last executing test programs: 9.679110033s ago: executing program 2 (id=539): close_range$auto(0x0, 0xffffffffffffffff, 0x2) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000040)=0x5) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x1d, 0x2, 0x6) write$auto(0x3, 0x0, 0xfdef) cachestat$auto(0xffffffffffffffff, 0x0, 0x0, 0xab18) io_uring_setup$auto(0x1, 0x0) mremap$auto(0x0, 0xfffffffffffffff8, 0x4, 0x7, 0x100000000) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x123801, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x502, 0x0) sendfile$auto(r1, r1, 0x0, 0x4a00) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) userfaultfd$auto(0x1) close_range$auto(0x2, 0x8, 0x0) 8.455804564s ago: executing program 2 (id=544): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x59, &(0x7f0000000100)={0x0, 0x1d, 0x3000, 0x6, 0x6, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0xe63c, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c2, 0x8000c, 0x100000000}}) r1 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffbfffd}, 0xffff}, 0x4000, 0x20000043) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x3, 0x2020009, 0x3, 0xeb1, r1, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x2, 0x0) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x2, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f00000001c0), 0xffffffffffffffff) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') write$auto(0xffffffffffffffff, 0x0, 0x8000007f) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram8\x00', 0x16fa02, 0x0) sendfile$auto(0x3, r2, 0x0, 0x400000000006) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/kernel/task_delayacct\x00', 0x80282, 0x0) rt_sigsuspend$auto(0x0, 0x8) shutdown$auto(0x200000003, 0x2) 7.027495682s ago: executing program 3 (id=546): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/jbd2/sda1-8/info\x00', 0x2, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto(r1, 0x80004507, 0x10000000000402) r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) read$auto_sco_debugfs_fops_(r2, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyua\x00', 0x20804, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f0000000200)={[0x80000000008, 0xffffffffffffff4b, 0x100000001, 0x15, 0x8001, 0x1, 0x9, 0x5, 0x8, 0x40000000000000, 0x3, 0x8000000008, 0xfffffffffffffffa, 0xab, 0x2, 0x9]}, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) sendmsg$auto_NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="69040000", @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf258100000021005a804bed55eebb4dbd2afe44514b8e0c00f800030000000000000004000900000000"], 0x38}, 0x1, 0x0, 0x0, 0x2000c8d1}, 0xc885) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) socket(0x2, 0x5, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x3, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 6.24354741s ago: executing program 3 (id=550): openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x8602, 0x0) mmap$auto(0x1, 0xe983, 0x8, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r1) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x3c, r2, 0x1, 0x70bd26, 0x25dfdbf7, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x2000c840) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x80802, 0x0) ioctl$auto(r3, 0x800064bd, r3) mmap$auto(0x0, 0x400006, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r4, 0x2275, r0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) ioctl$auto_RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, 0x0) connect$auto(0x3, 0x0, 0x54) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) sendmsg$auto_NL80211_CMD_DEL_INTERFACE(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r5, 0x330, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_DISABLE_HT={0x4}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x9}, @NL80211_ATTR_DISABLE_EHT={0x4}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c080}, 0x24000004) r6 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/profile\x00', 0x406080, 0x0) ioctl$auto(r6, 0x9, 0xffffffffffffffff) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mounts\x00', 0x40000, 0x0) r7 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/dev_snmp6/team_slave_1\x00', 0x40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r7, &(0x7f00000000c0)=""/86, 0x56) 6.103828147s ago: executing program 0 (id=551): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r0, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) mremap$auto(0x1ff000, 0xff, 0x843, 0x3, 0xfffff000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x7fffffffffffffff) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x1, 0x0, 0x80000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0xfffff000, 0x4, 0x1, 0x7, 0x1ff000) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r2) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0x481, 0x0) bind$auto(r1, 0x0, 0x6a) 5.639655669s ago: executing program 2 (id=552): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x22a02, 0x0) setsockopt$auto_SO_ERROR(r0, 0x7ff, 0x4, 0x0, 0x7f) mremap$auto(0x200001000000, 0x4, 0x4, 0x3, 0x100000000) statmount$auto(&(0x7f0000000100)={0x4, @raw=0x7, 0x8, 0x1, 0x3}, &(0x7f0000000280)={0x8, 0x90, 0x9, 0x7, 0x7fff, 0x4, 0x5, 0xfc6, 0x8, 0x8, 0xffffff00, 0x8, 0x8, 0x8, 0x7, 0x4, 0x1, 0xffffffff, 0x0, 0x1, 0x1, 0x4, 0x7, 0xfffffffc, 0xf, 0x0, 0x7, 0x1ff, 0xfff, 0x1ff, 0x1, [0x28, 0xffff, 0x0, 0x2, 0x2, 0x9, 0x5, 0x3, 0x9, 0x5d, 0x8000, 0xfd, 0x4, 0x100, 0x7, 0x3, 0x9, 0x2, 0x10000, 0x2c, 0x1, 0x4, 0xfffffffffffffffe, 0x1000, 0x1ff, 0x6, 0x0, 0x1, 0x0, 0x56c, 0x7f, 0x5, 0x0, 0x100, 0x1ce8, 0x2f, 0x8, 0x0, 0xffffffff, 0x8, 0x8, 0x6, 0x6], "86b8ce4a56fcdcf8527ac03c7a023092fbb606fffb4278444c6ef03a7cbb31f2b07eeaa296fb496a7dc036818cf980551a44f36a82149dab2cfddddda509d794dcf03b494e565f670dfff902034ff090b0517b002017687788f177341a6433ef545d98343636d330698b0a636adab5a7f819148150e9cc137eb635e52c27bfde905851f429655210fdfe2605c4935853ee3b1cf871"}, 0xffff, 0x66) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ram2\x00', 0x200000, 0x0) ioctl$auto_BLKPG(r4, 0x1269, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x3c, r3, 0x1b, 0x70bc26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0x11, 0x0, 0x0, @fd=r2}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0x0, 0x810004, 0xffa, 0x8000000008011, r1, 0x8000) madvise$auto(0x0, 0x400053, 0x9) futex$auto(&(0x7f00000000c0)=0x1, 0x8c, 0x1, 0x0, 0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket(0x15, 0x5, 0x0) clock_getres$auto(0x2, &(0x7f0000000140)={0x8001, 0x5}) getsockopt$auto(r5, 0x114, 0x2714, 0xfffffffffffffffc, 0x0) r6 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) write$auto_sg_fops_sg(r6, &(0x7f0000000240)="4a020000a000000000000000000000000700924d1b3c5d2e00000000fdd2adc245a4fe3a61af156016d2e122228118b035ab", 0x32) r7 = signalfd$auto(0xffffffffffffffff, 0x0, 0x8) flock$auto(r7, 0x8) 5.215520355s ago: executing program 1 (id=553): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/net/bond0/bonding/arp_all_targets\x00', 0x140b02, 0x0) mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r1, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac413855"], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c001b"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000380)=' U\x15\xa2t\xe0\x1b\xb0\xff\xe8\x91@\x88\n\x92\xf1rL\x9c\rg-\xcc]\x0e\x06\x03\a0k\x85&YS\xb0;\xfd\xd6\x0eH\xb3 \xc2`\xbc\xec\f\xd0\x97\x19\xa6Y\xb0\x15Z/\xe2\xc3\x8e\xc1\xa7v\xe3\xc3\xb0d\x86\x8f\x86\x14S\xdc\xe2G\xb5\x8dN%\x84\xa3\xb4\xb8!\xf9\x01=4T\xb2\xff\xb6\x9dx\x1e\x8dU\xbe*\xa5\xe4q\xd23\xdf\xcce\x17\xc1WX\x0e\xb5\x16\xe6>R\x1b\xf6', 0x6) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x2003f2, 0x15) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/platform/dummy_hcd.6/usb7/bNumConfigurations\x00', 0x80000, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptypb\x00', 0x448c40, 0x0) read$auto(r3, &(0x7f0000000240)='^{-!S\x97\xa7\xb1\x8ai\xcd\xc8\xc8\xc4Gs\b\xaa\x9c~{\x8f\\g\x0e\x91n{`\x9d\x9d\xb4\xb2\xd8f\xd7\x18<\x9a\xc0\xf2{\x8f\xdb\xb8>;\xaf\xc4%\x14\xd3\xe7\xdb\xe7\x19>*\x830e}#\xd3\xf6\xed%\xb9\xcd\x99\t\a#Mx\xc7&j\xe36e5\x95\x84\xf8\x8fR\xc4\xe2\'.\xc3l\xf5E\xd5?\xf2\f\x93\xbb\x0f\x84\xe2\xbbZ\x92\x96iIxz7\x1dS\xef\x97\xe3\xceT\xef\x057\x1as1s\xc7\xad\xe3\xcd\x1b^?\r\xd7\xb6\xfb\x87\x05\x9e\xd6\xb5e\xfd\x01\x16<\x1b\x89H}x\xc1^\xf4Q>\xdb*\xa6\xdb8n\xb8\xcf\xa7\xed\xef\\\xd0Z\xbck\xec!?\x97\x96s\xa5\x7f\x97\xa79e\';\xf3\x0f\xf5\x17&\x1dx\xfa\xc6\xc1\xc5\xde\xb6\xbcJ\xca\xc3\x185;\'Rq\xa8\xd8\x9a\xe8\xd7\"\xa2b\nq\xc6\xbd\xc0xf\xfc\x03\xbc\xae+\v\xa9B\xe9\xcd\x7f\xe2\x97\x10U\x9c\x92\x18\xe2*|2<\xc4\xc3\xa1\x98\xab\xa8\xb7\xe5l\x91\x81\xe7\x98-\xeb&\xd1\xd2X\x05\xfa\x04\x92\xc7K[\xd1Sc5\xef_', 0x2000000000d) r4 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x582, 0x0) write$auto_console_fops_tty_io(r4, &(0x7f0000001240)='4', 0x1) madvise$auto(0x0, 0x1010001, 0x100000003) sendfile$auto(r0, r0, 0x0, 0x3) 4.994898546s ago: executing program 3 (id=554): unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa142, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) mmap$auto(0x4000000000, 0x40000c, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/kernel/perf_event_max_stack\x00', 0x143402, 0x0) write$auto(r0, &(0x7f0000000000)='[-%\x00', 0x4) socket(0x2, 0x80002, 0x73) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_STATUS64(0xffffffffffffffff, 0x80605414, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r1, 0x80e85411, &(0x7f0000000100)={0x0, 0x3c, "3c472d82985a6d8a7758f94e538f5e778acad8a5ed692781c02d5ac4a9828854d97ff00487cce6da6ccfd50b68fc2cfe005c66bcefe3b415e6fa3540acc68328", "8a426eb5b7e0ea2e2f7039affc57c4e415250f4c31da3226515bf5a54075ef883c5fce5e5e4e312f8f2fbe4f48f89499040ac4691d6e930b6fe46ddcb257e72cfecbaa8ab21f9da75eb1c4a40bd74332", 0x7, 0x6, "e871062511110b20c6d147cea85d544bd0924f21a95f277ca86339e4fbe8f2b0dc5ebadf39b5f87d99d26106811b6645a80701e9dce265626d863317b7bc0e10"}) r2 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, 0x0, 0x2641, 0x0) msync$auto(0x7, 0xfffffffffffffffb, 0xf53) write$auto(r2, 0x0, 0x1) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x0, 0x0) ioctl$auto(r3, 0x4b45, 0xffffffffffffffff) 4.858073019s ago: executing program 2 (id=555): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="3677a166f66b78b348947171577880ed20000000", @ANYRES16=r1], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x4004040) mmap$auto(0x100000, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) pidfd_open$auto(0x1, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x20000, 0x0) timer_create$auto(0x9, 0x0, 0x0) socket(0x8, 0x80000, 0x100) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000340)='/dev/tty41\x00', 0x68000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x400007, 0x6d3f, 0x6, 0x81]}, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1fb, 0x7, 0xfffffffffffffffd, 0xc40, 0x4, 0x3, 0x3, 0x3, 0x3, 0x1ff, 0x416, 0x0, 0x6d3c, 0x1000000000000003, 0x2, 0x9]}, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x7fff, 0x0, 0xf) read$auto(0x3, 0x0, 0x80) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r4 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/memory.force_empty\x00', 0xa001, 0x0) write$auto(r5, &(0x7f0000000000)='3\xc7\xff\xff\xff\xdd\x00\b(Ks\x0f\x87|P\x11\xd1li0\x89\x85\x90QM\xd6wfF\xf1x\xb3;c\tP\x03\x84\x97\x99\x83\x97\x81:\xf3\xa3o5\xc5\x86\xed\xa4\x18]\xa3\xc9\x0f\xff\xdak\xb0m\xe1U\xb3\xa2\xee\xdcTJQO\x98\xc8w\x8c\xe7\x00\x00\x00\x1dj\x1e\xebQT\xdd\x9b\x00'/101, 0x9) sendmsg$auto_TIPC_NL_KEY_FLUSH(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000800)={&(0x7f0000000480)=ANY=[@ANYBLOB='XC\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082cbd7000ffdbdf25180000003f010580160025002f6465762f736e642f70636d433144306300000094ab9bdcbd626d78634f2b40e13d8d7d90a41f1619d169271e720e5e06444cfb3ec07fd753072752582fc6b29d35d8c2a6f4590c000d00ff00000000000000e400398004003e8004007c800400410008005d00", @ANYRES32=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYRES64=r3, @ANYRES32, @ANYRES64=r4], 0x358}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) 4.16140272s ago: executing program 0 (id=556): r0 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) ioctl$auto_NVRAM_SETCKS(r0, 0x7041, 0x0) openat$auto_rfcomm_sock_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x40040, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/tty/ttyy7/power/runtime_suspended_time\x00', 0x0, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) clock_nanosleep$auto(0x9, 0x0, &(0x7f0000000000)={0xe, 0x802b95}, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram13\x00', 0x1e3a02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) socket(0x11, 0x3, 0x9) r1 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x101, 0x0) ioctl$auto(r1, 0x6f41, 0x38) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000080)="6c5c5321237032f416f982d90e75a36b4c1425b7cbb9e35dc73edc4381483c045b5b22942b191240f50e88a29729a791ba3404525bfe57e54557defb98c96d0c0c0e1d15dda7341022e60c000c0c32364876faf92daf70d35b0c944ecb5edc9305a3bf3a142a1a4bc96377e34df955abe6532b1253c6c0d785e7") recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) write$auto(0x3, 0x0, 0xfdef) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) 3.676317798s ago: executing program 1 (id=557): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x10, 0x2, 0x14) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x7) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x7) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r0], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 3.377552168s ago: executing program 1 (id=558): r0 = socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x10, 0x2, 0x0) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r2 = socket(0x2, 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) bind$auto(r2, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x175801, 0x0) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x6a, 0x85fa, 0x0, 0x0) socketpair$auto(0x10401e, 0x5, 0xfffffffc, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_WOWLAN(r0, 0x0, 0x80) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) close_range$auto(0x2, 0x8, 0x0) 2.948171267s ago: executing program 0 (id=559): r0 = socket(0x2, 0x80002, 0x73) semctl$auto(0x2, 0x5, 0x13, 0x9) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x4000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) sysfs$auto(0x2, 0x23, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x840, 0x0) ioctl$auto(r1, 0x5608, 0x7) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x14, 0x0, 0x4) sendto$auto(r2, 0x0, 0x13, 0xc, &(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x3, {{0x41, 0x4}, 0x2}}, 0x1e) fcntl$auto_F_OFD_GETLK(r0, 0x24, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x1, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r3 = openat$auto_null_fops_mem(0xffffffffffffff9c, &(0x7f0000002480), 0x8640, 0x0) read$auto_null_fops_mem(r3, 0x0, 0x0) r4 = socket(0x2a, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/cx231xx/uevent\x00', 0x208200, 0x0) ioctl$auto(r4, 0xc5d8, r0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:04.0/resource0\x00', 0xc0082, 0x0) fsconfig$auto_HIDEPID_INVISIBLE(r5, 0x59, &(0x7f0000000000)='\x00', &(0x7f0000000040)="1255f164f3565e22bf4ca21f2151983d452a155330e1765d270d11c0e88a2e625c150779cad88de2cabfc5b92a2e7c2257c214de6b185801264a20507f59f8782e67146698190b544f860efa101302ef3c4b2e6b6004b05bb2a591b2b04125d4ee5f2e15f839280c943129d1d4c3d2fcd8fe3b82b162157db4", 0x2) write$auto(r5, &(0x7f0000000280)='\adev/audio\x92\xce\r$D\xa8g\xe8$n\xeep\xd9\xdbU\x87M\xe3}\x1a\xdf\xeczY\xc3\xcf\xb0\xa4\x90\xdat\x16\x03\xf16\x16W\a\x00\xd2V\x00p\xb3\x04\x00\x84\x9c\'\x14\as\xce\xc6\x92', 0x804) 2.924703311s ago: executing program 3 (id=560): r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) process_madvise$auto_MADV_PAGEOUT(r0, &(0x7f0000000180)={0x0, 0x3}, 0x1, 0x15, 0x5) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) select$auto(0xd, 0x0, &(0x7f0000000400)={[0x3, 0x200000000005, 0x7, 0x7, 0x0, 0x80000000000000, 0xc, 0x6, 0x0, 0xb82, 0xe34c, 0x8000, 0x3, 0xfffffffffffff954, 0xfffffffffffffff4, 0xfff]}, 0x0, &(0x7f0000000080)={0x80000000000201, 0x401}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) write$auto(0xffffffffffffffff, &(0x7f0000000180)='7\x00\xe6\xeaA\r\nW\xa6&\xff\xff\f\x00\x00\x00\xff\x00\x00\x00\x00\x00\x1f\xde\x00\x00\x00\x00\x00\x00\x00', 0x9) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0xe01, 0x0) setresgid$auto(0xffffffffffffffff, 0xee00, 0x0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r1, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2T\xc0\x1d\xa4\x10r\xc4\xa2\xb1y\t\x05\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xed\rW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1', 0x100000001) write$auto(0xffffffffffffffff, &(0x7f0000001440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3\xb8\xc0\x1f\xe6\x9f\x9cy\xa9\xad\x96\x19Fy\x11}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdf\x17\xe4\xcbA\xa5[\x1aG\xa6\x94\xe0\xdf\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(W| \xce\xcc\xdd%\xcf\xab\xa8\xafhM\x0f%\xc4C9~\xfe\x02]\xedVfQ', 0xf) write$auto(r1, &(0x7f0000000080)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec29\x00', 0x900, 0x0) 2.692864595s ago: executing program 2 (id=561): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv6/conf/nlmon0/addr_gen_mode\x00', 0xa02, 0x0) unshare$auto(0x40000080) mmap$auto(0x7, 0x40009, 0x9, 0x9b71, 0xffffffffffffffff, 0x4028000) sendto$auto(0xffffffffffffffff, 0x0, 0x80000000000401, 0x6358c0, 0x0, 0x1c) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) getsockopt$auto_SO_RCVTIMEO_OLD(0xffffffffffffffff, 0x6, 0x14, 0x0, &(0x7f0000000080)=0xe) pidfd_getfd$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000000040)="9bbf5f", 0x3) socket(0x10, 0x7, 0xf) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x2, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7e}, 0x40000000000009) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x50}, 0xc800) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) bpf$auto_BPF_MAP_CREATE(0x0, 0x0, 0x4) msync$auto(0x80000000, 0x2, 0x1c) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, &(0x7f0000000200)=&(0x7f00000001c0)=':,\x00') r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 2.567239865s ago: executing program 0 (id=562): setitimer$auto_ITIMER_REAL(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, 0x0, 0x1000) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioprio_get$auto(0x3, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) write$auto(r1, 0x0, 0x81) write$auto(0x3, 0x0, 0xfffffdef) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r2, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r2) read$auto(r2, &(0x7f0000000000)='\x00', 0x91e2) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40d1}, 0x0) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f00000000c0), 0xffffffff}, 0x6, 0x0) r4 = io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x6, 0x2, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0xff, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x76c5, 0x400005, 0x100000005}}) io_uring_enter$auto(r4, 0x9, 0x820e, 0x8b, 0x0, 0x18) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) 2.220988394s ago: executing program 1 (id=563): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) set_mempolicy$auto(0x2005, 0x0, 0x4) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x5, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) listmount$auto(&(0x7f0000000080)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x8}, 0x0, 0xf4240, 0x1) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mac80211_hwsim/hwsim1/net/wlan1/mtu\x00', 0x10b042, 0x0) sendfile$auto(r0, r0, 0x0, 0x2) ioctl$auto_VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000000)={0xfffffc00, 0xffffffffffffffff}) ioctl$auto(0xffffffffffffffff, 0x0, r1) r2 = landlock_create_ruleset$auto(&(0x7f0000000040)={0xdaa0, 0x1, 0x10}, 0x9, 0x0) landlock_restrict_self$auto(r2, 0xb) io_uring_setup$auto(0x59, &(0x7f0000000340)={0x7fffffff, 0xd, 0x2, 0x4, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_enter$auto(0x3, 0x5, 0xfffffffb, 0x3, 0x0, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0x9, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x10040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x403c6f2c, 0x0) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) read$auto(0x3, 0x0, 0x80) setns(0xffffffffffffffff, 0x60020000) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0xfdf31875370e1716) 2.041775789s ago: executing program 0 (id=564): syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000680), 0xffffffffffffffff) ioctl$auto_TIOCGDEV2(0xffffffffffffffff, 0x80045432, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x0, 0x10000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x4040) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000600}, 0x6, 0x3, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) socket(0x15, 0x5, 0x0) prctl$auto(0x0, 0x2, 0x4, 0x5, 0x7) unshare$auto(0x40000080) 1.81098607s ago: executing program 2 (id=565): syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000680), 0xffffffffffffffff) ioctl$auto_TIOCGDEV2(0xffffffffffffffff, 0x80045432, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x0, 0x10000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x4040) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) socket(0x15, 0x5, 0x0) unshare$auto(0x40000080) 1.165943878s ago: executing program 3 (id=566): unshare$auto(0x40000080) prctl$auto(0x8, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44080}, 0x20048880) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x20000, 0x0) socket(0x28, 0x5, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x8001, 0x3, 0x3, 0x5, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xe, 0x5, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x5, 0x3, 0xfffffffffffffffc, 0x7, 0x80000000, 0x8000, 0xffffdfffffffff81, 0x4]}, 0x0) syz_clone(0x52000080, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000d40)) r1 = socket(0x2, 0x3, 0xa) statmount$auto(&(0x7f0000000340)={0x2b3e, @raw=0x78, 0x0, 0x54b, 0xffff}, &(0x7f0000000440)={0x316c, 0x85, 0x200, 0x0, 0x101, 0x7fff, 0x0, 0x4, 0x1f, 0x7f, 0x1, 0x6a5a373f, 0x9, 0x7, 0x3, 0x3, 0x80007, 0x6, 0x7f, 0x8, 0x80, 0x1e57, 0x0, 0x1d, 0xd9a3, 0xb49, 0x100000001, 0x6, 0xe36, 0x5fd3, 0x6f16, [0xc, 0x100, 0x5, 0xff, 0x5ec2, 0x6, 0x3, 0x100000000, 0x8001, 0x2, 0x2, 0x2, 0x5, 0x8, 0x0, 0x0, 0x15, 0x4, 0x2, 0x3, 0x5, 0x71751901, 0xa6d, 0x845, 0x0, 0xa00, 0x7, 0x8, 0x6, 0x2, 0x0, 0x6981, 0xab, 0x1, 0x4, 0x1, 0x9c, 0x835f, 0x3, 0x0, 0x0, 0x100000001, 0x7], "2d2330f20b0fb25bff28063e8064eae844fe39d0018ae83c95af9376e0c6553eb4dce1f9a359ada29df121379ed92e5e25e99b38ddf848c658743c68b165b927c0b8a407aa3106baf280d138ece53e109cacb9f8ac37ac3e52f9a82317163a7213fb32ed836bb12ca5cbee473cac5dfe74fa0e17ee5566d68659b390531c7d7516cb513fb834fb35bf3eccce838c51d9c72fcc5116458bb25575c6fe35f0dfdfdc085862d638fa325c6880834f7199b5d32c6813b42298dc6b364c8d8fa40bd5bcd7085c84105b982fadd27cb3398c43e3260847c104addb8fa212de574a03e360f458acc1f29ffe9e64fc89f6dd7886a1e80cd577009520"}, 0x80, 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000140), r1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.052597027s ago: executing program 1 (id=567): socket(0x11, 0x80003, 0x300) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/sys/net/sctp/rto_alpha_exp_divisor\x00', 0x900, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC0\x00', 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x28, 0x0, 0x808) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) mmap$auto(0x0, 0x3, 0xb, 0x3132, 0x4008df3, 0x0) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{&(0x7f0000000000), 0x406a37, 0x0, 0x4, 0x0, 0x3, 0x5}, 0x8}, 0xb, 0xdb22, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ipvlan1\x00'}) r1 = socket(0x2, 0xa, 0x0) sendmmsg$auto(r1, &(0x7f00000000c0)={{&(0x7f0000000000), 0xd1, &(0x7f0000000080)={0x0, 0x5e7}, 0x1, 0x0, 0x1, 0x3}, 0x6}, 0x5, 0x9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/compact_memory\x00', 0x80801, 0x0) mmap$auto(0x0, 0x20009, 0xb17a, 0xeb1, 0x3fd, 0x8000) write$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a9, 0x7) 286.532183ms ago: executing program 0 (id=568): timer_create$auto_CLOCK_TAI(0xb, 0x0, &(0x7f0000000fc0)=0xa) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x1000008003) unshare$auto(0x40000080) write$auto(0xca, 0x0, 0x7f) mmap$auto(0xb, 0x100004000c, 0x1000, 0x80000000000014, 0x7, 0x1ff) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) socket(0x1e, 0x1, 0x0) setsockopt$auto(0x3, 0x10f, 0x8a, 0x0, 0x12) r0 = socket(0x15, 0x5, 0x0) setsockopt$auto(r0, 0x114, 0x1005, 0x0, 0x7) rmdir$auto(0x0) r1 = io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) ioctl$auto_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) write$auto_tty_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000380)=""/11, 0xb) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0xfffffffffffffff8, 0x2, 0x64, 0x80000020, 0x100000001000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) poll$auto(&(0x7f0000000000)={r1}, 0x200, 0x8) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x7ff, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0x8001, 0xfffffffffffffffe, 0x80000000, 0x335b0eef, 0xffffdfffffffff81, 0x4]}, 0x0) 186.867503ms ago: executing program 3 (id=569): mmap$auto(0x3, 0x80002020009, 0x7, 0xfa, 0xffffffffffffffff, 0x400) syz_genetlink_get_family_id$auto_ovs_meter(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0x112, 0x80006) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) getsockopt$auto(0xffffffffffffffff, 0x84, 0x11, 0x0, &(0x7f0000000000)=0x28000000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/rds/tcp/rds_tcp_sndbuf\x00', 0xa802, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) r1 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0) read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000b40), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SETHMAC(r3, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000340)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x84) sendmsg$auto_SEG6_CMD_DUMPHMAC(r1, &(0x7f0000001040)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000001100)=ANY=[@ANYBLOB, @ANYRES16, @ANYRESDEC=0x0, @ANYRESDEC=r3], 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x4000004) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000001140)='/dev/snd/midiC2D2\x00', 0x1, 0x0) r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r4, &(0x7f0000000000)="c80d1b5d399b58", 0xfdef) mprotect$auto(0x200000000000, 0x806121, 0x8) landlock_create_ruleset$auto(&(0x7f0000000140)={0x100000daa0, 0x401, 0x9}, 0x7ffd, 0x0) pwrite64$auto(r0, &(0x7f0000001180)='C#\x00', 0x6, 0xe) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x3, 0x2) 0s ago: executing program 1 (id=570): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8001) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) select$auto(0x7, 0x0, &(0x7f0000000000)={[0x209c, 0x40, 0x8, 0x19, 0xffffffffffffeff7, 0x47, 0xc, 0x200000f, 0x0, 0x0, 0x12, 0xd59, 0x100000000101, 0x9b, 0x2, 0xffffffffffffffff]}, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0x9, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x403c6f2b, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rt_acct\x00', 0x840, 0x0) r1 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) open_by_handle_at$auto(r1, &(0x7f0000000040)={0x8, 0x2, '\v\x00\x00\x00\x00\x00\x00\x00'}, 0x3ffff) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) readv$auto(0x3, &(0x7f0000000040)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x100000000000029, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000080)='/proc/softirqs\x00', 0x682, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.65' (ED25519) to the list of known hosts. [ 75.096193][ T5610] cgroup: Unknown subsys name 'net' [ 75.185141][ T5610] cgroup: Unknown subsys name 'cpuset' [ 75.194333][ T5610] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.777657][ T5610] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.936316][ T5622] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.950955][ T5622] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.959244][ T5622] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.971856][ T5622] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.993469][ T5622] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.041123][ T5622] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.052312][ T5622] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.086405][ T5632] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.095896][ T5632] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.104469][ T5632] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.119946][ T5632] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.125275][ T5636] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.130468][ T5632] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.142921][ T5636] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.143860][ T5632] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.158782][ T5636] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.162961][ T5632] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.173992][ T5636] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.175177][ T5632] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.191299][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.548616][ T5621] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.557290][ T5621] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.567271][ T5621] bridge_slave_0: entered allmulticast mode [ 80.584810][ T5621] bridge_slave_0: entered promiscuous mode [ 80.615717][ T5621] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.625591][ T5621] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.633219][ T5621] bridge_slave_1: entered allmulticast mode [ 80.640311][ T5621] bridge_slave_1: entered promiscuous mode [ 80.710821][ T5621] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.740562][ T5621] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.802913][ T5621] team0: Port device team_slave_0 added [ 80.826643][ T5621] team0: Port device team_slave_1 added [ 80.902258][ T5630] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.909634][ T5630] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.917061][ T5630] bridge_slave_0: entered allmulticast mode [ 80.925132][ T5630] bridge_slave_0: entered promiscuous mode [ 80.932610][ T5626] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.939853][ T5626] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.947511][ T5626] bridge_slave_0: entered allmulticast mode [ 80.954760][ T5626] bridge_slave_0: entered promiscuous mode [ 80.973676][ T5621] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.980783][ T5621] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.006794][ T5621] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.018720][ T5630] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.026311][ T5630] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.033750][ T5630] bridge_slave_1: entered allmulticast mode [ 81.040979][ T5630] bridge_slave_1: entered promiscuous mode [ 81.048615][ T5626] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.055945][ T5626] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.063228][ T5626] bridge_slave_1: entered allmulticast mode [ 81.070269][ T5626] bridge_slave_1: entered promiscuous mode [ 81.086163][ T5621] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.093346][ T5621] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.122118][ T5632] Bluetooth: hci0: command tx timeout [ 81.123006][ T5621] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.167740][ T5625] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.176242][ T5625] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.184824][ T5625] bridge_slave_0: entered allmulticast mode [ 81.192312][ T5625] bridge_slave_0: entered promiscuous mode [ 81.201126][ T5625] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.208535][ T5625] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.215950][ T5625] bridge_slave_1: entered allmulticast mode [ 81.223308][ T5625] bridge_slave_1: entered promiscuous mode [ 81.252398][ T5636] Bluetooth: hci2: command tx timeout [ 81.258003][ T4940] Bluetooth: hci1: command tx timeout [ 81.264462][ T5632] Bluetooth: hci3: command tx timeout [ 81.280329][ T5626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.305172][ T5630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.327816][ T5626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.339910][ T5625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.351536][ T5630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.380543][ T5625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.415594][ T5621] hsr_slave_0: entered promiscuous mode [ 81.422344][ T5621] hsr_slave_1: entered promiscuous mode [ 81.461685][ T5630] team0: Port device team_slave_0 added [ 81.469953][ T5626] team0: Port device team_slave_0 added [ 81.477915][ T5625] team0: Port device team_slave_0 added [ 81.486393][ T5625] team0: Port device team_slave_1 added [ 81.494594][ T5630] team0: Port device team_slave_1 added [ 81.503442][ T5626] team0: Port device team_slave_1 added [ 81.596167][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.603513][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.629710][ T5625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.642474][ T5630] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.649554][ T5630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.676191][ T5630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.688120][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.695404][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.722571][ T5626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.740365][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.747659][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.773895][ T5625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.785812][ T5630] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.792907][ T5630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.819948][ T5630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.831957][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.839041][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.865527][ T5626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.992787][ T5625] hsr_slave_0: entered promiscuous mode [ 81.999684][ T5625] hsr_slave_1: entered promiscuous mode [ 82.006495][ T5625] debugfs: 'hsr0' already exists in 'hsr' [ 82.012329][ T5625] Cannot create hsr debugfs directory [ 82.059324][ T5630] hsr_slave_0: entered promiscuous mode [ 82.066285][ T5630] hsr_slave_1: entered promiscuous mode [ 82.073004][ T5630] debugfs: 'hsr0' already exists in 'hsr' [ 82.078804][ T5630] Cannot create hsr debugfs directory [ 82.092494][ T5626] hsr_slave_0: entered promiscuous mode [ 82.098919][ T5626] hsr_slave_1: entered promiscuous mode [ 82.105463][ T5626] debugfs: 'hsr0' already exists in 'hsr' [ 82.111288][ T5626] Cannot create hsr debugfs directory [ 82.420709][ T5621] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 82.434604][ T5621] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.463981][ T5621] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 82.474644][ T5621] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.503370][ T5621] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 82.516992][ T5621] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.553782][ T5621] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.564039][ T5621] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.651120][ T5625] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.662202][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.671274][ T5625] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.683434][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.691885][ T5625] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.702761][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.715150][ T5625] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.725970][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.836904][ T5626] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.849838][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.862694][ T5626] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.873356][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.882618][ T5626] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.893237][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.912377][ T5626] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.922951][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.988577][ T5621] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.033125][ T5630] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.043922][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 83.063155][ T5630] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.073873][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 83.084642][ T5621] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.099848][ T5630] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.111853][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 83.125101][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.132946][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.153894][ T5630] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.164239][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 83.171762][ T5636] Bluetooth: hci0: command tx timeout [ 83.192683][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.199918][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.235019][ T5625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.320829][ T5625] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.332767][ T5636] Bluetooth: hci1: command tx timeout [ 83.339194][ T5632] Bluetooth: hci2: command tx timeout [ 83.339909][ T4940] Bluetooth: hci3: command tx timeout [ 83.363303][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.370475][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.398497][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.405759][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.479681][ T5626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.565749][ T5626] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.616875][ T5630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.644943][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.652211][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.686457][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.693907][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.747700][ T5630] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.796152][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.803393][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.834606][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.841771][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.457046][ T5621] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.479819][ T5625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.628551][ T5625] veth0_vlan: entered promiscuous mode [ 84.669638][ T5621] veth0_vlan: entered promiscuous mode [ 84.717283][ T5625] veth1_vlan: entered promiscuous mode [ 84.740606][ T5621] veth1_vlan: entered promiscuous mode [ 84.864837][ T5625] veth0_macvtap: entered promiscuous mode [ 84.884655][ T5621] veth0_macvtap: entered promiscuous mode [ 84.893780][ T5625] veth1_macvtap: entered promiscuous mode [ 84.913662][ T5626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.925860][ T5621] veth1_macvtap: entered promiscuous mode [ 84.973867][ T5630] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.989161][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.003549][ T5621] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.026177][ T5621] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.037931][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.078234][ T998] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.088521][ T998] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.107765][ T998] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.128490][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.137740][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.160552][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.169609][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.188138][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.251863][ T4940] Bluetooth: hci0: command tx timeout [ 85.275924][ T5630] veth0_vlan: entered promiscuous mode [ 85.295205][ T5626] veth0_vlan: entered promiscuous mode [ 85.345542][ T5630] veth1_vlan: entered promiscuous mode [ 85.366381][ T998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.375838][ T998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.412004][ T4940] Bluetooth: hci3: command tx timeout [ 85.412245][ T5632] Bluetooth: hci2: command tx timeout [ 85.417880][ T4940] Bluetooth: hci1: command tx timeout [ 85.425684][ T5626] veth1_vlan: entered promiscuous mode [ 85.497283][ T998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.501759][ T5630] veth0_macvtap: entered promiscuous mode [ 85.517281][ T998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.546922][ T998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.550897][ T5630] veth1_macvtap: entered promiscuous mode [ 85.557793][ T998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.594332][ T5626] veth0_macvtap: entered promiscuous mode [ 85.627029][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.643609][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.651059][ T5626] veth1_macvtap: entered promiscuous mode [ 85.672472][ T5630] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.698691][ T5625] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 85.711430][ T5630] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.735285][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.767876][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.778940][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.790353][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.819949][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.885265][ T2998] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.933058][ T2998] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.945789][ T2998] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.980237][ T2998] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.006614][ T2998] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.180702][ T2998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.198369][ T2998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.270471][ T2998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.301469][ T2998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.360487][ T2998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.376569][ T2998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.440070][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.463627][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.040414][ T5791] netlink: 'syz.0.6': attribute type 1 has an invalid length. [ 87.086622][ T5791] netlink: 1 bytes leftover after parsing attributes in process `syz.0.6'. [ 87.331813][ T4940] Bluetooth: hci0: command tx timeout [ 87.494465][ T5636] Bluetooth: hci2: command tx timeout [ 87.494988][ T5632] Bluetooth: hci3: command tx timeout [ 87.499955][ T4940] Bluetooth: hci1: command tx timeout [ 87.727627][ T5797] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7'. [ 88.266352][ T5807] zswap: compressor 000 not available [ 88.403740][ T5819] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.202985][ T5826] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 89.415416][ T5819] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 90.422027][ T5834] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13'. [ 91.294933][ T5852] FAULT_INJECTION: forcing a failure. [ 91.294933][ T5852] name failslab, interval 1, probability 0, space 0, times 1 [ 91.365833][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz.3.15 Not tainted syzkaller #0 PREEMPT(full) [ 91.365872][ T5852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 91.365898][ T5852] Call Trace: [ 91.365907][ T5852] [ 91.365918][ T5852] dump_stack_lvl+0x100/0x190 [ 91.365967][ T5852] should_fail_ex.cold+0x5/0xa [ 91.366006][ T5852] should_failslab+0xc2/0x120 [ 91.366048][ T5852] kmem_cache_alloc_noprof+0x91/0x6a0 [ 91.366083][ T5852] ? stack_trace_save+0x8e/0xc0 [ 91.366123][ T5852] ? alloc_empty_file+0x5b/0x1c0 [ 91.366166][ T5852] alloc_empty_file+0x5b/0x1c0 [ 91.366205][ T5852] path_openat+0xe7/0x4280 [ 91.366233][ T5852] ? __kasan_slab_alloc+0x89/0x90 [ 91.366328][ T5852] ? kmem_cache_alloc_noprof+0x26b/0x6a0 [ 91.366358][ T5852] ? do_getname+0x35/0x390 [ 91.366388][ T5852] ? do_sys_openat2+0xc7/0x1e0 [ 91.366420][ T5852] ? __x64_sys_openat+0x12d/0x210 [ 91.366455][ T5852] ? do_syscall_64+0x115/0x840 [ 91.366480][ T5852] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.366519][ T5852] ? __pfx_path_openat+0x10/0x10 [ 91.366558][ T5852] do_file_open+0x20e/0x430 [ 91.366590][ T5852] ? __pfx_do_file_open+0x10/0x10 [ 91.366644][ T5852] ? alloc_fd+0x471/0x7a0 [ 91.366675][ T5852] ? do_getname+0x191/0x390 [ 91.366714][ T5852] do_sys_openat2+0x10f/0x1e0 [ 91.366750][ T5852] ? __pfx_do_sys_openat2+0x10/0x10 [ 91.366791][ T5852] ? fdget+0x18b/0x210 [ 91.366823][ T5852] __x64_sys_openat+0x12d/0x210 [ 91.366861][ T5852] ? __pfx___x64_sys_openat+0x10/0x10 [ 91.366909][ T5852] do_syscall_64+0x115/0x840 [ 91.366933][ T5852] ? clear_bhb_loop+0x40/0x90 [ 91.366963][ T5852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.366992][ T5852] RIP: 0033:0x7f4e2699de59 [ 91.367027][ T5852] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 91.367053][ T5852] RSP: 002b:00007f4e2788b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 91.367078][ T5852] RAX: ffffffffffffffda RBX: 00007f4e26c25fa0 RCX: 00007f4e2699de59 [ 91.367096][ T5852] RDX: 0000000000088000 RSI: 0000200000001a00 RDI: ffffffffffffff9c [ 91.367114][ T5852] RBP: 00007f4e26a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 91.367130][ T5852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 91.367147][ T5852] R13: 00007f4e26c26038 R14: 00007f4e26c25fa0 R15: 00007ffe9e44cd98 [ 91.367185][ T5852] [ 91.696772][ T5856] Zero length message leads to an empty skb [ 91.991300][ T11] cfg80211: failed to load regulatory.db [ 92.906169][ T5855] Process accounting resumed [ 93.087388][ T5862] syz.1.18 (5862) used greatest stack depth: 19264 bytes left [ 93.308375][ T5874] MTRR 1 not used [ 93.629208][ T5883] ======================================================= [ 93.629208][ T5883] WARNING: The mand mount option has been deprecated and [ 93.629208][ T5883] and is ignored by this kernel. Remove the mand [ 93.629208][ T5883] option from the mount to silence this warning. [ 93.629208][ T5883] ======================================================= [ 94.362440][ T5896] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 95.196082][ T5900] netlink: 12 bytes leftover after parsing attributes in process `syz.0.33'. [ 97.368651][ T5935] FAULT_INJECTION: forcing a failure. [ 97.368651][ T5935] name failslab, interval 1, probability 0, space 0, times 0 [ 97.404063][ T5935] CPU: 0 UID: 0 PID: 5935 Comm: syz.0.29 Not tainted syzkaller #0 PREEMPT(full) [ 97.404103][ T5935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 97.404120][ T5935] Call Trace: [ 97.404129][ T5935] [ 97.404140][ T5935] dump_stack_lvl+0x100/0x190 [ 97.404183][ T5935] should_fail_ex.cold+0x5/0xa [ 97.404221][ T5935] should_failslab+0xc2/0x120 [ 97.404272][ T5935] kmem_cache_alloc_noprof+0x91/0x6a0 [ 97.404307][ T5935] ? stack_trace_save+0x8e/0xc0 [ 97.404348][ T5935] ? alloc_empty_file+0x5b/0x1c0 [ 97.404394][ T5935] alloc_empty_file+0x5b/0x1c0 [ 97.404432][ T5935] path_openat+0xe7/0x4280 [ 97.404458][ T5935] ? __kasan_slab_alloc+0x89/0x90 [ 97.404492][ T5935] ? kmem_cache_alloc_noprof+0x26b/0x6a0 [ 97.404523][ T5935] ? do_getname+0x35/0x390 [ 97.404555][ T5935] ? do_sys_openat2+0xc7/0x1e0 [ 97.404587][ T5935] ? __x64_sys_openat+0x12d/0x210 [ 97.404623][ T5935] ? do_syscall_64+0x115/0x840 [ 97.404648][ T5935] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.404689][ T5935] ? __pfx_path_openat+0x10/0x10 [ 97.404730][ T5935] do_file_open+0x20e/0x430 [ 97.404762][ T5935] ? __pfx_do_file_open+0x10/0x10 [ 97.404817][ T5935] ? alloc_fd+0x471/0x7a0 [ 97.404849][ T5935] ? do_getname+0x191/0x390 [ 97.404888][ T5935] do_sys_openat2+0x10f/0x1e0 [ 97.404926][ T5935] ? __pfx_do_sys_openat2+0x10/0x10 [ 97.404967][ T5935] ? fdget+0x18b/0x210 [ 97.405000][ T5935] __x64_sys_openat+0x12d/0x210 [ 97.405040][ T5935] ? __pfx___x64_sys_openat+0x10/0x10 [ 97.405094][ T5935] do_syscall_64+0x115/0x840 [ 97.405119][ T5935] ? clear_bhb_loop+0x40/0x90 [ 97.405153][ T5935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.405182][ T5935] RIP: 0033:0x7f3e3a79de59 [ 97.405207][ T5935] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 97.405241][ T5935] RSP: 002b:00007f3e3b61e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 97.405268][ T5935] RAX: ffffffffffffffda RBX: 00007f3e3aa25fa0 RCX: 00007f3e3a79de59 [ 97.405288][ T5935] RDX: 0000000000088000 RSI: 0000200000001a00 RDI: ffffffffffffff9c [ 97.405306][ T5935] RBP: 00007f3e3a833e6f R08: 0000000000000000 R09: 0000000000000000 [ 97.405324][ T5935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 97.405340][ T5935] R13: 00007f3e3aa26038 R14: 00007f3e3aa25fa0 R15: 00007ffc9a6f45a8 [ 97.405377][ T5935] [ 98.746754][ T5932] Process accounting resumed [ 100.818219][ T5975] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 103.474931][ T6007] FAULT_INJECTION: forcing a failure. [ 103.474931][ T6007] name failslab, interval 1, probability 0, space 0, times 0 [ 103.496993][ T6007] CPU: 0 UID: 0 PID: 6007 Comm: syz.1.44 Not tainted syzkaller #0 PREEMPT(full) [ 103.497037][ T6007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 103.497065][ T6007] Call Trace: [ 103.497076][ T6007] [ 103.497087][ T6007] dump_stack_lvl+0x100/0x190 [ 103.497133][ T6007] should_fail_ex.cold+0x5/0xa [ 103.497178][ T6007] should_failslab+0xc2/0x120 [ 103.497219][ T6007] kmem_cache_alloc_noprof+0x91/0x6a0 [ 103.497254][ T6007] ? stack_trace_save+0x8e/0xc0 [ 103.497296][ T6007] ? alloc_empty_file+0x5b/0x1c0 [ 103.497340][ T6007] alloc_empty_file+0x5b/0x1c0 [ 103.497379][ T6007] path_openat+0xe7/0x4280 [ 103.497407][ T6007] ? __kasan_slab_alloc+0x89/0x90 [ 103.497445][ T6007] ? kmem_cache_alloc_noprof+0x26b/0x6a0 [ 103.497479][ T6007] ? do_getname+0x35/0x390 [ 103.497513][ T6007] ? do_sys_openat2+0xc7/0x1e0 [ 103.497549][ T6007] ? __x64_sys_openat+0x12d/0x210 [ 103.497585][ T6007] ? do_syscall_64+0x115/0x840 [ 103.497611][ T6007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.497653][ T6007] ? __pfx_path_openat+0x10/0x10 [ 103.497694][ T6007] do_file_open+0x20e/0x430 [ 103.497729][ T6007] ? __pfx_do_file_open+0x10/0x10 [ 103.497782][ T6007] ? alloc_fd+0x471/0x7a0 [ 103.497810][ T6007] ? do_getname+0x191/0x390 [ 103.497843][ T6007] do_sys_openat2+0x10f/0x1e0 [ 103.497877][ T6007] ? __pfx_do_sys_openat2+0x10/0x10 [ 103.497915][ T6007] ? fdget+0x18b/0x210 [ 103.497941][ T6007] __x64_sys_openat+0x12d/0x210 [ 103.497973][ T6007] ? __pfx___x64_sys_openat+0x10/0x10 [ 103.498021][ T6007] do_syscall_64+0x115/0x840 [ 103.498044][ T6007] ? clear_bhb_loop+0x40/0x90 [ 103.498134][ T6007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.498165][ T6007] RIP: 0033:0x7f974499de59 [ 103.498189][ T6007] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 103.498216][ T6007] RSP: 002b:00007f97458d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 103.498242][ T6007] RAX: ffffffffffffffda RBX: 00007f9744c25fa0 RCX: 00007f974499de59 [ 103.498262][ T6007] RDX: 0000000000088000 RSI: 0000200000001a00 RDI: ffffffffffffff9c [ 103.498281][ T6007] RBP: 00007f9744a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 103.498299][ T6007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.498315][ T6007] R13: 00007f9744c26038 R14: 00007f9744c25fa0 R15: 00007fffe602b668 [ 103.498355][ T6007] [ 106.551988][ T6047] MTRR 1 not used [ 108.319888][ T6071] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.0.54: 7 [ 109.002787][ T29] audit: type=1804 audit(1782864154.878:2): pid=6085 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.57" name="/newroot/12/file0" dev="tmpfs" ino=79 res=1 errno=0 [ 109.944551][ T6094] can0: slcan on pty155. [ 110.186307][ T6096] can0 (unregistered): slcan off pty155. [ 111.689484][ T6103] Process accounting resumed [ 111.908363][ T6118] netlink: 'syz.0.64': attribute type 10 has an invalid length. [ 111.949993][ T6118] netlink: 330 bytes leftover after parsing attributes in process `syz.0.64'. [ 120.713876][ T6210] kexec: Could not allocate control_code_buffer [ 122.432522][ T6253] FAULT_INJECTION: forcing a failure. [ 122.432522][ T6253] name failslab, interval 1, probability 0, space 0, times 0 [ 122.448846][ T6253] CPU: 1 UID: 0 PID: 6253 Comm: syz.0.94 Not tainted syzkaller #0 PREEMPT(full) [ 122.448868][ T6253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 122.448877][ T6253] Call Trace: [ 122.448883][ T6253] [ 122.448890][ T6253] dump_stack_lvl+0x100/0x190 [ 122.448930][ T6253] should_fail_ex.cold+0x5/0xa [ 122.448951][ T6253] should_failslab+0xc2/0x120 [ 122.448972][ T6253] kmem_cache_alloc_noprof+0x91/0x6a0 [ 122.448991][ T6253] ? __pfx_vma_merge_new_range+0x10/0x10 [ 122.449007][ T6253] ? vm_area_dup+0x27/0x8e0 [ 122.449025][ T6253] vm_area_dup+0x27/0x8e0 [ 122.449041][ T6253] copy_vma+0x643/0xac0 [ 122.449060][ T6253] ? __pfx_copy_vma+0x10/0x10 [ 122.449098][ T6253] copy_vma_and_data+0x1cf/0x7c0 [ 122.449116][ T6253] ? __pfx_copy_vma_and_data+0x10/0x10 [ 122.449141][ T6253] ? __vma_start_write+0x17f/0x280 [ 122.449163][ T6253] ? __pfx___vma_start_write+0x10/0x10 [ 122.449191][ T6253] move_vma+0x574/0x1920 [ 122.449210][ T6253] ? __pfx_move_vma+0x10/0x10 [ 122.449228][ T6253] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 122.449249][ T6253] ? cap_mmap_addr+0x4b/0x120 [ 122.449263][ T6253] ? bpf_lsm_mmap_addr+0x9/0x30 [ 122.449277][ T6253] ? security_mmap_addr+0x71/0x1e0 [ 122.449303][ T6253] ? __get_unmapped_area+0x255/0x3e0 [ 122.449326][ T6253] ? vrm_set_new_addr+0x204/0x290 [ 122.449343][ T6253] mremap_to+0x234/0x4c0 [ 122.449359][ T6253] ? mas_walk+0x6ef/0x9b0 [ 122.449373][ T6253] ? __pfx_mremap_to+0x10/0x10 [ 122.449388][ T6253] ? check_prep_vma+0x912/0xe60 [ 122.449408][ T6253] __do_sys_mremap+0x88c/0x1850 [ 122.449432][ T6253] ? __pfx___do_sys_mremap+0x10/0x10 [ 122.449454][ T6253] ? __pfx_do_futex+0x10/0x10 [ 122.449477][ T6253] ? __x64_sys_futex+0x34f/0x4d0 [ 122.449505][ T6253] do_syscall_64+0x115/0x840 [ 122.449519][ T6253] ? clear_bhb_loop+0x40/0x90 [ 122.449541][ T6253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.449557][ T6253] RIP: 0033:0x7f3e3a79de59 [ 122.449577][ T6253] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.449592][ T6253] RSP: 002b:00007f3e3b61e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 122.449610][ T6253] RAX: ffffffffffffffda RBX: 00007f3e3aa25fa0 RCX: 00007f3e3a79de59 [ 122.449620][ T6253] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200001000000 [ 122.449629][ T6253] RBP: 00007f3e3a833e6f R08: 0000000100000000 R09: 0000000000000000 [ 122.449638][ T6253] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 122.449647][ T6253] R13: 00007f3e3aa26038 R14: 00007f3e3aa25fa0 R15: 00007ffc9a6f45a8 [ 122.449667][ T6253] [ 123.042310][ T6245] Process accounting resumed [ 123.700308][ T6251] Process accounting paused [ 127.401080][ T6310] FAULT_INJECTION: forcing a failure. [ 127.401080][ T6310] name failslab, interval 1, probability 0, space 0, times 0 [ 127.527780][ T6310] CPU: 1 UID: 0 PID: 6310 Comm: syz.3.95 Not tainted syzkaller #0 PREEMPT(full) [ 127.527820][ T6310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 127.527836][ T6310] Call Trace: [ 127.527846][ T6310] [ 127.527857][ T6310] dump_stack_lvl+0x100/0x190 [ 127.527899][ T6310] should_fail_ex.cold+0x5/0xa [ 127.527939][ T6310] should_failslab+0xc2/0x120 [ 127.527980][ T6310] kmem_cache_alloc_noprof+0x91/0x6a0 [ 127.528018][ T6310] ? __kernfs_new_node+0xd2/0xa10 [ 127.528053][ T6310] __kernfs_new_node+0xd2/0xa10 [ 127.528086][ T6310] ? __pfx___kernfs_new_node+0x10/0x10 [ 127.528123][ T6310] ? find_held_lock+0x2b/0x80 [ 127.528159][ T6310] ? kernfs_root+0xee/0x2a0 [ 127.528198][ T6310] ? kernfs_root+0xee/0x2a0 [ 127.528246][ T6310] kernfs_new_node+0x117/0x150 [ 127.528281][ T6310] __kernfs_create_file+0x53/0x350 [ 127.528320][ T6310] sysfs_add_file_mode_ns+0x207/0x3c0 [ 127.528375][ T6310] internal_create_group+0x593/0xfb0 [ 127.528429][ T6310] ? __pfx_internal_create_group+0x10/0x10 [ 127.528480][ T6310] ? kernfs_create_link+0x1bd/0x240 [ 127.528520][ T6310] internal_create_groups+0x9d/0x150 [ 127.528565][ T6310] device_add+0x71a/0x1970 [ 127.528608][ T6310] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 127.528650][ T6310] ? __pfx_device_add+0x10/0x10 [ 127.528693][ T6310] ? lockdep_init_map_type+0x5c/0x250 [ 127.528723][ T6310] ? __init_waitqueue_head+0xca/0x150 [ 127.528772][ T6310] netdev_register_kobject+0x1a9/0x3d0 [ 127.528824][ T6310] register_netdevice+0x15b6/0x25a0 [ 127.528870][ T6310] ? __pfx_register_netdevice+0x10/0x10 [ 127.528905][ T6310] ? net_generic+0xea/0x2a0 [ 127.528942][ T6310] ppp_dev_configure+0x986/0xcb0 [ 127.528981][ T6310] ppp_ioctl+0x9d7/0x27c0 [ 127.529014][ T6310] ? find_held_lock+0x2b/0x80 [ 127.529048][ T6310] ? __pfx_ppp_ioctl+0x10/0x10 [ 127.529081][ T6310] ? __fget_files+0x21f/0x3d0 [ 127.529111][ T6310] ? __pfx_ppp_ioctl+0x10/0x10 [ 127.529142][ T6310] __x64_sys_ioctl+0x18e/0x210 [ 127.529186][ T6310] do_syscall_64+0x115/0x840 [ 127.529211][ T6310] ? clear_bhb_loop+0x40/0x90 [ 127.529248][ T6310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.529278][ T6310] RIP: 0033:0x7f4e2699de59 [ 127.529302][ T6310] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 127.529327][ T6310] RSP: 002b:00007f4e27849028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 127.529353][ T6310] RAX: ffffffffffffffda RBX: 00007f4e26c26180 RCX: 00007f4e2699de59 [ 127.529371][ T6310] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000004 [ 127.529386][ T6310] RBP: 00007f4e26a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 127.529402][ T6310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.529419][ T6310] R13: 00007f4e26c26218 R14: 00007f4e26c26180 R15: 00007ffe9e44cd98 [ 127.529454][ T6310] [ 132.936119][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.943422][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.705536][ T6373] FAULT_INJECTION: forcing a failure. [ 134.705536][ T6373] name fail_futex, interval 1, probability 0, space 0, times 1 [ 134.738488][ T6373] CPU: 1 UID: 0 PID: 6373 Comm: syz.2.103 Not tainted syzkaller #0 PREEMPT(full) [ 134.738511][ T6373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 134.738520][ T6373] Call Trace: [ 134.738525][ T6373] [ 134.738532][ T6373] dump_stack_lvl+0x100/0x190 [ 134.738555][ T6373] should_fail_ex.cold+0x5/0xa [ 134.738577][ T6373] get_futex_key+0x1d2/0x14f0 [ 134.738595][ T6373] ? __pfx_get_futex_key+0x10/0x10 [ 134.738617][ T6373] futex_wait_setup+0x91/0x540 [ 134.738659][ T6373] __futex_wait+0x19f/0x300 [ 134.738682][ T6373] ? __pfx___futex_wait+0x10/0x10 [ 134.738701][ T6373] ? futex_hash+0x311/0x400 [ 134.738718][ T6373] ? __pfx_futex_wake_mark+0x10/0x10 [ 134.738740][ T6373] ? __pfx_futex_hash+0x10/0x10 [ 134.738755][ T6373] ? __pfx_core_sys_select+0x10/0x10 [ 134.738778][ T6373] ? get_pid_task+0xfc/0x250 [ 134.738801][ T6373] futex_wait+0xe6/0x370 [ 134.738820][ T6373] ? __pfx_futex_wait+0x10/0x10 [ 134.738849][ T6373] do_futex+0x265/0x440 [ 134.738866][ T6373] ? __pfx_do_futex+0x10/0x10 [ 134.738884][ T6373] ? __fget_files+0x21f/0x3d0 [ 134.738899][ T6373] __x64_sys_futex+0x34f/0x4d0 [ 134.738927][ T6373] ? __pfx___x64_sys_futex+0x10/0x10 [ 134.738945][ T6373] ? __pfx_do_writev+0x10/0x10 [ 134.738973][ T6373] do_syscall_64+0x115/0x840 [ 134.738987][ T6373] ? clear_bhb_loop+0x40/0x90 [ 134.739004][ T6373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.739020][ T6373] RIP: 0033:0x7fb964b9de59 [ 134.739034][ T6373] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 134.739048][ T6373] RSP: 002b:00007fb965b170e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 134.739062][ T6373] RAX: ffffffffffffffda RBX: 00007fb964e25fa8 RCX: 00007fb964b9de59 [ 134.739072][ T6373] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb964e25fa8 [ 134.739081][ T6373] RBP: 00007fb964e25fa0 R08: 0000000000000000 R09: 0000000000000000 [ 134.739089][ T6373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.739098][ T6373] R13: 00007fb964e26038 R14: 00007ffc896bfb00 R15: 00007ffc896bfbe8 [ 134.739116][ T6373] [ 135.888804][ T6397] FAULT_INJECTION: forcing a failure. [ 135.888804][ T6397] name failslab, interval 1, probability 0, space 0, times 0 [ 135.921874][ T6397] CPU: 1 UID: 0 PID: 6397 Comm: syz.2.106 Not tainted syzkaller #0 PREEMPT(full) [ 135.921913][ T6397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 135.921930][ T6397] Call Trace: [ 135.921940][ T6397] [ 135.921950][ T6397] dump_stack_lvl+0x100/0x190 [ 135.921990][ T6397] should_fail_ex.cold+0x5/0xa [ 135.922026][ T6397] should_failslab+0xc2/0x120 [ 135.922066][ T6397] kmem_cache_alloc_noprof+0x91/0x6a0 [ 135.922101][ T6397] ? mas_preallocate+0x1105/0x14a0 [ 135.922140][ T6397] mas_preallocate+0x1105/0x14a0 [ 135.922179][ T6397] ? __pfx_mas_preallocate+0x10/0x10 [ 135.922232][ T6397] vma_link+0x14a/0x8d0 [ 135.922264][ T6397] ? __pfx_vma_link+0x10/0x10 [ 135.922307][ T6397] ? anon_vma_clone+0x675/0xcd0 [ 135.922370][ T6397] copy_vma+0x7e6/0xac0 [ 135.922406][ T6397] ? __pfx_copy_vma+0x10/0x10 [ 135.922478][ T6397] copy_vma_and_data+0x1cf/0x7c0 [ 135.922517][ T6397] ? __pfx_copy_vma_and_data+0x10/0x10 [ 135.922561][ T6397] ? __vma_start_write+0x17f/0x280 [ 135.922606][ T6397] ? __pfx___vma_start_write+0x10/0x10 [ 135.922659][ T6397] move_vma+0x574/0x1920 [ 135.922693][ T6397] ? __pfx_move_vma+0x10/0x10 [ 135.922727][ T6397] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 135.922768][ T6397] ? cap_mmap_addr+0x4b/0x120 [ 135.922794][ T6397] ? bpf_lsm_mmap_addr+0x9/0x30 [ 135.922820][ T6397] ? security_mmap_addr+0x71/0x1e0 [ 135.922856][ T6397] ? __get_unmapped_area+0x255/0x3e0 [ 135.922900][ T6397] ? vrm_set_new_addr+0x204/0x290 [ 135.922934][ T6397] mremap_to+0x234/0x4c0 [ 135.922963][ T6397] ? mas_walk+0x6ef/0x9b0 [ 135.922989][ T6397] ? __pfx_mremap_to+0x10/0x10 [ 135.923019][ T6397] ? check_prep_vma+0x912/0xe60 [ 135.923057][ T6397] __do_sys_mremap+0x88c/0x1850 [ 135.923101][ T6397] ? __pfx___do_sys_mremap+0x10/0x10 [ 135.923142][ T6397] ? __pfx_do_futex+0x10/0x10 [ 135.923184][ T6397] ? __x64_sys_futex+0x34f/0x4d0 [ 135.923236][ T6397] do_syscall_64+0x115/0x840 [ 135.923260][ T6397] ? clear_bhb_loop+0x40/0x90 [ 135.923294][ T6397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.923333][ T6397] RIP: 0033:0x7fb964b9de59 [ 135.923358][ T6397] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 135.923384][ T6397] RSP: 002b:00007fb965b17028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 135.923411][ T6397] RAX: ffffffffffffffda RBX: 00007fb964e25fa0 RCX: 00007fb964b9de59 [ 135.923430][ T6397] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200001000000 [ 135.923447][ T6397] RBP: 00007fb964c33e6f R08: 0000000100000000 R09: 0000000000000000 [ 135.923464][ T6397] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 135.923480][ T6397] R13: 00007fb964e26038 R14: 00007fb964e25fa0 R15: 00007ffc896bfbe8 [ 135.923517][ T6397] [ 135.925655][ T6394] netlink: 'syz.1.105': attribute type 10 has an invalid length. [ 136.215653][ T6394] netlink: 330 bytes leftover after parsing attributes in process `syz.1.105'. [ 136.466591][ T6405] FAULT_INJECTION: forcing a failure. [ 136.466591][ T6405] name failslab, interval 1, probability 0, space 0, times 0 [ 136.490908][ T6405] CPU: 1 UID: 0 PID: 6405 Comm: syz.0.107 Not tainted syzkaller #0 PREEMPT(full) [ 136.490949][ T6405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 136.490967][ T6405] Call Trace: [ 136.490976][ T6405] [ 136.490987][ T6405] dump_stack_lvl+0x100/0x190 [ 136.491026][ T6405] should_fail_ex.cold+0x5/0xa [ 136.491066][ T6405] should_failslab+0xc2/0x120 [ 136.491106][ T6405] __kmalloc_cache_noprof+0x91/0x6c0 [ 136.491131][ T6405] ? __asan_memcpy+0x3c/0x60 [ 136.491147][ T6405] ? vidtv_psi_short_event_desc_init+0xbb/0x5f0 [ 136.491169][ T6405] vidtv_psi_short_event_desc_init+0xbb/0x5f0 [ 136.491189][ T6405] vidtv_psi_desc_clone+0x33f/0x5d0 [ 136.491206][ T6405] vidtv_channel_si_init+0x76c/0x18f0 [ 136.491232][ T6405] vidtv_mux_init+0x522/0xbf0 [ 136.491255][ T6405] vidtv_start_feed+0x34e/0x500 [ 136.491290][ T6405] ? __pfx_vidtv_start_feed+0x10/0x10 [ 136.491329][ T6405] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 136.491386][ T6405] dmx_section_feed_start_filtering+0x3a8/0x660 [ 136.491424][ T6405] dvb_dmxdev_filter_start+0x767/0xdd0 [ 136.491453][ T6405] dvb_demux_do_ioctl+0xe64/0x1200 [ 136.491481][ T6405] dvb_usercopy+0x167/0x340 [ 136.491500][ T6405] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 136.491523][ T6405] ? __pfx_dvb_usercopy+0x10/0x10 [ 136.491551][ T6405] ? __fget_files+0x21f/0x3d0 [ 136.491569][ T6405] dvb_demux_ioctl+0x29/0x40 [ 136.491588][ T6405] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 136.491609][ T6405] __x64_sys_ioctl+0x18e/0x210 [ 136.491631][ T6405] do_syscall_64+0x115/0x840 [ 136.491645][ T6405] ? clear_bhb_loop+0x40/0x90 [ 136.491664][ T6405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.491680][ T6405] RIP: 0033:0x7f3e3a79de59 [ 136.491694][ T6405] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 136.491708][ T6405] RSP: 002b:00007f3e3b5fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 136.491723][ T6405] RAX: ffffffffffffffda RBX: 00007f3e3aa26090 RCX: 00007f3e3a79de59 [ 136.491732][ T6405] RDX: 0000000000000000 RSI: 00000000403c6f2b RDI: 0000000000000006 [ 136.491741][ T6405] RBP: 00007f3e3a833e6f R08: 0000000000000000 R09: 0000000000000000 [ 136.491750][ T6405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.491759][ T6405] R13: 00007f3e3aa26128 R14: 00007f3e3aa26090 R15: 00007ffc9a6f45a8 [ 136.491782][ T6405] [ 142.262018][ C1] vcan0: j1939_tp_rxtimer: 0xffff888059eeb000: rx timeout, send abort [ 142.289080][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888059eeb000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 142.556985][ T6444] Process accounting paused [ 142.737657][ T6459] FAULT_INJECTION: forcing a failure. [ 142.737657][ T6459] name failslab, interval 1, probability 0, space 0, times 0 [ 142.751463][ T6459] CPU: 1 UID: 0 PID: 6459 Comm: syz.1.121 Not tainted syzkaller #0 PREEMPT(full) [ 142.751501][ T6459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 142.751519][ T6459] Call Trace: [ 142.751528][ T6459] [ 142.751537][ T6459] dump_stack_lvl+0x100/0x190 [ 142.751578][ T6459] should_fail_ex.cold+0x5/0xa [ 142.751615][ T6459] should_failslab+0xc2/0x120 [ 142.751655][ T6459] __kmalloc_noprof+0xfc/0x820 [ 142.751687][ T6459] ? lockdep_init_map_type+0x5c/0x250 [ 142.751715][ T6459] ? __list_lru_init+0xd9/0x4b0 [ 142.751751][ T6459] __list_lru_init+0xd9/0x4b0 [ 142.751783][ T6459] sget_fc+0xabf/0x1d80 [ 142.751838][ T6459] ? __pfx_set_anon_super_fc+0x10/0x10 [ 142.751880][ T6459] ? __pfx_sget_fc+0x10/0x10 [ 142.751919][ T6459] ? refcount_dec_not_one+0x136/0x1c0 [ 142.751960][ T6459] ? __pfx_refcount_dec_not_one+0x10/0x10 [ 142.752002][ T6459] ? __kmalloc_cache_noprof+0x2e5/0x6c0 [ 142.752030][ T6459] ? __kasan_kmalloc+0xaa/0xb0 [ 142.752071][ T6459] ? __pfx_mqueue_fill_super+0x10/0x10 [ 142.752114][ T6459] get_tree_nodev+0x28/0x190 [ 142.752160][ T6459] mqueue_get_tree+0xf1/0x130 [ 142.752205][ T6459] vfs_get_tree+0x92/0x320 [ 142.752256][ T6459] fc_mount_longterm+0x1a/0x270 [ 142.752302][ T6459] mq_init_ns+0x482/0x820 [ 142.752337][ T6459] copy_ipcs+0x3dd/0x7e0 [ 142.752371][ T6459] create_new_namespaces+0x20a/0xac0 [ 142.752404][ T6459] ? security_capable+0x80/0x260 [ 142.752437][ T6459] unshare_nsproxy_namespaces+0xf2/0x220 [ 142.752473][ T6459] ksys_unshare+0x438/0xab0 [ 142.752512][ T6459] ? __pfx_ksys_unshare+0x10/0x10 [ 142.752564][ T6459] __x64_sys_unshare+0x31/0x40 [ 142.752601][ T6459] do_syscall_64+0x115/0x840 [ 142.752627][ T6459] ? clear_bhb_loop+0x40/0x90 [ 142.752663][ T6459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.752693][ T6459] RIP: 0033:0x7f974499de59 [ 142.752717][ T6459] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 142.752746][ T6459] RSP: 002b:00007f97458d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 142.752771][ T6459] RAX: ffffffffffffffda RBX: 00007f9744c25fa0 RCX: 00007f974499de59 [ 142.752790][ T6459] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000000 [ 142.752807][ T6459] RBP: 00007f9744a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 142.752823][ T6459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 142.752838][ T6459] R13: 00007f9744c26038 R14: 00007f9744c25fa0 R15: 00007fffe602b668 [ 142.752871][ T6459] [ 146.314539][ T6489] netlink: 28 bytes leftover after parsing attributes in process `syz.3.127'. [ 146.415997][ T6489] vlan1: entered allmulticast mode [ 146.436722][ T6489] veth0_vlan: entered allmulticast mode [ 147.659624][ T6506] MTRR 1 not used [ 150.040886][ T6528] can: request_module (can-proto-3) failed. [ 153.795064][ T6562] Process accounting paused [ 153.874216][ T6575] Process accounting resumed [ 155.681939][ T6598] random: crng reseeded on system resumption [ 159.951033][ T6643] zswap: compressor 000 not available [ 160.686992][ T6655] FAULT_INJECTION: forcing a failure. [ 160.686992][ T6655] name failslab, interval 1, probability 0, space 0, times 0 [ 160.709986][ T6655] CPU: 0 UID: 0 PID: 6655 Comm: syz.1.156 Not tainted syzkaller #0 PREEMPT(full) [ 160.710023][ T6655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 160.710039][ T6655] Call Trace: [ 160.710048][ T6655] [ 160.710057][ T6655] dump_stack_lvl+0x100/0x190 [ 160.710100][ T6655] should_fail_ex.cold+0x5/0xa [ 160.710138][ T6655] should_failslab+0xc2/0x120 [ 160.710179][ T6655] kmem_cache_alloc_noprof+0x91/0x6a0 [ 160.710214][ T6655] ? __pfx_vma_merge_new_range+0x10/0x10 [ 160.710244][ T6655] ? vm_area_dup+0x27/0x8e0 [ 160.710275][ T6655] vm_area_dup+0x27/0x8e0 [ 160.710298][ T6655] copy_vma+0x643/0xac0 [ 160.710325][ T6655] ? __pfx_copy_vma+0x10/0x10 [ 160.710383][ T6655] copy_vma_and_data+0x1cf/0x7c0 [ 160.710413][ T6655] ? __pfx_copy_vma_and_data+0x10/0x10 [ 160.710449][ T6655] ? __vma_start_write+0x17f/0x280 [ 160.710482][ T6655] ? __pfx___vma_start_write+0x10/0x10 [ 160.710529][ T6655] move_vma+0x574/0x1920 [ 160.710559][ T6655] ? __pfx_move_vma+0x10/0x10 [ 160.710585][ T6655] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 160.710617][ T6655] ? cap_mmap_addr+0x4b/0x120 [ 160.710639][ T6655] ? bpf_lsm_mmap_addr+0x9/0x30 [ 160.710661][ T6655] ? security_mmap_addr+0x71/0x1e0 [ 160.710691][ T6655] ? __get_unmapped_area+0x255/0x3e0 [ 160.710726][ T6655] ? vrm_set_new_addr+0x204/0x290 [ 160.710752][ T6655] mremap_to+0x234/0x4c0 [ 160.710774][ T6655] ? mas_walk+0x6ef/0x9b0 [ 160.710795][ T6655] ? __pfx_mremap_to+0x10/0x10 [ 160.710820][ T6655] ? check_prep_vma+0x912/0xe60 [ 160.710850][ T6655] __do_sys_mremap+0x88c/0x1850 [ 160.710899][ T6655] ? __pfx___do_sys_mremap+0x10/0x10 [ 160.710939][ T6655] ? __pfx_do_futex+0x10/0x10 [ 160.710977][ T6655] ? __x64_sys_futex+0x34f/0x4d0 [ 160.711030][ T6655] do_syscall_64+0x115/0x840 [ 160.711055][ T6655] ? clear_bhb_loop+0x40/0x90 [ 160.711093][ T6655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.711120][ T6655] RIP: 0033:0x7f974499de59 [ 160.711141][ T6655] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 160.711165][ T6655] RSP: 002b:00007f97458d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 160.711188][ T6655] RAX: ffffffffffffffda RBX: 00007f9744c25fa0 RCX: 00007f974499de59 [ 160.711207][ T6655] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200001000000 [ 160.711223][ T6655] RBP: 00007f9744a33e6f R08: 0000000100000000 R09: 0000000000000000 [ 160.711238][ T6655] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 160.711253][ T6655] R13: 00007f9744c26038 R14: 00007f9744c25fa0 R15: 00007fffe602b668 [ 160.711287][ T6655] [ 161.018826][ T6656] random: crng reseeded on system resumption [ 162.912130][ T6684] ubi0: attaching mtd0 [ 162.946517][ T6684] ubi0: scanning is finished [ 162.984499][ T6684] ubi0: empty MTD device detected [ 163.721717][ T6684] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 163.842740][ T6684] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 163.868234][ T6684] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 163.953606][ T6684] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 164.001778][ T6684] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 164.098061][ T6684] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 164.192969][ T6684] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 190696488 [ 164.253693][ T6684] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 164.306032][ T6697] ubi0: background thread "ubi_bgt0d" started, PID 6697 [ 164.388747][ T6686] ubi0: detaching mtd0 [ 164.585128][ T6686] ubi0: mtd0 is detached [ 164.709251][ T6701] zswap: compressor 000 not available [ 167.188664][ T6738] random: crng reseeded on system resumption [ 169.385401][ T6761] netlink: 286 bytes leftover after parsing attributes in process `syz.0.183'. [ 169.685484][ T6774] ubi0: attaching mtd0 [ 169.717005][ T6774] ubi0: scanning is finished [ 170.108190][ T6765] zswap: compressor 000 not available [ 170.491420][ T6774] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 170.535413][ T6774] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 170.570269][ T6774] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 170.610298][ T6774] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 170.630743][ T6774] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 170.652989][ T6774] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 170.661733][ T6774] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 190696488 [ 170.676499][ T6774] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 170.698865][ T6784] ubi0: background thread "ubi_bgt0d" started, PID 6784 [ 170.719286][ T6778] ubi0: detaching mtd0 [ 170.827448][ T6778] ubi0: mtd0 is detached [ 171.410188][ T6786] zswap: compressor 000 not available [ 173.027675][ T6801] Process accounting resumed [ 174.287125][ T6811] FAULT_INJECTION: forcing a failure. [ 174.287125][ T6811] name failslab, interval 1, probability 0, space 0, times 0 [ 174.400343][ T6811] CPU: 0 UID: 0 PID: 6811 Comm: syz.1.182 Not tainted syzkaller #0 PREEMPT(full) [ 174.400383][ T6811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 174.400400][ T6811] Call Trace: [ 174.400410][ T6811] [ 174.400421][ T6811] dump_stack_lvl+0x100/0x190 [ 174.400462][ T6811] should_fail_ex.cold+0x5/0xa [ 174.400501][ T6811] should_failslab+0xc2/0x120 [ 174.400541][ T6811] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 174.400579][ T6811] ? __d_alloc+0x35/0xa50 [ 174.400627][ T6811] __d_alloc+0x35/0xa50 [ 174.400662][ T6811] d_alloc+0x4a/0x1e0 [ 174.400696][ T6811] lookup_one_qstr_excl+0x171/0x250 [ 174.400737][ T6811] start_dirop+0x59/0xb0 [ 174.400781][ T6811] simple_start_creating+0xf9/0x110 [ 174.400810][ T6811] ? __pfx_simple_start_creating+0x10/0x10 [ 174.400839][ T6811] ? mntput+0x70/0xa0 [ 174.400881][ T6811] ? simple_pin_fs+0xa3/0x190 [ 174.400924][ T6811] debugfs_start_creating.part.0+0x82/0x170 [ 174.400964][ T6811] __debugfs_create_file+0xb3/0x4f0 [ 174.401006][ T6811] debugfs_create_file_full+0x41/0x60 [ 174.401045][ T6811] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 174.401089][ T6811] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 174.401155][ T6811] ? kasan_save_track+0x14/0x30 [ 174.401187][ T6811] ? __kasan_kmalloc+0xaa/0xb0 [ 174.401220][ T6811] ? lockdep_init_map_type+0x5c/0x250 [ 174.401255][ T6811] preinit_net.part.0+0x43b/0x920 [ 174.401294][ T6811] copy_net_ns+0x339/0x7c0 [ 174.401332][ T6811] create_new_namespaces+0x3ea/0xac0 [ 174.401370][ T6811] unshare_nsproxy_namespaces+0xf2/0x220 [ 174.401405][ T6811] ksys_unshare+0x438/0xab0 [ 174.401440][ T6811] ? find_held_lock+0x2b/0x80 [ 174.401473][ T6811] ? exc_page_fault+0x6f/0xd0 [ 174.401515][ T6811] ? __pfx_ksys_unshare+0x10/0x10 [ 174.401567][ T6811] __x64_sys_unshare+0x31/0x40 [ 174.401612][ T6811] do_syscall_64+0x115/0x840 [ 174.401635][ T6811] ? clear_bhb_loop+0x40/0x90 [ 174.401672][ T6811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.401700][ T6811] RIP: 0033:0x7f974499de59 [ 174.401724][ T6811] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 174.401751][ T6811] RSP: 002b:00007f97458b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 174.401778][ T6811] RAX: ffffffffffffffda RBX: 00007f9744c26090 RCX: 00007f974499de59 [ 174.401798][ T6811] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 174.401814][ T6811] RBP: 00007f9744a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 174.401831][ T6811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 174.401847][ T6811] R13: 00007f9744c26128 R14: 00007f9744c26090 R15: 00007fffe602b668 [ 174.401885][ T6811] [ 174.941414][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 175.812711][ T4940] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 178.810380][ T6840] netlink: 8 bytes leftover after parsing attributes in process `syz.3.188'. [ 180.683370][ T6850] random: crng reseeded on system resumption [ 183.171802][ T6869] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 183.186686][ T6869] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 183.223353][ T6869] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 183.254450][ T6869] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 183.263943][ T6869] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 183.287213][ T6869] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 183.315423][ T6869] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 183.330027][ T6869] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 183.357316][ T6869] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 183.380721][ T6869] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 183.398258][ T6869] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 183.416795][ T6869] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 183.647522][ T6880] kafs: addr_prefs: Invalid Command [ 183.736579][ T6889] program syz.0.199 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 183.795303][ T6889] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 183.892239][ T4940] Bluetooth: hci0: command 0x0c1a tx timeout [ 183.903973][ T6879] Process accounting resumed [ 185.244830][ T6889] Process accounting paused [ 185.331776][ T5632] Bluetooth: hci1: command 0x0c1a tx timeout [ 185.338741][ T4940] Bluetooth: hci2: command 0x0c1a tx timeout [ 185.411493][ T5632] Bluetooth: hci3: command 0x0c1a tx timeout [ 185.613149][ T6909] netlink: 'syz.1.203': attribute type 1 has an invalid length. [ 185.702411][ T6908] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 185.724715][ T6908] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 185.731759][ T6908] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 185.743598][ T6908] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 187.736885][ T5636] Bluetooth: hci0: command 0x0c1a tx timeout [ 187.746177][ T4940] Bluetooth: hci1: command 0x0c1a tx timeout [ 187.814569][ T4940] Bluetooth: hci3: command 0x0c1a tx timeout [ 187.820724][ T5636] Bluetooth: hci2: command 0x0c1a tx timeout [ 188.212599][ T5632] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 189.815006][ T5636] Bluetooth: hci0: command 0x0c1a tx timeout [ 189.821123][ T5632] Bluetooth: hci1: command 0x0c1a tx timeout [ 189.865521][ T6937] binder: 6936:6937 ioctl 541b 0 returned -22 [ 189.892926][ T5636] Bluetooth: hci3: command 0x0c1a tx timeout [ 189.902989][ T5632] Bluetooth: hci2: command 0x0c1a tx timeout [ 192.247870][ T6954] netlink: 'syz.3.211': attribute type 1 has an invalid length. [ 192.297156][ T6954] netlink: 1 bytes leftover after parsing attributes in process `syz.3.211'. [ 194.376985][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.386418][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.905116][ T6984] futex_wake_op: syz.3.216 tries to shift op by -2048; fix this program [ 196.947164][ T6984] 0x000000000001-0x000000020000 : "" [ 197.056339][ T6984] ftl_cs: FTL header corrupt! [ 197.207861][ T6990] random: crng reseeded on system resumption [ 197.900516][ T6997] netlink: 342 bytes leftover after parsing attributes in process `syz.3.218'. [ 199.179786][ T7015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.222'. [ 200.619994][ T7025] NFSD: Failed to start, no listeners configured. [ 201.573713][ T7034] vhci_hcd: not connected 4 [ 202.001753][ T7046] FAULT_INJECTION: forcing a failure. [ 202.001753][ T7046] name failslab, interval 1, probability 0, space 0, times 0 [ 202.035342][ T7046] CPU: 0 UID: 0 PID: 7046 Comm: syz.3.229 Not tainted syzkaller #0 PREEMPT(full) [ 202.035381][ T7046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 202.035397][ T7046] Call Trace: [ 202.035407][ T7046] [ 202.035417][ T7046] dump_stack_lvl+0x100/0x190 [ 202.035456][ T7046] should_fail_ex.cold+0x5/0xa [ 202.035491][ T7046] ? __pfx_devpts_fill_super+0x10/0x10 [ 202.035527][ T7046] should_failslab+0xc2/0x120 [ 202.035561][ T7046] ? __pfx_devpts_fill_super+0x10/0x10 [ 202.035598][ T7046] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 202.035634][ T7046] ? __pfx_inode_set_ctime_current+0x10/0x10 [ 202.035666][ T7046] ? __d_alloc+0x35/0xa50 [ 202.035699][ T7046] ? __pfx_devpts_fill_super+0x10/0x10 [ 202.035734][ T7046] __d_alloc+0x35/0xa50 [ 202.035767][ T7046] ? __pfx_devpts_fill_super+0x10/0x10 [ 202.035806][ T7046] d_make_root+0x3e/0x90 [ 202.035846][ T7046] devpts_fill_super+0x272/0x620 [ 202.035884][ T7046] ? __pfx_devpts_fill_super+0x10/0x10 [ 202.035920][ T7046] get_tree_nodev+0xdd/0x190 [ 202.035966][ T7046] vfs_get_tree+0x92/0x320 [ 202.036007][ T7046] vfs_cmd_create+0xd7/0x2a0 [ 202.036044][ T7046] __do_sys_fsconfig+0x55a/0xcb0 [ 202.036083][ T7046] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 202.036140][ T7046] do_syscall_64+0x115/0x840 [ 202.036163][ T7046] ? clear_bhb_loop+0x40/0x90 [ 202.036195][ T7046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.036221][ T7046] RIP: 0033:0x7f4e2699de59 [ 202.036244][ T7046] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 202.036270][ T7046] RSP: 002b:00007f4e2786a028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 202.036297][ T7046] RAX: ffffffffffffffda RBX: 00007f4e26c26090 RCX: 00007f4e2699de59 [ 202.036316][ T7046] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 202.036331][ T7046] RBP: 00007f4e26a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 202.036347][ T7046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 202.036362][ T7046] R13: 00007f4e26c26128 R14: 00007f4e26c26090 R15: 00007ffe9e44cd98 [ 202.036401][ T7046] [ 202.038435][ T7046] devpts: get root dentry failed [ 202.503699][ T7051] futex_wake_op: syz.0.228 tries to shift op by -2048; fix this program [ 202.673620][ T7050] 0x000000000001-0x000000020000 : "" [ 202.709997][ T7050] ftl_cs: FTL header corrupt! [ 204.692656][ T7058] Process accounting paused [ 205.272454][ T7073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.241'. [ 208.585956][ T7124] binder: 7122:7124 unknown command 0 [ 208.597068][ T7124] binder: 7122:7124 ioctl c0306201 0 returned -22 [ 210.895571][ T7155] kafs: addr_prefs: Invalid Command [ 211.748270][ T7167] ubi0: attaching mtd0 [ 211.762771][ T7162] netlink: 20 bytes leftover after parsing attributes in process `syz.3.251'. [ 211.783481][ T7167] ubi0: scanning is finished [ 211.790927][ T7168] program syz.2.252 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 211.837353][ T7168] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 212.333044][ T7167] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 212.434665][ T7167] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 212.523768][ T7167] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 212.677983][ T7167] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 212.842957][ T7167] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 212.937368][ T7167] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 213.036062][ T7167] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 190696488 [ 213.059969][ T7167] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 213.081069][ T7163] ubi0: detaching mtd0 [ 213.087594][ T7176] ubi0: background thread "ubi_bgt0d" started, PID 7176 [ 213.196682][ T7163] ubi0: mtd0 is detached [ 213.967027][ T7183] Process accounting paused [ 216.523595][ T7211] Process accounting resumed [ 216.891028][ T7242] NFSD: Failed to start, no listeners configured. [ 216.930945][ T7231] FAULT_INJECTION: forcing a failure. [ 216.930945][ T7231] name failslab, interval 1, probability 0, space 0, times 0 [ 216.980658][ T7231] CPU: 0 UID: 0 PID: 7231 Comm: syz.3.263 Not tainted syzkaller #0 PREEMPT(full) [ 216.980700][ T7231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 216.980718][ T7231] Call Trace: [ 216.980727][ T7231] [ 216.980738][ T7231] dump_stack_lvl+0x100/0x190 [ 216.980782][ T7231] should_fail_ex.cold+0x5/0xa [ 216.980830][ T7231] should_failslab+0xc2/0x120 [ 216.980875][ T7231] kmem_cache_alloc_noprof+0x91/0x6a0 [ 216.980909][ T7231] ? d_instantiate+0x8a/0xb0 [ 216.980944][ T7231] ? d_instantiate+0x8a/0xb0 [ 216.980976][ T7231] ? alloc_empty_file_noaccount+0x2b/0xd0 [ 216.981029][ T7231] alloc_empty_file_noaccount+0x2b/0xd0 [ 216.981075][ T7231] alloc_file_pseudo_noaccount+0x183/0x290 [ 216.981119][ T7231] ? __pfx_alloc_file_pseudo_noaccount+0x10/0x10 [ 216.981163][ T7231] ? iput+0x3a/0x40 [ 216.981199][ T7231] bdev_file_open_by_dev+0x13a/0x210 [ 216.981246][ T7231] blkdev_bszset+0x170/0x240 [ 216.981286][ T7231] ? __pfx_blkdev_bszset+0x10/0x10 [ 216.981342][ T7231] ? find_held_lock+0x2b/0x80 [ 216.981376][ T7231] ? __fget_files+0x215/0x3d0 [ 216.981399][ T7231] ? hook_file_ioctl_common+0x140/0x440 [ 216.981442][ T7231] blkdev_ioctl+0x513/0x6f0 [ 216.981508][ T7231] ? __pfx_blkdev_ioctl+0x10/0x10 [ 216.981557][ T7231] ? __pfx_blkdev_ioctl+0x10/0x10 [ 216.981606][ T7231] __x64_sys_ioctl+0x18e/0x210 [ 216.981653][ T7231] do_syscall_64+0x115/0x840 [ 216.981679][ T7231] ? clear_bhb_loop+0x40/0x90 [ 216.981718][ T7231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.981748][ T7231] RIP: 0033:0x7f4e2699de59 [ 216.981774][ T7231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 216.981833][ T7231] RSP: 002b:00007f4e2788b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 216.981861][ T7231] RAX: ffffffffffffffda RBX: 00007f4e26c25fa0 RCX: 00007f4e2699de59 [ 216.981885][ T7231] RDX: 00002000000000c0 RSI: 0000000040081271 RDI: 0000000000000002 [ 216.981902][ T7231] RBP: 00007f4e26a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 216.981916][ T7231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 216.981932][ T7231] R13: 00007f4e26c26038 R14: 00007f4e26c25fa0 R15: 00007ffe9e44cd98 [ 216.981966][ T7231] [ 218.130879][ T7257] binder: 7255:7257 ioctl 541b 0 returned -22 [ 220.595243][ T7267] syz.3.269 uses obsolete (PF_INET,SOCK_PACKET) [ 222.255135][ T7299] program syz.0.276 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 222.277931][ T7299] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5630] was attempted by ""[7299] [ 223.554425][ T29] audit: type=1804 audit(1782864275.437:3): pid=7320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.278" name="/newroot/60/file0" dev="tmpfs" ino=329 res=1 errno=0 [ 223.646846][ T29] audit: type=1804 audit(1782864275.437:4): pid=7312 uid=2 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.278" name="/newroot/60/file0" dev="tmpfs" ino=329 res=1 errno=0 [ 226.202229][ T7343] Process accounting resumed [ 227.639360][ T7364] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 227.716149][ T7361] netlink: 20 bytes leftover after parsing attributes in process `syz.0.287'. [ 227.896840][ T7369] netlink: 28 bytes leftover after parsing attributes in process `syz.3.289'. [ 228.306109][ T29] audit: type=1800 audit(1782864280.187:5): pid=7375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.291" name="lu_gp_id" dev="configfs" ino=18782 res=0 errno=0 [ 231.520719][ T7445] netlink: 20 bytes leftover after parsing attributes in process `syz.2.302'. [ 232.398109][ T7457] NFSD: Failed to start, no listeners configured. [ 233.586493][ T7479] netlink: 28 bytes leftover after parsing attributes in process `syz.1.319'. [ 233.643563][ T7485] netlink: 'syz.0.313': attribute type 22 has an invalid length. [ 233.655411][ T7485] netlink: 330 bytes leftover after parsing attributes in process `syz.0.313'. [ 233.904062][ T29] audit: type=1804 audit(1782864285.787:6): pid=7489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.312" name="/newroot/70/file0" dev="tmpfs" ino=384 res=1 errno=0 [ 233.949534][ T29] audit: type=1804 audit(1782864285.827:7): pid=7492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.312" name="/newroot/70/file0" dev="tmpfs" ino=384 res=1 errno=0 [ 235.005858][ T7494] Process accounting resumed [ 235.264117][ T7513] netlink: 20 bytes leftover after parsing attributes in process `syz.1.316'. [ 236.154123][ T7514] Invalid ELF header magic: != ELF [ 236.660834][ T7533] netlink: 186 bytes leftover after parsing attributes in process `syz.3.321'. [ 240.518538][ T7566] kexec: Could not allocate control_code_buffer [ 240.658158][ T7591] netlink: 4 bytes leftover after parsing attributes in process `syz.1.338'. [ 240.669853][ T7591] netlink: 354 bytes leftover after parsing attributes in process `syz.1.338'. [ 241.237503][ T7605] vhci_hcd: not connected 4 [ 243.781462][ T7668] netlink: 25 bytes leftover after parsing attributes in process `syz.2.347'. [ 244.638261][ T7681] Process accounting resumed [ 246.707044][ T7718] random: crng reseeded on system resumption [ 247.109189][ T7718] hub 1-0:1.0: USB hub found [ 247.140317][ T7718] hub 1-0:1.0: 1 port detected [ 247.467961][ T7727] FAULT_INJECTION: forcing a failure. [ 247.467961][ T7727] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 247.511717][ T7727] CPU: 0 UID: 0 PID: 7727 Comm: syz.3.354 Not tainted syzkaller #0 PREEMPT(full) [ 247.511754][ T7727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 247.511776][ T7727] Call Trace: [ 247.511785][ T7727] [ 247.511795][ T7727] dump_stack_lvl+0x100/0x190 [ 247.511837][ T7727] should_fail_ex.cold+0x5/0xa [ 247.511869][ T7727] ? prepare_alloc_pages+0x16d/0x5f0 [ 247.511917][ T7727] should_fail_alloc_page+0xeb/0x140 [ 247.511961][ T7727] prepare_alloc_pages+0x1f0/0x5f0 [ 247.512000][ T7727] __alloc_frozen_pages_noprof+0x1af/0x2dc0 [ 247.512035][ T7727] ? rcu_is_watching+0x12/0xc0 [ 247.512066][ T7727] ? trace_mm_page_alloc+0x164/0x1c0 [ 247.512102][ T7727] ? __alloc_frozen_pages_noprof+0x2d1/0x2dc0 [ 247.512133][ T7727] ? is_bpf_text_address+0x8a/0x1a0 [ 247.512177][ T7727] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 247.512221][ T7727] ? is_bpf_text_address+0x94/0x1a0 [ 247.512264][ T7727] ? kernel_text_address+0x8d/0x100 [ 247.512309][ T7727] ? __kernel_text_address+0xd/0x30 [ 247.512351][ T7727] ? unwind_get_return_address+0x59/0xa0 [ 247.512395][ T7727] ? arch_stack_walk+0xa6/0xf0 [ 247.512438][ T7727] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 247.512483][ T7727] ? stack_trace_save+0x8e/0xc0 [ 247.512522][ T7727] ? __pfx_stack_trace_save+0x10/0x10 [ 247.512580][ T7727] alloc_pages_bulk_noprof+0x5de/0x13c0 [ 247.512622][ T7727] ? policy_nodemask+0xed/0x4f0 [ 247.512666][ T7727] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 247.512721][ T7727] __kasan_populate_vmalloc+0xf0/0x210 [ 247.512764][ T7727] alloc_vmap_area+0x95d/0x2bb0 [ 247.512814][ T7727] ? kasan_save_track+0x14/0x30 [ 247.512850][ T7727] ? __kasan_kmalloc+0xaa/0xb0 [ 247.512885][ T7727] ? __pfx_alloc_vmap_area+0x10/0x10 [ 247.512923][ T7727] ? kasan_save_stack+0x3f/0x50 [ 247.512958][ T7727] ? __get_vm_area_node+0x101/0x330 [ 247.513003][ T7727] __get_vm_area_node+0x1ca/0x330 [ 247.513048][ T7727] ? vb2_vmalloc_alloc+0x135/0x410 [ 247.513095][ T7727] __vmalloc_node_range_noprof+0x228/0x1630 [ 247.513143][ T7727] ? vb2_vmalloc_alloc+0x135/0x410 [ 247.513200][ T7727] ? vb2_vmalloc_alloc+0x135/0x410 [ 247.513269][ T7727] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 247.513319][ T7727] ? kasan_save_track+0x14/0x30 [ 247.513360][ T7727] ? __kasan_kmalloc+0xaa/0xb0 [ 247.513396][ T7727] ? __kmalloc_cache_noprof+0x2e5/0x6c0 [ 247.513427][ T7727] ? vb2_vmalloc_alloc+0x135/0x410 [ 247.513474][ T7727] vmalloc_user_noprof+0x9e/0xe0 [ 247.513520][ T7727] ? vb2_vmalloc_alloc+0x135/0x410 [ 247.513569][ T7727] vb2_vmalloc_alloc+0x135/0x410 [ 247.513614][ T7727] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 247.513662][ T7727] __vb2_queue_alloc+0x8d5/0x1160 [ 247.513724][ T7727] vb2_core_reqbufs+0x899/0xf30 [ 247.513776][ T7727] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 247.513820][ T7727] ? kasan_save_track+0x14/0x30 [ 247.513855][ T7727] ? __kasan_kmalloc+0xaa/0xb0 [ 247.513896][ T7727] ? __vb2_init_fileio+0x18f/0x1000 [ 247.513947][ T7727] __vb2_init_fileio+0x32d/0x1000 [ 247.513991][ T7727] ? aa_file_perm+0x7f3/0x14d0 [ 247.514043][ T7727] __vb2_perform_fileio+0x9ba/0x1380 [ 247.514097][ T7727] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 247.514153][ T7727] ? __pfx___might_resched+0x10/0x10 [ 247.514214][ T7727] vb2_fop_read+0x211/0x520 [ 247.514261][ T7727] v4l2_read+0x229/0x2c0 [ 247.514298][ T7727] ? __pfx_v4l2_read+0x10/0x10 [ 247.514336][ T7727] vfs_read+0x1e4/0xb40 [ 247.514368][ T7727] ? __pfx_vfs_read+0x10/0x10 [ 247.514392][ T7727] ? find_held_lock+0x2b/0x80 [ 247.514428][ T7727] ? __fget_files+0x215/0x3d0 [ 247.514454][ T7727] ? __fget_files+0x215/0x3d0 [ 247.514487][ T7727] ? __fget_files+0x21f/0x3d0 [ 247.514524][ T7727] ksys_read+0x12a/0x250 [ 247.514551][ T7727] ? __pfx_ksys_read+0x10/0x10 [ 247.514588][ T7727] do_syscall_64+0x115/0x840 [ 247.514614][ T7727] ? clear_bhb_loop+0x40/0x90 [ 247.514650][ T7727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.514681][ T7727] RIP: 0033:0x7f4e2699de59 [ 247.514706][ T7727] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 247.514734][ T7727] RSP: 002b:00007f4e27828028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 247.514773][ T7727] RAX: ffffffffffffffda RBX: 00007f4e26c26270 RCX: 00007f4e2699de59 [ 247.514792][ T7727] RDX: 0000000000000028 RSI: 0000200000000280 RDI: 0000000000000008 [ 247.514810][ T7727] RBP: 00007f4e26a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 247.514828][ T7727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.514845][ T7727] R13: 00007f4e26c26308 R14: 00007f4e26c26270 R15: 00007ffe9e44cd98 [ 247.514884][ T7727] [ 247.998743][ T7727] syz.3.354: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 248.015163][ T7727] CPU: 0 UID: 0 PID: 7727 Comm: syz.3.354 Not tainted syzkaller #0 PREEMPT(full) [ 248.015202][ T7727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 248.015219][ T7727] Call Trace: [ 248.015227][ T7727] [ 248.015238][ T7727] dump_stack_lvl+0x100/0x190 [ 248.015279][ T7727] warn_alloc.cold+0x94/0xa8 [ 248.015319][ T7727] ? __pfx_warn_alloc+0x10/0x10 [ 248.015354][ T7727] ? lockdep_hardirqs_on+0x78/0x100 [ 248.015400][ T7727] ? __get_vm_area_node+0x2cd/0x330 [ 248.015449][ T7727] ? __get_vm_area_node+0x208/0x330 [ 248.015493][ T7727] ? vb2_vmalloc_alloc+0x135/0x410 [ 248.015540][ T7727] __vmalloc_node_range_noprof+0xccd/0x1630 [ 248.015598][ T7727] ? vb2_vmalloc_alloc+0x135/0x410 [ 248.015651][ T7727] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 248.015698][ T7727] ? kasan_save_track+0x14/0x30 [ 248.015730][ T7727] ? __kasan_kmalloc+0xaa/0xb0 [ 248.015764][ T7727] ? __kmalloc_cache_noprof+0x2e5/0x6c0 [ 248.015793][ T7727] ? vb2_vmalloc_alloc+0x135/0x410 [ 248.015834][ T7727] vmalloc_user_noprof+0x9e/0xe0 [ 248.015873][ T7727] ? vb2_vmalloc_alloc+0x135/0x410 [ 248.015916][ T7727] vb2_vmalloc_alloc+0x135/0x410 [ 248.015956][ T7727] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 248.015999][ T7727] __vb2_queue_alloc+0x8d5/0x1160 [ 248.016055][ T7727] vb2_core_reqbufs+0x899/0xf30 [ 248.016102][ T7727] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 248.016143][ T7727] ? kasan_save_track+0x14/0x30 [ 248.016174][ T7727] ? __kasan_kmalloc+0xaa/0xb0 [ 248.016211][ T7727] ? __vb2_init_fileio+0x18f/0x1000 [ 248.016257][ T7727] __vb2_init_fileio+0x32d/0x1000 [ 248.016306][ T7727] ? aa_file_perm+0x7f3/0x14d0 [ 248.016353][ T7727] __vb2_perform_fileio+0x9ba/0x1380 [ 248.016404][ T7727] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 248.016444][ T7727] ? __pfx___might_resched+0x10/0x10 [ 248.016496][ T7727] vb2_fop_read+0x211/0x520 [ 248.016539][ T7727] v4l2_read+0x229/0x2c0 [ 248.016572][ T7727] ? __pfx_v4l2_read+0x10/0x10 [ 248.016607][ T7727] vfs_read+0x1e4/0xb40 [ 248.016635][ T7727] ? __pfx_vfs_read+0x10/0x10 [ 248.016657][ T7727] ? find_held_lock+0x2b/0x80 [ 248.016689][ T7727] ? __fget_files+0x215/0x3d0 [ 248.016712][ T7727] ? __fget_files+0x215/0x3d0 [ 248.016742][ T7727] ? __fget_files+0x21f/0x3d0 [ 248.016775][ T7727] ksys_read+0x12a/0x250 [ 248.016799][ T7727] ? __pfx_ksys_read+0x10/0x10 [ 248.016833][ T7727] do_syscall_64+0x115/0x840 [ 248.016856][ T7727] ? clear_bhb_loop+0x40/0x90 [ 248.016888][ T7727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.016915][ T7727] RIP: 0033:0x7f4e2699de59 [ 248.016937][ T7727] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 248.016961][ T7727] RSP: 002b:00007f4e27828028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 248.016987][ T7727] RAX: ffffffffffffffda RBX: 00007f4e26c26270 RCX: 00007f4e2699de59 [ 248.017005][ T7727] RDX: 0000000000000028 RSI: 0000200000000280 RDI: 0000000000000008 [ 248.017022][ T7727] RBP: 00007f4e26a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 248.017038][ T7727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 248.017053][ T7727] R13: 00007f4e26c26308 R14: 00007f4e26c26270 R15: 00007ffe9e44cd98 [ 248.017089][ T7727] [ 248.017122][ T7727] Mem-Info: [ 248.299503][ T7742] process 'syz.3.354' launched ':,' with NULL argv: empty string added [ 248.308109][ T7727] active_anon:9361 inactive_anon:3320 isolated_anon:0 [ 248.308109][ T7727] active_file:4137 inactive_file:39015 isolated_file:0 [ 248.308109][ T7727] unevictable:768 dirty:428 writeback:0 [ 248.308109][ T7727] slab_reclaimable:10945 slab_unreclaimable:92340 [ 248.308109][ T7727] mapped:35206 shmem:4599 pagetables:1248 [ 248.308109][ T7727] sec_pagetables:0 bounce:0 [ 248.308109][ T7727] kernel_misc_reclaimable:0 [ 248.308109][ T7727] free:1320631 free_pcp:21261 free_cma:0 [ 248.399861][ T7727] Node 0 active_anon:37444kB inactive_anon:16980kB active_file:16532kB inactive_file:155868kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:141924kB dirty:1712kB writeback:0kB shmem:17960kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11848kB pagetables:4856kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 248.459038][ T7727] Node 1 active_anon:0kB inactive_anon:0kB active_file:16kB inactive_file:192kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 248.521958][ T7727] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 248.604379][ T7727] lowmem_reserve[]: 0 2476 2477 2477 2477 [ 248.629271][ T7727] Node 0 DMA32 free:1360468kB boost:0kB min:34052kB low:42564kB high:51076kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39964kB inactive_anon:20228kB active_file:16572kB inactive_file:155828kB unevictable:1536kB writepending:1760kB zspages:856kB present:3129332kB managed:2535508kB mlocked:0kB bounce:0kB free_pcp:46744kB local_pcp:37056kB free_cma:0kB [ 248.731985][ T7727] lowmem_reserve[]: 0 0 1 1 1 [ 248.743727][ T7727] Node 0 Normal free:4kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1028kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 248.822889][ T7727] lowmem_reserve[]: 0 0 0 0 0 [ 248.860370][ T7727] Node 1 Normal free:3900128kB boost:0kB min:55832kB low:69788kB high:83744kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:16kB inactive_file:192kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:35880kB local_pcp:34892kB free_cma:0kB [ 248.934620][ T7727] lowmem_reserve[]: 0 0 0 0 0 [ 248.965389][ T7727] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 249.021554][ T7727] Node 0 DMA32: 2*4kB (UM) 227*8kB (UME) 1085*16kB (ME) 1103*32kB (UME) 771*64kB (UME) 574*128kB (UM) 372*256kB (UME) 222*512kB (UM) 116*1024kB (UME) 50*2048kB (UME) 183*4096kB (UM) = 1356944kB [ 249.091066][ T7727] Node 0 Normal: 1*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 249.133302][ T7727] Node 1 Normal: 3*4kB (U) 3*8kB (UM) 1*16kB (U) 4*32kB (U) 3*64kB (UM) 3*128kB (U) 3*256kB (UM) 1*512kB (M) 3*1024kB (UM) 2*2048kB (U) 950*4096kB (UM) = 3900404kB [ 249.175949][ T7727] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 249.193938][ T7727] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 249.215568][ T7727] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 249.227728][ T7727] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 249.237991][ T7727] 50092 total pagecache pages [ 249.243095][ T7727] 32 pages in swap cache [ 249.249913][ T7727] Free swap = 110228kB [ 249.254587][ T7727] Total swap = 124996kB [ 249.260702][ T7727] 2097051 pages RAM [ 249.265043][ T7727] 0 pages HighMem/MovableOnly [ 249.269937][ T7727] 431302 pages reserved [ 249.275214][ T7727] 0 pages cma reserved [ 251.786475][ T7791] netlink: 350 bytes leftover after parsing attributes in process `syz.1.367'. [ 255.756925][ T5632] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 255.813200][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.822129][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.122105][ T7844] netlink: 20 bytes leftover after parsing attributes in process `syz.3.380'. [ 257.235508][ T7847] Process accounting paused [ 257.767703][ T7863] FAULT_INJECTION: forcing a failure. [ 257.767703][ T7863] name failslab, interval 1, probability 0, space 0, times 0 [ 257.875599][ T7863] CPU: 1 UID: 0 PID: 7863 Comm: syz.2.384 Not tainted syzkaller #0 PREEMPT(full) [ 257.875638][ T7863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 257.875655][ T7863] Call Trace: [ 257.875664][ T7863] [ 257.875675][ T7863] dump_stack_lvl+0x100/0x190 [ 257.875724][ T7863] should_fail_ex.cold+0x5/0xa [ 257.875762][ T7863] should_failslab+0xc2/0x120 [ 257.875801][ T7863] kmem_cache_alloc_noprof+0x91/0x6a0 [ 257.875839][ T7863] ? __kernfs_new_node+0xd2/0xa10 [ 257.875873][ T7863] __kernfs_new_node+0xd2/0xa10 [ 257.875907][ T7863] ? __pfx___kernfs_new_node+0x10/0x10 [ 257.875944][ T7863] ? find_held_lock+0x2b/0x80 [ 257.875980][ T7863] ? kernfs_root+0xee/0x2a0 [ 257.876021][ T7863] ? kernfs_root+0xee/0x2a0 [ 257.876072][ T7863] kernfs_new_node+0x117/0x150 [ 257.876108][ T7863] __kernfs_create_file+0x53/0x350 [ 257.876148][ T7863] sysfs_add_file_mode_ns+0x207/0x3c0 [ 257.876198][ T7863] sysfs_merge_group+0x194/0x340 [ 257.876243][ T7863] ? __pfx_sysfs_merge_group+0x10/0x10 [ 257.876286][ T7863] ? bus_add_device+0x2e2/0x6c0 [ 257.876322][ T7863] ? __pfx_bus_add_device+0x10/0x10 [ 257.876353][ T7863] ? __pfx_dev_add_physical_location+0x10/0x10 [ 257.876405][ T7863] dpm_sysfs_add+0x237/0x280 [ 257.876449][ T7863] device_add+0x9f4/0x1970 [ 257.876495][ T7863] ? __pfx_device_add+0x10/0x10 [ 257.876538][ T7863] ? lockdep_init_map_type+0x5c/0x250 [ 257.876568][ T7863] ? __init_waitqueue_head+0xca/0x150 [ 257.876608][ T7863] netdev_register_kobject+0x1a9/0x3d0 [ 257.876657][ T7863] register_netdevice+0x15b6/0x25a0 [ 257.876711][ T7863] ? __pfx_register_netdevice+0x10/0x10 [ 257.876745][ T7863] ? net_generic+0xea/0x2a0 [ 257.876778][ T7863] ppp_dev_configure+0x986/0xcb0 [ 257.876810][ T7863] ppp_ioctl+0x9d7/0x27c0 [ 257.876839][ T7863] ? find_held_lock+0x2b/0x80 [ 257.876870][ T7863] ? __pfx_ppp_ioctl+0x10/0x10 [ 257.876903][ T7863] ? __fget_files+0x21f/0x3d0 [ 257.876933][ T7863] ? __pfx_ppp_ioctl+0x10/0x10 [ 257.876960][ T7863] __x64_sys_ioctl+0x18e/0x210 [ 257.877007][ T7863] do_syscall_64+0x115/0x840 [ 257.877034][ T7863] ? clear_bhb_loop+0x40/0x90 [ 257.877069][ T7863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.877096][ T7863] RIP: 0033:0x7fb964b9de59 [ 257.877119][ T7863] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 257.877145][ T7863] RSP: 002b:00007fb965b17028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 257.877171][ T7863] RAX: ffffffffffffffda RBX: 00007fb964e25fa0 RCX: 00007fb964b9de59 [ 257.877190][ T7863] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000008 [ 257.877204][ T7863] RBP: 00007fb964c33e6f R08: 0000000000000000 R09: 0000000000000000 [ 257.877219][ T7863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 257.877235][ T7863] R13: 00007fb964e26038 R14: 00007fb964e25fa0 R15: 00007ffc896bfbe8 [ 257.877277][ T7863] [ 258.361870][ T7869] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 258.373842][ T7874] futex_wake_op: syz.0.386 tries to shift op by -2048; fix this program [ 258.382436][ T7874] futex_wake_op: syz.0.386 tries to shift op by -2048; fix this program [ 258.400587][ T7863] vivid-000: kernel_thread() failed [ 258.893685][ T7880] nvme_fabrics: missing parameter 'transport=%s' [ 258.910147][ T7880] nvme_fabrics: missing parameter 'nqn=%s' [ 261.912081][ T7925] mmap: syz.3.396 (7925) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 262.108281][ T5632] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 263.096987][ T7941] netlink: 20 bytes leftover after parsing attributes in process `syz.3.397'. [ 263.872597][ T7921] FAULT_INJECTION: forcing a failure. [ 263.872597][ T7921] name failslab, interval 1, probability 0, space 0, times 0 [ 264.007194][ T29] audit: type=1800 audit(1782864315.887:8): pid=7958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.399" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 264.029553][ T7921] CPU: 1 UID: 0 PID: 7921 Comm: syz.1.395 Not tainted syzkaller #0 PREEMPT(full) [ 264.029595][ T7921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 264.029612][ T7921] Call Trace: [ 264.029621][ T7921] [ 264.029632][ T7921] dump_stack_lvl+0x100/0x190 [ 264.029674][ T7921] should_fail_ex.cold+0x5/0xa [ 264.029713][ T7921] should_failslab+0xc2/0x120 [ 264.029753][ T7921] kmem_cache_alloc_noprof+0x91/0x6a0 [ 264.029788][ T7921] ? __proc_create+0xc1/0x8f0 [ 264.029817][ T7921] ? __proc_create+0xc1/0x8f0 [ 264.029845][ T7921] ? __proc_create+0x247/0x8f0 [ 264.029881][ T7921] __proc_create+0x247/0x8f0 [ 264.029912][ T7921] ? __pfx___proc_create+0x10/0x10 [ 264.029957][ T7921] proc_mkdir+0x81/0x170 [ 264.029986][ T7921] ? __pfx_proc_mkdir+0x10/0x10 [ 264.030015][ T7921] ? cache_register_net+0x137/0x5e0 [ 264.030062][ T7921] ? cache_register_net+0x137/0x5e0 [ 264.030113][ T7921] cache_register_net+0x18f/0x5e0 [ 264.030153][ T7921] gss_svc_init_net+0x14e/0x640 [ 264.030182][ T7921] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 264.030214][ T7921] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 264.030254][ T7921] ops_init+0x1e2/0x5f0 [ 264.030295][ T7921] setup_net+0x118/0x3a0 [ 264.030335][ T7921] ? __pfx_setup_net+0x10/0x10 [ 264.030371][ T7921] ? mutex_init_lockdep+0xf1/0x120 [ 264.030409][ T7921] copy_net_ns+0x46f/0x7c0 [ 264.030452][ T7921] create_new_namespaces+0x3ea/0xac0 [ 264.030494][ T7921] unshare_nsproxy_namespaces+0xf2/0x220 [ 264.030530][ T7921] ksys_unshare+0x438/0xab0 [ 264.030569][ T7921] ? __pfx_ksys_unshare+0x10/0x10 [ 264.030620][ T7921] __x64_sys_unshare+0x31/0x40 [ 264.030656][ T7921] do_syscall_64+0x115/0x840 [ 264.030681][ T7921] ? clear_bhb_loop+0x40/0x90 [ 264.030713][ T7921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.030738][ T7921] RIP: 0033:0x7f974499de59 [ 264.030759][ T7921] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 264.030783][ T7921] RSP: 002b:00007f97458b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 264.030807][ T7921] RAX: ffffffffffffffda RBX: 00007f9744c26090 RCX: 00007f974499de59 [ 264.030822][ T7921] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 264.030838][ T7921] RBP: 00007f9744a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 264.030853][ T7921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 264.030869][ T7921] R13: 00007f9744c26128 R14: 00007f9744c26090 R15: 00007fffe602b668 [ 264.030904][ T7921] [ 264.341286][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 264.870322][ T7971] random: crng reseeded on system resumption [ 265.266087][ T7915] Process accounting paused [ 268.131333][ T5632] Bluetooth: hci0: command 0x0c1a tx timeout [ 268.139064][ T7989] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 268.195070][ T7989] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 268.205320][ T7989] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 268.231444][ T7989] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 268.264486][ T7989] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 268.275635][ T7989] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 268.462468][ T8014] zswap: compressor not available [ 270.211344][ T5632] Bluetooth: hci2: command 0x0c1a tx timeout [ 270.211378][ T5636] Bluetooth: hci1: command 0x0c1a tx timeout [ 270.291560][ T5636] Bluetooth: hci3: command 0x0c1a tx timeout [ 270.343288][ T8061] netlink: 4 bytes leftover after parsing attributes in process `syz.0.418'. [ 270.354300][ T8061] netlink: 13 bytes leftover after parsing attributes in process `syz.0.418'. [ 270.481120][ T8065] netlink: 28 bytes leftover after parsing attributes in process `syz.0.418'. [ 270.583975][ T8065] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 270.613342][ T8065] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 270.637021][ T8065] bond0 (unregistering): Released all slaves [ 271.762514][ T8085] netlink: 17 bytes leftover after parsing attributes in process `syz.0.424'. [ 272.292105][ T5636] Bluetooth: hci2: command 0x0c1a tx timeout [ 272.371345][ T5636] Bluetooth: hci3: command 0x0c1a tx timeout [ 272.688622][ T8100] netlink: 28 bytes leftover after parsing attributes in process `syz.2.427'. [ 273.084534][ T8107] FAULT_INJECTION: forcing a failure. [ 273.084534][ T8107] name failslab, interval 1, probability 0, space 0, times 0 [ 273.132521][ T8107] CPU: 1 UID: 0 PID: 8107 Comm: syz.2.429 Not tainted syzkaller #0 PREEMPT(full) [ 273.132558][ T8107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 273.132575][ T8107] Call Trace: [ 273.132585][ T8107] [ 273.132596][ T8107] dump_stack_lvl+0x100/0x190 [ 273.132639][ T8107] should_fail_ex.cold+0x5/0xa [ 273.132678][ T8107] should_failslab+0xc2/0x120 [ 273.132719][ T8107] __kmalloc_noprof+0xfc/0x820 [ 273.132756][ T8107] ? constrain_params_by_rules+0x175/0xd20 [ 273.132806][ T8107] constrain_params_by_rules+0x175/0xd20 [ 273.132848][ T8107] ? kfree+0x22b/0x6c0 [ 273.132882][ T8107] ? constrain_params_by_rules+0xa88/0xd20 [ 273.132929][ T8107] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 273.132982][ T8107] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 273.133024][ T8107] ? snd_pcm_oss_ioctl+0x1870/0x3790 [ 273.133075][ T8107] ? __x64_sys_ioctl+0x18e/0x210 [ 273.133113][ T8107] ? do_syscall_64+0x115/0x840 [ 273.133159][ T8107] ? snd_interval_refine+0x2d0/0x580 [ 273.133204][ T8107] snd_pcm_hw_refine+0x82a/0xb40 [ 273.133256][ T8107] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 273.133298][ T8107] ? snd_pcm_hw_refine+0x35c/0xb40 [ 273.133347][ T8107] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 273.133397][ T8107] ? __kasan_kmalloc+0xaa/0xb0 [ 273.133438][ T8107] snd_pcm_hw_param_first+0x2b0/0x680 [ 273.133490][ T8107] snd_pcm_hw_param_near.constprop.0+0x739/0x850 [ 273.133539][ T8107] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 273.133584][ T8107] ? calc_src_frames.isra.0+0x17c/0x1c0 [ 273.133628][ T8107] ? calc_dst_frames.constprop.0.isra.0+0xed/0x120 [ 273.133682][ T8107] snd_pcm_oss_change_params_locked+0x18d9/0x39f0 [ 273.133744][ T8107] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 273.133791][ T8107] ? __pfx___mutex_lock+0x10/0x10 [ 273.133817][ T8107] ? find_held_lock+0x2b/0x80 [ 273.133853][ T8107] ? tomoyo_path_number_perm+0x28f/0x580 [ 273.133914][ T8107] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 273.133964][ T8107] snd_pcm_oss_get_formats+0x7d/0x350 [ 273.134003][ T8107] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 273.134049][ T8107] snd_pcm_oss_ioctl+0x1870/0x3790 [ 273.134093][ T8107] ? find_held_lock+0x2b/0x80 [ 273.134125][ T8107] ? __fget_files+0x215/0x3d0 [ 273.134147][ T8107] ? hook_file_ioctl_common+0x140/0x440 [ 273.134182][ T8107] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 273.134234][ T8107] ? __fget_files+0x21f/0x3d0 [ 273.134264][ T8107] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 273.134305][ T8107] __x64_sys_ioctl+0x18e/0x210 [ 273.134349][ T8107] do_syscall_64+0x115/0x840 [ 273.134374][ T8107] ? clear_bhb_loop+0x40/0x90 [ 273.134410][ T8107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.134440][ T8107] RIP: 0033:0x7fb964b9de59 [ 273.134464][ T8107] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 273.134490][ T8107] RSP: 002b:00007fb965af6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 273.134518][ T8107] RAX: ffffffffffffffda RBX: 00007fb964e26090 RCX: 00007fb964b9de59 [ 273.134538][ T8107] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000007 [ 273.134555][ T8107] RBP: 00007fb964c33e6f R08: 0000000000000000 R09: 0000000000000000 [ 273.134573][ T8107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 273.134590][ T8107] R13: 00007fb964e26128 R14: 00007fb964e26090 R15: 00007ffc896bfbe8 [ 273.134627][ T8107] [ 273.621415][ T8110] kafs: addr_prefs: Invalid Command [ 275.282023][ T8111] Process accounting paused [ 276.146793][ T8146] random: crng reseeded on system resumption [ 276.391187][ T8154] tipc: Started in network mode [ 276.409296][ T8154] tipc: Node identity ee00, cluster identity 4711 [ 276.430076][ T8154] tipc: Node number set to 60928 [ 276.935603][ T8158] netlink: zone id is out of range [ 276.952665][ T8158] netlink: zone id is out of range [ 276.969396][ T8158] netlink: zone id is out of range [ 276.980557][ T8158] netlink: zone id is out of range [ 276.986658][ T8158] netlink: zone id is out of range [ 276.995044][ T8158] netlink: zone id is out of range [ 277.002713][ T8158] netlink: zone id is out of range [ 277.011098][ T8158] netlink: zone id is out of range [ 277.017211][ T8158] netlink: zone id is out of range [ 277.022992][ T8171] netlink: 4 bytes leftover after parsing attributes in process `syz.0.442'. [ 277.043359][ T8158] netlink: zone id is out of range [ 277.054383][ T8171] netlink: 354 bytes leftover after parsing attributes in process `syz.0.442'. [ 277.828996][ T8188] netlink: 4 bytes leftover after parsing attributes in process `syz.2.446'. [ 277.905340][ T8188] netlink: 354 bytes leftover after parsing attributes in process `syz.2.446'. [ 280.273814][ T8214] futex_wake_op: syz.3.451 tries to shift op by -2048; fix this program [ 280.297828][ T8214] 0x000000000001-0x000000020000 : "" [ 280.330234][ T8214] ftl_cs: FTL header corrupt! [ 281.421755][ T8234] netlink: 'syz.1.455': attribute type 1 has an invalid length. [ 281.443769][ T8234] netlink: 9 bytes leftover after parsing attributes in process `syz.1.455'. [ 285.592080][ T8287] netlink: 9 bytes leftover after parsing attributes in process `syz.2.465'. [ 287.824199][ T8320] netlink: 25 bytes leftover after parsing attributes in process `syz.1.471'. [ 288.067217][ T8309] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.550108][ T8306] Process accounting resumed [ 290.491913][ T8351] NFSD: Failed to start, no listeners configured. [ 290.993584][ T8366] netlink: 8 bytes leftover after parsing attributes in process `syz.2.483'. [ 291.319868][ T8368] zswap: compressor 000 not available [ 294.210204][ T8390] kexec: Could not allocate control_code_buffer [ 296.083863][ T8431] [U] 0="/ [ 296.112732][ T8431] [U] [ 296.121573][ T8431] [U] EeQ@ [ 296.349261][ T8431] [U]  [ 303.204034][ T8536] netlink: 25 bytes leftover after parsing attributes in process `syz.2.512'. [ 303.394704][ T8543] vivid-007: ================= START STATUS ================= [ 303.415334][ T8543] vivid-007: Generate PTS: true [ 303.444157][ T8543] vivid-007: Generate SCR: true [ 303.465458][ T8543] tpg source WxH: 320x240 (Y'CbCr) [ 303.472583][ T8543] tpg field: 1 [ 303.478091][ T8543] tpg crop: (0,0)/320x240 [ 303.491120][ T8543] tpg compose: (0,0)/320x240 [ 303.556445][ T8543] tpg colorspace: 8 [ 303.584766][ T8543] tpg transfer function: 0/0 [ 303.613727][ T8543] tpg Y'CbCr encoding: 0/0 [ 303.624414][ T8543] tpg quantization: 0/0 [ 303.643138][ T8543] tpg RGB range: 0/2 [ 303.653254][ T8543] vivid-007: ================== END STATUS ================== [ 306.428081][ T8560] Process accounting resumed [ 306.637589][ T29] audit: type=1800 audit(1782865381.513:9): pid=8585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.522" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 307.754767][ T8588] FAULT_INJECTION: forcing a failure. [ 307.754767][ T8588] name failslab, interval 1, probability 0, space 0, times 0 [ 307.813728][ T8588] CPU: 0 UID: 0 PID: 8588 Comm: syz.3.524 Tainted: G L syzkaller #0 PREEMPT(full) [ 307.813753][ T8588] Tainted: [L]=SOFTLOCKUP [ 307.813758][ T8588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 307.813767][ T8588] Call Trace: [ 307.813773][ T8588] [ 307.813780][ T8588] dump_stack_lvl+0x100/0x190 [ 307.813804][ T8588] should_fail_ex.cold+0x5/0xa [ 307.813825][ T8588] should_failslab+0xc2/0x120 [ 307.813847][ T8588] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 307.813867][ T8588] ? __lock_acquire+0x49f/0x1a40 [ 307.813883][ T8588] ? __d_alloc+0x35/0xa50 [ 307.813902][ T8588] __d_alloc+0x35/0xa50 [ 307.813916][ T8588] ? do_raw_spin_lock+0x128/0x260 [ 307.813934][ T8588] d_alloc+0x4a/0x1e0 [ 307.813951][ T8588] d_alloc_name+0x83/0xb0 [ 307.813967][ T8588] ? __pfx_d_alloc_name+0x10/0x10 [ 307.813983][ T8588] ? fast_dput+0x168/0x6d0 [ 307.814001][ T8588] ? dput.part.0+0x4f/0x240 [ 307.814021][ T8588] simple_fill_super+0x4c3/0x680 [ 307.814039][ T8588] ? __pfx_nfsd_fill_super+0x10/0x10 [ 307.814061][ T8588] nfsd_fill_super+0x98/0x560 [ 307.814083][ T8588] ? __pfx_nfsd_fill_super+0x10/0x10 [ 307.814103][ T8588] get_tree_keyed+0x10e/0x1d0 [ 307.814127][ T8588] vfs_get_tree+0x92/0x320 [ 307.814148][ T8588] path_mount+0x7d0/0x23d0 [ 307.814169][ T8588] ? __pfx_path_mount+0x10/0x10 [ 307.814185][ T8588] ? lockdep_hardirqs_on+0x78/0x100 [ 307.814209][ T8588] ? putname+0xb1/0x110 [ 307.814224][ T8588] ? kmem_cache_free+0x127/0x6b0 [ 307.814245][ T8588] ? __x64_sys_mount+0x293/0x310 [ 307.814262][ T8588] __x64_sys_mount+0x293/0x310 [ 307.814280][ T8588] ? __pfx___x64_sys_mount+0x10/0x10 [ 307.814304][ T8588] do_syscall_64+0x115/0x840 [ 307.814316][ T8588] ? clear_bhb_loop+0x40/0x90 [ 307.814334][ T8588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.814349][ T8588] RIP: 0033:0x7f4e2699de59 [ 307.814370][ T8588] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 307.814385][ T8588] RSP: 002b:00007f4e2788b028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 307.814400][ T8588] RAX: ffffffffffffffda RBX: 00007f4e26c25fa0 RCX: 00007f4e2699de59 [ 307.814410][ T8588] RDX: 0000200000000100 RSI: 00002000000000c0 RDI: 0000000000000000 [ 307.814419][ T8588] RBP: 00007f4e26a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 307.814429][ T8588] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 307.814438][ T8588] R13: 00007f4e26c26038 R14: 00007f4e26c25fa0 R15: 00007ffe9e44cd98 [ 307.814471][ T8588] [ 311.664133][ T8639] futex_wake_op: syz.3.534 tries to shift op by -2048; fix this program [ 311.710486][ T8639] 0x000000000001-0x000000020000 : "" [ 311.767995][ T8639] ftl_cs: FTL header corrupt! [ 312.137468][ T5636] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 312.459836][ T8654] can0: slcan on pty155. [ 312.575542][ T8654] can0 (unregistered): slcan off pty155. [ 316.217660][ T8695] Process accounting resumed [ 316.843956][ T8743] sg_write: data in/out 124/2 bytes for SCSI command 0x61-- guessing data in; [ 316.843956][ T8743] program syz.2.552 not setting count and/or reply_len properly [ 316.856447][ T8751] netlink: 504 bytes leftover after parsing attributes in process `syz.1.553'. [ 316.878105][ T8751] netlink: 350 bytes leftover after parsing attributes in process `syz.1.553'. [ 317.278891][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.287585][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.333248][ T8773] netlink: 4 bytes leftover after parsing attributes in process `syz.1.557'. [ 318.374016][ T8773] netlink: 354 bytes leftover after parsing attributes in process `syz.1.557'. [ 319.359766][ T8791] syz.0.562 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 320.177482][ T8801] net_ratelimit: 47 callbacks suppressed [ 320.177508][ T8801] wlan1: mtu less than device minimum [ 322.147988][ T8839] ================================================================== [ 322.148010][ T8839] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 322.148058][ T8839] Write of size 8 at addr ffffc900049110a0 by task syz.3.569/8839 [ 322.148083][ T8839] [ 322.148099][ T8839] CPU: 0 UID: 0 PID: 8839 Comm: syz.3.569 Tainted: G L syzkaller #0 PREEMPT(full) [ 322.148140][ T8839] Tainted: [L]=SOFTLOCKUP [ 322.148150][ T8839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 322.148168][ T8839] Call Trace: [ 322.148177][ T8839] [ 322.148188][ T8839] dump_stack_lvl+0x100/0x190 [ 322.148225][ T8839] print_report+0x13d/0x4b0 [ 322.148266][ T8839] ? _raw_spin_lock_irqsave+0x52/0x60 [ 322.148310][ T8839] ? sys_imageblit+0x19fb/0x1d60 [ 322.148343][ T8839] kasan_report+0xdf/0x1c0 [ 322.148384][ T8839] ? sys_imageblit+0x19fb/0x1d60 [ 322.148431][ T8839] sys_imageblit+0x19fb/0x1d60 [ 322.148470][ T8839] ? __pfx_sys_imageblit+0x10/0x10 [ 322.148507][ T8839] ? prb_read_valid+0x78/0xa0 [ 322.148537][ T8839] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 322.148585][ T8839] soft_cursor+0x524/0xa10 [ 322.148616][ T8839] ? __pfx___probestub_notifier_run+0x10/0x10 [ 322.148656][ T8839] ? fb_get_color_depth+0x120/0x250 [ 322.148700][ T8839] bit_cursor+0xca1/0x1490 [ 322.148732][ T8839] ? __pfx_bit_cursor+0x10/0x10 [ 322.148765][ T8839] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 322.148805][ T8839] ? get_color+0x1da/0x450 [ 322.148844][ T8839] ? __pfx_bit_cursor+0x10/0x10 [ 322.148878][ T8839] fbcon_cursor+0x43c/0x5e0 [ 322.148917][ T8839] ? add_softcursor+0x1a0/0x290 [ 322.148950][ T8839] set_cursor+0x1db/0x250 [ 322.148979][ T8839] con_write+0x89/0xb0 [ 322.149014][ T8839] n_tty_write+0x431/0x1160 [ 322.149064][ T8839] ? __pfx_n_tty_write+0x10/0x10 [ 322.149105][ T8839] ? __kasan_kmalloc+0xaa/0xb0 [ 322.149140][ T8839] ? __pfx_woken_wake_function+0x10/0x10 [ 322.149173][ T8839] ? rcu_is_watching+0x12/0xc0 [ 322.149206][ T8839] ? file_tty_write.isra.0+0x694/0x890 [ 322.149241][ T8839] ? kfree+0x1e5/0x6c0 [ 322.149267][ T8839] ? __pfx_n_tty_write+0x10/0x10 [ 322.149310][ T8839] file_tty_write.isra.0+0x4d2/0x890 [ 322.149351][ T8839] redirected_tty_write+0xd4/0x120 [ 322.149388][ T8839] vfs_write+0x6ac/0x1050 [ 322.149420][ T8839] ? __pfx_redirected_tty_write+0x10/0x10 [ 322.149459][ T8839] ? __pfx_vfs_write+0x10/0x10 [ 322.149485][ T8839] ? find_held_lock+0x2b/0x80 [ 322.149531][ T8839] ksys_write+0x12a/0x250 [ 322.149557][ T8839] ? __pfx_ksys_write+0x10/0x10 [ 322.149589][ T8839] do_syscall_64+0x115/0x840 [ 322.149614][ T8839] ? clear_bhb_loop+0x40/0x90 [ 322.149647][ T8839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.149677][ T8839] RIP: 0033:0x7f4e2699de59 [ 322.149700][ T8839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 322.149728][ T8839] RSP: 002b:00007f4e27849028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 322.149756][ T8839] RAX: ffffffffffffffda RBX: 00007f4e26c26180 RCX: 00007f4e2699de59 [ 322.149776][ T8839] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000008 [ 322.149795][ T8839] RBP: 00007f4e26a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 322.149813][ T8839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.149830][ T8839] R13: 00007f4e26c26218 R14: 00007f4e26c26180 R15: 00007ffe9e44cd98 [ 322.149858][ T8839] [ 322.149868][ T8839] [ 322.149876][ T8839] The buggy address belongs to a 1024-page vmalloc region starting at 0xffffc90004912000 allocated at kcov_ioctl+0x4d/0x750 [ 322.149934][ T8839] Memory state around the buggy address: [ 322.149948][ T8839] ffffc90004910f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 322.149976][ T8839] ffffc90004911000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 322.149996][ T8839] >ffffc90004911080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 322.150012][ T8839] ^ [ 322.150027][ T8839] ffffc90004911100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 322.150047][ T8839] ffffc90004911180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 322.150063][ T8839] ================================================================== [ 322.177970][ T8839] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 322.178000][ T8839] CPU: 0 UID: 0 PID: 8839 Comm: syz.3.569 Tainted: G L syzkaller #0 PREEMPT(full) [ 322.178045][ T8839] Tainted: [L]=SOFTLOCKUP [ 322.178056][ T8839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 322.178074][ T8839] Call Trace: [ 322.178084][ T8839] [ 322.178094][ T8839] dump_stack_lvl+0x100/0x190 [ 322.178134][ T8839] vpanic+0x552/0x970 [ 322.178162][ T8839] ? __pfx_vpanic+0x10/0x10 [ 322.178194][ T8839] ? sys_imageblit+0x19fb/0x1d60 [ 322.178230][ T8839] panic+0xd1/0xe0 [ 322.178256][ T8839] ? __pfx_panic+0x10/0x10 [ 322.178284][ T8839] ? sys_imageblit+0x19fb/0x1d60 [ 322.178318][ T8839] ? preempt_schedule_common+0x42/0xc0 [ 322.178366][ T8839] check_panic_on_warn.cold+0x19/0x34 [ 322.178397][ T8839] end_report.part.0+0x3a/0x90 [ 322.178446][ T8839] kasan_report.cold+0xe/0x18 [ 322.178489][ T8839] ? sys_imageblit+0x19fb/0x1d60 [ 322.178528][ T8839] sys_imageblit+0x19fb/0x1d60 [ 322.178568][ T8839] ? __pfx_sys_imageblit+0x10/0x10 [ 322.178606][ T8839] ? prb_read_valid+0x78/0xa0 [ 322.178637][ T8839] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 322.178686][ T8839] soft_cursor+0x524/0xa10 [ 322.178718][ T8839] ? __pfx___probestub_notifier_run+0x10/0x10 [ 322.178759][ T8839] ? fb_get_color_depth+0x120/0x250 [ 322.178804][ T8839] bit_cursor+0xca1/0x1490 [ 322.178837][ T8839] ? __pfx_bit_cursor+0x10/0x10 [ 322.178870][ T8839] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 322.178913][ T8839] ? get_color+0x1da/0x450 [ 322.178954][ T8839] ? __pfx_bit_cursor+0x10/0x10 [ 322.178981][ T8839] fbcon_cursor+0x43c/0x5e0 [ 322.179021][ T8839] ? add_softcursor+0x1a0/0x290 [ 322.179055][ T8839] set_cursor+0x1db/0x250 [ 322.179084][ T8839] con_write+0x89/0xb0 [ 322.179121][ T8839] n_tty_write+0x431/0x1160 [ 322.179171][ T8839] ? __pfx_n_tty_write+0x10/0x10 [ 322.179212][ T8839] ? __kasan_kmalloc+0xaa/0xb0 [ 322.179248][ T8839] ? __pfx_woken_wake_function+0x10/0x10 [ 322.179282][ T8839] ? rcu_is_watching+0x12/0xc0 [ 322.179319][ T8839] ? file_tty_write.isra.0+0x694/0x890 [ 322.179355][ T8839] ? kfree+0x1e5/0x6c0 [ 322.179382][ T8839] ? __pfx_n_tty_write+0x10/0x10 [ 322.179453][ T8839] file_tty_write.isra.0+0x4d2/0x890 [ 322.179495][ T8839] redirected_tty_write+0xd4/0x120 [ 322.179532][ T8839] vfs_write+0x6ac/0x1050 [ 322.179559][ T8839] ? __pfx_redirected_tty_write+0x10/0x10 [ 322.179598][ T8839] ? __pfx_vfs_write+0x10/0x10 [ 322.179623][ T8839] ? find_held_lock+0x2b/0x80 [ 322.179671][ T8839] ksys_write+0x12a/0x250 [ 322.179698][ T8839] ? __pfx_ksys_write+0x10/0x10 [ 322.179729][ T8839] do_syscall_64+0x115/0x840 [ 322.179756][ T8839] ? clear_bhb_loop+0x40/0x90 [ 322.179789][ T8839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.179820][ T8839] RIP: 0033:0x7f4e2699de59 [ 322.179844][ T8839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 322.179871][ T8839] RSP: 002b:00007f4e27849028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 322.179899][ T8839] RAX: ffffffffffffffda RBX: 00007f4e26c26180 RCX: 00007f4e2699de59 [ 322.179919][ T8839] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000008 [ 322.179938][ T8839] RBP: 00007f4e26a33e6f R08: 0000000000000000 R09: 0000000000000000 [ 322.179955][ T8839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.179973][ T8839] R13: 00007f4e26c26218 R14: 00007f4e26c26180 R15: 00007ffe9e44cd98 [ 322.180002][ T8839] [ 322.180193][ T8839] Kernel Offset: disabled