last executing test programs: 14m28.086997179s ago: executing program 2 (id=3): mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000) (async) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) (async) ioctl$auto(0x3, 0x400454ca, 0x38) (async) process_vm_readv$auto(0x0, 0x0, 0x800000001, 0x0, 0x4, 0xfffffffffffffffc) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff) (async) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="bd000000f20e50eb8810842cb8cb3b59f26f83410c28aff66f6aefe37d998e3051e48812303bcfb1a6e23aec8e2d90d385fe9f86417094ae5d7aacb35ad57ebc23cfb01a49a8c3071809737e96ea5d803072d7cec66a32da934000af51b7", @ANYBLOB="010028bd70"], 0x24}, 0x1, 0x0, 0x0, 0x8091}, 0x40014) unshare$auto(0x40000080) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) (async) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0xf04d, 0xacc, 0x0, 0xb9a, 0x20000000000002, 0x3, 0x95f4da0a, 0x7, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d42, 0x5, 0x82, 0xfffffffffffffffe]}, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x1e) (async) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x80, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0) (async) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) (async) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r3, 0x5522, 0xf15) (async) ioctl$auto(r2, 0x4, 0xffffffffffffffff) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0x0, 0x0) writev$auto(0x3, 0x0, 0x8) (async) socket(0xa, 0x5, 0x94) 14m12.657243806s ago: executing program 32 (id=3): mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000) (async) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) (async) ioctl$auto(0x3, 0x400454ca, 0x38) (async) process_vm_readv$auto(0x0, 0x0, 0x800000001, 0x0, 0x4, 0xfffffffffffffffc) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff) (async) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="bd000000f20e50eb8810842cb8cb3b59f26f83410c28aff66f6aefe37d998e3051e48812303bcfb1a6e23aec8e2d90d385fe9f86417094ae5d7aacb35ad57ebc23cfb01a49a8c3071809737e96ea5d803072d7cec66a32da934000af51b7", @ANYBLOB="010028bd70"], 0x24}, 0x1, 0x0, 0x0, 0x8091}, 0x40014) unshare$auto(0x40000080) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) (async) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0xf04d, 0xacc, 0x0, 0xb9a, 0x20000000000002, 0x3, 0x95f4da0a, 0x7, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d42, 0x5, 0x82, 0xfffffffffffffffe]}, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x1e) (async) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x80, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0) (async) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) (async) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r3, 0x5522, 0xf15) (async) ioctl$auto(r2, 0x4, 0xffffffffffffffff) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0x0, 0x0) writev$auto(0x3, 0x0, 0x8) (async) socket(0xa, 0x5, 0x94) 7.35420775s ago: executing program 3 (id=2969): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) socketpair$auto(0x11e, 0x1, 0x8000000000000000, 0x0) ioctl$auto_CEC_ADAP_G_LOG_ADDRS(0xffffffffffffffff, 0x805c6103, &(0x7f00000001c0)={"0900ed00", 0x1, 0x0, 0x6, 0x4, 0x6, "feaf587cdf4d2f534a1c88d3d71d04", "e6cf6552", "000200", "10a991b3", ["1ae8fc7996e08d5c6b51d880", "f46300", "0149f0a7102c3fffab592db0", "20000000ec4e894a8692998b"]}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0xb4081, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x2, 0x2020009, 0x3, 0xeb1, r0, 0x6) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0x2003f0, 0x15) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r1 = eventfd2$auto(0x6af0, 0x800) socket(0x1e, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r1, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x143001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80400001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0xb, 0x10000, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x65, 0x2000000000000007, 0x6, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x5]}, 0x0) openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x140080, 0x0) preadv$auto(0xffffffffffffffff, &(0x7f0000003340)={&(0x7f0000000080)="7c347859a299073a5407450cd9f714eae6908627cc4ef356d99f10331cd71bb0c002aa8133c258c7f507", 0x40}, 0x3, 0x5, 0x100000001) ioperm$auto(0x4, 0x6, 0x2) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101143, 0x0) 7.033070703s ago: executing program 4 (id=2970): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) socketpair$auto(0x11e, 0x1, 0x8000000000000000, 0x0) ioctl$auto_CEC_ADAP_G_LOG_ADDRS(0xffffffffffffffff, 0x805c6103, &(0x7f00000001c0)={"0900ed00", 0x1, 0x0, 0x6, 0x4, 0x6, "feaf587cdf4d2f534a1c88d3e40a00", "e6cf6552", "f34cae3a", "10a991b3", ["1ae8fc7996e08d5c6b51d880", '\x00', "0149f0a7102c3fffab592db0", "0059c09dca7de9bdbbc6be07"]}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x24000, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x2, 0x2020009, 0x3, 0xeb1, r0, 0x6) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0x2003f0, 0x15) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) r1 = eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r1, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80400001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1, 0x62, 0x81, 0x7, 0x6d3e, 0x10008000005, 0x2, 0x6]}, 0x0) openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(0xffffffffffffffff, &(0x7f0000003340)={&(0x7f0000000080)="7c347859a299073a5407450cd9f714eae6908627cc4ef356d99f10331cd71bb0c002aa8133c258c7f507", 0x40}, 0x3, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) 5.112909406s ago: executing program 3 (id=2973): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/bridge_slave_0/drop_unicast_in_l2_multicast\x00', 0x121202, 0x0) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x2020003, 0x5, 0xeb1, r0, 0x7ffd) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/netfilter/nf_log/3\x00', 0xa2202, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x40900, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x7, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/009/001\x00', 0x12405, 0x0) socket(0x28, 0x5, 0xfffffffe) io_uring_setup$auto(0x4, 0x0) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/enable\x00', 0x200400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x60c40, 0x0) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0x7, 0x4, 0x0) ioctl$auto_TCFLSH2(r1, 0x5408, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = epoll_create$auto(0x2) epoll_pwait2$auto(r2, 0x0, 0x8, &(0x7f0000002780)={0x10000000000, 0x5}, 0x0, 0x8) socket(0x2, 0x2, 0x8) socket(0x21, 0x80000, 0x0) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000240)={0xdc, 0xfd, 0x7, 0x1, 0x1, 0x400007fb, 0x0}) 4.739278558s ago: executing program 4 (id=2976): mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x28b42, 0x0) sendfile$auto(r0, r0, 0x0, 0x4f64a1d2) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/packets_per_slave\x00', 0x182b02, 0x0) read$auto(r1, 0x0, 0x1000001d) r2 = openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) write$auto(r2, 0x0, 0x5) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x28b42, 0x0) (async) sendfile$auto(r0, r0, 0x0, 0x4f64a1d2) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/packets_per_slave\x00', 0x182b02, 0x0) (async) read$auto(r1, 0x0, 0x1000001d) (async) openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) (async) write$auto(r2, 0x0, 0x5) (async) 4.417972081s ago: executing program 4 (id=2978): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/inhibited\x00', 0x20b42, 0x0) sendfile$auto(r0, r0, 0x0, 0x4f64a1d2) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x81, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/batadv_slave_1/addr_gen_mode\x00', 0xd97f760c479a8c8c, 0x0) r2 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) mmap$auto(0x0, 0x5, 0x4000000000e2, 0xeb1, 0x401, 0x8000) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) ioctl$auto(r3, 0xc0045401, r3) write$auto(r2, &(0x7f0000000700)='!dev_\x00\x00\x00\x00\x00', 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) setitimer$auto(0x2, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) r4 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r4, 0x107, 0xf, 0x0, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)='S', 0x7}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x4, 0x100) pread64$auto(r1, 0x0, 0x3, 0x3) 4.24961793s ago: executing program 0 (id=2979): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) (async) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) open_tree$auto(0xffffffffffffff9c, &(0x7f0000001100)='./cgroup\x00', 0x0) ioctl$auto_NVRAM_SETCKS(r0, 0x7041, 0x0) 4.197081366s ago: executing program 1 (id=2980): keyctl$auto(0x1d, 0x0, 0x6, 0x0, 0x3ff) read$auto(0xffffffffffffffff, 0x0, 0xb4d3) mmap$auto(0x0, 0x20009, 0x4000008000df, 0x12, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x40002, 0x0) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe03, &(0x7f0000000440)="553e5d8b5dcec4d78704fc2ea220e159c6f7644989ee45025915b35c867be5846b640473218646deda53fb66b1aaec98607e72de92c0bac5ba1bc215a2604c099ecc509aea649e3556d173f32cae556c30fb8157c0ecc1995aa32a88a6490b3d503abe76a1aa972a24887d10e4ba0b065b0cc9ab6fb7b6081952fe95c346f909e11d1a7ff051f517d9715af7c4619f9e3dd00f6b1678302319720e0090e009a4f5b20f79606f23f979967a3c5fad39462174f5af14f3d307af576531587adba255e34009dca684cde3e284b0d3886a11c30168e161473174b7e633828235395cedb54f12e083fa92aacb8f1c9a0d8c6173ec8f81e12c76f1ffce3483d23a1faa8b590b765802024b41a981e9fa0436ac6c342ad68ff7a3e6fcbc7715d9c57f8fe29d3d9690f7ff5b0f8e67956ea5b1f9923285b43e7ea4fe002872be5be35de4ace8c5e9b5f971debf3c0dd6b7196ba94a612fb5") r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xf48, 0x4000002020009, 0x10002, 0x10, 0xffffffffffffffff, 0x8003) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) prctl$auto(0x16, 0x800000000000015, 0x0, 0x6, 0x2) ioctl$auto_PPPIOCGFLAGS(0xffffffffffffffff, 0x8004745a, &(0x7f00000000c0)=0x2000f4) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x5, 0x0) select$auto(0xa, 0x0, 0x0, 0x0, 0x0) write$auto(r2, &(0x7f0000000400)='/d\xbcv/aUdi\x001\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0x337, 0x9b72, 0x7, 0x28000) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) settimeofday$auto(&(0x7f0000000040)={0x2, 0x7fffffffffffffff}, &(0x7f0000000180)={0x4, 0x9}) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/i915/parameters/mitigations\x00', 0x80302, 0x0) write$auto(r4, &(0x7f0000000040)='!\x00', 0x63f) mmap$auto(0x0, 0x202000e, 0x80000000000003, 0x10, r1, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r3, 0x8000) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.13/usb35/ep_00/power/autosuspend_delay_ms\x00', 0x614c00, 0x0) read$auto(r5, 0x0, 0x20) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x22ec82, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x248300, 0x0) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x301802, 0x0) 4.0134305s ago: executing program 0 (id=2981): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = socketcall$auto(0x8000, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) write$auto(r2, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x2, 0x1, 0x0) ioctl$auto_TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f0000000080)=0x8) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xa, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x20000003, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) close_range$auto(0x2, 0x8, 0x0) 4.010305994s ago: executing program 3 (id=2982): r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x80000, 0x71, 0xe396d1b5784ef85}, 0x18) futimesat$auto(r0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x3, 0x4}) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000017c0)={0x24, r1, 0x13, 0x70bd2c, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x1b}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c0c1}, 0x48050) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, r2, 0x8000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto_IOC_PR_CLEAR(r4, 0x401070cd, &(0x7f0000000040)={0x40, 0x7}) ioctl$auto(r4, 0x301, 0x5) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/thermal/cooling_device1/cur_state\x00', 0x204b42, 0x0) sendfile$auto(r5, r5, 0x0, 0x4f64a1d5) socket$nl_generic(0x10, 0x3, 0x10) 3.586317133s ago: executing program 3 (id=2983): socket(0xa, 0x3, 0xff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) fchown$auto(r0, 0xe5a, 0x5) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getrandom$auto(0x0, 0x6000000, 0x3) setresuid$auto(0xee01, 0x1000, 0x607) write$auto(0x3, 0x0, 0xfdef) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) sysfs$auto(0x2, 0x10000000000002a, 0x0) socket(0x2, 0x6, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) syz_clone(0x40000000, 0x0, 0x25, 0x0, 0x0, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x3ff, &(0x7f0000000080)={@buf=&(0x7f00000000c0)="c9b7e526549a67a9fe257e202c6fd5a3094a85485dda3ca7e54d0966c0b72b3b42f559bfaf64bf36083cdf312fa8720e2cd7046f60fe31050824238330f48c", 0x2, 0x8000, 0x3000}, 0x4) ioctl$auto(0x3, 0xc0585605, 0x38) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = socket(0x15, 0x5, 0x0) getsockopt$auto(r1, 0x114, 0x2717, 0xfffffffffffffffc, 0x0) fanotify_init$auto(0x602, 0x1) fanotify_mark$auto(0x0, 0x451, 0x40, 0xffffffffffffffff, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) 3.465449046s ago: executing program 4 (id=2984): syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram8/dev\x00', 0x6a8800, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x800000000001, 0x0) write$auto(r0, &(0x7f00000005c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D_#\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc^:\xd1\xe3\xf1@\xc0\x93^:Mn#Oi\xaa[X\x93)\x8f\x03K\xe6\xa4\x11?\xf1\x02+\\\xf9\x8b\xe5l5\x11\x006c\x907E\xeb\x81\fB\xe3\xf8n\x8f\x94V\xbcB\x9cm\x9f\x15\x00Q\xf8\x8fFW#?\xd5Z~\xa51\x832\xbd|\x19\xda\x8e\xff\x17\r\x96\xa3\xcc+\xf4a\xffN\xd2_\xe5\\\xf8Lzc\xd4\xa0\x1f\x04_\xf1\xc6\fO\xbe?)Q\xc7\\B\xdb\xeaI\xde\xe9m\xf5\xf9\x19\xd3@IK\xe3c\x0ek\x8drZ\xad\xdc\xbb\xfc\xd4\x1f\xdaOW\x87\xb6Fm\x12\xadw(z\\j\xcc0P\xaeC\x9f\xbf\xd5\xf9\xe3\x85~cG\f\x85\xd6\x84ma\xfd\xdayNj\x80\xdd3^\x87,\x14\x8e\xbe$\x05\x8a\xb0 M\xf6$B TCs\xa9\x91dil[\xfc\a\xbfD\xd9\x8d(F\x1e\f\xec\xe9K|h\xf5\xcaUI\x18#\xbed\xa8C\x8a\xbb\fE\xe6\xa3|\xf7\xa8\xbb\xd3\x97l.V/uc\xb5Q\x1eY\xe0\x03\xa1\xc1\xc8\xe2=RK\x7fWV;\xe4\xccTsf\xa7[\xdd\x9cR\xab\xf81s\xbc\x9c\xaaSGH\x9al\xb9%u\v\xb4\x9d\x95\x16\x01\xbbT\x99S\xf8A\xcd\bRC\xf4\xb0\x1a%\xdd+1\x81\x9d6\x90\xe8\xc6\xc1\x1e\xf0~\xaf\x10g&\xd6\x01l::V\xdbJiVW\xab4G\x97\x9cl', 0x100000a3d9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x40146f2c, 0x0) io_uring_setup$auto(0x1fe, 0x0) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x403c6f2b, 0x0) r4 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/nbd0/hctx0/sched_tags\x00', 0x60100, 0x0) read$auto(r4, &(0x7f0000000040)='\x00', 0x3) mmap$auto(0x0, 0x400008, 0x7d3, 0x9b72, 0xffffffffffffffff, 0x5cd) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rxrpc/peers\x00', 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.977673545s ago: executing program 1 (id=2985): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dri/card0\x00', 0x101003, 0x0) (async) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dri/card0\x00', 0x101003, 0x0) ioctl$auto(r0, 0x901064ae, 0x4) (async) ioctl$auto(r0, 0x901064ae, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x400c000) setsockopt$auto(r0, 0x91, 0x29, &(0x7f0000000000)='/dev/dri/card0\x00', 0x7) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101) 2.872689327s ago: executing program 0 (id=2986): socket(0x2, 0x801, 0x100) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) mmap$auto(0x0, 0x400008, 0xb23, 0x9b72, 0x2, 0x8000) clone3$auto(0x0, 0x10001) socket(0x25, 0x6, 0x1) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x800, 0x0) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x28, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x10, 0x0, 0x1, [@nested={0x6, 0x8, 0x0, 0x1, [@generic="1a32"]}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x24040071}, 0x800) fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(r0, 0x0, 0x400, 0x3) r3 = socket(0xa, 0x801, 0x106) setsockopt$auto(r3, 0x6, 0x21, 0x0, 0x10) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TCFLSH2(0xffffffffffffffff, 0x540b, 0xfffffffffffffffd) socket(0xf, 0x3, 0x2) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/filter\x00', 0x0, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x9, 0x800000000df, 0x9b72, 0xea8a, 0x8000) timer_create$auto(0x1, &(0x7f0000000100)={@sival_ptr=0x0, @inferred, 0x1, @_tid=0xffffffffffffffff}, 0x0) timer_gettime$auto(0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000001f, 0x2, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) fsopen$auto(0x0, 0x1) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket(0xa, 0x5, 0x6) 2.565756183s ago: executing program 1 (id=2987): syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram8/dev\x00', 0x6a8800, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x800000000001, 0x0) write$auto(r0, &(0x7f00000005c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D_#\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc^:\xd1\xe3\xf1@\xc0\x93^:Mn#Oi\xaa[X\x93)\x8f\x03K\xe6\xa4\x11?\xf1\x02+\\\xf9\x8b\xe5l5\x11\x006c\x907E\xeb\x81\fB\xe3\xf8n\x8f\x94V\xbcB\x9cm\x9f\x15\x00Q\xf8\x8fFW#?\xd5Z~\xa51\x832\xbd|\x19\xda\x8e\xff\x17\r\x96\xa3\xcc+\xf4a\xffN\xd2_\xe5\\\xf8Lzc\xd4\xa0\x1f\x04_\xf1\xc6\fO\xbe?)Q\xc7\\B\xdb\xeaI\xde\xe9m\xf5\xf9\x19\xd3@IK\xe3c\x0ek\x8drZ\xad\xdc\xbb\xfc\xd4\x1f\xdaOW\x87\xb6Fm\x12\xadw(z\\j\xcc0P\xaeC\x9f\xbf\xd5\xf9\xe3\x85~cG\f\x85\xd6\x84ma\xfd\xdayNj\x80\xdd3^\x87,\x14\x8e\xbe$\x05\x8a\xb0 M\xf6$B TCs\xa9\x91dil[\xfc\a\xbfD\xd9\x8d(F\x1e\f\xec\xe9K|h\xf5\xcaUI\x18#\xbed\xa8C\x8a\xbb\fE\xe6\xa3|\xf7\xa8\xbb\xd3\x97l.V/uc\xb5Q\x1eY\xe0\x03\xa1\xc1\xc8\xe2=RK\x7fWV;\xe4\xccTsf\xa7[\xdd\x9cR\xab\xf81s\xbc\x9c\xaaSGH\x9al\xb9%u\v\xb4\x9d\x95\x16\x01\xbbT\x99S\xf8A\xcd\bRC\xf4\xb0\x1a%\xdd+1\x81\x9d6\x90\xe8\xc6\xc1\x1e\xf0~\xaf\x10g&\xd6\x01l::V\xdbJiVW\xab4G\x97\x9cl', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40146f2c, 0x0) io_uring_setup$auto(0x1fe, 0x0) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x403c6f2b, 0x0) r3 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/nbd0/hctx0/sched_tags\x00', 0x60100, 0x0) read$auto(r3, &(0x7f0000000040)='\x00', 0x3) mmap$auto(0x0, 0x400008, 0x7d3, 0x9b72, 0xffffffffffffffff, 0x5cd) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rxrpc/peers\x00', 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.327891908s ago: executing program 3 (id=2988): modify_ldt$auto(0x2, &(0x7f0000000000)="1e2296dfe166b3c2dbff693e286f640da38af2d06db2e1cf4b1039638512811d0751bb216d82e0c24cd131fd1f1128e40e5084595b863c7cac5be5bddc2af72446f4e6e3f93af6a41d51a78e1f0cc8591f714c7d205742d665228b0a647810bcb3fc6a345e55e9afde8ee5aef33d1b1a58c93fc00389a92caae1500b918616065f36", 0x5) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x81, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r1 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/inject\x00', 0x2, 0x0) writev$auto(r1, &(0x7f0000000000)={&(0x7f0000000000), 0x4}, 0x2) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/batadv_slave_1/addr_gen_mode\x00', 0xd97f760c479a8c8c, 0x0) r3 = socket(0x2, 0x2, 0x88) setsockopt$auto(r3, 0x0, 0x20, 0x0, 0x15) pread64$auto(r2, 0x0, 0x8, 0x1000007fff) bpf$auto_BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001100)=@bpf_attr_0={0xde1, 0x6, 0x5c7, 0x8, 0x4, r2, 0x1, "bc9bd273e9818e00a7d211bd21d09cb2", 0x0, r3, 0x3, 0xc, 0x1, 0x7, r3, r0}, 0x0) r5 = geteuid() msgctl$auto_IPC_RMID(0x1, 0x0, &(0x7f0000000440)={{0x7, r5, 0xee01, 0x10001, 0xffff, 0x7, 0x2}, &(0x7f0000000340)=0x6, &(0x7f0000000380)=0x6, 0x3ff, 0xfffffffffffffffc, 0x2b, 0x200, 0x3, 0x47, 0x6, 0x7, @inferred=0xffffffffffffffff, @raw=0x8001}) r6 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/etherd/flush\x00', 0x1, 0x0) writev$auto(r6, &(0x7f0000000140)={&(0x7f0000002ac0), 0x1ff}, 0x4) r7 = setfsgid$auto(0xee00) fchown$auto(r6, 0xee00, r7) fsconfig$auto(0xffffffffffffffff, 0x6, &(0x7f0000000080)=',\xd6{/@){--\xd4\x00', &(0x7f0000000380)="ed866ad7625148e6fb7003dd923e63ba59443a3c4d8ec4985e3531c2dfb7145166453aa4e0ec035225fc27a72a14d2d8ab4954fa5e4258cd2bada8a685a08639a60b1acff51d6be788231f7c975aac4bfae7a4586644a5babedf816e9f4777e2b4d68236c6fe1b730575cdb7ffbde3b38743a6e8a92392fb684fdfa902490837c2dc4b134394b2898b0125b91bc355a794c94fdb63a0e450818598", r7) statx$auto(r4, &(0x7f00000011c0)='./file0\x00', 0x8, 0x2881, &(0x7f0000001200)={0xf4cb, 0x80, 0x1, 0x6, r5, r7, 0xff, 0x8, 0xfffffffffffffffd, 0x9, 0x331, 0x8, {0x0, 0x6}, {0x2, 0x40}, {0x21, 0x7}, {0x5, 0xce63}, 0x8, 0x7, 0x8001, 0xffff, 0x1, 0xcdb4, 0x9, 0x400, 0x64, 0x7ff, 0x4, 0x8, [0x2, 0x34, 0x0, 0xffffffffffffffff, 0x1, 0x6, 0x4, 0x1, 0x274]}) modify_ldt$auto(0x5, &(0x7f0000000100)="caf73d2ceeedc1510d48655cc93371b8ded1cb144d3a39185455f2d7259b83b86923d54621acf648e40fa5f36dfca5d83e0733c6b2a5cec853ebf0887b4d217c8488158810ec9b5f8e7ad4b875c8241c3d61e2e5777e29c1414737fd64cafab7ba055b019f9c2f3184d920ab0c11210b8fd8aa017df08db591028b088e5df2054af84cfcf5b312a2179e3348af2e8c9aa3aa03134dfb092cd69e7d70d13aa7eef8d10b2c9281476b6a9424ae7b83de818846e5ace9b744f5aa214c0519e0446ab017e4b01c0e02a19022c817774f4e8ef198693b38df64792185df0f8927dda295b2709abbf1acd7cea55b168e931f084d41d14abe51f98e26b4c9c6a101b9d2183cd15ed41de183567a23a782992b340a7dc02ed413b7d685c66ac751f962f4c2a23703007c53cf41c04b74a0518954b0d388874f2df7937daf7a8d341d2607a87eabb8beb97a74f796a5289a3ef282fed32ecb7f7e26b81155f415a5aac027faeabfa1a669754c2c9743b06ca285dcdf366295bd06226acadbbf007ffa029139a3b15d8078916c8cd8ce9d6502dd57e4bc000dbc89f70bf39463bf20f1509bc063b55086be4d2d6a90219b9267198955ac93e62bfbbf6fdacea1c7386e534c346a1631bd231bc9082c3f5357d502b1ed91da31824d0c21b3b906d768fca9a9142d1416961d9c41a319a92503700ad7dd8b568deb627fcbe496ff7b88da103f5f8f18376d4a5b5d0737707dc20c36182802ecafedbaccd5c172957b71c15a2ebeb3a96a0f251f485d9ccdcafdf383495d6444a41b79ddf20a612a3d295bb59f2e6872acd0768356614ad11bea228dae9098c06aedd2fb487c91d743a45051bd793c001cb940d0330177b1bd4916629ff8c5ff0ddce082c9a21e6f694bef5aee00b57d8342b34e077970ce2cfd24d240986c6963024f40e4577d6049ea877f61e0f94410fa57e98685c74cd887440d8efca2482cceaf808f75a18e86668d1ed48eb0ad33835b2d4449fa7aadd95979e324de6b93224ad9accb9434cdb14adb4da9398ecfe494f023c0e602b605f4964c5417406211a04a72e0218a7b5fab5e03a8e9b8e90f32cde96008447afe665c9886453b01eeb13f067e533d8a5d0676e7300db308bdf05c5df78a890dcabf4f4bc727efe149749f41cd3cac56f1db9619fbcefeff95c750ac986577b8d0496302e100b231fdca04a90a2b10731da3f5a6eb61f79587cf5652c2a03959dcd0855b3a3a6ad430701655fa6c3e03b7ac0b25422fc9ff8930afc38aee9210bad4440ac2893cccb13947ccb6f3fd034a232b7abe4325271d7cc3387bfda5fb88dd097d350ec5c38e2110fadb79ddf182486c0779bb44ee9643fcac26b952fa28eb6afe0bf1456a39a6c5f81f09faf9a7dbeab386d53cec0cb3b666849a3199cf8fa1bf09a9474a59dc9fe3b723a622a8568f56b00a68c7205fceb50201bd1de27934b3af3bd0e4e4cfa2a8b801d07ce952b291029d76f9250a7a4833bda7946060b864780a3e3555c9120f16fe61f10974696478dc3d86ffe6b6425a7761b0c7fbb274a5525cea621593354397e0ff93e089c291f9381f7b59270ce17ba8d27f54bc1ea9d710e54f54a417c4571baa1b37ff430fe4a57afa4fb873f2c7363cf63bf5688a86d4e4786722ba24b42bbc6b6f74737234350d43348fa916880fe725d8d2bc137fad12fa19c440c952414a4cd99a83ba352b7e045e5412718d372708e5e864cd78c920ce190d9fcb96229dea82da6bb48875881e88ad3e68ee36f81e7a1c8320ef393f3b4d970ee3e4e31c204ff082b94db941a2426224ab04fc2d67b5e58bf8f8373776a1ee4457908723aa014dc2635c6f533f1213eca232afa9d66235d6706e319843feb646dc688b58de3bad629d06da23c946edd2f618b567e59fc1be7cb93e4f264a589664e5f2c15b25ff5a5e5d3b6b1d30fff33d8712df65ef791008cdfa27d1bb60a55f1e0606d9f63cec2b5ddfced5abb19ca14e65e6696a82c66afec6efef999186b09e1e27178d54f13789866aabc914ba1f9b6cfc05ce725574256633d747de9ad426fc2d8b1b7ebd1d0a1435e1506b87e002ab1e1ad134d5bd240a5bee1bb44e7eb090efd3130b2a94967852507edc988d5ea6dd722f8d9cf4f15526c16554643266f1801b4af5dbc6451757bcfe85120c88e06cf92acd26917e114863b33c3e9e89f57e76d3bd5e473ce7cd7b734e15fda98baf0e150058b4a9c7a8f9040a33f59d2c5785c115bcabac5b3d4cfa643ae00d015be880fbb60be55133ff692aa4f69c3b5dbd75f571c8e4805faef4ff5b972102d53a8fd9ae962f41203bbfd8b8f50e04fb3117807cad7ec620314b03946307b26666915ab4f76a923597e7bbc89b02406e5ad3cffaa2a884c6d5a5dbecfe124fe523ca02f9439373e87f3efe5751009bffdd8f91044eac44e18dff54bf167cf97b81483928942ef06389866730dffbacc655191543b9639e04aba78fa716b4ec872ac97c95b1687af0ba7238014cb91b114de7a300d129fe985a510f6bed414e1758ed06085a74581170813f4f654dd22c4593ad875cbcfc16a7b8c5aecbd6b0fe645f388bd7105db6e6881219ab1f477632e880b4e12931e531a74373212c954ad2a14435abe4ec978ae309481fc42922aad803b404c527f475628ed6a8f2caa313a201ee69ff1bf6009c3857ec1f45add688523d0b068380324fac7beaa5b7db5d67edf0ebde170a1ee792dffcef6091a213f3f8bbd28d5c7c85bab2e15069250d1b914bb3e1f7ab102d3b40d1f1d3aa0a222561577eff90197f323cdf63df00ef569f99d149d4159deda5b3dd1c82d372be34648574fcc50f3b22087e44e21631d7e0804280528d9d3c2d3f4634dc04157fbab31f37d326bace2c589db9b621e0bf3c1825375cd6e038ece392e96fd932d7aa24136ea93961db081f52106bedfe7a686bab6618eb315c07435e5cc684126f8acc214f63ad35c320a07851fcb9a6bf8574a5374ff34b850c75d913acb094c77d0b7bc33ba89610f615d10031224d77ff9532160e8aa7b2a02d5f9e714177d101482b51cd966a4eb1360078ce54c2d6e106e7d2ae7c853c82a21817fc3d9c7323999d461c6304832273edfd4a48129ecaffde0d068dc5a629b14e1cad279b038d5a303440a59f1089d262d3c60e3ae4d1bc90989e3a50f137274ae35e101770d34c1898690561a18109bb9083e965cd732bcf18aa94adcb03be0bbeb23dea00d18229c646273379292b52951900ce1879fd4792205265b9267e5838b993b072c38bc56a19e9d534f802608b65f1216bff3f5203d233c0c80ce71bffd7c00614bd22ce4a6ac392c1031df84ae4f04d8f053b359c401d1f6ec56d5a936349a14abf569ea4d0aa455af1f9b7272a059e9ad0d77fd3d4ac29d55f5b62a42d76b6fafe5b522f2cb6426d606c03109dd5a0af5cd8598807b41f7c685d5547ef013c438ac33019b7e024c8b0a4ceae61cfdee1a9cf7e89dda7470dcb41381720f4211652cec505017cef547cd2a319c0c1ca9cf2f7594b2b4142d86775f2a7819c978d21dcc21319d18afc6c22cd02bfbc780561be2b2fa388edf3817ef81b2126fc59c62efe5d742619687de40e75e4c0597c4c8563207157556eb9fa1c26402423f379d07c462339d197f605e23739a8ea4f0c95d49980b6d77ae8d51ee35fd8af56cf85b44fc9e26ee3d18a2cfd150997e795ffa220d80800c0014951d44efa700843247208c3faec4cc6622610b54409dd62e58dfa7ab0e3313e83e326015cdd49bee346290d358832f4b16ccd912bf01f65aac16a1a5e1249b0bfc9ca94b0452a7c7e27bc353c77401ce0af520195c0c2b82ffa7f0c0265303d89b77b5ef6965cec2592ba3173b73e239d4269396d6b20ab85e4d48fa92e9081dc70145a3792cbe41d4826e2958ff40f68edc0fb4473789408ae71909e0e0d9e8539ca3f5b309b9ffe054793a80c0f676e7c426334c4c658a43c04ea3acc4319cb01bc9c7fc4e6d67cb9a4c61167df411ccee3347b08f4b009681b81732a09bf40e940485019bd9b242d3e9fe2575983a365a2ccc4a522829f9d5ee377ad71a1dd49df3b000a6969bec6e9480b8129ec53df6ad51d12e9068ab7925b28b412ca1f9be0a365b7cc68274fa7e450e5db349e0f481723c7dc8911e7195dcdfe94190fb0448d9840ae4134f42c2dad1f1666a90aadbbe23f4a66b11a67da55aa3dad7674139ca2e0801856d4ca2a525d572af5b1e180fd9066346cf866675b48179a85416fdff0686a7bfdb4118ad2168ffc84ec0eeafbe7eea43da54fda0211f85265b0dcc13887fd3bc4216651b566beb16c339a991e3dda6b1e88e3efdab6d8519f859c37854a16951ea93e80da8e4915bce5c17d671bb6dd30c8e4e509eacf5433c34f7fcb082ad1721d81ec0b70972b8c43a8fdc1567a7cc754d0c68cd5d9d77cbf87c8c91d6b5180fc1184fddf2a56af522d9f957d57efcdde38409e7a3b2309791f8ff8118bb983d0dacb2dbfaa18ac56d4888eb4c3613dc1d05dbbcbcdb053826e20c67997613d60b1fbcbb1d01e460dc64e257fd5aee455cd352e6e2060b87e58a82beb826fd8b9dd62c7a2719fd4872957a5804266a6504e7b0d839bda0d1bb23e5d474f4a7a96059cef8d3dc90753d29bd00fce143d67cf709d1bc74ec54f81be2f26636dccfadb8b52432ed901b7b27282fa3f2d36442e68b7e5a44768e792902f7a2afffdd8ba57a719d9759308bf0aa3a5f69c7af239e7af6b0f2586d140f90f3200d32656ab7975fef93742f4bf94f2449d337fe4ad20fa180e1d645682042e5cf679810ee878d29b3d4753be22bb8c90760f8d84e64c5040f9f6576befad647b54d3a972a549a87dbb57f2ecad9a97ecc195229e514ef6367eeb01ed9f25a14b50e88f7b60b2b5154e7115f54e33c6e9fb36fe9b4428a83d52ad672548c7598fe99375cd9ed9b7575a743f235375ba14f10c266b140617da6c903bb42a8e0e72e96ab64d359f60e9b83ae95633d6053ad0613194f3d39b83a74c7a4be06adb7f5102096a957d90b3827058730a63fd7a8c148834d430368ff1a54d1454555203139501006e80c50e1099f94a68902196ae96f7643f15a0beb35eb602e7af720d21f3518c7c0bfd3e67941194bc3be0fed73e797531ad8b6d505ee81eb6f71bf0806155e5356286b8c97b50ffefa14108c8140164fdc32eaaecdccdf0f6a806a32594b9cb05c1da9955b5db18e956c81a59849b8d57ae3378d2ef1b426c79a3c1be33b2a48a5dbe8e610b2eaaeb607c1cc7173d6042ec888eedcb309cbe1750313a7c32101f4108d393020095c5dd45b07eb772ad0e3c53f27b64ed5fb24b8646ce74dd003741c5c1f219e7103db843d2d4262b86abf16a2e990bbc5876fa4f9d9c0dc1e28fbf846ba2ed59419a06e9b02d3657d69fc3ebb1133aeeb11b354e80e965cd66979cd2a72fc52c776cfad59569bae6507b7c0461e81db5ab88c6d771e0292dfd012ea3dd88bab1889db8bf40215e5b20fc1926c48d2de39253eb62446ca338540184f1ba4751169a9139f25b1eb6a6834eec482b003263e3901f1b6c08c5ecbcbba4dc082080e48dfa994dfc40a087f2b3b42ceabfdc871c12f989c9ee7fdb4707cdac2db014e3dad65fbe40f43e1760c48475cdabc561b1af1abd7295492625d91488c5d6408953584ba8c741c701195c708101caeb6eef4229599983272917f6b6ba0f4a6e509bfa493848dcf0132f4f2e7744adf4078635df0494ba64a1", 0x9) 2.263778169s ago: executing program 4 (id=2989): madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x1) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x80, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0) socket(0xa, 0x5, 0x94) mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) getpgrp(0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop6\x00', 0x129980, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c04, 0x0) socket(0x2, 0x80002, 0x73) r2 = socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(r2, 0x10000000084, 0x19, 0x0, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 2.08203592s ago: executing program 3 (id=2990): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/blank\x00', 0xa001, 0x0) unshare$auto(0x40000080) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x175) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fallocate$auto(r0, 0x80000000, 0x0, 0x9) ioctl$auto_TIOCGSERIAL2(r0, 0x541e, &(0x7f0000000140)="cbe2a13ccea2e5e4653b9a37be2cf39386af7727ab556c840eca1ceaeb30a037eb00a0a61d3687eeec0e8fa0e601a2edf642df8cff466ef47f471b31ad0249e45571b14bd969f90631172e52317b5f443d7b2532d350b4538523cfbe505e3450a4100708d48e19e43272d6e4e646deeffaac3cff032978ea0468b0a8c7c0b0380f508b30d6085a31c26413e05154a9270e4eccdb38") ptrace$auto(0x11, r1, 0x4, 0x0) socket(0x6, 0x3, 0x5) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x21, 0x2, 0xa) sendmsg$auto_NBD_CMD_CONNECT(r2, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x240448c1}, 0x4048040) sendmmsg$auto(0x6, &(0x7f0000000400)={{0x0, 0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x1, &(0x7f0000000300), 0x10, 0x8000000}, 0xed7138c}, 0x6, 0x0) mmap$auto(0x0, 0x400004, 0x3, 0x9b76, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x84) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dri/renderD128\x00', 0x2000, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/oom_adj\x00', 0x4404c0, 0x0) read$auto(r2, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) close_range$auto(0x2, 0x8, 0x20) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xfff, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) setsockopt$auto_SO_DEBUG(r3, 0x9, 0x1, &(0x7f0000000100)='\x00', 0x100002) 1.500626729s ago: executing program 0 (id=2991): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) mmap$auto(0x10000000002, 0xe983, 0x100000000df, 0xeb1, 0x401, 0x7fffffffffffffff) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0) (async) syz_genetlink_get_family_id$auto_ovs_meter(0x0, 0xffffffffffffffff) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x9, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) (async) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x5607, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) write$auto(0x3, 0x0, 0x7fffffff) (async) write$auto(0x1, 0x0, 0x80000000) (async) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) (async) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r1 = socket(0x2b, 0x1, 0x1) (async) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r1, 0x0, 0x20000001) madvise$auto(0x0, 0xffffffffffff0004, 0x19) (async) kill$auto(0x0, 0x21) madvise$auto(0x0, 0x200007, 0x8) (async) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) sendmsg$auto_NL80211_CMD_GET_MPP(r1, 0x0, 0x880) munmap$auto(0x8000, 0xffffffff) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r1) 1.335900293s ago: executing program 1 (id=2992): r0 = open(0x0, 0xd02, 0xc3) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x40, 0x800605, 0x8003, &(0x7f0000000100)=0x20ffff, 0x3, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0xdf6143ed4b729c41, 0x1) sendmsg$auto_NL80211_CMD_START_AP(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="68060000", @ANYRES16=0x0, @ANYRES16=r0], 0x668}, 0x1, 0x0, 0x0, 0x48010}, 0x20000800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0x1e, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x80803, 0x6) socket(0x2b, 0x1, 0x0) open(0x0, 0x149443, 0x0) r1 = socket(0x11, 0x4, 0x9) close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x5, 0x0) memfd_create$auto(0x0, 0x2) socket(0x1f, 0x2, 0xffffffff) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x48001, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x202002, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r1, @ANYRES8=r2], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x8800) write$auto(r3, &(0x7f0000000000)='-\x00', 0xfdef) socket(0xa, 0x5, 0x0) getsockopt$auto(r0, 0x400002, 0x4, 0x0, &(0x7f00000001c0)=0x2) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) 890.428247ms ago: executing program 1 (id=2994): memfd_secret$auto(0xffff8001) (async) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) ftruncate$auto(0x3, 0x700) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) (async) epoll_create$auto(0x3e) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-8kB/stats/shmem_alloc\x00', 0x103400, 0x0) (async) epoll_create$auto(0x3e) epoll_create$auto(0x4) (async, rerun: 32) open(&(0x7f0000000100)='.\x00', 0x680443, 0x1) (async, rerun: 32) socket(0x15, 0x5, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000580), 0x2802, 0x0) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/media15\x00', 0x2, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) (async) r0 = socket(0x6, 0x80000, 0x2) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) (async) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (rerun: 64) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x3, 0x948b, 0x3, 0x7f, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xd, 0x2, 0x6]}, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async, rerun: 64) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) mmap$auto(0x7, 0x400005, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) (async, rerun: 32) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async, rerun: 32) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x0, 0x0) read$auto_tomoyo_operations_securityfs_if(r2, &(0x7f0000000040)=""/4099, 0xfd98) 886.603824ms ago: executing program 4 (id=2995): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8003) getpid() unshare$auto(0x40000080) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0xfffffffffffffffc) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000100), 0x8880, 0x0) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x200041, 0x0) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r2, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/0000:00:03.0/resource0\x00', 0x103000, 0x0) pread64$auto(r3, &(0x7f0000000040)='/sys/devices/pci0000:00/0000:00:03.0/resource0\x00', 0x1, 0x9) r4 = getpid() prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = geteuid() shmctl$auto_IPC_INFO(0x2, 0x3, &(0x7f0000000240)={{0x977, r5, 0xee01, 0x3a, 0x1, 0x7, 0x344}, 0x2, 0x5, 0x8000000000000001, 0x9, @inferred=r4, @raw=0x7ff, 0x6, 0x0, &(0x7f0000000080)="c1fc4760d1b033f1ccaabb5b750c8f383638ec16a9108ab10b83b9bbe108bd6da5ded9200888075f45ee77a839cfb455cb178ad74a23571256c2f7b24fda8c6996b1f62b412e58f4f63f31dcf94e28609acf680f30bbabc64d4efae29f9f68111603e926d9cfcc3d662215ffa6918dab056884d44f312378efbf30ab44f0", &(0x7f00000006c0)="5775e918b8120ab125f3601b56f898cba106bdd31ef55b0b2094e6cc21c36527acc01d70bbc8be939865707c10dc0b49e3617a0b896aa66d27b6beb8f4951e82bebed19ef6cc237855cfdc814336aa23738403883baa9ad7c3f6028076ee913a99337ceb56258d8cc61a8c653fae41159785b76a673a2803b37920803c3f976d5b0000849da609b2d878448c3ee5d0c67125944b16b5f65ce94cf29aefb9b8dfc6a853edc3ec167a5353fb1076a56230442217a75ea72f1a9a8f2d1eff977c7ca74f2ac8fce87aee06ddfbb4359bf41183ae4b9c0c4fad15acc3cde21e29105b82031355590d038aefc6c4217abd85288557fb5153"}) msgctl$auto_IPC_RMID(0x1, 0x0, &(0x7f0000000440)={{0x8, r6, 0xee01, 0xa2, 0xffff, 0x7, 0x2}, &(0x7f0000000340)=0xe, &(0x7f0000000380)=0x6, 0x400, 0xfffffffffffffffc, 0xa, 0x200, 0x3, 0x47, 0x6, 0x7, @inferred=0xffffffffffffffff}) write$auto(0xffffffffffffffff, &(0x7f0000001480)='nl8P211\x00', 0x9) fstat$auto(0xffffffffffffffff, &(0x7f0000000600)={0xfffffffffffffffb, 0x7, 0x4, 0x0, r5, 0xee01, 0x0, 0x4, 0xffffffffffff8001, 0x5, 0x3ff, 0xb7f, 0x824, 0x1, 0x8000000000000000, 0x8, 0x1}) statx$auto(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x48, 0x1, &(0x7f0000002500)={0xc, 0x9, 0x7fff, 0xfffffff8, 0xffffffffffffffff, 0xee01, 0x800, 0x23c, 0x7, 0x5, 0x1000000000003, 0xd65, {0x7, 0x9}, {0x3, 0xcc0}, {0x7, 0x8}, {0x9, 0xfffffffc}, 0x3, 0x442, 0x6, 0x20009, 0x6, 0x8, 0x1, 0x9882, 0x1ff, 0x7, 0x20001, 0x0, [0xc231, 0xed75, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x4, 0xb, 0x7fffffffffffffff, 0x20008, 0x8001]}) select$auto(0x80000000, 0x0, 0x0, &(0x7f00000002c0)={[0x103, 0x7, 0xd, 0x3, 0x7fffffff, 0x4000006, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x3, 0xffffffffffffff55]}, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) write$auto(0x3, 0x0, 0xffd8) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 633.721882ms ago: executing program 1 (id=2996): socket(0xa, 0x3, 0xff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) fchown$auto(r0, 0xe5a, 0x5) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getrandom$auto(0x0, 0x6000000, 0x3) setresuid$auto(0xee01, 0x1000, 0x607) write$auto(0x3, 0x0, 0xfdef) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) sysfs$auto(0x2, 0x10000000000002a, 0x0) socket(0x2, 0x6, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) syz_clone(0x40000000, 0x0, 0x25, 0x0, 0x0, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x3ff, &(0x7f0000000080)={@buf=&(0x7f00000000c0)="c9b7e526549a67a9fe257e202c6fd5a3094a85485dda3ca7e54d0966c0b72b3b42f559bfaf64bf36083cdf312fa8720e2cd7046f60fe31050824238330f48c", 0x2, 0x8000, 0x3000}, 0x4) ioctl$auto(0x3, 0xc0585605, 0x38) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = socket(0x15, 0x5, 0x0) getsockopt$auto(r1, 0x114, 0x2717, 0xfffffffffffffffc, 0x0) fanotify_init$auto(0x602, 0x1) fanotify_mark$auto(0x0, 0x451, 0x40, 0xffffffffffffffff, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) 516.653203ms ago: executing program 0 (id=2997): mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x105182, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x519c41, 0x0) getrandom$auto(&(0x7f0000000000)='\x00', 0x87f, 0x46) ioctl$auto(r1, 0x4b6a, 0x7) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, 0x0, 0x28400, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x109001, 0x0) ioctl$auto(r2, 0x4, r2) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r3 = socket(0x1e, 0x1, 0x0) r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x20c000, 0x0) mmap$auto(0x8, 0xe983, 0xdf, 0x100000000000016, 0xffffffffffffffff, 0x7ffd) close_range$auto(0x2, 0x8000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f0000000080)={0x1, 0x3, 0x6, 0x6, 0x6}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x8, 0x1, 0x8000000000000000, 0x0) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video33\x00', 0x80382, 0x0) ioctl$auto(r5, 0xc0045627, r3) openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, 0x0, 0x2, 0x0) ppoll$auto(0x0, 0x5, 0x0, 0x0, 0x8) fcntl$auto_F_GETPIPE_SZ(r4, 0x408, 0x47) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x2000, 0x0) mmap$auto(0xfffffffffffffffe, 0x7, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6002000, 0x3) ioctl$auto(0xffffffffffffffff, 0x7, r0) madvise$auto(0x110c230000, 0x1, 0x9) 0s ago: executing program 0 (id=2998): syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram8/dev\x00', 0x6a8800, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x800000000001, 0x0) write$auto(r0, &(0x7f00000005c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D_#\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc^:\xd1\xe3\xf1@\xc0\x93^:Mn#Oi\xaa[X\x93)\x8f\x03K\xe6\xa4\x11?\xf1\x02+\\\xf9\x8b\xe5l5\x11\x006c\x907E\xeb\x81\fB\xe3\xf8n\x8f\x94V\xbcB\x9cm\x9f\x15\x00Q\xf8\x8fFW#?\xd5Z~\xa51\x832\xbd|\x19\xda\x8e\xff\x17\r\x96\xa3\xcc+\xf4a\xffN\xd2_\xe5\\\xf8Lzc\xd4\xa0\x1f\x04_\xf1\xc6\fO\xbe?)Q\xc7\\B\xdb\xeaI\xde\xe9m\xf5\xf9\x19\xd3@IK\xe3c\x0ek\x8drZ\xad\xdc\xbb\xfc\xd4\x1f\xdaOW\x87\xb6Fm\x12\xadw(z\\j\xcc0P\xaeC\x9f\xbf\xd5\xf9\xe3\x85~cG\f\x85\xd6\x84ma\xfd\xdayNj\x80\xdd3^\x87,\x14\x8e\xbe$\x05\x8a\xb0 M\xf6$B TCs\xa9\x91dil[\xfc\a\xbfD\xd9\x8d(F\x1e\f\xec\xe9K|h\xf5\xcaUI\x18#\xbed\xa8C\x8a\xbb\fE\xe6\xa3|\xf7\xa8\xbb\xd3\x97l.V/uc\xb5Q\x1eY\xe0\x03\xa1\xc1\xc8\xe2=RK\x7fWV;\xe4\xccTsf\xa7[\xdd\x9cR\xab\xf81s\xbc\x9c\xaaSGH\x9al\xb9%u\v\xb4\x9d\x95\x16\x01\xbbT\x99S\xf8A\xcd\bRC\xf4\xb0\x1a%\xdd+1\x81\x9d6\x90\xe8\xc6\xc1\x1e\xf0~\xaf\x10g&\xd6\x01l::V\xdbJiVW\xab4G\x97\x9cl', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40146f2c, 0x0) io_uring_setup$auto(0x1fe, 0x0) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x403c6f2b, 0x0) r3 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/nbd0/hctx0/sched_tags\x00', 0x60100, 0x0) read$auto(r3, &(0x7f0000000040)='\x00', 0x3) mmap$auto(0x0, 0x400008, 0x7d3, 0x9b72, 0xffffffffffffffff, 0x5cd) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rxrpc/peers\x00', 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) kernel console output (not intermixed with test programs): reating new IBSS network, BSSID 50:50:50:50:50:50 [ 770.354977][T18357] random: crng reseeded on system resumption [ 771.259826][T18367] sd 0:0:1:0: PR command failed: 1026 [ 771.265354][T18367] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 771.337098][T18367] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 771.362620][T18369] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 772.864894][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 772.877482][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 772.903216][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 772.926062][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 772.939377][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 773.885978][ T7599] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 774.089363][ T7599] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 774.133077][T18402] chnl_net:caif_netlink_parms(): no params data found [ 774.223324][ T7599] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 774.302765][T13917] Bluetooth: hci4: unexpected event 0x16 length: 11 > 6 [ 774.362719][ T7599] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 774.512401][T18402] bridge0: port 1(bridge_slave_0) entered blocking state [ 774.523693][T18402] bridge0: port 1(bridge_slave_0) entered disabled state [ 774.534033][T18402] bridge_slave_0: entered allmulticast mode [ 774.552354][T18402] bridge_slave_0: entered promiscuous mode [ 774.566704][T18402] bridge0: port 2(bridge_slave_1) entered blocking state [ 774.580219][T18402] bridge0: port 2(bridge_slave_1) entered disabled state [ 774.589333][T18402] bridge_slave_1: entered allmulticast mode [ 774.598200][T18402] bridge_slave_1: entered promiscuous mode [ 774.718867][T18402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 774.768398][T18402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 775.028861][T13917] Bluetooth: hci2: command tx timeout [ 775.138702][T18402] team0: Port device team_slave_0 added [ 775.180741][ T7599] vlan1: left allmulticast mode [ 775.185705][ T7599] veth0_vlan: left allmulticast mode [ 775.197920][ T7599] vlan1: left promiscuous mode [ 775.203724][ T7599] bridge0: port 3(vlan1) entered disabled state [ 775.247541][ T7599] bridge_slave_1: left allmulticast mode [ 775.253266][ T7599] bridge_slave_1: left promiscuous mode [ 775.296152][ T7599] bridge0: port 2(bridge_slave_1) entered disabled state [ 775.385540][ T7599] bridge_slave_0: left allmulticast mode [ 775.407829][ T7599] bridge_slave_0: left promiscuous mode [ 775.413710][ T7599] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.591363][T18470] FAULT_INJECTION: forcing a failure. [ 776.591363][T18470] name failslab, interval 1, probability 0, space 0, times 0 [ 776.604958][T18470] CPU: 1 UID: 0 PID: 18470 Comm: syz.1.2366 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 776.604999][T18470] Tainted: [U]=USER [ 776.605007][T18470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 776.605021][T18470] Call Trace: [ 776.605030][T18470] [ 776.605039][T18470] dump_stack_lvl+0x16c/0x1f0 [ 776.605080][T18470] should_fail_ex+0x512/0x640 [ 776.605126][T18470] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 776.605164][T18470] should_failslab+0xc2/0x120 [ 776.605189][T18470] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 776.605223][T18470] ? getname_flags.part.0+0x4c/0x550 [ 776.605255][T18470] getname_flags.part.0+0x4c/0x550 [ 776.605285][T18470] getname_flags+0x93/0xf0 [ 776.605315][T18470] do_sys_openat2+0xb8/0x1d0 [ 776.605339][T18470] ? __pfx_do_sys_openat2+0x10/0x10 [ 776.605366][T18470] ? __fget_files+0x20e/0x3c0 [ 776.605400][T18470] __x64_sys_openat+0x174/0x210 [ 776.605422][T18470] ? __pfx___x64_sys_openat+0x10/0x10 [ 776.605444][T18470] ? ksys_write+0x1ac/0x250 [ 776.605483][T18470] do_syscall_64+0xcd/0x490 [ 776.605516][T18470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 776.605537][T18470] RIP: 0033:0x7f87d6d8e929 [ 776.605556][T18470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 776.605576][T18470] RSP: 002b:00007f87d7c22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 776.605596][T18470] RAX: ffffffffffffffda RBX: 00007f87d6fb5fa0 RCX: 00007f87d6d8e929 [ 776.605610][T18470] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 776.605624][T18470] RBP: 00007f87d7c22090 R08: 0000000000000000 R09: 0000000000000000 [ 776.605637][T18470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 776.605649][T18470] R13: 0000000000000000 R14: 00007f87d6fb5fa0 R15: 00007fff3f698648 [ 776.605676][T18470] [ 776.834405][ T7599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 776.847439][ T7599] bond0 (unregistering): Released all slaves [ 776.875344][T18402] team0: Port device team_slave_1 added [ 776.996580][T18402] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 777.003570][T18402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 777.036213][T18402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 777.048937][ T7599] HSR: left promiscuous mode [ 777.084679][T18402] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 777.091915][T18402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 777.119494][T13917] Bluetooth: hci2: command tx timeout [ 777.125222][T18402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 777.140924][ T7599] HfR: left promiscuous mode [ 777.209767][T18402] hsr_slave_0: entered promiscuous mode [ 777.217849][T18402] hsr_slave_1: entered promiscuous mode [ 777.241302][T18402] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 777.254118][T18402] Cannot create hsr debugfs directory [ 777.264820][ T7599] : left promiscuous mode [ 777.483103][ T7599] tipc: Left network mode [ 777.826467][T18490] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2369'. [ 778.489616][ T7599] hsr_slave_0: left promiscuous mode [ 778.510890][ T7599] hsr_slave_1: left promiscuous mode [ 778.517560][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 778.525160][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 778.536866][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 778.554552][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 778.615293][ T7599] veth1_macvtap: left promiscuous mode [ 778.633190][ T7599] veth1_vlan: left promiscuous mode [ 778.638669][ T7599] veth0_vlan: left promiscuous mode [ 779.195961][T13917] Bluetooth: hci2: command tx timeout [ 779.803705][ T7599] team0 (unregistering): Port device team_slave_1 removed [ 781.224818][T18531] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2375'. [ 781.274590][T13917] Bluetooth: hci2: command tx timeout [ 781.343785][T18531] ipvlan1: entered allmulticast mode [ 781.352189][T18531] veth0_vlan: entered allmulticast mode [ 781.393338][T18534] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2374'. [ 781.454349][T18535] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2374'. [ 781.613995][T18530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2374'. [ 781.726047][T18402] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 781.773473][T18402] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 781.877515][T18402] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 781.936962][T18402] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 782.210289][T13917] Bluetooth: hci1: unexpected event 0x16 length: 11 > 6 [ 782.322528][T18402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 782.453827][T18402] 8021q: adding VLAN 0 to HW filter on device team0 [ 782.498612][ T7599] bridge0: port 1(bridge_slave_0) entered blocking state [ 782.505845][ T7599] bridge0: port 1(bridge_slave_0) entered forwarding state [ 782.621396][ T9545] bridge0: port 2(bridge_slave_1) entered blocking state [ 782.628895][ T9545] bridge0: port 2(bridge_slave_1) entered forwarding state [ 782.972592][T18577] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 783.214150][T18402] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 783.342661][T18402] veth0_vlan: entered promiscuous mode [ 783.453675][T18402] veth1_vlan: entered promiscuous mode [ 783.651516][T18581] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 783.670714][T18402] veth0_macvtap: entered promiscuous mode [ 783.687832][T18402] veth1_macvtap: entered promiscuous mode [ 783.806945][T18402] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 783.853428][T18595] zram: Cannot change disksize for initialized device [ 783.891563][T18402] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 783.947931][T18402] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.006039][T18402] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.015741][T18402] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.027431][T18402] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.552722][T18612] FAULT_INJECTION: forcing a failure. [ 784.552722][T18612] name fail_futex, interval 1, probability 0, space 0, times 0 [ 784.572580][T18612] CPU: 1 UID: 0 PID: 18612 Comm: syz.3.2385 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 784.572618][T18612] Tainted: [U]=USER [ 784.572625][T18612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 784.572638][T18612] Call Trace: [ 784.572647][T18612] [ 784.572655][T18612] dump_stack_lvl+0x16c/0x1f0 [ 784.572694][T18612] should_fail_ex+0x512/0x640 [ 784.572728][T18612] get_futex_key+0x1d0/0x1540 [ 784.572757][T18612] ? __pfx_get_futex_key+0x10/0x10 [ 784.572796][T18612] futex_wake+0xea/0x530 [ 784.572829][T18612] ? __pfx_futex_wait+0x10/0x10 [ 784.572861][T18612] ? __pfx_futex_wake+0x10/0x10 [ 784.572897][T18612] ? __radix_tree_lookup+0x21f/0x2c0 [ 784.572928][T18612] ? find_held_lock+0x2b/0x80 [ 784.572959][T18612] do_futex+0x1e3/0x350 [ 784.572988][T18612] ? __pfx_do_futex+0x10/0x10 [ 784.573020][T18612] ? ksys_semctl.constprop.0+0x152/0x2f0 [ 784.573052][T18612] __x64_sys_futex+0x1e0/0x4c0 [ 784.573086][T18612] ? __pfx___x64_sys_futex+0x10/0x10 [ 784.573129][T18612] do_syscall_64+0xcd/0x490 [ 784.573166][T18612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.573193][T18612] RIP: 0033:0x7f21da58e929 [ 784.573213][T18612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 784.573236][T18612] RSP: 002b:00007f21db31f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 784.573260][T18612] RAX: ffffffffffffffda RBX: 00007f21da7b5fa8 RCX: 00007f21da58e929 [ 784.573276][T18612] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f21da7b5fac [ 784.573290][T18612] RBP: 00007f21da7b5fa0 R08: 00007f21db320000 R09: 0000000000000000 [ 784.573314][T18612] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f21da7b5fac [ 784.573329][T18612] R13: 0000000000000000 R14: 00007ffe04ba26d0 R15: 00007ffe04ba27b8 [ 784.573363][T18612] [ 786.260017][ T9545] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 786.281463][ T9545] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 786.375945][ T9545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 786.383827][ T9545] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 786.646831][T18657] FAULT_INJECTION: forcing a failure. [ 786.646831][T18657] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 786.691094][T18657] CPU: 1 UID: 0 PID: 18657 Comm: syz.1.2390 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 786.691147][T18657] Tainted: [U]=USER [ 786.691157][T18657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 786.691173][T18657] Call Trace: [ 786.691183][T18657] [ 786.691195][T18657] dump_stack_lvl+0x16c/0x1f0 [ 786.691240][T18657] should_fail_ex+0x512/0x640 [ 786.691283][T18657] _copy_from_user+0x2e/0xd0 [ 786.691321][T18657] memdup_user+0x6b/0xe0 [ 786.691357][T18657] uinput_write+0x1e9/0xff0 [ 786.691405][T18657] ? __pfx_uinput_write+0x10/0x10 [ 786.691441][T18657] ? apparmor_file_permission+0x251/0x400 [ 786.691473][T18657] ? bpf_lsm_file_permission+0x9/0x10 [ 786.691500][T18657] ? security_file_permission+0x71/0x210 [ 786.691534][T18657] ? rw_verify_area+0xcf/0x680 [ 786.691567][T18657] ? __pfx_uinput_write+0x10/0x10 [ 786.691603][T18657] vfs_write+0x29d/0x1150 [ 786.691645][T18657] ? __pfx_vfs_write+0x10/0x10 [ 786.691676][T18657] ? find_held_lock+0x2b/0x80 [ 786.691703][T18657] ? __fget_files+0x204/0x3c0 [ 786.691741][T18657] ? __fget_files+0x20e/0x3c0 [ 786.691785][T18657] ksys_write+0x1f8/0x250 [ 786.691814][T18657] ? __pfx_ksys_write+0x10/0x10 [ 786.691856][T18657] do_syscall_64+0xcd/0x490 [ 786.691895][T18657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 786.691922][T18657] RIP: 0033:0x7f87d6d8e929 [ 786.691944][T18657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 786.691969][T18657] RSP: 002b:00007f87d7c22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 786.692019][T18657] RAX: ffffffffffffffda RBX: 00007f87d6fb5fa0 RCX: 00007f87d6d8e929 [ 786.692037][T18657] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000003 [ 786.692052][T18657] RBP: 00007f87d6e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 786.692068][T18657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 786.692084][T18657] R13: 0000000000000000 R14: 00007f87d6fb5fa0 R15: 00007fff3f698648 [ 786.692125][T18657] [ 788.835453][T18706] zram: Cannot change disksize for initialized device [ 789.280060][T18719] FAULT_INJECTION: forcing a failure. [ 789.280060][T18719] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 789.280120][T18719] CPU: 0 UID: 0 PID: 18719 Comm: syz.0.2400 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 789.280159][T18719] Tainted: [U]=USER [ 789.280169][T18719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 789.280184][T18719] Call Trace: [ 789.280193][T18719] [ 789.280204][T18719] dump_stack_lvl+0x16c/0x1f0 [ 789.280248][T18719] should_fail_ex+0x512/0x640 [ 789.280289][T18719] _copy_from_user+0x2e/0xd0 [ 789.280330][T18719] memdup_user+0x6b/0xe0 [ 789.280368][T18719] uinput_write+0x1e9/0xff0 [ 789.280416][T18719] ? __pfx_uinput_write+0x10/0x10 [ 789.280454][T18719] ? apparmor_file_permission+0x251/0x400 [ 789.280484][T18719] ? bpf_lsm_file_permission+0x9/0x10 [ 789.280510][T18719] ? security_file_permission+0x71/0x210 [ 789.280544][T18719] ? rw_verify_area+0xcf/0x680 [ 789.280575][T18719] ? __pfx_uinput_write+0x10/0x10 [ 789.280611][T18719] vfs_write+0x29d/0x1150 [ 789.280652][T18719] ? __pfx_vfs_write+0x10/0x10 [ 789.280684][T18719] ? find_held_lock+0x2b/0x80 [ 789.280711][T18719] ? __fget_files+0x204/0x3c0 [ 789.280750][T18719] ? __fget_files+0x20e/0x3c0 [ 789.280793][T18719] ksys_write+0x1f8/0x250 [ 789.280828][T18719] ? __pfx_ksys_write+0x10/0x10 [ 789.280882][T18719] do_syscall_64+0xcd/0x490 [ 789.280926][T18719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.280961][T18719] RIP: 0033:0x7fe1c118e929 [ 789.280985][T18719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 789.281013][T18719] RSP: 002b:00007fe1beff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 789.281041][T18719] RAX: ffffffffffffffda RBX: 00007fe1c13b5fa0 RCX: 00007fe1c118e929 [ 789.281059][T18719] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000003 [ 789.281075][T18719] RBP: 00007fe1c1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 789.281092][T18719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 789.281107][T18719] R13: 0000000000000000 R14: 00007fe1c13b5fa0 R15: 00007fff5f1addc8 [ 789.281142][T18719] [ 789.407369][T18716] Console: switching to colour frame buffer device 128x48 [ 789.973392][T18730] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 790.587616][T13917] Bluetooth: hci0: unexpected event 0x16 length: 11 > 6 [ 791.093213][T18734] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 791.201234][T18734] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 791.207974][T18734] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 791.214483][T18734] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 791.242859][T18734] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 791.304603][T18734] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 791.333256][T18734] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 791.423509][T18734] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 791.638231][T18764] usb usb36: usbfs: process 18764 (syz.1.2409) did not claim interface 0 before use [ 791.750253][T18771] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2411'. [ 792.386211][T13917] Bluetooth: hci4: command 0x0c1a tx timeout [ 792.423325][T18781] FAULT_INJECTION: forcing a failure. [ 792.423325][T18781] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 792.461683][ T30] audit: type=1800 audit(4294967372.129:25): pid=18783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2414" name="dbroot" dev="configfs" ino=74111 res=0 errno=0 [ 792.529572][T18781] CPU: 1 UID: 0 PID: 18781 Comm: syz.4.2413 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 792.529613][T18781] Tainted: [U]=USER [ 792.529621][T18781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 792.529633][T18781] Call Trace: [ 792.529640][T18781] [ 792.529649][T18781] dump_stack_lvl+0x16c/0x1f0 [ 792.529689][T18781] should_fail_ex+0x512/0x640 [ 792.529726][T18781] _copy_to_user+0x32/0xd0 [ 792.529763][T18781] simple_read_from_buffer+0xcb/0x170 [ 792.529795][T18781] proc_fail_nth_read+0x197/0x270 [ 792.529824][T18781] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 792.529852][T18781] ? rw_verify_area+0xcf/0x680 [ 792.529880][T18781] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 792.529907][T18781] vfs_read+0x1e4/0xc60 [ 792.529942][T18781] ? __pfx___mutex_lock+0x10/0x10 [ 792.529978][T18781] ? __pfx_vfs_read+0x10/0x10 [ 792.530018][T18781] ? __fget_files+0x20e/0x3c0 [ 792.530062][T18781] ksys_read+0x12a/0x250 [ 792.530094][T18781] ? __pfx_ksys_read+0x10/0x10 [ 792.530223][T18781] do_syscall_64+0xcd/0x490 [ 792.530261][T18781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 792.530285][T18781] RIP: 0033:0x7f37beb8d33c [ 792.530304][T18781] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 792.530327][T18781] RSP: 002b:00007f37bfac3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 792.530351][T18781] RAX: ffffffffffffffda RBX: 00007f37bedb6080 RCX: 00007f37beb8d33c [ 792.530367][T18781] RDX: 000000000000000f RSI: 00007f37bfac30a0 RDI: 0000000000000004 [ 792.530382][T18781] RBP: 00007f37bfac3090 R08: 0000000000000000 R09: 0000000000000000 [ 792.530397][T18781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 792.530412][T18781] R13: 0000000000000000 R14: 00007f37bedb6080 R15: 00007ffdf3e867d8 [ 792.530445][T18781] [ 793.000982][T18791] zram: Cannot change disksize for initialized device [ 793.054187][T18793] zram: Cannot change disksize for initialized device [ 793.122907][T18766] zswap: compressor not available [ 793.266297][T13917] Bluetooth: hci1: command 0x0c1a tx timeout [ 793.272539][T13917] Bluetooth: hci0: command 0x0406 tx timeout [ 793.351107][T13917] Bluetooth: hci2: command 0x0c1a tx timeout [ 793.850946][T18805] kAFS: Invalid Command on /proc/fs/afs/cells file [ 795.346018][T13917] Bluetooth: hci1: command 0x0c1a tx timeout [ 795.428055][T13917] Bluetooth: hci2: command 0x0c1a tx timeout [ 796.584220][T18865] ima: policy update failed [ 796.642364][ T30] audit: type=1802 audit(4294967376.309:26): pid=18865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.2428" res=0 errno=0 [ 796.962716][T18889] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 797.426033][T13917] Bluetooth: hci1: command 0x0c1a tx timeout [ 797.515929][T13917] Bluetooth: hci2: command 0x0c1a tx timeout [ 797.936610][T18887] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2430'. [ 798.077705][T18887] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2430'. [ 799.041771][T18910] zram: Cannot change disksize for initialized device [ 800.007474][T18940] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 801.189994][T18961] netlink: 'syz.4.2446': attribute type 2 has an invalid length. [ 801.523103][T18974] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 802.829213][T18982] netlink: 78 bytes leftover after parsing attributes in process `syz.4.2450'. [ 802.858933][T18995] zram: Cannot change disksize for initialized device [ 803.795319][T19010] ima: policy update failed [ 803.825594][ T30] audit: type=1802 audit(4294967383.499:27): pid=19010 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2457" res=0 errno=0 [ 804.173110][T19016] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 805.125269][T19041] binder: 19039:19041 ioctl 40046210 0 returned -14 [ 806.030993][T19052] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 806.049543][T19052] FAULT_INJECTION: forcing a failure. [ 806.049543][T19052] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 806.073848][T19052] CPU: 0 UID: 0 PID: 19052 Comm: syz.3.2465 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 806.073890][T19052] Tainted: [U]=USER [ 806.073898][T19052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 806.073912][T19052] Call Trace: [ 806.073921][T19052] [ 806.073932][T19052] dump_stack_lvl+0x16c/0x1f0 [ 806.073973][T19052] should_fail_ex+0x512/0x640 [ 806.074011][T19052] should_fail_alloc_page+0xe7/0x130 [ 806.074039][T19052] prepare_alloc_pages+0x3c2/0x610 [ 806.074075][T19052] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 806.074112][T19052] ? __lock_acquire+0xb8a/0x1c90 [ 806.074157][T19052] ? __lock_acquire+0xb8a/0x1c90 [ 806.074194][T19052] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 806.074232][T19052] ? __might_fault+0xe3/0x190 [ 806.074265][T19052] ? __might_fault+0xe3/0x190 [ 806.074297][T19052] ? __might_fault+0x13b/0x190 [ 806.074339][T19052] ? _copy_from_iter+0x15d/0x16f0 [ 806.074377][T19052] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 806.074415][T19052] ? policy_nodemask+0xea/0x4e0 [ 806.074443][T19052] alloc_pages_mpol+0x1fb/0x550 [ 806.074468][T19052] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 806.074503][T19052] alloc_pages_noprof+0x131/0x390 [ 806.074529][T19052] anon_pipe_write+0xbc2/0x1a70 [ 806.074577][T19052] ? __pfx_anon_pipe_write+0x10/0x10 [ 806.074613][T19052] ? __pfx_autoremove_wake_function+0x10/0x10 [ 806.074644][T19052] ? bpf_lsm_file_permission+0x9/0x10 [ 806.074670][T19052] ? security_file_permission+0x71/0x210 [ 806.074702][T19052] ? rw_verify_area+0xcf/0x680 [ 806.074736][T19052] vfs_write+0x6c4/0x1150 [ 806.074769][T19052] ? __pfx_anon_pipe_write+0x10/0x10 [ 806.074808][T19052] ? __pfx_vfs_write+0x10/0x10 [ 806.074838][T19052] ? find_held_lock+0x2b/0x80 [ 806.074885][T19052] ksys_write+0x1f8/0x250 [ 806.074918][T19052] ? __pfx_ksys_write+0x10/0x10 [ 806.074960][T19052] do_syscall_64+0xcd/0x490 [ 806.074999][T19052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.075025][T19052] RIP: 0033:0x7f21da58e929 [ 806.075046][T19052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 806.075070][T19052] RSP: 002b:00007f21db31f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 806.075094][T19052] RAX: ffffffffffffffda RBX: 00007f21da7b5fa0 RCX: 00007f21da58e929 [ 806.075111][T19052] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 806.075127][T19052] RBP: 00007f21da610b39 R08: 0000000000000000 R09: 0000000000000000 [ 806.075148][T19052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 806.075163][T19052] R13: 0000000000000000 R14: 00007f21da7b5fa0 R15: 00007ffe04ba27b8 [ 806.075198][T19052] [ 806.794619][T19061] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 807.369725][T19064] program syz.0.2466 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 807.573055][T19077] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input40 [ 808.784264][T19099] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input41 [ 808.870250][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.879751][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.361483][T19115] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2476'. [ 809.500922][T19111] capability: warning: `syz.1.2473' uses deprecated v2 capabilities in a way that may be insecure [ 809.527817][T19103] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input42 [ 810.270317][T19125] vivid-009: ================= START STATUS ================= [ 810.290334][T19125] vivid-009: Enable Output Cropping: true grabbed [ 810.321300][T19128] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input43 [ 810.343292][T19125] vivid-009: Enable Output Composing: true grabbed [ 810.369217][T19125] vivid-009: Enable Output Scaler: true grabbed [ 810.375607][T19125] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 810.431342][T19125] vivid-009: Transmit Mode: HDMI grabbed [ 810.449566][T19125] vivid-009: Hotplug Present: 0x00000000 [ 810.471493][T19125] vivid-009: RxSense Present: 0x00000000 [ 810.477544][T19125] vivid-009: EDID Present: 0x00000000 [ 810.484092][T19125] vivid-009: ================== END STATUS ================== [ 810.484374][T19131] block nbd7: not configured, cannot reconfigure [ 810.601338][T19130] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input44 [ 811.259451][T19136] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2481'. [ 811.704015][T19147] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2484'. [ 812.227915][T19168] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2488'. [ 812.286922][T19164] Invalid ELF header magic: != ELF [ 812.642742][T19176] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input45 [ 813.093790][T19178] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input46 [ 813.189407][T19189] openvswitch: netlink: Message has 20 unknown bytes. [ 813.228249][T19190] openvswitch: netlink: Message has 20 unknown bytes. [ 813.812081][T19201] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 816.283712][T19272] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input47 [ 816.556511][T19273] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input48 [ 816.974700][T19286] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2515'. [ 817.161078][T19288] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.2516: iget: checksum invalid [ 817.310915][T19294] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input49 [ 817.327495][T19288] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc3-syzkaller-00042-g78f4e737a53e/regulatory.db failed with error -74 [ 817.376249][T19288] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.2516: iget: checksum invalid [ 817.536712][T19288] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 817.912229][T19288] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.2516: iget: checksum invalid [ 818.112545][T19288] platform regulatory.0: loading /lib/firmware/6.16.0-rc3-syzkaller-00042-g78f4e737a53e/regulatory.db failed with error -74 [ 818.143080][T19288] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.2516: iget: checksum invalid [ 818.173052][T19288] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 818.189537][T19298] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input50 [ 818.273167][T19288] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 818.322985][T19288] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 819.092503][T19322] bond0: no command found in slaves file - use +ifname or -ifname [ 820.175769][T19356] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 820.186286][T19357] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 820.480522][T19365] syz.1.2533 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 821.341363][T19392] random: crng reseeded on system resumption [ 821.528567][T19396] vivid-009: ================= START STATUS ================= [ 821.573154][T19396] vivid-009: Enable Output Cropping: true grabbed [ 821.573200][T19396] vivid-009: Enable Output Composing: true grabbed [ 821.573221][T19396] vivid-009: Enable Output Scaler: true grabbed [ 821.573241][T19396] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 821.573261][T19396] vivid-009: Transmit Mode: HDMI grabbed [ 821.573280][T19396] vivid-009: Hotplug Present: 0x00000000 [ 821.573298][T19396] vivid-009: RxSense Present: 0x00000000 [ 821.573313][T19396] vivid-009: EDID Present: 0x00000000 [ 821.573328][T19396] vivid-009: ================== END STATUS ================== [ 822.470876][T19415] svc: failed to register nfsdv3 RPC service (errno 512). [ 822.530897][T19415] svc: failed to register nfsaclv3 RPC service (errno 111). [ 823.208446][T19437] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2549'. [ 823.414392][T19437] bridge0: port 2(bridge_slave_1) entered disabled state [ 823.422850][T19437] bridge0: port 1(bridge_slave_0) entered disabled state [ 826.287911][T19469] HfR: entered promiscuous mode [ 826.341683][T19469] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2557'. [ 826.426948][T19469] HfR: left promiscuous mode [ 827.038880][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 827.101088][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 827.202780][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 827.218681][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 827.227008][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 828.436171][ T9104] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 828.563069][ T9104] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 828.804276][ T9104] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 828.807562][T19504] [U]  [ 828.817414][T19504] [U] [ 828.820126][T19504] [U] [ 828.822810][T19504] [U] [ 828.875633][T19504] [U] [ 828.878418][T19504] [U] [ 828.881152][T19504] [U] [ 828.883886][T19504] [U] [ 828.910316][T19504] [U] [ 828.913087][T19504] [U] [ 828.915811][T19504] [U] [ 828.918549][T19504] [U] [ 828.951918][T19509] FAULT_INJECTION: forcing a failure. [ 828.951918][T19509] name failslab, interval 1, probability 0, space 0, times 0 [ 828.953709][ T9104] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 828.966216][T19509] CPU: 1 UID: 0 PID: 19509 Comm: syz.3.2563 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 828.966260][T19509] Tainted: [U]=USER [ 828.966268][T19509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 828.966285][T19509] Call Trace: [ 828.966294][T19509] [ 828.966304][T19509] dump_stack_lvl+0x16c/0x1f0 [ 828.966347][T19509] should_fail_ex+0x512/0x640 [ 828.966380][T19509] ? fs_reclaim_acquire+0xae/0x150 [ 828.966414][T19509] should_failslab+0xc2/0x120 [ 828.966440][T19509] __kmalloc_cache_noprof+0x6a/0x3e0 [ 828.966471][T19509] ? mark_held_locks+0x49/0x80 [ 828.966503][T19509] ? kobject_create_and_add+0x4a/0xf0 [ 828.966534][T19509] kobject_create_and_add+0x4a/0xf0 [ 828.966562][T19509] __add_disk+0x676/0xf00 [ 828.966603][T19509] add_disk_fwnode+0x13f/0x5d0 [ 828.966641][T19509] loop_add+0x911/0xb70 [ 828.966669][T19509] ? do_vfs_ioctl+0x523/0x1a60 [ 828.966698][T19509] ? __pfx_loop_add+0x10/0x10 [ 828.966722][T19509] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 828.966775][T19509] ? find_held_lock+0x2b/0x80 [ 828.966804][T19509] loop_control_ioctl+0x13e/0x630 [ 828.966833][T19509] ? __pfx_loop_control_ioctl+0x10/0x10 [ 828.966866][T19509] ? __pfx_loop_control_ioctl+0x10/0x10 [ 828.966896][T19509] __x64_sys_ioctl+0x18b/0x210 [ 828.966928][T19509] do_syscall_64+0xcd/0x490 [ 828.966966][T19509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.966993][T19509] RIP: 0033:0x7f21da58e929 [ 828.967014][T19509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 828.967038][T19509] RSP: 002b:00007f21d7fb2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 828.967070][T19509] RAX: ffffffffffffffda RBX: 00007f21da7b6240 RCX: 00007f21da58e929 [ 828.967089][T19509] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006 [ 828.967106][T19509] RBP: 00007f21da610b39 R08: 0000000000000000 R09: 0000000000000000 [ 828.967122][T19509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 828.967138][T19509] R13: 0000000000000000 R14: 00007f21da7b6240 R15: 00007ffe04ba27b8 [ 828.967174][T19509] [ 828.968114][T19504] [U] [ 829.190320][T19504] [U] [ 829.193026][T19504] [U] [ 829.195733][T19504] [U] [ 829.198529][ C1] vkms_vblank_simulate: vblank timer overrun [ 829.213435][T19504] [U] [ 829.216174][T19504] [U] [ 829.218869][T19504] [U] [ 829.221569][T19504] [U] [ 829.225282][T19504] [U] [ 829.228011][T19504] [U] [ 829.230728][T19504] [U] [ 829.233449][T19504] [U] [ 829.239535][T19504] [U] [ 829.242273][T19504] [U] [ 829.244982][T19504] [U] [ 829.247696][T19504] [U] [ 829.260627][T19504] [U] [ 829.263381][T19504] [U] [ 829.266094][T19504] [U] [ 829.268804][T19504] [U] [ 829.362996][T19504] [U] [ 829.365754][T19504] [U] [ 829.368477][T19504] [U] [ 829.371189][T19504] [U] [ 829.379537][T19504] [U] [ 829.382290][T19504] [U] [ 829.385007][T19504] [U] [ 829.387725][T19504] [U] [ 829.394000][T19504] [U] [ 829.396749][T19504] [U] [ 829.399460][T19504] [U] [ 829.402165][T19504] [U] [ 829.408025][T19504] [U] [ 829.410765][T19504] [U] [ 829.413484][T19504] [U] [ 829.416201][T19504] [U] [ 829.425976][ T51] Bluetooth: hci3: command tx timeout [ 829.428324][T19504] [U] [ 829.434474][T19504] [U] [ 829.437199][T19504] [U] [ 829.439913][T19504] [U] [ 829.452215][T19504] [U] [ 829.454978][T19504] [U] \ [ 829.501928][T19504] [U] \ [ 829.548884][T19504] [U] \ [ 829.604054][ T9104] gretap0: left allmulticast mode [ 829.610800][ T9104] gretap0: left promiscuous mode [ 829.616242][T19504] [U] UBI# [ 829.638873][T19504] [U] \ [ 829.685805][T19504] [U] \ [ 829.732835][T19504] [U] \ [ 829.780014][ T9104] bridge0: port 3(gretap0) entered disabled state [ 829.792158][ T9104] bridge_slave_1: left allmulticast mode [ 829.800584][ T9104] bridge_slave_1: left promiscuous mode [ 829.808865][ T9104] bridge0: port 2(bridge_slave_1) entered disabled state [ 829.817872][T19504] [U] [ 829.841479][T19504] [U] [ 829.844196][T19504] [U] [ 829.846914][T19504] [U] [ 829.858625][T19504] [U] [ 829.861383][T19504] [U] [ 829.864102][T19504] [U] [ 829.866831][T19504] [U] [ 829.872947][T19504] [U] [ 829.875705][T19504] [U] [ 829.878426][T19504] [U] [ 829.881152][T19504] [U] [ 829.886219][T19504] [U] [ 829.888958][T19504] [U] [ 829.891767][T19504] [U] [ 829.894480][T19504] [U] [ 829.901932][ T9104] bridge_slave_0: left allmulticast mode [ 829.910738][ T9104] bridge_slave_0: left promiscuous mode [ 829.917380][ T9104] bridge0: port 1(bridge_slave_0) entered disabled state [ 829.991381][T19504] [U] [ 829.994150][T19504] [U] [ 829.996881][T19504] [U] [ 829.999614][T19504] [U] [ 830.036137][T19504] [U] [ 830.038906][T19504] [U] [ 830.041628][T19504] [U] [ 830.044360][T19504] [U] [ 830.086000][T19504] [U] [ 830.088780][T19504] [U] [ 830.091504][T19504] [U] [ 830.094249][T19504] [U] [ 830.149051][T19504] [U] [ 830.151820][T19504] [U] [ 830.154548][T19504] [U] [ 830.157275][T19504] [U] [ 830.230969][T19504] [U] [ 830.233747][T19504] [U] [ 830.236478][T19504] [U] [ 830.239203][T19504] [U] [ 830.275993][T19504] [U] [ 830.774051][ T9104] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 830.784613][ T9104] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 830.797237][ T9104] bond0 (unregistering): Released all slaves [ 830.964517][ T9104] ovs_: left promiscuous mode [ 831.234540][T19482] chnl_net:caif_netlink_parms(): no params data found [ 831.382073][T19546] FAULT_INJECTION: forcing a failure. [ 831.382073][T19546] name failslab, interval 1, probability 0, space 0, times 0 [ 831.420384][T19546] CPU: 0 UID: 0 PID: 19546 Comm: syz.0.2567 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 831.420414][T19546] Tainted: [U]=USER [ 831.420419][T19546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 831.420428][T19546] Call Trace: [ 831.420434][T19546] [ 831.420441][T19546] dump_stack_lvl+0x16c/0x1f0 [ 831.420472][T19546] should_fail_ex+0x512/0x640 [ 831.420496][T19546] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 831.420524][T19546] should_failslab+0xc2/0x120 [ 831.420544][T19546] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 831.420579][T19546] ? do_raw_spin_lock+0x12c/0x2b0 [ 831.420611][T19546] ? kvasprintf_const+0x66/0x1a0 [ 831.420637][T19546] kvasprintf+0xbc/0x160 [ 831.420657][T19546] ? __pfx_kvasprintf+0x10/0x10 [ 831.420678][T19546] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 831.420701][T19546] ? __debug_object_init+0x2de/0x3d0 [ 831.420721][T19546] kvasprintf_const+0x66/0x1a0 [ 831.420736][T19546] kobject_set_name_vargs+0x5a/0x140 [ 831.420861][T19546] dev_set_name+0xc7/0x100 [ 831.420882][T19546] ? __pfx_dev_set_name+0x10/0x10 [ 831.420901][T19546] ? lockdep_init_map_type+0x5c/0x280 [ 831.420922][T19546] ? __init_waitqueue_head+0xca/0x150 [ 831.420949][T19546] ? input_allocate_device+0x271/0x350 [ 831.420973][T19546] input_allocate_device+0x293/0x350 [ 831.420995][T19546] uinput_write+0x9cc/0xff0 [ 831.421025][T19546] ? __pfx_uinput_write+0x10/0x10 [ 831.421047][T19546] ? apparmor_file_permission+0x251/0x400 [ 831.421066][T19546] ? bpf_lsm_file_permission+0x9/0x10 [ 831.421083][T19546] ? security_file_permission+0x71/0x210 [ 831.421104][T19546] ? rw_verify_area+0xcf/0x680 [ 831.421125][T19546] ? __pfx_uinput_write+0x10/0x10 [ 831.421147][T19546] vfs_write+0x29d/0x1150 [ 831.421172][T19546] ? __pfx_vfs_write+0x10/0x10 [ 831.421191][T19546] ? find_held_lock+0x2b/0x80 [ 831.421206][T19546] ? __fget_files+0x204/0x3c0 [ 831.421230][T19546] ? __fget_files+0x20e/0x3c0 [ 831.421254][T19546] ksys_write+0x1f8/0x250 [ 831.421275][T19546] ? __pfx_ksys_write+0x10/0x10 [ 831.421300][T19546] do_syscall_64+0xcd/0x490 [ 831.421326][T19546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 831.421342][T19546] RIP: 0033:0x7fe1c118e929 [ 831.421362][T19546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 831.421376][T19546] RSP: 002b:00007fe1beff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 831.421392][T19546] RAX: ffffffffffffffda RBX: 00007fe1c13b5fa0 RCX: 00007fe1c118e929 [ 831.421402][T19546] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000003 [ 831.421411][T19546] RBP: 00007fe1beff6090 R08: 0000000000000000 R09: 0000000000000000 [ 831.421420][T19546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 831.421429][T19546] R13: 0000000000000000 R14: 00007fe1c13b5fa0 R15: 00007fff5f1addc8 [ 831.421448][T19546] [ 831.719348][ T51] Bluetooth: hci3: command tx timeout [ 832.374184][T19551] could not allocate digest TFM handle [ 832.650571][T19482] bridge0: port 1(bridge_slave_0) entered blocking state [ 832.697991][T19482] bridge0: port 1(bridge_slave_0) entered disabled state [ 832.766433][T19482] bridge_slave_0: entered allmulticast mode [ 832.796322][T19482] bridge_slave_0: entered promiscuous mode [ 832.829578][T19482] bridge0: port 2(bridge_slave_1) entered blocking state [ 832.876182][T19482] bridge0: port 2(bridge_slave_1) entered disabled state [ 832.892563][T19482] bridge_slave_1: entered allmulticast mode [ 832.946315][T19482] bridge_slave_1: entered promiscuous mode [ 833.238508][T19482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 833.275373][T19482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 833.756382][ T51] Bluetooth: hci3: command tx timeout [ 834.273052][T19482] team0: Port device team_slave_0 added [ 834.416939][T19482] team0: Port device team_slave_1 added [ 834.763299][T19482] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 834.795654][T19482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 834.840058][T19482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 834.882663][ T9104] hsr_slave_0: left promiscuous mode [ 834.896937][ T9104] hsr_slave_1: left promiscuous mode [ 834.903575][ T9104] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 834.911961][ T9104] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 834.954118][ T9104] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 834.966156][ T9104] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 835.034319][ T9104] veth0_macvtap: left promiscuous mode [ 835.606696][ T9104] team0 (unregistering): Port device team_slave_1 removed [ 835.831549][ T51] Bluetooth: hci3: command tx timeout [ 836.361711][T19482] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 836.368993][T19482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 836.401328][T19482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 836.717502][T19482] hsr_slave_0: entered promiscuous mode [ 836.735405][T19482] hsr_slave_1: entered promiscuous mode [ 836.744698][T19482] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 836.755719][T19482] Cannot create hsr debugfs directory [ 837.903292][T19652] FAULT_INJECTION: forcing a failure. [ 837.903292][T19652] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 837.926115][T19652] CPU: 0 UID: 0 PID: 19652 Comm: syz.0.2578 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 837.926162][T19652] Tainted: [U]=USER [ 837.926173][T19652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 837.926188][T19652] Call Trace: [ 837.926197][T19652] [ 837.926208][T19652] dump_stack_lvl+0x16c/0x1f0 [ 837.926258][T19652] should_fail_ex+0x512/0x640 [ 837.926301][T19652] should_fail_alloc_page+0xe7/0x130 [ 837.926330][T19652] prepare_alloc_pages+0x3c2/0x610 [ 837.926375][T19652] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 837.926417][T19652] ? __pfx_stack_trace_save+0x10/0x10 [ 837.926444][T19652] ? stack_depot_save_flags+0x28/0xa40 [ 837.926478][T19652] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 837.926516][T19652] ? kasan_save_stack+0x42/0x60 [ 837.926550][T19652] ? kasan_save_stack+0x33/0x60 [ 837.926581][T19652] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 837.926617][T19652] ? __pmd_alloc+0xbf/0x930 [ 837.926643][T19652] ? handle_mm_fault+0x589/0xd10 [ 837.926673][T19652] ? get_user_pages_remote+0x258/0xb20 [ 837.926701][T19652] ? get_arg_page+0xf4/0x310 [ 837.926731][T19652] ? copy_string_kernel+0x180/0x510 [ 837.926761][T19652] ? do_execveat_common.isra.0+0x2ed/0x610 [ 837.926792][T19652] ? __x64_sys_execve+0x8e/0xb0 [ 837.926823][T19652] ? do_syscall_64+0xcd/0x490 [ 837.926856][T19652] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.926921][T19652] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 837.926962][T19652] ? policy_nodemask+0xea/0x4e0 [ 837.926990][T19652] alloc_pages_mpol+0x1fb/0x550 [ 837.927018][T19652] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 837.927040][T19652] ? css_rstat_updated+0x9d/0xd30 [ 837.927078][T19652] alloc_pages_noprof+0x131/0x390 [ 837.927103][T19652] pte_alloc_one+0x1c/0x3a0 [ 837.927137][T19652] __pte_alloc+0x6d/0x3c0 [ 837.927159][T19652] ? __pfx___pte_alloc+0x10/0x10 [ 837.927184][T19652] ? _raw_spin_unlock+0x28/0x50 [ 837.927241][T19652] ? __pmd_alloc+0x3fb/0x930 [ 837.927273][T19652] __handle_mm_fault+0x4358/0x5490 [ 837.927320][T19652] ? __pfx___handle_mm_fault+0x10/0x10 [ 837.927389][T19652] handle_mm_fault+0x589/0xd10 [ 837.927427][T19652] __get_user_pages+0x589/0x3b80 [ 837.927473][T19652] ? __pfx___get_user_pages+0x10/0x10 [ 837.927518][T19652] get_user_pages_remote+0x258/0xb20 [ 837.927560][T19652] ? __pfx_get_user_pages_remote+0x10/0x10 [ 837.927588][T19652] ? __pfx_vma_link+0x10/0x10 [ 837.927636][T19652] get_arg_page+0xf4/0x310 [ 837.927670][T19652] ? __pfx_get_arg_page+0x10/0x10 [ 837.927701][T19652] ? up_write+0x1b2/0x520 [ 837.927746][T19652] copy_string_kernel+0x180/0x510 [ 837.927787][T19652] do_execveat_common.isra.0+0x2ed/0x610 [ 837.927830][T19652] __x64_sys_execve+0x8e/0xb0 [ 837.927867][T19652] do_syscall_64+0xcd/0x490 [ 837.927908][T19652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.927936][T19652] RIP: 0033:0x7fe1c118e929 [ 837.927960][T19652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 837.927988][T19652] RSP: 002b:00007fe1befd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 837.928015][T19652] RAX: ffffffffffffffda RBX: 00007fe1c13b6080 RCX: 00007fe1c118e929 [ 837.928034][T19652] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 837.928050][T19652] RBP: 00007fe1c1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 837.928067][T19652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 837.928084][T19652] R13: 0000000000000000 R14: 00007fe1c13b6080 R15: 00007fff5f1addc8 [ 837.928121][T19652] [ 839.118668][T19666] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input52 [ 839.300318][T19482] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 839.374409][T19482] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 839.414684][T19482] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 839.463391][T19667] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input53 [ 839.487952][T19482] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 840.068239][T19482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 840.152638][T19482] 8021q: adding VLAN 0 to HW filter on device team0 [ 840.179362][ T9104] bridge0: port 1(bridge_slave_0) entered blocking state [ 840.186619][ T9104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 840.227235][ T9104] bridge0: port 2(bridge_slave_1) entered blocking state [ 840.234439][ T9104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 841.270495][T19482] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 841.337385][T19712] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2586'. [ 842.354274][T19482] veth0_vlan: entered promiscuous mode [ 842.462113][T19482] veth1_vlan: entered promiscuous mode [ 842.559955][T19482] veth0_macvtap: entered promiscuous mode [ 842.580365][T19482] veth1_macvtap: entered promiscuous mode [ 842.802264][T19482] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 842.890215][T19482] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 842.963358][T19482] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 842.994104][T19482] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.039007][T19482] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.067913][T19482] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 843.649298][T19771] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2591'. [ 843.703280][ T9102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 843.745339][ T9102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 843.858909][ T9104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 843.876924][ T9104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 844.457295][T19793] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 844.470029][T19793] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2593'. [ 844.608654][T19797] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 844.651823][T19803] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2594'. [ 844.943846][T19815] FAULT_INJECTION: forcing a failure. [ 844.943846][T19815] name failslab, interval 1, probability 0, space 0, times 0 [ 844.994714][T19815] CPU: 0 UID: 0 PID: 19815 Comm: syz.4.2596 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 844.994759][T19815] Tainted: [U]=USER [ 844.994768][T19815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 844.994782][T19815] Call Trace: [ 844.994792][T19815] [ 844.994802][T19815] dump_stack_lvl+0x16c/0x1f0 [ 844.994845][T19815] should_fail_ex+0x512/0x640 [ 844.994879][T19815] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 844.994922][T19815] should_failslab+0xc2/0x120 [ 844.994946][T19815] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 844.994982][T19815] ? __pmd_alloc+0xbf/0x930 [ 844.995013][T19815] __pmd_alloc+0xbf/0x930 [ 844.995038][T19815] ? find_held_lock+0x2b/0x80 [ 844.995063][T19815] __handle_mm_fault+0xaac/0x5490 [ 844.995105][T19815] ? __pfx___handle_mm_fault+0x10/0x10 [ 844.995133][T19815] ? __pfx_mt_find+0x10/0x10 [ 844.995176][T19815] ? find_vma+0xbf/0x140 [ 844.995201][T19815] ? __pfx_find_vma+0x10/0x10 [ 844.995229][T19815] handle_mm_fault+0x589/0xd10 [ 844.995262][T19815] ? __pkru_allows_pkey+0x41/0xb0 [ 844.995304][T19815] do_user_addr_fault+0x7a6/0x1370 [ 844.995340][T19815] ? rcu_is_watching+0x12/0xc0 [ 844.995370][T19815] exc_page_fault+0x5c/0xb0 [ 844.995405][T19815] asm_exc_page_fault+0x26/0x30 [ 844.995430][T19815] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 844.995460][T19815] Code: 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 8f 10 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 844.995484][T19815] RSP: 0018:ffffc90003f07bd0 EFLAGS: 00050202 [ 844.995506][T19815] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000000045c [ 844.995521][T19815] RDX: ffffed100620808b RSI: 0000000000000000 RDI: ffff888031040000 [ 844.995538][T19815] RBP: 000000000000045c R08: 0000000000000001 R09: ffffed100620808b [ 844.995553][T19815] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 844.995568][T19815] R13: ffff888031040000 R14: ffff88807b110808 R15: 1ffff920007e0faf [ 844.995604][T19815] _copy_from_user+0x98/0xd0 [ 844.995642][T19815] memdup_user+0x6b/0xe0 [ 844.995677][T19815] uinput_write+0x1e9/0xff0 [ 844.995725][T19815] ? __pfx_uinput_write+0x10/0x10 [ 844.995761][T19815] ? apparmor_file_permission+0x251/0x400 [ 844.995789][T19815] ? bpf_lsm_file_permission+0x9/0x10 [ 844.995819][T19815] ? security_file_permission+0x71/0x210 [ 844.995849][T19815] ? rw_verify_area+0xcf/0x680 [ 844.995879][T19815] ? __pfx_uinput_write+0x10/0x10 [ 844.995913][T19815] vfs_write+0x29d/0x1150 [ 844.995953][T19815] ? __pfx_vfs_write+0x10/0x10 [ 844.995982][T19815] ? find_held_lock+0x2b/0x80 [ 844.996011][T19815] ? __fget_files+0x204/0x3c0 [ 844.996049][T19815] ? __fget_files+0x20e/0x3c0 [ 844.996091][T19815] ksys_write+0x1f8/0x250 [ 844.996122][T19815] ? __pfx_ksys_write+0x10/0x10 [ 844.996165][T19815] do_syscall_64+0xcd/0x490 [ 844.996203][T19815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.996227][T19815] RIP: 0033:0x7fe1eb38e929 [ 844.996248][T19815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 844.996270][T19815] RSP: 002b:00007fe1ec185038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 844.996292][T19815] RAX: ffffffffffffffda RBX: 00007fe1eb5b5fa0 RCX: 00007fe1eb38e929 [ 844.996316][T19815] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000003 [ 844.996330][T19815] RBP: 00007fe1ec185090 R08: 0000000000000000 R09: 0000000000000000 [ 844.996346][T19815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 844.996360][T19815] R13: 0000000000000000 R14: 00007fe1eb5b5fa0 R15: 00007fff9c9e65a8 [ 844.996394][T19815] [ 845.355776][ C0] vkms_vblank_simulate: vblank timer overrun [ 846.369871][T19828] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2599'. [ 846.390905][T19828] bridge0: entered promiscuous mode [ 846.809020][ T30] audit: type=1326 audit(4294967426.479:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19839 comm="syz.4.2601" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe1eb38e929 code=0x0 [ 846.996666][ T30] audit: type=1800 audit(4294967426.669:29): pid=19856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2601" name="lu_gp_id" dev="configfs" ino=79661 res=0 errno=0 [ 847.519482][T19843] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 847.528394][T19843] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 847.551809][T19843] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 847.569852][T19843] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 847.579322][T19843] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 847.587952][T19843] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 847.827948][T19873] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2606'. [ 848.946056][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 849.335070][T19916] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input56 [ 849.586085][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 849.592203][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 849.596075][T13917] Bluetooth: hci1: command 0x0c1a tx timeout [ 850.075187][T19919] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input57 [ 850.847969][T19959] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 851.084025][T19964] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 851.679335][T13917] Bluetooth: hci3: command 0x0c1a tx timeout [ 853.186614][T20003] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 853.306562][T19983] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 853.324002][T20012] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2628'. [ 853.746697][T13917] Bluetooth: hci3: command 0x0c1a tx timeout [ 854.705905][T20038] sctp: [Deprecated]: syz.1.2635 (pid 20038) Use of int in max_burst socket option. [ 854.705905][T20038] Use struct sctp_assoc_value instead [ 854.739498][T20041] sctp: [Deprecated]: syz.1.2635 (pid 20041) Use of int in max_burst socket option. [ 854.739498][T20041] Use struct sctp_assoc_value instead [ 854.800142][T20037] ubi: mtd0 is already attached to ubi0 [ 855.591535][T20045] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 855.989352][T20058] FAULT_INJECTION: forcing a failure. [ 855.989352][T20058] name failslab, interval 1, probability 0, space 0, times 0 [ 856.026100][T20058] CPU: 0 UID: 0 PID: 20058 Comm: syz.0.2639 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 856.026147][T20058] Tainted: [U]=USER [ 856.026157][T20058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 856.026173][T20058] Call Trace: [ 856.026182][T20058] [ 856.026193][T20058] dump_stack_lvl+0x16c/0x1f0 [ 856.026240][T20058] should_fail_ex+0x512/0x640 [ 856.026275][T20058] ? __kmalloc_noprof+0xbf/0x510 [ 856.026318][T20058] ? sk_prot_alloc+0x1a8/0x2a0 [ 856.026345][T20058] should_failslab+0xc2/0x120 [ 856.026371][T20058] __kmalloc_noprof+0xd2/0x510 [ 856.026416][T20058] ? trace_cap_capable+0x18d/0x200 [ 856.026450][T20058] sk_prot_alloc+0x1a8/0x2a0 [ 856.026482][T20058] sk_alloc+0x36/0xc20 [ 856.026520][T20058] xsk_create+0x11b/0x730 [ 856.026556][T20058] __sock_create+0x338/0x8d0 [ 856.026592][T20058] __sys_socket+0x14d/0x260 [ 856.026620][T20058] ? __pfx___sys_socket+0x10/0x10 [ 856.026645][T20058] ? xfd_validate_state+0x61/0x180 [ 856.026673][T20058] ? __task_pid_nr_ns+0x17c/0x500 [ 856.026713][T20058] __x64_sys_socket+0x72/0xb0 [ 856.026739][T20058] ? lockdep_hardirqs_on+0x7c/0x110 [ 856.026774][T20058] do_syscall_64+0xcd/0x490 [ 856.026813][T20058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.026839][T20058] RIP: 0033:0x7fe1c118e929 [ 856.026860][T20058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 856.026886][T20058] RSP: 002b:00007fe1beff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 856.026912][T20058] RAX: ffffffffffffffda RBX: 00007fe1c13b5fa0 RCX: 00007fe1c118e929 [ 856.026930][T20058] RDX: 0000000000000000 RSI: 0000000000080003 RDI: 000000000000002c [ 856.026946][T20058] RBP: 00007fe1c1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 856.026962][T20058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 856.026977][T20058] R13: 0000000000000000 R14: 00007fe1c13b5fa0 R15: 00007fff5f1addc8 [ 856.027012][T20058] [ 856.082013][T20058] mkiss: ax0: crc mode is auto. [ 856.187746][ C1] vkms_vblank_simulate: vblank timer overrun [ 856.347746][T20071] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input60 [ 856.533387][T20070] FAULT_INJECTION: forcing a failure. [ 856.533387][T20070] name failslab, interval 1, probability 0, space 0, times 0 [ 856.595888][T20070] CPU: 1 UID: 0 PID: 20070 Comm: syz.1.2644 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 856.595937][T20070] Tainted: [U]=USER [ 856.595947][T20070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 856.595964][T20070] Call Trace: [ 856.595973][T20070] [ 856.595985][T20070] dump_stack_lvl+0x16c/0x1f0 [ 856.596036][T20070] should_fail_ex+0x512/0x640 [ 856.596071][T20070] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 856.596109][T20070] should_failslab+0xc2/0x120 [ 856.596135][T20070] __kmalloc_cache_noprof+0x6a/0x3e0 [ 856.596178][T20070] ? sctp_endpoint_new+0x7c/0xcd0 [ 856.596213][T20070] sctp_endpoint_new+0x7c/0xcd0 [ 856.596248][T20070] sctp_init_sock+0xe2d/0x1330 [ 856.596274][T20070] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 856.596302][T20070] sctp_v6_init_sock+0x16/0x70 [ 856.596325][T20070] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 856.596349][T20070] inet6_create+0xb2d/0x1300 [ 856.596377][T20070] ? inet6_create+0x7f/0x1300 [ 856.596409][T20070] __sock_create+0x338/0x8d0 [ 856.596448][T20070] inet_ctl_sock_create+0x94/0x230 [ 856.596482][T20070] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 856.596513][T20070] ? lockdep_init_map_type+0x5c/0x280 [ 856.596548][T20070] ? do_init_timer+0xc9/0x110 [ 856.596580][T20070] ? __pfx_sctp_ctrlsock_init+0x10/0x10 [ 856.596617][T20070] sctp_ctrlsock_init+0x40/0xf0 [ 856.596655][T20070] ops_init+0x1df/0x5f0 [ 856.596697][T20070] setup_net+0x1ff/0x510 [ 856.596718][T20070] ? lockdep_init_map_type+0x5c/0x280 [ 856.596751][T20070] ? __pfx_setup_net+0x10/0x10 [ 856.596778][T20070] ? debug_mutex_init+0x37/0x70 [ 856.596808][T20070] copy_net_ns+0x2a6/0x5f0 [ 856.596838][T20070] create_new_namespaces+0x3ea/0xa90 [ 856.596875][T20070] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 856.596907][T20070] ksys_unshare+0x45b/0xa40 [ 856.596939][T20070] ? __pfx_ksys_unshare+0x10/0x10 [ 856.596973][T20070] ? xfd_validate_state+0x61/0x180 [ 856.597016][T20070] __x64_sys_unshare+0x31/0x40 [ 856.597047][T20070] do_syscall_64+0xcd/0x490 [ 856.597086][T20070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.597112][T20070] RIP: 0033:0x7f87d6d8e929 [ 856.597134][T20070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 856.597159][T20070] RSP: 002b:00007f87d7c22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 856.597197][T20070] RAX: ffffffffffffffda RBX: 00007f87d6fb5fa0 RCX: 00007f87d6d8e929 [ 856.597216][T20070] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 856.597233][T20070] RBP: 00007f87d6e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 856.597250][T20070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 856.597267][T20070] R13: 0000000000000000 R14: 00007f87d6fb5fa0 R15: 00007fff3f698648 [ 856.597304][T20070] [ 856.600317][T13917] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 857.020441][T20072] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input61 [ 859.099640][T20101] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2650'. [ 859.671817][T20110] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input62 [ 859.707096][T20114] zram: Cannot change disksize for initialized device [ 859.871720][T20117] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2652'. [ 862.379600][T20172] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input63 [ 862.632836][T20179] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 863.433973][T20187] FAULT_INJECTION: forcing a failure. [ 863.433973][T20187] name failslab, interval 1, probability 0, space 0, times 0 [ 863.507123][T20187] CPU: 0 UID: 0 PID: 20187 Comm: syz.4.2666 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 863.507167][T20187] Tainted: [U]=USER [ 863.507175][T20187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 863.507191][T20187] Call Trace: [ 863.507199][T20187] [ 863.507209][T20187] dump_stack_lvl+0x16c/0x1f0 [ 863.507252][T20187] should_fail_ex+0x512/0x640 [ 863.507282][T20187] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 863.507316][T20187] should_failslab+0xc2/0x120 [ 863.507340][T20187] __kmalloc_cache_noprof+0x6a/0x3e0 [ 863.507369][T20187] ? vsnprintf+0x318/0x1160 [ 863.507396][T20187] ? __alloc_workqueue+0xda2/0x1810 [ 863.507426][T20187] __alloc_workqueue+0xda2/0x1810 [ 863.507452][T20187] ? __pfx_vsnprintf+0x10/0x10 [ 863.507481][T20187] ? lockdep_hardirqs_on+0x7c/0x110 [ 863.507511][T20187] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 863.507545][T20187] alloc_workqueue+0xd2/0x200 [ 863.507570][T20187] ? __pfx_alloc_workqueue+0x10/0x10 [ 863.507603][T20187] ? __pfx___debug_object_init+0x10/0x10 [ 863.507635][T20187] nci_register_device+0x394/0xb80 [ 863.507665][T20187] ? __pfx_nci_register_device+0x10/0x10 [ 863.507697][T20187] ? lockdep_init_map_type+0x5c/0x280 [ 863.507738][T20187] virtual_ncidev_open+0x141/0x220 [ 863.507766][T20187] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 863.507791][T20187] misc_open+0x35d/0x420 [ 863.507817][T20187] ? __pfx_misc_open+0x10/0x10 [ 863.507842][T20187] chrdev_open+0x231/0x6a0 [ 863.507874][T20187] ? __pfx_apparmor_file_open+0x10/0x10 [ 863.507900][T20187] ? __pfx_chrdev_open+0x10/0x10 [ 863.507934][T20187] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 863.507966][T20187] do_dentry_open+0x744/0x1c10 [ 863.507998][T20187] ? __pfx_chrdev_open+0x10/0x10 [ 863.508035][T20187] vfs_open+0x82/0x3f0 [ 863.508062][T20187] path_openat+0x1de4/0x2cb0 [ 863.508103][T20187] ? __pfx_path_openat+0x10/0x10 [ 863.508134][T20187] ? __lock_acquire+0xb8a/0x1c90 [ 863.508165][T20187] do_filp_open+0x20b/0x470 [ 863.508194][T20187] ? __pfx_do_filp_open+0x10/0x10 [ 863.508246][T20187] ? alloc_fd+0x471/0x7d0 [ 863.508283][T20187] do_sys_openat2+0x11b/0x1d0 [ 863.508306][T20187] ? __pfx_do_sys_openat2+0x10/0x10 [ 863.508342][T20187] __x64_sys_openat+0x174/0x210 [ 863.508366][T20187] ? __pfx___x64_sys_openat+0x10/0x10 [ 863.508403][T20187] do_syscall_64+0xcd/0x490 [ 863.508436][T20187] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 863.508458][T20187] RIP: 0033:0x7fe1eb38e929 [ 863.508476][T20187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 863.508496][T20187] RSP: 002b:00007fe1ec185038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 863.508517][T20187] RAX: ffffffffffffffda RBX: 00007fe1eb5b5fa0 RCX: 00007fe1eb38e929 [ 863.508539][T20187] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 863.508552][T20187] RBP: 00007fe1eb410b39 R08: 0000000000000000 R09: 0000000000000000 [ 863.508565][T20187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 863.508578][T20187] R13: 0000000000000000 R14: 00007fe1eb5b5fa0 R15: 00007fff9c9e65a8 [ 863.508607][T20187] [ 864.240186][T20199] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input64 [ 864.325527][T20201] zram: Cannot change disksize for initialized device [ 864.435892][T20206] zram: Cannot change disksize for initialized device [ 864.832797][T20203] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input65 [ 865.916789][T20225] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2672'. [ 865.955945][T20225] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2672'. [ 866.027133][T20227] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2672'. [ 867.231061][T20271] zram: Cannot change disksize for initialized device [ 868.784804][T20284] random: crng reseeded on system resumption [ 869.164473][T20292] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(3.0.1), cmd(17) [ 869.342721][T13917] Bluetooth: hci2: unexpected event 0x17 length: 11 > 6 [ 869.836613][T20309] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input66 [ 870.075699][T20310] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input67 [ 870.313439][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.324078][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.467317][T20314] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 871.072047][T20324] FAULT_INJECTION: forcing a failure. [ 871.072047][T20324] name failslab, interval 1, probability 0, space 0, times 0 [ 871.085090][T20324] CPU: 0 UID: 0 PID: 20324 Comm: syz.4.2695 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 871.085129][T20324] Tainted: [U]=USER [ 871.085138][T20324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 871.085151][T20324] Call Trace: [ 871.085160][T20324] [ 871.085170][T20324] dump_stack_lvl+0x16c/0x1f0 [ 871.085210][T20324] should_fail_ex+0x512/0x640 [ 871.085243][T20324] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 871.085282][T20324] should_failslab+0xc2/0x120 [ 871.085306][T20324] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 871.085340][T20324] ? trace_cap_capable+0x18d/0x200 [ 871.085363][T20324] ? create_new_namespaces+0x30/0xa90 [ 871.085395][T20324] create_new_namespaces+0x30/0xa90 [ 871.085420][T20324] ? bpf_lsm_capable+0x9/0x10 [ 871.085448][T20324] ? security_capable+0x7e/0x260 [ 871.085489][T20324] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 871.085519][T20324] ksys_unshare+0x45b/0xa40 [ 871.085549][T20324] ? native_tss_update_io_bitmap+0x3e1/0x770 [ 871.085583][T20324] ? __pfx_ksys_unshare+0x10/0x10 [ 871.085614][T20324] ? ksys_write+0x1ac/0x250 [ 871.085656][T20324] __x64_sys_unshare+0x31/0x40 [ 871.085695][T20324] do_syscall_64+0xcd/0x490 [ 871.085721][T20324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 871.085736][T20324] RIP: 0033:0x7fe1eb38e929 [ 871.085749][T20324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 871.085763][T20324] RSP: 002b:00007fe1e91f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 871.085786][T20324] RAX: ffffffffffffffda RBX: 00007fe1eb5b6320 RCX: 00007fe1eb38e929 [ 871.085802][T20324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 871.085816][T20324] RBP: 00007fe1e91f6090 R08: 0000000000000000 R09: 0000000000000000 [ 871.085830][T20324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 871.085843][T20324] R13: 0000000000000000 R14: 00007fe1eb5b6320 R15: 00007fff9c9e65a8 [ 871.085876][T20324] [ 871.898315][T20332] zram: Cannot change disksize for initialized device [ 872.251573][T20340] FAULT_INJECTION: forcing a failure. [ 872.251573][T20340] name failslab, interval 1, probability 0, space 0, times 0 [ 872.264594][T20340] CPU: 0 UID: 0 PID: 20340 Comm: syz.4.2699 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 872.264637][T20340] Tainted: [U]=USER [ 872.264647][T20340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 872.264664][T20340] Call Trace: [ 872.264674][T20340] [ 872.264684][T20340] dump_stack_lvl+0x16c/0x1f0 [ 872.264727][T20340] should_fail_ex+0x512/0x640 [ 872.264770][T20340] ? fs_reclaim_acquire+0xae/0x150 [ 872.264803][T20340] ? security_inode_init_security+0x13f/0x390 [ 872.264840][T20340] should_failslab+0xc2/0x120 [ 872.264864][T20340] __kmalloc_noprof+0xd2/0x510 [ 872.264908][T20340] security_inode_init_security+0x13f/0x390 [ 872.264947][T20340] ? __pfx_shmem_initxattrs+0x10/0x10 [ 872.264975][T20340] ? __pfx_security_inode_init_security+0x10/0x10 [ 872.265014][T20340] ? shmem_get_inode+0x73a/0xfb0 [ 872.265051][T20340] shmem_symlink+0x135/0x9f0 [ 872.265090][T20340] ? __pfx_shmem_symlink+0x10/0x10 [ 872.265126][T20340] ? bpf_lsm_inode_permission+0x9/0x10 [ 872.265150][T20340] ? security_inode_permission+0xbf/0x260 [ 872.265182][T20340] ? inode_permission+0x156/0x630 [ 872.265216][T20340] vfs_symlink+0x400/0x680 [ 872.265250][T20340] do_symlinkat+0x261/0x310 [ 872.265289][T20340] ? __pfx_do_symlinkat+0x10/0x10 [ 872.265325][T20340] ? getname_flags.part.0+0x1c5/0x550 [ 872.265362][T20340] __x64_sys_symlink+0x75/0x90 [ 872.265400][T20340] do_syscall_64+0xcd/0x490 [ 872.265439][T20340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.265466][T20340] RIP: 0033:0x7fe1eb38e929 [ 872.265490][T20340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 872.265518][T20340] RSP: 002b:00007fe1ec185038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 872.265543][T20340] RAX: ffffffffffffffda RBX: 00007fe1eb5b5fa0 RCX: 00007fe1eb38e929 [ 872.265562][T20340] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 872.265578][T20340] RBP: 00007fe1eb410b39 R08: 0000000000000000 R09: 0000000000000000 [ 872.265595][T20340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 872.265611][T20340] R13: 0000000000000000 R14: 00007fe1eb5b5fa0 R15: 00007fff9c9e65a8 [ 872.265648][T20340] [ 873.385348][T20349] can: request_module (can-proto-0) failed. [ 873.883065][T20361] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2703'. [ 874.109262][T20374] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input68 [ 874.135460][T20373] zram: Cannot change disksize for initialized device [ 874.353565][T20375] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input69 [ 875.087047][T20391] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(5.0.65535), cmd(8) [ 875.297561][T20396] nfsd: Unknown parameter 'Z' [ 876.050026][T20402] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 876.058858][T20402] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 876.095004][T20402] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 876.121353][T20402] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 876.135868][T20402] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 876.148535][T20408] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 876.149257][T20408] FAULT_INJECTION: forcing a failure. [ 876.149257][T20408] name failslab, interval 1, probability 0, space 0, times 0 [ 876.206371][T20408] CPU: 0 UID: 0 PID: 20408 Comm: syz.4.2712 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 876.206410][T20408] Tainted: [U]=USER [ 876.206417][T20408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 876.206430][T20408] Call Trace: [ 876.206438][T20408] [ 876.206447][T20408] dump_stack_lvl+0x16c/0x1f0 [ 876.206483][T20408] should_fail_ex+0x512/0x640 [ 876.206513][T20408] ? __kmalloc_noprof+0xbf/0x510 [ 876.206544][T20408] ? fanotify_handle_event+0x2487/0x48b0 [ 876.206566][T20408] should_failslab+0xc2/0x120 [ 876.206586][T20408] __kmalloc_noprof+0xd2/0x510 [ 876.206614][T20408] ? __pfx_fanotify_encode_fh_len+0x10/0x10 [ 876.206642][T20408] fanotify_handle_event+0x2487/0x48b0 [ 876.206680][T20408] ? __pfx_fanotify_handle_event+0x10/0x10 [ 876.206717][T20408] ? __pfx_fanotify_handle_event+0x10/0x10 [ 876.206737][T20408] fsnotify+0xc58/0x1dc0 [ 876.206771][T20408] ? __pfx_fsnotify+0x10/0x10 [ 876.206808][T20408] __fsnotify_parent+0x915/0xc40 [ 876.206841][T20408] ? __pfx___fsnotify_parent+0x10/0x10 [ 876.206874][T20408] ? __pfx___might_resched+0x10/0x10 [ 876.206901][T20408] ? __fput+0x30d/0xb70 [ 876.206920][T20408] __fput+0x30d/0xb70 [ 876.206948][T20408] task_work_run+0x14d/0x240 [ 876.206980][T20408] ? __pfx_task_work_run+0x10/0x10 [ 876.207011][T20408] ? do_raw_spin_unlock+0x172/0x230 [ 876.207048][T20408] do_exit+0x86c/0x2bd0 [ 876.207081][T20408] ? __pfx_do_exit+0x10/0x10 [ 876.207107][T20408] ? do_raw_spin_lock+0x12c/0x2b0 [ 876.207136][T20408] ? find_held_lock+0x2b/0x80 [ 876.207162][T20408] do_group_exit+0xd3/0x2a0 [ 876.207197][T20408] get_signal+0x2673/0x26d0 [ 876.207223][T20408] ? kmem_cache_free+0x2d1/0x4d0 [ 876.207250][T20408] ? find_held_lock+0x2b/0x80 [ 876.207271][T20408] ? do_sys_openat2+0x1b0/0x1d0 [ 876.207295][T20408] ? __pfx_get_signal+0x10/0x10 [ 876.207320][T20408] ? do_sys_openat2+0x157/0x1d0 [ 876.207347][T20408] arch_do_signal_or_restart+0x8f/0x790 [ 876.207373][T20408] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 876.207415][T20408] exit_to_user_mode_loop+0x84/0x110 [ 876.207449][T20408] do_syscall_64+0x3f6/0x490 [ 876.207483][T20408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 876.207504][T20408] RIP: 0033:0x7fe1eb38e929 [ 876.207521][T20408] Code: Unable to access opcode bytes at 0x7fe1eb38e8ff. [ 876.207531][T20408] RSP: 002b:00007fe1ec164038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 876.207553][T20408] RAX: fffffffffffffff4 RBX: 00007fe1eb5b6080 RCX: 00007fe1eb38e929 [ 876.207568][T20408] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 876.207582][T20408] RBP: 00007fe1eb410b39 R08: 0000000000000000 R09: 0000000000000000 [ 876.207595][T20408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 876.207608][T20408] R13: 0000000000000000 R14: 00007fe1eb5b6080 R15: 00007fff9c9e65a8 [ 876.207637][T20408] [ 876.566548][T20427] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 876.579663][T20427] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 876.678600][T20431] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 877.075673][T20437] can: request_module (can-proto-0) failed. [ 877.113528][T20438] can: request_module (can-proto-0) failed. [ 877.173764][T20436] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2716'. [ 877.332190][T20436] : renamed from hsr0 (while UP) [ 877.586337][T13917] Bluetooth: hci0: command 0x0406 tx timeout [ 878.146460][T13917] Bluetooth: hci3: command 0x0c1a tx timeout [ 878.146477][ T5151] Bluetooth: hci2: command 0x0c1a tx timeout [ 878.152506][T13917] Bluetooth: hci1: command 0x0c1a tx timeout [ 878.279988][T20474] FAULT_INJECTION: forcing a failure. [ 878.279988][T20474] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 878.333641][T20474] CPU: 1 UID: 0 PID: 20474 Comm: syz.4.2726 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 878.333686][T20474] Tainted: [U]=USER [ 878.333695][T20474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 878.333708][T20474] Call Trace: [ 878.333718][T20474] [ 878.333728][T20474] dump_stack_lvl+0x16c/0x1f0 [ 878.333770][T20474] should_fail_ex+0x512/0x640 [ 878.333811][T20474] should_fail_alloc_page+0xe7/0x130 [ 878.333839][T20474] prepare_alloc_pages+0x3c2/0x610 [ 878.333874][T20474] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 878.333912][T20474] ? kasan_save_stack+0x42/0x60 [ 878.333950][T20474] ? __lock_acquire+0x622/0x1c90 [ 878.333985][T20474] ? __vmf_anon_prepare+0x11c/0x240 [ 878.334011][T20474] ? __handle_mm_fault+0x27f6/0x5490 [ 878.334043][T20474] ? handle_mm_fault+0x589/0xd10 [ 878.334071][T20474] ? __get_user_pages+0x589/0x3b80 [ 878.334096][T20474] ? populate_vma_page_range+0x278/0x3a0 [ 878.334126][T20474] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 878.334164][T20474] ? register_lock_class+0x41/0x4c0 [ 878.334207][T20474] ? __lock_acquire+0xb8a/0x1c90 [ 878.334254][T20474] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 878.334295][T20474] ? policy_nodemask+0xea/0x4e0 [ 878.334323][T20474] alloc_pages_mpol+0x1fb/0x550 [ 878.334351][T20474] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 878.334379][T20474] ? __anon_vma_prepare+0x2db/0x5e0 [ 878.334423][T20474] folio_alloc_mpol_noprof+0x36/0x2f0 [ 878.334456][T20474] vma_alloc_folio_noprof+0xed/0x1e0 [ 878.334486][T20474] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 878.334513][T20474] ? __anon_vma_prepare+0x2e2/0x5e0 [ 878.334555][T20474] __handle_mm_fault+0x2f21/0x5490 [ 878.334596][T20474] ? __pfx___handle_mm_fault+0x10/0x10 [ 878.334659][T20474] handle_mm_fault+0x589/0xd10 [ 878.334698][T20474] __get_user_pages+0x589/0x3b80 [ 878.334737][T20474] ? __pfx_mt_find+0x10/0x10 [ 878.334762][T20474] ? __pfx___get_user_pages+0x10/0x10 [ 878.334804][T20474] populate_vma_page_range+0x278/0x3a0 [ 878.334838][T20474] ? __pfx_populate_vma_page_range+0x10/0x10 [ 878.334867][T20474] ? __pfx_find_vma_intersection+0x10/0x10 [ 878.334899][T20474] ? do_mmap+0x69c/0x1210 [ 878.334931][T20474] __mm_populate+0x1d8/0x380 [ 878.334963][T20474] ? __pfx___mm_populate+0x10/0x10 [ 878.334995][T20474] ? up_write+0x1b2/0x520 [ 878.335033][T20474] vm_mmap_pgoff+0x362/0x450 [ 878.335063][T20474] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 878.335096][T20474] ? __x64_sys_futex+0x1e0/0x4c0 [ 878.335124][T20474] ? __x64_sys_futex+0x1e9/0x4c0 [ 878.335159][T20474] ksys_mmap_pgoff+0x7d/0x5c0 [ 878.335186][T20474] ? xfd_validate_state+0x61/0x180 [ 878.335214][T20474] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 878.335265][T20474] __x64_sys_mmap+0x125/0x190 [ 878.335300][T20474] do_syscall_64+0xcd/0x490 [ 878.335338][T20474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 878.335364][T20474] RIP: 0033:0x7fe1eb38e929 [ 878.335386][T20474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 878.335410][T20474] RSP: 002b:00007fe1ec185038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 878.335434][T20474] RAX: ffffffffffffffda RBX: 00007fe1eb5b5fa0 RCX: 00007fe1eb38e929 [ 878.335453][T20474] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 878.335469][T20474] RBP: 00007fe1eb410b39 R08: 0000000000000002 R09: 0000000000008000 [ 878.335483][T20474] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 878.335499][T20474] R13: 0000000000000000 R14: 00007fe1eb5b5fa0 R15: 00007fff9c9e65a8 [ 878.335534][T20474] [ 879.580685][T20495] ptrace attach of "./syz-executor exec"[18402] was attempted by "./syz-executor exec"[20495] [ 879.675877][ T5151] Bluetooth: hci0: command 0x0406 tx timeout [ 879.796364][T20505] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 879.802722][T20505] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 879.811881][T20505] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 879.831844][T20505] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 881.826374][ T5151] Bluetooth: hci2: command 0x0c1a tx timeout [ 881.826520][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 881.832442][T13917] Bluetooth: hci0: command 0x0406 tx timeout [ 881.909331][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 882.371740][T20552] random: crng reseeded on system resumption [ 882.762735][T20556] can0: slcan on ttyS2. [ 883.087561][T20558] can0 (unregistered): slcan off ttyS2. [ 883.554707][ T51] Bluetooth: hci3: unexpected event 0x35 length: 13 > 6 [ 884.293987][T20593] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2747'. [ 884.611367][T20599] zram: Added device: zram2 [ 886.832531][T20660] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2757'. [ 887.596730][T20677] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input70 [ 887.915136][T20679] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input71 [ 888.131409][T20684] zram: Added device: zram3 [ 888.717981][T20686] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 888.964543][T20699] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2765'. [ 889.102186][T20700] could not allocate digest TFM handle [ 889.248380][T20700] could not allocate digest TFM handle [ 889.577975][T20700] could not allocate digest TFM handle [ 890.884092][T20748] zram: Cannot change disksize for initialized device [ 891.251448][T20756] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input72 [ 891.876824][T20757] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input73 [ 892.532790][T20765] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 892.714014][T20778] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 894.404298][T20815] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input74 [ 894.552870][T20817] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input75 [ 895.471064][T20829] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input76 [ 895.545433][T20829] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input77 [ 895.569926][T20830] zram: Cannot change disksize for initialized device [ 895.789339][T20831] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2787'. [ 896.051080][T20826] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 896.484201][T20845] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 896.496067][T20846] FAULT_INJECTION: forcing a failure. [ 896.496067][T20846] name failslab, interval 1, probability 0, space 0, times 0 [ 896.556726][T20846] CPU: 1 UID: 0 PID: 20846 Comm: syz.4.2789 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 896.556770][T20846] Tainted: [U]=USER [ 896.556778][T20846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 896.556793][T20846] Call Trace: [ 896.556802][T20846] [ 896.556812][T20846] dump_stack_lvl+0x16c/0x1f0 [ 896.556852][T20846] should_fail_ex+0x512/0x640 [ 896.556885][T20846] ? fs_reclaim_acquire+0xae/0x150 [ 896.556916][T20846] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 896.556948][T20846] should_failslab+0xc2/0x120 [ 896.556973][T20846] __kmalloc_noprof+0xd2/0x510 [ 896.557014][T20846] tomoyo_realpath_from_path+0xc2/0x6e0 [ 896.557050][T20846] ? tomoyo_profile+0x47/0x60 [ 896.557086][T20846] tomoyo_path_number_perm+0x245/0x580 [ 896.557113][T20846] ? tomoyo_path_number_perm+0x237/0x580 [ 896.557152][T20846] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 896.557182][T20846] ? find_held_lock+0x2b/0x80 [ 896.557239][T20846] ? find_held_lock+0x2b/0x80 [ 896.557261][T20846] ? hook_file_ioctl_common+0x145/0x410 [ 896.557296][T20846] ? __fget_files+0x20e/0x3c0 [ 896.557333][T20846] security_file_ioctl+0x9b/0x240 [ 896.557364][T20846] __x64_sys_ioctl+0xb7/0x210 [ 896.557394][T20846] do_syscall_64+0xcd/0x490 [ 896.557429][T20846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 896.557453][T20846] RIP: 0033:0x7fe1eb38e929 [ 896.557472][T20846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 896.557496][T20846] RSP: 002b:00007fe1ec164038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 896.557520][T20846] RAX: ffffffffffffffda RBX: 00007fe1eb5b6080 RCX: 00007fe1eb38e929 [ 896.557538][T20846] RDX: 0000000000000000 RSI: 0000000040044591 RDI: 0000000000000004 [ 896.557554][T20846] RBP: 00007fe1ec164090 R08: 0000000000000000 R09: 0000000000000000 [ 896.557569][T20846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 896.557585][T20846] R13: 0000000000000001 R14: 00007fe1eb5b6080 R15: 00007fff9c9e65a8 [ 896.557620][T20846] [ 896.557631][T20846] ERROR: Out of memory at tomoyo_realpath_from_path. [ 898.749921][T20871] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 900.052105][T20912] FAULT_INJECTION: forcing a failure. [ 900.052105][T20912] name failslab, interval 1, probability 0, space 0, times 0 [ 900.104359][T20912] CPU: 0 UID: 0 PID: 20912 Comm: syz.3.2804 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 900.104387][T20912] Tainted: [U]=USER [ 900.104392][T20912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 900.104401][T20912] Call Trace: [ 900.104407][T20912] [ 900.104413][T20912] dump_stack_lvl+0x16c/0x1f0 [ 900.104441][T20912] should_fail_ex+0x512/0x640 [ 900.104463][T20912] ? fs_reclaim_acquire+0xae/0x150 [ 900.104482][T20912] ? tomoyo_encode2+0x100/0x3e0 [ 900.104501][T20912] should_failslab+0xc2/0x120 [ 900.104516][T20912] __kmalloc_noprof+0xd2/0x510 [ 900.104537][T20912] ? d_absolute_path+0x136/0x1a0 [ 900.104556][T20912] tomoyo_encode2+0x100/0x3e0 [ 900.104577][T20912] tomoyo_encode+0x29/0x50 [ 900.104596][T20912] tomoyo_realpath_from_path+0x18f/0x6e0 [ 900.104621][T20912] tomoyo_path_number_perm+0x245/0x580 [ 900.104638][T20912] ? tomoyo_path_number_perm+0x237/0x580 [ 900.104656][T20912] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 900.104674][T20912] ? find_held_lock+0x2b/0x80 [ 900.104705][T20912] ? find_held_lock+0x2b/0x80 [ 900.104718][T20912] ? hook_file_ioctl_common+0x145/0x410 [ 900.104738][T20912] ? __fget_files+0x20e/0x3c0 [ 900.104761][T20912] security_file_ioctl+0x9b/0x240 [ 900.104781][T20912] __x64_sys_ioctl+0xb7/0x210 [ 900.104800][T20912] do_syscall_64+0xcd/0x490 [ 900.104823][T20912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 900.104839][T20912] RIP: 0033:0x7f21da58e929 [ 900.104852][T20912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 900.104866][T20912] RSP: 002b:00007f21d83f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 900.104881][T20912] RAX: ffffffffffffffda RBX: 00007f21da7b6080 RCX: 00007f21da58e929 [ 900.104892][T20912] RDX: 0000000000000000 RSI: 0000000040044591 RDI: 0000000000000004 [ 900.104901][T20912] RBP: 00007f21d83f6090 R08: 0000000000000000 R09: 0000000000000000 [ 900.104910][T20912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 900.104918][T20912] R13: 0000000000000001 R14: 00007f21da7b6080 R15: 00007ffe04ba27b8 [ 900.104937][T20912] [ 900.104950][T20912] ERROR: Out of memory at tomoyo_realpath_from_path. [ 900.271789][ C0] vkms_vblank_simulate: vblank timer overrun [ 901.571228][T20941] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2809'. [ 901.652456][T20929] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 902.200413][T20955] random: crng reseeded on system resumption [ 903.329120][T20977] bridge0: port 3(macvlan0) entered blocking state [ 903.373866][T20977] bridge0: port 3(macvlan0) entered disabled state [ 903.412457][T20977] macvlan0: entered allmulticast mode [ 903.458861][T20977] veth1_vlan: entered allmulticast mode [ 903.501671][T20977] macvlan0: entered promiscuous mode [ 903.593702][T20977] bridge0: port 3(macvlan0) entered blocking state [ 903.602652][T20977] bridge0: port 3(macvlan0) entered forwarding state [ 904.018265][T20992] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2821'. [ 904.226083][T20986] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 904.701055][T21005] zram: Cannot change disksize for initialized device [ 906.065713][T21023] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2829'. [ 906.090694][T21023] bridge0: port 2(bridge_slave_1) entered disabled state [ 906.304340][T21023] bridge_slave_1 (unregistering): left allmulticast mode [ 906.322620][T21023] bridge_slave_1 (unregistering): left promiscuous mode [ 906.339805][T21023] bridge0: port 2(bridge_slave_1) entered disabled state [ 906.758451][T21044] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2835'. [ 908.272062][T21075] FAULT_INJECTION: forcing a failure. [ 908.272062][T21075] name failslab, interval 1, probability 0, space 0, times 0 [ 908.316109][T21075] CPU: 1 UID: 0 PID: 21075 Comm: syz.1.2843 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 908.316157][T21075] Tainted: [U]=USER [ 908.316166][T21075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 908.316183][T21075] Call Trace: [ 908.316191][T21075] [ 908.316200][T21075] dump_stack_lvl+0x16c/0x1f0 [ 908.316242][T21075] should_fail_ex+0x512/0x640 [ 908.316277][T21075] ? __kmalloc_noprof+0xbf/0x510 [ 908.316320][T21075] ? xfrm_hash_alloc+0xd1/0x100 [ 908.316351][T21075] should_failslab+0xc2/0x120 [ 908.316375][T21075] __kmalloc_noprof+0xd2/0x510 [ 908.316406][T21075] ? xfrm_state_init+0x377/0x630 [ 908.316434][T21075] ? xfrm_state_init+0x3c1/0x630 [ 908.316470][T21075] xfrm_hash_alloc+0xd1/0x100 [ 908.316505][T21075] xfrm_net_init+0x35f/0xcc0 [ 908.316547][T21075] ? __pfx_xfrm_net_init+0x10/0x10 [ 908.316583][T21075] ops_init+0x1df/0x5f0 [ 908.316626][T21075] setup_net+0x1ff/0x510 [ 908.316649][T21075] ? lockdep_init_map_type+0x5c/0x280 [ 908.316683][T21075] ? __pfx_setup_net+0x10/0x10 [ 908.316710][T21075] ? debug_mutex_init+0x37/0x70 [ 908.316740][T21075] copy_net_ns+0x2a6/0x5f0 [ 908.316771][T21075] create_new_namespaces+0x3ea/0xa90 [ 908.316808][T21075] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 908.316840][T21075] ksys_unshare+0x45b/0xa40 [ 908.316875][T21075] ? __pfx_ksys_unshare+0x10/0x10 [ 908.316914][T21075] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 908.316956][T21075] __x64_sys_unshare+0x31/0x40 [ 908.316987][T21075] do_syscall_64+0xcd/0x490 [ 908.317036][T21075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 908.317064][T21075] RIP: 0033:0x7f87d6d8e929 [ 908.317086][T21075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 908.317112][T21075] RSP: 002b:00007f87d7c22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 908.317138][T21075] RAX: ffffffffffffffda RBX: 00007f87d6fb5fa0 RCX: 00007f87d6d8e929 [ 908.317157][T21075] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 908.317173][T21075] RBP: 00007f87d6e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 908.317189][T21075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 908.317205][T21075] R13: 0000000000000000 R14: 00007f87d6fb5fa0 R15: 00007fff3f698648 [ 908.317240][T21075] [ 909.793192][T21108] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 910.482302][T21124] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2849'. [ 911.094672][T21117] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 911.162269][T21117] CIFS mount error: No usable UNC path provided in device string! [ 911.162269][T21117] [ 911.172857][T21117] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 911.508719][T21155] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2855'. [ 912.099701][T21165] FAULT_INJECTION: forcing a failure. [ 912.099701][T21165] name failslab, interval 1, probability 0, space 0, times 0 [ 912.124038][T21165] CPU: 1 UID: 0 PID: 21165 Comm: syz.3.2858 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 912.124088][T21165] Tainted: [U]=USER [ 912.124097][T21165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 912.124114][T21165] Call Trace: [ 912.124125][T21165] [ 912.124137][T21165] dump_stack_lvl+0x16c/0x1f0 [ 912.124182][T21165] should_fail_ex+0x512/0x640 [ 912.124215][T21165] ? fs_reclaim_acquire+0xae/0x150 [ 912.124250][T21165] should_failslab+0xc2/0x120 [ 912.124275][T21165] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 912.124312][T21165] ? bpf_ksym_find+0x124/0x1c0 [ 912.124340][T21165] ? __kernfs_new_node+0xd2/0x8e0 [ 912.124378][T21165] __kernfs_new_node+0xd2/0x8e0 [ 912.124416][T21165] ? __pfx___kernfs_new_node+0x10/0x10 [ 912.124458][T21165] ? find_held_lock+0x2b/0x80 [ 912.124485][T21165] ? kernfs_root+0xee/0x2a0 [ 912.124526][T21165] kernfs_new_node+0x13c/0x1e0 [ 912.124574][T21165] ? kasan_save_stack+0x42/0x60 [ 912.124615][T21165] kernfs_create_dir_ns+0x4c/0x1a0 [ 912.124657][T21165] sysfs_create_dir_ns+0x13a/0x2b0 [ 912.124706][T21165] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 912.124740][T21165] ? rcu_is_watching+0x12/0xc0 [ 912.124765][T21165] ? kfree+0x24f/0x4d0 [ 912.124799][T21165] kobject_add_internal+0x2c4/0x9b0 [ 912.124832][T21165] kobject_add+0x16e/0x240 [ 912.124857][T21165] ? __pfx_kobject_add+0x10/0x10 [ 912.124902][T21165] kobject_create_and_add+0x7e/0xf0 [ 912.124931][T21165] __add_disk+0x676/0xf00 [ 912.124972][T21165] add_disk_fwnode+0x13f/0x5d0 [ 912.125010][T21165] loop_add+0x911/0xb70 [ 912.125037][T21165] ? do_vfs_ioctl+0x523/0x1a60 [ 912.125070][T21165] ? __pfx_loop_add+0x10/0x10 [ 912.125094][T21165] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 912.125148][T21165] ? find_held_lock+0x2b/0x80 [ 912.125180][T21165] loop_control_ioctl+0x13e/0x630 [ 912.125212][T21165] ? __pfx_loop_control_ioctl+0x10/0x10 [ 912.125247][T21165] ? __pfx_loop_control_ioctl+0x10/0x10 [ 912.125279][T21165] __x64_sys_ioctl+0x18b/0x210 [ 912.125310][T21165] do_syscall_64+0xcd/0x490 [ 912.125349][T21165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 912.125374][T21165] RIP: 0033:0x7f21da58e929 [ 912.125396][T21165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 912.125422][T21165] RSP: 002b:00007f21db31f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 912.125447][T21165] RAX: ffffffffffffffda RBX: 00007f21da7b5fa0 RCX: 00007f21da58e929 [ 912.125466][T21165] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006 [ 912.125484][T21165] RBP: 00007f21da610b39 R08: 0000000000000000 R09: 0000000000000000 [ 912.125501][T21165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 912.125517][T21165] R13: 0000000000000000 R14: 00007f21da7b5fa0 R15: 00007ffe04ba27b8 [ 912.125562][T21165] [ 912.410198][T21165] kobject: kobject_add_internal failed for holders (error: -12 parent: loop33) [ 912.419417][T21165] kobject: kobject_create_and_add: kobject_add error: -12 [ 912.500974][T21169] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2859'. [ 912.709798][T21174] Unable to find swap-space signature [ 913.329015][T21189] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 913.387955][T21189] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 913.396917][T21189] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 913.405268][T21189] page_type: f5(slab) [ 913.412119][T21189] raw: 00fff00000000040 ffff88801b842140 0000000000000000 dead000000000001 [ 913.421552][T21189] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 913.430287][T21189] head: 00fff00000000040 ffff88801b842140 0000000000000000 dead000000000001 [ 913.439161][T21189] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 913.448167][T21189] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 913.483243][T21189] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 913.567757][T21189] page dumped because: unmovable page [ 913.575303][T21189] page_owner tracks the page as allocated [ 913.593596][T21189] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1319, tgid 1319 (kworker/u8:6), ts 704646094562, free_ts 704581180899 [ 913.668935][T21194] could not allocate digest TFM handle binfmt_misc [ 913.685706][T21189] post_alloc_hook+0x1c0/0x230 [ 913.745754][T21189] get_page_from_freelist+0x1321/0x3890 [ 913.783985][T21189] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 913.790339][T21189] alloc_pages_mpol+0x1fb/0x550 [ 913.795405][T21189] new_slab+0x23b/0x330 [ 913.800735][T21189] ___slab_alloc+0xd9c/0x1940 [ 913.805955][T21189] __slab_alloc.constprop.0+0x56/0xb0 [ 913.811506][T21189] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 913.819862][T21189] kmalloc_reserve+0xef/0x2c0 [ 913.824750][T21189] __alloc_skb+0x166/0x380 [ 913.829399][T21189] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 913.835290][T21189] process_one_work+0x9cc/0x1b70 [ 913.840348][T21189] worker_thread+0x6c8/0xf10 [ 913.844990][T21189] kthread+0x3c5/0x780 [ 913.849968][T21189] ret_from_fork+0x5d4/0x6f0 [ 913.854790][T21189] ret_from_fork_asm+0x1a/0x30 [ 913.859812][T21189] page last free pid 5818 tgid 5818 stack trace: [ 913.866271][T21189] __free_frozen_pages+0x7fe/0x1180 [ 914.029583][T21189] __folio_put+0x329/0x450 [ 914.034118][T21189] skb_release_data+0x7fb/0x9c0 [ 914.081056][T21189] __kfree_skb+0x4f/0x70 [ 914.143843][T21189] tcp_ack+0x19b2/0x5c90 [ 914.246817][T21189] tcp_rcv_established+0xda1/0x22e0 [ 914.552443][T21207] Console: switching to colour VGA+ 80x7 [ 914.586207][T21189] tcp_v4_do_rcv+0x5ca/0xa90 [ 914.590898][T21189] __release_sock+0x31b/0x400 [ 914.595632][T21189] release_sock+0x5a/0x220 [ 914.710463][T21189] tcp_sendmsg+0x38/0x50 [ 914.714936][T21189] inet_sendmsg+0xb9/0x140 [ 914.732807][T21189] sock_write_iter+0x4aa/0x5b0 [ 914.751207][T21189] vfs_write+0x6c4/0x1150 [ 914.770048][T21189] ksys_write+0x1f8/0x250 [ 914.774682][T21189] do_syscall_64+0xcd/0x490 [ 914.779947][T21189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 915.207480][T21227] random: crng reseeded on system resumption [ 915.755601][T21236] netlink: 1000 bytes leftover after parsing attributes in process `syz.0.2868'. [ 918.520955][T21275] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 919.116464][T21281] FAULT_INJECTION: forcing a failure. [ 919.116464][T21281] name failslab, interval 1, probability 0, space 0, times 0 [ 919.216852][T21281] CPU: 0 UID: 0 PID: 21281 Comm: syz.4.2877 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 919.216901][T21281] Tainted: [U]=USER [ 919.216911][T21281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 919.216927][T21281] Call Trace: [ 919.216937][T21281] [ 919.216949][T21281] dump_stack_lvl+0x16c/0x1f0 [ 919.216994][T21281] should_fail_ex+0x512/0x640 [ 919.217030][T21281] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 919.217072][T21281] should_failslab+0xc2/0x120 [ 919.217109][T21281] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 919.217147][T21281] ? __asan_memcpy+0x3c/0x60 [ 919.217180][T21281] ? __kernfs_new_node+0xd2/0x8e0 [ 919.217221][T21281] __kernfs_new_node+0xd2/0x8e0 [ 919.217261][T21281] ? __pfx___kernfs_new_node+0x10/0x10 [ 919.217305][T21281] ? find_held_lock+0x2b/0x80 [ 919.217334][T21281] ? kernfs_root+0xee/0x2a0 [ 919.217377][T21281] kernfs_new_node+0x13c/0x1e0 [ 919.217422][T21281] kernfs_create_link+0xcc/0x240 [ 919.217455][T21281] sysfs_do_create_link_sd+0x90/0x140 [ 919.217492][T21281] sysfs_create_link+0x61/0xc0 [ 919.217527][T21281] device_add+0xb14/0x1a70 [ 919.217556][T21281] ? __pfx_device_add+0x10/0x10 [ 919.217598][T21281] __add_disk+0x457/0xf00 [ 919.217635][T21281] ? find_held_lock+0x2b/0x80 [ 919.217665][T21281] add_disk_fwnode+0x3f8/0x5d0 [ 919.217707][T21281] zram_add+0x4c8/0x700 [ 919.217737][T21281] ? __pfx_zram_add+0x10/0x10 [ 919.217792][T21281] ? find_held_lock+0x2b/0x80 [ 919.217824][T21281] ? __pfx_hot_add_show+0x10/0x10 [ 919.217849][T21281] ? __pfx_class_attr_show+0x10/0x10 [ 919.217873][T21281] hot_add_show+0x21/0x80 [ 919.217901][T21281] class_attr_show+0x6f/0xa0 [ 919.217928][T21281] sysfs_kf_seq_show+0x213/0x3e0 [ 919.217966][T21281] seq_read_iter+0x509/0x12c0 [ 919.218015][T21281] kernfs_fop_read_iter+0x40f/0x5a0 [ 919.218042][T21281] ? rw_verify_area+0xcf/0x680 [ 919.218083][T21281] vfs_read+0x8bc/0xc60 [ 919.218124][T21281] ? __pfx___mutex_lock+0x10/0x10 [ 919.218163][T21281] ? __pfx_vfs_read+0x10/0x10 [ 919.218225][T21281] ksys_read+0x12a/0x250 [ 919.218259][T21281] ? __pfx_ksys_read+0x10/0x10 [ 919.218304][T21281] do_syscall_64+0xcd/0x490 [ 919.218345][T21281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 919.218372][T21281] RIP: 0033:0x7fe1eb38e929 [ 919.218395][T21281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 919.218421][T21281] RSP: 002b:00007fe1ec164038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 919.218447][T21281] RAX: ffffffffffffffda RBX: 00007fe1eb5b6080 RCX: 00007fe1eb38e929 [ 919.218465][T21281] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000007 [ 919.218483][T21281] RBP: 00007fe1eb410b39 R08: 0000000000000000 R09: 0000000000000000 [ 919.218498][T21281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 919.218512][T21281] R13: 0000000000000000 R14: 00007fe1eb5b6080 R15: 00007fff9c9e65a8 [ 919.218544][T21281] [ 921.330497][T21333] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2889'. [ 921.365935][T21333] bridge_slave_1: left allmulticast mode [ 921.374084][T21333] bridge_slave_1: left promiscuous mode [ 921.380285][T21333] bridge0: port 2(bridge_slave_1) entered disabled state [ 921.391199][T21333] bridge_slave_0: left allmulticast mode [ 921.399140][T21333] bridge_slave_0: left promiscuous mode [ 921.405194][T21333] bridge0: port 1(bridge_slave_0) entered disabled state [ 922.320316][T21351] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2893: iget: checksum invalid [ 922.334009][T21351] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc3-syzkaller-00042-g78f4e737a53e/regulatory.db failed with error -74 [ 922.397586][T21351] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2893: iget: checksum invalid [ 922.412792][T21351] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 922.439525][T21351] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2893: iget: checksum invalid [ 922.451214][T21351] platform regulatory.0: loading /lib/firmware/6.16.0-rc3-syzkaller-00042-g78f4e737a53e/regulatory.db failed with error -74 [ 922.470480][T21351] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2893: iget: checksum invalid [ 922.483366][T21351] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 922.496359][T21351] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 922.512073][T21351] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 922.673232][T21360] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input79 [ 923.306477][T21363] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input80 [ 924.800809][T21380] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 927.200933][T21436] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2910'. [ 927.521601][T21444] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 927.521601][T21444] The task syz.0.2911 (21444) triggered the difference, watch for misbehavior. [ 927.539691][ C1] vkms_vblank_simulate: vblank timer overrun [ 928.758928][T19511] Process accounting resumed [ 928.786541][T21459] nfs4: Unknown parameter '' [ 928.996261][T21465] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2916'. [ 930.046512][T21473] FAULT_INJECTION: forcing a failure. [ 930.046512][T21473] name failslab, interval 1, probability 0, space 0, times 0 [ 930.076446][T21473] CPU: 1 UID: 0 PID: 21473 Comm: syz.3.2919 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 930.076490][T21473] Tainted: [U]=USER [ 930.076498][T21473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 930.076513][T21473] Call Trace: [ 930.076521][T21473] [ 930.076532][T21473] dump_stack_lvl+0x16c/0x1f0 [ 930.076571][T21473] should_fail_ex+0x512/0x640 [ 930.076604][T21473] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 930.076642][T21473] should_failslab+0xc2/0x120 [ 930.076667][T21473] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 930.076698][T21473] ? __pfx_acct_collect+0x10/0x10 [ 930.076731][T21473] ? taskstats_exit+0x654/0xbe0 [ 930.076778][T21473] taskstats_exit+0x654/0xbe0 [ 930.076812][T21473] ? __pfx_taskstats_exit+0x10/0x10 [ 930.076854][T21473] do_exit+0x5d9/0x2bd0 [ 930.076892][T21473] ? __pfx_do_exit+0x10/0x10 [ 930.076921][T21473] ? do_raw_spin_lock+0x12c/0x2b0 [ 930.076955][T21473] ? find_held_lock+0x2b/0x80 [ 930.076985][T21473] do_group_exit+0xd3/0x2a0 [ 930.077017][T21473] get_signal+0x2673/0x26d0 [ 930.077043][T21473] ? kmem_cache_free+0x2d1/0x4d0 [ 930.077072][T21473] ? fd_install+0x225/0x750 [ 930.077105][T21473] ? __pfx_get_signal+0x10/0x10 [ 930.077129][T21473] ? do_futex+0x122/0x350 [ 930.077158][T21473] ? __pfx_do_futex+0x10/0x10 [ 930.077189][T21473] arch_do_signal_or_restart+0x8f/0x790 [ 930.077218][T21473] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 930.077255][T21473] ? xfd_validate_state+0x61/0x180 [ 930.077292][T21473] exit_to_user_mode_loop+0x84/0x110 [ 930.077328][T21473] do_syscall_64+0x3f6/0x490 [ 930.077366][T21473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 930.077391][T21473] RIP: 0033:0x7f21da58e929 [ 930.077411][T21473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 930.077434][T21473] RSP: 002b:00007f21db31f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 930.077456][T21473] RAX: fffffffffffffe00 RBX: 00007f21da7b5fa8 RCX: 00007f21da58e929 [ 930.077471][T21473] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f21da7b5fa8 [ 930.077484][T21473] RBP: 00007f21da7b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 930.077498][T21473] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f21da7b5fac [ 930.077512][T21473] R13: 0000000000000000 R14: 00007ffe04ba26d0 R15: 00007ffe04ba27b8 [ 930.077541][T21473] [ 931.752431][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.759351][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.809417][ T30] audit: type=1800 audit(4294967512.459:30): pid=21484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2922" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 932.923029][T21492] warn_alloc: 1 callbacks suppressed [ 932.923050][T21492] syz.0.2924: vmalloc error: size 268435456, failed to allocated page array size 524288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 933.085962][T21492] CPU: 0 UID: 0 PID: 21492 Comm: syz.0.2924 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 933.086010][T21492] Tainted: [U]=USER [ 933.086019][T21492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 933.086034][T21492] Call Trace: [ 933.086044][T21492] [ 933.086054][T21492] dump_stack_lvl+0x16c/0x1f0 [ 933.086095][T21492] warn_alloc+0x248/0x3a0 [ 933.086131][T21492] ? __pfx_warn_alloc+0x10/0x10 [ 933.086179][T21492] ? packet_set_ring+0xb07/0x18d0 [ 933.086209][T21492] ? __vmalloc_node_noprof+0xad/0xf0 [ 933.086244][T21492] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 933.086287][T21492] ? packet_set_ring+0xb07/0x18d0 [ 933.086325][T21492] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 933.086356][T21492] ? alloc_pages_mpol+0x25a/0x550 [ 933.086382][T21492] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 933.086411][T21492] ? packet_set_ring+0xb07/0x18d0 [ 933.086439][T21492] __vmalloc_node_noprof+0xad/0xf0 [ 933.086468][T21492] ? packet_set_ring+0xb07/0x18d0 [ 933.086502][T21492] packet_set_ring+0xb07/0x18d0 [ 933.086546][T21492] packet_setsockopt+0x121b/0x33c0 [ 933.086594][T21492] ? __pfx_packet_setsockopt+0x10/0x10 [ 933.086633][T21492] ? aa_sk_perm+0x2f4/0xb10 [ 933.086664][T21492] ? __pfx_aa_sk_perm+0x10/0x10 [ 933.086693][T21492] ? errseq_sample+0x53/0x70 [ 933.086734][T21492] ? __pfx_packet_setsockopt+0x10/0x10 [ 933.086766][T21492] do_sock_setsockopt+0x221/0x470 [ 933.086793][T21492] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 933.086840][T21492] __sys_setsockopt+0x120/0x1a0 [ 933.086880][T21492] __x64_sys_setsockopt+0xbd/0x160 [ 933.086912][T21492] ? do_syscall_64+0x91/0x490 [ 933.086946][T21492] ? lockdep_hardirqs_on+0x7c/0x110 [ 933.086979][T21492] do_syscall_64+0xcd/0x490 [ 933.087016][T21492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 933.087042][T21492] RIP: 0033:0x7fe1c118e929 [ 933.087063][T21492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 933.087086][T21492] RSP: 002b:00007fe1beff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 933.087110][T21492] RAX: ffffffffffffffda RBX: 00007fe1c13b5fa0 RCX: 00007fe1c118e929 [ 933.087127][T21492] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000006 [ 933.087142][T21492] RBP: 00007fe1c1210b39 R08: 000000000000ce24 R09: 0000000000000000 [ 933.087158][T21492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 933.087172][T21492] R13: 0000000000000000 R14: 00007fe1c13b5fa0 R15: 00007fff5f1addc8 [ 933.087206][T21492] [ 933.087216][T21492] Mem-Info: [ 933.435844][T21492] active_anon:93828 inactive_anon:0 isolated_anon:0 [ 933.435844][T21492] active_file:20297 inactive_file:40538 isolated_file:0 [ 933.435844][T21492] unevictable:768 dirty:744 writeback:7 [ 933.435844][T21492] slab_reclaimable:11993 slab_unreclaimable:98045 [ 933.435844][T21492] mapped:52648 shmem:80320 pagetables:1472 [ 933.435844][T21492] sec_pagetables:0 bounce:0 [ 933.435844][T21492] kernel_misc_reclaimable:0 [ 933.435844][T21492] free:1206798 free_pcp:24528 free_cma:0 [ 933.481446][ C0] vkms_vblank_simulate: vblank timer overrun [ 933.661552][T21492] Node 0 active_anon:375912kB inactive_anon:0kB active_file:81188kB inactive_file:162008kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:208884kB dirty:2976kB writeback:28kB shmem:316944kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13520kB pagetables:5844kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 933.695400][ C0] vkms_vblank_simulate: vblank timer overrun [ 933.956060][T21492] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:144kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 933.987544][ C0] vkms_vblank_simulate: vblank timer overrun [ 934.024983][T21492] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 934.053869][ C0] vkms_vblank_simulate: vblank timer overrun [ 934.114123][T21492] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 934.120444][T21492] Node 0 DMA32 free:914552kB boost:76660kB min:110736kB low:119252kB high:127768kB reserved_highatomic:0KB free_highatomic:0KB active_anon:370000kB inactive_anon:0kB active_file:81104kB inactive_file:160704kB unevictable:1536kB writepending:2988kB present:3129332kB managed:2540868kB mlocked:0kB bounce:0kB free_pcp:71832kB local_pcp:42112kB free_cma:0kB [ 934.153953][T21492] lowmem_reserve[]: 0 0 1 1 1 [ 934.161295][T21492] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 934.298243][T21492] lowmem_reserve[]: 0 0 0 0 0 [ 934.305477][T21492] Node 1 Normal free:3893204kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:144kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:26764kB local_pcp:17184kB free_cma:0kB [ 934.378642][T21492] lowmem_reserve[]: 0 0 0 0 0 [ 934.392763][T21492] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (UM) = 15360kB [ 934.459714][T21492] Node 0 DMA32: 0*4kB 2*8kB (UM) 2*16kB (ME) 17*32kB (UME) 10*64kB (UE) 4*128kB (UE) 126*256kB (UME) 103*512kB (U) 89*1024kB (UE) 31*2048kB (UME) 163*4096kB (U) = 909008kB [ 934.556404][T21492] Node 0 Normal: 3*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 934.706062][T21492] Node 1 Normal: 5*4kB (UE) 7*8kB (UM) 25*16kB (UME) 55*32kB (UE) 88*64kB (U) 47*128kB (UME) 20*256kB (UM) 11*512kB (UE) 8*1024kB (UE) 7*2048kB (UME) 939*4096kB (UM) = 3893308kB [ 934.886441][T21518] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.2929: iget: checksum invalid [ 934.906852][T21518] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc3-syzkaller-00042-g78f4e737a53e/regulatory.db failed with error -74 [ 934.947059][T21518] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.2929: iget: checksum invalid [ 934.955909][T21492] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 934.967643][T21492] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 934.995872][T21492] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 935.005669][T21492] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 935.026387][T21518] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 935.066136][T21518] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.2929: iget: checksum invalid [ 935.086483][T21518] platform regulatory.0: loading /lib/firmware/6.16.0-rc3-syzkaller-00042-g78f4e737a53e/regulatory.db failed with error -74 [ 935.116002][T21492] 137812 total pagecache pages [ 935.165227][T21518] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.2929: iget: checksum invalid [ 935.178774][T21492] 0 pages in swap cache [ 935.182992][T21492] Free swap = 123016kB [ 935.206409][T21518] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 935.226132][T21492] Total swap = 124996kB [ 935.230367][T21492] 2097051 pages RAM [ 935.234192][T21492] 0 pages HighMem/MovableOnly [ 935.260089][T21518] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 935.276024][T21492] 429856 pages reserved [ 935.280241][T21492] 0 pages cma reserved [ 935.311103][T21524] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2930'. [ 935.356024][T21518] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 935.454480][T21524] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 936.120836][T21524] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 936.184784][T21531] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2931'. [ 936.330392][T21507] kexec: Could not allocate control_code_buffer [ 936.955165][T21543] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.2932'. [ 937.295880][T21547] zram: Cannot change disksize for initialized device [ 938.672335][T21565] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2937'. [ 941.875046][T21594] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input82 [ 942.541421][T21595] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input83 [ 942.942470][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 942.952959][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 942.963209][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 942.977669][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 943.073271][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 943.126626][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 943.194337][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 943.216541][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 943.245957][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 943.361276][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 943.390233][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 943.447903][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 943.503554][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 943.536525][T21614] snd_aloop snd_aloop.0: control 4:65539:6:'x?F/zF˷fC:7 is already present [ 944.317856][T21642] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷vC:0 is already present [ 944.976629][T21653] snd_aloop snd_aloop.0: Parsing timer source 'W' failed with -22 [ 949.184241][T21704] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input84 [ 950.313884][T21723] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2966'. [ 953.859519][T21781] zram: Cannot change disksize for initialized device [ 954.195149][T21778] vhci_hcd: default hub control req: dcfd v0007 i0001 l1 [ 955.054366][T21811] Setting dangerous option i915.mitigations - tainting kernel [ 955.984074][T21834] openvswitch: netlink: Geneve opt len 2 is not a multiple of 4. [ 957.536511][T21872] ima: policy update failed [ 957.543004][ T30] audit: type=1802 audit(4294967537.209:31): pid=21872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2992" res=0 errno=0 [ 958.634163][ T5151] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 958.652049][ T5151] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 958.660714][ T5151] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 958.681002][ T5151] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 958.696254][ T5151] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 958.727224][T11303] ------------[ cut here ]------------ [ 958.732787][T11303] ODEBUG: free active (active state 0) object: ffff8880792452d8 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 [ 958.857845][T11303] WARNING: CPU: 1 PID: 11303 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 [ 958.867979][T11303] Modules linked in: [ 958.871918][T11303] CPU: 1 UID: 0 PID: 11303 Comm: syz.3.971 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 958.886253][T11303] Tainted: [U]=USER [ 958.890065][T11303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 958.900450][T11303] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 958.906589][T11303] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 80 76 15 8c 4c 89 e6 48 c7 c7 00 6b 15 8c e8 5f 75 9c fc 90 <0f> 0b 90 90 58 83 05 76 34 ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 958.926695][T11303] RSP: 0018:ffffc900044af768 EFLAGS: 00010286 [ 958.932760][T11303] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8 [ 958.941538][T11303] RDX: ffff88802e3c5a00 RSI: ffffffff817aa1b5 RDI: 0000000000000001 [ 958.950003][T11303] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 958.958298][T11303] R10: 0000000000000001 R11: fffffffffffec468 R12: ffffffff8c1571a0 [ 958.966874][T11303] R13: ffffffff8bafe840 R14: ffffffff8a880fd0 R15: ffffc900044af868 [ 958.975394][T11303] FS: 0000000000000000(0000) GS:ffff888124860000(0000) knlGS:0000000000000000 [ 958.984959][T11303] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 958.992139][T11303] CR2: 00007f70bcbf37b0 CR3: 000000007baf8000 CR4: 00000000003526f0 [ 959.000465][T11303] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 959.008497][T11303] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 959.016675][T11303] Call Trace: [ 959.019951][T11303] [ 959.022879][T11303] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 959.028440][T11303] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 959.034286][T11303] debug_check_no_obj_freed+0x4b7/0x600 [ 959.039997][T11303] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 959.046199][T11303] ? rcu_is_watching+0x12/0xc0 [ 959.051000][T11303] ? kmem_cache_free+0x2d1/0x4d0 [ 959.056026][T11303] kfree+0x28f/0x4d0 [ 959.059954][T11303] ? hci_release_dev+0x4d8/0x600 [ 959.064929][T11303] hci_release_dev+0x4d8/0x600 [ 959.069764][T11303] ? __pfx_hci_release_dev+0x10/0x10 [ 959.075051][T11303] ? rcu_is_watching+0x12/0xc0 [ 959.079835][T11303] ? kfree+0x24f/0x4d0 [ 959.083902][T11303] bt_host_release+0x6a/0xb0 [ 959.088514][T11303] ? __pfx_bt_host_release+0x10/0x10 [ 959.093791][T11303] device_release+0xa1/0x240 [ 959.098405][T11303] kobject_put+0x1e7/0x5a0 [ 959.102826][T11303] ? __pfx_vhci_release+0x10/0x10 [ 959.108002][T11303] put_device+0x1f/0x30 [ 959.112288][T11303] vhci_release+0x81/0xf0 [ 959.116666][T11303] __fput+0x402/0xb70 [ 959.120647][T11303] task_work_run+0x14d/0x240 [ 959.125237][T11303] ? __pfx_task_work_run+0x10/0x10 [ 959.130383][T11303] do_exit+0x86c/0x2bd0 [ 959.134547][T11303] ? __pfx_do_exit+0x10/0x10 [ 959.139160][T11303] ? cgroup_update_frozen_flag+0x107/0x210 [ 959.144963][T11303] ? find_held_lock+0x2b/0x80 [ 959.149676][T11303] do_group_exit+0xd3/0x2a0 [ 959.154182][T11303] get_signal+0x2673/0x26d0 [ 959.158711][T11303] ? hrtimer_nanosleep+0x187/0x380 [ 959.163817][T11303] ? __pfx_get_signal+0x10/0x10 [ 959.168706][T11303] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 959.173916][T11303] arch_do_signal_or_restart+0x8f/0x790 [ 959.179485][T11303] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 959.185640][T11303] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 959.191886][T11303] exit_to_user_mode_loop+0x84/0x110 [ 959.197201][T11303] do_syscall_64+0x3f6/0x490 [ 959.201797][T11303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 959.207717][T11303] RIP: 0033:0x7f21da5c11e5 [ 959.212122][T11303] Code: Unable to access opcode bytes at 0x7f21da5c11bb. [ 959.219265][T11303] RSP: 002b:00007f21db31ef80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 959.227720][T11303] RAX: fffffffffffffdfc RBX: 00007f21da7b5fa0 RCX: 00007f21da5c11e5 [ 959.235689][T11303] RDX: 00007f21db31efc0 RSI: 0000000000000000 RDI: 0000000000000000 [ 959.243681][T11303] RBP: 00007f21da610b39 R08: 0000000000000000 R09: 0000000000000000 [ 959.251693][T11303] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 959.259692][T11303] R13: 0000000000000001 R14: 00007f21da7b5fa0 R15: 00007ffe04ba27b8 [ 959.267694][T11303] [ 959.270708][T11303] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 959.277981][T11303] CPU: 1 UID: 0 PID: 11303 Comm: syz.3.971 Tainted: G U 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 959.291518][T11303] Tainted: [U]=USER [ 959.295307][T11303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 959.305358][T11303] Call Trace: [ 959.308631][T11303] [ 959.311555][T11303] dump_stack_lvl+0x3d/0x1f0 [ 959.316153][T11303] panic+0x71c/0x800 [ 959.320049][T11303] ? __pfx_panic+0x10/0x10 [ 959.324464][T11303] ? show_trace_log_lvl+0x29b/0x3e0 [ 959.329665][T11303] ? check_panic_on_warn+0x1f/0xb0 [ 959.334775][T11303] ? debug_print_object+0x1a2/0x2b0 [ 959.339966][T11303] check_panic_on_warn+0xab/0xb0 [ 959.344915][T11303] __warn+0xf6/0x3c0 [ 959.348810][T11303] ? debug_print_object+0x1a2/0x2b0 [ 959.354001][T11303] report_bug+0x3c3/0x580 [ 959.358331][T11303] ? debug_print_object+0x1a2/0x2b0 [ 959.363523][T11303] handle_bug+0x184/0x210 [ 959.367871][T11303] exc_invalid_op+0x17/0x50 [ 959.372373][T11303] asm_exc_invalid_op+0x1a/0x20 [ 959.377220][T11303] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 959.383019][T11303] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 80 76 15 8c 4c 89 e6 48 c7 c7 00 6b 15 8c e8 5f 75 9c fc 90 <0f> 0b 90 90 58 83 05 76 34 ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 959.402626][T11303] RSP: 0018:ffffc900044af768 EFLAGS: 00010286 [ 959.408690][T11303] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8 [ 959.416653][T11303] RDX: ffff88802e3c5a00 RSI: ffffffff817aa1b5 RDI: 0000000000000001 [ 959.424619][T11303] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 959.432582][T11303] R10: 0000000000000001 R11: fffffffffffec468 R12: ffffffff8c1571a0 [ 959.440559][T11303] R13: ffffffff8bafe840 R14: ffffffff8a880fd0 R15: ffffc900044af868 [ 959.448534][T11303] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 959.453998][T11303] ? __warn_printk+0x198/0x350 [ 959.458762][T11303] ? __warn_printk+0x1a5/0x350 [ 959.463524][T11303] ? debug_print_object+0x1a1/0x2b0 [ 959.468712][T11303] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 959.474167][T11303] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 959.479972][T11303] debug_check_no_obj_freed+0x4b7/0x600 [ 959.485518][T11303] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 959.491576][T11303] ? rcu_is_watching+0x12/0xc0 [ 959.496336][T11303] ? kmem_cache_free+0x2d1/0x4d0 [ 959.501272][T11303] kfree+0x28f/0x4d0 [ 959.505159][T11303] ? hci_release_dev+0x4d8/0x600 [ 959.510110][T11303] hci_release_dev+0x4d8/0x600 [ 959.514891][T11303] ? __pfx_hci_release_dev+0x10/0x10 [ 959.520185][T11303] ? rcu_is_watching+0x12/0xc0 [ 959.524950][T11303] ? kfree+0x24f/0x4d0 [ 959.529025][T11303] bt_host_release+0x6a/0xb0 [ 959.533610][T11303] ? __pfx_bt_host_release+0x10/0x10 [ 959.538905][T11303] device_release+0xa1/0x240 [ 959.543492][T11303] kobject_put+0x1e7/0x5a0 [ 959.547911][T11303] ? __pfx_vhci_release+0x10/0x10 [ 959.552930][T11303] put_device+0x1f/0x30 [ 959.557081][T11303] vhci_release+0x81/0xf0 [ 959.561414][T11303] __fput+0x402/0xb70 [ 959.565392][T11303] task_work_run+0x14d/0x240 [ 959.569987][T11303] ? __pfx_task_work_run+0x10/0x10 [ 959.575101][T11303] do_exit+0x86c/0x2bd0 [ 959.579258][T11303] ? __pfx_do_exit+0x10/0x10 [ 959.583841][T11303] ? cgroup_update_frozen_flag+0x107/0x210 [ 959.589650][T11303] ? find_held_lock+0x2b/0x80 [ 959.594323][T11303] do_group_exit+0xd3/0x2a0 [ 959.598829][T11303] get_signal+0x2673/0x26d0 [ 959.603327][T11303] ? hrtimer_nanosleep+0x187/0x380 [ 959.608430][T11303] ? __pfx_get_signal+0x10/0x10 [ 959.613273][T11303] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 959.618474][T11303] arch_do_signal_or_restart+0x8f/0x790 [ 959.624024][T11303] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 959.630221][T11303] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 959.636383][T11303] exit_to_user_mode_loop+0x84/0x110 [ 959.641668][T11303] do_syscall_64+0x3f6/0x490 [ 959.646261][T11303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 959.652144][T11303] RIP: 0033:0x7f21da5c11e5 [ 959.656550][T11303] Code: Unable to access opcode bytes at 0x7f21da5c11bb. [ 959.663551][T11303] RSP: 002b:00007f21db31ef80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 959.671958][T11303] RAX: fffffffffffffdfc RBX: 00007f21da7b5fa0 RCX: 00007f21da5c11e5 [ 959.679924][T11303] RDX: 00007f21db31efc0 RSI: 0000000000000000 RDI: 0000000000000000 [ 959.687887][T11303] RBP: 00007f21da610b39 R08: 0000000000000000 R09: 0000000000000000 [ 959.695856][T11303] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 959.703829][T11303] R13: 0000000000000001 R14: 00007f21da7b5fa0 R15: 00007ffe04ba27b8 [ 959.711805][T11303] [ 959.715120][T11303] Kernel Offset: disabled [ 959.719447][T11303] Rebooting in 86400 seconds..