last executing test programs: 11.094233718s ago: executing program 2 (id=2361): bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x9, 0x21e9, 0x7ff, 0x6, 0x2, 0xb, 0x2e, 0x0, 0x3}, 0x6f4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/bus/usb/003/001\x00', 0x11a001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x100000001ff, 0x7, 0x3, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x5, 0x62, 0x80000001, 0x5, 0x5, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) mmap$auto(0x0, 0x9, 0x3ff57696, 0x17, 0x2, 0x8000000000008000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev0\x00', 0x0, 0x0) mmap$auto(0x200, 0x5, 0x200, 0x1f, 0x2, 0x8000) write$auto_ucma_fops_ucma(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000000080)={0x4, 0x6b4, 0x6000000000000, 0x4, 0xfffffff9, 0xffffffffffffffff}) sysfs$auto(0x2, 0x20, 0x0) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto(r2, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2b, 0x1, 0x1) 9.955353502s ago: executing program 2 (id=2366): mmap$auto(0xcd, 0x400005, 0x12, 0x16, 0xffffffffffffffff, 0xffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x8, 0x400008, 0xdf, 0x111, 0x2, 0x8004) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd6\x00', 0x3a3c02, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x3) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) capset$auto(0x0, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) mmap$auto(0x0, 0x1, 0x7fffffff, 0x44eb1, 0x3, 0x300000000000) ioctl$auto_SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x4c04, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, 0x0, 0x67) mremap$auto(0x0, 0x7, 0x3fd6, 0x0, 0x1ffffffe) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) socket(0xa, 0x3, 0x3) select$auto(0x3, 0x0, 0x0, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) getpid() select$auto(0x9, &(0x7f0000000140)={[0x2, 0x8, 0x9, 0x5, 0x3, 0x4, 0x6, 0x9, 0x80d, 0x9fba, 0x9, 0x4, 0x5, 0x6, 0x3, 0x401]}, &(0x7f00000001c0)={[0x0, 0xd761, 0x800000, 0x1, 0x7, 0x10000, 0x80000000, 0x3, 0x7fffffff, 0x3, 0xc, 0x89ff, 0x8001, 0x5, 0x8001, 0x3]}, &(0x7f0000000240)={[0x6, 0xf4, 0x3, 0x5d, 0x4, 0x10000, 0x577, 0x6, 0x7, 0x3ff, 0x600000, 0xce10, 0x5, 0x7, 0x9, 0xfffffffffffffff9]}, &(0x7f0000000000)={0x2, 0xeb50}) 7.317281012s ago: executing program 0 (id=2372): io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0) ftruncate$auto(0x3, 0x700) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) madvise$auto(0x1ffff000, 0x7, 0x100000000) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) madvise$auto(0x0, 0xffffffffffff0004, 0x19) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0) readahead$auto(r0, 0x6, 0x9) close_range$auto(0x2, 0xa, 0x0) socket(0x10, 0x2, 0xc) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) mmap$auto(0x0, 0x400008, 0x9, 0x9b72, 0x2, 0x6) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x402, 0x0, 0x1, 0x0) open(0x0, 0x163340, 0x2a) socket(0x2a, 0x2, 0x1) ioctl$auto(0x3, 0x5411, 0x10000000000402) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/tx_queue_len\x00', 0x80302, 0x0) sendfile$auto(r2, r2, 0x0, 0x2) 6.34679434s ago: executing program 2 (id=2374): close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x20e02, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x6dea, 0x5, 0x9, 0x17, r0, 0xfffffffffffffff8) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f00000089c0)='/sys/kernel/debug/netdevsim/netdevsim1/max_vfs\x00', 0xc798ee72cfbd85fc, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xf, 0x3, 0x2) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000180)='/dev/cec18\x00', 0x1c0, 0x0) openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000002440), 0x80c02, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2164, 0x8000000000000000, 0x0) write$auto(r1, &(0x7f0000000400)='\x05deo1\x00', 0x100000a3d9) close_range$auto(0x2, 0xa, 0x0) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bond0\x00'}) socketpair$auto(0x1, 0x3, 0x8000000000000000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc) close_range$auto(0x2, 0x8, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x34d802, 0x0) socket(0xa, 0x3, 0x3a) 5.599309798s ago: executing program 0 (id=2375): openat$auto_percpu_stats_fops_(0xffffffffffffff9c, 0x0, 0x200, 0x0) mmap$auto(0x0, 0x10000002020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(0x0, &(0x7f0000000080)={0x5, 0xffff3155, 0x3}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x280303, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r0, 0x0, 0x8010) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x1}, 0x8) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x2c, r1, 0x13, 0x70bd2c, 0x25dfdbdd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x1}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) mount$auto(&(0x7f0000000000), &(0x7f0000000080)='}[,&*}\x00', 0x0, 0x339, 0x0) socket(0x2, 0x1, 0x106) pipe$auto(&(0x7f0000000500)) flock$auto(0xffffffffffffffff, 0x9) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r4, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000000c0)=""/228, 0xe4) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x183440, 0x0) 5.117561043s ago: executing program 2 (id=2378): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) socket(0xa, 0x3, 0x100) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) pread64$auto(r0, 0x0, 0x801, 0x2) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) mmap$auto(0x0, 0xf, 0xdf, 0xeb1, 0x401, 0x4) r1 = socket(0x2, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/pids.events.local\x00', 0x103042, 0x0) r2 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x4c2801, 0x0) lsm_set_self_attr$auto(0x3, 0xfffffffffffffffc, 0x1f, 0x8000000000000000) syz_genetlink_get_family_id$auto_batadv(&(0x7f00000002c0), 0xffffffffffffffff) pipe$auto(&(0x7f00000000c0)=r2) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x1f, 0x940, 0x1ffde, 0x3, 0x6, 0x8000003, 0x9, 0x5, 0x0, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x205, 0x7, 0x800000, 0x0, 0x0, 0x3, 0x0, 0x9, 0x0, 0xfffffffd, 0x7, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14]}, 0x7, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000000b68a778e57ad4d7b1276b36d22dd4e20b75fd00a29354934af42251769717bc781b75e5c768714d9f603861590947993dbf42446b24e97be4192c7aee32c48efa87b6926ab6c1e23e8eb697fe41399ac88a9a5449a26215dfcee813628caf80d5885be5ebba80629e65528b1000b0d3fe252637e1121df7d03ab27109603c91b6c252dd3c84eda0f631d", @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0xf, 0x800, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x19, &(0x7f00000000c0), 0x0) 4.748786415s ago: executing program 3 (id=2379): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x1d, 0x2, 0x7) setsockopt$auto(0x3, 0x6b, 0x1, 0xffffffffffffffff, 0x4000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(0xc8, 0x0, 0x40f6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x80000000, 0x5f, 0x80000001, 0x7, 0x6d3f, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x4, 0xd, 0x1, 0x948b, 0x8, 0x15f4da0a, 0x3, 0x3, 0x62, 0x5, 0x200, 0x6d3e, 0xc, 0x80000000, 0x3]}, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, 0x0, 0x4044820) capset$auto(&(0x7f0000000040)={0xf, 0xffffffffffffffff}, 0x0) msgctl$auto_MSG_STAT(0x1000, 0xb, &(0x7f0000001480)={{0x4, 0xee01, 0xffffffffffffffff, 0x9, 0xde98c2a8, 0x80000000, 0x800}, &(0x7f0000000080)=0x3, &(0x7f0000001440)=0x35, 0x5, 0x2, 0x2, 0x4, 0x8001, 0x6, 0x3, 0xf801, @inferred=r4, @inferred=r4}) shmctl$auto_IPC_INFO(0x7, 0x3, &(0x7f0000000100)={{0x5, r5, r6, 0x588, 0x4, 0x3, 0x7ff}, 0x4, 0x4, 0xd81d, 0x5, @raw=0x800, @raw=0xffffff81, 0x8, 0x0, &(0x7f0000000440)="7692d65803631b3f903cbf16ace00f81e4e5d44a1e061d1147a671868d318ec5f009a64689c74268bcd4fc631b235d8b22a0ebf84f34183cf80440be9ab2eba31c136c8ca968e7300aa43fde879e793de780e7ce84af66afe950aa69d8d137305d357e835a9670d766dc3f5d70dee5c49026c82e9c762c0f4d13fa5113e4eee4080f6535b74c1be573b6f7d9c2b1c759f226a6e5c4cd535cf2ffeb8a75e70ebb95f7cb729bd9d5d23cfa8cd7d3518828a4b781238ebcf3115ff9014862dc506526152b313ea0d459da6cd64a12cad4d598985da85c3f653732cd93c1c2c7b3e59cf9eda1c2a7c9673bf0eb1242cbbff27f4cfd0f9a9c4b46ae43afab730e14272e5e72e0b2e80549bfc960e090ec5f359e575d73bd04e1039ee334a7766118b6afbb5a71ed07eac251038724d1bb7dbf469c1452e192b51e601929917135f08f7b549371686503b88955236071918338f6d1fedd93d91f29a19218b9900c4fc5dae935546aa37c1c41197795c78863afd1d46cc3e37aa1b68f83d021b303d942d966c3aedea5141390ed5bc2f4527bd71e3b7061bd3ef5739e1b7b101aca08f2b0d5e579c357bdfef093c6a7fab263d13ad27a2a7f5bf67a5881fc6319d1f9235747d59d4d5ab1bc174f3e95486a28f2c7a64b6007d7d24a70c1990ae91147755563424614d62e2b8ec311e53f4f5c01cdbe90a4d590c8927be16bc37c0731309f7d1d35100ad5c2b41af544f549f99cecdbe95eb318be9c5ad6ef8188f3cecdcc1d6cf0293eb5be01717a7d4bd500141dd8aa5bbf606cf243cb6b3e1baafbbad670b6b57c468644f3308800693ff9c4b06a97b1c77e3f9c87cb4316e1e447facbcd2a0140af18b06561a8c49aa08d33aaaf33535b87b4c4c3b39f05c6564d54b9781af58a25e35d8b8be6ec44118ffbe3c45e12e2f7e20c18d0abf675dff697eb8bc81acaa56fff18ddfa03af9307ef7298a469292906a74f9bfc9e7831e3c007b955d4c0f0325d5798de6d41ff96894a207672137a69ffd012a15279364f30022cdc03ac22bd4601689a5cbcb16b399cfb4906136833202a794e86cc4d0af2f898312c7eaa62048c07b83e150430d6e721a0acf1031c35bbb563572045af1fb1170d28fe887199093020014c5cc8676529c5c9308e75e78b95323d44febb9d0d0b7a6c0388c8a7e32fdead09da9c7b06d3805051c88c3587a3dcfc0f7e662722224b4a99cdc7ff65e8acd302401ae5512840e80622b3b69399091f25b3563def0420215a454a06c84ad771c0431593f0cdcafb8840444476b41c582235a00a507736c778e5af6c623b311d88f818ec69e9685bf3eace119130978a10ff59e2d9a7ed0e0da54648c0c630c427dce1b494737c384f62a7c2e027b991711a4270f00dce5418288dfaec2cd495a5f40e6e6b738e9941a1965b627d79b527c4a31b0f81750c5ed16624b3f12148392f1f45c472c3b0877425bb85896ad2100e27881ebdbeee06a3c03484f94aacc2483877c6fd7814ffd0d2e25aa33a0a1393d21ecaa86fd99f5eb903ab9c7a718ca1ff885b9daf4ffdcb1b43884ff25ab53b0a3cf82409915b278a414f7de8d146081a53030b80fe62586a22d5546a34c7d00de602be196926bbe0b4280e1754f525c774169a60e081c7388ed23388f21bbcfeeb04a68346420f853874ffb585981bf95075e728fe45b7813637a6511202cff2e3b994eaa80b0c9a33723af4322a9e3304910dfb4895c26a09fb60cbf71a74309b2caf69075e32c0324dc714fda3001625354e1fb04bfa35a5ca972349759b8cf9f9338d583eb1a0ae395c8128492fb415b4b4eb9e366478b6bfb0909a7a1cf026fe194784a1bad27d5363f6acd1a79872a99430d26870a29146254cc3e311793aa3a2002537bc16d44bf400f6bb7ecd6f1a14af8342d37fe37df92347bf9693f8208dc92efa60d0a84a418d085ee611f25d98d1fa95775c46f6b2d40917f627cb6b10337e86d4f17352f656b6918f37730fc88749f89ba36c495a4b5b53b0c3d57f900664694a6e1bbdb0e192ccb83805bf85f7d40ece440ddb50fcc403ff431b73c031c2cb0db6e71fe37954531db5440cf97cf1cbbec32dcd7b591ae581db2209b22e568de0c83254d2d28c3a30082168f7abf248a27737e76a1f3633430b669c6b169896fb6697e1fbb5ab428d87f6e3618f81420dc232dfd0e69128a2118ebda1c2f9447dac397def74b7765bd1849a7a5296e6487cb2a50df567c71317887f77e948fbf66a8ebe1bbaf1b8f17fe4ae313c42c6ce187852c4aa27bb5e9addf08f210d54a8f733d59f425c77dedb576ae43e51a31f1b5532b4139e16866f2fb01c87d89d56ace13f415e97514f6dedc9e325334f59b74c168c00694a64ae021b7fa227a8b19f4e09c4cbd8fd53381f722fe0042f848df76bb00b97cdd7f43029c81653fc9910948ac42243cc1e524627f4bf941a352f8c3c891840246003b8032563a3acab73eb3be4d04e3fadf6f2bc6992b01dc66e9b65dcc4ed49391c0cc8eb3ded01cddaeb379cf0b8522c94804ec46a5b4f18329e3e330eb77b3571408ace0a9b8edd41346cd303112f5ba7a39bb8e958bbae87a89a48e68e2ba7f7fd340481b0c9a67ac97ab90b9867dd394cd79f283542309b3526e1652f8c45eb79183b8a7bf3677d52d5d3edf3566f744e91dc2e5871cd5fb6e36539bc786705d970b268df0b759c6fb92861e545aff818c3e0efef483fe7f3068b0541a8ca8a1090c9085df0662e02411683bce818d3c817ca02e4fa27951d482c0c8b6f904b59ac3c5dda64002dd739f9b8697edeca51c9fbc3accb59df07465ecd3939f4eabd575b7246680ca98183923faad05cd413808b6e5b3f5018bc45874023fe03827583c3cefcfa8ce12b4c476e90a5813fdc92c0c04cbc46dab63c3461f4b7954808418086366906ff5182b88761d4307a7d3a07bfd559510a0eb0c5ede8920b7eb055ca0f773884e0db7a6cd521bf33c860f4e0f6c95340de61349aef3edc7243d6b8ed37bf30a9c87d31dc8da8bd133bcfdba8bdcd88b6995c22bb64159668fd31ef54d672d51e07dca5571cb01849ec9f54c2484e278727417daf9028f95d377890ac29eae5b3cea60ec17cbe3328af3842cc0ccf2b09df80c6eb3e3e1a82f5c45739d7578df15b6abc8b8883694be7b63eea8d00f980555f8c4c97cef0ed0d7a6e50d36002773a1e48a5f61f88a6e1b3a17d8fc29f1f59c00e84fc890f7e5fef9322b2160cde9f218111603d763722f4a563c8fe8187844ddb57de3b679ab269a5a913bde5ccda647a5f772e1209db6ffc0014a16b98923bda9bf9acc2d8e87da29daa6c81cd3c46f380132d9588fd3b1ae87a2d3da61f46b83f5a1f5bdb40904b32cdf8962d2c15fe2452416b71f3929a224986d7624706b1409308dd2e53c69de5434baacaeb053026cc94703d0b99ead9ad91215cc7a2258ce64857104721a3d57311f5a151a2fa8848f80533a90e17b8e16b1a81e9f58774f108031fa1c874cc470037a85bb453b3df94ae8ed087a185914925eca73fd0f64801eb6f255868a6c9987696f00f88ed32dd7de906d05b5d3f1ba0e96a41aa4ee79fea13b7717daada7f28ce229ad79240e4a1e24677ba9506ad3ea2fce84d8d9dd0cdc291ce31023d2cfeae5fbd4693c15c1a31ec7b646855de16c4d321c34898b022fcc733cb6f467dae151a15ce1a45c90997ec690911f9e9bd998982ce34a4123117fe80fee8e575ba1fd26b8d27cf00a19ab7d2500c7e893e71e469495f1809d6b37934122158b28cd6b4cabe38a2683957ac8ecd5dbb9d9cb5d89bcb1e0e5f9fefed6163fa51e5150138410ffbaea57c1f703c019a9ec652d403853ceac7246b490962fc4e781215e3ff1bd1141caf1c3eee7d713199d0b7d1057e6fb8c975fdacc0c0dc77f867682dc84d96eca6614ad70e791bb0f5f01f9ed86dbe18152c3ab561967d844725cf6f8f7902270c1bc7994bfa3e8a790688074ee88515d05b6797a69eb092ed939f9a0cb973d611061bb578cfb9be0337ad530eec0add62b14a27ac5acb37c9575551e31cc6ba67215704b068b05a32e69d07d52999caa4544868867f8bbb2806c85cbb0b942f711a4a530ca3e4c7e666fd3e6caec26b63379a53035d7b63ca635618d65fc8c08d2b13b223763526c3c44b1f128e65b7e5654022d54e2c78ca3d6ad9fbcc1cdf4ba4e89d2a084ade278f8c3448f080691a0981bcb0bb6ece9235f47ee901aa8e2b32965edba48545d54f745ce9b05b641dfadd70058c62b47d449aa2d735a43c4c3ab30846ab9a890819c42fcfedda7d34fe7192f9b24f8ec2eb927140d3f606101b5fe4c4784f5ef062a6b96417edf430103a6962c0c6868ab1afe4bba29c64aa7fea371f482442dc138047d9ddb0bbd7fc75410ee17682577ace9d6396d93cbbe09b50f708b70b536a41c0928d6bae5951340f762d138bda5ab4bfa1acbbdaaf46378fe04115926967a8c544089831ff3fdddc223da621f4e4145cfbb34183c87d6986ce68c6d042e1272a3a9aa76071b028dae5eee67ca472d96635e0a9aa81eefc2d8bde5f256287d7f45cca00c0f17dbce61d29f02f53e1af5fa0d5175069bba4398f01c8ed58d1a7d9e73360c39702e61093eec5def862262826a8e8fdcd565289fed3e91e521af9733ea253b39cec29a06aaaa5eb6f1d1bfc71dee88822b01ee1cefa4cee5514bf95f67cbebd2b7b646846c0c7c7700545a6d4352c0aa34c4f28e6d3f260564182b4622b5b66daa72caaf8fcbf1daa4540489570c9561c21d484bb29926b737718a70b21aeef68f696fce7758cff3023d9d13995b578c921eb8009b4b78d92626203a827c18c3516dede2e91d303260901b57fb8dea9381bf555abdcfcaa59a13822480590a43512a416e09a9f8f2798320b4600540e82c9b4d843964818624179ae8fcfab4dffca5783ac169a882c2be492fff0f972db3cd1c98a02f0d795511f1c0d62417a88030fa8960a659351afea7e38aff4eeeeaab50986c81489a2448238b78c60ce620e7828d82a4bb45bbdf3f43f5b819f57848953a9b588cc7bfc5263ecf2480392a36dce9d3dc8df244993a996a10beaf0c1da400ccb069c17e5622f562f9a490481bc54b549886fa4f1e459ea0667a7a08db072559285c7376e7410366fedfe548eb4cd360ab7545705e8587a0128bf0ac7da5a7537d37d61d7dc3de8278ae588048b4d40d03a423e41471ea5458c6b0c1f4efd2652d3b016a650db922f73b5a5ae5c0337225f5424273f9bb922424c85d0629c1e98a6f2f96958c599b2afad60b6d92a055621227217001b5a4aa95b94375937c4c1a904efd4f1289b9821f8b1b918f3073123e4bbaaad1bcf4fe609f7f18ade105cdba77479d92418df10669e16859af76d44b9fb7cabb7196037e1bc5e3b03063850ae3b33b250be401b731c146ba77c99e4dcae2a5bf2390442b1bf36dcfccf662b21b1cb237bdcf764a3ecd6d16d2ed2a9feff3d0e89d73f2d68a0570bbb279e67db899e6422fb3db90494c92e1a1cfb7ef5e5526ae6ee1ef80faf726f82c783f80d69179bdfd538bf533b6f30211a3cfe4482a77eb07314322d32d72d712132319183c0f6a94900ab661238ca47fae6707ef556efe54b5c8690d77a32172cc98ed2cb3ccf4abd6811ab421bcd4a11aa98d615d33a925b4e2a79cf4b37e2debde3b385d51aa9431cd7df72721587c898c4cf0df08a70e179425a13a60fc4d004db7d85f4cdf62160f31c1b9c", &(0x7f00000000c0)="3fa784"}) pidfd_send_signal$auto_PIDFD_SIGNAL_THREAD_GROUP(r1, 0x0, &(0x7f0000000240)={@siginfo_0_0={0x7, 0x9, 0x5, @_rt={r4, r7, @sival_ptr=&(0x7f0000000180)="2f52efc8304085a7fa752b3a87c4ae37ac14e2e71aa1c07cd91fc5b240b8b2f7b0edddf5a96c707a2dce4769557a7ecab5cede730735f97cd19c495b2bd1e6534ea1df5836435b4c438175c515380d8f76197fe3e67352c3987d93a47d7ddc11881d1dd7d0a5c7f9f238b657d836218ab31c410cc090631c57fdc03280e022af1416b03ced20d9152ae5d6d4e00e5e37aeef"}}}, 0x2) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) getsockopt$auto_SO_PROTOCOL(r2, 0x1, 0x26, &(0x7f0000000380)='\x00', &(0x7f00000003c0)=0x100) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000340), 0x200, 0x0) sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, &(0x7f00000019c0)={&(0x7f0000001500)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001980)={&(0x7f0000001580)={0x3f0, 0x0, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_COLOR_CHANGE_COUNT={0x5, 0x12f, 0x4}, @NL80211_ATTR_WOWLAN_TRIGGERS={0x2e4, 0x75, 0x0, 0x1, [@nested={0xe2, 0xb2, 0x0, 0x1, [@generic="e3cb8d3fd315a9a03e1230e259c7667d4acdd42d96276a025c899b8c5c6b1e6bee7ed2e2729656c227c7b47c7dde537ae25b8f2702511b69ffd1e9d104fe19e6051da7ca6576eb1fb767f8ffb4e39d4a2e1c46f4f0615ab0a1d794b3986cbaa1937c48ec8f8ae187265909c648ef64eeb9c386a7d03935bdb0ba4f9606ab4fbbdff9d6", @nested={0x4, 0x25}, @generic="874285ba52f67b2176a615bde91f854bf8b92ca44e9836f41697fcc989062b2ea435ae18e7f46d33025b73e75a3e2522d61915d52e76c5522e4c94492b23763ff4d4df5adbef48ccf4e70676908545", @typed={0x8, 0xa2, 0x0, 0x0, @pid=0xffffffffffffffff}]}, @generic="9f0a144c812e8feb642784801edc7814366b499a5b8b5bb24ee4c229b05dec1132aaf056d5a6a66fd1518c3971cdcd699a7049040bbe90c345070dd6e942ed3c285a6f90d9228d16850dcaa2e42e6fe1d6bb10fe9cd7c8f0c72a558561b6c634dec5b8ea06f2fa8008802b55f3f33a8a7b44a24f47d941b54a11e30fe7e7a207b4d8460315a6f32318ec2f3538e23f2186894b5662958a9650c6d24450da581ffad62a391c71e3585a4e28dd41ca9afdb39b3626cce3d337a9d8f4954de01cdb61d130c24194671ed910957a615d29c50120c3bc008910f0bffc678f8af830a3cecbc8f3c6cc06", @typed={0x9e, 0x34, 0x0, 0x0, @binary="00b7f400e2a303c80285ae396cbb0bc10b9fe4999bb1feb7786028ba6b09306c2bdcee5ca508c7d448530f9bcc8b423b5ad16c2393dc0e1114909274e1db581eb633b789d1d70b9b45e4f2f02a6b7056d4aa7a2b995a1599a483783ab1c0ec96eb654586d340713a1a0e7c919bfe38dc85ed5babbc5569299a0b5705460fa712b16d6f454eddadc17c5ef5961417d1ffbb664530331df356a63e"}, @typed={0x8, 0x24, 0x0, 0x0, @u32=0xfffffffb}, @generic="7c8fb4f89137ba3bfa0f86f2d6df1cb9bb1175a042193f9c7a3cd4484ecf92868467b3f2c583202f6843356b9779b1a58320e160b765b3971ada7f51b6ca685045efea95ddd35bc749612c371d034c45a8d765707bdc013736f32bf4496b411575dd1f68eefc812e2afdd1a2b0"]}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x64}, @NL80211_ATTR_MAC_HINT={0xe2, 0xc8, "7088ef1a97460a1b03e5f4eb6e6429a74c05bdaa480f17dd4638ca48166f970b93052afcce06263c98af676a1745c50d6dc57a50aaad58c18f169223b3fce5999468e19faa907e7e1986871d89af37657cb857dc4096db161f8f4ac790065d1cddbd4b298a3741f3dd99937ad2243ef82ee56f7fa7e34a4af860f63522fa046ff7271e6d44ba097df2ee8170d8d53fdcdcd1163ac492a0f6360d7926f681779796a9d43cce789701ad6ac2361c1b7c6eac20a4c99b0c1195f048f3b9a163caa81960f2e696b5bcda2daeb3e6433857703a742f9d03258e4ebca69c35ea8e"}, @NL80211_ATTR_RADAR_BACKGROUND={0x4}]}, 0x3f0}, 0x1, 0x0, 0x0, 0x20040000}, 0x4) unshare$auto(0x40000080) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) madvise$auto(0x8, 0x200, 0x6) 4.448041151s ago: executing program 1 (id=2381): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/zram0/mem_limit\x00', 0x183841, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x200000000000b, 0xdd, 0xeb1, r0, 0x30c7) sysfs$auto(0x2, 0x9, 0x0) fsopen$auto(0x0, 0x1) io_uring_setup$auto(0x1, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x1, 0x0, 0x8004) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000440), 0x20100, 0x0) ioctl$auto_LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_REMOVE_LINK_STA(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xc1}, 0x4000) sendmsg$auto_NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x3a8044}, 0xc, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYRES64, @ANYRES16=r3, @ANYBLOB="000028bd7000fbdbdf25490000000800a4000002000015023380061748a31e9559a89a4fc849603b836e17cc1ad03c2d358b7cd98671dcce5d23f89f762f92570b697347f18346ef4250cb71b9fa43d9c5e1de71dd871f6df113cb2671f1cb1b0d163b7e91fddd9b004caf256d76bc7f70ebd40ead7e4a1dda77abc34766febcd56585a1ccc4f87709a6d3a0cc905aaa2927fc8f44c979e5efafb09ea37cd512f1a83098177aa0f2909efa3d84ee934dfbed7e0d4ff5ba59245273d073052da52bdae7de371030594c3a920526175ee507f1b12dcbfd6666653205ab0b404aa78364b908e93fe5de707725065b141aa24268fbb3f9534f4e64235b12a87b44bc4c4a9fc4c6b86cde80d40f601251bad939cd850f194b28d9ff8146805b0fe3d9b8b2962127ecb8cc2b488541601f66136480fc5d29bd9bb7b948492abe285fee16b5e0fbe0caf6c4c356d5d5e65f279a385650a40b5d6dbccc16c8262108e9796de764b942e7eba5f24b55fc37a525cd43a930261ac3fe4f64253d2c6863b0c4957b963d3d707659f7a48c2ce767f0cd23a8f0f659adcf9aacc8004a485e48002a1e511aff423af9082b89855f98218ffbf94478b42e64d23973aa862f33be95b2a26c33120ea700c2c51130a2cabbd5e21a8f75755c9836c67b1f800e847f28850493f1488e1a299f111a063bf1386c570adb51caee0d88ad9a639a69b986e411eec9394f3886dc205db362e7647de5dfc919cbded6063aba8bbf4d60836b2bc5d8b2b8e0040001000000000600ed0009000000060096000700000004008b000600fb00ff000000060066004e2200000000"], 0x258}, 0x1, 0x0, 0x0, 0xc814}, 0x10) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) io_uring_setup$auto(0x6, 0x0) r4 = socket(0x11, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmmsg$auto(r4, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000040), 0x10}, 0x2, &(0x7f0000000140), 0x7, 0x1000}, 0x5}, 0x2, 0x101) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x89fc, &(0x7f0000000000)={'ip_vti0\x00'}) shmctl$auto_IPC_SET(0x6, 0x1, &(0x7f0000000200)={{0x8, 0x0, 0x0, 0x7, 0xffffffff, 0xd, 0x7}, 0x5, 0x6, 0xffffffffffffffff, 0x80, @raw=0x1, @raw=0x7fffffff, 0x2, 0x0, &(0x7f0000000080)="aa2287a8ec64da406e90ed89f582154de39d72ac4a4a75854f6dc9bc1a70b69420ae9a61e9422453c08e1b91b0b0827ffddc4822114e0d6444557454fba8aed231851686396d71d6bc52606b147f34b31cbbe6bf6605c45dce13d40978b1b38bcfa9c11fd0324ed9b0943a429a214bb25047b5db845513bc264210a8135d2e0569678865e2c361c737d4781f5f25daaae58a461226fa9bd0efdf204c59d86c0ff907ea294fe60798c487c98557ff321c882bdcbef079201e5fba173c4ee7ee4bdf94511833c28ccbcf9ec80431c421926df429416ea96007fe7d0f281b1ab7107cfefec850f34556", &(0x7f0000000180)="6cd439e5f6a80324b3f8d97153cc87f9752f04cfccf7de920926d446295399c9c2e3861d6bcd408243b9c176b925c1b19602a39b2c8a6beb44ea80d76d86e57e6ed9d14829e56be13331688e197413c7ac00bfdc33983c731571e0b10c7969452d792a27cefbf8"}) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000740)='/dev/vcsu1\x00', 0x248002, 0x0) r7 = getsid$auto(0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:2\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) bpf$auto(0x18, &(0x7f0000000040)=@raw_tracepoint={0x0, 0xffffffffffffffff, 0x0, 0xff}, 0x92) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(r1, &(0x7f00000006c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000680)={&(0x7f00000007c0)={0x37c, r3, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, "43893830e7607fa979ef62e26084dc630c92e787bf2b59b5a479"}, @NL80211_ATTR_ROAM_SUPPORT={0x4}, @NL80211_ATTR_IE={0x120, 0x2a, "e3d81adc21e5f734e36d23ee0c0bbef416b1751e0353bec03a3a5defed106ad7466242a68aa9acbebea54facbfa410a09fc96a64ec9254b5ca996af700a43745d14ea93be5e8e93cdb58478147ba482e086d30ac685e9f9d8a564446b089e530af2fbea65f072817fd9a1faaad32cc551274a024a340367f43ed7d1a1446d8c91ce3cf414e46bbe5ad51494780d09d2758e3001445493e09777b55c0e10573716743690777111b447aa47dda09b023695c0c99f04f3a04f354aaa991420455fe1a3820cdcab73121abbd5847f7586bde9dfcd7230edf8b41e3db5eec29078dbc85d461e9ce0cf265a188abc84dfec3eb3b4e5a36716fc29aa6bd9ce29d0168767efb5fd5bd76d1168d2e824ccafd395a69a64136e092134f5c5e9125"}, @NL80211_ATTR_FILS_NONCES={0x44, 0xf3, "117923f9b41b68a49f523413988ff1c3522dd1549a141cb413750a8f9f0889e4412d3b5823378a4abf7b1398cf141133597c4d3f9273511e1217c6c5b1fd020b"}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x1e0, 0x6e, 0x0, 0x1, [@nested={0x145, 0x144, 0x0, 0x1, [@nested={0x4, 0x135}, @generic="570831338fff05f7fdac1043ac86b252c60742f748679c", @nested={0x4, 0xd5}, @typed={0x100, 0x111, 0x0, 0x0, @binary="927db3efb1ca78a2e23ed6524c014a220494c0766717b5ba8f5dd472f7903bfe1f0ab7287b80991c5f6857d72032188a554b8142061419a6aa751e07a777d48d2311602f010f152db82ed7c1849706a5d750c0071de42e2b8216bd763929bea0bd6c0500d705d62c254d25be1d57e7dacd0742c1a7845261a84e1776d8dbb3eaa9af2dd97d6e4e1ea2b33a8b2bcc533d32609945e5b24824933506eb30bcfa14e8f6e22e7eab1447d858deb077268a490af9b67088bc247b0a9fdf8fe51c1dfedcd1bd167170a112abaf0d03678eaf877b80a2b2a85ef9857ef31ac668a000471bb3709f8a79edd82d0e652d5879a14c243ca90b4df2812d974bb49e"}, @generic="6e4f57cc5ccb5f04480d1c20518e7bd66b300ac610506bff21a5", @typed={0x8, 0x146, 0x0, 0x0, @uid=r6}]}, @typed={0x8, 0x80, 0x0, 0x0, @pid=r7}, @typed={0x4, 0x78}, @typed={0x4, 0x95}, @nested={0x82, 0x2a, 0x0, 0x1, [@generic="8a7570632f24d76c8d055091ee6c831c1cfd6e78d9d662883a772f287fdc7e26374f937dbe3794d48ffe44912a2614fdb00deccaba7fe7c974daecbb865e5b6d470cc906ca27d27a764dd4db85e679bb59891b1f1adf6f1bc1647132e48a51f5caa8b84d40e07905b190b75d1857b1b438b41845004e4ec0d9a7", @nested={0x4, 0x7a}]}]}]}, 0x37c}, 0x1, 0x0, 0x0, 0x48001}, 0x804) 4.279689428s ago: executing program 3 (id=2382): mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x80000000000000a, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) bind$auto(r0, &(0x7f0000000040)=@qipcrtr, 0x6a) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x14) mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) r2 = socket$nl_generic(0x10, 0x3, 0x10) connect$auto(0xffffffffffffffff, &(0x7f0000000200)=@generic={0x2, "a7d7363b4fd495c01bdb1a0f9518"}, 0x7ff) socket(0xf, 0x3, 0x2) write$auto(0xca, &(0x7f00000001c0)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) r3 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x28, r3, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @rand_addr=' \x01\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x814}, 0x4) sendmsg$auto_SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f0000000600)={0x248, r3, 0x10, 0x70bd29, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14, 0x1, @remote}, @SEG6_ATTR_SECRET={0xfc, 0x4, "9efdb2fb71b930c242a071136e5d9693e5e49664545284ba1d74bfd63ca060c01539e6e8d88def89fb50dda2171f599d590a2afbcd924a0d461f73d29017f5022e78345dd100fb180e1b9a2a8095b8007c5c39549878b48f8c6636012e0a44e60708b629d6f1181dbffabf9cd6f236c5f3881c24001b82dfcce546f445dac3dabadce3beb3c2c9e40a14e69d8c64a3adcbfd20376e25bfa0274fe40d41ea25b14cf6e69d1c15b9387ac8412e17aa32ba87662314a702a66bfd75159e2185116bc66d02d5917d7687f4aec817f85f1fa2b42506f7c05125f59c6be2cc456d364850ff7e7fdb3d812dc41dbb4d2a11fcbfe95ae9262bbcbc14"}, @SEG6_ATTR_HMACINFO={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0xe0, 0x0, 0x0, @fd=r1}]}, @SEG6_ATTR_HMACINFO={0x116, 0x7, 0x0, 0x1, [@generic="7ac6bd777d38739cc32b2141765ccd958be9f745ea93e2b382c194407d80b7d2cbd608c32f59df", @generic="7a8963d1dc1718a824fb9f1426434226c6b067f62600e6c2ae8368e425c8663c99f1a5fa8c7fa24f724e46b58ec01d87e8f0e8307128bedd900ab64cc1c29a7ec8345080289bc7f5fb19b0f45bb3d69276c8da8bcab14c1159a6ac07d91b317caf3bf0a97479831bbafa88072946172bf63b85fadb482f87a1f7a27375a519e0a6fd40845523bc01", @generic="9cc5927cbac3de22808429e82dd087b3f8c6bca8bd8e2f9eeca489bf577fcb707418768ad832edac6fe5bd850c8684f5ebdb0fb605f369accedaeda191b95dfe54a8fa63d16af4bd43ff404d7a73be67fdaa96ae0f4e3b27d3efcf0d0b075282e155c1"]}]}, 0x248}, 0x1, 0x0, 0x0, 0x44001}, 0x20000040) getsockopt$auto(r1, 0x84, 0x6c, 0x0, &(0x7f0000000280)=0x1000c0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_CREATE_VM(r4, 0x4048aecb, 0x0) 4.067407417s ago: executing program 3 (id=2383): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x90000, 0x30, 0x10}, 0x18) r1 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) mount_setattr$auto(r0, &(0x7f0000000080)='./file0\x00', 0x4, &(0x7f0000000100)={0x7fffffff, 0xb, 0x0, @inferred=r1}, 0x1) r2 = socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = socket(0x2c, 0x80003, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80040, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/devices/virtual/iscsi_transport/iser/caps\x00', 0x400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000c80)=""/74, 0x4a) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) open(0x0, 0x22240, 0x55) r6 = socket(0x10, 0x800, 0xa) mlockall$auto(0xfffffffd) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) r7 = syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, r2) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCR(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x104, r7, 0x300, 0x70bd27, 0x25dfdbff, {}, "b42cdf2c20ad6fdee54f2c54f267167111f457f50ad20d4a2c636c5f36f9378a466f4b1dbd0f451d67ba72c587c4396ecf111a5cc952e3e39e523e69891854e10e036a98276bea93dc951c66a6f04a7b929624d623e88ef2ae40d49984647d3cb295fb33b3e10bbf4d10c71c8e5e4eb23db2e31e41c23dc02998e9ebe6c293764037fe5efac60aca193b698ae0bd5eeb61cce6cf00a0403e34311fdd46eb62731986ce3727789da704e035fa0cd977cc8b04d1c310cbafbf63efd2e1cd92cfce7c9c0ec57701a31cdedc9f459211e42f94d92ba782fa487e2c882d8b15ab1b6d8f345875c5bb10eb4dbd3c127b8b2d7c"}, 0x104}}, 0x40) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(r3, 0x0, 0x109a8, 0xe000) r8 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r9 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r5) sendmsg$auto_NL80211_CMD_GET_REG(r8, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, r9, 0x618, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY_SELF_MANAGED_REG={0x4}]}, 0x18}}, 0x8000) r10 = socket(0x15, 0x2, 0x302) r11 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000500)='/proc/lockdep_stats\x00', 0x400, 0x0) read$auto_proc_iter_file_ops_compat_inode(r11, &(0x7f0000000540)=""/104, 0x68) setsockopt$auto(r10, 0x107, 0x9, 0x0, 0x20008004) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) 4.013079198s ago: executing program 0 (id=2384): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r1) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r3, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0}, 0x8800) sendmsg$auto_CTRL_CMD_GETPOLICY(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)={0x1c, r2, 0x301, 0x70b52c, 0x25dfdbfb, {}, [@CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x17}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r1) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f00000001c0)={{@inferred, 0x100110d, 0x10003, 0x6, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa00000000e1800000000000000000040000660e070100", @raw=0x7}, 0x6, 0x0, 0x4, @raw=0x404, @integer64={0x20006, 0x8, 0x6}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x40000, 0x0) read$auto(0x3, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) io_uring_setup$auto(0x6, 0x0) read$auto(0x3, 0x0, 0x80) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) getsockopt$auto(r0, 0x7ff, 0x100, &(0x7f0000000000)='/dev/dsp\x00', &(0x7f0000000040)=0x400) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0x42146, 0x0) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7ffe) mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) sysfs$auto(0x2, 0x4, 0x0) r5 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x400, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r5, 0x7a7, 0x0) fcntl$auto(0x8000000000000001, 0x5, 0x8) 3.883674497s ago: executing program 2 (id=2385): setsockopt$auto(0x3, 0x6a, 0x7, 0xffffffffffffffff, 0x3) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40008, 0xdb, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0x49, 0x0) clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) r0 = socket(0xa, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0x24, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x21, 0xa, 0x300) sendmmsg$auto(0x4, 0x0, 0x4009a5, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0x2000000000000eb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x802, 0x3a) connect$auto(0x3, 0x0, 0x55) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r1, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket(0x29, 0x2, 0x0) mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x101a02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) mincore$auto(0x1000, 0x8001, 0x0) 3.802939481s ago: executing program 3 (id=2386): alarm$auto(0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, 0x0, 0x4000800) mmap$auto(0x0, 0x22009, 0x4000000000df, 0xeb1, 0x401, 0x1) socket(0x9, 0x3, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r1 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/pci0000:00/0000:00:01.1/ata1/link1/dev1.1/ata_device/dev1.1/id\x00', 0x230240, 0x0) read$auto(r3, &(0x7f0000000240)='/\x00', 0x100000001) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(0x3, 0x0, 0xfffffffffffffff7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x8800) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x5cb01, 0x0) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x8183, 0x0) writev$auto(0x3, 0x0, 0x8) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000180), 0x20c00, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mincore$auto(0x1000, 0x8001, 0x0) read$auto(0x3, 0x0, 0x80) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) mmap$auto(0x0, 0x1, 0x20004000000000df, 0xeb1, r1, 0x5) unshare$auto(0x40000080) socket(0x12, 0x4, 0x440a) 3.533817696s ago: executing program 0 (id=2387): unshare$auto(0x40000080) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/ceph/parameters/disable_send_metrics\x00', 0xc0202, 0x0) write$auto(r0, &(0x7f0000000000)='P^\x00', 0x8) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r1, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) r4 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x401f, 0x1, 0x8e051, r4, 0x0) bpf$auto(0xd, 0x0, 0x6f5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x0, 0x40000003, 0x18, 0xfffffffffffffffa, 0xfffffffffffffff6) capget$auto(0x0, 0xfffffffffffffffe) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0) setns(0xffffffffffffffff, 0x60020000) umount2$auto(&(0x7f0000000080)='.\x00', 0xa) ioprio_set$auto(0x2, 0x800000000, 0x8) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) move_pages$auto(0x0, 0x5, 0x0, &(0x7f00000003c0)=0x1, 0x0, 0x2) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3, 0xfd}, 0x6a) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 3.42635354s ago: executing program 1 (id=2388): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRESOCT, @ANYBLOB="01002dbd7000fddbdf252e0ac58108000300", @ANYRES32=r0], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097f751b33e}, 0x80) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/cpuid/cpu0/uevent\x00', 0x20400, 0x0) r3 = timerfd_create$auto_CLOCK_BOOTTIME_ALARM(0x9, 0x7) close_range$auto(r2, r3, 0x9) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000002140)=""/64, 0x40) ptrace$auto(0x10, r1, 0x4, 0x7ff) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000980)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYRES64, @ANYRES32=r5, @ANYBLOB="24002d8014001000fe80000000000000800000000000004196"], 0x40}}, 0x4000000) ptrace$auto(0x2, r1, 0x3, 0x4f) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyt2\x00', 0x40000, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_TO(0x2, 0x2, r1, 0x7, 0x7dd) mmap$auto(0x0, 0x2020409, 0xa, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0x2003f0, 0x15) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14d680, 0x0) ioctl$auto_BLKTRACESETUP(r6, 0xc0481273, &(0x7f00000000c0)={"2252f65ca1b92f72a92538725b0694521629e8c3e6ba91c62e2e9d42cf4aef15", 0x4, 0xba, 0x8000, 0x6, 0xff}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x15, 0x80000, 0x0) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="d8010000", @ANYRES16, @ANYBLOB="01002dbd7000fcdbdf25010000000c0002000500000000000000c5000700c1007cf7c27c120e3984130834a73f9221887ac28e443c4a1a7da8d2ddcf2890cce5822826764f3f410e53f43f300d2e04"], 0x1d8}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRESHEX, @ANYBLOB="00022abd7000fbdbdf2502e0", @ANYBLOB="74ceb5bc416afc74e2a7da7bd3f3ba24a214ccd07339533e0dd99be374bcdf84fe"], 0x24}, 0x1, 0x0, 0x0, 0x850}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRES64=0x0], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.70963835s ago: executing program 1 (id=2389): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0xc2481, 0x0) socket(0x1d, 0x2, 0x6) socket(0x2, 0x1, 0x0) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/tracing/trace_marker\x00', 0x201, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/ram14/queue/virt_boundary_mask\x00', 0x0, 0x0) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/nbd12/sched/batching\x00', 0x143642, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x29, 0x5, 0x0) r1 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) open_by_handle_at$auto(r1, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6) pread64$auto(r0, 0x0, 0x3fc, 0x4000000000000006) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcsa1\x00', 0x1, 0x0) socket(0xa, 0x3, 0x3a) socketpair$auto(0x1e, 0x5, 0xfffffffc, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x1f, 0x0) 2.41427746s ago: executing program 1 (id=2390): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000100), 0xffffffffffffffff) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) sysfs$auto(0x2, 0x10000000000002e, 0x0) r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000180)="4d000000c19906bc4ed3c89946f049a8bb8bbf8b44ae5a5f02f3502fc5cc3655ada1f6e6e9e320fb280928bbfd1e1ff9e69c8e9eb64e67aad0020b95220712e094e581065d6370bc22be7f", 0x4b) r1 = socket(0x27, 0x800, 0xa5) sendmsg$auto_NL80211_CMD_GET_REG(r1, 0x0, 0x2404c004) r2 = socket(0x2, 0x6, 0x0) mmap$auto(0x0, 0x7, 0x3, 0x13, r2, 0x100000004) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd2\x00', 0x8df41, 0x0) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) open(0x0, 0xeee00, 0x31) socket(0x15, 0xa, 0x5) socket(0x2, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x0, @multicast1}, 0x54) mmap$auto(0x0, 0xb, 0x10000, 0x16, 0x401, 0x8) r4 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r4, 0x29, 0x3c, 0x0, 0x110) syz_clone(0x40000000, 0x0, 0x25, 0x0, 0x0, 0x0) ioperm$auto(0x3, 0x8001, 0x2000000000000149) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) 1.862904006s ago: executing program 3 (id=2391): r0 = socket(0x2, 0x6, 0x0) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) write$auto_sg_fops_sg(r1, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e) connect$auto(0xffffffffffffffff, &(0x7f0000000180)=@phonet={0x23, 0x9, 0x7, 0x9}, 0x55) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NCSI_CMD_PKG_INFO(r2, 0x0, 0x44088) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r3 = socket(0x21, 0x2, 0x2) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r4 = socket(0x21, 0x2, 0xa) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x0) fcntl$auto_F_SETSIG(r0, 0xa, 0xfffffffffffffd29) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$auto_USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) socket(0x21, 0x3, 0x9) prctl$auto(0x3e, 0x0, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/036/001\x00', 0x40e05, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) 1.826228969s ago: executing program 2 (id=2392): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r1, 0x0, 0x9) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r2 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x5, 0x0) syz_clone3(&(0x7f0000000200)={0x383281180, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x60840, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) r3 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x129600, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_DRAIN2(r3, 0x4144, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(r0, 0x0, 0x4000) splice$auto(r0, 0x0, 0xffffffffffffffff, 0x0, 0xb, 0xf) mmap$auto(0x0, 0x2020007, 0xffffffffffffffff, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r4, 0x1, r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@link_update={r4, @new_prog_fd=0x4, 0x4, @old_map_fd=r5}, 0xa3) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0x3, 0x0, 0x3}, 0x4) 1.520626038s ago: executing program 0 (id=2393): mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x80000000000000a, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) bind$auto(r0, &(0x7f0000000040)=@qipcrtr, 0x6a) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x14) mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) r2 = socket$nl_generic(0x10, 0x3, 0x10) connect$auto(0xffffffffffffffff, &(0x7f0000000200)=@generic={0x2, "a7d7363b4fd495c01bdb1a0f9518"}, 0x7ff) socket(0xf, 0x3, 0x2) write$auto(0xca, &(0x7f00000001c0)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) r3 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x28, r3, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @rand_addr=' \x01\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x814}, 0x4) sendmsg$auto_SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f0000000600)={0x244, r3, 0x10, 0x70bd29, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14, 0x1, @remote}, @SEG6_ATTR_SECRET={0xfc, 0x4, "9efdb2fb71b930c242a071136e5d9693e5e49664545284ba1d74bfd63ca060c01539e6e8d88def89fb50dda2171f599d590a2afbcd924a0d461f73d29017f5022e78345dd100fb180e1b9a2a8095b8007c5c39549878b48f8c6636012e0a44e60708b629d6f1181dbffabf9cd6f236c5f3881c24001b82dfcce546f445dac3dabadce3beb3c2c9e40a14e69d8c64a3adcbfd20376e25bfa0274fe40d41ea25b14cf6e69d1c15b9387ac8412e17aa32ba87662314a702a66bfd75159e2185116bc66d02d5917d7687f4aec817f85f1fa2b42506f7c05125f59c6be2cc456d364850ff7e7fdb3d812dc41dbb4d2a11fcbfe95ae9262bbcbc14"}, @SEG6_ATTR_HMACINFO={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0xe0, 0x0, 0x0, @fd=r1}]}, @SEG6_ATTR_HMACINFO={0x113, 0x7, 0x0, 0x1, [@generic="7ac6bd777d38739cc32b2141765ccd958be9f745ea93e2b382c194407d80b7d2cbd608", @generic="7a8963d1dc1718a824fb9f1426434226c6b067f62600e6c2ae8368e425c8663c99f1a5fa8c7fa24f724e46b58ec01d87e8f0e8307128bedd900ab64cc1c29a7ec8345080289bc7f5fb19b0f45bb3d69276c8da8bcab14c1159a6ac07d91b317caf3bf0a97479831bbafa88072946172bf63b85fadb482f87a1f7a27375a519e0a6fd40845523bc01fc", @generic="9cc5927cbac3de22808429e82dd087b3f8c6bca8bd8e2f9eeca489bf577fcb707418768ad832edac6fe5bd850c8684f5ebdb0fb605f369accedaeda191b95dfe54a8fa63d16af4bd43ff404d7a73be67fdaa96ae0f4e3b27d3efcf0d0b075282e155c1"]}]}, 0x244}, 0x1, 0x0, 0x0, 0x44001}, 0x20000040) getsockopt$auto(r1, 0x84, 0x6c, 0x0, &(0x7f0000000280)=0x1000c0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_CREATE_VM(r4, 0x4048aecb, 0x0) 1.241314135s ago: executing program 0 (id=2394): openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) msgctl$auto_MSG_INFO(0x7ff, 0xc, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48090}, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x40}, 0x6a) r0 = socket(0xa, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0xbb, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x9}, 0x1, 0x208008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@hci={0x1f, 0x4, 0x1}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x1, 0x0, 0x9, 0x0, 0x80, 0xb}, 0x800009}, 0x5, 0x20000000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r1) sendmsg$auto_NL80211_CMD_DISASSOCIATE(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x54}, 0x1) r2 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0xa, 0xdc, 0x9b72, 0x5, 0x8002) getsockopt$auto(r2, 0x84, 0x1b, 0x0, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/card0/pcm0p/sub7/hw_params\x00', 0x422600, 0x0) mlockall$auto(0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0x0) r4 = socket(0xa, 0x5, 0x84) sendto$auto(r4, 0x0, 0x401, 0x8, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb8000"}, 0x1c) read$auto(r3, 0x0, 0x9) read$auto(0x3, 0x0, 0xfdef) 532.469325ms ago: executing program 1 (id=2395): r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/pci0000:00/0000:00:03.0/consistent_dma_mask_bits\x00', 0x0, 0x0) connect$auto(r0, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @host}, 0x5) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/40, 0x28) openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, &(0x7f0000000000), 0x80100, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) socket(0xa, 0x3, 0x87) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/slab/kmalloc-64/min_partial\x00', 0x501, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/009/001\x00', 0x0, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r2, 0xc1105511, 0x0) r3 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) shmctl$auto(0x5, 0x2, &(0x7f00000003c0)={{0x1ff, 0x0, 0xee01, 0x5, 0x3, 0x47, 0x1}, 0xcb, 0x0, 0xd4, 0xd, @inferred=0xffffffffffffffff, @inferred, 0x8, 0x0, &(0x7f00000002c0)="daed121697c1579f8d796bbb74618cdb166715259de14e164fe26d98d61115fbd10d01bfa59eff78f91ea4ecbd0665c0b42a2c474a7d30a72dce93f4184ef855371e0bcc8ba8d7d8727aeb4de7e8bff94bdc021f01d62f289f9bd6634cac09e8ef7daf48353a16d56ef30d6e320d250fefb6b9b7a8cfdd6f09938a17a03dbec7b41184a9678c132f37094dc7826c49d98e1a10c642c4d62966a4b605ca00dc943fad9c7ab9f27d36a42a13e93b508b3e52c52f88f0725f9a2839b4aad11e453f68e06ab44d71c33fa081d7308eb489b551c0b0fd6856788552409eb88dd69b351ee47804cbf9fdebd9222261f16362", &(0x7f0000000180)="d27acdaef64255b9cbdbba08f6131509ff6b53e570fb9653087d1a4a837cf118d3055bac3155884ee59c3bd2488bef788f7a5ca71bcda100a142c517acb5a0a0bd5fa0f4a43b3ac82d3079eee9eefe48069748a5f1f0de6e662407875018cba815a16269dc7f28a1971bf573aa727af36e03eb91671f308db368facdd3b9c0918ff30b554a74573e788192889bd6c74cb0758707d6cfe887bebdcb74e5dfe6ca9ac59e5981be3871b1d7394ecf54"}) setuid$auto(r4) ioctl$auto_posix_clock_file_operations_posix_clock(r3, 0x40043d04, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4400000000df, 0xc157, 0x101000000000000, 0x7) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) mq_open$auto(&(0x7f0000000000)='/dev/sequencer2\x00', 0x5, 0x3, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) read$auto(r5, 0x0, 0xe8) 39.781263ms ago: executing program 3 (id=2396): unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x6) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/dummy0/stable_secret\x00', 0x100, 0x0) ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xfffffffffffffc00, &(0x7f0000000100)="a2b36d0449473b7bcbcd6d7f6186e9de29e708c62b9db37658c96e1ed364c5d867daa7438de65e6d2aa369df7e32e2c897c4bd029f0845c6b5196ced8ef9b1a53b4011ed14a904f19072629f7cc6ed922acba72edc667e917861d1e7dc8a72ee61bc9cca5caba2a46a9b0656a4da3fcde38b") socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x20) mq_open$auto(&(0x7f0000000200)='\\*)A\x00', 0x83, 0x9, 0x0) setresgid$auto(0x9, 0xffffffffffffffff, 0xffffffffffffffff) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x164, r3, 0x400, 0x70bd26, 0x25dfdbfe, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0x67, 0x1a, "340b2b76effd9d165c147cd1bc2074d354dbea2916e34de334ad7f28c7effc787793c6ef2d221e2728786daf8b13e486c26bf4772a5b65df05f7f40390363fcacd74150ef2b146be3f244c68138a6dd2ed2673e8395cad846d01c3d74d4db7ed69509b"}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x42}, @NL80211_ATTR_PREV_BSSID={0xcd, 0x4f, "fe7485fad71d3fbab3a8f3e8238fd32dca7350e2c9ee9fbee4206bccfb4d058c2f78f0301928c422269dd7481e0d61722c538832cb917bf5dae08c530da149dd2730106f830bcf674264c5f8f59b9d0cae2ab9e28af1d12bb98d940d4225939c05fb0bf4f74a37747e5cd935a4d1de9d842bbaa0d1f2c2c21867874978cd0bc4b4b8dc74de07767653838e5fc569065ed7ff66fc0ad739fe53e27cc6fd016346c29074e18d0c42638ecb3fc016052b45c1fa327e5630ed8b931b17b4ece9af726ad460f2da480bd114"}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x4e21}, @NL80211_ATTR_AP_SETTINGS_FLAGS={0x8, 0x135, 0x4}]}, 0x164}, 0x1, 0x0, 0x0, 0x40050c4}, 0x820) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xb, 0xb5, 0x10, 0x4, 0x53000000, 0xffffffffffffffff, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x4f4, 0x6}, 0x10) r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/028/001\x00', 0xa901, 0x0) get_robust_list$auto(0x1, 0x0, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r5, 0x802c550a, &(0x7f00000001c0)=ANY=[@ANYBLOB="020000000000000005"]) read$auto_mISDN_fops_timerdev(r4, &(0x7f0000001a00)=""/4097, 0x1001) ioctl$auto_IMADDTIMER(r4, 0x80044940, 0x0) sendmsg$auto_NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x90) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) 0s ago: executing program 1 (id=2397): mmap$auto(0x3, 0x8001, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x880080, 0x0) bpf$auto(0x40000e, &(0x7f00000002c0)=@bpf_attr_4={0x2, r0, 0x1, r0}, 0x5) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) r1 = open(0x0, 0x222ac2, 0x5d745cb200ae4d73) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x8000000}, 0x3, 0xf8, 0x10) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/oom_adj\x00', 0x4000, 0x0) read$auto(r2, 0x0, 0x1f40) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/loop12/queue/nr_requests\x00', 0x80302, 0x0) mmap$auto(0x0, 0x4, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8002008000) read$auto(r3, 0x0, 0xf30) write$auto(0x3, 0x0, 0xffd8) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="0956feb11fa823ac510530d808002bbd7000fc606ebb000000006b7cdbdf000000000000000000070000"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x24004000) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/kvm/guest_mode\x00', 0x100, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) r5 = gettid() openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000080), 0x10001, 0x0) r6 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/7u\x00', 0x28000, 0x0) read$auto_mon_fops_text_t_mon_text(r6, 0x0, 0x0) kill$auto(r5, 0x11) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) open(0x0, 0x22240, 0x2) socket(0x6, 0x5, 0x4) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) kernel console output (not intermixed with test programs): __sys_sendmsg+0x16d/0x220 [ 504.989351][T11285] ? __pfx___sys_sendmsg+0x10/0x10 [ 504.989380][T11285] ? __x64_sys_futex+0x1e0/0x4c0 [ 504.989415][T11285] ? rcu_is_watching+0x12/0xc0 [ 504.989447][T11285] do_syscall_64+0xcd/0x230 [ 504.989486][T11285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.989510][T11285] RIP: 0033:0x7f1225f8e969 [ 504.989529][T11285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 504.989553][T11285] RSP: 002b:00007f1226d45038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 504.989575][T11285] RAX: ffffffffffffffda RBX: 00007f12261b5fa0 RCX: 00007f1225f8e969 [ 504.989597][T11285] RDX: 0000000004000800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 504.989611][T11285] RBP: 00007f1226010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 504.989626][T11285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 504.989640][T11285] R13: 0000000000000000 R14: 00007f12261b5fa0 R15: 00007ffcf8a92cb8 [ 504.989671][T11285] [ 506.563909][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.571892][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.309329][T11299] could not allocate digest TFM handle binfmt_misc [ 507.529145][T11297] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe00000 pfn:0x7fe00 [ 507.668377][T11297] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 507.694718][ T55] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 507.819112][T11297] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 507.954365][T11297] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 507.963095][T11297] raw: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 508.127218][T11297] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 508.246502][T11297] head: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 508.307832][T11297] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 508.365283][T11297] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 508.443378][T11297] page dumped because: unmovable page [ 508.484905][T11297] page_owner tracks the page as allocated [ 508.490640][T11297] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 73821280223, free_ts 73693078997 [ 508.610975][T11297] post_alloc_hook+0x181/0x1b0 [ 508.635102][T11297] get_page_from_freelist+0x135c/0x3920 [ 508.676906][T11297] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 508.682849][T11297] alloc_pages_mpol+0x1fb/0x550 [ 508.714128][T11297] alloc_pages_noprof+0x131/0x390 [ 508.719201][T11297] skb_page_frag_refill+0x186/0x5a0 [ 508.765097][T11297] try_fill_recv+0x79c/0x2690 [ 508.769808][T11297] virtnet_poll+0x1e23/0x3c00 [ 508.813564][T11297] __napi_poll.constprop.0+0xb7/0x550 [ 508.818965][T11297] net_rx_action+0xa97/0x1010 [ 508.853637][T11297] handle_softirqs+0x219/0x8e0 [ 508.858425][T11297] __irq_exit_rcu+0x109/0x170 [ 508.897783][T11297] irq_exit_rcu+0x9/0x30 [ 508.902049][T11297] common_interrupt+0xbf/0xe0 [ 508.942405][T11297] asm_common_interrupt+0x26/0x40 [ 508.973674][T11297] page last free pid 5678 tgid 5678 stack trace: [ 508.980039][T11297] __free_frozen_pages+0x69d/0xff0 [ 509.015186][T11297] __folio_put+0x329/0x450 [ 509.035331][T11297] skb_release_data+0x618/0x960 [ 509.040234][T11297] skb_attempt_defer_free+0x1b0/0x620 [ 509.085193][T11297] tcp_recvmsg_locked+0x1251/0x2880 [ 509.090414][T11297] tcp_recvmsg+0x12f/0x680 [ 509.135362][T11297] inet_recvmsg+0x12a/0x6a0 [ 509.139920][T11297] sock_recvmsg+0x1b2/0x250 [ 509.184530][T11297] sock_read_iter+0x2b9/0x3b0 [ 509.223800][T11297] vfs_read+0xaa3/0xc70 [ 509.227992][T11297] ksys_read+0x205/0x240 [ 509.232993][T11297] do_syscall_64+0xcd/0x230 [ 509.298053][T11297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.002222][T11338] netlink: 20 bytes leftover after parsing attributes in process `syz.3.995'. [ 511.012672][ T55] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 511.100545][T11338] bdi 43:96: the stable_pages_required attribute has been removed. Use the stable_writes queue attribute instead. [ 511.843520][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 511.843547][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 511.858760][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 511.858811][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 512.152882][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 512.152910][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 512.174099][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 512.174143][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 512.398476][ T55] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 512.598323][ T30] audit: type=1800 audit(6042394788.218:61): pid=11358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.999" name="dbroot" dev="configfs" ino=29143 res=0 errno=0 [ 514.116495][T11362] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 514.155125][T11362] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 514.207844][T11362] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 515.960564][T11400] Invalid ELF header magic: != ELF [ 517.238036][T11417] could not allocate digest TFM handle binfmt_misc [ 517.896571][T11435] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe00000 pfn:0x7fe00 [ 518.045820][T11435] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 518.161397][T11435] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 518.366964][T11435] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 518.388258][ T55] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 518.686384][ T30] audit: type=1800 audit(6042394802.285:62): pid=11445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1013" name="dbroot" dev="configfs" ino=29404 res=0 errno=0 [ 518.868157][T11435] raw: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 519.137685][T11435] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 519.946647][T11435] head: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 520.254220][T11435] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 520.352339][T11435] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 520.397278][T11435] page dumped because: unmovable page [ 520.402761][T11435] page_owner tracks the page as allocated [ 520.456451][T11435] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 73821280223, free_ts 73693078997 [ 520.553547][T11435] post_alloc_hook+0x181/0x1b0 [ 520.558349][T11435] get_page_from_freelist+0x135c/0x3920 [ 520.605188][T11435] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 520.633534][T11435] alloc_pages_mpol+0x1fb/0x550 [ 520.659256][T11435] alloc_pages_noprof+0x131/0x390 [ 520.675705][T11435] skb_page_frag_refill+0x186/0x5a0 [ 520.717624][T11435] try_fill_recv+0x79c/0x2690 [ 520.722328][T11435] virtnet_poll+0x1e23/0x3c00 [ 520.750777][T11435] __napi_poll.constprop.0+0xb7/0x550 [ 520.782583][T11435] net_rx_action+0xa97/0x1010 [ 520.803833][T11435] handle_softirqs+0x219/0x8e0 [ 520.803864][T11435] __irq_exit_rcu+0x109/0x170 [ 520.803886][T11435] irq_exit_rcu+0x9/0x30 [ 520.803908][T11435] common_interrupt+0xbf/0xe0 [ 520.803930][T11435] asm_common_interrupt+0x26/0x40 [ 520.803951][T11435] page last free pid 5678 tgid 5678 stack trace: [ 520.803964][T11435] __free_frozen_pages+0x69d/0xff0 [ 520.803983][T11435] __folio_put+0x329/0x450 [ 520.804009][T11435] skb_release_data+0x618/0x960 [ 520.804034][T11435] skb_attempt_defer_free+0x1b0/0x620 [ 520.804052][T11435] tcp_recvmsg_locked+0x1251/0x2880 [ 520.804070][T11435] tcp_recvmsg+0x12f/0x680 [ 520.804087][T11435] inet_recvmsg+0x12a/0x6a0 [ 520.804117][T11435] sock_recvmsg+0x1b2/0x250 [ 520.804146][T11435] sock_read_iter+0x2b9/0x3b0 [ 520.804175][T11435] vfs_read+0xaa3/0xc70 [ 520.804193][T11435] ksys_read+0x205/0x240 [ 520.804211][T11435] do_syscall_64+0xcd/0x230 [ 520.804241][T11435] entry_SYSCALL_64_after_hwframe+0x77/0x7f syzkaller syzkaller login: [ 522.940107][T11494] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 523.602147][T11502] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 523.914937][ T55] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 525.365572][T11522] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 525.487113][ T55] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 525.568228][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 525.568255][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 525.583038][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 525.583079][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 525.917350][ T55] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 526.012076][T11535] binder: 11534:11535 ioctl 40046210 0 returned -14 [ 526.321537][T11543] ceph: Failed to parse sending metrics switch value 'P^' [ 526.603768][T11543] Invalid ELF header magic: != ELF [ 528.139953][T11560] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1037'. [ 529.115364][ T55] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 529.237514][T11572] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe00000 pfn:0x7fe00 [ 529.404158][T11572] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 529.599669][T11572] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 529.656400][T11582] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1042'. [ 529.728837][T11572] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 529.879919][T11572] raw: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 530.102216][T11572] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 530.245166][T11572] head: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 530.446291][T11572] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 530.565694][T11572] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 530.767441][T11572] page dumped because: unmovable page [ 530.772853][T11572] page_owner tracks the page as allocated [ 530.904833][T11572] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 73821280223, free_ts 73693078997 [ 531.060219][T11572] post_alloc_hook+0x181/0x1b0 [ 531.103651][T11572] get_page_from_freelist+0x135c/0x3920 [ 531.163615][T11572] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 531.217787][T11572] alloc_pages_mpol+0x1fb/0x550 [ 531.246838][T11572] alloc_pages_noprof+0x131/0x390 [ 531.292531][T11572] skb_page_frag_refill+0x186/0x5a0 [ 531.331559][T11572] try_fill_recv+0x79c/0x2690 [ 531.361197][T11572] virtnet_poll+0x1e23/0x3c00 [ 531.390193][T11572] __napi_poll.constprop.0+0xb7/0x550 [ 531.431782][T11572] net_rx_action+0xa97/0x1010 [ 531.477517][T11572] handle_softirqs+0x219/0x8e0 [ 531.494630][T11572] __irq_exit_rcu+0x109/0x170 [ 531.499345][T11572] irq_exit_rcu+0x9/0x30 [ 531.556686][T11572] common_interrupt+0xbf/0xe0 [ 531.561421][T11572] asm_common_interrupt+0x26/0x40 [ 531.585238][T11572] page last free pid 5678 tgid 5678 stack trace: [ 531.622055][T11572] __free_frozen_pages+0x69d/0xff0 [ 531.636771][T11572] __folio_put+0x329/0x450 [ 531.658301][T11572] skb_release_data+0x618/0x960 [ 531.695783][T11572] skb_attempt_defer_free+0x1b0/0x620 [ 531.701206][T11572] tcp_recvmsg_locked+0x1251/0x2880 [ 531.733697][T11572] tcp_recvmsg+0x12f/0x680 [ 531.763539][T11572] inet_recvmsg+0x12a/0x6a0 [ 531.772175][T11572] sock_recvmsg+0x1b2/0x250 [ 531.788866][T11572] sock_read_iter+0x2b9/0x3b0 [ 531.798973][T11572] vfs_read+0xaa3/0xc70 [ 531.803151][T11572] ksys_read+0x205/0x240 [ 531.817648][T11572] do_syscall_64+0xcd/0x230 [ 531.827758][T11572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.380158][T11594] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.3.1044: bg 4: bad block bitmap checksum [ 532.510709][T11594] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 74 [ 532.654217][T11594] EXT4-fs (sda1): This should not happen!! Data will be lost [ 532.654217][T11594] [ 533.546308][T11616] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 534.201852][T11623] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1049'. [ 534.666137][T11628] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 534.713216][T11627] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 534.760248][T11627] EXT4-fs (sda1): This should not happen!! Data will be lost [ 534.760248][T11627] [ 534.937452][T11630] erspan0: entered allmulticast mode [ 535.500917][T11643] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 535.669013][T11643] EXT4-fs (sda1): This should not happen!! Data will be lost [ 535.669013][T11643] [ 535.856616][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 535.856646][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 535.871882][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 535.871932][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 536.265996][ T55] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 536.351479][T11662] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 536.475641][T11662] EXT4-fs (sda1): This should not happen!! Data will be lost [ 536.475641][T11662] [ 538.058385][ T55] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 538.138008][ T30] audit: type=1800 audit(6042394869.762:63): pid=11684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1062" name="dbroot" dev="configfs" ino=30154 res=0 errno=0 [ 539.949443][T11683] Invalid ELF header magic: != ELF [ 540.117528][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 540.117556][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 540.134413][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 540.134456][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 540.972218][ T55] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 541.044946][ T30] audit: type=1800 audit(6042394880.667:64): pid=11723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1070" name="dbroot" dev="configfs" ino=30269 res=0 errno=0 syzkaller syzkaller login: [ 542.851927][T11733] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 542.993789][T11733] EXT4-fs (sda1): This should not happen!! Data will be lost [ 542.993789][T11733] [ 544.096598][T11751] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 544.157966][T11751] EXT4-fs (sda1): This should not happen!! Data will be lost [ 544.157966][T11751] [ 544.210416][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 544.210441][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 544.225631][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 544.225675][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 545.064121][T11768] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 545.325940][T11765] erspan0: entered allmulticast mode [ 545.890083][T11783] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 548.369442][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 548.369473][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 548.390359][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 548.390405][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 548.898892][T11811] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 549.389452][T11817] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1090'. [ 549.611126][T11822] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe00000 pfn:0x7fe00 [ 549.626780][T11821] FAULT_INJECTION: forcing a failure. [ 549.626780][T11821] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 549.647321][T11822] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 549.664595][T11821] CPU: 1 UID: 0 PID: 11821 Comm: syz.3.1091 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 549.664624][T11821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 549.664638][T11821] Call Trace: [ 549.664644][T11821] [ 549.664652][T11821] dump_stack_lvl+0x16c/0x1f0 [ 549.664689][T11821] should_fail_ex+0x512/0x640 [ 549.664725][T11821] _copy_from_user+0x2e/0xd0 [ 549.664760][T11821] copy_msghdr_from_user+0x98/0x160 [ 549.664786][T11821] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 549.664826][T11821] ___sys_sendmsg+0xfe/0x1d0 [ 549.664853][T11821] ? __pfx____sys_sendmsg+0x10/0x10 [ 549.664910][T11821] __sys_sendmsg+0x16d/0x220 [ 549.664936][T11821] ? __pfx___sys_sendmsg+0x10/0x10 [ 549.664962][T11821] ? __x64_sys_futex+0x1e0/0x4c0 [ 549.664993][T11821] ? rcu_is_watching+0x12/0xc0 [ 549.665021][T11821] do_syscall_64+0xcd/0x230 [ 549.665055][T11821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.665077][T11821] RIP: 0033:0x7f87c498e969 [ 549.665093][T11821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 549.665114][T11821] RSP: 002b:00007f87c589d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 549.665134][T11821] RAX: ffffffffffffffda RBX: 00007f87c4bb5fa0 RCX: 00007f87c498e969 [ 549.665148][T11821] RDX: 0000000004000010 RSI: 0000200000000100 RDI: 0000000000000008 [ 549.665161][T11821] RBP: 00007f87c4a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 549.665175][T11821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 549.665187][T11821] R13: 0000000000000000 R14: 00007f87c4bb5fa0 R15: 00007ffcf6e1a418 [ 549.665213][T11821] [ 550.044523][T11822] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 550.052110][T11822] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 550.114887][T11822] raw: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 550.143257][T11822] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 550.179769][T11822] head: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 550.239036][T11822] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 550.249194][T11821] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1091'. [ 550.289006][T11822] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 550.316404][T11822] page dumped because: unmovable page [ 550.347272][T11822] page_owner tracks the page as allocated [ 550.374312][T11822] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 73821280223, free_ts 73693078997 [ 550.567795][T11822] post_alloc_hook+0x181/0x1b0 [ 550.572595][T11822] get_page_from_freelist+0x135c/0x3920 [ 550.621078][T11822] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 550.654279][T11822] alloc_pages_mpol+0x1fb/0x550 [ 550.676319][T11822] alloc_pages_noprof+0x131/0x390 [ 550.714473][T11822] skb_page_frag_refill+0x186/0x5a0 [ 550.719706][T11822] try_fill_recv+0x79c/0x2690 [ 550.763659][T11822] virtnet_poll+0x1e23/0x3c00 [ 550.777406][T11822] __napi_poll.constprop.0+0xb7/0x550 [ 550.804900][T11822] net_rx_action+0xa97/0x1010 [ 550.830371][T11822] handle_softirqs+0x219/0x8e0 [ 550.852733][T11822] __irq_exit_rcu+0x109/0x170 [ 550.876681][T11822] irq_exit_rcu+0x9/0x30 [ 550.900744][T11822] common_interrupt+0xbf/0xe0 [ 550.923480][T11822] asm_common_interrupt+0x26/0x40 [ 550.963681][T11822] page last free pid 5678 tgid 5678 stack trace: [ 551.017870][T11822] __free_frozen_pages+0x69d/0xff0 [ 551.055649][T11822] __folio_put+0x329/0x450 [ 551.086969][T11836] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1094'. [ 551.096368][T11822] skb_release_data+0x618/0x960 [ 551.101244][T11822] skb_attempt_defer_free+0x1b0/0x620 [ 551.153439][T11822] tcp_recvmsg_locked+0x1251/0x2880 [ 551.192998][T11822] tcp_recvmsg+0x12f/0x680 [ 551.231798][T11822] inet_recvmsg+0x12a/0x6a0 [ 551.267255][T11822] sock_recvmsg+0x1b2/0x250 [ 551.301663][T11822] sock_read_iter+0x2b9/0x3b0 [ 551.326630][T11822] vfs_read+0xaa3/0xc70 [ 551.351066][T11822] ksys_read+0x205/0x240 [ 551.394433][T11822] do_syscall_64+0xcd/0x230 [ 551.487312][T11822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.188794][T11870] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 555.860906][T11881] sctp: [Deprecated]: syz.3.1103 (pid 11881) Use of int in max_burst socket option. [ 555.860906][T11881] Use struct sctp_assoc_value instead [ 555.926759][T11881] ubi0: attaching mtd0 [ 555.950000][T11881] ubi0: scanning is finished [ 555.969460][T11881] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 556.284012][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 556.284049][ T55] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 556.299153][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 556.299196][ T55] Bluetooth: hci1: Malformed LE Event: 0x0d [ 556.367806][T11881] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 556.494325][T11892] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 557.415390][T11903] ubi0: attaching mtd0 [ 557.420689][T11903] ubi0: scanning is finished [ 557.500058][T11903] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 557.688060][T11907] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1109'. [ 557.785126][T11903] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 560.116715][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 560.116746][ T55] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 560.132142][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 560.132185][ T55] Bluetooth: hci1: Malformed LE Event: 0x0d [ 560.443690][T11947] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1119'. [ 560.627393][T11939] FAULT_INJECTION: forcing a failure. [ 560.627393][T11939] name failslab, interval 1, probability 0, space 0, times 0 [ 560.717498][T11939] CPU: 1 UID: 0 PID: 11939 Comm: syz.1.1116 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 560.717533][T11939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 560.717547][T11939] Call Trace: [ 560.717554][T11939] [ 560.717562][T11939] dump_stack_lvl+0x16c/0x1f0 [ 560.717603][T11939] should_fail_ex+0x512/0x640 [ 560.717638][T11939] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 560.717664][T11939] should_failslab+0xc2/0x120 [ 560.717694][T11939] __kmalloc_cache_noprof+0x6a/0x3e0 [ 560.717717][T11939] ? percpu_ref_init+0xec/0x410 [ 560.717756][T11939] ? __pfx_blkg_release+0x10/0x10 [ 560.717780][T11939] percpu_ref_init+0xec/0x410 [ 560.717809][T11939] ? kasan_save_track+0x14/0x30 [ 560.717836][T11939] blkg_alloc+0xea/0xb00 [ 560.717867][T11939] blkcg_init_disk+0x51/0x160 [ 560.717897][T11939] __alloc_disk_node+0x299/0x610 [ 560.717936][T11939] __blk_mq_alloc_disk+0x89/0x120 [ 560.717973][T11939] loop_add+0x496/0xb70 [ 560.718005][T11939] ? do_vfs_ioctl+0x512/0x1990 [ 560.718038][T11939] ? __pfx_loop_add+0x10/0x10 [ 560.718067][T11939] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 560.718118][T11939] ? find_held_lock+0x2b/0x80 [ 560.718145][T11939] loop_control_ioctl+0x13c/0x630 [ 560.718180][T11939] ? __pfx_loop_control_ioctl+0x10/0x10 [ 560.718218][T11939] ? __pfx_loop_control_ioctl+0x10/0x10 [ 560.718253][T11939] __x64_sys_ioctl+0x193/0x200 [ 560.718288][T11939] do_syscall_64+0xcd/0x230 [ 560.718325][T11939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.718349][T11939] RIP: 0033:0x7f76dad8e969 [ 560.718366][T11939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 560.718388][T11939] RSP: 002b:00007f76dbc8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 560.718410][T11939] RAX: ffffffffffffffda RBX: 00007f76dafb5fa0 RCX: 00007f76dad8e969 [ 560.718425][T11939] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 560.718458][T11939] RBP: 00007f76dae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 560.718472][T11939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 560.718486][T11939] R13: 0000000000000000 R14: 00007f76dafb5fa0 R15: 00007ffcf20c1138 [ 560.718515][T11939] [ 561.061214][T11955] Invalid ELF header magic: != ELF [ 562.023868][T11972] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1122'. [ 562.881803][T11985] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1126'. [ 563.096097][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 563.096128][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 563.118454][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 563.118497][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 564.339068][T12008] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1130'. [ 564.470715][T12005] busy [ 565.538370][ T36] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 565.610771][ T36] EXT4-fs (sda1): This should not happen!! Data will be lost [ 565.610771][ T36] [ 565.767130][T12031] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1135'. [ 565.819953][T12031] bridge_slave_1: left allmulticast mode [ 565.857447][T12031] bridge_slave_1: left promiscuous mode [ 565.884016][T12031] bridge0: port 2(bridge_slave_1) entered disabled state [ 565.932799][T12031] bridge_slave_0: left allmulticast mode [ 565.972267][T12031] bridge_slave_0: left promiscuous mode [ 566.002220][T12031] bridge0: port 1(bridge_slave_0) entered disabled state [ 567.186123][ T55] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 567.938767][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.945202][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.513830][T12083] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1143'. [ 569.162016][T12096] FAULT_INJECTION: forcing a failure. [ 569.162016][T12096] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 569.175883][T12096] CPU: 1 UID: 0 PID: 12096 Comm: syz.1.1145 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 569.175915][T12096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 569.175929][T12096] Call Trace: [ 569.175936][T12096] [ 569.175945][T12096] dump_stack_lvl+0x16c/0x1f0 [ 569.175990][T12096] should_fail_ex+0x512/0x640 [ 569.176026][T12096] ? page_copy_sane+0xcd/0x2d0 [ 569.176064][T12096] copy_page_from_iter_atomic+0x3ad/0x1950 [ 569.176094][T12096] ? do_raw_read_unlock+0x44/0xe0 [ 569.176138][T12096] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 569.176162][T12096] ? shmem_write_begin+0x176/0x300 [ 569.176194][T12096] ? __pfx_shmem_write_begin+0x10/0x10 [ 569.176226][T12096] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 569.176267][T12096] ? __pfx_timestamp_truncate+0x10/0x10 [ 569.176297][T12096] generic_perform_write+0x22c/0x930 [ 569.176336][T12096] ? __pfx_generic_perform_write+0x10/0x10 [ 569.176367][T12096] ? inode_needs_update_time.part.0+0x191/0x270 [ 569.176410][T12096] shmem_file_write_iter+0x10e/0x140 [ 569.176448][T12096] vfs_write+0x5bd/0x1180 [ 569.176472][T12096] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 569.176509][T12096] ? __pfx___mutex_lock+0x10/0x10 [ 569.176546][T12096] ? __pfx_vfs_write+0x10/0x10 [ 569.176589][T12096] ksys_write+0x12a/0x240 [ 569.176613][T12096] ? __pfx_ksys_write+0x10/0x10 [ 569.176634][T12096] ? rcu_is_watching+0x12/0xc0 [ 569.176665][T12096] do_syscall_64+0xcd/0x230 [ 569.176704][T12096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.176728][T12096] RIP: 0033:0x7f76dad8e969 [ 569.176746][T12096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.176770][T12096] RSP: 002b:00007f76dbc6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 569.176792][T12096] RAX: ffffffffffffffda RBX: 00007f76dafb6080 RCX: 00007f76dad8e969 [ 569.176807][T12096] RDX: 000000000000b8c5 RSI: 0000200000000280 RDI: 0000000000000009 [ 569.176821][T12096] RBP: 00007f76dae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 569.176836][T12096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 569.176850][T12096] R13: 0000000000000000 R14: 00007f76dafb6080 R15: 00007ffcf20c1138 [ 569.176881][T12096] [ 569.637803][T12098] EXT4-fs error (device sda1): ext4_discard_preallocations:5601: comm syz.1.1145: Error -117 reading block bitmap for 4 [ 571.636782][T12110] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 571.928733][T12134] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input23 [ 572.388174][T12132] could not allocate digest TFM handle binfmt_misc [ 574.785761][T12158] ubi0: attaching mtd0 [ 574.791161][T12158] ubi0: scanning is finished [ 574.935062][T12158] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 575.474285][T12158] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 578.692218][ T55] Bluetooth: hci2: Malformed HCI Event: 0x22 [ 578.987804][ T55] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 579.089885][ T30] audit: type=1800 audit(6042394934.707:65): pid=12233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1169" name="dbroot" dev="configfs" ino=32473 res=0 errno=0 [ 581.112487][T12249] ima: policy update failed [ 581.138586][ T30] audit: type=1802 audit(6042394936.757:66): pid=12249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1171" res=0 errno=0 [ 581.169354][T12249] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1171'. [ 582.758378][T12261] FAULT_INJECTION: forcing a failure. [ 582.758378][T12261] name failslab, interval 1, probability 0, space 0, times 0 [ 582.835076][T12261] CPU: 1 UID: 0 PID: 12261 Comm: syz.3.1174 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 582.835116][T12261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 582.835129][T12261] Call Trace: [ 582.835136][T12261] [ 582.835144][T12261] dump_stack_lvl+0x16c/0x1f0 [ 582.835181][T12261] should_fail_ex+0x512/0x640 [ 582.835229][T12261] ? kmem_cache_alloc_bulk_noprof+0x6d/0xbd0 [ 582.835256][T12261] should_failslab+0xc2/0x120 [ 582.835282][T12261] kmem_cache_alloc_bulk_noprof+0x85/0xbd0 [ 582.835310][T12261] ? trace_kmem_cache_alloc+0x28/0xc0 [ 582.835337][T12261] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 582.835361][T12261] ? mas_alloc_nodes+0x18b/0x8b0 [ 582.835390][T12261] ? mas_alloc_nodes+0x2f1/0x8b0 [ 582.835415][T12261] mas_alloc_nodes+0x2f1/0x8b0 [ 582.835447][T12261] mas_node_count_gfp+0x105/0x130 [ 582.835476][T12261] mas_preallocate+0x53e/0xcd0 [ 582.835501][T12261] ? __pfx_mas_preallocate+0x10/0x10 [ 582.835529][T12261] ? anon_vma_name+0x75/0x100 [ 582.835561][T12261] __split_vma+0x33b/0x1030 [ 582.835586][T12261] ? __pfx___split_vma+0x10/0x10 [ 582.835620][T12261] vma_modify+0x3b4/0x510 [ 582.835646][T12261] vma_modify_flags+0x212/0x2d0 [ 582.835670][T12261] ? __pfx_vma_modify_flags+0x10/0x10 [ 582.835691][T12261] ? mtree_range_walk+0x718/0xc00 [ 582.835729][T12261] ? mas_walk+0x6a6/0x910 [ 582.835758][T12261] mlock_fixup+0x27c/0xe50 [ 582.835785][T12261] apply_vma_lock_flags+0x261/0x390 [ 582.835811][T12261] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 582.835835][T12261] ? __pfx___might_resched+0x10/0x10 [ 582.835865][T12261] ? __pfx_down_write_killable+0x10/0x10 [ 582.835887][T12261] ? do_futex+0x122/0x350 [ 582.835911][T12261] do_mlock+0x2ac/0x810 [ 582.835933][T12261] ? __pfx___might_resched+0x10/0x10 [ 582.835957][T12261] ? __pfx_do_mlock+0x10/0x10 [ 582.835977][T12261] ? __x64_sys_futex+0x1e0/0x4c0 [ 582.835999][T12261] ? __x64_sys_futex+0x1e9/0x4c0 [ 582.836024][T12261] ? xfd_validate_state+0x5d/0x180 [ 582.836065][T12261] ? rcu_is_watching+0x12/0xc0 [ 582.836093][T12261] __x64_sys_mlock+0x59/0x80 [ 582.836121][T12261] do_syscall_64+0xcd/0x230 [ 582.836160][T12261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.836184][T12261] RIP: 0033:0x7f87c498e969 [ 582.836217][T12261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 582.836241][T12261] RSP: 002b:00007f87c587c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 582.836264][T12261] RAX: ffffffffffffffda RBX: 00007f87c4bb6080 RCX: 00007f87c498e969 [ 582.836280][T12261] RDX: 0000000000000000 RSI: 0000000000007fff RDI: 0000000000007c88 [ 582.836296][T12261] RBP: 00007f87c4a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 582.836310][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 582.836325][T12261] R13: 0000000000000000 R14: 00007f87c4bb6080 R15: 00007ffcf6e1a418 [ 582.836356][T12261] [ 583.963767][T12268] ceph: Failed to parse sending metrics switch value 'P^' [ 584.499972][T12268] Invalid ELF header magic: != ELF [ 585.275433][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 585.275462][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 585.290453][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 585.290495][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 587.392358][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 587.392385][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 587.408210][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 587.408252][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 588.369427][T12324] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe00000 pfn:0x7fe00 [ 588.591234][T12324] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 588.628982][T12328] could not allocate digest TFM handle binfmt_misc [ 588.780507][T12324] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 588.953531][T12324] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 589.129448][T12324] raw: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 589.245914][T12324] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 589.423518][T12324] head: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 589.504270][T12324] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 589.676132][T12324] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 589.761461][T12324] page dumped because: unmovable page [ 589.853664][T12324] page_owner tracks the page as allocated [ 589.879686][T12324] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 73821280223, free_ts 73693078997 [ 590.011474][T12324] post_alloc_hook+0x181/0x1b0 [ 590.039533][T12324] get_page_from_freelist+0x135c/0x3920 [ 590.075250][T12324] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 590.118531][T12324] alloc_pages_mpol+0x1fb/0x550 [ 590.153126][T12324] alloc_pages_noprof+0x131/0x390 [ 590.188688][T12324] skb_page_frag_refill+0x186/0x5a0 [ 590.248035][T12324] try_fill_recv+0x79c/0x2690 [ 590.260302][T12324] virtnet_poll+0x1e23/0x3c00 [ 590.295930][T12324] __napi_poll.constprop.0+0xb7/0x550 [ 590.313228][T12324] net_rx_action+0xa97/0x1010 [ 590.337556][T12324] handle_softirqs+0x219/0x8e0 [ 590.393554][T12324] __irq_exit_rcu+0x109/0x170 [ 590.409987][T12324] irq_exit_rcu+0x9/0x30 [ 590.430075][T12324] common_interrupt+0xbf/0xe0 [ 590.453639][T12324] asm_common_interrupt+0x26/0x40 [ 590.477865][T12324] page last free pid 5678 tgid 5678 stack trace: [ 590.513530][T12324] __free_frozen_pages+0x69d/0xff0 [ 590.533486][T12324] __folio_put+0x329/0x450 [ 590.555561][T12324] skb_release_data+0x618/0x960 [ 590.560529][T12324] skb_attempt_defer_free+0x1b0/0x620 [ 590.603675][T12324] tcp_recvmsg_locked+0x1251/0x2880 [ 590.623538][T12324] tcp_recvmsg+0x12f/0x680 [ 590.643506][T12324] inet_recvmsg+0x12a/0x6a0 [ 590.664596][T12324] sock_recvmsg+0x1b2/0x250 [ 590.685984][T12324] sock_read_iter+0x2b9/0x3b0 [ 590.711024][T12324] vfs_read+0xaa3/0xc70 [ 590.744135][T12324] ksys_read+0x205/0x240 [ 590.755239][T12324] do_syscall_64+0xcd/0x230 [ 590.759787][T12324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.752741][T12348] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1197'. [ 591.843540][ T55] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 591.889451][ T30] audit: type=1800 audit(6042394955.507:67): pid=12358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1199" name="dbroot" dev="configfs" ino=33173 res=0 errno=0 [ 593.417246][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 593.417275][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 593.435979][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 593.436023][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 594.039905][ T55] Bluetooth: hci2: unexpected event 0x23 length: 12 < 13 [ 594.242531][T12382] Invalid ELF header magic: != ELF [ 594.742839][T12385] could not allocate digest TFM handle binfmt_misc [ 595.575584][ T55] Bluetooth: hci2: unexpected event 0x1d length: 6 > 5 [ 596.197973][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 596.205005][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 596.220200][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 596.220245][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 597.872999][T12434] ceph: Failed to parse sending metrics switch value 'P^' [ 598.068377][T12434] Invalid ELF header magic: != ELF [ 599.061331][T12443] could not allocate digest TFM handle binfmt_misc [ 599.484205][T12444] Invalid ELF header magic: != ELF [ 600.937720][T12485] Invalid ELF header magic: != ELF [ 603.632241][T12532] binder: 12531:12532 ioctl 40046205 38 returned -22 [ 604.158711][T12534] could not allocate digest TFM handle binfmt_misc [ 605.093594][T12543] ceph: Failed to parse sending metrics switch value 'P^' [ 605.355638][T12543] Invalid ELF header magic: != ELF [ 606.323930][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 606.323958][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 606.338777][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 606.338818][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 607.803526][T12597] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 608.152653][T12600] Invalid ELF header magic: != ELF [ 609.414628][T12638] netlink: 'syz.0.1271': attribute type 1 has an invalid length. [ 611.200068][T12677] tc_dump_action: action bad kind [ 611.579279][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 611.579311][ T55] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 611.597296][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 611.597346][ T55] Bluetooth: hci1: Malformed LE Event: 0x0d [ 612.730234][T12702] could not allocate digest TFM handle binfmt_misc [ 614.455075][T12738] could not allocate digest TFM handle binfmt_misc [ 618.556944][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 618.556975][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 618.571812][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 618.571859][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 619.126873][T12837] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1329'. [ 620.163896][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 620.163922][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 620.178925][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 620.178966][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 621.846071][T12898] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1348'. [ 622.548185][T12919] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1353'. [ 624.587142][T12962] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe00000 pfn:0x7fe00 [ 624.646588][T12962] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 624.715357][T12962] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 624.745867][T12962] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 624.896471][T12962] raw: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 625.044856][T12967] could not allocate digest TFM handle binfmt_misc [ 625.074409][T12962] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 625.256961][T12962] head: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 625.384106][T12962] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 625.524615][T12962] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 625.641567][T12981] could not allocate digest TFM handle binfmt_misc [ 625.706179][T12962] page dumped because: unmovable page [ 625.803723][T12962] page_owner tracks the page as allocated [ 625.847124][T12962] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 73821280223, free_ts 73693078997 [ 626.090151][T12962] post_alloc_hook+0x181/0x1b0 [ 626.117761][T12962] get_page_from_freelist+0x135c/0x3920 [ 626.161663][T12962] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 626.199564][T12962] alloc_pages_mpol+0x1fb/0x550 [ 626.245049][T12962] alloc_pages_noprof+0x131/0x390 [ 626.294682][T12962] skb_page_frag_refill+0x186/0x5a0 [ 626.300322][T12962] try_fill_recv+0x79c/0x2690 [ 626.394442][T12962] virtnet_poll+0x1e23/0x3c00 [ 626.427515][T12962] __napi_poll.constprop.0+0xb7/0x550 [ 626.432913][T12962] net_rx_action+0xa97/0x1010 [ 626.533506][T12962] handle_softirqs+0x219/0x8e0 [ 626.587269][T12962] __irq_exit_rcu+0x109/0x170 [ 626.602074][T12962] irq_exit_rcu+0x9/0x30 [ 626.620637][T12962] common_interrupt+0xbf/0xe0 [ 626.642174][T12962] asm_common_interrupt+0x26/0x40 [ 626.671768][T12962] page last free pid 5678 tgid 5678 stack trace: [ 626.706132][T12962] __free_frozen_pages+0x69d/0xff0 [ 626.728653][T12962] __folio_put+0x329/0x450 [ 626.750713][T12962] skb_release_data+0x618/0x960 [ 626.778125][T12962] skb_attempt_defer_free+0x1b0/0x620 [ 626.804995][T12962] tcp_recvmsg_locked+0x1251/0x2880 [ 626.830485][T12962] tcp_recvmsg+0x12f/0x680 [ 626.851455][T12962] inet_recvmsg+0x12a/0x6a0 [ 626.876438][T12962] sock_recvmsg+0x1b2/0x250 [ 626.901682][T12962] sock_read_iter+0x2b9/0x3b0 [ 626.923251][T12962] vfs_read+0xaa3/0xc70 [ 626.946829][T12962] ksys_read+0x205/0x240 [ 626.968629][T12962] do_syscall_64+0xcd/0x230 [ 626.994851][T12962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.509115][T13019] Invalid ELF header magic: != ELF [ 628.728336][T13036] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe00000 pfn:0x7fe00 [ 628.747058][T13036] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 628.766336][T13036] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 628.785683][T13036] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 628.833653][T13036] raw: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 628.969335][T13036] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 629.115511][T13036] head: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 629.188382][T13039] could not allocate digest TFM handle binfmt_misc [ 629.290206][T13036] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 629.382386][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.393561][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.439517][T13036] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 629.494977][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 629.495002][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 629.510437][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 629.510479][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 629.618533][T13036] page dumped because: unmovable page [ 629.721529][T13036] page_owner tracks the page as allocated [ 629.802377][T13036] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 73821280223, free_ts 73693078997 [ 629.912787][T13036] post_alloc_hook+0x181/0x1b0 [ 629.931267][T13036] get_page_from_freelist+0x135c/0x3920 [ 629.967877][T13036] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 629.994793][T13036] alloc_pages_mpol+0x1fb/0x550 [ 630.064354][T13036] alloc_pages_noprof+0x131/0x390 [ 630.110848][T13036] skb_page_frag_refill+0x186/0x5a0 [ 630.147936][T13036] try_fill_recv+0x79c/0x2690 [ 630.177676][T13036] virtnet_poll+0x1e23/0x3c00 [ 630.201205][T13036] __napi_poll.constprop.0+0xb7/0x550 [ 630.228413][T13036] net_rx_action+0xa97/0x1010 [ 630.251664][T13036] handle_softirqs+0x219/0x8e0 [ 630.277925][T13036] __irq_exit_rcu+0x109/0x170 [ 630.302298][T13036] irq_exit_rcu+0x9/0x30 [ 630.321949][T13036] common_interrupt+0xbf/0xe0 [ 630.345811][T13036] asm_common_interrupt+0x26/0x40 [ 630.369522][T13036] page last free pid 5678 tgid 5678 stack trace: [ 630.404012][T13036] __free_frozen_pages+0x69d/0xff0 [ 630.435888][T13036] __folio_put+0x329/0x450 [ 630.459098][T13036] skb_release_data+0x618/0x960 [ 630.482827][T13036] skb_attempt_defer_free+0x1b0/0x620 [ 630.510804][T13036] tcp_recvmsg_locked+0x1251/0x2880 [ 630.536426][T13036] tcp_recvmsg+0x12f/0x680 [ 630.557752][T13036] inet_recvmsg+0x12a/0x6a0 [ 630.580776][T13036] sock_recvmsg+0x1b2/0x250 [ 630.607346][T13036] sock_read_iter+0x2b9/0x3b0 [ 630.627077][T13036] vfs_read+0xaa3/0xc70 [ 630.648715][T13036] ksys_read+0x205/0x240 [ 630.670541][T13036] do_syscall_64+0xcd/0x230 [ 630.695269][T13036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.129587][T13107] netlink: 19 bytes leftover after parsing attributes in process `syz.0.1404'. [ 633.205893][T13111] CIFS: VFS: Unsupported security flags: 0x10 [ 634.252126][T13127] could not allocate digest TFM handle binfmt_misc [ 636.847467][T13187] vivid-007: ================= START STATUS ================= [ 636.884063][T13187] vivid-007: Generate PTS: true [ 636.902507][T13187] vivid-007: Generate SCR: true [ 636.935291][T13187] tpg source WxH: 640x360 (Y'CbCr) [ 636.940439][T13187] tpg field: 1 [ 636.984031][T13187] tpg crop: (0,0)/640x360 [ 636.998415][T13187] tpg compose: (0,0)/640x360 [ 637.003025][T13187] tpg colorspace: 8 [ 637.044058][T13187] tpg transfer function: 0/0 [ 637.083151][T13187] tpg Y'CbCr encoding: 0/0 [ 637.118096][T13187] tpg quantization: 0/0 [ 637.135312][T13187] tpg RGB range: 0/2 [ 637.155478][T13187] vivid-007: ================== END STATUS ================== [ 637.468931][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 637.468962][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 637.484496][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 637.484546][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 638.397386][T13226] svc: failed to register nfsdv3 RPC service (errno 111). [ 638.436057][T13226] svc: failed to register nfsaclv3 RPC service (errno 111). [ 639.699289][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 639.699317][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 639.717777][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 639.717822][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 640.288248][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 640.288289][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 640.303367][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 640.303412][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 643.425719][T13342] svc: failed to register nfsdv3 RPC service (errno 111). [ 643.509739][T13342] svc: failed to register nfsaclv3 RPC service (errno 111). [ 644.108384][T13350] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1474'. [ 645.560907][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 645.560938][ T55] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 645.579291][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 645.579339][ T55] Bluetooth: hci1: Malformed LE Event: 0x0d [ 646.814501][T13396] ceph: Failed to parse sending metrics switch value 'P^' [ 647.144233][T13396] Invalid ELF header magic: != ELF [ 649.437499][T13449] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1502'. [ 649.951554][T13461] ceph: Failed to parse sending metrics switch value 'P^' [ 650.092772][T13455] Invalid ELF header magic: != ELF [ 650.302366][T13464] Invalid ELF header magic: != ELF [ 651.266191][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 651.266222][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 651.282489][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 651.282531][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 651.783891][T13485] ceph: Failed to parse sending metrics switch value 'P^' [ 652.031372][ T55] Bluetooth: hci2: unexpected event 0x05 length: 440 > 4 [ 652.096295][T13491] Invalid ELF header magic: != ELF [ 652.339320][T13487] could not allocate digest TFM handle binfmt_misc [ 654.782726][T13550] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff88807fe00000 pfn:0x7fe00 [ 654.855811][T13550] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 655.033185][T13550] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 655.170461][T13550] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 655.250190][T13554] could not allocate digest TFM handle binfmt_misc [ 655.437982][T13550] raw: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 655.529077][T13550] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 655.726831][T13550] head: ffff88807fe00000 0000000000000000 00000008ffffffff 0000000000000000 [ 655.789572][T13550] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 655.844738][T13550] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 655.973888][T13550] page dumped because: unmovable page [ 656.058239][T13550] page_owner tracks the page as allocated [ 656.111170][T13550] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 73821280223, free_ts 73693078997 [ 656.248958][T13550] post_alloc_hook+0x181/0x1b0 [ 656.288393][T13550] get_page_from_freelist+0x135c/0x3920 [ 656.337497][T13550] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 656.394754][T13550] alloc_pages_mpol+0x1fb/0x550 [ 656.422574][T13550] alloc_pages_noprof+0x131/0x390 [ 656.457981][T13550] skb_page_frag_refill+0x186/0x5a0 [ 656.481936][T13550] try_fill_recv+0x79c/0x2690 [ 656.516347][T13550] virtnet_poll+0x1e23/0x3c00 [ 656.537147][T13550] __napi_poll.constprop.0+0xb7/0x550 [ 656.594379][T13550] net_rx_action+0xa97/0x1010 [ 656.599084][T13550] handle_softirqs+0x219/0x8e0 [ 656.637573][T13550] __irq_exit_rcu+0x109/0x170 [ 656.658439][T13550] irq_exit_rcu+0x9/0x30 [ 656.678152][T13550] common_interrupt+0xbf/0xe0 [ 656.697424][T13550] asm_common_interrupt+0x26/0x40 [ 656.726161][T13550] page last free pid 5678 tgid 5678 stack trace: [ 656.732506][T13550] __free_frozen_pages+0x69d/0xff0 [ 656.787652][T13550] __folio_put+0x329/0x450 [ 656.824088][T13550] skb_release_data+0x618/0x960 [ 656.835638][T13550] skb_attempt_defer_free+0x1b0/0x620 [ 656.859122][T13550] tcp_recvmsg_locked+0x1251/0x2880 [ 656.883594][T13550] tcp_recvmsg+0x12f/0x680 [ 656.908344][T13550] inet_recvmsg+0x12a/0x6a0 [ 656.928141][T13550] sock_recvmsg+0x1b2/0x250 [ 656.955073][T13550] sock_read_iter+0x2b9/0x3b0 [ 656.987006][T13550] vfs_read+0xaa3/0xc70 [ 657.032010][T13550] ksys_read+0x205/0x240 [ 657.061193][T13550] do_syscall_64+0xcd/0x230 [ 657.066433][T13596] could not allocate digest TFM handle binfmt_misc [ 657.078198][T13550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.367222][T13646] netlink: 'syz.2.1555': attribute type 4 has an invalid length. [ 659.540642][T13649] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1556'. [ 659.708916][T13649] bond0: (slave ): Releasing backup interface [ 659.859380][T13653] ceph: Failed to parse sending metrics switch value 'P^' [ 660.462080][T13667] Invalid ELF header magic: != ELF [ 660.483044][T13653] Invalid ELF header magic: != ELF [ 663.572413][T13716] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1578'. [ 663.584550][T13724] netlink: 'syz.0.1580': attribute type 16 has an invalid length. [ 663.592386][T13724] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1580'. [ 667.045521][T13769] FAULT_INJECTION: forcing a failure. [ 667.045521][T13769] name failslab, interval 1, probability 0, space 0, times 0 [ 667.133621][T13769] CPU: 1 UID: 0 PID: 13769 Comm: syz.3.1594 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 667.133650][T13769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 667.133662][T13769] Call Trace: [ 667.133669][T13769] [ 667.133677][T13769] dump_stack_lvl+0x16c/0x1f0 [ 667.133713][T13769] should_fail_ex+0x512/0x640 [ 667.133743][T13769] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 667.133770][T13769] should_failslab+0xc2/0x120 [ 667.133796][T13769] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 667.133820][T13769] ? kcm_create+0x11e/0x690 [ 667.133849][T13769] kcm_create+0x11e/0x690 [ 667.133877][T13769] __sock_create+0x335/0x8d0 [ 667.133914][T13769] __sys_socket+0x14d/0x260 [ 667.133931][T13769] ? __pfx___sys_socket+0x10/0x10 [ 667.133964][T13769] ? rcu_is_watching+0x12/0xc0 [ 667.133992][T13769] __x64_sys_socket+0x72/0xb0 [ 667.134008][T13769] ? lockdep_hardirqs_on+0x7c/0x110 [ 667.134037][T13769] do_syscall_64+0xcd/0x230 [ 667.134070][T13769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.134090][T13769] RIP: 0033:0x7f87c498e969 [ 667.134106][T13769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 667.134126][T13769] RSP: 002b:00007f87c589d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 667.134144][T13769] RAX: ffffffffffffffda RBX: 00007f87c4bb5fa0 RCX: 00007f87c498e969 [ 667.134158][T13769] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000029 [ 667.134170][T13769] RBP: 00007f87c4a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 667.134182][T13769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 667.134193][T13769] R13: 0000000000000000 R14: 00007f87c4bb5fa0 R15: 00007ffcf6e1a418 [ 667.134218][T13769] [ 667.840313][T13777] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1598'. [ 667.875431][T13777] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1598'. [ 667.991547][ T30] audit: type=1804 audit(6042395031.597:68): pid=13779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1597" name="/newroot/412/file0" dev="tmpfs" ino=2190 res=1 errno=0 [ 668.097859][ T30] audit: type=1800 audit(6042395031.607:69): pid=13779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1597" name="file0" dev="tmpfs" ino=2190 res=0 errno=0 [ 669.997098][T13795] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1602'. [ 670.934272][T13795] bond0: (slave bond_slave_1): Releasing backup interface [ 671.413349][T13808] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1607'. [ 672.778436][T13818] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1609'. [ 674.282792][T13851] syz.3.1621: vmalloc error: size 16384, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 674.370836][T13851] CPU: 1 UID: 0 PID: 13851 Comm: syz.3.1621 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 674.370866][T13851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 674.370878][T13851] Call Trace: [ 674.370884][T13851] [ 674.370892][T13851] dump_stack_lvl+0x16c/0x1f0 [ 674.370926][T13851] warn_alloc+0x248/0x3a0 [ 674.370952][T13851] ? __pfx_warn_alloc+0x10/0x10 [ 674.370976][T13851] ? alloc_pages_mpol+0x25a/0x550 [ 674.371003][T13851] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 674.371030][T13851] ? trace_kmalloc+0x2b/0xd0 [ 674.371065][T13851] __vmalloc_node_range_noprof+0x12d2/0x1540 [ 674.371093][T13851] ? kernel_clone+0xfc/0x960 [ 674.371129][T13851] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 674.371162][T13851] ? __memcg_slab_post_alloc_hook+0x4d0/0x940 [ 674.371195][T13851] ? rcu_is_watching+0x12/0xc0 [ 674.371216][T13851] ? kernel_clone+0xfc/0x960 [ 674.371242][T13851] __vmalloc_node_noprof+0x74/0xa0 [ 674.371262][T13851] ? kernel_clone+0xfc/0x960 [ 674.371289][T13851] copy_process+0x2ead/0x91a0 [ 674.371314][T13851] ? find_held_lock+0x2b/0x80 [ 674.371335][T13851] ? schedule+0x2d7/0x3a0 [ 674.371363][T13851] ? futex_wait_queue+0x24/0x220 [ 674.371390][T13851] ? schedule+0xf1/0x3a0 [ 674.371418][T13851] ? futex_wait_queue+0x14c/0x220 [ 674.371449][T13851] ? __pfx_copy_process+0x10/0x10 [ 674.371474][T13851] ? __pfx___futex_wait+0x10/0x10 [ 674.371507][T13851] ? __pfx_futex_wake_mark+0x10/0x10 [ 674.371547][T13851] kernel_clone+0xfc/0x960 [ 674.371575][T13851] ? __pfx_kernel_clone+0x10/0x10 [ 674.371616][T13851] __do_sys_clone+0xce/0x120 [ 674.371642][T13851] ? __pfx___do_sys_clone+0x10/0x10 [ 674.371682][T13851] ? rcu_is_watching+0x12/0xc0 [ 674.371707][T13851] do_syscall_64+0xcd/0x230 [ 674.371740][T13851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.371761][T13851] RIP: 0033:0x7f87c498e969 [ 674.371777][T13851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 674.371797][T13851] RSP: 002b:00007f87c589cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 674.371816][T13851] RAX: ffffffffffffffda RBX: 00007f87c4bb5fa0 RCX: 00007f87c498e969 [ 674.371833][T13851] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 674.371845][T13851] RBP: 00007f87c4a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 674.371858][T13851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 674.371870][T13851] R13: 0000000000000000 R14: 00007f87c4bb5fa0 R15: 00007ffcf6e1a418 [ 674.371895][T13851] [ 674.371918][T13851] Mem-Info: [ 675.041732][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 675.041763][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 675.062047][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 675.062095][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 675.567456][T13851] active_anon:44379 inactive_anon:16 isolated_anon:0 [ 675.567456][T13851] active_file:9470 inactive_file:51932 isolated_file:0 [ 675.567456][T13851] unevictable:768 dirty:371 writeback:0 [ 675.567456][T13851] slab_reclaimable:11071 slab_unreclaimable:97226 [ 675.567456][T13851] mapped:31875 shmem:20279 pagetables:1075 [ 675.567456][T13851] sec_pagetables:0 bounce:0 [ 675.567456][T13851] kernel_misc_reclaimable:0 [ 675.567456][T13851] free:1288902 free_pcp:1947 free_cma:0 [ 675.881307][T13851] Node 0 active_anon:176516kB inactive_anon:112kB active_file:37832kB inactive_file:207640kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130216kB dirty:1572kB writeback:0kB shmem:66584kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10448kB pagetables:4372kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 676.037045][T13851] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:11272kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 676.205080][T13851] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 676.354000][T13851] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 676.380201][T13851] Node 0 DMA32 free:1236128kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:168980kB inactive_anon:112kB active_file:37832kB inactive_file:205820kB unevictable:1536kB writepending:1572kB present:3129332kB managed:2544152kB mlocked:0kB bounce:0kB free_pcp:9692kB local_pcp:9692kB free_cma:0kB [ 676.507410][T13851] lowmem_reserve[]: 0 0 1 1 1 [ 676.529840][T13851] Node 0 Normal free:24kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1820kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 676.645359][T13851] lowmem_reserve[]: 0 0 0 0 0 [ 676.664481][T13851] Node 1 Normal free:3907820kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:2232kB local_pcp:2232kB free_cma:0kB [ 676.765532][T13851] lowmem_reserve[]: 0 0 0 0 0 [ 676.781368][T13851] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 676.827599][T13851] Node 0 DMA32: 1946*4kB (UME) 1479*8kB (UME) 1352*16kB (UM) 887*32kB (UME) 569*64kB (UME) 376*128kB (UME) 176*256kB (UME) 63*512kB (UME) 12*1024kB (UME) 2*2048kB (ME) 245*4096kB (ME) = 1251392kB [ 676.896100][T13851] Node 0 Normal: 6*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB [ 676.939742][T13851] Node 1 Normal: 244*4kB (UME) 51*8kB (UM) 19*16kB (UM) 206*32kB (UME) 91*64kB (UME) 28*128kB (UE) 12*256kB (UM) 8*512kB (UME) 2*1024kB (UE) 3*2048kB (UE) 946*4096kB (UM) = 3907864kB [ 677.043997][T13851] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 677.093113][T13851] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 677.129272][T13851] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 677.180895][T13851] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 677.222124][T13851] 77763 total pagecache pages [ 677.242488][T13851] 16 pages in swap cache [ 677.261743][T13851] Free swap = 124932kB [ 677.282401][T13851] Total swap = 124996kB [ 677.307052][T13851] 2097051 pages RAM [ 677.322476][T13851] 0 pages HighMem/MovableOnly [ 677.345741][T13851] 428907 pages reserved [ 677.361134][T13851] 0 pages cma reserved [ 677.644702][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 677.644729][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 677.660661][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 677.660704][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 679.075378][T13924] [U]  [ 679.078289][T13924] [U] [ 679.080984][T13924] [U] [ 679.083680][T13924] [U] [ 679.140227][T13924] [U] [ 679.142956][T13924] [U] [ 679.145651][T13924] [U] [ 679.148343][T13924] [U] [ 679.216812][T13924] [U] [ 679.219551][T13924] [U] [ 679.222256][T13924] [U] [ 679.224948][T13924] [U] [ 679.267944][T13924] [U] [ 679.270670][T13924] [U] [ 679.273364][T13924] [U] [ 679.276059][T13924] [U] [ 679.323734][T13924] [U] [ 679.326469][T13924] [U] [ 679.329178][T13924] [U] [ 679.331873][T13924] [U] [ 679.383982][T13924] [U] [ 679.386722][T13924] [U] [ 679.389429][T13924] [U] [ 679.392132][T13924] [U] [ 679.432808][T13924] [U] [ 679.435546][T13924] [U] [ 679.438240][T13924] [U] [ 679.440933][T13924] [U] [ 679.499295][T13924] [U] [ 679.502019][T13924] [U] [ 679.504711][T13924] [U] [ 679.507405][T13924] [U] [ 679.557528][T13931] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1646'. [ 679.567017][T13924] [U] [ 679.569731][T13924] [U] [ 679.572429][T13924] [U] [ 679.575152][T13924] [U] [ 679.609058][T13924] [U] [ 679.611775][T13924] [U] [ 679.614472][T13924] [U] [ 679.617197][T13924] [U] [ 679.669112][T13924] [U] [ 679.671831][T13924] [U] [ 679.674530][T13924] [U] [ 679.677270][T13924] [U] [ 679.719987][T13924] [U] [ 679.722709][T13924] [U] [ 679.725406][T13924] [U] [ 679.728105][T13924] [U] [ 679.806076][T13924] [U] [ 679.808808][T13924] [U] [ 679.811510][T13924] [U] [ 679.814205][T13924] [U] [ 679.939531][T13924] [U] [ 679.942266][T13924] [U] [ 679.944968][T13924] [U] [ 679.947670][T13924] [U] [ 680.016526][T13924] [U] [ 681.493379][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 681.493586][ T55] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 681.509925][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 681.509970][ T55] Bluetooth: hci1: Malformed LE Event: 0x0d [ 684.077844][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 684.077872][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 684.093791][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 684.093833][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 684.763799][T14015] ceph: Failed to parse sending metrics switch value 'P^' [ 684.999869][T14015] Invalid ELF header magic: != ELF [ 685.657241][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 685.657283][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 685.672738][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 685.672802][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 687.708154][T14055] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1684'. [ 689.908050][T14073] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1691'. [ 690.459556][T14079] ceph: Failed to parse sending metrics switch value 'P^' [ 690.701063][T14079] Invalid ELF header magic: != ELF [ 690.833969][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.845084][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.495106][T14091] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1697'. [ 692.043822][T14094] mkiss: ax0: crc mode is auto. [ 694.883498][T14145] ceph: Failed to parse sending metrics switch value 'P^' [ 695.155119][T14145] Invalid ELF header magic: != ELF [ 699.399581][T14214] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1727'. [ 699.624553][T14198] kexec: Could not allocate control_code_buffer [ 700.117132][T14227] FAULT_INJECTION: forcing a failure. [ 700.117132][T14227] name failslab, interval 1, probability 0, space 0, times 0 [ 700.195016][T14227] CPU: 1 UID: 5 PID: 14227 Comm: syz.1.1730 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 700.195050][T14227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 700.195062][T14227] Call Trace: [ 700.195068][T14227] [ 700.195076][T14227] dump_stack_lvl+0x16c/0x1f0 [ 700.195111][T14227] should_fail_ex+0x512/0x640 [ 700.195142][T14227] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 700.195169][T14227] should_failslab+0xc2/0x120 [ 700.195195][T14227] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 700.195220][T14227] ? __d_alloc+0x31/0xaa0 [ 700.195244][T14227] __d_alloc+0x31/0xaa0 [ 700.195269][T14227] d_alloc_pseudo+0x1c/0xc0 [ 700.195296][T14227] alloc_file_pseudo+0xcf/0x230 [ 700.195324][T14227] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 700.195352][T14227] ? alloc_fd+0x471/0x7d0 [ 700.195373][T14227] __anon_inode_getfile+0xf7/0x370 [ 700.195410][T14227] anon_inode_getfile_fmode+0x37/0xa0 [ 700.195444][T14227] __do_sys_fanotify_init+0x8e3/0xb80 [ 700.195474][T14227] do_syscall_64+0xcd/0x230 [ 700.195507][T14227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 700.195527][T14227] RIP: 0033:0x7f76dad8e969 [ 700.195542][T14227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 700.195562][T14227] RSP: 002b:00007f76dbc8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 700.195582][T14227] RAX: ffffffffffffffda RBX: 00007f76dafb5fa0 RCX: 00007f76dad8e969 [ 700.195596][T14227] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000200 [ 700.195607][T14227] RBP: 00007f76dae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 700.195619][T14227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 700.195631][T14227] R13: 0000000000000000 R14: 00007f76dafb5fa0 R15: 00007ffcf20c1138 [ 700.195656][T14227] [ 700.709886][T14218] could not allocate digest TFM handle binfmt_misc [ 702.536540][T14259] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1738'. [ 703.978013][T14287] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 704.709623][T14303] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1750'. [ 704.848942][T14305] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1751'. [ 704.953950][T14308] FAULT_INJECTION: forcing a failure. [ 704.953950][T14308] name failslab, interval 1, probability 0, space 0, times 0 [ 705.084849][T14308] CPU: 1 UID: 0 PID: 14308 Comm: syz.1.1752 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 705.084883][T14308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 705.084897][T14308] Call Trace: [ 705.084905][T14308] [ 705.084914][T14308] dump_stack_lvl+0x16c/0x1f0 [ 705.084955][T14308] should_fail_ex+0x512/0x640 [ 705.084990][T14308] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 705.085017][T14308] should_failslab+0xc2/0x120 [ 705.085048][T14308] __kmalloc_cache_noprof+0x6a/0x3e0 [ 705.085084][T14308] ? sctp_endpoint_new+0x11f/0xcd0 [ 705.085106][T14308] ? kasan_save_track+0x14/0x30 [ 705.085134][T14308] sctp_endpoint_new+0x11f/0xcd0 [ 705.085160][T14308] sctp_init_sock+0xe2d/0x1330 [ 705.085195][T14308] ? sock_init_data_uid+0x7f6/0xa00 [ 705.085216][T14308] ? __pfx_sctp_init_sock+0x10/0x10 [ 705.085253][T14308] inet_create+0x936/0x1090 [ 705.085288][T14308] ? inet_create+0x93/0x1090 [ 705.085326][T14308] __sock_create+0x335/0x8d0 [ 705.085367][T14308] __sys_socket+0x14d/0x260 [ 705.085387][T14308] ? __pfx___sys_socket+0x10/0x10 [ 705.085424][T14308] ? rcu_is_watching+0x12/0xc0 [ 705.085451][T14308] __x64_sys_socket+0x72/0xb0 [ 705.085470][T14308] ? lockdep_hardirqs_on+0x7c/0x110 [ 705.085503][T14308] do_syscall_64+0xcd/0x230 [ 705.085541][T14308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.085578][T14308] RIP: 0033:0x7f76dad8e969 [ 705.085596][T14308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 705.085619][T14308] RSP: 002b:00007f76dbc8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 705.085641][T14308] RAX: ffffffffffffffda RBX: 00007f76dafb5fa0 RCX: 00007f76dad8e969 [ 705.085656][T14308] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000002 [ 705.085670][T14308] RBP: 00007f76dae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 705.085683][T14308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 705.085697][T14308] R13: 0000000000000000 R14: 00007f76dafb5fa0 R15: 00007ffcf20c1138 [ 705.085730][T14308] [ 705.831035][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 705.831063][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 705.848722][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 705.848765][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 706.545428][T14327] netlink: 294 bytes leftover after parsing attributes in process `syz.0.1756'. [ 708.625168][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 708.625195][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 708.641416][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 708.641459][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 708.659132][T14355] sctp: [Deprecated]: syz.1.1765 (pid 14355) Use of int in maxseg socket option. [ 708.659132][T14355] Use struct sctp_assoc_value instead [ 709.473304][T14364] Invalid ELF header magic: != ELF [ 709.686110][T14383] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 710.112379][T14382] Invalid ELF header magic: != ELF [ 713.548985][T14443] syz.1.1785: vmalloc error: size 12288, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 713.549083][T14443] CPU: 1 UID: 0 PID: 14443 Comm: syz.1.1785 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 713.549109][T14443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 713.549121][T14443] Call Trace: [ 713.549134][T14443] [ 713.549141][T14443] dump_stack_lvl+0x16c/0x1f0 [ 713.549175][T14443] warn_alloc+0x248/0x3a0 [ 713.549200][T14443] ? __pfx_warn_alloc+0x10/0x10 [ 713.549225][T14443] ? alloc_pages_mpol+0x25a/0x550 [ 713.549251][T14443] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 713.549278][T14443] ? trace_kmalloc+0x2b/0xd0 [ 713.549313][T14443] __vmalloc_node_range_noprof+0x12d2/0x1540 [ 713.549341][T14443] ? kernel_clone+0xfc/0x960 [ 713.549373][T14443] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 713.549406][T14443] ? __memcg_slab_post_alloc_hook+0x4d0/0x940 [ 713.549439][T14443] ? rcu_is_watching+0x12/0xc0 [ 713.549459][T14443] ? kernel_clone+0xfc/0x960 [ 713.549484][T14443] __vmalloc_node_noprof+0x74/0xa0 [ 713.549503][T14443] ? kernel_clone+0xfc/0x960 [ 713.549530][T14443] copy_process+0x2ead/0x91a0 [ 713.549556][T14443] ? trace_pid_list_is_set+0x100/0x150 [ 713.549580][T14443] ? trace_ignore_this_task+0xc3/0x100 [ 713.549609][T14443] ? event_filter_pid_sched_wakeup_probe_post+0x103/0x270 [ 713.549637][T14443] ? preempt_schedule_thunk+0x16/0x30 [ 713.549676][T14443] ? __pfx_copy_process+0x10/0x10 [ 713.549704][T14443] ? try_to_wake_up+0xa2f/0x1680 [ 713.549725][T14443] ? __pfx_try_to_wake_up+0x10/0x10 [ 713.549745][T14443] ? plist_check_head+0xa3/0x150 [ 713.549768][T14443] ? find_held_lock+0x2b/0x80 [ 713.549791][T14443] ? wake_up_q+0xb0/0x160 [ 713.549808][T14443] ? do_raw_spin_unlock+0x172/0x230 [ 713.549843][T14443] kernel_clone+0xfc/0x960 [ 713.549872][T14443] ? __pfx_futex_wake+0x10/0x10 [ 713.549897][T14443] ? __pfx_kernel_clone+0x10/0x10 [ 713.549922][T14443] ? __pfx_vfs_writev+0x10/0x10 [ 713.549953][T14443] __do_sys_clone+0xce/0x120 [ 713.549978][T14443] ? __pfx___do_sys_clone+0x10/0x10 [ 713.550017][T14443] ? rcu_is_watching+0x12/0xc0 [ 713.550042][T14443] do_syscall_64+0xcd/0x230 [ 713.550075][T14443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.550095][T14443] RIP: 0033:0x7f76dad8e969 [ 713.550110][T14443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 713.550140][T14443] RSP: 002b:00007f76dbc8efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 713.550158][T14443] RAX: ffffffffffffffda RBX: 00007f76dafb5fa0 RCX: 00007f76dad8e969 [ 713.550171][T14443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 713.550183][T14443] RBP: 00007f76dae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 713.550196][T14443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 713.550208][T14443] R13: 0000000000000000 R14: 00007f76dafb5fa0 R15: 00007ffcf20c1138 [ 713.550233][T14443] [ 713.573437][T14443] Mem-Info: [ 713.573447][T14443] active_anon:44510 inactive_anon:16 isolated_anon:0 [ 713.573447][T14443] active_file:9448 inactive_file:51976 isolated_file:0 [ 713.573447][T14443] unevictable:768 dirty:430 writeback:0 [ 713.573447][T14443] slab_reclaimable:11290 slab_unreclaimable:97194 [ 713.573447][T14443] mapped:33908 shmem:19320 pagetables:1134 [ 713.573447][T14443] sec_pagetables:0 bounce:0 [ 713.573447][T14443] kernel_misc_reclaimable:0 [ 713.573447][T14443] free:1287618 free_pcp:2431 free_cma:0 [ 713.573501][T14443] Node 0 active_anon:178040kB inactive_anon:64kB active_file:37792kB inactive_file:207768kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:135632kB dirty:1716kB writeback:0kB shmem:66008kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10704kB pagetables:4536kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 713.573557][T14443] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:11272kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 713.573609][T14443] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 713.573663][T14443] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 713.573701][T14443] Node 0 DMA32 free:1224988kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:177992kB inactive_anon:64kB active_file:37792kB inactive_file:205948kB unevictable:1536kB writepending:1716kB present:3129332kB managed:2544152kB mlocked:0kB bounce:0kB free_pcp:9708kB local_pcp:9708kB free_cma:0kB [ 713.573758][T14443] lowmem_reserve[]: 0 0 1 1 1 [ 713.573793][T14443] Node 0 Normal free:24kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1820kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 713.573846][T14443] lowmem_reserve[]: 0 0 0 0 0 [ 713.573881][T14443] Node 1 Normal free:3910100kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 713.573936][T14443] lowmem_reserve[]: 0 0 0 0 0 [ 713.573970][T14443] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 713.574089][T14443] Node 0 DMA32: 2285*4kB (UME) 1057*8kB (UME) 1444*16kB (UME) 1265*32kB (UME) 818*64kB (UME) 411*128kB (UME) 132*256kB (UM) 39*512kB (UM) 4*1024kB (UME) 3*2048kB (ME) 238*4096kB (UM) = 1224988kB [ 713.574261][T14443] Node 0 Normal: 6*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB [ 713.574370][T14443] Node 1 Normal: 243*4kB (UME) 53*8kB (UME) 38*16kB (UME) 208*32kB (UME) 90*64kB (UME) 29*128kB (UME) 13*256kB (UM) 9*512kB (UME) 3*1024kB (UME) 3*2048kB (UE) 946*4096kB (UM) = 3910100kB [ 713.574537][T14443] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 713.574553][T14443] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 713.574569][T14443] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 713.574585][T14443] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 713.574601][T14443] 80756 total pagecache pages [ 713.574609][T14443] 16 pages in swap cache [ 713.574616][T14443] Free swap = 124932kB [ 713.574623][T14443] Total swap = 124996kB [ 713.574630][T14443] 2097051 pages RAM [ 713.574637][T14443] 0 pages HighMem/MovableOnly [ 713.574644][T14443] 428907 pages reserved [ 713.574651][T14443] 0 pages cma reserved [ 716.395308][T14445] tty tty12: ldisc open failed (-12), clearing slot 11 [ 716.644759][T14476] delete_channel: no stack [ 719.293911][T14516] ceph: Failed to parse sending metrics switch value 'P^' [ 719.683546][T14516] Invalid ELF header magic: != ELF [ 722.436721][T14559] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1817'. [ 723.783803][T14578] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1822'. [ 723.902259][T14584] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1822'. [ 723.931429][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 723.931458][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 723.950007][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 723.950052][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 724.423960][T14588] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 724.670240][T14594] ceph: Failed to parse sending metrics switch value 'P^' [ 725.103193][T14594] Invalid ELF header magic: != ELF [ 726.492143][T14610] FAULT_INJECTION: forcing a failure. [ 726.492143][T14610] name failslab, interval 1, probability 0, space 0, times 0 [ 726.541195][T14610] CPU: 1 UID: 0 PID: 14610 Comm: syz.1.1831 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 726.541228][T14610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 726.541240][T14610] Call Trace: [ 726.541247][T14610] [ 726.541254][T14610] dump_stack_lvl+0x16c/0x1f0 [ 726.541289][T14610] should_fail_ex+0x512/0x640 [ 726.541319][T14610] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 726.541346][T14610] should_failslab+0xc2/0x120 [ 726.541372][T14610] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 726.541396][T14610] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 726.541428][T14610] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 726.541460][T14610] idr_get_free+0x528/0xa30 [ 726.541498][T14610] idr_alloc_u32+0x190/0x2f0 [ 726.541528][T14610] ? __pfx_idr_alloc_u32+0x10/0x10 [ 726.541559][T14610] ? __pfx___mutex_lock+0x10/0x10 [ 726.541596][T14610] idr_alloc+0xc0/0x130 [ 726.541623][T14610] ? __pfx_idr_alloc+0x10/0x10 [ 726.541650][T14610] ? __radix_tree_lookup+0x21f/0x2c0 [ 726.541683][T14610] ppp_dev_configure+0x905/0xc80 [ 726.541716][T14610] ppp_ioctl+0x17e0/0x2660 [ 726.541745][T14610] ? find_held_lock+0x2b/0x80 [ 726.541764][T14610] ? __pfx_ppp_ioctl+0x10/0x10 [ 726.541796][T14610] ? __fget_files+0x20e/0x3c0 [ 726.541818][T14610] ? __pfx_ppp_ioctl+0x10/0x10 [ 726.541846][T14610] __x64_sys_ioctl+0x193/0x200 [ 726.541876][T14610] do_syscall_64+0xcd/0x230 [ 726.541910][T14610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.541930][T14610] RIP: 0033:0x7f76dad8e969 [ 726.541946][T14610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 726.541965][T14610] RSP: 002b:00007f76dbc8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 726.541984][T14610] RAX: ffffffffffffffda RBX: 00007f76dafb5fa0 RCX: 00007f76dad8e969 [ 726.541997][T14610] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000003 [ 726.542009][T14610] RBP: 00007f76dae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 726.542021][T14610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 726.542033][T14610] R13: 0000000000000000 R14: 00007f76dafb5fa0 R15: 00007ffcf20c1138 [ 726.542059][T14610] [ 726.760970][ C1] vkms_vblank_simulate: vblank timer overrun [ 726.903964][T14615] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1833'. [ 728.850079][T14638] Invalid ELF header magic: != ELF [ 729.221725][T14658] netlink: 246 bytes leftover after parsing attributes in process `syz.2.1845'. [ 729.443226][T14661] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1846'. [ 729.723961][T14666] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 730.097819][T14672] netlink: 'syz.0.1850': attribute type 5 has an invalid length. [ 730.181142][T14676] netlink: 'syz.0.1850': attribute type 5 has an invalid length. [ 730.274460][T14672] netlink: 'syz.0.1850': attribute type 1 has an invalid length. [ 730.354079][T14676] netlink: 'syz.0.1850': attribute type 1 has an invalid length. [ 730.416994][T14672] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1850'. [ 730.501059][T14676] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1850'. [ 731.130244][T14689] Invalid ELF header magic: != ELF [ 733.204511][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 733.204541][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 733.219577][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 733.219640][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 734.150063][T14746] Invalid ELF header magic: != ELF [ 734.446792][T14754] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1871'. [ 734.909042][T14760] netlink: 'syz.0.1873': attribute type 4 has an invalid length. [ 734.962147][T14760] netlink: 'syz.0.1873': attribute type 5 has an invalid length. [ 735.017342][T14760] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1873'. [ 735.683858][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 735.683889][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 735.699016][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 735.699059][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 736.995862][T14793] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1883'. [ 737.210436][T14799] Invalid ELF header magic: != ELF [ 738.185976][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 738.186004][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 738.201397][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 738.201445][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 740.667145][T14845] FAULT_INJECTION: forcing a failure. [ 740.667145][T14845] name fail_futex, interval 1, probability 0, space 0, times 0 [ 740.853960][T14845] CPU: 1 UID: 0 PID: 14845 Comm: syz.1.1898 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 740.853991][T14845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 740.854003][T14845] Call Trace: [ 740.854010][T14845] [ 740.854018][T14845] dump_stack_lvl+0x16c/0x1f0 [ 740.854054][T14845] should_fail_ex+0x512/0x640 [ 740.854088][T14845] get_futex_key+0x49e/0x1000 [ 740.854112][T14845] ? __pfx_get_futex_key+0x10/0x10 [ 740.854132][T14845] ? __lock_acquire+0xaa4/0x1ba0 [ 740.854167][T14845] futex_wake+0xe7/0x4e0 [ 740.854194][T14845] ? __pfx_futex_wake+0x10/0x10 [ 740.854224][T14845] ? find_held_lock+0x2b/0x80 [ 740.854243][T14845] ? sctp_inet_listen+0x18c/0xaf0 [ 740.854276][T14845] do_futex+0x1e3/0x350 [ 740.854299][T14845] ? __pfx_do_futex+0x10/0x10 [ 740.854322][T14845] ? __pfx_sctp_inet_listen+0x10/0x10 [ 740.854349][T14845] __x64_sys_futex+0x1e0/0x4c0 [ 740.854373][T14845] ? __fget_files+0x20e/0x3c0 [ 740.854392][T14845] ? __pfx___x64_sys_futex+0x10/0x10 [ 740.854424][T14845] do_syscall_64+0xcd/0x230 [ 740.854458][T14845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.854478][T14845] RIP: 0033:0x7f76dad8e969 [ 740.854494][T14845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 740.854514][T14845] RSP: 002b:00007f76dbc8f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 740.854533][T14845] RAX: ffffffffffffffda RBX: 00007f76dafb5fa8 RCX: 00007f76dad8e969 [ 740.854546][T14845] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f76dafb5fac [ 740.854558][T14845] RBP: 00007f76dafb5fa0 R08: 00007f76dbc90000 R09: 0000000000000000 [ 740.854571][T14845] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f76dafb5fac [ 740.854583][T14845] R13: 0000000000000000 R14: 00007ffcf20c1050 R15: 00007ffcf20c1138 [ 740.854607][T14845] [ 741.048722][ C1] vkms_vblank_simulate: vblank timer overrun [ 741.624129][T14854] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1901'. [ 742.417308][T14865] Invalid ELF header magic: != ELF [ 742.673065][T14850] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 743.806628][T14891] ceph: Failed to parse sending metrics switch value 'P^' [ 744.579642][T14891] Invalid ELF header magic: != ELF [ 745.481267][T14912] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1914'. [ 745.732286][T14900] kexec: Could not allocate control_code_buffer [ 745.767294][T14916] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1916'. [ 746.380116][T14925] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 746.878768][T14924] tty tty12: ldisc open failed (-12), clearing slot 11 [ 747.459020][T14935] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 747.567402][T14937] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1922'. [ 748.065299][T14946] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1925'. [ 749.088097][T14967] Invalid ELF header magic: != ELF [ 749.304811][T14971] FAULT_INJECTION: forcing a failure. [ 749.304811][T14971] name failslab, interval 1, probability 0, space 0, times 0 [ 749.434645][T14971] CPU: 1 UID: 0 PID: 14971 Comm: syz.3.1931 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 749.434675][T14971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 749.434704][T14971] Call Trace: [ 749.434712][T14971] [ 749.434720][T14971] dump_stack_lvl+0x16c/0x1f0 [ 749.434758][T14971] should_fail_ex+0x512/0x640 [ 749.434791][T14971] ? __kmalloc_noprof+0xbf/0x510 [ 749.434817][T14971] ? lsm_blob_alloc+0x68/0x90 [ 749.434836][T14971] should_failslab+0xc2/0x120 [ 749.434863][T14971] __kmalloc_noprof+0xd2/0x510 [ 749.434894][T14971] lsm_blob_alloc+0x68/0x90 [ 749.434915][T14971] security_sk_alloc+0x30/0x270 [ 749.434941][T14971] sk_prot_alloc+0x1c7/0x2a0 [ 749.434976][T14971] sk_alloc+0x36/0xc20 [ 749.435002][T14971] __netlink_create+0x5e/0x2c0 [ 749.435030][T14971] __netlink_kernel_create+0xed/0x750 [ 749.435061][T14971] ? __pfx___netlink_kernel_create+0x10/0x10 [ 749.435107][T14971] ? __pfx_crypto_netlink_init+0x10/0x10 [ 749.435138][T14971] crypto_netlink_init+0xb7/0x140 [ 749.435168][T14971] ? cpus_read_unlock+0x83/0x150 [ 749.435190][T14971] ? __pfx_crypto_netlink_init+0x10/0x10 [ 749.435220][T14971] ? __nf_register_net_hook+0x371/0x730 [ 749.435243][T14971] ? __pfx_crypto_netlink_rcv+0x10/0x10 [ 749.435275][T14971] ? nf_register_net_hook+0x117/0x160 [ 749.435297][T14971] ? nf_register_net_hooks+0xb1/0xd0 [ 749.435322][T14971] ops_init+0x1df/0x5f0 [ 749.435350][T14971] setup_net+0x21e/0x850 [ 749.435379][T14971] ? __pfx_setup_net+0x10/0x10 [ 749.435403][T14971] ? lockdep_init_map_type+0x5c/0x280 [ 749.435431][T14971] ? __pfx_down_read_killable+0x10/0x10 [ 749.435455][T14971] ? debug_mutex_init+0x37/0x70 [ 749.435476][T14971] copy_net_ns+0x2a6/0x5f0 [ 749.435507][T14971] create_new_namespaces+0x3ea/0xad0 [ 749.435536][T14971] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 749.435562][T14971] ksys_unshare+0x45b/0xa40 [ 749.435591][T14971] ? __pfx_ksys_unshare+0x10/0x10 [ 749.435617][T14971] ? xfd_validate_state+0x5d/0x180 [ 749.435644][T14971] ? rcu_is_watching+0x12/0xc0 [ 749.435670][T14971] __x64_sys_unshare+0x31/0x40 [ 749.435698][T14971] do_syscall_64+0xcd/0x230 [ 749.435732][T14971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.435752][T14971] RIP: 0033:0x7f87c498e969 [ 749.435768][T14971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 749.435788][T14971] RSP: 002b:00007f87c589d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 749.435808][T14971] RAX: ffffffffffffffda RBX: 00007f87c4bb5fa0 RCX: 00007f87c498e969 [ 749.435821][T14971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 749.435834][T14971] RBP: 00007f87c4a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 749.435846][T14971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 749.435858][T14971] R13: 0000000000000000 R14: 00007f87c4bb5fa0 R15: 00007ffcf6e1a418 [ 749.435884][T14971] [ 749.730479][ C1] vkms_vblank_simulate: vblank timer overrun [ 751.130103][T14984] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 751.569316][T14990] Invalid ELF header magic: != ELF [ 751.658498][ C1] sd 0:0:1:0: [sda] tag#3525 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 751.668964][ C1] sd 0:0:1:0: [sda] tag#3525 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00 [ 752.257496][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.264081][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 754.636592][T15025] blktrace: Concurrent blktraces are not allowed on mtdblock0 [ 755.740110][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 755.740160][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 755.755374][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 755.755418][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 757.097873][T15072] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1955'. [ 759.203256][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 759.203287][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 759.218309][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 759.218353][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 765.503439][T15176] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1980'. [ 765.596100][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 765.596151][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 765.612443][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 765.612486][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 767.736171][T15208] random: crng reseeded on system resumption [ 768.008677][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 768.008705][ T55] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 768.023885][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 768.023927][ T55] Bluetooth: hci1: Malformed LE Event: 0x0d [ 771.046846][T15251] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1997'. [ 771.368928][T15251] : renamed from bond0 (while UP) [ 773.483674][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 773.483701][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 773.498503][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 773.498546][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 774.258609][T15283] Invalid ELF header magic: != ELF [ 775.698579][T15304] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2009'. [ 777.059490][T15334] netlink: 50 bytes leftover after parsing attributes in process `syz.2.2016'. [ 777.839097][T15344] Invalid ELF header magic: != ELF [ 778.567332][T15339] kexec: Could not allocate control_code_buffer [ 780.941347][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 780.941401][ T55] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 780.956478][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 780.956528][ T55] Bluetooth: hci1: Malformed LE Event: 0x0d [ 781.347734][T15398] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2029'. [ 781.388020][T15399] sctp: [Deprecated]: syz.2.2030 (pid 15399) Use of int in maxseg socket option. [ 781.388020][T15399] Use struct sctp_assoc_value instead [ 781.581653][T15398] : renamed from bond0 (while UP) [ 781.937484][T15411] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 783.245198][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 783.245226][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 783.260679][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 783.260725][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 783.423133][T15432] Invalid ELF header magic: != ELF [ 784.830832][T15452] Process accounting resumed [ 785.441463][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 785.441493][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 785.458743][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 785.458787][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 789.808422][T15512] FAULT_INJECTION: forcing a failure. [ 789.808422][T15512] name failslab, interval 1, probability 0, space 0, times 0 [ 789.821465][T15512] CPU: 1 UID: 0 PID: 15512 Comm: syz.1.2056 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 789.821491][T15512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 789.821504][T15512] Call Trace: [ 789.821512][T15512] [ 789.821519][T15512] dump_stack_lvl+0x116/0x1f0 [ 789.821553][T15512] should_fail_ex+0x512/0x640 [ 789.821588][T15512] should_failslab+0xc2/0x120 [ 789.821614][T15512] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 789.821639][T15512] ? __send_signal_locked+0x159/0x12c0 [ 789.821674][T15512] ? sig_get_ucounts+0x1c0/0x5b0 [ 789.821705][T15512] __send_signal_locked+0x159/0x12c0 [ 789.821744][T15512] group_send_sig_info+0x2a4/0x300 [ 789.821771][T15512] ? __pfx_group_send_sig_info+0x10/0x10 [ 789.821803][T15512] ? kill_pid_info_type+0x1a/0x2a0 [ 789.821827][T15512] kill_pid_info_type+0x92/0x2a0 [ 789.821855][T15512] kill_proc_info+0x6f/0x1b0 [ 789.821886][T15512] kill_something_info+0x2a2/0x310 [ 789.821911][T15512] ? __task_pid_nr_ns+0x186/0x500 [ 789.821944][T15512] __x64_sys_kill+0xd7/0x140 [ 789.821971][T15512] ? __pfx___x64_sys_kill+0x10/0x10 [ 789.821997][T15512] ? xfd_validate_state+0x5d/0x180 [ 789.822023][T15512] ? rcu_is_watching+0x12/0xc0 [ 789.822045][T15512] do_syscall_64+0xcd/0x230 [ 789.822078][T15512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.822099][T15512] RIP: 0033:0x7f76dad8e969 [ 789.822114][T15512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 789.822134][T15512] RSP: 002b:00007f76dbc8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000003e [ 789.822153][T15512] RAX: ffffffffffffffda RBX: 00007f76dafb5fa0 RCX: 00007f76dad8e969 [ 789.822166][T15512] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 00000000000007ac [ 789.822179][T15512] RBP: 00007f76dae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 789.822191][T15512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 789.822203][T15512] R13: 0000000000000000 R14: 00007f76dafb5fa0 R15: 00007ffcf20c1138 [ 789.822228][T15512] [ 792.103583][T15545] Invalid ELF header magic: != ELF [ 793.852657][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 793.852686][ T55] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 793.869453][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 793.869497][ T55] Bluetooth: hci1: Malformed LE Event: 0x0d [ 794.546815][T15573] zram0: detected capacity change from 0 to 8 [ 795.578357][T15589] ima: policy update failed [ 795.615196][T15586] Invalid ELF header magic: != ELF [ 795.626422][ T30] audit: type=1802 audit(4294967451.217:70): pid=15589 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2072" res=0 errno=0 [ 795.654624][T15589] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2072'. [ 796.009623][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 796.009651][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 796.030534][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 796.030579][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 798.552693][T15635] netlink: 50 bytes leftover after parsing attributes in process `syz.3.2083'. [ 801.210657][ T30] audit: type=1800 audit(4294967456.807:71): pid=15668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2089" name="dummy_udc" dev="gadgetfs" ino=6266 res=0 errno=0 [ 802.845192][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 802.845219][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 802.860043][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 802.860085][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 805.779158][T15737] Invalid ELF header magic: != ELF [ 805.869841][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 805.869869][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 805.885362][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 805.885404][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 809.172546][T15787] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2113'. [ 809.232050][T15794] Invalid ELF header magic: != ELF [ 809.321243][T15787] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 809.334527][T15793] Invalid ELF header magic: != ELF [ 809.501490][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807da3a800: rx timeout, send abort [ 809.509806][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807da3bc00: rx timeout, send abort [ 809.518181][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807da3a800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 809.533837][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807da3bc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 810.000043][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 810.000071][ T55] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 810.015391][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 810.015439][ T55] Bluetooth: hci1: Malformed LE Event: 0x0d [ 811.027745][ T55] Bluetooth: hci1: unexpected event 0x12 length: 11 > 8 [ 812.007913][T15852] Invalid ELF header magic: != ELF [ 812.656300][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 812.656332][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 812.671142][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 812.671183][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 813.151050][T15876] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2131'. [ 813.373703][T15876] hsr_slave_0: left promiscuous mode [ 813.418875][T15876] hsr_slave_1: left promiscuous mode [ 813.701043][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.708110][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 815.292459][T15905] random: crng reseeded on system resumption [ 815.550859][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 815.550886][ T55] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 815.567359][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 815.567403][ T55] Bluetooth: hci1: Malformed LE Event: 0x0d [ 816.382685][T15923] netlink: 346 bytes leftover after parsing attributes in process `syz.1.2137'. [ 816.951197][T15933] can: request_module (can-proto-3) failed. [ 817.200489][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 817.200517][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 817.216271][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 817.216320][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 817.880867][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 817.880903][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 817.895914][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 817.895955][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 820.267242][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 820.267272][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 820.282341][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 820.282385][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 821.025179][T15988] Invalid ELF header magic: != ELF [ 821.033830][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 821.033855][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 821.049882][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 821.049925][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 823.407673][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 823.407700][ T55] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 823.424776][ T55] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 823.424820][ T55] Bluetooth: hci1: Malformed LE Event: 0x0d [ 826.010352][T16060] FAULT_INJECTION: forcing a failure. [ 826.010352][T16060] name failslab, interval 1, probability 0, space 0, times 0 [ 826.083843][T16060] CPU: 1 UID: 0 PID: 16060 Comm: syz.1.2172 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 826.083873][T16060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 826.083885][T16060] Call Trace: [ 826.083892][T16060] [ 826.083900][T16060] dump_stack_lvl+0x16c/0x1f0 [ 826.083935][T16060] should_fail_ex+0x512/0x640 [ 826.083965][T16060] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 826.083991][T16060] should_failslab+0xc2/0x120 [ 826.084017][T16060] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 826.084041][T16060] ? __kernfs_new_node+0xd2/0x8a0 [ 826.084063][T16060] __kernfs_new_node+0xd2/0x8a0 [ 826.084080][T16060] ? usbduxsigma_ai_cmdtest+0x1a9/0x6f0 [ 826.084114][T16060] ? __pfx___kernfs_new_node+0x10/0x10 [ 826.084140][T16060] ? find_held_lock+0x2b/0x80 [ 826.084161][T16060] ? kernfs_root+0xee/0x2a0 [ 826.084185][T16060] kernfs_new_node+0x13c/0x1e0 [ 826.084209][T16060] ? net_ns_get_ownership+0xf8/0x1b0 [ 826.084237][T16060] kernfs_create_dir_ns+0x4c/0x1a0 [ 826.084263][T16060] sysfs_create_dir_ns+0x13a/0x2b0 [ 826.084296][T16060] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 826.084333][T16060] ? find_held_lock+0x2b/0x80 [ 826.084355][T16060] ? net_namespace+0x12/0x50 [ 826.084382][T16060] ? device_namespace+0x76/0xa0 [ 826.084411][T16060] kobject_add_internal+0x2c4/0x9b0 [ 826.084435][T16060] kobject_add+0x16e/0x240 [ 826.084454][T16060] ? __pfx_kobject_add+0x10/0x10 [ 826.084474][T16060] ? get_device_parent+0x1c5/0x4e0 [ 826.084500][T16060] ? kobject_put+0xab/0x5a0 [ 826.084526][T16060] device_add+0x288/0x1a70 [ 826.084554][T16060] ? __pfx_dev_set_name+0x10/0x10 [ 826.084586][T16060] ? __pfx_device_add+0x10/0x10 [ 826.084614][T16060] ? lockdep_init_map_type+0x5c/0x280 [ 826.084643][T16060] ? __init_waitqueue_head+0xca/0x150 [ 826.084667][T16060] netdev_register_kobject+0x182/0x3a0 [ 826.084699][T16060] register_netdevice+0x13dc/0x2270 [ 826.084731][T16060] ? __pfx_register_netdevice+0x10/0x10 [ 826.084760][T16060] ? alloc_netdev_mqs+0xe7e/0x1570 [ 826.084788][T16060] ? __pfx_loopback_net_init+0x10/0x10 [ 826.084815][T16060] register_netdev+0x34/0x50 [ 826.084841][T16060] loopback_net_init+0x7a/0x170 [ 826.084873][T16060] ? __pfx_loopback_net_init+0x10/0x10 [ 826.084898][T16060] ops_init+0x1df/0x5f0 [ 826.084927][T16060] setup_net+0x21e/0x850 [ 826.084955][T16060] ? __pfx_setup_net+0x10/0x10 [ 826.084981][T16060] ? lockdep_init_map_type+0x5c/0x280 [ 826.085008][T16060] ? __pfx_down_read_killable+0x10/0x10 [ 826.085032][T16060] ? debug_mutex_init+0x37/0x70 [ 826.085053][T16060] copy_net_ns+0x2a6/0x5f0 [ 826.085084][T16060] create_new_namespaces+0x3ea/0xad0 [ 826.085113][T16060] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 826.085139][T16060] ksys_unshare+0x45b/0xa40 [ 826.085167][T16060] ? __pfx_ksys_unshare+0x10/0x10 [ 826.085193][T16060] ? xfd_validate_state+0x5d/0x180 [ 826.085214][T16060] ? rcu_is_watching+0x12/0xc0 [ 826.085239][T16060] __x64_sys_unshare+0x31/0x40 [ 826.085266][T16060] do_syscall_64+0xcd/0x230 [ 826.085300][T16060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 826.085327][T16060] RIP: 0033:0x7f76dad8e969 [ 826.085343][T16060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 826.085362][T16060] RSP: 002b:00007f76dbc8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 826.085382][T16060] RAX: ffffffffffffffda RBX: 00007f76dafb5fa0 RCX: 00007f76dad8e969 [ 826.085395][T16060] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 826.085407][T16060] RBP: 00007f76dae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 826.085419][T16060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 826.085432][T16060] R13: 0000000000000000 R14: 00007f76dafb5fa0 R15: 00007ffcf20c1138 [ 826.085457][T16060] [ 826.473700][T16060] kobject: kobject_add_internal failed for lo (error: -12 parent: net) [ 826.538315][T16068] kexec: Could not allocate control_code_buffer [ 826.856546][ T55] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 826.856577][ T55] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 826.877575][ T55] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 826.877621][ T55] Bluetooth: hci3: Malformed LE Event: 0x0d [ 827.174019][T16084] ceph: Failed to parse sending metrics switch value 'P^' [ 827.467659][T16087] Invalid ELF header magic: != ELF [ 828.306135][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 828.306197][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 828.323643][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 828.323688][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 828.689039][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 828.689066][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 828.706238][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 828.706290][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 831.002229][T16148] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2191'. [ 836.148934][ T55] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 836.499765][T16253] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations! [ 836.562486][T16255] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 837.661067][T16274] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 838.126060][T16246] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 838.126091][T16246] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 838.142788][T16246] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 838.142832][T16246] Bluetooth: hci0: Malformed LE Event: 0x0d [ 840.609549][T16325] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 841.589955][T16340] random: crng reseeded on system resumption [ 842.275203][T16347] Invalid ELF header magic: != ELF [ 844.141963][T16246] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 844.141991][T16246] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 844.156981][T16246] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 844.157031][T16246] Bluetooth: hci1: Malformed LE Event: 0x0d [ 844.599636][T16380] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 844.612014][T16378] Invalid ELF header magic: != ELF [ 846.144767][T16405] Invalid ELF header magic: != ELF [ 847.796578][T16246] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 848.939506][T16432] Invalid ELF header magic: != ELF [ 850.792793][T16451] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2251'. [ 854.543323][T16246] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 854.674261][T16511] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 855.857540][T16246] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 857.932858][T16246] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 857.932885][T16246] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 857.948222][T16246] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 857.948264][T16246] Bluetooth: hci0: Malformed LE Event: 0x0d [ 862.849102][T16640] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2292'. [ 862.957447][T16640] bridge_slave_1: left allmulticast mode [ 862.984104][T16640] bridge_slave_1: left promiscuous mode [ 863.013718][T16640] bridge0: port 2(bridge_slave_1) entered disabled state [ 863.067916][T16640] bridge_slave_0: left allmulticast mode [ 863.103436][T16640] bridge_slave_0: left promiscuous mode [ 863.117489][T16640] bridge0: port 1(bridge_slave_0) entered disabled state [ 864.549191][T16669] Invalid ELF header magic: != ELF [ 865.040915][T16650] kexec: Could not allocate control_code_buffer [ 867.169115][T16246] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 867.169142][T16246] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 867.184047][T16246] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 867.184088][T16246] Bluetooth: hci0: Malformed LE Event: 0x0d [ 867.202964][T16707] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2301'. [ 868.782654][T16732] Invalid ELF header magic: != ELF [ 869.179315][T16737] Invalid ELF header magic: != ELF [ 870.134831][T16753] can: request_module (can-proto-3) failed. [ 871.347982][ T30] audit: type=1807 audit(4294967534.943:72): UNKNOWN=0"û]$|Ë1jë0B|d™¹ýÓ‰OŸ¬+ö×/ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ res=0 [ 871.428525][ T30] audit: type=1802 audit(4294967534.963:73): pid=16775 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.1.2314" res=0 errno=0 [ 872.306631][T16783] Invalid ELF header magic: != ELF [ 872.933894][T16774] ima: policy update failed [ 872.943953][ T30] audit: type=1802 audit(4294967536.553:74): pid=16774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2314" res=0 errno=0 [ 873.412304][T16801] i2c i2c-0: delete_device: Can't find device in list [ 873.440834][T16800] Invalid ELF header magic: != ELF [ 874.113166][T16246] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 874.113192][T16246] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 874.128273][T16246] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 874.128315][T16246] Bluetooth: hci3: Malformed LE Event: 0x0d [ 874.794813][T16246] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 875.014839][T16246] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 875.014871][T16246] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 875.029711][T16246] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 875.029757][T16246] Bluetooth: hci0: Malformed LE Event: 0x0d [ 875.137293][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.143743][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.376765][T16827] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2324'. [ 875.958488][ T30] audit: type=1800 audit(4294967539.563:75): pid=16834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2326" name="ram7" dev="tmpfs" ino=624 res=0 errno=0 [ 876.239734][ T30] audit: type=1800 audit(4294967539.843:76): pid=16841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2327" name="ram7" dev="tmpfs" ino=793 res=0 errno=0 [ 878.785350][T16881] tipc: Started in network mode [ 878.800737][T16881] tipc: Node identity ee00, cluster identity 4711 [ 878.865295][T16881] tipc: Node number set to 60928 [ 879.195565][T16871] can: request_module (can-proto-3) failed. [ 879.734879][T16246] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 879.734907][T16246] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 879.749891][T16246] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 879.749936][T16246] Bluetooth: hci3: Malformed LE Event: 0x0d [ 880.426285][T16246] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 881.719125][T16932] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2344'. [ 881.759580][T16246] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 881.759608][T16246] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 881.781773][T16246] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 881.781817][T16246] Bluetooth: hci3: Malformed LE Event: 0x0d [ 882.186205][T16246] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 882.186236][T16246] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 882.201060][T16246] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 882.201102][T16246] Bluetooth: hci3: Malformed LE Event: 0x0d [ 882.507578][T16945] Invalid ELF header magic: != ELF [ 883.139628][T16952] Invalid ELF header magic: != ELF [ 886.088202][T17006] can: request_module (can-proto-3) failed. [ 886.140924][T16246] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 886.140956][T16246] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 886.158465][T16246] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 886.158508][T16246] Bluetooth: hci1: Malformed LE Event: 0x0d [ 886.232193][T16246] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 886.232218][T16246] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 886.247638][T16246] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 886.247680][T16246] Bluetooth: hci0: Malformed LE Event: 0x0d [ 887.324591][T17018] Device name cannot be null; rc = [-22] [ 889.072500][T17045] FAULT_INJECTION: forcing a failure. [ 889.072500][T17045] name failslab, interval 1, probability 0, space 0, times 0 [ 889.133351][T17045] CPU: 1 UID: 0 PID: 17045 Comm: syz.1.2368 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 889.133379][T17045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 889.133391][T17045] Call Trace: [ 889.133398][T17045] [ 889.133405][T17045] dump_stack_lvl+0x16c/0x1f0 [ 889.133442][T17045] should_fail_ex+0x512/0x640 [ 889.133473][T17045] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 889.133500][T17045] should_failslab+0xc2/0x120 [ 889.133527][T17045] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 889.133550][T17045] ? __proc_create+0xc3/0x8c0 [ 889.133573][T17045] ? __proc_create+0x2ce/0x8c0 [ 889.133599][T17045] __proc_create+0x2ce/0x8c0 [ 889.133624][T17045] ? __pfx___proc_create+0x10/0x10 [ 889.133647][T17045] ? pcpu_chunk_relocate+0x126/0x190 [ 889.133671][T17045] ? find_held_lock+0x2b/0x80 [ 889.133696][T17045] proc_create_reg+0x7d/0x180 [ 889.133721][T17045] ? __pfx_xfrm_statistics_seq_show+0x10/0x10 [ 889.133747][T17045] proc_create_net_single+0x86/0x170 [ 889.133773][T17045] ? __pfx_proc_create_net_single+0x10/0x10 [ 889.133804][T17045] ? __pfx_xfrm_net_init+0x10/0x10 [ 889.133823][T17045] xfrm_proc_init+0x4d/0x70 [ 889.133845][T17045] xfrm_net_init+0x1f0/0xcc0 [ 889.133869][T17045] ? __pfx_xfrm_net_init+0x10/0x10 [ 889.133887][T17045] ops_init+0x1df/0x5f0 [ 889.133917][T17045] setup_net+0x21e/0x850 [ 889.133957][T17045] ? __pfx_setup_net+0x10/0x10 [ 889.133982][T17045] ? lockdep_init_map_type+0x5c/0x280 [ 889.134009][T17045] ? __pfx_down_read_killable+0x10/0x10 [ 889.134033][T17045] ? debug_mutex_init+0x37/0x70 [ 889.134055][T17045] copy_net_ns+0x2a6/0x5f0 [ 889.134085][T17045] create_new_namespaces+0x3ea/0xad0 [ 889.134115][T17045] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 889.134141][T17045] ksys_unshare+0x45b/0xa40 [ 889.134169][T17045] ? __pfx_ksys_unshare+0x10/0x10 [ 889.134195][T17045] ? xfd_validate_state+0x5d/0x180 [ 889.134215][T17045] ? rcu_is_watching+0x12/0xc0 [ 889.134240][T17045] __x64_sys_unshare+0x31/0x40 [ 889.134268][T17045] do_syscall_64+0xcd/0x230 [ 889.134300][T17045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.134320][T17045] RIP: 0033:0x7f76dad8e969 [ 889.134336][T17045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 889.134356][T17045] RSP: 002b:00007f76dbc8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 889.134375][T17045] RAX: ffffffffffffffda RBX: 00007f76dafb5fa0 RCX: 00007f76dad8e969 [ 889.134388][T17045] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 889.134400][T17045] RBP: 00007f76dae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 889.134412][T17045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 889.134424][T17045] R13: 0000000000000000 R14: 00007f76dafb5fa0 R15: 00007ffcf20c1138 [ 889.134449][T17045] [ 889.419980][ C1] vkms_vblank_simulate: vblank timer overrun [ 892.215875][T17085] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 892.304333][T17085] FAULT_INJECTION: forcing a failure. [ 892.304333][T17085] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 892.455984][T16246] Bluetooth: hci3: unexpected event 0x3e length: 1020 > 260 [ 892.456010][T16246] Bluetooth: hci3: unexpected subevent 0x01 length: 1019 > 18 [ 892.489311][T17085] CPU: 1 UID: 0 PID: 17085 Comm: syz.1.2376 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 892.489339][T17085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 892.489352][T17085] Call Trace: [ 892.489358][T17085] [ 892.489366][T17085] dump_stack_lvl+0x16c/0x1f0 [ 892.489400][T17085] should_fail_ex+0x512/0x640 [ 892.489435][T17085] _copy_from_iter+0x2a4/0x15b0 [ 892.489470][T17085] ? __alloc_skb+0x200/0x380 [ 892.489494][T17085] ? __pfx__copy_from_iter+0x10/0x10 [ 892.489528][T17085] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 892.489563][T17085] netlink_sendmsg+0x829/0xdd0 [ 892.489594][T17085] ? __pfx_netlink_sendmsg+0x10/0x10 [ 892.489631][T17085] __sys_sendto+0x495/0x510 [ 892.489653][T17085] ? __pfx___sys_sendto+0x10/0x10 [ 892.489683][T17085] ? count_memcg_events_mm.constprop.0+0x138/0x340 [ 892.489730][T17085] __x64_sys_sendto+0xe0/0x1c0 [ 892.489756][T17085] ? do_syscall_64+0x91/0x230 [ 892.489787][T17085] ? lockdep_hardirqs_on+0x7c/0x110 [ 892.489816][T17085] do_syscall_64+0xcd/0x230 [ 892.489849][T17085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 892.489870][T17085] RIP: 0033:0x7f76dad907fc [ 892.489885][T17085] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 892.489905][T17085] RSP: 002b:00007f76dbc4bec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 892.489925][T17085] RAX: ffffffffffffffda RBX: 00007f76dbc4bfc0 RCX: 00007f76dad907fc [ 892.489939][T17085] RDX: 0000000000000020 RSI: 00007f76dbc4c010 RDI: 0000000000000004 [ 892.489951][T17085] RBP: 0000000000000000 R08: 00007f76dbc4bf14 R09: 000000000000000c [ 892.489963][T17085] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 892.489974][T17085] R13: 00007f76dbc4bf68 R14: 00007f76dbc4c010 R15: 0000000000000000 [ 892.489999][T17085] [ 892.677643][ C1] vkms_vblank_simulate: vblank timer overrun [ 893.211557][T17107] lo: entered allmulticast mode [ 893.321949][T16246] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 893.321976][T16246] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 893.337506][T16246] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 893.337548][T16246] Bluetooth: hci2: Malformed LE Event: 0x0d [ 893.361497][T17109] lo: left allmulticast mode [ 893.562313][T17109] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 893.568853][T17109] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 894.398744][T17129] Invalid ELF header magic: != ELF [ 896.137038][T16246] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 896.137071][T16246] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 896.152748][T16246] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 896.152800][T16246] Bluetooth: hci1: Malformed LE Event: 0x0d [ 897.704192][T17183] [ 897.706640][T17183] ====================================================== [ 897.713650][T17183] WARNING: possible circular locking dependency detected [ 897.720656][T17183] 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 Not tainted [ 897.727749][T17183] ------------------------------------------------------ [ 897.734751][T17183] syz.1.2397/17183 is trying to acquire lock: [ 897.740816][T17183] ffff8881433f85d8 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310 [ 897.750650][T17183] [ 897.750650][T17183] but task is already holding lock: [ 897.757999][T17183] ffff8881433f80a8 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 897.769233][T17183] [ 897.769233][T17183] which lock already depends on the new lock. [ 897.769233][T17183] [ 897.779646][T17183] [ 897.779646][T17183] the existing dependency chain (in reverse order) is: [ 897.788661][T17183] [ 897.788661][T17183] -> #2 (&q->q_usage_counter(io)#29){++++}-{0:0}: [ 897.797272][T17183] blk_alloc_queue+0x619/0x760 [ 897.802570][T17183] blk_mq_alloc_queue+0x179/0x290 [ 897.808120][T17183] __blk_mq_alloc_disk+0x29/0x120 [ 897.813681][T17183] loop_add+0x496/0xb70 [ 897.818369][T17183] loop_init+0x164/0x270 [ 897.823135][T17183] do_one_initcall+0x120/0x6e0 [ 897.828421][T17183] kernel_init_freeable+0x5c2/0x900 [ 897.834145][T17183] kernel_init+0x1c/0x2b0 [ 897.838989][T17183] ret_from_fork+0x48/0x80 [ 897.843917][T17183] ret_from_fork_asm+0x1a/0x30 [ 897.849205][T17183] [ 897.849205][T17183] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 897.856421][T17183] fs_reclaim_acquire+0x102/0x150 [ 897.861982][T17183] kmem_cache_alloc_noprof+0x53/0x3b0 [ 897.867871][T17183] __kernfs_new_node+0xd2/0x8a0 [ 897.873237][T17183] kernfs_new_node+0x13c/0x1e0 [ 897.878527][T17183] kernfs_create_dir_ns+0x4c/0x1a0 [ 897.884154][T17183] sysfs_create_dir_ns+0x13a/0x2b0 [ 897.889798][T17183] kobject_add_internal+0x2c4/0x9b0 [ 897.895512][T17183] kobject_add+0x16e/0x240 [ 897.900442][T17183] elv_register_queue+0xd3/0x2a0 [ 897.905902][T17183] blk_register_queue+0x3c4/0x560 [ 897.911440][T17183] add_disk_fwnode+0x911/0x13a0 [ 897.916818][T17183] nbd_dev_add+0x78e/0xbb0 [ 897.921758][T17183] nbd_init+0x181/0x320 [ 897.926440][T17183] do_one_initcall+0x120/0x6e0 [ 897.931738][T17183] kernel_init_freeable+0x5c2/0x900 [ 897.937485][T17183] kernel_init+0x1c/0x2b0 [ 897.942341][T17183] ret_from_fork+0x48/0x80 [ 897.947279][T17183] ret_from_fork_asm+0x1a/0x30 [ 897.952577][T17183] [ 897.952577][T17183] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 897.960418][T17183] __lock_acquire+0x1173/0x1ba0 [ 897.965794][T17183] lock_acquire+0x179/0x350 [ 897.970823][T17183] __mutex_lock+0x199/0xb90 [ 897.975856][T17183] queue_requests_store+0x1c7/0x310 [ 897.981570][T17183] queue_attr_store+0x270/0x310 [ 897.986938][T17183] sysfs_kf_write+0xef/0x150 [ 897.992061][T17183] kernfs_fop_write_iter+0x354/0x510 [ 897.997866][T17183] vfs_write+0x5bd/0x1180 [ 898.002710][T17183] ksys_write+0x12a/0x240 [ 898.007555][T17183] do_syscall_64+0xcd/0x230 [ 898.012582][T17183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.018993][T17183] [ 898.018993][T17183] other info that might help us debug this: [ 898.018993][T17183] [ 898.029210][T17183] Chain exists of: [ 898.029210][T17183] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#29 [ 898.029210][T17183] [ 898.042948][T17183] Possible unsafe locking scenario: [ 898.042948][T17183] [ 898.050385][T17183] CPU0 CPU1 [ 898.055739][T17183] ---- ---- [ 898.061091][T17183] lock(&q->q_usage_counter(io)#29); [ 898.066469][T17183] lock(fs_reclaim); [ 898.072971][T17183] lock(&q->q_usage_counter(io)#29); [ 898.080863][T17183] lock(&q->elevator_lock); [ 898.085448][T17183] [ 898.085448][T17183] *** DEADLOCK *** [ 898.085448][T17183] [ 898.093606][T17183] 6 locks held by syz.1.2397/17183: [ 898.098792][T17183] #0: ffff888031cf00f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 898.107845][T17183] #1: ffff888030612420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x240 [ 898.116823][T17183] #2: ffff88807e238488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 898.126599][T17183] #3: ffff888140f84c38 (kn->active#163){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 898.136736][T17183] #4: ffff8881433f80a8 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 898.148429][T17183] #5: ffff8881433f80e0 (&q->q_usage_counter(queue)#24){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 898.160381][T17183] [ 898.160381][T17183] stack backtrace: [ 898.166265][T17183] CPU: 1 UID: 0 PID: 17183 Comm: syz.1.2397 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 898.166295][T17183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 898.166310][T17183] Call Trace: [ 898.166319][T17183] [ 898.166329][T17183] dump_stack_lvl+0x116/0x1f0 [ 898.166365][T17183] print_circular_bug+0x275/0x350 [ 898.166396][T17183] check_noncircular+0x14c/0x170 [ 898.166428][T17183] __lock_acquire+0x1173/0x1ba0 [ 898.166465][T17183] lock_acquire+0x179/0x350 [ 898.166494][T17183] ? queue_requests_store+0x1c7/0x310 [ 898.166519][T17183] ? __pfx___might_resched+0x10/0x10 [ 898.166545][T17183] ? do_raw_spin_lock+0x12c/0x2b0 [ 898.166583][T17183] __mutex_lock+0x199/0xb90 [ 898.166623][T17183] ? queue_requests_store+0x1c7/0x310 [ 898.166647][T17183] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 898.166680][T17183] ? queue_requests_store+0x1c7/0x310 [ 898.166703][T17183] ? lockdep_hardirqs_on+0x7c/0x110 [ 898.166737][T17183] ? __pfx___mutex_lock+0x10/0x10 [ 898.166776][T17183] ? __pfx_autoremove_wake_function+0x10/0x10 [ 898.166809][T17183] ? queue_requests_store+0x1c7/0x310 [ 898.166832][T17183] queue_requests_store+0x1c7/0x310 [ 898.166857][T17183] ? __pfx_queue_requests_store+0x10/0x10 [ 898.166883][T17183] ? __mutex_trylock_common+0xe9/0x250 [ 898.166916][T17183] ? __pfx_queue_requests_store+0x10/0x10 [ 898.166940][T17183] queue_attr_store+0x270/0x310 [ 898.166962][T17183] ? __pfx_queue_attr_store+0x10/0x10 [ 898.166984][T17183] ? tcp_recvmsg_locked+0x1789/0x2880 [ 898.167012][T17183] ? find_held_lock+0x2b/0x80 [ 898.167033][T17183] ? sysfs_file_kobj+0xe4/0x290 [ 898.167069][T17183] ? __pfx_queue_attr_store+0x10/0x10 [ 898.167090][T17183] sysfs_kf_write+0xef/0x150 [ 898.167124][T17183] kernfs_fop_write_iter+0x354/0x510 [ 898.167155][T17183] ? __pfx_sysfs_kf_write+0x10/0x10 [ 898.167190][T17183] vfs_write+0x5bd/0x1180 [ 898.167213][T17183] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 898.167246][T17183] ? __pfx___mutex_lock+0x10/0x10 [ 898.167281][T17183] ? __pfx_vfs_write+0x10/0x10 [ 898.167313][T17183] ksys_write+0x12a/0x240 [ 898.167335][T17183] ? __pfx_ksys_write+0x10/0x10 [ 898.167370][T17183] ? rcu_is_watching+0x12/0xc0 [ 898.167394][T17183] do_syscall_64+0xcd/0x230 [ 898.167436][T17183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.167455][T17183] RIP: 0033:0x7f76dad8e969 [ 898.167470][T17183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 898.167489][T17183] RSP: 002b:00007f76dbc8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 898.167506][T17183] RAX: ffffffffffffffda RBX: 00007f76dafb5fa0 RCX: 00007f76dad8e969 [ 898.167519][T17183] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 898.167531][T17183] RBP: 00007f76dae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 898.167542][T17183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 898.167553][T17183] R13: 0000000000000000 R14: 00007f76dafb5fa0 R15: 00007ffcf20c1138 [ 898.167571][T17183] [ 898.167588][ C1] vkms_vblank_simulate: vblank timer overrun [ 898.470367][ C1] vkms_vblank_simulate: vblank timer overrun