last executing test programs: 4.859985084s ago: executing program 3 (id=848): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000380), 0xffffffffffffffff) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000002500)='/dev/input/event2\x00', 0x2080, 0x0) ioctl$auto_EVIOCGKEYCODE_V2(r0, 0x80284504, 0x0) 4.696184088s ago: executing program 3 (id=850): r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) getsockopt$auto_SO_MAX_PACING_RATE(r0, 0xe251, 0x2f, &(0x7f0000000140)='L@{@\'-}\x00', &(0x7f0000000180)=0xd5a) syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x503083, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40800) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r2) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001280)={&(0x7f0000001140)=ANY=[@ANYBLOB="14010000", @ANYRES16=r3, @ANYBLOB="080027bd7000fddbdf2569000000060065000900000006004f01090000001700130013c366f9244357d432f6e44cc4bf4e5878fe5d00080002002f247b0005006000080000000500a3000200000045001f00ff8ddbe0dca3a0c40b31575a0fc89a052ad1070f85525f215dde201061c7ecbce4e876ab8d9dd571ee3b51789e3654f47243f6e34471afffdadef51ab57ef583e90000005c007580ba6aeb15a3f761572ca4eb336e5dfaa39a4e112524144c26d5", @ANYRES32=r1, @ANYBLOB="05008a00080000000500f60007000000"], 0x108}, 0x1, 0x0, 0x0, 0x91}, 0x10) ioctl$auto_MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mlockall$auto(0x7) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) 4.26978898s ago: executing program 0 (id=853): r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) getsockopt$auto_SO_MAX_PACING_RATE(r0, 0xe251, 0x2f, &(0x7f0000000140)='L@{@\'-}\x00', &(0x7f0000000180)=0xd5a) syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x503083, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40800) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r2) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001280)={&(0x7f0000001140)=ANY=[@ANYBLOB="14010000", @ANYRES16=r3, @ANYBLOB="080027bd7000fddbdf2569000000060065000900000006004f01090000001700130013c366f9244357d432f6e44cc4bf4e5878fe5d00080002002f247b0005006000080000000500a3000200000045001f00ff8ddbe0dca3a0c40b31575a0fc89a052ad1070f85525f215dde201061c7ecbce4e876ab8d9dd571ee3b51789e3654f47243f6e34471afffdadef51ab57ef583e90000005c007580ba6aeb15a3f761572ca4eb336e5dfaa39a4e112524144c26d5", @ANYRES32=r1, @ANYBLOB="05008a00080000000500f60007000000"], 0x108}, 0x1, 0x0, 0x0, 0x91}, 0x10) ioctl$auto_MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mlockall$auto(0x7) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) 3.483443382s ago: executing program 3 (id=857): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) sethostname$auto(0x0, 0x1) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x1ff, 0x7fa, 0xfffffff, 0x9, 0x7, 0xffffffffffffffff, 0x20010180, 0xa}, 0x10) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xad6) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xe6e43, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sysvipc/sem\x00', 0x0, 0x0) lseek$auto(r3, 0x7fd, 0x1) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/pci0000:00/waiting_for_supplier\x00', 0x80800, 0x0) sendfile$auto(0x1, r4, 0x0, 0x400007ffff000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) msync$auto(0x1ffff000, 0x180000000000900, 0x400000004) getsockopt$auto(r1, 0x4, 0x4, &(0x7f0000000040)='/sys/devices/pci0000:00/waiting_for_supplier\x00', &(0x7f0000000180)=0x9) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket(0x2, 0x3, 0xa) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r6 = ioctl$auto_TUNSETNOCSUM(r5, 0x400454c8, &(0x7f00000001c0)=0x8) bpf$auto(0x101, &(0x7f0000000280)=@bpf_attr_0={0xa, 0x200000b8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2a3ce63f0000f8ffffff00", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6, r6}, 0xf) connect$auto(r8, &(0x7f0000000240)=@can={0x1d, r7}, 0x6) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r7, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) r9 = socket(0x2, 0x3, 0x1) getsockopt$auto_SO_DEBUG(r9, 0xff, 0x1, 0x0, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) 3.432328864s ago: executing program 2 (id=858): mmap$auto(0x0, 0x2020009, 0xffffffffffffffff, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/dynamic_debug/control\x00', 0x482, 0x0) mprotect$auto(0x200000000000, 0x806122, 0xc) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sched_setscheduler$auto(0x0, 0x3, &(0x7f0000000040)={0x1}) ioprio_set$auto(0x2, 0x800000000, 0x8) read$auto(0x3, 0x0, 0x8080) r0 = socket(0x28, 0x1, 0x0) io_uring_setup$auto(0xe5f4, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000380), 0x900, 0x0) mmap$auto(0x0, 0xc, 0x4000010000df, 0x40000000000eb1, 0x401, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_RTC_PARAM_GET(0xffffffffffffffff, 0x40187013, 0x0) socket(0x16, 0x1, 0x106) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x20904, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000000)={{0x3, 0x1002, 0xfffffffc, 0x5, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e18441074052a3fa6c3ccf1bf00"}) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$auto(0x5, &(0x7f0000000080)=@batch={0x9, 0xfffffffffffff800, 0x39, 0xb, 0x2, 0xffffffffffffffff, 0x0, 0x100000001}, 0x5) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/i8042/serio0/id/id\x00', 0xa000, 0x0) r2 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/tracing/dynamic_events\x00', 0x201, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r2, &(0x7f00000002c0)="65507307ff6587a725ca87720ef9769f205b2e", 0x13) getsockopt$auto(r0, 0x28, 0x0, 0x0, 0x0) 3.196573222s ago: executing program 2 (id=859): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000380), 0xffffffffffffffff) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000002500)='/dev/input/event2\x00', 0x2080, 0x0) ioctl$auto_EVIOCGKEYCODE_V2(r0, 0x80284504, 0x0) 3.04677989s ago: executing program 0 (id=860): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) setuid$auto(0x800000000008) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x71f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = clone$auto(0x20003b4a, 0xecc, 0x0, 0x0, 0x2) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) mmap$auto(0x0, 0x400008, 0xdf, 0x15, r1, 0x8000) pidfd_open$auto(r2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xeb, 0x6, 0x2, 0x1fd, 0x7, 0x4, 0x8, 0xf, 0x8000009, 0x1, 0x8, 0x1, 0xfca, 0x0, 0x2, 0xffffffffffffffff]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) setsockopt$auto_SO_PRIORITY(r0, 0x3, 0xc, &(0x7f0000000000)='\x00', 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 3.003832973s ago: executing program 2 (id=862): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) (async) r0 = fsopen$auto(&(0x7f0000000080)='.^#!)({]-^\'\x00', 0xffffffff) ioctl$auto_UBI_IOCATT(r0, 0x40186f40, &(0x7f0000000200)={0x200, 0x6, 0x9, 0x5, 0x5, 0x5}) (async) r1 = prctl$auto(0x100003b, 0x7, 0x4, 0x8, 0x7) (async) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) sync_file_range$auto(r2, 0x7, 0x3d, 0x2) (async) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = socket(0x11, 0xa, 0x9) (async) socket(0xa, 0x2, 0x3a) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyz9\x00', 0x600882, 0x0) (async) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000240), r0) (async) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x1, &(0x7f0000000300)={[0xd, 0x2, 0x2, 0xd, 0x7, 0x100000001, 0x2, 0x80000000, 0x4, 0xfffffffffffffd9b, 0x2, 0x0, 0x1, 0x5, 0x80000000, 0x1]}, &(0x7f0000000380)={[0x0, 0x8, 0x4ab1e6a7, 0x7, 0x2, 0xfffffffffffffff8, 0x0, 0x1000, 0xf6, 0x80000000, 0x78, 0x1, 0x9, 0x7ff, 0x98f6]}, &(0x7f0000000440)={[0x6, 0x8, 0x8000000000000001, 0x5, 0x7ff, 0x7, 0x5, 0x80000, 0x1, 0x64, 0x56, 0x9, 0x7fff, 0x0, 0x7fffffffffffffff, 0x8]}, &(0x7f0000000280)={0xfffffffffffffff0, 0x13}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) (async) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) (async) socket(0xa, 0x2, 0x0) (async) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) ioctl$auto_PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000180)={0x3, 0x8, 0x5, 0x0, 0x7f, 0x1, 0x9, 0x2, 0x7, 0x0, 0x2c, 0x3}) r5 = socket(0x10, 0x2, 0x4) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x10, 0x2, 0xc) (async) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r3, @ANYRES8=r4], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r5, &(0x7f0000000000)='-\x00', 0xfdef) (async) r6 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r6, 0xc004743e, 0x0) (async) ioctl$auto_PPPIOCSMRU(r6, 0x40047452, 0x0) 2.787182713s ago: executing program 2 (id=863): unshare$auto(0x40000080) prctl$auto(0x9, 0x7fff, 0x0, 0x1, 0x400000000) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x7fffffffffffffff, 0x9) r0 = clone$auto(0x21, 0x80000007, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) wait4$auto(r0, 0x0, 0x80000000, &(0x7f0000000140)={{0x10000, 0x100080}, {0x1, 0x9}, 0x8000000000000000, 0x2, 0x9, 0x10, 0x2, 0x1, 0x5, 0x6, 0x3, 0x800000000000008, 0x4, 0x7, 0x6, 0xb4b9}) socket(0x2c, 0x1, 0x0) r1 = socket(0x10, 0x2, 0x0) mmap$auto(0x4, 0x6, 0xdc, 0x14, r1, 0x31e) fcntl$auto_F_NOTIFY(r1, 0x402, 0x9000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0xffff}, 0x5, 0x20000043) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/tty/ttyta/power/runtime_status\x00', 0x94000, 0x0) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x228000, 0x0) mmap$auto(0xd69, 0x68a, 0x0, 0x17, r3, 0xffffffff80000000) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000180)="39198cef1767bca1be9490a4f06fcce87acaeb8f3914f768048b3b3ac82bbf289a87b0a673974522d41fca7ec508dca7911eb76ce8b6dda2064daf5bc834aff359f6e84b4e8790088d3d085dcd9bd632ca1c5d2879aaed8511d7ba520f73dd18363ecb6ce5b80abfd2728c8179a0409bca8cd22056793124498eddfafcff41ff1bafbfed6ee5d0f70a6da2a91977c2c51a13b240b1b53592edb74b787631279f63eec284c9a7486053f36f8c150f094231953e812a2185de60", 0x200084c, 0x0, 0x9, 0x0, 0x3, 0x10b}, 0x4}, 0xffffffff, 0xc5c) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8e2c2, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x4020009, 0x6, 0xeb0, 0x401, 0x40000000008001) mmap$auto(0x400002, 0x5, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x1ffe, 0x100000004, 0xa63f, 0x0, 0xffffffffffffff39, 0x1) madvise$auto(0x1, 0x2, 0x7) 2.6805717s ago: executing program 1 (id=864): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000003f40)=""/156, 0x9c) 2.248055596s ago: executing program 1 (id=865): sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0xffffff9d, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYRESDEC=0x0, @ANYRES16=0x0, @ANYRES8=0x0], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/ext4/sda1/options\x00', 0x80000, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000040)=""/27, 0x1b) (async) r1 = socket(0x11, 0xa, 0x9) socket(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) (async) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) (async) socket(0xa, 0x2, 0x0) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000080), 0x840, 0x0) (async, rerun: 64) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) (rerun: 64) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) r3 = socket(0x10, 0x2, 0x4) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) socket(0x10, 0x2, 0xc) (async, rerun: 32) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r1, @ANYRES8=r2], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r3, &(0x7f0000000000)='-\x00', 0xfdef) 1.926729366s ago: executing program 0 (id=866): r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) getsockopt$auto_SO_MAX_PACING_RATE(r0, 0xe251, 0x2f, &(0x7f0000000140)='L@{@\'-}\x00', &(0x7f0000000180)=0xd5a) syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x503083, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40800) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r2) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001280)={&(0x7f0000001140)=ANY=[@ANYBLOB="14010000", @ANYRES16=r3, @ANYBLOB="080027bd7000fddbdf2569000000060065000900000006004f01090000001700130013c366f9244357d432f6e44cc4bf4e5878fe5d00080002002f247b0005006000080000000500a3000200000045001f00ff8ddbe0dca3a0c40b31575a0fc89a052ad1070f85525f215dde201061c7ecbce4e876ab8d9dd571ee3b51789e3654f47243f6e34471afffdadef51ab57ef583e90000005c007580ba6aeb15a3f761572ca4eb336e5dfaa39a4e112524144c26d5", @ANYRES32=r1, @ANYBLOB="05008a00080000000500f60007000000"], 0x108}, 0x1, 0x0, 0x0, 0x91}, 0x10) ioctl$auto_MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mlockall$auto(0x7) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) 1.926523521s ago: executing program 2 (id=867): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0xa, 0x0, 0x4) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x20008, 0x4000400000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/fib_multipath_hash_policy\x00', 0x2602, 0x0) socket(0x29, 0x5, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) io_uring_setup$auto(0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x8001) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x204880, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101200, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000001180), 0xe40, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae90, &(0x7f00000000c0)={0x2, 0x0, [{0x1, 0x7ff, 0x8}, {0x10002, 0x30, 0x5}, {0x0, 0x0, 0x7}]}) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x948b, 0x9, 0x5, 0x6, 0x10, 0x64, 0x84000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) 1.926083558s ago: executing program 3 (id=868): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/021/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_REAPURB32(r0, 0x4004550c, &(0x7f0000000300)=0x10003fe) 1.92418882s ago: executing program 1 (id=869): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x2, 0x1) io_uring_setup$auto(0x2, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) r0 = socket(0x2, 0x80002, 0x73) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) r1 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) write$auto_lru_gen_rw_fops_vmscan(r1, &(0x7f0000000080)="9379", 0x2) getsockopt$auto_SO_RCVTIMEO_OLD(r0, 0x1, 0x14, &(0x7f0000000000)='\x00', &(0x7f0000000100)=0x68) 1.042282478s ago: executing program 3 (id=870): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210006, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x9, 0x8, 0x3, 0x105, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x9, 0x0, 0x4, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x3, 0x100) r1 = socket(0x10, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f00000000c0)={0x0, 0x30, &(0x7f0000000b00)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x40000) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b40)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYRES32=r2], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000003c0), r0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/use_zero_page\x00', 0x28442, 0x0) writev$auto(r6, &(0x7f0000000100)={&(0x7f0000000080), 0x2}, 0x6) sendmsg$auto_NL80211_CMD_SET_WIPHY(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="130026bd70006b68e11636178b6608000300", @ANYRES32=r5], 0x24}, 0x1, 0x0, 0x0, 0x4004080}, 0x20040894) r7 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(r7, &(0x7f0000000300)="632d1bfe595046ab5c40bd6163307acb6501baef6176e669a216aae1144ccafdd80500ffffffffdfff0000018056ada5cc4fbc3fc0ebbc2f", 0x38) syz_genetlink_get_family_id$auto_ipvs(0x0, r1) close_range$auto(0x2, 0x8, 0x0) r8 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) socket(0xa, 0x3, 0x0) landlock_restrict_self$auto(r8, 0xb) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci4/power\x00', 0x0, 0x0) ioctl$auto_XFS_IOC_ERROR_CLEARALL(r10, 0x40085875, &(0x7f0000000040)={r9, 0x1000}) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x434842, 0x0) 945.297453ms ago: executing program 0 (id=871): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000002500)='/dev/input/event2\x00', 0x2080, 0x0) ioctl$auto_EVIOCGKEYCODE_V2(r0, 0x80284504, 0x0) 879.857359ms ago: executing program 1 (id=872): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000040)={0x8, 0x2, '\a\x00\x00\x00\x00\x00\x00\x00'}, 0x2) write$auto(r0, 0x0, 0x1) 762.126492ms ago: executing program 1 (id=873): syz_genetlink_get_family_id$auto_net_shaper(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mincore$auto(0x1000, 0x4000000, 0x0) 669.182118ms ago: executing program 3 (id=874): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) setuid$auto(0x800000000008) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x71f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = clone$auto(0x20003b4a, 0xecc, 0x0, 0x0, 0x2) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) mmap$auto(0x0, 0x400008, 0xdf, 0x15, r1, 0x8000) pidfd_open$auto(r2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xeb, 0x6, 0x2, 0x1fd, 0x7, 0x4, 0x8, 0xf, 0x8000009, 0x1, 0x8, 0x1, 0xfca, 0x0, 0x2, 0xffffffffffffffff]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) setsockopt$auto_SO_PRIORITY(r0, 0x3, 0xc, &(0x7f0000000000)='\x00', 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 668.565374ms ago: executing program 0 (id=882): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000002500)='/dev/input/event2\x00', 0x2080, 0x0) ioctl$auto_EVIOCGKEYCODE_V2(r0, 0x80284504, 0x0) 639.620555ms ago: executing program 2 (id=875): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 64) sysfs$auto(0xffffff70, 0x1, 0x0) (async, rerun: 64) mlock$auto(0xfff, 0xde7f) (async) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) (async) r0 = io_uring_setup$auto(0x1, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x672e, 0x10df, 0xeb1, 0xffffffffffffffff, 0x3) (rerun: 64) r1 = getsockopt$auto(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0) (async) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) (async, rerun: 64) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) mmap$auto(0x6, 0x2020009, 0x80, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) write$auto(0x3, 0x0, 0x100082) rseq$auto(0x0, 0x8000, 0x0, 0x6) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f0000000240)='T\xe9@\xe8\n8\x99\x85fw\xf1J\xc2\x18\xb5k\xb9\xcbo\x8fv;s\x1e\x1aZ)\xc9:\x95\xb1\x05\xed\xfc\xe6\x02D\n\xbe\xdeC\v\x887\xd4\x0e\x1f\xa5Y3z\x9bI\"\x9dB\xad\x98D\xa8\x92\xb8\xf8\x885\xcd\xfd\xa9\xf2\x8d\x8c\\e\xcdU\xa30\xbc\xeb\x99n\xcc\xb3\xfd]\x81\xfc', 0x3) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000) (async, rerun: 64) read$auto_ptdump_fops_(0xffffffffffffffff, &(0x7f0000001080)=""/4096, 0x1000) (async, rerun: 64) io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x40e00, 0x0) (async) r4 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000001040), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="db92933e60ec16034b06f54995844887dfffff", @ANYRES16=r4, @ANYBLOB="010005000000fd420f41ad000000080008000500000008000100e0e4516508000200010000000800090006000000"], 0x34}, 0x1, 0x0, 0x0, 0x24048000}, 0x14) (async) pread64$auto(r3, 0x0, 0x3, 0x5ef6) msync$auto(0x1ffff000, 0x180000000000101, 0x400000004) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) (async) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000200)=ANY=[@ANYBLOB="9c06710e7ef50a651e100000", @ANYRESDEC=r1, @ANYRES16=r4], 0x4c}}, 0x40800) unshare$auto(0x8000000) (async, rerun: 64) semget$auto(0x0, 0x2e4a, 0x8000) (async, rerun: 64) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x7f) (async) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x36ec}, 0x1f4, 0x0) (async, rerun: 64) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/udplite6\x00', 0x101000, 0x0) (rerun: 64) 548.319212ms ago: executing program 0 (id=876): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x3, @rand_addr=0x64010101}, 0x54) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r2 = openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x242, 0x0) read$auto_sco_debugfs_fops_(r2, &(0x7f0000000140)=""/211, 0xd3) mmap$auto(0x0, 0x400006, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sysfs$auto(0xfffffffe, 0x0, 0xf3) r3 = fsopen$auto(0x0, 0xffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count\x00', 0xc0082, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x10000, 0x4080000000db, 0xeb5, 0x2, 0x7ffc) open(0x0, 0x161342, 0x130) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) sendmsg$auto_NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000100)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x2008050) sendmsg$auto_NL80211_CMD_ADD_TX_TS(r3, &(0x7f00000009c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000980)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\a\x00\x00', @ANYRES16=0x0, @ANYBLOB="000427bd7000fddbdf2569000000050019000900000011070f00db9b8b18381816e3c93633811283aa5e50172eba1c0a52b38b00efd21043025830bb6b569bb69d91b75d5cfa27fb0d70a21b5894f8eb4e9ff0ee84599d928d54516ce5e9234d1549fbd2e21b89fb1ab30e877f3b971a324ef6c3ed73836aa140fdd66465ab9fdce2f8d999c6ef5711ebf5a1734f5244e3a96ab0545f62cbcfe46645271d8100e40259d8c54b0a45345a49787b3d73c3e6b93c7e6b159dd9cc90362871f19ba33bb35113164348d327cda2e28bec468ef7917376d25122cb0dc518e7115db04691e6305e86362d2463c18083ed69967a57d48e9c87f736f3b9639527d6806ea72d9099c3fb38204e09a74ea16e5d585c6b48be8d5e390d523188044a23d5242051b8c79c262f59fa12907ad4f46872101a33435c36009ddc58de5fcc1dae3d5b8057f5a92a8f9fc63804d78da9c2c8631ee4449b289bb143e82a3a6418f77f82c094b94c5ae10d993b57b29a9bd144ca8453b70e7b429a5597f8b9afb335a9a68bdf584bfff102dfd8180ff73d736be5dbbac6165547c22aee9a7a727b789dd5d2060f9d89fcb8416260fa64b5ae998098b3764267ab10a876774a74d33cc877da4d2605e8be05e81905fc896e20e5372520340af65f43d326674e0606bd6fc2e6423a25f5a0abda84ec1a17c413d26da5d70b253212cf155e5735fb981c8d5345ae36007309478fa0b52c8df95ec5f1a7ddebf489daaf9ffb708de25512f729806e54194355b48b3e542bbe04572916f46463f0bb935d5e97e29ba511ad60df7c03dd964a8e0f847975094514e6979cf82ad7b58090569075b41ae3afdd5ea8408902e6a6b18466e4ba0b3b061447fd22817ce969a400143516f33db3d4e95bad4d8aeb8f8ec545b3e70fe769d03ffb5916e0481e0f34043808d37b4ed92a0876921823107d43d09a90b6d3077364eb75c3f593f6268f4595b3cddf4ed8fbafca9385585ef0a72a5c84fec9a76a56fbc6d11114796b28a72817db60ef19bfc11a1efaced0e6b655be1c08c1565802526b51f38e84586c7bbeeb3142344614b670feb0d0713d580470a8cfb0390cdf730d812ca11510e2141fd7de9e7e950200a5f8f00237d2add66c9d5218cf9ca1efbaf4e4276a6520c250573b3c1cb49ebafc24c2ea27e9b7c11f1865890fa828b7b40b9f658d8181c8e80e9de0c6828dc42d91edd2eda1df6038c35689400739caf0fe176120b403b5eee8042f102a3498b6ea1ea218c29e12a5afebe7a626e4048ef1aac1ec2d6a1e2312b32d96a62cc0534fbf0ad7bdd66d0810967d3d163c48ecbb2e40bec2c02bfad5f5ceca86f6247f2f104f7503c0ca9d484e68b192a3800381a1019bf8453e231533b2ff5811e2da1f1d10057b4b01bf370e19d45afe9a7be13550159210a4ef388e843af32ed5587aee7d8a3d9acedbb94fe6f0cdc6ac6ae641177b81e5ce7bba1ca3ec0284bac13486155f1af9fb191c604cbe63cd2721d902e7617ba5d43dbaa459d63e5e8832f419dac81540a5ae6a6e0050ee224392084af5fcf7ff16185513fea59dfc6d66ea0b136ed410227e149c973f8b7434a2198677ad9d40dad0c5a6ac9c3830ba3845175ab6d43f420919a708863a4129fd19dbd936762136f44155fd95070561076c87f44ffbb1e4932d57c8132e4324ea2a04409b2e4e4b2123f3455b9cbe7dd2efa2d4f24228a5e50611fbe3128418a6fc1879f47518f5e19086023c9bee50ce8e6d318f613df82633fd9d823e546af8ba683b203a7f840a92b25df2ff63752d930446ce5863aa35a50b96f79edea3994e0ee4a31a832f82a9999dbfeb7d903ff03f9f0723ac42527a84cc0d43fd4a8cd349008188c12112f57d4f667d25e8461ba7d2cd18d064f0467cfab2d991c9d925829d333490fe90e0aca24665a5924242d9bc3254fc6fbee8054c0a85100aef928c212451e930f95cb21a2c418b1a2c931bbd495b74ac7823dd75483d27eaae1d6d82c0d7968f9a4456c4bd25f43d4ebf0302c3ee37414e5acb65a5bdbfb96ca7d21476d0c49af3300d1d4ba0f370b5d8fcf2e17a8f860f78ac344c9466af7bea50c288f6f8178eea35212618aa3a03c49f313c9387bea5cd782d28219f7c41784f595ef97f600ada609444aeffa7b9b7c540f9f6a78894a110f0732f484f315bd4c2088f835d802a74d61cedc35dd2a99e84e864e42078d1114a30626c8012e1f1db974c61cf57862c83241e25d86aa9e34f7bcd8a8159210e51aa6517a0c97b6cbd65ddbcc09c7ecab6ede0afe944c7a20ddbcd036cb8e0c79c700c110f79835a553e1823772adb8bf24f8f40d23e75a8ec3b1d4c024c5aa8717efa68acf32e7a7c39ef2fb2671c7cb4b4a6c55adec8f83597007c45fa0944a6b3df68874698b500fac304509662587102a12a25a478ba41e986f342af8fc74ca9c0d5958a3b4faa8f22555f4cb524496c7d4f9ff593450797c839013135f3bc5c6741a853de9ed5a75dc97cfffbca0d342e82a6e9c96c9f5510dd128d62a273c387d2e9d1bef8606e4742c9ab88e66b8c32ac1a3fd430c6053134000000"], 0x730}, 0x1, 0x0, 0x0, 0x4004800}, 0x200008c0) r4 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, 0x0, 0x0, 0x0) pread64$auto(r4, 0x0, 0x101, 0x103) read$auto_mon_fops_text_t_mon_text(r4, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 1 (id=877): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b58", 0xfdef) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x501, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0xffffffffffffffff, 0x100000010, 0xffffffffffffffff, 0x8000) socketpair$auto(0xb, 0xd, 0x808e8, 0x0) madvise$auto(0x40, 0xffffffffffff0005, 0x4ea) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/tty39\x00', 0x800, 0x0) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) socket$nl_generic(0x10, 0x3, 0x10) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) r2 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, 0x0) r3 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r3, 0x40383d0c, 0x0) sendfile$auto(0xffffffffffffffff, 0x3, 0x0, 0xc01) r4 = socket(0x2, 0x2, 0x1) connect$auto(r4, &(0x7f00000000c0)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}}, 0x55) connect$auto(r4, &(0x7f0000000000)=@l2tp={0x2, 0x0, @multicast2, 0x1}, 0x7f) r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r5, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>/\xff', 0x100000001) r6 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) ioctl$auto(r6, 0x901064ae, 0x4) write$auto(r2, &(0x7f00000000c0)='\xc4\x1dR\x00\x003\x1bO\xbb\x98)\x7fTa1\xa3\xd0\x89\x1e\\\xff', 0x8587) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000003900)='\t', 0x1) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts. [ 72.863671][ T5810] cgroup: Unknown subsys name 'net' [ 72.990599][ T5810] cgroup: Unknown subsys name 'cpuset' [ 72.999495][ T5810] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.467107][ T5810] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.217856][ T5823] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.227564][ T5823] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.237557][ T5827] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.247396][ T5828] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.256121][ T5827] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.256274][ T5828] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.265665][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.271844][ T5828] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.283852][ T5144] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.294551][ T5144] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.303044][ T5144] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.304548][ T5831] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.317952][ T5831] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.328294][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.336007][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.362141][ T5827] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.378234][ T5827] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.387053][ T5827] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.408264][ T5827] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.416461][ T5827] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.823485][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 76.912076][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 76.979421][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 77.173298][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.181225][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.188622][ T5826] bridge_slave_0: entered allmulticast mode [ 77.195867][ T5826] bridge_slave_0: entered promiscuous mode [ 77.210131][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 77.233435][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.240995][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.249006][ T5825] bridge_slave_0: entered allmulticast mode [ 77.255995][ T5825] bridge_slave_0: entered promiscuous mode [ 77.263897][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.271754][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.279051][ T5826] bridge_slave_1: entered allmulticast mode [ 77.286108][ T5826] bridge_slave_1: entered promiscuous mode [ 77.309689][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.316847][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.325110][ T5825] bridge_slave_1: entered allmulticast mode [ 77.332431][ T5825] bridge_slave_1: entered promiscuous mode [ 77.372716][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.380040][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.387621][ T5821] bridge_slave_0: entered allmulticast mode [ 77.394705][ T5821] bridge_slave_0: entered promiscuous mode [ 77.428167][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.437973][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.445121][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.453045][ T5821] bridge_slave_1: entered allmulticast mode [ 77.460234][ T5821] bridge_slave_1: entered promiscuous mode [ 77.486063][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.507673][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.546370][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.574036][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.622978][ T5826] team0: Port device team_slave_0 added [ 77.631439][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.653700][ T5825] team0: Port device team_slave_0 added [ 77.661498][ T5826] team0: Port device team_slave_1 added [ 77.694113][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.701492][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.709052][ T5832] bridge_slave_0: entered allmulticast mode [ 77.716053][ T5832] bridge_slave_0: entered promiscuous mode [ 77.725466][ T5825] team0: Port device team_slave_1 added [ 77.732268][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.739304][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.765468][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.788649][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.795864][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.803359][ T5832] bridge_slave_1: entered allmulticast mode [ 77.810749][ T5832] bridge_slave_1: entered promiscuous mode [ 77.830171][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.837434][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.863425][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.876665][ T5821] team0: Port device team_slave_0 added [ 77.920136][ T5821] team0: Port device team_slave_1 added [ 77.947465][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.954730][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.981485][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.005767][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.024844][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.032094][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.059537][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.084513][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.094745][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.101872][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.127861][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.154881][ T5826] hsr_slave_0: entered promiscuous mode [ 78.161474][ T5826] hsr_slave_1: entered promiscuous mode [ 78.178940][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.185916][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.211997][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.275719][ T5832] team0: Port device team_slave_0 added [ 78.309961][ T5821] hsr_slave_0: entered promiscuous mode [ 78.316690][ T5821] hsr_slave_1: entered promiscuous mode [ 78.323240][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 78.329204][ T5821] Cannot create hsr debugfs directory [ 78.337642][ T5832] team0: Port device team_slave_1 added [ 78.349802][ T5825] hsr_slave_0: entered promiscuous mode [ 78.356231][ T5825] hsr_slave_1: entered promiscuous mode [ 78.358157][ T5827] Bluetooth: hci2: command tx timeout [ 78.362953][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 78.367826][ T5831] Bluetooth: hci1: command tx timeout [ 78.373096][ T5823] Bluetooth: hci0: command tx timeout [ 78.384133][ T5825] Cannot create hsr debugfs directory [ 78.458026][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.465006][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.491500][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.517521][ T5823] Bluetooth: hci3: command tx timeout [ 78.531005][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.538203][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.564191][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.721909][ T5832] hsr_slave_0: entered promiscuous mode [ 78.728729][ T5832] hsr_slave_1: entered promiscuous mode [ 78.734867][ T5832] debugfs: 'hsr0' already exists in 'hsr' [ 78.740686][ T5832] Cannot create hsr debugfs directory [ 79.005815][ T5826] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 79.019741][ T5826] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 79.052265][ T5826] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 79.081071][ T5826] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 79.143135][ T5825] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.166546][ T5825] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.179996][ T5825] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.206706][ T5825] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.271103][ T5821] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.297751][ T5821] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.324811][ T5821] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.348338][ T5821] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.399953][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.443099][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.462362][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.474855][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.490177][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.503900][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 79.529543][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.536828][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.572658][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.579816][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.656191][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.729745][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.752212][ T1040] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.759427][ T1040] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.790504][ T1040] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.797712][ T1040] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.842118][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.879464][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.939846][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.963519][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.985392][ T1040] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.992564][ T1040] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.003469][ T1040] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.010802][ T1040] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.030269][ T1040] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.037462][ T1040] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.069053][ T33] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.076229][ T33] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.120699][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.224049][ T5832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.251248][ T5821] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.373976][ T5826] veth0_vlan: entered promiscuous mode [ 80.415047][ T5826] veth1_vlan: entered promiscuous mode [ 80.438875][ T5823] Bluetooth: hci2: command tx timeout [ 80.444328][ T5823] Bluetooth: hci1: command tx timeout [ 80.450405][ T5827] Bluetooth: hci0: command tx timeout [ 80.512544][ T5826] veth0_macvtap: entered promiscuous mode [ 80.534607][ T5826] veth1_macvtap: entered promiscuous mode [ 80.559055][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.599015][ T5823] Bluetooth: hci3: command tx timeout [ 80.615071][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.664289][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.702810][ T64] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.714007][ T64] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.729574][ T64] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.738871][ T64] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.795721][ T5825] veth0_vlan: entered promiscuous mode [ 80.807525][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.826492][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.842530][ T5825] veth1_vlan: entered promiscuous mode [ 80.876144][ T1331] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.888904][ T1331] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.962147][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.974717][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.022872][ T5825] veth0_macvtap: entered promiscuous mode [ 81.059170][ T5825] veth1_macvtap: entered promiscuous mode [ 81.080640][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 81.082843][ T5821] veth0_vlan: entered promiscuous mode [ 81.110132][ T5832] veth0_vlan: entered promiscuous mode [ 81.142106][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.172842][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.212274][ T5821] veth1_vlan: entered promiscuous mode [ 81.232200][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.245640][ T5832] veth1_vlan: entered promiscuous mode [ 81.258565][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.282056][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.292880][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.342822][ T5821] veth0_macvtap: entered promiscuous mode [ 81.379733][ T5821] veth1_macvtap: entered promiscuous mode [ 81.456566][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.502434][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.513710][ T5832] veth0_macvtap: entered promiscuous mode [ 81.549144][ T37] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.559930][ T37] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.575369][ T5832] veth1_macvtap: entered promiscuous mode [ 81.586046][ T37] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.600549][ T1331] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.617560][ T1331] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.629571][ T37] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.750282][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.784474][ T1331] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.817044][ T1331] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.885269][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.950146][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.987052][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.001727][ T1331] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.025722][ T37] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.046364][ T1331] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.066679][ T37] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.236872][ T85] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.269506][ T85] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.423982][ T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.445227][ T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.517225][ T5823] Bluetooth: hci1: command tx timeout [ 82.518091][ T5831] Bluetooth: hci0: command tx timeout [ 82.522799][ T5823] Bluetooth: hci2: command tx timeout [ 82.622285][ T1040] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.667252][ T1040] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.679251][ T5823] Bluetooth: hci3: command tx timeout [ 84.451315][ T5952] Zero length message leads to an empty skb [ 84.597802][ T5823] Bluetooth: hci2: command tx timeout [ 84.607358][ T5831] Bluetooth: hci0: command tx timeout [ 84.607361][ T5823] Bluetooth: hci1: command tx timeout [ 84.757495][ T5831] Bluetooth: hci3: command tx timeout [ 84.768967][ T5960] input: jJǸ-9%vlQ J6n?aԙ/rk [ 84.768967][ T5960] l6 as /devices/virtual/input/input5 [ 85.268950][ T5971] input: jJǸ-9%vlQ J6n?aԙ/rk [ 85.268950][ T5971] l6 as /devices/virtual/input/input6 [ 85.627285][ T5967] mmap: syz.1.16 (5967) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 85.694700][ T5967] syz.1.16 uses obsolete (PF_INET,SOCK_PACKET) [ 86.844766][ T10] cfg80211: failed to load regulatory.db [ 89.083047][ T6026] input: jJǸ-9%vlQ J6n?aԙ/rk [ 89.083047][ T6026] l6 as /devices/virtual/input/input7 [ 91.112985][ T6062] input: jJǸ-9%vlQ J6n?aԙ/rk [ 91.112985][ T6062] l6 as /devices/virtual/input/input8 [ 91.544504][ T6072] input: jJǸ-9%vlQ J6n?aԙ/rk [ 91.544504][ T6072] l6 as /devices/virtual/input/input9 [ 92.088349][ T6082] input: jJǸ-9%vlQ J6n?aԙ/rk [ 92.088349][ T6082] l6 as /devices/virtual/input/input10 [ 94.094110][ T6122] netlink: 8 bytes leftover after parsing attributes in process `syz.1.55'. [ 95.312809][ T6135] bond0: invalid ARP target specified [ 95.544557][ T6143] bond0: invalid ARP target specified [ 95.596098][ T6144] nbd: socks must be embedded in a SOCK_ITEM attr [ 95.628052][ T6144] block nbd0: shutting down sockets [ 96.798119][ T6169] input: jJǸ-9%vlQ J6n?aԙ/rk [ 96.798119][ T6169] l6 as /devices/virtual/input/input11 [ 97.075056][ T6166] zswap: compressor 000 not available [ 97.234990][ T6160] raw_sendmsg: syz.3.63 forgot to set AF_INET. Fix it! [ 97.327886][ T6176] bond0: invalid ARP target specified [ 97.509722][ T6178] bond0: invalid ARP target specified [ 98.272165][ T6184] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 100.330456][ T6223] netlink: 28 bytes leftover after parsing attributes in process `syz.0.78'. [ 100.393035][ T6223] team0 (unregistering): Port device team_slave_0 removed [ 100.461036][ T6223] team0 (unregistering): Port device team_slave_1 removed [ 101.826971][ T6250] netlink: 342 bytes leftover after parsing attributes in process `syz.2.85'. [ 102.447461][ T6256] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input12 [ 103.554096][ T6269] sysfs_service_op_store: Client not running :-5: [ 104.034070][ T6274] usb usb13: check_ctrlrecip: process 6274 (syz.3.93) requesting ep 01 but needs 81 [ 104.084099][ T6274] usb usb13: usbfs: process 6274 (syz.3.93) did not claim interface 0 before use [ 104.256515][ T6279] FAULT_INJECTION: forcing a failure. [ 104.256515][ T6279] name failslab, interval 1, probability 0, space 0, times 1 [ 104.256582][ T6279] CPU: 0 UID: 0 PID: 6279 Comm: syz.3.93 Not tainted syzkaller #0 PREEMPT(full) [ 104.256613][ T6279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 104.256632][ T6279] Call Trace: [ 104.256640][ T6279] [ 104.256650][ T6279] dump_stack_lvl+0x100/0x190 [ 104.256704][ T6279] should_fail_ex.cold+0x5/0xa [ 104.256737][ T6279] should_failslab+0xc2/0x120 [ 104.256767][ T6279] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 104.256809][ T6279] ? security_file_alloc+0x34/0x2c0 [ 104.256842][ T6279] ? trace_kmem_cache_alloc+0xf3/0x120 [ 104.256866][ T6279] security_file_alloc+0x34/0x2c0 [ 104.256895][ T6279] init_file+0x95/0x480 [ 104.256923][ T6279] alloc_empty_file+0x73/0x1c0 [ 104.256958][ T6279] alloc_file_pseudo+0x13a/0x230 [ 104.256996][ T6279] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 104.257030][ T6279] ? alloc_fd+0x476/0x790 [ 104.257059][ T6279] ? do_raw_spin_unlock+0x145/0x1e0 [ 104.257104][ T6279] __anon_inode_getfile+0xe8/0x280 [ 104.257141][ T6279] anon_inode_getfile_fmode+0x37/0xa0 [ 104.257176][ T6279] do_signalfd4+0x1ed/0x480 [ 104.257211][ T6279] __x64_sys_signalfd+0x120/0x1a0 [ 104.257244][ T6279] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 104.257290][ T6279] do_syscall_64+0x106/0xf80 [ 104.257318][ T6279] ? clear_bhb_loop+0x40/0x90 [ 104.257336][ T6279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.257351][ T6279] RIP: 0033:0x7f438759c799 [ 104.257371][ T6279] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 104.257385][ T6279] RSP: 002b:00007f4388456028 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 104.257403][ T6279] RAX: ffffffffffffffda RBX: 00007f4387816090 RCX: 00007f438759c799 [ 104.257413][ T6279] RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffffffffffffffff [ 104.257422][ T6279] RBP: 00007f4387632c99 R08: 0000000000000000 R09: 0000000000000000 [ 104.257432][ T6279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.257440][ T6279] R13: 00007f4387816128 R14: 00007f4387816090 R15: 00007ffd6c5f6848 [ 104.257459][ T6279] [ 105.067106][ T6293] netlink: 28 bytes leftover after parsing attributes in process `syz.3.96'. [ 105.192586][ T6297] netlink: zone id is out of range [ 105.387486][ T6280] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 106.951201][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 107.359698][ T6325] bond0: invalid ARP target specified [ 107.389733][ T6327] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 108.801231][ T6360] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 108.912805][ T6359] bond0: invalid ARP target specified [ 108.945336][ T5831] Bluetooth: hci0: unexpected event 0x23 length: 127 > 13 [ 110.546588][ T6395] input: jJǸ-9%vlQ J6n?aԙ/rk [ 110.546588][ T6395] l6 as /devices/virtual/input/input13 [ 112.721131][ T6433] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 113.375478][ T6447] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 114.318780][ T6454] bond0: invalid ARP target specified [ 116.270693][ T6496] bond0: invalid ARP target specified [ 118.053391][ T6506] input: jJǸ-9%vlQ J6n?aԙ/rk [ 118.053391][ T6506] l6 as /devices/virtual/input/input14 [ 118.678984][ T6527] netlink: 8 bytes leftover after parsing attributes in process `syz.3.157'. [ 118.934028][ T6524] netlink: 28 bytes leftover after parsing attributes in process `syz.1.156'. [ 119.378906][ T6541] netlink: zone id is out of range [ 119.976986][ T6550] netlink: 338 bytes leftover after parsing attributes in process `syz.1.170'. [ 121.685225][ T6587] netlink: 338 bytes leftover after parsing attributes in process `syz.3.172'. [ 121.885281][ T6589] netlink: zone id is out of range [ 123.430377][ T6631] netlink: 338 bytes leftover after parsing attributes in process `syz.2.182'. [ 124.533016][ T6653] netlink: 342 bytes leftover after parsing attributes in process `syz.0.186'. [ 124.589609][ T6654] netlink: zone id is out of range [ 125.057562][ T6656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.190'. [ 125.488190][ T6661] netlink: 28 bytes leftover after parsing attributes in process `syz.2.191'. [ 125.588296][ T6661] team0 (unregistering): Port device team_slave_0 removed [ 125.641642][ T6661] team0 (unregistering): Port device team_slave_1 removed [ 125.776746][ T6671] netlink: 338 bytes leftover after parsing attributes in process `syz.3.195'. [ 126.688731][ T6708] netlink: 342 bytes leftover after parsing attributes in process `syz.3.201'. [ 128.413111][ T6728] netlink: 28 bytes leftover after parsing attributes in process `syz.3.205'. [ 128.437578][ T6728] team0 (unregistering): Port device team_slave_0 removed [ 128.479112][ T6728] team0 (unregistering): Port device team_slave_1 removed [ 129.991712][ T6767] netlink: 342 bytes leftover after parsing attributes in process `syz.1.215'. [ 131.641966][ T6807] input: jJǸ-9%vlQ J6n?aԙ/rk [ 131.641966][ T6807] l6 as /devices/virtual/input/input15 [ 132.923503][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.930323][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.285184][ T6881] netlink: 8 bytes leftover after parsing attributes in process `syz.0.240'. [ 135.671814][ T6893] input: jJǸ-9%vlQ J6n?aԙ/rk [ 135.671814][ T6893] l6 as /devices/virtual/input/input16 [ 135.708875][ T6895] input: jJǸ-9%vlQ J6n?aԙ/rk [ 135.708875][ T6895] l6 as /devices/virtual/input/input17 [ 136.727842][ T6907] input: jJǸ-9%vlQ J6n?aԙ/rk [ 136.727842][ T6907] l6 as /devices/virtual/input/input18 [ 137.347929][ T6921] zero sized request [ 137.356689][ T6921] MTRR 0 not used [ 137.727386][ T6933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.254'. [ 138.663273][ T6959] input: jJǸ-9%vlQ J6n?aԙ/rk [ 138.663273][ T6959] l6 as /devices/virtual/input/input19 [ 139.628465][ T6977] zero sized request [ 139.632899][ T6977] MTRR 0 not used [ 140.202046][ T6993] netlink: 8 bytes leftover after parsing attributes in process `syz.3.265'. [ 141.072295][ T7015] netlink: 338 bytes leftover after parsing attributes in process `syz.2.270'. [ 141.809917][ T7027] zero sized request [ 141.830526][ T7027] MTRR 0 not used [ 142.085544][ T7044] netlink: 8 bytes leftover after parsing attributes in process `syz.0.278'. [ 142.951270][ T7071] netlink: 338 bytes leftover after parsing attributes in process `syz.2.281'. [ 143.984260][ T7096] netlink: 8 bytes leftover after parsing attributes in process `syz.1.288'. [ 144.732368][ T7113] netlink: 338 bytes leftover after parsing attributes in process `syz.1.290'. [ 145.706139][ T7147] netlink: 8 bytes leftover after parsing attributes in process `syz.0.298'. [ 146.953832][ T7176] sysfs_service_op_store: Client not running :-5: [ 147.499151][ T7191] netlink: 8 bytes leftover after parsing attributes in process `syz.2.310'. [ 150.247733][ T7246] netlink: 8 bytes leftover after parsing attributes in process `syz.0.320'. [ 151.896825][ T7310] netlink: 8 bytes leftover after parsing attributes in process `syz.3.337'. [ 152.314102][ T7324] netlink: 8 bytes leftover after parsing attributes in process `syz.2.351'. [ 153.886076][ T7369] sysfs_service_op_store: Client not running :-5: [ 154.072873][ T7373] netlink: 8 bytes leftover after parsing attributes in process `syz.2.355'. [ 157.113528][ T7438] netlink: 8 bytes leftover after parsing attributes in process `syz.2.369'. [ 157.134397][ T7435] usb usb13: check_ctrlrecip: process 7435 (syz.0.368) requesting ep 01 but needs 81 [ 157.175906][ T7435] usb usb13: usbfs: process 7435 (syz.0.368) did not claim interface 0 before use [ 157.416538][ T7447] FAULT_INJECTION: forcing a failure. [ 157.416538][ T7447] name failslab, interval 1, probability 0, space 0, times 0 [ 157.434621][ T7447] CPU: 0 UID: 0 PID: 7447 Comm: syz.0.368 Not tainted syzkaller #0 PREEMPT(full) [ 157.434658][ T7447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 157.434673][ T7447] Call Trace: [ 157.434681][ T7447] [ 157.434691][ T7447] dump_stack_lvl+0x100/0x190 [ 157.434754][ T7447] should_fail_ex.cold+0x5/0xa [ 157.434788][ T7447] should_failslab+0xc2/0x120 [ 157.434824][ T7447] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 157.434875][ T7447] ? security_file_alloc+0x34/0x2c0 [ 157.434910][ T7447] ? trace_kmem_cache_alloc+0xf3/0x120 [ 157.434946][ T7447] security_file_alloc+0x34/0x2c0 [ 157.434978][ T7447] init_file+0x95/0x480 [ 157.435011][ T7447] alloc_empty_file+0x73/0x1c0 [ 157.435046][ T7447] alloc_file_pseudo+0x13a/0x230 [ 157.435082][ T7447] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 157.435112][ T7447] ? alloc_fd+0x476/0x790 [ 157.435141][ T7447] ? do_raw_spin_unlock+0x145/0x1e0 [ 157.435179][ T7447] __anon_inode_getfile+0xe8/0x280 [ 157.435215][ T7447] anon_inode_getfile_fmode+0x37/0xa0 [ 157.435249][ T7447] do_signalfd4+0x1ed/0x480 [ 157.435283][ T7447] __x64_sys_signalfd+0x120/0x1a0 [ 157.435313][ T7447] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 157.435337][ T7447] do_syscall_64+0x106/0xf80 [ 157.435362][ T7447] ? clear_bhb_loop+0x40/0x90 [ 157.435381][ T7447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.435396][ T7447] RIP: 0033:0x7f304ff9c799 [ 157.435416][ T7447] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.435432][ T7447] RSP: 002b:00007f3050e08028 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 157.435449][ T7447] RAX: ffffffffffffffda RBX: 00007f3050216090 RCX: 00007f304ff9c799 [ 157.435459][ T7447] RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffffffffffffffff [ 157.435468][ T7447] RBP: 00007f3050032c99 R08: 0000000000000000 R09: 0000000000000000 [ 157.435477][ T7447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.435486][ T7447] R13: 00007f3050216128 R14: 00007f3050216090 R15: 00007ffed21c05a8 [ 157.435506][ T7447] [ 157.875608][ T7456] netlink: 8 bytes leftover after parsing attributes in process `syz.0.382'. [ 157.927895][ T7461] sysfs_service_op_store: Client not running :-5: [ 160.120747][ T7514] netlink: 8 bytes leftover after parsing attributes in process `syz.3.386'. [ 162.022876][ T7557] netlink: 8 bytes leftover after parsing attributes in process `syz.2.396'. [ 164.280334][ T7594] QAT: Device 0 not found [ 166.070741][ T7640] sysfs_service_op_store: Client not running :-5: [ 167.837265][ T7688] netlink: 8 bytes leftover after parsing attributes in process `syz.2.429'. [ 168.703745][ T7720] netlink: 8 bytes leftover after parsing attributes in process `syz.1.440'. [ 168.866236][ T7729] netlink: 8 bytes leftover after parsing attributes in process `syz.3.441'. [ 169.035999][ T7736] netlink: 28 bytes leftover after parsing attributes in process `syz.1.442'. [ 169.083200][ T7736] team0 (unregistering): Port device team_slave_0 removed [ 169.106265][ T7736] team0 (unregistering): Port device team_slave_1 removed [ 170.008196][ T7774] netlink: 8 bytes leftover after parsing attributes in process `syz.1.452'. [ 170.141299][ T7781] random: crng reseeded on system resumption [ 170.178141][ T7781] nvme_fcloop: unknown parameter or missing value './file0' [ 170.509510][ T7791] netlink: 8 bytes leftover after parsing attributes in process `syz.1.465'. [ 170.941560][ T7811] futex_wake_op: syz.1.460 tries to shift op by -2048; fix this program [ 170.950316][ T7811] futex_wake_op: syz.1.460 tries to shift op by -2048; fix this program [ 170.959900][ T7811] 0x000000000001-0x000000020000 : "" [ 171.068323][ T7811] ftl_cs: FTL header corrupt! [ 171.273806][ T7817] random: crng reseeded on system resumption [ 172.157247][ T7841] blktrace: Concurrent blktraces are not allowed on loop2 [ 172.812500][ T7847] netlink: 8 bytes leftover after parsing attributes in process `syz.1.470'. [ 172.884223][ T7851] netlink: 186 bytes leftover after parsing attributes in process `syz.0.471'. [ 173.065658][ T7858] misc userio: Invalid payload size [ 173.545261][ T7869] binder: 7868:7869 ioctl c0405665 34 returned -22 [ 174.119528][ T7892] netlink: 8 bytes leftover after parsing attributes in process `syz.1.482'. [ 174.468821][ T7909] netlink: 28 bytes leftover after parsing attributes in process `syz.2.487'. [ 174.492224][ T7911] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 175.053250][ T7928] FAULT_INJECTION: forcing a failure. [ 175.053250][ T7928] name failslab, interval 1, probability 0, space 0, times 0 [ 175.092596][ T7928] CPU: 0 UID: 0 PID: 7928 Comm: syz.1.495 Not tainted syzkaller #0 PREEMPT(full) [ 175.092621][ T7928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 175.092630][ T7928] Call Trace: [ 175.092636][ T7928] [ 175.092642][ T7928] dump_stack_lvl+0x100/0x190 [ 175.092671][ T7928] should_fail_ex.cold+0x5/0xa [ 175.092689][ T7928] ? sk_prot_alloc+0x10b/0x2a0 [ 175.092704][ T7928] should_failslab+0xc2/0x120 [ 175.092720][ T7928] __kmalloc_noprof+0xe0/0x850 [ 175.092747][ T7928] sk_prot_alloc+0x10b/0x2a0 [ 175.092763][ T7928] sk_alloc+0x36/0xe80 [ 175.092783][ T7928] can_create+0x1e5/0x630 [ 175.092806][ T7928] __sock_create+0x339/0x860 [ 175.092826][ T7928] __sys_socket+0x14d/0x260 [ 175.092851][ T7928] ? __pfx___sys_socket+0x10/0x10 [ 175.092874][ T7928] __x64_sys_socket+0x72/0xb0 [ 175.092890][ T7928] ? lockdep_hardirqs_on+0x78/0x100 [ 175.092911][ T7928] do_syscall_64+0x106/0xf80 [ 175.092931][ T7928] ? clear_bhb_loop+0x40/0x90 [ 175.092949][ T7928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.092964][ T7928] RIP: 0033:0x7fb228f9c799 [ 175.092978][ T7928] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 175.092991][ T7928] RSP: 002b:00007fb229f04028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 175.093005][ T7928] RAX: ffffffffffffffda RBX: 00007fb229215fa0 RCX: 00007fb228f9c799 [ 175.093015][ T7928] RDX: 0000000000000007 RSI: 0000000000000002 RDI: 000000000000001d [ 175.093023][ T7928] RBP: 00007fb229032c99 R08: 0000000000000000 R09: 0000000000000000 [ 175.093031][ T7928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 175.093039][ T7928] R13: 00007fb229216038 R14: 00007fb229215fa0 R15: 00007ffde0d9e848 [ 175.093058][ T7928] [ 175.533822][ T7942] netlink: 8 bytes leftover after parsing attributes in process `syz.3.497'. [ 175.604702][ T7948] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 178.689836][ T7998] netlink: 8 bytes leftover after parsing attributes in process `syz.1.508'. [ 179.061584][ T8005] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 180.604231][ T8041] futex_wake_op: syz.0.524 tries to shift op by -2048; fix this program [ 180.647051][ T8041] futex_wake_op: syz.0.524 tries to shift op by -2048; fix this program [ 180.664127][ T8041] 0x000000000001-0x000000020000 : "" [ 180.932847][ T8041] ftl_cs: FTL header corrupt! [ 181.598653][ T8057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.520'. [ 182.812632][ T8092] FAULT_INJECTION: forcing a failure. [ 182.812632][ T8092] name failslab, interval 1, probability 0, space 0, times 0 [ 182.887456][ T8092] CPU: 1 UID: 0 PID: 8092 Comm: syz.0.529 Not tainted syzkaller #0 PREEMPT(full) [ 182.887494][ T8092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 182.887511][ T8092] Call Trace: [ 182.887520][ T8092] [ 182.887530][ T8092] dump_stack_lvl+0x100/0x190 [ 182.887581][ T8092] should_fail_ex.cold+0x5/0xa [ 182.887616][ T8092] should_failslab+0xc2/0x120 [ 182.887647][ T8092] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 182.887686][ T8092] ? __mpol_dup+0x74/0x370 [ 182.887724][ T8092] __mpol_dup+0x74/0x370 [ 182.887756][ T8092] ? __pfx___mpol_dup+0x10/0x10 [ 182.887799][ T8092] mbind_range+0x2ad/0x550 [ 182.887838][ T8092] do_mbind+0x7de/0xfd0 [ 182.887883][ T8092] ? __pfx_do_mbind+0x10/0x10 [ 182.887916][ T8092] ? __lock_acquire+0x4a5/0x2630 [ 182.887971][ T8092] ? __pfx_get_nodes+0x10/0x10 [ 182.887994][ T8092] ? find_held_lock+0x2b/0x80 [ 182.888031][ T8092] kernel_mbind+0x1b7/0x200 [ 182.888069][ T8092] ? __pfx_kernel_mbind+0x10/0x10 [ 182.888115][ T8092] do_syscall_64+0x106/0xf80 [ 182.888154][ T8092] ? clear_bhb_loop+0x40/0x90 [ 182.888196][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.888224][ T8092] RIP: 0033:0x7f304ff9c799 [ 182.888248][ T8092] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 182.888275][ T8092] RSP: 002b:00007f3050e08028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 182.888302][ T8092] RAX: ffffffffffffffda RBX: 00007f3050216090 RCX: 00007f304ff9c799 [ 182.888320][ T8092] RDX: 0000000000000004 RSI: 00000000002091d2 RDI: 0000000000000000 [ 182.888337][ T8092] RBP: 00007f3050032c99 R08: 0000002000000006 R09: 0000000000000002 [ 182.888354][ T8092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.888369][ T8092] R13: 00007f3050216128 R14: 00007f3050216090 R15: 00007ffed21c05a8 [ 182.888407][ T8092] [ 183.178149][ T8097] netlink: 8 bytes leftover after parsing attributes in process `syz.2.532'. [ 183.427210][ T8105] netlink: 8 bytes leftover after parsing attributes in process `syz.3.534'. [ 185.849071][ T8147] netlink: 8 bytes leftover after parsing attributes in process `syz.2.544'. [ 186.473067][ T8162] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 186.487215][ T8162] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 186.601333][ T8162] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 186.697770][ T8162] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 186.722308][ T8162] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 186.741606][ T8177] nfs4: Unknown parameter 'ECH];^YىZL`~^g ' [ 186.768949][ T8162] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 186.778561][ T8162] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 186.787320][ T8162] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 186.809666][ T8162] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 186.882669][ T8162] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 186.892075][ T8162] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 186.956120][ T8162] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 187.299892][ T8190] FAULT_INJECTION: forcing a failure. [ 187.299892][ T8190] name failslab, interval 1, probability 0, space 0, times 0 [ 187.404370][ T8190] CPU: 0 UID: 7 PID: 8190 Comm: syz.1.555 Not tainted syzkaller #0 PREEMPT(full) [ 187.404393][ T8190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 187.404403][ T8190] Call Trace: [ 187.404408][ T8190] [ 187.404414][ T8190] dump_stack_lvl+0x100/0x190 [ 187.404443][ T8190] should_fail_ex.cold+0x5/0xa [ 187.404463][ T8190] should_failslab+0xc2/0x120 [ 187.404480][ T8190] __kmalloc_cache_noprof+0x7a/0x6f0 [ 187.404499][ T8190] ? key_user_lookup+0x1a3/0x5a0 [ 187.404522][ T8190] key_user_lookup+0x1a3/0x5a0 [ 187.404539][ T8190] ? __pfx_key_user_lookup+0x10/0x10 [ 187.404557][ T8190] ? security_key_permission+0x7b/0x230 [ 187.404579][ T8190] key_alloc+0x18b/0x1310 [ 187.404601][ T8190] ? __pfx_keyring_search+0x10/0x10 [ 187.404622][ T8190] ? __pfx_key_alloc+0x10/0x10 [ 187.404639][ T8190] ? __pfx_key_default_cmp+0x10/0x10 [ 187.404660][ T8190] ? __pfx_keyring_search_iterator+0x10/0x10 [ 187.404682][ T8190] keyring_alloc+0x44/0xc0 [ 187.404703][ T8190] look_up_user_keyrings+0x465/0x790 [ 187.404723][ T8190] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 187.404738][ T8190] ? futex_wait+0x125/0x380 [ 187.404760][ T8190] ? __pfx_futex_wait+0x10/0x10 [ 187.404786][ T8190] lookup_user_key+0xbb1/0x1300 [ 187.404802][ T8190] ? trace_sched_exit_tp+0x13a/0x180 [ 187.404821][ T8190] ? __pfx_lookup_user_key+0x10/0x10 [ 187.404842][ T8190] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 187.404862][ T8190] ? __x64_sys_futex+0x34f/0x4d0 [ 187.404880][ T8190] ? __x64_sys_futex+0x358/0x4d0 [ 187.404902][ T8190] keyctl_session_to_parent+0x28/0xae0 [ 187.404921][ T8190] __do_sys_keyctl+0x2b1/0x5a0 [ 187.404937][ T8190] do_syscall_64+0x106/0xf80 [ 187.404959][ T8190] ? clear_bhb_loop+0x40/0x90 [ 187.404977][ T8190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.404992][ T8190] RIP: 0033:0x7fb228f9c799 [ 187.405006][ T8190] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 187.405020][ T8190] RSP: 002b:00007fb229f04028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 187.405034][ T8190] RAX: ffffffffffffffda RBX: 00007fb229215fa0 RCX: 00007fb228f9c799 [ 187.405043][ T8190] RDX: fffffffffffffffd RSI: 0000000000000000 RDI: 0000000000000012 [ 187.405052][ T8190] RBP: 00007fb229032c99 R08: 0000000000000001 R09: 0000000000000000 [ 187.405061][ T8190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 187.405069][ T8190] R13: 00007fb229216038 R14: 00007fb229215fa0 R15: 00007ffde0d9e848 [ 187.405090][ T8190] [ 188.099401][ T8202] netlink: 8 bytes leftover after parsing attributes in process `syz.1.556'. [ 188.519040][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 188.775273][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 188.841922][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 188.918867][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 189.807500][ T8232] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 189.844351][ T8232] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 189.881495][ T8232] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 189.914418][ T8232] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 190.131361][ T8241] nbd: illegal input index 37139 [ 191.877172][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 191.877903][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout [ 191.957158][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 191.963223][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout [ 192.375227][ T8284] netlink: 12 bytes leftover after parsing attributes in process `syz.1.576'. [ 192.423281][ T8284] netlink: 8 bytes leftover after parsing attributes in process `syz.1.576'. [ 192.826914][ T8290] netlink: 8 bytes leftover after parsing attributes in process `syz.3.578'. [ 193.957076][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout [ 193.963152][ T5827] Bluetooth: hci1: command 0x0c1a tx timeout [ 194.053887][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 194.053898][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 194.371070][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.380330][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.588346][ T8344] netlink: 8 bytes leftover after parsing attributes in process `syz.3.591'. [ 195.997665][ T8352] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 196.015516][ T8352] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 196.096373][ T8352] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 196.128004][ T8352] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 196.894418][ T8372] Invalid ELF header magic: != ELF [ 198.037100][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 198.037404][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout [ 198.117130][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout [ 198.197061][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 198.609210][ T8397] netlink: 8 bytes leftover after parsing attributes in process `syz.0.603'. [ 198.638478][ T8399] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 198.895205][ T8408] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 199.283147][ T8409] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 201.753167][ T8483] futex_wake_op: syz.2.620 tries to shift op by -2048; fix this program [ 201.774091][ T8484] netlink: 24 bytes leftover after parsing attributes in process `syz.0.621'. [ 201.796671][ T8483] futex_wake_op: syz.2.620 tries to shift op by -2048; fix this program [ 201.902454][ T8483] 0x000000000001-0x000000020000 : "" [ 201.932051][ T8483] ftl_cs: FTL header corrupt! [ 203.314237][ T8528] netlink: 24 bytes leftover after parsing attributes in process `syz.1.632'. [ 204.192143][ T8548] FAULT_INJECTION: forcing a failure. [ 204.192143][ T8548] name failslab, interval 1, probability 0, space 0, times 0 [ 204.227641][ T8548] CPU: 1 UID: 0 PID: 8548 Comm: syz.3.637 Not tainted syzkaller #0 PREEMPT(full) [ 204.227675][ T8548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 204.227689][ T8548] Call Trace: [ 204.227696][ T8548] [ 204.227705][ T8548] dump_stack_lvl+0x100/0x190 [ 204.227747][ T8548] should_fail_ex.cold+0x5/0xa [ 204.227778][ T8548] should_failslab+0xc2/0x120 [ 204.227805][ T8548] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 204.227842][ T8548] ? mas_alloc_nodes+0x280/0x390 [ 204.227880][ T8548] mas_alloc_nodes+0x280/0x390 [ 204.227917][ T8548] mas_preallocate+0x39c/0xf10 [ 204.227960][ T8548] ? __pfx_mas_preallocate+0x10/0x10 [ 204.228005][ T8548] ? vm_area_alloc+0x1f/0x160 [ 204.228037][ T8548] ? lockdep_init_map_type+0x5c/0x250 [ 204.228072][ T8548] __mmap_region+0x12b5/0x29e0 [ 204.228112][ T8548] ? __pfx___mmap_region+0x10/0x10 [ 204.228141][ T8548] ? process_measurement+0x1f4/0x2350 [ 204.228235][ T8548] ? is_bpf_text_address+0x94/0x1a0 [ 204.228270][ T8548] ? kernel_text_address+0x8d/0x100 [ 204.228303][ T8548] ? __kernel_text_address+0xd/0x30 [ 204.228378][ T8548] ? rcu_is_watching+0x12/0xc0 [ 204.228412][ T8548] ? cap_capable+0x107/0x460 [ 204.228452][ T8548] mmap_region+0x180/0x3e0 [ 204.228491][ T8548] do_mmap+0xc63/0x12f0 [ 204.228524][ T8548] ? __pfx_do_mmap+0x10/0x10 [ 204.228550][ T8548] ? __pfx_down_write_killable+0x10/0x10 [ 204.228592][ T8548] vm_mmap_pgoff+0x29e/0x470 [ 204.228626][ T8548] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 204.228657][ T8548] ? __fget_files+0x215/0x3d0 [ 204.228681][ T8548] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 204.228722][ T8548] ksys_mmap_pgoff+0xe1/0x650 [ 204.228752][ T8548] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 204.228774][ T8548] ? fput+0x79/0x100 [ 204.228801][ T8548] ? ksys_write+0x1ac/0x250 [ 204.228823][ T8548] ? __pfx_ksys_write+0x10/0x10 [ 204.228850][ T8548] __x64_sys_mmap+0x125/0x190 [ 204.228888][ T8548] do_syscall_64+0x106/0xf80 [ 204.228920][ T8548] ? clear_bhb_loop+0x40/0x90 [ 204.228949][ T8548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.228973][ T8548] RIP: 0033:0x7f438759c799 [ 204.228994][ T8548] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 204.229015][ T8548] RSP: 002b:00007f4388477028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 204.229037][ T8548] RAX: ffffffffffffffda RBX: 00007f4387815fa0 RCX: 00007f438759c799 [ 204.229053][ T8548] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 204.229066][ T8548] RBP: 00007f4388477090 R08: 0000000000000002 R09: 0000000000008000 [ 204.229079][ T8548] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000001 [ 204.229092][ T8548] R13: 00007f4387816038 R14: 00007f4387815fa0 R15: 00007ffd6c5f6848 [ 204.229126][ T8548] [ 204.897772][ T8554] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 204.903854][ T8554] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 204.911122][ T8554] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 204.941945][ T8554] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 206.162632][ T8576] netlink: 24 bytes leftover after parsing attributes in process `syz.3.643'. [ 206.638396][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 206.917104][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 206.923252][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout [ 206.929522][ T5823] Bluetooth: hci2: command 0x0c1a tx timeout [ 206.997834][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 207.101726][ T8599] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 207.553402][ T8611] FAULT_INJECTION: forcing a failure. [ 207.553402][ T8611] name failslab, interval 1, probability 0, space 0, times 0 [ 207.616956][ T8611] CPU: 0 UID: 0 PID: 8611 Comm: syz.0.654 Not tainted syzkaller #0 PREEMPT(full) [ 207.616988][ T8611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 207.616999][ T8611] Call Trace: [ 207.617006][ T8611] [ 207.617012][ T8611] dump_stack_lvl+0x100/0x190 [ 207.617039][ T8611] should_fail_ex.cold+0x5/0xa [ 207.617057][ T8611] ? tomoyo_encode2+0xfb/0x3c0 [ 207.617075][ T8611] should_failslab+0xc2/0x120 [ 207.617091][ T8611] __kmalloc_noprof+0xe0/0x850 [ 207.617111][ T8611] ? d_absolute_path+0x136/0x1b0 [ 207.617139][ T8611] tomoyo_encode2+0xfb/0x3c0 [ 207.617159][ T8611] tomoyo_encode+0x29/0x50 [ 207.617176][ T8611] tomoyo_realpath_from_path+0x18c/0x690 [ 207.617199][ T8611] tomoyo_path_number_perm+0x23c/0x580 [ 207.617218][ T8611] ? tomoyo_path_number_perm+0x22e/0x580 [ 207.617234][ T8611] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 207.617269][ T8611] ? find_held_lock+0x2b/0x80 [ 207.617282][ T8611] ? __fget_files+0x215/0x3d0 [ 207.617295][ T8611] ? hook_file_ioctl_common+0x146/0x410 [ 207.617315][ T8611] ? __fget_files+0x21f/0x3d0 [ 207.617331][ T8611] security_file_ioctl+0xd3/0x230 [ 207.617349][ T8611] __x64_sys_ioctl+0xb7/0x210 [ 207.617370][ T8611] do_syscall_64+0x106/0xf80 [ 207.617391][ T8611] ? clear_bhb_loop+0x40/0x90 [ 207.617408][ T8611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.617422][ T8611] RIP: 0033:0x7f304ff9c799 [ 207.617434][ T8611] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 207.617447][ T8611] RSP: 002b:00007f3050e29028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.617465][ T8611] RAX: ffffffffffffffda RBX: 00007f3050215fa0 RCX: 00007f304ff9c799 [ 207.617479][ T8611] RDX: 0000200000000100 RSI: 000000008038550a RDI: 0000000000000003 [ 207.617493][ T8611] RBP: 00007f3050e29090 R08: 0000000000000000 R09: 0000000000000000 [ 207.617507][ T8611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.617519][ T8611] R13: 00007f3050216038 R14: 00007f3050215fa0 R15: 00007ffed21c05a8 [ 207.617550][ T8611] [ 207.617862][ T8611] ERROR: Out of memory at tomoyo_realpath_from_path. [ 207.876959][ T8611] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 209.836245][ T8643] synth uevent: /bus/mei: unknown uevent action string [ 210.231954][ T8649] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 210.257626][ T8649] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 210.263816][ T8649] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 210.282092][ T8649] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 210.568138][ T8658] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 212.276993][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout [ 212.283155][ T5823] Bluetooth: hci1: command 0x0c1a tx timeout [ 212.289296][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 212.358743][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 212.887353][ T8700] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 212.927133][ T8700] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 212.933173][ T8700] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 212.956090][ T8700] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 214.157524][ T8729] netlink: 8 bytes leftover after parsing attributes in process `syz.2.681'. [ 214.917324][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 214.997387][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 215.003454][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 215.009612][ T5827] Bluetooth: hci1: command 0x0c1a tx timeout [ 215.333172][ T8753] netlink: 16 bytes leftover after parsing attributes in process `syz.0.687'. [ 216.428086][ T8771] netlink: 4 bytes leftover after parsing attributes in process `syz.2.693'. [ 217.165529][ T8775] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 217.171847][ T8775] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 217.181990][ T8775] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 217.199034][ T8775] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 217.449187][ T8790] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 218.436960][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 219.237074][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 219.243148][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 219.249238][ T5823] Bluetooth: hci1: command 0x0c1a tx timeout [ 219.689485][ T8833] random: crng reseeded on system resumption [ 219.734895][ T8835] FAULT_INJECTION: forcing a failure. [ 219.734895][ T8835] name failslab, interval 1, probability 0, space 0, times 0 [ 219.816619][ T8835] CPU: 1 UID: 0 PID: 8835 Comm: syz.0.716 Not tainted syzkaller #0 PREEMPT(full) [ 219.816660][ T8835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 219.816678][ T8835] Call Trace: [ 219.816686][ T8835] [ 219.816697][ T8835] dump_stack_lvl+0x100/0x190 [ 219.816747][ T8835] should_fail_ex.cold+0x5/0xa [ 219.816783][ T8835] should_failslab+0xc2/0x120 [ 219.816815][ T8835] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 219.816856][ T8835] ? do_getname+0x35/0x390 [ 219.816901][ T8835] do_getname+0x35/0x390 [ 219.816941][ T8835] do_sys_openat2+0xc5/0x1e0 [ 219.816978][ T8835] ? __pfx_do_sys_openat2+0x10/0x10 [ 219.817030][ T8835] __x64_sys_openat+0x12d/0x210 [ 219.817069][ T8835] ? __pfx___x64_sys_openat+0x10/0x10 [ 219.817123][ T8835] do_syscall_64+0x106/0xf80 [ 219.817160][ T8835] ? clear_bhb_loop+0x40/0x90 [ 219.817202][ T8835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.817231][ T8835] RIP: 0033:0x7f304ff9c799 [ 219.817254][ T8835] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 219.817282][ T8835] RSP: 002b:00007f3050e29028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 219.817310][ T8835] RAX: ffffffffffffffda RBX: 00007f3050215fa0 RCX: 00007f304ff9c799 [ 219.817330][ T8835] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 219.817348][ T8835] RBP: 00007f3050032c99 R08: 0000000000000000 R09: 0000000000000000 [ 219.817366][ T8835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 219.817383][ T8835] R13: 00007f3050216038 R14: 00007f3050215fa0 R15: 00007ffed21c05a8 [ 219.817422][ T8835] [ 221.186286][ T8856] NFSD: Failed to start, no listeners configured. [ 222.453529][ T8888] random: crng reseeded on system resumption [ 222.482867][ T30] audit: type=1326 audit(1774416093.534:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8884 comm="syz.1.722" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb228f9c799 code=0x0 [ 222.525258][ T8890] FAULT_INJECTION: forcing a failure. [ 222.525258][ T8890] name failslab, interval 1, probability 0, space 0, times 0 [ 222.554494][ T8890] CPU: 1 UID: 7 PID: 8890 Comm: syz.3.724 Not tainted syzkaller #0 PREEMPT(full) [ 222.554536][ T8890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 222.554552][ T8890] Call Trace: [ 222.554560][ T8890] [ 222.554571][ T8890] dump_stack_lvl+0x100/0x190 [ 222.554621][ T8890] should_fail_ex.cold+0x5/0xa [ 222.554655][ T8890] should_failslab+0xc2/0x120 [ 222.554687][ T8890] __kmalloc_cache_noprof+0x7a/0x6f0 [ 222.554725][ T8890] ? key_user_lookup+0x1a3/0x5a0 [ 222.554766][ T8890] key_user_lookup+0x1a3/0x5a0 [ 222.554799][ T8890] ? __pfx_key_user_lookup+0x10/0x10 [ 222.554834][ T8890] ? security_key_permission+0x7b/0x230 [ 222.554874][ T8890] key_alloc+0x18b/0x1310 [ 222.554917][ T8890] ? __pfx_keyring_search+0x10/0x10 [ 222.554959][ T8890] ? __pfx_key_alloc+0x10/0x10 [ 222.554992][ T8890] ? __pfx_key_default_cmp+0x10/0x10 [ 222.555024][ T8890] ? __pfx_keyring_search_iterator+0x10/0x10 [ 222.555066][ T8890] keyring_alloc+0x44/0xc0 [ 222.555107][ T8890] look_up_user_keyrings+0x465/0x790 [ 222.555145][ T8890] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 222.555174][ T8890] ? futex_wait+0x125/0x380 [ 222.555216][ T8890] ? __pfx_futex_wait+0x10/0x10 [ 222.555267][ T8890] lookup_user_key+0xbb1/0x1300 [ 222.555313][ T8890] ? __pfx_lookup_user_key+0x10/0x10 [ 222.555356][ T8890] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 222.555396][ T8890] ? __x64_sys_futex+0x34f/0x4d0 [ 222.555429][ T8890] ? __x64_sys_futex+0x358/0x4d0 [ 222.555470][ T8890] keyctl_session_to_parent+0x28/0xae0 [ 222.555510][ T8890] __do_sys_keyctl+0x2b1/0x5a0 [ 222.555542][ T8890] do_syscall_64+0x106/0xf80 [ 222.555581][ T8890] ? clear_bhb_loop+0x40/0x90 [ 222.555614][ T8890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.555641][ T8890] RIP: 0033:0x7f438759c799 [ 222.555665][ T8890] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 222.555692][ T8890] RSP: 002b:00007f4388477028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 222.555720][ T8890] RAX: ffffffffffffffda RBX: 00007f4387815fa0 RCX: 00007f438759c799 [ 222.555736][ T8890] RDX: fffffffffffffffd RSI: 0000000000000000 RDI: 0000000000000012 [ 222.555753][ T8890] RBP: 00007f4387632c99 R08: 0000000000000001 R09: 0000000000000000 [ 222.555769][ T8890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 222.555784][ T8890] R13: 00007f4387816038 R14: 00007f4387815fa0 R15: 00007ffd6c5f6848 [ 222.555822][ T8890] [ 223.582692][ T8907] netlink: 316 bytes leftover after parsing attributes in process `syz.1.726'. [ 223.712941][ T8909] tipc: Started in network mode [ 223.750128][ T8909] tipc: Node identity ffffffff, cluster identity 4711 [ 223.779019][ T8909] tipc: Node number set to 4294967295 [ 223.914456][ T8912] netlink: 504 bytes leftover after parsing attributes in process `syz.3.728'. [ 223.975238][ T8919] netlink: 504 bytes leftover after parsing attributes in process `syz.3.728'. [ 224.019709][ T8907] program syz.1.726 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 224.583777][ T8932] NFSD: Failed to start, no listeners configured. [ 225.064436][ T8940] futex_wake_op: syz.3.736 tries to shift op by -2048; fix this program [ 225.084267][ T8940] futex_wake_op: syz.3.736 tries to shift op by -2048; fix this program [ 225.103039][ T8940] 0x000000000001-0x000000020000 : "" [ 225.240052][ T8940] ftl_cs: FTL header corrupt! [ 226.254889][ T8969] netlink: 8 bytes leftover after parsing attributes in process `syz.0.742'. [ 227.950240][ T9001] NFSD: Failed to start, no listeners configured. [ 228.957639][ T30] audit: type=1326 audit(1774416100.034:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9021 comm="syz.2.753" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8f6c19c799 code=0x0 [ 229.232320][ T9020] NFSD: Failed to start, no listeners configured. [ 231.214152][ T9060] netlink: 28 bytes leftover after parsing attributes in process `syz.0.761'. [ 231.289897][ T9070] NFSD: Failed to start, no listeners configured. [ 231.703872][ T9073] netlink: 220 bytes leftover after parsing attributes in process `syz.0.765'. [ 231.770791][ T9075] netlink: 8 bytes leftover after parsing attributes in process `syz.3.766'. [ 232.016598][ T9083] NFSD: Failed to start, no listeners configured. [ 232.161700][ T30] audit: type=1326 audit(1774416103.244:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9089 comm="syz.3.768" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f438759c799 code=0x0 [ 232.384997][ T9085] NFSD: Failed to start, no listeners configured. [ 233.078370][ T9110] binder: 9107:9110 ioctl 40086602 e20 returned -22 [ 234.224712][ T9122] tipc: Started in network mode [ 234.246977][ T9122] tipc: Node identity ffffffff, cluster identity 4711 [ 234.289368][ T9122] tipc: Node number set to 4294967295 [ 234.388646][ T9130] netlink: 8 bytes leftover after parsing attributes in process `syz.2.780'. [ 235.280800][ T9149] netlink: 316 bytes leftover after parsing attributes in process `syz.3.784'. [ 235.562573][ T9153] program syz.3.784 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 235.575532][ T9162] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 236.439220][ T9179] netlink: 8 bytes leftover after parsing attributes in process `syz.3.792'. [ 236.468810][ T9171] netlink: 'syz.1.790': attribute type 29 has an invalid length. [ 236.476607][ T9171] netlink: 'syz.1.790': attribute type 30 has an invalid length. [ 236.484666][ T9171] netlink: 'syz.1.790': attribute type 31 has an invalid length. [ 236.507180][ T9171] netlink: 'syz.1.790': attribute type 32 has an invalid length. [ 236.549058][ T9171] netlink: 'syz.1.790': attribute type 33 has an invalid length. [ 236.656895][ T9171] netlink: 'syz.1.790': attribute type 35 has an invalid length. [ 236.719617][ T9171] netlink: 'syz.1.790': attribute type 37 has an invalid length. [ 236.768509][ T9171] netlink: 18 bytes leftover after parsing attributes in process `syz.1.790'. [ 237.661066][ T30] audit: type=1800 audit(1774423908.744:5): pid=9212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.800" name="dbroot" dev="configfs" ino=23134 res=0 errno=0 [ 238.694471][ T9228] netlink: 'syz.2.805': attribute type 29 has an invalid length. [ 238.702339][ T9228] netlink: 'syz.2.805': attribute type 30 has an invalid length. [ 238.713227][ T9228] netlink: 'syz.2.805': attribute type 31 has an invalid length. [ 238.729391][ T9228] netlink: 18 bytes leftover after parsing attributes in process `syz.2.805'. [ 239.013123][ T9251] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 241.410780][ T9288] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 241.984174][ T9313] netlink: 20 bytes leftover after parsing attributes in process `syz.0.825'. [ 243.731515][ T9339] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 244.338541][ T9365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.836'. [ 245.572379][ T9382] block2mtd: device name too long [ 245.950046][ T9390] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 247.561839][ T9440] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 249.892460][ T9491] netlink: 8 bytes leftover after parsing attributes in process `syz.3.870'. [ 251.021089][ T9524] futex_wake_op: syz.1.877 tries to shift op by -2048; fix this program [ 251.021298][ T9524] futex_wake_op: syz.1.877 tries to shift op by -2048; fix this program [ 251.059115][ T9523] ================================================================== [ 251.059147][ T9523] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 251.059194][ T9523] Write of size 8 at addr ffffc90004869000 by task syz.1.877/9523 [ 251.059216][ T9523] [ 251.059232][ T9523] CPU: 1 UID: 0 PID: 9523 Comm: syz.1.877 Tainted: G L syzkaller #0 PREEMPT(full) [ 251.059270][ T9523] Tainted: [L]=SOFTLOCKUP [ 251.059280][ T9523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 251.059303][ T9523] Call Trace: [ 251.059313][ T9523] [ 251.059323][ T9523] dump_stack_lvl+0x100/0x190 [ 251.059363][ T9523] print_report+0x156/0x4c9 [ 251.059399][ T9523] ? _raw_spin_lock_irqsave+0x52/0x60 [ 251.059434][ T9523] ? __virt_addr_valid+0x81/0x620 [ 251.059471][ T9523] ? sys_imageblit+0x19fb/0x1d60 [ 251.059507][ T9523] kasan_report+0xdf/0x1e0 [ 251.059540][ T9523] ? sys_imageblit+0x19fb/0x1d60 [ 251.059581][ T9523] sys_imageblit+0x19fb/0x1d60 [ 251.059624][ T9523] ? __pfx_sys_imageblit+0x10/0x10 [ 251.059669][ T9523] ? prb_read_valid+0x78/0xa0 [ 251.059704][ T9523] ? __pfx_prb_read_valid+0x10/0x10 [ 251.059742][ T9523] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 251.059774][ T9523] soft_cursor+0x524/0xa10 [ 251.059814][ T9523] ? fb_get_color_depth+0x120/0x250 [ 251.059845][ T9523] bit_cursor+0xe58/0x16f0 [ 251.059880][ T9523] ? __pfx_bit_cursor+0x10/0x10 [ 251.059911][ T9523] ? __lock_acquire+0x4a5/0x2630 [ 251.059953][ T9523] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 251.059982][ T9523] ? get_color+0x1da/0x450 [ 251.060008][ T9523] ? __pfx_bit_cursor+0x10/0x10 [ 251.060038][ T9523] fbcon_cursor+0x43c/0x5e0 [ 251.060066][ T9523] ? add_softcursor+0x160/0x290 [ 251.060101][ T9523] set_cursor+0x1db/0x250 [ 251.060134][ T9523] con_write+0x89/0xb0 [ 251.060170][ T9523] do_output_char+0x63b/0x850 [ 251.060195][ T9523] n_tty_write+0x528/0x12d0 [ 251.060228][ T9523] ? __pfx_n_tty_write+0x10/0x10 [ 251.060252][ T9523] ? __pfx_woken_wake_function+0x10/0x10 [ 251.060290][ T9523] ? __pfx___might_resched+0x10/0x10 [ 251.060330][ T9523] ? __pfx_n_tty_write+0x10/0x10 [ 251.060359][ T9523] file_tty_write.isra.0+0x4d2/0x890 [ 251.060403][ T9523] redirected_tty_write+0xd4/0x120 [ 251.060441][ T9523] vfs_write+0x6ac/0x1070 [ 251.060467][ T9523] ? __pfx_redirected_tty_write+0x10/0x10 [ 251.060508][ T9523] ? __pfx_vfs_write+0x10/0x10 [ 251.060532][ T9523] ? find_held_lock+0x2b/0x80 [ 251.060564][ T9523] ksys_write+0x12a/0x250 [ 251.060589][ T9523] ? __pfx_ksys_write+0x10/0x10 [ 251.060620][ T9523] do_syscall_64+0x106/0xf80 [ 251.060664][ T9523] ? clear_bhb_loop+0x40/0x90 [ 251.060697][ T9523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.060725][ T9523] RIP: 0033:0x7fb228f9c799 [ 251.060746][ T9523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 251.060774][ T9523] RSP: 002b:00007fb229f04028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 251.060806][ T9523] RAX: ffffffffffffffda RBX: 00007fb229215fa0 RCX: 00007fb228f9c799 [ 251.060825][ T9523] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 251.060842][ T9523] RBP: 00007fb229032c99 R08: 0000000000000000 R09: 0000000000000000 [ 251.060859][ T9523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 251.060876][ T9523] R13: 00007fb229216038 R14: 00007fb229215fa0 R15: 00007ffde0d9e848 [ 251.060903][ T9523] [ 251.060913][ T9523] [ 251.060920][ T9523] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc90004569000 allocated at drm_gem_shmem_vmap_locked+0x54b/0x800 [ 251.060981][ T9523] Memory state around the buggy address: [ 251.060995][ T9523] ffffc90004868f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 251.061018][ T9523] ffffc90004868f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 251.061036][ T9523] >ffffc90004869000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 251.061051][ T9523] ^ [ 251.061065][ T9523] ffffc90004869080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 251.061083][ T9523] ffffc90004869100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 251.061097][ T9523] ================================================================== [ 251.061221][ T9523] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 251.061240][ T9523] CPU: 1 UID: 0 PID: 9523 Comm: syz.1.877 Tainted: G L syzkaller #0 PREEMPT(full) [ 251.061273][ T9523] Tainted: [L]=SOFTLOCKUP [ 251.061281][ T9523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 251.061295][ T9523] Call Trace: [ 251.061303][ T9523] [ 251.061312][ T9523] dump_stack_lvl+0x100/0x190 [ 251.061354][ T9523] vpanic+0x552/0x970 [ 251.061381][ T9523] ? __pfx_vpanic+0x10/0x10 [ 251.061412][ T9523] ? sys_imageblit+0x19fb/0x1d60 [ 251.061450][ T9523] panic+0xd1/0xe0 [ 251.061475][ T9523] ? __pfx_panic+0x10/0x10 [ 251.061502][ T9523] ? sys_imageblit+0x19fb/0x1d60 [ 251.061540][ T9523] ? preempt_schedule_common+0x42/0xc0 [ 251.061583][ T9523] check_panic_on_warn.cold+0x19/0x34 [ 251.061613][ T9523] end_report.part.0+0x3a/0x90 [ 251.061649][ T9523] kasan_report.cold+0xe/0x18 [ 251.061693][ T9523] ? sys_imageblit+0x19fb/0x1d60 [ 251.061735][ T9523] sys_imageblit+0x19fb/0x1d60 [ 251.061778][ T9523] ? __pfx_sys_imageblit+0x10/0x10 [ 251.061816][ T9523] ? prb_read_valid+0x78/0xa0 [ 251.061849][ T9523] ? __pfx_prb_read_valid+0x10/0x10 [ 251.061885][ T9523] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 251.061915][ T9523] soft_cursor+0x524/0xa10 [ 251.061951][ T9523] ? fb_get_color_depth+0x120/0x250 [ 251.061982][ T9523] bit_cursor+0xe58/0x16f0 [ 251.062018][ T9523] ? __pfx_bit_cursor+0x10/0x10 [ 251.062050][ T9523] ? __lock_acquire+0x4a5/0x2630 [ 251.062088][ T9523] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 251.062117][ T9523] ? get_color+0x1da/0x450 [ 251.062144][ T9523] ? __pfx_bit_cursor+0x10/0x10 [ 251.062174][ T9523] fbcon_cursor+0x43c/0x5e0 [ 251.062202][ T9523] ? add_softcursor+0x160/0x290 [ 251.062238][ T9523] set_cursor+0x1db/0x250 [ 251.062272][ T9523] con_write+0x89/0xb0 [ 251.062310][ T9523] do_output_char+0x63b/0x850 [ 251.062356][ T9523] n_tty_write+0x528/0x12d0 [ 251.062392][ T9523] ? __pfx_n_tty_write+0x10/0x10 [ 251.062422][ T9523] ? __pfx_woken_wake_function+0x10/0x10 [ 251.062465][ T9523] ? __pfx___might_resched+0x10/0x10 [ 251.062506][ T9523] ? __pfx_n_tty_write+0x10/0x10 [ 251.062536][ T9523] file_tty_write.isra.0+0x4d2/0x890 [ 251.062579][ T9523] redirected_tty_write+0xd4/0x120 [ 251.062619][ T9523] vfs_write+0x6ac/0x1070 [ 251.062645][ T9523] ? __pfx_redirected_tty_write+0x10/0x10 [ 251.062692][ T9523] ? __pfx_vfs_write+0x10/0x10 [ 251.062717][ T9523] ? find_held_lock+0x2b/0x80 [ 251.062754][ T9523] ksys_write+0x12a/0x250 [ 251.062780][ T9523] ? __pfx_ksys_write+0x10/0x10 [ 251.062811][ T9523] do_syscall_64+0x106/0xf80 [ 251.062849][ T9523] ? clear_bhb_loop+0x40/0x90 [ 251.062881][ T9523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.062909][ T9523] RIP: 0033:0x7fb228f9c799 [ 251.062932][ T9523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 251.062959][ T9523] RSP: 002b:00007fb229f04028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 251.062986][ T9523] RAX: ffffffffffffffda RBX: 00007fb229215fa0 RCX: 00007fb228f9c799 [ 251.063005][ T9523] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 251.063023][ T9523] RBP: 00007fb229032c99 R08: 0000000000000000 R09: 0000000000000000 [ 251.063040][ T9523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 251.063057][ T9523] R13: 00007fb229216038 R14: 00007fb229215fa0 R15: 00007ffde0d9e848 [ 251.063085][ T9523] [ 251.063369][ T9523] Kernel Offset: disabled