last executing test programs: 8.440740516s ago: executing program 2 (id=213): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x543d80, 0x0) setsockopt$auto(r0, 0xc, 0xc56e, 0x0, 0x5) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) msync$auto(0x0, 0xe0, 0x6) getsockopt$auto(0xffffffffffffffff, 0x0, 0x61, 0x0, &(0x7f00000000c0)=0x1e) r4 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x4923c1, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x10, r4, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/modalias\x00', 0x80500, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) read$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) sysfs$auto(0x2, 0x100000000000038, 0x0) readv$auto(r1, &(0x7f00000003c0)={&(0x7f00000002c0)="b6e696228894003cb01a4fb3ffdd6345b927029a86939e83b6d96dc2e19cf121e599106248d14e56521d945415d5c41aef85221e39a4f0b4721fba1d2c899bb86dab738fbcbdabfc149343a9f3c701ffcc4d328f6d1449e29941fb2d7ec87fe12c9540de50a689940cfa15479f67fcc91b7910336762367b5f8afb8ddfe348d6c4c225c039e4666930fda92dce95a252fb7e25b47c5931b9242afb3406283494620f9278a5554f5f79d37ade35c82861aef420217ba9b06f38338a7a03fb069e819e1516e2f51d08f7b706e9dc97007c96901b329a15d6556de5", 0x542}, 0x7) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyu9\x00', 0x22301, 0x0) ioctl$auto_TIOCSTI2(r5, 0x5412, 0x0) bpf$auto_BPF_MAP_DELETE_BATCH(0x1b, &(0x7f0000000180)=@raw_tracepoint={0x80000000, r5, 0x0, 0x7}, 0x5) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) 7.391760865s ago: executing program 1 (id=217): r0 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$auto_UBI_IOCATT(r0, 0x40186f40, &(0x7f0000000080)={0xffffffff, 0x0, 0x3f, 0x8, 0x1, 0x1}) (fail_nth: 3) 6.749290449s ago: executing program 1 (id=219): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSTI2(r0, 0x545c, 0x0) (async) ioctl$auto_TIOCSTI2(r0, 0x545c, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) (async) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r1 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r1, 0x29, 0x43, &(0x7f0000000040)='\xa1\x00', 0x4) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64(r2, 0x400454a4, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x9f, 0x6, 0xf8, 0xfffffffffffffffa, 0x8000) shmctl$auto_SHM_STAT(0x5, 0xd, &(0x7f0000000240)={{0x7, 0xee01, 0xffffffffffffffff, 0x2, 0x5, 0x4, 0x7}, 0xfffffffe, 0x9, 0x0, 0x8007fff, @inferred, @raw=0x8, 0x0, 0x0, &(0x7f00000000c0)="4d6343f3d1fbf392cf9f711c5a18fa8a0f1334", &(0x7f0000000300)="bacb37df8562b1fbf2dc082aca700ca041a84ba7d408ed0267f02f2ba83851d9bed9f77a65023b164601c6fb6b09b57c772af6841b1a2f252d6993e9797fe944364ea5439e7cb769a887f4e0b4cc0ff2e0dcb8c87de57a07b6b02cad34f8cb273e935ed887e962e313c9665d637527d5340d88b9ba8b1c3ea63b5047a2d68c99072be77edb50437036cb0ecda31e55e7253bcf9e007d5d9fdc340f23e6b50a"}) (async) shmctl$auto_SHM_STAT(0x5, 0xd, &(0x7f0000000240)={{0x7, 0xee01, 0xffffffffffffffff, 0x2, 0x5, 0x4, 0x7}, 0xfffffffe, 0x9, 0x0, 0x8007fff, @inferred, @raw=0x8, 0x0, 0x0, &(0x7f00000000c0)="4d6343f3d1fbf392cf9f711c5a18fa8a0f1334", &(0x7f0000000300)="bacb37df8562b1fbf2dc082aca700ca041a84ba7d408ed0267f02f2ba83851d9bed9f77a65023b164601c6fb6b09b57c772af6841b1a2f252d6993e9797fe944364ea5439e7cb769a887f4e0b4cc0ff2e0dcb8c87de57a07b6b02cad34f8cb273e935ed887e962e313c9665d637527d5340d88b9ba8b1c3ea63b5047a2d68c99072be77edb50437036cb0ecda31e55e7253bcf9e007d5d9fdc340f23e6b50a"}) socket(0x6, 0x3, 0x4) close_range$auto(0x2, 0x8, 0x0) r4 = socketcall$auto(0x8000, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) (async) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r4) (async) ioctl$auto(0x3, 0xae41, r4) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) ioprio_set$auto(0x7, r3, 0x7fff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram0\x00', 0x67f00, 0x0) (async) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram0\x00', 0x67f00, 0x0) preadv2$auto(r6, &(0x7f00000002c0)={0x0, 0x80000003}, 0x6, 0x2, 0x400, 0x2f) mmap$auto(0x0, 0x4120008, 0x46, 0xeb1, 0x401, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) (async) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x8000, 0x804000000000df, 0x40000000000ebf, 0x401, 0x8000) socket(0x1d, 0xa, 0x84) (async) socket(0x1d, 0xa, 0x84) 5.180527991s ago: executing program 1 (id=223): unshare$auto(0x40000080) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/bus/usb/024/001\x00', 0x1, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) recvmmsg$auto(r0, 0x0, 0x10801, 0x1ff, 0x0) unshare$auto(0x40000080) r1 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000100), 0x60423, 0x0) unshare$auto(0x40000080) ioctl$auto_SIOCGIFHWADDR(r1, 0x8927, 0x0) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000680)='/sys/devices/virtual/block/nbd0/make-it-fail\x00', 0xc2681, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) getpriority$auto(0x7, 0xee00) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NFC_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x845) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="100029bd7000fbdbdf25030000000400120004000d00f4beb0fb9b171e17542b5da5951110e3fb3bb82d5b63321006daee58c6fe2c7a7c8ea1ad4e05cebdca99b6a384b8021770e24609f5e4fedbe1f857f2caee83a3c43691f611878e81255c0d7b6ceee515a32de798346e07837b10a56c980d480ea5ea62f4c5f8a2151e75a9ca2f4c68af00f3322ffad3163d91bdd56f1e699482c1139740738da3f7624f2bda9d3c971aad6967dadb45868215006f8f730881f46c4da9d8cabad5cd012b0cf835a38921f86d9d688b70ad8fb632ccba"], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x8001) connect$auto(0x3, &(0x7f0000000000)=@nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x20}, 0x55) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x1e, &(0x7f0000000000), 0x1) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYRES16=r1, @ANYRES64=r0], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x91) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000100)={0x7}) mmap$auto(0x0, 0x3, 0xdb, 0xeb1, 0x401, 0x8004) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0xf) ioctl$auto_TCFLSH2(r4, 0x540b, &(0x7f0000000180)="f9dfae19c6d30c47e99390d1caaea9fe4795f1bcea2211a979ef8063b1a242750e0abedb843a2feb8cd3d83a4ce9ba0fef069adb77b9e04bfd8dc64664f19ed56d04a237f352abe8eb283109a27fcb21a7cf98b7e7e427cd0ee2d0d55fb4026a13d3de7e0aee96998dc0db12bd05d06ef6f1a87d7c8350d2f5c9974819730a9348cc06607eb7f5d546aee3306b9ac9db9764bbab7a7e2b48c20850c6e2527eecf3fafe4468e98c1233b6074c8d6ccb7479e8125b4c3f20319c9f3232f603a95bba1b31") r5 = getsockopt$auto(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) r6 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_NFC_CMD_DEV_DOWN(r5, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(!\x00\x00', @ANYRES16=r6, @ANYBLOB="00012bbd7000ffdbdf25030000000800040008000000f2001900f4599bbcf0a17a84c2fb0d721078c7097f57d36d59f399dbc76266b9b8823ecfb1a0449e5544ee72157f86896c510529ff881fc27849cf889abf9f191cd87adb6453d4dce6449cc024048ff196ce79d25660c5b43bd69f69dae8041eb9218032db1ff20a4f730d24e5f4f4f938c1c809fd5800ffc74552cccdc557c7bc613ee763d005506d37321d893d32ccf6850fbe44889b10c88aa74530a0920e647c2446b20796f0d6e4f412fa5aa34045698778a3ab0d4165863a23517affc41dcfb758885dfdc1b4c9583560926b767758ddd9fd7288b98ae24d69de41ca7a1320e601cdcd5af53c4533468445d0108902000008000100ff010000080004000300000005000b000c000000"], 0x128}, 0x1, 0x0, 0x0, 0x20001000}, 0x4040804) ioctl$auto_FIFREEZE(r5, 0xc0045878, 0x62d2) 4.483660169s ago: executing program 0 (id=225): setsockopt$auto_SO_BSDCOMPAT(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000000), 0x80001) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) syz_genetlink_get_family_id$auto_tcp_metrics(0x0, 0xffffffffffffffff) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0) (async) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0) r0 = socket(0x10, 0x2, 0x4) socket(0x10, 0x2, 0x9) (async) r1 = socket(0x10, 0x2, 0x9) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(r0, 0x0, 0xfdef) (async) write$auto(r0, 0x0, 0xfdef) r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x20904, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r3, 0x80e85411, 0x0) setreuid$auto(0x3, 0x7) (async) setreuid$auto(0x3, 0x7) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x8800, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(r4, 0xae03, 0xa) (async) ioctl$auto_KVM_CHECK_EXTENSION(r4, 0xae03, 0xa) ioprio_set$auto(0x3, 0x400000000000, 0x72e2f0a) unshare$auto(0x40000080) r5 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r2) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) socket(0xa, 0x3, 0x6) (async) r8 = socket(0xa, 0x3, 0x6) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r7, 0x7f, 0x99, 0x8, 0x1, @relative_fd=r8, 0xd}, 0x92) (async) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r7, 0x7f, 0x99, 0x8, 0x1, @relative_fd=r8, 0xd}, 0x92) r9 = getpgrp(0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_DEL_RXSC(r1, &(0x7f00000016c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001680)={&(0x7f0000000240)={0x140c, r5, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@MACSEC_ATTR_IFINDEX={0x8, 0x1, r7}, @MACSEC_ATTR_OFFLOAD={0x13ed, 0x9, 0x0, 0x1, [@generic, @nested={0x11d5, 0x99, 0x0, 0x1, [@generic="e3110a8446fe17647f1af430bb6a41c97910462acb15441596923787c7f9bf389c9fb59b9bca6d47809e86aa281583526a7f1a862c1e866efaa8e63138a81c1ab885227e80993bcf85486e59d9fb7a6667dcc30c8c434dbfd0699e6144f3d2c9190f484925144e5d7d40d7059695975cb40beb261fb6fa0217d13714ed31e320e4d88c126210a8f8a9b628d244fbf96d3a6ed45a779c39a4466799a2d7f0a3ea55715fab0e47c11ac1e95fe59d6b8c1b3f115ea89493b42207728b0b60a2d3163ab951d7949a8298d23abb233d375da25ec6d44e5a82ba3ba8b8cfa65986db512265cc25f430152bf9df003896f4c96b05d9daae65dd78dcc364c702f7f485dec2b993e0a5a7ed742cfee687689688c89de5020033079f98cff18d28dbf1ce35696ce7e512149672bbe76205d180b44a1002e96b4dca6d745e686df38d824e844cd97842b9e8033c37d2c412dac64618b57af9660e64cfacac0b6b6ac6f1f2020ca8d235afe3ec9462adf9cbd098776955868a53929d5d7e5ab6bc48a2a5ae4abf125b244e6afd98ab4ab01f8be4db2755ff35644449be6c2cf5dd8476be280be22339ea522f6099cf40d0b64ecaf52b059b77fec6d19be39d214a3d9e8b6314343c9d969d29b7f55e850d06fe15f89bcf29b0e75cd2531b7c979862276b3be533b47ae40d1562ede3a127931e188ac83dcf8db1f6c2a2d2ac8899eccbc17934d83681a624aa59f389ec11c1f2d04ab475326576d7e16c5d94a4ad648ac935b2b293bdaaa349507926e8a41685f6bb15b68091594c3c4dbe5c2072ea755d141598b6d71783ac6a4c56a80c6af4a9a1ad44d4107e48cffd211cd542285b7abe2a2abffe3f6526c94fc7a03c26d507ba6b1353d39e4bf3f983279a34c1c490d113090a21261effe5dd1de060e55e25f719c9d9988843d5d9f741917be8c8a8fe93ac777db6fe801843b49b4eb67ff12590e7a530c62e9fee30036ea114aa21930f3b4de59d12142f19247427e1d236e718201f62bc4c972ccec69599fa37e136dc735b3c13f805cbfdd1a569dd5d20d97553080ff28147b9a8547c43fe83c103e0399c7a9bf9b8dd63bc0c6d375858ddb94536de1639d9cd606614f87164c5e7856dc709fa105a793f9750c7ea9ce86c937986e2172d5e84f932f68ffe9d6148dd7a82a586896268469d5d5808df3ec919ef73653df5fb882eb01eab035e79876466d8b4b52536432920035caabfe4425b0f2dc0324604be984054c91818a43d24d7fb39e5b2e166b46a899f054278dae116f2756ff18b7343468ad4ee67acaa43f2421b5271461210c905a456af0fc0b30ea5de8c1ace2dc44f1f0615a871f43139badadfaa1a3351ddfd3972ad228ae895c6a0773b6f9389cfe1bdc9868180a72b7b44b1274930d71877b524df13088bdba9c0805cb771f8f2af29e09c862cbb988df36121e1e089e8243292c878ec087bb19a416c949b7b85074a0bc2bc6c11f5e3cd7b40f0ce2be5731bf7875d61b6af1eaf65cd6475f6d62fb2ee55d7cea048f46bf02c8f4b679b5989ad16282a86ad08349c482b3414ce374924ca5872a14f711a8ae74eef111bc1df9ed4a92dfc96cc4f8b969193d8cecd67e674f597f5efccd7647b977ee581e56b4e0fd3b9f3a569548521009fc3d5dc741462568e7398ee0af91b5bd7caec52f4c8980959ef1702c064216e682ee50c2e00d16d39eb730de543b2e31df4658c46db1c62dd07850c5825d3a39d5beb12bffe027e3694f3b7edbf76204db06930c61cef7d9a4a80c30387870141716894607dcddda7b503595fbf0075fb26934165a9d2c1161461c85321001012e4f78a39ddb45c872856604ead559caec0eface81d41aad48c31589f19136cbf95c07f6e53d8bd39d512ec32a86b9861479b400d100f2e4c21a857e6ec37e638a0e4df580d6e1908632228a42d54268ff1213b6ea27ca712b8d82e875363b4af562614334463bb2f9ac4a0c760e610d12a2995b703cee088107cd2e405c20091b1db10e308b057b134764befdde789463c202de453532b707ee7fe2bfff5a38a88e8985653411f6ec0c7cbb8e69a6598883141b6eee414c94818333f2c48717c5e482ea45e7f5a86b403bef10b073a5808e48a170177dd604c866926de4aea64933a3e1f2ec89ac08d8d9c1674cd99110b770dea0f8c8e91b55be1e67a8e2d3a4a4599560d1ac6f34fce3ba8fd3c3461f0e131fce7ff3f451deff7d88a1de8257da1ad766e9ec251ff08750ac7634443d70d76a44d66e148157ed36c8f5fdd9054f6c420a9963beae4ae9bb908cd186f21c5167120855b228414bd6911c2f0a115f86b47315fe9b9079ba5aac74432e094ca420bbaa1c572dfb9730594c45b06a75adc840dda9c80d105e7c211950e682c0b65befa30dade5e3cabe738091c9e15736a52afacc6cdc0ef0188134ee5b5a54ac8372bfd6e1c058d16574e782d3e665699282be37c09b915f097bac3c656fd43b47cb331384e2b1d5744130ba6fd2de4599f7a580650f93a9163413a22b451e62f06b7382289d8904d0037e336c8f717a60dbb7cc67904c24024995dab229fd78c747370f8ce785b26617ca0da8f4d02a130fe6635d338d4dcb64eaa6a998fae67c965ec390dd1c30cfc91c8a4b6ac6c6df3712b0e974c6fde926d055a0323955c6df26aad4f4bad02bdb919e0fd66acfff4257d0d8478e4636bbead70b191c1e08889db3475eb603bbfbd3303c8a1143895e478db9a84cbeb1b712d26a3a1e767ec943c26be2929ebd4faf7cdae4c0b63722d14393d0086e0d93c5e990dbf50e20dcf57be7ea5ef7654ecc8fd3bdbb97d0d9be62c09e0a554763d5f495867fc0e9cf70c6c8d868bf9f559bb5578320e26bd2d0be36cc5760d352b9d51e31e5bc9adf2a5c98437f7659058e5c4aa9dea3c8348d7a6e350a348349b9d7bbffa38cd94f2d0450f9238026c6c0ad9096bcd7beaf4cdf7acd1364d3169b6f9e274d819a2a7dbc78159a2faba00390ffed4cdce9592ffacc79a6dd980ca2adab02db9567c80ffbdc3f32d5558209b3fa549bdeb6988b95dfc1e8756fffaee7ad0de98a8e6f365c22b736fbded89a7d2ee523f384f274c2c337e606a03220276dbd517b986fcc5c0f01957387b7a4ebd7a9966081083d0270b6dc5e2f4a21366ef74637d84f88936bd52bef0f19c2d00ae062b98136cb811c61a4b993e991ea892051dc438ae60590cc253abe93b9865f1b343811c77948d3e926d4e0a8b6723818397cd20ee07e941a9705e453e483b665789ae795ab8738a74397f78df3e9a6af466216780b6f3ab7067fa97adc9dbe2159361f9786fd9ff2482cfbd303360d74d1f4a2f1c2c1c23ca287a603c0fb426c7ce7793fbae2cc0bceb053cf422ee61e403d486cdb4888557e86e116401f3d1c7d3c712f84679c1863452efb6ccbdde7cd5325fda8088d55844e9d3a0d47ec8d280c8a74d2838faff4f260b98f441619db9089d3b6159fdf78a5dfbccc7b82347420b2bb10a5d0d60f8eaa580d551e110f5d4fb7b302072b96f839c0d8210cd9b7357a301060dafa2b62aaf9f0cde9170e7b422eea02efc26560a57719ce749a63eb3a8b089faddd7ae6f1c16623c07d81b3015599e52b6677e42490259166f8ce609fa342745eac8894a9ba3d856fbb739967dd018371879eb8e6b40dc7976237273bc4eadc0d450c5de38f6f62142de24305805e4fc5f8a1e78297885ac92e573dd773bff99e19ad75ea6fe8ef3d382917c6a39c43364b7217b5e22b9cd8b4b20861c5d7497d9299f1d09aedfc0ed0a9568b9e23e560bfa89a0bff98fd628acf8c0262cd12d590ca676528a99b7f3a0ec22708314aa929cfa0a2645a7f2152f6b4f9a9de828f46bd10b2826a677e5dc9ebf8b2a6ece503ab6500b41bf7a9a9ffc5f5db4d82d3ef90f6f7d8b8852ef65445a4a08c331811f5fa3b35671fb30d1a837db6e1ad4ad5d90592d59e878bd6060c4af6e717a1435102ae96ad4dcd56de02cb3e580a9c07c4a72e45c68488ad20a6a01836be498a9b87be6c8a4865c27504c0236e1df52631229278ae86e7f94e8ab211ca7b98227fbaf1ad15ce7d5855f40a7ec92238ecdd82903919b072f2ab294cb7f25414252f81d9cef39f54a5c300ad623ad4ea79d379a5a9cbd23c2f26c8807d3511f08412336cad289c2d5806b8ee129bc3d7a8dca46d1f35a662348f627dd5349f4f8828707b3623ec07fc1187f1d1eafd5667da237ff493308d61803f21c4f266e80dcdae36f2919773fb9a4b1b8d2a43054848ca506d8ff9ef670d15b39dd3dae8683e3e310520a50256f2eeba87240bd31d1456b3ba797d398eada45723cc818cb37bb8b25f5110cc0ff6c8b76b9cc7eda0c20b5aabfbcb6edcb42dba7e406f26330ffe780676d36e4fe29ad6b08911a864ed3671af3a735f644db723ba265de05a86e699bc4723215bd47915bab178590319718c67c0d63c0f0b57599463f498b0c10212b5ca70a941633adc9f3c5100acc9c94c1754535ac83f2addaef5bc5c7922ba3db37163447346528d7b4932570cd1f5c2dc0f4cca0f9b1c493c5251cc89906f3be579fed4c96266e63dcec2a8ed0e02e0541551142103e82b9e252148d88f90059b817be54f79f204f91e600971ffae4914fea0782d4225e93f728af2bdd254c9f96ae284aee31f7880a0b96ba2cf9356daa0afdf111929e6ebd1cd25a2cdb6cb0e399ac02043975e35b65bc849d42e3b1cc6df7e95ebff7b6e4871db9905d2cf76a395755e92b9f90801144ec729f7d7208b95c9c285974b52e391239e5f187be8ceed8079e7bb6e05577123b95029cc2843c2f937582f700cd252cbba15b80829a59e3d1a01c695a19ef00c5d57ff47e93a532dd9e80353034d75db9c348835d65fba25cfcd0f4e4bccead29dabc532ec4a596c830df87457e6d164d6b7c3a2d89a8c952003a59b026e9b3eaa1c20a84595ece17fe2bf2ee881e2f7d87ed7d1d3e369f6d721a14a66630f9b1c522549d17dbdab0c080a6f4a1b0ee41ba56c4b61b11bf87ed6203875035a33df523f73ff9fdd17141160e4ad1ff03194133ac97ab6a89bf0991b0bc1e928350fc63dab6e3ec70c506f656c409c9e5995e81b20dcb44acb08d1077ca5a15dca146366404f6082fc82645657dcd2e97c8cf55b0cf7c59dfccca1301e7f6ec6be37f502d2e565f87c2e1e4eef3a86e4349f6212891d490fd2fff01f8b1cc4c0038dc57063f3f5146af147cc44d610c5230c5bdff5bebca8931074bec3ec24f5eac8d2b6376049af2e7376e0b97499ad35698435817a0f6bb5410c23b325d04fe48e48342b63aed68ba0775d39ff06f74c0fac2ed672c64f3e44bacf4e5b39828fb1a1baef26374e3236020f504012cf88cdd68fe8bb44b230e16e9575a87c620bc61178485abe7b2b939b2f6c9ac6cfd3c43e8e14fdee7496897b079eb37fc8dd4fa6f38eeecbdad99fd8c4a920f321f0b49fdbd92cda24068652746e7ab09600593421301f7d2c680d3eba46ef30940bac792d5fbb31f531ef91ecd708864e9c4c105c35ad97a4af05e6882be04c94797bfeb0111c703628cfb56c74a5865f2e08cdad2f4fecb795ceef6b7dd38e9059196084e707996a630dab30d455fa6f8c5d0422f08154866b18a7b011b78d589449d14e9ef65dca29062ee4f610e5bd669593406dc54cf8931d608c2095889bf9fa46506dd0f1dbf09d771d0ed8ef0344a3fee41800c5f41916581dd29bc1152eb439d7813ee05d0dff45404b2d2ae56d249", @typed={0xcc, 0x131, 0x0, 0x0, @binary="9e148c399b440d2d7539b2f492621cb260579efe4d6d3badadff4894899e0209667914c2788d77248c2b20b41133b1c308e4e52e9e9bd46ea75201e80c1be7989a4a1b5c58f92e13b75ab4e2d672f4a3964735debed1cff88590943507689f6f8c7e2bf76e9c6fc5633954810f25a150871944fb99a2e4fe38c96982521ad1143eff51613ee79e38aa7c076c65c112f2158b4cc7fa0d4579a95ecd754030db74f76ec81b8012ac61f41530c58b63f707e3b80895cb43404fec9f837551e1f8cf51a5cd8a81c5da6d"}, @typed={0x8, 0xaa, 0x0, 0x0, @pid=r9}, @generic="9049dd51bf9f791bbde016a6147daee0ec074effec4d4da605ef16a14736b8ec9f24152ad08cdbc6e6f8107c517ffb962f4127c731538b26205161ebb4999fa1924af4886e529a32619330706bf0eb07b08b40aa1534debc95c14d2c294f2091b669eb3f67a3aeb856ac32e0dda516c5719366d99f1f61a1d38a1ec00db0b641ed2745aef29f9bfc60799a2f5c892c73fd36e1cca1", @nested={0x4, 0x3d}, @nested={0x4, 0x6d}, @typed={0x57, 0x106, 0x0, 0x0, @binary="de9df6c164ccc757eb43b0b8405dbb30cddedaec26ace57499474967c04e7a78f496dd0b43b2789ad93d9b3a5ec23231a75c76c4a6e6aeed7feaabf1795cea58a4451b1edcd586a78794e11ed7f2a7f13c3747"}, @typed={0x5, 0x11a, 0x0, 0x0, @str='\x00'}]}, @nested={0x10, 0x38, 0x0, 0x1, [@typed={0x8, 0xa, 0x0, 0x0, @u32=0x3}, @nested={0x4, 0x4e}]}, @generic="f8e132f7ccd1b22b63ed1ea531a88459f5bbe7a4e0445de8e3358fdef2e4ee5a9a34e5a5061a162f42c2458f4777ee0a1a50776525c9f5527fb840d1d88bfbbb5db58a81b1e3b0fc06141122f128a781165893b248147e643db855c001dd8d9b17d940883aadb1d25f2690a0eb8ea35296cab30d266505784b6368ad11b06cee46f461fc5f53e21f45bf88b29e6a4da04f60016683bee99aeeda927612977adb430d1cfbedf30fb0795d13946f8ffbaf6e22ed1a5241fc9e0705a8b253b28a94c7", @typed={0x8, 0xd8, 0x0, 0x0, @ipv4=@multicast2}, @typed={0xf8, 0x40, 0x0, 0x0, @binary="263841e566f8d3e6a0d796314c4ef099dfe9f7eaee04cb5044e5678a82d7365d35025d88b76a8e26a27228aea165ba789f8bd0b757882a0f498c712b4620cd354c4526333ae2c336a4cd92aa8ee824a5803a1aa7473958fbd0d7a7f1f629bb560b99f6eaa049929e2d561c8079a009a1bd8d259b5cef007f0a1f354b2e67a842935d189289c6e3d35c5e495c20d37aa3ed2b2dad2dce422cc8a1515f8bb6d2c381c833ba17075e19e6c58466191fee866e1f602330331ca6ab51f37d1ca53823e2fbf47a134d96e33324f3bd0b813dd42e3f07011ae33badc527b9ea25bdf0a809af6e6bae9972e02b27f619d1d65886504973ee"}, @typed={0x3f, 0x12b, 0x0, 0x0, @binary="0a553aff7c54ee8f95c396a5008b04438597df93ad243c12f4f37f8098f656ad9dd19cf14b3af0d7e1e66d30dba25121395e3d1215bb839000a049"}]}]}, 0x140c}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000000) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) unshare$auto(0x40000080) write$auto(0xca, &(0x7f00000000c0)='\x04>\x00\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\xf9y\xc7p\xf1w\xbe\xde\xe8\xc3\x01#\xcc\tF\xb6\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1\xd5\x1e\x8f\t\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x85\x00\x00\x00\xe2E\x00\x00-a\xb6n\xbc\xb4=\xf8\xce\x01\x1f]\x85|\xce\xd7\xff\xff\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\x00\x80\x00\x00\xe9e\xe5\x80\x1c\x02\"\xa7&8U\xfd\xdc\x15\xae\xfa5\xb8}\x0e\xb4:\x91\xbb5\xd3{\xb2\xd0\xc0\x93=\xf8E\xceO\x1e\xd5\x8f\xdf\xaa\x1c\xfd\xb0h\xd8\xbc\xecA\xa6\xde\xd1=\xfd)d\x8f\vk\x1c+\xf7, \xf8]\xb3\xe9B\x02\f\'\xcf0\x06', 0x1ff) 3.66334496s ago: executing program 0 (id=227): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/039/001\x00', 0x4a901, 0x0) ioctl$auto_USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f00000001c0)={0x0, 0x5516, 0x0}) 3.442406272s ago: executing program 1 (id=229): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop11\x00', 0x0, 0x0) mmap$auto(0xce80, 0x1, 0x4000000000de, 0x40eb1, r0, 0x1) r1 = socket(0x29, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x7, 0x438) r2 = socket(0xa, 0x801, 0x106) setsockopt$auto(r2, 0x6, 0x21, 0x0, 0xf) close_range$auto(0xffffffffffffffff, r1, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) getrandom$auto(0x0, 0x8000000006000000, 0x6) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r3, 0x8000) ioctl$auto_BLKRRPART(r3, 0x125f, 0x0) mmap$auto(0x0, 0x400004, 0x9, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x805e, 0x3, 0x0) syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x503083, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, 0x0, 0x40800) unshare$auto(0x40000080) keyctl$auto(0x7, 0xfffffffb, 0x0, 0x3e, 0x8) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r5) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) bpf$auto(0x5, &(0x7f0000000080)=@enable_stats={0x6}, 0xa) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 3.303531524s ago: executing program 3 (id=231): unshare$auto(0x40000080) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) socket(0x2b, 0x1, 0x0) r1 = socket(0x1d, 0x3, 0x81) (async) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x1, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r2 = socket(0xa, 0x1, 0x84) getsockopt$auto(r2, 0x84, 0x9, 0x0, &(0x7f0000000000)=0x9b) (async) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r1, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x420000, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) (async) ioctl$auto(0x3, 0xae41, r4) ioctl$auto_KVM_CREATE_VM(r3, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event\x00', 0x20001, 0x0) write$auto(r5, &(0x7f0000009fc0)=']/\\,^-.),:\x00', 0x81a) (async) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000600)={{&(0x7f0000000400)="5cdd59f1a68d086a02a2cc1399c7b3f7410eb36cfbec7e7224eaf6de379d09771080b197b8057225ffa98bc9a7bd53a5aee9a2d48d74d149c199be3009d2d61af64942e106e9b586aabcd7ae4de8a0e87e02af7f6af674c2fc8d8a8a78916f9c23e6b8a8be7141ae87f2996f079bfcbadc2ef4a6a3e894ba7dd3d9f11bd4d05558df32f9eeb4fda5e29576787e2ced58e35355c37e1ff8a11d36a067d362a37323c582eee83ea4cc9e7f", 0x6, &(0x7f0000000540)={&(0x7f00000004c0)="35a4988620ed7f4ab66aa8948d2c0530bb25f6057ba29add8bbc1d2db5f8682804b365a0d809d366e189194941627ddf76d73565a6133f661519a99780edab37135a9058cfbea6f19ec9ad30287159ec1c6afd59583911a5239ff895b0871d32f098c6cfdef0b944fe4659694d8716"}, 0x2, &(0x7f0000000580)="6ea0838008f497d022b78e5e7eb7c80c499b948523cfff8c50f12ebc124c316e0b644f39bb8b55a743fb004e0ed1aec82d0b82794ab3801ad7705749f562a3d87256f1ec7ebea9a0fd16decd422f095cc3abfc2c4e7fcc9916d6a7139c731bdeed", 0x4, 0xc7b}, 0xfffffffe}, 0x6, 0x2) listen$auto(0x3, 0x81) (async) mmap$auto(0x0, 0x1, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mremap$auto(0x0, 0x7, 0x3fd6, 0x0, 0x1ffffffe) 3.167661123s ago: executing program 0 (id=232): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/039/001\x00', 0x4a901, 0x0) ioctl$auto_USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f00000001c0)={0x0, 0x80805513, 0x0}) (fail_nth: 6) 3.066900885s ago: executing program 2 (id=233): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000", @ANYBLOB='v\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x207, 0x4006) 2.715259741s ago: executing program 2 (id=234): mmap$auto(0x0, 0x40009, 0xe1, 0x9b72, 0x7, 0x28000) r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x57e) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r0, 0x27ffd) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000429bd7000fddbdf251f0000000800dc00020000000400ae000500a3000200000008001400470800000500180109000000cac0e2139fbcabe32cff8e9833d332ad9747f2f89070757415e86f6ef73ad895b0f2dca9a074f1d784a45a292ba08c30060083e2dc1b2eda13000ba9914ffb3a60bf5aa05e839acc42666e9e07ff8d576170227967f0848aaccc63d42bbf53610d5e8e9beac83c7fcd4e823be33f2f8d65a675a2c6e7ef16559c401db637ed227b2a4f"], 0x38}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x400, 0x0) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) mmap$auto(0x1ff0000000000, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xaa01, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) getpeername$auto(0xffffffffffffffff, 0x0, 0x0) r3 = prctl$auto(0xf4, 0x1, 0x4, 0x5, 0xb) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x10000) unshare$auto(0x40000080) mq_timedsend$auto(0xffffffffffffffff, 0x0, 0x9, 0x6, 0x0) fcntl$auto_F_ADD_SEALS(r0, 0x410, 0x0) ioctl$auto(r3, 0x800454d4, r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) fchdir$auto(r4) socket(0xa, 0x2, 0x3a) setsockopt$auto(r2, 0x5044, 0x2, 0x0, 0x10004112) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(&(0x7f0000000040)='.\x00', 0x100, 0x161) getdents64$auto(0x0, 0x0, 0x18) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_psample(0x0, 0xffffffffffffffff) close_range$auto(r0, r0, 0x4) mknod$auto(&(0x7f0000000140)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_', 0x1081, 0x9) sendmsg$auto_NL80211_CMD_SET_MAC_ACL(r2, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000004c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1400000e", @ANYRES16=r1, @ANYBLOB="010029bd7000fbdbdf255d000000"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x20048844) 2.585188855s ago: executing program 0 (id=235): mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x0, 0x8000) bpf$auto(0x2, &(0x7f00000001c0)=@batch={0x8000000000008, 0x80000001, 0x20000000010008, 0xffffffffffffc32b, 0xa6d5, 0xffffffffffffffff, 0x7, 0x6}, 0x106) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="d8010000", @ANYRES16, @ANYBLOB="01002dbd7000fcdbdf25010000000c0002000500000000000000c5000700c1007cf7c27c120e3984130834a73f9221887ac28e443c4a1a7da8d2ddcf2890cce5822826764f3f410e53f43f300d2e04700395778e7935c99f6a38f6f3e56e7d8a18d15791b3b4f9378d743a8f0cbbe1c604a782030626ead26826f4790233f19c29fbaf1da77e1b84522d05ca0f4237b24aead87b47d41805fa9967d02ad2deba1895652b8d630c30213ed8f72c1066f1bb9fb1b242d08a55d32398d8d3c635008f2c61049c8abf600a98d1d2d0b0027aecaf27d20b6ff4129883e111e1c858000000dc00090069fccb38f57447a8af8c40a03b92af7adc0c48af4308483b99aa587ed8711b4a79a383c263698842365af6807d1be1800fd492770983a6df345fb472e9fa41b667af43bc36d7063b6b93ab7661925e8d71452acd95b788c31a32ae903b96b9ed9a5e3542c625105e8f21a5b41ff3d17f8704581f4b8b75ae741d0fba8cab2e187c93eeea89f6cf6ab7cc496e0bd9759cc0b408bbe0c6eae2aa29c2d97d48a55fc0ff937c90173d61cf652f97cb301e4d7e3bac0026732e22eadd3a6c5ffa4faed6855a86814c920a650a61936305d2713db1c92a238e265c080001007f0e00000c0002"], 0x1d8}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYRES8=r1], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x8000) r2 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = socket(0x15, 0x5, 0x0) getsockopt$auto(r3, 0x114, 0x271c, 0xfffffffffffffffc, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x4004) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r0) read$auto_debugfs_full_proxy_file_operations_internal(r0, &(0x7f0000001200)=""/4096, 0x1000) mremap$auto(0x110c230000, 0x7fffffffe000, 0x101, 0x3, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC0\x00', 0x206801, 0x0) sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.343481766s ago: executing program 0 (id=236): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x3, 0xfff, 0x9b72, 0xffffffffffffffff, 0x0) mbind$auto(0xfffffffffffffffc, 0x9, 0x804, 0x0, 0x9, 0x40002) (async) mbind$auto(0xfffffffffffffffc, 0x9, 0x804, 0x0, 0x9, 0x40002) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x73d, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0x73d, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ram15\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x7ff, 0x4, 0x2c) (async) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x7ff, 0x4, 0x2c) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_GET_SUPPORTED_HV_CPUID(r1, 0xc008aec1, &(0x7f0000000100)={0x10000}) mmap$auto(0x0, 0x4, 0x6, 0x800000000eb1, 0xfffffffffffffffa, 0x8001) (async) mmap$auto(0x0, 0x4, 0x6, 0x800000000eb1, 0xfffffffffffffffa, 0x8001) mmap$auto(0x4, 0x2, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) (async) mmap$auto(0x4, 0x2, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000540)={0x2, &(0x7f0000000180)="f2d925429ecc8833ef029d317e92a863567a1aa4039bbd24308737938225756749a2cd058f981d81224e731c1514b4fd0290f2fb02e6073e000000000000b16c73b5c0cedf17801dfece4a243ff8cd09f8e3292b72b3500cefe0e7c269c25cd32701679442d287124548388dedeedd83d20b9d079d0a971a993bfa4a4499f8631caa1722a7a93bf39c2535ea752a9b05e21efeebdeaa71269153bd"}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7fff) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.2/usb3/ep_00/bEndpointAddress\x00', 0x48500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000010c0)=""/4090, 0xffa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyvf\x00', 0x109401, 0x0) ioctl$auto_TIOCVHANGUP2(r3, 0x5437, 0x0) (async) ioctl$auto_TIOCVHANGUP2(r3, 0x5437, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x112) (async) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x112) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x105}) 1.934320576s ago: executing program 1 (id=237): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) statfs$auto(&(0x7f0000000000)='}[,&*}\x00', 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x400053, 0x9) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x169000, 0x0) sysfs$auto(0x2, 0x17, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x40004) syz_clone3(0x0, 0x0) socketpair$auto(0x1e, 0x5, 0x9, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptys5\x00', 0x2000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_nlbl_calipso(&(0x7f0000000100), 0xffffffffffffffff) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00", @raw=0x1}, 0x4, 0x966, 0x3, @raw=0x404, @enumerated={0x0, 0x9, "96b69862729769b18f800acb274a6b3b9a16b87e27db8d235136c5ab260d1ad9e3ea8e1a6ed4794908d2553e05ad4ce9cb3e10ac2c991c136d7c9f83aa489f9f", 0x1, 0x1}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) syz_genetlink_get_family_id$auto_ioam6(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 1.757556927s ago: executing program 3 (id=238): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) ioctl$auto(0x3, 0xc0a85322, 0x38) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) r0 = set_tid_address$auto(&(0x7f0000000040)=0xc463) prctl$auto(0x5a, 0x1, r0, 0x5, 0x4) (async) write$auto(0xffffffffffffffff, 0x0, 0x3) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x50900, 0xe1d2b27bdc14ab70) (async) rename$auto(&(0x7f0000000480)='./file0\x00', &(0x7f0000000100)='./file1\x00') 1.648985739s ago: executing program 2 (id=239): r0 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$auto_UBI_IOCATT(r0, 0x40186f40, &(0x7f0000000080)={0xffffffff, 0x20, 0x3f, 0x8, 0x1, 0x1}) 1.600919764s ago: executing program 3 (id=240): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3e}}, 0xfffffffc) write$auto(0x3, 0x0, 0x1) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xe) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x11f, 0x0, 0xfffffffffffffffd) (async) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x11f, 0x0, 0xfffffffffffffffd) openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, 0x0, 0x42800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x202, 0x0) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) ioctl$auto(0x3, 0x5411, 0x38) (async) ioctl$auto(0x3, 0x5411, 0x38) close_range$auto(0x0, 0x5, 0x0) (async) close_range$auto(0x0, 0x5, 0x0) 1.333513055s ago: executing program 2 (id=241): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/039/001\x00', 0x4a901, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000040), 0x12000, 0x0) ioctl$auto_USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f00000001c0)={0x0, 0x80805513, 0x0}) 1.157500259s ago: executing program 3 (id=242): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x4100, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000", @ANYBLOB='v\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x207, 0x4006) 870.394525ms ago: executing program 0 (id=243): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) statfs$auto(&(0x7f0000000000)='}[,&*}\x00', 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x400053, 0x9) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x169000, 0x0) sysfs$auto(0x2, 0x17, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x40004) syz_clone3(0x0, 0x0) socketpair$auto(0x1e, 0x5, 0x9, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptys5\x00', 0x2000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_nlbl_calipso(0x0, 0xffffffffffffffff) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00", @raw=0x1}, 0x4, 0x966, 0x3, @raw=0x404, @enumerated={0x0, 0x9, "96b69862729769b18f800acb274a6b3b9a16b87e27db8d235136c5ab260d1ad9e3ea8e1a6ed4794908d2553e05ad4ce9cb3e10ac2c991c136d7c9f83aa489f9f", 0x1, 0x1}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 870.074763ms ago: executing program 3 (id=244): r0 = socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) unshare$auto(0x40000080) r1 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x61e041, 0x0) r2 = bpf$auto_BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)=@bpf_attr_5={@target_fd, r1, 0x6, 0x10001, r0, @relative_id=0x3, 0x9}, 0x1) close_range$auto(0x0, r2, 0x0) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x2001, 0x0) mmap$auto(0x0, 0x400008, 0x34, 0x1009b72, 0x2, 0x808000) mprotect$auto(0x0, 0x8000000000000001, 0x8) mmap$auto(0x0, 0xe983, 0x7, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x19d881, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, 0x0, 0x103041, 0x0) openat$auto_component_list_fops_(0xffffffffffffff9c, &(0x7f0000000300), 0x901000, 0x0) fcntl$auto_F_GETPIPE_SZ(r3, 0x408, 0x5) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x68) ioctl$auto_FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000080)) 436.870255ms ago: executing program 2 (id=245): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x10000400a}, 0x2000000000000101) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SEG6_CMD_GET_TUNSRC(r2, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x8000) mmap$auto(0x0, 0x20009, 0x4, 0xeb1, 0x405, 0x8000) sendmsg$auto_NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x24, 0x0, 0x2, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @NL80211_ATTR_FTM_RESPONDER={0xc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x8, 0x2, "141dbb9d"}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4040000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fcdbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a000500c862a41184f600000a00010000000000000000000a00010070b28a70c5dc0000080004000300000006000700ff"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(r3, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x10000) ioctl$auto_UI_SET_ABSBIT(r1, 0x40045567, 0x0) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x149443, 0xb2) mount$auto(&(0x7f0000000000)='veth1_vlan\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='hfs\x00\x81\xe2\xde\xa8\xb7\xc4G[*}\xaa{\xf1\x86\xf7d@\xe8Y\xea\xb1H\x01\xff\"^\'6\xba\xa9s\x1d\xf4\xe1i\xc5\xb6_B\xa7KFS\xc1\xa7\x8e*h\xe3\x8b\x7f\xca\xfcNEi\x84?\x82\xff\xf2\xac\xd1\xee\xf4\x9a?\xac\x11\x88\aO\x84\xe6k\a\x9bY\xddx\xb8\xdf\vHv\xb5\f\xbc\b\xc0\xfa\xc0\xfe\xa6\xce\xbd\x03\x00\x93\xdc4\x97\xce\xd5&\x93\xae\x05q\xe9\xa8?\x00\xbdi\x88q\xd0w\xfd@\r\xce\xe4\xadrt`\xf8`b\xbf\xeci\x93a\xc6o\x9ej\xe4\xa3\x9d\xaa\xe1\xe1N\n\xbcq\n[\"5\xd4\xa6\x96#).\xbd\x8aD\x88>8J\v\xb5\x99H\xc5\a\xc9\xcf\xbc\x85\xbf\x85\x81\x0f\x7f8\x11\xdbK\xf3\xc2#\x18 \xdf\x05\xcd\xbb\xc03_\xb7Q@\xf2G', 0x7, 0x0) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8000, 0x0) ioctl$auto_USBDEVFS_CONTROL(r4, 0xc0185500, 0x0) socket(0x15, 0x5, 0x0) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r5, 0xc0045002, 0x0) 123.354137ms ago: executing program 1 (id=246): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/v4l-subdev6\x00', 0x101482, 0x0) close_range$auto(0x2, 0xa, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x3, @broadcast}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r2 = ioctl$auto_TIOCGPTPEER2(0xffffffffffffffff, 0x5441, 0x0) read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f0000000040)=""/34, 0x22) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) setsockopt$auto(0x3, 0x8000000000000006, 0x1e, 0x0, 0x7ffffc) r3 = fsopen$auto(&(0x7f0000000000)='-)\\\x00', 0x2) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r3) r5 = open_tree$auto(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) r6 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000000c0), 0xffffffffffffffff) r7 = syz_clone(0x0, &(0x7f0000000100), 0x0, &(0x7f0000000140), &(0x7f0000000100), &(0x7f00000001c0)="50d1ef45d50dbbd23e87db27f484b8c82d0c3d17cea0873e34477127def0d7217efe167ada3486f2eac6161df126805bb550a9f1d57ba92b79f0e32e4b59823a1e80c94ac661494bd66eee72d3375df592a3e885b3ec87e00650bb82ea643c2dddb640b500c41f24af27c229725afaafeaf64b9dd96738b554403f27558471") ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wg2\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_NEW(r5, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000128bd7000fcdbdf2501000000080007000200000008000500ff7f00000800050002000000080007000800000008000200", @ANYRES32=r7, @ANYBLOB='\b\x00\t\x00', @ANYRES32=r8, @ANYBLOB="b6087e08", @ANYRES32=0x0, @ANYBLOB="0800050002000000"], 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x48040) fstat$auto(r3, &(0x7f00000001c0)={0x1, 0x1, 0xd, 0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10000, 0x6, 0xd, 0xca28, 0x3, 0x0, 0x4, 0x401, 0x1ff}) sendmsg$auto_NL80211_CMD_GET_WOWLAN(r1, &(0x7f0000000640)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000600)={&(0x7f0000000280)={0x358, r4, 0x20, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_MAC={0x4d, 0x6, "39946da311aab6f6a3b48cf48dd5c1feb7af4f7e8981f2e96bd8c92cbb5612060d21d9cfd0996f1f01d2b6e0d7555bf3a09467d42f733c41f5dedde7270759223583e64625a7cb2cf3"}, @NL80211_ATTR_MAC={0xe1, 0x6, "1d4204d07142d5c70177112de7649f46cf08256868627f33f56283a9e496dd248796dbd3c9c5925f4e49e887655c655f8f0bfb73e4bb49cdb7f70cf08bbce30344195d91d0cfd52b0b82d473c71071a0fa2192b6b223839d3c77af69f40d187bfdc18f4d6e810cd29533efd37de7a447fd81647329325c7c5a6ed56100912df337b9bf7cef74382c93133a22c10444d32311b209a4cf1b756693550970f1062ac8bd8d4335afc69691cf5591bcc61e312112778e7fad2a9534bcb81f071c92d8c0f0bb0804dda86d9f964492b3dd09312e2abeea610f7675807c6fe8f7"}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x2}, @NL80211_ATTR_PMK={0xa, 0xfe, "ec61b52759de"}, @NL80211_ATTR_TDLS_EXTERNAL_SETUP={0x4}, @NL80211_ATTR_HE_OBSS_PD={0x14, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET={0x5, 0x2, 0xa}, @NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0xa0}]}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_KEY={0x1dc, 0x50, 0x0, 0x1, [@nested={0xf2, 0x113, 0x0, 0x1, [@generic="f622c86dea6433369dc1d8ca0eaef9d75eb39b1c97279173ccb3159a0837dcbda9264f4c083966034180dd6dff4491a1b4de4a3a4d8764afeb317f44657b00ad4fb07a4d8bcb4efcfaa5cf336498aeedcd7942037f17de42d988743646aa", @nested={0x4, 0xe6}, @nested={0x4, 0x88}, @typed={0x8, 0x9e, 0x0, 0x0, @u32=0x99}, @generic="4c97807701047a479c1f531f1cb8b89798b7fd97659d0f302fa997eb72f47a6158b4c5caab130fd70d3f6ba647b6af3b4eb58a6fa400e4b5c9bdff86a40190dd988c", @typed={0x7, 0x7a, 0x0, 0x0, @str='-\\\x00'}, @generic="c66fa2e130f21ccdf0e1488dcdfd07527e005dedc4f3042764b1f3dba0aa98b2cb19ea69fe7c79f765ef89658018", @typed={0x8, 0x9c, 0x0, 0x0, @uid=r9}]}, @nested={0xdc, 0x9d, 0x0, 0x1, [@typed={0xd1, 0xbe, 0x0, 0x0, @binary="1eb0359d77565f95667a1c3e7c6d8cdff55d3f2ec7363073a76823b6bc77ac94241f817574c8759dce9f908b3bb0cc3b091968270c7150b67126b62d9a8f5107d93d77b8d424aaef41ee6f8aaefc5784fce698ab9d1bba08f50fec9c558b68cf73207d9865a7f29ca551798616918ce47500f75661b94a7da904c4ecdf0cfe682b017c1e677283adda99bc2326b16abeb107a5d2f6d59d87fa919ccb7849981dd91238491cc849c7e4bbe7f587d593255945956d71524c37048fd117ff2ae05ec2a35c1d67bd34466044c1ab23"}, @nested={0x4, 0xaa}]}, @typed={0x8, 0x8, 0x0, 0x0, @ipv4=@rand_addr=0x64010101}]}]}, 0x358}, 0x1, 0x0, 0x0, 0x4000080}, 0x8000) ioctl$auto_v4l2_fops_v4l2_dev(r0, 0x80085617, 0x0) 0s ago: executing program 3 (id=247): statmount$auto(&(0x7f0000000040)={0x6189, @raw=0x7, 0x4, 0x4f65b40b, 0xf}, &(0x7f0000000380)={0x55c35ef, 0x2f, 0x3, 0x62, 0x28000, 0xfffffffffffffffe, 0x0, 0x800, 0x13, 0x8, 0x5, 0x40, 0xf, 0x1, 0x9, 0x0, 0xe7, 0x1000, 0x2, 0xffffffffffffffff, 0x2d8, 0x5, 0x7, 0x2, 0x7, 0x1, 0x4, 0x4, 0xe, 0x7, 0x8, [0x61, 0xd0e, 0x8, 0x5, 0x3ff, 0x7, 0x10000, 0x1ff, 0x3, 0x121980a3, 0x4, 0x7ff, 0x5, 0x40, 0x7, 0xb1a3, 0x80000000, 0x5, 0x2a6, 0x100000000, 0x7, 0x800, 0x4, 0x3, 0x2000000000, 0x6, 0xe43, 0x5, 0x9c8, 0x4, 0x2e1, 0x100, 0x1, 0xfffffffffffff538, 0x2, 0x8, 0x8, 0x100000000, 0x7f, 0xfffffffffffffff1, 0x9, 0x0, 0x2]}, 0x9, 0xcc) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/saved_tgids\x00', 0x109100, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyz7\x00', 0x48f41, 0x0) ioctl$auto(0x3, 0x402c542d, r0) write$auto(0x3, 0x0, 0xfffffdef) r1 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) open_by_handle_at$auto(r1, &(0x7f0000000000)={0x0, 0x10002}, 0x6) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0x13, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x410002, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) writev$auto(r3, &(0x7f0000000000)={&(0x7f0000000000), 0x4}, 0x2) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) ioperm$auto(0x7, 0x6, 0x2) fremovexattr$auto(0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x405, 0x8000) socket(0xa, 0x3, 0x73) setsockopt$auto(0x400000000000003, 0x29, 0x4, 0x0, 0x3) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.109' (ED25519) to the list of known hosts. [ 72.100424][ T5811] cgroup: Unknown subsys name 'net' [ 72.169090][ T5811] cgroup: Unknown subsys name 'cpuset' [ 72.178144][ T5811] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.635070][ T5811] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.329551][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.338185][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.346453][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.356442][ T5824] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.364272][ T5824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.397175][ T5824] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.407403][ T5824] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.416851][ T5824] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.430874][ T5824] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.439458][ T5824] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.458064][ T5145] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.466844][ T5145] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.490369][ T5145] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.502682][ T5145] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.510753][ T5145] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.534330][ T5829] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.544119][ T5829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.561990][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.577046][ T5829] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.585935][ T5829] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.909464][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 76.046195][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 76.151829][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.159218][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.166828][ T5822] bridge_slave_0: entered allmulticast mode [ 76.173947][ T5822] bridge_slave_0: entered promiscuous mode [ 76.188415][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 76.205812][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.213431][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.220918][ T5822] bridge_slave_1: entered allmulticast mode [ 76.228091][ T5822] bridge_slave_1: entered promiscuous mode [ 76.346775][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.364380][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.381184][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.388753][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.396129][ T5828] bridge_slave_0: entered allmulticast mode [ 76.404058][ T5828] bridge_slave_0: entered promiscuous mode [ 76.412080][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 76.438189][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.445361][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.454061][ T5828] bridge_slave_1: entered allmulticast mode [ 76.461181][ T5828] bridge_slave_1: entered promiscuous mode [ 76.524815][ T5822] team0: Port device team_slave_0 added [ 76.554002][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.565930][ T5822] team0: Port device team_slave_1 added [ 76.589082][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.609784][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.617255][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.624436][ T5825] bridge_slave_0: entered allmulticast mode [ 76.631863][ T5825] bridge_slave_0: entered promiscuous mode [ 76.668257][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.675529][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.682994][ T5825] bridge_slave_1: entered allmulticast mode [ 76.690446][ T5825] bridge_slave_1: entered promiscuous mode [ 76.713004][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.720106][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 76.746227][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.759078][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.766216][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 76.792223][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.824993][ T5828] team0: Port device team_slave_0 added [ 76.861615][ T5828] team0: Port device team_slave_1 added [ 76.870892][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.884605][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.891974][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.899540][ T5831] bridge_slave_0: entered allmulticast mode [ 76.906809][ T5831] bridge_slave_0: entered promiscuous mode [ 76.941129][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.950889][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.958203][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.965882][ T5831] bridge_slave_1: entered allmulticast mode [ 76.972880][ T5831] bridge_slave_1: entered promiscuous mode [ 76.990219][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.997323][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.023563][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.068624][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.075836][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.101917][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.139053][ T5822] hsr_slave_0: entered promiscuous mode [ 77.146137][ T5822] hsr_slave_1: entered promiscuous mode [ 77.161661][ T5825] team0: Port device team_slave_0 added [ 77.170022][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.182507][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.195193][ T5825] team0: Port device team_slave_1 added [ 77.279258][ T5831] team0: Port device team_slave_0 added [ 77.296071][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.303054][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.329010][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.352675][ T5831] team0: Port device team_slave_1 added [ 77.365050][ T5828] hsr_slave_0: entered promiscuous mode [ 77.371680][ T5828] hsr_slave_1: entered promiscuous mode [ 77.378083][ T5828] debugfs: 'hsr0' already exists in 'hsr' [ 77.383964][ T5828] Cannot create hsr debugfs directory [ 77.390599][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.398010][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.424185][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.436532][ T5829] Bluetooth: hci0: command tx timeout [ 77.500108][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.508874][ T5829] Bluetooth: hci1: command tx timeout [ 77.515051][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.541813][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.554099][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.561171][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.585896][ T5829] Bluetooth: hci2: command tx timeout [ 77.587650][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.665731][ T5829] Bluetooth: hci3: command tx timeout [ 77.670233][ T5825] hsr_slave_0: entered promiscuous mode [ 77.677882][ T5825] hsr_slave_1: entered promiscuous mode [ 77.684337][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 77.690455][ T5825] Cannot create hsr debugfs directory [ 77.785312][ T5831] hsr_slave_0: entered promiscuous mode [ 77.791745][ T5831] hsr_slave_1: entered promiscuous mode [ 77.798105][ T5831] debugfs: 'hsr0' already exists in 'hsr' [ 77.803848][ T5831] Cannot create hsr debugfs directory [ 78.112933][ T5822] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 78.138971][ T5822] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 78.150889][ T5822] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 78.160943][ T5822] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 78.268144][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.286571][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.298155][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.309988][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.404325][ T5825] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 78.423873][ T5825] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 78.448777][ T5825] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 78.459767][ T5825] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 78.487228][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.546924][ T5831] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 78.569868][ T5831] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 78.587181][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.594207][ T5831] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 78.609755][ T5831] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 78.631907][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.639192][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.682428][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.689604][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.765385][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.840139][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.874779][ T3574] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.882001][ T3574] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.928163][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.937976][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.945142][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.024811][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.039980][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.060100][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.067286][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.123821][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.139852][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.147041][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.189406][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.196618][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.207607][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.214779][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.241656][ T5825] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 79.253087][ T5825] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.341796][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.439333][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.506589][ T5829] Bluetooth: hci0: command tx timeout [ 79.524334][ T5822] veth0_vlan: entered promiscuous mode [ 79.583522][ T5822] veth1_vlan: entered promiscuous mode [ 79.590935][ T5829] Bluetooth: hci1: command tx timeout [ 79.640416][ T5822] veth0_macvtap: entered promiscuous mode [ 79.665951][ T5829] Bluetooth: hci2: command tx timeout [ 79.670800][ T5822] veth1_macvtap: entered promiscuous mode [ 79.710171][ T5828] veth0_vlan: entered promiscuous mode [ 79.738832][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.746542][ T5829] Bluetooth: hci3: command tx timeout [ 79.753895][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.769894][ T5828] veth1_vlan: entered promiscuous mode [ 79.784562][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.820819][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.831203][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.860660][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.874949][ T5828] veth0_macvtap: entered promiscuous mode [ 79.882843][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.915291][ T5828] veth1_macvtap: entered promiscuous mode [ 79.937814][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.005177][ T3574] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.026321][ T3574] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.071981][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.081660][ T5825] veth0_vlan: entered promiscuous mode [ 80.097087][ T3574] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.102929][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.106136][ T3574] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.130213][ T5825] veth1_vlan: entered promiscuous mode [ 80.177931][ T79] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.217202][ T79] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.222334][ T5822] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 80.228027][ T79] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.270255][ T5825] veth0_macvtap: entered promiscuous mode [ 80.277914][ T79] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.287933][ T5831] veth0_vlan: entered promiscuous mode [ 80.310888][ T5825] veth1_macvtap: entered promiscuous mode [ 80.356170][ T5831] veth1_vlan: entered promiscuous mode [ 80.397551][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.432626][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.462844][ T3574] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.485188][ T3574] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.501909][ T3506] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.511728][ T3506] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.553040][ T5904] Malformed UNC in devname [ 80.553040][ T5904] [ 80.564797][ T5904] CIFS: VFS: Malformed UNC in devname [ 80.574959][ T3506] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.584231][ T3506] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.601806][ T5904] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 80.619686][ T5831] veth0_macvtap: entered promiscuous mode [ 80.660805][ T5831] veth1_macvtap: entered promiscuous mode [ 80.709368][ T3506] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.723218][ T3506] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.787953][ T105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.811110][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.816034][ T105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.919554][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.944444][ T3574] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.966752][ T3574] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.989130][ T3506] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.011670][ T3506] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.046562][ T3506] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.055312][ T3506] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.349620][ T3506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.396321][ T3506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.494970][ T3574] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.505007][ T3574] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.586186][ T5829] Bluetooth: hci0: command tx timeout [ 81.678317][ T5829] Bluetooth: hci1: command tx timeout [ 81.745773][ T5829] Bluetooth: hci2: command tx timeout [ 81.826693][ T5829] Bluetooth: hci3: command tx timeout [ 82.832636][ T5952] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 82.884971][ T5952] FAULT_INJECTION: forcing a failure. [ 82.884971][ T5952] name failslab, interval 1, probability 0, space 0, times 1 [ 82.926035][ T5952] CPU: 0 UID: 0 PID: 5952 Comm: syz.0.12 Not tainted syzkaller #0 PREEMPT(full) [ 82.926072][ T5952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 82.926096][ T5952] Call Trace: [ 82.926105][ T5952] [ 82.926116][ T5952] dump_stack_lvl+0x100/0x190 [ 82.926167][ T5952] should_fail_ex.cold+0x5/0xa [ 82.926198][ T5952] should_failslab+0xc2/0x120 [ 82.926227][ T5952] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 82.926265][ T5952] ? parse_pred+0x2d4/0x3070 [ 82.926314][ T5952] kmemdup_nul+0x49/0xd0 [ 82.926343][ T5952] parse_pred+0x2d4/0x3070 [ 82.926395][ T5952] ? __pfx_parse_pred+0x10/0x10 [ 82.926451][ T5952] ? rcu_is_watching+0x12/0xc0 [ 82.926495][ T5952] ? trace_kmalloc+0x101/0x130 [ 82.926524][ T5952] ? __kmalloc_noprof+0x320/0x850 [ 82.926576][ T5952] process_preds+0x6a6/0x1d90 [ 82.926629][ T5952] ? create_filter_start.constprop.0+0x134/0x310 [ 82.926676][ T5952] create_filter+0x140/0x210 [ 82.926721][ T5952] ? __pfx_create_filter+0x10/0x10 [ 82.926769][ T5952] ? find_held_lock+0x2b/0x80 [ 82.926804][ T5952] apply_event_filter+0x220/0x500 [ 82.926851][ T5952] ? __pfx_apply_event_filter+0x10/0x10 [ 82.926909][ T5952] event_filter_write+0x16d/0x290 [ 82.926947][ T5952] vfs_write+0x2aa/0x1070 [ 82.926977][ T5952] ? __pfx_event_filter_write+0x10/0x10 [ 82.927016][ T5952] ? __pfx_vfs_write+0x10/0x10 [ 82.927043][ T5952] ? __fget_files+0x215/0x3d0 [ 82.927081][ T5952] ? __fget_files+0x21f/0x3d0 [ 82.927120][ T5952] ksys_write+0x12a/0x250 [ 82.927149][ T5952] ? __pfx_ksys_write+0x10/0x10 [ 82.927189][ T5952] do_syscall_64+0x106/0xf80 [ 82.927217][ T5952] ? clear_bhb_loop+0x40/0x90 [ 82.927262][ T5952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.927292][ T5952] RIP: 0033:0x7f816c99c819 [ 82.927317][ T5952] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 82.927352][ T5952] RSP: 002b:00007f816d7b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 82.927381][ T5952] RAX: ffffffffffffffda RBX: 00007f816cc15fa0 RCX: 00007f816c99c819 [ 82.927400][ T5952] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 82.927417][ T5952] RBP: 00007f816ca32c91 R08: 0000000000000000 R09: 0000000000000000 [ 82.927435][ T5952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 82.927451][ T5952] R13: 00007f816cc16038 R14: 00007f816cc15fa0 R15: 00007ffce4020018 [ 82.927490][ T5952] [ 83.666968][ T5829] Bluetooth: hci0: command tx timeout [ 83.745689][ T5829] Bluetooth: hci1: command tx timeout [ 83.826438][ T5829] Bluetooth: hci2: command tx timeout [ 83.905747][ T5829] Bluetooth: hci3: command tx timeout [ 84.464515][ T5959] FAULT_INJECTION: forcing a failure. [ 84.464515][ T5959] name failslab, interval 1, probability 0, space 0, times 0 [ 84.477972][ T5959] CPU: 1 UID: 0 PID: 5959 Comm: syz.0.13 Not tainted syzkaller #0 PREEMPT(full) [ 84.477994][ T5959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 84.478003][ T5959] Call Trace: [ 84.478008][ T5959] [ 84.478014][ T5959] dump_stack_lvl+0x100/0x190 [ 84.478041][ T5959] should_fail_ex.cold+0x5/0xa [ 84.478061][ T5959] should_failslab+0xc2/0x120 [ 84.478077][ T5959] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 84.478100][ T5959] ? __pmd_alloc+0xbf/0x950 [ 84.478131][ T5959] __pmd_alloc+0xbf/0x950 [ 84.478150][ T5959] __handle_mm_fault+0xa9e/0x2b60 [ 84.478174][ T5959] ? mt_find+0x45e/0x8e0 [ 84.478191][ T5959] ? __pfx___handle_mm_fault+0x10/0x10 [ 84.478210][ T5959] ? __pfx_mt_find+0x10/0x10 [ 84.478236][ T5959] ? find_vma+0xbf/0x140 [ 84.478250][ T5959] ? __pfx_find_vma+0x10/0x10 [ 84.478267][ T5959] handle_mm_fault+0x36d/0xa20 [ 84.478291][ T5959] do_user_addr_fault+0x74c/0x12f0 [ 84.478312][ T5959] exc_page_fault+0x6f/0xd0 [ 84.478327][ T5959] asm_exc_page_fault+0x26/0x30 [ 84.478341][ T5959] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 84.478361][ T5959] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 [ 84.478374][ T5959] RSP: 0018:ffffc900046b7d30 EFLAGS: 00050202 [ 84.478386][ T5959] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 84.478395][ T5959] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc900046b7da0 [ 84.478404][ T5959] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff520008d6fb4 [ 84.478413][ T5959] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 84.478421][ T5959] R13: ffffc900046b7da0 R14: 0000000000000000 R15: 0000000000000000 [ 84.478439][ T5959] _copy_from_user+0x98/0xd0 [ 84.478459][ T5959] do_sock_getsockopt+0x30b/0x3d0 [ 84.478478][ T5959] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 84.478504][ T5959] __sys_getsockopt+0x133/0x1d0 [ 84.478532][ T5959] ? __x64_sys_getsockopt+0xbd/0x160 [ 84.478554][ T5959] __x64_sys_getsockopt+0xbd/0x160 [ 84.478575][ T5959] ? do_syscall_64+0x95/0xf80 [ 84.478589][ T5959] ? lockdep_hardirqs_on+0x78/0x100 [ 84.478603][ T5959] do_syscall_64+0x106/0xf80 [ 84.478617][ T5959] ? clear_bhb_loop+0x40/0x90 [ 84.478634][ T5959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.478649][ T5959] RIP: 0033:0x7f816c99c819 [ 84.478661][ T5959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.478674][ T5959] RSP: 002b:00007f816d7b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 84.478687][ T5959] RAX: ffffffffffffffda RBX: 00007f816cc15fa0 RCX: 00007f816c99c819 [ 84.478696][ T5959] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000007 [ 84.478704][ T5959] RBP: 00007f816ca32c91 R08: 0000000000000000 R09: 0000000000000000 [ 84.478712][ T5959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.478720][ T5959] R13: 00007f816cc16038 R14: 00007f816cc15fa0 R15: 00007ffce4020018 [ 84.478739][ T5959] [ 85.161677][ T5969] FAULT_INJECTION: forcing a failure. [ 85.161677][ T5969] name failslab, interval 1, probability 0, space 0, times 0 [ 85.198829][ T5969] CPU: 0 UID: 0 PID: 5969 Comm: syz.1.15 Not tainted syzkaller #0 PREEMPT(full) [ 85.198865][ T5969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 85.198881][ T5969] Call Trace: [ 85.198889][ T5969] [ 85.198899][ T5969] dump_stack_lvl+0x100/0x190 [ 85.198944][ T5969] should_fail_ex.cold+0x5/0xa [ 85.198975][ T5969] should_failslab+0xc2/0x120 [ 85.199013][ T5969] __kmalloc_node_noprof+0xe6/0x850 [ 85.199053][ T5969] ? alloc_slab_obj_exts+0xae/0x260 [ 85.199104][ T5969] alloc_slab_obj_exts+0xae/0x260 [ 85.199142][ T5969] __memcg_slab_post_alloc_hook+0x246/0x990 [ 85.199181][ T5969] ? kasan_save_track+0x14/0x30 [ 85.199208][ T5969] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 85.199247][ T5969] ? __d_alloc+0x34/0xa80 [ 85.199282][ T5969] __d_alloc+0x34/0xa80 [ 85.199315][ T5969] d_alloc_pseudo+0x1c/0xc0 [ 85.199351][ T5969] alloc_file_pseudo+0xcf/0x230 [ 85.199386][ T5969] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 85.199417][ T5969] ? alloc_fd+0x476/0x790 [ 85.199445][ T5969] ? do_raw_spin_unlock+0x145/0x1e0 [ 85.199493][ T5969] __anon_inode_getfile+0xe8/0x280 [ 85.199528][ T5969] anon_inode_getfile_fmode+0x37/0xa0 [ 85.199562][ T5969] do_eventfd+0x159/0x2b0 [ 85.199601][ T5969] __x64_sys_eventfd+0x32/0x50 [ 85.199638][ T5969] do_syscall_64+0x106/0xf80 [ 85.199662][ T5969] ? clear_bhb_loop+0x40/0x90 [ 85.199692][ T5969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.199718][ T5969] RIP: 0033:0x7f7d9d79c819 [ 85.199738][ T5969] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.199761][ T5969] RSP: 002b:00007f7d9e6fb028 EFLAGS: 00000246 ORIG_RAX: 000000000000011c [ 85.199785][ T5969] RAX: ffffffffffffffda RBX: 00007f7d9da15fa0 RCX: 00007f7d9d79c819 [ 85.199802][ T5969] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 85.199816][ T5969] RBP: 00007f7d9d832c91 R08: 0000000000000000 R09: 0000000000000000 [ 85.199831][ T5969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.199846][ T5969] R13: 00007f7d9da16038 R14: 00007f7d9da15fa0 R15: 00007ffc5bceb358 [ 85.199879][ T5969] [ 85.478721][ T5969] process 'syz.1.15' launched '/dev/fd/3' with NULL argv: empty string added [ 85.767384][ T5978] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 86.790428][ T981] cfg80211: failed to load regulatory.db [ 86.825923][ T5991] FAULT_INJECTION: forcing a failure. [ 86.825923][ T5991] name failslab, interval 1, probability 0, space 0, times 0 [ 86.839092][ T5991] CPU: 1 UID: 0 PID: 5991 Comm: syz.2.19 Not tainted syzkaller #0 PREEMPT(full) [ 86.839120][ T5991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 86.839128][ T5991] Call Trace: [ 86.839134][ T5991] [ 86.839140][ T5991] dump_stack_lvl+0x100/0x190 [ 86.839179][ T5991] should_fail_ex.cold+0x5/0xa [ 86.839198][ T5991] ? lsm_blob_alloc+0x68/0x90 [ 86.839225][ T5991] should_failslab+0xc2/0x120 [ 86.839243][ T5991] __kmalloc_noprof+0xe0/0x850 [ 86.839266][ T5991] ? trace_kmem_cache_alloc+0xf3/0x120 [ 86.839286][ T5991] lsm_blob_alloc+0x68/0x90 [ 86.839308][ T5991] security_sk_alloc+0x2d/0x290 [ 86.839325][ T5991] sk_prot_alloc+0x1d1/0x2a0 [ 86.839344][ T5991] sk_alloc+0x36/0xe80 [ 86.839366][ T5991] inet6_create+0x385/0x12b0 [ 86.839382][ T5991] ? inet6_create+0x7f/0x12b0 [ 86.839398][ T5991] __sock_create+0x339/0x860 [ 86.839419][ T5991] inet_ctl_sock_create+0x94/0x230 [ 86.839438][ T5991] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 86.839457][ T5991] ? __asan_memcpy+0x3c/0x60 [ 86.839479][ T5991] ? __pfx_tcpv6_net_init+0x10/0x10 [ 86.839494][ T5991] tcpv6_net_init+0x31/0xc0 [ 86.839510][ T5991] ops_init+0x1e2/0x5f0 [ 86.839526][ T5991] setup_net+0x118/0x3a0 [ 86.839541][ T5991] ? __pfx_setup_net+0x10/0x10 [ 86.839554][ T5991] ? lockdep_init_map_type+0x5c/0x250 [ 86.839575][ T5991] ? mutex_init_lockep+0x110/0x150 [ 86.839598][ T5991] copy_net_ns+0x46f/0x7c0 [ 86.839616][ T5991] create_new_namespaces+0x3ea/0xac0 [ 86.839637][ T5991] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 86.839655][ T5991] ksys_unshare+0x473/0xad0 [ 86.839675][ T5991] ? __pfx_ksys_unshare+0x10/0x10 [ 86.839701][ T5991] __x64_sys_unshare+0x31/0x40 [ 86.839719][ T5991] do_syscall_64+0x106/0xf80 [ 86.839734][ T5991] ? clear_bhb_loop+0x40/0x90 [ 86.839752][ T5991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.839767][ T5991] RIP: 0033:0x7ff91839c819 [ 86.839781][ T5991] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.839795][ T5991] RSP: 002b:00007ff9165f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 86.839809][ T5991] RAX: ffffffffffffffda RBX: 00007ff918615fa0 RCX: 00007ff91839c819 [ 86.839819][ T5991] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 86.839828][ T5991] RBP: 00007ff918432c91 R08: 0000000000000000 R09: 0000000000000000 [ 86.839837][ T5991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.839846][ T5991] R13: 00007ff918616038 R14: 00007ff918615fa0 R15: 00007fff33160118 [ 86.839866][ T5991] [ 87.850997][ T6017] ubi0: attaching mtd0 [ 87.855275][ T6017] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 90.151514][ T6062] Zero length message leads to an empty skb [ 91.165971][ T6073] Malformed UNC in devname [ 91.165971][ T6073] [ 91.229994][ T6073] CIFS: VFS: Malformed UNC in devname [ 91.869863][ T6087] FAULT_INJECTION: forcing a failure. [ 91.869863][ T6087] name failslab, interval 1, probability 0, space 0, times 0 [ 92.015374][ T6087] CPU: 1 UID: 0 PID: 6087 Comm: syz.2.31 Not tainted syzkaller #0 PREEMPT(full) [ 92.015413][ T6087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 92.015430][ T6087] Call Trace: [ 92.015438][ T6087] [ 92.015448][ T6087] dump_stack_lvl+0x100/0x190 [ 92.015500][ T6087] should_fail_ex.cold+0x5/0xa [ 92.015533][ T6087] should_failslab+0xc2/0x120 [ 92.015563][ T6087] __kmalloc_node_noprof+0xe6/0x850 [ 92.015603][ T6087] ? alloc_slab_obj_exts+0xae/0x260 [ 92.015642][ T6087] alloc_slab_obj_exts+0xae/0x260 [ 92.015683][ T6087] __memcg_slab_post_alloc_hook+0x246/0x990 [ 92.015725][ T6087] ? kasan_save_track+0x14/0x30 [ 92.015755][ T6087] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 92.015799][ T6087] ? __d_alloc+0x34/0xa80 [ 92.015840][ T6087] __d_alloc+0x34/0xa80 [ 92.015878][ T6087] d_alloc_pseudo+0x1c/0xc0 [ 92.015920][ T6087] alloc_file_pseudo+0xcf/0x230 [ 92.015959][ T6087] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 92.015993][ T6087] ? alloc_fd+0x476/0x790 [ 92.016024][ T6087] ? do_raw_spin_unlock+0x145/0x1e0 [ 92.016071][ T6087] __anon_inode_getfile+0xe8/0x280 [ 92.016111][ T6087] anon_inode_getfile_fmode+0x37/0xa0 [ 92.016149][ T6087] do_eventfd+0x159/0x2b0 [ 92.016192][ T6087] __x64_sys_eventfd+0x32/0x50 [ 92.016233][ T6087] do_syscall_64+0x106/0xf80 [ 92.016279][ T6087] ? clear_bhb_loop+0x40/0x90 [ 92.016316][ T6087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.016363][ T6087] RIP: 0033:0x7ff91839c819 [ 92.016387][ T6087] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 92.016416][ T6087] RSP: 002b:00007ff9165f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000011c [ 92.016444][ T6087] RAX: ffffffffffffffda RBX: 00007ff918615fa0 RCX: 00007ff91839c819 [ 92.016464][ T6087] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 92.016481][ T6087] RBP: 00007ff918432c91 R08: 0000000000000000 R09: 0000000000000000 [ 92.016497][ T6087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 92.016514][ T6087] R13: 00007ff918616038 R14: 00007ff918615fa0 R15: 00007fff33160118 [ 92.016551][ T6087] [ 93.035724][ T6099] FAULT_INJECTION: forcing a failure. [ 93.035724][ T6099] name failslab, interval 1, probability 0, space 0, times 0 [ 93.050712][ T6099] CPU: 1 UID: 0 PID: 6099 Comm: syz.3.33 Not tainted syzkaller #0 PREEMPT(full) [ 93.050750][ T6099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 93.050767][ T6099] Call Trace: [ 93.050776][ T6099] [ 93.050787][ T6099] dump_stack_lvl+0x100/0x190 [ 93.050836][ T6099] should_fail_ex.cold+0x5/0xa [ 93.050871][ T6099] should_failslab+0xc2/0x120 [ 93.050904][ T6099] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 93.050947][ T6099] ? __proc_create+0x2cb/0x8c0 [ 93.050982][ T6099] __proc_create+0x2cb/0x8c0 [ 93.051012][ T6099] ? __pfx___proc_create+0x10/0x10 [ 93.051045][ T6099] ? _raw_write_unlock+0x28/0x50 [ 93.051089][ T6099] ? proc_register+0x559/0x8a0 [ 93.051122][ T6099] proc_create_reg+0x75/0x170 [ 93.051156][ T6099] proc_create_seq_private+0x8e/0x180 [ 93.051189][ T6099] ? __pfx_proc_create_seq_private+0x10/0x10 [ 93.051232][ T6099] xt_proto_init+0x3ab/0xb80 [ 93.051272][ T6099] ? __pfx_xt_proto_init+0x10/0x10 [ 93.051311][ T6099] ? net_generic+0xf4/0x2a0 [ 93.051363][ T6099] ? __pfx_ip6_tables_net_init+0x10/0x10 [ 93.051396][ T6099] ops_init+0x1e2/0x5f0 [ 93.051429][ T6099] setup_net+0x118/0x3a0 [ 93.051458][ T6099] ? __pfx_setup_net+0x10/0x10 [ 93.051484][ T6099] ? lockdep_init_map_type+0x5c/0x250 [ 93.051525][ T6099] ? mutex_init_lockep+0x110/0x150 [ 93.051570][ T6099] copy_net_ns+0x46f/0x7c0 [ 93.051604][ T6099] create_new_namespaces+0x3ea/0xac0 [ 93.051644][ T6099] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 93.051680][ T6099] ksys_unshare+0x473/0xad0 [ 93.051719][ T6099] ? __pfx_ksys_unshare+0x10/0x10 [ 93.051769][ T6099] __x64_sys_unshare+0x31/0x40 [ 93.051804][ T6099] do_syscall_64+0x106/0xf80 [ 93.051831][ T6099] ? clear_bhb_loop+0x40/0x90 [ 93.051866][ T6099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.051895][ T6099] RIP: 0033:0x7fabd199c819 [ 93.051918][ T6099] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 93.051945][ T6099] RSP: 002b:00007fabd28b7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 93.051971][ T6099] RAX: ffffffffffffffda RBX: 00007fabd1c16090 RCX: 00007fabd199c819 [ 93.051990][ T6099] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 93.052007][ T6099] RBP: 00007fabd1a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 93.052024][ T6099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 93.052040][ T6099] R13: 00007fabd1c16128 R14: 00007fabd1c16090 R15: 00007ffd5c243138 [ 93.052078][ T6099] [ 94.181293][ T5829] Bluetooth: hci0: unexpected event 0x3e length: 505 > 260 [ 94.181330][ T5829] Bluetooth: hci0: unexpected subevent 0x02 length: 504 > 260 [ 94.198412][ T5829] Bluetooth: hci0: Dropping invalid advertising data [ 94.205494][ T5829] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 97.524723][ T6181] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 97.874163][ T6185] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 97.952686][ T6183] FAULT_INJECTION: forcing a failure. [ 97.952686][ T6183] name failslab, interval 1, probability 0, space 0, times 0 [ 98.006237][ T6183] CPU: 0 UID: 0 PID: 6183 Comm: syz.3.44 Not tainted syzkaller #0 PREEMPT(full) [ 98.006260][ T6183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 98.006269][ T6183] Call Trace: [ 98.006274][ T6183] [ 98.006280][ T6183] dump_stack_lvl+0x100/0x190 [ 98.006308][ T6183] should_fail_ex.cold+0x5/0xa [ 98.006327][ T6183] should_failslab+0xc2/0x120 [ 98.006343][ T6183] __kmalloc_cache_noprof+0x7a/0x6f0 [ 98.006365][ T6183] ? alloc_tty_struct+0x96/0x8c0 [ 98.006380][ T6183] ? ptmx_open+0x102/0x3c0 [ 98.006401][ T6183] alloc_tty_struct+0x96/0x8c0 [ 98.006416][ T6183] ? __mutex_unlock_slowpath+0x15c/0x790 [ 98.006435][ T6183] ? __pfx_alloc_tty_struct+0x10/0x10 [ 98.006463][ T6183] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 98.006499][ T6183] tty_init_dev.part.0+0x20/0x470 [ 98.006518][ T6183] tty_init_dev+0x60/0x80 [ 98.006533][ T6183] ptmx_open+0x15e/0x3c0 [ 98.006552][ T6183] ? __pfx_ptmx_open+0x10/0x10 [ 98.006571][ T6183] chrdev_open+0x234/0x6a0 [ 98.006587][ T6183] ? __pfx_apparmor_file_open+0x10/0x10 [ 98.006603][ T6183] ? __pfx_chrdev_open+0x10/0x10 [ 98.006620][ T6183] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 98.006640][ T6183] do_dentry_open+0x6d8/0x1660 [ 98.006655][ T6183] ? __pfx_chrdev_open+0x10/0x10 [ 98.006676][ T6183] vfs_open+0x82/0x3f0 [ 98.006698][ T6183] path_openat+0x208c/0x31a0 [ 98.006721][ T6183] ? __pfx_path_openat+0x10/0x10 [ 98.006743][ T6183] do_file_open+0x20e/0x430 [ 98.006761][ T6183] ? __pfx_do_file_open+0x10/0x10 [ 98.006799][ T6183] ? alloc_fd+0x476/0x790 [ 98.006817][ T6183] ? do_getname+0x191/0x390 [ 98.006839][ T6183] do_sys_openat2+0x10d/0x1e0 [ 98.006860][ T6183] ? __pfx_do_sys_openat2+0x10/0x10 [ 98.006883][ T6183] ? __fget_files+0x21f/0x3d0 [ 98.006902][ T6183] __x64_sys_openat+0x12d/0x210 [ 98.006922][ T6183] ? __pfx___x64_sys_openat+0x10/0x10 [ 98.006949][ T6183] do_syscall_64+0x106/0xf80 [ 98.006963][ T6183] ? clear_bhb_loop+0x40/0x90 [ 98.006981][ T6183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.006996][ T6183] RIP: 0033:0x7fabd199c819 [ 98.007009][ T6183] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 98.007024][ T6183] RSP: 002b:00007fabd28d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 98.007040][ T6183] RAX: ffffffffffffffda RBX: 00007fabd1c15fa0 RCX: 00007fabd199c819 [ 98.007049][ T6183] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 98.007058][ T6183] RBP: 00007fabd1a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 98.007066][ T6183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.007075][ T6183] R13: 00007fabd1c16038 R14: 00007fabd1c15fa0 R15: 00007ffd5c243138 [ 98.007095][ T6183] [ 99.129492][ T6195] FAULT_INJECTION: forcing a failure. [ 99.129492][ T6195] name failslab, interval 1, probability 0, space 0, times 0 [ 99.183287][ T6195] CPU: 1 UID: 0 PID: 6195 Comm: syz.1.47 Not tainted syzkaller #0 PREEMPT(full) [ 99.183328][ T6195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 99.183345][ T6195] Call Trace: [ 99.183354][ T6195] [ 99.183364][ T6195] dump_stack_lvl+0x100/0x190 [ 99.183410][ T6195] should_fail_ex.cold+0x5/0xa [ 99.183444][ T6195] ? ops_init+0x77/0x5f0 [ 99.183470][ T6195] should_failslab+0xc2/0x120 [ 99.183502][ T6195] __kmalloc_noprof+0xe0/0x850 [ 99.183545][ T6195] ? brnf_init_net+0x2bc/0x450 [ 99.183592][ T6195] ops_init+0x77/0x5f0 [ 99.183625][ T6195] setup_net+0x118/0x3a0 [ 99.183655][ T6195] ? __pfx_setup_net+0x10/0x10 [ 99.183681][ T6195] ? lockdep_init_map_type+0x5c/0x250 [ 99.183731][ T6195] ? mutex_init_lockep+0x110/0x150 [ 99.183781][ T6195] copy_net_ns+0x46f/0x7c0 [ 99.183817][ T6195] create_new_namespaces+0x3ea/0xac0 [ 99.183858][ T6195] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 99.183894][ T6195] ksys_unshare+0x473/0xad0 [ 99.183933][ T6195] ? __pfx_ksys_unshare+0x10/0x10 [ 99.183981][ T6195] __x64_sys_unshare+0x31/0x40 [ 99.184017][ T6195] do_syscall_64+0x106/0xf80 [ 99.184044][ T6195] ? clear_bhb_loop+0x40/0x90 [ 99.184079][ T6195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.184108][ T6195] RIP: 0033:0x7f7d9d79c819 [ 99.184132][ T6195] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.184159][ T6195] RSP: 002b:00007f7d9e6fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 99.184187][ T6195] RAX: ffffffffffffffda RBX: 00007f7d9da15fa0 RCX: 00007f7d9d79c819 [ 99.184206][ T6195] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 99.184223][ T6195] RBP: 00007f7d9d832c91 R08: 0000000000000000 R09: 0000000000000000 [ 99.184241][ T6195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.184257][ T6195] R13: 00007f7d9da16038 R14: 00007f7d9da15fa0 R15: 00007ffc5bceb358 [ 99.184294][ T6195] [ 99.517286][ T6206] FAULT_INJECTION: forcing a failure. [ 99.517286][ T6206] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 99.583310][ T6206] CPU: 0 UID: 0 PID: 6206 Comm: syz.0.50 Not tainted syzkaller #0 PREEMPT(full) [ 99.583347][ T6206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 99.583363][ T6206] Call Trace: [ 99.583372][ T6206] [ 99.583382][ T6206] dump_stack_lvl+0x100/0x190 [ 99.583429][ T6206] should_fail_ex.cold+0x5/0xa [ 99.583464][ T6206] _copy_from_user+0x2e/0xd0 [ 99.583501][ T6206] memdup_user_nul+0x6c/0x120 [ 99.583532][ T6206] event_filter_write+0x47/0x290 [ 99.583568][ T6206] vfs_write+0x2aa/0x1070 [ 99.583598][ T6206] ? __pfx_event_filter_write+0x10/0x10 [ 99.583635][ T6206] ? __pfx_vfs_write+0x10/0x10 [ 99.583661][ T6206] ? __fget_files+0x215/0x3d0 [ 99.583697][ T6206] ? __fget_files+0x21f/0x3d0 [ 99.583734][ T6206] ksys_write+0x12a/0x250 [ 99.583761][ T6206] ? __pfx_ksys_write+0x10/0x10 [ 99.583799][ T6206] do_syscall_64+0x106/0xf80 [ 99.583826][ T6206] ? clear_bhb_loop+0x40/0x90 [ 99.583860][ T6206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.583888][ T6206] RIP: 0033:0x7f816c99c819 [ 99.583911][ T6206] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.583937][ T6206] RSP: 002b:00007f816d7b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 99.583962][ T6206] RAX: ffffffffffffffda RBX: 00007f816cc15fa0 RCX: 00007f816c99c819 [ 99.583986][ T6206] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 99.584002][ T6206] RBP: 00007f816d7b9090 R08: 0000000000000000 R09: 0000000000000000 [ 99.584018][ T6206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.584034][ T6206] R13: 00007f816cc16038 R14: 00007f816cc15fa0 R15: 00007ffce4020018 [ 99.584071][ T6206] [ 99.606015][ T5829] Bluetooth: hci3: unexpected event 0x3e length: 505 > 260 [ 99.766823][ T5829] Bluetooth: hci3: unexpected subevent 0x02 length: 504 > 260 [ 99.781685][ T5829] Bluetooth: hci3: Dropping invalid advertising data [ 99.788618][ T5829] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 103.246602][ T6253] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 104.509434][ T6281] Unable to find swap-space signature [ 104.929995][ T5829] Bluetooth: hci2: unexpected event 0x3e length: 505 > 260 [ 104.930033][ T5829] Bluetooth: hci2: unexpected subevent 0x02 length: 504 > 260 [ 104.945150][ T5829] Bluetooth: hci2: Dropping invalid advertising data [ 104.955245][ T5829] Bluetooth: hci2: unknown advertising packet type: 0xe9 [ 105.497189][ T6303] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 107.366441][ T6336] bond0: Unable to set up delay as MII monitoring is disabled [ 107.461243][ T6336] bond0: Unable to set up delay as MII monitoring is disabled [ 107.576110][ T6339] Malformed UNC in devname [ 107.576110][ T6339] [ 107.588007][ T6336] bond0: option updelay: invalid value (Ù) [ 107.594555][ T6339] CIFS: VFS: Malformed UNC in devname [ 107.616775][ T6336] bond0: option updelay: allowed values 0 - 2147483647 [ 107.793420][ T6347] FAULT_INJECTION: forcing a failure. [ 107.793420][ T6347] name failslab, interval 1, probability 0, space 0, times 0 [ 107.806311][ T6347] CPU: 0 UID: 0 PID: 6347 Comm: syz.3.80 Not tainted syzkaller #0 PREEMPT(full) [ 107.806333][ T6347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 107.806342][ T6347] Call Trace: [ 107.806347][ T6347] [ 107.806353][ T6347] dump_stack_lvl+0x100/0x190 [ 107.806380][ T6347] should_fail_ex.cold+0x5/0xa [ 107.806399][ T6347] should_failslab+0xc2/0x120 [ 107.806416][ T6347] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 107.806439][ T6347] ? sock_alloc_inode+0x25/0x1c0 [ 107.806456][ T6347] ? copy_net_ns+0x46f/0x7c0 [ 107.806471][ T6347] ? unshare_nsproxy_namespaces+0xc3/0x1f0 [ 107.806488][ T6347] ? ksys_unshare+0x473/0xad0 [ 107.806507][ T6347] ? __pfx_sock_alloc_inode+0x10/0x10 [ 107.806525][ T6347] sock_alloc_inode+0x25/0x1c0 [ 107.806540][ T6347] alloc_inode+0x68/0x250 [ 107.806560][ T6347] sock_alloc+0x44/0x280 [ 107.806573][ T6347] ? security_socket_create+0x7f/0x250 [ 107.806590][ T6347] sock_create_lite+0x82/0x120 [ 107.806607][ T6347] __netlink_kernel_create+0xbd/0x750 [ 107.806624][ T6347] ? __pfx___netlink_kernel_create+0x10/0x10 [ 107.806638][ T6347] ? find_held_lock+0x2b/0x80 [ 107.806652][ T6347] ? audit_net_init+0x190/0x440 [ 107.806671][ T6347] ? audit_net_init+0x190/0x440 [ 107.806694][ T6347] audit_net_init+0x1ae/0x440 [ 107.806713][ T6347] ? __pfx_audit_net_init+0x10/0x10 [ 107.806731][ T6347] ? rcu_is_watching+0x12/0xc0 [ 107.806754][ T6347] ? __pfx_audit_receive+0x10/0x10 [ 107.806767][ T6347] ? __pfx_audit_multicast_bind+0x10/0x10 [ 107.806788][ T6347] ? __pfx_audit_multicast_unbind+0x10/0x10 [ 107.806811][ T6347] ? __kmalloc_noprof+0x320/0x850 [ 107.806836][ T6347] ? __pfx_audit_net_init+0x10/0x10 [ 107.806856][ T6347] ops_init+0x1e2/0x5f0 [ 107.806872][ T6347] setup_net+0x118/0x3a0 [ 107.806887][ T6347] ? __pfx_setup_net+0x10/0x10 [ 107.806900][ T6347] ? lockdep_init_map_type+0x5c/0x250 [ 107.806920][ T6347] ? mutex_init_lockep+0x110/0x150 [ 107.806953][ T6347] copy_net_ns+0x46f/0x7c0 [ 107.806971][ T6347] create_new_namespaces+0x3ea/0xac0 [ 107.806992][ T6347] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 107.807012][ T6347] ksys_unshare+0x473/0xad0 [ 107.807031][ T6347] ? __pfx_ksys_unshare+0x10/0x10 [ 107.807058][ T6347] __x64_sys_unshare+0x31/0x40 [ 107.807076][ T6347] do_syscall_64+0x106/0xf80 [ 107.807090][ T6347] ? clear_bhb_loop+0x40/0x90 [ 107.807130][ T6347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.807145][ T6347] RIP: 0033:0x7fabd199c819 [ 107.807159][ T6347] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 107.807173][ T6347] RSP: 002b:00007fabd28d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 107.807190][ T6347] RAX: ffffffffffffffda RBX: 00007fabd1c15fa0 RCX: 00007fabd199c819 [ 107.807200][ T6347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 107.807208][ T6347] RBP: 00007fabd1a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 107.807216][ T6347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 107.807224][ T6347] R13: 00007fabd1c16038 R14: 00007fabd1c15fa0 R15: 00007ffd5c243138 [ 107.807244][ T6347] [ 107.807263][ T6347] audit: cannot initialize netlink socket in namespace [ 109.196198][ T6384] Malformed UNC in devname [ 109.196198][ T6384] [ 109.202946][ T6384] CIFS: VFS: Malformed UNC in devname [ 109.867208][ T6405] perf: Dynamic interrupt throttling disabled, can hang your system! [ 110.478091][ T6427] vhci_hcd vhci_hcd.1: invalid port number 14 [ 110.503402][ T6427] vhci_hcd vhci_hcd.1: Wrong hub descriptor type for USB 3.0 roothub. [ 110.953795][ T6442] Malformed UNC in devname [ 110.953795][ T6442] [ 110.953822][ T6442] CIFS: VFS: Malformed UNC in devname [ 111.049260][ T6450] netlink: 4 bytes leftover after parsing attributes in process `syz.3.101'. [ 111.070197][ T6450] netlink: 'syz.3.101': attribute type 1 has an invalid length. [ 111.080852][ T6450] netlink: 51505 bytes leftover after parsing attributes in process `syz.3.101'. [ 111.467795][ T6470] FAULT_INJECTION: forcing a failure. [ 111.467795][ T6470] name failslab, interval 1, probability 0, space 0, times 0 [ 111.488767][ T6471] netlink: 354 bytes leftover after parsing attributes in process `syz.1.107'. [ 111.498697][ T6470] CPU: 1 UID: 0 PID: 6470 Comm: syz.3.106 Not tainted syzkaller #0 PREEMPT(full) [ 111.498732][ T6470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 111.498746][ T6470] Call Trace: [ 111.498754][ T6470] [ 111.498763][ T6470] dump_stack_lvl+0x100/0x190 [ 111.498806][ T6470] should_fail_ex.cold+0x5/0xa [ 111.498836][ T6470] ? lsm_blob_alloc+0x68/0x90 [ 111.498871][ T6470] should_failslab+0xc2/0x120 [ 111.498902][ T6470] __kmalloc_noprof+0xe0/0x850 [ 111.498942][ T6470] ? trace_kmalloc+0x101/0x130 [ 111.498976][ T6470] lsm_blob_alloc+0x68/0x90 [ 111.499016][ T6470] security_sk_alloc+0x2d/0x290 [ 111.499046][ T6470] sk_prot_alloc+0x12a/0x2a0 [ 111.499081][ T6470] sk_alloc+0x36/0xe80 [ 111.499121][ T6470] __netlink_create+0x5e/0x2c0 [ 111.499157][ T6470] ? __wake_up+0x3f/0x60 [ 111.499189][ T6470] netlink_create+0x293/0x610 [ 111.499227][ T6470] ? __pfx_genl_bind+0x10/0x10 [ 111.499255][ T6470] ? __pfx_genl_unbind+0x10/0x10 [ 111.499279][ T6470] ? __pfx_genl_release+0x10/0x10 [ 111.499309][ T6470] __sock_create+0x339/0x860 [ 111.499347][ T6470] __sys_socket+0x14d/0x260 [ 111.499381][ T6470] ? __pfx___sys_socket+0x10/0x10 [ 111.499421][ T6470] __x64_sys_socket+0x72/0xb0 [ 111.499451][ T6470] ? lockdep_hardirqs_on+0x78/0x100 [ 111.499478][ T6470] do_syscall_64+0x106/0xf80 [ 111.499503][ T6470] ? clear_bhb_loop+0x40/0x90 [ 111.499535][ T6470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.499561][ T6470] RIP: 0033:0x7fabd199c819 [ 111.499593][ T6470] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.499618][ T6470] RSP: 002b:00007fabd28d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 111.499643][ T6470] RAX: ffffffffffffffda RBX: 00007fabd1c15fa0 RCX: 00007fabd199c819 [ 111.499660][ T6470] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 111.499676][ T6470] RBP: 00007fabd1a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 111.499692][ T6470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.499708][ T6470] R13: 00007fabd1c16038 R14: 00007fabd1c15fa0 R15: 00007ffd5c243138 [ 111.499745][ T6470] [ 111.592713][ T6470] FAULT_INJECTION: forcing a failure. [ 111.592713][ T6470] name failslab, interval 1, probability 0, space 0, times 0 [ 111.592799][ T6470] CPU: 1 UID: 0 PID: 6470 Comm: syz.3.106 Not tainted syzkaller #0 PREEMPT(full) [ 111.592831][ T6470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 111.592847][ T6470] Call Trace: [ 111.592855][ T6470] [ 111.592865][ T6470] dump_stack_lvl+0x100/0x190 [ 111.592909][ T6470] should_fail_ex.cold+0x5/0xa [ 111.592940][ T6470] ? tomoyo_encode2+0xfb/0x3c0 [ 111.592974][ T6470] should_failslab+0xc2/0x120 [ 111.593005][ T6470] __kmalloc_noprof+0xe0/0x850 [ 111.593045][ T6470] ? rcu_is_watching+0x12/0xc0 [ 111.593091][ T6470] tomoyo_encode2+0xfb/0x3c0 [ 111.593134][ T6470] tomoyo_encode+0x29/0x50 [ 111.593168][ T6470] tomoyo_realpath_from_path+0x18c/0x690 [ 111.593215][ T6470] tomoyo_check_open_permission+0x2af/0x3c0 [ 111.593247][ T6470] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 111.593310][ T6470] ? lock_acquire+0x1cf/0x380 [ 111.593343][ T6470] ? find_held_lock+0x2b/0x80 [ 111.593377][ T6470] tomoyo_file_open+0x6b/0x90 [ 111.593404][ T6470] security_file_open+0xb5/0x1e0 [ 111.593450][ T6470] do_dentry_open+0x5aa/0x1660 [ 111.593491][ T6470] vfs_open+0x82/0x3f0 [ 111.593531][ T6470] path_openat+0x208c/0x31a0 [ 111.593573][ T6470] ? __pfx_path_openat+0x10/0x10 [ 111.593616][ T6470] do_file_open+0x20e/0x430 [ 111.593648][ T6470] ? __pfx_do_file_open+0x10/0x10 [ 111.593692][ T6470] ? __pfx_kfree_link+0x10/0x10 [ 111.593740][ T6470] ? alloc_fd+0x476/0x790 [ 111.593779][ T6470] ? do_getname+0x191/0x390 [ 111.593816][ T6470] do_sys_openat2+0x10d/0x1e0 [ 111.593852][ T6470] ? __pfx_do_sys_openat2+0x10/0x10 [ 111.593898][ T6470] __x64_sys_openat+0x12d/0x210 [ 111.593934][ T6470] ? __pfx___x64_sys_openat+0x10/0x10 [ 111.593981][ T6470] do_syscall_64+0x106/0xf80 [ 111.594006][ T6470] ? clear_bhb_loop+0x40/0x90 [ 111.594038][ T6470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.594064][ T6470] RIP: 0033:0x7fabd199c819 [ 111.594083][ T6470] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.594107][ T6470] RSP: 002b:00007fabd28d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 111.594131][ T6470] RAX: ffffffffffffffda RBX: 00007fabd1c15fa0 RCX: 00007fabd199c819 [ 111.594148][ T6470] RDX: 0000000000000002 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 111.594164][ T6470] RBP: 00007fabd1a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 111.594179][ T6470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.594195][ T6470] R13: 00007fabd1c16038 R14: 00007fabd1c15fa0 R15: 00007ffd5c243138 [ 111.594230][ T6470] [ 111.594257][ T6470] ERROR: Out of memory at tomoyo_realpath_from_path. [ 112.044605][ T6489] __vm_enough_memory: pid: 6489, comm: syz.3.110, bytes: 4398046511104 not enough memory for the allocation [ 115.030015][ T6550] nvme_fcloop: unknown parameter or missing value 'Ù' [ 115.110793][ T6549] bond0: Unable to set up delay as MII monitoring is disabled [ 115.351860][ T6552] FAULT_INJECTION: forcing a failure. [ 115.351860][ T6552] name failslab, interval 1, probability 0, space 0, times 0 [ 115.390056][ T6552] CPU: 0 UID: 0 PID: 6552 Comm: syz.0.121 Not tainted syzkaller #0 PREEMPT(full) [ 115.390095][ T6552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 115.390112][ T6552] Call Trace: [ 115.390122][ T6552] [ 115.390132][ T6552] dump_stack_lvl+0x100/0x190 [ 115.390180][ T6552] should_fail_ex.cold+0x5/0xa [ 115.390215][ T6552] should_failslab+0xc2/0x120 [ 115.390247][ T6552] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 115.390301][ T6552] ? key_alloc+0x3c5/0x1310 [ 115.390335][ T6552] ? rcu_is_watching+0x12/0xc0 [ 115.390387][ T6552] key_alloc+0x3c5/0x1310 [ 115.390439][ T6552] ? __pfx_key_alloc+0x10/0x10 [ 115.390486][ T6552] keyring_alloc+0x44/0xc0 [ 115.390530][ T6552] lookup_user_key+0x9b8/0x1300 [ 115.390568][ T6552] ? __pfx_lookup_user_key+0x10/0x10 [ 115.390603][ T6552] ? __pfx_do_futex+0x10/0x10 [ 115.390646][ T6552] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 115.390691][ T6552] ? xfd_validate_state+0x129/0x190 [ 115.390737][ T6552] keyctl_keyring_link+0x22/0xe0 [ 115.390768][ T6552] __do_sys_keyctl+0x1bf/0x5a0 [ 115.390802][ T6552] do_syscall_64+0x106/0xf80 [ 115.390829][ T6552] ? clear_bhb_loop+0x40/0x90 [ 115.390865][ T6552] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.390892][ T6552] RIP: 0033:0x7f816c99c819 [ 115.390916][ T6552] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 115.390943][ T6552] RSP: 002b:00007f816d7b9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 115.390970][ T6552] RAX: ffffffffffffffda RBX: 00007f816cc15fa0 RCX: 00007f816c99c819 [ 115.390990][ T6552] RDX: ffffffffffffffff RSI: fffffffffffffffd RDI: 0000000000000008 [ 115.391008][ T6552] RBP: 00007f816ca32c91 R08: 0000000000000002 R09: 0000000000000000 [ 115.391026][ T6552] R10: 0000000000005092 R11: 0000000000000246 R12: 0000000000000000 [ 115.391043][ T6552] R13: 00007f816cc16038 R14: 00007f816cc15fa0 R15: 00007ffce4020018 [ 115.391081][ T6552] [ 117.060518][ T6595] futex_wake_op: syz.2.131 tries to shift op by -2048; fix this program [ 117.060635][ T6595] futex_wake_op: syz.2.131 tries to shift op by -2048; fix this program [ 118.311814][ T6615] nvme_fcloop: unknown parameter or missing value 'Ù' [ 119.341552][ T6636] syz.3.140 (6636): attempted to duplicate a private mapping with mremap. This is not supported. [ 124.098411][ T6717] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 124.623592][ T6724] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 126.012017][ T6749] syz.1.164 (6749) used greatest stack depth: 19672 bytes left [ 128.787126][ T6790] FAULT_INJECTION: forcing a failure. [ 128.787126][ T6790] name failslab, interval 1, probability 0, space 0, times 0 [ 128.799885][ T6790] CPU: 1 UID: 0 PID: 6790 Comm: syz.0.173 Not tainted syzkaller #0 PREEMPT(full) [ 128.799906][ T6790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 128.799916][ T6790] Call Trace: [ 128.799922][ T6790] [ 128.799928][ T6790] dump_stack_lvl+0x100/0x190 [ 128.799973][ T6790] should_fail_ex.cold+0x5/0xa [ 128.799992][ T6790] should_failslab+0xc2/0x120 [ 128.800009][ T6790] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 128.800026][ T6790] ? parse_pred+0x2d4/0x3070 [ 128.800051][ T6790] kmemdup_nul+0x49/0xd0 [ 128.800067][ T6790] parse_pred+0x2d4/0x3070 [ 128.800094][ T6790] ? __pfx_parse_pred+0x10/0x10 [ 128.800122][ T6790] ? rcu_is_watching+0x12/0xc0 [ 128.800145][ T6790] ? trace_kmalloc+0x101/0x130 [ 128.800162][ T6790] ? __kmalloc_noprof+0x320/0x850 [ 128.800188][ T6790] process_preds+0x6a6/0x1d90 [ 128.800221][ T6790] ? create_filter_start.constprop.0+0x134/0x310 [ 128.800247][ T6790] create_filter+0x140/0x210 [ 128.800271][ T6790] ? __pfx_create_filter+0x10/0x10 [ 128.800296][ T6790] ? find_held_lock+0x2b/0x80 [ 128.800313][ T6790] apply_event_filter+0x220/0x500 [ 128.800337][ T6790] ? __pfx_apply_event_filter+0x10/0x10 [ 128.800366][ T6790] event_filter_write+0x16d/0x290 [ 128.800385][ T6790] vfs_write+0x2aa/0x1070 [ 128.800400][ T6790] ? __pfx_event_filter_write+0x10/0x10 [ 128.800420][ T6790] ? __pfx_vfs_write+0x10/0x10 [ 128.800434][ T6790] ? __fget_files+0x215/0x3d0 [ 128.800453][ T6790] ? __fget_files+0x21f/0x3d0 [ 128.800473][ T6790] ksys_write+0x12a/0x250 [ 128.800486][ T6790] ? __pfx_ksys_write+0x10/0x10 [ 128.800507][ T6790] do_syscall_64+0x106/0xf80 [ 128.800521][ T6790] ? clear_bhb_loop+0x40/0x90 [ 128.800539][ T6790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.800554][ T6790] RIP: 0033:0x7f816c99c819 [ 128.800571][ T6790] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.800585][ T6790] RSP: 002b:00007f816d7b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 128.800600][ T6790] RAX: ffffffffffffffda RBX: 00007f816cc15fa0 RCX: 00007f816c99c819 [ 128.800609][ T6790] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 128.800618][ T6790] RBP: 00007f816ca32c91 R08: 0000000000000000 R09: 0000000000000000 [ 128.800627][ T6790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.800635][ T6790] R13: 00007f816cc16038 R14: 00007f816cc15fa0 R15: 00007ffce4020018 [ 128.800655][ T6790] [ 129.439619][ T6779] futex_wake_op: syz.1.171 tries to shift op by -2048; fix this program [ 129.465999][ T6779] futex_wake_op: syz.1.171 tries to shift op by -2048; fix this program [ 131.502251][ T5829] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 132.880615][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.895687][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.178434][ T6846] FAULT_INJECTION: forcing a failure. [ 133.178434][ T6846] name failslab, interval 1, probability 0, space 0, times 0 [ 133.195710][ T6846] CPU: 0 UID: 0 PID: 6846 Comm: syz.0.184 Not tainted syzkaller #0 PREEMPT(full) [ 133.195744][ T6846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 133.195758][ T6846] Call Trace: [ 133.195767][ T6846] [ 133.195777][ T6846] dump_stack_lvl+0x100/0x190 [ 133.195821][ T6846] should_fail_ex.cold+0x5/0xa [ 133.195861][ T6846] ? tomoyo_realpath_from_path+0xb6/0x690 [ 133.195900][ T6846] should_failslab+0xc2/0x120 [ 133.195931][ T6846] __kmalloc_noprof+0xe0/0x850 [ 133.195980][ T6846] tomoyo_realpath_from_path+0xb6/0x690 [ 133.196026][ T6846] tomoyo_path_number_perm+0x23c/0x580 [ 133.196059][ T6846] ? tomoyo_path_number_perm+0x22e/0x580 [ 133.196096][ T6846] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 133.196167][ T6846] ? find_held_lock+0x2b/0x80 [ 133.196195][ T6846] ? __fget_files+0x215/0x3d0 [ 133.196221][ T6846] ? hook_file_ioctl_common+0x146/0x410 [ 133.196264][ T6846] ? __fget_files+0x21f/0x3d0 [ 133.196298][ T6846] security_file_ioctl+0xd3/0x230 [ 133.196335][ T6846] __x64_sys_ioctl+0xb7/0x210 [ 133.196380][ T6846] do_syscall_64+0x106/0xf80 [ 133.196407][ T6846] ? clear_bhb_loop+0x40/0x90 [ 133.196441][ T6846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.196470][ T6846] RIP: 0033:0x7f816c99c819 [ 133.196492][ T6846] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 133.196518][ T6846] RSP: 002b:00007f816d7b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 133.196545][ T6846] RAX: ffffffffffffffda RBX: 00007f816cc15fa0 RCX: 00007f816c99c819 [ 133.196562][ T6846] RDX: 00002000000001c0 RSI: 00000000c0105512 RDI: 0000000000000003 [ 133.196579][ T6846] RBP: 00007f816d7b9090 R08: 0000000000000000 R09: 0000000000000000 [ 133.196596][ T6846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.196612][ T6846] R13: 00007f816cc16038 R14: 00007f816cc15fa0 R15: 00007ffce4020018 [ 133.196649][ T6846] [ 133.196660][ T6846] ERROR: Out of memory at tomoyo_realpath_from_path. [ 135.291401][ T6877] FAULT_INJECTION: forcing a failure. [ 135.291401][ T6877] name failslab, interval 1, probability 0, space 0, times 0 [ 135.367947][ T6877] CPU: 1 UID: 0 PID: 6877 Comm: syz.0.200 Not tainted syzkaller #0 PREEMPT(full) [ 135.367973][ T6877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 135.367982][ T6877] Call Trace: [ 135.367987][ T6877] [ 135.367993][ T6877] dump_stack_lvl+0x100/0x190 [ 135.368021][ T6877] should_fail_ex.cold+0x5/0xa [ 135.368039][ T6877] ? tomoyo_realpath_from_path+0xb6/0x690 [ 135.368061][ T6877] should_failslab+0xc2/0x120 [ 135.368078][ T6877] __kmalloc_noprof+0xe0/0x850 [ 135.368105][ T6877] tomoyo_realpath_from_path+0xb6/0x690 [ 135.368130][ T6877] tomoyo_path_number_perm+0x23c/0x580 [ 135.368148][ T6877] ? tomoyo_path_number_perm+0x22e/0x580 [ 135.368167][ T6877] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 135.368204][ T6877] ? find_held_lock+0x2b/0x80 [ 135.368218][ T6877] ? __fget_files+0x215/0x3d0 [ 135.368232][ T6877] ? hook_file_ioctl_common+0x146/0x410 [ 135.368254][ T6877] ? __fget_files+0x21f/0x3d0 [ 135.368274][ T6877] security_file_ioctl+0xd3/0x230 [ 135.368294][ T6877] __x64_sys_ioctl+0xb7/0x210 [ 135.368318][ T6877] do_syscall_64+0x106/0xf80 [ 135.368333][ T6877] ? clear_bhb_loop+0x40/0x90 [ 135.368351][ T6877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.368366][ T6877] RIP: 0033:0x7f816c99c819 [ 135.368378][ T6877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 135.368392][ T6877] RSP: 002b:00007f816d7b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 135.368406][ T6877] RAX: ffffffffffffffda RBX: 00007f816cc15fa0 RCX: 00007f816c99c819 [ 135.368415][ T6877] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000003 [ 135.368424][ T6877] RBP: 00007f816d7b9090 R08: 0000000000000000 R09: 0000000000000000 [ 135.368432][ T6877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.368440][ T6877] R13: 00007f816cc16038 R14: 00007f816cc15fa0 R15: 00007ffce4020018 [ 135.368459][ T6877] [ 135.368465][ T6877] ERROR: Out of memory at tomoyo_realpath_from_path. [ 135.616677][ T6877] ubi0: attaching mtd0 [ 135.620799][ T6877] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 135.982622][ T5829] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 136.277273][ T6900] FAULT_INJECTION: forcing a failure. [ 136.277273][ T6900] name failslab, interval 1, probability 0, space 0, times 0 [ 136.295673][ T6900] CPU: 1 UID: 0 PID: 6900 Comm: syz.0.195 Not tainted syzkaller #0 PREEMPT(full) [ 136.295708][ T6900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 136.295722][ T6900] Call Trace: [ 136.295731][ T6900] [ 136.295740][ T6900] dump_stack_lvl+0x100/0x190 [ 136.295784][ T6900] should_fail_ex.cold+0x5/0xa [ 136.295815][ T6900] ? tomoyo_encode2+0xfb/0x3c0 [ 136.295849][ T6900] should_failslab+0xc2/0x120 [ 136.295877][ T6900] __kmalloc_noprof+0xe0/0x850 [ 136.295914][ T6900] ? d_absolute_path+0x136/0x1b0 [ 136.295955][ T6900] tomoyo_encode2+0xfb/0x3c0 [ 136.295995][ T6900] tomoyo_encode+0x29/0x50 [ 136.296028][ T6900] tomoyo_realpath_from_path+0x18c/0x690 [ 136.296071][ T6900] tomoyo_path_number_perm+0x23c/0x580 [ 136.296102][ T6900] ? tomoyo_path_number_perm+0x22e/0x580 [ 136.296134][ T6900] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 136.296205][ T6900] ? find_held_lock+0x2b/0x80 [ 136.296229][ T6900] ? __fget_files+0x215/0x3d0 [ 136.296253][ T6900] ? hook_file_ioctl_common+0x146/0x410 [ 136.296292][ T6900] ? __fget_files+0x21f/0x3d0 [ 136.296322][ T6900] security_file_ioctl+0xd3/0x230 [ 136.296356][ T6900] __x64_sys_ioctl+0xb7/0x210 [ 136.296396][ T6900] do_syscall_64+0x106/0xf80 [ 136.296420][ T6900] ? clear_bhb_loop+0x40/0x90 [ 136.296451][ T6900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.296477][ T6900] RIP: 0033:0x7f816c99c819 [ 136.296497][ T6900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 136.296520][ T6900] RSP: 002b:00007f816d7b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 136.296544][ T6900] RAX: ffffffffffffffda RBX: 00007f816cc15fa0 RCX: 00007f816c99c819 [ 136.296561][ T6900] RDX: 00002000000001c0 RSI: 00000000c0105512 RDI: 0000000000000003 [ 136.296577][ T6900] RBP: 00007f816d7b9090 R08: 0000000000000000 R09: 0000000000000000 [ 136.296592][ T6900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.296607][ T6900] R13: 00007f816cc16038 R14: 00007f816cc15fa0 R15: 00007ffce4020018 [ 136.296640][ T6900] [ 136.296670][ T6900] ERROR: Out of memory at tomoyo_realpath_from_path. [ 137.410773][ T6904] FAULT_INJECTION: forcing a failure. [ 137.410773][ T6904] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 137.439406][ T6904] CPU: 0 UID: 0 PID: 6904 Comm: syz.0.206 Not tainted syzkaller #0 PREEMPT(full) [ 137.439443][ T6904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 137.439459][ T6904] Call Trace: [ 137.439467][ T6904] [ 137.439477][ T6904] dump_stack_lvl+0x100/0x190 [ 137.439524][ T6904] should_fail_ex.cold+0x5/0xa [ 137.439559][ T6904] _copy_from_user+0x2e/0xd0 [ 137.439595][ T6904] usbdev_ioctl+0xfea/0x3aa0 [ 137.439638][ T6904] ? __pfx_usbdev_ioctl+0x10/0x10 [ 137.439681][ T6904] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 137.439714][ T6904] ? do_vfs_ioctl+0x226/0x13e0 [ 137.439755][ T6904] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 137.439806][ T6904] ? find_held_lock+0x2b/0x80 [ 137.439833][ T6904] ? __fget_files+0x215/0x3d0 [ 137.439859][ T6904] ? hook_file_ioctl_common+0x146/0x410 [ 137.439901][ T6904] ? __fget_files+0x21f/0x3d0 [ 137.439934][ T6904] ? __pfx_usbdev_ioctl+0x10/0x10 [ 137.439972][ T6904] __x64_sys_ioctl+0x18e/0x210 [ 137.440016][ T6904] do_syscall_64+0x106/0xf80 [ 137.440042][ T6904] ? clear_bhb_loop+0x40/0x90 [ 137.440077][ T6904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.440105][ T6904] RIP: 0033:0x7f816c99c819 [ 137.440127][ T6904] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 137.440153][ T6904] RSP: 002b:00007f816d7b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 137.440179][ T6904] RAX: ffffffffffffffda RBX: 00007f816cc15fa0 RCX: 00007f816c99c819 [ 137.440197][ T6904] RDX: 00002000000001c0 RSI: 00000000c0105512 RDI: 0000000000000003 [ 137.440214][ T6904] RBP: 00007f816d7b9090 R08: 0000000000000000 R09: 0000000000000000 [ 137.440231][ T6904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.440246][ T6904] R13: 00007f816cc16038 R14: 00007f816cc15fa0 R15: 00007ffce4020018 [ 137.440284][ T6904] [ 137.632155][ T6907] ubi0: attaching mtd0 [ 137.637028][ T6907] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 137.930843][ T6911] ubi0: attaching mtd0 [ 137.935053][ T6911] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 138.314087][ T6923] FAULT_INJECTION: forcing a failure. [ 138.314087][ T6923] name failslab, interval 1, probability 0, space 0, times 0 [ 138.347242][ T6919] syz.2.204 uses obsolete (PF_INET,SOCK_PACKET) [ 138.375662][ T6923] CPU: 1 UID: 0 PID: 6923 Comm: syz.1.205 Not tainted syzkaller #0 PREEMPT(full) [ 138.375699][ T6923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 138.375715][ T6923] Call Trace: [ 138.375723][ T6923] [ 138.375733][ T6923] dump_stack_lvl+0x100/0x190 [ 138.375780][ T6923] should_fail_ex.cold+0x5/0xa [ 138.375814][ T6923] ? tomoyo_encode2+0xfb/0x3c0 [ 138.375851][ T6923] should_failslab+0xc2/0x120 [ 138.375882][ T6923] __kmalloc_noprof+0xe0/0x850 [ 138.375923][ T6923] ? d_absolute_path+0x136/0x1b0 [ 138.375966][ T6923] tomoyo_encode2+0xfb/0x3c0 [ 138.376015][ T6923] tomoyo_encode+0x29/0x50 [ 138.376051][ T6923] tomoyo_realpath_from_path+0x18c/0x690 [ 138.376090][ T6923] tomoyo_path_number_perm+0x23c/0x580 [ 138.376115][ T6923] ? tomoyo_path_number_perm+0x22e/0x580 [ 138.376145][ T6923] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 138.376202][ T6923] ? find_held_lock+0x2b/0x80 [ 138.376223][ T6923] ? __fget_files+0x215/0x3d0 [ 138.376247][ T6923] ? hook_file_ioctl_common+0x146/0x410 [ 138.376289][ T6923] ? __fget_files+0x21f/0x3d0 [ 138.376323][ T6923] security_file_ioctl+0xd3/0x230 [ 138.376359][ T6923] __x64_sys_ioctl+0xb7/0x210 [ 138.376401][ T6923] do_syscall_64+0x106/0xf80 [ 138.376427][ T6923] ? clear_bhb_loop+0x40/0x90 [ 138.376461][ T6923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.376488][ T6923] RIP: 0033:0x7f7d9d79c819 [ 138.376510][ T6923] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 138.376535][ T6923] RSP: 002b:00007f7d9e6fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 138.376560][ T6923] RAX: ffffffffffffffda RBX: 00007f7d9da15fa0 RCX: 00007f7d9d79c819 [ 138.376578][ T6923] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000003 [ 138.376595][ T6923] RBP: 00007f7d9e6fb090 R08: 0000000000000000 R09: 0000000000000000 [ 138.376611][ T6923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 138.376626][ T6923] R13: 00007f7d9da16038 R14: 00007f7d9da15fa0 R15: 00007ffc5bceb358 [ 138.376663][ T6923] [ 138.376688][ T6923] ERROR: Out of memory at tomoyo_realpath_from_path. [ 138.594282][ T6923] ubi0: attaching mtd0 [ 138.598480][ T6923] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 138.838771][ T6919] ima: Unable to open file: /surit‹¯Ròy/integrity?iqa/policy (-2) [ 138.898237][ T6933] capability: warning: `syz.0.209' uses 32-bit capabilities (legacy support in use) [ 139.047312][ T5829] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 139.142163][ T6937] ubi0: attaching mtd0 [ 139.146406][ T6937] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) syzkaller syzkaller login: [ 139.649152][ T6946] FAULT_INJECTION: forcing a failure. [ 139.649152][ T6946] name failslab, interval 1, probability 0, space 0, times 0 [ 139.755774][ T6946] CPU: 1 UID: 0 PID: 6946 Comm: syz.0.212 Not tainted syzkaller #0 PREEMPT(full) [ 139.755812][ T6946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 139.755828][ T6946] Call Trace: [ 139.755837][ T6946] [ 139.755847][ T6946] dump_stack_lvl+0x100/0x190 [ 139.755893][ T6946] should_fail_ex.cold+0x5/0xa [ 139.755926][ T6946] ? proc_ioctl+0x175/0x6f0 [ 139.755956][ T6946] should_failslab+0xc2/0x120 [ 139.755987][ T6946] __kmalloc_noprof+0xe0/0x850 [ 139.756034][ T6946] proc_ioctl+0x175/0x6f0 [ 139.756070][ T6946] usbdev_ioctl+0x1017/0x3aa0 [ 139.756112][ T6946] ? __pfx_usbdev_ioctl+0x10/0x10 [ 139.756155][ T6946] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 139.756194][ T6946] ? do_vfs_ioctl+0x226/0x13e0 [ 139.756235][ T6946] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 139.756286][ T6946] ? find_held_lock+0x2b/0x80 [ 139.756313][ T6946] ? __fget_files+0x215/0x3d0 [ 139.756339][ T6946] ? hook_file_ioctl_common+0x146/0x410 [ 139.756382][ T6946] ? __fget_files+0x21f/0x3d0 [ 139.756415][ T6946] ? __pfx_usbdev_ioctl+0x10/0x10 [ 139.756453][ T6946] __x64_sys_ioctl+0x18e/0x210 [ 139.756496][ T6946] do_syscall_64+0x106/0xf80 [ 139.756523][ T6946] ? clear_bhb_loop+0x40/0x90 [ 139.756557][ T6946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.756584][ T6946] RIP: 0033:0x7f816c99c819 [ 139.756606][ T6946] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 139.756630][ T6946] RSP: 002b:00007f816d7b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 139.756654][ T6946] RAX: ffffffffffffffda RBX: 00007f816cc15fa0 RCX: 00007f816c99c819 [ 139.756668][ T6946] RDX: 00002000000001c0 RSI: 00000000c0105512 RDI: 0000000000000003 [ 139.756676][ T6946] RBP: 00007f816d7b9090 R08: 0000000000000000 R09: 0000000000000000 [ 139.756685][ T6946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.756693][ T6946] R13: 00007f816cc16038 R14: 00007f816cc15fa0 R15: 00007ffce4020018 [ 139.756712][ T6946] [ 140.526263][ T6960] ubi0: attaching mtd0 [ 140.538285][ T6960] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 140.769676][ T6964] FAULT_INJECTION: forcing a failure. [ 140.769676][ T6964] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 140.933412][ T6964] CPU: 0 UID: 0 PID: 6964 Comm: syz.1.217 Not tainted syzkaller #0 PREEMPT(full) [ 140.933449][ T6964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 140.933462][ T6964] Call Trace: [ 140.933471][ T6964] [ 140.933479][ T6964] dump_stack_lvl+0x100/0x190 [ 140.933522][ T6964] should_fail_ex.cold+0x5/0xa [ 140.933553][ T6964] _copy_from_user+0x2e/0xd0 [ 140.933585][ T6964] ctrl_cdev_ioctl+0x143/0x400 [ 140.933614][ T6964] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 140.933650][ T6964] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 140.933680][ T6964] __x64_sys_ioctl+0x18e/0x210 [ 140.933720][ T6964] do_syscall_64+0x106/0xf80 [ 140.933744][ T6964] ? clear_bhb_loop+0x40/0x90 [ 140.933781][ T6964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.933807][ T6964] RIP: 0033:0x7f7d9d79c819 [ 140.933827][ T6964] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 140.933850][ T6964] RSP: 002b:00007f7d9e6fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 140.933874][ T6964] RAX: ffffffffffffffda RBX: 00007f7d9da15fa0 RCX: 00007f7d9d79c819 [ 140.933891][ T6964] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000003 [ 140.933906][ T6964] RBP: 00007f7d9e6fb090 R08: 0000000000000000 R09: 0000000000000000 [ 140.933921][ T6964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.933935][ T6964] R13: 00007f7d9da16038 R14: 00007f7d9da15fa0 R15: 00007ffc5bceb358 [ 140.933968][ T6964] [ 141.968387][ T6979] FAULT_INJECTION: forcing a failure. [ 141.968387][ T6979] name failslab, interval 1, probability 0, space 0, times 0 [ 142.024164][ T6979] CPU: 1 UID: 0 PID: 6979 Comm: syz.3.220 Tainted: G L syzkaller #0 PREEMPT(full) [ 142.024209][ T6979] Tainted: [L]=SOFTLOCKUP [ 142.024218][ T6979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 142.024233][ T6979] Call Trace: [ 142.024242][ T6979] [ 142.024252][ T6979] dump_stack_lvl+0x100/0x190 [ 142.024300][ T6979] should_fail_ex.cold+0x5/0xa [ 142.024335][ T6979] should_failslab+0xc2/0x120 [ 142.024369][ T6979] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 142.024399][ T6979] ? parse_pred+0x2d4/0x3070 [ 142.024452][ T6979] kmemdup_nul+0x49/0xd0 [ 142.024483][ T6979] parse_pred+0x2d4/0x3070 [ 142.024536][ T6979] ? __pfx_parse_pred+0x10/0x10 [ 142.024594][ T6979] ? rcu_is_watching+0x12/0xc0 [ 142.024640][ T6979] ? trace_kmalloc+0x101/0x130 [ 142.024723][ T6979] ? __kmalloc_noprof+0x320/0x850 [ 142.024775][ T6979] process_preds+0x6a6/0x1d90 [ 142.024829][ T6979] ? create_filter_start.constprop.0+0x134/0x310 [ 142.024881][ T6979] create_filter+0x140/0x210 [ 142.024929][ T6979] ? __pfx_create_filter+0x10/0x10 [ 142.024985][ T6979] ? find_held_lock+0x2b/0x80 [ 142.025020][ T6979] apply_event_filter+0x220/0x500 [ 142.025069][ T6979] ? __pfx_apply_event_filter+0x10/0x10 [ 142.025128][ T6979] event_filter_write+0x16d/0x290 [ 142.025166][ T6979] vfs_write+0x2aa/0x1070 [ 142.025197][ T6979] ? __pfx_event_filter_write+0x10/0x10 [ 142.025236][ T6979] ? __pfx_vfs_write+0x10/0x10 [ 142.025264][ T6979] ? __fget_files+0x215/0x3d0 [ 142.025303][ T6979] ? __fget_files+0x21f/0x3d0 [ 142.025343][ T6979] ksys_write+0x12a/0x250 [ 142.025372][ T6979] ? __pfx_ksys_write+0x10/0x10 [ 142.025413][ T6979] do_syscall_64+0x106/0xf80 [ 142.025441][ T6979] ? clear_bhb_loop+0x40/0x90 [ 142.025479][ T6979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.025509][ T6979] RIP: 0033:0x7fabd199c819 [ 142.025533][ T6979] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 142.025562][ T6979] RSP: 002b:00007fabd28d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 142.025588][ T6979] RAX: ffffffffffffffda RBX: 00007fabd1c15fa0 RCX: 00007fabd199c819 [ 142.025607][ T6979] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 142.025624][ T6979] RBP: 00007fabd1a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 142.025641][ T6979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 142.025658][ T6979] R13: 00007fabd1c16038 R14: 00007fabd1c15fa0 R15: 00007ffd5c243138 [ 142.025697][ T6979] [ 142.875792][ T6986] FAULT_INJECTION: forcing a failure. [ 142.875792][ T6986] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 142.909864][ T6986] CPU: 0 UID: 0 PID: 6986 Comm: syz.0.222 Tainted: G L syzkaller #0 PREEMPT(full) [ 142.909916][ T6986] Tainted: [L]=SOFTLOCKUP [ 142.909926][ T6986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 142.909941][ T6986] Call Trace: [ 142.909950][ T6986] [ 142.909961][ T6986] dump_stack_lvl+0x100/0x190 [ 142.910008][ T6986] should_fail_ex.cold+0x5/0xa [ 142.910040][ T6986] ? __pfx_hub_ioctl+0x10/0x10 [ 142.910074][ T6986] _copy_to_user+0x32/0xd0 [ 142.910110][ T6986] ? __pfx_hub_ioctl+0x10/0x10 [ 142.910144][ T6986] proc_ioctl+0x51d/0x6f0 [ 142.910182][ T6986] usbdev_ioctl+0x1017/0x3aa0 [ 142.910224][ T6986] ? __pfx_usbdev_ioctl+0x10/0x10 [ 142.910268][ T6986] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 142.910300][ T6986] ? do_vfs_ioctl+0x226/0x13e0 [ 142.910341][ T6986] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 142.910392][ T6986] ? find_held_lock+0x2b/0x80 [ 142.910419][ T6986] ? __fget_files+0x215/0x3d0 [ 142.910445][ T6986] ? hook_file_ioctl_common+0x146/0x410 [ 142.910488][ T6986] ? __fget_files+0x21f/0x3d0 [ 142.910522][ T6986] ? __pfx_usbdev_ioctl+0x10/0x10 [ 142.910560][ T6986] __x64_sys_ioctl+0x18e/0x210 [ 142.910604][ T6986] do_syscall_64+0x106/0xf80 [ 142.910630][ T6986] ? clear_bhb_loop+0x40/0x90 [ 142.910664][ T6986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.910692][ T6986] RIP: 0033:0x7f816c99c819 [ 142.910714][ T6986] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 142.910740][ T6986] RSP: 002b:00007f816d7b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 142.910767][ T6986] RAX: ffffffffffffffda RBX: 00007f816cc15fa0 RCX: 00007f816c99c819 [ 142.910786][ T6986] RDX: 00002000000001c0 RSI: 00000000c0105512 RDI: 0000000000000003 [ 142.910804][ T6986] RBP: 00007f816d7b9090 R08: 0000000000000000 R09: 0000000000000000 [ 142.910820][ T6986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.910837][ T6986] R13: 00007f816cc16038 R14: 00007f816cc15fa0 R15: 00007ffce4020018 [ 142.910874][ T6986] [ 143.696706][ T6995] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 143.703944][ T6995] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 143.784475][ T6995] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 143.876574][ T6995] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 143.882614][ T6995] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 144.069581][ T6995] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 144.084832][ T6995] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 144.103448][ T6995] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 144.118034][ T6995] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 144.150836][ T6995] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 144.165753][ T6995] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 144.260957][ T6995] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 145.064723][ T7026] FAULT_INJECTION: forcing a failure. [ 145.064723][ T7026] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 145.079717][ T7026] CPU: 0 UID: 0 PID: 7026 Comm: syz.0.232 Tainted: G L syzkaller #0 PREEMPT(full) [ 145.079755][ T7026] Tainted: [L]=SOFTLOCKUP [ 145.079763][ T7026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 145.079776][ T7026] Call Trace: [ 145.079783][ T7026] [ 145.079792][ T7026] dump_stack_lvl+0x100/0x190 [ 145.079832][ T7026] should_fail_ex.cold+0x5/0xa [ 145.079863][ T7026] _copy_from_user+0x2e/0xd0 [ 145.079899][ T7026] kstrtouint_from_user+0xd6/0x1d0 [ 145.079942][ T7026] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 145.079983][ T7026] ? __lock_acquire+0x4a5/0x2630 [ 145.080023][ T7026] ? lock_acquire+0x1cf/0x380 [ 145.080067][ T7026] proc_fail_nth_write+0x83/0x220 [ 145.080103][ T7026] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 145.080148][ T7026] vfs_write+0x2aa/0x1070 [ 145.080177][ T7026] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 145.080214][ T7026] ? __pfx_vfs_write+0x10/0x10 [ 145.080240][ T7026] ? __fget_files+0x215/0x3d0 [ 145.080276][ T7026] ? __fget_files+0x21f/0x3d0 [ 145.080314][ T7026] ksys_write+0x12a/0x250 [ 145.080339][ T7026] ? __pfx_ksys_write+0x10/0x10 [ 145.080378][ T7026] do_syscall_64+0x106/0xf80 [ 145.080405][ T7026] ? clear_bhb_loop+0x40/0x90 [ 145.080445][ T7026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.080473][ T7026] RIP: 0033:0x7f816c95d04e [ 145.080495][ T7026] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 145.080519][ T7026] RSP: 002b:00007f816d7b8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 145.080545][ T7026] RAX: ffffffffffffffda RBX: 00007f816d7b96c0 RCX: 00007f816c95d04e [ 145.080564][ T7026] RDX: 0000000000000001 RSI: 00007f816d7b90a0 RDI: 0000000000000004 [ 145.080580][ T7026] RBP: 00007f816d7b9090 R08: 0000000000000000 R09: 0000000000000000 [ 145.080595][ T7026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.080611][ T7026] R13: 00007f816cc16038 R14: 00007f816cc15fa0 R15: 00007ffce4020018 [ 145.080648][ T7026] [ 145.747021][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 145.905766][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 146.145661][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 146.225643][ T5145] Bluetooth: hci3: command 0x0c1a tx timeout [ 147.825992][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 147.850260][ T7082] netlink: 338 bytes leftover after parsing attributes in process `syz.2.245'. [ 147.986245][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 148.127871][ T7089] ================================================================== [ 148.127900][ T7089] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 148.127956][ T7089] Write of size 8 at addr ffffc90004709000 by task syz.3.247/7089 [ 148.127981][ T7089] [ 148.127997][ T7089] CPU: 1 UID: 0 PID: 7089 Comm: syz.3.247 Tainted: G L syzkaller #0 PREEMPT(full) [ 148.128037][ T7089] Tainted: [L]=SOFTLOCKUP [ 148.128105][ T7089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 148.128123][ T7089] Call Trace: [ 148.128132][ T7089] [ 148.128149][ T7089] dump_stack_lvl+0x100/0x190 [ 148.128193][ T7089] print_report+0x156/0x4c9 [ 148.128234][ T7089] ? _raw_spin_lock_irqsave+0x52/0x60 [ 148.128276][ T7089] ? __virt_addr_valid+0x81/0x620 [ 148.128315][ T7089] ? sys_imageblit+0x19fb/0x1d60 [ 148.128358][ T7089] kasan_report+0xdf/0x1e0 [ 148.128391][ T7089] ? sys_imageblit+0x19fb/0x1d60 [ 148.128444][ T7089] sys_imageblit+0x19fb/0x1d60 [ 148.128492][ T7089] ? __pfx_sys_imageblit+0x10/0x10 [ 148.128541][ T7089] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 148.128577][ T7089] soft_cursor+0x524/0xa10 [ 148.128621][ T7089] ? fb_get_color_depth+0x120/0x250 [ 148.128657][ T7089] bit_cursor+0xe58/0x16f0 [ 148.128695][ T7089] ? __pfx_bit_cursor+0x10/0x10 [ 148.128731][ T7089] ? trace_sched_exit_tp+0x13a/0x180 [ 148.128771][ T7089] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 148.128807][ T7089] ? get_color+0x1da/0x450 [ 148.128836][ T7089] ? __pfx_bit_cursor+0x10/0x10 [ 148.128876][ T7089] fbcon_cursor+0x43c/0x5e0 [ 148.128907][ T7089] ? gcd+0x9a/0x270 [ 148.128935][ T7089] fbcon_scroll+0x21f/0x650 [ 148.128970][ T7089] con_scroll+0x464/0x690 [ 148.129017][ T7089] lf+0x26e/0x2c0 [ 148.129063][ T7089] ? __pfx_lf+0x10/0x10 [ 148.129106][ T7089] do_con_write+0xce0/0x8540 [ 148.129143][ T7089] ? __pfx_do_con_write+0x10/0x10 [ 148.129178][ T7089] con_write+0x23/0xb0 [ 148.129204][ T7089] n_tty_write+0xb6f/0x12d0 [ 148.129247][ T7089] ? __pfx_n_tty_write+0x10/0x10 [ 148.129278][ T7089] ? __pfx_woken_wake_function+0x10/0x10 [ 148.129321][ T7089] ? __pfx___might_resched+0x10/0x10 [ 148.129363][ T7089] ? __pfx_n_tty_write+0x10/0x10 [ 148.129393][ T7089] file_tty_write.isra.0+0x4d2/0x890 [ 148.129440][ T7089] redirected_tty_write+0xd4/0x120 [ 148.129482][ T7089] vfs_write+0x6ac/0x1070 [ 148.129510][ T7089] ? __pfx_redirected_tty_write+0x10/0x10 [ 148.129562][ T7089] ? __pfx_vfs_write+0x10/0x10 [ 148.129587][ T7089] ? find_held_lock+0x2b/0x80 [ 148.129625][ T7089] ksys_write+0x12a/0x250 [ 148.129652][ T7089] ? __pfx_ksys_write+0x10/0x10 [ 148.129684][ T7089] do_syscall_64+0x106/0xf80 [ 148.129708][ T7089] ? clear_bhb_loop+0x40/0x90 [ 148.129740][ T7089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.129769][ T7089] RIP: 0033:0x7fabd199c819 [ 148.129792][ T7089] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 148.129818][ T7089] RSP: 002b:00007fabd28d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 148.129843][ T7089] RAX: ffffffffffffffda RBX: 00007fabd1c15fa0 RCX: 00007fabd199c819 [ 148.129861][ T7089] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 148.129877][ T7089] RBP: 00007fabd1a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 148.129892][ T7089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.129909][ T7089] R13: 00007fabd1c16038 R14: 00007fabd1c15fa0 R15: 00007ffd5c243138 [ 148.129936][ T7089] [ 148.129946][ T7089] [ 148.129953][ T7089] The buggy address belongs to a vmalloc virtual mapping [ 148.129970][ T7089] Memory state around the buggy address: [ 148.129983][ T7089] ffffc90004708f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 148.130011][ T7089] ffffc90004708f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 148.130030][ T7089] >ffffc90004709000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 148.130052][ T7089] ^ [ 148.130068][ T7089] ffffc90004709080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 148.130088][ T7089] ffffc90004709100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 148.130103][ T7089] ================================================================== [ 148.130928][ T7089] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 148.130955][ T7089] CPU: 1 UID: 0 PID: 7089 Comm: syz.3.247 Tainted: G L syzkaller #0 PREEMPT(full) [ 148.131002][ T7089] Tainted: [L]=SOFTLOCKUP [ 148.131013][ T7089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 148.131030][ T7089] Call Trace: [ 148.131039][ T7089] [ 148.131072][ T7089] dump_stack_lvl+0x100/0x190 [ 148.131120][ T7089] vpanic+0x552/0x970 [ 148.131147][ T7089] ? __pfx_vpanic+0x10/0x10 [ 148.131175][ T7089] ? mark_held_locks+0x40/0x70 [ 148.131213][ T7089] ? sys_imageblit+0x19fb/0x1d60 [ 148.131255][ T7089] panic+0xd1/0xe0 [ 148.131281][ T7089] ? __pfx_panic+0x10/0x10 [ 148.131315][ T7089] check_panic_on_warn.cold+0x19/0x34 [ 148.131345][ T7089] end_report.part.0+0x3a/0x90 [ 148.131383][ T7089] kasan_report.cold+0xe/0x18 [ 148.131422][ T7089] ? sys_imageblit+0x19fb/0x1d60 [ 148.131471][ T7089] sys_imageblit+0x19fb/0x1d60 [ 148.131521][ T7089] ? __pfx_sys_imageblit+0x10/0x10 [ 148.131571][ T7089] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 148.131607][ T7089] soft_cursor+0x524/0xa10 [ 148.131646][ T7089] ? fb_get_color_depth+0x120/0x250 [ 148.131725][ T7089] bit_cursor+0xe58/0x16f0 [ 148.131765][ T7089] ? __pfx_bit_cursor+0x10/0x10 [ 148.131795][ T7089] ? trace_sched_exit_tp+0x13a/0x180 [ 148.131828][ T7089] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 148.131856][ T7089] ? get_color+0x1da/0x450 [ 148.131881][ T7089] ? __pfx_bit_cursor+0x10/0x10 [ 148.131916][ T7089] fbcon_cursor+0x43c/0x5e0 [ 148.131957][ T7089] ? gcd+0x9a/0x270 [ 148.131981][ T7089] fbcon_scroll+0x21f/0x650 [ 148.132012][ T7089] con_scroll+0x464/0x690 [ 148.132063][ T7089] lf+0x26e/0x2c0 [ 148.132102][ T7089] ? __pfx_lf+0x10/0x10 [ 148.132147][ T7089] do_con_write+0xce0/0x8540 [ 148.132184][ T7089] ? __pfx_do_con_write+0x10/0x10 [ 148.132219][ T7089] con_write+0x23/0xb0 [ 148.132245][ T7089] n_tty_write+0xb6f/0x12d0 [ 148.132287][ T7089] ? __pfx_n_tty_write+0x10/0x10 [ 148.132321][ T7089] ? __pfx_woken_wake_function+0x10/0x10 [ 148.132367][ T7089] ? __pfx___might_resched+0x10/0x10 [ 148.132411][ T7089] ? __pfx_n_tty_write+0x10/0x10 [ 148.132446][ T7089] file_tty_write.isra.0+0x4d2/0x890 [ 148.132497][ T7089] redirected_tty_write+0xd4/0x120 [ 148.132543][ T7089] vfs_write+0x6ac/0x1070 [ 148.132572][ T7089] ? __pfx_redirected_tty_write+0x10/0x10 [ 148.132619][ T7089] ? __pfx_vfs_write+0x10/0x10 [ 148.132646][ T7089] ? find_held_lock+0x2b/0x80 [ 148.132685][ T7089] ksys_write+0x12a/0x250 [ 148.132710][ T7089] ? __pfx_ksys_write+0x10/0x10 [ 148.132744][ T7089] do_syscall_64+0x106/0xf80 [ 148.132778][ T7089] ? clear_bhb_loop+0x40/0x90 [ 148.132812][ T7089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.132842][ T7089] RIP: 0033:0x7fabd199c819 [ 148.132865][ T7089] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 148.132894][ T7089] RSP: 002b:00007fabd28d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 148.132922][ T7089] RAX: ffffffffffffffda RBX: 00007fabd1c15fa0 RCX: 00007fabd199c819 [ 148.132943][ T7089] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 148.132961][ T7089] RBP: 00007fabd1a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 148.132980][ T7089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.132998][ T7089] R13: 00007fabd1c16038 R14: 00007fabd1c15fa0 R15: 00007ffd5c243138 [ 148.133027][ T7089] [ 148.133455][ T7089] Kernel Offset: disabled