last executing test programs: 8.456053655s ago: executing program 0 (id=442): syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000680), 0xffffffffffffffff) ioctl$auto_TIOCGDEV2(0xffffffffffffffff, 0x80045432, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu0/trace\x00', 0x1a6b75d638828712, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x0, 0x10000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, 0x0, 0x0) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x4040) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r1, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) socket(0x15, 0x5, 0x0) prctl$auto(0x0, 0x2, 0x4, 0x5, 0x7) 6.656835695s ago: executing program 2 (id=446): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) fremovexattr$auto(r1, &(0x7f0000000000)='system.posix_acl_access\x00') mmap$auto(0xea88, 0x810004, 0xd, 0x10, 0x3, 0x8000) unshare$auto(0x40000080) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) socket(0xa, 0x1, 0x84) landlock_restrict_self$auto(0xffffffffffffffff, 0x3) write$auto(0xffffffffffffffff, 0x0, 0x81) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsmount$auto(0x4, 0x0, 0x11) close_range$auto(0x0, 0x5, 0x0) lstat$auto(0x0, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r3, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r4, 0x8000) keyctl$auto_KEYCTL_INSTANTIATE_IOV(0x14, 0x80, 0x1, 0x31, 0x0) 5.405864233s ago: executing program 0 (id=449): r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) process_madvise$auto_MADV_PAGEOUT(r0, &(0x7f0000000180)={0x0, 0x3}, 0x1, 0x15, 0x5) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) select$auto(0x1, 0x0, &(0x7f0000000400)={[0x8, 0x200000000005, 0x7, 0x7, 0x0, 0x80000004, 0xc, 0x6, 0x8fc, 0x380, 0x2e74c, 0x4009, 0x1, 0xfffffffffffff954, 0xfffffffffffffff8, 0xfff]}, 0x0, &(0x7f0000000080)={0x800000000041ff, 0x401}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) rt_sigqueueinfo$auto(0x0, 0xb, &(0x7f00000001c0)={@siginfo_0_0={0x3, 0x401, 0xfffffffb, @_timer={0x0, 0xd, @sival_ptr=0x0, 0x62}}}) shmctl$auto_SHM_INFO(0x441, 0xe, &(0x7f0000000580)={{0x81, 0xee00, 0xee01, 0x8, 0x772, 0x6, 0x7fff}, 0xb, 0x4, 0x3, 0x0, @inferred, @inferred=0x0, 0x3ff, 0x0, 0x0, &(0x7f00000004c0)="2fc8ec3b1468265c4d230b25ebc89115c4efae75230b1de490bc7897d37d7a1c3c39fe3be11419266953b809bf5619f929538a17aa86d6779bd142b91739a9528eedb4bfbaed59f984abb5d681bed5e21213f4f20782afc9d71aa1a35c373fc6c384c7599f93412ce046179e688e30922f7764b845bba984858c060aef97391b1b52dcc19b9db17482ce93514cf0d7191d249f1a32725230ead457a3d4427dee9bcdd837dc1d72cf91712f7f03767d1f612628f1"}) sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000002c80)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000002c40)={&(0x7f0000000e00)={0x428, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x4}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @NL80211_ATTR_MAC_ADDRS={0x400, 0xa6, 0x0, 0x1, [@typed={0x8, 0xa, 0x0, 0x0, @pid=r3}, @nested={0xe, 0xb2, 0x0, 0x1, [@generic="226aa139a6fc2f572338"]}, @nested={0x109, 0xb2, 0x0, 0x1, [@nested={0x4, 0x155}, @typed={0x8, 0x5b, 0x0, 0x0, @ipv4=@local}, @typed={0x8, 0xe8, 0x0, 0x0, @ipv4=@remote}, @generic="880a7e1fa0a565908a7aec43e93b5c8e2f8e531b49b8677dbca6ccf44f7f035855df19e74b2201eb593700c85a1b2ec5f3ae03b5cc759c3b5fc5ebfcc513611a", @generic="772630d4ea854e455474743737a4bce043ff0462edaa6dcd2b97368425078254d0c23448804a4839df804fcf74a132cb71e67839122bc34ad5e802beb6ec38c4326dfa5ae52aa5363fb81bfcb842e87bbf5cbeb70645e2b9c77d6359aefd99dbb64c8a72086c5da7f9ec059fea8f931adfc79335d8f06ba3844b0abcd5fb8092b59839948b9f0a67491b91de2c210dfa2139cbe2a6a1883133785d2c94ca76ec33626c7fc7ee6e62f870860202e73f84be"]}, @nested={0x298, 0x6c, 0x0, 0x1, [@generic="530e1fcb9ef98cc086abf036125a7555193daf3d509f4366a52aa1816f7be58444afa274e3cf6d260fb589954f1dc7046ff6b40e8d12a18614002a3abea776629c100f3eda6e010b8652b8180869e5b0406515364b224d7f734cb34e009aa829", @typed={0xc, 0xff, 0x0, 0x0, @u64=0x71}, @typed={0xdf, 0xc3, 0x0, 0x0, @binary="a759a2e14fb2d9878c930aa1c8f5642798753f84aa0ed2f244ce0470564143f4357aa8a3b387d6852f86e936e3c26beaa593016d322fc7d0009d238d329f761b8b776d8cee0c858806e26b94a81fc952b75306757b60de6194fb7786c97da85615680a7113d780071c3b49ce468f0e080909d8efb1ef699d8e8068d093cccbbcead5b6b31436e1948969cee8bf3a393a634943d9f6a55a1245f74c9eee2768cb1e4bbe74396da26574807beae287bfd39c3a634594d63018dcaa73166afdccc8e94b2f9fc75af3c8507fed0dd17f270b0296a34ff0f16da04289cc"}, @generic="4ada5e9172d6c1428255d9a3e9c4c983e9302fc7fe718b1f0f4b97565e82e161f22f3f56d516c98a0e4746e388e17eda5d1e43e2aa9858d74d8b107649a74af5737a4a131bf9664af0eacba808812b63883b93e3d3922554e0e41b4c63a288b52a08c10ddbad1db21378e1597335f4db933bca1eb52e43b6fc0b8f238e7153cca9492b2d0c646e55c0e7723ed5fa6dcfc676322909677db3d35730e355d2f8bfd2ccc83d1b6c8c9d571f509cd2ea8d873b31adcf0a9d3fdb5bcc060abf5711af7d23406cd76ead381b01e38e9230eab811cc2bb8a3705e51c8e7dc0f07", @typed={0x8, 0x82, 0x0, 0x0, @fd=r2}, @typed={0xc, 0x4b, 0x0, 0x0, @u64=0x780000}, @generic="f165d53c0e6999814214da53dae1b9d0129fffe862c9975504dea76b40e685403e06d8df8d2b959e4f6f67ecc6113394548c213916098193f932897b27045304781e5ae12a52c293da147ad9a969c882f7a271", @typed={0x4, 0x5d}]}, @typed={0x40, 0x104, 0x0, 0x0, @binary="bad6c19ed38487b60ac80b2ef33affffa83d59303db382c930e7786a29b9008f97049c093af34e40788cc03ffef704eb6c29c1e452ef13ee7505f4c8"}]}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x7}]}, 0x428}, 0x1, 0x0, 0x0, 0x8080}, 0x80) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) set_mempolicy$auto(0x6, 0x0, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/platform/drivers/temperature-sensor/unbind\x00', 0x6544c0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0xe01, 0x0) setresgid$auto(0xffffffffffffffff, 0xee00, 0x0) fadvise64$auto(r1, 0x8000000000000001, 0x6, 0xffffffff) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="13000000", @ANYRES16=0x0, @ANYBLOB="2586f2bd7000fedbdf2504000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080) r5 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f0000000400)={0x0, 0x25, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(r5, &(0x7f0000000080)={{0x0, 0x8001c01, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x1}, 0x7}, 0x3d55, 0x0) read$auto(r4, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2T\xc0\x1d\xa4\x10r\xc4\xa2\xb1y\t\x05\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xed\rW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1', 0x100000001) 4.876342068s ago: executing program 1 (id=450): mmap$auto(0x0, 0x402000a, 0xffffffffffffffff, 0x400eb1, 0x401, 0x8000) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, &(0x7f0000000040)={0x0, 0x318f, 0x4, 0x0, 0xff, "50cfeeca8e00"}) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x80000002, 0x1d, 0x3000, 0xfffffff8, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x6, 0x29c, 0x1, 0x7f, 0x0, 0x6, 0x1}, {0x10100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) socket(0xa, 0x1, 0x7) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0x5}, 0x800000, 0x80000000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x20, 0x400108, 0x3, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000140), 0x8001, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@task_fd_query={0x0, r0, 0x2, 0x8, 0x6, 0x420, r0, 0xfffffffffffffffc, 0xa9}, 0x7) close_range$auto(0x2, 0xa, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0xd}, 0x2}, 0x3, 0x0) mmap$auto(0x0, 0x9, 0x3ff57697, 0x9b72, 0x2, 0x8000000000008000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) r1 = io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, r1, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(0x3, 0x0, 0x1, 0x3, 0x0, 0x2) io_uring_enter$auto(0x3, 0x1, 0x2688, 0x5, 0x0, 0x7) ioctl$auto_NS_GET_TGID_FROM_PIDNS(0xffffffffffffffff, 0x8004b707, &(0x7f0000000000)=0x5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) 4.743605788s ago: executing program 3 (id=451): madvise$auto(0x2, 0x200, 0x6) socket(0xa, 0x801, 0x106) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x200000000eb1, 0x401, 0x8000) (async, rerun: 32) get_robust_list$auto(0x0, 0x0, &(0x7f0000000240)=0x101) (async, rerun: 32) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x1, 0x1ff) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) (async, rerun: 64) close_range$auto(0x2, 0x8, 0x0) (rerun: 64) socket(0x23, 0x2, 0x4) (async) socket(0x10, 0x3, 0x6) (async, rerun: 64) close_range$auto(0x2, 0x8, 0x0) (rerun: 64) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) (async) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x2c402, 0x0) (async) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) mknod$auto(0x0, 0xc9, 0xfffffffa) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) write$auto(0x3, 0x0, 0x100082) sendfile$auto(r1, r0, 0x0, 0x10000) mremap$auto(0x1ff000, 0x100008, 0x843, 0x3, 0xfffff000) (async) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) socket(0x2, 0x80002, 0x73) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) sendmsg$auto_L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x24004001) bind$auto(0x3, &(0x7f0000000040), 0x69) (async) connect$auto(0x3, &(0x7f0000000140), 0x55) (async, rerun: 64) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) (rerun: 64) 4.541974515s ago: executing program 2 (id=452): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/nfc/nfc1/rfkill1/soft\x00', 0xa3182, 0x0) socket(0xa, 0x2, 0x3a) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) io_setup$auto(0x1, 0x0) io_uring_setup$auto(0x401, 0x0) mlockall$auto(0x7) r0 = io_uring_setup$auto(0x9, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) unshare$auto(0x40000080) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x10000, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex, r2, 0x8000, 0x2, 0xffffffffffffffff, @relative_id=0x13, 0x6}, 0xf) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r3 = fanotify_init$auto(0x200, 0x1) fanotify_mark$auto(r3, 0x55, 0x3f8, r3, 0x0) r4 = socket(0x10, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8947, &(0x7f0000000000)={'vlan1\x00'}) splice$auto(r4, 0x0, r5, 0x0, 0x101, 0x2) read$auto_drm_connector_fops_drm_debugfs(0xffffffffffffffff, &(0x7f0000000180)=""/4096, 0x1000) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000780)='/proc/mtrr\x00', 0x441, 0x0) r7 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r7, &(0x7f0000000640)='MJC8\r21\xc5_\v\xd6o\xb6z%\x82\x8dd54_HWS2M\x00\xcb\x0fX\xc7\xfdx!\xf7\xb5T\x04\xad\x96\xf4\xbc\xb4\xa52\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x007\xc9\xa6\x8a\xdf\x1d\xf6\xd2\x92U+Dc\xc4\xb5\x0e\xe7\x10 \xa4A\xc6\xcd-\xec\xf8=\xb0\x0f\xb6z\xc8\xc2A\xb9+\x1c-\x9a|+tx\\Q2\"\xf9\xa6\x9d\xddxZ4[\xb6I$\xbb\x8aZ\x8f\xc5\x87/y\xb7r\x95\xbc\x00L`\xb17\t/\x9e\xc3Y\xe7\x921\x02N\xa0haI\x85\xbf', 0x8) write$auto(r6, &(0x7f0000000080)='\t\x00\\\x00\x00\x00\x00\x00\x95?\xf2\xa6\xa0.__t_event_not\x00', 0x9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xf) write$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, &(0x7f0000000740)="9729facfa507ec17e671250eb63e3b4643a15185858e1926aa9714b851b846a2d1da2df5da43982b9c23e01b488f3d0386c1568864c51e67d549333f7ded20c817a63fa0b76c502e681f3f188908bb69fd2c6abc82dab8d5178580fe430e8d4dcf164474f52dbaad3cb0", 0x6a) 4.322837775s ago: executing program 1 (id=453): r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x143080, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x541b, 0x7f) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mbind$auto(0x2000, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r1, 0x0, 0x0) write$auto(r0, &(0x7f0000000000)='/proc/self/smaps_rollup\x00', 0x7) 4.125412777s ago: executing program 0 (id=454): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x202, 0x0) mmap$auto(0x40000, 0x2000c, 0xde, 0x20eb1, 0xffffffffffffffff, 0x8001) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x7, 0x4020009, 0xdf, 0x4000000eb1, 0x401, 0x8000) (async) mmap$auto(0x7, 0x4020009, 0xdf, 0x4000000eb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x47, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) (async) capget$auto(0x0, 0xfffffffffffffffe) r0 = socket(0x2, 0x801, 0x106) listen$auto(r0, 0xf52b) getsockopt$auto(r0, 0x11c, 0x2, 0x0, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/cuse\x00', 0x41c100, 0x0) (async) r1 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/cuse\x00', 0x41c100, 0x0) syz_clone(0x80000000, &(0x7f0000000200), 0x0, &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380)="1550840a18495b0a7840b96f2f6193c89e3d64833e4a9ea6b93bf6ce876dd670ea440f84ada784bf0aaa27253012946117f2233bdc6c551c9060c1212d8a867c893d64e1287cf06e5ef4cec38d3dab6c9920eec4531a64a2c3c611afc9f2534dc11b7cae36ff317f90bda3737ee49034104c6e05514fcc0c97018b5da9e4b2de4cafd2f9902787bcd53a60311ccf994e41e59ba07150ecf7ad49cf3dfaa100dea16298f6f280fa161ceca3190268d2") (async) syz_clone(0x80000000, &(0x7f0000000200), 0x0, &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380)="1550840a18495b0a7840b96f2f6193c89e3d64833e4a9ea6b93bf6ce876dd670ea440f84ada784bf0aaa27253012946117f2233bdc6c551c9060c1212d8a867c893d64e1287cf06e5ef4cec38d3dab6c9920eec4531a64a2c3c611afc9f2534dc11b7cae36ff317f90bda3737ee49034104c6e05514fcc0c97018b5da9e4b2de4cafd2f9902787bcd53a60311ccf994e41e59ba07150ecf7ad49cf3dfaa100dea16298f6f280fa161ceca3190268d2") preadv$auto(r1, &(0x7f0000000000)={0x0, 0x2}, 0x6, 0xa, 0x3) (async) preadv$auto(r1, &(0x7f0000000000)={0x0, 0x2}, 0x6, 0xa, 0x3) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r2, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 3.452874768s ago: executing program 0 (id=455): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x6, r0, 0x40000000001, 0x7ff) ptrace$auto(0xc, r0, 0x9, 0xfffffffffffff6de) (async) ptrace$auto(0xc, r0, 0x9, 0xfffffffffffff6de) unshare$auto(0x40000080) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000180)="00040000dc77653c41802441834da0fb701609f4a70b2c499f455372d879f02d9ddb0239046f08066c36afd8dc2372b18281e35ca05f092d50f348400900b37f0fc15f463d231a0900000000000000190e42d04387127c5898dadfcddf8ebcc7e8072068cb3db0f6088bbd406c058317b468f5a51a") (async) ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000180)="00040000dc77653c41802441834da0fb701609f4a70b2c499f455372d879f02d9ddb0239046f08066c36afd8dc2372b18281e35ca05f092d50f348400900b37f0fc15f463d231a0900000000000000190e42d04387127c5898dadfcddf8ebcc7e8072068cb3db0f6088bbd406c058317b468f5a51a") unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyac\x00', 0x402c82, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x80041, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioperm$auto(0xaf, 0xe, 0x991b) (async) ioperm$auto(0xaf, 0xe, 0x991b) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x10442, 0x0) memfd_create$auto(&(0x7f0000000040)='IPVS\x00', 0x7) (async) memfd_create$auto(&(0x7f0000000040)='IPVS\x00', 0x7) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) (async) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x0, 0x0) r2 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r2, 0x40186f40, 0x0) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) (async) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0xfc2, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0xfffffffb, 0x4008) read$auto(0xffffffffffffffff, 0x0, 0x9) 3.452427794s ago: executing program 3 (id=456): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) bpf$auto(0x0, 0x0, 0x92) futex_requeue$auto(&(0x7f0000000040)={0xb, 0x6, 0x2, 0x2000000}, 0x0, 0xf, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) ioctl$auto_TIOCGDEV2(0xffffffffffffffff, 0x80045432, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) (async) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x0, 0x10000) (async) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x0, 0x10000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, 0x0, 0x1000) (async) io_uring_register$auto(0x2, 0x0, 0x0, 0x1000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, 0x0, 0x0) (async) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, 0x0, 0x0) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x4040) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r1, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x567443, 0x0) socket(0x15, 0x5, 0x0) 3.193063472s ago: executing program 2 (id=457): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0xa, 0xd, 0x2, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x416, 0xb, 0x2de, 0x504, 0x1, 0x101, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) bpf$auto_BPF_LINK_UPDATE(0x1d, &(0x7f0000000300)=@prog_bind_map={0xffffffffffffffff, 0xffffffffffffffff, 0x6}, 0x80) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0) read$auto(r0, &(0x7f0000000100)='/sys/devices/~latform/vhci_hc$.7/usb23\x1823-0:1.p\f\xdd\xb4\n-&\x8fV\x1e\x9f\xe7@\xe7\xdc0/~\xda=\xd7\xc3\x10\x8c\x90l\xb0\xbc\x87N\a\x00\x00\x00\x00\x00\x00\a\x0fvero\xb5\x90<\xa8\xd3<\x01\xd8\x00\x00\xddk\xbbu\x917\xe7\xd9\xb8\x84\xac\x96\xdd\x1d\xb8\xecvyV\xf2\x83\xbe\x89\x05\xf6\x83\xc1\xcc\x87\a\r\x89,<\x04\xec\xc5\xe2\\\xb7\xc9\xfb\xd2\x17\x12\xfd\x03>a\x06\x89\xc0sp\x9e\xc8ZO\x16s\xef4wJP\xf9\xa2\x01+\xb7A}\xe3<\x12D\xaf\x83\xdf\x85\xadg_\xc7L\xa6\xbe\x1f\xc5\xa1\x9b\xd2\x16\xad\xa3z\'\x065\x9c\fC\xf2\xe2a/\xab\xa1\xf9\xa3\x04\x1e$\\\xa9\xe9i\xc5\xfc\x8dC\xae\x10G7\xc37B\x96\x13\x8bTP\xe6\x9cAV\x01\x9e\x8fTH\xf6\b\xceqs\x9d6`*\xd2\x03\xc6\xc1', 0x6864a34) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x80100, 0x0) r2 = setfsuid$auto(0xee00) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2b, 0x1, 0x0) sysfs$auto(0x2, 0xd, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x8, 0x0, 0x0, 0x0) fsmount$auto(0x4, 0x40, 0x3) r4 = setfsuid$auto(r2) setresuid$auto(r2, r4, r2) ioctl$auto(r1, 0x401070c9, 0x5) r5 = socket(0x18, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x80047437, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/ip6gre0/netdev_group\x00', 0x102, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, r6, 0x0) 2.639030612s ago: executing program 3 (id=458): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) socket(0x2, 0x2, 0x0) (async) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000) (async) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xffffeffe, 0x2) pipe$auto(0x0) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket(0x2, 0x801, 0x106) pidfd_open$auto(r0, 0x0) (async) pidfd_getfd$auto(0x3, 0x1, 0x100000000) (async) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000140)='ns/user\x00') recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/dummy0/flags\x00', 0x2c62, 0x0) write$auto(r1, &(0x7f0000000580)='0\x00\xa6\xcc\r\x91QU\x9d\x15\x84\xab`\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04\x7f\x00\x00\x00\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18K\xb0D\x91OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfdFq\xe7\x03\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10)kcsZ^3H\xf1\xdf\x96\xfd)\xf3\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xaeO\x03\x91p6\xa0\xb9g.\xde\xd4`\xfa\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb\x88\xd8\'\xe4\xf8\xe9f{\xf7gl\r\xdf\xc8n)J\xa2\xfa\x03\xbe%\xf6\xd1\xfb\xbcg\"\a\x03\xdef\x10K\xa1\x80z\xd1Z{\xb0\x91\ft\xf5\xaf:\xc9\x02~`\x11\x15\xa3\xd9y\xb3)~\xb6\xaaB\x16O\x1c\xdeY2\x8f*R\xf6\xb5m\xc6\x91+\x14\x04\xf7*9\x9e\x04\xe3\x03\b\x02kud\xf8j\x95I.\x04\\\x80S\xa5\n\x14\x05\x12\n^\xc9|\xf8.>\x8b\xb1y\xe7\x96\x9asW\x10}(\x9c\xc9\x84\xec\xf68\xb7\xd7\xec\xc9F\xe1v\x9aD\t\xc6f\ay\xafX\x96\xcc\xa8\xae\xcb\xac\xd5\xd4\xee1\"L\xacC\t\x81\x8b3\xc6\x1e\xbbwlK\xd2\x9e\xc8\xde\xed\xb6\xbeX\xe4`s\xec\xec]\xb3\xfa\xd8\x86\x1bP\xa3\xc4\xb4\x84\xd2\x94Z\xbeA\x1f,a\a\xf7\x7f\x12\xa9E\xfb\xcd\xa2@\x83<\xe0\xaf\xc5\'\xcf\xa3\xf2KD\x80\x8c\xac\xb1\xd6\r\xf4+\x9cSx\xa3\xf3mE\xbbD\xd3\x1bK\xdc\xc7\x9c\xa6M3\x1f\xac{\xc1\x036\xd16\b\x00\xa7\xc9&\x92\x0e~\x05LM \xb8\xf6.,\xf8\xa8\a\xa5)\x91\xc4\xe9P\xa6\xda\xef\xe1\xbdu\xa2\xb7\xa3\x0eZ\xdf\xaf\x87\xa10\xa0\xc8\xa4\xa0O\x96\xeb\xb9\x10\xf3]\\8\v\xcc\x16\xca\xadm\xd3\xcc\xa4\\\x192\xc6\xb1i/\x90$\x05Y>soi)\x12\x05@\a\xe9c\x17\x818\x1e\x8fn\\)\x1a\x96\xc0\xf6\xa4\xf1]\xfe\xa7\x1e\x02\xd3\x1f\x97MT\xd5g\x1e\x04sD\x92+', 0x9) getsockopt$auto_SO_INCOMING_NAPI_ID(r1, 0xffffffff, 0x38, &(0x7f0000000040)='TIPCv2\x00', &(0x7f00000000c0)=0x81) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000000), r2) sendmsg$auto_TIPC_NL_LINK_RESET_STATS(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000003200)={0x14, r3, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x20000014) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) 2.615139684s ago: executing program 1 (id=459): r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x143080, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x541b, 0x7f) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mbind$auto(0x2000, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r1, 0x0, 0x0) write$auto(r0, &(0x7f0000000000)='/proc/self/smaps_rollup\x00', 0x7) 2.550368268s ago: executing program 2 (id=460): openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, 0x0, 0x19c0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) move_pages$auto(0x0, 0x5, &(0x7f0000000380)=&(0x7f0000001180), &(0x7f00000003c0)=0x1, 0x0, 0x2) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) socket(0x2c, 0x3, 0x10000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x202000d, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) r1 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon37\x00', 0x640, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/input/event2\x00', 0x200000, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.max.depth\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000100)='7', 0x7) ioctl$auto_MON_IOCG_STATS(r1, 0x80089203, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00032cbd7000003500060000000800130001b002"], 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4008800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)={0x14, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!'], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x0, 0x0) madvise$auto(0xf, 0x8, 0xe) 1.614017876s ago: executing program 3 (id=461): mmap$auto(0x0, 0x2020089, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/kexec_crash_size\x00', 0x102, 0x0) write$auto(r0, &(0x7f0000000480)='7\x00\\\xa0\x04\x9c\"\xa9Nd_\xff\xa0k\xd8\xc9\xba\x00\xb5\x89\x8cg\xa84\xd8D)\xfdcR8\xdb\x98\xc5\xd7\x94\x94\xda\xc0r\x8f)\xbb_r\xac\x98\xa2k\x9bu=>\xce\x8d\xa2\fZ\xfa\x0f\x87R\xf7\x05OA\xfak\xba0\xab\xe1\xffm\xf9t\x012A\xc8%H\x88\xaej\xda\xae\x1dO\xd7\x88?\x19\xf3\x068\xb4e\xb5\x93\x9a\xb9|Kh\xc2d\xda\xb7\xe5\x1fb~8\xf2q\x0e\x98A[\xbb\xa9\xdc[8\xfc\xc6\x9f\xa3\xb5\xdf\x1a', 0x84) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) r5 = io_uring_setup$auto(0x406, 0x0) r6 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000140), 0xffffffffffffffff) r7 = semctl$auto_GETPID(0x25c5, 0x3, 0xb, 0x9) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000001740)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001700)={&(0x7f0000000400)={0x20c, r6, 0x400, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x6}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x8000000000000000}, @NL802154_ATTR_SEC_ENABLED={0x5, 0x29, 0x1}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'vlan0\x00'}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}, @NL802154_ATTR_SCAN_DONE_REASON={0x5, 0x25, 0x7e}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r5}, @NL802154_ATTR_PEER={0x185, 0x28, 0x0, 0x1, [@nested={0xc, 0x148, 0x0, 0x1, [@typed={0x8, 0x107, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}, @generic="887872fc9181066f51d4071f31b01f389eb2caa7ac210c4f3f5c7a9d9bed7c6c14d40dd79ea17c275f7cebf30733cb2d0c1ec2ef2e15d9487c405324cd987a1047306352682fec5534c460e04363c499bfbe9c422653ed1e7c67c69c1b60e5ac151ce329917a4653f6d8eddc440550473c8201abb376d4f75774fcad433e6ea1ae53537a58af3de5d57bd1bd3e5e7a406e9069df3ebcc120d58008ddebb3d7d130dc4f79cc8ca094762072eaec", @nested={0xc5, 0x30, 0x0, 0x1, [@nested={0x4, 0xd5}, @typed={0x4, 0xc4}, @nested={0x4, 0x123}, @typed={0x4, 0xe6}, @generic="e39e08e46ca9ddf72bdf4d2485a2b6f755e94fae2aeeef39635230d42ee297bbcb43801449467eb01bc83fdece674eb4a372f4de07ba55718d9fc6208af677bb18c0c86c9c4d7358a23422e0ff4ca41c1ee98512e324819292ab473f695d78e4c937199764490d222c03468a3cc0beb1251064b257a393a1cb8239db3720a0b2a0ebf534c58aa3de22e4a3023fd8f363a18c2fd6ccbcaf5a996c65a732c92d0c3f51b2999670bbfa1fa78dbd779faa5239"]}]}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x28, 0x2b, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x73, 0x0, 0x0, @pid=r7}]}, @nested={0x4, 0x105}, @typed={0x14, 0x4e, 0x0, 0x0, @ipv6=@mcast2}]}]}, 0x20c}, 0x1, 0x0, 0x0, 0x44}, 0x0) ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, &(0x7f0000000080)={0x80, 0x0, 0x4, 0xf, 0x3, 0x0}) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r2, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x58, r6, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x1}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x80000001}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5, 0x1a, 0x8}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x3}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x5}, @NL802154_ATTR_SEC_DEVKEY={0xc, 0x2f, 0x0, 0x1, [@typed={0x8, 0x8d, 0x0, 0x0, @pid=r8}]}, @NL802154_ATTR_MAX_ASSOCIATIONS={0x8, 0x27, 0x7f}, @NL802154_ATTR_SCAN_CHANNELS={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000010) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)={0x1c, r3, 0xb01, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000050}, 0x240088e4) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) r9 = openat$auto_ht40allow_map_ops_debugfs(0xffffffffffffff9c, 0x0, 0x181000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000cf, 0xeb1, 0xffffffffffffffff, 0x7) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) read$auto(r9, 0x0, 0x10) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r5, 0xc1004111, &(0x7f0000000740)={0x4, [0x9, 0x7, 0x2], [{0x7, 0x80000000, 0x1, 0x1}, {0xab6, 0x24, 0x1, 0x0, 0x0, 0x1}, {0x8, 0x2006}, {0x4, 0x10, 0x1, 0x1}, {0xaa7f, 0x959, 0x1, 0x1, 0x1}, {0x5, 0x1, 0x1, 0x1, 0x1}, {0x4, 0x0, 0x0, 0x1, 0x1}, {0x2, 0x10006, 0x1, 0x1, 0x1}, {0x5, 0x3, 0x0, 0x1, 0x0, 0x1}, {0x6, 0x6, 0x1, 0x0, 0x1}, {0x4, 0x40, 0x0, 0x1, 0x0, 0x1}, {0x3, 0x3fe, 0x1, 0x0, 0x1, 0x1}], 0x4, 0x9, 0x2, 0x9b1, 0x0, 0x1, 0x9, "3d60f1799d5517614cb5db232a171fe794feb32c6fa42fb100e50cfc95618d55f4466f2e7d6b4e383e01de0564711212835f5ea4b55685c9784003f654a77a10"}) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x4040, 0x0) unshare$auto(0x40000080) r10 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x1, 0x9, 0x0, 0xeb66) write$auto(r10, 0x0, 0x800000006) 943.689174ms ago: executing program 1 (id=462): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)={0x2c, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x24000802) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1800"], 0x1ac}}, 0x40000) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 32) memfd_create$auto(0x0, 0x1a) (async, rerun: 32) munlock$auto(0x9191, 0x5) 872.306055ms ago: executing program 2 (id=463): futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4002, 0x4}, 0x77, 0xfffffffc, 0x0, 0x62bd) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x20200, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/neigh/veth1_to_bridge/base_reachable_time\x00', 0x101202, 0x0) mmap$auto(0x7, 0x400008, 0x7ffffffb, 0x13, 0xffffffffffffffff, 0x9) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x9a9, 0x7) r1 = epoll_create$auto(0x8800001) epoll_ctl$auto(r1, 0x1, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0xe981, 0x800000000df, 0xeb1, 0xffffffffffffffff, 0x200008000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x4a7) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x2a, 0x1, 0x8) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e1000000ff000000deff00"}, 0x58) r3 = wait4$auto(0x0, &(0x7f0000000080)=0x800, 0x5, &(0x7f0000000100)={{0xd, 0xfffffffffffffffb}, {0x2e}, 0x5, 0x2, 0xfb, 0xb9, 0x7, 0x3ff, 0x8001, 0x2, 0x3, 0x100000001, 0x3, 0x0, 0x5, 0x7}) prctl$auto(0x3a, 0x1, r3, 0x2, 0x8000000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/usb/drivers/ax88179_178a/remove_id\x00', 0x488081, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 680.728186ms ago: executing program 1 (id=464): r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card1\x00', 0x129e01, 0x0) bpf$auto_BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000000c0)=@link_create={@map_fd=r0, @target_fd=r0, 0x8000, 0x8, @target_btf_id=0xd5}, 0x2) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyt0\x00', 0x101601, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) shmctl$auto_IPC_STAT(0x40000000, 0x2, &(0x7f0000000480)={{0x670, 0x0, 0xffffffffffffffff, 0x2, 0x7, 0x3, 0x3}, 0x81, 0x4, 0x7fff, 0x101, @inferred, @raw=0x6, 0x5d9, 0x0, 0x0, 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000700), r3) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000740)={'wlan1\x00'}) sendmsg$auto_NL80211_CMD_SET_CHANNEL(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000780)=ANY=[@ANYRES32=0x0, @ANYRES16=r1, @ANYBLOB="01e924bd7000fddbdf25262000000800", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x20000000) pwritev$auto(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x2}, 0xfffffffffdffffff, 0x5, 0x5) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x141000, 0x0) fsconfig$auto(0xffffffffffffffff, 0x3, 0x0, 0x0, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r4 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cpu/0/cpuid\x00', 0xad80, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x2, 0x0) write$auto(r4, &(0x7f0000000000)='/dev/cpu/0/cpuid\x00', 0x8) readv$auto(r4, &(0x7f0000000680)={0x0, 0x40200}, 0x3) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x41) syz_genetlink_get_family_id$auto_ovs_flow(0x0, r3) mmap$auto(0x0, 0x2028009, 0x6, 0xeb3, 0xfffffffffffffffa, 0x8000) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0x40047452, &(0x7f00000000c0)=0x8) getsockopt$auto(0xffffffffffffffff, 0x84, 0xe, 0x0, &(0x7f0000000040)=0xb0) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x24800, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000240)=0x80000000) set_mempolicy$auto(0x3, &(0x7f0000000040)=0x7, 0x3) r6 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x8041, 0x0) ioctl$auto_FBIOPUT_CON2FBMAP(r6, 0x4610, &(0x7f0000000040)) 680.385311ms ago: executing program 0 (id=465): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/nfc/nfc1/rfkill1/soft\x00', 0xa3182, 0x0) socket(0xa, 0x2, 0x3a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x8000000000000011, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex, r1, 0x8000, 0x2, 0xffffffffffffffff, @relative_id=0x13, 0x6}, 0xf) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r3 = fanotify_init$auto(0x200, 0x1) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x0, 0xfffffffffffff000, 0xfffffffe) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001800)=ANY=[@ANYRESDEC=r2, @ANYBLOB="e06d962bd773d1442dcec64b2976a5c3c702a78b127bd918767dd837bd834468f06bbc8d53e6730d7e7f688e21f92114405632aee1430b9404e70aa7b25fbd17d45d225cca64145ea099977d298c1ecabbdf17ba9dc2b8e8c5c37eec750f2e88031a17c2c86950f945cd1baf2195b98fb9e0ddd7329fc7a301ee09dc87a1aee8921e18c1de4f7750de8b990d2f1f0750f1010df56515ea503ae1f73fa71145cf6bcf1299a0be4dcdbc1495a634948ddd8cbf4fc1512a66a61fd6fb8dd8fb7929d1ba973e9564e2188c42d7771df1cbeb2c58990bed264553e4547c", @ANYRESOCT], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) bpf$auto_BPF_MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)=@info={r3, 0x5, 0x9}, 0x5) r5 = socket(0x1a, 0x3, 0xffff) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1b"], 0x1ac}}, 0x800) sendmmsg$auto(r4, &(0x7f00000003c0)={{0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x7, 0xb}, 0xffc}, 0x47, 0x81) fanotify_mark$auto(r3, 0x55, 0x3f8, r3, 0x0) r6 = socket(0x10, 0x2, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8947, &(0x7f0000000000)={'vlan1\x00'}) splice$auto(r6, 0x0, r7, 0x0, 0x101, 0x2) read$auto_drm_connector_fops_drm_debugfs(r2, &(0x7f00000007c0)=""/4110, 0x100e) write$auto(0xffffffffffffffff, &(0x7f0000000080)='\t\x00\\\x00\x00\x00\x00\x00\x95?\xf2\xa6\xa0.__t_event_not\x00', 0x9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) bpf$auto(0x7, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0xffffffffffffffff}, 0xf) write$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, &(0x7f0000000740)="9729facfa507ec17e671250eb63e3b4643a15185858e1926aa9714b851b846a2d1da2df5da43982b9c23e01b488f3d0386c1568864c51e67d549333f7ded20c817a63fa0b76c502e681f3f188908bb69fd2c6abc82dab8d5178580fe430e8d4dcf164474f52dbaad3cb0", 0x6a) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000580)="0886a7b7ecaad059d4", 0x9) sendfile$auto(r0, r0, 0x0, 0xffffffff) 484.755684ms ago: executing program 3 (id=466): mincore$auto(0x0, 0x1, 0x0) 296.83291ms ago: executing program 3 (id=467): mmap$auto(0x0, 0x1ff, 0x4000000000e1, 0x17, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x202000d, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = fsopen$auto(0x0, 0x1) unshare$auto(0x40000080) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x2000c840) mmap$auto(0xf, 0x8, 0x80000000df, 0x2009b72, r0, 0x9) mmap$auto(0x7, 0x7, 0x2df, 0x11, r0, 0x40000000008000) madvise$auto(0xffffffffffffffff, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xcb1, 0x401, 0x8000) socket(0x1, 0xa, 0x73) getpeername$auto(0x3, 0xfffffffffffffffe, 0x0) unshare$auto(0x40000080) r1 = io_uring_setup$auto(0x5b, &(0x7f0000000100)={0x40, 0x8be, 0x3000, 0x4, 0x7, 0x400a, 0xffffffffffffffff, [0x259a], {0x6, 0x3, 0x4, 0x4, 0xd2, 0x7f, 0x0, 0x6}, {0x2, 0x1, 0x52, 0x82, 0x2, 0x1a7b870a, 0x76c2, 0xd, 0x100000000}}) io_uring_register$auto(r1, 0x5, 0x0, 0x1) flock$auto(0xffffffffffffffff, 0xffffffff) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/smbd_max_send_size\x00', 0x101000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/dummy0/carrier\x00', 0xc2061, 0x0) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xab\b\x00\x00\x00\x00\x00\x00\x00}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2oc!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x5) syz_clone(0x200a500, &(0x7f0000000040)="e881b6dfe06319ab25dfc5f48f4929278446e5a4e5598ac2c2b3ad7ecc8438cdace2fb6a139486b0c9015ebbf22a3c8a013358fa464ff556badce1efd4395bf5ed169626e6830c252ff6e7a3c94e568f9df7af8755c596a97acef8c88c1ab41927610e7f3101ac29b89ef0051a7b951a233d29bc5bad0f46febeb0a7fa637c4ec80a9856440611aaee3cc1eda682dd0bacc72be889b59f610088cdf973e47983", 0xa0, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="85a5f77784876050dc36feb472f7f249004de20d2b5343a0ed5807b0d64a5f9b0f775c9384a293058f9070bd7bf517c1d84558dfb74e41969ba9fe022ca1d6f4e967a9ba8321be6ed25116ca0654cb0e6c2daade320aaf745c454d08f5511cade0d6663a61b8633caf1da0cb5b7165b769f15317153630a53ab67aecf7ac79968e05dedff87c103251533482c33b969c129d21e9a9391141849d557c4d272e4f80635977c8ff9e21a3b7532436e8a6b8a1264a86c398c0adc6d75996ee6e13a594547b47b79a3199edecefba96ce180c4f1e3425e81c47e773cdd9f3436f88a4205dcb279564dbe8a9e0ab69b94dc2d05d915fcd727b") io_setup$auto(0x7ffe, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) madvise$auto(0xfffffffffffffffd, 0xffffffffffff0004, 0x15) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYRES64=r3, @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32, @ANYRESOCT=r0, @ANYRES32, @ANYRES32=r0], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) 60.169912ms ago: executing program 1 (id=468): fsconfig$auto_SHMEM_HUGE_DENY(0xffffffffffffffff, 0x0, &(0x7f0000000140)='\\!:\x00', 0x0, 0xffffffffffffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) (async) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000020c0), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f00000031c0)={0x0, 0x0, &(0x7f0000003180)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028087000fcdbdf2504000000040007000800fc24d866df3d3604000002000004000e000400070004001200"], 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (async) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f00000031c0)={0x0, 0x0, &(0x7f0000003180)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028087000fcdbdf2504000000040007000800fc24d866df3d3604000002000004000e000400070004001200"], 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) (async) read$auto(r3, 0x0, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket(0x18, 0x4, 0x41) unshare$auto(0x40000080) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/dev_mcast\x00', 0x40280, 0x0) pread64$auto(r5, &(0x7f00000000c0)='veth1\xe7#\x16T+\xee\x03\xc4\x1c\a\xdfa\x8b[,>\xa9\xd2\xef\xb0\xfb{b^\xef\x93\x97\x06H\xcb\xe7g\xea\x9dE\xc0\xdc\x1e\x02`\x00Z\x9d|\x8f\x92\xe09\xe1hBJL\x1e#F\xc4\xd0z\xac5+I\xfbb\x9d\x97.]\x95H\f&_\x8d1\x83\x90,\x01\x8ab\xe6P\xb8J\xc4\xc3&\xe3\x05\x7fl\x18\xf40\x18x\x88\x86\xe6{\xdb\x1c\xfef\xf8x\xc9vKq\xd4/N&\x1f\xae\xa8\x9b\xb2\xdbZ\xed\x16a}\xa9gj\xc2mt\x87\xc3?\xc6ou\xf0\x14\x00\x00\x00\x00\x00\x00\x00i\xb9\xc8\xc6V5]\x06/\xb1`\xd9X\xe5\xfc$\a\xf3S\xbb\xe99\xf1PZ\x81\x8f\xfc\xa4w\\\x84B\x03+\xa2\xe1\xb4\x9dv\xe1\xd7\b9\xc3.\x96I\x98\x00\x00\x00\x00\x00', 0x200000000004, 0xfc) (async) pread64$auto(r5, &(0x7f00000000c0)='veth1\xe7#\x16T+\xee\x03\xc4\x1c\a\xdfa\x8b[,>\xa9\xd2\xef\xb0\xfb{b^\xef\x93\x97\x06H\xcb\xe7g\xea\x9dE\xc0\xdc\x1e\x02`\x00Z\x9d|\x8f\x92\xe09\xe1hBJL\x1e#F\xc4\xd0z\xac5+I\xfbb\x9d\x97.]\x95H\f&_\x8d1\x83\x90,\x01\x8ab\xe6P\xb8J\xc4\xc3&\xe3\x05\x7fl\x18\xf40\x18x\x88\x86\xe6{\xdb\x1c\xfef\xf8x\xc9vKq\xd4/N&\x1f\xae\xa8\x9b\xb2\xdbZ\xed\x16a}\xa9gj\xc2mt\x87\xc3?\xc6ou\xf0\x14\x00\x00\x00\x00\x00\x00\x00i\xb9\xc8\xc6V5]\x06/\xb1`\xd9X\xe5\xfc$\a\xf3S\xbb\xe99\xf1PZ\x81\x8f\xfc\xa4w\\\x84B\x03+\xa2\xe1\xb4\x9dv\xe1\xd7\b9\xc3.\x96I\x98\x00\x00\x00\x00\x00', 0x200000000004, 0xfc) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x82802, 0x0) mmap$auto(0x0, 0x20009, 0x3, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x3, 0xeb1, 0x401, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0) (async) getsockopt$auto(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cec21\x00', 0x100500, 0x0) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, 0x0, 0x0) r6 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r6, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) 6.40881ms ago: executing program 2 (id=469): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x3, 0x8000000000000000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xffffffffffffffff, 0x8000) fchdir$auto(0xffffffffffffffff) socket(0x25, 0x2, 0xffffffff) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8085}, 0x8000) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x29, 0xa, 0xb) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) prctl$auto(0x38, 0x1, 0x4, 0xd73, 0x7) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) r4 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$auto_RTC_SET_TIME(r4, 0x4024700a, &(0x7f0000000280)={0xffffffff, 0x0, 0x3, 0xfffff66e, 0x5, 0x80, 0xcf, 0x6c38, 0xe}) mprotect$auto(0x0, 0x8000000000000001, 0x8) connect$auto(0x3, 0x0, 0x54) socket(0xa, 0x3, 0x3a) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, 0x0, 0x10) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40050c6}, 0x4000841) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) 0s ago: executing program 0 (id=470): mmap$auto(0x0, 0x7, 0x10000000000df, 0xeb2, 0x401, 0x80000000) io_uring_setup$auto(0x4a9e, 0x0) mmap$auto(0x0, 0x20009, 0x0, 0xeb1, 0xffffffffffffffff, 0x10008000) close_range$auto(0x2, 0xa, 0x0) r0 = open(&(0x7f0000000000)='&&\x00', 0x1, 0x76f) fcntl$auto_F_ADD_SEALS(r0, 0x410, 0x0) r1 = socket(0x1d, 0x2, 0x6) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0xa, 0xa, 0x100) mq_timedsend$auto(0xffffffffffffffff, 0x0, 0x80, 0x9, 0x0) r2 = socket(0x2, 0x3, 0x6) socketpair$auto(0x3, 0x9, 0x180802, 0x0) setsockopt$auto(0x3, 0x0, 0x31, 0x0, 0x28) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x3, 0x400008, 0x10000, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, r2, 0x4) clock_adjtime$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x380000000014, r2, 0x8f) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x7, 0x8000000000000000, 0x0) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto(r1, 0x6a, 0x2, 0x0, 0x0) mknod$auto(&(0x7f00000000c0)='&&\x00', 0xcb, 0x6861) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.141' (ED25519) to the list of known hosts. [ 73.183725][ T5613] cgroup: Unknown subsys name 'net' [ 73.319935][ T5613] cgroup: Unknown subsys name 'cpuset' [ 73.329584][ T5613] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.779290][ T5613] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.928276][ T5636] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.930716][ T5638] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.939602][ T5637] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.945613][ T5638] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.952059][ T5637] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.958975][ T5638] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.965733][ T5637] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.972495][ T5638] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.985705][ T5636] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.986812][ T5638] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.996068][ T5636] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.999998][ T5640] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.007610][ T5636] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.015293][ T5638] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.030097][ T5638] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.039293][ T5638] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.047854][ T5640] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.055872][ T5638] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.057347][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.066645][ T5638] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.469106][ T5626] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.476394][ T5626] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.483796][ T5626] bridge_slave_0: entered allmulticast mode [ 78.491248][ T5626] bridge_slave_0: entered promiscuous mode [ 78.512005][ T5626] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.519137][ T5626] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.526341][ T5626] bridge_slave_1: entered allmulticast mode [ 78.533285][ T5626] bridge_slave_1: entered promiscuous mode [ 78.606782][ T5627] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.614128][ T5627] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.621550][ T5627] bridge_slave_0: entered allmulticast mode [ 78.628621][ T5627] bridge_slave_0: entered promiscuous mode [ 78.649762][ T5626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.660812][ T5627] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.668844][ T5627] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.676195][ T5627] bridge_slave_1: entered allmulticast mode [ 78.683160][ T5627] bridge_slave_1: entered promiscuous mode [ 78.703074][ T5626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.789291][ T5627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.798708][ T5624] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.805905][ T5624] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.813431][ T5624] bridge_slave_0: entered allmulticast mode [ 78.820564][ T5624] bridge_slave_0: entered promiscuous mode [ 78.827769][ T5625] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.834899][ T5625] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.842163][ T5625] bridge_slave_0: entered allmulticast mode [ 78.849103][ T5625] bridge_slave_0: entered promiscuous mode [ 78.858653][ T5626] team0: Port device team_slave_0 added [ 78.866631][ T5627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.876135][ T5624] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.883293][ T5624] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.890635][ T5624] bridge_slave_1: entered allmulticast mode [ 78.897782][ T5624] bridge_slave_1: entered promiscuous mode [ 78.904777][ T5625] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.912075][ T5625] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.919391][ T5625] bridge_slave_1: entered allmulticast mode [ 78.926422][ T5625] bridge_slave_1: entered promiscuous mode [ 78.934730][ T5626] team0: Port device team_slave_1 added [ 79.012283][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.019495][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.045474][ T5626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.046951][ T5638] Bluetooth: hci0: command tx timeout [ 79.064406][ T5627] team0: Port device team_slave_0 added [ 79.072691][ T5624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.084945][ T5625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.099855][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.107045][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.133334][ T5638] Bluetooth: hci1: command tx timeout [ 79.133588][ T5635] Bluetooth: hci3: command tx timeout [ 79.144917][ T4943] Bluetooth: hci2: command tx timeout [ 79.151026][ T5626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.163607][ T5627] team0: Port device team_slave_1 added [ 79.171351][ T5624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.190637][ T5625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.259037][ T5624] team0: Port device team_slave_0 added [ 79.267276][ T5624] team0: Port device team_slave_1 added [ 79.274790][ T5625] team0: Port device team_slave_0 added [ 79.281333][ T5627] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.288720][ T5627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.315284][ T5627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.348096][ T5625] team0: Port device team_slave_1 added [ 79.354322][ T5627] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.361374][ T5627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.388676][ T5627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.448542][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.455518][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.481509][ T5625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.498086][ T5626] hsr_slave_0: entered promiscuous mode [ 79.504756][ T5626] hsr_slave_1: entered promiscuous mode [ 79.512076][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.519150][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.545433][ T5624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.558388][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.565341][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.591568][ T5624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.603888][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.610883][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.636835][ T5625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.710246][ T5627] hsr_slave_0: entered promiscuous mode [ 79.716828][ T5627] hsr_slave_1: entered promiscuous mode [ 79.722870][ T5627] debugfs: 'hsr0' already exists in 'hsr' [ 79.728714][ T5627] Cannot create hsr debugfs directory [ 79.804613][ T5625] hsr_slave_0: entered promiscuous mode [ 79.811096][ T5625] hsr_slave_1: entered promiscuous mode [ 79.817328][ T5625] debugfs: 'hsr0' already exists in 'hsr' [ 79.823051][ T5625] Cannot create hsr debugfs directory [ 79.833205][ T5624] hsr_slave_0: entered promiscuous mode [ 79.839447][ T5624] hsr_slave_1: entered promiscuous mode [ 79.845457][ T5624] debugfs: 'hsr0' already exists in 'hsr' [ 79.852458][ T5624] Cannot create hsr debugfs directory [ 80.243540][ T5626] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.257639][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.267621][ T5626] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.278254][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.286631][ T5626] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.297065][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.313856][ T5626] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.324767][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.376603][ T5627] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 80.387040][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.394867][ T5627] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.404967][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.413933][ T5627] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.423997][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.433121][ T5627] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.442216][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.538767][ T5625] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.550541][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.564701][ T5625] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.574924][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.587381][ T5625] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.597274][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.605100][ T5625] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.616756][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.703843][ T5624] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.714741][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.723247][ T5624] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.733364][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.741575][ T5624] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.750873][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.759935][ T5624] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.770142][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.809504][ T5626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.890999][ T5627] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.902212][ T5626] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.935196][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.942672][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.963980][ T5627] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.979545][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.986719][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.015362][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.022484][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.051406][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.058625][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.085536][ T5625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.127219][ T4943] Bluetooth: hci0: command tx timeout [ 81.142319][ T5625] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.167986][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.175089][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.206617][ T5635] Bluetooth: hci2: command tx timeout [ 81.207084][ T5638] Bluetooth: hci3: command tx timeout [ 81.212749][ T4943] Bluetooth: hci1: command tx timeout [ 81.235709][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.243231][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.272874][ T5624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.365511][ T5624] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.403599][ T402] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.410804][ T402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.433762][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.440953][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.134767][ T5626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.262573][ T5627] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.344191][ T5625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.370248][ T5626] veth0_vlan: entered promiscuous mode [ 82.419204][ T5626] veth1_vlan: entered promiscuous mode [ 82.490079][ T5627] veth0_vlan: entered promiscuous mode [ 82.504699][ T5624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.530437][ T5625] veth0_vlan: entered promiscuous mode [ 82.545713][ T5626] veth0_macvtap: entered promiscuous mode [ 82.559644][ T5627] veth1_vlan: entered promiscuous mode [ 82.579888][ T5626] veth1_macvtap: entered promiscuous mode [ 82.594347][ T5625] veth1_vlan: entered promiscuous mode [ 82.638833][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.655030][ T5627] veth0_macvtap: entered promiscuous mode [ 82.682025][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.690910][ T5627] veth1_macvtap: entered promiscuous mode [ 82.709315][ T5624] veth0_vlan: entered promiscuous mode [ 82.730672][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.740384][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.763681][ T5627] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.771018][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.779854][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.798820][ T5627] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.806903][ T5624] veth1_vlan: entered promiscuous mode [ 82.823505][ T5625] veth0_macvtap: entered promiscuous mode [ 82.840785][ T5625] veth1_macvtap: entered promiscuous mode [ 82.867381][ T402] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.876899][ T402] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.900253][ T402] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.912292][ T402] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.963357][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.997931][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.014023][ T5624] veth0_macvtap: entered promiscuous mode [ 83.025254][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.026910][ T5624] veth1_macvtap: entered promiscuous mode [ 83.043190][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.073043][ T57] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.082210][ T57] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.100388][ T57] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.109773][ T57] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.187569][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.196203][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.201614][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.211009][ T5638] Bluetooth: hci0: command tx timeout [ 83.220055][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.249524][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.277691][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.292978][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.296137][ T5638] Bluetooth: hci3: command tx timeout [ 83.300958][ T4943] Bluetooth: hci2: command tx timeout [ 83.306260][ T5638] Bluetooth: hci1: command tx timeout [ 83.311695][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.351229][ T14] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.360450][ T14] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.394832][ T5626] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 83.398688][ T14] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.419318][ T14] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.486556][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.495093][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.560840][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.572532][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.675124][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.693264][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.835872][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.864808][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.527960][ T30] audit: type=1800 audit(1782802674.683:2): pid=5786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1" name="dbroot" dev="configfs" ino=7940 res=0 errno=0 [ 84.741495][ T5786] mmap: syz.0.1 (5786) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 85.286960][ T5638] Bluetooth: hci0: command tx timeout [ 85.366405][ T5638] Bluetooth: hci2: command tx timeout [ 85.366695][ T5635] Bluetooth: hci1: command tx timeout [ 85.371849][ T4943] Bluetooth: hci3: command tx timeout [ 86.761781][ T993] cfg80211: failed to load regulatory.db [ 86.814484][ T5808] process 'syz.3.6' launched './file0' with NULL argv: empty string added [ 89.959231][ T5847] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 90.715174][ T5843] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13'. [ 94.528419][ T5905] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 94.657261][ T5905] FAULT_INJECTION: forcing a failure. [ 94.657261][ T5905] name failslab, interval 1, probability 0, space 0, times 0 [ 94.675745][ T5907] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 94.697281][ T5905] CPU: 1 UID: 0 PID: 5905 Comm: syz.0.24 Not tainted syzkaller #0 PREEMPT(full) [ 94.697321][ T5905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 94.697343][ T5905] Call Trace: [ 94.697352][ T5905] [ 94.697367][ T5905] dump_stack_lvl+0x100/0x190 [ 94.697409][ T5905] should_fail_ex.cold+0x5/0xa [ 94.697447][ T5905] should_failslab+0xc2/0x120 [ 94.697488][ T5905] __kmalloc_noprof+0xfc/0x820 [ 94.697521][ T5905] ? constrain_params_by_rules+0x175/0xd20 [ 94.697567][ T5905] constrain_params_by_rules+0x175/0xd20 [ 94.697610][ T5905] ? mark_held_locks+0x40/0x70 [ 94.697660][ T5905] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 94.697709][ T5905] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 94.697752][ T5905] ? kasan_save_track+0x14/0x30 [ 94.697784][ T5905] ? __kasan_kmalloc+0xaa/0xb0 [ 94.697820][ T5905] ? snd_pcm_oss_sync+0x1de/0x840 [ 94.697856][ T5905] ? snd_pcm_oss_release+0x238/0x300 [ 94.697903][ T5905] ? __fput+0x3ff/0xb50 [ 94.697934][ T5905] ? task_work_run+0x150/0x240 [ 94.697985][ T5905] ? snd_interval_refine+0x2d0/0x580 [ 94.698022][ T5905] snd_pcm_hw_refine+0x82a/0xb40 [ 94.698070][ T5905] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 94.698126][ T5905] ? kasan_save_track+0x14/0x30 [ 94.698158][ T5905] ? __kasan_kmalloc+0xaa/0xb0 [ 94.698196][ T5905] snd_pcm_hw_param_first+0x2b0/0x680 [ 94.698245][ T5905] snd_pcm_hw_param_near.constprop.0+0x739/0x850 [ 94.698290][ T5905] ? lockdep_hardirqs_on+0x78/0x100 [ 94.698333][ T5905] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 94.698373][ T5905] ? snd_pcm_oss_change_params_locked+0x9d0/0x39f0 [ 94.698414][ T5905] ? snd_pcm_oss_change_params_locked+0xa6d/0x39f0 [ 94.698456][ T5905] ? kfree+0x22b/0x6c0 [ 94.698488][ T5905] snd_pcm_oss_change_params_locked+0xae1/0x39f0 [ 94.698546][ T5905] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 94.698587][ T5905] ? __pfx___mutex_lock+0x10/0x10 [ 94.698612][ T5905] ? snd_pcm_oss_sync+0x1a0/0x840 [ 94.698666][ T5905] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 94.698719][ T5905] snd_pcm_oss_make_ready+0xeb/0x1b0 [ 94.698764][ T5905] snd_pcm_oss_sync+0x1de/0x840 [ 94.698805][ T5905] snd_pcm_oss_release+0x238/0x300 [ 94.698846][ T5905] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 94.698888][ T5905] __fput+0x3ff/0xb50 [ 94.698934][ T5905] task_work_run+0x150/0x240 [ 94.698981][ T5905] ? __pfx_task_work_run+0x10/0x10 [ 94.699035][ T5905] exit_to_user_mode_loop+0x1d8/0x6f0 [ 94.699067][ T5905] ? rcu_is_watching+0x12/0xc0 [ 94.699107][ T5905] do_syscall_64+0x652/0x840 [ 94.699132][ T5905] ? clear_bhb_loop+0x40/0x90 [ 94.699167][ T5905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.699197][ T5905] RIP: 0033:0x7f466b79ce59 [ 94.699237][ T5905] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 94.699264][ T5905] RSP: 002b:00007f466c6e7028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 94.699295][ T5905] RAX: 0000000000000000 RBX: 00007f466ba15fa0 RCX: 00007f466b79ce59 [ 94.699312][ T5905] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 94.699328][ T5905] RBP: 00007f466b832e6f R08: 0000000000000000 R09: 0000000000000000 [ 94.699345][ T5905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.699381][ T5905] R13: 00007f466ba16038 R14: 00007f466ba15fa0 R15: 00007ffed1163608 [ 94.699418][ T5905] [ 95.501061][ T5917] futex_wake_op: syz.0.26 tries to shift op by -2048; fix this program [ 96.364768][ T5943] futex_wake_op: syz.3.31 tries to shift op by -2048; fix this program [ 96.787474][ T5635] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 97.232149][ T30] audit: type=1800 audit(1782802687.383:3): pid=5952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.32" name="dbroot" dev="configfs" ino=8471 res=0 errno=0 [ 97.494382][ T5961] random: crng reseeded on system resumption [ 98.220927][ T5969] Zero length message leads to an empty skb [ 98.470653][ T5974] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 100.277330][ T6011] netlink: 8 bytes leftover after parsing attributes in process `syz.1.41'. [ 101.310294][ T6033] kafs: addr_prefs: Invalid Command [ 101.320514][ T6034] futex_wake_op: syz.3.46 tries to shift op by -2048; fix this program [ 102.484442][ T6058] FAULT_INJECTION: forcing a failure. [ 102.484442][ T6058] name failslab, interval 1, probability 0, space 0, times 0 [ 102.516191][ T6058] CPU: 0 UID: 0 PID: 6058 Comm: syz.0.49 Not tainted syzkaller #0 PREEMPT(full) [ 102.516230][ T6058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 102.516247][ T6058] Call Trace: [ 102.516258][ T6058] [ 102.516268][ T6058] dump_stack_lvl+0x100/0x190 [ 102.516309][ T6058] should_fail_ex.cold+0x5/0xa [ 102.516344][ T6058] should_failslab+0xc2/0x120 [ 102.516381][ T6058] kmem_cache_alloc_noprof+0x91/0x6a0 [ 102.516414][ T6058] ? __pfx_map_id_range_down+0x10/0x10 [ 102.516453][ T6058] ? security_inode_alloc+0x3b/0x2c0 [ 102.516490][ T6058] security_inode_alloc+0x3b/0x2c0 [ 102.516523][ T6058] inode_init_always_gfp+0xc77/0xfb0 [ 102.516558][ T6058] alloc_inode+0x8e/0x250 [ 102.516595][ T6058] sock_alloc+0x44/0x280 [ 102.516628][ T6058] ? security_socket_create+0x7f/0x250 [ 102.516659][ T6058] __sock_create+0xc2/0x860 [ 102.516704][ T6058] __sys_socket+0x14d/0x260 [ 102.516747][ T6058] ? __pfx___sys_socket+0x10/0x10 [ 102.516810][ T6058] __x64_sys_socket+0x72/0xb0 [ 102.516851][ T6058] ? lockdep_hardirqs_on+0x78/0x100 [ 102.516895][ T6058] do_syscall_64+0x115/0x840 [ 102.516918][ T6058] ? clear_bhb_loop+0x40/0x90 [ 102.516952][ T6058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.516980][ T6058] RIP: 0033:0x7f466b79ce59 [ 102.517003][ T6058] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 102.517029][ T6058] RSP: 002b:00007f466c6e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 102.517055][ T6058] RAX: ffffffffffffffda RBX: 00007f466ba15fa0 RCX: 00007f466b79ce59 [ 102.517073][ T6058] RDX: 0000000000000001 RSI: 0000000000000002 RDI: 000000000000002a [ 102.517089][ T6058] RBP: 00007f466b832e6f R08: 0000000000000000 R09: 0000000000000000 [ 102.517106][ T6058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 102.517122][ T6058] R13: 00007f466ba16038 R14: 00007f466ba15fa0 R15: 00007ffed1163608 [ 102.517158][ T6058] [ 102.517368][ T6058] socket: no more sockets [ 102.639325][ T6065] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 103.123543][ T6070] FAULT_INJECTION: forcing a failure. [ 103.123543][ T6070] name fail_futex, interval 1, probability 0, space 0, times 1 [ 103.195789][ T6070] CPU: 1 UID: 0 PID: 6070 Comm: syz.2.50 Not tainted syzkaller #0 PREEMPT(full) [ 103.195826][ T6070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 103.195843][ T6070] Call Trace: [ 103.195851][ T6070] [ 103.195862][ T6070] dump_stack_lvl+0x100/0x190 [ 103.195901][ T6070] should_fail_ex.cold+0x5/0xa [ 103.195938][ T6070] get_futex_key+0x1d2/0x14f0 [ 103.195968][ T6070] ? __pfx_get_futex_key+0x10/0x10 [ 103.196007][ T6070] futex_wait_setup+0x91/0x540 [ 103.196052][ T6070] __futex_wait+0x19f/0x300 [ 103.196091][ T6070] ? __pfx___futex_wait+0x10/0x10 [ 103.196122][ T6070] ? futex_hash+0x311/0x400 [ 103.196151][ T6070] ? __pfx_futex_wake_mark+0x10/0x10 [ 103.196193][ T6070] ? __pfx_futex_hash+0x10/0x10 [ 103.196216][ T6070] ? ipc_addid+0x15c/0x1ee0 [ 103.196253][ T6070] ? __pfx_idr_replace+0x10/0x10 [ 103.196286][ T6070] futex_wait+0xe6/0x370 [ 103.196321][ T6070] ? __pfx_futex_wait+0x10/0x10 [ 103.196367][ T6070] ? up_write+0x2e5/0x5c0 [ 103.196398][ T6070] do_futex+0x265/0x440 [ 103.196427][ T6070] ? __pfx_do_futex+0x10/0x10 [ 103.196458][ T6070] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 103.196509][ T6070] __x64_sys_futex+0x34f/0x4d0 [ 103.196542][ T6070] ? __pfx___x64_sys_futex+0x10/0x10 [ 103.196584][ T6070] do_syscall_64+0x115/0x840 [ 103.196605][ T6070] ? clear_bhb_loop+0x40/0x90 [ 103.196638][ T6070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.196666][ T6070] RIP: 0033:0x7f134f99ce59 [ 103.196690][ T6070] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 103.196725][ T6070] RSP: 002b:00007f13509060e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 103.196750][ T6070] RAX: ffffffffffffffda RBX: 00007f134fc15fa8 RCX: 00007f134f99ce59 [ 103.196768][ T6070] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f134fc15fa8 [ 103.196784][ T6070] RBP: 00007f134fc15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 103.196799][ T6070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.196814][ T6070] R13: 00007f134fc16038 R14: 00007ffc63500640 R15: 00007ffc63500728 [ 103.196846][ T6070] [ 103.636143][ T6073] program syz.2.50 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 103.883181][ T6071] zswap: compressor not available [ 105.455460][ T6096] zswap: compressor not available [ 105.515633][ T6117] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 105.554620][ T6117] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 105.648091][ T6117] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 105.747423][ T6117] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 105.800999][ T6117] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 105.872349][ T6117] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 106.017270][ T6117] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 106.057155][ T6117] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 106.119842][ T6117] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 106.163867][ T6117] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 106.191317][ T6117] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 106.215500][ T6117] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 106.277757][ T6117] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 107.240870][ T30] audit: type=1800 audit(1782802697.393:4): pid=6133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.56" name="dbroot" dev="configfs" ino=8859 res=0 errno=0 [ 107.526004][ T5638] Bluetooth: hci1: command 0x0c1a tx timeout [ 107.777011][ T5638] Bluetooth: hci0: command 0x0c1a tx timeout [ 108.086082][ T5638] Bluetooth: hci3: command 0x0c1a tx timeout [ 108.177441][ T5638] Bluetooth: hci2: command 0x0c1a tx timeout [ 109.271305][ T6140] kexec: Could not allocate control_code_buffer [ 109.458794][ T6192] futex_wake_op: syz.3.64 tries to shift op by -2048; fix this program [ 109.606010][ T5638] Bluetooth: hci1: command 0x0c1a tx timeout [ 109.846106][ T5638] Bluetooth: hci0: command 0x0c1a tx timeout [ 110.167365][ T5638] Bluetooth: hci3: command 0x0c1a tx timeout [ 110.248206][ T5638] Bluetooth: hci2: command 0x0c1a tx timeout [ 111.284490][ T6234] futex_wake_op: syz.2.68 tries to shift op by -2048; fix this program [ 111.689769][ T5638] Bluetooth: hci1: command 0x0c1a tx timeout [ 111.927235][ T5638] Bluetooth: hci0: command 0x0c1a tx timeout [ 112.105969][ T6195] kexec: Could not allocate control_code_buffer [ 112.246081][ T5638] Bluetooth: hci3: command 0x0c1a tx timeout [ 112.291576][ T6255] binder: 6247:6255 unknown command 1936094318 [ 112.322383][ T6255] binder: 6247:6255 ioctl c0306201 0 returned -22 [ 112.333898][ T5638] Bluetooth: hci2: command 0x0c1a tx timeout [ 114.406059][ T5638] Bluetooth: hci2: command 0x0c1a tx timeout [ 114.470514][ T30] audit: type=1800 audit(1782802704.623:5): pid=6275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.74" name="dbroot" dev="configfs" ino=11367 res=0 errno=0 [ 115.848070][ T6317] FAULT_INJECTION: forcing a failure. [ 115.848070][ T6317] name failslab, interval 1, probability 0, space 0, times 0 [ 115.922843][ T6317] CPU: 1 UID: 0 PID: 6317 Comm: syz.2.81 Not tainted syzkaller #0 PREEMPT(full) [ 115.922875][ T6317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 115.922884][ T6317] Call Trace: [ 115.922890][ T6317] [ 115.922896][ T6317] dump_stack_lvl+0x100/0x190 [ 115.922941][ T6317] should_fail_ex.cold+0x5/0xa [ 115.922961][ T6317] should_failslab+0xc2/0x120 [ 115.922983][ T6317] kmem_cache_alloc_noprof+0x91/0x6a0 [ 115.923001][ T6317] ? d_instantiate+0x8a/0xb0 [ 115.923024][ T6317] ? d_instantiate+0x8a/0xb0 [ 115.923040][ T6317] ? alloc_empty_file+0x5b/0x1c0 [ 115.923063][ T6317] alloc_empty_file+0x5b/0x1c0 [ 115.923082][ T6317] alloc_file_pseudo+0x183/0x290 [ 115.923102][ T6317] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 115.923120][ T6317] ? alloc_fd+0x471/0x7a0 [ 115.923134][ T6317] ? do_raw_spin_unlock+0x145/0x1e0 [ 115.923154][ T6317] __anon_inode_getfile+0xe8/0x280 [ 115.923174][ T6317] anon_inode_getfile_fmode+0x37/0xa0 [ 115.923194][ T6317] __do_sys_timerfd_create+0x2d6/0x3f0 [ 115.923216][ T6317] ? do_syscall_64+0x90/0x840 [ 115.923230][ T6317] do_syscall_64+0x115/0x840 [ 115.923242][ T6317] ? clear_bhb_loop+0x40/0x90 [ 115.923265][ T6317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.923285][ T6317] RIP: 0033:0x7f134f99ce59 [ 115.923304][ T6317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 115.923319][ T6317] RSP: 002b:00007f1350906028 EFLAGS: 00000246 ORIG_RAX: 000000000000011b [ 115.923337][ T6317] RAX: ffffffffffffffda RBX: 00007f134fc15fa0 RCX: 00007f134f99ce59 [ 115.923347][ T6317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 115.923355][ T6317] RBP: 00007f134fa32e6f R08: 0000000000000000 R09: 0000000000000000 [ 115.923364][ T6317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.923372][ T6317] R13: 00007f134fc16038 R14: 00007f134fc15fa0 R15: 00007ffc63500728 [ 115.923391][ T6317] [ 117.100113][ T6319] futex_wake_op: syz.2.82 tries to shift op by -2048; fix this program [ 117.574386][ T6282] kexec: Could not allocate control_code_buffer [ 118.295527][ T6340] FAULT_INJECTION: forcing a failure. [ 118.295527][ T6340] name fail_futex, interval 1, probability 0, space 0, times 0 [ 118.358870][ T6340] CPU: 1 UID: 0 PID: 6340 Comm: syz.1.85 Not tainted syzkaller #0 PREEMPT(full) [ 118.358895][ T6340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 118.358905][ T6340] Call Trace: [ 118.358910][ T6340] [ 118.358916][ T6340] dump_stack_lvl+0x100/0x190 [ 118.358940][ T6340] should_fail_ex.cold+0x5/0xa [ 118.358960][ T6340] get_futex_key+0x1d2/0x14f0 [ 118.358977][ T6340] ? __pfx_get_futex_key+0x10/0x10 [ 118.358992][ T6340] ? wakeup_preempt_fair+0x640/0x1060 [ 118.359019][ T6340] futex_wait_setup+0x91/0x540 [ 118.359045][ T6340] __futex_wait+0x19f/0x300 [ 118.359066][ T6340] ? __pfx___futex_wait+0x10/0x10 [ 118.359084][ T6340] ? __pfx_try_to_wake_up+0x10/0x10 [ 118.359099][ T6340] ? futex_hash+0x311/0x400 [ 118.359115][ T6340] ? __pfx_futex_wake_mark+0x10/0x10 [ 118.359137][ T6340] ? find_held_lock+0x2b/0x80 [ 118.359154][ T6340] ? futex_wake+0x4ea/0x5e0 [ 118.359176][ T6340] futex_wait+0xe6/0x370 [ 118.359195][ T6340] ? __pfx_futex_wait+0x10/0x10 [ 118.359219][ T6340] ? __lock_acquire+0x49f/0x1a40 [ 118.359234][ T6340] do_futex+0x265/0x440 [ 118.359251][ T6340] ? __pfx_do_futex+0x10/0x10 [ 118.359271][ T6340] __x64_sys_futex+0x34f/0x4d0 [ 118.359289][ T6340] ? __pfx___x64_sys_futex+0x10/0x10 [ 118.359312][ T6340] do_syscall_64+0x115/0x840 [ 118.359326][ T6340] ? clear_bhb_loop+0x40/0x90 [ 118.359343][ T6340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.359357][ T6340] RIP: 0033:0x7f045bf9ce59 [ 118.359371][ T6340] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 118.359390][ T6340] RSP: 002b:00007f045ce4a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 118.359405][ T6340] RAX: ffffffffffffffda RBX: 00007f045c216188 RCX: 00007f045bf9ce59 [ 118.359415][ T6340] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f045c216188 [ 118.359428][ T6340] RBP: 00007f045c216180 R08: 0000000000000000 R09: 0000000000000000 [ 118.359438][ T6340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.359446][ T6340] R13: 00007f045c216218 R14: 00007ffdc5ef82f0 R15: 00007ffdc5ef83d8 [ 118.359464][ T6340] [ 119.339435][ T6356] FAULT_INJECTION: forcing a failure. [ 119.339435][ T6356] name failslab, interval 1, probability 0, space 0, times 0 [ 119.356857][ T6356] CPU: 1 UID: 0 PID: 6356 Comm: syz.2.88 Not tainted syzkaller #0 PREEMPT(full) [ 119.356895][ T6356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 119.356911][ T6356] Call Trace: [ 119.356920][ T6356] [ 119.356930][ T6356] dump_stack_lvl+0x100/0x190 [ 119.356971][ T6356] should_fail_ex.cold+0x5/0xa [ 119.357007][ T6356] should_failslab+0xc2/0x120 [ 119.357048][ T6356] kmem_cache_alloc_noprof+0x91/0x6a0 [ 119.357081][ T6356] ? __pfx___sys_sendmmsg+0x10/0x10 [ 119.357113][ T6356] ? create_new_namespaces+0x30/0xac0 [ 119.357145][ T6356] create_new_namespaces+0x30/0xac0 [ 119.357172][ T6356] ? bpf_lsm_capable+0x9/0x10 [ 119.357199][ T6356] ? security_capable+0x80/0x260 [ 119.357246][ T6356] unshare_nsproxy_namespaces+0xf2/0x220 [ 119.357282][ T6356] ksys_unshare+0x438/0xab0 [ 119.357316][ T6356] ? __pfx_ksys_unshare+0x10/0x10 [ 119.357361][ T6356] __x64_sys_unshare+0x31/0x40 [ 119.357404][ T6356] do_syscall_64+0x115/0x840 [ 119.357430][ T6356] ? clear_bhb_loop+0x40/0x90 [ 119.357464][ T6356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.357492][ T6356] RIP: 0033:0x7f134f99ce59 [ 119.357514][ T6356] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 119.357540][ T6356] RSP: 002b:00007f1350906028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 119.357566][ T6356] RAX: ffffffffffffffda RBX: 00007f134fc15fa0 RCX: 00007f134f99ce59 [ 119.357584][ T6356] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 119.357598][ T6356] RBP: 00007f134fa32e6f R08: 0000000000000000 R09: 0000000000000000 [ 119.357611][ T6356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.357626][ T6356] R13: 00007f134fc16038 R14: 00007f134fc15fa0 R15: 00007ffc63500728 [ 119.357656][ T6356] [ 120.076923][ T6372] can: request_module (can-proto-0) failed. [ 120.911014][ T30] audit: type=1800 audit(1782802711.053:6): pid=6359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.89" name="dbroot" dev="configfs" ino=10620 res=0 errno=0 [ 122.967173][ T5638] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 123.748445][ T6361] kexec: Could not allocate control_code_buffer [ 124.075049][ T6406] futex_wake_op: syz.1.96 tries to shift op by -2048; fix this program [ 124.716019][ T6418] vivid-007: ================= START STATUS ================= [ 124.750866][ T6418] vivid-007: Enable Output Cropping: true grabbed [ 124.855702][ T6418] vivid-007: Enable Output Composing: true grabbed [ 124.916520][ T6418] vivid-007: Enable Output Scaler: true grabbed [ 125.003652][ T6418] vivid-007: Tx RGB Quantization Range: Automatic grabbed [ 125.056917][ T6418] vivid-007: Transmit Mode: HDMI grabbed [ 125.087909][ T6418] vivid-007: Hotplug Present: 0x00000000 [ 125.112254][ T6418] vivid-007: RxSense Present: 0x00000000 [ 125.151059][ T6418] vivid-007: EDID Present: 0x00000000 [ 125.195249][ T6418] vivid-007: ================== END STATUS ================== [ 125.857705][ T6431] futex_wake_op: syz.2.101 tries to shift op by -2048; fix this program [ 125.892128][ T6431] futex_wake_op: syz.2.101 tries to shift op by -2048; fix this program [ 126.121074][ T6418] syz.1.99(6418): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 127.205260][ T6403] kexec: Could not allocate control_code_buffer [ 127.550306][ T6450] netlink: 4 bytes leftover after parsing attributes in process `syz.0.106'. [ 128.045007][ T6467] futex_wake_op: syz.0.108 tries to shift op by -2048; fix this program [ 128.582822][ T6454] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 129.168027][ T6489] vhci_hcd: not connected 4 [ 129.888781][ T6506] netlink: 4 bytes leftover after parsing attributes in process `syz.2.116'. [ 130.092131][ T30] audit: type=1800 audit(1782802720.223:7): pid=6508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.117" name=22050820 dev="tmpfs" ino=164 res=0 errno=0 [ 132.452103][ T6529] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 132.458500][ T6529] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 132.468593][ T6529] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 132.482256][ T6529] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 132.810758][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.823696][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.246022][ T5638] Bluetooth: hci1: command 0x0c1a tx timeout [ 134.299203][ T30] audit: type=1800 audit(1782802724.453:8): pid=6575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.130" name="dbroot" dev="configfs" ino=12198 res=0 errno=0 [ 134.485998][ T5638] Bluetooth: hci2: command 0x0c1a tx timeout [ 134.486020][ T5635] Bluetooth: hci3: command 0x0c1a tx timeout [ 134.486054][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 134.837487][ T6589] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.223154][ T6601] KVM: debugfs: duplicate directory 6601-3 [ 136.651986][ T6623] ubi0: attaching mtd0 [ 136.699987][ T6623] ubi0: scanning is finished [ 136.713766][ T6623] ubi0: empty MTD device detected [ 137.160746][ T6623] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 137.181821][ T6623] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 137.189470][ T6623] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 137.246436][ T6623] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 137.287037][ T6623] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 137.379516][ T6623] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 137.407476][ T6623] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4055904778 [ 137.424333][ T6623] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 137.447878][ T6630] ubi0: background thread "ubi_bgt0d" started, PID 6630 [ 137.473552][ T6627] ubi0: detaching mtd0 [ 137.659997][ T6627] ubi0: mtd0 is detached [ 141.467781][ T6661] kexec: Could not allocate control_code_buffer [ 141.484189][ T6719] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input12 [ 141.518416][ T30] audit: type=1400 audit(1782802731.663:9): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=6705 comm="syz.0.154" [ 141.649603][ T5635] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 141.726760][ T6708] &#$@\]\-: entered promiscuous mode [ 142.357629][ T6754] block nbd2: not configured, cannot reconfigure [ 143.339260][ T6793] netlink: 4 bytes leftover after parsing attributes in process `syz.2.164'. [ 145.424723][ T6807] usb usb16: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 146.101912][ T6862] ubi0: attaching mtd0 [ 146.135255][ T6862] ubi0: scanning is finished [ 146.637907][ T6862] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 146.657168][ T6862] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 146.679389][ T6862] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 146.698423][ T6862] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 146.729905][ T6862] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 146.765315][ T6862] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 146.784024][ T6862] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 4055904778 [ 146.806106][ T6862] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 146.862888][ T6873] ubi0: background thread "ubi_bgt0d" started, PID 6873 [ 148.545610][ T6899] random: crng reseeded on system resumption [ 148.645786][ T6899] netlink: 'syz.1.180': attribute type 10 has an invalid length. [ 148.678949][ T6899] netlink: 230 bytes leftover after parsing attributes in process `syz.1.180'. [ 148.729038][ T6900] FAULT_INJECTION: forcing a failure. [ 148.729038][ T6900] name failslab, interval 1, probability 0, space 0, times 0 [ 148.770152][ T6900] CPU: 0 UID: 0 PID: 6900 Comm: syz.2.179 Not tainted syzkaller #0 PREEMPT(full) [ 148.770193][ T6900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 148.770210][ T6900] Call Trace: [ 148.770218][ T6900] [ 148.770229][ T6900] dump_stack_lvl+0x100/0x190 [ 148.770270][ T6900] should_fail_ex.cold+0x5/0xa [ 148.770315][ T6900] should_failslab+0xc2/0x120 [ 148.770356][ T6900] kmem_cache_alloc_noprof+0x91/0x6a0 [ 148.770390][ T6900] ? get_close_on_exec+0x137/0x320 [ 148.770421][ T6900] ? mm_alloc+0x1b/0x60 [ 148.770457][ T6900] mm_alloc+0x1b/0x60 [ 148.770485][ T6900] alloc_bprm+0x2ba/0x9d0 [ 148.770525][ T6900] do_execveat_common.isra.0+0x19c/0x580 [ 148.770564][ T6900] ? do_getname+0x191/0x390 [ 148.770598][ T6900] __x64_sys_execveat+0xdf/0x130 [ 148.770642][ T6900] do_syscall_64+0x115/0x840 [ 148.770667][ T6900] ? clear_bhb_loop+0x40/0x90 [ 148.770701][ T6900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.770729][ T6900] RIP: 0033:0x7f134f99ce59 [ 148.770750][ T6900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 148.770775][ T6900] RSP: 002b:00007f13508e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 148.770799][ T6900] RAX: ffffffffffffffda RBX: 00007f134fc16090 RCX: 00007f134f99ce59 [ 148.770816][ T6900] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 148.770835][ T6900] RBP: 00007f134fa32e6f R08: 0000000000011000 R09: 0000000000000000 [ 148.770851][ T6900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.770867][ T6900] R13: 00007f134fc16128 R14: 00007f134fc16090 R15: 00007ffc63500728 [ 148.770903][ T6900] [ 149.979380][ T6920] FAULT_INJECTION: forcing a failure. [ 149.979380][ T6920] name failslab, interval 1, probability 0, space 0, times 0 [ 149.996061][ T6920] CPU: 1 UID: 0 PID: 6920 Comm: syz.1.184 Not tainted syzkaller #0 PREEMPT(full) [ 149.996099][ T6920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 149.996115][ T6920] Call Trace: [ 149.996123][ T6920] [ 149.996132][ T6920] dump_stack_lvl+0x100/0x190 [ 149.996168][ T6920] should_fail_ex.cold+0x5/0xa [ 149.996200][ T6920] should_failslab+0xc2/0x120 [ 149.996235][ T6920] __kmalloc_noprof+0xfc/0x820 [ 149.996266][ T6920] ? tomoyo_encode2+0xfb/0x3c0 [ 149.996305][ T6920] tomoyo_encode2+0xfb/0x3c0 [ 149.996342][ T6920] tomoyo_encode+0x29/0x50 [ 149.996374][ T6920] tomoyo_realpath_from_path+0x18c/0x690 [ 149.996415][ T6920] tomoyo_path_number_perm+0x23c/0x580 [ 149.996444][ T6920] ? tomoyo_path_number_perm+0x22e/0x580 [ 149.996475][ T6920] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 149.996536][ T6920] ? find_held_lock+0x2b/0x80 [ 149.996573][ T6920] ? __fget_files+0x215/0x3d0 [ 149.996595][ T6920] ? hook_file_ioctl_common+0x140/0x440 [ 149.996623][ T6920] ? __fget_files+0x215/0x3d0 [ 149.996651][ T6920] ? __fget_files+0x21f/0x3d0 [ 149.996679][ T6920] security_file_ioctl+0xd3/0x230 [ 149.996709][ T6920] __x64_sys_ioctl+0xb7/0x210 [ 149.996746][ T6920] do_syscall_64+0x115/0x840 [ 149.996769][ T6920] ? clear_bhb_loop+0x40/0x90 [ 149.996798][ T6920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.996823][ T6920] RIP: 0033:0x7f045bf9ce59 [ 149.996843][ T6920] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 149.996865][ T6920] RSP: 002b:00007f045ce8c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 149.996888][ T6920] RAX: ffffffffffffffda RBX: 00007f045c215fa0 RCX: 00007f045bf9ce59 [ 149.996904][ T6920] RDX: 0000200000000000 RSI: 00000000c0386105 RDI: 0000000000000003 [ 149.996920][ T6920] RBP: 00007f045ce8c090 R08: 0000000000000000 R09: 0000000000000000 [ 149.996934][ T6920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.996948][ T6920] R13: 00007f045c216038 R14: 00007f045c215fa0 R15: 00007ffdc5ef83d8 [ 149.996980][ T6920] [ 150.241279][ T6920] ERROR: Out of memory at tomoyo_realpath_from_path. [ 150.914880][ T6910] syz.3.183 (6910) used greatest stack depth: 19848 bytes left [ 152.149469][ T6959] FAULT_INJECTION: forcing a failure. [ 152.149469][ T6959] name failslab, interval 1, probability 0, space 0, times 0 [ 152.200177][ T6959] CPU: 0 UID: 0 PID: 6959 Comm: syz.2.193 Not tainted syzkaller #0 PREEMPT(full) [ 152.200212][ T6959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 152.200225][ T6959] Call Trace: [ 152.200232][ T6959] [ 152.200241][ T6959] dump_stack_lvl+0x100/0x190 [ 152.200276][ T6959] should_fail_ex.cold+0x5/0xa [ 152.200311][ T6959] should_failslab+0xc2/0x120 [ 152.200347][ T6959] __kmalloc_noprof+0xfc/0x820 [ 152.200378][ T6959] ? tomoyo_encode2+0xfb/0x3c0 [ 152.200418][ T6959] tomoyo_encode2+0xfb/0x3c0 [ 152.200461][ T6959] tomoyo_encode+0x29/0x50 [ 152.200496][ T6959] tomoyo_realpath_from_path+0x18c/0x690 [ 152.200550][ T6959] tomoyo_check_open_permission+0x2af/0x3c0 [ 152.200585][ T6959] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 152.200627][ T6959] ? hook_file_open+0x24f/0x8f0 [ 152.200685][ T6959] ? path_get+0x61/0x80 [ 152.200715][ T6959] tomoyo_file_open+0x6b/0x90 [ 152.200739][ T6959] security_file_open+0xb5/0x1e0 [ 152.200773][ T6959] do_dentry_open+0x588/0x14d0 [ 152.200806][ T6959] vfs_open+0x82/0x3f0 [ 152.200841][ T6959] path_openat+0x2873/0x4280 [ 152.200879][ T6959] ? __pfx_path_openat+0x10/0x10 [ 152.200911][ T6959] do_file_open+0x20e/0x430 [ 152.200938][ T6959] ? __pfx_do_file_open+0x10/0x10 [ 152.200987][ T6959] ? alloc_fd+0x471/0x7a0 [ 152.201015][ T6959] ? do_getname+0x191/0x390 [ 152.201049][ T6959] do_sys_openat2+0x10f/0x1e0 [ 152.201083][ T6959] ? __pfx_do_sys_openat2+0x10/0x10 [ 152.201118][ T6959] ? __fget_files+0x21f/0x3d0 [ 152.201149][ T6959] __x64_sys_openat+0x12d/0x210 [ 152.201184][ T6959] ? __pfx___x64_sys_openat+0x10/0x10 [ 152.201229][ T6959] do_syscall_64+0x115/0x840 [ 152.201254][ T6959] ? clear_bhb_loop+0x40/0x90 [ 152.201287][ T6959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.201315][ T6959] RIP: 0033:0x7f134f99ce59 [ 152.201334][ T6959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 152.201357][ T6959] RSP: 002b:00007f1350906028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 152.201380][ T6959] RAX: ffffffffffffffda RBX: 00007f134fc15fa0 RCX: 00007f134f99ce59 [ 152.201397][ T6959] RDX: 0000000000008602 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 152.201412][ T6959] RBP: 00007f134fa32e6f R08: 0000000000000000 R09: 0000000000000000 [ 152.201427][ T6959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.201441][ T6959] R13: 00007f134fc16038 R14: 00007f134fc15fa0 R15: 00007ffc63500728 [ 152.201474][ T6959] [ 152.267466][ T6959] ERROR: Out of memory at tomoyo_realpath_from_path. [ 152.838463][ T6967] netlink: zone id is out of range [ 152.847099][ T6967] netlink: zone id is out of range [ 152.862258][ T6967] netlink: zone id is out of range [ 152.878015][ T6967] netlink: zone id is out of range [ 152.891846][ T6967] netlink: zone id is out of range [ 152.901918][ T6967] netlink: zone id is out of range [ 152.908777][ T6967] netlink: zone id is out of range [ 152.923609][ T6967] netlink: zone id is out of range [ 152.934925][ T6967] netlink: zone id is out of range [ 152.942102][ T6967] netlink: zone id is out of range [ 153.497185][ T6951] FAULT_INJECTION: forcing a failure. [ 153.497185][ T6951] name failslab, interval 1, probability 0, space 0, times 0 [ 153.645823][ T6951] CPU: 0 UID: 0 PID: 6951 Comm: syz.3.190 Not tainted syzkaller #0 PREEMPT(full) [ 153.645847][ T6951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 153.645856][ T6951] Call Trace: [ 153.645862][ T6951] [ 153.645869][ T6951] dump_stack_lvl+0x100/0x190 [ 153.645916][ T6951] should_fail_ex.cold+0x5/0xa [ 153.645950][ T6951] should_failslab+0xc2/0x120 [ 153.645986][ T6951] __kmalloc_cache_noprof+0x91/0x6c0 [ 153.646013][ T6951] ? find_held_lock+0x2b/0x80 [ 153.646048][ T6951] ? rcu_read_unlock+0x17/0x60 [ 153.646087][ T6951] ? alloc_mnt_ns+0xce/0x520 [ 153.646129][ T6951] alloc_mnt_ns+0xce/0x520 [ 153.646170][ T6951] copy_mnt_ns+0x308/0x1180 [ 153.646204][ T6951] ? rcu_is_watching+0x12/0xc0 [ 153.646235][ T6951] ? __pfx_copy_mnt_ns+0x10/0x10 [ 153.646264][ T6951] ? kmem_cache_alloc_noprof+0x2d7/0x6a0 [ 153.646295][ T6951] ? create_new_namespaces+0x30/0xac0 [ 153.646329][ T6951] create_new_namespaces+0xd3/0xac0 [ 153.646355][ T6951] ? bpf_lsm_capable+0x9/0x10 [ 153.646394][ T6951] ? security_capable+0x80/0x260 [ 153.646428][ T6951] unshare_nsproxy_namespaces+0xf2/0x220 [ 153.646461][ T6951] ksys_unshare+0x438/0xab0 [ 153.646496][ T6951] ? __pfx_ksys_unshare+0x10/0x10 [ 153.646540][ T6951] __x64_sys_unshare+0x31/0x40 [ 153.646572][ T6951] do_syscall_64+0x115/0x840 [ 153.646596][ T6951] ? clear_bhb_loop+0x40/0x90 [ 153.646631][ T6951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.646656][ T6951] RIP: 0033:0x7f3e5cd9ce59 [ 153.646678][ T6951] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 153.646702][ T6951] RSP: 002b:00007f3e5dce6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 153.646726][ T6951] RAX: ffffffffffffffda RBX: 00007f3e5d016090 RCX: 00007f3e5cd9ce59 [ 153.646741][ T6951] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008100000 [ 153.646758][ T6951] RBP: 00007f3e5ce32e6f R08: 0000000000000000 R09: 0000000000000000 [ 153.646772][ T6951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 153.646785][ T6951] R13: 00007f3e5d016128 R14: 00007f3e5d016090 R15: 00007ffdc2bf1da8 [ 153.646820][ T6951] [ 154.378624][ T6985] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off [ 154.394743][ T6985] pci 0000:00:01.3: PCI INT A: no GSI [ 154.526564][ T6987] syz.1.199 uses obsolete (PF_INET,SOCK_PACKET) [ 154.745029][ T6991] netlink: 'syz.3.200': attribute type 23 has an invalid length. [ 155.083666][ T6996] futex_wake_op: syz.3.201 tries to shift op by -2048; fix this program [ 156.231905][ T7016] ima: policy update failed [ 156.258783][ T30] audit: type=1802 audit(1782802746.403:10): pid=7016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.205" res=0 errno=0 [ 156.442994][ T7012] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 156.461143][ T7012] File: /dev/nullb0 PID: 7012 Comm: syz.1.203 [ 157.741557][ T7039] futex_wake_op: syz.1.211 tries to shift op by -2048; fix this program [ 157.781217][ T7039] futex_wake_op: syz.1.211 tries to shift op by -2048; fix this program [ 158.983685][ T7053] ======================================================= [ 158.983685][ T7053] WARNING: The mand mount option has been deprecated and [ 158.983685][ T7053] and is ignored by this kernel. Remove the mand [ 158.983685][ T7053] option from the mount to silence this warning. [ 158.983685][ T7053] ======================================================= [ 159.204551][ T7059] netlink: 12 bytes leftover after parsing attributes in process `syz.1.213'. [ 159.629708][ T7059] syz.1.213 (7059) used greatest stack depth: 19768 bytes left [ 159.699731][ T7069] sd 0:0:1:0: PR command failed: 1026 [ 159.708532][ T7069] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 159.723582][ T7069] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 163.129456][ T7122] netlink: 8 bytes leftover after parsing attributes in process `syz.1.225'. [ 164.833652][ T7147] FAULT_INJECTION: forcing a failure. [ 164.833652][ T7147] name failslab, interval 1, probability 0, space 0, times 0 [ 164.880244][ T7147] CPU: 1 UID: 0 PID: 7147 Comm: syz.2.230 Not tainted syzkaller #0 PREEMPT(full) [ 164.880291][ T7147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 164.880308][ T7147] Call Trace: [ 164.880317][ T7147] [ 164.880327][ T7147] dump_stack_lvl+0x100/0x190 [ 164.880366][ T7147] should_fail_ex.cold+0x5/0xa [ 164.880402][ T7147] should_failslab+0xc2/0x120 [ 164.880441][ T7147] __kvmalloc_node_noprof+0x116/0x970 [ 164.880480][ T7147] ? io_uring_setup.cold+0x1f4/0x1c2e [ 164.880532][ T7147] io_uring_setup.cold+0x1f4/0x1c2e [ 164.880576][ T7147] ? ksys_write+0x190/0x250 [ 164.880602][ T7147] ? ksys_write+0x190/0x250 [ 164.880627][ T7147] ? __pfx_io_uring_setup+0x10/0x10 [ 164.880655][ T7147] ? do_futex+0x190/0x440 [ 164.880687][ T7147] ? __pfx_do_futex+0x10/0x10 [ 164.880732][ T7147] ? xfd_validate_state+0x129/0x190 [ 164.880774][ T7147] __x64_sys_io_uring_setup+0xc2/0x170 [ 164.880803][ T7147] do_syscall_64+0x115/0x840 [ 164.880828][ T7147] ? clear_bhb_loop+0x40/0x90 [ 164.880861][ T7147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.880890][ T7147] RIP: 0033:0x7f134f99ce59 [ 164.880913][ T7147] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 164.880938][ T7147] RSP: 002b:00007f1350906028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 164.880964][ T7147] RAX: ffffffffffffffda RBX: 00007f134fc15fa0 RCX: 00007f134f99ce59 [ 164.880982][ T7147] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 164.880997][ T7147] RBP: 00007f134fa32e6f R08: 0000000000000000 R09: 0000000000000000 [ 164.881013][ T7147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.881028][ T7147] R13: 00007f134fc16038 R14: 00007f134fc15fa0 R15: 00007ffc63500728 [ 164.881060][ T7147] [ 165.638717][ T7157] FAULT_INJECTION: forcing a failure. [ 165.638717][ T7157] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 165.690508][ T7157] CPU: 1 UID: 0 PID: 7157 Comm: syz.3.231 Not tainted syzkaller #0 PREEMPT(full) [ 165.690547][ T7157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 165.690564][ T7157] Call Trace: [ 165.690573][ T7157] [ 165.690583][ T7157] dump_stack_lvl+0x100/0x190 [ 165.690625][ T7157] should_fail_ex.cold+0x5/0xa [ 165.690655][ T7157] ? prepare_alloc_pages+0x16d/0x5f0 [ 165.690699][ T7157] should_fail_alloc_page+0xeb/0x140 [ 165.690740][ T7157] prepare_alloc_pages+0x1f0/0x5f0 [ 165.690776][ T7157] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 165.690814][ T7157] ? rcu_is_watching+0x12/0xc0 [ 165.690849][ T7157] __alloc_frozen_pages_noprof+0x1af/0x2dc0 [ 165.690885][ T7157] ? kernel_text_address+0x8d/0x100 [ 165.690923][ T7157] ? __kernel_text_address+0xd/0x30 [ 165.690962][ T7157] ? unwind_get_return_address+0x59/0xa0 [ 165.691003][ T7157] ? arch_stack_walk+0xa6/0xf0 [ 165.691039][ T7157] ? __bfs+0x150/0x2a0 [ 165.691084][ T7157] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 165.691117][ T7157] ? __bfs+0x150/0x2a0 [ 165.691158][ T7157] ? check_noncircular+0x97/0x160 [ 165.691219][ T7157] ? check_prev_add+0x354/0xe60 [ 165.691260][ T7157] ? __css_rstat_updated+0x1ce/0x5a0 [ 165.691306][ T7157] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 165.691351][ T7157] ? policy_nodemask+0xed/0x4f0 [ 165.691393][ T7157] alloc_pages_mpol+0x1fb/0x540 [ 165.691436][ T7157] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 165.691472][ T7157] ? __thp_vma_allowable_orders+0x1d9/0xf00 [ 165.691517][ T7157] ? do_raw_spin_lock+0x128/0x260 [ 165.691552][ T7157] alloc_pages_noprof+0x1a/0x160 [ 165.691579][ T7157] pte_alloc_one+0x1c/0x3d0 [ 165.691622][ T7157] do_fault+0x86c/0x1750 [ 165.691661][ T7157] ? __pmd_alloc+0x3fb/0x950 [ 165.691704][ T7157] __handle_mm_fault+0x187d/0x2a00 [ 165.691739][ T7157] ? mt_find+0x45e/0x8e0 [ 165.691770][ T7157] ? __pfx___handle_mm_fault+0x10/0x10 [ 165.691797][ T7157] ? __pfx_mt_find+0x10/0x10 [ 165.691846][ T7157] ? find_vma+0xbf/0x140 [ 165.691880][ T7157] ? __pfx_find_vma+0x10/0x10 [ 165.691916][ T7157] handle_mm_fault+0x37b/0xa30 [ 165.691951][ T7157] do_user_addr_fault+0x74c/0x12f0 [ 165.692001][ T7157] exc_page_fault+0x6f/0xd0 [ 165.692044][ T7157] asm_exc_page_fault+0x26/0x30 [ 165.692072][ T7157] RIP: 0010:rep_movs_alternative+0x4a/0xa0 [ 165.692109][ T7157] Code: 9d 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 4f 9d 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 165.692135][ T7157] RSP: 0018:ffffc9000357fb70 EFLAGS: 00050206 [ 165.692157][ T7157] RAX: 0000000000000001 RBX: ffff888078eec000 RCX: 0000000000000800 [ 165.692174][ T7157] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888078eec000 [ 165.692190][ T7157] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100f1dd8ff [ 165.692216][ T7157] R10: ffff888078eec7ff R11: 0000000000000000 R12: ffffc9000357fd80 [ 165.692234][ T7157] R13: 0000000000000000 R14: 0000000000000800 R15: 0000000000000000 [ 165.692269][ T7157] _copy_from_iter+0x355/0x1690 [ 165.692317][ T7157] ? rcu_is_watching+0x12/0xc0 [ 165.692352][ T7157] ? __pfx__copy_from_iter+0x10/0x10 [ 165.692390][ T7157] ? __kasan_kmalloc+0xaa/0xb0 [ 165.692426][ T7157] ? __kvmalloc_node_noprof+0x36d/0x970 [ 165.692458][ T7157] ? file_tty_write.isra.0+0x694/0x890 [ 165.692493][ T7157] ? rcu_is_watching+0x12/0xc0 [ 165.692524][ T7157] ? file_tty_write.isra.0+0x694/0x890 [ 165.692556][ T7157] ? kfree+0x1e5/0x6c0 [ 165.692587][ T7157] file_tty_write.isra.0+0x45b/0x890 [ 165.692629][ T7157] vfs_write+0x6ac/0x1050 [ 165.692657][ T7157] ? __pfx_tty_write+0x10/0x10 [ 165.692694][ T7157] ? __pfx_vfs_write+0x10/0x10 [ 165.692717][ T7157] ? find_held_lock+0x2b/0x80 [ 165.692776][ T7157] ksys_write+0x12a/0x250 [ 165.692802][ T7157] ? __pfx_ksys_write+0x10/0x10 [ 165.692839][ T7157] do_syscall_64+0x115/0x840 [ 165.692862][ T7157] ? clear_bhb_loop+0x40/0x90 [ 165.692896][ T7157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.692923][ T7157] RIP: 0033:0x7f3e5cd9ce59 [ 165.692945][ T7157] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 165.692969][ T7157] RSP: 002b:00007f3e5dcc5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 165.692994][ T7157] RAX: ffffffffffffffda RBX: 00007f3e5d016180 RCX: 00007f3e5cd9ce59 [ 165.693013][ T7157] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 165.693028][ T7157] RBP: 00007f3e5ce32e6f R08: 0000000000000000 R09: 0000000000000000 [ 165.693043][ T7157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 165.693058][ T7157] R13: 00007f3e5d016218 R14: 00007f3e5d016180 R15: 00007ffdc2bf1da8 [ 165.693095][ T7157] [ 167.852861][ T7177] netlink: 16 bytes leftover after parsing attributes in process `syz.0.236'. [ 167.891904][ T7180] FAULT_INJECTION: forcing a failure. [ 167.891904][ T7180] name failslab, interval 1, probability 0, space 0, times 0 [ 167.918562][ T7180] CPU: 0 UID: 0 PID: 7180 Comm: syz.1.237 Not tainted syzkaller #0 PREEMPT(full) [ 167.918586][ T7180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 167.918595][ T7180] Call Trace: [ 167.918600][ T7180] [ 167.918606][ T7180] dump_stack_lvl+0x100/0x190 [ 167.918629][ T7180] should_fail_ex.cold+0x5/0xa [ 167.918651][ T7180] should_failslab+0xc2/0x120 [ 167.918672][ T7180] __kmalloc_cache_noprof+0x91/0x6c0 [ 167.918688][ T7180] ? fib_net_init+0x1a4/0x440 [ 167.918713][ T7180] fib_net_init+0x1a4/0x440 [ 167.918733][ T7180] ? is_module_address+0x69/0xf0 [ 167.918749][ T7180] ? __pfx_fib_net_init+0x10/0x10 [ 167.918770][ T7180] ? timer_init_key+0x150/0x310 [ 167.918794][ T7180] ? devinet_init_net+0x56c/0x8d0 [ 167.918818][ T7180] ? __pfx_fib_net_init+0x10/0x10 [ 167.918839][ T7180] ops_init+0x1e2/0x5f0 [ 167.918858][ T7180] setup_net+0x118/0x3a0 [ 167.918876][ T7180] ? __pfx_setup_net+0x10/0x10 [ 167.918894][ T7180] ? mutex_init_lockdep+0xf1/0x120 [ 167.918912][ T7180] copy_net_ns+0x46f/0x7c0 [ 167.918932][ T7180] create_new_namespaces+0x3ea/0xac0 [ 167.918952][ T7180] unshare_nsproxy_namespaces+0xf2/0x220 [ 167.918970][ T7180] ksys_unshare+0x438/0xab0 [ 167.918990][ T7180] ? __pfx_ksys_unshare+0x10/0x10 [ 167.919015][ T7180] __x64_sys_unshare+0x31/0x40 [ 167.919032][ T7180] do_syscall_64+0x115/0x840 [ 167.919046][ T7180] ? clear_bhb_loop+0x40/0x90 [ 167.919071][ T7180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.919086][ T7180] RIP: 0033:0x7f045bf9ce59 [ 167.919099][ T7180] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 167.919112][ T7180] RSP: 002b:00007f045ce8c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 167.919127][ T7180] RAX: ffffffffffffffda RBX: 00007f045c215fa0 RCX: 00007f045bf9ce59 [ 167.919136][ T7180] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 167.919144][ T7180] RBP: 00007f045c032e6f R08: 0000000000000000 R09: 0000000000000000 [ 167.919156][ T7180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.919164][ T7180] R13: 00007f045c216038 R14: 00007f045c215fa0 R15: 00007ffdc5ef83d8 [ 167.919183][ T7180] [ 170.167674][ T5635] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 170.712617][ T7217] futex_wake_op: syz.1.245 tries to shift op by -2048; fix this program [ 170.966721][ T7221] FAULT_INJECTION: forcing a failure. [ 170.966721][ T7221] name failslab, interval 1, probability 0, space 0, times 0 [ 170.985990][ T7221] CPU: 0 UID: 0 PID: 7221 Comm: syz.0.246 Not tainted syzkaller #0 PREEMPT(full) [ 170.986032][ T7221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 170.986049][ T7221] Call Trace: [ 170.986058][ T7221] [ 170.986069][ T7221] dump_stack_lvl+0x100/0x190 [ 170.986111][ T7221] should_fail_ex.cold+0x5/0xa [ 170.986153][ T7221] should_failslab+0xc2/0x120 [ 170.986192][ T7221] kmem_cache_alloc_noprof+0x91/0x6a0 [ 170.986231][ T7221] ? pidfs_register_pid_gfp+0x98/0x1f0 [ 170.986263][ T7221] pidfs_register_pid_gfp+0x98/0x1f0 [ 170.986290][ T7221] unix_socketpair+0xcc/0x840 [ 170.986321][ T7221] __sys_socketpair+0x2f7/0x5b0 [ 170.986364][ T7221] ? __pfx___sys_socketpair+0x10/0x10 [ 170.986391][ T7221] ? xfd_validate_state+0x129/0x190 [ 170.986434][ T7221] __x64_sys_socketpair+0x96/0x100 [ 170.986459][ T7221] ? lockdep_hardirqs_on+0x78/0x100 [ 170.986502][ T7221] do_syscall_64+0x115/0x840 [ 170.986524][ T7221] ? clear_bhb_loop+0x40/0x90 [ 170.986557][ T7221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.986582][ T7221] RIP: 0033:0x7f466b79ce59 [ 170.986605][ T7221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 170.986630][ T7221] RSP: 002b:00007f466c6e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 170.986656][ T7221] RAX: ffffffffffffffda RBX: 00007f466ba15fa0 RCX: 00007f466b79ce59 [ 170.986675][ T7221] RDX: 8000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 170.986692][ T7221] RBP: 00007f466b832e6f R08: 0000000000000000 R09: 0000000000000000 [ 170.986708][ T7221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 170.986722][ T7221] R13: 00007f466ba16038 R14: 00007f466ba15fa0 R15: 00007ffed1163608 [ 170.986754][ T7221] [ 172.452053][ T7227] Process accounting resumed [ 172.927613][ T7218] kexec: Could not allocate control_code_buffer [ 173.327630][ T5635] Bluetooth: hci2: unexpected event 0x0f length: 7 > 4 [ 173.327677][ T5635] Bluetooth: hci2: unexpected event for opcode 0x647c [ 173.691485][ T7261] futex_wake_op: syz.2.255 tries to shift op by -2048; fix this program [ 177.723012][ T7296] capability: warning: `syz.3.261' uses deprecated v2 capabilities in a way that may be insecure [ 177.879717][ T7274] kexec: Could not allocate control_code_buffer [ 178.465404][ T7310] FAULT_INJECTION: forcing a failure. [ 178.465404][ T7310] name failslab, interval 1, probability 0, space 0, times 0 [ 178.492888][ T7310] CPU: 1 UID: 0 PID: 7310 Comm: syz.1.264 Tainted: G L syzkaller #0 PREEMPT(full) [ 178.492936][ T7310] Tainted: [L]=SOFTLOCKUP [ 178.492947][ T7310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 178.492963][ T7310] Call Trace: [ 178.492972][ T7310] [ 178.492983][ T7310] dump_stack_lvl+0x100/0x190 [ 178.493025][ T7310] should_fail_ex.cold+0x5/0xa [ 178.493063][ T7310] should_failslab+0xc2/0x120 [ 178.493102][ T7310] kmem_cache_alloc_noprof+0x91/0x6a0 [ 178.493139][ T7310] ? do_getname+0x35/0x390 [ 178.493178][ T7310] do_getname+0x35/0x390 [ 178.493217][ T7310] do_sys_openat2+0xc7/0x1e0 [ 178.493263][ T7310] ? __pfx_do_sys_openat2+0x10/0x10 [ 178.493304][ T7310] ? fput+0x79/0x100 [ 178.493343][ T7310] __x64_sys_openat+0x12d/0x210 [ 178.493381][ T7310] ? __pfx___x64_sys_openat+0x10/0x10 [ 178.493431][ T7310] do_syscall_64+0x115/0x840 [ 178.493456][ T7310] ? clear_bhb_loop+0x40/0x90 [ 178.493490][ T7310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.493517][ T7310] RIP: 0033:0x7f045bf9ce59 [ 178.493540][ T7310] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 178.493566][ T7310] RSP: 002b:00007f045ce8c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 178.493593][ T7310] RAX: ffffffffffffffda RBX: 00007f045c215fa0 RCX: 00007f045bf9ce59 [ 178.493611][ T7310] RDX: 00000000001e0240 RSI: 00002000000011c0 RDI: ffffffffffffff9c [ 178.493629][ T7310] RBP: 00007f045c032e6f R08: 0000000000000000 R09: 0000000000000000 [ 178.493645][ T7310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.493661][ T7310] R13: 00007f045c216038 R14: 00007f045c215fa0 R15: 00007ffdc5ef83d8 [ 178.493698][ T7310] [ 180.729917][ T7347] bond0: invalid ARP target specified [ 180.798367][ T7347] nbd: socks must be embedded in a SOCK_ITEM attr [ 180.860588][ T7349] netlink: 28 bytes leftover after parsing attributes in process `syz.1.273'. [ 180.885801][ T7347] block nbd0: shutting down sockets [ 180.999348][ T7349] team0 (unregistering): Port device team_slave_0 removed [ 181.020287][ T7349] team0 (unregistering): Port device team_slave_1 removed [ 181.029944][ T7348] random: crng reseeded on system resumption [ 181.092854][ T7348] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 181.917856][ T7368] FAULT_INJECTION: forcing a failure. [ 181.917856][ T7368] name failslab, interval 1, probability 0, space 0, times 0 [ 181.965449][ T7368] CPU: 1 UID: 0 PID: 7368 Comm: syz.2.277 Tainted: G L syzkaller #0 PREEMPT(full) [ 181.965490][ T7368] Tainted: [L]=SOFTLOCKUP [ 181.965500][ T7368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 181.965516][ T7368] Call Trace: [ 181.965525][ T7368] [ 181.965535][ T7368] dump_stack_lvl+0x100/0x190 [ 181.965575][ T7368] should_fail_ex.cold+0x5/0xa [ 181.965614][ T7368] should_failslab+0xc2/0x120 [ 181.965654][ T7368] kmem_cache_alloc_noprof+0x91/0x6a0 [ 181.965688][ T7368] ? __proc_create+0xc1/0x8f0 [ 181.965715][ T7368] ? __proc_create+0xc1/0x8f0 [ 181.965741][ T7368] ? __proc_create+0x247/0x8f0 [ 181.965775][ T7368] __proc_create+0x247/0x8f0 [ 181.965806][ T7368] ? __pfx___proc_create+0x10/0x10 [ 181.965839][ T7368] ? _raw_spin_unlock+0x28/0x50 [ 181.965879][ T7368] proc_create_reg+0x75/0x170 [ 181.965910][ T7368] proc_create_net_data+0x8e/0x1c0 [ 181.965940][ T7368] ? __pfx_proc_create_net_data+0x10/0x10 [ 181.965976][ T7368] ? __pfx_arp_net_init+0x10/0x10 [ 181.966004][ T7368] arp_net_init+0x53/0x80 [ 181.966030][ T7368] ops_init+0x1e2/0x5f0 [ 181.966067][ T7368] setup_net+0x118/0x3a0 [ 181.966101][ T7368] ? __pfx_setup_net+0x10/0x10 [ 181.966135][ T7368] ? mutex_init_lockdep+0xf1/0x120 [ 181.966168][ T7368] copy_net_ns+0x46f/0x7c0 [ 181.966206][ T7368] create_new_namespaces+0x3ea/0xac0 [ 181.966243][ T7368] unshare_nsproxy_namespaces+0xf2/0x220 [ 181.966278][ T7368] ksys_unshare+0x438/0xab0 [ 181.966322][ T7368] ? __pfx_ksys_unshare+0x10/0x10 [ 181.966368][ T7368] __x64_sys_unshare+0x31/0x40 [ 181.966400][ T7368] do_syscall_64+0x115/0x840 [ 181.966423][ T7368] ? clear_bhb_loop+0x40/0x90 [ 181.966456][ T7368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.966484][ T7368] RIP: 0033:0x7f134f99ce59 [ 181.966507][ T7368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 181.966532][ T7368] RSP: 002b:00007f1350906028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 181.966558][ T7368] RAX: ffffffffffffffda RBX: 00007f134fc15fa0 RCX: 00007f134f99ce59 [ 181.966576][ T7368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 181.966593][ T7368] RBP: 00007f134fa32e6f R08: 0000000000000000 R09: 0000000000000000 [ 181.966609][ T7368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 181.966624][ T7368] R13: 00007f134fc16038 R14: 00007f134fc15fa0 R15: 00007ffc63500728 [ 181.966661][ T7368] [ 182.874106][ T7381] zswap: compressor not available [ 184.840962][ T7401] binder: 7400:7401 unknown command 1936094318 [ 184.848106][ T7401] binder: 7400:7401 ioctl c0306201 0 returned -22 [ 186.884955][ T7394] kexec: Could not allocate control_code_buffer [ 187.175160][ T7429] vivid-007: ================= START STATUS ================= [ 187.209233][ T7429] vivid-007: Generate PTS: true [ 187.229662][ T7429] vivid-007: Generate SCR: true [ 187.258043][ T7429] tpg source WxH: 320x240 (Y'CbCr) [ 187.272377][ T7429] tpg field: 1 [ 187.281988][ T7429] tpg crop: (0,0)/320x240 [ 187.286589][ T7436] netlink: 8 bytes leftover after parsing attributes in process `syz.3.289'. [ 187.299796][ T7429] tpg compose: (0,0)/320x240 [ 187.312846][ T7429] tpg colorspace: 8 [ 187.335938][ T7429] tpg transfer function: 0/0 [ 187.347391][ T7429] tpg Y'CbCr encoding: 0/0 [ 187.367493][ T7429] tpg quantization: 0/0 [ 187.384579][ T7429] tpg RGB range: 0/2 [ 187.397592][ T7440] futex_wake_op: syz.0.290 tries to shift op by -2048; fix this program [ 187.410504][ T7429] vivid-007: ================== END STATUS ================== [ 189.926469][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 189.949638][ T7450] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 190.259915][ T7450] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 190.290325][ T7450] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 190.316130][ T7450] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 191.204271][ T7477] block2mtd: illegal erase size [ 191.935920][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 192.096071][ T5635] Bluetooth: hci0: command 0x0c1a tx timeout [ 192.326001][ T4943] Bluetooth: hci3: command 0x0c1a tx timeout [ 192.332175][ T5635] Bluetooth: hci2: command 0x0c1a tx timeout [ 192.976989][ T7498] netlink: 28 bytes leftover after parsing attributes in process `syz.1.299'. [ 194.251920][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.260903][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.637408][ T30] audit: type=1800 audit(1843104549.960:11): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.303" name="dbroot" dev="configfs" ino=17490 res=0 errno=0 [ 198.414188][ T7517] kexec: Could not allocate control_code_buffer [ 198.676807][ T7545] futex_wake_op: syz.2.309 tries to shift op by -2048; fix this program [ 201.864378][ T7594] netlink: 16 bytes leftover after parsing attributes in process `syz.0.319'. [ 205.191510][ T7603] kexec: Could not allocate control_code_buffer [ 205.729837][ T7594] Process accounting paused [ 207.778483][ T30] audit: type=1800 audit(1843104563.090:12): pid=7658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.332" name="discovery_nqn" dev="configfs" ino=18102 res=0 errno=0 [ 208.052929][ T5635] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 208.983847][ T7676] netlink: 25 bytes leftover after parsing attributes in process `syz.3.335'. [ 209.230014][ T7676] netlink: 13 bytes leftover after parsing attributes in process `syz.3.335'. [ 209.648076][ T7689] ubi: mtd0 is already attached to ubi0 [ 210.086036][ T4943] Bluetooth: hci3: command 0x0c1a tx timeout [ 211.269241][ T7713] netlink: 28 bytes leftover after parsing attributes in process `syz.0.346'. [ 211.322629][ T7716] FAULT_INJECTION: forcing a failure. [ 211.322629][ T7716] name fail_futex, interval 1, probability 0, space 0, times 0 [ 211.336022][ T7716] CPU: 0 UID: 0 PID: 7716 Comm: syz.1.347 Tainted: G L syzkaller #0 PREEMPT(full) [ 211.336066][ T7716] Tainted: [L]=SOFTLOCKUP [ 211.336076][ T7716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 211.336091][ T7716] Call Trace: [ 211.336100][ T7716] [ 211.336108][ T7716] dump_stack_lvl+0x100/0x190 [ 211.336152][ T7716] should_fail_ex.cold+0x5/0xa [ 211.336187][ T7716] should_fail_futex+0x4c/0x60 [ 211.336212][ T7716] futex_lock_pi_atomic+0xe7/0xaf0 [ 211.336258][ T7716] futex_lock_pi+0x278/0x7f0 [ 211.336299][ T7716] ? __pfx_futex_lock_pi+0x10/0x10 [ 211.336335][ T7716] ? __pfx___futex_wait+0x10/0x10 [ 211.336378][ T7716] ? __pfx_try_to_wake_up+0x10/0x10 [ 211.336444][ T7716] ? __pfx_futex_wake_mark+0x10/0x10 [ 211.336494][ T7716] ? rcu_read_lock_any_held+0x6a/0xa0 [ 211.336532][ T7716] ? find_held_lock+0x2b/0x80 [ 211.336565][ T7716] ? ksys_write+0x190/0x250 [ 211.336596][ T7716] do_futex+0x371/0x440 [ 211.336626][ T7716] ? __pfx_do_futex+0x10/0x10 [ 211.336655][ T7716] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 211.336706][ T7716] __x64_sys_futex+0x34f/0x4d0 [ 211.336741][ T7716] ? __pfx___x64_sys_futex+0x10/0x10 [ 211.336783][ T7716] do_syscall_64+0x115/0x840 [ 211.336807][ T7716] ? clear_bhb_loop+0x40/0x90 [ 211.336839][ T7716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.336862][ T7716] RIP: 0033:0x7f045bf9ce59 [ 211.336884][ T7716] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 211.336909][ T7716] RSP: 002b:00007f045ce8c028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 211.336933][ T7716] RAX: ffffffffffffffda RBX: 00007f045c215fa0 RCX: 00007f045bf9ce59 [ 211.336950][ T7716] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 211.336963][ T7716] RBP: 00007f045c032e6f R08: 0000000000000000 R09: 000000008000fff5 [ 211.336979][ T7716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 211.336994][ T7716] R13: 00007f045c216038 R14: 00007f045c215fa0 R15: 00007ffdc5ef83d8 [ 211.337026][ T7716] [ 212.169506][ T4943] Bluetooth: hci3: command 0x0c1a tx timeout [ 214.570751][ T30] audit: type=1107 audit(1843104569.890:13): pid=7728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 214.627643][ T7740] bond0: option fail_over_mac: invalid value () [ 214.639114][ T30] audit: type=1107 audit(1843104569.910:14): pid=7728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 216.477041][ T7734] kexec: Could not allocate control_code_buffer [ 217.025543][ T7753] vhci_hcd: not connected 4 [ 217.853098][ T7770] netlink: 28 bytes leftover after parsing attributes in process `syz.1.358'. [ 217.874475][ T7770] batadv0: entered promiscuous mode [ 217.886300][ T7770] netlink: 28 bytes leftover after parsing attributes in process `syz.1.358'. [ 218.335314][ T7778] FAULT_INJECTION: forcing a failure. [ 218.335314][ T7778] name failslab, interval 1, probability 0, space 0, times 0 [ 218.512877][ T7778] CPU: 1 UID: 0 PID: 7778 Comm: syz.3.359 Tainted: G L syzkaller #0 PREEMPT(full) [ 218.512919][ T7778] Tainted: [L]=SOFTLOCKUP [ 218.512925][ T7778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 218.512934][ T7778] Call Trace: [ 218.512939][ T7778] [ 218.512945][ T7778] dump_stack_lvl+0x100/0x190 [ 218.512969][ T7778] should_fail_ex.cold+0x5/0xa [ 218.512989][ T7778] should_failslab+0xc2/0x120 [ 218.513010][ T7778] kmem_cache_alloc_noprof+0x91/0x6a0 [ 218.513027][ T7778] ? __pfx_map_id_range_down+0x10/0x10 [ 218.513047][ T7778] ? rcu_is_watching+0x12/0xc0 [ 218.513063][ T7778] ? security_inode_alloc+0x3b/0x2c0 [ 218.513083][ T7778] security_inode_alloc+0x3b/0x2c0 [ 218.513102][ T7778] inode_init_always_gfp+0xc77/0xfb0 [ 218.513120][ T7778] alloc_inode+0x8e/0x250 [ 218.513149][ T7778] new_inode+0x22/0x1c0 [ 218.513184][ T7778] shmem_get_inode+0x1e3/0xf70 [ 218.513207][ T7778] ? __pfx_shmem_get_inode+0x10/0x10 [ 218.513250][ T7778] __shmem_file_setup+0x382/0x460 [ 218.513276][ T7778] ? __pfx___shmem_file_setup+0x10/0x10 [ 218.513306][ T7778] ? vm_area_alloc+0x1f/0x160 [ 218.513323][ T7778] shmem_zero_setup+0x96/0x1b0 [ 218.513341][ T7778] __mmap_region+0x24ef/0x2db0 [ 218.513361][ T7778] ? __pfx___mmap_region+0x10/0x10 [ 218.513380][ T7778] ? __lock_acquire+0x49f/0x1a40 [ 218.513405][ T7778] ? __lock_acquire+0x49f/0x1a40 [ 218.513426][ T7778] ? hrtimer_start_range_ns_common+0x78e/0x18b0 [ 218.513452][ T7778] ? rcu_is_watching+0x12/0xc0 [ 218.513469][ T7778] ? finish_task_switch.isra.0+0x2c5/0x10c0 [ 218.513485][ T7778] ? lockdep_hardirqs_on+0x78/0x100 [ 218.513535][ T7778] mmap_region+0x35d/0x620 [ 218.513552][ T7778] ? rcu_is_watching+0x12/0xc0 [ 218.513568][ T7778] ? __pfx_mmap_region+0x10/0x10 [ 218.513587][ T7778] ? cap_mmap_addr+0x4b/0x120 [ 218.513601][ T7778] ? bpf_lsm_mmap_addr+0x9/0x30 [ 218.513614][ T7778] ? security_mmap_addr+0x71/0x1e0 [ 218.513633][ T7778] ? __get_unmapped_area+0x255/0x3e0 [ 218.513655][ T7778] do_mmap+0xc63/0x12f0 [ 218.513678][ T7778] ? __pfx_do_mmap+0x10/0x10 [ 218.513697][ T7778] ? __pfx_down_write_killable+0x10/0x10 [ 218.513712][ T7778] ? __pfx_futex_wait+0x10/0x10 [ 218.513733][ T7778] vm_mmap_pgoff+0x29e/0x470 [ 218.513756][ T7778] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 218.513779][ T7778] ? __pfx_do_futex+0x10/0x10 [ 218.513801][ T7778] ksys_mmap_pgoff+0xe4/0x610 [ 218.513821][ T7778] ? __x64_sys_futex+0x358/0x4d0 [ 218.513837][ T7778] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 218.513856][ T7778] ? xfd_validate_state+0x129/0x190 [ 218.513877][ T7778] __x64_sys_mmap+0x125/0x190 [ 218.513896][ T7778] do_syscall_64+0x115/0x840 [ 218.513909][ T7778] ? clear_bhb_loop+0x40/0x90 [ 218.513926][ T7778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.513941][ T7778] RIP: 0033:0x7f3e5cd9ce59 [ 218.513954][ T7778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 218.513968][ T7778] RSP: 002b:00007f3e5dd07028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 218.513982][ T7778] RAX: ffffffffffffffda RBX: 00007f3e5d015fa0 RCX: 00007f3e5cd9ce59 [ 218.513993][ T7778] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 218.514002][ T7778] RBP: 00007f3e5ce32e6f R08: 0000000000000401 R09: 0000000000008000 [ 218.514011][ T7778] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 218.514020][ T7778] R13: 00007f3e5d016038 R14: 00007f3e5d015fa0 R15: 00007ffdc2bf1da8 [ 218.514039][ T7778] [ 221.571537][ T7787] kexec: Could not allocate control_code_buffer [ 222.629035][ T7810] zram: Removed device: zram0 [ 222.915527][ T7824] netlink: 8 bytes leftover after parsing attributes in process `syz.1.370'. [ 223.233875][ T7830] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 224.130887][ T30] audit: type=1804 audit(8277292036.980:15): pid=7839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.371" name="/newroot/110/file0" dev="tmpfs" ino=596 res=1 errno=0 [ 224.205845][ T30] audit: type=1804 audit(8277292037.010:16): pid=7842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.371" name="/newroot/110/file0" dev="tmpfs" ino=596 res=1 errno=0 [ 228.045627][ T30] audit: type=1800 audit(8277292040.890:17): pid=7857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.376" name="dbroot" dev="configfs" ino=19546 res=0 errno=0 [ 231.478885][ T7867] syz.3.378 (7867) used greatest stack depth: 19384 bytes left [ 231.887004][ T7913] futex_wake_op: syz.0.387 tries to shift op by -2048; fix this program [ 232.296922][ T7922] netlink: 4 bytes leftover after parsing attributes in process `syz.1.388'. [ 233.414116][ T7935] can: request_module (can-proto-0) failed. [ 233.483073][ T7936] netlink: 28 bytes leftover after parsing attributes in process `syz.0.393'. [ 233.557744][ T7936] ipvlan1: entered promiscuous mode [ 233.588456][ T7936] ipvlan1: entered allmulticast mode [ 233.600936][ T7936] veth0_vlan: entered allmulticast mode [ 234.792218][ T7961] ubi: mtd0 is already attached to ubi0 [ 236.378828][ T7956] Process accounting resumed [ 237.857294][ T8004] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input20 [ 237.863971][ T7992] ubi: mtd0 is already attached to ubi0 [ 238.302494][ T8012] futex_wake_op: syz.2.407 tries to shift op by -2048; fix this program [ 238.655744][ T8018] kvm: user requested TSC rate below hardware speed [ 238.689228][ T8020] net_ratelimit: 30 callbacks suppressed [ 238.689253][ T8020] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 238.785821][ T8025] futex_wake_op: syz.1.411 tries to shift op by -2048; fix this program [ 239.024323][ T8032] netlink: 28 bytes leftover after parsing attributes in process `syz.0.412'. [ 239.129111][ T8035] netlink: 28 bytes leftover after parsing attributes in process `syz.0.412'. [ 239.587924][ T8040] zswap: compressor 000 not available [ 241.054757][ T8049] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 241.179823][ T8049] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 241.203414][ T8049] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 241.306297][ T8049] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 241.691423][ T8054] kexec: Could not allocate control_code_buffer [ 242.246147][ T5635] Bluetooth: hci1: command 0x0c1a tx timeout [ 242.493260][ T8076] FAULT_INJECTION: forcing a failure. [ 242.493260][ T8076] name fail_futex, interval 1, probability 0, space 0, times 0 [ 242.553840][ T8076] CPU: 1 UID: 0 PID: 8076 Comm: syz.1.420 Tainted: G L syzkaller #0 PREEMPT(full) [ 242.553887][ T8076] Tainted: [L]=SOFTLOCKUP [ 242.553897][ T8076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 242.553917][ T8076] Call Trace: [ 242.553927][ T8076] [ 242.553937][ T8076] dump_stack_lvl+0x100/0x190 [ 242.553976][ T8076] should_fail_ex.cold+0x5/0xa [ 242.554012][ T8076] get_futex_key+0x1d2/0x14f0 [ 242.554045][ T8076] ? __pfx_get_futex_key+0x10/0x10 [ 242.554072][ T8076] ? find_held_lock+0x2b/0x80 [ 242.554106][ T8076] ? futex_wake+0x4ea/0x5e0 [ 242.554148][ T8076] futex_wake+0xf4/0x5e0 [ 242.554181][ T8076] ? futex_wait+0x11e/0x370 [ 242.554221][ T8076] ? __pfx_futex_wake+0x10/0x10 [ 242.554265][ T8076] ? __lock_acquire+0x49f/0x1a40 [ 242.554298][ T8076] do_futex+0x2b2/0x440 [ 242.554331][ T8076] ? __pfx_do_futex+0x10/0x10 [ 242.554363][ T8076] ? find_held_lock+0x2b/0x80 [ 242.554403][ T8076] __x64_sys_futex+0x34f/0x4d0 [ 242.554437][ T8076] ? __fget_files+0x21f/0x3d0 [ 242.554463][ T8076] ? __pfx___x64_sys_futex+0x10/0x10 [ 242.554507][ T8076] do_syscall_64+0x115/0x840 [ 242.554532][ T8076] ? clear_bhb_loop+0x40/0x90 [ 242.554576][ T8076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.554606][ T8076] RIP: 0033:0x7f045bf9ce59 [ 242.554629][ T8076] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 242.554655][ T8076] RSP: 002b:00007f045ce8c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 242.554686][ T8076] RAX: ffffffffffffffda RBX: 00007f045c215fa8 RCX: 00007f045bf9ce59 [ 242.554705][ T8076] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f045c215fac [ 242.554721][ T8076] RBP: 00007f045c215fa0 R08: 0000000000000001 R09: 0000000000000000 [ 242.554738][ T8076] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 242.554755][ T8076] R13: 00007f045c216038 R14: 00007ffdc5ef82f0 R15: 00007ffdc5ef83d8 [ 242.554791][ T8076] [ 243.207702][ T4943] Bluetooth: hci3: command 0x0c1a tx timeout [ 243.213922][ T5638] Bluetooth: hci0: command 0x0c1a tx timeout [ 243.366746][ T5638] Bluetooth: hci2: command 0x0c1a tx timeout [ 243.395836][ T8085] futex_wake_op: syz.1.422 tries to shift op by -2048; fix this program [ 243.861050][ T8095] netlink: 4 bytes leftover after parsing attributes in process `syz.0.423'. [ 243.917208][ T8095] netlink: 25 bytes leftover after parsing attributes in process `syz.0.423'. [ 244.109410][ T8098] FAULT_INJECTION: forcing a failure. [ 244.109410][ T8098] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 244.141503][ T8098] CPU: 0 UID: 0 PID: 8098 Comm: syz.1.424 Tainted: G L syzkaller #0 PREEMPT(full) [ 244.141547][ T8098] Tainted: [L]=SOFTLOCKUP [ 244.141557][ T8098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 244.141574][ T8098] Call Trace: [ 244.141584][ T8098] [ 244.141595][ T8098] dump_stack_lvl+0x100/0x190 [ 244.141638][ T8098] should_fail_ex.cold+0x5/0xa [ 244.141671][ T8098] ? prepare_alloc_pages+0x16d/0x5f0 [ 244.141715][ T8098] should_fail_alloc_page+0xeb/0x140 [ 244.141759][ T8098] prepare_alloc_pages+0x1f0/0x5f0 [ 244.141806][ T8098] __alloc_frozen_pages_noprof+0x1af/0x2dc0 [ 244.141848][ T8098] ? rcu_is_watching+0x12/0xc0 [ 244.141883][ T8098] ? trace_mm_page_alloc+0x164/0x1c0 [ 244.141926][ T8098] ? __alloc_frozen_pages_noprof+0x2d1/0x2dc0 [ 244.141963][ T8098] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 244.141998][ T8098] ? stack_trace_save+0x8e/0xc0 [ 244.142067][ T8098] ? __pfx_stack_trace_save+0x10/0x10 [ 244.142108][ T8098] ? stack_depot_save_flags+0x27/0x9d0 [ 244.142153][ T8098] ? is_bpf_text_address+0x94/0x1a0 [ 244.142195][ T8098] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 244.142235][ T8098] ? __kasan_slab_alloc+0x89/0x90 [ 244.142272][ T8098] ? kmem_cache_alloc_node_noprof+0x27d/0x6b0 [ 244.142307][ T8098] ? alloc_vmap_area+0x640/0x2bb0 [ 244.142342][ T8098] ? __get_vm_area_node+0x1ca/0x330 [ 244.142380][ T8098] ? __vmalloc_node_range_noprof+0x228/0x1630 [ 244.142424][ T8098] ? __vmalloc_node_noprof+0xad/0xf0 [ 244.142462][ T8098] ? __snd_dma_alloc_pages+0xd2/0x150 [ 244.142498][ T8098] ? snd_dma_alloc_dir_pages+0x151/0x240 [ 244.142532][ T8098] ? do_alloc_pages+0xe5/0x1e0 [ 244.142557][ T8098] ? snd_pcm_lib_malloc_pages+0x4bd/0x9b0 [ 244.142587][ T8098] ? snd_pcm_hw_params+0x1738/0x1cd0 [ 244.142615][ T8098] ? snd_pcm_kernel_ioctl+0x104/0x280 [ 244.142644][ T8098] ? snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 244.142687][ T8098] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 244.142728][ T8098] ? snd_pcm_oss_read+0x3d4/0x730 [ 244.142780][ T8098] alloc_pages_bulk_noprof+0x5de/0x13c0 [ 244.142822][ T8098] ? policy_nodemask+0xed/0x4f0 [ 244.142866][ T8098] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 244.142921][ T8098] __kasan_populate_vmalloc+0xf0/0x210 [ 244.142979][ T8098] alloc_vmap_area+0x95d/0x2bb0 [ 244.143032][ T8098] ? kasan_save_track+0x14/0x30 [ 244.143067][ T8098] ? __kasan_kmalloc+0xaa/0xb0 [ 244.143101][ T8098] ? __pfx_alloc_vmap_area+0x10/0x10 [ 244.143141][ T8098] ? __get_vm_area_node+0x101/0x330 [ 244.143185][ T8098] __get_vm_area_node+0x1ca/0x330 [ 244.143232][ T8098] __vmalloc_node_range_noprof+0x228/0x1630 [ 244.143277][ T8098] ? __snd_dma_alloc_pages+0xd2/0x150 [ 244.143312][ T8098] ? kasan_save_track+0x14/0x30 [ 244.143353][ T8098] ? lock_acquire+0x1b9/0x370 [ 244.143383][ T8098] ? __snd_dma_alloc_pages+0xd2/0x150 [ 244.143421][ T8098] ? rcu_is_watching+0x12/0xc0 [ 244.143455][ T8098] ? trace_contention_end+0x126/0x160 [ 244.143486][ T8098] ? __mutex_lock+0x26d/0x1bd0 [ 244.143513][ T8098] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 244.143558][ T8098] ? find_held_lock+0x2b/0x80 [ 244.143593][ T8098] ? do_alloc_pages+0xb3/0x1e0 [ 244.143619][ T8098] ? do_alloc_pages+0xb3/0x1e0 [ 244.143658][ T8098] ? __snd_dma_alloc_pages+0xd2/0x150 [ 244.143694][ T8098] __vmalloc_node_noprof+0xad/0xf0 [ 244.143737][ T8098] ? __snd_dma_alloc_pages+0xd2/0x150 [ 244.143773][ T8098] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 244.143808][ T8098] __snd_dma_alloc_pages+0xd2/0x150 [ 244.143847][ T8098] snd_dma_alloc_dir_pages+0x151/0x240 [ 244.143888][ T8098] do_alloc_pages+0xe5/0x1e0 [ 244.143921][ T8098] snd_pcm_lib_malloc_pages+0x4bd/0x9b0 [ 244.143959][ T8098] snd_pcm_hw_params+0x1738/0x1cd0 [ 244.143994][ T8098] ? do_raw_spin_lock+0x128/0x260 [ 244.144033][ T8098] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 244.144072][ T8098] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 244.144114][ T8098] ? lockdep_hardirqs_on+0x78/0x100 [ 244.144158][ T8098] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 244.144204][ T8098] snd_pcm_kernel_ioctl+0x104/0x280 [ 244.144237][ T8098] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 244.144299][ T8098] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 244.144370][ T8098] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 244.144412][ T8098] snd_pcm_oss_read+0x3d4/0x730 [ 244.144457][ T8098] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 244.144502][ T8098] vfs_read+0x1e4/0xb40 [ 244.144532][ T8098] ? __pfx_vfs_read+0x10/0x10 [ 244.144555][ T8098] ? find_held_lock+0x2b/0x80 [ 244.144590][ T8098] ? __fget_files+0x215/0x3d0 [ 244.144615][ T8098] ? __fget_files+0x215/0x3d0 [ 244.144647][ T8098] ? __fget_files+0x21f/0x3d0 [ 244.144684][ T8098] ksys_read+0x12a/0x250 [ 244.144710][ T8098] ? __pfx_ksys_read+0x10/0x10 [ 244.144747][ T8098] do_syscall_64+0x115/0x840 [ 244.144771][ T8098] ? clear_bhb_loop+0x40/0x90 [ 244.144805][ T8098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.144834][ T8098] RIP: 0033:0x7f045bf9ce59 [ 244.144857][ T8098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 244.144883][ T8098] RSP: 002b:00007f045ce6b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 244.144910][ T8098] RAX: ffffffffffffffda RBX: 00007f045c216090 RCX: 00007f045bf9ce59 [ 244.144929][ T8098] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000008 [ 244.144945][ T8098] RBP: 00007f045c032e6f R08: 0000000000000000 R09: 0000000000000000 [ 244.144961][ T8098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 244.144977][ T8098] R13: 00007f045c216128 R14: 00007f045c216090 R15: 00007ffdc5ef83d8 [ 244.145013][ T8098] [ 244.357199][ T8098] syz.1.424: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 244.753490][ T8098] CPU: 0 UID: 0 PID: 8098 Comm: syz.1.424 Tainted: G L syzkaller #0 PREEMPT(full) [ 244.753536][ T8098] Tainted: [L]=SOFTLOCKUP [ 244.753546][ T8098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 244.753562][ T8098] Call Trace: [ 244.753571][ T8098] [ 244.753582][ T8098] dump_stack_lvl+0x100/0x190 [ 244.753623][ T8098] warn_alloc.cold+0x94/0xa8 [ 244.753654][ T8098] ? __pfx_warn_alloc+0x10/0x10 [ 244.753685][ T8098] ? lockdep_hardirqs_on+0x78/0x100 [ 244.753735][ T8098] ? __get_vm_area_node+0x2cd/0x330 [ 244.753785][ T8098] ? __get_vm_area_node+0x208/0x330 [ 244.753833][ T8098] __vmalloc_node_range_noprof+0xccd/0x1630 [ 244.753877][ T8098] ? kasan_save_track+0x14/0x30 [ 244.753919][ T8098] ? lock_acquire+0x1b9/0x370 [ 244.753949][ T8098] ? __snd_dma_alloc_pages+0xd2/0x150 [ 244.753989][ T8098] ? rcu_is_watching+0x12/0xc0 [ 244.754024][ T8098] ? trace_contention_end+0x126/0x160 [ 244.754056][ T8098] ? __mutex_lock+0x26d/0x1bd0 [ 244.754083][ T8098] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 244.754132][ T8098] ? find_held_lock+0x2b/0x80 [ 244.754166][ T8098] ? do_alloc_pages+0xb3/0x1e0 [ 244.754193][ T8098] ? do_alloc_pages+0xb3/0x1e0 [ 244.754231][ T8098] ? __snd_dma_alloc_pages+0xd2/0x150 [ 244.754269][ T8098] __vmalloc_node_noprof+0xad/0xf0 [ 244.754311][ T8098] ? __snd_dma_alloc_pages+0xd2/0x150 [ 244.754353][ T8098] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 244.754387][ T8098] __snd_dma_alloc_pages+0xd2/0x150 [ 244.754427][ T8098] snd_dma_alloc_dir_pages+0x151/0x240 [ 244.754470][ T8098] do_alloc_pages+0xe5/0x1e0 [ 244.754505][ T8098] snd_pcm_lib_malloc_pages+0x4bd/0x9b0 [ 244.754543][ T8098] snd_pcm_hw_params+0x1738/0x1cd0 [ 244.754579][ T8098] ? do_raw_spin_lock+0x128/0x260 [ 244.754613][ T8098] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 244.754652][ T8098] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 244.754694][ T8098] ? lockdep_hardirqs_on+0x78/0x100 [ 244.754738][ T8098] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 244.754781][ T8098] snd_pcm_kernel_ioctl+0x104/0x280 [ 244.754816][ T8098] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 244.754879][ T8098] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 244.754954][ T8098] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 244.755001][ T8098] snd_pcm_oss_read+0x3d4/0x730 [ 244.755050][ T8098] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 244.755097][ T8098] vfs_read+0x1e4/0xb40 [ 244.755129][ T8098] ? __pfx_vfs_read+0x10/0x10 [ 244.755153][ T8098] ? find_held_lock+0x2b/0x80 [ 244.755188][ T8098] ? __fget_files+0x215/0x3d0 [ 244.755214][ T8098] ? __fget_files+0x215/0x3d0 [ 244.755248][ T8098] ? __fget_files+0x21f/0x3d0 [ 244.755286][ T8098] ksys_read+0x12a/0x250 [ 244.755312][ T8098] ? __pfx_ksys_read+0x10/0x10 [ 244.755356][ T8098] do_syscall_64+0x115/0x840 [ 244.755381][ T8098] ? clear_bhb_loop+0x40/0x90 [ 244.755417][ T8098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.755446][ T8098] RIP: 0033:0x7f045bf9ce59 [ 244.755470][ T8098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 244.755497][ T8098] RSP: 002b:00007f045ce6b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 244.755524][ T8098] RAX: ffffffffffffffda RBX: 00007f045c216090 RCX: 00007f045bf9ce59 [ 244.755543][ T8098] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000008 [ 244.755560][ T8098] RBP: 00007f045c032e6f R08: 0000000000000000 R09: 0000000000000000 [ 244.755577][ T8098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 244.755594][ T8098] R13: 00007f045c216128 R14: 00007f045c216090 R15: 00007ffdc5ef83d8 [ 244.755633][ T8098] [ 244.968209][ T8098] Mem-Info: [ 245.147131][ T5635] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 245.244428][ T8098] active_anon:24408 inactive_anon:289 isolated_anon:0 [ 245.244428][ T8098] active_file:60 inactive_file:55712 isolated_file:0 [ 245.244428][ T8098] unevictable:768 dirty:2620 writeback:120 [ 245.244428][ T8098] slab_reclaimable:10987 slab_unreclaimable:94308 [ 245.244428][ T8098] mapped:37517 shmem:11679 pagetables:1346 [ 245.244428][ T8098] sec_pagetables:0 bounce:0 [ 245.244428][ T8098] kernel_misc_reclaimable:0 [ 245.244428][ T8098] free:1298972 free_pcp:12927 free_cma:0 [ 245.314613][ T8098] Node 0 active_anon:98432kB inactive_anon:656kB active_file:240kB inactive_file:223044kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:150268kB dirty:10476kB writeback:480kB shmem:45380kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11932kB pagetables:5220kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 245.360563][ T8098] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 245.456052][ T8098] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 245.569493][ T8098] lowmem_reserve[]: 0 2476 2477 2477 2477 [ 245.588966][ T8098] Node 0 DMA32 free:1241592kB boost:0kB min:34052kB low:42564kB high:51076kB reserved_highatomic:0KB free_highatomic:0KB active_anon:99444kB inactive_anon:788kB active_file:240kB inactive_file:215116kB unevictable:1536kB writepending:8688kB zspages:3960kB present:3129332kB managed:2535508kB mlocked:0kB bounce:0kB free_pcp:50284kB local_pcp:20556kB free_cma:0kB [ 245.678994][ T8098] lowmem_reserve[]: 0 0 1 1 1 [ 245.683858][ T8098] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1028kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 245.836718][ T8098] lowmem_reserve[]: 0 0 0 0 0 [ 245.872031][ T8098] Node 1 Normal free:3946160kB boost:0kB min:55832kB low:69788kB high:83744kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:252kB local_pcp:0kB free_cma:0kB [ 246.095721][ T8098] lowmem_reserve[]: 0 0 0 0 0 [ 246.132459][ T8098] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 246.276060][ T8098] Node 0 DMA32: 3*4kB (UME) 1*8kB (M) 161*16kB (UM) 170*32kB (U) 194*64kB (UME) 135*128kB (UM) 73*256kB (UME) 28*512kB (UM) 12*1024kB (UM) 9*2048kB (UM) 278*4096kB (UM) = 1240164kB [ 246.522275][ T8098] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 246.676136][ T8098] Node 1 Normal: 4*4kB (M) 4*8kB (UM) 4*16kB (UM) 14*32kB (UM) 8*64kB (UM) 3*128kB (UM) 3*256kB (M) 3*512kB (M) 2*1024kB (M) 4*2048kB (UM) 960*4096kB (UM) = 3946160kB [ 246.776180][ T8098] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 246.826191][ T8098] Node 0 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 246.914155][ T8098] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 247.019716][ T8098] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 247.106235][ T8098] 67333 total pagecache pages [ 247.120455][ T8098] 194 pages in swap cache [ 247.134798][ T8098] Free swap = 4296kB [ 247.229322][ T8098] Total swap = 124996kB [ 247.258740][ T8098] 2097051 pages RAM [ 247.299894][ T8098] 0 pages HighMem/MovableOnly [ 247.496409][ T8098] 431302 pages reserved [ 247.607578][ T8098] 0 pages cma reserved [ 248.527325][ T8115] kexec: Could not allocate control_code_buffer [ 249.201296][ T8136] netlink: 4656 bytes leftover after parsing attributes in process `syz.1.431'. [ 250.572069][ T6974] syz.3.190 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 250.626967][ T6974] CPU: 0 UID: 0 PID: 6974 Comm: syz.3.190 Tainted: G L syzkaller #0 PREEMPT(full) [ 250.627009][ T6974] Tainted: [L]=SOFTLOCKUP [ 250.627018][ T6974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 250.627033][ T6974] Call Trace: [ 250.627041][ T6974] [ 250.627051][ T6974] dump_stack_lvl+0x100/0x190 [ 250.627089][ T6974] dump_header+0xfb/0x606 [ 250.627122][ T6974] oom_kill_process.cold+0xd/0x330 [ 250.627154][ T6974] out_of_memory+0x340/0x14f0 [ 250.627202][ T6974] ? __pfx_out_of_memory+0x10/0x10 [ 250.627252][ T6974] mem_cgroup_out_of_memory+0xc6/0x130 [ 250.627291][ T6974] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 250.627319][ T6974] ? find_held_lock+0x2b/0x80 [ 250.627360][ T6974] ? do_raw_spin_unlock+0x145/0x1e0 [ 250.627391][ T6974] ? _raw_spin_unlock+0x28/0x50 [ 250.627431][ T6974] try_charge_memcg+0x6e5/0xdf0 [ 250.627478][ T6974] ? __pfx_try_charge_memcg+0x10/0x10 [ 250.627514][ T6974] ? find_held_lock+0x2b/0x80 [ 250.627545][ T6974] ? rcu_read_unlock+0x17/0x60 [ 250.627583][ T6974] ? rcu_read_unlock+0x17/0x60 [ 250.627621][ T6974] ? find_held_lock+0x2b/0x80 [ 250.627655][ T6974] ? rcu_read_unlock+0x17/0x60 [ 250.627701][ T6974] charge_memcg+0x187/0x1e0 [ 250.627740][ T6974] __mem_cgroup_charge+0x2b/0x1c0 [ 250.627769][ T6974] shmem_alloc_and_add_folio+0x451/0xd40 [ 250.627807][ T6974] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 250.627839][ T6974] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 250.627884][ T6974] shmem_get_folio_gfp+0x6ad/0x1910 [ 250.627918][ T6974] ? __lock_acquire+0x49f/0x1a40 [ 250.627943][ T6974] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 250.627987][ T6974] shmem_write_begin+0x1a4/0x420 [ 250.628021][ T6974] ? __pfx_shmem_write_begin+0x10/0x10 [ 250.628053][ T6974] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 250.628088][ T6974] ? lockdep_hardirqs_on+0x78/0x100 [ 250.628133][ T6974] generic_perform_write+0x292/0xa40 [ 250.628184][ T6974] ? __pfx_generic_perform_write+0x10/0x10 [ 250.628228][ T6974] ? file_update_time_flags+0x373/0x500 [ 250.628265][ T6974] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 250.628299][ T6974] shmem_file_write_iter+0x10e/0x140 [ 250.628337][ T6974] __kernel_write_iter+0x2ac/0x930 [ 250.628366][ T6974] ? __pfx___kernel_write_iter+0x10/0x10 [ 250.628391][ T6974] ? __up_read+0x333/0x980 [ 250.628424][ T6974] ? dump_user_range+0x65e/0xad0 [ 250.628464][ T6974] dump_user_range+0x3f9/0xad0 [ 250.628501][ T6974] ? __pfx_dump_user_range+0x10/0x10 [ 250.628545][ T6974] ? elf_core_dump+0x2d74/0x3d20 [ 250.628582][ T6974] elf_core_dump+0x2d68/0x3d20 [ 250.628634][ T6974] ? __pfx_elf_core_dump+0x10/0x10 [ 250.628667][ T6974] ? kasan_save_stack+0x3f/0x50 [ 250.628699][ T6974] ? kasan_save_stack+0x30/0x50 [ 250.628728][ T6974] ? kasan_save_track+0x14/0x30 [ 250.628756][ T6974] ? __kasan_kmalloc+0xaa/0xb0 [ 250.628784][ T6974] ? vfs_coredump+0x22a6/0x56f0 [ 250.628810][ T6974] ? get_signal+0x1f2a/0x21e0 [ 250.628836][ T6974] ? arch_do_signal_or_restart+0x91/0x7a0 [ 250.628876][ T6974] ? 0xffffffffff600000 [ 250.628949][ T6974] ? vfs_coredump+0x294b/0x56f0 [ 250.628978][ T6974] vfs_coredump+0x294b/0x56f0 [ 250.629022][ T6974] ? __pfx_vfs_coredump+0x10/0x10 [ 250.629053][ T6974] ? __lock_acquire+0x49f/0x1a40 [ 250.629106][ T6974] ? bpf_ksym_find+0x124/0x1c0 [ 250.629141][ T6974] ? unwind_get_return_address+0x59/0xa0 [ 250.629177][ T6974] ? arch_stack_walk+0xa6/0xf0 [ 250.629222][ T6974] ? __sigqueue_free+0xbe/0x2a0 [ 250.629255][ T6974] ? stack_trace_save+0x8e/0xc0 [ 250.629289][ T6974] ? __pfx_stack_trace_save+0x10/0x10 [ 250.629330][ T6974] ? stack_depot_save_flags+0x27/0x9d0 [ 250.629429][ T6974] ? proc_coredump_connector+0x2d3/0x4f0 [ 250.629458][ T6974] ? __pfx_proc_coredump_connector+0x10/0x10 [ 250.629493][ T6974] ? rcu_is_watching+0x12/0xc0 [ 250.629528][ T6974] get_signal+0x1f2a/0x21e0 [ 250.629573][ T6974] ? __pfx_get_signal+0x10/0x10 [ 250.629614][ T6974] arch_do_signal_or_restart+0x91/0x7a0 [ 250.629642][ T6974] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 250.629678][ T6974] ? cond_local_irq_disable.part.0+0x38/0x40 [ 250.629705][ T6974] ? exc_general_protection+0x120/0x240 [ 250.629743][ T6974] irqentry_exit+0x402/0xa00 [ 250.629818][ T6974] asm_exc_general_protection+0x26/0x30 [ 250.629847][ T6974] RIP: 0033:0x7f3e5cd9ce61 [ 250.629877][ T6974] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 250.629901][ T6974] RSP: 002b:0000000000000004 EFLAGS: 00010217 [ 250.629921][ T6974] RAX: 0000000000000000 RBX: 00007f3e5d016090 RCX: 00007f3e5cd9ce59 [ 250.629938][ T6974] RDX: 00002000000001c0 RSI: 0000000000000004 RDI: 0000000000000008 [ 250.629954][ T6974] RBP: 00007f3e5ce32e6f R08: 00000000000007ff R09: 0000000000000000 [ 250.629970][ T6974] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000 [ 250.629986][ T6974] R13: 00007f3e5d016128 R14: 00007f3e5d016090 R15: 00007ffdc2bf1da8 [ 250.630023][ T6974] [ 250.630209][ T6974] memory: usage 3072kB, limit 3072kB, failcnt 86418 [ 251.132138][ T6974] memory+swap: usage 126904kB, limit 9007199254740988kB, failcnt 0 [ 251.140282][ T6974] kmem: usage 1604kB, limit 9007199254740988kB, failcnt 0 [ 251.147554][ T6974] Memory cgroup stats for /syz3: [ 251.147844][ T6974] cache 188416 [ 251.156364][ T6974] rss 626688 [ 251.159608][ T6974] rss_huge 0 [ 251.162854][ T6974] shmem 188416 [ 251.166366][ T6974] mapped_file 0 [ 251.169913][ T6974] dirty 0 [ 251.172911][ T6974] writeback 0 [ 251.176310][ T6974] workingset_refault_anon 7131 [ 251.182637][ T6974] workingset_refault_file 48416 [ 251.187604][ T6974] swap 126803968 [ 251.191197][ T6974] swapcached 261550080 [ 251.195279][ T6974] pgpgin 159636 [ 251.198855][ T6974] pgpgout 159781 [ 251.203432][ T6974] pgfault 90234 [ 251.250730][ T6974] pgmajfault 3289 [ 251.254534][ T6974] inactive_anon 544768 [ 251.259013][ T6974] active_anon 954368 [ 251.262961][ T6974] inactive_file 0 [ 251.267439][ T6974] active_file 0 [ 251.270965][ T6974] unevictable 0 [ 251.274538][ T6974] hierarchical_memory_limit 3145728 [ 251.305204][ T6974] hierarchical_memsw_limit 9223372036854771712 [ 251.318438][ T6974] total_cache 188416 [ 251.329430][ T6974] total_rss 626688 [ 251.334685][ T6974] total_rss_huge 0 [ 251.366781][ T6974] total_shmem 188416 [ 251.370785][ T6974] total_mapped_file 0 [ 251.377242][ T6974] total_dirty 0 [ 251.380857][ T6974] total_writeback 0 [ 251.384735][ T6974] total_workingset_refault_anon 7131 [ 251.390182][ T6974] total_workingset_refault_file 48416 [ 251.395721][ T6974] total_swap 126803968 [ 251.400965][ T6974] total_swapcached 261550080 [ 251.406637][ T6974] total_pgpgin 159636 [ 251.412257][ T6974] total_pgpgout 159781 [ 251.417234][ T6974] total_pgfault 90234 [ 251.421292][ T6974] total_pgmajfault 3289 [ 251.425492][ T6974] total_inactive_anon 544768 [ 251.444382][ T6974] total_active_anon 954368 [ 251.467687][ T6974] total_inactive_file 0 [ 251.475906][ T6974] total_active_file 0 [ 251.487344][ T6974] total_unevictable 0 [ 251.499945][ T6974] anon_cost 0 [ 251.508002][ T6974] file_cost 0 [ 251.518496][ T6974] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.353,pid=7754,uid=0 [ 251.558077][ T6974] Memory cgroup out of memory: Killed process 7754 (syz.3.353) total-vm:106328kB, anon-rss:1236kB, file-rss:34280kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 251.781682][ T8145] syz.3.429 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 251.794172][ T8145] CPU: 1 UID: 0 PID: 8145 Comm: syz.3.429 Tainted: G L syzkaller #0 PREEMPT(full) [ 251.794214][ T8145] Tainted: [L]=SOFTLOCKUP [ 251.794223][ T8145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 251.794240][ T8145] Call Trace: [ 251.794249][ T8145] [ 251.794260][ T8145] dump_stack_lvl+0x100/0x190 [ 251.794303][ T8145] dump_header+0xfb/0x606 [ 251.794337][ T8145] oom_kill_process.cold+0xd/0x330 [ 251.794373][ T8145] out_of_memory+0x340/0x14f0 [ 251.794427][ T8145] ? __pfx_out_of_memory+0x10/0x10 [ 251.794483][ T8145] mem_cgroup_out_of_memory+0xc6/0x130 [ 251.794518][ T8145] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 251.794550][ T8145] ? find_held_lock+0x2b/0x80 [ 251.794597][ T8145] ? do_raw_spin_unlock+0x145/0x1e0 [ 251.794632][ T8145] ? _raw_spin_unlock+0x28/0x50 [ 251.794676][ T8145] try_charge_memcg+0x6e5/0xdf0 [ 251.794734][ T8145] ? __pfx_try_charge_memcg+0x10/0x10 [ 251.794775][ T8145] ? find_held_lock+0x2b/0x80 [ 251.794810][ T8145] ? rcu_read_unlock+0x17/0x60 [ 251.794853][ T8145] ? rcu_read_unlock+0x17/0x60 [ 251.794896][ T8145] ? find_held_lock+0x2b/0x80 [ 251.794933][ T8145] ? rcu_read_unlock+0x17/0x60 [ 251.794983][ T8145] charge_memcg+0x187/0x1e0 [ 251.795028][ T8145] __mem_cgroup_charge+0x2b/0x1c0 [ 251.795059][ T8145] do_anonymous_page+0xb53/0x2080 [ 251.795090][ T8145] ? rcu_read_unlock+0x2d/0xb0 [ 251.795129][ T8145] __handle_mm_fault+0x1d2c/0x2a00 [ 251.795164][ T8145] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 251.795201][ T8145] ? __pfx___handle_mm_fault+0x10/0x10 [ 251.795233][ T8145] ? pte_offset_map_lock+0x174/0x320 [ 251.795272][ T8145] ? find_held_lock+0x2b/0x80 [ 251.795321][ T8145] ? follow_page_pte+0x4d0/0x13f0 [ 251.795368][ T8145] handle_mm_fault+0x37b/0xa30 [ 251.795406][ T8145] __get_user_pages+0x1178/0x32a0 [ 251.795461][ T8145] ? __pfx___get_user_pages+0x10/0x10 [ 251.795513][ T8145] populate_vma_page_range+0x267/0x3f0 [ 251.795558][ T8145] ? __pfx_populate_vma_page_range+0x10/0x10 [ 251.795601][ T8145] ? __pfx_find_vma_intersection+0x10/0x10 [ 251.795641][ T8145] ? do_mmap+0x93f/0x12f0 [ 251.795685][ T8145] __mm_populate+0x107/0x3a0 [ 251.795736][ T8145] ? __pfx___mm_populate+0x10/0x10 [ 251.795782][ T8145] ? up_write+0x2e5/0x5c0 [ 251.795816][ T8145] vm_mmap_pgoff+0x37f/0x470 [ 251.795869][ T8145] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 251.795927][ T8145] ksys_mmap_pgoff+0xe4/0x610 [ 251.795968][ T8145] ? kcov_ioctl+0x17a/0x750 [ 251.796008][ T8145] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 251.796046][ T8145] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 251.796104][ T8145] __x64_sys_mmap+0x125/0x190 [ 251.796152][ T8145] do_syscall_64+0x115/0x840 [ 251.796177][ T8145] ? clear_bhb_loop+0x40/0x90 [ 251.796213][ T8145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.796242][ T8145] RIP: 0033:0x7f3e5cd9ce59 [ 251.796263][ T8145] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 251.796290][ T8145] RSP: 002b:00007f3e5dd07028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 251.796318][ T8145] RAX: ffffffffffffffda RBX: 00007f3e5d015fa0 RCX: 00007f3e5cd9ce59 [ 251.796337][ T8145] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 251.796354][ T8145] RBP: 00007f3e5ce32e6f R08: 0000000000000002 R09: 0000000000000000 [ 251.796371][ T8145] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 251.796388][ T8145] R13: 00007f3e5d016038 R14: 00007f3e5d015fa0 R15: 00007ffdc2bf1da8 [ 251.796428][ T8145] [ 252.202688][ T8145] memory: usage 3072kB, limit 3072kB, failcnt 86469 [ 252.223378][ T8145] memory+swap: usage 126904kB, limit 9007199254740988kB, failcnt 0 [ 252.231719][ T8145] kmem: usage 1604kB, limit 9007199254740988kB, failcnt 0 [ 252.265743][ T8145] Memory cgroup stats for /syz3: [ 252.266745][ T8145] cache 192512 [ 252.411422][ T8145] rss 626688 [ 252.646162][ T8145] rss_huge 0 [ 252.651734][ T8145] shmem 192512 [ 252.796039][ T8145] mapped_file 0 [ 252.799583][ T8145] dirty 0 [ 252.802532][ T8145] writeback 0 [ 252.826546][ T8145] workingset_refault_anon 7131 [ 252.841459][ T8145] workingset_refault_file 48416 [ 252.877589][ T8145] swap 126803968 [ 252.882350][ T8145] swapcached 261550080 [ 252.890104][ T8145] pgpgin 159637 [ 252.893798][ T8145] pgpgout 159781 [ 252.897884][ T8145] pgfault 90234 [ 252.901506][ T8145] pgmajfault 3289 [ 252.905368][ T8145] inactive_anon 544768 [ 252.949937][ T8145] active_anon 958464 [ 253.059766][ T8145] inactive_file 0 [ 253.092914][ T8145] active_file 0 [ 253.211986][ T8145] unevictable 0 [ 253.264257][ T8145] hierarchical_memory_limit 3145728 [ 253.334207][ T8145] hierarchical_memsw_limit 9223372036854771712 [ 253.439693][ T7754] syz.3.353 (7754) used greatest stack depth: 17864 bytes left [ 253.530402][ T8145] total_cache 192512 [ 253.556378][ T8145] total_rss 626688 [ 253.603710][ T8145] total_rss_huge 0 [ 253.626151][ T8145] total_shmem 192512 [ 253.676006][ T8145] total_mapped_file 0 [ 253.680139][ T8145] total_dirty 0 [ 253.700395][ T8145] total_writeback 0 [ 253.789601][ T8145] total_workingset_refault_anon 7131 [ 253.808887][ T8145] total_workingset_refault_file 48416 [ 253.830228][ T8145] total_swap 126803968 [ 253.856778][ T8145] total_swapcached 261550080 [ 253.864455][ T8145] total_pgpgin 159637 [ 253.870143][ T8145] total_pgpgout 159781 [ 253.875902][ T8145] total_pgfault 90234 [ 253.881598][ T8145] total_pgmajfault 3289 [ 253.942991][ T8145] total_inactive_anon 544768 [ 253.986013][ T8145] total_active_anon 958464 [ 253.999924][ T8145] total_inactive_file 0 [ 254.007943][ T8145] total_active_file 0 [ 254.065291][ T8145] total_unevictable 0 [ 254.159991][ T8145] anon_cost 0 [ 254.176010][ T8145] file_cost 0 [ 254.246137][ T8145] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.190,pid=6974,uid=0 [ 254.305708][ T8145] Memory cgroup out of memory: Killed process 6974 (syz.3.190) total-vm:141680kB, anon-rss:1244kB, file-rss:28284kB, shmem-rss:0kB, UID:0 pgtables:300kB oom_score_adj:1000 [ 255.690556][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.699638][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.173927][ T8196] netlink: 334 bytes leftover after parsing attributes in process `syz.2.443'. [ 256.842439][ T6974] syz.3.190 (6974) used greatest stack depth: 16808 bytes left [ 257.522525][ T30] audit: type=1800 audit(4294967320.910:18): pid=8211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.446" name="file0" dev="tmpfs" ino=703 res=0 errno=0 [ 261.211264][ T8278] ubi: mtd0 is already attached to ubi0 [ 261.258915][ T8284] ubi0: detaching mtd0 [ 261.500938][ T8284] ubi0: mtd0 is detached [ 261.696231][ T8298] FAULT_INJECTION: forcing a failure. [ 261.696231][ T8298] name failslab, interval 1, probability 0, space 0, times 0 [ 261.725589][ T8298] CPU: 0 UID: 0 PID: 8298 Comm: syz.2.460 Tainted: G L syzkaller #0 PREEMPT(full) [ 261.725632][ T8298] Tainted: [L]=SOFTLOCKUP [ 261.725641][ T8298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 261.725657][ T8298] Call Trace: [ 261.725665][ T8298] [ 261.725675][ T8298] dump_stack_lvl+0x100/0x190 [ 261.725715][ T8298] should_fail_ex.cold+0x5/0xa [ 261.725751][ T8298] should_failslab+0xc2/0x120 [ 261.725790][ T8298] kmem_cache_alloc_noprof+0x91/0x6a0 [ 261.725825][ T8298] ? __pfx_futex_hash+0x10/0x10 [ 261.725853][ T8298] ? mpol_new+0x11b/0x2d0 [ 261.725900][ T8298] mpol_new+0x11b/0x2d0 [ 261.725934][ T8298] do_mbind+0x210/0xfd0 [ 261.725965][ T8298] ? __pfx_do_mbind+0x10/0x10 [ 261.725989][ T8298] ? __pfx_get_nodes+0x10/0x10 [ 261.726012][ T8298] kernel_mbind+0x1b7/0x200 [ 261.726027][ T8298] ? __pfx_kernel_mbind+0x10/0x10 [ 261.726046][ T8298] do_syscall_64+0x115/0x840 [ 261.726059][ T8298] ? clear_bhb_loop+0x40/0x90 [ 261.726077][ T8298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.726091][ T8298] RIP: 0033:0x7f134f99ce59 [ 261.726104][ T8298] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 261.726117][ T8298] RSP: 002b:00007f1350906028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 261.726132][ T8298] RAX: ffffffffffffffda RBX: 00007f134fc15fa0 RCX: 00007f134f99ce59 [ 261.726141][ T8298] RDX: 0000000000000004 RSI: 00000000002091d2 RDI: 0000000000000000 [ 261.726150][ T8298] RBP: 00007f134fa32e6f R08: 0000000000000006 R09: 0000000000000002 [ 261.726158][ T8298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 261.726166][ T8298] R13: 00007f134fc16038 R14: 00007f134fc15fa0 R15: 00007ffc63500728 [ 261.726185][ T8298] [ 261.958154][ T5635] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 262.166894][ T8298] netlink: 342 bytes leftover after parsing attributes in process `syz.2.460'. [ 263.132942][ T8310] netlink: 326 bytes leftover after parsing attributes in process `syz.1.462'. [ 263.432348][ T8321] futex_wake_op: syz.1.464 tries to shift op by -2048; fix this program [ 264.075533][ T8338] netlink: 12 bytes leftover after parsing attributes in process `syz.1.468'. [ 264.337237][ T8345] ================================================================== [ 264.337270][ T8345] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 264.337311][ T8345] Write of size 8 at addr ffffc90004c011a0 by task syz.1.468/8345 [ 264.337333][ T8345] [ 264.337348][ T8345] CPU: 1 UID: 0 PID: 8345 Comm: syz.1.468 Tainted: G L syzkaller #0 PREEMPT(full) [ 264.337385][ T8345] Tainted: [L]=SOFTLOCKUP [ 264.337394][ T8345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 264.337409][ T8345] Call Trace: [ 264.337418][ T8345] [ 264.337428][ T8345] dump_stack_lvl+0x100/0x190 [ 264.337460][ T8345] print_report+0x13d/0x4b0 [ 264.337497][ T8345] ? _raw_spin_lock_irqsave+0x52/0x60 [ 264.337535][ T8345] ? sys_imageblit+0x19fb/0x1d60 [ 264.337565][ T8345] kasan_report+0xdf/0x1c0 [ 264.337603][ T8345] ? sys_imageblit+0x19fb/0x1d60 [ 264.337639][ T8345] sys_imageblit+0x19fb/0x1d60 [ 264.337675][ T8345] ? __pfx_sys_imageblit+0x10/0x10 [ 264.337712][ T8345] ? prb_read_valid+0x78/0xa0 [ 264.337740][ T8345] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 264.337783][ T8345] soft_cursor+0x524/0xa10 [ 264.337812][ T8345] ? __pfx___probestub_notifier_run+0x10/0x10 [ 264.337850][ T8345] ? fb_get_color_depth+0x120/0x250 [ 264.337891][ T8345] bit_cursor+0xca1/0x1490 [ 264.337921][ T8345] ? __pfx_bit_cursor+0x10/0x10 [ 264.337949][ T8345] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 264.337988][ T8345] ? get_color+0x1da/0x450 [ 264.338024][ T8345] ? __pfx_bit_cursor+0x10/0x10 [ 264.338049][ T8345] fbcon_cursor+0x43c/0x5e0 [ 264.338086][ T8345] ? add_softcursor+0x1a0/0x290 [ 264.338116][ T8345] set_cursor+0x1db/0x250 [ 264.338144][ T8345] con_write+0x89/0xb0 [ 264.338177][ T8345] n_tty_write+0x431/0x1160 [ 264.338222][ T8345] ? __pfx_n_tty_write+0x10/0x10 [ 264.338265][ T8345] ? __kasan_kmalloc+0xaa/0xb0 [ 264.338298][ T8345] ? __pfx_woken_wake_function+0x10/0x10 [ 264.338329][ T8345] ? rcu_is_watching+0x12/0xc0 [ 264.338360][ T8345] ? file_tty_write.isra.0+0x694/0x890 [ 264.338392][ T8345] ? kfree+0x1e5/0x6c0 [ 264.338417][ T8345] ? __pfx_n_tty_write+0x10/0x10 [ 264.338457][ T8345] file_tty_write.isra.0+0x4d2/0x890 [ 264.338495][ T8345] redirected_tty_write+0xd4/0x120 [ 264.338529][ T8345] vfs_write+0x6ac/0x1050 [ 264.338553][ T8345] ? __pfx_redirected_tty_write+0x10/0x10 [ 264.338589][ T8345] ? __pfx_vfs_write+0x10/0x10 [ 264.338612][ T8345] ? find_held_lock+0x2b/0x80 [ 264.338656][ T8345] ksys_write+0x12a/0x250 [ 264.338680][ T8345] ? __pfx_ksys_write+0x10/0x10 [ 264.338709][ T8345] do_syscall_64+0x115/0x840 [ 264.338733][ T8345] ? clear_bhb_loop+0x40/0x90 [ 264.338763][ T8345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.338791][ T8345] RIP: 0033:0x7f045bf9ce59 [ 264.338812][ T8345] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 264.338836][ T8345] RSP: 002b:00007f045ce08028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 264.338862][ T8345] RAX: ffffffffffffffda RBX: 00007f045c216360 RCX: 00007f045bf9ce59 [ 264.338878][ T8345] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000010 [ 264.338893][ T8345] RBP: 00007f045c032e6f R08: 0000000000000000 R09: 0000000000000000 [ 264.338908][ T8345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 264.338922][ T8345] R13: 00007f045c2163f8 R14: 00007f045c216360 R15: 00007ffdc5ef83d8 [ 264.338945][ T8345] [ 264.338954][ T8345] [ 264.338961][ T8345] The buggy address belongs to a 1024-page vmalloc region starting at 0xffffc90004c02000 allocated at kcov_ioctl+0x4d/0x750 [ 264.339012][ T8345] Memory state around the buggy address: [ 264.339025][ T8345] ffffc90004c01080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 264.339050][ T8345] ffffc90004c01100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 264.339069][ T8345] >ffffc90004c01180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 264.339082][ T8345] ^ [ 264.339096][ T8345] ffffc90004c01200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 264.339114][ T8345] ffffc90004c01280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 264.339128][ T8345] ================================================================== [ 264.363246][ T8345] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 264.363272][ T8345] CPU: 1 UID: 0 PID: 8345 Comm: syz.1.468 Tainted: G L syzkaller #0 PREEMPT(full) [ 264.363309][ T8345] Tainted: [L]=SOFTLOCKUP [ 264.363319][ T8345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 264.363335][ T8345] Call Trace: [ 264.363343][ T8345] [ 264.363353][ T8345] dump_stack_lvl+0x100/0x190 [ 264.363389][ T8345] vpanic+0x552/0x970 [ 264.363415][ T8345] ? __pfx_vpanic+0x10/0x10 [ 264.363440][ T8345] ? mark_held_locks+0x40/0x70 [ 264.363483][ T8345] ? sys_imageblit+0x19fb/0x1d60 [ 264.363515][ T8345] panic+0xd1/0xe0 [ 264.363539][ T8345] ? __pfx_panic+0x10/0x10 [ 264.363564][ T8345] ? sys_imageblit+0x19fb/0x1d60 [ 264.363596][ T8345] ? preempt_schedule_common+0x42/0xc0 [ 264.363637][ T8345] ? check_panic_on_warn+0x1f/0x90 [ 264.363677][ T8345] check_panic_on_warn.cold+0x19/0x34 [ 264.363704][ T8345] end_report.part.0+0x3a/0x90 [ 264.363736][ T8345] kasan_report.cold+0xe/0x18 [ 264.363770][ T8345] ? sys_imageblit+0x19fb/0x1d60 [ 264.363803][ T8345] sys_imageblit+0x19fb/0x1d60 [ 264.363839][ T8345] ? __pfx_sys_imageblit+0x10/0x10 [ 264.363872][ T8345] ? prb_read_valid+0x78/0xa0 [ 264.363898][ T8345] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 264.363938][ T8345] soft_cursor+0x524/0xa10 [ 264.363961][ T8345] ? __pfx___probestub_notifier_run+0x10/0x10 [ 264.363990][ T8345] ? fb_get_color_depth+0x120/0x250 [ 264.364028][ T8345] bit_cursor+0xca1/0x1490 [ 264.364056][ T8345] ? __pfx_bit_cursor+0x10/0x10 [ 264.364085][ T8345] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 264.364123][ T8345] ? get_color+0x1da/0x450 [ 264.364159][ T8345] ? __pfx_bit_cursor+0x10/0x10 [ 264.364184][ T8345] fbcon_cursor+0x43c/0x5e0 [ 264.364220][ T8345] ? add_softcursor+0x1a0/0x290 [ 264.364259][ T8345] set_cursor+0x1db/0x250 [ 264.364287][ T8345] con_write+0x89/0xb0 [ 264.364321][ T8345] n_tty_write+0x431/0x1160 [ 264.364368][ T8345] ? __pfx_n_tty_write+0x10/0x10 [ 264.364406][ T8345] ? __kasan_kmalloc+0xaa/0xb0 [ 264.364438][ T8345] ? __pfx_woken_wake_function+0x10/0x10 [ 264.364468][ T8345] ? rcu_is_watching+0x12/0xc0 [ 264.364500][ T8345] ? file_tty_write.isra.0+0x694/0x890 [ 264.364533][ T8345] ? kfree+0x1e5/0x6c0 [ 264.364558][ T8345] ? __pfx_n_tty_write+0x10/0x10 [ 264.364599][ T8345] file_tty_write.isra.0+0x4d2/0x890 [ 264.364656][ T8345] redirected_tty_write+0xd4/0x120 [ 264.364693][ T8345] vfs_write+0x6ac/0x1050 [ 264.364718][ T8345] ? __pfx_redirected_tty_write+0x10/0x10 [ 264.364754][ T8345] ? __pfx_vfs_write+0x10/0x10 [ 264.364777][ T8345] ? find_held_lock+0x2b/0x80 [ 264.364821][ T8345] ksys_write+0x12a/0x250 [ 264.364846][ T8345] ? __pfx_ksys_write+0x10/0x10 [ 264.364876][ T8345] do_syscall_64+0x115/0x840 [ 264.364901][ T8345] ? clear_bhb_loop+0x40/0x90 [ 264.364932][ T8345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.364960][ T8345] RIP: 0033:0x7f045bf9ce59 [ 264.364982][ T8345] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 264.365009][ T8345] RSP: 002b:00007f045ce08028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 264.365036][ T8345] RAX: ffffffffffffffda RBX: 00007f045c216360 RCX: 00007f045bf9ce59 [ 264.365055][ T8345] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000010 [ 264.365073][ T8345] RBP: 00007f045c032e6f R08: 0000000000000000 R09: 0000000000000000 [ 264.365090][ T8345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 264.365107][ T8345] R13: 00007f045c2163f8 R14: 00007f045c216360 R15: 00007ffdc5ef83d8 [ 264.365134][ T8345] [ 264.365316][ T8345] Kernel Offset: disabled