last executing test programs: 11m3.649496803s ago: executing program 3 (id=44): creat$auto(&(0x7f0000000080)='++\x00', 0xd) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, 0x0, 0x7ef) socketpair$auto(0xd46, 0x0, 0xfff, &(0x7f0000000040)=0x200) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) modify_ldt$auto(0x1, 0x0, 0x10) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x61, 0x80000001, 0x3, 0x1, 0x9, 0x7]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) sendfile$auto(r4, r4, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000) r5 = open(0x0, 0x0, 0x187) newfstatat$auto(r5, 0x0, 0x0, 0x1000) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/nr10/statistics/tx_dropped\x00', 0x201, 0x0) sendfile$auto(r6, r7, 0x0, 0x1000200) r8 = socket(0x2b, 0x1, 0x1) ioctl$auto(r8, 0x8901, 0x4) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0x8, 0x16) ioctl$auto_BLKTRACESETUP32(r3, 0xc0401273, 0x0) 11m2.324494363s ago: executing program 3 (id=52): close_range$auto(0x2, 0x8, 0x0) socket(0x2b, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/vrf/strict_mode\x00', 0x80202, 0x0) sendfile$auto(r0, 0x3, 0x0, 0x400000000008) 11m2.104808283s ago: executing program 3 (id=54): close_range$auto(0x2, 0x8, 0x0) socket(0x2b, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/vrf/strict_mode\x00', 0x80202, 0x0) sendfile$auto(r0, 0x3, 0x0, 0x400000000008) (fail_nth: 1) 11m1.154392218s ago: executing program 3 (id=55): r0 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range$auto(r0, r0, 0xb) socket(0x2b, 0x1, 0x0) r1 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/dri/vkms/gem_names\x00', 0x2100, 0x0) lseek$auto(r1, 0x9, 0x0) getsockopt$auto_SO_TIMESTAMP_NEW(r1, 0x7711, 0x3f, &(0x7f00000000c0)='/sys/kernel/debug/binder/state\x00', &(0x7f0000000100)=0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/vrf/strict_mode\x00', 0x80202, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x24, r4, 0xab2b6f799ad46cb1, 0x70bd27, 0x25dfdbfd, {}, [@GTPA_VERSION={0x8, 0x2, 0x18e}, @GTPA_LINK={0x8, 0x1, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x8000000) sendfile$auto(r2, 0x3, 0x0, 0x400000000008) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/card1/pcm0c/sub4/hw_params\x00', 0x800, 0x0) 11m0.97244633s ago: executing program 3 (id=56): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = io_uring_setup$auto(0x1, 0x0) r1 = setfsuid$auto(0x0) setuid$auto(r1) r2 = getegid() msgctl$auto(0x8, 0x8, &(0x7f0000000180)={{0x8, 0xffffffffffffffff, r2, 0x7ff, 0x2, 0x4c4, 0x2}, 0x0, &(0x7f0000000140)=0x2, 0x8, 0x8000, 0x96e, 0x5, 0x8, 0x7, 0x6c, 0x3, @raw=0x9, @raw=0x7}) shmctl$auto_IPC_STAT(0x5, 0x2, &(0x7f0000000380)={{0x0, r3, r2, 0x8, 0xc0000000, 0x81, 0xc}, 0x80000000, 0x4, 0x3, 0x7, @inferred, @raw=0x4, 0xfd8c, 0x0, &(0x7f00000002c0), 0x0}) keyctl$auto(0xffffff82, 0x7, r3, r2, 0x3) fchown$auto(r0, r1, r2) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) write$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000001080)="2b680b7911c587e933c4f27c44631c", 0xf) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001040)='/sys/devices/virtual/bdi/250:0/stable_pages_required\x00', 0x103700, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000000)=""/4101, 0x1005) pidfd_send_signal$auto_PIDFD_SIGNAL_THREAD(r4, 0x7fffffff, &(0x7f00000010c0)={@_si_pad}, 0x1) tkill$auto(0x1, 0x7) 11m0.02288577s ago: executing program 3 (id=59): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x14, 0x0, 0x4) r1 = socket(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wg1\x00', 0x0}) sendto$auto(0x3, 0x0, 0x13, 0xfffffff9, &(0x7f0000000440)=@xdp={0x2c, 0x4, r2, 0x10, 0x4000000}, 0x22) 10m59.395133758s ago: executing program 32 (id=59): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x14, 0x0, 0x4) r1 = socket(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wg1\x00', 0x0}) sendto$auto(0x3, 0x0, 0x13, 0xfffffff9, &(0x7f0000000440)=@xdp={0x2c, 0x4, r2, 0x10, 0x4000000}, 0x22) 2m30.044892379s ago: executing program 4 (id=1848): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket(0x29, 0x2, 0x0) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) ioctl$auto_TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000040)=0x7ce5f24b) r2 = getpid() mremap$auto(0x0, 0x4000007, 0x3fd7, 0x0, 0x20000020000000) process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) lseek$auto(0x3, 0x8, 0x1) ioctl$auto(0x3, 0x400454ca, 0x38) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r3, 0x0, 0x80000000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) msync$auto(0x0, 0xe0, 0x6) madvise$auto(0x0, 0x401, 0x15) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x1, 0x0, 0x0, &(0x7f0000000200)={[0xf, 0x7, 0xd, 0x8fd6, 0x948d, 0x3, 0x80, 0x3, 0x2, 0x8000000010000001, 0x7, 0x100000000000007, 0xd, 0x9, 0x4, 0xfffffffffffffffe]}, 0x0) read$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffffff, &(0x7f0000000440)=""/242, 0xf2) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/config/nullb/features\x00', 0x280380, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) 2m28.213681377s ago: executing program 4 (id=1852): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x10, 0x0) r0 = fsopen$auto(0x0, 0x1) memfd_secret$auto(0x0) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r1 = socket(0x18, 0x5, 0x1) connect$auto(r1, 0x0, 0x3a) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x9, 0x40, 0x8000000008012, 0x3, 0x8000) fsconfig$auto(r0, 0x0, &(0x7f0000000000)='Q**\x00', &(0x7f0000000040)="2b24f0e74a0a2d348086fdf312ec6e329cb1c003dadc8460fc94a3", 0x0) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x7) 2m28.087375071s ago: executing program 4 (id=1853): select$auto(0x3, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000001d40)={0x34, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}]}, @ETHTOOL_A_RINGS_TCP_DATA_SPLIT={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x80000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) r2 = clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x3, 0x40000b, 0xdf, 0x10010, 0xffffffffffffffff, 0x80) r3 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_clone3(&(0x7f0000001280)={0x120020480, 0x0, 0x0, 0x0, {0x30}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd12\x00', 0x88080, 0x0) ioctl$auto_IOC_PR_RESERVE(r4, 0x401070c9, 0x0) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), r4) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)={0x28, 0x0, 0xb11, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_TT_ADDRESS={0xa, 0x10, @local}]}, 0x28}, 0x1, 0x0, 0x0, 0x4001}, 0x115605fe6c5c1788) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00042abd7000fcdbdf2521000000050025000a00000008001d00", @ANYRES32, @ANYBLOB, @ANYRES32=r2, @ANYBLOB="06000a001000000008100e0000000080"], 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x80) ioctl$auto_IMADDTIMER(r3, 0x80044940, 0x0) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) shmdt$auto(&(0x7f0000000000)=':-h!/-^@(\']@%]/\x00') 2m27.043938492s ago: executing program 4 (id=1854): r0 = getpid() r1 = pidfd_open$auto(r0, 0x0) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x480, 0x0) ioctl$auto(r1, 0x541b, r1) prctl$auto(0xf6b, 0x80000001, r0, 0x8, 0x5) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r2, 0xaf01, 0x5) socketpair$auto(0x5, 0x0, 0x2, &(0x7f0000000000)=0xc6) 2m26.76384986s ago: executing program 4 (id=1857): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020008, 0x7, 0xb9, 0xfffffffffffffffa, 0x9) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) fcntl$auto(0x3, 0x4, 0xa553) swapon$auto(&(0x7f0000000000)='/dev/loop7\x00', 0x4) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) mmap$auto(0x0, 0x20009, 0x3, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) read$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000000040)=""/1, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r2 = io_uring_setup$auto(0x1, 0x0) io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) io_uring_register$auto(0x2, 0x6, &(0x7f0000000180), 0x86) mmap$auto(0x0, 0x7fffffff, 0x7, 0x1f, r2, 0xc) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x1ff000, 0x8, 0x843, 0x3, 0xfffff000) socketpair$auto(0x81, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/tty/tty5/power/runtime_status\x00', 0x129302, 0x0) read$auto(r3, 0x0, 0x18) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) close_range$auto(0x2, 0x8, 0x0) 2m26.604947315s ago: executing program 4 (id=1858): gettid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20005, 0xdf, 0xeb1, 0x40000000000a5, 0x1) r0 = socket(0xa, 0x3, 0x3a) close$auto(r0) r1 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r1, 0x4000008, &(0x7f0000000440)="bde659a35aa78e1ec40b09726039a7c37bc43722dcbbabcf241ed4a841eb53893399e887c3a96bca898cdc604b2100d3d15a32a3a2149c31d426d33e91ee7e21c998120f925901bc2f3c33ed398cc034a592a853acef6b31645df7a029f0a1916aa1d87494d0b3e67dbab1c9c8f093faaa522f60e859439b9b9ff94509455b1b3bbfe1a036d02a0f8dcd9fcf1b7d6c4ffbc296b63f034cc93645dc2a560d93361cfdb1d4f2cb85d264d02396acd9a13f67f2b78990a542bce9196576ae8a29f39d935be5a64f53decbd0658a800ad845b538e363a37c8bbc70df521bac20de94009a664a52d1550a49590003212677720f899943e196e457ddeaf019b5eefaf1b273ac33514c8e53c429c7271401559d3fb68ea242ed2ac54b80c6733aadcc32ce06451a1728e9accef25127effee1ecde45e12791049055f5476772a7a95eac5cb38931ded98f1cb3b349632d63640e251b58d09f24ba14a79766e1bcb3ee3cc8781b8c329aad6c9d2dfdc6b915183a1add5bbd20f890f1bef1b40c3f37eb1d7e38d7c7bc15db2b28d8b4fa42898daa47b817f71c432ba4787b04c7cf3e977606b361db7386dcfdf47ae0ff766fe5c9ebca3d57495fcd8cc99cdc5c08f1a112dabcd8c0f2bfaf825e7f826ee66df4d17a14bebca236abc151c788d8bbcea63534fc3083c5b3395ed426f417232cc6beaf4ef4f17615e691654ebd2228000000000000000000934242d2018deaa3ee137fe905ede8c56d9aee91783fdacae95ce820b92335ddcf28993a094d033afa8b89eafbabddd0713683f3", 0x401000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x1, 0x6, 0x8, 0x7fffffff, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c47, 0x4, 0x100, 0x7ffffffb, 0x101, 0x800, 0x3}, {0x8, 0x1, 0x52, 0x5, 0x2, 0x40, 0x76c5, 0x8, 0x100000000}}) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) semctl$auto(0x1ff, 0x2, 0x13, 0x1) io_uring_enter$auto(0x3, 0x5, 0xffffffff, 0x3, 0x0, 0x2) mmap$auto(0x2, 0x400008, 0xfffffffffffffffe, 0x9b76, 0x2, 0x3) socket(0x1d, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'veth1_to_bridge\x00', 0x0}) io_uring_setup$auto(0x1, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r2}, 0x18) write$auto(0x3, 0x0, 0x5c8) close_range$auto(r1, 0x8, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x2, 0x2) io_uring_register$auto(0xffffffffffffffff, 0x3f, 0x0, 0x1) write$auto(0xffffffffffffffff, 0x0, 0x7) madvise$auto(0x0, 0x711, 0x1a) socketpair$auto(0x1, 0x0, 0x0, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000040), 0x2c0240, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) 2m10.934837094s ago: executing program 33 (id=1858): gettid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20005, 0xdf, 0xeb1, 0x40000000000a5, 0x1) r0 = socket(0xa, 0x3, 0x3a) close$auto(r0) r1 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r1, 0x4000008, &(0x7f0000000440)="bde659a35aa78e1ec40b09726039a7c37bc43722dcbbabcf241ed4a841eb53893399e887c3a96bca898cdc604b2100d3d15a32a3a2149c31d426d33e91ee7e21c998120f925901bc2f3c33ed398cc034a592a853acef6b31645df7a029f0a1916aa1d87494d0b3e67dbab1c9c8f093faaa522f60e859439b9b9ff94509455b1b3bbfe1a036d02a0f8dcd9fcf1b7d6c4ffbc296b63f034cc93645dc2a560d93361cfdb1d4f2cb85d264d02396acd9a13f67f2b78990a542bce9196576ae8a29f39d935be5a64f53decbd0658a800ad845b538e363a37c8bbc70df521bac20de94009a664a52d1550a49590003212677720f899943e196e457ddeaf019b5eefaf1b273ac33514c8e53c429c7271401559d3fb68ea242ed2ac54b80c6733aadcc32ce06451a1728e9accef25127effee1ecde45e12791049055f5476772a7a95eac5cb38931ded98f1cb3b349632d63640e251b58d09f24ba14a79766e1bcb3ee3cc8781b8c329aad6c9d2dfdc6b915183a1add5bbd20f890f1bef1b40c3f37eb1d7e38d7c7bc15db2b28d8b4fa42898daa47b817f71c432ba4787b04c7cf3e977606b361db7386dcfdf47ae0ff766fe5c9ebca3d57495fcd8cc99cdc5c08f1a112dabcd8c0f2bfaf825e7f826ee66df4d17a14bebca236abc151c788d8bbcea63534fc3083c5b3395ed426f417232cc6beaf4ef4f17615e691654ebd2228000000000000000000934242d2018deaa3ee137fe905ede8c56d9aee91783fdacae95ce820b92335ddcf28993a094d033afa8b89eafbabddd0713683f3", 0x401000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x1, 0x6, 0x8, 0x7fffffff, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c47, 0x4, 0x100, 0x7ffffffb, 0x101, 0x800, 0x3}, {0x8, 0x1, 0x52, 0x5, 0x2, 0x40, 0x76c5, 0x8, 0x100000000}}) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) semctl$auto(0x1ff, 0x2, 0x13, 0x1) io_uring_enter$auto(0x3, 0x5, 0xffffffff, 0x3, 0x0, 0x2) mmap$auto(0x2, 0x400008, 0xfffffffffffffffe, 0x9b76, 0x2, 0x3) socket(0x1d, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'veth1_to_bridge\x00', 0x0}) io_uring_setup$auto(0x1, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r2}, 0x18) write$auto(0x3, 0x0, 0x5c8) close_range$auto(r1, 0x8, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x2, 0x2) io_uring_register$auto(0xffffffffffffffff, 0x3f, 0x0, 0x1) write$auto(0xffffffffffffffff, 0x0, 0x7) madvise$auto(0x0, 0x711, 0x1a) socketpair$auto(0x1, 0x0, 0x0, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000040), 0x2c0240, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) 19.78885576s ago: executing program 0 (id=2233): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000229bd70001cdddf250200020008000308"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/apparmor/current\x00', 0x141000, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) io_uring_setup$auto(0x0, 0x0) socket(0xa, 0x3, 0xff) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x3f) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0) r1 = socket(0x1b, 0x3, 0x76) madvise$auto(0x0, 0x2000040080000003, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(r1, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x10006, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x58, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x801, 0x106) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto(r2, 0x11c, 0x1, 0x0, 0x0) 18.058596704s ago: executing program 0 (id=2239): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/packet\x00', 0x2880, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001300)=""/4096, 0x1000) (async) mmap$auto(0x81, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) (async) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000003c0)) (async) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async, rerun: 32) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 32) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x2ab01, 0x0) io_uring_register$auto_IORING_REGISTER_CLOCK(r2, 0x1d, &(0x7f0000000380)="faef58", 0xc2) (async, rerun: 64) ioctl$auto_USBDEVFS_DROP_PRIVILEGES(r3, 0x4004551e, 0x0) (async, rerun: 64) sendfile$auto(0xffffffffffffffff, 0x3, 0x0, 0x400000000008) (async) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) (async, rerun: 32) r4 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) rmdir$auto(&(0x7f0000000080)='./cgroup/../file0\x00') syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r4) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) writev$auto(0x3, 0x0, 0x8009) (async) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x7fffffff, 0x10000000, 0x80) (async) fsopen$auto(0x0, 0x1) (async, rerun: 64) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x5, 0x1, 0x8, 0xd, 0xe13, 0x81, 0xe, 0x2000000000000002, 0x0, 0x9, 0x1, 0x2, 0x7ffffffd, 0x8627, 0x9, 0x20000800001, 0x3, 0x5, 0x1eb68525, 0x6, 0x7, 0x0, 0xffffffee, 0x2a17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x18, 0x6, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x100000000, 0x8, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7, 0x0, 0x0, 0x2]}, 0x209, 0x81) (async, rerun: 64) r5 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r5, 0x0, 0x101, 0x103) (async) read$auto_mon_fops_text_t_mon_text(r5, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) (async) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f000000c380)={0x60, 0x10001, 0x2100002, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x8, 0xc351, 0x5, 0x2c, 0x3, 0x7}) (async) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, 0x0, 0x1, 0x0) 16.061580778s ago: executing program 0 (id=2244): ptrace$auto(0x6, 0x1, 0x3, 0x180000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x4040, 0x0) fadvise64$auto(r1, 0x8, 0x400000000000006, 0x4) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f00000000c0)={&(0x7f0000000080)="4c0600", 0x4b}, 0x2, 0x0, 0x5, 0x3ff}, 0xa2}, 0x2, 0x100) 15.412586047s ago: executing program 0 (id=2247): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x2000d, 0x3eb8000000000, 0x11, 0x404, 0x10007ffd) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/scsi\x00', 0x80002, 0x0) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f00000024c0)="a458f4e5e5f4bcc7fad26fd67f02b7cd05e6589800c28ef8f8202c09b2638f3653c6ed3b849812627a484d93e7ca38bb6c75b1d0f95ba576d7f2aba7a6e17d8a748fa2c2b65445121fdb006e371bc9da60cdd2378cf6a100a75f14aee91714b49cf0714f88fa5e59aae9bcf9c237ad19523f31da1c288cdf62813dd7d4d35f4f653b02ee9be0d662a5b8c4b2abd40ce043cd48819ea9eaa38e675e316b30542f9931634b3a830a7b54d420ab67826dddb406fed3bed2b77ecb0a7d4e2af6b59bab4910255fc1c235940b6f7f253131c3cd2ac263c02923997e0d75105d0d2cf679ea39a73b46233a7ae8e3bbfb0d80046e233f9d8c5560fe1c960668ebcbe0f83692592c77c17cd13221d12f7101576ebed9672885ab88780d1e19fac43722706ec0ba321cbad1a4655b89cf162edf24d1fefcae46d1249c3454cec842f32115775e6874e5cd7ded5dd35826f4cd5305cb3ef22976a7038ab5b6c2f47ab885ca72fac9790238d313859fab15b48ac55d1f572eedc5696e7699164709ec83e685df236a03296471157171e45fc876d86da156922a730e921b1db59737aa99d3c340400112561338a371d1046b32398ad4d770d08435561793bb629ea9c546540c8f54fed75b9e2e96a93bbbe986a8f4979193d7542319a3420287a1ac0a39444fc1abbf0a42bcff5cfa283d15f6c6e299a21abb3a375b3e1ddbb02e6159c9457952209b24c1bf943c54670ae8c2e47f56c96fddee1f2e1632fabde9bcd0bf1ae29eaa6cd2eba33477d8c8731f44173d7c9f6671a951d3e53e696f8f9879f9a974f7e2966e75142cda07e655b6d2eabea316f895785acf3bc931bf224e07110af85ec024d81e326efd5d258d42f731858bb0cb93c93b9030cb34b2a95e7844c018230d92b285d8cbe8bee6a92fd4243e53fa90f4635ecfdb49081d198b4146014cfc4419497fb921b2f61e23ce527374349012778e08f814df03867fee8247ee26c549c0597f94afc17d785b61e1725fa64bc12f1affe87e9117e71290bce5f75ad394817234f97c49fbc63a4d811719871c0a2d5db42d5f8ec45959a8464af57cca0566f6bd41d693f1fb5c96e4c6a6f97f50f459f7793e6046d1b535de78802b9fd9953dafe263ab3d693c0fee0283e70c610e2cfc0e3cb3854dd9d02d700eb666d80dadef740e5f274c2a8ba5fafe1898378022c3d51249710e4f4081b3e2f53670250d3ad7a06eeb02ee94505f7fc8d2c5e9a984a6ab7c1b761f517919a2f44c6bfeaf840c359627be82c08c5769921720bbd883aa74003d8dafec23f539b6b26205d931dcbd381c61430e58954ccd8bef6e8ff18243d769b9139e86d83ee72e5a8c7ac6dc0c997faf9b347947a40e7ef33686c2ee0b49d7c58148e4c8f73fcab6c5597f71feef03fc47db06955299b166bff481c71499fe92fde4e754db5ac71e1c8471ecd1d15fc9c48ce2d01fcdec9b8a9c4cd5d591f590a521dd39d3354e7e2750f7260fe89c02bb3bddd30f11be772eb95752246632df16474832514493cb6c50e8fc6b37dbc263cf970f0ab0d1221245082e91e90f55ad8354eb735038335b42e2571267b07cf71225010aab65145e443b50099b2bd4bfbf546a411e733e97d54db91e84448f966469b796425bbd144f83694b9e05b756fbba36cc6075ad8f30edb0847be6934482d6e19950af47db60a96ca5eef83faf4a1f628daa8dafc78cc2607fa0fcf6fc0ad00c64efb2c223c70bf7a8414c290d13793a5fc81b10a5bb5e8dd7ca2f81f5556d231bf2cfbf1923285aba060c1c88882107e14fddcaaf3eaea37a0bb7216050585c886b6c3fad247d85ccd458dfb746d3d0f6e517adf50a31fc96530950f186943de01ff77d98273875b727cfaf927820d52ee3a63fea63b2d39b1f2c6c2d985e62b96e4ec129207e488a2f91356ba91a8d8bd5b63718d087dfc183e56ceb924afae5f3a12d8c53bb21b8593965b1d68aa52ca985fa510d279ffc470468e3aec2d7524d80826a94e48a6ca4d11e5fc3d5776efc1a696b04c391c872eb2f42fcf6b84e6498f5d0520600f9f68a36d3c535b9d7cfc1d45415374adb90f1e6d300a99f2b5f6f77594c336ddc9b171c4875247201b05ab171a7d4418dcfffcee9996be2cd77e9d7e92965d28e1458df6d184ba7d9cd55d5994a00e692d7674f2ae01d6dd56c3e4b5aa1c0f27ae4c4cbbfe7289743b7c5f9ba7300891f4c83f414318e77de74d84d33b7f83c456e198b99d64e8b7caad5bcd618993764bb24178a990d736edf4965346c2ac76c99b22a5114ec39bc818d6a469b0d4f1aeaf955c14d7a3a5b787141d465a55d71b6138a8dc8cb1d303371c97d8479cb09545bf4a08fa99ab7ea21b3b3a95f4b052e261baf2be0131ce619ecd352904fc2486735edf6d2df283f1e2dae7432557bd8c899b397e769088797f337b3aa1867a9728148f9c63f643ce41f19906640e50764b1a6286beabe9f9e074ca60552f1212aad80b22cbbb45c6e6f00f51020df928756caa3cf374342257807d6daea4e74a79c6144fae4f78915303542b7a5d48a17179a4a43ab18631b06d81c01409277dac0d58ff48c86f679e9c0c56aa8ca6c7591078d6bee3ff9857e099145cf0775ef0ee006f9697e4c69efe0ff72543d70d8ac9faba1eec24ba9f9a3e30fa5d324ba137aaa7175a529c13a8fc321d92472c9b19c941e701f7225664b05613cb07b0705112105ab3c28b00af1b6f930f3d903ee6cc164d77d5d2a0b16667cfb6b329b53b30d8d9a826ba7430d519b1b7f537ed2df08845eb5df7737fe3554f3d96144b42bfd92cc5daab42446f3d46272a00f2457d39ef3e9ea37362d402f6287ea6f485f68ffbe383e21089c313171f6c33f8a7055299ab7cfc5d974c487d992cac1ca53c05c1e9bdb38f6ca0ed6d4e0d8ab7b6197fdd1b4b95e6a466c8d9336c571ea1743e96e0b88da75520b8adddcaa932336fa02f63ce1a7eb909507f778ca3b5f2a736f396528d06ea86f63d3e45f545d262cadd337d321023ae0e5052ba4c0028dbd19765b0097039a64d58a8998ef7afba341b42d6b227cad8f4c4025a766dee22a0cfde5f8c0581d4442a7aac906a0db5fad825611e487228aed5eec17f08d887a34d2b7c6c25f77412ee9941d5dec68a0464a1b0fd6eede1aa1b50579a93f205943dfd626204b9ca493c5aaececd17df71ac200cf7331a8bfbeddb6cd95b0b3016e56de0a9eeadf8d8c3591ae061e743f7c1ca4522bf55b2d80f3ba5df92d81433552dad6fd744ea71903b15a6374613b2a64a533cf6fa974273e7e5359f47428d7620d98d877faadad739a9a761713832ea70da990271b575e7cff075714d563b5b752ab50a7e1a1b5e689ff210503faabb37b8aa1d845825ab2488cfcb6a22010a55c4c045745f186ba8f42bc5a4dd06831da770670209ba568016459c50aef30c8aba754e341183817ad9b386e6b4e194cf66b76c9ea6313491d99d7e7a6d5c92bcec000c58794de2acfc4c490392a68f61e60bf664287e7020e4f30d897d916eb73dd4965b100f3c528cf2a46d43fca6351fc8c6c50fee04340b1f2fdf382a257eab0d964e7a2f0b1b7b9bc017117d8ebb40816b5515c88f7682c02b92b01d9fe884c963846f64800463830d83605a2ea32510dfbaaa29af264f60e8f72f307880f595715637dd799de8d77b0c7131bc04d44ce06b82a0f355e09e3d580124167e62fb12c584dc9553f3f91c86afffe6d871784c56c687b48b14bc974c65f18468eb3806be71c563a8af3075e4d9ff2c55ebab74ac4d384bc7f012dd39e373f74bab4ec597caa798112958890c00de56da95293e578490fb0e1e8fa63e1db877e75c7da1e394e37f8a971f7fe1354a800fff0c23aa66d990acf8fc7524d52a0c4f7b66459cb1811719afec92b7bd88e43569559f7f5fd41196c8ead0c70e13cb05b1155aab093a58b0d4652ce5ca005f868cf38fbefd401ddc9a747447ca6ea90b277688ef780461d14c5186b5a724cf50e5e3a7453e7ac4e79f07851317ae57911529daaa03d6745df50c78b868cb60757828b00d5215b8d67733e2ab1366afacbec2fae934460a1e364275715fc2fe5b911240d59d94084b3386d130c9f52d844858bd36c866b2ca215c02aaff1c4be7a5d2329e00e5ad58de3e87c862402ff5d3632b1f871461f57f6194057ccde4d1d4adc08b0da2778896aa95ef376c53818fafa74872e2f99af03edfe5e8d8e030816a01fa193007f84a627991f24f9054d0347082c2c27294d8bea1422b5847a3bfd2684f5708013d6f3c4d41baca139ebab799b0f2d15eeb4a5fd195b892d331bd1db3f0ec4ddc225e52ef8a326ccd4b86995bf90ceffd0a18d37806ee49d09f072ddab15df82556c459daf45705ebfd358c4eb7547add41da3364d90fcdd36759ebfeda88080a7f6d24ebb0e29e3a1b830e773a2c6d312472375b0428a221e03e2a1810a1c3cc8cde61e5359eefbb7324f4a6b04a2da87bce311a319ae8a842a518135750779d022b1a5321eb779d318d17387a7b7a739620594b090a2e550442c3debdc07a7a5283acc99539834c47ccf7635557a3066b81b32135df2e34c509dbf66dc0276e1e57977b45d77d41db78981883cf8ce8a738c04753911e957bf044e0bdbb1e9a72a7b5f884b61293e2f2756a32f6ef292a95e8484e101194a8c7e90f1e41fddf7d6af09dff5e308a2fbf5f0158d45bc87341ce3414c4b26cbc47ba43b2c2ad9ce6068df85d30fa994bf55cca9c327501c5335711988d3b4b5552c4fb9e9b6601a63cbb0a72ecdac3848ca4870814e0b8dee48a0ab5b14224c71f12cd648a3a39cba8e68f1562c1ad4966b7099015039518de65178c6a5e409166cc49d53b0f053773535421dfe289bd7c7fc2172dd4c5820ea3d2bbfd5bfd056a4d249a803440eada02f46e6fb9db13c74dad1303ca88b0a5091e196837eedd6a1dcd00e95fee39f252e3fb3afcb28d1db702bec482f19f7a5a327a522354e7bdbb3619697cd5c6e5b098b9a3c11478ef2b6467d22d0409e43bcb6552aaf47890c30077e56e77bfc53bc77fba63a324586f3172014b98dfac4ad686c83e611b89b1591a88dc4402d5cb60366455174cf0b84d0685454265a4a7d023b588ae491e6dac119433b2610170a8dc52a0c9f60cec85fe7fea415bf61e50c315b00c70a240a56345e1030731c4144d128e8dab606b1bda54874452af20ed7d6f3350b477417857884a6a6972b9696e92464b762da5739e400850df7ad82c63efb359d3a96b5a4a2f385432b6fa54c54a37678013d1774107b168b32225172d1081aa093def6e5ed6c05767128a4ebd0913ab03d200de072e81dbbc7b0c947ee3e34f6795211e632651852cb9cd7c2de1ef54d20ef625a193ed13061030c9a2e7f8c5674cbde924e25c8f97b6add0f4f89ef2b16ff418581aebd9f962f671a6adff28acf04edd01a96f69e0671780bdf40a19e9a3a235289771738cd32d1ef14509d11781d17608251fb7fa1b9d3c8646497ba0ce8890a2f0bd6e485959ceb8edf74981ef1c0ad7fc4f67bc4c941daef39fefbbdfa39979cf0e6454d565e8e90f8f4ac565a42dde87e16d4ad0977e1e67f88f560131ddaacc8a1f9db08441e6a9ddabae4b19441ef451ae9d9a854b193eb337d68830637f3ae81738bcc1a016077efe7692e146018b417d1199a14a79eecdcb00b0477f83627be935cc3a16a90b59b501d02be6091623c94f0fcf3e74616da0bbd767384c47fbe393c08c896979eef4cf1f2c6", 0x1001) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) statmount$auto(0x0, 0x0, 0xa, 0xd) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0xfffffff7effffd01, &(0x7f00000001c0)) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto_proc_projid_map_operations_base(0xffffffffffffffff, 0x0, 0x0) openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0) mincore$auto(0x1000, 0x4000000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) mmap$auto(0xfffffffffffffffe, 0x20009, 0x4000000000df, 0x12, 0x6, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) fadvise64$auto_POSIX_FADV_NOREUSE(r0, 0x3, 0xf48, 0x5) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001980)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="2f212cbd8966efb91b2e351f00000800", @ANYRES32=r5], 0x28}}, 0x4000000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r6 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000080), r2) sendmsg$auto_SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r6, 0x10, 0x70bd2d, 0x25dfdbff, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2404c840}, 0x1) ioctl$auto_USB_RAW_IOCTL_INIT(0xffffffffffffffff, 0x41015500, &(0x7f00000001c0)={"4168031fc6b5dff1b82d8e0c1552973126060dd06844709684ebbb98be094ad4840eda38c4b64f44eb4ba43c1e82b897d32859ebdc943af5d861f6db8efbb1d9cb643345fae76f8dd18a858461fd795e3cde6b33c8f24bc3f050179cd342288e9fee6a6093c07ce3a9be0de8d07826331fa4f443ac2a913ab7c5aafa556fd32b", "1da9fc0f9fb09d3ab16f0d119a4b956439365711f3a4bfeca962fbb226a360b957fc1d0d90bbc82848eb75a4ce14a8f8f1a60b6c641a16bbfdd937f2e6ea83eb06b8d537d769a3325e6a2b604054f3582c1e56947712f202c0c73215ddcee90c274b50b55ea02b25ad4100ed87156d875c9db9b9fb6a8bf6a6b460aff93f9ec5", 0x5}) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 13.468299548s ago: executing program 0 (id=2256): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000229bd70001cdddf250200020008000308"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/apparmor/current\x00', 0x141000, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) io_uring_setup$auto(0x0, 0x0) socket(0xa, 0x3, 0xff) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x3f) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0) r1 = socket(0x1b, 0x3, 0x76) madvise$auto(0x0, 0x2000040080000003, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(r1, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x10006, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x58, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x801, 0x106) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto(r2, 0x11c, 0x1, 0x0, 0x0) 10.119540572s ago: executing program 0 (id=2264): chdir$auto(0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x2, 0x73) sendto$auto(r0, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x19) (fail_nth: 13) 10.008367666s ago: executing program 1 (id=2265): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000229bd70001cdddf250200020008000308"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/apparmor/current\x00', 0x141000, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) io_uring_setup$auto(0x0, 0x0) socket(0xa, 0x3, 0xff) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x3f) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0) r1 = socket(0x1b, 0x3, 0x76) madvise$auto(0x0, 0x2000040080000003, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(r1, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x10006, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x58, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x801, 0x106) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto(r2, 0x11c, 0x1, 0x0, 0x0) 9.589554791s ago: executing program 2 (id=2267): mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x2) mmap$auto(0x0, 0x400005, 0x40df, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, r0, 0x300000000000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) r1 = socket(0x2c, 0x3, 0x0) getsockopt$auto_SO_DEBUG(r1, 0x4, 0x1, 0x0, 0x0) r2 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x18, 0x0) r3 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000080), 0x2140, 0x0) pread64$auto(r3, &(0x7f0000000140)=']}\x00', 0x101, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) io_setup$auto(0xa, &(0x7f0000000000)) mlockall$auto(0x7) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, &(0x7f00000002c0), 0x8040, 0x0) r5 = epoll_create$auto(0x8) timerfd_create$auto_CLOCK_TAI(0xb, 0x4) epoll_ctl$auto(r5, 0x1, 0x8000000000000000, 0x0) r6 = syz_genetlink_get_family_id$auto_ncsi(&(0x7f00000000c0), r2) sendmsg$auto_NCSI_CMD_SET_INTERFACE(r2, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="7dc955543a3fa100702576efe30a8b8f13017d5bd1d68eaaafaa5ab340333edec1217b96aabbef5afa08cc1e2981f8e04890d4eb8297c7a11617ac10c8a15a29a441b216a2ce0001be64af5320952f810d501820e6ca9287331c32783de86c56a1ee2f13737cad9ead03c1da679c0f6830c98229d8c2da725f37ba9ed222c2e68723252d95", @ANYRES16=r6, @ANYBLOB="10042abd7000ffdbdf250200000008000800000000000800070007000000"], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x20044044) bpf$auto(0x0, &(0x7f00000003c0)=@task_fd_query={0x5, r2, 0x454f, 0x5f, 0x0, 0x0, r2, 0x80000001}, 0x6d4) 8.175164806s ago: executing program 1 (id=2271): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) rename$auto(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file0\x00') sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) 7.879517454s ago: executing program 2 (id=2272): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(r0, 0x8, 0x0) brk$auto(0xffffffffffffff66) r3 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r4, 0x0, 0x800003, 0x270) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8003) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') getcwd$auto(0x0, 0xffffffffffffffff) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100) mlockall$auto(0x7) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x202, 0x0) ioctl$auto_SNAPSHOT_CREATE_IMAGE(r3, 0x40043311, 0x0) personality$auto(0xfffff032) ppoll$auto(&(0x7f0000001ac0)={0xffffffffffffffff, 0x9, 0x7}, 0x8, &(0x7f0000001b00)={0xf2, 0x9}, &(0x7f00000002c0)={0x10000}, 0x8) r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x40401, 0x0) ioctl$auto_USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f0000001040)={0x80, 0x6, 0xf00, 0xb205, 0x3, 0x0, 0x0}) msgctl$auto_IPC_RMID(0x1, 0x0, &(0x7f0000001600)={{0x7b0, 0x0, 0x0, 0xd, 0x3ff, 0x7, 0xb}, &(0x7f0000000400)=0x9, &(0x7f0000000440)=0x10, 0x1, 0xd80, 0x9, 0x0, 0x8000000000000000, 0x6, 0xa, 0xfff9, @raw=0x80, @raw=0x9}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004c18}, 0x8894) 7.785990629s ago: executing program 1 (id=2273): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptya5\x00', 0x62c00, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x7, 0x1, 0x1007181, 0x8a0d, 0x8, 0x7, 0x7, 0x89, 0x26, 0x4, 0x200000000000, 0xfffffffffffff343, 0xfffffffffffffffa, 0x500000000000000, 0x0, 0x0, 0xfffffffffffffffe, 0x6, 0x401, 0x22000, 0x9, 0xfffffffc, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xe, 0x0, 0x800000000]}, 0x9, 0xd) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x20001000, 0x7fb3) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) statmount$auto(&(0x7f0000000040)={0x40, @raw=0x4, 0x1, 0x7fffffffffffffff, 0x4}, &(0x7f0000000380)={0xb0, 0x8, 0x8, 0x0, 0x5, 0x426, 0x5, 0x400, 0x1, 0xffffffffffffffff, 0x0, 0xd2, 0x2, 0x2, 0x5, 0xf7, 0x7fffffff, 0x1, 0x1, 0xf, 0xffffffff, 0x0, 0x1000, 0x5, 0x3ff, 0xfffffffe, 0x8000000000000000, 0xe, 0x8, 0x10001, 0xc, [0xca, 0x3, 0x6, 0x7, 0xe, 0x5f, 0x8, 0xb, 0x5, 0x9, 0x1, 0x2, 0x100, 0x7, 0x2, 0x292, 0xff, 0x4, 0x200, 0xfffffffffffffffa, 0xffffffffffffff02, 0x9, 0xffffffffffffff01, 0xfee, 0xc63, 0x8, 0x101, 0x9, 0x6, 0x10001, 0x4, 0x933, 0x7fffffffffffffff, 0xffffffffffff0001, 0xfc, 0x4, 0x7f, 0x5, 0xf, 0x4, 0x6c6, 0xb], "983cbc65d6836704228a16450848df67b6fe7848831e34363775ee7b5cbb9ad7b89eb0b7326f8c5ce187662887eeea9e6016d19f562e7e31ff587f3f61239cd8cb3e5930ea20a7d923f0e84a7dfe37162b9d4d9a424ea3a0"}, 0x7ff, 0xfffffffc) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000080004000900000008000200", @ANYRES32=0x0, @ANYBLOB="08000400f3f2c2"], 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x40090) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082dbd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100aaaaaaaaaa35000008000200", @ANYRES32=r0, @ANYBLOB="060006000500dfff08000d"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') mmap$auto(0x0, 0x9, 0x2, 0x9b72, 0x2, 0x8000000000008000) socketpair$auto(0x2000100, 0x5, 0x5, 0x0) open(0x0, 0x22240, 0x155) 5.730255357s ago: executing program 5 (id=2277): mmap$auto(0x0, 0x10005, 0x1, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) socket(0xf, 0x3, 0x2) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x101a02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000001c0)={{@inferred, 0x9, 0x5, 0x2, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa0000000000040000660e0701000000000000008000"}, 0x8, 0x0, 0x4, @inferred, @integer64={0x100000008f1, 0x5, 0x4}, "a4699d30a05edbe0d28473c399a7dc1d7de94b4123f970bedd3460c667373fcc66b584d81592f6ab606c276807000000000000006e76803400"}) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x20c01, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) ioctl$auto(0x3, 0x541e, 0x38) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x31, 0x8000, 0x1ffde, 0x1, 0x2, 0x1, 0x9, 0x3, 0x5, 0x8, 0x3002, 0x9, 0xb, 0x80010002, 0x80, 0xd8f9, 0x0, 0x7, 0x2, 0x203, 0x400, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1000"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008000) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NBD_CMD_DISCONNECT(r1, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c220000", @ANYRES16=0x0, @ANYBLOB="010028bd7000fcdbdf25020000000800010070840000"], 0x1c}, 0x1, 0x0, 0x0, 0x20044800}, 0x4000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r2 = socket(0x10, 0x2, 0x0) recvmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000380)="56d5d65039f2b8dcc12121f4e85aac374bb4622b9f59e9a7a4df75d223c91186793f81e5326a94e5a696f5b8b542cd6a99c3ff697c43b18b8521e1e9f6353eb2b1a92db647", 0x2b30, &(0x7f00000000c0)={&(0x7f0000000040)="a673b4d17eec", 0x10}, 0x9, &(0x7f0000000440)="522ddd308a49b4168ae4b0cfed1ed728d911db2c99f5706e08d00aee2f837aa01e0a2e726554f6d624f085fd1d99e8500d01200d1a81aa121221762e80a24ad4da6ce974a54f14267100a2d32e0afc66b274dd", 0x629db8e4, 0xd5}, 0x80000001}, 0x5, 0x5, &(0x7f00000004c0)={0x7, 0x7ede}) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0xfc, &(0x7f0000000100)={0x0, 0xfc6}, 0x2, 0x0, 0x7, 0x3}, 0x800}, 0x7, 0x4008) ioctl$auto(0xffffffffffffffff, 0x900064b7, 0xffffffffffffffff) shmctl$auto_SHM_STAT_ANY(0x7, 0xf, &(0x7f0000000300)={{0x3fe, 0xee00, 0xffffffffffffffff, 0x9, 0xc53a, 0x29, 0xe}, 0x4, 0xffffffffffffffff, 0xff, 0x81, @raw=0x1, @raw=0x3, 0x0, 0x0, 0x0, 0x0}) fchown$auto(0xffffffffffffffff, 0xee00, 0x0) r3 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r3, 0x40186f40, 0x0) ioctl$auto_UBI_IOCDET(r3, 0x40046f41, 0x0) 5.308996622s ago: executing program 1 (id=2278): adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0xffffffffffffff7f, 0x368e, 0x2, {0xffffffff, 0x20000000010000}, 0x5, 0x6, 0xfffffffffffffffd, 0x7, 0x0, 0x9, 0x81, 0xffffffffffff628e, 0xa747, 0xdead, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x141300, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) futex_wake$auto(0x0, 0x5, 0x4, 0x8b) ioctl$auto_XFS_IOC_ALLOCSP(0xffffffffffffffff, 0x4030580a, &(0x7f0000000440)={0xfff, 0x1, 0x1, 0x2, 0x7, 0xffffffffffffffff}) inotify_init1$auto(0x0) syz_clone3(0x0, 0x0) r0 = socket(0x22, 0x2, 0x4) write$auto(r0, 0x0, 0x2fb) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer\x00', 0x121002, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/if_inet6\x00', 0x440, 0x0) pread64$auto(r2, 0x0, 0x10001, 0x830) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/phonet\x00', 0x42000, 0x0) bpf$auto(0x1, &(0x7f0000000100)=@link_detach, 0x6f4) write$auto(r1, 0x0, 0x100) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x1d, 0xa, 0xa76) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x1a1842, 0x0) write$auto(r3, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) clock_settime$auto(0x0, &(0x7f0000000000)={0x100000004, 0x8}) adjtimex$auto(0x0) read$auto(0x3, 0x0, 0x80) 4.929011599s ago: executing program 1 (id=2279): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = memfd_create$auto(0x0, 0x0) fcntl$auto(0xff80000000000000, 0x409, 0x13) fallocate$auto(r0, 0x3, 0x2, 0x4) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x106) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) r3 = socket(0x18, 0xa, 0x1) close_range$auto(0x2, 0x8000, 0x0) socket(0x1, 0x5, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/ipc\x00') socket(0x80000000000000a, 0x2, 0x0) bpf$auto(0x0, &(0x7f0000000300)=@link_update={r3, @new_prog_fd=r2, 0x100, @old_map_fd=r2}, 0x10) bpf$auto(0x3, &(0x7f0000000340)=@enable_stats={0x5}, 0x3) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r4, &(0x7f0000000300)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x6) bpf$auto(0x1, 0x0, 0x98) fcntl$auto(r1, 0x400, 0x1) mremap$auto(0x1ff000, 0xff, 0x843, 0x3, 0xfffff000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 4.48020745s ago: executing program 5 (id=2280): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) write$auto(0x3, 0x0, 0xfdef) socket(0x10, 0x2, 0x6) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x109a81, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0x4, 0x3) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) 4.064824406s ago: executing program 2 (id=2281): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000001940), 0x80643, 0x0) ioctl$auto_SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309, 0x0) socket(0x11, 0x3, 0x9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vhci_hcd.1/usb12/12-0:1.0/usb12-port5/power/runtime_status\x00', 0x48a900, 0x0) write$auto(r1, &(0x7f0000000140)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) get_robust_list$auto(0x0, 0x0, 0x0) io_uring_setup$auto(0x1, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0xa) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/id\x00', 0x0, 0x0) pread64$auto(r3, 0x0, 0x200000000003, 0x2f4a3a23) socket(0x2, 0x5, 0x0) rseq$auto(&(0x7f0000000040)={0x4, 0x3, 0x401, 0x2b2, 0xc0, 0xffffffff, "854f65fa0c191a89b50bfd68819ee59b0142e8a85edf36c80ce4ebbe1aeb199ff7692e00b5c0a148ff4000004ad048e1e095d52839a4487357d07230b7cd12b6affbeab99d7d74d9c7545a80995ff47dcf0ad6e1c2c56f8f2dee478a4a935c280000000000"}, 0x40000001, 0x9, 0x1) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfdf3) ioctl$auto(0xffffffffffffffff, 0x4b4b, 0xffffffffffffffff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb5, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) 3.759119071s ago: executing program 2 (id=2282): openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) memfd_secret$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket(0x2a, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b10000", @ANYBLOB="01002dbd"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES8=r2, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef) 3.70025567s ago: executing program 1 (id=2283): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8800, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000140)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf25040000002d008479f92a9b221ca46c2d19fda4f47902c296d9004c12cd83f712d3c41e5d00000010001a80080001008703000004000480eb31de9f0bc3808c6da4d66b15c7dfc147023cc01ec471d01a465338e29df9f8449925fbac9012b6797b494ede7978b5cef939573920572a61ea1d54293179b4ea732c6258a534a06ff433b631b14e88b3aab173c1d8236a0d7809e8a022bc8ee47c297e3c7db62b5100000000000000008355c15076894dcedfebeda812b3dbc26cd9c82635ffff21a53cd52525e8eb8e3a39a765ec40531942d4fc9cdc785557004f8deb1f752cb49dae5e8461d7804b44cfb5037e5d3ac1a555247f5d3e3ae625d00a1917c3986de7adb1eed2bad7e31e90"], 0x54}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x20004000) unshare$auto(0x40000080) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) write$auto_tomoyo_operations_securityfs_if(r2, &(0x7f0000000100)="0a1b9a2f5c7b0f8262cd0a", 0xb) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, 0x0) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) 3.500786773s ago: executing program 2 (id=2284): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_DELETE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x20, 0x0, 0x9, 0x70bd27, 0x25dfdbfb, {}, [@NET_SHAPER_A_IFINDEX={0x8, 0x8, r1}, @NET_SHAPER_A_HANDLE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0xc050) msgctl$auto_IPC_INFO(0xa2, 0x3, &(0x7f0000000480)={{0x9, 0xee00, 0xee00, 0x80, 0x7, 0xff, 0x9}, &(0x7f0000000400)=0x1, &(0x7f0000000440)=0xf8, 0x7fffffff0000, 0x8, 0x2, 0x10001, 0x7fff, 0x101, 0x6, 0x7, @raw=0x3, @raw=0x9}) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000500)={&(0x7f0000001180)={0x43c, 0x0, 0x20, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_FEATURES_HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x800}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}]}, @ETHTOOL_A_FEATURES_HEADER={0x4}, @ETHTOOL_A_FEATURES_WANTED={0xab, 0x3, 0x0, 0x1, [@typed={0x8, 0x82, 0x0, 0x0, @fd}, @typed={0x4, 0x76}, @generic="dd5e042e7d724fcdf60102682665caa6e477933811757efea36c7528fa0e0f8858ab262fc19dd7e16106c536ed99c8c58def6ef1a32b5c9ecc059c63c02ff2183615338c0bf2d72eb8acbbc0d58be28622ab3a3f0629a300cb10e9aca53b5eb1f3afaad9c2cc2c9ea80af4922a86ad8811e04b25836ca0471ea5a3a481daa1178ad0ba26c4f63b9e6c83b59c72bc1025078b3dd77b82a354663d3c"]}, @ETHTOOL_A_FEATURES_WANTED={0x1f5, 0x3, 0x0, 0x1, [@typed={0x8, 0x3d, 0x0, 0x0, @fd}, @nested={0x193, 0x151, 0x0, 0x1, [@nested={0x4, 0xb9}, @generic="c60ab7598a36482a2b0bee505c71ad88ce4c0155189947de41c21ba34f55003d0f27575e6491075486ac69c415e83987628e88d6bfc2870b47fbf2458047f523b12ee971996115557783e79d9bc76c396b9c41dc10b3f6184edd70dfe33e3ab388de0518c186553717afa8f96a03496dbf7b7fe468accd588a78cd29f57ea4ae6d0000d8cef96d1be26f53cd75469657f077822805a8bdd120954ee00326b7df2b19c5e01372df1a4b433ee61ac03f9ce3c857f8be65b0f6fb0f5876b7a0d0c47f2583d3762313f95d4a35276a7eef23a8dc8e8f09d783ca7a8fb51f1f29f78d8674b4610c518f85e3ebb41d336558cc632fec53e7b2c9bfea5d1fb4b52670096db00ecdad1d17dfdf122d5fcec24a4d3177d5f777ae7712ae519ef4ea82b8ed92cd22b9f3c68c1ac5f1711214342bd9815c541d56a6d7a94832192949fbc908d6fa683873314bb787b86b81ebfbbe86c018d994de130c5d5d064d08250e7866b204544cf8fbdcc45deb66cb7c18e9e112f121c688dce4", @typed={0x14, 0xde, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}]}, @typed={0x8, 0x132, 0x0, 0x0, @fd}, @typed={0x14, 0x6e, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @typed={0x8, 0x71, 0x0, 0x0, @uid=r2}, @generic="9943e47f2fb1e7eced77bcf6548d1515a2ae0f0ad6abe49e326171252da613cbbdd4254a7b01952918d45f1d42459dba94"]}, @ETHTOOL_A_FEATURES_WANTED={0xfc, 0x3, 0x0, 0x1, [@generic="7d7747a99de0aa50e524222c17c9f1839ea1365718e7b2236b5da8569066653e435ad7359e9258d932ed9b4fc457753fc14b41086e3345660574a9abf8ae1b6312d15f3b0bcf72e6b637dfcde617826fb3cea81ee10a2af8b9cae2717fc5e4a130e2be84b5897eadced0598823d859d98ad564e1f5900b449111", @generic="99748891cc64fbc0cfc907bcd38b451239202949183992fea8e14d0039fe848299f3c1cd8e6fa95fcb30309c1a1732dcf74aa77395397ee35d3dff225506624955c4fb5231dec41c79fdbe297fc11b082eb906428d51f77a46fa770f81d4163aebfd68e8ece44de4f6645848c5ea91884819cb5d241839f6b43657e35d41"]}]}, 0x43c}, 0x1, 0x0, 0x0, 0x24000000}, 0x48000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x4000000, 0xffffffffffff0085, 0x1004) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) dup$auto(0xffffffffffffffff) socket(0x2, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x4, 0xda, 0x948b, 0x0, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000005, 0x7, 0x4, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000080)='/dev/audio1\x00', 0x100000a3d9) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r4 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r4, 0x400, 0x1) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) execve$auto(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r5, &(0x7f0000000180)=""/250, 0xfa) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000100)={"fda256c4", 0x3, 0x6, 0x4, 0x9b4, 0x9, "0800aafc241cd010c7543bfbca2ce1", "0200", '\x00\x00 \x00', "2ff43123", ['\x00', "f8ff0b00fbf2ffff0000b401", "0004154db00b0004000400", "5fe10eedab2c4b353c392a92"]}) r6 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r6, 0x0, 0x4) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.362599961s ago: executing program 5 (id=2285): mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r0, 0x0, 0x400) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) sysfs$auto(0x1, 0x10000000000048, 0x0) r2 = openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x81, 0x0) ioctl$auto(0x3, 0x40a0ae49, r2) madvise$auto(0x0, 0x2000040080000004, 0xe) 2.999396379s ago: executing program 5 (id=2286): r0 = syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$auto_BLKDISCARD(0xffffffffffffffff, 0x1277, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) semctl$auto(0x7, 0x2, 0x13, 0x1) r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) ioctl$auto_FIOQSIZE(r1, 0x5460, 0xff) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x121000, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000200)="28e8c72c2dd055cfd40ee29ebf0b181346ba646678c8916be0cb675a3379710bc4384e23be503eaba96d066227102234e7d0e56411026b0faa54455c4417807a30760b3904b40ca78875e28d1d9f9d4ff5c0e4d4bc7192dd7981fca937961b356deb2768e368a77690d73f84d02f4de2637493e6f8692a039c92784199bca4ea40838c9b242dab602f0fe10c82ab2284309eac0efd0640853b61f84861e948eff6ca09834117acaf45b43af7b1446133670d6ebd0635875a490283a65f639592") close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x400d01, 0x0) r4 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r3, 0x4b72, r4) ptrace$auto(0x10, r0, 0x4, 0x8000040006) 2.318069092s ago: executing program 5 (id=2287): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) r1 = setfsuid$auto(0x0) setuid$auto(r1) ioprio_set$auto(0xffff99af, r1, 0x7) r2 = getegid() msgctl$auto(0x8, 0x8, &(0x7f0000000180)={{0x8, 0xffffffffffffffff, r2, 0x7ff, 0x2, 0x4c4, 0x2}, 0x0, &(0x7f0000000140)=0x2, 0x8, 0x8000, 0x96e, 0x5, 0x8, 0x7, 0x6c, 0x3, @raw=0x9, @raw=0x7}) keyctl$auto(0x7, r1, r1, r2, 0x9) read$auto(r0, 0x0, 0x1f42) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x942c2, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(r4, 0xae03, 0xb9) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) writev$auto(r3, &(0x7f00000000c0)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2000d, 0xdf, 0xeb5, r4, 0x5) close_range$auto(0x2, 0xffffffffffffffff, 0x2) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/pci0000:00/0000:00:02.0/graphics/fb1/power/runtime_status\x00', 0x185202, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000001100)=""/4106, 0x100a) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) socket(0x10, 0x2, 0x4) socket(0x11, 0x80003, 0x300) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x401, 0x8, 0xfe, 0x6fb3, 0x8a, 0x9, 0xffffffffffffffff, [0x100, 0x9, 0x7f], {0x2, 0x7, 0x3032, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0xf08a2b3}, {0x0, 0xfc, 0x6, 0x0, 0x0, 0xf89, 0x9, 0x837, 0x8}}) setresuid$auto(0x2, 0x7, 0x8080) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'dummy0\x00'}) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) 1.528811436s ago: executing program 5 (id=2288): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd13/queue/scheduler\x00', 0x2c62, 0x0) write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x100010008000) unshare$auto(0x40000080) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) io_uring_setup$auto(0x59, 0x0) r2 = getpid() process_vm_readv$auto(r2, 0x0, 0x800000001, 0x0, 0x6, 0x0) socket(0xa, 0x2, 0x0) setsockopt$auto(r1, 0x2d, 0xa, 0x0, 0x56c) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) pread64$auto(r3, 0x0, 0x1, 0x5) r4 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, 0x0, 0xa0100, 0x0) lseek$auto(r4, 0x0, 0x3) semget$auto(0x2, 0x9, 0xa64) memfd_create$auto(0x0, 0x9) open(0x0, 0x0, 0x408) r5 = openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, 0x0, 0x22202, 0x0) mmap$auto(0x0, 0x6, 0x7, 0xefb3, 0x401, 0x8200) rseq$auto(0x0, 0x6, 0x3, 0xff) close_range$auto(0x2, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0x4000000f, 0x550, 0x501, 0x81, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) io_uring_register$auto(0x2, 0x12, 0x0, 0x0) read$auto(r5, 0x0, 0x8) socket(0x1a, 0x3, 0x9) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) 0s ago: executing program 2 (id=2289): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x8) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="120027", @ANYBLOB="5de1523353782950330a"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x6000000, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): 007f2542d8eec9 [ 598.040212][T14127] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 598.040227][T14127] RBP: 00007f2542e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 598.040242][T14127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 598.040256][T14127] R13: 00007f2542fe65d8 R14: 00007f2542fe6540 R15: 00007ffcf86238d8 [ 598.040290][T14127] [ 598.448560][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.146030][T14151] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1792'. [ 599.199652][T14151] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1792'. [ 601.604551][T14212] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1805'. [ 601.871258][T14218] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 603.687959][T14218] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 603.706166][T14218] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 603.716267][T14218] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 603.728527][T14218] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 603.755509][T14235] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 604.215919][T11898] Bluetooth: hci0: command 0x0c1a tx timeout [ 605.028987][T14263] ICMPv6: process `syz.2.1815' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 605.736420][T11898] Bluetooth: hci3: command 0x0c1a tx timeout [ 605.743017][T12773] Bluetooth: hci2: command 0x0c1a tx timeout [ 605.815902][T11898] Bluetooth: hci1: command 0x0c1a tx timeout [ 605.940480][T14276] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1817'. [ 606.444737][T14277] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1817'. [ 606.627727][T14276] FAULT_INJECTION: forcing a failure. [ 606.627727][T14276] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 606.776052][T14276] CPU: 1 UID: 0 PID: 14276 Comm: syz.0.1817 Not tainted syzkaller #0 PREEMPT(full) [ 606.776084][T14276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 606.776098][T14276] Call Trace: [ 606.776107][T14276] [ 606.776117][T14276] dump_stack_lvl+0x16c/0x1f0 [ 606.776149][T14276] should_fail_ex+0x512/0x640 [ 606.776181][T14276] _copy_from_iter+0x29f/0x1720 [ 606.776214][T14276] ? __alloc_skb+0x200/0x380 [ 606.776239][T14276] ? __pfx__copy_from_iter+0x10/0x10 [ 606.776270][T14276] ? __pfx___might_resched+0x10/0x10 [ 606.776295][T14276] ? __lock_acquire+0xb97/0x1ce0 [ 606.776349][T14276] netlink_sendmsg+0x829/0xdd0 [ 606.776382][T14276] ? __pfx_netlink_sendmsg+0x10/0x10 [ 606.776414][T14276] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 606.776449][T14276] ____sys_sendmsg+0xa98/0xc70 [ 606.776515][T14276] ? copy_msghdr_from_user+0x10a/0x160 [ 606.776541][T14276] ? __pfx_____sys_sendmsg+0x10/0x10 [ 606.776579][T14276] ? __pfx__kstrtoull+0x10/0x10 [ 606.776618][T14276] ___sys_sendmsg+0x134/0x1d0 [ 606.776647][T14276] ? __pfx____sys_sendmsg+0x10/0x10 [ 606.776691][T14276] ? find_held_lock+0x2b/0x80 [ 606.776737][T14276] __sys_sendmmsg+0x200/0x420 [ 606.776768][T14276] ? __pfx___sys_sendmmsg+0x10/0x10 [ 606.776807][T14276] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 606.776845][T14276] ? fput+0x9b/0xd0 [ 606.776877][T14276] ? ksys_write+0x1ac/0x250 [ 606.776904][T14276] ? __pfx_ksys_write+0x10/0x10 [ 606.776938][T14276] __x64_sys_sendmmsg+0x9c/0x100 [ 606.776964][T14276] ? lockdep_hardirqs_on+0x7c/0x110 [ 606.776988][T14276] do_syscall_64+0xcd/0x4c0 [ 606.777018][T14276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.777043][T14276] RIP: 0033:0x7f2542d8eec9 [ 606.777063][T14276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 606.777084][T14276] RSP: 002b:00007f2543c87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 606.777106][T14276] RAX: ffffffffffffffda RBX: 00007f2542fe5fa0 RCX: 00007f2542d8eec9 [ 606.777122][T14276] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 606.777138][T14276] RBP: 00007f2543c87090 R08: 0000000000000000 R09: 0000000000000000 [ 606.777154][T14276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 606.777169][T14276] R13: 00007f2542fe6038 R14: 00007f2542fe5fa0 R15: 00007ffcf86238d8 [ 606.777204][T14276] [ 607.063665][T14282] netlink: 'syz.1.1819': attribute type 4 has an invalid length. [ 607.072256][T14282] netlink: 'syz.1.1819': attribute type 1 has an invalid length. [ 607.137598][T14282] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 607.288911][T14285] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 607.453989][T14297] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 607.500395][T14301] serio: Serial port pty6 [ 607.527094][T14302] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1820'. [ 608.490596][T14310] kfence: disabled [ 609.100508][T14285] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 609.126156][T14285] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 609.139405][T14285] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 609.145560][T14285] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 609.298273][T14305] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 609.301803][T14325] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1828'. [ 609.413619][T14325] veth0_vlan: entered allmulticast mode [ 609.656194][T11898] Bluetooth: hci0: command 0x0c1a tx timeout [ 609.817315][T14338] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 610.038699][T14344] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1833'. [ 611.186137][T12773] Bluetooth: hci3: command 0x0c1a tx timeout [ 611.192200][T12773] Bluetooth: hci2: command 0x0c1a tx timeout [ 611.198516][T11898] Bluetooth: hci1: command 0x0c1a tx timeout [ 611.300901][T14356] netlink: 334 bytes leftover after parsing attributes in process `syz.4.1834'. [ 611.553857][T14360] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 612.248063][T14358] nbd: socks must be embedded in a SOCK_ITEM attr [ 612.527461][T14365] netlink: 206 bytes leftover after parsing attributes in process `syz.1.1836'. [ 615.038866][T14403] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 615.349068][T14401] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1846'. [ 616.067688][T14422] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 616.364538][T14403] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 616.373330][T14403] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 616.384799][T14403] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 616.391756][T14403] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 616.409697][T14411] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 616.867210][T14441] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 617.499613][T12773] Bluetooth: hci0: command 0x0c1a tx timeout [ 617.976491][T14454] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 618.381231][T12773] Bluetooth: hci2: command 0x0c1a tx timeout [ 618.467608][T12773] Bluetooth: hci1: command 0x0c1a tx timeout [ 618.473686][T12773] Bluetooth: hci3: command 0x0c1a tx timeout [ 620.015278][T14454] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 620.031836][T14454] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 620.082887][T14485] serio: Serial port pty6 [ 620.139572][T11898] Bluetooth: hci0: command 0x0c1a tx timeout [ 620.214492][T14454] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 620.253154][T14454] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 620.263044][T14472] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR [ 620.424898][T14503] netlink: 'syz.2.1863': attribute type 5 has an invalid length. [ 620.587884][T14507] MTRR 1 not used [ 620.865925][T14512] FAULT_INJECTION: forcing a failure. [ 620.865925][T14512] name failslab, interval 1, probability 0, space 0, times 0 [ 621.140482][T14512] CPU: 1 UID: 0 PID: 14512 Comm: syz.1.1866 Not tainted syzkaller #0 PREEMPT(full) [ 621.140526][T14512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 621.140541][T14512] Call Trace: [ 621.140550][T14512] [ 621.140559][T14512] dump_stack_lvl+0x16c/0x1f0 [ 621.140594][T14512] should_fail_ex+0x512/0x640 [ 621.140621][T14512] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 621.140655][T14512] should_failslab+0xc2/0x120 [ 621.140687][T14512] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 621.140714][T14512] ? __pfx___might_resched+0x10/0x10 [ 621.140740][T14512] ? __anon_vma_prepare+0x344/0x5e0 [ 621.140771][T14512] __anon_vma_prepare+0x344/0x5e0 [ 621.140797][T14512] ? __filemap_get_folio+0x32b/0xc30 [ 621.140832][T14512] __vmf_anon_prepare+0x11c/0x240 [ 621.140870][T14512] hugetlb_fault+0x1ba4/0x2f40 [ 621.140903][T14512] ? __pfx_hugetlb_fault+0x10/0x10 [ 621.140942][T14512] ? find_vma+0xbf/0x140 [ 621.140971][T14512] ? __pfx_find_vma+0x10/0x10 [ 621.141006][T14512] handle_mm_fault+0xbfa/0xd10 [ 621.141033][T14512] ? trace_raw_output_exceptions+0x131/0x150 [ 621.141074][T14512] do_user_addr_fault+0x7a6/0x1370 [ 621.141101][T14512] ? rcu_is_watching+0x12/0xc0 [ 621.141131][T14512] exc_page_fault+0x5c/0xb0 [ 621.141158][T14512] asm_exc_page_fault+0x26/0x30 [ 621.141182][T14512] RIP: 0010:__put_user_8+0xd/0x20 [ 621.141208][T14512] Code: 89 01 31 c9 0f 01 ca e9 41 68 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca e9 16 68 03 00 66 0f 1f 44 00 00 90 90 90 [ 621.141231][T14512] RSP: 0018:ffffc90003e97e28 EFLAGS: 00050246 [ 621.141251][T14512] RAX: 0000000000001018 RBX: 0000000000000000 RCX: 0000000000000000 [ 621.141267][T14512] RDX: ffff88802b981e00 RSI: ffffffff8243d8d5 RDI: ffffffff8bcfa140 [ 621.141284][T14512] RBP: ffff8880343d0158 R08: 255fd69911439148 R09: 0000000000000001 [ 621.141300][T14512] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff920007d2fc7 [ 621.141316][T14512] R13: 0000000000000000 R14: 000000008008b70d R15: dffffc0000000000 [ 621.141342][T14512] ? ns_ioctl+0x555/0x10d0 [ 621.141375][T14512] ns_ioctl+0x560/0x10d0 [ 621.141401][T14512] ? __pfx_ns_ioctl+0x10/0x10 [ 621.141427][T14512] ? __fget_files+0x20e/0x3c0 [ 621.141457][T14512] ? __pfx_ns_ioctl+0x10/0x10 [ 621.141489][T14512] __x64_sys_ioctl+0x18e/0x210 [ 621.141534][T14512] do_syscall_64+0xcd/0x4c0 [ 621.141563][T14512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.141587][T14512] RIP: 0033:0x7fcaf018eec9 [ 621.141606][T14512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.141627][T14512] RSP: 002b:00007fcaf10be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 621.141646][T14512] RAX: ffffffffffffffda RBX: 00007fcaf03e5fa0 RCX: 00007fcaf018eec9 [ 621.141663][T14512] RDX: 0000000000000000 RSI: 000000008008b70d RDI: 0000000000000003 [ 621.141679][T14512] RBP: 00007fcaf10be090 R08: 0000000000000000 R09: 0000000000000000 [ 621.141695][T14512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 621.141710][T14512] R13: 00007fcaf03e6038 R14: 00007fcaf03e5fa0 R15: 00007ffc7a330098 [ 621.141746][T14512] [ 622.060538][T11898] Bluetooth: hci2: command 0x0c1a tx timeout [ 622.220586][T11898] Bluetooth: hci3: command 0x0c1a tx timeout [ 622.301166][T11898] Bluetooth: hci1: command 0x0c1a tx timeout [ 622.484658][T14528] FAULT_INJECTION: forcing a failure. [ 622.484658][T14528] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 622.498607][T14528] CPU: 1 UID: 0 PID: 14528 Comm: syz.0.1871 Not tainted syzkaller #0 PREEMPT(full) [ 622.498628][T14528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 622.498638][T14528] Call Trace: [ 622.498644][T14528] [ 622.498650][T14528] dump_stack_lvl+0x16c/0x1f0 [ 622.498673][T14528] should_fail_ex+0x512/0x640 [ 622.498695][T14528] _copy_to_user+0x32/0xd0 [ 622.498714][T14528] simple_read_from_buffer+0xcb/0x170 [ 622.498731][T14528] proc_fail_nth_read+0x197/0x240 [ 622.498749][T14528] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 622.498767][T14528] ? rw_verify_area+0xcf/0x6c0 [ 622.498783][T14528] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 622.498800][T14528] vfs_read+0x1e1/0xcf0 [ 622.498819][T14528] ? __pfx___mutex_lock+0x10/0x10 [ 622.498836][T14528] ? __pfx_vfs_read+0x10/0x10 [ 622.498858][T14528] ? __fget_files+0x20e/0x3c0 [ 622.498879][T14528] ksys_read+0x12a/0x250 [ 622.498896][T14528] ? __pfx_ksys_read+0x10/0x10 [ 622.498918][T14528] do_syscall_64+0xcd/0x4c0 [ 622.498935][T14528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.498950][T14528] RIP: 0033:0x7f2542d8d8dc [ 622.498963][T14528] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 622.498977][T14528] RSP: 002b:00007f2543c87030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 622.498991][T14528] RAX: ffffffffffffffda RBX: 00007f2542fe5fa0 RCX: 00007f2542d8d8dc [ 622.499001][T14528] RDX: 000000000000000f RSI: 00007f2543c870a0 RDI: 0000000000000004 [ 622.499010][T14528] RBP: 00007f2543c87090 R08: 0000000000000000 R09: 0000000000000000 [ 622.499019][T14528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 622.499027][T14528] R13: 00007f2542fe6038 R14: 00007f2542fe5fa0 R15: 00007ffcf86238d8 [ 622.499046][T14528] [ 622.711904][T14532] netlink: 'syz.0.1872': attribute type 1 has an invalid length. [ 623.351602][T14541] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 624.225486][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.232009][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.583687][T14541] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 625.583920][T14541] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 625.584113][T14541] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 625.584296][T14541] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 625.591694][T14547] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR [ 625.723340][T12773] Bluetooth: hci0: command 0x0c1a tx timeout [ 627.674409][T12773] Bluetooth: hci1: command 0x0c1a tx timeout [ 627.680487][T12773] Bluetooth: hci3: command 0x0c1a tx timeout [ 627.686738][T11898] Bluetooth: hci2: command 0x0c1a tx timeout [ 628.275086][T14581] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1881'. [ 628.353728][T14581] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 629.733856][T14588] FAULT_INJECTION: forcing a failure. [ 629.733856][T14588] name failslab, interval 1, probability 0, space 0, times 0 [ 629.981851][T14588] CPU: 0 UID: 0 PID: 14588 Comm: syz.0.1882 Not tainted syzkaller #0 PREEMPT(full) [ 629.981890][T14588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 629.981907][T14588] Call Trace: [ 629.981918][T14588] [ 629.981929][T14588] dump_stack_lvl+0x16c/0x1f0 [ 629.981966][T14588] should_fail_ex+0x512/0x640 [ 629.981996][T14588] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 629.982033][T14588] should_failslab+0xc2/0x120 [ 629.982068][T14588] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 629.982102][T14588] ? vm_area_dup+0x27/0x8d0 [ 629.982142][T14588] vm_area_dup+0x27/0x8d0 [ 629.982173][T14588] __split_vma+0x18e/0x1070 [ 629.982209][T14588] ? __pfx___split_vma+0x10/0x10 [ 629.982237][T14588] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 629.982286][T14588] vms_gather_munmap_vmas+0x3b1/0x1340 [ 629.982324][T14588] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 629.982377][T14588] do_vmi_align_munmap+0x27c/0x7d0 [ 629.982412][T14588] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 629.982494][T14588] do_vmi_munmap+0x204/0x3e0 [ 629.982529][T14588] move_vma+0xb67/0x1780 [ 629.982566][T14588] ? __pfx_move_vma+0x10/0x10 [ 629.982600][T14588] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 629.982650][T14588] ? vrm_set_new_addr+0x208/0x290 [ 629.982683][T14588] mremap_to+0x1b7/0x450 [ 629.982714][T14588] do_mremap+0x13b0/0x2030 [ 629.982746][T14588] ? futex_private_hash_put+0xe0/0x300 [ 629.982788][T14588] ? __pfx_do_mremap+0x10/0x10 [ 629.982826][T14588] ? do_writev+0x218/0x340 [ 629.982864][T14588] __do_sys_mremap+0x119/0x170 [ 629.982893][T14588] ? __pfx___do_sys_mremap+0x10/0x10 [ 629.982934][T14588] ? __x64_sys_futex+0x1e0/0x4c0 [ 629.982989][T14588] do_syscall_64+0xcd/0x4c0 [ 629.983021][T14588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.983048][T14588] RIP: 0033:0x7f2542d8eec9 [ 629.983071][T14588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 629.983098][T14588] RSP: 002b:00007f2543c87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 629.983125][T14588] RAX: ffffffffffffffda RBX: 00007f2542fe5fa0 RCX: 00007f2542d8eec9 [ 629.983150][T14588] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 629.983168][T14588] RBP: 00007f2542e11f91 R08: 0000000100000000 R09: 0000000000000000 [ 629.983186][T14588] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 629.983202][T14588] R13: 00007f2542fe6038 R14: 00007f2542fe5fa0 R15: 00007ffcf86238d8 [ 629.983239][T14588] [ 630.228567][ C0] vkms_vblank_simulate: vblank timer overrun [ 631.176315][T14599] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1884'. [ 631.665420][T14308] syz.0.1822 (14308) used greatest stack depth: 19320 bytes left [ 632.217925][T14612] FAULT_INJECTION: forcing a failure. [ 632.217925][T14612] name failslab, interval 1, probability 0, space 0, times 0 [ 632.390907][T14612] CPU: 1 UID: 0 PID: 14612 Comm: syz.0.1887 Not tainted syzkaller #0 PREEMPT(full) [ 632.390942][T14612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 632.390958][T14612] Call Trace: [ 632.390967][T14612] [ 632.390977][T14612] dump_stack_lvl+0x16c/0x1f0 [ 632.391010][T14612] should_fail_ex+0x512/0x640 [ 632.391038][T14612] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 632.391073][T14612] should_failslab+0xc2/0x120 [ 632.391107][T14612] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 632.391138][T14612] ? security_file_alloc+0x34/0x2b0 [ 632.391178][T14612] security_file_alloc+0x34/0x2b0 [ 632.391212][T14612] init_file+0x93/0x4c0 [ 632.391246][T14612] alloc_empty_file+0x73/0x1e0 [ 632.391283][T14612] alloc_file_pseudo+0x13a/0x230 [ 632.391321][T14612] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 632.391357][T14612] ? alloc_fd+0x471/0x7d0 [ 632.391390][T14612] sock_alloc_file+0x50/0x210 [ 632.391428][T14612] __sys_socket+0x1c0/0x260 [ 632.391465][T14612] ? __pfx___sys_socket+0x10/0x10 [ 632.391498][T14612] ? __pfx___x64_sys_open+0x10/0x10 [ 632.391532][T14612] __x64_sys_socket+0x72/0xb0 [ 632.391564][T14612] ? lockdep_hardirqs_on+0x7c/0x110 [ 632.391590][T14612] do_syscall_64+0xcd/0x4c0 [ 632.391620][T14612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.391645][T14612] RIP: 0033:0x7f2542d8eec9 [ 632.391666][T14612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 632.391691][T14612] RSP: 002b:00007f2543c87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 632.391723][T14612] RAX: ffffffffffffffda RBX: 00007f2542fe5fa0 RCX: 00007f2542d8eec9 [ 632.391742][T14612] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 632.391758][T14612] RBP: 00007f2542e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 632.391775][T14612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 632.391791][T14612] R13: 00007f2542fe6038 R14: 00007f2542fe5fa0 R15: 00007ffcf86238d8 [ 632.391827][T14612] [ 633.664581][T14621] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1888'. [ 634.931787][T11881] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 634.954653][T11881] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 634.974989][T11881] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 634.982936][T11881] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 635.037951][T11881] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 636.075709][T14635] chnl_net:caif_netlink_parms(): no params data found [ 636.772477][T14655] MTRR 1 not used [ 637.088146][T14635] bridge0: port 1(bridge_slave_0) entered blocking state [ 637.108480][T12773] Bluetooth: hci4: command tx timeout [ 637.118082][T14635] bridge0: port 1(bridge_slave_0) entered disabled state [ 637.125492][T14635] bridge_slave_0: entered allmulticast mode [ 637.202511][T14635] bridge_slave_0: entered promiscuous mode [ 637.223192][T14635] bridge0: port 2(bridge_slave_1) entered blocking state [ 637.230746][T14635] bridge0: port 2(bridge_slave_1) entered disabled state [ 637.238438][T14635] bridge_slave_1: entered allmulticast mode [ 637.246237][T14635] bridge_slave_1: entered promiscuous mode [ 637.721305][T14635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 637.763185][T14635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 638.071317][T14635] team0: Port device team_slave_0 added [ 638.090255][T14635] team0: Port device team_slave_1 added [ 638.158882][T14635] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 638.168528][T14635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.215098][T14635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 638.270408][T14635] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 638.277376][T14635] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.379371][T14635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 638.670898][T14672] serio: Serial port pty6 [ 638.983767][T14635] hsr_slave_0: entered promiscuous mode [ 639.065705][T14635] hsr_slave_1: entered promiscuous mode [ 639.131508][T14635] debugfs: 'hsr0' already exists in 'hsr' [ 639.189067][T12773] Bluetooth: hci4: command tx timeout [ 639.249245][T14635] Cannot create hsr debugfs directory [ 639.457508][T14678] Invalid ELF header magic: != ELF [ 640.735540][T14690] i2c i2c-0: delete_device: Extra parameters [ 641.066572][T14635] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 641.133667][T14635] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 641.206044][T14635] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 641.270133][T12773] Bluetooth: hci4: command tx timeout [ 641.281228][T14635] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 641.607928][T14635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 641.666181][T14635] 8021q: adding VLAN 0 to HW filter on device team0 [ 641.692065][T12049] bridge0: port 1(bridge_slave_0) entered blocking state [ 641.692660][T12049] bridge0: port 1(bridge_slave_0) entered forwarding state [ 641.695576][T12049] bridge0: port 2(bridge_slave_1) entered blocking state [ 641.695691][T12049] bridge0: port 2(bridge_slave_1) entered forwarding state [ 641.943016][T14635] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 642.783508][T14635] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 642.836830][T14718] FAULT_INJECTION: forcing a failure. [ 642.836830][T14718] name failslab, interval 1, probability 0, space 0, times 0 [ 642.902187][T14718] CPU: 0 UID: 0 PID: 14718 Comm: syz.0.1906 Not tainted syzkaller #0 PREEMPT(full) [ 642.902226][T14718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 642.902243][T14718] Call Trace: [ 642.902253][T14718] [ 642.902263][T14718] dump_stack_lvl+0x16c/0x1f0 [ 642.902299][T14718] should_fail_ex+0x512/0x640 [ 642.902328][T14718] ? fs_reclaim_acquire+0xae/0x150 [ 642.902369][T14718] should_failslab+0xc2/0x120 [ 642.902404][T14718] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 642.902438][T14718] ? security_inode_alloc+0x3b/0x2b0 [ 642.902474][T14718] security_inode_alloc+0x3b/0x2b0 [ 642.902506][T14718] inode_init_always_gfp+0xce4/0x1030 [ 642.902540][T14718] alloc_inode+0x86/0x240 [ 642.902576][T14718] new_inode+0x22/0x1c0 [ 642.902615][T14718] nfsd_get_inode+0x1a/0x190 [ 642.902647][T14718] nfsd_fill_super+0x18e/0x530 [ 642.902678][T14718] ? __pfx_nfsd_fill_super+0x10/0x10 [ 642.902708][T14718] get_tree_keyed+0x10e/0x1d0 [ 642.902737][T14718] vfs_get_tree+0x8b/0x340 [ 642.902762][T14718] path_mount+0x1516/0x2060 [ 642.902800][T14718] ? __pfx_path_mount+0x10/0x10 [ 642.902835][T14718] ? kmem_cache_free+0x2d1/0x4d0 [ 642.902863][T14718] ? putname+0x154/0x1a0 [ 642.902901][T14718] ? putname+0x154/0x1a0 [ 642.902938][T14718] ? __x64_sys_mount+0x28d/0x310 [ 642.902967][T14718] __x64_sys_mount+0x28d/0x310 [ 642.902999][T14718] ? __pfx___x64_sys_mount+0x10/0x10 [ 642.903056][T14718] do_syscall_64+0xcd/0x4c0 [ 642.903089][T14718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.903115][T14718] RIP: 0033:0x7f2542d8eec9 [ 642.903136][T14718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 642.903161][T14718] RSP: 002b:00007f2543c87038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 642.903187][T14718] RAX: ffffffffffffffda RBX: 00007f2542fe5fa0 RCX: 00007f2542d8eec9 [ 642.903206][T14718] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 642.903222][T14718] RBP: 00007f2542e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 642.903238][T14718] R10: 0000000000000081 R11: 0000000000000246 R12: 0000000000000000 [ 642.903254][T14718] R13: 00007f2542fe6038 R14: 00007f2542fe5fa0 R15: 00007ffcf86238d8 [ 642.903336][T14718] [ 643.391161][T12773] Bluetooth: hci4: command tx timeout [ 643.463237][T14723] FAULT_INJECTION: forcing a failure. [ 643.463237][T14723] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 643.501413][T14723] CPU: 1 UID: 0 PID: 14723 Comm: syz.2.1908 Not tainted syzkaller #0 PREEMPT(full) [ 643.501447][T14723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 643.501462][T14723] Call Trace: [ 643.501471][T14723] [ 643.501481][T14723] dump_stack_lvl+0x16c/0x1f0 [ 643.501513][T14723] should_fail_ex+0x512/0x640 [ 643.501545][T14723] _copy_from_user+0x2e/0xd0 [ 643.501575][T14723] copy_msghdr_from_user+0x98/0x160 [ 643.501603][T14723] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 643.501645][T14723] ___sys_sendmsg+0xfe/0x1d0 [ 643.501674][T14723] ? __pfx____sys_sendmsg+0x10/0x10 [ 643.501742][T14723] __sys_sendmsg+0x16d/0x220 [ 643.501768][T14723] ? __pfx___sys_sendmsg+0x10/0x10 [ 643.501818][T14723] do_syscall_64+0xcd/0x4c0 [ 643.501847][T14723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.501872][T14723] RIP: 0033:0x7f3a0f98eec9 [ 643.501893][T14723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 643.501917][T14723] RSP: 002b:00007f3a0dbf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 643.501942][T14723] RAX: ffffffffffffffda RBX: 00007f3a0fbe5fa0 RCX: 00007f3a0f98eec9 [ 643.501959][T14723] RDX: 00000000040080c4 RSI: 00002000000000c0 RDI: 0000000000000003 [ 643.501974][T14723] RBP: 00007f3a0dbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 643.501990][T14723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 643.502005][T14723] R13: 00007f3a0fbe6038 R14: 00007f3a0fbe5fa0 R15: 00007ffcb7c92338 [ 643.502039][T14723] [ 643.666495][ C1] vkms_vblank_simulate: vblank timer overrun [ 644.546034][T14418] syz.1.1847 (14418) used greatest stack depth: 18952 bytes left [ 645.051357][T14635] veth0_vlan: entered promiscuous mode [ 645.096794][T14635] veth1_vlan: entered promiscuous mode [ 645.181236][T14635] veth0_macvtap: entered promiscuous mode [ 645.210075][T14635] veth1_macvtap: entered promiscuous mode [ 645.476115][T14635] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 645.539346][T14635] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 645.648943][T11912] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.672792][T11912] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.717002][T11912] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.750534][T11912] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.996881][T11907] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 646.019075][T11907] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 646.119467][T11884] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 646.147291][T11884] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 646.688492][T14759] serio: Serial port pty6 [ 646.841638][T14475] syz.1.1856 (14475) used greatest stack depth: 18824 bytes left [ 647.535331][T14790] FAULT_INJECTION: forcing a failure. [ 647.535331][T14790] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 647.659162][T14790] CPU: 1 UID: 0 PID: 14790 Comm: syz.2.1922 Not tainted syzkaller #0 PREEMPT(full) [ 647.659197][T14790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 647.659211][T14790] Call Trace: [ 647.659220][T14790] [ 647.659231][T14790] dump_stack_lvl+0x16c/0x1f0 [ 647.659264][T14790] should_fail_ex+0x512/0x640 [ 647.659297][T14790] should_fail_alloc_page+0xe7/0x130 [ 647.659333][T14790] prepare_alloc_pages+0x3c2/0x610 [ 647.659374][T14790] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 647.659409][T14790] ? is_bpf_text_address+0x8a/0x1a0 [ 647.659440][T14790] ? bpf_ksym_find+0x124/0x1c0 [ 647.659465][T14790] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 647.659495][T14790] ? is_bpf_text_address+0x94/0x1a0 [ 647.659524][T14790] ? kernel_text_address+0x8d/0x100 [ 647.659562][T14790] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 647.659590][T14790] ? unwind_get_return_address+0x59/0xa0 [ 647.659637][T14790] ? stack_trace_save+0x8e/0xc0 [ 647.659663][T14790] ? __pfx_stack_trace_save+0x10/0x10 [ 647.659691][T14790] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 647.659729][T14790] ? policy_nodemask+0xea/0x4e0 [ 647.659764][T14790] alloc_pages_mpol+0x1fb/0x550 [ 647.659798][T14790] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 647.659840][T14790] alloc_pages_noprof+0x131/0x390 [ 647.659873][T14790] __pud_alloc+0x3b/0x750 [ 647.659911][T14790] __handle_mm_fault+0x13de/0x2a50 [ 647.659943][T14790] ? mt_find+0x3ef/0xa30 [ 647.659982][T14790] ? __pfx___handle_mm_fault+0x10/0x10 [ 647.660041][T14790] handle_mm_fault+0x589/0xd10 [ 647.660076][T14790] __get_user_pages+0x551/0x34a0 [ 647.660120][T14790] ? __pfx_validate_mm+0x10/0x10 [ 647.660150][T14790] ? __pfx___get_user_pages+0x10/0x10 [ 647.660196][T14790] get_user_pages_remote+0x243/0xab0 [ 647.660239][T14790] ? __pfx_get_user_pages_remote+0x10/0x10 [ 647.660273][T14790] ? __pfx_vma_link+0x10/0x10 [ 647.660314][T14790] get_arg_page+0xf4/0x310 [ 647.660341][T14790] ? __pfx_get_arg_page+0x10/0x10 [ 647.660366][T14790] ? up_write+0x1b2/0x520 [ 647.660408][T14790] copy_string_kernel+0x182/0x520 [ 647.660444][T14790] do_execveat_common.isra.0+0x2ed/0x610 [ 647.660479][T14790] __x64_sys_execveat+0xda/0x120 [ 647.660511][T14790] do_syscall_64+0xcd/0x4c0 [ 647.660541][T14790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.660565][T14790] RIP: 0033:0x7f3a0f98eec9 [ 647.660586][T14790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 647.660609][T14790] RSP: 002b:00007f3a0dbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 647.660633][T14790] RAX: ffffffffffffffda RBX: 00007f3a0fbe5fa0 RCX: 00007f3a0f98eec9 [ 647.660650][T14790] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004 [ 647.660666][T14790] RBP: 00007f3a0dbf6090 R08: 0000000000011000 R09: 0000000000000000 [ 647.660681][T14790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 647.660697][T14790] R13: 00007f3a0fbe6038 R14: 00007f3a0fbe5fa0 R15: 00007ffcb7c92338 [ 647.660732][T14790] [ 647.958412][ C1] vkms_vblank_simulate: vblank timer overrun [ 648.562420][T14798] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 650.078573][T14817] bond0: option all_slaves_active: invalid value () [ 650.206999][T14833] FAULT_INJECTION: forcing a failure. [ 650.206999][T14833] name failslab, interval 1, probability 0, space 0, times 0 [ 650.247013][T14817] bond0: option all_slaves_active: invalid value () [ 650.319783][T14833] CPU: 0 UID: 0 PID: 14833 Comm: syz.1.1932 Not tainted syzkaller #0 PREEMPT(full) [ 650.319826][T14833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 650.319863][T14833] Call Trace: [ 650.319874][T14833] [ 650.319885][T14833] dump_stack_lvl+0x16c/0x1f0 [ 650.319925][T14833] should_fail_ex+0x512/0x640 [ 650.319955][T14833] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 650.319996][T14833] should_failslab+0xc2/0x120 [ 650.320036][T14833] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 650.320068][T14833] ? d_instantiate+0x77/0x90 [ 650.320102][T14833] ? alloc_empty_file+0x55/0x1e0 [ 650.320149][T14833] alloc_empty_file+0x55/0x1e0 [ 650.320190][T14833] alloc_file_pseudo+0x13a/0x230 [ 650.320233][T14833] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 650.320271][T14833] ? alloc_fd+0x471/0x7d0 [ 650.320307][T14833] sock_alloc_file+0x50/0x210 [ 650.320339][T14833] __sys_socket+0x1c0/0x260 [ 650.320376][T14833] ? __pfx___sys_socket+0x10/0x10 [ 650.320412][T14833] ? xfd_validate_state+0x61/0x180 [ 650.320462][T14833] __x64_sys_socket+0x72/0xb0 [ 650.320499][T14833] ? lockdep_hardirqs_on+0x7c/0x110 [ 650.320532][T14833] do_syscall_64+0xcd/0x4c0 [ 650.320564][T14833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.320595][T14833] RIP: 0033:0x7fcaf018eec9 [ 650.320616][T14833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 650.320645][T14833] RSP: 002b:00007fcaf10be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 650.320670][T14833] RAX: ffffffffffffffda RBX: 00007fcaf03e5fa0 RCX: 00007fcaf018eec9 [ 650.320691][T14833] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 650.320707][T14833] RBP: 00007fcaf0211f91 R08: 0000000000000000 R09: 0000000000000000 [ 650.320724][T14833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 650.320749][T14833] R13: 00007fcaf03e6038 R14: 00007fcaf03e5fa0 R15: 00007ffc7a330098 [ 650.320784][T14833] [ 650.792810][T14837] FAULT_INJECTION: forcing a failure. [ 650.792810][T14837] name fail_futex, interval 1, probability 0, space 0, times 0 [ 650.805859][T14837] CPU: 0 UID: 0 PID: 14837 Comm: syz.0.1931 Not tainted syzkaller #0 PREEMPT(full) [ 650.805886][T14837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 650.805897][T14837] Call Trace: [ 650.805903][T14837] [ 650.805909][T14837] dump_stack_lvl+0x16c/0x1f0 [ 650.805930][T14837] should_fail_ex+0x512/0x640 [ 650.805950][T14837] should_fail_futex+0x4c/0x60 [ 650.805969][T14837] futex_lock_pi_atomic+0x1ce/0xd50 [ 650.805995][T14837] futex_lock_pi+0x23f/0x7c0 [ 650.806018][T14837] ? __pfx_futex_lock_pi+0x10/0x10 [ 650.806048][T14837] ? find_held_lock+0x2b/0x80 [ 650.806067][T14837] ? futex_private_hash_put+0x18a/0x300 [ 650.806087][T14837] ? __pfx_futex_wake_mark+0x10/0x10 [ 650.806114][T14837] ? ksys_write+0x190/0x250 [ 650.806134][T14837] do_futex+0x11a/0x350 [ 650.806152][T14837] ? __pfx_do_futex+0x10/0x10 [ 650.806174][T14837] __x64_sys_futex+0x1e0/0x4c0 [ 650.806192][T14837] ? fput+0x9b/0xd0 [ 650.806211][T14837] ? __pfx___x64_sys_futex+0x10/0x10 [ 650.806229][T14837] ? xfd_validate_state+0x61/0x180 [ 650.806249][T14837] ? __pfx_ksys_write+0x10/0x10 [ 650.806271][T14837] do_syscall_64+0xcd/0x4c0 [ 650.806288][T14837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.806303][T14837] RIP: 0033:0x7f2542d8eec9 [ 650.806316][T14837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 650.806329][T14837] RSP: 002b:00007f2543c45038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 650.806344][T14837] RAX: ffffffffffffffda RBX: 00007f2542fe6180 RCX: 00007f2542d8eec9 [ 650.806354][T14837] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 650.806362][T14837] RBP: 00007f2542e11f91 R08: 0000000000000000 R09: 000000008000fff5 [ 650.806371][T14837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 650.806379][T14837] R13: 00007f2542fe6218 R14: 00007f2542fe6180 R15: 00007ffcf86238d8 [ 650.806398][T14837] [ 652.107169][T14858] FAULT_INJECTION: forcing a failure. [ 652.107169][T14858] name failslab, interval 1, probability 0, space 0, times 0 [ 652.142389][T14858] CPU: 1 UID: 0 PID: 14858 Comm: syz.1.1944 Not tainted syzkaller #0 PREEMPT(full) [ 652.142428][T14858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 652.142442][T14858] Call Trace: [ 652.142451][T14858] [ 652.142461][T14858] dump_stack_lvl+0x16c/0x1f0 [ 652.142495][T14858] should_fail_ex+0x512/0x640 [ 652.142522][T14858] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 652.142556][T14858] should_failslab+0xc2/0x120 [ 652.142589][T14858] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 652.142620][T14858] ? __d_alloc+0x32/0xae0 [ 652.142655][T14858] __d_alloc+0x32/0xae0 [ 652.142688][T14858] path_from_stashed+0x427/0x750 [ 652.142726][T14858] ns_get_path+0x60/0x80 [ 652.142753][T14858] proc_ns_get_link+0x121/0x230 [ 652.142785][T14858] ? __pfx_proc_ns_get_link+0x10/0x10 [ 652.142820][T14858] ? atime_needs_update+0x8b/0x710 [ 652.142857][T14858] ? __pfx_proc_ns_get_link+0x10/0x10 [ 652.142889][T14858] step_into+0x1969/0x21a0 [ 652.142922][T14858] ? __pfx_step_into+0x10/0x10 [ 652.142946][T14858] ? find_held_lock+0x2b/0x80 [ 652.142982][T14858] path_openat+0x6db/0x2cb0 [ 652.143022][T14858] ? __pfx_path_openat+0x10/0x10 [ 652.143060][T14858] do_filp_open+0x20b/0x470 [ 652.143090][T14858] ? __pfx_do_filp_open+0x10/0x10 [ 652.143144][T14858] ? alloc_fd+0x471/0x7d0 [ 652.143180][T14858] do_sys_openat2+0x11b/0x1d0 [ 652.143216][T14858] ? __pfx_do_sys_openat2+0x10/0x10 [ 652.143249][T14858] ? find_held_lock+0x2b/0x80 [ 652.143274][T14858] ? handle_mm_fault+0x2ab/0xd10 [ 652.143308][T14858] __x64_sys_openat+0x174/0x210 [ 652.143332][T14858] ? __pfx___x64_sys_openat+0x10/0x10 [ 652.143358][T14858] ? do_user_addr_fault+0x843/0x1370 [ 652.143392][T14858] do_syscall_64+0xcd/0x4c0 [ 652.143427][T14858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.143451][T14858] RIP: 0033:0x7fcaf018d710 [ 652.143472][T14858] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 652.143496][T14858] RSP: 002b:00007fcaf10bdf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 652.143520][T14858] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcaf018d710 [ 652.143536][T14858] RDX: 0000000000000002 RSI: 00007fcaf10bdfa0 RDI: 00000000ffffff9c [ 652.143552][T14858] RBP: 00007fcaf10bdfa0 R08: 0000000000000000 R09: 0000000000000000 [ 652.143566][T14858] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 652.143581][T14858] R13: 00007fcaf03e6038 R14: 00007fcaf03e5fa0 R15: 00007ffc7a330098 [ 652.143615][T14858] [ 652.804223][T12773] Bluetooth: hci4: unexpected event 0x1c length: 444 > 5 [ 653.749476][T14879] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 653.803763][T14881] program syz.0.1939 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 654.827334][T14901] binder: 14900:14901 ioctl c00c620f 2000000000c0 returned -22 [ 654.941542][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 654.951364][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 654.968473][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 654.974757][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 654.989629][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 654.995935][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 655.012480][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 655.019672][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 655.512543][T14879] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 655.549054][T14879] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 655.555324][T14879] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 655.573274][T14879] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 655.579761][T14879] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 655.586857][T14879] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 655.725791][T14879] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 655.830716][T14893] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 655.918778][T14914] nbd: must specify a device to reconfigure [ 656.398918][T12773] Bluetooth: hci0: command 0x0c1a tx timeout [ 656.601016][T14931] FAULT_INJECTION: forcing a failure. [ 656.601016][T14931] name failslab, interval 1, probability 0, space 0, times 0 [ 656.617800][T14931] CPU: 1 UID: 0 PID: 14931 Comm: syz.5.1950 Not tainted syzkaller #0 PREEMPT(full) [ 656.617834][T14931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 656.617851][T14931] Call Trace: [ 656.617861][T14931] [ 656.617872][T14931] dump_stack_lvl+0x16c/0x1f0 [ 656.617907][T14931] should_fail_ex+0x512/0x640 [ 656.617936][T14931] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 656.617974][T14931] should_failslab+0xc2/0x120 [ 656.618007][T14931] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 656.618040][T14931] ? alloc_inode+0xc3/0x240 [ 656.618078][T14931] alloc_inode+0xc3/0x240 [ 656.618113][T14931] alloc_anon_inode+0x28/0x3e0 [ 656.618144][T14931] anon_inode_make_secure_inode+0x31/0x140 [ 656.618181][T14931] __anon_inode_getfile+0x1cf/0x280 [ 656.618212][T14931] ? _copy_to_user+0x48/0xd0 [ 656.618244][T14931] io_uring_setup+0x1511/0x20c0 [ 656.618285][T14931] ? __pfx_io_uring_setup+0x10/0x10 [ 656.618357][T14931] ? xfd_validate_state+0x61/0x180 [ 656.618395][T14931] ? __pfx___do_sys_close_range+0x10/0x10 [ 656.618434][T14931] __x64_sys_io_uring_setup+0xc2/0x170 [ 656.618473][T14931] do_syscall_64+0xcd/0x4c0 [ 656.618504][T14931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.618530][T14931] RIP: 0033:0x7fa80b78eec9 [ 656.618552][T14931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 656.618580][T14931] RSP: 002b:00007fa80c5b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 656.618606][T14931] RAX: ffffffffffffffda RBX: 00007fa80b9e5fa0 RCX: 00007fa80b78eec9 [ 656.618623][T14931] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000048 [ 656.618639][T14931] RBP: 00007fa80b811f91 R08: 0000000000000000 R09: 0000000000000000 [ 656.618655][T14931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 656.618672][T14931] R13: 00007fa80b9e6038 R14: 00007fa80b9e5fa0 R15: 00007ffdd59655b8 [ 656.618708][T14931] [ 656.819548][ C1] vkms_vblank_simulate: vblank timer overrun [ 657.602222][T11881] Bluetooth: hci1: command 0x0c1a tx timeout [ 657.608332][T11881] Bluetooth: hci3: command 0x0c1a tx timeout [ 657.614684][T11881] Bluetooth: hci2: command 0x0c1a tx timeout [ 657.621035][T12773] Bluetooth: hci4: command 0x0c1a tx timeout [ 658.981331][T14958] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1958'. [ 659.033933][T14958] netlink: 25 bytes leftover after parsing attributes in process `syz.5.1958'. [ 659.221747][T14951] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1955'. [ 659.679317][T11881] Bluetooth: hci4: command 0x0c1a tx timeout [ 660.331131][T14982] netlink: 334 bytes leftover after parsing attributes in process `syz.5.1964'. [ 661.512948][T14987] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1965'. [ 661.692733][T14968] kexec: Could not allocate control_code_buffer [ 661.729724][T14951] random: crng reseeded on system resumption [ 661.770312][T11881] Bluetooth: hci4: command 0x0c1a tx timeout [ 662.361246][T15001] program syz.1.1970 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 663.723610][T15026] zram: Added device: zram0 [ 664.206921][T15030] serio: Serial port pty6 [ 664.450949][T15039] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1980'. [ 664.878042][T15056] FAULT_INJECTION: forcing a failure. [ 664.878042][T15056] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 665.002923][T15056] CPU: 1 UID: 0 PID: 15056 Comm: syz.2.1986 Not tainted syzkaller #0 PREEMPT(full) [ 665.002955][T15056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 665.002968][T15056] Call Trace: [ 665.002977][T15056] [ 665.002985][T15056] dump_stack_lvl+0x16c/0x1f0 [ 665.003018][T15056] should_fail_ex+0x512/0x640 [ 665.003050][T15056] _copy_from_iter+0x29f/0x1720 [ 665.003088][T15056] ? __pfx__copy_from_iter+0x10/0x10 [ 665.003120][T15056] ? rcu_is_watching+0x12/0xc0 [ 665.003146][T15056] ? trace_kmalloc+0x2b/0xd0 [ 665.003177][T15056] ? __kmalloc_noprof+0x242/0x510 [ 665.003215][T15056] kernfs_fop_write_iter+0x19a/0x570 [ 665.003247][T15056] vfs_write+0x7d3/0x11d0 [ 665.003278][T15056] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 665.003306][T15056] ? __pfx___mutex_lock+0x10/0x10 [ 665.003334][T15056] ? __pfx_vfs_write+0x10/0x10 [ 665.003387][T15056] ksys_write+0x12a/0x250 [ 665.003415][T15056] ? __pfx_ksys_write+0x10/0x10 [ 665.003454][T15056] do_syscall_64+0xcd/0x4c0 [ 665.003485][T15056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.003511][T15056] RIP: 0033:0x7f3a0f98eec9 [ 665.003529][T15056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 665.003551][T15056] RSP: 002b:00007f3a0dbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 665.003583][T15056] RAX: ffffffffffffffda RBX: 00007f3a0fbe5fa0 RCX: 00007f3a0f98eec9 [ 665.003600][T15056] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000003 [ 665.003614][T15056] RBP: 00007f3a0dbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 665.003630][T15056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 665.003644][T15056] R13: 00007f3a0fbe6038 R14: 00007f3a0fbe5fa0 R15: 00007ffcb7c92338 [ 665.003680][T15056] [ 667.071010][T15082] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 667.322836][T15089] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2000'. [ 667.406133][T15095] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 667.495722][T15096] serio: Serial port pty6 [ 668.600582][T15110] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1996'. [ 668.634503][T15110] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1996'. [ 668.794735][T15119] FAULT_INJECTION: forcing a failure. [ 668.794735][T15119] name failslab, interval 1, probability 0, space 0, times 0 [ 668.846415][T15119] CPU: 0 UID: 0 PID: 15119 Comm: syz.0.1997 Not tainted syzkaller #0 PREEMPT(full) [ 668.846437][T15119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 668.846446][T15119] Call Trace: [ 668.846451][T15119] [ 668.846457][T15119] dump_stack_lvl+0x16c/0x1f0 [ 668.846479][T15119] should_fail_ex+0x512/0x640 [ 668.846496][T15119] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 668.846517][T15119] should_failslab+0xc2/0x120 [ 668.846537][T15119] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 668.846554][T15119] ? __pfx___might_resched+0x10/0x10 [ 668.846569][T15119] ? __anon_vma_prepare+0xae/0x5e0 [ 668.846589][T15119] __anon_vma_prepare+0xae/0x5e0 [ 668.846604][T15119] ? __filemap_get_folio+0x32b/0xc30 [ 668.846626][T15119] __vmf_anon_prepare+0x11c/0x240 [ 668.846649][T15119] hugetlb_fault+0x1ba4/0x2f40 [ 668.846668][T15119] ? __pfx_hugetlb_fault+0x10/0x10 [ 668.846691][T15119] ? __pfx___up_read+0x10/0x10 [ 668.846716][T15119] handle_mm_fault+0xbfa/0xd10 [ 668.846736][T15119] __get_user_pages+0x551/0x34a0 [ 668.846766][T15119] ? __pfx___get_user_pages+0x10/0x10 [ 668.846793][T15119] populate_vma_page_range+0x267/0x3f0 [ 668.846809][T15119] ? __pfx_populate_vma_page_range+0x10/0x10 [ 668.846822][T15119] ? __pfx_find_vma_intersection+0x10/0x10 [ 668.846843][T15119] ? do_mmap+0x69c/0x1210 [ 668.846865][T15119] __mm_populate+0x1d8/0x380 [ 668.846880][T15119] ? __pfx___mm_populate+0x10/0x10 [ 668.846895][T15119] ? up_write+0x1b2/0x520 [ 668.846917][T15119] vm_mmap_pgoff+0x37f/0x470 [ 668.846940][T15119] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 668.846958][T15119] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 668.846982][T15119] ? hugetlbfs_get_inode+0x31f/0x730 [ 668.847006][T15119] ksys_mmap_pgoff+0x1c8/0x5c0 [ 668.847029][T15119] __x64_sys_mmap+0x125/0x190 [ 668.847046][T15119] do_syscall_64+0xcd/0x4c0 [ 668.847063][T15119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.847079][T15119] RIP: 0033:0x7f2542d8eec9 [ 668.847091][T15119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 668.847105][T15119] RSP: 002b:00007f2543c66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 668.847119][T15119] RAX: ffffffffffffffda RBX: 00007f2542fe6090 RCX: 00007f2542d8eec9 [ 668.847129][T15119] RDX: 00004000000000e3 RSI: 0000000000200004 RDI: 0000000000000000 [ 668.847138][T15119] RBP: 00007f2543c66090 R08: 000000000000000d R09: 0000300000000000 [ 668.847147][T15119] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000002 [ 668.847155][T15119] R13: 00007f2542fe6128 R14: 00007f2542fe6090 R15: 00007ffcf86238d8 [ 668.847175][T15119] [ 669.109878][ C0] vkms_vblank_simulate: vblank timer overrun [ 669.844620][T11881] Bluetooth: hci0: command 0x0c1a tx timeout [ 669.850840][T15082] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 670.251618][T15132] usbip-vudc usbip-vudc.0: gadget not bound [ 670.574892][T15082] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 670.608201][T15082] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 670.884994][T15082] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 670.899688][T15082] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 671.083554][T15103] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 671.105550][T15111] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 671.303848][T15145] mtrr: base(0x100000000) is not aligned on a size(0x0000) boundary [ 671.623556][T15151] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2006'. [ 671.646982][T15154] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2007'. [ 671.747805][T15151] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 671.925481][T11881] Bluetooth: hci2: command 0x0c1a tx timeout [ 672.533730][T15149] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2005'. [ 672.646005][T11881] Bluetooth: hci3: command 0x0c1a tx timeout [ 672.726093][T11881] Bluetooth: hci1: command 0x0c1a tx timeout [ 672.742708][T15155] kexec: Could not allocate control_code_buffer [ 672.965962][T11881] Bluetooth: hci4: command 0x0c1a tx timeout [ 674.554179][T15151] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 674.567147][T15151] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 674.577202][T15151] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 674.583771][T15151] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 674.594097][T15151] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 674.648916][T12773] Bluetooth: hci0: command 0x0c1a tx timeout [ 674.962552][T15157] random: crng reseeded on system resumption [ 675.791978][T15195] ptrace attach of "./syz-executor exec"[5848] was attempted by "8Õt,­\x09²öÉœ5J­J^Ψ_/yœçß‹.{Y^Ú6º™‘ÿKDîS¨iJbõ‰$ßîÔÿÑRÿ_%Qˆñc.ÕAܘ“”ð'ïI´q([U+{õ9É/mJŸõC¸T£óÐü9¹V\x0daxº>“â2»•šR‘ð-h°-%p#5\x09\x0dõ:IôèÖvS‡maxkÍEµö«†3©\x5cûf¤«¥1þð¨öÍP³oj!.㢴~½GéÖ½û~Ø6épS,¯Õ÷ÞZ]ÃÆ2¯l«F®ã@F@üÌM×|FZ‰/Õ¬VúK.²x,Û0Û&¼ò1ÊM`ŠvÔnôYÜ8A¤‹ZyÑè¯-;IÆ}_ãmZ‚†F5^¥ƒD¶ÿîéuœkÌäk#R_Éc‰;€$Iª€§Oî…›°Š¥„\x0c¹öº«’’6Þþ¼¶ÂdF;ËE5ì>&Ü€p\x07ðì¶0÷šÜƒÌF™àþ£\x09‹ß͹\x0dÒã†y$¢¾¹g€ÖTkùþþþÄAtûj›•/–K\x0c×»ñK£âPOóÊ™\x0aÆÄ)-C˜°|gÖ`\x5c6)ã'x^¹»±¾ð>(^ÿSo£¡FȵìKŽ˜3½\x0c \x1b_º÷úU¨7°œ×^ôäÃûLZ^D¥ž˜<*§jÙˆ™jésL·þâºe¸ƒ°~õ·iñR©ã†3ÈX£Ãul_wÿãTÓ¬'7V/zíª\x0bö*Ï#S×ö?Ã*m)Êd¥WhŒ”mGyT@|X*ZSç[ÑrMÝé£8+`‡ê1Ã8õcflw^\x0a\x09c\x09†ôx*¿£µPµ[\x09ë%ŠKßÈÚé<¹[ê¡ËôqwЖo}DñZ=$`YÒhw*Z!7jflT¶êOOL,E|‚™;aùíöÂÇ~Eç[æ Y¸&ãZ\x0b¯xئ^›F_#=èž\x5c [ 675.956544][T15189] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 676.652984][T12773] Bluetooth: hci4: command 0x0c1a tx timeout [ 676.659094][T11881] Bluetooth: hci1: command 0x0c1a tx timeout [ 676.665124][T12017] Bluetooth: hci3: command 0x0c1a tx timeout [ 676.672315][T12017] Bluetooth: hci2: command 0x0c1a tx timeout [ 676.938966][T15212] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2017'. [ 677.003892][T15212] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 678.889846][T15212] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 678.897055][T15212] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 678.903432][T15212] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 678.909794][T15212] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 678.916116][T15212] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 678.924627][T15219] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 678.968692][T15224] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2019'. [ 679.034363][T15231] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 679.695100][T15209] Bluetooth: hci0: command 0x0c1a tx timeout [ 679.724900][T15235] netlink: 17 bytes leftover after parsing attributes in process `syz.5.2020'. [ 680.970367][T15209] Bluetooth: hci4: command 0x0c1a tx timeout [ 680.976624][T12773] Bluetooth: hci1: command 0x0c1a tx timeout [ 680.983078][T12017] Bluetooth: hci3: command 0x0c1a tx timeout [ 680.989073][T11898] Bluetooth: hci2: command 0x0c1a tx timeout [ 684.709138][T15290] hub 1-0:1.0: USB hub found [ 684.727549][T15290] hub 1-0:1.0: 1 port detected [ 685.695848][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.702617][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.973118][T15296] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 687.083345][T15326] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 688.006786][T15331] FAULT_INJECTION: forcing a failure. [ 688.006786][T15331] name failslab, interval 1, probability 0, space 0, times 0 [ 688.021373][T15331] CPU: 0 UID: 0 PID: 15331 Comm: syz.2.2042 Not tainted syzkaller #0 PREEMPT(full) [ 688.021405][T15331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 688.021419][T15331] Call Trace: [ 688.021427][T15331] [ 688.021437][T15331] dump_stack_lvl+0x16c/0x1f0 [ 688.021469][T15331] should_fail_ex+0x512/0x640 [ 688.021496][T15331] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 688.021529][T15331] should_failslab+0xc2/0x120 [ 688.021560][T15331] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 688.021589][T15331] ? __alloc_skb+0x2b2/0x380 [ 688.021620][T15331] __alloc_skb+0x2b2/0x380 [ 688.021645][T15331] ? __pfx___alloc_skb+0x10/0x10 [ 688.021672][T15331] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 688.021698][T15331] ? __lock_acquire+0xb97/0x1ce0 [ 688.021735][T15331] netlink_alloc_large_skb+0x69/0x130 [ 688.021765][T15331] netlink_sendmsg+0x6a1/0xdd0 [ 688.021798][T15331] ? __pfx_netlink_sendmsg+0x10/0x10 [ 688.021830][T15331] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 688.021862][T15331] ____sys_sendmsg+0xa98/0xc70 [ 688.021896][T15331] ? copy_msghdr_from_user+0x10a/0x160 [ 688.021922][T15331] ? __pfx_____sys_sendmsg+0x10/0x10 [ 688.021971][T15331] ___sys_sendmsg+0x134/0x1d0 [ 688.021998][T15331] ? __pfx____sys_sendmsg+0x10/0x10 [ 688.022068][T15331] __sys_sendmsg+0x16d/0x220 [ 688.022095][T15331] ? __pfx___sys_sendmsg+0x10/0x10 [ 688.022145][T15331] do_syscall_64+0xcd/0x4c0 [ 688.022175][T15331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.022200][T15331] RIP: 0033:0x7f3a0f98eec9 [ 688.022220][T15331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 688.022251][T15331] RSP: 002b:00007f3a0dbf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 688.022274][T15331] RAX: ffffffffffffffda RBX: 00007f3a0fbe5fa0 RCX: 00007f3a0f98eec9 [ 688.022290][T15331] RDX: 0000000004000010 RSI: 0000200000001a00 RDI: 0000000000000004 [ 688.022306][T15331] RBP: 00007f3a0dbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 688.022320][T15331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 688.022335][T15331] R13: 00007f3a0fbe6038 R14: 00007f3a0fbe5fa0 R15: 00007ffcb7c92338 [ 688.022369][T15331] [ 689.467352][T15356] FAULT_INJECTION: forcing a failure. [ 689.467352][T15356] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 689.511646][T15356] CPU: 0 UID: 0 PID: 15356 Comm: syz.0.2046 Not tainted syzkaller #0 PREEMPT(full) [ 689.511671][T15356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 689.511680][T15356] Call Trace: [ 689.511686][T15356] [ 689.511692][T15356] dump_stack_lvl+0x16c/0x1f0 [ 689.511715][T15356] should_fail_ex+0x512/0x640 [ 689.511736][T15356] should_fail_alloc_page+0xe7/0x130 [ 689.511758][T15356] prepare_alloc_pages+0x3c2/0x610 [ 689.511780][T15356] ? rcu_is_watching+0x12/0xc0 [ 689.511798][T15356] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 689.511821][T15356] ? stack_trace_save+0x8e/0xc0 [ 689.511838][T15356] ? __pfx_stack_trace_save+0x10/0x10 [ 689.511854][T15356] ? stack_depot_save_flags+0x29/0x9c0 [ 689.511871][T15356] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 689.511892][T15356] ? kasan_save_stack+0x42/0x60 [ 689.511907][T15356] ? kasan_save_stack+0x33/0x60 [ 689.511923][T15356] ? kasan_save_track+0x14/0x30 [ 689.511938][T15356] ? __kasan_kmalloc+0xaa/0xb0 [ 689.511952][T15356] ? mon_bin_open+0x1a8/0x4a0 [ 689.511968][T15356] ? do_sys_openat2+0x11b/0x1d0 [ 689.511989][T15356] ? __x64_sys_openat+0x174/0x210 [ 689.512000][T15356] ? do_syscall_64+0xcd/0x4c0 [ 689.512015][T15356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.512034][T15356] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 689.512057][T15356] ? policy_nodemask+0xea/0x4e0 [ 689.512077][T15356] alloc_pages_mpol+0x1fb/0x550 [ 689.512097][T15356] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 689.512122][T15356] alloc_pages_noprof+0x131/0x390 [ 689.512151][T15356] get_zeroed_page_noprof+0x18/0xb0 [ 689.512172][T15356] mon_alloc_buff+0xce/0x1b0 [ 689.512186][T15356] ? kasan_save_track+0x14/0x30 [ 689.512206][T15356] mon_bin_open+0x207/0x4a0 [ 689.512221][T15356] ? __pfx_mon_bin_open+0x10/0x10 [ 689.512236][T15356] chrdev_open+0x234/0x6a0 [ 689.512254][T15356] ? __pfx_apparmor_file_open+0x10/0x10 [ 689.512272][T15356] ? __pfx_chrdev_open+0x10/0x10 [ 689.512291][T15356] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 689.512312][T15356] do_dentry_open+0x97f/0x1530 [ 689.512329][T15356] ? __pfx_chrdev_open+0x10/0x10 [ 689.512351][T15356] vfs_open+0x82/0x3f0 [ 689.512377][T15356] path_openat+0x1de4/0x2cb0 [ 689.512401][T15356] ? __pfx_path_openat+0x10/0x10 [ 689.512423][T15356] do_filp_open+0x20b/0x470 [ 689.512440][T15356] ? __pfx_do_filp_open+0x10/0x10 [ 689.512471][T15356] ? alloc_fd+0x471/0x7d0 [ 689.512492][T15356] do_sys_openat2+0x11b/0x1d0 [ 689.512512][T15356] ? __pfx_do_sys_openat2+0x10/0x10 [ 689.512542][T15356] __x64_sys_openat+0x174/0x210 [ 689.512555][T15356] ? __pfx___x64_sys_openat+0x10/0x10 [ 689.512576][T15356] do_syscall_64+0xcd/0x4c0 [ 689.512593][T15356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.512607][T15356] RIP: 0033:0x7f2542d8eec9 [ 689.512620][T15356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 689.512634][T15356] RSP: 002b:00007f2543c87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 689.512649][T15356] RAX: ffffffffffffffda RBX: 00007f2542fe5fa0 RCX: 00007f2542d8eec9 [ 689.512660][T15356] RDX: 000000000004ad03 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 689.512670][T15356] RBP: 00007f2542e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 689.512679][T15356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 689.512688][T15356] R13: 00007f2542fe6038 R14: 00007f2542fe5fa0 R15: 00007ffcf86238d8 [ 689.512709][T15356] [ 690.711823][T15367] netlink: 'syz.5.2050': attribute type 11 has an invalid length. [ 692.141864][T15371] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 694.412022][T15417] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2061'. [ 694.726024][T15405] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 695.547392][T15440] openvswitch: HfR: Dropping previously announced user features [ 696.481290][T15454] tipc: Started in network mode [ 696.503436][T15454] tipc: Node identity ee00, cluster identity 4711 [ 696.559822][T15454] tipc: Node number set to 60928 [ 696.811619][T15456] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2073'. [ 697.157578][T15462] zswap: compressor not available [ 697.630752][T15470] zswap: compressor not available [ 698.048125][T15480] FAULT_INJECTION: forcing a failure. [ 698.048125][T15480] name failslab, interval 1, probability 0, space 0, times 0 [ 698.061660][T15480] CPU: 1 UID: 0 PID: 15480 Comm: syz.2.2079 Not tainted syzkaller #0 PREEMPT(full) [ 698.061696][T15480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 698.061711][T15480] Call Trace: [ 698.061720][T15480] [ 698.061729][T15480] dump_stack_lvl+0x16c/0x1f0 [ 698.061765][T15480] should_fail_ex+0x512/0x640 [ 698.061795][T15480] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 698.061831][T15480] should_failslab+0xc2/0x120 [ 698.061865][T15480] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 698.061898][T15480] ? mas_alloc_nodes+0x18b/0x8b0 [ 698.061929][T15480] mas_alloc_nodes+0x18b/0x8b0 [ 698.061962][T15480] mas_node_count_gfp+0x105/0x130 [ 698.061991][T15480] mas_preallocate+0x7e0/0xde0 [ 698.062021][T15480] ? __memcg_slab_post_alloc_hook+0x492/0x960 [ 698.062071][T15480] ? __pfx_mas_preallocate+0x10/0x10 [ 698.062115][T15480] ? anon_vma_name+0x81/0x2f0 [ 698.062157][T15480] __split_vma+0x34a/0x1070 [ 698.062190][T15480] ? __pfx___split_vma+0x10/0x10 [ 698.062215][T15480] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 698.062262][T15480] vms_gather_munmap_vmas+0x3b1/0x1340 [ 698.062299][T15480] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 698.062350][T15480] do_vmi_align_munmap+0x27c/0x7d0 [ 698.062384][T15480] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 698.062461][T15480] do_vmi_munmap+0x204/0x3e0 [ 698.062494][T15480] move_vma+0xb67/0x1780 [ 698.062524][T15480] ? __pfx_move_vma+0x10/0x10 [ 698.062555][T15480] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 698.062610][T15480] ? vrm_set_new_addr+0x208/0x290 [ 698.062642][T15480] mremap_to+0x1b7/0x450 [ 698.062669][T15480] do_mremap+0x13b0/0x2030 [ 698.062697][T15480] ? futex_private_hash_put+0xe0/0x300 [ 698.062732][T15480] ? __pfx_do_mremap+0x10/0x10 [ 698.062755][T15480] ? __pfx_futex_wake+0x10/0x10 [ 698.062794][T15480] ? do_writev+0x218/0x340 [ 698.062830][T15480] __do_sys_mremap+0x119/0x170 [ 698.062856][T15480] ? __pfx___do_sys_mremap+0x10/0x10 [ 698.062892][T15480] ? __x64_sys_futex+0x1e0/0x4c0 [ 698.062942][T15480] do_syscall_64+0xcd/0x4c0 [ 698.062972][T15480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 698.062998][T15480] RIP: 0033:0x7f3a0f98eec9 [ 698.063021][T15480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 698.063046][T15480] RSP: 002b:00007f3a0dbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 698.063071][T15480] RAX: ffffffffffffffda RBX: 00007f3a0fbe5fa0 RCX: 00007f3a0f98eec9 [ 698.063088][T15480] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 698.063103][T15480] RBP: 00007f3a0fa11f91 R08: 0000000100000000 R09: 0000000000000000 [ 698.063119][T15480] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 698.063143][T15480] R13: 00007f3a0fbe6038 R14: 00007f3a0fbe5fa0 R15: 00007ffcb7c92338 [ 698.063175][T15480] [ 698.344012][ C1] vkms_vblank_simulate: vblank timer overrun [ 698.882433][T15490] netlink: 'syz.2.2081': attribute type 33 has an invalid length. [ 698.890991][T15490] netlink: 322 bytes leftover after parsing attributes in process `syz.2.2081'. [ 698.969114][T15492] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2083'. [ 699.703800][T15503] FAULT_INJECTION: forcing a failure. [ 699.703800][T15503] name failslab, interval 1, probability 0, space 0, times 0 [ 699.809309][T15503] CPU: 1 UID: 0 PID: 15503 Comm: syz.0.2082 Not tainted syzkaller #0 PREEMPT(full) [ 699.809343][T15503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 699.809358][T15503] Call Trace: [ 699.809366][T15503] [ 699.809377][T15503] dump_stack_lvl+0x16c/0x1f0 [ 699.809410][T15503] should_fail_ex+0x512/0x640 [ 699.809440][T15503] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 699.809483][T15503] should_failslab+0xc2/0x120 [ 699.809518][T15503] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 699.809548][T15503] ? __proc_create+0xc3/0x8e0 [ 699.809584][T15503] ? __proc_create+0x2ce/0x8e0 [ 699.809626][T15503] __proc_create+0x2ce/0x8e0 [ 699.809662][T15503] ? __pfx___proc_create+0x10/0x10 [ 699.809708][T15503] proc_mkdir+0x81/0x170 [ 699.809729][T15503] ? __pfx_proc_mkdir+0x10/0x10 [ 699.809751][T15503] ? cache_register_net+0x137/0x5e0 [ 699.809785][T15503] cache_register_net+0x18f/0x5e0 [ 699.809816][T15503] nfsd_export_init+0x16e/0x250 [ 699.809851][T15503] ? __pfx_nfsd_net_init+0x10/0x10 [ 699.809880][T15503] nfsd_net_init+0x33/0x3d0 [ 699.809912][T15503] ? __pfx_nfsd_net_init+0x10/0x10 [ 699.809939][T15503] ops_init+0x1e2/0x5f0 [ 699.809974][T15503] setup_net+0x100/0x390 [ 699.810021][T15503] ? __pfx_setup_net+0x10/0x10 [ 699.810048][T15503] ? debug_mutex_init+0x37/0x70 [ 699.810074][T15503] copy_net_ns+0x2f8/0x690 [ 699.810104][T15503] create_new_namespaces+0x3ea/0xa90 [ 699.810133][T15503] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 699.810158][T15503] ksys_unshare+0x45b/0xa40 [ 699.810183][T15503] ? native_tss_update_io_bitmap+0x3e1/0x770 [ 699.810204][T15503] ? __pfx_ksys_unshare+0x10/0x10 [ 699.810233][T15503] ? xfd_validate_state+0x61/0x180 [ 699.810270][T15503] __x64_sys_unshare+0x31/0x40 [ 699.810296][T15503] do_syscall_64+0xcd/0x4c0 [ 699.810320][T15503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.810341][T15503] RIP: 0033:0x7f2542d8eec9 [ 699.810360][T15503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 699.810379][T15503] RSP: 002b:00007f2543c87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 699.810399][T15503] RAX: ffffffffffffffda RBX: 00007f2542fe5fa0 RCX: 00007f2542d8eec9 [ 699.810413][T15503] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 699.810425][T15503] RBP: 00007f2542e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 699.810439][T15503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 699.810457][T15503] R13: 00007f2542fe6038 R14: 00007f2542fe5fa0 R15: 00007ffcf86238d8 [ 699.810485][T15503] [ 700.071588][ C1] vkms_vblank_simulate: vblank timer overrun [ 701.032121][T15516] FAULT_INJECTION: forcing a failure. [ 701.032121][T15516] name failslab, interval 1, probability 0, space 0, times 0 [ 701.100203][T15516] CPU: 0 UID: 0 PID: 15516 Comm: syz.0.2090 Not tainted syzkaller #0 PREEMPT(full) [ 701.100226][T15516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 701.100235][T15516] Call Trace: [ 701.100241][T15516] [ 701.100248][T15516] dump_stack_lvl+0x16c/0x1f0 [ 701.100269][T15516] should_fail_ex+0x512/0x640 [ 701.100294][T15516] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 701.100314][T15516] should_failslab+0xc2/0x120 [ 701.100335][T15516] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 701.100353][T15516] ? mas_alloc_nodes+0x18b/0x8b0 [ 701.100370][T15516] mas_alloc_nodes+0x18b/0x8b0 [ 701.100388][T15516] mas_node_count_gfp+0x105/0x130 [ 701.100403][T15516] mas_preallocate+0x7e0/0xde0 [ 701.100420][T15516] ? __memcg_slab_post_alloc_hook+0x492/0x960 [ 701.100444][T15516] ? __pfx_mas_preallocate+0x10/0x10 [ 701.100467][T15516] ? anon_vma_name+0x81/0x2f0 [ 701.100490][T15516] __split_vma+0x34a/0x1070 [ 701.100509][T15516] ? __pfx___split_vma+0x10/0x10 [ 701.100525][T15516] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 701.100550][T15516] vms_gather_munmap_vmas+0x3b1/0x1340 [ 701.100570][T15516] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 701.100598][T15516] do_vmi_align_munmap+0x27c/0x7d0 [ 701.100618][T15516] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 701.100661][T15516] do_vmi_munmap+0x204/0x3e0 [ 701.100680][T15516] move_vma+0xb67/0x1780 [ 701.100700][T15516] ? __pfx_move_vma+0x10/0x10 [ 701.100719][T15516] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 701.100747][T15516] ? vrm_set_new_addr+0x208/0x290 [ 701.100764][T15516] mremap_to+0x1b7/0x450 [ 701.100782][T15516] do_mremap+0x13b0/0x2030 [ 701.100799][T15516] ? futex_private_hash_put+0xe0/0x300 [ 701.100822][T15516] ? __pfx_do_mremap+0x10/0x10 [ 701.100837][T15516] ? __pfx_futex_wake+0x10/0x10 [ 701.100861][T15516] ? do_writev+0x218/0x340 [ 701.100882][T15516] __do_sys_mremap+0x119/0x170 [ 701.100897][T15516] ? __pfx___do_sys_mremap+0x10/0x10 [ 701.100919][T15516] ? __x64_sys_futex+0x1e0/0x4c0 [ 701.100949][T15516] do_syscall_64+0xcd/0x4c0 [ 701.100966][T15516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.100981][T15516] RIP: 0033:0x7f2542d8eec9 [ 701.100994][T15516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 701.101008][T15516] RSP: 002b:00007f2543c87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 701.101022][T15516] RAX: ffffffffffffffda RBX: 00007f2542fe5fa0 RCX: 00007f2542d8eec9 [ 701.101033][T15516] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 701.101042][T15516] RBP: 00007f2542e11f91 R08: 0000000100000000 R09: 0000000000000000 [ 701.101051][T15516] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 701.101060][T15516] R13: 00007f2542fe6038 R14: 00007f2542fe5fa0 R15: 00007ffcf86238d8 [ 701.101080][T15516] [ 703.393576][T15541] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 705.112124][T15541] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 705.128478][T15541] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 705.218559][T15541] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 705.242516][T15541] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 705.259267][T15541] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 705.283199][T15546] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 705.990438][T15565] netlink: 'syz.5.2096': attribute type 1 has an invalid length. [ 706.113341][T15209] Bluetooth: hci0: command 0x0c1a tx timeout [ 706.451877][T15209] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 707.158197][T12773] Bluetooth: hci2: command 0x0c1a tx timeout [ 707.223137][T12773] Bluetooth: hci3: command 0x0c1a tx timeout [ 707.303194][T12773] Bluetooth: hci4: command 0x0c1a tx timeout [ 707.309290][T15209] Bluetooth: hci1: command 0x0c1a tx timeout [ 707.399606][T15605] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 707.446389][T15599] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 707.636965][T15581] FAULT_INJECTION: forcing a failure. [ 707.636965][T15581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 707.711299][T15581] CPU: 0 UID: 0 PID: 15581 Comm: syz.5.2102 Not tainted syzkaller #0 PREEMPT(full) [ 707.711333][T15581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 707.711345][T15581] Call Trace: [ 707.711350][T15581] [ 707.711357][T15581] dump_stack_lvl+0x16c/0x1f0 [ 707.711378][T15581] should_fail_ex+0x512/0x640 [ 707.711398][T15581] _copy_from_user+0x2e/0xd0 [ 707.711416][T15581] get_timespec64+0x8b/0x1b0 [ 707.711437][T15581] ? __pfx_get_timespec64+0x10/0x10 [ 707.711457][T15581] ? common_nsleep+0xa1/0xd0 [ 707.711476][T15581] __x64_sys_clock_nanosleep+0x1ce/0x4a0 [ 707.711493][T15581] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 707.711522][T15581] do_syscall_64+0xcd/0x4c0 [ 707.711540][T15581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 707.711555][T15581] RIP: 0033:0x7fa80b7c1785 [ 707.711568][T15581] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 707.711582][T15581] RSP: 002b:00007ffdd59656b0 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 707.711596][T15581] RAX: ffffffffffffffda RBX: 00007fa80b9e5fa0 RCX: 00007fa80b7c1785 [ 707.711609][T15581] RDX: 00007ffdd59656f0 RSI: 0000000000000000 RDI: 0000000000000000 [ 707.711622][T15581] RBP: 00007fa80b9e7da0 R08: 0000000000000000 R09: 00007fa80c5b8000 [ 707.711635][T15581] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000acca1 [ 707.711644][T15581] R13: 00007fa80b9e6270 R14: ffffffffffffffff R15: 00007ffdd5965830 [ 707.711662][T15581] [ 708.878583][T15605] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 708.948118][T15605] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 708.984445][T15605] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 708.996264][T15605] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 709.119761][T15605] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 709.138823][T15605] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 709.157113][T15610] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 709.368948][T15636] FAULT_INJECTION: forcing a failure. [ 709.368948][T15636] name failslab, interval 1, probability 0, space 0, times 0 [ 709.541692][T15636] CPU: 1 UID: 0 PID: 15636 Comm: syz.5.2110 Not tainted syzkaller #0 PREEMPT(full) [ 709.541719][T15636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 709.541728][T15636] Call Trace: [ 709.541734][T15636] [ 709.541739][T15636] dump_stack_lvl+0x16c/0x1f0 [ 709.541767][T15636] should_fail_ex+0x512/0x640 [ 709.541783][T15636] ? fs_reclaim_acquire+0xae/0x150 [ 709.541806][T15636] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 709.541828][T15636] should_failslab+0xc2/0x120 [ 709.541858][T15636] __kmalloc_noprof+0xd2/0x510 [ 709.541893][T15636] tomoyo_realpath_from_path+0xc2/0x6e0 [ 709.541929][T15636] ? tomoyo_profile+0x47/0x60 [ 709.541957][T15636] tomoyo_path_number_perm+0x245/0x580 [ 709.541986][T15636] ? tomoyo_path_number_perm+0x237/0x580 [ 709.542021][T15636] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 709.542050][T15636] ? futex_wake+0x1ad/0x530 [ 709.542119][T15636] ? __pfx___might_resched+0x10/0x10 [ 709.542144][T15636] ? hook_file_ioctl_common+0x145/0x410 [ 709.542179][T15636] ? __x64_sys_futex+0x1e0/0x4c0 [ 709.542208][T15636] ? __x64_sys_futex+0x1e9/0x4c0 [ 709.542239][T15636] ? __x64_sys_openat+0x174/0x210 [ 709.542270][T15636] security_file_ioctl+0x9b/0x240 [ 709.542304][T15636] __x64_sys_ioctl+0xb7/0x210 [ 709.542344][T15636] do_syscall_64+0xcd/0x4c0 [ 709.542372][T15636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.542397][T15636] RIP: 0033:0x7fa80b78eec9 [ 709.542417][T15636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 709.542440][T15636] RSP: 002b:00007fa80c5b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 709.542462][T15636] RAX: ffffffffffffffda RBX: 00007fa80b9e5fa0 RCX: 00007fa80b78eec9 [ 709.542478][T15636] RDX: 0000000000000006 RSI: 00000000000007a0 RDI: 0000000000000006 [ 709.542491][T15636] RBP: 00007fa80b811f91 R08: 0000000000000000 R09: 0000000000000000 [ 709.542504][T15636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 709.542517][T15636] R13: 00007fa80b9e6038 R14: 00007fa80b9e5fa0 R15: 00007ffdd59655b8 [ 709.542547][T15636] [ 709.542557][T15636] ERROR: Out of memory at tomoyo_realpath_from_path. [ 709.875388][T15640] serio: Serial port pty6 [ 710.025626][T15209] Bluetooth: hci0: command 0x0c1a tx timeout [ 710.803236][T15673] can0: slcan on pty66. [ 710.986367][T15209] Bluetooth: hci2: command 0x0c1a tx timeout [ 711.019795][T15686] FAULT_INJECTION: forcing a failure. [ 711.019795][T15686] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 711.068415][T15209] Bluetooth: hci3: command 0x0c1a tx timeout [ 711.143225][T15686] CPU: 1 UID: 0 PID: 15686 Comm: syz.1.2122 Not tainted syzkaller #0 PREEMPT(full) [ 711.143246][T15686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 711.143256][T15686] Call Trace: [ 711.143261][T15686] [ 711.143267][T15686] dump_stack_lvl+0x16c/0x1f0 [ 711.143289][T15686] should_fail_ex+0x512/0x640 [ 711.143309][T15686] _copy_to_user+0x32/0xd0 [ 711.143329][T15686] simple_read_from_buffer+0xcb/0x170 [ 711.143346][T15686] proc_fail_nth_read+0x197/0x240 [ 711.143364][T15686] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 711.143382][T15686] ? rw_verify_area+0xcf/0x6c0 [ 711.143397][T15686] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 711.143414][T15686] vfs_read+0x1e1/0xcf0 [ 711.143433][T15686] ? __pfx___mutex_lock+0x10/0x10 [ 711.143449][T15686] ? __pfx_vfs_read+0x10/0x10 [ 711.143471][T15686] ? __fget_files+0x20e/0x3c0 [ 711.143492][T15686] ksys_read+0x12a/0x250 [ 711.143509][T15686] ? __pfx_ksys_read+0x10/0x10 [ 711.143531][T15686] do_syscall_64+0xcd/0x4c0 [ 711.143549][T15686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.143564][T15686] RIP: 0033:0x7fcaf018d8dc [ 711.143576][T15686] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 711.143591][T15686] RSP: 002b:00007fcaf10be030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 711.143605][T15686] RAX: ffffffffffffffda RBX: 00007fcaf03e5fa0 RCX: 00007fcaf018d8dc [ 711.143615][T15686] RDX: 000000000000000f RSI: 00007fcaf10be0a0 RDI: 0000000000000004 [ 711.143624][T15686] RBP: 00007fcaf10be090 R08: 0000000000000000 R09: 0000000000000000 [ 711.143632][T15686] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000002 [ 711.143654][T15686] R13: 00007fcaf03e6038 R14: 00007fcaf03e5fa0 R15: 00007ffc7a330098 [ 711.143673][T15686] [ 711.145182][T15209] Bluetooth: hci4: command 0x0c1a tx timeout [ 711.335234][T12773] Bluetooth: hci1: command 0x0c1a tx timeout [ 711.861497][T15683] can0 (unregistered): slcan off pty66. [ 712.584358][T15710] Setting dangerous option i915.mitigations - tainting kernel [ 713.148064][T15209] Bluetooth: hci3: command 0x0c1a tx timeout [ 713.229570][T15724] openvswitch: netlink: Message has 78 unknown bytes. [ 713.453024][T15725] __vm_enough_memory: pid: 15725, comm: syz.0.2131, bytes: 4398046511104 not enough memory for the allocation [ 714.806664][T15742] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2134'. [ 715.558876][T15754] FAULT_INJECTION: forcing a failure. [ 715.558876][T15754] name failslab, interval 1, probability 0, space 0, times 0 [ 715.643234][T15754] CPU: 1 UID: 0 PID: 15754 Comm: syz.1.2138 Tainted: G U syzkaller #0 PREEMPT(full) [ 715.643274][T15754] Tainted: [U]=USER [ 715.643282][T15754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 715.643295][T15754] Call Trace: [ 715.643303][T15754] [ 715.643313][T15754] dump_stack_lvl+0x16c/0x1f0 [ 715.643346][T15754] should_fail_ex+0x512/0x640 [ 715.643372][T15754] ? __kmalloc_noprof+0xbf/0x510 [ 715.643403][T15754] ? lsm_blob_alloc+0x68/0x90 [ 715.643426][T15754] should_failslab+0xc2/0x120 [ 715.643458][T15754] __kmalloc_noprof+0xd2/0x510 [ 715.643495][T15754] lsm_blob_alloc+0x68/0x90 [ 715.643521][T15754] security_prepare_creds+0x30/0x270 [ 715.643560][T15754] prepare_creds+0x56f/0x7d0 [ 715.643598][T15754] copy_creds+0xa7/0xa50 [ 715.643638][T15754] copy_process+0xff6/0x7690 [ 715.643687][T15754] ? __pfx_copy_process+0x10/0x10 [ 715.643727][T15754] ? _copy_from_user+0x59/0xd0 [ 715.643762][T15754] kernel_clone+0xfc/0x930 [ 715.643790][T15754] ? get_pid_task+0xfc/0x250 [ 715.643823][T15754] ? __pfx_kernel_clone+0x10/0x10 [ 715.643873][T15754] __do_sys_clone3+0x212/0x290 [ 715.643904][T15754] ? __pfx___do_sys_clone3+0x10/0x10 [ 715.643952][T15754] ? __fget_files+0x20e/0x3c0 [ 715.644005][T15754] do_syscall_64+0xcd/0x4c0 [ 715.644035][T15754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.644060][T15754] RIP: 0033:0x7fcaf018eec9 [ 715.644080][T15754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 715.644109][T15754] RSP: 002b:00007fcaf10bdf08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 715.644132][T15754] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fcaf018eec9 [ 715.644148][T15754] RDX: 00007fcaf10bdf20 RSI: 0000000000000058 RDI: 00007fcaf10bdf20 [ 715.644164][T15754] RBP: 00007fcaf10be090 R08: 0000000000000000 R09: 0000000000000058 [ 715.644180][T15754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 715.644194][T15754] R13: 00007fcaf03e6038 R14: 00007fcaf03e5fa0 R15: 00007ffc7a330098 [ 715.644228][T15754] [ 716.212180][T15767] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 717.524103][T15767] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 717.531014][T15767] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 717.538067][T15767] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 717.544780][T15767] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 717.551784][T15767] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 717.578495][T15774] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 718.348842][T12773] Bluetooth: hci0: command 0x0c1a tx timeout [ 718.460223][T15809] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2146'. [ 719.179020][T15809] –õ\­: renamed from lo (while UP) [ 719.401117][T15815] FAULT_INJECTION: forcing a failure. [ 719.401117][T15815] name failslab, interval 1, probability 0, space 0, times 0 [ 719.414431][T15815] CPU: 0 UID: 0 PID: 15815 Comm: syz.2.2150 Tainted: G U syzkaller #0 PREEMPT(full) [ 719.414465][T15815] Tainted: [U]=USER [ 719.414470][T15815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 719.414479][T15815] Call Trace: [ 719.414485][T15815] [ 719.414492][T15815] dump_stack_lvl+0x16c/0x1f0 [ 719.414513][T15815] should_fail_ex+0x512/0x640 [ 719.414531][T15815] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 719.414551][T15815] should_failslab+0xc2/0x120 [ 719.414571][T15815] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 719.414589][T15815] ? vm_area_dup+0x27/0x8d0 [ 719.414608][T15815] vm_area_dup+0x27/0x8d0 [ 719.414624][T15815] __split_vma+0x18e/0x1070 [ 719.414643][T15815] ? __pfx___split_vma+0x10/0x10 [ 719.414658][T15815] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 719.414684][T15815] vms_gather_munmap_vmas+0x3b1/0x1340 [ 719.414704][T15815] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 719.414732][T15815] do_vmi_align_munmap+0x27c/0x7d0 [ 719.414751][T15815] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 719.414794][T15815] do_vmi_munmap+0x204/0x3e0 [ 719.414821][T15815] move_vma+0xb67/0x1780 [ 719.414842][T15815] ? __pfx_move_vma+0x10/0x10 [ 719.414862][T15815] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 719.414891][T15815] ? vrm_set_new_addr+0x208/0x290 [ 719.414908][T15815] mremap_to+0x1b7/0x450 [ 719.414926][T15815] do_mremap+0x13b0/0x2030 [ 719.414944][T15815] ? futex_private_hash_put+0xe0/0x300 [ 719.414967][T15815] ? __pfx_do_mremap+0x10/0x10 [ 719.414987][T15815] ? do_writev+0x218/0x340 [ 719.415008][T15815] __do_sys_mremap+0x119/0x170 [ 719.415024][T15815] ? __pfx___do_sys_mremap+0x10/0x10 [ 719.415046][T15815] ? __x64_sys_futex+0x1e0/0x4c0 [ 719.415076][T15815] do_syscall_64+0xcd/0x4c0 [ 719.415093][T15815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.415108][T15815] RIP: 0033:0x7f3a0f98eec9 [ 719.415120][T15815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 719.415134][T15815] RSP: 002b:00007f3a0dbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 719.415149][T15815] RAX: ffffffffffffffda RBX: 00007f3a0fbe5fa0 RCX: 00007f3a0f98eec9 [ 719.415158][T15815] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 719.415167][T15815] RBP: 00007f3a0fa11f91 R08: 0000000100000000 R09: 0000000000000000 [ 719.415176][T15815] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 719.415184][T15815] R13: 00007f3a0fbe6038 R14: 00007f3a0fbe5fa0 R15: 00007ffcb7c92338 [ 719.415203][T15815] [ 719.963108][T12773] Bluetooth: hci3: command 0x0c1a tx timeout [ 719.969850][T15209] Bluetooth: hci2: command 0x0c1a tx timeout [ 719.976232][T15209] Bluetooth: hci4: command 0x0c1a tx timeout [ 719.982628][T12773] Bluetooth: hci1: command 0x0c1a tx timeout [ 720.825755][T15836] vcan0: tx drop: invalid da for name 0x000000000000ee00 [ 721.046076][T15841] sd 0:0:1:0: PR command failed: 1026 [ 721.132803][T15841] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 721.270794][T15841] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 723.534808][T15890] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 724.466949][T15906] random: crng reseeded on system resumption [ 724.778277][T15887] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 726.096730][T15931] nbd0: detected capacity change from 0 to 98304 [ 726.148022][ T6460] block nbd0: Send control failed (result -22) [ 726.182742][ T6460] block nbd0: Request send failed, requeueing [ 726.255837][ T51] block nbd0: Receive control failed (result -32) [ 726.293708][T14265] block nbd0: Dead connection, failed to find a fallback [ 726.301725][T14265] block nbd0: shutting down sockets [ 726.309594][T14265] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 726.319141][T14265] Buffer I/O error on dev nbd0, logical block 0, async page read [ 726.328504][ T6460] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 726.342776][ T6460] Buffer I/O error on dev nbd0, logical block 0, async page read [ 726.351543][ T6460] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 726.360893][ T6460] Buffer I/O error on dev nbd0, logical block 0, async page read [ 726.370566][ T6460] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 726.379866][ T6460] Buffer I/O error on dev nbd0, logical block 0, async page read [ 726.387918][ T6460] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 726.397060][ T6460] Buffer I/O error on dev nbd0, logical block 0, async page read [ 726.406225][ T6460] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 726.458173][ T6460] Buffer I/O error on dev nbd0, logical block 0, async page read [ 726.506050][ T6460] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 726.832306][ T6460] Buffer I/O error on dev nbd0, logical block 0, async page read [ 726.840625][ T6460] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 726.850017][ T6460] Buffer I/O error on dev nbd0, logical block 0, async page read [ 726.858433][ T6460] ldm_validate_partition_table(): Disk read failed. [ 726.867320][ T6460] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 726.887328][ T6460] Buffer I/O error on dev nbd0, logical block 0, async page read [ 726.935731][ T6460] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 727.056332][ T6460] Buffer I/O error on dev nbd0, logical block 0, async page read [ 727.066821][T15941] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 727.130227][ T6460] Dev nbd0: unable to read RDB block 0 [ 727.205638][ T6460] nbd0: unable to read partition table [ 727.323823][ T6460] ldm_validate_partition_table(): Disk read failed. [ 727.404258][ T6460] Dev nbd0: unable to read RDB block 0 [ 727.443875][ T6460] nbd0: unable to read partition table [ 727.968216][T15941] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 727.987328][T15941] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 727.993741][T15941] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 728.000111][T15941] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 728.006533][T15941] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 728.014054][T15953] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 728.307410][T15961] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2181'. [ 728.493593][T15964] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2181'. [ 729.714571][T12773] Bluetooth: hci0: command 0x0c1a tx timeout [ 730.034545][T12773] Bluetooth: hci3: command 0x0c1a tx timeout [ 730.040603][T15209] Bluetooth: hci4: command 0x0c1a tx timeout [ 730.046982][T12017] Bluetooth: hci1: command 0x0c1a tx timeout [ 730.053502][T12017] Bluetooth: hci2: command 0x0c1a tx timeout [ 730.251562][T15990] usbip-vudc usbip-vudc.0: gadget not bound [ 731.898051][T16005] FAULT_INJECTION: forcing a failure. [ 731.898051][T16005] name failslab, interval 1, probability 0, space 0, times 0 [ 731.945765][T16005] CPU: 0 UID: 0 PID: 16005 Comm: syz.2.2191 Tainted: G U syzkaller #0 PREEMPT(full) [ 731.945810][T16005] Tainted: [U]=USER [ 731.945819][T16005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 731.945836][T16005] Call Trace: [ 731.945846][T16005] [ 731.945857][T16005] dump_stack_lvl+0x16c/0x1f0 [ 731.945892][T16005] should_fail_ex+0x512/0x640 [ 731.945921][T16005] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 731.945953][T16005] should_failslab+0xc2/0x120 [ 731.945996][T16005] __kmalloc_cache_noprof+0x6a/0x3e0 [ 731.946026][T16005] ? alloc_fs_context+0x57/0x9c0 [ 731.946065][T16005] alloc_fs_context+0x57/0x9c0 [ 731.946105][T16005] mq_init_ns+0x172/0x620 [ 731.946140][T16005] copy_ipcs+0x2d6/0x550 [ 731.946175][T16005] create_new_namespaces+0x20a/0xa90 [ 731.946204][T16005] ? security_capable+0x7e/0x260 [ 731.946237][T16005] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 731.946270][T16005] ksys_unshare+0x45b/0xa40 [ 731.946303][T16005] ? __pfx_ksys_unshare+0x10/0x10 [ 731.946337][T16005] ? xfd_validate_state+0x61/0x180 [ 731.946384][T16005] __x64_sys_unshare+0x31/0x40 [ 731.946416][T16005] do_syscall_64+0xcd/0x4c0 [ 731.946448][T16005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.946474][T16005] RIP: 0033:0x7f3a0f98eec9 [ 731.946496][T16005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 731.946521][T16005] RSP: 002b:00007f3a0dbd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 731.946547][T16005] RAX: ffffffffffffffda RBX: 00007f3a0fbe6090 RCX: 00007f3a0f98eec9 [ 731.946565][T16005] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000000 [ 731.946581][T16005] RBP: 00007f3a0fa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 731.946597][T16005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 731.946613][T16005] R13: 00007f3a0fbe6128 R14: 00007f3a0fbe6090 R15: 00007ffcb7c92338 [ 731.946649][T16005] [ 733.237498][T16018] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2193'. [ 733.533158][T16027] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2197'. [ 733.801240][T16036] serio: Serial port pty6 [ 734.125976][T16039] FAULT_INJECTION: forcing a failure. [ 734.125976][T16039] name failslab, interval 1, probability 0, space 0, times 0 [ 734.281225][T16039] CPU: 1 UID: 0 PID: 16039 Comm: syz.2.2198 Tainted: G U syzkaller #0 PREEMPT(full) [ 734.281252][T16039] Tainted: [U]=USER [ 734.281257][T16039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 734.281266][T16039] Call Trace: [ 734.281272][T16039] [ 734.281279][T16039] dump_stack_lvl+0x16c/0x1f0 [ 734.281299][T16039] should_fail_ex+0x512/0x640 [ 734.281316][T16039] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 734.281337][T16039] should_failslab+0xc2/0x120 [ 734.281356][T16039] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 734.281374][T16039] ? vm_area_dup+0x27/0x8d0 [ 734.281393][T16039] vm_area_dup+0x27/0x8d0 [ 734.281409][T16039] __split_vma+0x18e/0x1070 [ 734.281428][T16039] ? __pfx___split_vma+0x10/0x10 [ 734.281443][T16039] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 734.281469][T16039] vms_gather_munmap_vmas+0x3b1/0x1340 [ 734.281489][T16039] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 734.281517][T16039] do_vmi_align_munmap+0x27c/0x7d0 [ 734.281536][T16039] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 734.281579][T16039] do_vmi_munmap+0x204/0x3e0 [ 734.281597][T16039] move_vma+0xb67/0x1780 [ 734.281617][T16039] ? __pfx_move_vma+0x10/0x10 [ 734.281636][T16039] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 734.281663][T16039] ? vrm_set_new_addr+0x208/0x290 [ 734.281681][T16039] mremap_to+0x1b7/0x450 [ 734.281698][T16039] do_mremap+0x13b0/0x2030 [ 734.281716][T16039] ? futex_private_hash_put+0xe0/0x300 [ 734.281738][T16039] ? __pfx_do_mremap+0x10/0x10 [ 734.281758][T16039] ? do_writev+0x218/0x340 [ 734.281779][T16039] __do_sys_mremap+0x119/0x170 [ 734.281795][T16039] ? __pfx___do_sys_mremap+0x10/0x10 [ 734.281824][T16039] ? __x64_sys_futex+0x1e0/0x4c0 [ 734.281855][T16039] do_syscall_64+0xcd/0x4c0 [ 734.281873][T16039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 734.281888][T16039] RIP: 0033:0x7f3a0f98eec9 [ 734.281901][T16039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 734.281915][T16039] RSP: 002b:00007f3a0dbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 734.281929][T16039] RAX: ffffffffffffffda RBX: 00007f3a0fbe5fa0 RCX: 00007f3a0f98eec9 [ 734.281938][T16039] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 734.281947][T16039] RBP: 00007f3a0fa11f91 R08: 0000000100000000 R09: 0000000000000000 [ 734.281956][T16039] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 734.281965][T16039] R13: 00007f3a0fbe6038 R14: 00007f3a0fbe5fa0 R15: 00007ffcb7c92338 [ 734.281985][T16039] [ 735.261489][T16050] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2203'. [ 735.389165][T16052] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 736.697908][T16052] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 736.728311][T16052] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 736.734471][T16052] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 736.742421][T16052] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 736.748820][T16052] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 736.793520][T16067] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 737.489171][T12017] Bluetooth: hci0: command 0x0c1a tx timeout [ 737.673070][T16100] sd 0:0:1:0: PR command failed: 1026 [ 737.678567][T16100] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 737.685247][T16100] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 738.769120][T12017] Bluetooth: hci3: command 0x0c1a tx timeout [ 738.775160][T12773] Bluetooth: hci2: command 0x0c1a tx timeout [ 738.849327][T12773] Bluetooth: hci1: command 0x0c1a tx timeout [ 738.858025][T12017] Bluetooth: hci4: command 0x0c1a tx timeout [ 740.870188][T16136] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2219'. [ 741.870457][T16148] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2221'. [ 742.441457][T16156] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2224'. [ 742.958867][T16154] netlink: 'syz.5.2223': attribute type 19 has an invalid length. [ 742.981140][T16154] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2223'. [ 744.422807][T16184] FAULT_INJECTION: forcing a failure. [ 744.422807][T16184] name failslab, interval 1, probability 0, space 0, times 0 [ 744.487846][T16184] CPU: 1 UID: 0 PID: 16184 Comm: syz.0.2231 Tainted: G U syzkaller #0 PREEMPT(full) [ 744.487890][T16184] Tainted: [U]=USER [ 744.487899][T16184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 744.487915][T16184] Call Trace: [ 744.487925][T16184] [ 744.487936][T16184] dump_stack_lvl+0x16c/0x1f0 [ 744.487970][T16184] should_fail_ex+0x512/0x640 [ 744.487999][T16184] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 744.488036][T16184] should_failslab+0xc2/0x120 [ 744.488071][T16184] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 744.488103][T16184] ? vm_area_dup+0x27/0x8d0 [ 744.488135][T16184] vm_area_dup+0x27/0x8d0 [ 744.488164][T16184] __split_vma+0x18e/0x1070 [ 744.488198][T16184] ? __pfx___split_vma+0x10/0x10 [ 744.488224][T16184] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 744.488273][T16184] vms_gather_munmap_vmas+0x3b1/0x1340 [ 744.488309][T16184] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 744.488368][T16184] do_vmi_align_munmap+0x27c/0x7d0 [ 744.488406][T16184] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 744.488489][T16184] do_vmi_munmap+0x204/0x3e0 [ 744.488526][T16184] move_vma+0xb67/0x1780 [ 744.488562][T16184] ? __pfx_move_vma+0x10/0x10 [ 744.488597][T16184] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 744.488647][T16184] ? vrm_set_new_addr+0x208/0x290 [ 744.488679][T16184] mremap_to+0x1b7/0x450 [ 744.488710][T16184] do_mremap+0x13b0/0x2030 [ 744.488741][T16184] ? futex_private_hash_put+0xe0/0x300 [ 744.488782][T16184] ? __pfx_do_mremap+0x10/0x10 [ 744.488819][T16184] ? do_writev+0x218/0x340 [ 744.488857][T16184] __do_sys_mremap+0x119/0x170 [ 744.488886][T16184] ? __pfx___do_sys_mremap+0x10/0x10 [ 744.488926][T16184] ? __x64_sys_futex+0x1e0/0x4c0 [ 744.488981][T16184] do_syscall_64+0xcd/0x4c0 [ 744.489012][T16184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 744.489039][T16184] RIP: 0033:0x7f2542d8eec9 [ 744.489061][T16184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 744.489087][T16184] RSP: 002b:00007f2543c87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 744.489112][T16184] RAX: ffffffffffffffda RBX: 00007f2542fe5fa0 RCX: 00007f2542d8eec9 [ 744.489130][T16184] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 744.489147][T16184] RBP: 00007f2542e11f91 R08: 0000000100000000 R09: 0000000000000000 [ 744.489163][T16184] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 744.489179][T16184] R13: 00007f2542fe6038 R14: 00007f2542fe5fa0 R15: 00007ffcf86238d8 [ 744.489216][T16184] [ 745.135757][T16191] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 746.029963][T16199] ICMPv6: process `syz.2.2234' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 746.301485][T16195] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 746.309032][T16195] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 746.315772][T16195] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 746.322239][T16195] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 746.563046][T16195] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 746.724751][T16200] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 747.080942][T16231] FAULT_INJECTION: forcing a failure. [ 747.080942][T16231] name failslab, interval 1, probability 0, space 0, times 0 [ 747.113917][T16231] CPU: 1 UID: 0 PID: 16231 Comm: syz.2.2241 Tainted: G U syzkaller #0 PREEMPT(full) [ 747.113960][T16231] Tainted: [U]=USER [ 747.113969][T16231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 747.113983][T16231] Call Trace: [ 747.113993][T16231] [ 747.114003][T16231] dump_stack_lvl+0x16c/0x1f0 [ 747.114038][T16231] should_fail_ex+0x512/0x640 [ 747.114073][T16231] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 747.114109][T16231] should_failslab+0xc2/0x120 [ 747.114144][T16231] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 747.114176][T16231] ? vm_area_dup+0x27/0x8d0 [ 747.114209][T16231] vm_area_dup+0x27/0x8d0 [ 747.114245][T16231] __split_vma+0x18e/0x1070 [ 747.114281][T16231] ? __pfx___split_vma+0x10/0x10 [ 747.114309][T16231] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 747.114351][T16231] vms_gather_munmap_vmas+0x3b1/0x1340 [ 747.114377][T16231] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 747.114426][T16231] do_vmi_align_munmap+0x27c/0x7d0 [ 747.114460][T16231] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 747.114537][T16231] do_vmi_munmap+0x204/0x3e0 [ 747.114570][T16231] move_vma+0xb67/0x1780 [ 747.114603][T16231] ? __pfx_move_vma+0x10/0x10 [ 747.114634][T16231] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 747.114677][T16231] ? vrm_set_new_addr+0x208/0x290 [ 747.114709][T16231] mremap_to+0x1b7/0x450 [ 747.114739][T16231] do_mremap+0x13b0/0x2030 [ 747.114770][T16231] ? futex_private_hash_put+0xe0/0x300 [ 747.114810][T16231] ? __pfx_do_mremap+0x10/0x10 [ 747.114846][T16231] ? do_writev+0x218/0x340 [ 747.114883][T16231] __do_sys_mremap+0x119/0x170 [ 747.114913][T16231] ? __pfx___do_sys_mremap+0x10/0x10 [ 747.114953][T16231] ? __x64_sys_futex+0x1e0/0x4c0 [ 747.115007][T16231] do_syscall_64+0xcd/0x4c0 [ 747.115039][T16231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.115065][T16231] RIP: 0033:0x7f3a0f98eec9 [ 747.115087][T16231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 747.115112][T16231] RSP: 002b:00007f3a0dbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 747.115138][T16231] RAX: ffffffffffffffda RBX: 00007f3a0fbe5fa0 RCX: 00007f3a0f98eec9 [ 747.115155][T16231] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 747.115171][T16231] RBP: 00007f3a0fa11f91 R08: 0000000100000000 R09: 0000000000000000 [ 747.115187][T16231] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 747.115203][T16231] R13: 00007f3a0fbe6038 R14: 00007f3a0fbe5fa0 R15: 00007ffcb7c92338 [ 747.115246][T16231] [ 747.378013][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.384555][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.647322][T12017] Bluetooth: hci0: command 0x0c1a tx timeout [ 748.366539][T12017] Bluetooth: hci1: command 0x0c1a tx timeout [ 748.372556][T12773] Bluetooth: hci3: command 0x0c1a tx timeout [ 748.378611][T15209] Bluetooth: hci2: command 0x0c1a tx timeout [ 748.468733][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805fb9b000: rx timeout, send abort [ 748.479964][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805fb9b000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 748.624907][T12773] Bluetooth: hci4: command 0x0c1a tx timeout [ 750.466253][T16269] FAULT_INJECTION: forcing a failure. [ 750.466253][T16269] name failslab, interval 1, probability 0, space 0, times 0 [ 750.548115][T16269] CPU: 1 UID: 0 PID: 16269 Comm: syz.5.2251 Tainted: G U syzkaller #0 PREEMPT(full) [ 750.548159][T16269] Tainted: [U]=USER [ 750.548167][T16269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 750.548183][T16269] Call Trace: [ 750.548191][T16269] [ 750.548203][T16269] dump_stack_lvl+0x16c/0x1f0 [ 750.548234][T16269] should_fail_ex+0x512/0x640 [ 750.548262][T16269] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 750.548296][T16269] should_failslab+0xc2/0x120 [ 750.548327][T16269] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 750.548369][T16269] ? vm_area_dup+0x27/0x8d0 [ 750.548403][T16269] vm_area_dup+0x27/0x8d0 [ 750.548434][T16269] __split_vma+0x18e/0x1070 [ 750.548469][T16269] ? __pfx___split_vma+0x10/0x10 [ 750.548496][T16269] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 750.548545][T16269] vms_gather_munmap_vmas+0x3b1/0x1340 [ 750.548579][T16269] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 750.548627][T16269] do_vmi_align_munmap+0x27c/0x7d0 [ 750.548663][T16269] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 750.548749][T16269] do_vmi_munmap+0x204/0x3e0 [ 750.548784][T16269] move_vma+0xb67/0x1780 [ 750.548822][T16269] ? __pfx_move_vma+0x10/0x10 [ 750.548855][T16269] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 750.548904][T16269] ? vrm_set_new_addr+0x208/0x290 [ 750.548936][T16269] mremap_to+0x1b7/0x450 [ 750.548967][T16269] do_mremap+0x13b0/0x2030 [ 750.548998][T16269] ? futex_private_hash_put+0xe0/0x300 [ 750.549037][T16269] ? __pfx_do_mremap+0x10/0x10 [ 750.549074][T16269] ? do_writev+0x218/0x340 [ 750.549112][T16269] __do_sys_mremap+0x119/0x170 [ 750.549140][T16269] ? __pfx___do_sys_mremap+0x10/0x10 [ 750.549180][T16269] ? __x64_sys_futex+0x1e0/0x4c0 [ 750.549231][T16269] do_syscall_64+0xcd/0x4c0 [ 750.549261][T16269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.549288][T16269] RIP: 0033:0x7fa80b78eec9 [ 750.549309][T16269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 750.549334][T16269] RSP: 002b:00007fa80c5b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 750.549359][T16269] RAX: ffffffffffffffda RBX: 00007fa80b9e5fa0 RCX: 00007fa80b78eec9 [ 750.549376][T16269] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 750.549390][T16269] RBP: 00007fa80b811f91 R08: 0000000100000000 R09: 0000000000000000 [ 750.549404][T16269] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 750.549419][T16269] R13: 00007fa80b9e6038 R14: 00007fa80b9e5fa0 R15: 00007ffdd59655b8 [ 750.549453][T16269] [ 751.282277][T16278] FAULT_INJECTION: forcing a failure. [ 751.282277][T16278] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 751.325118][T16278] CPU: 0 UID: 0 PID: 16278 Comm: syz.5.2253 Tainted: G U syzkaller #0 PREEMPT(full) [ 751.325158][T16278] Tainted: [U]=USER [ 751.325166][T16278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 751.325178][T16278] Call Trace: [ 751.325186][T16278] [ 751.325196][T16278] dump_stack_lvl+0x16c/0x1f0 [ 751.325227][T16278] should_fail_ex+0x512/0x640 [ 751.325257][T16278] _copy_from_user+0x2e/0xd0 [ 751.325286][T16278] write_gssp+0x15d/0x310 [ 751.325316][T16278] ? __pfx_write_gssp+0x10/0x10 [ 751.325359][T16278] ? __pfx_write_gssp+0x10/0x10 [ 751.325386][T16278] proc_reg_write+0x23d/0x330 [ 751.325422][T16278] ? __pfx_proc_reg_write+0x10/0x10 [ 751.325454][T16278] vfs_write+0x29d/0x11d0 [ 751.325488][T16278] ? __pfx___mutex_lock+0x10/0x10 [ 751.325515][T16278] ? __pfx_vfs_write+0x10/0x10 [ 751.325550][T16278] ? __fget_files+0x20e/0x3c0 [ 751.325587][T16278] ksys_write+0x12a/0x250 [ 751.325612][T16278] ? __pfx_ksys_write+0x10/0x10 [ 751.325649][T16278] do_syscall_64+0xcd/0x4c0 [ 751.325686][T16278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.325710][T16278] RIP: 0033:0x7fa80b78eec9 [ 751.325731][T16278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 751.325753][T16278] RSP: 002b:00007fa80c5b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 751.325776][T16278] RAX: ffffffffffffffda RBX: 00007fa80b9e5fa0 RCX: 00007fa80b78eec9 [ 751.325793][T16278] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 751.325807][T16278] RBP: 00007fa80c5b7090 R08: 0000000000000000 R09: 0000000000000000 [ 751.325821][T16278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 751.325836][T16278] R13: 00007fa80b9e6038 R14: 00007fa80b9e5fa0 R15: 00007ffdd59655b8 [ 751.325870][T16278] [ 751.789682][T16284] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 751.829901][T16289] netlink: 504 bytes leftover after parsing attributes in process `syz.5.2257'. [ 752.047636][T16294] openvswitch: .^: Dropping previously announced user features [ 753.246512][T16284] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 753.356101][T16284] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 753.477362][T16284] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 753.534145][T16284] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 753.573365][T16329] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2262'. [ 753.685781][T16284] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 753.781301][T16307] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 754.129323][T12773] Bluetooth: hci0: command 0x0c1a tx timeout [ 754.151439][T16334] FAULT_INJECTION: forcing a failure. [ 754.151439][T16334] name failslab, interval 1, probability 0, space 0, times 0 [ 754.164234][T16334] CPU: 0 UID: 0 PID: 16334 Comm: syz.5.2263 Tainted: G U syzkaller #0 PREEMPT(full) [ 754.164275][T16334] Tainted: [U]=USER [ 754.164284][T16334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 754.164302][T16334] Call Trace: [ 754.164312][T16334] [ 754.164323][T16334] dump_stack_lvl+0x16c/0x1f0 [ 754.164357][T16334] should_fail_ex+0x512/0x640 [ 754.164387][T16334] ? __kmalloc_noprof+0xbf/0x510 [ 754.164420][T16334] ? alloc_pipe_info+0x1ec/0x590 [ 754.164453][T16334] should_failslab+0xc2/0x120 [ 754.164486][T16334] __kmalloc_noprof+0xd2/0x510 [ 754.164525][T16334] alloc_pipe_info+0x1ec/0x590 [ 754.164561][T16334] splice_direct_to_actor+0x77d/0xa30 [ 754.164592][T16334] ? __lock_acquire+0x62e/0x1ce0 [ 754.164622][T16334] ? __pfx_direct_splice_actor+0x10/0x10 [ 754.164653][T16334] ? __pfx_aa_file_perm+0x10/0x10 [ 754.164677][T16334] ? futex_private_hash_put+0x176/0x300 [ 754.164708][T16334] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 754.164759][T16334] do_splice_direct+0x174/0x240 [ 754.164789][T16334] ? __pfx_do_splice_direct+0x10/0x10 [ 754.164819][T16334] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 754.164850][T16334] ? bpf_lsm_file_permission+0x9/0x10 [ 754.164887][T16334] ? security_file_permission+0x71/0x210 [ 754.164924][T16334] ? rw_verify_area+0xcf/0x6c0 [ 754.164954][T16334] do_sendfile+0xb06/0xe50 [ 754.164990][T16334] ? __pfx_do_sendfile+0x10/0x10 [ 754.165025][T16334] ? __x64_sys_futex+0x1e0/0x4c0 [ 754.165055][T16334] ? __x64_sys_futex+0x1e9/0x4c0 [ 754.165091][T16334] __x64_sys_sendfile64+0x1d8/0x220 [ 754.165127][T16334] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 754.165173][T16334] do_syscall_64+0xcd/0x4c0 [ 754.165204][T16334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.165230][T16334] RIP: 0033:0x7fa80b78eec9 [ 754.165252][T16334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 754.165277][T16334] RSP: 002b:00007fa80c5b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 754.165302][T16334] RAX: ffffffffffffffda RBX: 00007fa80b9e5fa0 RCX: 00007fa80b78eec9 [ 754.165320][T16334] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 754.165336][T16334] RBP: 00007fa80b811f91 R08: 0000000000000000 R09: 0000000000000000 [ 754.165352][T16334] R10: 0000000000000200 R11: 0000000000000246 R12: 0000000000000000 [ 754.165369][T16334] R13: 00007fa80b9e6038 R14: 00007fa80b9e5fa0 R15: 00007ffdd59655b8 [ 754.165406][T16334] [ 754.985739][T16340] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 755.337182][T12773] Bluetooth: hci2: command 0x0c1a tx timeout [ 755.417685][T12773] Bluetooth: hci3: command 0x0c1a tx timeout [ 755.567231][T12773] Bluetooth: hci1: command 0x0c1a tx timeout [ 755.698188][T16359] bridge0: port 3(gretap0) entered blocking state [ 755.704690][T16359] bridge0: port 3(gretap0) entered disabled state [ 755.727784][T16359] gretap0: entered allmulticast mode [ 755.740491][T12773] Bluetooth: hci4: command 0x0c1a tx timeout [ 755.757178][T16359] gretap0: entered promiscuous mode [ 755.769200][T16359] bridge0: port 3(gretap0) entered blocking state [ 755.775772][T16359] bridge0: port 3(gretap0) entered forwarding state [ 756.280258][T16340] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 756.338765][T16340] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 756.478684][T16340] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 756.486672][T16340] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 756.510943][T16340] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 756.531221][T16355] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 756.964998][T16369] zswap: compressor not available [ 757.174911][T16376] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2272'. [ 757.242843][T16378] FAULT_INJECTION: forcing a failure. [ 757.242843][T16378] name failslab, interval 1, probability 0, space 0, times 0 [ 757.318170][T16378] CPU: 0 UID: 0 PID: 16378 Comm: syz.5.2274 Tainted: G U syzkaller #0 PREEMPT(full) [ 757.318211][T16378] Tainted: [U]=USER [ 757.318219][T16378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 757.318234][T16378] Call Trace: [ 757.318243][T16378] [ 757.318253][T16378] dump_stack_lvl+0x16c/0x1f0 [ 757.318286][T16378] should_fail_ex+0x512/0x640 [ 757.318313][T16378] ? __kvmalloc_node_noprof+0x124/0x620 [ 757.318345][T16378] should_failslab+0xc2/0x120 [ 757.318377][T16378] __kvmalloc_node_noprof+0x137/0x620 [ 757.318405][T16378] ? trace_kmalloc+0x2b/0xd0 [ 757.318436][T16378] ? __kvmalloc_node_noprof+0x211/0x620 [ 757.318460][T16378] ? io_alloc_cache_init+0x33/0x170 [ 757.318494][T16378] ? io_alloc_cache_init+0x33/0x170 [ 757.318526][T16378] io_alloc_cache_init+0x33/0x170 [ 757.318555][T16378] io_rsrc_cache_init+0x40/0x50 [ 757.318581][T16378] io_uring_setup+0x660/0x20c0 [ 757.318621][T16378] ? __pfx_io_uring_setup+0x10/0x10 [ 757.318654][T16378] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 757.318685][T16378] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 757.318716][T16378] ? __fget_files+0x20e/0x3c0 [ 757.318752][T16378] ? ksys_write+0x1ac/0x250 [ 757.318780][T16378] ? __pfx_ksys_write+0x10/0x10 [ 757.318814][T16378] __x64_sys_io_uring_setup+0xc2/0x170 [ 757.318851][T16378] do_syscall_64+0xcd/0x4c0 [ 757.318881][T16378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.318906][T16378] RIP: 0033:0x7fa80b78eec9 [ 757.318926][T16378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 757.318950][T16378] RSP: 002b:00007fa80c5b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 757.318973][T16378] RAX: ffffffffffffffda RBX: 00007fa80b9e5fa0 RCX: 00007fa80b78eec9 [ 757.318991][T16378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 757.319005][T16378] RBP: 00007fa80c5b7090 R08: 0000000000000000 R09: 0000000000000000 [ 757.319020][T16378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 757.319035][T16378] R13: 00007fa80b9e6038 R14: 00007fa80b9e5fa0 R15: 00007ffdd59655b8 [ 757.319069][T16378] [ 757.717330][T12773] Bluetooth: hci0: command 0x0c1a tx timeout [ 757.757554][T12017] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 757.767850][T12017] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 757.776709][T12017] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 757.802336][T12017] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 757.818593][T12017] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 758.017929][T16385] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2275'. [ 758.378921][T12773] Bluetooth: hci2: command 0x0c1a tx timeout [ 758.531268][T12773] Bluetooth: hci4: command 0x0c1a tx timeout [ 758.537398][T12017] Bluetooth: hci1: command 0x0c1a tx timeout [ 758.543440][T15209] Bluetooth: hci3: command 0x0c1a tx timeout [ 758.823712][T16382] chnl_net:caif_netlink_parms(): no params data found [ 758.892624][T16380] netlink: 174 bytes leftover after parsing attributes in process `syz.1.2273'. [ 758.957390][T16380] bridge0: port 3(gretap0) entered disabled state [ 759.058299][T16380] gretap0: refused to change device tx_queue_len [ 759.319522][T16399] ubi0: attaching mtd0 [ 759.373076][T16399] ubi0: scanning is finished [ 759.377708][T16399] ubi0: empty MTD device detected [ 759.723126][T16405] ALSA: mixer_oss: invalid OSS volume '' [ 759.740904][T16399] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 759.772975][T16399] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 759.800159][T16399] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 759.838688][T16399] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 759.850635][T16382] bridge0: port 1(bridge_slave_0) entered blocking state [ 759.879696][T16399] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 759.889458][T15209] Bluetooth: hci5: command tx timeout [ 759.908619][T16382] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.925492][T16399] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 759.947891][T16382] bridge_slave_0: entered allmulticast mode [ 759.991705][T16382] bridge_slave_0: entered promiscuous mode [ 759.999488][T16399] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 130942410 [ 760.011031][T16382] bridge0: port 2(bridge_slave_1) entered blocking state [ 760.018188][T16382] bridge0: port 2(bridge_slave_1) entered disabled state [ 760.060633][T16382] bridge_slave_1: entered allmulticast mode [ 760.129918][T16382] bridge_slave_1: entered promiscuous mode [ 760.135878][T16399] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 760.140071][T16400] ubi0: detaching mtd0 [ 760.148905][T16407] ubi0: background thread "ubi_bgt0d" started, PID 16407 [ 760.233764][T16400] ubi0: mtd0 is detached [ 760.459988][T16409] FAULT_INJECTION: forcing a failure. [ 760.459988][T16409] name failslab, interval 1, probability 0, space 0, times 0 [ 760.488429][T16382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 760.504958][T16411] random: crng reseeded on system resumption [ 760.513297][T16409] CPU: 1 UID: 0 PID: 16409 Comm: syz.1.2279 Tainted: G U syzkaller #0 PREEMPT(full) [ 760.513322][T16409] Tainted: [U]=USER [ 760.513327][T16409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 760.513337][T16409] Call Trace: [ 760.513343][T16409] [ 760.513349][T16409] dump_stack_lvl+0x16c/0x1f0 [ 760.513370][T16409] should_fail_ex+0x512/0x640 [ 760.513388][T16409] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 760.513409][T16409] should_failslab+0xc2/0x120 [ 760.513429][T16409] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 760.513445][T16409] ? lockdep_init_map_type+0x5c/0x280 [ 760.513465][T16409] ? fcntl_setlease+0x389/0x5a0 [ 760.513482][T16409] fcntl_setlease+0x389/0x5a0 [ 760.513497][T16409] ? __pfx_fcntl_setlease+0x10/0x10 [ 760.513516][T16409] ? do_futex+0x122/0x350 [ 760.513535][T16409] ? __pfx_do_futex+0x10/0x10 [ 760.513555][T16409] do_fcntl+0x751/0x15a0 [ 760.513575][T16409] ? __pfx_do_fcntl+0x10/0x10 [ 760.513594][T16409] ? __x64_sys_futex+0x1e0/0x4c0 [ 760.513611][T16409] ? __x64_sys_futex+0x1e9/0x4c0 [ 760.513631][T16409] ? tomoyo_file_fcntl+0x6c/0xc0 [ 760.513649][T16409] __x64_sys_fcntl+0x163/0x200 [ 760.513671][T16409] do_syscall_64+0xcd/0x4c0 [ 760.513688][T16409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 760.513703][T16409] RIP: 0033:0x7fcaf018eec9 [ 760.513716][T16409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 760.513730][T16409] RSP: 002b:00007fcaf10be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 760.513743][T16409] RAX: ffffffffffffffda RBX: 00007fcaf03e5fa0 RCX: 00007fcaf018eec9 [ 760.513753][T16409] RDX: 0000000000000001 RSI: 0000000000000400 RDI: 0000000000000001 [ 760.513762][T16409] RBP: 00007fcaf0211f91 R08: 0000000000000000 R09: 0000000000000000 [ 760.513770][T16409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 760.513780][T16409] R13: 00007fcaf03e6038 R14: 00007fcaf03e5fa0 R15: 00007ffc7a330098 [ 760.513798][T16409] [ 760.546048][T16382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 761.206597][T16382] team0: Port device team_slave_0 added [ 761.257507][T16382] team0: Port device team_slave_1 added [ 761.428584][T16423] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2283'. [ 761.537642][T16382] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 761.565910][T16382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 761.680342][T16382] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 761.720468][T16382] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 761.746562][T16382] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 761.840427][T16382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 761.990877][T15209] Bluetooth: hci5: command tx timeout [ 762.441001][T16434] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 762.460126][T16434] ptrace attach of "./syz-executor exec"[16435] was attempted by "./syz-executor exec"[16434] [ 762.713580][T16382] hsr_slave_0: entered promiscuous mode [ 762.757507][T16382] hsr_slave_1: entered promiscuous mode [ 762.776448][T16382] debugfs: 'hsr0' already exists in 'hsr' [ 762.798664][T16382] Cannot create hsr debugfs directory [ 762.801830][T16441] FAULT_INJECTION: forcing a failure. [ 762.801830][T16441] name fail_futex, interval 1, probability 0, space 0, times 0 [ 762.827243][T16441] CPU: 1 UID: 0 PID: 16441 Comm: syz.5.2287 Tainted: G U syzkaller #0 PREEMPT(full) [ 762.827287][T16441] Tainted: [U]=USER [ 762.827297][T16441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 762.827314][T16441] Call Trace: [ 762.827324][T16441] [ 762.827335][T16441] dump_stack_lvl+0x16c/0x1f0 [ 762.827371][T16441] should_fail_ex+0x512/0x640 [ 762.827406][T16441] get_futex_key+0x1d0/0x1560 [ 762.827444][T16441] ? __pfx_get_futex_key+0x10/0x10 [ 762.827473][T16441] ? futex_private_hash_put+0x176/0x300 [ 762.827516][T16441] futex_wake+0xea/0x530 [ 762.827557][T16441] ? __pfx_futex_wake+0x10/0x10 [ 762.827598][T16441] ? kmem_cache_free+0x2d1/0x4d0 [ 762.827627][T16441] ? find_held_lock+0x2b/0x80 [ 762.827652][T16441] ? putname+0x154/0x1a0 [ 762.827686][T16441] ? do_sys_openat2+0x1b0/0x1d0 [ 762.827730][T16441] do_futex+0x1e3/0x350 [ 762.827763][T16441] ? __pfx_do_futex+0x10/0x10 [ 762.827806][T16441] __x64_sys_futex+0x1e0/0x4c0 [ 762.827841][T16441] ? fdget_pos+0x2b8/0x370 [ 762.827871][T16441] ? __pfx___x64_sys_futex+0x10/0x10 [ 762.827902][T16441] ? ksys_read+0x1ac/0x250 [ 762.827930][T16441] ? __pfx_ksys_read+0x10/0x10 [ 762.827970][T16441] do_syscall_64+0xcd/0x4c0 [ 762.828002][T16441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.828029][T16441] RIP: 0033:0x7fa80b78eec9 [ 762.828051][T16441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 762.828078][T16441] RSP: 002b:00007fa80c5b70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 762.828104][T16441] RAX: ffffffffffffffda RBX: 00007fa80b9e5fa8 RCX: 00007fa80b78eec9 [ 762.828123][T16441] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa80b9e5fac [ 762.828141][T16441] RBP: 00007fa80b9e5fa0 R08: 00007fa80c5b8000 R09: 0000000000000000 [ 762.828165][T16441] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 762.828182][T16441] R13: 00007fa80b9e6038 R14: 00007ffdd59654d0 R15: 00007ffdd59655b8 [ 762.828219][T16441] [ 764.051596][T15209] Bluetooth: hci5: command tx timeout [ 765.004745][T16382] [ 765.007100][T16382] ====================================================== [ 765.014110][T16382] WARNING: possible circular locking dependency detected [ 765.021121][T16382] syzkaller #0 Tainted: G U [ 765.027088][T16382] ------------------------------------------------------ [ 765.034096][T16382] syz-executor/16382 is trying to acquire lock: [ 765.040327][T16382] ffff88801bef7a20 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_unlink_sibling+0xa3/0x320 [ 765.050878][T16382] [ 765.050878][T16382] but task is already holding lock: [ 765.058236][T16382] ffff88801bef7988 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_remove_by_name_ns+0x3d/0x110 [ 765.068501][T16382] [ 765.068501][T16382] which lock already depends on the new lock. [ 765.068501][T16382] [ 765.078886][T16382] [ 765.078886][T16382] the existing dependency chain (in reverse order) is: [ 765.087881][T16382] [ 765.087881][T16382] -> #10 (&root->kernfs_rwsem){++++}-{4:4}: [ 765.095950][T16382] down_write+0x92/0x200 [ 765.100709][T16382] kernfs_add_one+0x38/0x840 [ 765.105819][T16382] kernfs_create_dir_ns+0xfc/0x1a0 [ 765.111450][T16382] internal_create_group+0x34d/0xf30 [ 765.117251][T16382] cpuhp_invoke_callback+0x3d5/0xa10 [ 765.123057][T16382] cpuhp_issue_call+0x1c0/0x980 [ 765.128419][T16382] __cpuhp_setup_state_cpuslocked+0x3a1/0x7b0 [ 765.134996][T16382] __cpuhp_setup_state+0xf4/0x300 [ 765.140533][T16382] do_one_initcall+0x120/0x6e0 [ 765.145808][T16382] kernel_init_freeable+0x5c2/0x910 [ 765.151514][T16382] kernel_init+0x1c/0x2b0 [ 765.156357][T16382] ret_from_fork+0x56d/0x730 [ 765.161451][T16382] ret_from_fork_asm+0x1a/0x30 [ 765.166725][T16382] [ 765.166725][T16382] -> #9 (cpuhp_state_mutex){+.+.}-{4:4}: [ 765.174532][T16382] [ 765.174532][T16382] -> #8 (cpu_hotplug_lock){++++}-{0:0}: [ 765.182250][T16382] cpus_read_lock+0x42/0x160 [ 765.187350][T16382] static_key_slow_inc+0x12/0x30 [ 765.192798][T16382] setup_udp_tunnel_sock+0x53a/0x680 [ 765.198594][T16382] l2tp_tunnel_register+0x9c8/0xbe0 [ 765.204304][T16382] pppol2tp_tunnel_get.constprop.0+0x3f0/0x540 [ 765.210971][T16382] pppol2tp_connect+0xb1b/0x1ce0 [ 765.216425][T16382] __sys_connect_file+0x141/0x1a0 [ 765.221973][T16382] __sys_connect+0x13b/0x160 [ 765.227101][T16382] __x64_sys_connect+0x72/0xb0 [ 765.232371][T16382] do_syscall_64+0xcd/0x4c0 [ 765.237386][T16382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.243787][T16382] [ 765.243787][T16382] -> #7 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 765.251509][T16382] lock_sock_nested+0x41/0xf0 [ 765.256696][T16382] inet_autobind+0x1a/0x1a0 [ 765.261715][T16382] inet_send_prepare+0x31b/0x530 [ 765.267169][T16382] inet_sendmsg+0x43/0x140 [ 765.272101][T16382] sock_sendmsg+0x37f/0x470 [ 765.277121][T16382] __sock_xmit+0x1e7/0x4f0 [ 765.282047][T16382] nbd_send_cmd+0x8e4/0x1c90 [ 765.287149][T16382] nbd_queue_rq+0x940/0x12d0 [ 765.292250][T16382] blk_mq_dispatch_rq_list+0x416/0x1e20 [ 765.298319][T16382] __blk_mq_sched_dispatch_requests+0xcb7/0x15f0 [ 765.305164][T16382] blk_mq_sched_dispatch_requests+0xd8/0x1b0 [ 765.311660][T16382] blk_mq_run_hw_queue+0x239/0x670 [ 765.317283][T16382] blk_mq_dispatch_list+0x514/0x1310 [ 765.323519][T16382] blk_mq_flush_plug_list+0x130/0x600 [ 765.329409][T16382] __blk_flush_plug+0x2c4/0x4b0 [ 765.334776][T16382] __submit_bio+0x545/0x690 [ 765.339794][T16382] submit_bio_noacct_nocheck+0x660/0xd30 [ 765.345940][T16382] submit_bio_noacct+0xb49/0x1ed0 [ 765.351487][T16382] block_read_full_folio+0x4db/0x850 [ 765.357288][T16382] filemap_read_folio+0xc5/0x2a0 [ 765.362740][T16382] do_read_cache_folio+0x263/0x5c0 [ 765.368367][T16382] read_part_sector+0xd4/0x370 [ 765.373641][T16382] adfspart_check_ICS+0x93/0x940 [ 765.379093][T16382] bdev_disk_changed+0x720/0x1520 [ 765.384641][T16382] blkdev_get_whole+0x187/0x290 [ 765.390004][T16382] bdev_open+0x2c7/0xe40 [ 765.394781][T16382] blkdev_open+0x34e/0x4f0 [ 765.399714][T16382] do_dentry_open+0x97f/0x1530 [ 765.404992][T16382] vfs_open+0x82/0x3f0 [ 765.409578][T16382] path_openat+0x1de4/0x2cb0 [ 765.414677][T16382] do_filp_open+0x20b/0x470 [ 765.419700][T16382] do_sys_openat2+0x11b/0x1d0 [ 765.424893][T16382] __x64_sys_openat+0x174/0x210 [ 765.430251][T16382] do_syscall_64+0xcd/0x4c0 [ 765.435265][T16382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.441667][T16382] [ 765.441667][T16382] -> #6 (&nsock->tx_lock){+.+.}-{4:4}: [ 765.449302][T16382] __mutex_lock+0x193/0x1060 [ 765.454404][T16382] nbd_queue_rq+0x423/0x12d0 [ 765.459507][T16382] blk_mq_dispatch_rq_list+0x416/0x1e20 [ 765.465604][T16382] __blk_mq_sched_dispatch_requests+0xcb7/0x15f0 [ 765.472447][T16382] blk_mq_sched_dispatch_requests+0xd8/0x1b0 [ 765.478941][T16382] blk_mq_run_hw_queue+0x239/0x670 [ 765.484571][T16382] blk_mq_dispatch_list+0x514/0x1310 [ 765.490371][T16382] blk_mq_flush_plug_list+0x130/0x600 [ 765.496259][T16382] __blk_flush_plug+0x2c4/0x4b0 [ 765.501624][T16382] __submit_bio+0x545/0x690 [ 765.506640][T16382] submit_bio_noacct_nocheck+0x660/0xd30 [ 765.512789][T16382] submit_bio_noacct+0xb49/0x1ed0 [ 765.518329][T16382] block_read_full_folio+0x4db/0x850 [ 765.524128][T16382] filemap_read_folio+0xc5/0x2a0 [ 765.529589][T16382] do_read_cache_folio+0x263/0x5c0 [ 765.535216][T16382] read_part_sector+0xd4/0x370 [ 765.540491][T16382] adfspart_check_ICS+0x93/0x940 [ 765.545941][T16382] bdev_disk_changed+0x720/0x1520 [ 765.551483][T16382] blkdev_get_whole+0x187/0x290 [ 765.556847][T16382] bdev_open+0x2c7/0xe40 [ 765.561610][T16382] blkdev_open+0x34e/0x4f0 [ 765.566541][T16382] do_dentry_open+0x97f/0x1530 [ 765.571842][T16382] vfs_open+0x82/0x3f0 [ 765.576428][T16382] path_openat+0x1de4/0x2cb0 [ 765.581529][T16382] do_filp_open+0x20b/0x470 [ 765.586545][T16382] do_sys_openat2+0x11b/0x1d0 [ 765.591742][T16382] __x64_sys_openat+0x174/0x210 [ 765.597099][T16382] do_syscall_64+0xcd/0x4c0 [ 765.602115][T16382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.608518][T16382] [ 765.608518][T16382] -> #5 (&cmd->lock){+.+.}-{4:4}: [ 765.615722][T16382] __mutex_lock+0x193/0x1060 [ 765.620825][T16382] nbd_queue_rq+0xbd/0x12d0 [ 765.625844][T16382] blk_mq_dispatch_rq_list+0x416/0x1e20 [ 765.631907][T16382] __blk_mq_sched_dispatch_requests+0xcb7/0x15f0 [ 765.638750][T16382] blk_mq_sched_dispatch_requests+0xd8/0x1b0 [ 765.645245][T16382] blk_mq_run_hw_queue+0x239/0x670 [ 765.650876][T16382] blk_mq_dispatch_list+0x514/0x1310 [ 765.656690][T16382] blk_mq_flush_plug_list+0x130/0x600 [ 765.662580][T16382] __blk_flush_plug+0x2c4/0x4b0 [ 765.667950][T16382] __submit_bio+0x545/0x690 [ 765.672965][T16382] submit_bio_noacct_nocheck+0x660/0xd30 [ 765.679114][T16382] submit_bio_noacct+0xb49/0x1ed0 [ 765.684656][T16382] block_read_full_folio+0x4db/0x850 [ 765.690460][T16382] filemap_read_folio+0xc5/0x2a0 [ 765.695905][T16382] do_read_cache_folio+0x263/0x5c0 [ 765.701532][T16382] read_part_sector+0xd4/0x370 [ 765.706808][T16382] adfspart_check_ICS+0x93/0x940 [ 765.712259][T16382] bdev_disk_changed+0x720/0x1520 [ 765.717795][T16382] blkdev_get_whole+0x187/0x290 [ 765.723155][T16382] bdev_open+0x2c7/0xe40 [ 765.727910][T16382] blkdev_open+0x34e/0x4f0 [ 765.732846][T16382] do_dentry_open+0x97f/0x1530 [ 765.738119][T16382] vfs_open+0x82/0x3f0 [ 765.742705][T16382] path_openat+0x1de4/0x2cb0 [ 765.747808][T16382] do_filp_open+0x20b/0x470 [ 765.752825][T16382] do_sys_openat2+0x11b/0x1d0 [ 765.758019][T16382] __x64_sys_openat+0x174/0x210 [ 765.763381][T16382] do_syscall_64+0xcd/0x4c0 [ 765.768396][T16382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.774887][T16382] [ 765.774887][T16382] -> #4 (set->srcu){.+.+}-{0:0}: [ 765.782001][T16382] __synchronize_srcu+0xa1/0x290 [ 765.787460][T16382] blk_mq_quiesce_queue+0x149/0x1b0 [ 765.793170][T16382] elevator_switch+0x17d/0x810 [ 765.798444][T16382] elevator_change+0x391/0x580 [ 765.803718][T16382] elevator_set_default+0x2e9/0x380 [ 765.809431][T16382] blk_register_queue+0x384/0x4e0 [ 765.814964][T16382] __add_disk+0x74a/0xf00 [ 765.819803][T16382] add_disk_fwnode+0x13f/0x5d0 [ 765.825076][T16382] nbd_dev_add+0x783/0xbb0 [ 765.830003][T16382] nbd_init+0x181/0x320 [ 765.834666][T16382] do_one_initcall+0x120/0x6e0 [ 765.839947][T16382] kernel_init_freeable+0x5c2/0x910 [ 765.845652][T16382] kernel_init+0x1c/0x2b0 [ 765.850498][T16382] ret_from_fork+0x56d/0x730 [ 765.855594][T16382] ret_from_fork_asm+0x1a/0x30 [ 765.860871][T16382] [ 765.860871][T16382] -> #3 (&q->elevator_lock){+.+.}-{4:4}: [ 765.868675][T16382] __mutex_lock+0x193/0x1060 [ 765.873775][T16382] elevator_change+0x17d/0x580 [ 765.879049][T16382] elv_iosched_store+0x315/0x3c0 [ 765.884500][T16382] queue_attr_store+0x26b/0x310 [ 765.889858][T16382] sysfs_kf_write+0xef/0x150 [ 765.894959][T16382] kernfs_fop_write_iter+0x3ac/0x570 [ 765.900770][T16382] vfs_write+0x7d3/0x11d0 [ 765.905613][T16382] ksys_write+0x12a/0x250 [ 765.910454][T16382] do_syscall_64+0xcd/0x4c0 [ 765.915466][T16382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.921871][T16382] [ 765.921871][T16382] -> #2 (&q->q_usage_counter(io)#62){++++}-{0:0}: [ 765.930469][T16382] blk_alloc_queue+0x619/0x760 [ 765.935835][T16382] blk_mq_alloc_queue+0x172/0x280 [ 765.941376][T16382] __blk_mq_alloc_disk+0x29/0x120 [ 765.946905][T16382] nbd_dev_add+0x492/0xbb0 [ 765.951833][T16382] nbd_init+0x181/0x320 [ 765.956495][T16382] do_one_initcall+0x120/0x6e0 [ 765.961768][T16382] kernel_init_freeable+0x5c2/0x910 [ 765.967470][T16382] kernel_init+0x1c/0x2b0 [ 765.972312][T16382] ret_from_fork+0x56d/0x730 [ 765.977408][T16382] ret_from_fork_asm+0x1a/0x30 [ 765.982685][T16382] [ 765.982685][T16382] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 765.989883][T16382] fs_reclaim_acquire+0x102/0x150 [ 765.995429][T16382] kmem_cache_alloc_noprof+0x53/0x3b0 [ 766.001315][T16382] __kernfs_iattrs+0x124/0x3e0 [ 766.006589][T16382] __kernfs_setattr+0x4d/0x3c0 [ 766.011865][T16382] kernfs_iop_setattr+0xda/0x120 [ 766.017315][T16382] notify_change+0x6a6/0x1230 [ 766.022513][T16382] do_truncate+0x1d7/0x230 [ 766.027439][T16382] path_openat+0x2678/0x2cb0 [ 766.032540][T16382] do_filp_open+0x20b/0x470 [ 766.037551][T16382] do_sys_openat2+0x11b/0x1d0 [ 766.042742][T16382] __x64_sys_openat+0x174/0x210 [ 766.048096][T16382] do_syscall_64+0xcd/0x4c0 [ 766.053106][T16382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.059510][T16382] [ 766.059510][T16382] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 766.068011][T16382] __lock_acquire+0x12a6/0x1ce0 [ 766.073376][T16382] lock_acquire+0x179/0x350 [ 766.078390][T16382] down_write+0x92/0x200 [ 766.083140][T16382] kernfs_unlink_sibling+0xa3/0x320 [ 766.088853][T16382] __kernfs_remove+0x2c0/0x8a0 [ 766.094131][T16382] kernfs_remove_by_name_ns+0x68/0x110 [ 766.100097][T16382] sysfs_unmerge_group+0xe7/0x170 [ 766.105637][T16382] dpm_sysfs_remove+0x7f/0xb0 [ 766.110829][T16382] device_del+0x1a0/0x9f0 [ 766.115668][T16382] device_unregister+0x1d/0xc0 [ 766.120939][T16382] del_device_store+0x355/0x4a0 [ 766.126297][T16382] bus_attr_store+0x71/0xb0 [ 766.131314][T16382] sysfs_kf_write+0xef/0x150 [ 766.136414][T16382] kernfs_fop_write_iter+0x3ac/0x570 [ 766.142208][T16382] vfs_write+0x7d3/0x11d0 [ 766.147047][T16382] ksys_write+0x12a/0x250 [ 766.151885][T16382] do_syscall_64+0xcd/0x4c0 [ 766.156901][T16382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.163309][T16382] [ 766.163309][T16382] other info that might help us debug this: [ 766.163309][T16382] [ 766.173516][T16382] Chain exists of: [ 766.173516][T16382] &root->kernfs_iattr_rwsem --> cpuhp_state_mutex --> &root->kernfs_rwsem [ 766.173516][T16382] [ 766.187929][T16382] Possible unsafe locking scenario: [ 766.187929][T16382] [ 766.195359][T16382] CPU0 CPU1 [ 766.200702][T16382] ---- ---- [ 766.206049][T16382] lock(&root->kernfs_rwsem); [ 766.210797][T16382] lock(cpuhp_state_mutex); [ 766.217894][T16382] lock(&root->kernfs_rwsem); [ 766.225169][T16382] lock(&root->kernfs_iattr_rwsem); [ 766.230438][T16382] [ 766.230438][T16382] *** DEADLOCK *** [ 766.230438][T16382] [ 766.238559][T16382] 5 locks held by syz-executor/16382: [ 766.243914][T16382] #0: ffff88807e8ea428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 766.252884][T16382] #1: ffff88807d09c088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 766.262627][T16382] #2: ffff8880270ed008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 766.272631][T16382] #3: ffffffff8f4332c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 766.282888][T16382] #4: ffff88801bef7988 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_remove_by_name_ns+0x3d/0x110 [ 766.293588][T16382] [ 766.293588][T16382] stack backtrace: [ 766.299465][T16382] CPU: 0 UID: 0 PID: 16382 Comm: syz-executor Tainted: G U syzkaller #0 PREEMPT(full) [ 766.299492][T16382] Tainted: [U]=USER [ 766.299499][T16382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 766.299511][T16382] Call Trace: [ 766.299519][T16382] [ 766.299527][T16382] dump_stack_lvl+0x116/0x1f0 [ 766.299550][T16382] print_circular_bug+0x275/0x350 [ 766.299576][T16382] check_noncircular+0x14c/0x170 [ 766.299602][T16382] __lock_acquire+0x12a6/0x1ce0 [ 766.299631][T16382] lock_acquire+0x179/0x350 [ 766.299655][T16382] ? kernfs_unlink_sibling+0xa3/0x320 [ 766.299683][T16382] ? __pfx___might_resched+0x10/0x10 [ 766.299705][T16382] down_write+0x92/0x200 [ 766.299727][T16382] ? kernfs_unlink_sibling+0xa3/0x320 [ 766.299753][T16382] ? __pfx_down_write+0x10/0x10 [ 766.299777][T16382] kernfs_unlink_sibling+0xa3/0x320 [ 766.299803][T16382] __kernfs_remove+0x2c0/0x8a0 [ 766.299829][T16382] ? kernfs_find_ns+0x277/0x540 [ 766.299856][T16382] kernfs_remove_by_name_ns+0x68/0x110 [ 766.299875][T16382] sysfs_unmerge_group+0xe7/0x170 [ 766.299907][T16382] dpm_sysfs_remove+0x7f/0xb0 [ 766.299934][T16382] device_del+0x1a0/0x9f0 [ 766.299956][T16382] ? __pfx_device_del+0x10/0x10 [ 766.299979][T16382] device_unregister+0x1d/0xc0 [ 766.299999][T16382] del_device_store+0x355/0x4a0 [ 766.300017][T16382] ? __pfx_del_device_store+0x10/0x10 [ 766.300035][T16382] ? find_held_lock+0x2b/0x80 [ 766.300053][T16382] ? sysfs_file_kobj+0xe4/0x290 [ 766.300073][T16382] ? __pfx_del_device_store+0x10/0x10 [ 766.300092][T16382] bus_attr_store+0x71/0xb0 [ 766.300117][T16382] ? __pfx_bus_attr_store+0x10/0x10 [ 766.300142][T16382] sysfs_kf_write+0xef/0x150 [ 766.300165][T16382] kernfs_fop_write_iter+0x3ac/0x570 [ 766.300183][T16382] ? __pfx_sysfs_kf_write+0x10/0x10 [ 766.300206][T16382] vfs_write+0x7d3/0x11d0 [ 766.300228][T16382] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 766.300249][T16382] ? __pfx_vfs_write+0x10/0x10 [ 766.300272][T16382] ? __pfx_do_sys_openat2+0x10/0x10 [ 766.300306][T16382] ksys_write+0x12a/0x250 [ 766.300327][T16382] ? __pfx_ksys_write+0x10/0x10 [ 766.300352][T16382] do_syscall_64+0xcd/0x4c0 [ 766.300373][T16382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.300393][T16382] RIP: 0033:0x7f3b4cb8d97f [ 766.300409][T16382] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 766.300428][T16382] RSP: 002b:00007ffdd86e1120 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 766.300446][T16382] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f3b4cb8d97f [ 766.300459][T16382] RDX: 0000000000000001 RSI: 00007ffdd86e1170 RDI: 0000000000000005 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 766.300471][T16382] RBP: 00007f3b4cc13239 R08: 0000000000000000 R09: 00007ffdd86e0f77 [ 766.300484][T16382] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 766.300496][T16382] R13: 00007ffdd86e1170 R14: 00007f3b4d914620 R15: 0000000000000003 [ 766.300515][T16382] [ 766.882964][T12017] Bluetooth: hci5: command tx timeout [ 767.330884][T16382] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.510022][T16382] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.579994][T16382] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 768.079757][T15793] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 768.174703][T15793] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 768.247650][T15793] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 768.353927][T15793] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 768.486384][T15793] gretap0: left allmulticast mode [ 768.491452][T15793] gretap0: left promiscuous mode [ 768.497267][T15793] bridge0: port 3(gretap0) entered disabled state [ 768.505184][T15793] bridge_slave_1: left allmulticast mode [ 768.510833][T15793] bridge_slave_1: left promiscuous mode [ 768.517369][T15793] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.526244][T15793] bridge_slave_0: left allmulticast mode [ 768.532578][T15793] bridge_slave_0: left promiscuous mode [ 768.539951][T15793] bridge0: port 1(bridge_slave_0) entered disabled state [ 768.724320][T15793] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 768.738526][T15793] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 768.758069][T15793] bond0 (unregistering): Released all slaves [ 769.041164][T15793] hsr_slave_0: left promiscuous mode [ 769.053490][T15793] hsr_slave_1: left promiscuous mode [ 769.064799][T15793] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 769.072192][T15793] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 769.105028][T15793] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 769.112434][T15793] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 769.138250][T15793] veth1_macvtap: left promiscuous mode [ 769.143792][T15793] veth0_macvtap: left promiscuous mode [ 769.164318][T15793] veth1_vlan: left promiscuous mode [ 769.169639][T15793] veth0_vlan: left promiscuous mode [ 769.505176][T15793] team0 (unregistering): Port device team_slave_1 removed [ 769.533469][T15793] team0 (unregistering): Port device team_slave_0 removed [ 770.005607][T15793] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 770.100964][T15793] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 770.142867][T15793] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 770.211788][T15793] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 770.338326][T15793] gretap0: left allmulticast mode [ 770.343397][T15793] gretap0: left promiscuous mode [ 770.353739][T15793] bridge0: port 3(gretap0) entered disabled state [ 770.363037][T15793] bridge_slave_1: left allmulticast mode [ 770.373200][T15793] bridge_slave_1: left promiscuous mode [ 770.379602][T15793] bridge0: port 2(bridge_slave_1) entered disabled state [ 770.389280][T15793] bridge_slave_0: left allmulticast mode [ 770.395603][T15793] bridge_slave_0: left promiscuous mode [ 770.401369][T15793] bridge0: port 1(bridge_slave_0) entered disabled state [ 770.412102][T15793] bridge_slave_1: left allmulticast mode [ 770.429700][T15793] bridge_slave_1: left promiscuous mode [ 770.439051][T15793] bridge0: port 2(bridge_slave_1) entered disabled state [ 770.452326][T15793] bridge_slave_0: left allmulticast mode [ 770.459641][T15793] bridge_slave_0: left promiscuous mode [ 770.466809][T15793] bridge0: port 1(bridge_slave_0) entered disabled state [ 770.645377][T15793] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 770.656058][T15793] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 770.668878][T15793] bond0 (unregistering): Released all slaves [ 770.760580][T15793] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 770.770730][T15793] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 770.780880][T15793] bond0 (unregistering): Released all slaves [ 770.875951][T15793] HfR: left promiscuous mode [ 770.947214][T15793] .^: left promiscuous mode [ 771.004564][T15793] tipc: Left network mode [ 771.496946][T15793] hsr_slave_0: left promiscuous mode [ 771.515987][T15793] hsr_slave_1: left promiscuous mode [ 771.521803][T15793] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 771.541756][T15793] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 771.555780][T15793] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 771.563180][T15793] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 771.591009][T15793] hsr_slave_0: left promiscuous mode [ 771.606634][T15793] hsr_slave_1: left promiscuous mode [ 771.625998][T15793] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 771.633607][T15793] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 771.659196][T15793] veth1_macvtap: left allmulticast mode [ 771.664790][T15793] veth1_macvtap: left promiscuous mode [ 771.683175][T15793] veth0_macvtap: left promiscuous mode [ 771.697052][T15793] veth1_vlan: left promiscuous mode [ 771.702376][T15793] veth0_vlan: left promiscuous mode [ 771.946434][T15793] team0 (unregistering): Port device team_slave_1 removed [ 771.981957][T15793] team0 (unregistering): Port device team_slave_0 removed [ 772.190895][T15793] team0 (unregistering): Port device team_slave_1 removed [ 772.216853][T15793] team0 (unregistering): Port device team_slave_0 removed