last executing test programs: 13.589005449s ago: executing program 3 (id=2337): openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) (async, rerun: 64) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) (async, rerun: 64) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc0a02, 0x0) (async, rerun: 64) close_range$auto(0x2, 0x8, 0x0) (rerun: 64) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async) socket(0x10, 0x80000, 0x2) (async, rerun: 32) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x382, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x0, 0x0) sendfile$auto(r0, r0, 0x0, 0x23f) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) r1 = fanotify_init$auto(0x5, 0x2000000000002) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x26, 0x80805, 0x0) (async) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) arch_prctl$auto(0x1021, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) madvise$auto(0x80000001, 0xfffffffbffff0001, 0x15) (async) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) msgctl$auto_IPC_SET(0x8, 0x1, &(0x7f00000005c0)={{0x3b2180, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xfffffff9, 0xffffffff, 0x7}, 0x0, 0x0, 0xbb28, 0x0, 0xc, 0x6, 0xe, 0x0, 0x7, 0x4, @raw=0x9, @inferred=0xffffffffffffffff}) keyctl$auto(0xc6c, r2, 0x0, r3, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) (async) msgget$auto(0xc, 0x77d9) msgrcv$auto(0x0, 0x0, 0xff9, 0xfffffffffffffffc, 0xb4) (async) msgsnd$auto(0x0, &(0x7f0000000000)={0x1, 0x5}, 0x8, 0x9) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000040)={0x8, 0x96, 0x1, 0x6a672db3, 0x10}) 12.544121744s ago: executing program 3 (id=2338): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0xfff, 0x1, 0x4, 0x5, 0x100) mmap$auto(0x0, 0x2020009, 0x3, 0xffff, 0xfffffffffffffffa, 0x400008000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) io_uring_setup$auto(0x59, &(0x7f0000000380)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x7, 0xffffffffffffffff, [0x0, 0x0, 0x4], {0xa, 0x6, 0xf, 0x29f, 0x6, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0xfffffffe}}) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x5, 0x0) creat$auto(&(0x7f0000000000)='./file0\x00', 0x43ff) mmap$auto(0x0, 0x500004, 0x20df, 0x9b74, r0, 0x8000) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) socket(0x11, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/user\x00') fstat$auto(r2, 0x0) ioctl$auto(r1, 0xc040564a, r1) 12.325258005s ago: executing program 3 (id=2339): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/pcm1c/sub5/xrun_injection\x00', 0x82000, 0x0) syz_genetlink_get_family_id$auto_taskstats(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, 0x0, 0x3c8082, 0x0) r0 = getpid() socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/blank\x00', 0xa001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/ifalias\x00', 0x80, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket(0x1d, 0x2, 0x6) socket(0x2, 0x2, 0x1) socket(0x10, 0x2, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/hugetlb.1GB.rsvd.limit_in_bytes\x00', 0xc2481, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/013/001\x00', 0xa101, 0x0) io_uring_setup$auto(0x2, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4, 0x1, 0x20000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) r3 = pidfd_open$auto(r0, 0x0) process_madvise$auto_MADV_COLD(r3, &(0x7f0000000100)={0x0, 0x37e}, 0x1, 0x14, 0x0) process_madvise$auto_MADV_POPULATE_WRITE(r3, &(0x7f00000001c0)={&(0x7f00000000c0)="29adb8cc9d881529cd75d828e5c3329172e0216b1558d14700a679efa5eeff49f0987a51f03d2c2097d2fe515ab80b990ecf36ee1499dae5628bebd8e6c7a57bee697f7babaf55785a99d6315aac76f94306a5fee6a589d0c701558a88c9bffbcffc0780210d46edbbfed6a048fe77943b95929e9e0e1d2fce6029d2cb90b27f2ed41e671909320244f492d8f4455520d86cd668f7e6d2e439cf261d42b0abbf22cf0eb659e8256933d90d506f408380d4526a0112a2c5d35a205615899e97f70e00c9401617012c7e", 0x9}, 0x29701510, 0x17, 0x101) getuid() close_range$auto(0x2, 0x8, 0x0) 11.758444934s ago: executing program 3 (id=2340): r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x40383d0c, 0x0) 11.508401017s ago: executing program 3 (id=2341): clone$auto(0x5, 0xfffffffffffffff8, &(0x7f0000000180)=0x3, &(0x7f00000001c0)=0x72, 0x1) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) socket(0x10, 0x2, 0x0) process_mrelease$auto(0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) socket(0x1d, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x0, 0x100000df, 0xd5a, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0xa0900, 0x0) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) 9.591143813s ago: executing program 3 (id=2347): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/pcm1c/sub5/xrun_injection\x00', 0x82000, 0x0) syz_genetlink_get_family_id$auto_taskstats(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, 0x0, 0x3c8082, 0x0) getuid() close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x9, 0x0, 0xfb3) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_allowed_congestion_control\x00', 0x0, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) setreuid$auto(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xb8, 0x100000000, 0x5, 0x1b, 0x940, 0x1ffdc, 0x3, 0x2000000000000006, 0x2, 0x9, 0x5, 0x2, 0x8001, 0xae, 0x9, 0x922, 0x7, 0x5, 0x5, 0x3, 0xfffffffe, 0x0, 0x200}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0x1, 0xd4, 0x7fffffff, 0x6, 0x0, 0xa89e, 0x3690, 0x2, {0xfffffffc, 0x10000}, 0xa81e, 0x6, 0xffffffffffffffff, 0x1008000, 0x0, 0x80000080000004, 0x84, 0xffffffffffff6291, 0xffff, 0xdeb1, 0x806}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x1c, 0x0) 5.336111419s ago: executing program 1 (id=2361): r0 = openat$auto_bdi_debug_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bdi/43:448/stats\x00', 0x101100, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000400)='/dev/sequencer\x00', 0x2, 0x0) write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000140)="1dca160c9026f371d6e92319763e11da35ec9f0379e2081bff03000000000000882674a5c0acdadb0ee83a0eac2e06dbfb6ff5efc39f8459cf518c93c02cd2ac800540569e21a7b3ee40aad7376b454ba1da11fb04ba54575684455f33e5292d772e78755a02c9eee52a5584ea33ddb13f11a93d6b4e3d4505f00084", 0x7c) read$auto_bdi_debug_stats_fops_(r0, &(0x7f0000000040)=""/129, 0x81) 5.106394582s ago: executing program 2 (id=2363): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0xfff, 0x1, 0x4, 0x5, 0x100) mmap$auto(0x0, 0x2020009, 0x3, 0xffff, 0xfffffffffffffffa, 0x400008000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) io_uring_setup$auto(0x59, &(0x7f0000000380)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x7, 0xffffffffffffffff, [0x0, 0x0, 0x4], {0xa, 0x6, 0xf, 0x29f, 0x6, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0xfffffffe}}) socket$nl_generic(0x10, 0x3, 0x10) fanotify_init$auto(0x5, 0x0) creat$auto(&(0x7f0000000000)='./file0\x00', 0x43ff) mmap$auto(0x0, 0x500004, 0x20df, 0x9b74, r0, 0x8000) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) socket(0x11, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/user\x00') fstat$auto(r2, 0x0) ioctl$auto(r1, 0xc040564a, r1) 4.945504339s ago: executing program 2 (id=2364): clone$auto(0x5, 0xfffffffffffffff8, &(0x7f0000000180)=0x3, &(0x7f00000001c0)=0x72, 0x1) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) socket(0x10, 0x2, 0x0) process_mrelease$auto(0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) socket(0x1d, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x0, 0x100000df, 0xd5a, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0xa0900, 0x0) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) 4.896240875s ago: executing program 1 (id=2365): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r1 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) setsockopt$auto(0x3, 0x84, 0x17, 0x0, 0x27) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) setsockopt$auto(r0, 0x10000000084, 0x23, 0x0, 0x8) r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) r3 = ioctl$auto_TUNSETSNDBUF2(0xffffffffffffffff, 0x400454d4, &(0x7f0000000040)=0x5) ioctl$auto_USBDEVFS_ALLOC_STREAMS(r3, 0x8008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="00800000f1730000a5502a640c67687eb3b1e2d66d86c17c3c40364737f798e199d97b7aa484199ee033f3507fe76d6f967c72fdcd2ac12389b02dad2c713f819aa050b4c0cf29d71755f1eccfe30ac722d033ef2964b10a914e531a7ef9b90dc3657765b0fb589f96c0b1c3ebdf7b4523eb1dcd21ba9055ab282b461e5bceccb23f2dcbf43aff1a309fc437d796a2516159f57003982ba5e2a332c4ff317b0cb8017ccdec92e7c80b3cb70547040a13fc0a117928d14afc"]) ioctl$auto_posix_clock_file_operations_posix_clock(r2, 0x40383d0c, 0x0) 4.050965808s ago: executing program 1 (id=2367): r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmsg$auto_NL802154_CMD_NEW_SEC_LEVEL(r0, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0x1e, 0x5, 0x1, 0x0) r1 = socket(0x11, 0x80003, 0x300) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x8) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x8) lsm_list_modules$auto(0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x3) getsockopt$auto_SO_TYPE(r0, 0x9, 0x3, &(0x7f0000000000)='% <%\x00', &(0x7f0000000040)=0xddd) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, r0, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x201, 0x0) r3 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x20000, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r3, 0x0, 0x0) pwrite64$auto(0xc8, 0x0, 0x10, 0x6) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x100000010, 0x401, 0x300000000000) mmap$auto(0x3, 0x400008, 0x8, 0x9b75, 0x2, 0x9000) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x47ffff7a) mmap$auto(0x40000000, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) 3.810283584s ago: executing program 0 (id=2368): bpf$auto(0xfffff001, &(0x7f0000000000)=@bpf_attr_3={0xa332, 0x2, 0x7, 0x3, 0xfffffbff, 0x2, 0x1, 0x4, 0x7, "0108a5172d53c2dc73bf58e1423b2178", 0x0, 0x9, 0xffffffffffffffff, 0x81, 0x8, 0x81, 0xb03, 0x0, 0x3ff, 0x7, @attach_prog_fd, 0x2, 0x630, 0x57d, 0x9, 0x8}, 0xa3) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer2\x00', 0xc0000, 0x0) clock_gettime$auto(0xa, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) listen$auto(0x3, 0xfffffffa) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xdff1, 0xfffffffffffffffd, 0xd4, 0xffffffffffffffc0, 0x6, 0x0, 0x80009, 0x1, 0x2, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x8, 0x5, 0x29a, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = fcntl$getown(0xffffffffffffffff, 0x9) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r1, 0x4, 0x7ff) ptrace$auto_PTRACE_SET_THREAD_AREA(0x1a, r1, 0x4, 0x8) setpgid$auto(r0, r1) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) mmap$auto(0x0, 0x4009, 0xb0b, 0x8000000008011, r2, 0xfffffffffffffffc) ftruncate$auto(0x3, 0x700) io_uring_setup$auto(0x6, 0x0) get_mempolicy$auto(0xfffffffffffffffe, 0x0, 0x3, 0x1ff, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/fib_triestat\x00', 0x0, 0x0) pread64$auto(r3, &(0x7f0000000040)='veth1\x00', 0xb, 0x9) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000002800)={0x0, 0x0, &(0x7f00000027c0)={&(0x7f0000000080)=ANY=[@ANYRES16, @ANYBLOB="09032abd7000fedbdf2519000000ec368213f06aa8a8b51b4ccc92e9ed13af5af1eee391f6d38af705a2fe4da72b344306304a51181ae2142ba447bf54f7299861c7caeccbc58d3ba7f1ddc08c20018ac1db9bb8d4ff9253be5b427d0209208b5699706a9a8e08c15b003bc0d1bf47f3be63c34c06deed199962dc786db00beafda6982e6bda659f80fe128bc7a00861d059f67700000000d423634ce0dfbf6f57afce6437bda09d3b0aa7beda3d68854510ba2e02536365c8be2bbe9a175b39ff07a2aa278d02f21e0bfd199dd5d7d3c38810d06008581aa1142ce846e84630b9dab0637d937f12e381cf293100ddce1d8e433920aee81e4d"], 0x14}, 0x1, 0x0, 0x0, 0x48800}, 0x0) sendmsg$auto_NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, 0x0, 0x8, 0x70bd2b, 0x25dfdbff, {}, [@NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0xfd}, @NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x2c, 0xffffff6a}, @NL802154_ATTR_SCAN_DONE_REASON={0x5, 0x25, 0x8}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x1) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001}, 0x4}, 0x3b8b, 0xd) 3.552772256s ago: executing program 1 (id=2369): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/ip6tnl0/statistics/rx_bytes\x00', 0x0, 0x0) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x2, 0x8, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/82, 0x52) 3.396626807s ago: executing program 2 (id=2371): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) (async) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000002180)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_VPORT_CMD_DEL(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="fc000000", @ANYRES16=0x0, @ANYBLOB="00042abd7000fcdbdf2502000000cd000500cb3f34beaa653f03d04786bb51bba8b4f0c5439e97f620771116bc51c8dd729a6bed05429f40b40415f89fc63302d70427e6511150fe9f8c770da1c271dac475ef9e2de0c67a3830bb8eb3e6656e48cb93a64484d0799434ea0e1a159d24e25bf602d065008b74b460ef8f5e3fbad7acd6ffea52f2fe23bc0145cb46bfdb5a95cc63f94b69c4b83204192893a0f3afb31abb1c46ec0ff8d16384409913e03f6ec5dc1052aa0f36d04c036878ed98e6425da157030206e0633be039e5bfd00d447fcba54f12d243718293668aad58a208a64420a92c7d28c61e23eb4c000000080002000e0000000f0003002f6465"], 0xfc}, 0x1, 0x0, 0x0, 0x4000000}, 0x8815) ioctl$auto___SNDRV_PCM_IOCTL_SYNC_PTR64(r0, 0xc0884123, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty58\x00', 0x40000, 0x0) 3.14539862s ago: executing program 0 (id=2372): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram4\x00', 0xa2feb34e2b64b729, 0x0) mknodat$auto(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8) ioctl$auto_BLKRRPART(r0, 0x125f, 0x0) 2.989995431s ago: executing program 2 (id=2373): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0xfff, 0x1, 0x4, 0x5, 0x100) mmap$auto(0x0, 0x2020009, 0x3, 0xffff, 0xfffffffffffffffa, 0x400008000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) io_uring_setup$auto(0x59, &(0x7f0000000380)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x7, 0xffffffffffffffff, [0x0, 0x0, 0x4], {0xa, 0x6, 0xf, 0x29f, 0x6, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0xfffffffe}}) socket$nl_generic(0x10, 0x3, 0x10) fanotify_init$auto(0x5, 0x0) creat$auto(&(0x7f0000000000)='./file0\x00', 0x43ff) mmap$auto(0x0, 0x500004, 0x20df, 0x9b74, r0, 0x8000) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) socket(0x11, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/user\x00') fstat$auto(r2, 0x0) ioctl$auto(r1, 0xc040564a, r1) 2.988961769s ago: executing program 1 (id=2374): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x8, 0xdf, 0x8010, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open_tree$auto(0x6, 0x0, 0x101) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) sendmsg$auto_NL80211_CMD_STOP_NAN(0xffffffffffffffff, 0x0, 0x815) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) ioprio_set$auto(0x3, 0x0, 0x4b34) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) ioctl$auto_RTC_PIE_ON(0xffffffffffffffff, 0x7005, 0x0) readv$auto(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x4}, 0x5) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x29, 0x2, 0x0) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), r1) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) sendfile$auto(0x6, 0x3, 0x0, 0xfffffdef) r2 = openat$auto_proc_oom_score_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_score_adj\x00', 0x142, 0x0) write$auto(r2, &(0x7f00000002c0)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x96l\x9ao\xcf\xeeZBl\xadD\xd4\xc3|]\xcb\x96\x9c\xd06J~$\n\xef\xa7\"\x83\xab\'r\xf7m\x83\xcc\xe3\xeb\xc0\x9b\xc7z\x10\xe1\x19\x7ff\'\xbe7R\xd8\x1bl\x12\xc0]\x06\xd7.\xc2\xcf\xf6f\x12kh\xcfb\xf7\xe3\xee\x18\x1d^\x17i\x02\f\'\xa0&\x82\xcf\xc5\x80\xf4GA\x9e\x1fD\xd5\xfd\xf6\x9aB\x865\x9c3\xe4\x94\f\xdf\xe8\xe68\xbd\xad\x86\xa4\x931\x058C:\xd9\xdfaG\xa5Q\x19\xd4 \xff\xe6\xa1\x94{kR9\xd5\x8e\xa7-\\\x94M\xf4\xf2\xab\xed\xd7\x00\xd3h\anidA4\xf2[r\xb5\xd4z\x03E\x13\x8d7,f\xcbg\x86+LL0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r3, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000021700)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.939947864s ago: executing program 0 (id=2375): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/renderD128\x00', 0x80000, 0x0) (async) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/renderD128\x00', 0x80000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) poll$auto(&(0x7f0000000380)={r0, 0x8, 0x8}, 0x0, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x40002, 0x0) (async) r2 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x40002, 0x0) ioctl$auto_RTC_ALM_READ(r2, 0x541b, 0x0) capget$auto(0x0, 0xfffffffffffffffe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop3\x00', 0x18dd01, 0x0) (async) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop3\x00', 0x18dd01, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r3, 0x4c0a, 0x0) ioctl$auto_COMEDI_INSN(r1, 0x802864d1, 0x0) 2.719975199s ago: executing program 0 (id=2376): rseq$auto(&(0x7f0000000300)={0xe, 0x4, 0xfffffffffffffffc, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) (async) mmap$auto(0x80200000003, 0x20009, 0xdf, 0x10, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) (async) r0 = epoll_create$auto(0x7) (async) socket(0xa, 0x1, 0x84) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x0) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64) clone$auto(0x801fd, 0x3, 0x0, 0x0, 0x15) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) (async) syz_clone(0x1044000, &(0x7f0000000100)="a5151e09e412d8232208d0511817683a0833a8e21595d517e516a360344d90d268ecb3a002899cd0dcf0cb1d74813ee321802a43963d9c336e9d660ec93b785deee24354235f2e02044fcf6528aa11256307b94936ecb10fff1828a7cacbfaef07e91426de1aeed9ff624a2f0f8cacd0887a1986e6b3a4272f8ac50462df8780fd161c5da89bce8a7204c81614424e20e7753f63fcac1dc2ae5b1b5a0da2c79a7a6ccc4535b18fda56c6b79baf7d223a66dabbee39e9519617627746b3b42d877d9cb710754fe3b9677272718dce8542df1f07a29773a0bb61bd8394118776b78ecdb1", 0xe3, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)="7ccac99690919b3e") mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x10000000000008, 0x6) (async) socket(0x23, 0x5, 0x1001) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) ioperm$auto(0x800, 0x5, 0xd) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r1, 0x0, 0x8010) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x1}, 0x8) (async) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x3) (async, rerun: 64) iopl$auto(0x3) (rerun: 64) 2.436400534s ago: executing program 0 (id=2377): socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async) socket(0x2, 0x3, 0x100) bpf$auto(0xfffffffe, &(0x7f00000001c0)=@query={@target_fd, 0x8, 0x3, 0x6, 0xff, @count=0xe35c, 0x0, 0x5, 0x6, 0x6, 0xffffffff}, 0x6f2) (async) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) (async) r0 = getpid() prctl$auto(0x3e, 0x1, r0, 0x1, 0x0) r1 = socket(0x10, 0x2, 0x4) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01002bbd7000ffdbdf2542000000"], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x4001090) (async) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) (async) sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, 0x0, 0x4041) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) (async) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, r2, 0x4000807c) (async) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r3 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r3, 0x107, 0x5, 0x0, 0x8004) mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) (async) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) (async) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82, 0x0) sendfile$auto(r4, r4, 0x0, 0x5) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x408440, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pts/ptmx\x00', 0x8900, 0x0) (async) write$auto(0x3, 0x0, 0x5c8) (async) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x401bf, 0x7352, 0x43, 0x65c, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x5, 0x4, 0x3000, 0x9, 0x6, 0x10003, 0x83, 0x4, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) 1.802832703s ago: executing program 1 (id=2378): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/pcm1c/sub5/xrun_injection\x00', 0x82000, 0x0) syz_genetlink_get_family_id$auto_taskstats(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, 0x0, 0x3c8082, 0x0) getuid() close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x9, 0x0, 0xfb3) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_allowed_congestion_control\x00', 0x0, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) setreuid$auto(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xb8, 0x100000000, 0x5, 0x1b, 0x940, 0x1ffdc, 0x3, 0x2000000000000006, 0x2, 0x9, 0x5, 0x2, 0x8001, 0xae, 0x9, 0x922, 0x7, 0x5, 0x5, 0x3, 0xfffffffe, 0x0, 0x200}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0x1, 0xd4, 0x7fffffff, 0x6, 0x0, 0xa89e, 0x3690, 0x2, {0xfffffffc, 0x10000}, 0xa81e, 0x6, 0xffffffffffffffff, 0x1008000, 0x0, 0x80000080000004, 0x84, 0xffffffffffff6291, 0xffff, 0xdeb1, 0x806}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x1c, 0x0) 1.684044035s ago: executing program 0 (id=2379): clone$auto(0x5, 0xfffffffffffffff8, &(0x7f0000000180)=0x3, &(0x7f00000001c0)=0x72, 0x1) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) socket(0x10, 0x2, 0x0) process_mrelease$auto(0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) socket(0x1d, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x0, 0x100000df, 0xd5a, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0xa0900, 0x0) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) 1.683733588s ago: executing program 2 (id=2380): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vbi29\x00', 0x1c9240, 0x0) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vbi29\x00', 0x1c9240, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x9}, 0x3) r0 = socket(0x11, 0x3, 0x9) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x2001, 0x0) (async) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x2001, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0xf423, 0x28000) (async) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0xf423, 0x28000) io_uring_setup$auto(0x3ff, 0x0) write$auto(0x3, 0x0, 0xffd8) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x80002, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x80002, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xc008ae09, 0x0) (async) ioctl$auto_KVM_CREATE_VM(r1, 0xc008ae09, 0x0) pwrite64$auto(0xc8, &(0x7f0000000200)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\x00^\x0fo\x97\xfc\x89\v\xea\xc2\x95\xafQ;C>\x15L\x90\xad\xa4\x1648W\t\x00\x00\x00\x00\x00\x00\xff\xffX\xb9_\xdd\xa6\xa2E\xd8?\'\x8dg\x81h*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&%`_[\xde\x7f\xde8\xf7\xc1\x94\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\xee\xa9\x0eX\x01\xa3g\xba\x9cc\x90\xe3\xae\xa9\xde\x00\x00\x00B\xb4\xf2&\x00\xe2\xead\xd0\"\x16\x84v\n\xcdN\xb6\xa4\xe0\xb7e\x97 ?\xb5\xa1E=t\x96\xbd\xfd\xc5\xebn\xb7\n\xc2\xbc\xa2\xa8\x04#\x84\xa7R|\xed\x8f\x03\x01\x10wLT\vay\x12\xb63\x9e\a\x8e\xbd\x18y<\xb3\v\x14\x82\x97&\xfcm\x86\x10o\xdc\xf3x\xfd\x06\x87t\xb9$\x94,f\x9b0\xcd\xd3\r\xb1e\'\x19\xc1\xe7>*\xad\xa5+\xa8\x1c\x88\xa1\x0e[\x99\xb6LKZ\x9e\r\xd0r\xe2Ct\xc1\x99\x1b/\xc5P.aUdq\x97\x94\xb9\xa8qU\xae*g\x86\xc9\xa4\xe7\n\vh-v\"o.\xbf6\x13\tFK\x8e\xc6&&\x13\x81\x00\x8c7PS\x9c\xa3\xfb\x1d\xa9\x98\xd47\n\xa7\xd1\x10\xb3i\xd2\xa8\x18f\xb3K\x9b\x9b\x8c\xe8\x84\xa3,5-\xd6\xae\xbd\x1d\xf2o\x99\x02\x1azw9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\bl\x042\x935\x9e\xeeH\x87\xda\x10\x8f^1\x89L`\xf4[\x06\xf6\xc7\xd0#\xdb\xb1\\\xc3\xb1\xb8\xe8\xde2\xbb\xf8I\x9c\x17KI\x8c\f\x1d\xaa\xa0\xdb\xc7\x9e\x81\x90CTe\xfa\x8dq&\x17\x908\xc9T\xffm\x930\x1d\x91\xf8|t\xfd\x18\xd5\xb0\xcbH\xa7\xb6T\n\x11%\xba\x16o\r\xf6\x90k\xfb\a\xa1\x15\x0e\xe1\xce0Q\xd0\x00\xc1\x1a\x1f\xaa8\xfbo)rtYK\"c\xe2c\xbeM\x9bT\x05\xf3\xccC\x8c\x00\xdf\x8c\x1b+\xca\x80', 0x84, 0xe83) (async) pwrite64$auto(0xc8, &(0x7f0000000200)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\x00^\x0fo\x97\xfc\x89\v\xea\xc2\x95\xafQ;C>\x15L\x90\xad\xa4\x1648W\t\x00\x00\x00\x00\x00\x00\xff\xffX\xb9_\xdd\xa6\xa2E\xd8?\'\x8dg\x81h*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&%`_[\xde\x7f\xde8\xf7\xc1\x94\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\xee\xa9\x0eX\x01\xa3g\xba\x9cc\x90\xe3\xae\xa9\xde\x00\x00\x00B\xb4\xf2&\x00\xe2\xead\xd0\"\x16\x84v\n\xcdN\xb6\xa4\xe0\xb7e\x97 ?\xb5\xa1E=t\x96\xbd\xfd\xc5\xebn\xb7\n\xc2\xbc\xa2\xa8\x04#\x84\xa7R|\xed\x8f\x03\x01\x10wLT\vay\x12\xb63\x9e\a\x8e\xbd\x18y<\xb3\v\x14\x82\x97&\xfcm\x86\x10o\xdc\xf3x\xfd\x06\x87t\xb9$\x94,f\x9b0\xcd\xd3\r\xb1e\'\x19\xc1\xe7>*\xad\xa5+\xa8\x1c\x88\xa1\x0e[\x99\xb6LKZ\x9e\r\xd0r\xe2Ct\xc1\x99\x1b/\xc5P.aUdq\x97\x94\xb9\xa8qU\xae*g\x86\xc9\xa4\xe7\n\vh-v\"o.\xbf6\x13\tFK\x8e\xc6&&\x13\x81\x00\x8c7PS\x9c\xa3\xfb\x1d\xa9\x98\xd47\n\xa7\xd1\x10\xb3i\xd2\xa8\x18f\xb3K\x9b\x9b\x8c\xe8\x84\xa3,5-\xd6\xae\xbd\x1d\xf2o\x99\x02\x1azw9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\bl\x042\x935\x9e\xeeH\x87\xda\x10\x8f^1\x89L`\xf4[\x06\xf6\xc7\xd0#\xdb\xb1\\\xc3\xb1\xb8\xe8\xde2\xbb\xf8I\x9c\x17KI\x8c\f\x1d\xaa\xa0\xdb\xc7\x9e\x81\x90CTe\xfa\x8dq&\x17\x908\xc9T\xffm\x930\x1d\x91\xf8|t\xfd\x18\xd5\xb0\xcbH\xa7\xb6T\n\x11%\xba\x16o\r\xf6\x90k\xfb\a\xa1\x15\x0e\xe1\xce0Q\xd0\x00\xc1\x1a\x1f\xaa8\xfbo)rtYK\"c\xe2c\xbeM\x9bT\x05\xf3\xccC\x8c\x00\xdf\x8c\x1b+\xca\x80', 0x84, 0xe83) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5a8, &(0x7f0000000100)={&(0x7f0000000080), 0x49}, 0x3, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') (async) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) ioperm$auto(0xaff6, 0xe, 0x991b) (async) ioperm$auto(0xaff6, 0xe, 0x991b) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev0\x00', 0x0, 0x0) ioctl$auto(0x3, 0xc0305615, 0x38) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, 0x0) mmap$auto(0x0, 0x4, 0x14000000000df, 0x40eb2, r3, 0x300000000000) ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f0000000180)="5ed7a263919335a74ea221891d55abf598b1858f5958ff680af0d192156b6d7c8f1a0b65fef24c0ca4fe9f53a3bf0e5b3fdd57ee2142b83bc64b0d5c5dad136b5393a7c39495de8650007533b0f34ebdbd777dc3da18ee62bcff2be1a85e23eed8f2cf7df2928f21d34e748074382a48ce06121d4261c187499269df84d699efa22aec12ec53a0b9c2c9e850f02076d8b455fd70d31894e33cda0158e3ba19b819cd527280319da311675289a3ae06a6392f03c8609e8914c88b1aba71a7133ae79f7b06ffbca9004295e81f3ccda0d1976cbe166f516e31f453f8b1d81405c7101510d365c546") getdents$auto(r2, 0x0, 0x400018) ioctl$auto(0x3, 0x4020565a, 0x38) 0s ago: executing program 2 (id=2381): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xf, 0x3, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2164, 0x8000000000000000, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x6, 0x400008, 0xe2, 0x9b72, r0, 0x8000) close_range$auto(0x2, 0xa, 0x0) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bond0\x00'}) socketpair$auto(0x1, 0x3, 0x8000000000000000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video38\x00', 0x16b000, 0x0) ioctl$auto(r4, 0xc0445624, r4) close_range$auto(0x2, 0x8, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x1, 0x9) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f0000000440)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4bde4c30b530ac6ebbff950e1a647d6a08a1b55dde5a409b72", 0x3a) r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r6, 0x5522, 0xf15) ioctl$auto_USBDEVFS_ALLOW_SUSPEND(r6, 0x5522, 0x0) sendto$auto(0xffffffffffffffff, 0x0, 0x401, 0x101, 0x0, 0x1c) kernel console output (not intermixed with test programs): d blocking state [ 87.435458][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.442706][ T5842] bridge_slave_0: entered allmulticast mode [ 87.450926][ T5842] bridge_slave_0: entered promiscuous mode [ 87.499138][ T5846] team0: Port device team_slave_0 added [ 87.505442][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.512685][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.520341][ T5842] bridge_slave_1: entered allmulticast mode [ 87.527840][ T5842] bridge_slave_1: entered promiscuous mode [ 87.550408][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.563052][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.587316][ T5846] team0: Port device team_slave_1 added [ 87.595762][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.643286][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.661431][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.697338][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.704501][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.730915][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.759924][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.771667][ T5835] team0: Port device team_slave_0 added [ 87.778708][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.786531][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.813221][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.873652][ T5835] team0: Port device team_slave_1 added [ 87.897306][ T5838] team0: Port device team_slave_0 added [ 87.918601][ T5842] team0: Port device team_slave_0 added [ 87.957045][ T5838] team0: Port device team_slave_1 added [ 87.963533][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.970777][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.997397][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.011076][ T5842] team0: Port device team_slave_1 added [ 88.023372][ T5846] hsr_slave_0: entered promiscuous mode [ 88.029860][ T5846] hsr_slave_1: entered promiscuous mode [ 88.062576][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.069573][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.096085][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.139919][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.146972][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.173362][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.186126][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.193072][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.219402][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.232518][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.239609][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.266783][ T5839] Bluetooth: hci3: command tx timeout [ 88.266820][ T5841] Bluetooth: hci1: command tx timeout [ 88.272286][ T5844] Bluetooth: hci2: command tx timeout [ 88.277942][ T5845] Bluetooth: hci0: command tx timeout [ 88.278254][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.330413][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.337459][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.363931][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.395563][ T5835] hsr_slave_0: entered promiscuous mode [ 88.402049][ T5835] hsr_slave_1: entered promiscuous mode [ 88.408403][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.416448][ T5835] Cannot create hsr debugfs directory [ 88.504537][ T5838] hsr_slave_0: entered promiscuous mode [ 88.511161][ T5838] hsr_slave_1: entered promiscuous mode [ 88.517739][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.525552][ T5838] Cannot create hsr debugfs directory [ 88.631383][ T5842] hsr_slave_0: entered promiscuous mode [ 88.639246][ T5842] hsr_slave_1: entered promiscuous mode [ 88.645722][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.653297][ T5842] Cannot create hsr debugfs directory [ 89.000144][ T5846] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.014828][ T5846] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.049832][ T5846] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.082965][ T5846] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.118651][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.129952][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.143516][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.168938][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.251707][ T5838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.262252][ T5838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.284864][ T5838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.296878][ T5838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.411730][ T5842] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.432150][ T5842] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.457850][ T5842] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.469397][ T5842] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.486460][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.546245][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.571850][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.587739][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.594991][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.615293][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.622391][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.677124][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.733294][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.742094][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.749264][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.761376][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.768644][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.822035][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.843574][ T1333] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.850748][ T1333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.882649][ T1333] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.889801][ T1333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.982306][ T5838] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 89.993514][ T5838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.061420][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.130855][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.163464][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.170669][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.256893][ T1333] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.264179][ T1333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.334539][ T5844] Bluetooth: hci1: command tx timeout [ 90.340043][ T5844] Bluetooth: hci0: command tx timeout [ 90.347788][ T5839] Bluetooth: hci2: command tx timeout [ 90.347806][ T5841] Bluetooth: hci3: command tx timeout [ 90.403582][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.420472][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.486172][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.551040][ T5835] veth0_vlan: entered promiscuous mode [ 90.604280][ T5835] veth1_vlan: entered promiscuous mode [ 90.636338][ T5846] veth0_vlan: entered promiscuous mode [ 90.666328][ T5838] veth0_vlan: entered promiscuous mode [ 90.683167][ T5846] veth1_vlan: entered promiscuous mode [ 90.704120][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.720399][ T5838] veth1_vlan: entered promiscuous mode [ 90.789730][ T5835] veth0_macvtap: entered promiscuous mode [ 90.799660][ T5846] veth0_macvtap: entered promiscuous mode [ 90.813372][ T5835] veth1_macvtap: entered promiscuous mode [ 90.828722][ T5846] veth1_macvtap: entered promiscuous mode [ 90.849984][ T5842] veth0_vlan: entered promiscuous mode [ 90.878555][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.893497][ T5842] veth1_vlan: entered promiscuous mode [ 90.907537][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.916344][ T5838] veth0_macvtap: entered promiscuous mode [ 90.936573][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.949457][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.961113][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.971383][ T5838] veth1_macvtap: entered promiscuous mode [ 90.991608][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.002616][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.015148][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.023151][ T5835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.032022][ T5835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.042733][ T5835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.051509][ T5835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.070055][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.080850][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.091971][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.104964][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.115958][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.132131][ T5846] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.142568][ T5846] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.152632][ T5846] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.161518][ T5846] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.177066][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.187681][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.197552][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.209083][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.221064][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.239523][ T5838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.248593][ T5838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.258630][ T5838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.267614][ T5838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.312951][ T5842] veth0_macvtap: entered promiscuous mode [ 91.337122][ T5842] veth1_macvtap: entered promiscuous mode [ 91.451231][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.463315][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.473616][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.484527][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.494904][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.505422][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.516705][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.527795][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.528462][ T1333] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.540992][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.547556][ T1333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.567379][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.577928][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.587932][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.598423][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.609629][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.650291][ T5842] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.659225][ T5842] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.668422][ T5842] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.677193][ T5842] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.689602][ T1333] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.698680][ T1333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.774467][ T4136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.782315][ T4136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.852471][ T4136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.863892][ T4136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.875694][ T1333] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.883538][ T1333] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.976508][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.993841][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.091635][ T4136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.115239][ T4136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.166553][ T5838] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.224571][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.232417][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.417182][ T5841] Bluetooth: hci0: command tx timeout [ 92.418939][ T5845] Bluetooth: hci2: command tx timeout [ 92.422602][ T5844] Bluetooth: hci1: command tx timeout [ 92.428991][ T5845] Bluetooth: hci3: command tx timeout [ 92.877783][ T5915] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 92.899900][ T5915] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1'. [ 92.916001][ T5915] Zero length message leads to an empty skb [ 94.448549][ T5937] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9'. [ 94.494126][ T5845] Bluetooth: hci1: command tx timeout [ 94.494204][ T5844] Bluetooth: hci0: command tx timeout [ 94.499549][ T5845] Bluetooth: hci2: command tx timeout [ 94.504971][ T5841] Bluetooth: hci3: command tx timeout [ 94.994258][ T5937] bond0: (slave bond_slave_0): Releasing backup interface [ 95.465380][ T5941] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10'. [ 95.474537][ T5941] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 95.523466][ T5941] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 95.827444][ T5945] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 95.883390][ T5945] netlink: 'syz.1.12': attribute type 1 has an invalid length. [ 95.901641][ T5945] netlink: 33 bytes leftover after parsing attributes in process `syz.1.12'. [ 95.956151][ T5949] capability: warning: `syz.3.13' uses 32-bit capabilities (legacy support in use) [ 96.100551][ T5950] device-mapper: ioctl: device name cannot contain '/' [ 96.253584][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.663301][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 96.672603][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.814730][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 96.868200][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 96.877512][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.895727][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 96.950955][ T849] cfg80211: failed to load regulatory.db [ 97.296955][ T5962] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 97.726080][ T5971] nbd: couldn't find device at index 33904 [ 98.948683][ T5982] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 99.158585][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.167641][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.308402][ T5992] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 100.003252][ T5998] netlink: 'syz.0.24': attribute type 1 has an invalid length. [ 100.024355][ T5998] netlink: 33 bytes leftover after parsing attributes in process `syz.0.24'. [ 100.144749][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.563381][ T5999] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input8 [ 103.576100][ T6050] netlink: 12 bytes leftover after parsing attributes in process `syz.3.34'. [ 105.344081][ T6082] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 105.344081][ T6082] The task syz.2.41 (6082) triggered the difference, watch for misbehavior. [ 105.424955][ T6080] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input9 [ 105.694167][ T6093] openvswitch: netlink: nsh attribute has 2 unknown bytes. [ 107.382149][ T6108] netlink: 8 bytes leftover after parsing attributes in process `syz.0.46'. [ 107.649888][ T6111] netlink: 28 bytes leftover after parsing attributes in process `syz.2.47'. [ 107.858931][ T6113] mmap: syz.1.48 (6113) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 108.097871][ T6120] netlink: 'syz.3.50': attribute type 1 has an invalid length. [ 108.117604][ T6120] netlink: 33 bytes leftover after parsing attributes in process `syz.3.50'. [ 108.613801][ T30] audit: type=1800 audit(1744552659.707:2): pid=6129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.51" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 109.466342][ T6140] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(5) [ 109.901503][ T6139] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.068303][ T6146] FAULT_INJECTION: forcing a failure. [ 110.068303][ T6146] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 110.119106][ T6146] CPU: 1 UID: 0 PID: 6146 Comm: syz.1.54 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 110.119144][ T6146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 110.119160][ T6146] Call Trace: [ 110.119171][ T6146] [ 110.119186][ T6146] dump_stack_lvl+0x16c/0x1f0 [ 110.119232][ T6146] should_fail_ex+0x512/0x640 [ 110.119270][ T6146] should_fail_alloc_page+0xe7/0x130 [ 110.119299][ T6146] prepare_alloc_pages+0x3c2/0x610 [ 110.119339][ T6146] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 110.119390][ T6146] ? do_raw_spin_lock+0x12c/0x2b0 [ 110.119423][ T6146] ? find_held_lock+0x2b/0x80 [ 110.119462][ T6146] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 110.119502][ T6146] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 110.119539][ T6146] ? lockdep_hardirqs_on+0x7c/0x110 [ 110.119584][ T6146] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 110.119621][ T6146] ? stack_depot_save_flags+0x3e6/0xa50 [ 110.119662][ T6146] ? kasan_save_stack+0x42/0x60 [ 110.119701][ T6146] ? kasan_save_stack+0x33/0x60 [ 110.119740][ T6146] ? kasan_save_track+0x14/0x30 [ 110.119778][ T6146] ? __kasan_slab_alloc+0x89/0x90 [ 110.119817][ T6146] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 110.119857][ T6146] ? alloc_vmap_area+0x613/0x2970 [ 110.119884][ T6146] ? __get_vm_area_node+0x1a7/0x300 [ 110.119915][ T6146] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 110.119950][ T6146] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 110.119981][ T6146] ? policy_nodemask+0xea/0x4e0 [ 110.120028][ T6146] alloc_pages_mpol+0x1fb/0x550 [ 110.120055][ T6146] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 110.120091][ T6146] alloc_pages_noprof+0x131/0x390 [ 110.120118][ T6146] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 110.120155][ T6146] get_free_pages_noprof+0xc/0x40 [ 110.120182][ T6146] kasan_populate_vmalloc_pte+0x2d/0x160 [ 110.120221][ T6146] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 110.120259][ T6146] __apply_to_page_range+0x5f9/0xd30 [ 110.120296][ T6146] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 110.120341][ T6146] ? __pfx___apply_to_page_range+0x10/0x10 [ 110.120376][ T6146] ? alloc_vmap_area+0x872/0x2970 [ 110.120412][ T6146] alloc_vmap_area+0x919/0x2970 [ 110.120457][ T6146] ? __pfx_alloc_vmap_area+0x10/0x10 [ 110.120498][ T6146] __get_vm_area_node+0x1a7/0x300 [ 110.120538][ T6146] __vmalloc_node_range_noprof+0x277/0x1540 [ 110.120583][ T6146] ? htab_map_alloc+0x456/0x1540 [ 110.120621][ T6146] ? find_held_lock+0x2b/0x80 [ 110.120656][ T6146] ? htab_map_alloc+0x456/0x1540 [ 110.120686][ T6146] ? pcpu_memcg_post_alloc_hook+0x1e/0x740 [ 110.120733][ T6146] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 110.120768][ T6146] ? pcpu_alloc_noprof+0x1f5/0x1470 [ 110.120817][ T6146] ? htab_map_alloc+0x456/0x1540 [ 110.120846][ T6146] __bpf_map_area_alloc+0xeb/0x190 [ 110.120880][ T6146] ? htab_map_alloc+0x456/0x1540 [ 110.120910][ T6146] htab_map_alloc+0x456/0x1540 [ 110.120942][ T6146] ? bpf_lsm_capable+0x9/0x10 [ 110.120987][ T6146] ? ns_capable+0xd7/0x110 [ 110.121024][ T6146] map_create+0x58f/0x1db0 [ 110.121064][ T6146] ? __pfx_map_create+0x10/0x10 [ 110.121089][ T6146] ? __might_fault+0xe3/0x190 [ 110.121129][ T6146] ? __might_fault+0xe3/0x190 [ 110.121168][ T6146] ? __might_fault+0x13b/0x190 [ 110.121222][ T6146] __sys_bpf+0x47cc/0x4d80 [ 110.121250][ T6146] ? __pfx_futex_wake+0x10/0x10 [ 110.121279][ T6146] ? __pfx___sys_bpf+0x10/0x10 [ 110.121307][ T6146] ? kmem_cache_free+0x2d4/0x4d0 [ 110.121345][ T6146] ? find_held_lock+0x2b/0x80 [ 110.121377][ T6146] ? putname+0x154/0x1a0 [ 110.121402][ T6146] ? do_sys_openat2+0x1b0/0x1d0 [ 110.121435][ T6146] ? do_futex+0x122/0x350 [ 110.121474][ T6146] ? __pfx_do_futex+0x10/0x10 [ 110.121528][ T6146] ? xfd_validate_state+0x5d/0x180 [ 110.121561][ T6146] ? rcu_is_watching+0x12/0xc0 [ 110.121608][ T6146] __x64_sys_bpf+0x78/0xc0 [ 110.121640][ T6146] ? lockdep_hardirqs_on+0x7c/0x110 [ 110.121680][ T6146] do_syscall_64+0xcd/0x260 [ 110.121731][ T6146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.121759][ T6146] RIP: 0033:0x7f044978d169 [ 110.121781][ T6146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.121808][ T6146] RSP: 002b:00007f044a536038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 110.121834][ T6146] RAX: ffffffffffffffda RBX: 00007f04499a5fa0 RCX: 00007f044978d169 [ 110.121851][ T6146] RDX: 00000000000006f3 RSI: 00002000000011c0 RDI: 0000000000000000 [ 110.121866][ T6146] RBP: 00007f044980e990 R08: 0000000000000000 R09: 0000000000000000 [ 110.121881][ T6146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.121895][ T6146] R13: 0000000000000000 R14: 00007f04499a5fa0 R15: 00007ffc88b35f98 [ 110.121927][ T6146] [ 110.618182][ T6147] FAULT_INJECTION: forcing a failure. [ 110.618182][ T6147] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 110.631513][ T6147] CPU: 1 UID: 0 PID: 6147 Comm: syz.0.55 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 110.631552][ T6147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 110.631570][ T6147] Call Trace: [ 110.631580][ T6147] [ 110.631591][ T6147] dump_stack_lvl+0x16c/0x1f0 [ 110.631639][ T6147] should_fail_ex+0x512/0x640 [ 110.631678][ T6147] _copy_from_user+0x2e/0xd0 [ 110.631715][ T6147] memdup_user_nul+0x6c/0x120 [ 110.631748][ T6147] subsystem_filter_write+0x6a/0x120 [ 110.631803][ T6147] vfs_write+0x25c/0x1180 [ 110.631841][ T6147] ? __pfx_subsystem_filter_write+0x10/0x10 [ 110.631891][ T6147] ? __pfx___mutex_lock+0x10/0x10 [ 110.631935][ T6147] ? __pfx_vfs_write+0x10/0x10 [ 110.631986][ T6147] ? __fget_files+0x20e/0x3c0 [ 110.632039][ T6147] ksys_write+0x12a/0x240 [ 110.632079][ T6147] ? __pfx_ksys_write+0x10/0x10 [ 110.632117][ T6147] ? rcu_is_watching+0x12/0xc0 [ 110.632164][ T6147] do_syscall_64+0xcd/0x260 [ 110.632211][ T6147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.632240][ T6147] RIP: 0033:0x7f5e3038d169 [ 110.632264][ T6147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.632291][ T6147] RSP: 002b:00007f5e311c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 110.632319][ T6147] RAX: ffffffffffffffda RBX: 00007f5e305a6080 RCX: 00007f5e3038d169 [ 110.632356][ T6147] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000007 [ 110.632373][ T6147] RBP: 00007f5e3040e990 R08: 0000000000000000 R09: 0000000000000000 [ 110.632391][ T6147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.632408][ T6147] R13: 0000000000000000 R14: 00007f5e305a6080 R15: 00007ffd31689e28 [ 110.632446][ T6147] [ 111.479880][ T6159] device-mapper: ioctl: device name cannot contain '/' [ 111.899113][ T6167] device-mapper: ioctl: device name cannot contain '/' [ 112.360388][ T6176] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7fc3d60e7 pfn:0x78800 [ 112.399710][ T6176] flags: 0xfff08000000014(referenced|dirty|node=0|zone=1|lastcpupid=0x7ff) [ 112.430164][ T6176] raw: 00fff08000000014 0000000000000000 dead000000000122 0000000000000000 [ 112.474980][ T6176] raw: 00000007fc3d60e7 0000000000000000 00000001ffffffff 0000000000000000 [ 112.483643][ T6176] page dumped because: unmovable page [ 112.513996][ T6176] page_owner tracks the page as allocated [ 112.519890][ T6176] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5833, tgid 5833 (syz-executor), ts 85707169135, free_ts 85289140105 [ 112.599722][ T6176] post_alloc_hook+0x181/0x1b0 [ 112.614472][ T6176] get_page_from_freelist+0x1193/0x39b0 [ 112.631386][ T6176] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 112.654232][ T6176] alloc_pages_mpol+0x1fb/0x550 [ 112.659129][ T6176] alloc_pages_noprof+0x131/0x390 [ 112.690568][ T6176] __vmalloc_node_range_noprof+0x732/0x1540 [ 112.700672][ T6176] vmalloc_user_noprof+0x6b/0x90 [ 112.726336][ T6176] kcov_ioctl+0x4c/0x730 [ 112.733401][ T6176] __x64_sys_ioctl+0x190/0x200 [ 112.833843][ T6176] do_syscall_64+0xcd/0x260 [ 112.838464][ T6176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.860646][ T6176] page last free pid 5826 tgid 5826 stack trace: [ 112.903755][ T6176] free_unref_folios+0x999/0x1630 [ 112.913804][ T6176] folios_put_refs+0x56f/0x740 [ 112.918626][ T6176] free_pages_and_swap_cache+0x245/0x4a0 [ 112.931939][ T6176] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 112.943817][ T6176] tlb_finish_mmu+0x168/0x7b0 [ 112.950416][ T6176] vms_clear_ptes+0x55e/0x770 [ 112.982397][ T6176] vms_complete_munmap_vmas+0x1ca/0x970 [ 113.011898][ T6176] do_vmi_align_munmap+0x43b/0x7d0 [ 113.029407][ T6176] do_vmi_munmap+0x208/0x3e0 [ 113.043575][ T6176] __vm_munmap+0x19a/0x390 [ 113.060823][ T6176] __x64_sys_munmap+0x59/0x80 [ 113.066653][ T6176] do_syscall_64+0xcd/0x260 [ 113.071344][ T6176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.526562][ T6194] [U]  [ 113.529556][ T6194] [U] [ 113.532257][ T6194] [U] [ 113.534995][ T6194] [U] [ 113.590066][ T6194] [U] [ 113.592826][ T6194] [U] [ 113.595556][ T6194] [U] [ 113.598304][ T6194] [U] [ 113.659409][ T6194] [U] [ 113.662209][ T6194] [U] [ 113.664961][ T6194] [U] [ 113.667699][ T6194] [U] [ 113.705470][ T6194] [U] [ 113.708254][ T6194] [U] [ 113.710997][ T6194] [U] [ 113.713731][ T6194] [U] [ 113.738508][ T6194] [U] [ 113.741264][ T6194] [U] [ 113.743995][ T6194] [U] [ 113.746731][ T6194] [U] [ 113.856911][ T6194] [U] [ 113.859649][ T6194] [U] [ 113.862371][ T6194] [U] [ 113.865083][ T6194] [U] [ 113.934921][ T6194] [U] [ 113.937710][ T6194] [U] [ 113.940446][ T6194] [U] [ 113.943173][ T6194] [U] [ 113.964351][ T6194] [U] [ 113.967072][ T6194] [U] [ 113.969780][ T6194] [U] [ 113.972480][ T6194] [U] [ 114.029260][ T6194] [U] [ 114.032031][ T6194] [U] [ 114.034779][ T6194] [U] [ 114.037527][ T6194] [U] [ 114.249352][ T6194] [U] [ 114.252141][ T6194] [U] [ 114.254890][ T6194] [U] [ 114.257629][ T6194] [U] [ 114.385453][ T6194] [U] [ 114.388193][ T6194] [U] [ 114.390907][ T6194] [U] [ 114.393624][ T6194] [U] [ 114.464539][ T6194] [U] [ 114.467297][ T6194] [U] [ 114.470027][ T6194] [U] [ 114.472754][ T6194] [U] [ 114.475802][ T6194] [U] [ 114.478557][ T6194] [U] [ 114.481299][ T6194] [U] [ 114.484029][ T6194] [U] [ 114.488641][ T6194] [U] [ 114.491399][ T6194] [U] [ 114.494161][ T6194] [U] [ 114.496885][ T6194] [U] [ 114.499889][ T6194] [U] [ 114.502641][ T6194] [U] [ 114.505387][ T6194] [U] [ 114.508130][ T6194] [U] [ 114.511099][ T6194] [U] [ 114.513843][ T6194] [U] [ 114.516577][ T6194] [U] [ 114.519314][ T6194] [U] [ 114.522380][ T6194] [U] [ 114.525146][ T6194] [U] [ 114.527908][ T6194] [U] [ 114.530660][ T6194] [U] [ 114.534128][ T6194] [U] [ 114.536875][ T6194] [U] [ 114.539622][ T6194] [U] [ 114.542367][ T6194] [U] [ 114.553976][ T6194] [U] [ 114.556716][ T6194] [U] [ 114.559436][ T6194] [U] [ 114.562142][ T6194] [U] [ 114.573976][ T6194] [U] [ 114.576694][ T6194] [U] [ 114.579430][ T6194] [U] [ 114.582196][ T6194] [U] [ 114.632851][ T6194] [U] [ 114.635621][ T6194] [U] [ 114.638374][ T6194] [U] [ 114.641122][ T6194] [U] [ 114.669223][ T6194] [U] [ 115.095977][ T6211] FAULT_INJECTION: forcing a failure. [ 115.095977][ T6211] name failslab, interval 1, probability 0, space 0, times 1 [ 115.179533][ T6211] CPU: 0 UID: 0 PID: 6211 Comm: syz.2.68 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 115.179570][ T6211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 115.179586][ T6211] Call Trace: [ 115.179595][ T6211] [ 115.179605][ T6211] dump_stack_lvl+0x16c/0x1f0 [ 115.179649][ T6211] should_fail_ex+0x512/0x640 [ 115.179680][ T6211] ? fs_reclaim_acquire+0xae/0x150 [ 115.179716][ T6211] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 115.179755][ T6211] should_failslab+0xc2/0x120 [ 115.179780][ T6211] __kmalloc_noprof+0xd2/0x510 [ 115.179832][ T6211] tomoyo_realpath_from_path+0xc2/0x6e0 [ 115.179882][ T6211] tomoyo_check_open_permission+0x2ab/0x3c0 [ 115.179917][ T6211] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 115.179986][ T6211] ? find_held_lock+0x2b/0x80 [ 115.180032][ T6211] tomoyo_file_open+0x6b/0x90 [ 115.180077][ T6211] security_file_open+0x84/0x1e0 [ 115.180114][ T6211] do_dentry_open+0x596/0x1c10 [ 115.180170][ T6211] vfs_open+0x82/0x3f0 [ 115.180204][ T6211] path_openat+0x1e5e/0x2d40 [ 115.180255][ T6211] ? __pfx_path_openat+0x10/0x10 [ 115.180307][ T6211] do_filp_open+0x20b/0x470 [ 115.180356][ T6211] ? __pfx_do_filp_open+0x10/0x10 [ 115.180425][ T6211] ? alloc_fd+0x471/0x7d0 [ 115.180475][ T6211] do_sys_openat2+0x11b/0x1d0 [ 115.180502][ T6211] ? __pfx_do_sys_openat2+0x10/0x10 [ 115.180532][ T6211] ? find_held_lock+0x2b/0x80 [ 115.180576][ T6211] __x64_sys_openat+0x174/0x210 [ 115.180607][ T6211] ? __pfx___x64_sys_openat+0x10/0x10 [ 115.180637][ T6211] ? rcu_is_watching+0x12/0xc0 [ 115.180681][ T6211] do_syscall_64+0xcd/0x260 [ 115.180725][ T6211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.180752][ T6211] RIP: 0033:0x7f41c898d169 [ 115.180774][ T6211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.180801][ T6211] RSP: 002b:00007f41c9720038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 115.180826][ T6211] RAX: ffffffffffffffda RBX: 00007f41c8ba6080 RCX: 00007f41c898d169 [ 115.180844][ T6211] RDX: 0000000000109041 RSI: 0000200000007380 RDI: ffffffffffffff9c [ 115.180861][ T6211] RBP: 00007f41c8a0e990 R08: 0000000000000000 R09: 0000000000000000 [ 115.180877][ T6211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.180893][ T6211] R13: 0000000000000000 R14: 00007f41c8ba6080 R15: 00007fff3222e368 [ 115.180929][ T6211] [ 115.424963][ T6211] ERROR: Out of memory at tomoyo_realpath_from_path. [ 116.066405][ T6234] sd 0:0:1:0: PR command failed: 1026 [ 116.071862][ T6234] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 116.143864][ T6234] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 117.044989][ T6244] bridge0: port 3(bond0) entered blocking state [ 117.051379][ T6244] bridge0: port 3(bond0) entered disabled state [ 117.078410][ T6244] bond0: entered allmulticast mode [ 117.115164][ T6244] bond_slave_1: entered allmulticast mode [ 117.133654][ T6244] bond0: entered promiscuous mode [ 117.147038][ T6244] bond_slave_1: entered promiscuous mode [ 117.163400][ T6244] bridge0: port 3(bond0) entered blocking state [ 117.169937][ T6244] bridge0: port 3(bond0) entered forwarding state [ 117.683535][ T30] audit: type=1800 audit(6039519964.792:3): pid=6256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.78" name="file0" dev="tmpfs" ino=133 res=0 errno=0 [ 117.686741][ T6255] syz.2.77 uses obsolete (PF_INET,SOCK_PACKET) [ 119.613582][ T6309] device-mapper: ioctl: device name cannot contain '/' [ 120.588299][ T6333] netlink: 'syz.2.96': attribute type 8 has an invalid length. [ 121.065514][ T6346] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 121.175428][ T6348] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.202742][ T6346] netlink: 338 bytes leftover after parsing attributes in process `syz.1.101'. [ 121.212728][ T6351] netlink: 338 bytes leftover after parsing attributes in process `syz.1.101'. [ 121.271428][ T6344] delete_channel: no stack [ 121.297334][ T6344] delete_channel: no stack [ 121.895615][ T6364] netlink: 28 bytes leftover after parsing attributes in process `syz.1.104'. [ 122.010203][ T6364] bond0: (slave bond_slave_0): Releasing backup interface [ 123.138379][ T6392] FAULT_INJECTION: forcing a failure. [ 123.138379][ T6392] name failslab, interval 1, probability 0, space 0, times 0 [ 123.187649][ T6392] CPU: 0 UID: 0 PID: 6392 Comm: syz.0.112 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 123.187710][ T6392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 123.187730][ T6392] Call Trace: [ 123.187741][ T6392] [ 123.187754][ T6392] dump_stack_lvl+0x16c/0x1f0 [ 123.187806][ T6392] should_fail_ex+0x512/0x640 [ 123.187842][ T6392] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 123.187897][ T6392] should_failslab+0xc2/0x120 [ 123.187928][ T6392] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 123.187977][ T6392] ? __sock_create+0x335/0x8d0 [ 123.188006][ T6392] ? __sys_socket+0x14d/0x260 [ 123.188035][ T6392] ? __d_alloc+0x31/0xaa0 [ 123.188071][ T6392] __d_alloc+0x31/0xaa0 [ 123.188105][ T6392] d_alloc_pseudo+0x1c/0xc0 [ 123.188143][ T6392] alloc_file_pseudo+0xcf/0x230 [ 123.188184][ T6392] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 123.188219][ T6392] ? alloc_fd+0x471/0x7d0 [ 123.188271][ T6392] sock_alloc_file+0x50/0x210 [ 123.188319][ T6392] __sys_socket+0x1c0/0x260 [ 123.188351][ T6392] ? __pfx___sys_socket+0x10/0x10 [ 123.188384][ T6392] ? rcu_is_watching+0x12/0xc0 [ 123.188432][ T6392] __x64_sys_socket+0x72/0xb0 [ 123.188461][ T6392] ? lockdep_hardirqs_on+0x7c/0x110 [ 123.188515][ T6392] do_syscall_64+0xcd/0x260 [ 123.188567][ T6392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.188600][ T6392] RIP: 0033:0x7f5e3038d169 [ 123.188626][ T6392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.188656][ T6392] RSP: 002b:00007f5e311e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 123.188687][ T6392] RAX: ffffffffffffffda RBX: 00007f5e305a5fa0 RCX: 00007f5e3038d169 [ 123.188708][ T6392] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 000000000000002b [ 123.188727][ T6392] RBP: 00007f5e3040e990 R08: 0000000000000000 R09: 0000000000000000 [ 123.188746][ T6392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.188765][ T6392] R13: 0000000000000000 R14: 00007f5e305a5fa0 R15: 00007ffd31689e28 [ 123.188815][ T6392] [ 123.777054][ T6402] FAULT_INJECTION: forcing a failure. [ 123.777054][ T6402] name failslab, interval 1, probability 0, space 0, times 0 [ 123.777104][ T6402] CPU: 0 UID: 0 PID: 6402 Comm: syz.1.115 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 123.777139][ T6402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 123.777156][ T6402] Call Trace: [ 123.777165][ T6402] [ 123.777176][ T6402] dump_stack_lvl+0x16c/0x1f0 [ 123.777224][ T6402] should_fail_ex+0x512/0x640 [ 123.777257][ T6402] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 123.777302][ T6402] should_failslab+0xc2/0x120 [ 123.777330][ T6402] __kmalloc_cache_noprof+0x6a/0x3e0 [ 123.777372][ T6402] ? device_add+0xccc/0x1a70 [ 123.777408][ T6402] device_add+0xccc/0x1a70 [ 123.777448][ T6402] ? rcu_is_watching+0x12/0xc0 [ 123.777486][ T6402] ? __pfx_device_add+0x10/0x10 [ 123.777532][ T6402] device_create_groups_vargs+0x1f8/0x270 [ 123.777572][ T6402] device_create+0xed/0x130 [ 123.777606][ T6402] ? __pfx_device_create+0x10/0x10 [ 123.777637][ T6402] ? do_raw_spin_lock+0x12c/0x2b0 [ 123.777690][ T6402] ? is_console_locked+0x9/0x20 [ 123.777737][ T6402] ? con_is_visible+0x65/0x150 [ 123.777778][ T6402] ? csi_J+0x54a/0xad0 [ 123.777836][ T6402] vcs_make_sysfs+0x32/0x80 [ 123.777881][ T6402] vc_allocate+0x501/0x880 [ 123.777932][ T6402] ? __pfx_vc_allocate+0x10/0x10 [ 123.777996][ T6402] con_install+0xa1/0x600 [ 123.778051][ T6402] ? __pfx_con_install+0x10/0x10 [ 123.778110][ T6402] ? __pfx_con_install+0x10/0x10 [ 123.778163][ T6402] tty_init_dev.part.0+0x99/0x500 [ 123.778200][ T6402] tty_open+0xa50/0xf90 [ 123.778240][ T6402] ? __pfx_tty_open+0x10/0x10 [ 123.778273][ T6402] ? chrdev_open+0x58c/0x6a0 [ 123.778329][ T6402] ? __pfx_tty_open+0x10/0x10 [ 123.778361][ T6402] chrdev_open+0x231/0x6a0 [ 123.778413][ T6402] ? __pfx_chrdev_open+0x10/0x10 [ 123.778476][ T6402] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 123.778530][ T6402] do_dentry_open+0x741/0x1c10 [ 123.778577][ T6402] ? __pfx_chrdev_open+0x10/0x10 [ 123.778637][ T6402] vfs_open+0x82/0x3f0 [ 123.778676][ T6402] path_openat+0x1e5e/0x2d40 [ 123.778741][ T6402] ? __pfx_path_openat+0x10/0x10 [ 123.778803][ T6402] do_filp_open+0x20b/0x470 [ 123.778865][ T6402] ? __pfx_do_filp_open+0x10/0x10 [ 123.778955][ T6402] ? alloc_fd+0x471/0x7d0 [ 123.779009][ T6402] do_sys_openat2+0x11b/0x1d0 [ 123.779040][ T6402] ? __pfx_do_sys_openat2+0x10/0x10 [ 123.779087][ T6402] __x64_sys_openat+0x174/0x210 [ 123.779119][ T6402] ? __pfx___x64_sys_openat+0x10/0x10 [ 123.779154][ T6402] ? rcu_is_watching+0x12/0xc0 [ 123.779203][ T6402] do_syscall_64+0xcd/0x260 [ 123.779250][ T6402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.779280][ T6402] RIP: 0033:0x7f044978d169 [ 123.779302][ T6402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.779330][ T6402] RSP: 002b:00007f044a536038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 123.779357][ T6402] RAX: ffffffffffffffda RBX: 00007f04499a5fa0 RCX: 00007f044978d169 [ 123.779376][ T6402] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 123.779394][ T6402] RBP: 00007f044980e990 R08: 0000000000000000 R09: 0000000000000000 [ 123.779411][ T6402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.779427][ T6402] R13: 0000000000000000 R14: 00007f04499a5fa0 R15: 00007ffc88b35f98 [ 123.779473][ T6402] [ 125.091178][ T6402] tty tty17: ldisc open failed (-12), clearing slot 16 [ 125.415252][ T6419] netlink: 12 bytes leftover after parsing attributes in process `syz.3.118'. [ 125.572182][ T6439] process 'syz.2.123' launched '/dev/fd/3' with NULL argv: empty string added [ 125.705595][ T6442] FAULT_INJECTION: forcing a failure. [ 125.705595][ T6442] name failslab, interval 1, probability 0, space 0, times 0 [ 125.784983][ T6442] CPU: 0 UID: 0 PID: 6442 Comm: syz.2.123 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 125.785024][ T6442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 125.785040][ T6442] Call Trace: [ 125.785048][ T6442] [ 125.785058][ T6442] dump_stack_lvl+0x16c/0x1f0 [ 125.785105][ T6442] should_fail_ex+0x512/0x640 [ 125.785137][ T6442] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 125.785179][ T6442] should_failslab+0xc2/0x120 [ 125.785202][ T6442] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 125.785240][ T6442] ? find_held_lock+0x2b/0x80 [ 125.785270][ T6442] ? __d_alloc+0x31/0xaa0 [ 125.785297][ T6442] __d_alloc+0x31/0xaa0 [ 125.785323][ T6442] d_alloc+0x4a/0x1e0 [ 125.785347][ T6442] d_alloc_parallel+0xe3/0x12e0 [ 125.785389][ T6442] ? __pfx_d_alloc_parallel+0x10/0x10 [ 125.785422][ T6442] ? lockdep_init_map_type+0x5c/0x280 [ 125.785446][ T6442] ? lockdep_init_map_type+0x5c/0x280 [ 125.785474][ T6442] __lookup_slow+0x193/0x460 [ 125.785504][ T6442] ? __pfx___lookup_slow+0x10/0x10 [ 125.785535][ T6442] ? kfree_rcu_monitor+0xe0/0x2f0 [ 125.785581][ T6442] ? kfree_rcu_monitor+0xe0/0x2f0 [ 125.785622][ T6442] ? d_lookup+0xe7/0x190 [ 125.785660][ T6442] lookup_one_len+0x17f/0x1b0 [ 125.785690][ T6442] ? __pfx_lookup_one_len+0x10/0x10 [ 125.785724][ T6442] ? mntput+0x10/0x90 [ 125.785762][ T6442] start_creating.part.0+0x12f/0x3a0 [ 125.785803][ T6442] debugfs_create_dir+0x6c/0x5f0 [ 125.785846][ T6442] ptp_open+0x307/0x520 [ 125.785888][ T6442] ? __pfx_ptp_open+0x10/0x10 [ 125.785932][ T6442] ? __pfx_ptp_open+0x10/0x10 [ 125.785967][ T6442] posix_clock_open+0x178/0x290 [ 125.786014][ T6442] ? __pfx_posix_clock_open+0x10/0x10 [ 125.786052][ T6442] chrdev_open+0x231/0x6a0 [ 125.786093][ T6442] ? __pfx_apparmor_file_open+0x10/0x10 [ 125.786128][ T6442] ? __pfx_chrdev_open+0x10/0x10 [ 125.786173][ T6442] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 125.786218][ T6442] do_dentry_open+0x741/0x1c10 [ 125.786257][ T6442] ? __pfx_chrdev_open+0x10/0x10 [ 125.786300][ T6442] vfs_open+0x82/0x3f0 [ 125.786326][ T6442] path_openat+0x1e5e/0x2d40 [ 125.786370][ T6442] ? __pfx_path_openat+0x10/0x10 [ 125.786410][ T6442] do_filp_open+0x20b/0x470 [ 125.786444][ T6442] ? __pfx_do_filp_open+0x10/0x10 [ 125.786497][ T6442] ? alloc_fd+0x471/0x7d0 [ 125.786537][ T6442] do_sys_openat2+0x11b/0x1d0 [ 125.786560][ T6442] ? __pfx_do_sys_openat2+0x10/0x10 [ 125.786595][ T6442] __x64_sys_openat+0x174/0x210 [ 125.786619][ T6442] ? __pfx___x64_sys_openat+0x10/0x10 [ 125.786645][ T6442] ? rcu_is_watching+0x12/0xc0 [ 125.786681][ T6442] do_syscall_64+0xcd/0x260 [ 125.786717][ T6442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.786739][ T6442] RIP: 0033:0x7f41c898d169 [ 125.786757][ T6442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.786778][ T6442] RSP: 002b:00007f41c9720038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 125.786799][ T6442] RAX: ffffffffffffffda RBX: 00007f41c8ba6080 RCX: 00007f41c898d169 [ 125.786813][ T6442] RDX: 0000000000000440 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 125.786827][ T6442] RBP: 00007f41c8a0e990 R08: 0000000000000000 R09: 0000000000000000 [ 125.786840][ T6442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.786858][ T6442] R13: 0000000000000000 R14: 00007f41c8ba6080 R15: 00007fff3222e368 [ 125.786886][ T6442] [ 131.918969][ T6558] netlink: 28 bytes leftover after parsing attributes in process `syz.3.158'. [ 131.943392][ T6568] netlink: 186 bytes leftover after parsing attributes in process `syz.1.161'. [ 132.115058][ T6558] bond0: (slave bond_slave_0): Releasing backup interface [ 132.245212][ T6575] FAULT_INJECTION: forcing a failure. [ 132.245212][ T6575] name failslab, interval 1, probability 0, space 0, times 0 [ 132.274150][ T6575] CPU: 0 UID: 0 PID: 6575 Comm: syz.2.162 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 132.274185][ T6575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 132.274200][ T6575] Call Trace: [ 132.274208][ T6575] [ 132.274218][ T6575] dump_stack_lvl+0x16c/0x1f0 [ 132.274260][ T6575] should_fail_ex+0x512/0x640 [ 132.274290][ T6575] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 132.274335][ T6575] should_failslab+0xc2/0x120 [ 132.274359][ T6575] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 132.274408][ T6575] ? security_file_alloc+0x34/0x2b0 [ 132.274448][ T6575] security_file_alloc+0x34/0x2b0 [ 132.274484][ T6575] init_file+0x93/0x4c0 [ 132.274511][ T6575] alloc_empty_file+0x73/0x1e0 [ 132.274541][ T6575] alloc_file_pseudo+0x13a/0x230 [ 132.274573][ T6575] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 132.274605][ T6575] ? hugetlbfs_get_inode+0x31f/0x730 [ 132.274642][ T6575] hugetlb_file_setup+0x4cd/0x620 [ 132.274679][ T6575] ksys_mmap_pgoff+0x189/0x5c0 [ 132.274711][ T6575] ? rcu_is_watching+0x12/0xc0 [ 132.274767][ T6575] __x64_sys_mmap+0x125/0x190 [ 132.274805][ T6575] do_syscall_64+0xcd/0x260 [ 132.274861][ T6575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.274888][ T6575] RIP: 0033:0x7f41c898d169 [ 132.274908][ T6575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.274933][ T6575] RSP: 002b:00007f41c9741038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 132.274957][ T6575] RAX: ffffffffffffffda RBX: 00007f41c8ba5fa0 RCX: 00007f41c898d169 [ 132.274974][ T6575] RDX: 00004000000000e3 RSI: 0000000000200004 RDI: 0000000000000000 [ 132.274990][ T6575] RBP: 00007f41c8a0e990 R08: 000000000000000d R09: 0000300000000000 [ 132.275006][ T6575] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 132.275020][ T6575] R13: 0000000000000000 R14: 00007f41c8ba5fa0 R15: 00007fff3222e368 [ 132.275053][ T6575] [ 132.728943][ T6578] netlink: 8 bytes leftover after parsing attributes in process `syz.3.164'. [ 133.136359][ T5845] Bluetooth: hci1: Malformed HCI Event: 0x22 [ 133.607443][ T6592] Invalid ELF header magic: != ELF [ 133.765881][ T5845] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 136.820505][ T6651] FAULT_INJECTION: forcing a failure. [ 136.820505][ T6651] name failslab, interval 1, probability 0, space 0, times 0 [ 136.852713][ T6651] CPU: 0 UID: 0 PID: 6651 Comm: syz.3.181 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 136.852747][ T6651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 136.852761][ T6651] Call Trace: [ 136.852769][ T6651] [ 136.852778][ T6651] dump_stack_lvl+0x16c/0x1f0 [ 136.852818][ T6651] should_fail_ex+0x512/0x640 [ 136.852844][ T6651] ? fs_reclaim_acquire+0xae/0x150 [ 136.852875][ T6651] ? tomoyo_encode2+0x100/0x3e0 [ 136.852906][ T6651] should_failslab+0xc2/0x120 [ 136.852937][ T6651] __kmalloc_noprof+0xd2/0x510 [ 136.852979][ T6651] tomoyo_encode2+0x100/0x3e0 [ 136.853015][ T6651] tomoyo_encode+0x29/0x50 [ 136.853044][ T6651] tomoyo_realpath_from_path+0x18f/0x6e0 [ 136.853085][ T6651] tomoyo_check_open_permission+0x2ab/0x3c0 [ 136.853114][ T6651] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 136.853171][ T6651] ? do_raw_spin_lock+0x12c/0x2b0 [ 136.853212][ T6651] tomoyo_file_open+0x6b/0x90 [ 136.853255][ T6651] security_file_open+0x84/0x1e0 [ 136.853291][ T6651] do_dentry_open+0x596/0x1c10 [ 136.853340][ T6651] vfs_open+0x82/0x3f0 [ 136.853374][ T6651] path_openat+0x1e5e/0x2d40 [ 136.853425][ T6651] ? __pfx_path_openat+0x10/0x10 [ 136.853475][ T6651] do_filp_open+0x20b/0x470 [ 136.853515][ T6651] ? __pfx_do_filp_open+0x10/0x10 [ 136.853578][ T6651] ? alloc_fd+0x471/0x7d0 [ 136.853647][ T6651] do_sys_openat2+0x11b/0x1d0 [ 136.853677][ T6651] ? __pfx_do_sys_openat2+0x10/0x10 [ 136.853721][ T6651] __x64_sys_openat+0x174/0x210 [ 136.853751][ T6651] ? __pfx___x64_sys_openat+0x10/0x10 [ 136.853785][ T6651] ? rcu_is_watching+0x12/0xc0 [ 136.853833][ T6651] do_syscall_64+0xcd/0x260 [ 136.853881][ T6651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.853911][ T6651] RIP: 0033:0x7f9a6178d169 [ 136.853941][ T6651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.853970][ T6651] RSP: 002b:00007f9a6264d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 136.854008][ T6651] RAX: ffffffffffffffda RBX: 00007f9a619a5fa0 RCX: 00007f9a6178d169 [ 136.854026][ T6651] RDX: 0000000000008000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 136.854042][ T6651] RBP: 00007f9a6180e990 R08: 0000000000000000 R09: 0000000000000000 [ 136.854058][ T6651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.854074][ T6651] R13: 0000000000000000 R14: 00007f9a619a5fa0 R15: 00007ffff7d0d588 [ 136.854109][ T6651] [ 137.158007][ T6651] ERROR: Out of memory at tomoyo_realpath_from_path. [ 137.214922][ T30] audit: type=1800 audit(6039519992.286:4): pid=6651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.181" name="members" dev="configfs" ino=10474 res=0 errno=0 [ 137.439141][ T6658] Ignoring unsupported numa_zonelist_order value: [ 137.439141][ T6658] [ 137.762408][ T6667] FAULT_INJECTION: forcing a failure. [ 137.762408][ T6667] name failslab, interval 1, probability 0, space 0, times 0 [ 137.833909][ T6667] CPU: 0 UID: 0 PID: 6667 Comm: syz.3.184 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 137.833948][ T6667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 137.833964][ T6667] Call Trace: [ 137.833973][ T6667] [ 137.833982][ T6667] dump_stack_lvl+0x16c/0x1f0 [ 137.834036][ T6667] should_fail_ex+0x512/0x640 [ 137.834068][ T6667] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 137.834115][ T6667] should_failslab+0xc2/0x120 [ 137.834142][ T6667] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 137.834184][ T6667] ? __pfx_gid_cmp+0x10/0x10 [ 137.834208][ T6667] ? prepare_creds+0x2c/0x7d0 [ 137.834242][ T6667] prepare_creds+0x2c/0x7d0 [ 137.834275][ T6667] set_current_groups+0x15/0xd0 [ 137.834304][ T6667] __do_sys_setgroups+0x3db/0x4e0 [ 137.834339][ T6667] do_syscall_64+0xcd/0x260 [ 137.834385][ T6667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.834413][ T6667] RIP: 0033:0x7f9a6178d169 [ 137.834434][ T6667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.834458][ T6667] RSP: 002b:00007f9a6260b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000074 [ 137.834489][ T6667] RAX: ffffffffffffffda RBX: 00007f9a619a6160 RCX: 00007f9a6178d169 [ 137.834506][ T6667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000e32 [ 137.834522][ T6667] RBP: 00007f9a6260b090 R08: 0000000000000000 R09: 0000000000000000 [ 137.834538][ T6667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.834553][ T6667] R13: 0000000000000000 R14: 00007f9a619a6160 R15: 00007ffff7d0d588 [ 137.834588][ T6667] [ 138.014634][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.021109][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.880071][ T30] audit: type=1800 audit(6039519993.986:5): pid=6693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.188" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 139.008361][ T6695] Invalid ELF header magic: != ELF [ 140.584027][ T6731] FAULT_INJECTION: forcing a failure. [ 140.584027][ T6731] name failslab, interval 1, probability 0, space 0, times 0 [ 140.721654][ T6731] CPU: 1 UID: 0 PID: 6731 Comm: syz.2.199 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 140.721691][ T6731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 140.721708][ T6731] Call Trace: [ 140.721716][ T6731] [ 140.721726][ T6731] dump_stack_lvl+0x16c/0x1f0 [ 140.721788][ T6731] should_fail_ex+0x512/0x640 [ 140.721820][ T6731] ? __kmalloc_noprof+0xbf/0x510 [ 140.721865][ T6731] ? lsm_blob_alloc+0x68/0x90 [ 140.721905][ T6731] should_failslab+0xc2/0x120 [ 140.721931][ T6731] __kmalloc_noprof+0xd2/0x510 [ 140.721982][ T6731] lsm_blob_alloc+0x68/0x90 [ 140.722025][ T6731] security_prepare_creds+0x30/0x270 [ 140.722067][ T6731] prepare_creds+0x56f/0x7d0 [ 140.722101][ T6731] set_current_groups+0x15/0xd0 [ 140.722131][ T6731] __do_sys_setgroups+0x3db/0x4e0 [ 140.722166][ T6731] do_syscall_64+0xcd/0x260 [ 140.722211][ T6731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.722240][ T6731] RIP: 0033:0x7f41c898d169 [ 140.722261][ T6731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.722288][ T6731] RSP: 002b:00007f41c96ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000074 [ 140.722313][ T6731] RAX: ffffffffffffffda RBX: 00007f41c8ba6160 RCX: 00007f41c898d169 [ 140.722330][ T6731] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000e32 [ 140.722346][ T6731] RBP: 00007f41c96ff090 R08: 0000000000000000 R09: 0000000000000000 [ 140.722362][ T6731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.722377][ T6731] R13: 0000000000000000 R14: 00007f41c8ba6160 R15: 00007fff3222e368 [ 140.722412][ T6731] [ 140.890140][ C1] vkms_vblank_simulate: vblank timer overrun [ 141.028123][ T6736] Invalid ELF header magic: != ELF [ 147.527423][ T6872] can: request_module (can-proto-0) failed. [ 147.540439][ T6873] can: request_module (can-proto-0) failed. [ 149.361017][ T6917] Invalid ELF header magic: != ELF [ 149.593859][ T30] audit: type=1800 audit(6039520004.696:6): pid=6923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.245" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 149.613702][ C1] vkms_vblank_simulate: vblank timer overrun [ 150.835530][ T6956] netlink: 342 bytes leftover after parsing attributes in process `syz.1.252'. [ 150.927007][ T6957] netlink: 342 bytes leftover after parsing attributes in process `syz.1.252'. [ 151.670262][ T6968] netlink: 346 bytes leftover after parsing attributes in process `syz.0.255'. [ 152.331076][ T6986] netlink: 4 bytes leftover after parsing attributes in process `syz.1.260'. [ 153.946266][ T7008] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input10 [ 155.186250][ T7037] openvswitch: netlink: Message has 1 unknown bytes. [ 157.374645][ T7100] netlink: 330 bytes leftover after parsing attributes in process `syz.1.288'. [ 157.862266][ T30] audit: type=1800 audit(6039520012.966:7): pid=7111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.289" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 158.592763][ T7118] Invalid ELF header magic: != ELF [ 161.270736][ T7153] bridge0: port 3(vlan1) entered blocking state [ 161.324159][ T7153] bridge0: port 3(vlan1) entered disabled state [ 161.330645][ T7153] vlan1: entered allmulticast mode [ 161.364435][ T7153] veth0_vlan: entered allmulticast mode [ 161.371923][ T7153] vlan1: entered promiscuous mode [ 161.427436][ T7153] bridge0: port 3(vlan1) entered blocking state [ 161.434365][ T7153] bridge0: port 3(vlan1) entered forwarding state [ 162.165043][ T7175] netlink: Unknown conntrack attr (type=146, max=9) [ 162.416765][ T7183] Invalid ELF header magic: != ELF [ 162.664486][ T7191] Invalid ELF header magic: != ELF [ 164.265531][ T7211] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input11 [ 168.474539][ T7269] Invalid ELF header magic: != ELF [ 169.643328][ T7293] netlink: 4 bytes leftover after parsing attributes in process `syz.1.330'. [ 174.719911][ T7408] netlink: 4 bytes leftover after parsing attributes in process `syz.1.358'. [ 174.819066][ T7408] svc: failed to register nfsdv3 RPC service (errno 111). [ 174.827729][ T7408] svc: failed to register nfsaclv3 RPC service (errno 111). [ 181.357197][ T7547] netlink: 330 bytes leftover after parsing attributes in process `syz.3.392'. [ 182.570401][ T7579] netlink: 2 bytes leftover after parsing attributes in process `syz.2.401'. [ 187.247310][ T7661] FAULT_INJECTION: forcing a failure. [ 187.247310][ T7661] name failslab, interval 1, probability 0, space 0, times 0 [ 187.274387][ T7661] CPU: 0 UID: 0 PID: 7661 Comm: syz.0.420 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 187.274430][ T7661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 187.274448][ T7661] Call Trace: [ 187.274459][ T7661] [ 187.274496][ T7661] dump_stack_lvl+0x16c/0x1f0 [ 187.274551][ T7661] should_fail_ex+0x512/0x640 [ 187.274587][ T7661] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 187.274636][ T7661] should_failslab+0xc2/0x120 [ 187.274678][ T7661] __kmalloc_cache_noprof+0x6a/0x3e0 [ 187.274722][ T7661] ? kernfs_fop_open+0xa3a/0xda0 [ 187.274771][ T7661] kernfs_fop_open+0xa3a/0xda0 [ 187.274812][ T7661] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 187.274865][ T7661] do_dentry_open+0x741/0x1c10 [ 187.274917][ T7661] ? __pfx_kernfs_fop_open+0x10/0x10 [ 187.274967][ T7661] vfs_open+0x82/0x3f0 [ 187.275004][ T7661] path_openat+0x1e5e/0x2d40 [ 187.275067][ T7661] ? __pfx_path_openat+0x10/0x10 [ 187.275124][ T7661] do_filp_open+0x20b/0x470 [ 187.275171][ T7661] ? __pfx_do_filp_open+0x10/0x10 [ 187.275246][ T7661] ? _raw_spin_unlock+0x28/0x50 [ 187.275285][ T7661] ? alloc_fd+0x471/0x7d0 [ 187.275341][ T7661] do_sys_openat2+0x11b/0x1d0 [ 187.275375][ T7661] ? __pfx_do_sys_openat2+0x10/0x10 [ 187.275425][ T7661] __x64_sys_open+0x153/0x1e0 [ 187.275458][ T7661] ? __pfx___x64_sys_open+0x10/0x10 [ 187.275501][ T7661] ? rcu_is_watching+0x12/0xc0 [ 187.275542][ T7661] do_syscall_64+0xcd/0x260 [ 187.275592][ T7661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.275622][ T7661] RIP: 0033:0x7f5e3038d169 [ 187.275657][ T7661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.275695][ T7661] RSP: 002b:00007f5e311e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 187.275719][ T7661] RAX: ffffffffffffffda RBX: 00007f5e305a5fa0 RCX: 00007f5e3038d169 [ 187.275737][ T7661] RDX: 0000000000000007 RSI: 0000000000101800 RDI: 0000200000000000 [ 187.275753][ T7661] RBP: 00007f5e3040e990 R08: 0000000000000000 R09: 0000000000000000 [ 187.275769][ T7661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 187.275784][ T7661] R13: 0000000000000000 R14: 00007f5e305a5fa0 R15: 00007ffd31689e28 [ 187.275818][ T7661] [ 188.527018][ T7700] bond0: option all_slaves_active: invalid value () [ 191.478155][ T7779] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input12 [ 195.794625][ T7863] netlink: 12 bytes leftover after parsing attributes in process `syz.3.464'. [ 198.127357][ T7908] netlink: 4 bytes leftover after parsing attributes in process `syz.1.473'. [ 199.302950][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.309350][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 201.183552][ T7962] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 203.041541][ T7993] netlink: zone id is out of range [ 203.063338][ T7993] netlink: zone id is out of range [ 203.083769][ T7993] netlink: zone id is out of range [ 203.097178][ T7993] netlink: zone id is out of range [ 203.137278][ T7993] netlink: zone id is out of range [ 203.159806][ T7993] netlink: zone id is out of range [ 203.165503][ T7993] netlink: zone id is out of range [ 203.181081][ T7993] netlink: zone id is out of range [ 203.186239][ T7993] netlink: zone id is out of range [ 203.634630][ T8006] netlink: 28 bytes leftover after parsing attributes in process `syz.2.498'. [ 210.270296][ T8150] netlink: 8 bytes leftover after parsing attributes in process `syz.1.531'. [ 211.403847][ T8173] FAULT_INJECTION: forcing a failure. [ 211.403847][ T8173] name failslab, interval 1, probability 0, space 0, times 0 [ 211.454454][ T8173] CPU: 1 UID: 0 PID: 8173 Comm: syz.2.537 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 211.454492][ T8173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 211.454508][ T8173] Call Trace: [ 211.454518][ T8173] [ 211.454528][ T8173] dump_stack_lvl+0x16c/0x1f0 [ 211.454574][ T8173] should_fail_ex+0x512/0x640 [ 211.454605][ T8173] ? fs_reclaim_acquire+0xae/0x150 [ 211.454642][ T8173] ? tomoyo_supervisor+0x45b/0x13b0 [ 211.454683][ T8173] should_failslab+0xc2/0x120 [ 211.454709][ T8173] __kmalloc_noprof+0xd2/0x510 [ 211.454748][ T8173] ? tomoyo_profile+0x47/0x60 [ 211.454799][ T8173] tomoyo_supervisor+0x45b/0x13b0 [ 211.454850][ T8173] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 211.454892][ T8173] ? __pfx_vsnprintf+0x10/0x10 [ 211.454947][ T8173] ? tomoyo_encode2+0x329/0x3e0 [ 211.454990][ T8173] ? tomoyo_check_path_number_acl+0xa6/0x2f0 [ 211.455034][ T8173] tomoyo_path_number_perm+0x448/0x580 [ 211.455071][ T8173] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 211.455157][ T8173] ? find_held_lock+0x2b/0x80 [ 211.455194][ T8173] ? hook_file_ioctl_common+0x145/0x410 [ 211.455235][ T8173] ? __fget_files+0x20e/0x3c0 [ 211.455294][ T8173] security_file_ioctl+0x9b/0x240 [ 211.455330][ T8173] __x64_sys_ioctl+0xb7/0x200 [ 211.455372][ T8173] do_syscall_64+0xcd/0x260 [ 211.455416][ T8173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.455443][ T8173] RIP: 0033:0x7f41c898d169 [ 211.455463][ T8173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.455489][ T8173] RSP: 002b:00007f41c9741038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 211.455514][ T8173] RAX: ffffffffffffffda RBX: 00007f41c8ba5fa0 RCX: 00007f41c898d169 [ 211.455531][ T8173] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000004 [ 211.455547][ T8173] RBP: 00007f41c8a0e990 R08: 0000000000000000 R09: 0000000000000000 [ 211.455562][ T8173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 211.455578][ T8173] R13: 0000000000000000 R14: 00007f41c8ba5fa0 R15: 00007fff3222e368 [ 211.455612][ T8173] [ 211.893796][ T5152] Bluetooth: hci3: command 0x0406 tx timeout [ 211.899956][ T5152] Bluetooth: hci0: command 0x0406 tx timeout [ 211.906035][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 211.912296][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 213.859035][ T8235] FAULT_INJECTION: forcing a failure. [ 213.859035][ T8235] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 213.928829][ T8235] CPU: 1 UID: 0 PID: 8235 Comm: syz.0.549 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 213.928885][ T8235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 213.928902][ T8235] Call Trace: [ 213.928925][ T8235] [ 213.928936][ T8235] dump_stack_lvl+0x16c/0x1f0 [ 213.928993][ T8235] should_fail_ex+0x512/0x640 [ 213.929029][ T8235] should_fail_alloc_page+0xe7/0x130 [ 213.929058][ T8235] prepare_alloc_pages+0x3c2/0x610 [ 213.929098][ T8235] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 213.929150][ T8235] ? unwind_get_return_address+0x59/0xa0 [ 213.929207][ T8235] ? arch_stack_walk+0xa6/0x100 [ 213.929259][ T8235] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 213.929309][ T8235] ? __pfx_stack_trace_save+0x10/0x10 [ 213.929348][ T8235] ? stack_depot_save_flags+0x28/0xa50 [ 213.929392][ T8235] ? kasan_save_stack+0x42/0x60 [ 213.929433][ T8235] ? kasan_save_stack+0x33/0x60 [ 213.929473][ T8235] ? kasan_save_track+0x14/0x30 [ 213.929512][ T8235] ? __kasan_slab_alloc+0x89/0x90 [ 213.929554][ T8235] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 213.929597][ T8235] ? alloc_vmap_area+0x613/0x2970 [ 213.929636][ T8235] ? __get_vm_area_node+0x1a7/0x300 [ 213.929666][ T8235] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 213.929701][ T8235] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 213.929750][ T8235] ? policy_nodemask+0xea/0x4e0 [ 213.929811][ T8235] alloc_pages_mpol+0x1fb/0x550 [ 213.929838][ T8235] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 213.929873][ T8235] alloc_pages_noprof+0x131/0x390 [ 213.929917][ T8235] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 213.929957][ T8235] get_free_pages_noprof+0xc/0x40 [ 213.929985][ T8235] kasan_populate_vmalloc_pte+0x2d/0x160 [ 213.930027][ T8235] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 213.930068][ T8235] __apply_to_page_range+0x5f9/0xd30 [ 213.930109][ T8235] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 213.930163][ T8235] ? __pfx___apply_to_page_range+0x10/0x10 [ 213.930202][ T8235] ? alloc_vmap_area+0x872/0x2970 [ 213.930241][ T8235] alloc_vmap_area+0x919/0x2970 [ 213.930290][ T8235] ? __pfx_alloc_vmap_area+0x10/0x10 [ 213.930334][ T8235] __get_vm_area_node+0x1a7/0x300 [ 213.930377][ T8235] __vmalloc_node_range_noprof+0x277/0x1540 [ 213.930435][ T8235] ? htab_map_alloc+0x456/0x1540 [ 213.930476][ T8235] ? find_held_lock+0x2b/0x80 [ 213.930515][ T8235] ? htab_map_alloc+0x456/0x1540 [ 213.930550][ T8235] ? pcpu_memcg_post_alloc_hook+0x1e/0x740 [ 213.930603][ T8235] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 213.930644][ T8235] ? pcpu_alloc_noprof+0x1f5/0x1470 [ 213.930700][ T8235] ? htab_map_alloc+0x456/0x1540 [ 213.930734][ T8235] __bpf_map_area_alloc+0xeb/0x190 [ 213.930772][ T8235] ? htab_map_alloc+0x456/0x1540 [ 213.930807][ T8235] htab_map_alloc+0x456/0x1540 [ 213.930843][ T8235] ? bpf_lsm_capable+0x9/0x10 [ 213.930894][ T8235] ? ns_capable+0xd7/0x110 [ 213.930937][ T8235] map_create+0x58f/0x1db0 [ 213.930981][ T8235] ? __pfx_map_create+0x10/0x10 [ 213.931010][ T8235] ? __might_fault+0xe3/0x190 [ 213.931056][ T8235] ? __might_fault+0xe3/0x190 [ 213.931101][ T8235] ? __might_fault+0x13b/0x190 [ 213.931170][ T8235] __sys_bpf+0x47cc/0x4d80 [ 213.931203][ T8235] ? __pfx_futex_wake+0x10/0x10 [ 213.931236][ T8235] ? __pfx___sys_bpf+0x10/0x10 [ 213.931269][ T8235] ? kmem_cache_free+0x2d4/0x4d0 [ 213.931312][ T8235] ? find_held_lock+0x2b/0x80 [ 213.931349][ T8235] ? putname+0x154/0x1a0 [ 213.931379][ T8235] ? do_sys_openat2+0x1b0/0x1d0 [ 213.931416][ T8235] ? do_futex+0x122/0x350 [ 213.931461][ T8235] ? __pfx_do_futex+0x10/0x10 [ 213.931522][ T8235] ? xfd_validate_state+0x5d/0x180 [ 213.931559][ T8235] ? rcu_is_watching+0x12/0xc0 [ 213.931605][ T8235] __x64_sys_bpf+0x78/0xc0 [ 213.931640][ T8235] ? lockdep_hardirqs_on+0x7c/0x110 [ 213.931684][ T8235] do_syscall_64+0xcd/0x260 [ 213.931746][ T8235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.931778][ T8235] RIP: 0033:0x7f5e3038d169 [ 213.931819][ T8235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.931849][ T8235] RSP: 002b:00007f5e311c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 213.931878][ T8235] RAX: ffffffffffffffda RBX: 00007f5e305a6080 RCX: 00007f5e3038d169 [ 213.931899][ T8235] RDX: 00000000000006f3 RSI: 00002000000011c0 RDI: 0000000000000000 [ 213.931918][ T8235] RBP: 00007f5e3040e990 R08: 0000000000000000 R09: 0000000000000000 [ 213.931937][ T8235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 213.931955][ T8235] R13: 0000000000000000 R14: 00007f5e305a6080 R15: 00007ffd31689e28 [ 213.931995][ T8235] [ 219.060356][ T5839] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 221.625458][ T8331] netlink: 330 bytes leftover after parsing attributes in process `syz.2.573'. [ 222.554525][ T8338] netlink: 8 bytes leftover after parsing attributes in process `syz.2.576'. [ 222.936844][ T8346] netlink: 130 bytes leftover after parsing attributes in process `syz.2.578'. [ 223.439755][ T8354] program syz.0.582 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 225.189772][ T8392] netlink: 28 bytes leftover after parsing attributes in process `syz.2.591'. [ 227.495166][ T8450] netlink: 28 bytes leftover after parsing attributes in process `syz.2.605'. [ 227.540625][ T8450] bond0: left allmulticast mode [ 227.546576][ T8450] bond_slave_1: left allmulticast mode [ 227.552947][ T8450] bond0: left promiscuous mode [ 227.558414][ T8450] bond_slave_1: left promiscuous mode [ 227.565644][ T8450] bridge0: port 3(bond0) entered disabled state [ 227.589969][ T8450] bridge_slave_1: left allmulticast mode [ 227.601674][ T8450] bridge_slave_1: left promiscuous mode [ 227.631658][ T8450] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.655804][ T8450] bridge_slave_0: left allmulticast mode [ 227.673528][ T8450] bridge_slave_0: left promiscuous mode [ 227.680317][ T8450] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.688459][ T5844] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 227.688510][ T5844] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 227.703602][ T5844] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 227.703673][ T5844] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 227.710908][ T5844] Bluetooth: hci0: Malformed LE Event: 0x0d [ 228.099892][ T8462] Invalid ELF header magic: != ELF [ 230.350931][ T8523] netlink: 4 bytes leftover after parsing attributes in process `syz.3.623'. [ 230.906040][ T8540] netlink: 330 bytes leftover after parsing attributes in process `syz.0.627'. [ 231.236520][ T8546] FAULT_INJECTION: forcing a failure. [ 231.236520][ T8546] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 231.274378][ T8546] CPU: 1 UID: 0 PID: 8546 Comm: syz.0.628 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 231.274421][ T8546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 231.274439][ T8546] Call Trace: [ 231.274449][ T8546] [ 231.274461][ T8546] dump_stack_lvl+0x16c/0x1f0 [ 231.274512][ T8546] should_fail_ex+0x512/0x640 [ 231.274555][ T8546] should_fail_alloc_page+0xe7/0x130 [ 231.274587][ T8546] prepare_alloc_pages+0x3c2/0x610 [ 231.274626][ T8546] ? rcu_is_watching+0x12/0xc0 [ 231.274670][ T8546] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 231.274724][ T8546] ? __lock_acquire+0x5ca/0x1ba0 [ 231.274777][ T8546] ? __lock_acquire+0x5ca/0x1ba0 [ 231.274832][ T8546] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 231.274897][ T8546] ? __lock_acquire+0x5ca/0x1ba0 [ 231.274952][ T8546] ? __lock_acquire+0x5ca/0x1ba0 [ 231.275002][ T8546] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 231.275038][ T8546] ? policy_nodemask+0xea/0x4e0 [ 231.275092][ T8546] alloc_pages_mpol+0x1fb/0x550 [ 231.275123][ T8546] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 231.275154][ T8546] ? __lock_acquire+0x5ca/0x1ba0 [ 231.275212][ T8546] folio_alloc_mpol_noprof+0x36/0x2f0 [ 231.275251][ T8546] vma_alloc_folio_noprof+0xed/0x1e0 [ 231.275287][ T8546] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 231.275348][ T8546] do_pte_missing+0x223d/0x3fb0 [ 231.275409][ T8546] __handle_mm_fault+0x103d/0x2a40 [ 231.275465][ T8546] ? __pfx___handle_mm_fault+0x10/0x10 [ 231.275507][ T8546] ? __pte_offset_map_lock+0x155/0x2f0 [ 231.275543][ T8546] ? find_held_lock+0x2b/0x80 [ 231.275581][ T8546] ? find_held_lock+0x2b/0x80 [ 231.275645][ T8546] handle_mm_fault+0x3fe/0xad0 [ 231.275696][ T8546] __get_user_pages+0x771/0x36f0 [ 231.275745][ T8546] ? __pfx_mt_find+0x10/0x10 [ 231.275796][ T8546] ? __pfx___get_user_pages+0x10/0x10 [ 231.275852][ T8546] populate_vma_page_range+0x278/0x3a0 [ 231.275897][ T8546] ? __pfx_populate_vma_page_range+0x10/0x10 [ 231.275938][ T8546] ? __pfx_find_vma_intersection+0x10/0x10 [ 231.275977][ T8546] ? do_mmap+0x69c/0x11b0 [ 231.276018][ T8546] __mm_populate+0x1d8/0x380 [ 231.276062][ T8546] ? __pfx___mm_populate+0x10/0x10 [ 231.276105][ T8546] ? up_write+0x1b2/0x520 [ 231.276141][ T8546] vm_mmap_pgoff+0x362/0x450 [ 231.276180][ T8546] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 231.276224][ T8546] ? __x64_sys_futex+0x1e0/0x4c0 [ 231.276268][ T8546] ? __x64_sys_futex+0x1e9/0x4c0 [ 231.276318][ T8546] ksys_mmap_pgoff+0x7d/0x5c0 [ 231.276367][ T8546] ? rcu_is_watching+0x12/0xc0 [ 231.276408][ T8546] __x64_sys_mmap+0x125/0x190 [ 231.276449][ T8546] do_syscall_64+0xcd/0x260 [ 231.276497][ T8546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.276529][ T8546] RIP: 0033:0x7f5e3038d169 [ 231.276553][ T8546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.276583][ T8546] RSP: 002b:00007f5e311e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 231.276612][ T8546] RAX: ffffffffffffffda RBX: 00007f5e305a5fa0 RCX: 00007f5e3038d169 [ 231.276632][ T8546] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 231.276650][ T8546] RBP: 00007f5e3040e990 R08: 0000000000000002 R09: 0000000000008000 [ 231.276668][ T8546] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 231.276685][ T8546] R13: 0000000000000000 R14: 00007f5e305a5fa0 R15: 00007ffd31689e28 [ 231.276724][ T8546] [ 231.969485][ T8558] Invalid ELF header magic: != ELF [ 232.222489][ T8567] netlink: 12 bytes leftover after parsing attributes in process `syz.3.636'. [ 232.266148][ T8567] netlink: 12 bytes leftover after parsing attributes in process `syz.3.636'. [ 232.543751][ T8568] netlink: 8 bytes leftover after parsing attributes in process `syz.2.635'. [ 233.628973][ T8605] netlink: 'syz.2.645': attribute type 1 has an invalid length. [ 233.665052][ T8605] nbd: error processing sock list [ 235.850107][ T8656] netlink: 4 bytes leftover after parsing attributes in process `syz.1.657'. [ 235.860040][ T8656] netlink: 25 bytes leftover after parsing attributes in process `syz.1.657'. [ 236.100554][ T8648] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 236.180640][ T8648] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 236.443129][ T8648] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 236.449199][ T8648] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 236.567285][ T8648] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 236.587347][ T8648] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 236.612154][ T8648] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 236.633520][ T8648] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 236.647293][ T8648] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 237.642925][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 238.511504][ T5844] Bluetooth: hci1: command 0x0406 tx timeout [ 238.586271][ T8730] netlink: 330 bytes leftover after parsing attributes in process `syz.0.672'. [ 238.595497][ T5844] Bluetooth: hci2: command 0x0406 tx timeout [ 238.671776][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 239.719802][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 239.829080][ T5844] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 239.829120][ T5844] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 239.844595][ T5844] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 239.844631][ T5844] Bluetooth: hci0: adv larger than maximum supported [ 239.852167][ T5844] Bluetooth: hci0: Malformed LE Event: 0x0d [ 239.926259][ T8786] netlink: 330 bytes leftover after parsing attributes in process `syz.1.684'. [ 240.591602][ T5844] Bluetooth: hci1: command 0x0406 tx timeout [ 240.672163][ T5844] Bluetooth: hci2: command 0x0406 tx timeout [ 240.751438][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 242.120356][ T8846] Invalid ELF header magic: != ELF [ 242.756707][ T8865] netlink: 330 bytes leftover after parsing attributes in process `syz.1.702'. [ 242.769405][ T8865] : renamed from bond0 (while UP) [ 242.831575][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 245.065147][ T8920] sp0: Synchronizing with TNC [ 246.552485][ T5844] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 246.687134][ T5844] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 248.113765][ T9008] program syz.2.736 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 248.341370][ T9008] can: request_module (can-proto-5) failed. [ 248.408605][ T9009] can: request_module (can-proto-5) failed. [ 249.012413][ T9041] Setting dangerous option i915.mitigations - tainting kernel [ 249.397708][ T9045] sp0: Synchronizing with TNC [ 250.053507][ T5844] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 251.423986][ T9083] netlink: 342 bytes leftover after parsing attributes in process `syz.2.749'. [ 251.515690][ T9085] syz.0.750 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 252.170678][ T9101] netlink: 'syz.1.755': attribute type 11 has an invalid length. [ 252.204097][ T9101] netlink: 'syz.1.755': attribute type 11 has an invalid length. [ 252.251384][ T9101] netlink: 96 bytes leftover after parsing attributes in process `syz.1.755'. [ 252.253757][ T9105] netlink: 342 bytes leftover after parsing attributes in process `syz.1.755'. [ 252.318749][ T9101] netlink: 'syz.1.755': attribute type 11 has an invalid length. [ 253.257969][ T9139] netlink: 12 bytes leftover after parsing attributes in process `syz.1.761'. [ 253.315751][ T9140] netlink: 8 bytes leftover after parsing attributes in process `syz.1.761'. [ 253.531233][ T9145] netlink: 338 bytes leftover after parsing attributes in process `syz.1.763'. [ 253.565491][ T9145] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.573374][ T9145] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.110647][ T5844] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 256.108930][ T9200] Invalid ELF header magic: != ELF [ 256.274703][ T9200] Invalid ELF header magic: != ELF [ 256.302135][ T9200] Invalid ELF header magic: != ELF [ 256.315886][ T9200] Invalid ELF header magic: != ELF [ 256.467605][ T9200] Invalid ELF header magic: != ELF [ 256.611858][ T9207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.775'. [ 257.136463][ T9230] netlink: 12 bytes leftover after parsing attributes in process `syz.2.779'. [ 257.169845][ T9236] netlink: 342 bytes leftover after parsing attributes in process `syz.1.783'. [ 257.375192][ T9235] netlink: 334 bytes leftover after parsing attributes in process `syz.3.776'. [ 259.027211][ T5839] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 260.756835][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.767065][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.006824][ T9304] netlink: 334 bytes leftover after parsing attributes in process `syz.2.796'. [ 261.367953][ T9335] random: crng reseeded on system resumption [ 264.452292][ T9387] netlink: 342 bytes leftover after parsing attributes in process `syz.0.816'. [ 266.274727][ T9420] could not allocate digest TFM handle [ 266.701655][ T9420] netlink: 16 bytes leftover after parsing attributes in process `syz.2.824'. [ 267.173862][ T9441] netlink: 28 bytes leftover after parsing attributes in process `syz.1.829'. [ 272.059406][ T9553] Invalid ELF header magic: != ELF [ 273.004637][ T9569] could not allocate digest TFM handle [ 273.126695][ T9572] could not allocate digest TFM handle [ 275.755252][ T9638] Invalid ELF header magic: != ELF [ 281.331709][ T9768] zswap: compressor not available [ 281.535799][ T9780] netlink: 8 bytes leftover after parsing attributes in process `syz.0.914'. [ 281.570320][ T9781] netlink: 8 bytes leftover after parsing attributes in process `syz.0.914'. [ 283.893861][ T9858] netlink: 346 bytes leftover after parsing attributes in process `syz.3.933'. [ 285.190749][ T9888] nfs4: Unknown parameter '' [ 287.184395][ T5839] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 290.078012][T10007] kernel read not supported for file /\*)A (pid: 10007 comm: syz.2.966) [ 290.191335][ T30] audit: type=1800 audit(4294967346.504:8): pid=10007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.966" name="\*)A" dev="mqueue" ino=16705 res=0 errno=0 [ 291.926857][ T9962] kexec: Could not allocate control_code_buffer [ 292.107973][T10032] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 292.419191][T10038] netlink: 16 bytes leftover after parsing attributes in process `syz.3.973'. [ 294.198936][T10072] tipc: Started in network mode [ 294.204216][T10072] tipc: Node identity 8e4e6f15, cluster identity 4711 [ 294.228689][T10072] tipc: Node number set to 2387504917 [ 297.489442][T10169] Invalid ELF header magic: != ELF [ 303.525937][T10305] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1028'. [ 303.544907][T10304] HfR: entered promiscuous mode [ 303.612334][T10306] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(5) [ 303.895193][T10305] HfR: left promiscuous mode [ 305.852171][T10333] kernel read not supported for file /\*)A (pid: 10333 comm: syz.1.1033) [ 305.901352][ T30] audit: type=1800 audit(4294967362.194:9): pid=10333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1033" name="\*)A" dev="mqueue" ino=25902 res=0 errno=0 [ 308.137079][T10388] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1046'. [ 309.033881][T10403] ceph: Failed to parse sending metrics switch value 'P^' [ 311.533871][T10457] Invalid ELF header magic: != ELF syzkaller syzkaller login: [ 313.364659][T10518] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1069'. [ 314.356062][ T5839] Bluetooth: hci3: unexpected subevent 0x03 length: 6 < 9 [ 314.465692][T10535] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1075'. [ 316.806430][T10600] net_ratelimit: 328 callbacks suppressed [ 316.806452][T10600] openvswitch: netlink: Message has 1 unknown bytes. [ 317.058671][T10606] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1094'. [ 317.234450][T10612] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1094'. [ 317.275149][T10606] netlink: 93 bytes leftover after parsing attributes in process `syz.2.1094'. [ 320.833269][T10679] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1112'. [ 322.205056][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.213643][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.771050][T10724] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1123'. [ 323.365768][T10725] can: request_module (can-proto-0) failed. [ 324.233437][T10748] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1128'. [ 324.590953][ T5839] Bluetooth: hci2: unexpected subevent 0x03 length: 6 < 9 [ 324.682365][T10760] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1130'. [ 324.984144][T10764] Invalid ELF header magic: != ELF [ 326.445072][T10796] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1139'. [ 329.029851][T10854] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 330.174973][T10879] Invalid ELF header magic: != ELF [ 333.150474][T10947] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1181'. [ 333.198582][T10947] nbd: must specify a size in bytes for the device [ 337.521986][T11024] syz.2.1197: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0x400cc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 337.629954][T11024] CPU: 0 UID: 0 PID: 11024 Comm: syz.2.1197 Tainted: G U 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 337.629997][T11024] Tainted: [U]=USER [ 337.630006][T11024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 337.630020][T11024] Call Trace: [ 337.630028][T11024] [ 337.630038][T11024] dump_stack_lvl+0x16c/0x1f0 [ 337.630081][T11024] warn_alloc+0x248/0x3a0 [ 337.630124][T11024] ? __pfx_warn_alloc+0x10/0x10 [ 337.630176][T11024] ? __get_vm_area_node+0x1b9/0x300 [ 337.630207][T11024] ? __get_vm_area_node+0x1e5/0x300 [ 337.630247][T11024] __vmalloc_node_range_noprof+0x1110/0x1540 [ 337.630294][T11024] ? __do_sys_listmount+0x1c2/0xed0 [ 337.630343][T11024] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 337.630393][T11024] __kvmalloc_node_noprof+0x2ff/0x600 [ 337.630432][T11024] ? __do_sys_listmount+0x1c2/0xed0 [ 337.630469][T11024] ? __do_sys_listmount+0x1c2/0xed0 [ 337.630510][T11024] ? __do_sys_listmount+0x1c2/0xed0 [ 337.630544][T11024] __do_sys_listmount+0x1c2/0xed0 [ 337.630585][T11024] ? __x64_sys_futex+0x1e0/0x4c0 [ 337.630622][T11024] ? __x64_sys_futex+0x1e9/0x4c0 [ 337.630660][T11024] ? __pfx___do_sys_listmount+0x10/0x10 [ 337.630695][T11024] ? xfd_validate_state+0x5d/0x180 [ 337.630739][T11024] do_syscall_64+0xcd/0x260 [ 337.630782][T11024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.630809][T11024] RIP: 0033:0x7f41c898d169 [ 337.630830][T11024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 337.630854][T11024] RSP: 002b:00007f41c96ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 337.630879][T11024] RAX: ffffffffffffffda RBX: 00007f41c8ba6160 RCX: 00007f41c898d169 [ 337.630895][T11024] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 337.630911][T11024] RBP: 00007f41c8a0e990 R08: 0000000000000000 R09: 0000000000000000 [ 337.630926][T11024] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 337.630940][T11024] R13: 0000000000000000 R14: 00007f41c8ba6160 R15: 00007fff3222e368 [ 337.630977][T11024] [ 337.945202][T11024] Mem-Info: [ 337.948378][T11024] active_anon:37687 inactive_anon:0 isolated_anon:0 [ 337.948378][T11024] active_file:15932 inactive_file:42278 isolated_file:0 [ 337.948378][T11024] unevictable:768 dirty:617 writeback:0 [ 337.948378][T11024] slab_reclaimable:10712 slab_unreclaimable:96070 [ 337.948378][T11024] mapped:33345 shmem:20080 pagetables:1061 [ 337.948378][T11024] sec_pagetables:0 bounce:0 [ 337.948378][T11024] kernel_misc_reclaimable:0 [ 337.948378][T11024] free:1295637 free_pcp:3588 free_cma:0 [ 338.004636][T11050] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1205'. [ 338.230572][T11050] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 338.287047][T11050] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 338.411318][T11024] Node 0 active_anon:175348kB inactive_anon:0kB active_file:63728kB inactive_file:169044kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:150260kB dirty:2496kB writeback:0kB shmem:99172kB shmem_thp:2048kB shmem_pmdmapped:2048kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:11656kB pagetables:4240kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 338.544661][T11024] Node 1 active_anon:20kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1556kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 338.596431][T11024] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 338.794934][T11024] lowmem_reserve[]: 0 2482 2483 2483 2483 [ 338.800762][T11024] Node 0 DMA32 free:1244844kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:176816kB inactive_anon:0kB active_file:63728kB inactive_file:167484kB unevictable:1536kB writepending:2500kB present:3129332kB managed:2541668kB mlocked:0kB bounce:0kB free_pcp:5572kB local_pcp:776kB free_cma:0kB [ 338.881355][T11024] lowmem_reserve[]: 0 0 1 1 1 [ 338.886137][T11024] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1564kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 338.959032][T11024] lowmem_reserve[]: 0 0 0 0 0 [ 338.969279][T11024] Node 1 Normal free:3894284kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:20kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:10884kB local_pcp:8072kB free_cma:0kB [ 339.145231][T11024] lowmem_reserve[]: 0 0 0 0 0 [ 339.176596][T11024] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 339.206774][T11024] Node 0 DMA32: 302*4kB (UME) 444*8kB (UE) 255*16kB (UME) 352*32kB (UME) 256*64kB (UME) 300*128kB (UME) 198*256kB (UME) 101*512kB (UM) 54*1024kB (UM) 2*2048kB (M) 245*4096kB (M) = 1240200kB [ 339.300800][T11024] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 339.374534][T11024] Node 1 Normal: 38*4kB (UME) 5*8kB (UME) 8*16kB (UE) 52*32kB (UME) 88*64kB (UE) 25*128kB (UME) 12*256kB (UME) 5*512kB (UM) 3*1024kB (UM) 4*2048kB (UM) 944*4096kB (M) = 3894336kB [ 339.488248][T11024] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 339.528590][T11024] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 339.557668][T11024] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 339.570016][T11024] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 339.638311][T11024] 88102 total pagecache pages [ 339.647814][T11024] 26 pages in swap cache [ 339.654350][T11024] Free swap = 124888kB [ 339.658607][T11024] Total swap = 124996kB [ 339.663580][T11024] 2097051 pages RAM [ 339.667464][T11024] 0 pages HighMem/MovableOnly [ 339.674326][T11024] 429592 pages reserved [ 339.679051][T11024] 0 pages cma reserved [ 341.363294][T11118] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1224'. [ 342.027420][T11130] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 342.098057][T11130] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 342.119818][T11130] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 342.283924][T11130] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 342.290181][T11130] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 342.364736][T11130] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 343.963148][T11181] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1247'. [ 344.032253][ T5839] Bluetooth: hci0: command 0x0406 tx timeout [ 344.111376][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 344.352326][ T5839] Bluetooth: hci3: command 0x0406 tx timeout [ 344.358419][ T5839] Bluetooth: hci2: command 0x0406 tx timeout [ 344.381553][T11190] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1240'. [ 344.525670][T11190] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 344.535515][T11190] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 345.822416][T11218] Invalid ELF header magic: != ELF [ 346.207006][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 346.431882][ T5839] Bluetooth: hci3: command 0x0406 tx timeout [ 349.258557][T11292] Invalid ELF header magic: != ELF [ 351.851351][T11335] FAULT_INJECTION: forcing a failure. [ 351.851351][T11335] name failslab, interval 1, probability 0, space 0, times 0 [ 351.871532][T11335] CPU: 1 UID: 0 PID: 11335 Comm: syz.2.1277 Tainted: G U 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 351.871578][T11335] Tainted: [U]=USER [ 351.871586][T11335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 351.871597][T11335] Call Trace: [ 351.871604][T11335] [ 351.871611][T11335] dump_stack_lvl+0x16c/0x1f0 [ 351.871643][T11335] should_fail_ex+0x512/0x640 [ 351.871666][T11335] ? __kmalloc_noprof+0xbf/0x510 [ 351.871697][T11335] ? lsm_blob_alloc+0x68/0x90 [ 351.871725][T11335] should_failslab+0xc2/0x120 [ 351.871743][T11335] __kmalloc_noprof+0xd2/0x510 [ 351.871777][T11335] lsm_blob_alloc+0x68/0x90 [ 351.871806][T11335] security_sk_alloc+0x30/0x270 [ 351.871827][T11335] sk_prot_alloc+0x1c7/0x2a0 [ 351.871860][T11335] sk_alloc+0x36/0xc20 [ 351.871883][T11335] mctp_pf_create+0xe8/0x330 [ 351.871920][T11335] __sock_create+0x335/0x8d0 [ 351.871943][T11335] __sys_socket+0x14d/0x260 [ 351.871962][T11335] ? __pfx___sys_socket+0x10/0x10 [ 351.871982][T11335] ? rcu_is_watching+0x12/0xc0 [ 351.872012][T11335] __x64_sys_socket+0x72/0xb0 [ 351.872030][T11335] ? lockdep_hardirqs_on+0x7c/0x110 [ 351.872057][T11335] do_syscall_64+0xcd/0x260 [ 351.872087][T11335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.872106][T11335] RIP: 0033:0x7f41c898d169 [ 351.872121][T11335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.872139][T11335] RSP: 002b:00007f41c63f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 351.872157][T11335] RAX: ffffffffffffffda RBX: 00007f41c8ba6240 RCX: 00007f41c898d169 [ 351.872170][T11335] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000002d [ 351.872181][T11335] RBP: 00007f41c8a0e990 R08: 0000000000000000 R09: 0000000000000000 [ 351.872193][T11335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 351.872205][T11335] R13: 0000000000000000 R14: 00007f41c8ba6240 R15: 00007fff3222e368 [ 351.872229][T11335] [ 354.182220][T11370] netlink: 'syz.2.1284': attribute type 11 has an invalid length. [ 354.801377][T11393] sock: sock_timestamping_bind_phc: sock not bind to device [ 355.375928][T11401] FAULT_INJECTION: forcing a failure. [ 355.375928][T11401] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 355.408653][T11401] CPU: 0 UID: 0 PID: 11401 Comm: syz.2.1292 Tainted: G U 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 355.408708][T11401] Tainted: [U]=USER [ 355.408719][T11401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 355.408738][T11401] Call Trace: [ 355.408748][T11401] [ 355.408760][T11401] dump_stack_lvl+0x16c/0x1f0 [ 355.408814][T11401] should_fail_ex+0x512/0x640 [ 355.408857][T11401] _copy_to_user+0x32/0xd0 [ 355.408917][T11401] copy_siginfo_to_user+0x27/0xc0 [ 355.408966][T11401] x64_setup_rt_frame+0x811/0xcf0 [ 355.409033][T11401] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 355.409072][T11401] ? kill_pid_info_type+0xea/0x2a0 [ 355.409110][T11401] ? find_held_lock+0x2b/0x80 [ 355.409151][T11401] arch_do_signal_or_restart+0x5e6/0x7d0 [ 355.409195][T11401] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 355.409263][T11401] syscall_exit_to_user_mode+0x150/0x2a0 [ 355.409307][T11401] do_syscall_64+0xda/0x260 [ 355.409352][T11401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.409380][T11401] RIP: 0033:0x7f41c898d169 [ 355.409402][T11401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.409427][T11401] RSP: 002b:00007f41c9741038 EFLAGS: 00000246 ORIG_RAX: 0000000000000081 [ 355.409452][T11401] RAX: 0000000000000000 RBX: 00007f41c8ba5fa0 RCX: 00007f41c898d169 [ 355.409469][T11401] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000000004f7 [ 355.409483][T11401] RBP: 00007f41c8a0e990 R08: 0000000000000000 R09: 0000000000000000 [ 355.409499][T11401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 355.409515][T11401] R13: 0000000000000000 R14: 00007f41c8ba5fa0 R15: 00007fff3222e368 [ 355.409549][T11401] [ 358.727111][T11464] random: crng reseeded on system resumption [ 368.134183][T11632] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1353'. [ 369.136692][T11649] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1357'. [ 369.671862][T11649] veth0_macvtap: left promiscuous mode [ 371.955162][T11704] netlink: 'syz.2.1368': attribute type 11 has an invalid length. [ 371.963148][T11704] netlink: 'syz.2.1368': attribute type 11 has an invalid length. [ 371.970948][T11704] netlink: 1280 bytes leftover after parsing attributes in process `syz.2.1368'. [ 372.233908][T11697] bridge0: port 4(ipvlan0) entered blocking state [ 372.241008][T11697] bridge0: port 4(ipvlan0) entered disabled state [ 372.251553][T11697] ipvlan0: entered allmulticast mode [ 372.259357][T11697] ipvlan0: left allmulticast mode [ 372.383754][ T30] audit: type=1326 audit(4294967312.430:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11713 comm="syz.1.1371" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f044978d169 code=0x0 [ 372.775799][T11725] HfR: entered promiscuous mode [ 372.804960][T11724] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1374'. [ 372.848765][T11724] HfR: left promiscuous mode [ 374.964551][T11767] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 374.973652][T11767] openvswitch: netlink: Flow set message rejected, Key attribute missing. syzkaller syzkaller login: [ 375.394495][T11757] Invalid ELF header magic: != ELF [ 377.473116][T11795] Invalid ELF header magic: != ELF [ 382.375418][T11870] netlink: 294 bytes leftover after parsing attributes in process `syz.1.1407'. [ 383.651805][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.658189][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.216474][T11920] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 385.341361][T11920] CIFS mount error: No usable UNC path provided in device string! [ 385.341361][T11920] [ 385.404144][T11920] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 389.610230][T11988] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1436'. [ 389.747494][T11988] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1436'. [ 389.862436][T11989] netlink: 350 bytes leftover after parsing attributes in process `syz.2.1436'. [ 395.694713][ T5839] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 399.950511][T12184] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1483'. [ 400.449203][T12194] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1487'. [ 403.873449][T12273] delete_channel: no stack [ 406.396163][T12326] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 406.402532][T12326] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 406.411539][T12326] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 406.417678][T12326] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 406.547617][T12326] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 408.432629][ T5844] Bluetooth: hci2: command 0x0406 tx timeout [ 408.439545][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 408.445604][ T5845] Bluetooth: hci0: command 0x0406 tx timeout [ 408.533948][T12364] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[12364] [ 408.594495][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 408.891540][T12359] busy [ 410.521870][ T5844] Bluetooth: hci2: command 0x0406 tx timeout [ 412.672346][T12392] delete_channel: no stack [ 414.139959][T12414] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1555'. [ 416.053599][T12439] kernel read not supported for file /\*)A (pid: 12439 comm: syz.2.1561) [ 416.193715][ T30] audit: type=1800 audit(4294967363.237:11): pid=12439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1561" name="\*)A" dev="mqueue" ino=16705 res=0 errno=0 [ 416.826268][T12451] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 417.697183][T12452] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 417.704141][T12452] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 421.220939][T12498] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1575'. [ 421.327916][T12502] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1575'. [ 421.636293][T12500] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1577'. [ 425.331608][T12543] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1589'. [ 427.408402][T12586] CIFS mount error: No usable UNC path provided in device string! [ 427.408402][T12586] [ 427.528446][T12586] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 435.564705][T12374] syz.0.1541 (12374) used greatest stack depth: 18328 bytes left [ 441.765647][ T5844] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 441.765683][ T5844] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 441.781453][ T5844] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 441.781505][ T5844] Bluetooth: hci1: Malformed LE Event: 0x0d [ 442.145793][T12760] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1640'. [ 442.438869][T12774] virtio-fs: tag <(null)> not found [ 445.075695][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.082539][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 447.235592][T12845] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[12845] [ 449.419330][T12873] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1667'. [ 449.504068][T12880] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1666'. [ 452.299565][T12933] Invalid ELF header magic: != ELF [ 455.123695][T12967] ======================================================= [ 455.123695][T12967] WARNING: The mand mount option has been deprecated and [ 455.123695][T12967] and is ignored by this kernel. Remove the mand [ 455.123695][T12967] option from the mount to silence this warning. [ 455.123695][T12967] ======================================================= [ 455.928437][ T5844] Bluetooth: hci1: unexpected event 0x36 length: 123 > 7 [ 459.347237][T13029] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1703'. [ 459.513928][T13037] netlink: 1272 bytes leftover after parsing attributes in process `syz.2.1703'. [ 463.347164][T13078] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1711'. [ 467.098344][T13094] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1716'. [ 472.298124][T13164] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1733'. [ 473.908825][T13174] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1735'. [ 476.308324][T13205] delete_channel: no stack [ 478.300848][T13230] Invalid ELF header magic: != ELF [ 490.438330][T13370] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1781'. [ 490.448496][T13370] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1781'. [ 490.552160][T13373] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 490.737523][T13373] could not allocate digest TFM handle [ 491.133425][T13386] Invalid ELF header magic: != ELF [ 492.370538][ C1] sd 0:0:1:0: [sda] tag#3156 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 492.381143][ C1] sd 0:0:1:0: [sda] tag#3156 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00 [ 493.189409][T13417] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1793'. [ 493.552071][T13421] [U]  [ 493.554957][T13421] [U] [ 493.557714][T13421] [U] [ 493.560451][T13421] [U] [ 493.590029][T13423] netlink: 'syz.1.1796': attribute type 11 has an invalid length. [ 493.656419][T13421] [U] [ 493.659182][T13421] [U] [ 493.661919][T13421] [U] [ 493.664646][T13421] [U] [ 493.715446][T13432] [U] [ 495.248813][T13461] openvswitch: netlink: Message has 4 unknown bytes. [ 500.028488][T13066] syz.2.1709 (13066) used greatest stack depth: 17512 bytes left [ 501.246031][T13536] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1821'. [ 501.816175][T13543] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1822'. [ 501.826780][T13543] netlink: 306 bytes leftover after parsing attributes in process `syz.1.1822'. [ 503.270435][T13565] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1828'. [ 503.312470][T13565] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1828'. [ 503.781437][T13581] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1831'. [ 504.922525][T13604] openvswitch: netlink: Key type 69 is out of range max 32 [ 506.549304][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.555710][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 514.347274][T13770] qrtr: Invalid version 0 [ 524.611450][T13920] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1908'. [ 538.863976][T14118] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek 260 [ 557.226311][ T5844] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 557.246225][ T5844] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 557.246274][ T5844] Bluetooth: hci3: adv larger than maximum supported [ 557.253644][ T5844] Bluetooth: hci3: adv larger than maximum supported [ 557.260342][ T5844] Bluetooth: hci3: adv larger than maximum supported [ 557.267100][ T5844] Bluetooth: hci3: Malformed LE Event: 0x0d [ 564.642356][T14300] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 564.649135][T14300] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 564.663531][T14300] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 564.691401][T14300] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 566.051468][T14315] virtio-fs: tag <(null)> not found [ 566.674144][ T5844] Bluetooth: hci2: command 0x0406 tx timeout [ 566.680223][ T5845] Bluetooth: hci1: command 0x0406 tx timeout [ 566.686365][ T5845] Bluetooth: hci0: command 0x0406 tx timeout [ 566.751647][T14328] Bluetooth: hci3: command 0x0406 tx timeout [ 567.956965][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.963533][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 583.584060][T14577] Invalid ELF header magic: != ELF [ 584.688697][T14592] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 584.728482][T14595] CIFS mount error: No usable UNC path provided in device string! [ 584.728482][T14595] [ 584.747413][T14595] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 587.176497][T14631] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2052'. [ 591.792833][T14690] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2068'. [ 593.376166][T14728] openvswitch: netlink: Message has 4 unknown bytes. [ 595.696198][T14773] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2089'. [ 596.864113][T14800] openvswitch: netlink: Message has 4 unknown bytes. [ 598.926717][T14845] .^: entered promiscuous mode [ 602.071086][T14895] openvswitch: netlink: IP tunnel dst address not specified [ 602.344918][T14910] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[14910] [ 602.431926][T14912] sctp: [Deprecated]: syz.0.2121 (pid 14912) Use of struct sctp_assoc_value in delayed_ack socket option. [ 602.431926][T14912] Use struct sctp_sack_info instead [ 602.455301][T14910] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[14910] [ 602.525319][T14910] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[14910] [ 602.543277][T14910] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[14910] [ 603.915048][T14328] Bluetooth: hci0: unexpected event 0x03 length: 18 > 11 [ 604.664665][T14978] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 604.741605][T14991] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 606.178451][ T30] audit: type=1806 audit(4294967555.217:12): xattr="0" res=-22 [ 606.301786][T15021] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2139'. [ 606.923919][T15047] openvswitch: netlink: Message has 4 unknown bytes. [ 607.007643][T15052] openvswitch: netlink: Message has 4 unknown bytes. [ 607.077212][T15051] program syz.2.2144 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 609.071530][T15109] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2158'. [ 613.936733][ T30] audit: type=1800 audit(4294967562.977:13): pid=15193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2175" name="lu_gp_id" dev="configfs" ino=44027 res=0 errno=0 [ 614.302471][T15205] openvswitch: netlink: Message has 4 unknown bytes. [ 615.792982][T15231] [U] [ 615.795748][T15231] [U] [ 615.798508][T15231] [U] [ 615.801260][T15231] [U] [ 616.131446][T15231] [U] [ 616.134217][T15231] [U] [ 616.136956][T15231] [U] [ 616.139699][T15231] [U] [ 616.163968][T15231] [U] [ 616.166723][T15231] [U] [ 616.169454][T15231] [U] [ 616.172184][T15231] [U] [ 616.266124][T15231] [U] [ 616.268896][T15231] [U] [ 616.271637][T15231] [U] [ 616.274359][T15231] [U] [ 616.374655][T15231] [U] [ 616.377427][T15231] [U] [ 616.380165][T15231] [U] [ 616.382897][T15231] [U] [ 616.430962][T15231] [U] [ 616.433715][T15231] [U] [ 616.436446][T15231] [U] [ 616.439187][T15231] [U] [ 616.488932][T15231] [U] [ 617.126339][T15245] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2191'. [ 618.201669][T15267] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[15267] [ 618.258770][T15273] netlink: 146 bytes leftover after parsing attributes in process `syz.0.2188'. [ 619.010485][T15277] openvswitch: netlink: Message has 4 unknown bytes. [ 623.387484][T15342] openvswitch: netlink: Message has 4 unknown bytes. [ 624.815989][T15346] openvswitch: netlink: Message has 4 unknown bytes. [ 626.503714][T15378] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2212'. [ 626.839900][T15384] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2213'. [ 626.851901][T15384] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2213'. [ 628.829354][T15422] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2223'. [ 629.413500][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.419839][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.732047][T15460] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2231'. [ 635.082111][T15511] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2243'. [ 636.388237][T15537] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2249'. [ 636.637400][T15541] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 636.643916][T15541] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 640.959353][T15610] openvswitch: netlink: Message has 4 unknown bytes. [ 641.025015][T15587] Invalid ELF header magic: != ELF [ 643.815115][T15650] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2274'. [ 644.514430][T15657] netlink: 'syz.3.2276': attribute type 19 has an invalid length. [ 644.564309][T15657] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2276'. [ 644.743322][T15666] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2278'. [ 645.857529][T15674] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2282'. [ 646.721887][T15696] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2285'. [ 648.133199][T15729] openvswitch: netlink: Message has 4 unknown bytes. [ 649.247638][T15739] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 649.254215][T15739] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 649.374962][T15737] lo: entered allmulticast mode [ 649.384560][T15737] lo: left allmulticast mode [ 652.175899][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 652.201199][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 652.209545][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 652.236071][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 652.246603][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 652.555264][T15774] chnl_net:caif_netlink_parms(): no params data found [ 652.823821][T15770] ptrace attach of "./syz-executor exec"[5842] was attempted by "./syz-executor exec"[15770] [ 653.885672][T15800] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2307'. [ 654.153153][T15800] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.354845][ T5839] Bluetooth: hci4: command tx timeout [ 654.407933][T15800] bridge_slave_1 (unregistering): left allmulticast mode [ 654.441307][T15800] bridge_slave_1 (unregistering): left promiscuous mode [ 654.462265][T15800] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.512149][T15808] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2315'. [ 654.545249][T15806] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2315'. [ 654.737711][T15774] bridge0: port 1(bridge_slave_0) entered blocking state [ 654.747675][T15774] bridge0: port 1(bridge_slave_0) entered disabled state [ 654.770996][T15774] bridge_slave_0: entered allmulticast mode [ 654.791212][T15774] bridge_slave_0: entered promiscuous mode [ 654.800285][T15774] bridge0: port 2(bridge_slave_1) entered blocking state [ 654.811627][T15774] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.818830][T15774] bridge_slave_1: entered allmulticast mode [ 654.830232][T15774] bridge_slave_1: entered promiscuous mode [ 655.380679][T15774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 655.744628][T15774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 656.053373][T15774] team0: Port device team_slave_0 added [ 656.073123][T15774] team0: Port device team_slave_1 added [ 656.431499][ T5839] Bluetooth: hci4: command tx timeout [ 656.908430][T13741] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.975597][T15774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 656.995382][T15774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 657.071374][T15774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 657.093282][T15774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 657.100254][T15774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 657.191262][T15774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 657.601621][T13741] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.024586][T13741] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.163187][T15774] hsr_slave_0: entered promiscuous mode [ 658.185944][T15774] hsr_slave_1: entered promiscuous mode [ 658.202112][T15774] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 658.211197][T15774] Cannot create hsr debugfs directory [ 658.274782][T13741] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.511513][ T5839] Bluetooth: hci4: command tx timeout [ 658.930821][T13741] bridge_slave_1: left allmulticast mode [ 658.954850][T13741] bridge_slave_1: left promiscuous mode [ 658.962492][T13741] bridge0: port 2(bridge_slave_1) entered disabled state [ 659.015403][T13741] bridge_slave_0: left allmulticast mode [ 659.021084][T13741] bridge_slave_0: left promiscuous mode [ 659.048438][T13741] bridge0: port 1(bridge_slave_0) entered disabled state [ 659.224091][T15852] netlink: 'syz.2.2316': attribute type 1 has an invalid length. [ 660.071534][T13741]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 660.114624][T13741]  (unregistering): Released all slaves [ 660.591461][ T5839] Bluetooth: hci4: command tx timeout [ 661.197694][ T5839] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 662.065498][T15918] openvswitch: netlink: Message has 4 unknown bytes. [ 662.166969][T15774] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 662.269826][T15774] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 662.365035][T15774] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 662.582596][T13741] hsr_slave_0: left promiscuous mode [ 662.611177][T13741] hsr_slave_1: left promiscuous mode [ 662.617358][T13741] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 662.641254][T13741] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 662.669333][T13741] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 662.703176][T13741] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 662.810146][T13741] veth1_macvtap: left promiscuous mode [ 662.831306][T13741] veth0_macvtap: left promiscuous mode [ 662.837074][T13741] veth1_vlan: left promiscuous mode [ 662.861663][T13741] veth0_vlan: left promiscuous mode [ 663.901952][T15944] could not allocate digest TFM handle [ 664.324072][T15959] openvswitch: netlink: Message has 4 unknown bytes. [ 664.457185][T15946] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2332'. [ 664.726845][T13741] team0 (unregistering): Port device team_slave_1 removed [ 664.949240][T13741] team0 (unregistering): Port device team_slave_0 removed [ 665.904718][T15774] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 666.990415][T15774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 667.072778][T15774] 8021q: adding VLAN 0 to HW filter on device team0 [ 667.102548][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 667.110616][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 667.179758][T10446] bridge0: port 2(bridge_slave_1) entered blocking state [ 667.186960][T10446] bridge0: port 2(bridge_slave_1) entered forwarding state [ 667.844562][T15774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 667.852436][T16032] openvswitch: netlink: Message has 4 unknown bytes. [ 667.876017][T16029] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2343'. [ 668.270373][T15774] veth0_vlan: entered promiscuous mode [ 668.351630][T15774] veth1_vlan: entered promiscuous mode [ 668.509137][T15774] veth0_macvtap: entered promiscuous mode [ 668.538017][T15774] veth1_macvtap: entered promiscuous mode [ 668.569006][T15774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.586906][T15774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.598221][T15774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.614400][T15774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.626083][T15774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.646938][T15774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.660650][T15774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 668.682940][T15774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.701683][T15774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.716571][T15774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.749022][T15774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.775557][T15774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 668.819041][T15774] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 668.875196][T15774] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 668.901257][T15774] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 668.909996][T15774] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.186370][T16060] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2347'. [ 669.355856][T10439] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 669.384927][T10439] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 669.470296][T10436] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 669.495976][T10436] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 670.286810][T16083] openvswitch: netlink: Message has 4 unknown bytes. [ 675.848513][T16163] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2374'. [ 676.497409][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 676.508058][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 676.518883][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 676.526899][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 676.534958][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 677.296451][T16166] chnl_net:caif_netlink_parms(): no params data found [ 677.382028][T16184] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2378'. [ 678.591679][T14328] Bluetooth: hci3: command tx timeout [ 678.636205][T16013] ------------[ cut here ]------------ [ 678.641734][T16013] ODEBUG: free active (active state 0) object: ffff8880640b9248 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 [ 678.714784][T16013] WARNING: CPU: 0 PID: 16013 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 [ 678.725490][T16013] Modules linked in: [ 678.729432][T16013] CPU: 0 UID: 0 PID: 16013 Comm: syz.3.2341 Tainted: G U 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 678.743334][T16013] Tainted: [U]=USER [ 678.747165][T16013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 678.757357][T16013] RIP: 0010:debug_print_object+0x1a2/0x2b0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 678.763270][T16013] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 60 60 f4 8b 4c 89 e6 48 c7 c7 e0 54 f4 8b e8 1f 16 a8 fc 90 <0f> 0b 90 90 58 83 05 56 f6 b3 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 678.783176][T16013] RSP: 0018:ffffc9000d3ef798 EFLAGS: 00010286 [ 678.789280][T16013] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817acff8 [ 678.797359][T16013] RDX: ffff88807c18bc00 RSI: ffffffff817ad005 RDI: 0000000000000001 [ 678.805740][T16013] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 678.813917][T16013] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8bf45b80 [ 678.821953][T16013] R13: ffffffff8b8fc8c0 R14: ffffffff8a7833d0 R15: ffffc9000d3ef898 [ 678.830245][T16013] FS: 0000000000000000(0000) GS:ffff8881249b9000(0000) knlGS:0000000000000000 [ 678.839368][T16013] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 678.846019][T16013] CR2: 00007ffd3168bf6d CR3: 000000007a298000 CR4: 00000000003526f0 [ 678.854049][T16013] Call Trace: [ 678.857348][T16013] [ 678.860295][T16013] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 678.865842][T16013] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 678.871742][T16013] debug_check_no_obj_freed+0x4b7/0x600 [ 678.877361][T16013] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 678.883505][T16013] ? rcu_is_watching+0x12/0xc0 [ 678.888328][T16013] ? kmem_cache_free+0x2d4/0x4d0 [ 678.893365][T16013] kfree+0x291/0x4d0 [ 678.897312][T16013] ? hci_release_dev+0x4d8/0x600 [ 678.902334][T16013] hci_release_dev+0x4d8/0x600 [ 678.907137][T16013] ? __pfx_hci_release_dev+0x10/0x10 [ 678.912583][T16013] ? rcu_is_watching+0x12/0xc0 [ 678.917380][T16013] ? kfree+0x252/0x4d0 [ 678.921513][T16013] bt_host_release+0x6a/0xb0 [ 678.926763][T16013] ? __pfx_bt_host_release+0x10/0x10 [ 678.932131][T16013] device_release+0xa1/0x240 [ 678.936759][T16013] kobject_put+0x1e4/0x5a0 [ 678.941241][T16013] ? __pfx_vhci_release+0x10/0x10 [ 678.946325][T16013] put_device+0x1f/0x30 [ 678.950517][T16013] vhci_release+0x81/0xf0 [ 678.954942][T16013] __fput+0x3ff/0xb70 [ 678.958973][T16013] task_work_run+0x14d/0x240 [ 678.963721][T16013] ? __pfx_task_work_run+0x10/0x10 [ 678.968908][T16013] do_exit+0xafb/0x2c30 [ 678.973149][T16013] ? proc_coredump_connector+0x2d1/0x4f0 [ 678.978826][T16013] ? __pfx_do_exit+0x10/0x10 [ 678.983520][T16013] do_group_exit+0xd3/0x2a0 [ 678.988076][T16013] get_signal+0x2673/0x26d0 [ 678.992722][T16013] ? __pfx_get_signal+0x10/0x10 [ 678.997618][T16013] ? force_sig_fault+0xc4/0x100 [ 679.002550][T16013] ? __pfx_force_sig_fault+0x10/0x10 [ 679.007885][T16013] arch_do_signal_or_restart+0x8f/0x7d0 [ 679.013526][T16013] ? find_held_lock+0x2b/0x80 [ 679.018249][T16013] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 679.024514][T16013] ? spurious_kernel_fault+0x233/0x3c0 [ 679.030325][T16013] irqentry_exit_to_user_mode+0x13f/0x280 [ 679.036149][T16013] asm_exc_page_fault+0x26/0x30 [ 679.041057][T16013] RIP: 0033:0x7f9a6178d171 [ 679.045533][T16013] Code: Unable to access opcode bytes at 0x7f9a6178d147. [ 679.052991][T16013] RSP: 002b:fffffffffffffff8 EFLAGS: 00010217 [ 679.059098][T16013] RAX: 0000000000000000 RBX: 00007f9a619a5fa0 RCX: 00007f9a6178d169 [ 679.067417][T16013] RDX: 0000200000000180 RSI: fffffffffffffff8 RDI: 0000000000000005 [ 679.076297][T16013] RBP: 00007f9a6180e990 R08: 0000000000000001 R09: 0000000000000000 [ 679.085153][T16013] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 679.093172][T16013] R13: 0000000000000001 R14: 00007f9a619a5fa0 R15: 00007ffff7d0d588 [ 679.101204][T16013] [ 679.104248][T16013] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 679.111555][T16013] CPU: 0 UID: 0 PID: 16013 Comm: syz.3.2341 Tainted: G U 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 679.125211][T16013] Tainted: [U]=USER [ 679.129019][T16013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 679.139106][T16013] Call Trace: [ 679.142407][T16013] [ 679.145344][T16013] dump_stack_lvl+0x3d/0x1f0 [ 679.149974][T16013] panic+0x71c/0x800 [ 679.153876][T16013] ? __pfx_panic+0x10/0x10 [ 679.158303][T16013] ? show_trace_log_lvl+0x29b/0x3e0 [ 679.163564][T16013] ? check_panic_on_warn+0x1f/0xb0 [ 679.168691][T16013] ? debug_print_object+0x1a2/0x2b0 [ 679.173933][T16013] check_panic_on_warn+0xab/0xb0 [ 679.178887][T16013] __warn+0xf6/0x3c0 [ 679.182798][T16013] ? debug_print_object+0x1a2/0x2b0 [ 679.188020][T16013] report_bug+0x3c3/0x580 [ 679.192380][T16013] ? debug_print_object+0x1a2/0x2b0 [ 679.197593][T16013] handle_bug+0x184/0x210 [ 679.201933][T16013] exc_invalid_op+0x17/0x50 [ 679.206444][T16013] asm_exc_invalid_op+0x1a/0x20 [ 679.211314][T16013] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 679.217137][T16013] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 60 60 f4 8b 4c 89 e6 48 c7 c7 e0 54 f4 8b e8 1f 16 a8 fc 90 <0f> 0b 90 90 58 83 05 56 f6 b3 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 679.236756][T16013] RSP: 0018:ffffc9000d3ef798 EFLAGS: 00010286 [ 679.242836][T16013] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817acff8 [ 679.250810][T16013] RDX: ffff88807c18bc00 RSI: ffffffff817ad005 RDI: 0000000000000001 [ 679.258792][T16013] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 679.266778][T16013] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8bf45b80 [ 679.274798][T16013] R13: ffffffff8b8fc8c0 R14: ffffffff8a7833d0 R15: ffffc9000d3ef898 [ 679.282788][T16013] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 679.288295][T16013] ? __warn_printk+0x198/0x350 [ 679.293075][T16013] ? __warn_printk+0x1a5/0x350 [ 679.297877][T16013] ? debug_print_object+0x1a1/0x2b0 [ 679.303127][T16013] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 679.308612][T16013] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 679.314458][T16013] debug_check_no_obj_freed+0x4b7/0x600 [ 679.320051][T16013] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 679.326145][T16013] ? rcu_is_watching+0x12/0xc0 [ 679.330949][T16013] ? kmem_cache_free+0x2d4/0x4d0 [ 679.335927][T16013] kfree+0x291/0x4d0 [ 679.339839][T16013] ? hci_release_dev+0x4d8/0x600 [ 679.344793][T16013] hci_release_dev+0x4d8/0x600 [ 679.349584][T16013] ? __pfx_hci_release_dev+0x10/0x10 [ 679.354872][T16013] ? rcu_is_watching+0x12/0xc0 [ 679.359651][T16013] ? kfree+0x252/0x4d0 [ 679.363744][T16013] bt_host_release+0x6a/0xb0 [ 679.368372][T16013] ? __pfx_bt_host_release+0x10/0x10 [ 679.373678][T16013] device_release+0xa1/0x240 [ 679.378288][T16013] kobject_put+0x1e4/0x5a0 [ 679.382735][T16013] ? __pfx_vhci_release+0x10/0x10 [ 679.387780][T16013] put_device+0x1f/0x30 [ 679.391947][T16013] vhci_release+0x81/0xf0 [ 679.396299][T16013] __fput+0x3ff/0xb70 [ 679.400310][T16013] task_work_run+0x14d/0x240 [ 679.404930][T16013] ? __pfx_task_work_run+0x10/0x10 [ 679.410070][T16013] do_exit+0xafb/0x2c30 [ 679.414251][T16013] ? proc_coredump_connector+0x2d1/0x4f0 [ 679.419897][T16013] ? __pfx_do_exit+0x10/0x10 [ 679.424526][T16013] do_group_exit+0xd3/0x2a0 [ 679.429056][T16013] get_signal+0x2673/0x26d0 [ 679.433616][T16013] ? __pfx_get_signal+0x10/0x10 [ 679.438493][T16013] ? force_sig_fault+0xc4/0x100 [ 679.443377][T16013] ? __pfx_force_sig_fault+0x10/0x10 [ 679.448687][T16013] arch_do_signal_or_restart+0x8f/0x7d0 [ 679.454261][T16013] ? find_held_lock+0x2b/0x80 [ 679.458960][T16013] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 679.465159][T16013] ? spurious_kernel_fault+0x233/0x3c0 [ 679.470639][T16013] irqentry_exit_to_user_mode+0x13f/0x280 [ 679.476393][T16013] asm_exc_page_fault+0x26/0x30 [ 679.481252][T16013] RIP: 0033:0x7f9a6178d171 [ 679.485683][T16013] Code: Unable to access opcode bytes at 0x7f9a6178d147. [ 679.492701][T16013] RSP: 002b:fffffffffffffff8 EFLAGS: 00010217 [ 679.498778][T16013] RAX: 0000000000000000 RBX: 00007f9a619a5fa0 RCX: 00007f9a6178d169 [ 679.506775][T16013] RDX: 0000200000000180 RSI: fffffffffffffff8 RDI: 0000000000000005 [ 679.514783][T16013] RBP: 00007f9a6180e990 R08: 0000000000000001 R09: 0000000000000000 [ 679.522793][T16013] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 679.530774][T16013] R13: 0000000000000001 R14: 00007f9a619a5fa0 R15: 00007ffff7d0d588 [ 679.538776][T16013] [ 679.542128][T16013] Kernel Offset: disabled [ 679.546459][T16013] Rebooting in 86400 seconds..