last executing test programs: 11.251983947s ago: executing program 2 (id=884): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/vidtv.0/i2c-0/delete_device\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000540)="2d80370be54e26f6bd5c26fc8f06d2d6", 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0x3ff, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) unshare$auto(0x40000080) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) 9.696596017s ago: executing program 2 (id=892): mmap$auto(0x9, 0x8, 0x7, 0x9f72, 0xffffffffffffffff, 0x10008002) close_range$auto(0x2, 0xa, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x154) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) (async) r1 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) prctl$auto(0x3b, 0x1, 0x0, 0x1, 0x4) (async) prctl$auto(0x3b, 0x1, 0x0, 0x1, 0x4) mmap$auto(0x0, 0x42000b, 0xdf, 0x13, r1, 0x8000) getpgrp(0xffffffffffffffff) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="010025bd7000fedbdf0100000000"], 0x14}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) (async) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="010025bd7000fedbdf0100000000"], 0x14}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) (async) r5 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e0020000", @ANYRES32=0x0, @ANYBLOB="0400af80cee0bd49dab2a617b70e1a2e040e6ba448f301800a8999cec0bec67eb0617ad3f9a0977d09fa35f0e26b923a2713f1104ff7a5b18a2629bbee5de69b17f06e13870462f79e9deb527b97fd65fc8b156b0f525dfca9340f14dc75ef0881c14f5b87a6c615ee754d72289dcac3c322002b00", @ANYRESHEX=r5, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="08006e00ac1414aa2c02bc8028029880220242804b8ef4dea62052d4391e1b7fcd2429f7195770e4ca6f21844850ff750ce04caf301dc66838e61817fb1f807d53f524a2ac569f0f1c754ec84650d22b883479398e9d766ecc3fa8de0f83e8f703cb19a0826ec7c4949c87bab590c6305dc6f742accc66d7f2c47d87ec1d7fde707fb499a51775587034a2ec9194354a1069b4c806492e043fa1fdad718d351a10ddade114048ff1302faa59a651c349c5ec3cede0e3949d48b97b2bd1d493852ed30d3a7c2cead7511ef0c8d71cb13b68fb7475ceac2b9816379110f6b4d10d69aea84f032ee4c179ba7929c5d06329cbdf05000000040034804d001f800400f18004006c800d7112532deb3ef76f18436c6041ed69a31df55778585e94b7244ba30fca32a34652fd3f440a97d881a3e6c962f72b82c506b0f9531ca4e8321faaa8982bbdf822d7045f41fa0afd85000000e5007d800800e4000c65110ad9503c63fb44ef2cd3655eeed25fb217d2d0d44b2143ca1d9fd2afa48f4932b61a0b7220ded28f134e3fef995030d6db80510dc7360cc27f7cfb9da33a0a50d8a30f55b58c71eaa21bc143d4c5", @ANYRES32=0x0, @ANYBLOB="6000f68004004880f6c5cccd25852c755b4331229a68ba8457bb2c5bc855fc277901cc018a78610faf0010000000000000a3cfe74a23710a32b0bd28cfddfe8fbcc03a4f9178ec9a0400de8004004380040078800c00a700feffffffffffffff0000", @ANYRES64=r2], 0x2e0}, 0x1, 0x0, 0x0, 0x40}, 0x20000090) (async) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e0020000", @ANYRES32=0x0, @ANYBLOB="0400af80cee0bd49dab2a617b70e1a2e040e6ba448f301800a8999cec0bec67eb0617ad3f9a0977d09fa35f0e26b923a2713f1104ff7a5b18a2629bbee5de69b17f06e13870462f79e9deb527b97fd65fc8b156b0f525dfca9340f14dc75ef0881c14f5b87a6c615ee754d72289dcac3c322002b00", @ANYRESHEX=r5, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="08006e00ac1414aa2c02bc8028029880220242804b8ef4dea62052d4391e1b7fcd2429f7195770e4ca6f21844850ff750ce04caf301dc66838e61817fb1f807d53f524a2ac569f0f1c754ec84650d22b883479398e9d766ecc3fa8de0f83e8f703cb19a0826ec7c4949c87bab590c6305dc6f742accc66d7f2c47d87ec1d7fde707fb499a51775587034a2ec9194354a1069b4c806492e043fa1fdad718d351a10ddade114048ff1302faa59a651c349c5ec3cede0e3949d48b97b2bd1d493852ed30d3a7c2cead7511ef0c8d71cb13b68fb7475ceac2b9816379110f6b4d10d69aea84f032ee4c179ba7929c5d06329cbdf05000000040034804d001f800400f18004006c800d7112532deb3ef76f18436c6041ed69a31df55778585e94b7244ba30fca32a34652fd3f440a97d881a3e6c962f72b82c506b0f9531ca4e8321faaa8982bbdf822d7045f41fa0afd85000000e5007d800800e4000c65110ad9503c63fb44ef2cd3655eeed25fb217d2d0d44b2143ca1d9fd2afa48f4932b61a0b7220ded28f134e3fef995030d6db80510dc7360cc27f7cfb9da33a0a50d8a30f55b58c71eaa21bc143d4c5", @ANYRES32=0x0, @ANYBLOB="6000f68004004880f6c5cccd25852c755b4331229a68ba8457bb2c5bc855fc277901cc018a78610faf0010000000000000a3cfe74a23710a32b0bd28cfddfe8fbcc03a4f9178ec9a0400de8004004380040078800c00a700feffffffffffffff0000", @ANYRES64=r2], 0x2e0}, 0x1, 0x0, 0x0, 0x40}, 0x20000090) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000480)={{&(0x7f00000001c0)="8d10a50b60e1380b545f89c54bab4fbfb3e0feda7edd7e46ae550aa997ff56be56fea27cb83751daf5f24ad06844d84862e0d8ddb179f76038831d67eaac8ab77003e5fc4eaf9d788521bd99b2729d94e367eabcdce535dd22dee07e455f0d28213b56b89d026239a1a68f51487800b3643829c256b36302e01c43618a797b05025b5feebfc59d59d2d916fd4248245863a0fd01593abab17301a9c36f0ec8bcbd4d8e6757f5b19d5092696e8e3e7ae1179791a4d12d4b6e213364b1f45cbae151889a10e446fe3ddc6e35545780a45518a4", 0x3, &(0x7f00000003c0)={&(0x7f00000002c0)="a05773e17fc3f097c1dda9674cdda8495227c3f6143b1c9dae28868eb2521113ee53fe55139a6cafe81097998f467936029d7cc2a59bd8df4aac7fbffdb54dfbc4dabe4693db529a457b072d24a74a8cc4064a179611df8dbc3eb7d0d68f653f5c970fe5e8039b309bf88b2d95319ac03fe3fed98f97feb30230ed7bc44c009694c3a27e9526df2fdf2b2d30adf6f4e00f90211708f37043fdc4153b871250e305e2c21184eaa67cb94b2d8e79f89ec13959f9918ffa08e8a519c2ad073327cf5ae99cbd9397b8187ea2e9c37e5535d88c6ce6ca1e247930b3585aa92c14", 0x100}, 0x1, &(0x7f0000000400)="2491e2f933b13df8b9767a34918374d206e5f3c766ee0baae721e41d7b28fc255fc9387e8c68e335e84ca7720ac49cdfdff203042b32ffe2ddf3fee62aa25966f135af5acda0f5ee35af2663f7f69d40ea81d8bce8fc80c0add9", 0x1, 0x1}, 0x401}, 0x5, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x80001, 0x0) ioctl$auto(r6, 0x4018620d, 0x9) (async) ioctl$auto(r6, 0x4018620d, 0x9) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x8a801, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x40, 0x0) r8 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/controlC2\x00', 0x80101, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x46a880, 0x0) (async) r9 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x46a880, 0x0) ioctl$auto(r8, 0x80dc5521, r9) (async) ioctl$auto(r8, 0x80dc5521, r9) write$auto(r7, &(0x7f0000000200)='1\x00\\\xa0\x04\x06\x00\x00\x00*\x8d\x14\xfa 3\x00\xad1\xcc\xeb&{q\xe0$\xcd\x81Zm\xeb\xe39LC{\xf8\xa09\xe9\x05\xfc\xddUw4e\xc6\t}k\x14\xcah\xba\x16\xdc\x00\x88\x11\x008\xb3z\xe4\xb9\x97\x90z\xb41&YH\xd6\xaa\x06\xbc \b\xd7\xee\x8a:\xd9\x88\x8f\x06)l\xe4\x83\xbc\xd1wOa\xb6\x93\xe7\xb7\xbb\xdc\x98\xba\\\x15\xc2\xdc1D\x8b@\x9btfi\xaf\xdf\xee\v\x8e\xa2P\x93\x19\xea\x84T]<]+\x04N5=\xc0\x9d-\xaf\xfd\xc7\x87\x00\x00\x00\x00\xa4q\xec\x82\x95\x01\xfc7\x86\xd0\xd2\x93\xa7?\xc5\xf3\xaf\xe5\x17\x96\xc6\xbd=\x9a=\xe8\xf22\xab\x83\x9f\xc2\xc2\x8f\x1fQ|\x91&\x15\x0f\x18\xbc\xd3\xd6\xd7P\bTb\xfaY\xfcio\xa3\xe1d#-R\x91}\xe4\x88\xf6\xcc\xd5e\xb1Va\xa4Z\'w\xee\x94`>\x99\x00\xef\xe5\x9csXS<\x96\xafgM\xadY\xae\xf5\xe4\xb3\x9d\x18\x0f\xcc\xbb\tGb\xf5\x8c\xf4\xbc\xaf\x7f\x87\'\x9f\x8ff\x03m\xaf+D\xee\xcd\xd9\xfe\xe2)\x830}\xcc\xadC\xdd\xea\xb1\x8d\x06xj^U\xc0<\xfe\xc3U\xf8\x1ff\xe1\xd8\x14\t\xa8l]\xeb\xb6\xef\x04\x8f\xff\xfc\x97\x91\xdbN\x81\xfd\xf2\x9e\x18\x85G\xc7\xef\x86;\xd5\xd9\xd8\x18wq.%\xa9l\xc8\xdaC\x93\xc6\xc6\xd5p8\xa5\xb1\xd7:<\x8aCP\xd08\xcf', 0x4) pipe$auto(0x0) (async) pipe$auto(0x0) r10 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptys9\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r10, 0x5423, 0x0) (async) ioctl$auto_TIOCSETD2(r10, 0x5423, 0x0) read$auto(r10, 0x0, 0x7f) 8.467079547s ago: executing program 1 (id=898): unshare$auto(0x40000080) unshare$auto(0x40000080) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/008/001\x00', 0x402, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/bonding/arp_interval\x00', 0x20b42, 0x0) sendmsg$auto_IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0x88, 0x0, 0x800, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffc}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xb538}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DAEMON={0x4a, 0x3, 0x0, 0x1, [@generic="dd1bbc43b09bf88ec06bf64d5eead7dd9136cf966ce0829f53250bd956e06197a0c49f0f47cc3c3e799f145650df97481efbfd9e3190f9161660c3a1751f26ced801027e2002"]}]}, 0x88}, 0x1, 0x0, 0x0, 0x80000}, 0x40) r1 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2401, 0x0) write$auto(r1, &(0x7f0000000280)='9\x00d1L\xf0\x15\xba\xa17=(\x18\xdd\xff\xec\v\xb5^\xa1/[vv\x19\x00\x7f0\xa30\xc7\x9d\x1f]\xf8\xe04\xe7s\x9a\xd3H\xd3F\x819+\x90S\x10\xb2\b\xf8)\xe4IU\t\xb8\r\x9a\x8e\'Q\xfb\xb5I\x0f\x96;\xc7\\2V\x01g\xf8\xce\xbb\x9d\xa2c2\x00\x7f\xa1:\ax\xbc\x17\xde\x0e<\x00\x00\x00\x00\x00\x00\x00\x06\xc8\xf4\xdf\xcc\x9b\xd7D\xd7ARq', 0x40) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x103003, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/pci0000:00/waiting_for_supplier\x00', 0x80800, 0x0) sendfile$auto(r2, r3, 0x0, 0x1000000000001) write$auto(0xffffffffffffffff, &(0x7f0000003000)='/sys/kernel/debug/split_huge_pages\x00', 0x9) r4 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$auto_UBI_IOCATT(r4, 0x40186f40, &(0x7f0000000080)={0xffffffff, 0x6, 0x1, 0x5, 0x5, 0x77}) sendfile$auto(r0, r0, 0x0, 0x4f64a1d5) r5 = waitid$auto_P_PID(0x1, 0x0, &(0x7f00000001c0)={@siginfo_0_0={0x0, 0x9, 0x7}}, 0x9, &(0x7f0000000340)={{0x0, 0x3935}, {0x4, 0x80000001}, 0x648, 0x0, 0x10001, 0x9aa, 0xffffffffffffffff, 0x2, 0x8, 0xd3f, 0x5, 0xc, 0x7, 0x6, 0x8001, 0xffffffffffffffff}) ptrace$auto(0x7, r5, 0x1, 0x9) mmap$auto(0x4, 0x400007, 0xdf, 0x17, 0xffffffffffffffff, 0x400) read$auto(0x3, 0x0, 0x8080) unshare$auto(0x40000080) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/tty/ttyt5/power/runtime_status\x00', 0x4240, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb0, 0x404, 0x8000) r7 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) getpid() process_vm_readv$auto(r5, &(0x7f00000000c0)={0x0, 0xa30}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000040)="8c9700089d1b208365d5b5d112dbab029ed13881d2f2c7ba2eb01c3db79f77fdc2bb50c64a925009dff4cd1aca925c57100112d88f73348a54396800ed598a0e5500d7c0cbb6b1e91d", 0x40000000001243}, 0x9, 0x1) ioctl$auto(0xffffffffffffffff, 0xfffffcaa, 0x38) ioctl$auto_TUNSETTXFILTER(r7, 0x400454d1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000000)=""/112, 0x70) mmap$auto(0x0, 0x6, 0x3, 0xeb1, r6, 0x8000) mmap$auto(0x0, 0x2020006, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) 7.599235987s ago: executing program 1 (id=901): r0 = openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim0/ports/2/ipsec\x00', 0x82b00, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000200), r1) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x3c, r2, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_PAUSE_AUTONEG={0x63}, @ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4044000) r3 = socket(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r6 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r6, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x8, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) write$auto(r5, 0x0, 0xffdb) sendmsg$auto_NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="000300020000fbdbdf2507000000"], 0x14}}, 0x4004010) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r7 = userfaultfd$auto(0x7ff) prctl$auto(0xfffffff9, 0xffffffffffffffff, 0x0, 0xb, 0x2) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) open_tree_attr$auto(r7, &(0x7f00000000c0)='./file0\x00', 0x2, &(0x7f0000000100)={0x4, 0x1, 0x1, @inferred=r0}, 0x4) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cec10\x00', 0x1a2182, 0x0) 7.079950686s ago: executing program 0 (id=904): unshare$auto(0x40000080) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/usb/usbmon/36u\x00', 0x26040, 0x0) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/016/001\x00', 0xa901, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) setresuid$auto(0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) sendmsg$auto_IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, 0x0, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r2, 0x1000, 0x1e2) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4085}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0xf, 0x9, 0x63, 0x0, 0x0, 0x0, 0x0, 0x401, 0x1003, 0xfffffffffffffffd, 0x7ffffffb, 0x9, 0xffffffff7ffffffc, 0x8009, 0xb, 0x200000100106}) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r4 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r4, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, 0x6) semctl$auto(0xffc, 0x11, 0x2, 0x5) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f00000000c0), r3) sendmsg$auto_NET_SHAPER_CMD_CAP_GET(r3, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x2004090}, 0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETVA(r4, 0x7a4, 0x0) 6.273676945s ago: executing program 2 (id=906): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/013/001\x00', 0xa8801, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) r0 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vbi22\x00', 0x1, 0x0) ioctl$auto(0x3, 0xc058560f, r0) 5.537753914s ago: executing program 0 (id=907): mmap$auto(0x0, 0xffffffffffffff01, 0x3, 0xeb1, 0xffffffffffffffff, 0x8001) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0) sendmsg$auto_NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='*?\x00\x00', @ANYRES16=0x0, @ANYBLOB="08002dbd7000fddbdf250e0000000500120040000000"], 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x40000) io_setup$auto(0x7ffe, 0x0) fcntl$auto_F_SETOWN(0xffffffffffffffff, 0x8, 0x0) socketpair$auto(0x1e, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = epoll_create$auto(0x70c) epoll_ctl$auto(r1, 0x1, r0, 0x0) 5.30432986s ago: executing program 3 (id=908): sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) (async) r0 = prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0) (async) process_vm_writev$auto(0x1, &(0x7f0000002980)={0x0, 0x4}, 0x3, &(0x7f0000002a40)={0x0, 0x7}, 0x4, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/mcfilter\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="e1ff21bd7008fb000049d800000000000180140001005e1f3e72850177e4001a00"/43], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async) read$auto_proc_pagemap_operations_internal(r1, &(0x7f0000001540)=""/209, 0xd1) mknod$auto(&(0x7f0000000240)=':,\x00', 0xfff, 0xfffffffa) (async) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, 0x0) (async) mmap$auto(0x0, 0x8, 0xdf, 0x19, 0x2, 0x8000) (async) mmap$auto(0x1ff, 0x4, 0x8000000000000001, 0x1d, r0, 0x8000) (async, rerun: 64) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (rerun: 64) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async, rerun: 64) prctl$auto(0x1000000003b, 0xfffffffffffffffd, 0x4, 0x5, 0x7) (async, rerun: 64) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) timerfd_gettime$auto(0xffffffffffffffff, 0x0) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x0) (async) socket(0xa, 0x1, 0x84) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video18\x00', 0x80000, 0x0) (async) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r4, 0x0, 0x400018) ioctl$auto(0x3, 0x4020565a, 0x38) ioctl$auto(0x3, 0x4020565b, 0x38) read$auto_proc_pid_smaps_operations_internal(r4, &(0x7f0000000280)=""/106, 0x6a) socket(0x1e, 0x1, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) 5.21260845s ago: executing program 1 (id=909): mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) capset$auto(0x0, 0x0) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/firmware/memmap/2/type\x00', 0x18b740, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/admmidi2\x00', 0x0, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000002180)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0) socket(0x11, 0x80003, 0x300) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x1f, 0x1, 0x948b, 0x5, 0x15f4da07, 0x9, 0x1010, 0xb1, 0xeffffffffffffffe, 0x1000, 0xb, 0x100000000, 0x9, 0xa]}, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x0, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) fcntl$auto(0x3, 0x4, 0xa553) read$auto_rb_simple_fops_trace(0xffffffffffffffff, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) write$auto(0x3, 0x0, 0x7fffffff) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x10002}, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x20904, 0x0) 4.984287863s ago: executing program 3 (id=910): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = socket(0x11, 0x3, 0x9) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) setsockopt$auto_SO_BUSY_POLL(r1, 0x1, 0x2e, &(0x7f0000000040)='/dev/audio1\x00', 0x9e) mmap$auto(0x0, 0x2000a, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000480)='ns/pid\x00') ioctl$auto(r4, 0x8004510c, 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x18, r6, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@IOAM6_ATTR_SC_NONE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0xc0d0) ioctl$auto(r3, 0x900064b0, 0x2000000000000c38) ioctl$auto_SIOCSIFHWADDR2(r2, 0x8924, &(0x7f0000000200)) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x9, 0x0, 0x0, &(0x7f0000000440)={[0x1ff, 0x7, 0x8, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x400, 0x5d8, 0x1000000000000009, 0x7, 0x6]}, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) socket(0x11, 0x3, 0x9) (async) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) setsockopt$auto_SO_BUSY_POLL(r1, 0x1, 0x2e, &(0x7f0000000040)='/dev/audio1\x00', 0x9e) (async) mmap$auto(0x0, 0x2000a, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) (async) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) syz_open_procfs$namespace(0x0, &(0x7f0000000480)='ns/pid\x00') (async) ioctl$auto(r4, 0x8004510c, 0xffffffffffffffff) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000003c0), 0xffffffffffffffff) (async) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x18, r6, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@IOAM6_ATTR_SC_NONE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0xc0d0) (async) ioctl$auto(r3, 0x900064b0, 0x2000000000000c38) (async) ioctl$auto_SIOCSIFHWADDR2(r2, 0x8924, &(0x7f0000000200)) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) select$auto(0x9, 0x0, 0x0, &(0x7f0000000440)={[0x1ff, 0x7, 0x8, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x400, 0x5d8, 0x1000000000000009, 0x7, 0x6]}, 0x0) (async) 4.942400726s ago: executing program 2 (id=911): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) socket(0x15, 0x5, 0x0) prctl$auto(0x0, 0x2, 0x4, 0x5, 0x7) unshare$auto(0x40000080) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000100)='/proc/kpageflags\x00', 0x2, 0x0) r2 = setfsuid$auto(0xee00) fchown$auto(r1, r2, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000de, 0xeb1, 0x401, 0x8000) socketpair$auto(0xf3, 0x4, 0x8000000000000000, 0x0) r3 = socket(0xa, 0x801, 0x84) getsockopt$auto(r3, 0x84, 0x6f, 0x0, &(0x7f0000000000)=0x9000c) setresuid$auto(0xee01, r2, 0x0) madvise$auto(0xfffffffffffffffd, 0xffffffffffff0001, 0x15) io_uring_setup$auto(0x100006, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000180)='7\x00\\\xa0\x04|4\x00\x00\x03\x00\x00\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00rRVr\xc4O\xdc1\x9b%\x10Z\'\xb9\'\xa3stC=\x85\xc6\xf6\x13 \xeb\xff%\x11\x82\x05\xdfV\x02\xca&\xd8$<\xab&\xc8B-\xcc\x15\x04&\x13;\xfe\xbdQ\xaa\x16o\x1f\xc7\x94\xa3\xc9\x9a\xe1d\xf5\n\xe2\x88\x84\vT?\x98\xa2\x00'/206, 0x5) fcntl$auto_F_RDLCK(r0, 0x1ff1, 0x0) name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000003c0)='/proc/self/net/dev_snmp6/veth0_to_hsr\x00', &(0x7f0000000400)={0xc, 0x1, "7ba266e92bc849f45f630f02"}, &(0x7f0000000480), 0x200) keyctl$auto(0x9, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x8) r4 = open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x170) execveat$auto(r4, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x11000) mmap$auto(0x0, 0x2020009, 0x100000000000003, 0xebe, 0xfffffffffffffffa, 0x8000) r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r5, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x105}) 3.961964427s ago: executing program 3 (id=912): mmap$auto(0x0, 0xe, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x21) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim3/hwstats/l3/disable_ifindex\x00', 0x1242, 0x0) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, 0x0, 0xb4182, 0x0) mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_tgids\x00', 0x101002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r0 = open(&(0x7f0000001bc0)='./file0\x00', 0x4142, 0x1) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty57\x00', 0x40741, 0x0) ioctl$auto(0x3, 0x402c542d, r1) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0x3, 0x541b, 0x74) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x121000, 0x0) r2 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) read$auto_check_wx_fops_(r2, &(0x7f0000000100)=""/192, 0xc0) ioctl$auto_TIOCGDEV2(0xffffffffffffffff, 0x5429, 0x0) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer1\x00', 0x180, 0x0) ioctl$auto_OSS_ALSAEMULVER(r0, 0x80044df9, 0x0) r3 = fsopen$auto(0x0, 0x1) process_madvise$auto_MADV_PAGEOUT(r3, 0x0, 0x4, 0x15, 0x5) r4 = prctl$auto(0x3e, 0xb2, 0x0, 0x1, 0x1) mmap$auto(0x0, 0xe983, 0xdf, 0xebf, r4, 0x8000) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x81, 0x8000000000001, 0xa}, 0xb, 0x0) 3.863059652s ago: executing program 0 (id=913): socket(0xa, 0x3, 0x3a) getsockopt$auto(0x3, 0x0, 0xe, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = epoll_create$auto(0x6) poll$auto(&(0x7f0000000040)={r0, 0x1, 0xa}, 0x5, 0x108) epoll_ctl$auto(r1, 0x1, r0, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x7, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0x100, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x8]}, 0x0) kill$auto(0x0, 0x1) msgctl$auto_IPC_INFO(0x7, 0x3, 0x0) ptrace$auto(0x10, 0x0, 0x1, 0x7ff) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x8, 0xc08, 0x6, 0x4, 0x2, 0x4, 0x13, 0x5, 0xb, 0x1000000001, 0xced80000000000, 0xffffffffffffff48, 0x3, 0x5, 0x3, 0x7fffffff]}, 0x0, 0x0) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = socket(0x2, 0x2, 0x1) getsockopt$auto(r4, 0x1, 0x4, &(0x7f0000000000)='/dev/cec27\x00', &(0x7f0000000080)=0x9) readv$auto(r3, &(0x7f0000000a80)={0x0, 0x3}, 0x3) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x480227, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x4) 3.722690224s ago: executing program 1 (id=914): unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810000, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = syz_clone(0x80000000, 0x0, 0x1, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x2, 0x107) prctl$auto(0x1b, 0x6, r0, 0x0, 0x0) openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim3/max_vfs\x00', 0x48002, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000040), 0x2502, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r3 = socket(0x18, 0x5, 0x1) connect$auto(r3, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x40047452, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bdi/1:10/max_ratio\x00', 0x2002, 0x0) sendfile$auto(r4, r4, 0x0, 0x7) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r5, 0x0, 0x2) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x400007, 0xd3e, 0x1d, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) fsopen$auto(0x0, 0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/radio16\x00', 0x402, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 3.359650094s ago: executing program 2 (id=915): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) ptrace$auto(0x10, 0x0, 0x1, 0x7ff) ptrace$auto(0xc, 0x0, 0x9, 0xfffffffffffff6de) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x290040, 0x0) read$auto(r0, 0x0, 0x9) unshare$auto(0x40000080) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000100)=':,\x00', 0x0, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x844c2, 0x0) clock_settime$auto(0x0, 0x0) adjtimex$auto(&(0x7f00000010c0)={0x3, 0x0, 0x2b4, 0x100000001, 0x6, 0x8, 0xffffffff, 0x0, 0x811, 0x3, 0x6, {0x2fa, 0x7}, 0x3, 0x4, 0x5, 0x1, 0x0, 0x26, 0x400000000, 0x7, 0x9, 0x8, 0x1}) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x4, 0x0) socket(0x1e, 0x4, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x40a, 0x1, 0x44f, 0x7, 0x1, 0x1007181, 0x8a0d, 0x807, 0x7, 0x7, 0x86, 0x26, 0x4, 0x200000000001, 0xfffffffffffff343, 0xfffffffffffffffa, 0x500000000000000, 0x0, 0x30, 0x0, 0x864, 0xe, 0x22000, 0x9, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x9, 0xd) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0xa, 0x3e, 0xfffffffffffffffa, 0x3, 0x7, 0x6, 0x5, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x3, 0x10000, 0x80, 0x7, 0x0, 0x8000007, 0x2000, 0x4, 0x0, 0x40084, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7f, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xb8a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x80000001]}, 0x1fe, 0x200c) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) socket(0x10, 0x2, 0x0) bpf$auto(0x0, 0x0, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/037/001\x00', 0x40a02, 0x0) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) clone$auto(0x4, 0x4, 0x0, 0x0, 0x3) madvise$auto(0x0, 0x200201, 0x14) 2.690019933s ago: executing program 0 (id=916): r0 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x18, 0x0) bpf$auto(0x0, &(0x7f00000003c0)=@task_fd_query={0x5, r0, 0x454f, 0x5f, 0x0, 0x0, r0, 0x80000001, 0xf0ffff}, 0x6d4) 2.527128444s ago: executing program 0 (id=917): unshare$auto(0x40000080) (async, rerun: 64) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) (rerun: 64) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) prctl$auto(0x1, 0x6, 0x0, 0x0, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mremap$auto(0x6, 0x100005, 0x843, 0x3, 0x2) fsopen$auto(0x0, 0x1) (async) close_range$auto(0x2, 0x8, 0x0) read$auto(0x3, 0x0, 0x5) (async, rerun: 64) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/sched_rt_period_us\x00', 0x101202, 0x0) (rerun: 64) sendfile$auto(r1, r1, 0x0, 0x8) (async, rerun: 64) unshare$auto(0x40000080) (rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) unshare$auto(0x40000080) (async, rerun: 64) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r4 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/debug/block/loop15/hctx0/sched_tags\x00', 0x169100, 0x0) pread64$auto(r4, 0x0, 0x5000f42a, 0x100) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) (async, rerun: 32) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRESDEC=r2, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) (async, rerun: 32) mmap$auto(0x0, 0x1ff, 0xa, 0x1000000000000eb1, 0xfffffffffffffffa, 0x8000) (async) openat$auto_hpet_fops_hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x40040, 0x0) 2.14758951s ago: executing program 0 (id=918): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio12\x00', 0x0, 0x0) poll$auto(&(0x7f0000000480)={r0, 0xffff, 0x29}, 0x3, 0x7) get_mempolicy$auto(0x0, 0x0, 0xffffffffffffffff, 0x7, 0xdc) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x1, 0x0, 0x80000000) write$auto(0x1, 0x0, 0x7ffbfffc) munmap$auto(0x1775387, 0x5) bpf$auto_BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x122) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_hwsim_simulate_radar_(0xffffffffffffff9c, 0x0, 0x8346, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x7, 0x4000000000dc, 0xeb1, r1, 0x8) unshare$auto(0x40000080) lsm_list_modules$auto(0x0, 0x0, 0x10) r2 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x2000d, 0x5b, 0xeb1, 0x404, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2a, 0x2, 0x1) socket(0xa, 0x3, 0xff) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x29}, 0x20100007}, 0x3, 0x0) ioctl$auto(0x3, 0x80108907, r2) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) socket(0xa, 0x2, 0x0) 2.106858663s ago: executing program 3 (id=919): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/radio5\x00', 0x802, 0x0) write$auto(r2, 0x0, 0xffffffff) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x111800, 0x0) sendmsg$auto_ILA_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, r1, 0x2, 0x70bd2c, 0x25dfdbf9, {}, [@ILA_ATTR_LOCATOR={0xc, 0x1, 0x2b8}, @ILA_ATTR_IDENT_TYPE={0x5, 0x8, 0x7}, @ILA_ATTR_IDENT_TYPE={0x5, 0x8, 0x7}]}, 0x30}, 0x1, 0x0, 0x0, 0x40d4}, 0x4004040) execve$auto(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)=&(0x7f0000000100)='/dev/radio5\x00', &(0x7f0000000200)=&(0x7f0000000180)='/dev/radio5\x00') 2.027533662s ago: executing program 1 (id=920): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002880), 0xffffffffffffffff) socket(0x10, 0x2, 0x0) pipe$auto(&(0x7f0000001480)=0xffffffffffffffff) vmsplice$auto(r0, &(0x7f0000000040)={0x0, 0xd1e7}, 0x9, 0xd) r1 = getpgid(0xffffffffffffffff) prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_ON(0x9, 0x1, r1, 0xb, 0xfffffffffffffffb) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x0, 0x0) socket(0x2, 0x3, 0xa) connect$auto(0x3, 0x0, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyxc\x00', 0x800, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_RESUME(0xffffffffffffffff, 0x4147, 0x0) execve$auto(&(0x7f0000000100)=':,\x00', 0x0, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f0000000180), 0x10000, 0x0) r2 = openat$auto_fops_u64_ro_(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ramdisk_pages/ram15\x00', 0x102, 0x0) read$auto_fops_u64_ro_(r2, 0x0, 0x0) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="05082dbd7000fbdbd7257e000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/version\x00', 0x141001, 0x0) sendmsg$auto_NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, 0x0, 0x2000d004) 1.917678973s ago: executing program 3 (id=921): write$auto(0xffffffffffffffff, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) sendmsg$auto_NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000004540)={0x0, 0x0, &(0x7f0000004500)={&(0x7f0000000480)={0x204, 0x0, 0x2, 0x70bd29, 0x25dfdbfb, {}, [@NL80211_ATTR_RECEIVE_MULTICAST={0x4}, @NL80211_ATTR_PEER_MEASUREMENTS={0x1ec, 0x111, 0x0, 0x1, [@NL80211_PMSR_ATTR_PEERS={0x1e8, 0x5, 0x0, 0x1, [{0xb0, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0xac, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x88, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR={0x5, 0xd, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x48}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x6}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xb}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x0, 0x5, 0x97}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x513}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}]}]}]}, {0x134, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xd, 0x1, "01901a723ce1840925"}, @NL80211_PMSR_PEER_ATTR_ADDR={0xed, 0x1, "5ecc9e6eefbc2e652745faa3366fe384b219606e4c1b8df1aaf7f2910afbc05b4787d92cecbef4f58766d0c4b73267c2440cf9436a50389b0309afdeab74cdc75f6d8ec07cf121dbfa58715eee351a0bd90b1c681d4aa29298bf12af9e3b03c29459054f427dac4f0037830f98fc20f3c1eb6e032e3952e5ae9563ea4d967e2e8fb71443de7289bd556087e54914b08e48d6b8f452e75cd467f077e811bbf6df31d8d66fdd9069422b32c1155332106e905f8765fbf27dd2a4a3fecd72805cbb6ae8aeff53ea433b88a39e25fcbc608c16ef6d32226338506ee8ca5f6997fb23a6f2aed63c97b10b28"}, @NL80211_PMSR_PEER_ATTR_REQ={0x30, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR={0x5, 0xd, 0xc}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x6}, @NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR={0x5, 0xd, 0x10}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}]}]}]}]}]}]}, 0x204}, 0x1, 0x0, 0x0, 0x4085}, 0x240180d1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/nbd7/power/autosuspend_delay_ms\x00', 0x22902, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) r1 = socketcall$auto(0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4400ae8f, &(0x7f00000000c0)={0xdd}) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) 21.059139ms ago: executing program 2 (id=922): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x110c230000, 0x1fffffe, 0x9) name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000001c0)='/\x00', 0x0, 0x0, 0x1001) close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x3, 0x9) r1 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) unshare$auto(0x40000080) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/maps\x00', 0x0, 0x0) pread64$auto(r3, 0x0, 0xeda5, 0xc86) msgctl$auto_IPC_STAT(0x2, 0x2, &(0x7f0000000200)={{0x1, 0xee00, 0x0, 0x7, 0x5, 0x5, 0x6}, &(0x7f0000000080)=0x8, &(0x7f00000000c0)=0xb, 0xefe, 0x6, 0x401, 0x2, 0x5, 0xa, 0x400, 0xc, @inferred=r0, @raw=0x7}) pidfd_send_signal$auto_PIDFD_SIGNAL_PROCESS_GROUP(r1, 0x77000, &(0x7f0000000300)={@siginfo_0_0={0xc, 0xd, 0x6, @_rt={r0, r4, @sival_int=0x2}}}, 0x4) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r5 = memfd_create$auto(0x0, 0xe) fcntl$auto(0xff80000000000000, 0x409, 0x13) io_setup$auto(0x34, &(0x7f0000000040)=0x1) fallocate$auto(r5, 0x3, 0x2, 0x4) waitid$auto_P_PGID(0x2, r0, 0x0, 0x4, &(0x7f0000000140)={{0x5, 0x6}, {0x0, 0xa}, 0x7607, 0xaa36, 0x0, 0x6, 0x3, 0x9, 0x3fb, 0x401, 0x24f0, 0x4, 0x6, 0x5, 0x4, 0x1ff}) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000340), 0x7111}, 0x8) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) prctl$auto(0x23, 0x7, 0x7fffffffefff, 0x0, 0x0) mlockall$auto(0x6) brk$auto(0x7fffffffafff) brk$auto(0x7fffffffefff) 16.381716ms ago: executing program 1 (id=923): r0 = socket(0x22, 0x80000, 0xff) r1 = socket(0x1d, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) r3 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000180), 0x244002, 0x0) bpf$auto_BPF_MAP_LOOKUP_BATCH(0x18, &(0x7f0000000280)=@bpf_attr_3={0x6, 0x6, 0x2d00, 0x6200000, 0x8, 0x7, 0x5, 0x4, 0x4, "337e8a9238c85f01b34750781ce8b957", r2, 0x0, r1, 0x10000, 0x1a, 0x3ff, 0x7f0, 0x906, 0x0, 0x7e, @attach_prog_fd=r3, 0x7, 0xec4, 0xb5, 0x476, 0x0, 0xffffffffffffffff, r1}, 0x1) r4 = socket(0x10, 0x2, 0x4) r5 = socket(0x10, 0x2, 0xc) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) socket(0xa, 0x801, 0x106) socket(0x23, 0x80805, 0x0) poll$auto(&(0x7f0000000000)={r0, 0x1, 0x8}, 0x70b0, 0x400) bpf$auto_BPF_PROG_BIND_MAP(0x23, &(0x7f0000000340)=@bpf_attr_11={0x1000, 0x9, 0xa0, 0x1, 0x400, 0x9, 0x3, r5}, 0x4) setsockopt$auto(r7, 0x113, 0x4, 0x0, 0x1) mmap$auto(0x0, 0xd, 0xdd, 0x9b72, r7, 0x8000) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'}) sendmsg$auto_OVS_DP_CMD_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f00000005c0)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010026bd7020dbdf25010000000100020000", @ANYRES32=0x4, @ANYBLOB="080001004866520008000200", @ANYRES32=0x9, @ANYBLOB="0800070005000000"], 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x80) r10 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x8a101, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r10, 0xc1105511, &(0x7f0000000940)={{@inferred, 0x7, 0x400005, 0x4, "3c70d59963564ed0a722ed226e7254dd431c9712b87c6700"}, 0x7, 0x6, 0x4, @inferred=0xffffffffffffffff, @enumerated={0x2, 0xd, "7e84e6c428a94d86f1da07124ae3fe2e694832d7218694764444d9dfa511d5246626da11e26b6b267e1a2cb6e1d41331d12d9e78470cd1d0b56d0cd2145340fc", 0x4040000000000, 0x4}, "71bc01bc5686005ca15f095a841b25d66c148f52a1ad31a489e59be291336905d64a8f7dbd9775e74d1ee3d57ca9b9ac2d9c4c00fb687b7327a575257b3c0deb"}) clock_adjtime$auto(0x14, &(0x7f00000004c0)={0xec, 0x0, 0xc2ec, 0xb, 0x5, 0x4, 0x2, 0x0, 0x1, 0x200, 0x2, {0x7, 0x7fff}, 0x0, 0xffffffffffffe166, 0x1668324c, 0x0, 0x0, 0x0, 0xffa6, 0x8002, 0xf4, 0xde2}) ioctl$auto_SNDRV_PCM_IOCTL_WRITEI_FRAMES2(0xffffffffffffffff, 0x40184150, &(0x7f0000000400)={0xfffffffffffffff4, &(0x7f00000006c0)="2c98fc9bcbe81d6a081d7efc428982a51a58ef5c26c6570f193f7092358d27dc7800d6ea947833d32cec13afb4527d0432d5db3c959f87d1daaa3422e3c5073cbd145716c506374298d9cab9cb3d1f737c1c80ef7c091498baf95fae142dc6799648ac55d740509e9a68ae8452722d3c1fbedfbcac6aabae9281314271f82f4ef99117c3628652a8b392f7c5d94be89f85231e1e3800b1284bf0e01e2999b9319c9e24dbe6adec873899a782cc3772aadccbc0da0abe5675656ad7970167c93657efc8f2265801bc47887aa89845ca6e313c53fc8b000000000000000000000000000000d8006b360029a2ff6900e20e110149dda6b0fe7486716cbf08ceec40bd5c268c9e60b682366b73de500ed5be0af04dc2ac287d35b52cf069736d6b3163fccc0db4b9d6f225bc4bae10f94b978ef53e4fdee1387f74f1d76a6ad5de81d48b090000000000000082f18348d0e61c12e03a55ef0b95af79ab39a1f61d8474fd55cddb3b0a6942fc983db695be27b25d77f3d4c6be86edcb95c00c4d3e55c14fd3b7b160ddacc9becb216c038cc6c64ab511db4926dfc2110b0800bbc3ba9dd47ecd669994ed201fc157079216c469fa75fa5b4857279ce6c9dda3f42336b17062c0ef629affa77d486c0d749faa8dd575c4e3920ce323799d85ef0416cb00bacba996266772326621260acc8574734a4b76f41e5fd67cba116d0c0b56317fa6062f01954e9b6c192074f2d90df8b8bb370676941d00f946045d96b4e541991f57a5cd2a84f30e3ffd15a740bf0d65100965764df9c1ce2f402f00"/584, 0x3ff}) close_range$auto(0x0, r4, 0x57e5) r11 = bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x8201, 0x8, 0x0, 0xc, 0xe3, 0x4e, 0x3}, 0x6f4) bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000180)=@bpf_attr_3={0x1, 0x200, 0x100000001, 0x9, 0x5, 0x2, 0x1, 0x6d, 0x2, "e250646a2cc3bcec67f2584daab5b34f", 0x0, 0x8, 0xffffffffffffffff, 0x5, 0x40, 0x3, 0x7, 0x101, 0x28, 0x6, @attach_btf_obj_fd, 0x6, 0x2, 0x0, 0x2401, 0x200}, 0x4) mmap$auto(0x0, 0x7, 0xdf, 0x15, 0x0, 0x100000000008000) read$auto_ht40allow_map_ops_debugfs(r11, &(0x7f0000000440)=""/36, 0x24) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "00000082f4fffffffb487f1000"}, 0x55) 0s ago: executing program 3 (id=924): unshare$auto(0x40000080) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/dev_mcast\x00', 0x40280, 0x0) pread64$auto(r0, &(0x7f00000000c0)='veth1\xe7#\x16T+\xee\x03\xc4\x1c\a\xdfa\x8b[,>\xa9\xd2\xef\xb0\xfb{b^\xef\x93\x97\x06H\xcb\xe7g\xea\x9dE\xc0\xdc\x1e\x02`\x00Z\x9d|\x8f\x92\xe09\xe1hBJL\x1e\"F\xc4\xd0z\xac5+I\xfbb\x9d\x97.]\x95H\f&_\x8d1\x83\x90,\x01\x8ab\xe6P\xb8J\xc4\xc3&\xe3\x05\x7fl\x18\xf40\x18x\x88\x86\xe6{\xdb\x1c\xfef\xf1x\xc9vKq\xd4/N&\x1f\xae\xa8\x9b\xb2\xdbZ\xed\x16a}\xa9gj\xc2mt\x87&\xf7Z\xf1u\xf0\x14\x00\x00\x00\x00\x00\x00\x00i\xb9\xc8\xc6V5]\x06/\xb1`\xd9X\xe5\xfc$\a\xf3S\xbb\xe99\xf1PZ\x81\x8f\xfc\xa4w\\\x84B\x03+\xa2\xe1\xb4\x9dv\xe1\xd7\b9\xc3.\x96I\x98\x00\x00\x00\x00\x00', 0x200000000004, 0xfc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa142, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x82802, 0x0) mmap$auto(0x0, 0x20009, 0x3, 0xeb1, 0x401, 0x8000) r1 = socket(0x2, 0x80002, 0x73) getsockopt$auto(r1, 0x0, 0x2, 0x0, 0x0) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cec10\x00', 0x101901, 0x0) r3 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, 0x0, 0x0) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101000, 0x0) ioctl$auto_UBI_IOCATT(r3, 0x40186f40, &(0x7f0000000000)={0x1f, 0x0, 0x202, 0x9, 0x1}) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x0, 0x9, "0200000002000000997e763f222ce1", '\x00', "0c0d917b", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]}) ioctl$auto_CEC_TRANSMIT(r2, 0xc0386105, &(0x7f0000000000)={0x80006, 0x3, 0x7, 0x1, 0x2, 0x7fffffff, "9b2189084142725dff0d933475a77466", 0xb, 0x5, 0x9, 0x5, 0x2, 0x4, 0x2}) write$auto(0xffffffffffffffff, &(0x7f0000000040)='#[-#\x00', 0x4) madvise$auto(0x2, 0xffffffffffff0005, 0x17) prctl$auto(0x29, 0x17000000, 0x0, 0x0, 0x3) r6 = pidfd_open$auto(0x1, 0x0) signalfd4$auto(r2, &(0x7f00000019c0)={0x795e}, 0x9, 0x6) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22) r7 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) fcntl$auto(r7, 0x400, 0x1) fcntl$auto(0x3, 0x400, 0x2) setns(r6, 0x4000000) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000240), r4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.18' (ED25519) to the list of known hosts. [ 74.052375][ T5615] cgroup: Unknown subsys name 'net' [ 74.169714][ T5615] cgroup: Unknown subsys name 'cpuset' [ 74.179312][ T5615] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.672355][ T5615] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 77.743861][ T4942] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.750720][ T5636] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.762796][ T5636] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.771262][ T5636] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.779352][ T5636] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.787263][ T5636] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.795004][ T5636] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.803378][ T5636] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.810716][ T5636] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.818481][ T5636] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.826482][ T5636] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.835226][ T5636] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.845453][ T5638] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.847098][ T5642] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.854317][ T5638] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.861029][ T5642] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.871291][ T5638] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.875027][ T5642] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.882858][ T5638] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.891671][ T5642] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.369487][ T5630] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.378347][ T5630] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.385533][ T5630] bridge_slave_0: entered allmulticast mode [ 79.395242][ T5630] bridge_slave_0: entered promiscuous mode [ 79.428974][ T5630] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.436320][ T5630] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.443492][ T5630] bridge_slave_1: entered allmulticast mode [ 79.450809][ T5630] bridge_slave_1: entered promiscuous mode [ 79.457917][ T5629] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.465048][ T5629] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.472318][ T5629] bridge_slave_0: entered allmulticast mode [ 79.479336][ T5629] bridge_slave_0: entered promiscuous mode [ 79.499197][ T5629] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.506354][ T5629] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.513677][ T5629] bridge_slave_1: entered allmulticast mode [ 79.520953][ T5629] bridge_slave_1: entered promiscuous mode [ 79.602078][ T5630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.619656][ T5629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.641969][ T5630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.659567][ T5629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.710393][ T5627] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.717806][ T5627] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.725034][ T5627] bridge_slave_0: entered allmulticast mode [ 79.732686][ T5627] bridge_slave_0: entered promiscuous mode [ 79.771177][ T5627] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.778423][ T5627] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.785591][ T5627] bridge_slave_1: entered allmulticast mode [ 79.793176][ T5627] bridge_slave_1: entered promiscuous mode [ 79.801859][ T5630] team0: Port device team_slave_0 added [ 79.807889][ T5628] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.815019][ T5628] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.822432][ T5628] bridge_slave_0: entered allmulticast mode [ 79.829720][ T5628] bridge_slave_0: entered promiscuous mode [ 79.839528][ T5629] team0: Port device team_slave_0 added [ 79.856370][ T5630] team0: Port device team_slave_1 added [ 79.862159][ T5628] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.869399][ T5628] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.876914][ T5628] bridge_slave_1: entered allmulticast mode [ 79.883956][ T5628] bridge_slave_1: entered promiscuous mode [ 79.892699][ T5629] team0: Port device team_slave_1 added [ 79.949188][ T5627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.967085][ T5634] Bluetooth: hci2: command tx timeout [ 79.967089][ T5638] Bluetooth: hci0: command tx timeout [ 79.967301][ T5638] Bluetooth: hci3: command tx timeout [ 79.973311][ T5642] Bluetooth: hci1: command tx timeout [ 79.997845][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.004878][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.031260][ T5629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.045258][ T5627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.059673][ T5630] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.066720][ T5630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.092803][ T5630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.106698][ T5628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.116638][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.123734][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.149726][ T5629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.178585][ T5630] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.185648][ T5630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.211754][ T5630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.224666][ T5628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.255548][ T5628] team0: Port device team_slave_0 added [ 80.282842][ T5628] team0: Port device team_slave_1 added [ 80.303450][ T5627] team0: Port device team_slave_0 added [ 80.312206][ T5627] team0: Port device team_slave_1 added [ 80.365354][ T5628] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.372587][ T5628] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.398818][ T5628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.435122][ T5629] hsr_slave_0: entered promiscuous mode [ 80.441883][ T5629] hsr_slave_1: entered promiscuous mode [ 80.450531][ T5628] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.457559][ T5628] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.483679][ T5628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.501587][ T5630] hsr_slave_0: entered promiscuous mode [ 80.508350][ T5630] hsr_slave_1: entered promiscuous mode [ 80.515051][ T5630] debugfs: 'hsr0' already exists in 'hsr' [ 80.521343][ T5630] Cannot create hsr debugfs directory [ 80.528985][ T5627] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.535961][ T5627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.562396][ T5627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.574885][ T5627] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.581887][ T5627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.607884][ T5627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.768293][ T5628] hsr_slave_0: entered promiscuous mode [ 80.774715][ T5628] hsr_slave_1: entered promiscuous mode [ 80.781212][ T5628] debugfs: 'hsr0' already exists in 'hsr' [ 80.787334][ T5628] Cannot create hsr debugfs directory [ 80.798695][ T5627] hsr_slave_0: entered promiscuous mode [ 80.804953][ T5627] hsr_slave_1: entered promiscuous mode [ 80.811289][ T5627] debugfs: 'hsr0' already exists in 'hsr' [ 80.817110][ T5627] Cannot create hsr debugfs directory [ 81.204061][ T5629] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.219705][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.230547][ T5629] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.241876][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.252237][ T5629] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.261895][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.281750][ T5629] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.293114][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.355242][ T5630] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.365414][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.373410][ T5630] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.383806][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.395027][ T5630] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 81.404622][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.413016][ T5630] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.423580][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.521869][ T5628] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.531947][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.545190][ T5628] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.558599][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.568144][ T5628] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.579854][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.594261][ T5628] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.604183][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.702416][ T5627] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 81.712748][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.720790][ T5627] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 81.730196][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.747878][ T5627] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 81.760445][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.774756][ T5627] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 81.784710][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.815585][ T5629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.875826][ T5629] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.904864][ T5630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.915251][ T1171] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.923016][ T1171] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.946498][ T1171] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.953716][ T1171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.022497][ T5630] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.046131][ T5634] Bluetooth: hci2: command tx timeout [ 82.052211][ T5642] Bluetooth: hci1: command tx timeout [ 82.057994][ T5634] Bluetooth: hci3: command tx timeout [ 82.060422][ T1171] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.063738][ T50] Bluetooth: hci0: command tx timeout [ 82.076547][ T1171] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.100884][ T1171] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.108016][ T1171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.136963][ T5628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.234241][ T5628] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.275429][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.282646][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.304949][ T5627] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.323644][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.330880][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.425234][ T5627] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.471010][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.478229][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.502652][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.509880][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.153313][ T5629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.335589][ T5629] veth0_vlan: entered promiscuous mode [ 83.374854][ T5629] veth1_vlan: entered promiscuous mode [ 83.406775][ T5630] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.524642][ T5629] veth0_macvtap: entered promiscuous mode [ 83.539717][ T5627] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.569826][ T5629] veth1_macvtap: entered promiscuous mode [ 83.592341][ T5628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.602439][ T5630] veth0_vlan: entered promiscuous mode [ 83.635672][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.649769][ T5630] veth1_vlan: entered promiscuous mode [ 83.675650][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.710989][ T76] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.720701][ T76] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.731603][ T76] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.750620][ T76] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.784665][ T5628] veth0_vlan: entered promiscuous mode [ 83.817874][ T5627] veth0_vlan: entered promiscuous mode [ 83.831543][ T5628] veth1_vlan: entered promiscuous mode [ 83.849453][ T5630] veth0_macvtap: entered promiscuous mode [ 83.868009][ T5627] veth1_vlan: entered promiscuous mode [ 83.889880][ T5630] veth1_macvtap: entered promiscuous mode [ 83.949210][ T5630] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.972464][ T1171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.983192][ T1171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.993064][ T5630] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.040975][ T5628] veth0_macvtap: entered promiscuous mode [ 84.059751][ T76] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.068752][ T76] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.080313][ T5628] veth1_macvtap: entered promiscuous mode [ 84.090871][ T5627] veth0_macvtap: entered promiscuous mode [ 84.098558][ T76] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.107392][ T76] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.121675][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.127631][ T5642] Bluetooth: hci1: command tx timeout [ 84.135949][ T5634] Bluetooth: hci3: command tx timeout [ 84.136894][ T50] Bluetooth: hci0: command tx timeout [ 84.141527][ T5634] Bluetooth: hci2: command tx timeout [ 84.144568][ T5627] veth1_macvtap: entered promiscuous mode [ 84.152699][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.201585][ T5628] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.242932][ T5628] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.274467][ T5627] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.303815][ T76] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.307923][ T5629] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 84.321759][ T5627] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.351669][ T76] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.360673][ T76] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.382108][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.399876][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.412930][ T76] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.502142][ T1162] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.513836][ T1162] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.530392][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.541828][ T1162] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.553453][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.562140][ T1162] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.739943][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.776880][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.850934][ T573] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.867001][ T573] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.915528][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.956738][ T5781] FAULT_INJECTION: forcing a failure. [ 84.956738][ T5781] name failslab, interval 1, probability 0, space 0, times 1 [ 84.969505][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.009340][ T5781] CPU: 0 UID: 0 PID: 5781 Comm: syz.2.3 Not tainted syzkaller #0 PREEMPT(full) [ 85.009381][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 85.009405][ T5781] Call Trace: [ 85.009415][ T5781] [ 85.009426][ T5781] dump_stack_lvl+0x100/0x190 [ 85.009470][ T5781] should_fail_ex.cold+0x5/0xa [ 85.009506][ T5781] should_failslab+0xc2/0x120 [ 85.009554][ T5781] __kmalloc_flags_noprof+0x115/0x890 [ 85.009588][ T5781] ? alloc_slab_obj_exts+0xb2/0x250 [ 85.009625][ T5781] alloc_slab_obj_exts+0xb2/0x250 [ 85.009661][ T5781] __memcg_slab_post_alloc_hook+0x3d4/0x1160 [ 85.009729][ T5781] ? kasan_save_track+0x14/0x30 [ 85.009770][ T5781] kmem_cache_alloc_noprof+0x587/0x6a0 [ 85.009807][ T5781] ? net_alloc_generic+0x1e/0x70 [ 85.009844][ T5781] ? copy_net_ns+0xe8/0x7c0 [ 85.009888][ T5781] copy_net_ns+0xe8/0x7c0 [ 85.009924][ T5781] ? copy_cgroup_ns+0x71/0x970 [ 85.009962][ T5781] create_new_namespaces+0x3ea/0xac0 [ 85.010004][ T5781] unshare_nsproxy_namespaces+0xf2/0x220 [ 85.010039][ T5781] ksys_unshare+0x438/0xab0 [ 85.010078][ T5781] ? __pfx_ksys_unshare+0x10/0x10 [ 85.010127][ T5781] __x64_sys_unshare+0x31/0x40 [ 85.010170][ T5781] do_syscall_64+0x115/0x840 [ 85.010197][ T5781] ? clear_bhb_loop+0x40/0x90 [ 85.010231][ T5781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.010254][ T5781] RIP: 0033:0x7f745fd9de59 [ 85.010285][ T5781] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.010314][ T5781] RSP: 002b:00007f7460d43028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 85.010343][ T5781] RAX: ffffffffffffffda RBX: 00007f7460025fa0 RCX: 00007f745fd9de59 [ 85.010359][ T5781] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 85.010375][ T5781] RBP: 00007f745fe33e6f R08: 0000000000000000 R09: 0000000000000000 [ 85.010388][ T5781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.010401][ T5781] R13: 00007f7460026038 R14: 00007f7460025fa0 R15: 00007ffcea6b9058 [ 85.010433][ T5781] [ 85.045712][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.245357][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.332129][ T5782] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 85.433083][ T5787] process 'syz.3.5' launched './file0' with NULL argv: empty string added [ 85.943592][ T5795] blktrace: Concurrent blktraces are not allowed on nbd5 [ 85.993857][ T5800] Zero length message leads to an empty skb [ 86.206162][ T50] Bluetooth: hci1: command tx timeout [ 86.212832][ T5638] Bluetooth: hci2: command tx timeout [ 86.215605][ T5642] Bluetooth: hci3: command tx timeout [ 86.219430][ T50] Bluetooth: hci0: command tx timeout [ 86.370744][ T5804] syz.3.7 uses obsolete (PF_INET,SOCK_PACKET) [ 89.217535][ T5835] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 90.394278][ T5850] sysfs_service_op_store: Client not running :-5: [ 91.988005][ T11] cfg80211: failed to load regulatory.db [ 95.285219][ T5911] netlink: 28 bytes leftover after parsing attributes in process `syz.0.26'. [ 96.420524][ T29] audit: type=1107 audit(1782955259.089:2): pid=5914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 96.472789][ T29] audit: type=1107 audit(1782955259.099:3): pid=5914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 97.542336][ T5945] kernel read not supported for file /æDž (pid: 5945 comm: syz.1.33) [ 97.569908][ T29] audit: type=1800 audit(1782955260.249:4): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.33" name=12E644089E dev="mqueue" ino=9112 res=0 errno=0 [ 98.018024][ T5950] dlm: non-version read from control device 2147479552 [ 98.829731][ T5960] warning: `syz.0.37' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 98.904443][ T5960] netlink: 28 bytes leftover after parsing attributes in process `syz.0.37'. [ 99.041970][ T5960] bond0: (slave bond_slave_0): Releasing backup interface [ 100.283940][ T5980] FAULT_INJECTION: forcing a failure. [ 100.283940][ T5980] name failslab, interval 1, probability 0, space 0, times 0 [ 100.336102][ T5980] CPU: 0 UID: 0 PID: 5980 Comm: syz.3.42 Not tainted syzkaller #0 PREEMPT(full) [ 100.336145][ T5980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 100.336164][ T5980] Call Trace: [ 100.336173][ T5980] [ 100.336184][ T5980] dump_stack_lvl+0x100/0x190 [ 100.336229][ T5980] should_fail_ex.cold+0x5/0xa [ 100.336269][ T5980] should_failslab+0xc2/0x120 [ 100.336311][ T5980] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 100.336351][ T5980] ? __d_alloc+0x35/0xa50 [ 100.336389][ T5980] __d_alloc+0x35/0xa50 [ 100.336425][ T5980] d_alloc+0x4a/0x1e0 [ 100.336459][ T5980] lookup_one_qstr_excl+0x171/0x250 [ 100.336502][ T5980] start_dirop+0x59/0xb0 [ 100.336549][ T5980] simple_start_creating+0xf9/0x110 [ 100.336577][ T5980] ? __pfx_simple_start_creating+0x10/0x10 [ 100.336608][ T5980] ? mntput+0x70/0xa0 [ 100.336651][ T5980] ? simple_pin_fs+0xa3/0x190 [ 100.336700][ T5980] debugfs_start_creating.part.0+0x82/0x170 [ 100.336743][ T5980] __debugfs_create_file+0xb3/0x4f0 [ 100.336789][ T5980] debugfs_create_file_full+0x41/0x60 [ 100.336845][ T5980] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 100.336893][ T5980] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 100.336973][ T5980] ? lockdep_init_map_type+0x5c/0x250 [ 100.337008][ T5980] ? __pfx_loopback_setup+0x10/0x10 [ 100.337052][ T5980] alloc_netdev_mqs+0x314/0x15c0 [ 100.337106][ T5980] ? __kmalloc_noprof+0x343/0x820 [ 100.337146][ T5980] ? __pfx_loopback_net_init+0x10/0x10 [ 100.337196][ T5980] loopback_net_init+0x38/0x170 [ 100.337241][ T5980] ? __pfx_loopback_net_init+0x10/0x10 [ 100.337284][ T5980] ops_init+0x1e2/0x5f0 [ 100.337320][ T5980] setup_net+0x118/0x3a0 [ 100.337353][ T5980] ? __pfx_setup_net+0x10/0x10 [ 100.337386][ T5980] ? mutex_init_lockdep+0xf1/0x120 [ 100.337421][ T5980] copy_net_ns+0x46f/0x7c0 [ 100.337469][ T5980] create_new_namespaces+0x3ea/0xac0 [ 100.337516][ T5980] unshare_nsproxy_namespaces+0xf2/0x220 [ 100.337553][ T5980] ksys_unshare+0x438/0xab0 [ 100.337591][ T5980] ? __pfx_ksys_unshare+0x10/0x10 [ 100.337641][ T5980] __x64_sys_unshare+0x31/0x40 [ 100.337677][ T5980] do_syscall_64+0x115/0x840 [ 100.337702][ T5980] ? clear_bhb_loop+0x40/0x90 [ 100.337739][ T5980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.337769][ T5980] RIP: 0033:0x7f618d19de59 [ 100.337792][ T5980] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 100.337818][ T5980] RSP: 002b:00007f618dfba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 100.337845][ T5980] RAX: ffffffffffffffda RBX: 00007f618d426090 RCX: 00007f618d19de59 [ 100.337864][ T5980] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 100.337880][ T5980] RBP: 00007f618d233e6f R08: 0000000000000000 R09: 0000000000000000 [ 100.337896][ T5980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.337912][ T5980] R13: 00007f618d426128 R14: 00007f618d426090 R15: 00007fffb98acc98 [ 100.337951][ T5980] [ 100.871820][ T5988] ovs_: entered promiscuous mode [ 100.937122][ T5985] vhci_hcd: not connected 4 [ 101.298205][ T5999] ======================================================= [ 101.298205][ T5999] WARNING: The mand mount option has been deprecated and [ 101.298205][ T5999] and is ignored by this kernel. Remove the mand [ 101.298205][ T5999] option from the mount to silence this warning. [ 101.298205][ T5999] ======================================================= [ 101.517340][ T6004] netlink: 28 bytes leftover after parsing attributes in process `syz.1.48'. [ 101.761510][ T6009] netlink: 20 bytes leftover after parsing attributes in process `syz.2.47'. [ 101.767162][ T6018] netlink: 28 bytes leftover after parsing attributes in process `syz.0.50'. [ 102.442573][ T6009] syz.2.47 (6009) used greatest stack depth: 19768 bytes left [ 102.454445][ T6034] netlink: 28 bytes leftover after parsing attributes in process `syz.1.53'. [ 105.374581][ T6085] netlink: 28 bytes leftover after parsing attributes in process `syz.3.59'. [ 105.587966][ T6085] bond0: (slave bond_slave_0): Releasing backup interface [ 105.725022][ T6092] FAULT_INJECTION: forcing a failure. [ 105.725022][ T6092] name failslab, interval 1, probability 0, space 0, times 0 [ 105.757046][ T6092] CPU: 0 UID: 0 PID: 6092 Comm: syz.1.62 Not tainted syzkaller #0 PREEMPT(full) [ 105.757087][ T6092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 105.757105][ T6092] Call Trace: [ 105.757116][ T6092] [ 105.757127][ T6092] dump_stack_lvl+0x100/0x190 [ 105.757169][ T6092] should_fail_ex.cold+0x5/0xa [ 105.757209][ T6092] should_failslab+0xc2/0x120 [ 105.757251][ T6092] kmem_cache_alloc_noprof+0x91/0x6a0 [ 105.757289][ T6092] ? __kernfs_new_node+0xd2/0xa10 [ 105.757328][ T6092] __kernfs_new_node+0xd2/0xa10 [ 105.757362][ T6092] ? __pfx___kernfs_new_node+0x10/0x10 [ 105.757400][ T6092] ? find_held_lock+0x2b/0x80 [ 105.757436][ T6092] ? kernfs_root+0xee/0x2a0 [ 105.757479][ T6092] ? kernfs_root+0xee/0x2a0 [ 105.757534][ T6092] kernfs_new_node+0x117/0x150 [ 105.757571][ T6092] __kernfs_create_file+0x53/0x350 [ 105.757619][ T6092] sysfs_add_file_mode_ns+0x207/0x3c0 [ 105.757669][ T6092] internal_create_group+0x593/0xfb0 [ 105.757719][ T6092] ? __pfx_internal_create_group+0x10/0x10 [ 105.757770][ T6092] ? kernfs_create_link+0x1bd/0x240 [ 105.757813][ T6092] internal_create_groups+0x9d/0x150 [ 105.757863][ T6092] device_add+0x71a/0x1970 [ 105.757908][ T6092] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 105.757953][ T6092] ? __pfx_device_add+0x10/0x10 [ 105.757997][ T6092] ? lockdep_init_map_type+0x5c/0x250 [ 105.758028][ T6092] ? __init_waitqueue_head+0xca/0x150 [ 105.758069][ T6092] netdev_register_kobject+0x1a9/0x3d0 [ 105.758119][ T6092] register_netdevice+0x15b6/0x25a0 [ 105.758167][ T6092] ? __pfx_register_netdevice+0x10/0x10 [ 105.758214][ T6092] ? __pfx_loopback_net_init+0x10/0x10 [ 105.758260][ T6092] register_netdev+0x34/0x50 [ 105.758296][ T6092] loopback_net_init+0x7a/0x170 [ 105.758341][ T6092] ? __pfx_loopback_net_init+0x10/0x10 [ 105.758382][ T6092] ops_init+0x1e2/0x5f0 [ 105.758418][ T6092] setup_net+0x118/0x3a0 [ 105.758453][ T6092] ? __pfx_setup_net+0x10/0x10 [ 105.758482][ T6092] ? mutex_init_lockdep+0xf1/0x120 [ 105.758517][ T6092] copy_net_ns+0x46f/0x7c0 [ 105.758558][ T6092] create_new_namespaces+0x3ea/0xac0 [ 105.758604][ T6092] unshare_nsproxy_namespaces+0xf2/0x220 [ 105.758635][ T6092] ksys_unshare+0x438/0xab0 [ 105.758672][ T6092] ? __pfx_ksys_unshare+0x10/0x10 [ 105.758705][ T6092] ? xfd_validate_state+0x129/0x190 [ 105.758750][ T6092] __x64_sys_unshare+0x31/0x40 [ 105.758786][ T6092] do_syscall_64+0x115/0x840 [ 105.758815][ T6092] ? clear_bhb_loop+0x40/0x90 [ 105.758852][ T6092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.758885][ T6092] RIP: 0033:0x7f996379de59 [ 105.758909][ T6092] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.758935][ T6092] RSP: 002b:00007f9964632028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 105.758963][ T6092] RAX: ffffffffffffffda RBX: 00007f9963a25fa0 RCX: 00007f996379de59 [ 105.758981][ T6092] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 105.758999][ T6092] RBP: 00007f9963833e6f R08: 0000000000000000 R09: 0000000000000000 [ 105.759015][ T6092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.759028][ T6092] R13: 00007f9963a26038 R14: 00007f9963a25fa0 R15: 00007ffc0a47aa78 [ 105.759064][ T6092] [ 106.617510][ T6098] blktrace: Concurrent blktraces are not allowed on nbd5 [ 106.668290][ T6099] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 110.332497][ T6130] netlink: 28 bytes leftover after parsing attributes in process `syz.2.71'. [ 110.606654][ T6130] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 110.714455][ T6130] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 111.057303][ T6130] bond0 (unregistering): Released all slaves [ 114.496781][ T6189] random: crng reseeded on system resumption [ 115.368215][ T6198] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 115.579602][ T6202] : entered promiscuous mode [ 115.593576][ T6199] random: crng reseeded on system resumption [ 115.811166][ T6202] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input6 [ 118.471456][ T6241] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 121.993508][ T6284] netlink: 28 bytes leftover after parsing attributes in process `syz.3.102'. [ 122.049977][ T6284] netlink: 'syz.3.102': attribute type 16 has an invalid length. [ 122.080732][ T6284] netlink: 306 bytes leftover after parsing attributes in process `syz.3.102'. [ 122.721352][ T6296] netlink: 12 bytes leftover after parsing attributes in process `syz.2.104'. [ 122.899974][ T6309] netlink: 32 bytes leftover after parsing attributes in process `syz.2.104'. [ 123.765808][ T29] audit: type=1800 audit(1782973630.446:5): pid=6324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.109" name="lu_gp_id" dev="configfs" ino=11105 res=0 errno=0 [ 124.310579][ T6335] random: crng reseeded on system resumption [ 124.744687][ T29] audit: type=1800 audit(1782973631.416:6): pid=6341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.112" name="dbroot" dev="configfs" ino=10239 res=0 errno=0 [ 125.491954][ T6352] netlink: 82 bytes leftover after parsing attributes in process `syz.0.115'. [ 125.634803][ T6362] i2c i2c-0: delete_device: Extra parameters [ 125.791021][ T29] audit: type=1800 audit(1782973632.466:7): pid=6362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.114" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 126.189969][ T6373] random: crng reseeded on system resumption [ 128.486035][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 128.608637][ T6403] futex_wake_op: syz.1.123 tries to shift op by -2048; fix this program [ 128.625329][ T6403] futex_wake_op: syz.1.123 tries to shift op by -2048; fix this program [ 129.358602][ T6439] random: crng reseeded on system resumption [ 129.901674][ T6452] netlink: 'syz.3.133': attribute type 11 has an invalid length. [ 129.937248][ T6452] netlink: 'syz.3.133': attribute type 11 has an invalid length. [ 129.969638][ T6452] netlink: 'syz.3.133': attribute type 11 has an invalid length. [ 129.999762][ T6452] netlink: 'syz.3.133': attribute type 11 has an invalid length. [ 130.031414][ T6452] netlink: 'syz.3.133': attribute type 11 has an invalid length. [ 130.060908][ T6452] netlink: 17876 bytes leftover after parsing attributes in process `syz.3.133'. [ 130.546193][ T29] audit: type=1800 audit(1782973637.216:8): pid=6460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.134" name="members" dev="configfs" ino=11746 res=0 errno=0 [ 131.191928][ T6473] netlink: 342 bytes leftover after parsing attributes in process `syz.2.137'. [ 132.929306][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.938110][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.424240][ T6512] netlink: 28 bytes leftover after parsing attributes in process `syz.0.150'. [ 135.039260][ T6529] random: crng reseeded on system resumption [ 136.531666][ T6566] netlink: 330 bytes leftover after parsing attributes in process `syz.0.154'. [ 136.614200][ T6566] netdevsim netdevsim0 ›: renamed from netdevsim0 (while UP) [ 137.908206][ T6602] aoe: invalid device specification [ 138.089568][ T6588] netlink: 8 bytes leftover after parsing attributes in process `syz.2.158'. [ 139.554260][ T29] audit: type=1800 audit(1782973646.229:9): pid=6626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.164" name="lu_gp_id" dev="configfs" ino=12930 res=0 errno=0 [ 139.910478][ T24] Process accounting resumed [ 139.954283][ T11] Process accounting resumed [ 139.975016][ T11] Process accounting resumed [ 139.990711][ T11] Process accounting resumed [ 140.013965][ T11] Process accounting resumed [ 140.151928][ T6631] Process accounting resumed [ 141.078358][ T6658] random: crng reseeded on system resumption [ 142.041173][ T6681] futex_wake_op: syz.0.173 tries to shift op by -1; fix this program [ 142.791335][ T6689] FAULT_INJECTION: forcing a failure. [ 142.791335][ T6689] name fail_futex, interval 1, probability 0, space 0, times 1 [ 142.804308][ T6689] CPU: 0 UID: 0 PID: 6689 Comm: syz.3.176 Not tainted syzkaller #0 PREEMPT(full) [ 142.804329][ T6689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 142.804338][ T6689] Call Trace: [ 142.804346][ T6689] [ 142.804352][ T6689] dump_stack_lvl+0x100/0x190 [ 142.804375][ T6689] should_fail_ex.cold+0x5/0xa [ 142.804396][ T6689] should_fail_futex+0x4c/0x60 [ 142.804411][ T6689] futex_lock_pi_atomic+0x12d/0xaf0 [ 142.804434][ T6689] futex_lock_pi+0x278/0x7f0 [ 142.804457][ T6689] ? __pfx_futex_lock_pi+0x10/0x10 [ 142.804475][ T6689] ? try_to_wake_up+0x70a/0x1c90 [ 142.804493][ T6689] ? __pfx_try_to_wake_up+0x10/0x10 [ 142.804515][ T6689] ? plist_check_list+0x1b8/0x280 [ 142.804541][ T6689] ? futex_private_hash_put+0x115/0x1c0 [ 142.804558][ T6689] ? __pfx_futex_wake_mark+0x10/0x10 [ 142.804582][ T6689] ? rcu_read_lock_any_held+0x6a/0xa0 [ 142.804603][ T6689] ? find_held_lock+0x2b/0x80 [ 142.804624][ T6689] ? ksys_write+0x190/0x250 [ 142.804641][ T6689] do_futex+0x371/0x440 [ 142.804658][ T6689] ? __pfx_do_futex+0x10/0x10 [ 142.804675][ T6689] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 142.804703][ T6689] __x64_sys_futex+0x34f/0x4d0 [ 142.804722][ T6689] ? __pfx___x64_sys_futex+0x10/0x10 [ 142.804745][ T6689] do_syscall_64+0x115/0x840 [ 142.804759][ T6689] ? clear_bhb_loop+0x40/0x90 [ 142.804777][ T6689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.804792][ T6689] RIP: 0033:0x7f618d19de59 [ 142.804817][ T6689] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 142.804830][ T6689] RSP: 002b:00007f618b3b4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 142.804848][ T6689] RAX: ffffffffffffffda RBX: 00007f618d426450 RCX: 00007f618d19de59 [ 142.804857][ T6689] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 142.804866][ T6689] RBP: 00007f618d233e6f R08: 0000000000000000 R09: 000000008000fff5 [ 142.804874][ T6689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 142.804883][ T6689] R13: 00007f618d4264e8 R14: 00007f618d426450 R15: 00007fffb98acc98 [ 142.804901][ T6689] [ 143.681887][ T6703] bridge0: port 3(team0) entered blocking state [ 143.710998][ T6703] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 143.799759][ T6703] bridge0: port 3(team0) entered disabled state [ 143.845090][ T6703] team0: entered allmulticast mode [ 143.884289][ T6703] team_slave_0: entered allmulticast mode [ 143.931547][ T6703] team_slave_1: entered allmulticast mode [ 144.026997][ T6703] team0: entered promiscuous mode [ 144.067081][ T6703] team_slave_0: entered promiscuous mode [ 144.081622][ T6703] team_slave_1: entered promiscuous mode [ 144.103077][ T6703] bridge0: port 3(team0) entered blocking state [ 144.110553][ T6703] bridge0: port 3(team0) entered forwarding state [ 145.142983][ T6717] netlink: 'syz.1.181': attribute type 1 has an invalid length. [ 145.156322][ T6717] netlink: 33 bytes leftover after parsing attributes in process `syz.1.181'. [ 145.167370][ T6720] netlink: 'syz.0.182': attribute type 11 has an invalid length. [ 145.188835][ T6720] netlink: 'syz.0.182': attribute type 11 has an invalid length. [ 145.210665][ T6720] netlink: 'syz.0.182': attribute type 11 has an invalid length. [ 145.235908][ T6720] netlink: 'syz.0.182': attribute type 11 has an invalid length. [ 145.264684][ T6720] netlink: 'syz.0.182': attribute type 11 has an invalid length. [ 145.294703][ T6720] netlink: 17876 bytes leftover after parsing attributes in process `syz.0.182'. [ 147.611422][ T6772] netlink: 'syz.1.193': attribute type 11 has an invalid length. [ 147.648148][ T6772] netlink: 'syz.1.193': attribute type 11 has an invalid length. [ 147.672794][ T6772] netlink: 'syz.1.193': attribute type 11 has an invalid length. [ 147.681305][ T6772] netlink: 'syz.1.193': attribute type 11 has an invalid length. [ 147.689633][ T6772] netlink: 'syz.1.193': attribute type 11 has an invalid length. [ 147.699002][ T6772] netlink: 17876 bytes leftover after parsing attributes in process `syz.1.193'. [ 151.218178][ T6843] netlink: 342 bytes leftover after parsing attributes in process `syz.2.209'. [ 152.544642][ T6866] FAULT_INJECTION: forcing a failure. [ 152.544642][ T6866] name failslab, interval 1, probability 0, space 0, times 0 [ 152.590075][ T6866] CPU: 1 UID: 0 PID: 6866 Comm: syz.1.213 Not tainted syzkaller #0 PREEMPT(full) [ 152.590098][ T6866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 152.590108][ T6866] Call Trace: [ 152.590113][ T6866] [ 152.590119][ T6866] dump_stack_lvl+0x100/0x190 [ 152.590144][ T6866] should_fail_ex.cold+0x5/0xa [ 152.590165][ T6866] should_failslab+0xc2/0x120 [ 152.590187][ T6866] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 152.590210][ T6866] ? __d_alloc+0x35/0xa50 [ 152.590229][ T6866] __d_alloc+0x35/0xa50 [ 152.590247][ T6866] d_alloc+0x4a/0x1e0 [ 152.590264][ T6866] lookup_one_qstr_excl+0x171/0x250 [ 152.590285][ T6866] start_dirop+0x59/0xb0 [ 152.590308][ T6866] simple_start_creating+0xf9/0x110 [ 152.590323][ T6866] ? __pfx_simple_start_creating+0x10/0x10 [ 152.590338][ T6866] ? mntput+0x70/0xa0 [ 152.590359][ T6866] ? simple_pin_fs+0xa3/0x190 [ 152.590381][ T6866] debugfs_start_creating.part.0+0x82/0x170 [ 152.590403][ T6866] __debugfs_create_file+0xb3/0x4f0 [ 152.590425][ T6866] debugfs_create_file_full+0x41/0x60 [ 152.590447][ T6866] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 152.590470][ T6866] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 152.590492][ T6866] ? ida_alloc_range+0x70d/0x830 [ 152.590520][ T6866] ? kasan_save_track+0x14/0x30 [ 152.590539][ T6866] ? __kasan_kmalloc+0xaa/0xb0 [ 152.590557][ T6866] ? lockdep_init_map_type+0x5c/0x250 [ 152.590575][ T6866] preinit_net.part.0+0x252/0x920 [ 152.590595][ T6866] copy_net_ns+0x339/0x7c0 [ 152.590619][ T6866] create_new_namespaces+0x3ea/0xac0 [ 152.590640][ T6866] unshare_nsproxy_namespaces+0xf2/0x220 [ 152.590659][ T6866] ksys_unshare+0x438/0xab0 [ 152.590679][ T6866] ? __pfx_ksys_unshare+0x10/0x10 [ 152.590715][ T6866] __x64_sys_unshare+0x31/0x40 [ 152.590733][ T6866] do_syscall_64+0x115/0x840 [ 152.590747][ T6866] ? clear_bhb_loop+0x40/0x90 [ 152.590765][ T6866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.590781][ T6866] RIP: 0033:0x7f996379de59 [ 152.590795][ T6866] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 152.590808][ T6866] RSP: 002b:00007f9964611028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 152.590823][ T6866] RAX: ffffffffffffffda RBX: 00007f9963a26090 RCX: 00007f996379de59 [ 152.590834][ T6866] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 152.590842][ T6866] RBP: 00007f9963833e6f R08: 0000000000000000 R09: 0000000000000000 [ 152.590856][ T6866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.590865][ T6866] R13: 00007f9963a26128 R14: 00007f9963a26090 R15: 00007ffc0a47aa78 [ 152.590885][ T6866] [ 153.222842][ T6870] bridge0: port 4(veth1) entered blocking state [ 153.264782][ T6870] bridge0: port 4(veth1) entered disabled state [ 153.303021][ T6870] veth1: entered allmulticast mode [ 153.346862][ T6870] veth1: entered promiscuous mode [ 153.366494][ T6870] bridge0: port 4(veth1) entered blocking state [ 153.372952][ T6870] bridge0: port 4(veth1) entered forwarding state [ 154.489957][ T29] audit: type=1800 audit(1782973661.169:10): pid=6898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.220" name="version" dev="configfs" ino=14982 res=0 errno=0 [ 159.345634][ T6978] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 159.353881][ T6978] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 159.535211][ T6978] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 159.637800][ T6978] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 159.666869][ T6978] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 159.850722][ T6978] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 159.940580][ T6978] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 159.947845][ T6978] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 160.004386][ T6978] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 160.085491][ T6978] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 160.114728][ T6978] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 160.169500][ T6978] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 160.607134][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 161.646133][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 161.970376][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 162.126243][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 162.411320][ T7016] netlink: 8 bytes leftover after parsing attributes in process `syz.1.240'. [ 162.686101][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 163.726282][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 164.046398][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 164.207402][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 164.370524][ T7056] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR [ 164.776109][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 165.205811][ T7072] netdevsim netdevsim0 › (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.241574][ T7086] random: crng reseeded on system resumption [ 165.806298][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 166.126401][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 166.286102][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 166.523155][ T29] audit: type=1800 audit(1782973673.199:11): pid=7104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.252" name="dbroot" dev="configfs" ino=15746 res=0 errno=0 [ 166.612648][ T7111] netlink: 330 bytes leftover after parsing attributes in process `syz.3.253'. [ 167.867628][ T7140] RDS: rds_bind could not find a transport for 7bc:c94c:4e37:70c4::, load rds_tcp or rds_rdma? [ 170.105458][ T7169] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off [ 170.143713][ T7169] pci 0000:00:01.3: PCI INT A: no GSI [ 170.269849][ T7178] Process accounting paused [ 171.386821][ T14] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.412481][ T7202] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:106: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 171.432272][ T7202] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:106: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 171.452433][ T7202] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 171.535283][ T7207] mmap: syz.1.273 (7207) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 171.658199][ T14] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.802108][ T14] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.900575][ T5638] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 171.915343][ T5638] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 171.924115][ T5638] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 171.938401][ T5638] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 171.952802][ T7216] vhci_hcd: not connected 4 [ 171.959770][ T5638] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 172.003671][ T14] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.726728][ T14] bridge_slave_1: left allmulticast mode [ 173.745530][ T14] bridge_slave_1: left promiscuous mode [ 173.763851][ T14] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.813407][ T14] bridge_slave_0: left allmulticast mode [ 173.857613][ T14] bridge_slave_0: left promiscuous mode [ 173.864973][ T14] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.059762][ T5638] Bluetooth: hci3: command tx timeout [ 174.250379][ T14] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 174.270567][ T14] bond0 (unregistering): Released all slaves [ 174.625922][ T14] : left promiscuous mode [ 176.127807][ T5638] Bluetooth: hci3: command tx timeout [ 176.195156][ T7265] netlink: 4 bytes leftover after parsing attributes in process `syz.1.280'. [ 176.254794][ T14] hsr_slave_0: left promiscuous mode [ 176.293983][ T14] hsr_slave_1: left promiscuous mode [ 176.318156][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 176.335971][ T14] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 176.377499][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 176.398686][ T14] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 176.500716][ T14] veth1_macvtap: left promiscuous mode [ 176.537201][ T14] veth0_macvtap: left promiscuous mode [ 176.560859][ T14] veth1_vlan: left promiscuous mode [ 176.578690][ T14] veth0_vlan: left promiscuous mode [ 176.587740][ T7276] netlink: 12 bytes leftover after parsing attributes in process `syz.2.279'. [ 177.055429][ T14] team0 (unregistering): Port device team_slave_1 removed [ 177.075070][ T14] team0 (unregistering): Port device team_slave_0 removed [ 177.454070][ T5288] 8021q: adding VLAN 0 to HW filter on device eth1 [ 177.618101][ T7272] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.953027][ T7272] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.207691][ T5638] Bluetooth: hci3: command tx timeout [ 178.255698][ T7213] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.277278][ T7293] netlink: 28 bytes leftover after parsing attributes in process `syz.1.284'. [ 178.298988][ T7213] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.306899][ T7213] bridge_slave_0: entered allmulticast mode [ 178.346799][ T7213] bridge_slave_0: entered promiscuous mode [ 178.365505][ T7213] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.373302][ T7213] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.382640][ T7213] bridge_slave_1: entered allmulticast mode [ 178.404709][ T7213] bridge_slave_1: entered promiscuous mode [ 178.515556][ T7272] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.923114][ T7272] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.002887][ T7213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 179.363907][ T7213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.400943][ T5288] 8021q: adding VLAN 0 to HW filter on device eth2 [ 179.759279][ T7213] team0: Port device team_slave_0 added [ 179.779234][ T7213] team0: Port device team_slave_1 added [ 179.921367][ T7213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 179.934933][ T7213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 179.996295][ T7213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 180.028815][ T7213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 180.064352][ T7213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 180.136114][ T7213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.286651][ T5638] Bluetooth: hci3: command tx timeout [ 180.633188][ T7213] hsr_slave_0: entered promiscuous mode [ 180.649920][ T7213] hsr_slave_1: entered promiscuous mode [ 180.928835][ T5288] 8021q: adding VLAN 0 to HW filter on device eth3 [ 181.533534][ T7339] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 181.599362][ T7339] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 181.642291][ T7339] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 181.671264][ T7339] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 181.716399][ T7339] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 181.822637][ T7339] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 182.386562][ T7387] netlink: 28 bytes leftover after parsing attributes in process `syz.0.293'. [ 182.457029][ T7386] netlink: 28 bytes leftover after parsing attributes in process `syz.2.291'. [ 182.681028][ T29] audit: type=1800 audit(1782992033.359:12): pid=7398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.294" name="version" dev="configfs" ino=18723 res=0 errno=0 [ 182.767854][ T7387] ipvlan1: entered promiscuous mode [ 182.777838][ T7387] ipvlan1: entered allmulticast mode [ 182.787505][ T7387] veth0_vlan: entered allmulticast mode [ 183.006284][ T5638] Bluetooth: hci1: command 0x0c1a tx timeout [ 183.648562][ T5638] Bluetooth: hci0: command 0x0c1a tx timeout [ 183.654720][ T5638] Bluetooth: hci2: command 0x0c1a tx timeout [ 183.727034][ T5638] Bluetooth: hci3: command 0x0c1a tx timeout [ 183.754055][ T7213] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 183.824279][ T7213] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 183.908201][ T7213] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 183.982206][ T7213] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 184.018048][ T7213] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 184.039416][ T7213] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 184.082580][ T7213] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 184.121356][ T7213] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 184.501321][ T7213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.591226][ T7213] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.611282][ T7453] FAULT_INJECTION: forcing a failure. [ 184.611282][ T7453] name failslab, interval 1, probability 0, space 0, times 0 [ 184.632181][ T7453] CPU: 0 UID: 0 PID: 7453 Comm: syz.0.298 Tainted: G L syzkaller #0 PREEMPT(full) [ 184.632208][ T7453] Tainted: [L]=SOFTLOCKUP [ 184.632213][ T7453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 184.632223][ T7453] Call Trace: [ 184.632228][ T7453] [ 184.632234][ T7453] dump_stack_lvl+0x100/0x190 [ 184.632260][ T7453] should_fail_ex.cold+0x5/0xa [ 184.632281][ T7453] should_failslab+0xc2/0x120 [ 184.632303][ T7453] kmem_cache_alloc_noprof+0x91/0x6a0 [ 184.632323][ T7453] ? jbd2__journal_start+0x194/0x6a0 [ 184.632344][ T7453] jbd2__journal_start+0x194/0x6a0 [ 184.632363][ T7453] __ext4_journal_start_sb+0x367/0x670 [ 184.632385][ T7453] ? ext4_do_writepages+0xc1c/0x3ed0 [ 184.632410][ T7453] ext4_do_writepages+0xc1c/0x3ed0 [ 184.632430][ T7453] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 184.632455][ T7453] ? trace_hrtimer_start+0x77/0x220 [ 184.632483][ T7453] ? __pfx_ext4_do_writepages+0x10/0x10 [ 184.632522][ T7453] ? ext4_writepages+0x347/0x750 [ 184.632544][ T7453] ext4_writepages+0x347/0x750 [ 184.632566][ T7453] ? __pfx_ext4_writepages+0x10/0x10 [ 184.632595][ T7453] ? do_writepages+0x4b5/0x600 [ 184.632614][ T7453] ? do_writepages+0x4b5/0x600 [ 184.632634][ T7453] ? __pfx_ext4_writepages+0x10/0x10 [ 184.632658][ T7453] do_writepages+0x278/0x600 [ 184.632679][ T7453] ? __pfx_do_writepages+0x10/0x10 [ 184.632696][ T7453] ? do_raw_spin_unlock+0x145/0x1e0 [ 184.632714][ T7453] ? _raw_spin_unlock+0x28/0x50 [ 184.632735][ T7453] filemap_writeback+0x22d/0x2e0 [ 184.632756][ T7453] ? __pfx_filemap_writeback+0x10/0x10 [ 184.632797][ T7453] ? mt_find+0x45e/0x8e0 [ 184.632813][ T7453] ? __pfx_mt_find+0x10/0x10 [ 184.632831][ T7453] file_write_and_wait_range+0xcd/0x140 [ 184.632854][ T7453] ext4_sync_file+0x358/0xb60 [ 184.632876][ T7453] ? __pfx_ext4_sync_file+0x10/0x10 [ 184.632895][ T7453] ? __up_read+0x300/0x980 [ 184.632911][ T7453] ? __pfx___up_read+0x10/0x10 [ 184.632926][ T7453] ? __do_sys_msync+0x39b/0x590 [ 184.632944][ T7453] ? __pfx_ext4_sync_file+0x10/0x10 [ 184.632962][ T7453] vfs_fsync_range+0x9b/0x190 [ 184.632988][ T7453] __do_sys_msync+0x3ca/0x590 [ 184.633010][ T7453] do_syscall_64+0x115/0x840 [ 184.633027][ T7453] ? clear_bhb_loop+0x40/0x90 [ 184.633046][ T7453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.633062][ T7453] RIP: 0033:0x7fc08099de59 [ 184.633076][ T7453] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 184.633090][ T7453] RSP: 002b:00007fc0818fa028 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 184.633105][ T7453] RAX: ffffffffffffffda RBX: 00007fc080c25fa0 RCX: 00007fc08099de59 [ 184.633115][ T7453] RDX: 0000000400000004 RSI: 01800000000000fe RDI: 000000001ffff000 [ 184.633125][ T7453] RBP: 00007fc080a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 184.633134][ T7453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 184.633142][ T7453] R13: 00007fc080c26038 R14: 00007fc080c25fa0 R15: 00007ffc20d83308 [ 184.633163][ T7453] [ 184.633172][ T7453] EXT4-fs (sda1): ext4_do_writepages: jbd2_start: 9223372036854775806 pages, ino 2022; err -12 [ 184.650859][ T7373] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.948438][ T7373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.969782][ T7373] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.977032][ T7373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.396551][ T7468] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 185.524945][ T7475] random: crng reseeded on system resumption [ 185.806566][ T5638] Bluetooth: hci3: command 0x0c1a tx timeout [ 187.354405][ T7213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.887430][ T5638] Bluetooth: hci3: command 0x0c1a tx timeout [ 188.150973][ T7213] veth0_vlan: entered promiscuous mode [ 188.289510][ T7213] veth1_vlan: entered promiscuous mode [ 188.421162][ T7527] netlink: 28 bytes leftover after parsing attributes in process `syz.0.303'. [ 189.228935][ T7213] veth0_macvtap: entered promiscuous mode [ 189.293177][ T7213] veth1_macvtap: entered promiscuous mode [ 189.364886][ T7213] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 189.404008][ T7213] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.452788][ T7374] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.473313][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.503300][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.517261][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.694928][ T7563] random: crng reseeded on system resumption [ 189.715408][ T1171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.770754][ T1171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.842381][ T1171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.870890][ T1171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 194.378760][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.385446][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.751751][ T7678] Process accounting resumed [ 196.023639][ T7721] futex_wake_op: syz.3.333 tries to shift op by -2048; fix this program [ 196.294908][ T7733] ubi0: attaching mtd0 [ 196.324313][ T7733] ubi0: scanning is finished [ 196.331315][ T7733] ubi0: empty MTD device detected [ 196.749307][ T7733] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 197.136280][ T5638] Bluetooth: hci3: unexpected subevent 0x05 length: 123 > 12 [ 199.166504][ T5638] Bluetooth: hci3: command 0x0c1a tx timeout [ 200.982782][ T5638] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 201.169787][ T7807] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 201.217526][ T7807] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 201.257334][ T7807] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 201.280148][ T7807] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 201.297209][ T7807] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 201.938490][ T7843] nfs: Bad value for 'source' [ 202.095371][ T7844] netlink: 28 bytes leftover after parsing attributes in process `syz.1.354'. [ 202.129001][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 202.692996][ T7858] netlink: 'syz.0.360': attribute type 11 has an invalid length. [ 202.725667][ T7858] netlink: 'syz.0.360': attribute type 11 has an invalid length. [ 202.740780][ T7858] netlink: 'syz.0.360': attribute type 11 has an invalid length. [ 202.766909][ T7858] netlink: 'syz.0.360': attribute type 11 has an invalid length. [ 202.774707][ T7858] netlink: 'syz.0.360': attribute type 11 has an invalid length. [ 202.782934][ T7858] netlink: 17876 bytes leftover after parsing attributes in process `syz.0.360'. [ 203.329249][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 203.329303][ T5638] Bluetooth: hci0: command 0x0c1a tx timeout [ 203.335609][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 203.384667][ T7879] random: crng reseeded on system resumption [ 204.206177][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 206.661108][ T7971] sd 0:0:1:0: PR command failed: 1026 [ 206.693517][ T7971] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 206.712621][ T7971] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 207.010407][ T7933] Process accounting resumed [ 207.319336][ T7973] NFSD: Failed to start, no listeners configured. [ 207.565521][ T7990] Device name cannot be null; rc = [-22] [ 209.474979][ T8033] netlink: 'syz.3.390': attribute type 11 has an invalid length. [ 209.492143][ T8033] netlink: 'syz.3.390': attribute type 11 has an invalid length. [ 209.503705][ T8033] netlink: 'syz.3.390': attribute type 11 has an invalid length. [ 209.529088][ T8033] netlink: 'syz.3.390': attribute type 11 has an invalid length. [ 209.556725][ T8033] netlink: 'syz.3.390': attribute type 11 has an invalid length. [ 209.569609][ T8033] netlink: 17876 bytes leftover after parsing attributes in process `syz.3.390'. [ 209.604676][ T8038] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 209.661897][ T8038] CIFS mount error: No usable UNC path provided in device string! [ 209.661897][ T8038] [ 209.710663][ T8038] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 212.444581][ T8091] netlink: 'syz.2.402': attribute type 11 has an invalid length. [ 212.479219][ T8091] netlink: 'syz.2.402': attribute type 11 has an invalid length. [ 212.509307][ T8091] netlink: 'syz.2.402': attribute type 11 has an invalid length. [ 212.547619][ T8091] netlink: 'syz.2.402': attribute type 11 has an invalid length. [ 212.582160][ T8091] netlink: 'syz.2.402': attribute type 11 has an invalid length. [ 212.617923][ T8091] netlink: 17876 bytes leftover after parsing attributes in process `syz.2.402'. [ 213.800343][ T8105] vhci_hcd vhci_hcd.2: invalid port number 16 [ 213.815088][ T8105] vhci_hcd vhci_hcd.2: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub [ 214.945450][ T8134] netlink: 28 bytes leftover after parsing attributes in process `syz.0.412'. [ 214.977661][ T8134] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.994440][ T8134] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 215.015903][ T8137] netlink: 'syz.1.413': attribute type 11 has an invalid length. [ 215.025824][ T8137] netlink: 'syz.1.413': attribute type 11 has an invalid length. [ 215.034647][ T8137] netlink: 'syz.1.413': attribute type 11 has an invalid length. [ 215.044245][ T8137] netlink: 'syz.1.413': attribute type 11 has an invalid length. [ 215.054006][ T8134] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 215.061974][ T8137] netlink: 'syz.1.413': attribute type 11 has an invalid length. [ 215.070126][ T8134] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 215.080029][ T8137] netlink: 17876 bytes leftover after parsing attributes in process `syz.1.413'. [ 215.130446][ T8133] FAULT_INJECTION: forcing a failure. [ 215.130446][ T8133] name fail_futex, interval 1, probability 0, space 0, times 0 [ 215.174325][ T8133] CPU: 1 UID: 0 PID: 8133 Comm: syz.0.412 Tainted: G L syzkaller #0 PREEMPT(full) [ 215.174369][ T8133] Tainted: [L]=SOFTLOCKUP [ 215.174379][ T8133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 215.174396][ T8133] Call Trace: [ 215.174405][ T8133] [ 215.174416][ T8133] dump_stack_lvl+0x100/0x190 [ 215.174455][ T8133] should_fail_ex.cold+0x5/0xa [ 215.174491][ T8133] get_futex_key+0x1d2/0x14f0 [ 215.174528][ T8133] ? __pfx_get_futex_key+0x10/0x10 [ 215.174559][ T8133] ? find_held_lock+0x2b/0x80 [ 215.174593][ T8133] ? is_bpf_text_address+0x8a/0x1a0 [ 215.174627][ T8133] ? is_bpf_text_address+0x8a/0x1a0 [ 215.174651][ T8133] futex_wait_setup+0x91/0x540 [ 215.174677][ T8133] __futex_wait+0x19f/0x300 [ 215.174700][ T8133] ? __pfx___futex_wait+0x10/0x10 [ 215.174719][ T8133] ? futex_hash+0x311/0x400 [ 215.174735][ T8133] ? __pfx_futex_wake_mark+0x10/0x10 [ 215.174757][ T8133] ? __pfx_futex_hash+0x10/0x10 [ 215.174771][ T8133] ? kasan_save_stack+0x3f/0x50 [ 215.174789][ T8133] ? kasan_save_stack+0x30/0x50 [ 215.174806][ T8133] ? kasan_save_track+0x14/0x30 [ 215.174823][ T8133] ? kasan_save_free_info+0x3b/0x70 [ 215.174836][ T8133] ? __kasan_slab_free+0x5f/0x80 [ 215.174857][ T8133] futex_wait+0xe6/0x370 [ 215.174877][ T8133] ? __pfx_futex_wait+0x10/0x10 [ 215.174906][ T8133] do_futex+0x265/0x440 [ 215.174923][ T8133] ? __pfx_do_futex+0x10/0x10 [ 215.174943][ T8133] __x64_sys_futex+0x34f/0x4d0 [ 215.174961][ T8133] ? putname+0xb1/0x110 [ 215.174977][ T8133] ? __pfx___x64_sys_futex+0x10/0x10 [ 215.175001][ T8133] do_syscall_64+0x115/0x840 [ 215.175015][ T8133] ? clear_bhb_loop+0x40/0x90 [ 215.175033][ T8133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.175048][ T8133] RIP: 0033:0x7fc08099de59 [ 215.175062][ T8133] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 215.175075][ T8133] RSP: 002b:00007fc0818fa0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 215.175090][ T8133] RAX: ffffffffffffffda RBX: 00007fc080c25fa8 RCX: 00007fc08099de59 [ 215.175100][ T8133] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc080c25fa8 [ 215.175108][ T8133] RBP: 00007fc080c25fa0 R08: 0000000000000000 R09: 0000000000000000 [ 215.175117][ T8133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 215.175126][ T8133] R13: 00007fc080c26038 R14: 00007ffc20d83220 R15: 00007ffc20d83308 [ 215.175145][ T8133] [ 215.538121][ T8140] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 216.840988][ T8180] netlink: 28 bytes leftover after parsing attributes in process `syz.2.422'. [ 217.420455][ T8186] netlink: 'syz.1.424': attribute type 11 has an invalid length. [ 217.450772][ T8186] netlink: 'syz.1.424': attribute type 11 has an invalid length. [ 217.472878][ T8186] netlink: 'syz.1.424': attribute type 11 has an invalid length. [ 217.497416][ T8186] netlink: 'syz.1.424': attribute type 11 has an invalid length. [ 217.506181][ T8186] netlink: 'syz.1.424': attribute type 11 has an invalid length. [ 217.544549][ T8186] netlink: 17876 bytes leftover after parsing attributes in process `syz.1.424'. [ 220.232511][ T8225] netlink: 'syz.2.434': attribute type 1 has an invalid length. [ 220.252222][ T8225] netlink: 'syz.2.434': attribute type 1 has an invalid length. [ 220.440076][ T8176] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 220.450347][ T8176] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 220.479161][ T8176] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 220.491608][ T8176] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 220.777585][ T8231] netlink: 'syz.3.436': attribute type 11 has an invalid length. [ 220.793367][ T8231] netlink: 'syz.3.436': attribute type 11 has an invalid length. [ 220.801644][ T8231] netlink: 'syz.3.436': attribute type 11 has an invalid length. [ 220.809785][ T8231] netlink: 'syz.3.436': attribute type 11 has an invalid length. [ 220.819732][ T8231] netlink: 'syz.3.436': attribute type 11 has an invalid length. [ 220.831398][ T8231] netlink: 17876 bytes leftover after parsing attributes in process `syz.3.436'. [ 221.887139][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 222.025421][ T8233] ima: policy update failed [ 222.063008][ T29] audit: type=1802 audit(1782992072.739:13): pid=8233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.437" res=0 errno=0 [ 222.526805][ T5638] Bluetooth: hci0: command 0x0c1a tx timeout [ 222.533084][ T5642] Bluetooth: hci2: command 0x0c1a tx timeout [ 222.540680][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 222.767995][ T8263] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 222.783380][ T8263] File: /dev/sda PID: 8263 Comm: syz.1.443 [ 223.033758][ T8263] zram: Removed device: zram0 [ 224.121907][ T8295] netlink: 'syz.3.447': attribute type 11 has an invalid length. [ 224.151822][ T8295] netlink: 'syz.3.447': attribute type 11 has an invalid length. [ 224.178583][ T8295] netlink: 'syz.3.447': attribute type 11 has an invalid length. [ 224.187225][ T8295] netlink: 'syz.3.447': attribute type 11 has an invalid length. [ 224.197316][ T8295] netlink: 'syz.3.447': attribute type 11 has an invalid length. [ 224.232695][ T8295] netlink: 17876 bytes leftover after parsing attributes in process `syz.3.447'. [ 224.263393][ T8262] Process accounting resumed [ 224.770273][ T8304] netlink: 28 bytes leftover after parsing attributes in process `syz.3.449'. [ 228.114224][ T8331] tipc: Started in network mode [ 228.134752][ T8331] tipc: Node identity ee00, cluster identity 4711 [ 228.159761][ T8331] tipc: Node number set to 60928 [ 228.420141][ T8346] netlink: 'syz.3.458': attribute type 11 has an invalid length. [ 228.447925][ T8346] netlink: 'syz.3.458': attribute type 11 has an invalid length. [ 228.465686][ T8346] netlink: 'syz.3.458': attribute type 11 has an invalid length. [ 228.487592][ T8346] netlink: 'syz.3.458': attribute type 11 has an invalid length. [ 228.513367][ T8346] netlink: 'syz.3.458': attribute type 11 has an invalid length. [ 228.543705][ T8346] netlink: 17876 bytes leftover after parsing attributes in process `syz.3.458'. [ 230.117105][ T8374] netlink: 28 bytes leftover after parsing attributes in process `syz.1.464'. [ 231.505898][ T8403] Invalid ELF header magic: != ELF [ 232.004444][ T29] audit: type=1800 audit(1782992082.679:14): pid=8419 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.470" name="dbroot" dev="configfs" ino=24434 res=0 errno=0 [ 232.305585][ T8414] Invalid ELF header magic: != ELF [ 236.872053][ T8524] pci 0000:00:00.0: MSI/MSI-X allowed for future drivers [ 237.097088][ T8501] Process accounting resumed [ 237.739747][ T8552] cifs: Unknown parameter '‰ƒ´ÕéŒ)¬ Up†µÌ¢{´¼V ]7ž62']ßΨÉú!²gÉÊ®Ë7ú9½ófM¸<*y¢sEéhîé”' [ 237.792236][ T8550] FAULT_INJECTION: forcing a failure. [ 237.792236][ T8550] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 237.843215][ T8550] CPU: 0 UID: 0 PID: 8550 Comm: syz.3.494 Tainted: G L syzkaller #0 PREEMPT(full) [ 237.843241][ T8550] Tainted: [L]=SOFTLOCKUP [ 237.843246][ T8550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 237.843258][ T8550] Call Trace: [ 237.843264][ T8550] [ 237.843270][ T8550] dump_stack_lvl+0x100/0x190 [ 237.843293][ T8550] should_fail_ex.cold+0x5/0xa [ 237.843311][ T8550] ? prepare_alloc_pages+0x16d/0x5f0 [ 237.843335][ T8550] should_fail_alloc_page+0xeb/0x140 [ 237.843357][ T8550] prepare_alloc_pages+0x1f0/0x5f0 [ 237.843382][ T8550] __alloc_frozen_pages_noprof+0x1af/0x2dc0 [ 237.843402][ T8550] ? stack_trace_save+0x8e/0xc0 [ 237.843427][ T8550] ? __pfx_stack_trace_save+0x10/0x10 [ 237.843448][ T8550] ? stack_depot_save_flags+0x27/0x9d0 [ 237.843471][ T8550] ? kasan_save_stack+0x3f/0x50 [ 237.843488][ T8550] ? kasan_save_stack+0x30/0x50 [ 237.843511][ T8550] ? kasan_save_track+0x14/0x30 [ 237.843545][ T8550] ? kasan_save_stack+0x3f/0x50 [ 237.843575][ T8550] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 237.843616][ T8550] ? __lock_acquire+0x49f/0x1a40 [ 237.843630][ T8550] ? __lock_acquire+0x49f/0x1a40 [ 237.843649][ T8550] ? lock_acquire+0x1b9/0x370 [ 237.843662][ T8550] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 237.843686][ T8550] ? policy_nodemask+0xed/0x4f0 [ 237.843708][ T8550] alloc_pages_mpol+0x1fb/0x540 [ 237.843730][ T8550] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 237.843757][ T8550] folio_alloc_mpol_noprof+0x36/0x260 [ 237.843782][ T8550] vma_alloc_folio_noprof+0xed/0x1d0 [ 237.843806][ T8550] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 237.843835][ T8550] do_anonymous_page+0xb2b/0x2080 [ 237.843851][ T8550] ? rcu_read_unlock+0x2d/0xb0 [ 237.843871][ T8550] __handle_mm_fault+0x1d2c/0x2a00 [ 237.843889][ T8550] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 237.843908][ T8550] ? __pfx___handle_mm_fault+0x10/0x10 [ 237.843932][ T8550] ? pte_offset_map_lock+0x174/0x320 [ 237.843951][ T8550] ? find_held_lock+0x2b/0x80 [ 237.843976][ T8550] ? follow_page_pte+0x4d0/0x13f0 [ 237.844001][ T8550] handle_mm_fault+0x37b/0xa30 [ 237.844019][ T8550] __get_user_pages+0x1178/0x32a0 [ 237.844047][ T8550] ? __pfx___get_user_pages+0x10/0x10 [ 237.844073][ T8550] populate_vma_page_range+0x267/0x3f0 [ 237.844096][ T8550] ? __pfx_populate_vma_page_range+0x10/0x10 [ 237.844118][ T8550] ? __pfx_find_vma_intersection+0x10/0x10 [ 237.844139][ T8550] ? do_mmap+0x93f/0x12f0 [ 237.844161][ T8550] __mm_populate+0x107/0x3a0 [ 237.844184][ T8550] ? __pfx___mm_populate+0x10/0x10 [ 237.844207][ T8550] ? up_write+0x2e5/0x5c0 [ 237.844224][ T8550] vm_mmap_pgoff+0x37f/0x470 [ 237.844248][ T8550] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 237.844271][ T8550] ? __pfx_do_futex+0x10/0x10 [ 237.844287][ T8550] ? __pfx___might_resched+0x10/0x10 [ 237.844313][ T8550] ksys_mmap_pgoff+0xe4/0x610 [ 237.844333][ T8550] ? __x64_sys_futex+0x358/0x4d0 [ 237.844350][ T8550] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 237.844370][ T8550] ? xfd_validate_state+0x129/0x190 [ 237.844392][ T8550] __x64_sys_mmap+0x125/0x190 [ 237.844419][ T8550] do_syscall_64+0x115/0x840 [ 237.844433][ T8550] ? clear_bhb_loop+0x40/0x90 [ 237.844451][ T8550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.844466][ T8550] RIP: 0033:0x7ff404f9de59 [ 237.844479][ T8550] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 237.844493][ T8550] RSP: 002b:00007ff405ea3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 237.844513][ T8550] RAX: ffffffffffffffda RBX: 00007ff405225fa0 RCX: 00007ff404f9de59 [ 237.844523][ T8550] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 237.844531][ T8550] RBP: 00007ff405033e6f R08: ffffffffffffffff R09: 0000000000008000 [ 237.844540][ T8550] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 237.844549][ T8550] R13: 00007ff405226038 R14: 00007ff405225fa0 R15: 00007fffe898da88 [ 237.844568][ T8550] [ 238.875083][ T8569] FAULT_INJECTION: forcing a failure. [ 238.875083][ T8569] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 238.978830][ T8569] CPU: 1 UID: 0 PID: 8569 Comm: syz.2.498 Tainted: G L syzkaller #0 PREEMPT(full) [ 238.978875][ T8569] Tainted: [L]=SOFTLOCKUP [ 238.978884][ T8569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 238.978899][ T8569] Call Trace: [ 238.978907][ T8569] [ 238.978917][ T8569] dump_stack_lvl+0x100/0x190 [ 238.978957][ T8569] should_fail_ex.cold+0x5/0xa [ 238.978991][ T8569] _copy_from_user+0x2e/0xd0 [ 238.979029][ T8569] copy_msghdr_from_user+0x9f/0x4c0 [ 238.979072][ T8569] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 238.979118][ T8569] ? rcu_is_watching+0x12/0xc0 [ 238.979149][ T8569] ? ___sys_sendmsg+0x19d/0x1e0 [ 238.979185][ T8569] ? kfree+0x1e5/0x6c0 [ 238.979216][ T8569] ___sys_sendmsg+0x106/0x1e0 [ 238.979258][ T8569] ? __pfx____sys_sendmsg+0x10/0x10 [ 238.979297][ T8569] ? futex_hash+0x311/0x400 [ 238.979345][ T8569] ? find_held_lock+0x2b/0x80 [ 238.979400][ T8569] __sys_sendmmsg+0x20c/0x440 [ 238.979437][ T8569] ? __pfx___sys_sendmmsg+0x10/0x10 [ 238.979479][ T8569] ? __pfx_do_futex+0x10/0x10 [ 238.979506][ T8569] ? __pfx___might_resched+0x10/0x10 [ 238.979556][ T8569] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 238.979594][ T8569] ? xfd_validate_state+0x129/0x190 [ 238.979636][ T8569] __x64_sys_sendmmsg+0x9c/0x100 [ 238.979669][ T8569] ? lockdep_hardirqs_on+0x78/0x100 [ 238.979711][ T8569] do_syscall_64+0x115/0x840 [ 238.979735][ T8569] ? clear_bhb_loop+0x40/0x90 [ 238.979770][ T8569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.979798][ T8569] RIP: 0033:0x7f745fd9de59 [ 238.979822][ T8569] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 238.979843][ T8569] RSP: 002b:00007f7460d22028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 238.979867][ T8569] RAX: ffffffffffffffda RBX: 00007f7460026090 RCX: 00007f745fd9de59 [ 238.979885][ T8569] RDX: 0000000000400003 RSI: 0000000000000000 RDI: 0000000000000004 [ 238.979900][ T8569] RBP: 00007f745fe33e6f R08: 0000000000000000 R09: 0000000000000000 [ 238.979917][ T8569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 238.979933][ T8569] R13: 00007f7460026128 R14: 00007f7460026090 R15: 00007ffcea6b9058 [ 238.979970][ T8569] [ 240.990282][ T8622] netlink: 146 bytes leftover after parsing attributes in process `syz.3.508'. [ 242.225240][ T8659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.515'. [ 242.245188][ T8659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.515'. [ 243.585898][ T8701] netlink: 186 bytes leftover after parsing attributes in process `syz.2.519'. [ 243.753851][ T8704] netlink: 25 bytes leftover after parsing attributes in process `syz.3.521'. [ 244.549829][ T8710] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 245.782913][ T8738] FAULT_INJECTION: forcing a failure. [ 245.782913][ T8738] name failslab, interval 1, probability 0, space 0, times 0 [ 245.804580][ T8738] CPU: 1 UID: 8 PID: 8738 Comm: syz.1.528 Tainted: G L syzkaller #0 PREEMPT(full) [ 245.804606][ T8738] Tainted: [L]=SOFTLOCKUP [ 245.804612][ T8738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 245.804621][ T8738] Call Trace: [ 245.804626][ T8738] [ 245.804632][ T8738] dump_stack_lvl+0x100/0x190 [ 245.804678][ T8738] should_fail_ex.cold+0x5/0xa [ 245.804705][ T8738] should_failslab+0xc2/0x120 [ 245.804727][ T8738] kmem_cache_alloc_noprof+0x91/0x6a0 [ 245.804747][ T8738] ? prepare_creds+0x2c/0x950 [ 245.804772][ T8738] prepare_creds+0x2c/0x950 [ 245.804796][ T8738] __sys_setfsuid+0xda/0x380 [ 245.804814][ T8738] do_syscall_64+0x115/0x840 [ 245.804829][ T8738] ? clear_bhb_loop+0x40/0x90 [ 245.804847][ T8738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.804862][ T8738] RIP: 0033:0x7f996379de59 [ 245.804877][ T8738] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 245.804891][ T8738] RSP: 002b:00007f9964632028 EFLAGS: 00000246 ORIG_RAX: 000000000000007a [ 245.804906][ T8738] RAX: ffffffffffffffda RBX: 00007f9963a25fa0 RCX: 00007f996379de59 [ 245.804915][ T8738] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee00 [ 245.804924][ T8738] RBP: 00007f9963833e6f R08: 0000000000000000 R09: 0000000000000000 [ 245.804933][ T8738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 245.804942][ T8738] R13: 00007f9963a26038 R14: 00007f9963a25fa0 R15: 00007ffc0a47aa78 [ 245.804961][ T8738] [ 247.483863][ T8755] smpboot: CPU 1 is now offline [ 247.773309][ T8761] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.534: iget: checksum invalid [ 247.945317][ T8761] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 248.202794][ T8761] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.534: iget: checksum invalid [ 248.383877][ T8761] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 248.497960][ T8761] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.534: iget: checksum invalid [ 248.604326][ T8761] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 248.751366][ T8761] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.534: iget: checksum invalid [ 248.833101][ T8761] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 248.919471][ T8761] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 248.983603][ T8761] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 250.535015][ T8824] random: crng reseeded on system resumption [ 251.061283][ T8838] blktrace: Concurrent blktraces are not allowed on nbd5 [ 251.272718][ T29] audit: type=1800 audit(1782992101.949:15): pid=8840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.549" name="version" dev="configfs" ino=27773 res=0 errno=0 [ 252.188259][ T8843] zswap: compressor FÛâ(š not available [ 252.715176][ T8870] input: f¬ as /devices/virtual/input/input9 [ 252.919391][ T8850] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 253.743424][ T8887] FAULT_INJECTION: forcing a failure. [ 253.743424][ T8887] name failslab, interval 1, probability 0, space 0, times 0 [ 253.795293][ T8887] CPU: 0 UID: 0 PID: 8887 Comm: syz.1.561 Tainted: G L syzkaller #0 PREEMPT(full) [ 253.795319][ T8887] Tainted: [L]=SOFTLOCKUP [ 253.795325][ T8887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 253.795333][ T8887] Call Trace: [ 253.795338][ T8887] [ 253.795344][ T8887] dump_stack_lvl+0x100/0x190 [ 253.795368][ T8887] should_fail_ex.cold+0x5/0xa [ 253.795389][ T8887] should_failslab+0xc2/0x120 [ 253.795411][ T8887] __kmalloc_cache_noprof+0x91/0x6c0 [ 253.795428][ T8887] ? kobject_uevent_env+0x263/0x18b0 [ 253.795453][ T8887] kobject_uevent_env+0x263/0x18b0 [ 253.795475][ T8887] ? bus_to_subsys+0x114/0x150 [ 253.795493][ T8887] device_add+0x1173/0x1970 [ 253.795517][ T8887] ? __pfx_device_add+0x10/0x10 [ 253.795538][ T8887] ? lockdep_init_map_type+0x5c/0x250 [ 253.795555][ T8887] ? __init_waitqueue_head+0xca/0x150 [ 253.795576][ T8887] rfkill_register+0x1ad/0xb30 [ 253.795601][ T8887] nfc_register_device+0x11f/0x3e0 [ 253.795618][ T8887] nci_register_device+0x7f1/0xb80 [ 253.795642][ T8887] ? __pfx_nci_register_device+0x10/0x10 [ 253.795666][ T8887] ? lockdep_init_map_type+0x5c/0x250 [ 253.795684][ T8887] virtual_ncidev_open+0x141/0x220 [ 253.795707][ T8887] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 253.795729][ T8887] misc_open+0x26d/0x450 [ 253.795744][ T8887] ? __pfx_misc_open+0x10/0x10 [ 253.795758][ T8887] chrdev_open+0x234/0x6a0 [ 253.795774][ T8887] ? __pfx_apparmor_file_open+0x10/0x10 [ 253.795791][ T8887] ? __pfx_chrdev_open+0x10/0x10 [ 253.795807][ T8887] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 253.795828][ T8887] do_dentry_open+0x6ab/0x14d0 [ 253.795843][ T8887] ? __pfx_chrdev_open+0x10/0x10 [ 253.795862][ T8887] vfs_open+0x82/0x3f0 [ 253.795884][ T8887] path_openat+0x2873/0x4280 [ 253.795908][ T8887] ? __pfx_path_openat+0x10/0x10 [ 253.795929][ T8887] do_file_open+0x20e/0x430 [ 253.795945][ T8887] ? __pfx_do_file_open+0x10/0x10 [ 253.795981][ T8887] ? alloc_fd+0x471/0x7a0 [ 253.795998][ T8887] ? do_getname+0x191/0x390 [ 253.796018][ T8887] do_sys_openat2+0x10f/0x1e0 [ 253.796038][ T8887] ? __pfx_do_sys_openat2+0x10/0x10 [ 253.796059][ T8887] ? __fget_files+0x21f/0x3d0 [ 253.796077][ T8887] __x64_sys_openat+0x12d/0x210 [ 253.796097][ T8887] ? __pfx___x64_sys_openat+0x10/0x10 [ 253.796124][ T8887] do_syscall_64+0x115/0x840 [ 253.796137][ T8887] ? clear_bhb_loop+0x40/0x90 [ 253.796155][ T8887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.796170][ T8887] RIP: 0033:0x7f996379de59 [ 253.796184][ T8887] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 253.796197][ T8887] RSP: 002b:00007f9964632028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 253.796212][ T8887] RAX: ffffffffffffffda RBX: 00007f9963a25fa0 RCX: 00007f996379de59 [ 253.796222][ T8887] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 253.796231][ T8887] RBP: 00007f9963833e6f R08: 0000000000000000 R09: 0000000000000000 [ 253.796239][ T8887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 253.796248][ T8887] R13: 00007f9963a26038 R14: 00007f9963a25fa0 R15: 00007ffc0a47aa78 [ 253.796267][ T8887] [ 254.619273][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 254.629090][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 254.711031][ T8865] Process accounting paused [ 255.602957][ T8889] ima: policy update failed [ 255.621471][ T29] audit: type=1802 audit(1782992106.299:16): pid=8889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.561" res=0 errno=0 [ 255.784345][ T8898] random: crng reseeded on system resumption [ 256.097697][ T8921] vivid-007: ================= START STATUS ================= [ 256.214681][ T8921] vivid-007: Enable Output Cropping: true grabbed [ 256.250112][ T8920] nvme_fabrics: missing parameter 'transport=%s' [ 256.263473][ T8908] Process accounting resumed [ 256.277624][ T8920] nvme_fabrics: missing parameter 'nqn=%s' [ 256.315228][ T8921] vivid-007: Enable Output Composing: true grabbed [ 256.363719][ T8921] vivid-007: Enable Output Scaler: true grabbed [ 256.401186][ T8921] vivid-007: Tx RGB Quantization Range: Automatic grabbed [ 256.462522][ T8921] vivid-007: Transmit Mode: HDMI grabbed [ 256.525762][ T8921] vivid-007: Hotplug Present: 0x00000000 [ 256.581448][ T8921] vivid-007: RxSense Present: 0x00000000 [ 256.735495][ T8921] vivid-007: EDID Present: 0x00000000 [ 256.794242][ T8921] vivid-007: ================== END STATUS ================== [ 257.498213][ T8958] random: crng reseeded on system resumption [ 259.502367][ T9003] netlink: 28 bytes leftover after parsing attributes in process `syz.1.576'. [ 259.615047][ T9003] nbd: must specify at least one socket [ 261.659460][ T7377] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:21: bg 1: bad block bitmap checksum [ 261.745917][ T7377] EXT4-fs (sda1): Delayed block allocation failed for inode 2030 at logical offset 903 with max blocks 27 with error 74 [ 261.825257][ T7377] EXT4-fs (sda1): This should not happen!! Data will be lost [ 261.825257][ T7377] [ 262.220646][ T9026] tipc: Started in network mode [ 262.240905][ T9026] tipc: Node identity ee00, cluster identity 4711 [ 262.266775][ T9026] tipc: Node number set to 60928 [ 264.892614][ T9072] Process accounting resumed [ 265.689803][ T9125] syz.1.599 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 265.717726][ T9132] netlink: 28 bytes leftover after parsing attributes in process `syz.2.600'. [ 266.772224][ T50] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 266.772250][ T50] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15 [ 266.787169][ T50] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 267.352063][ T9168] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.605: iget: checksum invalid [ 267.613997][ T9168] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 267.801568][ T9168] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.605: iget: checksum invalid [ 268.067590][ T9168] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 268.184122][ T9168] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.605: iget: checksum invalid [ 268.384066][ T9168] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 268.584843][ T9168] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.605: iget: checksum invalid [ 268.813332][ T9168] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 269.004718][ T9168] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 269.146120][ T9168] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 269.531517][ T9168] Process accounting paused [ 269.992220][ T9211] random: crng reseeded on system resumption [ 271.923755][ T9243] netlink: 28 bytes leftover after parsing attributes in process `syz.0.616'. [ 272.129689][ T9248] FAULT_INJECTION: forcing a failure. [ 272.129689][ T9248] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 272.184341][ T9248] CPU: 0 UID: 0 PID: 9248 Comm: syz.2.617 Tainted: G L syzkaller #0 PREEMPT(full) [ 272.184368][ T9248] Tainted: [L]=SOFTLOCKUP [ 272.184373][ T9248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 272.184382][ T9248] Call Trace: [ 272.184388][ T9248] [ 272.184393][ T9248] dump_stack_lvl+0x100/0x190 [ 272.184418][ T9248] should_fail_ex.cold+0x5/0xa [ 272.184436][ T9248] ? prepare_alloc_pages+0x16d/0x5f0 [ 272.184461][ T9248] should_fail_alloc_page+0xeb/0x140 [ 272.184483][ T9248] prepare_alloc_pages+0x1f0/0x5f0 [ 272.184507][ T9248] __alloc_frozen_pages_noprof+0x1af/0x2dc0 [ 272.184539][ T9248] ? find_held_lock+0x2b/0x80 [ 272.184561][ T9248] ? clockevents_program_event+0x1bf/0x820 [ 272.184580][ T9248] ? clockevents_program_event+0x1bf/0x820 [ 272.184598][ T9248] ? folios_put_refs+0x58a/0xaa0 [ 272.184616][ T9248] ? __lock_acquire+0x49f/0x1a40 [ 272.184632][ T9248] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 272.184649][ T9248] ? __css_rstat_updated+0x1ce/0x5a0 [ 272.184676][ T9248] ? do_raw_spin_lock+0x128/0x260 [ 272.184692][ T9248] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 272.184709][ T9248] ? find_held_lock+0x2b/0x80 [ 272.184733][ T9248] ? __lock_acquire+0x49f/0x1a40 [ 272.184746][ T9248] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 272.184769][ T9248] ? policy_nodemask+0xed/0x4f0 [ 272.184791][ T9248] alloc_pages_mpol+0x1fb/0x540 [ 272.184813][ T9248] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 272.184835][ T9248] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 272.184853][ T9248] folio_alloc_mpol_noprof+0x36/0x260 [ 272.184878][ T9248] shmem_alloc_folio+0x135/0x160 [ 272.184902][ T9248] shmem_alloc_and_add_folio+0x371/0xd40 [ 272.184923][ T9248] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 272.184941][ T9248] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 272.184961][ T9248] shmem_get_folio_gfp+0x6ad/0x1910 [ 272.184982][ T9248] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 272.184998][ T9248] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 272.185015][ T9248] ? lockdep_hardirqs_on+0x78/0x100 [ 272.185040][ T9248] shmem_fault+0x1f9/0xa20 [ 272.185056][ T9248] ? __lock_acquire+0x49f/0x1a40 [ 272.185069][ T9248] ? __pfx_shmem_fault+0x10/0x10 [ 272.185084][ T9248] ? rcu_is_watching+0x12/0xc0 [ 272.185112][ T9248] ? __pfx_filemap_map_pages+0x10/0x10 [ 272.185126][ T9248] __do_fault+0x10b/0x440 [ 272.185150][ T9248] ? find_held_lock+0x2b/0x80 [ 272.185171][ T9248] do_fault+0x2db/0x1750 [ 272.185196][ T9248] __handle_mm_fault+0x187d/0x2a00 [ 272.185214][ T9248] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 272.185234][ T9248] ? __pfx___handle_mm_fault+0x10/0x10 [ 272.185251][ T9248] ? pte_offset_map_lock+0x174/0x320 [ 272.185271][ T9248] ? find_held_lock+0x2b/0x80 [ 272.185295][ T9248] ? follow_page_pte+0x4d0/0x13f0 [ 272.185319][ T9248] handle_mm_fault+0x37b/0xa30 [ 272.185337][ T9248] __get_user_pages+0x1178/0x32a0 [ 272.185363][ T9248] ? down_read_killable+0x35e/0x520 [ 272.185380][ T9248] ? __pfx___get_user_pages+0x10/0x10 [ 272.185406][ T9248] faultin_page_range+0x1f1/0x9e0 [ 272.185432][ T9248] madvise_do_behavior+0x354/0x510 [ 272.185457][ T9248] ? __pfx_madvise_do_behavior+0x10/0x10 [ 272.185480][ T9248] ? __pfx_futex_wait+0x10/0x10 [ 272.185507][ T9248] do_madvise+0x238/0x290 [ 272.185529][ T9248] ? __pfx_do_madvise+0x10/0x10 [ 272.185550][ T9248] ? do_futex+0x190/0x440 [ 272.185570][ T9248] ? _raw_spin_unlock_irq+0x23/0x50 [ 272.185603][ T9248] __x64_sys_madvise+0xa9/0x110 [ 272.185624][ T9248] ? lockdep_hardirqs_on+0x78/0x100 [ 272.185647][ T9248] do_syscall_64+0x115/0x840 [ 272.185660][ T9248] ? clear_bhb_loop+0x40/0x90 [ 272.185678][ T9248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.185693][ T9248] RIP: 0033:0x7f745fd9de59 [ 272.185707][ T9248] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 272.185721][ T9248] RSP: 002b:00007f7460d22028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 272.185739][ T9248] RAX: ffffffffffffffda RBX: 00007f7460026090 RCX: 00007f745fd9de59 [ 272.185749][ T9248] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 272.185758][ T9248] RBP: 00007f745fe33e6f R08: 0000000000000000 R09: 0000000000000000 [ 272.185767][ T9248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 272.185775][ T9248] R13: 00007f7460026128 R14: 00007f7460026090 R15: 00007ffcea6b9058 [ 272.185794][ T9248] [ 274.393746][ T9281] netlink: 28 bytes leftover after parsing attributes in process `syz.0.622'. [ 274.651688][ T9282] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 274.727966][ T9282] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 274.807400][ T9282] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 274.899881][ T9282] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 275.111806][ T9294] Process accounting resumed [ 275.567058][ T9311] random: crng reseeded on system resumption [ 275.711625][ T9319] binder: 9301:9319 ioctl c018620c 200000000040 returned -22 [ 276.686421][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 276.766428][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 276.846111][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 276.927303][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 277.180111][ T9349] Process accounting resumed [ 279.341765][ T9405] netlink: 338 bytes leftover after parsing attributes in process `syz.3.647'. [ 279.475660][ T9403] netlink: 338 bytes leftover after parsing attributes in process `syz.3.647'. [ 279.742455][ T9408] netlink: 28 bytes leftover after parsing attributes in process `syz.1.650'. [ 279.758048][ T9416] random: crng reseeded on system resumption [ 281.209706][ T9447] netlink: 12 bytes leftover after parsing attributes in process `syz.3.656'. [ 282.411599][ T9455] can: request_module (can-proto-0) failed. [ 282.577703][ T9453] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.657: iget: checksum invalid [ 282.741550][ T9453] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 282.953998][ T9453] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.657: iget: checksum invalid [ 283.189896][ T9453] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 283.320711][ T9453] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.657: iget: checksum invalid [ 283.456781][ T9453] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 283.625182][ T9453] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.2.657: iget: checksum invalid [ 283.853256][ T9453] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 284.026212][ T9453] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 284.156432][ T9453] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 284.292531][ T9496] netlink: 28 bytes leftover after parsing attributes in process `syz.3.665'. [ 284.326908][ T9495] netlink: 50 bytes leftover after parsing attributes in process `syz.0.666'. [ 285.281073][ T9506] FAULT_INJECTION: forcing a failure. [ 285.281073][ T9506] name failslab, interval 1, probability 0, space 0, times 0 [ 285.342583][ T9506] CPU: 0 UID: 0 PID: 9506 Comm: syz.3.669 Tainted: G L syzkaller #0 PREEMPT(full) [ 285.342609][ T9506] Tainted: [L]=SOFTLOCKUP [ 285.342614][ T9506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 285.342623][ T9506] Call Trace: [ 285.342628][ T9506] [ 285.342633][ T9506] dump_stack_lvl+0x100/0x190 [ 285.342657][ T9506] should_fail_ex.cold+0x5/0xa [ 285.342678][ T9506] should_failslab+0xc2/0x120 [ 285.342700][ T9506] kmem_cache_alloc_noprof+0x91/0x6a0 [ 285.342719][ T9506] ? __pfx_map_id_range_down+0x10/0x10 [ 285.342740][ T9506] ? rcu_is_watching+0x12/0xc0 [ 285.342758][ T9506] ? security_inode_alloc+0x3b/0x2c0 [ 285.342778][ T9506] security_inode_alloc+0x3b/0x2c0 [ 285.342795][ T9506] inode_init_always_gfp+0xc77/0xfb0 [ 285.342814][ T9506] alloc_inode+0x8e/0x250 [ 285.342833][ T9506] new_inode+0x22/0x1c0 [ 285.342854][ T9506] shmem_get_inode+0x1e3/0xf70 [ 285.342885][ T9506] ? __pfx_shmem_get_inode+0x10/0x10 [ 285.342912][ T9506] __shmem_file_setup+0x382/0x460 [ 285.342935][ T9506] ? __pfx___shmem_file_setup+0x10/0x10 [ 285.342959][ T9506] ? vm_area_alloc+0x1f/0x160 [ 285.342976][ T9506] shmem_zero_setup+0x96/0x1b0 [ 285.342994][ T9506] __mmap_region+0x24ef/0x2db0 [ 285.343013][ T9506] ? __pfx___mmap_region+0x10/0x10 [ 285.343032][ T9506] ? __lock_acquire+0x49f/0x1a40 [ 285.343058][ T9506] ? __lock_acquire+0x49f/0x1a40 [ 285.343080][ T9506] ? hrtimer_start_range_ns_common+0x78e/0x18b0 [ 285.343107][ T9506] ? rcu_is_watching+0x12/0xc0 [ 285.343125][ T9506] ? finish_task_switch.isra.0+0x2c5/0x10c0 [ 285.343142][ T9506] ? lockdep_hardirqs_on+0x78/0x100 [ 285.343195][ T9506] mmap_region+0x35d/0x620 [ 285.343212][ T9506] ? rcu_is_watching+0x12/0xc0 [ 285.343229][ T9506] ? __pfx_mmap_region+0x10/0x10 [ 285.343248][ T9506] ? cap_mmap_addr+0x4b/0x120 [ 285.343264][ T9506] ? bpf_lsm_mmap_addr+0x9/0x30 [ 285.343278][ T9506] ? security_mmap_addr+0x71/0x1e0 [ 285.343298][ T9506] ? __get_unmapped_area+0x255/0x3e0 [ 285.343321][ T9506] do_mmap+0xc63/0x12f0 [ 285.343345][ T9506] ? __pfx_do_mmap+0x10/0x10 [ 285.343366][ T9506] ? __pfx_down_write_killable+0x10/0x10 [ 285.343382][ T9506] ? __pfx_futex_wait+0x10/0x10 [ 285.343404][ T9506] vm_mmap_pgoff+0x29e/0x470 [ 285.343428][ T9506] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 285.343451][ T9506] ? __pfx_do_futex+0x10/0x10 [ 285.343470][ T9506] ksys_mmap_pgoff+0xe4/0x610 [ 285.343491][ T9506] ? __x64_sys_futex+0x358/0x4d0 [ 285.343508][ T9506] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 285.343528][ T9506] ? xfd_validate_state+0x129/0x190 [ 285.343550][ T9506] __x64_sys_mmap+0x125/0x190 [ 285.343572][ T9506] do_syscall_64+0x115/0x840 [ 285.343584][ T9506] ? clear_bhb_loop+0x40/0x90 [ 285.343602][ T9506] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.343617][ T9506] RIP: 0033:0x7ff404f9de59 [ 285.343629][ T9506] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 285.343643][ T9506] RSP: 002b:00007ff405ea3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 285.343657][ T9506] RAX: ffffffffffffffda RBX: 00007ff405225fa0 RCX: 00007ff404f9de59 [ 285.343667][ T9506] RDX: 00000000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 285.343675][ T9506] RBP: 00007ff405033e6f R08: 00040000000000a5 R09: 0000000000008000 [ 285.343684][ T9506] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 285.343693][ T9506] R13: 00007ff405226038 R14: 00007ff405225fa0 R15: 00007fffe898da88 [ 285.343712][ T9506] [ 286.735315][ T9518] netlink: 28 bytes leftover after parsing attributes in process `syz.2.672'. [ 287.484756][ T29] audit: type=1800 audit(1782992144.158:17): pid=9559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.680" name="discovery_nqn" dev="configfs" ino=31366 res=0 errno=0 [ 287.554314][ T9560] netlink: 28 bytes leftover after parsing attributes in process `syz.2.678'. [ 289.411359][ T50] Bluetooth: hci2: unexpected event 0x18 length: 726 > 23 [ 290.292993][ T9582] kexec: Could not allocate control_code_buffer [ 294.225623][ T9553] Process accounting resumed [ 294.751220][ T9698] futex_wake_op: syz.3.712 tries to shift op by -2048; fix this program [ 294.911090][ T9698] futex_wake_op: syz.3.712 tries to shift op by -2048; fix this program [ 295.799706][ T9719] Process accounting resumed [ 296.731256][ T9743] FAULT_INJECTION: forcing a failure. [ 296.731256][ T9743] name failslab, interval 1, probability 0, space 0, times 0 [ 296.775084][ T9743] CPU: 0 UID: 0 PID: 9743 Comm: syz.3.723 Tainted: G L syzkaller #0 PREEMPT(full) [ 296.775111][ T9743] Tainted: [L]=SOFTLOCKUP [ 296.775116][ T9743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 296.775126][ T9743] Call Trace: [ 296.775131][ T9743] [ 296.775138][ T9743] dump_stack_lvl+0x100/0x190 [ 296.775163][ T9743] should_fail_ex.cold+0x5/0xa [ 296.775185][ T9743] should_failslab+0xc2/0x120 [ 296.775206][ T9743] kmem_cache_alloc_noprof+0x91/0x6a0 [ 296.775225][ T9743] ? __asan_memcpy+0x3c/0x60 [ 296.775242][ T9743] ? __kernfs_new_node+0xd2/0xa10 [ 296.775263][ T9743] __kernfs_new_node+0xd2/0xa10 [ 296.775280][ T9743] ? __pfx___kernfs_new_node+0x10/0x10 [ 296.775299][ T9743] ? find_held_lock+0x2b/0x80 [ 296.775317][ T9743] ? kernfs_root+0xee/0x2a0 [ 296.775337][ T9743] ? kernfs_root+0xee/0x2a0 [ 296.775363][ T9743] kernfs_new_node+0x117/0x150 [ 296.775381][ T9743] kernfs_create_link+0xcc/0x240 [ 296.775401][ T9743] sysfs_do_create_link_sd+0x90/0x140 [ 296.775423][ T9743] sysfs_create_link+0x61/0xc0 [ 296.775445][ T9743] device_add+0x675/0x1970 [ 296.775468][ T9743] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 296.775491][ T9743] ? __pfx_device_add+0x10/0x10 [ 296.775513][ T9743] ? lockdep_init_map_type+0x5c/0x250 [ 296.775529][ T9743] ? __init_waitqueue_head+0xca/0x150 [ 296.775549][ T9743] netdev_register_kobject+0x1a9/0x3d0 [ 296.775575][ T9743] register_netdevice+0x15b6/0x25a0 [ 296.775598][ T9743] ? __pfx_register_netdevice+0x10/0x10 [ 296.775623][ T9743] __ip_tunnel_create+0x52b/0x670 [ 296.775647][ T9743] ? __pfx___ip_tunnel_create+0x10/0x10 [ 296.775674][ T9743] ? net_generic+0xea/0x2a0 [ 296.775702][ T9743] ip_tunnel_init_net+0x230/0x780 [ 296.775719][ T9743] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 296.775741][ T9743] ? __pfx_ipgre_init_net+0x10/0x10 [ 296.775761][ T9743] ops_init+0x1e2/0x5f0 [ 296.775781][ T9743] setup_net+0x118/0x3a0 [ 296.775800][ T9743] ? __pfx_setup_net+0x10/0x10 [ 296.775818][ T9743] ? mutex_init_lockdep+0xf1/0x120 [ 296.775836][ T9743] copy_net_ns+0x46f/0x7c0 [ 296.775858][ T9743] create_new_namespaces+0x3ea/0xac0 [ 296.775879][ T9743] unshare_nsproxy_namespaces+0xf2/0x220 [ 296.775897][ T9743] ksys_unshare+0x438/0xab0 [ 296.775918][ T9743] ? __pfx_ksys_unshare+0x10/0x10 [ 296.775953][ T9743] __x64_sys_unshare+0x31/0x40 [ 296.775973][ T9743] do_syscall_64+0x115/0x840 [ 296.775989][ T9743] ? clear_bhb_loop+0x40/0x90 [ 296.776009][ T9743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.776025][ T9743] RIP: 0033:0x7ff404f9de59 [ 296.776039][ T9743] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 296.776053][ T9743] RSP: 002b:00007ff405ea3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 296.776068][ T9743] RAX: ffffffffffffffda RBX: 00007ff405225fa0 RCX: 00007ff404f9de59 [ 296.776078][ T9743] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 296.776087][ T9743] RBP: 00007ff405033e6f R08: 0000000000000000 R09: 0000000000000000 [ 296.776096][ T9743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 296.776104][ T9743] R13: 00007ff405226038 R14: 00007ff405225fa0 R15: 00007fffe898da88 [ 296.776125][ T9743] [ 299.890648][ T9782] netlink: 28 bytes leftover after parsing attributes in process `syz.0.730'. [ 300.409512][ T9803] __vm_enough_memory: pid: 9803, comm: syz.0.732, bytes: 4398046457856 not enough memory for the allocation [ 305.842454][ T9888] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 309.181559][ T9969] netlink: 'syz.1.773': attribute type 10 has an invalid length. [ 309.265176][ T9969] netlink: 330 bytes leftover after parsing attributes in process `syz.1.773'. [ 309.628935][ T9971] Process accounting resumed [ 310.869152][T10012] netlink: 28 bytes leftover after parsing attributes in process `syz.1.780'. [ 312.177366][T10027] openvswitch: netlink: Flow key attribute not present in set flow. [ 313.401516][ T50] Bluetooth: hci2: Malformed LE Event: 0x1d [ 313.423205][ T29] audit: type=1800 audit(1782992170.098:18): pid=10076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.791" name="sr0" dev="devtmpfs" ino=2847 res=0 errno=0 [ 313.681321][T10080] FAULT_INJECTION: forcing a failure. [ 313.681321][T10080] name failslab, interval 1, probability 0, space 0, times 0 [ 313.763230][T10080] CPU: 0 UID: 0 PID: 10080 Comm: syz.1.790 Tainted: G L syzkaller #0 PREEMPT(full) [ 313.763257][T10080] Tainted: [L]=SOFTLOCKUP [ 313.763263][T10080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 313.763272][T10080] Call Trace: [ 313.763277][T10080] [ 313.763284][T10080] dump_stack_lvl+0x100/0x190 [ 313.763309][T10080] should_fail_ex.cold+0x5/0xa [ 313.763330][T10080] should_failslab+0xc2/0x120 [ 313.763352][T10080] kmem_cache_alloc_noprof+0x91/0x6a0 [ 313.763369][T10080] ? rcu_is_watching+0x12/0xc0 [ 313.763388][T10080] ? anon_vma_clone+0x2ba/0xcd0 [ 313.763413][T10080] anon_vma_clone+0x2ba/0xcd0 [ 313.763440][T10080] copy_vma+0x6ed/0xac0 [ 313.763462][T10080] ? __pfx_copy_vma+0x10/0x10 [ 313.763501][T10080] copy_vma_and_data+0x1cf/0x7c0 [ 313.763519][T10080] ? __pfx_copy_vma_and_data+0x10/0x10 [ 313.763543][T10080] ? __vma_start_write+0x17f/0x280 [ 313.763566][T10080] ? __pfx___vma_start_write+0x10/0x10 [ 313.763594][T10080] move_vma+0x574/0x1920 [ 313.763613][T10080] ? __pfx_move_vma+0x10/0x10 [ 313.763631][T10080] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 313.763653][T10080] ? cap_mmap_addr+0x4b/0x120 [ 313.763667][T10080] ? bpf_lsm_mmap_addr+0x9/0x30 [ 313.763681][T10080] ? security_mmap_addr+0x71/0x1e0 [ 313.763700][T10080] ? __get_unmapped_area+0x255/0x3e0 [ 313.763723][T10080] ? vrm_set_new_addr+0x204/0x290 [ 313.763740][T10080] mremap_to+0x234/0x4c0 [ 313.763756][T10080] ? mas_walk+0x6ef/0x9b0 [ 313.763770][T10080] ? __pfx_mremap_to+0x10/0x10 [ 313.763785][T10080] ? check_prep_vma+0x912/0xe60 [ 313.763804][T10080] __do_sys_mremap+0x88c/0x1850 [ 313.763827][T10080] ? __pfx___do_sys_mremap+0x10/0x10 [ 313.763849][T10080] ? __pfx_do_futex+0x10/0x10 [ 313.763879][T10080] ? __x64_sys_futex+0x34f/0x4d0 [ 313.763909][T10080] do_syscall_64+0x115/0x840 [ 313.763923][T10080] ? clear_bhb_loop+0x40/0x90 [ 313.763941][T10080] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.763957][T10080] RIP: 0033:0x7f996379de59 [ 313.763971][T10080] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 313.763985][T10080] RSP: 002b:00007f99645cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 313.764000][T10080] RAX: ffffffffffffffda RBX: 00007f9963a26270 RCX: 00007f996379de59 [ 313.764010][T10080] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 313.764019][T10080] RBP: 00007f9963833e6f R08: 0000000100000000 R09: 0000000000000000 [ 313.764028][T10080] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 313.764037][T10080] R13: 00007f9963a26308 R14: 00007f9963a26270 R15: 00007ffc0a47aa78 [ 313.764058][T10080] [ 314.083252][T10083] random: crng reseeded on system resumption [ 315.536694][T10103] binder: 10100:10103 unknown command 9462763 [ 315.568765][T10103] binder: 10100:10103 ioctl c0306201 0 returned -22 [ 317.158677][T10138] netlink: 28 bytes leftover after parsing attributes in process `syz.2.799'. [ 317.252736][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.259149][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.473384][T10141] WARNING! power/level is deprecated; use power/control instead [ 318.290960][T10151] netlink: 28 bytes leftover after parsing attributes in process `syz.3.803'. [ 318.445778][T10151] veth1_macvtap: left promiscuous mode [ 318.510021][T10150] vhci_hcd: not connected 4 [ 318.516876][T10151] macsec0: entered promiscuous mode [ 318.559511][T10151] macsec0: entered allmulticast mode [ 320.362455][T10192] [U] ^\ [ 320.869816][T10210] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 320.939368][T10210] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 320.973210][T10210] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 320.999921][T10210] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 321.107942][T10215] netlink: 4 bytes leftover after parsing attributes in process `syz.2.818'. [ 321.158287][T10215] netlink: 5 bytes leftover after parsing attributes in process `syz.2.818'. [ 321.208947][T10215] netlink: 12 bytes leftover after parsing attributes in process `syz.2.818'. [ 321.280600][T10220] FAULT_INJECTION: forcing a failure. [ 321.280600][T10220] name failslab, interval 1, probability 0, space 0, times 0 [ 321.495931][T10220] CPU: 0 UID: 0 PID: 10220 Comm: syz.1.819 Tainted: G L syzkaller #0 PREEMPT(full) [ 321.495958][T10220] Tainted: [L]=SOFTLOCKUP [ 321.495964][T10220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 321.495973][T10220] Call Trace: [ 321.495981][T10220] [ 321.495987][T10220] dump_stack_lvl+0x100/0x190 [ 321.496012][T10220] should_fail_ex.cold+0x5/0xa [ 321.496035][T10220] should_failslab+0xc2/0x120 [ 321.496058][T10220] __kmalloc_node_noprof+0x101/0x830 [ 321.496075][T10220] ? lockdep_init_map_type+0x5c/0x250 [ 321.496093][T10220] ? mempool_init_node+0x11b/0x6e0 [ 321.496112][T10220] ? __pfx_mempool_free_slab+0x10/0x10 [ 321.496128][T10220] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 321.496146][T10220] mempool_init_node+0x11b/0x6e0 [ 321.496167][T10220] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 321.496184][T10220] ? __pfx_mempool_free_slab+0x10/0x10 [ 321.496201][T10220] mempool_init_noprof+0x3a/0x50 [ 321.496221][T10220] bioset_init+0x37e/0x8a0 [ 321.496239][T10220] ? __pfx_bioset_init+0x10/0x10 [ 321.496254][T10220] ? kasan_save_track+0x14/0x30 [ 321.496272][T10220] ? __kasan_kmalloc+0xaa/0xb0 [ 321.496292][T10220] ? __kmalloc_cache_node_noprof+0x2fe/0x6c0 [ 321.496313][T10220] ? __alloc_disk_node+0x5a/0x6b0 [ 321.496335][T10220] __alloc_disk_node+0x83/0x6b0 [ 321.496356][T10220] __blk_alloc_disk+0xd2/0x170 [ 321.496373][T10220] ? __pfx___blk_alloc_disk+0x10/0x10 [ 321.496403][T10220] ? __pfx_idr_alloc+0x10/0x10 [ 321.496417][T10220] ? lockdep_init_map_type+0x5c/0x250 [ 321.496432][T10220] ? __raw_spin_lock_init+0x3a/0x110 [ 321.496451][T10220] ? __pfx_hot_add_show+0x10/0x10 [ 321.496467][T10220] zram_add+0x1bf/0x5d0 [ 321.496483][T10220] ? __pfx_zram_add+0x10/0x10 [ 321.496511][T10220] ? find_held_lock+0x2b/0x80 [ 321.496529][T10220] ? sysfs_file_kobj+0xe4/0x290 [ 321.496559][T10220] ? __pfx_hot_add_show+0x10/0x10 [ 321.496575][T10220] hot_add_show+0x21/0x80 [ 321.496592][T10220] class_attr_show+0x72/0xa0 [ 321.496615][T10220] ? __pfx_class_attr_show+0x10/0x10 [ 321.496636][T10220] sysfs_kf_seq_show+0x217/0x3f0 [ 321.496660][T10220] seq_read_iter+0x32f/0x1270 [ 321.496682][T10220] ? lock_acquire+0x1b9/0x370 [ 321.496703][T10220] kernfs_fop_read_iter+0x46c/0x610 [ 321.496721][T10220] ? rw_verify_area+0xce/0x6d0 [ 321.496742][T10220] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 321.496761][T10220] vfs_read+0x82e/0xb40 [ 321.496778][T10220] ? __pfx_vfs_read+0x10/0x10 [ 321.496804][T10220] ksys_read+0x12a/0x250 [ 321.496818][T10220] ? __pfx_ksys_read+0x10/0x10 [ 321.496837][T10220] do_syscall_64+0x115/0x840 [ 321.496851][T10220] ? clear_bhb_loop+0x40/0x90 [ 321.496870][T10220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.496885][T10220] RIP: 0033:0x7f996379de59 [ 321.496899][T10220] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 321.496912][T10220] RSP: 002b:00007f9964611028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 321.496927][T10220] RAX: ffffffffffffffda RBX: 00007f9963a26090 RCX: 00007f996379de59 [ 321.496937][T10220] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000005 [ 321.496946][T10220] RBP: 00007f9963833e6f R08: 0000000000000000 R09: 0000000000000000 [ 321.496954][T10220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 321.496963][T10220] R13: 00007f9963a26128 R14: 00007f9963a26090 R15: 00007ffc0a47aa78 [ 321.496984][T10220] [ 322.949558][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 323.008490][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 323.014641][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 323.021329][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 323.234457][T10237] futex_wake_op: syz.2.823 tries to shift op by -2048; fix this program [ 323.272164][T10237] futex_wake_op: syz.2.823 tries to shift op by -2048; fix this program [ 323.322096][T10237] 0x000000000001-0x000000020000 : "" [ 323.618933][T10237] ftl_cs: FTL header corrupt! [ 324.089873][T10224] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.819: iget: checksum invalid [ 324.237929][T10224] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 324.315907][T10224] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.819: iget: checksum invalid [ 324.450143][T10224] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 324.514617][T10224] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.819: iget: checksum invalid [ 324.579331][T10220] zram: Error allocating disk structure for device 0 [ 324.617489][T10224] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 324.679471][T10224] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.819: iget: checksum invalid [ 324.679805][T10224] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 324.679839][T10224] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 324.679854][T10224] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 324.815132][T10224] Process accounting paused [ 325.992958][T10267] netlink: 28 bytes leftover after parsing attributes in process `syz.1.830'. [ 326.571673][T10284] capability: warning: `syz.0.832' uses deprecated v2 capabilities in a way that may be insecure [ 326.772715][T10290] netlink: 40 bytes leftover after parsing attributes in process `syz.2.833'. [ 328.373362][T10311] FAULT_INJECTION: forcing a failure. [ 328.373362][T10311] name failslab, interval 1, probability 0, space 0, times 0 [ 328.456346][T10311] CPU: 0 UID: 0 PID: 10311 Comm: syz.2.837 Tainted: G L syzkaller #0 PREEMPT(full) [ 328.456371][T10311] Tainted: [L]=SOFTLOCKUP [ 328.456376][T10311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 328.456385][T10311] Call Trace: [ 328.456390][T10311] [ 328.456396][T10311] dump_stack_lvl+0x100/0x190 [ 328.456420][T10311] should_fail_ex.cold+0x5/0xa [ 328.456440][T10311] should_failslab+0xc2/0x120 [ 328.456462][T10311] __kmalloc_cache_noprof+0x91/0x6c0 [ 328.456479][T10311] ? kvm_dev_ioctl+0x1321/0x1a50 [ 328.456506][T10311] kvm_dev_ioctl+0x1321/0x1a50 [ 328.456535][T10311] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 328.456564][T10311] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 328.456587][T10311] __x64_sys_ioctl+0x18e/0x210 [ 328.456610][T10311] do_syscall_64+0x115/0x840 [ 328.456623][T10311] ? clear_bhb_loop+0x40/0x90 [ 328.456641][T10311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.456656][T10311] RIP: 0033:0x7f745fd9de59 [ 328.456669][T10311] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 328.456682][T10311] RSP: 002b:00007f7460d22028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 328.456697][T10311] RAX: ffffffffffffffda RBX: 00007f7460026090 RCX: 00007f745fd9de59 [ 328.456707][T10311] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000002 [ 328.456715][T10311] RBP: 00007f745fe33e6f R08: 0000000000000000 R09: 0000000000000000 [ 328.456724][T10311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 328.456732][T10311] R13: 00007f7460026128 R14: 00007f7460026090 R15: 00007ffcea6b9058 [ 328.456750][T10311] [ 330.304030][T10361] netlink: 28 bytes leftover after parsing attributes in process `syz.2.849'. [ 330.492071][T10362] futex_wake_op: syz.1.845 tries to shift op by -2048; fix this program [ 330.731267][T10362] futex_wake_op: syz.1.845 tries to shift op by -2048; fix this program [ 331.044838][T10347] 0x000000000001-0x000000020000 : "" [ 331.093331][T10347] ftl_cs: FTL header corrupt! [ 333.014761][T10404] kexec: Could not allocate control_code_buffer [ 333.170841][T10408] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma? [ 336.692428][T10459] Device name cannot be null; rc = [-22] [ 337.485722][T10470] random: crng reseeded on system resumption [ 338.821172][ T5642] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 340.067535][T10534] i2c i2c-0: delete_device: Can't parse I2C address [ 340.201891][T10534] FAULT_INJECTION: forcing a failure. [ 340.201891][T10534] name failslab, interval 1, probability 0, space 0, times 0 [ 340.254985][T10526] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20000 [ 340.305428][T10526] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 340.342482][T10526] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 340.380656][T10526] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 340.390131][T10534] CPU: 0 UID: 0 PID: 10534 Comm: syz.2.884 Tainted: G L syzkaller #0 PREEMPT(full) [ 340.390158][T10534] Tainted: [L]=SOFTLOCKUP [ 340.390164][T10534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 340.390174][T10534] Call Trace: [ 340.390180][T10534] [ 340.390186][T10534] dump_stack_lvl+0x100/0x190 [ 340.390211][T10534] should_fail_ex.cold+0x5/0xa [ 340.390234][T10534] should_failslab+0xc2/0x120 [ 340.390257][T10534] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 340.390277][T10534] ? __d_alloc+0x35/0xa50 [ 340.390297][T10534] __d_alloc+0x35/0xa50 [ 340.390316][T10534] d_alloc+0x4a/0x1e0 [ 340.390334][T10534] lookup_one_qstr_excl+0x171/0x250 [ 340.390358][T10534] start_dirop+0x59/0xb0 [ 340.390382][T10534] simple_start_creating+0xf9/0x110 [ 340.390397][T10534] ? __pfx_simple_start_creating+0x10/0x10 [ 340.390413][T10534] ? mntput+0x70/0xa0 [ 340.390435][T10534] ? simple_pin_fs+0xa3/0x190 [ 340.390457][T10534] debugfs_start_creating.part.0+0x82/0x170 [ 340.390480][T10534] __debugfs_create_file+0xb3/0x4f0 [ 340.390503][T10534] debugfs_create_file_full+0x41/0x60 [ 340.390525][T10534] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 340.390550][T10534] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 340.390586][T10534] ? kasan_save_track+0x14/0x30 [ 340.390604][T10534] ? __kasan_kmalloc+0xaa/0xb0 [ 340.390623][T10534] ? lockdep_init_map_type+0x5c/0x250 [ 340.390641][T10534] preinit_net.part.0+0x43b/0x920 [ 340.390661][T10534] copy_net_ns+0x339/0x7c0 [ 340.390683][T10534] create_new_namespaces+0x3ea/0xac0 [ 340.390705][T10534] unshare_nsproxy_namespaces+0xf2/0x220 [ 340.390725][T10534] ksys_unshare+0x438/0xab0 [ 340.390745][T10534] ? __pfx_ksys_unshare+0x10/0x10 [ 340.390772][T10534] __x64_sys_unshare+0x31/0x40 [ 340.390791][T10534] do_syscall_64+0x115/0x840 [ 340.390805][T10534] ? clear_bhb_loop+0x40/0x90 [ 340.390833][T10534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.390849][T10534] RIP: 0033:0x7f745fd9de59 [ 340.390863][T10534] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 340.390879][T10534] RSP: 002b:00007f7460d43028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 340.390894][T10534] RAX: ffffffffffffffda RBX: 00007f7460025fa0 RCX: 00007f745fd9de59 [ 340.390904][T10534] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 340.390914][T10534] RBP: 00007f745fe33e6f R08: 0000000000000000 R09: 0000000000000000 [ 340.390924][T10534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 340.390933][T10534] R13: 00007f7460026038 R14: 00007f7460025fa0 R15: 00007ffcea6b9058 [ 340.390952][T10534] [ 340.717408][T10526] page dumped because: unmovable page [ 340.723728][T10526] page_owner tracks the page as allocated [ 340.732923][T10526] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x0(), pid 0, tgid 0 (swapper), ts 1586403558, free_ts 0 [ 340.747382][T10526] register_early_stack+0x74/0xaf [ 340.752440][T10526] init_page_owner+0x4c/0xa10 [ 340.758611][T10526] page_ext_init+0x71d/0x780 [ 340.763244][T10526] mm_core_init+0x229/0x270 [ 340.768015][T10526] page_owner free stack trace missing [ 341.473960][T10566] netlink: 24 bytes leftover after parsing attributes in process `syz.0.891'. [ 341.510564][T10501] Process accounting paused [ 341.684052][T10574] binder: BINDER_SET_CONTEXT_MGR already set [ 341.792183][T10574] binder: 10568:10574 ioctl 4018620d 9 returned -16 [ 342.032342][T10564] netlink: 12 bytes leftover after parsing attributes in process `syz.1.890'. [ 342.829469][T10584] Process accounting resumed [ 342.968375][T10605] synth uevent: /devices/platform/vivid.0/media12: unknown uevent action string [ 343.005465][T10605] media media12: uevent: failed to send synthetic uevent: -22 [ 343.714898][T10622] netlink: 40 bytes leftover after parsing attributes in process `syz.1.901'. [ 344.270199][T10638] netlink: 28 bytes leftover after parsing attributes in process `syz.3.903'. [ 344.952145][ T29] audit: type=1800 audit(1782992201.628:19): pid=10644 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.905" name="lu_gp_id" dev="configfs" ino=37116 res=0 errno=0 [ 345.985560][T10659] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[7213] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[10659] [ 348.357492][T10700] netlink: 28 bytes leftover after parsing attributes in process `syz.2.915'. [ 348.778105][T10694] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 351.406653][T10743] ================================================================== [ 351.406677][T10743] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 351.406703][T10743] Write of size 8 at addr ffffc90004a49000 by task syz.3.924/10743 [ 351.406717][T10743] [ 351.406727][T10743] CPU: 0 UID: 0 PID: 10743 Comm: syz.3.924 Tainted: G L syzkaller #0 PREEMPT(full) [ 351.406748][T10743] Tainted: [L]=SOFTLOCKUP [ 351.406753][T10743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 351.406763][T10743] Call Trace: [ 351.406769][T10743] [ 351.406775][T10743] dump_stack_lvl+0x100/0x190 [ 351.406794][T10743] print_report+0x13d/0x4b0 [ 351.406816][T10743] ? _raw_spin_lock_irqsave+0x52/0x60 [ 351.406839][T10743] ? sys_imageblit+0x19fb/0x1d60 [ 351.406856][T10743] kasan_report+0xdf/0x1c0 [ 351.406878][T10743] ? sys_imageblit+0x19fb/0x1d60 [ 351.406897][T10743] sys_imageblit+0x19fb/0x1d60 [ 351.406917][T10743] ? __asan_memcpy+0x3c/0x60 [ 351.406932][T10743] ? __pfx_sys_imageblit+0x10/0x10 [ 351.406949][T10743] ? desc_read+0x2e2/0x380 [ 351.406971][T10743] ? panic_on_this_cpu+0x32/0x40 [ 351.406991][T10743] ? _prb_read_valid+0x72a/0x880 [ 351.407006][T10743] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 351.407031][T10743] soft_cursor+0x524/0xa10 [ 351.407047][T10743] ? desc_read+0x2e2/0x380 [ 351.407068][T10743] ? fb_get_color_depth+0x120/0x250 [ 351.407091][T10743] bit_cursor+0xca1/0x1490 [ 351.407108][T10743] ? __pfx_bit_cursor+0x10/0x10 [ 351.407124][T10743] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 351.407146][T10743] ? get_color+0x1da/0x450 [ 351.407166][T10743] ? __pfx_bit_cursor+0x10/0x10 [ 351.407179][T10743] fbcon_cursor+0x43c/0x5e0 [ 351.407200][T10743] ? mark_lock+0x9c0/0xa20 [ 351.407222][T10743] hide_cursor+0x87/0x230 [ 351.407238][T10743] do_con_write+0x224c/0x4a30 [ 351.407258][T10743] ? __mutex_lock+0x26d/0x1bd0 [ 351.407272][T10743] ? find_held_lock+0x2b/0x80 [ 351.407289][T10743] ? n_tty_write+0x500/0x1160 [ 351.407310][T10743] ? n_tty_write+0x500/0x1160 [ 351.407331][T10743] ? __pfx___mutex_lock+0x10/0x10 [ 351.407345][T10743] ? __pfx_do_con_write+0x10/0x10 [ 351.407364][T10743] ? mark_held_locks+0x40/0x70 [ 351.407388][T10743] ? con_write+0x93/0xb0 [ 351.407406][T10743] con_write+0x23/0xb0 [ 351.407424][T10743] n_tty_write+0x431/0x1160 [ 351.407448][T10743] ? __pfx_n_tty_write+0x10/0x10 [ 351.407469][T10743] ? __pfx_woken_wake_function+0x10/0x10 [ 351.407486][T10743] ? __pfx___might_resched+0x10/0x10 [ 351.407508][T10743] ? kfree+0x1e5/0x6c0 [ 351.407521][T10743] ? __pfx_n_tty_write+0x10/0x10 [ 351.407543][T10743] file_tty_write.isra.0+0x4d2/0x890 [ 351.407563][T10743] redirected_tty_write+0xd4/0x120 [ 351.407581][T10743] vfs_write+0x6ac/0x1050 [ 351.407603][T10743] ? __pfx_redirected_tty_write+0x10/0x10 [ 351.407625][T10743] ? __pfx_vfs_write+0x10/0x10 [ 351.407641][T10743] ? find_held_lock+0x2b/0x80 [ 351.407665][T10743] ksys_write+0x12a/0x250 [ 351.407679][T10743] ? __pfx_ksys_write+0x10/0x10 [ 351.407695][T10743] do_syscall_64+0x115/0x840 [ 351.407708][T10743] ? clear_bhb_loop+0x40/0x90 [ 351.407724][T10743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.407739][T10743] RIP: 0033:0x7ff404f9de59 [ 351.407752][T10743] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 351.407766][T10743] RSP: 002b:00007ff405e82028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 351.407781][T10743] RAX: ffffffffffffffda RBX: 00007ff405226090 RCX: 00007ff404f9de59 [ 351.407791][T10743] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000008 [ 351.407801][T10743] RBP: 00007ff405033e6f R08: 0000000000000000 R09: 0000000000000000 [ 351.407810][T10743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 351.407819][T10743] R13: 00007ff405226128 R14: 00007ff405226090 R15: 00007fffe898da88 [ 351.407834][T10743] [ 351.407839][T10743] [ 351.407843][T10743] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc90004749000 allocated at drm_gem_shmem_vmap_locked+0x553/0x860 [ 351.407879][T10743] Memory state around the buggy address: [ 351.407888][T10743] ffffc90004a48f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.407899][T10743] ffffc90004a48f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 351.407908][T10743] >ffffc90004a49000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 351.407916][T10743] ^ [ 351.407924][T10743] ffffc90004a49080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 351.407934][T10743] ffffc90004a49100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 351.407942][T10743] ================================================================== [ 351.429964][T10743] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 351.429983][T10743] CPU: 0 UID: 0 PID: 10743 Comm: syz.3.924 Tainted: G L syzkaller #0 PREEMPT(full) [ 351.430006][T10743] Tainted: [L]=SOFTLOCKUP [ 351.430012][T10743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 351.430022][T10743] Call Trace: [ 351.430027][T10743] [ 351.430033][T10743] dump_stack_lvl+0x100/0x190 [ 351.430059][T10743] vpanic+0x552/0x970 [ 351.430073][T10743] ? __pfx_vpanic+0x10/0x10 [ 351.430089][T10743] ? mark_held_locks+0x40/0x70 [ 351.430115][T10743] ? sys_imageblit+0x19fb/0x1d60 [ 351.430133][T10743] panic+0xd1/0xe0 [ 351.430146][T10743] ? __pfx_panic+0x10/0x10 [ 351.430160][T10743] ? sys_imageblit+0x19fb/0x1d60 [ 351.430177][T10743] ? preempt_schedule_common+0x42/0xc0 [ 351.430202][T10743] check_panic_on_warn.cold+0x19/0x34 [ 351.430217][T10743] end_report.part.0+0x3a/0x90 [ 351.430238][T10743] kasan_report.cold+0xe/0x18 [ 351.430259][T10743] ? sys_imageblit+0x19fb/0x1d60 [ 351.430279][T10743] sys_imageblit+0x19fb/0x1d60 [ 351.430299][T10743] ? __asan_memcpy+0x3c/0x60 [ 351.430315][T10743] ? __pfx_sys_imageblit+0x10/0x10 [ 351.430332][T10743] ? desc_read+0x2e2/0x380 [ 351.430354][T10743] ? panic_on_this_cpu+0x32/0x40 [ 351.430375][T10743] ? _prb_read_valid+0x72a/0x880 [ 351.430390][T10743] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 351.430416][T10743] soft_cursor+0x524/0xa10 [ 351.430431][T10743] ? desc_read+0x2e2/0x380 [ 351.430452][T10743] ? fb_get_color_depth+0x120/0x250 [ 351.430475][T10743] bit_cursor+0xca1/0x1490 [ 351.430491][T10743] ? __pfx_bit_cursor+0x10/0x10 [ 351.430508][T10743] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 351.430530][T10743] ? get_color+0x1da/0x450 [ 351.430550][T10743] ? __pfx_bit_cursor+0x10/0x10 [ 351.430564][T10743] fbcon_cursor+0x43c/0x5e0 [ 351.430585][T10743] ? mark_lock+0x9c0/0xa20 [ 351.430615][T10743] hide_cursor+0x87/0x230 [ 351.430632][T10743] do_con_write+0x224c/0x4a30 [ 351.430652][T10743] ? __mutex_lock+0x26d/0x1bd0 [ 351.430667][T10743] ? find_held_lock+0x2b/0x80 [ 351.430685][T10743] ? n_tty_write+0x500/0x1160 [ 351.430707][T10743] ? n_tty_write+0x500/0x1160 [ 351.430728][T10743] ? __pfx___mutex_lock+0x10/0x10 [ 351.430742][T10743] ? __pfx_do_con_write+0x10/0x10 [ 351.430761][T10743] ? mark_held_locks+0x40/0x70 [ 351.430786][T10743] ? con_write+0x93/0xb0 [ 351.430806][T10743] con_write+0x23/0xb0 [ 351.430824][T10743] n_tty_write+0x431/0x1160 [ 351.430849][T10743] ? __pfx_n_tty_write+0x10/0x10 [ 351.430871][T10743] ? __pfx_woken_wake_function+0x10/0x10 [ 351.430888][T10743] ? __pfx___might_resched+0x10/0x10 [ 351.430911][T10743] ? kfree+0x1e5/0x6c0 [ 351.430924][T10743] ? __pfx_n_tty_write+0x10/0x10 [ 351.430946][T10743] file_tty_write.isra.0+0x4d2/0x890 [ 351.430967][T10743] redirected_tty_write+0xd4/0x120 [ 351.430985][T10743] vfs_write+0x6ac/0x1050 [ 351.431000][T10743] ? __pfx_redirected_tty_write+0x10/0x10 [ 351.431020][T10743] ? __pfx_vfs_write+0x10/0x10 [ 351.431032][T10743] ? find_held_lock+0x2b/0x80 [ 351.431055][T10743] ksys_write+0x12a/0x250 [ 351.431069][T10743] ? __pfx_ksys_write+0x10/0x10 [ 351.431085][T10743] do_syscall_64+0x115/0x840 [ 351.431098][T10743] ? clear_bhb_loop+0x40/0x90 [ 351.431115][T10743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.431131][T10743] RIP: 0033:0x7ff404f9de59 [ 351.431145][T10743] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 351.431159][T10743] RSP: 002b:00007ff405e82028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 351.431175][T10743] RAX: ffffffffffffffda RBX: 00007ff405226090 RCX: 00007ff404f9de59 [ 351.431185][T10743] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000008 [ 351.431195][T10743] RBP: 00007ff405033e6f R08: 0000000000000000 R09: 0000000000000000 [ 351.431205][T10743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 351.431214][T10743] R13: 00007ff405226128 R14: 00007ff405226090 R15: 00007fffe898da88 [ 351.431230][T10743] [ 351.431296][T10743] Kernel Offset: disabled