last executing test programs: 11.838798921s ago: executing program 1 (id=664): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x22, 0x940, 0x1ffde, 0x3, 0x3, 0x8000003, 0x9, 0x5, 0x0, 0x4, 0xb0, 0x7, 0x1, 0x3, 0x5, 0x7, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, [0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100000001]}, 0x7, 0x10000281) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x14, 0x0) r0 = fsopen$auto(0x0, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) getcpu$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x5, 0x80000000, 0x0) socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) connect$auto(0x3, 0x0, 0x55) listen$auto(0x3, 0x807d) r1 = accept$auto(0x3, 0x0, 0x0) setreuid$auto(0x9, 0x1) read$auto_fault_around_bytes_fops_(r1, &(0x7f0000000100)=""/4, 0x4) getpriority$auto(0x2, 0x9) socket(0x1, 0x1, 0x1) socket(0x2c, 0x80003, 0x0) mmap$auto(0x8, 0x8f, 0x7, 0x12, 0x5, 0x22000008000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000940)='/sys/devices/platform/Fixed MDIO bus.0/mdio_bus/fixed-0/statistics/errors\x00', 0x490606, 0x0) read$auto(r2, &(0x7f0000000000)='/sys/devices/platform/vhci_hcd.8/usb26/descriptors\x00', 0x9) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE_OLD2(r0, 0xc1004110, &(0x7f0000000140)={0x6, [0x2, 0x5, 0xcaa], [{0x40, 0xd, 0x1, 0x0, 0x1, 0x1}, {0x3f5b, 0x3, 0x1, 0x1, 0x0, 0x1}, {0x4, 0x1000, 0x1, 0x1, 0x1, 0x1}, {0x5, 0xffff0000, 0x1, 0x0, 0x0, 0x1}, {0x9, 0x9, 0x1, 0x1, 0x1}, {0x83ba, 0x7, 0x0, 0x0, 0x1, 0x1}, {0x800, 0x401, 0x0, 0x0, 0x1}, {0x40, 0x4, 0x1, 0x1, 0x1, 0x1}, {0x2, 0x5, 0x1, 0x1}, {0x4, 0x2, 0x0, 0x0, 0x1}, {0x9, 0x5, 0x1}, {0x7, 0x5, 0x0, 0x0, 0x1, 0x1}], 0x7, 0xfffffff2, 0xf49d, 0xffffff58, 0x7caa5717, 0x0, 0x4, "f9253b9bfb5bd2006d25c33b450a3d31f4843452718e953347fa0572c797f548b8b70a9872bdfd5988fb406f79f63d7cc919dc26fed0ad1215d2f824c8788fc1"}) 10.863955035s ago: executing program 1 (id=668): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) fsopen$auto(&(0x7f0000000000)='nlctrl\x00', 0x3) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) madvise$auto(0x6, 0x1, 0xb) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000001100)={0x14, r1, 0x301, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0xc040810) ioctl$auto_BLKOPENZONE(r0, 0x40101286, &(0x7f0000000100)={0x8, 0xf}) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x80000000, 0xf3, 0x1) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x400c810}, 0x20000041) r2 = bpf$auto(0xfffff001, &(0x7f0000000000)=@bpf_attr_3={0xa332, 0x2, 0x7, 0x3, 0xfffffbff, 0x2, 0x1, 0x4, 0x7, "0108a5172d53c2dc73bf58e1423b2178", 0x0, 0x9, 0xffffffffffffffff, 0x81, 0x8, 0x81, 0xb03, 0x0, 0x3ff, 0x7, @attach_prog_fd, 0x2, 0x630, 0x57d, 0x9, 0x8}, 0xa3) syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000140), r2) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) r3 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) read$auto_uinput_fops_uinput(r3, &(0x7f0000001400)=""/4112, 0x1010) read$auto(r3, 0x0, 0xfdf3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x5, 0x9, 0x0, 0x103, 0xee01, 0x0, 0x0, 0xffffffffffffff91, 0x0, 0x2, 0xec, 0x4, 0x2, 0x1, 0x4, 0xfffffffffffffff8}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) 9.072572459s ago: executing program 2 (id=673): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) unshare$auto(0x9) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x11, 0xfffffffffffffffe, 0xb) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) syslog$auto(0xffffffff, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\x87\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j\x1c\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xa2d\x04\xa9 1q\x97\xc4,\xa9\x1e\xc1\xbe\xa1q\x03\x00\x00\x00\x00\x00\x00\x00\x05\x90\xa2', 0x10000) mmap$auto(0xfb, 0x2000c, 0x4000000000df, 0xeb1, r2, 0x8000) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r3, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x18380, 0x0) unshare$auto(0x40000080) mmap$auto(0x100400000000000, 0x8001, 0x7, 0xfffffffffffff810, 0xfffffffffffffffa, 0x1000000008000) madvise$auto(0x0, 0xffffffffffff0009, 0x13) r4 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv6/conf/ipvlan0/enhanced_dad\x00', 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'tunl0\x00'}) sendmsg$auto_NCSI_CMD_PKG_INFO(r4, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={0x0}, 0x1, 0x0, 0x0, 0x41}, 0x44088) r5 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r5, 0x43403d05, 0x0) madvise$auto(0x0, 0x52, 0x9) 9.015998889s ago: executing program 1 (id=674): openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x22d02, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x80, 0x104, 0x6, 0x20000000003}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x60100, 0x0) read$auto_vhci_fops_hci_vhci(r1, &(0x7f0000000d40)=""/16, 0x10) mmap$auto(0x0, 0x8000000000020006, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fsconfig$auto_SHMEM_HUGE_WITHIN_SIZE(r0, 0xffffffff, &(0x7f0000000040)='\x00', &(0x7f0000000100)="3d70aa42ea72d62d7d2fe39f29603dff8f97c1b1b50e7e992be3959f9d7ee99631dcfa2436c0c16d6b7ce4ee4ec8cf2014a1b7042667e1556a1e592d73cb9181caa36be823fa68b77e63ca01d8a165e47bc429172f0e53852fb397d6dcaa0527abb4ca74db06a015a927aef31bc4804bb0595644acb2b83cbe1a201edd1befdc2cd21c360f43fbfbde7672c5485582b3b5e1f57505c660d153201f663f086f8d37a45d457285063c7ab32e0a0ccec8488beacb7556197bb94b0d63ae87ff5c7af050968766e3ba3ff8b53b44c0add5e509588a9269cf36fb81", 0x2) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio12\x00', 0x0, 0x0) poll$auto(&(0x7f0000000480)={r2, 0xffff, 0x29}, 0x3, 0x8) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x80, 0xfc0000001, 0x10000000003, 0x200004000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/card1\x00', 0x101002, 0x0) ioctl$auto(r3, 0x9000643a, 0xc35) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ttyc7/dev\x00', 0x4000, 0x0) getpid() close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0x2, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 6.968219028s ago: executing program 0 (id=677): mmap$auto(0x7ff, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) connect$auto(0x4, 0x0, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0xa, 0x6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/auth.unix.ip/flush\x00', 0x2000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xc, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007) madvise$auto(0x0, 0xffffffffffff0005, 0x19) bind$auto(0x3, 0x0, 0x6a) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x20) 6.926665315s ago: executing program 2 (id=678): r0 = socket(0xa, 0x1, 0x100) ioperm$auto(0x0, 0x5ad2, 0x808) modify_ldt$auto(0x1, 0x0, 0x10) ioctl$auto_USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522, 0x0) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r0, &(0x7f00000001c0)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x100, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x21, 0x3, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_STATUS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYRES32=r1, @ANYRESHEX=r0, @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x40) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0x1d, 0x8fd6, 0x400000000000948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0) mmap$auto(0x83, 0x0, 0x6945, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) process_mrelease$auto(0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x18000003f000000, 0x400000004) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mount$auto(0x0, &(0x7f0000001500)='./file0\x00', &(0x7f0000001540)='cifs\x00', 0x8002, 0x0) mincore$auto(0x1000, 0x8001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x59, 0x0) r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon0\x00', 0x640, 0x0) read$auto_mon_fops_binary_mon_bin(r4, 0x0, 0x2f) 6.868013925s ago: executing program 1 (id=679): mmap$auto(0xcd, 0x400005, 0x12, 0x16, 0xffffffffffffffff, 0xffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x8, 0x400008, 0xdf, 0x111, 0x2, 0x8004) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd6\x00', 0x3a3c02, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x3) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) capset$auto(0x0, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) mmap$auto(0x0, 0x1, 0x7fffffff, 0x44eb1, 0x3, 0x300000000000) ioctl$auto_SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x4c04, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, 0x0, 0x67) mremap$auto(0x0, 0x7, 0x3fd6, 0x0, 0x1ffffffe) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) socket(0xa, 0x3, 0x3) select$auto(0x3, 0x0, 0x0, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) getpid() select$auto(0x9, &(0x7f0000000140)={[0x2, 0x8, 0x9, 0x5, 0x3, 0x4, 0x6, 0x9, 0x80d, 0x9fba, 0x9, 0x4, 0x5, 0x6, 0x3, 0x401]}, &(0x7f00000001c0)={[0x0, 0xd761, 0x800000, 0x1, 0x7, 0x10000, 0x80000000, 0x3, 0x7fffffff, 0x3, 0xc, 0x89ff, 0x8001, 0x5, 0x8001, 0x3]}, &(0x7f0000000240)={[0x6, 0xf4, 0x3, 0x5d, 0x4, 0x10000, 0x577, 0x6, 0x7, 0x3ff, 0x600000, 0xce10, 0x5, 0x7, 0x9, 0xfffffffffffffff9]}, &(0x7f0000000000)={0x2, 0xeb50}) 5.212876162s ago: executing program 0 (id=680): mmap$auto(0xfffffffffffffff9, 0x400008, 0xdf, 0x4a56, 0x2, 0x8000) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000500), 0x400000, 0x0) timer_create$auto(0xfffffff9, 0x0, 0x0) ioctl$auto_PPPIOCSCOMPRESS(r1, 0x4010744d, 0x0) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:<\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xadCl\x9e\xeb\xcd\vp\x99\x00\xc8\x06\xa5\xdc3\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0A\x94\xa3\xaef\x87\xd8\x95I\xfd\xa8\t\xac\x87\xb7\x1d\xd5\x83\xdcyu]\xde\xbe\xbf$<.}\x8b`\x04\xfc\xa2\xab\xb5]\x80\x00\xb9D\xc5\xbc\xf2a\xd66\xa5\xd3\xc1r\x96\x1e\x8db\x05=`\x01\x11\x04Tz\x87A$\x115\x95PUf\xa7\xfe\x19\x00\x82go}@W\xd5\xaej\x01\xbf>5n\x17S\xc0\x8a\xaf%O\xd1W\xa3ua+sUJ\xea\xf9\xb7p-\x128\x9d\xbaM_\xff\x1c\xc3sG\x04\xf2\xd3\xf3{;\xd4\xd7\x1c\x1dZ\xe9\xe9\xc9\x9cu5\xe9\xa2\xb3N\xd2\xc1\xc8\xa5\xadt\xd5BKD\x86\xeb%\a*\x06\xbb\x1e\xfb\x11U\f&\xcbP\xf1\xcf\xccb\xe8Wb\xc5ae\xe3\xf9l\xa9vK\xed\x8cL\xfb%g\x83;\xe1\xe2w\xd6\xaa6\x16\x8fx\x1a\xd7\xc8\xf4[\xbc\b\xe1Z\x92\x14Q\xdef\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(r2, 0xc0305710, &(0x7f0000000ac0)={0x2, 0x4000, 0x0, 0x1, 0x169f, "6664572c0cf7be35d38f622e"}) r4 = socket(0xa, 0x2, 0x0) setsockopt$auto(r4, 0x29, 0x12, 0x0, 0x1) r5 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000001c0), r3) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004640)={0x14, r5, 0x300, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x200088c4}, 0x4) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) mincore$auto(0x1000, 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) 4.966710241s ago: executing program 2 (id=682): mmap$auto(0xfffffffffffffff9, 0x400008, 0xdf, 0x4a56, 0x2, 0x8000) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000500), 0x400000, 0x0) timer_create$auto(0xfffffff9, 0x0, 0x0) ioctl$auto_PPPIOCSCOMPRESS(r1, 0x4010744d, 0x0) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:<\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xadCl\x9e\xeb\xcd\vp\x99\x00\xc8\x06\xa5\xdc3\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0A\x94\xa3\xaef\x87\xd8\x95I\xfd\xa8\t\xac\x87\xb7\x1d\xd5\x83\xdcyu]\xde\xbe\xbf$<.}\x8b`\x04\xfc\xa2\xab\xb5]\x80\x00\xb9D\xc5\xbc\xf2a\xd66\xa5\xd3\xc1r\x96\x1e\x8db\x05=`\x01\x11\x04Tz\x87A$\x115\x95PUf\xa7\xfe\x19\x00\x82go}@W\xd5\xaej\x01\xbf>5n\x17S\xc0\x8a\xaf%O\xd1W\xa3ua+sUJ\xea\xf9\xb7p-\x128\x9d\xbaM_\xff\x1c\xc3sG\x04\xf2\xd3\xf3{;\xd4\xd7\x1c\x1dZ\xe9\xe9\xc9\x9cu5\xe9\xa2\xb3N\xd2\xc1\xc8\xa5\xadt\xd5BKD\x86\xeb%\a*\x06\xbb\x1e\xfb\x11U\f&\xcbP\xf1\xcf\xccb\xe8Wb\xc5ae\xe3\xf9l\xa9vK\xed\x8cL\xfb%g\x83;\xe1\xe2w\xd6\xaa6\x16\x8fx\x1a\xd7\xc8\xf4[\xbc\b\xe1Z\x92\x14Q\xdef\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(r2, 0xc0305710, &(0x7f0000000ac0)={0x2, 0x4000, 0x0, 0x1, 0x169f, "6664572c0cf7be35d38f622e"}) r4 = socket(0xa, 0x2, 0x0) setsockopt$auto(r4, 0x29, 0x12, 0x0, 0x1) r5 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000001c0), r3) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004640)={0x14, r5, 0x300, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x200088c4}, 0x4) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) mincore$auto(0x1000, 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) 4.861634258s ago: executing program 0 (id=683): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/version\x00', 0x3fbd02, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/module/i915/parameters/mitigations\x00', 0x80302, 0x0) sendfile$auto(r2, r2, 0x0, 0x7ffff000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x400000, 0x4020009, 0xdf, 0x4000eb1, r0, 0x8000) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) getsockopt$auto_SO_TIMESTAMPNS_NEW(r3, 0x80000001, 0x40, &(0x7f0000000100)='/Od\xa5o1\x00\x00\xfc\xff\xff\xff', &(0x7f0000000140)=0x7) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop13/queue/wbt_lat_usec\x00', 0x206a1, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)='-', 0x1) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) setresgid$auto(0xa05, 0x0, 0x0) ioctl$auto(r5, 0x5453, r5) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) socket(0xa, 0x1, 0x0) socket(0x2, 0x1, 0x84) connect$auto(0x3, 0x0, 0x55) 4.761022537s ago: executing program 2 (id=684): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) ioctl$auto(r1, 0x4b66, 0x1) write$auto(0x1, 0x0, 0x80000000) bpf$auto(0x0, 0x0, 0x6f4) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) readv$auto(r0, 0x0, 0x401) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) ioctl$auto_SNDCTL_DSP_GETOSPACE(0xffffffffffffffff, 0x8010500c, &(0x7f0000004040)) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x100000000002, 0x783, 0x3, 0x8000000008011, r2, 0x40) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x1) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000080)={{0x0, 0xc, 0x0, 0xf3, 0x0, 0x20, 0x3}, 0x5b3}, 0x200, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) recvmmsg$auto(r3, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 3.824221983s ago: executing program 0 (id=685): bpf$auto(0x21, &(0x7f0000000300)=@task_fd_query={0x0, 0xffffffffffffffff, 0xfffffff7, 0x72ccc644, 0x10000, 0x2398, 0xffffffffffffffff, 0xc, 0x6}, 0x7) ioperm$auto(0xe4, 0x82f0, 0x942) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, r0, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, r0, [0xbc, 0xffff, 0x40], {0x82, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x8}, {0x7, 0xa, 0xf, 0x7ffb, 0x3, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r1, 0x1276, 0x0) madvise$auto(0x5, 0x9d, 0x9) socket$nl_generic(0x10, 0x3, 0x10) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) ioctl$auto_SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0) r2 = socket(0x2, 0x6, 0x0) listen$auto(r2, 0x81) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x5, 0x0) socket(0xa, 0x3, 0xff) r3 = socket(0x2, 0x801, 0x100) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44010}, 0x20000054) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex=r4, r3, 0x9c, 0x0, 0x1, @relative_fd, 0x5}, 0x96) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="000229bd0000fbdbdf35020000000800fbffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) 3.541078466s ago: executing program 3 (id=686): mmap$auto(0x7ff, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) connect$auto(0x4, 0x0, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0xa, 0x6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/auth.unix.ip/flush\x00', 0x2000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xc, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007) madvise$auto(0x0, 0xffffffffffff0005, 0x19) bind$auto(0x3, 0x0, 0x6a) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x20) 2.641345956s ago: executing program 1 (id=687): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) r1 = io_uring_setup$auto(0x1, 0x0) socket(0x1f, 0x2, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r0, 0x0, 0x4008080) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) capset$auto(0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) r3 = pidfd_open$auto(0x1, 0x0) setns(r3, 0x60020000) ioctl$auto_SNDRV_PCM_IOCTL_DROP2(r3, 0x4143, 0x0) ioperm$auto(0x3, 0xe, 0x2000000000000149) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) socket(0x2, 0x3, 0x1) lstat$auto(&(0x7f0000000280)='./file0\x00', &(0x7f0000000600)={0x5, 0xd6, 0x80000000, 0x5, 0x0, 0x0, 0x0, 0x0, 0x9, 0xfffffffffffffffe, 0x1, 0xffffffffffff3d4f, 0xfffffffffffffc01, 0x79, 0x172, 0xd0d0, 0xffffffffffffffff}) ioctl$auto_RNDADDENTROPY2(r1, 0x40085203, &(0x7f0000000080)=[0x3, 0x4010]) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x169000, 0x0) open(0x0, 0x6041, 0x0) 2.039930174s ago: executing program 2 (id=688): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) r2 = ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r3) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyu3\x00', 0x1, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, &(0x7f0000000080)) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0xfffffffffffffffe, 0x580f, 0x112f4a03, 0x8000000008011, 0x3, 0x0) getresgid$auto(0x0, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0002, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x73) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r5, 0x40045010, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) writev$auto(0x1, 0x0, 0x1) socketpair$auto(0x1, 0x3, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) ioctl$auto(r2, 0x400454cb, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x18, 0xfffffffffffffffa, 0x8000) 1.735887303s ago: executing program 3 (id=689): mmap$auto(0xfffffffffffffff9, 0x400008, 0xdf, 0x4a56, 0x2, 0x8000) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000500), 0x400000, 0x0) timer_create$auto(0xfffffff9, 0x0, 0x0) ioctl$auto_PPPIOCSCOMPRESS(r1, 0x4010744d, 0x0) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:<\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xadCl\x9e\xeb\xcd\vp\x99\x00\xc8\x06\xa5\xdc3\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0A\x94\xa3\xaef\x87\xd8\x95I\xfd\xa8\t\xac\x87\xb7\x1d\xd5\x83\xdcyu]\xde\xbe\xbf$<.}\x8b`\x04\xfc\xa2\xab\xb5]\x80\x00\xb9D\xc5\xbc\xf2a\xd66\xa5\xd3\xc1r\x96\x1e\x8db\x05=`\x01\x11\x04Tz\x87A$\x115\x95PUf\xa7\xfe\x19\x00\x82go}@W\xd5\xaej\x01\xbf>5n\x17S\xc0\x8a\xaf%O\xd1W\xa3ua+sUJ\xea\xf9\xb7p-\x128\x9d\xbaM_\xff\x1c\xc3sG\x04\xf2\xd3\xf3{;\xd4\xd7\x1c\x1dZ\xe9\xe9\xc9\x9cu5\xe9\xa2\xb3N\xd2\xc1\xc8\xa5\xadt\xd5BKD\x86\xeb%\a*\x06\xbb\x1e\xfb\x11U\f&\xcbP\xf1\xcf\xccb\xe8Wb\xc5ae\xe3\xf9l\xa9vK\xed\x8cL\xfb%g\x83;\xe1\xe2w\xd6\xaa6\x16\x8fx\x1a\xd7\xc8\xf4[\xbc\b\xe1Z\x92\x14Q\xdef\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(r2, 0xc0305710, &(0x7f0000000ac0)={0x2, 0x4000, 0x0, 0x1, 0x169f, "6664572c0cf7be35d38f622e"}) r4 = socket(0xa, 0x2, 0x0) setsockopt$auto(r4, 0x29, 0x12, 0x0, 0x1) r5 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000001c0), r3) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004640)={0x14, r5, 0x300, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x200088c4}, 0x4) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) mincore$auto(0x1000, 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.595132873s ago: executing program 1 (id=690): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) ioctl$auto(r1, 0x4b66, 0x1) write$auto(0x1, 0x0, 0x80000000) bpf$auto(0x0, 0x0, 0x6f4) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) readv$auto(r0, 0x0, 0x401) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) ioctl$auto_SNDCTL_DSP_GETOSPACE(0xffffffffffffffff, 0x8010500c, &(0x7f0000004040)) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x100000000002, 0x783, 0x3, 0x8000000008011, r2, 0x40) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x1) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000080)={{0x0, 0xc, 0x0, 0xf3, 0x0, 0x20, 0x3}, 0x5b3}, 0x200, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) recvmmsg$auto(r3, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 1.375752613s ago: executing program 0 (id=691): mmap$auto(0x7ff, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) connect$auto(0x4, 0x0, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0xa, 0x6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/auth.unix.ip/flush\x00', 0x2000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xc, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) ioctl$auto_XFS_IOC_FREESP64(r0, 0x40305825, &(0x7f0000000040)={0x8, 0x6, 0xf, 0x3, 0xf6, 0xffffffffffffffff}) prctl$auto(0x400, 0x7fff, r1, 0x10000, 0x100000000000007) madvise$auto(0x0, 0xffffffffffff0005, 0x19) bind$auto(0x3, 0x0, 0x6a) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x20) 786.376941ms ago: executing program 3 (id=692): mmap$auto(0xfffffffffffffff9, 0x400008, 0xdf, 0x4a56, 0x2, 0x8000) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000500), 0x400000, 0x0) timer_create$auto(0xfffffff9, 0x0, 0x0) ioctl$auto_PPPIOCSCOMPRESS(r1, 0x4010744d, 0x0) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:<\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xadCl\x9e\xeb\xcd\vp\x99\x00\xc8\x06\xa5\xdc3\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0A\x94\xa3\xaef\x87\xd8\x95I\xfd\xa8\t\xac\x87\xb7\x1d\xd5\x83\xdcyu]\xde\xbe\xbf$<.}\x8b`\x04\xfc\xa2\xab\xb5]\x80\x00\xb9D\xc5\xbc\xf2a\xd66\xa5\xd3\xc1r\x96\x1e\x8db\x05=`\x01\x11\x04Tz\x87A$\x115\x95PUf\xa7\xfe\x19\x00\x82go}@W\xd5\xaej\x01\xbf>5n\x17S\xc0\x8a\xaf%O\xd1W\xa3ua+sUJ\xea\xf9\xb7p-\x128\x9d\xbaM_\xff\x1c\xc3sG\x04\xf2\xd3\xf3{;\xd4\xd7\x1c\x1dZ\xe9\xe9\xc9\x9cu5\xe9\xa2\xb3N\xd2\xc1\xc8\xa5\xadt\xd5BKD\x86\xeb%\a*\x06\xbb\x1e\xfb\x11U\f&\xcbP\xf1\xcf\xccb\xe8Wb\xc5ae\xe3\xf9l\xa9vK\xed\x8cL\xfb%g\x83;\xe1\xe2w\xd6\xaa6\x16\x8fx\x1a\xd7\xc8\xf4[\xbc\b\xe1Z\x92\x14Q\xdef\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(r2, 0xc0305710, &(0x7f0000000ac0)={0x2, 0x4000, 0x0, 0x1, 0x169f, "6664572c0cf7be35d38f622e"}) r4 = socket(0xa, 0x2, 0x0) setsockopt$auto(r4, 0x29, 0x12, 0x0, 0x1) r5 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000001c0), r3) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004640)={0x14, r5, 0x300, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x200088c4}, 0x4) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) mincore$auto(0x1000, 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) 723.358257ms ago: executing program 2 (id=693): openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x22d02, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x80, 0x104, 0x6, 0x20000000003}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x60100, 0x0) read$auto_vhci_fops_hci_vhci(r1, &(0x7f0000000d40)=""/16, 0x10) mmap$auto(0x0, 0x8000000000020006, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fsconfig$auto_SHMEM_HUGE_WITHIN_SIZE(r0, 0xffffffff, &(0x7f0000000040)='\x00', &(0x7f0000000100)="3d70aa42ea72d62d7d2fe39f29603dff8f97c1b1b50e7e992be3959f9d7ee99631dcfa2436c0c16d6b7ce4ee4ec8cf2014a1b7042667e1556a1e592d73cb9181caa36be823fa68b77e63ca01d8a165e47bc429172f0e53852fb397d6dcaa0527abb4ca74db06a015a927aef31bc4804bb0595644acb2b83cbe1a201edd1befdc2cd21c360f43fbfbde7672c5485582b3b5e1f57505c660d153201f663f086f8d37a45d457285063c7ab32e0a0ccec8488beacb7556197bb94b0d63ae87ff5c7af0509687", 0x2) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio12\x00', 0x0, 0x0) poll$auto(&(0x7f0000000480)={r2, 0xffff, 0x29}, 0x3, 0x8) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x80, 0xfc0000001, 0x10000000003, 0x200004000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/card1\x00', 0x101002, 0x0) ioctl$auto(r3, 0x9000643a, 0xc35) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ttyc7/dev\x00', 0x4000, 0x0) getpid() close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0x2, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 524.965626ms ago: executing program 3 (id=694): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/system/node/node0/vmstat\x00', 0x40000, 0x0) mmap$auto(0xffffffffffffffff, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0x14, 0xfffffffffffffffa, 0x8000) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/snd_aloop.0/sound/card1/id\x00', 0x48a22, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x2a482, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0xfffffdef) r1 = openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x204000, 0x0) write$auto(r1, &(0x7f00000001c0)='/sys/devices/platform/snd_aloop.0/sound/card1/id\x00', 0x6) write$auto(r0, 0x0, 0x3) r2 = socket(0x1d, 0x2, 0x7) getsockopt$auto(r2, 0x6b, 0xdc5a, 0xfffffffffffffffe, 0x0) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) r3 = open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x1bf) r4 = socket(0x15, 0x5, 0x0) syz_genetlink_get_family_id$auto_wireguard(&(0x7f00000013c0), r4) getsockopt$auto(r4, 0x114, 0x2717, 0xfffffffffffffffc, 0x0) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000080), r4) close_range$auto(r3, 0x8, 0x0) clone3$auto(&(0x7f00000000c0)={0x2, 0x4, 0x5, 0x101, 0xfffffffffffffffe, 0x101, 0x10001, 0x9, 0xb5c9, 0x0, 0x100}, 0x6) open(&(0x7f0000000800)='./file0\x00', 0x183242, 0x154) 246.62089ms ago: executing program 3 (id=695): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x401, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x200, 0x200007, 0x19) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x931a42, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) r0 = openat$auto_dev_fops_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x60000, 0x0) read$auto_dev_fops_plock(r0, &(0x7f00000001c0)=""/132, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) pipe$auto(0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setfsgid$auto(0x0) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_FBIOPUTCMAP(r1, 0x4605, 0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x3, 0x9) write$auto(0x6, 0x0, 0x100000001) mmap$auto(0x42, 0x4, 0xffb, 0x8000000008012, 0x3, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/netlink\x00', 0x2000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000100)=""/135, 0x87) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8fg\x1b\x04\xad>\x96\xe9IG\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6\x00\x00\x00\x00\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xees\xf0\xc2\xad\xae\x99\xeb\xc5\xf0\"\x92\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6\x00\x00\x00', 0x0, 0x0) 208.738041ms ago: executing program 0 (id=696): socket$nl_generic(0x10, 0x3, 0x10) geteuid() open(0x0, 0x4a6280, 0x184) open(0x0, 0x40440, 0x40) fcntl$auto(0x3, 0x400, 0x1) truncate$auto(0x0, 0x7fff) r0 = gettid() ptrace$auto_PTRACE_POKETEXT(0x4, r0, 0x800, 0x9) acct$auto(&(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00') mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram5\x00', 0x12b241, 0x0) socketpair$auto(0x1, 0x1000, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x7, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x3) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r2, 0x0, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) syz_genetlink_get_family_id$auto_taskstats(0x0, 0xffffffffffffffff) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) fcntl$auto_F_SETLK(0xffffffffffffffff, 0x6, 0x0) pread64$auto(r1, 0x0, 0x2, 0xfffffffffffffffe) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) io_setup$auto(0xffff, 0x0) write$auto(0x3, 0x0, 0xfffffdef) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) 0s ago: executing program 3 (id=697): r0 = ioctl$auto_NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) mmap$auto(0x0, 0x88f, 0xffff, 0x9b72, r0, 0x8000) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020409, 0xa, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vidtv.0/i2c-0/new_device\x00', 0x2001, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/pcm0p/sub7/info\x00', 0x40000, 0x0) read$auto(r2, 0x0, 0x100000000) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x900, 0x0) mmap$auto(0x0, 0x580f, 0x1, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) read$auto(r3, 0x0, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x801, 0x84) iopl$auto(0x2) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) syslog$auto(0x3, 0x0, 0x5) r5 = set_tid_address$auto(0x0) r6 = syz_open_procfs$namespace(r5, &(0x7f0000000080)) mmap$auto(0x9, 0x400008, 0x43, 0x9b72, 0x2, 0x38f8d54d) fcntl$auto(0xffffffffffffffff, 0x402, 0x2) getdents$auto(r6, 0x0, 0x3f1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.93' (ED25519) to the list of known hosts. [ 124.910202][ T5830] cgroup: Unknown subsys name 'net' [ 125.108493][ T5830] cgroup: Unknown subsys name 'cpuset' [ 125.117951][ T5830] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 126.941901][ T5830] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 129.144965][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 129.152718][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 129.154886][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 129.184038][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 129.197889][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 129.204912][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 129.206641][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 129.213425][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 129.226834][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 129.234342][ T5854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 129.239885][ T5855] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 129.243419][ T5854] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 129.249466][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 129.255612][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 129.265416][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 129.273022][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 129.282752][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 129.297137][ T5854] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 129.309165][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 129.317143][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 129.898895][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 129.959128][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 130.073223][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 130.210312][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.217659][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.225728][ T5840] bridge_slave_0: entered allmulticast mode [ 130.233065][ T5840] bridge_slave_0: entered promiscuous mode [ 130.260116][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 130.285384][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.293039][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.300581][ T5840] bridge_slave_1: entered allmulticast mode [ 130.308068][ T5840] bridge_slave_1: entered promiscuous mode [ 130.340786][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.348145][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.355379][ T5841] bridge_slave_0: entered allmulticast mode [ 130.362554][ T5841] bridge_slave_0: entered promiscuous mode [ 130.409881][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.417215][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.424895][ T5841] bridge_slave_1: entered allmulticast mode [ 130.432844][ T5841] bridge_slave_1: entered promiscuous mode [ 130.442629][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.520734][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.530593][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.538644][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.546181][ T5850] bridge_slave_0: entered allmulticast mode [ 130.553580][ T5850] bridge_slave_0: entered promiscuous mode [ 130.592845][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.600383][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.607662][ T5850] bridge_slave_1: entered allmulticast mode [ 130.615516][ T5850] bridge_slave_1: entered promiscuous mode [ 130.630259][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.642895][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.719804][ T5840] team0: Port device team_slave_0 added [ 130.729531][ T5840] team0: Port device team_slave_1 added [ 130.765560][ T5841] team0: Port device team_slave_0 added [ 130.788169][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.799973][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.809914][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.818364][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.825776][ T5842] bridge_slave_0: entered allmulticast mode [ 130.832984][ T5842] bridge_slave_0: entered promiscuous mode [ 130.842262][ T5841] team0: Port device team_slave_1 added [ 130.881016][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.888588][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.895927][ T5842] bridge_slave_1: entered allmulticast mode [ 130.903561][ T5842] bridge_slave_1: entered promiscuous mode [ 130.925446][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 130.932392][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 130.958355][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 131.011924][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 131.019649][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.045853][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 131.059822][ T5850] team0: Port device team_slave_0 added [ 131.082907][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 131.089954][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.116002][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 131.139005][ T5850] team0: Port device team_slave_1 added [ 131.147505][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.157617][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 131.164659][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.191258][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 131.226612][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.311988][ T5842] team0: Port device team_slave_0 added [ 131.318520][ T5849] Bluetooth: hci0: command tx timeout [ 131.324391][ T5847] Bluetooth: hci2: command tx timeout [ 131.345137][ T5840] hsr_slave_0: entered promiscuous mode [ 131.351646][ T5840] hsr_slave_1: entered promiscuous mode [ 131.360512][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 131.367882][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.394395][ T5849] Bluetooth: hci1: command tx timeout [ 131.394728][ T5849] Bluetooth: hci3: command tx timeout [ 131.400686][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 131.418567][ T5842] team0: Port device team_slave_1 added [ 131.463232][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 131.470512][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.496829][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 131.533010][ T5841] hsr_slave_0: entered promiscuous mode [ 131.539460][ T5841] hsr_slave_1: entered promiscuous mode [ 131.546268][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 131.554129][ T5841] Cannot create hsr debugfs directory [ 131.589725][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 131.597045][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.623648][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 131.637473][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 131.644819][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.670851][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 131.787030][ T5850] hsr_slave_0: entered promiscuous mode [ 131.793693][ T5850] hsr_slave_1: entered promiscuous mode [ 131.799897][ T5850] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 131.807563][ T5850] Cannot create hsr debugfs directory [ 131.884023][ T5842] hsr_slave_0: entered promiscuous mode [ 131.890484][ T5842] hsr_slave_1: entered promiscuous mode [ 131.898135][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 131.906373][ T5842] Cannot create hsr debugfs directory [ 132.209836][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 132.245266][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 132.279691][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 132.311497][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 132.407487][ T5841] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 132.424450][ T5841] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 132.436502][ T5841] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 132.449021][ T5841] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 132.546750][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 132.572538][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 132.584558][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 132.628623][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 132.707207][ T5842] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 132.723008][ T5842] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 132.740403][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.758568][ T5842] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 132.782925][ T5842] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 132.804826][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 132.859222][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.866457][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.890130][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.897299][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.931077][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.979091][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.011032][ T4950] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.018297][ T4950] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.057097][ T4950] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.064311][ T4950] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.138952][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.263179][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.289845][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.330059][ T4950] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.337337][ T4950] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.353667][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.390710][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.398027][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.406055][ T5849] Bluetooth: hci0: command tx timeout [ 133.411547][ T5849] Bluetooth: hci2: command tx timeout [ 133.440725][ T1324] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.447988][ T1324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.468254][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.475559][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.475997][ T5849] Bluetooth: hci3: command tx timeout [ 133.485068][ T5847] Bluetooth: hci1: command tx timeout [ 133.680667][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.865530][ T5840] veth0_vlan: entered promiscuous mode [ 133.939005][ T5840] veth1_vlan: entered promiscuous mode [ 134.009178][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 134.085408][ T5840] veth0_macvtap: entered promiscuous mode [ 134.104565][ T5840] veth1_macvtap: entered promiscuous mode [ 134.164775][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 134.191233][ T5841] veth0_vlan: entered promiscuous mode [ 134.222404][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 134.245019][ T5841] veth1_vlan: entered promiscuous mode [ 134.257422][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 134.275569][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 134.293472][ T5840] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.304010][ T5840] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.312738][ T5840] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.322714][ T5840] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.427969][ T5842] veth0_vlan: entered promiscuous mode [ 134.458356][ T5850] veth0_vlan: entered promiscuous mode [ 134.468164][ T5841] veth0_macvtap: entered promiscuous mode [ 134.483516][ T5842] veth1_vlan: entered promiscuous mode [ 134.511521][ T5850] veth1_vlan: entered promiscuous mode [ 134.538343][ T5841] veth1_macvtap: entered promiscuous mode [ 134.569859][ T4950] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.589795][ T4950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.647827][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 134.659407][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.673326][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 134.698555][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.709489][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.721114][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 134.747230][ T5841] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.756502][ T5841] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.768940][ T5841] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.777735][ T5841] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.792380][ T1324] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.800773][ T1324] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.812294][ T5842] veth0_macvtap: entered promiscuous mode [ 134.832980][ T5850] veth0_macvtap: entered promiscuous mode [ 134.850888][ T5842] veth1_macvtap: entered promiscuous mode [ 134.863653][ T5850] veth1_macvtap: entered promiscuous mode [ 134.918712][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 134.927454][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 134.944840][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.954859][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 134.965446][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.977251][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 134.993364][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 135.010462][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.022363][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 135.033068][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.042950][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 135.053911][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.068462][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 135.102190][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.125556][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.139943][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.150459][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.164930][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 135.182906][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.195175][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.208565][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.220959][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.230922][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.243858][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.255763][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 135.295436][ T4950] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.303283][ T4950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.322555][ T5842] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.335740][ T5842] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.346701][ T5842] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.357466][ T5842] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.380790][ T5850] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.392253][ T5850] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.408383][ T5850] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.423947][ T5850] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.465357][ T5907] mmap: syz.3.4 (5907) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 135.477382][ T5847] Bluetooth: hci2: command tx timeout [ 135.490926][ T5847] Bluetooth: hci0: command tx timeout [ 135.508601][ T1012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.524852][ T1012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.554114][ T5847] Bluetooth: hci1: command tx timeout [ 135.554489][ T5849] Bluetooth: hci3: command tx timeout [ 135.768446][ T1012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.768486][ T1012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.891713][ T1012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.909178][ T1012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.948189][ T1012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.957241][ T1012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.044894][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 136.085943][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.114516][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 137.124476][ T0] NOHZ tick-stop error: local softirq work is pending, handler #3c2!!! [ 137.374274][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 137.394765][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 137.404894][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 137.554050][ T5849] Bluetooth: hci0: command tx timeout [ 137.560188][ T5932] netlink: 'syz.1.2': attribute type 11 has an invalid length. [ 137.564671][ T5849] Bluetooth: hci2: command tx timeout [ 137.642298][ T5849] Bluetooth: hci3: command tx timeout [ 137.647824][ T5849] Bluetooth: hci1: command tx timeout [ 137.743877][ T5932] netlink: 'syz.1.2': attribute type 11 has an invalid length. [ 137.751516][ T5932] netlink: 'syz.1.2': attribute type 11 has an invalid length. [ 137.810736][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.818093][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.944104][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 137.955034][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 138.052643][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 138.065531][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 138.091132][ T5938] random: crng reseeded on system resumption [ 138.251285][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      [ 160.876049][ T6217] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 160.897198][ T6217] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 161.008643][ T6217] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 161.394389][ T6217] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 161.402978][ T6217] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 161.617042][ T6217] Bluetooth: hci3: Opcode 0x0406 failed: -4 syzkaller syzkaller login: [ 162.358302][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 162.756868][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 162.914074][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 163.515406][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 164.342322][ T6248] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 164.434084][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 164.834034][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 165.001817][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 165.553986][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 166.517725][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 166.933880][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 167.084096][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 167.217770][ T6276] mkiss: ax0: crc mode is auto. [ 167.637209][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 167.814369][ T6295] random: crng reseeded on system resumption [ 170.343936][ T6319] could not allocate digest TFM handle [ 171.691172][ T6319] netlink: 28 bytes leftover after parsing attributes in process `syz.2.69'. [ 172.867250][ T6366] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[6366] [ 172.901985][ T6349] Device name cannot be null; rc = [-22] [ 177.802129][ T6436] : Can't lookup blockdev [ 178.526924][ T6434] sd 0:0:1:0: PR command failed: 1026 [ 178.532368][ T6434] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 178.614029][ T6434] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 179.216240][ T6446] kernel read not supported for file /set_event_notrace_pid (pid: 6446 comm: syz.3.83) [ 179.271513][ T30] audit: type=1800 audit(6042286763.660:2): pid=6446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.83" name="set_event_notrace_pid" dev="tracefs" ino=12 res=0 errno=0 [ 182.762647][ T6483] netlink: 'syz.1.88': attribute type 2 has an invalid length. [ 187.928528][ T6531] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 188.071966][ T6531] CIFS mount error: No usable UNC path provided in device string! [ 188.071966][ T6531] [ 188.194548][ T6531] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 190.889868][ T6530] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 190.896920][ T6530] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 190.902943][ T6530] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 190.937533][ T6530] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 191.242647][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 192.354900][ T6566] Invalid ELF header magic: != ELF [ 192.687336][ T6571] netlink: 354 bytes leftover after parsing attributes in process `syz.1.104'. [ 192.726011][ T6569] netlink: 28 bytes leftover after parsing attributes in process `syz.0.103'. [ 192.915978][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 192.924103][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 192.930393][ T6569] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode [ 192.995875][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 193.473418][ T6587] netlink: 28 bytes leftover after parsing attributes in process `syz.0.107'. [ 193.615333][ T6587] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 193.622999][ T6587] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 193.675840][ T6587] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 193.693511][ T6587] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 195.572709][ T6604] zswap: compressor not available [ 195.584776][ T6607] Setting dangerous option i915.mitigations - tainting kernel [ 196.893949][ T6642] Setting dangerous option i915.mitigations - tainting kernel [ 196.932757][ T6643] Invalid ELF header magic: != ELF [ 198.339985][ T6643] smc: net device syz_tun applied user defined pnetid E [ 199.121375][ T6681] cougar: G6 mapped to space [ 199.159479][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 199.237768][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.244400][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.348441][ T6699] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7ff5cdd2d pfn:0x78000 [ 200.368881][ T6699] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 200.440643][ T6699] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 200.510354][ T6699] raw: 00000007ff5cdd2d 0000000000000000 0000000400000002 0000000000000000 [ 200.582929][ T6699] page dumped because: unmovable page [ 200.648006][ T6699] page_owner tracks the page as allocated [ 200.763181][ T6699] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5835, tgid 5835 (syz-executor), ts 128498313360, free_ts 128290307054 [ 200.849055][ T6699] post_alloc_hook+0x181/0x1b0 [ 200.861766][ T6699] get_page_from_freelist+0x135c/0x3920 [ 200.876647][ T6699] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 200.942862][ T6699] alloc_pages_mpol+0x1fb/0x550 [ 201.080371][ T6699] alloc_pages_noprof+0x131/0x390 [ 201.118976][ T6699] __vmalloc_node_range_noprof+0x732/0x1540 [ 201.169794][ T6699] vmalloc_user_noprof+0x6b/0x90 [ 201.223406][ T6699] kcov_ioctl+0x4c/0x730 [ 201.336746][ T6699] __x64_sys_ioctl+0x193/0x200 [ 201.355906][ T6699] do_syscall_64+0xcd/0x230 [ 201.360506][ T6699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.424100][ T6699] page last free pid 5830 tgid 5830 stack trace: [ 201.431087][ T6699] free_unref_folios+0x999/0x1630 [ 201.453878][ T6699] folios_put_refs+0x56f/0x740 [ 201.458841][ T6699] free_pages_and_swap_cache+0x245/0x4a0 [ 201.524725][ T6699] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 201.530961][ T6699] tlb_finish_mmu+0x168/0x7b0 [ 201.538901][ T6699] vms_clear_ptes+0x55e/0x770 [ 201.543799][ T6699] vms_complete_munmap_vmas+0x1ca/0x970 [ 201.549366][ T6699] do_vmi_align_munmap+0x43b/0x7d0 [ 201.555835][ T6699] do_vmi_munmap+0x208/0x3e0 [ 201.560510][ T6699] __vm_munmap+0x19a/0x390 [ 201.565071][ T6699] __x64_sys_munmap+0x59/0x80 [ 201.569783][ T6699] do_syscall_64+0xcd/0x230 [ 201.575709][ T6699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.580235][ T6751] FAULT_INJECTION: forcing a failure. [ 204.580235][ T6751] name failslab, interval 1, probability 0, space 0, times 0 [ 204.598842][ T6751] CPU: 0 UID: 0 PID: 6751 Comm: syz.1.133 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 204.598906][ T6751] Tainted: [U]=USER [ 204.598917][ T6751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 204.598936][ T6751] Call Trace: [ 204.598947][ T6751] [ 204.598966][ T6751] dump_stack_lvl+0x16c/0x1f0 [ 204.599022][ T6751] should_fail_ex+0x512/0x640 [ 204.599070][ T6751] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 204.599110][ T6751] should_failslab+0xc2/0x120 [ 204.599152][ T6751] __kmalloc_cache_noprof+0x6a/0x3e0 [ 204.599187][ T6751] ? devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 204.599238][ T6751] devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 204.599286][ T6751] devlink_fmsg_u64_pair_put+0x270/0x2f0 [ 204.599332][ T6751] ? __pfx_devlink_fmsg_u64_pair_put+0x10/0x10 [ 204.599382][ T6751] ? devlink_fmsg_nest_common.part.0+0xcd/0x1e0 [ 204.599434][ T6751] nsim_dev_dummy_fmsg_put+0x61/0x1e0 [ 204.599477][ T6751] devlink_health_do_dump+0x243/0x620 [ 204.599530][ T6751] devlink_health_report+0x3c9/0x9c0 [ 204.599585][ T6751] ? __pfx_devlink_health_report+0x10/0x10 [ 204.599633][ T6751] ? _copy_from_user+0x59/0xd0 [ 204.599692][ T6751] nsim_dev_health_break_write+0x166/0x210 [ 204.599733][ T6751] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 204.599788][ T6751] full_proxy_write+0x13c/0x200 [ 204.599833][ T6751] vfs_write+0x25c/0x1180 [ 204.599864][ T6751] ? __pfx_full_proxy_write+0x10/0x10 [ 204.599915][ T6751] ? __pfx___mutex_lock+0x10/0x10 [ 204.599967][ T6751] ? __pfx_vfs_write+0x10/0x10 [ 204.600015][ T6751] ? __fget_files+0x20e/0x3c0 [ 204.600059][ T6751] ksys_write+0x12a/0x240 [ 204.600092][ T6751] ? __pfx_ksys_write+0x10/0x10 [ 204.600123][ T6751] ? rcu_is_watching+0x12/0xc0 [ 204.600169][ T6751] do_syscall_64+0xcd/0x230 [ 204.600224][ T6751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.600257][ T6751] RIP: 0033:0x7f5a8178e969 [ 204.600284][ T6751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.600315][ T6751] RSP: 002b:00007f5a82647038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 204.600346][ T6751] RAX: ffffffffffffffda RBX: 00007f5a819b5fa0 RCX: 00007f5a8178e969 [ 204.600367][ T6751] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000005 [ 204.600386][ T6751] RBP: 00007f5a81810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 204.600406][ T6751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.600426][ T6751] R13: 0000000000000000 R14: 00007f5a819b5fa0 R15: 00007ffd0e666a38 [ 204.600471][ T6751] [ 205.630361][ T6746] bridge0: port 3(team0) entered blocking state [ 205.651645][ T6746] bridge0: port 3(team0) entered disabled state [ 205.684028][ T6746] team0: entered allmulticast mode [ 205.703591][ T6746] team_slave_0: entered allmulticast mode [ 205.718055][ T6746] team_slave_1: entered allmulticast mode [ 205.738402][ T6746] team0: entered promiscuous mode [ 205.753834][ T6746] team_slave_0: entered promiscuous mode [ 205.764551][ T6746] team_slave_1: entered promiscuous mode [ 205.773358][ T6746] bridge0: port 3(team0) entered blocking state [ 205.780000][ T6746] bridge0: port 3(team0) entered forwarding state [ 205.958290][ T6768] random: crng reseeded on system resumption [ 207.725671][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 208.475984][ T6809] netlink: 28 bytes leftover after parsing attributes in process `syz.3.142'. [ 208.659416][ T6810] FAULT_INJECTION: forcing a failure. [ 208.659416][ T6810] name failslab, interval 1, probability 0, space 0, times 0 [ 208.691416][ T6809] bond0: (slave bond_slave_1): Releasing backup interface [ 208.727775][ T6810] CPU: 1 UID: 0 PID: 6810 Comm: syz.3.142 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 208.727825][ T6810] Tainted: [U]=USER [ 208.727833][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 208.727846][ T6810] Call Trace: [ 208.727853][ T6810] [ 208.727861][ T6810] dump_stack_lvl+0x16c/0x1f0 [ 208.727899][ T6810] should_fail_ex+0x512/0x640 [ 208.727943][ T6810] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 208.727972][ T6810] should_failslab+0xc2/0x120 [ 208.727999][ T6810] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 208.728025][ T6810] ? alloc_inode+0xc3/0x240 [ 208.728059][ T6810] alloc_inode+0xc3/0x240 [ 208.728105][ T6810] iget_locked+0x2e4/0x830 [ 208.728132][ T6810] ? lockdep_hardirqs_on+0x7c/0x110 [ 208.728167][ T6810] ? __pfx_iget_locked+0x10/0x10 [ 208.728199][ T6810] ? find_held_lock+0x2b/0x80 [ 208.728222][ T6810] ? kernfs_find_and_get_node_by_id+0x1c3/0x3f0 [ 208.728255][ T6810] kernfs_get_inode+0x48/0x460 [ 208.728292][ T6810] kernfs_fh_to_dentry+0xf3/0x250 [ 208.728327][ T6810] exportfs_decode_fh_raw+0x167/0x890 [ 208.728349][ T6810] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 208.728385][ T6810] ? __pfx_kernfs_fh_to_dentry+0x10/0x10 [ 208.728419][ T6810] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 208.728476][ T6810] do_handle_open+0x75e/0xb70 [ 208.728512][ T6810] ? __pfx_do_handle_open+0x10/0x10 [ 208.728544][ T6810] ? __x64_sys_futex+0x1e0/0x4c0 [ 208.728573][ T6810] ? xfd_validate_state+0x5d/0x180 [ 208.728597][ T6810] ? rcu_is_watching+0x12/0xc0 [ 208.728625][ T6810] ? do_syscall_64+0xcd/0x230 [ 208.728658][ T6810] do_syscall_64+0xcd/0x230 [ 208.728697][ T6810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.728725][ T6810] RIP: 0033:0x7f1cd378e969 [ 208.728742][ T6810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.728763][ T6810] RSP: 002b:00007f1cd4546038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 208.728784][ T6810] RAX: ffffffffffffffda RBX: 00007f1cd39b6080 RCX: 00007f1cd378e969 [ 208.728799][ T6810] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000004 [ 208.728813][ T6810] RBP: 00007f1cd3810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 208.728827][ T6810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.728840][ T6810] R13: 0000000000000000 R14: 00007f1cd39b6080 R15: 00007ffc30739ef8 [ 208.728868][ T6810] [ 208.974474][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.521419][ T6813] random: crng reseeded on system resumption [ 209.547174][ T6813] FAULT_INJECTION: forcing a failure. [ 209.547174][ T6813] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 209.591335][ T6813] CPU: 1 UID: 0 PID: 6813 Comm: syz.0.143 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 209.591384][ T6813] Tainted: [U]=USER [ 209.591393][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.591410][ T6813] Call Trace: [ 209.591419][ T6813] [ 209.591431][ T6813] dump_stack_lvl+0x16c/0x1f0 [ 209.591480][ T6813] should_fail_ex+0x512/0x640 [ 209.591531][ T6813] should_fail_alloc_page+0xe7/0x130 [ 209.591572][ T6813] prepare_alloc_pages+0x3c2/0x610 [ 209.591619][ T6813] ? rcu_is_watching+0x12/0xc0 [ 209.591660][ T6813] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 209.591708][ T6813] ? stack_trace_save+0x8e/0xc0 [ 209.591741][ T6813] ? __pfx_stack_trace_save+0x10/0x10 [ 209.591771][ T6813] ? stack_depot_save_flags+0x28/0xa50 [ 209.591819][ T6813] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 209.591858][ T6813] ? kasan_save_stack+0x42/0x60 [ 209.591889][ T6813] ? kasan_save_stack+0x33/0x60 [ 209.591920][ T6813] ? kasan_save_track+0x14/0x30 [ 209.591957][ T6813] ? vfs_open+0x82/0x3f0 [ 209.591993][ T6813] ? path_openat+0x1e5e/0x2d40 [ 209.592019][ T6813] ? do_filp_open+0x20b/0x470 [ 209.592045][ T6813] ? do_sys_openat2+0x11b/0x1d0 [ 209.592082][ T6813] ? __x64_sys_openat+0x174/0x210 [ 209.592119][ T6813] ? do_syscall_64+0xcd/0x230 [ 209.592160][ T6813] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.592192][ T6813] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 209.592232][ T6813] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 209.592276][ T6813] ? policy_nodemask+0xea/0x4e0 [ 209.592315][ T6813] alloc_pages_mpol+0x1fb/0x550 [ 209.592353][ T6813] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 209.592401][ T6813] alloc_pages_noprof+0x131/0x390 [ 209.592439][ T6813] get_zeroed_page_noprof+0x14/0x50 [ 209.592480][ T6813] get_image_page+0x18/0x190 [ 209.592509][ T6813] alloc_rtree_node+0x3c/0xb0 [ 209.592537][ T6813] memory_bm_create+0x515/0x810 [ 209.592580][ T6813] create_basic_memory_bitmaps+0x10f/0x680 [ 209.592619][ T6813] snapshot_open+0x235/0x2b0 [ 209.592658][ T6813] ? __pfx_snapshot_open+0x10/0x10 [ 209.592694][ T6813] misc_open+0x35d/0x420 [ 209.592721][ T6813] ? __pfx_misc_open+0x10/0x10 [ 209.592747][ T6813] chrdev_open+0x231/0x6a0 [ 209.592779][ T6813] ? __pfx_apparmor_file_open+0x10/0x10 [ 209.592818][ T6813] ? __pfx_chrdev_open+0x10/0x10 [ 209.592854][ T6813] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 209.592906][ T6813] do_dentry_open+0x741/0x1c10 [ 209.592937][ T6813] ? __pfx_chrdev_open+0x10/0x10 [ 209.592995][ T6813] vfs_open+0x82/0x3f0 [ 209.593041][ T6813] path_openat+0x1e5e/0x2d40 [ 209.593087][ T6813] ? __pfx_path_openat+0x10/0x10 [ 209.593129][ T6813] do_filp_open+0x20b/0x470 [ 209.593161][ T6813] ? __pfx_do_filp_open+0x10/0x10 [ 209.593221][ T6813] ? alloc_fd+0x471/0x7d0 [ 209.593261][ T6813] do_sys_openat2+0x11b/0x1d0 [ 209.593303][ T6813] ? __pfx_do_sys_openat2+0x10/0x10 [ 209.593362][ T6813] __x64_sys_openat+0x174/0x210 [ 209.593405][ T6813] ? __pfx___x64_sys_openat+0x10/0x10 [ 209.593451][ T6813] ? rcu_is_watching+0x12/0xc0 [ 209.593492][ T6813] do_syscall_64+0xcd/0x230 [ 209.593541][ T6813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.593570][ T6813] RIP: 0033:0x7f167338e969 [ 209.593595][ T6813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.593625][ T6813] RSP: 002b:00007f1674192038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 209.593662][ T6813] RAX: ffffffffffffffda RBX: 00007f16735b5fa0 RCX: 00007f167338e969 [ 209.593687][ T6813] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 209.593708][ T6813] RBP: 00007f1673410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 209.593726][ T6813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.593744][ T6813] R13: 0000000000000000 R14: 00007f16735b5fa0 R15: 00007fff37a78788 [ 209.593785][ T6813] [ 209.720086][ T6822] FAULT_INJECTION: forcing a failure. [ 209.720086][ T6822] name failslab, interval 1, probability 0, space 0, times 0 [ 209.722596][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.751929][ T6822] CPU: 0 UID: 0 PID: 6822 Comm: syz.3.145 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 209.751980][ T6822] Tainted: [U]=USER [ 209.751991][ T6822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.752011][ T6822] Call Trace: [ 209.752021][ T6822] [ 209.752033][ T6822] dump_stack_lvl+0x16c/0x1f0 [ 209.752087][ T6822] should_fail_ex+0x512/0x640 [ 209.752141][ T6822] should_failslab+0xc2/0x120 [ 209.752183][ T6822] __kmalloc_cache_noprof+0x6a/0x3e0 [ 209.752213][ T6822] ? __pfx___might_resched+0x10/0x10 [ 209.752250][ T6822] ? cfcnfg_create+0x5e/0x500 [ 209.752301][ T6822] ? __pfx_caif_init_net+0x10/0x10 [ 209.752345][ T6822] cfcnfg_create+0x5e/0x500 [ 209.752395][ T6822] ? debug_mutex_init+0x37/0x70 [ 209.752425][ T6822] ? __pfx_caif_init_net+0x10/0x10 [ 209.752466][ T6822] caif_init_net+0x7d/0xe0 [ 209.752510][ T6822] ops_init+0x1df/0x5f0 [ 209.752558][ T6822] setup_net+0x21e/0x850 [ 209.752603][ T6822] ? __pfx_setup_net+0x10/0x10 [ 209.752640][ T6822] ? lockdep_init_map_type+0x5c/0x280 [ 209.752684][ T6822] ? __pfx_down_read_killable+0x10/0x10 [ 209.752722][ T6822] ? debug_mutex_init+0x37/0x70 [ 209.752755][ T6822] copy_net_ns+0x2a6/0x5f0 [ 209.752804][ T6822] create_new_namespaces+0x3ea/0xad0 [ 209.752850][ T6822] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 209.752891][ T6822] ksys_unshare+0x45b/0xa40 [ 209.752937][ T6822] ? __pfx_ksys_unshare+0x10/0x10 [ 209.752980][ T6822] ? xfd_validate_state+0x5d/0x180 [ 209.753015][ T6822] ? rcu_is_watching+0x12/0xc0 [ 209.753054][ T6822] __x64_sys_unshare+0x31/0x40 [ 209.753097][ T6822] do_syscall_64+0xcd/0x230 [ 209.753148][ T6822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.753180][ T6822] RIP: 0033:0x7f1cd378e969 [ 209.753205][ T6822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.753237][ T6822] RSP: 002b:00007f1cd4525038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 209.753267][ T6822] RAX: ffffffffffffffda RBX: 00007f1cd39b6160 RCX: 00007f1cd378e969 [ 209.753288][ T6822] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 209.753307][ T6822] RBP: 00007f1cd3810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 209.753326][ T6822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.753344][ T6822] R13: 0000000000000000 R14: 00007f1cd39b6160 R15: 00007ffc30739ef8 [ 209.753391][ T6822] [ 210.232729][ C1] vkms_vblank_simulate: vblank timer overrun [ 215.153892][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 215.678703][ T6890] FAULT_INJECTION: forcing a failure. [ 215.678703][ T6890] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 215.732264][ T6890] CPU: 0 UID: 0 PID: 6890 Comm: syz.3.154 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 215.732316][ T6890] Tainted: [U]=USER [ 215.732326][ T6890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 215.732343][ T6890] Call Trace: [ 215.732353][ T6890] [ 215.732364][ T6890] dump_stack_lvl+0x16c/0x1f0 [ 215.732415][ T6890] should_fail_ex+0x512/0x640 [ 215.732466][ T6890] should_fail_alloc_page+0xe7/0x130 [ 215.732509][ T6890] prepare_alloc_pages+0x3c2/0x610 [ 215.732557][ T6890] ? rcu_is_watching+0x12/0xc0 [ 215.732590][ T6890] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 215.732628][ T6890] ? kasan_save_stack+0x42/0x60 [ 215.732660][ T6890] ? kasan_save_track+0x14/0x30 [ 215.732691][ T6890] ? __kasan_kmalloc+0xaa/0xb0 [ 215.732720][ T6890] ? __kvmalloc_node_noprof+0x279/0x600 [ 215.732750][ T6890] ? relay_open_buf.part.0+0x194/0xb90 [ 215.732783][ T6890] ? relay_open+0x653/0xad0 [ 215.732814][ T6890] ? do_blk_trace_setup+0x503/0xb50 [ 215.732859][ T6890] ? blk_trace_setup+0xed/0x1b0 [ 215.732883][ T6890] ? blk_trace_ioctl+0x146/0x280 [ 215.732910][ T6890] ? blkdev_ioctl+0x108/0x6d0 [ 215.732944][ T6890] ? __x64_sys_ioctl+0x193/0x200 [ 215.732983][ T6890] ? do_syscall_64+0xcd/0x230 [ 215.733027][ T6890] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.733071][ T6890] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 215.733145][ T6890] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 215.733188][ T6890] ? policy_nodemask+0xea/0x4e0 [ 215.733231][ T6890] alloc_pages_mpol+0x1fb/0x550 [ 215.733287][ T6890] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 215.733325][ T6890] ? __kvmalloc_node_noprof+0x296/0x600 [ 215.733358][ T6890] ? trace_kmalloc+0x2b/0xd0 [ 215.733398][ T6890] ? __kvmalloc_node_noprof.cold+0x5f/0x65 [ 215.733438][ T6890] ? relay_open_buf.part.0+0x194/0xb90 [ 215.733478][ T6890] alloc_pages_noprof+0x131/0x390 [ 215.733517][ T6890] relay_open_buf.part.0+0x262/0xb90 [ 215.733568][ T6890] relay_open+0x653/0xad0 [ 215.733602][ T6890] ? debugfs_create_file_full+0x41/0x60 [ 215.733653][ T6890] do_blk_trace_setup+0x503/0xb50 [ 215.733707][ T6890] blk_trace_setup+0xed/0x1b0 [ 215.733735][ T6890] ? __pfx_blk_trace_setup+0x10/0x10 [ 215.733761][ T6890] ? __pfx_snprintf+0x10/0x10 [ 215.733821][ T6890] blk_trace_ioctl+0x146/0x280 [ 215.733851][ T6890] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 215.733887][ T6890] ? find_held_lock+0x2b/0x80 [ 215.733916][ T6890] ? hook_file_ioctl_common+0x145/0x410 [ 215.733956][ T6890] blkdev_ioctl+0x108/0x6d0 [ 215.733991][ T6890] ? __pfx_blkdev_ioctl+0x10/0x10 [ 215.734033][ T6890] ? __pfx_blkdev_ioctl+0x10/0x10 [ 215.734080][ T6890] __x64_sys_ioctl+0x193/0x200 [ 215.734125][ T6890] do_syscall_64+0xcd/0x230 [ 215.734174][ T6890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.734204][ T6890] RIP: 0033:0x7f1cd378e969 [ 215.734227][ T6890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.734256][ T6890] RSP: 002b:00007f1cd4567038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 215.734284][ T6890] RAX: ffffffffffffffda RBX: 00007f1cd39b5fa0 RCX: 00007f1cd378e969 [ 215.734303][ T6890] RDX: 00002000000000c0 RSI: 00000000c0481273 RDI: 0000000000000006 [ 215.734321][ T6890] RBP: 00007f1cd3810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 215.734338][ T6890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 215.734355][ T6890] R13: 0000000000000000 R14: 00007f1cd39b5fa0 R15: 00007ffc30739ef8 [ 215.734395][ T6890] [ 216.076829][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.112214][ T6892] Invalid ELF header magic: != ELF syzkaller syzkaller login: [ 216.588106][ T6896] netlink: 4 bytes leftover after parsing attributes in process `syz.0.156'. [ 216.900898][ T6899] openvswitch: netlink: Key type 29 is not supported [ 217.258894][ T6902] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7ff5cdd2d pfn:0x78000 [ 217.289187][ T6902] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 217.321230][ T6902] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 217.330222][ T6902] raw: 00000007ff5cdd2d 0000000000000000 0000000400000002 0000000000000000 [ 217.375603][ T6902] page dumped because: unmovable page [ 217.381096][ T6902] page_owner tracks the page as allocated [ 217.415401][ T6902] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5835, tgid 5835 (syz-executor), ts 128498313360, free_ts 128290307054 [ 217.453748][ T6902] post_alloc_hook+0x181/0x1b0 [ 217.458582][ T6902] get_page_from_freelist+0x135c/0x3920 [ 217.486676][ T6902] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 217.492651][ T6902] alloc_pages_mpol+0x1fb/0x550 [ 217.500897][ T6902] alloc_pages_noprof+0x131/0x390 [ 217.514128][ T6902] __vmalloc_node_range_noprof+0x732/0x1540 [ 217.533747][ T6902] vmalloc_user_noprof+0x6b/0x90 [ 217.539512][ T6902] kcov_ioctl+0x4c/0x730 [ 217.552395][ T6902] __x64_sys_ioctl+0x193/0x200 [ 217.576243][ T6902] do_syscall_64+0xcd/0x230 [ 217.580834][ T6902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.623855][ T6902] page last free pid 5830 tgid 5830 stack trace: [ 217.630248][ T6902] free_unref_folios+0x999/0x1630 [ 217.657755][ T6902] folios_put_refs+0x56f/0x740 [ 217.662591][ T6902] free_pages_and_swap_cache+0x245/0x4a0 [ 217.704811][ T6902] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 217.710876][ T6902] tlb_finish_mmu+0x168/0x7b0 [ 217.714024][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 217.768065][ T6902] vms_clear_ptes+0x55e/0x770 [ 217.772836][ T6902] vms_complete_munmap_vmas+0x1ca/0x970 [ 217.845014][ T6902] do_vmi_align_munmap+0x43b/0x7d0 [ 217.852467][ T6902] do_vmi_munmap+0x208/0x3e0 [ 217.881966][ T6902] __vm_munmap+0x19a/0x390 [ 217.993864][ T6902] __x64_sys_munmap+0x59/0x80 [ 218.008908][ T6902] do_syscall_64+0xcd/0x230 [ 218.013519][ T6902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.425763][ T6922] ======================================================= [ 219.425763][ T6922] WARNING: The mand mount option has been deprecated and [ 219.425763][ T6922] and is ignored by this kernel. Remove the mand [ 219.425763][ T6922] option from the mount to silence this warning. [ 219.425763][ T6922] ======================================================= [ 219.460652][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.584811][ T6926] netlink: 28 bytes leftover after parsing attributes in process `syz.0.162'. [ 220.593990][ T6926] bridge_slave_1: left allmulticast mode [ 220.599678][ T6926] bridge_slave_1: left promiscuous mode [ 220.608197][ T6926] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.634339][ T6926] bridge_slave_0: left allmulticast mode [ 220.640048][ T6926] bridge_slave_0: left promiscuous mode [ 220.663977][ T6926] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.403611][ T6949] random: crng reseeded on system resumption [ 222.547229][ T6949] FAULT_INJECTION: forcing a failure. [ 222.547229][ T6949] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 222.633558][ T6949] CPU: 1 UID: 0 PID: 6949 Comm: syz.3.166 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 222.633611][ T6949] Tainted: [U]=USER [ 222.633621][ T6949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 222.633638][ T6949] Call Trace: [ 222.633648][ T6949] [ 222.633660][ T6949] dump_stack_lvl+0x16c/0x1f0 [ 222.633715][ T6949] should_fail_ex+0x512/0x640 [ 222.633767][ T6949] should_fail_alloc_page+0xe7/0x130 [ 222.633811][ T6949] prepare_alloc_pages+0x3c2/0x610 [ 222.633860][ T6949] ? rcu_is_watching+0x12/0xc0 [ 222.633894][ T6949] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 222.633942][ T6949] ? stack_trace_save+0x8e/0xc0 [ 222.633974][ T6949] ? __pfx_stack_trace_save+0x10/0x10 [ 222.634006][ T6949] ? stack_depot_save_flags+0x28/0xa50 [ 222.634056][ T6949] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 222.634097][ T6949] ? kasan_save_stack+0x42/0x60 [ 222.634142][ T6949] ? kasan_save_stack+0x33/0x60 [ 222.634173][ T6949] ? kasan_save_track+0x14/0x30 [ 222.634211][ T6949] ? vfs_open+0x82/0x3f0 [ 222.634248][ T6949] ? path_openat+0x1e5e/0x2d40 [ 222.634275][ T6949] ? do_filp_open+0x20b/0x470 [ 222.634302][ T6949] ? do_sys_openat2+0x11b/0x1d0 [ 222.634341][ T6949] ? __x64_sys_openat+0x174/0x210 [ 222.634382][ T6949] ? do_syscall_64+0xcd/0x230 [ 222.634434][ T6949] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.634469][ T6949] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 222.634512][ T6949] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 222.634557][ T6949] ? policy_nodemask+0xea/0x4e0 [ 222.634599][ T6949] alloc_pages_mpol+0x1fb/0x550 [ 222.634639][ T6949] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 222.634690][ T6949] alloc_pages_noprof+0x131/0x390 [ 222.634731][ T6949] get_zeroed_page_noprof+0x14/0x50 [ 222.634775][ T6949] get_image_page+0x18/0x190 [ 222.634805][ T6949] alloc_rtree_node+0x3c/0xb0 [ 222.634836][ T6949] memory_bm_create+0x515/0x810 [ 222.634882][ T6949] create_basic_memory_bitmaps+0x10f/0x680 [ 222.634925][ T6949] snapshot_open+0x235/0x2b0 [ 222.634959][ T6949] ? __pfx_snapshot_open+0x10/0x10 [ 222.634997][ T6949] misc_open+0x35d/0x420 [ 222.635025][ T6949] ? __pfx_misc_open+0x10/0x10 [ 222.635053][ T6949] chrdev_open+0x231/0x6a0 [ 222.635084][ T6949] ? __pfx_apparmor_file_open+0x10/0x10 [ 222.635126][ T6949] ? __pfx_chrdev_open+0x10/0x10 [ 222.635163][ T6949] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 222.635218][ T6949] do_dentry_open+0x741/0x1c10 [ 222.635252][ T6949] ? __pfx_chrdev_open+0x10/0x10 [ 222.635295][ T6949] vfs_open+0x82/0x3f0 [ 222.635341][ T6949] path_openat+0x1e5e/0x2d40 [ 222.635393][ T6949] ? __pfx_path_openat+0x10/0x10 [ 222.635437][ T6949] do_filp_open+0x20b/0x470 [ 222.635468][ T6949] ? __pfx_do_filp_open+0x10/0x10 [ 222.635531][ T6949] ? alloc_fd+0x471/0x7d0 [ 222.635570][ T6949] do_sys_openat2+0x11b/0x1d0 [ 222.635612][ T6949] ? __pfx_do_sys_openat2+0x10/0x10 [ 222.635671][ T6949] __x64_sys_openat+0x174/0x210 [ 222.635716][ T6949] ? __pfx___x64_sys_openat+0x10/0x10 [ 222.635760][ T6949] ? rcu_is_watching+0x12/0xc0 [ 222.635801][ T6949] do_syscall_64+0xcd/0x230 [ 222.635850][ T6949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.635881][ T6949] RIP: 0033:0x7f1cd378e969 [ 222.635904][ T6949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.635934][ T6949] RSP: 002b:00007f1cd4567038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 222.635962][ T6949] RAX: ffffffffffffffda RBX: 00007f1cd39b5fa0 RCX: 00007f1cd378e969 [ 222.635982][ T6949] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 222.636002][ T6949] RBP: 00007f1cd3810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 222.636020][ T6949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 222.636038][ T6949] R13: 0000000000000000 R14: 00007f1cd39b5fa0 R15: 00007ffc30739ef8 [ 222.636077][ T6949] [ 223.726974][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 225.085594][ T6980] CIFS mount error: No usable UNC path provided in device string! [ 225.085594][ T6980] [ 225.118837][ T6980] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 229.663902][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 231.716129][ T5849] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 231.953464][ T7059] futex_wake_op: syz.1.185 tries to shift op by 64; fix this program [ 235.130299][ T7093] FAULT_INJECTION: forcing a failure. [ 235.130299][ T7093] name failslab, interval 1, probability 0, space 0, times 0 [ 235.154162][ T7093] CPU: 0 UID: 0 PID: 7093 Comm: syz.3.190 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 235.154210][ T7093] Tainted: [U]=USER [ 235.154220][ T7093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 235.154236][ T7093] Call Trace: [ 235.154245][ T7093] [ 235.154257][ T7093] dump_stack_lvl+0x16c/0x1f0 [ 235.154305][ T7093] should_fail_ex+0x512/0x640 [ 235.154347][ T7093] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 235.154390][ T7093] should_failslab+0xc2/0x120 [ 235.154425][ T7093] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 235.154463][ T7093] ? __addrconf_sysctl_register+0xbb/0x360 [ 235.154497][ T7093] kmemdup_noprof+0x29/0x60 [ 235.154530][ T7093] __addrconf_sysctl_register+0xbb/0x360 [ 235.154565][ T7093] ? __pfx___addrconf_sysctl_register+0x10/0x10 [ 235.154598][ T7093] ? addrconf_init_net+0x1e9/0x8f0 [ 235.154629][ T7093] ? __asan_memcpy+0x3c/0x60 [ 235.154658][ T7093] addrconf_init_net+0x513/0x8f0 [ 235.154691][ T7093] ? __pfx_addrconf_init_net+0x10/0x10 [ 235.154721][ T7093] ops_init+0x1df/0x5f0 [ 235.154761][ T7093] setup_net+0x21e/0x850 [ 235.154801][ T7093] ? __pfx_setup_net+0x10/0x10 [ 235.154834][ T7093] ? lockdep_init_map_type+0x5c/0x280 [ 235.154874][ T7093] ? __pfx_down_read_killable+0x10/0x10 [ 235.154906][ T7093] ? debug_mutex_init+0x37/0x70 [ 235.154938][ T7093] copy_net_ns+0x2a6/0x5f0 [ 235.154990][ T7093] create_new_namespaces+0x3ea/0xad0 [ 235.155030][ T7093] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 235.155066][ T7093] ksys_unshare+0x45b/0xa40 [ 235.155105][ T7093] ? __pfx_ksys_unshare+0x10/0x10 [ 235.155141][ T7093] ? xfd_validate_state+0x5d/0x180 [ 235.155170][ T7093] ? rcu_is_watching+0x12/0xc0 [ 235.155206][ T7093] __x64_sys_unshare+0x31/0x40 [ 235.155244][ T7093] do_syscall_64+0xcd/0x230 [ 235.155288][ T7093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.155316][ T7093] RIP: 0033:0x7f1cd378e969 [ 235.155337][ T7093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.155364][ T7093] RSP: 002b:00007f1cd4567038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 235.155390][ T7093] RAX: ffffffffffffffda RBX: 00007f1cd39b5fa0 RCX: 00007f1cd378e969 [ 235.155408][ T7093] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 235.155425][ T7093] RBP: 00007f1cd3810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 235.155442][ T7093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 235.155458][ T7093] R13: 0000000000000000 R14: 00007f1cd39b5fa0 R15: 00007ffc30739ef8 [ 235.155495][ T7093] [ 236.547226][ T7107] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 236.593891][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 237.591748][ T7123] netlink: 4 bytes leftover after parsing attributes in process `syz.2.196'. [ 237.605299][ T7123] netlink: 354 bytes leftover after parsing attributes in process `syz.2.196'. [ 241.082745][ T7165] FAULT_INJECTION: forcing a failure. [ 241.082745][ T7165] name failslab, interval 1, probability 0, space 0, times 0 [ 241.098830][ T7165] CPU: 1 UID: 0 PID: 7165 Comm: syz.2.202 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 241.098880][ T7165] Tainted: [U]=USER [ 241.098891][ T7165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 241.098909][ T7165] Call Trace: [ 241.098918][ T7165] [ 241.098929][ T7165] dump_stack_lvl+0x16c/0x1f0 [ 241.098980][ T7165] should_fail_ex+0x512/0x640 [ 241.099028][ T7165] ? __kmalloc_noprof+0xbf/0x510 [ 241.099067][ T7165] ? lsm_blob_alloc+0x68/0x90 [ 241.099094][ T7165] should_failslab+0xc2/0x120 [ 241.099139][ T7165] __kmalloc_noprof+0xd2/0x510 [ 241.099185][ T7165] lsm_blob_alloc+0x68/0x90 [ 241.099224][ T7165] security_sk_alloc+0x30/0x270 [ 241.099258][ T7165] sk_prot_alloc+0xfb/0x2a0 [ 241.099314][ T7165] sk_alloc+0x36/0xc20 [ 241.099345][ T7165] inet6_create+0x381/0x1300 [ 241.099405][ T7165] ? inet6_create+0x7f/0x1300 [ 241.099439][ T7165] __sock_create+0x338/0x8d0 [ 241.099490][ T7165] inet_ctl_sock_create+0x94/0x230 [ 241.099544][ T7165] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 241.099580][ T7165] ? lockdep_init_map_type+0x5c/0x280 [ 241.099621][ T7165] ? do_init_timer+0xc9/0x110 [ 241.099653][ T7165] ? __pfx_sctp_ctrlsock_init+0x10/0x10 [ 241.099692][ T7165] sctp_ctrlsock_init+0x40/0xf0 [ 241.099734][ T7165] ops_init+0x1df/0x5f0 [ 241.099775][ T7165] setup_net+0x21e/0x850 [ 241.099832][ T7165] ? __pfx_setup_net+0x10/0x10 [ 241.099867][ T7165] ? lockdep_init_map_type+0x5c/0x280 [ 241.099909][ T7165] ? __pfx_down_read_killable+0x10/0x10 [ 241.099942][ T7165] ? debug_mutex_init+0x37/0x70 [ 241.099975][ T7165] copy_net_ns+0x2a6/0x5f0 [ 241.100021][ T7165] create_new_namespaces+0x3ea/0xad0 [ 241.100062][ T7165] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 241.100098][ T7165] ksys_unshare+0x45b/0xa40 [ 241.100139][ T7165] ? __pfx_ksys_unshare+0x10/0x10 [ 241.100179][ T7165] ? xfd_validate_state+0x5d/0x180 [ 241.100210][ T7165] ? rcu_is_watching+0x12/0xc0 [ 241.100248][ T7165] __x64_sys_unshare+0x31/0x40 [ 241.100290][ T7165] do_syscall_64+0xcd/0x230 [ 241.100339][ T7165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.100370][ T7165] RIP: 0033:0x7f2fe4f8e969 [ 241.100403][ T7165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.100432][ T7165] RSP: 002b:00007f2fe5d85038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 241.100461][ T7165] RAX: ffffffffffffffda RBX: 00007f2fe51b5fa0 RCX: 00007f2fe4f8e969 [ 241.100481][ T7165] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 241.100498][ T7165] RBP: 00007f2fe5010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 241.100517][ T7165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.100534][ T7165] R13: 0000000000000000 R14: 00007f2fe51b5fa0 R15: 00007ffdb5e8ead8 [ 241.100574][ T7165] [ 241.382596][ C1] vkms_vblank_simulate: vblank timer overrun [ 241.453830][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 242.207336][ T7182] ubi0: attaching mtd0 [ 242.214240][ T7182] ubi0: scanning is finished [ 242.218873][ T7182] ubi0: empty MTD device detected [ 242.255459][ T7183] netlink: 4 bytes leftover after parsing attributes in process `syz.3.203'. [ 242.300988][ T7183] netlink: 25 bytes leftover after parsing attributes in process `syz.3.203'. [ 242.451656][ T7182] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 242.545022][ T7182] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 242.552472][ T7182] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 242.559656][ T7182] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 242.567275][ T7182] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 242.574259][ T7182] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 242.582362][ T7182] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3778102668 [ 242.592599][ T7182] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 242.604382][ T7190] ubi0: background thread "ubi_bgt0d" started, PID 7190 [ 243.834365][ T5849] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 243.841730][ T30] audit: type=1800 audit(6042286836.237:3): pid=7197 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.206" name="dbroot" dev="configfs" ino=12036 res=0 errno=0 [ 243.916695][ T7199] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 243.980573][ T7201] netlink: 28 bytes leftover after parsing attributes in process `syz.2.206'. [ 244.131801][ T7208] netlink: 8 bytes leftover after parsing attributes in process `syz.1.207'. [ 244.651737][ T7200] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 244.809122][ T7214] FAULT_INJECTION: forcing a failure. [ 244.809122][ T7214] name failslab, interval 1, probability 0, space 0, times 0 [ 244.823091][ T7214] CPU: 1 UID: 0 PID: 7214 Comm: syz.0.208 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 244.823136][ T7214] Tainted: [U]=USER [ 244.823145][ T7214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 244.823170][ T7214] Call Trace: [ 244.823180][ T7214] [ 244.823190][ T7214] dump_stack_lvl+0x16c/0x1f0 [ 244.823239][ T7214] should_fail_ex+0x512/0x640 [ 244.823282][ T7214] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 244.823315][ T7214] should_failslab+0xc2/0x120 [ 244.823353][ T7214] __kmalloc_cache_noprof+0x6a/0x3e0 [ 244.823383][ T7214] ? fqdir_init+0x4f/0x1f0 [ 244.823423][ T7214] fqdir_init+0x4f/0x1f0 [ 244.823461][ T7214] lowpan_frags_init_net+0x2d/0x3a0 [ 244.823509][ T7214] ? __pfx_lowpan_frags_init_net+0x10/0x10 [ 244.823552][ T7214] ops_init+0x1df/0x5f0 [ 244.823595][ T7214] setup_net+0x21e/0x850 [ 244.823636][ T7214] ? __pfx_setup_net+0x10/0x10 [ 244.823674][ T7214] ? lockdep_init_map_type+0x5c/0x280 [ 244.823715][ T7214] ? __pfx_down_read_killable+0x10/0x10 [ 244.823745][ T7214] ? debug_mutex_init+0x37/0x70 [ 244.823778][ T7214] copy_net_ns+0x2a6/0x5f0 [ 244.823822][ T7214] create_new_namespaces+0x3ea/0xad0 [ 244.823865][ T7214] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 244.823902][ T7214] ksys_unshare+0x45b/0xa40 [ 244.823943][ T7214] ? __pfx_ksys_unshare+0x10/0x10 [ 244.823982][ T7214] ? xfd_validate_state+0x5d/0x180 [ 244.824012][ T7214] ? rcu_is_watching+0x12/0xc0 [ 244.824049][ T7214] __x64_sys_unshare+0x31/0x40 [ 244.824095][ T7214] do_syscall_64+0xcd/0x230 [ 244.824143][ T7214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.824173][ T7214] RIP: 0033:0x7f167338e969 [ 244.824196][ T7214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.824223][ T7214] RSP: 002b:00007f1674150038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 244.824250][ T7214] RAX: ffffffffffffffda RBX: 00007f16735b6160 RCX: 00007f167338e969 [ 244.824269][ T7214] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 244.824286][ T7214] RBP: 00007f1673410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 244.824303][ T7214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 244.824320][ T7214] R13: 0000000000000000 R14: 00007f16735b6160 R15: 00007fff37a78788 [ 244.824357][ T7214] [ 245.056580][ C1] vkms_vblank_simulate: vblank timer overrun [ 246.496404][ T7231] netlink: 28 bytes leftover after parsing attributes in process `syz.1.221'. [ 246.718400][ T7231] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 246.932987][ T7244] ptrace attach of "./syz-executor exec"[5842] was attempted by "./syz-executor exec"[7244] [ 249.131716][ C0] vcan0: j1939_tp_rxtimer: 0xffff888032cd0c00: rx timeout, send abort [ 249.141449][ C0] vcan0: j1939_tp_rxtimer: 0xffff888032cd1400: rx timeout, send abort [ 249.153911][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888032cd0c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 249.168889][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888032cd1400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 250.123989][ T7275] sp0: Synchronizing with TNC [ 250.210927][ T7275] [U] [ 250.888226][ T7284] FAULT_INJECTION: forcing a failure. [ 250.888226][ T7284] name failslab, interval 1, probability 0, space 0, times 0 [ 250.902333][ T7284] CPU: 0 UID: 0 PID: 7284 Comm: syz.2.222 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 250.902380][ T7284] Tainted: [U]=USER [ 250.902389][ T7284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 250.902406][ T7284] Call Trace: [ 250.902416][ T7284] [ 250.902427][ T7284] dump_stack_lvl+0x16c/0x1f0 [ 250.902476][ T7284] should_fail_ex+0x512/0x640 [ 250.902519][ T7284] ? __kmalloc_noprof+0xbf/0x510 [ 250.902556][ T7284] ? ops_init+0x77/0x5f0 [ 250.902590][ T7284] should_failslab+0xc2/0x120 [ 250.902628][ T7284] __kmalloc_noprof+0xd2/0x510 [ 250.902660][ T7284] ? debug_mutex_init+0x37/0x70 [ 250.902693][ T7284] ops_init+0x77/0x5f0 [ 250.902740][ T7284] setup_net+0x21e/0x850 [ 250.902781][ T7284] ? __pfx_setup_net+0x10/0x10 [ 250.902817][ T7284] ? lockdep_init_map_type+0x5c/0x280 [ 250.902855][ T7284] ? __pfx_down_read_killable+0x10/0x10 [ 250.902878][ T7284] ? debug_mutex_init+0x37/0x70 [ 250.902899][ T7284] copy_net_ns+0x2a6/0x5f0 [ 250.902930][ T7284] create_new_namespaces+0x3ea/0xad0 [ 250.902959][ T7284] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 250.902984][ T7284] ksys_unshare+0x45b/0xa40 [ 250.903012][ T7284] ? __pfx_ksys_unshare+0x10/0x10 [ 250.903038][ T7284] ? xfd_validate_state+0x5d/0x180 [ 250.903058][ T7284] ? rcu_is_watching+0x12/0xc0 [ 250.903083][ T7284] __x64_sys_unshare+0x31/0x40 [ 250.903110][ T7284] do_syscall_64+0xcd/0x230 [ 250.903142][ T7284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.903162][ T7284] RIP: 0033:0x7f2fe4f8e969 [ 250.903177][ T7284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.903196][ T7284] RSP: 002b:00007f2fe5d43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 250.903214][ T7284] RAX: ffffffffffffffda RBX: 00007f2fe51b6160 RCX: 00007f2fe4f8e969 [ 250.903227][ T7284] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 250.903238][ T7284] RBP: 00007f2fe5010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 250.903250][ T7284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 250.903261][ T7284] R13: 0000000000000000 R14: 00007f2fe51b6160 R15: 00007ffdb5e8ead8 [ 250.903287][ T7284] [ 252.245741][ T7304] netlink: 28 bytes leftover after parsing attributes in process `syz.0.226'. [ 252.392297][ T7305] FAULT_INJECTION: forcing a failure. [ 252.392297][ T7305] name failslab, interval 1, probability 0, space 0, times 0 [ 252.454989][ T7305] CPU: 0 UID: 0 PID: 7305 Comm: syz.0.226 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 252.455040][ T7305] Tainted: [U]=USER [ 252.455051][ T7305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 252.455068][ T7305] Call Trace: [ 252.455078][ T7305] [ 252.455089][ T7305] dump_stack_lvl+0x16c/0x1f0 [ 252.455140][ T7305] should_fail_ex+0x512/0x640 [ 252.455185][ T7305] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 252.455225][ T7305] should_failslab+0xc2/0x120 [ 252.455264][ T7305] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 252.455301][ T7305] ? __d_alloc+0x31/0xaa0 [ 252.455347][ T7305] __d_alloc+0x31/0xaa0 [ 252.455384][ T7305] __d_obtain_alias+0x119/0x6e0 [ 252.455424][ T7305] ? _raw_spin_unlock+0x28/0x50 [ 252.455467][ T7305] kernfs_fh_to_dentry+0x106/0x250 [ 252.455515][ T7305] exportfs_decode_fh_raw+0x167/0x890 [ 252.455544][ T7305] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 252.455593][ T7305] ? __pfx_kernfs_fh_to_dentry+0x10/0x10 [ 252.455640][ T7305] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 252.455720][ T7305] do_handle_open+0x75e/0xb70 [ 252.455767][ T7305] ? __pfx_do_handle_open+0x10/0x10 [ 252.455809][ T7305] ? __x64_sys_futex+0x1e0/0x4c0 [ 252.455848][ T7305] ? xfd_validate_state+0x5d/0x180 [ 252.455879][ T7305] ? rcu_is_watching+0x12/0xc0 [ 252.455918][ T7305] ? do_syscall_64+0xcd/0x230 [ 252.455961][ T7305] do_syscall_64+0xcd/0x230 [ 252.456014][ T7305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.456045][ T7305] RIP: 0033:0x7f167338e969 [ 252.456069][ T7305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.456100][ T7305] RSP: 002b:00007f1674171038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 252.456129][ T7305] RAX: ffffffffffffffda RBX: 00007f16735b6080 RCX: 00007f167338e969 [ 252.456149][ T7305] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000004 [ 252.456167][ T7305] RBP: 00007f1673410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 252.456185][ T7305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 252.456203][ T7305] R13: 0000000000000000 R14: 00007f16735b6080 R15: 00007fff37a78788 [ 252.456241][ T7305] [ 252.459913][ T7304] bond0: (slave bond_slave_1): Releasing backup interface [ 254.735349][ T13] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:1: bg 1: bad block bitmap checksum [ 254.781139][ T13] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1354 with max blocks 12 with error 74 [ 254.808174][ T13] EXT4-fs (sda1): This should not happen!! Data will be lost [ 254.808174][ T13] [ 255.222971][ T7337] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 255.800927][ T7338] sp0: Synchronizing with TNC [ 255.906403][ T7338] [U] [ 256.221323][ T7347] CIFS mount error: No usable UNC path provided in device string! [ 256.221323][ T7347] [ 256.239329][ T7347] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 257.798580][ T7374] kernel read not supported for file /set_event_notrace_pid (pid: 7374 comm: syz.2.238) [ 257.982125][ T30] audit: type=1800 audit(6042286850.377:4): pid=7374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.238" name="set_event_notrace_pid" dev="tracefs" ino=12 res=0 errno=0 [ 258.741648][ T7381] netlink: 28 bytes leftover after parsing attributes in process `syz.3.239'. [ 258.938430][ T7381] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 259.633806][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 260.686706][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.693094][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.937032][ T7437] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input11 [ 262.465565][ T7445] kernel read not supported for file /set_event_notrace_pid (pid: 7445 comm: syz.3.250) [ 262.534955][ T30] audit: type=1800 audit(6042286854.937:5): pid=7445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.250" name="set_event_notrace_pid" dev="tracefs" ino=12 res=0 errno=0 [ 264.273812][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 266.935205][ T7500] can: request_module (can-proto-0) failed. [ 267.092537][ T7500] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input12 [ 267.585382][ T5847] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 267.721007][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 268.339482][ T7515] netlink: 'syz.3.260': attribute type 11 has an invalid length. [ 268.347377][ T7515] netlink: 'syz.3.260': attribute type 11 has an invalid length. [ 268.386584][ T7515] netlink: 'syz.3.260': attribute type 11 has an invalid length. [ 268.779598][ T7532] random: crng reseeded on system resumption [ 273.449761][ T7605] netlink: 342 bytes leftover after parsing attributes in process `syz.3.269'. [ 275.439180][ T7629] program syz.2.274 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 278.246597][ T7660] CIFS mount error: No usable UNC path provided in device string! [ 278.246597][ T7660] [ 278.256769][ T7660] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 278.757725][ T7673] FAULT_INJECTION: forcing a failure. [ 278.757725][ T7673] name failslab, interval 1, probability 0, space 0, times 0 [ 278.777213][ T7673] CPU: 0 UID: 0 PID: 7673 Comm: syz.1.281 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 278.777258][ T7673] Tainted: [U]=USER [ 278.777268][ T7673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 278.777284][ T7673] Call Trace: [ 278.777293][ T7673] [ 278.777303][ T7673] dump_stack_lvl+0x16c/0x1f0 [ 278.777367][ T7673] should_fail_ex+0x512/0x640 [ 278.777423][ T7673] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 278.777456][ T7673] should_failslab+0xc2/0x120 [ 278.777492][ T7673] __kmalloc_cache_noprof+0x6a/0x3e0 [ 278.777522][ T7673] ? fqdir_init+0x4f/0x1f0 [ 278.777563][ T7673] fqdir_init+0x4f/0x1f0 [ 278.777601][ T7673] lowpan_frags_init_net+0x2d/0x3a0 [ 278.777649][ T7673] ? __pfx_lowpan_frags_init_net+0x10/0x10 [ 278.777695][ T7673] ops_init+0x1df/0x5f0 [ 278.777737][ T7673] setup_net+0x21e/0x850 [ 278.777778][ T7673] ? __pfx_setup_net+0x10/0x10 [ 278.777814][ T7673] ? lockdep_init_map_type+0x5c/0x280 [ 278.777853][ T7673] ? __pfx_down_read_killable+0x10/0x10 [ 278.777885][ T7673] ? debug_mutex_init+0x37/0x70 [ 278.777918][ T7673] copy_net_ns+0x2a6/0x5f0 [ 278.777962][ T7673] create_new_namespaces+0x3ea/0xad0 [ 278.778004][ T7673] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 278.778040][ T7673] ksys_unshare+0x45b/0xa40 [ 278.778087][ T7673] ? __pfx_ksys_unshare+0x10/0x10 [ 278.778125][ T7673] ? xfd_validate_state+0x5d/0x180 [ 278.778174][ T7673] ? rcu_is_watching+0x12/0xc0 [ 278.778213][ T7673] __x64_sys_unshare+0x31/0x40 [ 278.778256][ T7673] do_syscall_64+0xcd/0x230 [ 278.778304][ T7673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.778334][ T7673] RIP: 0033:0x7f5a8178e969 [ 278.778358][ T7673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.778387][ T7673] RSP: 002b:00007f5a82626038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 278.778415][ T7673] RAX: ffffffffffffffda RBX: 00007f5a819b6080 RCX: 00007f5a8178e969 [ 278.778435][ T7673] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 278.778453][ T7673] RBP: 00007f5a81810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 278.778471][ T7673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 278.778489][ T7673] R13: 0000000000000000 R14: 00007f5a819b6080 R15: 00007ffd0e666a38 [ 278.778528][ T7673] [ 278.924075][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 282.500718][ T7725] netlink: 'syz.0.289': attribute type 11 has an invalid length. [ 282.508661][ T7725] netlink: 'syz.0.289': attribute type 11 has an invalid length. [ 282.516729][ T7725] netlink: 'syz.0.289': attribute type 11 has an invalid length. [ 283.313916][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 283.627249][ T7731] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 286.322858][ T7754] CIFS mount error: No usable UNC path provided in device string! [ 286.322858][ T7754] [ 286.359415][ T7754] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 288.915303][ T7792] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 288.987795][ T7792] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 289.004377][ T7792] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 289.030736][ T7792] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 290.398802][ T7811] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 290.993779][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 290.999848][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 291.073835][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 291.082131][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 296.993825][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 297.578512][ T7889] program syz.3.321 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 298.866997][ T7908] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 298.915106][ T7908] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 298.921739][ T7908] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 298.983951][ T7908] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 300.927511][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 300.993821][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 300.993853][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 301.000836][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 301.079821][ T7930] netlink: 342 bytes leftover after parsing attributes in process `syz.0.320'. [ 303.055291][ T7972] program syz.0.326 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 303.692868][ T7979] Device name cannot be null; rc = [-22] [ 304.496815][ T7991] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 304.513375][ T7991] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 304.545625][ T7991] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 304.564563][ T7991] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 306.514644][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 306.520706][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 306.595948][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 306.602031][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 309.039811][ T8062] mkiss: ax0: crc mode is auto. [ 311.417825][ T8078] random: crng reseeded on system resumption [ 311.479264][ T8078] FAULT_INJECTION: forcing a failure. [ 311.479264][ T8078] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 311.632646][ T8078] CPU: 0 UID: 0 PID: 8078 Comm: syz.1.343 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 311.632702][ T8078] Tainted: [U]=USER [ 311.632712][ T8078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 311.632743][ T8078] Call Trace: [ 311.632754][ T8078] [ 311.632766][ T8078] dump_stack_lvl+0x16c/0x1f0 [ 311.632820][ T8078] should_fail_ex+0x512/0x640 [ 311.632877][ T8078] should_fail_alloc_page+0xe7/0x130 [ 311.632923][ T8078] prepare_alloc_pages+0x3c2/0x610 [ 311.632974][ T8078] ? rcu_is_watching+0x12/0xc0 [ 311.633011][ T8078] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 311.633065][ T8078] ? stack_trace_save+0x8e/0xc0 [ 311.633100][ T8078] ? __pfx_stack_trace_save+0x10/0x10 [ 311.633133][ T8078] ? stack_depot_save_flags+0x28/0xa50 [ 311.633188][ T8078] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 311.633234][ T8078] ? kasan_save_stack+0x42/0x60 [ 311.633268][ T8078] ? kasan_save_stack+0x33/0x60 [ 311.633301][ T8078] ? kasan_save_track+0x14/0x30 [ 311.633342][ T8078] ? vfs_open+0x82/0x3f0 [ 311.633380][ T8078] ? path_openat+0x1e5e/0x2d40 [ 311.633410][ T8078] ? do_filp_open+0x20b/0x470 [ 311.633440][ T8078] ? do_sys_openat2+0x11b/0x1d0 [ 311.633482][ T8078] ? __x64_sys_openat+0x174/0x210 [ 311.633527][ T8078] ? do_syscall_64+0xcd/0x230 [ 311.633573][ T8078] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.633609][ T8078] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 311.633654][ T8078] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 311.633702][ T8078] ? policy_nodemask+0xea/0x4e0 [ 311.633754][ T8078] alloc_pages_mpol+0x1fb/0x550 [ 311.633800][ T8078] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 311.633856][ T8078] alloc_pages_noprof+0x131/0x390 [ 311.633901][ T8078] get_zeroed_page_noprof+0x14/0x50 [ 311.633950][ T8078] get_image_page+0x18/0x190 [ 311.633984][ T8078] alloc_rtree_node+0x3c/0xb0 [ 311.634016][ T8078] memory_bm_create+0x515/0x810 [ 311.634067][ T8078] create_basic_memory_bitmaps+0x10f/0x680 [ 311.634113][ T8078] snapshot_open+0x235/0x2b0 [ 311.634152][ T8078] ? __pfx_snapshot_open+0x10/0x10 [ 311.634190][ T8078] misc_open+0x35d/0x420 [ 311.634221][ T8078] ? __pfx_misc_open+0x10/0x10 [ 311.634251][ T8078] chrdev_open+0x231/0x6a0 [ 311.634284][ T8078] ? __pfx_apparmor_file_open+0x10/0x10 [ 311.634330][ T8078] ? __pfx_chrdev_open+0x10/0x10 [ 311.634371][ T8078] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 311.634430][ T8078] do_dentry_open+0x741/0x1c10 [ 311.634467][ T8078] ? __pfx_chrdev_open+0x10/0x10 [ 311.634514][ T8078] vfs_open+0x82/0x3f0 [ 311.634564][ T8078] path_openat+0x1e5e/0x2d40 [ 311.634616][ T8078] ? __pfx_path_openat+0x10/0x10 [ 311.634660][ T8078] do_filp_open+0x20b/0x470 [ 311.634695][ T8078] ? __pfx_do_filp_open+0x10/0x10 [ 311.634769][ T8078] ? alloc_fd+0x471/0x7d0 [ 311.634813][ T8078] do_sys_openat2+0x11b/0x1d0 [ 311.634858][ T8078] ? __pfx_do_sys_openat2+0x10/0x10 [ 311.634923][ T8078] __x64_sys_openat+0x174/0x210 [ 311.634971][ T8078] ? __pfx___x64_sys_openat+0x10/0x10 [ 311.635022][ T8078] ? rcu_is_watching+0x12/0xc0 [ 311.635067][ T8078] do_syscall_64+0xcd/0x230 [ 311.635122][ T8078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.635156][ T8078] RIP: 0033:0x7f5a8178e969 [ 311.635182][ T8078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.635213][ T8078] RSP: 002b:00007f5a82647038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 311.635244][ T8078] RAX: ffffffffffffffda RBX: 00007f5a819b5fa0 RCX: 00007f5a8178e969 [ 311.635266][ T8078] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 311.635287][ T8078] RBP: 00007f5a81810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 311.635308][ T8078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 311.635327][ T8078] R13: 0000000000000000 R14: 00007f5a819b5fa0 R15: 00007ffd0e666a38 [ 311.635371][ T8078] [ 313.364811][ T8105] Invalid ELF header magic: != ELF [ 314.553981][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 314.840864][ T8121] netlink: 86 bytes leftover after parsing attributes in process `syz.0.351'. [ 314.881246][ T8121] netlink: 28 bytes leftover after parsing attributes in process `syz.0.351'. [ 319.953730][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 322.123276][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.129718][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.462513][ T8221] netlink: 28 bytes leftover after parsing attributes in process `syz.1.369'. [ 322.497513][ T8216] Setting dangerous option i915.mitigations - tainting kernel [ 323.154348][ T8221] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 323.161774][ T8221] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 323.833410][ T8221] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 323.935212][ T8221] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 324.256646][ T8242] cougar: G6 mapped to space [ 325.794270][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 326.148247][ T8248] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 326.159166][ T8248] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 326.184101][ T8248] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 326.199259][ T8248] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 327.032842][ T8280] sd 0:0:1:0: PR command failed: 1026 [ 327.040437][ T8280] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 327.047560][ T8280] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 327.154656][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 328.170645][ T8298] zswap: compressor not available [ 328.194211][ T8300] Setting dangerous option i915.mitigations - tainting kernel [ 328.202009][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 328.208175][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 328.273724][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 329.997072][ T8319] random: crng reseeded on system resumption [ 330.890557][ T8330] Invalid ELF header magic: != ELF [ 332.631525][ T8352] netlink: 28 bytes leftover after parsing attributes in process `syz.2.389'. [ 332.652466][ T8352] bridge_slave_1: left allmulticast mode [ 332.672579][ T8352] bridge_slave_1: left promiscuous mode [ 332.693042][ T8352] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.786500][ T8352] bridge_slave_0: left allmulticast mode [ 332.812964][ T8352] bridge_slave_0: left promiscuous mode [ 332.854875][ T8352] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.875359][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 337.145725][ T8410] netlink: 48 bytes leftover after parsing attributes in process `syz.2.397'. [ 339.149306][ T8436] can: request_module (can-proto-3) failed. [ 341.626052][ T8482] netlink: 12 bytes leftover after parsing attributes in process `syz.2.410'. [ 341.752743][ T8476] sd 0:0:1:0: PR command failed: 1026 [ 341.769742][ T8476] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 341.779235][ T8476] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 341.810645][ T8486] ubi: mtd0 is already attached to ubi0 [ 341.927020][ T8481] HfR: entered promiscuous mode [ 341.944207][ T8482] HfR: left promiscuous mode [ 342.356363][ T8485] HfR: entered promiscuous mode [ 344.034795][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 344.165505][ T8514] i2c i2c-0: delete_device: Can't find device in list [ 345.015849][ T8524] FAULT_INJECTION: forcing a failure. [ 345.015849][ T8524] name failslab, interval 1, probability 0, space 0, times 0 [ 345.028741][ T8524] CPU: 1 UID: 0 PID: 8524 Comm: syz.3.414 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 345.028784][ T8524] Tainted: [U]=USER [ 345.028794][ T8524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 345.028811][ T8524] Call Trace: [ 345.028821][ T8524] [ 345.028839][ T8524] dump_stack_lvl+0x16c/0x1f0 [ 345.028889][ T8524] should_fail_ex+0x512/0x640 [ 345.028933][ T8524] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 345.028967][ T8524] should_failslab+0xc2/0x120 [ 345.029006][ T8524] __kmalloc_cache_noprof+0x6a/0x3e0 [ 345.029037][ T8524] ? devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 345.029083][ T8524] devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 345.029125][ T8524] devlink_fmsg_string_pair_put+0x15b/0x1b0 [ 345.029171][ T8524] nsim_dev_dummy_fmsg_put+0x77/0x1e0 [ 345.029209][ T8524] devlink_health_do_dump+0x243/0x620 [ 345.029257][ T8524] devlink_health_report+0x3c9/0x9c0 [ 345.029306][ T8524] ? __pfx_devlink_health_report+0x10/0x10 [ 345.029356][ T8524] ? _copy_from_user+0x59/0xd0 [ 345.029417][ T8524] nsim_dev_health_break_write+0x166/0x210 [ 345.029450][ T8524] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 345.029496][ T8524] full_proxy_write+0x13c/0x200 [ 345.029535][ T8524] vfs_write+0x25c/0x1180 [ 345.029561][ T8524] ? __pfx_full_proxy_write+0x10/0x10 [ 345.029601][ T8524] ? __pfx___mutex_lock+0x10/0x10 [ 345.029645][ T8524] ? __pfx_vfs_write+0x10/0x10 [ 345.029685][ T8524] ? __fget_files+0x20e/0x3c0 [ 345.029723][ T8524] ksys_write+0x12a/0x240 [ 345.029751][ T8524] ? __pfx_ksys_write+0x10/0x10 [ 345.029778][ T8524] ? rcu_is_watching+0x12/0xc0 [ 345.029816][ T8524] do_syscall_64+0xcd/0x230 [ 345.029869][ T8524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.029898][ T8524] RIP: 0033:0x7f1cd378e969 [ 345.029920][ T8524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.029947][ T8524] RSP: 002b:00007f1cd4567038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 345.029974][ T8524] RAX: ffffffffffffffda RBX: 00007f1cd39b5fa0 RCX: 00007f1cd378e969 [ 345.029993][ T8524] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000005 [ 345.030010][ T8524] RBP: 00007f1cd3810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 345.030027][ T8524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 345.030043][ T8524] R13: 0000000000000000 R14: 00007f1cd39b5fa0 R15: 00007ffc30739ef8 [ 345.030081][ T8524] [ 345.277072][ C1] vkms_vblank_simulate: vblank timer overrun [ 349.240685][ T8587] netlink: 8 bytes leftover after parsing attributes in process `syz.2.424'. [ 349.890169][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 350.535953][ T8595] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 350.694302][ T8598] netlink: 8 bytes leftover after parsing attributes in process `syz.3.425'. [ 354.033886][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 354.805845][ T8648] zswap: compressor not available [ 354.851166][ T8650] Setting dangerous option i915.mitigations - tainting kernel [ 355.190007][ T8665] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 355.394424][ T8672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.436'. [ 355.513116][ T8668] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 355.553917][ T5847] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 356.031210][ T8679] netlink: 4 bytes leftover after parsing attributes in process `syz.2.437'. [ 356.116638][ T8679] netlink: 25 bytes leftover after parsing attributes in process `syz.2.437'. [ 357.376932][ T8695] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff81630bd9 (__mcheck_cpu_init_clear_banks+0x109/0x1f0) [ 357.392425][ T8695] Call Trace: [ 357.395710][ T8695] [ 357.398653][ T8695] mce_cpu_restart+0x98/0xb0 [ 357.403342][ T8695] ? __pfx_mce_cpu_restart+0x10/0x10 [ 357.408636][ T8695] smp_call_function_many_cond+0xd80/0x1290 [ 357.414562][ T8695] ? __pfx_mce_cpu_restart+0x10/0x10 [ 357.419871][ T8695] ? __pfx_mce_cpu_restart+0x10/0x10 [ 357.425171][ T8695] on_each_cpu_cond_mask+0x40/0x90 [ 357.430318][ T8695] set_bank+0x240/0x3a0 [ 357.434491][ T8695] ? __pfx_set_bank+0x10/0x10 [ 357.439187][ T8695] ? __pfx_set_bank+0x10/0x10 [ 357.443869][ T8695] dev_attr_store+0x58/0x80 [ 357.448388][ T8695] ? __pfx_dev_attr_store+0x10/0x10 [ 357.453609][ T8695] sysfs_kf_write+0xef/0x150 [ 357.458251][ T8695] kernfs_fop_write_iter+0x354/0x510 [ 357.463551][ T8695] ? __pfx_sysfs_kf_write+0x10/0x10 [ 357.468767][ T8695] vfs_write+0x5bd/0x1180 [ 357.473111][ T8695] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 357.478932][ T8695] ? __pfx___mutex_lock+0x10/0x10 [ 357.483977][ T8695] ? __pfx_vfs_write+0x10/0x10 [ 357.488770][ T8695] ksys_write+0x12a/0x240 [ 357.493141][ T8695] ? __pfx_ksys_write+0x10/0x10 [ 357.498004][ T8695] ? rcu_is_watching+0x12/0xc0 [ 357.502791][ T8695] do_syscall_64+0xcd/0x230 [ 357.507318][ T8695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.513223][ T8695] RIP: 0033:0x7f2fe4f8e969 [ 357.517668][ T8695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 357.537351][ T8695] RSP: 002b:00007f2fe5d64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 357.545798][ T8695] RAX: ffffffffffffffda RBX: 00007f2fe51b6080 RCX: 00007f2fe4f8e969 [ 357.553805][ T8695] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000016 [ 357.561791][ T8695] RBP: 00007f2fe5010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 357.569793][ T8695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 357.577770][ T8695] R13: 0000000000000000 R14: 00007f2fe51b6080 R15: 00007ffdb5e8ead8 [ 357.585761][ T8695] [ 357.716654][ T8694] Invalid input. Must be >= 4608 [ 358.612651][ T8709] zswap: compressor not available [ 358.620478][ T8712] Setting dangerous option i915.mitigations - tainting kernel [ 360.432525][ T8706] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 360.439154][ T8706] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 360.463907][ T8706] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 360.470032][ T8706] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 360.763725][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 362.513735][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 362.513783][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 362.519782][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 362.662694][ T8765] kernel read not supported for file /set_event_notrace_pid (pid: 8765 comm: syz.2.453) [ 362.689086][ T30] audit: type=1800 audit(6042286955.087:6): pid=8765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.453" name="set_event_notrace_pid" dev="tracefs" ino=12 res=0 errno=0 [ 365.556766][ T8787] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 365.563720][ T8787] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 365.570539][ T8787] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 365.577468][ T8787] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 366.923723][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 367.643795][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 367.649841][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 367.655880][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 368.581851][ T8851] capability: warning: `syz.3.466' uses 32-bit capabilities (legacy support in use) [ 373.506316][ T8920] zswap: compressor not available [ 373.512290][ T8922] Setting dangerous option i915.mitigations - tainting kernel [ 375.637074][ T8962] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 375.931238][ T8971] random: crng reseeded on system resumption [ 376.067177][ T8980] netlink: 8 bytes leftover after parsing attributes in process `syz.3.485'. [ 378.215219][ T9013] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 378.697704][ T9022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.490'. [ 379.012521][ T9016] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 383.567883][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.574326][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.908090][ T9110] FAULT_INJECTION: forcing a failure. [ 383.908090][ T9110] name failslab, interval 1, probability 0, space 0, times 0 [ 383.922621][ T9110] CPU: 0 UID: 0 PID: 9110 Comm: syz.0.505 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 383.922654][ T9110] Tainted: [U]=USER [ 383.922660][ T9110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 383.922672][ T9110] Call Trace: [ 383.922678][ T9110] [ 383.922686][ T9110] dump_stack_lvl+0x16c/0x1f0 [ 383.922719][ T9110] should_fail_ex+0x512/0x640 [ 383.922750][ T9110] ? __kvmalloc_node_noprof+0x122/0x600 [ 383.922775][ T9110] should_failslab+0xc2/0x120 [ 383.922800][ T9110] __kvmalloc_node_noprof+0x135/0x600 [ 383.922823][ T9110] ? bucket_table_alloc.isra.0+0x83/0x460 [ 383.922856][ T9110] ? bucket_table_alloc.isra.0+0x83/0x460 [ 383.922883][ T9110] bucket_table_alloc.isra.0+0x83/0x460 [ 383.922920][ T9110] rhashtable_init_noprof+0x41a/0x7e0 [ 383.922949][ T9110] ? __init_waitqueue_head+0xca/0x150 [ 383.922971][ T9110] rhltable_init_noprof+0x20/0x60 [ 383.923000][ T9110] sta_info_init+0x5f/0x160 [ 383.923031][ T9110] ieee80211_alloc_hw_nm+0x840/0x2260 [ 383.923051][ T9110] ? __local_bh_enable_ip+0xa4/0x120 [ 383.923078][ T9110] mac80211_hwsim_new_radio+0x1d4/0x54d0 [ 383.923122][ T9110] ? __asan_memset+0x23/0x50 [ 383.923142][ T9110] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 383.923183][ T9110] hwsim_new_radio_nl+0xb51/0x12c0 [ 383.923218][ T9110] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 383.923258][ T9110] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 383.923291][ T9110] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 383.923330][ T9110] genl_family_rcv_msg_doit+0x206/0x2f0 [ 383.923363][ T9110] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 383.923394][ T9110] ? trace_cap_capable+0x18d/0x200 [ 383.923422][ T9110] ? bpf_lsm_capable+0x9/0x10 [ 383.923449][ T9110] ? security_capable+0x7e/0x260 [ 383.923470][ T9110] ? ns_capable+0xd7/0x110 [ 383.923494][ T9110] genl_rcv_msg+0x55c/0x800 [ 383.923527][ T9110] ? __pfx_genl_rcv_msg+0x10/0x10 [ 383.923557][ T9110] ? __pfx___dev_queue_xmit+0x10/0x10 [ 383.923577][ T9110] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 383.923621][ T9110] ? __lock_acquire+0xaa4/0x1ba0 [ 383.923664][ T9110] netlink_rcv_skb+0x16d/0x440 [ 383.923691][ T9110] ? __pfx_genl_rcv_msg+0x10/0x10 [ 383.923722][ T9110] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 383.923761][ T9110] ? __pfx_down_read+0x10/0x10 [ 383.923780][ T9110] ? netlink_deliver_tap+0x1ae/0xd30 [ 383.923809][ T9110] genl_rcv+0x28/0x40 [ 383.923835][ T9110] netlink_unicast+0x53a/0x7f0 [ 383.923864][ T9110] ? __pfx_netlink_unicast+0x10/0x10 [ 383.923888][ T9110] ? __lock_acquire+0xaa4/0x1ba0 [ 383.923926][ T9110] netlink_sendmsg+0x8d1/0xdd0 [ 383.923956][ T9110] ? __pfx_netlink_sendmsg+0x10/0x10 [ 383.923993][ T9110] ____sys_sendmsg+0xa98/0xc70 [ 383.924024][ T9110] ? copy_msghdr_from_user+0x10a/0x160 [ 383.924048][ T9110] ? __pfx_____sys_sendmsg+0x10/0x10 [ 383.924091][ T9110] ___sys_sendmsg+0x134/0x1d0 [ 383.924116][ T9110] ? __pfx____sys_sendmsg+0x10/0x10 [ 383.924172][ T9110] __sys_sendmsg+0x16d/0x220 [ 383.924196][ T9110] ? __pfx___sys_sendmsg+0x10/0x10 [ 383.924219][ T9110] ? __x64_sys_futex+0x1e0/0x4c0 [ 383.924249][ T9110] ? rcu_is_watching+0x12/0xc0 [ 383.924275][ T9110] do_syscall_64+0xcd/0x230 [ 383.924307][ T9110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.924327][ T9110] RIP: 0033:0x7f167338e969 [ 383.924342][ T9110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.924361][ T9110] RSP: 002b:00007f1674192038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 383.924379][ T9110] RAX: ffffffffffffffda RBX: 00007f16735b5fa0 RCX: 00007f167338e969 [ 383.924392][ T9110] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000007 [ 383.924404][ T9110] RBP: 00007f1673410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 383.924415][ T9110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 383.924427][ T9110] R13: 0000000000000000 R14: 00007f16735b5fa0 R15: 00007fff37a78788 [ 383.924453][ T9110] [ 384.655573][ T9100] zswap: compressor not available [ 384.674566][ T9117] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 384.950858][ T9120] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 385.135684][ T9117] netlink: 8 bytes leftover after parsing attributes in process `syz.2.506'. [ 390.624668][ T9213] CIFS mount error: No usable UNC path provided in device string! [ 390.624668][ T9213] [ 390.751235][ T9213] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 394.273746][ T5847] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 394.593718][ T5849] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 395.603751][ T9295] Device name cannot be null; rc = [-22] [ 396.256350][ T9307] random: crng reseeded on system resumption [ 397.647961][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110                                                                                                          syzkaller syzkaller login: [ 413.767059][ T9549] netlink: 8 bytes leftover after parsing attributes in process `syz.2.568'. [ 413.827873][ T9551] netlink: 8 bytes leftover after parsing attributes in process `syz.2.568'. [ 414.069554][ T9552] Invalid ELF header magic: != ELF [ 414.194185][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 415.633807][ T5847] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 416.175564][ T9577] zswap: compressor not available [ 416.187247][ T9582] Setting dangerous option i915.mitigations - tainting kernel [ 416.945440][ T9607] can: request_module (can-proto-3) failed. [ 419.349843][ T9631] netlink: 'syz.0.581': attribute type 10 has an invalid length. [ 419.410586][ T9631] netlink: 230 bytes leftover after parsing attributes in process `syz.0.581'. [ 419.622342][ T9631] team0: Port device team_slave_1 removed [ 422.843692][ T5847] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 424.313274][ T1324] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:6: bg 2: bad block bitmap checksum [ 424.405382][ T1324] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 3126 with max blocks 1 with error 74 [ 424.418456][ T1324] EXT4-fs (sda1): This should not happen!! Data will be lost [ 424.418456][ T1324] [ 424.441380][ T9727] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 424.905966][ T9733] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 424.948121][ T9733] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 425.003345][ T9730] bond0: option all_slaves_active: invalid value () [ 428.673875][ T5847] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 431.896271][ T9840] input: f as /devices/virtual/input/input21 [ 432.043852][ T5847] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 432.852029][ T9852] zswap: compressor not available [ 432.873704][ T9856] Setting dangerous option i915.mitigations - tainting kernel syzkaller syzkaller login: [ 435.234419][ T5847] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 438.800029][ T9952] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.0.627: bg 3: bad block bitmap checksum [ 438.881668][ T9952] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 74 [ 438.894380][ T9952] EXT4-fs (sda1): This should not happen!! Data will be lost [ 438.894380][ T9952] [ 438.930138][ T9948] CIFS mount error: No usable UNC path provided in device string! [ 438.930138][ T9948] [ 438.940428][ T9948] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 441.467683][ T9979] zswap: compressor not available [ 441.626227][ T9985] Setting dangerous option i915.mitigations - tainting kernel [ 443.464797][T10018] page: refcount:4 mapcount:2 mapping:0000000000000000 index:0x7ff5cdd2d pfn:0x78000 [ 443.523693][T10018] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 443.578460][T10018] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 443.623646][T10018] raw: 00000007ff5cdd2d 0000000000000000 0000000400000001 0000000000000000 [ 443.672832][T10018] page dumped because: unmovable page [ 443.690762][T10018] page_owner tracks the page as allocated [ 443.712978][T10018] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5835, tgid 5835 (syz-executor), ts 128498313360, free_ts 128290307054 [ 443.749797][T10018] post_alloc_hook+0x181/0x1b0 [ 443.785799][T10018] get_page_from_freelist+0x135c/0x3920 [ 443.810938][T10018] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 443.926672][T10018] alloc_pages_mpol+0x1fb/0x550 [ 443.931621][T10018] alloc_pages_noprof+0x131/0x390 [ 443.936852][T10018] __vmalloc_node_range_noprof+0x732/0x1540 [ 443.942783][T10018] vmalloc_user_noprof+0x6b/0x90 [ 443.950544][T10018] kcov_ioctl+0x4c/0x730 [ 443.955136][T10018] __x64_sys_ioctl+0x193/0x200 [ 443.960072][T10018] do_syscall_64+0xcd/0x230 [ 443.964685][T10018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.970730][T10018] page last free pid 5830 tgid 5830 stack trace: [ 443.977533][T10018] free_unref_folios+0x999/0x1630 [ 443.982713][T10018] folios_put_refs+0x56f/0x740 [ 443.987890][T10018] free_pages_and_swap_cache+0x245/0x4a0 [ 444.017187][T10018] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 444.069398][T10018] tlb_finish_mmu+0x168/0x7b0 [ 444.114071][T10018] vms_clear_ptes+0x55e/0x770 [ 444.137576][T10018] vms_complete_munmap_vmas+0x1ca/0x970 [ 444.182470][T10018] do_vmi_align_munmap+0x43b/0x7d0 [ 444.248574][T10018] do_vmi_munmap+0x208/0x3e0 [ 444.253250][T10018] __vm_munmap+0x19a/0x390 [ 444.276387][T10018] __x64_sys_munmap+0x59/0x80 [ 444.283157][T10018] do_syscall_64+0xcd/0x230 [ 444.291373][T10018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.999143][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.005599][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.393714][ T5847] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 445.660418][T10053] zswap: compressor not available [ 445.743803][T10055] Setting dangerous option i915.mitigations - tainting kernel [ 449.392012][T10114] ubi0: detaching mtd0 [ 449.409677][T10114] ubi0: mtd0 is detached [ 450.009236][T10122] zswap: compressor not available [ 450.027028][T10124] Setting dangerous option i915.mitigations - tainting kernel [ 452.835498][T10164] Device name cannot be null; rc = [-22] [ 453.398344][ T5847] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 453.597067][T10172] busy [ 454.114119][ T5849] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 455.567268][T10194] netlink: 342 bytes leftover after parsing attributes in process `syz.1.668'. [ 459.624588][T10260] CIFS mount error: No usable UNC path provided in device string! [ 459.624588][T10260] [ 459.634886][T10260] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 460.949044][T10279] zswap: compressor not available [ 460.954515][T10285] Setting dangerous option i915.mitigations - tainting kernel [ 465.361786][T10361] Console: switching to colour VGA+ 80x25 [ 465.464177][T10361] ================================================================== [ 465.464194][T10361] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 465.464240][T10361] Read of size 6 at addr ffff8880262275b6 by task syz.0.696/10361 [ 465.464263][T10361] [ 465.464279][T10361] CPU: 0 UID: 0 PID: 10361 Comm: syz.0.696 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 465.464320][T10361] Tainted: [U]=USER [ 465.464329][T10361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 465.464345][T10361] Call Trace: [ 465.464354][T10361] [ 465.464365][T10361] dump_stack_lvl+0x116/0x1f0 [ 465.464409][T10361] print_report+0xc3/0x670 [ 465.464442][T10361] ? __virt_addr_valid+0x5e/0x590 [ 465.464485][T10361] ? __phys_addr+0xc6/0x150 [ 465.464524][T10361] ? fbcon_prepare_logo+0xa03/0xc70 [ 465.464560][T10361] kasan_report+0xe0/0x110 [ 465.464596][T10361] ? fbcon_prepare_logo+0xa03/0xc70 [ 465.464637][T10361] kasan_check_range+0xef/0x1a0 [ 465.464678][T10361] __asan_memcpy+0x23/0x60 [ 465.464705][T10361] fbcon_prepare_logo+0xa03/0xc70 [ 465.464748][T10361] fbcon_init+0xd77/0x1900 [ 465.464785][T10361] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 465.464820][T10361] visual_init+0x31d/0x620 [ 465.464847][T10361] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 465.464887][T10361] store_bind+0x61d/0x760 [ 465.464921][T10361] ? sysfs_file_kobj+0xe4/0x290 [ 465.464963][T10361] ? __pfx_store_bind+0x10/0x10 [ 465.464993][T10361] dev_attr_store+0x58/0x80 [ 465.465029][T10361] ? __pfx_dev_attr_store+0x10/0x10 [ 465.465064][T10361] sysfs_kf_write+0xef/0x150 [ 465.465105][T10361] kernfs_fop_write_iter+0x354/0x510 [ 465.465141][T10361] ? __pfx_sysfs_kf_write+0x10/0x10 [ 465.465184][T10361] vfs_write+0x5bd/0x1180 [ 465.465212][T10361] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 465.465252][T10361] ? __pfx___mutex_lock+0x10/0x10 [ 465.465293][T10361] ? __pfx_vfs_write+0x10/0x10 [ 465.465331][T10361] ksys_write+0x12a/0x240 [ 465.465358][T10361] ? __pfx_ksys_write+0x10/0x10 [ 465.465385][T10361] ? rcu_is_watching+0x12/0xc0 [ 465.465417][T10361] do_syscall_64+0xcd/0x230 [ 465.465466][T10361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.465494][T10361] RIP: 0033:0x7f167338e969 [ 465.465516][T10361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.465544][T10361] RSP: 002b:00007f1674171038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 465.465570][T10361] RAX: ffffffffffffffda RBX: 00007f16735b6080 RCX: 00007f167338e969 [ 465.465590][T10361] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 465.465608][T10361] RBP: 00007f1673410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 465.465626][T10361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 465.465643][T10361] R13: 0000000000000000 R14: 00007f16735b6080 R15: 00007fff37a78788 [ 465.465672][T10361] [ 465.465682][T10361] [ 465.465688][T10361] Allocated by task 12: [ 465.465701][T10361] kasan_save_stack+0x33/0x60 [ 465.465730][T10361] kasan_save_track+0x14/0x30 [ 465.465758][T10361] __kasan_kmalloc+0xaa/0xb0 [ 465.465785][T10361] ref_tracker_alloc+0x18e/0x5b0 [ 465.465826][T10361] dst_init+0xda/0x580 [ 465.465850][T10361] dst_alloc+0xbb/0x1a0 [ 465.465873][T10361] icmp6_dst_alloc+0x79/0x4f0 [ 465.465912][T10361] ndisc_send_skb+0x1372/0x1e40 [ 465.465948][T10361] ndisc_send_rs+0x129/0x670 [ 465.465986][T10361] addrconf_rs_timer+0x40d/0x840 [ 465.466018][T10361] call_timer_fn+0x19a/0x620 [ 465.466046][T10361] __run_timers+0x6ef/0x960 [ 465.466076][T10361] run_timer_base+0x114/0x190 [ 465.466106][T10361] run_timer_softirq+0x1a/0x40 [ 465.466137][T10361] handle_softirqs+0x219/0x8e0 [ 465.466166][T10361] __irq_exit_rcu+0x109/0x170 [ 465.466193][T10361] irq_exit_rcu+0x9/0x30 [ 465.466221][T10361] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 465.466256][T10361] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 465.466283][T10361] [ 465.466289][T10361] The buggy address belongs to the object at ffff888026227580 [ 465.466289][T10361] which belongs to the cache kmalloc-32 of size 32 [ 465.466311][T10361] The buggy address is located 22 bytes to the right of [ 465.466311][T10361] allocated 32-byte region [ffff888026227580, ffff8880262275a0) [ 465.466339][T10361] [ 465.466345][T10361] The buggy address belongs to the physical page: [ 465.466355][T10361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26227 [ 465.466378][T10361] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 465.466399][T10361] page_type: f5(slab) [ 465.466423][T10361] raw: 00fff00000000000 ffff88801b441780 dead000000000100 dead000000000122 [ 465.466447][T10361] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 465.466470][T10361] page dumped because: kasan: bad access detected [ 465.466482][T10361] page_owner tracks the page as allocated [ 465.466491][T10361] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 14099541435, free_ts 0 [ 465.466533][T10361] post_alloc_hook+0x181/0x1b0 [ 465.466561][T10361] get_page_from_freelist+0x135c/0x3920 [ 465.466592][T10361] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 465.466623][T10361] alloc_pages_mpol+0x1fb/0x550 [ 465.466655][T10361] new_slab+0x244/0x340 [ 465.466675][T10361] ___slab_alloc+0xd9c/0x1940 [ 465.466698][T10361] __slab_alloc.constprop.0+0x56/0xb0 [ 465.466722][T10361] __kmalloc_noprof+0x2f2/0x510 [ 465.466749][T10361] kobject_get_path+0xd2/0x2a0 [ 465.466790][T10361] kobject_uevent_env+0x289/0x1870 [ 465.466816][T10361] device_add+0x10dd/0x1a70 [ 465.466851][T10361] device_create_groups_vargs+0x1f8/0x270 [ 465.466891][T10361] device_create+0xed/0x130 [ 465.466926][T10361] bdi_register_va+0x114/0x820 [ 465.466965][T10361] bdi_register+0xc7/0x100 [ 465.467001][T10361] add_disk_fwnode+0xd74/0x13a0 [ 465.467039][T10361] page_owner free stack trace missing [ 465.467047][T10361] [ 465.467053][T10361] Memory state around the buggy address: [ 465.467067][T10361] ffff888026227480: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 465.467088][T10361] ffff888026227500: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 465.467109][T10361] >ffff888026227580: 00 00 00 00 fc fc fc fc 00 00 02 fc fc fc fc fc [ 465.467124][T10361] ^ [ 465.467139][T10361] ffff888026227600: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc [ 465.467159][T10361] ffff888026227680: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 465.467174][T10361] ================================================================== [ 465.467189][T10361] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 465.467208][T10361] CPU: 0 UID: 0 PID: 10361 Comm: syz.0.696 Tainted: G U 6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(full) [ 465.467251][T10361] Tainted: [U]=USER [ 465.467261][T10361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 465.467278][T10361] Call Trace: [ 465.467287][T10361] [ 465.467297][T10361] dump_stack_lvl+0x3d/0x1f0 [ 465.467339][T10361] panic+0x71c/0x800 [ 465.467378][T10361] ? __pfx_panic+0x10/0x10 [ 465.467421][T10361] ? __pfx__printk+0x10/0x10 [ 465.467471][T10361] ? fbcon_prepare_logo+0xa03/0xc70 [ 465.467507][T10361] check_panic_on_warn+0xab/0xb0 [ 465.467551][T10361] end_report+0x107/0x170 [ 465.467585][T10361] kasan_report+0xee/0x110 [ 465.467619][T10361] ? fbcon_prepare_logo+0xa03/0xc70 [ 465.467659][T10361] kasan_check_range+0xef/0x1a0 [ 465.467699][T10361] __asan_memcpy+0x23/0x60 [ 465.467726][T10361] fbcon_prepare_logo+0xa03/0xc70 [ 465.467769][T10361] fbcon_init+0xd77/0x1900 [ 465.467803][T10361] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 465.467835][T10361] visual_init+0x31d/0x620 [ 465.467860][T10361] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 465.467902][T10361] store_bind+0x61d/0x760 [ 465.467935][T10361] ? sysfs_file_kobj+0xe4/0x290 [ 465.467975][T10361] ? __pfx_store_bind+0x10/0x10 [ 465.468005][T10361] dev_attr_store+0x58/0x80 [ 465.468040][T10361] ? __pfx_dev_attr_store+0x10/0x10 [ 465.468076][T10361] sysfs_kf_write+0xef/0x150 [ 465.468117][T10361] kernfs_fop_write_iter+0x354/0x510 [ 465.468153][T10361] ? __pfx_sysfs_kf_write+0x10/0x10 [ 465.468213][T10361] vfs_write+0x5bd/0x1180 [ 465.468243][T10361] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 465.468281][T10361] ? __pfx___mutex_lock+0x10/0x10 [ 465.468326][T10361] ? __pfx_vfs_write+0x10/0x10 [ 465.468368][T10361] ksys_write+0x12a/0x240 [ 465.468396][T10361] ? __pfx_ksys_write+0x10/0x10 [ 465.468424][T10361] ? rcu_is_watching+0x12/0xc0 [ 465.468467][T10361] do_syscall_64+0xcd/0x230 [ 465.468516][T10361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.468547][T10361] RIP: 0033:0x7f167338e969 [ 465.468568][T10361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.468598][T10361] RSP: 002b:00007f1674171038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 465.468627][T10361] RAX: ffffffffffffffda RBX: 00007f16735b6080 RCX: 00007f167338e969 [ 465.468649][T10361] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 465.468668][T10361] RBP: 00007f1673410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 465.468688][T10361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 465.468707][T10361] R13: 0000000000000000 R14: 00007f16735b6080 R15: 00007fff37a78788 [ 465.468736][T10361] [ 465.469087][T10361] Kernel Offset: disabled