last executing test programs: 15.586523226s ago: executing program 3 (id=519): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x1000, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000640), 0x8182, 0x0) ioctl$auto_KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f00000006c0)={0x3}) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x8b}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/sit0/dev_port\x00', 0x100, 0x0) socket(0x2c, 0x5, 0x4) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, 0x0, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/zram-control/hot_add\x00', 0x20800, 0x0) socketpair$auto(0x1e, 0x3, 0xfffffffe, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) close_range$auto(0x2, r0, 0x0) r4 = gettid() process_vm_writev$auto(r4, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) clone$auto(0x6, 0x9, 0x0, 0x0, 0xe08) 13.17369111s ago: executing program 3 (id=523): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/query\x00', 0x42802, 0x0) read$auto(r0, 0x0, 0xb4d3) r1 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) timer_create$auto_CLOCK_REALTIME(0x0, &(0x7f0000000000)={@sival_ptr=0x0, @raw=0x100, 0x4, @_tid=r1}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r3) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x24, r4, 0xb11, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}]}, 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x9800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r7 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PVERSION(r7, 0x80045400, &(0x7f0000000040)=0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001c00), r8) sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(r8, &(0x7f0000001d00)={0x0, 0x0, &(0x7f0000001cc0)={&(0x7f0000000000)={0x1c, r9, 0xa2d601c1e7b11e31, 0x70bd27, 0x25dfdbfd, {}, [@IOAM6_ATTR_NS_ID={0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$auto_IOAM6_CMD_DUMP_NAMESPACES(r3, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r9, 0x800, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x140018c4}, 0x880) ustat$auto(0x801, 0x0) keyctl$auto(0x1d, 0xfffffffffffffffd, 0x2, 0x628, 0xfffffffffffffffd) bpf$auto_BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)=@bpf_attr_5={@target_fd=r0, r0, 0x2, 0xffffffff, r0, @relative_fd=r0, 0x6ef}, 0xfffffffc) 11.097921389s ago: executing program 1 (id=529): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x5, 0x84) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) openat$auto_dev_fops_plock(0xffffffffffffff9c, &(0x7f0000001240), 0x80, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/002/001\x00', 0xa901, 0x0) select$auto(0x6b, 0x0, &(0x7f0000002400)={[0x1, 0x400, 0x300, 0x8, 0x200000000000027f, 0xe0d3, 0x4, 0x17c750d60, 0xfffffffffffffac1, 0x106, 0x8000, 0x8000000000000000, 0x0, 0x10001, 0x2, 0x24f]}, &(0x7f0000002480)={[0xf, 0x5, 0x8, 0x4, 0x6, 0xffffffffffffff7a, 0x8, 0x45f6c183, 0xae9, 0x3, 0x3, 0x8, 0x8000, 0x2, 0x8000000000000001, 0xfffffffffffffffc]}, 0x0) 11.044693836s ago: executing program 3 (id=530): mmap$auto(0x0, 0xf4, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/maps\x00', 0x2000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r1, 0xaea2, 0x0) read$auto_proc_pid_maps_operations_internal(r0, &(0x7f0000000980)=""/4098, 0x1002) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2902, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x3, 0x1, 0x9, 0x7352, 0x41, 0x65f, 0x1ffde, 0x7, 0x3, 0x2, 0xb, 0x3, 0x5, 0x101, 0xb4, 0x9, 0x6, 0x7ff, 0x84, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0xb4, 0x4, 0x0, 0x0, 0x0, 0xfffffff9, [0x5, 0x0, 0x68, 0x0, 0x100000000, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3, 0x800000000000000, 0x7e30e0be]}, 0x1fe, 0xf) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) ioctl$auto(0xffffffffffffffff, 0xc058560f, 0xffffffffffffffff) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) 10.809864785s ago: executing program 1 (id=532): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) (async) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) (async) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/pci/drivers/vmwgfx/new_id\x00', 0xa001, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) clone$auto(0x20003b42, 0x8400, 0x0, 0x0, 0xfffffffffffffff9) r3 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000080), 0x41180, 0x0) read$auto(r3, 0x0, 0x58b22256) (async) read$auto(r3, 0x0, 0x58b22256) write$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0xfffffdf2) (async) write$auto(0x3, 0x0, 0xfffffdf2) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) (async) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x8923, 0x24) 9.483822236s ago: executing program 3 (id=535): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) r0 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) write$auto(r0, &(0x7f0000000000)='gthtool\x00', 0x10) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3b, 0x1, 0x0, 0x1, 0x2) socketpair$auto(0x1, 0x2, 0x1, 0x0) mmap$auto(0x0, 0x8, 0xde, 0x9b72, 0x2, 0x48000) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x1081, 0x0) mmap$auto(0x0, 0x2000a, 0xdf, 0xe31, 0x40000000000a5, 0x8000) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x5, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r1, 0x10000000008000) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmsg$auto_GTP_CMD_NEWPDP(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c854}, 0x8040) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) unshare$auto(0x40000080) socket(0x2, 0x1, 0x0) socket(0xa, 0x2, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x22, 0xffffffffffffffff, 0x3) socket(0x34, 0x0, 0x5) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) 8.941857066s ago: executing program 1 (id=536): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) r0 = socket(0x2, 0x1, 0x106) sendmsg$auto_NL80211_CMD_GET_POWER_SAVE(r0, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={0x0}, 0x1, 0x0, 0x0, 0x40080}, 0x20000800) setsockopt$auto(r0, 0x6, 0x2, &(0x7f0000000080)='\x00\x00C\x80\'\xf9\xc4\xf5W_\xa2\x00\x05\x00\x00\x00\f\x8a\x7f\xcf\x9d\xc4ZrAF\xc7\xeeV\xda\x8ex\x1d\xddzL\xba\xc11\xc6\x1c\xe2\xe9\xbb,\x80\xd3\xcc\xf8\xd5h\xf7S\x81r[\xc8\xf1w \x95V?K\xf2\xd0\x02A\xf020\xe1\xd5^\xa8\xa9\xa0\xd5\xfa\x17I\x17\xf5\xdc\xb8\x1bt\xfc\xd9Ei5l\xef\xfbs\x04\xa0\xd8\x94E\b~\xd9\xbb\xeb\xc7\xfe\xe7\xde)\xc4r\x89\x03\xe0;\xa7\x1d+\xd5\x94N\xf4>-\xe3\xd3\x8d\xc7\xa4*\x96\xf7', 0x9) newfstatat$auto(0xffffffffffffff9c, 0x0, &(0x7f0000000380)={0x5, 0x6, 0xa9, 0x4, 0x0, 0xee01, 0x0, 0x6, 0x3, 0x0, 0x6, 0x8, 0xbc, 0x1, 0x4, 0x0, 0x53}, 0x1) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) lstat$auto(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={0x1, 0x6, 0x6, 0x1000, r1, r2, 0x0, 0x4, 0x7, 0x9, 0xffffffffffff8000, 0x9, 0x9, 0x4, 0x2, 0x7, 0x8}) sendmsg$auto_IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000af3f7fa44b50789bcbcc63da49a17050e75fd3bef30893aae94f52ec2031f9eebb9f7f0650538c3b99f804e0d2c694237699de4d018cde0f8c5dcbf98bca73b0994a898dfa14193472f22ba12de6b62ed8cb2ef011e538d35a297a1d211b37ece799fffe631334d3993d49", @ANYRES16=0x0, @ANYBLOB="080027bd7000fcdbdf25050000000800040004000000080004000500000008000500020000000400028008000400ff010000"], 0x38}, 0x1, 0x0, 0x0, 0x8010}, 0x8000) ioctl$auto_OSS_GETVERSION2(0xffffffffffffffff, 0x80044d76, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0x200007, 0x19) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SEG6_CMD_SETHMAC(r3, &(0x7f0000001440)={0x0, 0xf0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB='7\x00\x00\x00', @ANYRES16, @ANYBLOB="a9e127bd7000ffdbdf2501000000050006000700000008000300010001000700040096e300000500050003000000"], 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x400c810) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) write$auto(r4, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) 8.224828536s ago: executing program 2 (id=538): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000000028000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r1, 0x0, 0x20) socket$nl_generic(0x10, 0x3, 0x10) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) (fail_nth: 1) 8.077081342s ago: executing program 1 (id=539): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000000028000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r1, 0x0, 0x20) socket$nl_generic(0x10, 0x3, 0x10) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) 7.601794369s ago: executing program 2 (id=540): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000000028000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x20000000) socket(0x2, 0x800, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x4288, 0xe983, 0x9, 0x840ebf, 0xffffffffffffffff, 0x8200) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(r0, 0x80045017, &(0x7f0000000c00)) r1 = io_uring_setup$auto(0x6, 0x0) openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x5, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r1, 0x80104592, &(0x7f0000000000)={0x2000, 0x0, 0x105}) ioctl$auto(0x3, 0x80004509, 0x10000000000402) ioctl$auto(0x3, 0x800005411, 0x38) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 5.699594518s ago: executing program 2 (id=542): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter\x00', 0x40001, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x165840, 0x151) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x1aa, 0x0, 0x6, 0x0, 0x5, 0x1001}, 0x5}, 0x2, 0x100) bpf$auto(0xf7fff011, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x4, 0xfaae, 0x468, 0x9, 0x2, 0x8, 0x3, 0x4, 0x1ff, 0x5, 0xb5, 0x4, 0x806, 0xd9ee}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x200) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x8301, 0x0) unshare$auto(0x40000080) r3 = syz_genetlink_get_family_id$auto_ncsi(&(0x7f00000000c0), r2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wg2\x00', 0x0}) sendmsg$auto_NCSI_CMD_PKG_INFO(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x38, r3, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@NCSI_ATTR_MULTI_FLAG={0x4}, @NCSI_ATTR_CHANNEL_MASK={0x8}, @NCSI_ATTR_CHANNEL_MASK={0x8, 0x8, 0x3ff}, @NCSI_ATTR_CHANNEL_ID={0x8, 0x4, 0xc4b8}, @NCSI_ATTR_IFINDEX={0x8, 0x1, r4}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/midiC2D3\x00', 0x2402, 0x0) 5.637330632s ago: executing program 0 (id=543): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x2, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, &(0x7f0000000080)={{@raw=0x7, 0x5, 0xfffff7bb, 0x2f, "984e784f697ebcc30053822c357eb55df43e9e037b650dfc7a3df9aa20e32749384f515111de5da4403cab68", @raw=0x7}, 0x200000, 0x1, 0x4, @raw=0x3, @enumerated={0x8, 0x0, "3544fac47a801d819cb534605db6a893115890fe4787b893bf2d3f312883af26fc4d92993388bae934e26fa2157468e873f1359a98377e7310a5f19b224938a6", 0xf}, "b210e8ae72f3052d09004297cc39fbd4fe51f972eb62ed41cec2ea5c1e45264907d818e9711e2b57cd159b796ab9e6c81a2f47680e3d2a7f677dccfd260d82fe"}) r1 = socket(0x2, 0x1, 0x106) mmap$auto(0xffffffffffffffff, 0x2000d, 0x7, 0xeb2, 0x404, 0x86a4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/rose8/address\x00', 0x752502, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ram15\x00', 0x7e9d00, 0x0) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r4 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/buffer_percent\x00', 0xbc102, 0x0) close_range$auto(r3, r4, 0x800000b) r5 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000002640)='/dev/mtd0\x00', 0x8000, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f0000000140)={0x40, r7, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r8}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x6}, @OVS_DP_ATTR_NAME={0x11, 0x1, 'ovs_\x00\x00\x00\x00\x00\x00\x00\x00\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x48f) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) ioctl$auto(0xffffffffffffffff, 0x4b41, 0xffffffffffffffff) ioctl$auto_OTPSELECT(r5, 0x80044d0d, &(0x7f00000000c0)=0x10009) socket(0x2, 0x1, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r10, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa}) recvmmsg$auto(r9, &(0x7f0000001200)={{&(0x7f0000000e80)="b55b19901ff5d0344a1fc41210effb3148cbe3c5791b79009e18bf3d26c57293c5779ada073afdd0a20efa60096260446c108c168ec4086cf313df39876424025ad4e7fc0e8c8426094761067586347c1063e9b50008b2a7f6301b0751703e44807609356dfec198152770fb7c0623499b420f0c1ef722d4403a5e08495914db725404ca8b13e575efa20e3a6d80ee2393ebbffc3a76e86be17ec6f79b797b4c598736222417c68f31576728f37abdb2936430914f291447bd7f4db09fea1ecd629b66fc4e5e6b7c5e2e5a41a5bad3531b5a6a408dfa4292945a4300000000", 0x80000001, &(0x7f0000001100)={&(0x7f0000001000)="623cd983a7fb9b2a4acb4194ddbfb4eebe4a3f6e4fb551c9356d1f98d6cafed56beff689ac5b4934e7907977a9259c08d7f33c76879e83423a6efc18123ae96e6405451753ded50b0c8b2023c1681fd75c1e6bd49044163705db07f519c2b4deb02ae960536e6965a11e072da7bbf52cd8f879c05e4e4b19583fcfc344c9a112bd3c960505171bb9ef811a44c9a9bdc45a02c076835334512689db86c3c2c2a01af2038fdef212fb4e181c01058173f5e370389132cee2a2b237173330b0158dd6619c11faffaa50ac9af1b40900b51db65d641bf8f0a4e8feb0f0da84ed15"}, 0x1, &(0x7f0000001140)="164f330375f2d5cdb5885938500089b153f324e417285e519f83d3b7a8b27c80570c0c38bdc1aa35cbb3547a2160f610dbd4976efd5a35c0ec7a3f1e98f1037584068e48881efc9a12f1e32be2ac43e3810103f2306ce8af254f9dea68dff0e09e348dd9b840a01ac90054f9ce476e8d8578cec2e91cbbbb66ab13195697e699632e0abd3f32b7", 0x3, 0x8}, 0xfff}, 0x3, 0x4, &(0x7f0000001240)={0xfffffffffffffff7, 0x7fffffffffffffff}) ioctl$auto_UI_DEV_CREATE(r10, 0x5501, 0x0) writev$auto(r10, &(0x7f0000000340)={&(0x7f0000000200)="000000000000000007995a558670f5f8d8eb5f2af16a144ff569c26b", 0xda7e}, 0x8) getsockopt$auto(r1, 0x6, 0x6, 0x0, &(0x7f00000000c0)=0xfffffff8) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000fc0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000f80)={&(0x7f00000001c0)={0xcb4, 0x0, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x3d, 0xbe, "3f16e7f571be1f272e23fb597e86630efbf0878c490ad0e0d732132662c95bada5303874c67d5632b5c4ba3ca5ef726380f957ab0180fde35f"}, @NL80211_ATTR_STA_EXT_CAPABILITY={0x8a, 0xac, "f46e298b091c2196c3623b2e35f5867a8ee6f31fea72fb6a0bbd26649f047f048f6b7fc618385df10ce51632afc23184a50ec55bd8f7d05930895acd97d6038f392055ea3fefae798bf7c7ec54b43fced4762d4b984ccbc0183bf2cf8a13c295aa1e5f89ed73ea5fcce1be59d7dd019486ee4825c4929c5a35bf22f7997c1f7c17120d5c5d46"}, @NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x3}, @NL80211_ATTR_SCAN_SUPP_RATES={0x28a, 0x7d, 0x0, 0x1, [@nested={0x187, 0x62, 0x0, 0x1, [@generic="e3048ee97925ed0ad0cd067509bf21ca5a13684a3d04e4fb392352fa6dbafffe1e4387c4afdaa5a575ee6fb87b493266284cd75c15f4ccd1a28a4123f1561d3647103f96465b95ffd0ad1f2bcda5f38ee4ec869ffa53d229b1088ea50056bcf9bb6e0cae1b3d352d91bf2b321ecd6b8e742b9848fb278b303acae3a1a2b8ba5b3fd62d1637c006", @typed={0x8, 0x146, 0x0, 0x0, @u32=0x2}, @generic="3439d9bd1422232bff4354176f2716b476af8c3ce77a6d36d0f92a576952214b5c513ee667b3f1fb1a52d61833a6345246a498585407f1435dca00cc3e71c07ddcfe12523897bd6e62599e83178767b2677e67ecd8edfb9d45f4348744fea6d3c8892a691b66061de1d01860c88c8122a8fec865a6865af101163b57a9a42f7049056e934e648bdbb19c387795c0142d0ed1b59a860d5340e73229f32762e019031c4e0d41fb609592db856ad64767c54fe324e3c19a1d047a4034f69027d1f331b4e9c70390ff6eb86fcb22bfb51c996652a9ea82edbf600cb90c138dacfc8d5f649dce8fb6ea2d5917de6397bcfe9859003315"]}, @generic="2e532bc8ae84", @typed={0xc, 0x150, 0x0, 0x0, @u64=0x6}, @generic="9552117fbb003db2087528da72e93f123055a3f93fec1ac01bcb8e508151d8b8754da6", @nested={0x1c, 0xe7, 0x0, 0x1, [@typed={0x8, 0xf3, 0x0, 0x0, @u32=0x80000000}, @nested={0x4, 0x129}, @generic, @typed={0x5, 0xbf, 0x0, 0x0, @str='\x00'}, @nested={0x4, 0x1b}]}, @generic="bbc05e10c4e5e4de74009a238b6288472606031a3cacb19f443893ad54e20cc68bf031b1991bb09d2d0cb6bd797f0242e26ab3dab6c2e7b054c7d6695ab18178d7c72871aa1343f1851102fc06319114fb0efd2f4dce0452b4a8ee74ba23d6996471ec72469c9a06b22efb82452745bfc68ce9a6ecccdff92aba68a4baae55b68f474355f9346f4df2d7dc7256955377128819f747c1c4b82eb96fb6971b91405d963830436d4fb5e992fcde3a"]}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x80000000}, @NL80211_ATTR_PMKR0_NAME={0x72, 0x102, "470bdd90aee68b8567178296b6d397aaece1666fca3fbd5d1a447f6aa8e2d217bc2c055c44b91b735b5c9b71991eca5558e4d57a6871942f13df068c0c00348721e4656330ac2f8daea38c47cf7fad56c5f545141565010742aedf413f0be3083f875a793f9bd8aa0e0b3ec7501a"}, @NL80211_ATTR_IE={0x8bb, 0x2a, "1fad3761a5d1b550b5644d488b6d4c8619e0d4a4b8c9b58f63ea7d597f413c6eaecc9c155a2cdcbaa62c767b97838f5c62bb2980a08b2b3eae89e731a74efef8fac68783cc2fa5555d635f2a620ed3cee406815fba7f9591b00c80fd39da7308de73fdaeaf82e867044349c60761d98caaf7b57a3484507925d23182e4ea481825efa37a08c2fc1fa8dac8f359e3cfee2295a6aae263d3bea2a255c8473ef3f39cfa43786e46d5c27f811b2e900fd71792b0a36222aba65cc41d577b96f729f196cb9b2e5c994d790e46a5c84224e8abbe158d6f00fac6a8d88e850973bc1ed87e5340733cf1cd6bc04c45481019e2fcd5ecba63d8d6d21a6393d635deb7f17187f7f1f16835357bf1fc4950890c259ec162931396487fc88c7bf674c454668a17ac3289d354a32e93e23c2a15409f4c3294b07b8a5bc7ff4609b5bea19d87aa990e6dc8c4d91ed9939196aebd9880b092167724b1d9e663cfdd65a10cccc1ae84a7ed32b38156feeb618df8d40003e4b3f1b7ef33c084e56d36d55ec2165f09da78fb082edd73c53348a8cae755d6ba5fc289aa2c37bd7f65cf2088b9e6cc75daee759fd49dcc787850f80b588e8249edd169916a4522481814d493411928cf5e54755c90dc1b5df4e0af98d82d2f5934041a5018ee952cb4a23cebc9a18f94240fe013df27e06a6547d590e6036b046404ba58f5d2a8a0026b3827af80e321ba3307fee2427fb4ed7b50023b3afcaa8cfa534d8ddace544547552e2603759733f076731923557ffd149cdbda278512b9a55bd6161a2423dbeaa831702955054e3ad65f5acb9ad2e24e483c181bdd2282431d78068b2939ed99dc21dc35619f5dc9771cf6672a9cc71c25f10f5852da8f584ba5fc6811bae969bb0d3a116eb2b14f07111b107b2a11e4b16ce25272c2c503f89c935a1b224f1a7a5019e54ed181e64655dad28c1be2c4fa82968db4b07c5c4d2f1f6a2e7c84f84d31e5cb9660bceb80191352ad278c62dbdbf51ba5d3c713cea9e0e155402f2562938220455548d87f2312140e3e067c9696ce998fb129cab9c377b2e6820cba0f1ccedaf708ffa87c289fcb9427211e99c936879775d25e9529aa899e43d244f6e7f9642b93762729afe7db54dd9bea0f98530fae33acc05f766de0cb2e0d831e0f98f8000366fa1997c7e485e46f2133b84a52262bf2099eaf352de6fe66b98426f30a8c641a743586ae3c061a3637ea652e02d42202f0dc0d65752fb717be91ea4576e36a86c2e21efa9f97a49c2594d04ed95da14661cb916ce20fc134c6a353096afd0cd032cbbc75b233afb3e5c837e89996e0e7f80af72fc0355cf84865074f573c38586a8f01b175681ade12f12232e9b04a5274dab3da98381b5d61c19ef15524804bc31bfd8753a68889d8f049e959dba418d182ac5ad094730e2605507c9a0f6aa09e6a8e60432b5ed205c668aa5023e4d96839e76ec213ad3cf5b2dbe25f57f5ca47ba2605c5e6932381dccf1429bd60989178419e7d07097fd7d5d939e2a3d3428dd43f9e4e4a3075e313041303fd650720530f6a7085884fa848e2392e74e05ff90780f1b4e2d479b6bbbf61f0b5195e6ec2c2607c914c618c661069a39907137863f630baf52dcbb4996b12ca889c10e298f8391fc3728f455704faa4dfacdc1dc1265d07b5f2107c02bc6ee78d7f50edaad2489fec21499006a56c4938f3a95e15005e595dfc781e3a7560a231cb90a4108b6ac32f528399202c33a19b619a5985f6c456c349ff0ecda4f06417e9834460af58a375f5a303290a2f372a5d8b5e275c7ee7ec773708a99bdd314b8bc7eece89f88ec0af572036ac3341b0dfd059824d3a1be99f1017d1a8f688321e0998f19a075b0616b985155ef0597f063917b48b56acbb0e86166ea472c994cd9dfc514bf284d057eb85ffe2df0b0bfc0d8449f2daff98a6a6e9717f6ad0a4463ef523b20a90f7b419709db5238c832b40871da99eb55a2c377124b91f18d646c873efd1d6fce903b1eac3316412ceee97297a60ddbe033393c2fea15721cfd1b57accf65343051cab94a3f6c6fb4ba8f48574590e4fb9225833f635a7416c3be3866c7a768e1074ba0a087feb430db88e73c30a2b0167cc77176a6e059142e1c365eaf1d9d317f710a361d70fed71e81b4f01d5628b5229db6c3a12a3c51811559556571db343e4c09d0ff8f31a69a3f657ef80ff61a89fc149426995e38b0254aa0d5ce572364601d2b6c3fd1b087ee2259678eeaee38fefa9cffeb7cbfe97d8bcc30f5cea20c9348b66ea3f8134346c088ab18f1de3a35cb1eda93202f0e565476bb7b4eeadd49c59c454dfc1c66e8df91b2978f0231a36f53fb2dfe1ed1bbcb9c9bc27a5beda040d4a5e9bc2eb19d39cb28d1f202d5ee6c4efd7356277d60feb39e4d0624653dbdca537d0cb012fcabdfabdab35187ed3675404e77b14aa16b648d4d59f9b1baebe435fd841487fb3477c9d356cbcdc2854761a4a74e01d9a266bfc29ee73f711ce1c6512e43d1efe848b47f98ec62873135fd0be9d6dc1d6c62149744eac9bbae212a75bdcb8c1706b96b4b07bb0bc03fa126f9a24e6fa4706e25a432fb32c39e175750a3044255cd9a0d1b2a8bb3655ce77a72815048cc342d4ee1b63a4879318b3fe36e22889f5001942f6486157d2dd27441c8a0dfc223a9183404fcc3bc3935d21eae3e2c03ee794a5d39e8ebeec6e01bbdd12e0d0077e9322847e06dca04b542f0b5ee7263370441f69e2b344f072b1bd283090881624e7a412f07818e4e5a7cee3405f855a58de14e46809ed3d4d5b0f0874124024ed6f044ea3e931ee711c78916aa655323460e78a30ccd38dd3776377af8811f2a21853991e6f6dc6ec85da2d19637847148649ba2d2107b910707386e2b6f299ca7bdf8bfeab72bd170926cb0a4562474a2030982e7005ceb017bae8c8179c48dce60d43c1ef6bc60b7afdb3a7dc746e0b100e5cabfc2b44a3507b074d11088a46cb7aa5ca9fccd9b7a5879599fe20dbc417367a6e8d7ff3ce2a57c44ef37e1f4b5737f6392c21f4e2d61a5e862e035312bb91e5e9ee8e8506fcf30476e6366b4c44791809e48f91a231ffd6e690c2f59df782d1680ef5866f4a0cfb0af5bfe3f77fa00989ac"}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x400}]}, 0xcb4}, 0x1, 0x0, 0x0, 0x200000c4}, 0x0) 5.472256241s ago: executing program 1 (id=544): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) r0 = socket(0x2, 0x1, 0x106) sendmsg$auto_NL80211_CMD_GET_POWER_SAVE(r0, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={0x0}, 0x1, 0x0, 0x0, 0x40080}, 0x20000800) setsockopt$auto(r0, 0x6, 0x2, &(0x7f0000000080)='\x00\x00C\x80\'\xf9\xc4\xf5W_\xa2\x00\x05\x00\x00\x00\f\x8a\x7f\xcf\x9d\xc4ZrAF\xc7\xeeV\xda\x8ex\x1d\xddzL\xba\xc11\xc6\x1c\xe2\xe9\xbb,\x80\xd3\xcc\xf8\xd5h\xf7S\x81r[\xc8\xf1w \x95V?K\xf2\xd0\x02A\xf020\xe1\xd5^\xa8\xa9\xa0\xd5\xfa\x17I\x17\xf5\xdc\xb8\x1bt\xfc\xd9Ei5l\xef\xfbs\x04\xa0\xd8\x94E\b~\xd9\xbb\xeb\xc7\xfe\xe7\xde)\xc4r\x89\x03\xe0;\xa7\x1d+\xd5\x94N\xf4>-\xe3\xd3\x8d\xc7\xa4*\x96\xf7', 0x9) newfstatat$auto(0xffffffffffffff9c, 0x0, &(0x7f0000000380)={0x5, 0x6, 0xa9, 0x4, 0x0, 0xee01, 0x0, 0x6, 0x3, 0x0, 0x6, 0x8, 0xbc, 0x1, 0x4, 0x0, 0x53}, 0x1) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) lstat$auto(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={0x1, 0x6, 0x6, 0x1000, r1, r2, 0x0, 0x4, 0x7, 0x9, 0xffffffffffff8000, 0x9, 0x9, 0x4, 0x2, 0x7, 0x8}) sendmsg$auto_IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000af3f7fa44b50789bcbcc63da49a17050e75fd3bef30893aae94f52ec2031f9eebb9f7f0650538c3b99f804e0d2c694237699de4d018cde0f8c5dcbf98bca73b0994a898dfa14193472f22ba12de6b62ed8cb2ef011e538d35a297a1d211b37ece799fffe631334d3993d49", @ANYRES16=0x0, @ANYBLOB="080027bd7000fcdbdf25050000000800040004000000080004000500000008000500020000000400028008000400ff010000"], 0x38}, 0x1, 0x0, 0x0, 0x8010}, 0x8000) ioctl$auto_OSS_GETVERSION2(0xffffffffffffffff, 0x80044d76, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x200007, 0x19) inotify_init1$auto(0x3000000000000) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SEG6_CMD_SETHMAC(r3, &(0x7f0000001440)={0x0, 0xf0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB='7\x00\x00\x00', @ANYRES16, @ANYBLOB="a9e127bd7000ffdbdf2501000000050006000700000008000300010001000700040096e300000500050003000000"], 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x400c810) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) write$auto(r4, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) 4.841281658s ago: executing program 2 (id=545): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x6801c0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_udf_dir_operations_udfdecl(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x8a00, 0x0) close_range$auto(r1, r0, 0x80000000) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f00000001c0), 0x400000, 0x0) getdents$auto(r3, &(0x7f0000000240)={0x8, 0xfffffffffffffffc, 0x9, "fd02c47874d867ac469ab40ba183a5d52b3d6f94720028c2c4459294e76e8b9cc5143c8d51ca2e9cff01f795eabe9b4a60a0afd4712214a55421c808648f6ab2c406be094b6262c067782a650a8a0e9c56329377aa5c1ce97c453e4e7f011b587dd101db1a88628a2204212472aed7656a54ffde733f007e331510d44e215b85a84aa261a064953feecde0c4623e439ccb5adb27f741b53840b1215b988d98d9d6"}, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_STATUS32(r4, 0x80585414, &(0x7f0000000000)={0x43, 0x7, 0x9, 0xabe, 0x4, 0xc, "0924ca419dc4d8e4e1226f5fb4d8c264fe2de51f1c10b355c2333c335b0c767b2f4fcc6608d94bdba4a45745e84fbc35d2758e98981cb0abe163c77fa96bb62a"}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x8301, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r6 = ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r6, 0x4020ae76, r7) write$auto_proc_gid_map_operations_base(r6, &(0x7f0000000100)="0984792e137239bb210799a92cad043a9e21f275a43d737edc951a5a64e6985b454e4d62abd007ae", 0x28) sysinfo$auto(&(0x7f0000000300)={0x6, [0xfffffffffffffff8, 0x4, 0x7fffffffffffffff], 0x4d3, 0x9f7c, 0xc, 0x7, 0x400, 0x0, 0x5, 0x0, 0x5, 0x53a9e9f8, 0x8}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioperm$auto(0x7, 0x6, 0x2) ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) r8 = gettid() kexec_load$auto(0x5, 0x2, 0x0, 0x4) kill$auto(r8, 0x11) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, r3, [], {0x6, 0x6, 0x1, 0x1ff, 0x100, 0x83, 0x101, 0x6, 0x6}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x876c5, 0x8, 0x100000000}}) keyctl$auto(0x20000000000001c, 0xffffffffffffffff, 0x363, 0xa, 0x8000000000000007) unshare$auto(0x40000080) 4.307354043s ago: executing program 1 (id=546): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) (async) unshare$auto(0x40000080) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptya5\x00', 0x62c00, 0x0) (async) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x48800, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x0) socket(0xa, 0x6, 0x3a) (async) shutdown$auto(0x200000003, 0x2) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) (async) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10000012, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x2}, 0x9, 0x20000000) io_uring_setup$auto(0x1, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0x7fffdfffffffffff, 0xa) io_uring_setup$auto(0x40000002c55, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(0x0, 0x6041, 0x0) (async) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000500)='/dev/tty34\x00', 0x2200, 0x0) (async) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x8000000000000001) (async) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0x7, 0x7, 0x4, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0xc, 0x7, 0x6d3e, 0x7, 0x2, 0x400000008]}, 0x0) (async) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (async) mincore$auto(0x1000, 0x8001, 0x0) (async) connect$auto(r0, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x10) unshare$auto(0x40000080) 4.216639573s ago: executing program 0 (id=547): mmap$auto(0x32a44c4f, 0x400008, 0xbc1, 0x9b72, 0xffffffffffffffff, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x18, 0x0, 0x8) socket(0x2, 0x3, 0xa) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000600)='/sys/devices/virtual/net/nr11/queues/rx-0/rps_flow_cnt\x00', 0x20681, 0x0) setfsuid$auto(0xee00) fchmod$auto(r0, 0x6) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x4000000) bpf$auto(0x0, &(0x7f0000000300)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/conf/tunl0/proxy_arp\x00', 0x40802, 0x0) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x0, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x0) socket(0x848000000015, 0x5, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r4) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r2, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000100)=ANY=[@ANYRES32=r1, @ANYRES16=r5, @ANYRESDEC, @ANYRESHEX, @ANYRES16, @ANYRESOCT=r3, @ANYBLOB="e1", @ANYRESOCT=r0, @ANYRES64], 0x18}, 0x1, 0x0, 0x0, 0x90}, 0x80000) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xfd}}, 0x6b) syz_clone(0x20000011, 0x0, 0xffffffffffffff02, 0x0, 0x0, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0xff, 0x0}}, 0x55) 3.511261375s ago: executing program 0 (id=548): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/fs/cifs/LinuxExtensionsEnabled\x00', 0x48041, 0x0) write$auto(r0, 0x0, 0x6) r1 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(r1, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) shmctl$auto(0xa0000000, 0x6, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) personality$auto(0x40004010410ffc) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) execve$auto(0x0, 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/zram0/mem_limit\x00', 0x183841, 0x0) pwrite64$auto(r2, &(0x7f0000000280)='Mdev/loop-control\x00', 0x80000000, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x0, 0x14, 0x81, 0x1ffe0, 0x3, 0x6, 0x7, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x2, 0x1, 0x3, 0x3c, 0x7, 0x21, 0x309, 0x3, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xffffffff, 0x0, 0x0, [0x750, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x6a2, 0x9, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x1fe, 0x81) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket(0x10, 0x2, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_BLKTRACESETUP32(r4, 0xc0401273, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r5 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0) sendfile$auto(r5, r5, 0x0, 0x10000800000003) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 3.510565292s ago: executing program 3 (id=549): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/device_info\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000080), 0x0) socket(0x2, 0x80002, 0x73) r1 = socket(0x28, 0x5, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x4, 0x0) sendmsg$auto_ETHTOOL_MSG_EEE_SET(r1, &(0x7f0000000a00)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x28040) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) write$auto(0x3, 0x0, 0xfdef) recvmmsg$auto(r1, &(0x7f0000000340)={{0x0, 0x5aa9, &(0x7f00000002c0)={0x0, 0x3b}, 0x7, 0x0, 0xf, 0x2}, 0x9}, 0x6, 0xffff, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.2/usb3/power/autosuspend\x00', 0x10b142, 0x0) r4 = socket(0xa, 0x3, 0x5) sendmmsg$auto(r4, &(0x7f0000000180)={{&(0x7f0000000040), 0xb5, 0x0, 0x0, &(0x7f0000000140), 0x8, 0x80000000}, 0x5}, 0x1, 0x800a) close_range$auto(0x0, 0xfffffffffffff000, 0x0) sendfile$auto(r3, r3, 0x0, 0x5) 3.152025259s ago: executing program 3 (id=550): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x4040, 0x0) preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x2e) write$auto_tty_fops_tty_io(r0, &(0x7f0000000200)="352c8efa610c0bcf83a4ebdb040000000000000021cb244b19a48bb5e0d12df9735b745b9554dfb0ad77a37be296ebe6f598901d632a206d9bb056d8c8d9a5b4cf165c931477ba53f3a80c522fc11555ea", 0x51) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) ioctl$auto(0xffffffffffffffff, 0x8912, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) ustat$auto(0x801, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000) r2 = io_uring_setup$auto(0x1, 0x0) r3 = bpf$auto(0x5, 0x0, 0x102) getpid() r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) getsockopt$auto_SO_PROTOCOL(r3, 0x4, 0x26, &(0x7f0000000180)='nl80211\x00', &(0x7f00000001c0)=0x5) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_SCAN(r5, &(0x7f00000165c0)={0x0, 0x0, &(0x7f0000016580)={&(0x7f0000000140)={0x14, r6, 0xd3ac6c422733a379, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) read$auto(r4, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) ioprio_get$auto_IOPRIO_WHO_PGRP(0x2, 0x0) read$auto_mISDN_fops_timerdev(r2, &(0x7f0000000280)=""/64, 0x40) 2.364910767s ago: executing program 0 (id=551): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.4/usb5/interface_authorized_default\x00', 0x10b002, 0x0) sendfile$auto(r0, r0, 0x0, 0x2) preadv2$auto(0xffffffffffffffff, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4002020009, 0x3, 0xffffffffd656227a, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r1, 0x4008af25, &(0x7f0000000000)=0x7) mmap$auto(0x0, 0x9, 0x8000, 0xe238, 0x602, 0x5) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x62040, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='^\x00', @ANYRES32, @ANYRES32, @ANYRES64, @ANYRES32], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) recvmmsg$auto(r3, &(0x7f0000000180)={{0x0, 0x1, &(0x7f00000000c0)={0x0, 0xfff}, 0x4, 0x0, 0x8, 0x7}, 0x7}, 0x5, 0x66a6, 0x0) mmap$auto(0x1, 0x40009, 0xdf, 0x13, r2, 0x10001) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8df41, 0x0) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r4) r5 = openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, 0x0, 0x109280, 0x0) read$auto(r5, &(0x7f0000000100)='\xcb%)\x00', 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x15, 0x80000, 0x3) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) openat$auto_dev_fops_plock(0xffffffffffffff9c, &(0x7f0000001240), 0x80, 0x0) 1.294142s ago: executing program 0 (id=552): r0 = pidfd_open$auto(0x1, 0x0) mmap$auto(0x0, 0x2, 0x3, 0x20eb3, r0, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x5, 0x3, 0x0, 0x0, 0x1) socket(0x1d, 0x2, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) lsm_set_self_attr$auto(0x9, 0x0, 0x80, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x800, 0x0) socket(0xa, 0x1, 0x100) socket(0x1e, 0x1, 0x0) socket(0x2c, 0x3, 0x9) r2 = socket(0x15, 0x5, 0x0) getsockopt$auto(r2, 0x114, 0x2713, 0xfffffffffffffffc, 0x0) write$auto(0x1, 0x0, 0x80000000) openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/options/blk_cgname\x00', 0x68c002, 0x0) preadv$auto(0x3, &(0x7f00000004c0)={0x0, 0x8000000}, 0x3, 0x10000, 0x10) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim0/del_port\x00', 0xa001, 0x0) write$auto(r3, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85K /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) fcntl$auto(0x0, 0x407, 0x100000) setns(r0, 0x60020000) umount2$auto(&(0x7f0000000000)='.\x00', 0x8) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x29, 0x2, 0x0) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), r4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setgroups$auto(0xc00000000, 0xfffffffffffffffc) 722.799253ms ago: executing program 2 (id=553): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000000028000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r0, 0x0, 0xffffffffffffff7d) socket$nl_generic(0x10, 0x3, 0x10) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80046f49, r1) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x808, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket(0x29, 0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/cec31\x00', 0x42, 0x0) poll$auto(&(0x7f0000000c00)={r3, 0x200, 0x9}, 0x1, 0x8) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r5 = fcntl$getown(r2, 0x9) prctl$auto(0x3e, 0x1, r5, 0x1, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0a, 0x1, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) 144.151162ms ago: executing program 2 (id=554): mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) r0 = socket(0x10, 0x2, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'dummy0\x00'}) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x11, 0x80003, 0x300) io_uring_setup$auto(0xffc, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0xa, 0x3, 0x100) socketpair$auto(0x8, 0x7, 0x1, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) mmap$auto(0x0, 0x580f, 0x1, 0x8000000008013, 0x3, 0x0) ioctl$auto_TCFLSH2(r4, 0x8924, 0x0) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/set_event\x00', 0x20002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYRESDEC=r5], 0x20}}, 0x18800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(r5, 0x8, 0x0) brk$auto(0xffffffffffffff66) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda) r7 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r7, 0x0, 0x800003, 0x270) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYRES64=r2, @ANYRES32=r5, @ANYRES32=r6, @ANYRESHEX], 0x2c}, 0x1, 0x0, 0x0, 0x8010}, 0x2404c000) 0s ago: executing program 0 (id=555): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000000028000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r1, 0x0, 0x20) socket$nl_generic(0x10, 0x3, 0x10) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) kernel console output (not intermixed with test programs): object_init+0x100/0x180 [ 124.233204][ T6108] vim2m_open+0x184/0x8a0 [ 124.233256][ T6108] v4l2_open+0x222/0x490 [ 124.233298][ T6108] ? __pfx_v4l2_open+0x10/0x10 [ 124.233329][ T6108] chrdev_open+0x234/0x6a0 [ 124.233361][ T6108] ? __pfx_apparmor_file_open+0x10/0x10 [ 124.233389][ T6108] ? __pfx_chrdev_open+0x10/0x10 [ 124.233432][ T6108] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 124.233466][ T6108] do_dentry_open+0x982/0x1530 [ 124.233498][ T6108] ? __pfx_chrdev_open+0x10/0x10 [ 124.233537][ T6108] vfs_open+0x82/0x3f0 [ 124.233578][ T6108] path_openat+0x1de4/0x2cb0 [ 124.233617][ T6108] ? __pfx_path_openat+0x10/0x10 [ 124.233654][ T6108] do_filp_open+0x20b/0x470 [ 124.233684][ T6108] ? __pfx_do_filp_open+0x10/0x10 [ 124.233735][ T6108] ? alloc_fd+0x471/0x7d0 [ 124.233769][ T6108] do_sys_openat2+0x11b/0x1d0 [ 124.233807][ T6108] ? __pfx_do_sys_openat2+0x10/0x10 [ 124.233858][ T6108] __x64_sys_openat+0x174/0x210 [ 124.233897][ T6108] ? __pfx___x64_sys_openat+0x10/0x10 [ 124.233949][ T6108] do_syscall_64+0xcd/0x490 [ 124.233986][ T6108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.234010][ T6108] RIP: 0033:0x7fdd68f8ebe9 [ 124.234030][ T6108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.234052][ T6108] RSP: 002b:00007fdd69eb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 124.234075][ T6108] RAX: ffffffffffffffda RBX: 00007fdd691b5fa0 RCX: 00007fdd68f8ebe9 [ 124.234091][ T6108] RDX: 000000000010b000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 124.234107][ T6108] RBP: 00007fdd69011e19 R08: 0000000000000000 R09: 0000000000000000 [ 124.234121][ T6108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 124.234135][ T6108] R13: 00007fdd691b6038 R14: 00007fdd691b5fa0 R15: 00007ffe94158858 [ 124.234165][ T6108] [ 124.748546][ T6110] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 125.052652][ T5873] Bluetooth: hci3: command 0x0c1a tx timeout [ 125.562379][ T5873] Bluetooth: hci0: command 0x0c1a tx timeout [ 125.852299][ T5873] Bluetooth: hci1: command 0x0c1a tx timeout [ 125.975200][ T6104] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 126.172366][ T5873] Bluetooth: hci2: command 0x0c1a tx timeout [ 127.143202][ T5873] Bluetooth: hci3: command 0x0c1a tx timeout [ 127.890428][ T6141] random: crng reseeded on system resumption [ 129.473670][ T6155] random: crng reseeded on system resumption [ 129.542769][ T6167] Console: switching to colour VGA+ 80x25 [ 129.735524][ T6168] Console: switching to colour frame buffer device 128x48 [ 130.022831][ T6172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.44'. [ 130.111013][ T6172] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.153472][ T6176] random: crng reseeded on system resumption [ 130.211319][ T6172] bridge_slave_1 (unregistering): left allmulticast mode [ 130.241324][ T6172] bridge_slave_1 (unregistering): left promiscuous mode [ 130.275940][ T6172] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.733283][ T6172] Zero length message leads to an empty skb [ 132.587354][ T6198] random: crng reseeded on system resumption [ 132.614710][ T6198] FAULT_INJECTION: forcing a failure. [ 132.614710][ T6198] name failslab, interval 1, probability 0, space 0, times 0 [ 132.662018][ T6198] CPU: 1 UID: 0 PID: 6198 Comm: syz.1.50 Not tainted syzkaller #0 PREEMPT(full) [ 132.662061][ T6198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 132.662088][ T6198] Call Trace: [ 132.662099][ T6198] [ 132.662111][ T6198] dump_stack_lvl+0x16c/0x1f0 [ 132.662160][ T6198] should_fail_ex+0x512/0x640 [ 132.662206][ T6198] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 132.662246][ T6198] should_failslab+0xc2/0x120 [ 132.662291][ T6198] __kmalloc_cache_noprof+0x6a/0x3e0 [ 132.662328][ T6198] ? memory_bm_create+0x154/0x810 [ 132.662367][ T6198] memory_bm_create+0x154/0x810 [ 132.662419][ T6198] create_basic_memory_bitmaps+0xbd/0x320 [ 132.662464][ T6198] snapshot_open+0x235/0x2b0 [ 132.662502][ T6198] ? __pfx_snapshot_open+0x10/0x10 [ 132.662543][ T6198] misc_open+0x35a/0x420 [ 132.662578][ T6198] ? __pfx_misc_open+0x10/0x10 [ 132.662613][ T6198] chrdev_open+0x234/0x6a0 [ 132.662651][ T6198] ? __pfx_apparmor_file_open+0x10/0x10 [ 132.662689][ T6198] ? __pfx_chrdev_open+0x10/0x10 [ 132.662736][ T6198] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 132.662783][ T6198] do_dentry_open+0x982/0x1530 [ 132.662826][ T6198] ? __pfx_chrdev_open+0x10/0x10 [ 132.662886][ T6198] vfs_open+0x82/0x3f0 [ 132.662942][ T6198] path_openat+0x1de4/0x2cb0 [ 132.662996][ T6198] ? __pfx_path_openat+0x10/0x10 [ 132.663048][ T6198] do_filp_open+0x20b/0x470 [ 132.663088][ T6198] ? __pfx_do_filp_open+0x10/0x10 [ 132.663155][ T6198] ? alloc_fd+0x471/0x7d0 [ 132.663202][ T6198] do_sys_openat2+0x11b/0x1d0 [ 132.663250][ T6198] ? __pfx_do_sys_openat2+0x10/0x10 [ 132.663338][ T6198] __x64_sys_openat+0x174/0x210 [ 132.663391][ T6198] ? __pfx___x64_sys_openat+0x10/0x10 [ 132.663462][ T6198] do_syscall_64+0xcd/0x490 [ 132.663512][ T6198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.663546][ T6198] RIP: 0033:0x7f7032b8ebe9 [ 132.663573][ T6198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.663605][ T6198] RSP: 002b:00007f7033976038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 132.663636][ T6198] RAX: ffffffffffffffda RBX: 00007f7032db5fa0 RCX: 00007f7032b8ebe9 [ 132.663657][ T6198] RDX: 0000000000000101 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 132.663679][ T6198] RBP: 00007f7032c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 132.663698][ T6198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.663718][ T6198] R13: 00007f7032db6038 R14: 00007f7032db5fa0 R15: 00007ffdfa9923b8 [ 132.663760][ T6198] [ 132.912507][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.733207][ T6209] Bluetooth: hci0: no memory for command (opcode 0x0c1a) [ 134.780302][ T6209] Bluetooth: hci0: Opcode 0x0c1a failed: -12 [ 134.903256][ T6209] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 134.922993][ T6209] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 134.925949][ T6186] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 134.951654][ T6209] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 135.320255][ T6214] netlink: 28 bytes leftover after parsing attributes in process `syz.3.52'. [ 135.543052][ T6214] veth0_macvtap: left promiscuous mode [ 136.076800][ T6223] FAULT_INJECTION: forcing a failure. [ 136.076800][ T6223] name failslab, interval 1, probability 0, space 0, times 0 [ 136.122308][ T6223] CPU: 0 UID: 0 PID: 6223 Comm: syz.1.57 Not tainted syzkaller #0 PREEMPT(full) [ 136.122351][ T6223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 136.122370][ T6223] Call Trace: [ 136.122380][ T6223] [ 136.122392][ T6223] dump_stack_lvl+0x16c/0x1f0 [ 136.122441][ T6223] should_fail_ex+0x512/0x640 [ 136.122488][ T6223] ? __kvmalloc_node_noprof+0x124/0x620 [ 136.122528][ T6223] should_failslab+0xc2/0x120 [ 136.122582][ T6223] __kvmalloc_node_noprof+0x137/0x620 [ 136.122623][ T6223] ? v4l2_ctrl_new+0x97d/0x2180 [ 136.122669][ T6223] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 136.122729][ T6223] ? v4l2_ctrl_new+0x97d/0x2180 [ 136.122773][ T6223] v4l2_ctrl_new+0x97d/0x2180 [ 136.122836][ T6223] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 136.122880][ T6223] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 136.122939][ T6223] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 136.122994][ T6223] v4l2_ctrl_new_std+0x1be/0x290 [ 136.123057][ T6223] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 136.123104][ T6223] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 136.123158][ T6223] ? rcu_is_watching+0x12/0xc0 [ 136.123191][ T6223] ? trace_kmalloc+0x2b/0xd0 [ 136.123235][ T6223] ? __kvmalloc_node_noprof+0x298/0x620 [ 136.123281][ T6223] ? media_request_object_init+0x100/0x180 [ 136.123344][ T6223] vim2m_open+0x184/0x8a0 [ 136.123399][ T6223] v4l2_open+0x222/0x490 [ 136.123441][ T6223] ? __pfx_v4l2_open+0x10/0x10 [ 136.123482][ T6223] chrdev_open+0x234/0x6a0 [ 136.123523][ T6223] ? __pfx_apparmor_file_open+0x10/0x10 [ 136.123569][ T6223] ? __pfx_chrdev_open+0x10/0x10 [ 136.123615][ T6223] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 136.123663][ T6223] do_dentry_open+0x982/0x1530 [ 136.123708][ T6223] ? __pfx_chrdev_open+0x10/0x10 [ 136.123759][ T6223] vfs_open+0x82/0x3f0 [ 136.123815][ T6223] path_openat+0x1de4/0x2cb0 [ 136.123870][ T6223] ? __pfx_path_openat+0x10/0x10 [ 136.123921][ T6223] do_filp_open+0x20b/0x470 [ 136.123961][ T6223] ? __pfx_do_filp_open+0x10/0x10 [ 136.124034][ T6223] ? alloc_fd+0x471/0x7d0 [ 136.124082][ T6223] do_sys_openat2+0x11b/0x1d0 [ 136.124136][ T6223] ? __pfx_do_sys_openat2+0x10/0x10 [ 136.124205][ T6223] __x64_sys_openat+0x174/0x210 [ 136.124258][ T6223] ? __pfx___x64_sys_openat+0x10/0x10 [ 136.124327][ T6223] do_syscall_64+0xcd/0x490 [ 136.124377][ T6223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.124409][ T6223] RIP: 0033:0x7f7032b8ebe9 [ 136.124436][ T6223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.124468][ T6223] RSP: 002b:00007f7033976038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 136.124499][ T6223] RAX: ffffffffffffffda RBX: 00007f7032db5fa0 RCX: 00007f7032b8ebe9 [ 136.124520][ T6223] RDX: 000000000010b000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 136.124541][ T6223] RBP: 00007f7032c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 136.124570][ T6223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.124589][ T6223] R13: 00007f7032db6038 R14: 00007f7032db5fa0 R15: 00007ffdfa9923b8 [ 136.124634][ T6223] [ 136.153283][ T6225] netlink: 28 bytes leftover after parsing attributes in process `syz.3.56'. [ 136.512641][ T6225] bridge_slave_0: left allmulticast mode [ 136.518363][ T6225] bridge_slave_0: left promiscuous mode [ 136.526716][ T6225] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.907968][ T5873] Bluetooth: hci1: command 0x0c1a tx timeout [ 136.972251][ T5873] Bluetooth: hci3: command 0x0c1a tx timeout [ 136.979993][ T5873] Bluetooth: hci2: command 0x0c1a tx timeout [ 137.910439][ T6240] FAULT_INJECTION: forcing a failure. [ 137.910439][ T6240] name failslab, interval 1, probability 0, space 0, times 0 [ 138.015769][ T6240] CPU: 1 UID: 0 PID: 6240 Comm: syz.3.59 Not tainted syzkaller #0 PREEMPT(full) [ 138.015811][ T6240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 138.015829][ T6240] Call Trace: [ 138.015839][ T6240] [ 138.015850][ T6240] dump_stack_lvl+0x16c/0x1f0 [ 138.015898][ T6240] should_fail_ex+0x512/0x640 [ 138.015941][ T6240] ? __kvmalloc_node_noprof+0x124/0x620 [ 138.015985][ T6240] should_failslab+0xc2/0x120 [ 138.016029][ T6240] __kvmalloc_node_noprof+0x137/0x620 [ 138.016068][ T6240] ? v4l2_ctrl_new+0x97d/0x2180 [ 138.016111][ T6240] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 138.016167][ T6240] ? v4l2_ctrl_new+0x97d/0x2180 [ 138.016211][ T6240] v4l2_ctrl_new+0x97d/0x2180 [ 138.016274][ T6240] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 138.016328][ T6240] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 138.016390][ T6240] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 138.016445][ T6240] v4l2_ctrl_new_std+0x1be/0x290 [ 138.016505][ T6240] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 138.016550][ T6240] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 138.016602][ T6240] ? rcu_is_watching+0x12/0xc0 [ 138.016637][ T6240] ? trace_kmalloc+0x2b/0xd0 [ 138.016680][ T6240] ? __kvmalloc_node_noprof+0x298/0x620 [ 138.016727][ T6240] ? media_request_object_init+0x100/0x180 [ 138.016785][ T6240] vim2m_open+0x184/0x8a0 [ 138.016838][ T6240] v4l2_open+0x222/0x490 [ 138.016878][ T6240] ? __pfx_v4l2_open+0x10/0x10 [ 138.016916][ T6240] chrdev_open+0x234/0x6a0 [ 138.016955][ T6240] ? __pfx_apparmor_file_open+0x10/0x10 [ 138.016991][ T6240] ? __pfx_chrdev_open+0x10/0x10 [ 138.017037][ T6240] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 138.017081][ T6240] do_dentry_open+0x982/0x1530 [ 138.017122][ T6240] ? __pfx_chrdev_open+0x10/0x10 [ 138.017174][ T6240] vfs_open+0x82/0x3f0 [ 138.017230][ T6240] path_openat+0x1de4/0x2cb0 [ 138.017284][ T6240] ? __pfx_path_openat+0x10/0x10 [ 138.017342][ T6240] do_filp_open+0x20b/0x470 [ 138.017383][ T6240] ? __pfx_do_filp_open+0x10/0x10 [ 138.017453][ T6240] ? alloc_fd+0x471/0x7d0 [ 138.017501][ T6240] do_sys_openat2+0x11b/0x1d0 [ 138.017552][ T6240] ? __pfx_do_sys_openat2+0x10/0x10 [ 138.017621][ T6240] __x64_sys_openat+0x174/0x210 [ 138.017673][ T6240] ? __pfx___x64_sys_openat+0x10/0x10 [ 138.017741][ T6240] do_syscall_64+0xcd/0x490 [ 138.017791][ T6240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.017825][ T6240] RIP: 0033:0x7fdd68f8ebe9 [ 138.017850][ T6240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.017881][ T6240] RSP: 002b:00007fdd69eb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 138.017913][ T6240] RAX: ffffffffffffffda RBX: 00007fdd691b5fa0 RCX: 00007fdd68f8ebe9 [ 138.017934][ T6240] RDX: 000000000010b000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 138.017954][ T6240] RBP: 00007fdd69011e19 R08: 0000000000000000 R09: 0000000000000000 [ 138.017973][ T6240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.017991][ T6240] R13: 00007fdd691b6038 R14: 00007fdd691b5fa0 R15: 00007ffe94158858 [ 138.018033][ T6240] [ 138.801762][ T6246] random: crng reseeded on system resumption [ 139.091276][ T6252] process 'syz.1.62' launched ':,' with NULL argv: empty string added [ 139.183190][ T6252] nbd: failed to add new device [ 139.851610][ T6260] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 142.277149][ T6281] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 143.304208][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.310698][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 143.469309][ T6280] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 143.923756][ T6301] netlink: 330 bytes leftover after parsing attributes in process `syz.0.71'. syzkaller syzkaller login: [ 144.616793][ T6305] netlink: zone id is out of range [ 144.628583][ T6305] netlink: zone id is out of range [ 144.966329][ T6305] netlink: set zone limit has 8 unknown bytes [ 145.228681][ T6313] FAULT_INJECTION: forcing a failure. [ 145.228681][ T6313] name failslab, interval 1, probability 0, space 0, times 0 [ 145.273011][ T6313] CPU: 0 UID: 0 PID: 6313 Comm: syz.3.74 Not tainted syzkaller #0 PREEMPT(full) [ 145.273055][ T6313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 145.273074][ T6313] Call Trace: [ 145.273087][ T6313] [ 145.273099][ T6313] dump_stack_lvl+0x16c/0x1f0 [ 145.273148][ T6313] should_fail_ex+0x512/0x640 [ 145.273193][ T6313] ? __kmalloc_noprof+0xbf/0x510 [ 145.273235][ T6313] ? handler_new_ref+0x1b0/0xc60 [ 145.273281][ T6313] should_failslab+0xc2/0x120 [ 145.273324][ T6313] __kmalloc_noprof+0xd2/0x510 [ 145.273360][ T6313] ? __asan_memcpy+0x3c/0x60 [ 145.273402][ T6313] handler_new_ref+0x1b0/0xc60 [ 145.273475][ T6313] v4l2_ctrl_new+0x1963/0x2180 [ 145.273538][ T6313] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 145.273598][ T6313] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 145.273652][ T6313] v4l2_ctrl_new_std+0x1be/0x290 [ 145.273713][ T6313] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 145.273767][ T6313] ? rcu_is_watching+0x12/0xc0 [ 145.273801][ T6313] ? trace_kmalloc+0x2b/0xd0 [ 145.273846][ T6313] ? __kvmalloc_node_noprof+0x298/0x620 [ 145.273884][ T6313] ? v4l2_ctrl_handler_init_class+0x1fc/0x340 [ 145.273937][ T6313] ? media_request_object_init+0x100/0x180 [ 145.273998][ T6313] vim2m_open+0x160/0x8a0 [ 145.274051][ T6313] v4l2_open+0x222/0x490 [ 145.274091][ T6313] ? __pfx_v4l2_open+0x10/0x10 [ 145.274132][ T6313] chrdev_open+0x234/0x6a0 [ 145.274174][ T6313] ? __pfx_apparmor_file_open+0x10/0x10 [ 145.274211][ T6313] ? __pfx_chrdev_open+0x10/0x10 [ 145.274258][ T6313] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 145.274304][ T6313] do_dentry_open+0x982/0x1530 [ 145.274345][ T6313] ? __pfx_chrdev_open+0x10/0x10 [ 145.274397][ T6313] vfs_open+0x82/0x3f0 [ 145.274459][ T6313] path_openat+0x1de4/0x2cb0 [ 145.274509][ T6313] ? __pfx_path_openat+0x10/0x10 [ 145.274558][ T6313] do_filp_open+0x20b/0x470 [ 145.274598][ T6313] ? __pfx_do_filp_open+0x10/0x10 [ 145.274670][ T6313] ? alloc_fd+0x471/0x7d0 [ 145.274719][ T6313] do_sys_openat2+0x11b/0x1d0 [ 145.274771][ T6313] ? __pfx_do_sys_openat2+0x10/0x10 [ 145.274840][ T6313] __x64_sys_openat+0x174/0x210 [ 145.274895][ T6313] ? __pfx___x64_sys_openat+0x10/0x10 [ 145.274967][ T6313] do_syscall_64+0xcd/0x490 [ 145.275016][ T6313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.275049][ T6313] RIP: 0033:0x7fdd68f8ebe9 [ 145.275075][ T6313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.275106][ T6313] RSP: 002b:00007fdd69eb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 145.275136][ T6313] RAX: ffffffffffffffda RBX: 00007fdd691b5fa0 RCX: 00007fdd68f8ebe9 [ 145.275157][ T6313] RDX: 000000000010b000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 145.275178][ T6313] RBP: 00007fdd69011e19 R08: 0000000000000000 R09: 0000000000000000 [ 145.275198][ T6313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 145.275217][ T6313] R13: 00007fdd691b6038 R14: 00007fdd691b5fa0 R15: 00007ffe94158858 [ 145.275260][ T6313] [ 146.054552][ T6329] netlink: 342 bytes leftover after parsing attributes in process `syz.2.76'. [ 147.885624][ T6358] FAULT_INJECTION: forcing a failure. [ 147.885624][ T6358] name failslab, interval 1, probability 0, space 0, times 0 [ 148.002267][ T6358] CPU: 0 UID: 0 PID: 6358 Comm: syz.0.78 Not tainted syzkaller #0 PREEMPT(full) [ 148.002309][ T6358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 148.002323][ T6358] Call Trace: [ 148.002331][ T6358] [ 148.002340][ T6358] dump_stack_lvl+0x16c/0x1f0 [ 148.002388][ T6358] should_fail_ex+0x512/0x640 [ 148.002423][ T6358] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 148.002457][ T6358] should_failslab+0xc2/0x120 [ 148.002490][ T6358] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 148.002521][ T6358] ? __d_alloc+0x32/0xae0 [ 148.002556][ T6358] __d_alloc+0x32/0xae0 [ 148.002590][ T6358] d_alloc_parallel+0x111/0x1480 [ 148.002629][ T6358] ? ref_tracker_dir_debugfs+0x20e/0x290 [ 148.002666][ T6358] ? preinit_net+0x47f/0x8f0 [ 148.002704][ T6358] ? kasan_save_stack+0x42/0x60 [ 148.002730][ T6358] ? kasan_save_stack+0x33/0x60 [ 148.002757][ T6358] ? kasan_save_track+0x14/0x30 [ 148.002784][ T6358] ? __kasan_kmalloc+0xaa/0xb0 [ 148.002809][ T6358] ? __kmalloc_node_track_caller_noprof+0x221/0x510 [ 148.002841][ T6358] ? kstrdup+0x53/0x100 [ 148.002869][ T6358] ? __pfx_d_alloc_parallel+0x10/0x10 [ 148.002911][ T6358] ? lockdep_init_map_type+0x5c/0x280 [ 148.002948][ T6358] ? lockdep_init_map_type+0x5c/0x280 [ 148.002987][ T6358] __lookup_slow+0x193/0x460 [ 148.003027][ T6358] ? __pfx___lookup_slow+0x10/0x10 [ 148.003070][ T6358] ? perf_trace_mm_compaction_defer_template+0x10/0x7b0 [ 148.003116][ T6358] ? perf_trace_mm_compaction_defer_template+0x10/0x7b0 [ 148.003153][ T6358] ? d_lookup+0xe7/0x190 [ 148.003196][ T6358] lookup_noperm+0xe1/0x110 [ 148.003235][ T6358] simple_start_creating+0xd1/0x1b0 [ 148.003264][ T6358] start_creating.part.0+0x82/0x190 [ 148.003293][ T6358] debugfs_create_symlink+0x81/0x320 [ 148.003324][ T6358] ref_tracker_dir_symlink+0x255/0x360 [ 148.003370][ T6358] ? __pfx_ref_tracker_dir_symlink+0x10/0x10 [ 148.003454][ T6358] net_ns_net_init+0x19a/0x220 [ 148.003489][ T6358] ? __pfx_net_ns_net_init+0x10/0x10 [ 148.003521][ T6358] ops_init+0x1e2/0x5f0 [ 148.003558][ T6358] setup_net+0x10f/0x380 [ 148.003591][ T6358] ? lockdep_init_map_type+0x5c/0x280 [ 148.003626][ T6358] ? __pfx_setup_net+0x10/0x10 [ 148.003663][ T6358] ? debug_mutex_init+0x37/0x70 [ 148.003690][ T6358] copy_net_ns+0x2a6/0x5f0 [ 148.003731][ T6358] create_new_namespaces+0x3ea/0xa90 [ 148.003766][ T6358] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 148.003797][ T6358] ksys_unshare+0x45b/0xa40 [ 148.003832][ T6358] ? __pfx_ksys_unshare+0x10/0x10 [ 148.003867][ T6358] ? xfd_validate_state+0x61/0x180 [ 148.003912][ T6358] __x64_sys_unshare+0x31/0x40 [ 148.003946][ T6358] do_syscall_64+0xcd/0x490 [ 148.003982][ T6358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.004007][ T6358] RIP: 0033:0x7f40b218ebe9 [ 148.004026][ T6358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.004049][ T6358] RSP: 002b:00007f40b03d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 148.004071][ T6358] RAX: ffffffffffffffda RBX: 00007f40b23b6180 RCX: 00007f40b218ebe9 [ 148.004087][ T6358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 148.004117][ T6358] RBP: 00007f40b2211e19 R08: 0000000000000000 R09: 0000000000000000 [ 148.004131][ T6358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.004145][ T6358] R13: 00007f40b23b6218 R14: 00007f40b23b6180 R15: 00007ffebcdf7058 [ 148.004176][ T6358] [ 149.859859][ T6392] netlink: 28 bytes leftover after parsing attributes in process `syz.2.80'. [ 149.911657][ T6391] netlink: 28 bytes leftover after parsing attributes in process `syz.2.80'. [ 149.959825][ T6392] geneve1: entered promiscuous mode [ 150.053596][ T6392] geneve1: entered allmulticast mode [ 150.910834][ T6399] vivid-003: ================= START STATUS ================= [ 150.922407][ T6399] vivid-003: Radio HW Seek Mode: Bounded [ 150.942205][ T6399] vivid-003: Radio Programmable HW Seek: false [ 150.949555][ T6399] vivid-003: RDS Rx I/O Mode: Block I/O [ 150.963898][ T6399] vivid-003: Generate RBDS Instead of RDS: false [ 150.982541][ T6399] vivid-003: RDS Reception: true [ 151.008989][ T6399] vivid-003: RDS Program Type: 0 inactive [ 151.022160][ T6399] vivid-003: RDS PS Name: inactive [ 151.029554][ T6399] vivid-003: RDS Radio Text: inactive [ 151.037636][ T6399] vivid-003: RDS Traffic Announcement: false inactive [ 151.068742][ T6399] vivid-003: RDS Traffic Program: false inactive [ 151.102468][ T6399] vivid-003: RDS Music: false inactive [ 151.165343][ T6399] vivid-003: ================== END STATUS ================== [ 153.228956][ T6424] random: crng reseeded on system resumption [ 153.732481][ T6417] ptrace attach of "./syz-executor exec"[5867] was attempted by "./syz-executor exec"[6417] [ 155.582011][ T6445] netlink: 44 bytes leftover after parsing attributes in process `syz.3.90'. [ 155.817738][ T6448] netlink: 342 bytes leftover after parsing attributes in process `syz.0.91'. [ 156.201643][ T6456] zswap: compressor not available [ 156.210123][ T6459] Setting dangerous option i915.mitigations - tainting kernel [ 158.425976][ T6483] netlink: 4 bytes leftover after parsing attributes in process `syz.0.98'. [ 159.109821][ T5873] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260 [ 159.109861][ T5873] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260 [ 159.129245][ T5873] Bluetooth: hci2: Dropping invalid advertising data [ 159.136589][ T5873] Bluetooth: hci2: Dropping invalid advertising data [ 159.143598][ T5873] Bluetooth: hci2: Dropping invalid advertising data [ 159.150440][ T5873] Bluetooth: hci2: Malformed LE Event: 0x02 [ 159.514171][ T6514] mmap: syz.0.104 (6514) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 160.118235][ T6507] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 160.125056][ T6507] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 160.131828][ T6507] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 160.158136][ T6507] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 161.546254][ T5873] Bluetooth: hci0: command 0x0c1a tx timeout [ 162.172312][ T5873] Bluetooth: hci3: command 0x0c1a tx timeout [ 162.176404][ T5868] Bluetooth: hci2: command 0x0c1a tx timeout [ 162.178414][ T5873] Bluetooth: hci1: command 0x0c1a tx timeout [ 164.676838][ T6555] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 165.361563][ T6567] random: crng reseeded on system resumption [ 165.550966][ T6570] : Can't lookup blockdev [ 168.318312][ T6583] openvswitch: netlink: Key 6 has unexpected len 0 expected 2 [ 171.274768][ T6626] FAULT_INJECTION: forcing a failure. [ 171.274768][ T6626] name failslab, interval 1, probability 0, space 0, times 0 [ 171.301540][ T6626] CPU: 1 UID: 0 PID: 6626 Comm: syz.0.129 Tainted: G U syzkaller #0 PREEMPT(full) [ 171.301580][ T6626] Tainted: [U]=USER [ 171.301587][ T6626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 171.301602][ T6626] Call Trace: [ 171.301609][ T6626] [ 171.301618][ T6626] dump_stack_lvl+0x16c/0x1f0 [ 171.301656][ T6626] should_fail_ex+0x512/0x640 [ 171.301691][ T6626] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 171.301729][ T6626] should_failslab+0xc2/0x120 [ 171.301762][ T6626] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 171.301793][ T6626] ? kasan_save_stack+0x33/0x60 [ 171.301820][ T6626] ? kasan_save_track+0x14/0x30 [ 171.301847][ T6626] ? __kasan_kmalloc+0xaa/0xb0 [ 171.301979][ T6626] ? kstrdup_const+0x63/0x80 [ 171.302009][ T6626] ? vfs_mkdir+0x593/0x8c0 [ 171.302035][ T6626] kstrdup+0x53/0x100 [ 171.302073][ T6626] kstrdup_const+0x63/0x80 [ 171.302112][ T6626] __kernfs_new_node+0x9b/0x8e0 [ 171.302156][ T6626] ? __pfx___kernfs_new_node+0x10/0x10 [ 171.302208][ T6626] ? find_held_lock+0x2b/0x80 [ 171.302241][ T6626] ? kernfs_root+0xee/0x2a0 [ 171.302290][ T6626] kernfs_new_node+0x13c/0x1e0 [ 171.302338][ T6626] ? kasan_save_track+0x14/0x30 [ 171.302380][ T6626] kernfs_create_dir_ns+0x4c/0x1a0 [ 171.302435][ T6626] cgroup_mkdir+0x40f/0x11f0 [ 171.302497][ T6626] ? __pfx_cgroup_mkdir+0x10/0x10 [ 171.302549][ T6626] kernfs_iop_mkdir+0x10e/0x190 [ 171.302595][ T6626] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 171.302640][ T6626] vfs_mkdir+0x593/0x8c0 [ 171.302678][ T6626] do_mkdirat+0x304/0x3e0 [ 171.302721][ T6626] ? __pfx_do_mkdirat+0x10/0x10 [ 171.302765][ T6626] ? getname_flags.part.0+0x1c5/0x550 [ 171.302823][ T6626] __x64_sys_mkdir+0xef/0x140 [ 171.302866][ T6626] do_syscall_64+0xcd/0x490 [ 171.302925][ T6626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.302960][ T6626] RIP: 0033:0x7f40b218ebe9 [ 171.302986][ T6626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.303018][ T6626] RSP: 002b:00007f40b2f24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 171.303048][ T6626] RAX: ffffffffffffffda RBX: 00007f40b23b5fa0 RCX: 00007f40b218ebe9 [ 171.303069][ T6626] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000200000000080 [ 171.303088][ T6626] RBP: 00007f40b2211e19 R08: 0000000000000000 R09: 0000000000000000 [ 171.303107][ T6626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 171.303125][ T6626] R13: 00007f40b23b6038 R14: 00007f40b23b5fa0 R15: 00007ffebcdf7058 [ 171.303169][ T6626] [ 171.782563][ T6622] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.714034][ T6638] syz.2.131 (6638) used greatest stack depth: 19384 bytes left [ 174.066272][ T1330] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.461049][ T1330] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.064961][ T1330] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.257448][ T1330] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.444372][ T5868] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 175.454951][ T5868] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 175.473647][ T5868] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 175.488225][ T5868] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 175.497353][ T5868] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 175.693615][ T1330] bridge_slave_1: left allmulticast mode [ 175.718249][ T1330] bridge_slave_1: left promiscuous mode [ 175.731499][ T1330] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.754257][ T1330] bridge_slave_0: left allmulticast mode [ 175.771488][ T1330] bridge_slave_0: left promiscuous mode [ 175.791202][ T1330] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.439793][ T1330] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 176.469647][ T1330] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 176.481264][ T1330] bond0 (unregistering): Released all slaves [ 177.532495][ T5873] Bluetooth: hci3: command tx timeout [ 177.739757][ T1330] hsr_slave_0: left promiscuous mode [ 177.753002][ T1330] hsr_slave_1: left promiscuous mode [ 177.763287][ T1330] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 177.777001][ T1330] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.791816][ T1330] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.806640][ T1330] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.881993][ T1330] veth1_macvtap: left promiscuous mode [ 177.888425][ T1330] veth0_macvtap: left promiscuous mode [ 177.894523][ T1330] veth1_vlan: left promiscuous mode [ 177.902355][ T1330] veth0_vlan: left promiscuous mode [ 178.149748][ T6709] random: crng reseeded on system resumption [ 178.718935][ T1330] team0 (unregistering): Port device team_slave_1 removed [ 178.772475][ T1330] team0 (unregistering): Port device team_slave_0 removed [ 179.546509][ T6659] chnl_net:caif_netlink_parms(): no params data found [ 179.615805][ T5873] Bluetooth: hci3: command tx timeout [ 180.341140][ T6659] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.372955][ T6659] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.387206][ T6659] bridge_slave_0: entered allmulticast mode [ 180.440673][ T6659] bridge_slave_0: entered promiscuous mode [ 180.453973][ T6659] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.515737][ T6659] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.559919][ T6659] bridge_slave_1: entered allmulticast mode [ 180.586635][ T6659] bridge_slave_1: entered promiscuous mode [ 181.144434][ T6659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 181.194893][ T6659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 181.687514][ T6659] team0: Port device team_slave_0 added [ 181.694195][ T5873] Bluetooth: hci3: command tx timeout [ 181.699146][ T6659] team0: Port device team_slave_1 added [ 181.914755][ T6659] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 181.921768][ T6659] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.062242][ T6659] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 182.079218][ T6659] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 182.086701][ T6659] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.152339][ T6659] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 182.303407][ T6761] scsi_dev_info_list_add_str: bad dev info string ')zD 5fk+*X#R84*VsndvqQW}~YrȀ-8VGDƘLB%v†v}Ypq|?O[,! 7xWDr%[}E$3?G9Ff=lrGH;2L<=|8 -c Fո"[v9q4Mmvqk[(iNDСMX PSqqX4X`V!;r֍)y]WzfIH0,v{q8שUܹ䑉m؛HTwCz-nR%2]x05oՕ|3>lS*L/Cdgӑ[C=Cwem)l#' ''S.sHgi-TY%ܹF*8nFTH?i{' '' [ 182.538210][ T6659] hsr_slave_0: entered promiscuous mode [ 182.603500][ T6659] hsr_slave_1: entered promiscuous mode [ 182.612435][ T6659] debugfs: 'hsr0' already exists in 'hsr' [ 182.618260][ T6659] Cannot create hsr debugfs directory [ 183.775677][ T5873] Bluetooth: hci3: command tx timeout [ 184.870019][ T6659] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 185.106121][ T6659] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 185.169445][ T6659] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 185.241622][ T6659] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 186.583056][ T6659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.893524][ T6659] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.953254][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.960542][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.024723][ T3017] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.032024][ T3017] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.138622][ T6881] syz.2.165 uses obsolete (PF_INET,SOCK_PACKET) [ 188.613025][ T6659] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.251380][ T6659] veth0_vlan: entered promiscuous mode [ 189.537124][ T6659] veth1_vlan: entered promiscuous mode [ 189.630177][ T6659] veth0_macvtap: entered promiscuous mode [ 189.658176][ T6659] veth1_macvtap: entered promiscuous mode [ 189.761580][ T6659] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 189.931026][ T6659] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.040377][ T1321] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.051007][ T1321] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.070088][ T1321] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.099388][ T1321] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.838257][ T1323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.874948][ T1323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.205747][ T6919] netlink: 342 bytes leftover after parsing attributes in process `syz.0.169'. [ 191.327035][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.341962][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.568961][ T6953] random: crng reseeded on system resumption [ 196.517886][ T6958] kexec: Could not allocate control_code_buffer [ 196.714547][ T6993] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 197.390493][ T7026] random: crng reseeded on system resumption [ 198.962176][ T5873] Bluetooth: hci3: unexpected event 0x01 length: 5 > 1 [ 198.962289][ T5873] Bluetooth: hci3: unexpected event 0x01 length: 5 > 1 [ 199.556773][ T7078] netlink: 4 bytes leftover after parsing attributes in process `syz.1.193'. [ 199.639828][ T7078] netlink: 28 bytes leftover after parsing attributes in process `syz.1.193'. [ 199.721152][ T7078] Invalid ELF header magic: != ELF [ 199.964315][ T7082] netlink: 28 bytes leftover after parsing attributes in process `syz.1.193'. [ 201.025047][ T7097] FAULT_INJECTION: forcing a failure. [ 201.025047][ T7097] name failslab, interval 1, probability 0, space 0, times 0 [ 201.109893][ T7097] CPU: 0 UID: 0 PID: 7097 Comm: syz.1.198 Tainted: G U syzkaller #0 PREEMPT(full) [ 201.109941][ T7097] Tainted: [U]=USER [ 201.109951][ T7097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 201.109967][ T7097] Call Trace: [ 201.109977][ T7097] [ 201.109989][ T7097] dump_stack_lvl+0x16c/0x1f0 [ 201.110037][ T7097] should_fail_ex+0x512/0x640 [ 201.110080][ T7097] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 201.110133][ T7097] should_failslab+0xc2/0x120 [ 201.110177][ T7097] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 201.110218][ T7097] ? __alloc_skb+0x2b2/0x380 [ 201.110264][ T7097] __alloc_skb+0x2b2/0x380 [ 201.110302][ T7097] ? __pfx___alloc_skb+0x10/0x10 [ 201.110342][ T7097] ? genl_rcv_msg+0x4bb/0x800 [ 201.110416][ T7097] netlink_ack+0x15d/0xb80 [ 201.110475][ T7097] netlink_rcv_skb+0x332/0x420 [ 201.110522][ T7097] ? __pfx_genl_rcv_msg+0x10/0x10 [ 201.110576][ T7097] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 201.110640][ T7097] ? netlink_deliver_tap+0x1ae/0xd30 [ 201.110690][ T7097] genl_rcv+0x28/0x40 [ 201.110735][ T7097] netlink_unicast+0x5aa/0x870 [ 201.110786][ T7097] ? __pfx_netlink_unicast+0x10/0x10 [ 201.110832][ T7097] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 201.110873][ T7097] ? __lock_acquire+0xb97/0x1ce0 [ 201.110932][ T7097] netlink_sendmsg+0x8d1/0xdd0 [ 201.110985][ T7097] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.111039][ T7097] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 201.111080][ T7097] ____sys_sendmsg+0xa95/0xc70 [ 201.111120][ T7097] ? copy_msghdr_from_user+0x10a/0x160 [ 201.111162][ T7097] ? __pfx_____sys_sendmsg+0x10/0x10 [ 201.111211][ T7097] ___sys_sendmsg+0x134/0x1d0 [ 201.111258][ T7097] ? __pfx____sys_sendmsg+0x10/0x10 [ 201.111354][ T7097] __sys_sendmsg+0x16d/0x220 [ 201.111400][ T7097] ? __pfx___sys_sendmsg+0x10/0x10 [ 201.111473][ T7097] do_syscall_64+0xcd/0x490 [ 201.111521][ T7097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.111553][ T7097] RIP: 0033:0x7f997478ebe9 [ 201.111578][ T7097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.111608][ T7097] RSP: 002b:00007f99729f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 201.111637][ T7097] RAX: ffffffffffffffda RBX: 00007f99749b5fa0 RCX: 00007f997478ebe9 [ 201.111658][ T7097] RDX: 000000000000c044 RSI: 0000200000003bc0 RDI: 0000000000000003 [ 201.111678][ T7097] RBP: 00007f99729f6090 R08: 0000000000000000 R09: 0000000000000000 [ 201.111698][ T7097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.111717][ T7097] R13: 00007f99749b6038 R14: 00007f99749b5fa0 R15: 00007fffcb1855c8 [ 201.111759][ T7097] [ 203.801560][ T7143] netlink: 'syz.2.206': attribute type 2 has an invalid length. syzkaller syzkaller login: [ 204.561217][ T7152] netlink: 28 bytes leftover after parsing attributes in process `syz.3.211'. [ 204.623024][ T7152] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 204.696314][ T7152] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 204.735766][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.742324][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 204.800381][ T7146] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 204.806627][ T7146] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 204.812994][ T7146] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 204.853722][ T7146] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 204.884668][ T7146] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 204.898692][ T7152] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 204.932032][ T7152] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 204.961037][ T7146] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 205.344856][ T7154] kexec: Could not allocate control_code_buffer [ 206.098560][ T7187] FAULT_INJECTION: forcing a failure. [ 206.098560][ T7187] name failslab, interval 1, probability 0, space 0, times 0 [ 206.214706][ T7187] CPU: 0 UID: 0 PID: 7187 Comm: syz.3.214 Tainted: G U syzkaller #0 PREEMPT(full) [ 206.214760][ T7187] Tainted: [U]=USER [ 206.214771][ T7187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 206.214789][ T7187] Call Trace: [ 206.214800][ T7187] [ 206.214813][ T7187] dump_stack_lvl+0x16c/0x1f0 [ 206.214863][ T7187] should_fail_ex+0x512/0x640 [ 206.214909][ T7187] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 206.214955][ T7187] should_failslab+0xc2/0x120 [ 206.214999][ T7187] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 206.215037][ T7187] ? __pfx___might_resched+0x10/0x10 [ 206.215070][ T7187] ? __anon_vma_prepare+0xae/0x5e0 [ 206.215113][ T7187] __anon_vma_prepare+0xae/0x5e0 [ 206.215147][ T7187] ? __filemap_get_folio+0x32b/0xc30 [ 206.215194][ T7187] __vmf_anon_prepare+0x11c/0x240 [ 206.215246][ T7187] hugetlb_fault+0x1ba4/0x2f40 [ 206.215288][ T7187] ? __pfx_hugetlb_fault+0x10/0x10 [ 206.215338][ T7187] ? find_vma+0xbf/0x140 [ 206.215380][ T7187] ? __pfx_find_vma+0x10/0x10 [ 206.215429][ T7187] handle_mm_fault+0xbfa/0xd10 [ 206.215466][ T7187] ? __bpf_trace_exceptions+0x1/0x40 [ 206.215527][ T7187] do_user_addr_fault+0x7a6/0x1370 [ 206.215593][ T7187] ? rcu_is_watching+0x12/0xc0 [ 206.215632][ T7187] exc_page_fault+0x5c/0xb0 [ 206.215676][ T7187] asm_exc_page_fault+0x26/0x30 [ 206.215709][ T7187] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 206.215743][ T7187] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 206.215775][ T7187] RSP: 0018:ffffc9000b687cf8 EFLAGS: 00050246 [ 206.215802][ T7187] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000008 [ 206.215821][ T7187] RDX: ffffed100ec3ae11 RSI: 0000000000000000 RDI: ffff8880761d7080 [ 206.215841][ T7187] RBP: 0000000000000008 R08: 0000000000000001 R09: ffffed100ec3ae10 [ 206.215861][ T7187] R10: ffff8880761d7087 R11: 0000000000000000 R12: 0000000000000000 [ 206.215880][ T7187] R13: ffff8880761d7080 R14: 0000000000000000 R15: 0000000000000008 [ 206.215924][ T7187] _copy_from_user+0x98/0xd0 [ 206.215979][ T7187] sctp_setsockopt+0x2045/0xb870 [ 206.216040][ T7187] ? __pfx_sctp_setsockopt+0x10/0x10 [ 206.216091][ T7187] ? find_held_lock+0x2b/0x80 [ 206.216128][ T7187] ? aa_sock_opt_perm+0xfd/0x1c0 [ 206.216160][ T7187] ? sock_common_setsockopt+0x2e/0xf0 [ 206.216212][ T7187] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 206.216270][ T7187] do_sock_setsockopt+0xf3/0x1d0 [ 206.216328][ T7187] __sys_setsockopt+0x120/0x1a0 [ 206.216379][ T7187] __x64_sys_setsockopt+0xbd/0x160 [ 206.216420][ T7187] ? do_syscall_64+0x91/0x490 [ 206.216463][ T7187] ? lockdep_hardirqs_on+0x7c/0x110 [ 206.216505][ T7187] do_syscall_64+0xcd/0x490 [ 206.216553][ T7187] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.216593][ T7187] RIP: 0033:0x7fdd68f8ebe9 [ 206.216619][ T7187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.216650][ T7187] RSP: 002b:00007fdd69e98038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 206.216679][ T7187] RAX: ffffffffffffffda RBX: 00007fdd691b6090 RCX: 00007fdd68f8ebe9 [ 206.216700][ T7187] RDX: 0000000000000081 RSI: 0000010000000084 RDI: 0000000000000003 [ 206.216720][ T7187] RBP: 00007fdd69011e19 R08: 0000000000000008 R09: 0000000000000000 [ 206.216739][ T7187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 206.216759][ T7187] R13: 00007fdd691b6128 R14: 00007fdd691b6090 R15: 00007ffe94158858 [ 206.216803][ T7187] [ 206.619882][ T5873] Bluetooth: hci0: command 0x0c1a tx timeout [ 206.817843][ T5873] Bluetooth: hci1: command 0x0c1a tx timeout [ 206.895672][ T5873] Bluetooth: hci3: command 0x0c1a tx timeout [ 206.895684][ T5868] Bluetooth: hci2: command 0x0c1a tx timeout [ 206.935245][ T7201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.216'. [ 207.305860][ T7215] FAULT_INJECTION: forcing a failure. [ 207.305860][ T7215] name failslab, interval 1, probability 0, space 0, times 0 [ 207.323679][ T7215] CPU: 0 UID: 0 PID: 7215 Comm: syz.0.220 Tainted: G U syzkaller #0 PREEMPT(full) [ 207.323739][ T7215] Tainted: [U]=USER [ 207.323749][ T7215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 207.323765][ T7215] Call Trace: [ 207.323776][ T7215] [ 207.323787][ T7215] dump_stack_lvl+0x16c/0x1f0 [ 207.323833][ T7215] should_fail_ex+0x512/0x640 [ 207.323885][ T7215] should_failslab+0xc2/0x120 [ 207.323927][ T7215] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 207.323968][ T7215] ? skb_clone+0x190/0x3f0 [ 207.324017][ T7215] skb_clone+0x190/0x3f0 [ 207.324058][ T7215] netlink_deliver_tap+0xabd/0xd30 [ 207.324095][ T7215] netlink_unicast+0x71f/0x870 [ 207.324131][ T7215] ? __pfx_netlink_unicast+0x10/0x10 [ 207.324163][ T7215] ? genl_rcv_msg+0x4bb/0x800 [ 207.324206][ T7215] netlink_ack+0x696/0xb80 [ 207.324246][ T7215] netlink_rcv_skb+0x332/0x420 [ 207.324278][ T7215] ? __pfx_genl_rcv_msg+0x10/0x10 [ 207.324315][ T7215] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 207.324359][ T7215] ? netlink_deliver_tap+0x1ae/0xd30 [ 207.324393][ T7215] genl_rcv+0x28/0x40 [ 207.324425][ T7215] netlink_unicast+0x5aa/0x870 [ 207.324463][ T7215] ? __pfx_netlink_unicast+0x10/0x10 [ 207.324497][ T7215] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 207.324529][ T7215] ? __lock_acquire+0xb97/0x1ce0 [ 207.324569][ T7215] netlink_sendmsg+0x8d1/0xdd0 [ 207.324608][ T7215] ? __pfx_netlink_sendmsg+0x10/0x10 [ 207.324645][ T7215] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 207.324676][ T7215] ____sys_sendmsg+0xa95/0xc70 [ 207.324706][ T7215] ? copy_msghdr_from_user+0x10a/0x160 [ 207.324738][ T7215] ? __pfx_____sys_sendmsg+0x10/0x10 [ 207.324781][ T7215] ___sys_sendmsg+0x134/0x1d0 [ 207.324828][ T7215] ? __pfx____sys_sendmsg+0x10/0x10 [ 207.324920][ T7215] __sys_sendmsg+0x16d/0x220 [ 207.324962][ T7215] ? __pfx___sys_sendmsg+0x10/0x10 [ 207.325031][ T7215] do_syscall_64+0xcd/0x490 [ 207.325079][ T7215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.325106][ T7215] RIP: 0033:0x7f40b218ebe9 [ 207.325123][ T7215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.325145][ T7215] RSP: 002b:00007f40b2f24038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 207.325165][ T7215] RAX: ffffffffffffffda RBX: 00007f40b23b5fa0 RCX: 00007f40b218ebe9 [ 207.325180][ T7215] RDX: 000000000000c044 RSI: 0000200000003bc0 RDI: 0000000000000003 [ 207.325194][ T7215] RBP: 00007f40b2f24090 R08: 0000000000000000 R09: 0000000000000000 [ 207.325207][ T7215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 207.325220][ T7215] R13: 00007f40b23b6038 R14: 00007f40b23b5fa0 R15: 00007ffebcdf7058 [ 207.325249][ T7215] [ 207.794140][ T7220] FAULT_INJECTION: forcing a failure. [ 207.794140][ T7220] name failslab, interval 1, probability 0, space 0, times 0 [ 207.807338][ T7220] CPU: 0 UID: 0 PID: 7220 Comm: syz.1.218 Tainted: G U syzkaller #0 PREEMPT(full) [ 207.807397][ T7220] Tainted: [U]=USER [ 207.807409][ T7220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 207.807428][ T7220] Call Trace: [ 207.807439][ T7220] [ 207.807451][ T7220] dump_stack_lvl+0x16c/0x1f0 [ 207.807499][ T7220] should_fail_ex+0x512/0x640 [ 207.807545][ T7220] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 207.807584][ T7220] ? __pfx_mon_text_open+0x10/0x10 [ 207.807621][ T7220] should_failslab+0xc2/0x120 [ 207.807665][ T7220] __kmalloc_cache_noprof+0x6a/0x3e0 [ 207.807699][ T7220] ? lockdep_init_map_type+0x5c/0x280 [ 207.807743][ T7220] ? mon_text_open+0xd5/0x4f0 [ 207.807783][ T7220] ? __pfx_mon_text_open+0x10/0x10 [ 207.807819][ T7220] mon_text_open+0xd5/0x4f0 [ 207.807858][ T7220] ? __pfx_mon_text_open+0x10/0x10 [ 207.807894][ T7220] ? __debugfs_file_get+0x1fe/0x840 [ 207.807944][ T7220] ? __pfx___debugfs_file_get+0x10/0x10 [ 207.807997][ T7220] ? __pfx_apparmor_file_open+0x10/0x10 [ 207.808033][ T7220] ? lockdown_is_locked_down+0x3f/0x130 [ 207.808065][ T7220] ? bpf_lsm_locked_down+0x9/0x10 [ 207.808101][ T7220] ? __pfx_mon_text_open+0x10/0x10 [ 207.808137][ T7220] full_proxy_open_regular+0x1b9/0x360 [ 207.808173][ T7220] do_dentry_open+0x982/0x1530 [ 207.808216][ T7220] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 207.808259][ T7220] vfs_open+0x82/0x3f0 [ 207.808313][ T7220] path_openat+0x1de4/0x2cb0 [ 207.808368][ T7220] ? __pfx_path_openat+0x10/0x10 [ 207.808430][ T7220] do_filp_open+0x20b/0x470 [ 207.808471][ T7220] ? __pfx_do_filp_open+0x10/0x10 [ 207.808544][ T7220] ? alloc_fd+0x471/0x7d0 [ 207.808592][ T7220] do_sys_openat2+0x11b/0x1d0 [ 207.808644][ T7220] ? __pfx_do_sys_openat2+0x10/0x10 [ 207.808714][ T7220] __x64_sys_openat+0x174/0x210 [ 207.808768][ T7220] ? __pfx___x64_sys_openat+0x10/0x10 [ 207.808839][ T7220] do_syscall_64+0xcd/0x490 [ 207.808889][ T7220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.808923][ T7220] RIP: 0033:0x7f997478ebe9 [ 207.808950][ T7220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.808981][ T7220] RSP: 002b:00007f9972591038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 207.809012][ T7220] RAX: ffffffffffffffda RBX: 00007f99749b6270 RCX: 00007f997478ebe9 [ 207.809034][ T7220] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 207.809055][ T7220] RBP: 00007f9974811e19 R08: 0000000000000000 R09: 0000000000000000 [ 207.809076][ T7220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 207.809095][ T7220] R13: 00007f99749b6308 R14: 00007f99749b6270 R15: 00007fffcb1855c8 [ 207.809138][ T7220] [ 208.123563][ T7221] ecryptfs_miscdev_write: Invalid packet size [111] [ 208.975146][ T5873] Bluetooth: hci3: command 0x0c1a tx timeout [ 210.122151][ T7259] Setting dangerous option i915.mitigations - tainting kernel syzkaller syzkaller login: [ 210.282598][ T7264] FAULT_INJECTION: forcing a failure. [ 210.282598][ T7264] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 210.314683][ T7264] CPU: 1 UID: 0 PID: 7264 Comm: syz.3.229 Tainted: G U syzkaller #0 PREEMPT(full) [ 210.314730][ T7264] Tainted: [U]=USER [ 210.314740][ T7264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 210.314757][ T7264] Call Trace: [ 210.314767][ T7264] [ 210.314779][ T7264] dump_stack_lvl+0x16c/0x1f0 [ 210.314824][ T7264] should_fail_ex+0x512/0x640 [ 210.314876][ T7264] _copy_to_user+0x32/0xd0 [ 210.314909][ T7264] simple_read_from_buffer+0xcb/0x170 [ 210.314945][ T7264] proc_fail_nth_read+0x197/0x240 [ 210.314981][ T7264] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 210.315017][ T7264] ? rw_verify_area+0xcf/0x6c0 [ 210.315049][ T7264] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 210.315084][ T7264] vfs_read+0x1e1/0xcf0 [ 210.315125][ T7264] ? __pfx___mutex_lock+0x10/0x10 [ 210.315176][ T7264] ? __pfx_vfs_read+0x10/0x10 [ 210.315224][ T7264] ? __fget_files+0x20e/0x3c0 [ 210.315273][ T7264] ksys_read+0x12a/0x250 [ 210.315310][ T7264] ? __pfx_ksys_read+0x10/0x10 [ 210.315359][ T7264] do_syscall_64+0xcd/0x490 [ 210.315408][ T7264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.315440][ T7264] RIP: 0033:0x7fdd68f8d5fc [ 210.315464][ T7264] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 210.315494][ T7264] RSP: 002b:00007fdd69eb9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 210.315524][ T7264] RAX: ffffffffffffffda RBX: 00007fdd691b5fa0 RCX: 00007fdd68f8d5fc [ 210.315543][ T7264] RDX: 000000000000000f RSI: 00007fdd69eb90a0 RDI: 0000000000000004 [ 210.315563][ T7264] RBP: 00007fdd69eb9090 R08: 0000000000000000 R09: 0000000000000000 [ 210.315582][ T7264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 210.315600][ T7264] R13: 00007fdd691b6038 R14: 00007fdd691b5fa0 R15: 00007ffe94158858 [ 210.315642][ T7264] [ 211.052564][ T5873] Bluetooth: hci3: command 0x0c1a tx timeout [ 211.431399][ T7267] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 211.442792][ T7267] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 211.458082][ T7267] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 211.474446][ T7267] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 212.426190][ T7297] zswap: compressor not available [ 213.132189][ T5873] Bluetooth: hci0: command 0x0c1a tx timeout [ 213.462181][ T5873] Bluetooth: hci1: command 0x0c1a tx timeout [ 213.480145][ T7317] binder: 7316:7317 unknown command 4294967282 [ 213.502146][ T7317] binder: 7316:7317 ioctl c0306201 2000000000c0 returned -22 [ 213.542243][ T5868] Bluetooth: hci2: command 0x0c1a tx timeout [ 213.548368][ T5873] Bluetooth: hci3: command 0x0c1a tx timeout [ 214.880743][ T7332] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 214.915743][ T7332] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 214.930975][ T7332] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 214.944147][ T7332] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 215.269372][ T7344] netlink: 20 bytes leftover after parsing attributes in process `syz.3.245'. [ 215.432610][ T7352] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 216.314406][ T7360] FAULT_INJECTION: forcing a failure. [ 216.314406][ T7360] name failslab, interval 1, probability 0, space 0, times 0 [ 216.373881][ T7360] CPU: 0 UID: 0 PID: 7360 Comm: syz.3.249 Tainted: G U syzkaller #0 PREEMPT(full) [ 216.373931][ T7360] Tainted: [U]=USER [ 216.373942][ T7360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 216.373960][ T7360] Call Trace: [ 216.373971][ T7360] [ 216.373984][ T7360] dump_stack_lvl+0x16c/0x1f0 [ 216.374032][ T7360] should_fail_ex+0x512/0x640 [ 216.374080][ T7360] ? fs_reclaim_acquire+0xae/0x150 [ 216.374134][ T7360] should_failslab+0xc2/0x120 [ 216.374180][ T7360] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 216.374222][ T7360] ? security_inode_alloc+0x3b/0x2b0 [ 216.374268][ T7360] security_inode_alloc+0x3b/0x2b0 [ 216.374307][ T7360] inode_init_always_gfp+0xce4/0x1030 [ 216.374353][ T7360] alloc_inode+0x86/0x240 [ 216.374402][ T7360] sock_alloc+0x40/0x280 [ 216.374453][ T7360] __sock_create+0xc1/0x8d0 [ 216.374494][ T7360] __sys_socket+0x14d/0x260 [ 216.374528][ T7360] ? __pfx___sys_socket+0x10/0x10 [ 216.374572][ T7360] ? xfd_validate_state+0x61/0x180 [ 216.374621][ T7360] ? __pfx_ksys_write+0x10/0x10 [ 216.374669][ T7360] __x64_sys_socket+0x72/0xb0 [ 216.374702][ T7360] ? lockdep_hardirqs_on+0x7c/0x110 [ 216.374743][ T7360] do_syscall_64+0xcd/0x490 [ 216.374790][ T7360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.374823][ T7360] RIP: 0033:0x7fdd68f8ebe9 [ 216.374849][ T7360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 216.374881][ T7360] RSP: 002b:00007fdd69eb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 216.374910][ T7360] RAX: ffffffffffffffda RBX: 00007fdd691b5fa0 RCX: 00007fdd68f8ebe9 [ 216.374932][ T7360] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 216.374951][ T7360] RBP: 00007fdd69011e19 R08: 0000000000000000 R09: 0000000000000000 [ 216.374970][ T7360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 216.374989][ T7360] R13: 00007fdd691b6038 R14: 00007fdd691b5fa0 R15: 00007ffe94158858 [ 216.375031][ T7360] [ 216.375069][ T7360] socket: no more sockets [ 216.812492][ T5873] Bluetooth: hci0: command 0x0c1a tx timeout [ 216.995752][ T5873] Bluetooth: hci3: command 0x0c1a tx timeout [ 216.996970][ T5877] Bluetooth: hci1: command 0x0c1a tx timeout [ 217.007991][ T5868] Bluetooth: hci2: command 0x0c1a tx timeout [ 217.224491][ T31] audit: type=1800 audit(1756021173.290:2): pid=7377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.253" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 218.021974][ T7385] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 219.976992][ T7408] netlink: 20 bytes leftover after parsing attributes in process `syz.3.261'. [ 222.811573][ T7447] netlink: 28 bytes leftover after parsing attributes in process `syz.3.270'. [ 224.414122][ T7479] FAULT_INJECTION: forcing a failure. [ 224.414122][ T7479] name failslab, interval 1, probability 0, space 0, times 0 [ 224.427170][ T7479] CPU: 0 UID: 0 PID: 7479 Comm: syz.2.276 Tainted: G U syzkaller #0 PREEMPT(full) [ 224.427218][ T7479] Tainted: [U]=USER [ 224.427228][ T7479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 224.427247][ T7479] Call Trace: [ 224.427258][ T7479] [ 224.427271][ T7479] dump_stack_lvl+0x116/0x1f0 [ 224.427319][ T7479] should_fail_ex+0x512/0x640 [ 224.427373][ T7479] should_failslab+0xc2/0x120 [ 224.427417][ T7479] __kmalloc_cache_noprof+0x6a/0x3e0 [ 224.427452][ T7479] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 224.427502][ T7479] ? alloc_fw_cache_entry+0x3f/0xd0 [ 224.427541][ T7479] ? __pfx_fw_name_devm_release+0x10/0x10 [ 224.427580][ T7479] alloc_fw_cache_entry+0x3f/0xd0 [ 224.427618][ T7479] dev_create_fw_entry+0x3d/0x150 [ 224.427656][ T7479] ? __pfx_fw_name_devm_release+0x10/0x10 [ 224.427691][ T7479] devres_for_each_res+0x170/0x1d0 [ 224.427741][ T7479] ? __pfx_devm_name_match+0x10/0x10 [ 224.427774][ T7479] ? __pfx_dev_create_fw_entry+0x10/0x10 [ 224.427815][ T7479] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 224.427855][ T7479] dev_cache_fw_image+0xa2/0x490 [ 224.427901][ T7479] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 224.427942][ T7479] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 224.427977][ T7479] dpm_for_each_dev+0x5a/0xb0 [ 224.428008][ T7479] fw_pm_notify+0x81/0x150 [ 224.428037][ T7479] notifier_call_chain+0xb9/0x410 [ 224.428071][ T7479] ? __pfx_fw_pm_notify+0x10/0x10 [ 224.428109][ T7479] blocking_notifier_call_chain_robust+0xc8/0x160 [ 224.428156][ T7479] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 224.428217][ T7479] pm_notifier_call_chain_robust+0x27/0x60 [ 224.428264][ T7479] snapshot_open+0x189/0x2b0 [ 224.428303][ T7479] ? __pfx_snapshot_open+0x10/0x10 [ 224.428344][ T7479] misc_open+0x35a/0x420 [ 224.428379][ T7479] ? __pfx_misc_open+0x10/0x10 [ 224.428414][ T7479] chrdev_open+0x234/0x6a0 [ 224.428456][ T7479] ? __pfx_apparmor_file_open+0x10/0x10 [ 224.428492][ T7479] ? __pfx_chrdev_open+0x10/0x10 [ 224.428538][ T7479] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 224.428583][ T7479] do_dentry_open+0x982/0x1530 [ 224.428622][ T7479] ? __pfx_chrdev_open+0x10/0x10 [ 224.428670][ T7479] vfs_open+0x82/0x3f0 [ 224.428721][ T7479] path_openat+0x1de4/0x2cb0 [ 224.428771][ T7479] ? __pfx_path_openat+0x10/0x10 [ 224.428819][ T7479] do_filp_open+0x20b/0x470 [ 224.428857][ T7479] ? __pfx_do_filp_open+0x10/0x10 [ 224.428928][ T7479] ? alloc_fd+0x471/0x7d0 [ 224.428970][ T7479] do_sys_openat2+0x11b/0x1d0 [ 224.429014][ T7479] ? __pfx_do_sys_openat2+0x10/0x10 [ 224.429073][ T7479] __x64_sys_openat+0x174/0x210 [ 224.429118][ T7479] ? __pfx___x64_sys_openat+0x10/0x10 [ 224.429189][ T7479] do_syscall_64+0xcd/0x490 [ 224.429239][ T7479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.429272][ T7479] RIP: 0033:0x7f3d5cd8ebe9 [ 224.429298][ T7479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.429329][ T7479] RSP: 002b:00007f3d5dbae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 224.429360][ T7479] RAX: ffffffffffffffda RBX: 00007f3d5cfb5fa0 RCX: 00007f3d5cd8ebe9 [ 224.429381][ T7479] RDX: 0000000000000040 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 224.429401][ T7479] RBP: 00007f3d5ce11e19 R08: 0000000000000000 R09: 0000000000000000 [ 224.429419][ T7479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 224.429436][ T7479] R13: 00007f3d5cfb6038 R14: 00007f3d5cfb5fa0 R15: 00007ffe5489bdb8 [ 224.429479][ T7479] [ 225.022575][ T7479] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 225.154811][ T7479] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 225.196703][ T7479] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 225.203951][ T7479] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 225.573480][ T7496] FAULT_INJECTION: forcing a failure. [ 225.573480][ T7496] name failslab, interval 1, probability 0, space 0, times 0 [ 225.606213][ T7496] CPU: 1 UID: 0 PID: 7496 Comm: syz.2.279 Tainted: G U syzkaller #0 PREEMPT(full) [ 225.606266][ T7496] Tainted: [U]=USER [ 225.606278][ T7496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 225.606296][ T7496] Call Trace: [ 225.606307][ T7496] [ 225.606320][ T7496] dump_stack_lvl+0x16c/0x1f0 [ 225.606370][ T7496] should_fail_ex+0x512/0x640 [ 225.606417][ T7496] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 225.606465][ T7496] should_failslab+0xc2/0x120 [ 225.606509][ T7496] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 225.606550][ T7496] ? __alloc_skb+0x2b2/0x380 [ 225.606598][ T7496] __alloc_skb+0x2b2/0x380 [ 225.606640][ T7496] ? __pfx___alloc_skb+0x10/0x10 [ 225.606681][ T7496] ? kasan_quarantine_put+0x10a/0x240 [ 225.606731][ T7496] ? lockdep_hardirqs_on+0x7c/0x110 [ 225.606787][ T7496] inet_netconf_notify_devconf+0x8b/0x1f0 [ 225.606845][ T7496] inetdev_event+0xed5/0x18a0 [ 225.606900][ T7496] ? ib_netdevice_event+0xfc/0x330 [ 225.606932][ T7496] ? __pfx_inetdev_event+0x10/0x10 [ 225.606986][ T7496] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 225.607041][ T7496] notifier_call_chain+0xb9/0x410 [ 225.607082][ T7496] ? __pfx_inetdev_event+0x10/0x10 [ 225.607142][ T7496] call_netdevice_notifiers_info+0xbe/0x140 [ 225.607201][ T7496] unregister_netdevice_many_notify+0xf76/0x24c0 [ 225.607268][ T7496] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 225.607320][ T7496] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 225.607372][ T7496] ? __fsnotify_parent+0x24b/0xc40 [ 225.607409][ T7496] ? __pfx___mutex_lock+0x10/0x10 [ 225.607462][ T7496] unregister_netdevice_queue+0x305/0x3f0 [ 225.607513][ T7496] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 225.607566][ T7496] ? __pfx_locks_remove_file+0x10/0x10 [ 225.607607][ T7496] ? __pfx_ppp_release+0x10/0x10 [ 225.607652][ T7496] ppp_release+0x209/0x230 [ 225.607697][ T7496] __fput+0x402/0xb70 [ 225.607765][ T7496] task_work_run+0x14d/0x240 [ 225.607820][ T7496] ? __pfx_task_work_run+0x10/0x10 [ 225.607873][ T7496] ? __pfx___do_sys_close_range+0x10/0x10 [ 225.607923][ T7496] exit_to_user_mode_loop+0xeb/0x110 [ 225.607974][ T7496] do_syscall_64+0x3f6/0x490 [ 225.608022][ T7496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.608054][ T7496] RIP: 0033:0x7f3d5cd8ebe9 [ 225.608079][ T7496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.608110][ T7496] RSP: 002b:00007f3d5dbae038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 225.608142][ T7496] RAX: 0000000000000000 RBX: 00007f3d5cfb5fa0 RCX: 00007f3d5cd8ebe9 [ 225.608162][ T7496] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 225.608182][ T7496] RBP: 00007f3d5ce11e19 R08: 0000000000000000 R09: 0000000000000000 [ 225.608201][ T7496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 225.608221][ T7496] R13: 00007f3d5cfb6038 R14: 00007f3d5cfb5fa0 R15: 00007ffe5489bdb8 [ 225.608264][ T7496] [ 226.553863][ T7509] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 226.972194][ T5877] Bluetooth: hci0: command 0x0c1a tx timeout [ 227.052476][ T5877] Bluetooth: hci1: command 0x0c1a tx timeout [ 227.213144][ T5877] Bluetooth: hci3: command 0x0c1a tx timeout [ 227.219215][ T5868] Bluetooth: hci2: command 0x0c1a tx timeout [ 227.317466][ T7510] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 229.153725][ T7538] FAULT_INJECTION: forcing a failure. [ 229.153725][ T7538] name failslab, interval 1, probability 0, space 0, times 0 [ 229.176779][ T7538] CPU: 0 UID: 0 PID: 7538 Comm: syz.3.288 Tainted: G U syzkaller #0 PREEMPT(full) [ 229.176834][ T7538] Tainted: [U]=USER [ 229.176845][ T7538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 229.176864][ T7538] Call Trace: [ 229.176875][ T7538] [ 229.176888][ T7538] dump_stack_lvl+0x16c/0x1f0 [ 229.176939][ T7538] should_fail_ex+0x512/0x640 [ 229.176994][ T7538] should_failslab+0xc2/0x120 [ 229.177040][ T7538] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 229.177082][ T7538] ? __alloc_skb+0x2b2/0x380 [ 229.177132][ T7538] __alloc_skb+0x2b2/0x380 [ 229.177172][ T7538] ? __pfx___alloc_skb+0x10/0x10 [ 229.177219][ T7538] ? __lock_acquire+0x62e/0x1ce0 [ 229.177270][ T7538] hci_cmd_sync_alloc+0x39/0x3a0 [ 229.177322][ T7538] __hci_cmd_sync_sk+0x157/0xc90 [ 229.177374][ T7538] ? __pfx___hci_cmd_sync_sk+0x10/0x10 [ 229.177439][ T7538] ? __mutex_trylock_common+0xe9/0x250 [ 229.177498][ T7538] ? trace_contention_end+0xdd/0x130 [ 229.177542][ T7538] ? __mutex_lock+0x1c5/0x1060 [ 229.177587][ T7538] ? rcu_is_watching+0x12/0xc0 [ 229.177626][ T7538] __hci_cmd_sync_status_sk+0x48/0x190 [ 229.177684][ T7538] hci_suspend_sync+0x8fb/0xb20 [ 229.177732][ T7538] ? __pfx_enable_work+0x10/0x10 [ 229.177770][ T7538] ? __pfx_hci_suspend_sync+0x10/0x10 [ 229.177840][ T7538] hci_suspend_dev+0x308/0x500 [ 229.177879][ T7538] ? __pfx_hci_suspend_dev+0x10/0x10 [ 229.177915][ T7538] ? rcu_barrier+0x341/0x6e0 [ 229.177964][ T7538] ? kobject_get+0xbb/0x150 [ 229.178013][ T7538] hci_suspend_notifier+0x28d/0x2f0 [ 229.178059][ T7538] notifier_call_chain+0xb9/0x410 [ 229.178101][ T7538] ? __pfx_hci_suspend_notifier+0x10/0x10 [ 229.178150][ T7538] blocking_notifier_call_chain_robust+0xc8/0x160 [ 229.178198][ T7538] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 229.178258][ T7538] pm_notifier_call_chain_robust+0x27/0x60 [ 229.178305][ T7538] snapshot_open+0x189/0x2b0 [ 229.178345][ T7538] ? __pfx_snapshot_open+0x10/0x10 [ 229.178387][ T7538] misc_open+0x35a/0x420 [ 229.178433][ T7538] ? __pfx_misc_open+0x10/0x10 [ 229.178469][ T7538] chrdev_open+0x234/0x6a0 [ 229.178511][ T7538] ? __pfx_apparmor_file_open+0x10/0x10 [ 229.178547][ T7538] ? __pfx_chrdev_open+0x10/0x10 [ 229.178594][ T7538] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 229.178641][ T7538] do_dentry_open+0x982/0x1530 [ 229.178683][ T7538] ? __pfx_chrdev_open+0x10/0x10 [ 229.178737][ T7538] vfs_open+0x82/0x3f0 [ 229.178793][ T7538] path_openat+0x1de4/0x2cb0 [ 229.178849][ T7538] ? __pfx_path_openat+0x10/0x10 [ 229.178901][ T7538] do_filp_open+0x20b/0x470 [ 229.178941][ T7538] ? __pfx_do_filp_open+0x10/0x10 [ 229.179015][ T7538] ? alloc_fd+0x471/0x7d0 [ 229.179065][ T7538] do_sys_openat2+0x11b/0x1d0 [ 229.179117][ T7538] ? __pfx_do_sys_openat2+0x10/0x10 [ 229.179187][ T7538] __x64_sys_openat+0x174/0x210 [ 229.179240][ T7538] ? __pfx___x64_sys_openat+0x10/0x10 [ 229.179313][ T7538] do_syscall_64+0xcd/0x490 [ 229.179362][ T7538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.179395][ T7538] RIP: 0033:0x7fdd68f8ebe9 [ 229.179431][ T7538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.179464][ T7538] RSP: 002b:00007fdd69eb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 229.179497][ T7538] RAX: ffffffffffffffda RBX: 00007fdd691b5fa0 RCX: 00007fdd68f8ebe9 [ 229.179519][ T7538] RDX: 0000000000000040 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 229.179540][ T7538] RBP: 00007fdd69011e19 R08: 0000000000000000 R09: 0000000000000000 [ 229.179561][ T7538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.179580][ T7538] R13: 00007fdd691b6038 R14: 00007fdd691b5fa0 R15: 00007ffe94158858 [ 229.179623][ T7538] [ 229.565222][ T7538] Bluetooth: hci0: no memory for command (opcode 0x0c1a) [ 229.584162][ T7538] Bluetooth: hci0: Opcode 0x0c1a failed: -12 [ 229.605603][ T7543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.289'. [ 229.705688][ T7538] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 229.734850][ T7538] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 229.741044][ T7538] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 231.773714][ T5877] Bluetooth: hci1: command 0x0c1a tx timeout [ 231.852257][ T5877] Bluetooth: hci3: command 0x0c1a tx timeout [ 231.858440][ T5868] Bluetooth: hci2: command 0x0c1a tx timeout [ 231.961639][ T7581] FAULT_INJECTION: forcing a failure. [ 231.961639][ T7581] name failslab, interval 1, probability 0, space 0, times 0 [ 231.974314][ T7581] CPU: 0 UID: 0 PID: 7581 Comm: syz.2.299 Tainted: G U syzkaller #0 PREEMPT(full) [ 231.974367][ T7581] Tainted: [U]=USER [ 231.974376][ T7581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 231.974389][ T7581] Call Trace: [ 231.974398][ T7581] [ 231.974407][ T7581] dump_stack_lvl+0x116/0x1f0 [ 231.974445][ T7581] should_fail_ex+0x512/0x640 [ 231.974485][ T7581] should_failslab+0xc2/0x120 [ 231.974519][ T7581] __kmalloc_cache_noprof+0x6a/0x3e0 [ 231.974544][ T7581] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 231.974582][ T7581] ? alloc_fw_cache_entry+0x3f/0xd0 [ 231.974612][ T7581] ? __pfx_fw_name_devm_release+0x10/0x10 [ 231.974640][ T7581] alloc_fw_cache_entry+0x3f/0xd0 [ 231.974668][ T7581] dev_create_fw_entry+0x3d/0x150 [ 231.974697][ T7581] ? __pfx_fw_name_devm_release+0x10/0x10 [ 231.974723][ T7581] devres_for_each_res+0x170/0x1d0 [ 231.974760][ T7581] ? __pfx_devm_name_match+0x10/0x10 [ 231.974784][ T7581] ? __pfx_dev_create_fw_entry+0x10/0x10 [ 231.974815][ T7581] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 231.974844][ T7581] dev_cache_fw_image+0xa2/0x490 [ 231.974875][ T7581] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 231.974909][ T7581] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 231.974939][ T7581] dpm_for_each_dev+0x5a/0xb0 [ 231.974965][ T7581] fw_pm_notify+0x81/0x150 [ 231.974990][ T7581] notifier_call_chain+0xb9/0x410 [ 231.975021][ T7581] ? __pfx_fw_pm_notify+0x10/0x10 [ 231.975053][ T7581] blocking_notifier_call_chain_robust+0xc8/0x160 [ 231.975089][ T7581] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 231.975142][ T7581] pm_notifier_call_chain_robust+0x27/0x60 [ 231.975180][ T7581] snapshot_open+0x189/0x2b0 [ 231.975210][ T7581] ? __pfx_snapshot_open+0x10/0x10 [ 231.975241][ T7581] misc_open+0x35a/0x420 [ 231.975268][ T7581] ? __pfx_misc_open+0x10/0x10 [ 231.975293][ T7581] chrdev_open+0x234/0x6a0 [ 231.975325][ T7581] ? __pfx_apparmor_file_open+0x10/0x10 [ 231.975360][ T7581] ? __pfx_chrdev_open+0x10/0x10 [ 231.975394][ T7581] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 231.975429][ T7581] do_dentry_open+0x982/0x1530 [ 231.975461][ T7581] ? __pfx_chrdev_open+0x10/0x10 [ 231.975501][ T7581] vfs_open+0x82/0x3f0 [ 231.975542][ T7581] path_openat+0x1de4/0x2cb0 [ 231.975582][ T7581] ? __pfx_path_openat+0x10/0x10 [ 231.975620][ T7581] do_filp_open+0x20b/0x470 [ 231.975650][ T7581] ? __pfx_do_filp_open+0x10/0x10 [ 231.975702][ T7581] ? alloc_fd+0x471/0x7d0 [ 231.975737][ T7581] do_sys_openat2+0x11b/0x1d0 [ 231.975775][ T7581] ? __pfx_do_sys_openat2+0x10/0x10 [ 231.975826][ T7581] __x64_sys_openat+0x174/0x210 [ 231.975866][ T7581] ? __pfx___x64_sys_openat+0x10/0x10 [ 231.975919][ T7581] do_syscall_64+0xcd/0x490 [ 231.975955][ T7581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.975980][ T7581] RIP: 0033:0x7f3d5cd8ebe9 [ 231.976000][ T7581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.976024][ T7581] RSP: 002b:00007f3d5dbae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 231.976064][ T7581] RAX: ffffffffffffffda RBX: 00007f3d5cfb5fa0 RCX: 00007f3d5cd8ebe9 [ 231.976080][ T7581] RDX: 0000000000000040 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 231.976095][ T7581] RBP: 00007f3d5ce11e19 R08: 0000000000000000 R09: 0000000000000000 [ 231.976110][ T7581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 231.976124][ T7581] R13: 00007f3d5cfb6038 R14: 00007f3d5cfb5fa0 R15: 00007ffe5489bdb8 [ 231.976155][ T7581] [ 232.562839][ T7581] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 232.586754][ T7581] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 232.710980][ T7581] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 232.722371][ T7581] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 232.883311][ T7596] sp0: Synchronizing with TNC [ 234.221862][ T7645] netlink: 'syz.2.311': attribute type 22 has an invalid length. [ 234.652213][ T7637] Bluetooth: hci1: command 0x0c1a tx timeout [ 234.658445][ T7637] Bluetooth: hci0: command 0x0c1a tx timeout [ 234.728907][ T7647] ptrace attach of "./syz-executor exec"[7656] was attempted by "./syz-executor exec"[7647] [ 234.739437][ T7637] Bluetooth: hci3: command 0x0c1a tx timeout [ 234.745577][ T7663] Bluetooth: hci2: command 0x0c1a tx timeout [ 237.695368][ T7680] kexec: Could not allocate control_code_buffer [ 238.629139][ T7721] netlink: 4 bytes leftover after parsing attributes in process `syz.2.325'. [ 238.790132][ T7723] loop6: detected capacity change from 0 to 8 [ 241.384165][ T7792] netlink: 306 bytes leftover after parsing attributes in process `syz.0.338'. [ 242.696550][ T7839] netlink: 334 bytes leftover after parsing attributes in process `syz.0.345'. [ 242.708860][ T7839] netlink: 334 bytes leftover after parsing attributes in process `syz.0.345'. [ 243.597604][ T7856] CIFS: VFS: Invalid SecurityFlags: 0 [ 243.597604][ T7856] [ 244.506222][ T7866] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 244.512440][ T7866] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 244.544914][ T7866] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 244.585444][ T7866] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 245.862992][ T7637] Bluetooth: hci0: command 0x0c1a tx timeout [ 245.996078][ T7913] netlink: 28 bytes leftover after parsing attributes in process `syz.1.357'. [ 246.052509][ T7900] sd 0:0:1:0: PR command failed: 1026 [ 246.058035][ T7900] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 246.062913][ T7908] netlink: 342 bytes leftover after parsing attributes in process `syz.2.354'. [ 246.227843][ T7900] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 246.582206][ T7637] Bluetooth: hci2: command 0x0c1a tx timeout [ 246.588370][ T7637] Bluetooth: hci1: command 0x0c1a tx timeout [ 246.653245][ T7637] Bluetooth: hci3: command 0x0c1a tx timeout [ 247.328380][ T7941] FAULT_INJECTION: forcing a failure. [ 247.328380][ T7941] name failslab, interval 1, probability 0, space 0, times 0 [ 247.341086][ T7941] CPU: 0 UID: 0 PID: 7941 Comm: syz.3.365 Tainted: G U syzkaller #0 PREEMPT(full) [ 247.341134][ T7941] Tainted: [U]=USER [ 247.341144][ T7941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 247.341167][ T7941] Call Trace: [ 247.341182][ T7941] [ 247.341195][ T7941] dump_stack_lvl+0x116/0x1f0 [ 247.341245][ T7941] should_fail_ex+0x512/0x640 [ 247.341299][ T7941] should_failslab+0xc2/0x120 [ 247.341342][ T7941] __kmalloc_cache_noprof+0x6a/0x3e0 [ 247.341378][ T7941] ? alloc_fw_cache_entry+0x3f/0xd0 [ 247.341417][ T7941] ? __pfx_fw_name_devm_release+0x10/0x10 [ 247.341455][ T7941] alloc_fw_cache_entry+0x3f/0xd0 [ 247.341495][ T7941] dev_create_fw_entry+0x3d/0x150 [ 247.341532][ T7941] ? __pfx_fw_name_devm_release+0x10/0x10 [ 247.341568][ T7941] devres_for_each_res+0x170/0x1d0 [ 247.341617][ T7941] ? __pfx_devm_name_match+0x10/0x10 [ 247.341658][ T7941] ? __pfx_dev_create_fw_entry+0x10/0x10 [ 247.341700][ T7941] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 247.341741][ T7941] dev_cache_fw_image+0xa2/0x490 [ 247.341783][ T7941] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 247.341830][ T7941] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 247.341871][ T7941] dpm_for_each_dev+0x5a/0xb0 [ 247.341908][ T7941] fw_pm_notify+0x81/0x150 [ 247.341941][ T7941] notifier_call_chain+0xb9/0x410 [ 247.341981][ T7941] ? __pfx_fw_pm_notify+0x10/0x10 [ 247.342025][ T7941] blocking_notifier_call_chain_robust+0xc8/0x160 [ 247.342070][ T7941] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 247.342129][ T7941] pm_notifier_call_chain_robust+0x27/0x60 [ 247.342176][ T7941] snapshot_open+0x189/0x2b0 [ 247.342215][ T7941] ? __pfx_snapshot_open+0x10/0x10 [ 247.342257][ T7941] misc_open+0x35a/0x420 [ 247.342295][ T7941] ? __pfx_misc_open+0x10/0x10 [ 247.342330][ T7941] chrdev_open+0x234/0x6a0 [ 247.342372][ T7941] ? __pfx_apparmor_file_open+0x10/0x10 [ 247.342410][ T7941] ? __pfx_chrdev_open+0x10/0x10 [ 247.342456][ T7941] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 247.342502][ T7941] do_dentry_open+0x982/0x1530 [ 247.342545][ T7941] ? __pfx_chrdev_open+0x10/0x10 [ 247.342598][ T7941] vfs_open+0x82/0x3f0 [ 247.342662][ T7941] path_openat+0x1de4/0x2cb0 [ 247.342719][ T7941] ? __pfx_path_openat+0x10/0x10 [ 247.342771][ T7941] do_filp_open+0x20b/0x470 [ 247.342812][ T7941] ? __pfx_do_filp_open+0x10/0x10 [ 247.342883][ T7941] ? alloc_fd+0x471/0x7d0 [ 247.342934][ T7941] do_sys_openat2+0x11b/0x1d0 [ 247.342987][ T7941] ? __pfx_do_sys_openat2+0x10/0x10 [ 247.343056][ T7941] __x64_sys_openat+0x174/0x210 [ 247.343109][ T7941] ? __pfx___x64_sys_openat+0x10/0x10 [ 247.343182][ T7941] do_syscall_64+0xcd/0x490 [ 247.343232][ T7941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.343266][ T7941] RIP: 0033:0x7fdd68f8ebe9 [ 247.343293][ T7941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.343325][ T7941] RSP: 002b:00007fdd69eb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 247.343357][ T7941] RAX: ffffffffffffffda RBX: 00007fdd691b5fa0 RCX: 00007fdd68f8ebe9 [ 247.343378][ T7941] RDX: 0000000000000040 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 247.343398][ T7941] RBP: 00007fdd69011e19 R08: 0000000000000000 R09: 0000000000000000 [ 247.343416][ T7941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.343434][ T7941] R13: 00007fdd691b6038 R14: 00007fdd691b5fa0 R15: 00007ffe94158858 [ 247.343478][ T7941] [ 248.134509][ T7941] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 248.140761][ T7941] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 248.152595][ T7941] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 248.158849][ T7941] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 248.492637][ T7663] Bluetooth: hci1: SCO packet too small [ 248.524247][ T7957] netlink: 'syz.3.367': attribute type 2 has an invalid length. [ 248.959893][ T7957] zswap: compressor not available [ 249.363363][ T7979] zswap: compressor not available [ 249.765240][ T8006] netlink: 28 bytes leftover after parsing attributes in process `syz.2.377'. [ 249.932183][ T7663] Bluetooth: hci0: command 0x0c1a tx timeout [ 250.012965][ T8006] veth0_macvtap: left promiscuous mode [ 250.173447][ T7663] Bluetooth: hci3: command 0x0c1a tx timeout [ 250.179631][ T7637] Bluetooth: hci2: command 0x0c1a tx timeout [ 250.186520][ T7663] Bluetooth: hci1: command 0x0c1a tx timeout [ 250.523766][ T8025] syz.3.380: vmalloc error: size 16384, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 250.540756][ T8025] CPU: 1 UID: 0 PID: 8025 Comm: syz.3.380 Tainted: G U syzkaller #0 PREEMPT(full) [ 250.540793][ T8025] Tainted: [U]=USER [ 250.540800][ T8025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 250.540814][ T8025] Call Trace: [ 250.540822][ T8025] [ 250.540830][ T8025] dump_stack_lvl+0x16c/0x1f0 [ 250.540867][ T8025] warn_alloc+0x248/0x3a0 [ 250.540899][ T8025] ? __pfx_warn_alloc+0x10/0x10 [ 250.540929][ T8025] ? alloc_pages_mpol+0x25a/0x550 [ 250.540964][ T8025] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 250.541009][ T8025] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 250.541042][ T8025] ? kernel_clone+0xfc/0x930 [ 250.541081][ T8025] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 250.541115][ T8025] ? kernel_clone+0xfc/0x930 [ 250.541145][ T8025] __vmalloc_node_noprof+0xad/0xf0 [ 250.541167][ T8025] ? kernel_clone+0xfc/0x930 [ 250.541201][ T8025] copy_process+0x2c70/0x7690 [ 250.541232][ T8025] ? __pfx___futex_wait+0x10/0x10 [ 250.541280][ T8025] ? __pfx_copy_process+0x10/0x10 [ 250.541321][ T8025] ? futex_private_hash_put+0x176/0x300 [ 250.541355][ T8025] ? futex_private_hash_put+0x18a/0x300 [ 250.541389][ T8025] kernel_clone+0xfc/0x930 [ 250.541423][ T8025] ? __pfx_kernel_clone+0x10/0x10 [ 250.541472][ T8025] __do_sys_clone+0xce/0x120 [ 250.541504][ T8025] ? __pfx___do_sys_clone+0x10/0x10 [ 250.541549][ T8025] ? xfd_validate_state+0x61/0x180 [ 250.541596][ T8025] do_syscall_64+0xcd/0x490 [ 250.541632][ T8025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.541656][ T8025] RIP: 0033:0x7fdd68f8ebe9 [ 250.541675][ T8025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.541698][ T8025] RSP: 002b:00007fdd69e55fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 250.541720][ T8025] RAX: ffffffffffffffda RBX: 00007fdd691b6270 RCX: 00007fdd68f8ebe9 [ 250.541735][ T8025] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 250.541749][ T8025] RBP: 00007fdd69011e19 R08: 0000000000000000 R09: 0000000000000000 [ 250.541764][ T8025] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 250.541778][ T8025] R13: 00007fdd691b6308 R14: 00007fdd691b6270 R15: 00007ffe94158858 [ 250.541807][ T8025] [ 250.541816][ T8025] Mem-Info: [ 250.802400][ T8025] active_anon:27047 inactive_anon:11288 isolated_anon:0 [ 250.802400][ T8025] active_file:9403 inactive_file:49961 isolated_file:0 [ 250.802400][ T8025] unevictable:768 dirty:839 writeback:0 [ 250.802400][ T8025] slab_reclaimable:11246 slab_unreclaimable:94627 [ 250.802400][ T8025] mapped:29575 shmem:30547 pagetables:1238 [ 250.802400][ T8025] sec_pagetables:0 bounce:0 [ 250.802400][ T8025] kernel_misc_reclaimable:0 [ 250.802400][ T8025] free:1281395 free_pcp:20571 free_cma:0 [ 250.915378][ T8025] Node 0 active_anon:106888kB inactive_anon:36312kB active_file:37612kB inactive_file:195552kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118196kB dirty:3352kB writeback:0kB shmem:111708kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11880kB pagetables:4820kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 251.078560][ T8020] netlink: 44 bytes leftover after parsing attributes in process `syz.1.378'. [ 251.222881][ T8025] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4292kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:56kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 251.311886][ T8025] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 251.453885][ T8025] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 251.479093][ T8025] Node 0 DMA32 free:1269992kB boost:0kB min:34320kB low:42900kB high:51480kB reserved_highatomic:0KB free_highatomic:0KB active_anon:101724kB inactive_anon:6488kB active_file:37612kB inactive_file:194180kB unevictable:1536kB writepending:3356kB present:3129332kB managed:2539588kB mlocked:0kB bounce:0kB free_pcp:63796kB local_pcp:31624kB free_cma:0kB [ 251.593068][ T8031] netlink: 4 bytes leftover after parsing attributes in process `syz.2.381'. [ 251.623392][ T8025] lowmem_reserve[]: 0 0 1 1 1 [ 251.628356][ T8025] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 251.692214][ T8025] lowmem_reserve[]: 0 0 0 0 0 [ 251.697044][ T8025] Node 1 Normal free:3875408kB boost:0kB min:55560kB low:69448kB high:83336kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4292kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:29432kB local_pcp:12408kB free_cma:0kB [ 251.815467][ T8025] lowmem_reserve[]: 0 0 0 0 0 [ 251.821048][ T8025] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 251.922610][ T8025] Node 0 DMA32: 1083*4kB (UME) 1017*8kB (UME) 578*16kB (UME) 544*32kB (UME) 65*64kB (UME) 100*128kB (UME) 68*256kB (UME) 13*512kB (UME) 65*1024kB (UME) 28*2048kB (UME) 261*4096kB (UM) = 1273108kB [ 251.942761][ T8025] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 251.955303][ T8025] Node 1 Normal: 240*4kB (UME) 62*8kB (UME) 50*16kB (UME) 72*32kB (UME) 30*64kB (UME) 8*128kB (UME) 3*256kB (UM) 3*512kB (ME) 5*1024kB (UM) 3*2048kB (UME) 941*4096kB (M) = 3875408kB [ 251.978849][ T8025] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 251.988961][ T8025] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 251.999167][ T8025] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 252.012129][ T8025] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 252.060300][ T8025] 75939 total pagecache pages [ 252.075586][ T8025] 25 pages in swap cache [ 252.079871][ T8025] Free swap = 124892kB [ 252.132475][ T8025] Total swap = 124996kB [ 252.136701][ T8025] 2097051 pages RAM [ 252.167735][ T8025] 0 pages HighMem/MovableOnly [ 252.196272][ T8025] 430192 pages reserved [ 252.200493][ T8025] 0 pages cma reserved [ 253.843133][ T8063] random: crng reseeded on system resumption [ 255.327942][ T8089] FAULT_INJECTION: forcing a failure. [ 255.327942][ T8089] name failslab, interval 1, probability 0, space 0, times 0 [ 255.376409][ T8089] CPU: 0 UID: 0 PID: 8089 Comm: syz.0.392 Tainted: G U syzkaller #0 PREEMPT(full) [ 255.376458][ T8089] Tainted: [U]=USER [ 255.376469][ T8089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 255.376487][ T8089] Call Trace: [ 255.376497][ T8089] [ 255.376510][ T8089] dump_stack_lvl+0x16c/0x1f0 [ 255.376557][ T8089] should_fail_ex+0x512/0x640 [ 255.376603][ T8089] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 255.376650][ T8089] should_failslab+0xc2/0x120 [ 255.376694][ T8089] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 255.376737][ T8089] ? __d_alloc+0x32/0xae0 [ 255.376785][ T8089] __d_alloc+0x32/0xae0 [ 255.376830][ T8089] d_alloc_pseudo+0x1c/0xc0 [ 255.376897][ T8089] alloc_file_pseudo+0xcf/0x230 [ 255.376951][ T8089] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 255.377003][ T8089] ? alloc_fd+0x471/0x7d0 [ 255.377046][ T8089] sock_alloc_file+0x50/0x210 [ 255.377096][ T8089] __sys_socket+0x1c0/0x260 [ 255.377128][ T8089] ? __pfx___sys_socket+0x10/0x10 [ 255.377162][ T8089] ? xfd_validate_state+0x61/0x180 [ 255.377222][ T8089] __x64_sys_socket+0x72/0xb0 [ 255.377255][ T8089] ? lockdep_hardirqs_on+0x7c/0x110 [ 255.377298][ T8089] do_syscall_64+0xcd/0x490 [ 255.377347][ T8089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.377379][ T8089] RIP: 0033:0x7f40b218ebe9 [ 255.377405][ T8089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.377437][ T8089] RSP: 002b:00007f40b03f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 255.377468][ T8089] RAX: ffffffffffffffda RBX: 00007f40b23b6090 RCX: 00007f40b218ebe9 [ 255.377489][ T8089] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000026 [ 255.377507][ T8089] RBP: 00007f40b2211e19 R08: 0000000000000000 R09: 0000000000000000 [ 255.377526][ T8089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 255.377543][ T8089] R13: 00007f40b23b6128 R14: 00007f40b23b6090 R15: 00007ffebcdf7058 [ 255.377584][ T8089] [ 263.918021][ T8249] warning: `syz.3.422' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 264.117496][ T8249] program syz.3.422 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 264.324098][ T8254] kernel read not supported for file /gMQ_g _N{7vGlq wĉu}OUVW.uw.`O:KdYѮaj7nwKQHg[壣%'ϖX:DktހX [$O8 bŹ9F@eMU;$Q8҇ŝ赵DtS^0YJpu (pid: 8254 comm: syz.1.423) [ 264.394413][ T31] audit: type=1800 audit(1756021220.480:3): pid=8254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.423" name=BEF282E71467B5EE4D5113A25F67BF09FAF25F4EB07BF9B53776EE47D96CBF8671207796D9E9A8E1F0C71F1EC4C4897583E87DBD7F4F91C15556572EB6AD047502772EEC604FC10E15E73AC91B4BCD64590395D1AEC19B969F616AD2FCFC1F37AFCA6EF6C0774BCEE751AEC9486701EFDA5BE5A3A325278FCF96583A04446B747FDE8001DD589188A109C3F1FE5B93244F382062B492F4BCC5B99839FC46ECDC40DDDA654DE055C83BF5E7245138D287DDC59DC5E8B5B5B8DF44D0E8748A53AABEAABA9E5E301AF859F54A700875BA98 dev="mqueue" ino=19677 res=0 errno=0 [ 265.693551][ T8285] random: crng reseeded on system resumption [ 266.176748][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.183363][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 267.126198][ T8313] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 267.775244][ T8320] random: crng reseeded on system resumption [ 269.260619][ T8339] bridge0: port 3(team0) entered blocking state [ 269.291494][ T8339] bridge0: port 3(team0) entered disabled state [ 269.318618][ T8339] team0: entered allmulticast mode [ 269.345459][ T8339] team_slave_0: entered allmulticast mode [ 269.369231][ T8339] team_slave_1: entered allmulticast mode [ 269.403814][ T8339] team0: entered promiscuous mode [ 269.408925][ T8339] team_slave_0: entered promiscuous mode [ 269.436300][ T8339] team_slave_1: entered promiscuous mode [ 269.444898][ T8339] bridge0: port 3(team0) entered blocking state [ 269.451315][ T8339] bridge0: port 3(team0) entered forwarding state [ 269.831059][ T8335] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 269.838779][ T8335] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 269.858638][ T8335] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 269.876635][ T8335] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 271.292304][ T8016] Bluetooth: hci0: command 0x0c1a tx timeout [ 271.829481][ T8390] netlink: 330 bytes leftover after parsing attributes in process `syz.3.448'. [ 271.852369][ T8016] Bluetooth: hci1: command 0x0c1a tx timeout [ 271.931348][ T8393] netlink: 330 bytes leftover after parsing attributes in process `syz.3.448'. [ 271.942255][ T8016] Bluetooth: hci3: command 0x0c1a tx timeout [ 271.948434][ T7603] Bluetooth: hci2: command 0x0c1a tx timeout [ 272.370387][ T8392] random: crng reseeded on system resumption [ 274.656834][ T8434] FAULT_INJECTION: forcing a failure. [ 274.656834][ T8434] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 274.711868][ T8434] CPU: 1 UID: 0 PID: 8434 Comm: syz.2.458 Tainted: G U syzkaller #0 PREEMPT(full) [ 274.711915][ T8434] Tainted: [U]=USER [ 274.711924][ T8434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 274.711973][ T8434] Call Trace: [ 274.711982][ T8434] [ 274.711992][ T8434] dump_stack_lvl+0x16c/0x1f0 [ 274.712042][ T8434] should_fail_ex+0x512/0x640 [ 274.712089][ T8434] _copy_from_user+0x2e/0xd0 [ 274.712135][ T8434] core_sys_select+0x315/0xc10 [ 274.712173][ T8434] ? __pfx_core_sys_select+0x10/0x10 [ 274.712210][ T8434] ? proc_fail_nth_write+0x9f/0x220 [ 274.712269][ T8434] ? do_sys_openat2+0x157/0x1d0 [ 274.712311][ T8434] ? __pfx_do_sys_openat2+0x10/0x10 [ 274.712361][ T8434] kern_select+0x15d/0x1e0 [ 274.712390][ T8434] ? __pfx_kern_select+0x10/0x10 [ 274.712423][ T8434] ? __pfx_ksys_write+0x10/0x10 [ 274.712460][ T8434] __x64_sys_select+0xbd/0x160 [ 274.712487][ T8434] ? do_syscall_64+0x91/0x490 [ 274.712523][ T8434] ? lockdep_hardirqs_on+0x7c/0x110 [ 274.712558][ T8434] do_syscall_64+0xcd/0x490 [ 274.712597][ T8434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.712624][ T8434] RIP: 0033:0x7f3d5cd8ebe9 [ 274.712646][ T8434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.712673][ T8434] RSP: 002b:00007f3d5dbae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 274.712698][ T8434] RAX: ffffffffffffffda RBX: 00007f3d5cfb5fa0 RCX: 00007f3d5cd8ebe9 [ 274.712716][ T8434] RDX: 0000200000002400 RSI: 0000000000000000 RDI: 000000000000006b [ 274.712733][ T8434] RBP: 00007f3d5dbae090 R08: 0000000000000000 R09: 0000000000000000 [ 274.712750][ T8434] R10: 0000200000002480 R11: 0000000000000246 R12: 0000000000000001 [ 274.712766][ T8434] R13: 00007f3d5cfb6038 R14: 00007f3d5cfb5fa0 R15: 00007ffe5489bdb8 [ 274.712800][ T8434] [ 277.072711][ T8461] capability: warning: `syz.2.465' uses 32-bit capabilities (legacy support in use) [ 277.756806][ T8472] ovs_: entered promiscuous mode [ 277.939839][ T8474] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input12 [ 278.851337][ T7783] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.219587][ T7783] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.573511][ T7783] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.948727][ T7783] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.200119][ T7603] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 280.218000][ T7603] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 280.226428][ T7603] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 280.237851][ T7603] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 280.247048][ T7603] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 281.378420][ T7783] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 281.403804][ T7783] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 281.414924][ T7783] bond0 (unregistering): Released all slaves [ 281.526637][ T8518] sp0: Synchronizing with TNC [ 282.343790][ T8016] Bluetooth: hci1: command tx timeout [ 282.941328][ T7783] hsr_slave_0: left promiscuous mode [ 282.964089][ T7783] hsr_slave_1: left promiscuous mode [ 283.018806][ T7783] veth1_macvtap: left promiscuous mode [ 283.032404][ T7783] veth1_vlan: left promiscuous mode [ 283.055955][ T7783] veth0_vlan: left promiscuous mode [ 283.295123][ T8536] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 283.323395][ T8536] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 283.329514][ T8536] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 283.352121][ T8536] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 283.381734][ T8536] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 283.431484][ T8016] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 283.440918][ T8016] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 283.445416][ T8016] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 283.461826][ T8016] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 283.473907][ T8016] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 284.020644][ T8557] vivid-003: ================= START STATUS ================= [ 284.029492][ T8557] vivid-003: Radio HW Seek Mode: Bounded [ 284.036571][ T8557] vivid-003: Radio Programmable HW Seek: false [ 284.043338][ T8557] vivid-003: RDS Rx I/O Mode: Block I/O [ 284.048990][ T8557] vivid-003: Generate RBDS Instead of RDS: false [ 284.060392][ T8557] vivid-003: RDS Reception: true [ 284.079314][ T8557] vivid-003: RDS Program Type: 0 inactive [ 284.086592][ T8557] vivid-003: RDS PS Name: inactive [ 284.104293][ T8557] vivid-003: RDS Radio Text: inactive [ 284.109960][ T8557] vivid-003: RDS Traffic Announcement: false inactive [ 284.117579][ T8557] vivid-003: RDS Traffic Program: false inactive [ 284.148383][ T8557] vivid-003: RDS Music: false inactive [ 284.160795][ T8557] vivid-003: ================== END STATUS ================== [ 284.346251][ T7783] team0 (unregistering): Port device team_slave_1 removed [ 284.398785][ T7783] team0 (unregistering): Port device team_slave_0 removed [ 284.658095][ T8016] Bluetooth: hci0: command 0x0c1a tx timeout [ 285.090666][ T8511] chnl_net:caif_netlink_parms(): no params data found [ 285.372299][ T8016] Bluetooth: hci1: command 0x040f tx timeout [ 285.379426][ T7603] Bluetooth: hci2: command 0x0c1a tx timeout [ 285.532395][ T7603] Bluetooth: hci3: command tx timeout [ 285.609096][ T8511] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.627633][ T8511] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.645033][ T8511] bridge_slave_0: entered allmulticast mode [ 285.668340][ T8511] bridge_slave_0: entered promiscuous mode [ 285.727765][ T8511] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.740935][ T8511] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.749621][ T8511] bridge_slave_1: entered allmulticast mode [ 285.764752][ T8511] bridge_slave_1: entered promiscuous mode [ 285.958218][ T8511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 285.977881][ T8511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.165938][ T8595] FAULT_INJECTION: forcing a failure. [ 286.165938][ T8595] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 286.183619][ T8595] CPU: 0 UID: 0 PID: 8595 Comm: syz.2.490 Tainted: G U syzkaller #0 PREEMPT(full) [ 286.183655][ T8595] Tainted: [U]=USER [ 286.183662][ T8595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 286.183676][ T8595] Call Trace: [ 286.183683][ T8595] [ 286.183692][ T8595] dump_stack_lvl+0x16c/0x1f0 [ 286.183728][ T8595] should_fail_ex+0x512/0x640 [ 286.183765][ T8595] _copy_to_user+0x32/0xd0 [ 286.183788][ T8595] simple_read_from_buffer+0xcb/0x170 [ 286.183814][ T8595] proc_fail_nth_read+0x197/0x240 [ 286.183840][ T8595] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 286.183866][ T8595] ? rw_verify_area+0xcf/0x6c0 [ 286.183888][ T8595] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 286.183919][ T8595] vfs_read+0x1e1/0xcf0 [ 286.183947][ T8595] ? poll_select_finish+0x377/0x6b0 [ 286.183973][ T8595] ? __pfx_poll_select_finish+0x10/0x10 [ 286.183998][ T8595] ? __pfx_vfs_read+0x10/0x10 [ 286.184025][ T8595] ? do_sys_openat2+0x157/0x1d0 [ 286.184063][ T8595] ? __pfx_do_sys_openat2+0x10/0x10 [ 286.184107][ T8595] ? kern_select+0x175/0x1e0 [ 286.184137][ T8595] ksys_read+0x12a/0x250 [ 286.184164][ T8595] ? __pfx_ksys_read+0x10/0x10 [ 286.184200][ T8595] do_syscall_64+0xcd/0x490 [ 286.184236][ T8595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.184260][ T8595] RIP: 0033:0x7f3d5cd8d5fc [ 286.184278][ T8595] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 286.184301][ T8595] RSP: 002b:00007f3d5dbae030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 286.184323][ T8595] RAX: ffffffffffffffda RBX: 00007f3d5cfb5fa0 RCX: 00007f3d5cd8d5fc [ 286.184339][ T8595] RDX: 000000000000000f RSI: 00007f3d5dbae0a0 RDI: 0000000000000004 [ 286.184353][ T8595] RBP: 00007f3d5dbae090 R08: 0000000000000000 R09: 0000000000000000 [ 286.184368][ T8595] R10: 0000200000002480 R11: 0000000000000246 R12: 0000000000000001 [ 286.184382][ T8595] R13: 00007f3d5cfb6038 R14: 00007f3d5cfb5fa0 R15: 00007ffe5489bdb8 [ 286.184411][ T8595] [ 286.652055][ C0] sl0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 20460 ms [ 286.660540][ C0] sl0: transmit timed out, bad line quality? [ 286.747160][ T7783] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.790077][ T8511] team0: Port device team_slave_0 added [ 286.817937][ T8511] team0: Port device team_slave_1 added [ 286.864977][ T7783] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.934647][ T8544] chnl_net:caif_netlink_parms(): no params data found [ 286.981416][ T7783] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.005333][ T8511] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 287.016253][ T8511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.042519][ T8511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 287.065838][ T8511] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 287.078425][ T8511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.107733][ T8511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 287.157194][ T7783] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.353542][ T8511] hsr_slave_0: entered promiscuous mode [ 287.360454][ T8511] hsr_slave_1: entered promiscuous mode [ 287.368387][ T8511] debugfs: 'hsr0' already exists in 'hsr' [ 287.376095][ T8511] Cannot create hsr debugfs directory [ 287.385608][ T8544] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.393868][ T8544] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.402191][ T8544] bridge_slave_0: entered allmulticast mode [ 287.410814][ T8544] bridge_slave_0: entered promiscuous mode [ 287.420816][ T8544] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.428630][ T8544] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.436678][ T8544] bridge_slave_1: entered allmulticast mode [ 287.446065][ T8544] bridge_slave_1: entered promiscuous mode [ 287.455567][ T7603] Bluetooth: hci1: command 0x040f tx timeout [ 287.621763][ T7603] Bluetooth: hci3: command tx timeout [ 287.643413][ T8610] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 287.673347][ T8610] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 287.679561][ T8610] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 287.700248][ T8610] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 287.714817][ T8610] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 287.731152][ T8610] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 287.760744][ T8544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 287.818940][ T8544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 287.891303][ T7783] bridge_slave_1: left allmulticast mode [ 287.912705][ T7783] bridge_slave_1: left promiscuous mode [ 287.923705][ T7783] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.945976][ T7783] bridge_slave_0: left allmulticast mode [ 287.951687][ T7783] bridge_slave_0: left promiscuous mode [ 287.962686][ T8633] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 4294967282 out of range (51000000..2150000000) [ 287.982589][ T7783] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.661469][ T8643] netlink: 28 bytes leftover after parsing attributes in process `syz.2.498'. [ 288.717581][ T7783] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 288.734112][ T7783] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 288.745018][ T7783] bond0 (unregistering): Released all slaves [ 289.057270][ T7603] Bluetooth: hci0: command 0x0c1a tx timeout [ 289.101326][ T8544] team0: Port device team_slave_0 added [ 289.200657][ T7783] ovs_: left promiscuous mode [ 289.255450][ T8544] team0: Port device team_slave_1 added [ 289.354465][ T8647] random: crng reseeded on system resumption [ 289.460652][ T8544] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 289.468730][ T8544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 289.512879][ T8544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 289.663647][ T8544] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 289.687076][ T8544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 289.717410][ T7603] Bluetooth: hci1: command 0x040f tx timeout [ 289.724164][ T7603] Bluetooth: hci2: command 0x0c1a tx timeout [ 289.732519][ T8544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 289.772226][ T8016] Bluetooth: hci3: command 0x0419 tx timeout [ 290.133257][ T7783] hsr_slave_0: left promiscuous mode [ 290.154046][ T7783] hsr_slave_1: left promiscuous mode [ 290.177952][ T7783] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.202203][ T7783] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 290.213380][ T7783] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.220823][ T7783] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 290.272812][ T8655] sd 0:0:1:0: PR command failed: 1026 [ 290.278333][ T8655] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 290.355031][ T8655] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 290.436257][ T7783] veth1_macvtap: left promiscuous mode [ 290.441880][ T7783] veth0_macvtap: left promiscuous mode [ 290.462325][ T7783] veth1_vlan: left promiscuous mode [ 290.483504][ T7783] veth0_vlan: left promiscuous mode [ 290.598831][ T31] audit: type=1800 audit(1756021246.680:4): pid=8653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.501" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 291.383585][ T7783] team0 (unregistering): Port device team_slave_1 removed [ 291.435644][ T7783] team0 (unregistering): Port device team_slave_0 removed [ 291.780362][ T8016] Bluetooth: hci1: command 0x040f tx timeout [ 291.854841][ T8016] Bluetooth: hci3: command 0x0419 tx timeout [ 292.064711][ T8544] hsr_slave_0: entered promiscuous mode [ 292.083880][ T8544] hsr_slave_1: entered promiscuous mode [ 292.105039][ T8544] debugfs: 'hsr0' already exists in 'hsr' [ 292.113697][ T8544] Cannot create hsr debugfs directory [ 292.155223][ T8678] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 292.165843][ T8678] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 292.185913][ T8678] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 292.197088][ T8678] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 292.339027][ T8700] netlink: 'syz.2.508': attribute type 1 has an invalid length. [ 292.538310][ T8511] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 292.572103][ T8511] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 292.593548][ T8511] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 292.639367][ T8511] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 293.428351][ T8511] 8021q: adding VLAN 0 to HW filter on device bond0 [ 293.482594][ T8511] 8021q: adding VLAN 0 to HW filter on device team0 [ 293.556512][ T7783] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.564797][ T7783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 293.612855][ T7776] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.620131][ T7776] bridge0: port 2(bridge_slave_1) entered forwarding state [ 293.868196][ T8544] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 293.886153][ T8720] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 293.902615][ T8720] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 293.912403][ T8720] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 293.918620][ T8720] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 294.070522][ T8544] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 294.113846][ T8544] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 294.141122][ T8544] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 294.548471][ T8721] kexec: Could not allocate control_code_buffer [ 294.563967][ T8544] 8021q: adding VLAN 0 to HW filter on device bond0 [ 294.645298][ T8511] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 294.667451][ T8544] 8021q: adding VLAN 0 to HW filter on device team0 [ 294.707246][ T7776] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.714504][ T7776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 294.758082][ T7776] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.765331][ T7776] bridge0: port 2(bridge_slave_1) entered forwarding state [ 295.143003][ T8511] veth0_vlan: entered promiscuous mode [ 295.241811][ T8511] veth1_vlan: entered promiscuous mode [ 295.378160][ T8016] Bluetooth: hci0: command 0x0c1a tx timeout [ 295.511395][ T8511] veth0_macvtap: entered promiscuous mode [ 295.760387][ T8511] veth1_macvtap: entered promiscuous mode [ 295.940552][ T8016] Bluetooth: hci3: command 0x0419 tx timeout [ 295.946773][ T7603] Bluetooth: hci1: command 0x040f tx timeout [ 295.953648][ T7663] Bluetooth: hci2: command 0x0c1a tx timeout [ 296.009907][ T8511] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 296.097943][ T8511] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 296.176950][ T7666] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.204306][ T7666] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.396892][ T7666] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.423036][ T7666] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.566964][ T8544] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 296.805598][ T7784] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 296.850829][ T7784] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 297.257488][ T8807] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 297.304666][ T8544] veth0_vlan: entered promiscuous mode [ 297.323241][ T7784] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 297.335311][ T7784] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 297.542356][ T8544] veth1_vlan: entered promiscuous mode [ 298.012801][ T8016] Bluetooth: hci3: command 0x0419 tx timeout [ 298.039363][ T8544] veth0_macvtap: entered promiscuous mode [ 298.080830][ T8544] veth1_macvtap: entered promiscuous mode [ 298.127011][ T8811] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 298.217175][ T8544] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 298.517843][ T8544] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 298.678237][ T7783] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.699595][ T7783] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.856836][ T7783] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.885706][ T7783] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.193987][ T7805] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.201872][ T7805] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.296137][ T7784] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.306256][ T7784] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 300.346070][ T8857] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 302.632379][ T8883] FAULT_INJECTION: forcing a failure. [ 302.632379][ T8883] name failslab, interval 1, probability 0, space 0, times 0 [ 302.653605][ T8883] CPU: 0 UID: 0 PID: 8883 Comm: syz.2.527 Tainted: G U syzkaller #0 PREEMPT(full) [ 302.653658][ T8883] Tainted: [U]=USER [ 302.653668][ T8883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 302.653687][ T8883] Call Trace: [ 302.653698][ T8883] [ 302.653710][ T8883] dump_stack_lvl+0x16c/0x1f0 [ 302.653759][ T8883] should_fail_ex+0x512/0x640 [ 302.653807][ T8883] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 302.653853][ T8883] should_failslab+0xc2/0x120 [ 302.653898][ T8883] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 302.653941][ T8883] ? sk_prot_alloc+0x60/0x2a0 [ 302.654001][ T8883] sk_prot_alloc+0x60/0x2a0 [ 302.654057][ T8883] sk_alloc+0x36/0xc20 [ 302.654100][ T8883] inet_create+0x3a1/0x1040 [ 302.654136][ T8883] ? inet_create+0x93/0x1040 [ 302.654177][ T8883] __sock_create+0x338/0x8d0 [ 302.654218][ T8883] mptcp_subflow_create_socket+0xf5/0xed0 [ 302.654280][ T8883] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 302.654356][ T8883] __mptcp_nmpc_sk+0x182/0x7d0 [ 302.654392][ T8883] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 302.654430][ T8883] ? __local_bh_enable_ip+0xa4/0x120 [ 302.654476][ T8883] mptcp_getsockopt+0xcf8/0xe20 [ 302.654530][ T8883] ? __pfx_mptcp_getsockopt+0x10/0x10 [ 302.654582][ T8883] ? find_held_lock+0x2b/0x80 [ 302.654615][ T8883] ? __might_fault+0xe3/0x190 [ 302.654652][ T8883] ? __might_fault+0xe3/0x190 [ 302.654687][ T8883] ? __might_fault+0x13b/0x190 [ 302.654740][ T8883] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 302.654793][ T8883] do_sock_getsockopt+0x34a/0x440 [ 302.654848][ T8883] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 302.654899][ T8883] ? __fget_files+0x204/0x3c0 [ 302.654956][ T8883] __sys_getsockopt+0x123/0x1b0 [ 302.655010][ T8883] __x64_sys_getsockopt+0xbd/0x160 [ 302.655051][ T8883] ? do_syscall_64+0x91/0x490 [ 302.655096][ T8883] ? lockdep_hardirqs_on+0x7c/0x110 [ 302.655139][ T8883] do_syscall_64+0xcd/0x490 [ 302.655187][ T8883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.655221][ T8883] RIP: 0033:0x7f3d5cd8ebe9 [ 302.655247][ T8883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.655280][ T8883] RSP: 002b:00007f3d5dbae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 302.655316][ T8883] RAX: ffffffffffffffda RBX: 00007f3d5cfb5fa0 RCX: 00007f3d5cd8ebe9 [ 302.655349][ T8883] RDX: 0000000000000021 RSI: 0000000000000006 RDI: 0000000000000006 [ 302.655370][ T8883] RBP: 00007f3d5ce11e19 R08: 0000000000000000 R09: 0000000000000000 [ 302.655391][ T8883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 302.655412][ T8883] R13: 00007f3d5cfb6038 R14: 00007f3d5cfb5fa0 R15: 00007ffe5489bdb8 [ 302.655456][ T8883] [ 302.992826][ T8911] netlink: 28 bytes leftover after parsing attributes in process `syz.3.530'. [ 304.156728][ T8937] ecryptfs_miscdev_write: Invalid packet size [111] [ 305.537167][ T8959] FAULT_INJECTION: forcing a failure. [ 305.537167][ T8959] name failslab, interval 1, probability 0, space 0, times 0 [ 305.572189][ T8959] CPU: 0 UID: 0 PID: 8959 Comm: syz.2.538 Tainted: G U syzkaller #0 PREEMPT(full) [ 305.572239][ T8959] Tainted: [U]=USER [ 305.572249][ T8959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 305.572266][ T8959] Call Trace: [ 305.572277][ T8959] [ 305.572288][ T8959] dump_stack_lvl+0x16c/0x1f0 [ 305.572330][ T8959] should_fail_ex+0x512/0x640 [ 305.572364][ T8959] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 305.572397][ T8959] should_failslab+0xc2/0x120 [ 305.572429][ T8959] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 305.572458][ T8959] ? getname_flags.part.0+0x4c/0x550 [ 305.572502][ T8959] getname_flags.part.0+0x4c/0x550 [ 305.572543][ T8959] getname_flags+0x93/0xf0 [ 305.572570][ T8959] do_sys_openat2+0xb8/0x1d0 [ 305.572608][ T8959] ? __pfx_do_sys_openat2+0x10/0x10 [ 305.572649][ T8959] ? __fget_files+0x20e/0x3c0 [ 305.572681][ T8959] __x64_sys_openat+0x174/0x210 [ 305.572720][ T8959] ? __pfx___x64_sys_openat+0x10/0x10 [ 305.572758][ T8959] ? ksys_write+0x1ac/0x250 [ 305.572796][ T8959] do_syscall_64+0xcd/0x490 [ 305.572831][ T8959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.572856][ T8959] RIP: 0033:0x7f3d5cd8ebe9 [ 305.572874][ T8959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.572898][ T8959] RSP: 002b:00007f3d5dbae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 305.572920][ T8959] RAX: ffffffffffffffda RBX: 00007f3d5cfb5fa0 RCX: 00007f3d5cd8ebe9 [ 305.572936][ T8959] RDX: 0000000000000040 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 305.572951][ T8959] RBP: 00007f3d5dbae090 R08: 0000000000000000 R09: 0000000000000000 [ 305.572966][ T8959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.572980][ T8959] R13: 00007f3d5cfb6038 R14: 00007f3d5cfb5fa0 R15: 00007ffe5489bdb8 [ 305.573010][ T8959] [ 306.388279][ T8972] FAULT_INJECTION: forcing a failure. [ 306.388279][ T8972] name failslab, interval 1, probability 0, space 0, times 0 [ 306.400979][ T8972] CPU: 1 UID: 0 PID: 8972 Comm: syz.1.539 Tainted: G U syzkaller #0 PREEMPT(full) [ 306.401036][ T8972] Tainted: [U]=USER [ 306.401048][ T8972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 306.401068][ T8972] Call Trace: [ 306.401081][ T8972] [ 306.401094][ T8972] dump_stack_lvl+0x116/0x1f0 [ 306.401145][ T8972] should_fail_ex+0x512/0x640 [ 306.401206][ T8972] should_failslab+0xc2/0x120 [ 306.401265][ T8972] __kmalloc_cache_noprof+0x6a/0x3e0 [ 306.401307][ T8972] ? alloc_fw_cache_entry+0x3f/0xd0 [ 306.401352][ T8972] ? __pfx_fw_name_devm_release+0x10/0x10 [ 306.401396][ T8972] alloc_fw_cache_entry+0x3f/0xd0 [ 306.401439][ T8972] dev_create_fw_entry+0x3d/0x150 [ 306.401483][ T8972] ? __pfx_fw_name_devm_release+0x10/0x10 [ 306.401522][ T8972] devres_for_each_res+0x170/0x1d0 [ 306.401578][ T8972] ? __pfx_devm_name_match+0x10/0x10 [ 306.401615][ T8972] ? __pfx_dev_create_fw_entry+0x10/0x10 [ 306.401659][ T8972] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 306.401704][ T8972] dev_cache_fw_image+0xa2/0x490 [ 306.401750][ T8972] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 306.401802][ T8972] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 306.401848][ T8972] dpm_for_each_dev+0x5a/0xb0 [ 306.401887][ T8972] fw_pm_notify+0x81/0x150 [ 306.401926][ T8972] notifier_call_chain+0xb9/0x410 [ 306.401974][ T8972] ? __pfx_fw_pm_notify+0x10/0x10 [ 306.402020][ T8972] blocking_notifier_call_chain_robust+0xc8/0x160 [ 306.402069][ T8972] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 306.402129][ T8972] pm_notifier_call_chain_robust+0x27/0x60 [ 306.402166][ T8972] snapshot_open+0x189/0x2b0 [ 306.402196][ T8972] ? __pfx_snapshot_open+0x10/0x10 [ 306.402227][ T8972] misc_open+0x35a/0x420 [ 306.402262][ T8972] ? __pfx_misc_open+0x10/0x10 [ 306.402289][ T8972] chrdev_open+0x234/0x6a0 [ 306.402323][ T8972] ? __pfx_apparmor_file_open+0x10/0x10 [ 306.402351][ T8972] ? __pfx_chrdev_open+0x10/0x10 [ 306.402386][ T8972] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 306.402420][ T8972] do_dentry_open+0x982/0x1530 [ 306.402452][ T8972] ? __pfx_chrdev_open+0x10/0x10 [ 306.402491][ T8972] vfs_open+0x82/0x3f0 [ 306.402532][ T8972] path_openat+0x1de4/0x2cb0 [ 306.402572][ T8972] ? __pfx_path_openat+0x10/0x10 [ 306.402611][ T8972] do_filp_open+0x20b/0x470 [ 306.402641][ T8972] ? __pfx_do_filp_open+0x10/0x10 [ 306.402693][ T8972] ? alloc_fd+0x471/0x7d0 [ 306.402729][ T8972] do_sys_openat2+0x11b/0x1d0 [ 306.402768][ T8972] ? __pfx_do_sys_openat2+0x10/0x10 [ 306.402819][ T8972] __x64_sys_openat+0x174/0x210 [ 306.402869][ T8972] ? __pfx___x64_sys_openat+0x10/0x10 [ 306.402939][ T8972] do_syscall_64+0xcd/0x490 [ 306.402990][ T8972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.403017][ T8972] RIP: 0033:0x7f63ce58ebe9 [ 306.403037][ T8972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.403062][ T8972] RSP: 002b:00007f63cf34c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 306.403085][ T8972] RAX: ffffffffffffffda RBX: 00007f63ce7b5fa0 RCX: 00007f63ce58ebe9 [ 306.403101][ T8972] RDX: 0000000000000040 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 306.403117][ T8972] RBP: 00007f63ce611e19 R08: 0000000000000000 R09: 0000000000000000 [ 306.403132][ T8972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 306.403146][ T8972] R13: 00007f63ce7b6038 R14: 00007f63ce7b5fa0 R15: 00007ffd88a676d8 [ 306.403178][ T8972] [ 307.582630][ T8972] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 307.626031][ T8972] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 307.633819][ T8969] kexec: Could not allocate control_code_buffer [ 307.691931][ T8972] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 307.767553][ T8972] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 308.134656][ T8993] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input17 [ 308.237699][ T8991] ovs_: entered promiscuous mode [ 309.623352][ T8016] Bluetooth: hci0: command 0x0c1a tx timeout [ 309.698779][ T8016] Bluetooth: hci1: command 0x040f tx timeout [ 309.704928][ T7603] Bluetooth: hci2: command 0x0c1a tx timeout [ 309.790488][ T8016] Bluetooth: hci3: command 0x0419 tx timeout [ 310.187928][ T9021] netlink: 28 bytes leftover after parsing attributes in process `syz.0.548'. [ 310.339259][ T9021] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 310.372300][ T9021] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 310.449347][ T9021] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 310.458464][ T9021] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 311.113850][ T9003] kexec: Could not allocate control_code_buffer [ 313.559063][ T9051] sp0: Synchronizing with TNC [ 313.653553][ T9054] FAULT_INJECTION: forcing a failure. [ 313.653553][ T9054] name failslab, interval 1, probability 0, space 0, times 0 [ 313.684350][ T9054] CPU: 1 UID: 0 PID: 9054 Comm: syz.0.555 Tainted: G U syzkaller #0 PREEMPT(full) [ 313.684408][ T9054] Tainted: [U]=USER [ 313.684420][ T9054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 313.684450][ T9054] Call Trace: [ 313.684462][ T9054] [ 313.684475][ T9054] dump_stack_lvl+0x16c/0x1f0 [ 313.684529][ T9054] should_fail_ex+0x512/0x640 [ 313.684586][ T9054] should_failslab+0xc2/0x120 [ 313.684635][ T9054] __kmalloc_cache_noprof+0x6a/0x3e0 [ 313.684669][ T9054] ? do_raw_spin_lock+0x12c/0x2b0 [ 313.684724][ T9054] ? find_held_lock+0x2b/0x80 [ 313.684756][ T9054] ? async_schedule_node_domain+0x54/0x120 [ 313.684806][ T9054] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 313.684853][ T9054] async_schedule_node_domain+0x54/0x120 [ 313.684899][ T9054] dev_cache_fw_image+0x38e/0x490 [ 313.684944][ T9054] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 313.684994][ T9054] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 313.685039][ T9054] dpm_for_each_dev+0x5a/0xb0 [ 313.685076][ T9054] fw_pm_notify+0x81/0x150 [ 313.685114][ T9054] notifier_call_chain+0xb9/0x410 [ 313.685159][ T9054] ? __pfx_fw_pm_notify+0x10/0x10 [ 313.685206][ T9054] blocking_notifier_call_chain_robust+0xc8/0x160 [ 313.685259][ T9054] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 313.685326][ T9054] pm_notifier_call_chain_robust+0x27/0x60 [ 313.685376][ T9054] snapshot_open+0x189/0x2b0 [ 313.685418][ T9054] ? __pfx_snapshot_open+0x10/0x10 [ 313.685474][ T9054] misc_open+0x35a/0x420 [ 313.685514][ T9054] ? __pfx_misc_open+0x10/0x10 [ 313.685552][ T9054] chrdev_open+0x234/0x6a0 [ 313.685597][ T9054] ? __pfx_apparmor_file_open+0x10/0x10 [ 313.685637][ T9054] ? __pfx_chrdev_open+0x10/0x10 [ 313.685686][ T9054] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 313.685736][ T9054] do_dentry_open+0x982/0x1530 [ 313.685782][ T9054] ? __pfx_chrdev_open+0x10/0x10 [ 313.685838][ T9054] vfs_open+0x82/0x3f0 [ 313.685897][ T9054] path_openat+0x1de4/0x2cb0 [ 313.685955][ T9054] ? __pfx_path_openat+0x10/0x10 [ 313.686011][ T9054] do_filp_open+0x20b/0x470 [ 313.686053][ T9054] ? __pfx_do_filp_open+0x10/0x10 [ 313.686124][ T9054] ? alloc_fd+0x471/0x7d0 [ 313.686175][ T9054] do_sys_openat2+0x11b/0x1d0 [ 313.686227][ T9054] ? __pfx_do_sys_openat2+0x10/0x10 [ 313.686300][ T9054] __x64_sys_openat+0x174/0x210 [ 313.686358][ T9054] ? __pfx___x64_sys_openat+0x10/0x10 [ 313.686445][ T9054] do_syscall_64+0xcd/0x490 [ 313.686500][ T9054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.686537][ T9054] RIP: 0033:0x7f40b218ebe9 [ 313.686565][ T9054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.686600][ T9054] RSP: 002b:00007f40b2f24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 313.686633][ T9054] RAX: ffffffffffffffda RBX: 00007f40b23b5fa0 RCX: 00007f40b218ebe9 [ 313.686656][ T9054] RDX: 0000000000000040 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 313.686678][ T9054] RBP: 00007f40b2211e19 R08: 0000000000000000 R09: 0000000000000000 [ 313.686699][ T9054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 313.686719][ T9054] R13: 00007f40b23b6038 R14: 00007f40b23b5fa0 R15: 00007ffebcdf7058 [ 313.686765][ T9054] [ 313.690799][ T9054] [ 314.007951][ T9054] ====================================================== [ 314.014977][ T9054] WARNING: possible circular locking dependency detected [ 314.022017][ T9054] syzkaller #0 Tainted: G U [ 314.028012][ T9054] ------------------------------------------------------ [ 314.035060][ T9054] syz.0.555/9054 is trying to acquire lock: [ 314.041013][ T9054] ffff888076673068 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}, at: process_measurement+0x7e0/0x23e0 [ 314.051676][ T9054] [ 314.051676][ T9054] but task is already holding lock: [ 314.059054][ T9054] ffffffff8f5173c8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 314.067972][ T9054] [ 314.067972][ T9054] which lock already depends on the new lock. [ 314.067972][ T9054] [ 314.078385][ T9054] [ 314.078385][ T9054] the existing dependency chain (in reverse order) is: [ 314.087410][ T9054] [ 314.087410][ T9054] -> #4 (dpm_list_mtx){+.+.}-{4:4}: [ 314.094828][ T9054] __mutex_lock+0x193/0x1060 [ 314.099976][ T9054] device_pm_add+0x87/0x3e0 [ 314.105028][ T9054] device_add+0x9cd/0x1aa0 [ 314.109987][ T9054] device_create_groups_vargs+0x1f8/0x270 [ 314.116256][ T9054] device_create+0xed/0x130 [ 314.121301][ T9054] msr_device_create+0x31/0x70 [ 314.126622][ T9054] cpuhp_invoke_callback+0x3d5/0xa10 [ 314.132476][ T9054] cpuhp_thread_fun+0x47e/0x6f0 [ 314.137902][ T9054] smpboot_thread_fn+0x3f7/0xae0 [ 314.143390][ T9054] kthread+0x3c5/0x780 [ 314.148020][ T9054] ret_from_fork+0x5d4/0x6f0 [ 314.153166][ T9054] ret_from_fork_asm+0x1a/0x30 [ 314.158489][ T9054] [ 314.158489][ T9054] -> #3 (cpuhp_state-up){+.+.}-{0:0}: [ 314.166076][ T9054] cpuhp_thread_fun+0x193/0x6f0 [ 314.171476][ T9054] smpboot_thread_fn+0x3f7/0xae0 [ 314.176975][ T9054] kthread+0x3c5/0x780 [ 314.181596][ T9054] ret_from_fork+0x5d4/0x6f0 [ 314.186743][ T9054] ret_from_fork_asm+0x1a/0x30 [ 314.192063][ T9054] [ 314.192063][ T9054] -> #2 (cpu_hotplug_lock){++++}-{0:0}: [ 314.199840][ T9054] cpus_read_lock+0x42/0x160 [ 314.204986][ T9054] ring_buffer_resize+0x105/0x15c0 [ 314.210647][ T9054] tracing_update_buffers+0x15e/0x1f0 [ 314.216568][ T9054] ftrace_event_write+0x14a/0x2c0 [ 314.222135][ T9054] vfs_write+0x2a0/0x11d0 [ 314.227014][ T9054] ksys_write+0x12a/0x250 [ 314.231898][ T9054] do_syscall_64+0xcd/0x490 [ 314.236964][ T9054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.243407][ T9054] [ 314.243407][ T9054] -> #1 (trace_types_lock){+.+.}-{4:4}: [ 314.251180][ T9054] __mutex_lock+0x193/0x1060 [ 314.256328][ T9054] tracing_check_open_get_tr.part.0+0x49/0x190 [ 314.263123][ T9054] tracing_open_generic_tr+0x66/0xf0 [ 314.268961][ T9054] do_dentry_open+0x982/0x1530 [ 314.274274][ T9054] vfs_open+0x82/0x3f0 [ 314.278894][ T9054] dentry_open+0x71/0xd0 [ 314.283719][ T9054] ima_calc_file_hash+0x2b6/0x490 [ 314.289294][ T9054] ima_collect_measurement+0x899/0xa40 [ 314.295304][ T9054] process_measurement+0x11fa/0x23e0 [ 314.301136][ T9054] ima_file_check+0xc5/0x110 [ 314.306267][ T9054] security_file_post_open+0x8e/0x210 [ 314.312196][ T9054] path_openat+0x1404/0x2cb0 [ 314.317339][ T9054] do_filp_open+0x20b/0x470 [ 314.322390][ T9054] do_sys_openat2+0x11b/0x1d0 [ 314.327637][ T9054] __x64_sys_openat+0x174/0x210 [ 314.333070][ T9054] do_syscall_64+0xcd/0x490 [ 314.338139][ T9054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.344578][ T9054] [ 314.344578][ T9054] -> #0 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}: [ 314.353232][ T9054] __lock_acquire+0x12a6/0x1ce0 [ 314.358637][ T9054] lock_acquire+0x179/0x350 [ 314.363693][ T9054] __mutex_lock+0x193/0x1060 [ 314.368840][ T9054] process_measurement+0x7e0/0x23e0 [ 314.374585][ T9054] ima_file_check+0xc5/0x110 [ 314.379718][ T9054] security_file_post_open+0x8e/0x210 [ 314.385641][ T9054] path_openat+0x1404/0x2cb0 [ 314.390776][ T9054] do_file_open_root+0x322/0x610 [ 314.396261][ T9054] file_open_root+0x2a7/0x450 [ 314.401488][ T9054] kernel_read_file_from_path_initns+0x189/0x260 [ 314.408380][ T9054] _request_firmware+0x744/0x1470 [ 314.413953][ T9054] __async_dev_cache_fw_image+0xb1/0x340 [ 314.420139][ T9054] async_schedule_node_domain+0xd4/0x120 [ 314.426331][ T9054] dev_cache_fw_image+0x38e/0x490 [ 314.431905][ T9054] dpm_for_each_dev+0x5a/0xb0 [ 314.437133][ T9054] fw_pm_notify+0x81/0x150 [ 314.442121][ T9054] notifier_call_chain+0xb9/0x410 [ 314.447727][ T9054] blocking_notifier_call_chain_robust+0xc8/0x160 [ 314.454697][ T9054] pm_notifier_call_chain_robust+0x27/0x60 [ 314.461059][ T9054] snapshot_open+0x189/0x2b0 [ 314.466223][ T9054] misc_open+0x35a/0x420 [ 314.471011][ T9054] chrdev_open+0x234/0x6a0 [ 314.475992][ T9054] do_dentry_open+0x982/0x1530 [ 314.481330][ T9054] vfs_open+0x82/0x3f0 [ 314.485963][ T9054] path_openat+0x1de4/0x2cb0 [ 314.491106][ T9054] do_filp_open+0x20b/0x470 [ 314.496158][ T9054] do_sys_openat2+0x11b/0x1d0 [ 314.501477][ T9054] __x64_sys_openat+0x174/0x210 [ 314.506882][ T9054] do_syscall_64+0xcd/0x490 [ 314.511939][ T9054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.518466][ T9054] [ 314.518466][ T9054] other info that might help us debug this: [ 314.518466][ T9054] [ 314.528704][ T9054] Chain exists of: [ 314.528704][ T9054] &ima_iint_mutex_key[depth] --> cpuhp_state-up --> dpm_list_mtx [ 314.528704][ T9054] [ 314.542390][ T9054] Possible unsafe locking scenario: [ 314.542390][ T9054] [ 314.549864][ T9054] CPU0 CPU1 [ 314.555246][ T9054] ---- ---- [ 314.560617][ T9054] lock(dpm_list_mtx); [ 314.564792][ T9054] lock(cpuhp_state-up); [ 314.571661][ T9054] lock(dpm_list_mtx); [ 314.578367][ T9054] lock(&ima_iint_mutex_key[depth]); [ 314.583755][ T9054] [ 314.583755][ T9054] *** DEADLOCK *** [ 314.583755][ T9054] [ 314.591904][ T9054] 5 locks held by syz.0.555/9054: [ 314.596938][ T9054] #0: ffffffff8f306f48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420 [ 314.605430][ T9054] #1: ffffffff8e484808 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 [ 314.615860][ T9054] #2: ffffffff8e4c4c70 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160 [ 314.627762][ T9054] #3: ffffffff8f51c9c8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 314.636448][ T9054] #4: ffffffff8f5173c8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 314.645826][ T9054] [ 314.645826][ T9054] stack backtrace: [ 314.651739][ T9054] CPU: 1 UID: 0 PID: 9054 Comm: syz.0.555 Tainted: G U syzkaller #0 PREEMPT(full) [ 314.651781][ T9054] Tainted: [U]=USER [ 314.651790][ T9054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 314.651806][ T9054] Call Trace: [ 314.651816][ T9054] [ 314.651826][ T9054] dump_stack_lvl+0x116/0x1f0 [ 314.651868][ T9054] print_circular_bug+0x275/0x350 [ 314.651905][ T9054] check_noncircular+0x14c/0x170 [ 314.651944][ T9054] __lock_acquire+0x12a6/0x1ce0 [ 314.651987][ T9054] lock_acquire+0x179/0x350 [ 314.652025][ T9054] ? process_measurement+0x7e0/0x23e0 [ 314.652059][ T9054] ? __pfx___might_resched+0x10/0x10 [ 314.652096][ T9054] ? process_measurement+0x7e0/0x23e0 [ 314.652128][ T9054] __mutex_lock+0x193/0x1060 [ 314.652169][ T9054] ? process_measurement+0x7e0/0x23e0 [ 314.652202][ T9054] ? __pfx___mutex_lock+0x10/0x10 [ 314.652239][ T9054] ? __pfx___might_resched+0x10/0x10 [ 314.652267][ T9054] ? find_held_lock+0x2b/0x80 [ 314.652294][ T9054] ? down_write+0x14d/0x200 [ 314.652337][ T9054] ? process_measurement+0x7e0/0x23e0 [ 314.652364][ T9054] process_measurement+0x7e0/0x23e0 [ 314.652404][ T9054] ? __pfx_process_measurement+0x10/0x10 [ 314.652435][ T9054] ? find_held_lock+0x2b/0x80 [ 314.652462][ T9054] ? fscrypt_file_open+0x47c/0x590 [ 314.652511][ T9054] ? __pfx___fsnotify_parent+0x10/0x10 [ 314.652538][ T9054] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 314.652574][ T9054] ima_file_check+0xc5/0x110 [ 314.652601][ T9054] ? __pfx_ima_file_check+0x10/0x10 [ 314.652630][ T9054] ? vfs_open+0x2e3/0x3f0 [ 314.652672][ T9054] security_file_post_open+0x8e/0x210 [ 314.652709][ T9054] path_openat+0x1404/0x2cb0 [ 314.652745][ T9054] ? trace_kmem_cache_alloc+0x28/0xc0 [ 314.652788][ T9054] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 314.652821][ T9054] ? __pfx_path_openat+0x10/0x10 [ 314.652853][ T9054] ? __asan_memcpy+0x3c/0x60 [ 314.652882][ T9054] do_file_open_root+0x322/0x610 [ 314.652915][ T9054] ? __pfx_do_file_open_root+0x10/0x10 [ 314.652964][ T9054] ? vsnprintf+0x318/0x1160 [ 314.652999][ T9054] file_open_root+0x2a7/0x450 [ 314.653033][ T9054] ? __pfx_file_open_root+0x10/0x10 [ 314.653066][ T9054] ? find_held_lock+0x2b/0x80 [ 314.653092][ T9054] ? kernel_read_file_from_path_initns+0x17a/0x260 [ 314.653139][ T9054] kernel_read_file_from_path_initns+0x189/0x260 [ 314.653185][ T9054] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 314.653228][ T9054] ? trace_kmem_cache_alloc+0x28/0xc0 [ 314.653272][ T9054] ? _request_firmware+0x503/0x1470 [ 314.653308][ T9054] _request_firmware+0x744/0x1470 [ 314.653347][ T9054] ? __pfx__request_firmware+0x10/0x10 [ 314.653382][ T9054] ? dump_stack_lvl+0x185/0x1f0 [ 314.653437][ T9054] ? lockdep_hardirqs_on+0x7c/0x110 [ 314.653475][ T9054] __async_dev_cache_fw_image+0xb1/0x340 [ 314.653511][ T9054] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 314.653548][ T9054] ? mark_held_locks+0x49/0x80 [ 314.653583][ T9054] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 314.653616][ T9054] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 314.653654][ T9054] async_schedule_node_domain+0xd4/0x120 [ 314.653688][ T9054] dev_cache_fw_image+0x38e/0x490 [ 314.653720][ T9054] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 314.653754][ T9054] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 314.653787][ T9054] dpm_for_each_dev+0x5a/0xb0 [ 314.653816][ T9054] fw_pm_notify+0x81/0x150 [ 314.653844][ T9054] notifier_call_chain+0xb9/0x410 [ 314.653879][ T9054] ? __pfx_fw_pm_notify+0x10/0x10 [ 314.653911][ T9054] blocking_notifier_call_chain_robust+0xc8/0x160 [ 314.653951][ T9054] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 314.653997][ T9054] pm_notifier_call_chain_robust+0x27/0x60 [ 314.654035][ T9054] snapshot_open+0x189/0x2b0 [ 314.654068][ T9054] ? __pfx_snapshot_open+0x10/0x10 [ 314.654102][ T9054] misc_open+0x35a/0x420 [ 314.654131][ T9054] ? __pfx_misc_open+0x10/0x10 [ 314.654160][ T9054] chrdev_open+0x234/0x6a0 [ 314.654195][ T9054] ? __pfx_apparmor_file_open+0x10/0x10 [ 314.654226][ T9054] ? __pfx_chrdev_open+0x10/0x10 [ 314.654262][ T9054] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 314.654296][ T9054] do_dentry_open+0x982/0x1530 [ 314.654329][ T9054] ? __pfx_chrdev_open+0x10/0x10 [ 314.654369][ T9054] vfs_open+0x82/0x3f0 [ 314.654416][ T9054] path_openat+0x1de4/0x2cb0 [ 314.654453][ T9054] ? __pfx_path_openat+0x10/0x10 [ 314.654490][ T9054] do_filp_open+0x20b/0x470 [ 314.654522][ T9054] ? __pfx_do_filp_open+0x10/0x10 [ 314.654566][ T9054] ? alloc_fd+0x471/0x7d0 [ 314.654599][ T9054] do_sys_openat2+0x11b/0x1d0 [ 314.654642][ T9054] ? __pfx_do_sys_openat2+0x10/0x10 [ 314.654691][ T9054] __x64_sys_openat+0x174/0x210 [ 314.654735][ T9054] ? __pfx___x64_sys_openat+0x10/0x10 [ 314.654785][ T9054] do_syscall_64+0xcd/0x490 [ 314.654824][ T9054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.654853][ T9054] RIP: 0033:0x7f40b218ebe9 [ 314.654874][ T9054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.654903][ T9054] RSP: 002b:00007f40b2f24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 314.654929][ T9054] RAX: ffffffffffffffda RBX: 00007f40b23b5fa0 RCX: 00007f40b218ebe9 [ 314.654948][ T9054] RDX: 0000000000000040 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 314.654965][ T9054] RBP: 00007f40b2211e19 R08: 0000000000000000 R09: 0000000000000000 [ 314.654982][ T9054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 314.654998][ T9054] R13: 00007f40b23b6038 R14: 00007f40b23b5fa0 R15: 00007ffebcdf7058 [ 314.655024][ T9054] SYZFAIL: failed to send rpc fd=3 want=56 sent=0 n=-1 (errno 32: Broken pipe) [ 315.956692][ T6309] caif:caif_disconnect_client(): nothing to disconnect