last executing test programs: 7m23.498281968s ago: executing program 2 (id=90): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffdb5, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) mmap$auto(0x0, 0x202000d, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x0) socket(0x9, 0x0, 0x9) socket(0xa, 0x801, 0x84) mmap$auto(0x6, 0x9b, 0x3, 0x15, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) epoll_create$auto(0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/ubi/parameters/mtd\x00', 0x141000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/vkms/graphics/fb0/cursor\x00', 0x161000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000140), 0x600040, 0x0) openat$auto_fops_u8_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/nfcsim/nfc1/dropframe\x00', 0x2000, 0x0) socket(0x2, 0x801, 0x106) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video5\x00', 0xac202, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x149c80, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/smaps\x00', 0x400, 0x0) r1 = openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/format\x00', 0x40, 0x0) pread64$auto(r1, &(0x7f0000000280)='$XhO\xdbN\x9f\xd0\xf4aPe>.\xa0m6#\\\xf7\xae\x7f\xe3\b\x98I\x99\x94\x01\xc9\xfb\f\xb2\xd1\x81q\xb7\x87\x995\xe5\xa3\xbe\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6\xcf\x00'/236, 0x4, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) mount_setattr$auto(0x5, 0x0, 0x1000, &(0x7f0000000640)={0x0, 0xf6, 0x100000}, 0x283) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)=""/177, 0xb1) 7m22.1310869s ago: executing program 2 (id=95): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x221c2, 0x0) mlockall$auto(0x0) open(&(0x7f0000000000)='./file0\x00', 0x10489d03fd83715f, 0x100) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x1, 0x6, 0xffffffff, 0x2}, 0xccb, 0x0, 0x6) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x4000000000000000, 0x2, 0x8e11, 0xeb1, r0, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xebd, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setns(0xffffffffffffffff, 0x0) clone$auto(0x4, 0x4, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) socket(0x6, 0x1, 0x8000) write$auto_msr_fops_msr(0xffffffffffffffff, 0x0, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/kernel/security/tomoyo/query\x00', 0x400, 0x0) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x80805, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r1 = socket(0x2, 0x6, 0x0) getsockopt$auto(r1, 0x10d, 0xa, 0x0, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) setsockopt$auto(0x3, 0x84, 0x17, 0x0, 0x27) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001080)='/dev/swradio0\x00', 0x101000, 0x0) read$auto_v4l2_fops_v4l2_dev(r2, &(0x7f00000001c0)=""/191, 0x1f8) 7m18.389375982s ago: executing program 2 (id=105): r0 = socket(0x1d, 0x2, 0x6) sendmsg$auto_ETHTOOL_MSG_FEC_SET(r0, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={0x14, 0x0, 0x400, 0x70bd2c, 0x25dfdc02}, 0x14}, 0x1, 0x0, 0x0, 0x4005}, 0x44080) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r0) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x10010}, 0x4000800) 7m17.253485772s ago: executing program 2 (id=107): r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x3, 0xb2f7, 0x6f, 0x110, 0x5, 0xf) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x3) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x2, 0x8000) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) modify_ldt$auto(0x11, 0x0, 0x10) ioctl$auto(0x3, 0x400454ca, 0x38) read$auto(0x3, 0x0, 0x80) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, &(0x7f0000000040)={0x1ff, 0x0, r0}) lseek$auto(r1, 0xfffffffffffffffc, 0x3) recvmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000080)="c1ed35c002fe09b7884f2ece9c8fba7f244ab928ff7cc96a0215", 0x4, &(0x7f0000000100)={&(0x7f00000000c0)="8cf03a7ce1b484ef22b2b7aaaa0a5d415a2463d9ffa6fe8071c629883342db3a9e2327fb3b", 0x4}, 0x4, &(0x7f0000000140)="c30d137114755c91ffe0b630fc4c88bc49ad24d78a6dbaf7e9ee3b436a9d667f335938d4711cf16123f2820060f6839ecc054ab211eb544a91c6a9b069872c2b380acbaaca9dae7921da2e0f0615cff50e5623febac13597b5688d28ddefe8de7ed6088761d2b4aaacee39c1a14acbb43fabc07207363fc63eabc5", 0x2, 0x9}, 0x800}, 0x7fffffff, 0xc4, &(0x7f0000000200)={0x9, 0x3}) 7m5.88089603s ago: executing program 0 (id=152): r0 = socket(0x1d, 0x2, 0x6) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a) sendmsg$auto_ETHTOOL_MSG_FEC_SET(r0, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={0x14, 0x0, 0x400, 0x70bd2c, 0x25dfdc02}, 0x14}, 0x1, 0x0, 0x0, 0x4005}, 0x44080) r3 = gettid() syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x10010}, 0x4000800) tkill$auto(r3, 0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x8000) io_uring_setup$auto(0x206, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x402, 0x0, 0x1, 0x0) open(0x0, 0x163340, 0x2a) r4 = socket(0x2a, 0x2, 0x1) connect$auto(r4, &(0x7f0000000140)=@qipcrtr={0x2a, 0x1}, 0x57) write$auto(0x3, 0x0, 0x6) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) 7m5.542396708s ago: executing program 0 (id=153): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) write$auto(0x3, 0x0, 0xfffffdef) (async) openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, 0x0, 0x2000, 0x0) (async) mmap$auto(0x0, 0xc, 0x9c0f, 0x17, 0x10006, 0x300000000000) (async) write$auto(0x3, 0x0, 0xfffffdef) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 64) mmap$auto(0x1000, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 64) mseal$auto(0x0, 0x7dda, 0x0) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) fanotify_init$auto(0x5, 0x2) (async) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) (async) io_uring_setup$auto(0x6, 0x0) (async) io_uring_register$auto(0x100000001, 0x15, 0x0, 0xa654) (async) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) 7m4.414560055s ago: executing program 0 (id=155): r0 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/ieee80211/phy5/netdev:wlan0/stations/08:02:11:00:00:01/vht_capa\x00', 0x0, 0x0) mmap$auto(0x0, 0xfffffffffffffffe, 0xdf, 0x18, r0, 0x1) ioctl$auto_BLKPBSZGET(r0, 0x127b, 0x0) r1 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/tdls_wider_bw\x00', 0x1c1082, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) rseq$auto(&(0x7f0000000300)={0xb, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x25, 0x1, 0x3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000800)='./file0\x00', 0x2240, 0x154) sysfs$auto(0x2, 0x0, 0x0) fsopen$auto(0x0, 0x1) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r1, 0x0, 0x0) 7m4.32687386s ago: executing program 0 (id=157): mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x6, 0x0) mmap$auto(0x0, 0x20009, 0xe, 0xeb1, 0x403, 0x8000) ioctl$auto_XFS_IOC_SWAPEXT(0xffffffffffffffff, 0xc0c0586d, &(0x7f00000000c0)={0x3, @raw=0x5, @inferred, 0x9, 0x8, '\x00', {0x7, 0x80, 0x0, 0xee00, 0x0, 0x7, 0x50000000, 0x5, {0x1, 0x5}, {0x1ec, 0xfffffff9}, {0x44d, 0x4}, 0xfffffffffffffffd, 0x6adb, 0x9, 0x100, 0x10, 0xffff, 0x5, 0x4, 0x3, 0x5, '\x00', 0x9, 0x1, 0x6, 0x5}}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00032bbd7000ffdbdf2501000000080007000400000008000200", @ANYRES32=0x0, @ANYBLOB="0d0000ff00000008000900", @ANYRES32=0x0, @ANYBLOB], 0x3c}}, 0x22008004) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f00000000c0), 0xffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev0\x00', 0x8a00, 0x0) ioctl$auto(r1, 0xc0585607, 0x38) mbind$auto(0x8000, 0xfa9d, 0x5, &(0x7f0000000280)=0x20000000000000fb, 0x400, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x20000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000080)=""/168, 0xa8) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) setreuid$auto(0x0, 0x20000000004) ioctl$auto(r3, 0x541c, 0xffffffffffffffff) 7m4.130312426s ago: executing program 0 (id=158): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x84) name_to_handle_at$auto(0x5, 0x0, &(0x7f0000000100)={0xa9, 0x3, "f6babc2dd6f0baba3b83ac3f8d6458ff804a81ed5715dc1dda326b5c657297372582e5016d5b70f4f008cc5bc4743f8a42d7a7058052063ae15a323f056d3be5162d14c74bafaf937c6876722814df2823ab9af1c26754773a848c552c23866ddb4c372fadd96235cce438b8d1bb5d50537b0bb3be2f6097644530c852c09e3a2249784818249f4f74021d7440e788d4eec18858591d2adc331d1b84b5b6888e6be06915ee4e81965b"}, 0x0, 0x80000000) socket(0x2, 0x3, 0x1) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0x3, 0x89e0, 0x91) rt_tgsigqueueinfo$auto(0x3, 0x96, 0x7, &(0x7f0000000180)={@siginfo_0_0={0x0, 0x9c2a, 0x10001, @_sigsys={0x0, 0x5d35, 0x6}}}) io_uring_setup$auto(0x6, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa0, 0x1, 0x6}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) rename$auto(&(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='./file0\x00') setsockopt$auto(0x3, 0x10000000084, 0x75, 0x0, 0x8) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbda6af64433e25980c000008000300", @ANYRES32=r4, @ANYBLOB="05003e007f"], 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000280)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="58010000", @ANYRES16=0x0, @ANYBLOB="01002abd7000fcdbdf25020000000000058000002f80c5985a3d271f357672cfb3324407c656dad03b245160e340e33d0de3a500002a0000000000668fbba439695500003400", @ANYRES32=0x0, @ANYBLOB='\x00\x00\f\x00', @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB], 0x158}, 0x1, 0x0, 0x0, 0x20040014}, 0x4000000) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x800) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 7m3.950314136s ago: executing program 0 (id=160): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='B\x00\x00\x00', @ANYRES16=r1, @ANYRESHEX=r0], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/sound/ctl-led/speaker/mode\x00', 0x182, 0x0) socket(0x21, 0x2, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async) connect$auto(0x5, 0x0, 0x9) (async) sendmsg$auto_HSR_C_GET_NODE_STATUS(r3, &(0x7f0000000240)={&(0x7f0000000000)={0x1d, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, 0x0, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@HSR_A_NODE_ADDR_B={0xa}, @HSR_A_IF1_SEQ={0x6, 0x6, 0x3}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF2_AGE={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) (async) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose0/statistics/tx_window_errors\x00', 0xa2900, 0x0) (async) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="7d472dbd700049b5", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x8}, 0x4000044) (async) r5 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(r5, &(0x7f0000000000)='-\x00', 0x2fb) (async) read$auto(r4, 0x0, 0x9) write$auto(0x3, 0x0, 0x1) (async) r6 = socket(0x2, 0x3, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) getsockopt$auto_SO_DEBUG(r6, 0xff, 0x1, 0x0, 0x0) (async) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace\x00', 0x1a6b75d63882a712, 0x0) r7 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000280), r0) (async) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x89fc, &(0x7f0000000040)={'gre0\x00'}) (async) sendmsg$auto_CTRL_CMD_GETFAMILY(r2, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x20, r7, 0x0, 0x70bd29, 0x25dfdbff, {}, [@CTRL_ATTR_FAMILY_NAME={0xa, 0x2, '@++\xd0[\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x2000000}, 0x4000800) 7m2.017590389s ago: executing program 32 (id=107): r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x3, 0xb2f7, 0x6f, 0x110, 0x5, 0xf) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x3) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x2, 0x8000) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) modify_ldt$auto(0x11, 0x0, 0x10) ioctl$auto(0x3, 0x400454ca, 0x38) read$auto(0x3, 0x0, 0x80) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, &(0x7f0000000040)={0x1ff, 0x0, r0}) lseek$auto(r1, 0xfffffffffffffffc, 0x3) recvmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000080)="c1ed35c002fe09b7884f2ece9c8fba7f244ab928ff7cc96a0215", 0x4, &(0x7f0000000100)={&(0x7f00000000c0)="8cf03a7ce1b484ef22b2b7aaaa0a5d415a2463d9ffa6fe8071c629883342db3a9e2327fb3b", 0x4}, 0x4, &(0x7f0000000140)="c30d137114755c91ffe0b630fc4c88bc49ad24d78a6dbaf7e9ee3b436a9d667f335938d4711cf16123f2820060f6839ecc054ab211eb544a91c6a9b069872c2b380acbaaca9dae7921da2e0f0615cff50e5623febac13597b5688d28ddefe8de7ed6088761d2b4aaacee39c1a14acbb43fabc07207363fc63eabc5", 0x2, 0x9}, 0x800}, 0x7fffffff, 0xc4, &(0x7f0000000200)={0x9, 0x3}) 6m48.843741961s ago: executing program 33 (id=160): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='B\x00\x00\x00', @ANYRES16=r1, @ANYRESHEX=r0], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/sound/ctl-led/speaker/mode\x00', 0x182, 0x0) socket(0x21, 0x2, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async) connect$auto(0x5, 0x0, 0x9) (async) sendmsg$auto_HSR_C_GET_NODE_STATUS(r3, &(0x7f0000000240)={&(0x7f0000000000)={0x1d, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, 0x0, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@HSR_A_NODE_ADDR_B={0xa}, @HSR_A_IF1_SEQ={0x6, 0x6, 0x3}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF2_AGE={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) (async) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose0/statistics/tx_window_errors\x00', 0xa2900, 0x0) (async) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="7d472dbd700049b5", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x8}, 0x4000044) (async) r5 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(r5, &(0x7f0000000000)='-\x00', 0x2fb) (async) read$auto(r4, 0x0, 0x9) write$auto(0x3, 0x0, 0x1) (async) r6 = socket(0x2, 0x3, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) getsockopt$auto_SO_DEBUG(r6, 0xff, 0x1, 0x0, 0x0) (async) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace\x00', 0x1a6b75d63882a712, 0x0) r7 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000280), r0) (async) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x89fc, &(0x7f0000000040)={'gre0\x00'}) (async) sendmsg$auto_CTRL_CMD_GETFAMILY(r2, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x20, r7, 0x0, 0x70bd29, 0x25dfdbff, {}, [@CTRL_ATTR_FAMILY_NAME={0xa, 0x2, '@++\xd0[\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x2000000}, 0x4000800) 3m10.231715045s ago: executing program 3 (id=3761): fallocate$auto(0xffffffffffffffff, 0x3fbb061c, 0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) statmount$auto(&(0x7f0000000000)={0x7e, @raw, 0x80000024, 0xd14, 0x2}, 0x0, 0x7ffffffff000, 0x0) ioctl$auto(0x3, 0x890c, 0x38) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) timer_getoverrun$auto(0x2) 3m8.850926924s ago: executing program 3 (id=3763): socketpair$auto(0x63f3, 0x80000000, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0x541b, 0xffffffffffffffff) 3m8.473532256s ago: executing program 3 (id=3764): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x80002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, 0x0, 0x80003, 0x0) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/007/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r0, 0x802c550a, &(0x7f0000000300)=ANY=[@ANYBLOB="020000060000e6ff040000000100400008"]) ioctl$auto(r0, 0x4008550c, r0) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, 0x0, 0x1b, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000080), 0x141002, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) write$auto(r1, 0x0, 0xc3) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3m8.2205898s ago: executing program 3 (id=3766): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) (async) setsockopt$auto(0x400000000000003, 0x29, 0x1c, 0x0, 0x56b) r0 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) (async) r1 = getpgid(0x0) rt_tgsigqueueinfo$auto(0xffffffffffffffff, r1, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0xe, 0x5, @_sigchld={r1, 0x0, 0x401, 0x5, 0x3}}}) (async) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) (async) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f0000000080)='\xac\x00', &(0x7f0000000000)=&(0x7f0000000200)=' ') (async) ptrace$auto(0x4206, r0, 0x0, 0x5) ptrace$auto(0x4f73, r0, 0x8000000000000000, 0x3) (async) capget$auto(&(0x7f0000000000)={0x7, r0}, &(0x7f0000000040)={0x8, 0xb3d3, 0x1}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x10, 0x3, 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_IOAM6_CMD_DUMP_SCHEMAS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8d0}, 0x800) r2 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) (async) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0x538, 0x80, 0x10000, 0x0, r2, 0x1000, "72fea04183dce563f03f2a25077b3383", 0x0, r2, 0x4, 0x6, 0x101, 0x1, r2}, 0x6f3) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='nfs4\x00', 0x200, &(0x7f00000001c0)) 3m7.687862569s ago: executing program 3 (id=3768): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop2\x00', 0x2280, 0x0) ioctl$auto_BLKGETSIZE(r0, 0x1260, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x100, 0xf201) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3}, 0xf7, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x22, &(0x7f0000000000), 0x1) shmat$auto(0x0, 0x0, 0x873) 3m7.240776695s ago: executing program 3 (id=3770): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000006b00)={0x20, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @pid}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40014}, 0x24008040) (async, rerun: 32) clone$auto(0x2000000000006, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x8) (async, rerun: 32) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x0, 0x0) ioctl$auto_HDIO_GETGEO(r2, 0x301, &(0x7f00000001c0)) (async) madvise$auto(0x110c230000, 0x1, 0x9) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 32) socket(0x21, 0x2, 0x2) (rerun: 32) socket(0x1d, 0x2, 0x2) (async) socket(0x23, 0x2, 0x0) (async, rerun: 32) openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) (async, rerun: 32) r3 = socket(0x2c, 0x2, 0x4) (async) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/fb0\x00', 0x800, 0x0) (async) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x200, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r4, 0xc0385720, &(0x7f0000000080)={0x0, "aa8c44a1", 0x6, 0x8, 0x3, 0x6e48, "9f929aabd06e2686b720bf916f3fa0df"}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) fcntl$auto(0x8000000000000001, 0x5, 0x8) (async, rerun: 32) read$auto(0xffffffffffffffff, 0x0, 0x8) (async, rerun: 32) readv$auto(0x3, 0x0, 0x1) (async, rerun: 32) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)={0x14, r6, 0xf25, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4044054) mmap$auto(0x1000, 0x1, 0x7ff, 0x19, 0xffffffffffffffff, 0x1) (async, rerun: 32) mmap$auto(0x0, 0xe983, 0xdf, 0x16, 0x401, 0x7ffc) (async, rerun: 32) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xb, 0x4, 0x16, 0x940, 0x1ffe0, 0x0, 0x6, 0x2, 0x2, 0x25, 0xfff, 0x7, 0x4, 0x1, 0x5, 0x20000003, 0x5, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, [0x0, 0x2, 0x0, 0x5, 0x0, 0x3, 0x3, 0x3, 0x1000000000000, 0x0, 0x40000000003, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbd0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x404, 0x0, 0x3, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x100000001, 0x0, 0x0, 0x10000, 0xbf]}, 0x1fe, 0xffff) ioctl$auto(0x3, 0x8008743f, 0x1) (async) r7 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), r3) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET2(r3, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r7, 0x100, 0x70bd0a, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000091}, 0x440ecc4159a90d00) (async) socket(0x2c, 0x3, 0x0) 3m6.780344252s ago: executing program 34 (id=3770): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000006b00)={0x20, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @pid}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40014}, 0x24008040) (async, rerun: 32) clone$auto(0x2000000000006, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x8) (async, rerun: 32) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x0, 0x0) ioctl$auto_HDIO_GETGEO(r2, 0x301, &(0x7f00000001c0)) (async) madvise$auto(0x110c230000, 0x1, 0x9) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 32) socket(0x21, 0x2, 0x2) (rerun: 32) socket(0x1d, 0x2, 0x2) (async) socket(0x23, 0x2, 0x0) (async, rerun: 32) openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) (async, rerun: 32) r3 = socket(0x2c, 0x2, 0x4) (async) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/fb0\x00', 0x800, 0x0) (async) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x200, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r4, 0xc0385720, &(0x7f0000000080)={0x0, "aa8c44a1", 0x6, 0x8, 0x3, 0x6e48, "9f929aabd06e2686b720bf916f3fa0df"}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) fcntl$auto(0x8000000000000001, 0x5, 0x8) (async, rerun: 32) read$auto(0xffffffffffffffff, 0x0, 0x8) (async, rerun: 32) readv$auto(0x3, 0x0, 0x1) (async, rerun: 32) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)={0x14, r6, 0xf25, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4044054) mmap$auto(0x1000, 0x1, 0x7ff, 0x19, 0xffffffffffffffff, 0x1) (async, rerun: 32) mmap$auto(0x0, 0xe983, 0xdf, 0x16, 0x401, 0x7ffc) (async, rerun: 32) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xb, 0x4, 0x16, 0x940, 0x1ffe0, 0x0, 0x6, 0x2, 0x2, 0x25, 0xfff, 0x7, 0x4, 0x1, 0x5, 0x20000003, 0x5, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, [0x0, 0x2, 0x0, 0x5, 0x0, 0x3, 0x3, 0x3, 0x1000000000000, 0x0, 0x40000000003, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbd0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x404, 0x0, 0x3, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x100000001, 0x0, 0x0, 0x10000, 0xbf]}, 0x1fe, 0xffff) ioctl$auto(0x3, 0x8008743f, 0x1) (async) r7 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), r3) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET2(r3, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r7, 0x100, 0x70bd0a, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000091}, 0x440ecc4159a90d00) (async) socket(0x2c, 0x3, 0x0) 1m29.729265705s ago: executing program 4 (id=4175): close_range$auto(0x2, 0x8, 0x0) openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, &(0x7f0000000180), 0x28400, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/swradio0\x00', 0x1600, 0x0) adjtimex$auto(&(0x7f0000000000)={0xfffffff1, 0x0, 0x7, 0x9c, 0xe1d, 0x3, 0x3, 0x0, 0xfffffffffffffff7, 0x4, 0x80000000004, {0x100000000}, 0x8000000252, 0x5, 0x3, 0x1, 0x0, 0x4, 0x9, 0xc571, 0x4, 0x400, 0x3}) clock_adjtime$auto(0x10, &(0x7f00000001c0)={0x1, 0x0, 0x8, 0x3, 0xf, 0xfffffffffffffffb, 0x2, 0x0, 0x10000, 0xcd, 0x24, {0x7, 0x7}, 0x3, 0x21, 0x3ff, 0x10001, 0x0, 0x101, 0x10001, 0xffff, 0xd, 0xff}) adjtimex$auto(&(0x7f00000002c0)={0x3fc6, 0x0, 0x0, 0xd42b, 0x6, 0xffffffffffffeb11, 0x100, 0x0, 0x6b, 0x2e10, 0x8, {0xffffffffffffffff, 0xffffffffffffffff}, 0x1ddf3634, 0x6f, 0x3, 0x997, 0x0, 0x3, 0xb473, 0x200, 0x8f, 0xffffffff, 0xc9}) readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6) 1m29.594917767s ago: executing program 4 (id=4176): r0 = open(&(0x7f0000000140)='}[,&*}\x00', 0x68940, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000004c0), r1) sendmsg$auto_ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="ffff26bd7000fcdbdf251500000008000600020000002000018014000200766574683000000000000000000000000800030006"], 0x3c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_virt_wifi\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="a0000000", @ANYRES16=r2, @ANYBLOB="000125bd7000fedbdf2526000000840001801400020076657468315f746f5f626f6e640000000800030021540000080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000300b0010000080203000e673a139675716c766c616e30000000000002000000020008000100", @ANYRES32=r3, @ANYBLOB="1400020076657468315f746f5f626f6e64000000140002006d6163767461703000000000000000000800070004000000"], 0xa0}, 0x1, 0x0, 0x0, 0x8}, 0x1) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) 1m29.370094279s ago: executing program 4 (id=4177): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/midi2\x00', 0x200081, 0x0) (async) close_range$auto(0x2, 0xa, 0x0) (async) io_uring_setup$auto(0x6, 0x0) (async) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b74, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) ppoll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0x4, 0x8}, 0x6, 0x0, 0x0, 0x8) (async) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0x0) (async) syz_genetlink_get_family_id$auto_ovs_datapath(0x0, 0xffffffffffffffff) (async) sendmsg$auto_OVS_DP_CMD_NEW(r1, 0x0, 0x0) (async) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) (async) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, 0x0, 0x20000000) (async) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) (async) write$auto(0x3, 0x0, 0xfffffdef) (async) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc850}, 0x800) (async) sethostname$auto(&(0x7f0000000000)='/dev/bus/usb/015/001\x00', 0x8) (async) mknod$auto(&(0x7f0000000040)=':,\x00', 0xfff, 0x9) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) (async) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rpc/auth.unix.gid/channel\x00', 0x141400, 0x0) pread64$auto(r2, 0x0, 0x8, 0x1000) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x3, &(0x7f0000000000)={0x0, 0xc4}, 0xdf, 0x0, 0x0, 0x1}, 0x1}, 0x3, 0x9c64) 1m28.351108659s ago: executing program 4 (id=4189): write$auto(0xca, &(0x7f00000000c0)='\x04>2\x04!\xe2\x00\x94\xf2\xa2\x00\x00', 0x7e) getresuid$auto(&(0x7f0000000080)=0x7, &(0x7f00000000c0)=0x8000, 0xfffffffffffffffc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(r0, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x4000000040000c, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x3ff, 0x0, 0x3, 0x5f, 0x0, 0x3}, 0x6f3) socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x28) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r1, 0x80104592, &(0x7f0000000080)={0x2000, 0x800007, 0x5}) ioctl$auto(0x3, 0x80004509, 0x10000000000402) write$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffffff, 0x0, 0x4) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r2 = fcntl$auto_F_SETLK(r0, 0x6, 0xffffffffffffffff) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r2, 0x1, &(0x7f0000000140)="3bbf8f1447bd1f9d7ed189fb1185045c95ea902632d2d95b76f04cb3980d30318ea5f9c2f4777e2fb5ff82877ed1680c03cda2cb0ef89851f6f5996f00243a368e32027a031c76835c1be992901e076224f16f5c335ae25fa2c308025f568de71c14dc75f51ea77380469a743026cea357ea79d0ccc1facfe16e3001229302ab224173192478519b3d9ee7f77cbe57557590b7a81ba6b613950fbca82dc2bc1acb") r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/min_ttl_ms\x00', 0x40000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)=""/97, 0x61) getrandom$auto(0x0, 0x6000000, 0x3) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) madvise$auto(0x0, 0x20499d, 0x9) ioctl$auto(0xffffffffffffffff, 0x40046205, 0x9) 1m26.788254892s ago: executing program 4 (id=4186): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/wlan0/router_solicitations\x00', 0x204481, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x9cc60, 0x0) ioctl$auto(r1, 0x405c5503, 0x81) sendfile$auto(r0, r0, 0x0, 0x7fffe000) r2 = socketcall$auto_SYS_ACCEPT(0x5, &(0x7f0000000000)=0x8) ioctl$auto_SNDRV_PCM_IOCTL_REWIND(r2, 0x40084146, &(0x7f00000000c0)=0xd40f) personality$auto(0x2) 1m26.500331623s ago: executing program 4 (id=4188): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x8, 0x2000000000002) open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x20b42, 0x0) select$auto(0xa, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0x8000000c, 0x5, 0x0, 0x5, 0x2000000000000002, 0x9, 0x8, 0x400000000ff, 0xa, 0x4, 0xaab, 0x5, 0x7]}, 0x0, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r1, 0xc0045520, 0xffffffffffffffff) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x6, 0x9, 0x0, 0xfb3) write$auto(r0, &(0x7f00000000c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0xffffffff) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0)) 1m11.395879688s ago: executing program 35 (id=4188): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x8, 0x2000000000002) open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x20b42, 0x0) select$auto(0xa, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0x8000000c, 0x5, 0x0, 0x5, 0x2000000000000002, 0x9, 0x8, 0x400000000ff, 0xa, 0x4, 0xaab, 0x5, 0x7]}, 0x0, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r1, 0xc0045520, 0xffffffffffffffff) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x6, 0x9, 0x0, 0xfb3) write$auto(r0, &(0x7f00000000c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0xffffffff) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0)) 19.416074479s ago: executing program 1 (id=4415): openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/manager\x00', 0x0, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001540)={'netdevsim0\x00'}) prctl$auto_PR_GET_IO_FLUSHER(0x3a, 0x7ffe, 0x0, 0x80000004, 0x7) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) setresuid$auto(0x2, 0x7, 0x8080) socket(0xf, 0x5, 0x21) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/manager\x00', 0x0, 0x0) (async) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001540)={'netdevsim0\x00'}) (async) prctl$auto_PR_GET_IO_FLUSHER(0x3a, 0x7ffe, 0x0, 0x80000004, 0x7) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) setresuid$auto(0x2, 0x7, 0x8080) (async) socket(0xf, 0x5, 0x21) (async) fsopen$auto(0x0, 0x1) (async) close_range$auto(0x2, 0x8, 0x0) (async) 18.550427579s ago: executing program 1 (id=4419): close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) sysfs$auto(0x2, 0x7, 0x0) (async) r0 = prctl$auto_PR_PAC_GET_ENABLED_KEYS(0x3d, 0x10000, 0xffffffffffffffff, 0x6, 0x5) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000000), r0) (async) fsopen$auto(0x0, 0x1) (async) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x80002, 0x73) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x40001, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) (async) r1 = open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8) write$auto_cachefiles_daemon_fops_internal(r1, &(0x7f0000000240)="ed2fd332418b", 0x6) (async) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) socket(0xa, 0x3, 0x6) socket(0xa, 0x1, 0x84) (async) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfffff4a4, 0x0, 0xfffffffffffffffd) (async) write$auto(r1, 0x0, 0xeffd) (async) socket(0x2, 0x80805, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) timer_create$auto(0x0, 0x0, 0x0) (async) timer_create$auto(0x3, 0x0, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x54) (async) setsockopt$auto(0x3, 0x10000000084, 0x23, 0x0, 0x8) 18.050486986s ago: executing program 1 (id=4424): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = socket(0x26, 0x80805, 0x0) dup2$auto(0xffffffffffffffff, r0) bind$auto(0x3, &(0x7f0000000040), 0x14) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) socket(0x26, 0x80805, 0x0) (async) dup2$auto(0xffffffffffffffff, r0) (async) bind$auto(0x3, &(0x7f0000000040), 0x14) (async) 17.945380788s ago: executing program 1 (id=4425): mmap$auto(0x10001, 0x20009, 0xc1, 0x19, 0xffffffffffffffff, 0x53) r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000280)='/dev/cuse\x00', 0x12080, 0x0) r1 = openat$auto_clear_warn_once_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x58841, 0x0) close_range$auto(r1, r0, 0x9) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x80000, 0x0, 0x2, 0x13, r2, 0x171f) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/asound/card2/midi2\x00', 0x183801, 0x0) read$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000040)=""/153, 0x99) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYRES32=r4, @ANYRES32=r6], 0x24}, 0x1, 0x0, 0x0, 0x24048080}, 0x80) r7 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000240)='/dev/mtd0ro\x00', 0x22080, 0x0) ioctl$auto_OTPLOCK(r7, 0x800c4d10, &(0x7f00000001c0)={0x3, 0x7, 0x5}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) write$auto(r3, &(0x7f0000000340)='_lan\xd17\x8f\x19\x8c\x9co\xcd\x90]S0\x00#\x86\x82\x99\x7f\xde\xe1\x1aN]\x8f\x80\xfc\x87\x846\xf6\xfd\xf2\xc0J\xfaL\x8bzi\n\xd7\x7f7_&\\\x05\xa4\xa7\xa3~\x9a4\x18|\xf7\xdc\xfe\xfbQ\xf8\x94\x10~B\xa4\xc1K\xba:\x87\x14\xe0\x94;\xcd\x10\x10\xbb\x18\x98\xb6_(v\xe7+1\x9f\xb3\xb9\x99\x10\xe0yc.O\a\xe4\xe28\xf3%\xe8\xa6\x9b\xc4\x02\xe8x\xb3EZzVW\xda\x90Ga\x1e\x8b\xd3\xe82K\v\xfa\xa1\x15\xcb\xb0\xcb\x96\f\xa0\xa3B\xef\\\xb9\xf8S\xcb\xd5f\xfaf~\x85W\xae\x89\x93t\xd8\xa7\xa1\x99\xbd\xcbG\xa8?\xbf\x9c\xd6W\x96\x0f,\xae\x04J\xa7\xac_\xf2\x8e\xa9\xf2\xb0$\xe2\xab\x94\xba\x15\xd6i\x9a\xc8Y\x8dm\x19\x978\x8bc\xc7e\xf7\xe6D$\xc4\xe3UI7\x1b\xe2\xd1N\xaf\xb3#\xe9e`I\xd2\xf5\x02$\xbfa\xc8N\xb9\xcf\xec\x98\x82#\x9bh\x91^\xfb^uF\x9a\'\xe4\x03\xdb\xb6\xc4\x84\xc0\xc0:\xe5N\xf5\x15PT\x96f\x05J\x89vu\x15\xea\xf2\xf8\xbe\xe0\xe8\xde/\x86\'\xbd\xb1\x97\xc1\xfe\xd4T\xb0\xdf\x95\x16?B\xb6\xd7\xf2\xad\xcb\xcekn\xeb\xac\xfcz\r\xd2\x99\xd0%q\xcfa\x96\x11\xadW8\xa4\x83\r\xd2\n3.\xddY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9e\x12\xaa\x9bW\xcc3\xf5cLZg\xbbnK~\x13\x99\xa6A=W*\x93\xe7\f+\xb1*\xddx\xeb^\xb8\xc0n\x13*2\xd2\n\x86\xa6\xb8\xda\xef=\x02ll\x7f\xfa\x86mp\x84n\x8b\xf6\xb8\xb2\x05\xb9t\x9e\xc4b\x1fa\xf6z\x01\xb4\"\x8b\x9c\xa9\x03/\xe5\x85\xf9\xb9`d@6\xcf\xfe^\xe4Q\x14\xa5\x8d\xd1\x03\xd8\xd5\xe4\xb0\xed\x98\xaf\xefuC\r\xad\x151\x8fV\xd9\x15\x1e/U\xcd\x180', 0x8000000000000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffd8f, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x40800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x7, 0x0) mremap$auto(0x0, 0x7, 0x3fd6, 0x2, 0x100) close_range$auto(0x2, 0x8000, 0x0) mmap$auto(0x0, 0x3, 0xe2, 0xeb1, 0x405, 0x8003) socketpair$auto(0x1d, 0x5, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_freeze_timeout\x00', 0x40000, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x1541, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40100, 0x0) io_uring_setup$auto(0x7, 0x0) r8 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000002140)='/proc/sys/fs/file-nr\x00', 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r8, 0xae01, 0x0) 17.24917718s ago: executing program 1 (id=4429): openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/state\x00', 0x2000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffbfffffa, 0x8000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/dvb_usb/parameters/disable_rc_polling\x00', 0x2062, 0x0) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) socket(0x2, 0x3, 0xa) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0xa, 0x3, 0x3a) socket(0x29, 0x5, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) ioctl$auto(r2, 0xc040563d, r1) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r3, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) mprotect$auto(0x1ffff000, 0x810002, 0x6) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0xa001, 0x0) write$auto(r4, &(0x7f0000000140)='7\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto(0x3, 0x0, 0x6) 16.023610518s ago: executing program 1 (id=4431): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x4, 0xa) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) (async) close_range$auto(0x2, 0x8000, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_prog_fd=0x77, 0xa, @old_map_fd=r1}, 0x10) (async) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_prog_fd=0x77, 0xa, @old_map_fd=r1}, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xec6) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) (async) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r2, 0xc1105511, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) unshare$auto(0x40000080) (async) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0xd0800, 0x0) (async) r3 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0xd0800, 0x0) write$auto_fuse_dev_operations_fuse_i(r3, &(0x7f0000000440)="19000003d30000", 0x7) socket(0x2, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x80000000000000d, 0x1, 0x948d, 0x6, 0x15f4da0a, 0x1, 0x8, 0x1000000, 0xfffffffffffffffd, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) 9.694187087s ago: executing program 6 (id=4453): r0 = socket(0x2, 0x2, 0x1) connect$auto(r0, 0x0, 0x55) (async) io_uring_setup$auto(0x6, 0x0) prctl$auto_PR_SYS_DISPATCH_ON(0xfffffffc, 0x1, 0xffffffffffffffff, 0x3ff, 0x1) (async) mmap$auto(0x0, 0x2020009, 0xbe, 0xeb1, 0xfffffffffffffffa, 0x2000000000008000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) mknod$auto(&(0x7f0000000040)=':,\x00', 0xc9, 0xcb) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) (async) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) (async) mount$auto(&(0x7f0000000000)='pimreg\x00', &(0x7f0000000040)='\x00', 0x0, 0x10dfd057, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/wakeup/wakeup8/active_count\x00', 0x8080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/4096, 0x1000) (async) fspick$auto(0xffffffffffffff9c, &(0x7f0000000000)='!\x00', 0x6) 9.334523471s ago: executing program 6 (id=4455): r0 = socket(0x29, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mbind$auto(0xf000, 0xfffffffffffffffa, 0x100002002, 0x0, 0x3cc033db, 0x10002) sendmsg$auto_MACSEC_CMD_DEL_RXSA(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r0, @ANYRES16=r1], 0x14}, 0x1, 0x0, 0x0, 0x844}, 0x20000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) write$auto(0x3, 0x0, 0xfffffdef) r2 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={0xffffffffffffffff, 0xca, 0x2b}, 0x6, 0x100000) r4 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r2) r5 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/bluetooth/hci5/hci5:200/power/control\x00', 0x40200, 0x0) close_range$auto(r5, r1, 0x4) writev$auto(r3, &(0x7f0000000140)={&(0x7f00000000c0)="a139ea22766b28f7aeafffb9f9ab3192ffec55d579ea160953dda210a80c3cddc69318512b3eed8499d35bb0f55768900e4f8aad3c2c9e6ce1d6e2dee2565c5f3572a3439eacd4b58fe1", 0x8}, 0xc76) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x54, r4, 0x301, 0x70bd2b, 0x25dfdbfd, {}, [@NETDEV_A_QUEUE_IFINDEX={0x8}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0xfffffffb}, @NETDEV_A_QUEUE_IFINDEX={0x8}, @NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0xffffffff}, @NETDEV_A_QUEUE_IFINDEX={0x8}, @NETDEV_A_QUEUE_IFINDEX={0x8}, @NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0x4}, @NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0x106}]}, 0x54}, 0x1, 0x0, 0x0, 0x2004c005}, 0x200040d5) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x3ec0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x4, 0x2000000000000116, 0x80, 0xfffffffffffffffd, 0x0) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) r6 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3ae2c285", @ANYRES16=r8, @ANYBLOB="01002dbd7000fcdbdf25010000000c0002000500000000000000040007800c000600d200000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) read$auto_tracing_buffers_fops_trace(r6, &(0x7f0000000080)=""/123, 0x7b) madvise$auto(0x0, 0xffffffffffff0005, 0x19) write$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffffff, &(0x7f0000000140)="6524c7aac083b05c1173a1174ad8f52418f12c", 0x13) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) 8.074565852s ago: executing program 7 (id=4461): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = prctl$auto_PR_GET_MEMORY_MERGE(0x44, 0x7, 0xffffffffffffffff, 0x7, 0xffffffffffff8000) close_range$auto(r0, r0, 0x0) socket(0xa, 0x1, 0x84) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x200, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x7}, 0x10) close_range$auto(0x2, 0x8, 0x0) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000280), 0x1e9282, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) pipe$auto(0x0) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) write$auto(0x1, 0x0, 0x80000000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) ioperm$auto(0x7, 0x6, 0x2) sysfs$auto(0x9, 0x3, 0xfffffffffffffffc) socket(0x29, 0x5, 0x9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x8, 0x2, 0x4004, 0xfffffffffffffffd, 0xffffffffffffffff) setreuid$auto(0x4, 0x8) setgroups$auto(0x7, 0xffffffffffffffff) setreuid$auto(0x3, 0x7) pivot_root$auto(0x0, 0xfffffffffffffffe) move_pages$auto(0x0, 0x1, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2) sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, 0x0, 0x20000004) 6.963605767s ago: executing program 7 (id=4462): mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b41, 0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001900), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_GET_TXSC(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002b00)={&(0x7f0000001940)={0x14, r3, 0x186f202170196f7b, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x0) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002580), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f0000000000)={0x30, r4, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x5}, @NFSD_A_SERVER_SCOPE={0x9, 0x4, 'nfsd\x00'}, @NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0x60}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x810) 6.861131038s ago: executing program 6 (id=4463): write$auto(0xca, &(0x7f00000000c0)='\x04>2\x04!\xe2\x00\x94\xf2\xa2\x00\x00', 0x7e) getresuid$auto(&(0x7f0000000080)=0x7, &(0x7f00000000c0)=0x8000, 0xfffffffffffffffc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(r0, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x4000000040000c, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x3ff, 0x0, 0x3, 0x5f, 0x0, 0x3}, 0x6f3) socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x28) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r1, 0x80104592, &(0x7f0000000080)={0x2000, 0x800007, 0x5}) ioctl$auto(0x3, 0x80004509, 0x10000000000402) write$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffffff, 0x0, 0x4) r2 = fcntl$auto_F_SETLK(r0, 0x6, 0xffffffffffffffff) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r2, 0x1, &(0x7f0000000140)="3bbf8f1447bd1f9d7ed189fb1185045c95ea902632d2d95b76f04cb3980d30318ea5f9c2f4777e2fb5ff82877ed1680c03cda2cb0ef89851f6f5996f00243a368e32027a031c76835c1be992901e076224f16f5c335ae25fa2c308025f568de71c14dc75f51ea77380469a743026cea357ea79d0ccc1facfe16e3001229302ab224173192478519b3d9ee7f77cbe57557590b7a81ba6b613950fbca82dc2bc1acb") r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/min_ttl_ms\x00', 0x40000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)=""/97, 0x61) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x10000, 0x2) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) madvise$auto(0x0, 0x20499d, 0x9) ioctl$auto(0xffffffffffffffff, 0x40046205, 0x9) 6.54255673s ago: executing program 5 (id=4464): r0 = socket(0x1d, 0x2, 0x6) r1 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev1\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) r3 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r3, 0x0, 0x400) ioctl$auto(0x3, 0xc040564a, 0x38) ioctl$auto(0x3, 0x4070aea0, 0xffffffffffffffff) shutdown$auto(r0, 0x9d7) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) r5 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0xf82, 0x0) write$auto_msr_fops_msr(r5, 0x0, 0x4d) unshare$auto(0x40000080) socket(0x1d, 0x2, 0x2) socket(0x1d, 0x2, 0x2) socket(0x10, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r0, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000001400)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4010) syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000100), r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x101c00, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) unshare$auto(0x40000080) 5.382568504s ago: executing program 7 (id=4465): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) mlockall$auto(0x7) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) write$auto(r0, &(0x7f0000000040)='S\x00\x00\x00\x00\x00\x00\xf0I\xba\xc9\xae\x80HcH\x00\xe8VF\x9e', 0x8587) msync$auto(0x8, 0x2000000005, 0x6) openat$auto_dev_fops_plock(0xffffffffffffff9c, &(0x7f0000000040), 0x10400, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) preadv$auto(0xffffffffffffffff, 0x0, 0x4, 0x8, 0x5) mlock$auto(0x3, 0x6) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r3, 0x29, 0x49, &(0x7f0000000040)='!\x00', 0x1ff) socket(0x21, 0x2, 0x2) rt_tgsigqueueinfo$auto(0x0, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x65, 0x2) setresuid$auto(0x2, 0x7, 0x8080) 4.500306786s ago: executing program 7 (id=4466): unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioperm$auto(0xfb, 0x5, 0xe) r0 = socket(0x2, 0x3, 0x6) close_range$auto(0x2, r0, 0x0) r1 = socket(0xa, 0x5, 0x0) socket(0x2, 0x3, 0x6) statx$auto(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x4, 0xffffffff, &(0x7f0000000480)={0x5, 0x13, 0x30020ebb, 0x7, 0x0, 0xffffffffffffffff, 0x8, 0xa1c9, 0x8, 0x1ff, 0x2, 0x0, {0x100000000000008, 0x102}, {0x5, 0x4}, {0x9, 0xffff7c00}, {0x100000005, 0xf35}, 0x8, 0x7, 0x4, 0x2, 0x20000000004, 0x855a, 0x7f, 0x9, 0x4, 0x0, 0x87, 0x5, [0x5, 0x2d52, 0x6, 0x9, 0x0, 0x9, 0xfffffffffffffffc, 0x3, 0x10000]}) msgctl$auto_IPC_SET(0x9, 0x1, &(0x7f0000000180)={{0xf, 0xee01, 0xee00, 0x40ae, 0x7, 0x1, 0xfff}, &(0x7f0000000100)=0x8, &(0x7f0000000140)=0x40, 0x1, 0x8, 0xdb2, 0x0, 0x100000000, 0x67c0, 0x7, 0x6, @inferred=0xffffffffffffffff, @raw=0x9}) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000780)='/proc/sys/kernel/unprivileged_bpf_disabled\x00', 0x101002, 0x0) socket(0x2a, 0xa, 0xfffffffe) signalfd$auto(0xffffffff, &(0x7f0000000000)={0x7}, 0x8) read$auto(0x3, 0x0, 0x7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x7, 0x3) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x800, 0x24, 0x1, 0x66b, 0x0, 0x5}, 0x4f4) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400181f", @ANYRES16=0x0, @ANYRESDEC=r3], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x20048810) r4 = geteuid() setreuid$auto(r4, 0x0) shmctl$auto_SHM_INFO(0x8, 0xe, &(0x7f00000002c0)={{0xffffffff, 0xee01, 0xee01, 0x4, 0x0, 0x7, 0x6}, 0x7f, 0x10001, 0x2b9fa7ca, 0x4, @inferred, @inferred=r2, 0xaa1b, 0x0, &(0x7f0000000180)="20d3c5fbba9bf81d745bd25828866f8ec11a521c9d819d11251b32359d41506e85cee16f7cbac24647e9929634861f64e700ed317c3b311a7ad63d66fb52d74b8c63c83666f926f81c2567925f9b1ad06d3934f9daf4d66b0bba5a3c07ba81ea3b36d260bc1f2906a2ae2da96b2cb181666ab3aaefd5d524b72838dc3c4c42a6915019cca7b1f1e1c69247491c355c13459c958f402b9e261cd050558a1a70b4f7bb1d5bc0e5ebac79d89ea9c988fa12", 0x0}) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r1, 0x0, 0x10) madvise$auto(0x0, 0x2000040080000004, 0xe) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) clone$auto(0x100000000, 0x1, 0x0, 0x0, 0x37) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) clone$auto(0x7, 0x352, 0x0, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x3) 3.02555475s ago: executing program 7 (id=4467): shmctl$auto(0x4, 0x3d1, &(0x7f0000000180)={{0x0, 0x0, 0x0, 0x40, 0x7ff, 0x0, 0xc965}, 0x8, 0x1, 0x8, 0x8, @inferred, @inferred, 0x58e, 0x0, 0x0, 0x0}) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10) clone$auto(0x1000, 0x9, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x5) shmctl$auto(0x4, 0x3d1, &(0x7f0000000180)={{0x0, 0x0, 0x0, 0x40, 0x7ff, 0x0, 0xc965}, 0x8, 0x1, 0x8, 0x8, @inferred, @inferred, 0x58e, 0x0, 0x0, 0x0}) (async) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (async) modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10) (async) clone$auto(0x1000, 0x9, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x5) (async) 2.763501686s ago: executing program 6 (id=4468): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x7, 0x1ff, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x6, 0x80003, 0x4, 0x1ffffffffffd, 0xb4, 0xffffffffffffffff, 0x8, 0x10007, 0x80, 0x4, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0x0, 0x2, 0x0, 0x2000, 0x0, 0x8, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x8, 0x8, 0x1, 0x6, 0x0, 0xfffffffffffbfffd, 0x5, 0x10000000000001, 0x10000000000, 0xe, 0x4, 0xfffffffffffffe00, 0x0, 0x0, 0x5, 0x400000000005b4, 0xffff, 0x0, 0x3, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x8, 0xa38, 0x0, 0x3, 0xfffffffffffffff8, 0x3, 0x1, 0x7, 0xc567]}, 0x1fe, 0xd) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) process_vm_writev$auto(0x0, &(0x7f00000011c0)={&(0x7f00000001c0)="42777dd1330b458d0b5c44ca32e94fc00cfbce962ee7d8f31c0f90c327830f55adfdceafcc0f7b5a21ea23bdf5344d47d49d60218e57bb33118d04fdd37f5fd17f96a318132a5dd282784244bd58b9a0c8adc60d2f8535b3", 0x8}, 0x7, 0x0, 0x7, 0xb5) sendmsg$auto_TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000002a80)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYRES16=0x0, @ANYBLOB="01000200000000006bbc9d65365cbf8013"], 0x18}, 0x1, 0x0, 0x0, 0x4000094}, 0x8080) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) name_to_handle_at$auto(0xffff, 0x0, 0x0, 0x0, 0x1) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000000000000a3677337f9eca9075f6bba441b", 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x2, 0x100) 2.610546474s ago: executing program 7 (id=4469): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x183242, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x2, {{0x1, 0x800001}}}, 0x866) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/extra\x00', 0x0, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r1 = open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8) write$auto(r1, 0x0, 0xeffd) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) close_range$auto(0x2, r0, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x400}, 0x4}, 0xfff, 0xb07e) madvise$auto(0x0, 0xffffffffffff0005, 0x19) getrlimit$auto(0x6, 0x0) socket(0xa, 0x2, 0x0) connect$auto(0x3, 0x0, 0x55) adjtimex$auto(0x0) setreuid$auto(0x3, 0x7) ioprio_set$auto(0x3, 0x400000000000, 0x72e2f0a) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x20) ioctl$auto(0xffffffffffffffff, 0x1260, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_handshake(&(0x7f0000000100), 0xffffffffffffffff) 2.529512418s ago: executing program 5 (id=4470): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x8000000000000001, 0xa) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram4\x00', 0xdd01, 0x0) ioctl$auto_BLKRRPART(r0, 0x125f, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0xa, 0x3f, 0x4909b6f8, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x6, 0x10003, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x2000, 0x0, 0xa, 0x100000001, 0xefde, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x400000000005b8, 0xc, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x9, 0xa38, 0x0, 0x3, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x4]}, 0x1fe, 0xd) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000000), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c003b"], 0x1ac}}, 0x40000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) 2.255153522s ago: executing program 5 (id=4471): openat$auto_fops_atomic_t_(0xffffffffffffff9c, 0x0, 0x478000, 0x0) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x101000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/scsi/scsi\x00', 0x40100, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r0 = openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000280), 0x1e9282, 0x0) setfsuid$auto(0xee00) ioprio_get$auto(0xfd, 0x0) mmap$auto(0x0, 0x1, 0x62, 0x1f, r0, 0x8000) r1 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000240), r1) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ttyy0\x00', 0x4002c1, 0x0) write$auto_console_fops_tty_io(r2, 0x0, 0x0) write$auto(0x3, 0x0, 0xfffffdef) getpid() setgroups$auto(0x2, &(0x7f0000000040)=0x2) r3 = getpgid(0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0xa, 0x801, 0x84) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="1b0026bd7000fddbdf2503000000040008001c00038008000600", @ANYRES32=r4, @ANYBLOB="0f000d006f76735f7061636b6574000012000100898771f1c19f177904859082c9693560040002"], 0x4c}, 0x1, 0x0, 0x0, 0x20048807}, 0xc800) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) mmap$auto(0x0, 0x8, 0x1000000016, 0x13, 0x3, 0x400180000000) rt_sigqueueinfo$auto(r3, 0x9, 0x0) 2.022885914s ago: executing program 5 (id=4472): socket(0x10, 0x2, 0x0) openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/tracing_on\x00', 0x68a901, 0x0) (async) r0 = openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/tracing_on\x00', 0x68a901, 0x0) mmap$auto(0xcb400, 0x7ff, 0x42, 0x210, r0, 0x7) socket(0xa, 0x1, 0x84) mmap$auto(0xfffffffffffffffc, 0xfff, 0x3, 0xeb5, r0, 0xc) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r1, 0x4, 0x7ff) wait4$auto(r1, 0x0, 0x0, &(0x7f0000000040)={{0xff, 0xffffffffffffffff}, {0x6, 0xffffffffffffffaf}, 0x4, 0x10, 0x3, 0xa5a5, 0x6, 0x1, 0x1, 0x2, 0x3ff, 0x7, 0x1, 0x0, 0x5, 0x8000000000000001}) epoll_pwait$auto(0x2, 0x0, 0x2, 0x0, 0xfffffffffffffffd, 0x4) r2 = socket(0xa, 0x801, 0x100) getsockopt$auto(r2, 0x40000000029, 0x10, 0xfffffffffffffffe, 0x0) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80020000}, 0xc, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) (async) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80020000}, 0xc, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) (async) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xa101, 0x0) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xa101, 0x0) select$auto(0x7ff, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x2, 0x0, 0x80000001, 0x7, 0x40000000006d39, 0x1, 0x2, 0x9]}, 0x0) (async) select$auto(0x7ff, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x2, 0x0, 0x80000001, 0x7, 0x40000000006d39, 0x1, 0x2, 0x9]}, 0x0) mmap$auto(0x0, 0x4, 0x3, 0xeb1, 0xffffffffffffffff, 0x0) (async) mmap$auto(0x0, 0x4, 0x3, 0xeb1, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) (async) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) msgsnd$auto(0x5, 0x0, 0x3, 0x5) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0xf, 0x7, 0x8, 0x0) socket(0x10, 0x3, 0xb) close_range$auto(0x0, 0xfffffffffffff000, 0x2) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x8001, 0xb) (async) mlock$auto(0x8001, 0xb) 678.517624ms ago: executing program 5 (id=4473): ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_TUNNEL_INFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) write$auto(r2, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) 653.746466ms ago: executing program 36 (id=4431): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x4, 0xa) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) (async) close_range$auto(0x2, 0x8000, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_prog_fd=0x77, 0xa, @old_map_fd=r1}, 0x10) (async) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_prog_fd=0x77, 0xa, @old_map_fd=r1}, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xec6) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) (async) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r2, 0xc1105511, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) unshare$auto(0x40000080) (async) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0xd0800, 0x0) (async) r3 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0xd0800, 0x0) write$auto_fuse_dev_operations_fuse_i(r3, &(0x7f0000000440)="19000003d30000", 0x7) socket(0x2, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x80000000000000d, 0x1, 0x948d, 0x6, 0x15f4da0a, 0x1, 0x8, 0x1000000, 0xfffffffffffffffd, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) 639.753965ms ago: executing program 6 (id=4475): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket(0x2a, 0x2, 0x0) socket(0x23, 0x80805, 0x0) memfd_secret$auto(0x0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x24000802) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) mprotect$auto(0x1ffff002, 0x8000000000000001, 0xb) mount$auto(&(0x7f0000000000)='pimreg\x00', &(0x7f0000000040)='\x00', 0x0, 0xe615, 0x0) r0 = getpgid(0x0) readv$auto(0xffffffffffffffff, &(0x7f00000010c0)={0x0, 0xffffffffffff65df}, 0x7) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x2400, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x3) msgrcv$auto(0x0, 0x0, 0x200000ffd, 0xfffffffffffffffd, 0xb1) msgsnd$auto(0x0, &(0x7f0000000000)={0x1, 0x5}, 0x8, 0x9) ustat$auto(0x937, &(0x7f00000000c0)={0xfffffffe, 0x6, "b00bdc8ba173", "f4b2ffbbd8c4"}) pidfd_open$auto(r0, 0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="0000ed00", @ANYRES64=r1], 0x5f}, 0x1, 0x0, 0x0, 0x240408d1}, 0x5) r2 = socket(0x11, 0x2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x5, 0x0) setsockopt$auto(0x4, 0x84, 0x7d, 0xfffffffffffffffe, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) sendmsg$auto_NL802154_CMD_GET_INTERFACE(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040}, 0x20004010) 71.81842ms ago: executing program 6 (id=4476): write$auto(0xca, &(0x7f00000000c0)='\x04>2\x04!\xe2\x00\x94\xf2\xa2\x00\x00', 0x7e) getresuid$auto(&(0x7f0000000080)=0x7, &(0x7f00000000c0)=0x8000, 0xfffffffffffffffc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(r0, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x4000000040000c, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x3ff, 0x0, 0x3, 0x5f, 0x0, 0x3}, 0x6f3) socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x28) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r1, 0x80104592, &(0x7f0000000080)={0x2000, 0x800007, 0x5}) ioctl$auto(0x3, 0x80004509, 0x10000000000402) write$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffffff, 0x0, 0x4) r2 = fcntl$auto_F_SETLK(r0, 0x6, 0xffffffffffffffff) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r2, 0x1, &(0x7f0000000140)="3bbf8f1447bd1f9d7ed189fb1185045c95ea902632d2d95b76f04cb3980d30318ea5f9c2f4777e2fb5ff82877ed1680c03cda2cb0ef89851f6f5996f00243a368e32027a031c76835c1be992901e076224f16f5c335ae25fa2c308025f568de71c14dc75f51ea77380469a743026cea357ea79d0ccc1facfe16e3001229302ab224173192478519b3d9ee7f77cbe57557590b7a81ba6b613950fbca82dc2bc1acb") r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/min_ttl_ms\x00', 0x40000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)=""/97, 0x61) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x10000, 0x2) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) madvise$auto(0x0, 0x20499d, 0x9) ioctl$auto(0xffffffffffffffff, 0x40046205, 0x9) 0s ago: executing program 5 (id=4477): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x17, 0x0) fsopen$auto(0x0, 0x1) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) rseq$auto(&(0x7f0000000080)={0x9, 0x8, 0x0, 0x7, 0xffffffff, 0x2, "24229ba6405fe4fc8b79b54d7e17"}, 0x7ffd, 0xfffffff4, 0x6) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(0x0, 0xeee00, 0x31) mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(0x0, 0x1e1401, 0xe5) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) write$auto(r0, &(0x7f00000000c0)='/dev/\b\x00\x00\x00\x00\x00\x00\x00\x00\xc1d&\xa2\x1a\x96n\xad\xb2\xa5\x03\xef,9+\xe3\x86/.\xdf\x80\xd0W\xcb\xabU5\x14~\xd6\xedP\x11\xdb\x8f\xa4{\x8e\xf5\xe0\xb8\xa6\xcc\x1c\'\xc4\'!>\xfem\x82\x8a\x11\x9c\xfc\x9cy5, \xea\xa3T\x95-\x1ee\x976\xea\xed{/\x86\xae\x9fk\x13g(\x139\xbc\x87_\xc9\x8bH]\x12\xdc\xcc$\xb3b8\xebP,5\xe4\xaa\xc1e\x00\xe6\xcf(', 0xd7) r1 = gettid() rt_sigtimedwait$auto(&(0x7f0000000040)={0x5}, 0x0, 0x0, 0x8) tkill$auto(r1, 0x7) write$auto(0x3, 0x0, 0x100082) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x405, 0x8000) r2 = socket(0x3, 0x5, 0x84) sendto$auto(r2, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) mmap$auto(0x0, 0xc, 0xbc5, 0x13, 0x3, 0x8000) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) clone$auto(0x8001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) r3 = socket(0xa, 0x2, 0x73) getsockname$auto(r3, &(0x7f0000000240), &(0x7f0000000280)=0xaea) mlockall$auto(0x7) mmap$auto(0x0, 0x200004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) memfd_create$auto(&(0x7f0000000000)='A\x00\x00\x00\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\f\x00\x00\v\x00E\xdb\x81\xd9\xd8\xe640\xc6\xa4Sr\x82\xcc\"K\xe1IIT\x00\x00\x00', 0xe) kernel console output (not intermixed with test programs): === END STATUS ================== [ 325.581927][T12989] netlink: 1204 bytes leftover after parsing attributes in process `syz.3.3641'. [ 328.171837][T13034] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3652'. [ 329.307271][T13057] Invalid ELF header magic: != ELF [ 330.722465][T13080] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3663'. [ 333.748226][T13154] Invalid ELF header magic: != ELF [ 334.052467][T13161] zswap: compressor not available [ 334.084412][T13162] zswap: compressor not available [ 337.187254][T13218] Scaler: ================= START STATUS ================= [ 337.230040][T13218] Scaler: ================== END STATUS ================== [ 337.303614][T13227] FAULT_INJECTION: forcing a failure. [ 337.303614][T13227] name fail_futex, interval 1, probability 0, space 0, times 0 [ 337.324174][T13227] CPU: 0 UID: 0 PID: 13227 Comm: syz.3.3694 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 337.324206][T13227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 337.324219][T13227] Call Trace: [ 337.324226][T13227] [ 337.324241][T13227] dump_stack_lvl+0x16c/0x1f0 [ 337.324280][T13227] should_fail_ex+0x50a/0x650 [ 337.324306][T13227] ? lockdep_hardirqs_on+0x7c/0x110 [ 337.324341][T13227] should_fail_futex+0x4c/0x60 [ 337.324376][T13227] __x64_sys_futex+0x260/0x4c0 [ 337.324403][T13227] ? __pfx___x64_sys_futex+0x10/0x10 [ 337.324426][T13227] ? rcu_is_watching+0x12/0xc0 [ 337.324467][T13227] do_syscall_64+0xcd/0x250 [ 337.324490][T13227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.324519][T13227] RIP: 0033:0x7f479358cda9 [ 337.324537][T13227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 337.324557][T13227] RSP: 002b:00007ffdd7cd7178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 337.324579][T13227] RAX: ffffffffffffffda RBX: 00007ffdd7cd72a0 RCX: 00007f479358cda9 [ 337.324594][T13227] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f47937a5fac [ 337.324607][T13227] RBP: 00007f47937a5fac R08: 00007f47943de000 R09: 00007ffdd7cd747f [ 337.324621][T13227] R10: 00007ffdd7cd7280 R11: 0000000000000246 R12: 000000000005258d [ 337.324635][T13227] R13: 00007ffdd7cd7280 R14: 0000000000000032 R15: 000000000005255b [ 337.324666][T13227] [ 338.481717][T13239] Process accounting resumed [ 338.885558][T13251] Process accounting resumed [ 340.516759][T13260] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 340.648337][T13260] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 340.679004][T13260] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 340.718688][T13260] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 340.796410][T13260] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 341.040003][T13260] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 341.347176][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 342.617663][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 342.696802][ T5145] Bluetooth: hci3: command 0x0c1a tx timeout [ 342.783745][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 343.470610][T13320] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 344.846215][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 345.146154][T13297] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 345.152295][T13297] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 345.186621][T13297] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 345.193465][T13297] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 345.501923][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 345.858829][T13348] syz.4.3716 (13348) used obsolete PPPIOCDETACH ioctl [ 346.320734][T13342] mkiss: ax0: crc mode is auto. [ 347.175083][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 347.250886][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 347.257034][ T5145] Bluetooth: hci3: command 0x0c1a tx timeout [ 347.424827][T13365] Invalid ELF header magic: != ELF [ 352.316462][T13429] Invalid ELF header magic: != ELF [ 352.829975][ T29] audit: type=1800 audit(6033615294.813:6): pid=13450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3741" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 354.671728][T12197] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.872818][T12197] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.008200][T12197] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.181599][T12197] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.526874][T12197] bridge_slave_1: left allmulticast mode [ 355.535415][T12197] bridge_slave_1: left promiscuous mode [ 355.550923][T12197] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.560476][ T5145] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 355.571884][ T5145] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 355.579961][ T5145] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 355.591144][T12197] bridge_slave_0: left allmulticast mode [ 355.593127][ T5145] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 355.596797][T12197] bridge_slave_0: left promiscuous mode [ 355.611042][ T5145] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 355.620645][ T5145] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 355.649498][T12197] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.770625][T12197] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 356.789868][T12197] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 356.812689][T12197] bond0 (unregistering): Released all slaves [ 357.642115][ T54] Bluetooth: hci1: command tx timeout [ 357.998004][T12197] hsr_slave_0: left promiscuous mode [ 358.030217][T12197] hsr_slave_1: left promiscuous mode [ 358.036111][T12197] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 358.064343][T12197] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 358.086725][T12197] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 358.099747][T12197] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 358.151347][T12197] veth1_macvtap: left promiscuous mode [ 358.156920][T12197] veth0_macvtap: left promiscuous mode [ 358.169588][T12197] veth1_vlan: left promiscuous mode [ 358.185141][T12197] veth0_vlan: left promiscuous mode [ 359.247134][T12197] team0 (unregistering): Port device team_slave_1 removed [ 359.338500][T12197] team0 (unregistering): Port device team_slave_0 removed [ 359.728855][ T54] Bluetooth: hci1: command tx timeout [ 360.165046][T13482] chnl_net:caif_netlink_parms(): no params data found [ 360.601550][T13482] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.620758][T13482] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.658192][T13482] bridge_slave_0: entered allmulticast mode [ 360.690099][T13482] bridge_slave_0: entered promiscuous mode [ 360.748759][T13482] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.763238][T13482] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.777283][T13482] bridge_slave_1: entered allmulticast mode [ 360.785396][T13482] bridge_slave_1: entered promiscuous mode [ 360.958410][T13482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 360.991627][T13482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 361.104470][T13482] team0: Port device team_slave_0 added [ 361.129414][T13482] team0: Port device team_slave_1 added [ 361.230965][T13482] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 361.244545][T13543] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3757'. [ 361.253787][T13482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 361.310825][T13482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 361.386637][T13543] team_slave_0: entered allmulticast mode [ 361.445187][T13482] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 361.467836][T13482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 361.517904][T13482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 361.664182][T13482] hsr_slave_0: entered promiscuous mode [ 361.690984][T13482] hsr_slave_1: entered promiscuous mode [ 361.713010][T13482] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 361.744131][T13482] Cannot create hsr debugfs directory [ 361.797791][ T54] Bluetooth: hci1: command tx timeout [ 362.002744][ T4440] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.063058][T13565] netlink: 252 bytes leftover after parsing attributes in process `syz.5.3760'. [ 362.081529][T13565] [U] [ 362.084287][T13565] [U] [ 362.087017][T13565] [U] [ 362.089743][T13565] [U] [ 362.104083][T13565] [U] [ 362.106838][T13565] [U] [ 362.109570][T13565] [U] [ 362.112300][T13565] [U] [ 362.137952][ T5145] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 362.153826][ T5145] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 362.162014][ T5145] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 362.164463][T13565] [U] [ 362.171709][T13565] [U] [ 362.172728][ T5145] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 362.174417][T13565] [U] [ 362.183154][ T5145] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 362.184009][T13565] [U] [ 362.191649][ T5145] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 362.293413][T13565] [U] [ 362.296176][T13565] [U] [ 362.298899][T13565] [U] [ 362.301623][T13565] [U] [ 362.306632][ T4440] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.366955][T13565] [U] [ 362.369718][T13565] [U] [ 362.372445][T13565] [U] [ 362.375160][T13565] [U] [ 362.392659][T13565] [U] [ 362.395416][T13565] [U] [ 362.398133][T13565] [U] [ 362.400854][T13565] [U] [ 362.412986][T13565] [U] [ 362.415730][T13565] [U] [ 362.418456][T13565] [U] [ 362.421172][T13565] [U] [ 362.449563][T13565] [U] [ 362.452322][T13565] [U] [ 362.455046][T13565] [U] [ 362.457768][T13565] [U] [ 362.462291][T13565] [U] [ 362.465032][T13565] [U] [ 362.467751][T13565] [U] [ 362.470469][T13565] [U] [ 362.510234][T13565] [U] [ 362.512991][T13565] [U] [ 362.515717][T13565] [U] [ 362.518442][T13565] [U] [ 362.520277][ T4440] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.541943][T13565] [U] [ 362.544695][T13565] [U] [ 362.547405][T13565] [U] [ 362.550118][T13565] [U] [ 362.573045][T13565] [U] [ 362.575804][T13565] [U] [ 362.578532][T13565] [U] [ 362.581250][T13565] [U] [ 362.604618][T13565] [U] [ 362.607372][T13565] [U] [ 362.610093][T13565] [U] [ 362.612807][T13565] [U] [ 362.626615][T13565] [U] [ 362.629370][T13565] [U] [ 362.632094][T13565] [U] [ 362.634812][T13565] [U] [ 362.644703][T13565] [U] [ 362.647440][T13565] [U] [ 362.650161][T13565] [U] [ 362.652877][T13565] [U] [ 362.657410][T13565] [U] [ 362.660153][T13565] [U] [ 362.662873][T13565] [U] [ 362.665587][T13565] [U] [ 362.671317][T13565] [U] [ 362.674051][T13565] [U] [ 362.676177][ T4440] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.676742][T13565] [U] [ 362.689665][T13565] [U] [ 362.695407][T13565] [U] [ 362.698161][T13565] [U] [ 362.700878][T13565] [U] [ 362.703602][T13565] [U] [ 362.707481][T13565] [U] [ 362.710212][T13565] [U] [ 362.712928][T13565] [U] [ 362.715645][T13565] [U] [ 362.719753][T13565] [U] [ 362.722495][T13565] [U] [ 362.725221][T13565] [U] [ 362.727946][T13565] [U] [ 362.751326][T13565] [U] [ 362.754096][T13565] [U] [ 362.756817][T13565] [U] [ 362.759534][T13565] [U] [ 362.860060][T13565] [U] [ 363.192045][T13582] random: crng reseeded on system resumption [ 363.571865][ T4440] bridge_slave_1: left allmulticast mode [ 363.587112][ T4440] bridge_slave_1: left promiscuous mode [ 363.618785][ T4440] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.648849][ T4440] bridge_slave_0: left allmulticast mode [ 363.654545][ T4440] bridge_slave_0: left promiscuous mode [ 363.664775][ T4440] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.877123][ T5145] Bluetooth: hci1: command tx timeout [ 364.293288][ T5145] Bluetooth: hci0: command tx timeout [ 364.499050][ T4440] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 364.526479][ T4440] bond0 (unregistering): Released all slaves [ 364.624878][T13570] chnl_net:caif_netlink_parms(): no params data found [ 364.965200][T13482] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 365.167138][T13482] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 365.183033][T13482] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 365.297611][T13482] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 365.666052][ T4440] hsr_slave_0: left promiscuous mode [ 365.676259][ T4440] hsr_slave_1: left promiscuous mode [ 365.705888][ T4440] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 365.713337][ T4440] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 365.738021][ T4440] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 365.745476][ T4440] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 365.800541][ T4440] veth1_macvtap: left promiscuous mode [ 365.815965][ T4440] veth0_macvtap: left promiscuous mode [ 365.822896][ T4440] veth1_vlan: left promiscuous mode [ 365.835841][ T4440] veth0_vlan: left promiscuous mode [ 366.197855][ T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 366.225848][ T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 366.236015][ T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 366.260342][ T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 366.268160][ T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 366.288517][ T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 366.365553][ T5145] Bluetooth: hci0: command tx timeout [ 366.371762][T13627] FAULT_INJECTION: forcing a failure. [ 366.371762][T13627] name failslab, interval 1, probability 0, space 0, times 0 [ 366.413887][T13627] CPU: 0 UID: 0 PID: 13627 Comm: syz.5.3772 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 366.413923][T13627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 366.413938][T13627] Call Trace: [ 366.413947][T13627] [ 366.413957][T13627] dump_stack_lvl+0x16c/0x1f0 [ 366.414001][T13627] should_fail_ex+0x50a/0x650 [ 366.414030][T13627] ? fs_reclaim_acquire+0xae/0x150 [ 366.414080][T13627] should_failslab+0xc2/0x120 [ 366.414111][T13627] kmem_cache_alloc_lru_noprof+0x73/0x3b0 [ 366.414142][T13627] ? __d_alloc+0x35/0x8c0 [ 366.414174][T13627] __d_alloc+0x35/0x8c0 [ 366.414205][T13627] d_alloc_pseudo+0x1c/0xc0 [ 366.414238][T13627] alloc_file_pseudo+0xc6/0x1e0 [ 366.414271][T13627] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 366.414304][T13627] ? lock_acquire+0x2f/0xb0 [ 366.414337][T13627] __anon_inode_getfile+0xf8/0x370 [ 366.414367][T13627] anon_inode_getfile_fmode+0x37/0xa0 [ 366.414393][T13627] __do_sys_fanotify_init+0x8b8/0xb50 [ 366.414429][T13627] do_syscall_64+0xcd/0x250 [ 366.414454][T13627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.414486][T13627] RIP: 0033:0x7f15c478cda9 [ 366.414506][T13627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.414529][T13627] RSP: 002b:00007f15c553c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 366.414552][T13627] RAX: ffffffffffffffda RBX: 00007f15c49a5fa0 RCX: 00007f15c478cda9 [ 366.414569][T13627] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000065 [ 366.414583][T13627] RBP: 00007f15c480e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 366.414598][T13627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 366.414611][T13627] R13: 0000000000000000 R14: 00007f15c49a5fa0 R15: 00007ffe190b86f8 [ 366.414641][T13627] [ 366.604731][ C0] vkms_vblank_simulate: vblank timer overrun [ 367.269160][ T4440] team0 (unregistering): Port device team_slave_1 removed [ 367.396901][ T4440] team0 (unregistering): Port device team_slave_0 removed [ 368.355612][ T5145] Bluetooth: hci2: command tx timeout [ 368.376211][T13570] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.383530][T13570] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.399780][T13570] bridge_slave_0: entered allmulticast mode [ 368.409111][T13570] bridge_slave_0: entered promiscuous mode [ 368.434609][ T5145] Bluetooth: hci0: command tx timeout [ 368.447252][T13570] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.464508][T13570] bridge0: port 2(bridge_slave_1) entered disabled state [ 368.471855][T13570] bridge_slave_1: entered allmulticast mode [ 368.480217][T13570] bridge_slave_1: entered promiscuous mode [ 368.540007][T13570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 368.555104][T13570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 368.685466][T13570] team0: Port device team_slave_0 added [ 368.711247][T13570] team0: Port device team_slave_1 added [ 368.961310][T13570] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 368.975046][T13570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 369.040570][T13570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 369.221359][T13570] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 369.241610][T13570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 369.313352][T13570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 369.408371][T13482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 369.502042][T13570] hsr_slave_0: entered promiscuous mode [ 369.515892][T13570] hsr_slave_1: entered promiscuous mode [ 369.582429][T13482] 8021q: adding VLAN 0 to HW filter on device team0 [ 369.805032][ T4440] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.936081][T13629] chnl_net:caif_netlink_parms(): no params data found [ 370.007055][ T4440] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.042851][T12197] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.050034][T12197] bridge0: port 1(bridge_slave_0) entered forwarding state [ 370.125817][ T4440] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.339006][ T4440] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.377221][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.384419][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 370.443463][ T5145] Bluetooth: hci2: command tx timeout [ 370.515947][ T5145] Bluetooth: hci0: command tx timeout [ 370.729681][T13629] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.751328][T13629] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.768872][T13629] bridge_slave_0: entered allmulticast mode [ 370.780863][T13629] bridge_slave_0: entered promiscuous mode [ 370.840441][T13629] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.868691][T13629] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.886713][T13629] bridge_slave_1: entered allmulticast mode [ 370.909247][T13629] bridge_slave_1: entered promiscuous mode [ 371.009567][T13629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 371.023993][ T4440] bridge_slave_1: left allmulticast mode [ 371.029665][ T4440] bridge_slave_1: left promiscuous mode [ 371.051731][ T4440] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.075215][ T4440] bridge_slave_0: left allmulticast mode [ 371.080914][ T4440] bridge_slave_0: left promiscuous mode [ 371.087012][ T4440] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.604739][ T4440] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 371.618951][ T4440] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 371.629765][ T4440] bond0 (unregistering): Released all slaves [ 371.644765][T13629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 371.673970][T13482] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 371.765414][T13629] team0: Port device team_slave_0 added [ 371.842041][T13629] team0: Port device team_slave_1 added [ 371.878347][T13629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 371.908421][T13629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 371.941622][T13629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 371.956849][T13629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 371.972689][T13629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 372.012385][T13629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 372.150498][ T4440] hsr_slave_0: left promiscuous mode [ 372.158690][ T4440] hsr_slave_1: left promiscuous mode [ 372.165982][ T4440] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 372.173818][ T4440] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 372.181954][ T4440] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 372.190776][ T4440] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 372.209257][ T4440] veth1_macvtap: left promiscuous mode [ 372.215208][ T4440] veth0_macvtap: left promiscuous mode [ 372.220790][ T4440] veth1_vlan: left promiscuous mode [ 372.226481][ T4440] veth0_vlan: left promiscuous mode [ 372.516692][ T5145] Bluetooth: hci2: command tx timeout [ 372.655964][ T4440] team0 (unregistering): Port device team_slave_1 removed [ 372.707824][ T4440] team0 (unregistering): Port device team_slave_0 removed [ 373.166576][T13629] hsr_slave_0: entered promiscuous mode [ 373.175351][T13629] hsr_slave_1: entered promiscuous mode [ 373.181536][T13629] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 373.189996][T13629] Cannot create hsr debugfs directory [ 373.370989][T13570] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 373.394903][T13570] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 373.446877][T13482] veth0_vlan: entered promiscuous mode [ 373.482560][T13570] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 373.512226][T13482] veth1_vlan: entered promiscuous mode [ 373.585751][T13570] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 373.625579][T13482] veth0_macvtap: entered promiscuous mode [ 373.673942][T13482] veth1_macvtap: entered promiscuous mode [ 373.853157][T13482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 373.892303][T13482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.912004][T13482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 373.931628][T13482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.943769][T13482] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 374.054668][T13482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 374.078042][T13482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.093532][T13482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 374.104420][T13482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 374.132910][T13482] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 374.168968][T13629] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 374.202900][T13629] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 374.232076][T13753] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3782'. [ 374.305469][T13482] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.561282][T13482] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.570578][T13482] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.591958][ T5145] Bluetooth: hci2: command tx timeout [ 374.601238][T13482] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.635933][T13629] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 374.657261][T13629] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 374.917585][T12197] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 374.948976][T12197] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 374.997567][T13570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 375.042774][T13570] 8021q: adding VLAN 0 to HW filter on device team0 [ 375.141443][ T4440] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 375.147977][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 375.149666][ T4440] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 375.156368][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 375.207726][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 375.214918][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 375.297976][T13570] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 375.324369][T13570] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 375.369324][T13629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 375.438589][T13629] 8021q: adding VLAN 0 to HW filter on device team0 [ 375.498105][T12197] bridge0: port 1(bridge_slave_0) entered blocking state [ 375.505285][T12197] bridge0: port 1(bridge_slave_0) entered forwarding state [ 375.562792][T12197] bridge0: port 2(bridge_slave_1) entered blocking state [ 375.569948][T12197] bridge0: port 2(bridge_slave_1) entered forwarding state [ 375.848432][T13570] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 375.957745][T13788] Process accounting resumed [ 375.985645][T13570] veth0_vlan: entered promiscuous mode [ 376.026966][T13570] veth1_vlan: entered promiscuous mode [ 376.093102][T13570] veth0_macvtap: entered promiscuous mode [ 376.136206][T13570] veth1_macvtap: entered promiscuous mode [ 376.221812][T13570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.260495][T13570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.290420][T13570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.311066][T13570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.323221][T13570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.351486][T13570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.381509][T13570] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 376.403746][T13629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 376.438660][T13570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.496200][T13570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.528094][T13570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.570286][T13570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.583309][T13570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.626022][T13570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.648886][T13570] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 376.666240][T13570] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.720189][T13570] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.728938][T13570] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.786532][T13570] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.934680][T13805] erspan0: entered allmulticast mode [ 377.092161][T13828] Invalid ELF header magic: != ELF [ 378.011123][T12195] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 378.032379][T12195] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 378.264418][T12197] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 378.293398][T12197] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 378.411860][T13629] veth0_vlan: entered promiscuous mode [ 378.465078][T13629] veth1_vlan: entered promiscuous mode [ 378.561044][T13629] veth0_macvtap: entered promiscuous mode [ 378.587711][T13629] veth1_macvtap: entered promiscuous mode [ 378.635396][T13629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.659632][T13629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.679754][T13629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.712554][T13629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.735914][T13629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.769965][T13629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.798671][T13629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 378.821347][T13629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.843992][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.850587][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.850897][T13629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 378.923631][T13629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 378.955033][T13629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.979078][T13629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 379.009610][T13629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 379.030846][T13629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 379.059013][T13629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 379.079738][T13629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 379.098975][T13629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 379.120869][T13629] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 379.163872][T13629] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.189078][T13629] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.197827][T13629] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.211334][T13629] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.449530][T13876] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3792'. [ 379.691528][T12196] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 379.715879][T12196] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 380.145716][T12197] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 380.175048][T12197] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 syzkaller syzkaller login: [ 381.104089][T13936] FAULT_INJECTION: forcing a failure. [ 381.104089][T13936] name failslab, interval 1, probability 0, space 0, times 0 [ 381.151026][T13936] CPU: 0 UID: 0 PID: 13936 Comm: syz.4.3804 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 381.151063][T13936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 381.151078][T13936] Call Trace: [ 381.151085][T13936] [ 381.151096][T13936] dump_stack_lvl+0x16c/0x1f0 [ 381.151137][T13936] should_fail_ex+0x50a/0x650 [ 381.151168][T13936] ? fs_reclaim_acquire+0xae/0x150 [ 381.151208][T13936] ? apply_subsystem_event_filter+0x3cc/0x1410 [ 381.151233][T13936] should_failslab+0xc2/0x120 [ 381.151262][T13936] __kmalloc_cache_noprof+0x68/0x420 [ 381.151296][T13936] apply_subsystem_event_filter+0x3cc/0x1410 [ 381.151332][T13936] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 381.151358][T13936] ? __might_fault+0xe3/0x190 [ 381.151395][T13936] ? __might_fault+0xe3/0x190 [ 381.151433][T13936] ? _copy_from_user+0x59/0xd0 [ 381.151471][T13936] subsystem_filter_write+0x95/0x120 [ 381.151501][T13936] ? __pfx_subsystem_filter_write+0x10/0x10 [ 381.151526][T13936] vfs_write+0x24c/0x1150 [ 381.151553][T13936] ? __fget_files+0x1fc/0x3a0 [ 381.151579][T13936] ? __pfx___mutex_lock+0x10/0x10 [ 381.151614][T13936] ? __pfx_vfs_write+0x10/0x10 [ 381.151648][T13936] ? __fget_files+0x206/0x3a0 [ 381.151685][T13936] ksys_write+0x12b/0x250 [ 381.151709][T13936] ? __pfx_ksys_write+0x10/0x10 [ 381.151745][T13936] do_syscall_64+0xcd/0x250 [ 381.151771][T13936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.151802][T13936] RIP: 0033:0x7f3cd598cda9 [ 381.151821][T13936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 381.151845][T13936] RSP: 002b:00007f3cd68c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 381.151868][T13936] RAX: ffffffffffffffda RBX: 00007f3cd5ba5fa0 RCX: 00007f3cd598cda9 [ 381.151884][T13936] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 381.151898][T13936] RBP: 00007f3cd5a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 381.151912][T13936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 381.151926][T13936] R13: 0000000000000000 R14: 00007f3cd5ba5fa0 R15: 00007ffea4352dc8 [ 381.151960][T13936] [ 381.414139][T13934] HfR: entered promiscuous mode [ 382.059235][T13986] FAULT_INJECTION: forcing a failure. [ 382.059235][T13986] name failslab, interval 1, probability 0, space 0, times 0 [ 382.085486][T13986] CPU: 1 UID: 0 PID: 13986 Comm: syz.4.3810 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 382.085519][T13986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 382.085533][T13986] Call Trace: [ 382.085540][T13986] [ 382.085548][T13986] dump_stack_lvl+0x16c/0x1f0 [ 382.085587][T13986] should_fail_ex+0x50a/0x650 [ 382.085614][T13986] ? fs_reclaim_acquire+0xae/0x150 [ 382.085651][T13986] should_failslab+0xc2/0x120 [ 382.085679][T13986] __kmalloc_noprof+0xce/0x4f0 [ 382.085706][T13986] ? fib_default_rule_add+0x4f/0x420 [ 382.085742][T13986] fib_default_rule_add+0x4f/0x420 [ 382.085777][T13986] fib4_rules_init+0xa6/0x1c0 [ 382.085811][T13986] fib_net_init+0x1de/0x3d0 [ 382.085837][T13986] ? __pfx_fib_net_init+0x10/0x10 [ 382.085866][T13986] ? do_init_timer+0xc9/0x110 [ 382.085891][T13986] ? devinet_init_net+0x5b3/0x8f0 [ 382.085922][T13986] ? __pfx_fib_net_init+0x10/0x10 [ 382.085946][T13986] ops_init+0x1df/0x5f0 [ 382.085975][T13986] setup_net+0x21f/0x860 [ 382.086002][T13986] ? __pfx_setup_net+0x10/0x10 [ 382.086024][T13986] ? down_read_killable+0xcc/0x380 [ 382.086062][T13986] ? __pfx_down_read_killable+0x10/0x10 [ 382.086088][T13986] ? debug_mutex_init+0x37/0x70 [ 382.086126][T13986] copy_net_ns+0x2b4/0x6c0 [ 382.086156][T13986] create_new_namespaces+0x3ea/0xad0 [ 382.086195][T13986] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 382.086228][T13986] ksys_unshare+0x45d/0xa40 [ 382.086262][T13986] ? __pfx_ksys_unshare+0x10/0x10 [ 382.086292][T13986] ? xfd_validate_state+0x5d/0x180 [ 382.086332][T13986] __x64_sys_unshare+0x31/0x40 [ 382.086364][T13986] do_syscall_64+0xcd/0x250 [ 382.086388][T13986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.086418][T13986] RIP: 0033:0x7f3cd598cda9 [ 382.086436][T13986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.086457][T13986] RSP: 002b:00007f3cd68c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 382.086479][T13986] RAX: ffffffffffffffda RBX: 00007f3cd5ba5fa0 RCX: 00007f3cd598cda9 [ 382.086493][T13986] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 382.086506][T13986] RBP: 00007f3cd5a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 382.086519][T13986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 382.086532][T13986] R13: 0000000000000000 R14: 00007f3cd5ba5fa0 R15: 00007ffea4352dc8 [ 382.086563][T13986] [ 382.580581][T13992] can: request_module (can-proto-4) failed. [ 383.741500][T14030] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 383.755859][T14030] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 383.774480][T14030] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 383.815814][T14030] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 383.954603][T14030] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 383.978133][T14030] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 384.024301][T14030] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 384.070668][T14030] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 384.100988][T14030] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 384.212366][T14030] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 384.733568][T14076] input: ices/platform/vhci_hcd.7/usb24/24-0:1.0/usb24-port8/power/runtime_suspended_time as /devices/virtual/input/input8 [ 385.070195][T14095] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3824'. [ 385.146162][ T5145] Bluetooth: hci3: command 0x0c1a tx timeout [ 385.791302][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 386.046574][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 386.116619][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 387.865558][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 388.104688][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 388.184488][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 389.099162][T14217] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3840'. [ 389.305002][T14220] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3840'. [ 389.953659][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 390.183549][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 390.265359][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 392.286165][T14266] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3851'. [ 394.057421][T14313] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3858'. [ 394.406785][ T29] audit: type=1326 audit(6033615336.424:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14319 comm="syz.5.3860" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f15c478cda9 code=0x0 [ 395.678300][ T29] audit: type=1800 audit(6033615337.694:8): pid=14341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3865" name="dbroot" dev="configfs" ino=51334 res=0 errno=0 [ 397.965331][T14405] bridge0: port 3(netdevsim2) entered blocking state [ 397.987739][T14405] bridge0: port 3(netdevsim2) entered disabled state [ 398.008150][T14405] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 398.050515][T14405] netdevsim netdevsim1 netdevsim2: entered promiscuous mode [ 398.058738][T14405] bridge0: port 3(netdevsim2) entered blocking state [ 398.065926][T14405] bridge0: port 3(netdevsim2) entered forwarding state [ 398.623713][ T5145] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 399.680994][T14454] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3886'. [ 399.706277][T14454] mac80211_hwsim hwsim31 wlan1: entered promiscuous mode [ 400.268751][T14466] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3888'. [ 400.296253][T14466] : renamed from bond0 (while UP) [ 400.786781][T14500] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3892'. [ 401.187762][T14518] ======================================================= [ 401.187762][T14518] WARNING: The mand mount option has been deprecated and [ 401.187762][T14518] and is ignored by this kernel. Remove the mand [ 401.187762][T14518] option from the mount to silence this warning. [ 401.187762][T14518] ======================================================= [ 401.332238][T14520] kAFS: Invalid Command on /proc/fs/afs/cells file [ 401.401394][T14527] Process accounting resumed [ 401.571488][ T5145] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 401.690617][T14525] Process accounting resumed [ 402.301090][T14562] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3901'. [ 402.619460][ T5145] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 403.052116][T14562]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 403.095612][T14562]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 403.121606][T14562]  (unregistering): Released all slaves [ 403.543374][T14594] svc: failed to register nfsdv3 RPC service (errno 111). [ 403.559996][T14594] svc: failed to register nfsaclv3 RPC service (errno 111). [ 403.797273][T14590] FAULT_INJECTION: forcing a failure. [ 403.797273][T14590] name fail_futex, interval 1, probability 0, space 0, times 0 [ 403.811593][T14590] CPU: 0 UID: 0 PID: 14590 Comm: syz.4.3904 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 403.811627][T14590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 403.811641][T14590] Call Trace: [ 403.811647][T14590] [ 403.811657][T14590] dump_stack_lvl+0x16c/0x1f0 [ 403.811698][T14590] should_fail_ex+0x50a/0x650 [ 403.811732][T14590] get_futex_key+0x4a3/0x1000 [ 403.811768][T14590] ? __pfx_try_to_wake_up+0x10/0x10 [ 403.811791][T14590] ? __pfx_get_futex_key+0x10/0x10 [ 403.811817][T14590] ? plist_check_head+0xa3/0x150 [ 403.811848][T14590] futex_wake+0xe8/0x4e0 [ 403.811872][T14590] ? __pfx_futex_wake+0x10/0x10 [ 403.811904][T14590] do_futex+0x1e5/0x350 [ 403.811923][T14590] ? __pfx_do_futex+0x10/0x10 [ 403.811942][T14590] ? __sock_release+0x20b/0x270 [ 403.811962][T14590] ? map_id_up+0x290/0x370 [ 403.811990][T14590] __x64_sys_futex+0x1e1/0x4c0 [ 403.812011][T14590] ? native_tss_update_io_bitmap+0x2ec/0x610 [ 403.812039][T14590] ? __pfx___x64_sys_futex+0x10/0x10 [ 403.812059][T14590] ? from_kuid_munged+0xa6/0x130 [ 403.812084][T14590] ? __pfx_from_kuid_munged+0x10/0x10 [ 403.812115][T14590] do_syscall_64+0xcd/0x250 [ 403.812134][T14590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.812158][T14590] RIP: 0033:0x7f3cd598cda9 [ 403.812174][T14590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.812192][T14590] RSP: 002b:00007f3cd68c80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 403.812209][T14590] RAX: ffffffffffffffda RBX: 00007f3cd5ba5fa8 RCX: 00007f3cd598cda9 [ 403.812222][T14590] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3cd5ba5fac [ 403.812233][T14590] RBP: 00007f3cd5ba5fa0 R08: 00007f3cd68c9000 R09: 0000000000000000 [ 403.812245][T14590] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3cd5ba5fac [ 403.812256][T14590] R13: 0000000000000000 R14: 00007ffea4352ce0 R15: 00007ffea4352dc8 [ 403.812280][T14590] [ 405.435681][T14622] FAULT_INJECTION: forcing a failure. [ 405.435681][T14622] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 405.465206][T14622] CPU: 1 UID: 0 PID: 14622 Comm: syz.6.3908 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 405.465238][T14622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 405.465252][T14622] Call Trace: [ 405.465259][T14622] [ 405.465269][T14622] dump_stack_lvl+0x16c/0x1f0 [ 405.465312][T14622] should_fail_ex+0x50a/0x650 [ 405.465351][T14622] ? __pfx___might_resched+0x10/0x10 [ 405.465388][T14622] should_fail_alloc_page+0xe7/0x130 [ 405.465418][T14622] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 405.465459][T14622] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 405.465489][T14622] ? hlock_class+0x4e/0x130 [ 405.465523][T14622] ? mark_lock+0xb5/0xc60 [ 405.465554][T14622] ? __pfx_mark_lock+0x10/0x10 [ 405.465583][T14622] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 405.465613][T14622] ? hlock_class+0x4e/0x130 [ 405.465646][T14622] ? mark_lock+0xb5/0xc60 [ 405.465673][T14622] ? hlock_class+0x4e/0x130 [ 405.465714][T14622] ? hlock_class+0x4e/0x130 [ 405.465748][T14622] ? __lock_acquire+0xcc5/0x3c40 [ 405.465775][T14622] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 405.465806][T14622] ? policy_nodemask+0xea/0x4e0 [ 405.465836][T14622] alloc_pages_mpol+0x1fc/0x540 [ 405.465863][T14622] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 405.465891][T14622] ? __lock_acquire+0x15a9/0x3c40 [ 405.465925][T14622] folio_alloc_mpol_noprof+0x36/0x2f0 [ 405.465959][T14622] vma_alloc_folio_noprof+0xee/0x1b0 [ 405.465989][T14622] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 405.466022][T14622] ? find_held_lock+0x2d/0x110 [ 405.466062][T14622] do_pte_missing+0x202f/0x3e10 [ 405.466101][T14622] __handle_mm_fault+0x1166/0x2c60 [ 405.466137][T14622] ? __pfx___handle_mm_fault+0x10/0x10 [ 405.466160][T14622] ? follow_page_pte+0x3ac/0x1490 [ 405.466183][T14622] ? __pfx_lock_release+0x10/0x10 [ 405.466232][T14622] handle_mm_fault+0x3fa/0xaa0 [ 405.466266][T14622] __get_user_pages+0x773/0x36f0 [ 405.466299][T14622] ? __pfx_mt_find+0x10/0x10 [ 405.466343][T14622] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 405.466374][T14622] ? __pfx___get_user_pages+0x10/0x10 [ 405.466405][T14622] ? __mm_populate+0x21d/0x380 [ 405.466439][T14622] populate_vma_page_range+0x27f/0x3a0 [ 405.466468][T14622] ? __pfx_populate_vma_page_range+0x10/0x10 [ 405.466493][T14622] ? __pfx_find_vma_intersection+0x10/0x10 [ 405.466527][T14622] ? vm_mmap_pgoff+0x29b/0x3a0 [ 405.466556][T14622] __mm_populate+0x1d6/0x380 [ 405.466583][T14622] ? __pfx___mm_populate+0x10/0x10 [ 405.466613][T14622] ? up_write+0x1b2/0x520 [ 405.466645][T14622] vm_mmap_pgoff+0x2d3/0x3a0 [ 405.466672][T14622] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 405.466702][T14622] ? __x64_sys_futex+0x1e1/0x4c0 [ 405.466724][T14622] ? __x64_sys_futex+0x1ea/0x4c0 [ 405.466754][T14622] ksys_mmap_pgoff+0x7d/0x5c0 [ 405.466776][T14622] ? rcu_is_watching+0x12/0xc0 [ 405.466814][T14622] __x64_sys_mmap+0x125/0x190 [ 405.466850][T14622] do_syscall_64+0xcd/0x250 [ 405.466875][T14622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.466907][T14622] RIP: 0033:0x7f9876d8cda9 [ 405.466928][T14622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 405.466951][T14622] RSP: 002b:00007f9877b69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 405.466974][T14622] RAX: ffffffffffffffda RBX: 00007f9876fa5fa0 RCX: 00007f9876d8cda9 [ 405.466991][T14622] RDX: fffffffffffffffe RSI: 0000000000400005 RDI: 0000000000000000 [ 405.467006][T14622] RBP: 00007f9876e0e2a0 R08: 0000000000000002 R09: 0000000000008000 [ 405.467020][T14622] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 405.467034][T14622] R13: 0000000000000000 R14: 00007f9876fa5fa0 R15: 00007ffea7735388 [ 405.467066][T14622] [ 406.220766][T14670] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3915'. [ 408.959356][T14743] blktrace: Concurrent blktraces are not allowed on loop6 [ 409.664507][T14759] FAULT_INJECTION: forcing a failure. [ 409.664507][T14759] name failslab, interval 1, probability 0, space 0, times 0 [ 409.712920][T14759] CPU: 0 UID: 0 PID: 14759 Comm: syz.5.3932 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 409.712957][T14759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 409.712971][T14759] Call Trace: [ 409.712978][T14759] [ 409.712988][T14759] dump_stack_lvl+0x16c/0x1f0 [ 409.713029][T14759] should_fail_ex+0x50a/0x650 [ 409.713057][T14759] ? fs_reclaim_acquire+0xae/0x150 [ 409.713096][T14759] ? rand_initialize_disk+0x3f/0xc0 [ 409.713122][T14759] should_failslab+0xc2/0x120 [ 409.713153][T14759] __kmalloc_cache_noprof+0x68/0x420 [ 409.713180][T14759] ? lockdep_init_map_type+0x16d/0x7d0 [ 409.713217][T14759] rand_initialize_disk+0x3f/0xc0 [ 409.713245][T14759] __alloc_disk_node+0x2c1/0x610 [ 409.713273][T14759] __blk_alloc_disk+0xd8/0x170 [ 409.713298][T14759] ? __pfx___blk_alloc_disk+0x10/0x10 [ 409.713346][T14759] ? __pfx_idr_alloc+0x10/0x10 [ 409.713381][T14759] ? __raw_spin_lock_init+0x3a/0x110 [ 409.713417][T14759] ? __pfx_hot_add_show+0x10/0x10 [ 409.713448][T14759] zram_add+0x160/0x6b0 [ 409.713479][T14759] ? __pfx_zram_add+0x10/0x10 [ 409.713532][T14759] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 409.713562][T14759] ? rcu_is_watching+0x12/0xc0 [ 409.713604][T14759] ? __pfx_hot_add_show+0x10/0x10 [ 409.713634][T14759] hot_add_show+0x21/0x80 [ 409.713662][T14759] class_attr_show+0x6f/0xa0 [ 409.713690][T14759] ? __pfx_class_attr_show+0x10/0x10 [ 409.713718][T14759] sysfs_kf_seq_show+0x223/0x3e0 [ 409.713756][T14759] seq_read_iter+0x4f4/0x12b0 [ 409.713805][T14759] kernfs_fop_read_iter+0x414/0x580 [ 409.713831][T14759] ? rw_verify_area+0xcf/0x680 [ 409.713878][T14759] vfs_read+0x886/0xbf0 [ 409.713910][T14759] ? __pfx_vfs_read+0x10/0x10 [ 409.713961][T14759] ksys_read+0x12b/0x250 [ 409.713983][T14759] ? __pfx_ksys_read+0x10/0x10 [ 409.714019][T14759] do_syscall_64+0xcd/0x250 [ 409.714045][T14759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.714076][T14759] RIP: 0033:0x7f15c478cda9 [ 409.714095][T14759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.714117][T14759] RSP: 002b:00007f15c551b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 409.714140][T14759] RAX: ffffffffffffffda RBX: 00007f15c49a6080 RCX: 00007f15c478cda9 [ 409.714156][T14759] RDX: 0000000000001000 RSI: 0000000020000ec0 RDI: 000000000000000a [ 409.714170][T14759] RBP: 00007f15c480e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 409.714185][T14759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 409.714199][T14759] R13: 0000000000000000 R14: 00007f15c49a6080 R15: 00007ffe190b86f8 [ 409.714234][T14759] [ 409.984579][T14757] Process accounting resumed [ 410.297857][T14759] zram: Added device: zram1 [ 410.737935][T14788] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3942'. [ 410.780645][T14788] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3942'. [ 411.541232][T14808] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 413.761432][T14863] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 417.460509][T14923] mkiss: ax0: crc mode is auto. [ 419.677007][T14960] sp0: Synchronizing with TNC [ 420.537168][T14956] netlink: 334 bytes leftover after parsing attributes in process `syz.5.3985'. [ 421.588739][T14986] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 421.647601][T14986] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 421.669277][T14986] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 421.727927][T14986] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 422.216830][T15035] bridge0: port 3(gretap0) entered blocking state [ 422.223766][T15035] bridge0: port 3(gretap0) entered disabled state [ 422.233218][T15035] gretap0: entered allmulticast mode [ 422.254696][T15035] gretap0: entered promiscuous mode [ 422.303588][T15035] bridge0: port 3(gretap0) entered blocking state [ 422.313031][T15035] bridge0: port 3(gretap0) entered forwarding state [ 423.354406][ T54] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 423.608432][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 423.615731][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 423.697140][T15067] Bluetooth: hci2: command 0x0c1a tx timeout [ 423.703249][T15067] Bluetooth: hci0: command 0x0c1a tx timeout [ 424.854457][T15073] Process accounting resumed [ 425.403113][T15092] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 425.413981][T15092] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 425.678245][T15099] vivid-003: ================= START STATUS ================= [ 425.712457][T15099] vivid-003: Radio HW Seek Mode: Bounded [ 425.731802][T15099] vivid-003: Radio Programmable HW Seek: false [ 425.753538][T15099] vivid-003: RDS Rx I/O Mode: Block I/O [ 425.783171][T15099] vivid-003: Generate RBDS Instead of RDS: false [ 425.815094][T15099] vivid-003: RDS Reception: true [ 425.839484][T15099] vivid-003: RDS Program Type: 0 inactive [ 425.904398][T15099] vivid-003: RDS PS Name: inactive [ 425.944733][T15099] vivid-003: RDS Radio Text: inactive [ 426.018026][T15099] vivid-003: RDS Traffic Announcement: false inactive [ 426.024971][T15099] vivid-003: RDS Traffic Program: false inactive [ 426.032386][T15099] vivid-003: RDS Music: false inactive [ 426.038345][T15099] vivid-003: ================== END STATUS ================== [ 426.594687][T15113] sp0: Synchronizing with TNC [ 427.250021][T15124] FAULT_INJECTION: forcing a failure. [ 427.250021][T15124] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 427.276712][T15124] CPU: 1 UID: 0 PID: 15124 Comm: syz.4.4007 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 427.276745][T15124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 427.276757][T15124] Call Trace: [ 427.276764][T15124] [ 427.276773][T15124] dump_stack_lvl+0x16c/0x1f0 [ 427.276811][T15124] should_fail_ex+0x50a/0x650 [ 427.276843][T15124] _copy_to_iter+0x4a5/0x1400 [ 427.276881][T15124] ? __pfx__copy_to_iter+0x10/0x10 [ 427.276909][T15124] ? __virt_addr_valid+0x1a4/0x590 [ 427.276936][T15124] ? __virt_addr_valid+0x5e/0x590 [ 427.276963][T15124] ? __phys_addr_symbol+0x30/0x80 [ 427.276995][T15124] ? __check_object_size+0x488/0x710 [ 427.277029][T15124] seq_read_iter+0xd00/0x12b0 [ 427.277078][T15124] seq_read+0x39f/0x4e0 [ 427.277110][T15124] ? __pfx_seq_read+0x10/0x10 [ 427.277165][T15124] ? __pfx_seq_read+0x10/0x10 [ 427.277197][T15124] proc_reg_read+0x23d/0x330 [ 427.277220][T15124] ? __pfx_proc_reg_read+0x10/0x10 [ 427.277246][T15124] vfs_read+0x1df/0xbf0 [ 427.277269][T15124] ? __fget_files+0x1fc/0x3a0 [ 427.277293][T15124] ? __pfx___mutex_lock+0x10/0x10 [ 427.277326][T15124] ? __pfx_vfs_read+0x10/0x10 [ 427.277359][T15124] ? __fget_files+0x206/0x3a0 [ 427.277393][T15124] ksys_read+0x12b/0x250 [ 427.277414][T15124] ? __pfx_ksys_read+0x10/0x10 [ 427.277447][T15124] do_syscall_64+0xcd/0x250 [ 427.277471][T15124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.277500][T15124] RIP: 0033:0x7f3cd598cda9 [ 427.277518][T15124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.277539][T15124] RSP: 002b:00007f3cd68c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 427.277561][T15124] RAX: ffffffffffffffda RBX: 00007f3cd5ba5fa0 RCX: 00007f3cd598cda9 [ 427.277576][T15124] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000003 [ 427.277589][T15124] RBP: 00007f3cd68c8090 R08: 0000000000000000 R09: 0000000000000000 [ 427.277603][T15124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 427.277616][T15124] R13: 0000000000000000 R14: 00007f3cd5ba5fa0 R15: 00007ffea4352dc8 [ 427.277648][T15124] [ 427.815293][T15131] [U] [ 427.815344][T15131] [U] [ 427.815387][T15131] [U] [ 427.815430][T15131] [U] [ 427.815621][T15131] [U] [ 427.815663][T15131] [U] [ 427.815705][T15131] [U] [ 427.815741][T15131] [U] [ 427.816314][T15131] [U] [ 427.816358][T15131] [U] [ 427.816400][T15131] [U] [ 427.816444][T15131] [U] [ 427.816626][T15131] [U] [ 427.816665][T15131] [U] [ 427.816707][T15131] [U] [ 427.816747][T15131] [U] [ 427.817020][T15131] [U] [ 427.817062][T15131] [U] [ 427.817105][T15131] [U] [ 427.817146][T15131] [U] [ 427.817330][T15131] [U] [ 427.817367][T15131] [U] [ 427.817409][T15131] [U] [ 427.817450][T15131] [U] [ 427.817713][T15131] [U] [ 427.817757][T15131] [U] [ 427.817799][T15131] [U] [ 427.817840][T15131] [U] [ 427.818028][T15131] [U] [ 427.818070][T15131] [U] [ 427.818112][T15131] [U] [ 427.818153][T15131] [U] [ 427.818415][T15131] [U] [ 427.818458][T15131] [U] [ 427.818499][T15131] [U] [ 427.818540][T15131] [U] [ 427.818721][T15131] [U] [ 427.818761][T15131] [U] [ 427.818802][T15131] [U] [ 427.818844][T15131] [U] [ 427.819119][T15131] [U] [ 427.819160][T15131] [U] [ 427.819200][T15131] [U] [ 427.819241][T15131] [U] [ 427.819432][T15131] [U] [ 427.819474][T15131] [U] [ 427.819515][T15131] [U] [ 427.819557][T15131] [U] [ 427.819819][T15131] [U] [ 427.819864][T15131] [U] [ 427.819913][T15131] [U] [ 427.819954][T15131] [U] [ 427.820178][T15131] [U] [ 427.820221][T15131] [U] [ 427.820261][T15131] [U] [ 427.820302][T15131] [U] [ 427.820576][T15131] [U] [ 427.820618][T15131] [U] [ 427.820660][T15131] [U] [ 427.820701][T15131] [U] [ 427.820865][T15131] [U] [ 427.820909][T15131] [U] [ 427.820948][T15131] [U] [ 427.820988][T15131] [U] [ 427.821248][T15131] [U] [ 427.821285][T15131] [U] [ 427.821324][T15131] [U] [ 427.821363][T15131] [U] [ 427.821532][T15131] [U] [ 427.821567][T15131] [U] [ 427.821602][T15131] [U] [ 427.821634][T15131] [U] [ 427.821882][T15131] [U] [ 427.821933][T15131] [U] [ 427.821975][T15131] [U] [ 427.822011][T15131] [U] [ 427.822514][T15131] [U] [ 427.822559][T15131] [U] [ 427.822598][T15131] [U] [ 427.822639][T15131] [U] [ 427.822933][T15131] [U] [ 427.822976][T15131] [U] [ 427.823014][T15131] [U] [ 427.823055][T15131] [U] [ 427.823232][T15131] [U] [ 427.823272][T15131] [U] [ 427.823311][T15131] [U] [ 427.823350][T15131] [U] [ 427.823611][T15131] [U] [ 427.823653][T15131] [U] [ 427.823693][T15131] [U] [ 427.823731][T15131] [U] [ 427.823912][T15131] [U] [ 427.823954][T15131] [U] [ 427.823996][T15131] [U] [ 427.824038][T15131] [U] [ 427.826453][T15131] [U] [ 427.826497][T15131] [U] [ 427.826539][T15131] [U] [ 427.826580][T15131] [U] [ 427.826753][T15131] [U] [ 427.826789][T15131] [U] [ 427.826824][T15131] [U] [ 427.826864][T15131] [U] [ 427.827160][T15131] [U] [ 427.827201][T15131] [U] [ 427.827240][T15131] [U] [ 427.827280][T15131] [U] [ 427.827472][T15131] [U] [ 427.827515][T15131] [U] [ 427.827554][T15131] [U] [ 427.827595][T15131] [U] [ 427.827869][T15131] [U] [ 427.827918][T15131] [U] [ 427.827956][T15131] [U] [ 427.827996][T15131] [U] [ 427.828177][T15131] [U] [ 427.828216][T15131] [U] [ 427.828254][T15131] [U] [ 427.828295][T15131] [U] [ 427.834266][T15131] [U] [ 429.943569][T15173] FAULT_INJECTION: forcing a failure. [ 429.943569][T15173] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 429.970023][T15173] CPU: 0 UID: 0 PID: 15173 Comm: syz.4.4019 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 429.970055][T15173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 429.970067][T15173] Call Trace: [ 429.970073][T15173] [ 429.970082][T15173] dump_stack_lvl+0x16c/0x1f0 [ 429.970118][T15173] should_fail_ex+0x50a/0x650 [ 429.970151][T15173] _copy_to_user+0x32/0xd0 [ 429.970184][T15173] simple_read_from_buffer+0xd0/0x160 [ 429.970220][T15173] proc_fail_nth_read+0x198/0x270 [ 429.970253][T15173] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 429.970287][T15173] ? rw_verify_area+0xcf/0x680 [ 429.970319][T15173] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 429.970349][T15173] vfs_read+0x1df/0xbf0 [ 429.970371][T15173] ? __fget_files+0x1fc/0x3a0 [ 429.970393][T15173] ? __pfx___mutex_lock+0x10/0x10 [ 429.970424][T15173] ? __pfx_vfs_read+0x10/0x10 [ 429.970452][T15173] ? __fget_files+0x206/0x3a0 [ 429.970482][T15173] ksys_read+0x12b/0x250 [ 429.970503][T15173] ? __pfx_ksys_read+0x10/0x10 [ 429.970535][T15173] do_syscall_64+0xcd/0x250 [ 429.970559][T15173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.970589][T15173] RIP: 0033:0x7f3cd598b7bc [ 429.970606][T15173] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 429.970627][T15173] RSP: 002b:00007f3cd68c8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 429.970648][T15173] RAX: ffffffffffffffda RBX: 00007f3cd5ba5fa0 RCX: 00007f3cd598b7bc [ 429.970675][T15173] RDX: 000000000000000f RSI: 00007f3cd68c80a0 RDI: 0000000000000004 [ 429.970687][T15173] RBP: 00007f3cd68c8090 R08: 0000000000000000 R09: 0000000000000000 [ 429.970699][T15173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 429.970710][T15173] R13: 0000000000000000 R14: 00007f3cd5ba5fa0 R15: 00007ffea4352dc8 [ 429.970738][T15173] [ 430.397719][T15187] vivid-003: ================= START STATUS ================= [ 430.405570][T15187] vivid-003: Radio HW Seek Mode: Bounded [ 430.411260][T15187] vivid-003: Radio Programmable HW Seek: false [ 430.418954][T15187] vivid-003: RDS Rx I/O Mode: Block I/O [ 430.440006][T15181] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4021'. [ 430.465982][T15187] vivid-003: Generate RBDS Instead of RDS: false [ 430.496282][T15187] vivid-003: RDS Reception: true [ 430.553248][T15187] vivid-003: RDS Program Type: 0 inactive [ 430.559057][T15187] vivid-003: RDS PS Name: inactive [ 430.585812][T15187] vivid-003: RDS Radio Text: inactive [ 430.591365][T15187] vivid-003: RDS Traffic Announcement: false inactive [ 430.692164][T15187] vivid-003: RDS Traffic Program: false inactive [ 430.734387][T15187] vivid-003: RDS Music: false inactive [ 430.753326][T15187] vivid-003: ================== END STATUS ================== [ 432.508705][T15230] FAULT_INJECTION: forcing a failure. [ 432.508705][T15230] name failslab, interval 1, probability 0, space 0, times 0 [ 432.521820][T15230] CPU: 1 UID: 0 PID: 15230 Comm: syz.4.4031 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 432.521852][T15230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 432.521868][T15230] Call Trace: [ 432.521875][T15230] [ 432.521885][T15230] dump_stack_lvl+0x16c/0x1f0 [ 432.521927][T15230] should_fail_ex+0x50a/0x650 [ 432.521955][T15230] ? fs_reclaim_acquire+0xae/0x150 [ 432.521995][T15230] should_failslab+0xc2/0x120 [ 432.522025][T15230] __kmalloc_node_track_caller_noprof+0xcf/0x520 [ 432.522057][T15230] ? __request_module+0x2e4/0x6c0 [ 432.522092][T15230] kstrdup+0x42/0xb0 [ 432.522125][T15230] __request_module+0x2e4/0x6c0 [ 432.522152][T15230] ? __sock_create+0x5c3/0x8d0 [ 432.522186][T15230] ? __pfx___request_module+0x10/0x10 [ 432.522217][T15230] ? security_inode_alloc+0x3b/0x2b0 [ 432.522247][T15230] ? inode_init_always_gfp+0xd05/0x1030 [ 432.522281][T15230] __sock_create+0x5c3/0x8d0 [ 432.522314][T15230] __sys_socket+0x14f/0x260 [ 432.522343][T15230] ? __pfx___sys_socket+0x10/0x10 [ 432.522373][T15230] ? rcu_is_watching+0x12/0xc0 [ 432.522411][T15230] __x64_sys_socket+0x72/0xb0 [ 432.522440][T15230] ? lockdep_hardirqs_on+0x7c/0x110 [ 432.522473][T15230] do_syscall_64+0xcd/0x250 [ 432.522497][T15230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.522529][T15230] RIP: 0033:0x7f3cd598cda9 [ 432.522557][T15230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.522581][T15230] RSP: 002b:00007f3cd68a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 432.522603][T15230] RAX: ffffffffffffffda RBX: 00007f3cd5ba6080 RCX: 00007f3cd598cda9 [ 432.522619][T15230] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000002d [ 432.522633][T15230] RBP: 00007f3cd5a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 432.522647][T15230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 432.522660][T15230] R13: 0000000000000000 R14: 00007f3cd5ba6080 R15: 00007ffea4352dc8 [ 432.522691][T15230] [ 432.724643][ C1] vkms_vblank_simulate: vblank timer overrun [ 432.859822][T15067] Bluetooth: hci0: unexpected subevent 0x04 length: 122 > 11 [ 433.975171][T15252] FAULT_INJECTION: forcing a failure. [ 433.975171][T15252] name failslab, interval 1, probability 0, space 0, times 0 [ 434.146550][T15252] CPU: 1 UID: 0 PID: 15252 Comm: syz.6.4035 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 434.146585][T15252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 434.146599][T15252] Call Trace: [ 434.146606][T15252] [ 434.146616][T15252] dump_stack_lvl+0x16c/0x1f0 [ 434.146659][T15252] should_fail_ex+0x50a/0x650 [ 434.146687][T15252] ? fs_reclaim_acquire+0xae/0x150 [ 434.146727][T15252] should_failslab+0xc2/0x120 [ 434.146757][T15252] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 434.146787][T15252] ? alloc_unbound_pwq+0x3ff/0xe10 [ 434.146823][T15252] alloc_unbound_pwq+0x3ff/0xe10 [ 434.146864][T15252] apply_wqattrs_prepare+0x3af/0xbd0 [ 434.146909][T15252] apply_workqueue_attrs_locked+0x64/0xe0 [ 434.146941][T15252] __alloc_workqueue+0xf34/0x1810 [ 434.146981][T15252] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 434.147017][T15252] alloc_workqueue+0xd3/0x200 [ 434.147051][T15252] ? __pfx_alloc_workqueue+0x10/0x10 [ 434.147094][T15252] ? __pfx___debug_object_init+0x10/0x10 [ 434.147145][T15252] nci_register_device+0x397/0xb80 [ 434.147177][T15252] ? __pfx_nci_register_device+0x10/0x10 [ 434.147222][T15252] virtual_ncidev_open+0x141/0x220 [ 434.147255][T15252] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 434.147285][T15252] misc_open+0x35a/0x420 [ 434.147313][T15252] ? __pfx_misc_open+0x10/0x10 [ 434.147340][T15252] chrdev_open+0x237/0x6a0 [ 434.147365][T15252] ? __pfx_apparmor_file_open+0x10/0x10 [ 434.147391][T15252] ? __pfx_chrdev_open+0x10/0x10 [ 434.147420][T15252] ? file_set_fsnotify_mode+0x163/0x5d0 [ 434.147459][T15252] do_dentry_open+0x735/0x1c40 [ 434.147487][T15252] ? __pfx_chrdev_open+0x10/0x10 [ 434.147515][T15252] ? inode_permission+0xdd/0x5f0 [ 434.147549][T15252] vfs_open+0x82/0x3f0 [ 434.147576][T15252] ? may_open+0x1f2/0x400 [ 434.147611][T15252] path_openat+0x1e88/0x2d80 [ 434.147651][T15252] ? __pfx_path_openat+0x10/0x10 [ 434.147676][T15252] ? __pfx___lock_acquire+0x10/0x10 [ 434.147702][T15252] ? lock_acquire.part.0+0x11b/0x380 [ 434.147729][T15252] ? find_held_lock+0x2d/0x110 [ 434.147767][T15252] do_filp_open+0x20c/0x470 [ 434.147793][T15252] ? __pfx_do_filp_open+0x10/0x10 [ 434.147817][T15252] ? find_held_lock+0x2d/0x110 [ 434.147876][T15252] ? alloc_fd+0x41f/0x760 [ 434.147911][T15252] do_sys_openat2+0x17a/0x1e0 [ 434.147941][T15252] ? __pfx_do_sys_openat2+0x10/0x10 [ 434.147974][T15252] ? __pfx___might_resched+0x10/0x10 [ 434.148013][T15252] __x64_sys_openat+0x175/0x210 [ 434.148044][T15252] ? __pfx___x64_sys_openat+0x10/0x10 [ 434.148090][T15252] do_syscall_64+0xcd/0x250 [ 434.148121][T15252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.148154][T15252] RIP: 0033:0x7f9876d8cda9 [ 434.148174][T15252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.148198][T15252] RSP: 002b:00007f9877b48038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 434.148220][T15252] RAX: ffffffffffffffda RBX: 00007f9876fa6080 RCX: 00007f9876d8cda9 [ 434.148236][T15252] RDX: 0000000000000002 RSI: 0000000020000400 RDI: ffffffffffffff9c [ 434.148251][T15252] RBP: 00007f9876e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 434.148265][T15252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 434.148278][T15252] R13: 0000000000000000 R14: 00007f9876fa6080 R15: 00007ffea7735388 [ 434.148312][T15252] [ 434.487897][ C1] vkms_vblank_simulate: vblank timer overrun [ 435.141385][T15277] kAFS: No cell specified [ 435.364368][T15284] vivid-003: ================= START STATUS ================= [ 435.398113][T15284] vivid-003: Radio HW Seek Mode: Bounded [ 435.417298][T15288] bridge0: port 2(gretap0) entered blocking state [ 435.430636][T15284] vivid-003: Radio Programmable HW Seek: false [ 435.439193][T15288] bridge0: port 2(gretap0) entered disabled state [ 435.448857][T15284] vivid-003: RDS Rx I/O Mode: Block I/O [ 435.461958][T15284] vivid-003: Generate RBDS Instead of RDS: false [ 435.462154][T15288] gretap0: entered allmulticast mode [ 435.468363][T15284] vivid-003: RDS Reception: true [ 435.483187][T15067] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 435.491999][T15288] gretap0: entered promiscuous mode [ 435.504859][T15284] vivid-003: RDS Program Type: 0 inactive [ 435.510668][T15284] vivid-003: RDS PS Name: inactive [ 435.516548][T15284] vivid-003: RDS Radio Text: inactive [ 435.524709][T15284] vivid-003: RDS Traffic Announcement: false inactive [ 435.531135][T15288] bridge0: port 2(gretap0) entered blocking state [ 435.531790][T15284] vivid-003: RDS Traffic Program: [ 435.538030][T15288] bridge0: port 2(gretap0) entered forwarding state [ 435.551259][T15284] false inactive [ 435.555313][T15284] vivid-003: RDS Music: false inactive [ 435.560989][T15284] vivid-003: ================== END STATUS ================== [ 436.558255][T15320] nbd: must specify at least one socket [ 436.793747][T15324] kAFS: No cell specified [ 437.383124][T15341] vivid-003: ================= START STATUS ================= [ 437.404214][T15341] vivid-003: Radio HW Seek Mode: Bounded [ 437.419943][T15341] vivid-003: Radio Programmable HW Seek: false [ 437.436541][T15341] vivid-003: RDS Rx I/O Mode: Block I/O [ 437.482418][T15341] vivid-003: Generate RBDS Instead of RDS: false [ 437.505708][T15341] vivid-003: RDS Reception: true [ 437.518882][T15341] vivid-003: RDS Program Type: 0 inactive [ 437.544377][T15341] vivid-003: RDS PS Name: inactive [ 437.579136][T15341] vivid-003: RDS Radio Text: inactive [ 437.636482][T15341] vivid-003: RDS Traffic Announcement: false inactive [ 437.667291][T15341] vivid-003: RDS Traffic Program: false inactive [ 437.747585][T15341] vivid-003: RDS Music: false inactive [ 437.800944][T15341] vivid-003: ================== END STATUS ================== [ 438.576632][T15364] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4066'. [ 438.845833][T15067] Bluetooth: hci0: unexpected subevent 0x04 length: 122 > 11 [ 439.259074][T15370] queue_state_write: unsupported operation '' [ 439.267526][T15370] queue_state_write: use 'run', 'start' or 'kick' [ 440.193237][T15299] Process accounting resumed [ 440.243550][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.258423][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.952441][T15375] Process accounting paused [ 442.644962][T15445] sp0: Synchronizing with TNC [ 442.862336][T15432] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 442.902030][T15449] sp0: Synchronizing with TNC [ 442.913807][T15432] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 442.957555][T15432] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 442.987365][T15432] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 443.084987][T15445] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4086'. [ 443.394869][T15449] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4087'. [ 443.613495][T15468] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4092'. [ 444.477910][T15067] Bluetooth: hci3: command 0x0c1a tx timeout [ 444.664644][T15482] FAULT_INJECTION: forcing a failure. [ 444.664644][T15482] name failslab, interval 1, probability 0, space 0, times 0 [ 444.756200][T15482] CPU: 0 UID: 0 PID: 15482 Comm: syz.5.4096 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 444.756237][T15482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 444.756251][T15482] Call Trace: [ 444.756259][T15482] [ 444.756269][T15482] dump_stack_lvl+0x16c/0x1f0 [ 444.756312][T15482] should_fail_ex+0x50a/0x650 [ 444.756341][T15482] ? fs_reclaim_acquire+0xae/0x150 [ 444.756378][T15482] ? apply_subsystem_event_filter+0x3cc/0x1410 [ 444.756403][T15482] should_failslab+0xc2/0x120 [ 444.756431][T15482] __kmalloc_cache_noprof+0x68/0x420 [ 444.756464][T15482] apply_subsystem_event_filter+0x3cc/0x1410 [ 444.756499][T15482] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 444.756523][T15482] ? __might_fault+0xe3/0x190 [ 444.756553][T15482] ? __might_fault+0xe3/0x190 [ 444.756589][T15482] ? _copy_from_user+0x59/0xd0 [ 444.756626][T15482] subsystem_filter_write+0x95/0x120 [ 444.756654][T15482] ? __pfx_subsystem_filter_write+0x10/0x10 [ 444.756676][T15482] vfs_write+0x24c/0x1150 [ 444.756701][T15482] ? __fget_files+0x1fc/0x3a0 [ 444.756726][T15482] ? __pfx___mutex_lock+0x10/0x10 [ 444.756762][T15482] ? __pfx_vfs_write+0x10/0x10 [ 444.756798][T15482] ? __fget_files+0x206/0x3a0 [ 444.756833][T15482] ksys_write+0x12b/0x250 [ 444.756856][T15482] ? __pfx_ksys_write+0x10/0x10 [ 444.756892][T15482] do_syscall_64+0xcd/0x250 [ 444.756915][T15482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.756947][T15482] RIP: 0033:0x7f15c478cda9 [ 444.756968][T15482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.756991][T15482] RSP: 002b:00007f15c553c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 444.757014][T15482] RAX: ffffffffffffffda RBX: 00007f15c49a5fa0 RCX: 00007f15c478cda9 [ 444.757029][T15482] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 444.757042][T15482] RBP: 00007f15c480e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 444.757056][T15482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 444.757069][T15482] R13: 0000000000000000 R14: 00007f15c49a5fa0 R15: 00007ffe190b86f8 [ 444.757103][T15482] [ 444.981475][T15067] Bluetooth: hci1: command 0x0c1a tx timeout [ 445.045830][T15067] Bluetooth: hci2: command 0x0c1a tx timeout [ 445.053129][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 445.780113][T15501] sp0: Synchronizing with TNC [ 446.144498][T15501] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4099'. [ 446.667483][T15514] random: crng reseeded on system resumption [ 447.820946][T15547] netlink: 74 bytes leftover after parsing attributes in process `syz.5.4110'. [ 447.849958][T15544] blktrace: Concurrent blktraces are not allowed on sg0 [ 448.032276][T15558] sp0: Synchronizing with TNC [ 448.112342][ T5145] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 448.167393][T15557] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 448.324603][T15554] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4112'. [ 448.615939][T15580] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4117'. [ 448.678405][T15580] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4117'. [ 448.772855][T15580] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4117'. [ 448.797253][T15580] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4117'. [ 448.832977][T15580] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4117'. [ 448.925092][T15580] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4117'. [ 448.998047][T15580] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4117'. [ 449.032221][T15580] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4117'. [ 449.056451][T15580] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4117'. [ 449.088486][T15580] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4117'. [ 449.867916][T15599] kAFS: No cell specified [ 450.350617][T15613] sp0: Synchronizing with TNC [ 450.541975][T15617] bond0: entered allmulticast mode [ 450.583528][T15617] bond_slave_0: entered allmulticast mode [ 450.610333][T15617] bond_slave_1: entered allmulticast mode [ 451.141338][ T5145] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 453.282621][T15680] mac80211_hwsim hwsim23 wlan1: entered promiscuous mode [ 453.374289][T15690] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 453.381969][T15690] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 453.858936][ T5145] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 453.954939][T15706] FAULT_INJECTION: forcing a failure. [ 453.954939][T15706] name failslab, interval 1, probability 0, space 0, times 0 [ 454.116876][T15706] CPU: 0 UID: 0 PID: 15706 Comm: syz.5.4147 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 454.116910][T15706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 454.116924][T15706] Call Trace: [ 454.116930][T15706] [ 454.116940][T15706] dump_stack_lvl+0x16c/0x1f0 [ 454.116978][T15706] should_fail_ex+0x50a/0x650 [ 454.117006][T15706] ? fs_reclaim_acquire+0xae/0x150 [ 454.117041][T15706] should_failslab+0xc2/0x120 [ 454.117069][T15706] __kmalloc_noprof+0xce/0x4f0 [ 454.117095][T15706] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 454.117127][T15706] ? tomoyo_realpath_from_path+0xbf/0x710 [ 454.117160][T15706] tomoyo_realpath_from_path+0xbf/0x710 [ 454.117190][T15706] ? tomoyo_path_number_perm+0x235/0x5b0 [ 454.117217][T15706] tomoyo_path_number_perm+0x248/0x5b0 [ 454.117240][T15706] ? tomoyo_path_number_perm+0x235/0x5b0 [ 454.117267][T15706] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 454.117322][T15706] ? __pfx_lock_release+0x10/0x10 [ 454.117347][T15706] ? trace_lock_acquire+0x14e/0x1f0 [ 454.117374][T15706] ? lock_acquire+0x2f/0xb0 [ 454.117397][T15706] ? __fget_files+0x40/0x3a0 [ 454.117425][T15706] ? __fget_files+0x206/0x3a0 [ 454.117454][T15706] security_file_ioctl+0x9b/0x240 [ 454.117481][T15706] __x64_sys_ioctl+0xb7/0x200 [ 454.117516][T15706] do_syscall_64+0xcd/0x250 [ 454.117540][T15706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.117570][T15706] RIP: 0033:0x7f15c478cda9 [ 454.117587][T15706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.117607][T15706] RSP: 002b:00007f15c551b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 454.117628][T15706] RAX: ffffffffffffffda RBX: 00007f15c49a6080 RCX: 00007f15c478cda9 [ 454.117641][T15706] RDX: 00000000200001c0 RSI: 00000000c0045006 RDI: 0000000000000003 [ 454.117655][T15706] RBP: 00007f15c551b090 R08: 0000000000000000 R09: 0000000000000000 [ 454.117668][T15706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 454.117681][T15706] R13: 0000000000000001 R14: 00007f15c49a6080 R15: 00007ffe190b86f8 [ 454.117711][T15706] [ 454.117721][T15706] ERROR: Out of memory at tomoyo_realpath_from_path. [ 456.507486][T15730] __nla_validate_parse: 26 callbacks suppressed [ 456.507510][T15730] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4152'. [ 456.554018][T15730] veth1_macvtap: entered allmulticast mode [ 458.682434][ T5145] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 460.595024][T15789] netlink: 'syz.6.4163': attribute type 16 has an invalid length. [ 460.613339][T15789] netlink: 330 bytes leftover after parsing attributes in process `syz.6.4163'. [ 460.689918][T15790] netlink: 'syz.6.4163': attribute type 16 has an invalid length. [ 460.705531][T15790] netlink: 330 bytes leftover after parsing attributes in process `syz.6.4163'. [ 461.295634][T15804] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4167'. [ 461.459449][T15793] netlink: 146 bytes leftover after parsing attributes in process `syz.4.4164'. [ 462.477578][ T5145] Bluetooth: hci0: unexpected subevent 0x04 length: 122 > 11 [ 464.360697][ T5145] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 464.847354][T15881] FAULT_INJECTION: forcing a failure. [ 464.847354][T15881] name failslab, interval 1, probability 0, space 0, times 0 [ 464.876150][T15881] CPU: 0 UID: 0 PID: 15881 Comm: syz.1.4183 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 464.876186][T15881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 464.876200][T15881] Call Trace: [ 464.876206][T15881] [ 464.876216][T15881] dump_stack_lvl+0x16c/0x1f0 [ 464.876256][T15881] should_fail_ex+0x50a/0x650 [ 464.876284][T15881] ? fs_reclaim_acquire+0xae/0x150 [ 464.876321][T15881] should_failslab+0xc2/0x120 [ 464.876350][T15881] __kmalloc_noprof+0xce/0x4f0 [ 464.876374][T15881] ? ops_init+0x77/0x5f0 [ 464.876405][T15881] ops_init+0x77/0x5f0 [ 464.876434][T15881] setup_net+0x21f/0x860 [ 464.876464][T15881] ? __pfx_setup_net+0x10/0x10 [ 464.876489][T15881] ? down_read_killable+0xcc/0x380 [ 464.876511][T15881] ? __pfx_down_read_killable+0x10/0x10 [ 464.876536][T15881] ? debug_mutex_init+0x37/0x70 [ 464.876574][T15881] copy_net_ns+0x2b4/0x6c0 [ 464.876604][T15881] create_new_namespaces+0x3ea/0xad0 [ 464.876639][T15881] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 464.876673][T15881] ksys_unshare+0x45d/0xa40 [ 464.876705][T15881] ? __pfx_ksys_unshare+0x10/0x10 [ 464.876736][T15881] ? xfd_validate_state+0x5d/0x180 [ 464.876767][T15881] ? syscall_user_dispatch+0x77/0x140 [ 464.876802][T15881] __x64_sys_unshare+0x31/0x40 [ 464.876834][T15881] do_syscall_64+0xcd/0x250 [ 464.876857][T15881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.876884][T15881] RIP: 0033:0x7ffb0958cda9 [ 464.876902][T15881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.876923][T15881] RSP: 002b:00007ffb0a394038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 464.876945][T15881] RAX: ffffffffffffffda RBX: 00007ffb097a5fa0 RCX: 00007ffb0958cda9 [ 464.876960][T15881] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 464.876973][T15881] RBP: 00007ffb0960e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 464.876995][T15881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.877009][T15881] R13: 0000000000000000 R14: 00007ffb097a5fa0 R15: 00007ffcd88a69d8 [ 464.877040][T15881] [ 465.267628][T15884] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4183'. [ 467.304882][T15925] Process accounting resumed [ 467.528710][ T5145] Bluetooth: hci0: unexpected subevent 0x04 length: 122 > 11 [ 468.173267][T15927] netlink: 'syz.6.4194': attribute type 3 has an invalid length. [ 469.014274][T15946] can: request_module (can-proto-0) failed. [ 471.113483][T15998] netlink: 1204 bytes leftover after parsing attributes in process `syz.5.4205'. [ 471.226492][T16001] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4205'. [ 472.218758][T15017] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 472.303891][T15996] Process accounting resumed [ 474.416339][T16029] sp0: Synchronizing with TNC [ 474.797375][T16031] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4211'. [ 476.610644][T16056] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4217'. [ 476.753876][T16058] sp0: Synchronizing with TNC [ 476.993693][T16058] netlink: 334 bytes leftover after parsing attributes in process `syz.6.4218'. [ 478.761803][T16077] can: request_module (can-proto-0) failed. [ 479.269267][T16105] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 479.275383][T16105] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 479.328747][T16111] FAULT_INJECTION: forcing a failure. [ 479.328747][T16111] name failslab, interval 1, probability 0, space 0, times 0 [ 479.350488][T16105] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 479.378892][T16111] CPU: 0 UID: 0 PID: 16111 Comm: syz.6.4229 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 479.378923][T16111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 479.378936][T16111] Call Trace: [ 479.378944][T16111] [ 479.378953][T16111] dump_stack_lvl+0x16c/0x1f0 [ 479.378995][T16111] should_fail_ex+0x50a/0x650 [ 479.379033][T16111] ? fs_reclaim_acquire+0xae/0x150 [ 479.379074][T16111] should_failslab+0xc2/0x120 [ 479.379103][T16111] kmem_cache_alloc_lru_noprof+0x73/0x3b0 [ 479.379129][T16111] ? do_user_addr_fault+0xdc7/0x13f0 [ 479.379148][T16111] ? sock_alloc_inode+0x25/0x1c0 [ 479.379167][T16111] ? __pfx_sock_alloc_inode+0x10/0x10 [ 479.379184][T16111] sock_alloc_inode+0x25/0x1c0 [ 479.379199][T16111] alloc_inode+0x5d/0x230 [ 479.379216][T16111] sock_alloc+0x40/0x280 [ 479.379239][T16111] __sock_create+0xc1/0x8d0 [ 479.379257][T16111] ? __pfx_lock_release+0x10/0x10 [ 479.379278][T16111] __sys_socket+0x14f/0x260 [ 479.379296][T16111] ? __pfx___sys_socket+0x10/0x10 [ 479.379316][T16111] ? do_user_addr_fault+0x83d/0x13f0 [ 479.379334][T16111] __x64_sys_socket+0x72/0xb0 [ 479.379351][T16111] ? lockdep_hardirqs_on+0x7c/0x110 [ 479.379370][T16111] do_syscall_64+0xcd/0x250 [ 479.379383][T16111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.379401][T16111] RIP: 0033:0x7f9876d8ecc7 [ 479.379412][T16111] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 479.379424][T16111] RSP: 002b:00007f9877b67fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 479.379437][T16111] RAX: ffffffffffffffda RBX: 00007f9876fa5fa0 RCX: 00007f9876d8ecc7 [ 479.379446][T16111] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 479.379454][T16111] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 479.379462][T16111] R10: 0000000020000040 R11: 0000000000000286 R12: 0000000000000000 [ 479.379470][T16111] R13: 0000000000000000 R14: 00007f9876fa5fa0 R15: 00007ffea7735388 [ 479.379487][T16111] [ 479.379495][T16111] socket: no more sockets [ 479.449136][T16105] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 480.070088][T16124] nbd1: detected capacity change from 0 to 68719476736 [ 480.100593][T15529] block nbd1: Send control failed (result -22) [ 480.126330][T15529] block nbd1: Request send failed, requeueing [ 480.159363][T15067] block nbd1: Receive control failed (result -32) [ 480.184870][T14612] block nbd1: Dead connection, failed to find a fallback [ 480.202499][T14612] block nbd1: shutting down sockets [ 480.208233][T14612] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.218896][T14612] Buffer I/O error on dev nbd1, logical block 0, async page read [ 480.228744][T15529] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.238029][T15529] Buffer I/O error on dev nbd1, logical block 0, async page read [ 480.253049][T15529] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.272191][T15529] Buffer I/O error on dev nbd1, logical block 0, async page read [ 480.280337][T15529] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.290533][T15529] Buffer I/O error on dev nbd1, logical block 0, async page read [ 480.298972][T15529] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.308032][T15529] Buffer I/O error on dev nbd1, logical block 0, async page read [ 480.316207][T15529] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.325560][T15529] Buffer I/O error on dev nbd1, logical block 0, async page read [ 480.335076][T15529] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.344285][T15529] Buffer I/O error on dev nbd1, logical block 0, async page read [ 480.354509][T15529] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.365446][T15529] Buffer I/O error on dev nbd1, logical block 0, async page read [ 480.376109][T15529] ldm_validate_partition_table(): Disk read failed. [ 480.383664][T15529] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.417274][T16134] Process accounting resumed [ 480.442750][T15529] Buffer I/O error on dev nbd1, logical block 0, async page read [ 480.460136][T15529] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.480390][T15529] Buffer I/O error on dev nbd1, logical block 0, async page read [ 480.539867][T15529] Dev nbd1: unable to read RDB block 0 [ 480.589308][T15529] nbd1: unable to read partition table [ 480.606879][T15529] ldm_validate_partition_table(): Disk read failed. [ 480.625385][T15529] Dev nbd1: unable to read RDB block 0 [ 480.648907][T15529] nbd1: unable to read partition table [ 481.338069][T15067] Bluetooth: hci1: command 0x0c1a tx timeout [ 481.344190][ T5145] Bluetooth: hci3: command 0x0c1a tx timeout [ 481.374110][T16145] netlink: 54 bytes leftover after parsing attributes in process `syz.6.4236'. [ 481.418181][T15067] Bluetooth: hci0: command 0x0c1a tx timeout [ 481.497877][T15067] Bluetooth: hci2: command 0x0c1a tx timeout [ 482.005641][ T5145] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 482.053830][ T5145] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 482.062782][ T5145] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 482.075574][ T5145] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 482.086505][ T5145] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 482.097834][ T5145] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 482.705979][T16157] chnl_net:caif_netlink_parms(): no params data found [ 482.952377][T16157] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.968353][T16157] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.997358][T16157] bridge_slave_0: entered allmulticast mode [ 483.024485][T16157] bridge_slave_0: entered promiscuous mode [ 483.058288][T16157] bridge0: port 2(bridge_slave_1) entered blocking state [ 483.087362][T16157] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.096700][T16157] bridge_slave_1: entered allmulticast mode [ 483.138049][T16157] bridge_slave_1: entered promiscuous mode [ 483.217993][T16157] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 483.241383][T16157] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 483.319062][T16157] team0: Port device team_slave_0 added [ 483.338210][T16157] team0: Port device team_slave_1 added [ 483.402842][T16157] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 483.426140][T16157] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.482623][T16157] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 483.508534][T16157] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 483.515515][T16157] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.577205][T16157] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 483.701866][T16157] hsr_slave_0: entered promiscuous mode [ 483.712571][T16157] hsr_slave_1: entered promiscuous mode [ 483.729472][T16157] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 483.764452][T16157] Cannot create hsr debugfs directory [ 483.901696][T16187] Invalid ELF header magic: != ELF [ 483.984311][ T5145] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 484.136872][ T5145] Bluetooth: hci1: command tx timeout [ 484.387218][T16157] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 484.410725][T16157] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 484.464795][T16157] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 484.483535][T16157] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 484.691052][T16157] 8021q: adding VLAN 0 to HW filter on device bond0 [ 484.730508][T16157] 8021q: adding VLAN 0 to HW filter on device team0 [ 484.758658][T15016] bridge0: port 1(bridge_slave_0) entered blocking state [ 484.765908][T15016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 484.788440][T15016] bridge0: port 2(bridge_slave_1) entered blocking state [ 484.795582][T15016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 485.219461][T16157] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 485.795406][T16157] veth0_vlan: entered promiscuous mode [ 485.857114][T16157] veth1_vlan: entered promiscuous mode [ 485.937204][T16157] veth0_macvtap: entered promiscuous mode [ 485.959620][T16157] veth1_macvtap: entered promiscuous mode [ 486.008996][T16157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.036057][T16157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.065554][T16157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.095646][T16157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.125493][T16157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.147866][T16157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.182650][T16157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.215610][T16157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.215669][ T5145] Bluetooth: hci1: command tx timeout [ 486.248228][T16157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.298113][T16157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.359178][T16157] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 486.390995][T16157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.429638][T16157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.463078][T16157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.474610][T16157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.491705][T16157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.502575][T16157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.522776][T16157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.541630][T16157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.563632][T16157] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.588747][T16157] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.610524][T16157] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 486.646985][T16157] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.663238][T16157] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.682439][T16157] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.693035][T16221] ubi0: attaching mtd0 [ 486.710266][T16221] ubi0: scanning is finished [ 486.714913][T16221] ubi0: empty MTD device detected [ 486.723944][T16157] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.886833][T16225] can0: slcan on ptm0. [ 487.097196][T16224] can0 (unregistered): slcan off ptm0. [ 487.194952][T16221] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 487.202497][T16221] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 487.318341][T16221] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 487.536468][T16239] can: request_module (can-proto-0) failed. [ 487.542536][T16221] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 487.623656][T16221] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 487.650139][T12199] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.694537][T12199] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.799787][T16221] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 487.890244][T14281] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.944554][T14281] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.999701][T16221] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2608667190 [ 488.009840][T16221] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 488.022156][T16233] ubi0: background thread "ubi_bgt0d" started, PID 16233 [ 488.304752][ T5145] Bluetooth: hci1: command tx timeout [ 488.531653][T16275] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4254'. [ 488.587990][T16275] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4254'. [ 490.029932][T16245] Invalid ELF header magic: != ELF [ 490.383741][ T5145] Bluetooth: hci1: command tx timeout [ 491.390181][T16313] netlink: 334 bytes leftover after parsing attributes in process `syz.6.4259'. [ 493.305415][T16361] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4271'. [ 493.342162][T16361] nbd: must specify a size in bytes for the device [ 494.789389][T16375] kafs: addr_prefs: Invalid Command [ 499.088037][ T5145] Bluetooth: hci3: unexpected subevent 0x04 length: 122 > 11 [ 501.655489][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.661992][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.070057][T16488] FAULT_INJECTION: forcing a failure. [ 503.070057][T16488] name fail_futex, interval 1, probability 0, space 0, times 0 [ 503.087439][T16490] Process accounting paused [ 503.137190][T16488] CPU: 0 UID: 0 PID: 16488 Comm: syz.1.4292 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 503.137223][T16488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 503.137236][T16488] Call Trace: [ 503.137243][T16488] [ 503.137252][T16488] dump_stack_lvl+0x16c/0x1f0 [ 503.137291][T16488] should_fail_ex+0x50a/0x650 [ 503.137317][T16488] ? __lock_acquire+0x15a9/0x3c40 [ 503.137347][T16488] get_futex_key+0xac1/0x1000 [ 503.137385][T16488] ? __pfx_get_futex_key+0x10/0x10 [ 503.137428][T16488] futex_wake+0xe8/0x4e0 [ 503.137458][T16488] ? __pfx_futex_wake+0x10/0x10 [ 503.137488][T16488] ? find_held_lock+0x2d/0x110 [ 503.137528][T16488] do_futex+0x1e5/0x350 [ 503.137551][T16488] ? __pfx_do_futex+0x10/0x10 [ 503.137573][T16488] ? __might_fault+0xe3/0x190 [ 503.137602][T16488] ? __might_fault+0xe3/0x190 [ 503.137634][T16488] mm_release+0x24e/0x300 [ 503.137663][T16488] do_exit+0x886/0x2d70 [ 503.137695][T16488] ? get_signal+0x8f7/0x2610 [ 503.137724][T16488] ? __pfx_do_exit+0x10/0x10 [ 503.137745][T16488] ? do_raw_spin_lock+0x12d/0x2c0 [ 503.137775][T16488] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 503.137809][T16488] do_group_exit+0xd3/0x2a0 [ 503.137832][T16488] get_signal+0x2576/0x2610 [ 503.137872][T16488] ? __pfx_get_signal+0x10/0x10 [ 503.137904][T16488] ? __pfx_do_futex+0x10/0x10 [ 503.137924][T16488] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 503.137961][T16488] arch_do_signal_or_restart+0x90/0x7e0 [ 503.137987][T16488] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 503.138022][T16488] ? __pfx_do_writev+0x10/0x10 [ 503.138049][T16488] syscall_exit_to_user_mode+0x150/0x2a0 [ 503.138084][T16488] do_syscall_64+0xda/0x250 [ 503.138107][T16488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.138136][T16488] RIP: 0033:0x7ffb0958cda9 [ 503.138154][T16488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.138176][T16488] RSP: 002b:00007ffb0a3940e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 503.138197][T16488] RAX: fffffffffffffe00 RBX: 00007ffb097a5fa8 RCX: 00007ffb0958cda9 [ 503.138212][T16488] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ffb097a5fa8 [ 503.138226][T16488] RBP: 00007ffb097a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 503.138239][T16488] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb097a5fac [ 503.138253][T16488] R13: 0000000000000000 R14: 00007ffcd88a68f0 R15: 00007ffcd88a69d8 [ 503.138283][T16488] [ 504.370866][T16517] QAT: failed to copy from user cfg_data. [ 505.043641][T16526] Process accounting resumed [ 505.572693][T15067] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 505.579346][ T5145] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 505.653997][ T54] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 505.660757][T16507] Bluetooth: hci8: Opcode 0x0c03 failed: -110 [ 505.667751][T16506] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 507.712360][T16564] Invalid ELF header magic: != ELF [ 507.747469][T16550] Invalid ELF header magic: != ELF [ 508.562892][T16583] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4308'. [ 508.575834][T16583] netlink: 354 bytes leftover after parsing attributes in process `syz.6.4308'. [ 509.147250][ T29] audit: type=1800 audit(6033615451.221:9): pid=16595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.4311" name="members" dev="configfs" ino=60503 res=0 errno=0 [ 509.474506][T16602] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4314'. [ 509.490767][T16506] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 513.522683][T16678] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4328'. [ 513.584593][T16678] netlink: 174 bytes leftover after parsing attributes in process `syz.5.4328'. [ 514.374800][T16694] can: request_module (can-proto-0) failed. [ 514.424435][ T29] audit: type=1800 audit(6033615456.504:10): pid=16698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.4333" name="members" dev="configfs" ino=60658 res=0 errno=0 [ 515.786517][T16506] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 516.491449][T16506] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 517.413553][T16737] netlink: 306 bytes leftover after parsing attributes in process `syz.1.4344'. [ 520.436665][T16789] ima: policy update failed [ 520.512510][ T29] audit: type=1802 audit(6033615462.577:11): pid=16789 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.4353" res=0 errno=0 [ 521.766904][T16819] openvswitch: netlink: Message has 10777 unknown bytes. [ 523.632894][T16856] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4374'. [ 523.831059][T16856] netlink: 174 bytes leftover after parsing attributes in process `syz.5.4374'. [ 524.977233][T16873] sp0: Synchronizing with TNC [ 525.456379][T16869] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4378'. [ 525.727024][T16884] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4381'. [ 527.221759][T16905] netlink: 326 bytes leftover after parsing attributes in process `syz.5.4386'. [ 528.534577][T16506] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 528.923513][T16943] FAULT_INJECTION: forcing a failure. [ 528.923513][T16943] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 528.960624][T16943] CPU: 0 UID: 0 PID: 16943 Comm: syz.5.4396 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 528.960655][T16943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 528.960668][T16943] Call Trace: [ 528.960674][T16943] [ 528.960683][T16943] dump_stack_lvl+0x16c/0x1f0 [ 528.960719][T16943] should_fail_ex+0x50a/0x650 [ 528.960750][T16943] _copy_to_user+0x32/0xd0 [ 528.960781][T16943] simple_read_from_buffer+0xd0/0x160 [ 528.960816][T16943] proc_fail_nth_read+0x198/0x270 [ 528.960847][T16943] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 528.960877][T16943] ? rw_verify_area+0xcf/0x680 [ 528.960907][T16943] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 528.960936][T16943] vfs_read+0x1df/0xbf0 [ 528.960959][T16943] ? __fget_files+0x1fc/0x3a0 [ 528.960982][T16943] ? __pfx___mutex_lock+0x10/0x10 [ 528.961013][T16943] ? __pfx_vfs_read+0x10/0x10 [ 528.961043][T16943] ? __fget_files+0x206/0x3a0 [ 528.961073][T16943] ksys_read+0x12b/0x250 [ 528.961093][T16943] ? __pfx_ksys_read+0x10/0x10 [ 528.961122][T16943] do_syscall_64+0xcd/0x250 [ 528.961142][T16943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.961170][T16943] RIP: 0033:0x7f15c478b7bc [ 528.961188][T16943] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 528.961207][T16943] RSP: 002b:00007f15c553c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 528.961227][T16943] RAX: ffffffffffffffda RBX: 00007f15c49a5fa0 RCX: 00007f15c478b7bc [ 528.961242][T16943] RDX: 000000000000000f RSI: 00007f15c553c0a0 RDI: 0000000000000004 [ 528.961254][T16943] RBP: 00007f15c553c090 R08: 0000000000000000 R09: 0000000000000000 [ 528.961266][T16943] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 528.961277][T16943] R13: 0000000000000000 R14: 00007f15c49a5fa0 R15: 00007ffe190b86f8 [ 528.961321][T16943] [ 530.454027][T16955] zswap: compressor not available [ 530.651421][T16969] FAULT_INJECTION: forcing a failure. [ 530.651421][T16969] name failslab, interval 1, probability 0, space 0, times 0 [ 530.688776][T16969] CPU: 1 UID: 0 PID: 16969 Comm: syz.1.4402 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 530.688809][T16969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 530.688822][T16969] Call Trace: [ 530.688828][T16969] [ 530.688837][T16969] dump_stack_lvl+0x16c/0x1f0 [ 530.688876][T16969] should_fail_ex+0x50a/0x650 [ 530.688901][T16969] ? fs_reclaim_acquire+0xae/0x150 [ 530.688935][T16969] should_failslab+0xc2/0x120 [ 530.688963][T16969] __kmalloc_node_noprof+0xd1/0x520 [ 530.688989][T16969] ? __pfx___mutex_lock+0x10/0x10 [ 530.689019][T16969] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 530.689047][T16969] __kvmalloc_node_noprof+0xad/0x1a0 [ 530.689072][T16969] traverse.part.0.constprop.0+0x392/0x640 [ 530.689105][T16969] ? __pfx_lock_release+0x10/0x10 [ 530.689129][T16969] ? trace_lock_acquire+0x14e/0x1f0 [ 530.689156][T16969] seq_read_iter+0x934/0x12b0 [ 530.689191][T16969] ? aa_file_perm+0x4d5/0xfe0 [ 530.689225][T16969] seq_read+0x39f/0x4e0 [ 530.689255][T16969] ? __pfx_seq_read+0x10/0x10 [ 530.689311][T16969] full_proxy_read+0x13c/0x200 [ 530.689332][T16969] ? __pfx_full_proxy_read+0x10/0x10 [ 530.689354][T16969] vfs_read+0x1df/0xbf0 [ 530.689378][T16969] ? __fget_files+0x1fc/0x3a0 [ 530.689400][T16969] ? __pfx_lock_release+0x10/0x10 [ 530.689424][T16969] ? __pfx_vfs_read+0x10/0x10 [ 530.689448][T16969] ? lock_acquire+0x2f/0xb0 [ 530.689471][T16969] ? __fget_files+0x40/0x3a0 [ 530.689497][T16969] ? __fget_files+0x206/0x3a0 [ 530.689535][T16969] __x64_sys_pread64+0x1f6/0x250 [ 530.689559][T16969] ? __pfx___x64_sys_pread64+0x10/0x10 [ 530.689591][T16969] do_syscall_64+0xcd/0x250 [ 530.689613][T16969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.689642][T16969] RIP: 0033:0x7ffb0958cda9 [ 530.689659][T16969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 530.689679][T16969] RSP: 002b:00007ffb0a394038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 530.689698][T16969] RAX: ffffffffffffffda RBX: 00007ffb097a5fa0 RCX: 00007ffb0958cda9 [ 530.689712][T16969] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000003 [ 530.689724][T16969] RBP: 00007ffb0a394090 R08: 0000000000000000 R09: 0000000000000000 [ 530.689737][T16969] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 530.689749][T16969] R13: 0000000000000000 R14: 00007ffb097a5fa0 R15: 00007ffcd88a69d8 [ 530.689776][T16969] [ 531.258011][T16983] FAULT_INJECTION: forcing a failure. [ 531.258011][T16983] name failslab, interval 1, probability 0, space 0, times 0 [ 531.272555][T16983] CPU: 0 UID: 0 PID: 16983 Comm: syz.1.4407 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 531.272590][T16983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 531.272605][T16983] Call Trace: [ 531.272613][T16983] [ 531.272623][T16983] dump_stack_lvl+0x16c/0x1f0 [ 531.272664][T16983] should_fail_ex+0x50a/0x650 [ 531.272693][T16983] ? fs_reclaim_acquire+0xae/0x150 [ 531.272734][T16983] should_failslab+0xc2/0x120 [ 531.272768][T16983] kmem_cache_alloc_lru_noprof+0x73/0x3b0 [ 531.272795][T16983] ? hlock_class+0x4e/0x130 [ 531.272828][T16983] ? sock_alloc_inode+0x25/0x1c0 [ 531.272857][T16983] ? __pfx_sock_alloc_inode+0x10/0x10 [ 531.272881][T16983] sock_alloc_inode+0x25/0x1c0 [ 531.272907][T16983] alloc_inode+0x5d/0x230 [ 531.272934][T16983] sock_alloc+0x40/0x280 [ 531.272960][T16983] sock_create_lite+0x82/0x120 [ 531.272990][T16983] __netlink_kernel_create+0xbe/0x750 [ 531.273023][T16983] ? __pfx___netlink_kernel_create+0x10/0x10 [ 531.273056][T16983] ? find_held_lock+0x2d/0x110 [ 531.273095][T16983] rtnetlink_net_init+0xba/0x140 [ 531.273125][T16983] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 531.273158][T16983] ? __pfx_rtnetlink_rcv+0x10/0x10 [ 531.273186][T16983] ? __pfx_rtnetlink_bind+0x10/0x10 [ 531.273216][T16983] ? __pfx_netlink_tap_init_net+0x10/0x10 [ 531.273244][T16983] ? debug_mutex_init+0x37/0x70 [ 531.273276][T16983] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 531.273303][T16983] ops_init+0x1df/0x5f0 [ 531.273340][T16983] setup_net+0x21f/0x860 [ 531.273366][T16983] ? __pfx_setup_net+0x10/0x10 [ 531.273389][T16983] ? down_read_killable+0xcc/0x380 [ 531.273414][T16983] ? __pfx_down_read_killable+0x10/0x10 [ 531.273440][T16983] ? debug_mutex_init+0x37/0x70 [ 531.273477][T16983] copy_net_ns+0x2b4/0x6c0 [ 531.273508][T16983] create_new_namespaces+0x3ea/0xad0 [ 531.273560][T16983] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 531.273597][T16983] ksys_unshare+0x45d/0xa40 [ 531.273634][T16983] ? __pfx_ksys_unshare+0x10/0x10 [ 531.273664][T16983] ? xfd_validate_state+0x5d/0x180 [ 531.273705][T16983] __x64_sys_unshare+0x31/0x40 [ 531.273738][T16983] do_syscall_64+0xcd/0x250 [ 531.273763][T16983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.273792][T16983] RIP: 0033:0x7ffb0958cda9 [ 531.273811][T16983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 531.273834][T16983] RSP: 002b:00007ffb0a394038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 531.273856][T16983] RAX: ffffffffffffffda RBX: 00007ffb097a5fa0 RCX: 00007ffb0958cda9 [ 531.273871][T16983] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 531.273885][T16983] RBP: 00007ffb0960e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 531.273899][T16983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 531.273913][T16983] R13: 0000000000000000 R14: 00007ffb097a5fa0 R15: 00007ffcd88a69d8 [ 531.273944][T16983] [ 532.210477][T16981] zswap: compressor not available [ 532.267570][T16993] Setting dangerous option i915.request_timeout_ms - tainting kernel [ 533.111178][T17004] Process accounting resumed [ 533.117468][T17018] FAULT_INJECTION: forcing a failure. [ 533.117468][T17018] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 533.178763][T17018] CPU: 0 UID: 0 PID: 17018 Comm: syz.6.4414 Tainted: G U 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 533.178802][T17018] Tainted: [U]=USER [ 533.178810][T17018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 533.178824][T17018] Call Trace: [ 533.178831][T17018] [ 533.178840][T17018] dump_stack_lvl+0x16c/0x1f0 [ 533.178877][T17018] should_fail_ex+0x50a/0x650 [ 533.178909][T17018] _copy_to_iter+0x4a5/0x1400 [ 533.178947][T17018] ? __pfx__copy_to_iter+0x10/0x10 [ 533.178975][T17018] ? __virt_addr_valid+0x1a4/0x590 [ 533.179002][T17018] ? __virt_addr_valid+0x5e/0x590 [ 533.179023][T17018] ? __phys_addr_symbol+0x30/0x80 [ 533.179054][T17018] ? __check_object_size+0x488/0x710 [ 533.179087][T17018] seq_read_iter+0x725/0x12b0 [ 533.179123][T17018] ? aa_file_perm+0x4d5/0xfe0 [ 533.179158][T17018] seq_read+0x39f/0x4e0 [ 533.179190][T17018] ? __pfx_seq_read+0x10/0x10 [ 533.179248][T17018] full_proxy_read+0x13c/0x200 [ 533.179277][T17018] ? __pfx_full_proxy_read+0x10/0x10 [ 533.179300][T17018] vfs_read+0x1df/0xbf0 [ 533.179324][T17018] ? __fget_files+0x1fc/0x3a0 [ 533.179347][T17018] ? __pfx_lock_release+0x10/0x10 [ 533.179374][T17018] ? __pfx_vfs_read+0x10/0x10 [ 533.179399][T17018] ? lock_acquire+0x2f/0xb0 [ 533.179421][T17018] ? __fget_files+0x40/0x3a0 [ 533.179449][T17018] ? __fget_files+0x206/0x3a0 [ 533.179482][T17018] __x64_sys_pread64+0x1f6/0x250 [ 533.179506][T17018] ? __pfx___x64_sys_pread64+0x10/0x10 [ 533.179541][T17018] do_syscall_64+0xcd/0x250 [ 533.179565][T17018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.179594][T17018] RIP: 0033:0x7f9876d8cda9 [ 533.179612][T17018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 533.179634][T17018] RSP: 002b:00007f9877b69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 533.179656][T17018] RAX: ffffffffffffffda RBX: 00007f9876fa5fa0 RCX: 00007f9876d8cda9 [ 533.179671][T17018] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000003 [ 533.179683][T17018] RBP: 00007f9877b69090 R08: 0000000000000000 R09: 0000000000000000 [ 533.179697][T17018] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 533.179710][T17018] R13: 0000000000000000 R14: 00007f9876fa5fa0 R15: 00007ffea7735388 [ 533.179741][T17018] [ 533.708211][T17024] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 533.741372][T17024] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 533.755327][T17024] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 533.791941][T17024] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 533.797914][T17024] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 533.843252][T17024] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 534.651710][T17051] FAULT_INJECTION: forcing a failure. [ 534.651710][T17051] name failslab, interval 1, probability 0, space 0, times 0 [ 534.696360][T17051] CPU: 0 UID: 7 PID: 17051 Comm: syz.7.4422 Tainted: G U 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 534.696398][T17051] Tainted: [U]=USER [ 534.696405][T17051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 534.696418][T17051] Call Trace: [ 534.696425][T17051] [ 534.696434][T17051] dump_stack_lvl+0x16c/0x1f0 [ 534.696472][T17051] should_fail_ex+0x50a/0x650 [ 534.696499][T17051] ? fs_reclaim_acquire+0xae/0x150 [ 534.696535][T17051] should_failslab+0xc2/0x120 [ 534.696563][T17051] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 534.696588][T17051] ? __pfx_acct_collect+0x10/0x10 [ 534.696615][T17051] ? taskstats_exit+0x650/0xbe0 [ 534.696643][T17051] ? acct_update_integrals+0x3e7/0x4b0 [ 534.696673][T17051] taskstats_exit+0x650/0xbe0 [ 534.696701][T17051] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 534.696732][T17051] ? __pfx_taskstats_exit+0x10/0x10 [ 534.696761][T17051] ? _raw_spin_unlock_irq+0x23/0x50 [ 534.696798][T17051] ? __seccomp_filter_orphan+0x18/0x110 [ 534.696830][T17051] ? __put_seccomp_filter+0x16/0xf0 [ 534.696866][T17051] do_exit+0x845/0x2d70 [ 534.696890][T17051] ? get_signal+0x8f7/0x2610 [ 534.696919][T17051] ? __pfx_do_exit+0x10/0x10 [ 534.696940][T17051] ? do_raw_spin_lock+0x12d/0x2c0 [ 534.696970][T17051] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 534.697005][T17051] do_group_exit+0xd3/0x2a0 [ 534.697028][T17051] get_signal+0x2576/0x2610 [ 534.697061][T17051] ? do_raw_spin_lock+0x12d/0x2c0 [ 534.697096][T17051] ? __pfx_get_signal+0x10/0x10 [ 534.697127][T17051] ? __pfx_do_futex+0x10/0x10 [ 534.697155][T17051] arch_do_signal_or_restart+0x90/0x7e0 [ 534.697181][T17051] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 534.697225][T17051] syscall_exit_to_user_mode+0x150/0x2a0 [ 534.697259][T17051] do_syscall_64+0xda/0x250 [ 534.697282][T17051] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 534.697311][T17051] RIP: 0033:0x7fef8718cda9 [ 534.697330][T17051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 534.697352][T17051] RSP: 002b:00007fef8801f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 534.697373][T17051] RAX: fffffffffffffe00 RBX: 00007fef873a5fa8 RCX: 00007fef8718cda9 [ 534.697388][T17051] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fef873a5fa8 [ 534.697402][T17051] RBP: 00007fef873a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 534.697415][T17051] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fef873a5fac [ 534.697429][T17051] R13: 0000000000000000 R14: 00007ffe07d75060 R15: 00007ffe07d75148 [ 534.697459][T17051] [ 535.007811][T16506] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 535.208507][T17058] can: request_module (can-proto-0) failed. [ 535.230005][T17063] FAULT_INJECTION: forcing a failure. [ 535.230005][T17063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 535.293447][T17063] CPU: 1 UID: 0 PID: 17063 Comm: syz.5.4426 Tainted: G U 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 535.293486][T17063] Tainted: [U]=USER [ 535.293493][T17063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 535.293506][T17063] Call Trace: [ 535.293513][T17063] [ 535.293522][T17063] dump_stack_lvl+0x16c/0x1f0 [ 535.293560][T17063] should_fail_ex+0x50a/0x650 [ 535.293592][T17063] _copy_to_user+0x32/0xd0 [ 535.293624][T17063] simple_read_from_buffer+0xd0/0x160 [ 535.293660][T17063] proc_fail_nth_read+0x198/0x270 [ 535.293692][T17063] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 535.293725][T17063] ? rw_verify_area+0xcf/0x680 [ 535.293757][T17063] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 535.293787][T17063] vfs_read+0x1df/0xbf0 [ 535.293810][T17063] ? __fget_files+0x1fc/0x3a0 [ 535.293834][T17063] ? __pfx___mutex_lock+0x10/0x10 [ 535.293866][T17063] ? __pfx_vfs_read+0x10/0x10 [ 535.293898][T17063] ? __fget_files+0x206/0x3a0 [ 535.293931][T17063] ksys_read+0x12b/0x250 [ 535.293952][T17063] ? __pfx_ksys_read+0x10/0x10 [ 535.293990][T17063] do_syscall_64+0xcd/0x250 [ 535.294014][T17063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.294043][T17063] RIP: 0033:0x7f15c478b7bc [ 535.294061][T17063] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 535.294082][T17063] RSP: 002b:00007f15c553c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 535.294103][T17063] RAX: ffffffffffffffda RBX: 00007f15c49a5fa0 RCX: 00007f15c478b7bc [ 535.294118][T17063] RDX: 000000000000000f RSI: 00007f15c553c0a0 RDI: 0000000000000004 [ 535.294131][T17063] RBP: 00007f15c553c090 R08: 0000000000000000 R09: 0000000000000000 [ 535.294144][T17063] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 535.294157][T17063] R13: 0000000000000000 R14: 00007f15c49a5fa0 R15: 00007ffe190b86f8 [ 535.294189][T17063] [ 535.711395][T16506] Bluetooth: hci3: command 0x0c1a tx timeout [ 535.791289][T16506] Bluetooth: hci2: command 0x0c1a tx timeout [ 535.797347][T16506] Bluetooth: hci0: command 0x0c1a tx timeout [ 535.870579][T16506] Bluetooth: hci1: command 0x0c1a tx timeout [ 536.143888][T17068] bond0: option all_slaves_active: invalid value () [ 537.617995][T17094] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 537.949734][T16506] Bluetooth: hci1: command 0x0c1a tx timeout [ 538.390541][T17101] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 538.409409][T17101] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 538.421262][T17110] sp0: Synchronizing with TNC [ 538.429809][T17101] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 538.446263][T17101] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 538.665773][T16506] Bluetooth: hci3: Malformed HCI Event: 0x22 [ 538.971446][T17108] netlink: 334 bytes leftover after parsing attributes in process `syz.6.4437'. [ 539.518919][T17126] can: request_module (can-proto-0) failed. [ 539.916305][T17140] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 540.428505][T16506] Bluetooth: hci0: command 0x0c1a tx timeout [ 540.434623][T16507] Bluetooth: hci3: command 0x0c1a tx timeout [ 540.508615][T16506] Bluetooth: hci1: command 0x0c1a tx timeout [ 540.514744][T16507] Bluetooth: hci2: command 0x0c1a tx timeout [ 543.607867][T17194] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4456'. [ 543.727288][T17194] netlink: 342 bytes leftover after parsing attributes in process `syz.7.4456'. [ 546.067011][T16506] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 546.168904][T17229] svc: failed to register nfsdv3 RPC service (errno 111). [ 546.204153][T17229] svc: failed to register nfsaclv3 RPC service (errno 111). [ 547.604781][T17239] FAULT_INJECTION: forcing a failure. [ 547.604781][T17239] name fail_futex, interval 1, probability 0, space 0, times 0 [ 547.618203][T17239] CPU: 1 UID: 0 PID: 17239 Comm: syz.7.4465 Tainted: G U 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 547.618240][T17239] Tainted: [U]=USER [ 547.618248][T17239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 547.618261][T17239] Call Trace: [ 547.618268][T17239] [ 547.618277][T17239] dump_stack_lvl+0x16c/0x1f0 [ 547.618316][T17239] should_fail_ex+0x50a/0x650 [ 547.618348][T17239] get_futex_key+0x4a3/0x1000 [ 547.618382][T17239] ? __pfx_stack_trace_save+0x10/0x10 [ 547.618409][T17239] ? __pfx_get_futex_key+0x10/0x10 [ 547.618448][T17239] ? kasan_save_stack+0x42/0x60 [ 547.618472][T17239] ? kasan_save_stack+0x33/0x60 [ 547.618495][T17239] ? kasan_save_track+0x14/0x30 [ 547.618519][T17239] ? __kasan_slab_alloc+0x89/0x90 [ 547.618543][T17239] ? kmem_cache_alloc_noprof+0x1c8/0x3b0 [ 547.618568][T17239] ? security_file_alloc+0x34/0x2b0 [ 547.618606][T17239] futex_wait_setup+0x78/0x290 [ 547.618646][T17239] __futex_wait+0x267/0x3c0 [ 547.618677][T17239] ? __pfx___futex_wait+0x10/0x10 [ 547.618714][T17239] ? __pfx_futex_wake_mark+0x10/0x10 [ 547.618759][T17239] futex_wait+0xe9/0x380 [ 547.618787][T17239] ? __pfx_futex_wait+0x10/0x10 [ 547.618824][T17239] ? debug_mutex_init+0x37/0x70 [ 547.618855][T17239] ? percpu_counter_add_batch+0xb5/0x1e0 [ 547.618878][T17239] ? errseq_sample+0x53/0x70 [ 547.618908][T17239] ? file_init_path+0x501/0x770 [ 547.618941][T17239] do_futex+0x22b/0x350 [ 547.618965][T17239] ? __pfx_do_futex+0x10/0x10 [ 547.618991][T17239] ? fd_install+0x223/0x750 [ 547.619019][T17239] __x64_sys_futex+0x1e1/0x4c0 [ 547.619048][T17239] ? __pfx___x64_sys_futex+0x10/0x10 [ 547.619073][T17239] ? fd_install+0x242/0x750 [ 547.619105][T17239] do_syscall_64+0xcd/0x250 [ 547.619130][T17239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.619161][T17239] RIP: 0033:0x7fef8718cda9 [ 547.619179][T17239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 547.619202][T17239] RSP: 002b:00007fef8801f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 547.619239][T17239] RAX: ffffffffffffffda RBX: 00007fef873a5fa8 RCX: 00007fef8718cda9 [ 547.619256][T17239] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fef873a5fa8 [ 547.619271][T17239] RBP: 00007fef873a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 547.619286][T17239] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fef873a5fac [ 547.619300][T17239] R13: 0000000000000000 R14: 00007ffe07d75060 R15: 00007ffe07d75148 [ 547.619332][T17239] [ 550.171595][T17263] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4470'. [ 550.190673][T17263] netlink: 98 bytes leftover after parsing attributes in process `syz.5.4470'. [ 552.392696][T13570] ------------[ cut here ]------------ [ 552.398198][T13570] ODEBUG: free active (active state 0) object: ffff888032b2d248 object type: timer_list hint: hci_devcd_timeout+0x0/0x2f0 [ 552.549445][T13570] WARNING: CPU: 1 PID: 13570 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 [ 552.559138][T13570] Modules linked in: [ 552.563154][T13570] CPU: 1 UID: 0 PID: 13570 Comm: syz-executor Tainted: G U 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 552.575670][T13570] Tainted: [U]=USER [ 552.579488][T13570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 552.589842][T13570] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 552.595743][T13570] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 48 8b 14 dd 00 e3 d2 8b 41 56 4c 89 e6 48 c7 c7 80 d7 d2 8b e8 1f fd b7 fc 90 <0f> 0b 90 90 58 83 05 46 41 9e 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 552.615701][T13570] RSP: 0018:ffffc900057f7768 EFLAGS: 00010286 [ 552.621804][T13570] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff8179c889 [ 552.629982][T13570] RDX: ffff88805c093c00 RSI: ffffffff8179c896 RDI: 0000000000000001 [ 552.638098][T13570] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 552.646403][T13570] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8bd2de20 [ 552.654824][T13570] R13: ffffffff8b6fa0c0 R14: ffffffff8a546720 R15: ffffc900057f7878 [ 552.663116][T13570] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 552.672503][T13570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 552.679110][T13570] CR2: 00007f8880d7fdd3 CR3: 0000000033d62000 CR4: 00000000003526f0 [ 552.687437][T13570] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 552.695696][T13570] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 552.704128][T13570] Call Trace: [ 552.707424][T13570] [ 552.710570][T13570] ? __warn+0xea/0x3c0 [ 552.714955][T13570] ? preempt_schedule_notrace+0x62/0xe0 [ 552.720549][T13570] ? debug_print_object+0x1a2/0x2b0 [ 552.726108][T13570] ? report_bug+0x3c0/0x580 [ 552.730647][T13570] ? handle_bug+0x54/0xa0 [ 552.735355][T13570] ? exc_invalid_op+0x17/0x50 [ 552.740059][T13570] ? asm_exc_invalid_op+0x1a/0x20 [ 552.745635][T13570] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 552.751136][T13570] ? __warn_printk+0x199/0x350 [ 552.757381][T13570] ? __warn_printk+0x1a6/0x350 [ 552.762401][T13570] ? debug_print_object+0x1a2/0x2b0 [ 552.767637][T13570] ? debug_print_object+0x1a1/0x2b0 [ 552.773075][T13570] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 552.778574][T13570] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 552.784486][T13570] debug_check_no_obj_freed+0x4b7/0x600 [ 552.790077][T13570] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 552.796279][T13570] ? kmem_cache_free+0x2e2/0x4d0 [ 552.801246][T13570] ? kfree_skbmem+0x1a4/0x1f0 [ 552.806085][T13570] kfree+0x29f/0x4d0 [ 552.810010][T13570] ? hci_release_dev+0x4d9/0x600 [ 552.815056][T13570] hci_release_dev+0x4d9/0x600 [ 552.819856][T13570] ? __pfx_hci_release_dev+0x10/0x10 [ 552.825543][T13570] ? rcu_is_watching+0x12/0xc0 [ 552.830478][T13570] ? kfree+0x260/0x4d0 [ 552.834640][T13570] bt_host_release+0x6a/0xb0 [ 552.839266][T13570] ? __pfx_bt_host_release+0x10/0x10 [ 552.844684][T13570] device_release+0xa1/0x240 [ 552.849307][T13570] kobject_put+0x1e4/0x5a0 [ 552.853807][T13570] ? __pfx_vhci_release+0x10/0x10 [ 552.858984][T13570] put_device+0x1f/0x30 [ 552.863225][T13570] vhci_release+0x81/0xf0 [ 552.867584][T13570] __fput+0x3ff/0xb70 [ 552.871602][T13570] task_work_run+0x14e/0x250 [ 552.876297][T13570] ? __pfx_task_work_run+0x10/0x10 [ 552.881438][T13570] ? do_raw_spin_unlock+0x172/0x230 [ 552.886718][T13570] do_exit+0xad8/0x2d70 [ 552.890899][T13570] ? get_signal+0x8f7/0x2610 [ 552.895585][T13570] ? __pfx_do_exit+0x10/0x10 [ 552.900196][T13570] ? do_raw_spin_lock+0x12d/0x2c0 [ 552.905359][T13570] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 552.910775][T13570] do_group_exit+0xd3/0x2a0 [ 552.915370][T13570] get_signal+0x2576/0x2610 [ 552.919906][T13570] ? __pfx_child_wait_callback+0x10/0x10 [ 552.925641][T13570] ? __pfx_get_signal+0x10/0x10 [ 552.930532][T13570] ? __do_sys_wait4+0xd2/0x170 [ 552.935391][T13570] arch_do_signal_or_restart+0x90/0x7e0 [ 552.940967][T13570] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 552.947212][T13570] syscall_exit_to_user_mode+0x150/0x2a0 [ 552.952961][T13570] do_syscall_64+0xda/0x250 [ 552.957597][T13570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.963585][T13570] RIP: 0033:0x7ffb09583017 [ 552.968025][T13570] Code: Unable to access opcode bytes at 0x7ffb09582fed. [ 552.975111][T13570] RSP: 002b:00007ffcd88a6d40 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 552.983730][T13570] RAX: fffffffffffffe00 RBX: 00000000000002a2 RCX: 00007ffb09583017 [ 552.991723][T13570] RDX: 0000000040000000 RSI: 00007ffcd88a6dac RDI: 00000000ffffffff [ 552.999814][T13570] RBP: 00007ffcd88a6dac R08: 0000000000000000 R09: 0000000000000000 [ 553.007845][T13570] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000000a9 [ 553.015921][T13570] R13: 000055558817c590 R14: 00000000000833e8 R15: 00007ffcd88a6e00 [ 553.023987][T13570] [ 553.027027][T13570] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 553.034326][T13570] CPU: 1 UID: 0 PID: 13570 Comm: syz-executor Tainted: G U 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 553.046760][T13570] Tainted: [U]=USER [ 553.050572][T13570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 553.060678][T13570] Call Trace: [ 553.063969][T13570] [ 553.066920][T13570] dump_stack_lvl+0x3d/0x1f0 [ 553.071636][T13570] panic+0x71d/0x800 [ 553.075554][T13570] ? __pfx_panic+0x10/0x10 [ 553.080001][T13570] ? show_trace_log_lvl+0x29d/0x3d0 [ 553.085238][T13570] ? check_panic_on_warn+0x1f/0xb0 [ 553.090372][T13570] ? debug_print_object+0x1a2/0x2b0 [ 553.095603][T13570] check_panic_on_warn+0xab/0xb0 [ 553.100566][T13570] __warn+0xf6/0x3c0 [ 553.104484][T13570] ? preempt_schedule_notrace+0x62/0xe0 [ 553.110058][T13570] ? debug_print_object+0x1a2/0x2b0 [ 553.115284][T13570] report_bug+0x3c0/0x580 [ 553.119644][T13570] handle_bug+0x54/0xa0 [ 553.123821][T13570] exc_invalid_op+0x17/0x50 [ 553.128345][T13570] asm_exc_invalid_op+0x1a/0x20 [ 553.133231][T13570] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 553.139058][T13570] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 48 8b 14 dd 00 e3 d2 8b 41 56 4c 89 e6 48 c7 c7 80 d7 d2 8b e8 1f fd b7 fc 90 <0f> 0b 90 90 58 83 05 46 41 9e 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 553.158666][T13570] RSP: 0018:ffffc900057f7768 EFLAGS: 00010286 [ 553.164736][T13570] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff8179c889 [ 553.172705][T13570] RDX: ffff88805c093c00 RSI: ffffffff8179c896 RDI: 0000000000000001 [ 553.180675][T13570] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 553.188640][T13570] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8bd2de20 [ 553.196634][T13570] R13: ffffffff8b6fa0c0 R14: ffffffff8a546720 R15: ffffc900057f7878 [ 553.204622][T13570] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 553.210096][T13570] ? __warn_printk+0x199/0x350 [ 553.214858][T13570] ? __warn_printk+0x1a6/0x350 [ 553.219624][T13570] ? debug_print_object+0x1a1/0x2b0 [ 553.224828][T13570] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 553.230293][T13570] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 553.236112][T13570] debug_check_no_obj_freed+0x4b7/0x600 [ 553.241679][T13570] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 553.247778][T13570] ? kmem_cache_free+0x2e2/0x4d0 [ 553.252728][T13570] ? kfree_skbmem+0x1a4/0x1f0 [ 553.257427][T13570] kfree+0x29f/0x4d0 [ 553.261332][T13570] ? hci_release_dev+0x4d9/0x600 [ 553.266286][T13570] hci_release_dev+0x4d9/0x600 [ 553.271066][T13570] ? __pfx_hci_release_dev+0x10/0x10 [ 553.276365][T13570] ? rcu_is_watching+0x12/0xc0 [ 553.281144][T13570] ? kfree+0x260/0x4d0 [ 553.285219][T13570] bt_host_release+0x6a/0xb0 [ 553.289820][T13570] ? __pfx_bt_host_release+0x10/0x10 [ 553.295109][T13570] device_release+0xa1/0x240 [ 553.299717][T13570] kobject_put+0x1e4/0x5a0 [ 553.304140][T13570] ? __pfx_vhci_release+0x10/0x10 [ 553.309168][T13570] put_device+0x1f/0x30 [ 553.313331][T13570] vhci_release+0x81/0xf0 [ 553.317661][T13570] __fput+0x3ff/0xb70 [ 553.321669][T13570] task_work_run+0x14e/0x250 [ 553.326269][T13570] ? __pfx_task_work_run+0x10/0x10 [ 553.331382][T13570] ? do_raw_spin_unlock+0x172/0x230 [ 553.336591][T13570] do_exit+0xad8/0x2d70 [ 553.340749][T13570] ? get_signal+0x8f7/0x2610 [ 553.345344][T13570] ? __pfx_do_exit+0x10/0x10 [ 553.349931][T13570] ? do_raw_spin_lock+0x12d/0x2c0 [ 553.354963][T13570] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 553.360347][T13570] do_group_exit+0xd3/0x2a0 [ 553.364850][T13570] get_signal+0x2576/0x2610 [ 553.369372][T13570] ? __pfx_child_wait_callback+0x10/0x10 [ 553.375021][T13570] ? __pfx_get_signal+0x10/0x10 [ 553.379878][T13570] ? __do_sys_wait4+0xd2/0x170 [ 553.384648][T13570] arch_do_signal_or_restart+0x90/0x7e0 [ 553.390226][T13570] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 553.396393][T13570] syscall_exit_to_user_mode+0x150/0x2a0 [ 553.402037][T13570] do_syscall_64+0xda/0x250 [ 553.406538][T13570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.412437][T13570] RIP: 0033:0x7ffb09583017 [ 553.416850][T13570] Code: Unable to access opcode bytes at 0x7ffb09582fed. [ 553.423861][T13570] RSP: 002b:00007ffcd88a6d40 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 553.432272][T13570] RAX: fffffffffffffe00 RBX: 00000000000002a2 RCX: 00007ffb09583017 [ 553.440251][T13570] RDX: 0000000040000000 RSI: 00007ffcd88a6dac RDI: 00000000ffffffff [ 553.448230][T13570] RBP: 00007ffcd88a6dac R08: 0000000000000000 R09: 0000000000000000 [ 553.456203][T13570] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000000a9 [ 553.464173][T13570] R13: 000055558817c590 R14: 00000000000833e8 R15: 00007ffcd88a6e00 [ 553.472159][T13570] [ 553.475429][T13570] Kernel Offset: disabled [ 553.479747][T13570] Rebooting in 86400 seconds..