last executing test programs: 7.750885594s ago: executing program 0 (id=654): openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x22480, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7}) r0 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x119f01, 0x0) ioctl$auto(r0, 0xab0a, 0xffffffffffffffff) fsconfig$auto_FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000080)='/sys/kernel/deb\\g/sync/sw_sync\x00', &(0x7f00000002c0)="b7b80923cdc800c979236e1d818539eff1fb19b2d916dc446967864e5de594d91025e7bfc6385143ae464fd2b1c65bd22542cebfee84c9b40f1bc2ff5fa6541b8af327d7727ae41566810b0900f388c031", 0x8) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_SET_COALESCE(0xffffffffffffffff, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.0/usb1/bDeviceProtocol\x00', 0x12bc00, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x200, 0xdf, 0x9b74, 0x7, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, 0x0) ioctl$auto(0x3, 0xc0383e04, 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sysfs$auto(0x2, 0x100001000000032, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r4, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0) read$auto_stat_fops_per_vm_kvm_main(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01002dbd0900fedbdf257e"], 0x14}, 0x1, 0x68, 0x0, 0x24000000}, 0xd0) socket(0x18, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/net/tcp\x00', 0x600, 0x0) pread64$auto(r6, 0x0, 0x202, 0xfffff000) ioctl$auto_EXT4_IOC_GETVERSION(0xffffffffffffffff, 0x80086603, &(0x7f0000000000)=0x400) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/compaction_proactiveness\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 6.298940599s ago: executing program 0 (id=656): socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_force_suspend_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/bluetooth/hci1/force_suspend\x00', 0x121401, 0x0) write$auto_force_suspend_fops_hci_vhci(r0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/173, 0xad) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x7f, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x101640, 0x35) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x4, 0x2) clock_gettime$auto(0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) read$auto_tracing_saved_cmdlines_size_fops_trace(r1, &(0x7f0000000180)=""/80, 0x50) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x4000000000008000) 6.28709328s ago: executing program 2 (id=657): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') setns(r0, 0x0) mmap$auto(0x4, 0x7d, 0x7, 0xeb1, r0, 0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket(0xa, 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x4000, 0x0) write$auto(r2, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89\xac\xba\xa7\xb4\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\xe3\f0\x01#\xcf|\xf0.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x0e\x00\x00\x004*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\\\xa7\xd1\xf3\xb2\xfak\fD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x2) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) signalfd$auto(r2, &(0x7f0000000380)={0xa4d5}, 0x1ff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = getpid() keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) prctl$auto(0x1000000003b, 0x1, 0x4, 0x400005, 0x7) socket$nl_generic(0x10, 0x3, 0x10) r4 = userfaultfd$auto(0x1) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zram0\x00', 0x14f602, 0x0) pwritev2$auto(r5, &(0x7f0000001fc0)={0x0, 0x7}, 0x7, 0xfc, 0x1aa1, 0x8) sendmsg$auto_IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010727bd700003000000000000002dea4b5375d3ce5b7557c1cbc072e34cce547dbfaf603549e2f59136bce4e6fb02c1048cdc5796609976aaf57dbec9086a35d3336c2af713fcde25597cf0bd69d2c35d36652eabfeaf4dea784c45ca12a8d2a432637821bf8e4c00424a021aed615c7e79e0236fffc1616f1a5af52b9b232b21619db406d454fe665868a768a3a7a4315be0c367d9eb88cb02fe9014047c7fef66238412"], 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x40000) sendmsg$auto_IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="d0120000", @ANYRES16=0x0, @ANYRES64=r5, @ANYRESOCT=r3, @ANYBLOB="20238680040035800800", @ANYRESOCT=r4, @ANYBLOB="04001180040074800800060009000000d6019e8004007d000c000300090000000000000075885a92b6dbe4817497623ad3c5d070fc0c3d6f02aa127732c502386d2e093c6b01e3afd824dde19e8ff3f6fdacb266300644d8121715bbb26424be01891d5cecc0d5dc6ecc2104fbb6177b9ab1a5e727690d7c523e22fd7c7baa6f15dbf33b4ce5141973a1cad4fbd86fee189c507b76625e0abb5125b59a16c9bcd92cfcf2e2250e9578d6a809b5a101761fb43b960bf45d18910520a5af1b7bae714d5f6072b358c2c690ac6c8573cf131bf97c0b44527ed74a813540189b1cb5b684f0482c1168dcb7ffefa962b570dbbda2530c001f00620000000000000078f55482a68ab7399826a76ee031983a4407d8f3c55a62f22c6625871946609a0c1b4a184067ce8ee9f250931435dcc17715cad9782433c087ce3a55d866ac70bccc0a22b1a9bb3348060bedcfcae4fe42754bc52b260fab5efc13c7243d75c28fe5ef26f94299d27d95f8f862462c695fce77898d4f5a1c0cb67eb3e06b6028881afe776844197b855f6e76e2e221e9caac055133b7bdfd1e1ef1e2b996ca0bce4259c2cbb3e8e3d0e4620953d749d892619c87a876fae3d6b62ca5d05849319784ac13d2d9f6954f219a4534eaf8ee070a85f6fa063d1dd55b8d3e6a10b30400aa80040027800000080004005d5d00000800060007000000981001808300248008004600ffffffff507d395f43ca09c932f146a5eaea10fefc5973ef15239709973ccb067ecafa290dbd66329f1100a3b7513b40baff1124ce3da2b83685d0f49d4132ed84e284ed01b370bf682e83b8fcbfac765e467427c1fc8f5ae73f939be2a0a11ec86eeba0be203ab2f8fd24b194efd286efafed04002d8004006c8000101054800400ae8008008000", @ANYRES32, @ANYRESHEX], 0x12d0}, 0x1, 0x0, 0x0, 0x810}, 0x10) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = semctl$auto(0x4005, 0x2, 0x40, 0x6) capset$auto(&(0x7f0000000080)={0x3, r6}, &(0x7f0000000100)={0xd, 0x3, 0x7}) 5.965742527s ago: executing program 2 (id=658): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/controlC1\x00', 0x68080, 0x0) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/lapb1/dormant\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000440)=""/139, 0x8b) (async) sendmsg$auto_IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRESOCT=0x0, @ANYBLOB="4d0448847000ffdbdf250400000008000400080000002b11cb2bc91a1b7d5e3832293c74befc142cc314d89067e616d4c859342bdf5ecf4f84aec702fa8efdd525c39926ed3dbcbb0dffdaee0d001ae260db65049bf85edcf99bb7d79ce4c577bba35200c0d2c6176e7d8037f09006303a63ac7f055eba88c189c13b86a947ef291f28f3f137b70b4459513d296a39b3ab149714e872729fdb3e2c9ac855fbccb16294c6f96d5a037af3f0d89449092e821cb00ea3a8be21a0708b8506aef095239adc1eda0b54b10298bf116ab18daf41f7e13621307b9f905d018d11011a4a3e35e586b935e368195fadcae9c4f4afe38ef12615b7c7aca5c1abfcf9ab207471914518d061ee0961c823c698882a2201ca71fa6402524bb8ac7d53a1d1055f84376a1ded45baffffffff73615f6c5ca1f1233804f1762500d6ee313f09c8cbb8261b725eec3ed9211455ff536eabbb300983f5a70e84dd5d"], 0x1c}, 0x1, 0x0, 0x0, 0x24008000}, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 64) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) (rerun: 64) mmap$auto(0x40000000, 0x9645, 0xdf, 0x8011, 0x2, 0x2d4a29c0) (async) pivot_root$auto(0x0, 0x0) socket(0x2, 0x1, 0x0) listen$auto(0x3, 0x81) (async, rerun: 32) r3 = socket(0x49, 0x6, 0x7e) (rerun: 32) setsockopt$auto(r3, 0x29, 0x17, &(0x7f0000000040)='!\x00', 0x1ff) (async) close_range$auto(0x2, 0x8, 0x0) (async) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) (async) mmap$auto(0x0, 0x7fff, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000000, 0xe) (async, rerun: 64) madvise$auto(0x0, 0xffffffff7fffffff, 0xa) (async, rerun: 64) mmap$auto(0x7f, 0x82020009, 0x3, 0xeb1, 0xffffffffffffffff, 0xfff) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) madvise$auto(0x0, 0x200007, 0x8) (async, rerun: 64) connect$auto(0x3, 0x0, 0x10) (rerun: 64) unshare$auto(0x40000080) readv$auto(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x5b54}, 0x1) getsockopt$auto(r2, 0x9, 0x2, &(0x7f0000000040)='/dev/cec27\x00', 0x0) msgctl$auto_MSG_STAT_ANY(0x3, 0xd, &(0x7f00000003c0)={{0x6, 0x0, 0xffffffffffffffff, 0x80000001, 0xa8, 0x80, 0x6dc8}, 0x0, &(0x7f0000000380)=0x2, 0x5, 0x1, 0x6, 0x20000, 0x4, 0x5, 0xfffc, 0x8c2}) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0xe) 5.612089367s ago: executing program 3 (id=659): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00'}) (async) futex$auto(&(0x7f00000019c0), 0x0, 0xfffff8be, 0x0, 0x0, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000) r1 = socket(0x15, 0x80000, 0xfffffffd) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0\x00'}) socket(0xa, 0x801, 0x84) (async) socket(0x18, 0x5, 0x1) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x80487436, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) (async) mmap$auto(0x0, 0x2020009, 0xfffffffffffffff3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x48041, 0x0) (async) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001d40)='/proc/misc\x00', 0xa182, 0x0) read$auto_proc_iter_file_ops_compat_inode(r5, 0x0, 0xfffffe13) (async, rerun: 32) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x40c01, 0x0) (async, rerun: 32) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x38100, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000700), r6) (async) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000740)={'wlan1\x00'}) (async) sendmsg$auto_NL80211_CMD_SET_CHANNEL(r6, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000140)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x20000000) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/workqueue/nf_ft_offload_stats/affinity_scope\x00', 0x8000, 0x0) read$auto(r7, 0x0, 0x20) (async, rerun: 64) write$auto(r4, 0x0, 0x8ed) (rerun: 64) ioctl$auto_PROCMAP_QUERY(r3, 0xc0686611, &(0x7f0000000080)={0x67, 0x3f, 0x7fff, 0x5, 0x80000000007, 0x1, 0x6, 0xff, 0x5, 0x7f, 0xfbfffffe, 0xfff, 0x7fb, 0x4, 0x9}) 4.545906717s ago: executing program 3 (id=660): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x2, 0x7000080) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x400000002, 0x1, 0xe2, 0x20009b72, r0, 0x28000) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) accept4$auto(r0, &(0x7f0000000080)=@phonet={0x23, 0x8, 0x5, 0xd}, &(0x7f00000000c0)=0x2, 0x3) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20501, 0x0) rename$auto(&(0x7f0000000180)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) sendmsg$auto_NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYRES16=0x0, @ANYBLOB="20062abd7000fddbdf250200"], 0x9c}, 0x1, 0x0, 0x0, 0x1}, 0x80) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) ppoll$auto(0x0, 0x4007f, 0x0, &(0x7f00000001c0)={0x6}, 0x8) mount$auto(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='nfs\x00', 0x1, &(0x7f00000001c0)) ioctl$auto(r1, 0x40044620, 0xffffffffffffffff) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0xc0a01, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r2, 0xc004510e, 0x0) 4.303851623s ago: executing program 0 (id=661): statmount$auto(0x0, &(0x7f0000000180)={0x3, 0x1, 0x9, 0x7352, 0x3d, 0x65f, 0x1ffde, 0xa, 0x0, 0x2, 0xb, 0x3, 0x5, 0x101, 0xb4, 0x9, 0x6, 0x7ff, 0x84, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0xb4, 0x4, 0x0, 0x0, 0x0, 0xfffffff9, [0x7, 0x0, 0x68, 0x0, 0x800000100000000, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0xfffffffffffffffe, 0x0, 0x1000000009d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x8, 0x0, 0x4, 0x0, 0x1, 0x0, 0x1, 0x2, 0x9, 0xfffffffffffffffe, 0x0, 0x0, 0x3, 0x800000000000000, 0x7e30e0be]}, 0x1fe, 0xf) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008004) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_tipcv2(0x0, r0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) socket(0x2, 0x1, 0x106) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/vlan/config\x00', 0xc0000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/user/max_fanotify_groups\x00', 0x181b42, 0x0) signalfd$auto(0xffffffff, 0x0, 0x8) socket(0x1d, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) io_uring_setup$auto(0x4079, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0xf, 0x4, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) ioctl$auto_TCFLSH2(r2, 0x400455c8, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 3.910876922s ago: executing program 1 (id=662): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x20009, 0x4, 0xeb1, 0xffffffffffffffff, 0x7f) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x140242, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/ram13/queue/dax\x00', 0x181000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0xd5a3, 0x9, 0x2, 0x10000000000eb1, r0, 0x8000) mmap$auto(0x0, 0x2000a, 0xe2, 0x10, 0x405, 0x8000) futex$auto(0x0, 0x85, 0x8, 0x0, 0x0, 0x80800002) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x56) ioctl$auto(0x3, 0x800005411, 0x38) r1 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000080), 0x20200, 0x0) ioctl$auto_UBI_IOCATT(r1, 0x40186f40, 0x0) prctl$auto(0x44, 0x1, 0x0, 0x8, 0x5) pivot_root$auto(0x0, 0x0) r2 = open(0x0, 0x76bd, 0x12) sendfile$auto(r2, 0xffffffffffffffff, &(0x7f0000000000)=0x20000000006fe7, 0x9) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) madvise$auto(0x0, 0x2000040080000000, 0xe) madvise$auto(0x6, 0x8008000000000001, 0x7ffffffd) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/nfs/parameters/nfs_mountpoint_expiry_timeout\x00', 0x80040, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/bdi/7:14/power/runtime_suspended_time\x00', 0x383203, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x103a42, 0x0) sendfile$auto(r4, r5, 0x0, 0x3) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001080)=""/4143, 0x102f) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) 3.753566274s ago: executing program 2 (id=663): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) msgsnd$auto(0x0, 0x0, 0x1000, 0x4) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r0, 0x41045508, r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000040), r1) r3 = fcntl$auto_F_RDLCK(r1, 0x7ff, 0x0) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) symlinkat$auto(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00') sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="18110000", @ANYRES16=r2, @ANYBLOB="000229bd800000000000000005", @ANYRES32=r3, @ANYBLOB="0400318004006f800500e50000000000040092800800d600040000007a753777259efe46718d133d114d35d1fd4fc7fddf9ecb5a1ed4979dfd2a041285c814d68f9c033f93d4d3f62c1835b5463a6ca16a67929ec5884a7d068f1d23ff74266af6b973c6e38da000eadb2146d43a7ade42e4f5a5d304b94d166c7a5b2eddbc095278d9836f62f346422464f506ed8a5a728ecd858f84af8b1530f98d2478c19647904845c5d7f2aa5197992bdf5dc13e9092c4340d3df93547d7e3261af3beeeb28b1eea899b7abe1557007e92eda75789c5a8852b1c18dd37de831e453d2d5534734f416c3bca570919495b747c3312e16664a7dadb65e24e104803e7561e064befa0fd14a68331c3de9fbdb888db10babee9833d6b233a20073a7cf258bdc5b9407aa8139c71dcee8023e17527982f2b495f2e33204f28e1d0e8f773c9989d473d34ee0540892395ee83dc1b1ea2db13e0b57993a5e6dbccc3cb3a2649d658b52319b36c62e1efc2d9958c99194c73238de8dde689947c5f008900333c21c50b1f530da440dcc26ba8b7daeb5ba647b43b040efd686254a2795b057e2d6b0831735ba96692e3a9ed06484fecb3622788230113d0a14579248db446057e7fb2b48a2853005e31ba732e0a9e22a0b950f70f89b20d46c9f71a0565ca86bac9b821eb1d8d902679df6da4760fe40d71ca7d10b6acc4d2f35cd378b55b3baa20ef233ce5ba90327f47f689e260e2f46760e52cc4ccd06d44ebcb31c465c0e47439656b637463d189490e49ca9ff370a3437e89f57071dd8839e953fff38172f8b642b73e9afe8f35f98fa73f2931d2e820687914c7fa49065fd6647a0cd2689a06e98c1e41f1712ab77dfe05d77959360178b7949234b16a049c19881002d190721121d45a6af9c6a6c995d28750fb390063d67a72e13bdedaec70ba3ca3ff3235e4b87b98e3d15f8e6cd82fa13febced56fc3122031b10fe9380b2a47c4121d58e1fbe9e5a171a22f5445d488807f5dc196aa2ffb57baab4726ee8a387cdea90bc9d193f815008d0b1b7ffb6bb810153b46ef71ad113fb28e0f66319b87a5a4b95bc5557c83b77d45f36ca495b8fde9b081e871f2f78a67c61fd9b0fd53a0e31aec04174e684b2b5a43cbb05653673bfdfe0df18f917bafc028916710dc21c5d8b6ceca61ac3b34925333af7370b485da1ca65e18766372840ad8ab27804fd833100876296e7e7ac93d76223395ae7955c4d20f5bac15ac4abeb87af830361eef41f260a72ea58e5984c0fafd379a00bcbc704f087aba21a877b28c4651e898813e98c47fb26a5f74c86f4cd65b45da451699310e3dc9ad2b51381355ea154383f989767e8312a1d2c2ce97c361118540e6cad9cf6e36ed0230de4607c4a14569e1eab7d43b347c17f0dec8759322265d47cddf91617754308576847998241846afa299d840f4e9a09558b61d4eeacd2ddc5cd9251ec830a1d3a8b3a91437af9e3aaa3b72512944daf52978d39d0df0db2975b7249432424660a89636111c205de91c9a81b50a5a1d659fa14c1e4eeb42e86d7a8f339f97080b098feb1e90a3a9170260ef4af5aa690eed398d1ce7afbe60d5d54797b26946fb01dbe21709e7dec12747732d355ebb9389576e68d3799c793663d185b7df78ad83b47b7030504273fb0b4e98b0b4b14fb7dcbd18390900fa5260bfc9b9ca36d8437c1f3ef64bc4d234da228068802a2957108cae2017bc3b8d1baa30ee173eeb4bdf9995f2849662bb2443c935ddb69703669602fea2a9405b5c99101a0f6988ab1a6b74c6580a16c265c262c006c108b518c46567fa8809c1c3cb8950de21abbf9f7b2f6b42ae29c6427b97c0f884e7a730342971f945486aa6932cfd706bc97f61f4b24719baacbc6ecd24223e5ec55b144e462657674c5acaacc167996a84963a29f1c20747083deafd47b1e58b75af9e47e80740259188f4587ab1bcc942beea8d2dff019bc377233e92c20dac12ab582e4a5207e5ecb2b6d8eeddf6874dfb99348f2eab306b43970f0cba4932ac5df6242ff50a6de9d21381b10a35be8afade5c0df16d1a09717cce3d448308acfa7712cdb84b0f97e29087372db23fe3a44f40c2cd1058af9b35494fbf479bfee548163495ae4107b2c39ffeebdd54692349b77f9b7fe04105db0f046f8ed8d9d48175b04e0c6ea347d1a38b0fec58f91b0b02daa9eaf311804046dd2b22a1f04383018db5ac29790296b0b184c228632daff5d56edbdb2f003ee2c8a914604991f4f517d8a560888b4ecf457852c4d549d5ad735f6d070ae5320aa0aa082ec33ab38813beefe4a4e16308c67752b8332859b27f98a67bcfcdfa4581be8cb1f2bb92889a1eda2b107a9bb870d5096d55a8e16a4b6baff10287346ce349fa5c26ef48b7827b70949ee5d3cbafa4c2553c3b4915b5d39e226f49c25e775c7343abc487fa44bdafceefdeb81380a78a7e0a87dc8e1bb5960c37de55bebd96e846c93a12b8143c69898f126dba002f37f51eb260b84784d8213c13005b4fb29c2d0b45e162f1899c7a33a1c4a4c9cea5661b56f4c06bfc13dea37e6a510b0c3a16af0aa7ba23f16525802c2a7135f5690eeccfdc18f3124c0ee49d455fe68e3b592bc9c4b2f378171b368c994efcd7139d0c63fc68bb70e2bb23ee4eb0904b395a7aee0d3a146de877c9cdb0bc5b7fccb3ee63b6e3f4566d18aae65dfac9befc3960645c822479ddeee575602743f22a553054af44cfb4d887e77f48bfdaaf34cec869f72890a3d3fc4ccc33f6d47db47ef2601939798ac278d289e31a7c952f3705da82311df5f930aa63a23c103326b6029651b5fa45587245131c4bd68e539c2963b627e1239b82bfeeb7449bb41e3642626ea2e6c06dd4cd27227a744a62e45215d790ae52f2c1f44f94b26684712728eaa2ee535fa3a5ebaf6f02e84cd752609368c278b70baac13305a27ebe4b1dbaff4a6a87334a14c1b6767a317d9067f334e611aea15353c1a83c444ac4e3a47d7581434d73595921129c9dbe8aafec718dd9adb7c7de8603f491dac07da3337585f0e7e4ff60f9f70a148ee77e20bdf671644498a080e61a41970f7f8be65f670f5932f1ff540def235728d1575273e72549c71c74156013364e8d382d730a189d166a87feaadde27fd7d4a1dcac77b9a6e92df8696e665a3591a992cf4d635f5e8c02c9c371c8fda5a923fb9ce41872941eecd3d57069ede0cb8d20dffba9450acd019291159d09f35a9b8e961044258a1af11d57540cbaa0f2d21e369f9e1f9b2b8c644d74610bb6ae0b0fdac81debb0e5e6ab032d9383a4c3f0a973cbe1d93d2184770fc3438816f2c23967051457cdb85ea7f1bdda272e7076a96972af1a54ed2e9586c38f66c2048cf6e7f1efea5ed772cce9ed8cfae5b6656b64f0cb42664d45a9caa682056e469de6fa93533d1d4014d94924e126227b4a83508c0c8cd38a5756e4af648460a07d9ebae512292bc14daa091b8b9a88725400e4f55ed7e38d0437ff30384e61e6dfd97287edf826d82bd76f7673ab923b32536e909ada6f89dd836681194cb7305a678e09adc8bce1b17ba7b2563e5ecdec1525f2156d22d8eda0ac5c58e836a0a63c55adc4123c325ea4658d616a3dea2f18431402a53fc4947be0cf26959dbb6f674e6ea478a2cd48825d7d1fc5adf3be3f3591cab33d65df2b047672a6a0ef997efd0ff445906503a712928231405b8e76589d4777c66f9e1e15c68a0149a8e5c10c4dc5c4f1e49b808848b8dffb756a11680e19d98c4c2bd2708ed93c6ae89fb243b6515eaa28c6fcb57467b60a11c45b32184e528888c748235ee6979c9dadc714b8804072e438f9a938700dc1a4eb41815f6288aa6f0ec103623c9d362530deafd166ecb09144cc1686332de03ca75c7da5fd73e90ebc2a37696d7dc02123b1732b860b3eb4217d034d9c5ae4c6b0e64eee70bd22efd2b0d0b5a17a96879e446898d93ab6e9f562b60c708e37c4d8d3af5fc66129a7ba5c4e436fe041118b0cc4bacda88e6cbdfdea472a5c26474d3fb4b2ce0305a5970bf3267bc56fd1ee5b244e035fd22939b59c6d6453722d10787aa654ff1291f794bdb09b768cdbea24869cc3d291b78df67321802bf41bc71c60aa6d60ef7d49e8f5e9536e8d078445da85fac9bf72f82eff03127dff5b91127d258f8f802e9fd5bff9fd7ea8cd4b2c6147701b0ae62fb905fd85140713471639c3d2d42ea07abebc399e33114e9bd3337049c0601c3cf8ae905d22549c9194cf7b13cd3af53b0f72988ba2747d22a2f0d0e31bb3fde7064f188f90f90aa5743d7fb75995960a062d68d1fcfb61646acb61179c7e6f9adbcc5c4f29ecea878239c770bdc8ba20f593ee5ad275169d4a5b9d57ec3a547e2ad2c2ee021c7464f99c5e953d316cef237f0394e18c81aedb49627a8be4b6203ebe4965da925ce7134d39bb2538c0cae512f5569af3186965263eb9913270365d211e1ad960bcf42d388942029726336ec599b61ee66482158a05230f2e38ffa66615af01624c46b9d6a439372f9e9efca472aab36c98d98f22726a1ff483d6b267422a3dd93644a3caa8be368ba905447f90ffcfbdecd45363ff88c4b9c921020674189aa87c5f03e24d4ad50d8beeac8788ccc70af44ed44a21d9bef500f2f183d94e96b339d955ba3e226ba37b450b6435b02c2da6d1b92cbdc02a3ecd8fb43e9e7592a1e7a3e5ca2ee9c10b8d319d3e08fa854f1dc93754a0b3214e0d87367bc71c3a0e1c731af0581041faf77eb6944040ae244025d824236ad4f153eaf3701c5e78a83c68fcc9b9209c7ab767f1f35fc3fb6130a150ac2674710e2d2380f282848e5ecbec19c5eca0e238edcd85a191ff5ceaecc8b9e80631d16e54241db5f0f5dd6533a337c8580829b4c544f3cce1da1fd350a76a08da040c6169543a6a08c51ce07d11543577717cb1ec17936303b9b719c45acb408d7b50ee199f786500bbf3ea840835fdd060784102b217ec5ae3a6a12cc13989dc17094706b9eeb09a05cc229c06ccf9dab059ed95d5b1ea8057f664fe653a9c2a5a2d52d2344b09ea49b73f74bd0b7dff92eecbb88c4cedddd187e03cbad75613ef49de4786e02e9b2b4e21e0b198b2686dee17891cf9cf076990b831bf63ead373c43ee2fdcdcf24d03ab9c9b46257dc7c006afc5a175c42185ad90ca7345ee0569e0c1493334d4389b0e6e9b3db181de43d2c2f23b66f4c54f9a5fc1647b71dd9db36b7189f478f931cd04fe565187d44633d5e77a32149d1825f140fec9a42e4eddfd504023c31bc6c7bba64f5a4c4ff3ccc2b4e662fc1a3b8354ae23793ee09a4ede74a39b27edc1a740ef1935482901277228765121c1fa2576d9a933a21e08eb041a8192c9c5b45f3e7e698dec31447a8e5035e605a4d7264fc2b293e64faa5ddc4483df415be312da8a22fe35b61e6d65817b3dc08b907a414c8200a05c34bb8ecba93c00677790340409d24a0e9fdd5cdf40d68fb63354270b5fcb98c2663ee097aa0d31d9d1dc9928679a20d3f163f84ed62037f50fee18b83e0201806bacefab098b5d2d4ba417df2726248a2622c3db2d13c47c8d9cdaf20077bcc3e324ab4669e7d8c876316181706a0c85ed3d2b56eace0883eb85cf6270a88825235b72852e8bf80c17abfc711d9a6badf5ea447c6f862002d1d9d1c0b111c18350e6aefab40e9b34f02842264a72433d14191ba6cebcab1dac7063cc7d9998654ff669b3f3d5508f984d6fba562ec434a9554f43575fb06bb2f969a52ef72e2cf75b0fc206e6626772eef765161a1b0e1ab92f4588305f17997edc052b7e3aaf581ff931c1979d95eb75c5f8629240ab85b04c57ec3275873ef6d32a016a52c24a715a1c40d15a009e322d1e0bd68563b3cba162aa13df62a62a913a1bab0c7ffe148a14a1faabf8efa842ed57231515972d4d51053f50dac0fe981898c4c3f4c047f0b63cfdd7ad11721ebe68affc9f8bc04e4ce7dadc1b54fb94dd8beb1c431ec9257114eb7892dc732664d227c6c8037fe78803a527b000800ce00", @ANYRES32=r1, @ANYBLOB="28003d8008003003000000000000002c82fd737b13d110c3d94101af7adf5d41aabe5eb07d05e21104003700"], 0x1118}, 0x1, 0x0, 0x0, 0x48040}, 0x40080) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r4, 0x29, 0x38, 0x0, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/slab/kmalloc-64/total_objects\x00', 0x80000, 0x0) read$auto(r5, &(0x7f0000000100)='\xcb%)\x00', 0x400000000007) r6 = openat$auto_proc_coredump_filter_operations_base(0xffffffffffffff9c, &(0x7f0000005700), 0x28000, 0x0) read$auto_proc_coredump_filter_operations_base(r6, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) pipe$auto(0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) write$auto(0x3, 0x0, 0xfffffdef) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r7, 0x5408, 0x0) r8 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/card0\x00', 0x80202, 0x0) ioctl$auto(r8, 0x9000643a, 0xc35) openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/trigger\x00', 0x2301, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000200), 0x642002, 0x0) 3.741246855s ago: executing program 1 (id=664): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) sendfile$auto(r0, r0, 0x0, 0x4265) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r1 = socket(0x11, 0x80003, 0x300) socket(0x29, 0x5, 0x0) r2 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) open_by_handle_at$auto(r2, &(0x7f0000000040)={0x8, 0x2, "1800000000000000"}, 0x2) sendfile$auto(r1, 0x3, 0x0, 0xc01) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) io_uring_setup$auto(0x85, 0x0) r4 = socket(0xa, 0x1, 0x84) getsockopt$auto(r4, 0x0, 0x487, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x3b72, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x1b) socket(0xa, 0x2, 0x88) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x5) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x4e22, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x3, 0x4) 3.553147585s ago: executing program 3 (id=665): r0 = socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 64) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) (rerun: 64) ioctl$auto(r2, 0xc0285443, 0x0) socket(0x18, 0x3, 0x2) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r3 = epoll_create$auto(0x4) (async) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) (async, rerun: 64) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) (rerun: 64) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) (async) fcntl$auto(0x0, 0x408, 0x100000) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x3, 0xa, &(0x7f0000000080)='nlctrl\x00', 0x2) close_range$auto(0x2, 0xa, 0x0) (async) socket(0x18, 0xa, 0x1) (async) socket(0xa, 0x2, 0x0) (async) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x8301, 0x0) (async) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), r0) sendmsg$auto_NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x54, r4, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_SUPPORTED_SELECTORS={0x3e, 0x14e, "857d4d3c8a0bbd50243ae1c98daf1236cc82e0529bca5b49ea2b8ed88ff2982b273faf37324d4a1634be89a2a9b9b1684b9af3fa4adc36be984e"}]}, 0x54}, 0x1, 0x0, 0x0, 0x4001}, 0x40) write$auto(0x3, 0x0, 0x7fffffff) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) r5 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000000c0), r1) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r5, 0x800, 0x70bd27, 0x25dfdbfe, {}, [@IOAM6_ATTR_NS_ID={0x6, 0x1, 0x8}, @IOAM6_ATTR_NS_ID={0x6, 0x1, 0xa7d}, @IOAM6_ATTR_NS_ID={0x6, 0x1, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x20000000) 3.243312707s ago: executing program 1 (id=666): r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) socket(0x2, 0x1, 0x106) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) connect$auto(0x3, 0x0, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) mmap$auto(0x0, 0x20000a00006, 0x100, 0x91, 0xffffffffffffffff, 0x2ffffffffffe) mmap$auto(0x0, 0x400008, 0x0, 0x9b72, 0x2, 0x8000) r2 = socket(0x2, 0x1, 0x106) bind$auto(r2, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xb, 0x734f, 0x36, 0x67f, 0x1ffde, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x80, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x2) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) ppoll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x7980, 0x6}, 0x2, 0x0, 0x0, 0x8) fcntl$auto(0x0, 0x407, 0x100000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x13, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8040) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000100), 0x3, 0x2}, 0x800}, 0xffffffff, 0x4008) open$dir(0x0, 0x507180, 0x25c) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x88200, 0x1d3) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(r4, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0xc804) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000280)={0x1, 0x8, 0x0, 0x60, 0x5, 0x80, 0xcf, 0x6c35, 0xe}) 2.396113293s ago: executing program 2 (id=667): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f0000000200)={0x0, 0x2}, 0x3) fsconfig$auto_FSCONFIG_SET_BINARY(r2, 0x2, 0x0, 0x0, 0x4) open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/cgroup.threads\x00', 0x80800, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getresgid$auto(0x0, 0x0, 0x0) ioctl$auto(0x3, 0xae41, r4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) ioctl$auto_KVM_CREATE_VM(r3, 0xae80, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0x8138ae83, 0x0) 2.289623946s ago: executing program 3 (id=668): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) pread64$auto(r1, 0x0, 0xd, 0x6e9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x2, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0xc, 0x940, 0x1ffde, 0x7, 0x6, 0x3ff, 0x9, 0x1, 0x2, 0x7, 0x9, 0x8, 0x8, 0x407, 0x5, 0x7, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xe3a]}, 0x400, 0x81) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x80000, 0x0) bpf$auto_BPF_LINK_UPDATE(0x1d, &(0x7f0000000380)=@batch={0x8000000000000000, 0x6, 0xe, 0x8cb5, 0x10001, r0, 0x7, 0x3}, 0x7) lsm_list_modules$auto(&(0x7f0000000000)=0xa8, &(0x7f0000000080)=0xffffffff, 0x17c4) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000140)={{@raw=0x80000000, 0x304, 0x1, 0x8, "3112d598004a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe000900000000000755015e48d", @raw=0xffffffff}, 0x3, 0x3, 0x4, @inferred, @integer={0x1, 0xfffffffffffffff9, 0x8}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd7327b386425608af790ada71bdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84L\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xff\a\x00\x00\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 1.662498837s ago: executing program 3 (id=669): mmap$auto(0x3, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) open(0x0, 0x165840, 0x151) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x100, 0x0) ioctl$auto(r0, 0x4b46, 0x1) r1 = socketcall$auto_SYS_SOCKET(0x1, &(0x7f00000000c0)=0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f00000007c0)={{@raw=0x7ff, 0x8, 0x4, 0xa2, "c6e47a44a36664a5e709f0e4c97056bc9fa32c617bb88dc98fa7591aefc4647f5af349f8e1e79c823b22958f"}, 0x1, @enumerated=@item=[0x0, 0x3, 0x1, 0xb, 0x6, 0x8001, 0x10, 0x6, 0x10001, 0xefe, 0xfffffff9, 0x5, 0x8001, 0x62f, 0x101, 0x4, 0x200, 0xfffffff0, 0x1000, 0x7, 0x3, 0x3, 0x0, 0x6, 0xb94, 0x0, 0x1, 0x7, 0x3, 0xe8, 0x4, 0x0, 0x9, 0x46f, 0x8, 0x1, 0x6, 0x4, 0x6, 0x8, 0x80, 0x9, 0x65b, 0x9, 0x7, 0x81, 0x1ce8, 0x9, 0x34b5, 0xfff, 0x5, 0x4, 0x2, 0x1000, 0x9, 0x0, 0x400, 0xd, 0x0, 0x0, 0x207d, 0xa79, 0x5, 0x5, 0x4, 0x80, 0x6ed, 0x2, 0x1, 0x1, 0x6, 0x4, 0x1, 0x1, 0x4003ff, 0x5, 0x8, 0x6, 0x0, 0xa, 0x2, 0x5, 0x400, 0x6, 0x10004, 0x9, 0x29, 0x8, 0x30971ad3, 0x9, 0x78d, 0x7f, 0x0, 0x8001, 0x20000, 0x40, 0x0, 0x4, 0x5, 0xfffff43e, 0x0, 0x4f000, 0xfe, 0x5, 0x7, 0xd49e923b, 0x4, 0xd, 0x77, 0xf2, 0x0, 0x7fffffff, 0x7f77, 0x9, 0x5b, 0x8, 0x10011, 0x8, 0x0, 0xc2, 0x0, 0x5, 0x1000, 0x1, 0x7, 0x400, 0x8, 0x3], "4570dcfd140074f863fc1385c4fd7abe6fce96c0b442897f58fd7d975d164deff4eef5b9f9173fa400163669eae95125d4bd68ca54ca1b0aefb60ffa8d501b1329af8d4108ac145aa564c6e7a09ea1b2dfae0f309c6ea508833d7d134b13d8cb3ef95bf5ed43801c280c02a5a853512e6f730d43226f00af1c5ac268ecc1d18f"}) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0) write$auto(r3, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8001, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/\x98@dio1\x00', 0x100000a3d9) getsockopt$auto_SO_MEMINFO(r1, 0x2, 0x37, &(0x7f0000000180)='wlan1\x00', 0x0) getsockopt$auto_SO_MEMINFO(0xffffffffffffffff, 0xaa4, 0x37, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) setsockopt$auto_SO_REUSEADDR(r1, 0x3bf, 0x2, &(0x7f0000000100)='\x01\x00\x02', 0x40006) socket(0x2, 0x80802, 0x0) r4 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r4, &(0x7f00000001c0)={{&(0x7f0000000040), 0x12, 0x0, 0x2, 0x0, 0x100000000000001e, 0xb}, 0x2}, 0x3, 0x20001c02) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) io_setup$auto(0x207ffc, &(0x7f0000000180)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000000000000000) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) r5 = socket(0xa, 0x802, 0x3a) setsockopt$auto(r5, 0x29, 0x21, 0x0, 0x18000113) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 1.306304089s ago: executing program 2 (id=670): mmap$auto(0x0, 0xe981, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, 0xffffffffffffffff, 0x8000) mlockall$auto(0x7) close_range$auto(0x2, 0x8, 0x0) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r1 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xc}, 0x800009}, 0x5, 0x20000000) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004000)='/dev/audio\x00', 0x102, 0x0) ioctl$auto(0x3, 0x80044df9, 0x38) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) getsockopt$auto_SO_PEERCRED(r2, 0x3923, 0x11, &(0x7f0000000000)='#^+\xbf_:\x00', &(0x7f0000000040)) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) 1.305618455s ago: executing program 0 (id=678): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x14, 0x7, 0x63, 0x0, 0x0, 0x0, 0x0, 0x40000000000f, 0x1000, 0xfffffffffffffffd, 0x7ffffffd, 0x4000000000009, 0xffffffff7ffffffc, 0x9, 0x7, 0x200000100103}) writev$auto(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000240), 0x27}, 0x7) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) write$auto(0x3, 0x0, 0x100085) mmap$auto(0x0, 0x2020009, 0x3, 0x7fffffffffffffff, 0xfffffffffffffffa, 0x7fff) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) r2 = openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) ioctl$auto_IOCTL_VM_SOCKETS_GET_LOCAL_CID(r2, 0x7b9, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/make-it-fail\x00', 0x381080, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x2482, 0x0) pread64$auto(r3, 0x0, 0x20000000001, 0x7fff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) r6 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_SET_MESH(r4, &(0x7f00000005c0)={0x0, 0x9e, &(0x7f0000000580)={&(0x7f0000000100)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002cbd7000fadbdf250f00100008000300", @ANYRES32=r5, @ANYBLOB="0500300000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4004000}, 0x140000e4) 959.963548ms ago: executing program 1 (id=671): mmap$auto(0x0, 0x6, 0xdf, 0x19, 0xffffffffffffffff, 0x4000000000008) r0 = prctl$auto(0x1, 0x2, 0x0, 0x9, 0xfff) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0x400a507}, 0x800}, 0xa, 0x8) mmap$auto(0x0, 0x2020009, 0x43, 0x2000eb1, 0xfffffffffffffffa, 0x8000) r1 = socketcall$auto_SYS_ACCEPT4(0x12, &(0x7f0000000000)=0x8) setsockopt$auto(r1, 0x8, 0x3, &(0x7f0000000080)='E\x00', 0xe000000) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x23, 0x5, 0x84) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xa, 0x0) r3 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) setsockopt$auto(r2, 0x10000000084, 0x23, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x8) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x6600, 0x0) symlink$auto(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000000)='./file0\x00') readlink$auto(&(0x7f0000000040)='./file0\x00', 0x0, 0x40) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@generic={0xa, "02d0ac0c00e435826339c7328903"}, 0x6a) 760.120026ms ago: executing program 0 (id=672): mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r0, 0x1269, 0x0) mmap$auto(0x0, 0x402000b, 0x4af, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_batadv(&(0x7f00000002c0), 0xffffffffffffffff) getsockopt$auto_SO_SNDBUF(0xffffffffffffffff, 0xffffffff, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x40009d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x1c0000, 0x800097, 0x1, 0x0, 0x3, 0x1) mbind$auto(0x0, 0x800605, 0x1, 0x0, 0xa, 0x3) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/amidi2\x00', 0x12801, 0x0) r1 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_cifs(&(0x7f0000000040), r1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x2584, 0x0) ioctl$auto(0x3, 0x40045542, 0xb551) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) poll$auto(&(0x7f0000000080)={r1, 0x3, 0x2}, 0x1, 0x2) mmap$auto(0x0, 0xede8, 0xdf, 0x9b72, 0x5, 0x28000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x800001, 0x1, 0x8000000000000000, 0x0) adjtimex$auto(0x0) readv$auto(0x4, &(0x7f0000000100)={0x0, 0x1000}, 0x8) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0101, 0x15) mbind$auto(0xf4000000, 0x2, 0x2, &(0x7f0000002100)=0x4, 0x7, 0x0) 642.864243ms ago: executing program 3 (id=673): bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}, 0x1, 0x0, 0x0, 0x4000804}, 0x40000) (async) r0 = socket(0x10, 0x2, 0x0) (async) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) io_uring_register$auto_IORING_UNREGISTER_NAPI(0xffffffffffffffff, 0x1c, 0x0, 0x401) (async) io_uring_setup$auto(0x3, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/bus/usb/drivers/radio-raremono/remove_id\x00', 0x80500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/9, 0x9) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f000001f300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES32=r2], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) (async) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0xa, 0x8) (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 614.695657ms ago: executing program 1 (id=674): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x9, 0x100010, r0, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/modalias\x00', 0x80500, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) read$auto(0x3, 0x0, 0x7fffffff) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) unshare$auto(0x40000080) r1 = openat$auto_sync_info_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) read$auto(r1, &(0x7f0000000080)='\xbb\x00', 0x3) r2 = socket(0x2, 0x1, 0x106) connect$auto(0x3, &(0x7f00000018c0), 0x55) setsockopt$auto(r2, 0x1, 0x40, &(0x7f0000000200)='\x00\x89e\xad\x97\xc5E\xea=\x0f\xf4\xba4\x05>y/21\xfd\'\xc7\x1c\xaeV`\xc7^\x05\"H\xb8\x12\x99\x1fF\xdc\xc4\x02FV\x04D&9?\xa8d\xc97B\x9f)\xc6\xbb\x15_\xfd\xa5\xaf\xf8\xb8\x8a\x186\xa9\x0eY;\x9a\xe32T\xddn\xa6zK\xef\xf7\x04\x81\xb4\xb7;\x12\x1ch$\xbd\xd1x\x15\xa8\x9c\xba\x83\xa7\xbdwf8\xc03z|\xcd\xbc\xa1+8\xcet\x960\a\x80\x88!\x9e\x96\xcd\xb5dB\xc1L\xb2\xb1\xe6\xf9\x92\xd4\xcd\v0|G\xb7\xc3+\xb5\xa9\xb4E>ry\x8d(\xcb\xadaH<-h\xef8\x0678]`\x1f\xe5\\\x9c\xb4\xbd 6\x9fP\x16\xb5\xa1.;d\xf5F7TgT\x908=l\x89\x05\x03\xcb\x04\x9c\x0e\x04\xb5a\xe6\xa6\x13\xf8\xb2\xe1\xab\vI;\x10\xa7\xcc\x84\x1d\xff(\x1c\x99\x90M\xba\xfe\xaa\x8e\x83\x98\xbb8\xc3\x02\x8d(\xb0\x9c@n\xb7\xd3TF\xc7\x7f\x11\x9e\x00\x00\x00\x00\x00', 0xbb) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) prctl$auto(0x4000002a, 0x3, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xe43) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x640, 0x0) read$auto_mon_fops_binary_mon_bin(r3, 0x0, 0x0) ioctl$auto_MON_IOCG_STATS(r3, 0x80089203, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x88b40, 0x0) r5 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) ioctl$auto(r5, 0x3b84, r4) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x0, 0x0) recvmmsg$auto(0xffffffffffffffff, 0x0, 0xfffffff9, 0x10, 0x0) 401.973164ms ago: executing program 2 (id=675): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cpu.max\x00', 0x20b02, 0x0) io_uring_register$auto_IORING_UNREGISTER_FILES(r0, 0x3, &(0x7f0000000080)="193f32b995f0ecb4ddf8cd83baeda5c352a745214ad880cc4c561670de2d13131c656d339507302cd18f379f551569932d17bb17195ecfc677eb23ac801128003ef54e78817f1a", 0x3) sendfile$auto(r0, r0, &(0x7f0000000000)=0x3, 0xad6) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r4 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x18, 0x0) bpf$auto(0x0, &(0x7f00000003c0)=@task_fd_query={0x5, 0x21ea, 0x7ff, 0x3, 0x0, 0x80000001, r4}, 0x6f4) read$auto(r3, 0x0, 0x20) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/fs/cifs/LinuxExtensionsEnabled\x00', 0x48041, 0x0) write$auto(r5, 0x0, 0x6) unshare$auto(0x40000080) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000000)="b2", 0x1) r7 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r1, r7, 0x0, 0x1) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x1, 0x4a, 0x0, 0x9) socket(0x10, 0x80002, 0x0) bind$auto(r2, &(0x7f0000000140)=@generic={0x1a, "9300000004000000000000000091"}, 0x6a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/vhci_hcd.0/usb9/9-0:1.0/usb9-port7/over_current_count\x00', 0x400000, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)={0x1e4, r9, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x1b4, 0x3, 0x0, 0x1, [@nested={0x1b0, 0xc, 0x0, 0x1, [@nested={0xc, 0x6, 0x0, 0x1, [@typed={0x8, 0x106, 0x0, 0x0, @uid=0xee00}]}, @typed={0x8, 0xd8, 0x0, 0x0, @uid}, @typed={0x4, 0x7f, 0x0, 0x0, @binary}, @generic="a54635d920d1f98e95a90efe999d8960d3d0678f3d418c656dd04cbca43b74df199b2a92feea5ead7d6010716ad4bca41c607eae5bf8d3bbd5aeae65ec5f5cd613e1bd04bb6a9d02e36e9d7f2dea2cd7b1658e68894aec1592695d62947dd77edb4fb807d1c7ef16bfe86607308625a23c72cfc5e1b5edfa9b1a623f55386b4e4857214b8df480bef73f2e94f3c07b36cc295beb6228e6fb", @generic="e07fd6232ea1bca6676e3584140d2c9c7ac398a4c563e616db50119aff7f2fc521411935355f65315e94b3557d5dd4e44b4b200a1861be582c34945930f82186d4be836f070ec4e9bd85ec73840d147a0e9f6d252ab64e8fb1f45bb0d2f1bba33c1a8aff293f9ead42be7c1cabbb744906f7ddc09b7063c9b203fe721efdda36b9c7b2cc61dfaf2e3651990865ebf34cd27858b1d33355d876b6f0d50b401dfd5657d257dfd20ab837000c79df120aa42fefea98b203a55c2c3f743ce429f22d014ce85e6852bf9fd65b36eb1cbeab2336dea75fbc1013bb24674a61b12b798dabdb90097effde1b3286ffed36f2309d0ad060b6ba0eb65c9b02d2a6"]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x1e4}, 0x1, 0x0, 0x0, 0x50}, 0xc800) 304.647685ms ago: executing program 0 (id=676): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) r0 = socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r2, r1, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) sendmsg$auto_OVS_VPORT_CMD_DEL(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000340)={0xd4, 0x0, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@OVS_VPORT_ATTR_IFINDEX={0x8, 0x8, r2}, @OVS_VPORT_ATTR_UPCALL_PID={0xa8, 0x5, "c1e5a25d57209b24d4c267dea26d5c4e643ec2649fb1763bcd1bf017488810ac043901f9bbde4ac12f7f522deedc7f1f7a0e662ff37b1b78e7158733ea89928725b3678c9b598f506e880f8daacaee89f24faafcbb90bc2b1fde2267d9b37e19cbdb07686c7543cdac59de3d6b7707266f7809c3a1d66402a4aa194b23ffc894788c9cd6ef04538764cacc1d04c7ac20963cb29248807ef5798e237b61680c0f4356e59f"}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x4}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0x401}]}, 0xd4}, 0x1, 0x0, 0x0, 0x48085}, 0x20000010) r3 = socket(0x11, 0x2, 0x9) ioctl$auto(r3, 0x8910, 0x24) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r4 = socket(0xa, 0x801, 0x84) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r5, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) bind$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r6 = socket(0x2c, 0x80003, 0x0) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x44040}, 0x4000) setsockopt$auto(r4, 0x10000000084, 0x0, 0x0, 0x10) setsockopt$auto(r0, 0x29, 0x40, 0x0, 0x110) 0s ago: executing program 1 (id=677): r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dri/card0\x00', 0x40, 0x0) ioctl$auto(r0, 0x90006442, r0) r1 = openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci0/msft_opcode\x00', 0x0, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x101000, 0x0) read$auto(r2, 0x0, 0x9) ioctl$auto_SNDCTL_DSP_GETISPACE(r2, 0x8010500d, &(0x7f0000000340)) read$auto(r1, &(0x7f0000006740)='^%-[)>\'\xdf\x00', 0xffff) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.113' (ED25519) to the list of known hosts. [ 86.136679][ T5815] cgroup: Unknown subsys name 'net' [ 86.351310][ T5815] cgroup: Unknown subsys name 'cpuset' [ 86.360836][ T5815] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 88.157002][ T5815] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.035812][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.043802][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.052398][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.060654][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.069438][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.069862][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.078977][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.091100][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.092967][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.106040][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.106308][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.118056][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.127445][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.128893][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.137231][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.149844][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.152325][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.161663][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.171726][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.181225][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.776517][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 90.795054][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 90.811070][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 90.926286][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 91.126040][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.134510][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.142209][ T5827] bridge_slave_0: entered allmulticast mode [ 91.149498][ T5827] bridge_slave_0: entered promiscuous mode [ 91.158288][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.165452][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.173285][ T5826] bridge_slave_0: entered allmulticast mode [ 91.180749][ T5826] bridge_slave_0: entered promiscuous mode [ 91.189173][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.196332][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.203836][ T5829] bridge_slave_0: entered allmulticast mode [ 91.211237][ T5829] bridge_slave_0: entered promiscuous mode [ 91.234817][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.242019][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.249496][ T5827] bridge_slave_1: entered allmulticast mode [ 91.256697][ T5827] bridge_slave_1: entered promiscuous mode [ 91.264682][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.271980][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.279509][ T5826] bridge_slave_1: entered allmulticast mode [ 91.286655][ T5826] bridge_slave_1: entered promiscuous mode [ 91.293689][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.300841][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.308125][ T5829] bridge_slave_1: entered allmulticast mode [ 91.315446][ T5829] bridge_slave_1: entered promiscuous mode [ 91.365777][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.373157][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.380539][ T5828] bridge_slave_0: entered allmulticast mode [ 91.388228][ T5828] bridge_slave_0: entered promiscuous mode [ 91.425132][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.432612][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.440038][ T5828] bridge_slave_1: entered allmulticast mode [ 91.447235][ T5828] bridge_slave_1: entered promiscuous mode [ 91.457440][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.470541][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.482434][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.504168][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.515792][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.527037][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.582118][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.624581][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.635631][ T5827] team0: Port device team_slave_0 added [ 91.643450][ T5826] team0: Port device team_slave_0 added [ 91.651359][ T5829] team0: Port device team_slave_0 added [ 91.670659][ T5827] team0: Port device team_slave_1 added [ 91.678422][ T5826] team0: Port device team_slave_1 added [ 91.695044][ T5829] team0: Port device team_slave_1 added [ 91.745211][ T5828] team0: Port device team_slave_0 added [ 91.785783][ T5828] team0: Port device team_slave_1 added [ 91.792667][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.800447][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.826880][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.839579][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.846551][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.872582][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.884790][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.891923][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.919722][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.949503][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.956586][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.983443][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.997615][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.004594][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.030601][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.042516][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.049905][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.076203][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.103568][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.110877][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.137256][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.195476][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.202806][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.230310][ T5832] Bluetooth: hci0: command tx timeout [ 92.230316][ T52] Bluetooth: hci1: command tx timeout [ 92.232519][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.247560][ T5832] Bluetooth: hci3: command tx timeout [ 92.253067][ T52] Bluetooth: hci2: command tx timeout [ 92.319340][ T5826] hsr_slave_0: entered promiscuous mode [ 92.326094][ T5826] hsr_slave_1: entered promiscuous mode [ 92.419448][ T5828] hsr_slave_0: entered promiscuous mode [ 92.426215][ T5828] hsr_slave_1: entered promiscuous mode [ 92.434186][ T5828] debugfs: 'hsr0' already exists in 'hsr' [ 92.440267][ T5828] Cannot create hsr debugfs directory [ 92.452152][ T5829] hsr_slave_0: entered promiscuous mode [ 92.463887][ T5829] hsr_slave_1: entered promiscuous mode [ 92.470195][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 92.475934][ T5829] Cannot create hsr debugfs directory [ 92.498144][ T5827] hsr_slave_0: entered promiscuous mode [ 92.504706][ T5827] hsr_slave_1: entered promiscuous mode [ 92.511111][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 92.516854][ T5827] Cannot create hsr debugfs directory [ 92.978068][ T5826] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.994343][ T5826] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.013884][ T5826] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.038492][ T5826] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.091882][ T5828] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.110249][ T5828] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.131269][ T5828] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.143178][ T5828] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.213413][ T5829] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.229361][ T5829] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.241862][ T5829] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.252971][ T5829] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.358665][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.371420][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.386353][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.404839][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.463547][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.543799][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.558716][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.577429][ T3973] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.584715][ T3973] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.601472][ T3973] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.608664][ T3973] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.641514][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.663970][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.692046][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.699219][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.720084][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.731045][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.738190][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.753474][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.785702][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.792879][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.820770][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.827914][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.850919][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.876038][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.883163][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.916558][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.923774][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.966564][ T5828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.278179][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.300363][ T52] Bluetooth: hci2: command tx timeout [ 94.300400][ T5841] Bluetooth: hci3: command tx timeout [ 94.306317][ T5843] Bluetooth: hci0: command tx timeout [ 94.312358][ T5832] Bluetooth: hci1: command tx timeout [ 94.413752][ T5826] veth0_vlan: entered promiscuous mode [ 94.436316][ T5826] veth1_vlan: entered promiscuous mode [ 94.529272][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.567237][ T5826] veth0_macvtap: entered promiscuous mode [ 94.586503][ T5826] veth1_macvtap: entered promiscuous mode [ 94.615450][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.636694][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.650919][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.671378][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.701393][ T37] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.719676][ T37] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.733937][ T37] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.763525][ T37] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.792603][ T5828] veth0_vlan: entered promiscuous mode [ 94.847457][ T5828] veth1_vlan: entered promiscuous mode [ 94.870433][ T3783] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.875746][ T5829] veth0_vlan: entered promiscuous mode [ 94.885378][ T3783] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.940774][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.950005][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.959823][ T5827] veth0_vlan: entered promiscuous mode [ 94.972559][ T5829] veth1_vlan: entered promiscuous mode [ 95.006896][ T5827] veth1_vlan: entered promiscuous mode [ 95.057081][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.081259][ T5829] veth0_macvtap: entered promiscuous mode [ 95.105603][ T5828] veth0_macvtap: entered promiscuous mode [ 95.161455][ T5828] veth1_macvtap: entered promiscuous mode [ 95.174441][ T5829] veth1_macvtap: entered promiscuous mode [ 95.198143][ T5827] veth0_macvtap: entered promiscuous mode [ 95.231662][ T5827] veth1_macvtap: entered promiscuous mode [ 95.263842][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.282192][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.298001][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.336014][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.351585][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.373428][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.389459][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.416140][ T37] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.448918][ T37] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.477497][ T37] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.502283][ T37] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.515653][ T37] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.528674][ T5920] futex_wake_op: syz.1.5 tries to shift op by -2048; fix this program [ 95.538862][ T37] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.548526][ T37] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.574694][ T37] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.584456][ T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.594771][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.606165][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.618344][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.812041][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.831816][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.863033][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.878822][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.946628][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.983043][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.052518][ T3783] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.084223][ T3783] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.130653][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.155459][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.207735][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.236793][ T3973] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.281911][ T3973] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.387382][ T5832] Bluetooth: hci2: command tx timeout [ 96.387406][ T52] Bluetooth: hci1: command tx timeout [ 96.387737][ T5843] Bluetooth: hci3: command tx timeout [ 96.393012][ T5841] Bluetooth: hci0: command tx timeout [ 96.652800][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 96.805125][ T5938] __vm_enough_memory: pid: 5938, comm: syz.2.3, bytes: 4398046511104 not enough memory for the allocation [ 96.920882][ T5947] futex_wake_op: syz.3.7 tries to shift op by -2048; fix this program [ 97.074038][ T10] cfg80211: failed to load regulatory.db [ 97.128736][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.141418][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 97.150114][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.159384][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.168517][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 97.347490][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.379310][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.390782][ T5956] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 98.458037][ T5841] Bluetooth: hci3: command tx timeout [ 98.458058][ T5843] Bluetooth: hci1: command tx timeout [ 98.458091][ T52] Bluetooth: hci2: command tx timeout [ 98.474324][ T5832] Bluetooth: hci0: command tx timeout [ 98.589700][ T5968] Zero length message leads to an empty skb [ 99.391159][ T5990] netlink: 28 bytes leftover after parsing attributes in process `syz.1.15'. [ 99.411152][ T5990] veth0_macvtap: left promiscuous mode [ 99.420562][ T5990] macvtap0: entered promiscuous mode [ 99.438260][ T5990] macvtap0: entered allmulticast mode [ 99.721709][ T5991] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 99.782050][ T5991] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 99.838235][ T5965] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 99.942668][ T5991] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 99.972196][ T5996] usbcore.quirks: string doesn't fit in 127 chars. [ 100.021351][ T5991] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 100.031095][ T5991] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 100.060537][ T5991] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 100.110186][ T5991] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 100.116472][ T5991] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 100.190652][ T5991] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 100.214294][ T5991] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 100.222956][ T5991] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 100.261246][ T5991] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 100.727061][ T6005] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 100.891129][ T6001] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 101.590521][ T6018] mmap: syz.2.23 (6018) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 101.643749][ T6021] netlink: 342 bytes leftover after parsing attributes in process `syz.0.24'. [ 101.741115][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 102.057423][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 102.142711][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 102.230376][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 102.768274][ T6032] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 102.888900][ T6033] Process accounting resumed [ 102.956226][ T6037] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 103.800803][ T6049] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.819271][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 104.137973][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 104.217702][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 104.297500][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 105.897577][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 106.217481][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 106.297408][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 106.378171][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 107.341618][ T6100] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 107.499081][ T6104] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 107.538266][ T6104] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 107.667173][ T6111] netlink: 4 bytes leftover after parsing attributes in process `syz.3.42'. [ 107.689256][ T6111] netlink: 13 bytes leftover after parsing attributes in process `syz.3.42'. [ 112.458258][ T5832] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 113.368353][ T6209] netlink: 28 bytes leftover after parsing attributes in process `syz.3.59'. [ 113.386476][ T6209] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.405597][ T6209] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 113.436250][ T6209] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 113.450306][ T6209] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 113.569765][ T6215] netlink: 'syz.1.60': attribute type 1 has an invalid length. [ 114.356213][ T9] smpboot: CPU 1 is now offline [ 115.624219][ T6232] netlink: 342 bytes leftover after parsing attributes in process `syz.0.62'. [ 117.738385][ T6257] futex_wake_op: syz.1.68 tries to shift op by -2048; fix this program [ 117.958494][ T6260] futex_wake_op: syz.3.69 tries to shift op by -2048; fix this program [ 119.139966][ T6283] netlink: 354 bytes leftover after parsing attributes in process `syz.0.75'. [ 119.649966][ T6301] syz.0.78 uses obsolete (PF_INET,SOCK_PACKET) [ 119.885155][ T6310] futex_wake_op: syz.3.79 tries to shift op by -2048; fix this program [ 120.125225][ T30] audit: type=1326 audit(1768377722.219:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6285 comm="syz.2.77" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff4d3d8f7c9 code=0x0 [ 120.245218][ T6287] FAULT_INJECTION: forcing a failure. [ 120.245218][ T6287] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 120.423402][ T6287] CPU: 0 UID: 0 PID: 6287 Comm: syz.2.77 Tainted: G L syzkaller #0 PREEMPT(full) [ 120.423436][ T6287] Tainted: [L]=SOFTLOCKUP [ 120.423443][ T6287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 120.423462][ T6287] Call Trace: [ 120.423469][ T6287] [ 120.423479][ T6287] dump_stack_lvl+0x16c/0x1f0 [ 120.423529][ T6287] should_fail_ex+0x512/0x640 [ 120.423556][ T6287] _copy_from_user+0x2e/0xd0 [ 120.423578][ T6287] snd_rawmidi_kernel_write1+0x50a/0x8a0 [ 120.423611][ T6287] snd_rawmidi_write+0x26e/0xc10 [ 120.423639][ T6287] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 120.423662][ T6287] ? common_file_perm+0x1b1/0x500 [ 120.423685][ T6287] ? __pfx_default_wake_function+0x10/0x10 [ 120.423713][ T6287] ? bpf_lsm_file_permission+0x9/0x10 [ 120.423754][ T6287] ? security_file_permission+0x71/0x210 [ 120.423782][ T6287] ? rw_verify_area+0xcf/0x6c0 [ 120.423810][ T6287] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 120.423833][ T6287] vfs_write+0x2a0/0x11d0 [ 120.423878][ T6287] ? __pfx_vfs_write+0x10/0x10 [ 120.423904][ T6287] ? find_held_lock+0x2b/0x80 [ 120.423930][ T6287] ? __fget_files+0x204/0x3c0 [ 120.423977][ T6287] ? __fget_files+0x20e/0x3c0 [ 120.424016][ T6287] ksys_write+0x1f8/0x250 [ 120.424045][ T6287] ? __pfx_ksys_write+0x10/0x10 [ 120.424082][ T6287] do_syscall_64+0xcd/0xf80 [ 120.424102][ T6287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.424122][ T6287] RIP: 0033:0x7ff4d3d8f7c9 [ 120.424146][ T6287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.424167][ T6287] RSP: 002b:00007ff4d4ce0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 120.424186][ T6287] RAX: ffffffffffffffda RBX: 00007ff4d3fe5fa0 RCX: 00007ff4d3d8f7c9 [ 120.424199][ T6287] RDX: 000000100000a3d9 RSI: 0000200000000400 RDI: 000000000000000a [ 120.424212][ T6287] RBP: 00007ff4d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 120.424224][ T6287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.424236][ T6287] R13: 00007ff4d3fe6038 R14: 00007ff4d3fe5fa0 R15: 00007ffcdee3bde8 [ 120.424263][ T6287] [ 120.792510][ T6327] netlink: 'syz.0.81': attribute type 1 has an invalid length. [ 122.161822][ T6351] Console: switching to colour VGA+ 80x25 [ 122.640802][ T6365] futex_wake_op: syz.2.88 tries to shift op by -2048; fix this program [ 123.412020][ T6377] netlink: 302 bytes leftover after parsing attributes in process `syz.3.91'. [ 123.831591][ T6116] Process accounting resumed [ 124.004890][ T6389] WARNING! power/level is deprecated; use power/control instead [ 124.331562][ T6397] futex_wake_op: syz.0.97 tries to shift op by -2048; fix this program [ 124.549160][ T6393] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 124.689501][ T6394] zswap: compressor Y not available [ 125.220912][ T6407] [U] [ 125.223767][ T6407] [U] [ 125.226475][ T6407] [U] [ 125.229183][ T6407] [U] [ 125.385116][ T6407] [U] [ 125.387884][ T6407] [U] [ 125.390596][ T6407] [U] [ 125.393289][ T6407] [U] [ 125.473304][ T6406] [U] [ 125.798975][ T6431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.899393][ T6431] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 126.126811][ T6437] netlink: 86 bytes leftover after parsing attributes in process `syz.1.105'. [ 126.233934][ T6441] Unable to find swap-space signature [ 126.689974][ T6454] futex_wake_op: syz.3.106 tries to shift op by -2048; fix this program [ 126.855514][ T6456] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 128.303261][ T6486] Invalid ELF header magic: != ELF [ 128.724520][ T30] audit: type=1800 audit(1768377730.873:3): pid=6498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.116" name="discovery_nqn" dev="configfs" ino=11732 res=0 errno=0 [ 128.852956][ T6506] random: crng reseeded on system resumption [ 129.276835][ T6505] usb usb3: usbfs: interface 0 claimed by hub while 'syz.3.117' sets config #3 [ 129.535681][ T5832] Bluetooth: hci2: Malformed LE Event: 0x0b [ 129.545991][ T6508] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 130.153565][ T6514] FAULT_INJECTION: forcing a failure. [ 130.153565][ T6514] name failslab, interval 1, probability 0, space 0, times 1 [ 130.238388][ T6514] CPU: 0 UID: 0 PID: 6514 Comm: syz.0.119 Tainted: G L syzkaller #0 PREEMPT(full) [ 130.238421][ T6514] Tainted: [L]=SOFTLOCKUP [ 130.238427][ T6514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 130.238439][ T6514] Call Trace: [ 130.238445][ T6514] [ 130.238453][ T6514] dump_stack_lvl+0x16c/0x1f0 [ 130.238489][ T6514] should_fail_ex+0x512/0x640 [ 130.238512][ T6514] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 130.238540][ T6514] should_failslab+0xc2/0x120 [ 130.238572][ T6514] kmem_cache_alloc_noprof+0x83/0x770 [ 130.238596][ T6514] ? skb_clone+0x190/0x3f0 [ 130.238628][ T6514] ? skb_clone+0x190/0x3f0 [ 130.238653][ T6514] skb_clone+0x190/0x3f0 [ 130.238681][ T6514] netlink_deliver_tap+0xabd/0xd30 [ 130.238734][ T6514] netlink_unicast+0x64c/0x870 [ 130.238766][ T6514] ? __pfx_netlink_unicast+0x10/0x10 [ 130.238803][ T6514] netlink_sendmsg+0x8c8/0xdd0 [ 130.238835][ T6514] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.238867][ T6514] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 130.238904][ T6514] ____sys_sendmsg+0xa5d/0xc30 [ 130.238923][ T6514] ? copy_msghdr_from_user+0x10a/0x160 [ 130.238948][ T6514] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.238972][ T6514] ? __pfx_futex_wake_mark+0x10/0x10 [ 130.239001][ T6514] ___sys_sendmsg+0x134/0x1d0 [ 130.239028][ T6514] ? __pfx____sys_sendmsg+0x10/0x10 [ 130.239053][ T6514] ? futex_private_hash_put+0x160/0x1b0 [ 130.239100][ T6514] __sys_sendmsg+0x16d/0x220 [ 130.239126][ T6514] ? __pfx___sys_sendmsg+0x10/0x10 [ 130.239151][ T6514] ? __x64_sys_futex+0x1e0/0x4c0 [ 130.239186][ T6514] do_syscall_64+0xcd/0xf80 [ 130.239205][ T6514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.239224][ T6514] RIP: 0033:0x7f7553d8f7c9 [ 130.239238][ T6514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.239256][ T6514] RSP: 002b:00007f7554b94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 130.239273][ T6514] RAX: ffffffffffffffda RBX: 00007f7553fe5fa0 RCX: 00007f7553d8f7c9 [ 130.239285][ T6514] RDX: 0000000000004000 RSI: 0000200000000480 RDI: 0000000000000006 [ 130.239296][ T6514] RBP: 00007f7553e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 130.239307][ T6514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.239318][ T6514] R13: 00007f7553fe6038 R14: 00007f7553fe5fa0 R15: 00007ffd29eaec08 [ 130.239342][ T6514] [ 131.276175][ T6533] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 131.774466][ T6538] netlink: 326 bytes leftover after parsing attributes in process `syz.3.125'. [ 132.342943][ T6555] netlink: 'syz.3.128': attribute type 11 has an invalid length. [ 132.402480][ T6555] netlink: 'syz.3.128': attribute type 11 has an invalid length. [ 132.449723][ T6555] netlink: 'syz.3.128': attribute type 11 has an invalid length. [ 132.555111][ T6555] netlink: 'syz.3.128': attribute type 11 has an invalid length. [ 132.689671][ T6555] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 133.278129][ T6583] capability: warning: `syz.1.131' uses 32-bit capabilities (legacy support in use) [ 134.006282][ T6589] FAULT_INJECTION: forcing a failure. [ 134.006282][ T6589] name failslab, interval 1, probability 0, space 0, times 0 [ 134.070908][ T6589] CPU: 0 UID: 0 PID: 6589 Comm: syz.0.133 Tainted: G L syzkaller #0 PREEMPT(full) [ 134.070942][ T6589] Tainted: [L]=SOFTLOCKUP [ 134.070949][ T6589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 134.070961][ T6589] Call Trace: [ 134.070967][ T6589] [ 134.070975][ T6589] dump_stack_lvl+0x16c/0x1f0 [ 134.071012][ T6589] should_fail_ex+0x512/0x640 [ 134.071037][ T6589] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 134.071065][ T6589] should_failslab+0xc2/0x120 [ 134.071117][ T6589] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 134.071147][ T6589] ? __d_alloc+0x35/0xa80 [ 134.071171][ T6589] ? __d_alloc+0x35/0xa80 [ 134.071192][ T6589] __d_alloc+0x35/0xa80 [ 134.071222][ T6589] ? stack_trace_save+0x8e/0xc0 [ 134.071256][ T6589] d_alloc_parallel+0x111/0x1510 [ 134.071293][ T6589] ? __pfx_d_alloc_parallel+0x10/0x10 [ 134.071321][ T6589] ? lockdep_init_map_type+0x5c/0x270 [ 134.071343][ T6589] ? lockdep_init_map_type+0x5c/0x270 [ 134.071368][ T6589] __lookup_slow+0x193/0x460 [ 134.071392][ T6589] ? __pfx___lookup_slow+0x10/0x10 [ 134.071434][ T6589] ? __d_lookup+0x266/0x4a0 [ 134.071465][ T6589] lookup_slow+0x50/0x70 [ 134.071488][ T6589] link_path_walk+0x12d8/0x1c70 [ 134.071525][ T6589] path_openat+0x1bd/0x3140 [ 134.071554][ T6589] ? do_syscall_64+0xcd/0xf80 [ 134.071571][ T6589] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.071600][ T6589] ? __pfx_path_openat+0x10/0x10 [ 134.071641][ T6589] do_filp_open+0x20b/0x470 [ 134.071675][ T6589] ? __pfx_do_filp_open+0x10/0x10 [ 134.071726][ T6589] ? alloc_fd+0x471/0x7d0 [ 134.071763][ T6589] do_sys_openat2+0x121/0x290 [ 134.071787][ T6589] ? __pfx_do_sys_openat2+0x10/0x10 [ 134.071820][ T6589] __x64_sys_openat+0x174/0x210 [ 134.071844][ T6589] ? __pfx___x64_sys_openat+0x10/0x10 [ 134.071878][ T6589] do_syscall_64+0xcd/0xf80 [ 134.071898][ T6589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.071918][ T6589] RIP: 0033:0x7f7553d8f7c9 [ 134.071942][ T6589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.071963][ T6589] RSP: 002b:00007f7554b73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 134.071982][ T6589] RAX: ffffffffffffffda RBX: 00007f7553fe6090 RCX: 00007f7553d8f7c9 [ 134.071996][ T6589] RDX: 0000000000182b02 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 134.072009][ T6589] RBP: 00007f7553e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 134.072021][ T6589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.072033][ T6589] R13: 00007f7553fe6128 R14: 00007f7553fe6090 R15: 00007ffd29eaec08 [ 134.072060][ T6589] [ 134.348368][ T6596] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 134.365457][ T6596] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 136.011990][ T6632] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 136.053153][ T6629] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 136.555432][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 136.572033][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.170872][ T6672] netlink: 28 bytes leftover after parsing attributes in process `syz.2.150'. [ 138.858725][ T6688] futex_wake_op: syz.1.153 tries to shift op by -2048; fix this program [ 139.151460][ T6690] dlm: plock device version mismatch: kernel (1.2.0), user (1489226698.240317300.1121487582) [ 139.532526][ T6697] netlink: 4 bytes leftover after parsing attributes in process `syz.0.156'. [ 141.156985][ T6728] FAULT_INJECTION: forcing a failure. [ 141.156985][ T6728] name failslab, interval 1, probability 0, space 0, times 0 [ 141.205993][ T6727] netlink: 25 bytes leftover after parsing attributes in process `syz.3.162'. [ 141.222171][ T6728] CPU: 0 UID: 0 PID: 6728 Comm: syz.2.163 Tainted: G L syzkaller #0 PREEMPT(full) [ 141.222203][ T6728] Tainted: [L]=SOFTLOCKUP [ 141.222210][ T6728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 141.222221][ T6728] Call Trace: [ 141.222227][ T6728] [ 141.222234][ T6728] dump_stack_lvl+0x16c/0x1f0 [ 141.222270][ T6728] should_fail_ex+0x512/0x640 [ 141.222292][ T6728] ? kmem_cache_alloc_noprof+0x62/0x770 [ 141.222319][ T6728] should_failslab+0xc2/0x120 [ 141.222349][ T6728] kmem_cache_alloc_noprof+0x83/0x770 [ 141.222372][ T6728] ? __kernfs_new_node+0xd2/0x9b0 [ 141.222399][ T6728] ? __kernfs_new_node+0xd2/0x9b0 [ 141.222420][ T6728] __kernfs_new_node+0xd2/0x9b0 [ 141.222446][ T6728] ? __pfx___kernfs_new_node+0x10/0x10 [ 141.222474][ T6728] ? find_held_lock+0x2b/0x80 [ 141.222500][ T6728] ? kernfs_root+0xee/0x2a0 [ 141.222527][ T6728] kernfs_new_node+0x13c/0x1e0 [ 141.222558][ T6728] __kernfs_create_file+0x53/0x350 [ 141.222592][ T6728] sysfs_add_file_mode_ns+0x207/0x3c0 [ 141.222619][ T6728] internal_create_group+0x597/0xf70 [ 141.222649][ T6728] ? __pfx_internal_create_group+0x10/0x10 [ 141.222677][ T6728] ? kernfs_create_link+0x1bd/0x240 [ 141.222711][ T6728] internal_create_groups+0x9d/0x150 [ 141.222738][ T6728] device_add+0x6f7/0x1980 [ 141.222769][ T6728] ? __pfx_device_add+0x10/0x10 [ 141.222796][ T6728] ? lockdep_init_map_type+0x5c/0x270 [ 141.222816][ T6728] ? __init_waitqueue_head+0xca/0x150 [ 141.222845][ T6728] rfkill_register+0x1ad/0xb40 [ 141.222874][ T6728] nfc_register_device+0x11f/0x410 [ 141.222907][ T6728] nci_register_device+0x7f1/0xb80 [ 141.222933][ T6728] ? __pfx_nci_register_device+0x10/0x10 [ 141.222966][ T6728] ? lockdep_init_map_type+0x5c/0x270 [ 141.222990][ T6728] virtual_ncidev_open+0x141/0x220 [ 141.223017][ T6728] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 141.223036][ T6728] misc_open+0x26d/0x450 [ 141.223060][ T6728] ? __pfx_misc_open+0x10/0x10 [ 141.223081][ T6728] chrdev_open+0x234/0x6a0 [ 141.223111][ T6728] ? __pfx_apparmor_file_open+0x10/0x10 [ 141.223131][ T6728] ? __pfx_chrdev_open+0x10/0x10 [ 141.223163][ T6728] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 141.223199][ T6728] do_dentry_open+0x748/0x1590 [ 141.223227][ T6728] ? __pfx_chrdev_open+0x10/0x10 [ 141.223265][ T6728] vfs_open+0x82/0x3f0 [ 141.223288][ T6728] path_openat+0x2078/0x3140 [ 141.223326][ T6728] ? __pfx_path_openat+0x10/0x10 [ 141.223365][ T6728] do_filp_open+0x20b/0x470 [ 141.223395][ T6728] ? __pfx_do_filp_open+0x10/0x10 [ 141.223442][ T6728] ? alloc_fd+0x471/0x7d0 [ 141.223478][ T6728] do_sys_openat2+0x121/0x290 [ 141.223499][ T6728] ? __pfx_do_sys_openat2+0x10/0x10 [ 141.223530][ T6728] __x64_sys_openat+0x174/0x210 [ 141.223552][ T6728] ? __pfx___x64_sys_openat+0x10/0x10 [ 141.223585][ T6728] do_syscall_64+0xcd/0xf80 [ 141.223605][ T6728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.223624][ T6728] RIP: 0033:0x7ff4d3d8f7c9 [ 141.223640][ T6728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.223658][ T6728] RSP: 002b:00007ff4d4cbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 141.223677][ T6728] RAX: ffffffffffffffda RBX: 00007ff4d3fe6090 RCX: 00007ff4d3d8f7c9 [ 141.223689][ T6728] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 141.223701][ T6728] RBP: 00007ff4d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 141.223713][ T6728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 141.223724][ T6728] R13: 00007ff4d3fe6128 R14: 00007ff4d3fe6090 R15: 00007ffcdee3bde8 [ 141.223750][ T6728] [ 141.741362][ T6735] FAULT_INJECTION: forcing a failure. [ 141.741362][ T6735] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 141.755088][ T6735] CPU: 0 UID: 0 PID: 6735 Comm: syz.1.165 Tainted: G L syzkaller #0 PREEMPT(full) [ 141.755120][ T6735] Tainted: [L]=SOFTLOCKUP [ 141.755127][ T6735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 141.755139][ T6735] Call Trace: [ 141.755145][ T6735] [ 141.755152][ T6735] dump_stack_lvl+0x16c/0x1f0 [ 141.755187][ T6735] should_fail_ex+0x512/0x640 [ 141.755213][ T6735] should_fail_alloc_page+0xe7/0x130 [ 141.755246][ T6735] prepare_alloc_pages+0x401/0x670 [ 141.755276][ T6735] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 141.755309][ T6735] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 141.755338][ T6735] ? kasan_save_stack+0x42/0x60 [ 141.755368][ T6735] ? __lock_acquire+0x436/0x2890 [ 141.755387][ T6735] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 141.755420][ T6735] ? __lock_acquire+0x436/0x2890 [ 141.755442][ T6735] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 141.755473][ T6735] ? policy_nodemask+0xea/0x4e0 [ 141.755504][ T6735] alloc_pages_mpol+0x1fb/0x550 [ 141.755535][ T6735] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 141.755566][ T6735] ? __anon_vma_prepare+0x2db/0x5e0 [ 141.755591][ T6735] folio_alloc_mpol_noprof+0x36/0x2f0 [ 141.755612][ T6735] vma_alloc_folio_noprof+0xed/0x1e0 [ 141.755632][ T6735] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 141.755650][ T6735] ? __anon_vma_prepare+0x2e2/0x5e0 [ 141.755678][ T6735] do_fault+0x219/0x1ad0 [ 141.755706][ T6735] ? __pfx_filemap_map_pages+0x10/0x10 [ 141.755732][ T6735] __handle_mm_fault+0x1919/0x2bb0 [ 141.755757][ T6735] ? mark_held_locks+0x49/0x80 [ 141.755774][ T6735] ? __pfx___handle_mm_fault+0x10/0x10 [ 141.755793][ T6735] ? lockdep_hardirqs_on+0x7c/0x110 [ 141.755824][ T6735] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 141.755853][ T6735] ? rcu_preempt_deferred_qs_irqrestore+0x500/0xbc0 [ 141.755885][ T6735] ? follow_page_pte+0x5cf/0x1390 [ 141.755919][ T6735] handle_mm_fault+0x3fe/0xad0 [ 141.755950][ T6735] __get_user_pages+0x54e/0x3590 [ 141.755991][ T6735] ? __pfx___get_user_pages+0x10/0x10 [ 141.756027][ T6735] populate_vma_page_range+0x267/0x3f0 [ 141.756060][ T6735] ? __pfx_populate_vma_page_range+0x10/0x10 [ 141.756091][ T6735] ? __pfx_find_vma_intersection+0x10/0x10 [ 141.756120][ T6735] ? do_mmap+0x69c/0x1210 [ 141.756151][ T6735] __mm_populate+0x1d8/0x380 [ 141.756182][ T6735] ? __pfx___mm_populate+0x10/0x10 [ 141.756215][ T6735] ? up_write+0x282/0x4e0 [ 141.756238][ T6735] vm_mmap_pgoff+0x37f/0x470 [ 141.756269][ T6735] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 141.756301][ T6735] ? __fget_files+0x20e/0x3c0 [ 141.756333][ T6735] ksys_mmap_pgoff+0x32c/0x5c0 [ 141.756361][ T6735] ? __pfx_ksys_write+0x10/0x10 [ 141.756392][ T6735] __x64_sys_mmap+0x125/0x190 [ 141.756414][ T6735] do_syscall_64+0xcd/0xf80 [ 141.756433][ T6735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.756454][ T6735] RIP: 0033:0x7f1ccbf8f7c9 [ 141.756469][ T6735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.756487][ T6735] RSP: 002b:00007f1cca1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 141.756505][ T6735] RAX: ffffffffffffffda RBX: 00007f1ccc1e6090 RCX: 00007f1ccbf8f7c9 [ 141.756518][ T6735] RDX: 0000000000000003 RSI: 0000000000000009 RDI: 0000000000000000 [ 141.756530][ T6735] RBP: 00007f1ccc013f91 R08: 0000000000000003 R09: 0000000000008000 [ 141.756541][ T6735] R10: 0000000000008012 R11: 0000000000000246 R12: 0000000000000000 [ 141.756552][ T6735] R13: 00007f1ccc1e6128 R14: 00007f1ccc1e6090 R15: 00007fff37c4e098 [ 141.756578][ T6735] [ 143.231288][ T6735] NFSD: Failed to start, no listeners configured. [ 143.898532][ T6765] __vm_enough_memory: pid: 6765, comm: syz.0.167, bytes: 4398046511104 not enough memory for the allocation [ 146.143961][ T6822] delete_channel: no stack [ 146.169357][ T6822] delete_channel: no stack [ 146.198308][ T6822] delete_channel: no stack [ 146.202863][ T6822] delete_channel: no stack [ 146.222237][ T6822] delete_channel: no stack [ 146.226782][ T6822] delete_channel: no stack [ 146.249297][ T6822] delete_channel: no stack [ 146.256959][ T6822] delete_channel: no stack [ 146.274191][ T6822] delete_channel: no stack [ 146.283151][ T6826] netlink: 'syz.1.181': attribute type 11 has an invalid length. [ 146.291186][ T6822] delete_channel: no stack [ 146.295711][ T6822] delete_channel: no stack [ 146.308036][ T6822] delete_channel: no stack [ 146.317982][ T6822] delete_channel: no stack [ 146.324793][ T6826] netlink: 'syz.1.181': attribute type 11 has an invalid length. [ 146.333427][ T6822] delete_channel: no stack [ 146.338973][ T6822] delete_channel: no stack [ 146.347735][ T6822] delete_channel: no stack [ 146.355514][ T6826] netlink: 'syz.1.181': attribute type 11 has an invalid length. [ 146.363569][ T6822] delete_channel: no stack [ 146.368531][ T6822] delete_channel: no stack [ 146.373059][ T6822] delete_channel: no stack [ 146.388721][ T6822] delete_channel: no stack [ 146.397602][ T6827] netlink: 'syz.1.181': attribute type 11 has an invalid length. [ 146.405559][ T6822] delete_channel: no stack [ 146.410762][ T6822] delete_channel: no stack [ 146.415291][ T6822] delete_channel: no stack [ 146.427023][ T6827] netlink: 'syz.1.181': attribute type 11 has an invalid length. [ 146.434968][ T6822] delete_channel: no stack [ 146.440611][ T6822] delete_channel: no stack [ 146.448887][ T6822] delete_channel: no stack [ 146.453443][ T6822] delete_channel: no stack [ 146.539484][ T6827] netlink: 'syz.1.181': attribute type 11 has an invalid length. [ 147.929142][ T6810] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 147.935301][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 148.324323][ T6810] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 148.341288][ T6810] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 148.356002][ T6810] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 148.375861][ T6810] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 148.867105][ T6862] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 149.544908][ T6870] cougar: G6 mapped to space [ 150.000962][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 150.154014][ T6881] FAULT_INJECTION: forcing a failure. [ 150.154014][ T6881] name failslab, interval 1, probability 0, space 0, times 0 [ 150.262666][ T6881] CPU: 0 UID: 0 PID: 6881 Comm: syz.1.193 Tainted: G L syzkaller #0 PREEMPT(full) [ 150.262698][ T6881] Tainted: [L]=SOFTLOCKUP [ 150.262705][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 150.262716][ T6881] Call Trace: [ 150.262722][ T6881] [ 150.262730][ T6881] dump_stack_lvl+0x16c/0x1f0 [ 150.262764][ T6881] should_fail_ex+0x512/0x640 [ 150.262786][ T6881] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 150.262814][ T6881] should_failslab+0xc2/0x120 [ 150.262845][ T6881] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 150.262869][ T6881] ? __d_lookup+0x25c/0x4a0 [ 150.262892][ T6881] ? __d_alloc+0x35/0xa80 [ 150.262913][ T6881] ? __d_alloc+0x35/0xa80 [ 150.262927][ T6881] __d_alloc+0x35/0xa80 [ 150.262946][ T6881] d_alloc+0x4a/0x1e0 [ 150.262964][ T6881] lookup_one_qstr_excl+0x175/0x250 [ 150.262989][ T6881] start_dirop+0x59/0xb0 [ 150.263016][ T6881] simple_start_creating+0xf4/0x100 [ 150.263043][ T6881] ? __pfx_simple_start_creating+0x10/0x10 [ 150.263069][ T6881] ? do_raw_spin_unlock+0x172/0x230 [ 150.263094][ T6881] ? simple_pin_fs+0xa3/0x190 [ 150.263119][ T6881] debugfs_start_creating.part.0+0x86/0x1c0 [ 150.263160][ T6881] __debugfs_create_file+0xb3/0x530 [ 150.263184][ T6881] debugfs_create_file_full+0x41/0x60 [ 150.263206][ T6881] ref_tracker_dir_debugfs+0x19d/0x2f0 [ 150.263249][ T6881] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 150.263304][ T6881] ? lockdep_init_map_type+0x5c/0x270 [ 150.263331][ T6881] preinit_net.part.0+0x24e/0x8f0 [ 150.263371][ T6881] copy_net_ns+0x4cd/0x7c0 [ 150.263409][ T6881] create_new_namespaces+0x3ea/0xab0 [ 150.263456][ T6881] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 150.263493][ T6881] ksys_unshare+0x45b/0xa40 [ 150.263530][ T6881] ? __pfx_ksys_unshare+0x10/0x10 [ 150.263567][ T6881] ? xfd_validate_state+0x61/0x180 [ 150.263596][ T6881] __x64_sys_unshare+0x31/0x40 [ 150.263616][ T6881] do_syscall_64+0xcd/0xf80 [ 150.263638][ T6881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.263661][ T6881] RIP: 0033:0x7f1ccbf8f7c9 [ 150.263678][ T6881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.263703][ T6881] RSP: 002b:00007f1cccd5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 150.263724][ T6881] RAX: ffffffffffffffda RBX: 00007f1ccc1e5fa0 RCX: 00007f1ccbf8f7c9 [ 150.263738][ T6881] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 150.263752][ T6881] RBP: 00007f1ccc013f91 R08: 0000000000000000 R09: 0000000000000000 [ 150.263765][ T6881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 150.263778][ T6881] R13: 00007f1ccc1e6038 R14: 00007f1ccc1e5fa0 R15: 00007fff37c4e098 [ 150.263808][ T6881] [ 150.966847][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 150.972886][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 151.144384][ T6889] netlink: 8 bytes leftover after parsing attributes in process `syz.2.195'. [ 151.936207][ T6898] FAULT_INJECTION: forcing a failure. [ 151.936207][ T6898] name fail_futex, interval 1, probability 0, space 0, times 1 [ 152.067662][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 152.108555][ T6898] CPU: 0 UID: 0 PID: 6898 Comm: syz.0.197 Tainted: G L syzkaller #0 PREEMPT(full) [ 152.108590][ T6898] Tainted: [L]=SOFTLOCKUP [ 152.108597][ T6898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 152.108610][ T6898] Call Trace: [ 152.108616][ T6898] [ 152.108624][ T6898] dump_stack_lvl+0x16c/0x1f0 [ 152.108675][ T6898] should_fail_ex+0x512/0x640 [ 152.108702][ T6898] get_futex_key+0x1d0/0x15f0 [ 152.108724][ T6898] ? stack_trace_save+0x8e/0xc0 [ 152.108756][ T6898] ? __pfx_get_futex_key+0x10/0x10 [ 152.108776][ T6898] ? stack_depot_save_flags+0x29/0x9b0 [ 152.108799][ T6898] ? stack_trace_save+0x8e/0xc0 [ 152.108848][ T6898] futex_wait_setup+0x9d/0x570 [ 152.108880][ T6898] __futex_wait+0x193/0x2f0 [ 152.108907][ T6898] ? __pfx___futex_wait+0x10/0x10 [ 152.108936][ T6898] ? __pfx_futex_wake_mark+0x10/0x10 [ 152.108965][ T6898] ? futex_hash+0x2c5/0x380 [ 152.108986][ T6898] ? futex_private_hash_put+0x160/0x1b0 [ 152.109008][ T6898] futex_wait+0xe8/0x380 [ 152.109033][ T6898] ? __pfx_futex_wait+0x10/0x10 [ 152.109064][ T6898] ? rcu_is_watching+0x12/0xc0 [ 152.109095][ T6898] do_futex+0x229/0x350 [ 152.109116][ T6898] ? __pfx_do_futex+0x10/0x10 [ 152.109144][ T6898] __x64_sys_futex+0x1e0/0x4c0 [ 152.109166][ T6898] ? fd_install+0x223/0x570 [ 152.109193][ T6898] ? __pfx___x64_sys_futex+0x10/0x10 [ 152.109224][ T6898] do_syscall_64+0xcd/0xf80 [ 152.109242][ T6898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.109261][ T6898] RIP: 0033:0x7f7553d8f7c9 [ 152.109276][ T6898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.109293][ T6898] RSP: 002b:00007f7554b940e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 152.109310][ T6898] RAX: ffffffffffffffda RBX: 00007f7553fe5fa8 RCX: 00007f7553d8f7c9 [ 152.109322][ T6898] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7553fe5fa8 [ 152.109334][ T6898] RBP: 00007f7553fe5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 152.109345][ T6898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.109361][ T6898] R13: 00007f7553fe6038 R14: 00007ffd29eaeb20 R15: 00007ffd29eaec08 [ 152.109386][ T6898] [ 153.766539][ T6914] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 153.881735][ T6915] process 'syz.3.198' launched '/dev/fd/3/./file0' with NULL argv: empty string added [ 154.046076][ T3783] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.113572][ T6909] Process accounting paused [ 154.536474][ T6928] cougar: G6 mapped to space [ 154.891227][ T6921] netlink: 186 bytes leftover after parsing attributes in process `syz.2.200'. [ 155.041016][ T6926] Invalid ELF header magic: != ELF [ 156.519590][ T6959] FAULT_INJECTION: forcing a failure. [ 156.519590][ T6959] name failslab, interval 1, probability 0, space 0, times 0 [ 156.584323][ T6963] zswap: compressor not available [ 156.651453][ T6959] CPU: 0 UID: 0 PID: 6959 Comm: syz.2.210 Tainted: G L syzkaller #0 PREEMPT(full) [ 156.651487][ T6959] Tainted: [L]=SOFTLOCKUP [ 156.651494][ T6959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 156.651505][ T6959] Call Trace: [ 156.651512][ T6959] [ 156.651520][ T6959] dump_stack_lvl+0x16c/0x1f0 [ 156.651559][ T6959] should_fail_ex+0x512/0x640 [ 156.651582][ T6959] ? kmem_cache_alloc_noprof+0x62/0x770 [ 156.651610][ T6959] should_failslab+0xc2/0x120 [ 156.651642][ T6959] kmem_cache_alloc_noprof+0x83/0x770 [ 156.651667][ T6959] ? __proc_create+0x2c8/0x8d0 [ 156.651700][ T6959] ? __proc_create+0x2c8/0x8d0 [ 156.651726][ T6959] __proc_create+0x2c8/0x8d0 [ 156.651754][ T6959] ? __pfx___proc_create+0x10/0x10 [ 156.651780][ T6959] ? __lock_acquire+0x436/0x2890 [ 156.651803][ T6959] ? _raw_write_unlock+0x28/0x50 [ 156.651833][ T6959] ? proc_register+0x559/0x8b0 [ 156.651864][ T6959] proc_create_reg+0x7d/0x180 [ 156.651895][ T6959] proc_create_data+0x86/0x110 [ 156.651924][ T6959] ? __pfx_proc_create_data+0x10/0x10 [ 156.651961][ T6959] gss_svc_init_net+0x2ec/0x660 [ 156.651991][ T6959] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 156.652012][ T6959] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 156.652043][ T6959] ops_init+0x1e2/0x5f0 [ 156.652076][ T6959] setup_net+0x11d/0x3a0 [ 156.652106][ T6959] ? __pfx_setup_net+0x10/0x10 [ 156.652133][ T6959] ? lockdep_init_map_type+0x5c/0x270 [ 156.652154][ T6959] ? mutex_init_lockep+0x110/0x150 [ 156.652178][ T6959] copy_net_ns+0x351/0x7c0 [ 156.652213][ T6959] create_new_namespaces+0x3ea/0xab0 [ 156.652247][ T6959] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 156.652278][ T6959] ksys_unshare+0x45b/0xa40 [ 156.652318][ T6959] ? __pfx_ksys_unshare+0x10/0x10 [ 156.652353][ T6959] ? xfd_validate_state+0x61/0x180 [ 156.652379][ T6959] __x64_sys_unshare+0x31/0x40 [ 156.652397][ T6959] do_syscall_64+0xcd/0xf80 [ 156.652417][ T6959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.652438][ T6959] RIP: 0033:0x7ff4d3d8f7c9 [ 156.652454][ T6959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.652474][ T6959] RSP: 002b:00007ff4d4ce0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 156.652493][ T6959] RAX: ffffffffffffffda RBX: 00007ff4d3fe5fa0 RCX: 00007ff4d3d8f7c9 [ 156.652506][ T6959] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 156.652519][ T6959] RBP: 00007ff4d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 156.652531][ T6959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.652543][ T6959] R13: 00007ff4d3fe6038 R14: 00007ff4d3fe5fa0 R15: 00007ffcdee3bde8 [ 156.652570][ T6959] [ 157.374281][ T6960] delete_channel: no stack [ 157.588534][ T6977] netlink: 8 bytes leftover after parsing attributes in process `syz.0.211'. [ 157.774691][ T6980] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 158.547878][ T7003] futex_wake_op: syz.0.215 tries to shift op by -2048; fix this program [ 159.333768][ T7010] netlink: 186 bytes leftover after parsing attributes in process `syz.1.218'. [ 159.454066][ T7010] Invalid ELF header magic: != ELF [ 160.832228][ T7046] futex_wake_op: syz.2.225 tries to shift op by -2048; fix this program [ 161.119821][ T7054] FAULT_INJECTION: forcing a failure. [ 161.119821][ T7054] name failslab, interval 1, probability 0, space 0, times 0 [ 161.169347][ T7054] CPU: 0 UID: 0 PID: 7054 Comm: syz.2.228 Tainted: G L syzkaller #0 PREEMPT(full) [ 161.169378][ T7054] Tainted: [L]=SOFTLOCKUP [ 161.169384][ T7054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 161.169395][ T7054] Call Trace: [ 161.169401][ T7054] [ 161.169408][ T7054] dump_stack_lvl+0x16c/0x1f0 [ 161.169442][ T7054] should_fail_ex+0x512/0x640 [ 161.169464][ T7054] ? __kmalloc_noprof+0xca/0x910 [ 161.169487][ T7054] should_failslab+0xc2/0x120 [ 161.169516][ T7054] __kmalloc_noprof+0xeb/0x910 [ 161.169537][ T7054] ? alloc_pipe_info+0x1ec/0x590 [ 161.169570][ T7054] ? alloc_pipe_info+0x1ec/0x590 [ 161.169596][ T7054] alloc_pipe_info+0x1ec/0x590 [ 161.169627][ T7054] splice_direct_to_actor+0x77d/0xa30 [ 161.169657][ T7054] ? __lock_acquire+0x436/0x2890 [ 161.169673][ T7054] ? __pfx_direct_splice_actor+0x10/0x10 [ 161.169701][ T7054] ? __pfx_aa_file_perm+0x10/0x10 [ 161.169729][ T7054] ? find_held_lock+0x2b/0x80 [ 161.169753][ T7054] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 161.169786][ T7054] ? get_pid_task+0xfc/0x250 [ 161.169809][ T7054] do_splice_direct+0x174/0x240 [ 161.169837][ T7054] ? __pfx_do_splice_direct+0x10/0x10 [ 161.169865][ T7054] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 161.169896][ T7054] ? rw_verify_area+0xcf/0x6c0 [ 161.169923][ T7054] do_sendfile+0xb06/0xe50 [ 161.169952][ T7054] ? __pfx_do_sendfile+0x10/0x10 [ 161.169978][ T7054] ? __fget_files+0x20e/0x3c0 [ 161.170010][ T7054] __x64_sys_sendfile64+0x1d8/0x220 [ 161.170028][ T7054] ? ksys_write+0x1ac/0x250 [ 161.170054][ T7054] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 161.170079][ T7054] do_syscall_64+0xcd/0xf80 [ 161.170098][ T7054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.170117][ T7054] RIP: 0033:0x7ff4d3d8f7c9 [ 161.170131][ T7054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.170149][ T7054] RSP: 002b:00007ff4d4ce0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 161.170167][ T7054] RAX: ffffffffffffffda RBX: 00007ff4d3fe5fa0 RCX: 00007ff4d3d8f7c9 [ 161.170179][ T7054] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 161.170192][ T7054] RBP: 00007ff4d4ce0090 R08: 0000000000000000 R09: 0000000000000000 [ 161.170204][ T7054] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 161.170214][ T7054] R13: 00007ff4d3fe6038 R14: 00007ff4d3fe5fa0 R15: 00007ffcdee3bde8 [ 161.170239][ T7054] [ 162.901418][ T7073] netlink: 8 bytes leftover after parsing attributes in process `syz.1.232'. [ 163.171595][ T7068] netlink: 186 bytes leftover after parsing attributes in process `syz.3.231'. [ 163.319222][ T7075] Invalid ELF header magic: != ELF [ 163.737197][ T7074] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 163.807540][ T7074] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 163.868433][ T7074] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 163.906882][ T7074] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 165.120436][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 165.836959][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 165.915839][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 165.921880][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 166.098012][ T7106] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 167.067796][ T7123] bridge0: port 3(team0) entered blocking state [ 167.090154][ T7123] bridge0: port 3(team0) entered disabled state [ 167.120672][ T7123] team0: entered allmulticast mode [ 167.147744][ T7123] team_slave_0: entered allmulticast mode [ 167.168132][ T7123] team_slave_1: entered allmulticast mode [ 167.197030][ T7123] team0: entered promiscuous mode [ 167.219964][ T7123] team_slave_0: entered promiscuous mode [ 167.245497][ T7123] team_slave_1: entered promiscuous mode [ 167.269405][ T7123] bridge0: port 3(team0) entered blocking state [ 167.275927][ T7123] bridge0: port 3(team0) entered forwarding state [ 168.461733][ T7136] FAULT_INJECTION: forcing a failure. [ 168.461733][ T7136] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 168.519089][ T7136] CPU: 0 UID: 0 PID: 7136 Comm: syz.3.244 Tainted: G L syzkaller #0 PREEMPT(full) [ 168.519133][ T7136] Tainted: [L]=SOFTLOCKUP [ 168.519140][ T7136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 168.519152][ T7136] Call Trace: [ 168.519158][ T7136] [ 168.519166][ T7136] dump_stack_lvl+0x16c/0x1f0 [ 168.519204][ T7136] should_fail_ex+0x512/0x640 [ 168.519232][ T7136] should_fail_alloc_page+0xe7/0x130 [ 168.519267][ T7136] prepare_alloc_pages+0x401/0x670 [ 168.519310][ T7136] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 168.519337][ T7136] ? __pfx_try_to_migrate_one+0x10/0x10 [ 168.519366][ T7136] ? __up_read+0x2d1/0x700 [ 168.519391][ T7136] ? __pfx___up_read+0x10/0x10 [ 168.519413][ T7136] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 168.519438][ T7136] ? rmap_walk_anon+0x559/0x790 [ 168.519493][ T7136] __folio_alloc_noprof+0x11/0x220 [ 168.519518][ T7136] alloc_migration_target+0x1a0/0x560 [ 168.519555][ T7136] migrate_pages_batch+0x3bc/0x3bb0 [ 168.519579][ T7136] ? __pfx_alloc_migration_target+0x10/0x10 [ 168.519633][ T7136] ? __pfx_migrate_pages_batch+0x10/0x10 [ 168.519657][ T7136] ? __pfx_walk_pgd_range+0x10/0x10 [ 168.519684][ T7136] migrate_pages_sync+0x12d/0x8a0 [ 168.519705][ T7136] ? __pfx_alloc_migration_target+0x10/0x10 [ 168.519741][ T7136] ? queue_pages_test_walk+0x279/0x410 [ 168.519759][ T7136] ? __pfx_migrate_pages_sync+0x10/0x10 [ 168.519780][ T7136] ? walk_page_test+0x9b/0x180 [ 168.519805][ T7136] ? walk_page_range_mm_unsafe+0x235/0xb40 [ 168.519835][ T7136] migrate_pages+0x1b0b/0x2350 [ 168.519857][ T7136] ? __pfx_alloc_migration_target+0x10/0x10 [ 168.519896][ T7136] ? __pfx_migrate_pages+0x10/0x10 [ 168.519916][ T7136] ? queue_pages_range+0x11e/0x180 [ 168.519947][ T7136] ? __pfx___up_read+0x10/0x10 [ 168.519968][ T7136] ? do_migrate_pages+0x45b/0x750 [ 168.520002][ T7136] do_migrate_pages+0x491/0x750 [ 168.520038][ T7136] ? __pfx_do_migrate_pages+0x10/0x10 [ 168.520073][ T7136] ? rcu_is_watching+0x12/0xc0 [ 168.520100][ T7136] ? cap_capable+0x10d/0x3f0 [ 168.520116][ T7136] ? get_task_mm+0xc2/0xf0 [ 168.520142][ T7136] ? security_capable+0x250/0x260 [ 168.520176][ T7136] kernel_migrate_pages+0x55b/0x700 [ 168.520206][ T7136] ? __pfx_kernel_migrate_pages+0x10/0x10 [ 168.520238][ T7136] ? __pfx_do_writev+0x10/0x10 [ 168.520268][ T7136] __x64_sys_migrate_pages+0x96/0x100 [ 168.520304][ T7136] ? lockdep_hardirqs_on+0x7c/0x110 [ 168.520336][ T7136] do_syscall_64+0xcd/0xf80 [ 168.520355][ T7136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.520375][ T7136] RIP: 0033:0x7f54d278f7c9 [ 168.520391][ T7136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.520409][ T7136] RSP: 002b:00007f54d3579038 EFLAGS: 00000246 ORIG_RAX: 0000000000000100 [ 168.520427][ T7136] RAX: ffffffffffffffda RBX: 00007f54d29e5fa0 RCX: 00007f54d278f7c9 [ 168.520440][ T7136] RDX: 0000200000000100 RSI: 000000000000000a RDI: 0000000000000000 [ 168.520451][ T7136] RBP: 00007f54d2813f91 R08: 0000000000000000 R09: 0000000000000000 [ 168.520462][ T7136] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000000 [ 168.520474][ T7136] R13: 00007f54d29e6038 R14: 00007f54d29e5fa0 R15: 00007ffcb660c1f8 [ 168.520499][ T7136] [ 169.979079][ T7143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.246'. [ 175.591346][ T7236] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 175.724685][ T7239] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 177.258297][ T7255] netlink: 'syz.3.266': attribute type 11 has an invalid length. [ 178.205837][ T7283] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 178.391299][ T7288] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+eko[k<:0 is already present [ 184.179778][ T7408] Process accounting resumed [ 184.200010][ T7410] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek [ 185.172253][ T7442] dump_stack_lvl+0x16c/0x1f0 [ 185.172294][ T7442] should_fail_ex+0x512/0x640 [ 185.172316][ T7442] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 185.172342][ T7442] should_failslab+0xc2/0x120 [ 185.172371][ T7442] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 185.172394][ T7442] ? __pfx___might_resched+0x10/0x10 [ 185.172421][ T7442] ? sock_alloc_inode+0x25/0x1c0 [ 185.172455][ T7442] ? __pfx_sock_alloc_inode+0x10/0x10 [ 185.172482][ T7442] ? sock_alloc_inode+0x25/0x1c0 [ 185.172510][ T7442] sock_alloc_inode+0x25/0x1c0 [ 185.172538][ T7442] alloc_inode+0x64/0x240 [ 185.172559][ T7442] sock_alloc+0x40/0x280 [ 185.172587][ T7442] __sock_create+0xc2/0x8a0 [ 185.172609][ T7442] __sys_socket+0x14d/0x260 [ 185.172628][ T7442] ? __pfx___sys_socket+0x10/0x10 [ 185.172647][ T7442] ? xfd_validate_state+0x61/0x180 [ 185.172670][ T7442] __x64_sys_socket+0x72/0xb0 [ 185.172688][ T7442] ? lockdep_hardirqs_on+0x7c/0x110 [ 185.172718][ T7442] do_syscall_64+0xcd/0xf80 [ 185.172736][ T7442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.172755][ T7442] RIP: 0033:0x7f1ccbf8f7c9 [ 185.172769][ T7442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.172787][ T7442] RSP: 002b:00007f1cca1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 185.172804][ T7442] RAX: ffffffffffffffda RBX: 00007f1ccc1e6090 RCX: 00007f1ccbf8f7c9 [ 185.172817][ T7442] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 185.172827][ T7442] RBP: 00007f1ccc013f91 R08: 0000000000000000 R09: 0000000000000000 [ 185.172839][ T7442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 185.172850][ T7442] R13: 00007f1ccc1e6128 R14: 00007f1ccc1e6090 R15: 00007fff37c4e098 [ 185.172874][ T7442] [ 185.172882][ T7442] socket: no more sockets [ 185.489517][ T7450] netlink: 'syz.2.301': attribute type 10 has an invalid length. [ 186.675895][ T7473] netlink: 12 bytes leftover after parsing attributes in process `syz.1.304'. [ 187.162787][ T7480] FAULT_INJECTION: forcing a failure. [ 187.162787][ T7480] name failslab, interval 1, probability 0, space 0, times 0 [ 187.928299][ T7480] CPU: 0 UID: 0 PID: 7480 Comm: syz.1.308 Tainted: G L syzkaller #0 PREEMPT(full) [ 187.928334][ T7480] Tainted: [L]=SOFTLOCKUP [ 187.928341][ T7480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 187.928354][ T7480] Call Trace: [ 187.928361][ T7480] [ 187.928370][ T7480] dump_stack_lvl+0x16c/0x1f0 [ 187.928409][ T7480] should_fail_ex+0x512/0x640 [ 187.928434][ T7480] ? __kmalloc_node_track_caller_noprof+0xcb/0x930 [ 187.928470][ T7480] should_failslab+0xc2/0x120 [ 187.928504][ T7480] __kmalloc_node_track_caller_noprof+0xec/0x930 [ 187.928537][ T7480] ? kvasprintf_const+0x66/0x1a0 [ 187.928569][ T7480] ? kvasprintf+0xbc/0x150 [ 187.928592][ T7480] kvasprintf+0xbc/0x150 [ 187.928628][ T7480] ? __pfx_kvasprintf+0x10/0x10 [ 187.928654][ T7480] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 187.928685][ T7480] ? __debug_object_init+0x2de/0x3d0 [ 187.928721][ T7480] kvasprintf_const+0x66/0x1a0 [ 187.928757][ T7480] kobject_set_name_vargs+0x5a/0x140 [ 187.928779][ T7480] dev_set_name+0xc7/0x100 [ 187.928810][ T7480] ? __pfx_dev_set_name+0x10/0x10 [ 187.928843][ T7480] ? lockdep_init_map_type+0x5c/0x270 [ 187.928863][ T7480] ? __init_waitqueue_head+0xca/0x150 [ 187.928892][ T7480] wakeup_source_device_create+0x204/0x2e0 [ 187.928941][ T7480] wakeup_source_sysfs_add+0x1c/0x90 [ 187.928984][ T7480] wakeup_source_register+0x154/0x3e0 [ 187.929010][ T7480] ep_create_wakeup_source+0x1dd/0x2e0 [ 187.929044][ T7480] ? __pfx_ep_create_wakeup_source+0x10/0x10 [ 187.929079][ T7480] ? do_epoll_ctl+0x1565/0x3790 [ 187.929114][ T7480] do_epoll_ctl+0x1f60/0x3790 [ 187.929161][ T7480] ? __pfx_do_epoll_ctl+0x10/0x10 [ 187.929191][ T7480] ? find_held_lock+0x2b/0x80 [ 187.929215][ T7480] ? __might_fault+0xe3/0x190 [ 187.929236][ T7480] ? __might_fault+0xe3/0x190 [ 187.929267][ T7480] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 187.929298][ T7480] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 187.929330][ T7480] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 187.929369][ T7480] do_syscall_64+0xcd/0xf80 [ 187.929387][ T7480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.929407][ T7480] RIP: 0033:0x7f1ccbf8f7c9 [ 187.929422][ T7480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.929440][ T7480] RSP: 002b:00007f1cccd5b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 187.929459][ T7480] RAX: ffffffffffffffda RBX: 00007f1ccc1e5fa0 RCX: 00007f1ccbf8f7c9 [ 187.929472][ T7480] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000006 [ 187.929483][ T7480] RBP: 00007f1ccc013f91 R08: 0000000000000000 R09: 0000000000000000 [ 187.929494][ T7480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 187.929505][ T7480] R13: 00007f1ccc1e6038 R14: 00007f1ccc1e5fa0 R15: 00007fff37c4e098 [ 187.929530][ T7480] [ 188.657848][ T7494] futex_wake_op: syz.2.309 tries to shift op by -2048; fix this program [ 189.433451][ T7512] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ekl*[GCHFx^ĒPktkyve' [ 189.470715][ T7512] CIFS mount error: No usable UNC path provided in device string! [ 189.470715][ T7512] [ 189.481256][ T7512] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 190.160954][ T7521] FAULT_INJECTION: forcing a failure. [ 190.160954][ T7521] name failslab, interval 1, probability 0, space 0, times 0 [ 190.177039][ T7521] CPU: 0 UID: 0 PID: 7521 Comm: syz.3.316 Tainted: G L syzkaller #0 PREEMPT(full) [ 190.177069][ T7521] Tainted: [L]=SOFTLOCKUP [ 190.177075][ T7521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 190.177086][ T7521] Call Trace: [ 190.177092][ T7521] [ 190.177099][ T7521] dump_stack_lvl+0x16c/0x1f0 [ 190.177134][ T7521] should_fail_ex+0x512/0x640 [ 190.177156][ T7521] ? __kmalloc_node_track_caller_noprof+0xcb/0x930 [ 190.177188][ T7521] should_failslab+0xc2/0x120 [ 190.177220][ T7521] __kmalloc_node_track_caller_noprof+0xec/0x930 [ 190.177249][ T7521] ? snd_timer_instance_new+0x65/0x2e0 [ 190.177273][ T7521] ? kstrdup+0x53/0x100 [ 190.177293][ T7521] kstrdup+0x53/0x100 [ 190.177316][ T7521] snd_timer_instance_new+0x65/0x2e0 [ 190.177336][ T7521] __snd_timer_user_ioctl.isra.0+0x170b/0x27b0 [ 190.177361][ T7521] ? lock_acquire+0x179/0x330 [ 190.177379][ T7521] ? __pfx___snd_timer_user_ioctl.isra.0+0x10/0x10 [ 190.177404][ T7521] ? __pfx___might_resched+0x10/0x10 [ 190.177436][ T7521] ? rcu_is_watching+0x12/0xc0 [ 190.177468][ T7521] ? do_vfs_ioctl+0x128/0x14f0 [ 190.177490][ T7521] ? snd_timer_user_ioctl+0x4a/0xd0 [ 190.177512][ T7521] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 190.177537][ T7521] ? __pfx___mutex_lock+0x10/0x10 [ 190.177560][ T7521] ? find_held_lock+0x2b/0x80 [ 190.177596][ T7521] snd_timer_user_ioctl+0x76/0xd0 [ 190.177617][ T7521] ? __pfx_snd_timer_user_ioctl+0x10/0x10 [ 190.177641][ T7521] __x64_sys_ioctl+0x18e/0x210 [ 190.177666][ T7521] do_syscall_64+0xcd/0xf80 [ 190.177684][ T7521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.177704][ T7521] RIP: 0033:0x7f54d278f7c9 [ 190.177718][ T7521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.177737][ T7521] RSP: 002b:00007f54d3579038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 190.177755][ T7521] RAX: ffffffffffffffda RBX: 00007f54d29e5fa0 RCX: 00007f54d278f7c9 [ 190.177767][ T7521] RDX: 0000200000000080 RSI: 0000000040345410 RDI: 0000000000000003 [ 190.177779][ T7521] RBP: 00007f54d2813f91 R08: 0000000000000000 R09: 0000000000000000 [ 190.177790][ T7521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 190.177801][ T7521] R13: 00007f54d29e6038 R14: 00007f54d29e5fa0 R15: 00007ffcb660c1f8 [ 190.177827][ T7521] [ 190.602595][ T7526] netlink: 28 bytes leftover after parsing attributes in process `syz.2.317'. [ 193.711168][ T7591] futex_wake_op: syz.1.329 tries to shift op by -2048; fix this program [ 194.218852][ T7602] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 195.286564][ T7634] futex_wake_op: syz.3.339 tries to shift op by -2048; fix this program [ 196.711507][ T7675] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(16) [ 196.776736][ T7651] FAULT_INJECTION: forcing a failure. [ 196.776736][ T7651] name fail_futex, interval 1, probability 0, space 0, times 0 [ 196.874336][ T30] audit: type=1800 audit(1768377806.385:4): pid=7675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.346" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 196.922552][ T7651] CPU: 0 UID: 0 PID: 7651 Comm: syz.2.342 Tainted: G L syzkaller #0 PREEMPT(full) [ 196.922588][ T7651] Tainted: [L]=SOFTLOCKUP [ 196.922595][ T7651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 196.922606][ T7651] Call Trace: [ 196.922612][ T7651] [ 196.922620][ T7651] dump_stack_lvl+0x16c/0x1f0 [ 196.922655][ T7651] should_fail_ex+0x512/0x640 [ 196.922681][ T7651] get_futex_key+0x1d0/0x15f0 [ 196.922705][ T7651] ? __pfx_get_futex_key+0x10/0x10 [ 196.922734][ T7651] futex_wake+0xea/0x530 [ 196.922760][ T7651] ? kasan_quarantine_put+0x10a/0x240 [ 196.922788][ T7651] ? __pfx_futex_wake+0x10/0x10 [ 196.922817][ T7651] ? putname+0xf5/0x1a0 [ 196.922839][ T7651] do_futex+0x1e3/0x350 [ 196.922862][ T7651] ? __pfx_do_futex+0x10/0x10 [ 196.922890][ T7651] __x64_sys_futex+0x1e0/0x4c0 [ 196.922914][ T7651] ? __x64_sys_openat+0x174/0x210 [ 196.922936][ T7651] ? __pfx___x64_sys_futex+0x10/0x10 [ 196.922968][ T7651] do_syscall_64+0xcd/0xf80 [ 196.922987][ T7651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.923007][ T7651] RIP: 0033:0x7ff4d3d8f7c9 [ 196.923022][ T7651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.923040][ T7651] RSP: 002b:00007ff4d4ce00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 196.923058][ T7651] RAX: ffffffffffffffda RBX: 00007ff4d3fe5fa8 RCX: 00007ff4d3d8f7c9 [ 196.923070][ T7651] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff4d3fe5fac [ 196.923082][ T7651] RBP: 00007ff4d3fe5fa0 R08: 00007ff4d4ce1000 R09: 0000000000000000 [ 196.923094][ T7651] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 196.923106][ T7651] R13: 00007ff4d3fe6038 R14: 00007ffcdee3bd00 R15: 00007ffcdee3bde8 [ 196.923131][ T7651] [ 197.701556][ T7651] nvme_fabrics: missing parameter 'transport=%s' [ 197.760098][ T7651] nvme_fabrics: missing parameter 'nqn=%s' [ 198.647521][ T7704] zswap: compressor not available [ 198.951142][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 198.960603][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.416153][ T7723] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 199.513419][ T7725] sg_write: data in/out 3292/1 bytes for SCSI command 0xa3-- guessing data in; [ 199.513419][ T7725] program syz.1.357 not setting count and/or reply_len properly [ 199.667784][ T7721] FAULT_INJECTION: forcing a failure. [ 199.667784][ T7721] name failslab, interval 1, probability 0, space 0, times 0 [ 199.996915][ T7721] CPU: 0 UID: 0 PID: 7721 Comm: syz.2.355 Tainted: G L syzkaller #0 PREEMPT(full) [ 199.996947][ T7721] Tainted: [L]=SOFTLOCKUP [ 199.996954][ T7721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 199.996964][ T7721] Call Trace: [ 199.996971][ T7721] [ 199.996978][ T7721] dump_stack_lvl+0x16c/0x1f0 [ 199.997014][ T7721] should_fail_ex+0x512/0x640 [ 199.997036][ T7721] ? __kmalloc_cache_noprof+0x5f/0x800 [ 199.997061][ T7721] should_failslab+0xc2/0x120 [ 199.997092][ T7721] __kmalloc_cache_noprof+0x80/0x800 [ 199.997115][ T7721] ? acpi_ds_call_control_method+0x300/0xab0 [ 199.997140][ T7721] ? acpi_ds_call_control_method+0x300/0xab0 [ 199.997159][ T7721] acpi_ds_call_control_method+0x300/0xab0 [ 199.997182][ T7721] acpi_ps_parse_aml+0xab3/0x1170 [ 199.997211][ T7721] acpi_ps_execute_method+0x5c4/0xe90 [ 199.997243][ T7721] acpi_ns_evaluate+0x98c/0x16d0 [ 199.997277][ T7721] acpi_evaluate_object+0x4ca/0xdf0 [ 199.997298][ T7721] ? ksys_read+0x12a/0x250 [ 199.997329][ T7721] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 199.997353][ T7721] ? __pfx___might_resched+0x10/0x10 [ 199.997384][ T7721] acpi_evaluate_integer+0xdd/0x230 [ 199.997421][ T7721] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 199.997465][ T7721] ? __pfx_status_show+0x10/0x10 [ 199.997504][ T7721] status_show+0xa0/0x120 [ 199.997525][ T7721] ? __pfx_status_show+0x10/0x10 [ 199.997554][ T7721] dev_attr_show+0x56/0xe0 [ 199.997584][ T7721] ? __pfx_dev_attr_show+0x10/0x10 [ 199.997612][ T7721] sysfs_kf_seq_show+0x216/0x3e0 [ 199.997638][ T7721] seq_read_iter+0x50e/0x12d0 [ 199.997678][ T7721] kernfs_fop_read_iter+0x46c/0x610 [ 199.997711][ T7721] ? rw_verify_area+0xcf/0x6c0 [ 199.997739][ T7721] vfs_read+0x8bf/0xcf0 [ 199.997774][ T7721] ? __pfx_vfs_read+0x10/0x10 [ 199.997820][ T7721] ksys_read+0x12a/0x250 [ 199.997849][ T7721] ? __pfx_ksys_read+0x10/0x10 [ 199.997886][ T7721] do_syscall_64+0xcd/0xf80 [ 199.997906][ T7721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.997927][ T7721] RIP: 0033:0x7ff4d3d8f7c9 [ 199.997944][ T7721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.997967][ T7721] RSP: 002b:00007ff4d4c9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 199.997985][ T7721] RAX: ffffffffffffffda RBX: 00007ff4d3fe6180 RCX: 00007ff4d3d8f7c9 [ 199.997999][ T7721] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000007 [ 199.998012][ T7721] RBP: 00007ff4d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 199.998024][ T7721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 199.998036][ T7721] R13: 00007ff4d3fe6218 R14: 00007ff4d3fe6180 R15: 00007ffcdee3bde8 [ 199.998063][ T7721] [ 200.267122][ T7721] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20250807/psparse-529) [ 200.774492][ T7740] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 200.787742][ T7740] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 200.807669][ T7740] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 200.817711][ T7740] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 201.968427][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 202.843940][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 202.927445][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 202.933530][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 203.149639][ T7785] netlink: 'syz.0.370': attribute type 64 has an invalid length. [ 203.195388][ T7785] netlink: 74 bytes leftover after parsing attributes in process `syz.0.370'. [ 204.241846][ T7786] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 204.297147][ T7786] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 204.337546][ T7786] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 204.447858][ T7786] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 205.145942][ T7830] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 205.540924][ T7840] Invalid ELF header magic: != ELF [ 205.708917][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 206.355426][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 206.361469][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 206.505204][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 206.677339][ T7858] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(16) [ 206.864883][ T30] audit: type=1800 audit(1768377816.437:5): pid=7864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.387" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 207.768061][ T7887] futex_wake_op: syz.2.392 tries to shift op by -2048; fix this program [ 209.188586][ T7908] netlink: 'syz.1.397': attribute type 64 has an invalid length. [ 209.238175][ T7908] netlink: 74 bytes leftover after parsing attributes in process `syz.1.397'. [ 209.998624][ T7924] FAULT_INJECTION: forcing a failure. [ 209.998624][ T7924] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 210.104308][ T7924] CPU: 0 UID: 0 PID: 7924 Comm: syz.1.400 Tainted: G L syzkaller #0 PREEMPT(full) [ 210.104339][ T7924] Tainted: [L]=SOFTLOCKUP [ 210.104346][ T7924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 210.104357][ T7924] Call Trace: [ 210.104363][ T7924] [ 210.104371][ T7924] dump_stack_lvl+0x16c/0x1f0 [ 210.104406][ T7924] should_fail_ex+0x512/0x640 [ 210.104433][ T7924] copy_fpstate_to_sigframe+0x827/0xad0 [ 210.104467][ T7924] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 210.104503][ T7924] ? collect_signal+0x263/0x540 [ 210.104521][ T7924] ? x86_task_fpu+0x5f/0x90 [ 210.104547][ T7924] get_sigframe+0x4a8/0x9c0 [ 210.104576][ T7924] ? __pfx_get_sigframe+0x10/0x10 [ 210.104602][ T7924] ? rcu_is_watching+0x12/0xc0 [ 210.104629][ T7924] ? _raw_spin_unlock_irq+0x23/0x50 [ 210.104657][ T7924] ? siginfo_layout+0x177/0x290 [ 210.104684][ T7924] x64_setup_rt_frame+0x129/0xcf0 [ 210.104716][ T7924] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 210.104749][ T7924] ? __do_sys_flock+0xd5/0x520 [ 210.104779][ T7924] ? __pfx___do_sys_flock+0x10/0x10 [ 210.104810][ T7924] arch_do_signal_or_restart+0x5c2/0x7a0 [ 210.104839][ T7924] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 210.104880][ T7924] exit_to_user_mode_loop+0x8c/0x540 [ 210.104908][ T7924] do_syscall_64+0x4ee/0xf80 [ 210.104927][ T7924] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.104946][ T7924] RIP: 0033:0x7f1ccbf8f7c7 [ 210.104961][ T7924] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 210.104979][ T7924] RSP: 002b:00007f1cccd5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049 [ 210.104997][ T7924] RAX: 0000000000000049 RBX: 00007f1ccc1e5fa0 RCX: 00007f1ccbf8f7c9 [ 210.105009][ T7924] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000000c [ 210.105020][ T7924] RBP: 00007f1ccc013f91 R08: 0000000000000000 R09: 0000000000000000 [ 210.105031][ T7924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 210.105042][ T7924] R13: 00007f1ccc1e6038 R14: 00007f1ccc1e5fa0 R15: 00007fff37c4e098 [ 210.105067][ T7924] [ 210.862780][ T7947] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 210.862780][ T7947] M' is too long [ 210.933267][ T7947] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 210.933267][ T7947] W ' is too long [ 211.860734][ T7954] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 211.970222][ T7954] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 212.037012][ T7954] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 212.100096][ T7954] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 212.974516][ T7993] netlink: 1644 bytes leftover after parsing attributes in process `syz.2.413'. [ 213.209903][ T7998] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 213.509999][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 213.864042][ T8012] futex_wake_op: syz.1.418 tries to shift op by -2048; fix this program [ 213.985686][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 214.038335][ T8012] Process accounting paused [ 214.067414][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 214.145037][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 214.576321][ T8025] hub 1-0:1.0: USB hub found [ 214.619243][ T8025] hub 1-0:1.0: 1 port detected [ 214.765333][ T8026] hub 1-0:1.0: USB hub found [ 214.832041][ T8026] hub 1-0:1.0: 1 port detected [ 215.822313][ T8051] Invalid ELF header magic: != ELF [ 216.185015][ T8067] nbd: couldn't find device at index 33904 [ 216.226666][ T8069] futex_wake_op: syz.2.429 tries to shift op by -2048; fix this program [ 216.287798][ T8071] netlink: 13 bytes leftover after parsing attributes in process `syz.0.428'. [ 216.583197][ T8076] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 216.583197][ T8076] M' is too long [ 216.633027][ T8076] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 216.633027][ T8076] W ' is too long [ 216.820952][ T8084] futex_wake_op: syz.1.432 tries to shift op by -2048; fix this program [ 217.392226][ T8086] XFS: Clearing xfsstats [ 219.169402][ T8131] futex_wake_op: syz.3.443 tries to shift op by -2048; fix this program [ 219.382828][ T8135] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 219.846876][ T8137] Invalid ELF header magic: != ELF [ 221.009252][ T8161] bond0: option all_slaves_active: invalid value () [ 221.059088][ T8158] bond0: option all_slaves_active: invalid value () [ 221.077265][ T8160] bond0: option all_slaves_active: invalid value () [ 222.070367][ T8195] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 222.070367][ T8195] M' is too long [ 222.106668][ T8195] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 222.106668][ T8195] W ' is too long [ 222.429910][ T8205] FAULT_INJECTION: forcing a failure. [ 222.429910][ T8205] name failslab, interval 1, probability 0, space 0, times 0 [ 222.494846][ T8205] CPU: 0 UID: 0 PID: 8205 Comm: syz.1.460 Tainted: G L syzkaller #0 PREEMPT(full) [ 222.494877][ T8205] Tainted: [L]=SOFTLOCKUP [ 222.494883][ T8205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 222.494894][ T8205] Call Trace: [ 222.494901][ T8205] [ 222.494908][ T8205] dump_stack_lvl+0x16c/0x1f0 [ 222.494942][ T8205] should_fail_ex+0x512/0x640 [ 222.494964][ T8205] ? __kmalloc_cache_noprof+0x5f/0x800 [ 222.494995][ T8205] should_failslab+0xc2/0x120 [ 222.495025][ T8205] __kmalloc_cache_noprof+0x80/0x800 [ 222.495047][ T8205] ? vb2_vmalloc_alloc+0xf9/0x410 [ 222.495075][ T8205] ? vb2_vmalloc_alloc+0xf9/0x410 [ 222.495097][ T8205] vb2_vmalloc_alloc+0xf9/0x410 [ 222.495121][ T8205] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 222.495144][ T8205] __vb2_queue_alloc+0x8c9/0x1280 [ 222.495177][ T8205] vb2_core_reqbufs+0xa90/0xfe0 [ 222.495204][ T8205] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 222.495239][ T8205] __vb2_init_fileio+0x3f1/0x1100 [ 222.495260][ T8205] ? lockdep_hardirqs_on+0x7c/0x110 [ 222.495290][ T8205] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 222.495319][ T8205] ? __pollwait+0x271/0x460 [ 222.495346][ T8205] vb2_core_poll+0x5ec/0x700 [ 222.495370][ T8205] vb2_poll+0x4b/0xe0 [ 222.495389][ T8205] vb2_fop_poll+0x10f/0x2c0 [ 222.495410][ T8205] ? __pfx_vb2_fop_poll+0x10/0x10 [ 222.495429][ T8205] v4l2_poll+0x163/0x320 [ 222.495456][ T8205] ? __pfx_v4l2_poll+0x10/0x10 [ 222.495480][ T8205] do_sys_poll+0x55c/0xdf0 [ 222.495514][ T8205] ? __pfx_do_sys_poll+0x10/0x10 [ 222.495561][ T8205] ? preempt_schedule_common+0x44/0xc0 [ 222.495590][ T8205] ? __pfx___pollwait+0x10/0x10 [ 222.495618][ T8205] ? __pfx_pollwake+0x10/0x10 [ 222.495678][ T8205] ? __pfx_timespec64_add_safe+0x10/0x10 [ 222.495699][ T8205] ? ktime_get_ts64+0x2d2/0x400 [ 222.495719][ T8205] ? read_tsc+0x9/0x20 [ 222.495743][ T8205] ? ktime_get_ts64+0x256/0x400 [ 222.495768][ T8205] __x64_sys_poll+0x1a6/0x450 [ 222.495794][ T8205] ? __pfx___x64_sys_poll+0x10/0x10 [ 222.495827][ T8205] do_syscall_64+0xcd/0xf80 [ 222.495846][ T8205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.495865][ T8205] RIP: 0033:0x7f1ccbf8f7c9 [ 222.495879][ T8205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.495897][ T8205] RSP: 002b:00007f1cca1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 222.495914][ T8205] RAX: ffffffffffffffda RBX: 00007f1ccc1e6090 RCX: 00007f1ccbf8f7c9 [ 222.495927][ T8205] RDX: 0000000000000008 RSI: 0000000000000009 RDI: 0000200000000480 [ 222.495938][ T8205] RBP: 00007f1ccc013f91 R08: 0000000000000000 R09: 0000000000000000 [ 222.495949][ T8205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 222.495960][ T8205] R13: 00007f1ccc1e6128 R14: 00007f1ccc1e6090 R15: 00007fff37c4e098 [ 222.495989][ T8205] [ 223.835296][ T8223] netlink: 32 bytes leftover after parsing attributes in process `syz.0.462'. [ 224.627695][ T8232] netlink: 4 bytes leftover after parsing attributes in process `syz.2.464'. [ 226.083795][ T8276] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 226.504991][ T8280] XFS: Clearing xfsstats [ 227.004285][ T8285] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 227.105505][ T8285] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 227.115133][ T8285] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 227.155643][ T8285] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 228.789854][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 229.107708][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 229.113781][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 229.186708][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 229.332286][ T8352] FAULT_INJECTION: forcing a failure. [ 229.332286][ T8352] name failslab, interval 1, probability 0, space 0, times 0 [ 229.441938][ T8352] CPU: 0 UID: 0 PID: 8352 Comm: syz.1.489 Tainted: G L syzkaller #0 PREEMPT(full) [ 229.441970][ T8352] Tainted: [L]=SOFTLOCKUP [ 229.441976][ T8352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 229.441987][ T8352] Call Trace: [ 229.441994][ T8352] [ 229.442001][ T8352] dump_stack_lvl+0x16c/0x1f0 [ 229.442036][ T8352] should_fail_ex+0x512/0x640 [ 229.442058][ T8352] ? kmem_cache_alloc_noprof+0x62/0x770 [ 229.442085][ T8352] should_failslab+0xc2/0x120 [ 229.442115][ T8352] kmem_cache_alloc_noprof+0x83/0x770 [ 229.442138][ T8352] ? seq_open+0x55/0x170 [ 229.442163][ T8352] ? seq_open+0x55/0x170 [ 229.442183][ T8352] seq_open+0x55/0x170 [ 229.442204][ T8352] __seq_open_private+0x3e/0xd0 [ 229.442229][ T8352] pid_maps_open+0x29/0xf0 [ 229.442249][ T8352] do_dentry_open+0x748/0x1590 [ 229.442277][ T8352] ? __pfx_pid_maps_open+0x10/0x10 [ 229.442301][ T8352] vfs_open+0x82/0x3f0 [ 229.442324][ T8352] path_openat+0x2078/0x3140 [ 229.442361][ T8352] ? __pfx_path_openat+0x10/0x10 [ 229.442399][ T8352] do_filp_open+0x20b/0x470 [ 229.442429][ T8352] ? __pfx_do_filp_open+0x10/0x10 [ 229.442466][ T8352] ? __pfx_kfree_link+0x10/0x10 [ 229.442496][ T8352] ? alloc_fd+0x471/0x7d0 [ 229.442531][ T8352] do_sys_openat2+0x121/0x290 [ 229.442559][ T8352] ? __pfx_do_sys_openat2+0x10/0x10 [ 229.442591][ T8352] __x64_sys_openat+0x174/0x210 [ 229.442613][ T8352] ? __pfx___x64_sys_openat+0x10/0x10 [ 229.442645][ T8352] do_syscall_64+0xcd/0xf80 [ 229.442665][ T8352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.442684][ T8352] RIP: 0033:0x7f1ccbf8f7c9 [ 229.442699][ T8352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.442717][ T8352] RSP: 002b:00007f1cccd5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 229.442735][ T8352] RAX: ffffffffffffffda RBX: 00007f1ccc1e5fa0 RCX: 00007f1ccbf8f7c9 [ 229.442748][ T8352] RDX: 0000000000000840 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 229.442760][ T8352] RBP: 00007f1ccc013f91 R08: 0000000000000000 R09: 0000000000000000 [ 229.442771][ T8352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.442782][ T8352] R13: 00007f1ccc1e6038 R14: 00007f1ccc1e5fa0 R15: 00007fff37c4e098 [ 229.442807][ T8352] [ 230.203555][ T8363] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 230.396610][ T8367] FAULT_INJECTION: forcing a failure. [ 230.396610][ T8367] name failslab, interval 1, probability 0, space 0, times 0 [ 230.427793][ T8367] CPU: 0 UID: 0 PID: 8367 Comm: syz.0.491 Tainted: G L syzkaller #0 PREEMPT(full) [ 230.427825][ T8367] Tainted: [L]=SOFTLOCKUP [ 230.427837][ T8367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 230.427849][ T8367] Call Trace: [ 230.427855][ T8367] [ 230.427863][ T8367] dump_stack_lvl+0x16c/0x1f0 [ 230.427900][ T8367] should_fail_ex+0x512/0x640 [ 230.427924][ T8367] ? __kmalloc_cache_noprof+0x5f/0x800 [ 230.427950][ T8367] should_failslab+0xc2/0x120 [ 230.427982][ T8367] __kmalloc_cache_noprof+0x80/0x800 [ 230.428006][ T8367] ? kobject_uevent_env+0x265/0x1920 [ 230.428034][ T8367] ? kobject_uevent_env+0x265/0x1920 [ 230.428058][ T8367] kobject_uevent_env+0x265/0x1920 [ 230.428081][ T8367] ? __pfx_dev_uevent_name+0x10/0x10 [ 230.428103][ T8367] ? __pfx_dentry_path_raw+0x10/0x10 [ 230.428127][ T8367] ? kvm_uevent_notify_change.part.0+0x32d/0x450 [ 230.428164][ T8367] kvm_uevent_notify_change.part.0+0x3ae/0x450 [ 230.428196][ T8367] ? __pfx_kvm_vm_release+0x10/0x10 [ 230.428222][ T8367] kvm_put_kvm+0xe3/0xb00 [ 230.428247][ T8367] ? lockdep_hardirqs_on+0x7c/0x110 [ 230.428279][ T8367] ? _raw_spin_unlock_irq+0x2e/0x50 [ 230.428311][ T8367] ? __pfx_kvm_vm_release+0x10/0x10 [ 230.428336][ T8367] kvm_vm_release+0x3c/0x50 [ 230.428361][ T8367] __fput+0x402/0xb70 [ 230.428383][ T8367] ? _raw_spin_unlock_irq+0x23/0x50 [ 230.428415][ T8367] task_work_run+0x150/0x240 [ 230.428438][ T8367] ? __pfx_task_work_run+0x10/0x10 [ 230.428458][ T8367] ? __do_sys_close_range+0x278/0x730 [ 230.428498][ T8367] exit_to_user_mode_loop+0xfb/0x540 [ 230.428527][ T8367] do_syscall_64+0x4ee/0xf80 [ 230.428547][ T8367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.428567][ T8367] RIP: 0033:0x7f7553d8f7c9 [ 230.428583][ T8367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.428602][ T8367] RSP: 002b:00007f7554b94038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 230.428621][ T8367] RAX: 0000000000000000 RBX: 00007f7553fe5fa0 RCX: 00007f7553d8f7c9 [ 230.428634][ T8367] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 230.428646][ T8367] RBP: 00007f7553e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 230.428669][ T8367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 230.428681][ T8367] R13: 00007f7553fe6038 R14: 00007f7553fe5fa0 R15: 00007ffd29eaec08 [ 230.428705][ T8367] [ 231.693584][ T8379] __vm_enough_memory: pid: 8379, comm: syz.0.494, bytes: 4398046511104 not enough memory for the allocation [ 233.959080][ T8449] FAULT_INJECTION: forcing a failure. [ 233.959080][ T8449] name failslab, interval 1, probability 0, space 0, times 0 [ 234.043122][ T8449] CPU: 0 UID: 0 PID: 8449 Comm: syz.0.508 Tainted: G L syzkaller #0 PREEMPT(full) [ 234.043155][ T8449] Tainted: [L]=SOFTLOCKUP [ 234.043162][ T8449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 234.043173][ T8449] Call Trace: [ 234.043180][ T8449] [ 234.043187][ T8449] dump_stack_lvl+0x16c/0x1f0 [ 234.043223][ T8449] should_fail_ex+0x512/0x640 [ 234.043249][ T8449] should_failslab+0xc2/0x120 [ 234.043288][ T8449] __kmalloc_cache_noprof+0x80/0x800 [ 234.043311][ T8449] ? sctp_add_bind_addr+0xae/0x3f0 [ 234.043343][ T8449] ? sctp_add_bind_addr+0xae/0x3f0 [ 234.043369][ T8449] sctp_add_bind_addr+0xae/0x3f0 [ 234.043399][ T8449] sctp_copy_local_addr_list+0x349/0x550 [ 234.043434][ T8449] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 234.043468][ T8449] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 234.043501][ T8449] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 234.043534][ T8449] sctp_bind_addr_copy+0xe0/0x530 [ 234.043567][ T8449] sctp_connect_new_asoc+0x1c9/0x770 [ 234.043591][ T8449] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 234.043619][ T8449] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 234.043651][ T8449] sctp_sendmsg+0x157c/0x1e20 [ 234.043680][ T8449] ? __pfx_sctp_sendmsg+0x10/0x10 [ 234.043701][ T8449] ? __pfx___might_resched+0x10/0x10 [ 234.043728][ T8449] ? __lock_acquire+0x436/0x2890 [ 234.043749][ T8449] ? aa_sk_perm+0x2f2/0xae0 [ 234.043775][ T8449] ? __pfx_aa_sk_perm+0x10/0x10 [ 234.043805][ T8449] ? __pfx_sctp_sendmsg+0x10/0x10 [ 234.043829][ T8449] inet_sendmsg+0x11c/0x140 [ 234.043858][ T8449] ____sys_sendmsg+0x973/0xc30 [ 234.043880][ T8449] ? __pfx_____sys_sendmsg+0x10/0x10 [ 234.043901][ T8449] ? find_held_lock+0x2b/0x80 [ 234.043926][ T8449] ? futex_unqueue+0x133/0x2c0 [ 234.043951][ T8449] ___sys_sendmsg+0x134/0x1d0 [ 234.043979][ T8449] ? __pfx____sys_sendmsg+0x10/0x10 [ 234.044006][ T8449] ? __pfx___futex_wait+0x10/0x10 [ 234.044042][ T8449] ? find_held_lock+0x2b/0x80 [ 234.044082][ T8449] __sys_sendmmsg+0x200/0x420 [ 234.044112][ T8449] ? __pfx___sys_sendmmsg+0x10/0x10 [ 234.044146][ T8449] ? __pfx_do_futex+0x10/0x10 [ 234.044177][ T8449] ? __x64_sys_openat+0x174/0x210 [ 234.044202][ T8449] ? xfd_validate_state+0x61/0x180 [ 234.044225][ T8449] __x64_sys_sendmmsg+0x9c/0x100 [ 234.044251][ T8449] ? lockdep_hardirqs_on+0x7c/0x110 [ 234.044286][ T8449] do_syscall_64+0xcd/0xf80 [ 234.044305][ T8449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.044324][ T8449] RIP: 0033:0x7f7553d8f7c9 [ 234.044339][ T8449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.044358][ T8449] RSP: 002b:00007f7554b94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 234.044375][ T8449] RAX: ffffffffffffffda RBX: 00007f7553fe5fa0 RCX: 00007f7553d8f7c9 [ 234.044388][ T8449] RDX: 0000000000000008 RSI: 0000200000000140 RDI: 0000000000000003 [ 234.044399][ T8449] RBP: 00007f7553e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 234.044411][ T8449] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 234.044422][ T8449] R13: 00007f7553fe6038 R14: 00007f7553fe5fa0 R15: 00007ffd29eaec08 [ 234.044448][ T8449] [ 234.048933][ T52] Bluetooth: hci3: unexpected subevent 0x03 length: 253 > 9 [ 234.573301][ T8453] nvme_fabrics: unknown parameter or missing value '@' in ctrl creation request [ 234.629954][ T8455] futex_wake_op: syz.0.509 tries to shift op by -2048; fix this program [ 234.677463][ T8455] FAULT_INJECTION: forcing a failure. [ 234.677463][ T8455] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 234.707941][ T8457] futex_wake_op: syz.3.510 tries to shift op by -2048; fix this program [ 234.761986][ T8455] CPU: 0 UID: 0 PID: 8455 Comm: syz.0.509 Tainted: G L syzkaller #0 PREEMPT(full) [ 234.762017][ T8455] Tainted: [L]=SOFTLOCKUP [ 234.762023][ T8455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 234.762034][ T8455] Call Trace: [ 234.762040][ T8455] [ 234.762047][ T8455] dump_stack_lvl+0x16c/0x1f0 [ 234.762084][ T8455] should_fail_ex+0x512/0x640 [ 234.762110][ T8455] should_fail_alloc_page+0xe7/0x130 [ 234.762141][ T8455] prepare_alloc_pages+0x401/0x670 [ 234.762171][ T8455] ? bpf_ksym_find+0x124/0x1c0 [ 234.762192][ T8455] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 234.762219][ T8455] ? __kernel_text_address+0xd/0x40 [ 234.762240][ T8455] ? unwind_get_return_address+0x59/0xa0 [ 234.762273][ T8455] ? arch_stack_walk+0xa6/0x100 [ 234.762302][ T8455] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 234.762327][ T8455] ? stack_trace_save+0x8e/0xc0 [ 234.762356][ T8455] ? __pfx_stack_trace_save+0x10/0x10 [ 234.762395][ T8455] ? find_held_lock+0x2b/0x80 [ 234.762418][ T8455] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 234.762449][ T8455] ? policy_nodemask+0xea/0x4e0 [ 234.762479][ T8455] alloc_pages_mpol+0x1fb/0x550 [ 234.762509][ T8455] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 234.762544][ T8455] folio_alloc_mpol_noprof+0x36/0x2f0 [ 234.762565][ T8455] vma_alloc_folio_noprof+0xed/0x1e0 [ 234.762585][ T8455] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 234.762612][ T8455] do_anonymous_page+0xc81/0x2190 [ 234.762641][ T8455] __handle_mm_fault+0x1ecf/0x2bb0 [ 234.762667][ T8455] ? __pfx___handle_mm_fault+0x10/0x10 [ 234.762701][ T8455] ? find_vma+0xbf/0x140 [ 234.762726][ T8455] ? __pfx_find_vma+0x10/0x10 [ 234.762754][ T8455] handle_mm_fault+0x3fe/0xad0 [ 234.762779][ T8455] do_user_addr_fault+0x7a6/0x1370 [ 234.762803][ T8455] ? rcu_is_watching+0x12/0xc0 [ 234.762832][ T8455] exc_page_fault+0x64/0xc0 [ 234.762862][ T8455] asm_exc_page_fault+0x26/0x30 [ 234.762880][ T8455] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 234.762904][ T8455] Code: e9 14 81 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f [ 234.762921][ T8455] RSP: 0018:ffffc9000b427ad8 EFLAGS: 00050202 [ 234.762935][ T8455] RAX: 0000000000000035 RBX: 0000000000000004 RCX: 0000000000000004 [ 234.762947][ T8455] RDX: ffffed100630d001 RSI: ffff888031868000 RDI: 0000200000001080 [ 234.762959][ T8455] RBP: 0000200000001080 R08: 0000000000000000 R09: ffffed100630d000 [ 234.762970][ T8455] R10: ffff888031868003 R11: ffff88807db54830 R12: ffffc9000b427d90 [ 234.762982][ T8455] R13: 0000200000001084 R14: ffff888031868000 R15: 00007ffffffff000 [ 234.763007][ T8455] _copy_to_iter+0x383/0x1710 [ 234.763029][ T8455] ? __mutex_unlock_slowpath+0x161/0x790 [ 234.763051][ T8455] ? __pfx__copy_to_iter+0x10/0x10 [ 234.763072][ T8455] ? kernfs_seq_stop+0xcd/0x120 [ 234.763104][ T8455] ? kernfs_put_active+0x86/0xe0 [ 234.763131][ T8455] seq_read_iter+0xd02/0x12d0 [ 234.763167][ T8455] kernfs_fop_read_iter+0x46c/0x610 [ 234.763197][ T8455] ? rw_verify_area+0xcf/0x6c0 [ 234.763224][ T8455] vfs_read+0x8bf/0xcf0 [ 234.763259][ T8455] ? __pfx_vfs_read+0x10/0x10 [ 234.763301][ T8455] ksys_read+0x12a/0x250 [ 234.763327][ T8455] ? __pfx_ksys_read+0x10/0x10 [ 234.763361][ T8455] do_syscall_64+0xcd/0xf80 [ 234.763379][ T8455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.763397][ T8455] RIP: 0033:0x7f7553d8f7c9 [ 234.763411][ T8455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.763428][ T8455] RSP: 002b:00007f7554b94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 234.763445][ T8455] RAX: ffffffffffffffda RBX: 00007f7553fe5fa0 RCX: 00007f7553d8f7c9 [ 234.763457][ T8455] RDX: 000000000000102f RSI: 0000200000001080 RDI: 0000000000000005 [ 234.763468][ T8455] RBP: 00007f7554b94090 R08: 0000000000000000 R09: 0000000000000000 [ 234.763479][ T8455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.763490][ T8455] R13: 00007f7553fe6038 R14: 00007f7553fe5fa0 R15: 00007ffd29eaec08 [ 234.763516][ T8455] [ 235.278660][ T8461] futex_wake_op: syz.3.512 tries to shift op by -2048; fix this program [ 236.209469][ T8488] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 237.708674][ T52] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 237.962490][ T8514] futex_wake_op: syz.1.522 tries to shift op by -2048; fix this program [ 238.001299][ T8514] FAULT_INJECTION: forcing a failure. [ 238.001299][ T8514] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 238.070713][ T8514] CPU: 0 UID: 0 PID: 8514 Comm: syz.1.522 Tainted: G L syzkaller #0 PREEMPT(full) [ 238.070746][ T8514] Tainted: [L]=SOFTLOCKUP [ 238.070754][ T8514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 238.070766][ T8514] Call Trace: [ 238.070772][ T8514] [ 238.070780][ T8514] dump_stack_lvl+0x16c/0x1f0 [ 238.070818][ T8514] should_fail_ex+0x512/0x640 [ 238.070847][ T8514] _copy_to_user+0x32/0xd0 [ 238.070873][ T8514] simple_read_from_buffer+0xcb/0x170 [ 238.070906][ T8514] proc_fail_nth_read+0x197/0x240 [ 238.070943][ T8514] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 238.070980][ T8514] ? rw_verify_area+0xcf/0x6c0 [ 238.071007][ T8514] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 238.071043][ T8514] vfs_read+0x1e4/0xcf0 [ 238.071081][ T8514] ? __pfx___mutex_lock+0x10/0x10 [ 238.071105][ T8514] ? __pfx_vfs_read+0x10/0x10 [ 238.071142][ T8514] ? __fget_files+0x20e/0x3c0 [ 238.071180][ T8514] ksys_read+0x12a/0x250 [ 238.071210][ T8514] ? __pfx_ksys_read+0x10/0x10 [ 238.071248][ T8514] do_syscall_64+0xcd/0xf80 [ 238.071273][ T8514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.071295][ T8514] RIP: 0033:0x7f1ccbf8e1dc [ 238.071313][ T8514] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 238.071333][ T8514] RSP: 002b:00007f1cccd5b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 238.071353][ T8514] RAX: ffffffffffffffda RBX: 00007f1ccc1e5fa0 RCX: 00007f1ccbf8e1dc [ 238.071367][ T8514] RDX: 000000000000000f RSI: 00007f1cccd5b0a0 RDI: 0000000000000008 [ 238.071379][ T8514] RBP: 00007f1cccd5b090 R08: 0000000000000000 R09: 0000000000000000 [ 238.071392][ T8514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.071404][ T8514] R13: 00007f1ccc1e6038 R14: 00007f1ccc1e5fa0 R15: 00007fff37c4e098 [ 238.071432][ T8514] [ 239.656499][ T8542] futex_wake_op: syz.2.529 tries to shift op by -2048; fix this program [ 240.443006][ T8569] netlink: 28 bytes leftover after parsing attributes in process `syz.0.535'. [ 240.519531][ T8569] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.702461][ T8569] bridge_slave_1 (unregistering): left allmulticast mode [ 240.736574][ T8569] bridge_slave_1 (unregistering): left promiscuous mode [ 240.757144][ T8569] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.684683][ T8596] netlink: 28 bytes leftover after parsing attributes in process `syz.1.540'. [ 241.778024][ T52] Bluetooth: hci3: unexpected event 0x23 length: 127 > 13 [ 242.046689][ T8596] bond0: (slave bond_slave_1): Releasing backup interface [ 243.915181][ T8633] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 244.373238][ T8629] Process accounting resumed [ 244.615356][ T8648] futex_wake_op: syz.0.551 tries to shift op by -2048; fix this program [ 245.648421][ T8662] program syz.1.555 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 245.703123][ T8661] program syz.1.555 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 245.740232][ T8661] FAULT_INJECTION: forcing a failure. [ 245.740232][ T8661] name failslab, interval 1, probability 0, space 0, times 0 [ 245.790352][ T8661] CPU: 0 UID: 0 PID: 8661 Comm: syz.1.555 Tainted: G L syzkaller #0 PREEMPT(full) [ 245.790382][ T8661] Tainted: [L]=SOFTLOCKUP [ 245.790388][ T8661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 245.790410][ T8661] Call Trace: [ 245.790417][ T8661] [ 245.790424][ T8661] dump_stack_lvl+0x16c/0x1f0 [ 245.790460][ T8661] should_fail_ex+0x512/0x640 [ 245.790485][ T8661] should_failslab+0xc2/0x120 [ 245.790516][ T8661] __kmalloc_cache_noprof+0x80/0x800 [ 245.790538][ T8661] ? sctp_add_bind_addr+0xae/0x3f0 [ 245.790576][ T8661] ? sctp_add_bind_addr+0xae/0x3f0 [ 245.790601][ T8661] sctp_add_bind_addr+0xae/0x3f0 [ 245.790631][ T8661] sctp_copy_local_addr_list+0x349/0x550 [ 245.790665][ T8661] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 245.790698][ T8661] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 245.790730][ T8661] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 245.790762][ T8661] sctp_bind_addr_copy+0xe0/0x530 [ 245.790794][ T8661] sctp_connect_new_asoc+0x1c9/0x770 [ 245.790818][ T8661] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 245.790845][ T8661] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 245.790876][ T8661] sctp_sendmsg+0x157c/0x1e20 [ 245.790905][ T8661] ? __pfx_sctp_sendmsg+0x10/0x10 [ 245.790925][ T8661] ? __pfx___might_resched+0x10/0x10 [ 245.790950][ T8661] ? do_user_addr_fault+0x843/0x1370 [ 245.790977][ T8661] ? aa_sk_perm+0x2f2/0xae0 [ 245.791003][ T8661] ? __pfx_aa_sk_perm+0x10/0x10 [ 245.791032][ T8661] ? __pfx_sctp_sendmsg+0x10/0x10 [ 245.791055][ T8661] inet_sendmsg+0x11c/0x140 [ 245.791080][ T8661] ____sys_sendmsg+0x973/0xc30 [ 245.791101][ T8661] ? __pfx_____sys_sendmsg+0x10/0x10 [ 245.791122][ T8661] ? find_held_lock+0x2b/0x80 [ 245.791147][ T8661] ? futex_unqueue+0x133/0x2c0 [ 245.791171][ T8661] ___sys_sendmsg+0x134/0x1d0 [ 245.791197][ T8661] ? __pfx____sys_sendmsg+0x10/0x10 [ 245.791223][ T8661] ? __pfx___futex_wait+0x10/0x10 [ 245.791258][ T8661] ? find_held_lock+0x2b/0x80 [ 245.791297][ T8661] __sys_sendmmsg+0x200/0x420 [ 245.791325][ T8661] ? __pfx___sys_sendmmsg+0x10/0x10 [ 245.791349][ T8661] ? __lock_acquire+0x436/0x2890 [ 245.791372][ T8661] ? __pfx_do_futex+0x10/0x10 [ 245.791403][ T8661] ? __local_bh_enable_ip+0xa4/0x120 [ 245.791432][ T8661] ? xfd_validate_state+0x61/0x180 [ 245.791454][ T8661] __x64_sys_sendmmsg+0x9c/0x100 [ 245.791479][ T8661] ? lockdep_hardirqs_on+0x7c/0x110 [ 245.791509][ T8661] do_syscall_64+0xcd/0xf80 [ 245.791527][ T8661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.791549][ T8661] RIP: 0033:0x7f1ccbf8f7c9 [ 245.791567][ T8661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.791585][ T8661] RSP: 002b:00007f1cccd5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 245.791602][ T8661] RAX: ffffffffffffffda RBX: 00007f1ccc1e5fa0 RCX: 00007f1ccbf8f7c9 [ 245.791614][ T8661] RDX: 0000000000000005 RSI: 0000200000000000 RDI: 0000000000000003 [ 245.791625][ T8661] RBP: 00007f1ccc013f91 R08: 0000000000000000 R09: 0000000000000000 [ 245.791636][ T8661] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 245.791647][ T8661] R13: 00007f1ccc1e6038 R14: 00007f1ccc1e5fa0 R15: 00007fff37c4e098 [ 245.791672][ T8661] [ 246.728261][ T30] audit: type=1800 audit(4294967334.101:6): pid=8675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.558" name="dbroot" dev="configfs" ino=25022 res=0 errno=0 [ 247.645717][ T30] audit: type=1804 audit(4294967335.036:7): pid=8696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.562" name="/newroot/134/file0" dev="tmpfs" ino=714 res=1 errno=0 [ 248.491377][ T8705] netlink: 28 bytes leftover after parsing attributes in process `syz.0.565'. [ 249.451321][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807d2f8000: rx timeout, send abort [ 249.651590][ T8723] .^: entered promiscuous mode [ 249.957901][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807d2f8000: abort rx timeout. Force session deactivation [ 250.195057][ T8733] zswap: compressor not available [ 251.446742][ T8776] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 252.876369][ T8799] netlink: 8 bytes leftover after parsing attributes in process `syz.1.582'. [ 254.464769][ T8817] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.585'. [ 255.317841][ T8838] FAULT_INJECTION: forcing a failure. [ 255.317841][ T8838] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 255.385732][ T8838] CPU: 0 UID: 0 PID: 8838 Comm: syz.2.588 Tainted: G L syzkaller #0 PREEMPT(full) [ 255.385763][ T8838] Tainted: [L]=SOFTLOCKUP [ 255.385769][ T8838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 255.385781][ T8838] Call Trace: [ 255.385787][ T8838] [ 255.385794][ T8838] dump_stack_lvl+0x16c/0x1f0 [ 255.385829][ T8838] should_fail_ex+0x512/0x640 [ 255.385856][ T8838] _copy_from_user+0x2e/0xd0 [ 255.385878][ T8838] move_addr_to_kernel+0x65/0x170 [ 255.385900][ T8838] __sys_connect+0xb1/0x160 [ 255.385923][ T8838] ? __pfx___sys_connect+0x10/0x10 [ 255.385953][ T8838] ? xfd_validate_state+0x61/0x180 [ 255.385983][ T8838] __x64_sys_connect+0x72/0xb0 [ 255.386004][ T8838] ? lockdep_hardirqs_on+0x7c/0x110 [ 255.386035][ T8838] do_syscall_64+0xcd/0xf80 [ 255.386054][ T8838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.386074][ T8838] RIP: 0033:0x7ff4d3d8f7c9 [ 255.386088][ T8838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.386106][ T8838] RSP: 002b:00007ff4d4ce0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 255.386124][ T8838] RAX: ffffffffffffffda RBX: 00007ff4d3fe5fa0 RCX: 00007ff4d3d8f7c9 [ 255.386137][ T8838] RDX: 0000000000000055 RSI: 00002000000000c0 RDI: 0000000000000003 [ 255.386148][ T8838] RBP: 00007ff4d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 255.386159][ T8838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 255.386170][ T8838] R13: 00007ff4d3fe6038 R14: 00007ff4d3fe5fa0 R15: 00007ffcdee3bde8 [ 255.386195][ T8838] [ 256.335078][ T30] audit: type=1800 audit(4294967343.761:8): pid=8867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.594" name="lu_gp_id" dev="configfs" ino=26337 res=0 errno=0 [ 257.141187][ T30] audit: type=1800 audit(4294967344.566:9): pid=8882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.594" name="lu_gp_id" dev="configfs" ino=26419 res=0 errno=0 [ 257.793009][ T30] audit: type=1326 audit(4294967345.229:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8880 comm="syz.1.596" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1ccbf8f7c9 code=0x0 [ 259.346828][ T8890] futex_wake_op: syz.2.597 tries to shift op by -2048; fix this program [ 260.072847][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.081900][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.227155][ T8910] netlink: 28 bytes leftover after parsing attributes in process `syz.1.603'. [ 264.125796][ T52] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 264.804165][ T8986] netlink: 'syz.1.619': attribute type 33 has an invalid length. [ 264.912520][ T8998] netlink: 'syz.1.619': attribute type 33 has an invalid length. [ 265.659665][ T9018] futex_wake_op: syz.2.623 tries to shift op by -2048; fix this program [ 265.760979][ T9018] futex_wake_op: syz.2.623 tries to shift op by -2048; fix this program [ 266.582103][ T9032] mkiss: ax0: crc mode is auto. [ 268.879672][ T9067] netlink: 504 bytes leftover after parsing attributes in process `syz.2.628'. [ 269.591124][ T9035] netlink: 504 bytes leftover after parsing attributes in process `syz.2.628'. [ 272.878366][ T9128] netlink: 28 bytes leftover after parsing attributes in process `syz.0.642'. [ 273.062859][ T9128] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 273.100916][ T9128] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.670654][ T9163] netlink: 28 bytes leftover after parsing attributes in process `syz.2.650'. [ 274.877176][ T9151] Process accounting paused [ 275.080519][ T9173] netlink: 322 bytes leftover after parsing attributes in process `syz.1.653'. [ 276.384963][ T9177] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 276.431099][ T9177] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 276.472187][ T9177] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 276.753591][ T9185] netlink: 12 bytes leftover after parsing attributes in process `syz.1.655'. [ 277.080425][ T9185] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 277.845754][ T9204] busy [ 277.848610][ T9204] busy [ 277.851311][ T9204] busy [ 279.108734][ T9218] futex_wake_op: syz.1.662 tries to shift op by -2048; fix this program [ 279.951116][ T9238] netlink: 28 bytes leftover after parsing attributes in process `syz.1.666'. [ 280.641320][ T9242] FAULT_INJECTION: forcing a failure. [ 280.641320][ T9242] name failslab, interval 1, probability 0, space 0, times 0 [ 280.691790][ T9242] CPU: 0 UID: 0 PID: 9242 Comm: syz.2.667 Tainted: G L syzkaller #0 PREEMPT(full) [ 280.691821][ T9242] Tainted: [L]=SOFTLOCKUP [ 280.691828][ T9242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 280.691839][ T9242] Call Trace: [ 280.691846][ T9242] [ 280.691853][ T9242] dump_stack_lvl+0x16c/0x1f0 [ 280.691889][ T9242] should_fail_ex+0x512/0x640 [ 280.691912][ T9242] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 280.691939][ T9242] should_failslab+0xc2/0x120 [ 280.691969][ T9242] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 280.691992][ T9242] ? __lock_acquire+0x436/0x2890 [ 280.692011][ T9242] ? shmem_alloc_inode+0x25/0x50 [ 280.692041][ T9242] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 280.692067][ T9242] ? shmem_alloc_inode+0x25/0x50 [ 280.692092][ T9242] shmem_alloc_inode+0x25/0x50 [ 280.692118][ T9242] alloc_inode+0x64/0x240 [ 280.692141][ T9242] new_inode+0x22/0x1c0 [ 280.692164][ T9242] shmem_get_inode+0x19a/0xfb0 [ 280.692198][ T9242] shmem_tmpfile+0x58/0x180 [ 280.692228][ T9242] vfs_tmpfile+0x2be/0x9b0 [ 280.692263][ T9242] path_openat+0x1936/0x3140 [ 280.692290][ T9242] ? do_syscall_64+0xcd/0xf80 [ 280.692306][ T9242] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.692333][ T9242] ? __pfx_path_openat+0x10/0x10 [ 280.692367][ T9242] ? __lock_acquire+0x436/0x2890 [ 280.692387][ T9242] do_filp_open+0x20b/0x470 [ 280.692417][ T9242] ? __pfx_do_filp_open+0x10/0x10 [ 280.692463][ T9242] ? _raw_spin_unlock+0x28/0x50 [ 280.692489][ T9242] ? alloc_fd+0x471/0x7d0 [ 280.692524][ T9242] do_sys_openat2+0x121/0x290 [ 280.692546][ T9242] ? __pfx_do_sys_openat2+0x10/0x10 [ 280.692569][ T9242] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 280.692604][ T9242] __x64_sys_open+0x153/0x1e0 [ 280.692626][ T9242] ? __pfx___x64_sys_open+0x10/0x10 [ 280.692653][ T9242] ? rcu_is_watching+0x12/0xc0 [ 280.692691][ T9242] do_syscall_64+0xcd/0xf80 [ 280.692710][ T9242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.692729][ T9242] RIP: 0033:0x7ff4d3d8f7c9 [ 280.692744][ T9242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.692762][ T9242] RSP: 002b:00007ff4d4ce0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 280.692780][ T9242] RAX: ffffffffffffffda RBX: 00007ff4d3fe5fa0 RCX: 00007ff4d3d8f7c9 [ 280.692792][ T9242] RDX: 0000000000000408 RSI: 0000000000591002 RDI: 0000200000000100 [ 280.692804][ T9242] RBP: 00007ff4d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 280.692815][ T9242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.692826][ T9242] R13: 00007ff4d3fe6038 R14: 00007ff4d3fe5fa0 R15: 00007ffcdee3bde8 [ 280.692851][ T9242] [ 281.272920][ T5832] Bluetooth: hci4: command 0x1003 tx timeout [ 281.293044][ T52] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 281.840313][ T9250] bridge0: port 2(batadv0) entered blocking state [ 281.895479][ T9250] bridge0: port 2(batadv0) entered disabled state [ 281.932506][ T9250] batadv0: entered allmulticast mode [ 281.962657][ T9250] batadv0: entered promiscuous mode [ 281.990236][ T9250] bridge0: port 2(batadv0) entered blocking state [ 281.996785][ T9250] bridge0: port 2(batadv0) entered forwarding state [ 282.280694][ T9260] futex_wake_op: syz.0.672 tries to shift op by -2048; fix this program [ 282.329745][ T6323] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 282.339303][ T6323] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 282.367262][ T9260] futex_wake_op: syz.0.672 tries to shift op by -2048; fix this program [ 283.095572][ T9271] ================================================================== [ 283.095589][ T9271] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 283.095618][ T9271] Read of size 256 at addr ffff88807ce6a3c0 by task syz.2.675/9271 [ 283.095634][ T9271] [ 283.095646][ T9271] CPU: 0 UID: 0 PID: 9271 Comm: syz.2.675 Tainted: G L syzkaller #0 PREEMPT(full) [ 283.095672][ T9271] Tainted: [L]=SOFTLOCKUP [ 283.095679][ T9271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 283.095690][ T9271] Call Trace: [ 283.095697][ T9271] [ 283.095704][ T9271] dump_stack_lvl+0x116/0x1f0 [ 283.095735][ T9271] print_report+0xcd/0x630 [ 283.095764][ T9271] ? __virt_addr_valid+0x81/0x610 [ 283.095795][ T9271] ? __phys_addr+0xe8/0x180 [ 283.095824][ T9271] ? fbcon_prepare_logo+0xa03/0xc70 [ 283.095845][ T9271] kasan_report+0xe0/0x110 [ 283.095873][ T9271] ? fbcon_prepare_logo+0xa03/0xc70 [ 283.095897][ T9271] kasan_check_range+0x100/0x1b0 [ 283.095917][ T9271] __asan_memcpy+0x23/0x60 [ 283.095940][ T9271] fbcon_prepare_logo+0xa03/0xc70 [ 283.095967][ T9271] fbcon_init+0xda0/0x1930 [ 283.095988][ T9271] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 283.096013][ T9271] visual_init+0x320/0x620 [ 283.096036][ T9271] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 283.096066][ T9271] store_bind+0x61d/0x760 [ 283.096093][ T9271] ? sysfs_file_kobj+0xe4/0x290 [ 283.096125][ T9271] ? __pfx_store_bind+0x10/0x10 [ 283.096150][ T9271] dev_attr_store+0x58/0x80 [ 283.096177][ T9271] ? __pfx_dev_attr_store+0x10/0x10 [ 283.096203][ T9271] sysfs_kf_write+0xf2/0x150 [ 283.096222][ T9271] kernfs_fop_write_iter+0x3af/0x570 [ 283.096267][ T9271] ? __pfx_sysfs_kf_write+0x10/0x10 [ 283.096287][ T9271] iter_file_splice_write+0xa24/0x12b0 [ 283.096326][ T9271] ? __pfx_iter_file_splice_write+0x10/0x10 [ 283.096360][ T9271] ? __pfx_copy_splice_read+0x10/0x10 [ 283.096395][ T9271] ? __pfx_iter_file_splice_write+0x10/0x10 [ 283.096426][ T9271] direct_splice_actor+0x192/0x6c0 [ 283.096456][ T9271] splice_direct_to_actor+0x345/0xa30 [ 283.096486][ T9271] ? __pfx_direct_splice_actor+0x10/0x10 [ 283.096517][ T9271] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 283.096550][ T9271] do_splice_direct+0x174/0x240 [ 283.096579][ T9271] ? __pfx_do_splice_direct+0x10/0x10 [ 283.096607][ T9271] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 283.096637][ T9271] ? rw_verify_area+0xcf/0x6c0 [ 283.096663][ T9271] do_sendfile+0xb06/0xe50 [ 283.096691][ T9271] ? __pfx_do_sendfile+0x10/0x10 [ 283.096719][ T9271] ? __x64_sys_futex+0x1e0/0x4c0 [ 283.096741][ T9271] ? __x64_sys_futex+0x1e9/0x4c0 [ 283.096764][ T9271] __x64_sys_sendfile64+0x1d8/0x220 [ 283.096782][ T9271] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 283.096805][ T9271] do_syscall_64+0xcd/0xf80 [ 283.096823][ T9271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.096842][ T9271] RIP: 0033:0x7ff4d3d8f7c9 [ 283.096857][ T9271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.096876][ T9271] RSP: 002b:00007ff4d4ce0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 283.096894][ T9271] RAX: ffffffffffffffda RBX: 00007ff4d3fe5fa0 RCX: 00007ff4d3d8f7c9 [ 283.096907][ T9271] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000004 [ 283.096919][ T9271] RBP: 00007ff4d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 283.096930][ T9271] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 283.096942][ T9271] R13: 00007ff4d3fe6038 R14: 00007ff4d3fe5fa0 R15: 00007ffcdee3bde8 [ 283.096961][ T9271] [ 283.096968][ T9271] [ 283.096973][ T9271] Allocated by task 5827: [ 283.096982][ T9271] kasan_save_stack+0x33/0x60 [ 283.097006][ T9271] kasan_save_track+0x14/0x30 [ 283.097031][ T9271] __kasan_kmalloc+0xaa/0xb0 [ 283.097054][ T9271] __ipv6_dev_mc_inc+0x2f1/0xbc0 [ 283.097080][ T9271] ipv6_add_dev+0xbb7/0x15f0 [ 283.097108][ T9271] addrconf_notify+0x53e/0x19f0 [ 283.097129][ T9271] notifier_call_chain+0xbc/0x3e0 [ 283.097159][ T9271] call_netdevice_notifiers_info+0xbe/0x110 [ 283.097177][ T9271] register_netdevice+0x1792/0x21d0 [ 283.097204][ T9271] virt_wifi_newlink+0x43e/0xa10 [ 283.097227][ T9271] rtnl_newlink+0xc19/0x1f50 [ 283.097260][ T9271] rtnetlink_rcv_msg+0x95e/0xe90 [ 283.097287][ T9271] netlink_rcv_skb+0x158/0x420 [ 283.097314][ T9271] netlink_unicast+0x5aa/0x870 [ 283.097341][ T9271] netlink_sendmsg+0x8c8/0xdd0 [ 283.097369][ T9271] __sys_sendto+0x4a3/0x520 [ 283.097390][ T9271] __x64_sys_sendto+0xe0/0x1c0 [ 283.097411][ T9271] do_syscall_64+0xcd/0xf80 [ 283.097426][ T9271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.097444][ T9271] [ 283.097448][ T9271] The buggy address belongs to the object at ffff88807ce6a000 [ 283.097448][ T9271] which belongs to the cache kmalloc-512 of size 512 [ 283.097463][ T9271] The buggy address is located 672 bytes to the right of [ 283.097463][ T9271] allocated 288-byte region [ffff88807ce6a000, ffff88807ce6a120) [ 283.097485][ T9271] [ 283.097490][ T9271] The buggy address belongs to the physical page: [ 283.097503][ T9271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ce68 [ 283.097520][ T9271] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 283.097536][ T9271] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 283.097556][ T9271] page_type: f5(slab) [ 283.097572][ T9271] raw: 00fff00000000040 ffff88813ff26c80 dead000000000122 0000000000000000 [ 283.097590][ T9271] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 283.097609][ T9271] head: 00fff00000000040 ffff88813ff26c80 dead000000000122 0000000000000000 [ 283.097627][ T9271] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 283.097645][ T9271] head: 00fff00000000002 ffffea0001f39a01 00000000ffffffff 00000000ffffffff [ 283.097663][ T9271] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 283.097674][ T9271] page dumped because: kasan: bad access detected [ 283.097686][ T9271] page_owner tracks the page as allocated [ 283.097693][ T9271] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5827, tgid 5827 (syz-executor), ts 92577738542, free_ts 92553771050 [ 283.097727][ T9271] post_alloc_hook+0x1af/0x220 [ 283.097748][ T9271] get_page_from_freelist+0xd0b/0x31a0 [ 283.097770][ T9271] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 283.097793][ T9271] alloc_pages_mpol+0x1fb/0x550 [ 283.097821][ T9271] new_slab+0x2c3/0x430 [ 283.097838][ T9271] ___slab_alloc+0xe18/0x1c90 [ 283.097856][ T9271] __slab_alloc.constprop.0+0x63/0x110 [ 283.097876][ T9271] __kmalloc_cache_noprof+0x485/0x800 [ 283.097895][ T9271] __ipv6_dev_mc_inc+0x2f1/0xbc0 [ 283.097921][ T9271] ipv6_add_dev+0xbb7/0x15f0 [ 283.097948][ T9271] addrconf_notify+0x53e/0x19f0 [ 283.097969][ T9271] notifier_call_chain+0xbc/0x3e0 [ 283.097999][ T9271] call_netdevice_notifiers_info+0xbe/0x110 [ 283.098017][ T9271] register_netdevice+0x1792/0x21d0 [ 283.098045][ T9271] veth_newlink+0x44d/0xa00 [ 283.098071][ T9271] rtnl_newlink+0xc19/0x1f50 [ 283.098097][ T9271] page last free pid 5828 tgid 5828 stack trace: [ 283.098107][ T9271] __free_frozen_pages+0x7df/0x1170 [ 283.098124][ T9271] __put_partials+0x130/0x170 [ 283.098143][ T9271] qlist_free_all+0x4c/0xf0 [ 283.098166][ T9271] kasan_quarantine_reduce+0x195/0x1e0 [ 283.098190][ T9271] __kasan_slab_alloc+0x69/0x90 [ 283.098216][ T9271] __kmalloc_cache_noprof+0x282/0x800 [ 283.098236][ T9271] ref_tracker_alloc+0x18e/0x5b0 [ 283.098263][ T9271] netdev_queue_update_kobjects+0x2db/0x710 [ 283.098282][ T9271] netdev_register_kobject+0x2b3/0x3d0 [ 283.098299][ T9271] register_netdevice+0x13ac/0x21d0 [ 283.098328][ T9271] veth_newlink+0x44d/0xa00 [ 283.098353][ T9271] rtnl_newlink+0xc19/0x1f50 [ 283.098380][ T9271] rtnetlink_rcv_msg+0x95e/0xe90 [ 283.098407][ T9271] netlink_rcv_skb+0x158/0x420 [ 283.098434][ T9271] netlink_unicast+0x5aa/0x870 [ 283.098462][ T9271] netlink_sendmsg+0x8c8/0xdd0 [ 283.098489][ T9271] [ 283.098494][ T9271] Memory state around the buggy address: [ 283.098503][ T9271] ffff88807ce6a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 283.098517][ T9271] ffff88807ce6a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 283.098531][ T9271] >ffff88807ce6a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 283.098541][ T9271] ^ [ 283.098552][ T9271] ffff88807ce6a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.098565][ T9271] ffff88807ce6a480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 283.098576][ T9271] ================================================================== [ 283.115478][ T9271] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 283.115495][ T9271] CPU: 0 UID: 0 PID: 9271 Comm: syz.2.675 Tainted: G L syzkaller #0 PREEMPT(full) [ 283.115523][ T9271] Tainted: [L]=SOFTLOCKUP [ 283.115530][ T9271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 283.115542][ T9271] Call Trace: [ 283.115548][ T9271] [ 283.115555][ T9271] dump_stack_lvl+0x3d/0x1f0 [ 283.115593][ T9271] vpanic+0x640/0x6f0 [ 283.115613][ T9271] panic+0xca/0xd0 [ 283.115631][ T9271] ? __pfx_panic+0x10/0x10 [ 283.115650][ T9271] ? fbcon_prepare_logo+0xa03/0xc70 [ 283.115672][ T9271] ? preempt_schedule_common+0x44/0xc0 [ 283.115703][ T9271] ? preempt_schedule_thunk+0x16/0x30 [ 283.115724][ T9271] check_panic_on_warn+0xab/0xb0 [ 283.115744][ T9271] end_report+0x107/0x160 [ 283.115773][ T9271] kasan_report+0xee/0x110 [ 283.115803][ T9271] ? fbcon_prepare_logo+0xa03/0xc70 [ 283.115828][ T9271] kasan_check_range+0x100/0x1b0 [ 283.115848][ T9271] __asan_memcpy+0x23/0x60 [ 283.115872][ T9271] fbcon_prepare_logo+0xa03/0xc70 [ 283.115899][ T9271] fbcon_init+0xda0/0x1930 [ 283.115920][ T9271] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 283.115947][ T9271] visual_init+0x320/0x620 [ 283.115970][ T9271] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 283.116001][ T9271] store_bind+0x61d/0x760 [ 283.116029][ T9271] ? sysfs_file_kobj+0xe4/0x290 [ 283.116048][ T9271] ? __pfx_store_bind+0x10/0x10 [ 283.116073][ T9271] dev_attr_store+0x58/0x80 [ 283.116099][ T9271] ? __pfx_dev_attr_store+0x10/0x10 [ 283.116137][ T9271] sysfs_kf_write+0xf2/0x150 [ 283.116156][ T9271] kernfs_fop_write_iter+0x3af/0x570 [ 283.116186][ T9271] ? __pfx_sysfs_kf_write+0x10/0x10 [ 283.116206][ T9271] iter_file_splice_write+0xa24/0x12b0 [ 283.116249][ T9271] ? __pfx_iter_file_splice_write+0x10/0x10 [ 283.116283][ T9271] ? __pfx_copy_splice_read+0x10/0x10 [ 283.116318][ T9271] ? __pfx_iter_file_splice_write+0x10/0x10 [ 283.116349][ T9271] direct_splice_actor+0x192/0x6c0 [ 283.116380][ T9271] splice_direct_to_actor+0x345/0xa30 [ 283.116409][ T9271] ? __pfx_direct_splice_actor+0x10/0x10 [ 283.116442][ T9271] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 283.116475][ T9271] do_splice_direct+0x174/0x240 [ 283.116503][ T9271] ? __pfx_do_splice_direct+0x10/0x10 [ 283.116532][ T9271] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 283.116562][ T9271] ? rw_verify_area+0xcf/0x6c0 [ 283.116588][ T9271] do_sendfile+0xb06/0xe50 [ 283.116616][ T9271] ? __pfx_do_sendfile+0x10/0x10 [ 283.116644][ T9271] ? __x64_sys_futex+0x1e0/0x4c0 [ 283.116667][ T9271] ? __x64_sys_futex+0x1e9/0x4c0 [ 283.116691][ T9271] __x64_sys_sendfile64+0x1d8/0x220 [ 283.116710][ T9271] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 283.116733][ T9271] do_syscall_64+0xcd/0xf80 [ 283.116751][ T9271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.116771][ T9271] RIP: 0033:0x7ff4d3d8f7c9 [ 283.116785][ T9271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.116805][ T9271] RSP: 002b:00007ff4d4ce0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 283.116824][ T9271] RAX: ffffffffffffffda RBX: 00007ff4d3fe5fa0 RCX: 00007ff4d3d8f7c9 [ 283.116837][ T9271] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000004 [ 283.116849][ T9271] RBP: 00007ff4d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 283.116861][ T9271] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 283.116873][ T9271] R13: 00007ff4d3fe6038 R14: 00007ff4d3fe5fa0 R15: 00007ffcdee3bde8 [ 283.116893][ T9271] [ 283.116951][ T9271] Kernel Offset: disabled