last executing test programs: 33.861684517s ago: executing program 1 (id=3694): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0xf42f, 0x7f) r1 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) r2 = fcntl$auto(r1, 0x400, 0x1) truncate$auto(&(0x7f0000000080)='./file0\x00', 0x7f) close_range$auto(0x0, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) r4 = epoll_create$auto(0x3e) epoll_ctl$auto(r4, 0x1, r3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x4dd8, 0x5) mmap$auto(0x0, 0x20009, 0x80b, 0xeb1, 0x401, 0x80000000008000) r6 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_BIND_RX(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010026bd7000fcdbdf250d00000008000300", @ANYRES32, @ANYBLOB="0400028008000100"], 0x28}, 0x1, 0x0, 0x0, 0x4800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x1}, 0x801) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x5, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r7 = prctl$auto_PR_SET_MM_ENV_START(0x4, 0xa, 0x0, 0xf9, 0x5) sendfile$auto(r7, r2, &(0x7f00000001c0)=0xac, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r8 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r8, 0x0, 0xc3) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) mknod$auto(&(0x7f0000000040)='./file1\x00', 0x4, 0x7fff) openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000003540)='/proc/thread-self/setgroups\x00', 0x2, 0x0) read$auto_supply_map_fops_(r1, &(0x7f0000000400)=""/4096, 0x1000) 32.747602477s ago: executing program 1 (id=3698): mmap$auto(0x0, 0x88f, 0xffff, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x400000003) openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r3) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)={0x14, r4, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x44004811}, 0x40000c0) 31.88008265s ago: executing program 1 (id=3700): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x400008, 0x2, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mseal$auto(0x0, 0x7dda, 0x300000000000000) 31.761970117s ago: executing program 1 (id=3701): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000002c00)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x80) readv$auto(0xca, &(0x7f0000000040)={&(0x7f0000000000), 0x9}, 0x10) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x300, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x4004) sendmsg$auto_ETHTOOL_MSG_PHY_GET(0xffffffffffffffff, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="010326bd7000ffdbdf252d"], 0x20}, 0x1, 0x0, 0x0, 0x2404c012}, 0x80) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00"], 0x1ac}}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x100, 0x0) 31.649906862s ago: executing program 1 (id=3702): close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyz0\x00', 0x368e00dfe4475b57, 0x0) socket(0x28, 0x801, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51) socket(0xf, 0x3, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) open(0x0, 0x14d27e, 0x72) tkill$auto(0x1, 0x7) socket(0x1e, 0x1, 0x0) r2 = setfsuid$auto(0xee00) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x5, 0x4000000000df, 0x12, 0x4, 0x300000000000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) read$auto(0x3, 0x0, 0xf34) read$auto(0xffffffffffffffff, 0x0, 0x6) msgctl$auto_MSG_STAT(0xffffffc0, 0xb, &(0x7f0000000480)={{0x6, 0xffffffffffffffff, 0x0, 0x8, 0x10001, 0xfd32, 0xfff9}, 0x0, 0x0, 0x7fffffff, 0x4, 0x4000001, 0x8000000000000000, 0x6, 0xc210, 0x3, 0x3, @raw=0x8}) setresuid$auto(0x0, r2, r3) setpriority$auto(0x93, r2, 0x9) fanotify_init$auto(0x5, 0x2000000000002) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0xfff, 0x1, 0x5, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) waitid$auto_P_ALL(0x0, 0x1, 0x0, 0x7fffffff, 0x0) sendmsg$auto_MAC802154_HWSIM_CMD_DEL_RADIO(r0, 0x0, 0x0) 31.027151374s ago: executing program 1 (id=3705): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/dev_snmp6/bridge0\x00', 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) sendfile$auto(r0, r0, 0x0, 0xb9) 30.345431686s ago: executing program 32 (id=3705): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/dev_snmp6/bridge0\x00', 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) sendfile$auto(r0, r0, 0x0, 0xb9) 11.08618841s ago: executing program 3 (id=3770): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio1/rate\x00', 0x2, 0x0) read$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfdef) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x1f00000000000000, 0x200007, 0x19) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cuse\x00', 0x41000, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r1 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r1, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto(r2, 0x4008af24, r1) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) socket(0x25, 0x5, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r4, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) 8.422234737s ago: executing program 3 (id=3775): unshare$auto(0x40000080) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x5, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x92000, 0x0) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x5, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x55) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) sendmsg$auto_NFSD_CMD_LISTENER_GET(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x64004090}, 0x24004854) r1 = openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x103700, 0x0) read$auto(r1, 0x0, 0x4000000081) 6.637479137s ago: executing program 2 (id=3780): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000002340)='/dev/tty8\x00', 0x20342, 0x0) write$auto_tty_fops_tty_io(r0, &(0x7f0000002380)="3048307fe7cfae5771557100d8bad69fd3976cfac3e61a03fabad77665e9855382af4d3ad7effc1a0268500b20593480f4fcf1f9e78737dae2a19189b3eaa28927afe4fcf63ea85a707579b4b3aee52068791f10bf91f2828e9bba0d832c5d9d535c6c6301fd5efab7f91db5088a62c0f4a5a091095d43bb119c834598e71617851c324666eee9da98d9ac1c505a6c21d764d48b10d5403a41819e7516e05329e230c80d9521ca5c93b8cc2383927b772707ed4e034a7f5feeacc17f6e5f29749b3dcbb7f03e8b6ebc1f1e3fb27b00b690d9b8b92cfbc932d9771a148700de464a7d89270f7e0819f3800b760a96f396dd70e4daffce4b76ebc6e16b3fd2af8f4761d76de561", 0x106) 6.486819337s ago: executing program 3 (id=3782): syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x40, 0x0) syz_clone(0x8000000, &(0x7f00000000c0)="4919e68e47865038716832e1ebf25aa019b3db4535c6506a6e2e1a30e33315ceee4848e062809138b646e92f7be1fa57d268daab478f851aff315f915c001d02443b11c2686a2a5af3463b48d244ffcb7a14a62c35739dc25e03c81d1eea8fee17949177a16ba5979be6460cfa9b9bfdc8e707e048e862846564c9c65228f3d2064e358f5dc2d9777f61859f0a364479bec3", 0x92, &(0x7f0000000040), &(0x7f0000000200), &(0x7f0000000240)="81dcbe9cae0dae4c2eec8ed9a58c029473a88d410910b3203a070b5b3cc24893abea89633eb554acb0ef6254e045f820b5465828956fc90f5668b2fea74509314af81e98950cfe1f01311690591f548971fa64a7fb6ada9cc964d5046d811ac0d3b0a2bf0ea05b1dd2d5dc38757569c662848553bea76f10542723c91d8c5c253284c7174223e0d56bf1e26ee74991f1f4841874744f4428a245a079b763719aaacf798f15d23f761d2796702b50825f4414c8") mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0903, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r1, 0x4008af25, &(0x7f0000000000)=0x7) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x62040, 0x0) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x1, 0x40009, 0xdf, 0x13, 0xffffffffffffffff, 0x10001) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) socket(0x15, 0xa, 0x5) connect$auto(0x3, &(0x7f0000000080)=@l2={0x1f, 0x6, @none, 0x5}, 0x2) ioperm$auto(0x5, 0x8000020000008001, 0x2000000000000149) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x300, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = fcntl$auto_F_UNLCK(r2, 0x8, 0x2) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000340)={0x2, 0x4, 0x5, 0xc7ab3c6, 0x4, 0x9, 0x4, 0xfffffffffffffffd, 0x5beb36ee, 0x65, 0x5, 0x5}) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) 6.400651322s ago: executing program 4 (id=3707): socket(0x2, 0x1, 0x0) ioctl$auto(0x3, 0x5411, 0x10000000000402) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01002dbd7000fddbdf25030000000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef) 6.260891276s ago: executing program 2 (id=3783): r0 = getpid() getpgrp(r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = io_uring_setup$auto(0x5000bcf, 0x0) r2 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_mISDN_fops_timerdev(r2, &(0x7f0000001a00)=""/4097, 0x1001) ioctl$auto_IMADDTIMER(r2, 0x80044940, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(r1, r2, 0xfffff35a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/nbd6/queue/zoned\x00', 0x6a980, 0x0) read$auto(r4, 0x0, 0x6) close_range$auto(r1, r1, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000040)='/dev/usbmon14\x00', 0x444442, 0x0) r5 = epoll_create$auto(0x8800001) epoll_ctl$auto(r5, 0x1, r3, 0x0) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x3) socket(0x10, 0x2, 0x0) r6 = socket(0x2a, 0x2, 0x1) connect$auto(r6, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0x4001}, 0x55) write$auto(0x3, 0x0, 0x3f00) mmap$auto(0x401, 0xa00003, 0x17df, 0xce77, r5, 0x6e6d) socket(0x2, 0x1, 0x106) ioctl$auto(0x3, 0x8915, 0x38) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') 5.889337302s ago: executing program 4 (id=3784): execve$auto(&(0x7f0000000080)='./file0\x00', &(0x7f0000000000)=&(0x7f0000000300)='tdaO\xd7\xe1\x1e\x1d\x1b\x00F:\x10M=\xdd >\xbf\x16p\xa4\x94\x96A\xe0]&\xe8\xb3\xea,?\xbb}\v\xfa__\x13c\x82\x1b\xef\x15.\x00\x80\xb6\x10\x94~\x17N\xe2\xfan\xf1\xe3\x14\xde\xa2\xc5\xc2\x8d\rn\x91\x96\xc2\xec/\xbf7\x81A8\x06\x92K\a\x12\x96\x89\x0e\x8b\xc8\xdb\x9c(\xbe6\xae\xba\xba5\x19\x87\xb33\x1e\xc7\\\x9b\xb6\x83\xd1\xac:\xfc\xfbua\xf9\xd5\x8a\x96\xdf\xce\xb0\'GA\xf6\xd9\xd7q\xb2\xbc\xc1]', 0x0) 5.557059676s ago: executing program 4 (id=3785): syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x40, 0x0) syz_clone(0x8000000, &(0x7f00000000c0)="4919e68e47865038716832e1ebf25aa019b3db4535c6506a6e2e1a30e33315ceee4848e062809138b646e92f7be1fa57d268daab478f851aff315f915c001d02443b11c2686a2a5af3463b48d244ffcb7a14a62c35739dc25e03c81d1eea8fee17949177a16ba5979be6460cfa9b9bfdc8e707e048e862846564c9c65228f3d2064e358f5dc2d9777f61859f0a364479bec3", 0x92, &(0x7f0000000040), &(0x7f0000000200), &(0x7f0000000240)="81dcbe9cae0dae4c2eec8ed9a58c029473a88d410910b3203a070b5b3cc24893abea89633eb554acb0ef6254e045f820b5465828956fc90f5668b2fea74509314af81e98950cfe1f01311690591f548971fa64a7fb6ada9cc964d5046d811ac0d3b0a2bf0ea05b1dd2d5dc38757569c662848553bea76f10542723c91d8c5c253284c7174223e0d56bf1e26ee74991f1f4841874744f4428a245a079b763719aaacf798f15d23f761d2796702b50825f4414c8") mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0903, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r1, 0x4008af25, &(0x7f0000000000)=0x7) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x62040, 0x0) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x1, 0x40009, 0xdf, 0x13, 0xffffffffffffffff, 0x10001) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) socket(0x15, 0xa, 0x5) connect$auto(0x3, &(0x7f0000000080)=@l2={0x1f, 0x6, @none, 0x5}, 0x2) ioperm$auto(0x5, 0x8000020000008001, 0x2000000000000149) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) fcntl$auto_F_UNLCK(r2, 0x8, 0x2) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) 5.348793445s ago: executing program 0 (id=3786): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001f80), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f00000000c0)={0x14, r1, 0x59e638bc4fbb3f7d, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x48018}, 0x400c880) unshare$auto(0x20000) unshare$auto(0x20000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0xffffffffffffffff, 0x9) unshare$auto(0x40000080) mmap$auto(0x2, 0xfffffffffffffffe, 0x8, 0x810, r2, 0x5d63) ioctl$auto_SNDRV_PCM_IOCTL_FORWARD2(0xffffffffffffffff, 0x40084149, &(0x7f0000001080)=0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) r3 = prctl$auto(0x23, 0xe, 0x0, 0x6c, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa101, 0x0) socket(0x10, 0x2, 0xc) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/usb/usbmon/36u\x00', 0x26040, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x15, 0x0, 0xfb3) close_range$auto(0x2, 0x8, 0x0) bpf$auto_BPF_BTF_LOAD(0x12, &(0x7f0000000000)=@test={r3, 0x7, 0x6, 0x9, 0x2, 0x7f, 0x7fff, 0x2, 0xc10, 0x6, 0xb9, 0xf, 0x8001, 0x6, 0x1}, 0x800) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x10, 0x9, 0x63, 0x0, 0x0, 0x0, 0x0, 0x40000000000f, 0x1000, 0xfffffffffffffffd, 0x7ffffffb, 0x9, 0xffffffff7ffffffc, 0x9, 0x7, 0x200000100103}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x23, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/rfkill6/power\x00', 0x88000, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) socket(0x10, 0x2, 0xc) 5.325054862s ago: executing program 2 (id=3787): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x2, 0x2020009, 0x3, 0xeb2, 0xffffffffffffffff, 0x8000) (async) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x80, 0x0) read$auto(r0, 0x0, 0x200000fff) (async) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/fs/o2cb/logmask/SOCKET\x00', 0x20102, 0x0) (async) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x80a02, 0x0) (async) openat$auto_evm_key_ops_evm_secfs(0xffffffffffffff9c, &(0x7f00000000c0), 0x40802, 0x0) (async) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) (async) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) madvise$auto(0x0, 0x200007, 0x19) (async) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x40000005) (async) r3 = getpgid(0xffffffffffffffff) syz_open_procfs$namespace(r3, &(0x7f0000000040)='ns/pid\x00') (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x111c81, 0x0) mmap$auto(0x0, 0x40, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x3ada00, 0x0) bpf$auto(0x2, &(0x7f0000000380)=@token_create={0x5315, r4}, 0x1) read$auto(0x3, 0x0, 0x80) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/use-gss-proxy\x00', 0x48041, 0x0) 4.864590798s ago: executing program 3 (id=3788): mmap$auto(0x200, 0x2000c, 0xdf, 0x20eb1, 0xffffffffffffffff, 0x7) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket(0x2c, 0x1, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2102, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) r1 = getpid() mremap$auto(0x0, 0x4000007, 0x3fd7, 0x0, 0x20000020000000) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/tcp\x00', 0x16f82, 0x0) lseek$auto(0x3, 0x8, 0x1) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) memfd_create$auto(0x0, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x401, 0x15) 3.889784193s ago: executing program 4 (id=3789): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x20401, 0x0) semctl$auto(0x80001ff, 0x804, 0x3, 0x4) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x4606, 0x0) 3.780123309s ago: executing program 2 (id=3790): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/speed\x00', 0x0, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000280)={0x4, 0x80003, 0xa, @state_change={0x200, 0x9, 0x3}}) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x0, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) socketpair$auto(0x4, 0x2, 0x10, &(0x7f0000000040)=0x7) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x4001ff, 0x7, 0x6, 0x1, 0x948b, 0x3, 0x1, 0x572f14dc, 0x80000000, 0x80000000, 0x0, 0x7, 0x6d3c, 0x4, 0x2, 0x1]}, 0x0) (async) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) (async) unshare$auto(0x40000080) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x2, 0x0, 0x804, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) (async) syslog$auto(0x9, &(0x7f0000000680)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI+\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\x1e\t\xef\xe4&\x91\x8ey\x97\x00e:\v\xe6\x14\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2\x96\xf97\xe3\x05\xf7\x19\x9f\xb7r\x9b-=\\N\xc7\xc3\xbcg:\xaf\xb1\x1d\xa1\xe4\xb7\xd6\xe4\xb6\x1c\x11LE\xb7\xcb\x1bTD\xa6\v\xf8\xa5\xce%-\x06FVa\xc8\xca\xc5\xea\bF\xc2\x94\xef\nI\xe6\x04\xbe\xe8-d]Q\xfc.5 \xa7@w\xd8\xd9pEW\xe4`\x85;d\t\xd8\x10lT\x88xS{\xb9\x94P\xc3\x1f\x0f\xbc\xcb\xbc\xe9\x85zC\x86\xc976\xf8\xb3\x85lQ\xdd\x9c\xc6\x93mA\x1dH#fr2\xed \x8a\xc5\x8f\x01\x9a\x01I\x95H)rEF\xe2\x00\x11\x18\xfb\xc7N\x02Qn\x92\xa8\x8c\x87\xc4\x1c/\xf4\x15\xa6\xea\xa9A8\x99(\xfds@aq\xbeo&}\x9f`\xc1\xd3\xecYU\x11!\x8a8\xf5B6\xc6\x83\xf1\x93\xaa\x1c\x81`\xbe\xfcO\v<>\r\xcc\xd5C\x93\xe0\xcd\x125K\xb4\xbf\x16p\xa4\x94\x96A\xe0]&\xe8\xb3\xea,?\xbb}\v\xfa__\x13c\x82\x1b\xef\x15.\x00\x80\xb6\x10\x94~\x17N\xe2\xfan\xf1\xe3\x14\xde\xa2\xc5\xc2\x8d\rn\x91\x96\xc2\xec/\xbf7\x81A8\x06\x92K\a\x12\x96\x89\x0e\x8b\xc8\xdb\x9c(\xbe6\xae\xba\xba5\x19\x87\xb33\x1e\xc7\\\x9b\xb6\x83\xd1\xac:\xfc\xfbua\xf9\xd5\x8a\x96\xdf\xce\xb0\'GA\xf6\xd9\xd7q\xb2\xbc\xc1]', 0x0) 2.638617899s ago: executing program 0 (id=3794): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages_mempolicy\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000000)='7\x00\x00\n\xcf`\xfa\xee@\x00\x00\x00\x00\x00\x00\x00\n', 0x1ff) 1.664212389s ago: executing program 2 (id=3795): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) socket(0x1e, 0x4, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000000), r0) close_range$auto(0x2, r0, 0x0) socket(0x80000000000000a, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) close_range$auto(0x2, 0x8, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) r3 = socket(0x2, 0x5, 0x0) openat$auto_bridges_fops_(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/dri/0000:00:02.0/encoder-0/bridges\x00', 0x84941, 0x0) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r4 = gettid() tkill$auto(r4, 0x0) close_range$auto(r2, r3, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) getsockopt$auto(r1, 0x84, 0x71, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x200000008000) memfd_create$auto(0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) fallocate$auto(0x3, 0x0, 0xe, 0x8ec8) clone3$auto(0x0, 0x7) kill$auto_SIGCONT(0xffffffffffffffff, 0x12) 1.663141581s ago: executing program 0 (id=3803): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000003a80)={0x0, 0x0, &(0x7f0000003a40)={&(0x7f00000000c0)={0x14, r1, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0xfffffff0, 0x0, 0x1}, 0x24040004) 1.587932631s ago: executing program 3 (id=3796): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82, 0x0) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x34, r0, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, 0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x7}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x2}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0xb}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x8444) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x7cb241, 0x0) ioctl$auto(0xffffffffffffffff, 0xfffffffd, 0xc35) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x200204, 0x15) syslog$auto(0x4, &(0x7f0000000080)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x400) 1.430092812s ago: executing program 4 (id=3797): set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_coredump_filter_operations_base(0xffffffffffffff9c, &(0x7f0000005700), 0x28000, 0x0) read$auto_proc_coredump_filter_operations_base(r0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x1, 0x0) (async) r1 = io_uring_setup$auto(0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, r1, 0x28000) (async) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, r1, 0x28000) close_range$auto(0x2, 0x8000, 0x0) pipe$auto(0x0) (async) pipe$auto(0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r2) rt_sigaction$auto(0x9, &(0x7f0000000600)={0x0, 0x0, 0x0, {0x5}}, 0x0, 0x8) (async) rt_sigaction$auto(0x9, &(0x7f0000000600)={0x0, 0x0, 0x0, {0x5}}, 0x0, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_clone(0x80, &(0x7f0000000000)="ca16066e5ba1d38400b19b3038e744fb989367920065c3ef7d", 0x19, &(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000100)="5ee594ba5821c1a5e7488c26e19cf82e67ec9935eb6a9edb7981150d5f70ae8ecee69fa727c93c427bff39c16a08f4255d1c69892388ae1154b09c7ccb6d279b52fabe053e10465f4ce243aacc2a38efad01e90684675a5086e093f281a37e495009f8b066006b2238a9e5f291d64533e50cd5dfae28a1f64d67ed44052f49f7a4f93895cf691f16e4d41c43965985596601918c84d4c7c4b35dd4eed8e8c7c50559be8cb07581d8a67cc4edfd153bb91efd59a57835cd8215851b02cfdea801692dfebf34d6d34df8131aa459be49f012fb") (async) r5 = syz_clone(0x80, &(0x7f0000000000)="ca16066e5ba1d38400b19b3038e744fb989367920065c3ef7d", 0x19, &(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000100)="5ee594ba5821c1a5e7488c26e19cf82e67ec9935eb6a9edb7981150d5f70ae8ecee69fa727c93c427bff39c16a08f4255d1c69892388ae1154b09c7ccb6d279b52fabe053e10465f4ce243aacc2a38efad01e90684675a5086e093f281a37e495009f8b066006b2238a9e5f291d64533e50cd5dfae28a1f64d67ed44052f49f7a4f93895cf691f16e4d41c43965985596601918c84d4c7c4b35dd4eed8e8c7c50559be8cb07581d8a67cc4edfd153bb91efd59a57835cd8215851b02cfdea801692dfebf34d6d34df8131aa459be49f012fb") syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000340), r4) tkill$auto(r5, 0x55e8) (async) tkill$auto(r5, 0x55e8) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r6 = socket(0x2, 0x2, 0x1) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r6, 0x1}, 0x10) (async) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r6, 0x1}, 0x10) prctl$auto(0x29, 0x3, r5, 0x6, 0x3) unshare$auto(0x0) (async) unshare$auto(0x0) clone$auto(0x81000005, 0x6, 0xfffffffffffffffd, 0xffffffffffffffff, 0x80000001) (async) clone$auto(0x81000005, 0x6, 0xfffffffffffffffd, 0xffffffffffffffff, 0x80000001) setsockopt$auto(0x400000000000003, 0x29, 0xa, 0x0, 0x401) r7 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/tracing/buffer_size_kb\x00', 0x40000, 0x0) getdents64$auto(r7, &(0x7f0000000240)={0x4, 0x7, 0x3, 0x5, "a16b6927f3ba178c215344efdf629eeb54ca7da1133169f461f9e1eeff0545635838cffc781520ca70801436ba3ab1f249cae7e54f0a4234aaee28f6cdd912e214c942242c1bf093ef6725e488653a28830a00884c7107f4152233b7143d10e812f2b19806dba244ff86d09721c3c7d9a0105dfd91f90bef0a8b81f1e5f4a940ed82fdac30f5c8b8711b271ff15075f58424ff45fb74134d3ef63295611fe2274e90cd07563526cc5cd6d2c0179c5f747f60ea1851c119e800f46853f1d6bdfc1a2e9bd11ad823d001eb32302548551f1a675a4bc20d9b"}, 0xffff28ca) 1.316218567s ago: executing program 0 (id=3798): setuid$auto(0x0) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0xffffffffffffffff, 0x28000) r0 = ioctl$auto_TUNSETDEBUG(0xffffffffffffffff, 0x400454c9, &(0x7f00000002c0)=0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r1, r1, 0x2) bind$auto(0x3, &(0x7f0000000280)=@in={0x2, 0x3, @remote}, 0x6a) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/tracing/saved_tgids\x00', 0xa0100, 0x0) r2 = openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x361300, 0x0) sendfile$auto(r0, r2, 0x0, 0x4003) sysfs$auto(0x2, 0x4c, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x6, 0x0, 0x0, 0x0) 884.867895ms ago: executing program 0 (id=3799): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) socket(0x1d, 0x2, 0x6) bind$auto(0x3, &(0x7f0000000040), 0x6a) pwrite64$auto(r0, 0x0, 0x6bc, 0x5) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) readahead$auto(r0, 0x4, 0x4) socket(0x10, 0x2, 0x0) r1 = socket(0x2, 0x801, 0x100) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x1, 0xe5e) sendmsg$auto_NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x4004050) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x2, 0x80802, 0x0) io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x1}, 0x55) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x201, 0x5, 0x200000810, r1, 0xf739df3) madvise$auto(0x0, 0x2003f0, 0x15) write$auto(0x3, 0x0, 0x100082) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) socket$nl_generic(0x10, 0x3, 0x10) getrandom$auto(0x0, 0x6000000, 0x3) listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x0, 0x3, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x1, 0x9) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) 0s ago: executing program 2 (id=3800): mmap$auto(0x200, 0x2000c, 0xdf, 0x20eb1, 0xffffffffffffffff, 0x7) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket(0x2c, 0x1, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2102, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) r1 = getpid() mremap$auto(0x0, 0x4000007, 0x3fd7, 0x0, 0x20000020000000) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/tcp\x00', 0x16f82, 0x0) lseek$auto(0x3, 0x8, 0x1) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) memfd_create$auto(0x0, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x401, 0x15) kernel console output (not intermixed with test programs): space 0, times 0 [ 1051.572465][T18178] CPU: 0 UID: 0 PID: 18178 Comm: syz.0.3006 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1051.572506][T18178] Tainted: [U]=USER [ 1051.572514][T18178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1051.572529][T18178] Call Trace: [ 1051.572537][T18178] [ 1051.572546][T18178] dump_stack_lvl+0x16c/0x1f0 [ 1051.572579][T18178] should_fail_ex+0x512/0x640 [ 1051.572613][T18178] ? __kmalloc_noprof+0xbf/0x510 [ 1051.572644][T18178] ? kobject_get_path+0xd2/0x2a0 [ 1051.572673][T18178] should_failslab+0xc2/0x120 [ 1051.572715][T18178] __kmalloc_noprof+0xd2/0x510 [ 1051.572750][T18178] kobject_get_path+0xd2/0x2a0 [ 1051.572787][T18178] kobject_uevent_env+0x289/0x1870 [ 1051.572824][T18178] ? __pfx_dev_uevent_name+0x10/0x10 [ 1051.572856][T18178] ? queue_work_on+0x12a/0x1f0 [ 1051.572877][T18178] ? bus_to_subsys+0x131/0x160 [ 1051.572905][T18178] driver_bound+0x164/0x230 [ 1051.572939][T18178] device_bind_driver+0x3a/0x70 [ 1051.572971][T18178] mac80211_hwsim_new_radio+0x3e5/0x54d0 [ 1051.573025][T18178] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1051.573065][T18178] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1051.573115][T18178] hwsim_new_radio_nl+0xb51/0x12c0 [ 1051.573141][T18178] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1051.573190][T18178] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1051.573230][T18178] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1051.573275][T18178] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1051.573313][T18178] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1051.573360][T18178] ? bpf_lsm_capable+0x9/0x10 [ 1051.573382][T18178] ? security_capable+0x7e/0x260 [ 1051.573407][T18178] ? ns_capable+0xd7/0x110 [ 1051.573436][T18178] genl_rcv_msg+0x55c/0x800 [ 1051.573476][T18178] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1051.573512][T18178] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1051.573563][T18178] netlink_rcv_skb+0x158/0x420 [ 1051.573595][T18178] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1051.573633][T18178] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1051.573677][T18178] ? netlink_deliver_tap+0x1ae/0xd30 [ 1051.573718][T18178] genl_rcv+0x28/0x40 [ 1051.573750][T18178] netlink_unicast+0x5a7/0x870 [ 1051.573787][T18178] ? __pfx_netlink_unicast+0x10/0x10 [ 1051.573819][T18178] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1051.573850][T18178] ? __lock_acquire+0xb97/0x1ce0 [ 1051.573890][T18178] netlink_sendmsg+0x8d1/0xdd0 [ 1051.573927][T18178] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1051.573963][T18178] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1051.573993][T18178] ____sys_sendmsg+0xa95/0xc70 [ 1051.574033][T18178] ? copy_msghdr_from_user+0x10a/0x160 [ 1051.574066][T18178] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1051.574122][T18178] ___sys_sendmsg+0x134/0x1d0 [ 1051.574155][T18178] ? __pfx____sys_sendmsg+0x10/0x10 [ 1051.574222][T18178] __sys_sendmsg+0x16d/0x220 [ 1051.574259][T18178] ? __pfx___sys_sendmsg+0x10/0x10 [ 1051.574293][T18178] ? __x64_sys_futex+0x1e0/0x4c0 [ 1051.574344][T18178] do_syscall_64+0xcd/0x490 [ 1051.574377][T18178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1051.574403][T18178] RIP: 0033:0x7f54ad78ebe9 [ 1051.574422][T18178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1051.574447][T18178] RSP: 002b:00007f54ae5f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1051.574470][T18178] RAX: ffffffffffffffda RBX: 00007f54ad9b5fa0 RCX: 00007f54ad78ebe9 [ 1051.574487][T18178] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1051.574502][T18178] RBP: 00007f54ad811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1051.574518][T18178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1051.574532][T18178] R13: 00007f54ad9b6038 R14: 00007f54ad9b5fa0 R15: 00007ffd642146f8 [ 1051.574563][T18178] [ 1053.725455][T18183] random: crng reseeded on system resumption [ 1057.420029][ T981] usb usb38-port5: attempt power cycle [ 1058.010074][ T981] usb usb38-port5: unable to enumerate USB device [ 1058.160237][T15124] Bluetooth: hci0: ACL packet too small [ 1060.756370][T18295] FAULT_INJECTION: forcing a failure. [ 1060.756370][T18295] name failslab, interval 1, probability 0, space 0, times 0 [ 1060.815635][T18295] CPU: 0 UID: 0 PID: 18295 Comm: syz.1.3035 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1060.815678][T18295] Tainted: [U]=USER [ 1060.815686][T18295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1060.815701][T18295] Call Trace: [ 1060.815709][T18295] [ 1060.815719][T18295] dump_stack_lvl+0x16c/0x1f0 [ 1060.815754][T18295] should_fail_ex+0x512/0x640 [ 1060.815788][T18295] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1060.815817][T18295] should_failslab+0xc2/0x120 [ 1060.815850][T18295] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1060.815876][T18295] ? apply_wqattrs_prepare+0x130/0xbd0 [ 1060.815908][T18295] apply_wqattrs_prepare+0x130/0xbd0 [ 1060.815946][T18295] apply_workqueue_attrs_locked+0x64/0xe0 [ 1060.815976][T18295] __alloc_workqueue+0xf41/0x1810 [ 1060.816017][T18295] alloc_workqueue_noprof+0xd2/0x200 [ 1060.816050][T18295] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1060.816088][T18295] ? rcu_is_watching+0x12/0xc0 [ 1060.816114][T18295] ? __kmalloc_noprof+0x242/0x510 [ 1060.816141][T18295] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1060.816183][T18295] ieee80211_register_hw+0x1e8f/0x4060 [ 1060.816228][T18295] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1060.816265][T18295] ? find_held_lock+0x2b/0x80 [ 1060.816290][T18295] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1060.816327][T18295] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1060.816364][T18295] ? __hrtimer_setup+0x176/0x280 [ 1060.816404][T18295] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1060.816464][T18295] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1060.816526][T18295] hwsim_new_radio_nl+0xb51/0x12c0 [ 1060.816553][T18295] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1060.816603][T18295] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1060.816644][T18295] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1060.816689][T18295] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1060.816728][T18295] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1060.816775][T18295] ? bpf_lsm_capable+0x9/0x10 [ 1060.816797][T18295] ? security_capable+0x7e/0x260 [ 1060.816822][T18295] ? ns_capable+0xd7/0x110 [ 1060.816850][T18295] genl_rcv_msg+0x55c/0x800 [ 1060.816890][T18295] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1060.816927][T18295] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1060.816978][T18295] netlink_rcv_skb+0x158/0x420 [ 1060.817009][T18295] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1060.817046][T18295] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1060.817091][T18295] ? netlink_deliver_tap+0x1ae/0xd30 [ 1060.817125][T18295] genl_rcv+0x28/0x40 [ 1060.817158][T18295] netlink_unicast+0x5a7/0x870 [ 1060.817194][T18295] ? __pfx_netlink_unicast+0x10/0x10 [ 1060.817226][T18295] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1060.817256][T18295] ? __lock_acquire+0xb97/0x1ce0 [ 1060.817295][T18295] netlink_sendmsg+0x8d1/0xdd0 [ 1060.817332][T18295] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1060.817368][T18295] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1060.817398][T18295] ____sys_sendmsg+0xa95/0xc70 [ 1060.817437][T18295] ? copy_msghdr_from_user+0x10a/0x160 [ 1060.817468][T18295] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1060.817526][T18295] ___sys_sendmsg+0x134/0x1d0 [ 1060.817559][T18295] ? __pfx____sys_sendmsg+0x10/0x10 [ 1060.817627][T18295] __sys_sendmsg+0x16d/0x220 [ 1060.817659][T18295] ? __pfx___sys_sendmsg+0x10/0x10 [ 1060.817689][T18295] ? __x64_sys_futex+0x1e0/0x4c0 [ 1060.817739][T18295] do_syscall_64+0xcd/0x490 [ 1060.817772][T18295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1060.817798][T18295] RIP: 0033:0x7fe1d578ebe9 [ 1060.817818][T18295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1060.817842][T18295] RSP: 002b:00007fe1d659e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1060.817867][T18295] RAX: ffffffffffffffda RBX: 00007fe1d59b5fa0 RCX: 00007fe1d578ebe9 [ 1060.817884][T18295] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1060.817899][T18295] RBP: 00007fe1d5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1060.817915][T18295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1060.817930][T18295] R13: 00007fe1d59b6038 R14: 00007fe1d59b5fa0 R15: 00007ffdc8d976e8 [ 1060.817960][T18295] [ 1062.950675][ T31] audit: type=1800 audit(4294967616.700:36): pid=18308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3038" name="discovery_nqn" dev="configfs" ino=68949 res=0 errno=0 [ 1064.953353][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1064.959876][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1065.397898][T18338] FAULT_INJECTION: forcing a failure. [ 1065.397898][T18338] name failslab, interval 1, probability 0, space 0, times 0 [ 1065.478613][T18338] CPU: 0 UID: 0 PID: 18338 Comm: syz.2.3046 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1065.478654][T18338] Tainted: [U]=USER [ 1065.478662][T18338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1065.478677][T18338] Call Trace: [ 1065.478686][T18338] [ 1065.478695][T18338] dump_stack_lvl+0x16c/0x1f0 [ 1065.478729][T18338] should_fail_ex+0x512/0x640 [ 1065.478763][T18338] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1065.478797][T18338] should_failslab+0xc2/0x120 [ 1065.478830][T18338] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1065.478856][T18338] ? __alloc_workqueue+0xda2/0x1810 [ 1065.478894][T18338] __alloc_workqueue+0xda2/0x1810 [ 1065.478935][T18338] alloc_workqueue_noprof+0xd2/0x200 [ 1065.478967][T18338] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1065.479005][T18338] ? rcu_is_watching+0x12/0xc0 [ 1065.479030][T18338] ? __kmalloc_noprof+0x242/0x510 [ 1065.479057][T18338] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1065.479099][T18338] ieee80211_register_hw+0x1e8f/0x4060 [ 1065.479143][T18338] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1065.479179][T18338] ? find_held_lock+0x2b/0x80 [ 1065.479204][T18338] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1065.479248][T18338] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1065.479280][T18338] ? __hrtimer_setup+0x176/0x280 [ 1065.479320][T18338] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1065.479379][T18338] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1065.479430][T18338] hwsim_new_radio_nl+0xb51/0x12c0 [ 1065.479457][T18338] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1065.479506][T18338] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1065.479547][T18338] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1065.479591][T18338] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1065.479630][T18338] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1065.479677][T18338] ? bpf_lsm_capable+0x9/0x10 [ 1065.479699][T18338] ? security_capable+0x7e/0x260 [ 1065.479723][T18338] ? ns_capable+0xd7/0x110 [ 1065.479751][T18338] genl_rcv_msg+0x55c/0x800 [ 1065.479790][T18338] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1065.479826][T18338] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1065.479876][T18338] netlink_rcv_skb+0x158/0x420 [ 1065.479907][T18338] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1065.479944][T18338] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1065.479988][T18338] ? netlink_deliver_tap+0x1ae/0xd30 [ 1065.480022][T18338] genl_rcv+0x28/0x40 [ 1065.480053][T18338] netlink_unicast+0x5a7/0x870 [ 1065.480089][T18338] ? __pfx_netlink_unicast+0x10/0x10 [ 1065.480121][T18338] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1065.480151][T18338] ? __lock_acquire+0xb97/0x1ce0 [ 1065.480190][T18338] netlink_sendmsg+0x8d1/0xdd0 [ 1065.480226][T18338] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1065.480271][T18338] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1065.480302][T18338] ____sys_sendmsg+0xa95/0xc70 [ 1065.480342][T18338] ? copy_msghdr_from_user+0x10a/0x160 [ 1065.480372][T18338] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1065.480416][T18338] ? __pfx_futex_wake_mark+0x10/0x10 [ 1065.480457][T18338] ___sys_sendmsg+0x134/0x1d0 [ 1065.480489][T18338] ? __pfx____sys_sendmsg+0x10/0x10 [ 1065.480556][T18338] __sys_sendmsg+0x16d/0x220 [ 1065.480587][T18338] ? __pfx___sys_sendmsg+0x10/0x10 [ 1065.480616][T18338] ? __x64_sys_futex+0x1e0/0x4c0 [ 1065.480664][T18338] do_syscall_64+0xcd/0x490 [ 1065.480697][T18338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1065.480721][T18338] RIP: 0033:0x7eff9958ebe9 [ 1065.480740][T18338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1065.480764][T18338] RSP: 002b:00007eff977f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1065.480788][T18338] RAX: ffffffffffffffda RBX: 00007eff997b5fa0 RCX: 00007eff9958ebe9 [ 1065.480804][T18338] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1065.480819][T18338] RBP: 00007eff99611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1065.480834][T18338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1065.480849][T18338] R13: 00007eff997b6038 R14: 00007eff997b5fa0 R15: 00007ffd9223e438 [ 1065.480879][T18338] [ 1065.888227][ C0] vkms_vblank_simulate: vblank timer overrun [ 1066.252182][T18347] sp0: Synchronizing with TNC [ 1068.481023][T18364] FAULT_INJECTION: forcing a failure. [ 1068.481023][T18364] name failslab, interval 1, probability 0, space 0, times 0 [ 1068.549001][T18364] CPU: 0 UID: 0 PID: 18364 Comm: syz.0.3054 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1068.549041][T18364] Tainted: [U]=USER [ 1068.549049][T18364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1068.549064][T18364] Call Trace: [ 1068.549072][T18364] [ 1068.549081][T18364] dump_stack_lvl+0x16c/0x1f0 [ 1068.549115][T18364] should_fail_ex+0x512/0x640 [ 1068.549155][T18364] ? __kmalloc_noprof+0xbf/0x510 [ 1068.549186][T18364] ? apply_wqattrs_prepare+0xf8/0xbd0 [ 1068.549215][T18364] should_failslab+0xc2/0x120 [ 1068.549248][T18364] __kmalloc_noprof+0xd2/0x510 [ 1068.549282][T18364] apply_wqattrs_prepare+0xf8/0xbd0 [ 1068.549320][T18364] apply_workqueue_attrs_locked+0x64/0xe0 [ 1068.549349][T18364] __alloc_workqueue+0xf41/0x1810 [ 1068.549390][T18364] alloc_workqueue_noprof+0xd2/0x200 [ 1068.549422][T18364] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1068.549460][T18364] ? rcu_is_watching+0x12/0xc0 [ 1068.549485][T18364] ? __kmalloc_noprof+0x242/0x510 [ 1068.549511][T18364] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1068.549553][T18364] ieee80211_register_hw+0x1e8f/0x4060 [ 1068.549603][T18364] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1068.549640][T18364] ? find_held_lock+0x2b/0x80 [ 1068.549664][T18364] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1068.549701][T18364] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1068.549733][T18364] ? __hrtimer_setup+0x176/0x280 [ 1068.549772][T18364] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1068.549831][T18364] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1068.549880][T18364] hwsim_new_radio_nl+0xb51/0x12c0 [ 1068.549941][T18364] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1068.549991][T18364] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1068.550033][T18364] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1068.550078][T18364] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1068.550119][T18364] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1068.550166][T18364] ? bpf_lsm_capable+0x9/0x10 [ 1068.550187][T18364] ? security_capable+0x7e/0x260 [ 1068.550212][T18364] ? ns_capable+0xd7/0x110 [ 1068.550240][T18364] genl_rcv_msg+0x55c/0x800 [ 1068.550279][T18364] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1068.550315][T18364] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1068.550367][T18364] netlink_rcv_skb+0x158/0x420 [ 1068.550398][T18364] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1068.550435][T18364] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1068.550479][T18364] ? netlink_deliver_tap+0x1ae/0xd30 [ 1068.550513][T18364] genl_rcv+0x28/0x40 [ 1068.550544][T18364] netlink_unicast+0x5a7/0x870 [ 1068.550586][T18364] ? __pfx_netlink_unicast+0x10/0x10 [ 1068.550620][T18364] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1068.550650][T18364] ? __lock_acquire+0xb97/0x1ce0 [ 1068.550690][T18364] netlink_sendmsg+0x8d1/0xdd0 [ 1068.550727][T18364] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1068.550763][T18364] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1068.550794][T18364] ____sys_sendmsg+0xa95/0xc70 [ 1068.550833][T18364] ? copy_msghdr_from_user+0x10a/0x160 [ 1068.550863][T18364] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1068.550914][T18364] ___sys_sendmsg+0x134/0x1d0 [ 1068.550947][T18364] ? __pfx____sys_sendmsg+0x10/0x10 [ 1068.551014][T18364] __sys_sendmsg+0x16d/0x220 [ 1068.551044][T18364] ? __pfx___sys_sendmsg+0x10/0x10 [ 1068.551074][T18364] ? __x64_sys_futex+0x1e0/0x4c0 [ 1068.551123][T18364] do_syscall_64+0xcd/0x490 [ 1068.551163][T18364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1068.551189][T18364] RIP: 0033:0x7f54ad78ebe9 [ 1068.551209][T18364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1068.551233][T18364] RSP: 002b:00007f54ae5f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1068.551256][T18364] RAX: ffffffffffffffda RBX: 00007f54ad9b5fa0 RCX: 00007f54ad78ebe9 [ 1068.551273][T18364] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1068.551288][T18364] RBP: 00007f54ad811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1068.551303][T18364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1068.551317][T18364] R13: 00007f54ad9b6038 R14: 00007f54ad9b5fa0 R15: 00007ffd642146f8 [ 1068.551348][T18364] [ 1068.967770][ C0] vkms_vblank_simulate: vblank timer overrun [ 1069.962511][T18377] FAULT_INJECTION: forcing a failure. [ 1069.962511][T18377] name failslab, interval 1, probability 0, space 0, times 0 [ 1070.078936][T18377] CPU: 0 UID: 0 PID: 18377 Comm: syz.3.3058 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1070.078977][T18377] Tainted: [U]=USER [ 1070.078986][T18377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1070.079000][T18377] Call Trace: [ 1070.079008][T18377] [ 1070.079018][T18377] dump_stack_lvl+0x16c/0x1f0 [ 1070.079053][T18377] should_fail_ex+0x512/0x640 [ 1070.079088][T18377] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1070.079121][T18377] should_failslab+0xc2/0x120 [ 1070.079153][T18377] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1070.079182][T18377] ? css_put+0x118/0x300 [ 1070.079206][T18377] ? __d_alloc+0x32/0xae0 [ 1070.079240][T18377] __d_alloc+0x32/0xae0 [ 1070.079272][T18377] d_alloc_pseudo+0x1c/0xc0 [ 1070.079307][T18377] alloc_file_pseudo+0xcf/0x230 [ 1070.079345][T18377] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1070.079382][T18377] ? hugetlbfs_get_inode+0x31f/0x730 [ 1070.079419][T18377] hugetlb_file_setup+0x4ce/0x620 [ 1070.079448][T18377] newseg+0xa74/0xe60 [ 1070.079485][T18377] ? __pfx_newseg+0x10/0x10 [ 1070.079516][T18377] ? ksys_write+0x190/0x250 [ 1070.079547][T18377] ipcget+0xef/0xda0 [ 1070.079583][T18377] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1070.079619][T18377] ? __pfx_ipcget+0x10/0x10 [ 1070.079660][T18377] __x64_sys_shmget+0x13b/0x1b0 [ 1070.079693][T18377] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1070.079730][T18377] ? rcu_is_watching+0x12/0xc0 [ 1070.079757][T18377] do_syscall_64+0xcd/0x490 [ 1070.079790][T18377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1070.079814][T18377] RIP: 0033:0x7fb2fdb8ebe9 [ 1070.079833][T18377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1070.079857][T18377] RSP: 002b:00007fb2fea15038 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1070.079880][T18377] RAX: ffffffffffffffda RBX: 00007fb2fddb6090 RCX: 00007fb2fdb8ebe9 [ 1070.079896][T18377] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 1070.079911][T18377] RBP: 00007fb2fea15090 R08: 0000000000000000 R09: 0000000000000000 [ 1070.079925][T18377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1070.079940][T18377] R13: 00007fb2fddb6128 R14: 00007fb2fddb6090 R15: 00007ffe13a78f68 [ 1070.079969][T18377] [ 1070.314954][ C0] vkms_vblank_simulate: vblank timer overrun [ 1070.345819][T18378] sd 0:0:1:0: PR command failed: 1026 [ 1070.351375][T18378] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1070.358147][T18378] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1070.974402][T18390] random: crng reseeded on system resumption [ 1070.989932][T16260] ERROR: Out of memory at tomoyo_memory_ok. [ 1071.000267][T15968] ERROR: Out of memory at tomoyo_memory_ok. [ 1072.849146][T18427] usbip-vudc usbip-vudc.0: gadget not bound [ 1073.829313][T18443] sctp: [Deprecated]: syz.1.3071 (pid 18443) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1073.829313][T18443] Use struct sctp_sack_info instead [ 1077.212426][T18477] FAULT_INJECTION: forcing a failure. [ 1077.212426][T18477] name failslab, interval 1, probability 0, space 0, times 0 [ 1077.356147][T18477] CPU: 0 UID: 0 PID: 18477 Comm: syz.3.3079 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1077.356189][T18477] Tainted: [U]=USER [ 1077.356197][T18477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1077.356212][T18477] Call Trace: [ 1077.356220][T18477] [ 1077.356230][T18477] dump_stack_lvl+0x16c/0x1f0 [ 1077.356271][T18477] should_fail_ex+0x512/0x640 [ 1077.356306][T18477] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1077.356335][T18477] should_failslab+0xc2/0x120 [ 1077.356367][T18477] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1077.356392][T18477] ? __alloc_workqueue+0xda2/0x1810 [ 1077.356437][T18477] __alloc_workqueue+0xda2/0x1810 [ 1077.356479][T18477] alloc_workqueue_noprof+0xd2/0x200 [ 1077.356513][T18477] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1077.356551][T18477] ? rcu_is_watching+0x12/0xc0 [ 1077.356577][T18477] ? __kmalloc_noprof+0x242/0x510 [ 1077.356604][T18477] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1077.356646][T18477] ieee80211_register_hw+0x1e8f/0x4060 [ 1077.356693][T18477] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1077.356731][T18477] ? find_held_lock+0x2b/0x80 [ 1077.356756][T18477] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1077.356792][T18477] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1077.356824][T18477] ? __hrtimer_setup+0x176/0x280 [ 1077.356863][T18477] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1077.356922][T18477] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1077.356972][T18477] hwsim_new_radio_nl+0xb51/0x12c0 [ 1077.356998][T18477] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1077.357047][T18477] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1077.357086][T18477] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1077.357130][T18477] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1077.357174][T18477] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1077.357229][T18477] ? bpf_lsm_capable+0x9/0x10 [ 1077.357252][T18477] ? security_capable+0x7e/0x260 [ 1077.357277][T18477] ? ns_capable+0xd7/0x110 [ 1077.357306][T18477] genl_rcv_msg+0x55c/0x800 [ 1077.357345][T18477] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1077.357382][T18477] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1077.357437][T18477] netlink_rcv_skb+0x158/0x420 [ 1077.357469][T18477] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1077.357508][T18477] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1077.357552][T18477] ? netlink_deliver_tap+0x1ae/0xd30 [ 1077.357586][T18477] genl_rcv+0x28/0x40 [ 1077.357618][T18477] netlink_unicast+0x5a7/0x870 [ 1077.357654][T18477] ? __pfx_netlink_unicast+0x10/0x10 [ 1077.357687][T18477] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1077.357718][T18477] ? __lock_acquire+0xb97/0x1ce0 [ 1077.357757][T18477] netlink_sendmsg+0x8d1/0xdd0 [ 1077.357793][T18477] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1077.357829][T18477] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1077.357859][T18477] ____sys_sendmsg+0xa95/0xc70 [ 1077.357898][T18477] ? copy_msghdr_from_user+0x10a/0x160 [ 1077.357928][T18477] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1077.357972][T18477] ? __pfx_futex_wake_mark+0x10/0x10 [ 1077.358012][T18477] ___sys_sendmsg+0x134/0x1d0 [ 1077.358049][T18477] ? __pfx____sys_sendmsg+0x10/0x10 [ 1077.358121][T18477] __sys_sendmsg+0x16d/0x220 [ 1077.358153][T18477] ? __pfx___sys_sendmsg+0x10/0x10 [ 1077.358184][T18477] ? __x64_sys_futex+0x1e0/0x4c0 [ 1077.358232][T18477] do_syscall_64+0xcd/0x490 [ 1077.358266][T18477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1077.358290][T18477] RIP: 0033:0x7fb2fdb8ebe9 [ 1077.358310][T18477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1077.358335][T18477] RSP: 002b:00007fb2fea36038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1077.358358][T18477] RAX: ffffffffffffffda RBX: 00007fb2fddb5fa0 RCX: 00007fb2fdb8ebe9 [ 1077.358374][T18477] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1077.358389][T18477] RBP: 00007fb2fdc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1077.358404][T18477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1077.358418][T18477] R13: 00007fb2fddb6038 R14: 00007fb2fddb5fa0 R15: 00007ffe13a78f68 [ 1077.358456][T18477] [ 1079.575121][T18484] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18000 [ 1079.699011][T18484] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1079.768916][T18484] raw: 00fff00000002000 ffffea0000600008 ffffea0000600008 0000000000000000 [ 1079.845767][T18484] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1079.963658][T18484] page dumped because: unmovable page [ 1080.051765][T18484] page_owner info is not present (never set?) [ 1083.133082][T18514] FAULT_INJECTION: forcing a failure. [ 1083.133082][T18514] name failslab, interval 1, probability 0, space 0, times 0 [ 1083.226808][T18514] CPU: 0 UID: 0 PID: 18514 Comm: syz.1.3088 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1083.226849][T18514] Tainted: [U]=USER [ 1083.226857][T18514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1083.226873][T18514] Call Trace: [ 1083.226881][T18514] [ 1083.226891][T18514] dump_stack_lvl+0x16c/0x1f0 [ 1083.226926][T18514] should_fail_ex+0x512/0x640 [ 1083.226960][T18514] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1083.226989][T18514] should_failslab+0xc2/0x120 [ 1083.227022][T18514] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1083.227047][T18514] ? ieee80211_init_rate_ctrl_alg+0x175/0x6b0 [ 1083.227097][T18514] ieee80211_init_rate_ctrl_alg+0x175/0x6b0 [ 1083.227133][T18514] ieee80211_register_hw+0x2121/0x4060 [ 1083.227177][T18514] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1083.227215][T18514] ? find_held_lock+0x2b/0x80 [ 1083.227240][T18514] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1083.227278][T18514] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1083.227308][T18514] ? __hrtimer_setup+0x176/0x280 [ 1083.227348][T18514] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1083.227407][T18514] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1083.227457][T18514] hwsim_new_radio_nl+0xb51/0x12c0 [ 1083.227483][T18514] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1083.227533][T18514] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1083.227572][T18514] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1083.227618][T18514] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1083.227657][T18514] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1083.227704][T18514] ? bpf_lsm_capable+0x9/0x10 [ 1083.227725][T18514] ? security_capable+0x7e/0x260 [ 1083.227750][T18514] ? ns_capable+0xd7/0x110 [ 1083.227778][T18514] genl_rcv_msg+0x55c/0x800 [ 1083.227821][T18514] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1083.227858][T18514] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1083.227909][T18514] netlink_rcv_skb+0x158/0x420 [ 1083.227941][T18514] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1083.227978][T18514] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1083.228023][T18514] ? netlink_deliver_tap+0x1ae/0xd30 [ 1083.228058][T18514] genl_rcv+0x28/0x40 [ 1083.228096][T18514] netlink_unicast+0x5a7/0x870 [ 1083.228133][T18514] ? __pfx_netlink_unicast+0x10/0x10 [ 1083.228165][T18514] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1083.228196][T18514] ? __lock_acquire+0xb97/0x1ce0 [ 1083.228235][T18514] netlink_sendmsg+0x8d1/0xdd0 [ 1083.228273][T18514] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1083.228308][T18514] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1083.228339][T18514] ____sys_sendmsg+0xa95/0xc70 [ 1083.228378][T18514] ? copy_msghdr_from_user+0x10a/0x160 [ 1083.228408][T18514] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1083.228461][T18514] ___sys_sendmsg+0x134/0x1d0 [ 1083.228493][T18514] ? __pfx____sys_sendmsg+0x10/0x10 [ 1083.228561][T18514] __sys_sendmsg+0x16d/0x220 [ 1083.228593][T18514] ? __pfx___sys_sendmsg+0x10/0x10 [ 1083.228623][T18514] ? __x64_sys_futex+0x1e0/0x4c0 [ 1083.228673][T18514] do_syscall_64+0xcd/0x490 [ 1083.228706][T18514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1083.228732][T18514] RIP: 0033:0x7fe1d578ebe9 [ 1083.228751][T18514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1083.228776][T18514] RSP: 002b:00007fe1d659e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1083.228799][T18514] RAX: ffffffffffffffda RBX: 00007fe1d59b5fa0 RCX: 00007fe1d578ebe9 [ 1083.228815][T18514] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1083.228830][T18514] RBP: 00007fe1d5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1083.228845][T18514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1083.228859][T18514] R13: 00007fe1d59b6038 R14: 00007fe1d59b5fa0 R15: 00007ffdc8d976e8 [ 1083.228890][T18514] [ 1083.598614][ C0] vkms_vblank_simulate: vblank timer overrun [ 1085.104282][T18514] ieee80211 phy65: Failed to select rate control algorithm [ 1085.710425][T18534] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3091'. [ 1086.929228][T18544] device-mapper: ioctl: device name cannot contain '/' [ 1087.270391][T18544] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3093'. [ 1089.092485][T18577] __vm_enough_memory: pid: 18577, comm: syz.2.3103, bytes: 4398046511104 not enough memory for the allocation [ 1089.197937][T18572] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 1089.711501][T18586] ERROR: Out of memory at tomoyo_memory_ok. [ 1093.927508][T18652] FAULT_INJECTION: forcing a failure. [ 1093.927508][T18652] name failslab, interval 1, probability 0, space 0, times 0 [ 1094.009563][T18652] CPU: 0 UID: 0 PID: 18652 Comm: syz.1.3117 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1094.009605][T18652] Tainted: [U]=USER [ 1094.009613][T18652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1094.009628][T18652] Call Trace: [ 1094.009637][T18652] [ 1094.009646][T18652] dump_stack_lvl+0x16c/0x1f0 [ 1094.009682][T18652] should_fail_ex+0x512/0x640 [ 1094.009716][T18652] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1094.009745][T18652] should_failslab+0xc2/0x120 [ 1094.009778][T18652] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1094.009804][T18652] ? ieee80211_init_rate_ctrl_alg+0x175/0x6b0 [ 1094.009840][T18652] ieee80211_init_rate_ctrl_alg+0x175/0x6b0 [ 1094.009876][T18652] ieee80211_register_hw+0x2121/0x4060 [ 1094.009920][T18652] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1094.009957][T18652] ? find_held_lock+0x2b/0x80 [ 1094.009982][T18652] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1094.010020][T18652] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1094.010056][T18652] ? __hrtimer_setup+0x176/0x280 [ 1094.010095][T18652] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1094.010154][T18652] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1094.010205][T18652] hwsim_new_radio_nl+0xb51/0x12c0 [ 1094.010231][T18652] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1094.010281][T18652] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1094.010321][T18652] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1094.010366][T18652] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1094.010405][T18652] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1094.010453][T18652] ? bpf_lsm_capable+0x9/0x10 [ 1094.010475][T18652] ? security_capable+0x7e/0x260 [ 1094.010500][T18652] ? ns_capable+0xd7/0x110 [ 1094.010536][T18652] genl_rcv_msg+0x55c/0x800 [ 1094.010576][T18652] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1094.010614][T18652] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1094.010665][T18652] netlink_rcv_skb+0x158/0x420 [ 1094.010697][T18652] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1094.010734][T18652] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1094.010778][T18652] ? netlink_deliver_tap+0x1ae/0xd30 [ 1094.010813][T18652] genl_rcv+0x28/0x40 [ 1094.010845][T18652] netlink_unicast+0x5a7/0x870 [ 1094.010881][T18652] ? __pfx_netlink_unicast+0x10/0x10 [ 1094.010913][T18652] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1094.010943][T18652] ? __lock_acquire+0xb97/0x1ce0 [ 1094.010983][T18652] netlink_sendmsg+0x8d1/0xdd0 [ 1094.011020][T18652] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1094.011063][T18652] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1094.011094][T18652] ____sys_sendmsg+0xa95/0xc70 [ 1094.011133][T18652] ? copy_msghdr_from_user+0x10a/0x160 [ 1094.011164][T18652] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1094.011208][T18652] ? __pfx_futex_wake_mark+0x10/0x10 [ 1094.011249][T18652] ___sys_sendmsg+0x134/0x1d0 [ 1094.011298][T18652] ? __pfx____sys_sendmsg+0x10/0x10 [ 1094.011366][T18652] __sys_sendmsg+0x16d/0x220 [ 1094.011397][T18652] ? __pfx___sys_sendmsg+0x10/0x10 [ 1094.011428][T18652] ? __x64_sys_futex+0x1e0/0x4c0 [ 1094.011478][T18652] do_syscall_64+0xcd/0x490 [ 1094.011517][T18652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1094.011543][T18652] RIP: 0033:0x7fe1d578ebe9 [ 1094.011562][T18652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1094.011586][T18652] RSP: 002b:00007fe1d659e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1094.011609][T18652] RAX: ffffffffffffffda RBX: 00007fe1d59b5fa0 RCX: 00007fe1d578ebe9 [ 1094.011625][T18652] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1094.011640][T18652] RBP: 00007fe1d5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1094.011655][T18652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1094.011669][T18652] R13: 00007fe1d59b6038 R14: 00007fe1d59b5fa0 R15: 00007ffdc8d976e8 [ 1094.011700][T18652] [ 1094.421153][T18652] ieee80211 phy70: Failed to select rate control algorithm [ 1094.962544][T18650] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 1095.089152][T18648] ERROR: Out of memory at tomoyo_memory_ok. [ 1096.764366][T18669] kAFS: No cell specified [ 1096.964982][T18673] FAULT_INJECTION: forcing a failure. [ 1096.964982][T18673] name failslab, interval 1, probability 0, space 0, times 0 [ 1097.009508][T18673] CPU: 0 UID: 0 PID: 18673 Comm: syz.0.3123 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1097.009549][T18673] Tainted: [U]=USER [ 1097.009557][T18673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1097.009572][T18673] Call Trace: [ 1097.009581][T18673] [ 1097.009590][T18673] dump_stack_lvl+0x16c/0x1f0 [ 1097.009625][T18673] should_fail_ex+0x512/0x640 [ 1097.009659][T18673] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1097.009692][T18673] should_failslab+0xc2/0x120 [ 1097.009724][T18673] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1097.009754][T18673] ? __kernfs_new_node+0xd2/0x8e0 [ 1097.009790][T18673] __kernfs_new_node+0xd2/0x8e0 [ 1097.009824][T18673] ? __pfx___kernfs_new_node+0x10/0x10 [ 1097.009862][T18673] ? find_held_lock+0x2b/0x80 [ 1097.009886][T18673] ? kernfs_root+0xee/0x2a0 [ 1097.009923][T18673] kernfs_new_node+0x13c/0x1e0 [ 1097.009963][T18673] __kernfs_create_file+0x53/0x350 [ 1097.009991][T18673] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1097.010027][T18673] sysfs_merge_group+0x1aa/0x340 [ 1097.010058][T18673] ? kernfs_add_one+0x14e/0x840 [ 1097.010092][T18673] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1097.010128][T18673] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1097.010173][T18673] ? bus_to_subsys+0x131/0x160 [ 1097.010202][T18673] dpm_sysfs_add+0x237/0x280 [ 1097.010241][T18673] device_add+0x9a6/0x1aa0 [ 1097.010282][T18673] ? __pfx_device_add+0x10/0x10 [ 1097.010331][T18673] device_create_groups_vargs+0x1f8/0x270 [ 1097.010375][T18673] device_create+0xed/0x130 [ 1097.010415][T18673] ? __pfx_device_create+0x10/0x10 [ 1097.010455][T18673] ? do_init_timer+0xc9/0x110 [ 1097.010485][T18673] ? ieee80211_roc_setup+0x136/0x270 [ 1097.010509][T18673] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1097.010545][T18673] mac80211_hwsim_new_radio+0x369/0x54d0 [ 1097.010599][T18673] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1097.010638][T18673] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1097.010688][T18673] hwsim_new_radio_nl+0xb51/0x12c0 [ 1097.010715][T18673] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1097.010763][T18673] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1097.010803][T18673] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1097.010847][T18673] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1097.010887][T18673] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1097.010955][T18673] ? bpf_lsm_capable+0x9/0x10 [ 1097.010977][T18673] ? security_capable+0x7e/0x260 [ 1097.011002][T18673] ? ns_capable+0xd7/0x110 [ 1097.011030][T18673] genl_rcv_msg+0x55c/0x800 [ 1097.011070][T18673] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1097.011106][T18673] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1097.011157][T18673] netlink_rcv_skb+0x158/0x420 [ 1097.011195][T18673] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1097.011233][T18673] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1097.011277][T18673] ? netlink_deliver_tap+0x1ae/0xd30 [ 1097.011312][T18673] genl_rcv+0x28/0x40 [ 1097.011344][T18673] netlink_unicast+0x5a7/0x870 [ 1097.011381][T18673] ? __pfx_netlink_unicast+0x10/0x10 [ 1097.011413][T18673] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1097.011443][T18673] ? __lock_acquire+0xb97/0x1ce0 [ 1097.011481][T18673] netlink_sendmsg+0x8d1/0xdd0 [ 1097.011518][T18673] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1097.011554][T18673] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1097.011585][T18673] ____sys_sendmsg+0xa95/0xc70 [ 1097.011624][T18673] ? copy_msghdr_from_user+0x10a/0x160 [ 1097.011654][T18673] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1097.011698][T18673] ? __pfx_futex_wake_mark+0x10/0x10 [ 1097.011739][T18673] ___sys_sendmsg+0x134/0x1d0 [ 1097.011771][T18673] ? __pfx____sys_sendmsg+0x10/0x10 [ 1097.011843][T18673] __sys_sendmsg+0x16d/0x220 [ 1097.011874][T18673] ? __pfx___sys_sendmsg+0x10/0x10 [ 1097.011904][T18673] ? __x64_sys_futex+0x1e0/0x4c0 [ 1097.011953][T18673] do_syscall_64+0xcd/0x490 [ 1097.011987][T18673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1097.012012][T18673] RIP: 0033:0x7f54ad78ebe9 [ 1097.012031][T18673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1097.012056][T18673] RSP: 002b:00007f54ae5f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1097.012079][T18673] RAX: ffffffffffffffda RBX: 00007f54ad9b5fa0 RCX: 00007f54ad78ebe9 [ 1097.012096][T18673] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1097.012111][T18673] RBP: 00007f54ad811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1097.012126][T18673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1097.012140][T18673] R13: 00007f54ad9b6038 R14: 00007f54ad9b5fa0 R15: 00007ffd642146f8 [ 1097.012179][T18673] [ 1098.574711][T18693] vivid-007: ================= START STATUS ================= [ 1098.675356][T18693] vivid-007: Enable Output Cropping: true [ 1098.742316][T18693] vivid-007: Enable Output Composing: true [ 1098.825322][T18693] vivid-007: Enable Output Scaler: true [ 1098.885375][T18693] vivid-007: Tx RGB Quantization Range: Automatic [ 1098.974650][T18693] vivid-007: Transmit Mode: HDMI [ 1099.026024][T18697] FAULT_INJECTION: forcing a failure. [ 1099.026024][T18697] name failslab, interval 1, probability 0, space 0, times 0 [ 1099.082226][T18693] vivid-007: Hotplug Present: 0x00000000 [ 1099.159787][T18693] vivid-007: RxSense Present: 0x00000000 [ 1099.203802][T18697] CPU: 0 UID: 0 PID: 18697 Comm: syz.2.3130 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1099.203856][T18697] Tainted: [U]=USER [ 1099.203864][T18697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1099.203879][T18697] Call Trace: [ 1099.203887][T18697] [ 1099.203897][T18697] dump_stack_lvl+0x16c/0x1f0 [ 1099.203931][T18697] should_fail_ex+0x512/0x640 [ 1099.203964][T18697] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1099.203997][T18697] should_failslab+0xc2/0x120 [ 1099.204029][T18697] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1099.204058][T18697] ? key_alloc+0x3e0/0x1330 [ 1099.204093][T18697] key_alloc+0x3e0/0x1330 [ 1099.204132][T18697] ? rcu_is_watching+0x12/0xc0 [ 1099.204157][T18697] ? __pfx_key_alloc+0x10/0x10 [ 1099.204186][T18697] ? __kmalloc_noprof+0x242/0x510 [ 1099.204221][T18697] keyring_alloc+0x44/0xc0 [ 1099.204258][T18697] install_thread_keyring_to_cred+0xc1/0x140 [ 1099.204291][T18697] keyctl_set_reqkey_keyring+0xcf/0x1c0 [ 1099.204327][T18697] __do_sys_keyctl+0x6d/0x590 [ 1099.204356][T18697] do_syscall_64+0xcd/0x490 [ 1099.204389][T18697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1099.204414][T18697] RIP: 0033:0x7eff9958ebe9 [ 1099.204433][T18697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1099.204457][T18697] RSP: 002b:00007eff96b4b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1099.204480][T18697] RAX: ffffffffffffffda RBX: 00007eff997b6450 RCX: 00007eff9958ebe9 [ 1099.204496][T18697] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000000e [ 1099.204511][T18697] RBP: 00007eff99611e19 R08: 0000000000000008 R09: 0000000000000000 [ 1099.204530][T18697] R10: 0000000000005eaf R11: 0000000000000246 R12: 0000000000000000 [ 1099.204544][T18697] R13: 00007eff997b64e8 R14: 00007eff997b6450 R15: 00007ffd9223e438 [ 1099.204574][T18697] [ 1099.400235][T18693] vivid-007: EDID Present: 0x00000000 [ 1099.405654][T18693] vivid-007: ================== END STATUS ================== syzkaller syzkaller login: [ 1099.910695][T18705] __vm_enough_memory: pid: 18705, comm: syz.1.3132, bytes: 4398046511104 not enough memory for the allocation [ 1099.997633][T18706] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 1100.112727][T18705] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 1100.762825][T18708] zswap: compressor not available [ 1101.074781][T18716] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1102.053463][T18720] snd_aloop snd_aloop.0: control 16781585:65539:6:é'x?F¢é/èìzFË·fCªá«:0 is already present [ 1103.504601][T18758] FAULT_INJECTION: forcing a failure. [ 1103.504601][T18758] name failslab, interval 1, probability 0, space 0, times 0 [ 1103.598591][T18758] CPU: 0 UID: 0 PID: 18758 Comm: syz.1.3147 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1103.598633][T18758] Tainted: [U]=USER [ 1103.598641][T18758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1103.598656][T18758] Call Trace: [ 1103.598663][T18758] [ 1103.598672][T18758] dump_stack_lvl+0x16c/0x1f0 [ 1103.598706][T18758] should_fail_ex+0x512/0x640 [ 1103.598738][T18758] ? __kvmalloc_node_noprof+0x124/0x620 [ 1103.598773][T18758] should_failslab+0xc2/0x120 [ 1103.598805][T18758] __kvmalloc_node_noprof+0x137/0x620 [ 1103.598832][T18758] ? __pfx___mutex_lock+0x10/0x10 [ 1103.598862][T18758] ? traverse.part.0.constprop.0+0x392/0x640 [ 1103.598892][T18758] ? traverse.part.0.constprop.0+0x392/0x640 [ 1103.598916][T18758] traverse.part.0.constprop.0+0x392/0x640 [ 1103.598949][T18758] seq_read_iter+0x932/0x12c0 [ 1103.598984][T18758] proc_reg_read_iter+0x220/0x310 [ 1103.599019][T18758] vfs_read+0x8bf/0xcf0 [ 1103.599052][T18758] ? __pfx_vfs_read+0x10/0x10 [ 1103.599076][T18758] ? find_held_lock+0x2b/0x80 [ 1103.599118][T18758] __x64_sys_pread64+0x1eb/0x250 [ 1103.599147][T18758] ? __pfx___x64_sys_pread64+0x10/0x10 [ 1103.599185][T18758] do_syscall_64+0xcd/0x490 [ 1103.599217][T18758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1103.599241][T18758] RIP: 0033:0x7fe1d578ebe9 [ 1103.599259][T18758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1103.599282][T18758] RSP: 002b:00007fe1d659e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 1103.599304][T18758] RAX: ffffffffffffffda RBX: 00007fe1d59b5fa0 RCX: 00007fe1d578ebe9 [ 1103.599329][T18758] RDX: 0000008100000041 RSI: 0000000000000000 RDI: 0000000000000003 [ 1103.599344][T18758] RBP: 00007fe1d659e090 R08: 0000000000000000 R09: 0000000000000000 [ 1103.599358][T18758] R10: 000000000000413e R11: 0000000000000246 R12: 0000000000000001 [ 1103.599372][T18758] R13: 00007fe1d59b6038 R14: 00007fe1d59b5fa0 R15: 00007ffdc8d976e8 [ 1103.599403][T18758] [ 1103.862283][T18752] vivid-007: ================= START STATUS ================= [ 1103.870063][T18752] vivid-007: Enable Output Cropping: true [ 1103.875887][T18752] vivid-007: Enable Output Composing: true [ 1103.882110][T18752] vivid-007: Enable Output Scaler: true [ 1103.887773][T18752] vivid-007: Tx RGB Quantization Range: Automatic [ 1103.894267][T18752] vivid-007: Transmit Mode: HDMI [ 1103.899613][T18752] vivid-007: Hotplug Present: 0x00000000 [ 1103.905274][T18752] vivid-007: RxSense Present: 0x00000000 [ 1103.911017][T18752] vivid-007: EDID Present: 0x00000000 [ 1103.916465][T18752] vivid-007: ================== END STATUS ================== [ 1104.275868][T18746] FAULT_INJECTION: forcing a failure. [ 1104.275868][T18746] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1104.338887][T18746] CPU: 0 UID: 0 PID: 18746 Comm: syz.3.3142 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1104.338930][T18746] Tainted: [U]=USER [ 1104.338939][T18746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1104.338954][T18746] Call Trace: [ 1104.338963][T18746] [ 1104.338972][T18746] dump_stack_lvl+0x16c/0x1f0 [ 1104.339007][T18746] should_fail_ex+0x512/0x640 [ 1104.339046][T18746] get_futex_key+0x1d0/0x1560 [ 1104.339080][T18746] ? __pfx_get_futex_key+0x10/0x10 [ 1104.339109][T18746] ? _raw_write_unlock+0x28/0x50 [ 1104.339136][T18746] ? keyring_instantiate+0x109/0x300 [ 1104.339178][T18746] futex_wake+0xea/0x530 [ 1104.339224][T18746] ? __pfx_futex_wake+0x10/0x10 [ 1104.339257][T18746] ? key_alloc+0xbd4/0x1330 [ 1104.339291][T18746] ? key_instantiate_and_link+0x398/0x4b0 [ 1104.339324][T18746] ? key_alloc+0xac0/0x1330 [ 1104.339360][T18746] do_futex+0x1e3/0x350 [ 1104.339391][T18746] ? __pfx_do_futex+0x10/0x10 [ 1104.339430][T18746] __x64_sys_futex+0x1e0/0x4c0 [ 1104.339465][T18746] ? __pfx___x64_sys_futex+0x10/0x10 [ 1104.339500][T18746] ? keyctl_set_reqkey_keyring+0x11c/0x1c0 [ 1104.339532][T18746] do_syscall_64+0xcd/0x490 [ 1104.339565][T18746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1104.339589][T18746] RIP: 0033:0x7fb2fdb8ebe9 [ 1104.339608][T18746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1104.339633][T18746] RSP: 002b:00007fb2fea150e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1104.339657][T18746] RAX: ffffffffffffffda RBX: 00007fb2fddb6098 RCX: 00007fb2fdb8ebe9 [ 1104.339673][T18746] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb2fddb609c [ 1104.339689][T18746] RBP: 00007fb2fddb6090 R08: 00007fb2fea37000 R09: 0000000000000000 [ 1104.339704][T18746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1104.339719][T18746] R13: 00007fb2fddb6128 R14: 00007ffe13a78e80 R15: 00007ffe13a78f68 [ 1104.339748][T18746] [ 1104.815581][T18769] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3150'. [ 1105.703046][T18776] snd_aloop snd_aloop.0: control 16781585:65539:6:é'x?F¢é/èìzFË·fCªá«:0 is already present [ 1106.284428][T18770] kexec: Could not allocate control_code_buffer [ 1106.328574][T18787] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 1108.599892][T18820] kAFS: No cell specified [ 1111.407901][T18845] random: crng reseeded on system resumption [ 1111.625391][ T7907] ERROR: Out of memory at tomoyo_memory_ok. [ 1111.698461][T16260] ERROR: Out of memory at tomoyo_memory_ok. [ 1112.429102][T18874] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3174'. [ 1112.563833][T18874] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1112.687754][T18878] FAULT_INJECTION: forcing a failure. [ 1112.687754][T18878] name failslab, interval 1, probability 0, space 0, times 0 [ 1112.764085][T18878] CPU: 0 UID: 0 PID: 18878 Comm: syz.2.3176 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1112.764126][T18878] Tainted: [U]=USER [ 1112.764135][T18878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1112.764149][T18878] Call Trace: [ 1112.764157][T18878] [ 1112.764166][T18878] dump_stack_lvl+0x16c/0x1f0 [ 1112.764210][T18878] should_fail_ex+0x512/0x640 [ 1112.764247][T18878] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1112.764280][T18878] should_failslab+0xc2/0x120 [ 1112.764313][T18878] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1112.764344][T18878] ? __kernfs_new_node+0xd2/0x8e0 [ 1112.764380][T18878] __kernfs_new_node+0xd2/0x8e0 [ 1112.764415][T18878] ? __pfx___kernfs_new_node+0x10/0x10 [ 1112.764454][T18878] ? find_held_lock+0x2b/0x80 [ 1112.764480][T18878] ? kernfs_root+0xee/0x2a0 [ 1112.764517][T18878] kernfs_new_node+0x13c/0x1e0 [ 1112.764561][T18878] __kernfs_create_file+0x53/0x350 [ 1112.764590][T18878] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1112.764627][T18878] internal_create_group+0x578/0xf30 [ 1112.764667][T18878] ? __pfx_internal_create_group+0x10/0x10 [ 1112.764705][T18878] ? kernfs_create_link+0x1bd/0x240 [ 1112.764735][T18878] internal_create_groups+0x9d/0x150 [ 1112.764770][T18878] device_add+0x77f/0x1aa0 [ 1112.764812][T18878] ? __pfx_device_add+0x10/0x10 [ 1112.764862][T18878] __add_disk+0x457/0xf00 [ 1112.764895][T18878] ? find_held_lock+0x2b/0x80 [ 1112.764921][T18878] add_disk_fwnode+0x3f8/0x5d0 [ 1112.764957][T18878] zram_add+0x4bf/0x6f0 [ 1112.764983][T18878] ? __pfx_zram_add+0x10/0x10 [ 1112.765029][T18878] ? find_held_lock+0x2b/0x80 [ 1112.765058][T18878] ? __pfx_hot_add_show+0x10/0x10 [ 1112.765081][T18878] ? __pfx_class_attr_show+0x10/0x10 [ 1112.765117][T18878] hot_add_show+0x21/0x80 [ 1112.765141][T18878] class_attr_show+0x6f/0xa0 [ 1112.765188][T18878] sysfs_kf_seq_show+0x213/0x3e0 [ 1112.765222][T18878] seq_read_iter+0x506/0x12c0 [ 1112.765247][T18878] ? __mutex_trylock_common+0xe9/0x250 [ 1112.765291][T18878] kernfs_fop_read_iter+0x40f/0x5a0 [ 1112.765313][T18878] ? rw_verify_area+0xcf/0x6c0 [ 1112.765340][T18878] vfs_read+0x8bf/0xcf0 [ 1112.765370][T18878] ? __pfx___mutex_lock+0x10/0x10 [ 1112.765401][T18878] ? __pfx_vfs_read+0x10/0x10 [ 1112.765448][T18878] ksys_read+0x12a/0x250 [ 1112.765475][T18878] ? __pfx_ksys_read+0x10/0x10 [ 1112.765511][T18878] do_syscall_64+0xcd/0x490 [ 1112.765545][T18878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1112.765569][T18878] RIP: 0033:0x7eff9958ebe9 [ 1112.765588][T18878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1112.765612][T18878] RSP: 002b:00007eff977d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1112.765634][T18878] RAX: ffffffffffffffda RBX: 00007eff997b6090 RCX: 00007eff9958ebe9 [ 1112.765651][T18878] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000006 [ 1112.765666][T18878] RBP: 00007eff99611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1112.765681][T18878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1112.765695][T18878] R13: 00007eff997b6128 R14: 00007eff997b6090 R15: 00007ffd9223e438 [ 1112.765726][T18878] [ 1116.794917][T18916] random: crng reseeded on system resumption [ 1124.125969][T18988] usbip-vudc usbip-vudc.0: gadget not bound [ 1125.595166][T18969] kafs: addr_prefs: Too many elements in string [ 1125.797589][ T31] audit: type=1804 audit(4294967679.535:37): pid=19002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3204" name="/newroot/210/file0" dev="tmpfs" ino=1098 res=1 errno=0 [ 1126.387636][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1126.396437][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1126.893396][T19010] blktrace: Concurrent blktraces are not allowed on ram7 [ 1127.219886][ T981] usb usb38-port5: attempt power cycle [ 1127.799905][ T981] usb usb38-port5: unable to enumerate USB device [ 1127.853954][T19010] vhci_hcd: invalid port number 23 [ 1127.862245][T19010] vhci_hcd: Wrong hub descriptor type for USB 3.0 roothub. [ 1128.100881][T19017] kAFS: No cell specified [ 1128.740476][T19022] FAULT_INJECTION: forcing a failure. [ 1128.740476][T19022] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1128.822671][T19022] CPU: 0 UID: 0 PID: 19022 Comm: syz.2.3212 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1128.822714][T19022] Tainted: [U]=USER [ 1128.822722][T19022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1128.822738][T19022] Call Trace: [ 1128.822746][T19022] [ 1128.822755][T19022] dump_stack_lvl+0x16c/0x1f0 [ 1128.822790][T19022] should_fail_ex+0x512/0x640 [ 1128.822828][T19022] get_futex_key+0x1d0/0x1560 [ 1128.822861][T19022] ? __pfx_get_futex_key+0x10/0x10 [ 1128.822890][T19022] ? look_up_lock_class+0x59/0x150 [ 1128.822920][T19022] ? register_lock_class+0x41/0x4c0 [ 1128.822958][T19022] futex_wake+0xea/0x530 [ 1128.822996][T19022] ? __pfx_futex_wake+0x10/0x10 [ 1128.823038][T19022] ? refcount_dec_not_one+0x138/0x1d0 [ 1128.823079][T19022] do_futex+0x1e3/0x350 [ 1128.823110][T19022] ? __pfx_do_futex+0x10/0x10 [ 1128.823140][T19022] ? refcount_dec_and_lock+0x32/0xc0 [ 1128.823191][T19022] ? key_user_put+0x2c/0x70 [ 1128.823228][T19022] __x64_sys_futex+0x1e0/0x4c0 [ 1128.823265][T19022] ? __pfx___x64_sys_futex+0x10/0x10 [ 1128.823297][T19022] ? xfd_validate_state+0x61/0x180 [ 1128.823333][T19022] ? __pfx_ksys_write+0x10/0x10 [ 1128.823369][T19022] do_syscall_64+0xcd/0x490 [ 1128.823401][T19022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1128.823426][T19022] RIP: 0033:0x7eff9958ebe9 [ 1128.823451][T19022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1128.823483][T19022] RSP: 002b:00007eff977f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1128.823506][T19022] RAX: ffffffffffffffda RBX: 00007eff997b5fa8 RCX: 00007eff9958ebe9 [ 1128.823522][T19022] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007eff997b5fac [ 1128.823537][T19022] RBP: 00007eff997b5fa0 R08: 00007eff9a30b000 R09: 0000000000000000 [ 1128.823552][T19022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1128.823567][T19022] R13: 00007eff997b6038 R14: 00007ffd9223e350 R15: 00007ffd9223e438 [ 1128.823597][T19022] [ 1129.250328][T19026] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3214'. [ 1130.683409][T15124] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 1130.683442][T15124] Bluetooth: hci4: unexpected subevent 0x0d length: 725 > 260 [ 1130.699019][T15124] Bluetooth: hci4: Unknown advertising packet type: 0x7f [ 1130.699056][T15124] Bluetooth: hci4: adv larger than maximum supported [ 1130.706114][T15124] Bluetooth: hci4: adv larger than maximum supported [ 1130.717973][T15124] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1132.247683][T19058] kAFS: No cell specified [ 1135.897335][T19081] kexec: Could not allocate control_code_buffer [ 1137.300333][T19126] ERROR: Out of memory at tomoyo_memory_ok. [ 1137.374304][T19121] ERROR: Out of memory at tomoyo_memory_ok. [ 1138.413626][T19109] delete_channel: no stack [ 1140.195933][T15124] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 1140.195967][T15124] Bluetooth: hci4: unexpected subevent 0x0d length: 725 > 260 [ 1140.214207][T15124] Bluetooth: hci4: Unknown advertising packet type: 0x7f [ 1140.214256][T15124] Bluetooth: hci4: adv larger than maximum supported [ 1140.222169][T15124] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1140.895671][T19174] FAULT_INJECTION: forcing a failure. [ 1140.895671][T19174] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1140.964713][T19174] CPU: 0 UID: 0 PID: 19174 Comm: syz.0.3248 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1140.964755][T19174] Tainted: [U]=USER [ 1140.964763][T19174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1140.964778][T19174] Call Trace: [ 1140.964786][T19174] [ 1140.964796][T19174] dump_stack_lvl+0x16c/0x1f0 [ 1140.964830][T19174] should_fail_ex+0x512/0x640 [ 1140.964867][T19174] _copy_to_user+0x32/0xd0 [ 1140.964907][T19174] simple_read_from_buffer+0xcb/0x170 [ 1140.964953][T19174] proc_fail_nth_read+0x197/0x240 [ 1140.964985][T19174] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1140.965017][T19174] ? rw_verify_area+0xcf/0x6c0 [ 1140.965041][T19174] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1140.965066][T19174] vfs_read+0x1e4/0xcf0 [ 1140.965096][T19174] ? __pfx___mutex_lock+0x10/0x10 [ 1140.965134][T19174] ? __pfx_vfs_read+0x10/0x10 [ 1140.965168][T19174] ? __fget_files+0x20e/0x3c0 [ 1140.965202][T19174] ksys_read+0x12a/0x250 [ 1140.965228][T19174] ? __pfx_ksys_read+0x10/0x10 [ 1140.965263][T19174] do_syscall_64+0xcd/0x490 [ 1140.965295][T19174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1140.965320][T19174] RIP: 0033:0x7f54ad78d5fc [ 1140.965339][T19174] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1140.965362][T19174] RSP: 002b:00007f54ae5f3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1140.965384][T19174] RAX: ffffffffffffffda RBX: 00007f54ad9b5fa0 RCX: 00007f54ad78d5fc [ 1140.965400][T19174] RDX: 000000000000000f RSI: 00007f54ae5f30a0 RDI: 0000000000000004 [ 1140.965414][T19174] RBP: 00007f54ae5f3090 R08: 0000000000000000 R09: 0000000000000000 [ 1140.965429][T19174] R10: 000000000000413e R11: 0000000000000246 R12: 0000000000000001 [ 1140.965444][T19174] R13: 00007f54ad9b6038 R14: 00007f54ad9b5fa0 R15: 00007ffd642146f8 [ 1140.965474][T19174] [ 1144.648538][T19213] random: crng reseeded on system resumption [ 1144.721986][T15968] ERROR: Out of memory at tomoyo_memory_ok. [ 1144.729750][ T7907] ERROR: Out of memory at tomoyo_memory_ok. [ 1146.937257][T19220] kexec: Could not allocate control_code_buffer [ 1147.460284][T19252] __vm_enough_memory: pid: 19252, comm: syz.2.3264, bytes: 4398046511104 not enough memory for the allocation [ 1148.997210][T19266] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3266'. [ 1149.094803][T19270] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3266'. [ 1149.231748][T19266] netlink: 134 bytes leftover after parsing attributes in process `syz.3.3266'. [ 1149.885390][T19276] nfs: Bad value for 'source' [ 1150.342552][T19281] FAULT_INJECTION: forcing a failure. [ 1150.342552][T19281] name failslab, interval 1, probability 0, space 0, times 0 [ 1150.410157][T19281] CPU: 0 UID: 0 PID: 19281 Comm: syz.2.3269 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1150.410199][T19281] Tainted: [U]=USER [ 1150.410208][T19281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1150.410223][T19281] Call Trace: [ 1150.410231][T19281] [ 1150.410240][T19281] dump_stack_lvl+0x16c/0x1f0 [ 1150.410275][T19281] should_fail_ex+0x512/0x640 [ 1150.410307][T19281] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1150.410340][T19281] should_failslab+0xc2/0x120 [ 1150.410372][T19281] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1150.410400][T19281] ? d_instantiate+0x77/0x90 [ 1150.410429][T19281] ? alloc_empty_file+0x55/0x1e0 [ 1150.410468][T19281] alloc_empty_file+0x55/0x1e0 [ 1150.410504][T19281] alloc_file_pseudo+0x13a/0x230 [ 1150.410541][T19281] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1150.410578][T19281] ? hugetlbfs_get_inode+0x31f/0x730 [ 1150.410608][T19281] hugetlb_file_setup+0x4ce/0x620 [ 1150.410642][T19281] newseg+0xa74/0xe60 [ 1150.410678][T19281] ? __pfx_newseg+0x10/0x10 [ 1150.410710][T19281] ? ksys_write+0x190/0x250 [ 1150.410741][T19281] ipcget+0xef/0xda0 [ 1150.410777][T19281] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1150.410813][T19281] ? __pfx_ipcget+0x10/0x10 [ 1150.410853][T19281] __x64_sys_shmget+0x13b/0x1b0 [ 1150.410887][T19281] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1150.410923][T19281] ? rcu_is_watching+0x12/0xc0 [ 1150.410951][T19281] do_syscall_64+0xcd/0x490 [ 1150.410983][T19281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1150.411008][T19281] RIP: 0033:0x7eff9958ebe9 [ 1150.411026][T19281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1150.411049][T19281] RSP: 002b:00007eff977d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1150.411072][T19281] RAX: ffffffffffffffda RBX: 00007eff997b6090 RCX: 00007eff9958ebe9 [ 1150.411088][T19281] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 1150.411103][T19281] RBP: 00007eff977d5090 R08: 0000000000000000 R09: 0000000000000000 [ 1150.411118][T19281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1150.411132][T19281] R13: 00007eff997b6128 R14: 00007eff997b6090 R15: 00007ffd9223e438 [ 1150.411166][T19281] [ 1150.641355][ C0] vkms_vblank_simulate: vblank timer overrun [ 1151.119718][T19286] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3271'. [ 1151.442724][T19295] usb usb36: usbfs: process 19295 (syz.2.3272) did not claim interface 0 before use [ 1151.492255][T19295] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 1155.202644][T19323] random: crng reseeded on system resumption [ 1156.498011][T19330] vivid-007: ================= START STATUS ================= [ 1156.537805][T19330] vivid-007: Generate PTS: true [ 1156.568914][T19330] vivid-007: Generate SCR: true [ 1156.598530][T19330] tpg source WxH: 320x240 (Y'CbCr) [ 1156.604392][T19334] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3284'. [ 1156.654671][T19334] veth0_macvtap: entered allmulticast mode [ 1156.684166][T19330] tpg field: 1 [ 1156.707431][T19330] tpg crop: (0,0)/320x240 [ 1156.727577][T19330] tpg compose: (0,0)/320x240 [ 1156.759010][T19330] tpg colorspace: 8 [ 1156.790712][T19330] tpg transfer function: 0/0 [ 1156.805819][T19330] tpg Y'CbCr encoding: 0/0 [ 1156.829029][T19330] tpg quantization: 0/0 [ 1156.849020][T19330] tpg RGB range: 0/2 [ 1156.888987][T19330] vivid-007: ================== END STATUS ================== [ 1157.322331][T19338] random: crng reseeded on system resumption [ 1157.365611][T19338] FAULT_INJECTION: forcing a failure. [ 1157.365611][T19338] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1157.503152][T19338] CPU: 0 UID: 0 PID: 19338 Comm: syz.1.3281 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1157.503194][T19338] Tainted: [U]=USER [ 1157.503203][T19338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1157.503218][T19338] Call Trace: [ 1157.503226][T19338] [ 1157.503236][T19338] dump_stack_lvl+0x16c/0x1f0 [ 1157.503271][T19338] should_fail_ex+0x512/0x640 [ 1157.503310][T19338] should_fail_alloc_page+0xe7/0x130 [ 1157.503346][T19338] prepare_alloc_pages+0x3c2/0x610 [ 1157.503383][T19338] ? rcu_is_watching+0x12/0xc0 [ 1157.503411][T19338] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1157.503450][T19338] ? stack_trace_save+0x8e/0xc0 [ 1157.503483][T19338] ? __pfx_stack_trace_save+0x10/0x10 [ 1157.503513][T19338] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1157.503547][T19338] ? kasan_save_stack+0x42/0x60 [ 1157.503600][T19338] ? kasan_save_stack+0x33/0x60 [ 1157.503631][T19338] ? do_dentry_open+0x97f/0x1530 [ 1157.503660][T19338] ? vfs_open+0x82/0x3f0 [ 1157.503692][T19338] ? path_openat+0x1de4/0x2cb0 [ 1157.503718][T19338] ? do_filp_open+0x20b/0x470 [ 1157.503744][T19338] ? do_sys_openat2+0x11b/0x1d0 [ 1157.503778][T19338] ? __x64_sys_openat+0x174/0x210 [ 1157.503892][T19338] ? do_syscall_64+0xcd/0x490 [ 1157.503922][T19338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1157.503951][T19338] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1157.503987][T19338] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1157.504025][T19338] ? policy_nodemask+0xea/0x4e0 [ 1157.504062][T19338] alloc_pages_mpol+0x1fb/0x550 [ 1157.504096][T19338] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1157.504136][T19338] alloc_pages_noprof+0x131/0x390 [ 1157.504174][T19338] get_zeroed_page_noprof+0x18/0xb0 [ 1157.504210][T19338] get_image_page+0x18/0x190 [ 1157.504236][T19338] alloc_rtree_node+0x3c/0xb0 [ 1157.504260][T19338] memory_bm_create+0x519/0x810 [ 1157.504296][T19338] create_basic_memory_bitmaps+0xbd/0x320 [ 1157.504329][T19338] snapshot_open+0x235/0x2b0 [ 1157.504358][T19338] ? __pfx_snapshot_open+0x10/0x10 [ 1157.504387][T19338] misc_open+0x35a/0x420 [ 1157.504413][T19338] ? __pfx_misc_open+0x10/0x10 [ 1157.504437][T19338] chrdev_open+0x231/0x6a0 [ 1157.504467][T19338] ? __pfx_apparmor_file_open+0x10/0x10 [ 1157.504494][T19338] ? __pfx_chrdev_open+0x10/0x10 [ 1157.504527][T19338] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1157.504562][T19338] do_dentry_open+0x97f/0x1530 [ 1157.504593][T19338] ? __pfx_chrdev_open+0x10/0x10 [ 1157.504630][T19338] vfs_open+0x82/0x3f0 [ 1157.504670][T19338] path_openat+0x1de4/0x2cb0 [ 1157.504708][T19338] ? __pfx_path_openat+0x10/0x10 [ 1157.504746][T19338] do_filp_open+0x20b/0x470 [ 1157.504777][T19338] ? __pfx_do_filp_open+0x10/0x10 [ 1157.504841][T19338] ? alloc_fd+0x471/0x7d0 [ 1157.504876][T19338] do_sys_openat2+0x11b/0x1d0 [ 1157.504913][T19338] ? __pfx_do_sys_openat2+0x10/0x10 [ 1157.504949][T19338] ? __fget_files+0x204/0x3c0 [ 1157.504986][T19338] __x64_sys_openat+0x174/0x210 [ 1157.505024][T19338] ? __pfx___x64_sys_openat+0x10/0x10 [ 1157.505075][T19338] do_syscall_64+0xcd/0x490 [ 1157.505109][T19338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1157.505133][T19338] RIP: 0033:0x7fe1d578ebe9 [ 1157.505153][T19338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1157.505177][T19338] RSP: 002b:00007fe1d659e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1157.505200][T19338] RAX: ffffffffffffffda RBX: 00007fe1d59b5fa0 RCX: 00007fe1d578ebe9 [ 1157.505217][T19338] RDX: 00000000001438bf RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1157.505233][T19338] RBP: 00007fe1d5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1157.505247][T19338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1157.505262][T19338] R13: 00007fe1d59b6038 R14: 00007fe1d59b5fa0 R15: 00007ffdc8d976e8 [ 1157.505293][T19338] [ 1159.173159][T19367] ERROR: Out of memory at tomoyo_memory_ok. [ 1159.968505][T19382] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3295'. [ 1160.749299][T19393] FAULT_INJECTION: forcing a failure. [ 1160.749299][T19393] name failslab, interval 1, probability 0, space 0, times 0 [ 1160.845295][T19393] CPU: 0 UID: 0 PID: 19393 Comm: syz.3.3299 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1160.845346][T19393] Tainted: [U]=USER [ 1160.845355][T19393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1160.845370][T19393] Call Trace: [ 1160.845379][T19393] [ 1160.845388][T19393] dump_stack_lvl+0x16c/0x1f0 [ 1160.845423][T19393] should_fail_ex+0x512/0x640 [ 1160.845462][T19393] should_failslab+0xc2/0x120 [ 1160.845495][T19393] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1160.845526][T19393] ? skb_clone+0x190/0x3f0 [ 1160.845560][T19393] skb_clone+0x190/0x3f0 [ 1160.845592][T19393] netlink_deliver_tap+0xabd/0xd30 [ 1160.845628][T19393] netlink_unicast+0x64c/0x870 [ 1160.845665][T19393] ? __pfx_netlink_unicast+0x10/0x10 [ 1160.845697][T19393] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1160.845738][T19393] netlink_sendmsg+0x8d1/0xdd0 [ 1160.845774][T19393] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1160.845810][T19393] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1160.845840][T19393] __sys_sendto+0x4a0/0x520 [ 1160.845868][T19393] ? __pfx___sys_sendto+0x10/0x10 [ 1160.845904][T19393] ? find_held_lock+0x2b/0x80 [ 1160.845950][T19393] __x64_sys_sendto+0xe0/0x1c0 [ 1160.845976][T19393] ? do_syscall_64+0x91/0x490 [ 1160.846006][T19393] ? lockdep_hardirqs_on+0x7c/0x110 [ 1160.846034][T19393] do_syscall_64+0xcd/0x490 [ 1160.846066][T19393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1160.846090][T19393] RIP: 0033:0x7fb2fdb90a7c [ 1160.846110][T19393] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 1160.846134][T19393] RSP: 002b:00007fb2fea34ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1160.846156][T19393] RAX: ffffffffffffffda RBX: 00007fb2fea34fc0 RCX: 00007fb2fdb90a7c [ 1160.846172][T19393] RDX: 000000000000001c RSI: 00007fb2fea35010 RDI: 0000000000000007 [ 1160.846187][T19393] RBP: 0000000000000000 R08: 00007fb2fea34f14 R09: 000000000000000c [ 1160.846202][T19393] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000007 [ 1160.846216][T19393] R13: 00007fb2fea34f68 R14: 00007fb2fea35010 R15: 0000000000000000 [ 1160.846245][T19393] [ 1161.991840][T19406] FAULT_INJECTION: forcing a failure. [ 1161.991840][T19406] name failslab, interval 1, probability 0, space 0, times 0 [ 1162.167026][T19406] CPU: 0 UID: 2054 PID: 19406 Comm: syz.2.3303 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1162.167068][T19406] Tainted: [U]=USER [ 1162.167076][T19406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1162.167092][T19406] Call Trace: [ 1162.167100][T19406] [ 1162.167110][T19406] dump_stack_lvl+0x16c/0x1f0 [ 1162.167194][T19406] should_fail_ex+0x512/0x640 [ 1162.167228][T19406] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1162.167261][T19406] should_failslab+0xc2/0x120 [ 1162.167293][T19406] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1162.167323][T19406] ? __pfx___might_resched+0x10/0x10 [ 1162.167347][T19406] ? __anon_vma_prepare+0xae/0x5e0 [ 1162.167377][T19406] __anon_vma_prepare+0xae/0x5e0 [ 1162.167407][T19406] madvise_vma_behavior+0x225c/0x2d60 [ 1162.167445][T19406] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 1162.167474][T19406] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 1162.167511][T19406] ? __pfx_mas_prev+0x10/0x10 [ 1162.167547][T19406] ? find_vma_prev+0xda/0x160 [ 1162.167579][T19406] ? find_held_lock+0x2b/0x80 [ 1162.167601][T19406] ? __pfx_find_vma_prev+0x10/0x10 [ 1162.167640][T19406] ? futex_unqueue+0x133/0x2c0 [ 1162.167678][T19406] ? __futex_wait+0x24c/0x2f0 [ 1162.167718][T19406] madvise_walk_vmas+0x31f/0x9c0 [ 1162.167758][T19406] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 1162.167801][T19406] madvise_do_behavior+0x1e2/0x530 [ 1162.167834][T19406] ? futex_private_hash_put+0x18a/0x300 [ 1162.167864][T19406] ? __pfx_madvise_do_behavior+0x10/0x10 [ 1162.167900][T19406] ? down_read+0x13d/0x480 [ 1162.167947][T19406] do_madvise+0x176/0x240 [ 1162.167980][T19406] ? __pfx_do_madvise+0x10/0x10 [ 1162.168013][T19406] ? do_futex+0x122/0x350 [ 1162.168062][T19406] ? xfd_validate_state+0x61/0x180 [ 1162.168097][T19406] ? __pfx_ksys_write+0x10/0x10 [ 1162.168130][T19406] __x64_sys_madvise+0xa9/0x110 [ 1162.168170][T19406] ? lockdep_hardirqs_on+0x7c/0x110 [ 1162.168199][T19406] do_syscall_64+0xcd/0x490 [ 1162.168233][T19406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1162.168257][T19406] RIP: 0033:0x7eff9958ebe9 [ 1162.168276][T19406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1162.168300][T19406] RSP: 002b:00007eff977f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1162.168323][T19406] RAX: ffffffffffffffda RBX: 00007eff997b5fa0 RCX: 00007eff9958ebe9 [ 1162.168340][T19406] RDX: 0000000000000066 RSI: 0000000000000003 RDI: 0000000000000000 [ 1162.168354][T19406] RBP: 00007eff99611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1162.168368][T19406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1162.168383][T19406] R13: 00007eff997b6038 R14: 00007eff997b5fa0 R15: 00007ffd9223e438 [ 1162.168413][T19406] [ 1162.630018][T19411] blktrace: Concurrent blktraces are not allowed on ram7 [ 1163.434309][T19434] usb usb36: usbfs: process 19434 (syz.3.3309) did not claim interface 0 before use [ 1163.509937][T19008] usb usb38-port5: attempt power cycle [ 1163.607924][T19432] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 1164.086540][T19008] usb usb38-port5: unable to enumerate USB device [ 1164.279719][T19442] ERROR: Out of memory at tomoyo_memory_ok. [ 1164.393008][T19444] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 1164.407615][T19439] ERROR: Out of memory at tomoyo_memory_ok. [ 1165.044742][T19453] FAULT_INJECTION: forcing a failure. [ 1165.044742][T19453] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1165.127643][T19453] CPU: 0 UID: 0 PID: 19453 Comm: syz.3.3315 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1165.127685][T19453] Tainted: [U]=USER [ 1165.127693][T19453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1165.127708][T19453] Call Trace: [ 1165.127716][T19453] [ 1165.127726][T19453] dump_stack_lvl+0x16c/0x1f0 [ 1165.127760][T19453] should_fail_ex+0x512/0x640 [ 1165.127802][T19453] _copy_from_user+0x2e/0xd0 [ 1165.127840][T19453] do_sock_getsockopt+0x3ca/0x440 [ 1165.127878][T19453] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1165.127912][T19453] ? __fget_files+0x204/0x3c0 [ 1165.127951][T19453] __sys_getsockopt+0x123/0x1b0 [ 1165.127985][T19453] __x64_sys_getsockopt+0xbd/0x160 [ 1165.128012][T19453] ? do_syscall_64+0x91/0x490 [ 1165.128041][T19453] ? lockdep_hardirqs_on+0x7c/0x110 [ 1165.128069][T19453] do_syscall_64+0xcd/0x490 [ 1165.128101][T19453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1165.128125][T19453] RIP: 0033:0x7fb2fdb8ebe9 [ 1165.128144][T19453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1165.128167][T19453] RSP: 002b:00007fb2fea36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1165.128190][T19453] RAX: ffffffffffffffda RBX: 00007fb2fddb5fa0 RCX: 00007fb2fdb8ebe9 [ 1165.128206][T19453] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003 [ 1165.128221][T19453] RBP: 00007fb2fea36090 R08: 0000000000000000 R09: 0000000000000000 [ 1165.128235][T19453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1165.128249][T19453] R13: 00007fb2fddb6038 R14: 00007fb2fddb5fa0 R15: 00007ffe13a78f68 [ 1165.128279][T19453] [ 1165.297394][ C0] vkms_vblank_simulate: vblank timer overrun [ 1166.033665][T19465] aoe: could not set interface list: too many interfaces [ 1166.126064][T19471] aoe: could not set interface list: too many interfaces [ 1166.965938][T19487] random: crng reseeded on system resumption [ 1167.918103][T19500] kAFS: No cell specified [ 1168.387892][T19495] random: crng reseeded on system resumption [ 1168.447864][T19495] FAULT_INJECTION: forcing a failure. [ 1168.447864][T19495] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1168.575789][T19495] CPU: 0 UID: 0 PID: 19495 Comm: syz.3.3322 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1168.575832][T19495] Tainted: [U]=USER [ 1168.575840][T19495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1168.575855][T19495] Call Trace: [ 1168.575863][T19495] [ 1168.575872][T19495] dump_stack_lvl+0x16c/0x1f0 [ 1168.575906][T19495] should_fail_ex+0x512/0x640 [ 1168.575945][T19495] should_fail_alloc_page+0xe7/0x130 [ 1168.575981][T19495] prepare_alloc_pages+0x3c2/0x610 [ 1168.576017][T19495] ? rcu_is_watching+0x12/0xc0 [ 1168.576045][T19495] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1168.576083][T19495] ? stack_trace_save+0x8e/0xc0 [ 1168.576110][T19495] ? __pfx_stack_trace_save+0x10/0x10 [ 1168.576140][T19495] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1168.576174][T19495] ? kasan_save_stack+0x42/0x60 [ 1168.576201][T19495] ? kasan_save_stack+0x33/0x60 [ 1168.576231][T19495] ? do_dentry_open+0x97f/0x1530 [ 1168.576259][T19495] ? vfs_open+0x82/0x3f0 [ 1168.576291][T19495] ? path_openat+0x1de4/0x2cb0 [ 1168.576325][T19495] ? do_filp_open+0x20b/0x470 [ 1168.576352][T19495] ? do_sys_openat2+0x11b/0x1d0 [ 1168.576386][T19495] ? __x64_sys_openat+0x174/0x210 [ 1168.576428][T19495] ? do_syscall_64+0xcd/0x490 [ 1168.576458][T19495] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1168.576484][T19495] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1168.576521][T19495] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1168.576558][T19495] ? policy_nodemask+0xea/0x4e0 [ 1168.576592][T19495] alloc_pages_mpol+0x1fb/0x550 [ 1168.576626][T19495] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1168.576666][T19495] alloc_pages_noprof+0x131/0x390 [ 1168.576700][T19495] get_zeroed_page_noprof+0x18/0xb0 [ 1168.576735][T19495] get_image_page+0x18/0x190 [ 1168.576760][T19495] alloc_rtree_node+0x3c/0xb0 [ 1168.576784][T19495] memory_bm_create+0x519/0x810 [ 1168.576826][T19495] create_basic_memory_bitmaps+0xbd/0x320 [ 1168.576857][T19495] snapshot_open+0x235/0x2b0 [ 1168.576886][T19495] ? __pfx_snapshot_open+0x10/0x10 [ 1168.576916][T19495] misc_open+0x35a/0x420 [ 1168.576942][T19495] ? __pfx_misc_open+0x10/0x10 [ 1168.576966][T19495] chrdev_open+0x231/0x6a0 [ 1168.576997][T19495] ? __pfx_apparmor_file_open+0x10/0x10 [ 1168.577025][T19495] ? __pfx_chrdev_open+0x10/0x10 [ 1168.577058][T19495] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1168.577092][T19495] do_dentry_open+0x97f/0x1530 [ 1168.577122][T19495] ? __pfx_chrdev_open+0x10/0x10 [ 1168.577159][T19495] vfs_open+0x82/0x3f0 [ 1168.577199][T19495] path_openat+0x1de4/0x2cb0 [ 1168.577237][T19495] ? __pfx_path_openat+0x10/0x10 [ 1168.577274][T19495] do_filp_open+0x20b/0x470 [ 1168.577303][T19495] ? __pfx_do_filp_open+0x10/0x10 [ 1168.577353][T19495] ? alloc_fd+0x471/0x7d0 [ 1168.577387][T19495] do_sys_openat2+0x11b/0x1d0 [ 1168.577436][T19495] ? __pfx_do_sys_openat2+0x10/0x10 [ 1168.577472][T19495] ? __fget_files+0x204/0x3c0 [ 1168.577508][T19495] __x64_sys_openat+0x174/0x210 [ 1168.577548][T19495] ? __pfx___x64_sys_openat+0x10/0x10 [ 1168.577599][T19495] do_syscall_64+0xcd/0x490 [ 1168.577632][T19495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1168.577657][T19495] RIP: 0033:0x7fb2fdb8ebe9 [ 1168.577676][T19495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1168.577700][T19495] RSP: 002b:00007fb2fea36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1168.577724][T19495] RAX: ffffffffffffffda RBX: 00007fb2fddb5fa0 RCX: 00007fb2fdb8ebe9 [ 1168.577740][T19495] RDX: 00000000001438bf RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1168.577756][T19495] RBP: 00007fb2fdc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1168.577771][T19495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1168.577786][T19495] R13: 00007fb2fddb6038 R14: 00007fb2fddb5fa0 R15: 00007ffe13a78f68 [ 1168.577816][T19495] [ 1170.974756][T19526] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(5) [ 1174.331309][T19560] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(5) [ 1174.873752][T19568] ERROR: Out of memory at tomoyo_memory_ok. [ 1175.006750][T19563] ERROR: Out of memory at tomoyo_memory_ok. [ 1175.709365][T19575] syz.0.3344 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1177.102658][T19593] random: crng reseeded on system resumption [ 1178.742390][T19610] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3353'. [ 1180.921208][T15124] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1183.941390][T19674] ERROR: Out of memory at tomoyo_memory_ok. [ 1185.012299][ T31] audit: type=1800 audit(4294967738.745:38): pid=19688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3370" name="lu_gp_id" dev="configfs" ino=76330 res=0 errno=0 [ 1185.147818][T19690] binder: 19689:19690 ioctl c018620c 0 returned -14 [ 1185.487134][T19690] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3371'. [ 1186.576271][T19708] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3375'. [ 1186.890166][T19713] ERROR: Out of memory at tomoyo_memory_ok. [ 1187.824823][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1187.839237][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1189.337621][ T7903] ERROR: Out of memory at tomoyo_memory_ok. [ 1189.384417][T16260] ERROR: Out of memory at tomoyo_memory_ok. [ 1190.063044][T19734] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1190.098486][T19734] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1190.152501][T19734] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1190.180787][T19734] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1190.352251][T19734] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1191.819661][ T5867] Bluetooth: hci4: command 0x0c1a tx timeout [ 1192.139646][ T5867] Bluetooth: hci0: command 0x0c1a tx timeout [ 1192.218837][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1192.383943][ T5867] Bluetooth: hci1: command 0x0406 tx timeout [ 1192.589806][T19775] usbip-vudc usbip-vudc.0: gadget not bound [ 1193.916978][ C0] vkms_vblank_simulate: vblank timer overrun [ 1194.302517][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1194.434950][ C0] vkms_vblank_simulate: vblank timer overrun [ 1197.551129][T19825] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3405'. [ 1198.484537][T19841] FAULT_INJECTION: forcing a failure. [ 1198.484537][T19841] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1198.567847][T19841] CPU: 0 UID: 0 PID: 19841 Comm: syz.1.3410 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1198.567888][T19841] Tainted: [U]=USER [ 1198.567897][T19841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1198.567911][T19841] Call Trace: [ 1198.567920][T19841] [ 1198.567929][T19841] dump_stack_lvl+0x16c/0x1f0 [ 1198.567964][T19841] should_fail_ex+0x512/0x640 [ 1198.568002][T19841] should_fail_alloc_page+0xe7/0x130 [ 1198.568037][T19841] prepare_alloc_pages+0x3c2/0x610 [ 1198.568078][T19841] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1198.568109][T19841] ? up_write+0x1b2/0x520 [ 1198.568147][T19841] ? process_measurement+0x1e6/0x23e0 [ 1198.568178][T19841] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1198.568212][T19841] ? register_lock_class+0x41/0x4c0 [ 1198.568251][T19841] ? __lock_acquire+0xb97/0x1ce0 [ 1198.568284][T19841] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1198.568322][T19841] ? policy_nodemask+0xea/0x4e0 [ 1198.568355][T19841] alloc_pages_mpol+0x1fb/0x550 [ 1198.568390][T19841] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1198.568429][T19841] alloc_pages_noprof+0x131/0x390 [ 1198.568462][T19841] __pmd_alloc+0x3b/0x930 [ 1198.568502][T19841] huge_pte_alloc+0x41d/0x5b0 [ 1198.568546][T19841] hugetlb_fault+0x373/0x2f40 [ 1198.568574][T19841] ? __pfx_hugetlb_fault+0x10/0x10 [ 1198.568608][T19841] ? find_vma+0xbf/0x140 [ 1198.568637][T19841] ? __pfx_find_vma+0x10/0x10 [ 1198.568671][T19841] handle_mm_fault+0xbfa/0xd10 [ 1198.568696][T19841] ? __bpf_trace_exceptions+0x1/0x40 [ 1198.568746][T19841] do_user_addr_fault+0x7a6/0x1370 [ 1198.568787][T19841] ? rcu_is_watching+0x12/0xc0 [ 1198.568816][T19841] exc_page_fault+0x5c/0xb0 [ 1198.568845][T19841] asm_exc_page_fault+0x26/0x30 [ 1198.568870][T19841] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 1198.568913][T19841] Code: c4 10 e9 14 23 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 [ 1198.568935][T19841] RSP: 0018:ffffc9000aa9fd70 EFLAGS: 00050202 [ 1198.568954][T19841] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 1198.568968][T19841] RDX: fffff52001553fbc RSI: 0000000000000000 RDI: ffffc9000aa9fde0 [ 1198.568983][T19841] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52001553fbc [ 1198.568998][T19841] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 1198.569011][T19841] R13: ffffc9000aa9fde0 R14: 0000000000000000 R15: 0000000000000000 [ 1198.569043][T19841] _copy_from_user+0x98/0xd0 [ 1198.569083][T19841] do_sock_getsockopt+0x3ca/0x440 [ 1198.569124][T19841] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1198.569158][T19841] ? __fget_files+0x204/0x3c0 [ 1198.569198][T19841] __sys_getsockopt+0x123/0x1b0 [ 1198.569233][T19841] __x64_sys_getsockopt+0xbd/0x160 [ 1198.569261][T19841] ? do_syscall_64+0x91/0x490 [ 1198.569289][T19841] ? lockdep_hardirqs_on+0x7c/0x110 [ 1198.569316][T19841] do_syscall_64+0xcd/0x490 [ 1198.569348][T19841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1198.569371][T19841] RIP: 0033:0x7fe1d578ebe9 [ 1198.569389][T19841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1198.569412][T19841] RSP: 002b:00007fe1d659e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1198.569432][T19841] RAX: ffffffffffffffda RBX: 00007fe1d59b5fa0 RCX: 00007fe1d578ebe9 [ 1198.569448][T19841] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003 [ 1198.569462][T19841] RBP: 00007fe1d659e090 R08: 0000000000000000 R09: 0000000000000000 [ 1198.569477][T19841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1198.569491][T19841] R13: 00007fe1d59b6038 R14: 00007fe1d59b5fa0 R15: 00007ffdc8d976e8 [ 1198.569521][T19841] [ 1201.198853][T19859] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18000 [ 1201.293906][T19859] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1201.398852][T19859] raw: 00fff00000002000 ffffea0000600008 ffffea0000600008 0000000000000000 [ 1201.419187][T19866] blktrace: Concurrent blktraces are not allowed on ram7 [ 1201.476138][T19859] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1201.542186][T19859] page dumped because: unmovable page [ 1201.591420][T19859] page_owner info is not present (never set?) [ 1201.660337][T16317] usb usb38-port5: attempt power cycle [ 1202.258599][T16317] usb usb38-port5: unable to enumerate USB device [ 1203.630987][ T5867] Bluetooth: hci2: unexpected event 0x32 length: 10 > 9 [ 1204.125538][T19909] ERROR: Out of memory at tomoyo_memory_ok. [ 1204.237529][T19904] ERROR: Out of memory at tomoyo_memory_ok. [ 1204.511731][T19915] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1204.627074][T19915] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1204.689829][T19915] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1204.696094][T19915] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1206.539116][T15124] Bluetooth: hci4: command 0x0c1a tx timeout [ 1206.699045][T15124] Bluetooth: hci0: command 0x0c1a tx timeout [ 1206.779422][T15124] Bluetooth: hci1: command 0x0406 tx timeout [ 1206.785643][T15124] Bluetooth: hci2: command 0x0c1a tx timeout [ 1207.928514][T19974] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3442'. [ 1209.818469][T19996] __vm_enough_memory: pid: 19996, comm: syz.0.3455, bytes: 4398046511104 not enough memory for the allocation [ 1213.067876][T20041] FAULT_INJECTION: forcing a failure. [ 1213.067876][T20041] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.150633][T20041] CPU: 0 UID: 0 PID: 20041 Comm: syz.1.3461 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1213.150676][T20041] Tainted: [U]=USER [ 1213.150685][T20041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1213.150701][T20041] Call Trace: [ 1213.150709][T20041] [ 1213.150719][T20041] dump_stack_lvl+0x16c/0x1f0 [ 1213.150763][T20041] should_fail_ex+0x512/0x640 [ 1213.150797][T20041] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1213.150825][T20041] should_failslab+0xc2/0x120 [ 1213.150859][T20041] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1213.150884][T20041] ? __alloc_workqueue+0xda2/0x1810 [ 1213.150922][T20041] __alloc_workqueue+0xda2/0x1810 [ 1213.150968][T20041] alloc_workqueue_noprof+0xd2/0x200 [ 1213.151000][T20041] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1213.151038][T20041] ? rcu_is_watching+0x12/0xc0 [ 1213.151064][T20041] ? __kmalloc_noprof+0x242/0x510 [ 1213.151091][T20041] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1213.151133][T20041] ieee80211_register_hw+0x1e8f/0x4060 [ 1213.151177][T20041] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1213.151214][T20041] ? find_held_lock+0x2b/0x80 [ 1213.151239][T20041] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1213.151276][T20041] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1213.151307][T20041] ? __hrtimer_setup+0x176/0x280 [ 1213.151347][T20041] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1213.151406][T20041] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1213.151456][T20041] hwsim_new_radio_nl+0xb51/0x12c0 [ 1213.151483][T20041] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1213.151532][T20041] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1213.151572][T20041] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1213.151617][T20041] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1213.151661][T20041] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1213.151709][T20041] ? bpf_lsm_capable+0x9/0x10 [ 1213.151730][T20041] ? security_capable+0x7e/0x260 [ 1213.151756][T20041] ? ns_capable+0xd7/0x110 [ 1213.151784][T20041] genl_rcv_msg+0x55c/0x800 [ 1213.151823][T20041] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1213.151859][T20041] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1213.151915][T20041] netlink_rcv_skb+0x158/0x420 [ 1213.151947][T20041] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1213.151990][T20041] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1213.152036][T20041] ? netlink_deliver_tap+0x1ae/0xd30 [ 1213.152072][T20041] genl_rcv+0x28/0x40 [ 1213.152105][T20041] netlink_unicast+0x5a7/0x870 [ 1213.152140][T20041] ? __pfx_netlink_unicast+0x10/0x10 [ 1213.152171][T20041] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1213.152208][T20041] ? __lock_acquire+0xb97/0x1ce0 [ 1213.152248][T20041] netlink_sendmsg+0x8d1/0xdd0 [ 1213.152285][T20041] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1213.152320][T20041] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1213.152351][T20041] ____sys_sendmsg+0xa95/0xc70 [ 1213.152390][T20041] ? copy_msghdr_from_user+0x10a/0x160 [ 1213.152420][T20041] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1213.152465][T20041] ? __pfx_futex_wake_mark+0x10/0x10 [ 1213.152505][T20041] ___sys_sendmsg+0x134/0x1d0 [ 1213.152537][T20041] ? __pfx____sys_sendmsg+0x10/0x10 [ 1213.152613][T20041] __sys_sendmsg+0x16d/0x220 [ 1213.152645][T20041] ? __pfx___sys_sendmsg+0x10/0x10 [ 1213.152676][T20041] ? __x64_sys_futex+0x1e0/0x4c0 [ 1213.152725][T20041] do_syscall_64+0xcd/0x490 [ 1213.152759][T20041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.152785][T20041] RIP: 0033:0x7fe1d578ebe9 [ 1213.152804][T20041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1213.152829][T20041] RSP: 002b:00007fe1d659e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1213.152852][T20041] RAX: ffffffffffffffda RBX: 00007fe1d59b5fa0 RCX: 00007fe1d578ebe9 [ 1213.152868][T20041] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1213.152884][T20041] RBP: 00007fe1d5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1213.152899][T20041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1213.152913][T20041] R13: 00007fe1d59b6038 R14: 00007fe1d59b5fa0 R15: 00007ffdc8d976e8 [ 1213.152944][T20041] [ 1216.833210][T20071] random: crng reseeded on system resumption [ 1216.932720][T19906] ERROR: Out of memory at tomoyo_memory_ok. [ 1216.982355][T19912] ERROR: Out of memory at tomoyo_memory_ok. [ 1218.647040][T20092] binder: 20091:20092 ioctl c0046209 ffffffffffffffff returned -22 [ 1219.400910][T20105] usb usb36: usbfs: process 20105 (syz.1.3475) did not claim interface 0 before use [ 1219.513930][T20105] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 1219.615828][T20109] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3474'. [ 1219.686578][T20109] veth0_macvtap: entered allmulticast mode [ 1220.243609][T20115] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000000000 [ 1222.685717][T20153] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 1222.960681][T20158] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(4.131072.4294967293), cmd(3) [ 1224.949489][T19956] Bluetooth: hci2: unexpected subevent 0x01 length: 125 > 18 [ 1226.609303][T20213] nbd: must specify a device to reconfigure [ 1226.643135][T20213] kAFS: No cell specified [ 1228.180053][T20232] input: jJÇž-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input44 [ 1228.248636][ T5217] ERROR: Out of memory at tomoyo_memory_ok. [ 1228.670384][T20248] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3511'. [ 1228.762778][T20239] ima: policy update failed [ 1228.791372][ T31] audit: type=1802 audit(4294967782.535:39): pid=20239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.3511" res=0 errno=0 [ 1230.297958][ T5867] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1230.309958][ T5867] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1230.317389][ T5867] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 1232.447389][T20275] ERROR: Out of memory at tomoyo_memory_ok. [ 1234.292151][T20299] FAULT_INJECTION: forcing a failure. [ 1234.292151][T20299] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1234.640077][T20299] CPU: 0 UID: 0 PID: 20299 Comm: syz.2.3521 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1234.640119][T20299] Tainted: [U]=USER [ 1234.640127][T20299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1234.640142][T20299] Call Trace: [ 1234.640151][T20299] [ 1234.640161][T20299] dump_stack_lvl+0x16c/0x1f0 [ 1234.640196][T20299] should_fail_ex+0x512/0x640 [ 1234.640234][T20299] _copy_to_user+0x32/0xd0 [ 1234.640274][T20299] cpuid_read+0x1d7/0x360 [ 1234.640310][T20299] ? __pfx_cpuid_read+0x10/0x10 [ 1234.640341][T20299] ? __pfx_cpuid_smp_cpuid+0x10/0x10 [ 1234.640394][T20299] ? bpf_lsm_file_permission+0x9/0x10 [ 1234.640432][T20299] ? security_file_permission+0x71/0x210 [ 1234.640466][T20299] ? rw_verify_area+0xcf/0x6c0 [ 1234.640492][T20299] ? __pfx_cpuid_read+0x10/0x10 [ 1234.640521][T20299] vfs_readv+0x5be/0x8b0 [ 1234.640552][T20299] ? __pfx_vfs_readv+0x10/0x10 [ 1234.640578][T20299] ? kmem_cache_free+0x2d1/0x4d0 [ 1234.640621][T20299] ? __fget_files+0x20e/0x3c0 [ 1234.640655][T20299] ? do_readv+0x132/0x340 [ 1234.640677][T20299] do_readv+0x132/0x340 [ 1234.640701][T20299] ? __pfx_do_readv+0x10/0x10 [ 1234.640734][T20299] do_syscall_64+0xcd/0x490 [ 1234.640767][T20299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1234.640791][T20299] RIP: 0033:0x7eff9958ebe9 [ 1234.640810][T20299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1234.640834][T20299] RSP: 002b:00007eff977f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1234.640857][T20299] RAX: ffffffffffffffda RBX: 00007eff997b5fa0 RCX: 00007eff9958ebe9 [ 1234.640873][T20299] RDX: 0000000000000003 RSI: 0000200000000680 RDI: 0000000000000006 [ 1234.640888][T20299] RBP: 00007eff99611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1234.640902][T20299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1234.640917][T20299] R13: 00007eff997b6038 R14: 00007eff997b5fa0 R15: 00007ffd9223e438 [ 1234.640946][T20299] [ 1236.828178][T20329] FAULT_INJECTION: forcing a failure. [ 1236.828178][T20329] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1236.988654][T20329] CPU: 0 UID: 0 PID: 20329 Comm: syz.2.3526 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1236.988699][T20329] Tainted: [U]=USER [ 1236.988707][T20329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1236.988721][T20329] Call Trace: [ 1236.988729][T20329] [ 1236.988738][T20329] dump_stack_lvl+0x16c/0x1f0 [ 1236.988772][T20329] should_fail_ex+0x512/0x640 [ 1236.988809][T20329] _copy_from_user+0x2e/0xd0 [ 1236.988847][T20329] copy_msghdr_from_user+0x98/0x160 [ 1236.988878][T20329] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1236.988921][T20329] ___sys_sendmsg+0xfe/0x1d0 [ 1236.988952][T20329] ? __pfx____sys_sendmsg+0x10/0x10 [ 1236.989007][T20329] ? __mutex_unlock_slowpath+0x140/0x800 [ 1236.989050][T20329] __sys_sendmsg+0x16d/0x220 [ 1236.989081][T20329] ? __pfx___sys_sendmsg+0x10/0x10 [ 1236.989129][T20329] do_syscall_64+0xcd/0x490 [ 1236.989161][T20329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1236.989186][T20329] RIP: 0033:0x7eff9958ebe9 [ 1236.989204][T20329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1236.989228][T20329] RSP: 002b:00007eff977f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1236.989251][T20329] RAX: ffffffffffffffda RBX: 00007eff997b5fa0 RCX: 00007eff9958ebe9 [ 1236.989267][T20329] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1236.989281][T20329] RBP: 00007eff977f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1236.989295][T20329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1236.989309][T20329] R13: 00007eff997b6038 R14: 00007eff997b5fa0 R15: 00007ffd9223e438 [ 1236.989339][T20329] [ 1241.367183][T20382] netlink: 17 bytes leftover after parsing attributes in process `syz.2.3541'. [ 1241.504892][T20382] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3541'. [ 1243.351272][T20394] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1243.797899][T20408] i2c i2c-0: Failed to register i2c client card: at 0x01 (-16) [ 1243.864372][T20408] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input45 [ 1244.132722][ T5217] ERROR: Out of memory at tomoyo_memory_ok. [ 1249.268960][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1249.276381][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1252.054484][T20493] random: crng reseeded on system resumption [ 1252.103125][T19910] ERROR: Out of memory at tomoyo_memory_ok. [ 1252.153806][ T7907] ERROR: Out of memory at tomoyo_memory_ok. [ 1253.711367][T20483] kexec: Could not allocate control_code_buffer [ 1254.454229][T20525] netlink: 'syz.2.3578': attribute type 2 has an invalid length. [ 1254.548880][T20528] netlink: 'syz.2.3578': attribute type 2 has an invalid length. [ 1257.081774][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.090531][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.106537][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.114238][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.123566][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.131665][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.139555][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.147068][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.155114][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.162996][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.170777][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.184176][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.192051][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.199862][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.207625][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.215288][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.224747][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.232720][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.240673][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.248206][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.259016][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.266967][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.275307][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.287085][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.294844][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.302548][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.312436][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.322056][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.329800][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.337393][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.345182][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.352876][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.368895][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.376476][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.384320][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.392676][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.400265][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.407765][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.415417][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.424420][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.432070][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.440191][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.447686][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.455498][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.463081][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.478865][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.486666][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.495106][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.502772][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.510380][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.517853][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.528883][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.536360][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.544747][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.552381][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.568907][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.576448][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.584852][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.592690][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.600485][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.607950][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.615554][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.623116][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.631892][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1257.640180][T19956] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1259.100249][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1261.179226][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1263.269765][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1265.339186][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1265.602590][ T5945] usb usb38-port5: attempt power cycle [ 1266.202354][ T5945] usb usb38-port5: unable to enumerate USB device [ 1266.290950][T20677] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 1267.288938][T20683] zswap: compressor not available [ 1267.428863][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1269.498945][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1269.794577][T20710] kexec: Could not allocate control_code_buffer [ 1270.755159][T20738] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 1271.578958][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1273.659185][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1273.782764][T20787] netlink: 146 bytes leftover after parsing attributes in process `syz.2.3645'. [ 1275.657734][T20807] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3650'. [ 1275.739413][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1277.818942][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1279.899007][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1281.978974][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1283.673324][ T31] audit: type=1800 audit(4294967837.415:40): pid=20886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3670" name="lu_gp_id" dev="configfs" ino=80889 res=0 errno=0 [ 1284.063079][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1285.138564][T20878] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.0.3666: bg 1: bad block bitmap checksum [ 1285.200266][T20878] EXT4-fs error (device sda1) in ext4_mb_clear_bb:6657: Filesystem failed CRC [ 1286.142700][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1286.239509][T20909] FAULT_INJECTION: forcing a failure. [ 1286.239509][T20909] name failslab, interval 1, probability 0, space 0, times 0 [ 1286.325612][T20909] CPU: 0 UID: 0 PID: 20909 Comm: syz.1.3676 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1286.325654][T20909] Tainted: [U]=USER [ 1286.325662][T20909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1286.325676][T20909] Call Trace: [ 1286.325685][T20909] [ 1286.325695][T20909] dump_stack_lvl+0x16c/0x1f0 [ 1286.325729][T20909] should_fail_ex+0x512/0x640 [ 1286.325779][T20909] ? fs_reclaim_acquire+0xae/0x150 [ 1286.325818][T20909] should_failslab+0xc2/0x120 [ 1286.325858][T20909] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1286.325883][T20909] ? tomoyo_write_log2+0x33d/0xc10 [ 1286.325920][T20909] tomoyo_write_log2+0x33d/0xc10 [ 1286.325957][T20909] tomoyo_supervisor+0x15e/0x13b0 [ 1286.326006][T20909] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1286.326046][T20909] ? __pfx_vsnprintf+0x10/0x10 [ 1286.326087][T20909] ? tomoyo_encode2+0x329/0x3e0 [ 1286.326122][T20909] ? tomoyo_check_path_number_acl+0xa6/0x2f0 [ 1286.326159][T20909] tomoyo_path_number_perm+0x448/0x580 [ 1286.326189][T20909] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1286.326219][T20909] ? find_held_lock+0x2b/0x80 [ 1286.326271][T20909] ? find_held_lock+0x2b/0x80 [ 1286.326298][T20909] ? hook_file_ioctl_common+0x145/0x410 [ 1286.326336][T20909] ? __fget_files+0x20e/0x3c0 [ 1286.326367][T20909] security_file_ioctl+0x9b/0x240 [ 1286.326398][T20909] __x64_sys_ioctl+0xb7/0x210 [ 1286.326437][T20909] do_syscall_64+0xcd/0x490 [ 1286.326469][T20909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.326497][T20909] RIP: 0033:0x7fe1d578ebe9 [ 1286.326516][T20909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1286.326540][T20909] RSP: 002b:00007fe1d659e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1286.326562][T20909] RAX: ffffffffffffffda RBX: 00007fe1d59b5fa0 RCX: 00007fe1d578ebe9 [ 1286.326578][T20909] RDX: 0000000000000000 RSI: 0000000000004605 RDI: 0000000000000003 [ 1286.326592][T20909] RBP: 00007fe1d659e090 R08: 0000000000000000 R09: 0000000000000000 [ 1286.326606][T20909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1286.326621][T20909] R13: 00007fe1d59b6038 R14: 00007fe1d59b5fa0 R15: 00007ffdc8d976e8 [ 1286.326650][T20909] [ 1287.867075][T20928] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 1288.219197][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1288.336423][T20934] netlink: zone id is out of range [ 1288.475965][T20934] netlink: zone id is out of range [ 1288.537196][T20934] netlink: zone id is out of range [ 1288.620018][T20934] netlink: zone id is out of range [ 1288.695219][T20934] netlink: zone id is out of range [ 1288.777816][T20934] netlink: zone id is out of range [ 1288.846383][T20934] netlink: zone id is out of range [ 1288.920737][T20934] netlink: zone id is out of range [ 1288.996416][T20934] netlink: zone id is out of range [ 1289.055092][T20934] netlink: zone id is out of range [ 1290.226751][T20966] zswap: compressor not available [ 1290.304094][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1291.688963][T21003] FAULT_INJECTION: forcing a failure. [ 1291.688963][T21003] name failslab, interval 1, probability 0, space 0, times 0 [ 1291.768951][T21003] CPU: 0 UID: 0 PID: 21003 Comm: syz.1.3698 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1291.768996][T21003] Tainted: [U]=USER [ 1291.769004][T21003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1291.769018][T21003] Call Trace: [ 1291.769026][T21003] [ 1291.769036][T21003] dump_stack_lvl+0x16c/0x1f0 [ 1291.769071][T21003] should_fail_ex+0x512/0x640 [ 1291.769105][T21003] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 1291.769137][T21003] should_failslab+0xc2/0x120 [ 1291.769170][T21003] __kmalloc_cache_node_noprof+0x6d/0x420 [ 1291.769199][T21003] ? __alloc_workqueue+0x694/0x1810 [ 1291.769237][T21003] __alloc_workqueue+0x694/0x1810 [ 1291.769279][T21003] alloc_workqueue_noprof+0xd2/0x200 [ 1291.769313][T21003] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1291.769351][T21003] ? rcu_is_watching+0x12/0xc0 [ 1291.769377][T21003] ? __kmalloc_noprof+0x242/0x510 [ 1291.769415][T21003] ? do_raw_spin_unlock+0x172/0x230 [ 1291.769453][T21003] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1291.769496][T21003] ieee80211_register_hw+0x1e8f/0x4060 [ 1291.769541][T21003] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1291.769578][T21003] ? find_held_lock+0x2b/0x80 [ 1291.769603][T21003] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1291.769643][T21003] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1291.769675][T21003] ? __hrtimer_setup+0x176/0x280 [ 1291.769715][T21003] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1291.769775][T21003] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1291.769825][T21003] hwsim_new_radio_nl+0xb51/0x12c0 [ 1291.769852][T21003] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1291.769902][T21003] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1291.769942][T21003] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1291.769992][T21003] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1291.770033][T21003] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1291.770080][T21003] ? bpf_lsm_capable+0x9/0x10 [ 1291.770103][T21003] ? security_capable+0x7e/0x260 [ 1291.770129][T21003] ? ns_capable+0xd7/0x110 [ 1291.770156][T21003] genl_rcv_msg+0x55c/0x800 [ 1291.770197][T21003] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1291.770234][T21003] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1291.770285][T21003] netlink_rcv_skb+0x158/0x420 [ 1291.770317][T21003] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1291.770356][T21003] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1291.770408][T21003] ? netlink_deliver_tap+0x1ae/0xd30 [ 1291.770445][T21003] genl_rcv+0x28/0x40 [ 1291.770478][T21003] netlink_unicast+0x5a7/0x870 [ 1291.770515][T21003] ? __pfx_netlink_unicast+0x10/0x10 [ 1291.770548][T21003] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1291.770579][T21003] ? __lock_acquire+0xb97/0x1ce0 [ 1291.770619][T21003] netlink_sendmsg+0x8d1/0xdd0 [ 1291.770657][T21003] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1291.770693][T21003] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1291.770724][T21003] ____sys_sendmsg+0xa95/0xc70 [ 1291.770764][T21003] ? copy_msghdr_from_user+0x10a/0x160 [ 1291.770795][T21003] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1291.770847][T21003] ___sys_sendmsg+0x134/0x1d0 [ 1291.770880][T21003] ? __pfx____sys_sendmsg+0x10/0x10 [ 1291.770947][T21003] __sys_sendmsg+0x16d/0x220 [ 1291.770979][T21003] ? __pfx___sys_sendmsg+0x10/0x10 [ 1291.771010][T21003] ? __x64_sys_futex+0x1e0/0x4c0 [ 1291.771059][T21003] do_syscall_64+0xcd/0x490 [ 1291.771093][T21003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1291.771119][T21003] RIP: 0033:0x7fe1d578ebe9 [ 1291.771139][T21003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1291.771163][T21003] RSP: 002b:00007fe1d659e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1291.771187][T21003] RAX: ffffffffffffffda RBX: 00007fe1d59b5fa0 RCX: 00007fe1d578ebe9 [ 1291.771205][T21003] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1291.771220][T21003] RBP: 00007fe1d5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1291.771235][T21003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1291.771250][T21003] R13: 00007fe1d59b6038 R14: 00007fe1d59b5fa0 R15: 00007ffdc8d976e8 [ 1291.771281][T21003] [ 1292.686407][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1292.849741][T21016] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3703'. [ 1294.317496][T21029] FAULT_INJECTION: forcing a failure. [ 1294.317496][T21029] name failslab, interval 1, probability 0, space 0, times 0 [ 1294.364486][T21029] CPU: 0 UID: 0 PID: 21029 Comm: syz.2.3709 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1294.364529][T21029] Tainted: [U]=USER [ 1294.364539][T21029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1294.364558][T21029] Call Trace: [ 1294.364566][T21029] [ 1294.364575][T21029] dump_stack_lvl+0x16c/0x1f0 [ 1294.364611][T21029] should_fail_ex+0x512/0x640 [ 1294.364648][T21029] ? fs_reclaim_acquire+0xae/0x150 [ 1294.364698][T21029] should_failslab+0xc2/0x120 [ 1294.364731][T21029] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1294.364761][T21029] ? security_inode_alloc+0x3b/0x2b0 [ 1294.364792][T21029] security_inode_alloc+0x3b/0x2b0 [ 1294.364820][T21029] inode_init_always_gfp+0xce4/0x1030 [ 1294.364852][T21029] alloc_inode+0x86/0x240 [ 1294.364889][T21029] sock_alloc+0x40/0x280 [ 1294.364923][T21029] do_accept+0xf7/0x530 [ 1294.364946][T21029] ? 0xffffffff81000000 [ 1294.364963][T21029] ? do_raw_spin_lock+0x12c/0x2b0 [ 1294.365001][T21029] ? __pfx_do_accept+0x10/0x10 [ 1294.365043][T21029] ? 0xffffffff81000000 [ 1294.365059][T21029] __sys_accept4+0x100/0x1c0 [ 1294.365085][T21029] ? __pfx___sys_accept4+0x10/0x10 [ 1294.365111][T21029] ? __pfx_do_writev+0x10/0x10 [ 1294.365143][T21029] __x64_sys_accept+0x74/0xb0 [ 1294.365166][T21029] ? lockdep_hardirqs_on+0x7c/0x110 [ 1294.365195][T21029] do_syscall_64+0xcd/0x490 [ 1294.365227][T21029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1294.365252][T21029] RIP: 0033:0x7eff9958ebe9 [ 1294.365278][T21029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1294.365304][T21029] RSP: 002b:00007eff977f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 1294.365336][T21029] RAX: ffffffffffffffda RBX: 00007eff997b5fa0 RCX: 00007eff9958ebe9 [ 1294.365353][T21029] RDX: ffffffff81000000 RSI: ffffffffffffffff RDI: 0000000000000003 [ 1294.365368][T21029] RBP: 00007eff99611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1294.365383][T21029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1294.365400][T21029] R13: 00007eff997b6038 R14: 00007eff997b5fa0 R15: 00007ffd9223e438 [ 1294.365424][T21029] ? 0xffffffff81000000 [ 1294.365449][T21029] [ 1294.848808][T19956] Bluetooth: hci2: command 0x0c1a tx timeout [ 1295.015382][ T5867] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1295.067500][ T5867] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1295.115577][ T5867] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1295.137075][ T5867] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1295.146325][ T5867] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1295.457477][ T7907] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1295.754837][ T7907] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1295.935737][ T7907] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1296.101509][ T7907] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1296.861882][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1297.126301][T21072] usbip-vudc usbip-vudc.0: gadget not bound [ 1297.259653][ T5867] Bluetooth: hci3: command tx timeout [ 1297.384846][ T7907] bridge_slave_1: left allmulticast mode [ 1297.558866][ T7907] bridge_slave_1: left promiscuous mode [ 1297.688966][ T7907] bridge0: port 2(bridge_slave_1) entered disabled state [ 1297.813460][ T7907] bridge_slave_0: left allmulticast mode [ 1297.859956][ T7907] bridge_slave_0: left promiscuous mode [ 1297.865919][ T7907] bridge0: port 1(bridge_slave_0) entered disabled state [ 1298.944978][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1299.338820][ T5867] Bluetooth: hci3: command tx timeout [ 1300.056480][ T7907] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1300.116260][ T7907] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1300.163258][ T7907] bond0 (unregistering): Released all slaves [ 1300.245382][T21035] chnl_net:caif_netlink_parms(): no params data found [ 1300.912185][T21035] bridge0: port 1(bridge_slave_0) entered blocking state [ 1300.937698][T21142] random: crng reseeded on system resumption [ 1300.956396][T21035] bridge0: port 1(bridge_slave_0) entered disabled state [ 1300.998916][T21035] bridge_slave_0: entered allmulticast mode [ 1301.018990][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1301.049117][T21035] bridge_slave_0: entered promiscuous mode [ 1301.070060][ T7900] ERROR: Out of memory at tomoyo_memory_ok. [ 1301.104343][T21035] bridge0: port 2(bridge_slave_1) entered blocking state [ 1301.137777][T19912] ERROR: Out of memory at tomoyo_memory_ok. [ 1301.152686][T21035] bridge0: port 2(bridge_slave_1) entered disabled state [ 1301.190754][T21035] bridge_slave_1: entered allmulticast mode [ 1301.232555][T21035] bridge_slave_1: entered promiscuous mode [ 1301.418927][ T5867] Bluetooth: hci3: command tx timeout [ 1301.681359][T21035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1301.760247][T21035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1302.160531][T21035] team0: Port device team_slave_0 added [ 1302.325098][T21035] team0: Port device team_slave_1 added [ 1302.865075][T21035] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1302.897341][T21175] nbd: socks must be embedded in a SOCK_ITEM attr [ 1302.932190][T21035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1303.100743][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1303.118455][T21035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1303.272135][T21035] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1303.313259][T21035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1303.476807][T21035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1303.505121][ T5867] Bluetooth: hci3: command tx timeout [ 1303.923136][T21191] nfs: Bad value for 'source' [ 1303.953789][T21035] hsr_slave_0: entered promiscuous mode [ 1303.991166][T21191] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3738'. [ 1304.013090][T21035] hsr_slave_1: entered promiscuous mode [ 1304.057001][T21035] debugfs: 'hsr0' already exists in 'hsr' [ 1304.084908][T21035] Cannot create hsr debugfs directory [ 1304.240771][T21194] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3740'. [ 1305.053451][T21214] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3744'. [ 1305.181028][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1306.053521][ T7907] hsr_slave_0: left promiscuous mode [ 1306.078404][ T7907] hsr_slave_1: left promiscuous mode [ 1306.107571][ T7907] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1306.123438][T21235] netlink: 504 bytes leftover after parsing attributes in process `syz.2.3751'. [ 1306.172179][ T7907] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1306.190906][T21242] netlink: 504 bytes leftover after parsing attributes in process `syz.2.3751'. [ 1306.232164][ T7907] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1306.268558][ T7907] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1306.437297][ T7907] veth1_macvtap: left promiscuous mode [ 1306.490216][ T7907] veth1_vlan: left promiscuous mode [ 1306.495569][ T7907] veth0_vlan: left promiscuous mode [ 1307.259002][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1307.507711][T21260] random: crng reseeded on system resumption [ 1308.616573][ T7907] team0 (unregistering): Port device team_slave_1 removed [ 1308.772419][ T7907] team0 (unregistering): Port device team_slave_0 removed [ 1309.342646][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1310.084832][T21035] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1310.206390][T21035] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1310.244272][T21035] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1310.291491][T21035] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1310.709297][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1310.715826][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1310.816528][T21035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1310.966866][T21035] 8021q: adding VLAN 0 to HW filter on device team0 [ 1311.078265][T19910] bridge0: port 1(bridge_slave_0) entered blocking state [ 1311.085550][T19910] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1311.199743][T19910] bridge0: port 2(bridge_slave_1) entered blocking state [ 1311.206950][T19910] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1311.428924][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1312.487434][T21035] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1313.499047][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1315.000698][T21035] veth0_vlan: entered promiscuous mode [ 1315.153158][T21035] veth1_vlan: entered promiscuous mode [ 1315.574829][T21035] veth0_macvtap: entered promiscuous mode [ 1315.581082][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1315.709255][T21035] veth1_macvtap: entered promiscuous mode [ 1315.808259][T21035] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1315.933321][T21035] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1316.219722][ T7907] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1316.278004][ T7907] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1316.392090][ T7907] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1316.476829][ T7907] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1316.924593][ T7907] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1317.006749][ T7907] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1317.409903][T19910] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1317.418033][T19910] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1317.659082][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1318.058052][T21411] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3707'. [ 1318.116191][T21415] netlink: 13 bytes leftover after parsing attributes in process `syz.4.3707'. [ 1318.805563][T21413] Process accounting resumed [ 1319.741131][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1321.534115][T21475] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 1321.819266][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1323.146423][T21495] kAFS: No cell specified [ 1323.898907][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 1324.484531][T21492] ------------[ cut here ]------------ [ 1324.490918][T21492] WARNING: CPU: 0 PID: 21492 at kernel/trace/trace.c:8594 tracing_buffers_mmap_close+0xdd/0x130 [ 1324.502738][T21492] Modules linked in: [ 1324.507908][T21492] CPU: 0 UID: 0 PID: 21492 Comm: syz.3.3796 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1324.521341][T21492] Tainted: [U]=USER [ 1324.525197][T21492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1324.535361][T21492] RIP: 0010:tracing_buffers_mmap_close+0xdd/0x130 [ 1324.541981][T21492] Code: 75 46 48 8b 7b 08 e8 02 96 ff ff 31 ff 89 c3 89 c6 e8 e7 58 fb ff 85 db 75 0a 48 83 c4 08 5b e9 99 5d fb ff e8 94 5d fb ff 90 <0f> 0b 90 48 83 c4 08 5b e9 86 5d fb ff e8 c1 bc 60 00 eb 87 e8 ea [ 1324.562399][T21492] RSP: 0018:ffffc90003b47990 EFLAGS: 00010293 [ 1324.568533][T21492] RAX: 0000000000000000 RBX: 00000000ffffffed RCX: ffffffff81bfb219 [ 1324.577508][T21492] RDX: ffff8880253cbc00 RSI: ffffffff81bfb22c RDI: 0000000000000005 [ 1324.586185][T21492] RBP: ffffffff81bfb150 R08: 0000000000000005 R09: 0000000000000000 [ 1324.594864][T21492] R10: 00000000ffffffed R11: 0000000000000000 R12: ffff888066f36e08 [ 1324.604214][T21492] R13: dffffc0000000000 R14: ffffc90003b47a28 R15: 0000000000000000 [ 1324.613718][T21492] FS: 0000000000000000(0000) GS:ffff8881246c6000(0000) knlGS:0000000000000000 [ 1324.622995][T21492] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1324.629681][T21492] CR2: 0000555cd8b64008 CR3: 000000007c2f8000 CR4: 00000000003526f0 [ 1324.637691][T21492] Call Trace: [ 1324.641156][T21492] [ 1324.644103][T21492] remove_vma+0x85/0x160 [ 1324.648374][T21492] exit_mmap+0x511/0xb90 [ 1324.652716][T21492] ? __pfx_exit_mmap+0x10/0x10 [ 1324.657803][T21492] ? __lock_acquire+0xb97/0x1ce0 [ 1324.663033][T21492] __mmput+0x12a/0x410 [ 1324.667134][T21492] mmput+0x62/0x70 [ 1324.670942][T21492] do_exit+0x7c7/0x2bf0 [ 1324.675185][T21492] ? __pfx___might_resched+0x10/0x10 [ 1324.680640][T21492] ? __pfx_do_exit+0x10/0x10 [ 1324.685368][T21492] ? do_raw_spin_lock+0x12c/0x2b0 [ 1324.690583][T21492] ? find_held_lock+0x2b/0x80 [ 1324.695304][T21492] do_group_exit+0xd3/0x2a0 [ 1324.701068][T21492] get_signal+0x2673/0x26d0 [ 1324.705601][T21492] ? rcu_is_watching+0x12/0xc0 [ 1324.711336][T21492] ? __pfx_get_signal+0x10/0x10 [ 1324.716355][T21492] ? bpf_lsm_capable+0x9/0x10 [ 1324.721203][T21492] ? security_capable+0x7e/0x260 [ 1324.726193][T21492] arch_do_signal_or_restart+0x8f/0x790 [ 1324.731842][T21492] ? __pfx_do_syslog+0x10/0x10 [ 1324.736639][T21492] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1324.742915][T21492] ? xfd_validate_state+0x61/0x180 [ 1324.748077][T21492] exit_to_user_mode_loop+0x84/0x110 [ 1324.753559][T21492] do_syscall_64+0x3f6/0x490 [ 1324.758618][T21492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1324.764844][T21492] RIP: 0033:0x7fb2fdb8ebe9 [ 1324.769448][T21492] Code: Unable to access opcode bytes at 0x7fb2fdb8ebbf. [ 1324.776532][T21492] RSP: 002b:00007fb2fea36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000067 [ 1324.786633][T21492] RAX: 0000000000000400 RBX: 00007fb2fddb5fa0 RCX: 00007fb2fdb8ebe9 [ 1324.795160][T21492] RDX: 0000000000000400 RSI: 0000200000000080 RDI: 0000000000000004 [ 1324.804615][T21492] RBP: 00007fb2fdc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1324.813551][T21492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1324.821604][T21492] R13: 00007fb2fddb6038 R14: 00007fb2fddb5fa0 R15: 00007ffe13a78f68 [ 1324.829704][T21492] [ 1324.832740][T21492] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1324.840119][T21492] CPU: 0 UID: 0 PID: 21492 Comm: syz.3.3796 Tainted: G U 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) [ 1324.853504][T21492] Tainted: [U]=USER [ 1324.857326][T21492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1324.867486][T21492] Call Trace: [ 1324.870781][T21492] [ 1324.873747][T21492] dump_stack_lvl+0x3d/0x1f0 [ 1324.878439][T21492] vpanic+0x6e8/0x7a0 [ 1324.882466][T21492] ? __pfx_vpanic+0x10/0x10 [ 1324.887021][T21492] ? tracing_buffers_mmap_close+0xdd/0x130 [ 1324.893054][T21492] panic+0xca/0xd0 [ 1324.896907][T21492] ? __pfx_panic+0x10/0x10 [ 1324.901532][T21492] ? check_panic_on_warn+0x1f/0xb0 [ 1324.906796][T21492] check_panic_on_warn+0xab/0xb0 [ 1324.911777][T21492] __warn+0xf6/0x3c0 [ 1324.915721][T21492] ? tracing_buffers_mmap_close+0xdd/0x130 [ 1324.921556][T21492] report_bug+0x3c3/0x580 [ 1324.925912][T21492] ? tracing_buffers_mmap_close+0xdd/0x130 [ 1324.931784][T21492] handle_bug+0x184/0x210 [ 1324.936155][T21492] exc_invalid_op+0x17/0x50 [ 1324.940710][T21492] asm_exc_invalid_op+0x1a/0x20 [ 1324.945585][T21492] RIP: 0010:tracing_buffers_mmap_close+0xdd/0x130 [ 1324.952089][T21492] Code: 75 46 48 8b 7b 08 e8 02 96 ff ff 31 ff 89 c3 89 c6 e8 e7 58 fb ff 85 db 75 0a 48 83 c4 08 5b e9 99 5d fb ff e8 94 5d fb ff 90 <0f> 0b 90 48 83 c4 08 5b e9 86 5d fb ff e8 c1 bc 60 00 eb 87 e8 ea [ 1324.971750][T21492] RSP: 0018:ffffc90003b47990 EFLAGS: 00010293 [ 1324.977860][T21492] RAX: 0000000000000000 RBX: 00000000ffffffed RCX: ffffffff81bfb219 [ 1324.985842][T21492] RDX: ffff8880253cbc00 RSI: ffffffff81bfb22c RDI: 0000000000000005 [ 1324.993830][T21492] RBP: ffffffff81bfb150 R08: 0000000000000005 R09: 0000000000000000 [ 1325.001818][T21492] R10: 00000000ffffffed R11: 0000000000000000 R12: ffff888066f36e08 [ 1325.009816][T21492] R13: dffffc0000000000 R14: ffffc90003b47a28 R15: 0000000000000000 [ 1325.017947][T21492] ? __pfx_tracing_buffers_mmap_close+0x10/0x10 [ 1325.024224][T21492] ? tracing_buffers_mmap_close+0xc9/0x130 [ 1325.030059][T21492] ? tracing_buffers_mmap_close+0xdc/0x130 [ 1325.035941][T21492] remove_vma+0x85/0x160 [ 1325.040210][T21492] exit_mmap+0x511/0xb90 [ 1325.044648][T21492] ? __pfx_exit_mmap+0x10/0x10 [ 1325.049557][T21492] ? __lock_acquire+0xb97/0x1ce0 [ 1325.054550][T21492] __mmput+0x12a/0x410 [ 1325.058732][T21492] mmput+0x62/0x70 [ 1325.062649][T21492] do_exit+0x7c7/0x2bf0 [ 1325.066848][T21492] ? __pfx___might_resched+0x10/0x10 [ 1325.072171][T21492] ? __pfx_do_exit+0x10/0x10 [ 1325.076842][T21492] ? do_raw_spin_lock+0x12c/0x2b0 [ 1325.081911][T21492] ? find_held_lock+0x2b/0x80 [ 1325.086625][T21492] do_group_exit+0xd3/0x2a0 [ 1325.091174][T21492] get_signal+0x2673/0x26d0 [ 1325.095717][T21492] ? rcu_is_watching+0x12/0xc0 [ 1325.100525][T21492] ? __pfx_get_signal+0x10/0x10 [ 1325.105430][T21492] ? bpf_lsm_capable+0x9/0x10 [ 1325.110127][T21492] ? security_capable+0x7e/0x260 [ 1325.115091][T21492] arch_do_signal_or_restart+0x8f/0x790 [ 1325.120683][T21492] ? __pfx_do_syslog+0x10/0x10 [ 1325.125480][T21492] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1325.131682][T21492] ? xfd_validate_state+0x61/0x180 [ 1325.136827][T21492] exit_to_user_mode_loop+0x84/0x110 [ 1325.142145][T21492] do_syscall_64+0x3f6/0x490 [ 1325.146769][T21492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1325.152676][T21492] RIP: 0033:0x7fb2fdb8ebe9 [ 1325.157108][T21492] Code: Unable to access opcode bytes at 0x7fb2fdb8ebbf. [ 1325.164142][T21492] RSP: 002b:00007fb2fea36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000067 [ 1325.172584][T21492] RAX: 0000000000000400 RBX: 00007fb2fddb5fa0 RCX: 00007fb2fdb8ebe9 [ 1325.180618][T21492] RDX: 0000000000000400 RSI: 0000200000000080 RDI: 0000000000000004 [ 1325.188879][T21492] RBP: 00007fb2fdc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1325.197061][T21492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1325.205316][T21492] R13: 00007fb2fddb6038 R14: 00007fb2fddb5fa0 R15: 00007ffe13a78f68 [ 1325.213432][T21492] [ 1325.216700][T21492] Kernel Offset: disabled [ 1325.221046][T21492] Rebooting in 86400 seconds..