last executing test programs:
7.019360544s ago: executing program 3 (id=443):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff)
r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x514)
sendmsg$auto_BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, 0x0, 0x800)
write$auto(r0, 0x0, 0xfffffdf1)
linkat$auto(r0, 0x0, 0xffffffffffffff9c, 0x0, 0x1000)
r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x101901, 0x0)
ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000100)={'\x00', 0xffff, 0x6, 0x2, 0x9b4, 0x1, "000bfffffe00", "010000dd", "0400", "00000001", ["00000f0008b330ac007abfc1", "70d900001100", "0800000000000000000000ec", "0084ff240300"]})
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x7, 0x2)
mincore$auto(0x1000, 0x4000000, 0x0)
5.657300456s ago: executing program 3 (id=452):
unshare$auto(0x40000080)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2ab42, 0x0)
sendmsg$auto_NL80211_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x80)
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
madvise$auto(0x0, 0x200007, 0x19)
syz_genetlink_get_family_id$auto_nfc(0x0, 0xffffffffffffffff)
sendmsg$auto_NFC_CMD_GET_SE(0xffffffffffffffff, 0x0, 0x4004810)
inotify_init1$auto(0x3000000000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r0)
sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_CABLE_TEST_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40480c0}, 0x80)
5.23176035s ago: executing program 3 (id=454):
openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec4\x00', 0x800, 0x0)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x2a742, 0x0)
mmap$auto(0x0, 0x10000, 0xde, 0x11, r0, 0x28000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
syz_genetlink_get_family_id$auto_ioam6(0x0, 0xffffffffffffffff)
sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(0xffffffffffffffff, 0x0, 0x808)
r1 = ioctl$auto_TIOCGPTPEER2(0xffffffffffffffff, 0x5441, 0x0)
mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x12, r1, 0x2)
getrlimit$auto(0x4, 0x0)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
ioctl$auto_BLKZEROOUT(r2, 0x127f, 0x0)
5.003767027s ago: executing program 1 (id=455):
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4)
remap_file_pages$auto(0x0, 0xf3a4, 0x0, 0x5, 0x15)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
write$auto(r0, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587)
ioctl$auto_SG_SET_RESERVED_SIZE2(r0, 0x2275, 0x0)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x4000010)
socket(0x2, 0xa, 0x5)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1c0b02, 0x0)
4.119574912s ago: executing program 1 (id=461):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
read$auto(r0, 0x0, 0x39b8)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f00000000c0), 0x141401, 0x0)
clock_adjtime$auto(0xfffffffffffffffb, 0x0)
3.978355236s ago: executing program 3 (id=462):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pidfd_open$auto(0x1, 0x0)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
lstat$auto(0x0, &(0x7f0000000180)={0x0, 0x9, 0x6, 0x63, 0x0, 0xee01, 0x0, 0x8, 0x1ff, 0x40000002, 0x40000402, 0x9, 0x9, 0x2, 0x9, 0x6, 0x200000100103})
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4)
r0 = socket(0x10, 0x2, 0x6)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
3.680631427s ago: executing program 1 (id=464):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
setresuid$auto(0x0, 0x0, 0x0)
r0 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0)
ppoll$auto(&(0x7f0000000040)={r0, 0x9, 0x5}, 0x9, 0x0, 0x0, 0x8)
sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040055}, 0x8004)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r1, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6)
listmount$auto(0x0, 0x0, 0xa, 0xffffffff)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0)
3.484599425s ago: executing program 3 (id=466):
openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/current_tracer\x00', 0x1, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
bind$auto(0xffffffffffffffff, &(0x7f0000000100)=@in={0x2, 0x3, @remote}, 0x69)
socket(0x2, 0x5, 0x0)
bind$auto(0x3, &(0x7f0000000240)=@l2={0x1f, 0x3ff, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x8, 0x9fee651b8ed19f54}, 0x6a)
setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x8)
unshare$auto(0x40000080)
r0 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0)
readv$auto(r0, &(0x7f0000000680)={0x0, 0x40200}, 0x3)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
madvise$auto(0x0, 0x2003f2, 0x15)
unshare$auto(0x20000)
3.140781647s ago: executing program 0 (id=468):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x8000, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
madvise$auto(0x0, 0xfffffffffffeffff, 0x15)
r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000)
unshare$auto(0x40000080)
r2 = openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
move_mount$auto(r2, 0x0, r1, 0x0, 0x9)
ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x68)
ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080))
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card1\x00', 0x22003, 0x0)
2.916651927s ago: executing program 2 (id=469):
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2401, 0x0)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/uts\x00')
r1 = seccomp$auto(0x9, 0x773, &(0x7f0000000340)="8783946f3c74658da3b8e39e9e3e52")
ioctl$auto_BLKTRACESTART(r1, 0x1274, 0x0)
ioctl$auto_FS_IOC_GET_ENCRYPTION_POLICY2(r1, 0x400c6615, &(0x7f00000003c0)={0x1, 0x2, 0xb7, 0x5, "7ac092a89e422c11"})
ioctl$NS_GET_PARENT(r0, 0xb701, 0x0)
r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000100), 0x100040, 0x0)
ioctl$auto_TUNSETVNETLE2(r2, 0x400454dc, &(0x7f0000000040)=0x3)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0)
sendfile$auto(r3, r3, 0x0, 0x1)
close_range$auto(0x2, 0xa, 0x0)
2.265024565s ago: executing program 2 (id=470):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002)
fanotify_init$auto(0x3, 0x2010000000000)
sysfs$auto(0x2, 0x1e, 0x0)
fsopen$auto(0x0, 0x1)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
socket(0x840000000002, 0x3, 0xff)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, 0x0, 0x55)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
read$auto(0xffffffffffffffff, &(0x7f0000000000)=',}`}($\x00', 0x9)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
2.009404941s ago: executing program 2 (id=471):
r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408)
setitimer$auto_ITIMER_REAL(0x0, 0x0, 0x0)
mmap$auto(0x0, 0x7, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0)
read$auto(r1, 0x0, 0x7)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/set_event_notrace_pid\x00', 0x102, 0x0)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r2, 0x0, 0x81)
ioctl$auto_XFS_IOC_PATH_TO_HANDLE(r0, 0xc0385869, &(0x7f00000005c0)={r1, 0x0, 0x3, 0x0, 0x40, 0x0, 0x0})
write$auto(0x3, 0x0, 0xfffffdef)
1.802751305s ago: executing program 3 (id=472):
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x0, 0x408)
r0 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/trace_clock\x00', 0x22282, 0x0)
syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
clock_nanosleep$auto(0xfffffff9, 0x200000, &(0x7f0000000040)={0x100000000, 0x9}, &(0x7f0000000000)={0xffffffffffffffff, 0xc})
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x14d27e, 0x56)
fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xfff)
writev$auto(r0, &(0x7f0000000300)={0x0, 0x9}, 0xb99)
connect$auto(0xffffffffffffffff, 0x0, 0x51)
socket$nl_generic(0x10, 0x3, 0x10)
unshare$auto(0x40000080)
1.652641367s ago: executing program 0 (id=473):
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/rpc/nfs4.idtoname/channel\x00', 0x8f3b7a51b80ebd01, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyr0\x00', 0x41, 0x0)
mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2c, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0x5405, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000180), 0xffffffffffffffff)
1.334459951s ago: executing program 0 (id=474):
mmap$auto(0x0, 0x40000a, 0x80000001, 0x9b72, 0x8000000000000003, 0x8000)
memfd_create$auto(0x0, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
sysfs$auto(0x2, 0x15, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x3, 0x2)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x35}}, 0x54)
connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55)
write$auto(0x3, 0x0, 0x800)
1.17614793s ago: executing program 1 (id=475):
mmap$auto(0x0, 0x9d90, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x9)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x23, 0x80805, 0x0)
fanotify_init$auto(0x5, 0x2000000000002)
pipe$auto(0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8, @ANYRES8=r1], 0x18}, 0x1, 0x2000, 0x0, 0x40010}, 0x80)
write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef)
1.087407561s ago: executing program 2 (id=476):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
r0 = socket(0x2, 0x5, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0x2, 0x1, 0x84)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8)
setsockopt$auto(0x3, 0x84, 0x17, 0x0, 0x27)
setsockopt$auto(0x3, 0x10000000084, 0x18, 0x0, 0x8)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311)
892.353395ms ago: executing program 0 (id=477):
semget$auto(0x0, 0x2e4a, 0x8000)
mkdir$auto(0x0, 0x8cd)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtdblock0\x00', 0x14fe02, 0x0)
socket(0xa, 0x1, 0x84)
pipe2$auto(0x0, 0x80)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8)
keyctl$auto_KEYCTL_GET_PERSISTENT(0x16, 0x0, 0x7fffffffffffffff, 0xffffffffffffe6d6, 0x2)
mmap$auto(0x0, 0x9, 0x7, 0x8000000008011, 0x3, 0x8000)
mprotect$auto(0x200000000000, 0x806122, 0xc)
sched_setscheduler$auto(0x0, 0x5, &(0x7f0000000040)={0x2})
ioprio_set$auto(0x2, 0x800000000, 0x8)
write$auto(0x3, 0x0, 0xfffffdef)
616.400765ms ago: executing program 1 (id=478):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x2102, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x2584, 0x0)
ioctl$auto(0x3, 0x40045542, 0xb551)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/midi2\x00', 0x103, 0x0)
r0 = setfsuid$auto(0xee00)
lremovexattr$auto(&(0x7f0000000040)='./file0\x00', 0x0)
rt_tgsigqueueinfo$auto_SIGCONT(0x0, 0x0, 0x12, &(0x7f0000000100)={@siginfo_0_0={0x4, 0x8001, 0x7fffffff, @_rt={0x0, r0, @sival_int=0x82}}})
close_range$auto(0x2, 0x8, 0x0)
499.128416ms ago: executing program 0 (id=479):
statmount$auto(0x0, 0x0, 0x9, 0xd)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x189002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
socket(0x1e, 0x4, 0x0)
io_uring_setup$auto(0x1, 0x0)
open(0x0, 0x161342, 0x100)
ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182b02, 0x0)
402.01559ms ago: executing program 2 (id=480):
mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
get_robust_list$auto(0x0, 0x0, 0x0)
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
open(&(0x7f0000000100)='.\x00', 0x40000, 0x0)
clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0)
landlock_add_rule$auto(r0, 0x1, 0x0, 0x0)
144.745831ms ago: executing program 0 (id=481):
prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2)
socket(0x25, 0xa, 0xebff)
socket(0xa, 0x1, 0x84)
capset$auto(0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x1bf8c0, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0)
writev$auto(r0, &(0x7f0000000100)={0x0, 0x9}, 0x2)
write$auto(r0, &(0x7f00000000c0)='7\x00\\\x1c\xe7k\x00\x00\x00\x00\x00\x00\x00\x00', 0x8083a)
26.706096ms ago: executing program 2 (id=482):
mmap$auto(0x0, 0x8, 0xfff, 0xeb2, 0x401, 0x8000)
r0 = open(&(0x7f0000000000)='./file0\x00', 0xaf44529eb48ad963, 0x17c)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket(0x2, 0x3, 0x6)
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
open(0x0, 0x8643, 0x15e)
ioctl$sock_SIOCGIFINDEX(r1, 0x401c5820, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x801c581f, 0x0)
0s ago: executing program 1 (id=483):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x59, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0xfffffdef)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000)
recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0)
ioctl$auto(0x3, 0x402c542b, 0x38)
ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0)
kernel console output (not intermixed with test programs):
no interfaces have a carrier
[ 81.631024][ T5289] 8021q: adding VLAN 0 to HW filter on device bond0
[ 81.662736][ T5289] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.241' (ED25519) to the list of known hosts.
syzkaller login: [ 107.016586][ T5614] cgroup: Unknown subsys name 'net'
[ 107.130374][ T5614] cgroup: Unknown subsys name 'cpuset'
[ 107.141156][ T5614] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 108.453646][ T29] cfg80211: failed to load regulatory.db
[ 109.062610][ T5614] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 111.028620][ T5626] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 111.040956][ T5626] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 111.052579][ T5626] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 111.066602][ T5626] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 111.082308][ T5626] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 111.105254][ T5630] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 111.118166][ T5630] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 111.129332][ T4945] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 111.151227][ T4945] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 111.162946][ T4945] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 111.208485][ T4945] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 111.223205][ T4945] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 111.237084][ T4945] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 111.254444][ T4945] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 111.268979][ T4945] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 111.294414][ T5631] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 111.314267][ T5631] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 111.328323][ T5631] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 111.342746][ T5631] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 111.355957][ T5631] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 112.925850][ T5628] bridge0: port 1(bridge_slave_0) entered blocking state
[ 112.938804][ T5628] bridge0: port 1(bridge_slave_0) entered disabled state
[ 112.949018][ T5628] bridge_slave_0: entered allmulticast mode
[ 112.958395][ T5628] bridge_slave_0: entered promiscuous mode
[ 113.010133][ T5628] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.020511][ T5628] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.030114][ T5628] bridge_slave_1: entered allmulticast mode
[ 113.039928][ T5628] bridge_slave_1: entered promiscuous mode
[ 113.144368][ T5628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 113.167687][ T4945] Bluetooth: hci0: command tx timeout
[ 113.218594][ T5628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 113.246883][ T4945] Bluetooth: hci1: command tx timeout
[ 113.327672][ T4945] Bluetooth: hci2: command tx timeout
[ 113.339886][ T5628] team0: Port device team_slave_0 added
[ 113.385263][ T5628] team0: Port device team_slave_1 added
[ 113.406674][ T4945] Bluetooth: hci3: command tx timeout
[ 113.495888][ T5628] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 113.510365][ T5628] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 113.543177][ T5628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 113.572510][ T5625] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.582293][ T5625] bridge0: port 1(bridge_slave_0) entered disabled state
[ 113.592968][ T5625] bridge_slave_0: entered allmulticast mode
[ 113.601922][ T5625] bridge_slave_0: entered promiscuous mode
[ 113.629588][ T5628] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 113.639139][ T5628] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 113.685241][ T5628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 113.721149][ T5625] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.733198][ T5625] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.745137][ T5625] bridge_slave_1: entered allmulticast mode
[ 113.758261][ T5625] bridge_slave_1: entered promiscuous mode
[ 113.818519][ T5632] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.828056][ T5632] bridge0: port 1(bridge_slave_0) entered disabled state
[ 113.839002][ T5632] bridge_slave_0: entered allmulticast mode
[ 113.849246][ T5632] bridge_slave_0: entered promiscuous mode
[ 113.902966][ T5632] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.914588][ T5632] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.925120][ T5632] bridge_slave_1: entered allmulticast mode
[ 113.934246][ T5632] bridge_slave_1: entered promiscuous mode
[ 113.962308][ T5625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 114.013997][ T5636] bridge0: port 1(bridge_slave_0) entered blocking state
[ 114.025483][ T5636] bridge0: port 1(bridge_slave_0) entered disabled state
[ 114.035456][ T5636] bridge_slave_0: entered allmulticast mode
[ 114.046884][ T5636] bridge_slave_0: entered promiscuous mode
[ 114.061364][ T5625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 114.079769][ T5628] hsr_slave_0: entered promiscuous mode
[ 114.089386][ T5628] hsr_slave_1: entered promiscuous mode
[ 114.109949][ T5636] bridge0: port 2(bridge_slave_1) entered blocking state
[ 114.121175][ T5636] bridge0: port 2(bridge_slave_1) entered disabled state
[ 114.131282][ T5636] bridge_slave_1: entered allmulticast mode
[ 114.141145][ T5636] bridge_slave_1: entered promiscuous mode
[ 114.183675][ T5632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 114.239908][ T5625] team0: Port device team_slave_0 added
[ 114.253932][ T5632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 114.285488][ T5636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 114.301766][ T5625] team0: Port device team_slave_1 added
[ 114.345897][ T5636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 114.406329][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 114.416996][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 114.456909][ T5625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 114.477736][ T5632] team0: Port device team_slave_0 added
[ 114.505737][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 114.515530][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 114.550969][ T5625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 114.581010][ T5632] team0: Port device team_slave_1 added
[ 114.597011][ T5636] team0: Port device team_slave_0 added
[ 114.609399][ T5636] team0: Port device team_slave_1 added
[ 114.711683][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 114.725084][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 114.764335][ T5636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 114.799291][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 114.811510][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 114.845859][ T5632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 114.882983][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 114.892274][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 114.927703][ T5636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 114.959097][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 114.968191][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 115.005826][ T5632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 115.027252][ T5625] hsr_slave_0: entered promiscuous mode
[ 115.035804][ T5625] hsr_slave_1: entered promiscuous mode
[ 115.047369][ T5625] debugfs: 'hsr0' already exists in 'hsr'
[ 115.055325][ T5625] Cannot create hsr debugfs directory
[ 115.229862][ T5636] hsr_slave_0: entered promiscuous mode
[ 115.239038][ T5636] hsr_slave_1: entered promiscuous mode
[ 115.247252][ T5636] debugfs: 'hsr0' already exists in 'hsr'
[ 115.254924][ T5636] Cannot create hsr debugfs directory
[ 115.262871][ T4945] Bluetooth: hci0: command tx timeout
[ 115.272274][ T5632] hsr_slave_0: entered promiscuous mode
[ 115.282752][ T5632] hsr_slave_1: entered promiscuous mode
[ 115.291740][ T5632] debugfs: 'hsr0' already exists in 'hsr'
[ 115.300334][ T5632] Cannot create hsr debugfs directory
[ 115.327008][ T4945] Bluetooth: hci1: command tx timeout
[ 115.406864][ T4945] Bluetooth: hci2: command tx timeout
[ 115.487364][ T4945] Bluetooth: hci3: command tx timeout
[ 115.572329][ T5628] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 115.588328][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 115.631336][ T5628] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 115.658798][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 115.721114][ T5628] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 115.738889][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 115.782966][ T5628] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 115.795521][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 115.987848][ T5625] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 116.005296][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 116.025663][ T5625] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 116.041933][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 116.052705][ T5625] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 116.068095][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 116.079043][ T5625] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 116.096040][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 116.227410][ T5636] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 116.241600][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 116.253823][ T5636] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 116.264905][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 116.274904][ T5636] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 116.291103][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 116.302853][ T5636] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 116.315812][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 116.451586][ T5632] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 116.469342][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 116.488636][ T5632] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 116.504416][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 116.523322][ T5632] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 116.541197][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 116.563002][ T5632] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 116.577666][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 116.593094][ T5628] 8021q: adding VLAN 0 to HW filter on device bond0
[ 116.681981][ T5628] 8021q: adding VLAN 0 to HW filter on device team0
[ 116.723711][ T57] bridge0: port 1(bridge_slave_0) entered blocking state
[ 116.733730][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 116.784563][ T3351] bridge0: port 2(bridge_slave_1) entered blocking state
[ 116.793415][ T3351] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 116.820793][ T5625] 8021q: adding VLAN 0 to HW filter on device bond0
[ 116.920259][ T5636] 8021q: adding VLAN 0 to HW filter on device bond0
[ 116.954486][ T5625] 8021q: adding VLAN 0 to HW filter on device team0
[ 116.999523][ T3371] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.009123][ T3371] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 117.030211][ T5636] 8021q: adding VLAN 0 to HW filter on device team0
[ 117.041880][ T57] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.050941][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 117.115984][ T3351] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.126803][ T3351] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 117.174580][ T5632] 8021q: adding VLAN 0 to HW filter on device bond0
[ 117.203175][ T3351] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.214023][ T3351] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 117.303607][ T5632] 8021q: adding VLAN 0 to HW filter on device team0
[ 117.328652][ T4945] Bluetooth: hci0: command tx timeout
[ 117.373335][ T3371] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.382662][ T3371] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 117.406727][ T4945] Bluetooth: hci1: command tx timeout
[ 117.426921][ T3371] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.441948][ T3371] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 117.486593][ T4945] Bluetooth: hci2: command tx timeout
[ 117.568876][ T4945] Bluetooth: hci3: command tx timeout
[ 118.484582][ T5628] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 118.683410][ T5628] veth0_vlan: entered promiscuous mode
[ 118.752379][ T5628] veth1_vlan: entered promiscuous mode
[ 118.855949][ T5625] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 118.894820][ T5636] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 118.963490][ T5628] veth0_macvtap: entered promiscuous mode
[ 119.020566][ T5628] veth1_macvtap: entered promiscuous mode
[ 119.137145][ T5636] veth0_vlan: entered promiscuous mode
[ 119.147382][ T5628] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 119.160003][ T5632] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 119.188755][ T5625] veth0_vlan: entered promiscuous mode
[ 119.211046][ T5628] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 119.233910][ T5636] veth1_vlan: entered promiscuous mode
[ 119.259320][ T5625] veth1_vlan: entered promiscuous mode
[ 119.268633][ T3351] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.281381][ T3351] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.304331][ T3351] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.316839][ T3351] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.404745][ T5632] veth0_vlan: entered promiscuous mode
[ 119.411499][ T4945] Bluetooth: hci0: command tx timeout
[ 119.484231][ T5632] veth1_vlan: entered promiscuous mode
[ 119.497305][ T4945] Bluetooth: hci1: command tx timeout
[ 119.524659][ T5636] veth0_macvtap: entered promiscuous mode
[ 119.565190][ T5625] veth0_macvtap: entered promiscuous mode
[ 119.572123][ T4945] Bluetooth: hci2: command tx timeout
[ 119.578765][ T5625] veth1_macvtap: entered promiscuous mode
[ 119.588387][ T5636] veth1_macvtap: entered promiscuous mode
[ 119.604586][ T1007] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.615195][ T1007] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.652486][ T4945] Bluetooth: hci3: command tx timeout
[ 119.695761][ T3351] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.696748][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 119.704124][ T3351] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.716161][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 119.731686][ T5632] veth0_macvtap: entered promiscuous mode
[ 119.750568][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 119.762709][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 119.786786][ T5632] veth1_macvtap: entered promiscuous mode
[ 119.813597][ T57] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.825898][ T1024] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.865952][ T1024] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.891901][ T1024] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.897793][ T5628] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 119.930956][ T1024] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.942198][ T1024] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.980914][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.007650][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.074177][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 120.155928][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 120.173506][ T5776] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[ 120.252440][ T1024] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.283371][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.323076][ T1024] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.388724][ T1024] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.410177][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.428306][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.538154][ T1024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.553396][ T1024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.615230][ T1007] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.627124][ T1007] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.735192][ T1024] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.765299][ T1024] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.821808][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.864580][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.045021][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 121.093851][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.432876][ T5788] netlink: 'syz.3.8': attribute type 8 has an invalid length.
[ 121.464909][ T5788] Zero length message leads to an empty skb
[ 123.334395][ T4945] Bluetooth: hci2: unexpected event 0x09 length: 435 > 3
[ 124.143945][ T5843] netlink: 54 bytes leftover after parsing attributes in process `syz.3.24'.
[ 124.511797][ T5850] netlink: 98 bytes leftover after parsing attributes in process `syz.2.27'.
[ 124.560894][ T5850] netlink: 50 bytes leftover after parsing attributes in process `syz.2.27'.
[ 125.556861][ T5871] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 125.842248][ T5874] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 126.011446][ T5877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.34'.
[ 126.039241][ T5877] netlink: 'syz.0.34': attribute type 1 has an invalid length.
[ 126.051342][ T5877] netlink: 13 bytes leftover after parsing attributes in process `syz.0.34'.
[ 127.210683][ T5902] binder: 5891:5902 ioctl 5411 38 returned -22
[ 127.592611][ T5911] FAULT_INJECTION: forcing a failure.
[ 127.592611][ T5911] name failslab, interval 1, probability 0, space 0, times 1
[ 127.628409][ T5911] CPU: 0 UID: 0 PID: 5911 Comm: syz.1.46 Not tainted syzkaller #0 PREEMPT(full)
[ 127.628453][ T5911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 127.628470][ T5911] Call Trace:
[ 127.628481][ T5911]
[ 127.628493][ T5911] dump_stack_lvl+0x100/0x190
[ 127.628534][ T5911] should_fail_ex.cold+0x5/0xa
[ 127.628573][ T5911] should_failslab+0xc2/0x120
[ 127.628610][ T5911] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 127.628657][ T5911] ? prepare_creds+0x2c/0x950
[ 127.628695][ T5911] ? get_random_u64+0x575/0x7c0
[ 127.628736][ T5911] prepare_creds+0x2c/0x950
[ 127.628772][ T5911] copy_creds+0xa7/0xa50
[ 127.628811][ T5911] copy_process+0x1347/0x7e00
[ 127.628852][ T5911] ? futex_unqueue+0x133/0x2c0
[ 127.628882][ T5911] ? futex_unqueue+0x133/0x2c0
[ 127.628932][ T5911] ? __pfx_copy_process+0x10/0x10
[ 127.628986][ T5911] ? _copy_from_user+0x59/0xd0
[ 127.629041][ T5911] kernel_clone+0x12e/0x9c0
[ 127.629084][ T5911] ? futex_hash+0x141/0x370
[ 127.629112][ T5911] ? __pfx_kernel_clone+0x10/0x10
[ 127.629163][ T5911] ? __pfx_futex_wait+0x10/0x10
[ 127.629201][ T5911] ? __pfx_kernel_waitid+0x10/0x10
[ 127.629240][ T5911] __do_sys_clone3+0x214/0x290
[ 127.629284][ T5911] ? __pfx___do_sys_clone3+0x10/0x10
[ 127.629345][ T5911] ? rcu_read_unlock+0x17/0x60
[ 127.629390][ T5911] ? rcu_read_unlock+0x17/0x60
[ 127.629447][ T5911] ? rcu_is_watching+0x12/0xc0
[ 127.629488][ T5911] do_syscall_64+0x10b/0xf80
[ 127.629522][ T5911] ? clear_bhb_loop+0x40/0x90
[ 127.629557][ T5911] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.629586][ T5911] RIP: 0033:0x7fdddb99cdd9
[ 127.629609][ T5911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 127.629637][ T5911] RSP: 002b:00007fdddc919ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 127.629663][ T5911] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fdddb99cdd9
[ 127.629681][ T5911] RDX: 00007fdddc919f10 RSI: 0000000000000058 RDI: 00007fdddc919f10
[ 127.629698][ T5911] RBP: 00007fdddba32d69 R08: 0000000000000000 R09: 0000000000000058
[ 127.629715][ T5911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 127.629732][ T5911] R13: 00007fdddbc16038 R14: 00007fdddbc15fa0 R15: 00007ffe76aa0268
[ 127.629768][ T5911]
[ 128.171142][ T5919] syz.1.48 uses obsolete (PF_INET,SOCK_PACKET)
[ 128.668212][ T5905] kexec: Could not allocate control_code_buffer
[ 128.684304][ T5926] netlink: 334 bytes leftover after parsing attributes in process `syz.3.51'.
[ 129.372271][ T5936] netlink: 17 bytes leftover after parsing attributes in process `syz.3.55'.
[ 129.992733][ T5949] FAULT_INJECTION: forcing a failure.
[ 129.992733][ T5949] name failslab, interval 1, probability 0, space 0, times 0
[ 130.031876][ T5955] netlink: 330 bytes leftover after parsing attributes in process `syz.0.63'.
[ 130.060549][ T5949] CPU: 0 UID: 0 PID: 5949 Comm: syz.3.58 Not tainted syzkaller #0 PREEMPT(full)
[ 130.060589][ T5949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 130.060603][ T5949] Call Trace:
[ 130.060614][ T5949]
[ 130.060626][ T5949] dump_stack_lvl+0x100/0x190
[ 130.060664][ T5949] should_fail_ex.cold+0x5/0xa
[ 130.060721][ T5949] ? tomoyo_encode2+0xfb/0x3c0
[ 130.060754][ T5949] should_failslab+0xc2/0x120
[ 130.060787][ T5949] __kmalloc_noprof+0xe0/0x850
[ 130.060829][ T5949] ? d_absolute_path+0x136/0x1b0
[ 130.060862][ T5949] tomoyo_encode2+0xfb/0x3c0
[ 130.060901][ T5949] tomoyo_encode+0x29/0x50
[ 130.060933][ T5949] tomoyo_realpath_from_path+0x18c/0x690
[ 130.060979][ T5949] tomoyo_check_open_permission+0x2af/0x3c0
[ 130.061011][ T5949] ? __pfx_tomoyo_check_open_permission+0x10/0x10
[ 130.061065][ T5949] ? hook_file_open+0x24e/0x7a0
[ 130.061119][ T5949] ? path_get+0x61/0x80
[ 130.061160][ T5949] tomoyo_file_open+0x6b/0x90
[ 130.061199][ T5949] security_file_open+0xb5/0x1e0
[ 130.061231][ T5949] do_dentry_open+0x5aa/0x1660
[ 130.061269][ T5949] ? security_inode_permission+0xbf/0x250
[ 130.061304][ T5949] vfs_open+0x82/0x3f0
[ 130.061363][ T5949] path_openat+0x208c/0x31a0
[ 130.061412][ T5949] ? __pfx_path_openat+0x10/0x10
[ 130.061478][ T5949] do_file_open+0x20e/0x430
[ 130.061523][ T5949] ? __pfx_do_file_open+0x10/0x10
[ 130.061593][ T5949] ? alloc_fd+0x476/0x790
[ 130.061637][ T5949] ? do_getname+0x191/0x390
[ 130.061686][ T5949] do_sys_openat2+0x10d/0x1e0
[ 130.061735][ T5949] ? __pfx_do_sys_openat2+0x10/0x10
[ 130.061799][ T5949] __x64_sys_openat+0x12d/0x210
[ 130.061849][ T5949] ? __pfx___x64_sys_openat+0x10/0x10
[ 130.061906][ T5949] ? rcu_is_watching+0x12/0xc0
[ 130.061949][ T5949] do_syscall_64+0x10b/0xf80
[ 130.061989][ T5949] ? clear_bhb_loop+0x40/0x90
[ 130.062028][ T5949] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.062061][ T5949] RIP: 0033:0x7fdc0679cdd9
[ 130.062089][ T5949] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 130.062118][ T5949] RSP: 002b:00007fdc0758c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 130.062148][ T5949] RAX: ffffffffffffffda RBX: 00007fdc06a15fa0 RCX: 00007fdc0679cdd9
[ 130.062169][ T5949] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 130.062188][ T5949] RBP: 00007fdc06832d69 R08: 0000000000000000 R09: 0000000000000000
[ 130.062207][ T5949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 130.062225][ T5949] R13: 00007fdc06a16038 R14: 00007fdc06a15fa0 R15: 00007ffe8de08e48
[ 130.062268][ T5949]
[ 130.574499][ T5949] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 131.981165][ T5978] FAULT_INJECTION: forcing a failure.
[ 131.981165][ T5978] name failslab, interval 1, probability 0, space 0, times 0
[ 132.049488][ T5978] CPU: 1 UID: 0 PID: 5978 Comm: syz.2.71 Not tainted syzkaller #0 PREEMPT(full)
[ 132.049530][ T5978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 132.049549][ T5978] Call Trace:
[ 132.049559][ T5978]
[ 132.049615][ T5978] dump_stack_lvl+0x100/0x190
[ 132.049658][ T5978] should_fail_ex.cold+0x5/0xa
[ 132.049699][ T5978] ? acpi_ns_get_normalized_pathname+0x95/0x250
[ 132.049745][ T5978] should_failslab+0xc2/0x120
[ 132.049782][ T5978] __kmalloc_noprof+0xe0/0x850
[ 132.049841][ T5978] acpi_ns_get_normalized_pathname+0x95/0x250
[ 132.049892][ T5978] acpi_ds_call_control_method+0x5d4/0xab0
[ 132.049952][ T5978] acpi_ps_parse_aml+0xacd/0x1120
[ 132.049998][ T5978] acpi_ps_execute_method+0x5c4/0xe90
[ 132.050046][ T5978] acpi_ns_evaluate+0x640/0x1670
[ 132.050094][ T5978] acpi_evaluate_object+0x420/0xe00
[ 132.050121][ T5978] ? kasan_save_stack+0x30/0x50
[ 132.050150][ T5978] ? kasan_save_track+0x14/0x30
[ 132.050178][ T5978] ? __kasan_kmalloc+0xaa/0xb0
[ 132.050203][ T5978] ? __kvmalloc_node_noprof+0x360/0xa00
[ 132.050241][ T5978] ? __pfx_acpi_evaluate_object+0x10/0x10
[ 132.050271][ T5978] ? lock_acquire+0x1b1/0x370
[ 132.050311][ T5978] acpi_evaluate_integer+0xdf/0x220
[ 132.050612][ T5978] ? __pfx_acpi_evaluate_integer+0x10/0x10
[ 132.050671][ T5978] ? __pfx_status_show+0x10/0x10
[ 132.050701][ T5978] status_show+0xa0/0x120
[ 132.050730][ T5978] ? __pfx_status_show+0x10/0x10
[ 132.050770][ T5978] dev_attr_show+0x52/0xa0
[ 132.050807][ T5978] ? __pfx_dev_attr_show+0x10/0x10
[ 132.051066][ T5978] sysfs_kf_seq_show+0x217/0x3a0
[ 132.051126][ T5978] seq_read_iter+0x32f/0x1270
[ 132.051163][ T5978] ? lock_acquire+0x1b1/0x370
[ 132.051349][ T5978] kernfs_fop_read_iter+0x46c/0x610
[ 132.051398][ T5978] ? rw_verify_area+0xce/0x6d0
[ 132.051911][ T5978] ? __pfx_kernfs_fop_read_iter+0x10/0x10
[ 132.051957][ T5978] vfs_read+0x825/0xb30
[ 132.051995][ T5978] ? __pfx_vfs_read+0x10/0x10
[ 132.052051][ T5978] ksys_read+0x12a/0x250
[ 132.052083][ T5978] ? __pfx_ksys_read+0x10/0x10
[ 132.052118][ T5978] ? rcu_is_watching+0x12/0xc0
[ 132.052157][ T5978] do_syscall_64+0x10b/0xf80
[ 132.052198][ T5978] ? clear_bhb_loop+0x40/0x90
[ 132.052238][ T5978] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.052272][ T5978] RIP: 0033:0x7f6b4019cdd9
[ 132.052300][ T5978] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 132.052712][ T5978] RSP: 002b:00007f6b410fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 132.052745][ T5978] RAX: ffffffffffffffda RBX: 00007f6b40415fa0 RCX: 00007f6b4019cdd9
[ 132.052766][ T5978] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000004
[ 132.052784][ T5978] RBP: 00007f6b40232d69 R08: 0000000000000000 R09: 0000000000000000
[ 132.052802][ T5978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 132.052821][ T5978] R13: 00007f6b40416038 R14: 00007f6b40415fa0 R15: 00007ffd74b03ef8
[ 132.052867][ T5978]
[ 132.424855][ T5978] ACPI Error: Could not allocate 10 bytes (20251212/nsnames-308)
[ 132.482195][ T5984] netlink: 334 bytes leftover after parsing attributes in process `syz.1.73'.
[ 132.764085][ T5988] netlink: 62 bytes leftover after parsing attributes in process `syz.3.72'.
[ 134.119245][ T6003] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 134.179872][ T6003] netlink: 'syz.1.79': attribute type 1 has an invalid length.
[ 134.202066][ T6003] netlink: 33 bytes leftover after parsing attributes in process `syz.1.79'.
[ 135.023272][ T6020] binder: 6012:6020 ioctl 5411 38 returned -22
[ 135.386074][ T6027] netlink: 54 bytes leftover after parsing attributes in process `syz.1.85'.
[ 135.638852][ T6032] netlink: 17 bytes leftover after parsing attributes in process `syz.0.87'.
[ 136.803162][ T6049] FAULT_INJECTION: forcing a failure.
[ 136.803162][ T6049] name failslab, interval 1, probability 0, space 0, times 0
[ 136.820766][ T6049] CPU: 0 UID: 0 PID: 6049 Comm: syz.3.92 Not tainted syzkaller #0 PREEMPT(full)
[ 136.820808][ T6049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 136.820825][ T6049] Call Trace:
[ 136.820835][ T6049]
[ 136.820849][ T6049] dump_stack_lvl+0x100/0x190
[ 136.820897][ T6049] should_fail_ex.cold+0x5/0xa
[ 136.820939][ T6049] should_failslab+0xc2/0x120
[ 136.820978][ T6049] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 136.821027][ T6049] ? copy_process+0x2ad6/0x7e00
[ 136.821072][ T6049] ? _raw_spin_unlock+0x28/0x50
[ 136.821113][ T6049] copy_process+0x2ad6/0x7e00
[ 136.821155][ T6049] ? futex_unqueue+0x133/0x2c0
[ 136.821182][ T6049] ? futex_unqueue+0x133/0x2c0
[ 136.821231][ T6049] ? __pfx_copy_process+0x10/0x10
[ 136.821297][ T6049] ? _copy_from_user+0x59/0xd0
[ 136.821354][ T6049] kernel_clone+0x12e/0x9c0
[ 136.821399][ T6049] ? futex_hash+0x141/0x370
[ 136.821427][ T6049] ? __pfx_kernel_clone+0x10/0x10
[ 136.821480][ T6049] ? __pfx_futex_wait+0x10/0x10
[ 136.821520][ T6049] ? __pfx_kernel_waitid+0x10/0x10
[ 136.821556][ T6049] __do_sys_clone3+0x214/0x290
[ 136.821601][ T6049] ? __pfx___do_sys_clone3+0x10/0x10
[ 136.821658][ T6049] ? rcu_read_unlock+0x17/0x60
[ 136.821692][ T6049] ? rcu_read_unlock+0x17/0x60
[ 136.821747][ T6049] ? rcu_is_watching+0x12/0xc0
[ 136.821787][ T6049] do_syscall_64+0x10b/0xf80
[ 136.821822][ T6049] ? clear_bhb_loop+0x40/0x90
[ 136.821860][ T6049] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.821891][ T6049] RIP: 0033:0x7fdc0679cdd9
[ 136.821916][ T6049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 136.821944][ T6049] RSP: 002b:00007fdc0758bef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 136.821973][ T6049] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fdc0679cdd9
[ 136.821992][ T6049] RDX: 00007fdc0758bf10 RSI: 0000000000000058 RDI: 00007fdc0758bf10
[ 136.822009][ T6049] RBP: 00007fdc06832d69 R08: 0000000000000000 R09: 0000000000000058
[ 136.822027][ T6049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 136.822043][ T6049] R13: 00007fdc06a16038 R14: 00007fdc06a15fa0 R15: 00007ffe8de08e48
[ 136.822083][ T6049]
[ 137.662476][ T6059] netlink: 98 bytes leftover after parsing attributes in process `syz.0.97'.
[ 137.684649][ T6059] netlink: 50 bytes leftover after parsing attributes in process `syz.0.97'.
[ 138.948892][ T6078] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 139.170472][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[ 139.180796][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[ 139.790137][ T6094] FAULT_INJECTION: forcing a failure.
[ 139.790137][ T6094] name failslab, interval 1, probability 0, space 0, times 0
[ 139.888099][ T6094] CPU: 1 UID: 0 PID: 6094 Comm: syz.0.109 Not tainted syzkaller #0 PREEMPT(full)
[ 139.888138][ T6094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 139.888149][ T6094] Call Trace:
[ 139.888155][ T6094]
[ 139.888162][ T6094] dump_stack_lvl+0x100/0x190
[ 139.888188][ T6094] should_fail_ex.cold+0x5/0xa
[ 139.888210][ T6094] ? lsm_blob_alloc+0x68/0x90
[ 139.888234][ T6094] should_failslab+0xc2/0x120
[ 139.888257][ T6094] __kmalloc_noprof+0xe0/0x850
[ 139.888285][ T6094] ? audit_alloc+0xa2/0x7b0
[ 139.888316][ T6094] lsm_blob_alloc+0x68/0x90
[ 139.888339][ T6094] security_task_alloc+0x2a/0x260
[ 139.888360][ T6094] copy_process+0x2865/0x7e00
[ 139.888397][ T6094] ? __pfx_copy_process+0x10/0x10
[ 139.888428][ T6094] ? _copy_from_user+0x59/0xd0
[ 139.888459][ T6094] kernel_clone+0x12e/0x9c0
[ 139.888486][ T6094] ? __pfx_kernel_clone+0x10/0x10
[ 139.888517][ T6094] ? futex_private_hash_put+0x107/0x1c0
[ 139.888552][ T6094] ? __pfx_futex_wake+0x10/0x10
[ 139.888578][ T6094] __do_sys_clone3+0x214/0x290
[ 139.888603][ T6094] ? __pfx___do_sys_clone3+0x10/0x10
[ 139.888637][ T6094] ? rcu_read_unlock+0x17/0x60
[ 139.888659][ T6094] ? rcu_read_unlock+0x17/0x60
[ 139.888694][ T6094] ? rcu_is_watching+0x12/0xc0
[ 139.888718][ T6094] do_syscall_64+0x10b/0xf80
[ 139.888741][ T6094] ? clear_bhb_loop+0x40/0x90
[ 139.888763][ T6094] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 139.888781][ T6094] RIP: 0033:0x7f659a59cdd9
[ 139.888796][ T6094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 139.888813][ T6094] RSP: 002b:00007f659b449ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 139.888831][ T6094] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f659a59cdd9
[ 139.888843][ T6094] RDX: 00007f659b449f10 RSI: 0000000000000058 RDI: 00007f659b449f10
[ 139.888853][ T6094] RBP: 00007f659a632d69 R08: 0000000000000000 R09: 0000000000000058
[ 139.888864][ T6094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 139.888874][ T6094] R13: 00007f659a816038 R14: 00007f659a815fa0 R15: 00007ffe646566a8
[ 139.888896][ T6094]
[ 141.410238][ T6089] kexec: Could not allocate control_code_buffer
[ 142.429295][ T6121] i2c i2c-0: Invalid 7-bit I2C address 0x00
[ 142.717444][ T30] audit: type=1800 audit(1777932233.057:2): pid=6126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.119" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0
[ 143.825203][ T6137] FAULT_INJECTION: forcing a failure.
[ 143.825203][ T6137] name failslab, interval 1, probability 0, space 0, times 0
[ 143.856050][ T6137] CPU: 1 UID: 0 PID: 6137 Comm: syz.0.122 Not tainted syzkaller #0 PREEMPT(full)
[ 143.856094][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 143.856113][ T6137] Call Trace:
[ 143.856124][ T6137]
[ 143.856137][ T6137] dump_stack_lvl+0x100/0x190
[ 143.856189][ T6137] should_fail_ex.cold+0x5/0xa
[ 143.856231][ T6137] should_failslab+0xc2/0x120
[ 143.856268][ T6137] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 143.856318][ T6137] ? acpi_ut_create_control_state+0x6a/0x100
[ 143.856364][ T6137] acpi_ut_create_control_state+0x6a/0x100
[ 143.856399][ T6137] acpi_ds_exec_begin_control_op+0x21f/0x530
[ 143.856438][ T6137] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 143.856483][ T6137] acpi_ds_exec_begin_op+0x20a/0x9c0
[ 143.856518][ T6137] acpi_ps_create_op+0x7bb/0xd10
[ 143.856553][ T6137] ? __pfx_acpi_ps_create_op+0x10/0x10
[ 143.856584][ T6137] ? __pfx_acpi_ut_trace_ptr+0x10/0x10
[ 143.856618][ T6137] ? acpi_ut_value_exit+0x10d/0x190
[ 143.856661][ T6137] acpi_ps_parse_loop+0xa65/0x24a0
[ 143.856697][ T6137] ? __kmalloc_noprof+0x320/0x850
[ 143.856744][ T6137] ? __pfx_acpi_ps_parse_loop+0x10/0x10
[ 143.856774][ T6137] ? acpi_ut_status_exit+0x111/0x1c0
[ 143.856810][ T6137] ? acpi_ds_call_control_method+0x435/0xab0
[ 143.856860][ T6137] acpi_ps_parse_aml+0x81e/0x1120
[ 143.856899][ T6137] acpi_ps_execute_method+0x5c4/0xe90
[ 143.856941][ T6137] acpi_ns_evaluate+0x640/0x1670
[ 143.856984][ T6137] acpi_evaluate_object+0x420/0xe00
[ 143.857010][ T6137] ? kasan_save_stack+0x30/0x50
[ 143.857034][ T6137] ? kasan_save_track+0x14/0x30
[ 143.857057][ T6137] ? __kasan_kmalloc+0xaa/0xb0
[ 143.857079][ T6137] ? __kvmalloc_node_noprof+0x360/0xa00
[ 143.857108][ T6137] ? __pfx_acpi_evaluate_object+0x10/0x10
[ 143.857131][ T6137] ? lock_acquire+0x1b1/0x370
[ 143.857178][ T6137] acpi_evaluate_integer+0xdf/0x220
[ 143.857222][ T6137] ? __pfx_acpi_evaluate_integer+0x10/0x10
[ 143.857279][ T6137] ? __pfx_status_show+0x10/0x10
[ 143.857305][ T6137] status_show+0xa0/0x120
[ 143.857332][ T6137] ? __pfx_status_show+0x10/0x10
[ 143.857367][ T6137] dev_attr_show+0x52/0xa0
[ 143.857401][ T6137] ? __pfx_dev_attr_show+0x10/0x10
[ 143.857433][ T6137] sysfs_kf_seq_show+0x217/0x3a0
[ 143.857481][ T6137] seq_read_iter+0x32f/0x1270
[ 143.857510][ T6137] ? lock_acquire+0x1b1/0x370
[ 143.857553][ T6137] kernfs_fop_read_iter+0x46c/0x610
[ 143.857601][ T6137] ? rw_verify_area+0xce/0x6d0
[ 143.857633][ T6137] ? __pfx_kernfs_fop_read_iter+0x10/0x10
[ 143.857681][ T6137] vfs_read+0x825/0xb30
[ 143.857723][ T6137] ? __pfx_vfs_read+0x10/0x10
[ 143.857787][ T6137] ksys_read+0x12a/0x250
[ 143.857824][ T6137] ? __pfx_ksys_read+0x10/0x10
[ 143.857864][ T6137] ? rcu_is_watching+0x12/0xc0
[ 143.857909][ T6137] do_syscall_64+0x10b/0xf80
[ 143.857949][ T6137] ? clear_bhb_loop+0x40/0x90
[ 143.857989][ T6137] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 143.858022][ T6137] RIP: 0033:0x7f659a59cdd9
[ 143.858051][ T6137] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 143.858080][ T6137] RSP: 002b:00007f659b44a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 143.858112][ T6137] RAX: ffffffffffffffda RBX: 00007f659a815fa0 RCX: 00007f659a59cdd9
[ 143.858135][ T6137] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000004
[ 143.858155][ T6137] RBP: 00007f659a632d69 R08: 0000000000000000 R09: 0000000000000000
[ 143.858187][ T6137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 143.858204][ T6137] R13: 00007f659a816038 R14: 00007f659a815fa0 R15: 00007ffe646566a8
[ 143.858250][ T6137]
[ 144.366906][ T6137] ACPI Error: Aborting method \_SB.IQST due to previous error (AE_NO_MEMORY) (20251212/psparse-529)
[ 144.390272][ T6137] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529)
[ 145.103267][ T6149] netlink: 54 bytes leftover after parsing attributes in process `syz.2.126'.
[ 146.001554][ T30] audit: type=1800 audit(1777932236.347:3): pid=6166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.131" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0
[ 146.614614][ T6177] FAULT_INJECTION: forcing a failure.
[ 146.614614][ T6177] name failslab, interval 1, probability 0, space 0, times 0
[ 146.678289][ T6177] CPU: 0 UID: 0 PID: 6177 Comm: syz.3.134 Not tainted syzkaller #0 PREEMPT(full)
[ 146.678333][ T6177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 146.678351][ T6177] Call Trace:
[ 146.678361][ T6177]
[ 146.678374][ T6177] dump_stack_lvl+0x100/0x190
[ 146.678415][ T6177] should_fail_ex.cold+0x5/0xa
[ 146.678456][ T6177] should_failslab+0xc2/0x120
[ 146.678491][ T6177] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 146.678533][ T6177] ? acpi_ut_create_generic_state+0x61/0xc0
[ 146.678580][ T6177] acpi_ut_create_generic_state+0x61/0xc0
[ 146.678614][ T6177] acpi_ps_push_scope+0x42/0x280
[ 146.678655][ T6177] acpi_ps_parse_loop+0x334/0x24a0
[ 146.678696][ T6177] ? __kmalloc_noprof+0x237/0x850
[ 146.678748][ T6177] ? __pfx_acpi_ps_parse_loop+0x10/0x10
[ 146.678783][ T6177] ? acpi_ut_status_exit+0x111/0x1c0
[ 146.678825][ T6177] ? acpi_ds_call_control_method+0x435/0xab0
[ 146.678883][ T6177] acpi_ps_parse_aml+0x81e/0x1120
[ 146.678928][ T6177] acpi_ps_execute_method+0x5c4/0xe90
[ 146.678975][ T6177] acpi_ns_evaluate+0x640/0x1670
[ 146.679025][ T6177] acpi_evaluate_object+0x420/0xe00
[ 146.679051][ T6177] ? kasan_save_stack+0x30/0x50
[ 146.679076][ T6177] ? kasan_save_track+0x14/0x30
[ 146.679102][ T6177] ? __kasan_kmalloc+0xaa/0xb0
[ 146.679127][ T6177] ? __kvmalloc_node_noprof+0x360/0xa00
[ 146.679170][ T6177] ? __pfx_acpi_evaluate_object+0x10/0x10
[ 146.679199][ T6177] ? lock_acquire+0x1b1/0x370
[ 146.679242][ T6177] acpi_evaluate_integer+0xdf/0x220
[ 146.679291][ T6177] ? __pfx_acpi_evaluate_integer+0x10/0x10
[ 146.679362][ T6177] ? __pfx_status_show+0x10/0x10
[ 146.679391][ T6177] status_show+0xa0/0x120
[ 146.679560][ T6177] ? __pfx_status_show+0x10/0x10
[ 146.679604][ T6177] dev_attr_show+0x52/0xa0
[ 146.679643][ T6177] ? __pfx_dev_attr_show+0x10/0x10
[ 146.679678][ T6177] sysfs_kf_seq_show+0x217/0x3a0
[ 146.679737][ T6177] seq_read_iter+0x32f/0x1270
[ 146.679770][ T6177] ? lock_acquire+0x1b1/0x370
[ 146.679819][ T6177] kernfs_fop_read_iter+0x46c/0x610
[ 146.679868][ T6177] ? rw_verify_area+0xce/0x6d0
[ 146.679900][ T6177] ? __pfx_kernfs_fop_read_iter+0x10/0x10
[ 146.679954][ T6177] vfs_read+0x825/0xb30
[ 146.679997][ T6177] ? __pfx_vfs_read+0x10/0x10
[ 146.680063][ T6177] ksys_read+0x12a/0x250
[ 146.680124][ T6177] ? __pfx_ksys_read+0x10/0x10
[ 146.680164][ T6177] ? rcu_is_watching+0x12/0xc0
[ 146.680251][ T6177] do_syscall_64+0x10b/0xf80
[ 146.680292][ T6177] ? clear_bhb_loop+0x40/0x90
[ 146.680333][ T6177] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 146.680366][ T6177] RIP: 0033:0x7fdc0679cdd9
[ 146.680396][ T6177] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 146.680426][ T6177] RSP: 002b:00007fdc0758c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 146.680454][ T6177] RAX: ffffffffffffffda RBX: 00007fdc06a15fa0 RCX: 00007fdc0679cdd9
[ 146.680475][ T6177] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000004
[ 146.680493][ T6177] RBP: 00007fdc06832d69 R08: 0000000000000000 R09: 0000000000000000
[ 146.680510][ T6177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 146.680527][ T6177] R13: 00007fdc06a16038 R14: 00007fdc06a15fa0 R15: 00007ffe8de08e48
[ 146.680569][ T6177]
[ 146.683872][ T6177] ACPI Error: Aborting method \_SB.IQST due to previous error (AE_NO_MEMORY) (20251212/psparse-529)
[ 147.146621][ T6177] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529)
[ 147.611769][ T6188] netlink: 334 bytes leftover after parsing attributes in process `syz.2.136'.
[ 148.168772][ T6197] FAULT_INJECTION: forcing a failure.
[ 148.168772][ T6197] name failslab, interval 1, probability 0, space 0, times 0
[ 148.211642][ T6197] CPU: 0 UID: 0 PID: 6197 Comm: syz.2.137 Not tainted syzkaller #0 PREEMPT(full)
[ 148.211682][ T6197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 148.211698][ T6197] Call Trace:
[ 148.211706][ T6197]
[ 148.211716][ T6197] dump_stack_lvl+0x100/0x190
[ 148.211754][ T6197] should_fail_ex.cold+0x5/0xa
[ 148.211793][ T6197] should_failslab+0xc2/0x120
[ 148.211827][ T6197] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 148.211876][ T6197] ? copy_process+0x2ad6/0x7e00
[ 148.211922][ T6197] ? _raw_spin_unlock+0x28/0x50
[ 148.211964][ T6197] copy_process+0x2ad6/0x7e00
[ 148.212006][ T6197] ? futex_unqueue+0x133/0x2c0
[ 148.212039][ T6197] ? futex_unqueue+0x133/0x2c0
[ 148.212089][ T6197] ? __pfx_copy_process+0x10/0x10
[ 148.212140][ T6197] ? _copy_from_user+0x59/0xd0
[ 148.212207][ T6197] kernel_clone+0x12e/0x9c0
[ 148.212256][ T6197] ? __pfx_kernel_clone+0x10/0x10
[ 148.212307][ T6197] ? __pfx_futex_wait+0x10/0x10
[ 148.212358][ T6197] __do_sys_clone3+0x214/0x290
[ 148.212402][ T6197] ? __pfx___do_sys_clone3+0x10/0x10
[ 148.212471][ T6197] ? rcu_read_unlock+0x17/0x60
[ 148.212507][ T6197] ? rcu_read_unlock+0x17/0x60
[ 148.212567][ T6197] ? rcu_is_watching+0x12/0xc0
[ 148.212611][ T6197] do_syscall_64+0x10b/0xf80
[ 148.212650][ T6197] ? clear_bhb_loop+0x40/0x90
[ 148.212689][ T6197] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 148.212720][ T6197] RIP: 0033:0x7f6b4019cdd9
[ 148.212747][ T6197] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 148.212776][ T6197] RSP: 002b:00007f6b410faef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[ 148.212808][ T6197] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f6b4019cdd9
[ 148.212827][ T6197] RDX: 00007f6b410faf10 RSI: 0000000000000058 RDI: 00007f6b410faf10
[ 148.212846][ T6197] RBP: 00007f6b40232d69 R08: 0000000000000000 R09: 0000000000000058
[ 148.212865][ T6197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 148.212884][ T6197] R13: 00007f6b40416038 R14: 00007f6b40415fa0 R15: 00007ffd74b03ef8
[ 148.212926][ T6197]
[ 152.515108][ T30] audit: type=1804 audit(1777932242.847:4): pid=6268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.151" name="/newroot/32/file0" dev="tmpfs" ino=187 res=1 errno=0
[ 153.654685][ T4945] Bluetooth: hci3: unexpected subevent 0x18 length: 0 < 19
[ 154.120576][ T6298] FAULT_INJECTION: forcing a failure.
[ 154.120576][ T6298] name failslab, interval 1, probability 0, space 0, times 0
[ 154.148482][ T6298] CPU: 0 UID: 0 PID: 6298 Comm: syz.1.154 Not tainted syzkaller #0 PREEMPT(full)
[ 154.148529][ T6298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 154.148549][ T6298] Call Trace:
[ 154.148560][ T6298]
[ 154.148572][ T6298] dump_stack_lvl+0x100/0x190
[ 154.148615][ T6298] should_fail_ex.cold+0x5/0xa
[ 154.148656][ T6298] should_failslab+0xc2/0x120
[ 154.148693][ T6298] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 154.148742][ T6298] ? acpi_ut_create_control_state+0x6a/0x100
[ 154.148790][ T6298] acpi_ut_create_control_state+0x6a/0x100
[ 154.148827][ T6298] acpi_ds_exec_begin_control_op+0x21f/0x530
[ 154.148874][ T6298] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 154.148922][ T6298] acpi_ds_exec_begin_op+0x20a/0x9c0
[ 154.148962][ T6298] acpi_ps_create_op+0x7bb/0xd10
[ 154.149001][ T6298] ? __pfx_acpi_ps_create_op+0x10/0x10
[ 154.149038][ T6298] ? __pfx_acpi_ut_trace_ptr+0x10/0x10
[ 154.149076][ T6298] ? acpi_ut_value_exit+0x10d/0x190
[ 154.149121][ T6298] acpi_ps_parse_loop+0xa65/0x24a0
[ 154.149162][ T6298] ? __kmalloc_noprof+0x320/0x850
[ 154.149216][ T6298] ? __pfx_acpi_ps_parse_loop+0x10/0x10
[ 154.149250][ T6298] ? acpi_ut_status_exit+0x111/0x1c0
[ 154.149297][ T6298] ? acpi_ds_call_control_method+0x435/0xab0
[ 154.149355][ T6298] acpi_ps_parse_aml+0x81e/0x1120
[ 154.149415][ T6298] acpi_ps_execute_method+0x5c4/0xe90
[ 154.149465][ T6298] acpi_ns_evaluate+0x640/0x1670
[ 154.149519][ T6298] acpi_evaluate_object+0x420/0xe00
[ 154.149550][ T6298] ? kasan_save_stack+0x30/0x50
[ 154.149578][ T6298] ? kasan_save_track+0x14/0x30
[ 154.149607][ T6298] ? __kasan_kmalloc+0xaa/0xb0
[ 154.149633][ T6298] ? __kvmalloc_node_noprof+0x360/0xa00
[ 154.149670][ T6298] ? __pfx_acpi_evaluate_object+0x10/0x10
[ 154.149701][ T6298] ? lock_acquire+0x1b1/0x370
[ 154.149743][ T6298] acpi_evaluate_integer+0xdf/0x220
[ 154.149789][ T6298] ? __pfx_acpi_evaluate_integer+0x10/0x10
[ 154.149854][ T6298] ? __pfx_status_show+0x10/0x10
[ 154.149884][ T6298] status_show+0xa0/0x120
[ 154.149915][ T6298] ? __pfx_status_show+0x10/0x10
[ 154.149957][ T6298] dev_attr_show+0x52/0xa0
[ 154.149997][ T6298] ? __pfx_dev_attr_show+0x10/0x10
[ 154.150034][ T6298] sysfs_kf_seq_show+0x217/0x3a0
[ 154.150093][ T6298] seq_read_iter+0x32f/0x1270
[ 154.150431][ T6298] ? lock_acquire+0x1b1/0x370
[ 154.150490][ T6298] kernfs_fop_read_iter+0x46c/0x610
[ 154.150535][ T6298] ? rw_verify_area+0xce/0x6d0
[ 154.150567][ T6298] ? __pfx_kernfs_fop_read_iter+0x10/0x10
[ 154.150616][ T6298] vfs_read+0x825/0xb30
[ 154.150657][ T6298] ? __pfx_vfs_read+0x10/0x10
[ 154.150712][ T6298] ksys_read+0x12a/0x250
[ 154.150757][ T6298] ? __pfx_ksys_read+0x10/0x10
[ 154.150791][ T6298] ? rcu_is_watching+0x12/0xc0
[ 154.150833][ T6298] do_syscall_64+0x10b/0xf80
[ 154.150872][ T6298] ? clear_bhb_loop+0x40/0x90
[ 154.150910][ T6298] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.150941][ T6298] RIP: 0033:0x7fdddb99cdd9
[ 154.150965][ T6298] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 154.150991][ T6298] RSP: 002b:00007fdddc91a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 154.151019][ T6298] RAX: ffffffffffffffda RBX: 00007fdddbc15fa0 RCX: 00007fdddb99cdd9
[ 154.151037][ T6298] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000004
[ 154.151054][ T6298] RBP: 00007fdddba32d69 R08: 0000000000000000 R09: 0000000000000000
[ 154.151071][ T6298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 154.151088][ T6298] R13: 00007fdddbc16038 R14: 00007fdddbc15fa0 R15: 00007ffe76aa0268
[ 154.151128][ T6298]
[ 154.151405][ T6298] ACPI Error: Aborting method \_SB.IQST due to previous error (AE_NO_MEMORY) (20251212/psparse-529)
[ 154.634721][ T6298] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529)
[ 155.640913][ T6316] netlink: 20 bytes leftover after parsing attributes in process `syz.1.163'.
[ 156.635807][ T4945] Bluetooth: hci2: unexpected subevent 0x18 length: 0 < 19
[ 159.523498][ T4945] Bluetooth: hci1: unexpected subevent 0x18 length: 0 < 19
[ 161.229629][ T6386] FAULT_INJECTION: forcing a failure.
[ 161.229629][ T6386] name failslab, interval 1, probability 0, space 0, times 0
[ 161.323527][ T6386] CPU: 0 UID: 0 PID: 6386 Comm: syz.1.183 Not tainted syzkaller #0 PREEMPT(full)
[ 161.323555][ T6386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 161.323566][ T6386] Call Trace:
[ 161.323573][ T6386]
[ 161.323581][ T6386] dump_stack_lvl+0x100/0x190
[ 161.323607][ T6386] should_fail_ex.cold+0x5/0xa
[ 161.323631][ T6386] should_failslab+0xc2/0x120
[ 161.323652][ T6386] __kmalloc_cache_noprof+0x7a/0x6f0
[ 161.323679][ T6386] ? kernfs_fop_open+0x9fa/0xd50
[ 161.323710][ T6386] kernfs_fop_open+0x9fa/0xd50
[ 161.323741][ T6386] do_dentry_open+0x6d8/0x1660
[ 161.323762][ T6386] ? __pfx_kernfs_fop_open+0x10/0x10
[ 161.323794][ T6386] vfs_open+0x82/0x3f0
[ 161.323822][ T6386] path_openat+0x208c/0x31a0
[ 161.323851][ T6386] ? __pfx_path_openat+0x10/0x10
[ 161.323883][ T6386] do_file_open+0x20e/0x430
[ 161.323907][ T6386] ? __pfx_do_file_open+0x10/0x10
[ 161.323945][ T6386] ? alloc_fd+0x476/0x790
[ 161.323969][ T6386] ? do_getname+0x191/0x390
[ 161.324000][ T6386] do_sys_openat2+0x10d/0x1e0
[ 161.324027][ T6386] ? __pfx_do_sys_openat2+0x10/0x10
[ 161.324062][ T6386] __x64_sys_openat+0x12d/0x210
[ 161.324090][ T6386] ? __pfx___x64_sys_openat+0x10/0x10
[ 161.324221][ T6386] ? rcu_is_watching+0x12/0xc0
[ 161.324246][ T6386] do_syscall_64+0x10b/0xf80
[ 161.324270][ T6386] ? clear_bhb_loop+0x40/0x90
[ 161.324292][ T6386] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 161.324317][ T6386] RIP: 0033:0x7fdddb99cdd9
[ 161.324334][ T6386] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 161.324352][ T6386] RSP: 002b:00007fdddc91a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 161.324383][ T6386] RAX: ffffffffffffffda RBX: 00007fdddbc15fa0 RCX: 00007fdddb99cdd9
[ 161.324395][ T6386] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 161.324406][ T6386] RBP: 00007fdddba32d69 R08: 0000000000000000 R09: 0000000000000000
[ 161.324421][ T6386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 161.324431][ T6386] R13: 00007fdddbc16038 R14: 00007fdddbc15fa0 R15: 00007ffe76aa0268
[ 161.324457][ T6386]
[ 164.282003][ T4945] Bluetooth: hci0: unexpected subevent 0x18 length: 0 < 19
[ 165.533182][ T30] audit: type=1804 audit(1777932255.877:5): pid=6426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.193" name="/newroot/48/file0" dev="tmpfs" ino=265 res=1 errno=0
[ 168.580309][ T30] audit: type=1804 audit(1777932258.927:6): pid=6462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.205" name="/newroot/54/file0" dev="tmpfs" ino=297 res=1 errno=0
[ 168.663097][ T6464] netlink: 12 bytes leftover after parsing attributes in process `syz.1.206'.
[ 168.709254][ T6464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.206'.
[ 169.722974][ T6484] random: crng reseeded on system resumption
[ 173.194332][ T6537] random: crng reseeded on system resumption
[ 173.237822][ T6538] capability: warning: `syz.0.227' uses 32-bit capabilities (legacy support in use)
[ 179.429280][ T6647] FAULT_INJECTION: forcing a failure.
[ 179.429280][ T6647] name failslab, interval 1, probability 0, space 0, times 0
[ 179.454702][ T6647] CPU: 0 UID: 0 PID: 6647 Comm: syz.2.261 Not tainted syzkaller #0 PREEMPT(full)
[ 179.454749][ T6647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 179.454766][ T6647] Call Trace:
[ 179.454776][ T6647]
[ 179.454786][ T6647] dump_stack_lvl+0x100/0x190
[ 179.454836][ T6647] should_fail_ex.cold+0x5/0xa
[ 179.454874][ T6647] should_failslab+0xc2/0x120
[ 179.454908][ T6647] __kmalloc_cache_noprof+0x7a/0x6f0
[ 179.454951][ T6647] ? refill_pi_state_cache+0x91/0x260
[ 179.454995][ T6647] refill_pi_state_cache+0x91/0x260
[ 179.455034][ T6647] futex_lock_pi+0x16d/0x7a0
[ 179.455074][ T6647] ? __pfx_futex_lock_pi+0x10/0x10
[ 179.455114][ T6647] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 179.455183][ T6647] ? __pfx_futex_wake_mark+0x10/0x10
[ 179.455229][ T6647] ? __get_user_nocheck_8+0x20/0x20
[ 179.455260][ T6647] ? do_vfs_ioctl+0x226/0x13e0
[ 179.455294][ T6647] do_futex+0x18a/0x350
[ 179.455326][ T6647] ? __pfx_do_futex+0x10/0x10
[ 179.455360][ T6647] ? find_held_lock+0x2b/0x80
[ 179.455403][ T6647] __x64_sys_futex+0x34f/0x4d0
[ 179.455439][ T6647] ? __pfx___x64_sys_futex+0x10/0x10
[ 179.455478][ T6647] ? rcu_is_watching+0x12/0xc0
[ 179.455517][ T6647] do_syscall_64+0x10b/0xf80
[ 179.455552][ T6647] ? clear_bhb_loop+0x40/0x90
[ 179.455587][ T6647] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 179.455615][ T6647] RIP: 0033:0x7f6b4019cdd9
[ 179.455639][ T6647] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 179.455665][ T6647] RSP: 002b:00007f6b410da028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 179.455692][ T6647] RAX: ffffffffffffffda RBX: 00007f6b40416090 RCX: 00007f6b4019cdd9
[ 179.455711][ T6647] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000
[ 179.455727][ T6647] RBP: 00007f6b40232d69 R08: 0000000000000000 R09: 000000008000fff5
[ 179.455744][ T6647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 179.455760][ T6647] R13: 00007f6b40416128 R14: 00007f6b40416090 R15: 00007ffd74b03ef8
[ 179.455798][ T6647]
[ 184.661835][ T6732] FAULT_INJECTION: forcing a failure.
[ 184.661835][ T6732] name failslab, interval 1, probability 0, space 0, times 0
[ 184.665834][ T6731] FAULT_INJECTION: forcing a failure.
[ 184.665834][ T6731] name failslab, interval 1, probability 0, space 0, times 0
[ 184.709587][ T6732] CPU: 1 UID: 0 PID: 6732 Comm: syz.1.288 Not tainted syzkaller #0 PREEMPT(full)
[ 184.709628][ T6732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 184.709646][ T6732] Call Trace:
[ 184.709655][ T6732]
[ 184.709667][ T6732] dump_stack_lvl+0x100/0x190
[ 184.709706][ T6732] should_fail_ex.cold+0x5/0xa
[ 184.709744][ T6732] should_failslab+0xc2/0x120
[ 184.709780][ T6732] __kmalloc_node_noprof+0xe6/0x850
[ 184.709832][ T6732] ? alloc_slab_obj_exts+0xae/0x270
[ 184.709892][ T6732] alloc_slab_obj_exts+0xae/0x270
[ 184.709937][ T6732] __memcg_slab_post_alloc_hook+0x3c2/0xff0
[ 184.709989][ T6732] ? kasan_save_track+0x14/0x30
[ 184.710018][ T6732] kmem_cache_alloc_noprof+0x58a/0x6e0
[ 184.710058][ T6732] ? copy_utsname+0x1a8/0x690
[ 184.710102][ T6732] copy_utsname+0x1a8/0x690
[ 184.710139][ T6732] create_new_namespaces+0x16a/0xac0
[ 184.710176][ T6732] ? bpf_lsm_capable+0x9/0x10
[ 184.710205][ T6732] ? security_capable+0x80/0x260
[ 184.710250][ T6732] unshare_nsproxy_namespaces+0xf2/0x220
[ 184.710289][ T6732] ksys_unshare+0x438/0xab0
[ 184.710331][ T6732] ? __pfx_ksys_unshare+0x10/0x10
[ 184.710370][ T6732] ? xfd_validate_state+0x129/0x190
[ 184.710415][ T6732] __x64_sys_unshare+0x31/0x40
[ 184.710461][ T6732] do_syscall_64+0x10b/0xf80
[ 184.710500][ T6732] ? clear_bhb_loop+0x40/0x90
[ 184.710536][ T6732] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 184.710567][ T6732] RIP: 0033:0x7fdddb99cdd9
[ 184.710593][ T6732] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 184.710621][ T6732] RSP: 002b:00007fdddc91a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 184.710652][ T6732] RAX: ffffffffffffffda RBX: 00007fdddbc15fa0 RCX: 00007fdddb99cdd9
[ 184.710671][ T6732] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000
[ 184.710687][ T6732] RBP: 00007fdddba32d69 R08: 0000000000000000 R09: 0000000000000000
[ 184.710705][ T6732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 184.710721][ T6732] R13: 00007fdddbc16038 R14: 00007fdddbc15fa0 R15: 00007ffe76aa0268
[ 184.710759][ T6732]
[ 184.730010][ T6731] CPU: 0 UID: 0 PID: 6731 Comm: syz.3.287 Not tainted syzkaller #0 PREEMPT(full)
[ 184.730049][ T6731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 184.730064][ T6731] Call Trace:
[ 184.730073][ T6731]
[ 184.730083][ T6731] dump_stack_lvl+0x100/0x190
[ 184.730126][ T6731] should_fail_ex.cold+0x5/0xa
[ 184.730161][ T6731] should_failslab+0xc2/0x120
[ 184.730193][ T6731] kmem_cache_alloc_lru_noprof+0x80/0x6e0
[ 184.730234][ T6731] ? __d_alloc+0x34/0xa40
[ 184.730277][ T6731] __d_alloc+0x34/0xa40
[ 184.730316][ T6731] d_alloc_pseudo+0x1c/0xc0
[ 184.730342][ T6731] alloc_file_pseudo+0xcf/0x230
[ 184.730382][ T6731] ? __pfx_alloc_file_pseudo+0x10/0x10
[ 184.730431][ T6731] __shmem_file_setup+0x205/0x460
[ 184.730468][ T6731] ? __pfx___shmem_file_setup+0x10/0x10
[ 184.730507][ T6731] ? vm_area_alloc+0x1f/0x160
[ 184.730548][ T6731] shmem_zero_setup+0x96/0x1b0
[ 184.730578][ T6731] __mmap_region+0x24e9/0x2da0
[ 184.730625][ T6731] ? __pfx___mmap_region+0x10/0x10
[ 184.730695][ T6731] ? do_raw_spin_lock+0x128/0x260
[ 184.730749][ T6731] ? do_raw_spin_lock+0x128/0x260
[ 184.730779][ T6731] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 184.730822][ T6731] ? hrtimer_start_range_ns+0x860/0x1a50
[ 184.730856][ T6731] ? find_held_lock+0x2b/0x80
[ 184.730887][ T6731] ? finish_task_switch.isra.0+0x2c6/0x1010
[ 184.730981][ T6731] mmap_region+0x35d/0x620
[ 184.731008][ T6731] ? rcu_is_watching+0x12/0xc0
[ 184.731044][ T6731] ? __pfx_mmap_region+0x10/0x10
[ 184.731074][ T6731] ? cap_mmap_addr+0x4b/0x120
[ 184.731118][ T6731] ? bpf_lsm_mmap_addr+0x9/0x30
[ 184.731143][ T6731] ? security_mmap_addr+0x71/0x1e0
[ 184.731171][ T6731] ? __get_unmapped_area+0x255/0x3e0
[ 184.731208][ T6731] do_mmap+0xc63/0x12f0
[ 184.731246][ T6731] ? __pfx_do_mmap+0x10/0x10
[ 184.731278][ T6731] ? __pfx_down_write_killable+0x10/0x10
[ 184.731324][ T6731] vm_mmap_pgoff+0x29e/0x470
[ 184.731363][ T6731] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 184.731398][ T6731] ? do_futex+0x192/0x350
[ 184.731427][ T6731] ? __pfx_do_futex+0x10/0x10
[ 184.731463][ T6731] ksys_mmap_pgoff+0xe4/0x610
[ 184.731494][ T6731] ? __x64_sys_futex+0x358/0x4d0
[ 184.731524][ T6731] ? __pfx_ksys_mmap_pgoff+0x10/0x10
[ 184.731555][ T6731] ? xfd_validate_state+0x129/0x190
[ 184.731581][ T6731] ? ksys_write+0x1ac/0x250
[ 184.731617][ T6731] __x64_sys_mmap+0x125/0x190
[ 184.731650][ T6731] do_syscall_64+0x10b/0xf80
[ 184.731682][ T6731] ? clear_bhb_loop+0x40/0x90
[ 184.731714][ T6731] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 184.731741][ T6731] RIP: 0033:0x7fdc0679cdd9
[ 184.731763][ T6731] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 184.731787][ T6731] RSP: 002b:00007fdc0758c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 184.731813][ T6731] RAX: ffffffffffffffda RBX: 00007fdc06a15fa0 RCX: 00007fdc0679cdd9
[ 184.731831][ T6731] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 0000000000000000
[ 184.731846][ T6731] RBP: 00007fdc06832d69 R08: fffffffffffffffa R09: 0000000000008000
[ 184.731863][ T6731] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000
[ 184.731878][ T6731] R13: 00007fdc06a16038 R14: 00007fdc06a15fa0 R15: 00007ffe8de08e48
[ 184.731914][ T6731]
[ 187.192503][ T6752] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 187.221165][ T6752] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 187.323725][ T6752] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 187.389536][ T6752] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 187.430953][ T6752] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 187.488645][ T6752] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 187.527245][ T6752] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 187.545229][ T6752] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 187.564705][ T6752] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 187.584004][ T6752] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 187.605852][ T6752] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 187.651820][ T6752] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 188.941881][ T4945] Bluetooth: hci0: command 0x0c1a tx timeout
[ 189.417370][ T4945] Bluetooth: hci1: command 0x0c1a tx timeout
[ 189.473083][ T6801] netlink: 28 bytes leftover after parsing attributes in process `syz.2.309'.
[ 189.535855][ T6801] bridge_slave_1: left allmulticast mode
[ 189.552210][ T6801] bridge_slave_1: left promiscuous mode
[ 189.566446][ T4945] Bluetooth: hci2: command 0x0c1a tx timeout
[ 189.586371][ T6801] bridge0: port 2(bridge_slave_1) entered disabled state
[ 189.618046][ T6801] bridge_slave_0: left allmulticast mode
[ 189.630851][ T6801] bridge_slave_0: left promiscuous mode
[ 189.646802][ T4945] Bluetooth: hci3: command 0x0c1a tx timeout
[ 189.654373][ T6801] bridge0: port 1(bridge_slave_0) entered disabled state
[ 191.006513][ T4945] Bluetooth: hci0: command 0x0c1a tx timeout
[ 191.487076][ T4945] Bluetooth: hci1: command 0x0c1a tx timeout
[ 191.652351][ T4945] Bluetooth: hci2: command 0x0c1a tx timeout
[ 191.673247][ T6823] FAULT_INJECTION: forcing a failure.
[ 191.673247][ T6823] name failslab, interval 1, probability 0, space 0, times 0
[ 191.722681][ T6823] CPU: 1 UID: 0 PID: 6823 Comm: syz.1.315 Not tainted syzkaller #0 PREEMPT(full)
[ 191.722708][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 191.722718][ T6823] Call Trace:
[ 191.722724][ T6823]
[ 191.722732][ T6823] dump_stack_lvl+0x100/0x190
[ 191.722758][ T6823] should_fail_ex.cold+0x5/0xa
[ 191.722792][ T6823] should_failslab+0xc2/0x120
[ 191.722813][ T6823] __kmalloc_cache_noprof+0x7a/0x6f0
[ 191.722839][ T6823] ? snd_pcm_oss_change_params_locked+0x211/0x39f0
[ 191.722871][ T6823] snd_pcm_oss_change_params_locked+0x211/0x39f0
[ 191.722897][ T6823] ? trace_contention_end+0xc5/0x170
[ 191.722920][ T6823] ? snd_pcm_oss_get_active_substream+0x153/0x1d0
[ 191.722948][ T6823] ? kasan_quarantine_put+0x104/0x240
[ 191.722977][ T6823] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 191.723003][ T6823] ? __pfx___mutex_lock+0x10/0x10
[ 191.723029][ T6823] ? find_held_lock+0x2b/0x80
[ 191.723051][ T6823] ? tomoyo_path_number_perm+0x28f/0x580
[ 191.723070][ T6823] ? tomoyo_path_number_perm+0x28f/0x580
[ 191.723095][ T6823] ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 191.723112][ T6823] ? futex_wait+0x11e/0x370
[ 191.723139][ T6823] snd_pcm_oss_get_active_substream+0x175/0x1d0
[ 191.723170][ T6823] snd_pcm_oss_get_formats+0x7d/0x350
[ 191.723195][ T6823] ? do_vfs_ioctl+0x226/0x13e0
[ 191.723212][ T6823] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10
[ 191.723244][ T6823] snd_pcm_oss_ioctl+0x1795/0x37c0
[ 191.723270][ T6823] ? find_held_lock+0x2b/0x80
[ 191.723293][ T6823] ? __fget_files+0x215/0x3d0
[ 191.723313][ T6823] ? hook_file_ioctl_common+0x149/0x410
[ 191.723333][ T6823] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[ 191.723378][ T6823] ? __fget_files+0x21f/0x3d0
[ 191.723416][ T6823] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[ 191.723455][ T6823] __x64_sys_ioctl+0x18e/0x210
[ 191.723474][ T6823] do_syscall_64+0x10b/0xf80
[ 191.723496][ T6823] ? clear_bhb_loop+0x40/0x90
[ 191.723518][ T6823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 191.723536][ T6823] RIP: 0033:0x7fdddb99cdd9
[ 191.723552][ T6823] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 191.723569][ T6823] RSP: 002b:00007fdddc8f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 191.723587][ T6823] RAX: ffffffffffffffda RBX: 00007fdddbc16090 RCX: 00007fdddb99cdd9
[ 191.723599][ T6823] RDX: 0000000000000000 RSI: 000000008004500b RDI: 0000000000000003
[ 191.723609][ T6823] RBP: 00007fdddba32d69 R08: 0000000000000000 R09: 0000000000000000
[ 191.723620][ T6823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 191.723630][ T6823] R13: 00007fdddbc16128 R14: 00007fdddbc16090 R15: 00007ffe76aa0268
[ 191.723653][ T6823]
[ 191.726426][ T4945] Bluetooth: hci3: command 0x0c1a tx timeout
[ 193.086774][ T4945] Bluetooth: hci0: command 0x0c1a tx timeout
[ 193.579228][ T4945] Bluetooth: hci1: command 0x0c1a tx timeout
[ 193.726454][ T4945] Bluetooth: hci2: command 0x0c1a tx timeout
[ 194.047655][ T4945] Bluetooth: hci3: command 0x0c1a tx timeout
[ 194.363933][ T4945] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260
[ 194.363973][ T4945] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260
[ 194.381977][ T4945] Bluetooth: hci3: Dropping invalid advertising data
[ 194.390673][ T4945] Bluetooth: hci3: unknown advertising packet type: 0xe9
[ 195.345024][ T30] audit: type=1800 audit(1777932285.687:7): pid=6884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.330" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0
[ 196.597394][ T6903] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 196.609707][ T6903] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 196.634134][ T6903] Bluetooth: hci2: no memory for command (opcode 0x0c1a)
[ 196.655719][ T6903] Bluetooth: hci2: Opcode 0x0c1a failed: -12
[ 196.674070][ T6903] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 198.607166][ T4945] Bluetooth: hci0: command 0x0c1a tx timeout
[ 198.688567][ T4945] Bluetooth: hci3: command 0x0c1a tx timeout
[ 198.688578][ T5631] Bluetooth: hci1: command 0x0c1a tx timeout
[ 199.866170][ T6948] netlink: 'syz.2.347': attribute type 33 has an invalid length.
[ 200.405811][ T6958] netlink: 'syz.1.351': attribute type 1 has an invalid length.
[ 200.439055][ T6958] netlink: 'syz.1.351': attribute type 6 has an invalid length.
[ 200.612919][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[ 200.623355][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[ 200.864477][ T6964] netlink: 342 bytes leftover after parsing attributes in process `syz.1.353'.
[ 202.065057][ T6960] kexec: Could not allocate control_code_buffer
[ 202.340851][ T6987] raw_sendmsg: syz.0.360 forgot to set AF_INET. Fix it!
[ 202.695330][ T4945] Bluetooth: hci0: unexpected event for opcode 0x7c89
[ 204.798522][ T7013] FAULT_INJECTION: forcing a failure.
[ 204.798522][ T7013] name failslab, interval 1, probability 0, space 0, times 0
[ 204.816541][ T7013] CPU: 1 UID: 0 PID: 7013 Comm: syz.3.368 Not tainted syzkaller #0 PREEMPT(full)
[ 204.816587][ T7013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 204.816606][ T7013] Call Trace:
[ 204.816616][ T7013]
[ 204.816629][ T7013] dump_stack_lvl+0x100/0x190
[ 204.816680][ T7013] should_fail_ex.cold+0x5/0xa
[ 204.816720][ T7013] should_failslab+0xc2/0x120
[ 204.816762][ T7013] __kmalloc_cache_noprof+0x7a/0x6f0
[ 204.816806][ T7013] ? snd_card_file_add+0x52/0x330
[ 204.816855][ T7013] snd_card_file_add+0x52/0x330
[ 204.816902][ T7013] snd_rawmidi_open+0x2c5/0xba0
[ 204.816940][ T7013] ? __pfx_snd_rawmidi_open+0x10/0x10
[ 204.816979][ T7013] ? kobject_get_unless_zero+0x156/0x200
[ 204.817032][ T7013] ? __pfx_snd_rawmidi_open+0x10/0x10
[ 204.817062][ T7013] snd_open+0x201/0x450
[ 204.817105][ T7013] ? __pfx_snd_open+0x10/0x10
[ 204.817145][ T7013] chrdev_open+0x234/0x6a0
[ 204.817184][ T7013] ? __pfx_apparmor_file_open+0x10/0x10
[ 204.817232][ T7013] ? __pfx_chrdev_open+0x10/0x10
[ 204.817273][ T7013] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 204.817322][ T7013] do_dentry_open+0x6d8/0x1660
[ 204.817360][ T7013] ? __pfx_chrdev_open+0x10/0x10
[ 204.817409][ T7013] vfs_open+0x82/0x3f0
[ 204.817458][ T7013] path_openat+0x208c/0x31a0
[ 204.817513][ T7013] ? __pfx_path_openat+0x10/0x10
[ 204.817567][ T7013] do_file_open+0x20e/0x430
[ 204.817609][ T7013] ? __pfx_do_file_open+0x10/0x10
[ 204.817686][ T7013] ? alloc_fd+0x476/0x790
[ 204.817728][ T7013] ? do_getname+0x191/0x390
[ 204.817777][ T7013] do_sys_openat2+0x10d/0x1e0
[ 204.817826][ T7013] ? __pfx_do_sys_openat2+0x10/0x10
[ 204.817874][ T7013] ? __might_fault+0xc5/0x140
[ 204.817930][ T7013] __x64_sys_openat+0x12d/0x210
[ 204.817978][ T7013] ? __pfx___x64_sys_openat+0x10/0x10
[ 204.818034][ T7013] ? rcu_is_watching+0x12/0xc0
[ 204.818077][ T7013] do_syscall_64+0x10b/0xf80
[ 204.818115][ T7013] ? clear_bhb_loop+0x40/0x90
[ 204.818153][ T7013] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 204.818185][ T7013] RIP: 0033:0x7fdc0679cdd9
[ 204.818212][ T7013] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 204.818241][ T7013] RSP: 002b:00007fdc0758c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 204.818270][ T7013] RAX: ffffffffffffffda RBX: 00007fdc06a15fa0 RCX: 00007fdc0679cdd9
[ 204.818289][ T7013] RDX: 000000000000a003 RSI: 0000200000000340 RDI: ffffffffffffff9c
[ 204.818307][ T7013] RBP: 00007fdc06832d69 R08: 0000000000000000 R09: 0000000000000000
[ 204.818327][ T7013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 204.818344][ T7013] R13: 00007fdc06a16038 R14: 00007fdc06a15fa0 R15: 00007ffe8de08e48
[ 204.818387][ T7013]
[ 206.737613][ T7018] kexec: Could not allocate control_code_buffer
[ 206.900599][ T7048] netlink: 21 bytes leftover after parsing attributes in process `syz.3.381'.
[ 206.964315][ T7044] random: crng reseeded on system resumption
[ 210.631955][ T7117] netlink: 25 bytes leftover after parsing attributes in process `syz.1.404'.
[ 210.875116][ T7125] FAULT_INJECTION: forcing a failure.
[ 210.875116][ T7125] name failslab, interval 1, probability 0, space 0, times 0
[ 210.918217][ T7125] CPU: 1 UID: 0 PID: 7125 Comm: syz.1.408 Not tainted syzkaller #0 PREEMPT(full)
[ 210.918257][ T7125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 210.918275][ T7125] Call Trace:
[ 210.918284][ T7125]
[ 210.918296][ T7125] dump_stack_lvl+0x100/0x190
[ 210.918336][ T7125] should_fail_ex.cold+0x5/0xa
[ 210.918375][ T7125] should_failslab+0xc2/0x120
[ 210.918412][ T7125] __kvmalloc_node_noprof+0xfa/0xa00
[ 210.918447][ T7125] ? io_uring_setup.cold+0x171/0x1c6e
[ 210.918492][ T7125] ? lockdep_init_map_type+0x5c/0x250
[ 210.918527][ T7125] io_uring_setup.cold+0x171/0x1c6e
[ 210.918577][ T7125] ? __pfx_io_uring_setup+0x10/0x10
[ 210.918614][ T7125] ? do_futex+0x192/0x350
[ 210.918647][ T7125] ? __pfx_do_futex+0x10/0x10
[ 210.918696][ T7125] ? xfd_validate_state+0x129/0x190
[ 210.918727][ T7125] ? ksys_write+0x1ac/0x250
[ 210.918781][ T7125] __x64_sys_io_uring_setup+0xc2/0x170
[ 210.918819][ T7125] do_syscall_64+0x10b/0xf80
[ 210.918858][ T7125] ? clear_bhb_loop+0x40/0x90
[ 210.918896][ T7125] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 210.918928][ T7125] RIP: 0033:0x7fdddb99cdd9
[ 210.918954][ T7125] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 210.918982][ T7125] RSP: 002b:00007fdddc91a028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 210.919012][ T7125] RAX: ffffffffffffffda RBX: 00007fdddbc15fa0 RCX: 00007fdddb99cdd9
[ 210.919032][ T7125] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a
[ 210.919049][ T7125] RBP: 00007fdddba32d69 R08: 0000000000000000 R09: 0000000000000000
[ 210.919066][ T7125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 210.919084][ T7125] R13: 00007fdddbc16038 R14: 00007fdddbc15fa0 R15: 00007ffe76aa0268
[ 210.919124][ T7125]
[ 212.012043][ T7138] input: j�J�Ǹ-9%vJ86� as /devices/virtual/input/input5
[ 213.076201][ T7165] FAULT_INJECTION: forcing a failure.
[ 213.076201][ T7165] name fail_futex, interval 1, probability 0, space 0, times 1
[ 213.193713][ T7165] CPU: 0 UID: 0 PID: 7165 Comm: syz.1.421 Not tainted syzkaller #0 PREEMPT(full)
[ 213.193757][ T7165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 213.193773][ T7165] Call Trace:
[ 213.193784][ T7165]
[ 213.193801][ T7165] dump_stack_lvl+0x100/0x190
[ 213.193842][ T7165] should_fail_ex.cold+0x5/0xa
[ 213.193881][ T7165] get_futex_key+0x1d2/0x1510
[ 213.193917][ T7165] ? __pfx_get_futex_key+0x10/0x10
[ 213.193963][ T7165] futex_wake+0xea/0x530
[ 213.194003][ T7165] ? rcu_is_watching+0x12/0xc0
[ 213.194041][ T7165] ? __pfx_futex_wake+0x10/0x10
[ 213.194086][ T7165] ? putname+0xb1/0x110
[ 213.194123][ T7165] ? kmem_cache_free+0x127/0x6c0
[ 213.194172][ T7165] do_futex+0x32b/0x350
[ 213.194206][ T7165] ? __pfx_do_futex+0x10/0x10
[ 213.194235][ T7165] ? __pfx_do_sys_openat2+0x10/0x10
[ 213.194293][ T7165] __x64_sys_futex+0x34f/0x4d0
[ 213.194331][ T7165] ? __x64_sys_openat+0x12d/0x210
[ 213.194379][ T7165] ? __pfx___x64_sys_futex+0x10/0x10
[ 213.194413][ T7165] ? ksys_read+0x1ac/0x250
[ 213.194454][ T7165] ? rcu_is_watching+0x12/0xc0
[ 213.194495][ T7165] do_syscall_64+0x10b/0xf80
[ 213.194545][ T7165] ? clear_bhb_loop+0x40/0x90
[ 213.194583][ T7165] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 213.194614][ T7165] RIP: 0033:0x7fdddb99cdd9
[ 213.194641][ T7165] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 213.194669][ T7165] RSP: 002b:00007fdddc91a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 213.194698][ T7165] RAX: ffffffffffffffda RBX: 00007fdddbc15fa8 RCX: 00007fdddb99cdd9
[ 213.194717][ T7165] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdddbc15fac
[ 213.194735][ T7165] RBP: 00007fdddbc15fa0 R08: 0000000000000001 R09: 0000000000000000
[ 213.194752][ T7165] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000
[ 213.194768][ T7165] R13: 00007fdddbc16038 R14: 00007ffe76aa0180 R15: 00007ffe76aa0268
[ 213.194808][ T7165]
[ 213.764691][ T7169] netlink: 'syz.2.423': attribute type 29 has an invalid length.
[ 213.794138][ T7169] netlink: 46 bytes leftover after parsing attributes in process `syz.2.423'.
[ 215.402200][ T7197] binder: 7196:7197 ioctl c0306201 0 returned -14
[ 215.799057][ T7201] netlink: 138 bytes leftover after parsing attributes in process `syz.3.436'.
[ 216.677886][ T7217] FAULT_INJECTION: forcing a failure.
[ 216.677886][ T7217] name failslab, interval 1, probability 0, space 0, times 0
[ 216.730299][ T7217] CPU: 1 UID: 0 PID: 7217 Comm: syz.0.439 Not tainted syzkaller #0 PREEMPT(full)
[ 216.730344][ T7217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 216.730361][ T7217] Call Trace:
[ 216.730371][ T7217]
[ 216.730382][ T7217] dump_stack_lvl+0x100/0x190
[ 216.730423][ T7217] should_fail_ex.cold+0x5/0xa
[ 216.730473][ T7217] should_failslab+0xc2/0x120
[ 216.730511][ T7217] __kmalloc_cache_noprof+0x7a/0x6f0
[ 216.730550][ T7217] ? kernfs_fop_open+0x23d/0xd50
[ 216.730599][ T7217] kernfs_fop_open+0x23d/0xd50
[ 216.730653][ T7217] do_dentry_open+0x6d8/0x1660
[ 216.730688][ T7217] ? __pfx_kernfs_fop_open+0x10/0x10
[ 216.730735][ T7217] vfs_open+0x82/0x3f0
[ 216.730784][ T7217] path_openat+0x208c/0x31a0
[ 216.730834][ T7217] ? __pfx_path_openat+0x10/0x10
[ 216.730886][ T7217] do_file_open+0x20e/0x430
[ 216.730925][ T7217] ? __pfx_do_file_open+0x10/0x10
[ 216.730988][ T7217] ? alloc_fd+0x476/0x790
[ 216.731025][ T7217] ? do_getname+0x191/0x390
[ 216.731068][ T7217] do_sys_openat2+0x10d/0x1e0
[ 216.731115][ T7217] ? __pfx_do_sys_openat2+0x10/0x10
[ 216.731158][ T7217] ? __might_fault+0xc5/0x140
[ 216.731209][ T7217] __x64_sys_openat+0x12d/0x210
[ 216.731251][ T7217] ? __pfx___x64_sys_openat+0x10/0x10
[ 216.731301][ T7217] ? rcu_is_watching+0x12/0xc0
[ 216.731340][ T7217] do_syscall_64+0x10b/0xf80
[ 216.731374][ T7217] ? clear_bhb_loop+0x40/0x90
[ 216.731409][ T7217] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 216.731437][ T7217] RIP: 0033:0x7f659a59cdd9
[ 216.731471][ T7217] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 216.731498][ T7217] RSP: 002b:00007f659b44a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 216.731528][ T7217] RAX: ffffffffffffffda RBX: 00007f659a815fa0 RCX: 00007f659a59cdd9
[ 216.731546][ T7217] RDX: 0000000000149b01 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[ 216.731564][ T7217] RBP: 00007f659a632d69 R08: 0000000000000000 R09: 0000000000000000
[ 216.731582][ T7217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 216.731598][ T7217] R13: 00007f659a816038 R14: 00007f659a815fa0 R15: 00007ffe646566a8
[ 216.731638][ T7217]
[ 219.870390][ T7264] mmap: syz.1.455 (7264) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 220.967306][ T7281] netlink: 186 bytes leftover after parsing attributes in process `syz.3.462'.
[ 220.986786][ T7281] netlink: 186 bytes leftover after parsing attributes in process `syz.3.462'.
[ 221.873483][ T7304] random: crng reseeded on system resumption
[ 223.092253][ T7316] syz.2.471 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
Stopping sshd: stopped /usr/sbin/sshd (pid 5380)
OK
Stopping crond: stopped /usr/sbin/crond (pid 5365)
OK
[ 224.809774][ T7351] Console: switching to colour VGA+ 80x25
[ 224.931253][ T7349] ==================================================================
[ 224.931276][ T7349] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60
[ 224.931324][ T7349] Read of size 26 at addr ffff888075777fea by task syz.0.481/7349
[ 224.931351][ T7349]
[ 224.931366][ T7349] CPU: 1 UID: 0 PID: 7349 Comm: syz.0.481 Not tainted syzkaller #0 PREEMPT(full)
[ 224.931403][ T7349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 224.931421][ T7349] Call Trace:
[ 224.931430][ T7349]
[ 224.931442][ T7349] dump_stack_lvl+0x100/0x190
[ 224.931475][ T7349] print_report+0x13d/0x4b0
[ 224.931517][ T7349] ? __virt_addr_valid+0x239/0x430
[ 224.931568][ T7349] ? fbcon_prepare_logo+0x94e/0xc60
[ 224.931599][ T7349] kasan_report+0xdf/0x1d0
[ 224.931635][ T7349] ? fbcon_prepare_logo+0x94e/0xc60
[ 224.931680][ T7349] kasan_check_range+0x10f/0x1e0
[ 224.931720][ T7349] __asan_memcpy+0x23/0x60
[ 224.931764][ T7349] fbcon_prepare_logo+0x94e/0xc60
[ 224.931803][ T7349] fbcon_init+0x1065/0x1830
[ 224.931839][ T7349] visual_init+0x320/0x620
[ 224.931874][ T7349] do_bind_con_driver.isra.0+0x636/0x9c0
[ 224.931919][ T7349] store_bind+0x609/0x730
[ 224.931962][ T7349] ? __pfx_store_bind+0x10/0x10
[ 224.932005][ T7349] dev_attr_store+0x58/0x80
[ 224.932040][ T7349] ? __pfx_dev_attr_store+0x10/0x10
[ 224.932075][ T7349] sysfs_kf_write+0xf2/0x150
[ 224.932120][ T7349] kernfs_fop_write_iter+0x3e0/0x5f0
[ 224.932159][ T7349] ? __pfx_sysfs_kf_write+0x10/0x10
[ 224.932204][ T7349] vfs_write+0x6ac/0x1070
[ 224.932237][ T7349] ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 224.932280][ T7349] ? __pfx_vfs_write+0x10/0x10
[ 224.932321][ T7349] ksys_write+0x12a/0x250
[ 224.932353][ T7349] ? __pfx_ksys_write+0x10/0x10
[ 224.932388][ T7349] ? rcu_is_watching+0x12/0xc0
[ 224.932424][ T7349] do_syscall_64+0x10b/0xf80
[ 224.932461][ T7349] ? clear_bhb_loop+0x40/0x90
[ 224.932495][ T7349] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 224.932526][ T7349] RIP: 0033:0x7f659a59cdd9
[ 224.932550][ T7349] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 224.932580][ T7349] RSP: 002b:00007f659b44a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 224.932610][ T7349] RAX: ffffffffffffffda RBX: 00007f659a815fa0 RCX: 00007f659a59cdd9
[ 224.932630][ T7349] RDX: 000000000008083a RSI: 00002000000000c0 RDI: 0000000000000002
[ 224.932649][ T7349] RBP: 00007f659a632d69 R08: 0000000000000000 R09: 0000000000000000
[ 224.932667][ T7349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 224.932693][ T7349] R13: 00007f659a816038 R14: 00007f659a815fa0 R15: 00007ffe646566a8
[ 224.932723][ T7349]
[ 224.932735][ T7349]
[ 224.932743][ T7349] Allocated by task 7349:
[ 224.932757][ T7349] kasan_save_stack+0x30/0x50
[ 224.932784][ T7349] kasan_save_track+0x14/0x30
[ 224.932811][ T7349] __kasan_kmalloc+0xaa/0xb0
[ 224.932836][ T7349] drm_atomic_state_alloc+0xb8/0x120
[ 224.932873][ T7349] drm_client_modeset_commit_atomic+0xcc/0x7e0
[ 224.932918][ T7349] drm_client_modeset_commit_locked+0x14d/0x580
[ 224.932962][ T7349] drm_client_modeset_commit+0x4f/0x80
[ 224.933006][ T7349] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160
[ 224.933052][ T7349] drm_fb_helper_set_par+0x15a/0x1b0
[ 224.933091][ T7349] fbcon_init+0x1470/0x1830
[ 224.933120][ T7349] visual_init+0x320/0x620
[ 224.933151][ T7349] do_bind_con_driver.isra.0+0x636/0x9c0
[ 224.933191][ T7349] store_bind+0x609/0x730
[ 224.933227][ T7349] dev_attr_store+0x58/0x80
[ 224.933257][ T7349] sysfs_kf_write+0xf2/0x150
[ 224.933297][ T7349] kernfs_fop_write_iter+0x3e0/0x5f0
[ 224.933333][ T7349] vfs_write+0x6ac/0x1070
[ 224.933363][ T7349] ksys_write+0x12a/0x250
[ 224.933393][ T7349] do_syscall_64+0x10b/0xf80
[ 224.933427][ T7349] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 224.933457][ T7349]
[ 224.933464][ T7349] Freed by task 7349:
[ 224.933477][ T7349] kasan_save_stack+0x30/0x50
[ 224.933504][ T7349] kasan_save_track+0x14/0x30
[ 224.933530][ T7349] kasan_save_free_info+0x3b/0x70
[ 224.933569][ T7349] __kasan_slab_free+0x5f/0x80
[ 224.933596][ T7349] kfree+0x223/0x6c0
[ 224.933633][ T7349] __drm_atomic_state_free+0x25b/0x2f0
[ 224.933681][ T7349] drm_client_modeset_commit_atomic+0x5f3/0x7e0
[ 224.933728][ T7349] drm_client_modeset_commit_locked+0x14d/0x580
[ 224.933775][ T7349] drm_client_modeset_commit+0x4f/0x80
[ 224.933820][ T7349] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160
[ 224.933865][ T7349] drm_fb_helper_set_par+0x15a/0x1b0
[ 224.933903][ T7349] fbcon_init+0x1470/0x1830
[ 224.933931][ T7349] visual_init+0x320/0x620
[ 224.933961][ T7349] do_bind_con_driver.isra.0+0x636/0x9c0
[ 224.934001][ T7349] store_bind+0x609/0x730
[ 224.934036][ T7349] dev_attr_store+0x58/0x80
[ 224.934068][ T7349] sysfs_kf_write+0xf2/0x150
[ 224.934110][ T7349] kernfs_fop_write_iter+0x3e0/0x5f0
[ 224.934149][ T7349] vfs_write+0x6ac/0x1070
[ 224.934178][ T7349] ksys_write+0x12a/0x250
[ 224.934207][ T7349] do_syscall_64+0x10b/0xf80
[ 224.934242][ T7349] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 224.934270][ T7349]
[ 224.934277][ T7349] The buggy address belongs to the object at ffff888075777f00
[ 224.934277][ T7349] which belongs to the cache kmalloc-192 of size 192
[ 224.934301][ T7349] The buggy address is located 42 bytes to the right of
[ 224.934301][ T7349] allocated 192-byte region [ffff888075777f00, ffff888075777fc0)
[ 224.934331][ T7349]
[ 224.934339][ T7349] The buggy address belongs to the physical page:
[ 224.934351][ T7349] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75777
[ 224.934376][ T7349] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 224.934399][ T7349] page_type: f5(slab)
[ 224.934424][ T7349] raw: 00fff00000000000 ffff88813fe2e3c0 dead000000000100 dead000000000122
[ 224.934450][ T7349] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 224.934466][ T7349] page dumped because: kasan: bad access detected
[ 224.934479][ T7349] page_owner tracks the page as allocated
[ 224.934489][ T7349] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5864, tgid 5861 (syz.2.30), ts 124864026840, free_ts 124858531520
[ 224.934537][ T7349] post_alloc_hook+0x153/0x170
[ 224.934579][ T7349] get_page_from_freelist+0x11a6/0x33b0
[ 224.934623][ T7349] __alloc_frozen_pages_noprof+0x27c/0x2bc0
[ 224.934667][ T7349] new_slab+0xa6/0x6c0
[ 224.934711][ T7349] refill_objects+0x277/0x420
[ 224.934750][ T7349] __pcs_replace_empty_main+0x375/0x650
[ 224.934792][ T7349] __kmalloc_cache_noprof+0x493/0x6f0
[ 224.934831][ T7349] snd_virmidi_output_open+0xc4/0x670
[ 224.934868][ T7349] open_substream+0x480/0x9b0
[ 224.934906][ T7349] rawmidi_open_priv+0x595/0x6f0
[ 224.934931][ T7349] snd_rawmidi_open+0x4c9/0xba0
[ 224.934954][ T7349] snd_open+0x201/0x450
[ 224.934986][ T7349] chrdev_open+0x234/0x6a0
[ 224.935016][ T7349] do_dentry_open+0x6d8/0x1660
[ 224.935048][ T7349] vfs_open+0x82/0x3f0
[ 224.935084][ T7349] path_openat+0x208c/0x31a0
[ 224.935117][ T7349] page last free pid 5859 tgid 5859 stack trace:
[ 224.935133][ T7349] __free_frozen_pages+0x747/0x1040
[ 224.935170][ T7349] tlb_finish_mmu+0x27d/0x810
[ 224.935210][ T7349] exit_mmap+0x454/0xa10
[ 224.935243][ T7349] __mmput+0x12a/0x410
[ 224.935278][ T7349] mmput+0x67/0x80
[ 224.935310][ T7349] do_exit+0x833/0x2a60
[ 224.935351][ T7349] do_group_exit+0xd5/0x2a0
[ 224.935394][ T7349] __x64_sys_exit_group+0x3e/0x50
[ 224.935435][ T7349] x64_sys_call+0x102c/0x1530
[ 224.935472][ T7349] do_syscall_64+0x10b/0xf80
[ 224.935506][ T7349] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 224.935535][ T7349]
[ 224.935541][ T7349] Memory state around the buggy address:
[ 224.935554][ T7349] ffff888075777e80: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc
[ 224.935573][ T7349] ffff888075777f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 224.935591][ T7349] >ffff888075777f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 224.935604][ T7349] ^
[ 224.935620][ T7349] ffff888075778000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 224.935640][ T7349] ffff888075778080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 224.935656][ T7349] ==================================================================
[ 224.958155][ T7349] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 224.958183][ T7349] CPU: 1 UID: 0 PID: 7349 Comm: syz.0.481 Not tainted syzkaller #0 PREEMPT(full)
[ 224.958220][ T7349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 224.958239][ T7349] Call Trace:
[ 224.958249][ T7349]
[ 224.958261][ T7349] dump_stack_lvl+0x100/0x190
[ 224.958300][ T7349] vpanic+0x552/0x970
[ 224.958328][ T7349] ? __pfx_vpanic+0x10/0x10
[ 224.958360][ T7349] ? fbcon_prepare_logo+0x94e/0xc60
[ 224.958392][ T7349] panic+0xd1/0xe0
[ 224.958417][ T7349] ? __pfx_panic+0x10/0x10
[ 224.958444][ T7349] ? fbcon_prepare_logo+0x94e/0xc60
[ 224.958473][ T7349] ? preempt_schedule_common+0x42/0xc0
[ 224.958508][ T7349] check_panic_on_warn.cold+0x19/0x34
[ 224.958539][ T7349] end_report.part.0+0x3a/0x90
[ 224.958578][ T7349] kasan_report.cold+0xe/0x18
[ 224.958618][ T7349] ? fbcon_prepare_logo+0x94e/0xc60
[ 224.958654][ T7349] kasan_check_range+0x10f/0x1e0
[ 224.958703][ T7349] __asan_memcpy+0x23/0x60
[ 224.958748][ T7349] fbcon_prepare_logo+0x94e/0xc60
[ 224.958787][ T7349] fbcon_init+0x1065/0x1830
[ 224.958822][ T7349] visual_init+0x320/0x620
[ 224.958857][ T7349] do_bind_con_driver.isra.0+0x636/0x9c0
[ 224.958900][ T7349] store_bind+0x609/0x730
[ 224.958936][ T7349] ? __pfx_store_bind+0x10/0x10
[ 224.958974][ T7349] dev_attr_store+0x58/0x80
[ 224.959010][ T7349] ? __pfx_dev_attr_store+0x10/0x10
[ 224.959043][ T7349] sysfs_kf_write+0xf2/0x150
[ 224.959089][ T7349] kernfs_fop_write_iter+0x3e0/0x5f0
[ 224.959128][ T7349] ? __pfx_sysfs_kf_write+0x10/0x10
[ 224.959175][ T7349] vfs_write+0x6ac/0x1070
[ 224.959208][ T7349] ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 224.959249][ T7349] ? __pfx_vfs_write+0x10/0x10
[ 224.959292][ T7349] ksys_write+0x12a/0x250
[ 224.959325][ T7349] ? __pfx_ksys_write+0x10/0x10
[ 224.959381][ T7349] ? rcu_is_watching+0x12/0xc0
[ 224.959420][ T7349] do_syscall_64+0x10b/0xf80
[ 224.959454][ T7349] ? clear_bhb_loop+0x40/0x90
[ 224.959487][ T7349] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 224.959516][ T7349] RIP: 0033:0x7f659a59cdd9
[ 224.959540][ T7349] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 224.959570][ T7349] RSP: 002b:00007f659b44a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 224.959601][ T7349] RAX: ffffffffffffffda RBX: 00007f659a815fa0 RCX: 00007f659a59cdd9
[ 224.959628][ T7349] RDX: 000000000008083a RSI: 00002000000000c0 RDI: 0000000000000002
[ 224.959648][ T7349] RBP: 00007f659a632d69 R08: 0000000000000000 R09: 0000000000000000
[ 224.959667][ T7349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 224.959695][ T7349] R13: 00007f659a816038 R14: 00007f659a815fa0 R15: 00007ffe646566a8
[ 224.959725][ T7349]
[ 224.960310][ T7349] Kernel Offset: disabled