 audit(4294967323.172:22): pid=12962 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2049" name="/newroot/508/file0" dev="tmpfs" ino=2712 res=1 errno=0 [ 518.091445][T12961] tipc: Started in network mode [ 518.130870][T12961] tipc: Node identity ee00, cluster identity 4711 [ 518.182513][T12961] tipc: Node number set to 60928 [ 518.643647][T12972] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2053'. [ 519.356986][T12979] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input14 [ 519.697691][T12967] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[12967] [ 522.621430][T13031] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2066'. [ 522.966141][T13037] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 523.237649][T13043] HfR: entered promiscuous mode [ 523.292035][T13043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2069'. [ 523.333359][T13043] openvswitch: HfR: Dropping previously announced user features [ 525.388346][T13076] FAULT_INJECTION: forcing a failure. [ 525.388346][T13076] name failslab, interval 1, probability 0, space 0, times 0 [ 525.418426][ T51] Bluetooth: hci3: unexpected event 0x3d length: 726 > 14 [ 525.489248][T13076] CPU: 0 UID: 0 PID: 13076 Comm: syz.1.2076 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 525.489275][T13076] Tainted: [U]=USER [ 525.489281][T13076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 525.489289][T13076] Call Trace: [ 525.489294][T13076] [ 525.489300][T13076] dump_stack_lvl+0x16c/0x1f0 [ 525.489328][T13076] should_fail_ex+0x512/0x640 [ 525.489348][T13076] ? __kmalloc_noprof+0xbf/0x510 [ 525.489370][T13076] ? apply_wqattrs_prepare+0xf8/0xbd0 [ 525.489384][T13076] should_failslab+0xc2/0x120 [ 525.489398][T13076] __kmalloc_noprof+0xd2/0x510 [ 525.489422][T13076] apply_wqattrs_prepare+0xf8/0xbd0 [ 525.489444][T13076] workqueue_apply_unbound_cpumask+0x17e/0x4f0 [ 525.489461][T13076] ? __pfx_workqueue_apply_unbound_cpumask+0x10/0x10 [ 525.489476][T13076] ? bitmap_parse+0x327/0x410 [ 525.489494][T13076] cpumask_store+0x1ad/0x220 [ 525.489508][T13076] ? __pfx_cpumask_store+0x10/0x10 [ 525.489522][T13076] ? find_held_lock+0x2b/0x80 [ 525.489536][T13076] ? sysfs_file_kobj+0xe4/0x290 [ 525.489554][T13076] ? __pfx_cpumask_store+0x10/0x10 [ 525.489566][T13076] dev_attr_store+0x55/0x80 [ 525.489580][T13076] ? __pfx_dev_attr_store+0x10/0x10 [ 525.489593][T13076] sysfs_kf_write+0xef/0x150 [ 525.489610][T13076] kernfs_fop_write_iter+0x354/0x510 [ 525.489623][T13076] ? __pfx_sysfs_kf_write+0x10/0x10 [ 525.489642][T13076] vfs_write+0x6c7/0x1150 [ 525.489662][T13076] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 525.489678][T13076] ? __pfx___mutex_lock+0x10/0x10 [ 525.489691][T13076] ? __pfx_vfs_write+0x10/0x10 [ 525.489722][T13076] ksys_write+0x12a/0x250 [ 525.489740][T13076] ? __pfx_ksys_write+0x10/0x10 [ 525.489764][T13076] do_syscall_64+0xcd/0x490 [ 525.489779][T13076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.489793][T13076] RIP: 0033:0x7f391c18e929 [ 525.489804][T13076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 525.489817][T13076] RSP: 002b:00007f391d036038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 525.489830][T13076] RAX: ffffffffffffffda RBX: 00007f391c3b6080 RCX: 00007f391c18e929 [ 525.489840][T13076] RDX: 0000000000000005 RSI: 0000200000000180 RDI: 0000000000000004 [ 525.489848][T13076] RBP: 00007f391c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 525.489856][T13076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 525.489863][T13076] R13: 0000000000000000 R14: 00007f391c3b6080 R15: 00007ffc56687618 [ 525.489882][T13076] [ 528.536757][T13127] tipc: Started in network mode [ 528.632780][T13127] tipc: Node identity ee00, cluster identity 4711 [ 528.658067][T13127] tipc: Node number set to 60928 [ 528.902572][T13122] Process accounting resumed [ 529.478787][T13125] kexec: Could not allocate control_code_buffer [ 530.068389][T13155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2096'. [ 530.127893][T13157] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2096'. [ 530.204798][T13146] FAULT_INJECTION: forcing a failure. [ 530.204798][T13146] name failslab, interval 1, probability 0, space 0, times 0 [ 530.312366][T13146] CPU: 0 UID: 0 PID: 13146 Comm: syz.1.2093 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 530.312393][T13146] Tainted: [U]=USER [ 530.312398][T13146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 530.312406][T13146] Call Trace: [ 530.312412][T13146] [ 530.312426][T13146] dump_stack_lvl+0x16c/0x1f0 [ 530.312453][T13146] should_fail_ex+0x512/0x640 [ 530.312473][T13146] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 530.312498][T13146] should_failslab+0xc2/0x120 [ 530.312512][T13146] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 530.312534][T13146] ? __ip_vs_tcp_init+0x37/0xc0 [ 530.312554][T13146] kmemdup_noprof+0x29/0x60 [ 530.312574][T13146] ? __pfx___ip_vs_tcp_init+0x10/0x10 [ 530.312589][T13146] __ip_vs_tcp_init+0x37/0xc0 [ 530.312607][T13146] ip_vs_protocol_net_init+0x191/0x300 [ 530.312627][T13146] __ip_vs_init+0x239/0x520 [ 530.312640][T13146] ? __pfx___ip_vs_init+0x10/0x10 [ 530.312651][T13146] ops_init+0x1e2/0x5f0 [ 530.312667][T13146] setup_net+0x1ff/0x510 [ 530.312679][T13146] ? lockdep_init_map_type+0x5c/0x280 [ 530.312697][T13146] ? __pfx_setup_net+0x10/0x10 [ 530.312712][T13146] ? debug_mutex_init+0x37/0x70 [ 530.312727][T13146] copy_net_ns+0x2a6/0x5f0 [ 530.312743][T13146] create_new_namespaces+0x3ea/0xa90 [ 530.312763][T13146] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 530.312779][T13146] ksys_unshare+0x45b/0xa40 [ 530.312798][T13146] ? __pfx_ksys_unshare+0x10/0x10 [ 530.312815][T13146] ? xfd_validate_state+0x61/0x180 [ 530.312838][T13146] __x64_sys_unshare+0x31/0x40 [ 530.312855][T13146] do_syscall_64+0xcd/0x490 [ 530.312869][T13146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.312883][T13146] RIP: 0033:0x7f391c18e929 [ 530.312895][T13146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 530.312907][T13146] RSP: 002b:00007f391d057038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 530.312921][T13146] RAX: ffffffffffffffda RBX: 00007f391c3b5fa0 RCX: 00007f391c18e929 [ 530.312930][T13146] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 530.312938][T13146] RBP: 00007f391c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 530.312946][T13146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 530.312954][T13146] R13: 0000000000000000 R14: 00007f391c3b5fa0 R15: 00007ffc56687618 [ 530.312972][T13146] [ 534.090086][T13186] Invalid ELF header magic: != ELF [ 535.220027][ T51] Bluetooth: hci3: unexpected event 0x14 length: 11 > 6 [ 539.352671][T13262] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2120'. [ 540.162893][T13276] random: crng reseeded on system resumption [ 541.478458][ T51] Bluetooth: hci3: unexpected event 0x14 length: 11 > 6 [ 541.909263][T13305] ERROR: Out of memory at tomoyo_memory_ok. [ 542.615822][T13314] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma? [ 542.747991][T13317] ERROR: Out of memory at tomoyo_memory_ok. [ 542.835687][T13317] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2132'. [ 546.260233][T13337] ptrace attach of "./syz-executor exec"[5842] was attempted by "./syz-executor exec"[13337] [ 547.330093][T13364] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2143'. [ 547.380039][T13364] netlink: 'syz.3.2143': attribute type 1 has an invalid length. [ 547.413427][T13364] netlink: 'syz.3.2143': attribute type 6 has an invalid length. [ 548.121072][T13373] openvswitch: HfR: Dropping previously announced user features [ 548.178842][T13373] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2147'. [ 548.261718][T13373] HfR: left promiscuous mode [ 549.578397][ T51] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 550.612623][T13400] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2152'. [ 556.958182][T13484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2172'. [ 557.814242][T13500] can: request_module (can-proto-3) failed. [ 559.370737][T13513] Process accounting paused [ 562.624036][T13566] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 562.657663][T13566] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 562.701171][T13566] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 562.744910][T13566] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 562.839816][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.846139][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.866981][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 564.678352][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 564.747138][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 566.827008][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 566.846513][T13619] ERROR: Out of memory at tomoyo_memory_ok. [ 567.130800][T13626] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2197'. [ 568.615941][T13643] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2201'. [ 568.771066][T13643] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2201'. [ 576.404158][T13720] kexec: Could not allocate control_code_buffer [ 576.935782][T13733] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2221'. [ 576.997288][T13738] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2219'. [ 577.030651][T13717] Invalid ELF header magic: != ELF [ 589.533038][T13828] Process accounting resumed [ 589.969779][T13849] can: request_module (can-proto-0) failed. [ 591.564248][T13868] Invalid ELF header magic: != ELF [ 592.062698][T13880] mkiss: ax0: crc mode is auto. [ 592.974142][T13888] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2252'. [ 595.389892][T13919] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2260'. [ 595.515792][T13919] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2260'. [ 596.430768][T13933] Invalid ELF header magic: != ELF [ 601.435062][T13987] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input15 [ 602.481922][T14017] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2278'. [ 602.565074][T14019] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2278'. [ 602.855263][T14023] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 602.855263][T14023] The task syz.1.2279 (14023) triggered the difference, watch for misbehavior. [ 605.651234][ T51] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 609.519158][T14090] FAULT_INJECTION: forcing a failure. [ 609.519158][T14090] name failslab, interval 1, probability 0, space 0, times 0 [ 609.684020][T14090] CPU: 0 UID: 0 PID: 14090 Comm: syz.1.2292 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 609.684047][T14090] Tainted: [U]=USER [ 609.684052][T14090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 609.684061][T14090] Call Trace: [ 609.684066][T14090] [ 609.684071][T14090] dump_stack_lvl+0x16c/0x1f0 [ 609.684100][T14090] should_fail_ex+0x512/0x640 [ 609.684121][T14090] ? __kmalloc_noprof+0xbf/0x510 [ 609.684142][T14090] ? ptp_open+0x103/0x520 [ 609.684157][T14090] should_failslab+0xc2/0x120 [ 609.684171][T14090] __kmalloc_noprof+0xd2/0x510 [ 609.684203][T14090] ptp_open+0x103/0x520 [ 609.684222][T14090] ? __pfx_ptp_open+0x10/0x10 [ 609.684244][T14090] ? __pfx_ptp_open+0x10/0x10 [ 609.684261][T14090] posix_clock_open+0x17b/0x290 [ 609.684277][T14090] ? __pfx_posix_clock_open+0x10/0x10 [ 609.684292][T14090] chrdev_open+0x231/0x6a0 [ 609.684311][T14090] ? __pfx_apparmor_file_open+0x10/0x10 [ 609.684329][T14090] ? __pfx_chrdev_open+0x10/0x10 [ 609.684350][T14090] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 609.684371][T14090] do_dentry_open+0x744/0x1c10 [ 609.684390][T14090] ? __pfx_chrdev_open+0x10/0x10 [ 609.684414][T14090] vfs_open+0x82/0x3f0 [ 609.684430][T14090] path_openat+0x1de4/0x2cb0 [ 609.684455][T14090] ? __pfx_path_openat+0x10/0x10 [ 609.684475][T14090] ? __lock_acquire+0xb8a/0x1c90 [ 609.684495][T14090] do_filp_open+0x20b/0x470 [ 609.684514][T14090] ? __pfx_do_filp_open+0x10/0x10 [ 609.684546][T14090] ? alloc_fd+0x471/0x7d0 [ 609.684569][T14090] do_sys_openat2+0x11b/0x1d0 [ 609.684584][T14090] ? __pfx_do_sys_openat2+0x10/0x10 [ 609.684606][T14090] __x64_sys_openat+0x174/0x210 [ 609.684621][T14090] ? __pfx___x64_sys_openat+0x10/0x10 [ 609.684643][T14090] do_syscall_64+0xcd/0x490 [ 609.684657][T14090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.684672][T14090] RIP: 0033:0x7f391c18e929 [ 609.684684][T14090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 609.684697][T14090] RSP: 002b:00007f391d036038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 609.684711][T14090] RAX: ffffffffffffffda RBX: 00007f391c3b6080 RCX: 00007f391c18e929 [ 609.684720][T14090] RDX: 0000000000000440 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 609.684729][T14090] RBP: 00007f391c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 609.684738][T14090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 609.684747][T14090] R13: 0000000000000000 R14: 00007f391c3b6080 R15: 00007ffc56687618 [ 609.684766][T14090] [ 621.617697][T14189] Process accounting paused [ 622.537609][T14234] random: crng reseeded on system resumption [ 624.261282][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.267668][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.166490][T14266] FAULT_INJECTION: forcing a failure. [ 627.166490][T14266] name failslab, interval 1, probability 0, space 0, times 0 [ 627.263954][T14266] CPU: 0 UID: 0 PID: 14266 Comm: syz.0.2334 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 627.263980][T14266] Tainted: [U]=USER [ 627.263985][T14266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 627.263995][T14266] Call Trace: [ 627.264000][T14266] [ 627.264005][T14266] dump_stack_lvl+0x16c/0x1f0 [ 627.264032][T14266] should_fail_ex+0x512/0x640 [ 627.264052][T14266] ? fs_reclaim_acquire+0xae/0x150 [ 627.264070][T14266] should_failslab+0xc2/0x120 [ 627.264085][T14266] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 627.264105][T14266] ? security_inode_alloc+0x3b/0x2b0 [ 627.264122][T14266] security_inode_alloc+0x3b/0x2b0 [ 627.264137][T14266] inode_init_always_gfp+0xce4/0x1030 [ 627.264159][T14266] alloc_inode+0x86/0x240 [ 627.264172][T14266] new_inode+0x22/0x1c0 [ 627.264187][T14266] bdev_alloc+0x2b/0x420 [ 627.264206][T14266] __alloc_disk_node+0x116/0x630 [ 627.264228][T14266] __blk_mq_alloc_disk+0x89/0x120 [ 627.264248][T14266] loop_add+0x49e/0xb70 [ 627.264263][T14266] ? do_vfs_ioctl+0x523/0x1a60 [ 627.264278][T14266] ? __pfx_loop_add+0x10/0x10 [ 627.264291][T14266] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 627.264319][T14266] ? find_held_lock+0x2b/0x80 [ 627.264336][T14266] loop_control_ioctl+0x13e/0x630 [ 627.264352][T14266] ? __pfx_loop_control_ioctl+0x10/0x10 [ 627.264371][T14266] ? __pfx_loop_control_ioctl+0x10/0x10 [ 627.264387][T14266] __x64_sys_ioctl+0x18b/0x210 [ 627.264415][T14266] do_syscall_64+0xcd/0x490 [ 627.264430][T14266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 627.264445][T14266] RIP: 0033:0x7fede678e929 [ 627.264457][T14266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 627.264471][T14266] RSP: 002b:00007fede7628038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 627.264485][T14266] RAX: ffffffffffffffda RBX: 00007fede69b5fa0 RCX: 00007fede678e929 [ 627.264494][T14266] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000008 [ 627.264502][T14266] RBP: 00007fede6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 627.264510][T14266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 627.264518][T14266] R13: 0000000000000000 R14: 00007fede69b5fa0 R15: 00007fff860b8f28 [ 627.264537][T14266] [ 630.428836][ T5156] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 630.709367][T14327] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2337'. [ 634.504850][T14370] FAULT_INJECTION: forcing a failure. [ 634.504850][T14370] name failslab, interval 1, probability 0, space 0, times 0 [ 634.588719][T14370] CPU: 0 UID: 0 PID: 14370 Comm: syz.0.2344 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 634.588745][T14370] Tainted: [U]=USER [ 634.588750][T14370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 634.588759][T14370] Call Trace: [ 634.588764][T14370] [ 634.588770][T14370] dump_stack_lvl+0x16c/0x1f0 [ 634.588797][T14370] should_fail_ex+0x512/0x640 [ 634.588816][T14370] ? __kmalloc_noprof+0xbf/0x510 [ 634.588838][T14370] ? xfrm_hash_alloc+0xd1/0x100 [ 634.588856][T14370] should_failslab+0xc2/0x120 [ 634.588870][T14370] __kmalloc_noprof+0xd2/0x510 [ 634.588889][T14370] ? xfrm_state_init+0x377/0x630 [ 634.588906][T14370] ? xfrm_state_init+0x3d3/0x630 [ 634.588924][T14370] ? __pfx_xfrm_net_init+0x10/0x10 [ 634.588944][T14370] xfrm_hash_alloc+0xd1/0x100 [ 634.588962][T14370] xfrm_net_init+0x244/0xcc0 [ 634.588985][T14370] ? __pfx_xfrm_net_init+0x10/0x10 [ 634.589004][T14370] ops_init+0x1e2/0x5f0 [ 634.589021][T14370] setup_net+0x1ff/0x510 [ 634.589033][T14370] ? lockdep_init_map_type+0x5c/0x280 [ 634.589051][T14370] ? __pfx_setup_net+0x10/0x10 [ 634.589066][T14370] ? debug_mutex_init+0x37/0x70 [ 634.589082][T14370] copy_net_ns+0x2a6/0x5f0 [ 634.589099][T14370] create_new_namespaces+0x3ea/0xa90 [ 634.589119][T14370] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 634.589135][T14370] ksys_unshare+0x45b/0xa40 [ 634.589153][T14370] ? __pfx_ksys_unshare+0x10/0x10 [ 634.589172][T14370] ? syscall_user_dispatch+0x78/0x140 [ 634.589197][T14370] __x64_sys_unshare+0x31/0x40 [ 634.589214][T14370] do_syscall_64+0xcd/0x490 [ 634.589228][T14370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.589242][T14370] RIP: 0033:0x7fede678e929 [ 634.589254][T14370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 634.589267][T14370] RSP: 002b:00007fede7628038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 634.589281][T14370] RAX: ffffffffffffffda RBX: 00007fede69b5fa0 RCX: 00007fede678e929 [ 634.589291][T14370] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 634.589299][T14370] RBP: 00007fede6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 634.589307][T14370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 634.589315][T14370] R13: 0000000000000000 R14: 00007fede69b5fa0 R15: 00007fff860b8f28 [ 634.589332][T14370] [ 636.230175][T14383] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2346'. [ 636.864749][T14388] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2347'. [ 637.768349][T14394] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2348'. [ 638.600434][T14407] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input16 [ 639.734088][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805dd8b400: rx timeout, send abort [ 639.742355][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805dd8b800: rx timeout, send abort [ 639.750888][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805dd8b400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 639.765213][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805dd8b800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 644.342543][T14468] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2364'. [ 646.766532][T14495] Invalid ELF header magic: != ELF [ 648.857350][ T30] audit: type=1800 audit(4295032547.627:23): pid=14518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2375" name="dummy_udc" dev="gadgetfs" ino=6006 res=0 errno=0 [ 649.085655][ T30] audit: type=1800 audit(4295032547.837:24): pid=14519 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2375" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 649.690201][T14522] netlink: 'syz.0.2376': attribute type 2 has an invalid length. [ 651.760287][T14534] Process accounting resumed [ 653.630701][T14563] vivid-003: ================= START STATUS ================= [ 653.683842][T14563] vivid-003: Radio HW Seek Mode: Bounded [ 653.710778][T14563] vivid-003: Radio Programmable HW Seek: false [ 653.779606][T14563] vivid-003: RDS Rx I/O Mode: Block I/O [ 653.785190][T14563] vivid-003: Generate RBDS Instead of RDS: false [ 654.022651][T14563] vivid-003: RDS Reception: true [ 654.070046][T14563] vivid-003: RDS Program Type: 0 inactive [ 654.178337][T14563] vivid-003: RDS PS Name: inactive [ 654.183571][T14563] vivid-003: RDS Radio Text: inactive [ 654.308962][T14563] vivid-003: RDS Traffic Announcement: false inactive [ 654.315759][T14563] vivid-003: RDS Traffic Program: false inactive [ 654.420444][T14563] vivid-003: RDS Music: false inactive [ 654.425997][T14563] vivid-003: ================== END STATUS ================== [ 658.649638][T14623] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2394'. [ 658.847523][ T51] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 658.987551][T14622] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2394'. [ 660.268304][T14642] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input17 [ 661.248240][T14647] netlink: 504 bytes leftover after parsing attributes in process `syz.0.2399'. [ 661.315952][T14647] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2399'. [ 662.312498][T14662] [U] [ 662.315301][T14662] [U] [ 662.317983][T14662] [U] [ 662.320663][T14662] [U] [ 662.407473][T14662] [U] [ 662.410218][T14662] [U] [ 662.412910][T14662] [U] [ 662.415592][T14662] [U] [ 662.476014][T14662] [U] [ 662.478720][T14662] [U] [ 662.481398][T14662] [U] [ 662.484072][T14662] [U] [ 662.549416][T14662] [U] [ 662.552133][T14662] [U] [ 662.554808][T14662] [U] [ 662.557480][T14662] [U] [ 662.610317][T14662] [U] [ 662.613026][T14662] [U] [ 662.615699][T14662] [U] [ 662.618375][T14662] [U] [ 662.673925][T14662] [U] [ 662.676635][T14662] [U] [ 662.679309][T14662] [U] [ 662.681984][T14662] [U] [ 662.720724][T14665] Invalid ELF header magic: != ELF [ 662.748222][T14662] [U] [ 662.750931][T14662] [U] [ 662.753604][T14662] [U] [ 662.756276][T14662] [U] [ 662.815280][T14662] [U] [ 662.817992][T14662] [U] [ 662.820666][T14662] [U] [ 662.823338][T14662] [U] [ 662.886797][T14662] [U] [ 662.889508][T14662] [U] [ 662.892182][T14662] [U] [ 662.894854][T14662] [U] [ 662.966901][T14662] [U] [ 662.969613][T14662] [U] [ 662.972288][T14662] [U] [ 662.974961][T14662] [U] [ 663.082966][T14662] [U] [ 663.085677][T14662] [U] [ 663.088356][T14662] [U] [ 663.091030][T14662] [U] [ 663.218974][T14662] [U] [ 663.619263][T14675] FAULT_INJECTION: forcing a failure. [ 663.619263][T14675] name failslab, interval 1, probability 0, space 0, times 0 [ 663.794700][T14675] CPU: 0 UID: 0 PID: 14675 Comm: syz.1.2407 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 663.794726][T14675] Tainted: [U]=USER [ 663.794731][T14675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 663.794739][T14675] Call Trace: [ 663.794744][T14675] [ 663.794750][T14675] dump_stack_lvl+0x16c/0x1f0 [ 663.794775][T14675] should_fail_ex+0x512/0x640 [ 663.794795][T14675] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 663.794816][T14675] should_failslab+0xc2/0x120 [ 663.794830][T14675] __kmalloc_cache_noprof+0x6a/0x3e0 [ 663.794848][T14675] ? cuse_channel_open+0x1de/0x7f0 [ 663.794869][T14675] cuse_channel_open+0x1de/0x7f0 [ 663.794886][T14675] ? __pfx_cuse_channel_open+0x10/0x10 [ 663.794905][T14675] misc_open+0x35d/0x420 [ 663.794922][T14675] ? __pfx_misc_open+0x10/0x10 [ 663.794938][T14675] chrdev_open+0x231/0x6a0 [ 663.794957][T14675] ? __pfx_apparmor_file_open+0x10/0x10 [ 663.794975][T14675] ? __pfx_chrdev_open+0x10/0x10 [ 663.794996][T14675] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 663.795017][T14675] do_dentry_open+0x744/0x1c10 [ 663.795037][T14675] ? __pfx_chrdev_open+0x10/0x10 [ 663.795060][T14675] vfs_open+0x82/0x3f0 [ 663.795077][T14675] path_openat+0x1de4/0x2cb0 [ 663.795102][T14675] ? __pfx_path_openat+0x10/0x10 [ 663.795122][T14675] ? __lock_acquire+0xb8a/0x1c90 [ 663.795141][T14675] do_filp_open+0x20b/0x470 [ 663.795160][T14675] ? __pfx_do_filp_open+0x10/0x10 [ 663.795192][T14675] ? alloc_fd+0x471/0x7d0 [ 663.795215][T14675] do_sys_openat2+0x11b/0x1d0 [ 663.795229][T14675] ? __pfx_do_sys_openat2+0x10/0x10 [ 663.795251][T14675] __x64_sys_openat+0x174/0x210 [ 663.795266][T14675] ? __pfx___x64_sys_openat+0x10/0x10 [ 663.795289][T14675] do_syscall_64+0xcd/0x490 [ 663.795302][T14675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.795316][T14675] RIP: 0033:0x7f391c18e929 [ 663.795328][T14675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 663.795341][T14675] RSP: 002b:00007f391d036038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 663.795355][T14675] RAX: ffffffffffffffda RBX: 00007f391c3b6080 RCX: 00007f391c18e929 [ 663.795364][T14675] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 663.795373][T14675] RBP: 00007f391c210b39 R08: 0000000000000000 R09: 0000000000000000 [ 663.795381][T14675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 663.795390][T14675] R13: 0000000000000000 R14: 00007f391c3b6080 R15: 00007ffc56687618 [ 663.795408][T14675] [ 664.607175][T14689] ERROR: Out of memory at tomoyo_memory_ok. [ 667.446705][T14739] mkiss: ax0: crc mode is auto. [ 667.479166][T14736] binder: 14735:14736 ioctl c018620c 0 returned -22 [ 668.808708][T14752] GUP no longer grows the stack in syz.0.2421 (14752): 14000-401000 (4000) [ 668.869113][T14752] CPU: 0 UID: 0 PID: 14752 Comm: syz.0.2421 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 668.869140][T14752] Tainted: [U]=USER [ 668.869145][T14752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 668.869153][T14752] Call Trace: [ 668.869158][T14752] [ 668.869164][T14752] dump_stack_lvl+0x16c/0x1f0 [ 668.869189][T14752] gup_vma_lookup+0x1d2/0x220 [ 668.869205][T14752] __get_user_pages+0x271/0x3b80 [ 668.869226][T14752] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 668.869248][T14752] ? kasan_save_stack+0x42/0x60 [ 668.869268][T14752] ? __pfx___get_user_pages+0x10/0x10 [ 668.869283][T14752] ? register_lock_class+0x41/0x4c0 [ 668.869300][T14752] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 668.869320][T14752] ? do_syscall_64+0xcd/0x490 [ 668.869338][T14752] __gup_longterm_locked+0x20d/0x1850 [ 668.869355][T14752] ? __lock_acquire+0xb8a/0x1c90 [ 668.869375][T14752] ? __pfx___gup_longterm_locked+0x10/0x10 [ 668.869399][T14752] pin_user_pages_remote+0xed/0x140 [ 668.869416][T14752] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 668.869431][T14752] ? mm_access+0x22d/0x2e0 [ 668.869453][T14752] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 668.869483][T14752] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 668.869506][T14752] ? iovec_from_user+0xbb/0x140 [ 668.869528][T14752] ? iovec_from_user+0xbb/0x140 [ 668.869542][T14752] process_vm_rw+0x216/0x2c0 [ 668.869563][T14752] ? __pfx_process_vm_rw+0x10/0x10 [ 668.869583][T14752] ? __pfx_futex_wake+0x10/0x10 [ 668.869606][T14752] ? __pfx___sys_sendmmsg+0x10/0x10 [ 668.869646][T14752] ? xfd_validate_state+0x61/0x180 [ 668.869662][T14752] ? __task_pid_nr_ns+0x17c/0x500 [ 668.869682][T14752] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 668.869703][T14752] ? do_syscall_64+0x91/0x490 [ 668.869715][T14752] ? lockdep_hardirqs_on+0x7c/0x110 [ 668.869734][T14752] do_syscall_64+0xcd/0x490 [ 668.869748][T14752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.869762][T14752] RIP: 0033:0x7fede678e929 [ 668.869773][T14752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 668.869786][T14752] RSP: 002b:00007fede7607038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 668.869800][T14752] RAX: ffffffffffffffda RBX: 00007fede69b6080 RCX: 00007fede678e929 [ 668.869809][T14752] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 00000000000007d5 [ 668.869817][T14752] RBP: 00007fede6810b39 R08: 0000000000000003 R09: 0000000000000000 [ 668.869825][T14752] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 668.869833][T14752] R13: 0000000000000000 R14: 00007fede69b6080 R15: 00007fff860b8f28 [ 668.869851][T14752] [ 673.133051][T14840] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2437'. [ 673.264183][T14837] netlink: 102 bytes leftover after parsing attributes in process `syz.3.2437'. [ 673.319241][T14842] random: crng reseeded on system resumption [ 674.512754][T14858] Invalid ELF header magic: != ELF [ 675.098779][T14864] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2443'. [ 675.146760][T14864] team_slave_0: entered allmulticast mode [ 675.252546][T14861] syz.3.2442 (14861): attempted to duplicate a private mapping with mremap. This is not supported. [ 677.329158][T14899] sd 0:0:1:0: PR command failed: 1026 [ 677.334571][T14899] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 677.497242][T14899] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 677.968442][T14912] ERROR: Out of memory at tomoyo_memory_ok. [ 679.841693][T14938] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2458'. [ 679.912292][T14938] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2458'. [ 680.378218][T14952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2460'. [ 681.849387][T14964] Process accounting paused [ 684.237355][T15003] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2471'. [ 685.679742][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.687177][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.027747][T15037] Invalid ELF header magic: != ELF [ 686.404364][T15041] Invalid ELF header magic: != ELF [ 687.601323][T15064] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2483'. [ 688.815454][T15086] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2488'. [ 689.462977][T15101] ERROR: Out of memory at tomoyo_memory_ok. [ 690.790364][T15130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2497'. [ 692.807205][T14719] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 692.815421][T14719] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 692.823981][T14719] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 692.831998][T14719] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 692.839659][T14719] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 693.012698][T15160] chnl_net:caif_netlink_parms(): no params data found [ 693.076518][T15160] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.097268][T15160] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.104453][T15160] bridge_slave_0: entered allmulticast mode [ 693.148795][T15160] bridge_slave_0: entered promiscuous mode [ 693.173720][T15160] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.197156][T15160] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.215808][T15160] bridge_slave_1: entered allmulticast mode [ 693.236571][T15160] bridge_slave_1: entered promiscuous mode [ 693.381263][T15160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 693.423941][T15160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 693.612516][T15160] team0: Port device team_slave_0 added [ 693.663065][T15160] team0: Port device team_slave_1 added [ 693.840676][T15160] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 693.867410][T15160] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 693.994037][T15160] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 694.059717][T15160] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 694.101084][T15160] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 694.208038][T15160] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 694.370078][T15160] hsr_slave_0: entered promiscuous mode [ 694.396186][T15160] hsr_slave_1: entered promiscuous mode [ 694.417955][T15160] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 694.447019][T15160] Cannot create hsr debugfs directory [ 694.877110][T14719] Bluetooth: hci4: command tx timeout [ 694.906844][T15160] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 694.943559][T15160] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 694.974657][T15160] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 694.999973][T15160] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 695.300903][T15160] 8021q: adding VLAN 0 to HW filter on device bond0 [ 695.371405][T15160] 8021q: adding VLAN 0 to HW filter on device team0 [ 695.455815][T14737] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.463005][T14737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 695.535715][T14737] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.542850][T14737] bridge0: port 2(bridge_slave_1) entered forwarding state [ 695.857340][T15234] Invalid ELF header magic: != ELF [ 696.152701][T15160] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 696.958054][T14719] Bluetooth: hci4: command tx timeout [ 696.988388][T15160] veth0_vlan: entered promiscuous mode [ 697.033385][T15160] veth1_vlan: entered promiscuous mode [ 697.110576][T15160] veth0_macvtap: entered promiscuous mode [ 697.153159][T15160] veth1_macvtap: entered promiscuous mode [ 697.204273][T15160] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 697.259857][T15160] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 697.300508][T15160] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.336799][T15160] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.379998][T15160] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.407871][T15160] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 697.714915][T14737] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 697.756363][T14737] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 697.890109][T14839] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 697.923212][T14839] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 699.037317][T14719] Bluetooth: hci4: command tx timeout [ 700.156851][T15311] can: request_module (can-proto-3) failed. [ 700.925581][T15322] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 701.118033][T14719] Bluetooth: hci4: command tx timeout [ 702.287241][T15340] ERROR: Out of memory at tomoyo_memory_ok. [ 702.517651][T15345] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2538'. [ 702.605064][T15345] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2538'. [ 703.084996][T15353] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 704.949911][T15376] openvswitch: HfR: Dropping previously announced user features [ 704.988617][T15376] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2546'. [ 705.019851][T15376] openvswitch: HfR: Dropping previously announced user features [ 705.186248][T15386] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input18 [ 706.314151][T15403] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2557'. [ 706.487832][T15403] hub 8-0:1.0: USB hub found [ 706.522276][T15411] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2557'. [ 706.569952][T15403] hub 8-0:1.0: 1 port detected [ 707.923151][T15440] netlink: 'syz.3.2556': attribute type 1 has an invalid length. [ 707.947534][T15440] netlink: 33 bytes leftover after parsing attributes in process `syz.3.2556'. [ 710.379227][T14719] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 710.379251][T14719] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 710.394587][T14719] Bluetooth: hci3: adv larger than maximum supported [ 710.394607][T14719] Bluetooth: hci3: adv larger than maximum supported [ 712.412247][T15517] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2570'. [ 712.462914][T15493] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 712.469622][T15493] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 712.527078][T15519] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2570'. [ 712.585125][T15493] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 712.593119][T15493] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 712.631454][T15493] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 712.654080][T15493] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 712.690282][T15493] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 712.711342][T15493] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 712.740992][T15493] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 713.758822][T14719] Bluetooth: hci0: command 0x0406 tx timeout [ 714.025060][T15530] kafs: addr_prefs: Invalid Command [ 714.636794][T14719] Bluetooth: hci3: command 0x0406 tx timeout [ 714.642827][T14729] Bluetooth: hci1: command 0x0406 tx timeout [ 714.717769][T14729] Bluetooth: hci4: command 0x0c1a tx timeout [ 715.836811][T14729] Bluetooth: hci0: command 0x0406 tx timeout [ 716.278028][T15577] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2582'. [ 716.367584][T15580] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2582'. [ 716.716962][T14729] Bluetooth: hci1: command 0x0406 tx timeout [ 716.723042][T14719] Bluetooth: hci3: command 0x0406 tx timeout [ 716.797151][T14729] Bluetooth: hci4: command 0x0c1a tx timeout [ 717.087044][T15585] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 717.225155][ T5192] ERROR: Out of memory at tomoyo_memory_ok. [ 718.673795][T15565] kexec: Could not allocate control_code_buffer [ 718.876977][T14729] Bluetooth: hci4: command 0x0c1a tx timeout [ 720.089935][T15632] ERROR: Out of memory at tomoyo_memory_ok. [ 720.158775][T15633] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2593'. [ 720.251307][T15637] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2593'. [ 723.199872][T15679] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 724.537189][T15698] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2605'. [ 724.634989][T15699] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2605'. [ 728.823273][T15752] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2615'. [ 728.855007][T15744] FAULT_INJECTION: forcing a failure. [ 728.855007][T15744] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 728.897644][T15744] CPU: 0 UID: 0 PID: 15744 Comm: syz.0.2614 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 728.897670][T15744] Tainted: [U]=USER [ 728.897674][T15744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 728.897683][T15744] Call Trace: [ 728.897688][T15744] [ 728.897695][T15744] dump_stack_lvl+0x16c/0x1f0 [ 728.897722][T15744] should_fail_ex+0x512/0x640 [ 728.897746][T15744] should_fail_alloc_page+0xe7/0x130 [ 728.897761][T15744] prepare_alloc_pages+0x3c2/0x610 [ 728.897780][T15744] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 728.897800][T15744] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 728.897826][T15744] ? __lock_acquire+0x622/0x1c90 [ 728.897846][T15744] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 728.897865][T15744] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 728.897902][T15744] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 728.897927][T15744] ? policy_nodemask+0xea/0x4e0 [ 728.897951][T15744] alloc_pages_mpol+0x1fb/0x550 [ 728.897966][T15744] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 728.897979][T15744] ? do_raw_spin_lock+0x12c/0x2b0 [ 728.897998][T15744] ? find_held_lock+0x2b/0x80 [ 728.898016][T15744] alloc_pages_noprof+0x131/0x390 [ 728.898030][T15744] __pmd_alloc+0x3b/0x930 [ 728.898044][T15744] ? __pud_alloc+0x526/0x750 [ 728.898060][T15744] copy_page_range+0x2419/0x5740 [ 728.898079][T15744] ? dup_mmap+0x877/0x21d0 [ 728.898093][T15744] ? copy_process+0x4081/0x76a0 [ 728.898109][T15744] ? do_syscall_64+0xcd/0x490 [ 728.898124][T15744] ? __lock_acquire+0x622/0x1c90 [ 728.898155][T15744] ? __pfx_copy_page_range+0x10/0x10 [ 728.898177][T15744] ? __pfx___might_resched+0x10/0x10 [ 728.898190][T15744] ? __pfx_mas_store+0x10/0x10 [ 728.898203][T15744] ? __vma_enter_locked+0x163/0x3f0 [ 728.898222][T15744] ? dup_mmap+0xe38/0x21d0 [ 728.898237][T15744] ? down_write+0x14d/0x200 [ 728.898252][T15744] ? up_write+0x1b2/0x520 [ 728.898273][T15744] dup_mmap+0xe88/0x21d0 [ 728.898296][T15744] ? __pfx_dup_mmap+0x10/0x10 [ 728.898324][T15744] copy_process+0x4081/0x76a0 [ 728.898339][T15744] ? preempt_schedule_thunk+0x16/0x30 [ 728.898364][T15744] ? __pfx_copy_process+0x10/0x10 [ 728.898379][T15744] ? plist_check_head+0xa3/0x150 [ 728.898399][T15744] ? futex_private_hash_put+0xc7/0x240 [ 728.898418][T15744] kernel_clone+0xfc/0x960 [ 728.898434][T15744] ? __pfx_futex_wake+0x10/0x10 [ 728.898451][T15744] ? __pfx_kernel_clone+0x10/0x10 [ 728.898478][T15744] __do_sys_clone+0xce/0x120 [ 728.898494][T15744] ? __pfx___do_sys_clone+0x10/0x10 [ 728.898509][T15744] ? ksys_unshare+0x687/0xa40 [ 728.898534][T15744] ? xfd_validate_state+0x61/0x180 [ 728.898558][T15744] do_syscall_64+0xcd/0x490 [ 728.898571][T15744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.898585][T15744] RIP: 0033:0x7fede678e929 [ 728.898598][T15744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 728.898611][T15744] RSP: 002b:00007fede7627fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 728.898625][T15744] RAX: ffffffffffffffda RBX: 00007fede69b5fa0 RCX: 00007fede678e929 [ 728.898635][T15744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 728.898644][T15744] RBP: 00007fede6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 728.898652][T15744] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 728.898660][T15744] R13: 0000000000000000 R14: 00007fede69b5fa0 R15: 00007fff860b8f28 [ 728.898680][T15744] [ 729.767579][T15761] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2618'. [ 729.824134][T15757] HfR: entered promiscuous mode [ 729.824700][T15761] openvswitch: HfR: Dropping previously announced user features [ 730.058122][T15752] hub 8-0:1.0: USB hub found [ 730.058337][T15752] hub 8-0:1.0: 1 port detected [ 730.063219][T15769] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2615'. [ 730.322316][T15778] HfR: entered promiscuous mode [ 730.381429][T15778] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2629'. [ 730.438315][T15778] openvswitch: HfR: Dropping previously announced user features [ 730.485238][T15778] device-mapper: ioctl: Unable to rename non-existent device,  to [ 731.138155][T15800] : Can't lookup blockdev [ 733.079038][T14729] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 733.079063][T14729] Bluetooth: hci4: unexpected subevent 0x0d length: 725 > 260 [ 733.093844][T14729] Bluetooth: hci4: adv larger than maximum supported [ 733.093878][T14729] Bluetooth: hci4: Unknown advertising packet type: 0x20 [ 733.100832][T14729] Bluetooth: hci4: adv larger than maximum supported [ 733.108010][T14729] Bluetooth: hci4: Unknown advertising packet type: 0x20 [ 733.114677][T14729] Bluetooth: hci4: adv larger than maximum supported [ 735.770159][T15872] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2642'. [ 735.834781][T15870] can: request_module (can-proto-0) failed. [ 736.969250][T15904] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2647'. [ 737.090240][T15907] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2647'. [ 737.892214][T15924] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2650'. [ 738.113618][T15929] netlink: 94 bytes leftover after parsing attributes in process `syz.2.2651'. [ 738.608405][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 740.682361][T15968] warn_alloc: 1 callbacks suppressed [ 740.682375][T15968] syz.4.2658: vmalloc error: size 1810432, failed to allocate pages, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 740.782093][T15968] CPU: 0 UID: 0 PID: 15968 Comm: syz.4.2658 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 740.782119][T15968] Tainted: [U]=USER [ 740.782124][T15968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 740.782133][T15968] Call Trace: [ 740.782139][T15968] [ 740.782144][T15968] dump_stack_lvl+0x16c/0x1f0 [ 740.782171][T15968] warn_alloc+0x248/0x3a0 [ 740.782192][T15968] ? __pfx_warn_alloc+0x10/0x10 [ 740.782212][T15968] ? alloc_pages_mpol+0x25a/0x550 [ 740.782228][T15968] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 740.782249][T15968] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 740.782274][T15968] ? __snd_dma_alloc_pages+0x50/0x90 [ 740.782298][T15968] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 740.782319][T15968] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 740.782344][T15968] ? __snd_dma_alloc_pages+0x50/0x90 [ 740.782361][T15968] __vmalloc_node_noprof+0xad/0xf0 [ 740.782378][T15968] ? __snd_dma_alloc_pages+0x50/0x90 [ 740.782395][T15968] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 740.782415][T15968] __snd_dma_alloc_pages+0x50/0x90 [ 740.782434][T15968] snd_dma_alloc_dir_pages+0x151/0x240 [ 740.782454][T15968] do_alloc_pages+0x115/0x280 [ 740.782474][T15968] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 740.782495][T15968] snd_pcm_hw_params+0x15e1/0x1b40 [ 740.782517][T15968] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 740.782535][T15968] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 740.782555][T15968] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 740.782572][T15968] ? __asan_memset+0x23/0x50 [ 740.782591][T15968] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 740.782610][T15968] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 740.782646][T15968] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 740.782666][T15968] ? snd_pcm_oss_sync+0x30c/0x840 [ 740.782695][T15968] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 740.782714][T15968] snd_pcm_oss_sync+0x32e/0x840 [ 740.782732][T15968] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 740.782749][T15968] snd_pcm_oss_release+0x28b/0x310 [ 740.782766][T15968] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 740.782781][T15968] __fput+0x3ff/0xb70 [ 740.782799][T15968] task_work_run+0x14d/0x240 [ 740.782820][T15968] ? __pfx_task_work_run+0x10/0x10 [ 740.782839][T15968] ? __pfx___do_sys_close_range+0x10/0x10 [ 740.782862][T15968] exit_to_user_mode_loop+0xeb/0x110 [ 740.782884][T15968] do_syscall_64+0x3f6/0x490 [ 740.782898][T15968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.782912][T15968] RIP: 0033:0x7fe23258e929 [ 740.782925][T15968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 740.782939][T15968] RSP: 002b:00007fe23336d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 740.782953][T15968] RAX: 0000000000000000 RBX: 00007fe2327b5fa0 RCX: 00007fe23258e929 [ 740.782962][T15968] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 740.782971][T15968] RBP: 00007fe232610b39 R08: 0000000000000000 R09: 0000000000000000 [ 740.782980][T15968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 740.782988][T15968] R13: 0000000000000000 R14: 00007fe2327b5fa0 R15: 00007ffc9213e758 [ 740.783007][T15968] [ 740.783012][T15968] Mem-Info: [ 741.636437][T15968] active_anon:45813 inactive_anon:0 isolated_anon:0 [ 741.636437][T15968] active_file:17804 inactive_file:44562 isolated_file:0 [ 741.636437][T15968] unevictable:768 dirty:742 writeback:0 [ 741.636437][T15968] slab_reclaimable:11807 slab_unreclaimable:133211 [ 741.636437][T15968] mapped:33904 shmem:23531 pagetables:1205 [ 741.636437][T15968] sec_pagetables:0 bounce:0 [ 741.636437][T15968] kernel_misc_reclaimable:0 [ 741.636437][T15968] free:1231984 free_pcp:10564 free_cma:0 [ 741.776939][T15984] ERROR: Out of memory at tomoyo_memory_ok. [ 741.929247][T15968] Node 0 active_anon:175504kB inactive_anon:0kB active_file:71180kB inactive_file:177656kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131440kB dirty:3120kB writeback:0kB shmem:90608kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:14256kB pagetables:4612kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 742.286752][T15968] Node 1 active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:592kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120kB dirty:4kB writeback:0kB shmem:3568kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 742.547607][T15968] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 742.696782][T15968] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 742.733137][T15968] Node 0 DMA32 free:999040kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:179620kB inactive_anon:0kB active_file:71180kB inactive_file:176336kB unevictable:1536kB writepending:3276kB present:3129332kB managed:2540876kB mlocked:0kB bounce:0kB free_pcp:37560kB local_pcp:37560kB free_cma:0kB [ 742.867492][T15968] lowmem_reserve[]: 0 0 1 1 1 [ 742.897619][T15968] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:16kB free_cma:0kB [ 743.024652][T15968] lowmem_reserve[]: 0 0 0 0 0 [ 743.034785][T15968] Node 1 Normal free:3914080kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:592kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:6264kB local_pcp:6264kB free_cma:0kB [ 743.135382][T15968] lowmem_reserve[]: 0 0 0 0 0 [ 743.150249][T15968] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 743.237276][T15968] Node 0 DMA32: 7948*4kB (ME) 1936*8kB (UME) 2106*16kB (UM) 1179*32kB (UME) 482*64kB (ME) 489*128kB (ME) 242*256kB (UME) 193*512kB (ME) 56*1024kB (UM) 1*2048kB (U) 138*4096kB (UM) = 997552kB [ 743.308012][T15968] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 743.344755][T15968] Node 1 Normal: 99*4kB (UM) 44*8kB (UE) 42*16kB (UME) 232*32kB (UME) 100*64kB (UME) 38*128kB (UME) 13*256kB (UME) 3*512kB (UE) 0*1024kB 3*2048kB (UE) 948*4096kB (M) = 3914124kB [ 743.384335][T15968] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 743.407034][T15968] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 743.427048][T15968] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 743.447615][T15968] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 743.467313][T15968] 86537 total pagecache pages [ 743.478563][T15968] 0 pages in swap cache [ 743.486881][T15968] Free swap = 124996kB [ 743.495815][T15968] Total swap = 124996kB [ 743.515931][T15968] 2097051 pages RAM [ 743.546751][T15968] 0 pages HighMem/MovableOnly [ 743.551440][T15968] 429854 pages reserved [ 743.586849][T15968] 0 pages cma reserved [ 744.024669][T16025] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2669'. [ 744.135874][T16028] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2669'. [ 745.411421][T16047] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2673'. [ 745.458871][T16047] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2673'. [ 745.564455][T16053] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2675'. [ 746.142644][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 746.756002][T16077] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2679'. [ 747.121600][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.127969][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.744242][T16110] HfR: entered promiscuous mode [ 748.779744][T16110] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2687'. [ 748.834255][T16112] device-mapper: ioctl: Unable to rename non-existent device,  to [ 748.860609][T16110] openvswitch: HfR: Dropping previously announced user features [ 750.378013][T16123] kexec: Could not allocate control_code_buffer [ 751.422914][T16147] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2694'. [ 753.247468][T16174] program syz.0.2700 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 753.295905][T16174] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 754.131414][T16176] ubi0: attaching mtd0 [ 754.156419][T16176] ubi0: scanning is finished [ 754.186409][T16176] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 754.456673][T16199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2706'. [ 754.560387][T16203] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2706'. [ 754.579002][T16176] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 754.800609][T16205] netlink: 296 bytes leftover after parsing attributes in process `syz.3.2707'. [ 755.974272][T16237] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2713'. [ 756.042695][T16237] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2713'. [ 756.600377][T16234] ERROR: Out of memory at tomoyo_memory_ok. [ 757.002309][T16263] Invalid ELF header magic: != ELF [ 759.199389][T16295] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2732'. [ 760.054261][T16282] kexec: Could not allocate control_code_buffer [ 761.245773][T16327] ERROR: Out of memory at tomoyo_memory_ok. [ 762.444951][T16360] ERROR: Out of memory at tomoyo_memory_ok. [ 765.448092][T16410] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2747'. [ 767.015931][T16437] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2753'. [ 767.458100][T16447] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2755'. [ 767.840382][T16452] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2757'. [ 768.459937][T16462] FAULT_INJECTION: forcing a failure. [ 768.459937][T16462] name failslab, interval 1, probability 0, space 0, times 0 [ 768.578984][T16462] CPU: 0 UID: 0 PID: 16462 Comm: syz.0.2758 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 768.579011][T16462] Tainted: [U]=USER [ 768.579016][T16462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 768.579024][T16462] Call Trace: [ 768.579031][T16462] [ 768.579037][T16462] dump_stack_lvl+0x16c/0x1f0 [ 768.579068][T16462] should_fail_ex+0x512/0x640 [ 768.579089][T16462] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 768.579112][T16462] should_failslab+0xc2/0x120 [ 768.579126][T16462] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 768.579146][T16462] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 768.579168][T16462] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 768.579190][T16462] radix_tree_extend+0x1a2/0x4d0 [ 768.579211][T16462] idr_get_free+0x5e9/0xa30 [ 768.579237][T16462] idr_alloc_u32+0x190/0x2f0 [ 768.579258][T16462] ? __pfx_idr_alloc_u32+0x10/0x10 [ 768.579280][T16462] ? __pfx___mutex_lock+0x10/0x10 [ 768.579292][T16462] ? lockdep_init_map_type+0x5c/0x280 [ 768.579314][T16462] idr_alloc+0xc0/0x130 [ 768.579331][T16462] ? __pfx_idr_alloc+0x10/0x10 [ 768.579355][T16462] nbd_dev_add+0x814/0xbc0 [ 768.579376][T16462] ? __pfx_nbd_dev_add+0x10/0x10 [ 768.579407][T16462] ? bpf_lsm_capable+0x9/0x10 [ 768.579424][T16462] ? __radix_tree_lookup+0x21f/0x2c0 [ 768.579447][T16462] nbd_genl_connect+0x8b0/0x1c20 [ 768.579471][T16462] ? __pfx_nbd_genl_connect+0x10/0x10 [ 768.579492][T16462] ? __nla_parse+0x40/0x60 [ 768.579508][T16462] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 768.579527][T16462] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 768.579550][T16462] genl_family_rcv_msg_doit+0x206/0x2f0 [ 768.579569][T16462] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 768.579587][T16462] ? genl_get_cmd+0x194/0x580 [ 768.579609][T16462] ? __radix_tree_lookup+0x21f/0x2c0 [ 768.579631][T16462] genl_rcv_msg+0x55c/0x800 [ 768.579651][T16462] ? __pfx_genl_rcv_msg+0x10/0x10 [ 768.579672][T16462] ? __pfx_nbd_genl_connect+0x10/0x10 [ 768.579699][T16462] netlink_rcv_skb+0x155/0x420 [ 768.579714][T16462] ? __pfx_genl_rcv_msg+0x10/0x10 [ 768.579732][T16462] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 768.579756][T16462] ? netlink_deliver_tap+0x1ae/0xd30 [ 768.579780][T16462] genl_rcv+0x28/0x40 [ 768.579796][T16462] netlink_unicast+0x53d/0x7f0 [ 768.579814][T16462] ? __pfx_netlink_unicast+0x10/0x10 [ 768.579836][T16462] netlink_sendmsg+0x8d1/0xdd0 [ 768.579856][T16462] ? __pfx_netlink_sendmsg+0x10/0x10 [ 768.579880][T16462] ____sys_sendmsg+0xa98/0xc70 [ 768.579897][T16462] ? copy_msghdr_from_user+0x10a/0x160 [ 768.579917][T16462] ? __pfx_____sys_sendmsg+0x10/0x10 [ 768.579931][T16462] ? preempt_schedule_thunk+0x16/0x30 [ 768.579952][T16462] ? try_to_wake_up+0xa2f/0x1680 [ 768.579970][T16462] ___sys_sendmsg+0x134/0x1d0 [ 768.579992][T16462] ? __pfx____sys_sendmsg+0x10/0x10 [ 768.580010][T16462] ? __lock_acquire+0x622/0x1c90 [ 768.580052][T16462] __sys_sendmsg+0x16d/0x220 [ 768.580073][T16462] ? __pfx___sys_sendmsg+0x10/0x10 [ 768.580092][T16462] ? __x64_sys_futex+0x1e0/0x4c0 [ 768.580121][T16462] do_syscall_64+0xcd/0x490 [ 768.580135][T16462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 768.580149][T16462] RIP: 0033:0x7fede678e929 [ 768.580161][T16462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 768.580175][T16462] RSP: 002b:00007fede7607038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 768.580190][T16462] RAX: ffffffffffffffda RBX: 00007fede69b6080 RCX: 00007fede678e929 [ 768.580200][T16462] RDX: 0000000000008880 RSI: 0000200000001e00 RDI: 0000000000000005 [ 768.580209][T16462] RBP: 00007fede6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 768.580218][T16462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 768.580226][T16462] R13: 0000000000000000 R14: 00007fede69b6080 R15: 00007fff860b8f28 [ 768.580245][T16462] [ 769.655769][T16480] ERROR: Out of memory at tomoyo_memory_ok. [ 769.663648][T16478] ERROR: Out of memory at tomoyo_memory_ok. [ 770.872753][T16462] nbd: failed to add new device [ 771.354713][T16494] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2765'. [ 771.366988][T16497] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2766'. [ 775.857134][T16555] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2778'. [ 776.205750][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 776.270359][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 777.287962][T16583] ERROR: Out of memory at tomoyo_memory_ok. [ 777.806690][T16593] ERROR: Out of memory at tomoyo_memory_ok. [ 777.834090][T16595] ERROR: Out of memory at tomoyo_memory_ok. [ 777.855834][T16592] ERROR: Out of memory at tomoyo_memory_ok. [ 779.107349][T16617] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2793'. [ 779.561628][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 781.440329][T16658] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2801'. [ 781.653018][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 781.842123][T16666] block nbd7: not configured, cannot reconfigure [ 782.390661][T16679] .SR: entered promiscuous mode [ 782.472507][T16679] Invalid ELF header magic: != ELF [ 783.704418][T14719] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 783.713144][T16679] could not allocate digest TFM handle [ 783.724833][T14719] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 783.733432][T14719] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 783.745483][T14719] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 783.754059][T14719] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 783.788204][T16681] could not allocate digest TFM handle [ 784.584146][T16696] chnl_net:caif_netlink_parms(): no params data found [ 785.153323][T16696] bridge0: port 1(bridge_slave_0) entered blocking state [ 785.198739][T16696] bridge0: port 1(bridge_slave_0) entered disabled state [ 785.206045][T16696] bridge_slave_0: entered allmulticast mode [ 785.231305][T16712] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2810'. [ 785.253648][T16696] bridge_slave_0: entered promiscuous mode [ 785.291529][T16696] bridge0: port 2(bridge_slave_1) entered blocking state [ 785.333106][T16696] bridge0: port 2(bridge_slave_1) entered disabled state [ 785.364579][T16696] bridge_slave_1: entered allmulticast mode [ 785.400167][T16696] bridge_slave_1: entered promiscuous mode [ 785.413289][T16720] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 785.585887][T16720] CIFS mount error: No usable UNC path provided in device string! [ 785.585887][T16720] [ 785.602764][T16696] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 785.627628][T16720] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 785.659918][T16696] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 785.782009][T16696] team0: Port device team_slave_0 added [ 785.818637][T16696] team0: Port device team_slave_1 added [ 785.849102][T14729] Bluetooth: hci5: command tx timeout [ 785.911443][T16696] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 785.923871][T16696] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 785.981845][T16696] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 786.030942][T16696] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 786.052281][T16696] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 786.137571][T16696] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 786.293036][T16696] hsr_slave_0: entered promiscuous mode [ 786.332839][T16696] hsr_slave_1: entered promiscuous mode [ 786.373599][T16696] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 786.403550][T16696] Cannot create hsr debugfs directory [ 787.313365][T16696] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 787.429640][T16696] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 787.477259][T16696] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 787.536326][T16696] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 787.833563][T16696] 8021q: adding VLAN 0 to HW filter on device bond0 [ 787.916050][T16696] 8021q: adding VLAN 0 to HW filter on device team0 [ 787.933767][T14729] Bluetooth: hci5: command tx timeout [ 787.962190][T15227] bridge0: port 1(bridge_slave_0) entered blocking state [ 787.969306][T15227] bridge0: port 1(bridge_slave_0) entered forwarding state [ 788.027232][T15227] bridge0: port 2(bridge_slave_1) entered blocking state [ 788.034381][T15227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 788.172112][T16696] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 788.758997][T16696] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 789.519829][T16696] veth0_vlan: entered promiscuous mode [ 789.561630][T16696] veth1_vlan: entered promiscuous mode [ 789.644025][T16696] veth0_macvtap: entered promiscuous mode [ 789.675670][T16696] veth1_macvtap: entered promiscuous mode [ 789.765526][T16696] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 789.818021][T16696] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 789.867730][T16696] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 789.911098][T16696] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 789.949539][T16696] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 790.003038][T16696] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 790.021321][T14729] Bluetooth: hci5: command tx timeout [ 790.375889][T16342] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 790.422357][T16342] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 790.568956][T14738] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 790.607140][T14738] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 791.182643][T16826] ERROR: Out of memory at tomoyo_memory_ok. [ 791.304490][T16826] FAULT_INJECTION: forcing a failure. [ 791.304490][T16826] name failslab, interval 1, probability 0, space 0, times 0 [ 791.364306][T16826] CPU: 0 UID: 0 PID: 16826 Comm: syz.5.2808 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 791.364334][T16826] Tainted: [U]=USER [ 791.364339][T16826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 791.364348][T16826] Call Trace: [ 791.364353][T16826] [ 791.364359][T16826] dump_stack_lvl+0x16c/0x1f0 [ 791.364387][T16826] should_fail_ex+0x512/0x640 [ 791.364423][T16826] ? __kvmalloc_node_noprof+0x124/0x620 [ 791.364446][T16826] should_failslab+0xc2/0x120 [ 791.364460][T16826] __kvmalloc_node_noprof+0x137/0x620 [ 791.364481][T16826] ? lockdep_init_map_type+0x5c/0x280 [ 791.364499][T16826] ? alloc_netdev_mqs+0xcf8/0x1570 [ 791.364517][T16826] ? alloc_netdev_mqs+0xcf8/0x1570 [ 791.364529][T16826] alloc_netdev_mqs+0xcf8/0x1570 [ 791.364546][T16826] internal_dev_create+0x8a/0x520 [ 791.364563][T16826] ovs_vport_add+0x147/0x4d0 [ 791.364579][T16826] new_vport+0x16/0x1d0 [ 791.364597][T16826] ovs_dp_cmd_new+0x6ba/0xe60 [ 791.364622][T16826] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 791.364645][T16826] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 791.364664][T16826] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 791.364687][T16826] genl_family_rcv_msg_doit+0x206/0x2f0 [ 791.364713][T16826] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 791.364731][T16826] ? trace_cap_capable+0x18d/0x200 [ 791.364751][T16826] ? bpf_lsm_capable+0x9/0x10 [ 791.364769][T16826] ? security_capable+0x7e/0x260 [ 791.364783][T16826] ? ns_capable+0xd7/0x110 [ 791.364799][T16826] genl_rcv_msg+0x55c/0x800 [ 791.364818][T16826] ? __pfx_genl_rcv_msg+0x10/0x10 [ 791.364836][T16826] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 791.364865][T16826] netlink_rcv_skb+0x155/0x420 [ 791.364883][T16826] ? __pfx_genl_rcv_msg+0x10/0x10 [ 791.364901][T16826] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 791.364925][T16826] ? netlink_deliver_tap+0x1ae/0xd30 [ 791.364947][T16826] genl_rcv+0x28/0x40 [ 791.364962][T16826] netlink_unicast+0x53d/0x7f0 [ 791.364979][T16826] ? __pfx_netlink_unicast+0x10/0x10 [ 791.365003][T16826] netlink_sendmsg+0x8d1/0xdd0 [ 791.365021][T16826] ? __pfx_netlink_sendmsg+0x10/0x10 [ 791.365044][T16826] ____sys_sendmsg+0xa98/0xc70 [ 791.365061][T16826] ? copy_msghdr_from_user+0x10a/0x160 [ 791.365081][T16826] ? __pfx_____sys_sendmsg+0x10/0x10 [ 791.365106][T16826] ___sys_sendmsg+0x134/0x1d0 [ 791.365128][T16826] ? __pfx____sys_sendmsg+0x10/0x10 [ 791.365147][T16826] ? __lock_acquire+0x622/0x1c90 [ 791.365191][T16826] __sys_sendmsg+0x16d/0x220 [ 791.365214][T16826] ? __pfx___sys_sendmsg+0x10/0x10 [ 791.365233][T16826] ? _raw_spin_unlock_irq+0x23/0x50 [ 791.365252][T16826] ? lockdep_hardirqs_on+0x7c/0x110 [ 791.365285][T16826] do_syscall_64+0xcd/0x490 [ 791.365299][T16826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 791.365316][T16826] RIP: 0033:0x7f612978e929 [ 791.365328][T16826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 791.365345][T16826] RSP: 002b:00007f612a690038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 791.365359][T16826] RAX: ffffffffffffffda RBX: 00007f61299b5fa0 RCX: 00007f612978e929 [ 791.365369][T16826] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 000000000000000b [ 791.365378][T16826] RBP: 00007f6129810b39 R08: 0000000000000000 R09: 0000000000000000 [ 791.365387][T16826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 791.365395][T16826] R13: 0000000000000000 R14: 00007f61299b5fa0 R15: 00007ffc420f1228 [ 791.365419][T16826] [ 792.152169][T14729] Bluetooth: hci5: command tx timeout [ 792.335396][T16844] : Can't lookup blockdev [ 795.530370][T16899] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2846'. [ 795.559617][T16900] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2847'. [ 795.596065][T16896] can: request_module (can-proto-0) failed. [ 797.548536][T16942] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2853'. [ 797.651179][T16947] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2853'. [ 798.338502][T16962] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2856'. [ 798.408819][T16964] netlink: 25 bytes leftover after parsing attributes in process `syz.5.2856'. [ 799.302275][T16978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2861'. [ 799.637533][T16984] can: request_module (can-proto-3) failed. [ 799.806952][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 800.712987][T17009] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 800.824148][T17005] Invalid ELF header magic: != ELF [ 801.221813][T17009] ERROR: Out of memory at tomoyo_memory_ok. [ 801.337774][T17021] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2866'. [ 801.438322][T17023] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2866'. [ 801.862061][T17033] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2869'. [ 802.856163][T17050] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2872'. [ 803.298688][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 804.973090][T17093] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2879'. [ 805.182657][ T30] audit: type=1800 audit(4295005942.645:25): pid=17100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2881" name="lu_gp_id" dev="configfs" ino=88399 res=0 errno=0 [ 805.226080][T17100] ALUA LU Group already has a valid ID, ignoring request [ 806.041185][T17118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2886'. [ 806.490599][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 806.953259][T17140] Invalid ELF header magic: != ELF [ 807.221025][T17146] ptrace attach of "./syz-executor exec"[5842] was attempted by "./syz-executor exec"[17146] [ 807.884661][T17164] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2892'. [ 808.579536][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.587409][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.238567][T17192] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2898'. [ 809.677030][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 810.568958][T17224] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2904'. [ 810.627342][T17227] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2905'. [ 811.040026][T17238] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2906'. [ 811.089796][T17238] netlink: 25 bytes leftover after parsing attributes in process `syz.5.2906'. [ 811.344832][T17242] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2908'. [ 811.654236][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 812.669848][T17266] Invalid ELF header magic: != ELF [ 813.159141][T17270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2912'. [ 813.655045][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 813.730753][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 813.875024][T17290] CIFS mount error: No usable UNC path provided in device string! [ 813.875024][T17290] [ 813.912364][T17290] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 815.020672][T17314] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2920'. [ 815.458859][T17322] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2923'. [ 815.879914][T13615] udevd[13615]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 817.735269][T17374] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2930'. [ 817.814001][T17374] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2930'. [ 818.175732][ T31] INFO: task kworker/u10:2:14724 blocked for more than 143 seconds. [ 818.185420][ T31] Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 818.226612][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 818.287337][ T31] task:kworker/u10:2 state:D stack:27784 pid:14724 tgid:14724 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 818.360566][ T31] Workqueue: netns cleanup_net [ 818.397767][ T31] Call Trace: [ 818.401071][ T31] [ 818.403996][ T31] __schedule+0x116a/0x5de0 [ 818.463887][ T31] ? __lock_acquire+0x622/0x1c90 [ 818.489177][ T31] ? __pfx___schedule+0x10/0x10 [ 818.494066][ T31] ? find_held_lock+0x2b/0x80 [ 818.542145][ T31] ? schedule+0x2d7/0x3a0 [ 818.556704][ T31] schedule+0xe7/0x3a0 [ 818.576902][ T31] schedule_timeout+0x257/0x290 [ 818.597193][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 818.626286][ T31] ? mark_held_locks+0x49/0x80 [ 818.631076][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 818.666781][ T31] __wait_for_common+0x2ff/0x4e0 [ 818.693167][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 818.721363][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 818.747786][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 818.774437][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 818.800590][ T31] __flush_workqueue+0x3e2/0x1230 [ 818.813158][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 818.847516][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 818.867725][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 818.884366][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 818.904354][ T31] rds_tcp_listen_stop+0x104/0x150 [ 818.920459][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 818.939966][ T31] rds_tcp_exit_net+0xcb/0x810 [ 818.961936][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 818.971547][ T31] ? __pfx___might_resched+0x10/0x10 [ 818.984363][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 818.989758][ T31] ops_undo_list+0x2ee/0xab0 [ 819.004803][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 819.009926][ T31] ? __local_bh_enable_ip+0xa4/0x120 [ 819.034431][ T31] cleanup_net+0x408/0x890 [ 819.038921][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 819.049018][ T31] ? rcu_is_watching+0x12/0xc0 [ 819.063992][ T31] process_one_work+0x9cc/0x1b70 [ 819.075450][ T31] ? __pfx_process_one_work+0x10/0x10 [ 819.084520][ T31] ? assign_work+0x1a0/0x250 [ 819.089119][ T31] worker_thread+0x6c8/0xf10 [ 819.104087][ T31] ? __kthread_parkme+0x19e/0x250 [ 819.114205][ T31] ? __pfx_worker_thread+0x10/0x10 [ 819.124489][ T31] kthread+0x3c5/0x780 [ 819.128591][ T31] ? __pfx_kthread+0x10/0x10 [ 819.133186][ T31] ? rcu_is_watching+0x12/0xc0 [ 819.157013][ T31] ? __pfx_kthread+0x10/0x10 [ 819.164523][ T31] ret_from_fork+0x5d7/0x6f0 [ 819.174549][ T31] ? __pfx_kthread+0x10/0x10 [ 819.179158][ T31] ret_from_fork_asm+0x1a/0x30 [ 819.196192][ T31] [ 819.204708][ T31] [ 819.204708][ T31] Showing all locks held in the system: [ 819.254539][ T31] 1 lock held by khungtaskd/31: [ 819.267171][ T31] #0: ffffffff8e5c4700 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 819.361337][ T31] 2 locks held by sshd-session/5823: [ 819.404467][ T31] #0: ffff8880b843bdd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 819.474677][ T31] #1: ffff88802b48c018 (&pid_list->lock){-.-.}-{2:2}, at: trace_pid_list_is_set+0x4c/0x150 [ 819.535693][ T31] 1 lock held by syz-executor/5832: [ 819.540901][ T31] 1 lock held by syz-executor/5842: [ 819.584785][ T31] #0: ffffffff8e5cfcf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 819.624396][ T31] 2 locks held by getty/11277: [ 819.629169][ T31] #0: ffff888031bf70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 819.678391][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 819.734399][ T31] 3 locks held by kworker/u10:2/14724: [ 819.739875][ T31] #0: ffff88801c6fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 819.814468][ T31] #1: ffffc900102efd10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 819.854660][ T31] #2: ffffffff90338890 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 [ 819.914414][ T31] 2 locks held by kworker/u10:4/14738: [ 819.919894][ T31] #0: ffff88801ff93948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 819.963778][ T31] #1: ffffc90003fbfd10 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 820.004543][ T31] 1 lock held by syz.1.2452/14902: [ 820.009667][ T31] #0: ffffffff90338890 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 820.054405][ T31] 2 locks held by kworker/u10:7/16342: [ 820.059876][ T31] #0: ffff88801ff93948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 820.103576][ T31] #1: ffffc9000c327d10 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 820.134461][ T31] 1 lock held by syz.4.2756/16453: [ 820.139580][ T31] #0: ffffffff90338890 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 820.164487][ T31] 1 lock held by syz-executor/16696: [ 820.170378][ T31] #0: ffffffff8e5cfcf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0 [ 820.194553][ T31] 1 lock held by dhcpcd/17385: [ 820.199319][ T31] #0: ffff88807b3ee258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 [ 820.290925][ T31] [ 820.315590][ T31] ============================================= [ 820.315590][ T31] [ 820.324024][ T31] NMI backtrace for cpu 0 [ 820.324039][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 820.324059][ T31] Tainted: [U]=USER [ 820.324064][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 820.324072][ T31] Call Trace: [ 820.324077][ T31] [ 820.324082][ T31] dump_stack_lvl+0x116/0x1f0 [ 820.324108][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 820.324124][ T31] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 820.324148][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 820.324166][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 820.324188][ T31] watchdog+0xf70/0x12c0 [ 820.324211][ T31] ? __pfx_watchdog+0x10/0x10 [ 820.324229][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 820.324250][ T31] ? __kthread_parkme+0x19e/0x250 [ 820.324268][ T31] ? __pfx_watchdog+0x10/0x10 [ 820.324286][ T31] kthread+0x3c5/0x780 [ 820.324304][ T31] ? __pfx_kthread+0x10/0x10 [ 820.324332][ T31] ? rcu_is_watching+0x12/0xc0 [ 820.324347][ T31] ? __pfx_kthread+0x10/0x10 [ 820.324365][ T31] ret_from_fork+0x5d7/0x6f0 [ 820.324382][ T31] ? __pfx_kthread+0x10/0x10 [ 820.324400][ T31] ret_from_fork_asm+0x1a/0x30 [ 820.324422][ T31] [ 820.690923][T13961] ------------[ cut here ]------------ [ 820.696608][T13961] ODEBUG: free active (active state 0) object: ffff888076c312d8 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 [ 820.810262][T13961] WARNING: CPU: 0 PID: 13961 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 [ 820.820975][T13961] Modules linked in: [ 820.825227][T13961] CPU: 0 UID: 0 PID: 13961 Comm: syz.0.2266 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 820.839085][T13961] Tainted: [U]=USER [ 820.842872][T13961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 820.853122][T13961] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 820.859111][T13961] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd c0 74 15 8c 4c 89 e6 48 c7 c7 40 69 15 8c e8 2f 8a 9c fc 90 <0f> 0b 90 90 58 83 05 46 4c ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 820.878957][T13961] RSP: 0018:ffffc90003d1f768 EFLAGS: 00010286 [ 820.885323][T13961] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8 [ 820.893281][T13961] RDX: ffff88802c221e00 RSI: ffffffff817aa1b5 RDI: 0000000000000001 [ 820.901915][T13961] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 820.910311][T13961] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c156fe0 [ 820.918660][T13961] R13: ffffffff8bafe740 R14: ffffffff8a879fa0 R15: ffffc90003d1f868 [ 820.926798][T13961] FS: 0000000000000000(0000) GS:ffff888124761000(0000) knlGS:0000000000000000 [ 820.935950][T13961] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 820.942521][T13961] CR2: 000055cfffdee5a0 CR3: 0000000033aea000 CR4: 00000000003526f0 [ 820.950501][T13961] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 820.958481][T13961] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 820.966465][T13961] Call Trace: [ 820.969729][T13961] [ 820.972644][T13961] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 820.978538][T13961] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 820.984368][T13961] debug_check_no_obj_freed+0x4b7/0x600 [ 820.990186][T13961] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 820.996538][T13961] ? rcu_is_watching+0x12/0xc0 [ 821.001488][T13961] ? kmem_cache_free+0x2d1/0x4d0 [ 821.006556][T13961] kfree+0x28f/0x4d0 [ 821.010692][T13961] ? hci_release_dev+0x4d8/0x600 [ 821.015841][T13961] hci_release_dev+0x4d8/0x600 [ 821.020601][T13961] ? __pfx_hci_release_dev+0x10/0x10 [ 821.026064][T13961] ? rcu_is_watching+0x12/0xc0 [ 821.030821][T13961] ? kfree+0x24f/0x4d0 [ 821.035021][T13961] bt_host_release+0x6a/0xb0 [ 821.039598][T13961] ? __pfx_bt_host_release+0x10/0x10 [ 821.044893][T13961] device_release+0xa1/0x240 [ 821.049475][T13961] kobject_put+0x1e7/0x5a0 [ 821.053877][T13961] ? __pfx_vhci_release+0x10/0x10 [ 821.059562][T13961] put_device+0x1f/0x30 [ 821.063713][T13961] vhci_release+0x81/0xf0 [ 821.068076][T13961] __fput+0x3ff/0xb70 [ 821.072050][T13961] task_work_run+0x14d/0x240 [ 821.076668][T13961] ? __pfx_task_work_run+0x10/0x10 [ 821.081781][T13961] do_exit+0x864/0x2bd0 [ 821.085956][T13961] ? __pfx_do_exit+0x10/0x10 [ 821.090797][T13961] ? cgroup_update_frozen_flag+0x107/0x210 [ 821.096849][T13961] ? find_held_lock+0x2b/0x80 [ 821.101533][T13961] do_group_exit+0xd3/0x2a0 [ 821.106240][T13961] get_signal+0x2673/0x26d0 [ 821.110830][T13961] ? hrtimer_nanosleep+0x187/0x380 [ 821.116345][T13961] ? __pfx_get_signal+0x10/0x10 [ 821.121196][T13961] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 821.126755][T13961] arch_do_signal_or_restart+0x8f/0x790 [ 821.132297][T13961] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 821.139157][T13961] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 821.145360][T13961] exit_to_user_mode_loop+0x84/0x110 [ 821.150668][T13961] do_syscall_64+0x3f6/0x490 [ 821.155318][T13961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.161245][T13961] RIP: 0033:0x7fede67c11e5 [ 821.165714][T13961] Code: Unable to access opcode bytes at 0x7fede67c11bb. [ 821.172722][T13961] RSP: 002b:00007fede75c4f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 821.181178][T13961] RAX: fffffffffffffdfc RBX: 00007fede69b6240 RCX: 00007fede67c11e5 [ 821.189163][T13961] RDX: 00007fede75c4fc0 RSI: 0000000000000000 RDI: 0000000000000000 [ 821.197450][T13961] RBP: 00007fede6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 821.205793][T13961] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 821.213753][T13961] R13: 0000000000000000 R14: 00007fede69b6240 R15: 00007fff860b8f28 [ 821.222609][T13961] [ 821.225649][T13961] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 821.232914][T13961] CPU: 0 UID: 0 PID: 13961 Comm: syz.0.2266 Tainted: G U 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) [ 821.246523][T13961] Tainted: [U]=USER [ 821.250311][T13961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 821.260363][T13961] Call Trace: [ 821.263626][T13961] [ 821.266545][T13961] dump_stack_lvl+0x3d/0x1f0 [ 821.271131][T13961] panic+0x71c/0x800 [ 821.275018][T13961] ? __pfx_panic+0x10/0x10 [ 821.279432][T13961] ? show_trace_log_lvl+0x29b/0x3e0 [ 821.284711][T13961] ? check_panic_on_warn+0x1f/0xb0 [ 821.289808][T13961] ? debug_print_object+0x1a2/0x2b0 [ 821.294990][T13961] check_panic_on_warn+0xab/0xb0 [ 821.299916][T13961] __warn+0xf6/0x3c0 [ 821.303801][T13961] ? debug_print_object+0x1a2/0x2b0 [ 821.308982][T13961] report_bug+0x3c3/0x580 [ 821.313299][T13961] ? debug_print_object+0x1a2/0x2b0 [ 821.318482][T13961] handle_bug+0x184/0x210 [ 821.322794][T13961] exc_invalid_op+0x17/0x50 [ 821.327282][T13961] asm_exc_invalid_op+0x1a/0x20 [ 821.332114][T13961] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 821.337904][T13961] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd c0 74 15 8c 4c 89 e6 48 c7 c7 40 69 15 8c e8 2f 8a 9c fc 90 <0f> 0b 90 90 58 83 05 46 4c ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 821.357496][T13961] RSP: 0018:ffffc90003d1f768 EFLAGS: 00010286 [ 821.363546][T13961] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8 [ 821.371498][T13961] RDX: ffff88802c221e00 RSI: ffffffff817aa1b5 RDI: 0000000000000001 [ 821.379452][T13961] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 821.387404][T13961] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c156fe0 [ 821.395360][T13961] R13: ffffffff8bafe740 R14: ffffffff8a879fa0 R15: ffffc90003d1f868 [ 821.403313][T13961] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 821.408770][T13961] ? __warn_printk+0x198/0x350 [ 821.413528][T13961] ? __warn_printk+0x1a5/0x350 [ 821.418281][T13961] ? debug_print_object+0x1a1/0x2b0 [ 821.423463][T13961] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 821.428914][T13961] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 821.434709][T13961] debug_check_no_obj_freed+0x4b7/0x600 [ 821.440245][T13961] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 821.446294][T13961] ? rcu_is_watching+0x12/0xc0 [ 821.451048][T13961] ? kmem_cache_free+0x2d1/0x4d0 [ 821.455975][T13961] kfree+0x28f/0x4d0 [ 821.459854][T13961] ? hci_release_dev+0x4d8/0x600 [ 821.464784][T13961] hci_release_dev+0x4d8/0x600 [ 821.469537][T13961] ? __pfx_hci_release_dev+0x10/0x10 [ 821.474809][T13961] ? rcu_is_watching+0x12/0xc0 [ 821.479554][T13961] ? kfree+0x24f/0x4d0 [ 821.483612][T13961] bt_host_release+0x6a/0xb0 [ 821.488183][T13961] ? __pfx_bt_host_release+0x10/0x10 [ 821.493451][T13961] device_release+0xa1/0x240 [ 821.498029][T13961] kobject_put+0x1e7/0x5a0 [ 821.502430][T13961] ? __pfx_vhci_release+0x10/0x10 [ 821.507442][T13961] put_device+0x1f/0x30 [ 821.511582][T13961] vhci_release+0x81/0xf0 [ 821.515900][T13961] __fput+0x3ff/0xb70 [ 821.519871][T13961] task_work_run+0x14d/0x240 [ 821.524451][T13961] ? __pfx_task_work_run+0x10/0x10 [ 821.529553][T13961] do_exit+0x864/0x2bd0 [ 821.533698][T13961] ? __pfx_do_exit+0x10/0x10 [ 821.538269][T13961] ? cgroup_update_frozen_flag+0x107/0x210 [ 821.544068][T13961] ? find_held_lock+0x2b/0x80 [ 821.548729][T13961] do_group_exit+0xd3/0x2a0 [ 821.553219][T13961] get_signal+0x2673/0x26d0 [ 821.557712][T13961] ? hrtimer_nanosleep+0x187/0x380 [ 821.562812][T13961] ? __pfx_get_signal+0x10/0x10 [ 821.567649][T13961] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 821.572842][T13961] arch_do_signal_or_restart+0x8f/0x790 [ 821.578388][T13961] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 821.584545][T13961] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 821.590703][T13961] exit_to_user_mode_loop+0x84/0x110 [ 821.595998][T13961] do_syscall_64+0x3f6/0x490 [ 821.600580][T13961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.606457][T13961] RIP: 0033:0x7fede67c11e5 [ 821.610855][T13961] Code: Unable to access opcode bytes at 0x7fede67c11bb. [ 821.617856][T13961] RSP: 002b:00007fede75c4f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 821.626256][T13961] RAX: fffffffffffffdfc RBX: 00007fede69b6240 RCX: 00007fede67c11e5 [ 821.634220][T13961] RDX: 00007fede75c4fc0 RSI: 0000000000000000 RDI: 0000000000000000 [ 821.642178][T13961] RBP: 00007fede6810b39 R08: 0000000000000000 R09: 0000000000000000 [ 821.650137][T13961] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 821.658092][T13961] R13: 0000000000000000 R14: 00007fede69b6240 R15: 00007fff860b8f28 [ 821.666057][T13961] [ 821.669110][T13961] Kernel Offset: disabled [ 821.673419][T13961] Rebooting in 86400 seconds..