last executing test programs: 9.628648592s ago: executing program 2 (id=634): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket(0xa, 0x5, 0x0) dup$auto(0x1) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) mlock$auto(0xaa77, 0x7fffffffffffffff) mprotect$auto(0x0, 0x8000000000000001, 0x6) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x20009, 0xdf, 0x20000eb1, 0x401, 0x8) r0 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) mmap$auto(0x2005, 0x20007, 0xdf, 0xeb1, 0x401, 0x7fff) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x88441, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x127b, 0x0) prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x80001) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) sysfs$auto(0x2, 0x17, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f00000024c0), r2) sendmsg$auto_SMC_NETLINK_FLUSH_UEID(r2, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000002540)={&(0x7f0000000000)=ANY=[@ANYBLOB="14f2ff00ae0905544e9001c2dfe1bd9cb4305fa8168cb0afaa70c0834290134969fb5072f7d8eeef", @ANYRES16=r3, @ANYBLOB="01002abd7000ffdbdf250c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20008090}, 0x10) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) 8.82004664s ago: executing program 1 (id=636): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xe8c01, 0x0) ioctl$auto(0x3, 0x8004550f, 0x1) 8.427920068s ago: executing program 1 (id=637): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x8000009) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = open(0x0, 0x22240, 0x155) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r1) sendmsg$auto_NL80211_CMD_DEL_TX_TS(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x44, r2, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_HW_TIMESTAMP_ENABLED={0x4}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x1}, @NL80211_ATTR_SSID={0x12, 0x34, "f2d36d657fb8240fb0a8b0baa77f"}, @NL80211_ATTR_TXQ_MEMORY_LIMIT={0x8, 0x10b, 0xb67}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0xe}]}, 0x44}, 0x1, 0x0, 0x0, 0x4041}, 0x40) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x200, 0x0) read$auto(0xc8, 0x0, 0x200) r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r3, 0x80045400, 0x0) 6.957305576s ago: executing program 1 (id=638): r0 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f00000008c0), 0x400, 0x0) read$auto_urandom_fops_random(r0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) socketpair$auto(0x2d, 0x6, 0x6, 0x0) write$auto(0x3, 0x0, 0xfdef) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x44, r2, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "8b09791485470000004000"}, @OVS_PACKET_ATTR_KEY={0x10, 0x2, 0x0, 0x1, [@typed={0xc, 0x10, 0x0, 0x0, @u64=0x100}]}, @OVS_PACKET_ATTR_PROBE={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mincore$auto(0x0, 0x10000, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2600, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)=""/228, 0xe4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/nr0/threaded\x00', 0x140, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) clone$auto(0xb, 0x6, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x80000005) rt_sigsuspend$auto(0x0, 0x8) 6.870329777s ago: executing program 2 (id=640): bpf$auto(0x15, 0x0, 0x0) 6.168259217s ago: executing program 2 (id=642): mmap$auto(0x0, 0x2000d, 0xc000000000df, 0xeb1, 0x404, 0x8000) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x1, 0x0) ioctl$auto(r0, 0xc0306201, 0x9) 5.88326344s ago: executing program 2 (id=643): mmap$auto(0x0, 0x20000a, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) socket(0x10, 0x2, 0x4) socket(0x2, 0x4, 0x9) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci2/rfkill29/name\x00', 0x6200, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) get_mempolicy$auto(0x0, 0x0, 0x81, 0x8, 0x2) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r0, 0x0, 0x4010) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xa901, 0x0) capset$auto(0x0, 0x0) sysfs$auto(0x2, 0x4, 0x4) ioctl$auto(r1, 0xc0105500, r1) 4.811519853s ago: executing program 1 (id=646): syz_clone(0xc0000211, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x4) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = socket(0xa, 0x2, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) unshare$auto(0x40000080) get_mempolicy$auto(&(0x7f0000000000)=0x5, &(0x7f0000000040)=0x2, 0x509, 0x3ff, 0x3) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000000c0), r0) mmap$auto(0xff, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) read$auto_v4l2_fops_v4l2_dev(r1, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptya1\x00', 0x80040, 0x0) r2 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/environ\x00', 0x88f80, 0x0) r3 = openat$auto_fops_u64_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim6/psample/latency_max\x00', 0x8c080, 0x0) write$auto_fops_u64_(r3, &(0x7f0000000140)="5ea55a470b0216fb655d0feb1d36f81f366aae153ca995780ba6f4c4780d35ffd603c2afcff32e68fd92eba0b4e85a78adf5ede46ebb72b96858c6fe", 0x3c) readv$auto(r2, &(0x7f0000001780)={&(0x7f00000016c0), 0x800400}, 0x7f) r4 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x2000, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x0, 0x0, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x400000000005b8, 0xc, 0x3, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x890, 0x8000000000008, 0xfffffffffffffffa, 0x3, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x4000000000]}, 0x1fe, 0x200d) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) r5 = socket(0x10, 0x2, 0x0) r6 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r6], 0x1ac}}, 0x40000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mremap$auto(0x20c, 0x9, 0x0, 0x100000003, 0x3) socket(0x21, 0x2, 0x2) socket$nl_generic(0x10, 0x3, 0x10) 4.1258668s ago: executing program 1 (id=648): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket(0xa, 0x5, 0x0) dup$auto(0x1) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) mlock$auto(0xaa77, 0x7fffffffffffffff) mprotect$auto(0x0, 0x8000000000000001, 0x6) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x20009, 0xdf, 0x20000eb1, 0x401, 0x8) r0 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) mmap$auto(0x2005, 0x20007, 0xdf, 0xeb1, 0x401, 0x7fff) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x88441, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x127b, 0x0) prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x80001) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) sysfs$auto(0x2, 0x17, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f00000024c0), r2) sendmsg$auto_SMC_NETLINK_FLUSH_UEID(r2, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000002540)={&(0x7f0000000000)=ANY=[@ANYBLOB="14f2ff00ae0905544e9001c2dfe1bd9cb4305fa8168cb0afaa70c0834290134969fb5072f7d8eeef", @ANYRES16=r3, @ANYBLOB="01002abd7000ffdbdf250c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20008090}, 0x10) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) 4.125344202s ago: executing program 2 (id=649): r0 = openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) read$auto(r0, 0x0, 0x3ba) 3.931609422s ago: executing program 0 (id=651): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/console\x00', 0x48600, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/pm_wakeup_irq\x00', 0x109040, 0x0) mmap$auto(0x6, 0x20007, 0x7, 0xeb0, r1, 0x200000003) r2 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x7f, 0x40000b, 0xdf, 0x9b72, 0x2, 0x2) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) close_range$auto(r1, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0x12) mmap$auto(0x0, 0x25, 0x101, 0x8010, 0x0, 0x8000) keyctl$auto(0x2000000000000017, 0x3ff, 0x0, 0x0, 0x67) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) r3 = open(&(0x7f00000001c0)='./file0\x00', 0x4242, 0x11a) fanotify_mark$auto(0x0, 0x1, 0x3a, r3, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x64) close_range$auto(0xffffffffffffffff, r1, 0x0) close_range$auto(0x2, r0, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(r4, 0xaed2, 0xfffffffffffff4e0) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) read$auto(0x3, 0x0, 0x7) sendmmsg$auto(0x4, 0x0, 0x9a2, 0x4e) read$auto_event_inject_fops_trace(r2, &(0x7f0000000040)=""/86, 0x56) pipe$auto(0x0) r5 = pipe$auto(0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r5) 3.931068015s ago: executing program 2 (id=652): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x441, 0x0) link$auto(&(0x7f0000003240)='./file0\x00', &(0x7f0000003280)='./file2\x00') socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0x20499d, 0x9) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) madvise$auto(0x108000, 0x800034, 0x200000b) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/4096, 0x1000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x1, {{0x2, 0xa}, 0x2}}, 0x66) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x6}, 0x5, 0x20000004) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0xd3e80, 0x0, 0x2, 0x0, 0x400, 0xf0ff7f}, 0x6}, 0x7, 0xb07e) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x204180, 0x0) madvise$auto(0x0, 0xffffffffffff0004, 0x19) 3.712256759s ago: executing program 3 (id=653): mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) semctl$auto(0x201, 0xd846, 0x3, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) rt_sigtimedwait$auto(&(0x7f0000000040)={0x5}, &(0x7f0000000080)={@_si_pad}, &(0x7f0000000100)={0x7dbce77c}, 0x8) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x1, 0x0) ioctl$auto(r0, 0xc0306201, 0x9) 3.241942866s ago: executing program 0 (id=654): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/006/001\x00', 0xe8c01, 0x0) ioctl$auto(0x3, 0x8004550f, 0x1) (fail_nth: 1) 2.791952234s ago: executing program 0 (id=655): mmap$auto(0x7fc, 0x40009, 0x4, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x602, 0x1) r0 = open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22) dup2$auto(0x0, 0x3) unshare$auto(0xfffffffffffffffd) ioctl$auto(0x3, 0x80000541b, 0x38) 2.726505801s ago: executing program 3 (id=656): mmap$auto(0x0, 0x20000a, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) socket(0x10, 0x2, 0x4) socket(0x2, 0x4, 0x9) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci2/rfkill29/name\x00', 0x6200, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xa901, 0x0) sysfs$auto(0x2, 0x4, 0x4) mincore$auto(0x1000, 0x8001, 0x0) io_uring_enter$auto(0xffffffffffffffff, 0x1, 0xcd00, 0x7, 0x0, 0xffffffffffffffff) ioctl$auto(r0, 0xc0105500, r0) 2.449770175s ago: executing program 0 (id=657): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, 0x0, 0x280, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x7, 0x3, 0x80eb2, r0, 0x8000) r1 = socket(0xa, 0x2, 0x0) setsockopt$auto(r1, 0x29, 0x30, 0x0, 0x56b) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) socket(0x23, 0x5, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) socket(0x11, 0x3, 0xa74) socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x9fe) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xf7fffffe) 1.740010154s ago: executing program 3 (id=658): mmap$auto(0x0, 0x20000a, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) socket(0x10, 0x2, 0x4) socket(0x2, 0x4, 0x9) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci2/rfkill29/name\x00', 0x6200, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) get_mempolicy$auto(0x0, 0x0, 0x81, 0x8, 0x2) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xa901, 0x0) sysfs$auto(0x2, 0x4, 0x4) mincore$auto(0x1000, 0x8001, 0x0) io_uring_enter$auto(0xffffffffffffffff, 0x1, 0xcd00, 0x7, 0x0, 0xffffffffffffffff) ioctl$auto(r0, 0xc0105500, r0) 915.149825ms ago: executing program 0 (id=659): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000001) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x15, 0x0, 0x0) 834.513599ms ago: executing program 3 (id=660): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x0, 0x5, 0x8) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="130026bd7000fddbdf250200000008000300", @ANYRES32=r2, @ANYBLOB="0c000200209b462f"], 0x28}, 0x1, 0x0, 0x0, 0x4004080}, 0x400c810) 624.055486ms ago: executing program 3 (id=661): r0 = openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) read$auto(r0, 0x0, 0x3ba) 570.316674ms ago: executing program 0 (id=662): r0 = syz_clone3(0x0, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x20) socket(0x1e, 0x5, 0x0) (async) read$auto(0x3, 0x0, 0x400000) r1 = prctl$auto(0x20000039, 0x800, r0, 0x200a, 0x77) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) (async) r2 = socket(0xa, 0x801, 0x84) getsockopt$auto(r2, 0x84, 0x71, 0x0, 0x0) (async) io_uring_register$auto(0x2, 0xd, 0x0, 0x20) socket(0xa, 0x4, 0x4073) r3 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0\x00', 0x12b140, 0x0) read$auto_usbdev_file_operations_usb(r3, &(0x7f0000000040)=""/41, 0x29) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xffffffffffffffff, @new_map_fd=r3, 0x1801, @old_prog_fd=r1}, 0xa3) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) mmap$auto(0x3, 0x4, 0x4000000000dc, 0x40eb2, 0xa1c, 0x8) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x1000000000053, 0x9) 480.989048ms ago: executing program 3 (id=663): r0 = openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) read$auto(r0, 0x0, 0x3ba) (fail_nth: 2) 0s ago: executing program 1 (id=664): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/006/001\x00', 0xe8c01, 0x0) ioctl$auto(0x3, 0x8004550f, 0x1) (fail_nth: 2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.70' (ED25519) to the list of known hosts. [ 83.657180][ T5824] cgroup: Unknown subsys name 'net' [ 83.803599][ T5824] cgroup: Unknown subsys name 'cpuset' [ 83.812079][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.542711][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.472974][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.483599][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.492265][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.500238][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.508594][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.516413][ T5839] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 87.523922][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.524832][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.539124][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.547601][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.555514][ T5836] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 87.562970][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.600785][ T5146] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.609383][ T5146] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.630125][ T5146] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.650020][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.658564][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.668278][ T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 87.676873][ T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.689990][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.697804][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.706980][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.715094][ T5836] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 87.722593][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.964948][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 88.132672][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 88.161845][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.169184][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.177139][ T5838] bridge_slave_0: entered allmulticast mode [ 88.186096][ T5838] bridge_slave_0: entered promiscuous mode [ 88.204016][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 88.224947][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.232488][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.239700][ T5838] bridge_slave_1: entered allmulticast mode [ 88.246805][ T5838] bridge_slave_1: entered promiscuous mode [ 88.308285][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.345274][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.444415][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.452584][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.459830][ T5833] bridge_slave_0: entered allmulticast mode [ 88.466644][ T5833] bridge_slave_0: entered promiscuous mode [ 88.475875][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.483162][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.491018][ T5833] bridge_slave_1: entered allmulticast mode [ 88.497753][ T5833] bridge_slave_1: entered promiscuous mode [ 88.509690][ T5838] team0: Port device team_slave_0 added [ 88.520969][ T5838] team0: Port device team_slave_1 added [ 88.558961][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 88.569129][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.576770][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.584397][ T5842] bridge_slave_0: entered allmulticast mode [ 88.591653][ T5842] bridge_slave_0: entered promiscuous mode [ 88.626045][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.633437][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.640728][ T5842] bridge_slave_1: entered allmulticast mode [ 88.647586][ T5842] bridge_slave_1: entered promiscuous mode [ 88.667622][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.677803][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.688621][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.715008][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.746186][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.756056][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.763495][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.790048][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.812065][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.824400][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.888274][ T5833] team0: Port device team_slave_0 added [ 88.911040][ T5842] team0: Port device team_slave_0 added [ 88.938595][ T5833] team0: Port device team_slave_1 added [ 88.958038][ T5842] team0: Port device team_slave_1 added [ 88.990499][ T5838] hsr_slave_0: entered promiscuous mode [ 88.996950][ T5838] hsr_slave_1: entered promiscuous mode [ 89.012685][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.020020][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.027339][ T5846] bridge_slave_0: entered allmulticast mode [ 89.034863][ T5846] bridge_slave_0: entered promiscuous mode [ 89.044262][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.051919][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.059118][ T5846] bridge_slave_1: entered allmulticast mode [ 89.066302][ T5846] bridge_slave_1: entered promiscuous mode [ 89.084412][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.091626][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.117752][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.175547][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.182661][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.208995][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.226287][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.234438][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.261589][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.302616][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.309611][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.335987][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.350264][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.371392][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.438505][ T5846] team0: Port device team_slave_0 added [ 89.457884][ T5833] hsr_slave_0: entered promiscuous mode [ 89.467838][ T5833] hsr_slave_1: entered promiscuous mode [ 89.474337][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.485802][ T5833] Cannot create hsr debugfs directory [ 89.497031][ T5846] team0: Port device team_slave_1 added [ 89.525590][ T5842] hsr_slave_0: entered promiscuous mode [ 89.532679][ T5842] hsr_slave_1: entered promiscuous mode [ 89.538828][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.546533][ T5842] Cannot create hsr debugfs directory [ 89.567420][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.578057][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.604414][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.615613][ T5146] Bluetooth: hci1: command tx timeout [ 89.620376][ T5836] Bluetooth: hci0: command tx timeout [ 89.627501][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.634608][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.661278][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.769993][ T5836] Bluetooth: hci3: command tx timeout [ 89.776148][ T5146] Bluetooth: hci2: command tx timeout [ 89.794932][ T5846] hsr_slave_0: entered promiscuous mode [ 89.804244][ T5846] hsr_slave_1: entered promiscuous mode [ 89.811758][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.819330][ T5846] Cannot create hsr debugfs directory [ 89.851017][ T5838] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.877265][ T5838] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.907064][ T5838] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.938388][ T5838] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.089100][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.105479][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.115815][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.146148][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.195552][ T5842] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.224177][ T5842] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.257546][ T5842] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.268842][ T5842] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.299724][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.317412][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.333578][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.352456][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.467473][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.512269][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.542907][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.568777][ T3001] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.576488][ T3001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.602614][ T3001] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.609888][ T3001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.622771][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.643204][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.683669][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.691416][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.705627][ T5838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.728346][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.735506][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.788445][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.825419][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.832782][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.857745][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.902174][ T5833] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.925486][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.932697][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.954211][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.033781][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.040991][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.075041][ T3001] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.082652][ T3001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.163052][ T5846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.257135][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.383128][ T5838] veth0_vlan: entered promiscuous mode [ 91.407246][ T5838] veth1_vlan: entered promiscuous mode [ 91.486611][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.499595][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.516385][ T5838] veth0_macvtap: entered promiscuous mode [ 91.542122][ T5838] veth1_macvtap: entered promiscuous mode [ 91.580208][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.609080][ T5842] veth0_vlan: entered promiscuous mode [ 91.626606][ T5833] veth0_vlan: entered promiscuous mode [ 91.651684][ T5833] veth1_vlan: entered promiscuous mode [ 91.659396][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.678590][ T5842] veth1_vlan: entered promiscuous mode [ 91.696862][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.704815][ T5836] Bluetooth: hci0: command tx timeout [ 91.712112][ T5146] Bluetooth: hci1: command tx timeout [ 91.732878][ T5838] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.742468][ T5838] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.752840][ T5838] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.761849][ T5838] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.776576][ T5846] veth0_vlan: entered promiscuous mode [ 91.805730][ T5833] veth0_macvtap: entered promiscuous mode [ 91.816081][ T5833] veth1_macvtap: entered promiscuous mode [ 91.844800][ T5846] veth1_vlan: entered promiscuous mode [ 91.850856][ T5836] Bluetooth: hci3: command tx timeout [ 91.856309][ T5836] Bluetooth: hci2: command tx timeout [ 91.888085][ T5842] veth0_macvtap: entered promiscuous mode [ 91.901388][ T5842] veth1_macvtap: entered promiscuous mode [ 91.918420][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.929277][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.942421][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.958824][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.969911][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.979905][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.990712][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.001575][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.022136][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.034084][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.046361][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.082359][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.093240][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.107365][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.118219][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.129250][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.143190][ T5833] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.152327][ T5833] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.161208][ T5833] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.171123][ T5833] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.213961][ T5842] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.227716][ T5842] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.237512][ T5842] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.248104][ T5842] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.272863][ T5846] veth0_macvtap: entered promiscuous mode [ 92.285263][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.316426][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.328202][ T5846] veth1_macvtap: entered promiscuous mode [ 92.481186][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.482627][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.500183][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.515943][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.526373][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.537211][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.547416][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.567686][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.581145][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.624499][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.638737][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.648659][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.659202][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.669396][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.679946][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.704306][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.720099][ T3001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.727986][ T3001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.759535][ T5838] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.818956][ T5846] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.846304][ T5846] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.882330][ T5846] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.900284][ T5846] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.915603][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.954652][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.006353][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.015539][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.093979][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.116827][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.261659][ T3001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.269556][ T3001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.402091][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.423724][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.771960][ T5836] Bluetooth: hci0: command tx timeout [ 93.778161][ T5146] Bluetooth: hci1: command tx timeout [ 93.868899][ T5903] Process accounting resumed [ 93.942067][ T5836] Bluetooth: hci2: command tx timeout [ 93.947597][ T5146] Bluetooth: hci3: command tx timeout [ 95.900397][ T5836] Bluetooth: hci0: command tx timeout [ 95.905882][ T5836] Bluetooth: hci1: command tx timeout [ 96.010975][ T5836] Bluetooth: hci2: command tx timeout [ 96.017119][ T5836] Bluetooth: hci3: command tx timeout [ 97.296483][ T1145] cfg80211: failed to load regulatory.db [ 99.112648][ T5966] netlink: 'syz.0.15': attribute type 1 has an invalid length. [ 99.137635][ T5966] netlink: 53 bytes leftover after parsing attributes in process `syz.0.15'. [ 99.425125][ T5967] netlink: 1204 bytes leftover after parsing attributes in process `syz.0.15'. [ 99.490012][ T5966] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15'. [ 99.540683][ T5967] Zero length message leads to an empty skb [ 100.106196][ T5979] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 100.222690][ T5980] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 100.334860][ T5975] netlink: 306 bytes leftover after parsing attributes in process `syz.1.18'. [ 101.389356][ T5989] mmap: syz.1.20 (5989) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 101.831941][ T5994] netlink: 330 bytes leftover after parsing attributes in process `syz.3.22'. [ 102.974616][ T6005] netlink: 28 bytes leftover after parsing attributes in process `syz.3.23'. [ 103.091137][ T6006] binder: 6004:6006 ioctl c0306201 9 returned -14 [ 104.305639][ T6020] netlink: 8 bytes leftover after parsing attributes in process `syz.0.27'. [ 104.564420][ T6001] kexec: Could not allocate control_code_buffer [ 105.696329][ T6038] ima: Unable to open file: /sys/kernel/security/integrity/ima/policy (-26) [ 106.117811][ T6037] ima: policy update failed [ 106.168078][ T29] audit: type=1802 audit(1736833514.166:2): pid=6037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.31" res=0 errno=0 [ 106.943626][ T6055] process 'syz.3.35' launched ':,' with NULL argv: empty string added [ 108.820304][ T6050] usb usb37: usbfs: process 6050 (syz.3.35) did not claim interface 4 before use [ 108.938834][ T6067] kexec: Could not allocate control_code_buffer [ 110.617459][ T6097] ima: Unable to open file: /sys/kernel/security/integrity/ima/policy (-26) [ 110.880477][ T6096] ima: policy update failed [ 110.915674][ T29] audit: type=1802 audit(1736833518.916:3): pid=6096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.45" res=0 errno=0 [ 112.008236][ T6108] netlink: 330 bytes leftover after parsing attributes in process `syz.2.48'. [ 113.935439][ T6116] kexec: Could not allocate control_code_buffer [ 114.295105][ T6143] ima: Unable to open file: /sys/kernel/security/integrity/ima/policy (-26) [ 114.595082][ T6142] ima: policy update failed [ 114.609303][ T29] audit: type=1802 audit(1736833522.606:4): pid=6142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.55" res=0 errno=0 [ 120.790126][ T6212] netlink: 306 bytes leftover after parsing attributes in process `syz.0.73'. [ 122.417295][ T6197] kexec: Could not allocate control_code_buffer [ 126.992487][ T6359] netlink: 28 bytes leftover after parsing attributes in process `syz.0.90'. [ 127.071432][ T6365] binder: 6358:6365 ioctl c0306201 9 returned -14 [ 127.595825][ T6375] netlink: 28 bytes leftover after parsing attributes in process `syz.3.94'. [ 127.627983][ T6375] bridge_slave_1: left allmulticast mode [ 127.640011][ T6375] bridge_slave_1: left promiscuous mode [ 127.671640][ T6375] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.762371][ T6375] bridge_slave_0: left allmulticast mode [ 127.768111][ T6375] bridge_slave_0: left promiscuous mode [ 127.788541][ T6361] usb usb37: usbfs: process 6361 (syz.2.91) did not claim interface 4 before use [ 127.818733][ T6375] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.282185][ T6392] openvswitch: netlink: Message has 4 unknown bytes. [ 128.320327][ T6388] openvswitch: netlink: Key type 261 is out of range max 32 [ 128.944105][ T6408] netlink: 28 bytes leftover after parsing attributes in process `syz.2.102'. [ 128.997081][ T6412] binder: 6407:6412 ioctl c0306201 9 returned -14 [ 130.396850][ T6421] usb usb37: usbfs: process 6421 (syz.1.106) did not claim interface 4 before use [ 131.728648][ T6459] netlink: 28 bytes leftover after parsing attributes in process `syz.2.113'. [ 131.769146][ T6459] binder: 6458:6459 ioctl c0306201 9 returned -14 [ 132.292357][ T6476] nbd: must specify at least one socket [ 133.074898][ T6489] netlink: 28 bytes leftover after parsing attributes in process `syz.2.128'. [ 133.093215][ T6489] bridge_slave_1: left allmulticast mode [ 133.098941][ T6489] bridge_slave_1: left promiscuous mode [ 133.119520][ T6489] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.230927][ T6489] bridge_slave_0: left allmulticast mode [ 133.259954][ T6489] bridge_slave_0: left promiscuous mode [ 133.265787][ T6489] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.536633][ T6497] netlink: 28 bytes leftover after parsing attributes in process `syz.3.122'. [ 134.349122][ T6514] netlink: 28 bytes leftover after parsing attributes in process `syz.3.126'. [ 134.807148][ T6519] nbd: must specify at least one socket [ 136.007162][ T6537] netlink: 28 bytes leftover after parsing attributes in process `syz.0.135'. [ 136.049857][ T6537] bridge_slave_1: left allmulticast mode [ 136.055624][ T6537] bridge_slave_1: left promiscuous mode [ 136.150004][ T6537] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.302120][ T6537] bridge_slave_0: left allmulticast mode [ 136.307981][ T6537] bridge_slave_0: left promiscuous mode [ 136.339281][ T6537] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.504102][ T6551] netlink: 28 bytes leftover after parsing attributes in process `syz.1.136'. [ 136.567427][ T6552] binder: 6550:6552 ioctl c0306201 9 returned -14 [ 137.305892][ T6558] netlink: 28 bytes leftover after parsing attributes in process `syz.1.139'. [ 138.268670][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.280561][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.892870][ T6596] netlink: 28 bytes leftover after parsing attributes in process `syz.2.149'. [ 139.951693][ T6598] binder: 6595:6598 ioctl c0306201 9 returned -14 [ 144.781239][ T6685] usb usb37: usbfs: process 6685 (syz.0.169) did not claim interface 4 before use [ 145.000822][ T6702] netlink: 28 bytes leftover after parsing attributes in process `syz.2.172'. [ 145.086414][ T6706] binder: 6701:6706 ioctl c0306201 9 returned -14 [ 146.575182][ T6745] Process accounting resumed [ 146.580524][ T6745] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 146.722535][ T6748] netlink: 28 bytes leftover after parsing attributes in process `syz.3.186'. [ 146.776103][ T6751] binder: 6747:6751 ioctl c0306201 9 returned -14 [ 146.956527][ T6743] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 146.976471][ T6743] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 147.049365][ T6743] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 147.099065][ T6743] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 147.106202][ T6743] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 147.122631][ T6743] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 147.137314][ T6743] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 147.144853][ T6743] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 147.188533][ T6743] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 147.311921][ T6743] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 147.408702][ T6743] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 147.430552][ T6743] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 147.689519][ T6803] sg_write: data in/out 2059/169 bytes for SCSI command 0x57-- guessing data in; [ 147.689519][ T6803] program syz.0.193 not setting count and/or reply_len properly [ 148.490104][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 148.883675][ T6826] binder: 6825:6826 ioctl c0306201 9 returned -14 [ 149.147380][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 149.209911][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 149.321025][ T6822] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 149.369981][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 149.919671][ T6844] FAULT_INJECTION: forcing a failure. [ 149.919671][ T6844] name failslab, interval 1, probability 0, space 0, times 1 [ 149.949969][ T6844] CPU: 0 UID: 0 PID: 6844 Comm: syz.0.202 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0 [ 149.960660][ T6844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 149.970795][ T6844] Call Trace: [ 149.974119][ T6844] [ 149.977096][ T6844] dump_stack_lvl+0x16c/0x1f0 [ 149.981851][ T6844] should_fail_ex+0x497/0x5b0 [ 149.986597][ T6844] ? fs_reclaim_acquire+0xae/0x150 [ 149.991790][ T6844] should_failslab+0xc2/0x120 [ 149.996536][ T6844] __kmalloc_noprof+0xce/0x4f0 [ 150.001369][ T6844] ? rcu_is_watching+0x12/0xc0 [ 150.006203][ T6844] ? kernfs_fop_write_iter+0x223/0x500 [ 150.011741][ T6844] kernfs_fop_write_iter+0x223/0x500 [ 150.017100][ T6844] vfs_write+0x5ae/0x1150 [ 150.021496][ T6844] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 150.027376][ T6844] ? __pfx___mutex_lock+0x10/0x10 [ 150.032492][ T6844] ? __pfx_vfs_write+0x10/0x10 [ 150.037355][ T6844] ksys_write+0x12b/0x250 [ 150.041756][ T6844] ? __pfx_ksys_write+0x10/0x10 [ 150.046683][ T6844] do_syscall_64+0xcd/0x250 [ 150.051260][ T6844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.057228][ T6844] RIP: 0033:0x7f5505785d29 [ 150.061708][ T6844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.081393][ T6844] RSP: 002b:00007f5506565038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 150.089889][ T6844] RAX: ffffffffffffffda RBX: 00007f5505975fa0 RCX: 00007f5505785d29 [ 150.097922][ T6844] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 150.105967][ T6844] RBP: 00007f5506565090 R08: 0000000000000000 R09: 0000000000000000 [ 150.114086][ T6844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 150.122115][ T6844] R13: 0000000000000000 R14: 00007f5505975fa0 R15: 00007ffecfafe658 [ 150.130168][ T6844] [ 150.569921][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 150.947058][ T6853] netlink: 28 bytes leftover after parsing attributes in process `syz.0.204'. [ 151.229836][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 151.289828][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 151.460925][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 151.653938][ T6864] netlink: 28 bytes leftover after parsing attributes in process `syz.1.207'. [ 151.671500][ T6864] binder: 6863:6864 ioctl c0306201 9 returned -14 [ 152.394296][ T6876] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 152.657671][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 153.291347][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 153.372065][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 153.529949][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 154.751132][ T6916] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 154.932399][ T6922] Process accounting resumed [ 154.950330][ T6922] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 155.010482][ T6936] binder: 6935:6936 ioctl c0306201 9 returned -14 [ 155.258297][ T6940] binder: 6939:6940 ioctl c0306201 9 returned -14 [ 155.452760][ T6945] netlink: 12 bytes leftover after parsing attributes in process `syz.0.224'. [ 155.478852][ T6942] netlink: 28 bytes leftover after parsing attributes in process `syz.1.223'. [ 155.711910][ T6950] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 155.740480][ T6950] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 155.758218][ T6950] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 155.779615][ T6950] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 156.655293][ T6988] binder: 6979:6988 ioctl c0306201 9 returned -14 [ 156.950130][ T6985] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[6985] [ 156.975728][ T6978] Process accounting resumed [ 157.017623][ T6978] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 157.124757][ T6998] netlink: 28 bytes leftover after parsing attributes in process `syz.0.236'. [ 157.173980][ T6998] ip_vti0: entered promiscuous mode [ 157.643236][ T7002] Process accounting resumed [ 157.647954][ T7002] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 157.780080][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 157.786179][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 157.792903][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 157.851533][ T5146] Bluetooth: hci3: command 0x0c1a tx timeout [ 158.766934][ T7037] binder: 7036:7037 ioctl c0306201 9 returned -14 [ 162.755466][ T7101] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 163.281531][ T7121] binder: 7120:7121 ioctl c0306201 9 returned -14 [ 164.241550][ T7139] netlink: 'syz.0.265': attribute type 1 has an invalid length. [ 165.889171][ T7162] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 166.382617][ T7178] netlink: 28 bytes leftover after parsing attributes in process `syz.2.274'. [ 166.538618][ T7178] ip_vti0: entered promiscuous mode [ 167.114927][ T7184] Process accounting resumed [ 167.119658][ T7184] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 167.480107][ T7195] binder: 7194:7195 ioctl c0306201 9 returned -14 [ 167.711094][ T7199] FAULT_INJECTION: forcing a failure. [ 167.711094][ T7199] name failslab, interval 1, probability 0, space 0, times 0 [ 167.839984][ T7199] CPU: 0 UID: 0 PID: 7199 Comm: syz.3.281 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0 [ 167.851796][ T7199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 167.851828][ T7199] Call Trace: [ 167.851839][ T7199] [ 167.851852][ T7199] dump_stack_lvl+0x16c/0x1f0 [ 167.873017][ T7199] should_fail_ex+0x497/0x5b0 [ 167.873064][ T7199] ? fs_reclaim_acquire+0xae/0x150 [ 167.873102][ T7199] should_failslab+0xc2/0x120 [ 167.873147][ T7199] __kmalloc_noprof+0xce/0x4f0 [ 167.873187][ T7199] ? d_absolute_path+0x137/0x1b0 [ 167.873228][ T7199] ? tomoyo_encode2+0x100/0x3e0 [ 167.873266][ T7199] tomoyo_encode2+0x100/0x3e0 [ 167.873320][ T7199] tomoyo_realpath_from_path+0x1a7/0x710 [ 167.873363][ T7199] tomoyo_path_number_perm+0x248/0x5b0 [ 167.873406][ T7199] ? tomoyo_path_number_perm+0x235/0x5b0 [ 167.873456][ T7199] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 167.873535][ T7199] ? __pfx_lock_release+0x10/0x10 [ 167.873564][ T7199] ? trace_lock_acquire+0x14e/0x1f0 [ 167.873608][ T7199] ? lock_acquire+0x2f/0xb0 [ 167.873632][ T7199] ? __fget_files+0x40/0x3a0 [ 167.873673][ T7199] ? __fget_files+0x206/0x3a0 [ 167.873715][ T7199] security_file_ioctl+0x9b/0x240 [ 167.873750][ T7199] __x64_sys_ioctl+0xb7/0x200 [ 167.873783][ T7199] do_syscall_64+0xcd/0x250 [ 167.873828][ T7199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.873874][ T7199] RIP: 0033:0x7fb37c385d29 [ 167.873900][ T7199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.873926][ T7199] RSP: 002b:00007fb37d104038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 167.873958][ T7199] RAX: ffffffffffffffda RBX: 00007fb37c575fa0 RCX: 00007fb37c385d29 [ 167.873979][ T7199] RDX: 0000000000000004 RSI: 0000000000002272 RDI: 0000000000000003 [ 167.873999][ T7199] RBP: 00007fb37d104090 R08: 0000000000000000 R09: 0000000000000000 [ 167.874018][ T7199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.874038][ T7199] R13: 0000000000000000 R14: 00007fb37c575fa0 R15: 00007fff187fb0b8 [ 167.874079][ T7199] [ 168.045109][ T7199] ERROR: Out of memory at tomoyo_realpath_from_path. [ 168.360199][ T7208] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 169.134392][ T7230] Process accounting resumed [ 169.139304][ T7230] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 169.493394][ T7237] binder: 7236:7237 ioctl c0306201 9 returned -14 [ 170.446650][ T7246] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 171.119046][ T7265] FAULT_INJECTION: forcing a failure. [ 171.119046][ T7265] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 171.199463][ T7265] CPU: 0 UID: 0 PID: 7265 Comm: syz.0.297 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0 [ 171.210146][ T7265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 171.220263][ T7265] Call Trace: [ 171.223586][ T7265] [ 171.226558][ T7265] dump_stack_lvl+0x16c/0x1f0 [ 171.231427][ T7265] should_fail_ex+0x497/0x5b0 [ 171.236176][ T7265] ? fs_reclaim_acquire+0xae/0x150 [ 171.241351][ T7265] should_fail_alloc_page+0xe7/0x130 [ 171.246711][ T7265] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 171.252944][ T7265] __alloc_pages_noprof+0x190/0x25b0 [ 171.258314][ T7265] ? __pfx___lock_acquire+0x10/0x10 [ 171.263573][ T7265] ? find_held_lock+0x2d/0x110 [ 171.268404][ T7265] ? hlock_class+0x4e/0x130 [ 171.272970][ T7265] ? mark_lock+0xb5/0xc60 [ 171.277374][ T7265] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 171.283167][ T7265] ? __pfx_mark_lock+0x10/0x10 [ 171.288017][ T7265] ? trace_lock_acquire+0x14e/0x1f0 [ 171.293289][ T7265] ? hlock_class+0x4e/0x130 [ 171.297858][ T7265] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 171.303848][ T7265] ? policy_nodemask+0xea/0x4e0 [ 171.308772][ T7265] alloc_pages_mpol_noprof+0x2c8/0x620 [ 171.314277][ T7265] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 171.320294][ T7265] ? __pfx___lock_acquire+0x10/0x10 [ 171.325526][ T7265] ? __pfx_filemap_map_pages+0x10/0x10 [ 171.331021][ T7265] pte_alloc_one+0x20/0x390 [ 171.335564][ T7265] __do_fault+0x320/0x490 [ 171.339930][ T7265] ? __pfx_filemap_map_pages+0x10/0x10 [ 171.345422][ T7265] do_pte_missing+0x1a8/0x3e00 [ 171.350239][ T7265] __handle_mm_fault+0x103c/0x2a40 [ 171.355402][ T7265] ? __pfx___handle_mm_fault+0x10/0x10 [ 171.360900][ T7265] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 171.366582][ T7265] ? find_vma+0xc0/0x140 [ 171.370860][ T7265] ? __pfx_find_vma+0x10/0x10 [ 171.375574][ T7265] handle_mm_fault+0x3fa/0xaa0 [ 171.380389][ T7265] do_user_addr_fault+0x7a3/0x13f0 [ 171.385548][ T7265] exc_page_fault+0x5c/0xc0 [ 171.390092][ T7265] asm_exc_page_fault+0x26/0x30 [ 171.394983][ T7265] RIP: 0010:__put_user_4+0x11/0x20 [ 171.400140][ T7265] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 [ 171.419801][ T7265] RSP: 0018:ffffc9000c107d68 EFLAGS: 00050202 [ 171.425915][ T7265] RAX: 0000000000008000 RBX: 0000000000000000 RCX: 0000000000000004 [ 171.433918][ T7265] RDX: ffff888031198000 RSI: ffffffff85f8369a RDI: ffffffff8bb172c0 [ 171.441918][ T7265] RBP: 0000000000002272 R08: 0000000000000000 R09: fffffbfff2039eda [ 171.449914][ T7265] R10: ffffffff901cf6d7 R11: 0000000000000000 R12: ffff888032ddc1c0 [ 171.457912][ T7265] R13: ffff88814473c478 R14: ffff8881443d1000 R15: ffff888032ddc230 [ 171.465928][ T7265] ? sg_ioctl+0x5ba/0x26b0 [ 171.470402][ T7265] sg_ioctl+0x5c5/0x26b0 [ 171.474697][ T7265] ? __pfx_sg_ioctl+0x10/0x10 [ 171.479414][ T7265] ? __pfx_lock_release+0x10/0x10 [ 171.484467][ T7265] ? trace_lock_acquire+0x14e/0x1f0 [ 171.489728][ T7265] ? __fget_files+0x206/0x3a0 [ 171.494466][ T7265] ? __pfx_sg_ioctl+0x10/0x10 [ 171.499192][ T7265] __x64_sys_ioctl+0x190/0x200 [ 171.503992][ T7265] do_syscall_64+0xcd/0x250 [ 171.508542][ T7265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.514482][ T7265] RIP: 0033:0x7f5505785d29 [ 171.518925][ T7265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.538592][ T7265] RSP: 002b:00007f5506565038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 171.547044][ T7265] RAX: ffffffffffffffda RBX: 00007f5505975fa0 RCX: 00007f5505785d29 [ 171.555044][ T7265] RDX: 0000000000000004 RSI: 0000000000002272 RDI: 0000000000000003 [ 171.563045][ T7265] RBP: 00007f5506565090 R08: 0000000000000000 R09: 0000000000000000 [ 171.571044][ T7265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 171.579073][ T7265] R13: 0000000000000000 R14: 00007f5505975fa0 R15: 00007ffecfafe658 [ 171.587089][ T7265] [ 172.720527][ T7272] Process accounting resumed [ 172.725245][ T7272] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 173.874950][ T7279] netlink: 28 bytes leftover after parsing attributes in process `syz.2.301'. [ 174.744823][ T7300] usb usb37: usbfs: process 7300 (syz.3.304) did not claim interface 1 before use [ 175.847092][ T7323] Process accounting resumed [ 175.858439][ T7323] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 176.367733][ T7328] Process accounting resumed [ 176.377792][ T7328] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 177.851675][ T7344] vhci_hcd: default hub control req: 2205 v2008 i0000 l0 [ 179.515904][ T7336] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 180.363458][ T7378] Process accounting resumed [ 180.396060][ T7378] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 180.765062][ T7373] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 181.834174][ T7391] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 182.564443][ T7384] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 182.630332][ T7407] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 182.779309][ T7409] syz.1.326 uses obsolete (PF_INET,SOCK_PACKET) [ 182.903158][ T7411] binder: 7410:7411 ioctl c0306201 9 returned -14 [ 183.250114][ T7418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.329'. [ 183.325118][ T7418] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8) [ 183.391100][ T7415] Process accounting resumed [ 183.395986][ T7415] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 184.096734][ T7413] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 184.435266][ T7438] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 185.312439][ T7446] binder: 7445:7446 ioctl c0306201 9 returned -14 [ 185.356153][ T7444] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 186.446069][ T7450] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 186.471647][ T7466] vhci_hcd: default hub control req: 2205 v2008 i0000 l0 [ 186.750109][ T7454] Process accounting resumed [ 186.754835][ T7454] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 186.874737][ T7479] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 187.237786][ T7493] binder: 7492:7493 ioctl c0306201 9 returned -14 [ 188.015641][ T7489] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 188.123613][ T7505] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 188.161969][ T7496] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[7496] [ 188.258320][ T7509] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 189.257789][ T7529] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 189.486746][ T7548] binder: 7544:7548 ioctl c0306201 9 returned -14 [ 189.725617][ T7514] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 190.070823][ T7555] binder: 7554:7555 ioctl c0306201 9 returned -14 [ 190.245245][ T7557] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 190.315040][ T7552] Process accounting resumed [ 190.355709][ T7552] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 190.865550][ T7566] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 191.123717][ T7576] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 191.413444][ T7588] Process accounting resumed [ 191.419306][ T7586] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 191.460686][ T7588] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 193.595708][ T7605] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 193.784291][ T7625] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek [ 227.769381][ T8297] dump_stack_lvl+0x16c/0x1f0 [ 227.774124][ T8297] should_fail_ex+0x497/0x5b0 [ 227.778861][ T8297] ? fs_reclaim_acquire+0xae/0x150 [ 227.784011][ T8297] should_failslab+0xc2/0x120 [ 227.788736][ T8297] __kmalloc_noprof+0xce/0x4f0 [ 227.793562][ T8297] ? kernfs_fop_write_iter+0x223/0x500 [ 227.799070][ T8297] kernfs_fop_write_iter+0x223/0x500 [ 227.804443][ T8297] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 227.810382][ T8297] __kernel_write_iter+0x318/0xa80 [ 227.815536][ T8297] ? __pfx___kernel_write_iter+0x10/0x10 [ 227.821264][ T8297] __kernel_write+0xf6/0x140 [ 227.825901][ T8297] ? __pfx___kernel_write+0x10/0x10 [ 227.831141][ T8297] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 227.836862][ T8297] ? rcu_is_watching+0x12/0xc0 [ 227.841678][ T8297] ? acct_pin_kill+0x2d/0x100 [ 227.846395][ T8297] ? lock_acquire+0x2f/0xb0 [ 227.850926][ T8297] ? acct_pin_kill+0x2d/0x100 [ 227.855641][ T8297] do_acct_process+0xcb0/0x14a0 [ 227.860540][ T8297] ? __pfx_do_acct_process+0x10/0x10 [ 227.865888][ T8297] ? do_raw_spin_lock+0x12d/0x2c0 [ 227.871138][ T8297] acct_pin_kill+0x2d/0x100 [ 227.875684][ T8297] pin_kill+0x194/0x7c0 [ 227.879889][ T8297] ? __pfx_pin_kill+0x10/0x10 [ 227.884778][ T8297] ? rcu_is_watching+0x12/0xc0 [ 227.889580][ T8297] ? __pfx_autoremove_wake_function+0x10/0x10 [ 227.895697][ T8297] ? __x64_sys_acct+0xfe/0x220 [ 227.900514][ T8297] ? lock_acquire+0x2f/0xb0 [ 227.905045][ T8297] ? __x64_sys_acct+0xfe/0x220 [ 227.909947][ T8297] __x64_sys_acct+0x15b/0x220 [ 227.914688][ T8297] ? lockdep_hardirqs_on+0x7c/0x110 [ 227.919930][ T8297] do_syscall_64+0xcd/0x250 [ 227.924565][ T8297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.930500][ T8297] RIP: 0033:0x7f5505785d29 [ 227.934948][ T8297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.954766][ T8297] RSP: 002b:00007f5506565038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 227.963226][ T8297] RAX: ffffffffffffffda RBX: 00007f5505975fa0 RCX: 00007f5505785d29 [ 227.971232][ T8297] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 227.979233][ T8297] RBP: 00007f5506565090 R08: 0000000000000000 R09: 0000000000000000 [ 227.987240][ T8297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.995258][ T8297] R13: 0000000000000000 R14: 00007f5505975fa0 R15: 00007ffecfafe658 [ 228.003280][ T8297] [ 228.160493][ T8287] vhci_hcd: default hub control req: 726f v7075 i0000 l0 [ 228.306024][ T8308] netlink: 28 bytes leftover after parsing attributes in process `syz.0.536'. [ 228.344419][ T8308] bridge_slave_1: entered promiscuous mode [ 228.389353][ T8298] vhci_hcd: invalid port number 112 [ 228.403634][ T8298] vhci_hcd: default hub control req: 6772 v756f i0070 l0 [ 228.415476][ T8308] warning: `syz.0.536' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 228.519187][ T8304] Process accounting resumed [ 228.566032][ T8304] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 228.735697][ T8315] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 229.201309][ T8328] binder: 8327:8328 ioctl c0306201 9 returned -14 [ 229.228323][ T8328] FAULT_INJECTION: forcing a failure. [ 229.228323][ T8328] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 229.260608][ T8328] CPU: 0 UID: 0 PID: 8328 Comm: syz.1.543 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0 [ 229.271292][ T8328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 229.281400][ T8328] Call Trace: [ 229.284722][ T8328] [ 229.287692][ T8328] dump_stack_lvl+0x16c/0x1f0 [ 229.292456][ T8328] should_fail_ex+0x497/0x5b0 [ 229.297212][ T8328] _copy_to_user+0x32/0xd0 [ 229.301886][ T8328] simple_read_from_buffer+0xd0/0x160 [ 229.307346][ T8328] proc_fail_nth_read+0x198/0x270 [ 229.312456][ T8328] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 229.318112][ T8328] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 229.323743][ T8328] vfs_read+0x1df/0xbe0 [ 229.327959][ T8328] ? __fget_files+0x1fc/0x3a0 [ 229.332707][ T8328] ? __pfx___mutex_lock+0x10/0x10 [ 229.337808][ T8328] ? __pfx_vfs_read+0x10/0x10 [ 229.342559][ T8328] ? __fget_files+0x206/0x3a0 [ 229.347312][ T8328] ksys_read+0x12b/0x250 [ 229.351625][ T8328] ? __pfx_ksys_read+0x10/0x10 [ 229.356459][ T8328] do_syscall_64+0xcd/0x250 [ 229.361034][ T8328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.367001][ T8328] RIP: 0033:0x7fe10c78473c [ 229.371470][ T8328] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 229.391234][ T8328] RSP: 002b:00007fe10d60a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 229.399714][ T8328] RAX: ffffffffffffffda RBX: 00007fe10c975fa0 RCX: 00007fe10c78473c [ 229.407827][ T8328] RDX: 000000000000000f RSI: 00007fe10d60a0a0 RDI: 0000000000000004 [ 229.415857][ T8328] RBP: 00007fe10d60a090 R08: 0000000000000000 R09: 0000000000000000 [ 229.423885][ T8328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 229.425696][ T8331] Process accounting resumed [ 229.431883][ T8328] R13: 0000000000000000 R14: 00007fe10c975fa0 R15: 00007ffd7956c968 [ 229.431940][ T8328] [ 229.502585][ T8331] FAULT_INJECTION: forcing a failure. [ 229.502585][ T8331] name failslab, interval 1, probability 0, space 0, times 0 [ 229.559566][ T8331] CPU: 1 UID: 0 PID: 8331 Comm: syz.3.544 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0 [ 229.570249][ T8331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 229.580361][ T8331] Call Trace: [ 229.583686][ T8331] [ 229.586661][ T8331] dump_stack_lvl+0x16c/0x1f0 [ 229.591407][ T8331] should_fail_ex+0x497/0x5b0 [ 229.596160][ T8331] ? fs_reclaim_acquire+0xae/0x150 [ 229.601343][ T8331] should_failslab+0xc2/0x120 [ 229.606098][ T8331] __kmalloc_noprof+0xce/0x4f0 [ 229.610928][ T8331] ? kobject_get_path+0xcb/0x230 [ 229.615944][ T8331] kobject_get_path+0xcb/0x230 [ 229.620787][ T8331] kobject_synth_uevent+0x726/0x8a0 [ 229.626069][ T8331] ? __pfx_kobject_synth_uevent+0x10/0x10 [ 229.631858][ T8331] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 229.637555][ T8331] ? rcu_is_watching+0x12/0xc0 [ 229.642372][ T8331] uevent_store+0x46/0x90 [ 229.646737][ T8331] ? __pfx_uevent_store+0x10/0x10 [ 229.651802][ T8331] drv_attr_store+0x71/0xb0 [ 229.656354][ T8331] ? __pfx_drv_attr_store+0x10/0x10 [ 229.661595][ T8331] sysfs_kf_write+0x117/0x170 [ 229.666325][ T8331] kernfs_fop_write_iter+0x33d/0x500 [ 229.671653][ T8331] ? __pfx_sysfs_kf_write+0x10/0x10 [ 229.676908][ T8331] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 229.682759][ T8331] __kernel_write_iter+0x318/0xa80 [ 229.687912][ T8331] ? __pfx___kernel_write_iter+0x10/0x10 [ 229.693608][ T8331] __kernel_write+0xf6/0x140 [ 229.698235][ T8331] ? __pfx___kernel_write+0x10/0x10 [ 229.703469][ T8331] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 229.709139][ T8331] ? rcu_is_watching+0x12/0xc0 [ 229.713949][ T8331] ? acct_pin_kill+0x2d/0x100 [ 229.718656][ T8331] ? lock_acquire+0x2f/0xb0 [ 229.723224][ T8331] ? acct_pin_kill+0x2d/0x100 [ 229.727975][ T8331] do_acct_process+0xcb0/0x14a0 [ 229.732862][ T8331] ? __pfx_do_acct_process+0x10/0x10 [ 229.738189][ T8331] ? do_raw_spin_lock+0x12d/0x2c0 [ 229.743287][ T8331] acct_pin_kill+0x2d/0x100 [ 229.747852][ T8331] pin_kill+0x194/0x7c0 [ 229.752057][ T8331] ? __pfx_pin_kill+0x10/0x10 [ 229.756773][ T8331] ? rcu_is_watching+0x12/0xc0 [ 229.761588][ T8331] ? __pfx_autoremove_wake_function+0x10/0x10 [ 229.767795][ T8331] ? __x64_sys_acct+0xfe/0x220 [ 229.772632][ T8331] ? lock_acquire+0x2f/0xb0 [ 229.777169][ T8331] ? __x64_sys_acct+0xfe/0x220 [ 229.781974][ T8331] __x64_sys_acct+0x15b/0x220 [ 229.786679][ T8331] ? lockdep_hardirqs_on+0x7c/0x110 [ 229.791916][ T8331] do_syscall_64+0xcd/0x250 [ 229.796466][ T8331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.802406][ T8331] RIP: 0033:0x7fb37c385d29 [ 229.806864][ T8331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.826642][ T8331] RSP: 002b:00007fb37d104038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 229.835100][ T8331] RAX: ffffffffffffffda RBX: 00007fb37c575fa0 RCX: 00007fb37c385d29 [ 229.843109][ T8331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 229.851109][ T8331] RBP: 00007fb37d104090 R08: 0000000000000000 R09: 0000000000000000 [ 229.859120][ T8331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 229.867122][ T8331] R13: 0000000000000000 R14: 00007fb37c575fa0 R15: 00007fff187fb0b8 [ 229.875149][ T8331] [ 229.884176][ T8331] synth uevent: unknown device: unknown uevent action string [ 229.952853][ T8333] netlink: 28 bytes leftover after parsing attributes in process `syz.1.545'. [ 230.079558][ T8317] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 230.458965][ T8346] Process accounting resumed [ 230.464026][ T8346] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 231.189437][ T8341] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 231.450331][ T8372] block mtdblock0: the capability attribute has been deprecated. [ 231.478950][ T8359] usb usb37: usbfs: process 8359 (syz.1.553) did not claim interface 1 before use [ 231.510968][ T8349] vhci_hcd: invalid port number 112 [ 231.516684][ T8349] vhci_hcd: default hub control req: 6772 v756f i0070 l0 [ 231.588866][ T8363] synth uevent: /bus/usb/drivers/gud: unknown uevent action string syzkaller syzkaller login: [ 231.680828][ T8375] netlink: 28 bytes leftover after parsing attributes in process `syz.3.556'. [ 231.711126][ T8380] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 231.720819][ T8380] Process accounting resumed [ 231.723728][ T8375] bridge_slave_1: entered promiscuous mode [ 231.725769][ T8380] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 231.740718][ T8380] FAULT_INJECTION: forcing a failure. [ 231.740718][ T8380] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 231.753920][ T8380] CPU: 0 UID: 0 PID: 8380 Comm: syz.2.557 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0 [ 231.764561][ T8380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 231.774641][ T8380] Call Trace: [ 231.777941][ T8380] [ 231.780895][ T8380] dump_stack_lvl+0x16c/0x1f0 [ 231.785629][ T8380] should_fail_ex+0x497/0x5b0 [ 231.790348][ T8380] _copy_to_user+0x32/0xd0 [ 231.794828][ T8380] simple_read_from_buffer+0xd0/0x160 [ 231.800247][ T8380] proc_fail_nth_read+0x198/0x270 [ 231.805330][ T8380] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 231.810938][ T8380] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 231.816535][ T8380] vfs_read+0x1df/0xbe0 [ 231.820739][ T8380] ? __fget_files+0x1fc/0x3a0 [ 231.825453][ T8380] ? __pfx___mutex_lock+0x10/0x10 [ 231.830524][ T8380] ? __pfx_vfs_read+0x10/0x10 [ 231.835252][ T8380] ? __fget_files+0x206/0x3a0 [ 231.839981][ T8380] ksys_read+0x12b/0x250 [ 231.844258][ T8380] ? __pfx_ksys_read+0x10/0x10 [ 231.849067][ T8380] do_syscall_64+0xcd/0x250 [ 231.853618][ T8380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.859561][ T8380] RIP: 0033:0x7efd3278473c [ 231.864032][ T8380] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 231.883670][ T8380] RSP: 002b:00007efd33558030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 231.892122][ T8380] RAX: ffffffffffffffda RBX: 00007efd32975fa0 RCX: 00007efd3278473c [ 231.900129][ T8380] RDX: 000000000000000f RSI: 00007efd335580a0 RDI: 0000000000000003 [ 231.908161][ T8380] RBP: 00007efd33558090 R08: 0000000000000000 R09: 0000000000000000 [ 231.916191][ T8380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 231.924205][ T8380] R13: 0000000000000000 R14: 00007efd32975fa0 R15: 00007fff655120b8 [ 231.932230][ T8380] [ 232.239924][ T8390] Process accounting resumed [ 232.244653][ T8390] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 232.421233][ T8395] can: request_module (can-proto-5) failed. [ 233.154265][ T8386] lo: entered allmulticast mode [ 233.183280][ T8385] lo: left allmulticast mode [ 233.201411][ T8415] usb usb37: usbfs: process 8415 (syz.2.568) did not claim interface 1 before use [ 233.497732][ T8428] ptp ptp0: only physical clock in use now [ 235.632211][ T8493] Process accounting resumed [ 235.637169][ T8493] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 236.120930][ T29] audit: type=1800 audit(1736833671.116:5): pid=8508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.589" name="dbroot" dev="configfs" ino=17792 res=0 errno=0 [ 236.748048][ T8523] binder: 8522:8523 ioctl c0306201 9 returned -14 [ 237.187412][ T8529] Process accounting resumed [ 237.205648][ T8529] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 237.851374][ T8545] usb usb37: usbfs: process 8545 (syz.0.598) did not claim interface 1 before use [ 239.309398][ T8595] Process accounting resumed [ 239.319482][ T8595] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 239.336816][ T8595] Process accounting resumed [ 239.348420][ T8595] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 239.631132][ T8601] netlink: 338 bytes leftover after parsing attributes in process `syz.0.612'. [ 239.739790][ T8605] netlink: 338 bytes leftover after parsing attributes in process `syz.0.612'. [ 239.874757][ T8601] netlink: 98 bytes leftover after parsing attributes in process `syz.0.612'. [ 239.895109][ T8601] veth0_macvtap: left promiscuous mode [ 240.568902][ T8612] Process accounting resumed [ 240.582676][ T8612] synth uevent: /bus/usb/drivers/gud: unknown uevent action string syzkaller syzkaller login: [ 241.526091][ T8623] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 241.799379][ T8641] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 242.066542][ T8647] Process accounting resumed [ 242.080595][ T8647] synth uevent: /bus/usb/drivers/gud: unknown uevent action string [ 242.224065][ T8645] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 242.225584][ T8650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.623'. [ 242.286368][ T8650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.623'. [ 242.451462][ T8656] binder: 8651:8656 ioctl c0306201 9 returned -14 [ 242.672147][ T8662] netlink: 338 bytes leftover after parsing attributes in process `syz.3.625'. [ 242.696128][ T8662] netlink: 338 bytes leftover after parsing attributes in process `syz.3.625'. [ 242.768493][ T8662] netlink: 98 bytes leftover after parsing attributes in process `syz.3.625'. [ 242.791049][ T8662] veth0_macvtap: left promiscuous mode [ 243.418079][ T8666] usb usb37: usbfs: process 8666 (syz.2.628) did not claim interface 1 before use [ 244.560859][ T8693] usb usb37: usbfs: process 8693 (syz.1.633) did not claim interface 1 before use [ 245.534670][ T8708] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 247.682383][ T8738] binder: 8737:8738 ioctl c0306201 9 returned -14 [ 249.101244][ T8752] usb usb37: usbfs: process 8752 (syz.0.644) did not claim interface 1 before use syzkaller syzkaller login: [ 249.195402][ T8769] netlink: 338 bytes leftover after parsing attributes in process `syz.1.646'. [ 249.314195][ T8774] netlink: 338 bytes leftover after parsing attributes in process `syz.1.646'. [ 249.348424][ T8769] netlink: 110 bytes leftover after parsing attributes in process `syz.1.646'. [ 249.360465][ T8769] veth0_macvtap: left promiscuous mode [ 250.189216][ T8795] binder: 8792:8795 ioctl c0306201 9 returned -14 [ 250.531133][ T8798] FAULT_INJECTION: forcing a failure. [ 250.531133][ T8798] name failslab, interval 1, probability 0, space 0, times 0 [ 250.546428][ T8798] CPU: 0 UID: 0 PID: 8798 Comm: syz.0.654 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0 [ 250.557096][ T8798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 250.567214][ T8798] Call Trace: [ 250.570539][ T8798] [ 250.573514][ T8798] dump_stack_lvl+0x16c/0x1f0 [ 250.578263][ T8798] should_fail_ex+0x497/0x5b0 [ 250.583015][ T8798] ? fs_reclaim_acquire+0xae/0x150 [ 250.588203][ T8798] should_failslab+0xc2/0x120 [ 250.592959][ T8798] __kmalloc_noprof+0xce/0x4f0 [ 250.597798][ T8798] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 250.603482][ T8798] ? tomoyo_realpath_from_path+0xbf/0x710 [ 250.609249][ T8798] tomoyo_realpath_from_path+0xbf/0x710 [ 250.614835][ T8798] ? tomoyo_path_number_perm+0x235/0x5b0 [ 250.620520][ T8798] tomoyo_path_number_perm+0x248/0x5b0 [ 250.626025][ T8798] ? tomoyo_path_number_perm+0x235/0x5b0 [ 250.631709][ T8798] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 250.637764][ T8798] ? __pfx_lock_release+0x10/0x10 [ 250.642824][ T8798] ? trace_lock_acquire+0x14e/0x1f0 [ 250.648068][ T8798] ? lock_acquire+0x2f/0xb0 [ 250.652598][ T8798] ? __fget_files+0x40/0x3a0 [ 250.657266][ T8798] ? __fget_files+0x206/0x3a0 [ 250.661985][ T8798] security_file_ioctl+0x9b/0x240 [ 250.667048][ T8798] __x64_sys_ioctl+0xb7/0x200 [ 250.671765][ T8798] do_syscall_64+0xcd/0x250 [ 250.676315][ T8798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.682262][ T8798] RIP: 0033:0x7f5505785d29 [ 250.686703][ T8798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.706342][ T8798] RSP: 002b:00007f5506565038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 250.714789][ T8798] RAX: ffffffffffffffda RBX: 00007f5505975fa0 RCX: 00007f5505785d29 [ 250.722788][ T8798] RDX: 0000000000000001 RSI: 000000008004550f RDI: 0000000000000003 [ 250.730782][ T8798] RBP: 00007f5506565090 R08: 0000000000000000 R09: 0000000000000000 [ 250.738781][ T8798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.746775][ T8798] R13: 0000000000000000 R14: 00007f5505975fa0 R15: 00007ffecfafe658 [ 250.754800][ T8798] [ 250.799896][ T8798] ERROR: Out of memory at tomoyo_realpath_from_path. [ 251.480427][ T8804] usb usb37: usbfs: process 8804 (syz.3.656) did not claim interface 1 before use [ 252.786121][ T8816] usb usb37: usbfs: process 8816 (syz.3.658) did not claim interface 1 before use [ 253.361225][ T8835] FAULT_INJECTION: forcing a failure. [ 253.361225][ T8835] name failslab, interval 1, probability 0, space 0, times 0 [ 253.404759][ T8835] CPU: 1 UID: 0 PID: 8835 Comm: syz.3.663 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0 [ 253.415450][ T8835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 253.425561][ T8835] Call Trace: [ 253.428885][ T8835] [ 253.431903][ T8835] dump_stack_lvl+0x16c/0x1f0 [ 253.436648][ T8835] should_fail_ex+0x497/0x5b0 [ 253.441401][ T8835] ? fs_reclaim_acquire+0xae/0x150 [ 253.446579][ T8835] should_failslab+0xc2/0x120 [ 253.451324][ T8835] __kmalloc_cache_noprof+0x68/0x420 [ 253.456651][ T8835] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 253.462152][ T8835] ? __pfx_lock_release+0x10/0x10 [ 253.467556][ T8835] gpiolib_seq_start+0x69/0x270 [ 253.472455][ T8835] seq_read_iter+0x2ab/0x12b0 [ 253.477179][ T8835] seq_read+0x39f/0x4e0 [ 253.481369][ T8835] ? __pfx_seq_read+0x10/0x10 [ 253.486087][ T8835] ? __debugfs_file_get+0x43d/0x5d0 [ 253.491352][ T8835] full_proxy_read+0xfd/0x1b0 [ 253.496068][ T8835] ? __pfx_full_proxy_read+0x10/0x10 [ 253.501398][ T8835] vfs_read+0x1df/0xbe0 [ 253.505593][ T8835] ? __fget_files+0x1fc/0x3a0 [ 253.510308][ T8835] ? __pfx___mutex_lock+0x10/0x10 [ 253.515380][ T8835] ? __pfx_vfs_read+0x10/0x10 [ 253.520109][ T8835] ? __fget_files+0x206/0x3a0 [ 253.524861][ T8835] ksys_read+0x12b/0x250 [ 253.529141][ T8835] ? __pfx_ksys_read+0x10/0x10 [ 253.533957][ T8835] do_syscall_64+0xcd/0x250 [ 253.538504][ T8835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.544440][ T8835] RIP: 0033:0x7fb37c385d29 [ 253.548886][ T8835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.568979][ T8835] RSP: 002b:00007fb37d104038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 253.577431][ T8835] RAX: ffffffffffffffda RBX: 00007fb37c575fa0 RCX: 00007fb37c385d29 [ 253.585433][ T8835] RDX: 00000000000003ba RSI: 0000000000000000 RDI: 0000000000000003 [ 253.593429][ T8835] RBP: 00007fb37d104090 R08: 0000000000000000 R09: 0000000000000000 [ 253.601428][ T8835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 253.609424][ T8835] R13: 0000000000000000 R14: 00007fb37c575fa0 R15: 00007fff187fb0b8 [ 253.617441][ T8835] [ 253.840227][ T8835] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 253.852984][ T8835] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 253.861439][ T8835] CPU: 0 UID: 0 PID: 8835 Comm: syz.3.663 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0 [ 253.872077][ T8835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 253.882179][ T8835] RIP: 0010:gpiolib_seq_stop+0x4c/0xe0 [ 253.887713][ T8835] Code: 48 c1 ea 03 80 3c 02 00 0f 85 98 00 00 00 48 8b 9b e0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 60 8b [ 253.907456][ T8835] RSP: 0018:ffffc900042bfae0 EFLAGS: 00010247 [ 253.913551][ T8835] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000400 [ 253.921540][ T8835] RDX: 0000000000000000 RSI: ffffffff84cce23e RDI: 0000000000000004 [ 253.929531][ T8835] RBP: 0000000000000000 R08: 0000000000000dc0 R09: 00000000ffffffff [ 253.937551][ T8835] R10: ffffffff8df7ce93 R11: 0000000000000001 R12: 0000000000000000 [ 253.945551][ T8835] R13: ffffffff8bb59da0 R14: 0000000000000000 R15: ffffc900042bfc48 [ 253.953555][ T8835] FS: 00007fb37d1046c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 253.962517][ T8835] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 253.969132][ T8835] CR2: 0000001b308d6ff8 CR3: 00000000341d4000 CR4: 00000000003526f0 [ 253.977123][ T8835] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 253.985114][ T8835] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 253.993102][ T8835] Call Trace: [ 253.996392][ T8835] [ 253.999335][ T8835] ? die_addr+0x3b/0xa0 [ 254.003517][ T8835] ? exc_general_protection+0x155/0x230 [ 254.009105][ T8835] ? asm_exc_general_protection+0x26/0x30 [ 254.014864][ T8835] ? gpiolib_seq_stop+0xe/0xe0 [ 254.019670][ T8835] ? gpiolib_seq_stop+0x4c/0xe0 [ 254.024563][ T8835] seq_read_iter+0x5ff/0x12b0 [ 254.029274][ T8835] seq_read+0x39f/0x4e0 [ 254.033451][ T8835] ? __pfx_seq_read+0x10/0x10 [ 254.038152][ T8835] ? __debugfs_file_get+0x43d/0x5d0 [ 254.043389][ T8835] full_proxy_read+0xfd/0x1b0 [ 254.048099][ T8835] ? __pfx_full_proxy_read+0x10/0x10 [ 254.053431][ T8835] vfs_read+0x1df/0xbe0 [ 254.057620][ T8835] ? __fget_files+0x1fc/0x3a0 [ 254.062397][ T8835] ? __pfx___mutex_lock+0x10/0x10 [ 254.067474][ T8835] ? __pfx_vfs_read+0x10/0x10 [ 254.072189][ T8835] ? __fget_files+0x206/0x3a0 [ 254.076964][ T8835] ksys_read+0x12b/0x250 [ 254.081251][ T8835] ? __pfx_ksys_read+0x10/0x10 [ 254.086064][ T8835] do_syscall_64+0xcd/0x250 [ 254.090628][ T8835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.096558][ T8835] RIP: 0033:0x7fb37c385d29 [ 254.100992][ T8835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.120624][ T8835] RSP: 002b:00007fb37d104038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 254.129083][ T8835] RAX: ffffffffffffffda RBX: 00007fb37c575fa0 RCX: 00007fb37c385d29 [ 254.137083][ T8835] RDX: 00000000000003ba RSI: 0000000000000000 RDI: 0000000000000003 [ 254.145074][ T8835] RBP: 00007fb37d104090 R08: 0000000000000000 R09: 0000000000000000 [ 254.153081][ T8835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.161087][ T8835] R13: 0000000000000000 R14: 00007fb37c575fa0 R15: 00007fff187fb0b8 [ 254.169099][ T8835] [ 254.172140][ T8835] Modules linked in: [ 254.176837][ T8835] ---[ end trace 0000000000000000 ]--- [ 254.190815][ T8835] RIP: 0010:gpiolib_seq_stop+0x4c/0xe0 [ 254.196721][ T8835] Code: 48 c1 ea 03 80 3c 02 00 0f 85 98 00 00 00 48 8b 9b e0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 60 8b [ 254.216597][ T8835] RSP: 0018:ffffc900042bfae0 EFLAGS: 00010247 [ 254.252297][ T8835] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000400 [ 254.265155][ T8835] RDX: 0000000000000000 RSI: ffffffff84cce23e RDI: 0000000000000004 [ 254.284143][ T8835] RBP: 0000000000000000 R08: 0000000000000dc0 R09: 00000000ffffffff [ 254.312246][ T8835] R10: ffffffff8df7ce93 R11: 0000000000000001 R12: 0000000000000000 [ 254.334864][ T8835] R13: ffffffff8bb59da0 R14: 0000000000000000 R15: ffffc900042bfc48 [ 254.353893][ T8835] FS: 00007fb37d1046c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 254.374624][ T8835] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 254.392002][ T8835] CR2: 00000000007d9000 CR3: 00000000341d4000 CR4: 00000000003526f0 [ 254.416719][ T8835] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 254.435517][ T8835] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 254.454204][ T8835] Kernel panic - not syncing: Fatal exception [ 254.460632][ T8835] Kernel Offset: disabled [ 254.464963][ T8835] Rebooting in 86400 seconds..