last executing test programs: 9.340888734s ago: executing program 3 (id=2392): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x2008, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffff7fffffe01, 0x8051, 0x3, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(r1, &(0x7f0000000000)='\x13\x00', 0x2fe) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000000), r1) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x8, 0xe2, 0xd43c, r0, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb05000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01032cb57000fbdbdf250a00000f0600010018"], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) syz_genetlink_get_family_id$auto_ncsi(0x0, r2) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040801}, 0x10) socket(0x2, 0x1, 0x106) socket(0x15, 0x5, 0x0) landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x7}, 0x9, 0x0) r4 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto_I2C_SMBUS(r4, 0x720, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) 9.137564375s ago: executing program 0 (id=2393): r0 = fcntl$auto_F_DUPFD_CLOEXEC(0xffffffffffffffff, 0x406, 0xffffffffffffffff) mmap$auto(0xfffffffffffffffd, 0x402000d, 0xe2, 0xeb1, r0, 0x8000) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r1, 0xc0686611, &(0x7f00000001c0)={0xffffffffffffffc0, 0x9, 0xc5b, 0x2, 0x5, 0x8000000000000000, 0x7, 0x4, 0x9, 0x10000, 0x0, 0x3ff, 0x6, 0x7fffffff, 0x7}) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000040)={0x8, 0x2, '\a\x00\x00\x00\x00\x00\x00\x00'}, 0x2) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyva\x00', 0x101840, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb5, 0x401, 0x5) r3 = socket(0x2b, 0x1, 0x1) r4 = openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0) poll$auto(&(0x7f0000000280)={r4, 0xf06d, 0x4}, 0x84, 0x5) setsockopt$auto(r3, 0x2, 0x1b, 0x0, 0x7) ioctl$auto(r2, 0x4b64, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyt1\x00', 0x2a0541, 0x0) socket(0x2b, 0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x31, 0x0, 0x0) mmap$auto(0x0, 0x0, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x0, 0xa}, 0x5, 0x108) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r5 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) write$auto(0x6, 0x0, 0x100000001) splice$auto(0x4, 0x0, r5, 0x0, 0x10000, 0x7) 8.191479898s ago: executing program 0 (id=2396): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/nfsd.export/channel\x00', 0x8f3b7a51b8162d21, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) setsockopt$auto(0x3, 0x10000000084, 0x16, 0x0, 0x8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x17ffffffffffffc, 0x400000004) close_range$auto(0x2, 0x8, 0x0) socket(0x22, 0x5, 0x6) socket(0x2, 0x1, 0x0) r1 = socketpair$auto(0x1e, 0x3, 0xffffff00, 0x0) setsockopt$auto(0x3, 0x6, 0x5, 0x0, 0x8) statmount$auto(0x0, 0x0, 0x202, 0x2000000) mmap$auto(0x0, 0x4020009, 0xdc, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0x8000000000000001, 0x15) r2 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x20200, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto_FS_IOC_SETFLAGS2(r1, 0x40086602, &(0x7f0000001080)=0x81) read$auto_proc_mountinfo_operations_mnt_namespace(r2, &(0x7f0000000040)=""/4080, 0x1036) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)="20edd9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x19) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyyc\x00', 0x0, 0x0) 7.631641196s ago: executing program 3 (id=2399): ioperm$auto(0x5, 0x1, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = open(&(0x7f0000000100)='.\x00', 0x595082, 0x0) write$auto(r0, 0x0, 0xfffffdf1) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) fsetxattr$auto(r0, &(0x7f0000000180)=':\xbf+<\x8a}\x00\xeb\xfa\xe6\x8d\x02\\VD\x04\x00\x00\x00*\x80\xa4\xf4vql\xa9\x05o\xf7\x9e\xfd\xf7\x00\x00\x00\x00H_/Z>n\xf5F\xbf\xd3\xefi\x91\x88\x1daIu7\xef!\xd0\x04\xdes\xfe`\xf5e;4\xbek\xf9\xec%\xbc\xd4\xfc`\xb9\n\xb5\xa5V\x98\x14]\x8a\x03\xd9', 0x0, 0x7bd, 0x1) 6.902079427s ago: executing program 3 (id=2402): mmap$auto(0x2000000000000000, 0x9, 0x4000000001df, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x1, 0x106) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000100), 0x80001, 0x0) socket(0x11, 0x3, 0x9) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r1 = socket(0x18, 0x3, 0x2) shutdown$auto(r1, 0x8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) bind$auto(r1, &(0x7f0000000040)=@hci={0x1f, 0xffffffffffffffff}, 0x6a) sendmsg$auto_NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, 0x0, 0x4000004) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x9, 0x0, 0x0, &(0x7f0000000440)={[0x1ff, 0x87, 0x8, 0x1, 0x948b, 0x5, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x400, 0x5d8, 0x1000000000000009, 0x7, 0x8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000008007, 0x800000000000004, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x2, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x4, 0xe05a, 0x4]}, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x2a, 0x2, 0x0) ioctl$auto(r3, 0x8912, 0x38) r4 = syz_clone(0x411, 0x0, 0x5a, 0x0, 0x0, 0x0) kcmp$auto_KCMP_FILE(r4, r4, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_NEW(r2, &(0x7f0000005e80)={0x0, 0x0, &(0x7f0000005e40)={&(0x7f0000001c80)={0x7d0, 0x0, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [@OVS_FLOW_ATTR_ACTIONS={0x4}, @OVS_FLOW_ATTR_MASK={0x708, 0x7, 0x0, 0x1, [@generic="4e882c3916452324f84be9c096c2a7b208d967a396b414aeb548cc94a8bbf4528c2ea617e8d14a4191c6190bf1fa0406ebaf27ab7247990691d1f16b9ef671d6fa315caec62e8ea0cf9cca9e2c779fbcb66aaaac3c09245adece05d087dae88054263e0863458f789fd978a312eb3678a92b5b6f", @generic="16d489d7d2548050a57f26aa816b32bec3d73f0bac63de67612b830af75813cdb12905b01090a432d5803ce57b318e31132624e51386075b68230682a0cdf1f3e605145b7c9c47621ed1fdb62337349a8d4593ae36911d8faef96731", @typed={0xc, 0x9c, 0x0, 0x0, @str='$$\\\x9f,^^\x00'}, @typed={0x8, 0xab, 0x0, 0x0, @u32=0x200}, @generic="95f6b7abd1041fb5773377dc0a74bd4cdc162a15b6d8e41bed8a308e5d48554baf9f139a18fd8d4e94acaade77edf68af165d416f3af11f8195c9c8baeb6b0af4dce842d2b8dcba8d2fec66e6b1425b1fbcab854628d6f0761f6cbe58fd0b3af2deec2a2bf5f5eec2b6fc5b6e4ea5a2eb229fb0f41352ce76f1ac15c796ea88fec2e0d3c7d466b6cbaf467ad1d9a20232afdf6909b3acedac633cb3917888b26508bf7b3a6a3851539dac79731a983e1793b96e66c2ddf2b9c85a00388a19042d12768822dccabb8dae6e3f31549ca931a7b0c59af168c5d382450de44fc876b5a8fe45f6e39923182b5eb88a425b81cb78aee8f7641c9fb60a0e479f037edcdbd4f59cddd90f0e57717183e5b2f708198bd1cac4b71b4910f152c1c874a423591ea8241c343b639d396e51aa942c0a92a8d0a2d7082e2331bd0656a7b5d8fb3ecc09507447fa37b99a343fc8b69ad2c362b42d2b558c6e1eef622bfba55d5bc74a37cc02dca3105bc76a5802d5b645c6b21414ed1667646bd76b1577dfef54b28b72fe7bf69e09f2f0921522e6ada46855d04076ed9f5319b4895364ae8384c9acab9acfb45e60be4ea8da9071d581201380c4cd9e5ace85bc8526771aa4d95cdb0b34012c89c1b60f99b758d5f73e5c222cce8a9d84e17ea98a9bb3320f62d7182dc38ddba0de47105d67ae3f40d17108c65659b54b5c3bfb3c812ad8a383e2412f21296f9e297ec5487e98d4bb48a14206e2bca93b4281a12a55dd20966019f286b15147d336296c96db8fc3837a3c40484c45fc53f94ae90352657e90bd9b5784d7cd45c54a6b4ae77c09842e8ab6c2900df555fb2e3553632ce02e94d4223edd613d7d50d3e1566d22c3478a1b1d29eb9329812e51f90ed0402c982a713fc7fbb594c5eb50bf2685429447388e7b1fdcd2296d062f9fccb95d009de1927140a8a30943982c72f62b7014b709a3417521e1c3a6a4d4802afcf1c79bbcc8601c3dbccac37d2d758217f3751cbd8ffbec8c0f5753fb00c36215615e335ee5f13cf5e492f1444080b5146c7555343202a67127773ab95d4173c3fed026f1b5da308400c08216aef9e874bfabb316cb279baf95e3f76247e1d8d580f8a1e8d86b17da29bf8764b8e0efd05baa79c9c807cab821b2ba0db6c86e7a7b1b584a49233a963f2fdf1f6c1499a19da4b1005c263a408c3be9e57b547982767f78510a5fac6f6dd7045442afb6e758dfe736be600409922858c661d534182597776ae339b55e07d764f4bb9b57507ad45892cd1a106ac2cdb2e92d0dc57d2d087d42774a8460511a23a4cfb9c3fc82039b60b505257dd40885b1a71be51217256212c0ed793124be76c700abea730fd78dd1738a74211ac32237e8f4d0a78fd35471701b7eeaf805f55dedf155874847fbe7c74bd18d7cd232445e051a18890af8da0ddeae4140ebd5ab779bea5e6470b5b811c96b0541af1b409c5b8f1eebca408c739622dfa0c27db928577b902e56efd0350a87d654b73468d3526b8b838db9dca0e0259e45fd639854c725c618ba5c29bb41f980efe47b2b5b67511acc664844e29d556b69ebca036430ace81b5b3ac0f24c569f1c071246e5f3ca0cb479764740a0e6c56ad9fb9eefde6c0fa7f92af1a73371f194042b5e3fa49ea9c5e965063e24aee82808830d5467f53186a126f7f939da8265a71541ea132cf0ecb0a87f92f3d296bb41596992fd8907e56eaf7d2fead91c6ab5dcc8b00f7c2aaf97f1ff113b7639c5e0be72f70f7a233bd71bd2fc9ff84104550c24edbaaaa287d6399e5907e48486c06a6ec754208a3d40049c2b82f08014f790ba2b9298ec25f02d8e183df717c0152c38c62e6372840887c08860123236f4bd7e8c9a6cecee61a5d5d171f07c79560b84e98876c800e8c1ebef57615d1570b6b0d9d89b14a64fac0203fbc5fa51720b1a2533dc10b68f8d036c8e3cfb5f515e11f53d062de0bd34032c0a26804e936bcb27d5c425b73e434e5f1b69088824e7b2575e58e72af0336414d1c9a12173138772c9462c4e76e9b13c68653b2411fe0e51cdea6ba10f022157a59948696a0b67e190fa75d0d3e766dfa70d74cf1417cb3ed715ae9f5cc992b6e548d0e3cfaa9864076fe70ef83acf193196390788c9db80bc8ca72ba929832d7100496b37f9dbdeb1b73cb62336fe938e85b88d1c72118aac6647bf9f52c5899"]}, @OVS_FLOW_ATTR_ACTIONS={0xac, 0x2, 0x0, 0x1, [@typed={0x4, 0x83}, @nested={0xa4, 0x7c, 0x0, 0x1, [@typed={0xa0, 0x148, 0x0, 0x0, @binary="5f81a87f55a95d1b082ac220148cbc1521c0fd4d110bf0d4b4e650241a39b8d42e845d83f303c3e7f413ea4d7edf7f3244bc3625c17edd23d8f7d7131095439f29defefb668631e40dcacaeeab0f255750f05882ee3c3baa821b5c9e7a7c08ebb6691a3f87949ee4927ac183eb8a6399f2a5ce613d741d7049898cd05a3d7523705731b5679b7375629e594b889b7b69fb61c69fa385c859537959cd"}, @generic]}]}, @OVS_FLOW_ATTR_PROBE={0x4}]}, 0x7d0}, 0x1, 0x0, 0x0, 0x40080}, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0) close_range$auto(0x2, 0x8, 0x0) 6.636812055s ago: executing program 1 (id=2403): ioperm$auto(0x5, 0x1, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = open(&(0x7f0000000100)='.\x00', 0x595082, 0x0) write$auto(r0, 0x0, 0xfffffdf1) r1 = socket(0x11, 0x3, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) sendmmsg$auto(r1, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f00000003c0), 0x5ea}, 0x5, 0x0, 0x0, 0x1001}, 0x5}, 0x2, 0x100) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) fsetxattr$auto(r0, &(0x7f0000000180)=':\xbf+<\x8a}\x00\xeb\xfa\xe6\x8d\x02\\VD\x04\x00\x00\x00*\x80\xa4\xf4vql\xa9\x05o\xf7\x9e\xfd\xf7\x00\x00\x00\x00H_/Z>n\xf5F\xbf\xd3\xefi\x91\x88\x1daIu7\xef!\xd0\x04\xdes\xfe`\xf5e;4\xbek\xf9\xec%\xbc\xd4\xfc`\xb9\n\xb5\xa5V\x98\x14]\x8a\x03\xd9', 0x0, 0x7bd, 0x1) 6.41978215s ago: executing program 0 (id=2405): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) close_range$auto(0x0, 0x5, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) r0 = epoll_create$auto(0x1) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x1, 0x400000005, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0x9, 0x3fd6, 0x0, 0x1ffffffa) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x80102, 0x0) write$auto(r1, 0x0, 0x40100000a3d5) 5.258009683s ago: executing program 1 (id=2407): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8a401, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x20000081) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x7ff, 0x5, 0x63, 0x0, 0x0, 0x0, 0x49, 0x200, 0x800000000100002, 0x40000407, 0x2, 0xfffffffffffffffe, 0x2, 0x19, 0x2000000000d, 0x7}) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0xff, 0xffffffffffff0002, 0x16) ioctl$auto(0xc8, 0x400454cb, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x400053, 0x9) unshare$auto(0x40000080) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x182702, 0x0) preadv2$auto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x80000003}, 0x7, 0xffffffffffffffff, 0x8000000000000, 0x2f) r0 = getpid() r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/kcore\x00', 0x40000, 0x0) poll$auto(&(0x7f0000000080)={r1, 0x1, 0x6}, 0x5, 0x101) futex$auto(0x0, 0xfffffffb, 0xac, &(0x7f0000000200)={0xa, 0xfff}, &(0x7f0000000240)=0x4, 0x7) process_vm_readv$auto(r0, 0x0, 0x4, 0x0, 0x6, 0x0) socket(0xa, 0x2, 0x3a) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory0/state\x00', 0x1e1842, 0x0) sendfile$auto(r2, r2, 0x0, 0x4) 4.782659363s ago: executing program 3 (id=2409): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r1, 0x4068aea3, &(0x7f0000000040)={0xbc}) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0xa, 0x0, 0x0, 0x0, 0x0) (async) select$auto(0xa, 0x0, 0x0, 0x0, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x400000000003) mmap$auto(0x0, 0x40009, 0x5, 0x16, 0x7, 0x28000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x5) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe002) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe002) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x101400, 0x0) (async) r2 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x101400, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r2, 0x0) 4.341706287s ago: executing program 3 (id=2410): mmap$auto(0x0, 0x1, 0x400000005, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x3, 0x2000b, 0xdf, 0x17, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x400, 0x0) r0 = socket(0x11, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8954, 0x0) semctl$auto(0x7, 0x2, 0x13, 0x1) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/neigh/team0/retrans_time_ms\x00', 0x200400, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyr8\x00', 0x40101, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/pcmC0D0p\x00', 0x2800, 0x0) ioctl$auto(r1, 0x560a, r1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0xf000, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) capget$auto(&(0x7f0000000080)={0x1e}, &(0x7f00000000c0)={0x3, 0x6, 0x2}) pread64$auto(0xffffffffffffffff, 0x0, 0x80000003, 0x7) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) mprotect$auto(0x110c230000, 0xa588, 0x6) clone3$auto(0x0, 0x7) io_uring_register$auto_IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, 0x0, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x100000000000035, 0x0) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r2, 0x4008af83, 0x0) fsconfig$auto_FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f0000000000)='/proc/thread-self/net/mcfilter6\x00', &(0x7f0000000040)="00e2836e228a0894a0180c79ebe4fecd0ce4f559f6049e1c87ff2298facf0702eb3862eeaf353987d7034b8379065c2feb907ffda2a4edb5a9a6ba", 0xffffffffffffffff) mremap$auto(0x0, 0x9, 0x3fd6, 0x0, 0x1ffffffa) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x90102, 0x0) write$auto(r3, 0x0, 0x40100000a3d5) 4.023447508s ago: executing program 1 (id=2411): ioperm$auto(0x5, 0x1, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = open(&(0x7f0000000100)='.\x00', 0x595082, 0x0) write$auto(r0, 0x0, 0xfffffdf1) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x101f) fsetxattr$auto(r0, &(0x7f0000000180)=':\xbf+<\x8a}\x00\xeb\xfa\xe6\x8d\x02\\VD\x04\x00\x00\x00*\x80\xa4\xf4vql\xa9\x05o\xf7\x9e\xfd\xf7\x00\x00\x00\x00H_/Z>n\xf5F\xbf\xd3\xefi\x91\x88\x1daIu7\xef!\xd0\x04\xdes\xfe`\xf5e;4\xbek\xf9\xec%\xbc\xd4\xfc`\xb9\n\xb5\xa5V\x98\x14]\x8a\x03\xd9', 0x0, 0x7bd, 0x1) 3.392841885s ago: executing program 2 (id=2412): close_range$auto(0x2, 0xa, 0x0) kill$auto(0x0, 0x11) msgctl$auto_IPC_INFO(0x7, 0x3, 0x0) ptrace$auto(0x10, 0x0, 0x1, 0x7ff) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x8, 0xc0b, 0x8, 0x5, 0x2, 0xffffffffffffffff, 0x13, 0x7, 0xb, 0x1, 0xced80000000000, 0x9, 0x6, 0x0, 0x3, 0x7fffffff]}, 0x0, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) readv$auto(r0, &(0x7f0000000a80)={0x0, 0x3}, 0x3) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/lapb0/proto_down\x00', 0x2262, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x3a) 3.034132326s ago: executing program 1 (id=2413): openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x1, 0x400000005, 0xeb1, 0xfffffffffffffffa, 0x8000) setresuid$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff) mremap$auto(0x0, 0x9, 0x3fd6, 0x0, 0x1ffffffa) ioctl$auto_TUNSETVNETHDRSZ2(0xffffffffffffffff, 0x400454d8, &(0x7f0000000180)=0x3) r0 = io_uring_setup$auto(0x59, 0x0) ioctl$auto_RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, 0x0) ioctl$auto(0x3, 0x541b, 0x10000000000402) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy10/airtime_flags\x00', 0x2641, 0x0) mmap$auto(0x0, 0x4020009, 0xdd, 0xeb1, r0, 0xc4e) gettid() r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x80102, 0x0) write$auto(r1, 0x0, 0x40100000a3d5) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, 0x0) write$auto(r1, 0x0, 0xa10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0x1f, 0xfffffffffffffffa, 0x7ffc) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_tracing_buffers_fops_trace(0xffffffffffffffff, 0x7, &(0x7f0000000040)="023b8829afee0f9e18cde2ff") socket(0x10, 0x2, 0x4) socket(0x2, 0x3, 0x4) r2 = socket(0x18, 0x3, 0x0) getsockname$auto(r2, &(0x7f0000000080), &(0x7f00000000c0)=0x10000) clock_getres$auto(0x8, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) socketpair$auto(0x1, 0x4, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) socket(0x11, 0x80003, 0x300) 3.010168634s ago: executing program 2 (id=2414): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x7) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06\x00', &(0x7f0000000140)='nfsd\x00', 0x95f, 0x0) statfs$auto(&(0x7f0000000040)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06\x00', &(0x7f0000000180)={0x1, 0x41f, 0x5fc1, 0x4, 0xffffffffff000000, 0x100, 0x8, {[0x9, 0x7f]}, 0x5, 0xfffffffffffffffb, 0xd889, [0x7, 0x0, 0x1, 0x10001]}) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) open(0x0, 0x261c2, 0xb2) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r1, 0x4b68, 0x0) r2 = openat$auto_objects_fops_(0xffffffffffffff9c, &(0x7f00000002c0), 0x40042, 0x0) r3 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = getpid() r5 = prctl$auto_PR_SET_MM_ARG_END(0x2, 0x9, r4, 0xe, 0xa) pread64$auto(r2, &(0x7f0000000000)='/sy\x00\x80\x00\x00\x00\x00\x00\x00/de`ug/kfence/\x00\x00\x00\x00cts\x00', 0x1000000008, 0x800) ioctl$auto_TUNGETFILTER(r5, 0x801054db, &(0x7f0000000600)={0x3, &(0x7f00000005c0)={0xff, 0x1, 0xfa, @inferred=r3}}) syz_clone(0x2080, 0x0, 0xffffffffffffff0e, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000540)={&(0x7f0000000840)=ANY=[@ANYBLOB="58b15957ec0007bb162ccb8ad05fd5d20b556dd0274cc4e4fa951291960b1caa232ca1c0d28e3ab7bb9fcb9c7d1f7ebbe10523c40761b641d00b79b68d36404fda2c9c45934baee72867318c4e3448912bbb9647e92becd2f186d96936d6f4001e4b18fd824ddb943c1c7a79f8f285aa4b253136fef718d9bfbe99c852fdfb2ea89a9df889f04cee84eaf8ae16d62dddf93f1aaadec83eaab652be7576eb1fe0acb78f697ee79004549025628dd9dd222cdceba6479923ea967a2ccf532165ed45dc49ddd1", @ANYRES16=r6, @ANYBLOB="000326bd7000fbdbdf257e0000001400f900e34bf9d612476e84bbe6391eaac979270800270012e20000fa001700745f447c89fec12925a66d03bdba09baa7d9e0f58319d357f4dfa59bf9a7bdd5e23b99e0251352a77c23d3b8d1a096123751bc054768fdbdcc0997f7b0585c7a2a1323b057f2410fb7ad989695d6024554ef938794e5a03f9a63027cbbb9c578a857bb4b8b633dadf1c8d8f1180823d38e5060f151d0460070fbe76e3937f395871b0d851508002b8867a1d69eb413e517d064514eeb61e4d60a18d68f6c6c92ecdef71a049b6d1df01cb7b770af32a9e3e1b0def66febb26555e4aab55caeb6c7ef3ee5807e6a680ddb4317c3d9a7b547e3d3c261b85d1482b4c185600e39cf8d5cee91be1d464d31ba71dfe698eedce048c2ffe94b000006009800fffe000005002900090000000400830004008e0005002a010e0000000400bf00"], 0x150}, 0x1, 0x0, 0x0, 0x40000}, 0x48811) execve$auto(&(0x7f0000000080)='}[,&*}\x00', &(0x7f0000000240)=&(0x7f0000000200)='/sy\x00\x80\x00\x00\x00\x00\x00\x00/de`ug/kfence/\x00\x00\x00\x00cts\x00', &(0x7f0000000300)=&(0x7f0000000280)='{[\x00') r7 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x82000, 0x0) pread64$auto(r7, 0x0, 0x80, 0x6) 2.40026005s ago: executing program 2 (id=2415): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) fanotify_init$auto(0x200, 0x1) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) chdir$auto(&(0x7f0000000040)='}[,&*}\x00') getcwd$auto(0x0, 0xffffffffffffffff) unlinkat$auto(0xffffffffffffffff, 0x0, 0x200) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x601, 0x0) write$auto(r0, 0x0, 0x272) socket(0x2, 0x80002, 0x73) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000080), 0x6b) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x18, 0x5, 0x0) bpf$auto_BPF_MAP_FREEZE(0x16, &(0x7f0000000280)=@enable_stats={0x7ff}, 0x6) socket(0xa, 0x2, 0x73) socket(0x2, 0x80002, 0x73) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) fsconfig$auto(0xffffffffffffffff, 0x2, &(0x7f0000000080)='I\xee\"\xe3\xb7\xcfD\xe5\xb1\x05\x1e#\xff1<\xd9h[e\xdf\xc0M\xa2\x00\v\x97\xb5\xd4\x94\x99u\x9e\xf4O\x1a\xb1\x05\xb8\xcb\x96X\a\xc8\xb7\x97\xc7M\x83\'^\xc9\x9e\xccAsv\xce8sw\v\xac\xcd\xa2B\xf8.\xce\xe6n\xfe\xd6\xc8^W>Rz`C+\x0e\x8c<\xc5\x8f\xe6\x0f\x14\xfa\x9ea4>\xd8O[{\xede\xfd\xbc\xc7\xbd4_\xbc\xc6\x06\xe5h\x9e\xf5/4\xe8\xcfc\x95\xbb~\xd9.\xb3\x84\xb8K\xa7\xca\xda\xc8\x11u\xa1\x1d\x9d\xe1%\xc0m\xf6%1\xba\xe7^\xed0\xdc\x86\xeaG)?p,Up \xe9\b\x14\xaf\xbf\xd9\xc3,\xb8\x17\x10\x9f\x92\x95@),A\xb4\x92Q\x86\xbe\xed=p\x9c\xbd\xba#_]K\xce.\x00\x00\x00\x8eDv\x0fl\xed\x93ey\xf9\x19\xf0\x9d\xf5\xfe\xed\xc7Q\xc0ZJ\xc9*7\xf2\x1a\xa7\xb3\xc6v\v\xe1u\x16:\x15\xefel\xf0\x8c/\xa2\x95\xc1\xacd\xc9\a\xe5\x888F\xaa\xce\x94\xa2:sx\xea\x96\x7f~]\xdbj\xd1#\x94K\xcf\x11l\xe5Z\xec\xa6B\x90\xb6\xa3`\x88\xd4\x87\x17\x8a\x00\x00x\x95#\x83\x99\x00\xc6Z\x1au\x8e\xa7}\xa7\xe9\x83X\xa3\xad\xe2T\xea\xa0\xba\xd7R8T\x8e0h\x8ck4\x15\xf3sh0\xd3\x1e\xedU@\xab\xc0g\xeeT\xc5\x8d\x9b\x188x)\xf0i]\xdcf\xdd\xf9\xffA\"ZQ\x8d\x15\xff\xf3\xb36\x1d\x8e7\xb2d3\xe8\xf4\x1e3\xec\xfe\xbf\xbbo\xbb\xd2Z\x89:\xa2\xc8n8k\xa8\xba\xa5E\x9f\xbe>3,\xcb\xa2\xa7q \xe2P\x8a\xb1Vh\x94$\xe9\xea\x0f!G\xb9\xb3\x11\xe1\xae\tg\xc2?8\x8e8\xce\xbf\x01W\xbc\x8b\xab\xa9\x91j\xcd\xb9`F\x02\'\x05\xb1d\xff\xedB\xa5W(q\xfa\xad\x9be\xbfX\x14\xb9\xf8\x1a\xe9\xed\xe6\x1a', 0x0, 0x0) bind$auto(0x3, &(0x7f0000000080), 0x6b) madvise$auto(0x4b, 0xffffffffffff0003, 0x17) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) uname$auto(0x0) setsockopt$auto(0x3, 0x10000000084, 0x1f, 0x0, 0x3ff) 2.218499334s ago: executing program 1 (id=2416): r0 = socketpair$auto(0x80000000, 0x0, 0x5, 0xfffffffffffffffe) mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0) sendfile$auto(0x3, r2, 0x0, 0x2) ioperm$auto(0x5, 0x1, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = open(&(0x7f0000000100)='.\x00', 0x595082, 0x0) write$auto(r3, 0x0, 0xfffffdf1) r4 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) fchdir$auto(r4) pivot_root$auto(&(0x7f0000000300)='.\x00\xaf\xeb)\xae$\xfc\x00\xf8\x05AC\x9f\xbbR\xec\xc6c\x85\xc8\xa7\xe84sF\xe3U\x94\x99\x8fR\xd0\x98\f\xa5\xb1S\x7f\xc3\xa5\xc0\x97\x10qa\r\x02\xd2\xc8\xd2\x8e\xc7\x80\x11\x06#\xf5\x18|\xdc\x81Ai\xb6\x96iaR\xdbA\x04\x10\x99\xe6\xdb\xae`G\x1d9`T\xd8\xc6\xea\xf7\x96\xb5\xe9\x164e\xb1 S\x8f\x12_\x15y\x91F\xc89\xb1\xd24?\x89.,Z\xba,\"v\xde\xc4\xe0\x84\xca|\"\x96V\xd5P\xe4\xb9\xea\x88\x15\xacs\xc6\x83\xd6\x81\xd7\x11\x88\x9c\xdd\x8a\x0e\xea\x19|\x7f\xe3A8x\xce\xc1!q\xbbi\\\xd8\xa9\xe0\xed\x9e\x19\xc0IC9^\xfcJG\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000280)='.\x00') linkat$auto(r3, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/ipc\x00') r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/controlC2\x00', 0x492000, 0x0) r6 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000180), r1) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_NETDEV_CMD_BIND_RX(r7, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYBLOB="01002abd7000fddbdf250d00000008000300", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'pim6reg1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000280)={'macvlan0\x00', 0x0}) sendmsg$auto_NETDEV_CMD_BIND_RX(r0, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0xc0, r6, 0x4, 0x70bd26, 0x25dfdbfc, {}, [@NETDEV_A_DMABUF_IFINDEX={0x8, 0x1, r8}, @NETDEV_A_DMABUF_QUEUES={0x2c, 0x2, 0x0, 0x1, [@NETDEV_A_QUEUE_ID={0x8, 0x1, 0x6}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0x9}, @NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0x1}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0x4}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0x7c5}]}, @NETDEV_A_DMABUF_IFINDEX={0x8, 0x1, r9}, @NETDEV_A_DMABUF_QUEUES={0x3c, 0x2, 0x0, 0x1, [@NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0x4}, @NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0x7ff}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0x5}, @NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0x3}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0x7f}, @NETDEV_A_QUEUE_ID={0x8}, @NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0xf}]}, @NETDEV_A_DMABUF_QUEUES={0x24, 0x2, 0x0, 0x1, [@NETDEV_A_QUEUE_ID={0x8, 0x1, 0x6}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0x6}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0x7fffffff}, @NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0x6}]}, @NETDEV_A_DMABUF_IFINDEX={0x8, 0x1, r10}, @NETDEV_A_DMABUF_FD={0x8, 0x3, r3}]}, 0xc0}, 0x1, 0x0, 0x0, 0x8041}, 0x4000004) fsetxattr$auto(r5, &(0x7f0000000200)=':\xbf+\x1c\x8a}\x00\xeb\xfa\xe6\x8d\x02\\VD\x04\x00\x00\x00*\x80\xa4\xf4vql\xa9\x05o\xf7\x9e\xfd\xf7\x00\x00l\xbcH_/Z>n\xf5F\xbfxW(\xb1\xba\xec}:d\x1b\xf9\x88{u7\xef!\xd0\x04\xdes\xfe`\xf5e;4\xbek\xf9\xec&\xbc\xd4\xfc`\xb9\n\xb5\xa5V\x98\x14]\b\x00\xd9', 0x0, 0x3, 0x1) 2.148000432s ago: executing program 3 (id=2417): mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) fcntl$auto_F_SETLKW(0xffffffffffffffff, 0x7, 0x4) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/240, 0xf0) close_range$auto(0x2, 0x8, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x84242, 0xe1d2b27bdc14aabc) rt_sigpending$auto(&(0x7f0000000000)={0x5}, 0x8) fallocate$auto(r1, 0x3, 0x4000000007, 0xa) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000080), 0x181583, 0x0) select$auto(0xd, 0x0, &(0x7f0000000400)={[0x8, 0x200000000005, 0x7, 0x7, 0x0, 0x80000004, 0xc, 0x6, 0x8fc, 0xb80, 0xe34c, 0x4009, 0x3, 0xfffffffffffff954, 0xfffffffffffffff8, 0xfff]}, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_SCAN(r2, &(0x7f00000165c0)={0x0, 0x0, &(0x7f0000016580)={&(0x7f0000000280)={0x1c, r3, 0xd3ac6c422733a379, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_BEACON_TAIL={0x6, 0xf, 'P\r'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2404c000}, 0x0) setrlimit$auto(0x7, &(0x7f0000001380)={0x5, 0x6}) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x401, 0x8000) syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) pipe$auto(0x0) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) ioctl$auto_PPPIOCSPASS(r4, 0x40107447, &(0x7f00000000c0)={0xe, &(0x7f0000000080)={0x4, 0x4, 0x2, @inferred=r1}}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) 2.025544504s ago: executing program 2 (id=2418): ioctl$auto_PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0x9) socket(0x22, 0x2, 0x200) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/kernel/profiling\x00', 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000240)="37d27c", 0x3) semget$auto(0x0, 0x13c, 0x1ff) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/mtd/mtd0/mtdblock0/queue/atomic_write_unit_max_bytes\x00', 0x10f406, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/swradio7\x00', 0x14b681, 0x0) r1 = socket(0xa, 0x801, 0x84) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x9, 0x0) setsockopt$auto(r1, 0x10000000084, 0x9, 0x0, 0x9c) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000140)=""/36, 0x24) read$auto(r3, 0x0, 0x9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x20000a, 0x4) openat$auto_hpet_fops_hpet(0xffffffffffffff9c, &(0x7f0000000100), 0x252a00, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/erspan0/queues/tx-0/byte_queue_limits/hold_time\x00', 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40001}, 0x8151) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 1.76580983s ago: executing program 1 (id=2419): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = prctl$auto_PR_SET_MM_ARG_START(0xffff3792, 0x8, r0, 0x4, 0x2) ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0x4, &(0x7f0000000040)="5d4e5916f5e884b32f1bede11c78191765a666ac710b9d17691f7f44918100a6f1d37ed4a575689dbc9e3e7c54766fee8e6a8f5cefda40a4427faf0cb7cd7a069d1fc42ebcdf38533b4f45f86f9e8e513d06e5370a1d3fbd1fed453a631b3a77c4709d769be03f26cda8291ba7a9d0ce8c971673eec0236fa397b10b26b872a59c5e69f6cdceb0f2a436d378a6c2ca6e538bd4582c2feaacf3db9182f10340bd1b31ed040a667315261e364b24ced35472027755c23dcd0c200d436d45d3926cc961d8e307df3662805372b942da36cdfe2fe2f9a1a0ff97097ee273dae0fa537cc353591b864d6f083ccc60b9ae1c5684ed3116ca24a931b5fc368921c29d39e5c91928b6b3ae9a8c3fab90a00c04c716f5026868f570619370b43b9304853c74fc410d17eb170467300201f85100949a1ac0afa49c82c06fdcbd24bf02426b5235178cc273a5264fe549a03603155ee57240114229101957e16c52fd352d8cc7a729f84e3be3e10a66b6b2a3cb074b8497c4fe2df76bf171e34f064754ceb935ca3c8174a83ee75e73e2e4d977f88d731dd4ac4f9b930f766a2a3dcd779918e47d95a9ad306a32aa5c67d96c34d227fed867faf40fd8d0df04ea31fe92221c3ccb9287776f7b263e856bdbc8dd7c57bc57d226566cbc7849fa0d423ecadc45e6133710636c776415e8679c9e9ffc68de4d979a7d09d8d617ec8cbce1831ccc524da56b3d45323166ffa4756311d224bb9a3830f0319b5b0b6b1c19337563aa43b730000644f59570c4acdbfa6ef8349da7e9918bf10d672a0ffca4ea11d78a452d46e863c570667b94ef372b449b7586bb38e2fd55b3c30fb5f5f58c641873ac3f8835f9c6dc3f3545c389ca174d93322e539b03ec524d0089ab4833a471f91f026c6a739595288fb05fa47cb6435c24c4272b5bb44c80670d7f99b1537e96ad384b908b88eece5ebb629adc5cc8d61fc9b59fc6edee8a20ef96cbf5a6ac96979b4f03db3435a679082092dbce60aeb4523f81489ade1fbdf09091943b8218b6254ea0f5065f60af1c72b30409392fd0ba6c643f4e196b40a66a589fde5d189acc51a201f01ffff54e37b18ab4d88fcecaa267a80a51523ea96dea48f67e9c85937e3f1027941caf7d255ef3694261d926b0d2a005dbff13523887bcf5c275f7f1000518d86115a4f66fb55306685b777744100c0df72662b21e10fac97d813ea0e4ee96acf04002bb459502912c2f68afa7f12b69286fb0e980568d5053c18f743c6b871bf0ba7d028ba39a34380b13e0b11006f55604054cd41fa6bf2196913c51e99f01da9c66b1aeb69dc7b26309ed498eba9ba146afca0e5fd00ae8907e49c204daaacef8f1d7a23996fcf2302e5c9a7dfa4725a789c90f67e7a9889679f0d4b32987823d929fd46a088dc9f5368ad19e3b8815d5cbd95a402b9e221dad65631a94aa80c3c7a780d78d72065cf002c746b1d9c1fe03e07f3643add1145b61521ad7243090d8a98536c7c44e3af458bad4accc9fdd16bdbf6429d0ae28751136143e186af1e77befd627b85da1c28f8c7e0ff0af790131b250396fd3baa91de281553f3e5e2607278222cced391b76d1d5203208fbab1fd4790a653c70e699b0ae3520ff98345cc57bc48684f1687905c75c94821bc97aa675b571be7e395ac815d6775bd198f48400634134a852ca1f4f3f52c4ea515ba63a1bb53a5ea39223425596dbd68c7253d8771d9d1bbed2e4c5f02df7ce819c1fd5dd08f511339bc60d138f6fb557e96d8c1e2b05ac5ba01c2f677608ea4a123986be8723762d811b5d262a5773912d74369cf47541e762052a078234a0b35d73757d3a099ef83f05a27be6803b0724725b04a45c86679ae29bb5b544ee80693a19714add045f42f8afdb0b2d4efa8971c46e62ff7fe3e17576625883aa9752d48fb585d0f76d14318d6e2eefa4c739e23d0511fea2854c858b8ca7927d0793f16f78a06972cc9ab6e1fcb44eb878d17dc7e24dc71596976b51b3112013eb6ce4817086fb7ce2687e1e9fbda92611392ff97c1dcd36f57d6ad522cd9ebe83b6057ec9e1c3734936b8b5fc2f92c7a697f1a8cc47e5a30e4a834eac7d068bc00dc9e128cbdf2d8ffa3d6ce0e1e774d00c3fba0a161409f2e5abcd03699474022c09144b3fc197e9ac89bb3142126e9bf8c8d64d70ea2d637710d5f9c871063e9f8d44418484f38aa966dfd4d57b257755970a72706b38fa92bc00e9a18e0904178b5a048c3bd5763b4e0b2337f2d68e55d343a63a3f138f31e03438f0e1f82855c99d629080ade547fb0a20e21c4a5218296101bce1c0f9355ae267302cf384466f26ead6265903d8665cafbd386a278dc9b934c6da5dcb866e63ae9b9265763836a69891763c27ccabaa691e02088eda430b39ce27bd0b6ee78d0e4e36ab57c48969684fd77754d8ffc014612bc4c6ab39274ab61adeea1a0bd9e7042a3ee67a10fc0d08b7cb3dbef8b96fab163ae885888d68adbc47a695c29a0163fcb1ee7782f42cc8944d63bafa81455f3a2d69862c6d5680e7136108fbc80ef52d64ca4133e38c88cf8dbf87ba656cd49efd7991780462df9f43c56f6f570dcba3fdc2972b751267829ed3c09fcf905956e5f272a3a9850a399675936bb6812b213de9c7db91cacab06d95ab8e065e8f6472259c8c6691d8d26810ea71028d5583cfa8c58ea79b0b5ad900ffd7d5c9e76b3417f7a173cb475c8df4e5741b12f3acb9d462a73b0311ca3aa0c336496edbe98deee8fca4099710591d9c430d03ecc8995b626af8900ac695d23dfc55bcfef3fde43a018f7a67f15dc3d9638c68a7de3358b81ab1c8b329e779a0fc088d36bda2106442f349d41e4e62a90facca90bf01a7cd06f914632a9fb025b36157aa890eea1e70fe11f9ff8acbce8f1d4fe31dbee46f04f64e19f3314a1abdf7f7a1bdd3fcbbe9ff2b712cddd843d667e273605f0a4273a1cf410c2f3d03db5038f54074090151358c277174847f8ea33824cd5811fc87efe946a22242ff4f9cf8949abc35b29d2901b5f814e5a68187ced096a212b2e1cdea15cb5c1176ca45d8087bfa2540cf00170743546bbdffc17657f0704ba351a600061cd3c842f0975305ca3a0ea7a54e7643255a6b80f76e3a4fd412e2b8855f358a45f6a019a763ef1f371bb285c46bb472cbbfcb2d1f6386e9f178445460ec65a1c1f5352a361349a01205c022714f78a211f46ee703aba3209b33da460bda84bf11451b0e5479cacc994ddcead83fc73c21360e97b3c2b08e56e1d27487d94ee9715362cb8ea47e7aa8e4691d974fad69f8dd4b55f4a5fc21e0a34e0db7f707e33d6a9bd1fc4512f8ad49e493d0db4e8c89b3c4ff9dddb335a72feb8cf67dfe2075d42e7e00d302735237df3e69dd6fd159042a3ec75d9126f864fe699529b2d043b79c9f0bed5c6dce0f348ab743ac8a5891cb80ced8117c053d9151b6e2689aa516150b8d901acd3de3e3ef4cd6b0399c916733f872c37542b401ea38701827b1bb05f98756fd9ec2f9ae6e1e163707f255e0121c35b973eee0e0402d60770f4bcbbfa203e94af21d086fe6c82c33c22eb5daaa454806f659e667685e756142dcb1b8a43172868dad8a1cd6eb157295192fe25e1b57669366f4b046e269498dd2f3730aed6fc0a48c3b1bd40302404047342dc557f74c5cae019c84ce5f03d750717e485e82dbb9c4f008900001cc2531a013ab7dc6d5d2fa5416ea8ce53f792b3ad87861f5873d43914e5c8a0877fdab40a3be9c50b6203136a6e434b8f76202a31ee736bfff4ef9f420e868c19bdeae1bfb7206ee61bdccd852a72b8685b9ba9694a7d107cd52f10f3fe3864209d90e2995a3aec5b5e8264ee06ade361d525bdf91b6d0f1065d3278669f133a26103b9661868156279440d4ac8f3c092c026403ccab58f53d346d1420b0414567ba63b789bf647a413b6269abc18cc8335096f7f8cb41994dd130688d0db6d4b8879d4732b0136cc25a9f9042a135209fb88bba4889c20b769daf187a75b297db154d9d21936d7458b11cd08f7cc169a401357d5f63d8a1975e616e240ed4470114cbbf5982f302a276ed9e37136b85c1dd6b4cae672448926f1fd73fef2a532160af39d28c3a1184de1e1506d535d9f2e8510d0c32631aca5f049b543e33e121ef404ef9138c32e1dff24701d7df70a4d84949edf7b719e60e06b16c22837a120f6c7e963284843c7582dc9b366085637fae3ca89676b139071f058c49484d077656851d58146117fec130e1fbc9c60b69c8d8366c74dec4f5a3745e63d3e894849430849a8369714372ff65d793aadf0dd179c3164f7f477e1f4658f8983d02cfe2fd2bf13d040e90853252c67ecefb6a42a241b907110a84544efe61b76c28920d6ccc65be7b7e657e9059a7d629a727e00d40247cb86676ba8cb757a9f52cd3b70f27a4acdf97f145c9d682833589dec684638af47a8f500009752229dd1adb0c4daac9bf8adcf963d01e215974e1f3542344c0fbfbb510193aea0ad87519391d7ed36329af767960a120239d37b87261be96589567eca5cffbd802d9ac96d5795cf56abe8debe1631d9bf807c2f33e4945f7f7280cc18007d038263fd8830ebf52fa44e62dd16b3ec6e9c1013fb00a1a756d531813b011f3e1184abd64a4b985c44a3c5ad69b91cef51c8aea58a14e1b29d856a151bc6352b2e3ec199d84ed37661d72db04676dccffb0362fb5905daf73b4fbe244614009ebd16601a4df3701a429c3102ea54b5901de3b6ae36f8c96da18245afcb0eb799e409bec3ee40bdf69cca49ebdf3c8df664d4320dc45c3caafda683ef9b1c75ad2d68d573cbd2726f83476f7b7d52fe043abab43c896a59555d76dd435288b11dd46d1b934892f9075b7b23454add2e1a8b6ab747c774eb67ce2ac04c00dd8e884aff56a9f4b8431ba408a5a38deda43060f43879b89012227c419b350fc0bb9a20dc64c2923a3781cd13109acebe0950da66e0031c1d41ccb845e5fb18cd50792041da3222ff0581488fa86f9f3a359f5b9f8ba613ded0372bb025641e4a2423a189f04fd680eccb15b5cdadec73e40eee943717c1c332adffd9323140c87735948f984372ce7e3ccccc85dfa432371ebe79a2c0c0ea80f37119ea1d42348c0b865b223ff6803bd1a749c8ecc3f23ebde76d445cb4bb584a27f1c23e53c130e385fe58122ac27c1f6a1186c4c8a36f9ad99545b52a6ffca68b13b88013c297edfa562186c5aa31261ba95e8539ba61b6b841cfa605c6a3cd199346a9aca675e98005fa1a14f2e5ede218e8c9cb252a2bf07322bf47d120895453504e988dfe4b9293821a176964fcdf083a48f4960dcd7c4663a2e1d77c7bcddcc2dbfbc041a80187ee3196ade53ef2fad0dd62aed7727b5a2545b9590afef6c1e62739ec29e32f793a45137b64af8dd798f422348bfde322061f73bb253c4a983699c5ece0e7815281cf48bdc852524e4c1f5804a4e5d1a4a383541465c5120e4dc0e0c36058a35a4ffd1c5946c5a746c743d65f13edd424f0ac54d842c957016ee4a2f92d6ceca8f71c9b8821ca1155b218b530812bf6f8e9a11805b9b75f2835cce8d9422cb139af93b8aa8a3f42cc16a2d4d952b5c1a0f4687f8f07d2a861592993f15455c06715adf6c3bd3087537f25e63a9ceacdc203be6641ade39465f883d630c25794c5e6fe81ba40a3d0c3cedd91968228f646c00b7470bec263ac5b9cc1b5b3e22a87e9ac35daeed7e6e1120da929eadd02c8cfb5b67215b35") r2 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x82000, 0x0) pread64$auto(r2, 0x0, 0x80, 0x6) 1.265569899s ago: executing program 0 (id=2421): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x40, 0x40000e2, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x40002, 0x0) prctl$auto_PR_SET_SECCOMP(0x16, 0x1, 0xfffffffffffffffb, 0x4, 0x2d8) pwrite64$auto(r1, 0x0, 0xae, 0x3) getsockopt$auto(r0, 0x84, 0x73, 0x0, &(0x7f0000000100)=0x99) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/security/tomoyo/audit\x00', 0x40802, 0x0) writev$auto(r2, &(0x7f0000000000)={0x0, 0x7111}, 0x8) 1.018253607s ago: executing program 2 (id=2422): close_range$auto(0x2, 0xa, 0x0) kill$auto(0x0, 0x11) msgctl$auto_IPC_INFO(0x7, 0x3, 0x0) ptrace$auto(0x10, 0x0, 0x1, 0x7ff) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x8, 0xc0b, 0x8, 0x5, 0x2, 0xffffffffffffffff, 0x13, 0x7, 0xb, 0x1, 0xced80000000000, 0x9, 0x6, 0x0, 0x3, 0x7fffffff]}, 0x0, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) readv$auto(r0, &(0x7f0000000a80)={0x0, 0x3}, 0x3) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/lapb0/proto_down\x00', 0x2262, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x3a) 254.543202ms ago: executing program 0 (id=2423): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) readv$auto(r0, &(0x7f0000000a80)={0x0, 0x3}, 0x3) 234.194µs ago: executing program 0 (id=2424): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x7) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06\x00', &(0x7f0000000140)='nfsd\x00', 0x95f, 0x0) statfs$auto(&(0x7f0000000040)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06\x00', &(0x7f0000000180)={0x1, 0x41f, 0x5fc1, 0x4, 0xffffffffff000000, 0x100, 0x8, {[0x9, 0x7f]}, 0x5, 0xfffffffffffffffb, 0xd889, [0x7, 0x0, 0x1, 0x10001]}) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) open(0x0, 0x261c2, 0xb2) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r1, 0x4b68, 0x0) r2 = openat$auto_objects_fops_(0xffffffffffffff9c, &(0x7f00000002c0), 0x40042, 0x0) r3 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = getpid() r5 = prctl$auto_PR_SET_MM_ARG_END(0x2, 0x9, r4, 0xe, 0xa) pread64$auto(r2, &(0x7f0000000000)='/sy\x00\x80\x00\x00\x00\x00\x00\x00/de`ug/kfence/\x00\x00\x00\x00cts\x00', 0x1000000008, 0x800) ioctl$auto_TUNGETFILTER(r5, 0x801054db, &(0x7f0000000600)={0x3, &(0x7f00000005c0)={0xff, 0x1, 0xfa, @inferred=r3}}) syz_clone(0x2080, 0x0, 0xffffffffffffff0e, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000540)={&(0x7f0000000840)=ANY=[@ANYBLOB="58b15957ec0007bb162ccb8ad05fd5d20b556dd0274cc4e4fa951291960b1caa232ca1c0d28e3ab7bb9fcb9c7d1f7ebbe10523c40761b641d00b79b68d36404fda2c9c45934baee72867318c4e3448912bbb9647e92becd2f186d96936d6f4001e4b18fd824ddb943c1c7a79f8f285aa4b253136fef718d9bfbe99c852fdfb2ea89a9df889f04cee84eaf8ae16d62dddf93f1aaadec83eaab652be7576eb1fe0acb78f697ee79004549025628dd9dd222cdceba6479923ea967a2ccf532165ed45dc49ddd1", @ANYRES16=r6, @ANYBLOB="000326bd7000fbdbdf257e0000001400f900e34bf9d612476e84bbe6391eaac979270800270012e20000fa001700745f447c89fec12925a66d03bdba09baa7d9e0f58319d357f4dfa59bf9a7bdd5e23b99e0251352a77c23d3b8d1a096123751bc054768fdbdcc0997f7b0585c7a2a1323b057f2410fb7ad989695d6024554ef938794e5a03f9a63027cbbb9c578a857bb4b8b633dadf1c8d8f1180823d38e5060f151d0460070fbe76e3937f395871b0d851508002b8867a1d69eb413e517d064514eeb61e4d60a18d68f6c6c92ecdef71a049b6d1df01cb7b770af32a9e3e1b0def66febb26555e4aab55caeb6c7ef3ee5807e6a680ddb4317c3d9a7b547e3d3c261b85d1482b4c185600e39cf8d5cee91be1d464d31ba71dfe698eedce048c2ffe94b000006009800fffe000005002900090000000400830004008e0005002a010e0000000400bf00"], 0x150}, 0x1, 0x0, 0x0, 0x40000}, 0x48811) execve$auto(&(0x7f0000000080)='}[,&*}\x00', &(0x7f0000000240)=&(0x7f0000000200)='/sy\x00\x80\x00\x00\x00\x00\x00\x00/de`ug/kfence/\x00\x00\x00\x00cts\x00', &(0x7f0000000300)=&(0x7f0000000280)='{[\x00') r7 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x82000, 0x0) pread64$auto(r7, 0x0, 0x80, 0x6) 0s ago: executing program 2 (id=2425): openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x1, 0x400000005, 0xeb1, 0xfffffffffffffffa, 0x8000) setresuid$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff) mremap$auto(0x0, 0x9, 0x3fd6, 0x0, 0x1ffffffa) ioctl$auto_TUNSETVNETHDRSZ2(0xffffffffffffffff, 0x400454d8, &(0x7f0000000180)=0x3) r0 = io_uring_setup$auto(0x59, 0x0) ioctl$auto_RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, 0x0) ioctl$auto(0x3, 0x541b, 0x10000000000402) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy10/airtime_flags\x00', 0x2641, 0x0) mmap$auto(0x0, 0x4020009, 0xdd, 0xeb1, r0, 0xc4e) gettid() r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x80102, 0x0) write$auto(r1, 0x0, 0x40100000a3d5) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(r1, 0x0, 0xa10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0x1f, 0xfffffffffffffffa, 0x7ffc) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_tracing_buffers_fops_trace(0xffffffffffffffff, 0x7, &(0x7f0000000040)="023b8829afee0f9e18cde2ff") socket(0x10, 0x2, 0x4) socket(0x2, 0x3, 0x4) r2 = socket(0x18, 0x3, 0x0) getsockname$auto(r2, &(0x7f0000000080), &(0x7f00000000c0)=0x10000) clock_getres$auto(0x8, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) socketpair$auto(0x1, 0x4, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) socket(0x11, 0x80003, 0x300) kernel console output (not intermixed with test programs): 6f R08: 0000000000000000 R09: 0000000000000000 [ 326.723467][T10517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 326.723484][T10517] R13: 00007f3c6ae16128 R14: 00007f3c6ae16090 R15: 00007fffd8311cf8 [ 326.723531][T10517] [ 327.178246][T10523] netlink: 32 bytes leftover after parsing attributes in process `syz.0.906'. [ 327.191463][T10525] netlink: 32 bytes leftover after parsing attributes in process `syz.0.906'. [ 327.226708][T10518] Process accounting paused [ 327.531446][T10534] FAULT_INJECTION: forcing a failure. [ 327.531446][T10534] name failslab, interval 1, probability 0, space 0, times 0 [ 327.597297][T10534] CPU: 0 UID: 0 PID: 10534 Comm: syz.2.907 Tainted: G L syzkaller #0 PREEMPT(full) [ 327.597346][T10534] Tainted: [L]=SOFTLOCKUP [ 327.597357][T10534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 327.597374][T10534] Call Trace: [ 327.597383][T10534] [ 327.597394][T10534] dump_stack_lvl+0x100/0x190 [ 327.597436][T10534] should_fail_ex.cold+0x5/0xa [ 327.597475][T10534] should_failslab+0xc2/0x120 [ 327.597517][T10534] __kmalloc_cache_noprof+0x91/0x6c0 [ 327.597549][T10534] ? usbdev_open+0x9d/0x870 [ 327.597598][T10534] usbdev_open+0x9d/0x870 [ 327.597641][T10534] ? kobject_get_unless_zero+0x156/0x200 [ 327.597677][T10534] ? __pfx_usbdev_open+0x10/0x10 [ 327.597717][T10534] ? chrdev_open+0x10b/0x6a0 [ 327.597747][T10534] ? chrdev_open+0x10b/0x6a0 [ 327.597783][T10534] ? __pfx_usbdev_open+0x10/0x10 [ 327.597825][T10534] chrdev_open+0x234/0x6a0 [ 327.597855][T10534] ? __pfx_apparmor_file_open+0x10/0x10 [ 327.597887][T10534] ? __pfx_chrdev_open+0x10/0x10 [ 327.597928][T10534] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 327.597971][T10534] do_dentry_open+0x6ab/0x14d0 [ 327.598002][T10534] ? __pfx_chrdev_open+0x10/0x10 [ 327.598039][T10534] vfs_open+0x82/0x3f0 [ 327.598077][T10534] path_openat+0x2873/0x4280 [ 327.598120][T10534] ? __pfx_path_openat+0x10/0x10 [ 327.598161][T10534] do_file_open+0x20e/0x430 [ 327.598193][T10534] ? __pfx_do_file_open+0x10/0x10 [ 327.598250][T10534] ? alloc_fd+0x471/0x7a0 [ 327.598282][T10534] ? do_getname+0x191/0x390 [ 327.598321][T10534] do_sys_openat2+0x10f/0x1e0 [ 327.598358][T10534] ? __pfx_do_sys_openat2+0x10/0x10 [ 327.598398][T10534] ? do_raw_spin_lock+0x128/0x260 [ 327.598440][T10534] __x64_sys_openat+0x12d/0x210 [ 327.598481][T10534] ? __pfx___x64_sys_openat+0x10/0x10 [ 327.598534][T10534] do_syscall_64+0x115/0x840 [ 327.598560][T10534] ? clear_bhb_loop+0x40/0x90 [ 327.598595][T10534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.598628][T10534] RIP: 0033:0x7f3c6ab9ce59 [ 327.598651][T10534] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 327.598679][T10534] RSP: 002b:00007f3c6babc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 327.598707][T10534] RAX: ffffffffffffffda RBX: 00007f3c6ae16090 RCX: 00007f3c6ab9ce59 [ 327.598727][T10534] RDX: 000000000000a901 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 327.598748][T10534] RBP: 00007f3c6ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 327.598766][T10534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 327.598784][T10534] R13: 00007f3c6ae16128 R14: 00007f3c6ae16090 R15: 00007fffd8311cf8 [ 327.598822][T10534] [ 327.907344][ T4943] Bluetooth: hci0: unexpected subevent 0x01 length: 3 < 18 [ 329.233269][ T29] audit: type=1800 audit(8277292091.657:29): pid=10581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.916" name="dbroot" dev="configfs" ino=33975 res=0 errno=0 [ 329.278997][T10581] db_root: cannot open: /sy] [ 330.455202][ T29] audit: type=1800 audit(8277292092.883:30): pid=10617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.923" name="lu_gp_id" dev="configfs" ino=34032 res=0 errno=0 [ 330.636250][T10619] netlink: 146 bytes leftover after parsing attributes in process `syz.0.924'. [ 331.607200][T10660] netlink: 178 bytes leftover after parsing attributes in process `syz.2.932'. [ 331.951599][ T29] audit: type=1800 audit(8277292094.391:31): pid=10675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.934" name="lu_gp_id" dev="configfs" ino=35108 res=0 errno=0 [ 332.522460][T10692] random: crng reseeded on system resumption [ 332.747779][T10692] input: f as /devices/virtual/input/input9 [ 335.356693][T10741] vivid-011: ================= START STATUS ================= [ 335.390562][T10741] vivid-011: Radio HW Seek Mode: Bounded [ 335.423213][T10741] vivid-011: Radio Programmable HW Seek: false [ 335.466368][T10741] vivid-011: RDS Rx I/O Mode: Block I/O [ 335.492126][T10741] vivid-011: Generate RBDS Instead of RDS: false [ 335.519700][T10741] vivid-011: RDS Reception: true [ 335.535588][T10741] vivid-011: RDS Program Type: 0 inactive [ 335.565869][T10743] nbd: must specify a device to reconfigure [ 335.571882][T10741] vivid-011: RDS PS Name: inactive [ 335.592454][T10741] vivid-011: RDS Radio Text: inactive [ 335.622545][T10741] vivid-011: RDS Traffic Announcement: false inactive [ 335.663903][T10741] vivid-011: RDS Traffic Program: false inactive [ 335.710605][T10741] vivid-011: RDS Music: false inactive [ 335.741737][T10741] vivid-011: ================== END STATUS ================== [ 336.391163][T10766] vivid-007: ================= START STATUS ================= [ 336.423172][T10766] vivid-007: Generate PTS: true [ 336.443700][T10766] vivid-007: Generate SCR: true [ 336.451956][T10766] tpg source WxH: 320x240 (Y'CbCr) [ 336.505898][T10766] tpg field: 1 [ 336.547567][T10766] tpg crop: (0,0)/320x240 [ 336.566783][T10766] tpg compose: (0,0)/320x240 [ 336.611193][T10766] tpg colorspace: 8 [ 336.625991][T10766] tpg transfer function: 0/0 [ 336.642856][T10766] tpg Y'CbCr encoding: 0/0 [ 336.653253][T10766] tpg quantization: 0/0 [ 336.666406][T10766] tpg RGB range: 0/2 [ 336.671473][T10766] vivid-007: ================== END STATUS ================== [ 337.096527][T10783] netlink: 28 bytes leftover after parsing attributes in process `syz.1.954'. [ 337.189548][T10783] bond0: (slave bond_slave_0): Releasing backup interface [ 337.222592][T10792] FAULT_INJECTION: forcing a failure. [ 337.222592][T10792] name failslab, interval 1, probability 0, space 0, times 0 [ 337.257273][T10792] CPU: 0 UID: 0 PID: 10792 Comm: syz.2.956 Tainted: G L syzkaller #0 PREEMPT(full) [ 337.257317][T10792] Tainted: [L]=SOFTLOCKUP [ 337.257326][T10792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 337.257343][T10792] Call Trace: [ 337.257352][T10792] [ 337.257363][T10792] dump_stack_lvl+0x100/0x190 [ 337.257404][T10792] should_fail_ex.cold+0x5/0xa [ 337.257443][T10792] should_failslab+0xc2/0x120 [ 337.257482][T10792] __kmalloc_cache_noprof+0x91/0x6c0 [ 337.257513][T10792] ? __kmalloc_node_track_caller_noprof+0x34f/0x830 [ 337.257550][T10792] ? vidtv_psi_eit_event_init+0xe1/0x400 [ 337.257593][T10792] vidtv_psi_eit_event_init+0xe1/0x400 [ 337.257628][T10792] ? __pfx_vidtv_psi_eit_event_init+0x10/0x10 [ 337.257673][T10792] ? vidtv_psi_desc_clone+0x358/0x5d0 [ 337.257706][T10792] vidtv_channel_si_init+0x845/0x18f0 [ 337.257753][T10792] vidtv_mux_init+0x522/0xbf0 [ 337.257795][T10792] vidtv_start_feed+0x34e/0x500 [ 337.257841][T10792] ? __pfx_vidtv_start_feed+0x10/0x10 [ 337.257898][T10792] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 337.257964][T10792] dmx_section_feed_start_filtering+0x3a8/0x660 [ 337.258007][T10792] dvb_dmxdev_filter_start+0x767/0xdd0 [ 337.258063][T10792] dvb_demux_do_ioctl+0xe64/0x1200 [ 337.258115][T10792] dvb_usercopy+0x167/0x340 [ 337.258154][T10792] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 337.258200][T10792] ? __pfx_dvb_usercopy+0x10/0x10 [ 337.258250][T10792] ? __fget_files+0x21f/0x3d0 [ 337.258282][T10792] dvb_demux_ioctl+0x29/0x40 [ 337.258319][T10792] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 337.258358][T10792] __x64_sys_ioctl+0x18e/0x210 [ 337.258405][T10792] do_syscall_64+0x115/0x840 [ 337.258432][T10792] ? clear_bhb_loop+0x40/0x90 [ 337.258478][T10792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.258508][T10792] RIP: 0033:0x7f3c6ab9ce59 [ 337.258533][T10792] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 337.258562][T10792] RSP: 002b:00007f3c6babc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 337.258592][T10792] RAX: ffffffffffffffda RBX: 00007f3c6ae16090 RCX: 00007f3c6ab9ce59 [ 337.258612][T10792] RDX: 0000000000000000 RSI: 00000000403c6f2b RDI: 0000000000000003 [ 337.258630][T10792] RBP: 00007f3c6ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 337.258648][T10792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 337.258666][T10792] R13: 00007f3c6ae16128 R14: 00007f3c6ae16090 R15: 00007fffd8311cf8 [ 337.258707][T10792] [ 338.024608][T10805] netlink: 1768 bytes leftover after parsing attributes in process `syz.0.959'. [ 338.054132][T10805] netlink: NAT attribute has 5 unknown bytes [ 340.298672][T10839] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 340.603841][T10857] netlink: 342 bytes leftover after parsing attributes in process `syz.3.969'. [ 340.828406][T10856] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 211!phy1!netdev:wlan1!rc_rateid [ 340.891034][T10860] sysfs: cannot create duplicate filename '/class/ieee80211/211!phy1!netdev:wlan1!rc_rateidx_mcs_mask' [ 340.914195][T10860] CPU: 1 UID: 0 PID: 10860 Comm: syz.2.970 Tainted: G L syzkaller #0 PREEMPT(full) [ 340.914244][T10860] Tainted: [L]=SOFTLOCKUP [ 340.914256][T10860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 340.914272][T10860] Call Trace: [ 340.914281][T10860] [ 340.914292][T10860] dump_stack_lvl+0x100/0x190 [ 340.914335][T10860] sysfs_warn_dup.cold+0x1c/0x28 [ 340.914375][T10860] sysfs_do_create_link_sd+0x113/0x140 [ 340.914418][T10860] sysfs_create_link+0x61/0xc0 [ 340.914456][T10860] device_add+0x675/0x1970 [ 340.914499][T10860] ? __pfx_device_add+0x10/0x10 [ 340.914536][T10860] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 340.914586][T10860] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 340.914624][T10860] wiphy_register+0x2151/0x3110 [ 340.914672][T10860] ? __pfx_wiphy_register+0x10/0x10 [ 340.914708][T10860] ? __asan_memset+0x23/0x50 [ 340.914737][T10860] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 340.914781][T10860] ieee80211_register_hw+0x3053/0x4580 [ 340.914826][T10860] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 340.914854][T10860] ? __pfx___debug_object_init+0x10/0x10 [ 340.914897][T10860] ? find_held_lock+0x2b/0x80 [ 340.914932][T10860] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 340.914972][T10860] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 340.914998][T10860] ? __hrtimer_setup+0x208/0x330 [ 340.915031][T10860] mac80211_hwsim_new_radio+0x2acc/0x64c0 [ 340.915086][T10860] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 340.915122][T10860] ? __asan_memcpy+0x3c/0x60 [ 340.915154][T10860] hwsim_new_radio_nl+0xc6b/0x13f0 [ 340.915190][T10860] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 340.915233][T10860] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 340.915263][T10860] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 340.915300][T10860] genl_family_rcv_msg_doit+0x214/0x300 [ 340.915331][T10860] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 340.915359][T10860] ? genl_get_cmd+0x3e7/0x760 [ 340.915392][T10860] ? bpf_lsm_capable+0x9/0x10 [ 340.915420][T10860] ? security_capable+0x80/0x260 [ 340.915448][T10860] ? ns_capable+0xd2/0xf0 [ 340.915479][T10860] genl_rcv_msg+0x560/0x800 [ 340.915510][T10860] ? __pfx_genl_rcv_msg+0x10/0x10 [ 340.915538][T10860] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 340.915589][T10860] netlink_rcv_skb+0x159/0x420 [ 340.915631][T10860] ? __pfx_genl_rcv_msg+0x10/0x10 [ 340.915662][T10860] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 340.915717][T10860] ? netlink_deliver_tap+0x1ae/0xcc0 [ 340.915760][T10860] genl_rcv+0x28/0x40 [ 340.915783][T10860] netlink_unicast+0x585/0x850 [ 340.915829][T10860] ? __pfx_netlink_unicast+0x10/0x10 [ 340.915879][T10860] netlink_sendmsg+0x8b0/0xda0 [ 340.915924][T10860] ? __pfx_netlink_sendmsg+0x10/0x10 [ 340.915970][T10860] ? apparmor_socket_sendmsg+0x15b/0x270 [ 340.916001][T10860] ____sys_sendmsg+0xa4d/0xbe0 [ 340.916038][T10860] ? __pfx_netlink_sendmsg+0x10/0x10 [ 340.916080][T10860] ? __pfx_____sys_sendmsg+0x10/0x10 [ 340.916124][T10860] ? rcu_is_watching+0x12/0xc0 [ 340.916155][T10860] ? ___sys_sendmsg+0x19d/0x1e0 [ 340.916191][T10860] ? kfree+0x1e5/0x6c0 [ 340.916222][T10860] ___sys_sendmsg+0x190/0x1e0 [ 340.916264][T10860] ? __pfx____sys_sendmsg+0x10/0x10 [ 340.916304][T10860] ? futex_hash+0x311/0x400 [ 340.916358][T10860] ? __pfx___might_resched+0x10/0x10 [ 340.916406][T10860] __sys_sendmmsg+0x20c/0x440 [ 340.916442][T10860] ? __pfx___sys_sendmmsg+0x10/0x10 [ 340.916483][T10860] ? __pfx_do_futex+0x10/0x10 [ 340.916512][T10860] ? __pfx___might_resched+0x10/0x10 [ 340.916573][T10860] ? xfd_validate_state+0x129/0x190 [ 340.916614][T10860] __x64_sys_sendmmsg+0x9c/0x100 [ 340.916646][T10860] ? lockdep_hardirqs_on+0x78/0x100 [ 340.916686][T10860] do_syscall_64+0x115/0x840 [ 340.916709][T10860] ? clear_bhb_loop+0x40/0x90 [ 340.916741][T10860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.916768][T10860] RIP: 0033:0x7f3c6ab9ce59 [ 340.916791][T10860] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 340.916817][T10860] RSP: 002b:00007f3c6babc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 340.916842][T10860] RAX: ffffffffffffffda RBX: 00007f3c6ae16090 RCX: 00007f3c6ab9ce59 [ 340.916860][T10860] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 340.916876][T10860] RBP: 00007f3c6ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 340.916893][T10860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 340.916908][T10860] R13: 00007f3c6ae16128 R14: 00007f3c6ae16090 R15: 00007fffd8311cf8 [ 340.916945][T10860] [ 341.528696][T10857] Invalid ELF header magic: != ELF [ 342.423672][T10882] vhci_hcd vhci_hcd.0: invalid port number 189 [ 342.460816][T10882] vhci_hcd vhci_hcd.0: default hub control req: a069 v5dbf i00bd l0 [ 344.017990][T10867] Process accounting paused [ 344.577595][T10925] netlink: 342 bytes leftover after parsing attributes in process `syz.1.983'. [ 345.085108][T10930] FAULT_INJECTION: forcing a failure. [ 345.085108][T10930] name failslab, interval 1, probability 0, space 0, times 0 [ 345.143726][T10930] CPU: 0 UID: 0 PID: 10930 Comm: syz.2.984 Tainted: G L syzkaller #0 PREEMPT(full) [ 345.143775][T10930] Tainted: [L]=SOFTLOCKUP [ 345.143785][T10930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 345.143803][T10930] Call Trace: [ 345.143895][T10930] [ 345.143906][T10930] dump_stack_lvl+0x100/0x190 [ 345.144038][T10930] should_fail_ex.cold+0x5/0xa [ 345.144105][T10930] should_failslab+0xc2/0x120 [ 345.144167][T10930] __kmalloc_noprof+0xfc/0x820 [ 345.144212][T10930] ? rcu_is_watching+0x12/0xc0 [ 345.144265][T10930] ? tomoyo_realpath_from_path+0xb6/0x690 [ 345.144370][T10930] tomoyo_realpath_from_path+0xb6/0x690 [ 345.144422][T10930] tomoyo_check_open_permission+0x2af/0x3c0 [ 345.144461][T10930] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 345.144512][T10930] ? hook_file_open+0x24f/0x8f0 [ 345.144603][T10930] ? path_get+0x61/0x80 [ 345.144656][T10930] tomoyo_file_open+0x6b/0x90 [ 345.144685][T10930] security_file_open+0xb5/0x1e0 [ 345.144749][T10930] do_dentry_open+0x588/0x14d0 [ 345.144791][T10930] vfs_open+0x82/0x3f0 [ 345.144833][T10930] path_openat+0x2873/0x4280 [ 345.144878][T10930] ? __pfx_path_openat+0x10/0x10 [ 345.144919][T10930] do_file_open+0x20e/0x430 [ 345.144952][T10930] ? __pfx_do_file_open+0x10/0x10 [ 345.145010][T10930] ? alloc_fd+0x471/0x7a0 [ 345.145063][T10930] ? do_getname+0x191/0x390 [ 345.145104][T10930] do_sys_openat2+0x10f/0x1e0 [ 345.145141][T10930] ? __pfx_do_sys_openat2+0x10/0x10 [ 345.145182][T10930] ? do_raw_spin_lock+0x128/0x260 [ 345.145225][T10930] __x64_sys_openat+0x12d/0x210 [ 345.145265][T10930] ? __pfx___x64_sys_openat+0x10/0x10 [ 345.145319][T10930] do_syscall_64+0x115/0x840 [ 345.145419][T10930] ? clear_bhb_loop+0x40/0x90 [ 345.145466][T10930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.145497][T10930] RIP: 0033:0x7f3c6ab9ce59 [ 345.145522][T10930] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 345.145548][T10930] RSP: 002b:00007f3c6babc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 345.145574][T10930] RAX: ffffffffffffffda RBX: 00007f3c6ae16090 RCX: 00007f3c6ab9ce59 [ 345.145592][T10930] RDX: 000000000000a901 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 345.145608][T10930] RBP: 00007f3c6ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 345.145625][T10930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 345.145640][T10930] R13: 00007f3c6ae16128 R14: 00007f3c6ae16090 R15: 00007fffd8311cf8 [ 345.145674][T10930] [ 345.149942][T10930] ERROR: Out of memory at tomoyo_realpath_from_path. [ 346.224367][T10950] Invalid ELF header magic: != ELF [ 347.395776][T10965] openvswitch: netlink: Tunnel attr 0 has unexpected len 5 expected 8 [ 348.621774][ T4943] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 350.350640][T11034] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1004'. [ 350.361809][T11035] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1004'. [ 352.005478][ T29] audit: type=1800 audit(8277292114.533:32): pid=11067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1011" name="lu_gp_id" dev="configfs" ino=37166 res=0 errno=0 [ 352.602925][ T4943] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 352.715087][T11081] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 354.186372][ T29] audit: type=1800 audit(8277292116.734:33): pid=11124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1021" name="lu_gp_id" dev="configfs" ino=36622 res=0 errno=0 [ 357.087443][T11163] Process accounting resumed [ 357.167917][ T29] audit: type=1800 audit(8277292119.740:34): pid=11170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1033" name="lu_gp_id" dev="configfs" ino=36737 res=0 errno=0 [ 359.206369][ T29] audit: type=1800 audit(8277292121.790:35): pid=11218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1043" name="lu_gp_id" dev="configfs" ino=38040 res=0 errno=0 [ 360.844947][T11249] hub 1-0:1.0: USB hub found [ 360.871238][T11249] hub 1-0:1.0: 1 port detected [ 360.910460][T11248] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1048'. [ 361.018594][T11258] hub 1-0:1.0: USB hub found [ 361.047468][T11258] hub 1-0:1.0: 1 port detected [ 361.916777][ T29] audit: type=1800 audit(8277292124.504:36): pid=11285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1054" name="lu_gp_id" dev="configfs" ino=38979 res=0 errno=0 [ 362.573331][T11287] program syz.0.1055 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 362.845492][T11291] block nbd0: NBD_DISCONNECT [ 364.762995][T11321] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1065'. [ 365.140631][T11334] netlink: 'syz.3.1067': attribute type 11 has an invalid length. [ 365.149776][T11334] netlink: 'syz.3.1067': attribute type 11 has an invalid length. [ 365.160402][T11334] netlink: 'syz.3.1067': attribute type 11 has an invalid length. [ 365.174431][T11334] netlink: 'syz.3.1067': attribute type 11 has an invalid length. [ 365.184790][T11334] netlink: 'syz.3.1067': attribute type 11 has an invalid length. [ 367.206808][T11361] vivid-007: ================= START STATUS ================= [ 367.307350][T11361] vivid-007: Generate PTS: true [ 367.375981][T11361] vivid-007: Generate SCR: true [ 367.397119][T11361] tpg source WxH: 320x240 (Y'CbCr) [ 367.461583][T11361] tpg field: 1 [ 367.497886][T11361] tpg crop: (0,0)/320x240 [ 367.530398][T11361] tpg compose: (0,0)/320x240 [ 367.547662][T11361] tpg colorspace: 8 [ 367.576075][T11361] tpg transfer function: 0/0 [ 367.618261][T11361] tpg Y'CbCr encoding: 0/0 [ 367.655732][T11361] tpg quantization: 0/0 [ 367.679890][T11361] tpg RGB range: 0/2 [ 367.683940][T11361] vivid-007: ================== END STATUS ================== [ 368.219964][T11390] nbd: must specify a size in bytes for the device [ 368.912650][T11401] FAULT_INJECTION: forcing a failure. [ 368.912650][T11401] name failslab, interval 1, probability 0, space 0, times 0 [ 368.973588][T11401] CPU: 1 UID: 0 PID: 11401 Comm: syz.3.1083 Tainted: G L syzkaller #0 PREEMPT(full) [ 368.973615][T11401] Tainted: [L]=SOFTLOCKUP [ 368.973621][T11401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 368.973630][T11401] Call Trace: [ 368.973635][T11401] [ 368.973642][T11401] dump_stack_lvl+0x100/0x190 [ 368.973667][T11401] should_fail_ex.cold+0x5/0xa [ 368.973692][T11401] should_failslab+0xc2/0x120 [ 368.973713][T11401] __kmalloc_noprof+0xfc/0x820 [ 368.973732][T11401] ? get_callchain_buffers+0x123/0x380 [ 368.973783][T11401] get_callchain_buffers+0x123/0x380 [ 368.973802][T11401] ? bpf_lsm_capable+0x9/0x10 [ 368.973819][T11401] ? security_capable+0x80/0x260 [ 368.973836][T11401] stack_map_alloc+0x316/0x610 [ 368.973855][T11401] map_create+0x874/0x3120 [ 368.973893][T11401] ? __lock_acquire+0x49f/0x1a40 [ 368.973912][T11401] ? __pfx_map_create+0x10/0x10 [ 368.973940][T11401] ? __might_fault+0xc5/0x140 [ 368.973964][T11401] __sys_bpf+0x2a6e/0x4e80 [ 368.973987][T11401] ? __pfx___sys_bpf+0x10/0x10 [ 368.974001][T11401] ? __pfx_futex_hash+0x10/0x10 [ 368.974023][T11401] ? get_pid_task+0xfc/0x250 [ 368.974049][T11401] ? get_pid_task+0xfc/0x250 [ 368.974077][T11401] ? futex_wait+0x11e/0x370 [ 368.974098][T11401] ? __pfx_futex_wait+0x10/0x10 [ 368.974122][T11401] ? rcu_read_lock_any_held+0x6a/0xa0 [ 368.974159][T11401] ? __x64_sys_futex+0x34f/0x4d0 [ 368.974175][T11401] ? __x64_sys_futex+0x358/0x4d0 [ 368.974193][T11401] ? xfd_validate_state+0x129/0x190 [ 368.974223][T11401] ? __x64_sys_bpf+0xce/0x140 [ 368.974239][T11401] __x64_sys_bpf+0xce/0x140 [ 368.974256][T11401] ? do_syscall_64+0x90/0x840 [ 368.974272][T11401] do_syscall_64+0x115/0x840 [ 368.974285][T11401] ? clear_bhb_loop+0x40/0x90 [ 368.974302][T11401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.974318][T11401] RIP: 0033:0x7f7421f9ce59 [ 368.974332][T11401] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 368.974347][T11401] RSP: 002b:00007f7422ed6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 368.974362][T11401] RAX: ffffffffffffffda RBX: 00007f7422215fa0 RCX: 00007f7421f9ce59 [ 368.974372][T11401] RDX: 00000000000006f4 RSI: 0000200000000580 RDI: 0000000000000000 [ 368.974382][T11401] RBP: 00007f7422032e6f R08: 0000000000000000 R09: 0000000000000000 [ 368.974390][T11401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 368.974400][T11401] R13: 00007f7422216038 R14: 00007f7422215fa0 R15: 00007ffe71ee58b8 [ 368.974421][T11401] [ 369.555410][T11398] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 369.565159][T11398] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 369.579530][T11398] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 369.597952][T11398] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 370.045454][ T4943] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 370.647221][ T4943] Bluetooth: hci1: command 0x0c1a tx timeout [ 371.382559][T11473] FAULT_INJECTION: forcing a failure. [ 371.382559][T11473] name failslab, interval 1, probability 0, space 0, times 0 [ 371.405055][T11473] CPU: 0 UID: 0 PID: 11473 Comm: syz.3.1099 Tainted: G L syzkaller #0 PREEMPT(full) [ 371.405099][T11473] Tainted: [L]=SOFTLOCKUP [ 371.405107][T11473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 371.405122][T11473] Call Trace: [ 371.405130][T11473] [ 371.405139][T11473] dump_stack_lvl+0x100/0x190 [ 371.405179][T11473] should_fail_ex.cold+0x5/0xa [ 371.405212][T11473] should_failslab+0xc2/0x120 [ 371.405252][T11473] __kmalloc_node_track_caller_noprof+0xf9/0x830 [ 371.405302][T11473] ? landlock_restrict_sibling_threads+0x4f5/0x1490 [ 371.405346][T11473] krealloc_node_align_noprof+0x321/0x3e0 [ 371.405386][T11473] landlock_restrict_sibling_threads+0x4f5/0x1490 [ 371.405435][T11473] ? __pfx_landlock_restrict_sibling_threads+0x10/0x10 [ 371.405509][T11473] ? __pfx___might_resched+0x10/0x10 [ 371.405583][T11473] ? landlock_merge_ruleset+0x213/0x8b0 [ 371.405621][T11473] __do_sys_landlock_restrict_self+0x5d2/0x9e0 [ 371.405658][T11473] do_syscall_64+0x115/0x840 [ 371.405683][T11473] ? clear_bhb_loop+0x40/0x90 [ 371.405714][T11473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.405742][T11473] RIP: 0033:0x7f7421f9ce59 [ 371.405764][T11473] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 371.405789][T11473] RSP: 002b:00007f7422ed6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 371.405814][T11473] RAX: ffffffffffffffda RBX: 00007f7422215fa0 RCX: 00007f7421f9ce59 [ 371.405832][T11473] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000006 [ 371.405847][T11473] RBP: 00007f7422032e6f R08: 0000000000000000 R09: 0000000000000000 [ 371.405862][T11473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 371.405879][T11473] R13: 00007f7422216038 R14: 00007f7422215fa0 R15: 00007ffe71ee58b8 [ 371.405916][T11473] [ 371.599146][ T4943] Bluetooth: hci3: command 0x0c1a tx timeout [ 371.605226][ T4943] Bluetooth: hci2: command 0x0c1a tx timeout [ 373.980440][T11493] Process accounting resumed [ 375.496793][T11565] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1120'. [ 375.577473][T11566] ksmbd: Unknown IPC event: 14, ignore. [ 376.873590][T11597] zswap: compressor not available [ 378.048724][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.055199][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.576648][T11648] bonding: no command found in bonding_masters - use +ifname or -ifname [ 378.650641][T11647] bonding: no command found in bonding_masters - use +ifname or -ifname [ 379.612263][T11684] synth uevent: /module/null_blk: unknown uevent action string [ 380.141269][T11655] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 380.156980][T11655] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 380.164941][T11655] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 380.174551][T11655] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 380.913295][ T5642] Bluetooth: hci1: command 0x0c1a tx timeout [ 381.659985][ T5642] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 382.188367][ T5642] Bluetooth: hci3: command 0x0c1a tx timeout [ 382.188390][ T5630] Bluetooth: hci2: command 0x0c1a tx timeout [ 382.194633][ T5642] Bluetooth: hci0: command 0x0c1a tx timeout [ 383.356964][T11769] random: crng reseeded on system resumption [ 383.986624][T11791] zswap: compressor not available [ 384.258234][ T4943] Bluetooth: hci2: command 0x0c1a tx timeout [ 384.864906][T11824] netlink: 302 bytes leftover after parsing attributes in process `syz.1.1170'. [ 385.864417][ T5630] Bluetooth: hci0: unexpected subevent 0x01 length: 1 < 18 [ 386.328770][ T5630] Bluetooth: hci2: command 0x0c1a tx timeout [ 386.997941][T11854] Process accounting paused [ 387.644038][ T29] audit: type=1800 audit(2147484683.087:37): pid=11889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1184" name="dbroot" dev="configfs" ino=41945 res=0 errno=0 [ 387.645256][T11889] db_root: cannot open: /dev/audio1 [ 387.671529][T11889] db_root: not a directory: /dev/audio1 [ 390.137227][T11943] MTRR 2 not used [ 392.154351][T11983] overlayfs: missing 'lowerdir' [ 393.937347][T12014] FAULT_INJECTION: forcing a failure. [ 393.937347][T12014] name failslab, interval 1, probability 0, space 0, times 0 [ 393.954445][T12014] CPU: 0 UID: 0 PID: 12014 Comm: syz.3.1213 Tainted: G L syzkaller #0 PREEMPT(full) [ 393.954495][T12014] Tainted: [L]=SOFTLOCKUP [ 393.954505][T12014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 393.954523][T12014] Call Trace: [ 393.954533][T12014] [ 393.954544][T12014] dump_stack_lvl+0x100/0x190 [ 393.954587][T12014] should_fail_ex.cold+0x5/0xa [ 393.954628][T12014] should_failslab+0xc2/0x120 [ 393.954671][T12014] __kmalloc_cache_noprof+0x91/0x6c0 [ 393.954704][T12014] ? landlock_restrict_sibling_threads+0x530/0x1490 [ 393.954756][T12014] landlock_restrict_sibling_threads+0x530/0x1490 [ 393.954813][T12014] ? __pfx_landlock_restrict_sibling_threads+0x10/0x10 [ 393.954894][T12014] ? __pfx___might_resched+0x10/0x10 [ 393.954943][T12014] ? landlock_merge_ruleset+0x213/0x8b0 [ 393.954984][T12014] __do_sys_landlock_restrict_self+0x5d2/0x9e0 [ 393.955024][T12014] do_syscall_64+0x115/0x840 [ 393.955057][T12014] ? clear_bhb_loop+0x40/0x90 [ 393.955095][T12014] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.955125][T12014] RIP: 0033:0x7f7421f9ce59 [ 393.955150][T12014] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 393.955180][T12014] RSP: 002b:00007f7422ed6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 393.955207][T12014] RAX: ffffffffffffffda RBX: 00007f7422215fa0 RCX: 00007f7421f9ce59 [ 393.955227][T12014] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000006 [ 393.955245][T12014] RBP: 00007f7422032e6f R08: 0000000000000000 R09: 0000000000000000 [ 393.955263][T12014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 393.955281][T12014] R13: 00007f7422216038 R14: 00007f7422215fa0 R15: 00007ffe71ee58b8 [ 393.955321][T12014] [ 395.237836][T12045] netlink: 'syz.2.1221': attribute type 1 has an invalid length. [ 395.318276][T12054] MTRR 2 not used [ 396.516993][T12070] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1226'. [ 397.255600][T12102] FAULT_INJECTION: forcing a failure. [ 397.255600][T12102] name failslab, interval 1, probability 0, space 0, times 0 [ 397.297870][T12102] CPU: 0 UID: 0 PID: 12102 Comm: syz.2.1233 Tainted: G L syzkaller #0 PREEMPT(full) [ 397.297919][T12102] Tainted: [L]=SOFTLOCKUP [ 397.297930][T12102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 397.297949][T12102] Call Trace: [ 397.297959][T12102] [ 397.297970][T12102] dump_stack_lvl+0x100/0x190 [ 397.298015][T12102] should_fail_ex.cold+0x5/0xa [ 397.298054][T12102] should_failslab+0xc2/0x120 [ 397.298095][T12102] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 397.298133][T12102] ? start_dirop+0x79/0xb0 [ 397.298188][T12102] ? alloc_inode+0x68/0x250 [ 397.298228][T12102] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 397.298395][T12102] alloc_inode+0x68/0x250 [ 397.298435][T12102] new_inode+0x22/0x1c0 [ 397.298476][T12102] __debugfs_create_file+0x105/0x4f0 [ 397.298522][T12102] debugfs_create_file_full+0x41/0x60 [ 397.298570][T12102] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 397.298689][T12102] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 397.298762][T12102] ? kasan_save_track+0x14/0x30 [ 397.298799][T12102] ? __kasan_kmalloc+0xaa/0xb0 [ 397.298837][T12102] ? lockdep_init_map_type+0x5c/0x250 [ 397.298877][T12102] preinit_net.part.0+0x43b/0x920 [ 397.298979][T12102] copy_net_ns+0x339/0x7c0 [ 397.299020][T12102] create_new_namespaces+0x3ea/0xac0 [ 397.299070][T12102] unshare_nsproxy_namespaces+0xf2/0x220 [ 397.299106][T12102] ksys_unshare+0x438/0xab0 [ 397.299156][T12102] ? __pfx_ksys_unshare+0x10/0x10 [ 397.299217][T12102] __x64_sys_unshare+0x31/0x40 [ 397.299256][T12102] do_syscall_64+0x115/0x840 [ 397.299283][T12102] ? clear_bhb_loop+0x40/0x90 [ 397.299320][T12102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.299351][T12102] RIP: 0033:0x7f3c6ab9ce59 [ 397.299376][T12102] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 397.299404][T12102] RSP: 002b:00007f3c6babc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 397.299433][T12102] RAX: ffffffffffffffda RBX: 00007f3c6ae16090 RCX: 00007f3c6ab9ce59 [ 397.299453][T12102] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 397.299471][T12102] RBP: 00007f3c6ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 397.299490][T12102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 397.299507][T12102] R13: 00007f3c6ae16128 R14: 00007f3c6ae16090 R15: 00007fffd8311cf8 [ 397.299546][T12102] [ 397.303263][T12102] debugfs: out of free dentries, can not create file 'net_notrefcnt@ffff88805adcd178' [ 399.326417][T12135] MTRR 2 not used [ 399.983696][T12147] overlayfs: missing 'lowerdir' [ 401.778756][T12191] random: crng reseeded on system resumption [ 402.134427][T12190] netlink: 'syz.0.1254': attribute type 1 has an invalid length. [ 403.589080][T12235] bond0: option slaves: interface -]=,Do does not exist! [ 403.952378][T12227] Process accounting paused [ 404.591983][T12253] zswap: compressor F not available [ 404.769963][T12252] FAULT_INJECTION: forcing a failure. [ 404.769963][T12252] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 404.829966][T12252] CPU: 1 UID: 0 PID: 12252 Comm: syz.3.1271 Tainted: G L syzkaller #0 PREEMPT(full) [ 404.830016][T12252] Tainted: [L]=SOFTLOCKUP [ 404.830027][T12252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 404.830043][T12252] Call Trace: [ 404.830053][T12252] [ 404.830063][T12252] dump_stack_lvl+0x100/0x190 [ 404.830102][T12252] should_fail_ex.cold+0x5/0xa [ 404.830138][T12252] _copy_from_user+0x2e/0xd0 [ 404.830276][T12252] snd_rawmidi_kernel_write1+0x390/0x7c0 [ 404.830401][T12252] snd_rawmidi_write+0x2dc/0xc60 [ 404.830447][T12252] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 404.830476][T12252] ? __pfx_default_wake_function+0x10/0x10 [ 404.830513][T12252] ? bpf_lsm_file_permission+0x9/0x10 [ 404.830541][T12252] ? security_file_permission+0x76/0x210 [ 404.830582][T12252] ? rw_verify_area+0xce/0x6d0 [ 404.830628][T12252] vfs_write+0x2aa/0x1050 [ 404.830659][T12252] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 404.830690][T12252] ? __pfx_vfs_write+0x10/0x10 [ 404.830715][T12252] ? find_held_lock+0x2b/0x80 [ 404.830748][T12252] ? __fget_files+0x215/0x3d0 [ 404.830775][T12252] ? __fget_files+0x215/0x3d0 [ 404.830810][T12252] ? __fget_files+0x21f/0x3d0 [ 404.830845][T12252] ksys_write+0x1f8/0x250 [ 404.830872][T12252] ? __pfx_ksys_write+0x10/0x10 [ 404.830909][T12252] do_syscall_64+0x115/0x840 [ 404.830936][T12252] ? clear_bhb_loop+0x40/0x90 [ 404.830973][T12252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.831001][T12252] RIP: 0033:0x7f7421f9ce59 [ 404.831025][T12252] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 404.831051][T12252] RSP: 002b:00007f7422ed6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 404.831076][T12252] RAX: ffffffffffffffda RBX: 00007f7422215fa0 RCX: 00007f7421f9ce59 [ 404.831095][T12252] RDX: 000000100000a3d9 RSI: 00002000000001c0 RDI: 0000000000000006 [ 404.831114][T12252] RBP: 00007f7422032e6f R08: 0000000000000000 R09: 0000000000000000 [ 404.831132][T12252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 404.831150][T12252] R13: 00007f7422216038 R14: 00007f7422215fa0 R15: 00007ffe71ee58b8 [ 404.831187][T12252] [ 405.376854][T12280] random: crng reseeded on system resumption [ 407.622339][T12320] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 408.308174][ T29] audit: type=1800 audit(2147484703.832:38): pid=12342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1292" name="dbroot" dev="configfs" ino=45104 res=0 errno=0 [ 410.420085][T12371] sysfs_service_op_show: Client not running :-5: [ 413.520852][T12437] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1312'. [ 413.597473][T12440] bridge0: port 3(dummy0) entered blocking state [ 413.604342][T12440] bridge0: port 3(dummy0) entered disabled state [ 413.611488][T12440] dummy0: entered allmulticast mode [ 413.625271][T12440] dummy0: entered promiscuous mode [ 413.739295][ T29] audit: type=1800 audit(2147484709.287:39): pid=12443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1317" name="lu_gp_id" dev="configfs" ino=45418 res=0 errno=0 [ 414.656375][ T5630] Bluetooth: hci0: unexpected subevent 0x05 length: 123 > 12 [ 415.128169][T12477] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 415.136003][T12477] vhci_hcd vhci_hcd.2: invalid port number 0 [ 415.264234][T12473] zswap: compressor F not available [ 416.379912][T12504] random: crng reseeded on system resumption [ 416.669830][ T5630] Bluetooth: hci0: command 0x0c1a tx timeout [ 417.255931][T12502] Process accounting resumed [ 419.436496][T12534] bond0: option slaves: interface -]=,Do does not exist! [ 419.705631][T12560] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1342'. [ 420.074904][T12567] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1343'. [ 421.928191][T12614] warning: `syz.2.1354' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 422.033281][T12614] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1354'. [ 423.465776][T12612] bond0: option slaves: interface -]=,Do does not exist! [ 425.700576][T12691] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1371'. [ 425.905521][T12692] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1372'. [ 426.150288][T12699] FAULT_INJECTION: forcing a failure. [ 426.150288][T12699] name failslab, interval 1, probability 0, space 0, times 0 [ 426.164863][T12699] CPU: 0 UID: 0 PID: 12699 Comm: syz.2.1374 Tainted: G L syzkaller #0 PREEMPT(full) [ 426.164911][T12699] Tainted: [L]=SOFTLOCKUP [ 426.164921][T12699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 426.164942][T12699] Call Trace: [ 426.164956][T12699] [ 426.164970][T12699] dump_stack_lvl+0x100/0x190 [ 426.165055][T12699] should_fail_ex.cold+0x5/0xa [ 426.165103][T12699] should_failslab+0xc2/0x120 [ 426.165159][T12699] __kmalloc_cache_noprof+0x91/0x6c0 [ 426.165197][T12699] ? net_alloc_generic+0x1e/0x70 [ 426.165257][T12699] ? copy_net_ns+0x135/0x7c0 [ 426.165299][T12699] copy_net_ns+0x135/0x7c0 [ 426.165330][T12699] ? copy_cgroup_ns+0x71/0x970 [ 426.165393][T12699] create_new_namespaces+0x3ea/0xac0 [ 426.165442][T12699] unshare_nsproxy_namespaces+0xf2/0x220 [ 426.165475][T12699] ksys_unshare+0x438/0xab0 [ 426.165518][T12699] ? __pfx_ksys_unshare+0x10/0x10 [ 426.165566][T12699] __x64_sys_unshare+0x31/0x40 [ 426.165597][T12699] do_syscall_64+0x115/0x840 [ 426.165646][T12699] ? clear_bhb_loop+0x40/0x90 [ 426.165696][T12699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.165726][T12699] RIP: 0033:0x7f3c6ab9ce59 [ 426.165751][T12699] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 426.165779][T12699] RSP: 002b:00007f3c6badd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 426.165807][T12699] RAX: ffffffffffffffda RBX: 00007f3c6ae15fa0 RCX: 00007f3c6ab9ce59 [ 426.165827][T12699] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 426.165844][T12699] RBP: 00007f3c6ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 426.165861][T12699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 426.165878][T12699] R13: 00007f3c6ae16038 R14: 00007f3c6ae15fa0 R15: 00007fffd8311cf8 [ 426.165916][T12699] [ 429.033200][T12755] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1385'. [ 429.885383][T12776] ubi31: attaching mtd0 [ 429.948692][T12776] ubi31 error: validate_ec_hdr: bad VID header offset 64, expected 514 [ 430.016256][T12776] ubi31 error: validate_ec_hdr: bad EC header [ 430.016314][T12776] Erase counter header dump: [ 430.016324][T12776] magic 0x55424923 [ 430.016338][T12776] version 1 [ 430.016350][T12776] ec 1 [ 430.016361][T12776] vid_hdr_offset 64 [ 430.016374][T12776] data_offset 128 [ 430.016385][T12776] image_seq 1516835733 [ 430.016398][T12776] hdr_crc 0xfdcb73f4 [ 430.016410][T12776] erase counter header hexdump: [ 430.016498][T12776] CPU: 1 UID: 0 PID: 12776 Comm: syz.1.1389 Tainted: G L syzkaller #0 PREEMPT(full) [ 430.016539][T12776] Tainted: [L]=SOFTLOCKUP [ 430.016549][T12776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 430.016567][T12776] Call Trace: [ 430.016576][T12776] [ 430.016587][T12776] dump_stack_lvl+0x100/0x190 [ 430.016627][T12776] validate_ec_hdr+0x2d0/0x330 [ 430.016661][T12776] ubi_io_read_ec_hdr+0x656/0x6d0 [ 430.016696][T12776] ubi_attach+0x601/0x4d30 [ 430.016746][T12776] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 430.016802][T12776] ? ubi_msg+0x114/0x159 [ 430.016867][T12776] ? __pfx_ubi_msg+0x10/0x10 [ 430.016901][T12776] ? __pfx_ubi_attach+0x10/0x10 [ 430.016936][T12776] ? lockdep_init_map_type+0x5c/0x250 [ 430.016986][T12776] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 430.017087][T12776] ? __vmalloc_node_noprof+0xad/0xf0 [ 430.017127][T12776] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 430.017167][T12776] ubi_attach_mtd_dev+0x139f/0x32a0 [ 430.017225][T12776] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 430.017261][T12776] ? __pfx_get_mtd_device+0x10/0x10 [ 430.017327][T12776] ctrl_cdev_ioctl+0x36a/0x400 [ 430.017366][T12776] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 430.017415][T12776] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 430.017458][T12776] __x64_sys_ioctl+0x18e/0x210 [ 430.017516][T12776] do_syscall_64+0x115/0x840 [ 430.017544][T12776] ? clear_bhb_loop+0x40/0x90 [ 430.017580][T12776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.017611][T12776] RIP: 0033:0x7fbd5f99ce59 [ 430.017635][T12776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 430.017664][T12776] RSP: 002b:00007fbd5d7b2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 430.017692][T12776] RAX: ffffffffffffffda RBX: 00007fbd5fc16270 RCX: 00007fbd5f99ce59 [ 430.017712][T12776] RDX: 0000200000000000 RSI: 0000000040186f40 RDI: 0000000000000006 [ 430.017730][T12776] RBP: 00007fbd5fa32e6f R08: 0000000000000000 R09: 0000000000000000 [ 430.017748][T12776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 430.017766][T12776] R13: 00007fbd5fc16308 R14: 00007fbd5fc16270 R15: 00007ffe089c2a58 [ 430.017814][T12776] [ 430.033644][T12776] ubi31 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 430.139262][T12776] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 431.592845][T12808] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1398'. [ 431.998131][T12817] hub 1-0:1.0: USB hub found [ 432.043523][T12817] hub 1-0:1.0: 1 port detected [ 432.587856][ T29] audit: type=1804 audit(2147484728.223:40): pid=12829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1403" name="/newroot/sys/kernel/tracing/events/vmalloc/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 433.503634][T12845] vivid-007: ================= START STATUS ================= [ 433.535155][T12845] vivid-007: Generate PTS: true [ 433.555725][T12845] vivid-007: Generate SCR: true [ 433.568574][T12845] tpg source WxH: 320x240 (Y'CbCr) [ 433.580656][T12845] tpg field: 1 [ 433.587421][T12845] tpg crop: (0,0)/320x240 [ 433.599642][T12845] tpg compose: (0,0)/320x240 [ 433.623460][T12845] tpg colorspace: 8 [ 433.664708][T12845] tpg transfer function: 0/0 [ 433.707199][T12845] tpg Y'CbCr encoding: 0/0 [ 433.755859][T12845] tpg quantization: 0/0 [ 433.760450][T12845] tpg RGB range: 0/2 [ 433.772254][T12845] vivid-007: ================== END STATUS ================== [ 434.055077][T12861] Format for adding new device is "id port_count num_queues" (uint uint uint). [ 434.281678][T12868] FAULT_INJECTION: forcing a failure. [ 434.281678][T12868] name failslab, interval 1, probability 0, space 0, times 0 [ 434.294750][T12868] CPU: 1 UID: 0 PID: 12868 Comm: syz.3.1412 Tainted: G L syzkaller #0 PREEMPT(full) [ 434.294796][T12868] Tainted: [L]=SOFTLOCKUP [ 434.294806][T12868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 434.294823][T12868] Call Trace: [ 434.294832][T12868] [ 434.294843][T12868] dump_stack_lvl+0x100/0x190 [ 434.294897][T12868] should_fail_ex.cold+0x5/0xa [ 434.294936][T12868] should_failslab+0xc2/0x120 [ 434.294974][T12868] __kmalloc_noprof+0xfc/0x820 [ 434.295006][T12868] ? tomoyo_encode2+0xfb/0x3c0 [ 434.295073][T12868] tomoyo_encode2+0xfb/0x3c0 [ 434.295116][T12868] tomoyo_encode+0x29/0x50 [ 434.295152][T12868] tomoyo_realpath_from_path+0x18c/0x690 [ 434.295200][T12868] tomoyo_find_next_domain+0x9d6/0x2010 [ 434.295232][T12868] ? __pfx___kernel_read+0x10/0x10 [ 434.295285][T12868] ? __pfx___might_resched+0x10/0x10 [ 434.295343][T12868] ? __pfx_tomoyo_find_next_domain+0x10/0x10 [ 434.295387][T12868] tomoyo_bprm_check_security+0x12d/0x1d0 [ 434.295414][T12868] ? tomoyo_bprm_check_security+0x11f/0x1d0 [ 434.295446][T12868] security_bprm_check+0x87/0x1e0 [ 434.295476][T12868] bprm_execve+0x84b/0x1730 [ 434.295525][T12868] ? __pfx_bprm_execve+0x10/0x10 [ 434.295565][T12868] ? copy_string_kernel+0x339/0x3f0 [ 434.295617][T12868] do_execveat_common.isra.0+0x4a5/0x580 [ 434.295669][T12868] __x64_sys_execveat+0xdf/0x130 [ 434.295715][T12868] do_syscall_64+0x115/0x840 [ 434.295741][T12868] ? clear_bhb_loop+0x40/0x90 [ 434.295779][T12868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.295810][T12868] RIP: 0033:0x7f7421f9ce59 [ 434.295835][T12868] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 434.295865][T12868] RSP: 002b:00007f7422ed6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 434.295902][T12868] RAX: ffffffffffffffda RBX: 00007f7422215fa0 RCX: 00007f7421f9ce59 [ 434.295923][T12868] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 434.295940][T12868] RBP: 00007f7422032e6f R08: 0000000000001000 R09: 0000000000000000 [ 434.295959][T12868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 434.295976][T12868] R13: 00007f7422216038 R14: 00007f7422215fa0 R15: 00007ffe71ee58b8 [ 434.296016][T12868] [ 434.296057][T12868] ERROR: Out of memory at tomoyo_realpath_from_path. [ 434.347083][T12861] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1411'. [ 434.547050][T12858] Process accounting resumed [ 434.963212][T12856] smpboot: CPU 1 is now offline [ 435.572947][T12869] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 435.591571][T12869] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 435.632430][T12869] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 435.662295][T12869] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 437.613087][ T5630] Bluetooth: hci0: command 0x0c1a tx timeout [ 437.619141][ T4943] Bluetooth: hci1: command 0x0c1a tx timeout [ 437.692270][ T5630] Bluetooth: hci2: command 0x0c1a tx timeout [ 437.698361][ T4943] Bluetooth: hci3: command 0x0c1a tx timeout [ 439.207191][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.218718][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.423720][T13002] hub 1-0:1.0: USB hub found [ 441.487557][T13002] hub 1-0:1.0: 1 port detected [ 447.159111][T13084] Process accounting paused [ 451.503213][T13203] kexec: Could not allocate control_code_buffer [ 452.045598][T13216] random: crng reseeded on system resumption [ 452.797705][ T4943] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 455.235407][ T29] audit: type=1800 audit(2147484750.978:41): pid=13292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1501" name="lu_gp_id" dev="configfs" ino=51400 res=0 errno=0 [ 457.242494][T13268] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 457.297141][T13268] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 457.387431][T13268] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 457.414016][T13268] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 457.440623][T13268] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 457.685670][T13309] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1504'. [ 458.174802][T13333] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1512'. [ 458.317654][ T5630] Bluetooth: hci1: command 0x0c1a tx timeout [ 459.432031][ T5630] Bluetooth: hci3: command 0x0c1a tx timeout [ 459.438106][ T4943] Bluetooth: hci2: command 0x0c1a tx timeout [ 459.444202][ T5643] Bluetooth: hci0: command 0x0c1a tx timeout [ 460.391407][ T4943] Bluetooth: hci1: command 0x0c1a tx timeout [ 462.092177][T13410] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1528'. [ 462.716284][T13447] random: crng reseeded on system resumption [ 462.858625][T13450] Unrecognized hibernate image header format! [ 462.896594][T13450] PM: hibernation: Image mismatch: architecture specific data [ 464.584250][T13455] Process accounting paused [ 464.970407][T13481] : entered promiscuous mode [ 467.102426][T13532] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 468.291793][T13558] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 468.337825][T13553] FAULT_INJECTION: forcing a failure. [ 468.337825][T13553] name failslab, interval 1, probability 0, space 0, times 0 [ 468.487744][T13553] CPU: 0 UID: 0 PID: 13553 Comm: syz.2.1555 Tainted: G L syzkaller #0 PREEMPT(full) [ 468.487772][T13553] Tainted: [L]=SOFTLOCKUP [ 468.487778][T13553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 468.487788][T13553] Call Trace: [ 468.487793][T13553] [ 468.487799][T13553] dump_stack_lvl+0x100/0x190 [ 468.487826][T13553] should_fail_ex.cold+0x5/0xa [ 468.487848][T13553] should_failslab+0xc2/0x120 [ 468.487870][T13553] kmem_cache_alloc_noprof+0x91/0x6a0 [ 468.487889][T13553] ? get_close_on_exec+0x137/0x320 [ 468.487923][T13553] ? mm_alloc+0x1b/0x60 [ 468.487943][T13553] mm_alloc+0x1b/0x60 [ 468.487959][T13553] alloc_bprm+0x2ba/0x9d0 [ 468.487984][T13553] do_execveat_common.isra.0+0x19c/0x580 [ 468.488007][T13553] ? do_getname+0x191/0x390 [ 468.488027][T13553] __x64_sys_execveat+0xdf/0x130 [ 468.488051][T13553] do_syscall_64+0x115/0x840 [ 468.488065][T13553] ? clear_bhb_loop+0x40/0x90 [ 468.488083][T13553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.488098][T13553] RIP: 0033:0x7f3c6ab9ce59 [ 468.488112][T13553] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 468.488127][T13553] RSP: 002b:00007f3c6babc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 468.488142][T13553] RAX: ffffffffffffffda RBX: 00007f3c6ae16090 RCX: 00007f3c6ab9ce59 [ 468.488152][T13553] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005 [ 468.488161][T13553] RBP: 00007f3c6ac32e6f R08: 0000000000011000 R09: 0000000000000000 [ 468.488170][T13553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 468.488179][T13553] R13: 00007f3c6ae16128 R14: 00007f3c6ae16090 R15: 00007fffd8311cf8 [ 468.488198][T13553] [ 470.087767][T13553] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1555'. [ 473.665549][T13652] netlink: 38 bytes leftover after parsing attributes in process `syz.1.1578'. [ 475.112512][ T29] audit: type=1804 audit(2147484770.949:42): pid=13682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1587" name="/newroot/sys/kernel/tracing/events/vmalloc/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 476.600389][T13705] netlink: 38 bytes leftover after parsing attributes in process `syz.0.1593'. [ 477.055023][T13718] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1596'. [ 477.156395][T13720] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1597'. [ 477.178591][T13715] Process accounting resumed [ 478.792946][T13748] zswap: compressor not available [ 479.272432][ T4943] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 479.288742][ T4943] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 480.483764][T13792] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1617'. [ 483.341584][T13847] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1622'. [ 483.716062][T13857] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1624'. [ 483.835268][T13857] hsr_slave_1: left promiscuous mode [ 484.107176][T13866] WARNING! power/level is deprecated; use power/control instead [ 484.709951][T13883] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1630'. [ 484.767053][T13883] ICMPv6: process `syz.2.1630' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 484.889512][T13884] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1631: iget: checksum invalid [ 484.934518][T13884] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 484.973652][T13884] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1631: iget: checksum invalid [ 485.040509][T13884] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 485.168865][T13890] FAULT_INJECTION: forcing a failure. [ 485.168865][T13890] name failslab, interval 1, probability 0, space 0, times 0 [ 485.206596][T13884] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1631: iget: checksum invalid [ 485.280905][T13884] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 485.314260][T13890] CPU: 0 UID: 0 PID: 13890 Comm: syz.3.1633 Tainted: G L syzkaller #0 PREEMPT(full) [ 485.314286][T13890] Tainted: [L]=SOFTLOCKUP [ 485.314292][T13890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 485.314301][T13890] Call Trace: [ 485.314306][T13890] [ 485.314312][T13890] dump_stack_lvl+0x100/0x190 [ 485.314336][T13890] should_fail_ex.cold+0x5/0xa [ 485.314356][T13890] should_failslab+0xc2/0x120 [ 485.314378][T13890] kmem_cache_alloc_noprof+0x91/0x6a0 [ 485.314395][T13890] ? stack_trace_save+0x8e/0xc0 [ 485.314431][T13890] ? alloc_empty_file+0x5b/0x1c0 [ 485.314454][T13890] alloc_empty_file+0x5b/0x1c0 [ 485.314473][T13890] path_openat+0xe7/0x4280 [ 485.314488][T13890] ? __kasan_slab_alloc+0x89/0x90 [ 485.314507][T13890] ? kmem_cache_alloc_noprof+0x26b/0x6a0 [ 485.314524][T13890] ? do_getname+0x35/0x390 [ 485.314547][T13890] ? do_sys_openat2+0xc7/0x1e0 [ 485.314566][T13890] ? __x64_sys_openat+0x12d/0x210 [ 485.314584][T13890] ? do_syscall_64+0x115/0x840 [ 485.314598][T13890] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.314619][T13890] ? __pfx_path_openat+0x10/0x10 [ 485.314639][T13890] do_file_open+0x20e/0x430 [ 485.314655][T13890] ? __pfx_do_file_open+0x10/0x10 [ 485.314683][T13890] ? alloc_fd+0x471/0x7a0 [ 485.314699][T13890] ? do_getname+0x191/0x390 [ 485.314719][T13890] do_sys_openat2+0x10f/0x1e0 [ 485.314739][T13890] ? __pfx_do_sys_openat2+0x10/0x10 [ 485.314759][T13890] ? __fget_files+0x21f/0x3d0 [ 485.314777][T13890] __x64_sys_openat+0x12d/0x210 [ 485.314797][T13890] ? __pfx___x64_sys_openat+0x10/0x10 [ 485.314824][T13890] do_syscall_64+0x115/0x840 [ 485.314837][T13890] ? clear_bhb_loop+0x40/0x90 [ 485.314854][T13890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.314869][T13890] RIP: 0033:0x7f7421f9ce59 [ 485.314883][T13890] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 485.314899][T13890] RSP: 002b:00007f7422ed6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 485.314914][T13890] RAX: ffffffffffffffda RBX: 00007f7422215fa0 RCX: 00007f7421f9ce59 [ 485.314924][T13890] RDX: 0000000000101480 RSI: 0000200000001080 RDI: ffffffffffffff9c [ 485.314933][T13890] RBP: 00007f7422032e6f R08: 0000000000000000 R09: 0000000000000000 [ 485.314942][T13890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 485.314950][T13890] R13: 00007f7422216038 R14: 00007f7422215fa0 R15: 00007ffe71ee58b8 [ 485.314969][T13890] [ 486.241294][T13884] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1631: iget: checksum invalid [ 486.298098][T13884] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 486.342472][T13884] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 486.413415][T13884] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 486.581569][T13887] pim6reg: entered allmulticast mode [ 486.647474][ T4943] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 486.874779][T13936] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1639'. [ 486.934866][T13941] netlink: 54041 bytes leftover after parsing attributes in process `syz.0.1639'. [ 487.935372][ T5630] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 488.172887][T13961] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1642: iget: checksum invalid [ 488.194983][T13966] block2mtd: illegal erase size [ 488.252751][T13961] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 488.326175][T13961] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1642: iget: checksum invalid [ 488.394362][T13961] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 488.441146][T13961] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1642: iget: checksum invalid [ 488.480918][T13961] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 488.555424][T13961] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.1642: iget: checksum invalid [ 488.635830][T13961] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 488.714050][T13961] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 488.727453][T13961] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 488.750834][T13972] bridge0: port 3(veth1) entered blocking state [ 488.762705][T13972] bridge0: port 3(veth1) entered disabled state [ 488.771696][T13972] veth1: entered allmulticast mode [ 488.779606][T13972] veth1: entered promiscuous mode [ 490.012493][ T5630] Bluetooth: hci0: command 0x0c1a tx timeout [ 490.894790][T14036] FAULT_INJECTION: forcing a failure. [ 490.894790][T14036] name failslab, interval 1, probability 0, space 0, times 0 [ 490.967801][T14036] CPU: 0 UID: 0 PID: 14036 Comm: syz.3.1657 Tainted: G L syzkaller #0 PREEMPT(full) [ 490.967833][T14036] Tainted: [L]=SOFTLOCKUP [ 490.967838][T14036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 490.967848][T14036] Call Trace: [ 490.967853][T14036] [ 490.967859][T14036] dump_stack_lvl+0x100/0x190 [ 490.967885][T14036] should_fail_ex.cold+0x5/0xa [ 490.967905][T14036] should_failslab+0xc2/0x120 [ 490.967927][T14036] __kmalloc_cache_noprof+0x91/0x6c0 [ 490.967943][T14036] ? do_raw_spin_lock+0x128/0x260 [ 490.967960][T14036] ? alloc_fdtable+0xbd/0x2d0 [ 490.967996][T14036] alloc_fdtable+0xbd/0x2d0 [ 490.968020][T14036] dup_fd+0x995/0xd10 [ 490.968038][T14036] ? apparmor_task_alloc+0x2c1/0x3b0 [ 490.968123][T14036] copy_process+0x2c94/0x8030 [ 490.968153][T14036] ? __pfx_copy_process+0x10/0x10 [ 490.968174][T14036] ? rcu_is_watching+0x12/0xc0 [ 490.968198][T14036] kernel_clone+0x176/0x9d0 [ 490.968218][T14036] ? __pfx_kernel_clone+0x10/0x10 [ 490.968246][T14036] __do_sys_clone+0xd9/0x120 [ 490.968264][T14036] ? __pfx___do_sys_clone+0x10/0x10 [ 490.968297][T14036] do_syscall_64+0x115/0x840 [ 490.968311][T14036] ? clear_bhb_loop+0x40/0x90 [ 490.968329][T14036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.968344][T14036] RIP: 0033:0x7f7421f9ce59 [ 490.968358][T14036] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 490.968373][T14036] RSP: 002b:00007f7422eb4fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 490.968388][T14036] RAX: ffffffffffffffda RBX: 00007f7422216090 RCX: 00007f7421f9ce59 [ 490.968398][T14036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 490.968407][T14036] RBP: 00007f7422032e6f R08: 0000000000000000 R09: 0000000000000000 [ 490.968416][T14036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 490.968424][T14036] R13: 00007f7422216128 R14: 00007f7422216090 R15: 00007ffe71ee58b8 [ 490.968443][T14036] [ 491.405137][T14042] random: crng reseeded on system resumption [ 492.041086][T14060] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5629] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[14060] [ 492.082862][ T4943] Bluetooth: hci0: command 0x0c1a tx timeout [ 492.365031][T14060] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5629] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[14060] [ 492.607957][T14060] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5629] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[14060] [ 492.817323][T14060] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5629] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[14060] [ 493.657141][T14101] RDS: rds_bind could not find a transport for fe80::700:0:0:0, load rds_tcp or rds_rdma? [ 494.562366][T14119] Process accounting resumed [ 495.306802][T14139] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 495.864793][T14151] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 495.864793][T14151] The task syz.0.1679 (14151) triggered the difference, watch for misbehavior. [ 497.142754][T14182] block2mtd: illegal erase size [ 497.361440][T14186] i2c i2c-0: new_device: Invalid device name [ 498.684839][T14206] netlink: 202 bytes leftover after parsing attributes in process `syz.3.1692'. [ 498.765505][ T5630] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 498.845756][T14214] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1693: iget: checksum invalid [ 498.989316][T14214] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 499.065275][T14214] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1693: iget: checksum invalid [ 499.154471][T14214] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 499.215285][T14214] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1693: iget: checksum invalid [ 499.303440][T14214] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 499.333669][T14226] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1697'. [ 499.394341][T14214] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1693: iget: checksum invalid [ 499.522840][T14214] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 499.643300][T14214] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 499.791522][T14214] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 500.358766][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 500.365580][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 500.840842][ T4943] Bluetooth: hci3: command 0x0c1a tx timeout [ 501.467226][T14270] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1708'. [ 501.534655][T14270] ICMPv6: process `syz.3.1708' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 502.902177][ T5630] Bluetooth: hci3: command 0x0c1a tx timeout [ 506.791090][T14364] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 506.995407][T14364] File: /dev/sda PID: 14364 Comm: syz.1.1727 [ 507.241130][T14363] Process accounting paused [ 507.980396][T14385] netlink: 202 bytes leftover after parsing attributes in process `syz.0.1731'. [ 510.458863][T14425] NFSD: Failed to start, no listeners configured. [ 510.931184][T14443] netlink: 202 bytes leftover after parsing attributes in process `syz.1.1743'. [ 514.050079][T14526] [U] 0 [ 514.052875][T14526] [U] QUITtcOM,!oTRYV[8c:]ٔF>eOO]e[ڬݹo`؜?:21eէ};tak} _5VUKdA[;tcfDGa:k[ruKUV݁ /(ś`Y(H CRnz< L!ꃠ [ 514.074738][T14526] [U] |%trg [ 514.078198][T14526] [U] Dw:/B#ơ-rnM;pd$ [ 514.083723][T14526] [U] Hq [ 514.086843][T14526] [U] #NOOHR+R [ 514.091581][T14526] [U] +HG= [ 514.094931][T14526] [U] 0n  ^|3:a΢ˌfGQEa7<&;4a,'Ym:su! [ 514.104022][T14526] [U] -;8\$ #bfK0݄T, [ 514.109912][T14526] [U] lAN˖CEZnf Z-sZn쩿$ [ 514.115730][T14526] [U] [ 514.118392][T14526] [U] mx՗QC_ES;D;kͽ [ 514.123496][T14526] [U] [ 514.266816][T14501] Process accounting resumed [ 514.487326][T14526] [U] [ 514.490049][T14526] [U] [ 514.492812][T14526] [U] [ 514.495484][T14526] [U] [ 514.570249][T14526] [U] [ 514.572966][T14526] [U] [ 514.575648][T14526] [U] [ 514.578320][T14526] [U] [ 514.638791][T14526] [U] [ 514.641525][T14526] [U] [ 514.644196][T14526] [U] [ 514.646866][T14526] [U] [ 514.728162][T14526] [U] [ 514.730885][T14526] [U] [ 514.733560][T14526] [U] [ 514.736234][T14526] [U] [ 514.834310][T14526] [U] [ 516.941410][ T4943] Bluetooth: hci1: unexpected event 0x10 length: 124 > 1 [ 516.943841][ T5630] Bluetooth: hci1: hardware error 0x00 [ 518.513895][T14605] ACPI Error: Could not disable RealTimeClock events (20260408/evxfevnt-243) [ 518.724009][T14621] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 519.051448][ T5630] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 521.969647][T14701] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1794'. [ 524.601971][T14731] Process accounting paused [ 525.269121][T14759] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 528.618611][T14824] ubi0: attaching mtd0 [ 528.646351][T14824] ubi0 error: ubi_add_to_av: two LEBs with same sequence number 1 [ 528.718245][T14824] eraseblock attaching information dump: [ 528.763874][T14824] ec 1 [ 528.785321][T14824] pnum 0 [ 528.813274][T14824] lnum 0 [ 528.828641][T14824] scrub 0 [ 528.854513][T14824] sqnum 1 [ 528.908432][T14824] Volume identifier header dump: [ 528.935006][T14824] magic 55424921 [ 528.954957][T14824] version 1 [ 529.001079][T14824] vol_type 1 [ 529.036000][T14824] copy_flag 0 [ 529.063843][T14824] compat 5 [ 529.100028][T14824] vol_id 2147479551 [ 529.157605][T14824] lnum 0 [ 529.195750][T14824] data_size 0 [ 529.230474][T14824] used_ebs 0 [ 529.268084][T14824] data_pad 0 [ 529.294461][T14824] sqnum 1 [ 529.319617][T14824] hdr_crc 65b3bd2d [ 529.361869][T14824] Volume identifier header hexdump: [ 529.696418][T14824] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 529.837464][T14825] ubi0: attaching mtd0 [ 529.932147][T14825] ubi0 error: ubi_add_to_av: two LEBs with same sequence number 1 [ 530.115069][T14825] eraseblock attaching information dump: [ 530.248815][T14825] ec 1 [ 530.306052][T14825] pnum 0 [ 530.373612][T14825] lnum 0 [ 530.412830][T14825] scrub 0 [ 530.467538][T14825] sqnum 1 [ 530.516321][T14825] Volume identifier header dump: [ 530.600166][T14825] magic 55424921 [ 530.662535][T14825] version 1 [ 530.697942][T14825] vol_type 1 [ 530.742424][T14825] copy_flag 0 [ 530.783940][T14825] compat 5 [ 530.841518][T14825] vol_id 2147479551 [ 530.917005][T14825] lnum 0 [ 530.998030][T14825] data_size 0 [ 531.061163][T14825] used_ebs 0 [ 531.096687][T14825] data_pad 0 [ 531.172040][T14825] sqnum 1 [ 531.247843][T14825] hdr_crc 65b3bd2d [ 531.281052][T14825] Volume identifier header hexdump: [ 531.613591][T14825] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 536.149279][T14956] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 536.321473][T14956] CIFS mount error: No usable UNC path provided in device string! [ 536.321473][T14956] [ 536.379176][T14956] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 537.137750][T14959] Process accounting resumed [ 538.825350][T15005] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1869'. [ 541.149740][T15046] bridge0: port 4(vlan1) entered blocking state [ 541.180574][T15046] bridge0: port 4(vlan1) entered disabled state [ 541.223167][T15046] vlan1: entered allmulticast mode [ 541.273766][T15046] veth0_vlan: entered allmulticast mode [ 541.330705][T15046] vlan1: entered promiscuous mode [ 541.819494][T15063] Process accounting resumed [ 544.242105][T15099] Process accounting paused [ 544.573141][T15113] futex_wake_op: syz.0.1893 tries to shift op by -2048; fix this program [ 544.631118][T15114] ubi0: attaching mtd0 [ 544.659103][T15113] futex_wake_op: syz.0.1893 tries to shift op by -2048; fix this program [ 544.726302][T15114] ubi0 error: ubi_add_to_av: two LEBs with same sequence number 1 [ 544.775508][T15114] eraseblock attaching information dump: [ 544.825495][T15114] ec 1 [ 544.852036][T15114] pnum 0 [ 544.871401][T15114] lnum 0 [ 544.918636][T15114] scrub 0 [ 544.946187][T15114] sqnum 1 [ 544.965542][T15114] Volume identifier header dump: [ 544.996352][T15114] magic 55424921 [ 545.040619][T15114] version 1 [ 545.060209][T15114] vol_type 1 [ 545.088183][T15114] copy_flag 0 [ 545.126656][T15114] compat 5 [ 545.144130][T15114] vol_id 2147479551 [ 545.176405][T15114] lnum 0 [ 545.196396][T15114] data_size 0 [ 545.216741][T15114] used_ebs 0 [ 545.253672][T15114] data_pad 0 [ 545.268615][T15114] sqnum 1 [ 545.286963][T15114] hdr_crc 65b3bd2d [ 545.321156][T15114] Volume identifier header hexdump: [ 545.503463][T15119] zswap: compressor not available [ 545.540380][T15114] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 545.873054][T15130] zswap: compressor not available [ 547.338307][T15181] random: crng reseeded on system resumption [ 547.452793][T15181] hub 1-0:1.0: USB hub found [ 547.511237][T15181] hub 1-0:1.0: 1 port detected [ 549.095443][ T29] audit: type=1800 audit(2147484845.326:43): pid=15228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1921" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 552.048115][T15283] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 552.078412][T15283] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 552.104953][T15283] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 554.055438][ T5630] Bluetooth: hci0: command 0x0c1a tx timeout [ 554.135828][ T5630] Bluetooth: hci3: command 0x0c1a tx timeout [ 554.141901][ T4943] Bluetooth: hci2: command 0x0c1a tx timeout [ 555.776522][T15369] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 556.067942][T15370] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1947: iget: checksum invalid [ 556.117747][T15370] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 556.158086][T15370] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1947: iget: checksum invalid [ 556.220714][T15370] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 556.260897][T15370] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1947: iget: checksum invalid [ 556.297170][T15370] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 556.358602][T15370] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1947: iget: checksum invalid [ 556.404054][T15370] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 556.420720][T15378] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1950'. [ 556.518072][T15370] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 556.604640][T15384] netlink: 'syz.3.1951': attribute type 1 has an invalid length. [ 556.652076][T15370] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 561.457220][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 561.463948][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 566.085758][T15562] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 566.497982][ T5630] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 566.655236][T15585] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1992: iget: checksum invalid [ 566.683473][T15585] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 566.742187][T15585] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1992: iget: checksum invalid [ 566.818961][T15581] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18000 [ 566.858112][T15585] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 566.958759][T15581] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 566.977438][T15585] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1992: iget: checksum invalid [ 567.051191][T15585] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 567.068828][T15581] raw: 00fff00000002000 ffffea0000600008 ffffea0000600008 0000000000000000 [ 567.110920][T15585] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.1992: iget: checksum invalid [ 567.139952][T15581] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 567.155004][T15585] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 567.173488][T15585] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 567.200019][T15581] page dumped because: unmovable page [ 567.207130][T15585] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 567.222933][T15581] page_owner info is not present (never set?) [ 567.377737][T15580] Process accounting paused [ 569.791707][T15654] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.2007: iget: checksum invalid [ 569.900037][T15654] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 569.989378][T15654] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.2007: iget: checksum invalid [ 570.072201][T15654] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 570.119806][T15654] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.2007: iget: checksum invalid [ 570.176551][T15654] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 570.221405][T15654] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.2007: iget: checksum invalid [ 570.270318][T15654] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 570.316659][T15654] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 570.353018][T15654] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 570.636522][T15657] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 571.759791][T15689] Process accounting paused [ 574.538065][T15723] Process accounting resumed [ 574.878764][T15739] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.784699][T15739] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.058359][T15739] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.312371][T15739] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.563276][T15739] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 579.453925][T15797] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 579.689643][T15800] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2040'. [ 580.921524][T15810] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 580.968306][T15810] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 581.008965][T15821] Format for deleting device is "id" (uint). [ 583.936412][T15867] netlink: 346 bytes leftover after parsing attributes in process `syz.2.2057'. [ 584.307437][ T5630] Bluetooth: hci0: unexpected event 0x31 length: 19 > 6 [ 587.992152][T15947] FAULT_INJECTION: forcing a failure. [ 587.992152][T15947] name failslab, interval 1, probability 0, space 0, times 0 [ 588.081591][T15947] CPU: 0 UID: 0 PID: 15947 Comm: Tainted: G L syzkaller #0 PREEMPT(full) [ 588.081619][T15947] Tainted: [L]=SOFTLOCKUP [ 588.081624][T15947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 588.081634][T15947] Call Trace: [ 588.081640][T15947] [ 588.081646][T15947] dump_stack_lvl+0x100/0x190 [ 588.081673][T15947] should_fail_ex.cold+0x5/0xa [ 588.081695][T15947] should_failslab+0xc2/0x120 [ 588.081717][T15947] kmem_cache_alloc_noprof+0x91/0x6a0 [ 588.081736][T15947] ? __pfx_acpi_ut_track_stack_ptr+0x10/0x10 [ 588.081837][T15947] ? acpi_ps_alloc_op+0x29d/0x360 [ 588.081879][T15947] acpi_ps_alloc_op+0x29d/0x360 [ 588.081901][T15947] ? acpi_ut_status_exit+0x111/0x1c0 [ 588.081919][T15947] acpi_ps_create_op+0x4b3/0xd10 [ 588.081966][T15947] ? __pfx_acpi_ps_create_op+0x10/0x10 [ 588.081990][T15947] ? acpi_ut_create_generic_state+0x61/0xc0 [ 588.082044][T15947] ? acpi_ut_status_exit+0x111/0x1c0 [ 588.082065][T15947] acpi_ps_parse_loop+0x93f/0x26e0 [ 588.082095][T15947] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 588.082118][T15947] ? acpi_ut_status_exit+0x111/0x1c0 [ 588.082137][T15947] ? acpi_ds_call_control_method+0x435/0xab0 [ 588.082183][T15947] acpi_ps_parse_aml+0x81e/0x1120 [ 588.082202][T15947] acpi_ps_execute_method+0x5c4/0xe90 [ 588.082224][T15947] acpi_ns_evaluate+0x640/0x1670 [ 588.082247][T15947] acpi_evaluate_object+0x420/0xe00 [ 588.082268][T15947] ? __kvmalloc_node_noprof+0x34f/0x970 [ 588.082286][T15947] ? seq_read_iter+0x819/0x1270 [ 588.082309][T15947] ? vfs_read+0x82e/0xb40 [ 588.082325][T15947] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 588.082346][T15947] ? lock_acquire+0x1b9/0x370 [ 588.082366][T15947] acpi_evaluate_integer+0xdf/0x220 [ 588.082408][T15947] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 588.082431][T15947] ? __lock_acquire+0x49f/0x1a40 [ 588.082452][T15947] ? __pfx_status_show+0x10/0x10 [ 588.082494][T15947] status_show+0xa0/0x120 [ 588.082516][T15947] ? __pfx_status_show+0x10/0x10 [ 588.082543][T15947] dev_attr_show+0x52/0xa0 [ 588.082628][T15947] ? __pfx_dev_attr_show+0x10/0x10 [ 588.082650][T15947] sysfs_kf_seq_show+0x217/0x3f0 [ 588.082683][T15947] seq_read_iter+0x32f/0x1270 [ 588.082704][T15947] ? lock_acquire+0x1b9/0x370 [ 588.082727][T15947] kernfs_fop_read_iter+0x46c/0x610 [ 588.082746][T15947] ? rw_verify_area+0xce/0x6d0 [ 588.082766][T15947] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 588.082786][T15947] vfs_read+0x82e/0xb40 [ 588.082802][T15947] ? __pfx_vfs_read+0x10/0x10 [ 588.082828][T15947] ksys_read+0x12a/0x250 [ 588.082842][T15947] ? __pfx_ksys_read+0x10/0x10 [ 588.082861][T15947] do_syscall_64+0x115/0x840 [ 588.082878][T15947] ? clear_bhb_loop+0x40/0x90 [ 588.082904][T15947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 588.082921][T15947] RIP: 0033:0x7f7421f9ce59 [ 588.082936][T15947] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 588.082951][T15947] RSP: 002b:00007f7422ed6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 588.082966][T15947] RAX: ffffffffffffffda RBX: 00007f7422215fa0 RCX: 00007f7421f9ce59 [ 588.082976][T15947] RDX: 000000000000002e RSI: 0000200000000000 RDI: 000000000000000a [ 588.082985][T15947] RBP: 00007f7422032e6f R08: 0000000000000000 R09: 0000000000000000 [ 588.082995][T15947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 588.083004][T15947] R13: 00007f7422216038 R14: 00007f7422215fa0 R15: 00007ffe71ee58b8 [ 588.083025][T15947] [ 588.765470][T15947] ACPI Error: Aborting method \_SB.IQST due to previous error (AE_NO_MEMORY) (20260408/psparse-543) [ 588.776687][T15947] ACPI Error: Aborting method \_SB.LNKB._STA due to previous error (AE_NO_MEMORY) (20260408/psparse-543) [ 588.801489][T15948] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 588.844501][T15948] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 588.985813][T15954] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 590.061545][ T29] audit: type=1804 audit(2147484886.526:44): pid=15973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2083" name="/newroot/512/file0" dev="tmpfs" ino=2679 res=1 errno=0 [ 590.399094][T15988] FAULT_INJECTION: forcing a failure. [ 590.399094][T15988] name failslab, interval 1, probability 0, space 0, times 0 [ 590.461096][T15988] CPU: 0 UID: 0 PID: 15988 Comm: Tainted: G L syzkaller #0 PREEMPT(full) [ 590.461125][T15988] Tainted: [L]=SOFTLOCKUP [ 590.461136][T15988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 590.461151][T15988] Call Trace: [ 590.461158][T15988] [ 590.461164][T15988] dump_stack_lvl+0x100/0x190 [ 590.461190][T15988] should_fail_ex.cold+0x5/0xa [ 590.461211][T15988] should_failslab+0xc2/0x120 [ 590.461233][T15988] kmem_cache_alloc_noprof+0x91/0x6a0 [ 590.461251][T15988] ? __pfx_acpi_ut_track_stack_ptr+0x10/0x10 [ 590.461269][T15988] ? acpi_ut_create_generic_state+0x61/0xc0 [ 590.461297][T15988] acpi_ut_create_generic_state+0x61/0xc0 [ 590.461320][T15988] acpi_ps_push_scope+0x42/0x280 [ 590.461337][T15988] acpi_ps_parse_loop+0x330/0x26e0 [ 590.461366][T15988] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 590.461389][T15988] ? acpi_ut_status_exit+0x111/0x1c0 [ 590.461406][T15988] ? acpi_ds_call_control_method+0x435/0xab0 [ 590.461430][T15988] acpi_ps_parse_aml+0x81e/0x1120 [ 590.461449][T15988] acpi_ps_execute_method+0x5c4/0xe90 [ 590.461470][T15988] acpi_ns_evaluate+0x640/0x1670 [ 590.461492][T15988] acpi_evaluate_object+0x420/0xe00 [ 590.461516][T15988] ? __kvmalloc_node_noprof+0x34f/0x970 [ 590.461533][T15988] ? seq_read_iter+0x819/0x1270 [ 590.461556][T15988] ? vfs_read+0x82e/0xb40 [ 590.461572][T15988] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 590.461593][T15988] ? lock_acquire+0x1b9/0x370 [ 590.461613][T15988] acpi_evaluate_integer+0xdf/0x220 [ 590.461632][T15988] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 590.461651][T15988] ? __lock_acquire+0x49f/0x1a40 [ 590.461670][T15988] ? __pfx_status_show+0x10/0x10 [ 590.461691][T15988] status_show+0xa0/0x120 [ 590.461712][T15988] ? __pfx_status_show+0x10/0x10 [ 590.461746][T15988] dev_attr_show+0x52/0xa0 [ 590.461770][T15988] ? __pfx_dev_attr_show+0x10/0x10 [ 590.461790][T15988] sysfs_kf_seq_show+0x217/0x3f0 [ 590.461815][T15988] seq_read_iter+0x32f/0x1270 [ 590.461838][T15988] ? lock_acquire+0x1b9/0x370 [ 590.461859][T15988] kernfs_fop_read_iter+0x46c/0x610 [ 590.461877][T15988] ? rw_verify_area+0xce/0x6d0 [ 590.461898][T15988] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 590.461917][T15988] vfs_read+0x82e/0xb40 [ 590.461933][T15988] ? __pfx_vfs_read+0x10/0x10 [ 590.461960][T15988] ksys_read+0x12a/0x250 [ 590.461973][T15988] ? __pfx_ksys_read+0x10/0x10 [ 590.461993][T15988] do_syscall_64+0x115/0x840 [ 590.462008][T15988] ? clear_bhb_loop+0x40/0x90 [ 590.462026][T15988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.462042][T15988] RIP: 0033:0x7f3c6ab9ce59 [ 590.462056][T15988] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 590.462071][T15988] RSP: 002b:00007f3c6badd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 590.462086][T15988] RAX: ffffffffffffffda RBX: 00007f3c6ae15fa0 RCX: 00007f3c6ab9ce59 [ 590.462097][T15988] RDX: 000000000000002e RSI: 0000200000000000 RDI: 000000000000000a [ 590.462106][T15988] RBP: 00007f3c6ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 590.462116][T15988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 590.462125][T15988] R13: 00007f3c6ae16038 R14: 00007f3c6ae15fa0 R15: 00007fffd8311cf8 [ 590.462146][T15988] [ 590.466658][T15988] ACPI Error: [ 591.618444][T15988] Aborting method \_SB.IQST due to previous error (AE_NO_MEMORY) (20260408/psparse-543) [ 591.675519][T15988] ACPI Error: Aborting method \_SB.LNKB._STA due to previous error (AE_NO_MEMORY) (20260408/psparse-543) [ 593.369146][T16038] syz.1.2097 (16038) used obsolete PPPIOCDETACH ioctl [ 594.124177][T16053] FAULT_INJECTION: forcing a failure. [ 594.124177][T16053] name failslab, interval 1, probability 0, space 0, times 0 [ 594.242690][T16053] CPU: 0 UID: 0 PID: 16053 Comm: syz.2.2098 Tainted: G L syzkaller #0 PREEMPT(full) [ 594.242718][T16053] Tainted: [L]=SOFTLOCKUP [ 594.242723][T16053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 594.242733][T16053] Call Trace: [ 594.242739][T16053] [ 594.242746][T16053] dump_stack_lvl+0x100/0x190 [ 594.242770][T16053] should_fail_ex.cold+0x5/0xa [ 594.242791][T16053] should_failslab+0xc2/0x120 [ 594.242813][T16053] __kvmalloc_node_noprof+0x116/0x970 [ 594.242832][T16053] ? __x64_sys_futex+0x358/0x4d0 [ 594.242852][T16053] ? __do_sys_setgroups+0x126/0x4f0 [ 594.242878][T16053] __do_sys_setgroups+0x126/0x4f0 [ 594.242899][T16053] ? 0xffffffffff600000 [ 594.242913][T16053] do_syscall_64+0x115/0x840 [ 594.242933][T16053] ? clear_bhb_loop+0x40/0x90 [ 594.242952][T16053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.242968][T16053] RIP: 0033:0x7f3c6ab9ce59 [ 594.242986][T16053] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 594.243000][T16053] RSP: 002b:00007f3c6ba7a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000074 [ 594.243015][T16053] RAX: ffffffffffffffda RBX: 00007f3c6ae16270 RCX: 00007f3c6ab9ce59 [ 594.243025][T16053] RDX: 0000000000000000 RSI: ffffffffff600000 RDI: 0000000c00000000 [ 594.243035][T16053] RBP: 00007f3c6ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 594.243043][T16053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 594.243052][T16053] R13: 00007f3c6ae16308 R14: 00007f3c6ae16270 R15: 00007fffd8311cf8 [ 594.243070][T16053] ? 0xffffffffff600000 [ 594.243084][T16053] [ 595.708565][T16089] vivid-007: ================= START STATUS ================= [ 595.718466][T16089] vivid-007: Generate PTS: true [ 595.730467][T16089] vivid-007: Generate SCR: true [ 595.740519][T16089] tpg source WxH: 320x240 (Y'CbCr) [ 595.751963][T16089] tpg field: 1 [ 595.768639][T16089] tpg crop: (0,0)/320x240 [ 595.787294][T16089] tpg compose: (0,0)/320x240 [ 595.809380][T16089] tpg colorspace: 8 [ 595.833148][T16089] tpg transfer function: 0/0 [ 595.850136][T16089] tpg Y'CbCr encoding: 0/0 [ 595.898052][T16089] tpg quantization: 0/0 [ 595.949573][T16089] tpg RGB range: 0/2 [ 595.968868][T16089] vivid-007: ================== END STATUS ================== [ 596.903605][T16098] netlink: 1166 bytes leftover after parsing attributes in process `syz.1.2110'. [ 597.481174][T16121] Process accounting resumed [ 598.959365][T16175] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 600.095632][T16208] futex_wake_op: syz.1.2133 tries to shift op by -2048; fix this program [ 600.161820][T16208] futex_wake_op: syz.1.2133 tries to shift op by -2048; fix this program [ 601.107735][T16222] random: crng reseeded on system resumption [ 601.744944][T16248] ICMPv6: process `syz.3.2140' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 602.897614][T16234] Process accounting resumed [ 603.580057][T16271] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 603.808702][T16274] nvme_fabrics: missing parameter 'transport=%s' [ 603.887201][T16274] nvme_fabrics: missing parameter 'nqn=%s' [ 604.610116][T16285] Process accounting paused [ 604.842646][T16306] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 606.117324][ T5724] ACPI Error: Could not disable RealTimeClock events (20260408/evxfevnt-243) [ 612.350281][T16454] futex_wake_op: syz.2.2186 tries to shift op by -2048; fix this program [ 612.413121][T16454] futex_wake_op: syz.2.2186 tries to shift op by -2048; fix this program [ 613.063423][T16453] FAULT_INJECTION: forcing a failure. [ 613.063423][T16453] name failslab, interval 1, probability 0, space 0, times 0 [ 613.149511][T16453] CPU: 0 UID: 0 PID: 16453 Comm: syz.3.2185 Tainted: G L syzkaller #0 PREEMPT(full) [ 613.149540][T16453] Tainted: [L]=SOFTLOCKUP [ 613.149545][T16453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 613.149555][T16453] Call Trace: [ 613.149560][T16453] [ 613.149566][T16453] dump_stack_lvl+0x100/0x190 [ 613.149591][T16453] should_fail_ex.cold+0x5/0xa [ 613.149613][T16453] should_failslab+0xc2/0x120 [ 613.149635][T16453] kmem_cache_alloc_noprof+0x91/0x6a0 [ 613.149654][T16453] ? vm_area_alloc+0x1f/0x160 [ 613.149673][T16453] vm_area_alloc+0x1f/0x160 [ 613.149688][T16453] __mmap_region+0x1033/0x2db0 [ 613.149707][T16453] ? __pfx_stack_trace_save+0x10/0x10 [ 613.149728][T16453] ? __pfx___mmap_region+0x10/0x10 [ 613.149742][T16453] ? stack_depot_save_flags+0x27/0x9d0 [ 613.149790][T16453] ? __lock_acquire+0x49f/0x1a40 [ 613.149806][T16453] ? kasan_save_free_info+0x3b/0x70 [ 613.149832][T16453] ? __lock_acquire+0x49f/0x1a40 [ 613.149855][T16453] ? hrtimer_start_range_ns_common+0x78e/0x18b0 [ 613.149883][T16453] ? rcu_is_watching+0x12/0xc0 [ 613.149901][T16453] ? finish_task_switch.isra.0+0x2c5/0x10c0 [ 613.149919][T16453] ? lockdep_hardirqs_on+0x78/0x100 [ 613.150040][T16453] mmap_region+0x35d/0x620 [ 613.150058][T16453] ? rcu_is_watching+0x12/0xc0 [ 613.150077][T16453] ? __pfx_mmap_region+0x10/0x10 [ 613.150097][T16453] ? cap_mmap_addr+0x4b/0x120 [ 613.150141][T16453] ? bpf_lsm_mmap_addr+0x9/0x30 [ 613.150160][T16453] ? security_mmap_addr+0x71/0x1e0 [ 613.150181][T16453] ? __get_unmapped_area+0x255/0x3e0 [ 613.150205][T16453] do_mmap+0xc63/0x12f0 [ 613.150230][T16453] ? __pfx_do_mmap+0x10/0x10 [ 613.150251][T16453] ? __pfx_down_write_killable+0x10/0x10 [ 613.150288][T16453] ? __pfx_futex_wait+0x10/0x10 [ 613.150319][T16453] vm_mmap_pgoff+0x29e/0x470 [ 613.150345][T16453] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 613.150369][T16453] ? __pfx_do_futex+0x10/0x10 [ 613.150390][T16453] ksys_mmap_pgoff+0xe4/0x610 [ 613.150411][T16453] ? __x64_sys_futex+0x358/0x4d0 [ 613.150428][T16453] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 613.150448][T16453] ? xfd_validate_state+0x129/0x190 [ 613.150482][T16453] __x64_sys_mmap+0x125/0x190 [ 613.150503][T16453] do_syscall_64+0x115/0x840 [ 613.150517][T16453] ? clear_bhb_loop+0x40/0x90 [ 613.150535][T16453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.150551][T16453] RIP: 0033:0x7f7421f9ce59 [ 613.150564][T16453] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 613.150579][T16453] RSP: 002b:00007f7422eb5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 613.150595][T16453] RAX: ffffffffffffffda RBX: 00007f7422216090 RCX: 00007f7421f9ce59 [ 613.150606][T16453] RDX: 00000000000000df RSI: 000000000000e983 RDI: 0000000000000000 [ 613.150614][T16453] RBP: 00007f7422032e6f R08: 0000000000000401 R09: 0000000000008000 [ 613.150625][T16453] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 613.150635][T16453] R13: 00007f7422216128 R14: 00007f7422216090 R15: 00007ffe71ee58b8 [ 613.150654][T16453] [ 613.644805][T16475] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 613.761285][T16471] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2191'. [ 614.444454][T16487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2192'. [ 614.764070][T16499] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2194'. [ 614.849513][T16493] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2194'. [ 615.936617][T16485] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 616.904087][T16534] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2204'. [ 617.008076][T16534] bond0: (slave bond_slave_0): Releasing backup interface [ 618.351170][T16562] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2211'. [ 618.928770][T16566] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2212'. [ 620.090543][T16596] random: crng reseeded on system resumption [ 621.332948][T16616] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2223'. [ 622.491041][T16632] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2226'. [ 622.556561][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 622.562952][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 623.743118][T16652] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2233'. [ 623.823646][T16650] FAULT_INJECTION: forcing a failure. [ 623.823646][T16650] name failslab, interval 1, probability 0, space 0, times 0 [ 623.869101][T16650] CPU: 0 UID: 0 PID: 16650 Comm: syz.2.2232 Tainted: G L syzkaller #0 PREEMPT(full) [ 623.869128][T16650] Tainted: [L]=SOFTLOCKUP [ 623.869134][T16650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 623.869143][T16650] Call Trace: [ 623.869149][T16650] [ 623.869155][T16650] dump_stack_lvl+0x100/0x190 [ 623.869180][T16650] should_fail_ex.cold+0x5/0xa [ 623.869201][T16650] should_failslab+0xc2/0x120 [ 623.869223][T16650] kmem_cache_alloc_noprof+0x91/0x6a0 [ 623.869241][T16650] ? d_instantiate+0x8a/0xb0 [ 623.869259][T16650] ? d_instantiate+0x8a/0xb0 [ 623.869275][T16650] ? alloc_empty_file+0x5b/0x1c0 [ 623.869296][T16650] alloc_empty_file+0x5b/0x1c0 [ 623.869315][T16650] alloc_file_pseudo+0x183/0x290 [ 623.869343][T16650] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 623.869364][T16650] ? security_inode_init_security_anon+0x7b/0x230 [ 623.869388][T16650] __anon_inode_getfile+0xe8/0x280 [ 623.869441][T16650] new_userfaultfd+0x255/0x400 [ 623.869465][T16650] __x64_sys_userfaultfd+0x4b/0xb0 [ 623.869481][T16650] do_syscall_64+0x115/0x840 [ 623.869495][T16650] ? clear_bhb_loop+0x40/0x90 [ 623.869513][T16650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.869528][T16650] RIP: 0033:0x7f3c6ab9ce59 [ 623.869543][T16650] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 623.869558][T16650] RSP: 002b:00007f3c6badd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000143 [ 623.869573][T16650] RAX: ffffffffffffffda RBX: 00007f3c6ae15fa0 RCX: 00007f3c6ab9ce59 [ 623.869583][T16650] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 623.869592][T16650] RBP: 00007f3c6ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 623.869601][T16650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 623.869610][T16650] R13: 00007f3c6ae16038 R14: 00007f3c6ae15fa0 R15: 00007fffd8311cf8 [ 623.869629][T16650] [ 624.124046][T16629] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 625.800594][T16678] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:106: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 625.902493][T16678] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:106: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 626.012266][T16678] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 626.678189][ T4943] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 626.696292][ T4943] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 626.706832][ T4943] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 626.719149][ T4943] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 626.731289][ T4943] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 626.829191][T16690] FAULT_INJECTION: forcing a failure. [ 626.829191][T16690] name failslab, interval 1, probability 0, space 0, times 0 [ 626.899365][T16690] CPU: 0 UID: 0 PID: 16690 Comm: syz.2.2244 Tainted: G L syzkaller #0 PREEMPT(full) [ 626.899393][T16690] Tainted: [L]=SOFTLOCKUP [ 626.899398][T16690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 626.899408][T16690] Call Trace: [ 626.899415][T16690] [ 626.899422][T16690] dump_stack_lvl+0x100/0x190 [ 626.899447][T16690] should_fail_ex.cold+0x5/0xa [ 626.899469][T16690] should_failslab+0xc2/0x120 [ 626.899495][T16690] __kmalloc_cache_noprof+0x91/0x6c0 [ 626.899511][T16690] ? ktime_get_coarse_real_ts64_mg+0x1e0/0x300 [ 626.899530][T16690] ? hugetlb_vma_lock_alloc.part.0+0x3f/0x130 [ 626.899551][T16690] hugetlb_vma_lock_alloc.part.0+0x3f/0x130 [ 626.899569][T16690] hugetlb_reserve_pages+0x6bf/0x1490 [ 626.899594][T16690] ? __pfx___might_resched+0x10/0x10 [ 626.899618][T16690] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 626.899642][T16690] ? atime_needs_update+0x8b/0x6b0 [ 626.899664][T16690] ? touch_atime+0xa5/0x760 [ 626.899682][T16690] ? mas_preallocate+0x521/0x14a0 [ 626.899812][T16690] hugetlbfs_file_mmap+0x51a/0x780 [ 626.899868][T16690] ? __pfx_hugetlbfs_file_mmap+0x10/0x10 [ 626.899889][T16690] ? lockdep_init_map_type+0x5c/0x250 [ 626.899907][T16690] __mmap_region+0x13c7/0x2db0 [ 626.899928][T16690] ? __pfx___mmap_region+0x10/0x10 [ 626.899943][T16690] ? __pfx___might_resched+0x10/0x10 [ 626.899969][T16690] ? __lock_acquire+0x49f/0x1a40 [ 626.899997][T16690] ? __lock_acquire+0x49f/0x1a40 [ 626.900020][T16690] ? __lock_acquire+0x49f/0x1a40 [ 626.900045][T16690] ? is_bpf_text_address+0x8a/0x1a0 [ 626.900075][T16690] ? is_bpf_text_address+0x8a/0x1a0 [ 626.900103][T16690] ? unwind_get_return_address+0x59/0xa0 [ 626.900126][T16690] ? arch_stack_walk+0xa6/0xf0 [ 626.900180][T16690] mmap_region+0x527/0x620 [ 626.900199][T16690] ? __pfx_mmap_region+0x10/0x10 [ 626.900217][T16690] ? cap_mmap_addr+0x4b/0x120 [ 626.900232][T16690] ? bpf_lsm_mmap_addr+0x9/0x30 [ 626.900246][T16690] ? security_mmap_addr+0x71/0x1e0 [ 626.900266][T16690] ? __get_unmapped_area+0x255/0x3e0 [ 626.900289][T16690] do_mmap+0xc63/0x12f0 [ 626.900313][T16690] ? __pfx_do_mmap+0x10/0x10 [ 626.900333][T16690] ? __pfx_down_write_killable+0x10/0x10 [ 626.900354][T16690] vm_mmap_pgoff+0x29e/0x470 [ 626.900378][T16690] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 626.900396][T16690] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 626.900424][T16690] ksys_mmap_pgoff+0x285/0x610 [ 626.900446][T16690] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 626.900467][T16690] ? xfd_validate_state+0x129/0x190 [ 626.900492][T16690] __x64_sys_mmap+0x125/0x190 [ 626.900513][T16690] do_syscall_64+0x115/0x840 [ 626.900527][T16690] ? clear_bhb_loop+0x40/0x90 [ 626.900546][T16690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.900562][T16690] RIP: 0033:0x7f3c6ab9ce59 [ 626.900576][T16690] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 626.900591][T16690] RSP: 002b:00007f3c6badd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 626.900607][T16690] RAX: ffffffffffffffda RBX: 00007f3c6ae15fa0 RCX: 00007f3c6ab9ce59 [ 626.900617][T16690] RDX: 0000000000000002 RSI: 0000000000600006 RDI: 0000000000000000 [ 626.900627][T16690] RBP: 00007f3c6ac32e6f R08: ffffffffffffffff R09: 0000300000000000 [ 626.900637][T16690] R10: 00000000000406b1 R11: 0000000000000246 R12: 0000000000000000 [ 626.900646][T16690] R13: 00007f3c6ae16038 R14: 00007f3c6ae15fa0 R15: 00007fffd8311cf8 [ 626.900667][T16690] [ 626.900687][T16690] HugeTLB: unable to allocate vma specific lock [ 627.352307][T16694] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2243'. [ 628.115758][T16692] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 628.228779][T16692] Process accounting paused [ 628.348497][ T7155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 628.479871][T16709] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 628.652305][T16709] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 628.757040][ T4943] Bluetooth: hci4: command tx timeout [ 628.778853][T16709] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 628.852995][T16709] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 628.906485][T16709] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 628.959878][T16709] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 628.977192][ T7155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 629.019619][T16709] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 629.086830][T16709] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 629.142998][T16709] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 629.159220][ T7155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 629.187944][T16709] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 630.736110][ T7155] dummy0: left allmulticast mode [ 630.796598][ T7155] dummy0: left promiscuous mode [ 630.824759][ T4943] Bluetooth: hci4: command tx timeout [ 630.833130][ T7155] bridge0: port 3(dummy0) entered disabled state [ 630.918473][ T7155] bridge_slave_1: left allmulticast mode [ 630.952915][ T7155] bridge_slave_1: left promiscuous mode [ 630.987055][ T7155] bridge0: port 2(bridge_slave_1) entered disabled state [ 631.045268][ T7155] bridge_slave_0: left allmulticast mode [ 631.081219][ T7155] bridge_slave_0: left promiscuous mode [ 631.107936][ T7155] bridge0: port 1(bridge_slave_0) entered disabled state [ 631.665085][ T7155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 631.690150][ T7155] bond0 (unregistering): Released all slaves [ 631.762828][ T7155] HSR: left promiscuous mode [ 631.937571][T16766] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.2251: iget: checksum invalid [ 631.987271][ T7155] : left promiscuous mode [ 632.004876][T16766] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 632.061664][T16766] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.2251: iget: checksum invalid [ 632.127810][T16766] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 632.160524][T16766] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.2251: iget: checksum invalid [ 632.196445][T16766] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 632.221425][T16766] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.2251: iget: checksum invalid [ 632.244987][T16766] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 632.294731][T16766] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 632.336868][T16766] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 632.609859][T16777] FAULT_INJECTION: forcing a failure. [ 632.609859][T16777] name failslab, interval 1, probability 0, space 0, times 0 [ 632.686984][T16777] CPU: 0 UID: 0 PID: 16777 Comm: syz.3.2252 Tainted: G L syzkaller #0 PREEMPT(full) [ 632.687011][T16777] Tainted: [L]=SOFTLOCKUP [ 632.687017][T16777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 632.687027][T16777] Call Trace: [ 632.687032][T16777] [ 632.687038][T16777] dump_stack_lvl+0x100/0x190 [ 632.687064][T16777] should_fail_ex.cold+0x5/0xa [ 632.687086][T16777] should_failslab+0xc2/0x120 [ 632.687108][T16777] kmem_cache_alloc_noprof+0x91/0x6a0 [ 632.687128][T16777] ? alloc_vfsmnt+0x23/0x710 [ 632.687150][T16777] alloc_vfsmnt+0x23/0x710 [ 632.687170][T16777] clone_mnt+0x4b/0x930 [ 632.687196][T16777] copy_tree+0x329/0xbf0 [ 632.687216][T16777] copy_mnt_ns+0x3fa/0x1180 [ 632.687238][T16777] ? __pfx_copy_mnt_ns+0x10/0x10 [ 632.687257][T16777] ? kmem_cache_alloc_noprof+0x2d7/0x6a0 [ 632.687275][T16777] ? create_new_namespaces+0x30/0xac0 [ 632.687295][T16777] create_new_namespaces+0xd3/0xac0 [ 632.687311][T16777] ? bpf_lsm_capable+0x9/0x10 [ 632.687327][T16777] ? security_capable+0x80/0x260 [ 632.687345][T16777] copy_namespaces+0x468/0x5e0 [ 632.687362][T16777] copy_process+0x385f/0x8030 [ 632.687391][T16777] ? __pfx_copy_process+0x10/0x10 [ 632.687414][T16777] ? _copy_from_user+0x59/0xd0 [ 632.687453][T16777] kernel_clone+0x176/0x9d0 [ 632.687474][T16777] ? __pfx_kernel_clone+0x10/0x10 [ 632.687503][T16777] __do_sys_clone3+0x214/0x290 [ 632.687522][T16777] ? __pfx___do_sys_clone3+0x10/0x10 [ 632.687566][T16777] do_syscall_64+0x115/0x840 [ 632.687581][T16777] ? clear_bhb_loop+0x40/0x90 [ 632.687599][T16777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.687614][T16777] RIP: 0033:0x7f7421f9ce59 [ 632.687628][T16777] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 632.687643][T16777] RSP: 002b:00007f7422ed5ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 632.687658][T16777] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f7421f9ce59 [ 632.687668][T16777] RDX: 00007f7422ed5f10 RSI: 0000000000000058 RDI: 00007f7422ed5f10 [ 632.687677][T16777] RBP: 00007f7422032e6f R08: 0000000000000000 R09: 0000000000000058 [ 632.687687][T16777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 632.687696][T16777] R13: 00007f7422216038 R14: 00007f7422215fa0 R15: 00007ffe71ee58b8 [ 632.687716][T16777] [ 633.012265][T16686] bridge0: port 1(bridge_slave_0) entered blocking state [ 633.019429][T16686] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.026663][T16686] bridge_slave_0: entered allmulticast mode [ 633.033798][T16686] bridge_slave_0: entered promiscuous mode [ 633.041237][T16686] bridge0: port 2(bridge_slave_1) entered blocking state [ 633.048475][T16686] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.055750][T16686] bridge_slave_1: entered allmulticast mode [ 633.062826][T16686] bridge_slave_1: entered promiscuous mode [ 633.086843][T16686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 633.097997][T16686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 633.124330][T16686] team0: Port device team_slave_0 added [ 633.131861][T16686] team0: Port device team_slave_1 added [ 633.153054][T16686] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 633.160036][T16686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 633.186375][T16686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 633.198508][T16686] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 633.205583][T16686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 633.247265][ T4943] Bluetooth: hci4: command tx timeout [ 633.292943][T16686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 633.406689][T16791] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2254'. [ 633.663804][T16791] macvtap0: entered promiscuous mode [ 633.669669][T16791] macvtap0: entered allmulticast mode [ 633.675599][T16791] veth0_macvtap: entered allmulticast mode [ 633.927807][T16686] hsr_slave_0: entered promiscuous mode [ 633.951488][T16800] can: request_module (can-proto-0) failed. [ 633.982720][T16686] hsr_slave_1: entered promiscuous mode [ 634.022261][T16686] debugfs: 'hsr0' already exists in 'hsr' [ 634.060057][T16686] Cannot create hsr debugfs directory [ 634.595510][ T5289] 8021q: adding VLAN 0 to HW filter on device eth2 [ 635.006801][ T7155] hsr_slave_0: left promiscuous mode [ 635.059201][ T7155] hsr_slave_1: left promiscuous mode [ 635.091499][ T7155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 635.134156][ T7155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 635.191423][ T7155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 635.232452][ T7155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 635.279915][ T4943] Bluetooth: hci4: command tx timeout [ 635.375862][ T7155] veth1_macvtap: left promiscuous mode [ 635.421016][ T7155] veth0_macvtap: left promiscuous mode [ 635.573484][T16829] Process accounting resumed [ 636.328218][ T7155] team0 (unregistering): Port device team_slave_1 removed [ 636.428495][ T7155] team0 (unregistering): Port device team_slave_0 removed [ 636.838086][ T5289] 8021q: adding VLAN 0 to HW filter on device eth3 [ 639.429381][T16686] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 639.542803][T16686] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 639.583831][T16686] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 639.661199][T16686] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 639.711104][T16686] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 639.775866][T16686] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 639.829424][T16686] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 639.890267][T16686] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 640.546048][T16907] futex_wake_op: syz.1.2267 tries to shift op by -2048; fix this program [ 640.581581][T16907] futex_wake_op: syz.1.2267 tries to shift op by -2048; fix this program [ 640.624380][T16907] 0x000000000001-0x000000020000 : "" [ 640.678233][T16907] ftl_cs: FTL header corrupt! [ 641.981210][T16686] 8021q: adding VLAN 0 to HW filter on device bond0 [ 642.083568][T16686] 8021q: adding VLAN 0 to HW filter on device team0 [ 642.168145][ T7172] bridge0: port 1(bridge_slave_0) entered blocking state [ 642.176814][ T7172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 642.278588][ T7172] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.286536][ T7172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 646.094958][T16686] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 646.360007][T16686] veth0_vlan: entered promiscuous mode [ 646.618836][T16686] veth1_vlan: entered promiscuous mode [ 646.977244][T16686] veth0_macvtap: entered promiscuous mode [ 647.355813][T17027] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 647.388256][T16686] veth1_macvtap: entered promiscuous mode [ 647.735377][T16686] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 647.952803][T16686] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 648.423667][T13392] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 648.465596][T13392] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 648.511600][T13392] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 648.557153][T13392] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 648.902401][T17013] kexec: Could not allocate control_code_buffer [ 649.020314][ T1172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 649.049514][ T1172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 649.269652][T13392] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 649.343910][T13392] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 649.547541][T17055] futex_wake_op: syz.3.2282 tries to shift op by -2048; fix this program [ 649.602987][T17055] futex_wake_op: syz.3.2282 tries to shift op by -2048; fix this program [ 650.192696][T17067] FAULT_INJECTION: forcing a failure. [ 650.192696][T17067] name failslab, interval 1, probability 0, space 0, times 0 [ 650.265036][T17067] CPU: 0 UID: 0 PID: 17067 Comm: syz.0.2285 Tainted: G L syzkaller #0 PREEMPT(full) [ 650.265062][T17067] Tainted: [L]=SOFTLOCKUP [ 650.265067][T17067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 650.265077][T17067] Call Trace: [ 650.265083][T17067] [ 650.265088][T17067] dump_stack_lvl+0x100/0x190 [ 650.265116][T17067] should_fail_ex.cold+0x5/0xa [ 650.265138][T17067] should_failslab+0xc2/0x120 [ 650.265161][T17067] __kmalloc_cache_noprof+0x91/0x6c0 [ 650.265178][T17067] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 650.265223][T17067] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 650.265248][T17067] ? rcu_is_watching+0x12/0xc0 [ 650.265268][T17067] ? trace_contention_end+0x126/0x160 [ 650.265284][T17067] ? __mutex_lock+0x26d/0x1bd0 [ 650.265301][T17067] ? snd_pcm_oss_write+0x49a/0xa30 [ 650.265383][T17067] ? aa_file_perm+0x7f3/0x14d0 [ 650.265443][T17067] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 650.265468][T17067] ? __pfx___mutex_lock+0x10/0x10 [ 650.265494][T17067] ? __pfx___might_resched+0x10/0x10 [ 650.265525][T17067] ? get_pid_task+0xfc/0x250 [ 650.265547][T17067] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 650.265571][T17067] snd_pcm_oss_write+0x4bb/0xa30 [ 650.265595][T17067] ? bpf_lsm_file_permission+0x9/0x10 [ 650.265610][T17067] ? security_file_permission+0x76/0x210 [ 650.265634][T17067] vfs_write+0x2aa/0x1050 [ 650.265649][T17067] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 650.265674][T17067] ? __pfx_vfs_write+0x10/0x10 [ 650.265686][T17067] ? find_held_lock+0x2b/0x80 [ 650.265704][T17067] ? __fget_files+0x215/0x3d0 [ 650.265718][T17067] ? __fget_files+0x215/0x3d0 [ 650.265735][T17067] ? __fget_files+0x21f/0x3d0 [ 650.265753][T17067] ksys_write+0x12a/0x250 [ 650.265767][T17067] ? __pfx_ksys_write+0x10/0x10 [ 650.265788][T17067] do_syscall_64+0x115/0x840 [ 650.265802][T17067] ? clear_bhb_loop+0x40/0x90 [ 650.265821][T17067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.265836][T17067] RIP: 0033:0x7f2c45b9ce59 [ 650.265849][T17067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 650.265869][T17067] RSP: 002b:00007f2c46a72028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 650.265884][T17067] RAX: ffffffffffffffda RBX: 00007f2c45e15fa0 RCX: 00007f2c45b9ce59 [ 650.265893][T17067] RDX: 000040100000a3d5 RSI: 0000000000000000 RDI: 0000000000000003 [ 650.265902][T17067] RBP: 00007f2c46a72090 R08: 0000000000000000 R09: 0000000000000000 [ 650.265911][T17067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 650.265920][T17067] R13: 00007f2c45e16038 R14: 00007f2c45e15fa0 R15: 00007ffe474136f8 [ 650.265939][T17067] [ 651.930962][T17083] bond0: invalid ARP target specified [ 654.430254][T17128] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2299'. [ 654.545800][T17128] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2299'. [ 654.565555][T17128] mac80211_hwsim hwsim2 : renamed from wlan0 (while UP) [ 655.549657][T17152] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 656.573276][T17169] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2310'. [ 656.807395][T17169] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2310'. [ 656.836409][T17169] mac80211_hwsim hwsim32 : renamed from wlan0 (while UP) [ 657.247254][T17178] [U] 0="/ [ 657.267608][T17178] [U] [ 657.280818][T17178] [U] EeQ@ [ 657.302871][T17177] [U]  [ 657.401546][T17173] FAULT_INJECTION: forcing a failure. [ 657.401546][T17173] name failslab, interval 1, probability 0, space 0, times 0 [ 657.464434][T17173] CPU: 0 UID: 0 PID: 17173 Comm: syz.2.2311 Tainted: G L syzkaller #0 PREEMPT(full) [ 657.464462][T17173] Tainted: [L]=SOFTLOCKUP [ 657.464468][T17173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 657.464477][T17173] Call Trace: [ 657.464483][T17173] [ 657.464489][T17173] dump_stack_lvl+0x100/0x190 [ 657.464514][T17173] should_fail_ex.cold+0x5/0xa [ 657.464536][T17173] should_failslab+0xc2/0x120 [ 657.464557][T17173] __kmalloc_noprof+0xfc/0x820 [ 657.464577][T17173] ? get_callchain_buffers+0x123/0x380 [ 657.464600][T17173] get_callchain_buffers+0x123/0x380 [ 657.464619][T17173] ? bpf_lsm_capable+0x9/0x10 [ 657.464635][T17173] ? security_capable+0x80/0x260 [ 657.464651][T17173] stack_map_alloc+0x316/0x610 [ 657.464671][T17173] map_create+0x874/0x3120 [ 657.464712][T17173] ? __lock_acquire+0x49f/0x1a40 [ 657.464731][T17173] ? __pfx_map_create+0x10/0x10 [ 657.464759][T17173] ? __might_fault+0xc5/0x140 [ 657.464783][T17173] __sys_bpf+0x2a6e/0x4e80 [ 657.464806][T17173] ? __pfx___sys_bpf+0x10/0x10 [ 657.464821][T17173] ? __pfx_futex_hash+0x10/0x10 [ 657.464836][T17173] ? get_pid_task+0xfc/0x250 [ 657.464863][T17173] ? get_pid_task+0xfc/0x250 [ 657.464886][T17173] ? futex_wait+0x11e/0x370 [ 657.464907][T17173] ? __pfx_futex_wait+0x10/0x10 [ 657.464932][T17173] ? rcu_read_lock_any_held+0x6a/0xa0 [ 657.464968][T17173] ? __x64_sys_futex+0x34f/0x4d0 [ 657.464985][T17173] ? __x64_sys_futex+0x358/0x4d0 [ 657.465004][T17173] ? xfd_validate_state+0x129/0x190 [ 657.465025][T17173] ? __x64_sys_bpf+0xce/0x140 [ 657.465040][T17173] __x64_sys_bpf+0xce/0x140 [ 657.465057][T17173] ? do_syscall_64+0x90/0x840 [ 657.465076][T17173] do_syscall_64+0x115/0x840 [ 657.465089][T17173] ? clear_bhb_loop+0x40/0x90 [ 657.465107][T17173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.465123][T17173] RIP: 0033:0x7f3c6ab9ce59 [ 657.465137][T17173] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 657.465152][T17173] RSP: 002b:00007f3c6badd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 657.465167][T17173] RAX: ffffffffffffffda RBX: 00007f3c6ae15fa0 RCX: 00007f3c6ab9ce59 [ 657.465177][T17173] RDX: 00000000000006f4 RSI: 0000200000000580 RDI: 0000000000000000 [ 657.465187][T17173] RBP: 00007f3c6ac32e6f R08: 0000000000000000 R09: 0000000000000000 [ 657.465196][T17173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.465205][T17173] R13: 00007f3c6ae16038 R14: 00007f3c6ae15fa0 R15: 00007fffd8311cf8 [ 657.465226][T17173] [ 658.170461][T17194] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2314'. [ 658.585452][T17179] Process accounting resumed [ 661.849699][T17236] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2325'. [ 662.691953][T17249] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2326'. [ 662.896214][T17249] vlan1: entered allmulticast mode [ 662.915391][T17249] veth0_vlan: entered allmulticast mode [ 665.830611][ T4943] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 665.838275][ T5630] Bluetooth: hci0: command 0x1003 tx timeout [ 666.460230][T17261] Process accounting paused [ 668.056034][T17320] input: f as /devices/virtual/input/input14 [ 668.507251][T17313] can: request_module (can-proto-0) failed. [ 669.037337][T17336] random: crng reseeded on system resumption [ 669.126262][T17337] hub 1-0:1.0: USB hub found [ 669.164467][T17337] hub 1-0:1.0: 1 port detected [ 670.829903][T17363] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 670.939181][T17325] Process accounting resumed [ 671.120708][T17367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2355'. [ 671.256738][T17368] Format for adding new device is "id port_count num_queues" (uint uint uint). [ 673.819475][T17417] input: f as /devices/virtual/input/input15 [ 678.286845][T17499] zswap: compressor not available [ 681.128862][T17556] FAULT_INJECTION: forcing a failure. [ 681.128862][T17556] name failslab, interval 1, probability 0, space 0, times 0 [ 681.169696][T17556] CPU: 0 UID: 0 PID: 17556 Comm: syz.0.2396 Tainted: G L syzkaller #0 PREEMPT(full) [ 681.169723][T17556] Tainted: [L]=SOFTLOCKUP [ 681.169729][T17556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 681.169738][T17556] Call Trace: [ 681.169745][T17556] [ 681.169752][T17556] dump_stack_lvl+0x100/0x190 [ 681.169777][T17556] should_fail_ex.cold+0x5/0xa [ 681.169798][T17556] ? __pfx_cgroup_show_path+0x10/0x10 [ 681.169821][T17556] should_failslab+0xc2/0x120 [ 681.169841][T17556] ? __pfx_cgroup_show_path+0x10/0x10 [ 681.169864][T17556] __kmalloc_cache_noprof+0x91/0x6c0 [ 681.169882][T17556] ? cgroup_show_path+0xb2/0x730 [ 681.169907][T17556] ? __pfx_cgroup_show_path+0x10/0x10 [ 681.169928][T17556] cgroup_show_path+0xb2/0x730 [ 681.169953][T17556] ? __pfx_cgroup_show_path+0x10/0x10 [ 681.169974][T17556] kernfs_sop_show_path+0xe9/0x160 [ 681.169995][T17556] ? __pfx_kernfs_sop_show_path+0x10/0x10 [ 681.170015][T17556] show_path+0x9e/0x100 [ 681.170034][T17556] show_mountinfo+0x1d8/0x820 [ 681.170050][T17556] ? __pfx_show_mountinfo+0x10/0x10 [ 681.170070][T17556] seq_read_iter+0xbce/0x1270 [ 681.170099][T17556] ? __pfx_seq_read_iter+0x10/0x10 [ 681.170122][T17556] vfs_read+0x82e/0xb40 [ 681.170138][T17556] ? __pfx_vfs_read+0x10/0x10 [ 681.170165][T17556] ksys_read+0x12a/0x250 [ 681.170178][T17556] ? __pfx_ksys_read+0x10/0x10 [ 681.170198][T17556] do_syscall_64+0x115/0x840 [ 681.170212][T17556] ? clear_bhb_loop+0x40/0x90 [ 681.170231][T17556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.170247][T17556] RIP: 0033:0x7f2c45b9ce59 [ 681.170262][T17556] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 681.170276][T17556] RSP: 002b:00007f2c46a72028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 681.170291][T17556] RAX: ffffffffffffffda RBX: 00007f2c45e15fa0 RCX: 00007f2c45b9ce59 [ 681.170301][T17556] RDX: 0000000000001036 RSI: 0000200000000040 RDI: 0000000000000003 [ 681.170310][T17556] RBP: 00007f2c45c32e6f R08: 0000000000000000 R09: 0000000000000000 [ 681.170319][T17556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 681.170328][T17556] R13: 00007f2c45e16038 R14: 00007f2c45e15fa0 R15: 00007ffe474136f8 [ 681.170348][T17556] [ 682.171330][T17587] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2404'. [ 683.650325][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 683.659059][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.306572][T17644] block2mtd: error: cannot open device  [ 686.700152][T17654] kernel profiling enabled (shift: 7) [ 687.479683][ T29] audit: type=1326 audit(4294967415.201:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17668 comm="syz.0.2421" exe="/root/ci-qemu-gce-upstream-auto/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2c45b9ce59 code=0x0 [ 687.799028][ T5630] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 687.814155][ T5630] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 687.822786][ T5630] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 687.844900][ T5630] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 687.852554][ T5630] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 688.713587][T17694] ================================================================== [ 688.713609][T17694] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 688.713717][T17694] Write of size 8 at addr ffffc90004a81180 by task syz.0.2424/17694 [ 688.713735][T17694] [ 688.713745][T17694] CPU: 0 UID: 0 PID: 17694 Comm: syz.0.2424 Tainted: G L syzkaller #0 PREEMPT(full) [ 688.713767][T17694] Tainted: [L]=SOFTLOCKUP [ 688.713772][T17694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 688.713782][T17694] Call Trace: [ 688.713787][T17694] [ 688.713794][T17694] dump_stack_lvl+0x100/0x190 [ 688.713812][T17694] print_report+0x13d/0x4b0 [ 688.713837][T17694] ? _raw_spin_lock_irqsave+0x52/0x60 [ 688.713902][T17694] ? sys_imageblit+0x19fb/0x1d60 [ 688.713920][T17694] kasan_report+0xdf/0x1c0 [ 688.713942][T17694] ? sys_imageblit+0x19fb/0x1d60 [ 688.713963][T17694] sys_imageblit+0x19fb/0x1d60 [ 688.713982][T17694] ? clockevents_program_event+0x1bf/0x820 [ 688.714001][T17694] ? __pfx_sys_imageblit+0x10/0x10 [ 688.714022][T17694] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 688.714101][T17694] soft_cursor+0x524/0xa10 [ 688.714118][T17694] ? fb_get_color_depth+0x120/0x250 [ 688.714165][T17694] bit_cursor+0xca1/0x1490 [ 688.714183][T17694] ? __pfx_bit_cursor+0x10/0x10 [ 688.714201][T17694] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 688.714222][T17694] ? get_color+0x1da/0x450 [ 688.714244][T17694] ? __pfx_bit_cursor+0x10/0x10 [ 688.714257][T17694] fbcon_cursor+0x43c/0x5e0 [ 688.714277][T17694] ? mark_lock+0x9c0/0xa20 [ 688.714300][T17694] hide_cursor+0x87/0x230 [ 688.714345][T17694] do_con_write+0x224c/0x4a30 [ 688.714366][T17694] ? __mutex_lock+0x26d/0x1bd0 [ 688.714381][T17694] ? __pfx___mutex_lock+0x10/0x10 [ 688.714395][T17694] ? do_raw_spin_lock+0x128/0x260 [ 688.714411][T17694] ? __pfx_do_con_write+0x10/0x10 [ 688.714433][T17694] con_write+0x23/0xb0 [ 688.714451][T17694] n_tty_write+0x431/0x1160 [ 688.714523][T17694] ? __pfx_n_tty_write+0x10/0x10 [ 688.714551][T17694] ? __kasan_kmalloc+0xaa/0xb0 [ 688.714570][T17694] ? __pfx_woken_wake_function+0x10/0x10 [ 688.714587][T17694] ? rcu_is_watching+0x12/0xc0 [ 688.714605][T17694] ? file_tty_write.isra.0+0x694/0x890 [ 688.714623][T17694] ? kfree+0x1e5/0x6c0 [ 688.714637][T17694] ? __pfx_n_tty_write+0x10/0x10 [ 688.714659][T17694] file_tty_write.isra.0+0x4d2/0x890 [ 688.714679][T17694] redirected_tty_write+0xd4/0x120 [ 688.714697][T17694] vfs_write+0x6ac/0x1050 [ 688.714711][T17694] ? __pfx_redirected_tty_write+0x10/0x10 [ 688.714731][T17694] ? __pfx_vfs_write+0x10/0x10 [ 688.714743][T17694] ? find_held_lock+0x2b/0x80 [ 688.714766][T17694] ksys_write+0x12a/0x250 [ 688.714779][T17694] ? __pfx_ksys_write+0x10/0x10 [ 688.714795][T17694] do_syscall_64+0x115/0x840 [ 688.714808][T17694] ? clear_bhb_loop+0x40/0x90 [ 688.714825][T17694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.714840][T17694] RIP: 0033:0x7f2c45b9ce59 [ 688.714854][T17694] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 688.714870][T17694] RSP: 002b:00007f2c46a72028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 688.714885][T17694] RAX: ffffffffffffffda RBX: 00007f2c45e15fa0 RCX: 00007f2c45b9ce59 [ 688.714896][T17694] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 688.714907][T17694] RBP: 00007f2c45c32e6f R08: 0000000000000000 R09: 0000000000000000 [ 688.714916][T17694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 688.714926][T17694] R13: 00007f2c45e16038 R14: 00007f2c45e15fa0 R15: 00007ffe474136f8 [ 688.714941][T17694] [ 688.714946][T17694] [ 688.714951][T17694] The buggy address belongs to a vmalloc virtual mapping [ 688.714963][T17694] Memory state around the buggy address: [ 688.714972][T17694] ffffc90004a81080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 688.714982][T17694] ffffc90004a81100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 688.714993][T17694] >ffffc90004a81180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 688.715001][T17694] ^ [ 688.715009][T17694] ffffc90004a81200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 688.715019][T17694] ffffc90004a81280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 688.715027][T17694] ================================================================== [ 688.718263][T17694] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 688.718285][T17694] CPU: 0 UID: 0 PID: 17694 Comm: syz.0.2424 Tainted: G L syzkaller #0 PREEMPT(full) [ 688.718309][T17694] Tainted: [L]=SOFTLOCKUP [ 688.718314][T17694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 688.718324][T17694] Call Trace: [ 688.718330][T17694] [ 688.718336][T17694] dump_stack_lvl+0x100/0x190 [ 688.718359][T17694] vpanic+0x552/0x970 [ 688.718374][T17694] ? __pfx_vpanic+0x10/0x10 [ 688.718390][T17694] ? sys_imageblit+0x19fb/0x1d60 [ 688.718409][T17694] panic+0xd1/0xe0 [ 688.718422][T17694] ? __pfx_panic+0x10/0x10 [ 688.718436][T17694] ? sys_imageblit+0x19fb/0x1d60 [ 688.718454][T17694] ? preempt_schedule_common+0x42/0xc0 [ 688.718478][T17694] check_panic_on_warn.cold+0x19/0x34 [ 688.718494][T17694] end_report.part.0+0x3a/0x90 [ 688.718515][T17694] kasan_report.cold+0xe/0x18 [ 688.718536][T17694] ? sys_imageblit+0x19fb/0x1d60 [ 688.718565][T17694] sys_imageblit+0x19fb/0x1d60 [ 688.718585][T17694] ? clockevents_program_event+0x1bf/0x820 [ 688.718606][T17694] ? __pfx_sys_imageblit+0x10/0x10 [ 688.718627][T17694] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 688.718653][T17694] soft_cursor+0x524/0xa10 [ 688.718669][T17694] ? fb_get_color_depth+0x120/0x250 [ 688.718692][T17694] bit_cursor+0xca1/0x1490 [ 688.718708][T17694] ? __pfx_bit_cursor+0x10/0x10 [ 688.718725][T17694] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 688.718747][T17694] ? get_color+0x1da/0x450 [ 688.718768][T17694] ? __pfx_bit_cursor+0x10/0x10 [ 688.718781][T17694] fbcon_cursor+0x43c/0x5e0 [ 688.718802][T17694] ? mark_lock+0x9c0/0xa20 [ 688.718827][T17694] hide_cursor+0x87/0x230 [ 688.718846][T17694] do_con_write+0x224c/0x4a30 [ 688.718866][T17694] ? __mutex_lock+0x26d/0x1bd0 [ 688.718884][T17694] ? __pfx___mutex_lock+0x10/0x10 [ 688.718898][T17694] ? do_raw_spin_lock+0x128/0x260 [ 688.718915][T17694] ? __pfx_do_con_write+0x10/0x10 [ 688.718937][T17694] con_write+0x23/0xb0 [ 688.718956][T17694] n_tty_write+0x431/0x1160 [ 688.718981][T17694] ? __pfx_n_tty_write+0x10/0x10 [ 688.719002][T17694] ? __kasan_kmalloc+0xaa/0xb0 [ 688.719021][T17694] ? __pfx_woken_wake_function+0x10/0x10 [ 688.719037][T17694] ? rcu_is_watching+0x12/0xc0 [ 688.719055][T17694] ? file_tty_write.isra.0+0x694/0x890 [ 688.719073][T17694] ? kfree+0x1e5/0x6c0 [ 688.719087][T17694] ? __pfx_n_tty_write+0x10/0x10 [ 688.719108][T17694] file_tty_write.isra.0+0x4d2/0x890 [ 688.719129][T17694] redirected_tty_write+0xd4/0x120 [ 688.719148][T17694] vfs_write+0x6ac/0x1050 [ 688.719162][T17694] ? __pfx_redirected_tty_write+0x10/0x10 [ 688.719182][T17694] ? __pfx_vfs_write+0x10/0x10 [ 688.719194][T17694] ? find_held_lock+0x2b/0x80 [ 688.719218][T17694] ksys_write+0x12a/0x250 [ 688.719231][T17694] ? __pfx_ksys_write+0x10/0x10 [ 688.719247][T17694] do_syscall_64+0x115/0x840 [ 688.719260][T17694] ? clear_bhb_loop+0x40/0x90 [ 688.719278][T17694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.719293][T17694] RIP: 0033:0x7f2c45b9ce59 [ 688.719306][T17694] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 688.719321][T17694] RSP: 002b:00007f2c46a72028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 688.719337][T17694] RAX: ffffffffffffffda RBX: 00007f2c45e15fa0 RCX: 00007f2c45b9ce59 [ 688.719348][T17694] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 688.719358][T17694] RBP: 00007f2c45c32e6f R08: 0000000000000000 R09: 0000000000000000 [ 688.719368][T17694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 688.719378][T17694] R13: 00007f2c45e16038 R14: 00007f2c45e15fa0 R15: 00007ffe474136f8 [ 688.719394][T17694] [ 688.719458][T17694] Kernel Offset: disabled