last executing test programs: 2m26.722670247s ago: executing program 3 (id=745): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) unshare$auto(0x40000080) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/ping_group_range\x00', 0x202, 0x0) sendfile$auto(r0, r0, 0x0, 0x2) r1 = socket(0x2, 0x2, 0x88) bind$auto(0x3, &(0x7f0000000040)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}, 0x6a) mmap$auto(0x0, 0x400008, 0xfffffffffffffff9, 0x9b72, 0x2, 0x8000) recvfrom$auto(r1, 0x0, 0xffffffff80000001, 0x2, 0x0, 0x0) write$auto(0x3, 0x0, 0xfdf3) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/cmdline\x00', 0x101000, 0x0) socket(0x2, 0x1, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x900, 0x0) lseek$auto(0x3, 0x0, 0x1) read$auto(0xffffffffffffffff, 0x0, 0x7) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x60102, 0x0) unshare$auto(0xfff) 2m25.655100258s ago: executing program 3 (id=750): ioprio_get$auto(0x3, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = socket(0x2b, 0x1, 0x1) ioctl$auto(r2, 0x8983, 0x4) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, 0x0, 0x0) statmount$auto(0x0, &(0x7f0000000440)={0x6, 0x6, 0x53, 0x4, 0x1, 0x4, 0x2, 0x3, 0x5, 0xffffffff80000001, 0x57d6, 0x8, 0x3, 0x2, 0x8, 0x3, 0x1, 0x8001, 0x400, 0x1ff, 0xfff, 0xd8, 0x8, 0x4, 0x9, 0xbef3, 0x411, 0x7, 0x0, 0x5, 0x7, [0x6, 0x7f, 0xbce7, 0x599, 0x56, 0xf93, 0x6, 0x8, 0xffffffffffffffff, 0x0, 0x200000000000, 0x2, 0x1, 0x8, 0x1000, 0x40004545, 0x4, 0x2000000000000a, 0xb, 0xf5fd, 0x7, 0x4, 0x7fffffff, 0x1fc, 0x2, 0x5, 0x8, 0x4, 0x4, 0x1, 0x4, 0x800000, 0x5, 0x80, 0x6, 0x4, 0x7, 0x4, 0xffc0000000000000, 0x2, 0x9, 0x8, 0x80000001]}, 0x40, 0x36) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/134, 0x86) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) setsockopt$auto_SO_DETACH_REUSEPORT_BPF(0xffffffffffffffff, 0x2, 0x44, &(0x7f0000000180)='\x00', 0x7) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 2m24.405828387s ago: executing program 3 (id=755): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptywf\x00', 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x9) unshare$auto(0x40000080) mmap$auto(0xfffffffffffffffe, 0x580f, 0x112f4a03, 0x8000000008011, 0x3, 0x0) fadvise64$auto(r0, 0x0, 0xffffffff80000001, 0x8) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0002, 0x0) close_range$auto(0x2, 0x8, 0x0) msgget$auto(0x0, 0x5) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) write$auto(0x3, 0x0, 0x1) write$auto(0x3, 0x0, 0xfdef) msgsnd$auto(0x0, &(0x7f0000000040)={0x5}, 0x1000, 0x4) msgctl$auto(0x0, 0x0, 0x0) 2m23.539016777s ago: executing program 3 (id=758): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0xffffffffffffb8f1, 0x5, 0x3, 0x613, 0xfffffffffffffffa, 0x100000000000006) select$auto(0x5, 0x0, 0x0, 0x0, 0x0) setresgid$auto(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve0\x00'}) bpf$auto(0x4, &(0x7f0000000180)=@query={@target_fd=r0, 0x9, 0x1, 0x6f7, 0x8, @count=0xf58000, 0x0, 0x7, 0x81, 0x0, 0xe}, 0x1) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x80000000000000a, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r1, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) fanotify_init$auto(0x1000, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000040)='//\xf2\x00', 0x80000000) 2m21.974926909s ago: executing program 3 (id=763): socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/007/001\x00', 0x482301, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) r1 = openat$auto_force_suspend_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/bluetooth/hci1/force_suspend\x00', 0x121401, 0x0) write$auto_force_suspend_fops_hci_vhci(r1, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mlockall$auto(0x7) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) r2 = prctl$auto(0x401, 0x7fff, 0x0, 0xfffd, 0x2d5) mmap$auto(0x0, 0xfffffffffffffff7, 0x5, 0x19, r0, 0x7) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x7f, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0xffffffffffffffff, 0x2) epoll_pwait$auto(r2, 0x0, 0x76bc33ad, 0x1e232711, &(0x7f00000000c0)={0x8}, 0x8) 2m20.770096935s ago: executing program 3 (id=766): set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0x5, 0x8, 0x5}, &(0x7f00000001c0)=0x6, &(0x7f0000000200)=0x1, 0x1, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x9, 0xf}) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r2, 0x540a, 0x0) close_range$auto(0x2, 0x8, 0x0) msgrcv$auto(0x9, 0x0, 0xfffffffffffffffd, 0x6, 0x80008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) madvise$auto(0x2, 0x5c61fa2c, 0xf) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x800) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r3, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) vmsplice$auto(r1, &(0x7f00000003c0)={&(0x7f00000002c0)="be051daab014ee6621f6292de68e0510b23cfdbc6b68c77a02cd34776cd58c6bb3e0c66406188a685d877b71c8f7901fdc348ac39ebc7378fbab0882b8dd161f3c01285c286de95dd890846c787fbccd86e5ed7a5231c970cb800e2bc805bbd7853925b74b9d026ade0de6b50b6073aa20f22afdbf2218fb1ed3749ac38009dc1c2fc184cff0e519dc00ae21200dd956b4225d93d2600753d8f38baf4437690109aacd18eeaace0ddd2f95f707ac2528f03a6c910428e01b3896768f16a3e0e92d8a14ed8738dac2a9c519b7aac1aba640", 0x8000000000000001}, 0x80, 0x1) 2m5.417420869s ago: executing program 32 (id=766): set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0x5, 0x8, 0x5}, &(0x7f00000001c0)=0x6, &(0x7f0000000200)=0x1, 0x1, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x9, 0xf}) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r2, 0x540a, 0x0) close_range$auto(0x2, 0x8, 0x0) msgrcv$auto(0x9, 0x0, 0xfffffffffffffffd, 0x6, 0x80008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) madvise$auto(0x2, 0x5c61fa2c, 0xf) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x800) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r3, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) vmsplice$auto(r1, &(0x7f00000003c0)={&(0x7f00000002c0)="be051daab014ee6621f6292de68e0510b23cfdbc6b68c77a02cd34776cd58c6bb3e0c66406188a685d877b71c8f7901fdc348ac39ebc7378fbab0882b8dd161f3c01285c286de95dd890846c787fbccd86e5ed7a5231c970cb800e2bc805bbd7853925b74b9d026ade0de6b50b6073aa20f22afdbf2218fb1ed3749ac38009dc1c2fc184cff0e519dc00ae21200dd956b4225d93d2600753d8f38baf4437690109aacd18eeaace0ddd2f95f707ac2528f03a6c910428e01b3896768f16a3e0e92d8a14ed8738dac2a9c519b7aac1aba640", 0x8000000000000001}, 0x80, 0x1) 1m42.548085894s ago: executing program 4 (id=832): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440), 0x0) pkey_free$auto(0x5) mmap$auto(0x0, 0x0, 0x7, 0xeb1, 0xffffffffffffffff, 0x100) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x402e00, 0x0) r1 = openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x10001) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f00000001c0)) read$auto(r2, 0x0, 0x1000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) symlink$auto(0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x145202, 0x0) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0x10400, 0x3, 0x0) listen$auto(0x3, 0x3) 1m38.291376871s ago: executing program 4 (id=837): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_team\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_CQM(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="030026bd0ecd72913be4837b00000800", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40800) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macvtap0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'team_slave_0\x00'}) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xdc, r1, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}]}, @ETHTOOL_A_LINKINFO_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @ETHTOOL_A_LINKINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_LINKINFO_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xd}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKINFO_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x4000040}, 0x4000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x80202, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) fchown$auto(0xffffffffffffffff, 0x0, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b70, r6, 0x4) setresgid$auto(0x81, 0x800000a0, 0x8) rt_sigtimedwait$auto(&(0x7f0000000040)={0xc00000}, 0x0, &(0x7f0000000180), 0x8) setgroups$auto(0xc00000000, 0xfffffffffffffffc) setresuid$auto(0x0, 0x8, 0x8000) shmget$auto(0x8, 0x10563, 0x568d1af2) 1m37.113994425s ago: executing program 4 (id=841): unshare$auto(0x40000080) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x40001, 0x0) write$auto(r0, 0x0, 0xfff) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) listmount$auto(0x0, &(0x7f00000001c0)=0x4, 0x4, 0x101) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) pidfd_open$auto(0x1, 0x0) openat$auto_nodes_fops_netdebug(0xffffffffffffff9c, &(0x7f00000000c0), 0x38ef3088691cd6ca, 0x0) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/cuse\x00', 0x1842, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/hotplug/target\x00', 0x201, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d39, 0x5, 0x2, 0x1]}, 0x0) init_module$auto(0x0, 0xffff9, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r2) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto(r3, 0x8001af85, 0x0) 1m36.014583769s ago: executing program 4 (id=843): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x5, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x73) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x6, 0x0) open(0x0, 0x22240, 0x155) io_uring_setup$auto(0x6, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, 0x0, 0x121080, 0x0) socket(0x2, 0x5, 0x0) openat$auto_stat_fops_(0xffffffffffffff9c, 0x0, 0x202802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40080, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xc2dc0, 0x0) socket(0x11, 0x2, 0x14) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) read$auto(0x3, 0x0, 0x30) 1m35.664937663s ago: executing program 4 (id=845): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) keyctl$auto(0x2000000000000016, 0x0, 0xfffffffe, 0x400040, 0xa8) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/keys\x00', 0x8340, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\x13\x12dQ\x01y\xeb', 0x7e) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000240), 0xa0300, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f00000001c0)={{@inferred=0x0, 0x7, 0x101, 0x7, "aab8e80600080043529f895cf5e8ec8f46cbb766439daa41e1aa00000000001200000000070a00", @raw=0x2}, 0x6, 0x8, 0x6, @raw=0xd7, @enumerated={0x1, 0xffff, "3a451db75512bd3527fc812ba5063f658f3a83495f2f7e8b4b84d579e75c002e35796b745e9f1f32cbfbdc296577c42c2257f3cdba1288075707bcc50e018166", 0x10000000009e, 0x9}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r2, 0xc0405519, &(0x7f00000000c0)={@inferred=r3, 0x7, 0xd, 0xa4, "e3eabf11dce36a2eac9cb4682c339b3ce615a9b97386d4462bc6553245da56e4978f37368e849db4a6e0aa4e", @raw=0xa2cfa1c}) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) fsetxattr$auto(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x3) r4 = socket(0x2b, 0x1, 0x0) mmap$auto(0x4, 0x800, 0xd, 0x13, r0, 0xe280) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, 0x0, 0x9, 0x0, 0x1f, 0x9}, 0x800009}, 0x7, 0x20000000) 1m34.211581767s ago: executing program 4 (id=849): io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) statmount$auto(0x0, &(0x7f0000000400)={0x8, 0x1, 0x9, 0x3, 0xb, 0x940, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x3, 0x4, 0xb0, 0x7, 0x6, 0x3, 0x5, 0x7}, 0x1fe, 0x81) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0) sendfile$auto(r0, r0, 0x0, 0x7fff) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c06, 0x0) unshare$auto(0x40000080) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x42, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x1b, &(0x7f00000000c0), 0x1) unshare$auto(0x40000080) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x280, 0x0) ioctl$auto_SNDCTL_SEQ_TESTMIDI(r4, 0x40045108, &(0x7f00000000c0)="2c6bfeb7") r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r3, r5, 0x0, 0x1000200) write$auto(r2, 0x0, 0xa3d9) munmap$auto(0x200000008000, 0xffffffff) 1m18.946613057s ago: executing program 33 (id=849): io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) statmount$auto(0x0, &(0x7f0000000400)={0x8, 0x1, 0x9, 0x3, 0xb, 0x940, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x3, 0x4, 0xb0, 0x7, 0x6, 0x3, 0x5, 0x7}, 0x1fe, 0x81) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0) sendfile$auto(r0, r0, 0x0, 0x7fff) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c06, 0x0) unshare$auto(0x40000080) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x42, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x1b, &(0x7f00000000c0), 0x1) unshare$auto(0x40000080) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x280, 0x0) ioctl$auto_SNDCTL_SEQ_TESTMIDI(r4, 0x40045108, &(0x7f00000000c0)="2c6bfeb7") r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r3, r5, 0x0, 0x1000200) write$auto(r2, 0x0, 0xa3d9) munmap$auto(0x200000008000, 0xffffffff) 47.215835283s ago: executing program 0 (id=960): mmap$auto(0x0, 0x4, 0x4000000000e3, 0x40eb1, 0x401, 0x300000000000) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="f4ffffff", @ANYBLOB="01002bbd"], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x4001090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x20002, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) readv$auto(0x3, &(0x7f0000000600)={0x0, 0xc}, 0x1da) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0x7b2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x9, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000001c0)) ustat$auto(0xffffffff, &(0x7f0000000000)={0x1, 0x2, "bf8f5305ef6f", "bf04d55c09b2"}) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/fs/9p/caches\x00', 0x103280, 0x0) read$auto(0x3, 0x0, 0x80) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) 44.971147605s ago: executing program 0 (id=954): unshare$auto(0x40000080) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x20000080) syz_clone3(&(0x7f0000000300)={0x2c022000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) splice$auto(0x4, 0x0, r1, 0x0, 0x80000004, 0x9) write$auto(0x6, &(0x7f00000000c0)='#\a\x1cFnJ\x04\xc76c0\xf6D\xf0\t\b:-\x01\x11\xb1\xd1ldc=\x14\xf6\x91`\xe8\rs\xf1UI\x91\x04\x90\xfd\x9f\xd7|\xf6\xb2lD\x03\xc7\xc8\xe8/cDT%\xa3\xa5n\xb9D\xc6h', 0x1) write$auto(r0, &(0x7f0000000400)='/dev\x1eau\xa4\xa4%\xcb\x00', 0x6) sendmsg$auto_TASKSTATS_CMD_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x20004000) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r2, 0x0, 0x101) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) ioctl$auto_XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, 0x0) r4 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r4, 0x0, 0x0, 0x9) read$auto_mon_fops_text_t_mon_text(r4, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) 43.672557181s ago: executing program 0 (id=958): unshare$auto(0x40000080) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) fcntl$auto(r0, 0x4, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f00000002c0)={{@inferred=0x0, 0x5, 0x800009, 0x2, "4941aa833e2fc65b6b3cf7cec56d67c8dd3500f11581916caa0d445300", @raw=0x7}, 0x4, 0xfffffff9, 0x1, @inferred, @enumerated={0xffff, 0xffe, "4bd04167d52dbe3758dcb7641f58661870525adcaedaa5deaa336a58b7382f979a0ff0b3d9583c08610104000049d9f994ef5578e78507d4f25cd03a4c4b5700", 0x9, 0x3fd}, "6cc1888a6393f1b4285854c5368de438f8cc142ef6df1259b05ba1183bedbd31b642b4051bc7955610c61c329794e5311121c760cb8211c78e6947a99807bcc1"}) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, r2, 0x5, 0x19) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) select$auto(0xe, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x7}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) mmap$auto(0x3, 0x60009, 0xffffffffffff0002, 0x9b72, 0x7, 0x4) close_range$auto(0x2, 0xa, 0x0) pwrite64$auto(0xffffffffffffffff, &(0x7f00000004c0)='\vX\xc9\xb3\xbc\x8c\x1dga08\x90\x86\xdde\x1cJ\x99\x00\x11:\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xfe\x80\x12\x00\x00\x00\x00\x00\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x2) io_uring_setup$auto(0xd, 0x0) io_uring_setup$auto(0x4000006, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) msgsnd$auto(0x0, &(0x7f0000000040)={0x40000007fc, 0x7}, 0x400, 0x2) msgrcv$auto(0xfffffffc, 0x0, 0x9, 0xffffffffffffffff, 0xf9) mmap$auto(0x0, 0x30008, 0x4000000000e3, 0x4000eb1, 0x401, 0x208000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0xfffffffb, 0x5, 0x8000000000000000, 0x0) 42.201450741s ago: executing program 0 (id=965): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x2, 0x400007, 0xe895, 0x16, r0, 0x401) r1 = openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) fadvise64$auto_POSIX_FADV_NORMAL(r1, 0x3, 0xc46c, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) write$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffffff, &(0x7f0000000180)="26ef51514d2fd584cb9b1efeac43064a227743f894849c79d0911c2b49f6c703d6fcb1feb1c4f224838a0eb4d47745502dc6dafb7ea8d402ba2617b018bcb6b2f508aa23c4c467b486911918c8a6f0de9265c110b77bae583f7cc1", 0x5b) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x0, 0x300, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x400c080) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x70, 0xdf, 0x9b72, 0x2, 0x80000000008000) setsockopt$auto(0xffffffffffffffff, 0x107, 0x5, 0x0, 0xce24) connect$auto(0x3, 0x0, 0x55) bpf$auto(0x0, 0x0, 0x0) read$auto(0x3, 0x0, 0x80) mmap$auto(0xffffffffffffffff, 0x8, 0xffe, 0x17, 0xffffffffffffffff, 0x7) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS0\x00', 0x8a100, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) 40.699101566s ago: executing program 0 (id=968): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x80002, 0x0) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/cgroup\x00', 0x100382, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000040), 0x669400, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/asound/card0/pcm0p/sub3/xrun_injection\x00', 0x8a180, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/batadv_slave_0/proxy_ndp\x00', 0x382, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0xd1) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) getsockopt$auto(0xffffffffffffffff, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 40.143555504s ago: executing program 0 (id=970): mmap$auto(0xa, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) sendmsg$auto_THERMAL_GENL_CMD_CDEV_GET(0xffffffffffffffff, 0x0, 0x8801) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x101202, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x800000000007, 0xd, 0x1, 0x7, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2deb43, 0x0) faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0xa, 0x2, 0x88) recvmmsg$auto(0x3, 0x0, 0xfff, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) 24.835105304s ago: executing program 34 (id=970): mmap$auto(0xa, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) sendmsg$auto_THERMAL_GENL_CMD_CDEV_GET(0xffffffffffffffff, 0x0, 0x8801) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x101202, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x800000000007, 0xd, 0x1, 0x7, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2deb43, 0x0) faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0xa, 0x2, 0x88) recvmmsg$auto(0x3, 0x0, 0xfff, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) 9.915034107s ago: executing program 1 (id=1042): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x408, 0x7, 0x1ff, 0x7, 0x42, 0xfff, 0x1ffdf, 0x7, 0x200003, 0x2, 0xa121, 0x3, 0x6, 0x4, 0xb4, 0xa, 0x6, 0x10001, 0x80, 0x100000000, 0x0, 0x7, 0x2100, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0xd) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'vlan1\x00', 0x0}) sendmsg$auto_NETDEV_CMD_BIND_RX(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@NETDEV_A_DMABUF_IFINDEX={0x8, 0x1, r2}, @NETDEV_A_DMABUF_FD={0x8, 0x3, r0}, @NETDEV_A_DMABUF_QUEUES={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x2020005, 0x2, 0x110, r0, 0x7fff) r4 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xb8, 0x100000000, 0x5, 0x1b, 0x93c, 0x1ffdc, 0x7, 0x2000000000000006, 0x2, 0x9, 0x5, 0x2, 0x8001, 0xae, 0x9, 0x922, 0x7, 0x5, 0x5, 0x3, 0xfffffffe, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r5 = socket(0x2b, 0x1, 0x1) ioctl$auto(r5, 0x8901, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) 9.495149272s ago: executing program 1 (id=1043): r0 = socket$nl_generic(0x10, 0x3, 0x10) mprotect$auto(0x110c230000, 0x1, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x83, 0x0, 0x8) mremap$auto(0x110c230000, 0x0, 0x101, 0x3, 0x0) r1 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto_rng_chrdev_ops_core(r1, &(0x7f0000000140)=""/240, 0xf0) timer_create$auto(0x3, 0x0, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x0, 0x400}, {0x0, 0x87}}, 0x0) mmap$auto(0x0, 0x5, 0xfff, 0x44eb2, 0x10006, 0x300000000000) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000080), r0) statx$auto(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8, 0x8, &(0x7f0000000100)={0x8b0, 0x1, 0x4, 0x9, 0xee00, 0xee01, 0x1, 0x1, 0xd, 0x4, 0xf9f, 0xc, {0x2, 0x8}, {0x100000001, 0xc1}, {0x7, 0x6}, {0x7fffffffffffffff, 0x7}, 0x39a2, 0x0, 0x2, 0x8, 0x40, 0x1, 0xb, 0x8, 0x7, 0x80000001, 0x4, 0x1, [0xfe17, 0x7, 0x3960b811, 0x3f, 0x9ea2, 0x6, 0x101, 0x10000]}) msgctl$auto_MSG_STAT_ANY(0xffffffff, 0xd, &(0x7f0000000300)={{0x3, 0xffffffffffffffff, 0x0, 0xc4f7, 0x5, 0x800, 0x9}, &(0x7f0000000200)=0x7, &(0x7f0000000240)=0x20, 0x4, 0x4, 0x9, 0x1, 0xffffffffffffffff, 0x0, 0xe, 0x4, @raw=0x40, @raw=0xfffffff9}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/nbd4/queue/optimal_io_size\x00', 0x40000, 0x0) read$auto(r2, 0x0, 0x20) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSA(r0, &(0x7f0000006200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="230027bd7000fedbdf250900000014000380100001800c0036006e6c38303231310004000280080001", @ANYRES32=0x0], 0x34}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) ioctl$auto(0xffffffffffffffff, 0x6f2d, 0xffffffffffffffff) fadvise64$auto_POSIX_FADV_RANDOM(r0, 0x7, 0x9, 0x1) 8.999816372s ago: executing program 1 (id=1045): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x800000000801e, 0x3, 0x8004) setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa) mmap$auto(0x235, 0x40000a, 0x20000000000d, 0x208018, 0xffffffffffffffff, 0x200000001) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) ioctl$auto_UBI_IOCATT(r0, 0x40186f40, &(0x7f0000000080)={0x2, 0x0, 0x697, 0x9, 0x5, 0x6}) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x40800, 0x0) openat2$dir(0xffffff9c, 0x0, &(0x7f00000002c0)={0x400000, 0x71fae78b53f8a505, 0x20}, 0x18) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x781a82, 0x0) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0x2, 0x8000) get_mempolicy$auto(0x0, 0x0, 0x7f, 0x8, 0x3) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x8a603, 0x0) ioctl$auto(r1, 0x5646, r1) sysfs$auto(0x2, 0x5, 0x0) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto(r2, 0x6, 0x0, 0x0, 0x0) 7.697639192s ago: executing program 2 (id=1056): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x2, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop9\x00', 0xca900, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000040)='/dev/usbmon26\x00', 0x40000, 0x0) socket(0xa, 0x2, 0x73) timerfd_create$auto(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x73) open(0x0, 0x2a4c0, 0x20) r0 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto(r1, 0x40384708, r0) 7.408478015s ago: executing program 2 (id=1050): mmap$auto(0xfffffffffffffffd, 0x400008, 0x1, 0x800009b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0x2202, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, 0x0) r1 = socket(0x2b, 0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x82042, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, r1, 0x8000) select$auto(0x8, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xfe, 0x3, 0x14, 0xffffffffffffffff, 0x9000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) write$auto(0x1, 0x0, 0x80000000) bpf$auto(0x401, 0x0, 0x7fff) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x2, 0x5) socket(0x2b, 0x1, 0x1) 7.40243746s ago: executing program 1 (id=1059): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0x2c, 0x3, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto_SO_ATTACH_REUSEPORT_EBPF(r0, 0x3, 0x34, &(0x7f00000001c0)='/sys/kernel/debug/lru_gen\x00', 0xffffffff) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/018/001\x00', 0x101202, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0) unshare$auto(0x40000080) socketpair$auto(0x1, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0xa, 0x2, 0x88) recvmmsg$auto(0x3, 0x0, 0xfff, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) 6.740267048s ago: executing program 5 (id=1051): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyw5\x00', 0x28341, 0x0) ioctl$auto_TIOCMGET2(r1, 0x5415, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000400)='/dev/amidi2\x00', 0x201, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r2, 0xc0385720, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mknod$auto(&(0x7f0000000280)='X))\x00', 0x63c5, 0x7bf) mknod$auto(&(0x7f0000000340)='\xe1\x9eHU\x00', 0x63c1, 0x7fc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/workqueue/nf_ft_offload_add/power/runtime_active_time\x00', 0x20042, 0x0) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x66ab80, 0x0) r3 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000400), 0x101000, 0x0) ioctl$auto_UI_SET_EVBIT(r3, 0x40045564, &(0x7f0000000440)=0x1) unshare$auto(0x40000080) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, 0x0) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x2, 0x0, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0) 5.835847594s ago: executing program 1 (id=1052): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0xfffffffffffffffd, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYBLOB="010025bd7000ffdbdf25040000"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x24004840) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) socket(0x11, 0x80003, 0x300) r2 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) open_by_handle_at$auto(r2, &(0x7f0000000000)={0x8, 0x2, 'u\x00\x00\x00\x00\x00\x00\x00'}, 0x2) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/platform/vhci_hcd.6/usbmon/usbmon22/uevent\x00', 0x210400, 0x0) read$auto(r3, 0x0, 0x20) recvmsg$auto(r1, &(0x7f00000005c0)={0x0, 0x8, 0x0, 0xd3, &(0x7f0000000500)="6bfee52cc6d76e1c2f8b714f9ce8de29c2b8c6a36fd1081b8f6753c4db3a957fc9f3c8ce5a1f6aae5db64bc4b8383dea96682820b78f0fdf870dba5430e851305d4713df7f1124096ace834632a497cc07ffb3b6254aa69082434244066c46fe36fd6a587c8d1a8b40662762a5e48ddb2c86fa27c693a26df7fa2dd4f5762a1616bbbc094ba84c2f033b83814b8572c7bb08c224a9b33f1ac650d8c51cff0960141e613531d3f03e45860d2c2f7110f12d60c0b21f6a1556472a2f918584", 0xc, 0xffffffff}, 0xfffffff7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) poll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto(r4, 0x4008af24, 0xffffffffffffffff) 5.043521952s ago: executing program 6 (id=1053): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) mmap$auto(0x7ff, 0x400008, 0xdf, 0x9b72, 0x2, 0x5) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x101142, 0x0) write$auto(0x3, 0x0, 0x28) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) ioctl$auto(0x3, 0x4040ae77, 0x38) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r2, 0x0, 0x9) pivot_root$auto(0x0, 0x0) read$auto(0x3, 0x0, 0x80) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 4.5190907s ago: executing program 5 (id=1054): socket(0x2a, 0x2, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x80002, 0x0) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/cgroup\x00', 0x100382, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000040), 0x669400, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/asound/card0/pcm0p/sub3/xrun_injection\x00', 0x8a180, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/batadv_slave_0/proxy_ndp\x00', 0x382, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0xd1) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 4.101539426s ago: executing program 5 (id=1055): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x800, 0x0, &(0x7f00000001c0)) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x47, 0x8000) ioctl$auto(0xffffffffffffffff, 0x8983, 0x4) write$auto(r1, 0x0, 0x100000a3d9) select$auto(0x9, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8c00, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) kcmp$auto(0x1, 0x1, 0x0, r2, r2) openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, 0x0, 0xb02, 0x0) write$auto(0x3, 0x0, 0xfffffdef) 3.700437785s ago: executing program 2 (id=1057): sendmmsg$auto(0xffffffffffffffff, &(0x7f00000005c0)={{&(0x7f0000000740)="767e4d7d97d6ca131acd44d7c28d71e407922b202e88c7c8da8e215bb97ec2f61cf4a64a8eb1bd2c80e28afc5aafbef21118d4a82258daa8e2aa18b0e5486999ef70fbddbcf9d5c7ab7a00", 0x12, 0x0, 0xb, 0x0, 0x1, 0x3}, 0x4c}, 0x804, 0x20000002) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0xc19, &(0x7f0000000680)="3b3d82e3934f69ff551321ee1667b7bbdde1cd934db3bd3d5d8c0e1f98facdffad6f35a52eaea6d1e112dd288fcd9d5d6e935e519b1ba83fca1af224210339593bd73495816ecc20d6520871f6e2a70da6e87e5921a2af8a47f7a331f8019a6f6396b679fbc7dd7695fda9b094aa75e74f790680a3b734d4626dc8e7c5af26e3c9c4191d38cc4e6860ce0791bd24c7d132e590f04887b43891187a78048642c68fcf478b153697f75e2bf60688") r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/module/usbip_core/uevent\x00', 0x72d100, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, 0x0, 0x3) setpriority$auto(0x81, 0xee01, 0x1002d) clock_gettime$auto(0x1, 0x0) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) ioctl$auto_PROCMAP_QUERY(r1, 0xc0686611, &(0x7f0000000080)={0x67, 0x3f, 0x7fff, 0x5, 0x80000000007, 0x3, 0x6, 0xff, 0x5, 0x7f, 0xfbfffffe, 0xfff, 0x7fb, 0x4, 0x9}) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000001c0)=""/29, 0x1d) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000080), r2) socket$nl_generic(0x10, 0x3, 0x10) mknod$auto(&(0x7f00000003c0)='./file0\x00', 0x9, 0x9) mount$auto(&(0x7f0000000000)='veth0_macvtap\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, &(0x7f0000000180)={0xe, 0x81, 0x44, 0x9, 0x3, 0xffffffffffffffff}) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000540)={"16833843180bb151ed36e8ce6cb454168d6c00", 0x3, 0xcb, 0x4003, 0x40, 0x8000000000000000}) ioctl$auto_BLKTRACESTART(r3, 0x1274, 0x0) 3.342691592s ago: executing program 6 (id=1058): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0xa140, 0x0) r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x300, 0x0) read$auto(r4, 0x0, 0x1f40) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r5, &(0x7f00000000c0)={0x0, 0x7}, 0x3) getpgid$auto(0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000140)=""/122, 0x7a) syslog$auto(0x3, 0xfffffffffffffffd, 0x6) newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0xfffffffd) r6 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r6, 0xc0603d06, 0x0) r7 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000002c00), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004440)={&(0x7f0000000040)={0xa0, r7, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x88, 0x1, 0x0, 0x1, [@nested={0x84, 0x10a, 0x0, 0x1, [@nested={0x7f, 0x106, 0x0, 0x1, [@generic="c5d92bda15c812dce50c00260cbee210c173caf9b8115cc49860774a00784d9280c2bee46f969224b25ffb68dd9694d630791a339aa3c253d49c68df80ae6dc3f9634b41233ac659b05d6e77b4ee1857cfc349fe2f99933b3b3b08d88f0b69b3b025595ffc1e5c42f0cafd35bf883bc2dffee964a543097fbca5ef"]}]}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x20000840}, 0x840) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r10 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000840)='./cgroup.cpu/memory.stat\x00', 0x80200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r10, &(0x7f0000000240)=""/118, 0x76) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdc02, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @ETHTOOL_A_RINGS_CQE_SIZE={0x8, 0xc, 0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80014) 3.096232532s ago: executing program 2 (id=1060): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0xfffffffffffffffe, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) open(0x0, 0x6041, 0x0) r0 = gettid() process_vm_readv$auto(r0, &(0x7f0000000080)={&(0x7f0000000040)="0e5165", 0x1}, 0x2, &(0x7f00000001c0)={0x0, 0x7}, 0x2, 0x0) clone3$auto(&(0x7f0000000100)={0x6, 0x7, 0x0, 0x5, 0xd, 0x80000000, 0x3ff, 0x8, 0x2, 0x2, 0x1}, 0x3) openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000080), 0x2e6100, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x900, 0x0) ioctl$auto_CEC_ADAP_G_LOG_ADDRS(r2, 0x805c6103, &(0x7f00000001c0)={"8911bd3a", 0x1, 0x0, 0x6, 0x4, 0x6, "feaf587cdf4d2f534a1c88d3e40a00", "e6cf6512", "f34cae3a", "10a991b3", ["3ae887a128f1d8c79420d880", "b11feafce4d296d8c985d069", "0149f0a7102c3fffab592db0", "0059c09dca7de9bdbbc6be07"]}) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) 2.884680899s ago: executing program 5 (id=1061): openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/nbd11/sched/async_depth\x00', 0x2000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count\x00', 0xc0082, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x100, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO2(r0, 0x80184132, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/pcmC1D0p\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram4\x00', 0xdd01, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) ioctl$auto_BLKRRPART(r2, 0x125f, 0x700000000000000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram2\x00', 0x14f602, 0x0) r3 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x7, 0x3b, 0x7, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb2, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffc]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x7a, 0x0, 0xeb3, 0x401, 0x8000) 2.008410661s ago: executing program 5 (id=1062): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) readv$auto(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000180), 0x200}, 0x6) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/bond_slave_1/disable_policy\x00', 0x202, 0x0) sendfile$auto(r3, r2, 0x0, 0x48) getdents$auto(0xffffffffffffffff, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0009, 0x13) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'tunl0\x00'}) madvise$auto(0x0, 0x53, 0x9) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010329bd7b00ffdbdf250a0000000c0002006e6c383032313100"], 0x20}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810) 1.999263133s ago: executing program 6 (id=1070): read$auto_qrtr_tun_ops_tun(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x2, 0x88) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000003b00)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x600, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xad41, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, 0x0, 0x101002, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r2) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r2, 0x0, 0x0) readv$auto(r1, &(0x7f0000003dc0)={0x0, 0x1}, 0xb) r3 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/buffer_percent\x00', 0x1, 0x0) writev$auto(r3, &(0x7f00000035c0)={0x0, 0x4}, 0x4000000000006) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) rename$auto(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') bpf$auto(0xfffffffd, &(0x7f0000000000)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x4, 0x6, 0xffffffffffffffff, @relative_id=0x2, 0x9}, 0xa3) sendto$auto(r0, 0x0, 0x401, 0xffff, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x40242, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) 1.998609001s ago: executing program 2 (id=1063): pread64$auto(0xffffffffffffffff, 0x0, 0x101fb, 0x8800000005) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = ioctl$auto_TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, &(0x7f0000001000)=0x4) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000001080), 0xffffffffffffffff) mkdir$auto(&(0x7f00000002c0)='./file0\x00', 0x3) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) rename$auto(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') sendmsg$auto_NL802154_CMD_GET_SEC_DEV(r0, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004040}, 0x40) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xc0180, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0xa, 0x72, 0x8b72, 0x2, 0x8000) sysfs$auto(0x2, 0x1f, 0x0) r3 = socket(0x2, 0x801, 0x106) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), r2) sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r4, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@OVS_DP_ATTR_NAME={0xd, 0x1, '/dev/kvm\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8}, @OVS_DP_ATTR_NAME={0xd, 0x1, '/dev/kvm\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40800}, 0x10) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto(r3, 0x11c, 0x2, 0x0, 0x0) unshare$auto(0x40000080) seccomp$auto_SECCOMP_SET_MODE_FILTER(0x1, 0x9, &(0x7f0000000000)) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0x4010ae42, 0x38) 1.995928682s ago: executing program 1 (id=1064): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/netdevsim3/sriov_numvfs\x00', 0x10b142, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) sendfile$auto(r1, r0, 0x0, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="13000000", @ANYRES16=0x0, @ANYBLOB="2586f2bd7000fedbdf2504000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080) r2 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='r'], 0x1ac}, 0x1, 0x0, 0x0, 0xc0}, 0x200440c0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000480)={{&(0x7f00000001c0)="4023323b52a998fc53754442197547d986396e4ac2f991ce93879e2fbeea07fa975eb48bee358e775e6a6cb2e54acee2ef0183bef6b6e7f1890e3a4c066c8369918de3254172611a83c7b6aeb53a353babee4c2ad6f12b337831bbbaf52c5983650e99a42abaacfdb9f4d6a04de3be3a512d187885106cdfcc4c1689a5595c49bd441bc56a53eb770a52e744177964638bf33f56ce4a91dcc003a9223d9747abc414590b71854d97f54ae2c7bb520a969491a5b1f005c566eac9d76e18d704e44e4c9fdffc06ca1b360105327259906d669347745a04d428b2a5c2da5e23f85ef2d02da6022bf9bbb4292b4b82bcb077f237", 0x7, 0x0, 0x7, &(0x7f00000003c0)="36d426922608a1214940a348067f49ef5a4d2096455f61a11dd81b0c0527ec1674ba4f30dbe32e7da22234e8cb9c6fe2169af82540e2e52f7391e8cc3662de9bd60f64967569142153cfe766dfc79b00e70cbf2ced9db314dd2c7ccb9c52d29ada52e587c23b324fb9a0939378550faad663c872f3cf571cf7e1a437eea1d673edc290a12a2d941d2e6e9b26840bf8423611d93270b74696a8d31d18442926c0be6dd278204adc60c01f", 0x0, 0x9}, 0x8}, 0x4, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'}) sendmsg$auto_OVS_DP_CMD_NEW(r3, 0x0, 0x2000000) ioctl$auto_SNDRV_PCM_IOCTL_STATUS322(0xffffffffffffffff, 0x806c4120, &(0x7f00000004c0)={0x0, 0xe, 0x95d7, 0x7f, 0x3, 0xfffffff2, 0x9, 0x3, 0x0, 0x7, 0xb, 0x8, 0x7, 0x2, 0x3, 0x1ff, 0x400, 0x80000000, "0c1056e3480805f935e214e44f620fa9eba8238cacc3d9e6fc45cf541e509fc2457ae4ae"}) adjtimex$auto(0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2fafc1, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x169000, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x0, 0x0) 879.710542ms ago: executing program 6 (id=1065): r0 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) getsockopt$auto_SO_TIMESTAMP_OLD(r1, 0x800, 0x1d, &(0x7f0000000040)='-{\x93(\x00', 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r1) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x7c, r2, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x1}, @NL80211_ATTR_SSID={0x9, 0x34, "23a270a064"}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x3d, 0x84, 0x0, 0x1, [@generic="976c3004dafb2269d4d6c2d914dc7d135b3cac7e24352e1d7ad090cb45d15d9df3b3a078e1decdcdc568d0ec8fb72cf3a2333d0425442171f9"]}, @NL80211_ATTR_BSS_SELECT={0x8, 0xe3, 0x0, 0x1, [@nested={0x4, 0x104}]}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x5}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000040) io_uring_setup$auto(0x6, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) io_uring_setup$auto(0x6, 0x0) r3 = socket(0x11, 0x80003, 0x304) getsockopt$auto(r3, 0xd, 0x80000200, 0x0, 0x0) ioctl$auto(0x3, 0x80044501, 0x10000000000402) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) mremap$auto(0x1ff000, 0xff, 0x843, 0x3, 0xfffff000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1ff000) r4 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) writev$auto(r4, &(0x7f0000000100)={0x0, 0x407114}, 0x8) write$auto_snd_seq_f_ops_seq_clientmgr(r0, &(0x7f00000000c0)="621c1bfe595046ab5c98199adf6ad9cdc5b2fc8d6d76e6021e1dcedc5f00e8fdffff00c291dfb4000001e49f34dc422231cf4d40d401d5f8", 0x38) 405.821756ms ago: executing program 2 (id=1066): mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) mlock$auto(0x7, 0x4) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x800, 0x8000003b) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bdi/43:192/strict_limit\x00', 0x82000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000007ec0)=""/254, 0xfe) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x541c, r2) clock_nanosleep$auto(0x8000a, 0x0, 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sendmsg$auto_NL80211_CMD_DEAUTHENTICATE(0xffffffffffffffff, 0x0, 0x20000080) madvise$auto(0x8080800000000000, 0x3, 0x6) madvise$auto(0x0, 0xf663, 0x15) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) 348.875947ms ago: executing program 6 (id=1067): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x121d02, 0x0) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x622340, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000002180), 0x100, 0x0) eventfd$auto(0x3) pipe$auto(0x0) socket(0xa, 0x2, 0x88) socketpair$auto(0x1e, 0x1, 0x4, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, r0, 0x8000) ioctl$auto_TCFLSH2(r1, 0x80044704, 0x0) 146.400837ms ago: executing program 5 (id=1068): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D3\x00', 0x20c00, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) wait4$auto(0x80000000, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/loop10/queue/add_random\x00', 0x80302, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) select$auto(0x7, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x1, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x90000001, 0x3, 0x1, 0x5, 0x5, 0x2]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) ioctl$auto(0xffffffffffffffff, 0x400454cb, 0x5) mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket(0x10, 0x2, 0x15) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r2, 0x0, 0x40040) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, 0x0, 0xc800) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x7, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 0s ago: executing program 6 (id=1069): mmap$auto(0x0, 0x400008, 0x4, 0x40009b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x89, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0xfffffffffffffffc, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) unshare$auto(0x8000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) setsockopt$auto(0x400000000000003, 0x29, 0xd4, 0x0, 0x4) shmget$auto(0x0, 0xfffffffffeffffff, 0x69c2) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) mmap$auto(0x0, 0x20009, 0xfffffffffffffffd, 0xeb2, 0x8, 0x1008000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r1, 0x5420, 0x0) r2 = socket(0x2b, 0x1, 0x1) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001480)={'veth0_virt_wifi\x00'}) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)="b38fc65a6042f2dc99df8ce9af2a56fcfe744238519bceaee0") remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x2}, 0x6f4) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) kernel console output (not intermixed with test programs): process `syz.1.369'. [ 254.402875][ T7693] netlink: 'syz.1.369': attribute type 1 has an invalid length. [ 254.410611][ T7693] netlink: 342 bytes leftover after parsing attributes in process `syz.1.369'. [ 256.739911][ T7715] FAULT_INJECTION: forcing a failure. [ 256.739911][ T7715] name failslab, interval 1, probability 0, space 0, times 0 [ 256.843366][ T7715] CPU: 0 UID: 0 PID: 7715 Comm: syz.2.375 Not tainted syzkaller #0 PREEMPT(full) [ 256.843399][ T7715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 256.843413][ T7715] Call Trace: [ 256.843420][ T7715] [ 256.843429][ T7715] dump_stack_lvl+0x16c/0x1f0 [ 256.843470][ T7715] should_fail_ex+0x512/0x640 [ 256.843509][ T7715] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 256.843545][ T7715] should_failslab+0xc2/0x120 [ 256.843578][ T7715] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 256.843611][ T7715] ? trace_kmalloc+0x2b/0xd0 [ 256.843644][ T7715] ? ipv6_route_sysctl_init+0x28/0x2e0 [ 256.843673][ T7715] kmemdup_noprof+0x29/0x60 [ 256.843704][ T7715] ipv6_route_sysctl_init+0x28/0x2e0 [ 256.843729][ T7715] ipv6_sysctl_net_init+0x9a/0x2b0 [ 256.843763][ T7715] ? __pfx_ipv6_sysctl_net_init+0x10/0x10 [ 256.843796][ T7715] ops_init+0x1e2/0x5f0 [ 256.843821][ T7715] setup_net+0x10f/0x380 [ 256.843840][ T7715] ? lockdep_init_map_type+0x5c/0x280 [ 256.843876][ T7715] ? __pfx_setup_net+0x10/0x10 [ 256.843898][ T7715] ? debug_mutex_init+0x37/0x70 [ 256.843925][ T7715] copy_net_ns+0x2a6/0x5f0 [ 256.843953][ T7715] create_new_namespaces+0x3ea/0xa90 [ 256.843988][ T7715] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 256.844019][ T7715] ksys_unshare+0x45b/0xa40 [ 256.844054][ T7715] ? __pfx_ksys_unshare+0x10/0x10 [ 256.844096][ T7715] ? xfd_validate_state+0x61/0x180 [ 256.844141][ T7715] __x64_sys_unshare+0x31/0x40 [ 256.844173][ T7715] do_syscall_64+0xcd/0x4c0 [ 256.844213][ T7715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.844237][ T7715] RIP: 0033:0x7fd6ff38eba9 [ 256.844255][ T7715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.844278][ T7715] RSP: 002b:00007fd700212038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 256.844300][ T7715] RAX: ffffffffffffffda RBX: 00007fd6ff5d5fa0 RCX: 00007fd6ff38eba9 [ 256.844316][ T7715] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 256.844330][ T7715] RBP: 00007fd6ff411e19 R08: 0000000000000000 R09: 0000000000000000 [ 256.844344][ T7715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 256.844358][ T7715] R13: 00007fd6ff5d6038 R14: 00007fd6ff5d5fa0 R15: 00007fff8c4ee478 [ 256.844388][ T7715] [ 261.470934][ T7710] kexec: Could not allocate control_code_buffer [ 263.133595][ T7767] sg_write: data in/out 2359516/158 bytes for SCSI command 0x0-- guessing data in; [ 263.133595][ T7767] program syz.2.386 not setting count and/or reply_len properly [ 265.491994][ T7783] FAULT_INJECTION: forcing a failure. [ 265.491994][ T7783] name failslab, interval 1, probability 0, space 0, times 0 [ 265.653403][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 265.659727][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 265.808090][ T7783] CPU: 0 UID: 0 PID: 7783 Comm: syz.1.389 Not tainted syzkaller #0 PREEMPT(full) [ 265.808122][ T7783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 265.808136][ T7783] Call Trace: [ 265.808145][ T7783] [ 265.808153][ T7783] dump_stack_lvl+0x16c/0x1f0 [ 265.808195][ T7783] should_fail_ex+0x512/0x640 [ 265.808243][ T7783] ? fs_reclaim_acquire+0xae/0x150 [ 265.808283][ T7783] should_failslab+0xc2/0x120 [ 265.808315][ T7783] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 265.808344][ T7783] ? security_inode_alloc+0x3b/0x2b0 [ 265.808376][ T7783] security_inode_alloc+0x3b/0x2b0 [ 265.808404][ T7783] inode_init_always_gfp+0xce4/0x1030 [ 265.808436][ T7783] alloc_inode+0x86/0x240 [ 265.808471][ T7783] sock_alloc+0x40/0x280 [ 265.808495][ T7783] __sock_create+0xc1/0x8d0 [ 265.808527][ T7783] inet_ctl_sock_create+0x94/0x230 [ 265.808556][ T7783] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 265.808587][ T7783] ? __asan_memcpy+0x3c/0x60 [ 265.808612][ T7783] ? __pfx_tcpv6_net_init+0x10/0x10 [ 265.808640][ T7783] tcpv6_net_init+0x31/0xc0 [ 265.808668][ T7783] ops_init+0x1e2/0x5f0 [ 265.808692][ T7783] setup_net+0x10f/0x380 [ 265.808711][ T7783] ? lockdep_init_map_type+0x5c/0x280 [ 265.808746][ T7783] ? __pfx_setup_net+0x10/0x10 [ 265.808769][ T7783] ? debug_mutex_init+0x37/0x70 [ 265.808797][ T7783] copy_net_ns+0x2a6/0x5f0 [ 265.808825][ T7783] create_new_namespaces+0x3ea/0xa90 [ 265.808860][ T7783] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 265.808891][ T7783] ksys_unshare+0x45b/0xa40 [ 265.808925][ T7783] ? __pfx_ksys_unshare+0x10/0x10 [ 265.808960][ T7783] ? xfd_validate_state+0x61/0x180 [ 265.809005][ T7783] __x64_sys_unshare+0x31/0x40 [ 265.809038][ T7783] do_syscall_64+0xcd/0x4c0 [ 265.809078][ T7783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.809106][ T7783] RIP: 0033:0x7f183698eba9 [ 265.809124][ T7783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.809146][ T7783] RSP: 002b:00007f1834bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 265.809168][ T7783] RAX: ffffffffffffffda RBX: 00007f1836bd5fa0 RCX: 00007f183698eba9 [ 265.809183][ T7783] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 265.809197][ T7783] RBP: 00007f1836a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 265.809217][ T7783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.809231][ T7783] R13: 00007f1836bd6038 R14: 00007f1836bd5fa0 R15: 00007fffc6c5f4e8 [ 265.809261][ T7783] [ 265.809509][ T7783] socket: no more sockets [ 268.203913][ T7806] binder: 7805:7806 ioctl c018620c 0 returned -22 [ 271.097102][ T7835] FAULT_INJECTION: forcing a failure. [ 271.097102][ T7835] name failslab, interval 1, probability 0, space 0, times 0 [ 271.205902][ T7835] CPU: 0 UID: 0 PID: 7835 Comm: syz.2.400 Not tainted syzkaller #0 PREEMPT(full) [ 271.205935][ T7835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 271.205950][ T7835] Call Trace: [ 271.205957][ T7835] [ 271.205966][ T7835] dump_stack_lvl+0x16c/0x1f0 [ 271.206008][ T7835] should_fail_ex+0x512/0x640 [ 271.206045][ T7835] ? fs_reclaim_acquire+0xae/0x150 [ 271.206084][ T7835] should_failslab+0xc2/0x120 [ 271.206116][ T7835] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 271.206146][ T7835] ? __kernfs_new_node+0xd2/0x8e0 [ 271.206180][ T7835] __kernfs_new_node+0xd2/0x8e0 [ 271.206214][ T7835] ? __pfx___kernfs_new_node+0x10/0x10 [ 271.206252][ T7835] ? find_held_lock+0x2b/0x80 [ 271.206277][ T7835] ? kernfs_root+0xee/0x2a0 [ 271.206312][ T7835] kernfs_new_node+0x13c/0x1e0 [ 271.206353][ T7835] kernfs_create_link+0xcc/0x240 [ 271.206379][ T7835] sysfs_do_create_link_sd+0x90/0x140 [ 271.206412][ T7835] sysfs_create_link+0x61/0xc0 [ 271.206441][ T7835] device_add+0xb14/0x1aa0 [ 271.206469][ T7835] ? __pfx_device_add+0x10/0x10 [ 271.206493][ T7835] ? __pfx___might_resched+0x10/0x10 [ 271.206515][ T7835] ? lockdep_hardirqs_on+0x7c/0x110 [ 271.206560][ T7835] __add_disk+0x457/0xf00 [ 271.206602][ T7835] add_disk_fwnode+0x13f/0x5d0 [ 271.206642][ T7835] loop_add+0x903/0xb70 [ 271.206672][ T7835] ? __pfx_loop_add+0x10/0x10 [ 271.206721][ T7835] ? find_held_lock+0x2b/0x80 [ 271.206748][ T7835] loop_control_ioctl+0x13e/0x630 [ 271.206787][ T7835] ? __pfx_loop_control_ioctl+0x10/0x10 [ 271.206822][ T7835] ? __pfx_loop_control_ioctl+0x10/0x10 [ 271.206853][ T7835] __x64_sys_ioctl+0x18e/0x210 [ 271.206894][ T7835] do_syscall_64+0xcd/0x4c0 [ 271.206934][ T7835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.206958][ T7835] RIP: 0033:0x7fd6ff38eba9 [ 271.206977][ T7835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.207000][ T7835] RSP: 002b:00007fd7001f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 271.207022][ T7835] RAX: ffffffffffffffda RBX: 00007fd6ff5d6090 RCX: 00007fd6ff38eba9 [ 271.207037][ T7835] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000009 [ 271.207052][ T7835] RBP: 00007fd6ff411e19 R08: 0000000000000000 R09: 0000000000000000 [ 271.207066][ T7835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 271.207080][ T7835] R13: 00007fd6ff5d6128 R14: 00007fd6ff5d6090 R15: 00007fff8c4ee478 [ 271.207110][ T7835] [ 273.849071][ T7847] netlink: 25 bytes leftover after parsing attributes in process `syz.2.404'. [ 280.655323][ T7904] random: crng reseeded on system resumption [ 281.183363][ T7912] FAULT_INJECTION: forcing a failure. [ 281.183363][ T7912] name fail_futex, interval 1, probability 0, space 0, times 1 [ 281.303284][ T7912] CPU: 0 UID: 0 PID: 7912 Comm: syz.1.414 Not tainted syzkaller #0 PREEMPT(full) [ 281.303317][ T7912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 281.303331][ T7912] Call Trace: [ 281.303338][ T7912] [ 281.303347][ T7912] dump_stack_lvl+0x16c/0x1f0 [ 281.303390][ T7912] should_fail_ex+0x512/0x640 [ 281.303434][ T7912] get_futex_key+0x1d0/0x1560 [ 281.303468][ T7912] ? __pfx_get_futex_key+0x10/0x10 [ 281.303507][ T7912] futex_wake+0xea/0x530 [ 281.303545][ T7912] ? __pfx_futex_wake+0x10/0x10 [ 281.303581][ T7912] ? rcu_is_watching+0x12/0xc0 [ 281.303617][ T7912] do_futex+0x1e3/0x350 [ 281.303649][ T7912] ? __pfx_do_futex+0x10/0x10 [ 281.303682][ T7912] ? __pfx___might_resched+0x10/0x10 [ 281.303710][ T7912] __x64_sys_futex+0x1e0/0x4c0 [ 281.303743][ T7912] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 281.303778][ T7912] ? __pfx___x64_sys_futex+0x10/0x10 [ 281.303810][ T7912] ? __pfx___do_sys_close_range+0x10/0x10 [ 281.303849][ T7912] do_syscall_64+0xcd/0x4c0 [ 281.303898][ T7912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.303923][ T7912] RIP: 0033:0x7f183698eba9 [ 281.303941][ T7912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.303964][ T7912] RSP: 002b:00007f1834bb40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 281.303986][ T7912] RAX: ffffffffffffffda RBX: 00007f1836bd6188 RCX: 00007f183698eba9 [ 281.304002][ T7912] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1836bd618c [ 281.304016][ T7912] RBP: 00007f1836bd6180 R08: 00007f1837710000 R09: 0000000000000000 [ 281.304031][ T7912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 281.304045][ T7912] R13: 00007f1836bd6218 R14: 00007fffc6c5f400 R15: 00007fffc6c5f4e8 [ 281.304074][ T7912] [ 281.722211][ T7892] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 285.326607][ T7930] netlink: 28 bytes leftover after parsing attributes in process `syz.3.419'. [ 285.479069][ T7930] veth0_macvtap: left promiscuous mode [ 285.562544][ T7930] macvtap0: entered promiscuous mode [ 285.614416][ T7930] macvtap0: entered allmulticast mode [ 286.646443][ T7937] FAULT_INJECTION: forcing a failure. [ 286.646443][ T7937] name failslab, interval 1, probability 0, space 0, times 0 [ 286.753136][ T7937] CPU: 0 UID: 0 PID: 7937 Comm: syz.1.422 Not tainted syzkaller #0 PREEMPT(full) [ 286.753168][ T7937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 286.753183][ T7937] Call Trace: [ 286.753191][ T7937] [ 286.753199][ T7937] dump_stack_lvl+0x16c/0x1f0 [ 286.753242][ T7937] should_fail_ex+0x512/0x640 [ 286.753280][ T7937] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 286.753308][ T7937] should_failslab+0xc2/0x120 [ 286.753340][ T7937] __kmalloc_cache_noprof+0x6a/0x3e0 [ 286.753365][ T7937] ? devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 286.753408][ T7937] devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 286.753450][ T7937] devlink_fmsg_u64_pair_put+0x284/0x2f0 [ 286.753473][ T7937] ? __pfx_devlink_fmsg_u64_pair_put+0x10/0x10 [ 286.753500][ T7937] ? devlink_fmsg_nest_common.part.0+0xcd/0x1e0 [ 286.753544][ T7937] nsim_dev_dummy_fmsg_put+0x61/0x1e0 [ 286.753583][ T7937] devlink_health_do_dump+0x243/0x620 [ 286.753611][ T7937] devlink_health_report+0x3c9/0x9c0 [ 286.753647][ T7937] ? __pfx_devlink_health_report+0x10/0x10 [ 286.753672][ T7937] ? _copy_from_user+0x59/0xd0 [ 286.753701][ T7937] nsim_dev_health_break_write+0x166/0x210 [ 286.753738][ T7937] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 286.753785][ T7937] full_proxy_write+0x131/0x1a0 [ 286.753825][ T7937] ? __pfx_full_proxy_write+0x10/0x10 [ 286.753861][ T7937] vfs_write+0x2a0/0x11d0 [ 286.753893][ T7937] ? __pfx___mutex_lock+0x10/0x10 [ 286.753930][ T7937] ? __pfx_vfs_write+0x10/0x10 [ 286.753966][ T7937] ? __fget_files+0x20e/0x3c0 [ 286.754000][ T7937] ksys_write+0x12a/0x250 [ 286.754028][ T7937] ? __pfx_ksys_write+0x10/0x10 [ 286.754065][ T7937] do_syscall_64+0xcd/0x4c0 [ 286.754105][ T7937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.754129][ T7937] RIP: 0033:0x7f183698eba9 [ 286.754148][ T7937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.754175][ T7937] RSP: 002b:00007f1834bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 286.754197][ T7937] RAX: ffffffffffffffda RBX: 00007f1836bd5fa0 RCX: 00007f183698eba9 [ 286.754213][ T7937] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000008 [ 286.754226][ T7937] RBP: 00007f1836a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 286.754240][ T7937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.754254][ T7937] R13: 00007f1836bd6038 R14: 00007f1836bd5fa0 R15: 00007fffc6c5f4e8 [ 286.754284][ T7937] [ 290.064045][ T7964] zswap: compressor ϋ not available [ 290.735118][ T7977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.427'. [ 291.798320][ T7989] __vm_enough_memory: pid: 7989, comm: syz.1.430, bytes: 4398046511104 not enough memory for the allocation [ 295.557450][ T8023] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 295.887347][ T8027] ima: policy update failed [ 295.930376][ T30] audit: type=1802 audit(4294967430.047:4): pid=8027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.440" res=0 errno=0 [ 295.956217][ T8027] netlink: 25 bytes leftover after parsing attributes in process `syz.2.440'. [ 296.380414][ T8035] syz.0.444 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 298.749590][ T8047] writing to auto_msgmni has no effect [ 304.318696][ T8096] ubi: mtd0 is already attached to ubi0 [ 305.883809][ T8114] FAULT_INJECTION: forcing a failure. [ 305.883809][ T8114] name failslab, interval 1, probability 0, space 0, times 0 [ 306.417399][ T8114] CPU: 0 UID: 0 PID: 8114 Comm: syz.1.459 Not tainted syzkaller #0 PREEMPT(full) [ 306.417432][ T8114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 306.417458][ T8114] Call Trace: [ 306.417469][ T8114] [ 306.417478][ T8114] dump_stack_lvl+0x16c/0x1f0 [ 306.417521][ T8114] should_fail_ex+0x512/0x640 [ 306.417559][ T8114] ? __kmalloc_noprof+0xbf/0x510 [ 306.417589][ T8114] ? handler_new_ref+0x1b0/0xc60 [ 306.417612][ T8114] should_failslab+0xc2/0x120 [ 306.417651][ T8114] __kmalloc_noprof+0xd2/0x510 [ 306.417679][ T8114] ? __asan_memcpy+0x3c/0x60 [ 306.417709][ T8114] handler_new_ref+0x1b0/0xc60 [ 306.417738][ T8114] v4l2_ctrl_new+0x1963/0x2180 [ 306.417771][ T8114] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 306.417801][ T8114] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 306.417841][ T8114] v4l2_ctrl_new_std+0x1be/0x290 [ 306.417872][ T8114] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 306.417898][ T8114] ? rcu_is_watching+0x12/0xc0 [ 306.417922][ T8114] ? trace_kmalloc+0x2b/0xd0 [ 306.417954][ T8114] ? __kvmalloc_node_noprof+0x298/0x620 [ 306.417981][ T8114] ? v4l2_ctrl_handler_init_class+0x1fc/0x340 [ 306.418023][ T8114] ? media_request_object_init+0x100/0x180 [ 306.418054][ T8114] vicodec_open+0x1d0/0xf90 [ 306.418091][ T8114] v4l2_open+0x222/0x490 [ 306.418125][ T8114] ? __pfx_v4l2_open+0x10/0x10 [ 306.418158][ T8114] chrdev_open+0x234/0x6a0 [ 306.418189][ T8114] ? __pfx_apparmor_file_open+0x10/0x10 [ 306.418216][ T8114] ? __pfx_chrdev_open+0x10/0x10 [ 306.418248][ T8114] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 306.418281][ T8114] do_dentry_open+0x982/0x1530 [ 306.418311][ T8114] ? __pfx_chrdev_open+0x10/0x10 [ 306.418348][ T8114] vfs_open+0x82/0x3f0 [ 306.418387][ T8114] path_openat+0x1de4/0x2cb0 [ 306.418426][ T8114] ? __pfx_path_openat+0x10/0x10 [ 306.418462][ T8114] do_filp_open+0x20b/0x470 [ 306.418491][ T8114] ? __pfx_do_filp_open+0x10/0x10 [ 306.418541][ T8114] ? alloc_fd+0x471/0x7d0 [ 306.418574][ T8114] do_sys_openat2+0x11b/0x1d0 [ 306.418611][ T8114] ? __pfx_do_sys_openat2+0x10/0x10 [ 306.418670][ T8114] __x64_sys_openat+0x174/0x210 [ 306.418691][ T8114] ? __pfx___x64_sys_openat+0x10/0x10 [ 306.418725][ T8114] do_syscall_64+0xcd/0x4c0 [ 306.418764][ T8114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.418789][ T8114] RIP: 0033:0x7f183698eba9 [ 306.418808][ T8114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.418830][ T8114] RSP: 002b:00007f1834bb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 306.418853][ T8114] RAX: ffffffffffffffda RBX: 00007f1836bd6180 RCX: 00007f183698eba9 [ 306.418869][ T8114] RDX: 00000000000c0400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 306.418884][ T8114] RBP: 00007f1836a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 306.418898][ T8114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 306.418912][ T8114] R13: 00007f1836bd6218 R14: 00007f1836bd6180 R15: 00007fffc6c5f4e8 [ 306.418941][ T8114] [ 308.345605][ T8140] __vm_enough_memory: pid: 8140, comm: syz.0.464, bytes: 4398046511104 not enough memory for the allocation [ 308.401726][ T8138] FAULT_INJECTION: forcing a failure. [ 308.401726][ T8138] name failslab, interval 1, probability 0, space 0, times 0 [ 308.528384][ T8138] CPU: 0 UID: 0 PID: 8138 Comm: syz.2.466 Not tainted syzkaller #0 PREEMPT(full) [ 308.528418][ T8138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 308.528441][ T8138] Call Trace: [ 308.528450][ T8138] [ 308.528458][ T8138] dump_stack_lvl+0x16c/0x1f0 [ 308.528501][ T8138] should_fail_ex+0x512/0x640 [ 308.528538][ T8138] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 308.528570][ T8138] should_failslab+0xc2/0x120 [ 308.528603][ T8138] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 308.528632][ T8138] ? sk_prot_alloc+0x60/0x2a0 [ 308.528660][ T8138] sk_prot_alloc+0x60/0x2a0 [ 308.528687][ T8138] sk_alloc+0x36/0xc20 [ 308.528721][ T8138] unix_create1+0xa6/0x700 [ 308.528758][ T8138] unix_create+0x110/0x270 [ 308.528793][ T8138] __sock_create+0x338/0x8d0 [ 308.528826][ T8138] __sys_socketpair+0x25c/0x5a0 [ 308.528858][ T8138] ? __pfx___sys_socketpair+0x10/0x10 [ 308.528886][ T8138] ? __sys_socket+0xac/0x260 [ 308.528916][ T8138] ? xfd_validate_state+0x61/0x180 [ 308.528950][ T8138] ? __pfx___do_sys_close_range+0x10/0x10 [ 308.528985][ T8138] __x64_sys_socketpair+0x96/0x100 [ 308.529014][ T8138] ? lockdep_hardirqs_on+0x7c/0x110 [ 308.529067][ T8138] do_syscall_64+0xcd/0x4c0 [ 308.529107][ T8138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.529131][ T8138] RIP: 0033:0x7fd6ff38eba9 [ 308.529149][ T8138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.529172][ T8138] RSP: 002b:00007fd700212038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 308.529195][ T8138] RAX: ffffffffffffffda RBX: 00007fd6ff5d5fa0 RCX: 00007fd6ff38eba9 [ 308.529210][ T8138] RDX: 8000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 308.529225][ T8138] RBP: 00007fd6ff411e19 R08: 0000000000000000 R09: 0000000000000000 [ 308.529239][ T8138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 308.529252][ T8138] R13: 00007fd6ff5d6038 R14: 00007fd6ff5d5fa0 R15: 00007fff8c4ee478 [ 308.529281][ T8138] [ 309.184536][ T8139] ima: policy update failed [ 309.267398][ T30] audit: type=1802 audit(4294967443.416:5): pid=8139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.465" res=0 errno=0 [ 313.778289][ T30] audit: type=1800 audit(4294967448.000:6): pid=8183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.475" name="dbroot" dev="configfs" ino=34601 res=0 errno=0 [ 314.469546][ T8194] netlink: zone id is out of range [ 314.506542][ T8196] __vm_enough_memory: pid: 8196, comm: syz.3.478, bytes: 4398046511104 not enough memory for the allocation [ 314.526405][ T8194] netlink: zone id is out of range [ 314.552554][ T8194] netlink: zone id is out of range [ 314.620763][ T8194] netlink: zone id is out of range [ 314.770377][ T8194] netlink: zone id is out of range [ 314.885823][ T8194] netlink: zone id is out of range [ 314.959330][ T8194] netlink: zone id is out of range [ 315.092211][ T8194] netlink: zone id is out of range [ 315.176352][ T8194] netlink: zone id is out of range [ 315.316057][ T8194] netlink: zone id is out of range [ 317.663630][ T8233] ima: policy update failed [ 317.732507][ T30] audit: type=1802 audit(4294967451.971:7): pid=8233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.486" res=0 errno=0 [ 319.114561][ T8244] zswap: compressor not available [ 319.195038][ T8248] Setting dangerous option i915.mitigations - tainting kernel [ 320.129183][ T8263] __vm_enough_memory: pid: 8263, comm: syz.1.491, bytes: 4398046511104 not enough memory for the allocation [ 321.505307][ T8279] netlink: 296 bytes leftover after parsing attributes in process `syz.2.494'. [ 322.095113][ T8286] netlink: 326 bytes leftover after parsing attributes in process `syz.2.496'. [ 324.569113][ T8321] netlink: 8 bytes leftover after parsing attributes in process `syz.3.504'. [ 326.482189][ T8342] __vm_enough_memory: pid: 8342, comm: syz.2.507, bytes: 4398046511104 not enough memory for the allocation [ 326.598988][ T8344] netlink: 28 bytes leftover after parsing attributes in process `syz.0.509'. [ 326.656557][ T8344] geneve1: entered promiscuous mode [ 326.661835][ T8344] geneve1: entered allmulticast mode [ 326.726606][ T8347] netlink: 28 bytes leftover after parsing attributes in process `syz.0.509'. [ 326.770968][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 326.779658][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 327.755433][ T8355] netlink: 28 bytes leftover after parsing attributes in process `syz.0.510'. [ 332.058983][ T8393] vivid-003: ================= START STATUS ================= [ 332.066684][ T8393] vivid-003: Radio HW Seek Mode: Bounded [ 332.243576][ T8393] vivid-003: Radio Programmable HW Seek: false [ 332.444549][ T8393] vivid-003: RDS Rx I/O Mode: Block I/O [ 332.592134][ T8393] vivid-003: Generate RBDS Instead of RDS: false [ 332.746923][ T8393] vivid-003: RDS Reception: true [ 333.006834][ T8393] vivid-003: RDS Program Type: 0 inactive [ 333.092205][ T8393] vivid-003: RDS PS Name: inactive [ 333.203946][ T8393] vivid-003: RDS Radio Text: inactive [ 333.270591][ T8393] vivid-003: RDS Traffic Announcement: false inactive [ 333.406314][ T8393] vivid-003: RDS Traffic Program: false inactive [ 333.525110][ T8393] vivid-003: RDS Music: false inactive [ 333.606442][ T8393] vivid-003: ================== END STATUS ================== [ 335.535114][ T8420] bond0: option arp_interval: invalid value () [ 335.621207][ T8420] bond0: option arp_interval: allowed values 0 - 2147483647 [ 337.375141][ T8442] tipc: Started in network mode [ 337.382716][ T8442] tipc: Node identity ee00, cluster identity 4711 [ 337.441056][ T8442] tipc: Node number set to 60928 [ 337.530389][ T8442] Process accounting resumed [ 339.245483][ T8466] nvme_fabrics: missing parameter 'transport=%s' [ 339.317323][ T8466] nvme_fabrics: missing parameter 'nqn=%s' [ 339.623527][ T8477] vivid-007: ================= START STATUS ================= [ 339.708781][ T8477] vivid-007: Generate PTS: true [ 339.757357][ T8477] vivid-007: Generate SCR: true [ 339.800283][ T8477] tpg source WxH: 320x240 (Y'CbCr) [ 339.886395][ T8477] tpg field: 1 [ 339.967061][ T8477] tpg crop: (0,0)/320x240 [ 340.076324][ T8477] tpg compose: (0,0)/320x240 [ 340.145553][ T8477] tpg colorspace: 8 [ 340.186794][ T8477] tpg transfer function: 0/0 [ 340.250366][ T8477] tpg Y'CbCr encoding: 0/0 [ 340.299300][ T8477] tpg quantization: 0/0 [ 340.344750][ T8477] tpg RGB range: 0/2 [ 340.459099][ T8477] vivid-007: ================== END STATUS ================== [ 341.572816][ T8502] Invalid ELF header magic: != ELF [ 342.920387][ T8530] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 343.086674][ T8529] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 343.365120][ T8537] binder: 8534:8537 ioctl 400c620e 0 returned -22 [ 345.318617][ T30] audit: type=1800 audit(4294967479.694:8): pid=8566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.544" name="dbroot" dev="configfs" ino=41883 res=0 errno=0 [ 349.115286][ T8600] syz.2.551: vmalloc error: size 8192, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 349.202256][ T8602] netlink: 4 bytes leftover after parsing attributes in process `syz.1.552'. [ 349.259326][ T8600] CPU: 0 UID: 0 PID: 8600 Comm: syz.2.551 Tainted: G U syzkaller #0 PREEMPT(full) [ 349.259366][ T8600] Tainted: [U]=USER [ 349.259373][ T8600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 349.259388][ T8600] Call Trace: [ 349.259396][ T8600] [ 349.259405][ T8600] dump_stack_lvl+0x16c/0x1f0 [ 349.259449][ T8600] warn_alloc+0x248/0x3a0 [ 349.259480][ T8600] ? __pfx_warn_alloc+0x10/0x10 [ 349.259511][ T8600] ? alloc_pages_mpol+0x25a/0x550 [ 349.259553][ T8600] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 349.259588][ T8600] ? trace_kmalloc+0x2b/0xd0 [ 349.259632][ T8600] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 349.259668][ T8600] ? n_tty_open+0x1a/0x170 [ 349.259701][ T8600] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 349.259741][ T8600] ? find_held_lock+0x2b/0x80 [ 349.259767][ T8600] ? n_tty_open+0x12b/0x170 [ 349.259793][ T8600] ? n_tty_open+0x1a/0x170 [ 349.259817][ T8600] __vmalloc_node_noprof+0xad/0xf0 [ 349.259849][ T8600] ? n_tty_open+0x1a/0x170 [ 349.259873][ T8600] ? __pfx_n_tty_open+0x10/0x10 [ 349.259899][ T8600] n_tty_open+0x1a/0x170 [ 349.259923][ T8600] ? __pfx_n_tty_open+0x10/0x10 [ 349.259946][ T8600] tty_ldisc_open+0x9f/0x120 [ 349.259980][ T8600] tty_ldisc_setup+0x87/0x100 [ 349.260015][ T8600] tty_init_dev.part.0+0x1ec/0x500 [ 349.260041][ T8600] tty_init_dev+0x60/0x80 [ 349.260063][ T8600] ? __pfx_ptmx_open+0x10/0x10 [ 349.260092][ T8600] ptmx_open+0x10d/0x360 [ 349.260122][ T8600] ? __pfx_ptmx_open+0x10/0x10 [ 349.260152][ T8600] chrdev_open+0x234/0x6a0 [ 349.260184][ T8600] ? __pfx_apparmor_file_open+0x10/0x10 [ 349.260212][ T8600] ? __pfx_chrdev_open+0x10/0x10 [ 349.260246][ T8600] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 349.260280][ T8600] do_dentry_open+0x982/0x1530 [ 349.260312][ T8600] ? __pfx_chrdev_open+0x10/0x10 [ 349.260350][ T8600] vfs_open+0x82/0x3f0 [ 349.260391][ T8600] path_openat+0x1de4/0x2cb0 [ 349.260431][ T8600] ? __pfx_path_openat+0x10/0x10 [ 349.260469][ T8600] do_filp_open+0x20b/0x470 [ 349.260499][ T8600] ? __pfx_do_filp_open+0x10/0x10 [ 349.260563][ T8600] ? alloc_fd+0x471/0x7d0 [ 349.260598][ T8600] do_sys_openat2+0x11b/0x1d0 [ 349.260634][ T8600] ? __pfx_do_sys_openat2+0x10/0x10 [ 349.260673][ T8600] ? __pfx___might_resched+0x10/0x10 [ 349.260705][ T8600] __x64_sys_openat+0x174/0x210 [ 349.260734][ T8600] ? __pfx___x64_sys_openat+0x10/0x10 [ 349.260767][ T8600] do_syscall_64+0xcd/0x4c0 [ 349.260809][ T8600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.260834][ T8600] RIP: 0033:0x7fd6ff38eba9 [ 349.260853][ T8600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.260875][ T8600] RSP: 002b:00007fd700212038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 349.260898][ T8600] RAX: ffffffffffffffda RBX: 00007fd6ff5d5fa0 RCX: 00007fd6ff38eba9 [ 349.260914][ T8600] RDX: 0000000000040001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 349.260929][ T8600] RBP: 00007fd6ff411e19 R08: 0000000000000000 R09: 0000000000000000 [ 349.260943][ T8600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 349.260957][ T8600] R13: 00007fd6ff5d6038 R14: 00007fd6ff5d5fa0 R15: 00007fff8c4ee478 [ 349.260987][ T8600] [ 349.630872][ T8600] Mem-Info: [ 349.634134][ T8600] active_anon:13210 inactive_anon:28 isolated_anon:0 [ 349.634134][ T8600] active_file:3943 inactive_file:47382 isolated_file:0 [ 349.634134][ T8600] unevictable:768 dirty:527 writeback:0 [ 349.634134][ T8600] slab_reclaimable:11931 slab_unreclaimable:92292 [ 349.634134][ T8600] mapped:25621 shmem:1356 pagetables:1097 [ 349.634134][ T8600] sec_pagetables:0 bounce:0 [ 349.634134][ T8600] kernel_misc_reclaimable:0 [ 349.634134][ T8600] free:1321834 free_pcp:15307 free_cma:0 [ 349.691612][ T8600] Node 0 active_anon:52840kB inactive_anon:112kB active_file:15772kB inactive_file:189328kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102484kB dirty:2108kB writeback:0kB shmem:3888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11152kB pagetables:4224kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 349.725334][ T8600] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 349.755705][ T8600] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 349.786534][ T8600] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 349.792734][ T8600] Node 0 DMA32 free:1380900kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52792kB inactive_anon:112kB active_file:15772kB inactive_file:187996kB unevictable:1536kB writepending:2108kB present:3129332kB managed:2539536kB mlocked:0kB bounce:0kB free_pcp:42324kB local_pcp:42324kB free_cma:0kB [ 349.827798][ T8600] lowmem_reserve[]: 0 0 1 1 1 [ 349.832649][ T8600] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1332kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 349.861973][ T8600] lowmem_reserve[]: 0 0 0 0 0 [ 349.866852][ T8600] Node 1 Normal free:3891068kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:18928kB local_pcp:18928kB free_cma:0kB [ 349.900857][ T8600] lowmem_reserve[]: 0 0 0 0 0 [ 349.907059][ T8600] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 349.920211][ T8600] Node 0 DMA32: 1883*4kB (UME) 1503*8kB (UME) 920*16kB (UME) 1344*32kB (UME) 729*64kB (UME) 390*128kB (UME) 169*256kB (UM) 81*512kB (UM) 34*1024kB (UME) 5*2048kB (UM) 263*4096kB (UM) = 1380900kB [ 349.964233][ T8600] Node 0 Normal: 2*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 349.990468][ T8600] Node 1 Normal: 8*4kB (UME) 35*8kB (UE) 41*16kB (UE) 159*32kB (UE) 10*64kB (U) 5*128kB (UME) 3*256kB (UE) 2*512kB (UE) 3*1024kB (U) 2*2048kB (UE) 946*4096kB (UM) = 3891112kB [ 350.030683][ T8600] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 350.050610][ T8600] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 350.095357][ T8600] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 350.115089][ T8600] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 350.135390][ T8600] 52696 total pagecache pages [ 350.140113][ T8600] 19 pages in swap cache [ 350.155548][ T8600] Free swap = 124920kB [ 350.169147][ T8600] Total swap = 124996kB [ 350.179218][ T8600] 2097051 pages RAM [ 350.189297][ T8600] 0 pages HighMem/MovableOnly [ 350.199435][ T8600] 430205 pages reserved [ 350.209502][ T8600] 0 pages cma reserved [ 350.216419][ T8600] ptm ptm1: ldisc open failed (-12), clearing slot 1 [ 351.803467][ T8614] vivid-007: ================= START STATUS ================= [ 351.903720][ T8614] vivid-007: Enable Output Cropping: true [ 352.018235][ T8614] vivid-007: Enable Output Composing: true [ 352.108351][ T8614] vivid-007: Enable Output Scaler: true [ 352.139194][ T8614] vivid-007: Tx RGB Quantization Range: Automatic [ 352.186890][ T8614] vivid-007: Transmit Mode: HDMI [ 352.244999][ T8614] vivid-007: Hotplug Present: 0x00000000 [ 352.271120][ T8614] vivid-007: RxSense Present: 0x00000000 [ 352.319133][ T8614] vivid-007: EDID Present: 0x00000000 [ 352.364792][ T8614] vivid-007: ================== END STATUS ================== [ 352.471762][ T8605] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 352.614889][ T8605] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 352.762910][ T8605] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 352.887555][ T8605] page_type: f5(slab) [ 352.981218][ T8605] raw: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001 [ 353.111116][ T8605] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 353.255816][ T8605] head: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001 [ 353.490261][ T8605] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 353.644338][ T8605] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 353.712903][ T8605] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 353.866556][ T8605] page dumped because: unmovable page [ 353.872021][ T8605] page_owner tracks the page as allocated [ 353.948144][ T8605] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5540, tgid 5540 (dhcpcd-run-hook), ts 67043598399, free_ts 67019087184 [ 354.135737][ T8605] post_alloc_hook+0x1c0/0x230 [ 354.246777][ T8605] get_page_from_freelist+0x132b/0x38e0 [ 354.372190][ T8605] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 354.378168][ T8605] alloc_pages_mpol+0x1fb/0x550 [ 354.505570][ T8605] new_slab+0x247/0x330 [ 354.509809][ T8605] ___slab_alloc+0xcf2/0x1750 [ 354.564684][ T8605] __slab_alloc.constprop.0+0x56/0xb0 [ 354.590831][ T8605] __kmalloc_noprof+0x2f2/0x510 [ 354.617019][ T8605] tomoyo_init_log+0x1385/0x2140 [ 354.641797][ T8605] tomoyo_supervisor+0x302/0x13b0 [ 354.667089][ T8605] tomoyo_env_perm+0x191/0x200 [ 354.702562][ T8605] tomoyo_find_next_domain+0xec2/0x20b0 [ 354.708211][ T8605] tomoyo_bprm_check_security+0x12e/0x1d0 [ 354.760388][ T8605] security_bprm_check+0x1b9/0x1e0 [ 354.784447][ T8605] bprm_execve+0x81a/0x1640 [ 354.812423][ T8605] do_execveat_common.isra.0+0x4a5/0x610 [ 354.818134][ T8605] page last free pid 5539 tgid 5539 stack trace: [ 354.858999][ T8605] __free_frozen_pages+0x7d5/0x10f0 [ 354.897536][ T8605] __put_partials+0x165/0x1c0 [ 354.907629][ T8605] qlist_free_all+0x4d/0x120 [ 354.937009][ T8605] kasan_quarantine_reduce+0x195/0x1e0 [ 354.954588][ T8605] __kasan_slab_alloc+0x69/0x90 [ 354.979682][ T8605] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 354.998206][ T8605] tomoyo_init_log+0x197/0x2140 [ 355.003154][ T8605] tomoyo_supervisor+0x302/0x13b0 [ 355.040528][ T8605] tomoyo_path_permission+0x270/0x3b0 [ 355.076777][ T8605] tomoyo_path_perm+0x362/0x460 [ 355.094823][ T8605] security_inode_getattr+0x116/0x290 [ 355.118398][ T8605] vfs_fstat+0x4b/0xe0 [ 355.122534][ T8605] __do_sys_newfstat+0x87/0x100 [ 355.157528][ T8605] do_syscall_64+0xcd/0x4c0 [ 355.162111][ T8605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.163036][ T8681] ima: policy update failed [ 358.235695][ T30] audit: type=1802 audit(4294967492.691:9): pid=8681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.569" res=0 errno=0 [ 358.270321][ T8681] netlink: 25 bytes leftover after parsing attributes in process `syz.3.569'. [ 362.002743][ T8736] FAULT_INJECTION: forcing a failure. [ 362.002743][ T8736] name failslab, interval 1, probability 0, space 0, times 0 [ 362.145970][ T8736] CPU: 0 UID: 0 PID: 8736 Comm: syz.2.579 Tainted: G U syzkaller #0 PREEMPT(full) [ 362.146009][ T8736] Tainted: [U]=USER [ 362.146016][ T8736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 362.146031][ T8736] Call Trace: [ 362.146039][ T8736] [ 362.146047][ T8736] dump_stack_lvl+0x16c/0x1f0 [ 362.146088][ T8736] should_fail_ex+0x512/0x640 [ 362.146125][ T8736] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 362.146157][ T8736] should_failslab+0xc2/0x120 [ 362.146189][ T8736] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 362.146218][ T8736] ? sk_prot_alloc+0x60/0x2a0 [ 362.146246][ T8736] sk_prot_alloc+0x60/0x2a0 [ 362.146273][ T8736] sk_alloc+0x36/0xc20 [ 362.146308][ T8736] __vsock_create.constprop.0+0x3c/0xbb0 [ 362.146341][ T8736] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 362.146380][ T8736] vsock_create+0x139/0x500 [ 362.146417][ T8736] __sock_create+0x338/0x8d0 [ 362.146449][ T8736] __sys_socket+0x14d/0x260 [ 362.146478][ T8736] ? __pfx___sys_socket+0x10/0x10 [ 362.146507][ T8736] ? xfd_validate_state+0x61/0x180 [ 362.146542][ T8736] ? __task_pid_nr_ns+0x17c/0x500 [ 362.146590][ T8736] __x64_sys_socket+0x72/0xb0 [ 362.146618][ T8736] ? lockdep_hardirqs_on+0x7c/0x110 [ 362.146654][ T8736] do_syscall_64+0xcd/0x4c0 [ 362.146693][ T8736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.146717][ T8736] RIP: 0033:0x7fd6ff38eba9 [ 362.146735][ T8736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.146758][ T8736] RSP: 002b:00007fd700212038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 362.146781][ T8736] RAX: ffffffffffffffda RBX: 00007fd6ff5d5fa0 RCX: 00007fd6ff38eba9 [ 362.146796][ T8736] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000028 [ 362.146810][ T8736] RBP: 00007fd6ff411e19 R08: 0000000000000000 R09: 0000000000000000 [ 362.146824][ T8736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 362.146838][ T8736] R13: 00007fd6ff5d6038 R14: 00007fd6ff5d5fa0 R15: 00007fff8c4ee478 [ 362.146867][ T8736] [ 364.284003][ T8757] net_ratelimit: 62 callbacks suppressed [ 364.284023][ T8757] netlink: set zone limit has 8 unknown bytes [ 364.606704][ T8768] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 365.546803][ T8769] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 365.629911][ T9] usb usb38-port5: attempt power cycle [ 366.308154][ T9] usb usb38-port5: unable to enumerate USB device [ 366.510499][ T8796] netlink: 4 bytes leftover after parsing attributes in process `syz.2.589'. [ 368.197577][ T8820] Process accounting paused [ 368.448146][ T8824] netlink: zone id is out of range [ 368.500565][ T8824] netlink: zone id is out of range [ 368.533472][ T8824] netlink: zone id is out of range [ 368.577789][ T8824] netlink: zone id is out of range [ 368.619756][ T8824] netlink: zone id is out of range [ 368.649660][ T8824] netlink: zone id is out of range [ 368.697126][ T8824] netlink: zone id is out of range [ 368.726963][ T8824] netlink: zone id is out of range [ 368.761352][ T8824] netlink: zone id is out of range [ 369.723697][ T8847] FAULT_INJECTION: forcing a failure. [ 369.723697][ T8847] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 369.823736][ T8847] CPU: 0 UID: 0 PID: 8847 Comm: syz.1.599 Tainted: G U syzkaller #0 PREEMPT(full) [ 369.823773][ T8847] Tainted: [U]=USER [ 369.823780][ T8847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 369.823794][ T8847] Call Trace: [ 369.823801][ T8847] [ 369.823810][ T8847] dump_stack_lvl+0x16c/0x1f0 [ 369.823852][ T8847] should_fail_ex+0x512/0x640 [ 369.823894][ T8847] should_fail_alloc_page+0xe7/0x130 [ 369.823929][ T8847] prepare_alloc_pages+0x3c2/0x610 [ 369.823970][ T8847] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 369.823999][ T8847] ? stack_trace_save+0x8e/0xc0 [ 369.824026][ T8847] ? __pfx_stack_trace_save+0x10/0x10 [ 369.824052][ T8847] ? rcu_is_watching+0x12/0xc0 [ 369.824076][ T8847] ? stack_depot_save_flags+0x29/0x9c0 [ 369.824120][ T8847] ? kasan_save_stack+0x42/0x60 [ 369.824145][ T8847] ? kasan_save_stack+0x33/0x60 [ 369.824170][ T8847] ? kasan_save_track+0x14/0x30 [ 369.824228][ T8847] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 369.824257][ T8847] ? walk_pgd_range+0x88b/0x1f50 [ 369.824285][ T8847] ? walk_page_range_mm+0x461/0xb40 [ 369.824314][ T8847] ? madvise_walk_vmas+0x31f/0x9c0 [ 369.824348][ T8847] ? madvise_do_behavior+0x1e2/0x530 [ 369.824381][ T8847] ? do_madvise+0x176/0x240 [ 369.824412][ T8847] ? __x64_sys_madvise+0xa9/0x110 [ 369.824445][ T8847] ? do_syscall_64+0xcd/0x4c0 [ 369.824481][ T8847] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.824517][ T8847] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 369.824556][ T8847] ? policy_nodemask+0xea/0x4e0 [ 369.824591][ T8847] alloc_pages_mpol+0x1fb/0x550 [ 369.824624][ T8847] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 369.824665][ T8847] alloc_pages_noprof+0x131/0x390 [ 369.824699][ T8847] pte_alloc_one+0x1c/0x3a0 [ 369.824726][ T8847] __pte_alloc+0x6d/0x3c0 [ 369.824759][ T8847] ? __pfx___pte_alloc+0x10/0x10 [ 369.824793][ T8847] ? _raw_spin_unlock+0x28/0x50 [ 369.824824][ T8847] ? __pmd_alloc+0x3fb/0x930 [ 369.824863][ T8847] walk_pgd_range+0xb84/0x1f50 [ 369.824897][ T8847] ? __pfx_guard_install_set_pte+0x10/0x10 [ 369.824929][ T8847] ? __pfx_guard_install_pte_entry+0x10/0x10 [ 369.824965][ T8847] ? __pfx_guard_install_set_pte+0x10/0x10 [ 369.825002][ T8847] ? __pfx_guard_install_set_pte+0x10/0x10 [ 369.825035][ T8847] ? __pfx_guard_install_set_pte+0x10/0x10 [ 369.825069][ T8847] ? __pfx_walk_pgd_range+0x10/0x10 [ 369.825108][ T8847] __walk_page_range+0x163/0x820 [ 369.825140][ T8847] ? find_vma+0xbf/0x140 [ 369.825172][ T8847] ? __pfx_find_vma+0x10/0x10 [ 369.825212][ T8847] ? walk_page_test+0x9b/0x180 [ 369.825242][ T8847] walk_page_range_mm+0x461/0xb40 [ 369.825277][ T8847] ? __pfx_walk_page_range_mm+0x10/0x10 [ 369.825316][ T8847] ? __anon_vma_prepare+0x2e2/0x5e0 [ 369.825346][ T8847] madvise_vma_behavior+0xa62/0x2d60 [ 369.825385][ T8847] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 369.825421][ T8847] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 369.825460][ T8847] ? __pfx_mas_prev+0x10/0x10 [ 369.825502][ T8847] ? find_vma_prev+0xda/0x160 [ 369.825535][ T8847] ? find_held_lock+0x2b/0x80 [ 369.825558][ T8847] ? __pfx_find_vma_prev+0x10/0x10 [ 369.825592][ T8847] ? futex_unqueue+0x133/0x2c0 [ 369.825629][ T8847] ? __futex_wait+0x24c/0x2f0 [ 369.825669][ T8847] madvise_walk_vmas+0x31f/0x9c0 [ 369.825709][ T8847] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 369.825752][ T8847] madvise_do_behavior+0x1e2/0x530 [ 369.825786][ T8847] ? futex_private_hash_put+0x18a/0x300 [ 369.825815][ T8847] ? __pfx_madvise_do_behavior+0x10/0x10 [ 369.825852][ T8847] ? down_read+0x13d/0x480 [ 369.825888][ T8847] do_madvise+0x176/0x240 [ 369.825922][ T8847] ? __pfx_do_madvise+0x10/0x10 [ 369.825955][ T8847] ? do_futex+0x122/0x350 [ 369.826004][ T8847] ? xfd_validate_state+0x61/0x180 [ 369.826038][ T8847] ? __pfx_ksys_write+0x10/0x10 [ 369.826072][ T8847] __x64_sys_madvise+0xa9/0x110 [ 369.826106][ T8847] ? lockdep_hardirqs_on+0x7c/0x110 [ 369.826140][ T8847] do_syscall_64+0xcd/0x4c0 [ 369.826185][ T8847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.826210][ T8847] RIP: 0033:0x7f183698eba9 [ 369.826230][ T8847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.826253][ T8847] RSP: 002b:00007f1834bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 369.826275][ T8847] RAX: ffffffffffffffda RBX: 00007f1836bd5fa0 RCX: 00007f183698eba9 [ 369.826291][ T8847] RDX: 0000000000000066 RSI: 0000000002021000 RDI: 0000000000000000 [ 369.826306][ T8847] RBP: 00007f1836a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 369.826320][ T8847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 369.826334][ T8847] R13: 00007f1836bd6038 R14: 00007f1836bd5fa0 R15: 00007fffc6c5f4e8 [ 369.826364][ T8847] [ 370.290140][ C0] vkms_vblank_simulate: vblank timer overrun [ 370.841689][ T30] audit: type=1800 audit(4294967505.337:10): pid=8855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.599" name="features" dev="configfs" ino=47465 res=0 errno=0 [ 374.611571][ T8870] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 377.299916][ T8909] netlink: 4 bytes leftover after parsing attributes in process `syz.3.613'. [ 378.188094][ T8919] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 381.758032][ T8950] netlink: 'syz.2.623': attribute type 1 has an invalid length. [ 381.864203][ T8956] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 387.919364][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 387.927133][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 391.986926][ T9053] Invalid ELF header magic: != ELF [ 394.846905][ T9081] FAULT_INJECTION: forcing a failure. [ 394.846905][ T9081] name failslab, interval 1, probability 0, space 0, times 0 [ 394.954793][ T9081] CPU: 0 UID: 0 PID: 9081 Comm: syz.1.648 Tainted: G U syzkaller #0 PREEMPT(full) [ 394.954832][ T9081] Tainted: [U]=USER [ 394.954840][ T9081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 394.954853][ T9081] Call Trace: [ 394.954861][ T9081] [ 394.954869][ T9081] dump_stack_lvl+0x16c/0x1f0 [ 394.954913][ T9081] should_fail_ex+0x512/0x640 [ 394.954951][ T9081] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 394.954981][ T9081] should_failslab+0xc2/0x120 [ 394.955014][ T9081] __kmalloc_cache_noprof+0x6a/0x3e0 [ 394.955039][ T9081] ? sctp_auth_init+0x30d/0x570 [ 394.955080][ T9081] sctp_auth_init+0x30d/0x570 [ 394.955121][ T9081] sctp_setsockopt+0xa371/0xb870 [ 394.955151][ T9081] ? __pfx_sctp_setsockopt+0x10/0x10 [ 394.955176][ T9081] ? find_held_lock+0x2b/0x80 [ 394.955203][ T9081] ? aa_sock_opt_perm+0xfd/0x1c0 [ 394.955226][ T9081] ? sock_common_setsockopt+0x2e/0xf0 [ 394.955251][ T9081] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 394.955280][ T9081] do_sock_setsockopt+0xf0/0x1d0 [ 394.955309][ T9081] __sys_setsockopt+0x120/0x1a0 [ 394.955350][ T9081] __x64_sys_setsockopt+0xbd/0x160 [ 394.955384][ T9081] ? do_syscall_64+0x91/0x4c0 [ 394.955421][ T9081] ? lockdep_hardirqs_on+0x7c/0x110 [ 394.955457][ T9081] do_syscall_64+0xcd/0x4c0 [ 394.955502][ T9081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.955527][ T9081] RIP: 0033:0x7f183698eba9 [ 394.955545][ T9081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 394.955567][ T9081] RSP: 002b:00007f1834bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 394.955589][ T9081] RAX: ffffffffffffffda RBX: 00007f1836bd6090 RCX: 00007f183698eba9 [ 394.955604][ T9081] RDX: 0000000000000081 RSI: 0000010000000084 RDI: 0000000000000003 [ 394.955618][ T9081] RBP: 00007f1836a11e19 R08: 0000000000000008 R09: 0000000000000000 [ 394.955632][ T9081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 394.955645][ T9081] R13: 00007f1836bd6128 R14: 00007f1836bd6090 R15: 00007fffc6c5f4e8 [ 394.955675][ T9081] [ 397.986614][ T9101] FAULT_INJECTION: forcing a failure. [ 397.986614][ T9101] name fail_futex, interval 1, probability 0, space 0, times 0 [ 398.104503][ T9116] ima: policy update failed [ 398.143153][ T30] audit: type=1802 audit(4294967532.799:11): pid=9116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.656" res=0 errno=0 [ 398.173871][ T9116] netlink: 25 bytes leftover after parsing attributes in process `syz.3.656'. [ 398.302982][ T9101] CPU: 0 UID: 0 PID: 9101 Comm: syz.1.652 Tainted: G U syzkaller #0 PREEMPT(full) [ 398.303020][ T9101] Tainted: [U]=USER [ 398.303028][ T9101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 398.303042][ T9101] Call Trace: [ 398.303050][ T9101] [ 398.303059][ T9101] dump_stack_lvl+0x16c/0x1f0 [ 398.303100][ T9101] should_fail_ex+0x512/0x640 [ 398.303162][ T9101] get_futex_key+0x1d0/0x1560 [ 398.303195][ T9101] ? __pfx_get_futex_key+0x10/0x10 [ 398.303226][ T9101] ? do_raw_spin_lock+0x12c/0x2b0 [ 398.303269][ T9101] futex_wake+0xea/0x530 [ 398.303302][ T9101] ? find_held_lock+0x2b/0x80 [ 398.303327][ T9101] ? __pfx_futex_wake+0x10/0x10 [ 398.303360][ T9101] ? rcu_is_watching+0x12/0xc0 [ 398.303392][ T9101] ? lockdep_hardirqs_on+0x7c/0x110 [ 398.303430][ T9101] ? posix_timer_unhash_and_free+0x375/0x400 [ 398.303464][ T9101] ? posix_cpu_timer_create+0x257/0x4a0 [ 398.303496][ T9101] do_futex+0x1e3/0x350 [ 398.303526][ T9101] ? __pfx_do_futex+0x10/0x10 [ 398.303565][ T9101] __x64_sys_futex+0x1e0/0x4c0 [ 398.303597][ T9101] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 398.303633][ T9101] ? __pfx___x64_sys_futex+0x10/0x10 [ 398.303664][ T9101] ? xfd_validate_state+0x61/0x180 [ 398.303698][ T9101] ? __task_pid_nr_ns+0x17c/0x500 [ 398.303739][ T9101] do_syscall_64+0xcd/0x4c0 [ 398.303779][ T9101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.303803][ T9101] RIP: 0033:0x7f183698eba9 [ 398.303822][ T9101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.303844][ T9101] RSP: 002b:00007f1834bf60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 398.303866][ T9101] RAX: ffffffffffffffda RBX: 00007f1836bd5fa8 RCX: 00007f183698eba9 [ 398.303882][ T9101] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1836bd5fac [ 398.303896][ T9101] RBP: 00007f1836bd5fa0 R08: 00007f1837710000 R09: 0000000000000000 [ 398.303911][ T9101] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 398.303925][ T9101] R13: 00007f1836bd6038 R14: 00007fffc6c5f400 R15: 00007fffc6c5f4e8 [ 398.303954][ T9101] [ 398.524658][ C0] vkms_vblank_simulate: vblank timer overrun [ 399.082773][ T9116] Process accounting resumed [ 399.437758][ T9122] netlink: 'syz.3.658': attribute type 4 has an invalid length. [ 399.445503][ T9122] netlink: 'syz.3.658': attribute type 5 has an invalid length. [ 399.543335][ T9122] netlink: 10 bytes leftover after parsing attributes in process `syz.3.658'. [ 400.572415][ T9129] netlink: 28 bytes leftover after parsing attributes in process `syz.1.660'. [ 402.892388][ T9154] netlink: 'syz.2.665': attribute type 1 has an invalid length. [ 407.820691][ T9190] FAULT_INJECTION: forcing a failure. [ 407.820691][ T9190] name failslab, interval 1, probability 0, space 0, times 0 [ 407.945587][ T9190] CPU: 0 UID: 0 PID: 9190 Comm: syz.2.673 Tainted: G U syzkaller #0 PREEMPT(full) [ 407.945634][ T9190] Tainted: [U]=USER [ 407.945642][ T9190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 407.945656][ T9190] Call Trace: [ 407.945664][ T9190] [ 407.945673][ T9190] dump_stack_lvl+0x16c/0x1f0 [ 407.945714][ T9190] should_fail_ex+0x512/0x640 [ 407.945751][ T9190] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 407.945783][ T9190] should_failslab+0xc2/0x120 [ 407.945815][ T9190] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 407.945844][ T9190] ? alloc_empty_file+0x55/0x1e0 [ 407.945883][ T9190] alloc_empty_file+0x55/0x1e0 [ 407.945920][ T9190] path_openat+0xda/0x2cb0 [ 407.945946][ T9190] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.945980][ T9190] ? __pfx_path_openat+0x10/0x10 [ 407.946017][ T9190] do_filp_open+0x20b/0x470 [ 407.946047][ T9190] ? __pfx_do_filp_open+0x10/0x10 [ 407.946097][ T9190] ? alloc_fd+0x471/0x7d0 [ 407.946131][ T9190] do_sys_openat2+0x11b/0x1d0 [ 407.946168][ T9190] ? __pfx_do_sys_openat2+0x10/0x10 [ 407.946205][ T9190] ? find_held_lock+0x2b/0x80 [ 407.946229][ T9190] ? handle_mm_fault+0x2ab/0xd10 [ 407.946260][ T9190] __x64_sys_openat+0x174/0x210 [ 407.946282][ T9190] ? __pfx___x64_sys_openat+0x10/0x10 [ 407.946306][ T9190] ? do_user_addr_fault+0x843/0x1370 [ 407.946352][ T9190] do_syscall_64+0xcd/0x4c0 [ 407.946392][ T9190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.946416][ T9190] RIP: 0033:0x7fd6ff38d510 [ 407.946434][ T9190] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 407.946457][ T9190] RSP: 002b:00007fd700211f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 407.946479][ T9190] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd6ff38d510 [ 407.946494][ T9190] RDX: 0000000000000000 RSI: 00007fd700211fa0 RDI: 00000000ffffff9c [ 407.946509][ T9190] RBP: 00007fd700211fa0 R08: 0000000000000000 R09: 0000000000000000 [ 407.946523][ T9190] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 407.946536][ T9190] R13: 00007fd6ff5d6038 R14: 00007fd6ff5d5fa0 R15: 00007fff8c4ee478 [ 407.946571][ T9190] syzkaller syzkaller login: [ 409.524119][ T9218] random: crng reseeded on system resumption [ 411.940069][ T9237] netlink: 4 bytes leftover after parsing attributes in process `syz.0.680'. [ 412.068580][ T9245] netlink: 354 bytes leftover after parsing attributes in process `syz.0.680'. [ 414.594046][ T30] audit: type=1800 audit(4294975349.345:12): pid=9256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.684" name="dbroot" dev="configfs" ino=57119 res=0 errno=0 [ 415.336772][ T9272] netlink: 4 bytes leftover after parsing attributes in process `syz.2.687'. [ 415.425768][ T9274] netlink: 354 bytes leftover after parsing attributes in process `syz.2.687'. [ 415.566842][ T9277] random: crng reseeded on system resumption [ 421.840776][ T9334] FAULT_INJECTION: forcing a failure. [ 421.840776][ T9334] name failslab, interval 1, probability 0, space 0, times 0 [ 421.966173][ T9334] CPU: 0 UID: 0 PID: 9334 Comm: syz.2.699 Tainted: G U syzkaller #0 PREEMPT(full) [ 421.966219][ T9334] Tainted: [U]=USER [ 421.966226][ T9334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 421.966240][ T9334] Call Trace: [ 421.966248][ T9334] [ 421.966257][ T9334] dump_stack_lvl+0x16c/0x1f0 [ 421.966298][ T9334] should_fail_ex+0x512/0x640 [ 421.966335][ T9334] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 421.966367][ T9334] should_failslab+0xc2/0x120 [ 421.966399][ T9334] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 421.966428][ T9334] ? do_epoll_ctl+0x1170/0x3790 [ 421.966459][ T9334] do_epoll_ctl+0x1170/0x3790 [ 421.966498][ T9334] ? __pfx_do_epoll_ctl+0x10/0x10 [ 421.966522][ T9334] ? find_held_lock+0x2b/0x80 [ 421.966544][ T9334] ? __might_fault+0xe3/0x190 [ 421.966571][ T9334] ? __might_fault+0xe3/0x190 [ 421.966609][ T9334] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 421.966634][ T9334] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 421.966661][ T9334] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 421.966698][ T9334] do_syscall_64+0xcd/0x4c0 [ 421.966737][ T9334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.966761][ T9334] RIP: 0033:0x7fd6ff38eba9 [ 421.966780][ T9334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.966803][ T9334] RSP: 002b:00007fd700212038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 421.966826][ T9334] RAX: ffffffffffffffda RBX: 00007fd6ff5d5fa0 RCX: 00007fd6ff38eba9 [ 421.966841][ T9334] RDX: 8000000000000000 RSI: 0000000000000001 RDI: 0000000000000006 [ 421.966856][ T9334] RBP: 00007fd6ff411e19 R08: 0000000000000000 R09: 0000000000000000 [ 421.966870][ T9334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 421.966883][ T9334] R13: 00007fd6ff5d6038 R14: 00007fd6ff5d5fa0 R15: 00007fff8c4ee478 [ 421.966913][ T9334] [ 422.636413][ T9343] netlink: 16 bytes leftover after parsing attributes in process `syz.2.701'. [ 422.760484][ T9344] blktrace: Concurrent blktraces are not allowed on ram7 [ 422.776500][ T9345] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 424.574919][ T9361] Console: switching to colour VGA+ 80x25 [ 424.927545][ T9362] Console: switching to colour frame buffer device 128x48 [ 426.189350][ T9373] vivid-003: ================= START STATUS ================= [ 426.197080][ T9373] vivid-003: Radio HW Seek Mode: Bounded [ 426.310271][ T9373] vivid-003: Radio Programmable HW Seek: false [ 426.316540][ T9373] vivid-003: RDS Rx I/O Mode: Block I/O [ 426.439493][ T9380] vivid-007: ================= START STATUS ================= [ 426.515758][ T9373] vivid-003: Generate RBDS Instead of RDS: false [ 426.562941][ T9380] vivid-007: Generate PTS: true [ 426.643304][ T9373] vivid-003: RDS Reception: true [ 426.691617][ T9380] vivid-007: Generate SCR: true [ 426.734282][ T9373] vivid-003: RDS Program Type: 0 inactive [ 426.790153][ T9380] tpg source WxH: 320x240 (Y'CbCr) [ 426.872627][ T9380] tpg field: 1 [ 426.916783][ T9373] vivid-003: RDS PS Name: inactive [ 426.922049][ T9373] vivid-003: RDS Radio Text: inactive [ 426.996625][ T9380] tpg crop: (0,0)/320x240 [ 427.001046][ T9380] tpg compose: (0,0)/320x240 [ 427.103674][ T9373] vivid-003: RDS Traffic Announcement: false inactive [ 427.155307][ T9380] tpg colorspace: 8 [ 427.172788][ T9380] tpg transfer function: 0/0 [ 427.219892][ T9373] vivid-003: RDS Traffic Program: false inactive [ 427.265084][ T9380] tpg Y'CbCr encoding: 0/0 [ 427.311224][ T9373] vivid-003: RDS Music: false inactive [ 427.338581][ T9380] tpg quantization: 0/0 [ 427.367291][ T9373] vivid-003: ================== END STATUS ================== [ 427.422812][ T9380] tpg RGB range: 0/2 [ 427.443818][ T9380] vivid-007: ================== END STATUS ================== [ 429.533017][ T9421] netlink: 28 bytes leftover after parsing attributes in process `syz.1.715'. [ 429.742547][ T9414] Process accounting paused [ 429.988511][ T9421] ipvlan0: entered promiscuous mode [ 430.086796][ T9421] ipvlan0: entered allmulticast mode [ 430.137596][ T9421] veth0_vlan: entered allmulticast mode [ 431.204294][ T9445] random: crng reseeded on system resumption [ 431.977267][ T9461] netlink: 4 bytes leftover after parsing attributes in process `syz.1.722'. [ 432.132550][ T9457] mkiss: ax0: crc mode is auto. [ 432.493537][ T9465] ICMPv6: process `syz.1.724' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 432.675205][ T9465] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(5) [ 439.143541][ T9552] Invalid ELF header magic: != ELF [ 440.018202][ T9566] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 440.055372][ T9566] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 440.077159][ T9566] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 440.122329][ T9566] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 440.175466][ T9566] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 440.812636][ T9592] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 441.339819][ T9597] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 441.382247][ T9597] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 441.419034][ T9597] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 441.448885][ T9597] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 442.217198][ T9629] input: jJΗΈ-Άš9γ%vψ“ϋ¨lΠQ  J86Φ‘ as /devices/virtual/input/input17 [ 442.410535][ T9] Process accounting resumed [ 443.061647][ T30] audit: type=1326 audit(4294975377.943:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9643 comm="syz.0.756" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6d69d8eba9 code=0x0 [ 443.205013][ T9553] Bluetooth: hci0: command 0x0c1a tx timeout [ 443.358671][ T9553] Bluetooth: hci1: command 0x0c1a tx timeout [ 443.438497][ T9553] Bluetooth: hci2: command 0x0c1a tx timeout [ 443.518212][ T9553] Bluetooth: hci3: command 0x0c1a tx timeout [ 444.383711][ T9670] can0: slcan on ttyS2. [ 444.534969][ T9669] can0 (unregistered): slcan off ttyS2. [ 445.040579][ T9683] netlink: 146 bytes leftover after parsing attributes in process `syz.0.762'. [ 445.278613][ T9553] Bluetooth: hci0: command 0x0c1a tx timeout [ 445.458091][ T9688] netlink: 186 bytes leftover after parsing attributes in process `syz.0.762'. [ 445.710454][ T9700] netlink: 146 bytes leftover after parsing attributes in process `syz.0.762'. [ 446.622574][ T9720] Invalid ELF header magic: != ELF [ 446.975226][ T9727] FAULT_INJECTION: forcing a failure. [ 446.975226][ T9727] name failslab, interval 1, probability 0, space 0, times 0 [ 447.060123][ T9727] CPU: 0 UID: 0 PID: 9727 Comm: syz.1.769 Tainted: G U syzkaller #0 PREEMPT(full) [ 447.060163][ T9727] Tainted: [U]=USER [ 447.060171][ T9727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 447.060185][ T9727] Call Trace: [ 447.060193][ T9727] [ 447.060201][ T9727] dump_stack_lvl+0x16c/0x1f0 [ 447.060244][ T9727] should_fail_ex+0x512/0x640 [ 447.060282][ T9727] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 447.060319][ T9727] should_failslab+0xc2/0x120 [ 447.060351][ T9727] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 447.060384][ T9727] ? lockdep_init_map_type+0x5c/0x280 [ 447.060418][ T9727] ? __ip_vs_lblc_init+0x77/0x340 [ 447.060457][ T9727] ? __pfx___ip_vs_lblc_init+0x10/0x10 [ 447.060489][ T9727] kmemdup_noprof+0x29/0x60 [ 447.060519][ T9727] __ip_vs_lblc_init+0x77/0x340 [ 447.060552][ T9727] ? __pfx___ip_vs_lblc_init+0x10/0x10 [ 447.060583][ T9727] ops_init+0x1e2/0x5f0 [ 447.060608][ T9727] setup_net+0x10f/0x380 [ 447.060627][ T9727] ? lockdep_init_map_type+0x5c/0x280 [ 447.060661][ T9727] ? __pfx_setup_net+0x10/0x10 [ 447.060684][ T9727] ? debug_mutex_init+0x37/0x70 [ 447.060711][ T9727] copy_net_ns+0x2a6/0x5f0 [ 447.060739][ T9727] create_new_namespaces+0x3ea/0xa90 [ 447.060774][ T9727] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 447.060805][ T9727] ksys_unshare+0x45b/0xa40 [ 447.060840][ T9727] ? __pfx_ksys_unshare+0x10/0x10 [ 447.060875][ T9727] ? xfd_validate_state+0x61/0x180 [ 447.060920][ T9727] __x64_sys_unshare+0x31/0x40 [ 447.060960][ T9727] do_syscall_64+0xcd/0x4c0 [ 447.061000][ T9727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.061025][ T9727] RIP: 0033:0x7f183698eba9 [ 447.061044][ T9727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 447.061068][ T9727] RSP: 002b:00007f1834bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 447.061091][ T9727] RAX: ffffffffffffffda RBX: 00007f1836bd5fa0 RCX: 00007f183698eba9 [ 447.061107][ T9727] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 447.061121][ T9727] RBP: 00007f1836a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 447.061136][ T9727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 447.061153][ T9727] R13: 00007f1836bd6038 R14: 00007f1836bd5fa0 R15: 00007fffc6c5f4e8 [ 447.061183][ T9727] [ 447.656750][ T9553] Bluetooth: hci1: unexpected event 0x0f length: 440 > 4 [ 447.657604][ T9553] Bluetooth: hci1: unexpected event for opcode 0x0010 [ 448.079330][ T9746] netlink: 'syz.1.772': attribute type 1 has an invalid length. [ 448.150348][ T9749] netlink: 93 bytes leftover after parsing attributes in process `syz.1.772'. [ 448.683000][ T9765] netlink: 'syz.1.775': attribute type 28 has an invalid length. [ 448.733001][ T9765] netlink: 334 bytes leftover after parsing attributes in process `syz.1.775'. [ 449.018624][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 449.027287][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 450.991510][ T30] audit: type=1804 audit(4294975385.934:14): pid=9798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.780" name="/newroot/200/file0" dev="tmpfs" ino=1072 res=1 errno=0 [ 451.255005][ T9797] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 451.283878][ T9797] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 451.476905][ T9807] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 451.717551][ T9553] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 451.726202][ T9553] Bluetooth: hci1: Injecting HCI hardware error event [ 451.734582][ T9553] Bluetooth: hci1: hardware error 0x00 [ 451.837187][ T9811] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 453.366185][ T9839] Invalid ELF header magic: != ELF [ 453.784884][ T9553] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 454.281479][ T9859] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 454.518572][ T9860] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 454.827304][ T9867] FAULT_INJECTION: forcing a failure. [ 454.827304][ T9867] name failslab, interval 1, probability 0, space 0, times 0 [ 454.896964][ T9867] CPU: 0 UID: 0 PID: 9867 Comm: syz.1.794 Tainted: G U syzkaller #0 PREEMPT(full) [ 454.897003][ T9867] Tainted: [U]=USER [ 454.897011][ T9867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 454.897025][ T9867] Call Trace: [ 454.897033][ T9867] [ 454.897041][ T9867] dump_stack_lvl+0x16c/0x1f0 [ 454.897084][ T9867] should_fail_ex+0x512/0x640 [ 454.897122][ T9867] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 454.897150][ T9867] should_failslab+0xc2/0x120 [ 454.897183][ T9867] __kmalloc_cache_noprof+0x6a/0x3e0 [ 454.897209][ T9867] ? nd_alloc_stack+0x85/0x110 [ 454.897259][ T9867] nd_alloc_stack+0x85/0x110 [ 454.897295][ T9867] step_into+0x1ac7/0x2270 [ 454.897324][ T9867] ? __pfx_step_into+0x10/0x10 [ 454.897347][ T9867] ? __d_lookup+0x266/0x4a0 [ 454.897387][ T9867] ? lookup_fast+0x156/0x610 [ 454.897415][ T9867] walk_component+0xfc/0x5b0 [ 454.897441][ T9867] link_path_walk+0x627/0xe20 [ 454.897476][ T9867] path_lookupat+0x15a/0x6d0 [ 454.897500][ T9867] ? __lock_acquire+0xb97/0x1ce0 [ 454.897535][ T9867] filename_lookup+0x224/0x5f0 [ 454.897565][ T9867] ? __pfx_filename_lookup+0x10/0x10 [ 454.897616][ T9867] ? getname_flags.part.0+0x1c5/0x550 [ 454.897659][ T9867] user_path_at+0x3a/0x60 [ 454.897686][ T9867] vfs_open_tree+0x2ca/0x910 [ 454.897717][ T9867] ? __pfx_vfs_open_tree+0x10/0x10 [ 454.897747][ T9867] ? xfd_validate_state+0x61/0x180 [ 454.897788][ T9867] __x64_sys_open_tree+0x84/0x130 [ 454.897821][ T9867] do_syscall_64+0xcd/0x4c0 [ 454.897860][ T9867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.897885][ T9867] RIP: 0033:0x7f183698eba9 [ 454.897903][ T9867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.897927][ T9867] RSP: 002b:00007f1834bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 454.897949][ T9867] RAX: ffffffffffffffda RBX: 00007f1836bd5fa0 RCX: 00007f183698eba9 [ 454.897965][ T9867] RDX: 0000000000000101 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 454.897981][ T9867] RBP: 00007f1836a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 454.897995][ T9867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 454.898009][ T9867] R13: 00007f1836bd6038 R14: 00007f1836bd5fa0 R15: 00007fffc6c5f4e8 [ 454.898039][ T9867] [ 456.084341][ T9883] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 461.640016][ T5874] Process accounting resumed [ 461.727298][ T9916] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 461.822732][ T9916] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 461.956248][ T9916] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 462.741715][ T9930] FAULT_INJECTION: forcing a failure. [ 462.741715][ T9930] name failslab, interval 1, probability 0, space 0, times 0 [ 463.128173][ T9930] CPU: 0 UID: 0 PID: 9930 Comm: syz.2.804 Tainted: G U syzkaller #0 PREEMPT(full) [ 463.128212][ T9930] Tainted: [U]=USER [ 463.128220][ T9930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 463.128235][ T9930] Call Trace: [ 463.128243][ T9930] [ 463.128251][ T9930] dump_stack_lvl+0x16c/0x1f0 [ 463.128292][ T9930] should_fail_ex+0x512/0x640 [ 463.128335][ T9930] should_failslab+0xc2/0x120 [ 463.128368][ T9930] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 463.128398][ T9930] ? zswap_store+0x839/0x25a0 [ 463.128440][ T9930] zswap_store+0x839/0x25a0 [ 463.128489][ T9930] ? __pfx_zswap_store+0x10/0x10 [ 463.128546][ T9930] ? do_raw_spin_lock+0x12c/0x2b0 [ 463.128591][ T9930] ? find_held_lock+0x2b/0x80 [ 463.128616][ T9930] ? folio_free_swap+0x171/0x580 [ 463.128652][ T9930] ? do_raw_spin_unlock+0x172/0x230 [ 463.128688][ T9930] ? swp_swap_info+0xce/0x130 [ 463.128721][ T9930] ? __pfx_swp_swap_info+0x10/0x10 [ 463.128755][ T9930] ? mod_memcg_lruvec_state+0x389/0x5f0 [ 463.128799][ T9930] swap_writeout+0x3b2/0xfe0 [ 463.128839][ T9930] ? mark_held_locks+0x49/0x80 [ 463.128869][ T9930] ? _raw_spin_unlock_irq+0x23/0x50 [ 463.128906][ T9930] shmem_writeout+0xc29/0x1140 [ 463.128937][ T9930] ? __pfx_shmem_writeout+0x10/0x10 [ 463.128969][ T9930] ? inode_to_bdi+0x9e/0x160 [ 463.129000][ T9930] ? folio_clear_dirty_for_io+0x112/0x810 [ 463.129043][ T9930] shrink_folio_list+0x2f4c/0x4880 [ 463.129078][ T9930] ? __pfx_shrink_folio_list+0x10/0x10 [ 463.129104][ T9930] ? __page_table_check_puds_set+0x1c0/0x250 [ 463.129136][ T9930] ? lockdep_hardirqs_on+0x7c/0x110 [ 463.129182][ T9930] ? get_page_from_freelist+0x132b/0x38e0 [ 463.129238][ T9930] ? rcu_is_watching+0x12/0xc0 [ 463.129262][ T9930] ? mod_memcg_lruvec_state+0x389/0x5f0 [ 463.129307][ T9930] reclaim_folio_list+0xda/0x5d0 [ 463.129330][ T9930] ? __pfx_css_rstat_updated+0x10/0x10 [ 463.129359][ T9930] ? __pfx_reclaim_folio_list+0x10/0x10 [ 463.129395][ T9930] ? lru_gen_update_size+0x543/0xe10 [ 463.129426][ T9930] ? lru_gen_del_folio+0x32b/0x540 [ 463.129451][ T9930] reclaim_pages+0x47b/0x650 [ 463.129479][ T9930] ? __pfx_reclaim_pages+0x10/0x10 [ 463.129503][ T9930] ? find_held_lock+0x2b/0x80 [ 463.129526][ T9930] ? madvise_cold_or_pageout_pte_range+0x749/0x2120 [ 463.129578][ T9930] madvise_cold_or_pageout_pte_range+0x1546/0x2120 [ 463.129629][ T9930] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 463.129680][ T9930] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 463.129718][ T9930] walk_pgd_range+0xc05/0x1f50 [ 463.129769][ T9930] ? __pfx_walk_pgd_range+0x10/0x10 [ 463.129799][ T9930] ? __pfx___up_read+0x10/0x10 [ 463.129833][ T9930] ? inode_to_bdi+0x9e/0x160 [ 463.129868][ T9930] __walk_page_range+0x163/0x820 [ 463.129901][ T9930] ? __lock_acquire+0xb97/0x1ce0 [ 463.129940][ T9930] walk_page_range_vma+0x2c7/0xa20 [ 463.129974][ T9930] ? __pfx_walk_page_range_vma+0x10/0x10 [ 463.130005][ T9930] ? find_held_lock+0x2b/0x80 [ 463.130040][ T9930] madvise_pageout+0x257/0x540 [ 463.130073][ T9930] ? __pfx_madvise_pageout+0x10/0x10 [ 463.130104][ T9930] ? finish_task_switch.isra.0+0x21c/0xc10 [ 463.130152][ T9930] madvise_vma_behavior+0xb22/0x2d60 [ 463.130190][ T9930] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 463.130227][ T9930] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 463.130265][ T9930] ? __pfx_mas_prev+0x10/0x10 [ 463.130308][ T9930] ? find_vma_prev+0xda/0x160 [ 463.130342][ T9930] ? find_held_lock+0x2b/0x80 [ 463.130364][ T9930] ? __pfx_find_vma_prev+0x10/0x10 [ 463.130398][ T9930] ? futex_unqueue+0x133/0x2c0 [ 463.130436][ T9930] ? __futex_wait+0x24c/0x2f0 [ 463.130475][ T9930] madvise_walk_vmas+0x31f/0x9c0 [ 463.130516][ T9930] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 463.130560][ T9930] madvise_do_behavior+0x1e2/0x530 [ 463.130603][ T9930] ? __pfx_madvise_do_behavior+0x10/0x10 [ 463.130640][ T9930] ? down_read+0x13d/0x480 [ 463.130677][ T9930] do_madvise+0x176/0x240 [ 463.130711][ T9930] ? __pfx_do_madvise+0x10/0x10 [ 463.130744][ T9930] ? do_futex+0x122/0x350 [ 463.130796][ T9930] ? syscall_user_dispatch+0x78/0x140 [ 463.130839][ T9930] __x64_sys_madvise+0xa9/0x110 [ 463.130875][ T9930] do_syscall_64+0xcd/0x4c0 [ 463.130915][ T9930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.130940][ T9930] RIP: 0033:0x7fd6ff38eba9 [ 463.130959][ T9930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.130983][ T9930] RSP: 002b:00007fd7001af038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 463.131006][ T9930] RAX: ffffffffffffffda RBX: 00007fd6ff5d6270 RCX: 00007fd6ff38eba9 [ 463.131022][ T9930] RDX: 0000000000000015 RSI: 00000000002003f2 RDI: 0000000000000000 [ 463.131036][ T9930] RBP: 00007fd6ff411e19 R08: 0000000000000000 R09: 0000000000000000 [ 463.131050][ T9930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 463.131065][ T9930] R13: 00007fd6ff5d6308 R14: 00007fd6ff5d6270 R15: 00007fff8c4ee478 [ 463.131096][ T9930] [ 463.627345][ T9930] Trying to write to read-only block-device sda1 [ 464.455942][ T9810] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 464.464891][ T9810] Bluetooth: hci2: unexpected event 0x14 length: 440 > 6 [ 464.472812][ T9810] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 464.607505][ T9507] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 464.791287][ T9507] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 464.847232][ T9513] Trying to write to read-only block-device sda [ 464.956290][ T9507] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 466.070309][ T9932] chnl_net:caif_netlink_parms(): no params data found [ 466.417269][ T9932] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.456606][ T9932] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.520530][ T9932] bridge_slave_0: entered allmulticast mode [ 466.566475][ T9932] bridge_slave_0: entered promiscuous mode [ 466.613259][ T9932] bridge0: port 2(bridge_slave_1) entered blocking state [ 466.661321][ T9932] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.678843][ T9932] bridge_slave_1: entered allmulticast mode [ 466.697337][ T9966] nbd: must specify a device to reconfigure [ 466.715083][ T9932] bridge_slave_1: entered promiscuous mode [ 466.913168][ T9932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 466.979831][ T9932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 467.161143][ T9507] Bluetooth: hci4: command tx timeout [ 467.253706][ T9932] team0: Port device team_slave_0 added [ 467.657873][ T9932] team0: Port device team_slave_1 added [ 468.522333][ T9932] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 468.567530][ T9932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 468.691269][ T9932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 468.737385][ T9932] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 468.744432][ T9932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 468.888581][ T9932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 469.078096][ T9932] hsr_slave_0: entered promiscuous mode [ 469.115404][ T9932] hsr_slave_1: entered promiscuous mode [ 469.171881][ T9932] debugfs: 'hsr0' already exists in 'hsr' [ 469.184274][ T9932] Cannot create hsr debugfs directory [ 469.224394][ T9507] Bluetooth: hci4: command tx timeout [ 469.323828][ T9984] netlink: 28 bytes leftover after parsing attributes in process `syz.2.816'. [ 469.749280][ T9993] mkiss: ax0: crc mode is auto. [ 470.325408][ T9932] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 470.363538][ T9932] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 470.649678][ T9932] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 471.201744][ T9932] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 471.293461][ T9507] Bluetooth: hci4: command tx timeout [ 472.324825][ T9932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 472.448758][ T9932] 8021q: adding VLAN 0 to HW filter on device team0 [ 473.095036][ T9509] bridge0: port 1(bridge_slave_0) entered blocking state [ 473.102301][ T9509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 473.364015][ T9507] Bluetooth: hci4: command tx timeout [ 474.056853][ T9513] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.064140][ T9513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 474.366958][ T9932] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 474.626829][ T9932] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 475.324701][T10036] netlink: 268 bytes leftover after parsing attributes in process `syz.2.823'. [ 476.152205][ T9932] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 480.735888][ T9932] veth0_vlan: entered promiscuous mode [ 480.817757][ T9932] veth1_vlan: entered promiscuous mode [ 480.949751][ T9932] veth0_macvtap: entered promiscuous mode [ 481.015746][ T9932] veth1_macvtap: entered promiscuous mode [ 481.088396][ T9932] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 481.184358][ T9932] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 481.272751][T10069] sd 0:0:1:0: PR command failed: 1026 [ 481.303074][T10069] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 481.309888][T10069] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 481.384797][ T9509] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 481.416412][ T9509] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 481.440866][ T30] audit: type=1800 audit(4294967320.029:15): pid=10071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.828" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 481.470466][ T9509] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 481.479320][ T9509] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 481.959501][ T9513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 481.967422][ T9513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 482.156964][ T9513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 482.208254][ T9513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.097740][T10086] ima: policy update failed [ 483.262194][T10087] netlink: 25 bytes leftover after parsing attributes in process `syz.1.830'. [ 483.455686][ T30] audit: type=1802 audit(4294967322.059:16): pid=10086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.830" res=0 errno=0 [ 484.786798][ T30] audit: type=1800 audit(4294967323.376:17): pid=10095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.831" name="features" dev="configfs" ino=65435 res=0 errno=0 [ 489.615322][T10124] hugetlbfs: syz.4.837 (10124): Using mlock ulimits for SHM_HUGETLB is obsolete [ 490.360842][T10140] mtrr: base(0x1000000) is not aligned on a size(0x0000) boundary [ 491.017359][T10150] kexec: Could not allocate control_code_buffer [ 491.931333][T10178] snd_aloop snd_aloop.0: control 7:257:7:ͺΈθ:2 is already present [ 493.695944][T10189] vivid-003: ================= START STATUS ================= [ 493.853147][T10189] vivid-003: Radio HW Seek Mode: Bounded [ 493.958989][T10189] vivid-003: Radio Programmable HW Seek: false [ 494.079293][T10189] vivid-003: RDS Rx I/O Mode: Block I/O [ 494.153326][T10189] vivid-003: Generate RBDS Instead of RDS: false [ 494.344267][T10189] vivid-003: RDS Reception: true [ 494.681840][T10189] vivid-003: RDS Program Type: 0 inactive [ 494.791233][T10189] vivid-003: RDS PS Name: inactive [ 494.796498][T10189] vivid-003: RDS Radio Text: inactive [ 494.916681][T10189] vivid-003: RDS Traffic Announcement: false inactive [ 495.064869][T10189] vivid-003: RDS Traffic Program: false inactive [ 495.092276][T10212] netlink: 28 bytes leftover after parsing attributes in process `syz.1.851'. [ 495.120624][T10189] vivid-003: RDS Music: false inactive [ 495.217871][T10189] vivid-003: ================== END STATUS ================== [ 497.449307][T10240] kAFS: Invalid Command on /proc/fs/afs/cells file [ 497.862225][ T30] audit: type=1800 audit(4294967336.534:18): pid=10255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.859" name="dbroot" dev="configfs" ino=66193 res=0 errno=0 [ 501.062041][T10303] netlink: 342 bytes leftover after parsing attributes in process `syz.2.866'. [ 501.088741][T10302] random: crng reseeded on system resumption [ 501.416278][T10307] netlink: 4 bytes leftover after parsing attributes in process `syz.1.868'. [ 501.457926][T10307] netlink: 354 bytes leftover after parsing attributes in process `syz.1.868'. [ 502.722667][T10323] binder: 10322:10323 ioctl c018620c 0 returned -1 [ 502.795360][T10323] netlink: 28 bytes leftover after parsing attributes in process `syz.0.871'. [ 503.081398][ T9507] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 503.081430][ T9507] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 503.098387][ T9507] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 503.098445][ T9507] Bluetooth: hci0: adv larger than maximum supported [ 503.105714][ T9507] Bluetooth: hci0: adv larger than maximum supported [ 503.112531][ T9507] Bluetooth: hci0: Malformed LE Event: 0x0d [ 503.328961][ T9507] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 503.328996][ T9507] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 503.343942][ T9507] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 503.344017][ T9507] Bluetooth: hci0: adv larger than maximum supported [ 503.351263][ T9507] Bluetooth: hci0: adv larger than maximum supported [ 503.358239][ T9507] Bluetooth: hci0: Malformed LE Event: 0x0d [ 503.599749][T10340] zswap: compressor 000 not available [ 503.998019][T10354] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 505.155448][T10352] kexec: Could not allocate control_code_buffer [ 505.335785][T10370] FAULT_INJECTION: forcing a failure. [ 505.335785][T10370] name failslab, interval 1, probability 0, space 0, times 0 [ 505.415229][T10370] CPU: 0 UID: 0 PID: 10370 Comm: syz.2.882 Tainted: G U syzkaller #0 PREEMPT(full) [ 505.415269][T10370] Tainted: [U]=USER [ 505.415276][T10370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 505.415292][T10370] Call Trace: [ 505.415300][T10370] [ 505.415309][T10370] dump_stack_lvl+0x16c/0x1f0 [ 505.415349][T10370] should_fail_ex+0x512/0x640 [ 505.415387][T10370] ? fs_reclaim_acquire+0xae/0x150 [ 505.415427][T10370] should_failslab+0xc2/0x120 [ 505.415459][T10370] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 505.415489][T10370] ? __kernfs_new_node+0xd2/0x8e0 [ 505.415524][T10370] __kernfs_new_node+0xd2/0x8e0 [ 505.415558][T10370] ? __pfx___kernfs_new_node+0x10/0x10 [ 505.415596][T10370] ? find_held_lock+0x2b/0x80 [ 505.415621][T10370] ? kernfs_root+0xee/0x2a0 [ 505.415657][T10370] kernfs_new_node+0x13c/0x1e0 [ 505.415697][T10370] __kernfs_create_file+0x53/0x350 [ 505.415738][T10370] sysfs_add_file_mode_ns+0x207/0x3c0 [ 505.415774][T10370] internal_create_group+0x578/0xf30 [ 505.415815][T10370] ? __pfx_internal_create_group+0x10/0x10 [ 505.415852][T10370] ? kernfs_create_link+0x1bd/0x240 [ 505.415882][T10370] internal_create_groups+0x9d/0x150 [ 505.415917][T10370] device_add+0x731/0x1aa0 [ 505.415947][T10370] ? __pfx_device_add+0x10/0x10 [ 505.415970][T10370] ? __pfx___might_resched+0x10/0x10 [ 505.415994][T10370] ? is_dynamic_key+0xb4/0x160 [ 505.416035][T10370] __add_disk+0x457/0xf00 [ 505.416077][T10370] add_disk_fwnode+0x13f/0x5d0 [ 505.416117][T10370] nbd_dev_add+0x783/0xbb0 [ 505.416156][T10370] ? __pfx_nbd_dev_add+0x10/0x10 [ 505.416212][T10370] ? bpf_lsm_capable+0x9/0x10 [ 505.416235][T10370] ? __radix_tree_lookup+0x21f/0x2c0 [ 505.416275][T10370] nbd_genl_connect+0x8b0/0x1c60 [ 505.416311][T10370] ? __pfx_nbd_genl_connect+0x10/0x10 [ 505.416335][T10370] ? __nla_parse+0x40/0x60 [ 505.416366][T10370] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 505.416395][T10370] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 505.416429][T10370] genl_family_rcv_msg_doit+0x209/0x2f0 [ 505.416457][T10370] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 505.416484][T10370] ? genl_get_cmd+0x194/0x580 [ 505.416516][T10370] ? __radix_tree_lookup+0x21f/0x2c0 [ 505.416554][T10370] genl_rcv_msg+0x55c/0x800 [ 505.416583][T10370] ? __pfx_genl_rcv_msg+0x10/0x10 [ 505.416614][T10370] ? __pfx_nbd_genl_connect+0x10/0x10 [ 505.416648][T10370] netlink_rcv_skb+0x158/0x420 [ 505.416687][T10370] ? __pfx_genl_rcv_msg+0x10/0x10 [ 505.416722][T10370] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 505.416774][T10370] ? netlink_deliver_tap+0x1ae/0xd30 [ 505.416815][T10370] genl_rcv+0x28/0x40 [ 505.416835][T10370] netlink_unicast+0x5a7/0x870 [ 505.416879][T10370] ? __pfx_netlink_unicast+0x10/0x10 [ 505.416917][T10370] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 505.416953][T10370] ? __lock_acquire+0xb97/0x1ce0 [ 505.416992][T10370] netlink_sendmsg+0x8d1/0xdd0 [ 505.417035][T10370] ? __pfx_netlink_sendmsg+0x10/0x10 [ 505.417077][T10370] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 505.417108][T10370] ____sys_sendmsg+0xa98/0xc70 [ 505.417136][T10370] ? copy_msghdr_from_user+0x10a/0x160 [ 505.417173][T10370] ? __pfx_____sys_sendmsg+0x10/0x10 [ 505.417214][T10370] ___sys_sendmsg+0x134/0x1d0 [ 505.417253][T10370] ? __pfx____sys_sendmsg+0x10/0x10 [ 505.417327][T10370] __sys_sendmsg+0x16d/0x220 [ 505.417365][T10370] ? __pfx___sys_sendmsg+0x10/0x10 [ 505.417401][T10370] ? __x64_sys_futex+0x1e0/0x4c0 [ 505.417451][T10370] do_syscall_64+0xcd/0x4c0 [ 505.417490][T10370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.417515][T10370] RIP: 0033:0x7fd6ff38eba9 [ 505.417534][T10370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 505.417559][T10370] RSP: 002b:00007fd700212038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 505.417582][T10370] RAX: ffffffffffffffda RBX: 00007fd6ff5d5fa0 RCX: 00007fd6ff38eba9 [ 505.417598][T10370] RDX: 0000000020040000 RSI: 0000200000000500 RDI: 0000000000000005 [ 505.417613][T10370] RBP: 00007fd6ff411e19 R08: 0000000000000000 R09: 0000000000000000 [ 505.417628][T10370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.417642][T10370] R13: 00007fd6ff5d6038 R14: 00007fd6ff5d5fa0 R15: 00007fff8c4ee478 [ 505.417673][T10370] [ 505.837601][ C0] vkms_vblank_simulate: vblank timer overrun [ 506.484180][T10370] nbd: failed to add new device [ 506.537318][T10370] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 509.134728][ T9553] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 509.151274][ T9553] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 509.159916][ T9553] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 509.175757][ T9553] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 509.183407][ T9553] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 510.044926][T10418] chnl_net:caif_netlink_parms(): no params data found [ 510.136560][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 510.143003][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 510.579102][T10418] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.606215][T10418] bridge0: port 1(bridge_slave_0) entered disabled state [ 510.634936][T10418] bridge_slave_0: entered allmulticast mode [ 510.656508][T10418] bridge_slave_0: entered promiscuous mode [ 510.696239][T10418] bridge0: port 2(bridge_slave_1) entered blocking state [ 510.718948][T10418] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.746581][T10418] bridge_slave_1: entered allmulticast mode [ 510.773219][T10418] bridge_slave_1: entered promiscuous mode [ 511.129419][T10418] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 511.178939][T10418] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 511.246642][ T9507] Bluetooth: hci5: command tx timeout [ 511.347633][T10418] team0: Port device team_slave_0 added [ 511.383974][T10418] team0: Port device team_slave_1 added [ 511.590729][T10418] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 511.623677][T10418] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 511.778339][T10418] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 511.814131][T10438] ima: policy update failed [ 511.830090][ T30] audit: type=1802 audit(4294967350.567:19): pid=10438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.893" res=0 errno=0 [ 511.862196][T10418] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 511.869376][T10418] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 511.902513][T10438] netlink: 25 bytes leftover after parsing attributes in process `syz.1.893'. [ 512.015469][T10418] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 512.348338][T10418] hsr_slave_0: entered promiscuous mode [ 512.392538][T10418] hsr_slave_1: entered promiscuous mode [ 512.417674][T10447] futex_wake_op: syz.0.895 tries to shift op by -9; fix this program [ 512.430300][T10418] debugfs: 'hsr0' already exists in 'hsr' [ 512.468199][T10418] Cannot create hsr debugfs directory [ 513.316407][ T9507] Bluetooth: hci5: command tx timeout [ 513.425204][T10418] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 513.541317][T10418] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 513.615415][T10418] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 513.659945][T10418] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 513.917793][T10468] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 513.949655][T10468] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 514.042488][T10468] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 514.050613][T10418] 8021q: adding VLAN 0 to HW filter on device bond0 [ 514.090135][T10468] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 514.132964][T10418] 8021q: adding VLAN 0 to HW filter on device team0 [ 514.184139][T10468] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 514.267322][ T9593] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.274524][ T9593] bridge0: port 1(bridge_slave_0) entered forwarding state [ 514.366152][ T9593] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.373369][ T9593] bridge0: port 2(bridge_slave_1) entered forwarding state [ 514.404809][T10468] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 514.519867][T10468] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 514.656427][T10468] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 514.804585][T10468] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 515.441258][T10418] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 515.941382][ T9507] Bluetooth: hci2: command 0x0c1a tx timeout [ 515.947482][ T9553] Bluetooth: hci0: command 0x0c1a tx timeout [ 516.100637][ T9507] Bluetooth: hci4: command 0x0c1a tx timeout [ 516.106728][ T9507] Bluetooth: hci3: command 0x0c1a tx timeout [ 516.500262][ T9507] Bluetooth: hci5: command 0x0419 tx timeout [ 516.692470][T10418] veth0_vlan: entered promiscuous mode [ 516.759942][T10418] veth1_vlan: entered promiscuous mode [ 516.890752][T10418] veth0_macvtap: entered promiscuous mode [ 516.949608][T10418] veth1_macvtap: entered promiscuous mode [ 517.047183][T10418] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 517.094554][T10418] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 517.196685][ T9593] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.236084][ T9593] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.308280][ T9593] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.342192][ T9593] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.446488][T10528] usb usb23: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 517.920083][T10535] 0x000200000001-0xa29656a63616329 : "" [ 517.920123][T10535] mtd: partition "" is out of reach -- disabled [ 517.924832][ T9593] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 517.924856][ T9593] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 518.031082][T10535] ftl_cs: FTL header not found. [ 518.171247][ T9507] Bluetooth: hci4: command 0x0c1a tx timeout [ 518.506373][ T9593] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 518.544299][ T9593] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 518.574211][ T9507] Bluetooth: hci5: command 0x0419 tx timeout [ 518.598415][T10543] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(5) [ 519.134457][ T30] audit: type=1804 audit(4294967357.905:20): pid=10547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.909" name="/newroot/230/file0" dev="tmpfs" ino=1238 res=1 errno=0 [ 519.465289][T10552] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 519.576177][T10552] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 520.241391][ T9507] Bluetooth: hci4: command 0x0c1a tx timeout [ 520.636783][ T9507] Bluetooth: hci5: command 0x0419 tx timeout [ 520.868134][T10578] random: crng reseeded on system resumption [ 522.113599][T10598] FAULT_INJECTION: forcing a failure. [ 522.113599][T10598] name failslab, interval 1, probability 0, space 0, times 0 [ 522.196257][T10598] CPU: 0 UID: 0 PID: 10598 Comm: syz.5.918 Tainted: G U syzkaller #0 PREEMPT(full) [ 522.196297][T10598] Tainted: [U]=USER [ 522.196305][T10598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 522.196318][T10598] Call Trace: [ 522.196326][T10598] [ 522.196335][T10598] dump_stack_lvl+0x16c/0x1f0 [ 522.196377][T10598] should_fail_ex+0x512/0x640 [ 522.196415][T10598] ? __kmalloc_noprof+0xbf/0x510 [ 522.196446][T10598] ? __alloc_workqueue+0xd5c/0x1810 [ 522.196478][T10598] should_failslab+0xc2/0x120 [ 522.196510][T10598] __kmalloc_noprof+0xd2/0x510 [ 522.196539][T10598] ? vsnprintf+0x318/0x1160 [ 522.196577][T10598] __alloc_workqueue+0xd5c/0x1810 [ 522.196609][T10598] ? __pfx_vsnprintf+0x10/0x10 [ 522.196644][T10598] ? lockdep_hardirqs_on+0x7c/0x110 [ 522.196680][T10598] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 522.196717][T10598] alloc_workqueue_noprof+0xd2/0x200 [ 522.196750][T10598] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 522.196791][T10598] ? __pfx___debug_object_init+0x10/0x10 [ 522.196830][T10598] nci_register_device+0x21e/0xb80 [ 522.196865][T10598] ? __pfx_nci_register_device+0x10/0x10 [ 522.196902][T10598] ? lockdep_init_map_type+0x5c/0x280 [ 522.196942][T10598] virtual_ncidev_open+0x141/0x220 [ 522.196974][T10598] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 522.197005][T10598] misc_open+0x35a/0x420 [ 522.197036][T10598] ? __pfx_misc_open+0x10/0x10 [ 522.197065][T10598] chrdev_open+0x234/0x6a0 [ 522.197097][T10598] ? __pfx_apparmor_file_open+0x10/0x10 [ 522.197124][T10598] ? __pfx_chrdev_open+0x10/0x10 [ 522.197158][T10598] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 522.197192][T10598] do_dentry_open+0x982/0x1530 [ 522.197223][T10598] ? __pfx_chrdev_open+0x10/0x10 [ 522.197266][T10598] vfs_open+0x82/0x3f0 [ 522.197305][T10598] path_openat+0x1de4/0x2cb0 [ 522.197344][T10598] ? __pfx_path_openat+0x10/0x10 [ 522.197381][T10598] do_filp_open+0x20b/0x470 [ 522.197410][T10598] ? __pfx_do_filp_open+0x10/0x10 [ 522.197460][T10598] ? alloc_fd+0x471/0x7d0 [ 522.197494][T10598] do_sys_openat2+0x11b/0x1d0 [ 522.197531][T10598] ? __pfx_do_sys_openat2+0x10/0x10 [ 522.197580][T10598] __x64_sys_openat+0x174/0x210 [ 522.197601][T10598] ? __pfx___x64_sys_openat+0x10/0x10 [ 522.197634][T10598] do_syscall_64+0xcd/0x4c0 [ 522.197674][T10598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.197698][T10598] RIP: 0033:0x7fb22fd8eba9 [ 522.197717][T10598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 522.197741][T10598] RSP: 002b:00007fb230b9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 522.197764][T10598] RAX: ffffffffffffffda RBX: 00007fb22ffd6090 RCX: 00007fb22fd8eba9 [ 522.197780][T10598] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 522.197795][T10598] RBP: 00007fb22fe11e19 R08: 0000000000000000 R09: 0000000000000000 [ 522.197809][T10598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 522.197824][T10598] R13: 00007fb22ffd6128 R14: 00007fb22ffd6090 R15: 00007ffecca00368 [ 522.197854][T10598] [ 522.873522][ T9507] Bluetooth: hci5: command 0x0419 tx timeout [ 525.949581][T10624] ima: policy update failed [ 525.981055][T10641] block nbd9: NBD_DISCONNECT [ 526.011517][ T30] audit: type=1802 audit(4294967364.830:21): pid=10624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.924" res=0 errno=0 [ 526.809793][T10644] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.344994][T10644] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.805329][T10644] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.090048][T10644] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.585051][T10661] Invalid ELF header magic: != ELF [ 529.291163][T10668] random: crng reseeded on system resumption [ 531.649448][ T30] audit: type=1804 audit(4294967370.490:22): pid=10690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.938" name="/newroot/238/file0" dev="tmpfs" ino=1279 res=1 errno=0 [ 532.130252][T10689] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 532.158828][T10689] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 532.376019][T10699] net_ratelimit: 20 callbacks suppressed [ 532.376039][T10699] netlink: zone id is out of range [ 532.615447][T10699] netlink: zone id is out of range [ 532.620602][T10699] netlink: zone id is out of range [ 532.788729][T10699] netlink: zone id is out of range [ 532.802714][T10709] FAULT_INJECTION: forcing a failure. [ 532.802714][T10709] name failslab, interval 1, probability 0, space 0, times 0 [ 532.916945][T10699] netlink: zone id is out of range [ 532.968866][T10699] netlink: zone id is out of range [ 533.007616][T10709] CPU: 0 UID: 0 PID: 10709 Comm: syz.2.942 Tainted: G U syzkaller #0 PREEMPT(full) [ 533.007655][T10709] Tainted: [U]=USER [ 533.007662][T10709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 533.007676][T10709] Call Trace: [ 533.007684][T10709] [ 533.007692][T10709] dump_stack_lvl+0x16c/0x1f0 [ 533.007733][T10709] should_fail_ex+0x512/0x640 [ 533.007772][T10709] ? __kmalloc_noprof+0xbf/0x510 [ 533.007803][T10709] ? handler_new_ref+0x1b0/0xc60 [ 533.007824][T10709] should_failslab+0xc2/0x120 [ 533.007857][T10709] __kmalloc_noprof+0xd2/0x510 [ 533.007883][T10709] ? __asan_memcpy+0x3c/0x60 [ 533.007913][T10709] handler_new_ref+0x1b0/0xc60 [ 533.007943][T10709] v4l2_ctrl_new+0x1963/0x2180 [ 533.007976][T10709] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 533.008007][T10709] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 533.008048][T10709] v4l2_ctrl_new_std+0x1be/0x290 [ 533.008080][T10709] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 533.008107][T10709] ? rcu_is_watching+0x12/0xc0 [ 533.008131][T10709] ? trace_kmalloc+0x2b/0xd0 [ 533.008164][T10709] ? __kvmalloc_node_noprof+0x298/0x620 [ 533.008193][T10709] ? v4l2_ctrl_handler_init_class+0x1fc/0x340 [ 533.008236][T10709] ? media_request_object_init+0x100/0x180 [ 533.008268][T10709] vicodec_open+0x1d0/0xf90 [ 533.008306][T10709] v4l2_open+0x222/0x490 [ 533.008349][T10709] ? __pfx_v4l2_open+0x10/0x10 [ 533.008383][T10709] chrdev_open+0x234/0x6a0 [ 533.008415][T10709] ? __pfx_apparmor_file_open+0x10/0x10 [ 533.008442][T10709] ? __pfx_chrdev_open+0x10/0x10 [ 533.008475][T10709] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 533.008508][T10709] do_dentry_open+0x982/0x1530 [ 533.008538][T10709] ? __pfx_chrdev_open+0x10/0x10 [ 533.008575][T10709] vfs_open+0x82/0x3f0 [ 533.008615][T10709] path_openat+0x1de4/0x2cb0 [ 533.008653][T10709] ? __pfx_path_openat+0x10/0x10 [ 533.008689][T10709] do_filp_open+0x20b/0x470 [ 533.008718][T10709] ? __pfx_do_filp_open+0x10/0x10 [ 533.008768][T10709] ? alloc_fd+0x471/0x7d0 [ 533.008802][T10709] do_sys_openat2+0x11b/0x1d0 [ 533.008839][T10709] ? __pfx_do_sys_openat2+0x10/0x10 [ 533.008887][T10709] __x64_sys_openat+0x174/0x210 [ 533.008909][T10709] ? __pfx___x64_sys_openat+0x10/0x10 [ 533.008943][T10709] do_syscall_64+0xcd/0x4c0 [ 533.008983][T10709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.009007][T10709] RIP: 0033:0x7fd6ff38eba9 [ 533.009026][T10709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 533.009049][T10709] RSP: 002b:00007fd7001d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 533.009072][T10709] RAX: ffffffffffffffda RBX: 00007fd6ff5d6180 RCX: 00007fd6ff38eba9 [ 533.009088][T10709] RDX: 00000000000c0400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 533.009104][T10709] RBP: 00007fd6ff411e19 R08: 0000000000000000 R09: 0000000000000000 [ 533.009119][T10709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 533.009133][T10709] R13: 00007fd6ff5d6218 R14: 00007fd6ff5d6180 R15: 00007fff8c4ee478 [ 533.009163][T10709] [ 533.685677][T10699] netlink: zone id is out of range [ 533.708732][T10699] netlink: zone id is out of range [ 533.755035][T10699] netlink: zone id is out of range [ 533.857934][T10699] netlink: zone id is out of range [ 535.679920][T10731] random: crng reseeded on system resumption [ 535.848104][T10734] netlink: 296 bytes leftover after parsing attributes in process `syz.1.948'. [ 535.865128][T10726] FAULT_INJECTION: forcing a failure. [ 535.865128][T10726] name failslab, interval 1, probability 0, space 0, times 0 [ 535.996689][T10726] CPU: 0 UID: 0 PID: 10726 Comm: syz.5.946 Tainted: G U syzkaller #0 PREEMPT(full) [ 535.996729][T10726] Tainted: [U]=USER [ 535.996737][T10726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 535.996752][T10726] Call Trace: [ 535.996760][T10726] [ 535.996769][T10726] dump_stack_lvl+0x16c/0x1f0 [ 535.996810][T10726] should_fail_ex+0x512/0x640 [ 535.996847][T10726] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 535.996879][T10726] should_failslab+0xc2/0x120 [ 535.996911][T10726] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 535.996941][T10726] ? mas_alloc_nodes+0x18b/0x8b0 [ 535.996978][T10726] mas_alloc_nodes+0x18b/0x8b0 [ 535.997023][T10726] mas_node_count_gfp+0x105/0x130 [ 535.997059][T10726] mas_preallocate+0x7e0/0xde0 [ 535.997081][T10726] ? __memcg_slab_post_alloc_hook+0x472/0x960 [ 535.997120][T10726] ? __pfx_mas_preallocate+0x10/0x10 [ 535.997153][T10726] ? anon_vma_name+0x81/0x2f0 [ 535.997192][T10726] __split_vma+0x34a/0x1070 [ 535.997222][T10726] ? __pfx___split_vma+0x10/0x10 [ 535.997255][T10726] ? __pfx_mas_prev+0x10/0x10 [ 535.997298][T10726] vms_gather_munmap_vmas+0x3b1/0x1340 [ 535.997331][T10726] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 535.997363][T10726] ? mas_walk+0x6f5/0x980 [ 535.997405][T10726] __mmap_region+0x436/0x27b0 [ 535.997435][T10726] ? finish_task_switch.isra.0+0x21c/0xc10 [ 535.997461][T10726] ? __pfx___mmap_region+0x10/0x10 [ 535.997501][T10726] ? rcu_is_watching+0x12/0xc0 [ 535.997530][T10726] ? rcu_is_watching+0x12/0xc0 [ 535.997553][T10726] ? trace_sched_exit_tp+0xd1/0x120 [ 535.997589][T10726] ? __schedule+0x11a3/0x5de0 [ 535.997637][T10726] ? __lock_acquire+0x62e/0x1ce0 [ 535.997680][T10726] ? __lock_acquire+0x62e/0x1ce0 [ 535.997715][T10726] ? __pfx___schedule+0x10/0x10 [ 535.997782][T10726] ? trace_cap_capable+0x18d/0x200 [ 535.997818][T10726] mmap_region+0x1ab/0x3f0 [ 535.997846][T10726] ? __get_unmapped_area+0x267/0x440 [ 535.997886][T10726] do_mmap+0xa3e/0x1210 [ 535.997927][T10726] ? __pfx_do_mmap+0x10/0x10 [ 535.997962][T10726] ? __pfx_down_write_killable+0x10/0x10 [ 535.997992][T10726] vm_mmap_pgoff+0x29e/0x470 [ 535.998039][T10726] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 535.998080][T10726] ? __x64_sys_futex+0x1e0/0x4c0 [ 535.998110][T10726] ? __x64_sys_futex+0x1e9/0x4c0 [ 535.998144][T10726] ksys_mmap_pgoff+0x7d/0x5c0 [ 535.998178][T10726] ? xfd_validate_state+0x61/0x180 [ 535.998213][T10726] ? __pfx_ksys_write+0x10/0x10 [ 535.998245][T10726] __x64_sys_mmap+0x125/0x190 [ 535.998296][T10726] do_syscall_64+0xcd/0x4c0 [ 535.998337][T10726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.998362][T10726] RIP: 0033:0x7fb22fd8eba9 [ 535.998381][T10726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 535.998405][T10726] RSP: 002b:00007fb230bbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 535.998428][T10726] RAX: ffffffffffffffda RBX: 00007fb22ffd5fa0 RCX: 00007fb22fd8eba9 [ 535.998444][T10726] RDX: 00000000000000e2 RSI: 0000000000020009 RDI: 0000000000000000 [ 535.998459][T10726] RBP: 00007fb22fe11e19 R08: 0000000000000405 R09: 0000000000008000 [ 535.998474][T10726] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 535.998488][T10726] R13: 00007fb22ffd6038 R14: 00007fb22ffd5fa0 R15: 00007ffecca00368 [ 535.998519][T10726] [ 538.450750][T10752] netlink: 326 bytes leftover after parsing attributes in process `syz.0.951'. [ 540.375711][T10769] net_ratelimit: 62 callbacks suppressed [ 540.375730][T10769] netlink: zone id is out of range [ 540.804411][T10769] netlink: zone id is out of range [ 541.269896][T10769] netlink: zone id is out of range [ 541.434142][T10769] netlink: zone id is out of range [ 541.589338][T10769] netlink: zone id is out of range [ 541.649866][T10769] netlink: zone id is out of range [ 541.655075][T10769] netlink: zone id is out of range [ 541.856331][T10769] netlink: zone id is out of range [ 541.918886][T10769] netlink: zone id is out of range [ 541.924094][T10769] netlink: zone id is out of range [ 542.936798][T10787] zswap: compressor not available [ 542.971813][T10791] Setting dangerous option i915.mitigations - tainting kernel [ 545.106286][T10826] netlink: 28 bytes leftover after parsing attributes in process `syz.1.964'. [ 545.265508][T10826] ipvlan0: left promiscuous mode [ 545.377670][T10826] ipvlan0: left allmulticast mode [ 545.431180][T10826] veth0_vlan: left allmulticast mode [ 546.195905][T10834] netlink: 8 bytes leftover after parsing attributes in process `syz.1.966'. [ 546.351280][T10840] netlink: 28 bytes leftover after parsing attributes in process `syz.5.967'. [ 546.447792][T10842] netlink: 28 bytes leftover after parsing attributes in process `syz.5.967'. [ 546.483898][T10840] geneve1: entered promiscuous mode [ 546.519642][T10840] geneve1: entered allmulticast mode [ 547.219586][T10850] FAULT_INJECTION: forcing a failure. [ 547.219586][T10850] name failslab, interval 1, probability 0, space 0, times 0 [ 547.380023][T10850] CPU: 0 UID: 0 PID: 10850 Comm: syz.5.969 Tainted: G U syzkaller #0 PREEMPT(full) [ 547.380063][T10850] Tainted: [U]=USER [ 547.380071][T10850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 547.380085][T10850] Call Trace: [ 547.380093][T10850] [ 547.380102][T10850] dump_stack_lvl+0x16c/0x1f0 [ 547.380144][T10850] should_fail_ex+0x512/0x640 [ 547.380183][T10850] ? __kmalloc_noprof+0xbf/0x510 [ 547.380215][T10850] ? handler_new_ref+0x1b0/0xc60 [ 547.380235][T10850] should_failslab+0xc2/0x120 [ 547.380268][T10850] __kmalloc_noprof+0xd2/0x510 [ 547.380295][T10850] ? __asan_memcpy+0x3c/0x60 [ 547.380325][T10850] handler_new_ref+0x1b0/0xc60 [ 547.380355][T10850] v4l2_ctrl_new+0x1963/0x2180 [ 547.380388][T10850] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 547.380420][T10850] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 547.380460][T10850] v4l2_ctrl_new_std+0x1be/0x290 [ 547.380493][T10850] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 547.380519][T10850] ? rcu_is_watching+0x12/0xc0 [ 547.380544][T10850] ? trace_kmalloc+0x2b/0xd0 [ 547.380577][T10850] ? __kvmalloc_node_noprof+0x298/0x620 [ 547.380606][T10850] ? v4l2_ctrl_handler_init_class+0x1fc/0x340 [ 547.380649][T10850] ? media_request_object_init+0x100/0x180 [ 547.380681][T10850] vicodec_open+0x1d0/0xf90 [ 547.380720][T10850] v4l2_open+0x222/0x490 [ 547.380754][T10850] ? __pfx_v4l2_open+0x10/0x10 [ 547.380789][T10850] chrdev_open+0x234/0x6a0 [ 547.380820][T10850] ? __pfx_apparmor_file_open+0x10/0x10 [ 547.380848][T10850] ? __pfx_chrdev_open+0x10/0x10 [ 547.380882][T10850] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 547.380916][T10850] do_dentry_open+0x982/0x1530 [ 547.380947][T10850] ? __pfx_chrdev_open+0x10/0x10 [ 547.381007][T10850] vfs_open+0x82/0x3f0 [ 547.381056][T10850] path_openat+0x1de4/0x2cb0 [ 547.381095][T10850] ? __pfx_path_openat+0x10/0x10 [ 547.381132][T10850] do_filp_open+0x20b/0x470 [ 547.381162][T10850] ? __pfx_do_filp_open+0x10/0x10 [ 547.381212][T10850] ? alloc_fd+0x471/0x7d0 [ 547.381246][T10850] do_sys_openat2+0x11b/0x1d0 [ 547.381283][T10850] ? __pfx_do_sys_openat2+0x10/0x10 [ 547.381332][T10850] __x64_sys_openat+0x174/0x210 [ 547.381353][T10850] ? __pfx___x64_sys_openat+0x10/0x10 [ 547.381386][T10850] do_syscall_64+0xcd/0x4c0 [ 547.381427][T10850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.381452][T10850] RIP: 0033:0x7fb22fd8eba9 [ 547.381471][T10850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 547.381495][T10850] RSP: 002b:00007fb230b7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 547.381518][T10850] RAX: ffffffffffffffda RBX: 00007fb22ffd6180 RCX: 00007fb22fd8eba9 [ 547.381534][T10850] RDX: 00000000000c0400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 547.381549][T10850] RBP: 00007fb22fe11e19 R08: 0000000000000000 R09: 0000000000000000 [ 547.381564][T10850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 547.381578][T10850] R13: 00007fb22ffd6218 R14: 00007fb22ffd6180 R15: 00007ffecca00368 [ 547.381609][T10850] [ 549.812145][T10883] netlink: 28 bytes leftover after parsing attributes in process `syz.5.975'. [ 551.986663][T10904] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 552.046163][T10907] netlink: 8 bytes leftover after parsing attributes in process `syz.5.980'. [ 554.268465][T10931] netlink: 28 bytes leftover after parsing attributes in process `syz.2.984'. [ 554.293495][T10931] geneve1: entered promiscuous mode [ 554.298743][T10931] geneve1: entered allmulticast mode [ 554.348705][T10931] netlink: 28 bytes leftover after parsing attributes in process `syz.2.984'. [ 554.787086][T10940] netlink: 28 bytes leftover after parsing attributes in process `syz.2.985'. [ 555.046422][T10946] bond0: option arp_interval: invalid value () [ 555.073848][T10946] bond0: option arp_interval: allowed values 0 - 2147483647 [ 557.684768][T10966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.992'. [ 558.249657][T10978] random: crng reseeded on system resumption [ 558.500393][T10983] netlink: 28 bytes leftover after parsing attributes in process `syz.1.997'. [ 558.527929][T10983] geneve1: entered promiscuous mode [ 558.550924][T10983] geneve1: entered allmulticast mode [ 558.579017][T10983] netlink: 28 bytes leftover after parsing attributes in process `syz.1.997'. [ 559.069746][T10991] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1000'. [ 561.589203][T11013] zswap: compressor not available [ 561.624249][T11018] Setting dangerous option i915.mitigations - tainting kernel [ 562.669348][ T9507] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 562.683601][ T9507] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 562.691888][ T9507] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 562.701026][ T9507] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 562.708927][ T9507] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 562.952737][T11035] chnl_net:caif_netlink_parms(): no params data found [ 563.057222][T11035] bridge0: port 1(bridge_slave_0) entered blocking state [ 563.066598][T11035] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.073950][T11035] bridge_slave_0: entered allmulticast mode [ 563.083606][T11035] bridge_slave_0: entered promiscuous mode [ 563.108785][T11035] bridge0: port 2(bridge_slave_1) entered blocking state [ 563.126024][T11035] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.166372][T11035] bridge_slave_1: entered allmulticast mode [ 563.211523][T11035] bridge_slave_1: entered promiscuous mode [ 563.331942][T11035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 563.370346][T11035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 563.565699][T11035] team0: Port device team_slave_0 added [ 563.610873][T11035] team0: Port device team_slave_1 added [ 563.905009][T11035] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 563.951522][T11035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 564.052041][T11035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 564.126863][T11035] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 564.144930][T11035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 564.233230][T11035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 564.543593][T11035] hsr_slave_0: entered promiscuous mode [ 564.569679][T11035] hsr_slave_1: entered promiscuous mode [ 564.588952][T11035] debugfs: 'hsr0' already exists in 'hsr' [ 564.615986][T11035] Cannot create hsr debugfs directory [ 564.727949][ T9553] Bluetooth: hci6: command tx timeout [ 565.393508][T11070] vivid-003: ================= START STATUS ================= [ 565.501024][T11070] vivid-003: Radio HW Seek Mode: Bounded [ 565.579194][T11070] vivid-003: Radio Programmable HW Seek: false [ 565.615043][T11035] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 565.657885][T11035] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 565.679653][T11070] vivid-003: RDS Rx I/O Mode: Block I/O [ 565.710382][T11035] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 565.730475][T11070] vivid-003: Generate RBDS Instead of RDS: false [ 565.775208][T11035] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 565.822413][T11070] vivid-003: RDS Reception: true [ 565.902951][T11070] vivid-003: RDS Program Type: 0 inactive [ 566.009010][T11070] vivid-003: RDS PS Name: inactive [ 566.169736][T11070] vivid-003: RDS Radio Text: inactive [ 566.234934][T11070] vivid-003: RDS Traffic Announcement: false inactive [ 566.248053][T11035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 566.366588][T11035] 8021q: adding VLAN 0 to HW filter on device team0 [ 566.430509][ T9594] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.437648][ T9594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 566.485250][T11070] vivid-003: RDS Traffic Program: false inactive [ 566.510964][ T9594] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.519134][ T9594] bridge0: port 2(bridge_slave_1) entered forwarding state [ 566.556094][T11070] vivid-003: RDS Music: false inactive [ 566.614839][T11091] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 566.653849][T11070] vivid-003: ================== END STATUS ================== [ 566.797180][ T9553] Bluetooth: hci6: command tx timeout [ 567.924606][T11035] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 568.866565][ T9553] Bluetooth: hci6: command tx timeout [ 569.162681][T11035] veth0_vlan: entered promiscuous mode [ 569.184997][T11035] veth1_vlan: entered promiscuous mode [ 569.254576][T11035] veth0_macvtap: entered promiscuous mode [ 569.271819][T11035] veth1_macvtap: entered promiscuous mode [ 569.317162][T11035] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 569.355408][T11035] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 569.378425][T10481] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 569.428495][T10481] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 569.476265][T10481] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 569.513607][T10481] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 569.575312][ T9513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 569.590006][ T9513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 569.670827][T10481] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 569.693784][T10481] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.065292][T11130] tipc: Started in network mode [ 570.090602][T11130] tipc: Node identity ee00, cluster identity 4711 [ 570.137180][T11130] tipc: Node number set to 60928 [ 570.287999][T11129] Process accounting resumed [ 570.935562][ T9553] Bluetooth: hci6: command tx timeout [ 571.267088][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 571.273543][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 572.515874][T11160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 572.543389][T11164] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1026'. [ 572.569438][T11160] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 572.589357][T11164] geneve1: entered promiscuous mode [ 572.597483][T11164] geneve1: entered allmulticast mode [ 572.605028][T11160] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 572.638104][T11164] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1026'. [ 572.668595][T11160] page_type: f5(slab) [ 572.694315][T11160] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000ab0800 dead000000000002 [ 572.768720][T11160] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 572.817507][T11160] head: 00fff00000000040 ffff88801b841dc0 ffffea0000ab0800 dead000000000002 [ 572.887226][T11160] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 572.954026][T11160] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 573.008259][T11160] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 573.200789][T11160] page dumped because: unmovable page [ 573.275007][T11160] page_owner tracks the page as allocated [ 573.280767][T11160] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5540, tgid 5540 (dhcpcd-run-hook), ts 67043598399, free_ts 67019087184 [ 573.450966][T11160] post_alloc_hook+0x1c0/0x230 [ 573.507916][T11160] get_page_from_freelist+0x132b/0x38e0 [ 573.558850][T11160] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 573.585646][T11160] alloc_pages_mpol+0x1fb/0x550 [ 573.590564][T11160] new_slab+0x247/0x330 [ 573.621240][T11160] ___slab_alloc+0xcf2/0x1750 [ 573.631317][T11160] __slab_alloc.constprop.0+0x56/0xb0 [ 573.659489][T11160] __kmalloc_noprof+0x2f2/0x510 [ 573.675753][T11160] tomoyo_init_log+0x1385/0x2140 [ 573.690829][T11160] tomoyo_supervisor+0x302/0x13b0 [ 573.706250][T11160] tomoyo_env_perm+0x191/0x200 [ 573.716345][T11160] tomoyo_find_next_domain+0xec2/0x20b0 [ 573.726442][T11160] tomoyo_bprm_check_security+0x12e/0x1d0 [ 573.746676][T11160] security_bprm_check+0x1b9/0x1e0 [ 573.766889][T11160] bprm_execve+0x81a/0x1640 [ 573.776986][T11160] do_execveat_common.isra.0+0x4a5/0x610 [ 573.809307][T11160] page last free pid 5539 tgid 5539 stack trace: [ 573.820121][T11160] __free_frozen_pages+0x7d5/0x10f0 [ 573.825410][T11160] __put_partials+0x165/0x1c0 [ 573.840757][T11160] qlist_free_all+0x4d/0x120 [ 573.845395][T11160] kasan_quarantine_reduce+0x195/0x1e0 [ 573.854079][T11160] __kasan_slab_alloc+0x69/0x90 [ 573.858990][T11160] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 573.878521][T11160] tomoyo_init_log+0x197/0x2140 [ 573.897108][T11160] tomoyo_supervisor+0x302/0x13b0 [ 573.907192][T11160] tomoyo_path_permission+0x270/0x3b0 [ 573.915784][T11160] tomoyo_path_perm+0x362/0x460 [ 573.921430][T11160] security_inode_getattr+0x116/0x290 [ 573.926957][T11160] vfs_fstat+0x4b/0xe0 [ 573.931604][T11160] __do_sys_newfstat+0x87/0x100 [ 573.936552][T11160] do_syscall_64+0xcd/0x4c0 [ 573.941558][T11160] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.428847][T11181] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1040'. [ 576.771518][T11211] tipc: Started in network mode [ 576.795710][T11211] tipc: Node identity ee00, cluster identity 4711 [ 576.828352][T11212] net_ratelimit: 62 callbacks suppressed [ 576.828372][T11212] netlink: set zone limit has 8 unknown bytes [ 576.865597][T11211] tipc: Node number set to 60928 [ 576.976186][T11209] Process accounting resumed [ 577.213805][T11224] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1042'. [ 577.262046][T11220] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 577.290133][T11224] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1042'. [ 577.769951][T11228] netlink: 'syz.1.1043': attribute type 1 has an invalid length. [ 578.466597][T11239] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1047'. [ 579.030851][T11234] vivid-007: ================= START STATUS ================= [ 579.051433][T11234] vivid-007: Enable Output Cropping: true [ 579.071863][T11234] vivid-007: Enable Output Composing: true [ 579.086970][T11234] vivid-007: Enable Output Scaler: true [ 579.092588][T11234] vivid-007: Tx RGB Quantization Range: Automatic [ 579.118867][T11234] vivid-007: Transmit Mode: HDMI [ 579.129552][T11234] vivid-007: Hotplug Present: 0x00000000 [ 579.143617][T11234] vivid-007: RxSense Present: 0x00000000 [ 579.160413][T11234] vivid-007: EDID Present: 0x00000000 [ 579.179367][T11234] vivid-007: ================== END STATUS ================== [ 583.538423][T11304] blktrace: Concurrent blktraces are not allowed on loop2 [ 583.870864][T11306] netlink: zone id is out of range [ 583.876020][T11306] netlink: zone id is out of range [ 583.948452][T11306] netlink: zone id is out of range [ 583.990948][T11306] netlink: zone id is out of range [ 584.010903][T11306] netlink: zone id is out of range [ 584.037115][T11306] netlink: zone id is out of range [ 584.053453][T11306] netlink: zone id is out of range [ 584.102410][T11306] netlink: zone id is out of range [ 584.137970][T11306] netlink: zone id is out of range [ 584.179648][T11306] netlink: zone id is out of range [ 584.504286][T11315] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1061'. [ 586.349242][T11340] Invalid ELF header magic: != ELF [ 587.171000][ T31] INFO: task kworker/u10:3:9538 blocked for more than 143 seconds. [ 587.187778][ T31] Tainted: G U syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 587.231685][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 587.283134][ T31] task:kworker/u10:3 state:D stack:26952 pid:9538 tgid:9538 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 587.370041][ T31] Workqueue: netns cleanup_net [ 587.374909][ T31] Call Trace: [ 587.378258][ T31] [ 587.431970][ T31] __schedule+0x1190/0x5de0 [ 587.451222][ T31] ? __lock_acquire+0x62e/0x1ce0 [ 587.478412][ T31] ? __pfx___schedule+0x10/0x10 [ 587.498050][ T31] ? find_held_lock+0x2b/0x80 [ 587.521022][ T31] ? schedule+0x2d7/0x3a0 [ 587.551211][ T31] schedule+0xe7/0x3a0 [ 587.569966][ T31] schedule_timeout+0x257/0x290 [ 587.586969][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 587.612652][ T31] ? mark_held_locks+0x49/0x80 [ 587.639122][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 587.664148][ T31] __wait_for_common+0x2fc/0x4e0 [ 587.690240][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 587.719989][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 587.725637][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 587.787509][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 587.805740][ T31] __flush_workqueue+0x3e2/0x1230 [ 587.837274][ T31] ? cgroup_show_path+0x566/0x740 [ 587.857106][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 587.862651][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 587.906902][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 587.912439][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 587.965992][ T31] rds_tcp_listen_stop+0x104/0x150 [ 588.046409][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 588.105666][ T31] rds_tcp_exit_net+0xcb/0x810 [ 588.110587][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 588.195405][ T31] ? __pfx___might_resched+0x10/0x10 [ 588.200750][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 588.256049][ T31] ops_undo_list+0x2ee/0xab0 [ 588.260724][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 588.292191][ T31] ? cleanup_net+0x334/0x890 [ 588.324673][ T31] ? idr_destroy+0x62/0x2e0 [ 588.336576][ T31] cleanup_net+0x408/0x890 [ 588.341051][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 588.384533][ T31] ? rcu_is_watching+0x12/0xc0 [ 588.389367][ T31] process_one_work+0x9cf/0x1b70 [ 588.430418][ T31] ? __pfx_process_one_work+0x10/0x10 [ 588.448767][ T31] ? assign_work+0x1a0/0x250 [ 588.464017][ T31] worker_thread+0x6c8/0xf10 [ 588.468900][ T31] ? __kthread_parkme+0x19e/0x250 [ 588.493839][ T31] ? __pfx_worker_thread+0x10/0x10 [ 588.499011][ T31] kthread+0x3c5/0x780 [ 588.503115][ T31] ? __pfx_kthread+0x10/0x10 [ 588.553663][ T31] ? rcu_is_watching+0x12/0xc0 [ 588.558522][ T31] ? __pfx_kthread+0x10/0x10 [ 588.563159][ T31] ret_from_fork+0x56d/0x730 [ 588.593289][ T31] ? __pfx_kthread+0x10/0x10 [ 588.597982][ T31] ret_from_fork_asm+0x1a/0x30 [ 588.602779][ T31] [ 588.634729][ T31] [ 588.634729][ T31] Showing all locks held in the system: [ 588.642509][ T31] 3 locks held by kworker/0:1/10: [ 588.702760][ T31] #0: ffff8880b843a458 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 588.724144][ T31] #1: ffff8880b8424088 (psi_seq){-.-.}-{0:0}, at: __schedule+0x1861/0x5de0 [ 588.752693][ T31] #2: ffff8880b8425b18 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x127/0x1d0 [ 588.775880][ T31] 1 lock held by khungtaskd/31: [ 588.780774][ T31] #0: ffffffff8e5c1420 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 588.791170][ T31] 2 locks held by syz-executor/5862: [ 588.797614][ T31] #0: ffff88814d71c618 (sb_internal){.+.+}-{0:0}, at: evict+0x3e6/0x920 [ 588.807881][ T5862] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 588.816713][ T31] #1: ffff8880252a8950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410 [ 588.831804][ T5862] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 588.845545][ T31] 1 lock held by syz-executor/5870: [ 588.850865][ T31] #0: ffffffff8e5cc9b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 588.864863][ T31] 2 locks held by getty/9208: [ 588.869562][ T31] #0: ffff88814dc2e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 588.880150][ T31] #1: ffffc900030002f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 588.890599][ T31] 3 locks held by kworker/u10:3/9538: [ 588.896180][ T31] #0: ffff88801c6fe948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 588.907593][ T31] #1: ffffc9000ba9fd10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 588.923282][ T31] #2: ffffffff90372650 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 [ 588.933036][ T31] 1 lock held by syz.3.766/9714: [ 588.939988][ T31] #0: ffffffff90372650 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 588.949921][ T31] 1 lock held by syz.4.849/10188: [ 588.958249][ T31] #0: ffffffff90372650 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 588.970538][ T31] 1 lock held by syz.0.970/10847: [ 588.975840][ T31] #0: ffffffff90372650 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 588.986017][ T31] 1 lock held by syz.6.1069/11354: [ 588.991405][ T31] #0: ffffffff8e5cc880 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0 [ 589.070800][ T31] [ 589.073167][ T31] ============================================= [ 589.073167][ T31] [ 589.131880][ T31] NMI backtrace for cpu 0 [ 589.131903][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U syzkaller #0 PREEMPT(full) [ 589.131935][ T31] Tainted: [U]=USER [ 589.131942][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 589.131956][ T31] Call Trace: [ 589.131963][ T31] [ 589.131972][ T31] dump_stack_lvl+0x116/0x1f0 [ 589.132012][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 589.132044][ T31] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 589.132078][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 589.132115][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 589.132146][ T31] watchdog+0xf0e/0x1260 [ 589.132186][ T31] ? __pfx_watchdog+0x10/0x10 [ 589.132218][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 589.132255][ T31] ? __kthread_parkme+0x19e/0x250 [ 589.132290][ T31] ? __pfx_watchdog+0x10/0x10 [ 589.132324][ T31] kthread+0x3c5/0x780 [ 589.132359][ T31] ? __pfx_kthread+0x10/0x10 [ 589.132394][ T31] ? rcu_is_watching+0x12/0xc0 [ 589.132418][ T31] ? __pfx_kthread+0x10/0x10 [ 589.132454][ T31] ret_from_fork+0x56d/0x730 [ 589.132489][ T31] ? __pfx_kthread+0x10/0x10 [ 589.132523][ T31] ret_from_fork_asm+0x1a/0x30 [ 589.132564][ T31] [ 589.132579][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 589.261009][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U syzkaller #0 PREEMPT(full) [ 589.271706][ T31] Tainted: [U]=USER [ 589.275513][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 589.285595][ T31] Call Trace: [ 589.288914][ T31] [ 589.291944][ T31] dump_stack_lvl+0x3d/0x1f0 [ 589.296616][ T31] vpanic+0x6e8/0x7a0 [ 589.300638][ T31] ? __pfx_vpanic+0x10/0x10 [ 589.305180][ T31] panic+0xca/0xd0 [ 589.308933][ T31] ? __pfx_panic+0x10/0x10 [ 589.313369][ T31] ? nmi_backtrace_stall_check+0x6e/0x540 [ 589.319111][ T31] ? irq_work_queue+0xce/0x100 [ 589.323899][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 589.329987][ T31] ? __wake_up_klogd.part.0+0x99/0xf0 [ 589.335391][ T31] ? watchdog+0xd78/0x1260 [ 589.339847][ T31] ? watchdog+0xd6b/0x1260 [ 589.344348][ T31] watchdog+0xd89/0x1260 [ 589.348632][ T31] ? __pfx_watchdog+0x10/0x10 [ 589.353339][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 589.358570][ T31] ? __kthread_parkme+0x19e/0x250 [ 589.363612][ T31] ? __pfx_watchdog+0x10/0x10 [ 589.368319][ T31] kthread+0x3c5/0x780 [ 589.372603][ T31] ? __pfx_kthread+0x10/0x10 [ 589.377225][ T31] ? rcu_is_watching+0x12/0xc0 [ 589.382002][ T31] ? __pfx_kthread+0x10/0x10 [ 589.386619][ T31] ret_from_fork+0x56d/0x730 [ 589.391250][ T31] ? __pfx_kthread+0x10/0x10 [ 589.395868][ T31] ret_from_fork_asm+0x1a/0x30 [ 589.400660][ T31] [ 589.403850][ T31] Kernel Offset: disabled [ 589.408187][ T31] Rebooting in 86400 seconds..