last executing test programs: 24.003505218s ago: executing program 3 (id=2557): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r0, 0x5453, 0x0) ioctl$auto(r0, 0x7f, r0) close_range$auto(0x2, 0x8, 0x0) rseq$auto(&(0x7f0000000280)={0xe, 0x403, 0x7, 0x80b, 0x10001, 0x2}, 0x20, 0x0, 0x8000006) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) read$auto_vhci_fops_hci_vhci(0xffffffffffffffff, &(0x7f0000000280)=""/40, 0x28) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) 23.830163598s ago: executing program 3 (id=2558): r0 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) sendmmsg$auto(r0, 0x0, 0x3, 0x20000000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x20a00, 0x0) vmsplice$auto(0xffffffffffffffff, 0x0, 0xfff, 0x8) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r3, 0x40186f40, 0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000300)={{@inferred, 0x9509, 0x14, 0x8, "3112d585005a616119e230f9ffb683dbedecd0bf828bbfba40f035f4be6b7fe5e2f94bd90484b07530cf08a8"}, 0x8, 0x5, 0x10004, @inferred, @enumerated={0x4000, 0x800, "c832bcbae48ab01ec23457b7fd2dd3547c4e2eeba79edd0d1599ded9cbfaf517162fbe6a6f50f1aaa18fb20cabb4f176263bb0e781e3d0a2f992e8fcdcec86d9", 0x4000400, 0xffffffff}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd73340238d212b6debe0ada55bdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x802, 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, 0x0, 0x800, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) ioctl$auto_UBI_IOCDET(r3, 0x40046f41, 0x0) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), r2) sendmsg$auto_L2TP_CMD_NOOP(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x66871c73e4a73b9}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r5, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@L2TP_ATTR_DEBUG={0x8, 0x11, 0xfffffff9}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x8001}]}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x840) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x8200, 0x1, 0x9, 0x7, 0x5, 0xffffffffffffffff, 0x80000001, "7829000000000000000200", 0x0, 0xffffffffffffffff, 0x7, 0xffff4e8b, 0x2, 0x1}, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r6 = socket(0x10, 0x2, 0x4) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="7e7e81c2", @ANYRES16=0x0, @ANYBLOB="21022cbd7000ebdbdf2501"], 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r6, &(0x7f0000000000)='-\x00', 0x2fb) read$auto(0x3, 0x0, 0x80) 11.397010221s ago: executing program 0 (id=2572): write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, &(0x7f0000000000), 0x109280, 0x0) read$auto(r1, &(0x7f0000000100)='\xcb%)\x00', 0x7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) rmdir$auto(0x0) r2 = socket(0xa, 0x4, 0x9000300) sendfile$auto(0x1, r2, 0x0, 0x8fb5) fanotify_init$auto(0x1, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) write$auto(0xffffffffffffffff, 0x0, 0x5) close_range$auto(0x2, 0x8, 0x0) getsockopt$auto_SO_TYPE(0xffffffffffffffff, 0xf, 0x3, &(0x7f0000000140)='$\x00', 0x0) socket(0x2, 0x1, 0x84) r3 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r3, 0x0, 0x80, 0x0, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) msgrcv$auto(0x0, 0x0, 0xff9, 0x1, 0x3) msgsnd$auto(0x0, &(0x7f0000000080)={0x6, 0x2}, 0xf, 0xc45) 7.10235292s ago: executing program 2 (id=2583): write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, &(0x7f0000000000), 0x109280, 0x0) read$auto(r1, &(0x7f0000000100)='\xcb%)\x00', 0x7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) rmdir$auto(0x0) r2 = socket(0xa, 0x4, 0x9000300) fanotify_init$auto(0x1, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0xfffffffffffffffc, 0x200020499d, 0x4) socket(0x29, 0xa, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x5) close_range$auto(0x2, 0x8, 0x0) getsockopt$auto_SO_TYPE(0xffffffffffffffff, 0xf, 0x3, &(0x7f0000000140)='$\x00', 0x0) socket(0x2b, 0x1, 0x1) madvise$auto(0x0, 0x2003f2, 0x15) msgrcv$auto(0x0, 0x0, 0xff9, 0x1, 0x3) msgsnd$auto(0x0, &(0x7f0000000080)={0x6, 0x2}, 0xf, 0xc45) 5.932151289s ago: executing program 0 (id=2586): r0 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) sendmmsg$auto(r0, 0x0, 0x3, 0x20000000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x20a00, 0x0) vmsplice$auto(0xffffffffffffffff, 0x0, 0xfff, 0x8) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r3, 0x40186f40, 0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000300)={{@inferred, 0x9509, 0x14, 0x8, "3112d585005a616119e230f9ffb683dbedecd0bf828bbfba40f035f4be6b7fe5e2f94bd90484b07530cf08a8"}, 0x8, 0x5, 0x10004, @inferred, @enumerated={0x4000, 0x800, "c832bcbae48ab01ec23457b7fd2dd3547c4e2eeba79edd0d1599ded9cbfaf517162fbe6a6f50f1aaa18fb20cabb4f176263bb0e781e3d0a2f992e8fcdcec86d9", 0x4000400, 0xffffffff}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd73340238d212b6debe0ada55bdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x802, 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, 0x0, 0x800, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) ioctl$auto_UBI_IOCDET(r3, 0x40046f41, 0x0) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), r2) sendmsg$auto_L2TP_CMD_NOOP(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x66871c73e4a73b9}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r5, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@L2TP_ATTR_DEBUG={0x8, 0x11, 0xfffffff9}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x8001}]}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x840) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x8200, 0x1, 0x9, 0x7, 0x5, 0xffffffffffffffff, 0x80000001, "7829000000000000000200", 0x0, 0xffffffffffffffff, 0x7, 0xffff4e8b, 0x2, 0x1}, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r6 = socket(0x10, 0x2, 0x4) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="7e7e81c2", @ANYRES16=0x0, @ANYBLOB="21022cbd7000ebdbdf2501"], 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r6, &(0x7f0000000000)='-\x00', 0x2fb) read$auto(0x3, 0x0, 0x80) 5.359484369s ago: executing program 1 (id=2589): mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) write$auto(r0, 0x0, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0xffffffffffffffff, 0x8000) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) r1 = open(&(0x7f0000000100)='.\x00', 0x595082, 0x0) write$auto(r1, 0x0, 0xfffffdf1) fcntl$auto_F_ADD_SEALS(r1, 0x409, 0x9) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b4c, r2) 4.61903383s ago: executing program 1 (id=2590): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x480, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0xd) io_uring_register$auto_IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000280), 0x1) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.pressure\x00', 0x42802, 0x0) write$auto(r0, &(0x7f0000000200)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xabxo\xd9\x90\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xa5\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5Y\a\xc1\xe9(\x85R\x96\xe4\x86\\\x13\xa9\x1a&\x19\x8a9\x82\xf0\x83\f\xf7\xeb\x00\x00\x00\x00\x00\x00\x00\x00v\x92\xfc\xf3\x1a/\x99dcA\xf4B\xf3\xba\x17\xea', 0xe) 4.535410598s ago: executing program 0 (id=2591): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x76, 0x0, 0x8) r0 = getsockopt$auto(0x4, 0x6, 0x1b, 0xfffffffffffffffc, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000180)=""/172, 0xac) ioctl$auto_BINDER_SET_CONTEXT_MGR(r0, 0x40046207, &(0x7f0000000040)="e6526080d2c9deb61dcaae7fc315ec4f184f2b15991198b0a20c001430109533f769a6f2d8824ebe19a5d5ac40f1dce6f0448a3b8b844e2030daeaae5806fc65a40333807227ccd5281558c42a2fd0b0da859941e9232f35ff413b9b6d75eaf0db740fe4bf2507e61c9b1927d1be1de063f4122d6c62e8bb2da972925b292bbbea3c579e7e6cf04ca3af5154dd51bdeb802b6a33265581881ee75d7bb886de20aeffa8e087b47bbcd62948ec2add3fcb8328f12b3ea2d1c93abc9e198c65c21a08cc23336cd19bfde7435c67") r1 = io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC0\x00', 0x802, 0x0) mmap$auto(0x5, 0x4, 0x4000000000df, 0x19, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x7, 0xf) ioctl$auto(r2, 0xc1205531, r1) 4.488704656s ago: executing program 1 (id=2592): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYRESHEX=r0], 0x1ac}}, 0x40000) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time\x00') recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xffffbff9, 0x10, 0x0) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) r2 = io_uring_setup$auto(0x999, 0x0) mmap$auto(0x4, 0x400008, 0xa, 0x9b72, 0xffffffffffffffff, 0x0) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r3 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x1a3) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) accept$auto(r2, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) write$auto_tty_fops_tty_io(r4, &(0x7f0000000580)="7fd0a917413f68eb6b28d5eea7d1553f6595c094f1f855eb8d8776e6bd8f81c440da3fe3433f8243402fc2752caac5da7a03bbb5adf685740635a6bc231c6cf093b7cf0e4dd07f10b2dc12791aa3ebded3cfe2e4befc0e02d2e064b1db3adc8b2ec1c0378efff268086d6cb998b8dedfb7f20d06b7b091e974de1c1a4ce3d378d91b7639d914ba86b1f18337bb06e3619af99e68dfac380ab153fc75a2159d8efbbf7436752c964490346cf1558249979fc61ee71509560d14bdd0922e50904f3a4b2ae1bfc4f6bb9e08f16afd6baa53cf87077be5bcca2829dd4133da071a6fd072ed5568670a5d171e3deee5576bf571a016c162ca369182f202dbe49839df8d4c438dacdd6cdd67c21e2ed9be20baeff5e5019313d5e6e5a0e93eab61be5dec2c7e144cf9d73fd945c25ff11d5d5aa26bf8ab2e06098b8aeb05c1f29c1a30d268d82768b3350c3efcdac39334de0f6406a1aed635e0c55412ff73b0222d67be6bdd185478d502b492c41696ce6f88609795409aa0841dbc7cb222f0cb239b19d9499fdc45988f0290af0666c37b93f047d45b17cbe7c9332c63ad46c6aa871e4b351efa4fbfb88cfa0281f465d1a970939c2d6c45c50ade06f0bb98ed66623b887de325c0f42ab530b649ea29757af9464c18dea186a0bbc62ce209a3be8e86e8f710323cb899d806caf575cb73a419c0804afd4c8a329a2afaebb87291e9fdfd2ca0edebfc4fb7b1e281fa3e6ac387aebfc92107f4251aa8c96a4c6d7599933c2c489a7696e8e42d88b572fa46bead2c96f619030ab70026f14f91bbf0a4c1b3ed74c564d6ae3eefeef94d37e19701513ff7713a52ebfd8f251dc303455de00d1ee3ed3e204bed2901a644056193fc7e00ce10aa6463892a7881a51893af629f7bd8801ce4c44c7ff2decdb6a69d9ed48ff79661ba9ec4a84dd222d3b40e4abf56222b97db9aa646a67e5031a57d570030f41b09529298f1acddbcd1f0ff6a30cb2a2d5eaecd774bbf897477cc1e55488f3493b6aa6908d24b032cbda24f956f7f262d992838923efde7e8ed0558872451d7bd6a4769ecd47c6d0a125a6e638df6f67793901a67071c506d010930b01ce541aa43f9110d874311d18a8ea50fb1907e8d17c3932e0c12c7d6f7c145209ab81105649fc0c5266063bd8c6a16319a82ff5d236122d53e15d6a7fcb16245d7754f3ffbf659a141cbd29286176fe445deebd5dd18baae1bbdfedbe4bd3453c50fb2f6c22505ecd768ad0703624ebf7b924dc7e8e93ea94c8a6a9f0372351b5a4aaadf89a86faf5241e47be7e6790676fbf8abcc6ef89b9f6ce10600e21815ec6d2c580b5c30ada6b956a07d9964e93419856df00b06245d0743ac2b595097007165cbb17c6a492a6eb0559712e5f89ee86b7a2c46acf9b8d8b2c7a85092966aca97f114635c64f6eb44ad927423a3bc434b267c23d364ee5671d3dcbcca02ffbb633b3c9e6f2058c3b43dd46344b92e000a029e6daf42c4d12e3a470487eb5cca6e2014b87e5a5aee1c6b9485472d18aaea4ebefe77c6901cd52e303083d6b2e47f4be756fb4dd02acd4938e6ae5f7178623b3b4bad0a83c2c511fd4a9e1da40efff3ca03326278860a6c507e50717f0ea9288daa0a33748cdaa74ec20f7b5671ab50d2a0ea649b9c1b258fa833e808ce0f0fb537e75e9e4c8e1b5c7fe8ca456e6c32fdb86b88c0bc30e44c5ec22634cf5b6b78574a5aae4cfd5b011095e2ea022a2fd15495319ddfad5b3fdabcf012d8f182af76c9ea3b083b66fb34b0ba87957fcd34cb0a55478bfb857bb79b52ec8cf52fcdaf09a20b743b765310cb24d4b05e55790ebbc410cc1342c3dc27facd2ae8c2ea0916bbe0e1372c09f2b98d486294c1ad0776828ec7feebdd969af66b82f708494c4abd5841d70a71ed0c6c7eef68559527ea4c43fe26e8889f9410cda85b13dc02bd03692198ce526997cb45b322a6354d58344e94944f9fa25950ae239c17b75d313f75405c012d959eeb2991130ec84e703193d749671264f3aafd55cfcfb2f5762979724318d6f1ed0b5e570d0b050ed9282a71de1533cb642ea831444a4bb7668745bf9814a180b18835e7c61d907e4321c25b5400be50d0117537ca13190ffde1bb077eb0cd74f6163abcb87a2b1e261b2c2084224d743b27b67f404b3b2d66a9c12892fb6894cd87c018e4018cfe5cb05b6114b90fb7faff3e591e4f60803318cc54783f9c1473276b33f59a3e545340299036ce3eefeb5775b4ddc00759012e5a408ea73b702c05c102740c6ba5b140a89cef6a7e9591c9afca16e478698cd9a3b4d103a553a194cc30e498b14c2315c61e5e6c329722c5cb50b6c114e4901c067ccfdb54268eb51b1d43b0cf36b78c2e91abf18675c3b69614e0d10c3f15014d69067a97953ba58e7da1b625ae43465346bb7cff85515f83c1934956b2195cebef82db5fd2e9083da8240e4d7d1ade0d4f2be992f2f23197df1054c89bb1b7ad9c03a3c3cecb278221889cb30374987dd72d0d58015dfee54acb6db2127dc467ba3ce0a2353e809622b23d03a6b52666f10cde5a2abb02571b845d58d6590afc59bd16caa59ae4026888efa3f6b1d0f879afb71a580486005db5a411073f8f4964f73103efa972ecf481118b12ae48ba55c50a5fd7c31991b73242bb7448bcb4e412427a4ab9657a0e1f8ff3332e9da5b6f695dfcc4e6fbeb5f2cea1c70703f7fe4b685feb246b27601163c98a661ee30467ac71ee1df93812258dfd19f30fcd059c1cde93e142a6fe6976f9f78b580073528e1a2ca6084eea907db9e3b1ac68eb150ee596519613a667c897afe767f17f3f227db922972bd9bfdc6b7ebd8f1e6a51587e31dd1bc3abeed8a338cc458ff7031507b678c97d51f03b92292ded0ac1f004fe460cbc56f355d17c8b", 0x817) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, 0x0, 0x40, 0x0) 3.863028263s ago: executing program 3 (id=2560): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000000008000) r0 = io_uring_setup$auto(0x1d48, &(0x7f0000000340)={0x7fffffff, 0x10, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x8, 0x1, 0x80000000, 0x100, 0x83, 0x101, 0x6, 0x8000000000000001}, {0x100, 0x1, 0x52, 0x5, 0x11, 0x101, 0x876c5, 0xc9, 0x3}}) io_uring_register$auto(r0, 0x11, 0x0, 0x56d) r1 = socket(0x2, 0x1, 0x106) r2 = socket(0x2, 0x3, 0xa) setsockopt$auto(0x4, 0x0, 0x3, &(0x7f0000000000)='!/*:(*\'\x00', 0x800000e) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) write$auto_sg_fops_sg(r3, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e) r4 = syz_genetlink_get_family_id$auto_tcp_metrics(0x0, 0xffffffffffffffff) r5 = io_uring_setup$auto(0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) recvfrom$auto(0xffffffffffffffff, 0x0, 0xde, 0x8, 0x0, 0x0) timer_create$auto(0xfffffffa, &(0x7f0000000100)={@sival_int=0x9, @inferred, 0x1, @_sigev_thread={0x0, 0x0}}, &(0x7f0000000140)=0x6) timer_settime$auto(0x0, 0x2, &(0x7f00000000c0)={{0xf, 0x10007}, {0x0, 0x401}}, 0x0) ioctl$auto_IOCTL_VMCI_CTX_GET_CPT_STATE(r5, 0x7b1, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, r4, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) r7 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/scsi/sg/debug\x00', 0x2000, 0x0) r8 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x3, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(r8, 0xae03, 0x42) pread64$auto(r7, 0x0, 0x6, 0x3) setsockopt$auto_SO_RCVLOWAT(r1, 0x9, 0x12, &(0x7f0000000080)='{\'/\x85(:\'-\x00', 0x4) mmap$auto(0x0, 0xe983, 0x2, 0xebd, r2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) r9 = timerfd_create$auto(0x8, 0x800) timerfd_settime$auto(r9, 0x3, &(0x7f0000000040)={{0x8, 0x3}, {0x0, 0xa2b}}, 0x0) 3.81954839s ago: executing program 0 (id=2593): r0 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) sendmmsg$auto(r0, 0x0, 0x3, 0x20000000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x20a00, 0x0) vmsplice$auto(0xffffffffffffffff, 0x0, 0xfff, 0x8) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, 0x0, 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r3, 0x40186f40, 0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000300)={{@inferred, 0x9509, 0x14, 0x8, "3112d585005a616119e230f9ffb683dbedecd0bf828bbfba40f035f4be6b7fe5e2f94bd90484b07530cf08a8"}, 0x8, 0x5, 0x10004, @inferred, @enumerated={0x4000, 0x800, "c832bcbae48ab01ec23457b7fd2dd3547c4e2eeba79edd0d1599ded9cbfaf517162fbe6a6f50f1aaa18fb20cabb4f176263bb0e781e3d0a2f992e8fcdcec86d9", 0x4000400, 0xffffffff}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd73340238d212b6debe0ada55bdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x802, 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, 0x0, 0x800, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) ioctl$auto_UBI_IOCDET(r3, 0x40046f41, 0x0) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), r2) sendmsg$auto_L2TP_CMD_NOOP(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x66871c73e4a73b9}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r5, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@L2TP_ATTR_DEBUG={0x8, 0x11, 0xfffffff9}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x8001}]}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x840) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x8200, 0x1, 0x9, 0x7, 0x5, 0xffffffffffffffff, 0x80000001, "7829000000000000000200", 0x0, 0xffffffffffffffff, 0x7, 0xffff4e8b, 0x2, 0x1}, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r6 = socket(0x10, 0x2, 0x4) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="7e7e81c2", @ANYRES16=0x0, @ANYBLOB="21022cbd7000ebdbdf2501"], 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r6, &(0x7f0000000000)='-\x00', 0x2fb) read$auto(0x3, 0x0, 0x80) 3.640172344s ago: executing program 3 (id=2594): r0 = openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/trigger\x00', 0x1, 0x0) nanosleep$auto(&(0x7f0000000980)={0x8000000000000000, 0x20000000}, 0x0) write$auto_event_trigger_fops_trace(r0, &(0x7f0000000300)="2101c273d975ae15d3c161d0a6c3e2e27d907fdc58906569e2e509db", 0x1c) 3.508392975s ago: executing program 3 (id=2595): openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim3/max_vfs\x00', 0x200100, 0x0) r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x8000000) r1 = socket(0xa, 0x3, 0x3b) write$auto(0xffffffffffffffff, &(0x7f0000000240)='.G\x1f*@sys\x00\xe7\xc9 \x8f\x10!\x11\xd4\x9by\xa8\xb2\x89c\xf8\xc41\xd4\x0f\x82\x8d\xd2\x04\x0f\xf6\xa0\xf7,O\x1d\t8\xb9H\xd5\xc4\xbb\x8f\x13\x94%\xcc\x0e\x9eT\xc1}+\x02J\xb9\x80\xe7\xb3<\x9a\xf1B\x13\xb7P\x9b\xce~\xff&zQ\xa8\x97\n\xb2\xf7\x15Z\x05\x8cl\x04\xca\x954\xdd3\xf9\xa3\x1e#,\xb7\xd2\xa6\x8d\x13\xd0\xf0\x14\x9a\xfa\xed\x9d\xa1\x98P.\'\xccA\x8b\xff\x82\xf8\xc3\xa9\xb6\xc3\x80E\xfc\xe3\xc6\x8d\xb8uh\x9f\xd1!\xa3\xe0dR\xda?\xdc:\xbd\x15X%\x84\xd2yL\x05\xaeV$\xda\xcd\xa1}_\xe0\x9c\x87\xaa\xa1\x1f\x93(\x96}\"sU.2\x1e\xb8\x01U\x8f\xe5\x7f]L\xca\xa2\x9b\x92ZYE\xd2\xe1<4\x9c\x85\x04\x86l2\x8e\xb2\x9e\x11\x82s\xd7\xe3\xdd\xdb\x041\xb2\x1c\xac@\x16\xb3sn\xec\r\x11J*\xbb\xd6\xde\x86v\x83T\xb1\xae\x91{_\xd7JK\xda\x01i#\xe89\x17\xaf\x03j5\r\xce\a\x1dl/#\x96I0x0}) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="c79f25bd7000ffdbdf250ee4000008000300", @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0xc031}, 0x44) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000480)={'batadv0\x00'}) 3.427674671s ago: executing program 1 (id=2596): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000540), 0x20000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000580)={0x80000006, 0x0, 0xd12b, 0xfffffffd, 0x200a}) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x17ffffffffffffc, 0x400000004) socket(0x22, 0x5, 0x6) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendmsg$auto_OVS_FLOW_CMD_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) socket(0x2, 0x1, 0x0) socketpair$auto(0x1e, 0x3, 0xffffff00, 0x0) setsockopt$auto(0x3, 0x6, 0x5, 0x0, 0x8) statmount$auto(0x0, 0x0, 0x202, 0x2000000) mmap$auto(0x0, 0x4020009, 0xdc, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0x8000000000000001, 0x15) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x20200, 0x0) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="a2a725bd7000a0c582043c197d65022e3375ad01b3b7244ae60bf5958da29bd4790936000a00ffffffff42cad213b10cb2370776141ec3365ded5c771c3371f18848dc406ad35832495abe071d74d7542995af2349f9a7e7c55911d95176eac013972f815c0bb4e513a8a91406877e7fef73194ff4c4aa0a8a"], 0x28}, 0x1, 0x0, 0x0, 0x20000800}, 0xc040810) read$auto(r1, 0x0, 0x1f40) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) 3.410014901s ago: executing program 3 (id=2597): write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, &(0x7f0000000000), 0x109280, 0x0) read$auto(r1, &(0x7f0000000100)='\xcb%)\x00', 0x7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r2 = socket(0xa, 0x4, 0x9000300) sendfile$auto(0x1, r2, 0x0, 0x8fb5) fanotify_init$auto(0x1, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0xfffffffffffffffc, 0x200020499d, 0x4) socket(0x29, 0xa, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x5) close_range$auto(0x2, 0x8, 0x0) getsockopt$auto_SO_TYPE(0xffffffffffffffff, 0xf, 0x3, &(0x7f0000000140)='$\x00', 0x0) socket(0x2b, 0x1, 0x1) madvise$auto(0x0, 0x2003f2, 0x15) msgrcv$auto(0x0, 0x0, 0xff9, 0x1, 0x3) msgsnd$auto(0x0, &(0x7f0000000080)={0x6, 0x2}, 0xf, 0xc45) 3.343680178s ago: executing program 0 (id=2598): r0 = socket(0x1f, 0x1, 0xed2f) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@l2={0x1f, 0xd, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x7, 0x3}, 0x67e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = socket(0x15, 0x5, 0x0) getsockopt$auto(r1, 0x114, 0x271e, 0xfffffffffffffffc, 0x0) ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, &(0x7f0000000280)=0x5) r2 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) r3 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sg0\x00', 0xa0000, 0x0) ioctl$auto_SCSI_IOCTL_PROBE_HOST(r3, 0x5385, &(0x7f0000000380)="d17dcb02f7") write$auto_snd_seq_f_ops_seq_clientmgr(r2, &(0x7f00000000c0)="621c1bfe595046ab5c98199adf6ad9cdc5b2fc8d6d76e6021e1dcedc5f00e8fdffff00c291dfb4000001e49f34dc422231cf4d40d401d5f8", 0x38) unshare$auto(0x40000080) r4 = socket(0x18, 0x800, 0x2) getpeername$auto(r4, &(0x7f0000000040)=@llc={0x1a, 0x338, 0x6, 0x0, 0x9, 0x48, @remote}, &(0x7f0000000080)=0xa98) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(0xffffffffffffffff, 0x0, 0x8000) socket(0x2, 0x80802, 0x0) r5 = socket(0x2b, 0x1, 0x0) unshare$auto(0x80000000) ioctl$auto_BTRFS_IOC_ENCODED_WRITE_32(0xffffffffffffffff, 0x40789440, 0x0) bind$auto(0x3, 0x0, 0x6a) unshare$auto(0x9) sendmmsg$auto(r5, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x2, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) 3.046938947s ago: executing program 2 (id=2599): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.pressure\x00', 0x42802, 0x0) write$auto(r0, &(0x7f0000000200)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xabxo\xd9\x90\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xa5\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5Y\a\xc1\xe9(\x85R\x96\xe4\x86\\\x13\xa9\x1a&\x19\x8a9\x82\xf0\x83\f\xf7\xeb\x00\x00\x00\x00\x00\x00\x00\x00v\x92\xfc\xf3\x1a/\x99dcA\xf4B\xf3\xba\x17\xea', 0xe) 2.940048115s ago: executing program 2 (id=2600): mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r0 = socket(0x1e, 0x4, 0x0) connect$auto(r0, &(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10) read$auto(0xffffffffffffffff, 0x0, 0x10001) timer_create$auto(0x4, &(0x7f0000000140)={@sival_ptr=0x0, @raw=0x6, 0xe}, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) unshare$auto(0x20000) r1 = socket(0x2, 0x80002, 0x73) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/hsr_slave_0/hop_limit\x00', 0x6c0200, 0x0) ptrace$auto_PTRACE_INTERRUPT(0x4207, 0x0, 0x0, 0xffffffffffffffff) r2 = landlock_create_ruleset$auto(0x0, 0x9, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x2, 0x2, 0x6, 0x63, 0x0, 0x0, 0x0, 0x0, 0x40000000000f, 0xffd, 0xfffffffffffffffa, 0x7ffffffd, 0x4000000000009, 0xffffffff7ffffffc, 0x7, 0x7, 0x200000100103}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x89fc, &(0x7f0000000040)={'bridge0\x00', 0x0}) r5 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f00000001c0), r1) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'dvmrp0\x00', 0x0}) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="c0090000", @ANYRES16=r7, @ANYBLOB="131f2cbd700023723ab36bf877ac08000300", @ANYRES32=r4], 0x9c0}, 0x1, 0x0, 0x0, 0x2400c884}, 0x20040894) r10 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r11 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="13002cbd7000dddbdf250200000008000300", @ANYRES32=0x0, @ANYBLOB="08006100010100000000620003000000"], 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) sendmsg$auto_NET_SHAPER_CMD_GET(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0xd4, r5, 0x2, 0x70bd2b, 0x25dfdbfe, {}, [@NET_SHAPER_A_IFINDEX={0x8, 0x8, r6}, @NET_SHAPER_A_IFINDEX={0x8, 0x8, r9}, @NET_SHAPER_A_HANDLE={0x1c, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x9d0f}, @NET_SHAPER_A_HANDLE_ID={0x8, 0x2, 0x80000001}, @NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x4}]}, @NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x8937}]}, @NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0xfb}]}, @NET_SHAPER_A_HANDLE={0x2c, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_ID={0x8, 0x2, 0xff}, @NET_SHAPER_A_HANDLE_ID={0x8, 0x2, 0x4}, @NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x40}, @NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x8}, @NET_SHAPER_A_HANDLE_ID={0x8, 0x2, 0x4}]}, @NET_SHAPER_A_IFINDEX={0x8}, @NET_SHAPER_A_HANDLE={0x3c, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_ID={0x8, 0x2, 0x8}, @NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x6}, @NET_SHAPER_A_HANDLE_ID={0x8, 0x2, 0xd}, @NET_SHAPER_A_HANDLE_ID={0x8, 0x2, 0x4}, @NET_SHAPER_A_HANDLE_ID={0x8, 0x2, 0x7}, @NET_SHAPER_A_HANDLE_ID={0x8, 0x2, 0x4fa54be1}, @NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0xb1}]}, @NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_ID={0x8, 0x2, 0x2}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x20000000}, 0x5090) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r12 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r12, 0x4b4d, r12) 2.190875321s ago: executing program 2 (id=2601): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) io_uring_setup$auto(0x6, 0x0) (async) timerfd_create$auto(0x0, 0x0) (async) socket(0xa, 0x2, 0x0) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) (async) socket(0x1e, 0x805, 0x0) (async) sysfs$auto(0x2, 0x4, 0x0) fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x1, &(0x7f00000001c0)='+\x00', &(0x7f0000000280), 0x0) (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munlock$auto(0x7, 0x7) 873.07113ms ago: executing program 2 (id=2602): openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyw3\x00', 0x8000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = prctl$auto(0xeea0, 0x1, 0x4, 0x9, 0x7) bpf$auto_BPF_ENABLE_STATS(0x20, 0x0, 0x9) r1 = socket(0x2, 0x2, 0x0) sendmmsg$auto(r1, 0x0, 0x7, 0x4008) open(0x0, 0x161342, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mremap$auto(0x200000000000, 0x40000000004, 0xdc98, 0x3, 0x100000003) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x4, 0x1, 0x3ff, 0x8000000000000001, 0x9) r2 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000200)=ANY=[@ANYRESHEX=r3, @ANYRES8=r0, @ANYBLOB="0100000000000000b3"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x400c080) memfd_create$auto(0x0, 0xe) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r4, &(0x7f0000000080)='\x05\x00\x00\x00', 0x80000005) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0xfffffffffffffffd, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mprotect$auto(0x200000000000, 0x806121, 0x8) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r3, 0x13, &(0x7f0000000340)="5b8aea6478a9f1ae2f4dc1bf6de7027830df9139edae192a9bb624aba87fd65f2d865676737099adb4dad79b1bdf208799a244617eea3563d4de950d0ee9616c0070d85f9774766b68a0007adf7299b5a08779078dac1d3d31d7147dccc131132c7ed20735fc6a37266853d00d552b8501c85c2b8e4a5a116495ec0b915dfda3672e05e5271b6a08a96704000000470f0d20455dab25c34b6a99e640704b934705a784b4c79ba0194d20561d170407ea18787498c51a6edf218dc92e83b20807cad470981614e23e406217b1c2", 0x2) write$auto(0xffffffffffffffff, &(0x7f00000001c0)='7K\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x3dec) 335.127072ms ago: executing program 1 (id=2603): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000000008000) r0 = io_uring_setup$auto(0x1d48, &(0x7f0000000340)={0x7fffffff, 0x10, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x8, 0x1, 0x80000000, 0x100, 0x83, 0x101, 0x6, 0x8000000000000001}, {0x100, 0x1, 0x52, 0x5, 0x11, 0x101, 0x876c5, 0xc9, 0x3}}) io_uring_register$auto(r0, 0x11, 0x0, 0x56d) r1 = socket(0x2, 0x1, 0x106) r2 = socket(0x2, 0x3, 0xa) setsockopt$auto(0x4, 0x0, 0x3, &(0x7f0000000000)='!/*:(*\'\x00', 0x800000e) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) write$auto_sg_fops_sg(r3, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e) r4 = syz_genetlink_get_family_id$auto_tcp_metrics(0x0, 0xffffffffffffffff) r5 = io_uring_setup$auto(0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) recvfrom$auto(0xffffffffffffffff, 0x0, 0xde, 0x8, 0x0, 0x0) timer_create$auto(0xfffffffa, &(0x7f0000000100)={@sival_int=0x9, @inferred, 0x1, @_sigev_thread={0x0, 0x0}}, &(0x7f0000000140)=0x6) timer_settime$auto(0x0, 0x2, &(0x7f00000000c0)={{0xf, 0x10007}, {0x0, 0x401}}, 0x0) ioctl$auto_IOCTL_VMCI_CTX_GET_CPT_STATE(r5, 0x7b1, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, r4, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) r7 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/scsi/sg/debug\x00', 0x2000, 0x0) r8 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x3, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(r8, 0xae03, 0x42) pread64$auto(r7, 0x0, 0x6, 0x3) setsockopt$auto_SO_RCVLOWAT(r1, 0x9, 0x12, &(0x7f0000000080)='{\'/\x85(:\'-\x00', 0x4) mmap$auto(0x0, 0xe983, 0x2, 0xebd, r2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) r9 = timerfd_create$auto(0x8, 0x800) timerfd_settime$auto(r9, 0x3, &(0x7f0000000040)={{0x8, 0x3}, {0x0, 0xa2b}}, 0x0) 267.378508ms ago: executing program 0 (id=2604): r0 = socket(0x1d, 0x2, 0x6) setsockopt$auto(r0, 0x6a, 0xfffffffe, 0x0, 0xc) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x1000008) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) mprotect$auto(0x1ffffffff000, 0x100004, 0x6) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x403c6f2b, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r6 = ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x570, 0x400, 0x9}]}) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x100480, 0x0) ioctl$auto_TIOCGICOUNT2(r7, 0x545d, &(0x7f0000000680)) r8 = ioctl$auto_NS_GET_USERNS(r6, 0xb701, 0x0) r9 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f00000000c0), r0) sendmsg$auto_WG_CMD_SET_DEVICE(r8, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="88000000", @ANYRES16=r9, @ANYBLOB="00022abd7000fcdbdf25010000006c000300f63caf662b897ac6b53ca8c436619fa003468e4b5151a1254548ffdee8f53352885d6acf81cb719885849e280c68d8cb24b7a3b741c456b5df1c8140b7b15b088a3bac55c957a1c4ada115009d13dfde22982a4c54186370dffce293dcbdac7b15f19516ab2e6cfa0639229587065daa"], 0x88}, 0x1, 0x0, 0x0, 0xc040}, 0x4) 121.962785ms ago: executing program 1 (id=2605): unshare$auto(0x40000080) mmap$auto(0xffffffffffffffff, 0x2020004, 0x203, 0xeb1, 0xffffffffffffffff, 0x208000) bind$auto(0x3, 0x0, 0x6d) rseq$auto(0x0, 0x8000, 0x0, 0x6) openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/free_buffer\x00', 0x20103, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r0, 0x1000000000008000) write$auto_trace_options_core_fops_trace(0xffffffffffffffff, &(0x7f0000000140)="f95afc1373a7abecac0abbfe6077c056b1a4d5461b078edd7b5c3403d518da5ab2553196a0e1c7b3d26bd96c35aec29c3d012af30173164480dff4409f8806ea9ee8a66091fa0c240f35cd4121e71313f71c3de24bc1b696300c49c221a33e8cf65c714d5d6f21eedc463cb16db74744e533ff74261df1f62339fe0d288a62c2d2789723", 0x84) madvise$auto(0x0, 0x2000040080000004, 0xe) socket(0x2, 0x801, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x17) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="05082dbd7000ecdbdf257e000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x5, 0x0, 0xdf, 0xeb4, 0xffffffffffffffff, 0x1ff) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x2002, 0x0) sendfile$auto(0x3, r0, 0x0, 0xffff) fanotify_init$auto(0x5, 0x0) mmap$auto(0x0, 0x5, 0x7, 0x400ff, 0xffffffffffffffff, 0x10008003) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) io_uring_setup$auto(0x5, 0x0) mknod$auto(&(0x7f0000000240)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_\x00', 0x1085, 0x9) acct$auto(&(0x7f0000000480)='u[,&*}\x00\a\x00\'\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e') open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0xb3) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, 0x0) mmap$auto(0xfffffffffffffffc, 0x2020009, 0x3, 0xeb4, r2, 0x2) close_range$auto(0x2, 0xa, 0x0) 0s ago: executing program 2 (id=2606): openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim3/max_vfs\x00', 0x200100, 0x0) r0 = pidfd_open$auto(0x1, 0x0) r1 = socket(0xa, 0x3, 0x3b) write$auto(0xffffffffffffffff, &(0x7f0000000240)='.G\x1f*@sys\x00\xe7\xc9 \x8f\x10!\x11\xd4\x9by\xa8\xb2\x89c\xf8\xc41\xd4\x0f\x82\x8d\xd2\x04\x0f\xf6\xa0\xf7,O\x1d\t8\xb9H\xd5\xc4\xbb\x8f\x13\x94%\xcc\x0e\x9eT\xc1}+\x02J\xb9\x80\xe7\xb3<\x9a\xf1B\x13\xb7P\x9b\xce~\xff&zQ\xa8\x97\n\xb2\xf7\x15Z\x05\x8cl\x04\xca\x954\xdd3\xf9\xa3\x1e#,\xb7\xd2\xa6\x8d\x13\xd0\xf0\x14\x9a\xfa\xed\x9d\xa1\x98P.\'\xccA\x8b\xff\x82\xf8\xc3\xa9\xb6\xc3\x80E\xfc\xe3\xc6\x8d\xb8uh\x9f\xd1!\xa3\xe0dR\xda?\xdc:\xbd\x15X%\x84\xd2yL\x05\xaeV$\xda\xcd\xa1}_\xe0\x9c\x87\xaa\xa1\x1f\x93(\x96}\"sU.2\x1e\xb8\x01U\x8f\xe5\x7f]L\xca\xa2\x9b\x92ZYE\xd2\xe1<4\x9c\x85\x04\x86l2\x8e\xb2\x9e\x11\x82s\xd7\xe3\xdd\xdb\x041\xb2\x1c\xac@\x16\xb3sn\xec\r\x11J*\xbb\xd6\xde\x86v\x83T\xb1\xae\x91{_\xd7JK\xda\x01i#\xe89\x17\xaf\x03j5\r\xce\a\x1dl/#\x96I0x0}) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="c79f25bd7000ffdbdf250ee4000008000300", @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0xc031}, 0x44) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000480)={'batadv0\x00'}) kernel console output (not intermixed with test programs): 12433] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 430.145716][T12433] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 430.165825][T12433] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 430.180965][T12433] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 430.201702][T12433] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 430.220471][T12433] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 430.235440][T12433] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 430.245812][T12440] ubi0: detaching mtd0 [ 430.255686][T12444] ubi0: background thread "ubi_bgt0d" started, PID 12444 [ 430.337129][T12440] ubi0: mtd0 is detached [ 434.214252][T12532] ima: policy update failed [ 434.224302][ T29] audit: type=1802 audit(1778679902.152:127): pid=12532 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1686" res=0 errno=0 [ 435.968982][T12510] Process accounting resumed [ 437.901778][T12590] FAULT_INJECTION: forcing a failure. [ 437.901778][T12590] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 437.917602][T12590] CPU: 0 UID: 0 PID: 12590 Comm: syz.2.1703 Tainted: G L syzkaller #0 PREEMPT(full) [ 437.917646][T12590] Tainted: [L]=SOFTLOCKUP [ 437.917656][T12590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 437.917673][T12590] Call Trace: [ 437.917682][T12590] [ 437.917692][T12590] dump_stack_lvl+0x100/0x190 [ 437.917735][T12590] should_fail_ex.cold+0x5/0xa [ 437.917770][T12590] _copy_to_user+0x32/0xd0 [ 437.917801][T12590] mon_text_copy_to_user+0xce/0x1a0 [ 437.917833][T12590] mon_text_read_u+0x57b/0xbd0 [ 437.917867][T12590] ? __debugfs_file_get+0x1fc/0x860 [ 437.917901][T12590] ? __pfx_mon_text_read_u+0x10/0x10 [ 437.917943][T12590] full_proxy_read+0x135/0x1a0 [ 437.917974][T12590] ? __pfx_full_proxy_read+0x10/0x10 [ 437.918009][T12590] vfs_read+0x1e4/0xb30 [ 437.918044][T12590] ? __pfx_vfs_read+0x10/0x10 [ 437.918072][T12590] ? find_held_lock+0x2b/0x80 [ 437.918105][T12590] ? __fget_files+0x215/0x3d0 [ 437.918135][T12590] ? __fget_files+0x215/0x3d0 [ 437.918172][T12590] ? __fget_files+0x21f/0x3d0 [ 437.918213][T12590] __x64_sys_pread64+0x1eb/0x250 [ 437.918247][T12590] ? __pfx___x64_sys_pread64+0x10/0x10 [ 437.918284][T12590] ? rcu_is_watching+0x12/0xc0 [ 437.918324][T12590] do_syscall_64+0x10b/0xf80 [ 437.918362][T12590] ? clear_bhb_loop+0x40/0x90 [ 437.918396][T12590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.918424][T12590] RIP: 0033:0x7f0d9cd9ce59 [ 437.918447][T12590] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 437.918473][T12590] RSP: 002b:00007f0d9dc92028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 437.918499][T12590] RAX: ffffffffffffffda RBX: 00007f0d9d015fa0 RCX: 00007f0d9cd9ce59 [ 437.918518][T12590] RDX: 00000000ffffff7f RSI: 0000000000000000 RDI: 0000000000000004 [ 437.918534][T12590] RBP: 00007f0d9dc92090 R08: 0000000000000000 R09: 0000000000000000 [ 437.918550][T12590] R10: 0008000000000009 R11: 0000000000000246 R12: 0000000000000001 [ 437.918567][T12590] R13: 00007f0d9d016038 R14: 00007f0d9d015fa0 R15: 00007ffdff38de38 [ 437.918604][T12590] [ 439.576263][T12616] ubi0: attaching mtd0 [ 439.597816][T12616] ubi0: scanning is finished [ 439.792274][T12628] ima: policy update failed [ 439.810899][ T29] audit: type=1802 audit(1778679907.742:128): pid=12628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1713" res=0 errno=0 [ 439.844103][T12616] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 439.854617][T12616] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 439.866158][T12616] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 439.878325][T12616] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 439.935147][T12616] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 439.949458][T12616] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 439.998342][T12616] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 440.011490][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.018168][T12616] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 440.019314][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.043849][T12619] ubi0: detaching mtd0 [ 440.045357][T12629] ubi0: background thread "ubi_bgt0d" started, PID 12629 [ 440.133137][T12619] ubi0: mtd0 is detached [ 443.674820][T12692] ubi0: attaching mtd0 [ 443.689428][T12692] ubi0: scanning is finished [ 444.032403][T12692] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 444.058004][T12692] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 444.071858][T12692] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 444.081043][T12692] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 444.092775][T12692] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 444.103191][T12692] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 444.133882][T12692] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 444.155943][T12692] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 444.170460][T12702] ubi0: detaching mtd0 [ 444.206434][T12702] ubi0: mtd0 is detached [ 444.734377][T12713] net_ratelimit: 47 callbacks suppressed [ 444.734392][T12713] netlink: zone id is out of range [ 444.765687][T12713] netlink: zone id is out of range [ 444.784475][T12713] netlink: zone id is out of range [ 444.795221][T12713] netlink: zone id is out of range [ 444.804851][T12713] netlink: zone id is out of range [ 444.811331][T12713] netlink: zone id is out of range [ 444.819218][T12713] netlink: zone id is out of range [ 444.825122][T12713] netlink: zone id is out of range [ 444.830480][T12713] netlink: zone id is out of range [ 444.844957][T12713] netlink: zone id is out of range [ 445.023977][T12727] ubi0: attaching mtd0 [ 445.044699][T12727] ubi0: scanning is finished [ 445.307695][T12727] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 445.319105][T12727] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 445.357411][T12727] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 445.368697][T12727] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 445.386246][T12727] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 445.455190][T12727] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 445.468950][T12727] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 445.539140][T12727] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 445.585753][T12737] ubi0: background thread "ubi_bgt0d" started, PID 12737 [ 445.592868][T12730] ubi0: detaching mtd0 [ 445.672549][T12730] ubi0: mtd0 is detached [ 446.721582][T12761] ubi0: attaching mtd0 [ 446.734837][T12761] ubi0: scanning is finished [ 446.988639][T12761] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 446.997393][T12761] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 447.010822][T12761] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 447.036996][T12761] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 447.046454][T12761] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 447.056352][T12761] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 447.066004][T12761] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 447.108194][T12761] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 447.119132][T12764] ubi0: detaching mtd0 [ 447.126981][T12765] ubi0: background thread "ubi_bgt0d" started, PID 12765 [ 447.233034][T12764] ubi0: mtd0 is detached [ 447.238405][T12769] ubi0: attaching mtd0 [ 447.271502][T12769] ubi0: scanning is finished [ 447.647105][T12769] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 447.654791][T12769] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 447.662101][T12769] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 447.674260][T12769] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 447.683253][T12769] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 447.690830][T12769] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 447.790778][T12769] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 447.801018][T12769] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 447.885785][T12773] ubi0: detaching mtd0 [ 447.925048][T12773] ubi0: mtd0 is detached [ 448.225046][T12733] Process accounting paused [ 449.014093][T12790] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1747'. [ 450.216333][T12813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1754'. [ 450.684577][T12836] ima: policy update failed [ 450.701971][ T29] audit: type=1802 audit(1778679918.632:129): pid=12836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1760" res=0 errno=0 [ 453.371858][T12906] Process accounting resumed [ 454.267482][T12924] ima: policy update failed [ 454.306588][ T29] audit: type=1802 audit(1778679922.242:130): pid=12924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1779" res=0 errno=0 [ 455.266840][T12943] Process accounting paused [ 457.435992][T12993] net_ratelimit: 47 callbacks suppressed [ 457.436014][T12993] netlink: zone id is out of range [ 457.464371][T12993] netlink: zone id is out of range [ 457.483508][T12993] netlink: zone id is out of range [ 457.542566][T12993] netlink: zone id is out of range [ 457.558734][T12993] netlink: zone id is out of range [ 457.592148][T12993] netlink: zone id is out of range [ 457.603333][T12993] netlink: zone id is out of range [ 457.676348][T12993] netlink: zone id is out of range [ 457.723028][T12993] netlink: zone id is out of range [ 457.743528][T12993] netlink: zone id is out of range [ 460.164273][ T5630] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 460.175615][ T5630] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 460.614715][T13056] ubi0: attaching mtd0 [ 460.695893][T13056] ubi0: scanning is finished [ 460.722999][T13050] futex_wake_op: syz.0.1804 tries to shift op by -2048; fix this program [ 460.919181][T13050] futex_wake_op: syz.0.1804 tries to shift op by -2048; fix this program [ 461.073863][T13056] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 461.106923][T13056] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 461.125459][T13056] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 461.146508][T13056] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 461.185606][T13056] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 461.204078][T13056] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 461.227125][T13056] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 461.289707][T13056] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 461.355801][T13063] ubi0: background thread "ubi_bgt0d" started, PID 13063 [ 461.380732][T13057] ubi0: detaching mtd0 [ 461.441558][T13057] ubi0: mtd0 is detached [ 462.969580][T13092] ubi0: attaching mtd0 [ 462.983892][T13092] ubi0: scanning is finished [ 463.223232][T13092] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 463.232794][T13092] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 463.265698][T13092] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 463.315236][T13092] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 463.329228][T13092] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 463.355583][T13092] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 463.381667][T13092] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 463.415229][T13092] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 463.455208][T13094] ubi0: detaching mtd0 [ 463.459652][T13099] ubi0: background thread "ubi_bgt0d" started, PID 13099 [ 463.515485][T13094] ubi0: mtd0 is detached [ 468.077455][T13179] ubi0: attaching mtd0 [ 468.095036][T13179] ubi0: scanning is finished [ 468.348819][T13179] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 468.365807][T13179] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 468.375674][T13179] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 468.383746][T13179] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 468.394252][T13179] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 468.425920][T13179] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 468.465728][T13179] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 468.493719][T13179] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 468.525169][T13183] ubi0: detaching mtd0 [ 468.531633][T13184] ubi0: background thread "ubi_bgt0d" started, PID 13184 [ 468.648258][T13183] ubi0: mtd0 is detached [ 469.465821][T13205] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 471.809862][T13227] vivid-003: ================= START STATUS ================= [ 471.835197][T13227] vivid-003: Radio HW Seek Mode: Bounded [ 471.862868][T13227] vivid-003: Radio Programmable HW Seek: false [ 471.895776][T13227] vivid-003: RDS Rx I/O Mode: Block I/O [ 471.909274][T13227] vivid-003: Generate RBDS Instead of RDS: false [ 471.931706][T13227] vivid-003: RDS Reception: true [ 471.952530][T13227] vivid-003: RDS Program Type: 0 inactive [ 471.974962][T13227] vivid-003: RDS PS Name: inactive [ 472.012397][T13227] vivid-003: RDS Radio Text: inactive [ 472.031181][T13227] vivid-003: RDS Traffic Announcement: false inactive [ 472.082872][T13227] vivid-003: RDS Traffic Program: false inactive [ 472.109622][T13227] vivid-003: RDS Music: false inactive [ 472.116428][T13227] vivid-003: ================== END STATUS ================== [ 472.241246][T13249] ima: policy update failed [ 472.268873][ T29] audit: type=1802 audit(1778679940.202:131): pid=13249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1848" res=0 errno=0 [ 472.918361][T13266] ubi0: attaching mtd0 [ 472.938188][T13266] ubi0: scanning is finished [ 473.171478][T13266] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 473.185104][T13266] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 473.195380][T13266] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 473.225772][T13266] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 473.245072][T13266] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 473.265134][T13266] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 473.275572][T13266] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 473.301297][T13266] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 473.322798][T13269] ubi0: detaching mtd0 [ 473.332014][T13272] ubi0: background thread "ubi_bgt0d" started, PID 13272 [ 473.367944][T13269] ubi0: mtd0 is detached [ 474.055087][T13281] net_ratelimit: 47 callbacks suppressed [ 474.055105][T13281] netlink: zone id is out of range [ 474.077370][T13281] netlink: zone id is out of range [ 474.091962][T13281] netlink: zone id is out of range [ 474.103478][T13281] netlink: zone id is out of range [ 474.109502][T13281] netlink: zone id is out of range [ 474.117295][T13281] netlink: zone id is out of range [ 474.126956][T13281] netlink: zone id is out of range [ 474.132789][T13281] netlink: zone id is out of range [ 474.150027][T13281] netlink: zone id is out of range [ 474.161531][T13281] netlink: zone id is out of range [ 474.657066][T13310] ubi0: attaching mtd0 [ 474.686696][T13310] ubi0: scanning is finished [ 474.909851][T13310] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 474.920725][T13310] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 474.943400][T13310] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 474.950708][T13310] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 474.974612][T13310] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 474.984348][T13310] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 474.994250][T13310] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 475.007325][T13310] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 475.020244][T13321] ubi0: background thread "ubi_bgt0d" started, PID 13321 [ 475.030260][T13311] ubi: mtd0 is already attached to ubi0 [ 475.049085][T13316] ubi0: detaching mtd0 [ 475.084690][T13316] ubi0: mtd0 is detached [ 477.563453][T13377] ubi0: attaching mtd0 [ 477.569440][T13377] ubi0: scanning is finished [ 477.750479][T13377] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 477.766687][T13377] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 477.786556][T13377] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 477.828213][T13377] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 477.863375][T13377] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 477.887156][T13377] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 477.934071][T13377] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 477.982235][T13377] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 478.022951][T13381] ubi0: background thread "ubi_bgt0d" started, PID 13381 [ 478.033171][T13380] ubi0: detaching mtd0 [ 478.064390][T13380] ubi0: mtd0 is detached [ 478.943903][T13383] Process accounting resumed [ 479.324511][T13406] net_ratelimit: 47 callbacks suppressed [ 479.324527][T13406] netlink: zone id is out of range [ 479.345042][T13414] FAULT_INJECTION: forcing a failure. [ 479.345042][T13414] name failslab, interval 1, probability 0, space 0, times 0 [ 479.361565][T13406] netlink: zone id is out of range [ 479.368674][T13406] netlink: zone id is out of range [ 479.376064][T13406] netlink: zone id is out of range [ 479.382859][T13406] netlink: zone id is out of range [ 479.383129][T13414] CPU: 0 UID: 0 PID: 13414 Comm: syz.2.1882 Tainted: G L syzkaller #0 PREEMPT(full) [ 479.383172][T13414] Tainted: [L]=SOFTLOCKUP [ 479.383181][T13414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 479.383198][T13414] Call Trace: [ 479.383207][T13414] [ 479.383218][T13414] dump_stack_lvl+0x100/0x190 [ 479.383255][T13414] should_fail_ex.cold+0x5/0xa [ 479.383290][T13414] ? memcg_list_lru_alloc+0x4ec/0x740 [ 479.383316][T13414] should_failslab+0xc2/0x120 [ 479.383352][T13414] __kmalloc_noprof+0xe0/0x850 [ 479.383378][T13414] ? __lock_acquire+0x4a5/0x2630 [ 479.383409][T13414] memcg_list_lru_alloc+0x4ec/0x740 [ 479.383446][T13414] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 479.383490][T13414] __memcg_slab_post_alloc_hook+0x27e/0xff0 [ 479.383537][T13414] ? kasan_save_track+0x14/0x30 [ 479.383566][T13414] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 479.383610][T13414] ? bdev_alloc_inode+0x26/0x90 [ 479.383658][T13414] ? __pfx_bdev_alloc_inode+0x10/0x10 [ 479.383702][T13414] bdev_alloc_inode+0x26/0x90 [ 479.383744][T13414] ? __pfx_bdev_alloc_inode+0x10/0x10 [ 479.383785][T13414] alloc_inode+0x68/0x250 [ 479.383835][T13414] new_inode+0x22/0x1c0 [ 479.383882][T13414] bdev_alloc+0x2b/0x420 [ 479.383907][T13414] ? bdi_init+0x3f4/0x5b0 [ 479.383937][T13414] ? bdi_init+0x49f/0x5b0 [ 479.383971][T13414] __alloc_disk_node+0x116/0x6b0 [ 479.384017][T13414] __blk_mq_alloc_disk+0x89/0x120 [ 479.384054][T13414] loop_add+0x498/0xb60 [ 479.384095][T13414] ? __pfx_loop_add+0x10/0x10 [ 479.384155][T13414] ? find_held_lock+0x2b/0x80 [ 479.384190][T13414] ? __fget_files+0x215/0x3d0 [ 479.384225][T13414] loop_control_ioctl+0xae/0x620 [ 479.384267][T13414] ? __pfx_loop_control_ioctl+0x10/0x10 [ 479.384315][T13414] ? __pfx_loop_control_ioctl+0x10/0x10 [ 479.384359][T13414] __x64_sys_ioctl+0x18e/0x210 [ 479.384390][T13414] do_syscall_64+0x10b/0xf80 [ 479.384429][T13414] ? clear_bhb_loop+0x40/0x90 [ 479.384462][T13414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.384491][T13414] RIP: 0033:0x7f0d9cd9ce59 [ 479.384514][T13414] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 479.384541][T13414] RSP: 002b:00007f0d9dc71028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 479.384567][T13414] RAX: ffffffffffffffda RBX: 00007f0d9d016090 RCX: 00007f0d9cd9ce59 [ 479.384585][T13414] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000009 [ 479.384600][T13414] RBP: 00007f0d9ce32d6f R08: 0000000000000000 R09: 0000000000000000 [ 479.384617][T13414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 479.384634][T13414] R13: 00007f0d9d016128 R14: 00007f0d9d016090 R15: 00007ffdff38de38 [ 479.384669][T13414] [ 479.672710][T13406] netlink: zone id is out of range [ 479.695658][T13406] netlink: zone id is out of range [ 479.716345][T13406] netlink: zone id is out of range [ 479.734521][T13406] netlink: zone id is out of range [ 479.759681][T13406] netlink: zone id is out of range [ 480.247665][T13432] ubi0: attaching mtd0 [ 480.278514][T13432] ubi0: scanning is finished [ 480.522336][T13432] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 480.539651][T13432] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 480.554813][T13432] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 480.593570][T13432] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 480.601230][T13432] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 480.620654][T13432] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 480.630834][T13432] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 480.641248][T13432] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 480.656527][T13442] ubi0: background thread "ubi_bgt0d" started, PID 13442 [ 483.506769][T13501] Process accounting paused [ 483.545900][T13506] FAULT_INJECTION: forcing a failure. [ 483.545900][T13506] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 483.587811][T13508] ubi: mtd0 is already attached to ubi0 [ 483.598675][T13506] CPU: 0 UID: 0 PID: 13506 Comm: syz.2.1899 Tainted: G L syzkaller #0 PREEMPT(full) [ 483.598702][T13506] Tainted: [L]=SOFTLOCKUP [ 483.598707][T13506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 483.598716][T13506] Call Trace: [ 483.598722][T13506] [ 483.598728][T13506] dump_stack_lvl+0x100/0x190 [ 483.598749][T13506] should_fail_ex.cold+0x5/0xa [ 483.598768][T13506] _copy_from_user+0x2e/0xd0 [ 483.598784][T13506] ip6_mroute_setsockopt+0x2675/0x3670 [ 483.598807][T13506] ? __pfx_ip6_mroute_setsockopt+0x10/0x10 [ 483.598822][T13506] ? is_bpf_text_address+0x8a/0x1a0 [ 483.598843][T13506] ? is_bpf_text_address+0x8a/0x1a0 [ 483.598864][T13506] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 483.598885][T13506] ? is_bpf_text_address+0x94/0x1a0 [ 483.598905][T13506] ? kernel_text_address+0x8d/0x100 [ 483.598921][T13506] ? __kernel_text_address+0xd/0x30 [ 483.598935][T13506] ? unwind_get_return_address+0x59/0xa0 [ 483.598955][T13506] ? arch_stack_walk+0xa6/0xf0 [ 483.598979][T13506] ? _parse_integer_limit+0x17f/0x1d0 [ 483.599011][T13506] ? do_ipv6_setsockopt+0x551/0x43b0 [ 483.599049][T13506] do_ipv6_setsockopt+0x551/0x43b0 [ 483.599093][T13506] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 483.599115][T13506] ? aa_label_sk_perm+0x194/0x5f0 [ 483.599135][T13506] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 483.599156][T13506] ? find_held_lock+0x2b/0x80 [ 483.599175][T13506] ? get_pid_task+0xfc/0x250 [ 483.599195][T13506] ? get_pid_task+0xfc/0x250 [ 483.599222][T13506] ? __pfx___might_resched+0x10/0x10 [ 483.599239][T13506] ? __lock_acquire+0x4a5/0x2630 [ 483.599254][T13506] ? aa_sk_perm+0x309/0xaa0 [ 483.599271][T13506] ? ipv6_setsockopt+0xcb/0x170 [ 483.599291][T13506] ipv6_setsockopt+0xcb/0x170 [ 483.599314][T13506] rawv6_setsockopt+0xee/0x5a0 [ 483.599336][T13506] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 483.599355][T13506] ? aa_sock_opt_perm+0xfe/0x1b0 [ 483.599375][T13506] ? sock_common_setsockopt+0x2e/0xf0 [ 483.599394][T13506] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 483.599415][T13506] do_sock_setsockopt+0xf3/0x1d0 [ 483.599435][T13506] __sys_setsockopt+0x119/0x190 [ 483.599455][T13506] __x64_sys_setsockopt+0xbd/0x160 [ 483.599469][T13506] ? do_syscall_64+0x90/0xf80 [ 483.599490][T13506] ? lockdep_hardirqs_on+0x78/0x100 [ 483.599510][T13506] do_syscall_64+0x10b/0xf80 [ 483.599530][T13506] ? clear_bhb_loop+0x40/0x90 [ 483.599547][T13506] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.599561][T13506] RIP: 0033:0x7f0d9cd9ce59 [ 483.599575][T13506] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 483.599595][T13506] RSP: 002b:00007f0d9dc92028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 483.599610][T13506] RAX: ffffffffffffffda RBX: 00007f0d9d015fa0 RCX: 00007f0d9cd9ce59 [ 483.599619][T13506] RDX: 00000000000000d3 RSI: 0000000000000029 RDI: 0400000000000003 [ 483.599628][T13506] RBP: 00007f0d9dc92090 R08: 0000000000000567 R09: 0000000000000000 [ 483.599637][T13506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 483.599646][T13506] R13: 00007f0d9d016038 R14: 00007f0d9d015fa0 R15: 00007ffdff38de38 [ 483.599665][T13506] [ 485.266797][T13523] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1904'. [ 485.297214][T13532] Process accounting resumed [ 489.387712][T13601] net_ratelimit: 47 callbacks suppressed [ 489.387728][T13601] netlink: zone id is out of range [ 489.409840][T13601] netlink: zone id is out of range [ 489.423844][T13601] netlink: zone id is out of range [ 489.432618][T13601] netlink: zone id is out of range [ 489.441808][T13601] netlink: zone id is out of range [ 489.465245][T13601] netlink: zone id is out of range [ 489.471996][T13601] netlink: zone id is out of range [ 489.486853][T13601] netlink: zone id is out of range [ 489.494294][T13601] netlink: zone id is out of range [ 489.499817][T13601] netlink: zone id is out of range [ 490.180999][ T5630] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 490.188582][ T5630] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 490.773461][T13622] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1925'. [ 491.675031][T13659] ima: policy update failed [ 491.684319][ T29] audit: type=1802 audit(1778679959.612:132): pid=13659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1933" res=0 errno=0 [ 494.922710][T13728] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1948'. [ 496.321460][T13744] ubi: mtd0 is already attached to ubi0 [ 496.402087][T13746] ubi0: detaching mtd0 [ 496.439152][T13746] ubi0: mtd0 is detached [ 497.598800][T13761] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1957'. [ 500.662716][T13817] cgroup: fork rejected by pids controller in /syz0 [ 501.117072][T13959] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 501.166811][T13962] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1969'. [ 501.448992][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.455423][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.322321][T14006] FAULT_INJECTION: forcing a failure. [ 503.322321][T14006] name failslab, interval 1, probability 0, space 0, times 0 [ 503.365887][T14006] CPU: 1 UID: 0 PID: 14006 Comm: syz.1.1979 Tainted: G L syzkaller #0 PREEMPT(full) [ 503.365914][T14006] Tainted: [L]=SOFTLOCKUP [ 503.365919][T14006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 503.365928][T14006] Call Trace: [ 503.365934][T14006] [ 503.365940][T14006] dump_stack_lvl+0x100/0x190 [ 503.365962][T14006] should_fail_ex.cold+0x5/0xa [ 503.365981][T14006] should_failslab+0xc2/0x120 [ 503.365999][T14006] __kvmalloc_node_noprof+0xfa/0xa00 [ 503.366020][T14006] ? __kvm_mmu_topup_memory_cache+0x455/0x5f0 [ 503.366038][T14006] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.366056][T14006] __kvm_mmu_topup_memory_cache+0x455/0x5f0 [ 503.366076][T14006] mmu_topup_memory_caches+0x25/0x170 [ 503.366097][T14006] kvm_mmu_load+0xd6/0x23e0 [ 503.366114][T14006] ? register_lock_class+0x40/0x560 [ 503.366129][T14006] ? vmx_vcpu_load_vmcs+0x21d/0x760 [ 503.366153][T14006] ? __pfx_kvm_mmu_load+0x10/0x10 [ 503.366168][T14006] ? __lock_acquire+0x4a5/0x2630 [ 503.366187][T14006] kvm_arch_vcpu_pre_fault_memory+0x6ab/0x800 [ 503.366207][T14006] ? __pfx_kvm_arch_vcpu_pre_fault_memory+0x10/0x10 [ 503.366231][T14006] kvm_vcpu_ioctl+0x100d/0x1720 [ 503.366247][T14006] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 503.366262][T14006] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 503.366284][T14006] ? do_vfs_ioctl+0x226/0x13e0 [ 503.366300][T14006] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 503.366319][T14006] ? find_held_lock+0x2b/0x80 [ 503.366337][T14006] ? __fget_files+0x215/0x3d0 [ 503.366353][T14006] ? hook_file_ioctl_common+0x149/0x410 [ 503.366374][T14006] ? __fget_files+0x21f/0x3d0 [ 503.366393][T14006] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 503.366408][T14006] __x64_sys_ioctl+0x18e/0x210 [ 503.366424][T14006] do_syscall_64+0x10b/0xf80 [ 503.366446][T14006] ? clear_bhb_loop+0x40/0x90 [ 503.366463][T14006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.366478][T14006] RIP: 0033:0x7fb42519ce59 [ 503.366491][T14006] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 503.366505][T14006] RSP: 002b:00007fb426041028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 503.366520][T14006] RAX: ffffffffffffffda RBX: 00007fb425415fa0 RCX: 00007fb42519ce59 [ 503.366530][T14006] RDX: 0000000000000000 RSI: 00000000c040aed5 RDI: 0000000000000004 [ 503.366539][T14006] RBP: 00007fb426041090 R08: 0000000000000000 R09: 0000000000000000 [ 503.366548][T14006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 503.366556][T14006] R13: 00007fb425416038 R14: 00007fb425415fa0 R15: 00007ffd06209158 [ 503.366575][T14006] [ 504.277789][T14021] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1981'. [ 504.594700][T14025] futex_wake_op: syz.2.1982 tries to shift op by -2048; fix this program [ 504.631684][T14025] 0x000000000001-0x000000020000 : "" [ 504.788336][T14025] ftl_cs: FTL header corrupt! [ 505.444109][T14027] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1983'. [ 506.223456][T14064] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1991'. [ 508.072878][T14116] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2003'. [ 509.713743][T14147] Process accounting paused [ 513.523936][T14207] Process accounting resumed [ 515.327791][T14252] ima: policy update failed [ 515.337875][ T29] audit: type=1802 audit(1778679983.272:133): pid=14252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2031" res=0 errno=0 [ 515.501902][T14254] ima: policy update failed [ 515.538522][ T29] audit: type=1802 audit(1778679983.472:134): pid=14254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2032" res=0 errno=0 [ 515.670271][T14227] Process accounting paused [ 516.564493][T14275] ubi0: attaching mtd0 [ 516.589782][T14275] ubi0: scanning is finished [ 516.865385][T14275] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 516.900343][T14275] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 516.915929][T14275] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 516.934643][T14275] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 516.956065][T14275] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 516.976119][T14275] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 516.984276][T14275] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 517.005947][T14275] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 517.045373][T14279] ubi: mtd0 is already attached to ubi0 [ 517.051215][T14289] ubi0: background thread "ubi_bgt0d" started, PID 14289 [ 517.075965][T14285] ubi0: detaching mtd0 [ 517.128177][T14285] ubi0: mtd0 is detached [ 517.256797][T14295] ima: policy update failed [ 517.264921][ T29] audit: type=1802 audit(1778679985.192:135): pid=14295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2040" res=0 errno=0 [ 518.950970][T14327] FAULT_INJECTION: forcing a failure. [ 518.950970][T14327] name failslab, interval 1, probability 0, space 0, times 0 [ 519.006526][T14327] CPU: 1 UID: 0 PID: 14327 Comm: syz.1.2047 Tainted: G L syzkaller #0 PREEMPT(full) [ 519.006554][T14327] Tainted: [L]=SOFTLOCKUP [ 519.006560][T14327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 519.006569][T14327] Call Trace: [ 519.006575][T14327] [ 519.006582][T14327] dump_stack_lvl+0x100/0x190 [ 519.006605][T14327] should_fail_ex.cold+0x5/0xa [ 519.006625][T14327] should_failslab+0xc2/0x120 [ 519.006650][T14327] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 519.006674][T14327] ? alloc_empty_file+0x5b/0x1c0 [ 519.006698][T14327] ? __pfx_stack_trace_save+0x10/0x10 [ 519.006721][T14327] alloc_empty_file+0x5b/0x1c0 [ 519.006742][T14327] path_openat+0xe8/0x31a0 [ 519.006759][T14327] ? kasan_save_stack+0x3f/0x50 [ 519.006772][T14327] ? kasan_save_stack+0x30/0x50 [ 519.006785][T14327] ? kasan_save_track+0x14/0x30 [ 519.006798][T14327] ? __kasan_slab_alloc+0x89/0x90 [ 519.006812][T14327] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 519.006837][T14327] ? do_getname+0x35/0x390 [ 519.006857][T14327] ? do_sys_openat2+0xc5/0x1e0 [ 519.006878][T14327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 519.006898][T14327] ? __pfx_path_openat+0x10/0x10 [ 519.006923][T14327] do_file_open+0x20e/0x430 [ 519.006942][T14327] ? __pfx_do_file_open+0x10/0x10 [ 519.006976][T14327] ? alloc_fd+0x476/0x790 [ 519.006996][T14327] ? do_getname+0x191/0x390 [ 519.007018][T14327] do_sys_openat2+0x10d/0x1e0 [ 519.007040][T14327] ? __pfx_do_sys_openat2+0x10/0x10 [ 519.007063][T14327] ? find_held_lock+0x2b/0x80 [ 519.007086][T14327] __x64_sys_openat+0x12d/0x210 [ 519.007116][T14327] ? __pfx___x64_sys_openat+0x10/0x10 [ 519.007158][T14327] ? rcu_is_watching+0x12/0xc0 [ 519.007178][T14327] do_syscall_64+0x10b/0xf80 [ 519.007199][T14327] ? clear_bhb_loop+0x40/0x90 [ 519.007217][T14327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 519.007232][T14327] RIP: 0033:0x7fb42515d68e [ 519.007246][T14327] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 519.007260][T14327] RSP: 002b:00007fb426040ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 519.007276][T14327] RAX: ffffffffffffffda RBX: 00007fb4260416c0 RCX: 00007fb42515d68e [ 519.007286][T14327] RDX: 0000000000000002 RSI: 00007fb426040f90 RDI: ffffffffffffff9c [ 519.007295][T14327] RBP: 00007fb425232d6f R08: 0000000000000000 R09: 0000000000000000 [ 519.007304][T14327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 519.007313][T14327] R13: 00007fb425416038 R14: 00007fb425415fa0 R15: 00007ffd06209158 [ 519.007333][T14327] [ 520.279911][T14343] ubi0: attaching mtd0 [ 520.323315][T14343] ubi0: scanning is finished [ 520.591118][T14343] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 520.599845][T14343] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 520.626804][T14343] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 520.634021][T14343] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 520.642896][T14343] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 520.653366][T14343] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 520.664685][T14343] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 520.676228][T14343] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 520.688792][T14350] ubi0: detaching mtd0 [ 520.689054][T14353] ubi0: background thread "ubi_bgt0d" started, PID 14353 [ 520.815366][T14350] ubi0: mtd0 is detached [ 521.557548][T14366] net_ratelimit: 104 callbacks suppressed [ 521.557566][T14366] netlink: zone id is out of range [ 521.580324][T14366] netlink: zone id is out of range [ 521.586558][T14366] netlink: zone id is out of range [ 521.600565][T14366] netlink: zone id is out of range [ 521.612222][T14366] netlink: zone id is out of range [ 521.626990][T14366] netlink: zone id is out of range [ 521.636339][T14366] netlink: zone id is out of range [ 521.641813][T14366] netlink: zone id is out of range [ 521.651677][T14366] netlink: zone id is out of range [ 521.657242][T14366] netlink: zone id is out of range [ 522.281996][T14388] ima: policy update failed [ 522.309052][ T29] audit: type=1802 audit(1778679990.242:136): pid=14388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2062" res=0 errno=0 [ 522.380486][T14388] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2062'. [ 529.742819][T14510] ima: policy update failed [ 529.762127][ T29] audit: type=1802 audit(1778679997.692:137): pid=14510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2090" res=0 errno=0 [ 529.836397][T14510] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2090'. [ 530.897541][T14529] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 530.937885][T14529] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 531.011428][T14529] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 531.171833][T14535] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 1: bad block bitmap checksum [ 531.605156][ T50] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 531.616264][ T50] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 531.634138][ T50] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 531.647222][ T50] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 531.654889][ T50] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 533.685866][ T5630] Bluetooth: hci4: command tx timeout [ 533.722429][T14582] net_ratelimit: 47 callbacks suppressed [ 533.722447][T14582] netlink: zone id is out of range [ 533.741868][T14582] netlink: zone id is out of range [ 533.759454][T14582] netlink: zone id is out of range [ 533.769581][T14582] netlink: zone id is out of range [ 533.782392][T14582] netlink: zone id is out of range [ 533.788252][T14582] netlink: zone id is out of range [ 533.796625][T14582] netlink: zone id is out of range [ 533.808701][T14582] netlink: zone id is out of range [ 533.836890][T14582] netlink: zone id is out of range [ 533.842150][T14582] netlink: zone id is out of range [ 535.645413][T14544] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.666261][T14544] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.683532][T14544] bridge_slave_0: entered allmulticast mode [ 535.693471][T14544] bridge_slave_0: entered promiscuous mode [ 535.716385][T14544] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.744992][T14544] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.765672][ T5630] Bluetooth: hci4: command tx timeout [ 535.773406][T14544] bridge_slave_1: entered allmulticast mode [ 535.803156][T14544] bridge_slave_1: entered promiscuous mode [ 535.882458][T14544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 535.956400][T14544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 536.155244][T14544] team0: Port device team_slave_0 added [ 536.174669][T14544] team0: Port device team_slave_1 added [ 536.370294][T14544] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 536.387095][T14544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 536.445612][T14544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 536.784612][T14544] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 536.798724][T14544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 536.825194][T14544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 537.069727][T14544] hsr_slave_0: entered promiscuous mode [ 537.087743][T14544] hsr_slave_1: entered promiscuous mode [ 537.106867][T14544] debugfs: 'hsr0' already exists in 'hsr' [ 537.119293][T14544] Cannot create hsr debugfs directory [ 537.845723][ T5630] Bluetooth: hci4: command tx timeout [ 538.312116][T14544] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.620629][T14544] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.793477][T14544] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.041283][T14544] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.925579][ T5630] Bluetooth: hci4: command tx timeout [ 540.120127][T14665] ubi0: attaching mtd0 [ 540.137107][T14665] ubi0: scanning is finished [ 540.207096][T14640] Process accounting resumed [ 540.243064][T14544] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 540.308193][T14544] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 540.338877][T14544] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 540.370729][T14544] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 540.471343][T14665] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 540.479475][T14665] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 540.488303][T14665] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 540.497635][T14665] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 540.505380][T14665] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 540.514480][T14665] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 540.527252][T14665] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 540.540416][T14665] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 540.557292][T14673] ubi0: background thread "ubi_bgt0d" started, PID 14673 [ 540.575143][T14668] ubi0: detaching mtd0 [ 540.584341][T14544] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 540.621710][T14668] ubi0: mtd0 is detached [ 540.633939][T14544] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 540.669479][T14544] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 540.715127][T14544] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 540.971147][T14544] 8021q: adding VLAN 0 to HW filter on device bond0 [ 541.007285][T14544] 8021q: adding VLAN 0 to HW filter on device team0 [ 541.024448][ T3041] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.031599][ T3041] bridge0: port 1(bridge_slave_0) entered forwarding state [ 541.107054][ T3041] bridge0: port 2(bridge_slave_1) entered blocking state [ 541.114459][ T3041] bridge0: port 2(bridge_slave_1) entered forwarding state [ 541.302251][T14675] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2119'. [ 542.472327][T14706] net_ratelimit: 47 callbacks suppressed [ 542.472343][T14706] netlink: zone id is out of range [ 542.512888][T14544] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 542.520654][T14706] netlink: zone id is out of range [ 542.528853][T14706] netlink: zone id is out of range [ 542.542996][T14706] netlink: zone id is out of range [ 542.567160][ T12] gretap0: left allmulticast mode [ 542.576281][T14706] netlink: zone id is out of range [ 542.591061][ T12] bridge0: port 3(gretap0) entered disabled state [ 542.601048][T14706] netlink: zone id is out of range [ 542.622828][T14706] netlink: zone id is out of range [ 542.633722][ T12] bridge_slave_1: left allmulticast mode [ 542.648634][T14706] netlink: zone id is out of range [ 542.660033][ T12] bridge_slave_1: left promiscuous mode [ 542.670611][T14706] netlink: zone id is out of range [ 542.679348][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.695814][T14706] netlink: zone id is out of range [ 542.728392][ T12] bridge_slave_0: left allmulticast mode [ 542.742406][ T12] bridge_slave_0: left promiscuous mode [ 542.758529][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 543.361122][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 543.401126][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 543.439600][ T12] bond0 (unregistering): Released all slaves [ 543.693535][T14715] Process accounting paused [ 543.700223][T14544] veth0_vlan: entered promiscuous mode [ 543.739507][T14544] veth1_vlan: entered promiscuous mode [ 543.965383][T14544] veth0_macvtap: entered promiscuous mode [ 543.976891][T14728] ima: policy update failed [ 543.996130][ T29] audit: type=1802 audit(1778680011.922:138): pid=14728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2128" res=0 errno=0 [ 544.085036][T14544] veth1_macvtap: entered promiscuous mode [ 544.104441][T14728] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2128'. [ 544.597253][T14544] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 544.613345][T14544] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 545.118280][ T58] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.127252][ T58] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.295190][ T58] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.307132][ T58] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.206566][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 547.238174][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 547.398006][ T3041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 547.421449][ T3041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 547.603270][T14747] Process accounting resumed [ 548.665260][T14780] ima: policy update failed [ 548.679746][ T29] audit: type=1802 audit(1778680016.612:139): pid=14780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2137" res=0 errno=0 [ 548.773928][T14780] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2137'. [ 549.433275][ T12] hsr_slave_0: left promiscuous mode [ 549.439519][ T12] hsr_slave_1: left promiscuous mode [ 549.447704][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 549.458840][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 549.473840][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 549.495775][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 549.605982][ T12] veth1_macvtap: left promiscuous mode [ 549.631087][ T12] veth0_macvtap: left promiscuous mode [ 549.653246][ T12] veth1_vlan: left promiscuous mode [ 549.689371][ T12] veth0_vlan: left promiscuous mode [ 550.738870][ T12] team0 (unregistering): Port device team_slave_1 removed [ 550.808344][ T12] team0 (unregistering): Port device team_slave_0 removed [ 551.438564][T14816] ubi0: attaching mtd0 [ 551.469024][T14816] ubi0: scanning is finished [ 551.707512][T14816] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 551.720346][T14816] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 551.729802][T14816] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 551.754762][T14816] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 551.763937][T14816] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 551.862621][T14816] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 551.872441][T14816] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 552.000011][T14816] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 552.049724][T14819] ubi0: detaching mtd0 [ 552.075173][T14819] ubi0: mtd0 is detached [ 552.392084][T14829] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 553.086112][T14834] ima: policy update failed [ 553.105704][ T29] audit: type=1802 audit(1778680021.032:140): pid=14834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2147" res=0 errno=0 [ 553.183091][T14834] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2147'. [ 553.533164][T14850] net_ratelimit: 47 callbacks suppressed [ 553.533180][T14850] netlink: zone id is out of range [ 553.576815][T14850] netlink: zone id is out of range [ 553.605839][T14850] netlink: zone id is out of range [ 553.617832][T14850] netlink: zone id is out of range [ 553.623436][T14850] netlink: zone id is out of range [ 553.631044][T14850] netlink: zone id is out of range [ 553.639040][T14850] netlink: zone id is out of range [ 553.649124][T14850] netlink: zone id is out of range [ 553.657360][T14850] netlink: zone id is out of range [ 553.664098][T14850] netlink: zone id is out of range [ 556.354667][T14890] ima: policy update failed [ 556.361151][ T29] audit: type=1802 audit(1778680024.292:141): pid=14890 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2159" res=0 errno=0 [ 556.414263][T14890] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2159'. [ 557.269691][T14898] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2161'. [ 561.624325][T14970] net_ratelimit: 47 callbacks suppressed [ 561.624342][T14970] netlink: zone id is out of range [ 561.651866][T14970] netlink: zone id is out of range [ 561.670132][T14970] netlink: zone id is out of range [ 561.676318][T14970] netlink: zone id is out of range [ 561.683079][T14970] netlink: zone id is out of range [ 561.763653][T14970] netlink: zone id is out of range [ 561.821634][T14970] netlink: zone id is out of range [ 561.835154][T14970] netlink: zone id is out of range [ 561.842695][T14970] netlink: zone id is out of range [ 561.850542][T14970] netlink: zone id is out of range [ 562.686983][T14985] ubi0: attaching mtd0 [ 562.717970][T14985] ubi0: scanning is finished [ 562.887104][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.893503][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.021353][T14985] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 563.028970][T14985] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 563.047255][T14985] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 563.094543][T14985] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 563.153373][T14985] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 563.195187][T14985] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 563.240280][T14985] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 563.302138][T14985] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 563.340154][T14995] ubi0: background thread "ubi_bgt0d" started, PID 14995 [ 563.350482][T14987] ubi0: detaching mtd0 [ 563.386765][T14987] ubi0: mtd0 is detached [ 564.370191][T15002] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2179'. [ 565.218581][T15034] FAULT_INJECTION: forcing a failure. [ 565.218581][T15034] name failslab, interval 1, probability 0, space 0, times 0 [ 565.267282][T15034] CPU: 0 UID: 0 PID: 15034 Comm: syz.2.2186 Tainted: G L syzkaller #0 PREEMPT(full) [ 565.267311][T15034] Tainted: [L]=SOFTLOCKUP [ 565.267316][T15034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 565.267325][T15034] Call Trace: [ 565.267331][T15034] [ 565.267336][T15034] dump_stack_lvl+0x100/0x190 [ 565.267359][T15034] should_fail_ex.cold+0x5/0xa [ 565.267384][T15034] ? tomoyo_realpath_from_path+0xb6/0x690 [ 565.267404][T15034] should_failslab+0xc2/0x120 [ 565.267422][T15034] __kmalloc_noprof+0xe0/0x850 [ 565.267435][T15034] ? kfree+0x1dd/0x6c0 [ 565.267458][T15034] tomoyo_realpath_from_path+0xb6/0x690 [ 565.267480][T15034] tomoyo_path_number_perm+0x23c/0x580 [ 565.267495][T15034] ? tomoyo_path_number_perm+0x22e/0x580 [ 565.267512][T15034] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 565.267546][T15034] ? find_held_lock+0x2b/0x80 [ 565.267565][T15034] ? __fget_files+0x215/0x3d0 [ 565.267581][T15034] ? hook_file_ioctl_common+0x149/0x410 [ 565.267596][T15034] ? __fget_files+0x215/0x3d0 [ 565.267616][T15034] ? __fget_files+0x21f/0x3d0 [ 565.267635][T15034] security_file_ioctl+0xd3/0x230 [ 565.267652][T15034] __x64_sys_ioctl+0xb7/0x210 [ 565.267668][T15034] do_syscall_64+0x10b/0xf80 [ 565.267689][T15034] ? clear_bhb_loop+0x40/0x90 [ 565.267707][T15034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.267722][T15034] RIP: 0033:0x7f0d9cd9ce59 [ 565.267735][T15034] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 565.267749][T15034] RSP: 002b:00007f0d9dc92028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 565.267764][T15034] RAX: ffffffffffffffda RBX: 00007f0d9d015fa0 RCX: 00007f0d9cd9ce59 [ 565.267774][T15034] RDX: 0000000000000000 RSI: 0000000041a0ae8d RDI: 0000000000000004 [ 565.267783][T15034] RBP: 00007f0d9dc92090 R08: 0000000000000000 R09: 0000000000000000 [ 565.267792][T15034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 565.267800][T15034] R13: 00007f0d9d016038 R14: 00007f0d9d015fa0 R15: 00007ffdff38de38 [ 565.267819][T15034] [ 565.267918][T15034] ERROR: Out of memory at tomoyo_realpath_from_path. [ 567.115800][ T5630] block nbd0: Receive control failed (result -32) [ 567.261162][T15065] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2194'. [ 567.603081][T15070] net_ratelimit: 104 callbacks suppressed [ 567.603096][T15070] netlink: zone id is out of range [ 567.641724][T15076] netlink: 286 bytes leftover after parsing attributes in process `syz.3.2196'. [ 567.690789][T15070] netlink: zone id is out of range [ 567.720799][T15070] netlink: zone id is out of range [ 567.735939][T15070] netlink: zone id is out of range [ 567.747561][T15070] netlink: zone id is out of range [ 567.816845][T15070] netlink: zone id is out of range [ 567.824240][T15070] netlink: zone id is out of range [ 567.829726][T15070] netlink: zone id is out of range [ 567.834945][T15070] netlink: zone id is out of range [ 567.850644][T15070] netlink: zone id is out of range [ 569.301309][T15107] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2204'. [ 570.390894][T15140] usb usb2: usbfs: process 15140 (syz.2.2211) did not claim interface 4 before use [ 571.384844][T15163] FAULT_INJECTION: forcing a failure. [ 571.384844][T15163] name failslab, interval 1, probability 0, space 0, times 0 [ 571.411433][T15163] CPU: 1 UID: 0 PID: 15163 Comm: syz.2.2216 Tainted: G L syzkaller #0 PREEMPT(full) [ 571.411481][T15163] Tainted: [L]=SOFTLOCKUP [ 571.411491][T15163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 571.411508][T15163] Call Trace: [ 571.411518][T15163] [ 571.411530][T15163] dump_stack_lvl+0x100/0x190 [ 571.411570][T15163] should_fail_ex.cold+0x5/0xa [ 571.411608][T15163] ? tomoyo_encode2+0xfb/0x3c0 [ 571.411643][T15163] should_failslab+0xc2/0x120 [ 571.411678][T15163] __kmalloc_noprof+0xe0/0x850 [ 571.411705][T15163] ? d_absolute_path+0x136/0x1b0 [ 571.411751][T15163] tomoyo_encode2+0xfb/0x3c0 [ 571.411794][T15163] tomoyo_encode+0x29/0x50 [ 571.411829][T15163] tomoyo_realpath_from_path+0x18c/0x690 [ 571.411875][T15163] tomoyo_path_number_perm+0x23c/0x580 [ 571.411906][T15163] ? tomoyo_path_number_perm+0x22e/0x580 [ 571.411940][T15163] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 571.411983][T15163] ? do_raw_spin_lock+0x128/0x260 [ 571.412036][T15163] ? find_held_lock+0x2b/0x80 [ 571.412072][T15163] ? current_check_access_path+0x269/0x430 [ 571.412110][T15163] ? __pfx_current_check_access_path+0x10/0x10 [ 571.412145][T15163] ? do_raw_spin_unlock+0x145/0x1e0 [ 571.412184][T15163] ? simple_lookup+0x105/0x1d0 [ 571.412222][T15163] tomoyo_path_mknod+0x164/0x190 [ 571.412264][T15163] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 571.412308][T15163] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 571.412356][T15163] security_path_mknod+0x161/0x300 [ 571.412395][T15163] filename_mknodat+0x241/0x7f0 [ 571.412439][T15163] ? __pfx_filename_mknodat+0x10/0x10 [ 571.412476][T15163] ? strncpy_from_user+0x19d/0x2d0 [ 571.412510][T15163] ? do_getname+0x191/0x390 [ 571.412555][T15163] __x64_sys_mknod+0x8f/0xc0 [ 571.412594][T15163] do_syscall_64+0x10b/0xf80 [ 571.412636][T15163] ? clear_bhb_loop+0x40/0x90 [ 571.412672][T15163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.412702][T15163] RIP: 0033:0x7f0d9cd9ce59 [ 571.412734][T15163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 571.412762][T15163] RSP: 002b:00007f0d9dc92028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 571.412790][T15163] RAX: ffffffffffffffda RBX: 00007f0d9d015fa0 RCX: 00007f0d9cd9ce59 [ 571.412810][T15163] RDX: 0000000000000044 RSI: 0000000000001001 RDI: 0000200000000040 [ 571.412828][T15163] RBP: 00007f0d9ce32d6f R08: 0000000000000000 R09: 0000000000000000 [ 571.412848][T15163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 571.412865][T15163] R13: 00007f0d9d016038 R14: 00007f0d9d015fa0 R15: 00007ffdff38de38 [ 571.412902][T15163] [ 571.681023][T15163] ERROR: Out of memory at tomoyo_realpath_from_path. [ 572.338752][T15129] Process accounting paused syzkaller syzkaller login: [ 573.760940][T15209] ima: policy update failed [ 573.790824][ T29] audit: type=1802 audit(1778680041.722:142): pid=15209 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2223" res=0 errno=0 [ 573.902308][T15209] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2223'. [ 574.054180][T15208] Process accounting resumed [ 574.225484][T15221] ima: policy update failed [ 574.234601][ T29] audit: type=1802 audit(1778680042.162:143): pid=15221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2227" res=0 errno=0 [ 574.321020][T15221] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2227'. [ 574.476253][T15230] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2229'. [ 574.722477][T15237] ima: policy update failed [ 574.759430][ T29] audit: type=1802 audit(1778680042.682:144): pid=15237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2231" res=0 errno=0 [ 574.813994][T15237] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2231'. [ 575.890452][T15265] usb usb2: usbfs: process 15265 (syz.0.2236) did not claim interface 4 before use [ 576.319279][T15276] ima: policy update failed [ 576.355623][ T29] audit: type=1802 audit(1778680044.282:145): pid=15276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2239" res=0 errno=0 [ 576.456736][T15276] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2239'. [ 576.664797][T15279] FAULT_INJECTION: forcing a failure. [ 576.664797][T15279] name failslab, interval 1, probability 0, space 0, times 0 [ 576.685605][T15279] CPU: 0 UID: 0 PID: 15279 Comm: syz.1.2240 Tainted: G L syzkaller #0 PREEMPT(full) [ 576.685649][T15279] Tainted: [L]=SOFTLOCKUP [ 576.685658][T15279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 576.685673][T15279] Call Trace: [ 576.685682][T15279] [ 576.685692][T15279] dump_stack_lvl+0x100/0x190 [ 576.685726][T15279] should_fail_ex.cold+0x5/0xa [ 576.685759][T15279] ? tomoyo_realpath_from_path+0xb6/0x690 [ 576.685794][T15279] should_failslab+0xc2/0x120 [ 576.685825][T15279] __kmalloc_noprof+0xe0/0x850 [ 576.685850][T15279] ? kfree+0x1dd/0x6c0 [ 576.685891][T15279] tomoyo_realpath_from_path+0xb6/0x690 [ 576.685932][T15279] tomoyo_path_number_perm+0x23c/0x580 [ 576.685960][T15279] ? tomoyo_path_number_perm+0x22e/0x580 [ 576.685991][T15279] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 576.686057][T15279] ? find_held_lock+0x2b/0x80 [ 576.686100][T15279] ? __fget_files+0x215/0x3d0 [ 576.686129][T15279] ? hook_file_ioctl_common+0x149/0x410 [ 576.686158][T15279] ? __fget_files+0x215/0x3d0 [ 576.686194][T15279] ? __fget_files+0x21f/0x3d0 [ 576.686232][T15279] security_file_ioctl+0xd3/0x230 [ 576.686262][T15279] __x64_sys_ioctl+0xb7/0x210 [ 576.686292][T15279] do_syscall_64+0x10b/0xf80 [ 576.686335][T15279] ? clear_bhb_loop+0x40/0x90 [ 576.686369][T15279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.686396][T15279] RIP: 0033:0x7fb42519ce59 [ 576.686420][T15279] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 576.686445][T15279] RSP: 002b:00007fb426041028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 576.686471][T15279] RAX: ffffffffffffffda RBX: 00007fb425415fa0 RCX: 00007fb42519ce59 [ 576.686489][T15279] RDX: 0000000000000003 RSI: 0000000000004b4d RDI: 0000000000000003 [ 576.686505][T15279] RBP: 00007fb426041090 R08: 0000000000000000 R09: 0000000000000000 [ 576.686521][T15279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 576.686537][T15279] R13: 00007fb425416038 R14: 00007fb425415fa0 R15: 00007ffd06209158 [ 576.686574][T15279] [ 576.686586][T15279] ERROR: Out of memory at tomoyo_realpath_from_path. [ 577.107307][T15281] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2241'. [ 578.180413][T15298] Process accounting paused getty: ttyS0: read error: Resource temporarily unavailable syzkaller syzkaller login: [ 580.451630][T15379] ima: policy update failed [ 580.461226][ T29] audit: type=1802 audit(1778680048.392:146): pid=15379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2263" res=0 errno=0 [ 580.501607][T15379] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2263'. [ 580.542573][T15379] mac80211_hwsim hwsim87 : renamed from wlan0 (while UP) [ 583.229252][T15427] ima: policy update failed [ 583.249129][ T29] audit: type=1802 audit(1778680051.182:147): pid=15427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2274" res=0 errno=0 [ 583.352284][T15427] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2274'. [ 586.881157][T15468] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2283'. [ 588.946848][T15508] ima: policy update failed [ 588.958157][ T29] audit: type=1802 audit(1778680056.892:148): pid=15508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2290" res=0 errno=0 [ 589.062251][T15511] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2290'. [ 591.282206][T15535] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2297'. [ 593.512904][T15584] ubi0: attaching mtd0 [ 593.539900][T15584] ubi0: scanning is finished [ 593.878087][T15584] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 593.889241][T15584] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 593.896601][T15584] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 593.907382][T15584] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 593.915613][T15584] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 593.924560][T15584] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 593.934135][T15584] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 593.958067][T15584] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 593.969843][T15594] ubi0: background thread "ubi_bgt0d" started, PID 15594 [ 593.999877][T15595] random: crng reseeded on system resumption [ 594.035700][T15590] ubi0: detaching mtd0 [ 594.062793][T15590] ubi0: mtd0 is detached [ 594.234450][T15599] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5635] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[15599] [ 594.774383][T15604] FAULT_INJECTION: forcing a failure. [ 594.774383][T15604] name failslab, interval 1, probability 0, space 0, times 0 [ 594.812521][T15604] CPU: 1 UID: 0 PID: 15604 Comm: syz.2.2310 Tainted: G L syzkaller #0 PREEMPT(full) [ 594.812547][T15604] Tainted: [L]=SOFTLOCKUP [ 594.812553][T15604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 594.812562][T15604] Call Trace: [ 594.812567][T15604] [ 594.812574][T15604] dump_stack_lvl+0x100/0x190 [ 594.812595][T15604] should_fail_ex.cold+0x5/0xa [ 594.812614][T15604] should_failslab+0xc2/0x120 [ 594.812631][T15604] __kmalloc_cache_noprof+0x7a/0x6f0 [ 594.812653][T15604] ? kstrdup_quotable_cmdline+0x52/0x210 [ 594.812676][T15604] kstrdup_quotable_cmdline+0x52/0x210 [ 594.812696][T15604] __report_access+0x4b/0x230 [ 594.812713][T15604] ? _raw_spin_unlock_irq+0x23/0x50 [ 594.812739][T15604] task_work_run+0x150/0x240 [ 594.812754][T15604] ? __pfx_task_work_run+0x10/0x10 [ 594.812770][T15604] ? rcu_is_watching+0x12/0xc0 [ 594.812791][T15604] exit_to_user_mode_loop+0x107/0x4f0 [ 594.812805][T15604] ? rcu_is_watching+0x12/0xc0 [ 594.812824][T15604] do_syscall_64+0x6f2/0xf80 [ 594.812845][T15604] ? clear_bhb_loop+0x40/0x90 [ 594.812863][T15604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.812878][T15604] RIP: 0033:0x7f0d9cd9ce59 [ 594.812891][T15604] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 594.812905][T15604] RSP: 002b:00007f0d9dc92028 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 594.812920][T15604] RAX: ffffffffffffffff RBX: 00007f0d9d015fa0 RCX: 00007f0d9cd9ce59 [ 594.812930][T15604] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000004206 [ 594.812939][T15604] RBP: 00007f0d9dc92090 R08: 0000000000000000 R09: 0000000000000000 [ 594.812960][T15604] R10: 0000000000200005 R11: 0000000000000246 R12: 0000000000000001 [ 594.812970][T15604] R13: 00007f0d9d016038 R14: 00007f0d9d015fa0 R15: 00007ffdff38de38 [ 594.812988][T15604] [ 594.813055][T15604] ptrace attach of "(null)"[5635] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[15604] [ 596.479490][T15637] ubi0: attaching mtd0 [ 596.510656][T15637] ubi0: scanning is finished [ 596.723986][T15644] ima: policy update failed [ 596.731197][ T29] audit: type=1802 audit(1778680064.662:149): pid=15644 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2319" res=0 errno=0 [ 596.800171][T15637] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 596.821451][T15648] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2319'. [ 596.835719][T15637] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 596.844131][T15637] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 596.854399][T15637] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 596.867534][T15637] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 596.885188][T15637] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 596.899493][T15637] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 596.915885][T15637] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 596.939778][T15647] ubi0: background thread "ubi_bgt0d" started, PID 15647 [ 596.948480][T15641] ubi0: detaching mtd0 [ 597.078825][T15641] ubi0: mtd0 is detached [ 600.637235][T15708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2330'. [ 601.529921][T15719] ima: policy update failed [ 601.538006][ T29] audit: type=1802 audit(1778680069.462:150): pid=15719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.2332" res=0 errno=0 [ 601.664302][T15721] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2332'. [ 602.307055][T15736] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2337'. [ 602.430748][T15742] ubi0: attaching mtd0 [ 602.449887][T15742] ubi0: scanning is finished [ 602.679319][T15742] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 602.692643][T15742] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 602.704930][T15742] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 602.775316][T15742] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 602.812069][T15742] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 602.819188][T15742] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 602.840527][T15742] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 602.855561][T15742] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 602.897244][T15748] ubi0: detaching mtd0 [ 602.913249][T15748] ubi0: mtd0 is detached [ 603.523021][T15740] Process accounting resumed [ 604.847528][T15803] FAULT_INJECTION: forcing a failure. [ 604.847528][T15803] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 604.891239][T15803] CPU: 0 UID: 0 PID: 15803 Comm: syz.0.2352 Tainted: G L syzkaller #0 PREEMPT(full) [ 604.891265][T15803] Tainted: [L]=SOFTLOCKUP [ 604.891270][T15803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 604.891279][T15803] Call Trace: [ 604.891284][T15803] [ 604.891290][T15803] dump_stack_lvl+0x100/0x190 [ 604.891311][T15803] should_fail_ex.cold+0x5/0xa [ 604.891330][T15803] _copy_from_user+0x2e/0xd0 [ 604.891346][T15803] set_selection_user+0x88/0x140 [ 604.891372][T15803] ? __pfx_set_selection_user+0x10/0x10 [ 604.891393][T15803] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 604.891415][T15803] tioclinux+0x1b0/0x640 [ 604.891439][T15803] vt_ioctl+0x1793/0x31a0 [ 604.891457][T15803] ? __pfx_vt_ioctl+0x10/0x10 [ 604.891473][T15803] ? find_held_lock+0x2b/0x80 [ 604.891492][T15803] ? tomoyo_path_number_perm+0x28f/0x580 [ 604.891508][T15803] ? tomoyo_path_number_perm+0x28f/0x580 [ 604.891526][T15803] ? tomoyo_path_number_perm+0x188/0x580 [ 604.891543][T15803] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 604.891561][T15803] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 604.891585][T15803] ? __pfx_vt_ioctl+0x10/0x10 [ 604.891602][T15803] tty_ioctl+0x26a/0x1640 [ 604.891624][T15803] ? __pfx_tty_ioctl+0x10/0x10 [ 604.891651][T15803] ? fd_install+0x24f/0x580 [ 604.891667][T15803] ? hook_file_ioctl_common+0x149/0x410 [ 604.891691][T15803] ? __pfx_tty_ioctl+0x10/0x10 [ 604.891713][T15803] __x64_sys_ioctl+0x18e/0x210 [ 604.891729][T15803] do_syscall_64+0x10b/0xf80 [ 604.891751][T15803] ? clear_bhb_loop+0x40/0x90 [ 604.891768][T15803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.891784][T15803] RIP: 0033:0x7f8ca7d9ce59 [ 604.891797][T15803] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 604.891811][T15803] RSP: 002b:00007f8ca8d31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 604.891826][T15803] RAX: ffffffffffffffda RBX: 00007f8ca8015fa0 RCX: 00007f8ca7d9ce59 [ 604.891836][T15803] RDX: 0000000000000000 RSI: 000000000000541c RDI: 0000000000000001 [ 604.891844][T15803] RBP: 00007f8ca8d31090 R08: 0000000000000000 R09: 0000000000000000 [ 604.891852][T15803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 604.891861][T15803] R13: 00007f8ca8016038 R14: 00007f8ca8015fa0 R15: 00007fff1d87ec48 [ 604.891880][T15803] [ 606.283881][T15771] Process accounting paused [ 606.380013][ T29] audit: type=1804 audit(1778680074.312:151): pid=15832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.2359" name="/newroot/sys/kernel/tracing/set_event_notrace_pid" dev="tracefs" ino=1043 res=1 errno=0 [ 607.075152][T15845] ima: policy update failed [ 607.093187][ T29] audit: type=1802 audit(1778680075.022:152): pid=15845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2363" res=0 errno=0 [ 607.147044][T15845] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2363'. [ 609.336851][T15868] Process accounting resumed [ 610.893611][T15920] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2376'. [ 613.973348][T15967] ima: policy update failed [ 613.985990][ T29] audit: type=1802 audit(1778680081.922:153): pid=15967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2384" res=0 errno=0 [ 614.018987][T15967] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2384'. [ 614.284013][T15971] ima: policy update failed [ 614.289973][ T29] audit: type=1802 audit(1778680082.222:154): pid=15971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2385" res=0 errno=0 [ 614.319909][T15971] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2385'. [ 614.528018][T15974] ubi0: attaching mtd0 [ 614.547531][T15974] ubi0: scanning is finished [ 614.834841][T15974] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 614.844565][T15974] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 614.853167][T15974] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 614.882521][T15974] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 614.926066][T15974] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 614.934604][T15974] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 615.004510][T15974] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 615.079343][T15974] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 615.092193][T15978] ubi0: detaching mtd0 [ 615.098885][T15986] ubi0: background thread "ubi_bgt0d" started, PID 15986 [ 615.228490][T15978] ubi0: mtd0 is detached [ 615.523055][T15993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2391'. [ 616.062914][T16004] ima: policy update failed [ 616.100833][ T29] audit: type=1802 audit(1778680084.032:155): pid=16004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2394" res=0 errno=0 [ 616.128114][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 616.143762][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 616.153949][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 616.169739][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 616.182670][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 616.222147][T16004] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2394'. [ 618.202644][T13955] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.256742][ T50] Bluetooth: hci0: command tx timeout [ 618.520574][T13955] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.689649][T13955] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 619.021011][T13955] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 619.553690][T16005] bridge0: port 1(bridge_slave_0) entered blocking state [ 619.564060][T16005] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.578963][T16005] bridge_slave_0: entered allmulticast mode [ 619.600112][T16005] bridge_slave_0: entered promiscuous mode [ 619.733969][T16005] bridge0: port 2(bridge_slave_1) entered blocking state [ 619.742103][T16005] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.750318][T16005] bridge_slave_1: entered allmulticast mode [ 619.757768][T16005] bridge_slave_1: entered promiscuous mode [ 619.793691][T13955] gretap0: left allmulticast mode [ 619.811785][T13955] bridge0: port 3(gretap0) entered disabled state [ 619.830280][T13955] bridge_slave_1: left allmulticast mode [ 619.847739][T13955] bridge_slave_1: left promiscuous mode [ 619.866221][T13955] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.885915][T13955] bridge_slave_0: left allmulticast mode [ 619.937695][T13955] bridge_slave_0: left promiscuous mode [ 619.952275][T13955] bridge0: port 1(bridge_slave_0) entered disabled state [ 620.325729][ T50] Bluetooth: hci0: command tx timeout [ 620.347142][T13955] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 620.368437][T13955] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 620.389693][T13955] bond0 (unregistering): Released all slaves [ 620.818147][T16005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 620.902076][T16005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 621.306629][T16005] team0: Port device team_slave_0 added [ 621.339087][T16005] team0: Port device team_slave_1 added [ 621.580173][T16080] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2403'. [ 621.607501][T16084] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2404'. [ 621.696444][T16005] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 621.703901][T16005] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 621.755987][T16005] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 621.947652][T16100] ubi0: attaching mtd0 [ 621.955841][T16100] ubi0: scanning is finished [ 622.074217][T16005] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 622.104917][T16005] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 622.173669][T16005] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 622.204298][T16100] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 622.225666][T16100] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 622.267806][T16100] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 622.308063][T16100] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 622.336169][T16100] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 622.365177][T16100] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 622.415637][ T50] Bluetooth: hci0: command tx timeout [ 622.430373][T16005] hsr_slave_0: entered promiscuous mode [ 622.445852][T16100] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 622.464874][T16005] hsr_slave_1: entered promiscuous mode [ 622.492136][T16100] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 622.512169][ T5288] 8021q: adding VLAN 0 to HW filter on device eth1 [ 622.514573][T16111] ubi0: background thread "ubi_bgt0d" started, PID 16111 [ 622.537064][T16107] ubi0: detaching mtd0 [ 622.668143][T16107] ubi0: mtd0 is detached [ 622.930771][T16114] ubi0: attaching mtd0 [ 622.977225][T16114] ubi0: scanning is finished [ 623.299457][T16114] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 623.316847][T16114] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 623.375643][T16114] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 623.400065][T16114] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 623.438618][T16114] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 623.465600][T16114] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 623.478511][T16114] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 623.493162][T16114] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 623.520607][T16120] ubi0: detaching mtd0 [ 623.521260][T16126] ubi0: background thread "ubi_bgt0d" started, PID 16126 [ 623.568994][T16120] ubi0: mtd0 is detached [ 624.208199][T16152] ubi0: attaching mtd0 [ 624.265990][T16152] ubi0: scanning is finished [ 624.328547][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.335127][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.485684][ T50] Bluetooth: hci0: command tx timeout [ 624.551701][T16152] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 624.563561][T16152] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 624.576148][T16152] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 624.595200][T16152] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 624.617278][T16152] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 624.654986][T16152] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 624.665673][T16152] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 624.713711][T16152] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 624.775890][T16159] ubi0: detaching mtd0 [ 624.783315][T16162] ubi0: background thread "ubi_bgt0d" started, PID 16162 [ 624.808785][T16159] ubi0: mtd0 is detached [ 626.401297][T16197] ima: policy update failed [ 626.427362][ T29] audit: type=1802 audit(1778680094.362:156): pid=16197 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.2418" res=0 errno=0 [ 626.539311][T16200] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2418'. [ 626.625086][T16005] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 626.671393][T16005] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 626.766541][T16005] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 626.829008][T16005] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 626.886170][T16005] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 626.904068][T16005] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 626.904735][T16005] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 626.910350][T16005] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 627.741644][T16005] 8021q: adding VLAN 0 to HW filter on device bond0 [ 627.798681][T13955] hsr_slave_0: left promiscuous mode [ 627.829846][T13955] hsr_slave_1: left promiscuous mode [ 627.837162][T13955] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 627.848907][T13955] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 627.880807][T13955] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 627.909258][T13955] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 628.016382][T13955] veth1_macvtap: left promiscuous mode [ 628.021901][T13955] veth0_macvtap: left promiscuous mode [ 628.029472][T13955] veth1_vlan: left promiscuous mode [ 628.037461][T13955] veth0_vlan: left promiscuous mode [ 628.852545][T13955] team0 (unregistering): Port device team_slave_1 removed [ 628.891927][T13955] team0 (unregistering): Port device team_slave_0 removed [ 629.318529][T16005] 8021q: adding VLAN 0 to HW filter on device team0 [ 629.413175][T12832] bridge0: port 1(bridge_slave_0) entered blocking state [ 629.420373][T12832] bridge0: port 1(bridge_slave_0) entered forwarding state [ 629.573012][T12832] bridge0: port 2(bridge_slave_1) entered blocking state [ 629.580195][T12832] bridge0: port 2(bridge_slave_1) entered forwarding state [ 630.351477][T16264] ubi0: attaching mtd0 [ 630.377936][T16264] ubi0: scanning is finished [ 630.741987][T16264] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 630.765090][T16264] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 630.812354][T16264] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 630.821606][T16264] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 630.834871][T16264] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 630.854000][T16264] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 630.863610][T16264] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 630.875765][T16264] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 630.908065][T16276] ubi0: background thread "ubi_bgt0d" started, PID 16276 [ 630.915323][T16269] ubi0: detaching mtd0 [ 630.940170][T16269] ubi0: mtd0 is detached [ 631.241555][T16280] net_ratelimit: 47 callbacks suppressed [ 631.241571][T16280] netlink: zone id is out of range [ 631.295098][T16005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 631.305403][T16280] netlink: zone id is out of range [ 631.389045][T16280] netlink: zone id is out of range [ 631.410462][T16280] netlink: zone id is out of range [ 631.422320][T16280] netlink: zone id is out of range [ 631.453126][T16280] netlink: zone id is out of range [ 631.461692][T16280] netlink: zone id is out of range [ 631.469831][T16005] veth0_vlan: entered promiscuous mode [ 631.478094][T16280] netlink: zone id is out of range [ 631.489941][T16280] netlink: zone id is out of range [ 631.506709][T16005] veth1_vlan: entered promiscuous mode [ 631.515297][T16280] netlink: zone id is out of range [ 631.574519][T16005] veth0_macvtap: entered promiscuous mode [ 631.610278][T16005] veth1_macvtap: entered promiscuous mode [ 631.667590][T16005] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 631.697756][T16005] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 631.748661][T13955] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 631.758649][T13955] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 631.794640][T13955] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 631.848594][T13955] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.202873][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 632.230632][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 632.320574][ T3041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 632.329760][ T3041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 632.382686][T16304] ima: policy update failed [ 632.392001][ T29] audit: type=1802 audit(1778680100.322:157): pid=16304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2433" res=0 errno=0 [ 632.473632][T16304] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2433'. [ 632.948691][T16300] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2432'. [ 633.392450][T16338] FAULT_INJECTION: forcing a failure. [ 633.392450][T16338] name failslab, interval 1, probability 0, space 0, times 0 [ 633.415687][T16338] CPU: 1 UID: 0 PID: 16338 Comm: syz.0.2441 Tainted: G L syzkaller #0 PREEMPT(full) [ 633.415788][T16338] Tainted: [L]=SOFTLOCKUP [ 633.415794][T16338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 633.415804][T16338] Call Trace: [ 633.415811][T16338] [ 633.415818][T16338] dump_stack_lvl+0x100/0x190 [ 633.415839][T16338] should_fail_ex.cold+0x5/0xa [ 633.415859][T16338] ? tomoyo_realpath_from_path+0xb6/0x690 [ 633.415879][T16338] should_failslab+0xc2/0x120 [ 633.415900][T16338] __kmalloc_noprof+0xe0/0x850 [ 633.415977][T16338] ? kfree+0x1dd/0x6c0 [ 633.416004][T16338] tomoyo_realpath_from_path+0xb6/0x690 [ 633.416028][T16338] tomoyo_check_open_permission+0x2af/0x3c0 [ 633.416046][T16338] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 633.416069][T16338] ? hook_file_open+0x24e/0x7a0 [ 633.416098][T16338] ? path_get+0x61/0x80 [ 633.416119][T16338] tomoyo_file_open+0x6b/0x90 [ 633.416140][T16338] security_file_open+0xb5/0x1e0 [ 633.416164][T16338] do_dentry_open+0x5aa/0x1660 [ 633.416187][T16338] ? security_inode_permission+0xbf/0x250 [ 633.416207][T16338] vfs_open+0x82/0x3f0 [ 633.416261][T16338] path_openat+0x208c/0x31a0 [ 633.416287][T16338] ? __pfx_path_openat+0x10/0x10 [ 633.416313][T16338] do_file_open+0x20e/0x430 [ 633.416340][T16338] ? __pfx_do_file_open+0x10/0x10 [ 633.416373][T16338] ? alloc_fd+0x476/0x790 [ 633.416393][T16338] ? do_getname+0x191/0x390 [ 633.416417][T16338] do_sys_openat2+0x10d/0x1e0 [ 633.416440][T16338] ? __pfx_do_sys_openat2+0x10/0x10 [ 633.416468][T16338] __x64_sys_openat+0x12d/0x210 [ 633.416491][T16338] ? __pfx___x64_sys_openat+0x10/0x10 [ 633.416512][T16338] ? ksys_write+0x1ac/0x250 [ 633.416531][T16338] ? rcu_is_watching+0x12/0xc0 [ 633.416551][T16338] do_syscall_64+0x10b/0xf80 [ 633.416573][T16338] ? clear_bhb_loop+0x40/0x90 [ 633.416591][T16338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.416607][T16338] RIP: 0033:0x7f8ca7d9ce59 [ 633.416621][T16338] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 633.416636][T16338] RSP: 002b:00007f8ca8d31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 633.416651][T16338] RAX: ffffffffffffffda RBX: 00007f8ca8015fa0 RCX: 00007f8ca7d9ce59 [ 633.416661][T16338] RDX: 0000000000000241 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 633.416672][T16338] RBP: 00007f8ca7e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 633.416681][T16338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 633.416690][T16338] R13: 00007f8ca8016038 R14: 00007f8ca8015fa0 R15: 00007fff1d87ec48 [ 633.416709][T16338] [ 633.416728][T16338] ERROR: Out of memory at tomoyo_realpath_from_path. [ 634.342541][ T5630] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 634.358692][ T5630] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 634.372963][ T5630] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 634.385951][ T5630] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 634.401633][ T5630] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 634.925475][T16365] ubi0: attaching mtd0 [ 635.006918][T16365] ubi0: scanning is finished [ 635.302051][T13950] gretap0: left allmulticast mode [ 635.319180][T13950] bridge0: port 3(gretap0) entered disabled state [ 635.349111][T13950] bridge_slave_1: left allmulticast mode [ 635.360859][T13950] bridge_slave_1: left promiscuous mode [ 635.374558][T13950] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.395715][T13950] bridge_slave_0: left allmulticast mode [ 635.401750][T13950] bridge_slave_0: left promiscuous mode [ 635.409738][T13950] bridge0: port 1(bridge_slave_0) entered disabled state [ 635.436282][T16365] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 635.453386][T16365] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 635.469709][T16365] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 635.479795][T16365] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 635.498419][T16365] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 635.507912][T16365] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 635.520700][T16365] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 635.533347][T16365] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 635.543933][T16381] ubi0: background thread "ubi_bgt0d" started, PID 16381 [ 635.553399][T16370] ubi: mtd0 is already attached to ubi0 [ 635.563847][T16371] ubi0: detaching mtd0 [ 635.600348][T16371] ubi0: mtd0 is detached [ 636.059112][T13950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 636.113707][T13950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 636.152094][T13950] bond0 (unregistering): Released all slaves [ 636.488839][ T5630] Bluetooth: hci1: command tx timeout [ 636.941299][T16392] Process accounting resumed [ 637.286389][T16409] ima: policy update failed [ 637.294690][ T29] audit: type=1802 audit(1778680105.222:158): pid=16409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2457" res=0 errno=0 [ 637.350983][T16409] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2457'. [ 637.705306][T16417] ubi0: attaching mtd0 [ 637.720986][T16417] ubi0: scanning is finished [ 637.984480][T16417] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 637.998413][T16417] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 638.009606][T16417] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 638.018146][T16417] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 638.027763][T16417] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 638.036342][T16417] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 638.049662][T16417] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 638.062977][T16417] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 638.090507][T16418] ubi0: detaching mtd0 [ 638.094659][T16424] ubi0: background thread "ubi_bgt0d" started, PID 16424 [ 638.175051][T16418] ubi0: mtd0 is detached [ 638.565972][ T5630] Bluetooth: hci1: command tx timeout [ 639.068862][T16356] bridge0: port 1(bridge_slave_0) entered blocking state [ 639.101432][T16356] bridge0: port 1(bridge_slave_0) entered disabled state [ 639.126932][T16356] bridge_slave_0: entered allmulticast mode [ 639.151202][T16356] bridge_slave_0: entered promiscuous mode [ 639.179390][T16356] bridge0: port 2(bridge_slave_1) entered blocking state [ 639.194340][T16356] bridge0: port 2(bridge_slave_1) entered disabled state [ 639.204966][T16356] bridge_slave_1: entered allmulticast mode [ 639.213279][T16356] bridge_slave_1: entered promiscuous mode [ 639.384727][T16356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 639.418731][T16356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 639.529486][T16356] team0: Port device team_slave_0 added [ 639.561520][T16356] team0: Port device team_slave_1 added [ 639.623856][T16447] ima: policy update failed [ 639.631977][ T29] audit: type=1802 audit(1778680107.562:159): pid=16447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2466" res=0 errno=0 [ 639.677110][T16447] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2466'. [ 639.724083][T16356] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 639.733969][T16356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 639.777387][T16356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 639.863682][T16356] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 639.880323][T16356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 639.957015][T16356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 640.318989][T16356] hsr_slave_0: entered promiscuous mode [ 640.337682][T16356] hsr_slave_1: entered promiscuous mode [ 640.348232][T16356] debugfs: 'hsr0' already exists in 'hsr' [ 640.372436][T16356] Cannot create hsr debugfs directory [ 640.533910][T16473] input: jJǸ-9%vJ86 as /devices/virtual/input/input7 [ 640.645679][ T5630] Bluetooth: hci1: command tx timeout [ 642.294816][T16356] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 642.341371][T16356] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 642.387322][T16356] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 642.441763][T16356] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 642.499580][T13950] hsr_slave_0: left promiscuous mode [ 642.519309][T13950] hsr_slave_1: left promiscuous mode [ 642.531850][T13950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 642.569902][T13950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 642.644900][T13950] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 642.661844][T13950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 642.696667][T13950] veth1_macvtap: left promiscuous mode [ 642.713419][T13950] veth0_macvtap: left promiscuous mode [ 642.725727][ T5630] Bluetooth: hci1: command tx timeout [ 642.729079][T13950] veth1_vlan: left promiscuous mode [ 642.752785][T13950] veth0_vlan: left promiscuous mode [ 643.169921][T13950] team0 (unregistering): Port device team_slave_1 removed [ 643.193489][T13950] team0 (unregistering): Port device team_slave_0 removed [ 643.396618][T16356] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 643.409927][T16356] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 643.444535][T16356] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 643.460383][T16356] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 643.765302][T16356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 643.778125][T16521] ubi0: attaching mtd0 [ 643.799027][T16521] ubi0: scanning is finished [ 643.838636][T16356] 8021q: adding VLAN 0 to HW filter on device team0 [ 643.892397][T13955] bridge0: port 1(bridge_slave_0) entered blocking state [ 643.899529][T13955] bridge0: port 1(bridge_slave_0) entered forwarding state [ 643.975200][T13955] bridge0: port 2(bridge_slave_1) entered blocking state [ 643.982440][T13955] bridge0: port 2(bridge_slave_1) entered forwarding state [ 644.099211][T16521] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 644.107118][T16521] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 644.114528][T16521] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 644.122836][T16521] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 644.133468][T16521] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 644.143037][T16521] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 644.155063][T16521] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 644.167871][T16521] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 644.179808][T16534] ubi0: background thread "ubi_bgt0d" started, PID 16534 [ 644.187457][T16530] ubi0: detaching mtd0 [ 644.201472][T16530] ubi0: mtd0 is detached [ 645.323892][T16543] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2484'. [ 645.728085][T16562] random: crng reseeded on system resumption [ 646.429202][T16356] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 646.542039][T16356] veth0_vlan: entered promiscuous mode [ 646.592848][T16356] veth1_vlan: entered promiscuous mode [ 646.812761][T16580] ubi0: attaching mtd0 [ 646.831852][T16580] ubi0: scanning is finished [ 647.070523][T16356] veth0_macvtap: entered promiscuous mode [ 647.115425][T16356] veth1_macvtap: entered promiscuous mode [ 647.151956][T16580] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 647.160648][T16580] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 647.167119][T16356] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 647.181491][T16580] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 647.196591][T16580] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 647.206025][T16580] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 647.216322][T16580] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 647.219635][T16356] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 647.233915][T16580] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 647.244136][T16580] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 647.260476][T16584] ubi0: detaching mtd0 [ 647.285685][T16589] ubi0: background thread "ubi_bgt0d" started, PID 16589 [ 647.308700][T16584] ubi0: mtd0 is detached [ 647.313423][T13955] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.338764][T13955] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.371530][T13955] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.390660][T13955] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.645770][ T3041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 647.679848][ T3041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 647.783127][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 647.804555][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 650.313924][T16654] FAULT_INJECTION: forcing a failure. [ 650.313924][T16654] name failslab, interval 1, probability 0, space 0, times 0 [ 650.329080][T16654] CPU: 1 UID: 0 PID: 16654 Comm: syz.0.2504 Tainted: G L syzkaller #0 PREEMPT(full) [ 650.329123][T16654] Tainted: [L]=SOFTLOCKUP [ 650.329131][T16654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 650.329148][T16654] Call Trace: [ 650.329156][T16654] [ 650.329166][T16654] dump_stack_lvl+0x100/0x190 [ 650.329202][T16654] should_fail_ex.cold+0x5/0xa [ 650.329235][T16654] ? tomoyo_realpath_from_path+0xb6/0x690 [ 650.329269][T16654] should_failslab+0xc2/0x120 [ 650.329299][T16654] __kmalloc_noprof+0xe0/0x850 [ 650.329321][T16654] ? kfree+0x1dd/0x6c0 [ 650.329358][T16654] tomoyo_realpath_from_path+0xb6/0x690 [ 650.329395][T16654] tomoyo_path_number_perm+0x23c/0x580 [ 650.329419][T16654] ? tomoyo_path_number_perm+0x22e/0x580 [ 650.329451][T16654] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 650.329511][T16654] ? find_held_lock+0x2b/0x80 [ 650.329540][T16654] ? __fget_files+0x215/0x3d0 [ 650.329567][T16654] ? hook_file_ioctl_common+0x149/0x410 [ 650.329592][T16654] ? __fget_files+0x215/0x3d0 [ 650.329627][T16654] ? __fget_files+0x21f/0x3d0 [ 650.329662][T16654] security_file_ioctl+0xd3/0x230 [ 650.329694][T16654] __x64_sys_ioctl+0xb7/0x210 [ 650.329724][T16654] do_syscall_64+0x10b/0xf80 [ 650.329770][T16654] ? clear_bhb_loop+0x40/0x90 [ 650.329800][T16654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.329828][T16654] RIP: 0033:0x7f8ca7d9ce59 [ 650.329851][T16654] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 650.329878][T16654] RSP: 002b:00007f8ca8d31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 650.329904][T16654] RAX: ffffffffffffffda RBX: 00007f8ca8015fa0 RCX: 00007f8ca7d9ce59 [ 650.329923][T16654] RDX: 0000000000000000 RSI: 0000000040045431 RDI: 0000000000000005 [ 650.329940][T16654] RBP: 00007f8ca8d31090 R08: 0000000000000000 R09: 0000000000000000 [ 650.329957][T16654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 650.329973][T16654] R13: 00007f8ca8016038 R14: 00007f8ca8015fa0 R15: 00007fff1d87ec48 [ 650.330008][T16654] [ 650.408550][T16654] ERROR: Out of memory at tomoyo_realpath_from_path. [ 651.052554][T16661] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 652.193629][T16669] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2508'. [ 652.283029][T16670] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2508'. [ 652.652137][T16684] ubi0: attaching mtd0 [ 652.675251][T16684] ubi0: scanning is finished [ 653.020290][T16684] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 653.034345][T16684] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 653.055580][T16684] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 653.069841][T16684] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 653.103291][T16684] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 653.118791][T16684] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 653.145555][T16684] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 653.192835][T16684] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 653.234323][T16694] ubi0: background thread "ubi_bgt0d" started, PID 16694 [ 653.235319][T16688] ubi0: detaching mtd0 [ 653.364506][T16688] ubi0: mtd0 is detached [ 654.307066][T16723] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 654.684963][T16731] ubi0: attaching mtd0 [ 654.746740][T16731] ubi0: scanning is finished [ 655.157217][T16731] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 655.166730][T16731] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 655.196974][T16731] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 655.215421][T16731] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 655.365001][T16731] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 655.401572][T16731] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 655.458664][T16731] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 655.540804][T16731] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 655.760411][T16743] ubi0: background thread "ubi_bgt0d" started, PID 16743 [ 655.769540][T16737] ubi0: detaching mtd0 [ 655.822517][T16746] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2521'. [ 655.825147][T16737] ubi0: mtd0 is detached [ 656.208135][T16753] ubi0: attaching mtd0 [ 656.225950][T16753] ubi0: scanning is finished [ 656.659760][T16753] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 656.672099][T16753] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 656.687462][T16753] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 656.723142][T16753] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 656.740594][T16753] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 656.866597][T16753] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 656.884480][T16753] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 656.915125][T16753] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 656.952226][T16756] ubi0: detaching mtd0 [ 656.990834][T16765] ubi0: background thread "ubi_bgt0d" started, PID 16765 [ 657.146218][ T5630] Bluetooth: hci4: command 0x0406 tx timeout [ 657.228951][T16756] ubi0: mtd0 is detached [ 658.200184][T16761] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2523'. [ 658.739971][T16761] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 658.772825][T16761] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 658.800866][T16761] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 661.053586][T16812] ubi0: attaching mtd0 [ 661.092603][T16812] ubi0: scanning is finished [ 661.327376][T16812] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 661.349279][T16812] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 661.379767][T16812] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 661.436857][T16812] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 661.487742][T16812] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 661.526535][T16812] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 661.553453][T16812] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 661.635667][T16812] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 661.663031][T16822] ubi0: background thread "ubi_bgt0d" started, PID 16822 [ 661.666049][T16816] ubi0: detaching mtd0 [ 661.765463][T16816] ubi0: mtd0 is detached [ 666.280224][T16876] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2540'. [ 667.007312][T16882] Process accounting paused [ 667.378506][T16888] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2543'. [ 667.395928][T16888] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 667.483501][T16888] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 667.832731][T16888] ptp ptp0: only physical clock in use now [ 668.107055][T16904] FAULT_INJECTION: forcing a failure. [ 668.107055][T16904] name failslab, interval 1, probability 0, space 0, times 0 [ 668.158362][T16904] CPU: 1 UID: 0 PID: 16904 Comm: syz.0.2546 Tainted: G L syzkaller #0 PREEMPT(full) [ 668.158408][T16904] Tainted: [L]=SOFTLOCKUP [ 668.158418][T16904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 668.158436][T16904] Call Trace: [ 668.158445][T16904] [ 668.158455][T16904] dump_stack_lvl+0x100/0x190 [ 668.158494][T16904] should_fail_ex.cold+0x5/0xa [ 668.158531][T16904] should_failslab+0xc2/0x120 [ 668.158566][T16904] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 668.158614][T16904] ? anon_vma_fork+0x19a/0x6b0 [ 668.158671][T16904] anon_vma_fork+0x19a/0x6b0 [ 668.158720][T16904] dup_mmap+0x141f/0x2180 [ 668.158772][T16904] ? __pfx_dup_mmap+0x10/0x10 [ 668.158808][T16904] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 668.158856][T16904] ? __lock_acquire+0x4a5/0x2630 [ 668.158886][T16904] ? find_held_lock+0x2b/0x80 [ 668.158921][T16904] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 668.158983][T16904] copy_process+0x6c78/0x7ed0 [ 668.159023][T16904] ? __futex_wait+0x256/0x300 [ 668.159081][T16904] ? __pfx_copy_process+0x10/0x10 [ 668.159128][T16904] ? futex_hash+0x141/0x370 [ 668.159165][T16904] kernel_clone+0x12e/0x9c0 [ 668.159203][T16904] ? __pfx_futex_wait+0x10/0x10 [ 668.159242][T16904] ? __pfx_kernel_clone+0x10/0x10 [ 668.159304][T16904] __do_sys_clone+0xd9/0x120 [ 668.159345][T16904] ? __pfx___do_sys_clone+0x10/0x10 [ 668.159408][T16904] ? rcu_is_watching+0x12/0xc0 [ 668.159448][T16904] do_syscall_64+0x10b/0xf80 [ 668.159488][T16904] ? clear_bhb_loop+0x40/0x90 [ 668.159523][T16904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.159553][T16904] RIP: 0033:0x7f8ca7d9ce59 [ 668.159577][T16904] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 668.159604][T16904] RSP: 002b:00007f8ca8d30fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 668.159631][T16904] RAX: ffffffffffffffda RBX: 00007f8ca8015fa0 RCX: 00007f8ca7d9ce59 [ 668.159656][T16904] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 668.159673][T16904] RBP: 00007f8ca7e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 668.159691][T16904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 668.159709][T16904] R13: 00007f8ca8016038 R14: 00007f8ca8015fa0 R15: 00007fff1d87ec48 [ 668.159749][T16904] [ 668.500933][T16881] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2541'. [ 669.112094][T16914] net_ratelimit: 40 callbacks suppressed [ 669.112109][T16914] openvswitch: netlink: IP tunnel dst address not specified [ 669.330069][T16915] can: request_module (can-proto-0) failed. [ 670.993882][T16942] ubi0: attaching mtd0 [ 671.045209][T16942] ubi0: scanning is finished [ 671.320044][T16942] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 671.328452][T16942] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 671.401924][T16942] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 671.435886][T16942] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 671.456543][T16942] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 671.463908][T16942] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 671.495071][T16942] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 671.508427][T16942] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 671.541567][T16946] ubi0: detaching mtd0 [ 671.555569][T16948] ubi0: background thread "ubi_bgt0d" started, PID 16948 [ 671.648129][T16946] ubi0: mtd0 is detached [ 673.302207][T16971] ubi0: attaching mtd0 [ 673.324158][T16971] ubi0: scanning is finished [ 673.601423][T16971] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 673.642747][T16971] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 673.666869][T16971] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 673.674242][T16971] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 673.709212][T16971] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 673.724065][T16971] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 673.734655][T16971] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 673.757096][T16971] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 673.772224][T16974] ubi0: detaching mtd0 [ 673.810147][T16974] ubi0: mtd0 is detached [ 674.569534][ T5630] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 674.582721][ T5630] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 674.590791][ T5630] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 674.600865][ T5630] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 674.609210][ T5630] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 676.345252][T17002] ubi0: attaching mtd0 [ 676.350840][T17002] ubi0: scanning is finished [ 676.725793][ T5630] Bluetooth: hci3: command tx timeout [ 676.887173][T17002] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 676.924762][T17002] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 676.961889][T17002] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 676.975629][T17002] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 677.005064][T17002] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 677.020771][T17002] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 677.038308][T17002] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 677.057900][T17002] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 677.073358][T17003] ubi0: detaching mtd0 [ 677.080423][T17014] ubi0: background thread "ubi_bgt0d" started, PID 17014 [ 677.232436][T17003] ubi0: mtd0 is detached [ 677.585017][T16982] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.599519][T16982] bridge0: port 1(bridge_slave_0) entered disabled state [ 677.622343][T16982] bridge_slave_0: entered allmulticast mode [ 677.639028][T16982] bridge_slave_0: entered promiscuous mode [ 677.751918][T16982] bridge0: port 2(bridge_slave_1) entered blocking state [ 677.769321][T16982] bridge0: port 2(bridge_slave_1) entered disabled state [ 677.791046][T16982] bridge_slave_1: entered allmulticast mode [ 677.820653][T16982] bridge_slave_1: entered promiscuous mode [ 678.121971][T16982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 678.221991][T16982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 678.332138][T16982] team0: Port device team_slave_0 added [ 678.378501][T16982] team0: Port device team_slave_1 added [ 678.611303][T16982] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 678.633674][T16982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 678.706718][T16982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 678.807345][ T5630] Bluetooth: hci3: command tx timeout [ 678.831538][T16982] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 678.850965][T16982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 678.943604][T16982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 679.384668][T16982] hsr_slave_0: entered promiscuous mode [ 679.406294][T16982] hsr_slave_1: entered promiscuous mode [ 679.421353][T16982] debugfs: 'hsr0' already exists in 'hsr' [ 679.448909][T16982] Cannot create hsr debugfs directory [ 679.975466][T16982] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.291315][T16982] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.556143][T16982] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.886004][ T5630] Bluetooth: hci3: command tx timeout [ 681.134815][T16982] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 682.966094][ T5630] Bluetooth: hci3: command tx timeout [ 683.772816][T17066] zswap: compressor not available [ 684.119696][T16982] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 684.206466][T16982] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 684.228052][T16982] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 684.366092][T16982] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 684.680442][T16982] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 684.745138][T16982] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 684.755027][T16982] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 684.795191][T16982] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 685.770646][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.777008][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.931894][T16982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 686.012158][T16982] 8021q: adding VLAN 0 to HW filter on device team0 [ 686.148680][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 686.155856][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 686.526587][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.533733][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 688.291719][T17110] ubi0: attaching mtd0 [ 688.350989][T17110] ubi0: scanning is finished [ 688.640218][T17110] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 688.664596][T17110] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 688.689559][T17110] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 688.711168][T17110] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 688.721191][T17110] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 688.728125][T17110] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 688.792314][T17110] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 688.823017][T17110] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 688.840838][T17114] ubi0: background thread "ubi_bgt0d" started, PID 17114 [ 688.852184][T17111] ubi0: detaching mtd0 [ 688.992592][T17111] ubi0: mtd0 is detached [ 690.178889][T16982] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 690.772016][T16982] veth0_vlan: entered promiscuous mode [ 691.046133][T16982] veth1_vlan: entered promiscuous mode [ 691.335149][ T29] audit: type=1800 audit(1778680159.262:160): pid=17158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2587" name="dbroot" dev="configfs" ino=87468 res=0 errno=0 [ 691.421906][T17156] ubi0: attaching mtd0 [ 691.428304][T17156] ubi0: scanning is finished [ 691.704593][T16982] veth0_macvtap: entered promiscuous mode [ 691.869817][T17156] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 691.927968][T16982] veth1_macvtap: entered promiscuous mode [ 691.995148][T17156] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 692.026850][T17156] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 692.115593][T17156] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 692.126403][T17156] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 692.134701][T17156] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 692.142970][T17156] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2533700414 [ 692.195769][T17156] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 692.271968][T17165] ubi0: detaching mtd0 [ 692.283255][T17169] ubi0: background thread "ubi_bgt0d" started, PID 17169 [ 692.356710][T17165] ubi0: mtd0 is detached [ 692.403522][T16982] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 692.549542][T16982] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 692.613624][T13950] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.663249][T13950] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.688387][T13950] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.763603][T13950] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.963951][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 693.003530][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 693.075138][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 693.091562][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 693.473891][T17191] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 694.302303][T17213] netlink: 2468 bytes leftover after parsing attributes in process `syz.2.2600'. [ 694.373782][T17209] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2600'. [ 696.998085][T17236] FAULT_INJECTION: forcing a failure. [ 696.998085][T17236] name failslab, interval 1, probability 0, space 0, times 0 [ 697.107519][T17236] CPU: 1 UID: 0 PID: 17236 Comm: syz.0.2604 Tainted: G L syzkaller #0 PREEMPT(full) [ 697.107564][T17236] Tainted: [L]=SOFTLOCKUP [ 697.107573][T17236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 697.107589][T17236] Call Trace: [ 697.107599][T17236] [ 697.107609][T17236] dump_stack_lvl+0x100/0x190 [ 697.107645][T17236] should_fail_ex.cold+0x5/0xa [ 697.107684][T17236] should_failslab+0xc2/0x120 [ 697.107703][T17236] __kmalloc_cache_noprof+0x7a/0x6f0 [ 697.107725][T17236] ? vidtv_mux_create_pid_ctx_once.part.0+0x49/0x200 [ 697.107755][T17236] vidtv_mux_create_pid_ctx_once.part.0+0x49/0x200 [ 697.107782][T17236] vidtv_mux_init+0x8a6/0xbf0 [ 697.107798][T17236] vidtv_start_feed+0x34e/0x500 [ 697.107817][T17236] ? __pfx_vidtv_start_feed+0x10/0x10 [ 697.107836][T17236] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 697.107865][T17236] dmx_section_feed_start_filtering+0x3a8/0x660 [ 697.107891][T17236] dvb_dmxdev_filter_start+0x767/0xdd0 [ 697.107915][T17236] dvb_demux_do_ioctl+0xe64/0x1200 [ 697.107938][T17236] dvb_usercopy+0x167/0x340 [ 697.107952][T17236] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 697.107970][T17236] ? __pfx_dvb_usercopy+0x10/0x10 [ 697.107993][T17236] ? __fget_files+0x21f/0x3d0 [ 697.108014][T17236] dvb_demux_ioctl+0x29/0x40 [ 697.108028][T17236] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 697.108044][T17236] __x64_sys_ioctl+0x18e/0x210 [ 697.108061][T17236] do_syscall_64+0x10b/0xf80 [ 697.108082][T17236] ? clear_bhb_loop+0x40/0x90 [ 697.108100][T17236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.108115][T17236] RIP: 0033:0x7f8ca7d9ce59 [ 697.108129][T17236] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 697.108153][T17236] RSP: 002b:00007f8ca8d31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 697.108168][T17236] RAX: ffffffffffffffda RBX: 00007f8ca8015fa0 RCX: 00007f8ca7d9ce59 [ 697.108178][T17236] RDX: 0000000000000000 RSI: 00000000403c6f2b RDI: 0000000000000004 [ 697.108188][T17236] RBP: 00007f8ca7e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 697.108197][T17236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 697.108205][T17236] R13: 00007f8ca8016038 R14: 00007f8ca8015fa0 R15: 00007fff1d87ec48 [ 697.108226][T17236] [ 697.112290][ T5772] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 697.350749][ T5772] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 697.359169][ T5772] CPU: 1 UID: 0 PID: 5772 Comm: kworker/1:6 Tainted: G L syzkaller #0 PREEMPT(full) [ 697.370118][ T5772] Tainted: [L]=SOFTLOCKUP [ 697.374436][ T5772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 697.384499][ T5772] Workqueue: events vidtv_mux_tick [ 697.389644][ T5772] RIP: 0010:vidtv_psi_ts_psi_write_into+0x4bb/0xb40 [ 697.396251][ T5772] Code: 0b 5c d6 f9 4d 8d 65 20 4c 89 e0 48 c1 e8 03 80 3c 18 00 0f 85 fe 04 00 00 49 8b 45 20 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 <0f> b6 14 1a 38 ca 7f 08 84 d2 0f 85 c6 04 00 00 0f b6 10 48 8b 7c [ 697.415866][ T5772] RSP: 0018:ffffc900048cf3f0 EFLAGS: 00010202 [ 697.421953][ T5772] RAX: 0000000000000002 RBX: dffffc0000000000 RCX: 0000000000000002 [ 697.429932][ T5772] RDX: 0000000000000000 RSI: ffffffff8831a6b5 RDI: ffff888029f08000 [ 697.437933][ T5772] RBP: 0000000000000008 R08: 0000000000000005 R09: 0000000000000000 [ 697.446177][ T5772] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900048cf690 [ 697.454766][ T5772] R13: ffffc900048cf670 R14: 0000000000000178 R15: 0000000000000000 [ 697.462751][ T5772] FS: 0000000000000000(0000) GS:ffff888124477000(0000) knlGS:0000000000000000 [ 697.471704][ T5772] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 697.478313][ T5772] CR2: 0000001b2d21cff8 CR3: 000000002b738000 CR4: 00000000003526f0 [ 697.486378][ T5772] Call Trace: [ 697.489657][ T5772] [ 697.492591][ T5772] ? __pfx_vidtv_psi_ts_psi_write_into+0x10/0x10 [ 697.498937][ T5772] vidtv_psi_pmt_write_into+0x3b2/0xa70 [ 697.504505][ T5772] ? __pfx_vidtv_psi_pmt_write_into+0x10/0x10 [ 697.510583][ T5772] ? vidtv_psi_pat_write_into+0x56a/0x690 [ 697.516316][ T5772] ? __pfx_vidtv_psi_pat_write_into+0x10/0x10 [ 697.522408][ T5772] ? find_held_lock+0x2b/0x80 [ 697.527096][ T5772] ? unwind_next_frame+0x3be/0x2090 [ 697.532394][ T5772] ? unwind_next_frame+0x3be/0x2090 [ 697.537614][ T5772] vidtv_mux_push_si+0x932/0xe80 [ 697.542574][ T5772] ? __pfx_vidtv_mux_push_si+0x10/0x10 [ 697.548051][ T5772] ? arch_stack_walk+0x94/0xf0 [ 697.552829][ T5772] ? __lock_acquire+0x4a5/0x2630 [ 697.557770][ T5772] ? vidtv_memset+0x50/0x90 [ 697.562281][ T5772] ? vidtv_ts_pcr_write_into+0x45b/0x650 [ 697.567924][ T5772] ? lock_acquire+0x1c0/0x370 [ 697.572603][ T5772] ? do_raw_spin_lock+0x128/0x260 [ 697.577637][ T5772] vidtv_mux_tick+0xe93/0x1460 [ 697.582421][ T5772] ? __lock_acquire+0x4a5/0x2630 [ 697.587370][ T5772] ? __pfx_vidtv_mux_tick+0x10/0x10 [ 697.592586][ T5772] ? __lock_acquire+0x4a5/0x2630 [ 697.597529][ T5772] ? do_raw_spin_unlock+0x145/0x1e0 [ 697.602750][ T5772] ? debug_object_deactivate+0x2e4/0x3b0 [ 697.608403][ T5772] ? rcu_is_watching+0x12/0xc0 [ 697.613185][ T5772] process_one_work+0xa0e/0x1980 [ 697.618133][ T5772] ? __pfx_process_one_work+0x10/0x10 [ 697.623520][ T5772] ? __pfx_vidtv_mux_tick+0x10/0x10 [ 697.628739][ T5772] worker_thread+0x5ef/0xe50 [ 697.633340][ T5772] ? __pfx_worker_thread+0x10/0x10 [ 697.638458][ T5772] ? kthread+0x13a/0x450 [ 697.642703][ T5772] ? __pfx_worker_thread+0x10/0x10 [ 697.647821][ T5772] kthread+0x370/0x450 [ 697.651915][ T5772] ? __pfx_kthread+0x10/0x10 [ 697.656596][ T5772] ret_from_fork+0x72b/0xd50 [ 697.661194][ T5772] ? __pfx_ret_from_fork+0x10/0x10 [ 697.666309][ T5772] ? __switch_to+0x800/0x1100 [ 697.670996][ T5772] ? __switch_to_asm+0x39/0x70 [ 697.675773][ T5772] ? __pfx_kthread+0x10/0x10 [ 697.680372][ T5772] ret_from_fork_asm+0x1a/0x30 [ 697.685152][ T5772] [ 697.688184][ T5772] Modules linked in: [ 697.693295][ T5772] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 698.005866][T16351] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 698.028058][T16351] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 698.056416][ T5772] RIP: 0010:vidtv_psi_ts_psi_write_into+0x4bb/0xb40 [ 698.075938][ T5772] Code: 0b 5c d6 f9 4d 8d 65 20 4c 89 e0 48 c1 e8 03 80 3c 18 00 0f 85 fe 04 00 00 49 8b 45 20 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 <0f> b6 14 1a 38 ca 7f 08 84 d2 0f 85 c6 04 00 00 0f b6 10 48 8b 7c [ 698.113215][ T5772] RSP: 0018:ffffc900048cf3f0 EFLAGS: 00010202 [ 698.145671][ T5772] RAX: 0000000000000002 RBX: dffffc0000000000 RCX: 0000000000000002 [ 698.216736][ T5772] RDX: 0000000000000000 RSI: ffffffff8831a6b5 RDI: ffff888029f08000 [ 698.255005][ T5772] RBP: 0000000000000008 R08: 0000000000000005 R09: 0000000000000000 [ 698.293502][ T5772] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900048cf690 [ 698.316951][ T5772] R13: ffffc900048cf670 R14: 0000000000000178 R15: 0000000000000000 [ 698.335580][ T5772] FS: 0000000000000000(0000) GS:ffff888124477000(0000) knlGS:0000000000000000 [ 698.363396][ T5772] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 698.375560][ T5772] CR2: 0000001b2be2025b CR3: 000000007f492000 CR4: 00000000003526f0 [ 698.397242][ T5772] Kernel panic - not syncing: Fatal exception [ 698.403686][ T5772] Kernel Offset: disabled [ 698.408014][ T5772] Rebooting in 86400 seconds..