last executing test programs: 9.486214846s ago: executing program 2 (id=413): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) write$auto(r0, &(0x7f0000000040)='0\x00\\9(\xba\xea\x99\xfc|U\x1c\xc7k', 0x81) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x2, 0x0) socket(0x2, 0x1, 0x0) r1 = epoll_create$auto(0x7) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_clone(0x5000400, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid$auto(r3, r3) epoll_ctl$auto(0x5, 0x1, r2, 0x0) epoll_wait$auto(r1, 0x0, 0xe007, 0xe8a4e409) fchdir$auto(0xffffffffffffffff) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/pagemap\x00', 0x600, 0x0) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x20000000008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020006, 0x3, 0x11, 0xfffffffffffffffa, 0x8000) unshare$auto(0x20000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/timer_source\x00', 0x20080, 0x0) unshare$auto(0x10) 8.313015762s ago: executing program 3 (id=416): ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, &(0x7f0000000080)={0x5, 0xfff8, 0x3, 0x9, 0x1, 0x0}) r1 = prctl$auto(0x3e, 0x1, r0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) setsockopt$auto(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x5) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram10\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd5\x00', 0x26000, 0x0) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) mmap$auto(0xffffffffffffffff, 0x5, 0x7, 0xbe, 0xffffffffffffffff, 0x7ffe) sysfs$auto(0x2, 0x23, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) close_range$auto(0x2, 0xa, 0x0) getcwd$auto(0x0, 0xff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x121342, 0x130) open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) 8.151365388s ago: executing program 2 (id=417): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) r1 = socket(0x2, 0x1, 0x106) setsockopt$auto(r1, 0x6, 0xd, 0x0, 0x4) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x8000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram10\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd5\x00', 0x26000, 0x0) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = openat$auto_transaction_log_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x121002, 0x0) read$auto_transaction_log_fops_(r4, &(0x7f0000000100)=""/3, 0x3) mmap$auto(0xffffffffffffffff, 0x5, 0x7, 0xbe, 0xffffffffffffffff, 0x7ffe) sysfs$auto(0x2, 0x23, 0x0) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20201, 0x0) prctl$auto_PR_SVE_GET_VL(0x33, 0x4, 0x0, 0xcbf, 0x7) write$auto(r5, 0x0, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) close_range$auto(0x2, 0xa, 0x0) getcwd$auto(0x0, 0xff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/loop13/queue/max_sectors_kb\x00', 0x109206, 0x0) 8.107426514s ago: executing program 1 (id=418): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda\x00', 0x14fa02, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) pipe$auto(0x0) select$auto(0x9, 0x0, 0x0, &(0x7f0000000040)={[0xc, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x9, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0x1]}, 0x0) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) r0 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r0, 0x0, 0x3) vmsplice$auto(0x2, &(0x7f00000000c0)={0x0, 0x7f}, 0x8000000000000001, 0x0) r1 = open$dir(0x0, 0x10000, 0x6) prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) pwritev$auto(r1, 0x0, 0x2, 0xfffffffffffff274, 0x6) msgget$auto(0xc, 0x77d9) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_USBDEVFS_RELEASEINTERFACE(0xffffffffffffffff, 0x80045510, 0x0) sendto$auto(0x3, 0x0, 0x1, 0x101, 0x0, 0x1c) ioctl$auto(0x3, 0x541b, 0x38) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\x00\x80\x00\x00\x00\x00\x00\x00j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r2 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/user\x00') getdents$auto(r2, 0x0, 0xa2b0) msgrcv$auto(0x0, 0x0, 0xff9, 0x0, 0x3) syz_genetlink_get_family_id$auto_net_dm(0x0, 0xffffffffffffffff) 7.857541332s ago: executing program 0 (id=419): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) write$auto(r0, &(0x7f0000000040)='0\x00\\9(\xba\xea\x99\xfc|U\x1c\xc7k', 0x81) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x2, 0x0) socket(0x2, 0x1, 0x0) sysfs$auto(0x2, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_clone(0x5000400, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid$auto(r2, r2) epoll_ctl$auto(0x5, 0x1, r1, 0x0) epoll_wait$auto(0xffffffffffffffff, 0x0, 0xe007, 0xe8a4e409) fchdir$auto(0xffffffffffffffff) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/pagemap\x00', 0x600, 0x0) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x20000000008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020006, 0x3, 0x11, 0xfffffffffffffffa, 0x8000) unshare$auto(0x20000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/timer_source\x00', 0x20080, 0x0) unshare$auto(0x10) 6.517047202s ago: executing program 1 (id=420): socket(0x2, 0xa, 0x0) r0 = socket(0xa25568bba8a81b74, 0x1, 0x203) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, 0x0, 0x4000) bind$auto(r0, &(0x7f0000000180)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@hci={0x1f, 0x2}, 0x55) close_range$auto(0x0, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0xdb3, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u50x0}) r1 = prctl$auto(0x3e, 0x1, r0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) setsockopt$auto(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x5) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram10\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd5\x00', 0x26000, 0x0) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) mmap$auto(0xffffffffffffffff, 0x5, 0x7, 0xbe, 0xffffffffffffffff, 0x7ffe) sysfs$auto(0x2, 0x23, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) close_range$auto(0x2, 0xa, 0x0) getcwd$auto(0x0, 0xff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x121342, 0x130) open(0x0, 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) 6.373111277s ago: executing program 0 (id=422): ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, &(0x7f0000000080)={0x5, 0xfff8, 0x3, 0x9, 0x1, 0x0}) r1 = prctl$auto(0x3e, 0x1, r0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) setsockopt$auto(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x5) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram10\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd5\x00', 0x26000, 0x0) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) mmap$auto(0xffffffffffffffff, 0x5, 0x7, 0xbe, 0xffffffffffffffff, 0x7ffe) sysfs$auto(0x2, 0x23, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) close_range$auto(0x2, 0xa, 0x0) getcwd$auto(0x0, 0xff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x121342, 0x130) open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) 6.267144924s ago: executing program 2 (id=423): unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) prctl$auto(0x1, 0x6, 0x0, 0x0, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x6, 0x100005, 0x843, 0x3, 0x2) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) read$auto(0x3, 0x0, 0x5) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/sched_rt_period_us\x00', 0x101202, 0x0) sendfile$auto(r1, r1, 0x0, 0x8) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) unshare$auto(0x40000080) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/debug/block/loop15/hctx0/sched_tags\x00', 0x169100, 0x0) pread64$auto(r4, 0x0, 0x5000f42a, 0x100) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRESDEC=r2, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) 4.83346324s ago: executing program 3 (id=424): sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x4000050) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2404c000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x80, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) set_mempolicy$auto(0x6, 0x0, 0x4) close_range$auto(r0, 0x8, 0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(r1, &(0x7f0000001a80)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001a00)={&(0x7f0000001ac0)=ANY=[@ANYBLOB="e80c0000", @ANYRES16=0x0, @ANYBLOB="020025bd7000ffdbdf2502000000d30c0a807c01d88014000a00000000000000000000000000000000018c5e7904b62ded848c5a778ccb9fcd960d5745f5cea399f1393201d03ff61c8faad2714a3f3cb434cf059ecaabcadab9b937fa6270f5834c8977b164f51f8a5010c2391b321a51ed2e59e62b82050afea490c39f241c0bccc4eca2a23856a7463f5922c1e87d7c003922ae40afeb062934923dd36f2ebb228b936966e22c6ef66079c2fc3021977473b17d917d82c4b34eb65f20bd151f080442ea1e9e9145df1e2826836b038d77a91cf3bc1c8e336491d9e593c9de15e694a026b12d4b60593ccff1177b10e75c4ddc060f10dd75faa446540cd4d2789346397d7ec6ef83a74728f306d8a679df003a270e6bbe6d9d34a5c5bff4578c2b78df5f7a0108d105b44a38f769e5a4266a314301bc9d1f94d274645b0c1e5912937fa615ad900e00f090e3c8983552b54cea92f0821b21b88777ffb0b5bf967a7fb3d02a41fdbbbb8516b63c42db43e832d8619d2907d24873200a68c154338a239ec64a0400f8800400e580cea3b1eb5035f2ada7a6b369d9cae80acbce4557f0a5750e99a779e2b15337c19c29137b5f3c8b42c22922d5fc413ad50eac5db9d9600a977494ac571a4cc04d4ef62f297b19171852125f670e0986874ebd14c9069aa95a53648686fd3687a6e1b112d0f14449ee614bc9253faa00f7e2cb1278c5cb429df67247106ca66808003300ffffffffa2e51c731e48c1c636ffffe1588d1951c13ab2c929acd0618de874f0990a4b800400748014000500fe88000000000000000000000000000104004680a00d8ff41cccbf55c36b5d5793b6ad42435e2cc5368e1f7460d84ab4104519e965f9ddc2952e5c7833887d56fbf664f0c427fe74c8e656a2c630037a9b04033ce61f32864a8ca1909fb177864116d7e5b835df404cde2e7b18d069155563fbbe8c295df3fb0e4b465f9ad68cac8994bd7cb152b40f837efa7f8155c887cc82b77054893cb8183bd7d5283ad5b395492caad2d0e6114d4d314b6968b6858a1e20094f7e7c5243ebbaea2f639e9f0bf971a18f68326f7844933654971c4f0156eb94fd978407a40ea23d0e0fbfcd88be971646869ca13f179a0b673ae041c9c02e32a32dd05530f6c35ae0c5b7dcb4bb265fcf856a030b981bb322d4928329ec5ff77e4ad21dd42b1392491d534b63fb1aae4e2e5f3ffcd818ed6693a63d260bf76118ebdb0907505a66d6c8cd91e916af9c590fad600e3ed0ef3d07e73786b7f9f3c6901110485dca7b11b67b7aa70069d9b8b1192e04635a0b4ce37724474ee0863f57e9ece83eb6b69c2044386c8e8149e937230d3de3008c40677fb8ed85c878f90afc5ed28d2c58376f670287a6bd2a24aee95a20b0919851fdc7452fb1c7b1e250b8da8d0c7531733f26320c71530f76542165aaf05a98cb7dc328de86e9b77f674149b05eed59efa1cb0a824987cb56f39e62a1a2d65013005d04322e5ff87229c40c4646736970a9e738cbe590a0626430a7e5e138ac8c40ab68f912f327690b6a4d6c207470b7c4b3281619f61b3b8584107daba0cbd1dc9070a7b84481d21cb683a0ab9adf8dfd2d25c67eb0bc48b3ec953a666cd3439250e74857a01dad6300bf71ed5663dc21fb8d90bc956356e3d20fedb2869ad670b8d98d41a4434385f98de28c23e21731d643fc52792a72aab4417f9eebf9f9fa4c0a6efbaef5aac281d71d82fde9f23a44424e1ce141ab8187535ac9f11c1c5e6ddcca6efc5ff155b163f525b4cd7e712f4d8fbb53575094c83f1ca4e35aeaa81f677eeba0cf2846bd36bb0eeb1824f4dbb624edd230171a3dcdf639f2abd6a1f37f1a05c7824ad84966ea6d258ec0688a9abd4b6937ce9b6399c0db909f14427acd491832c1eccccde62c6fff59b6dbbe27ba3cfeae11986f08ed7719e612462de5988e5e8a528f1da1607f018c5fcf7314764cc7e6bee02b7651296a31f5d484c9c606964ac7b0eecdd703279a05e6c0203d794e63778e28b89b26a87cc3aba666909b55b11678b86492179e46b628d0af57d813c1176f998bd600e06f46134c85922bb2b8264ac3a1a71345282005f2ae235ad6b7fdfb1ce7aee64f8ed308e9e19b5dcaf289094c026410446cc31cc846947c872b6455afbcb0d99cd814cd51b606646b92af3a81b07dd25a7f7b2fe18bf5ff3489064b54fa1abb9a2c80a4adc93ced65cb3a1379105b22912a1a3da47a26d730ec30333269167b05768b87adb94c84fc4c888676f1a5350d03df3a75873f9d28a9150e3177d68607cbd779049daea4f37e1553e21f66dad10987dd51af2f1f59b47df0f2be4437cf158cbdd3a642d6453a0f83ed71bdc492dadbdc0c50af56a7f8aff757d3ae0fafb3dab14eb93330a0b76ee1db94d810965f4176d4bc8087b790369b89351033e27022479978679c59e5ddcef33a3770df6e6d7338130342e7fb6c13e0fd0813e689bb70ed3a05c377841afeba8ed5044a2cb0cf96799e30c120d55c193ab5ebab1add7bf6558838bfcab15ee29248d4bcb40aeb114e097f8edd3d647c014f68cb547ac73a5087a3f5de4b8822727d17a58d66c4e6fbe61d2e114cc266d3d94d3eae8987196fe922372241e197288fca4984e7bbd53d759fdc4de050c592958990f8acfea1f372df6c50f0d244ed85c19f2cc0b330298a80d50b995321d8585985a7ab7a5c6bb4f6a1a48dc757dc2c69c58f7e175790f1ac0e13d6731cae4d4d64a61d56aa5669e21893c47cdd8342ae69658f98d909f532deb250dde9c80bf2f6a9a66e5b6c4bde12091f543ce9b512bf423f965b0fc52f8218c609454463a2a2d542f23dff19998daeab5ae1b7012faeec6f7b912ab45427ef1242b756b47e810dd856352615f3e1d8998dc1ac5153316243ae2a4e2d9cf9d73a4aeab992294302c85670a37abb38b528000624149591ec596c755daa5d5bf2da6870d058cda6789550a68259b110b81a99c4cbe41eb901cb51ceaeeb704e9c77f19e47012ca35e523971dba1e0318b8862014264ef090b278d8a97f2a768729b44cd5ea820ed1fd06e7c6c16f04c0f1e12637cfbea83a0e54ff58242e5e3d2d7bf316d5832e051172cd1a314eef8969a4c64c2e45b5143e192dde9f3918b2da2f6f4b30a4a7a40df943688aee9b0f40532fc50a3ddfb7d86f71e8a8ca49390fa1113812084284c00133d9de60a69929bb47b0209f57c7eb24f42ec56c0923ca5022e8fc7b0e3889ebe35c55b550b96d1eed78f664bddc383ad13b5aecd83187322c3d1df34c453a9dc2692eb8682d7a52d84222a7197b175016974e561b7a4c808fe0e37fb1e4c5c47a77b2122e175f194f645d5a3fa56472bca44b31bd2e51533d379b68f39977dc2a756e6aa3bfffa5a83e71bbde0ad4a63887a5b2fbe6ef0046350ab304484d361dd113be886b4fabeb64a754eae54e4b76a638a450198d285e63dc939980c27febedea5790724b36ee7c038a2b7c80cec694743f13cd9e65fdef94b7453fe4282864fc85fe17b00e6e37a74aa773af30fbdc00883f44a47260a55a92984a6f8e362d3812e48205751ee40ebe614a66358a42e49f41d3f05b762c9506d9b9ad45cc42aedf35457b98286713e3016722177c82af73a075b74bbb6e2825cf48432df1a5f93c0d7a36db00b78e49e7704ea04ebecc16d9e49e1ea71e7c4cc46d9a3b200820e730f62ffa9c0ff3ee5e88dc8ee715ccf4812f4b8a8eaabc357b0d2ad7c52e03895f36b73d6df24cde8f27c45a711d4f3e082754ae51316105fc0a903bb07023694e5e66ff62878e53d1c9ef148bf886f96db601c6a8f0f181bc644a58b3ac3149afe1c329751ca5b833b645ef5adaa4ef4157f1652b6e9ecdb0009027ec80a27747cc43be7a243e955807b8bcc1a79f730d17dc0ce448c9b62ca48a8707cd4b15493135caaa305402dc969f6ee66a5b8650020df88bf4672cb382cd234fcb91d428ab88b6a794624a1b17c2db145983d5a9cf64dae3591bbb871f60657ff7614a82e0d8d710c5ac07eda7b7b506aa6032751d1b580322cfd0cea771827a2d1f62a003afd5ded7adc414bf828e69f5642a0b0b4652d3987b0226e864cfdb3cdb1dbdfe3e28f3850f7a11a3480c13201adbbae678d36a8bf59923c9b586c3afc5b75b827ade57f643a14595b914c973a369390e6bfb2fe25a488f8967b8d2912c14299b8b4f9d6d8a46c6c6bd54c6c937a45a412bc7311a20162a1ee859a7ec087e3c4895833e0323c4837d09ce4f000672e1fa0ebeb59fb041bcf4d6d46fc508712950a58514d6151b7675cbf7ba9eaaf23cd9e9bf56ab078b56d0ed50b1839e3db54d3420c1b4042dddd7867fcb86f3abed33f49040326091e384f124cc9d0afeceefa55525b630647420f1fb7764ba6909c52d36d58e188e5aa204bc9aa96081303a5d8b8bf603147f0617a97437db03901171e66970c3da108005b00", @ANYRES32=0x0, @ANYBLOB="04002b80adf48e04e73054f71b07a4239ba09ad16e9dce9003cd01e018d9d0ea489e666d38b2ac571a354aadd3b421b6bbaf6679abcf99079928a799cdae635b5a5e829be1c44a06dc28517ecf045ad2b5433644a384b2e2fc573d77a8f1322f17af348a71626c3abc7200000014001c0000000000000000000000ffffe000000100"], 0xce8}, 0x1, 0x0, 0x0, 0x408c4}, 0x99) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) r3 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0xc0842, 0x95) sendfile$auto(r3, r3, 0x0, 0x1) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0xecf, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x7fd, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xf90, 0xfffffffffffffffe, 0x80000000, 0x335b0eef, 0xffffdfffffffff81, 0x4]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x2000000008000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x4bd, 0x0, 0x1000, &(0x7f0000000040)=0x2) write$auto(0xffffffffffffffff, 0x0, 0xfdef) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000127bd7000fcdbdf25f500000006001000010000000400ae00080027004d29000004004a01"], 0x3}, 0x1, 0x0, 0x0, 0x890}, 0x800c5) write$auto(0xffffffffffffffff, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) 4.831703099s ago: executing program 1 (id=432): ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, &(0x7f0000000080)={0x5, 0xfff8, 0x3, 0x9, 0x1, 0x0}) r1 = prctl$auto(0x3e, 0x1, r0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) setsockopt$auto(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x5) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram10\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd5\x00', 0x26000, 0x0) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) mmap$auto(0xffffffffffffffff, 0x5, 0x7, 0xbe, 0xffffffffffffffff, 0x7ffe) sysfs$auto(0x2, 0x23, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) close_range$auto(0x2, 0xa, 0x0) getcwd$auto(0x0, 0xff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x121342, 0x130) open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) 4.617411368s ago: executing program 0 (id=425): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)=""/186, 0xba) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYRESHEX], 0x1ac}}, 0x40000) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time\x00') recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xffffbff9, 0x10, 0x0) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) r2 = io_uring_setup$auto(0x999, 0x0) mmap$auto(0x4, 0x400008, 0xa, 0x9b72, 0xffffffffffffffff, 0x0) setns$auto(r2, 0x173f1891) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r3 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x1a3) socket(0x2, 0x1, 0x106) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) accept$auto(r2, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) write$auto_tty_fops_tty_io(r4, 0x0, 0x0) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, 0x0, 0x40, 0x0) 4.019791965s ago: executing program 0 (id=426): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) write$auto(r0, &(0x7f0000000040)='0\x00\\9(\xba\xea\x99\xfc|U\x1c\xc7k', 0x81) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x2, 0x0) socket(0x2, 0x1, 0x0) r1 = epoll_create$auto(0x7) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_clone(0x5000400, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid$auto(r3, r3) epoll_ctl$auto(0x5, 0x1, r2, 0x0) epoll_wait$auto(r1, 0x0, 0xe007, 0xe8a4e409) fchdir$auto(0xffffffffffffffff) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/pagemap\x00', 0x600, 0x0) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x20000000008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020006, 0x3, 0x11, 0xfffffffffffffffa, 0x8000) unshare$auto(0x20000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/timer_source\x00', 0x20080, 0x0) unshare$auto(0x10) 3.310690307s ago: executing program 2 (id=427): ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, &(0x7f0000000080)={0x5, 0xfff8, 0x3, 0x9, 0x1, 0x0}) r1 = prctl$auto(0x3e, 0x1, r0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) setsockopt$auto(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x5) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram10\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd5\x00', 0x26000, 0x0) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) mmap$auto(0xffffffffffffffff, 0x5, 0x7, 0xbe, 0xffffffffffffffff, 0x7ffe) sysfs$auto(0x2, 0x23, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) close_range$auto(0x2, 0xa, 0x0) getcwd$auto(0x0, 0xff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x121342, 0x130) open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) 2.999584164s ago: executing program 3 (id=428): socket(0x2, 0xa, 0x0) r0 = socket(0xa25568bba8a81b74, 0x1, 0x203) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, 0x0, 0x4000) bind$auto(r0, &(0x7f0000000180)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x6a) socket(0x2a, 0x1, 0x0) close_range$auto(0x0, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0xdb3, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u50x0}) r1 = prctl$auto(0x3e, 0x1, r0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) setsockopt$auto(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x5) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram10\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd5\x00', 0x26000, 0x0) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) mmap$auto(0xffffffffffffffff, 0x5, 0x7, 0xbe, 0xffffffffffffffff, 0x7ffe) sysfs$auto(0x2, 0x23, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) close_range$auto(0x2, 0xa, 0x0) getcwd$auto(0x0, 0xff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x121342, 0x130) open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) 2.149285571s ago: executing program 0 (id=431): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) write$auto(r0, &(0x7f0000000040)='0\x00\\9(\xba\xea\x99\xfc|U\x1c\xc7k', 0x81) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x2, 0x0) socket(0x2, 0x1, 0x0) r1 = epoll_create$auto(0x7) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_clone(0x5000400, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid$auto(r3, r3) epoll_ctl$auto(0x5, 0x1, r2, 0x0) epoll_wait$auto(r1, 0x0, 0xe007, 0xe8a4e409) fchdir$auto(0xffffffffffffffff) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/pagemap\x00', 0x600, 0x0) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x20000000008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020006, 0x3, 0x11, 0xfffffffffffffffa, 0x8000) unshare$auto(0x20000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/timer_source\x00', 0x20080, 0x0) unshare$auto(0x10) 1.953879965s ago: executing program 3 (id=433): ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, &(0x7f0000000080)={0x5, 0xfff8, 0x3, 0x9, 0x1, 0x0}) r1 = prctl$auto(0x3e, 0x1, r0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) setsockopt$auto(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x5) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram10\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd5\x00', 0x26000, 0x0) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) mmap$auto(0xffffffffffffffff, 0x5, 0x7, 0xbe, 0xffffffffffffffff, 0x7ffe) sysfs$auto(0x2, 0x23, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) close_range$auto(0x2, 0xa, 0x0) getcwd$auto(0x0, 0xff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x121342, 0x130) open(0x0, 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) 1.600646238s ago: executing program 2 (id=434): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0x541b, 0xffffffffffffffff) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x12}}, 0x54) getsockopt$auto(r0, 0x84, 0x9, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) ioctl$auto(0x3, 0x541b, 0x38) socket(0xa, 0x1, 0x100) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) ioctl$auto_TIOCGDEV2(r1, 0x5429, 0x0) process_mrelease$auto(0xffffffffffffffff, 0xa) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) mmap$auto(0x1000000000, 0x10000040000b, 0x1000000000000df, 0x4000009b73, r3, 0x8003) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x60800, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0x7]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x7ef) 674.132229ms ago: executing program 1 (id=435): r0 = socket(0x27, 0x3, 0x40007) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), r0) sendmsg$auto_SMC_NETLINK_ADD_UEID(0xffffffffffffffff, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000000200)=ANY=[@ANYRES16, @ANYRESOCT], 0x1230}, 0x1, 0x0, 0x0, 0x4000080}, 0x81) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder1\x00', 0x0, 0x0) ioctl$auto_BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video20\x00', 0x80000, 0x0) bind$auto(r2, 0x0, 0x3) r3 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r3, 0xb) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') socket(0x1e, 0x5, 0x0) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) r4 = pidfd_open$auto(0x1, 0x0) setns(0xffffffffffffffff, 0x4c000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) ioctl$auto_SNDCTL_SYNTH_ID(r3, 0xc08c5114, &(0x7f00000007c0)="719698fe039a99f21f6c") syz_clone3(&(0x7f0000000300)={0x193104480, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, &(0x7f0000000100)=[0x0], 0x1, {r4}}, 0x58) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x80000, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/icmp/ratemask\x00', 0xa0202, 0x0) unshare$auto(0x40000080) setfsuid$auto(0x0) read$auto(0xffffffffffffffff, 0x0, 0x375) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0) pread64$auto(r5, 0x0, 0x8, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x80) 304.535914ms ago: executing program 0 (id=436): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x3, 0x80002020009, 0x7, 0xfa, 0xffffffffffffffff, 0x400) syz_genetlink_get_family_id$auto_ovs_meter(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0x112, 0x80006) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) getsockopt$auto(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/rds/tcp/rds_tcp_sndbuf\x00', 0xa802, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) r3 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0) read$auto_rng_chrdev_ops_core(r4, &(0x7f0000000040)=""/4096, 0xfffffe82) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000b40), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SETHMAC(r5, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x84) sendmsg$auto_SEG6_CMD_DUMPHMAC(r3, &(0x7f0000001040)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000001100)=ANY=[@ANYBLOB, @ANYRES16, @ANYRESDEC=0x0, @ANYRESDEC=r5], 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x4000004) unshare$auto(0x40000080) r6 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r6, &(0x7f0000000000)="c80d1b5d399b58", 0xfdef) mprotect$auto(0x200000000000, 0x806121, 0x8) landlock_create_ruleset$auto(&(0x7f0000000140)={0x100000daa0, 0x401, 0x9}, 0x7ffd, 0x0) pwrite64$auto(r2, &(0x7f0000001180)='C#\x00', 0x6, 0xe) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x3, 0x2) r7 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f00000000c0), r0) sendmsg$auto_IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r7, 0x4, 0x70bd2c, 0x25dfdbfd, {}, [@IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x4}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x7}, @IEEE802154_ATTR_FRAME_RETRIES={0x5, 0x28, 0x7f}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000880}, 0x40081) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x20, r1, 0x200, 0x51bd2e, 0x25dfcbfb, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4) 130.089476ms ago: executing program 2 (id=437): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/teql0/statistics/tx_aborted_errors\x00', 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0xc0100, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0x1e0240, 0x0) read$auto(r1, 0x0, 0x85) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4106, 0x100a) r2 = socket(0xa, 0xa, 0x3) setsockopt$auto_SO_WIFI_STATUS(r2, 0xfffffffc, 0x30, 0x0, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/geneve0/drop_unicast_in_l2_multicast\x00', 0xc1e13b61f74943c7, 0x0) sendfile$auto(r3, r3, 0x0, 0x8) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x21, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) setitimer$auto_ITIMER_PROF(0x2, &(0x7f0000000140)={{0x595b, 0x100}, {0x9, 0x3}}, &(0x7f0000000100)={{0x0, 0x4}, {0x100, 0xf}}) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x309801, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r4, 0x0, 0xfffffdef) mseal$auto(0x0, 0x7dda, 0x0) mmap$auto(0x0, 0x202000d, 0x8000000002, 0xeb1, 0xffffffffffffffff, 0x8000) write$auto(0xffffffffffffffff, &(0x7f000000ac80)='\x00', 0xd) shmget$auto(0x6, 0x8, 0x8) syz_clone3(&(0x7f0000000400)={0x100200, 0x0, 0x0, 0x0, {0x38}, 0x0, 0x0, 0x0, 0x0}, 0x58) 0s ago: executing program 3 (id=438): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) r1 = socket(0x2, 0x1, 0x106) setsockopt$auto(r1, 0x6, 0xd, 0x0, 0x4) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x8000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram10\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd5\x00', 0x26000, 0x0) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = openat$auto_transaction_log_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x121002, 0x0) read$auto_transaction_log_fops_(r4, &(0x7f0000000100)=""/3, 0x3) mmap$auto(0xffffffffffffffff, 0x5, 0x7, 0xbe, 0xffffffffffffffff, 0x7ffe) sysfs$auto(0x2, 0x23, 0x0) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20201, 0x0) prctl$auto_PR_SVE_GET_VL(0x33, 0x4, 0x0, 0xcbf, 0x7) write$auto(r5, 0x0, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) close_range$auto(0x2, 0xa, 0x0) getcwd$auto(0x0, 0xff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/loop13/queue/max_sectors_kb\x00', 0x109206, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.108' (ED25519) to the list of known hosts. [ 76.617623][ T5614] cgroup: Unknown subsys name 'net' [ 76.715976][ T5614] cgroup: Unknown subsys name 'cpuset' [ 76.725519][ T5614] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 78.261179][ T5614] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 80.546316][ T5637] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.557165][ T5642] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.566581][ T5642] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.576310][ T5642] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.577914][ T5637] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.585765][ T5642] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.591341][ T5638] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.601177][ T5642] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.606701][ T5637] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.620263][ T5642] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.621975][ T5638] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.628335][ T5642] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.645178][ T5638] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.648526][ T5642] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.653416][ T5638] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.661340][ T5642] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.667805][ T5638] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.682195][ T5638] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.689443][ T5637] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.698722][ T5638] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.226906][ T5625] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.234398][ T5625] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.241715][ T5625] bridge_slave_0: entered allmulticast mode [ 82.249321][ T5625] bridge_slave_0: entered promiscuous mode [ 82.285055][ T5625] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.292347][ T5625] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.299962][ T5625] bridge_slave_1: entered allmulticast mode [ 82.307095][ T5625] bridge_slave_1: entered promiscuous mode [ 82.336978][ T5628] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.344218][ T5628] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.351364][ T5628] bridge_slave_0: entered allmulticast mode [ 82.358623][ T5628] bridge_slave_0: entered promiscuous mode [ 82.385886][ T5628] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.393186][ T5628] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.400363][ T5628] bridge_slave_1: entered allmulticast mode [ 82.407823][ T5628] bridge_slave_1: entered promiscuous mode [ 82.451747][ T5625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.493026][ T5625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.511504][ T5627] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.518931][ T5627] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.526234][ T5627] bridge_slave_0: entered allmulticast mode [ 82.533604][ T5627] bridge_slave_0: entered promiscuous mode [ 82.552960][ T5628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.572083][ T5627] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.579666][ T5627] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.587098][ T5627] bridge_slave_1: entered allmulticast mode [ 82.594648][ T5627] bridge_slave_1: entered promiscuous mode [ 82.601724][ T5626] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.609147][ T5626] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.616718][ T5626] bridge_slave_0: entered allmulticast mode [ 82.623960][ T5626] bridge_slave_0: entered promiscuous mode [ 82.633584][ T5628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.645096][ T5625] team0: Port device team_slave_0 added [ 82.659646][ T5626] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.667117][ T5626] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.674773][ T5626] bridge_slave_1: entered allmulticast mode [ 82.681871][ T5626] bridge_slave_1: entered promiscuous mode [ 82.700852][ T5625] team0: Port device team_slave_1 added [ 82.713333][ T5629] Bluetooth: hci3: command tx timeout [ 82.713549][ T5642] Bluetooth: hci2: command tx timeout [ 82.762063][ T5627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.782689][ T5628] team0: Port device team_slave_0 added [ 82.793323][ T5642] Bluetooth: hci1: command tx timeout [ 82.793654][ T5629] Bluetooth: hci0: command tx timeout [ 82.811199][ T5627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.824069][ T5626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.835627][ T5628] team0: Port device team_slave_1 added [ 82.848568][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.855927][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.881937][ T5625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.905823][ T5626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.926391][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.933681][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.959839][ T5625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.010136][ T5627] team0: Port device team_slave_0 added [ 83.027343][ T5628] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.034973][ T5628] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.061381][ T5628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.076086][ T5627] team0: Port device team_slave_1 added [ 83.083667][ T5626] team0: Port device team_slave_0 added [ 83.089993][ T5628] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.097069][ T5628] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.124015][ T5628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.158545][ T5626] team0: Port device team_slave_1 added [ 83.217097][ T5625] hsr_slave_0: entered promiscuous mode [ 83.223598][ T5625] hsr_slave_1: entered promiscuous mode [ 83.230569][ T5627] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.237757][ T5627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.263878][ T5627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.275487][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.282658][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.308857][ T5626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.339606][ T5627] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.346699][ T5627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.372994][ T5627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.384645][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.391699][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.417679][ T5626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.441573][ T5628] hsr_slave_0: entered promiscuous mode [ 83.447961][ T5628] hsr_slave_1: entered promiscuous mode [ 83.454313][ T5628] debugfs: 'hsr0' already exists in 'hsr' [ 83.460384][ T5628] Cannot create hsr debugfs directory [ 83.602205][ T5626] hsr_slave_0: entered promiscuous mode [ 83.608625][ T5626] hsr_slave_1: entered promiscuous mode [ 83.615366][ T5626] debugfs: 'hsr0' already exists in 'hsr' [ 83.621112][ T5626] Cannot create hsr debugfs directory [ 83.642274][ T5627] hsr_slave_0: entered promiscuous mode [ 83.648793][ T5627] hsr_slave_1: entered promiscuous mode [ 83.655261][ T5627] debugfs: 'hsr0' already exists in 'hsr' [ 83.661046][ T5627] Cannot create hsr debugfs directory [ 84.014208][ T5625] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 84.029457][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 84.037994][ T5625] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 84.049567][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 84.075509][ T5625] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 84.085836][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 84.111996][ T5625] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 84.124353][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 84.182679][ T5628] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 84.195963][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 84.210747][ T5628] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.226299][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 84.234514][ T5628] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.244585][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 84.253039][ T5628] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.263282][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 84.359841][ T5626] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.369718][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 84.377956][ T5626] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.388467][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 84.397066][ T5626] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.408625][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 84.417810][ T5626] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.427569][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 84.524156][ T5627] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.535271][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 84.543986][ T5627] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.555719][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 84.563991][ T5627] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.574562][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 84.583328][ T5627] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.592348][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 84.709004][ T5628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.721544][ T5625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.763860][ T5625] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.791222][ T151] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.793704][ T5629] Bluetooth: hci2: command tx timeout [ 84.799197][ T151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.812208][ T5629] Bluetooth: hci3: command tx timeout [ 84.817844][ T5628] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.846698][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.853849][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.864713][ T151] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.871921][ T151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.879785][ T5629] Bluetooth: hci1: command tx timeout [ 84.885495][ T5642] Bluetooth: hci0: command tx timeout [ 84.895158][ T5626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.926599][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.933756][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.965435][ T5626] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.997107][ T151] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.004325][ T151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.037545][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.044779][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.080680][ T5627] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.099876][ T5625] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.206894][ T5627] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.265233][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.273124][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.326339][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.333579][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.080174][ T5628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.121769][ T5625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.303647][ T5625] veth0_vlan: entered promiscuous mode [ 86.335674][ T5628] veth0_vlan: entered promiscuous mode [ 86.356989][ T5626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.376069][ T5625] veth1_vlan: entered promiscuous mode [ 86.387424][ T5628] veth1_vlan: entered promiscuous mode [ 86.431943][ T5627] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.487912][ T5625] veth0_macvtap: entered promiscuous mode [ 86.510287][ T5625] veth1_macvtap: entered promiscuous mode [ 86.538687][ T5628] veth0_macvtap: entered promiscuous mode [ 86.556262][ T5626] veth0_vlan: entered promiscuous mode [ 86.573604][ T5628] veth1_macvtap: entered promiscuous mode [ 86.614662][ T5626] veth1_vlan: entered promiscuous mode [ 86.622240][ T5627] veth0_vlan: entered promiscuous mode [ 86.631157][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.660527][ T5628] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.671058][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.696684][ T5627] veth1_vlan: entered promiscuous mode [ 86.707488][ T5628] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.729908][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.740225][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.761750][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.771056][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.788914][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.798364][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.813773][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.838388][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.873639][ T5642] Bluetooth: hci2: command tx timeout [ 86.878622][ T5629] Bluetooth: hci3: command tx timeout [ 86.943794][ T5626] veth0_macvtap: entered promiscuous mode [ 86.952773][ T5629] Bluetooth: hci1: command tx timeout [ 86.952798][ T5642] Bluetooth: hci0: command tx timeout [ 86.966480][ T5627] veth0_macvtap: entered promiscuous mode [ 87.036879][ T5626] veth1_macvtap: entered promiscuous mode [ 87.062704][ T5627] veth1_macvtap: entered promiscuous mode [ 87.100536][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.126328][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.152602][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.170223][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.173193][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.234196][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.251729][ T5627] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.282136][ T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.293700][ T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.325157][ T5627] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.333399][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.347873][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.385711][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.397932][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.419633][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.427577][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.437816][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.448313][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.459122][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.469134][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.515788][ T5625] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 87.740605][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.754976][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.806926][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.823861][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.922716][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.938600][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.940046][ T5783] ecryptfs_parse_packet_length: Error parsing packet length [ 87.967249][ T5783] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 88.057805][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.086694][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.300556][ T5789] zram: Removed device: zram0 [ 88.586274][ T5797] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 88.952856][ T5642] Bluetooth: hci2: command tx timeout [ 88.954809][ T5629] Bluetooth: hci3: command tx timeout [ 89.032736][ T5629] Bluetooth: hci0: command tx timeout [ 89.032761][ T5642] Bluetooth: hci1: command tx timeout [ 90.786079][ T5828] netlink: 338 bytes leftover after parsing attributes in process `syz.3.9'. [ 90.786466][ T5828] Zero length message leads to an empty skb [ 90.966632][ T5828] netlink: 338 bytes leftover after parsing attributes in process `syz.3.9'. [ 92.102962][ T808] cfg80211: failed to load regulatory.db [ 92.240519][ T5844] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 92.547577][ T5854] process 'syz.0.12' launched '/dev/fd/8/./file0' with NULL argv: empty string added [ 93.867585][ T5865] vivid-007: ================= START STATUS ================= [ 93.901152][ T5865] vivid-007: Generate PTS: true [ 93.923761][ T5865] vivid-007: Generate SCR: true [ 93.945716][ T5865] tpg source WxH: 320x240 (Y'CbCr) [ 93.969797][ T5865] tpg field: 1 [ 93.980327][ T5865] tpg crop: (0,0)/320x240 [ 94.002771][ T5865] tpg compose: (0,0)/320x240 [ 94.019459][ T5865] tpg colorspace: 8 [ 94.069147][ T5865] tpg transfer function: 0/0 [ 94.115665][ T5865] tpg Y'CbCr encoding: 0/0 [ 94.127522][ T5865] tpg quantization: 0/0 [ 94.153857][ T5865] tpg RGB range: 0/2 [ 94.161599][ T5865] vivid-007: ================== END STATUS ================== [ 94.511395][ T5868] netlink: 342 bytes leftover after parsing attributes in process `syz.1.13'. [ 96.259929][ T5898] workqueue: name exceeds WQ_NAME_LEN. Truncating to: ›11!phy1!netdev:wlan1!rc_rateid [ 96.613155][ T5901] sysfs: cannot create duplicate filename '/class/ieee80211/›11!phy1!netdev:wlan1!rc_rateidx_mcs_mask' [ 96.626714][ T5901] CPU: 0 UID: 0 PID: 5901 Comm: syz.1.19 Not tainted syzkaller #0 PREEMPT(full) [ 96.626754][ T5901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 96.626779][ T5901] Call Trace: [ 96.626788][ T5901] [ 96.626798][ T5901] dump_stack_lvl+0x100/0x190 [ 96.626846][ T5901] sysfs_warn_dup.cold+0x1c/0x28 [ 96.626891][ T5901] sysfs_do_create_link_sd+0x113/0x140 [ 96.626937][ T5901] sysfs_create_link+0x61/0xc0 [ 96.626980][ T5901] device_add+0x675/0x1970 [ 96.627027][ T5901] ? __pfx_device_add+0x10/0x10 [ 96.627069][ T5901] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 96.627114][ T5901] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 96.627154][ T5901] wiphy_register+0x2151/0x3110 [ 96.627227][ T5901] ? __pfx_wiphy_register+0x10/0x10 [ 96.627267][ T5901] ? __asan_memset+0x23/0x50 [ 96.627299][ T5901] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 96.627347][ T5901] ieee80211_register_hw+0x3053/0x4580 [ 96.627398][ T5901] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 96.627428][ T5901] ? __pfx___debug_object_init+0x10/0x10 [ 96.627479][ T5901] ? find_held_lock+0x2b/0x80 [ 96.627519][ T5901] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 96.627564][ T5901] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 96.627592][ T5901] ? __hrtimer_setup+0x208/0x330 [ 96.627628][ T5901] mac80211_hwsim_new_radio+0x2acc/0x64c0 [ 96.627688][ T5901] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 96.627727][ T5901] ? __asan_memcpy+0x3c/0x60 [ 96.627762][ T5901] hwsim_new_radio_nl+0xc6b/0x13f0 [ 96.627801][ T5901] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 96.627847][ T5901] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 96.627895][ T5901] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 96.627937][ T5901] genl_family_rcv_msg_doit+0x214/0x300 [ 96.627973][ T5901] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 96.628004][ T5901] ? genl_get_cmd+0x3e7/0x760 [ 96.628042][ T5901] ? bpf_lsm_capable+0x9/0x10 [ 96.628074][ T5901] ? security_capable+0x80/0x260 [ 96.628105][ T5901] ? ns_capable+0xd2/0xf0 [ 96.628138][ T5901] genl_rcv_msg+0x560/0x800 [ 96.628167][ T5901] ? __pfx_genl_rcv_msg+0x10/0x10 [ 96.628212][ T5901] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 96.628259][ T5901] netlink_rcv_skb+0x159/0x420 [ 96.628301][ T5901] ? __pfx_genl_rcv_msg+0x10/0x10 [ 96.628341][ T5901] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 96.628377][ T5901] ? netlink_deliver_tap+0x1ae/0xcc0 [ 96.628402][ T5901] genl_rcv+0x28/0x40 [ 96.628415][ T5901] netlink_unicast+0x585/0x850 [ 96.628440][ T5901] ? __pfx_netlink_unicast+0x10/0x10 [ 96.628470][ T5901] netlink_sendmsg+0x8b0/0xda0 [ 96.628497][ T5901] ? __pfx_netlink_sendmsg+0x10/0x10 [ 96.628524][ T5901] ? apparmor_socket_sendmsg+0x15b/0x270 [ 96.628543][ T5901] ____sys_sendmsg+0xa4d/0xbe0 [ 96.628564][ T5901] ? __pfx_netlink_sendmsg+0x10/0x10 [ 96.628589][ T5901] ? __pfx_____sys_sendmsg+0x10/0x10 [ 96.628614][ T5901] ? rcu_is_watching+0x12/0xc0 [ 96.628634][ T5901] ? ___sys_sendmsg+0x19d/0x1e0 [ 96.628663][ T5901] ? kfree+0x1e5/0x6c0 [ 96.628684][ T5901] ___sys_sendmsg+0x190/0x1e0 [ 96.628710][ T5901] ? __pfx____sys_sendmsg+0x10/0x10 [ 96.628752][ T5901] ? __pfx___might_resched+0x10/0x10 [ 96.628781][ T5901] __sys_sendmmsg+0x20c/0x440 [ 96.628802][ T5901] ? __pfx___sys_sendmmsg+0x10/0x10 [ 96.628820][ T5901] ? __lock_acquire+0x49f/0x1a40 [ 96.628848][ T5901] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 96.628873][ T5901] ? kcov_ioctl+0x17a/0x750 [ 96.628897][ T5901] __x64_sys_sendmmsg+0x9c/0x100 [ 96.628915][ T5901] ? lockdep_hardirqs_on+0x78/0x100 [ 96.628938][ T5901] do_syscall_64+0x115/0x840 [ 96.628951][ T5901] ? clear_bhb_loop+0x40/0x90 [ 96.628969][ T5901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.628984][ T5901] RIP: 0033:0x7f718c19de59 [ 96.629010][ T5901] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 96.629026][ T5901] RSP: 002b:00007f718cfb6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 96.629041][ T5901] RAX: ffffffffffffffda RBX: 00007f718c426090 RCX: 00007f718c19de59 [ 96.629051][ T5901] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 96.629060][ T5901] RBP: 00007f718c233e6f R08: 0000000000000000 R09: 0000000000000000 [ 96.629069][ T5901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 96.629078][ T5901] R13: 00007f718c426128 R14: 00007f718c426090 R15: 00007ffd3b2224c8 [ 96.629099][ T5901] syzkaller syzkaller login: [ 99.135873][ T5942] syz.0.26 uses obsolete (PF_INET,SOCK_PACKET) [ 103.089576][ T5999] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 103.123674][ T5999] File: /dev/nullb0 PID: 5999 Comm: syz.1.38 [ 104.418732][ T6015] mmap: syz.0.41 (6015) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 105.249195][ T6027] blktrace: Concurrent blktraces are not allowed on nbd5 [ 110.124084][ T6121] blktrace: Concurrent blktraces are not allowed on nbd5 [ 114.964861][ T6215] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 115.173493][ T6207] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 119.352112][ T6284] FAULT_INJECTION: forcing a failure. [ 119.352112][ T6284] name failslab, interval 1, probability 0, space 0, times 0 [ 119.390627][ T6284] CPU: 1 UID: 0 PID: 6284 Comm: syz.2.82 Not tainted syzkaller #0 PREEMPT(full) [ 119.390665][ T6284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 119.390686][ T6284] Call Trace: [ 119.390694][ T6284] [ 119.390705][ T6284] dump_stack_lvl+0x100/0x190 [ 119.390745][ T6284] should_fail_ex.cold+0x5/0xa [ 119.390794][ T6284] should_failslab+0xc2/0x120 [ 119.390836][ T6284] kmem_cache_alloc_noprof+0x91/0x6a0 [ 119.390871][ T6284] ? fcntl_setlk+0xaa/0xe20 [ 119.390909][ T6284] fcntl_setlk+0xaa/0xe20 [ 119.390943][ T6284] ? __pfx_fcntl_setlk+0x10/0x10 [ 119.390977][ T6284] ? find_held_lock+0x2b/0x80 [ 119.391018][ T6284] ? __might_fault+0xc5/0x140 [ 119.391048][ T6284] ? __might_fault+0xc5/0x140 [ 119.391088][ T6284] do_fcntl+0xf39/0x1670 [ 119.391128][ T6284] ? __pfx_do_fcntl+0x10/0x10 [ 119.391160][ T6284] ? __fget_files+0x215/0x3d0 [ 119.391198][ T6284] ? tomoyo_file_fcntl+0x6c/0xc0 [ 119.391231][ T6284] __x64_sys_fcntl+0x163/0x200 [ 119.391271][ T6284] do_syscall_64+0x115/0x840 [ 119.391297][ T6284] ? clear_bhb_loop+0x40/0x90 [ 119.391329][ T6284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.391359][ T6284] RIP: 0033:0x7f536f99de59 [ 119.391390][ T6284] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 119.391418][ T6284] RSP: 002b:00007f53707ab028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 119.391444][ T6284] RAX: ffffffffffffffda RBX: 00007f536fc25fa0 RCX: 00007f536f99de59 [ 119.391462][ T6284] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 119.391478][ T6284] RBP: 00007f536fa33e6f R08: 0000000000000000 R09: 0000000000000000 [ 119.391493][ T6284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.391509][ T6284] R13: 00007f536fc26038 R14: 00007f536fc25fa0 R15: 00007ffdd4bec068 [ 119.391546][ T6284] [ 119.880204][ T6275] netlink: 342 bytes leftover after parsing attributes in process `syz.0.79'. [ 119.899616][ T30] audit: type=1804 audit(8277292056.580:2): pid=6297 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.81" name="/newroot/22/file0" dev="tmpfs" ino=137 res=1 errno=0 [ 119.944912][ T30] audit: type=1804 audit(8277292056.610:3): pid=6286 uid=2 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.81" name="/newroot/22/file0" dev="tmpfs" ino=137 res=1 errno=0 [ 123.396456][ T6346] vivid-007: ================= START STATUS ================= [ 123.420171][ T6346] vivid-007: Generate PTS: true [ 123.437598][ T6346] vivid-007: Generate SCR: true [ 123.455094][ T6346] tpg source WxH: 320x240 (Y'CbCr) [ 123.479382][ T6346] tpg field: 1 [ 123.497039][ T6346] tpg crop: (0,0)/320x240 [ 123.509658][ T6346] tpg compose: (0,0)/320x240 [ 123.525301][ T6346] tpg colorspace: 8 [ 123.538976][ T6346] tpg transfer function: 0/0 [ 123.567008][ T6346] tpg Y'CbCr encoding: 0/0 [ 123.596540][ T6346] tpg quantization: 0/0 [ 123.610753][ T6346] tpg RGB range: 0/2 [ 123.623421][ T6346] vivid-007: ================== END STATUS ================== [ 126.862014][ T6401] blktrace: Concurrent blktraces are not allowed on nbd5 [ 128.342275][ T6416] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 128.467213][ T6427] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 128.508607][ T6427] File: /dev/nullb0 PID: 6427 Comm: syz.3.103 [ 129.916301][ T5843] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 131.993839][ T5843] Bluetooth: hci1: command 0x2016 tx timeout [ 132.461561][ T6490] random: crng reseeded on system resumption [ 133.036561][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.044322][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.280385][ T6488] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 134.072577][ T6448] Bluetooth: hci1: command 0x2016 tx timeout [ 134.678068][ T6518] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 134.692167][ T6518] File: /dev/nullb0 PID: 6518 Comm: syz.2.120 [ 136.531007][ T6545] netlink: del zone limit has 4 unknown bytes [ 137.213761][ T6557] FAULT_INJECTION: forcing a failure. [ 137.213761][ T6557] name failslab, interval 1, probability 0, space 0, times 0 [ 137.252104][ T6557] CPU: 1 UID: 0 PID: 6557 Comm: syz.3.128 Not tainted syzkaller #0 PREEMPT(full) [ 137.252144][ T6557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 137.252161][ T6557] Call Trace: [ 137.252172][ T6557] [ 137.252183][ T6557] dump_stack_lvl+0x100/0x190 [ 137.252211][ T6557] should_fail_ex.cold+0x5/0xa [ 137.252232][ T6557] should_failslab+0xc2/0x120 [ 137.252253][ T6557] __kmalloc_noprof+0xfc/0x820 [ 137.252273][ T6557] ? __memcg_list_lru_alloc+0x418/0x680 [ 137.252298][ T6557] __memcg_list_lru_alloc+0x418/0x680 [ 137.252314][ T6557] ? xa_load+0x149/0x2c0 [ 137.252335][ T6557] ? __pfx___memcg_list_lru_alloc+0x10/0x10 [ 137.252355][ T6557] ? rcu_read_unlock+0x17/0x60 [ 137.252381][ T6557] memcg_list_lru_alloc+0xd3/0x100 [ 137.252410][ T6557] __memcg_slab_post_alloc_hook+0x28b/0x1160 [ 137.252464][ T6557] ? kasan_save_track+0x14/0x30 [ 137.252490][ T6557] kmem_cache_alloc_lru_noprof+0x583/0x6a0 [ 137.252516][ T6557] ? __pfx_inode_set_ctime_current+0x10/0x10 [ 137.252534][ T6557] ? __d_alloc+0x35/0xa50 [ 137.252553][ T6557] ? __pfx_devpts_fill_super+0x10/0x10 [ 137.252574][ T6557] __d_alloc+0x35/0xa50 [ 137.252592][ T6557] ? __pfx_devpts_fill_super+0x10/0x10 [ 137.252612][ T6557] d_make_root+0x3e/0x90 [ 137.252629][ T6557] devpts_fill_super+0x272/0x620 [ 137.252649][ T6557] ? __pfx_devpts_fill_super+0x10/0x10 [ 137.252669][ T6557] get_tree_nodev+0xdd/0x190 [ 137.252696][ T6557] vfs_get_tree+0x92/0x320 [ 137.252734][ T6557] vfs_cmd_create+0xd7/0x2a0 [ 137.252771][ T6557] __do_sys_fsconfig+0x55a/0xcb0 [ 137.252815][ T6557] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 137.252870][ T6557] do_syscall_64+0x115/0x840 [ 137.252897][ T6557] ? clear_bhb_loop+0x40/0x90 [ 137.252920][ T6557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.252936][ T6557] RIP: 0033:0x7f1f5939de59 [ 137.252950][ T6557] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 137.252963][ T6557] RSP: 002b:00007f1f5a2ab028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 137.252978][ T6557] RAX: ffffffffffffffda RBX: 00007f1f59625fa0 RCX: 00007f1f5939de59 [ 137.252988][ T6557] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000009 [ 137.253000][ T6557] RBP: 00007f1f59433e6f R08: 0000000000000000 R09: 0000000000000000 [ 137.253008][ T6557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.253017][ T6557] R13: 00007f1f59626038 R14: 00007f1f59625fa0 R15: 00007fffe93b3428 [ 137.253037][ T6557] [ 137.661574][ T6557] devpts: get root dentry failed [ 138.266252][ T6571] FAULT_INJECTION: forcing a failure. [ 138.266252][ T6571] name failslab, interval 1, probability 0, space 0, times 0 [ 138.311142][ T6571] CPU: 1 UID: 0 PID: 6571 Comm: syz.1.131 Not tainted syzkaller #0 PREEMPT(full) [ 138.311186][ T6571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 138.311204][ T6571] Call Trace: [ 138.311214][ T6571] [ 138.311225][ T6571] dump_stack_lvl+0x100/0x190 [ 138.311268][ T6571] should_fail_ex.cold+0x5/0xa [ 138.311309][ T6571] should_failslab+0xc2/0x120 [ 138.311351][ T6571] __kmalloc_noprof+0xfc/0x820 [ 138.311389][ T6571] ? __memcg_list_lru_alloc+0x418/0x680 [ 138.311427][ T6571] __memcg_list_lru_alloc+0x418/0x680 [ 138.311458][ T6571] ? xa_load+0x149/0x2c0 [ 138.311498][ T6571] ? __pfx___memcg_list_lru_alloc+0x10/0x10 [ 138.311538][ T6571] ? rcu_read_unlock+0x17/0x60 [ 138.311592][ T6571] memcg_list_lru_alloc+0xd3/0x100 [ 138.311629][ T6571] __memcg_slab_post_alloc_hook+0x28b/0x1160 [ 138.311688][ T6571] ? kasan_save_track+0x14/0x30 [ 138.311723][ T6571] kmem_cache_alloc_lru_noprof+0x583/0x6a0 [ 138.311758][ T6571] ? __mutex_lock+0x26d/0x1bd0 [ 138.311785][ T6571] ? alloc_inode+0x183/0x250 [ 138.311827][ T6571] ? __pfx_devpts_fill_super+0x10/0x10 [ 138.311864][ T6571] alloc_inode+0x183/0x250 [ 138.311906][ T6571] new_inode+0x22/0x1c0 [ 138.311941][ T6571] ? rcu_is_watching+0x12/0xc0 [ 138.311977][ T6571] ? __pfx_devpts_fill_super+0x10/0x10 [ 138.312015][ T6571] devpts_fill_super+0x19f/0x620 [ 138.312056][ T6571] ? __pfx_devpts_fill_super+0x10/0x10 [ 138.312092][ T6571] get_tree_nodev+0xdd/0x190 [ 138.312141][ T6571] vfs_get_tree+0x92/0x320 [ 138.312182][ T6571] vfs_cmd_create+0xd7/0x2a0 [ 138.312223][ T6571] __do_sys_fsconfig+0x55a/0xcb0 [ 138.312265][ T6571] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 138.312326][ T6571] do_syscall_64+0x115/0x840 [ 138.312352][ T6571] ? clear_bhb_loop+0x40/0x90 [ 138.312387][ T6571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.312415][ T6571] RIP: 0033:0x7f718c19de59 [ 138.312438][ T6571] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 138.312463][ T6571] RSP: 002b:00007f718cfd7028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 138.312488][ T6571] RAX: ffffffffffffffda RBX: 00007f718c425fa0 RCX: 00007f718c19de59 [ 138.312507][ T6571] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000009 [ 138.312529][ T6571] RBP: 00007f718c233e6f R08: 0000000000000000 R09: 0000000000000000 [ 138.312546][ T6571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.312562][ T6571] R13: 00007f718c426038 R14: 00007f718c425fa0 R15: 00007ffd3b2224c8 [ 138.312599][ T6571] [ 139.095723][ T6591] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 139.750788][ T6603] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 141.121310][ T6608] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 141.175935][ T6608] File: /dev/nullb0 PID: 6608 Comm: syz.3.135 [ 141.398637][ T6622] FAULT_INJECTION: forcing a failure. [ 141.398637][ T6622] name failslab, interval 1, probability 0, space 0, times 0 [ 141.451214][ T6622] CPU: 0 UID: 0 PID: 6622 Comm: syz.1.138 Not tainted syzkaller #0 PREEMPT(full) [ 141.451252][ T6622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 141.451269][ T6622] Call Trace: [ 141.451278][ T6622] [ 141.451289][ T6622] dump_stack_lvl+0x100/0x190 [ 141.451331][ T6622] should_fail_ex.cold+0x5/0xa [ 141.451369][ T6622] should_failslab+0xc2/0x120 [ 141.451408][ T6622] __kmalloc_noprof+0xfc/0x820 [ 141.451455][ T6622] ? rcu_is_watching+0x12/0xc0 [ 141.451489][ T6622] ? tomoyo_realpath_from_path+0xb6/0x690 [ 141.451538][ T6622] tomoyo_realpath_from_path+0xb6/0x690 [ 141.451587][ T6622] tomoyo_path_number_perm+0x23c/0x580 [ 141.451620][ T6622] ? tomoyo_path_number_perm+0x22e/0x580 [ 141.451657][ T6622] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 141.451692][ T6622] ? __pfx_futex_wait+0x10/0x10 [ 141.451760][ T6622] ? find_held_lock+0x2b/0x80 [ 141.451793][ T6622] ? __fget_files+0x215/0x3d0 [ 141.451817][ T6622] ? hook_file_ioctl_common+0x140/0x440 [ 141.451850][ T6622] ? __fget_files+0x215/0x3d0 [ 141.451883][ T6622] ? __fget_files+0x21f/0x3d0 [ 141.451915][ T6622] security_file_ioctl+0xd3/0x230 [ 141.451947][ T6622] __x64_sys_ioctl+0xb7/0x210 [ 141.451991][ T6622] do_syscall_64+0x115/0x840 [ 141.452016][ T6622] ? clear_bhb_loop+0x40/0x90 [ 141.452053][ T6622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.452082][ T6622] RIP: 0033:0x7f718c19de59 [ 141.452106][ T6622] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 141.452132][ T6622] RSP: 002b:00007f718cfd7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 141.452159][ T6622] RAX: ffffffffffffffda RBX: 00007f718c425fa0 RCX: 00007f718c19de59 [ 141.452178][ T6622] RDX: 0000000000000000 RSI: 0000000040081271 RDI: 0000000000000005 [ 141.452194][ T6622] RBP: 00007f718c233e6f R08: 0000000000000000 R09: 0000000000000000 [ 141.452210][ T6622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 141.452226][ T6622] R13: 00007f718c426038 R14: 00007f718c425fa0 R15: 00007ffd3b2224c8 [ 141.452268][ T6622] [ 141.452294][ T6622] ERROR: Out of memory at tomoyo_realpath_from_path. [ 141.672651][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 141.824590][ T6616] vivid-007: ================= START STATUS ================= [ 141.897595][ T6616] vivid-007: Generate PTS: true [ 141.935544][ T6616] vivid-007: Generate SCR: true [ 141.957561][ T6616] tpg source WxH: 320x240 (Y'CbCr) [ 141.983413][ T6616] tpg field: 1 [ 142.045261][ T6616] tpg crop: (0,0)/320x240 [ 142.089964][ T6616] tpg compose: (0,0)/320x240 [ 142.120433][ T6616] tpg colorspace: 8 [ 142.159968][ T6616] tpg transfer function: 0/0 [ 142.169322][ T6616] tpg Y'CbCr encoding: 0/0 [ 142.182263][ T6616] tpg quantization: 0/0 [ 142.202569][ T6616] tpg RGB range: 0/2 [ 142.241399][ T6616] vivid-007: ================== END STATUS ================== [ 143.214241][ T6646] input: f¬ as /devices/virtual/input/input5 [ 143.782558][ T6663] FAULT_INJECTION: forcing a failure. [ 143.782558][ T6663] name failslab, interval 1, probability 0, space 0, times 0 [ 143.817436][ T6663] CPU: 0 UID: 0 PID: 6663 Comm: syz.1.147 Not tainted syzkaller #0 PREEMPT(full) [ 143.817475][ T6663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 143.817492][ T6663] Call Trace: [ 143.817500][ T6663] [ 143.817512][ T6663] dump_stack_lvl+0x100/0x190 [ 143.817555][ T6663] should_fail_ex.cold+0x5/0xa [ 143.817596][ T6663] should_failslab+0xc2/0x120 [ 143.817639][ T6663] __kmalloc_node_track_caller_noprof+0xf9/0x830 [ 143.817678][ T6663] ? __pfx___kasan_kmalloc+0x10/0x10 [ 143.817713][ T6663] ? vidtv_psi_short_event_desc_init+0x429/0x5f0 [ 143.817751][ T6663] kstrdup+0x51/0xe0 [ 143.817787][ T6663] vidtv_psi_short_event_desc_init+0x429/0x5f0 [ 143.817826][ T6663] vidtv_channel_s302m_init+0x4fd/0x9b0 [ 143.817878][ T6663] ? __pfx_vidtv_channel_s302m_init+0x10/0x10 [ 143.817921][ T6663] ? __pfx___kasan_kmalloc+0x10/0x10 [ 143.817966][ T6663] ? __asan_memcpy+0x3c/0x60 [ 143.818000][ T6663] vidtv_channels_init+0x4c/0xb0 [ 143.818035][ T6663] vidtv_mux_init+0x9d9/0xbf0 [ 143.818079][ T6663] vidtv_start_feed+0x34e/0x500 [ 143.818126][ T6663] ? __pfx_vidtv_start_feed+0x10/0x10 [ 143.818172][ T6663] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 143.818239][ T6663] dmx_section_feed_start_filtering+0x3a8/0x660 [ 143.818283][ T6663] dvb_dmxdev_filter_start+0x767/0xdd0 [ 143.818343][ T6663] dvb_demux_do_ioctl+0xe64/0x1200 [ 143.818400][ T6663] dvb_usercopy+0x167/0x340 [ 143.818439][ T6663] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 143.818483][ T6663] ? __pfx_dvb_usercopy+0x10/0x10 [ 143.818535][ T6663] ? __fget_files+0x21f/0x3d0 [ 143.818570][ T6663] dvb_demux_ioctl+0x29/0x40 [ 143.818609][ T6663] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 143.818650][ T6663] __x64_sys_ioctl+0x18e/0x210 [ 143.818695][ T6663] do_syscall_64+0x115/0x840 [ 143.818721][ T6663] ? clear_bhb_loop+0x40/0x90 [ 143.818758][ T6663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.818788][ T6663] RIP: 0033:0x7f718c19de59 [ 143.818813][ T6663] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 143.818922][ T6663] RSP: 002b:00007f718cfb6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 143.818955][ T6663] RAX: ffffffffffffffda RBX: 00007f718c426090 RCX: 00007f718c19de59 [ 143.818973][ T6663] RDX: 0000000000000000 RSI: 00000000403c6f2b RDI: 0000000000000003 [ 143.818990][ T6663] RBP: 00007f718c233e6f R08: 0000000000000000 R09: 0000000000000000 [ 143.819006][ T6663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 143.819022][ T6663] R13: 00007f718c426128 R14: 00007f718c426090 R15: 00007ffd3b2224c8 [ 143.819059][ T6663] [ 145.962034][ T6686] blktrace: Concurrent blktraces are not allowed on nbd5 [ 145.996523][ T6685] blktrace: Concurrent blktraces are not allowed on nbd5 [ 146.215894][ T6682] vivid-007: ================= START STATUS ================= [ 146.252241][ T6682] vivid-007: Generate PTS: true [ 146.265864][ T6682] vivid-007: Generate SCR: true [ 146.285554][ T6682] tpg source WxH: 320x240 (Y'CbCr) [ 146.295669][ T6682] tpg field: 1 [ 146.317210][ T6682] tpg crop: (0,0)/320x240 [ 146.326160][ T6682] tpg compose: (0,0)/320x240 [ 146.339603][ T6682] tpg colorspace: 8 [ 146.355487][ T6682] tpg transfer function: 0/0 [ 146.364475][ T6682] tpg Y'CbCr encoding: 0/0 [ 146.389996][ T6682] tpg quantization: 0/0 [ 146.410544][ T6682] tpg RGB range: 0/2 [ 146.418000][ T6682] vivid-007: ================== END STATUS ================== [ 147.022044][ T6703] netlink: 338 bytes leftover after parsing attributes in process `syz.1.152'. [ 147.088882][ T6704] netlink: 338 bytes leftover after parsing attributes in process `syz.1.152'. [ 147.526071][ T5843] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 148.019284][ T6725] openvswitch: netlink: Message has 4 unknown bytes. [ 151.602664][ T6768] blktrace: Concurrent blktraces are not allowed on nbd5 [ 153.667363][ T6797] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 155.711245][ T6834] FAULT_INJECTION: forcing a failure. [ 155.711245][ T6834] name failslab, interval 1, probability 0, space 0, times 0 [ 155.729968][ T6834] CPU: 0 UID: 0 PID: 6834 Comm: syz.0.176 Not tainted syzkaller #0 PREEMPT(full) [ 155.730007][ T6834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 155.730026][ T6834] Call Trace: [ 155.730035][ T6834] [ 155.730046][ T6834] dump_stack_lvl+0x100/0x190 [ 155.730091][ T6834] should_fail_ex.cold+0x5/0xa [ 155.730138][ T6834] should_failslab+0xc2/0x120 [ 155.730182][ T6834] __kmalloc_noprof+0xfc/0x820 [ 155.730214][ T6834] ? rcu_is_watching+0x12/0xc0 [ 155.730247][ T6834] ? tomoyo_realpath_from_path+0xb6/0x690 [ 155.730302][ T6834] tomoyo_realpath_from_path+0xb6/0x690 [ 155.730351][ T6834] tomoyo_path_number_perm+0x23c/0x580 [ 155.730385][ T6834] ? tomoyo_path_number_perm+0x22e/0x580 [ 155.730421][ T6834] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 155.730487][ T6834] ? find_held_lock+0x2b/0x80 [ 155.730522][ T6834] ? __fget_files+0x215/0x3d0 [ 155.730548][ T6834] ? hook_file_ioctl_common+0x140/0x440 [ 155.730580][ T6834] ? __fget_files+0x215/0x3d0 [ 155.730610][ T6834] ? __fget_files+0x21f/0x3d0 [ 155.730641][ T6834] security_file_ioctl+0xd3/0x230 [ 155.730675][ T6834] __x64_sys_ioctl+0xb7/0x210 [ 155.730717][ T6834] do_syscall_64+0x115/0x840 [ 155.730742][ T6834] ? clear_bhb_loop+0x40/0x90 [ 155.730780][ T6834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.730810][ T6834] RIP: 0033:0x7fb7d3b9de59 [ 155.730836][ T6834] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 155.730867][ T6834] RSP: 002b:00007fb7d49bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 155.730895][ T6834] RAX: ffffffffffffffda RBX: 00007fb7d3e25fa0 RCX: 00007fb7d3b9de59 [ 155.730915][ T6834] RDX: 0000000000000000 RSI: 0000000040081271 RDI: 0000000000000005 [ 155.730933][ T6834] RBP: 00007fb7d3c33e6f R08: 0000000000000000 R09: 0000000000000000 [ 155.730951][ T6834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 155.730966][ T6834] R13: 00007fb7d3e26038 R14: 00007fb7d3e25fa0 R15: 00007ffdba189638 [ 155.731004][ T6834] [ 155.937575][ T6834] ERROR: Out of memory at tomoyo_realpath_from_path. [ 156.817781][ T6839] blktrace: Concurrent blktraces are not allowed on nbd5 [ 161.730126][ T6922] ubi0: attaching mtd0 [ 161.789968][ T6922] ubi0: scanning is finished [ 161.798931][ T6922] ubi0: empty MTD device detected [ 162.423408][ T6922] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 162.463697][ T6922] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 162.481870][ T6922] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 162.522005][ T6922] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 162.585257][ T6922] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 162.643006][ T6922] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 162.709195][ T6922] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1481724840 [ 162.785439][ T6922] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 162.801296][ T6932] ubi0: background thread "ubi_bgt0d" started, PID 6932 [ 162.830749][ T6914] ubi0: detaching mtd0 [ 162.996158][ T6914] ubi0: mtd0 is detached [ 163.993856][ T6935] FAULT_INJECTION: forcing a failure. [ 163.993856][ T6935] name failslab, interval 1, probability 0, space 0, times 0 [ 164.020424][ T6935] CPU: 1 UID: 0 PID: 6935 Comm: syz.1.192 Not tainted syzkaller #0 PREEMPT(full) [ 164.020463][ T6935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 164.020481][ T6935] Call Trace: [ 164.020490][ T6935] [ 164.020501][ T6935] dump_stack_lvl+0x100/0x190 [ 164.020545][ T6935] should_fail_ex.cold+0x5/0xa [ 164.020585][ T6935] should_failslab+0xc2/0x120 [ 164.020627][ T6935] __kmalloc_noprof+0xfc/0x820 [ 164.020664][ T6935] ? __memcg_list_lru_alloc+0x418/0x680 [ 164.020702][ T6935] __memcg_list_lru_alloc+0x418/0x680 [ 164.020733][ T6935] ? xa_load+0x149/0x2c0 [ 164.020772][ T6935] ? __pfx___memcg_list_lru_alloc+0x10/0x10 [ 164.020827][ T6935] ? rcu_read_unlock+0x17/0x60 [ 164.020884][ T6935] memcg_list_lru_alloc+0xd3/0x100 [ 164.020920][ T6935] __memcg_slab_post_alloc_hook+0x28b/0x1160 [ 164.020978][ T6935] ? kasan_save_track+0x14/0x30 [ 164.021021][ T6935] kmem_cache_alloc_lru_noprof+0x583/0x6a0 [ 164.021060][ T6935] ? __d_alloc+0x35/0xa50 [ 164.021098][ T6935] __d_alloc+0x35/0xa50 [ 164.021139][ T6935] d_alloc+0x4a/0x1e0 [ 164.021173][ T6935] d_alloc_name+0x83/0xb0 [ 164.021204][ T6935] ? __pfx_d_alloc_name+0x10/0x10 [ 164.021235][ T6935] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 164.021285][ T6935] devpts_pty_new+0x2da/0x770 [ 164.021326][ T6935] ? __pfx_devpts_pty_new+0x10/0x10 [ 164.021371][ T6935] ? ptmx_open+0x1ad/0x360 [ 164.021412][ T6935] ptmx_open+0x1d9/0x360 [ 164.021441][ T6935] ? __pfx_ptmx_open+0x10/0x10 [ 164.021471][ T6935] chrdev_open+0x234/0x6a0 [ 164.021504][ T6935] ? __pfx_chrdev_open+0x10/0x10 [ 164.021536][ T6935] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 164.021575][ T6935] do_dentry_open+0x6ab/0x14d0 [ 164.021603][ T6935] ? __pfx_chrdev_open+0x10/0x10 [ 164.021640][ T6935] vfs_open+0x82/0x3f0 [ 164.021681][ T6935] path_openat+0x2873/0x4280 [ 164.021726][ T6935] ? __pfx_path_openat+0x10/0x10 [ 164.021767][ T6935] do_file_open+0x20e/0x430 [ 164.021799][ T6935] ? __pfx_do_file_open+0x10/0x10 [ 164.021850][ T6935] ? alloc_fd+0x471/0x7a0 [ 164.021879][ T6935] ? do_getname+0x191/0x390 [ 164.021919][ T6935] do_sys_openat2+0x10f/0x1e0 [ 164.021958][ T6935] ? __pfx_do_sys_openat2+0x10/0x10 [ 164.021998][ T6935] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 164.022057][ T6935] __x64_sys_openat+0x12d/0x210 [ 164.022098][ T6935] ? __pfx___x64_sys_openat+0x10/0x10 [ 164.022153][ T6935] do_syscall_64+0x115/0x840 [ 164.022179][ T6935] ? clear_bhb_loop+0x40/0x90 [ 164.022216][ T6935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.022246][ T6935] RIP: 0033:0x7f718c19de59 [ 164.022272][ T6935] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 164.022299][ T6935] RSP: 002b:00007f718cfd7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 164.022327][ T6935] RAX: ffffffffffffffda RBX: 00007f718c425fa0 RCX: 00007f718c19de59 [ 164.022355][ T6935] RDX: 00000000000c2b80 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 164.022375][ T6935] RBP: 00007f718c233e6f R08: 0000000000000000 R09: 0000000000000000 [ 164.022392][ T6935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.022406][ T6935] R13: 00007f718c426038 R14: 00007f718c425fa0 R15: 00007ffd3b2224c8 [ 164.022439][ T6935] [ 165.298225][ T6935] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 165.306024][ T6935] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 165.401309][ T6935] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 165.467584][ T6935] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 165.486575][ T6935] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 165.542489][ T6935] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 165.620005][ T6935] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 165.635768][ T6935] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 165.729946][ T6935] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 165.794883][ T6935] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 165.816308][ T6935] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 165.836391][ T6935] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 165.909017][ T6935] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 167.194295][ T6448] Bluetooth: hci2: command 0x0c1a tx timeout [ 167.512717][ T6448] Bluetooth: hci0: command 0x0c1a tx timeout [ 167.672505][ T6448] Bluetooth: hci1: command 0x2016 tx timeout [ 167.832857][ T6448] Bluetooth: hci3: command 0x0c1a tx timeout [ 168.729760][ T7003] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 169.272493][ T6448] Bluetooth: hci2: command 0x0c1a tx timeout [ 169.593229][ T6448] Bluetooth: hci0: command 0x0c1a tx timeout [ 169.753497][ T6448] Bluetooth: hci1: command 0x2016 tx timeout [ 169.912690][ T6448] Bluetooth: hci3: command 0x0c1a tx timeout [ 171.352522][ T6448] Bluetooth: hci2: command 0x0c1a tx timeout [ 171.674296][ T6448] Bluetooth: hci0: command 0x0c1a tx timeout [ 171.832610][ T6448] Bluetooth: hci1: command 0x2016 tx timeout [ 171.992566][ T6448] Bluetooth: hci3: command 0x0c1a tx timeout [ 173.912766][ T6448] Bluetooth: hci1: command 0x2016 tx timeout [ 174.682149][ T7088] vivid-007: ================= START STATUS ================= [ 174.682186][ T7088] vivid-007: Generate PTS: true [ 174.682236][ T7088] vivid-007: Generate SCR: true [ 174.682265][ T7088] tpg source WxH: 320x240 (Y'CbCr) [ 174.682281][ T7088] tpg field: 1 [ 174.682291][ T7088] tpg crop: (0,0)/320x240 [ 174.682309][ T7088] tpg compose: (0,0)/320x240 [ 174.682327][ T7088] tpg colorspace: 8 [ 174.682337][ T7088] tpg transfer function: 0/0 [ 174.682351][ T7088] tpg Y'CbCr encoding: 0/0 [ 174.682364][ T7088] tpg quantization: 0/0 [ 174.682377][ T7088] tpg RGB range: 0/2 [ 174.682611][ T7088] vivid-007: ================== END STATUS ================== [ 174.748003][ T7083] netlink: 186 bytes leftover after parsing attributes in process `syz.1.220'. [ 177.164558][ T7116] netlink: 4 bytes leftover after parsing attributes in process `syz.2.227'. [ 178.343037][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 179.287391][ T7159] ======================================================= [ 179.287391][ T7159] WARNING: The mand mount option has been deprecated and [ 179.287391][ T7159] and is ignored by this kernel. Remove the mand [ 179.287391][ T7159] option from the mount to silence this warning. [ 179.287391][ T7159] ======================================================= [ 180.462727][ T7161] bond0: option slaves: interface -Âô]àæ©=,Dço does not exist! [ 183.807619][ T7227] netlink: 8 bytes leftover after parsing attributes in process `syz.0.246'. [ 184.310303][ T7235] binder: 7216:7235 ioctl c00c620f 200000000c40 returned -22 [ 185.844524][ T7263] FAULT_INJECTION: forcing a failure. [ 185.844524][ T7263] name failslab, interval 1, probability 0, space 0, times 0 [ 185.914192][ T7263] CPU: 1 UID: 0 PID: 7263 Comm: syz.0.251 Not tainted syzkaller #0 PREEMPT(full) [ 185.914216][ T7263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 185.914226][ T7263] Call Trace: [ 185.914231][ T7263] [ 185.914240][ T7263] dump_stack_lvl+0x100/0x190 [ 185.914275][ T7263] should_fail_ex.cold+0x5/0xa [ 185.914296][ T7263] should_failslab+0xc2/0x120 [ 185.914318][ T7263] __kmalloc_noprof+0xfc/0x820 [ 185.914337][ T7263] ? snd_midi_event_new+0xa1/0x210 [ 185.914360][ T7263] snd_midi_event_new+0xa1/0x210 [ 185.914379][ T7263] snd_virmidi_output_open+0x106/0x670 [ 185.914409][ T7263] open_substream+0x480/0x970 [ 185.914434][ T7263] rawmidi_open_priv+0x595/0x6f0 [ 185.914453][ T7263] snd_rawmidi_open+0x4c9/0xba0 [ 185.914472][ T7263] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 185.914489][ T7263] ? __pfx_default_wake_function+0x10/0x10 [ 185.914508][ T7263] ? kobject_get_unless_zero+0x156/0x200 [ 185.914529][ T7263] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 185.914547][ T7263] snd_open+0x201/0x450 [ 185.914568][ T7263] ? __pfx_snd_open+0x10/0x10 [ 185.914589][ T7263] chrdev_open+0x234/0x6a0 [ 185.914605][ T7263] ? __pfx_apparmor_file_open+0x10/0x10 [ 185.914621][ T7263] ? __pfx_chrdev_open+0x10/0x10 [ 185.914637][ T7263] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 185.914658][ T7263] do_dentry_open+0x6ab/0x14d0 [ 185.914673][ T7263] ? __pfx_chrdev_open+0x10/0x10 [ 185.914693][ T7263] vfs_open+0x82/0x3f0 [ 185.914714][ T7263] path_openat+0x2873/0x4280 [ 185.914748][ T7263] ? __pfx_path_openat+0x10/0x10 [ 185.914769][ T7263] do_file_open+0x20e/0x430 [ 185.914787][ T7263] ? __pfx_do_file_open+0x10/0x10 [ 185.914816][ T7263] ? alloc_fd+0x471/0x7a0 [ 185.914834][ T7263] ? do_getname+0x191/0x390 [ 185.914855][ T7263] do_sys_openat2+0x10f/0x1e0 [ 185.914876][ T7263] ? __pfx_do_sys_openat2+0x10/0x10 [ 185.914897][ T7263] ? __fget_files+0x21f/0x3d0 [ 185.914915][ T7263] __x64_sys_openat+0x12d/0x210 [ 185.914934][ T7263] ? __pfx___x64_sys_openat+0x10/0x10 [ 185.914962][ T7263] do_syscall_64+0x115/0x840 [ 185.914975][ T7263] ? clear_bhb_loop+0x40/0x90 [ 185.914992][ T7263] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.915007][ T7263] RIP: 0033:0x7fb7d3b9de59 [ 185.915026][ T7263] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 185.915040][ T7263] RSP: 002b:00007fb7d1df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 185.915055][ T7263] RAX: ffffffffffffffda RBX: 00007fb7d3e26180 RCX: 00007fb7d3b9de59 [ 185.915065][ T7263] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 185.915075][ T7263] RBP: 00007fb7d3c33e6f R08: 0000000000000000 R09: 0000000000000000 [ 185.915084][ T7263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 185.915093][ T7263] R13: 00007fb7d3e26218 R14: 00007fb7d3e26180 R15: 00007ffdba189638 [ 185.915113][ T7263] [ 191.110317][ T7329] netlink: 354 bytes leftover after parsing attributes in process `syz.2.264'. [ 193.461329][ T7364] vivid-007: ================= START STATUS ================= [ 193.472055][ T7364] vivid-007: Generate PTS: true [ 193.480337][ T7364] vivid-007: Generate SCR: true [ 193.488160][ T7364] tpg source WxH: 320x240 (Y'CbCr) [ 193.510535][ T7364] tpg field: 1 [ 193.536649][ T7364] tpg crop: (0,0)/320x240 [ 193.550108][ T7364] tpg compose: (0,0)/320x240 [ 193.567146][ T7364] tpg colorspace: 8 [ 193.576672][ T7364] tpg transfer function: 0/0 [ 193.585263][ T7364] tpg Y'CbCr encoding: 0/0 [ 193.595374][ T7364] tpg quantization: 0/0 [ 193.607833][ T7364] tpg RGB range: 0/2 [ 193.626444][ T7364] vivid-007: ================== END STATUS ================== [ 193.798222][ T7378] ubi31: attaching mtd0 [ 193.825366][ T7378] ubi31 error: validate_ec_hdr: bad VID header offset 64, expected 514 [ 193.825410][ T7378] ubi31 error: validate_ec_hdr: bad EC header [ 193.825438][ T7378] Erase counter header dump: [ 193.825446][ T7378] magic 0x55424923 [ 193.825458][ T7378] version 1 [ 193.825468][ T7378] ec 1 [ 193.825479][ T7378] vid_hdr_offset 64 [ 193.825514][ T7378] data_offset 128 [ 193.825525][ T7378] image_seq 1481724840 [ 193.825537][ T7378] hdr_crc 0xb03987ba [ 193.825548][ T7378] erase counter header hexdump: [ 193.825653][ T7378] CPU: 1 UID: 0 PID: 7378 Comm: syz.3.273 Not tainted syzkaller #0 PREEMPT(full) [ 193.825686][ T7378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 193.825704][ T7378] Call Trace: [ 193.825713][ T7378] [ 193.825724][ T7378] dump_stack_lvl+0x100/0x190 [ 193.825763][ T7378] validate_ec_hdr+0x2d0/0x330 [ 193.825797][ T7378] ubi_io_read_ec_hdr+0x656/0x6d0 [ 193.825834][ T7378] ubi_attach+0x601/0x4d30 [ 193.825885][ T7378] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 193.825932][ T7378] ? ubi_msg+0x114/0x159 [ 193.825963][ T7378] ? __pfx_ubi_msg+0x10/0x10 [ 193.825997][ T7378] ? __pfx_ubi_attach+0x10/0x10 [ 193.826034][ T7378] ? lockdep_init_map_type+0x5c/0x250 [ 193.826069][ T7378] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 193.826108][ T7378] ? __vmalloc_node_noprof+0xad/0xf0 [ 193.826152][ T7378] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 193.826196][ T7378] ubi_attach_mtd_dev+0x139f/0x32a0 [ 193.826254][ T7378] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 193.826295][ T7378] ? __pfx_get_mtd_device+0x10/0x10 [ 193.826339][ T7378] ctrl_cdev_ioctl+0x36a/0x400 [ 193.826380][ T7378] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 193.826431][ T7378] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 193.826474][ T7378] __x64_sys_ioctl+0x18e/0x210 [ 193.826520][ T7378] do_syscall_64+0x115/0x840 [ 193.826546][ T7378] ? clear_bhb_loop+0x40/0x90 [ 193.826582][ T7378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.826621][ T7378] RIP: 0033:0x7f1f5939de59 [ 193.826646][ T7378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 193.826673][ T7378] RSP: 002b:00007f1f5a269028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 193.826701][ T7378] RAX: ffffffffffffffda RBX: 00007f1f59626180 RCX: 00007f1f5939de59 [ 193.826721][ T7378] RDX: 0000200000000000 RSI: 0000000040186f40 RDI: 0000000000000008 [ 193.826739][ T7378] RBP: 00007f1f59433e6f R08: 0000000000000000 R09: 0000000000000000 [ 193.826756][ T7378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.826772][ T7378] R13: 00007f1f59626218 R14: 00007f1f59626180 R15: 00007fffe93b3428 [ 193.826810][ T7378] [ 193.830802][ T7378] ubi31 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 194.475898][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.475972][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.549084][ T7378] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 197.418136][ T7435] vivid-007: ================= START STATUS ================= [ 197.426137][ T7435] vivid-007: Generate PTS: true [ 197.431204][ T7435] vivid-007: Generate SCR: true [ 197.438775][ T7435] tpg source WxH: 320x240 (Y'CbCr) [ 197.452467][ T7435] tpg field: 1 [ 197.464100][ T7435] tpg crop: (0,0)/320x240 [ 197.480671][ T7435] tpg compose: (0,0)/320x240 [ 197.512532][ T7435] tpg colorspace: 8 [ 197.523066][ T7435] tpg transfer function: 0/0 [ 197.535273][ T7435] tpg Y'CbCr encoding: 0/0 [ 197.547905][ T7435] tpg quantization: 0/0 [ 197.558718][ T7435] tpg RGB range: 0/2 [ 197.576040][ T7435] vivid-007: ================== END STATUS ================== [ 198.191484][ T7453] FAULT_INJECTION: forcing a failure. [ 198.191484][ T7453] name failslab, interval 1, probability 0, space 0, times 0 [ 198.218017][ T7453] CPU: 1 UID: 0 PID: 7453 Comm: syz.2.288 Not tainted syzkaller #0 PREEMPT(full) [ 198.218060][ T7453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 198.218077][ T7453] Call Trace: [ 198.218087][ T7453] [ 198.218098][ T7453] dump_stack_lvl+0x100/0x190 [ 198.218141][ T7453] should_fail_ex.cold+0x5/0xa [ 198.218181][ T7453] should_failslab+0xc2/0x120 [ 198.218223][ T7453] __kmalloc_noprof+0xfc/0x820 [ 198.218259][ T7453] ? evm_inode_alloc_security+0x44/0xc0 [ 198.218299][ T7453] ? sk_prot_alloc+0x10b/0x2a0 [ 198.218348][ T7453] sk_prot_alloc+0x10b/0x2a0 [ 198.218393][ T7453] sk_alloc+0x36/0xe80 [ 198.218426][ T7453] __netlink_create+0x5e/0x2c0 [ 198.218466][ T7453] __netlink_kernel_create+0xed/0x750 [ 198.218512][ T7453] ? __pfx___netlink_kernel_create+0x10/0x10 [ 198.218569][ T7453] fib_net_init+0x2ab/0x440 [ 198.218611][ T7453] ? is_module_address+0x69/0xf0 [ 198.218641][ T7453] ? __pfx_fib_net_init+0x10/0x10 [ 198.218684][ T7453] ? timer_init_key+0x150/0x310 [ 198.218731][ T7453] ? __pfx_nl_fib_input+0x10/0x10 [ 198.218779][ T7453] ? devinet_init_net+0x56c/0x8d0 [ 198.218830][ T7453] ? __pfx_fib_net_init+0x10/0x10 [ 198.218870][ T7453] ops_init+0x1e2/0x5f0 [ 198.218911][ T7453] setup_net+0x118/0x3a0 [ 198.218947][ T7453] ? __pfx_setup_net+0x10/0x10 [ 198.218984][ T7453] ? mutex_init_lockdep+0xf1/0x120 [ 198.219021][ T7453] copy_net_ns+0x46f/0x7c0 [ 198.219064][ T7453] create_new_namespaces+0x3ea/0xac0 [ 198.219106][ T7453] unshare_nsproxy_namespaces+0xf2/0x220 [ 198.219143][ T7453] ksys_unshare+0x438/0xab0 [ 198.219184][ T7453] ? __pfx_ksys_unshare+0x10/0x10 [ 198.219237][ T7453] __x64_sys_unshare+0x31/0x40 [ 198.219274][ T7453] do_syscall_64+0x115/0x840 [ 198.219309][ T7453] ? clear_bhb_loop+0x40/0x90 [ 198.219347][ T7453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.219378][ T7453] RIP: 0033:0x7f536f99de59 [ 198.219403][ T7453] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 198.219430][ T7453] RSP: 002b:00007f53707ab028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 198.219458][ T7453] RAX: ffffffffffffffda RBX: 00007f536fc25fa0 RCX: 00007f536f99de59 [ 198.219477][ T7453] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 198.219496][ T7453] RBP: 00007f536fa33e6f R08: 0000000000000000 R09: 0000000000000000 [ 198.219513][ T7453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.219531][ T7453] R13: 00007f536fc26038 R14: 00007f536fc25fa0 R15: 00007ffdd4bec068 [ 198.219570][ T7453] [ 198.653421][ T7460] ubi31: attaching mtd0 [ 198.655007][ T7460] ubi31 error: validate_ec_hdr: bad VID header offset 64, expected 514 [ 198.655054][ T7460] ubi31 error: validate_ec_hdr: bad EC header [ 198.655082][ T7460] Erase counter header dump: [ 198.655091][ T7460] magic 0x55424923 [ 198.655104][ T7460] version 1 [ 198.655114][ T7460] ec 1 [ 198.655125][ T7460] vid_hdr_offset 64 [ 198.655136][ T7460] data_offset 128 [ 198.655145][ T7460] image_seq 1481724840 [ 198.655157][ T7460] hdr_crc 0xb03987ba [ 198.655168][ T7460] erase counter header hexdump: [ 198.655237][ T7460] CPU: 1 UID: 0 PID: 7460 Comm: syz.2.288 Not tainted syzkaller #0 PREEMPT(full) [ 198.655278][ T7460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 198.655294][ T7460] Call Trace: [ 198.655302][ T7460] [ 198.655312][ T7460] dump_stack_lvl+0x100/0x190 [ 198.655351][ T7460] validate_ec_hdr+0x2d0/0x330 [ 198.655387][ T7460] ubi_io_read_ec_hdr+0x656/0x6d0 [ 198.655423][ T7460] ubi_attach+0x601/0x4d30 [ 198.655474][ T7460] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 198.655521][ T7460] ? ubi_msg+0x114/0x159 [ 198.655552][ T7460] ? __pfx_ubi_msg+0x10/0x10 [ 198.655586][ T7460] ? __pfx_ubi_attach+0x10/0x10 [ 198.655628][ T7460] ? lockdep_init_map_type+0x5c/0x250 [ 198.655662][ T7460] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 198.655699][ T7460] ? __vmalloc_node_noprof+0xad/0xf0 [ 198.655731][ T7460] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 198.655770][ T7460] ubi_attach_mtd_dev+0x139f/0x32a0 [ 198.655824][ T7460] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 198.655860][ T7460] ? __pfx_get_mtd_device+0x10/0x10 [ 198.655900][ T7460] ctrl_cdev_ioctl+0x36a/0x400 [ 198.655939][ T7460] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 198.655987][ T7460] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 198.656028][ T7460] __x64_sys_ioctl+0x18e/0x210 [ 198.656071][ T7460] do_syscall_64+0x115/0x840 [ 198.656096][ T7460] ? clear_bhb_loop+0x40/0x90 [ 198.656130][ T7460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.656159][ T7460] RIP: 0033:0x7f536f99de59 [ 198.656182][ T7460] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 198.656208][ T7460] RSP: 002b:00007f536dbf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 198.656236][ T7460] RAX: ffffffffffffffda RBX: 00007f536fc26180 RCX: 00007f536f99de59 [ 198.656262][ T7460] RDX: 0000200000000000 RSI: 0000000040186f40 RDI: 0000000000000008 [ 198.656280][ T7460] RBP: 00007f536fa33e6f R08: 0000000000000000 R09: 0000000000000000 [ 198.656297][ T7460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.656313][ T7460] R13: 00007f536fc26218 R14: 00007f536fc26180 R15: 00007ffdd4bec068 [ 198.656350][ T7460] [ 198.656515][ T7460] ubi31 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 199.279988][ T7460] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 202.180329][ T7486] netlink: 186 bytes leftover after parsing attributes in process `syz.2.292'. [ 202.191232][ T7492] ptrace attach of ""[7494] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[7492] [ 203.414617][ T7509] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off [ 203.453886][ T7509] pci 0000:00:01.3: PCI INT A: no GSI [ 206.274304][ T7546] netlink: 8 bytes leftover after parsing attributes in process `syz.1.304'. [ 212.838649][ T7635] netlink: 8 bytes leftover after parsing attributes in process `syz.3.316'. [ 214.031624][ T7630] bond0: option slaves: interface -Âô]àæ©=,Dço does not exist! [ 218.253133][ T7705] netlink: 354 bytes leftover after parsing attributes in process `syz.0.329'. [ 218.899808][ T7719] FAULT_INJECTION: forcing a failure. [ 218.899808][ T7719] name failslab, interval 1, probability 0, space 0, times 0 [ 218.953237][ T7719] CPU: 0 UID: 0 PID: 7719 Comm: syz.1.332 Not tainted syzkaller #0 PREEMPT(full) [ 218.953280][ T7719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 218.953299][ T7719] Call Trace: [ 218.953308][ T7719] [ 218.953319][ T7719] dump_stack_lvl+0x100/0x190 [ 218.953360][ T7719] should_fail_ex.cold+0x5/0xa [ 218.953393][ T7719] should_failslab+0xc2/0x120 [ 218.953432][ T7719] __kmalloc_noprof+0xfc/0x820 [ 218.953466][ T7719] ? snd_midi_event_new+0xa1/0x210 [ 218.953508][ T7719] snd_midi_event_new+0xa1/0x210 [ 218.953543][ T7719] snd_virmidi_output_open+0x106/0x670 [ 218.953587][ T7719] open_substream+0x480/0x970 [ 218.953638][ T7719] rawmidi_open_priv+0x595/0x6f0 [ 218.953674][ T7719] snd_rawmidi_open+0x4c9/0xba0 [ 218.953712][ T7719] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 218.953755][ T7719] ? __pfx_default_wake_function+0x10/0x10 [ 218.953794][ T7719] ? kobject_get_unless_zero+0x156/0x200 [ 218.953835][ T7719] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 218.953866][ T7719] snd_open+0x201/0x450 [ 218.953907][ T7719] ? __pfx_snd_open+0x10/0x10 [ 218.953950][ T7719] chrdev_open+0x234/0x6a0 [ 218.953980][ T7719] ? __pfx_apparmor_file_open+0x10/0x10 [ 218.954012][ T7719] ? __pfx_chrdev_open+0x10/0x10 [ 218.954045][ T7719] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 218.954087][ T7719] do_dentry_open+0x6ab/0x14d0 [ 218.954117][ T7719] ? __pfx_chrdev_open+0x10/0x10 [ 218.954156][ T7719] vfs_open+0x82/0x3f0 [ 218.954197][ T7719] path_openat+0x2873/0x4280 [ 218.954243][ T7719] ? __pfx_path_openat+0x10/0x10 [ 218.954284][ T7719] do_file_open+0x20e/0x430 [ 218.954317][ T7719] ? __pfx_do_file_open+0x10/0x10 [ 218.954375][ T7719] ? alloc_fd+0x471/0x7a0 [ 218.954406][ T7719] ? do_getname+0x191/0x390 [ 218.954446][ T7719] do_sys_openat2+0x10f/0x1e0 [ 218.954484][ T7719] ? __pfx_do_sys_openat2+0x10/0x10 [ 218.954526][ T7719] ? __fget_files+0x21f/0x3d0 [ 218.954561][ T7719] __x64_sys_openat+0x12d/0x210 [ 218.954601][ T7719] ? __pfx___x64_sys_openat+0x10/0x10 [ 218.954655][ T7719] do_syscall_64+0x115/0x840 [ 218.954681][ T7719] ? clear_bhb_loop+0x40/0x90 [ 218.954717][ T7719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.954752][ T7719] RIP: 0033:0x7f718c19de59 [ 218.954776][ T7719] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 218.954803][ T7719] RSP: 002b:00007f718cf95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 218.954829][ T7719] RAX: ffffffffffffffda RBX: 00007f718c426180 RCX: 00007f718c19de59 [ 218.954849][ T7719] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 218.954867][ T7719] RBP: 00007f718c233e6f R08: 0000000000000000 R09: 0000000000000000 [ 218.954884][ T7719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 218.954901][ T7719] R13: 00007f718c426218 R14: 00007f718c426180 R15: 00007ffd3b2224c8 [ 218.954940][ T7719] [ 223.603201][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 223.640670][ T7778] netlink: 342 bytes leftover after parsing attributes in process `syz.2.342'. [ 223.757818][ T7778] FAULT_INJECTION: forcing a failure. [ 223.757818][ T7778] name failslab, interval 1, probability 0, space 0, times 0 [ 223.821818][ T7778] CPU: 1 UID: 0 PID: 7778 Comm: syz.2.342 Not tainted syzkaller #0 PREEMPT(full) [ 223.821854][ T7778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 223.821871][ T7778] Call Trace: [ 223.821879][ T7778] [ 223.821889][ T7778] dump_stack_lvl+0x100/0x190 [ 223.821937][ T7778] should_fail_ex.cold+0x5/0xa [ 223.821979][ T7778] should_failslab+0xc2/0x120 [ 223.822020][ T7778] __kmalloc_noprof+0xfc/0x820 [ 223.822054][ T7778] ? tnode_new+0x2f7/0x350 [ 223.822095][ T7778] tnode_new+0x2f7/0x350 [ 223.822133][ T7778] resize+0xed4/0x22f0 [ 223.822185][ T7778] fib_insert_alias+0x9b3/0xe30 [ 223.822228][ T7778] fib_trie_unmerge+0x289/0xbd0 [ 223.822274][ T7778] ? __pfx_fib_trie_unmerge+0x10/0x10 [ 223.822314][ T7778] ? __pfx___mutex_lock+0x10/0x10 [ 223.822352][ T7778] fib_unmerge+0xee/0x510 [ 223.822377][ T7778] ? __pfx_fib_nl2rule.constprop.0+0x10/0x10 [ 223.822425][ T7778] fib4_rule_configure+0x383/0x10c0 [ 223.822481][ T7778] fib_newrule+0x356/0x1ed0 [ 223.822531][ T7778] ? rcu_is_watching+0x12/0xc0 [ 223.822572][ T7778] ? __pfx_fib_newrule+0x10/0x10 [ 223.822614][ T7778] ? kfree_skbmem+0x130/0x210 [ 223.822655][ T7778] ? kmem_cache_free+0x127/0x6b0 [ 223.822685][ T7778] ? skb_release_data+0x6ca/0x8e0 [ 223.822754][ T7778] ? find_held_lock+0x2b/0x80 [ 223.822791][ T7778] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 223.822826][ T7778] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 223.822862][ T7778] ? __pfx_fib_nl_newrule+0x10/0x10 [ 223.822906][ T7778] rtnetlink_rcv_msg+0x95e/0xe90 [ 223.822946][ T7778] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 223.822993][ T7778] ? ref_tracker_free+0x37e/0x6c0 [ 223.823041][ T7778] netlink_rcv_skb+0x159/0x420 [ 223.823086][ T7778] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 223.823126][ T7778] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 223.823183][ T7778] ? netlink_deliver_tap+0x1ae/0xcc0 [ 223.823231][ T7778] netlink_unicast+0x585/0x850 [ 223.823281][ T7778] ? __pfx_netlink_unicast+0x10/0x10 [ 223.823335][ T7778] netlink_sendmsg+0x8b0/0xda0 [ 223.823384][ T7778] ? __pfx_netlink_sendmsg+0x10/0x10 [ 223.823429][ T7778] ? apparmor_socket_sendmsg+0x15b/0x270 [ 223.823465][ T7778] ____sys_sendmsg+0xa4d/0xbe0 [ 223.823503][ T7778] ? __pfx_netlink_sendmsg+0x10/0x10 [ 223.823547][ T7778] ? __pfx_____sys_sendmsg+0x10/0x10 [ 223.823590][ T7778] ? rcu_is_watching+0x12/0xc0 [ 223.823624][ T7778] ? ___sys_sendmsg+0x19d/0x1e0 [ 223.823665][ T7778] ? kfree+0x1e5/0x6c0 [ 223.823694][ T7778] ___sys_sendmsg+0x190/0x1e0 [ 223.823748][ T7778] ? __pfx____sys_sendmsg+0x10/0x10 [ 223.823789][ T7778] ? futex_hash+0x311/0x400 [ 223.823846][ T7778] ? __pfx___might_resched+0x10/0x10 [ 223.823896][ T7778] __sys_sendmmsg+0x20c/0x440 [ 223.823932][ T7778] ? __pfx___sys_sendmmsg+0x10/0x10 [ 223.823965][ T7778] ? __fget_files+0x215/0x3d0 [ 223.824003][ T7778] ? __pfx_do_futex+0x10/0x10 [ 223.824052][ T7778] ? xfd_validate_state+0x129/0x190 [ 223.824098][ T7778] __x64_sys_sendmmsg+0x9c/0x100 [ 223.824128][ T7778] ? lockdep_hardirqs_on+0x78/0x100 [ 223.824173][ T7778] do_syscall_64+0x115/0x840 [ 223.824195][ T7778] ? clear_bhb_loop+0x40/0x90 [ 223.824225][ T7778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.824251][ T7778] RIP: 0033:0x7f536f99de59 [ 223.824273][ T7778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 223.824298][ T7778] RSP: 002b:00007f537078a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 223.824324][ T7778] RAX: ffffffffffffffda RBX: 00007f536fc26090 RCX: 00007f536f99de59 [ 223.824342][ T7778] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 223.824358][ T7778] RBP: 00007f536fa33e6f R08: 0000000000000000 R09: 0000000000000000 [ 223.824374][ T7778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 223.824389][ T7778] R13: 00007f536fc26128 R14: 00007f536fc26090 R15: 00007ffdd4bec068 [ 223.824432][ T7778] [ 226.510284][ T7820] netlink: 8 bytes leftover after parsing attributes in process `syz.2.349'. [ 226.606041][ T7818] blktrace: Concurrent blktraces are not allowed on nbd5 [ 226.625624][ T7819] blktrace: Concurrent blktraces are not allowed on nbd5 [ 229.988824][ T7872] blktrace: Concurrent blktraces are not allowed on nbd5 [ 231.469024][ T7890] netlink: 186 bytes leftover after parsing attributes in process `syz.3.361'. [ 233.812562][ T7912] syz.2.366 (7912) used greatest stack depth: 19768 bytes left [ 241.919842][ T8030] FAULT_INJECTION: forcing a failure. [ 241.919842][ T8030] name fail_futex, interval 1, probability 0, space 0, times 1 [ 241.919888][ T8030] CPU: 1 UID: 0 PID: 8030 Comm: syz.2.383 Not tainted syzkaller #0 PREEMPT(full) [ 241.919924][ T8030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 241.919957][ T8030] Call Trace: [ 241.919967][ T8030] [ 241.919978][ T8030] dump_stack_lvl+0x100/0x190 [ 241.920027][ T8030] should_fail_ex.cold+0x5/0xa [ 241.920070][ T8030] get_futex_key+0x1d2/0x14f0 [ 241.920105][ T8030] ? __pfx_get_futex_key+0x10/0x10 [ 241.920134][ T8030] ? __lock_acquire+0x49f/0x1a40 [ 241.920173][ T8030] futex_wake+0xf4/0x5e0 [ 241.920215][ T8030] ? __pfx_futex_wake+0x10/0x10 [ 241.920262][ T8030] ? __lock_acquire+0x49f/0x1a40 [ 241.920292][ T8030] do_futex+0x2b2/0x440 [ 241.920325][ T8030] ? __pfx_do_futex+0x10/0x10 [ 241.920367][ T8030] __x64_sys_futex+0x34f/0x4d0 [ 241.920406][ T8030] ? __pfx___x64_sys_futex+0x10/0x10 [ 241.920453][ T8030] do_syscall_64+0x115/0x840 [ 241.920478][ T8030] ? clear_bhb_loop+0x40/0x90 [ 241.920512][ T8030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.920541][ T8030] RIP: 0033:0x7f536f99de59 [ 241.920566][ T8030] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 241.920592][ T8030] RSP: 002b:00007f53707ab0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 241.920619][ T8030] RAX: ffffffffffffffda RBX: 00007f536fc25fa8 RCX: 00007f536f99de59 [ 241.920638][ T8030] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f536fc25fac [ 241.920655][ T8030] RBP: 00007f536fc25fa0 R08: 0000000000000001 R09: 0000000000000000 [ 241.920672][ T8030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.920689][ T8030] R13: 00007f536fc26038 R14: 00007ffdd4bebf80 R15: 00007ffdd4bec068 [ 241.920726][ T8030] [ 243.099297][ T8048] FAULT_INJECTION: forcing a failure. [ 243.099297][ T8048] name failslab, interval 1, probability 0, space 0, times 0 [ 243.152513][ T8048] CPU: 0 UID: 0 PID: 8048 Comm: syz.1.386 Not tainted syzkaller #0 PREEMPT(full) [ 243.152552][ T8048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 243.152569][ T8048] Call Trace: [ 243.152578][ T8048] [ 243.152588][ T8048] dump_stack_lvl+0x100/0x190 [ 243.152630][ T8048] should_fail_ex.cold+0x5/0xa [ 243.152668][ T8048] should_failslab+0xc2/0x120 [ 243.152709][ T8048] kmem_cache_alloc_noprof+0x91/0x6a0 [ 243.152747][ T8048] ? dst_alloc+0x99/0x1a0 [ 243.152783][ T8048] dst_alloc+0x99/0x1a0 [ 243.152816][ T8048] rt_dst_alloc+0x35/0x3a0 [ 243.152847][ T8048] ip_route_output_key_hash_rcu+0x87a/0x2870 [ 243.152894][ T8048] ip_route_output_key_hash+0x118/0x2b0 [ 243.152928][ T8048] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 243.152966][ T8048] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 243.152994][ T8048] ? lockdep_hardirqs_on+0x78/0x100 [ 243.153046][ T8048] ip_route_output_flow+0x27/0x150 [ 243.153082][ T8048] __ip4_datagram_connect+0x8bf/0x1470 [ 243.153124][ T8048] udp_connect+0x2e/0x70 [ 243.153164][ T8048] inet_dgram_connect+0x143/0x200 [ 243.153194][ T8048] ? __pfx_inet_dgram_connect+0x10/0x10 [ 243.153219][ T8048] __sys_connect_file+0x141/0x1a0 [ 243.153252][ T8048] __sys_connect+0x141/0x170 [ 243.153278][ T8048] ? __pfx___sys_connect+0x10/0x10 [ 243.153346][ T8048] __x64_sys_connect+0x72/0xb0 [ 243.153375][ T8048] ? lockdep_hardirqs_on+0x78/0x100 [ 243.153422][ T8048] do_syscall_64+0x115/0x840 [ 243.153443][ T8048] ? clear_bhb_loop+0x40/0x90 [ 243.153475][ T8048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.153499][ T8048] RIP: 0033:0x7f718c19de59 [ 243.153519][ T8048] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 243.153544][ T8048] RSP: 002b:00007f718cfb6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 243.153568][ T8048] RAX: ffffffffffffffda RBX: 00007f718c426090 RCX: 00007f718c19de59 [ 243.153585][ T8048] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 243.153600][ T8048] RBP: 00007f718c233e6f R08: 0000000000000000 R09: 0000000000000000 [ 243.153615][ T8048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 243.153631][ T8048] R13: 00007f718c426128 R14: 00007f718c426090 R15: 00007ffd3b2224c8 [ 243.153667][ T8048] [ 243.159273][ T30] audit: type=1804 audit(1843104520.690:4): pid=8055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.388" name="/newroot/sys/kernel/debug/tracing/set_event" dev="tracefs" ino=17 res=1 errno=0 [ 243.538228][ T30] audit: type=1804 audit(1843104520.990:5): pid=8056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.387" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=17 res=1 errno=0 [ 244.018977][ T8065] vhci_hcd: not connected 4 [ 245.279174][ T6448] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 248.659401][ T8140] blktrace: Concurrent blktraces are not allowed on nbd5 [ 254.544882][ T8235] blktrace: Concurrent blktraces are not allowed on nbd5 [ 255.927945][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.936436][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.813148][ T8335] ================================================================== [ 260.813176][ T8335] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 260.813222][ T8335] Write of size 8 at addr ffffc90004ba13e0 by task syz.0.436/8335 [ 260.813245][ T8335] [ 260.813258][ T8335] CPU: 0 UID: 0 PID: 8335 Comm: syz.0.436 Not tainted syzkaller #0 PREEMPT(full) [ 260.813290][ T8335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 260.813307][ T8335] Call Trace: [ 260.813317][ T8335] [ 260.813327][ T8335] dump_stack_lvl+0x100/0x190 [ 260.813361][ T8335] print_report+0x13d/0x4b0 [ 260.813401][ T8335] ? _raw_spin_lock_irqsave+0x52/0x60 [ 260.813444][ T8335] ? sys_imageblit+0x19fb/0x1d60 [ 260.813475][ T8335] kasan_report+0xdf/0x1c0 [ 260.813515][ T8335] ? sys_imageblit+0x19fb/0x1d60 [ 260.813550][ T8335] sys_imageblit+0x19fb/0x1d60 [ 260.813586][ T8335] ? __pfx_sys_imageblit+0x10/0x10 [ 260.813621][ T8335] ? prb_read_valid+0x78/0xa0 [ 260.813652][ T8335] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 260.813700][ T8335] soft_cursor+0x524/0xa10 [ 260.813730][ T8335] ? __pfx___probestub_notifier_run+0x10/0x10 [ 260.813769][ T8335] ? fb_get_color_depth+0x120/0x250 [ 260.813812][ T8335] bit_cursor+0xca1/0x1490 [ 260.813844][ T8335] ? __pfx_bit_cursor+0x10/0x10 [ 260.813885][ T8335] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 260.813928][ T8335] ? get_color+0x1da/0x450 [ 260.813967][ T8335] ? __pfx_bit_cursor+0x10/0x10 [ 260.813994][ T8335] fbcon_cursor+0x43c/0x5e0 [ 260.814035][ T8335] ? add_softcursor+0x1a0/0x290 [ 260.814067][ T8335] set_cursor+0x1db/0x250 [ 260.814096][ T8335] con_write+0x89/0xb0 [ 260.814131][ T8335] n_tty_write+0x431/0x1160 [ 260.814181][ T8335] ? __pfx_n_tty_write+0x10/0x10 [ 260.814221][ T8335] ? __kasan_kmalloc+0xaa/0xb0 [ 260.814255][ T8335] ? __pfx_woken_wake_function+0x10/0x10 [ 260.814287][ T8335] ? rcu_is_watching+0x12/0xc0 [ 260.814319][ T8335] ? file_tty_write.isra.0+0x694/0x890 [ 260.814353][ T8335] ? kfree+0x1e5/0x6c0 [ 260.814379][ T8335] ? __pfx_n_tty_write+0x10/0x10 [ 260.814421][ T8335] file_tty_write.isra.0+0x4d2/0x890 [ 260.814460][ T8335] redirected_tty_write+0xd4/0x120 [ 260.814496][ T8335] vfs_write+0x6ac/0x1050 [ 260.814522][ T8335] ? __pfx_redirected_tty_write+0x10/0x10 [ 260.814560][ T8335] ? __pfx_vfs_write+0x10/0x10 [ 260.814584][ T8335] ? find_held_lock+0x2b/0x80 [ 260.814630][ T8335] ksys_write+0x12a/0x250 [ 260.814655][ T8335] ? __pfx_ksys_write+0x10/0x10 [ 260.814686][ T8335] do_syscall_64+0x115/0x840 [ 260.814711][ T8335] ? clear_bhb_loop+0x40/0x90 [ 260.814742][ T8335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.814771][ T8335] RIP: 0033:0x7fb7d3b9de59 [ 260.814793][ T8335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 260.814819][ T8335] RSP: 002b:00007fb7d1df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 260.814852][ T8335] RAX: ffffffffffffffda RBX: 00007fb7d3e26180 RCX: 00007fb7d3b9de59 [ 260.814872][ T8335] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000008 [ 260.814891][ T8335] RBP: 00007fb7d3c33e6f R08: 0000000000000000 R09: 0000000000000000 [ 260.814909][ T8335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.814926][ T8335] R13: 00007fb7d3e26218 R14: 00007fb7d3e26180 R15: 00007ffdba189638 [ 260.814954][ T8335] [ 260.814964][ T8335] [ 260.814972][ T8335] The buggy address belongs to a vmalloc virtual mapping [ 260.814990][ T8335] Memory state around the buggy address: [ 260.815004][ T8335] ffffc90004ba1280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 260.815024][ T8335] ffffc90004ba1300: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 260.815044][ T8335] >ffffc90004ba1380: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 260.815060][ T8335] ^ [ 260.815076][ T8335] ffffc90004ba1400: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 260.815095][ T8335] ffffc90004ba1480: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 260.815110][ T8335] ================================================================== [ 260.836451][ T8335] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 260.836478][ T8335] CPU: 0 UID: 0 PID: 8335 Comm: syz.0.436 Not tainted syzkaller #0 PREEMPT(full) [ 260.836514][ T8335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 260.836532][ T8335] Call Trace: [ 260.836541][ T8335] [ 260.836553][ T8335] dump_stack_lvl+0x100/0x190 [ 260.836593][ T8335] vpanic+0x552/0x970 [ 260.836621][ T8335] ? __pfx_vpanic+0x10/0x10 [ 260.836652][ T8335] ? sys_imageblit+0x19fb/0x1d60 [ 260.836693][ T8335] panic+0xd1/0xe0 [ 260.836719][ T8335] ? __pfx_panic+0x10/0x10 [ 260.836751][ T8335] ? sys_imageblit+0x19fb/0x1d60 [ 260.836793][ T8335] ? preempt_schedule_common+0x42/0xc0 [ 260.836839][ T8335] check_panic_on_warn.cold+0x19/0x34 [ 260.836877][ T8335] end_report.part.0+0x3a/0x90 [ 260.836919][ T8335] kasan_report.cold+0xe/0x18 [ 260.836960][ T8335] ? sys_imageblit+0x19fb/0x1d60 [ 260.836998][ T8335] sys_imageblit+0x19fb/0x1d60 [ 260.837038][ T8335] ? __pfx_sys_imageblit+0x10/0x10 [ 260.837075][ T8335] ? prb_read_valid+0x78/0xa0 [ 260.837107][ T8335] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 260.837155][ T8335] soft_cursor+0x524/0xa10 [ 260.837187][ T8335] ? __pfx___probestub_notifier_run+0x10/0x10 [ 260.837224][ T8335] ? fb_get_color_depth+0x120/0x250 [ 260.837269][ T8335] bit_cursor+0xca1/0x1490 [ 260.837301][ T8335] ? __pfx_bit_cursor+0x10/0x10 [ 260.837331][ T8335] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 260.837371][ T8335] ? get_color+0x1da/0x450 [ 260.837410][ T8335] ? __pfx_bit_cursor+0x10/0x10 [ 260.837433][ T8335] fbcon_cursor+0x43c/0x5e0 [ 260.837469][ T8335] ? add_softcursor+0x1a0/0x290 [ 260.837501][ T8335] set_cursor+0x1db/0x250 [ 260.837530][ T8335] con_write+0x89/0xb0 [ 260.837565][ T8335] n_tty_write+0x431/0x1160 [ 260.837612][ T8335] ? __pfx_n_tty_write+0x10/0x10 [ 260.837652][ T8335] ? __kasan_kmalloc+0xaa/0xb0 [ 260.837686][ T8335] ? __pfx_woken_wake_function+0x10/0x10 [ 260.837718][ T8335] ? rcu_is_watching+0x12/0xc0 [ 260.837750][ T8335] ? file_tty_write.isra.0+0x694/0x890 [ 260.837784][ T8335] ? kfree+0x1e5/0x6c0 [ 260.837808][ T8335] ? __pfx_n_tty_write+0x10/0x10 [ 260.837858][ T8335] file_tty_write.isra.0+0x4d2/0x890 [ 260.837900][ T8335] redirected_tty_write+0xd4/0x120 [ 260.837937][ T8335] vfs_write+0x6ac/0x1050 [ 260.837963][ T8335] ? __pfx_redirected_tty_write+0x10/0x10 [ 260.838002][ T8335] ? __pfx_vfs_write+0x10/0x10 [ 260.838027][ T8335] ? find_held_lock+0x2b/0x80 [ 260.838071][ T8335] ksys_write+0x12a/0x250 [ 260.838097][ T8335] ? __pfx_ksys_write+0x10/0x10 [ 260.838127][ T8335] do_syscall_64+0x115/0x840 [ 260.838151][ T8335] ? clear_bhb_loop+0x40/0x90 [ 260.838184][ T8335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.838213][ T8335] RIP: 0033:0x7fb7d3b9de59 [ 260.838236][ T8335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 260.838263][ T8335] RSP: 002b:00007fb7d1df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 260.838290][ T8335] RAX: ffffffffffffffda RBX: 00007fb7d3e26180 RCX: 00007fb7d3b9de59 [ 260.838311][ T8335] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000008 [ 260.838328][ T8335] RBP: 00007fb7d3c33e6f R08: 0000000000000000 R09: 0000000000000000 [ 260.838345][ T8335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.838361][ T8335] R13: 00007fb7d3e26218 R14: 00007fb7d3e26180 R15: 00007ffdba189638 [ 260.838391][ T8335] [ 260.838677][ T8335] Kernel Offset: disabled