last executing test programs: 5m19.35549466s ago: executing program 2 (id=612): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) 5m18.280666691s ago: executing program 2 (id=623): mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x400, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x2b, 0x0) socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x0, 0x21, 0x0, 0x28) 5m18.053775138s ago: executing program 2 (id=626): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x3, 0x6) semctl$auto(0x9, 0x20000001, 0x13, 0x4) close_range$auto(0x2, 0x8, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) open(0x0, 0x22240, 0x154) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) 5m17.874749765s ago: executing program 2 (id=628): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 5m17.42978779s ago: executing program 2 (id=631): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) poll$auto(&(0x7f0000000480)={r0, 0x8000, 0xff81}, 0x7, 0x54b) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) 5m16.947592025s ago: executing program 3 (id=637): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000003980)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="01032ebd7000fddbdf250a00000008000200ec"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc4) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000), 0xfc2}, 0x5, 0x0, 0x5}, 0x800}, 0x7, 0x8) 5m16.856860546s ago: executing program 2 (id=638): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) mmap$auto(0x0, 0x400008, 0x1000df, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x4, 0x2020009, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000) msync$auto(0x10000000000000, 0xe0, 0x6) write$auto(0xffffffffffffffff, 0x0, 0x4) 5m16.855338222s ago: executing program 3 (id=639): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x24, 0x0, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x7, 0x14, 0x0, 0x1, [@generic="1c551b"]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbdf250200000008000300000000001b0004"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) futex_requeue$auto(&(0x7f0000000040)={0xb, 0x6, 0x2, 0x2000000}, 0x0, 0xf, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40400) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5m16.497332287s ago: executing program 32 (id=638): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) mmap$auto(0x0, 0x400008, 0x1000df, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x4, 0x2020009, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000) msync$auto(0x10000000000000, 0xe0, 0x6) write$auto(0xffffffffffffffff, 0x0, 0x4) 5m16.490759432s ago: executing program 3 (id=641): r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x41}}, 0x6a) listen$auto(0x3, 0x81) read$auto(r0, 0x0, 0x7) close_range$auto(0x2, r0, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x6a) 5m15.574267244s ago: executing program 3 (id=646): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 5m15.063362715s ago: executing program 3 (id=649): close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) r0 = socket(0xa, 0x2, 0x3a) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x3b) setsockopt$auto(r0, 0x29, 0x4e, &(0x7f0000000180)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5', 0x10000110) bind$auto(0x3, &(0x7f0000000040)=@generic={0xa, "02d0ac0c00e435826339c7328903"}, 0x6a) 5m14.496770078s ago: executing program 3 (id=650): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) 5m13.912547782s ago: executing program 33 (id=650): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) 2m45.587024538s ago: executing program 1 (id=1465): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101c82, 0x0) unshare$auto(0x40000080) mmap$auto(0x2, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x140000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8802, 0x0) readv$auto(0x3, 0x0, 0x1) unshare$auto(0x40000080) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) write$auto(r0, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) gettid() 2m44.065677711s ago: executing program 1 (id=1475): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x40000073, 0x400, 0x2}]}) 2m43.862764651s ago: executing program 1 (id=1476): mmap$auto(0x0, 0x40006, 0xdf, 0x9b72, 0x7, 0x28000) r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r0, 0x0, 0x400) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_add_rule$auto(r1, 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2m43.729296048s ago: executing program 1 (id=1477): openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000440)='/proc/thread-self/mountinfo\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) 2m43.359355186s ago: executing program 1 (id=1479): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 2m43.055869423s ago: executing program 1 (id=1483): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) semctl$auto(0x7, 0x2, 0x13, 0x1) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0xff00) close_range$auto(0x2, 0x8, 0x0) 2m27.969436889s ago: executing program 34 (id=1483): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) semctl$auto(0x7, 0x2, 0x13, 0x1) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0xff00) close_range$auto(0x2, 0x8, 0x0) 6.594448756s ago: executing program 0 (id=2297): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) socket(0x10, 0x4, 0xffffffc0) io_uring_register$auto_IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f00000002c0)="d05d6f2f716f74230faba010656e878f1af86cd29108de4bf8bb61f80c2d38d4a7038ba0c7c51f76e06d4a15ba90d087513109136561924733c1d54fc9a8f5ee48b052879f664c3f8328365e88c643d7de7d513c46d805b35a6cae38c311835bed572cd39d6b1a5b", 0x5) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x8000, 0x0, 0x0, &(0x7f0000000240)={[0x8, 0x6, 0x8, 0x8fd6, 0x948b, 0x3, 0x100000001, 0x4000000000005, 0x6, 0x2, 0x8, 0x0, 0x1, 0xffffffff, 0x100, 0x18]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) 5.865217232s ago: executing program 6 (id=2299): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0xc) socket(0x2000000000000021, 0x2, 0x10000000000002) io_uring_setup$auto(0x6, 0x0) r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd700001dcdf2503000000040006000c00018008001000040005"], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5.69244392s ago: executing program 6 (id=2302): openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0xc8101, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) 5.479628302s ago: executing program 4 (id=2305): r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f0000000080)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x64010101}, 0x55) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x3, 0x6) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) socket(0x2, 0x5, 0x3) setsockopt$auto(0x3, 0x10000000084, 0x17, 0x0, 0x3ff) 5.380937786s ago: executing program 5 (id=2306): sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) lstat$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) clock_getres$auto(0xfffffffd, 0x0) 5.116028466s ago: executing program 0 (id=2307): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={0x0, 0x40000000001243}, 0xa, 0x0) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) 4.55993732s ago: executing program 4 (id=2308): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x4) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) socket(0x25, 0x1, 0x3) r1 = socket(0x10, 0x3, 0x6) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c6014100005800c00c50003000000000000000c02368008027a8087010c800800e800", @ANYRES32=r0, @ANYBLOB="0800fb00", @ANYRES32=r1], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) 4.193081117s ago: executing program 4 (id=2309): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x29, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) socket(0xa, 0x3, 0x6) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) flistxattr$auto(r0, 0x0, 0x9) 4.190433286s ago: executing program 6 (id=2310): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rpc/nfsd.fh/channel\x00', 0x8f3b7a51b80ebd01, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x40eb1, 0x401, 0x300000000000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) chmod$auto(&(0x7f0000000140)='./file0\x00', 0x3ff) 3.995739418s ago: executing program 4 (id=2311): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x21, 0x5, 0x8000000000000000, 0x0) r0 = open(0x0, 0x22240, 0x55) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) statx$auto(r0, 0x0, 0x2001003, 0x4005, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.636674745s ago: executing program 0 (id=2312): r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioprio_set$auto(0x3, 0x0, 0x4b34) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) flock$auto(0x6, 0x1) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x8001, 0x2) read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000010c0)=""/4096, 0x1000) close_range$auto(0x2, 0x8000, 0x0) 3.599688406s ago: executing program 5 (id=2313): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0xffff) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2b, 0x1, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r1, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/devices/virtual/block/ram7/queue/iostats\x00', 0x8502, 0x0) write$auto(r2, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x8) pread64$auto(r0, 0x0, 0x200000000000005, 0xfffffffffffffffd) 2.896177909s ago: executing program 5 (id=2314): r0 = socket(0x26, 0x3, 0x9) capset$auto(0x0, 0x0) sendmmsg$auto(r0, 0x0, 0x2, 0x100) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_clone(0x42ae1411, 0x0, 0x0, 0x0, 0x0, 0x0) 2.895443801s ago: executing program 6 (id=2322): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) socket(0x2c, 0x3, 0x0) mmap$auto(0x0, 0xe980, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x7, 0x0, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/231, 0xe7) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/pagemap\x00', 0x0, 0x0) readv$auto(r0, &(0x7f0000000400)={0x0, 0x40}, 0x6) 2.894852589s ago: executing program 4 (id=2315): r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) ioctl$auto_IMDELTIMER(r0, 0x80044941, 0x0) adjtimex$auto(&(0x7f0000000200)={0x5f95, 0x0, 0x2, 0x2000000a, 0xff7d, 0xbc58, 0x4000005, 0x0, 0x5, 0x8, 0x80000000, {0x7ff, 0xf423f}, 0x2744, 0x200000001, 0xff, 0x7, 0x0, 0x3c8, 0x8, 0x8, 0xffffffffffffffff, 0x1560cc85, 0x9}) sendmmsg$auto(r0, &(0x7f0000000240)={{&(0x7f0000000000)="41a01a3a1b3a80ada9917abde8538919ca952a3a221c47806572c6be036ba070da5d11406271e2e1caaca43be101152129b8fe81c1e6e804a99fbaeabd38243df64f7a1fb8b0d16d860fbed6560b733e5dccd9e6393e5811dee4a771d24c1bc6010ede0f2a3c161c0dbe2bc3ef14efc0707aaadf3368e739", 0xfffffff8, &(0x7f0000000180)={&(0x7f0000000080)="ad21c732274f944ea3775a7800abb012694bd5c65f778d24fc3ce53f42773b999ab3a6d090d02b844bebc5f85119df15f2dbb237f3e4af20d269ef6a3b9b6e4cecf7e3a4e99c80da9deabc575bd317eb97105a1a07ee84e7237c6502e2b562ffc1a1860fbe3f35b785667fd54bdea4ea23cd01925b3b377006b28a20a82a6201a2bc0711fd961e118ae37b042438b423993cf17eeff7c63bfa1326335e8e29", 0x5}, 0x5, &(0x7f00000001c0)="c70a459e5c127f5cf92a6e6f17bb7d1b10c9249f5895e2095f39c3c71244c50bfa6c12abdeeb512e0d5a87acf5191e6aee3ab0598f48611e9b140f5479130cfb94a80e21f0b9afefcb4a44a04fedeea4deb48b54bf57ef0fbc8fdf974dbc82ed5588a549d1ce8376ad34bba537e8e907ff", 0x0, 0x7ff}, 0x78}, 0xfffffffa, 0x2) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) renameat2$auto(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmmsg$auto(r0, &(0x7f0000000440)={{&(0x7f0000000280)="0efcb3efdcf282e7d6fc97b5ed091751a9fddd599a9ba5739dfc07d7a17e6df868a1b6d0689fbf07b74a70fb78d5a99f2fc1aa0130cc8ad90d23cad982ab4af9c58cbf257231b1556fc64cd23ca1a68373e8ac74d7dc73e42f892a46e0681f3a85e87f130573029ba037a94a3de569160e", 0x5, &(0x7f00000003c0)={&(0x7f0000000340)="dc716b1ac7b770d9d47be14c7a019793973c1d90bc16effd82eddfc86bdc64ad3a7f7ef3870d2dfc9735bc0e300aa184a514cc506796", 0x9}, 0xb, &(0x7f0000000400)="79433ea18dbffb92", 0x7, 0x3469}, 0x80}, 0xffff4535, 0x401) mlock$auto(0xfbe8, 0x4) syz_clone(0x8124400, 0x0, 0x0, 0x0, 0x0, 0x0) 2.25077754s ago: executing program 0 (id=2316): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) bpf$auto(0x0, 0x0, 0x6f4) fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) 2.07153588s ago: executing program 5 (id=2317): pipe$auto(0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x4008ae93, 0x0) 1.584563446s ago: executing program 6 (id=2318): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) mremap$auto(0x200000000000, 0x40000000004, 0x4, 0x3, 0x100000000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mremap$auto(0x0, 0xbfffffffffffffff, 0x401, 0x0, 0x7fffffffb000) bind$auto(0xffffffffffffffff, &(0x7f0000000200)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x10}, 0xfff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0x7) 1.584455597s ago: executing program 5 (id=2319): unshare$auto(0x40000080) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_BLKTRACESTART2(r1, 0x1274, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r2, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef) 1.052572609s ago: executing program 0 (id=2320): unshare$auto(0x40000080) socket(0x10, 0x2, 0xc) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) mmap$auto(0x0, 0xe00006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) unshare$auto(0x8000000) syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0) 488.761825ms ago: executing program 6 (id=2321): openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0x400, 0x0) write$auto_console_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f42) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f00000000c0)={0x0, 0x7}, 0x3) shmctl$auto(0x7ff, 0x7270, 0x0) msgctl$auto_IPC_SET(0xfffffffc, 0x1, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000180), 0x1001, 0x0) 433.1515ms ago: executing program 4 (id=2323): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082cbd7000fedbdf250300000008000200", @ANYRES32=0x0, @ANYBLOB="060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a000500aaaaaaaaaabb00000a00010000000000000000000a000100bbbbbbbbbbbb0000060006000f00000008000400010000880a0011"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x6004000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 15.393371ms ago: executing program 0 (id=2324): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) mmap$auto(0x0, 0x8, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) shutdown$auto(0x200000003, 0x2) 0s ago: executing program 5 (id=2325): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x801, 0x84) socket(0x2, 0x1, 0x0) socket(0x1, 0x2, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) close_range$auto(0x0, 0xfffffffffffff000, 0x2) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                [ 507.666225][T13311] sp0: Synchronizing with TNC [ 508.061355][ T80] ERROR: Out of memory at tomoyo_memory_ok. [ 508.097037][ T12] ERROR: Out of memory at tomoyo_memory_ok. syzkaller syzkaller login: [ 508.824315][T13323] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 508.841296][T13323] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 508.865419][T13323] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 508.882444][T13323] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 508.904158][T13323] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 508.942255][T13323] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 508.989750][T13323] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 508.996206][T13323] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 509.020462][T13323] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 509.055659][T13323] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 509.061933][T13323] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 509.222933][T13350] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 509.545963][T13364] vivid-003: ================= START STATUS ================= [ 509.576496][T13364] vivid-003: Radio HW Seek Mode: Bounded [ 509.599143][T13364] vivid-003: Radio Programmable HW Seek: false [ 509.613334][T13364] vivid-003: RDS Rx I/O Mode: Block I/O [ 509.656974][T13364] vivid-003: Generate RBDS Instead of RDS: false [ 509.681924][T13364] vivid-003: RDS Reception: true [ 509.726910][T13364] vivid-003: RDS Program Type: 0 inactive [ 509.732873][T13364] vivid-003: RDS PS Name: inactive [ 509.741376][T13364] vivid-003: RDS Radio Text: inactive [ 509.768108][T13364] vivid-003: RDS Traffic Announcement: false inactive [ 509.810082][T13364] vivid-003: RDS Traffic Program: false inactive [ 509.819691][T13364] vivid-003: RDS Music: false inactive [ 509.836022][T13364] vivid-003: ================== END STATUS ================== [ 510.254215][ T5872] Bluetooth: hci0: command 0x0406 tx timeout [ 510.891077][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 511.060282][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 511.129922][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 511.553297][T13412] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 511.824547][T13414] netlink: 306 bytes leftover after parsing attributes in process `syz.6.2212'. [ 511.845780][T13414] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2212'. [ 511.917755][T13414] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2212'. [ 512.178960][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 512.185841][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 512.324798][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 512.359383][T13422] zswap: compressor 000 not available [ 512.752979][T13436] netlink: 'syz.6.2219': attribute type 4 has an invalid length. [ 512.780580][T13436] netlink: 314 bytes leftover after parsing attributes in process `syz.6.2219'. [ 512.963993][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 513.120552][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 513.200539][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 513.380702][T13452] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2225'. [ 513.548047][T13459] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2229'. [ 514.178329][T13481] FAULT_INJECTION: forcing a failure. [ 514.178329][T13481] name failslab, interval 1, probability 0, space 0, times 0 [ 514.228299][T13481] CPU: 1 UID: 0 PID: 13481 Comm: syz.0.2237 Tainted: GF R 6.16.0-syzkaller-11741-g5998f2bca43e #0 PREEMPT(full) [ 514.228356][T13481] Tainted: [F]=FORCED_MODULE, [R]=FORCED_RMMOD [ 514.228371][T13481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 514.228391][T13481] Call Trace: [ 514.228413][T13481] [ 514.228430][T13481] dump_stack_lvl+0x16c/0x1f0 [ 514.228473][T13481] should_fail_ex+0x512/0x640 [ 514.228513][T13481] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 514.228560][T13481] should_failslab+0xc2/0x120 [ 514.228607][T13481] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 514.228650][T13481] ? __d_alloc+0x32/0xae0 [ 514.228697][T13481] __d_alloc+0x32/0xae0 [ 514.228745][T13481] d_alloc_parallel+0x111/0x1480 [ 514.228810][T13481] ? stack_depot_save_flags+0x29/0x9c0 [ 514.228857][T13481] ? __pfx_d_alloc_parallel+0x10/0x10 [ 514.228914][T13481] ? lockdep_init_map_type+0x5c/0x280 [ 514.228964][T13481] ? lockdep_init_map_type+0x5c/0x280 [ 514.229021][T13481] __lookup_slow+0x193/0x460 [ 514.229076][T13481] ? __pfx___lookup_slow+0x10/0x10 [ 514.229136][T13481] ? perf_trace_mm_compaction_suitable_template+0x1d0/0x5e0 [ 514.229198][T13481] ? perf_trace_mm_compaction_suitable_template+0x1d0/0x5e0 [ 514.229250][T13481] ? d_lookup+0xe7/0x190 [ 514.229314][T13481] lookup_noperm+0xe1/0x110 [ 514.229369][T13481] simple_start_creating+0xd1/0x1b0 [ 514.229418][T13481] start_creating.part.0+0x82/0x190 [ 514.229456][T13481] debugfs_create_dir+0x6c/0x5f0 [ 514.229495][T13481] ptp_open+0x334/0x550 [ 514.229550][T13481] ? __pfx_ptp_open+0x10/0x10 [ 514.229610][T13481] ? __pfx_ptp_open+0x10/0x10 [ 514.229657][T13481] posix_clock_open+0x178/0x290 [ 514.229699][T13481] ? __pfx_posix_clock_open+0x10/0x10 [ 514.229739][T13481] chrdev_open+0x234/0x6a0 [ 514.229782][T13481] ? __pfx_apparmor_file_open+0x10/0x10 [ 514.229839][T13481] ? __pfx_chrdev_open+0x10/0x10 [ 514.229887][T13481] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 514.229936][T13481] do_dentry_open+0x982/0x1530 [ 514.229979][T13481] ? __pfx_chrdev_open+0x10/0x10 [ 514.230033][T13481] vfs_open+0x82/0x3f0 [ 514.230090][T13481] path_openat+0x1de4/0x2cb0 [ 514.230146][T13481] ? __pfx_path_openat+0x10/0x10 [ 514.230201][T13481] do_filp_open+0x20b/0x470 [ 514.230243][T13481] ? __pfx_do_filp_open+0x10/0x10 [ 514.230317][T13481] ? alloc_fd+0x471/0x7d0 [ 514.230368][T13481] do_sys_openat2+0x11b/0x1d0 [ 514.230428][T13481] ? __pfx_do_sys_openat2+0x10/0x10 [ 514.230500][T13481] __x64_sys_openat+0x174/0x210 [ 514.230554][T13481] ? __pfx___x64_sys_openat+0x10/0x10 [ 514.230628][T13481] do_syscall_64+0xcd/0x490 [ 514.230670][T13481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.230706][T13481] RIP: 0033:0x7f65bbf8eb69 [ 514.230735][T13481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 514.230769][T13481] RSP: 002b:00007f65bcd52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 514.230804][T13481] RAX: ffffffffffffffda RBX: 00007f65bc1b6080 RCX: 00007f65bbf8eb69 [ 514.230827][T13481] RDX: 0000000000000440 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 514.230849][T13481] RBP: 00007f65bc011df1 R08: 0000000000000000 R09: 0000000000000000 [ 514.230871][T13481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 514.230892][T13481] R13: 0000000000000000 R14: 00007f65bc1b6080 R15: 00007ffe1de9e958 [ 514.230936][T13481] [ 514.814668][T13494] openvswitch: netlink: IP tunnel dst address not specified [ 515.044894][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 515.055530][T13499] __vm_enough_memory: pid: 13499, comm: syz.5.2245, bytes: 4398046511104 not enough memory for the allocation [ 515.193830][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 515.351957][T13505] netlink: 'syz.4.2247': attribute type 29 has an invalid length. [ 515.708397][T13520] __vm_enough_memory: pid: 13520, comm: syz.4.2251, bytes: 4398046511104 not enough memory for the allocation [ 516.240335][T13529] FAULT_INJECTION: forcing a failure. [ 516.240335][T13529] name failslab, interval 1, probability 0, space 0, times 0 [ 516.254117][T13529] CPU: 0 UID: 0 PID: 13529 Comm: syz.4.2255 Tainted: GF R 6.16.0-syzkaller-11741-g5998f2bca43e #0 PREEMPT(full) [ 516.254183][T13529] Tainted: [F]=FORCED_MODULE, [R]=FORCED_RMMOD [ 516.254198][T13529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 516.254220][T13529] Call Trace: [ 516.254231][T13529] [ 516.254244][T13529] dump_stack_lvl+0x16c/0x1f0 [ 516.254287][T13529] should_fail_ex+0x512/0x640 [ 516.254328][T13529] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 516.254368][T13529] should_failslab+0xc2/0x120 [ 516.254413][T13529] __kmalloc_cache_noprof+0x6a/0x3e0 [ 516.254451][T13529] ? acpi_ds_create_walk_state+0x78/0x250 [ 516.254500][T13529] acpi_ds_create_walk_state+0x78/0x250 [ 516.254544][T13529] acpi_ps_execute_method+0x253/0xb30 [ 516.254590][T13529] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 516.254642][T13529] acpi_ns_evaluate+0x76c/0xca0 [ 516.254689][T13529] ? kasan_save_track+0x14/0x30 [ 516.254733][T13529] acpi_evaluate_object+0x1fa/0xa90 [ 516.254793][T13529] ? do_syscall_64+0xcd/0x490 [ 516.254826][T13529] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 516.254863][T13529] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 516.254918][T13529] ? __mutex_trylock_common+0xe9/0x250 [ 516.254974][T13529] acpi_evaluate_integer+0xdd/0x200 [ 516.255032][T13529] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 516.255104][T13529] ? __pfx_status_show+0x10/0x10 [ 516.255137][T13529] status_show+0xa0/0x120 [ 516.255180][T13529] ? __pfx_status_show+0x10/0x10 [ 516.255228][T13529] dev_attr_show+0x53/0xe0 [ 516.255277][T13529] ? __pfx_dev_attr_show+0x10/0x10 [ 516.255318][T13529] sysfs_kf_seq_show+0x213/0x3e0 [ 516.255359][T13529] seq_read_iter+0x509/0x12c0 [ 516.255395][T13529] ? __mutex_trylock_common+0xe9/0x250 [ 516.255457][T13529] kernfs_fop_read_iter+0x40f/0x5a0 [ 516.255489][T13529] ? rw_verify_area+0xcf/0x6c0 [ 516.255529][T13529] vfs_read+0x8bf/0xc60 [ 516.255573][T13529] ? __pfx___mutex_lock+0x10/0x10 [ 516.255609][T13529] ? __pfx_vfs_read+0x10/0x10 [ 516.255682][T13529] ksys_read+0x12a/0x250 [ 516.255720][T13529] ? __pfx_ksys_read+0x10/0x10 [ 516.255771][T13529] do_syscall_64+0xcd/0x490 [ 516.255813][T13529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 516.255849][T13529] RIP: 0033:0x7f4b95b8eb69 [ 516.255882][T13529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 516.255914][T13529] RSP: 002b:00007f4b96a37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 516.255946][T13529] RAX: ffffffffffffffda RBX: 00007f4b95db5fa0 RCX: 00007f4b95b8eb69 [ 516.255969][T13529] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 516.255990][T13529] RBP: 00007f4b95c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 516.256012][T13529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 516.256033][T13529] R13: 0000000000000000 R14: 00007f4b95db5fa0 R15: 00007ffe7e1e9928 [ 516.256074][T13529] [ 517.101920][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 517.743538][T13543] FAULT_INJECTION: forcing a failure. [ 517.743538][T13543] name failslab, interval 1, probability 0, space 0, times 0 [ 517.758343][T13543] CPU: 1 UID: 0 PID: 13543 Comm: syz.4.2259 Tainted: GF R 6.16.0-syzkaller-11741-g5998f2bca43e #0 PREEMPT(full) [ 517.758406][T13543] Tainted: [F]=FORCED_MODULE, [R]=FORCED_RMMOD [ 517.758421][T13543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 517.758441][T13543] Call Trace: [ 517.758453][T13543] [ 517.758466][T13543] dump_stack_lvl+0x16c/0x1f0 [ 517.758509][T13543] should_fail_ex+0x512/0x640 [ 517.758548][T13543] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 517.758598][T13543] should_failslab+0xc2/0x120 [ 517.758644][T13543] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 517.758684][T13543] ? can_rx_register+0x582/0x6f0 [ 517.758745][T13543] can_rx_register+0x582/0x6f0 [ 517.758796][T13543] ? __pfx_raw_rcv+0x10/0x10 [ 517.758843][T13543] ? __pfx_can_rx_register+0x10/0x10 [ 517.758914][T13543] raw_enable_filters+0xe0/0x210 [ 517.758960][T13543] raw_enable_allfilters+0x8b/0x2b0 [ 517.758995][T13543] ? __local_bh_enable_ip+0xa4/0x120 [ 517.759042][T13543] raw_bind+0x48a/0xe50 [ 517.759076][T13543] ? apparmor_socket_bind+0x105/0x200 [ 517.759135][T13543] __sys_bind+0x1a4/0x260 [ 517.759185][T13543] ? __pfx___sys_bind+0x10/0x10 [ 517.759252][T13543] ? __sys_setsockopt+0x140/0x1a0 [ 517.759295][T13543] __x64_sys_bind+0x72/0xb0 [ 517.759342][T13543] ? lockdep_hardirqs_on+0x7c/0x110 [ 517.759377][T13543] do_syscall_64+0xcd/0x490 [ 517.759418][T13543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.759453][T13543] RIP: 0033:0x7f4b95b8eb69 [ 517.759481][T13543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 517.759515][T13543] RSP: 002b:00007f4b96a37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 517.759548][T13543] RAX: ffffffffffffffda RBX: 00007f4b95db5fa0 RCX: 00007f4b95b8eb69 [ 517.759571][T13543] RDX: 000000000000006a RSI: 0000200000000040 RDI: 0000000000000003 [ 517.759592][T13543] RBP: 00007f4b95c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 517.759612][T13543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 517.759631][T13543] R13: 0000000000000000 R14: 00007f4b95db5fa0 R15: 00007ffe7e1e9928 [ 517.759674][T13543] [ 517.982783][T13515] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 517.989627][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 518.496714][T13515] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 518.503977][T13515] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 518.510347][T13515] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 518.644105][T13549] FAULT_INJECTION: forcing a failure. [ 518.644105][T13549] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 518.659822][T13549] CPU: 1 UID: 0 PID: 13549 Comm: syz.0.2261 Tainted: GF R 6.16.0-syzkaller-11741-g5998f2bca43e #0 PREEMPT(full) [ 518.659884][T13549] Tainted: [F]=FORCED_MODULE, [R]=FORCED_RMMOD [ 518.659899][T13549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 518.659920][T13549] Call Trace: [ 518.659932][T13549] [ 518.659946][T13549] dump_stack_lvl+0x16c/0x1f0 [ 518.659999][T13549] should_fail_ex+0x512/0x640 [ 518.660050][T13549] should_fail_alloc_page+0xe7/0x130 [ 518.660101][T13549] prepare_alloc_pages+0x3c2/0x610 [ 518.660160][T13549] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 518.660208][T13549] ? do_sys_poll+0x24a/0xdf0 [ 518.660242][T13549] ? stack_trace_save+0x8e/0xc0 [ 518.660281][T13549] ? __pfx_stack_trace_save+0x10/0x10 [ 518.660320][T13549] ? stack_depot_save_flags+0x29/0x9c0 [ 518.660370][T13549] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 518.660412][T13549] ? do_sys_poll+0x24a/0xdf0 [ 518.660446][T13549] ? kasan_save_stack+0x33/0x60 [ 518.660484][T13549] ? __kasan_kmalloc+0xaa/0xb0 [ 518.660519][T13549] ? __kmalloc_noprof+0x223/0x510 [ 518.660556][T13549] ? do_sys_poll+0x24a/0xdf0 [ 518.660586][T13549] ? __x64_sys_poll+0x1a6/0x450 [ 518.660621][T13549] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.660663][T13549] ? __lock_acquire+0xb97/0x1ce0 [ 518.660714][T13549] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 518.660765][T13549] ? policy_nodemask+0xea/0x4e0 [ 518.660815][T13549] alloc_pages_mpol+0x1fb/0x550 [ 518.660863][T13549] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 518.660918][T13549] alloc_pages_noprof+0x131/0x390 [ 518.660965][T13549] get_free_pages_noprof+0x10/0xb0 [ 518.661061][T13549] __pollwait+0x295/0x490 [ 518.661100][T13549] pipe_poll+0x239/0x660 [ 518.661137][T13549] ? __pfx___pollwait+0x10/0x10 [ 518.661171][T13549] ? __pfx_pipe_poll+0x10/0x10 [ 518.661209][T13549] do_sys_poll+0x559/0xdf0 [ 518.661257][T13549] ? __pfx_do_sys_poll+0x10/0x10 [ 518.661295][T13549] ? __pfx___schedule+0x10/0x10 [ 518.661379][T13549] ? __futex_wait+0x24c/0x2f0 [ 518.661432][T13549] ? __pfx___pollwait+0x10/0x10 [ 518.661470][T13549] ? __pfx_pollwake+0x10/0x10 [ 518.661507][T13549] ? __pfx_pollwake+0x10/0x10 [ 518.661544][T13549] ? __pfx_pollwake+0x10/0x10 [ 518.661582][T13549] ? __pfx_pollwake+0x10/0x10 [ 518.661620][T13549] ? __pfx_pollwake+0x10/0x10 [ 518.661658][T13549] ? __pfx_pollwake+0x10/0x10 [ 518.661696][T13549] ? __pfx_pollwake+0x10/0x10 [ 518.661734][T13549] ? __pfx_pollwake+0x10/0x10 [ 518.661771][T13549] ? __pfx_pollwake+0x10/0x10 [ 518.661804][T13549] ? __pfx_timespec64_add_safe+0x10/0x10 [ 518.661856][T13549] ? ktime_get_ts64+0x2d2/0x400 [ 518.661899][T13549] ? read_tsc+0x9/0x20 [ 518.661935][T13549] ? ktime_get_ts64+0x256/0x400 [ 518.662019][T13549] __x64_sys_poll+0x1a6/0x450 [ 518.662059][T13549] ? __pfx___x64_sys_poll+0x10/0x10 [ 518.662125][T13549] do_syscall_64+0xcd/0x490 [ 518.662166][T13549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.662201][T13549] RIP: 0033:0x7f65bbf8eb69 [ 518.662229][T13549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 518.662262][T13549] RSP: 002b:00007f65bcd73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 518.662295][T13549] RAX: ffffffffffffffda RBX: 00007f65bc1b5fa0 RCX: 00007f65bbf8eb69 [ 518.662317][T13549] RDX: 000000000000800a RSI: 000000000000007f RDI: 0000200000000180 [ 518.662339][T13549] RBP: 00007f65bc011df1 R08: 0000000000000000 R09: 0000000000000000 [ 518.662361][T13549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 518.662382][T13549] R13: 0000000000000000 R14: 00007f65bc1b5fa0 R15: 00007ffe1de9e958 [ 518.662426][T13549] [ 518.676653][T13551] netlink: 330 bytes leftover after parsing attributes in process `syz.6.2262'. [ 519.092615][T13551] : renamed from bond_slave_1 (while UP) [ 519.492935][T13568] tipc: Started in network mode [ 519.498728][T13568] tipc: Node identity ee00, cluster identity 4711 [ 519.511561][T13568] tipc: Node number set to 60928 [ 519.533109][T13567] delete_channel: no stack [ 519.534184][T13569] netlink: 17 bytes leftover after parsing attributes in process `syz.6.2268'. [ 519.578433][T13569] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2268'. [ 520.048385][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 520.297639][T13589] FAULT_INJECTION: forcing a failure. [ 520.297639][T13589] name failslab, interval 1, probability 0, space 0, times 0 [ 520.326751][T13589] CPU: 1 UID: 0 PID: 13589 Comm: syz.5.2275 Tainted: GF R 6.16.0-syzkaller-11741-g5998f2bca43e #0 PREEMPT(full) [ 520.326797][T13589] Tainted: [F]=FORCED_MODULE, [R]=FORCED_RMMOD [ 520.326808][T13589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 520.326823][T13589] Call Trace: [ 520.326832][T13589] [ 520.326842][T13589] dump_stack_lvl+0x16c/0x1f0 [ 520.326873][T13589] should_fail_ex+0x512/0x640 [ 520.326902][T13589] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 520.326939][T13589] should_failslab+0xc2/0x120 [ 520.326973][T13589] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 520.327006][T13589] ? cache_create_net+0x2b/0x220 [ 520.327044][T13589] ? __pfx_nfsd_net_init+0x10/0x10 [ 520.327068][T13589] kmemdup_noprof+0x29/0x60 [ 520.327097][T13589] cache_create_net+0x2b/0x220 [ 520.327134][T13589] ? __pfx_nfsd_net_init+0x10/0x10 [ 520.327157][T13589] nfsd_export_init+0x62/0x250 [ 520.327181][T13589] ? __pfx_nfsd_net_init+0x10/0x10 [ 520.327203][T13589] nfsd_net_init+0x33/0x3d0 [ 520.327226][T13589] ? __pfx_nfsd_net_init+0x10/0x10 [ 520.327249][T13589] ops_init+0x1df/0x5f0 [ 520.327279][T13589] setup_net+0x10f/0x380 [ 520.327302][T13589] ? lockdep_init_map_type+0x5c/0x280 [ 520.327337][T13589] ? __pfx_setup_net+0x10/0x10 [ 520.327364][T13589] ? debug_mutex_init+0x37/0x70 [ 520.327390][T13589] copy_net_ns+0x2a6/0x5f0 [ 520.327422][T13589] create_new_namespaces+0x3ea/0xa90 [ 520.327457][T13589] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 520.327487][T13589] ksys_unshare+0x45b/0xa40 [ 520.327530][T13589] ? __pfx_ksys_unshare+0x10/0x10 [ 520.327566][T13589] ? xfd_validate_state+0x61/0x180 [ 520.327613][T13589] __x64_sys_unshare+0x31/0x40 [ 520.327645][T13589] do_syscall_64+0xcd/0x490 [ 520.327674][T13589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.327699][T13589] RIP: 0033:0x7f881998eb69 [ 520.327718][T13589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 520.327742][T13589] RSP: 002b:00007f881a833038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 520.327765][T13589] RAX: ffffffffffffffda RBX: 00007f8819bb5fa0 RCX: 00007f881998eb69 [ 520.327781][T13589] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 520.327796][T13589] RBP: 00007f8819a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 520.327810][T13589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 520.327825][T13589] R13: 0000000000000000 R14: 00007f8819bb5fa0 R15: 00007ffcf7fdc268 [ 520.327855][T13589] [ 520.694020][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 520.700590][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 520.933231][T13594] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 521.224669][T13602] sp0: Synchronizing with TNC [ 521.610799][T13604] sp0: Synchronizing with TNC [ 522.036241][T13610] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2282'. [ 522.111130][T13610] netlink: 'syz.5.2282': attribute type 1 has an invalid length. [ 522.163392][T13610] netlink: 'syz.5.2282': attribute type 2 has an invalid length. [ 522.245662][T13610] netlink: 'syz.5.2282': attribute type 7 has an invalid length. [ 522.312410][T13610] netlink: 214 bytes leftover after parsing attributes in process `syz.5.2282'. [ 522.415408][T13624] FAULT_INJECTION: forcing a failure. [ 522.415408][T13624] name failslab, interval 1, probability 0, space 0, times 0 [ 522.473791][T13624] CPU: 1 UID: 0 PID: 13624 Comm: syz.4.2285 Tainted: GF R 6.16.0-syzkaller-11741-g5998f2bca43e #0 PREEMPT(full) [ 522.473854][T13624] Tainted: [F]=FORCED_MODULE, [R]=FORCED_RMMOD [ 522.473870][T13624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 522.473891][T13624] Call Trace: [ 522.473903][T13624] [ 522.473916][T13624] dump_stack_lvl+0x16c/0x1f0 [ 522.473958][T13624] should_fail_ex+0x512/0x640 [ 522.474001][T13624] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 522.474050][T13624] should_failslab+0xc2/0x120 [ 522.474096][T13624] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 522.474139][T13624] ? alloc_inode+0x64/0x240 [ 522.474194][T13624] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 522.474248][T13624] alloc_inode+0x64/0x240 [ 522.474308][T13624] new_inode+0x22/0x1c0 [ 522.474360][T13624] debugfs_create_dir+0xdd/0x5f0 [ 522.474400][T13624] ptp_open+0x334/0x550 [ 522.474454][T13624] ? __pfx_ptp_open+0x10/0x10 [ 522.474517][T13624] ? __pfx_ptp_open+0x10/0x10 [ 522.474564][T13624] posix_clock_open+0x178/0x290 [ 522.474605][T13624] ? __pfx_posix_clock_open+0x10/0x10 [ 522.474644][T13624] chrdev_open+0x234/0x6a0 [ 522.474687][T13624] ? __pfx_apparmor_file_open+0x10/0x10 [ 522.474743][T13624] ? __pfx_chrdev_open+0x10/0x10 [ 522.474791][T13624] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 522.474845][T13624] do_dentry_open+0x982/0x1530 [ 522.474897][T13624] ? __pfx_chrdev_open+0x10/0x10 [ 522.474953][T13624] vfs_open+0x82/0x3f0 [ 522.475010][T13624] path_openat+0x1de4/0x2cb0 [ 522.475067][T13624] ? __pfx_path_openat+0x10/0x10 [ 522.475121][T13624] do_filp_open+0x20b/0x470 [ 522.475165][T13624] ? __pfx_do_filp_open+0x10/0x10 [ 522.475239][T13624] ? alloc_fd+0x471/0x7d0 [ 522.475288][T13624] do_sys_openat2+0x11b/0x1d0 [ 522.475352][T13624] ? __pfx_do_sys_openat2+0x10/0x10 [ 522.475424][T13624] __x64_sys_openat+0x174/0x210 [ 522.475477][T13624] ? __pfx___x64_sys_openat+0x10/0x10 [ 522.475549][T13624] do_syscall_64+0xcd/0x490 [ 522.475590][T13624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.475624][T13624] RIP: 0033:0x7f4b95b8eb69 [ 522.475651][T13624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 522.475685][T13624] RSP: 002b:00007f4b96a16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 522.475716][T13624] RAX: ffffffffffffffda RBX: 00007f4b95db6080 RCX: 00007f4b95b8eb69 [ 522.475740][T13624] RDX: 0000000000000440 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 522.475764][T13624] RBP: 00007f4b95c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 522.475786][T13624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 522.475808][T13624] R13: 0000000000000000 R14: 00007f4b95db6080 R15: 00007ffe7e1e9928 [ 522.475852][T13624] [ 522.802177][T13624] debugfs: out of free dentries, can not create directory '0xffff88805e730000' [ 523.323527][T13626] netlink: 18 bytes leftover after parsing attributes in process `syz.5.2286'. [ 524.330541][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805b5d0c00: rx timeout, send abort [ 524.339092][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805b5d2800: rx timeout, send abort [ 524.347810][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805b5d0c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 524.348759][ T5215] ERROR: Out of memory at tomoyo_memory_ok. [ 524.362573][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805b5d2800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 524.586077][T13651] sp0: Synchronizing with TNC [ 524.729679][T13651] sp0: Synchronizing with TNC [ 525.042972][T13664] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 525.304829][ T5218] ERROR: Out of memory at tomoyo_memory_ok. [ 525.327949][T13658] zswap: compressor not available [ 525.560836][T13666] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 525.722782][T13670] openvswitch: netlink: IP tunnel dst address not specified [ 527.070118][T13695] netlink: 252 bytes leftover after parsing attributes in process `syz.4.2308'. [ 528.687891][T13718] FAULT_INJECTION: forcing a failure. [ 528.687891][T13718] name failslab, interval 1, probability 0, space 0, times 0 [ 528.707555][T13718] CPU: 1 UID: 0 PID: 13718 Comm: syz.5.2314 Tainted: GF R 6.16.0-syzkaller-11741-g5998f2bca43e #0 PREEMPT(full) [ 528.707622][T13718] Tainted: [F]=FORCED_MODULE, [R]=FORCED_RMMOD [ 528.707637][T13718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 528.707658][T13718] Call Trace: [ 528.707671][T13718] [ 528.707686][T13718] dump_stack_lvl+0x16c/0x1f0 [ 528.707728][T13718] should_fail_ex+0x512/0x640 [ 528.707850][T13718] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 528.707902][T13718] should_failslab+0xc2/0x120 [ 528.707948][T13718] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 528.707998][T13718] ? debugfs_create_symlink+0x29/0x320 [ 528.708041][T13718] kstrdup+0x53/0x100 [ 528.708084][T13718] debugfs_create_symlink+0x29/0x320 [ 528.708125][T13718] ref_tracker_dir_symlink+0x255/0x360 [ 528.708173][T13718] ? __pfx_ref_tracker_dir_symlink+0x10/0x10 [ 528.708283][T13718] net_ns_net_init+0x140/0x220 [ 528.708323][T13718] ? __pfx_net_ns_net_init+0x10/0x10 [ 528.708359][T13718] ops_init+0x1df/0x5f0 [ 528.708402][T13718] setup_net+0x10f/0x380 [ 528.708443][T13718] ? lockdep_init_map_type+0x5c/0x280 [ 528.708495][T13718] ? __pfx_setup_net+0x10/0x10 [ 528.708536][T13718] ? debug_mutex_init+0x37/0x70 [ 528.708576][T13718] copy_net_ns+0x2a6/0x5f0 [ 528.708624][T13718] create_new_namespaces+0x3ea/0xa90 [ 528.708675][T13718] copy_namespaces+0x468/0x560 [ 528.708719][T13718] copy_process+0x2822/0x7690 [ 528.708791][T13718] ? __pfx_copy_process+0x10/0x10 [ 528.708837][T13718] ? futex_private_hash_put+0x176/0x300 [ 528.708886][T13718] ? futex_private_hash_put+0x18a/0x300 [ 528.708937][T13718] kernel_clone+0xfc/0x930 [ 528.708985][T13718] ? __pfx_kernel_clone+0x10/0x10 [ 528.709053][T13718] __do_sys_clone+0xce/0x120 [ 528.709099][T13718] ? __pfx___do_sys_clone+0x10/0x10 [ 528.709164][T13718] ? xfd_validate_state+0x61/0x180 [ 528.709215][T13718] ? __pfx_do_writev+0x10/0x10 [ 528.709267][T13718] do_syscall_64+0xcd/0x490 [ 528.709309][T13718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.709344][T13718] RIP: 0033:0x7f881998eb69 [ 528.709372][T13718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 528.709405][T13718] RSP: 002b:00007f881a832fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 528.709438][T13718] RAX: ffffffffffffffda RBX: 00007f8819bb5fa0 RCX: 00007f881998eb69 [ 528.709460][T13718] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000042ae1411 [ 528.709481][T13718] RBP: 00007f8819a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 528.709501][T13718] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 528.709521][T13718] R13: 0000000000000000 R14: 00007f8819bb5fa0 R15: 00007ffcf7fdc268 [ 528.709563][T13718] [ 530.075265][T13739] __vm_enough_memory: pid: 13739, comm: syz.6.2318, bytes: 4398046511104 not enough memory for the allocation [ 531.069331][T13751] random: crng reseeded on system resumption [ 531.075855][T13751] FAULT_INJECTION: forcing a failure. [ 531.075855][T13751] name failslab, interval 1, probability 0, space 0, times 0 [ 531.124599][T13751] CPU: 1 UID: 0 PID: 13751 Comm: syz.6.2321 Tainted: GF R 6.16.0-syzkaller-11741-g5998f2bca43e #0 PREEMPT(full) [ 531.124659][T13751] Tainted: [F]=FORCED_MODULE, [R]=FORCED_RMMOD [ 531.124673][T13751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 531.124693][T13751] Call Trace: [ 531.124705][T13751] [ 531.124719][T13751] dump_stack_lvl+0x16c/0x1f0 [ 531.124760][T13751] should_fail_ex+0x512/0x640 [ 531.124809][T13751] should_failslab+0xc2/0x120 [ 531.124856][T13751] __kmalloc_cache_noprof+0x6a/0x3e0 [ 531.124890][T13751] ? do_raw_spin_lock+0x12c/0x2b0 [ 531.124941][T13751] ? find_held_lock+0x2b/0x80 [ 531.124971][T13751] ? async_schedule_node_domain+0x54/0x120 [ 531.125017][T13751] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 531.125055][T13751] async_schedule_node_domain+0x54/0x120 [ 531.125101][T13751] dev_cache_fw_image+0x38e/0x490 [ 531.125138][T13751] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 531.125179][T13751] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 531.125214][T13751] dpm_for_each_dev+0x5d/0xb0 [ 531.125268][T13751] fw_pm_notify+0x81/0x150 [ 531.125319][T13751] notifier_call_chain+0xbc/0x410 [ 531.125360][T13751] ? __pfx_fw_pm_notify+0x10/0x10 [ 531.125422][T13751] blocking_notifier_call_chain_robust+0xc8/0x160 [ 531.125475][T13751] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 531.125539][T13751] pm_notifier_call_chain_robust+0x27/0x60 [ 531.125598][T13751] snapshot_open+0x218/0x2b0 [ 531.125641][T13751] ? __pfx_snapshot_open+0x10/0x10 [ 531.125683][T13751] misc_open+0x35a/0x420 [ 531.125739][T13751] ? __pfx_misc_open+0x10/0x10 [ 531.125791][T13751] chrdev_open+0x234/0x6a0 [ 531.125835][T13751] ? __pfx_apparmor_file_open+0x10/0x10 [ 531.125890][T13751] ? __pfx_chrdev_open+0x10/0x10 [ 531.125936][T13751] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 531.125980][T13751] do_dentry_open+0x982/0x1530 [ 531.126021][T13751] ? __pfx_chrdev_open+0x10/0x10 [ 531.126072][T13751] vfs_open+0x82/0x3f0 [ 531.126125][T13751] path_openat+0x1de4/0x2cb0 [ 531.126178][T13751] ? __pfx_path_openat+0x10/0x10 [ 531.126231][T13751] do_filp_open+0x20b/0x470 [ 531.126271][T13751] ? __pfx_do_filp_open+0x10/0x10 [ 531.126340][T13751] ? alloc_fd+0x471/0x7d0 [ 531.126386][T13751] do_sys_openat2+0x11b/0x1d0 [ 531.126437][T13751] ? __pfx_do_sys_openat2+0x10/0x10 [ 531.126507][T13751] __x64_sys_openat+0x174/0x210 [ 531.126560][T13751] ? __pfx___x64_sys_openat+0x10/0x10 [ 531.126643][T13751] do_syscall_64+0xcd/0x490 [ 531.126687][T13751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.126723][T13751] RIP: 0033:0x7f2b5658eb69 [ 531.126750][T13751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 531.126784][T13751] RSP: 002b:00007f2b57374038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 531.126816][T13751] RAX: ffffffffffffffda RBX: 00007f2b567b5fa0 RCX: 00007f2b5658eb69 [ 531.126838][T13751] RDX: 0000000000001001 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 531.126859][T13751] RBP: 00007f2b56611df1 R08: 0000000000000000 R09: 0000000000000000 [ 531.126880][T13751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 531.126900][T13751] R13: 0000000000000000 R14: 00007f2b567b5fa0 R15: 00007ffead6c1b08 [ 531.126944][T13751] [ 531.487821][T13751] [ 531.490395][T13751] ====================================================== [ 531.497533][T13751] WARNING: possible circular locking dependency detected [ 531.504578][T13751] 6.16.0-syzkaller-11741-g5998f2bca43e #0 Tainted: GF R [ 531.512926][T13751] ------------------------------------------------------ [ 531.519966][T13751] syz.6.2321/13751 is trying to acquire lock: [ 531.526317][T13751] ffff888027c6dc18 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}, at: process_measurement+0x7e0/0x23e0 [ 531.537184][T13751] [ 531.537184][T13751] but task is already holding lock: [ 531.544738][T13751] ffffffff8f513b08 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 531.553709][T13751] [ 531.553709][T13751] which lock already depends on the new lock. [ 531.553709][T13751] [ 531.564402][T13751] [ 531.564402][T13751] the existing dependency chain (in reverse order) is: [ 531.573433][T13751] [ 531.573433][T13751] -> #4 (dpm_list_mtx){+.+.}-{4:4}: [ 531.581055][T13751] __mutex_lock+0x193/0x10b0 [ 531.586200][T13751] device_pm_add+0x87/0x3e0 [ 531.591263][T13751] device_add+0x9cd/0x1aa0 [ 531.596254][T13751] device_create_groups_vargs+0x1f8/0x270 [ 531.602538][T13751] device_create+0xed/0x130 [ 531.607611][T13751] msr_device_create+0x31/0x70 [ 531.613015][T13751] cpuhp_invoke_callback+0x3d5/0xa10 [ 531.618957][T13751] cpuhp_thread_fun+0x47e/0x6f0 [ 531.624363][T13751] smpboot_thread_fn+0x3f4/0xae0 [ 531.629884][T13751] kthread+0x3c5/0x780 [ 531.634525][T13751] ret_from_fork+0x5d7/0x6f0 [ 531.639689][T13751] ret_from_fork_asm+0x1a/0x30 [ 531.645089][T13751] [ 531.645089][T13751] -> #3 (cpuhp_state-up){+.+.}-{0:0}: [ 531.652678][T13751] cpuhp_thread_fun+0x193/0x6f0 [ 531.658081][T13751] smpboot_thread_fn+0x3f4/0xae0 [ 531.663602][T13751] kthread+0x3c5/0x780 [ 531.668313][T13751] ret_from_fork+0x5d7/0x6f0 [ 531.673471][T13751] ret_from_fork_asm+0x1a/0x30 [ 531.678785][T13751] [ 531.678785][T13751] -> #2 (cpu_hotplug_lock){++++}-{0:0}: [ 531.686566][T13751] cpus_read_lock+0x42/0x160 [ 531.691708][T13751] ring_buffer_resize+0x105/0x15c0 [ 531.697371][T13751] tracing_update_buffers+0x15e/0x1f0 [ 531.703297][T13751] ftrace_event_write+0x14a/0x290 [ 531.709308][T13751] vfs_write+0x2a0/0x1150 [ 531.714192][T13751] ksys_write+0x12a/0x250 [ 531.719075][T13751] do_syscall_64+0xcd/0x490 [ 531.724125][T13751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.730563][T13751] [ 531.730563][T13751] -> #1 (trace_types_lock){+.+.}-{4:4}: [ 531.738328][T13751] __mutex_lock+0x193/0x10b0 [ 531.743563][T13751] tracing_check_open_get_tr.part.0+0x49/0x190 [ 531.750271][T13751] tracing_open_generic_tr+0x66/0xf0 [ 531.756122][T13751] do_dentry_open+0x982/0x1530 [ 531.761450][T13751] vfs_open+0x82/0x3f0 [ 531.766080][T13751] dentry_open+0x71/0xd0 [ 531.771320][T13751] ima_calc_file_hash+0x2b6/0x490 [ 531.776893][T13751] ima_collect_measurement+0x899/0xa40 [ 531.782926][T13751] process_measurement+0x11fa/0x23e0 [ 531.788799][T13751] ima_file_check+0xc5/0x110 [ 531.793947][T13751] security_file_post_open+0x8e/0x210 [ 531.799865][T13751] path_openat+0x1404/0x2cb0 [ 531.805095][T13751] do_filp_open+0x20b/0x470 [ 531.810151][T13751] do_sys_openat2+0x11b/0x1d0 [ 531.815391][T13751] __x64_sys_openat+0x174/0x210 [ 531.820913][T13751] do_syscall_64+0xcd/0x490 [ 531.825964][T13751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.832583][T13751] [ 531.832583][T13751] -> #0 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}: [ 531.841208][T13751] __lock_acquire+0x12a6/0x1ce0 [ 531.846609][T13751] lock_acquire+0x179/0x350 [ 531.851667][T13751] __mutex_lock+0x193/0x10b0 [ 531.856808][T13751] process_measurement+0x7e0/0x23e0 [ 531.862562][T13751] ima_file_check+0xc5/0x110 [ 531.867711][T13751] security_file_post_open+0x8e/0x210 [ 531.873625][T13751] path_openat+0x1404/0x2cb0 [ 531.878763][T13751] do_file_open_root+0x322/0x610 [ 531.884252][T13751] file_open_root+0x2a7/0x450 [ 531.889482][T13751] kernel_read_file_from_path_initns+0x189/0x260 [ 531.896455][T13751] _request_firmware+0x744/0x1470 [ 531.902022][T13751] __async_dev_cache_fw_image+0xb1/0x340 [ 531.908193][T13751] async_schedule_node_domain+0xd1/0x120 [ 531.914372][T13751] dev_cache_fw_image+0x38e/0x490 [ 531.919936][T13751] dpm_for_each_dev+0x5d/0xb0 [ 531.925341][T13751] fw_pm_notify+0x81/0x150 [ 531.930317][T13751] notifier_call_chain+0xbc/0x410 [ 531.935893][T13751] blocking_notifier_call_chain_robust+0xc8/0x160 [ 531.942946][T13751] pm_notifier_call_chain_robust+0x27/0x60 [ 531.949324][T13751] snapshot_open+0x218/0x2b0 [ 531.954460][T13751] misc_open+0x35a/0x420 [ 531.959515][T13751] chrdev_open+0x234/0x6a0 [ 531.964483][T13751] do_dentry_open+0x982/0x1530 [ 531.969816][T13751] vfs_open+0x82/0x3f0 [ 531.974438][T13751] path_openat+0x1de4/0x2cb0 [ 531.979947][T13751] do_filp_open+0x20b/0x470 [ 531.985011][T13751] do_sys_openat2+0x11b/0x1d0 [ 531.990249][T13751] __x64_sys_openat+0x174/0x210 [ 531.995675][T13751] do_syscall_64+0xcd/0x490 [ 532.000741][T13751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.007179][T13751] [ 532.007179][T13751] other info that might help us debug this: [ 532.007179][T13751] [ 532.017595][T13751] Chain exists of: [ 532.017595][T13751] &ima_iint_mutex_key[depth] --> cpuhp_state-up --> dpm_list_mtx [ 532.017595][T13751] [ 532.031383][T13751] Possible unsafe locking scenario: [ 532.031383][T13751] [ 532.038849][T13751] CPU0 CPU1 [ 532.044399][T13751] ---- ---- [ 532.050013][T13751] lock(dpm_list_mtx); [ 532.054193][T13751] lock(cpuhp_state-up); [ 532.061238][T13751] lock(dpm_list_mtx); [ 532.067936][T13751] lock(&ima_iint_mutex_key[depth]); [ 532.073337][T13751] [ 532.073337][T13751] *** DEADLOCK *** [ 532.073337][T13751] [ 532.081490][T13751] 5 locks held by syz.6.2321/13751: [ 532.086708][T13751] #0: ffffffff8f303688 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420 [ 532.095300][T13751] #1: ffffffff8e484768 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 [ 532.105706][T13751] #2: ffffffff8e4c4bd0 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160 [ 532.117959][T13751] #3: ffffffff8f519108 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 532.126902][T13751] #4: ffffffff8f513b08 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 532.136282][T13751] [ 532.136282][T13751] stack backtrace: [ 532.142199][T13751] CPU: 0 UID: 0 PID: 13751 Comm: syz.6.2321 Tainted: GF R 6.16.0-syzkaller-11741-g5998f2bca43e #0 PREEMPT(full) [ 532.142247][T13751] Tainted: [F]=FORCED_MODULE, [R]=FORCED_RMMOD [ 532.142259][T13751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 532.142276][T13751] Call Trace: [ 532.142286][T13751] [ 532.142296][T13751] dump_stack_lvl+0x116/0x1f0 [ 532.142328][T13751] print_circular_bug+0x275/0x350 [ 532.142366][T13751] check_noncircular+0x14c/0x170 [ 532.142406][T13751] __lock_acquire+0x12a6/0x1ce0 [ 532.142450][T13751] lock_acquire+0x179/0x350 [ 532.142486][T13751] ? process_measurement+0x7e0/0x23e0 [ 532.142531][T13751] ? __pfx___might_resched+0x10/0x10 [ 532.142563][T13751] ? process_measurement+0x7e0/0x23e0 [ 532.142604][T13751] __mutex_lock+0x193/0x10b0 [ 532.142634][T13751] ? process_measurement+0x7e0/0x23e0 [ 532.142686][T13751] ? __pfx___mutex_lock+0x10/0x10 [ 532.142715][T13751] ? __pfx___might_resched+0x10/0x10 [ 532.142744][T13751] ? find_held_lock+0x2b/0x80 [ 532.142771][T13751] ? down_write+0x14d/0x200 [ 532.142807][T13751] ? process_measurement+0x7e0/0x23e0 [ 532.142849][T13751] process_measurement+0x7e0/0x23e0 [ 532.142898][T13751] ? __pfx_process_measurement+0x10/0x10 [ 532.142944][T13751] ? find_held_lock+0x2b/0x80 [ 532.142971][T13751] ? fscrypt_file_open+0x47c/0x590 [ 532.143022][T13751] ? __pfx___fsnotify_parent+0x10/0x10 [ 532.143050][T13751] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 532.143086][T13751] ima_file_check+0xc5/0x110 [ 532.143128][T13751] ? __pfx_ima_file_check+0x10/0x10 [ 532.143173][T13751] ? vfs_open+0x2e3/0x3f0 [ 532.143215][T13751] security_file_post_open+0x8e/0x210 [ 532.143247][T13751] path_openat+0x1404/0x2cb0 [ 532.143284][T13751] ? trace_kmem_cache_alloc+0x28/0xc0 [ 532.143327][T13751] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 532.143360][T13751] ? __pfx_path_openat+0x10/0x10 [ 532.143393][T13751] ? __asan_memcpy+0x3c/0x60 [ 532.143423][T13751] do_file_open_root+0x322/0x610 [ 532.143460][T13751] ? __pfx_do_file_open_root+0x10/0x10 [ 532.143509][T13751] ? vsnprintf+0x318/0x1160 [ 532.143535][T13751] file_open_root+0x2a7/0x450 [ 532.143570][T13751] ? __pfx_file_open_root+0x10/0x10 [ 532.143604][T13751] ? find_held_lock+0x2b/0x80 [ 532.143631][T13751] ? kernel_read_file_from_path_initns+0x17a/0x260 [ 532.143683][T13751] kernel_read_file_from_path_initns+0x189/0x260 [ 532.143727][T13751] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 532.143770][T13751] ? trace_kmem_cache_alloc+0x28/0xc0 [ 532.143814][T13751] ? _request_firmware+0x503/0x1470 [ 532.143844][T13751] _request_firmware+0x744/0x1470 [ 532.143877][T13751] ? __pfx__request_firmware+0x10/0x10 [ 532.143906][T13751] ? dump_stack_lvl+0x1a3/0x1f0 [ 532.143936][T13751] __async_dev_cache_fw_image+0xb1/0x340 [ 532.143967][T13751] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 532.143999][T13751] ? mark_held_locks+0x49/0x80 [ 532.144034][T13751] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 532.144079][T13751] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 532.144111][T13751] async_schedule_node_domain+0xd1/0x120 [ 532.144146][T13751] dev_cache_fw_image+0x38e/0x490 [ 532.144173][T13751] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 532.144202][T13751] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 532.144228][T13751] dpm_for_each_dev+0x5d/0xb0 [ 532.144271][T13751] fw_pm_notify+0x81/0x150 [ 532.144312][T13751] notifier_call_chain+0xbc/0x410 [ 532.144347][T13751] ? __pfx_fw_pm_notify+0x10/0x10 [ 532.144394][T13751] blocking_notifier_call_chain_robust+0xc8/0x160 [ 532.144435][T13751] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 532.144481][T13751] pm_notifier_call_chain_robust+0x27/0x60 [ 532.144521][T13751] snapshot_open+0x218/0x2b0 [ 532.144554][T13751] ? __pfx_snapshot_open+0x10/0x10 [ 532.144588][T13751] misc_open+0x35a/0x420 [ 532.144631][T13751] ? __pfx_misc_open+0x10/0x10 [ 532.144674][T13751] chrdev_open+0x234/0x6a0 [ 532.144716][T13751] ? __pfx_apparmor_file_open+0x10/0x10 [ 532.144762][T13751] ? __pfx_chrdev_open+0x10/0x10 [ 532.144799][T13751] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 532.144834][T13751] do_dentry_open+0x982/0x1530 [ 532.144867][T13751] ? __pfx_chrdev_open+0x10/0x10 [ 532.144906][T13751] vfs_open+0x82/0x3f0 [ 532.144949][T13751] path_openat+0x1de4/0x2cb0 [ 532.144986][T13751] ? __pfx_path_openat+0x10/0x10 [ 532.145023][T13751] do_filp_open+0x20b/0x470 [ 532.145055][T13751] ? __pfx_do_filp_open+0x10/0x10 [ 532.145100][T13751] ? alloc_fd+0x471/0x7d0 [ 532.145133][T13751] do_sys_openat2+0x11b/0x1d0 [ 532.145175][T13751] ? __pfx_do_sys_openat2+0x10/0x10 [ 532.145225][T13751] __x64_sys_openat+0x174/0x210 [ 532.145268][T13751] ? __pfx___x64_sys_openat+0x10/0x10 [ 532.145320][T13751] do_syscall_64+0xcd/0x490 [ 532.145350][T13751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.145379][T13751] RIP: 0033:0x7f2b5658eb69 [ 532.145401][T13751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 532.145430][T13751] RSP: 002b:00007f2b57374038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 532.145456][T13751] RAX: ffffffffffffffda RBX: 00007f2b567b5fa0 RCX: 00007f2b5658eb69 [ 532.145475][T13751] RDX: 0000000000001001 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 532.145494][T13751] RBP: 00007f2b56611df1 R08: 0000000000000000 R09: 0000000000000000 [ 532.145511][T13751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 532.145528][T13751] R13: 0000000000000000 R14: 00007f2b567b5fa0 R15: 00007ffead6c1b08 [ 532.145554][T13751] [ 532.724025][T13751] (NULL device *): loading /lib/firmware/regulatory.db failed with error -12 [ 532.761833][T13751] (NULL device *): Direct firmware load for regulatory.db failed with error -12 [ 532.787189][T13757] netlink: 'syz.4.2323': attribute type 17 has an invalid length. [ 532.805735][T13751] (NULL device *): Falling back to sysfs fallback for: regulatory.db [ 532.876329][T13757] netlink: 326 bytes leftover after parsing attributes in process `syz.4.2323'.