last executing test programs: 8.635865439s ago: executing program 1 (id=1827): r0 = open(&(0x7f0000000000)='./cgroup\x00', 0x480a80, 0xc6) ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, &(0x7f0000000040)={0x30000, '\x00', 0x202, 0x9, 0x81, 0xad, "705e5483760bdb84f9a425fe41d7d373"}) bpf$auto(0x10, &(0x7f00000000c0)=@link_detach={r0}, 0x40) 8.235351322s ago: executing program 1 (id=1830): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r1, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x4}, @ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x40}]}, 0x3c}, 0x1, 0x0, 0x700, 0x10}, 0x4040000) 7.258499023s ago: executing program 1 (id=1835): r0 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/ieee80211/phy9/user_power\x00', 0x6e0c82, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wg1\x00'}) sendmsg$auto_MACSEC_CMD_ADD_RXSA(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[], 0xf4}, 0x1, 0x0, 0x0, 0x4000}, 0xd0) mmap$auto(0x25d1, 0x4020009, 0xd8, 0xeb1, r1, 0x8000008000) timerfd_create$auto(0x9, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) r2 = openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x400007, 0x200df, 0x2000000014, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r3 = clone$auto(0x4, 0x80000001, 0x0, 0x0, 0xfff) move_pages$auto(r3, 0x3ff, 0x0, 0x0, 0x0, 0x2) write$auto(0x3, 0x0, 0x10007f) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000240)='\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\xcdD\xb9w\x11\x94k\x8a\xd8\x11\x8a\xc9\x1e\x8a\xe6\xa9\xf6\xc9\x7fB\vG\xb8\xed\x04\xecz\x9e\x93\xe7\nb\xc8\xc7\xdds\x16\xf5X\xa0\xfd\x8d&\xe3\b\x91\xf0X\x94\xb9$\x96|\x9f\xf8d\xe3W!\xfdB/\xc8l\xba\x1b', 0x1000000000000008) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x3, 0xc4, 0x1, 0x1ff, 0x7, 0x3ff, 0xffffffffffffffed, 0x4, 0x1000000, 0x80000000, 0x7, 0x6d40, 0xffffffffffff4860, 0x2, 0xdb]}, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) r4 = socket(0x5, 0x801, 0x400) poll$auto(&(0x7f0000000340)={r4, 0x3, 0x1003}, 0x4, 0x7fffffff) connect$auto(r5, &(0x7f00000001c0)=@isdn={0x22, 0x3, 0xb, 0x49, 0x1}, 0xa) unshare$auto(0x40000080) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r0, 0x0, 0x0) 7.127972227s ago: executing program 2 (id=1837): io_setup$auto(0x2, &(0x7f0000000040)=0x40) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) mmap$auto(0x2, 0x20009, 0x3, 0x15, r0, 0x7ffe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x1a9382, 0x0) r1 = getsockopt$auto_SO_BINDTOIFINDEX(0xffffffffffffffff, 0x9, 0x3e, &(0x7f0000000000)='--\x00', &(0x7f00000000c0)=0xca31) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r2 = socket(0xa, 0xb, 0x0) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) close_range$auto(r2, 0x8, 0x4) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x3, 0x6, 0x9, 0x0, 0xfb3) socket(0xa, 0x5, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x163700, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto_RTC_RD_TIME(0xffffffffffffffff, 0x80247009, 0x0) setrlimit$auto(0xb, 0x0) mincore$auto(0x1000, 0x8001, 0x0) gettid() sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, 0x38) close_range$auto(0x2, 0x8, 0x0) adjtimex$auto(&(0x7f00000004c0)={0x8, 0x0, 0x0, 0xb, 0xd4, 0x4000001, 0x6, 0x0, 0x1, 0x8000368e, 0x2, {0x3, 0x10000}, 0x5, 0x5, 0xfffffffffffffffd, 0x1008000, 0x0, 0x3a6, 0x81, 0xa, 0xa765, 0x7, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) 6.674244826s ago: executing program 2 (id=1840): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) writev$auto(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x5}, 0x4) r0 = socket(0x11, 0x3, 0x88) setsockopt$auto(r0, 0x107, 0x16, 0x0, 0x8) close_range$auto(0x2, 0x8000, 0x0) timerfd_create$auto_CLOCK_BOOTTIME_ALARM(0x9, 0x74f204d9) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) rt_sigaction$auto(0x5, &(0x7f0000000140)={&(0x7f0000000040)=0x0, 0x9, 0x0, {0x81}}, 0x0, 0x8) bind$auto(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x9, "cc00000008f0ffffff000100"}, 0x6b) r1 = gettid() socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) ioperm$auto(0xefdd, 0x4, 0xfffffffa) rt_sigqueueinfo$auto(r1, 0x1, 0x0) io_uring_setup$auto(0x1, 0x0) io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) 6.391246822s ago: executing program 0 (id=1841): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x402, 0x0, 0x1, 0x0) open(0x0, 0x163340, 0x2a) socket(0x2a, 0x2, 0x1) socket(0x23, 0x5, 0x0) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x3a) r1 = openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000040), 0x2003, 0x0) ioctl$auto(r1, 0x6f2d, 0xffffffffffffffff) openat$auto_dmaengine_summary_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x800000, 0x0) socket(0x2, 0x6, 0x0) r2 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r2, @new_prog_fd=0x4, 0xffffff13, @old_prog_fd=r0}, 0xa3) bpf$auto(0x4, &(0x7f0000000140)=@query={@target_ifindex, 0x4, 0xe, 0x9, 0x7f, @prog_cnt=0x4, 0x0, 0x9, 0x9, 0xb, 0x5}, 0x9) 5.635369442s ago: executing program 2 (id=1843): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0xfde2, &(0x7f0000000380)={&(0x7f00000002c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="1e00df45"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000050}, 0x8004) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000) read$auto_binder_features_fops_(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x0, 0x18, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000300)='/dev/audio\x00', 0x200800, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x200400a1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004) sendmmsg$auto(r1, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5, 0xffffffff}, 0x3}, 0x40000004, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000002c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0xd, 0x9, 0x9, 0x6, 0x7fff}, 0x3b) io_uring_setup$auto(0x6, 0x0) r3 = socket(0x1d, 0x2, 0x7) getsockopt$auto(r3, 0x6b, 0x2, 0xfffffffffffffffe, 0x0) r4 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x40100, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/stat\x00', 0x20080, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyq4\x00', 0x108800, 0x0) mmap$auto(0x800000000000, 0x20009, 0x2, 0xeb1, 0x401, 0x10010002) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) ioctl$auto(r5, 0x5407, r5) read$auto_i2cdev_fops_i2c_dev(r4, &(0x7f0000000040)=""/34, 0x22) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="02000000", @ANYRES16=0x0, @ANYBLOB="000229bd7000fbdbdf250100000012000100242a247b2d235b20233a882c7b000000080007000100010008000900", @ANYRES32, @ANYBLOB="080001006e5e27000800070000000000"], 0x48}, 0x1, 0x0, 0x0, 0x24008000}, 0x40000) 5.340822833s ago: executing program 2 (id=1845): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fcntl$auto(r0, 0x8, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = socket(0x10, 0x2, 0xc) ioctl$auto_SIOCGIFHWADDR(r1, 0x8927, 0x0) r3 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/smaps\x00', 0x101240, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r4 = getsockopt$auto_SO_DEBUG(0xffffffffffffffff, 0xc01c, 0x1, &(0x7f0000000140)='/sys/devices/platform/vidtv.0/i2c-0/i2c-dev/i2c-0/power/control\x00', &(0x7f0000001380)=0x8) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x8000002, 0x401, 0x8, 0x15, r3, 0x7) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001400)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mac80211_hwsim/hwsim1/uevent\x00', 0xc0802, 0x0) mmap$auto(0x8000, 0x8, 0x80008362, 0x6cf80010, 0xffffffffffffffff, 0x8000) fsconfig$auto_SHMEM_HUGE_ADVISE(r5, 0x800, &(0x7f0000000200)='\x00', &(0x7f0000001280)="f5d3c032cfd8211bcf57ac1c3490678a2d4a901a98e730180b81bfd75647b933320554a6a7825c0c2bbe14fbf824d95b3e60e63630ebbf1deeb05c129ebc7079822f46bf4a6b68ba0658ddb8fd021def3f0ef5a022386ab17a39d69492d5580574198a1d5061232f0a349b4620e60f7194650ecbf8359c80ded281aab97e13ac1251292a666dc9ed3ececa722645a0aff47b0aed7bda16173ca1d78769420cc5c3481a8426c270f1da72", 0x3) unshare$auto(0x40000080) setsockopt$auto_SO_BUF_LOCK(r0, 0x3, 0x48, &(0x7f0000000180)='..\x00', 0x7) r6 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x80011, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x448101, 0x0) socketpair$auto(0x2, 0x2, 0x80000000, 0x0) pivot_root$auto(&(0x7f0000000080)='..\x00', 0x0) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) write$auto_tty_fops_tty_io(r7, &(0x7f0000000300)="352c8efa618c0bcf83a4ebdb278754e15f334a572cad539da201096bbbc2ce7db19c429be7137d848ef31b38b0b3c7da1c61fef8e0e24e400f96eb989b4f68220f90f3df243e352f17abbc44e0cfececd72dc611200c0fc4cb84d1fc175dc31b38e002c53627c31e0f3a31c079ae368fd33dfdfc97f40f7f3eafc4e10d22e8e8d6c27ef8c0e1b12f18389c2473fbc695cbf8d352993273c0382ab671751b4d", 0x9f) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNDCTL_SEQ_RESETSAMPLES(r6, 0x40045109, &(0x7f0000000040)="69bb1335c85671d4a05248aa716114edd8667a63f8e5ae798b53dffd2b8da87f4279fe8363dba8a35c8c08ef4253fcd138afa09d9860c1118e3875855638c9de5effe7ba02fe1418477f889b1a121b1d94f8f26e733e5f0cb74f5a3c27979ed6a987c6177327a3df0359141c4292ad8b5c50ab36cc5cf9f20378f5995af926fe996a37e26359671f8adcd37394361e") lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) read$auto_mon_fops_binary_mon_bin(r4, &(0x7f0000000280)=""/4096, 0x1000) ioctl$auto(r8, 0x89a0, 0x8) 4.661403265s ago: executing program 2 (id=1847): socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) bind$auto(0x3, 0x0, 0x68) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x4001, 0x0) recvmmsg$auto(r0, &(0x7f0000000280)={{0x0, 0x1d, &(0x7f0000000180)={&(0x7f0000000100)="b64a79f680358bfb0bbcbe3b21ab94f40172d35fb7033c74e4da27bd2f860db601836a3bebcae21f21e6b81b34a00d98e41c349304101f4a1ff01056fe", 0x80000000}, 0x10000, &(0x7f00000001c0)="d7cd776347984e13077263bfd5f9f5abd994085367e723ee8dd0f7dfe8708ad83c9fecd395", 0x962, 0x9}, 0x2e6}, 0x9a, 0x69ac, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x214803, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0xb8b42, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f00000002c0)=""/82, 0x52) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000000)={'ip_vti0\x00'}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x2, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) madvise$auto(0x7, 0x80000000000001, 0x80000a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x4020009, 0x8, 0xeb0, 0x401, 0x9) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x1, 0x400048, 0xdf, 0x1000009b72, 0x2, 0x8000) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x10000, 0x0) read$auto(r3, 0x0, 0x39b8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) 4.499700749s ago: executing program 1 (id=1848): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/video31\x00', 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = socket(0xa, 0x5, 0x0) getsockopt$auto(r1, 0x84, 0x1a, 0x0, 0x0) prctl$auto_PR_SCHED_CORE_CREATE(0x3, 0x1, 0xffffffffffffffff, 0x3, 0xffff) readv$auto(r0, 0x0, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(0x0, 0x261c2, 0x84) fallocate$auto(0x8000000000000003, 0x0, 0x1000000d, 0xcbd5d) fallocate$auto(0x3, 0x3, 0x92d4, 0x7) openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0xa0001, 0x0) mmap$auto(0x1, 0x5, 0xdf, 0x13, 0xffffffffffffffff, 0x100000000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000240), 0x141, 0x0) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r2, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/pcrypt/pencrypt/serial_cpumask\x00', 0xa001, 0x0) r4 = openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000400)='/proc/self/loginuid\x00', 0x28601, 0x0) write$auto_proc_loginuid_operations_base(r4, 0x0, 0x0) write$auto(r3, 0x0, 0x1000) 3.786404799s ago: executing program 3 (id=1850): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc800) r0 = socket(0xa, 0x5, 0x84) sendto$auto(r0, 0x0, 0xfef4, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe800000011000"}, 0x1c) 3.244561667s ago: executing program 3 (id=1851): mmap$auto(0x0, 0xf2, 0xfffffffffffffff3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) mq_timedsend$auto(r1, &(0x7f0000000180)='SMC_GEN_NETLINK\x00', 0x8, 0x9d29, &(0x7f00000001c0)={0x2, 0x800000000003}) r2 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="ff010000", @ANYRES16=r2, @ANYBLOB="010026bd7000080000000f000000"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) rseq$auto(&(0x7f00000000c0)={0x5, 0x40, 0x7, 0x82, 0x1000a, 0x1bf, "f74d208c272c7093d3fd09a3839d6a4bec6d4c2bd15e245d5055c87a12a341b725266e0000000000000002b7cc0b4c10efc72ea1df04bfc2a585bd"}, 0xb, 0x4000005, 0x4) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x10000000000000, 0xfffffffffffffffe, 0x0, 0x4000, 0x50b301a, 0x2c, 0x24, 0xff, 0x2}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) mmap$auto(0x0, 0x42000d, 0xdf, 0xeb1, 0x401, 0x8001) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) ioperm$auto(0x7, 0x92d4, 0x2) shutdown$auto(r4, 0xfffffffc) getsid$auto(0x0) mmap$auto(0x0, 0x20009, 0xe, 0xeb1, 0x403, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x100, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/fail-nth\x00', 0x0, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x4}, 0x5) mmap$auto(0x80059a, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x5, 0x0) r7 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(r6, &(0x7f0000003240)={0x0, 0x0, &(0x7f0000003200)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="5da926bd7000fcdbdf2502000000040002000400048008000100050000000fa337d023f0e297be58ae60bbbe7f28c7c4bd"], 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x40) 2.721382683s ago: executing program 0 (id=1852): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000002f, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x88) close_range$auto(0x2, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x18, 0x5, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsu\x00', 0x80802, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video13\x00', 0x8a603, 0x0) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000140)='/dev/media13\x00', 0x480, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/LookupCacheEnabled\x00', 0x48041, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x5, 0xd, 0x1, 0x0, 0x2, 0x20000000000000, 0x1, 0xaf0, 0x300000000000000, 0x80000001, 0x7, 0x0, 0x7, 0x2]}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x21, 0x2, 0xa) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f00000000c0), 0x141000, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(r0, 0xffffffffffffffff, 0x0) openat$auto_evm_key_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) open(0x0, 0x22240, 0x55) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80302, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r1) fsopen$auto(0x0, 0x1) r2 = socket(0x2c, 0x3, 0x0) poll$auto(&(0x7f0000000000)={r2, 0xb, 0xa}, 0x4, 0x1000) 2.666271258s ago: executing program 3 (id=1853): ioperm$auto(0x3, 0xe, 0x2000000000000149) socket(0xa, 0x6, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_msr_fops_msr(0xffffffffffffff9c, 0x0, 0xf82, 0x0) madvise$auto(0x4000000000000001, 0x8000, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x32f040, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000000c0), 0xffffffffffffffff) socket(0x2b, 0x1, 0x1) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, 0x0, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socket(0x2, 0x3, 0x2) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x9, 0x4, 0x15f4da0b, 0x3, 0x3, 0xc, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xd]}, 0x0) 2.382982372s ago: executing program 0 (id=1854): statmount$auto(0x0, &(0x7f0000000180)={0x8000008, 0x1, 0x1000009, 0x3, 0x26, 0x7, 0x1ffde, 0x5, 0x6, 0x3ff, 0x9, 0x400005, 0xfff, 0x4, 0xb0, 0x8, 0x9, 0x3, 0x5, 0x6, 0x0, 0xffffffff, 0x0, 0x3, 0xfffffffd, 0x0, [0x3, 0x3, 0x200000000, 0x400000000, 0x5, 0x100, 0xfffffffffffffffd, 0x9, 0xffffffffffffffff, 0x0, 0xc72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000004, 0x5, 0x0, 0x0, 0x6f81, 0x0, 0x4, 0x0, 0xcea, 0x0, 0xfffffffffffffffc, 0x800000, 0x4, 0x0, 0xffffffffffffffff, 0x2, 0x4001, 0x10000, 0x0, 0xb548, 0x8, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3]}, 0x200, 0x81) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) ioperm$auto(0x9, 0x5, 0x7fff) (async) ioperm$auto(0x2, 0x3, 0x1) (async) map_shadow_stack$auto(0x0, 0x7, 0x9) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) msync$auto(0x0, 0x18fa, 0x4) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) io_uring_setup$auto(0x1, 0x0) bpf$auto(0xa, 0x0, 0x455) (async) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xa0302, 0x0) (async) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xc9c8) (async) mknod$auto(0x0, 0xcb, 0xfffffffa) (async) execve$auto(0x0, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x7fff, 0x40, 0x2000eb1, r0, 0x8080) (async) read$auto(r1, 0x0, 0x20) (async) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000040)={0x0, 0x2}, 0x2) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x18, r4, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@HWSIM_ATTR_DESTROY_RADIO_ON_CLOSE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) brk$auto(0xffffffffffffff66) (async) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) 1.768354044s ago: executing program 0 (id=1855): close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x3c8082, 0x0) r0 = openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/options/trace_printk_dest\x00', 0x121082, 0x0) r1 = fcntl$auto_F_DUPFD(r0, 0x0, 0x0) mmap$auto(0xff, 0x7, 0xdc, 0x40000000009b72, r1, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kvm_amd/parameters/pause_filter_thresh\x00', 0x200, 0x0) read$auto(r2, 0x0, 0x1) write$auto(0x3, 0x0, 0xfdef) 1.765849229s ago: executing program 3 (id=1856): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)={0x1c, r1, 0x301, 0x70b52c, 0x25dfdbfb, {}, [@CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x17}]}, 0x1c}, 0x1, 0x0, 0xe00000000000000, 0x400c01d}, 0x0) r2 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r0) sendmsg$auto_MACSEC_CMD_UPD_TXSA(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002ec0)={0x24, r2, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@MACSEC_ATTR_IFINDEX={0x8}, @MACSEC_ATTR_RXSC_CONFIG={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0xa3}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x400c8d4) 1.561906979s ago: executing program 0 (id=1857): mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = open(0x0, 0x22240, 0x155) shmctl$auto_SHM_STAT(0x0, 0xd, &(0x7f0000000340)={{0x3, 0xffffffffffffffff, 0xee01, 0x33b4, 0x8001, 0x674, 0x100}, 0x7fff, 0x7, 0x1, 0x8, @inferred, @raw=0x8, 0x7f, 0x0, &(0x7f0000000140)="d2629136d042c0c5d1d1affa36790fa4f4f3686364fe4d71c18b58fcfddf89b69aeed575b1e935248cd0c7d838836f49808120f0567e70361318c3e94df219f12e7f7160039688f105f5129ed160009ea88bbebeed958cbb7c8df16e70a35e98a283d8dd54c0e9ca453f6c52666af1aaeefc02368dfa1f0933f991f7e6f8377298609e5d160d055a48b2abdebc06f33e75c282ddeaefb195a86769e1383c85c06bc83aa4bd328260f8bb1c5ce2f295be706bf13a30ccf9efb3575180c6e9c5871a917a21b9993c418a50bb3c294220", &(0x7f0000000240)="55e206303621f47f5836f568dcdcc12ff1673b1b882be57bb74d879d868af6dd4b374132b78752c76a9bfe3aea643ba9a26b2cdadd75a56458ee240aa4347f10d7ced0d14175bcf132ec374b62d51011668597e9e80902af7faacedb8530badca4560bd90089653bb6cfb840c90cfc7e201c5d96da32"}) fsconfig$auto(r0, 0x81, &(0x7f0000000000)='{\x00', &(0x7f0000000040)="ec76a741046c3f9a7033fc2c611a88502b5b006c72922e86830ab53ebe1f76df885031260a6735644fa02f1729fff16891898d35a09b3ca684b4103e6ae246b26bd52a2cd357a1779caec6175b96a7196f07b30bd0f87d975b26893ec2e4fcafeda714dbd3d6aa9e8b5a6d7354e9b5d189a8f534b71e97e4c8621af33e536730f577adc2163826b2875115137497aaa9df7b4e086f53b0d276ae6ec9d51906e3e3df98746c680a06a38f629a76e80356b881ec893b9c18a22f015f755e4ba8ee7cebc428095251f5d841e309e61f29d0881597d33ae635c955cc741051fdc44a254c22ee6979a2e6c34c3b4e268c536ce8f2c5c72549397f5870f7", r1) socket(0xa, 0x3, 0x3b) ioperm$auto(0x7, 0x6, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x80002, 0x4) mmap$auto(0x0, 0x4020009, 0xdc, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000100)='/d-:\xe7J\x00'/23, 0x1eb07fd) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x1000000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) mmap$auto(0x0, 0x4020009, 0x7, 0xeb1, 0x401, 0x48000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f00000000c0), 0x55) sendmmsg$auto(0x3, 0x0, 0x500, 0x0) 1.174458898s ago: executing program 3 (id=1858): mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = open(0x0, 0x22240, 0x155) shmctl$auto_SHM_STAT(0x0, 0xd, &(0x7f0000000340)={{0x3, 0xffffffffffffffff, 0xee01, 0x33b4, 0x8001, 0x674, 0x100}, 0x7fff, 0x7, 0x1, 0x8, @inferred, @raw=0x8, 0x7f, 0x0, &(0x7f0000000140)="d2629136d042c0c5d1d1affa36790fa4f4f3686364fe4d71c18b58fcfddf89b69aeed575b1e935248cd0c7d838836f49808120f0567e70361318c3e94df219f12e7f7160039688f105f5129ed160009ea88bbebeed958cbb7c8df16e70a35e98a283d8dd54c0e9ca453f6c52666af1aaeefc02368dfa1f0933f991f7e6f8377298609e5d160d055a48b2abdebc06f33e75c282ddeaefb195a86769e1383c85c06bc83aa4bd328260f8bb1c5ce2f295be706bf13a30ccf9efb3575180c6e9c5871a917a21b9993c418a50bb3c294220", &(0x7f0000000240)="55e206303621f47f5836f568dcdcc12ff1673b1b882be57bb74d879d868af6dd4b374132b78752c76a9bfe3aea643ba9a26b2cdadd75a56458ee240aa4347f10d7ced0d14175bcf132ec374b62d51011668597e9e80902af7faacedb8530badca4560bd90089653bb6cfb840c90cfc7e201c5d96da32"}) fsconfig$auto(r0, 0x81, &(0x7f0000000000)='{\x00', &(0x7f0000000040)="ec76a741046c3f9a7033fc2c611a88502b5b006c72922e86830ab53ebe1f76df885031260a6735644fa02f1729fff16891898d35a09b3ca684b4103e6ae246b26bd52a2cd357a1779caec6175b96a7196f07b30bd0f87d975b26893ec2e4fcafeda714dbd3d6aa9e8b5a6d7354e9b5d189a8f534b71e97e4c8621af33e536730f577adc2163826b2875115137497aaa9df7b4e086f53b0d276ae6ec9d51906e3e3df98746c680a06a38f629a76e80356b881ec893b9c18a22f015f755e4ba8ee7cebc428095251f5d841e309e61f29d0881597d33ae635c955cc741051fdc44a254c22ee6979a2e6c34c3b4e268c536ce8f2c5c72549397f5870f7", r1) socket(0xa, 0x3, 0x3b) ioperm$auto(0x7, 0x6, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x80002, 0x4) mmap$auto(0x0, 0x4020009, 0xdc, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000100)='/d-:\xe7J\x00'/23, 0x1eb07fd) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x1000000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) (fail_nth: 1) mmap$auto(0x0, 0x4020009, 0x7, 0xeb1, 0x401, 0x48000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f00000000c0), 0x55) sendmmsg$auto(0x3, 0x0, 0x500, 0x0) 580.467823ms ago: executing program 1 (id=1859): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)={0x28, r1, 0x1, 0x50bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x8, 0x7, 0x0, 0x1, [@nested={0x4, 0x1}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x200000000006}]}, 0x28}, 0x1, 0x0, 0x20, 0x4}, 0x8880) 236.832653ms ago: executing program 2 (id=1860): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000100), 0x80100, 0x0) r2 = fcntl$auto_F_DUPFD_QUERY(r0, 0x403, 0xffffffffffffffff) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000180)={0x9, "24200e30ca74f154e9728650b9d28c1724aa88a185a026b9800e4432d122a125", @inferred=r2}) write$auto(0x1, 0x0, 0x80000000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r3 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer2\x00', 0x800, 0x0) ioctl$auto_OSS_GETVERSION(r3, 0x80044d76, &(0x7f00000001c0)) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r4 = socket(0x1d, 0x1, 0x5) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r5, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r4, 0x0, 0x20000001) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x400c000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000001480)={'veth0_virt_wifi\x00'}) getsockopt$auto_SO_DOMAIN(r0, 0x5, 0x27, &(0x7f0000000040)='/dev/nullb0\x00', &(0x7f00000000c0)=0xd) sendmsg$auto_NL80211_CMD_GET_MPP(r4, 0x0, 0x880) munmap$auto(0x6, 0x100000000) getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0x400000eb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x10000000000048, 0x0) close_range$auto(0x2, 0x8, 0x0) 186.025155ms ago: executing program 0 (id=1861): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000380)='/proc/thread-self/fail-nth\x00', 0x40802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0xb9}, 0x3) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) getrandom$auto(0x0, 0x50436cfd, 0xffffffff) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) ioctl$auto_IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f00000006c0)={0x43b2, 0x3}) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000040), 0x121c0, 0x0) mmap$auto(0x0, 0x810000, 0xffd, 0x8000000008011, 0x3, 0x8000) ioctl$auto_SNDRV_RAWMIDI_IOCTL_DRAIN(0xffffffffffffffff, 0x40045731, &(0x7f0000000080)=0x1) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000640)={{&(0x7f00000003c0)="3dd18418d42f1c6b622e31ebdaedc4bf7dffef97", 0x7, &(0x7f0000000500)={&(0x7f0000000400)="747fc5861b6ea00e6b837a67f0dac740619f57fd70a9a0e7ce23e556b5c01ce223c47a0484aa301ba17f4bda79cff18bf832a5f5632932994e1a7d31df225ac9ad07c7797370082a1711c08645a2b818e968e191545972b5ddf99762b1a7defbc89fc17424cb07abf871d82b0243232efb3d5c8b53cf0eef8053ecfd4527dc74977807a2d11f1b97c2b8360452552cb6448ff0daefbac920fad750dff367069528ffbe6e4535d6fea26bbb1009dfdde89003d5920b6b5d02f9c47cec82f7412fe57630ba8d792a8d87d131bb9f", 0x4}, 0x8, &(0x7f0000000540)="1cf8a3cdf4b478ede728060e98db32972086747ec72c3c6d1810d0e108a3320b234ca075f9e77746050cf51d21ae24b9ea002da471114c3fb93a32aa76ab2b64451a4818b5820279c94b19dc745644753975c92df45881d0146e5248182e6da54d246c7529d4d374250ef24660712eaf786e7769b2254468d9fe5070efdd03b5d04888593b9b507e86e6b04193a2ce147426adbb9f96be60d367b5de55d115dbbce5cb5e115547a55564ef01c1621a6c3f74c6f7bf21f97bb557e8145ea0ed02eeebfccbbd9e7f9dcb0af6fc8f447038493a0936da05ddcdb7b0ce06bb6afa0a8c056c", 0x1, 0x8}, 0xffff}, 0x0, 0x2) getrandom$auto(&(0x7f0000000140)='/dev/dvb/adapter0/frontend0\x00', 0x3, 0xae0f) ioctl$auto_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000180)={"236cf65ca1b92f72a92538725b0694521629e8c3e6ba91c62e2e9d42cf4aef15", 0x4, 0x3c, 0x8000, 0x6, 0xff, 0x0}) prctl$auto(0x1000000003b, 0x3, r3, 0x8, 0x80000a) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) stat$auto(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0x20499d, 0x9) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x108000, 0x800034, 0x200000b) r4 = openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x103700, 0x0) read$auto(r4, 0x0, 0x4000000081) r5 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x4, 0x9, 0x7, 0x3c, 0x101, 0x1ffc1, 0x7, 0x6, 0x7fffffffffffffff, 0x0, 0x8001, 0x6, 0x4, 0xb4, 0x8, 0x2, 0x10000, 0x800, 0x7, 0x0, 0x7, 0x7, 0x200, 0x4, 0x84, [0x0, 0x7, 0x0, 0x7, 0xffffffffffffffff, 0x0, 0x401, 0x6, 0x70624ce7, 0x0, 0x4, 0xb, 0x0, 0x0, 0x81, 0x0, 0x0, 0xfffffffffffffffd, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x400000000005b8, 0x100000000c, 0x0, 0x800, 0x0, 0x7, 0x2000000000000, 0xfc78, 0x8000000000008, 0x4, 0x200000000009, 0xa38, 0x4, 0xffffffffffffffff, 0x3, 0x2, 0x4000000001, 0x0, 0x4, 0xffff]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 116.522362ms ago: executing program 3 (id=1862): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x6) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x20009) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) futex_wait$auto(0x0, 0xb7, 0x9, 0x7fff, 0x0, 0xb60) setregid$auto(0x81, 0x5) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0xa00, 0x0) ioctl$auto_BLKSECTGET(r0, 0x1267, 0x0) 0s ago: executing program 1 (id=1863): sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x3ff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) execveat$auto(r0, &(0x7f0000000200)='\x00', 0x0, 0x0, 0x11000) ioctl$auto_USBDEVFS_RELEASEINTERFACE(r0, 0x80045510, &(0x7f0000000000)=0xe535) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x100000, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) rename$auto(0x0, 0x0) stat$auto(0x0, 0x0) madvise$auto(0x0, 0x2003f0, 0x11) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x4000000) unshare$auto(0x40000080) socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mbind$auto(0x0, 0x2, 0x2, &(0x7f0000002100)=0x4, 0x7, 0x0) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x800) readv$auto(0x3, 0x0, 0x1) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x80000, 0x80000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) kernel console output (not intermixed with test programs): 3] hsr0: entered allmulticast mode [ 254.444804][ T8113] hsr_slave_0: entered allmulticast mode [ 254.476071][ T8113] hsr_slave_1: entered allmulticast mode [ 254.503351][ T8113] hsr0: entered promiscuous mode [ 254.565494][ T8113] bridge0: port 3(hsr0) entered blocking state [ 254.571831][ T8113] bridge0: port 3(hsr0) entered forwarding state [ 255.851241][ T8123] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 255.894591][ T8123] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 255.904888][ T8123] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 255.934525][ T8123] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 256.395100][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 257.655022][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 257.984845][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 257.986943][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 257.991011][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 261.177207][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.183713][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 263.924901][ T8187] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 264.048418][ T8187] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 264.515311][ T8187] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 264.521418][ T8187] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 264.854780][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 266.054800][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 266.161181][ T8228] bridge0: port 3(hsr0) entered blocking state [ 266.167569][ T8228] bridge0: port 3(hsr0) entered disabled state [ 266.173946][ T8228] hsr0: entered allmulticast mode [ 266.179172][ T8228] hsr_slave_0: entered allmulticast mode [ 266.185622][ T8228] hsr_slave_1: entered allmulticast mode [ 266.192621][ T8228] hsr0: entered promiscuous mode [ 266.210499][ T8228] bridge0: port 3(hsr0) entered blocking state [ 266.216858][ T8228] bridge0: port 3(hsr0) entered forwarding state [ 266.538750][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 266.546316][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 266.858606][ T8226] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 266.865367][ T8226] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 266.902608][ T8226] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 266.932921][ T8226] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 268.536235][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 268.935316][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 268.937027][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 268.941626][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 269.274843][ T8254] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 269.281032][ T8254] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 269.298377][ T8254] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 269.304525][ T8254] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 271.288492][ T8277] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 271.334851][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 271.334967][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 271.379179][ T8277] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 271.426780][ T8277] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 271.464188][ T8286] bond0: option all_slaves_active: invalid value () [ 271.503354][ T8277] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 272.624759][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 273.345015][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout syzkaller syzkaller login: [ 273.504650][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 273.574799][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 276.868020][ T8344] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 276.874217][ T8344] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 276.955111][ T8344] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 276.976640][ T8344] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 277.574891][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 278.939179][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 279.014839][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 279.021163][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 279.227342][ T8381] netlink: 186 bytes leftover after parsing attributes in process `syz.0.607'. [ 280.626956][ T8402] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 280.634190][ T8402] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 280.641288][ T8402] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 280.649289][ T8402] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 281.338665][ T8419] netlink: 186 bytes leftover after parsing attributes in process `syz.2.610'. [ 281.806728][ T8120] syz.3.534 (8120) used greatest stack depth: 17600 bytes left [ 282.134829][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 282.704756][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 282.704965][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 282.717967][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 283.624954][ T8440] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 283.631200][ T8440] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 283.667965][ T8440] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 283.674229][ T8440] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 285.654873][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 285.734811][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 285.740928][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 286.128511][ T8455] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 286.146776][ T8455] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 286.152942][ T8455] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 286.171452][ T8455] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 287.095045][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 288.215020][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 288.221139][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 288.227385][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 288.715493][ T8498] netlink: 4 bytes leftover after parsing attributes in process `syz.2.638'. [ 289.799783][ T8505] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 289.806548][ T8505] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 289.813206][ T8505] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 289.846424][ T8505] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 291.334823][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 291.826244][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 291.832362][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 291.904741][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 292.192149][ T8547] netlink: 28 bytes leftover after parsing attributes in process `syz.1.647'. [ 293.255292][ T8554] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 293.261515][ T8554] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 293.274026][ T8554] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 293.286577][ T8554] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 294.774944][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 295.336357][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 295.343532][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 295.343557][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 297.466677][ T8603] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 297.537283][ T8603] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 297.543476][ T8603] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 297.625301][ T8603] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 299.094829][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 299.494995][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 299.574943][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 299.654859][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 302.355755][ T8648] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 302.366718][ T8648] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 302.393436][ T8648] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 302.433773][ T8648] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 303.255039][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 304.374959][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 304.454829][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 304.460985][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 306.218370][ T8707] netlink: 194 bytes leftover after parsing attributes in process `syz.0.688'. [ 309.802411][ T8740] netlink: 4 bytes leftover after parsing attributes in process `syz.1.701'. [ 313.851661][ T8792] netlink: 4 bytes leftover after parsing attributes in process `syz.1.707'. [ 315.492593][ T8791] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 315.509482][ T8791] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 315.586525][ T8791] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 315.632964][ T8791] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 316.215432][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 317.574944][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 317.654959][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 317.661384][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 319.062748][ T8844] netlink: 4 bytes leftover after parsing attributes in process `syz.2.723'. [ 322.624209][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.630710][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.772286][ T8868] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 322.864938][ T8868] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 322.871200][ T8868] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 322.997148][ T8868] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 323.975672][ T8901] netlink: 28 bytes leftover after parsing attributes in process `syz.2.736'. [ 323.984890][ T8901] hsr0: left allmulticast mode [ 323.989728][ T8901] hsr_slave_0: left allmulticast mode [ 324.014739][ T8901] hsr_slave_1: left allmulticast mode [ 324.020232][ T8901] hsr0: left promiscuous mode [ 324.045042][ T8901] bridge0: port 3(hsr0) entered disabled state [ 324.086394][ T8901] bridge_slave_1: left allmulticast mode [ 324.092226][ T8901] bridge_slave_1: left promiscuous mode [ 324.101909][ T8901] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.126937][ T8901] bridge_slave_0: left allmulticast mode [ 324.132930][ T8901] bridge_slave_0: left promiscuous mode [ 324.144811][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 324.145087][ T8901] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.888714][ T8912] netlink: 4 bytes leftover after parsing attributes in process `syz.3.739'. [ 324.944781][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 324.950916][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 325.014987][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 327.113191][ T8931] ptrace attach of "./syz-executor exec"[5842] was attempted by "./syz-executor exec"[8931] [ 327.329830][ T8926] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 327.385315][ T8926] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 327.426017][ T8926] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 327.454720][ T8926] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 327.927530][ T8957] FAULT_INJECTION: forcing a failure. [ 327.927530][ T8957] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 328.024830][ T8957] CPU: 1 UID: 0 PID: 8957 Comm: syz.0.752 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 328.024874][ T8957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 328.024896][ T8957] Call Trace: [ 328.024905][ T8957] [ 328.024917][ T8957] dump_stack_lvl+0x16c/0x1f0 [ 328.024965][ T8957] should_fail_ex+0x50a/0x650 [ 328.025001][ T8957] _copy_to_user+0x32/0xd0 [ 328.025040][ T8957] simple_read_from_buffer+0xd0/0x160 [ 328.025087][ T8957] proc_fail_nth_read+0x198/0x270 [ 328.025126][ T8957] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 328.025169][ T8957] ? rw_verify_area+0xcf/0x680 [ 328.025209][ T8957] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 328.025249][ T8957] vfs_read+0x1df/0xbf0 [ 328.025293][ T8957] ? __fget_files+0x1fc/0x3a0 [ 328.025349][ T8957] ? __pfx___mutex_lock+0x10/0x10 [ 328.025393][ T8957] ? __pfx_vfs_read+0x10/0x10 [ 328.025449][ T8957] ? __fget_files+0x206/0x3a0 [ 328.025507][ T8957] ksys_read+0x12b/0x250 [ 328.025550][ T8957] ? __pfx_ksys_read+0x10/0x10 [ 328.025605][ T8957] do_syscall_64+0xcd/0x250 [ 328.025653][ T8957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.025695][ T8957] RIP: 0033:0x7f6393b8bb7c [ 328.025720][ T8957] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 328.025749][ T8957] RSP: 002b:00007f6394986030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 328.025778][ T8957] RAX: ffffffffffffffda RBX: 00007f6393da5fa0 RCX: 00007f6393b8bb7c [ 328.025797][ T8957] RDX: 000000000000000f RSI: 00007f63949860a0 RDI: 0000000000000005 [ 328.025812][ T8957] RBP: 00007f6394986090 R08: 0000000000000000 R09: 000000000000001c [ 328.025827][ T8957] R10: 000000000000000c R11: 0000000000000246 R12: 0000000000000001 [ 328.025847][ T8957] R13: 0000000000000000 R14: 00007f6393da5fa0 R15: 00007ffe437c4258 [ 328.025879][ T8957] [ 328.211472][ C1] vkms_vblank_simulate: vblank timer overrun [ 328.614790][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 329.414809][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 329.494835][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 329.495026][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 330.609753][ T8980] netlink: 20 bytes leftover after parsing attributes in process `syz.0.759'. [ 330.679905][ T8978] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 330.714005][ T8978] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 330.778950][ T8978] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 330.807473][ T8978] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 332.214822][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 332.774937][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 332.864540][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 332.873177][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 333.025273][ T9011] netlink: 4 bytes leftover after parsing attributes in process `syz.3.769'. [ 333.868086][ T9030] netlink: 20 bytes leftover after parsing attributes in process `syz.3.775'. [ 336.666371][ T9062] netlink: 4 bytes leftover after parsing attributes in process `syz.3.783'. [ 337.685719][ T9069] netlink: 20 bytes leftover after parsing attributes in process `syz.0.784'. [ 341.971420][ T9101] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 341.985944][ T9101] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 342.005105][ T9101] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 342.019162][ T9101] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 343.897439][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 344.054876][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 344.054908][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 344.068419][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 346.604808][ T9175] netlink: 8 bytes leftover after parsing attributes in process `syz.3.810'. [ 349.044348][ T9207] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 349.064966][ T9207] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 349.071119][ T9207] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 349.083575][ T9207] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 349.500150][ T9242] netlink: 28 bytes leftover after parsing attributes in process `syz.3.821'. [ 350.099814][ T9261] Invalid ELF header magic: != ELF [ 350.115238][ T9260] Invalid ELF header magic: != ELF [ 350.457037][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 351.095238][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 351.101390][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 351.101404][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 352.949116][ T9288] netlink: 186 bytes leftover after parsing attributes in process `syz.2.832'. [ 355.674844][ T9328] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 355.725274][ T9343] FAULT_INJECTION: forcing a failure. [ 355.725274][ T9343] name failslab, interval 1, probability 0, space 0, times 0 [ 355.734918][ T9328] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 355.758673][ T9328] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 355.785338][ T9328] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 355.794951][ T9343] CPU: 1 UID: 0 PID: 9343 Comm: syz.0.846 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 355.795001][ T9343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 355.795018][ T9343] Call Trace: [ 355.795027][ T9343] [ 355.795039][ T9343] dump_stack_lvl+0x16c/0x1f0 [ 355.795087][ T9343] should_fail_ex+0x50a/0x650 [ 355.795124][ T9343] should_failslab+0xc2/0x120 [ 355.795156][ T9343] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 355.795212][ T9343] ? skb_clone+0x190/0x3f0 [ 355.795269][ T9343] skb_clone+0x190/0x3f0 [ 355.795322][ T9343] netlink_deliver_tap+0xabd/0xd30 [ 355.795377][ T9343] netlink_unicast+0x5e1/0x7f0 [ 355.795430][ T9343] ? __pfx_netlink_unicast+0x10/0x10 [ 355.795478][ T9343] ? __phys_addr_symbol+0x30/0x80 [ 355.795511][ T9343] ? __check_object_size+0x488/0x710 [ 355.795548][ T9343] netlink_sendmsg+0x8b8/0xd70 [ 355.795603][ T9343] ? __pfx_netlink_sendmsg+0x10/0x10 [ 355.795665][ T9343] ____sys_sendmsg+0xaaf/0xc90 [ 355.795703][ T9343] ? copy_msghdr_from_user+0x10b/0x160 [ 355.795753][ T9343] ? __pfx_____sys_sendmsg+0x10/0x10 [ 355.795811][ T9343] ___sys_sendmsg+0x135/0x1e0 [ 355.795865][ T9343] ? __pfx____sys_sendmsg+0x10/0x10 [ 355.795934][ T9343] ? __pfx_lock_release+0x10/0x10 [ 355.795984][ T9343] ? trace_lock_acquire+0x14e/0x1f0 [ 355.796035][ T9343] ? __fget_files+0x206/0x3a0 [ 355.796095][ T9343] __sys_sendmsg+0x16e/0x220 [ 355.796146][ T9343] ? __pfx___sys_sendmsg+0x10/0x10 [ 355.796223][ T9343] do_syscall_64+0xcd/0x250 [ 355.796272][ T9343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.796317][ T9343] RIP: 0033:0x7f6393b8d169 [ 355.796341][ T9343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.796370][ T9343] RSP: 002b:00007f6394986038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 355.796399][ T9343] RAX: ffffffffffffffda RBX: 00007f6393da5fa0 RCX: 00007f6393b8d169 [ 355.796420][ T9343] RDX: 0000000000048000 RSI: 0000400000000100 RDI: 0000000000000003 [ 355.796438][ T9343] RBP: 00007f6394986090 R08: 0000000000000000 R09: 0000000000000000 [ 355.796456][ T9343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 355.796473][ T9343] R13: 0000000000000000 R14: 00007f6393da5fa0 R15: 00007ffe437c4258 [ 355.796512][ T9343] [ 356.031658][ C1] vkms_vblank_simulate: vblank timer overrun [ 356.426383][ T9361] netlink: zone id is out of range [ 356.431759][ T9361] netlink: zone id is out of range [ 356.444779][ T9361] netlink: zone id is out of range [ 356.450078][ T9361] netlink: zone id is out of range [ 356.464849][ T9361] netlink: zone id is out of range [ 356.470372][ T9361] netlink: zone id is out of range [ 356.494788][ T9361] netlink: zone id is out of range [ 356.512972][ T9361] netlink: zone id is out of range [ 356.535654][ T9361] netlink: zone id is out of range [ 356.559708][ T9361] netlink: zone id is out of range [ 356.965059][ T9379] netlink: 36 bytes leftover after parsing attributes in process `syz.0.852'. [ 357.416321][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 357.740723][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 357.814907][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 357.824118][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 359.604776][ T9393] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 359.880565][ T9393] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 360.038788][ T9393] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 360.214231][ T9393] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 360.534730][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 361.378374][ T9431] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.866'. [ 361.903057][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 362.055098][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 362.215060][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 370.910049][ T9556] netlink: 18 bytes leftover after parsing attributes in process `syz.0.895'. [ 371.279299][ T9527] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 371.286414][ T9527] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 371.292551][ T9527] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 371.305418][ T9527] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 372.534814][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 372.964869][ T9579] program syz.3.900 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 373.191141][ T9584] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 373.343085][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 373.343208][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 373.357817][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 375.711371][ T9611] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 376.888440][ T26] smpboot: CPU 0 is now offline [ 377.317771][ T30] audit: type=1804 audit(6037010393.926:4): pid=9637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.916" name="/newroot/257/file0" dev="tmpfs" ino=1349 res=1 errno=0 [ 377.430953][ T30] audit: type=1800 audit(6037010393.926:5): pid=9637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.916" name="file0" dev="tmpfs" ino=1349 res=0 errno=0 [ 380.029815][ T9674] FAULT_INJECTION: forcing a failure. [ 380.029815][ T9674] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 380.159336][ T9674] CPU: 1 UID: 0 PID: 9674 Comm: syz.0.925 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 380.159367][ T9674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 380.159381][ T9674] Call Trace: [ 380.159387][ T9674] [ 380.159395][ T9674] dump_stack_lvl+0x16c/0x1f0 [ 380.159432][ T9674] should_fail_ex+0x50a/0x650 [ 380.159456][ T9674] ? __pfx___might_resched+0x10/0x10 [ 380.159501][ T9674] should_fail_alloc_page+0xe7/0x130 [ 380.159525][ T9674] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 380.159562][ T9674] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 380.159600][ T9674] ? __pfx_mark_lock+0x10/0x10 [ 380.159629][ T9674] ? __pfx_stack_trace_save+0x10/0x10 [ 380.159655][ T9674] ? stack_depot_save_flags+0x28/0x9c0 [ 380.159693][ T9674] ? rcu_is_watching+0x12/0xc0 [ 380.159720][ T9674] ? kasan_save_stack+0x42/0x60 [ 380.159753][ T9674] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 380.159791][ T9674] ? hlock_class+0x4e/0x130 [ 380.159816][ T9674] ? hlock_class+0x4e/0x130 [ 380.159849][ T9674] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 380.159886][ T9674] ? policy_nodemask+0xea/0x4e0 [ 380.159910][ T9674] alloc_pages_mpol+0x1fc/0x540 [ 380.159932][ T9674] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 380.159961][ T9674] alloc_pages_noprof+0x131/0x390 [ 380.159984][ T9674] pte_alloc_one+0x20/0x390 [ 380.160019][ T9674] do_pte_missing+0x1aff/0x3e10 [ 380.160054][ T9674] ? do_raw_spin_unlock+0x172/0x230 [ 380.160077][ T9674] ? __pmd_alloc+0x3c2/0x870 [ 380.160109][ T9674] __handle_mm_fault+0x1166/0x2c60 [ 380.160150][ T9674] ? __pfx___handle_mm_fault+0x10/0x10 [ 380.160183][ T9674] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 380.160230][ T9674] ? find_vma+0xc0/0x140 [ 380.160257][ T9674] ? __pfx_find_vma+0x10/0x10 [ 380.160287][ T9674] handle_mm_fault+0x3fa/0xaa0 [ 380.160326][ T9674] do_user_addr_fault+0x7a3/0x13f0 [ 380.160367][ T9674] exc_page_fault+0x5c/0xc0 [ 380.160397][ T9674] asm_exc_page_fault+0x26/0x30 [ 380.160428][ T9674] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 380.160452][ T9674] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 380.160477][ T9674] RSP: 0018:ffffc9000b907d18 EFLAGS: 00050246 [ 380.160495][ T9674] RAX: 0000000000000001 RBX: 0000000000000038 RCX: 0000000000000040 [ 380.160509][ T9674] RDX: fffff52001720fbf RSI: 0000000000000038 RDI: ffffc9000b907db8 [ 380.160523][ T9674] RBP: 0000000000000040 R08: 0000000000000001 R09: fffff52001720fbe [ 380.160536][ T9674] R10: ffffc9000b907df7 R11: 0000000000000000 R12: 0000000000000000 [ 380.160549][ T9674] R13: ffffc9000b907db8 R14: ffffc9000b907db8 R15: 0000000000000040 [ 380.160577][ T9674] _copy_from_user+0x98/0xd0 [ 380.160603][ T9674] video_usercopy+0xedb/0x1620 [ 380.160633][ T9674] ? __pfx_subdev_do_ioctl_lock+0x10/0x10 [ 380.160660][ T9674] ? __pfx_video_usercopy+0x10/0x10 [ 380.160704][ T9674] v4l2_ioctl+0x1ba/0x250 [ 380.160728][ T9674] ? __pfx_v4l2_ioctl+0x10/0x10 [ 380.160754][ T9674] __x64_sys_ioctl+0x190/0x200 [ 380.160784][ T9674] do_syscall_64+0xcd/0x250 [ 380.160817][ T9674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.160848][ T9674] RIP: 0033:0x7f6393b8d169 [ 380.160864][ T9674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.160885][ T9674] RSP: 002b:00007f6394986038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 380.160904][ T9674] RAX: ffffffffffffffda RBX: 00007f6393da5fa0 RCX: 00007f6393b8d169 [ 380.160919][ T9674] RDX: 0000000000000038 RSI: 00000000c040564a RDI: 0000000000000003 [ 380.160932][ T9674] RBP: 00007f6394986090 R08: 0000000000000000 R09: 0000000000000000 [ 380.160946][ T9674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 380.160959][ T9674] R13: 0000000000000000 R14: 00007f6393da5fa0 R15: 00007ffe437c4258 [ 380.160986][ T9674] [ 380.544391][ C1] vkms_vblank_simulate: vblank timer overrun [ 380.583251][ T9678] Invalid ELF header magic: != ELF [ 382.778961][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 382.787699][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 382.858564][ T9691] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 382.941442][ T9691] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 383.026617][ T9691] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 383.032842][ T9691] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 383.181647][ T9691] CPU0 is offline. [ 383.485608][ T9708] could not allocate digest TFM handle [ 384.135724][ T9729] FAULT_INJECTION: forcing a failure. [ 384.135724][ T9729] name failslab, interval 1, probability 0, space 0, times 0 [ 384.210688][ T9729] CPU: 1 UID: 0 PID: 9729 Comm: syz.1.939 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 384.210718][ T9729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 384.210731][ T9729] Call Trace: [ 384.210737][ T9729] [ 384.210745][ T9729] dump_stack_lvl+0x16c/0x1f0 [ 384.210781][ T9729] should_fail_ex+0x50a/0x650 [ 384.210802][ T9729] ? fs_reclaim_acquire+0xae/0x150 [ 384.210833][ T9729] ? i2cdev_read+0xe4/0x260 [ 384.210859][ T9729] should_failslab+0xc2/0x120 [ 384.210880][ T9729] __kmalloc_noprof+0xcb/0x510 [ 384.210914][ T9729] ? apparmor_file_permission+0x251/0x400 [ 384.210945][ T9729] i2cdev_read+0xe4/0x260 [ 384.210971][ T9729] ? __pfx_i2cdev_read+0x10/0x10 [ 384.210998][ T9729] vfs_read+0x1df/0xbf0 [ 384.211029][ T9729] ? __fget_files+0x1fc/0x3a0 [ 384.211063][ T9729] ? __pfx_lock_release+0x10/0x10 [ 384.211095][ T9729] ? __pfx_vfs_read+0x10/0x10 [ 384.211126][ T9729] ? lock_acquire+0x2f/0xb0 [ 384.211155][ T9729] ? __fget_files+0x40/0x3a0 [ 384.211199][ T9729] ? __fget_files+0x206/0x3a0 [ 384.211238][ T9729] ksys_read+0x12b/0x250 [ 384.211268][ T9729] ? __pfx_ksys_read+0x10/0x10 [ 384.211306][ T9729] do_syscall_64+0xcd/0x250 [ 384.211339][ T9729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.211371][ T9729] RIP: 0033:0x7fb3baf8d169 [ 384.211388][ T9729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.211409][ T9729] RSP: 002b:00007fb3bbe12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 384.211429][ T9729] RAX: ffffffffffffffda RBX: 00007fb3bb1a5fa0 RCX: 00007fb3baf8d169 [ 384.211444][ T9729] RDX: 0000000000000022 RSI: 0000400000000040 RDI: 0000000000000003 [ 384.211457][ T9729] RBP: 00007fb3bbe12090 R08: 0000000000000000 R09: 0000000000000000 [ 384.211470][ T9729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.211483][ T9729] R13: 0000000000000000 R14: 00007fb3bb1a5fa0 R15: 00007ffd8245b3c8 [ 384.211509][ T9729] [ 384.411812][ C1] vkms_vblank_simulate: vblank timer overrun [ 384.608892][ T9738] cougar: G6 mapped to space [ 384.645068][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 385.048611][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 385.109650][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 385.115770][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 386.275231][ T9754] Invalid ELF header magic: != ELF [ 387.325085][ T9771] netlink: 504 bytes leftover after parsing attributes in process `syz.2.951'. [ 387.546220][ T9751] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 387.590681][ T9751] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 387.651758][ T9751] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 387.732297][ T9751] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 387.824335][ T9751] CPU0 is offline. [ 388.774846][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 389.654752][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 389.660814][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 389.734947][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 392.709361][ T9803] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 392.747646][ T9803] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 392.771812][ T9803] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 392.801480][ T9803] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 392.830162][ T9803] CPU0 is offline. [ 393.174882][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 394.777162][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 394.783259][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 394.857884][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 395.894536][ T9890] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 396.657825][ T9902] netlink: 12 bytes leftover after parsing attributes in process `syz.2.976'. [ 396.716201][ T9902] netlink: 12 bytes leftover after parsing attributes in process `syz.2.976'. [ 396.814157][ T9904] sp0: Synchronizing with TNC [ 396.859317][ T9904] [U] è [ 397.270607][ T9915] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 400.294823][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 400.566104][ T9917] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 400.623955][ T9917] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 400.804396][ T9917] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 400.827341][ T9917] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 400.940257][ T9917] CPU0 is offline. [ 401.142114][ T9940] netlink: 20 bytes leftover after parsing attributes in process `syz.2.984'. [ 401.712323][ T9946] netlink: 186 bytes leftover after parsing attributes in process `syz.0.987'. [ 402.327726][ T9953] netlink: 28 bytes leftover after parsing attributes in process `syz.1.988'. [ 402.648421][ T9969] netlink: 'syz.3.992': attribute type 1 has an invalid length. [ 402.697199][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 402.854859][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 402.861709][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 403.040552][ T9953] bond0: (slave bond_slave_0): Releasing backup interface [ 405.034404][ T9979] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 405.095138][ T9979] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 405.163350][ T9979] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 405.234918][ T9979] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 405.240945][ T9979] CPU0 is offline. [ 405.656282][T10003] Process accounting resumed [ 406.066370][T10023] FAULT_INJECTION: forcing a failure. [ 406.066370][T10023] name failslab, interval 1, probability 0, space 0, times 0 [ 406.130842][T10023] CPU: 1 UID: 0 PID: 10023 Comm: syz.3.1004 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 406.130875][T10023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 406.130889][T10023] Call Trace: [ 406.130895][T10023] [ 406.130903][T10023] dump_stack_lvl+0x16c/0x1f0 [ 406.130940][T10023] should_fail_ex+0x50a/0x650 [ 406.130963][T10023] ? fs_reclaim_acquire+0xae/0x150 [ 406.130993][T10023] ? copy_splice_read+0x1a8/0xb80 [ 406.131022][T10023] should_failslab+0xc2/0x120 [ 406.131044][T10023] __kmalloc_noprof+0xcb/0x510 [ 406.131084][T10023] copy_splice_read+0x1a8/0xb80 [ 406.131114][T10023] ? look_up_lock_class+0x59/0x150 [ 406.131146][T10023] ? __pfx_copy_splice_read+0x10/0x10 [ 406.131186][T10023] ? __pfx_register_lock_class+0x10/0x10 [ 406.131229][T10023] ? __pfx_copy_splice_read+0x10/0x10 [ 406.131259][T10023] do_splice_read+0x282/0x370 [ 406.131291][T10023] splice_direct_to_actor+0x2a4/0xa40 [ 406.131323][T10023] ? __pfx_direct_splice_actor+0x10/0x10 [ 406.131359][T10023] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 406.131393][T10023] ? __fget_files+0x1fc/0x3a0 [ 406.131430][T10023] do_splice_direct+0x178/0x250 [ 406.131461][T10023] ? __pfx_do_splice_direct+0x10/0x10 [ 406.131492][T10023] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 406.131526][T10023] ? rw_verify_area+0xcf/0x680 [ 406.131557][T10023] do_sendfile+0xafb/0xe40 [ 406.131592][T10023] ? __pfx_do_sendfile+0x10/0x10 [ 406.131622][T10023] ? __fget_files+0x206/0x3a0 [ 406.131662][T10023] __x64_sys_sendfile64+0x1da/0x220 [ 406.131683][T10023] ? ksys_write+0x1ba/0x250 [ 406.131715][T10023] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 406.131745][T10023] do_syscall_64+0xcd/0x250 [ 406.131779][T10023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.131812][T10023] RIP: 0033:0x7fb578d8d169 [ 406.131829][T10023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 406.131851][T10023] RSP: 002b:00007fb579c4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 406.131877][T10023] RAX: ffffffffffffffda RBX: 00007fb578fa5fa0 RCX: 00007fb578d8d169 [ 406.131892][T10023] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 406.131905][T10023] RBP: 00007fb579c4f090 R08: 0000000000000000 R09: 0000000000000000 [ 406.131919][T10023] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 406.131932][T10023] R13: 0000000000000000 R14: 00007fb578fa5fa0 R15: 00007ffcf373bab8 [ 406.131958][T10023] [ 406.379282][ C1] vkms_vblank_simulate: vblank timer overrun [ 406.692396][T10007] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 406.706493][T10029] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1006'. [ 406.725027][T10007] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 406.744897][T10007] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 406.751894][T10007] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 406.788486][T10007] CPU0 is offline. [ 406.980911][T10033] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 407.445641][ T5149] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 407.742815][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 408.860178][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 408.866339][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 408.872466][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 411.457523][T10105] FAULT_INJECTION: forcing a failure. [ 411.457523][T10105] name failslab, interval 1, probability 0, space 0, times 0 [ 411.613981][T10105] CPU: 1 UID: 0 PID: 10105 Comm: syz.1.1023 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 411.614013][T10105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 411.614027][T10105] Call Trace: [ 411.614033][T10105] [ 411.614042][T10105] dump_stack_lvl+0x16c/0x1f0 [ 411.614078][T10105] should_fail_ex+0x50a/0x650 [ 411.614100][T10105] ? fs_reclaim_acquire+0xae/0x150 [ 411.614132][T10105] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 411.614174][T10105] should_failslab+0xc2/0x120 [ 411.614196][T10105] __kmalloc_noprof+0xcb/0x510 [ 411.614231][T10105] ? __pfx___mutex_lock+0x10/0x10 [ 411.614268][T10105] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 411.614314][T10105] genl_start+0x18e/0x960 [ 411.614354][T10105] __netlink_dump_start+0x607/0x970 [ 411.614391][T10105] genl_family_rcv_msg_dumpit+0x1e1/0x2e0 [ 411.614417][T10105] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 411.614448][T10105] ? __pfx_genl_get_cmd+0x10/0x10 [ 411.614481][T10105] ? __pfx_genl_start+0x10/0x10 [ 411.614516][T10105] ? __pfx_genl_dumpit+0x10/0x10 [ 411.614535][T10105] ? __pfx_genl_done+0x10/0x10 [ 411.614559][T10105] ? __radix_tree_lookup+0x21f/0x2c0 [ 411.614593][T10105] genl_rcv_msg+0x470/0x800 [ 411.614628][T10105] ? __pfx_genl_rcv_msg+0x10/0x10 [ 411.614650][T10105] ? __pfx_ethnl_tsinfo_start+0x10/0x10 [ 411.614676][T10105] ? __pfx_ethnl_tsinfo_dumpit+0x10/0x10 [ 411.614702][T10105] ? __pfx_ethnl_tsinfo_done+0x10/0x10 [ 411.614738][T10105] netlink_rcv_skb+0x16b/0x440 [ 411.614772][T10105] ? __pfx_genl_rcv_msg+0x10/0x10 [ 411.614795][T10105] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 411.614840][T10105] ? down_read+0xc9/0x330 [ 411.614873][T10105] ? __pfx_down_read+0x10/0x10 [ 411.614908][T10105] ? netlink_deliver_tap+0x1ae/0xd30 [ 411.614944][T10105] genl_rcv+0x28/0x40 [ 411.614978][T10105] netlink_unicast+0x53c/0x7f0 [ 411.615014][T10105] ? __pfx_netlink_unicast+0x10/0x10 [ 411.615049][T10105] ? __phys_addr_symbol+0x30/0x80 [ 411.615073][T10105] ? __check_object_size+0x488/0x710 [ 411.615100][T10105] netlink_sendmsg+0x8b8/0xd70 [ 411.615138][T10105] ? __pfx_netlink_sendmsg+0x10/0x10 [ 411.615183][T10105] ____sys_sendmsg+0xaaf/0xc90 [ 411.615211][T10105] ? copy_msghdr_from_user+0x10b/0x160 [ 411.615248][T10105] ? __pfx_____sys_sendmsg+0x10/0x10 [ 411.615288][T10105] ___sys_sendmsg+0x135/0x1e0 [ 411.615325][T10105] ? __pfx____sys_sendmsg+0x10/0x10 [ 411.615373][T10105] ? __pfx_lock_release+0x10/0x10 [ 411.615406][T10105] ? trace_lock_acquire+0x14e/0x1f0 [ 411.615441][T10105] ? __fget_files+0x206/0x3a0 [ 411.615483][T10105] __sys_sendmsg+0x16e/0x220 [ 411.615520][T10105] ? __pfx___sys_sendmsg+0x10/0x10 [ 411.615574][T10105] do_syscall_64+0xcd/0x250 [ 411.615608][T10105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.615647][T10105] RIP: 0033:0x7fb3baf8d169 [ 411.615665][T10105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.615687][T10105] RSP: 002b:00007fb3bbe12038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 411.615708][T10105] RAX: ffffffffffffffda RBX: 00007fb3bb1a5fa0 RCX: 00007fb3baf8d169 [ 411.615723][T10105] RDX: 0000000000048000 RSI: 0000400000000100 RDI: 0000000000000003 [ 411.615737][T10105] RBP: 00007fb3bbe12090 R08: 0000000000000000 R09: 0000000000000000 [ 411.615751][T10105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.615764][T10105] R13: 0000000000000000 R14: 00007fb3bb1a5fa0 R15: 00007ffd8245b3c8 [ 411.615791][T10105] [ 416.260143][T10157] netlink: 'syz.3.1034': attribute type 1 has an invalid length. [ 419.023203][T10198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1043'. [ 419.418962][T10201] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.1044'. [ 420.137710][T10205] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 421.072941][T10217] ptrace attach of "./syz-executor exec"[5834] was attempted by "./syz-executor exec"[10217] [ 421.579901][T10223] QAT: Stopping all acceleration devices. [ 422.478367][T10237] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 422.690334][T10243] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 425.082697][T10269] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 425.129545][T10269] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 425.171491][T10269] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 425.196010][T10269] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 425.217591][T10269] CPU0 is offline. [ 425.476804][T10286] FAULT_INJECTION: forcing a failure. [ 425.476804][T10286] name failslab, interval 1, probability 0, space 0, times 0 [ 425.540965][T10286] CPU: 1 UID: 0 PID: 10286 Comm: syz.0.1070 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 425.540997][T10286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 425.541011][T10286] Call Trace: [ 425.541017][T10286] [ 425.541025][T10286] dump_stack_lvl+0x16c/0x1f0 [ 425.541063][T10286] should_fail_ex+0x50a/0x650 [ 425.541084][T10286] ? fs_reclaim_acquire+0xae/0x150 [ 425.541115][T10286] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 425.541156][T10286] should_failslab+0xc2/0x120 [ 425.541179][T10286] __kmalloc_noprof+0xcb/0x510 [ 425.541211][T10286] ? kasan_quarantine_put+0x10a/0x240 [ 425.541244][T10286] ? lockdep_hardirqs_on+0x7c/0x110 [ 425.541278][T10286] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 425.541323][T10286] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 425.541362][T10286] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 425.541420][T10286] ? trace_cap_capable+0x1a2/0x210 [ 425.541450][T10286] ? bpf_lsm_capable+0x9/0x10 [ 425.541473][T10286] ? security_capable+0x7e/0x260 [ 425.541496][T10286] ? ns_capable+0xd7/0x110 [ 425.541529][T10286] genl_rcv_msg+0x565/0x800 [ 425.541553][T10286] ? __pfx_genl_rcv_msg+0x10/0x10 [ 425.541574][T10286] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 425.541612][T10286] netlink_rcv_skb+0x16b/0x440 [ 425.541643][T10286] ? __pfx_genl_rcv_msg+0x10/0x10 [ 425.541665][T10286] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 425.541708][T10286] ? down_read+0xc9/0x330 [ 425.541739][T10286] ? __pfx_down_read+0x10/0x10 [ 425.541771][T10286] ? netlink_deliver_tap+0x1ae/0xd30 [ 425.541805][T10286] genl_rcv+0x28/0x40 [ 425.541836][T10286] netlink_unicast+0x53c/0x7f0 [ 425.541871][T10286] ? __pfx_netlink_unicast+0x10/0x10 [ 425.541903][T10286] ? __phys_addr_symbol+0x30/0x80 [ 425.541925][T10286] ? __check_object_size+0x488/0x710 [ 425.541950][T10286] netlink_sendmsg+0x8b8/0xd70 [ 425.541986][T10286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 425.542032][T10286] ____sys_sendmsg+0xaaf/0xc90 [ 425.542058][T10286] ? copy_msghdr_from_user+0x10b/0x160 [ 425.542092][T10286] ? __pfx_____sys_sendmsg+0x10/0x10 [ 425.542130][T10286] ___sys_sendmsg+0x135/0x1e0 [ 425.542165][T10286] ? __pfx____sys_sendmsg+0x10/0x10 [ 425.542209][T10286] ? __pfx_lock_release+0x10/0x10 [ 425.542240][T10286] ? trace_lock_acquire+0x14e/0x1f0 [ 425.542274][T10286] ? __fget_files+0x206/0x3a0 [ 425.542312][T10286] __sys_sendmsg+0x16e/0x220 [ 425.542347][T10286] ? __pfx___sys_sendmsg+0x10/0x10 [ 425.542402][T10286] do_syscall_64+0xcd/0x250 [ 425.542435][T10286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.542466][T10286] RIP: 0033:0x7f6393b8d169 [ 425.542483][T10286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.542505][T10286] RSP: 002b:00007f6394986038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 425.542525][T10286] RAX: ffffffffffffffda RBX: 00007f6393da5fa0 RCX: 00007f6393b8d169 [ 425.542540][T10286] RDX: 0000000004040000 RSI: 00004000000002c0 RDI: 0000000000000003 [ 425.542553][T10286] RBP: 00007f6394986090 R08: 0000000000000000 R09: 0000000000000000 [ 425.542567][T10286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.542579][T10286] R13: 0000000000000000 R14: 00007f6393da5fa0 R15: 00007ffe437c4258 [ 425.542605][T10286] [ 426.759186][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 427.175022][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 427.181099][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 427.254742][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 430.227743][T10319] FAULT_INJECTION: forcing a failure. [ 430.227743][T10319] name failslab, interval 1, probability 0, space 0, times 0 [ 430.355514][T10319] CPU: 1 UID: 0 PID: 10319 Comm: syz.0.1082 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 430.355546][T10319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 430.355560][T10319] Call Trace: [ 430.355566][T10319] [ 430.355575][T10319] dump_stack_lvl+0x16c/0x1f0 [ 430.355611][T10319] should_fail_ex+0x50a/0x650 [ 430.355633][T10319] ? fs_reclaim_acquire+0xae/0x150 [ 430.355664][T10319] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 430.355704][T10319] should_failslab+0xc2/0x120 [ 430.355726][T10319] __kmalloc_noprof+0xcb/0x510 [ 430.355759][T10319] ? kasan_quarantine_put+0x10a/0x240 [ 430.355792][T10319] ? lockdep_hardirqs_on+0x7c/0x110 [ 430.355825][T10319] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 430.355871][T10319] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 430.355910][T10319] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 430.355948][T10319] ? trace_cap_capable+0x1a2/0x210 [ 430.355979][T10319] ? bpf_lsm_capable+0x9/0x10 [ 430.356002][T10319] ? security_capable+0x7e/0x260 [ 430.356032][T10319] ? ns_capable+0xd7/0x110 [ 430.356067][T10319] genl_rcv_msg+0x565/0x800 [ 430.356092][T10319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 430.356114][T10319] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 430.356154][T10319] netlink_rcv_skb+0x16b/0x440 [ 430.356186][T10319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 430.356209][T10319] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 430.356253][T10319] ? down_read+0xc9/0x330 [ 430.356286][T10319] ? __pfx_down_read+0x10/0x10 [ 430.356320][T10319] ? netlink_deliver_tap+0x1ae/0xd30 [ 430.356355][T10319] genl_rcv+0x28/0x40 [ 430.356388][T10319] netlink_unicast+0x53c/0x7f0 [ 430.356425][T10319] ? __pfx_netlink_unicast+0x10/0x10 [ 430.356459][T10319] ? __phys_addr_symbol+0x30/0x80 [ 430.356482][T10319] ? __check_object_size+0x488/0x710 [ 430.356508][T10319] netlink_sendmsg+0x8b8/0xd70 [ 430.356548][T10319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 430.356593][T10319] ____sys_sendmsg+0xaaf/0xc90 [ 430.356621][T10319] ? copy_msghdr_from_user+0x10b/0x160 [ 430.356656][T10319] ? __pfx_____sys_sendmsg+0x10/0x10 [ 430.356696][T10319] ___sys_sendmsg+0x135/0x1e0 [ 430.356733][T10319] ? __pfx____sys_sendmsg+0x10/0x10 [ 430.356779][T10319] ? __pfx_lock_release+0x10/0x10 [ 430.356810][T10319] ? trace_lock_acquire+0x14e/0x1f0 [ 430.356846][T10319] ? __fget_files+0x206/0x3a0 [ 430.356886][T10319] __sys_sendmsg+0x16e/0x220 [ 430.356922][T10319] ? __pfx___sys_sendmsg+0x10/0x10 [ 430.356974][T10319] do_syscall_64+0xcd/0x250 [ 430.357008][T10319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.357046][T10319] RIP: 0033:0x7f6393b8d169 [ 430.357063][T10319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 430.357086][T10319] RSP: 002b:00007f6394986038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 430.357119][T10319] RAX: ffffffffffffffda RBX: 00007f6393da5fa0 RCX: 00007f6393b8d169 [ 430.357133][T10319] RDX: 0000000004040000 RSI: 00004000000002c0 RDI: 0000000000000003 [ 430.357147][T10319] RBP: 00007f6394986090 R08: 0000000000000000 R09: 0000000000000000 [ 430.357160][T10319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 430.357172][T10319] R13: 0000000000000000 R14: 00007f6393da5fa0 R15: 00007ffe437c4258 [ 430.357198][T10319] [ 433.127093][T10354] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1092'. [ 433.342621][T10341] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 433.395982][T10341] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 433.399673][T10341] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 433.399855][T10341] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 433.399912][T10341] CPU0 is offline. [ 433.686696][ T30] audit: type=1800 audit(6037010450.306:6): pid=10358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1093" name="dummy_udc" dev="gadgetfs" ino=7342 res=0 errno=0 [ 434.536239][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 434.938974][T10382] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(5) [ 435.417538][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 435.423958][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 435.432880][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 435.898946][T10383] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 435.986016][T10383] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 435.992042][T10383] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 436.059073][T10390] Process accounting paused [ 436.131707][T10383] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 436.201924][T10383] CPU0 is offline. [ 437.174895][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 438.054714][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 438.060824][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 438.135678][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 438.924342][T10427] QAT: Stopping all acceleration devices. [ 439.526432][T10442] Line length is too long: Should be less than 4094 [ 440.160569][T10431] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 440.240296][T10431] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 440.379546][T10431] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 440.415049][T10431] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 440.514190][T10431] CPU0 is offline. [ 441.834860][T10441] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 441.876261][T10441] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 441.923344][T10441] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 441.943150][T10441] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 441.978174][T10441] CPU0 is offline. [ 442.306155][T10490] QAT: Stopping all acceleration devices. [ 442.774832][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 443.159955][T10507] FAULT_INJECTION: forcing a failure. [ 443.159955][T10507] name failslab, interval 1, probability 0, space 0, times 0 [ 443.242422][T10507] CPU: 1 UID: 0 PID: 10507 Comm: syz.3.1125 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 443.242451][T10507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 443.242464][T10507] Call Trace: [ 443.242470][T10507] [ 443.242478][T10507] dump_stack_lvl+0x16c/0x1f0 [ 443.242514][T10507] should_fail_ex+0x50a/0x650 [ 443.242534][T10507] ? fs_reclaim_acquire+0xae/0x150 [ 443.242584][T10507] ? tomoyo_encode2+0x100/0x3e0 [ 443.242615][T10507] should_failslab+0xc2/0x120 [ 443.242637][T10507] __kmalloc_noprof+0xcb/0x510 [ 443.242672][T10507] ? d_absolute_path+0x137/0x1b0 [ 443.242697][T10507] ? rcu_is_watching+0x12/0xc0 [ 443.242723][T10507] tomoyo_encode2+0x100/0x3e0 [ 443.242780][T10507] tomoyo_encode+0x29/0x50 [ 443.242810][T10507] tomoyo_realpath_from_path+0x19d/0x720 [ 443.242849][T10507] tomoyo_path_number_perm+0x248/0x590 [ 443.242875][T10507] ? tomoyo_path_number_perm+0x235/0x590 [ 443.242907][T10507] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 443.242957][T10507] ? __pfx_lock_release+0x10/0x10 [ 443.242986][T10507] ? trace_lock_acquire+0x14e/0x1f0 [ 443.243014][T10507] ? lock_acquire+0x2f/0xb0 [ 443.243043][T10507] ? __fget_files+0x40/0x3a0 [ 443.243078][T10507] ? __fget_files+0x206/0x3a0 [ 443.243113][T10507] security_file_ioctl+0x9b/0x240 [ 443.243145][T10507] __x64_sys_ioctl+0xb7/0x200 [ 443.243175][T10507] do_syscall_64+0xcd/0x250 [ 443.243208][T10507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.243239][T10507] RIP: 0033:0x7fb578d8d169 [ 443.243256][T10507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 443.243278][T10507] RSP: 002b:00007fb579c4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 443.243298][T10507] RAX: ffffffffffffffda RBX: 00007fb578fa5fa0 RCX: 00007fb578d8d169 [ 443.243312][T10507] RDX: 0000400000000000 RSI: 0000000080605414 RDI: 0000000000000008 [ 443.243326][T10507] RBP: 00007fb579c4f090 R08: 0000000000000000 R09: 0000000000000000 [ 443.243339][T10507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 443.243351][T10507] R13: 0000000000000000 R14: 00007fb578fa5fa0 R15: 00007ffcf373bab8 [ 443.243378][T10507] [ 443.243392][T10507] ERROR: Out of memory at tomoyo_realpath_from_path. [ 443.411615][ C1] vkms_vblank_simulate: vblank timer overrun [ 443.787203][T10517] syz.1.1127 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 443.958437][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 444.037383][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 444.043458][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 444.801997][T10540] sg_read: process 1093 (syz.2.1131) changed security contexts after opening file descriptor, this is not allowed. [ 445.355434][T10557] QAT: Stopping all acceleration devices. [ 445.500235][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.507532][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.890272][T10563] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 446.972191][T10563] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 447.006546][T10563] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 447.051390][T10586] WARNING! power/level is deprecated; use power/control instead [ 447.097682][T10563] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 447.135978][T10563] CPU0 is offline. [ 447.140899][T10588] QAT: Stopping all acceleration devices. [ 447.485025][T10594] tipc: Started in network mode [ 447.490074][T10594] tipc: Node identity ee00, cluster identity 4711 [ 447.546696][T10594] tipc: Node number set to 60928 [ 447.778213][T10598] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1149'. [ 448.454659][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 449.015518][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 449.021566][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 449.178607][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 449.785815][T10624] Invalid ELF header magic: != ELF [ 451.181152][T10631] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 451.316611][T10631] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 451.322715][T10631] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 451.377235][T10649] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1158'. [ 451.456162][T10631] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 451.462143][T10631] CPU0 is offline. [ 451.994532][T10659] Invalid ELF header magic: != ELF [ 452.375031][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 453.114528][T10659] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1161'. [ 453.318624][T10659] geneve1: entered allmulticast mode [ 453.334869][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 453.341555][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 453.494767][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 453.830272][T10676] Invalid ELF header magic: != ELF [ 454.848148][T10684] sp0: Synchronizing with TNC [ 457.606582][ T30] audit: type=1800 audit(6037010474.226:7): pid=10718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1175" name="dummy_udc" dev="gadgetfs" ino=7342 res=0 errno=0 [ 461.441634][T10757] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 461.540338][T10757] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 461.681390][T10757] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 461.782279][T10757] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 461.865652][T10757] CPU0 is offline. [ 463.500455][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 463.577425][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 463.734754][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 463.814756][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout [ 464.275928][T10770] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 467.293853][T10821] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 470.871490][T10872] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 473.044984][T10903] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 473.151921][T10899] FAULT_INJECTION: forcing a failure. [ 473.151921][T10899] name fail_futex, interval 1, probability 0, space 0, times 1 [ 473.217576][T10899] CPU: 1 UID: 0 PID: 10899 Comm: syz.2.1219 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 473.217607][T10899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 473.217622][T10899] Call Trace: [ 473.217629][T10899] [ 473.217637][T10899] dump_stack_lvl+0x16c/0x1f0 [ 473.217673][T10899] should_fail_ex+0x50a/0x650 [ 473.217694][T10899] ? rcu_is_watching+0x12/0xc0 [ 473.217721][T10899] get_futex_key+0x4a3/0x1000 [ 473.217750][T10899] ? __pfx_get_futex_key+0x10/0x10 [ 473.217774][T10899] ? ___sys_sendmsg+0x147/0x1e0 [ 473.217811][T10899] ? __pfx____sys_sendmsg+0x10/0x10 [ 473.217850][T10899] futex_wake+0xe8/0x4e0 [ 473.217883][T10899] ? __pfx_futex_wake+0x10/0x10 [ 473.217926][T10899] do_futex+0x1e5/0x350 [ 473.217953][T10899] ? __pfx_do_futex+0x10/0x10 [ 473.217982][T10899] ? __sys_sendmsg+0x19a/0x220 [ 473.218026][T10899] __x64_sys_futex+0x1e1/0x4c0 [ 473.218055][T10899] ? __pfx_native_tss_update_io_bitmap+0x10/0x10 [ 473.218091][T10899] ? __pfx___x64_sys_futex+0x10/0x10 [ 473.218132][T10899] do_syscall_64+0xcd/0x250 [ 473.218165][T10899] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.218197][T10899] RIP: 0033:0x7f684b18d169 [ 473.218214][T10899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.218236][T10899] RSP: 002b:00007f684c0750e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 473.218257][T10899] RAX: ffffffffffffffda RBX: 00007f684b3a5fa8 RCX: 00007f684b18d169 [ 473.218272][T10899] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f684b3a5fac [ 473.218286][T10899] RBP: 00007f684b3a5fa0 R08: 00007f684c076000 R09: 0000000000000000 [ 473.218300][T10899] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f684b3a5fac [ 473.218314][T10899] R13: 0000000000000000 R14: 00007ffe048deee0 R15: 00007ffe048defc8 [ 473.218340][T10899] [ 473.410179][ C1] vkms_vblank_simulate: vblank timer overrun [ 473.564662][T10914] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1222'. [ 473.985794][T10902] tty tty48: ldisc open failed (-12), clearing slot 47 [ 475.588587][T10949] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1232'. [ 475.608719][T10945] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1230'. [ 476.200527][T10959] netlink: 'syz.0.1235': attribute type 1 has an invalid length. [ 476.353086][T10963] QAT: Stopping all acceleration devices. [ 477.822740][T10991] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 478.650870][T10977] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 478.688395][T10977] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 478.694472][T10977] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 478.745833][T10977] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 478.751818][T10977] CPU0 is offline. [ 479.450055][T11002] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 479.975146][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 480.775671][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 480.781722][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 480.788219][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 481.181813][T11018] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 481.246469][T11018] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 481.314764][T11018] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 481.349586][T11018] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 481.404841][T11018] CPU0 is offline. [ 482.776470][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 483.260570][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 483.334811][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 483.414781][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 483.557852][T11061] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1261'. [ 483.649331][T11063] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1261'. [ 485.513000][T11081] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1268'. [ 485.701786][T11089] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 486.655793][T11102] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 489.030248][T11134] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 490.996350][T11156] usbip-vudc usbip-vudc.0: gadget not bound [ 491.107851][T11159] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 491.333509][T11161] UHID_CREATE from different security context by process 1182 (syz.0.1285), this is not allowed. [ 491.952364][T11174] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1287'. syzkaller syzkaller login: [ 492.465947][T11186] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 493.537710][T11209] QAT: Stopping all acceleration devices. [ 495.603131][T11237] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 500.607903][T11275] FAULT_INJECTION: forcing a failure. [ 500.607903][T11275] name failslab, interval 1, probability 0, space 0, times 0 [ 500.666130][T11275] CPU: 1 UID: 0 PID: 11275 Comm: syz.1.1313 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 500.666163][T11275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 500.666177][T11275] Call Trace: [ 500.666184][T11275] [ 500.666192][T11275] dump_stack_lvl+0x16c/0x1f0 [ 500.666229][T11275] should_fail_ex+0x50a/0x650 [ 500.666251][T11275] ? fs_reclaim_acquire+0xae/0x150 [ 500.666283][T11275] should_failslab+0xc2/0x120 [ 500.666305][T11275] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 500.666344][T11275] ? __pfx___nla_validate_parse+0x10/0x10 [ 500.666371][T11275] ? ethnl_default_set_doit+0x32c/0x8b0 [ 500.666405][T11275] kmemdup_noprof+0x29/0x60 [ 500.666433][T11275] ethnl_default_set_doit+0x32c/0x8b0 [ 500.666464][T11275] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 500.666497][T11275] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 500.666537][T11275] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 500.666590][T11275] genl_family_rcv_msg_doit+0x202/0x2f0 [ 500.666630][T11275] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 500.666668][T11275] ? trace_cap_capable+0x1a2/0x210 [ 500.666700][T11275] ? bpf_lsm_capable+0x9/0x10 [ 500.666723][T11275] ? security_capable+0x7e/0x260 [ 500.666747][T11275] ? ns_capable+0xd7/0x110 [ 500.666782][T11275] genl_rcv_msg+0x565/0x800 [ 500.666807][T11275] ? __pfx_genl_rcv_msg+0x10/0x10 [ 500.666829][T11275] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 500.666869][T11275] netlink_rcv_skb+0x16b/0x440 [ 500.666902][T11275] ? __pfx_genl_rcv_msg+0x10/0x10 [ 500.666925][T11275] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 500.666970][T11275] ? down_read+0xc9/0x330 [ 500.667002][T11275] ? __pfx_down_read+0x10/0x10 [ 500.667036][T11275] ? netlink_deliver_tap+0x1ae/0xd30 [ 500.667072][T11275] genl_rcv+0x28/0x40 [ 500.667105][T11275] netlink_unicast+0x53c/0x7f0 [ 500.667141][T11275] ? __pfx_netlink_unicast+0x10/0x10 [ 500.667176][T11275] ? __phys_addr_symbol+0x30/0x80 [ 500.667198][T11275] ? __check_object_size+0x488/0x710 [ 500.667225][T11275] netlink_sendmsg+0x8b8/0xd70 [ 500.667263][T11275] ? __pfx_netlink_sendmsg+0x10/0x10 [ 500.667307][T11275] ____sys_sendmsg+0xaaf/0xc90 [ 500.667334][T11275] ? copy_msghdr_from_user+0x10b/0x160 [ 500.667369][T11275] ? __pfx_____sys_sendmsg+0x10/0x10 [ 500.667409][T11275] ___sys_sendmsg+0x135/0x1e0 [ 500.667446][T11275] ? __pfx____sys_sendmsg+0x10/0x10 [ 500.667492][T11275] ? __pfx_lock_release+0x10/0x10 [ 500.667524][T11275] ? trace_lock_acquire+0x14e/0x1f0 [ 500.667563][T11275] ? __fget_files+0x206/0x3a0 [ 500.667604][T11275] __sys_sendmsg+0x16e/0x220 [ 500.667640][T11275] ? __pfx___sys_sendmsg+0x10/0x10 [ 500.667694][T11275] do_syscall_64+0xcd/0x250 [ 500.667728][T11275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.667761][T11275] RIP: 0033:0x7fb3baf8d169 [ 500.667779][T11275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 500.667801][T11275] RSP: 002b:00007fb3bbe12038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 500.667822][T11275] RAX: ffffffffffffffda RBX: 00007fb3bb1a5fa0 RCX: 00007fb3baf8d169 [ 500.667837][T11275] RDX: 0000000004040000 RSI: 00004000000002c0 RDI: 0000000000000003 [ 500.667851][T11275] RBP: 00007fb3bbe12090 R08: 0000000000000000 R09: 0000000000000000 [ 500.667864][T11275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 500.667877][T11275] R13: 0000000000000000 R14: 00007fb3bb1a5fa0 R15: 00007ffd8245b3c8 [ 500.667905][T11275] [ 501.865976][T11282] netlink: 'syz.1.1316': attribute type 11 has an invalid length. [ 502.062530][T11286] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1319'. [ 503.398318][T11296] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 503.447679][T11307] random: crng reseeded on system resumption [ 505.318465][T11325] ======================================================= [ 505.318465][T11325] WARNING: The mand mount option has been deprecated and [ 505.318465][T11325] and is ignored by this kernel. Remove the mand [ 505.318465][T11325] option from the mount to silence this warning. [ 505.318465][T11325] ======================================================= [ 505.353395][ C1] vkms_vblank_simulate: vblank timer overrun [ 506.201148][T11336] Invalid ELF header magic: != ELF [ 506.666342][T11345] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 506.941435][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.948818][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 508.929540][T11352] netlink: 'syz.2.1332': attribute type 4 has an invalid length. [ 510.506058][T11381] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 513.158549][T11405] can: request_module (can-proto-0) failed. [ 513.830976][T11413] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 513.892547][T11413] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 513.963474][T11413] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 514.065392][T11413] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 514.109199][T11413] CPU0 is offline. [ 514.626796][T11426] kAFS: No cell specified [ 515.094793][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 515.895569][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 515.975737][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 516.134762][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 516.770567][T11458] queue_state_write: unsupported operation '' [ 516.792634][T11458] queue_state_write: use 'run', 'start' or 'kick' [ 518.568058][T11456] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 518.582852][T11478] Invalid ELF header magic: != ELF [ 518.607762][T11456] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 518.614813][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 518.663741][T11456] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 518.704333][T11456] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 518.782813][T11456] CPU0 is offline. [ 519.415477][T11489] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1368'. [ 520.614793][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 520.694690][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 520.776517][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 521.499286][T11526] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1378'. [ 524.008064][T11537] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 524.049878][T11537] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 524.082697][T11537] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 524.127573][T11537] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 524.133544][T11537] CPU0 is offline. [ 525.014767][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 525.183776][T11557] sctp: [Deprecated]: syz.1.1387 (pid 11557) Use of struct sctp_assoc_value in delayed_ack socket option. [ 525.183776][T11557] Use struct sctp_sack_info instead [ 526.055699][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 526.135025][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 526.239048][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 527.012352][T11580] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 527.103633][T11580] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 527.137866][T11580] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 527.143941][T11580] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 527.258773][T11580] CPU0 is offline. [ 527.713769][T11609] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1400'. [ 527.782311][T11609] ipvlan1: entered allmulticast mode [ 527.815706][T11609] veth0_vlan: entered allmulticast mode [ 528.534894][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 529.174825][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 529.180933][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 529.187949][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 530.019324][T11618] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 530.053818][T11618] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 530.080190][T11618] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 530.105431][T11618] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 530.133987][T11618] CPU0 is offline. [ 530.449168][T11640] Invalid ELF header magic: != ELF [ 530.854818][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 531.725894][T11654] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1409'. [ 531.940108][T11654] geneve1: entered allmulticast mode [ 532.002532][T11669] Invalid ELF header magic: != ELF [ 532.055573][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 532.134812][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 532.140918][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 532.415551][T11656] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 532.461257][T11656] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 532.478901][T11674] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1417'. [ 532.510324][T11656] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 532.532987][T11656] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 532.561606][T11656] CPU0 is offline. [ 532.653244][T11676] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1417'. [ 532.668667][T11654] Invalid ELF header magic: != ELF [ 533.576022][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 534.535633][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 534.541702][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 534.548071][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout [ 534.969605][T11699] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 535.038137][T11699] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 535.126306][T11699] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 535.197820][T11699] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 535.247326][T11699] CPU0 is offline. [ 536.375216][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 537.096528][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 537.102612][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 537.176363][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 538.352703][T11761] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1440'. [ 538.415184][T11740] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 538.433980][T11740] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 538.448822][T11740] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 538.462803][T11740] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 538.477275][T11740] CPU0 is offline. [ 538.811057][T11767] misc userio: No port type given on /dev/userio [ 539.020912][T11773] FAULT_INJECTION: forcing a failure. [ 539.020912][T11773] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 539.084431][T11773] CPU: 1 UID: 0 PID: 11773 Comm: syz.2.1444 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 539.084460][T11773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 539.084473][T11773] Call Trace: [ 539.084479][T11773] [ 539.084486][T11773] dump_stack_lvl+0x16c/0x1f0 [ 539.084520][T11773] should_fail_ex+0x50a/0x650 [ 539.084543][T11773] _copy_from_user+0x2e/0xd0 [ 539.084570][T11773] vt_ioctl+0x450/0x2f80 [ 539.084593][T11773] ? __pfx_vt_ioctl+0x10/0x10 [ 539.084613][T11773] ? tomoyo_path_number_perm+0x46d/0x590 [ 539.084643][T11773] ? tomoyo_path_number_perm+0x190/0x590 [ 539.084669][T11773] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 539.084694][T11773] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 539.084728][T11773] ? do_vfs_ioctl+0x513/0x1990 [ 539.084752][T11773] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 539.084785][T11773] ? tty_jobctrl_ioctl+0x152/0xe00 [ 539.084805][T11773] ? __pfx_vt_ioctl+0x10/0x10 [ 539.084825][T11773] tty_ioctl+0x651/0x15d0 [ 539.084871][T11773] ? __pfx_tty_ioctl+0x10/0x10 [ 539.084903][T11773] ? __pfx_lock_release+0x10/0x10 [ 539.084933][T11773] ? trace_lock_acquire+0x14e/0x1f0 [ 539.084966][T11773] ? __fget_files+0x206/0x3a0 [ 539.085002][T11773] ? __pfx_tty_ioctl+0x10/0x10 [ 539.085041][T11773] __x64_sys_ioctl+0x190/0x200 [ 539.085068][T11773] do_syscall_64+0xcd/0x250 [ 539.085105][T11773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.085135][T11773] RIP: 0033:0x7f684b18d169 [ 539.085151][T11773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 539.085170][T11773] RSP: 002b:00007f684c075038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 539.085190][T11773] RAX: ffffffffffffffda RBX: 00007f684b3a5fa0 RCX: 00007f684b18d169 [ 539.085203][T11773] RDX: 0000000000000000 RSI: 0000000000004b72 RDI: 0000000000000003 [ 539.085215][T11773] RBP: 00007f684c075090 R08: 0000000000000000 R09: 0000000000000000 [ 539.085228][T11773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 539.085239][T11773] R13: 0000000000000000 R14: 00007f684b3a5fa0 R15: 00007ffe048defc8 [ 539.085263][T11773] [ 539.298097][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.683247][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 540.454765][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 540.460866][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 540.535058][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 540.750661][T11796] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1449'. [ 543.912635][T11826] Invalid ELF header magic: != ELF [ 545.685435][T11838] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 546.656114][T11873] FAULT_INJECTION: forcing a failure. [ 546.656114][T11873] name failslab, interval 1, probability 0, space 0, times 0 [ 546.850346][T11873] CPU: 1 UID: 0 PID: 11873 Comm: syz.0.1469 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 546.850379][T11873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 546.850393][T11873] Call Trace: [ 546.850400][T11873] [ 546.850408][T11873] dump_stack_lvl+0x16c/0x1f0 [ 546.850447][T11873] should_fail_ex+0x50a/0x650 [ 546.850469][T11873] ? fs_reclaim_acquire+0xae/0x150 [ 546.850500][T11873] should_failslab+0xc2/0x120 [ 546.850522][T11873] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 546.850558][T11873] ? __alloc_skb+0x2b1/0x380 [ 546.850594][T11873] __alloc_skb+0x2b1/0x380 [ 546.850626][T11873] ? __pfx___alloc_skb+0x10/0x10 [ 546.850668][T11873] netlink_alloc_large_skb+0x69/0x130 [ 546.850704][T11873] netlink_sendmsg+0x689/0xd70 [ 546.850741][T11873] ? __pfx_netlink_sendmsg+0x10/0x10 [ 546.850783][T11873] ____sys_sendmsg+0xaaf/0xc90 [ 546.850810][T11873] ? copy_msghdr_from_user+0x10b/0x160 [ 546.850845][T11873] ? __pfx_____sys_sendmsg+0x10/0x10 [ 546.850883][T11873] ___sys_sendmsg+0x135/0x1e0 [ 546.850919][T11873] ? __pfx____sys_sendmsg+0x10/0x10 [ 546.850964][T11873] ? __pfx_lock_release+0x10/0x10 [ 546.850995][T11873] ? trace_lock_acquire+0x14e/0x1f0 [ 546.851030][T11873] ? __fget_files+0x206/0x3a0 [ 546.851070][T11873] __sys_sendmsg+0x16e/0x220 [ 546.851105][T11873] ? __pfx___sys_sendmsg+0x10/0x10 [ 546.851156][T11873] do_syscall_64+0xcd/0x250 [ 546.851190][T11873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.851222][T11873] RIP: 0033:0x7f6393b8d169 [ 546.851239][T11873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.851262][T11873] RSP: 002b:00007f6394944038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 546.851283][T11873] RAX: ffffffffffffffda RBX: 00007f6393da6160 RCX: 00007f6393b8d169 [ 546.851298][T11873] RDX: 0000000020004884 RSI: 0000400000000ac0 RDI: 0000000000000003 [ 546.851312][T11873] RBP: 00007f6394944090 R08: 0000000000000000 R09: 0000000000000000 [ 546.851330][T11873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 546.851343][T11873] R13: 0000000000000000 R14: 00007f6393da6160 R15: 00007ffe437c4258 [ 546.851369][T11873] [ 547.071236][ C1] vkms_vblank_simulate: vblank timer overrun [ 548.397793][T11892] QAT: Stopping all acceleration devices. [ 549.228275][T11920] net_ratelimit: 106 callbacks suppressed [ 549.228295][T11920] openvswitch: netlink: IP tunnel dst address not specified [ 549.670438][T11920] zswap: compressor not available [ 551.394949][T11916] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 551.410916][T11916] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 551.417659][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 551.714890][T11916] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 551.729055][T11916] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 551.822554][T11916] CPU0 is offline. [ 553.414658][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 553.734830][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 553.740926][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 554.146165][T11950] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1481'. [ 554.216478][T11950] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1481'. syzkaller syzkaller login: syzkaller syzkaller login: [ 559.824676][T12047] cougar: G6 mapped to space [ 559.888966][T12050] cougar: G6 mapped to space [ 562.299931][T12048] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 562.335277][T12048] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 562.363765][T12048] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 562.390892][T12048] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 562.421701][T12048] CPU0 is offline. [ 562.855695][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 564.382664][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 564.388942][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 564.424528][T12128] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 564.459664][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 564.598351][T12106] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 564.631453][T12106] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 564.661552][T12106] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 564.707996][T12106] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 564.713999][T12106] CPU0 is offline. [ 565.240866][T12143] FAULT_INJECTION: forcing a failure. [ 565.240866][T12143] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 565.385472][T12143] CPU: 1 UID: 0 PID: 12143 Comm: syz.1.1521 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 565.385506][T12143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 565.385521][T12143] Call Trace: [ 565.385528][T12143] [ 565.385537][T12143] dump_stack_lvl+0x16c/0x1f0 [ 565.385574][T12143] should_fail_ex+0x50a/0x650 [ 565.385595][T12143] ? __pfx___might_resched+0x10/0x10 [ 565.385641][T12143] should_fail_alloc_page+0xe7/0x130 [ 565.385666][T12143] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 565.385698][T12143] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 565.385729][T12143] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 565.385768][T12143] ? unwind_get_return_address+0x59/0xa0 [ 565.385804][T12143] ? arch_stack_walk+0xa7/0x100 [ 565.385832][T12143] ? hlock_class+0x4e/0x130 [ 565.385856][T12143] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 565.385904][T12143] ? __pfx___lock_acquire+0x10/0x10 [ 565.385935][T12143] ? kasan_save_stack+0x42/0x60 [ 565.385968][T12143] ? kasan_save_stack+0x33/0x60 [ 565.386000][T12143] ? kasan_save_track+0x14/0x30 [ 565.386032][T12143] ? __kasan_slab_alloc+0x89/0x90 [ 565.386067][T12143] ? kmem_cache_alloc_node_noprof+0x223/0x3c0 [ 565.386102][T12143] ? alloc_vmap_area+0x636/0x2a60 [ 565.386128][T12143] ? __get_vm_area_node+0x19e/0x2f0 [ 565.386156][T12143] ? __vmalloc_node_range_noprof+0x26a/0x1530 [ 565.386189][T12143] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 565.386227][T12143] ? policy_nodemask+0xea/0x4e0 [ 565.386251][T12143] alloc_pages_mpol+0x1fc/0x540 [ 565.386274][T12143] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 565.386295][T12143] ? __page_table_check_ptes_set+0x16b/0x3e0 [ 565.386333][T12143] ? do_raw_spin_lock+0x12d/0x2c0 [ 565.386355][T12143] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 565.386381][T12143] alloc_pages_noprof+0x131/0x390 [ 565.386403][T12143] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 565.386436][T12143] get_free_pages_noprof+0xc/0x40 [ 565.386461][T12143] kasan_populate_vmalloc_pte+0x2d/0x160 [ 565.386495][T12143] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 565.386534][T12143] __apply_to_page_range+0x5fd/0xd30 [ 565.386569][T12143] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 565.386608][T12143] ? __pfx___apply_to_page_range+0x10/0x10 [ 565.386657][T12143] ? insert_vmap_area+0x2ef/0x4d0 [ 565.386687][T12143] alloc_vmap_area+0x93e/0x2a60 [ 565.386726][T12143] ? __pfx_alloc_vmap_area+0x10/0x10 [ 565.386761][T12143] __get_vm_area_node+0x19e/0x2f0 [ 565.386796][T12143] __vmalloc_node_range_noprof+0x26a/0x1530 [ 565.386829][T12143] ? __do_sys_listmount+0x1bf/0xeb0 [ 565.386864][T12143] ? find_held_lock+0x2d/0x110 [ 565.386891][T12143] ? __do_sys_listmount+0x1bf/0xeb0 [ 565.386927][T12143] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 565.386961][T12143] ? rcu_is_watching+0x12/0xc0 [ 565.386985][T12143] ? trace_kmalloc+0x2d/0xd0 [ 565.387010][T12143] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 565.387036][T12143] ? __do_sys_listmount+0x1bf/0xeb0 [ 565.387068][T12143] __kvmalloc_node_noprof+0x14f/0x1a0 [ 565.387100][T12143] ? __do_sys_listmount+0x1bf/0xeb0 [ 565.387132][T12143] __do_sys_listmount+0x1bf/0xeb0 [ 565.387167][T12143] ? __x64_sys_futex+0x1e1/0x4c0 [ 565.387194][T12143] ? __x64_sys_futex+0x1ea/0x4c0 [ 565.387224][T12143] ? __pfx___do_sys_listmount+0x10/0x10 [ 565.387255][T12143] ? xfd_validate_state+0x5d/0x180 [ 565.387297][T12143] do_syscall_64+0xcd/0x250 [ 565.387331][T12143] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.387364][T12143] RIP: 0033:0x7fb3baf8d169 [ 565.387383][T12143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 565.387406][T12143] RSP: 002b:00007fb3bbdf1038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 565.387428][T12143] RAX: ffffffffffffffda RBX: 00007fb3bb1a6080 RCX: 00007fb3baf8d169 [ 565.387443][T12143] RDX: 00000000000f423f RSI: 0000000000000000 RDI: 0000400000000100 [ 565.387457][T12143] RBP: 00007fb3bb00e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 565.387487][T12143] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 565.387501][T12143] R13: 0000000000000000 R14: 00007fb3bb1a6080 R15: 00007ffd8245b3c8 [ 565.387528][T12143] [ 566.139753][T12143] syz.1.1521: vmalloc error: size 7999992, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 566.155188][T12143] CPU: 1 UID: 0 PID: 12143 Comm: syz.1.1521 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 566.155219][T12143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 566.155233][T12143] Call Trace: [ 566.155241][T12143] [ 566.155250][T12143] dump_stack_lvl+0x16c/0x1f0 [ 566.155286][T12143] warn_alloc+0x24d/0x3a0 [ 566.155324][T12143] ? __pfx_warn_alloc+0x10/0x10 [ 566.155362][T12143] ? kfree+0x2c4/0x4d0 [ 566.155397][T12143] ? __get_vm_area_node+0x1dc/0x2f0 [ 566.155434][T12143] __vmalloc_node_range_noprof+0xd24/0x1530 [ 566.155470][T12143] ? find_held_lock+0x2d/0x110 [ 566.155497][T12143] ? __do_sys_listmount+0x1bf/0xeb0 [ 566.155534][T12143] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 566.155568][T12143] ? rcu_is_watching+0x12/0xc0 [ 566.155592][T12143] ? trace_kmalloc+0x2d/0xd0 [ 566.155617][T12143] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 566.155643][T12143] ? __do_sys_listmount+0x1bf/0xeb0 [ 566.155675][T12143] __kvmalloc_node_noprof+0x14f/0x1a0 [ 566.155708][T12143] ? __do_sys_listmount+0x1bf/0xeb0 [ 566.155739][T12143] __do_sys_listmount+0x1bf/0xeb0 [ 566.155774][T12143] ? __x64_sys_futex+0x1e1/0x4c0 [ 566.155802][T12143] ? __x64_sys_futex+0x1ea/0x4c0 [ 566.155837][T12143] ? __pfx___do_sys_listmount+0x10/0x10 [ 566.155868][T12143] ? xfd_validate_state+0x5d/0x180 [ 566.155911][T12143] do_syscall_64+0xcd/0x250 [ 566.155946][T12143] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.155979][T12143] RIP: 0033:0x7fb3baf8d169 [ 566.155998][T12143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 566.156021][T12143] RSP: 002b:00007fb3bbdf1038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 566.156043][T12143] RAX: ffffffffffffffda RBX: 00007fb3bb1a6080 RCX: 00007fb3baf8d169 [ 566.156058][T12143] RDX: 00000000000f423f RSI: 0000000000000000 RDI: 0000400000000100 [ 566.156072][T12143] RBP: 00007fb3bb00e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 566.156086][T12143] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 566.156100][T12143] R13: 0000000000000000 R14: 00007fb3bb1a6080 R15: 00007ffd8245b3c8 [ 566.156127][T12143] [ 566.156136][T12143] Mem-Info: [ 566.410894][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 566.654709][T12143] active_anon:32896 inactive_anon:0 isolated_anon:0 [ 566.654709][T12143] active_file:9600 inactive_file:43383 isolated_file:0 [ 566.654709][T12143] unevictable:246 dirty:685 writeback:4 [ 566.654709][T12143] slab_reclaimable:10655 slab_unreclaimable:94823 [ 566.654709][T12143] mapped:38511 shmem:24080 pagetables:871 [ 566.654709][T12143] sec_pagetables:0 bounce:0 [ 566.654709][T12143] kernel_misc_reclaimable:0 [ 566.654709][T12143] free:1312719 free_pcp:2144 free_cma:0 [ 566.785924][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 566.791995][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 566.802183][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 566.844691][T12143] Node 0 active_anon:135584kB inactive_anon:0kB active_file:40740kB inactive_file:173528kB unevictable:492kB isolated(anon):0kB isolated(file):0kB mapped:159140kB dirty:2740kB writeback:16kB shmem:99828kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10288kB pagetables:3484kB sec_pagetables:0kB all_unreclaimable? no [ 566.954831][T12143] Node 1 active_anon:1044kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:492kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 567.064710][T12143] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 567.169881][T12143] lowmem_reserve[]: 0 2487 2487 2487 2487 [ 567.179997][T12143] Node 0 DMA32 free:1313532kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:145196kB inactive_anon:0kB active_file:45316kB inactive_file:173440kB unevictable:492kB writepending:2080kB present:3129332kB managed:2547512kB mlocked:0kB bounce:0kB free_pcp:8544kB local_pcp:8544kB free_cma:0kB [ 567.284725][T12143] lowmem_reserve[]: 0 0 0 0 0 [ 567.289521][T12143] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:88kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 567.411834][T12143] lowmem_reserve[]: 0 0 0 0 0 [ 567.421980][T12143] Node 1 Normal free:3895844kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:1044kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:492kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:5068kB local_pcp:5068kB free_cma:0kB [ 567.544713][T12143] lowmem_reserve[]: 0 0 0 0 0 [ 567.549512][T12143] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 567.635556][T12143] Node 0 DMA32: 241*4kB (UME) 75*8kB (UE) 118*16kB (UE) 1756*32kB (UME) 1962*64kB (UME) 1106*128kB (UME) 530*256kB (UME) 214*512kB (UME) 65*1024kB (UME) 17*2048kB (UME) 154*4096kB (UME) = 1304188kB [ 567.708123][T12143] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 567.753074][T12143] Node 1 Normal: 241*4kB (UME) 78*8kB (UE) 51*16kB (UME) 256*32kB (UE) 111*64kB (UE) 36*128kB (UME) 15*256kB (UME) 8*512kB (UME) 1*1024kB (M) 3*2048kB (ME) 942*4096kB (UM) = 3895844kB [ 567.810039][T12143] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 567.842316][T12143] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 567.875554][T12143] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 567.913274][T12143] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 567.946210][T12143] 88247 total pagecache pages [ 567.962018][T12143] 4 pages in swap cache [ 567.976349][T12143] Free swap = 124612kB [ 567.989662][T12143] Total swap = 124996kB [ 568.003940][T12143] 2097051 pages RAM [ 568.020153][T12143] 0 pages HighMem/MovableOnly [ 568.038826][T12143] 428515 pages reserved [ 568.053060][T12143] 0 pages cma reserved [ 568.377840][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.384427][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.301329][T12177] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 573.468176][T12237] netlink: 'syz.1.1545': attribute type 6 has an invalid length. [ 573.611254][T12239] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1543'. [ 573.641438][T12234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1544'. [ 573.771060][T12241] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1546'. @[ 576.962865][T12265] __vm_enough_memory: pid: 12265, comm: syz.0.1552, bytes: 4503599627366400 not enough memory for the allocation [ 578.217063][T12301] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 578.338016][T12312] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 578.391313][T12306] Invalid ELF header magic: != ELF [ 580.250550][T12331] random: crng reseeded on system resumption [ 581.986486][T12359] FAULT_INJECTION: forcing a failure. [ 581.986486][T12359] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 582.154703][T12359] CPU: 1 UID: 0 PID: 12359 Comm: syz.2.1576 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 582.154736][T12359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 582.154751][T12359] Call Trace: [ 582.154757][T12359] [ 582.154766][T12359] dump_stack_lvl+0x16c/0x1f0 [ 582.154802][T12359] should_fail_ex+0x50a/0x650 [ 582.154827][T12359] _copy_to_user+0x32/0xd0 [ 582.154855][T12359] simple_read_from_buffer+0xd0/0x160 [ 582.154888][T12359] proc_fail_nth_read+0x198/0x270 [ 582.154917][T12359] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 582.154947][T12359] ? rw_verify_area+0xcf/0x680 [ 582.154975][T12359] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 582.155003][T12359] vfs_read+0x1df/0xbf0 [ 582.155035][T12359] ? __fget_files+0x1fc/0x3a0 [ 582.155068][T12359] ? __pfx___mutex_lock+0x10/0x10 [ 582.155101][T12359] ? __pfx_vfs_read+0x10/0x10 [ 582.155145][T12359] ? __fget_files+0x206/0x3a0 [ 582.155186][T12359] ksys_read+0x12b/0x250 [ 582.155216][T12359] ? __pfx_ksys_read+0x10/0x10 [ 582.155255][T12359] do_syscall_64+0xcd/0x250 [ 582.155290][T12359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.155322][T12359] RIP: 0033:0x7f684b18bb7c [ 582.155340][T12359] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 582.155362][T12359] RSP: 002b:00007f684c075030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 582.155383][T12359] RAX: ffffffffffffffda RBX: 00007f684b3a5fa0 RCX: 00007f684b18bb7c [ 582.155398][T12359] RDX: 000000000000000f RSI: 00007f684c0750a0 RDI: 0000000000000004 [ 582.155412][T12359] RBP: 00007f684c075090 R08: 0000000000000000 R09: 0000000000000000 [ 582.155426][T12359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 582.155439][T12359] R13: 0000000000000000 R14: 00007f684b3a5fa0 R15: 00007ffe048defc8 [ 582.155467][T12359] [ 582.349374][ C1] vkms_vblank_simulate: vblank timer overrun [ 582.716808][T12364] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1578'. [ 583.424254][T12383] QAT: Stopping all acceleration devices. [ 585.926480][T12406] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1589'. [ 586.435160][T12411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1591'. [ 586.486244][T12412] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1591'. [ 586.667820][T12418] QAT: Stopping all acceleration devices. [ 587.504052][T12435] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 587.689186][ T5149] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 589.254719][T12462] FAULT_INJECTION: forcing a failure. [ 589.254719][T12462] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 589.474692][T12462] CPU: 1 UID: 0 PID: 12462 Comm: syz.2.1606 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 589.474724][T12462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 589.474738][T12462] Call Trace: [ 589.474744][T12462] [ 589.474752][T12462] dump_stack_lvl+0x16c/0x1f0 [ 589.474790][T12462] should_fail_ex+0x50a/0x650 [ 589.474815][T12462] _copy_from_user+0x2e/0xd0 [ 589.474840][T12462] copy_msghdr_from_user+0x99/0x160 [ 589.474877][T12462] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 589.474919][T12462] ? __pfx___lock_acquire+0x10/0x10 [ 589.474955][T12462] ___sys_recvmsg+0xdc/0x1a0 [ 589.474990][T12462] ? __pfx____sys_recvmsg+0x10/0x10 [ 589.475024][T12462] ? find_held_lock+0x2d/0x110 [ 589.475060][T12462] ? __pfx___might_resched+0x10/0x10 [ 589.475095][T12462] ? __might_fault+0xe3/0x190 [ 589.475122][T12462] do_recvmmsg+0x2f8/0x740 [ 589.475161][T12462] ? __pfx_do_recvmmsg+0x10/0x10 [ 589.475193][T12462] ? vfs_write+0x306/0x1150 [ 589.475230][T12462] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 589.475269][T12462] ? __fget_files+0x206/0x3a0 [ 589.475309][T12462] __x64_sys_recvmmsg+0x239/0x290 [ 589.475331][T12462] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 589.475360][T12462] do_syscall_64+0xcd/0x250 [ 589.475393][T12462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.475426][T12462] RIP: 0033:0x7f684b18d169 [ 589.475450][T12462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 589.475473][T12462] RSP: 002b:00007f684c075038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 589.475495][T12462] RAX: ffffffffffffffda RBX: 00007f684b3a5fa0 RCX: 00007f684b18d169 [ 589.475510][T12462] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 589.475523][T12462] RBP: 00007f684c075090 R08: 0000000000000000 R09: 0000000000000000 [ 589.475537][T12462] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000002 [ 589.475549][T12462] R13: 0000000000000000 R14: 00007f684b3a5fa0 R15: 00007ffe048defc8 [ 589.475575][T12462] [ 591.372675][T12493] QAT: Stopping all acceleration devices. [ 592.276695][T12515] random: crng reseeded on system resumption [ 592.410166][T12520] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1624'. [ 594.266758][ T30] audit: type=1800 audit(4294967337.175:8): pid=12549 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1632" name="lu_gp_id" dev="configfs" ino=38259 res=0 errno=0 [ 597.868189][T12629] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1648'. [ 598.215456][T12633] sctp: [Deprecated]: syz.1.1649 (pid 12633) Use of struct sctp_assoc_value in delayed_ack socket option. [ 598.215456][T12633] Use struct sctp_sack_info instead [ 598.350422][T12634] MTRR 1 not used [ 598.817187][T12645] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1653'. [ 602.508464][T12698] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1665'. [ 603.561693][T12710] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 607.772796][T12756] could not allocate digest TFM handle [ 608.115394][T12783] serio: Serial port ptm0 [ 611.871924][T12841] syz.0.1699(12841): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 612.530643][T12852] random: crng reseeded on system resumption [ 615.375658][T12904] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1716'. [ 615.628893][T12904] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 615.653903][T12904] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 615.802371][T12904] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 615.845943][T12904] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 617.402130][T12933] FAULT_INJECTION: forcing a failure. [ 617.402130][T12933] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 617.478364][T12933] CPU: 1 UID: 0 PID: 12933 Comm: syz.2.1722 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 617.478397][T12933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 617.478411][T12933] Call Trace: [ 617.478417][T12933] [ 617.478426][T12933] dump_stack_lvl+0x16c/0x1f0 [ 617.478463][T12933] should_fail_ex+0x50a/0x650 [ 617.478489][T12933] _copy_to_user+0x32/0xd0 [ 617.478517][T12933] simple_read_from_buffer+0xd0/0x160 [ 617.478549][T12933] proc_fail_nth_read+0x198/0x270 [ 617.478580][T12933] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 617.478610][T12933] ? rw_verify_area+0xcf/0x680 [ 617.478638][T12933] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 617.478666][T12933] vfs_read+0x1df/0xbf0 [ 617.478698][T12933] ? __fget_files+0x1fc/0x3a0 [ 617.478732][T12933] ? __pfx___mutex_lock+0x10/0x10 [ 617.478764][T12933] ? __pfx_vfs_read+0x10/0x10 [ 617.478803][T12933] ? __fget_files+0x206/0x3a0 [ 617.478844][T12933] ksys_read+0x12b/0x250 [ 617.478875][T12933] ? __pfx_ksys_read+0x10/0x10 [ 617.478918][T12933] do_syscall_64+0xcd/0x250 [ 617.478953][T12933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.478986][T12933] RIP: 0033:0x7f684b18bb7c [ 617.479004][T12933] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 617.479027][T12933] RSP: 002b:00007f684c075030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 617.479048][T12933] RAX: ffffffffffffffda RBX: 00007f684b3a5fa0 RCX: 00007f684b18bb7c [ 617.479063][T12933] RDX: 000000000000000f RSI: 00007f684c0750a0 RDI: 0000000000000006 [ 617.479077][T12933] RBP: 00007f684c075090 R08: 0000000000000000 R09: 0000000000000000 [ 617.479090][T12933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 617.479104][T12933] R13: 0000000000000000 R14: 00007f684b3a5fa0 R15: 00007ffe048defc8 [ 617.479131][T12933] [ 618.205439][T12938] FAULT_INJECTION: forcing a failure. [ 618.205439][T12938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 618.244724][T12938] CPU: 1 UID: 0 PID: 12938 Comm: syz.2.1724 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 618.244758][T12938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 618.244773][T12938] Call Trace: [ 618.244779][T12938] [ 618.244788][T12938] dump_stack_lvl+0x16c/0x1f0 [ 618.244825][T12938] should_fail_ex+0x50a/0x650 [ 618.244851][T12938] _copy_from_user+0x2e/0xd0 [ 618.244878][T12938] copy_msghdr_from_user+0x99/0x160 [ 618.244921][T12938] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 618.244958][T12938] ? __lock_acquire+0xcc5/0x3c40 [ 618.245003][T12938] ___sys_sendmsg+0xff/0x1e0 [ 618.245041][T12938] ? __pfx____sys_sendmsg+0x10/0x10 [ 618.245090][T12938] ? trace_lock_acquire+0x14e/0x1f0 [ 618.245134][T12938] __sys_sendmmsg+0x201/0x420 [ 618.245173][T12938] ? __pfx___sys_sendmmsg+0x10/0x10 [ 618.245217][T12938] ? __pfx_do_futex+0x10/0x10 [ 618.245256][T12938] ? xfd_validate_state+0x5d/0x180 [ 618.245288][T12938] ? rcu_is_watching+0x12/0xc0 [ 618.245317][T12938] __x64_sys_sendmmsg+0x9c/0x100 [ 618.245353][T12938] ? lockdep_hardirqs_on+0x7c/0x110 [ 618.245383][T12938] do_syscall_64+0xcd/0x250 [ 618.245417][T12938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.245449][T12938] RIP: 0033:0x7f684b18d169 [ 618.245467][T12938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 618.245490][T12938] RSP: 002b:00007f684c075038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 618.245511][T12938] RAX: ffffffffffffffda RBX: 00007f684b3a5fa0 RCX: 00007f684b18d169 [ 618.245526][T12938] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 618.245540][T12938] RBP: 00007f684b20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 618.245554][T12938] R10: 0000000007fffffe R11: 0000000000000246 R12: 0000000000000000 [ 618.245567][T12938] R13: 0000000000000000 R14: 00007f684b3a5fa0 R15: 00007ffe048defc8 [ 618.245595][T12938] [ 618.690882][T12943] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1725'. [ 619.154704][T12938] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 619.222296][T12948] sctp: [Deprecated]: syz.1.1727 (pid 12948) Use of struct sctp_assoc_value in delayed_ack socket option. [ 619.222296][T12948] Use struct sctp_sack_info instead [ 619.241348][T12938] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 619.271743][T12938] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 619.320806][T12938] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 619.404885][T12938] CPU0 is offline. [ 620.405234][T12963] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1730'. [ 621.014749][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 621.257479][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 621.334990][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 621.341065][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 621.665127][T12981] can: request_module (can-proto-0) failed. [ 622.335020][T12999] netlink: 130 bytes leftover after parsing attributes in process `syz.0.1739'. [ 622.751388][T12999] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 626.489123][T13036] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 626.554777][T13036] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 626.662862][T13036] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 626.730815][T13036] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 626.740838][T13063] bond0: option all_slaves_active: invalid value (8) [ 626.796465][T13036] CPU0 is offline. [ 626.801843][T13063] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1754'. [ 627.371344][T13071] FAULT_INJECTION: forcing a failure. [ 627.371344][T13071] name failslab, interval 1, probability 0, space 0, times 0 [ 627.501985][T13071] CPU: 1 UID: 0 PID: 13071 Comm: syz.0.1757 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 627.502020][T13071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 627.502034][T13071] Call Trace: [ 627.502041][T13071] [ 627.502050][T13071] dump_stack_lvl+0x16c/0x1f0 [ 627.502087][T13071] should_fail_ex+0x50a/0x650 [ 627.502109][T13071] ? fs_reclaim_acquire+0xae/0x150 [ 627.502141][T13071] ? tomoyo_encode2+0x100/0x3e0 [ 627.502173][T13071] should_failslab+0xc2/0x120 [ 627.502196][T13071] __kmalloc_noprof+0xcb/0x510 [ 627.502230][T13071] ? d_absolute_path+0x137/0x1b0 [ 627.502259][T13071] tomoyo_encode2+0x100/0x3e0 [ 627.502295][T13071] tomoyo_encode+0x29/0x50 [ 627.502327][T13071] tomoyo_realpath_from_path+0x19d/0x720 [ 627.502368][T13071] tomoyo_check_open_permission+0x2ad/0x3c0 [ 627.502399][T13071] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 627.502454][T13071] ? __pfx_hook_file_open+0x10/0x10 [ 627.502483][T13071] ? lock_acquire+0x2f/0xb0 [ 627.502514][T13071] ? mnt_get_write_access+0x6a/0x300 [ 627.502542][T13071] tomoyo_file_open+0x6b/0x90 [ 627.502565][T13071] security_file_open+0x84/0x1e0 [ 627.502597][T13071] do_dentry_open+0x57c/0x1c40 [ 627.502634][T13071] ? inode_permission+0xdd/0x5f0 [ 627.502662][T13071] vfs_open+0x82/0x3f0 [ 627.502684][T13071] ? may_open+0x1f2/0x400 [ 627.502713][T13071] path_openat+0x1e88/0x2d80 [ 627.502757][T13071] ? __pfx_path_openat+0x10/0x10 [ 627.502792][T13071] ? __pfx___lock_acquire+0x10/0x10 [ 627.502823][T13071] ? lock_acquire.part.0+0x11b/0x380 [ 627.502855][T13071] ? find_held_lock+0x2d/0x110 [ 627.502883][T13071] do_filp_open+0x20c/0x470 [ 627.502917][T13071] ? __pfx_do_filp_open+0x10/0x10 [ 627.502950][T13071] ? find_held_lock+0x2d/0x110 [ 627.503001][T13071] ? alloc_fd+0x41f/0x760 [ 627.503042][T13071] do_sys_openat2+0x17a/0x1e0 [ 627.503068][T13071] ? __pfx_do_sys_openat2+0x10/0x10 [ 627.503091][T13071] ? lock_acquire+0x2f/0xb0 [ 627.503133][T13071] __x64_sys_openat+0x175/0x210 [ 627.503159][T13071] ? __pfx___x64_sys_openat+0x10/0x10 [ 627.503196][T13071] do_syscall_64+0xcd/0x250 [ 627.503231][T13071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 627.503264][T13071] RIP: 0033:0x7f6393b8d169 [ 627.503282][T13071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 627.503305][T13071] RSP: 002b:00007f6394986038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 627.503327][T13071] RAX: ffffffffffffffda RBX: 00007f6393da5fa0 RCX: 00007f6393b8d169 [ 627.503342][T13071] RDX: 0000000000124001 RSI: 0000400000000040 RDI: ffffffffffffff9c [ 627.503357][T13071] RBP: 00007f6393c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 627.503371][T13071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 627.503386][T13071] R13: 0000000000000000 R14: 00007f6393da5fa0 R15: 00007ffe437c4258 [ 627.503414][T13071] [ 627.503434][T13071] ERROR: Out of memory at tomoyo_realpath_from_path. [ 627.828620][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 628.225795][T13077] misc userio: No port type given on /dev/userio [ 628.298307][T13079] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1760'. [ 628.614667][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 628.712532][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 628.774840][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 629.835224][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.841567][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.808969][T13088] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 630.841479][T13088] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 630.904821][T13088] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 630.973567][T13088] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 631.060811][T13088] CPU0 is offline. [ 631.127574][T13103] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1765'. [ 631.974701][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 632.855096][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 632.934877][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 633.014873][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 633.234002][T13115] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 634.216810][T13175] netlink: 12904 bytes leftover after parsing attributes in process `syz.1.1784'. [ 635.933659][T13222] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.1795'. [ 636.035159][T13230] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1797'. [ 636.047990][T13225] Invalid ELF header magic: != ELF [ 636.076752][T13224] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1794'. [ 636.592815][T13241] FAULT_INJECTION: forcing a failure. [ 636.592815][T13241] name failslab, interval 1, probability 0, space 0, times 0 [ 636.648784][T13241] CPU: 1 UID: 0 PID: 13241 Comm: syz.2.1798 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 636.648813][T13241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 636.648827][T13241] Call Trace: [ 636.648834][T13241] [ 636.648843][T13241] dump_stack_lvl+0x16c/0x1f0 [ 636.648879][T13241] should_fail_ex+0x50a/0x650 [ 636.648901][T13241] ? fs_reclaim_acquire+0xae/0x150 [ 636.648934][T13241] should_failslab+0xc2/0x120 [ 636.648957][T13241] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 636.648995][T13241] ? mempool_init_node+0x31e/0x760 [ 636.649034][T13241] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 636.649071][T13241] mempool_init_node+0x31e/0x760 [ 636.649112][T13241] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 636.649147][T13241] ? __pfx_mempool_free_slab+0x10/0x10 [ 636.649182][T13241] mempool_init_noprof+0x3a/0x50 [ 636.649221][T13241] bioset_init+0x37b/0x880 [ 636.649260][T13241] ? __pfx_bioset_init+0x10/0x10 [ 636.649314][T13241] __alloc_disk_node+0x81/0x610 [ 636.649343][T13241] ? blk_alloc_queue+0x1a3/0x700 [ 636.649371][T13241] __blk_alloc_disk+0xd8/0x170 [ 636.649401][T13241] ? __pfx___blk_alloc_disk+0x10/0x10 [ 636.649456][T13241] ? __pfx_idr_alloc+0x10/0x10 [ 636.649488][T13241] ? __raw_spin_lock_init+0x3a/0x110 [ 636.649530][T13241] ? __pfx_hot_add_show+0x10/0x10 [ 636.649570][T13241] zram_add+0x160/0x6b0 [ 636.649603][T13241] ? __pfx_zram_add+0x10/0x10 [ 636.649655][T13241] ? __pfx_hot_add_show+0x10/0x10 [ 636.649697][T13241] ? __pfx_hot_add_show+0x10/0x10 [ 636.649731][T13241] hot_add_show+0x21/0x80 [ 636.649765][T13241] class_attr_show+0x6f/0xa0 [ 636.649798][T13241] ? __pfx_class_attr_show+0x10/0x10 [ 636.649829][T13241] sysfs_kf_seq_show+0x23e/0x410 [ 636.649864][T13241] seq_read_iter+0x4f4/0x12b0 [ 636.649907][T13241] kernfs_fop_read_iter+0x414/0x580 [ 636.649932][T13241] ? rw_verify_area+0xcf/0x680 [ 636.649964][T13241] vfs_read+0x886/0xbf0 [ 636.650001][T13241] ? __pfx_vfs_read+0x10/0x10 [ 636.650052][T13241] ksys_read+0x12b/0x250 [ 636.650083][T13241] ? __pfx_ksys_read+0x10/0x10 [ 636.650124][T13241] do_syscall_64+0xcd/0x250 [ 636.650159][T13241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 636.650191][T13241] RIP: 0033:0x7f684b18d169 [ 636.650210][T13241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 636.650233][T13241] RSP: 002b:00007f684c075038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 636.650255][T13241] RAX: ffffffffffffffda RBX: 00007f684b3a5fa0 RCX: 00007f684b18d169 [ 636.650270][T13241] RDX: 0000000000001000 RSI: 0000400000000ec0 RDI: 0000000000000008 [ 636.650284][T13241] RBP: 00007f684b20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 636.650298][T13241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 636.650312][T13241] R13: 0000000000000000 R14: 00007f684b3a5fa0 R15: 00007ffe048defc8 [ 636.650342][T13241] [ 637.654721][T13241] zram: Error allocating disk structure for device 1 [ 638.070700][T13257] FAULT_INJECTION: forcing a failure. [ 638.070700][T13257] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 638.120773][T13257] CPU: 1 UID: 0 PID: 13257 Comm: syz.1.1802 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 638.120811][T13257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 638.120825][T13257] Call Trace: [ 638.120832][T13257] [ 638.120840][T13257] dump_stack_lvl+0x16c/0x1f0 [ 638.120894][T13257] should_fail_ex+0x50a/0x650 [ 638.120919][T13257] _copy_from_user+0x2e/0xd0 [ 638.120945][T13257] sctp_setsockopt+0x2050/0xb810 [ 638.120988][T13257] ? __pfx_sctp_setsockopt+0x10/0x10 [ 638.121030][T13257] ? __pfx_aa_sk_perm+0x10/0x10 [ 638.121062][T13257] ? sock_common_setsockopt+0x2e/0xf0 [ 638.121089][T13257] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 638.121116][T13257] do_sock_setsockopt+0x222/0x480 [ 638.121140][T13257] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 638.121166][T13257] ? lock_acquire+0x2f/0xb0 [ 638.121210][T13257] __sys_setsockopt+0x1a0/0x230 [ 638.121248][T13257] __x64_sys_setsockopt+0xbd/0x160 [ 638.121281][T13257] ? do_syscall_64+0x91/0x250 [ 638.121312][T13257] ? lockdep_hardirqs_on+0x7c/0x110 [ 638.121342][T13257] do_syscall_64+0xcd/0x250 [ 638.121375][T13257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.121407][T13257] RIP: 0033:0x7fb3baf8d169 [ 638.121425][T13257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 638.121447][T13257] RSP: 002b:00007fb3bbe12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 638.121468][T13257] RAX: ffffffffffffffda RBX: 00007fb3bb1a5fa0 RCX: 00007fb3baf8d169 [ 638.121483][T13257] RDX: 0000000000000019 RSI: 0000010000000084 RDI: 0000000000000003 [ 638.121497][T13257] RBP: 00007fb3bbe12090 R08: 0000000000000008 R09: 0000000000000000 [ 638.121511][T13257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 638.121524][T13257] R13: 0000000000000000 R14: 00007fb3bb1a5fa0 R15: 00007ffd8245b3c8 [ 638.121550][T13257] [ 638.630094][T13272] openvswitch: netlink: IP tunnel dst address not specified [ 639.257616][T13284] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1809'. [ 639.675349][T13292] netlink: 'syz.3.1812': attribute type 6 has an invalid length. [ 640.139222][T13294] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1810'. [ 640.225488][T13294] hsr0: left allmulticast mode [ 640.337646][T13304] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1816'. [ 640.364997][T13294] hsr_slave_0: left allmulticast mode [ 640.972628][T13294] hsr_slave_1: left allmulticast mode [ 641.069651][T13294] hsr0: left promiscuous mode [ 641.134764][T13294] bridge0: port 3(hsr0) entered disabled state [ 641.215343][T13294] bridge_slave_1: left allmulticast mode [ 641.232213][T13314] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 641.251177][T13294] bridge_slave_1: left promiscuous mode [ 641.324719][T13294] bridge0: port 2(bridge_slave_1) entered disabled state [ 641.377670][T13294] bridge_slave_0: left allmulticast mode [ 641.429660][T13294] bridge_slave_0: left promiscuous mode [ 641.577341][T13294] bridge0: port 1(bridge_slave_0) entered disabled state [ 642.251342][T13324] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1822'. [ 645.007834][T13376] QAT: Stopping all acceleration devices. [ 645.395753][T13386] warn_alloc: 1 callbacks suppressed [ 645.395770][T13386] syz.0.1841: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 645.556373][T13386] CPU: 1 UID: 0 PID: 13386 Comm: syz.0.1841 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 645.556406][T13386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 645.556421][T13386] Call Trace: [ 645.556428][T13386] [ 645.556437][T13386] dump_stack_lvl+0x16c/0x1f0 [ 645.556473][T13386] warn_alloc+0x24d/0x3a0 [ 645.556511][T13386] ? __pfx_warn_alloc+0x10/0x10 [ 645.556553][T13386] ? lock_acquire.part.0+0x11b/0x380 [ 645.556598][T13386] __vmalloc_node_range_noprof+0x10dc/0x1530 [ 645.556633][T13386] ? rcu_is_watching+0x12/0xc0 [ 645.556657][T13386] ? trace_contention_end+0xee/0x140 [ 645.556693][T13386] ? __mutex_lock+0x1cc/0xb10 [ 645.556724][T13386] ? tomoyo_path_number_perm+0x46d/0x590 [ 645.556752][T13386] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 645.556784][T13386] ? dvb_dvr_do_ioctl+0x7e/0x290 [ 645.556816][T13386] ? __pfx___mutex_lock+0x10/0x10 [ 645.556848][T13386] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 645.556881][T13386] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 645.556913][T13386] ? do_vfs_ioctl+0x513/0x1990 [ 645.556942][T13386] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 645.556974][T13386] vmalloc_noprof+0x6b/0x90 [ 645.557010][T13386] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 645.557040][T13386] dvb_dvr_do_ioctl+0x15d/0x290 [ 645.557075][T13386] dvb_usercopy+0x165/0x320 [ 645.557103][T13386] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 645.557136][T13386] ? __pfx_dvb_usercopy+0x10/0x10 [ 645.557163][T13386] ? __pfx_lock_release+0x10/0x10 [ 645.557206][T13386] ? __fget_files+0x206/0x3a0 [ 645.557245][T13386] dvb_dvr_ioctl+0x29/0x40 [ 645.557273][T13386] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 645.557303][T13386] __x64_sys_ioctl+0x190/0x200 [ 645.557334][T13386] do_syscall_64+0xcd/0x250 [ 645.557374][T13386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 645.557408][T13386] RIP: 0033:0x7f6393b8d169 [ 645.557426][T13386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 645.557449][T13386] RSP: 002b:00007f6394965038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 645.557471][T13386] RAX: ffffffffffffffda RBX: 00007f6393da6080 RCX: 00007f6393b8d169 [ 645.557486][T13386] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 000000000000000e [ 645.557500][T13386] RBP: 00007f6393c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 645.557514][T13386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 645.557528][T13386] R13: 0000000000000000 R14: 00007f6393da6080 R15: 00007ffe437c4258 [ 645.557555][T13386] [ 645.557627][T13386] Mem-Info: [ 646.844776][T13404] netlink: 'syz.3.1846': attribute type 19 has an invalid length. [ 646.936008][T13404] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1846'. [ 646.947468][T13386] active_anon:29580 inactive_anon:1 isolated_anon:0 [ 646.947468][T13386] active_file:8357 inactive_file:49698 isolated_file:0 [ 646.947468][T13386] unevictable:246 dirty:716 writeback:0 [ 646.947468][T13386] slab_reclaimable:10937 slab_unreclaimable:95764 [ 646.947468][T13386] mapped:35354 shmem:19931 pagetables:974 [ 646.947468][T13386] sec_pagetables:0 bounce:0 [ 646.947468][T13386] kernel_misc_reclaimable:0 [ 646.947468][T13386] free:1311259 free_pcp:245 free_cma:0 [ 647.195530][T13386] Node 0 active_anon:78460kB inactive_anon:4kB active_file:33428kB inactive_file:198796kB unevictable:492kB isolated(anon):0kB isolated(file):0kB mapped:121144kB dirty:2884kB writeback:0kB shmem:36172kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10736kB pagetables:4000kB sec_pagetables:0kB all_unreclaimable? no [ 647.359543][T13386] Node 1 active_anon:48044kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:492kB isolated(anon):0kB isolated(file):0kB mapped:23468kB dirty:0kB writeback:0kB shmem:48536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:44kB sec_pagetables:0kB all_unreclaimable? no [ 647.415675][T13414] random: crng reseeded on system resumption [ 647.491601][T13416] netlink: 'syz.3.1849': attribute type 4 has an invalid length. [ 647.509972][T13386] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 647.634658][T13386] lowmem_reserve[]: 0 2487 2487 2487 2487 [ 647.650786][T13386] Node 0 DMA32 free:1351664kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:84952kB inactive_anon:4kB active_file:33428kB inactive_file:198708kB unevictable:492kB writepending:2884kB present:3129332kB managed:2547512kB mlocked:0kB bounce:0kB free_pcp:8992kB local_pcp:8992kB free_cma:0kB [ 647.804660][T13386] lowmem_reserve[]: 0 0 0 0 0 [ 647.809530][T13386] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:88kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 647.938408][T13386] lowmem_reserve[]: 0 0 0 0 0 [ 647.958622][T13386] Node 1 Normal free:3846740kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:50384kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:492kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:4708kB local_pcp:4708kB free_cma:0kB [ 648.091005][T13386] lowmem_reserve[]: 0 0 0 0 0 [ 648.110561][T13386] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 648.194613][T13386] Node 0 DMA32: 26*4kB (UME) 1242*8kB (UME) 2798*16kB (UM) 1991*32kB (UME) 1795*64kB (UME) 1103*128kB (UME) 535*256kB (UM) 216*512kB (UME) 68*1024kB (UME) 13*2048kB (UME) 154*4096kB (UME) = 1349176kB [ 648.292532][T13386] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 648.346708][T13386] Node 1 Normal: 173*4kB (UME) 76*8kB (UE) 46*16kB (UM) 249*32kB (U) 109*64kB (UE) 36*128kB (UME) 14*256kB (UE) 8*512kB (UME) 0*1024kB 2*2048kB (ME) 931*4096kB (UM) = 3846740kB [ 648.423074][T13386] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 648.494931][T13386] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 648.524665][T13386] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 648.566563][T13386] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 648.604928][T13386] 85126 total pagecache pages [ 648.618675][T13386] 325 pages in swap cache [ 648.654782][T13386] Free swap = 122980kB [ 648.659177][T13386] Total swap = 124996kB [ 648.681954][T13386] 2097051 pages RAM [ 648.696230][T13386] 0 pages HighMem/MovableOnly [ 648.714928][T13386] 428515 pages reserved [ 648.734625][T13386] 0 pages cma reserved [ 651.520211][T13457] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 651.665472][T13457] FAULT_INJECTION: forcing a failure. [ 651.665472][T13457] name failslab, interval 1, probability 0, space 0, times 0 [ 651.746931][T13461] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1861'. [ 651.785236][T13457] CPU: 1 UID: 0 PID: 13457 Comm: syz.0.1861 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 651.785270][T13457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 651.785285][T13457] Call Trace: [ 651.785291][T13457] [ 651.785300][T13457] dump_stack_lvl+0x16c/0x1f0 [ 651.785337][T13457] should_fail_ex+0x50a/0x650 [ 651.785359][T13457] ? fs_reclaim_acquire+0xae/0x150 [ 651.785391][T13457] ? tracepoint_add_func+0x2a9/0xeb0 [ 651.785427][T13457] should_failslab+0xc2/0x120 [ 651.785450][T13457] __kmalloc_noprof+0xcb/0x510 [ 651.785489][T13457] ? __pfx_blk_add_trace_rq_complete+0x10/0x10 [ 651.785519][T13457] tracepoint_add_func+0x2a9/0xeb0 [ 651.785554][T13457] ? __pfx_blk_add_trace_rq_complete+0x10/0x10 [ 651.785589][T13457] ? __pfx_blk_add_trace_rq_complete+0x10/0x10 [ 651.785618][T13457] tracepoint_probe_register+0xc0/0x110 [ 651.785657][T13457] ? __pfx_tracepoint_probe_register+0x10/0x10 [ 651.785695][T13457] ? __pfx_blk_add_trace_rq_complete+0x10/0x10 [ 651.785725][T13457] ? relay_open+0x62e/0xad0 [ 651.785760][T13457] blk_register_tracepoints+0xcf/0x3c0 [ 651.785798][T13457] do_blk_trace_setup+0x933/0xb50 [ 651.785827][T13457] blk_trace_setup+0xee/0x1b0 [ 651.785852][T13457] ? __pfx_blk_trace_setup+0x10/0x10 [ 651.785877][T13457] ? __pfx_snprintf+0x10/0x10 [ 651.785921][T13457] blk_trace_ioctl+0x147/0x280 [ 651.785948][T13457] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 651.785978][T13457] ? trace_lock_acquire+0x14e/0x1f0 [ 651.786012][T13457] blkdev_ioctl+0x109/0x6d0 [ 651.786043][T13457] ? __pfx_blkdev_ioctl+0x10/0x10 [ 651.786065][T13457] ? __fget_files+0x206/0x3a0 [ 651.786104][T13457] ? __pfx_blkdev_ioctl+0x10/0x10 [ 651.786129][T13457] __x64_sys_ioctl+0x190/0x200 [ 651.786160][T13457] do_syscall_64+0xcd/0x250 [ 651.786195][T13457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.786229][T13457] RIP: 0033:0x7f6393b8d169 [ 651.786247][T13457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 651.786270][T13457] RSP: 002b:00007f6394986038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 651.786291][T13457] RAX: ffffffffffffffda RBX: 00007f6393da5fa0 RCX: 00007f6393b8d169 [ 651.786307][T13457] RDX: 0000400000000180 RSI: 00000000c0481273 RDI: 0000000000000005 [ 651.786321][T13457] RBP: 00007f6393c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 651.786335][T13457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 651.786348][T13457] R13: 0000000000000000 R14: 00007f6393da5fa0 R15: 00007ffe437c4258 [ 651.786377][T13457] [ 651.786533][T13457] ------------[ cut here ]------------ [ 652.047854][T13457] WARNING: CPU: 1 PID: 13457 at kernel/trace/blktrace.c:1091 blk_register_tracepoints+0x315/0x3c0 [ 652.058639][T13457] Modules linked in: [ 652.062551][T13457] CPU: 1 UID: 0 PID: 13457 Comm: syz.0.1861 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 652.073394][T13457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 652.083556][T13457] RIP: 0010:blk_register_tracepoints+0x315/0x3c0 [ 652.089964][T13457] Code: 0f 0b 90 e9 68 fd ff ff e8 e8 30 f8 ff 90 0f 0b 90 e9 87 fd ff ff e8 da 30 f8 ff 90 0f 0b 90 e9 a6 fd ff ff e8 cc 30 f8 ff 90 <0f> 0b 90 e9 c5 fd ff ff e8 be 30 f8 ff 90 0f 0b 90 e9 e4 fd ff ff [ 652.110020][T13457] RSP: 0018:ffffc9000c467c28 EFLAGS: 00010287 [ 652.116447][T13457] RAX: 00000000000379b2 RBX: 00000000fffffff4 RCX: ffffc90004cd2000 [ 652.124442][T13457] RDX: 0000000000080000 RSI: ffffffff81c1c0f4 RDI: 0000000000000005 [ 652.132492][T13457] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 652.140560][T13457] R10: 00000000fffffff4 R11: 0000000000000000 R12: 00000000000000ff [ 652.148581][T13457] R13: 0000000000002000 R14: ffff88814333c050 R15: ffffc9000c467cf4 [ 652.156595][T13457] FS: 00007f63949866c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 652.165799][T13457] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 652.172426][T13457] CR2: 0000001b305fcff8 CR3: 0000000047804000 CR4: 00000000003526f0 [ 652.180461][T13457] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 652.188519][T13457] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 652.196538][T13457] Call Trace: [ 652.199829][T13457] [ 652.203110][T13457] ? __warn+0xea/0x3c0 [ 652.207432][T13457] ? blk_register_tracepoints+0x315/0x3c0 [ 652.213195][T13457] ? report_bug+0x3c0/0x580 [ 652.217954][T13457] ? handle_bug+0x54/0xa0 [ 652.222317][T13457] ? exc_invalid_op+0x17/0x50 [ 652.227099][T13457] ? asm_exc_invalid_op+0x1a/0x20 [ 652.232160][T13457] ? blk_register_tracepoints+0x314/0x3c0 [ 652.237962][T13457] ? blk_register_tracepoints+0x315/0x3c0 [ 652.243744][T13457] ? blk_register_tracepoints+0x314/0x3c0 [ 652.249552][T13457] do_blk_trace_setup+0x933/0xb50 [ 652.254628][T13457] blk_trace_setup+0xee/0x1b0 [ 652.259356][T13457] ? __pfx_blk_trace_setup+0x10/0x10 [ 652.264706][T13457] ? __pfx_snprintf+0x10/0x10 [ 652.269456][T13457] blk_trace_ioctl+0x147/0x280 [ 652.274243][T13457] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 652.279623][T13457] ? trace_lock_acquire+0x14e/0x1f0 [ 652.284891][T13457] blkdev_ioctl+0x109/0x6d0 [ 652.289415][T13457] ? __pfx_blkdev_ioctl+0x10/0x10 [ 652.294456][T13457] ? __fget_files+0x206/0x3a0 [ 652.299297][T13457] ? __pfx_blkdev_ioctl+0x10/0x10 [ 652.304720][T13457] __x64_sys_ioctl+0x190/0x200 [ 652.309522][T13457] do_syscall_64+0xcd/0x250 [ 652.314061][T13457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.320226][T13457] RIP: 0033:0x7f6393b8d169 [ 652.324693][T13457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 652.344404][T13457] RSP: 002b:00007f6394986038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 652.352977][T13457] RAX: ffffffffffffffda RBX: 00007f6393da5fa0 RCX: 00007f6393b8d169 [ 652.361020][T13457] RDX: 0000400000000180 RSI: 00000000c0481273 RDI: 0000000000000005 [ 652.369039][T13457] RBP: 00007f6393c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 652.377149][T13457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 652.385182][T13457] R13: 0000000000000000 R14: 00007f6393da5fa0 R15: 00007ffe437c4258 [ 652.393183][T13457] [ 652.396267][T13457] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 652.403556][T13457] CPU: 1 UID: 0 PID: 13457 Comm: syz.0.1861 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 [ 652.414359][T13457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 652.424428][T13457] Call Trace: [ 652.427714][T13457] [ 652.430657][T13457] dump_stack_lvl+0x3d/0x1f0 [ 652.435273][T13457] panic+0x71d/0x800 [ 652.439186][T13457] ? __pfx_panic+0x10/0x10 [ 652.443619][T13457] ? show_trace_log_lvl+0x29d/0x3d0 [ 652.448854][T13457] ? blk_register_tracepoints+0x315/0x3c0 [ 652.454623][T13457] check_panic_on_warn+0xab/0xb0 [ 652.459589][T13457] __warn+0xf6/0x3c0 [ 652.463501][T13457] ? blk_register_tracepoints+0x315/0x3c0 [ 652.469249][T13457] report_bug+0x3c0/0x580 [ 652.473603][T13457] handle_bug+0x54/0xa0 [ 652.477783][T13457] exc_invalid_op+0x17/0x50 [ 652.482317][T13457] asm_exc_invalid_op+0x1a/0x20 [ 652.487192][T13457] RIP: 0010:blk_register_tracepoints+0x315/0x3c0 [ 652.493554][T13457] Code: 0f 0b 90 e9 68 fd ff ff e8 e8 30 f8 ff 90 0f 0b 90 e9 87 fd ff ff e8 da 30 f8 ff 90 0f 0b 90 e9 a6 fd ff ff e8 cc 30 f8 ff 90 <0f> 0b 90 e9 c5 fd ff ff e8 be 30 f8 ff 90 0f 0b 90 e9 e4 fd ff ff [ 652.513186][T13457] RSP: 0018:ffffc9000c467c28 EFLAGS: 00010287 [ 652.519270][T13457] RAX: 00000000000379b2 RBX: 00000000fffffff4 RCX: ffffc90004cd2000 [ 652.527251][T13457] RDX: 0000000000080000 RSI: ffffffff81c1c0f4 RDI: 0000000000000005 [ 652.535233][T13457] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 652.543214][T13457] R10: 00000000fffffff4 R11: 0000000000000000 R12: 00000000000000ff [ 652.551196][T13457] R13: 0000000000002000 R14: ffff88814333c050 R15: ffffc9000c467cf4 [ 652.559185][T13457] ? blk_register_tracepoints+0x314/0x3c0 [ 652.564942][T13457] ? blk_register_tracepoints+0x314/0x3c0 [ 652.570690][T13457] do_blk_trace_setup+0x933/0xb50 [ 652.575748][T13457] blk_trace_setup+0xee/0x1b0 [ 652.580444][T13457] ? __pfx_blk_trace_setup+0x10/0x10 [ 652.585748][T13457] ? __pfx_snprintf+0x10/0x10 [ 652.590461][T13457] blk_trace_ioctl+0x147/0x280 [ 652.595247][T13457] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 652.600575][T13457] ? trace_lock_acquire+0x14e/0x1f0 [ 652.605805][T13457] blkdev_ioctl+0x109/0x6d0 [ 652.610350][T13457] ? __pfx_blkdev_ioctl+0x10/0x10 [ 652.615414][T13457] ? __fget_files+0x206/0x3a0 [ 652.620123][T13457] ? __pfx_blkdev_ioctl+0x10/0x10 [ 652.625164][T13457] __x64_sys_ioctl+0x190/0x200 [ 652.629951][T13457] do_syscall_64+0xcd/0x250 [ 652.634480][T13457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.640400][T13457] RIP: 0033:0x7f6393b8d169 [ 652.644828][T13457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 652.664453][T13457] RSP: 002b:00007f6394986038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 652.672971][T13457] RAX: ffffffffffffffda RBX: 00007f6393da5fa0 RCX: 00007f6393b8d169 [ 652.680954][T13457] RDX: 0000400000000180 RSI: 00000000c0481273 RDI: 0000000000000005 [ 652.688957][T13457] RBP: 00007f6393c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 652.696983][T13457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 652.704970][T13457] R13: 0000000000000000 R14: 00007f6393da5fa0 R15: 00007ffe437c4258 [ 652.712986][T13457] [ 652.716077][T13457] Kernel Offset: disabled [ 652.720511][T13457] Rebooting in 86400 seconds..