last executing test programs: 9.147505124s ago: executing program 1 (id=337): unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioperm$auto(0xaf, 0xe, 0x991b) memfd_create$auto(&(0x7f0000000040)='IPVS\x00', 0x7) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x20a00, 0x0) r1 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r1, 0x40186f40, 0x0) ioctl$auto_UBI_IOCDET(r1, 0x40046f41, 0x0) ioctl$auto_UBI_IOCDET(r1, 0x40046f41, 0x0) ioctl$auto_BLKGETNRZONES(0xffffffffffffffff, 0x80041285, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioprio_set$auto(0x3, 0x0, 0x4b34) sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, 0x0, 0x48010) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000cc0), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0xfffffffe, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) 8.01956021s ago: executing program 0 (id=340): mmap$auto(0x0, 0x420009, 0xfff, 0xeb1, 0x401, 0x7ffd) r0 = bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) pread64$auto(r4, 0x0, 0x2, 0x3) prctl$auto(0x3e, 0x4a, r1, 0x6, 0x80000001) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x2c, r6, 0x13, 0x70bd2c, 0x25dfdbdd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x1}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, r6, 0x1028, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x4}, @NL80211_ATTR_TIMED_OUT={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x8855}, 0x10) write$auto(r3, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\x97U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) ioctl$auto_FICLONERANGE(r5, 0x4020940d, 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) fanotify_mark$auto(0xffffffffffffffff, 0x9, 0x1000000009, r0, 0x0) open(0x0, 0x0, 0x408) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 7.914015351s ago: executing program 2 (id=341): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x8480, 0x0) read$auto_percpu_stats_fops_(r0, &(0x7f0000000080)=""/56, 0x38) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x189002, 0x0) socket(0xa, 0x3, 0x3b) connect$auto(0x3, 0x0, 0x58) io_submit$auto(0x2, 0x7f, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x10001) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x2d41, 0x0) writev$auto(r2, &(0x7f0000000240)={0x0, 0x7}, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x8000000) mkdir$auto(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x8cd) r3 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/dri/vkms/internal_clients\x00', 0x101402, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r3, &(0x7f0000000240)=""/194, 0xc2) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r4 = socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x3f, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x2, &(0x7f0000000080)='+\x00\xc04\x95\x96XD\x11T\x11\xac@\xb9\'\xa8\x99\xf6\x99\xad\xa2w\xd55\xea|-&\v\xa9\xc5\xb1\xc6\n\xb0{\xe8', &(0x7f0000000100), 0xee01) 7.698304541s ago: executing program 1 (id=342): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0xfffffffffffffffd, 0x810004, 0xe, 0x8000000008011, r0, 0x4) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) read$auto_uinput_fops_uinput(r1, &(0x7f0000000140)=""/252, 0xfc) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x50040, 0x0) mremap$auto(0x0, 0xbfffffffffffffff, 0x401, 0x0, 0x4) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000007c0)={0x20, r3, 0xb01, 0x70bd24, 0x25dfdbfc, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, 0x7}]}, 0x20}, 0x1, 0x0, 0x0, 0x8041}, 0x4000080) preadv2$auto(r0, 0x0, 0x6, 0x3, 0x4, 0x2a) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r4, 0x8000) mprotect$auto(0x1000, 0x401000, 0x4) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0) r5 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000080), 0x141501, 0x0) write$auto_split_huge_pages_fops_huge_memory(r5, &(0x7f0000000100)='1\x00'/11, 0xb) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) mmap$auto(0x6, 0x2020009, 0x3, 0xeb0, 0xfffffffffffffffa, 0x8000) 6.790699174s ago: executing program 2 (id=343): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2401, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x4d, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r0, 0x540a, 0x0) socket(0xa, 0x5, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/ip6_mr_cache\x00', 0x1900, 0x0) pread64$auto(r1, 0x0, 0xe, 0x100000000007) timer_create$auto(0x0, 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/blkio.bfq.time_recursive\x00', 0x182b02, 0x0) sendfile$auto(r2, r2, 0x0, 0x3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x7, 0x1, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x10, &(0x7f0000000180)={0x7, 0x1, 0xb9, 0xd, 0x18da, 0x3, r0, [0x6, 0x7, 0x2], {0xff, 0x1ffe00, 0x75, 0x6, 0x2, 0x800, 0xf, 0x7db, 0x8}, {0x7, 0x80000000, 0xa99, 0x8001, 0x4, 0x7, 0x3, 0x9, 0x6}}) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) 6.340742415s ago: executing program 3 (id=344): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8001) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) select$auto(0x7, 0x0, &(0x7f0000000000)={[0x209c, 0x40, 0x8, 0x19, 0xffffffffffffeff7, 0x47, 0xc, 0x200000f, 0x0, 0x0, 0x12, 0xd59, 0x100000000101, 0x9b, 0x2, 0xffffffffffffffff]}, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0x9, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x403c6f2b, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rt_acct\x00', 0x840, 0x0) r1 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) open_by_handle_at$auto(r1, &(0x7f0000000040)={0x8, 0x2, '\v\x00\x00\x00\x00\x00\x00\x00'}, 0x3ffff) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) readv$auto(0x3, &(0x7f0000000040)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x100000000000029, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000080)='/proc/softirqs\x00', 0x682, 0x0) 6.220473346s ago: executing program 0 (id=345): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x0) socket(0xa, 0x801, 0x106) socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x0, 0x2, 0x0, 0x3) read$auto_stats_fops_(0xffffffffffffffff, 0x0, 0x0) socket(0x11, 0x3, 0x9) mmap$auto(0x0, 0x40009, 0x6, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0xc, 0x940, 0x1ffde, 0x7, 0x6, 0x3ff, 0x9, 0x1, 0x2, 0x7, 0x9, 0x8, 0x8, 0x407, 0x5, 0x7, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xe3a]}, 0x400, 0x81) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), 0xffffffffffffffff) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgid(r0) waitid$auto_P_PGID(0x2, r1, 0x0, 0x6, 0x0) sendmsg$auto_TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={0x0, 0x1e4}, 0x1, 0x0, 0x0, 0x800}, 0x20000800) sched_setscheduler$auto(r1, 0x5, &(0x7f00000000c0)={0x7}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000840)=""/41, 0x29) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) 5.587950228s ago: executing program 3 (id=346): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:03.0/resource1\x00', 0x440, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/0000:00:03.0/resource0\x00', 0x103000, 0x0) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x1}, 0x9) mmap$auto(0x0, 0x3, 0x1000000000001, 0x11, r1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) kexec_load$auto(0x0, 0x2, 0x0, 0x1000000000004) r3 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r3, 0x0, 0x7, 0x4cbd5d) rename$auto(&(0x7f0000000480)='./file0\x00', &(0x7f0000000100)='./file1\x00') ioctl$auto_SW_SYNC_GET_DEADLINE(r0, 0xc0105702, &(0x7f0000000080)={0x5, 0x0, r2}) getcwd$auto(0x0, 0xffffffffffffffff) rename$auto(&(0x7f0000000280)='./file1\x00', 0x0) rename$auto(0x0, &(0x7f0000000100)='./file1\x00') socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) 4.131953809s ago: executing program 2 (id=347): socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18) openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)={0x34, r3, 0x1, 0x703d25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x14, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}, @nested={0x4, 0x89}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x8880) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x10, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x6, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x8, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x104000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x200000000002, 0x0, 0x10, 0xfffffffffffffffe, 0x3563, 0x7fffffff, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) close_range$auto(0x0, 0x5, 0x0) r4 = bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_fd=r4, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x2000000000000000, 0x1, 0x4}}, 0x92) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r5 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) 3.981113069s ago: executing program 0 (id=348): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x582, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000001240), 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) pkey_mprotect$auto(0x100000000, 0x9, 0x6, 0x80000000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000600)={{&(0x7f0000000400)="5cdd59f1a68d086a02a2cc1399c7b3f7410eb36cfbec7e7224eaf6de379d09771080b197b8057225ffa98bc9a7bd53a5aee9a2d48d74d149c199be3009d2d61af64942e106e9b586aabcd7ae4de8a0e87e02af7f6af674c2fc8d8a8a78916f9c23e6b8a8be7141ae87f2996f079bfcbadc2ef4a6a3e894ba7dd3d9f11bd4d05558df32f9eeb4fda5e29576787e2ced58e35355c37e1ff8a11d36a067d362a37323c582eee83ea4cc9e7f", 0x6, &(0x7f0000000540)={&(0x7f00000004c0)="35a4988620ed7f4ab66aa8948d2c0530bb25f6057ba29add8bbc1d2db5f8682804b365a0d809d366e189194941627ddf76d73565a6133f661519a99780edab37135a9058cfbea6f19ec9ad30287159ec1c6afd59583911a5239ff895b0871d32f098c6cfdef0b944fe"}, 0x2, &(0x7f0000000580)="6ea0838008f497d022b78e5e7eb7c80c499b948523cfff8c50f12ebc124c316e0b644f39bb8b55a743fb004e0ed1aec82d0b82794ab3801ad7705749f562a3d87256f1ec7ebea9a0fd16decd422f095cc3abfc2c4e", 0x4, 0xc7b}, 0xfffffffe}, 0x6, 0x2) 3.591423463s ago: executing program 3 (id=349): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4005, 0xb, 0x40eb2, 0x401, 0x300000000000) bind$auto(0x3, &(0x7f0000000040)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x1, 0x1}}, 0x6a) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unshare$auto(0x40000080) rt_sigpending$auto(0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0) r2 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r2, 0x0, 0x40) madvise$auto(0x0, 0xffffffffffff0005, 0x17) ioctl$auto_USBDEVFS_SUBMITURB32(0xffffffffffffffff, 0x802c550a, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4068aea3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_KVM_GET_MSRS(r1, 0x4068aea3, &(0x7f0000000040)={0x80, 0x100000}) 3.50229626s ago: executing program 2 (id=350): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) setreuid$auto(0xee01, 0x0) keyctl$auto(0x4, 0xfffff7ffffffffff, 0x0, 0x0, 0x9) read$auto(r1, 0x0, 0x20) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto_BPF_PROG_ATTACH(0x8, &(0x7f0000000100)=@bpf_attr_1={r0, 0x9, @next_key=0x7f, 0x9}, 0x3) r2 = socketpair$auto(0x9, 0x2, 0x8000000000000000, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x8) settimeofday$auto(&(0x7f0000000180)={0x100000001, 0x1}, 0x0) epoll_ctl$auto(r1, 0x7fffffff, r2, &(0x7f0000000040)={0xfffffffb, 0x40}) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unshare$auto(0x40000080) unshare$auto(0x40000080) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x8) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5) socket(0x1, 0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) semtimedop$auto(0x8000000b, 0x0, 0x3, 0x0) 2.767758696s ago: executing program 1 (id=351): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x0) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time\x00') mmap$auto(0x4, 0x400008, 0xa, 0x9b72, 0xffffffffffffffff, 0x0) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r1 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x1a3) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) accept$auto(0xffffffffffffffff, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, 0x0, 0x40, 0x0) 2.620166795s ago: executing program 0 (id=352): mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x5, 0x0) capset$auto(0x0, 0x0) setsockopt$auto(0x3, 0x0, 0x21, 0x0, 0x28) bpf$auto_BPF_OBJ_GET(0x7, &(0x7f0000000000)=@batch={0xe96, 0x7, 0x5, 0x5, 0x9, 0xffffffffffffffff, 0x1}, 0xfffffff9) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x40, r2, 0x419, 0x2070bd22, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_UPCALL_PID={0x8}, @OVS_DP_ATTR_NAME={0xd, 0x1, '&#$@\\]\\-\x00'}, @OVS_DP_ATTR_NAME={0xc, 0x1, '@*%!@,@\x00'}]}, 0x40}, 0x1, 0x300, 0x0, 0x2004c011}, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000426bd7000fedbdf250200000008002700040000000a001800aa"], 0x28}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000) r3 = bpf$auto(0x12, &(0x7f0000000040)=@enable_stats={0x1}, 0x26) r4 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000280)='ns/pid_for_children\x00') socket(0x2c, 0x3, 0x0) r5 = socket(0x10, 0x2, 0x4) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00'}) sendmsg$auto_NFSD_CMD_THREADS_SET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="0c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x200400c4}, 0x4830) write$auto(r5, &(0x7f0000000000)='-\x00', 0x1d30) ioctl$NS_GET_PARENT(r4, 0xb702, 0x0) write$auto_bm_register_operations_binfmt_misc(r3, &(0x7f0000000180)="1a651c238dcc3779d59864e0dc4e7bca239b9ff2b4c6e0ecd8b022d5578c8ec92a1ed4eb3f41382db678be29289eb35b63a052986eb5d881b104af3667cf4fc725828c5313d60a83bacb0f5f0d39629a43", 0x51) 2.408540676s ago: executing program 1 (id=353): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x16b7c2, 0x0) unshare$auto(0x40000080) ioctl$auto(0xc8, 0x400454cb, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x602, 0x1) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mremap$auto(0x1ffffc, 0x7, 0x3fd6, 0x3, 0x20000004) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) poll$auto(0x0, 0x7f, 0x9) openat$auto_fops_atomic_t_ro_(0xffffffffffffff9c, 0x0, 0x80, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000d9, 0xeb1, 0x401, 0xfffffffffffffff7) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x10001) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000240)={0x0, 0x7}, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(r0, 0x8, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x80000002) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab83, 0x0) ioctl$auto_KVM_GET_EMULATED_CPUID(r3, 0xc008ae09, &(0x7f0000000340)={0x4}) sysfs$auto(0x2, 0x3e, 0x0) close_range$auto(0x0, 0x5, 0x0) unshare$auto(0x40000080) 2.220642867s ago: executing program 0 (id=354): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x2, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101c81, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0x800, 0x85fc) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xc01, 0x1, 0x6d, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r2, 0x5437, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x7, 0x0, [{0x40000023, 0x2, 0x6}]}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000040), r4) sendmsg$auto_WG_CMD_SET_DEVICE(r4, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010028bd700003dcdf25010000000800050001000000140002007767300000000000000000000000000022cda33a8c785d168923573f"], 0x30}}, 0xc0) 1.715560689s ago: executing program 0 (id=355): bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x5}, 0xef) r1 = openat$auto_generic(0xffffffffffffff9c, 0x0, 0x301483, 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) sendmsg$auto_NL80211_CMD_CONNECT(r1, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0xc090) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) futex$auto(0x0, 0x88, 0x7, 0x0, 0x0, 0x5) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x5, 0xfffffffd) fcntl$auto_F_NOTIFY(0xffffffffffffffff, 0x402, 0x9000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) fsopen$auto(0x0, 0x1) prctl$auto(0x38, 0x3, r0, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) unshare$auto(0x2000000000000003) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/mcfilter\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff) read$auto_proc_pagemap_operations_internal(r5, &(0x7f0000001540)=""/209, 0xd1) 1.292623802s ago: executing program 3 (id=356): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000780), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_SAR_SPECS(r0, &(0x7f0000000880)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x68, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x9}, @NL80211_ATTR_WDEV={0xc}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x5}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_HE_CAPABILITY={0x20, 0x10d, "60e4d28657e65a586cee8354d77c99163433c6b18e8ea0b3611ab51d"}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x75bb}, @NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0xe}, @NL80211_ATTR_CONTROL_PORT={0x4}]}, 0x68}, 0x1, 0x0, 0x0, 0x24044040}, 0x4000084) r2 = getsockopt$auto(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x80000000008000) close_range$auto(0x2, 0xa, 0x0) r3 = socket(0x80000000000000a, 0x2, 0x0) r4 = socket(0x2, 0x5, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) syz_open_procfs$namespace(0x0, 0x0) r5 = getsockopt$auto(r4, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) r6 = syz_genetlink_get_family_id$auto_seg6(&(0x7f00000000c0), r3) shmctl$auto_SHM_STAT(0x5, 0xd, &(0x7f00000002c0)={{0xde, 0x0, 0xee00, 0x7, 0x6000, 0x2, 0x1}, 0xb, 0x5, 0xe020, 0xb, @inferred, @inferred=0xffffffffffffffff, 0x2eb3, 0x0, &(0x7f0000000100)="a56e86e39a3f80b93f8849ab1b59772242599eca68ffe5", &(0x7f0000000140)="9171684bb188010025c9cc3300355e64435aa7c65cafaa5579ff66f7b9a779b4d260f67cc5b7b784bae88f1f7e2d0ee8c11c8f645adcb4aacadc39bf10f354ed410ff245f6f01ad5e159f79e6a96f76711686a54fc4cbbfe37247116a90682504926edd3c95c80d4e10a51d673add758cb39edb4c993a48305c63b33a5011e326fa4205912dbd1f52e3066c8e8e4a5ad09f29fdba089666b250d2af47977b96f40796ec6ab0dac5aba6b74614a3806464e627d894068ce8a779753623c3635f7512dbbcf1a10def337eb1517a4a241c733b616ea68ee61ab87d0e4d17ccf17b3ed9a"}) r8 = getpid() r9 = gettid() rt_tgsigqueueinfo$auto(r8, r9, 0x21, &(0x7f0000000400)={@siginfo_0_0={0x3, 0x1c51, 0xfffffffe, @_kill={r8}}}) shmctl$auto_IPC_SET(0x100, 0x1, &(0x7f0000000440)={{0xf5, 0xee00, 0xffffffffffffffff, 0xca2, 0x2a, 0x7, 0xa}, 0x3, 0x4ba2, 0x1ff, 0x9, @inferred, @raw=0x5, 0xc, 0x0, &(0x7f0000000340)="3e399ccf59877cebe299ef69", &(0x7f0000000380)="71bab71f6155b04f0deed38b3b8211e5cf59fa6a6acb268d4c9a0fe77249d93ff5a84779fa44af42d3e99985e96fee037b11669743a59600aa66619a7ae99e92b84dcd6ec074ddc258b59ad86488d1bfe665966c88070fc0d337245bb65cd12ee1f63db5a20931c3072a848f42da4b7e73a9e50326c36e0c365a4483edff13571794a8c296dd8dca9d98d711bc1b148594835f15986b28c22421c16d42be446833871e96453b4ace3ea1e3"}) sendmsg$auto_SEG6_CMD_GET_TUNSRC(r5, &(0x7f0000000740)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000700)={&(0x7f00000004c0)={0x220, r6, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x5a0f}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x3}, @SEG6_ATTR_HMACINFO={0xd8, 0x7, 0x0, 0x1, [@typed={0x8, 0xea, 0x0, 0x0, @u32=0x7}, @generic="188b3819dc38e9c6ae4ad56cc92da43bc33f0404d2dab63fd0d9ff236c44f9f4ed750fe1df4416b426512feaa09f85a6598f8cd84ea16185ccf9920bea6ef35c816074f51977a4a54c678631b824142ef0291ea5541cc35605c223e2257e81a50a9e2f08a551bf16425e0a5d627cd4b4631c23ddb334375de6cee48b9c4bfb15ad4f901e50b1ae0da6261f42aae176f8dd2604a79727045160466bfab49533489df8529526dd63b1534ca674bd3329bb1a0c2c0d469ec1f8eb23eb5f", @typed={0x8, 0x14, 0x0, 0x0, @uid=r7}, @typed={0x8, 0xa6, 0x0, 0x0, @fd=r2}]}, @SEG6_ATTR_DST={0x14, 0x1, @local}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xe}, @SEG6_ATTR_DST={0x14, 0x1, @remote}, @SEG6_ATTR_HMACINFO={0xda, 0x7, 0x0, 0x1, [@nested={0x4, 0x11}, @typed={0x8, 0xe, 0x0, 0x0, @pid=r8}, @typed={0xd, 0x17, 0x0, 0x0, @binary="8f11204b8f2fb87c3d"}, @generic="5de9ae8e2212412d00d73da351cc831994036091cccd1fbb4ed2dbf085bfdd8250f19b89ae2a55bf550358d8f4c84ed948f5361b39dcc2ab6bb039a556bad5b6a0d2b560b528fb80c0453e66327925f85ae885168dc7adda94e1776fca79c36769f1b9fea0ba1873bf555c955f08b82fade2e24998288e4bf0b9e29587b6c0851603169e12a1cc193873d2170ced816a0e43709a6f2e9102de874bd122a36d82aac19296efe014bd56fdcfdf03f96db072c3", @typed={0x8, 0x12b, 0x0, 0x0, @uid=r10}]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x9}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}]}, 0x220}, 0x1, 0x0, 0x0, 0x20040800}, 0x4008010) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) 984.350447ms ago: executing program 2 (id=357): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x10001) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x2) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x4, 0x0, 0x1) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) r3 = gettid() openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x63102, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x204880, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x5) kill$auto(r3, 0x11) ioctl$auto_CEC_ADAP_G_CAPS(0xffffffffffffffff, 0xc04c6100, 0x0) ioctl$auto(r2, 0x5522, 0xf15) ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, 0x0) 867.843404ms ago: executing program 3 (id=358): r0 = ioctl$auto_TUNSETLINK(0xffffffffffffffff, 0x400454cd, &(0x7f0000000000)=0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x30, r3, 0x1, 0x74bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5, 0xc, 0x89}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH={0x8, 0x14, 0xd}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008801}, 0x20000000) r5 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x2000, 0x0) ioctl$auto(r5, 0x961064a0, 0x600000000200007) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vlan1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth0_virt_wifi\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'caif0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'dummy0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'veth1_to_bond\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_PHY_GET(r0, &(0x7f0000000740)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000700)={&(0x7f00000005c0)={0x114, r3, 0x20, 0x70bd27, 0x25dfdbfb, {}, [@ETHTOOL_A_PHY_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x10000}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}, @ETHTOOL_A_PHY_HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xb}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @ETHTOOL_A_PHY_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xfff}]}, @ETHTOOL_A_PHY_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x10001}]}, @ETHTOOL_A_PHY_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x10}]}, @ETHTOOL_A_PHY_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x40094}, 0x40000) r11 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000400), 0xffffffffffffffff) r12 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x109100, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r12, 0xc0385720, &(0x7f0000000240)={0x1, "77947a0f", 0x9, 0x2, 0x7ff, 0x1bb8, "d00f5322a8e93a161984686708c98cd7"}) r13 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ifb0/flags\x00', 0xb02, 0x0) getsockopt$auto(r1, 0x7f, 0x0, &(0x7f0000000780)='/dev/dri/card0\x00', &(0x7f00000007c0)=0x9) sendfile$auto(r13, r13, 0x0, 0x3) sendmmsg$auto(r0, &(0x7f0000000440)={{&(0x7f0000000040)="f61e798bb3cd838a7e55432cd0b5443fb6aa2ff5097a0a3ddf21c9137bc5b34a7b71dfffc72afa1da9f6916b7954de179b93c614bf3a84cf9569604a654ec79555ad49126c248f775a4f7229e46a3d92f9d2fbf57d0b5ab8ebb1e1d67042e63492de64b18ae95596b89ce23f11fb61c1748af09e5aea9a01a4c8b2174c14eeb9", 0xd3, &(0x7f0000000240)={&(0x7f0000000480)="9290a823d89787ca7c6fcf33a0eca0492eda7b5eb1f3bfa73c01b024d0a512ec57bc8cb1f2f7e7480037ae42cb0fab0b4fb05aed42e60a04000000000000007570cf145b427ff5eb3d50eefa972d2b4e68edcd089572fd5306307914a730869175aae1b5c638857021cd1b347db8bdaa0fea318096f55ad2cf3154d60ea7701e669a0e6e7ef0be83b8dd3df3b1e1d34f351b211fda936a31a2be950e758923883e5e95d53fa4a0c38bea5e4f89b0ef485ac3d94d6563857fdc5d5e51248511caa8735766bc6ffe24ea97468ac9f255bd757d73a6e9c6b50652d651623c9b1c247d99903a0d7ce5638b2a88c53bc21f883e1ffc29f2", 0x8}, 0x175, &(0x7f0000000340)="9b5eb6986c724bdfaec3daafe712fbe40e919db4543ba617e84ea6940d9e6e446e5a9afd7ab8ed40d60a74f6c1578b47574cb5e97a6590d5a14cd7db1ed0fdb95d3ec20e8842ac06f1bd85b86460b05272ed3db3ec941bdbbbe135c4cd28731a475ba613ae7a1d8f39717046fb9dc337cd0b8e977c65e03c1c1fb715c91c2488bb46d62b8fbc", 0x2, 0x1}, 0x2bd70}, 0x7, 0x5) sendmsg$auto_NL802154_CMD_GET_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)={0x14, r11, 0x305, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4004010}, 0x4040008) 825.505508ms ago: executing program 1 (id=359): mmap$auto(0x0, 0x20009, 0x7ff, 0x40000000000eb1, 0x401, 0x8000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000080)='/dev/binderfs/binder1\x00', 0x80001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/stable_node_chains_prune_millisecs\x00', 0x82942, 0x0) openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Virtual-1/edid_override\x00', 0x2082, 0x0) mmap$auto(0x1af4, 0x1004020005, 0x8, 0xeb1, 0x401, 0x40007fff) write$auto(0xca, 0x0, 0x7f) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) bpf$auto(0x1, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x8000, 0xf9c, 0x466, 0x9, 0x3, 0x4, 0x6, 0x4, 0x200, 0x100, 0xb6, 0x4, 0x6, 0x3}, 0xa3) socket(0x2, 0x80802, 0x0) socket(0xa, 0x3, 0x3b) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_WG_CMD_GET_DEVICE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x400c810}, 0x200448c0) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) 314.544452ms ago: executing program 1 (id=360): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) getsockopt$auto(0x100000006, 0x0, 0x16, 0xfffffffffffffffe, 0x0) mmap$auto(0x0, 0x446be6e8, 0x16, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = eventfd$auto(0x4) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d1, 0x1, 0x0, 0x6, 0x2) prctl$auto(0x5, 0x3, 0x7fffffffefff, 0x0, 0x0) ioctl$auto_BINDER_GET_FROZEN_INFO(r0, 0xc00c620f, &(0x7f00000002c0)="c9afeb24bfea7f787b7aa474937ba1e0ab0eb5d02d7f51b2bbedf5f2843d641ea4fc972ab7829b094e65331d") syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000000c0), r0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) lsetxattr$auto(&(0x7f0000000d40)='./file0\x00', &(0x7f0000000040)='security.caility\xf6\x06\xa1\xcd\xd3<\x81\a(\xa2\b\xff\xff\xf0\xff\xff\xf0\x00E2k\x19{\xd4\xf2\xdf\x80\x9c\x87\x86\xde20\x8e\x1cN\xd40\xd3Z\xf3K\x98vW\x7f\x94Z\x0e>\x85S&\xe5\x96\xce\xf15\xb3v\xa8R\x05\x94\x8c\x1df\x11\xbd\xd0\x7fu\xc7{\xe1\xff\xff\xc4\xbb\x17\xd5\xee\xd8\x143\xed\xc4|\xd3\f\x05\f\x95\xce\xbf9\xc8\xf1m\x96\xa3\xc0\xf2]\xabq\t\x91\xe69\x8b\x02\x89\xed`\xb4\xcb\xb3O\x97X\xe3\xd0j\xa5\xd0\x9e*\xf9|\xd9\xc2\xf4X\xc9[\xfa\xcf\xa3\xeb\x05EOgaA\xb1@f\x93F0\x8cR\xc5\xb6\x16\xfa\xe7\x13\x00\x02\xf4\x80\xe3\xd2\xf4MP\x87vB\xefJ\xeb\xb3\\\x88\x18` \xca\x8faI\x89\xb6\x91\x1ae\xd2\xad\xbe\xb3\xe6\bX]\xd7\x81.\xd2\xed\xc4\x9f\xb5~\xb4\xc6^\x97\xc3\xa2\x16\x99\xfc\x00_\xe6\xb0G\xe91\xb4+2\x93\n9 EU\x1e\xb4\xbeVt\x89\xf9\xc7\xe1`4O\x00\x00\x00\x00\xa5\xe0\xf5\xb2\x00\x00t\x10\"\x15\xbc\xdb\x92\xff\xa7\xe1Vv\xe5*\xc5\xe1r\xf5\xa4Cw\x1c/?\xbcn\xe3\x8aX\xfc\xe9,\xca,9\xda\xad\x87\xb1\xb2\xff#\xa1Yi\xd3\x17l6\xa0\xd8\x1b\xad8\a\xfc%\xa6(\xcb\x97(\x16\x81\xbf\xc6\xdbw\x13!\xc9\xc6\xc3\xfbc\xfe\x83\xcd\x16 e\xcd\x91y@\xe2\xd8{\xec\xbb\xbb\x1d5\t\xed>\xa9&\xce\xfc\xab[\xae\xa1\x94\b\xcc/-\x12\x8d\x84K\xf0\xd0\x0f\x13)\x17CI\xb7\xf35\xfc\xe8(\xfa\t2\xafQ8}\xd8\xbb\xe4nlR\xf8\xc9\xf2\xa3\xe5\x83\r\t\xb96d\xd6\x1e\xbd*\xa4\xc9\xcbE2\xe9\x81\xc3\xc3\x8a\x15\xcb\xf2\x03\x00\x00\x00\x00\x00\x00\x00!dJ+\xd2\x01#v\xd8BgB`\x8alP\r\x04\xce\x04$\xaa\x00\xb6\xdb6-0>\xb3u\xd4\xdb\xd8~\xb0\f\xd0\xa9\x9e\xa0\xc7\xf7\'\x8d\xab\xae\x035\xa8f\xe5\xfe\xfc\xc0\xb1rR\xae54\x13\x1c8=\x92\xc3=w\x89\xbb\xfb)\x94p\xc18`G', &(0x7f0000001340), 0x2, 0x0) sendmsg$auto_TIPC_NL_MEDIA_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[], 0xe8}, 0x1, 0x0, 0x0, 0x40000}, 0x48040) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, 0x0, 0x90141, 0x0) unshare$auto(0x40000080) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000040), 0x7111}, 0x8) 311.732048ms ago: executing program 2 (id=361): unshare$auto(0x40000080) r0 = socket(0x2, 0x5, 0x0) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0x9}, 0xf}, 0xd, 0xffffffff) connect$auto(0x3, 0x0, 0x6) setsockopt$auto(0x3, 0x10000000084, 0x1, 0x0, 0x8) mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r1 = socket(0xa, 0x3, 0x6) getsockopt$auto(r1, 0x40000000029, 0x50, 0xfffffffffffffffe, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xa200, 0x0) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x81, 0xffffffffffffffff, 0x2, 0x8}, 0x100000cf) sendmmsg$auto(r2, 0x0, 0x4, 0x4008) r3 = socket(0x29, 0x2, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r4, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r3, 0x89f2, 0x24) 0s ago: executing program 3 (id=362): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) pread64$auto(r0, &(0x7f0000000340)='/proc/Nes\x00'/22, 0x100000001, 0x100) r1 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$auto_BCH_IOCTL_QUERY_ACCOUNTING(r1, 0x4020bc15, &(0x7f0000000100)={0x9, 0xffff, 0x0, 0x9, 0x3, [{@k_i={{}, {0x48, 0x8, 0x1, 0x0, 0x0, {0x4, 0x1}, 0x5, {0x0, 0xfff, 0xffffffff}}}}]}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r3, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32"], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) r4 = openat$auto_force_wakeup_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/hci2/force_wakeup\x00', 0x8742, 0x0) write$auto_force_wakeup_fops_hci_vhci(r4, &(0x7f0000000080), 0x0) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000680), r2) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'macsec0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth1_to_batadv\x00'}) bpf$auto(0xfffffffd, 0x0, 0x6f4) clone$auto(0x80000000, 0x1ff, &(0x7f00000004c0)=0xd5b, &(0x7f0000000500)=0xffff5340, 0x1) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0xd0}, 0x4008004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.30' (ED25519) to the list of known hosts. [ 90.804656][ T5620] cgroup: Unknown subsys name 'net' [ 90.881227][ T5620] cgroup: Unknown subsys name 'cpuset' [ 90.891172][ T5620] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.948403][ T5620] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 95.062830][ T5633] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 95.072333][ T5633] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 95.080610][ T5633] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 95.089842][ T5633] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 95.097781][ T5633] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 95.221502][ T5633] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 95.231000][ T5633] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 95.243235][ T5633] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 95.253678][ T5633] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 95.264050][ T5633] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 95.287113][ T5642] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 95.297828][ T5642] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 95.312989][ T5642] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 95.325311][ T4951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.334265][ T4951] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 95.344109][ T4951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.352426][ T4951] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 95.362251][ T4951] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 95.382552][ T5633] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.400633][ T4951] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.010947][ T5637] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.018315][ T5637] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.025579][ T5637] bridge_slave_0: entered allmulticast mode [ 97.034021][ T5637] bridge_slave_0: entered promiscuous mode [ 97.073088][ T5637] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.080465][ T5637] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.087821][ T5637] bridge_slave_1: entered allmulticast mode [ 97.095169][ T5637] bridge_slave_1: entered promiscuous mode [ 97.158316][ T5642] Bluetooth: hci0: command tx timeout [ 97.170486][ T24] cfg80211: failed to load regulatory.db [ 97.230026][ T5631] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.237869][ T5631] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.245154][ T5631] bridge_slave_0: entered allmulticast mode [ 97.253280][ T5631] bridge_slave_0: entered promiscuous mode [ 97.264077][ T5637] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.276877][ T5637] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.320648][ T5631] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.328448][ T5642] Bluetooth: hci1: command tx timeout [ 97.335175][ T5631] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.343506][ T5631] bridge_slave_1: entered allmulticast mode [ 97.351609][ T5631] bridge_slave_1: entered promiscuous mode [ 97.388784][ T5641] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.396893][ T5642] Bluetooth: hci2: command tx timeout [ 97.403324][ T5641] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.410969][ T5641] bridge_slave_0: entered allmulticast mode [ 97.418646][ T5641] bridge_slave_0: entered promiscuous mode [ 97.447870][ T5637] team0: Port device team_slave_0 added [ 97.453739][ T5641] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.461311][ T5641] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.468798][ T5641] bridge_slave_1: entered allmulticast mode [ 97.476082][ T5641] bridge_slave_1: entered promiscuous mode [ 97.486903][ T5642] Bluetooth: hci3: command tx timeout [ 97.501799][ T5631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.513865][ T5637] team0: Port device team_slave_1 added [ 97.556160][ T5631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.599696][ T5638] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.607117][ T5638] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.614317][ T5638] bridge_slave_0: entered allmulticast mode [ 97.621936][ T5638] bridge_slave_0: entered promiscuous mode [ 97.643377][ T5637] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.650423][ T5637] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.676689][ T5637] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.691643][ T5641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.704194][ T5641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.713525][ T5638] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.721331][ T5638] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.728677][ T5638] bridge_slave_1: entered allmulticast mode [ 97.736112][ T5638] bridge_slave_1: entered promiscuous mode [ 97.749999][ T5631] team0: Port device team_slave_0 added [ 97.756320][ T5637] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.763511][ T5637] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.789517][ T5637] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.824802][ T5631] team0: Port device team_slave_1 added [ 97.893486][ T5641] team0: Port device team_slave_0 added [ 97.902178][ T5638] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.912521][ T5631] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.920060][ T5631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.946064][ T5631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.971890][ T5641] team0: Port device team_slave_1 added [ 97.979839][ T5638] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.989826][ T5631] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.996868][ T5631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.022934][ T5631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.114514][ T5637] hsr_slave_0: entered promiscuous mode [ 98.121488][ T5637] hsr_slave_1: entered promiscuous mode [ 98.129563][ T5641] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.136609][ T5641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.162700][ T5641] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.176041][ T5638] team0: Port device team_slave_0 added [ 98.197974][ T5641] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.205026][ T5641] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.231040][ T5641] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.244203][ T5638] team0: Port device team_slave_1 added [ 98.298319][ T5631] hsr_slave_0: entered promiscuous mode [ 98.304997][ T5631] hsr_slave_1: entered promiscuous mode [ 98.311461][ T5631] debugfs: 'hsr0' already exists in 'hsr' [ 98.317313][ T5631] Cannot create hsr debugfs directory [ 98.367076][ T5638] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.374149][ T5638] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.400344][ T5638] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.443132][ T5638] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.450228][ T5638] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.476479][ T5638] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.540288][ T5641] hsr_slave_0: entered promiscuous mode [ 98.547483][ T5641] hsr_slave_1: entered promiscuous mode [ 98.553672][ T5641] debugfs: 'hsr0' already exists in 'hsr' [ 98.559717][ T5641] Cannot create hsr debugfs directory [ 98.688992][ T5638] hsr_slave_0: entered promiscuous mode [ 98.695417][ T5638] hsr_slave_1: entered promiscuous mode [ 98.701889][ T5638] debugfs: 'hsr0' already exists in 'hsr' [ 98.707926][ T5638] Cannot create hsr debugfs directory [ 99.026515][ T5637] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 99.047482][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 99.070588][ T5637] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 99.082172][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 99.090398][ T5637] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 99.102292][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.128553][ T5637] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 99.139620][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.208606][ T5641] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.220905][ T5641] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 99.237709][ T5642] Bluetooth: hci0: command tx timeout [ 99.244099][ T5641] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.256042][ T5641] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 99.267301][ T5641] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 99.278274][ T5641] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.301151][ T5641] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.311825][ T5641] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.394774][ T5631] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 99.401750][ T5642] Bluetooth: hci1: command tx timeout [ 99.412513][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 99.422897][ T5631] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 99.433625][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 99.442173][ T5631] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 99.452155][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.467869][ T5631] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 99.477855][ T5642] Bluetooth: hci2: command tx timeout [ 99.485176][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.556836][ T5642] Bluetooth: hci3: command tx timeout [ 99.622223][ T5637] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.630544][ T5638] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 99.642170][ T5638] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 99.650561][ T5638] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 99.661172][ T5638] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 99.670012][ T5638] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 99.681131][ T5638] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.695582][ T5638] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 99.705650][ T5638] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.778490][ T5637] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.813102][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.820732][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.863931][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.871156][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.895623][ T5641] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.973780][ T5631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.007531][ T5641] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.048382][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.055602][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.069335][ T5631] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.093612][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.100804][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.120677][ T5638] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.141118][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.148386][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.180889][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.188232][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.255477][ T5638] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.302898][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.310146][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.337477][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.345088][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.248126][ T5637] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.317424][ T5642] Bluetooth: hci0: command tx timeout [ 101.463917][ T5637] veth0_vlan: entered promiscuous mode [ 101.477764][ T5642] Bluetooth: hci1: command tx timeout [ 101.524682][ T5637] veth1_vlan: entered promiscuous mode [ 101.562577][ T5642] Bluetooth: hci2: command tx timeout [ 101.585611][ T5631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.640551][ T5642] Bluetooth: hci3: command tx timeout [ 101.664130][ T5638] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.674601][ T5641] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.733454][ T5637] veth0_macvtap: entered promiscuous mode [ 101.752918][ T5637] veth1_macvtap: entered promiscuous mode [ 101.809953][ T5637] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.832577][ T5631] veth0_vlan: entered promiscuous mode [ 101.845468][ T5637] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.899680][ T35] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.911109][ T1118] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.921301][ T5631] veth1_vlan: entered promiscuous mode [ 101.938642][ T5638] veth0_vlan: entered promiscuous mode [ 101.944592][ T1118] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.963288][ T1118] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.976022][ T5641] veth0_vlan: entered promiscuous mode [ 102.012093][ T5638] veth1_vlan: entered promiscuous mode [ 102.022279][ T5641] veth1_vlan: entered promiscuous mode [ 102.162329][ T5631] veth0_macvtap: entered promiscuous mode [ 102.190045][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.206278][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.223445][ T5631] veth1_macvtap: entered promiscuous mode [ 102.256012][ T5641] veth0_macvtap: entered promiscuous mode [ 102.290556][ T5638] veth0_macvtap: entered promiscuous mode [ 102.305368][ T5641] veth1_macvtap: entered promiscuous mode [ 102.315739][ T5631] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.336666][ T5638] veth1_macvtap: entered promiscuous mode [ 102.343628][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.354284][ T5631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.361763][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.393693][ T1118] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.412757][ T1118] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.429512][ T1118] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.448320][ T1118] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.481345][ T5641] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.493534][ T5638] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.530936][ T5638] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.548888][ T5641] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.603737][ T48] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.616238][ T48] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.630391][ T5637] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 102.661519][ T48] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.670675][ T48] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.719336][ T48] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.740754][ T48] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.786161][ T48] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.802221][ T48] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.805915][ T1334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.842196][ T1334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.972783][ T182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.981781][ T182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.094836][ T182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.129262][ T182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.213129][ T1118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.222691][ T1118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.363227][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.393401][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.405407][ T5642] Bluetooth: hci0: command tx timeout [ 103.474108][ T182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.497793][ T182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.557302][ T5642] Bluetooth: hci1: command tx timeout [ 103.638724][ T5642] Bluetooth: hci2: command tx timeout [ 103.717104][ T5642] Bluetooth: hci3: command tx timeout [ 104.591053][ T5798] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5'. [ 105.582955][ T5808] Zero length message leads to an empty skb [ 105.752996][ T5814] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 105.976551][ T5813] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9'. [ 106.432937][ T5818] FAULT_INJECTION: forcing a failure. [ 106.432937][ T5818] name failslab, interval 1, probability 0, space 0, times 1 [ 106.487732][ T5818] CPU: 1 UID: 0 PID: 5818 Comm: syz.1.10 Not tainted syzkaller #0 PREEMPT(full) [ 106.487782][ T5818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 106.487807][ T5818] Call Trace: [ 106.487818][ T5818] [ 106.487831][ T5818] dump_stack_lvl+0x100/0x190 [ 106.487900][ T5818] should_fail_ex.cold+0x5/0xa [ 106.487942][ T5818] ? __pfx_ip6mr_new_table_set+0x10/0x10 [ 106.487994][ T5818] should_failslab+0xc2/0x120 [ 106.488034][ T5818] ? __pfx_ip6mr_new_table_set+0x10/0x10 [ 106.488103][ T5818] __kmalloc_cache_noprof+0x7a/0x6f0 [ 106.488154][ T5818] ? mr_table_alloc+0x61/0x3e0 [ 106.488207][ T5818] ? __pfx_ip6mr_new_table_set+0x10/0x10 [ 106.488258][ T5818] mr_table_alloc+0x61/0x3e0 [ 106.488313][ T5818] ? __pfx_ipmr_expire_process+0x10/0x10 [ 106.488371][ T5818] ip6mr_net_init+0x341/0x4d0 [ 106.488405][ T5818] ? __pfx_ip6mr_net_init+0x10/0x10 [ 106.488436][ T5818] ops_init+0x1e2/0x5f0 [ 106.488477][ T5818] setup_net+0x118/0x3a0 [ 106.488515][ T5818] ? __pfx_setup_net+0x10/0x10 [ 106.488552][ T5818] ? mutex_init_lockdep+0xf1/0x120 [ 106.488593][ T5818] copy_net_ns+0x46f/0x7c0 [ 106.488638][ T5818] create_new_namespaces+0x3ea/0xac0 [ 106.488689][ T5818] unshare_nsproxy_namespaces+0xf2/0x220 [ 106.488735][ T5818] ksys_unshare+0x438/0xab0 [ 106.488787][ T5818] ? __pfx_ksys_unshare+0x10/0x10 [ 106.488834][ T5818] ? xfd_validate_state+0x129/0x190 [ 106.488866][ T5818] ? exit_to_user_mode_loop+0xf3/0x670 [ 106.488933][ T5818] __x64_sys_unshare+0x31/0x40 [ 106.488982][ T5818] do_syscall_64+0x115/0x840 [ 106.489028][ T5818] ? clear_bhb_loop+0x40/0x90 [ 106.489070][ T5818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.489104][ T5818] RIP: 0033:0x7f288b79ce59 [ 106.489132][ T5818] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.489165][ T5818] RSP: 002b:00007f288c6dd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 106.489206][ T5818] RAX: ffffffffffffffda RBX: 00007f288ba15fa0 RCX: 00007f288b79ce59 [ 106.489228][ T5818] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 106.489249][ T5818] RBP: 00007f288b832d6f R08: 0000000000000000 R09: 0000000000000000 [ 106.489268][ T5818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 106.489287][ T5818] R13: 00007f288ba16038 R14: 00007f288ba15fa0 R15: 00007ffdda9161c8 [ 106.489337][ T5818] [ 107.919795][ T5835] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 107.957380][ T5835] vivid-008: ================= START STATUS ================= [ 107.983074][ T5835] vivid-008: ================== END STATUS ================== [ 109.264554][ T5851] netlink: 'syz.0.16': attribute type 1 has an invalid length. [ 109.565915][ T5850] NFSD: Failed to start, no listeners configured. [ 111.553745][ T5875] netlink: 25 bytes leftover after parsing attributes in process `syz.1.22'. [ 111.894074][ T5887] netlink: 4 bytes leftover after parsing attributes in process `syz.1.25'. [ 112.714948][ T5861] Process accounting resumed [ 113.052241][ T5900] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 113.381842][ T5906] netlink: 4 bytes leftover after parsing attributes in process `syz.3.30'. [ 113.417982][ T5906] netlink: 13 bytes leftover after parsing attributes in process `syz.3.30'. [ 113.588359][ T5911] netlink: 28 bytes leftover after parsing attributes in process `syz.3.30'. [ 113.737460][ T5911] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 113.765777][ T5911] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 113.847194][ T5911] bond0 (unregistering): Released all slaves [ 114.323143][ T5918] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 114.430510][ T5918] CIFS mount error: No usable UNC path provided in device string! [ 114.430510][ T5918] [ 114.513724][ T5916] FAULT_INJECTION: forcing a failure. [ 114.513724][ T5916] name failslab, interval 1, probability 0, space 0, times 0 [ 114.537835][ T5916] CPU: 1 UID: 0 PID: 5916 Comm: syz.3.31 Not tainted syzkaller #0 PREEMPT(full) [ 114.537879][ T5916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 114.537898][ T5916] Call Trace: [ 114.537910][ T5916] [ 114.537922][ T5916] dump_stack_lvl+0x100/0x190 [ 114.537987][ T5916] should_fail_ex.cold+0x5/0xa [ 114.538039][ T5916] ? lsm_blob_alloc+0x68/0x90 [ 114.538089][ T5916] should_failslab+0xc2/0x120 [ 114.538131][ T5916] __kmalloc_noprof+0xe0/0x850 [ 114.538186][ T5916] ? down_write_nested+0x14f/0x200 [ 114.538233][ T5916] lsm_blob_alloc+0x68/0x90 [ 114.538285][ T5916] security_sb_alloc+0x25/0x240 [ 114.538320][ T5916] alloc_super+0x24c/0xd20 [ 114.538362][ T5916] ? __pfx_mqueue_fill_super+0x10/0x10 [ 114.538417][ T5916] sget_fc+0x117/0xc70 [ 114.538451][ T5916] ? __pfx_set_anon_super_fc+0x10/0x10 [ 114.538486][ T5916] ? __pfx_mqueue_fill_super+0x10/0x10 [ 114.538538][ T5916] get_tree_nodev+0x28/0x190 [ 114.538577][ T5916] mqueue_get_tree+0xf1/0x130 [ 114.538631][ T5916] vfs_get_tree+0x92/0x320 [ 114.538663][ T5916] fc_mount_longterm+0x1a/0x270 [ 114.538699][ T5916] mq_init_ns+0x482/0x820 [ 114.538739][ T5916] copy_ipcs+0x3dd/0x7e0 [ 114.538786][ T5916] create_new_namespaces+0x20a/0xac0 [ 114.538829][ T5916] ? security_capable+0x80/0x260 [ 114.538867][ T5916] unshare_nsproxy_namespaces+0xf2/0x220 [ 114.538913][ T5916] ksys_unshare+0x438/0xab0 [ 114.538963][ T5916] ? __pfx_ksys_unshare+0x10/0x10 [ 114.539018][ T5916] ? xfd_validate_state+0x129/0x190 [ 114.539066][ T5916] __x64_sys_unshare+0x31/0x40 [ 114.539114][ T5916] do_syscall_64+0x115/0x840 [ 114.539161][ T5916] ? clear_bhb_loop+0x40/0x90 [ 114.539202][ T5916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.539236][ T5916] RIP: 0033:0x7ff2adf9ce59 [ 114.539263][ T5916] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 114.539306][ T5916] RSP: 002b:00007ff2aeec4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 114.539338][ T5916] RAX: ffffffffffffffda RBX: 00007ff2ae215fa0 RCX: 00007ff2adf9ce59 [ 114.539359][ T5916] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 114.539379][ T5916] RBP: 00007ff2ae032d6f R08: 0000000000000000 R09: 0000000000000000 [ 114.539398][ T5916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.539417][ T5916] R13: 00007ff2ae216038 R14: 00007ff2ae215fa0 R15: 00007ffd6d4c5778 [ 114.539459][ T5916] [ 114.812106][ T5918] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 115.487848][ T5946] netlink: 330 bytes leftover after parsing attributes in process `syz.1.38'. [ 115.779069][ T5946] mac80211_hwsim hwsim4 : renamed from wlan0 (while UP) [ 116.337719][ T5958] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 117.332828][ T5972] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.45'. [ 117.355629][ T5970] FAULT_INJECTION: forcing a failure. [ 117.355629][ T5970] name failslab, interval 1, probability 0, space 0, times 0 [ 117.376872][ T5970] CPU: 0 UID: 0 PID: 5970 Comm: syz.3.44 Not tainted syzkaller #0 PREEMPT(full) [ 117.376914][ T5970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 117.376932][ T5970] Call Trace: [ 117.376942][ T5970] [ 117.376953][ T5970] dump_stack_lvl+0x100/0x190 [ 117.377012][ T5970] should_fail_ex.cold+0x5/0xa [ 117.377049][ T5970] should_failslab+0xc2/0x120 [ 117.377085][ T5970] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 117.377131][ T5970] ? dst_alloc+0x99/0x1a0 [ 117.377183][ T5970] dst_alloc+0x99/0x1a0 [ 117.377241][ T5970] rt_dst_alloc+0x35/0x3a0 [ 117.377310][ T5970] ip_route_output_key_hash_rcu+0x87a/0x2870 [ 117.377355][ T5970] ip_route_output_key_hash+0x118/0x2b0 [ 117.377387][ T5970] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 117.377418][ T5970] ? sctp_transport_pmtu+0x275/0x7b0 [ 117.377455][ T5970] ? sctp_transport_route+0x163/0x360 [ 117.377493][ T5970] ? sctp_assoc_add_peer+0x765/0x14f0 [ 117.377531][ T5970] ? __release_sock+0x3a2/0x440 [ 117.377557][ T5970] ? release_sock+0x1e5/0x280 [ 117.377587][ T5970] ? sctp_wait_for_connect+0x1f3/0x640 [ 117.377627][ T5970] ? __sctp_connect+0x9bb/0xc70 [ 117.377661][ T5970] ? sctp_inet_connect+0x15f/0x220 [ 117.377697][ T5970] ? __sys_connect_file+0x141/0x1a0 [ 117.377741][ T5970] ? __sys_connect+0x141/0x170 [ 117.377790][ T5970] ip_route_output_flow+0x27/0x150 [ 117.377824][ T5970] sctp_v4_get_dst+0x3c4/0x1220 [ 117.377865][ T5970] ? __pfx_sctp_v4_get_dst+0x10/0x10 [ 117.377922][ T5970] sctp_transport_pmtu+0x32c/0x7b0 [ 117.377962][ T5970] ? __pfx_sctp_transport_pmtu+0x10/0x10 [ 117.378001][ T5970] ? lockdep_init_map_type+0x5c/0x250 [ 117.378053][ T5970] ? timer_init_key+0x155/0x330 [ 117.378108][ T5970] sctp_transport_route+0x163/0x360 [ 117.378165][ T5970] sctp_assoc_add_peer+0x765/0x14f0 [ 117.378216][ T5970] sctp_process_init+0x26bd/0x2d00 [ 117.378261][ T5970] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 117.378299][ T5970] ? __pfx_sctp_process_init+0x10/0x10 [ 117.378339][ T5970] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 117.378390][ T5970] ? sctp_bind_addr_copy+0x23a/0x530 [ 117.378453][ T5970] sctp_sf_do_unexpected_init.isra.0+0xa66/0x18a0 [ 117.378497][ T5970] ? __pfx_sctp_sf_do_unexpected_init.isra.0+0x10/0x10 [ 117.378532][ T5970] ? __pfx_sctp_sm_lookup_event+0x10/0x10 [ 117.378598][ T5970] ? __pfx_sctp_cname+0x10/0x10 [ 117.378652][ T5970] sctp_do_sm+0x17a/0x5be0 [ 117.378704][ T5970] ? sctp_packet_singleton+0x1a5/0x370 [ 117.378747][ T5970] ? __pfx_sctp_packet_singleton+0x10/0x10 [ 117.378794][ T5970] ? __pfx_sctp_do_sm+0x10/0x10 [ 117.378903][ T5970] ? ktime_get+0x22c/0x320 [ 117.378950][ T5970] ? lockdep_hardirqs_on+0x78/0x100 [ 117.379002][ T5970] sctp_assoc_bh_rcv+0x392/0x6f0 [ 117.379052][ T5970] sctp_inq_push+0x1db/0x280 [ 117.379094][ T5970] sctp_backlog_rcv+0x169/0x590 [ 117.379145][ T5970] ? __pfx_sctp_backlog_rcv+0x10/0x10 [ 117.379191][ T5970] __release_sock+0x3a2/0x440 [ 117.379225][ T5970] ? lockdep_hardirqs_on+0x78/0x100 [ 117.379278][ T5970] release_sock+0x1e5/0x280 [ 117.379312][ T5970] sctp_wait_for_connect+0x1f3/0x640 [ 117.379356][ T5970] ? __pfx_sctp_wait_for_connect+0x10/0x10 [ 117.379396][ T5970] ? __pfx_autoremove_wake_function+0x10/0x10 [ 117.379452][ T5970] ? sctp_primitive_ASSOCIATE+0x9c/0xd0 [ 117.379502][ T5970] __sctp_connect+0x9bb/0xc70 [ 117.379572][ T5970] ? __pfx___sctp_connect+0x10/0x10 [ 117.379626][ T5970] ? __pfx_sctp_inet_connect+0x10/0x10 [ 117.379673][ T5970] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 117.379717][ T5970] ? __pfx_sctp_inet_connect+0x10/0x10 [ 117.379754][ T5970] sctp_inet_connect+0x15f/0x220 [ 117.379793][ T5970] __sys_connect_file+0x141/0x1a0 [ 117.379841][ T5970] __sys_connect+0x141/0x170 [ 117.379885][ T5970] ? __pfx___sys_connect+0x10/0x10 [ 117.379952][ T5970] __x64_sys_connect+0x72/0xb0 [ 117.379994][ T5970] ? lockdep_hardirqs_on+0x78/0x100 [ 117.380034][ T5970] do_syscall_64+0x115/0x840 [ 117.380073][ T5970] ? clear_bhb_loop+0x40/0x90 [ 117.380108][ T5970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.380137][ T5970] RIP: 0033:0x7ff2adf9ce59 [ 117.380162][ T5970] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 117.380190][ T5970] RSP: 002b:00007ff2aeec4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 117.380218][ T5970] RAX: ffffffffffffffda RBX: 00007ff2ae215fa0 RCX: 00007ff2adf9ce59 [ 117.380236][ T5970] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 117.380254][ T5970] RBP: 00007ff2ae032d6f R08: 0000000000000000 R09: 0000000000000000 [ 117.380271][ T5970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.380287][ T5970] R13: 00007ff2ae216038 R14: 00007ff2ae215fa0 R15: 00007ffd6d4c5778 [ 117.380325][ T5970] [ 118.879733][ T5991] mmap: syz.3.47 (5991) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 118.988282][ T29] audit: type=1804 audit(1780190774.340:2): pid=5993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.50" name="/newroot/15/file0" dev="tmpfs" ino=95 res=1 errno=0 [ 121.690803][ T6017] syz.2.55 uses obsolete (PF_INET,SOCK_PACKET) [ 121.883098][ T6023] netlink: 8 bytes leftover after parsing attributes in process `syz.3.56'. [ 122.648908][ T6032] FAULT_INJECTION: forcing a failure. [ 122.648908][ T6032] name failslab, interval 1, probability 0, space 0, times 0 [ 122.676900][ T6032] CPU: 1 UID: 0 PID: 6032 Comm: syz.3.59 Not tainted syzkaller #0 PREEMPT(full) [ 122.676931][ T6032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 122.676944][ T6032] Call Trace: [ 122.676951][ T6032] [ 122.676960][ T6032] dump_stack_lvl+0x100/0x190 [ 122.677005][ T6032] should_fail_ex.cold+0x5/0xa [ 122.677033][ T6032] ? __register_sysctl_table+0xac/0x1650 [ 122.677064][ T6032] should_failslab+0xc2/0x120 [ 122.677092][ T6032] __kmalloc_noprof+0xe0/0x850 [ 122.677139][ T6032] __register_sysctl_table+0xac/0x1650 [ 122.677200][ T6032] ? is_module_address+0x5f/0xf0 [ 122.677242][ T6032] ? __pfx___register_sysctl_table+0x10/0x10 [ 122.677278][ T6032] ? is_module_address+0x69/0xf0 [ 122.677299][ T6032] ? register_net_sysctl_sz+0x222/0x430 [ 122.677338][ T6032] ? __asan_memcpy+0x3c/0x60 [ 122.677395][ T6032] xfrm_sysctl_init+0x1f5/0x2d0 [ 122.677422][ T6032] xfrm_net_init+0x856/0xcf0 [ 122.677466][ T6032] ? __pfx_xfrm_net_init+0x10/0x10 [ 122.677504][ T6032] ops_init+0x1e2/0x5f0 [ 122.677536][ T6032] setup_net+0x118/0x3a0 [ 122.677562][ T6032] ? __pfx_setup_net+0x10/0x10 [ 122.677588][ T6032] ? mutex_init_lockdep+0xf1/0x120 [ 122.677616][ T6032] copy_net_ns+0x46f/0x7c0 [ 122.677648][ T6032] create_new_namespaces+0x3ea/0xac0 [ 122.677691][ T6032] unshare_nsproxy_namespaces+0xf2/0x220 [ 122.677725][ T6032] ksys_unshare+0x438/0xab0 [ 122.677761][ T6032] ? __pfx_ksys_unshare+0x10/0x10 [ 122.677794][ T6032] ? xfd_validate_state+0x129/0x190 [ 122.677828][ T6032] __x64_sys_unshare+0x31/0x40 [ 122.677862][ T6032] do_syscall_64+0x115/0x840 [ 122.677895][ T6032] ? clear_bhb_loop+0x40/0x90 [ 122.677924][ T6032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.677949][ T6032] RIP: 0033:0x7ff2adf9ce59 [ 122.677968][ T6032] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.677990][ T6032] RSP: 002b:00007ff2aeec4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 122.678013][ T6032] RAX: ffffffffffffffda RBX: 00007ff2ae215fa0 RCX: 00007ff2adf9ce59 [ 122.678028][ T6032] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 122.678042][ T6032] RBP: 00007ff2ae032d6f R08: 0000000000000000 R09: 0000000000000000 [ 122.678056][ T6032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.678070][ T6032] R13: 00007ff2ae216038 R14: 00007ff2ae215fa0 R15: 00007ffd6d4c5778 [ 122.678100][ T6032] [ 123.502643][ T6039] netlink: 4 bytes leftover after parsing attributes in process `syz.3.61'. [ 123.549637][ T6039] netlink: 'syz.3.61': attribute type 1 has an invalid length. [ 123.566568][ T6039] netlink: 36629 bytes leftover after parsing attributes in process `syz.3.61'. [ 124.444307][ T6027] Process accounting resumed [ 125.143484][ T6060] netlink: 20 bytes leftover after parsing attributes in process `syz.0.66'. [ 126.271404][ T6054] Process accounting resumed [ 127.557867][ T6086] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 127.565019][ T6086] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 127.732970][ T6086] netlink: 20 bytes leftover after parsing attributes in process `syz.3.71'. [ 127.994587][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 128.035387][ T6086] hsr_slave_0: left promiscuous mode [ 128.066276][ T6086] hsr_slave_1: left promiscuous mode [ 128.208603][ T6093] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5641] was attempted by "fө2*iN׾D\x07[,(E5\x0bᎵBw:i?n>W/B\x09PCpZBg2LUpTBXQI/\x5c\x22k.SIOP?zij`|XFa-V!VbtVVEI\x22 \x5c/CMX1덇9346y?d\x0aGY$%z-OMN{ .Żͩ\x09TAoɼATA\x0d0~%D}z$˥+ *}\x22/,R1]Q\x09FZa|Nٳ$g+G\x1b%GuNm tl)cQ5ōjfktrsHFJ#Gɹ,؅w3\x0a֕Qk^qy998Ďqğl\x5csqAE!P:se׺ۘu(oѾ])h;7\x0bZ|`f夯m}D.Z9%\x0bj 0>h877/羟;nzC[\x5c? :^iQ #1[_N]o] =%A]=1Y\x0bD*-S1 M;YS1jF >:>V*\x07˗Fnn櫤Qz| c5r)P\x0bX>xS,܆ɒ慱ZjuȌdaU/HwO7D\x09*L̮|Dɯ˙^\x5c#!p4̡a#ymr\x0b\x09nrʰ܋\x09EB>xme=JBWۮ+#T4hBŲ\x07\x0aI [ 135.751104][ T6179] dump_stack_lvl+0x100/0x190 [ 135.751151][ T6179] should_fail_ex.cold+0x5/0xa [ 135.751181][ T6179] should_failslab+0xc2/0x120 [ 135.751210][ T6179] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 135.751249][ T6179] ? sk_prot_alloc+0x60/0x2a0 [ 135.751285][ T6179] sk_prot_alloc+0x60/0x2a0 [ 135.751317][ T6179] sk_alloc+0x36/0xe80 [ 135.751340][ T6179] pn_socket_create+0x22d/0x560 [ 135.751379][ T6179] __sock_create+0x339/0x860 [ 135.751417][ T6179] __sys_socket+0x14d/0x260 [ 135.751456][ T6179] ? __pfx___sys_socket+0x10/0x10 [ 135.751499][ T6179] __x64_sys_socket+0x72/0xb0 [ 135.751538][ T6179] ? lockdep_hardirqs_on+0x78/0x100 [ 135.751572][ T6179] do_syscall_64+0x115/0x840 [ 135.751606][ T6179] ? clear_bhb_loop+0x40/0x90 [ 135.751635][ T6179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.751660][ T6179] RIP: 0033:0x7ff2adf9ce59 [ 135.751679][ T6179] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 135.751701][ T6179] RSP: 002b:00007ff2aeec4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 135.751723][ T6179] RAX: ffffffffffffffda RBX: 00007ff2ae215fa0 RCX: 00007ff2adf9ce59 [ 135.751739][ T6179] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000023 [ 135.751753][ T6179] RBP: 00007ff2ae032d6f R08: 0000000000000000 R09: 0000000000000000 [ 135.751767][ T6179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 135.751780][ T6179] R13: 00007ff2ae216038 R14: 00007ff2ae215fa0 R15: 00007ffd6d4c5778 [ 135.751810][ T6179] [ 136.165171][ T6173] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 136.175361][ T6179] sd 0:0:1:0: PR command failed: 1026 [ 136.196407][ T6179] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 136.215729][ T6173] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 136.237690][ T6179] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 136.262953][ T6173] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 136.307134][ T6173] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2062994733 [ 136.388827][ T6173] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 136.431152][ T6174] ubi0: detaching mtd0 [ 136.628233][ T6174] ubi0: mtd0 is detached [ 136.836183][ T6147] Process accounting resumed [ 137.052831][ T6182] hub 1-0:1.0: USB hub found [ 137.154746][ T6182] hub 1-0:1.0: 1 port detected [ 137.497210][ T6197] netlink: 4 bytes leftover after parsing attributes in process `syz.1.93'. [ 137.538850][ T6197] netlink: 354 bytes leftover after parsing attributes in process `syz.1.93'. [ 138.717557][ T6204] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.977183][ T6220] netlink: 4 bytes leftover after parsing attributes in process `syz.0.97'. [ 140.064277][ T6223] netlink: 354 bytes leftover after parsing attributes in process `syz.0.97'. [ 141.157983][ T5642] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 141.199996][ T6234] vivid-008: ================= START STATUS ================= [ 141.273062][ T6234] vivid-008: ================== END STATUS ================== [ 142.080620][ T6227] netlink: 28 bytes leftover after parsing attributes in process `syz.0.99'. [ 143.014529][ T6234] random: crng reseeded on system resumption [ 143.217017][ T5642] Bluetooth: hci1: command 0x2016 tx timeout [ 143.648098][ T6247] kexec: Could not allocate control_code_buffer [ 143.713012][ T6258] netlink: 8 bytes leftover after parsing attributes in process `syz.0.106'. [ 145.150465][ T6273] netlink: 'syz.3.110': attribute type 1 has an invalid length. [ 145.188237][ T6273] netlink: 9 bytes leftover after parsing attributes in process `syz.3.110'. [ 145.284863][ T4951] Bluetooth: hci1: command 0x2016 tx timeout [ 145.735039][ T6280] tipc: Started in network mode [ 145.768020][ T6280] tipc: Node identity ee00, cluster identity 4711 [ 145.830384][ T6280] tipc: Node number set to 60928 [ 149.495146][ T6311] usb usb17: usbfs: interface 0 claimed by hub while 'syz.0.117' resets device [ 150.725874][ T6316] can0: slcan on pty155. [ 151.041936][ T6318] can0 (unregistered): slcan off pty155. [ 151.492657][ T6333] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 151.512798][ T6337] process 'syz.0.123' launched ':,' with NULL argv: empty string added [ 152.065917][ T6337] syz.0.123 (6337) used greatest stack depth: 18808 bytes left [ 154.318723][ T6367] netlink: 12 bytes leftover after parsing attributes in process `syz.0.129'. [ 156.547337][ T6422] netlink: 28 bytes leftover after parsing attributes in process `syz.0.138'. [ 157.206707][ T6411] Process accounting paused [ 162.556982][ T29] audit: type=1326 audit(1780193889.109:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6497 comm="syz.3.156" exe="/root/ci-qemu-gce-upstream-auto/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff2adf9ce59 code=0x0 [ 162.793613][ T6495] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 162.823645][ T6495] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 162.965505][ T6495] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 163.044065][ T6495] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 163.078042][ T6495] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 163.147458][ T6495] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 163.189030][ T6495] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 163.219345][ T6495] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 163.267164][ T6495] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 163.314202][ T6495] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 163.358144][ T6495] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 163.456267][ T6495] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 163.652604][ T6515] FAULT_INJECTION: forcing a failure. [ 163.652604][ T6515] name failslab, interval 1, probability 0, space 0, times 0 [ 163.665470][ T6515] CPU: 1 UID: 0 PID: 6515 Comm: syz.3.157 Not tainted syzkaller #0 PREEMPT(full) [ 163.665512][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 163.665537][ T6515] Call Trace: [ 163.665548][ T6515] [ 163.665559][ T6515] dump_stack_lvl+0x100/0x190 [ 163.665623][ T6515] should_fail_ex.cold+0x5/0xa [ 163.665666][ T6515] should_failslab+0xc2/0x120 [ 163.665706][ T6515] __kmalloc_cache_noprof+0x7a/0x6f0 [ 163.665753][ T6515] ? kvm_dev_ioctl+0x1549/0x1a50 [ 163.665807][ T6515] kvm_dev_ioctl+0x1549/0x1a50 [ 163.665875][ T6515] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 163.665935][ T6515] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 163.665982][ T6515] __x64_sys_ioctl+0x18e/0x210 [ 163.666019][ T6515] do_syscall_64+0x115/0x840 [ 163.666065][ T6515] ? clear_bhb_loop+0x40/0x90 [ 163.666106][ T6515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.666140][ T6515] RIP: 0033:0x7ff2adf9ce59 [ 163.666166][ T6515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 163.666197][ T6515] RSP: 002b:00007ff2aeea3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.666227][ T6515] RAX: ffffffffffffffda RBX: 00007ff2ae216090 RCX: 00007ff2adf9ce59 [ 163.666248][ T6515] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000005 [ 163.666277][ T6515] RBP: 00007ff2ae032d6f R08: 0000000000000000 R09: 0000000000000000 [ 163.666296][ T6515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 163.666313][ T6515] R13: 00007ff2ae216128 R14: 00007ff2ae216090 R15: 00007ffd6d4c5778 [ 163.666365][ T6515] [ 164.793224][ T5642] Bluetooth: hci0: command 0x0c1a tx timeout [ 165.109243][ T5642] Bluetooth: hci1: command 0x2016 tx timeout [ 165.188508][ T5642] Bluetooth: hci2: command 0x0c1a tx timeout [ 165.347812][ T5642] Bluetooth: hci3: command 0x0c1a tx timeout [ 165.733731][ T6527] kexec: Could not allocate control_code_buffer [ 166.860686][ T5642] Bluetooth: hci0: command 0x0c1a tx timeout [ 166.998526][ T6562] FAULT_INJECTION: forcing a failure. [ 166.998526][ T6562] name failslab, interval 1, probability 0, space 0, times 0 [ 167.089645][ T6562] CPU: 0 UID: 0 PID: 6562 Comm: syz.3.165 Not tainted syzkaller #0 PREEMPT(full) [ 167.089685][ T6562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 167.089703][ T6562] Call Trace: [ 167.089712][ T6562] [ 167.089724][ T6562] dump_stack_lvl+0x100/0x190 [ 167.089779][ T6562] should_fail_ex.cold+0x5/0xa [ 167.089816][ T6562] should_failslab+0xc2/0x120 [ 167.089855][ T6562] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 167.089903][ T6562] ? __alloc_skb+0x140/0x710 [ 167.089927][ T6562] ? __alloc_skb+0x5b7/0x710 [ 167.089966][ T6562] __alloc_skb+0x140/0x710 [ 167.089990][ T6562] ? __alloc_skb+0x5b7/0x710 [ 167.090017][ T6562] ? __pfx___alloc_skb+0x10/0x10 [ 167.090047][ T6562] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 167.090098][ T6562] ? audit_log_start+0x29d/0x930 [ 167.090131][ T6562] ? lockdep_init_map_type+0x5c/0x250 [ 167.090185][ T6562] audit_log_start+0x350/0x930 [ 167.090225][ T6562] ? __pfx_audit_log_start+0x10/0x10 [ 167.090264][ T6562] ? arch_do_signal_or_restart+0x1f9/0x7a0 [ 167.090319][ T6562] ? native_tss_update_io_bitmap+0x3d6/0x740 [ 167.090362][ T6562] audit_seccomp+0x60/0x190 [ 167.090396][ T6562] __secure_computing+0x26d/0x2c0 [ 167.090429][ T6562] do_syscall_64+0x5ce/0x840 [ 167.090468][ T6562] ? clear_bhb_loop+0x40/0x90 [ 167.090502][ T6562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.090530][ T6562] RIP: 0033:0x7ff2adf9ce59 [ 167.090553][ T6562] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 167.090580][ T6562] RSP: 002b:00007ff2aee609f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 167.090608][ T6562] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007ff2adf9ce59 [ 167.090626][ T6562] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000b [ 167.090642][ T6562] RBP: 00007ff2aee61030 R08: 0000000000000001 R09: 000000000000000b [ 167.090659][ T6562] R10: 0000000000000081 R11: 0000000000000246 R12: 0000000000000000 [ 167.090676][ T6562] R13: 00007ff2ae216308 R14: 00007ff2ae216270 R15: 00007ffd6d4c5778 [ 167.090712][ T6562] [ 167.090754][ T6562] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 167.189559][ T5642] Bluetooth: hci1: command 0x2016 tx timeout [ 167.287516][ T5642] Bluetooth: hci2: command 0x0c1a tx timeout [ 167.374635][ T6562] audit: out of memory in audit_log_start [ 167.418695][ T5642] Bluetooth: hci3: command 0x0c1a tx timeout [ 167.734889][ T6542] Process accounting paused [ 168.930946][ T5642] Bluetooth: hci0: command 0x0c1a tx timeout [ 169.250402][ T5642] Bluetooth: hci1: command 0x2016 tx timeout [ 169.329231][ T5642] Bluetooth: hci2: command 0x0c1a tx timeout [ 169.488399][ T5642] Bluetooth: hci3: command 0x0c1a tx timeout [ 170.377853][ T5642] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 170.857664][ T6597] sg_write: data in/out 262108/45 bytes for SCSI command 0x61-- guessing data in; [ 170.857664][ T6597] program syz.1.172 not setting count and/or reply_len properly [ 170.958573][ T6603] random: crng reseeded on system resumption [ 172.446170][ T4951] Bluetooth: hci1: command 0x2016 tx timeout [ 174.504936][ T5642] Bluetooth: hci1: command 0x2016 tx timeout [ 176.280396][ T6676] random: crng reseeded on system resumption [ 176.433734][ T6676] hub 1-0:1.0: USB hub found [ 176.453649][ T6676] hub 1-0:1.0: 1 port detected [ 177.947674][ T6683] FAULT_INJECTION: forcing a failure. [ 177.947674][ T6683] name failslab, interval 1, probability 0, space 0, times 0 [ 177.987129][ T6683] CPU: 1 UID: 0 PID: 6683 Comm: syz.1.187 Not tainted syzkaller #0 PREEMPT(full) [ 177.987176][ T6683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 177.987196][ T6683] Call Trace: [ 177.987208][ T6683] [ 177.987221][ T6683] dump_stack_lvl+0x100/0x190 [ 177.987302][ T6683] should_fail_ex.cold+0x5/0xa [ 177.987345][ T6683] should_failslab+0xc2/0x120 [ 177.987385][ T6683] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 177.987439][ T6683] ? sk_prot_alloc+0x60/0x2a0 [ 177.987489][ T6683] sk_prot_alloc+0x60/0x2a0 [ 177.987535][ T6683] sk_alloc+0x36/0xe80 [ 177.987572][ T6683] smc_create+0x11a/0x290 [ 177.987618][ T6683] __sock_create+0x339/0x860 [ 177.987713][ T6683] __sys_socket+0x14d/0x260 [ 177.987762][ T6683] ? __pfx___sys_socket+0x10/0x10 [ 177.987821][ T6683] __x64_sys_socket+0x72/0xb0 [ 177.987868][ T6683] ? lockdep_hardirqs_on+0x78/0x100 [ 177.987915][ T6683] do_syscall_64+0x115/0x840 [ 177.987962][ T6683] ? clear_bhb_loop+0x40/0x90 [ 177.988004][ T6683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.988057][ T6683] RIP: 0033:0x7f288b79ce59 [ 177.988091][ T6683] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 177.988123][ T6683] RSP: 002b:00007f288c6dd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 177.988159][ T6683] RAX: ffffffffffffffda RBX: 00007f288ba15fa0 RCX: 00007f288b79ce59 [ 177.988180][ T6683] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000002b [ 177.988198][ T6683] RBP: 00007f288b832d6f R08: 0000000000000000 R09: 0000000000000000 [ 177.988217][ T6683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.988235][ T6683] R13: 00007f288ba16038 R14: 00007f288ba15fa0 R15: 00007ffdda9161c8 [ 177.988273][ T6683] [ 178.364328][ T6689] random: crng reseeded on system resumption [ 180.031448][ T6717] netlink: 28 bytes leftover after parsing attributes in process `syz.2.194'. [ 180.200073][ T6717] veth0_macvtap: left promiscuous mode [ 180.224664][ T6717] macvtap0: entered promiscuous mode [ 180.237516][ T6717] macvtap0: entered allmulticast mode [ 180.285443][ T6722] smc: net device dummy0 applied user defined pnetid DU [ 183.398899][ T29] audit: type=1804 audit(1843104530.965:4): pid=6762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.201" name="/newroot/44/file0" dev="tmpfs" ino=252 res=1 errno=0 [ 183.463971][ T29] audit: type=1804 audit(1843104530.986:5): pid=6752 uid=2 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.201" name="/newroot/44/file0" dev="tmpfs" ino=252 res=1 errno=0 [ 184.454980][ T6767] vhci_hcd: not connected 4 [ 184.836127][ T6785] netlink: 28 bytes leftover after parsing attributes in process `syz.0.206'. [ 184.922242][ T6785] bond0: (slave bond_slave_0): Releasing backup interface [ 185.035775][ T6792] netlink: 28 bytes leftover after parsing attributes in process `syz.2.207'. [ 185.067900][ T6792] veth1_macvtap: left promiscuous mode [ 185.087098][ T6792] macsec0: entered promiscuous mode [ 185.093771][ T6792] macsec0: entered allmulticast mode [ 185.362672][ T6800] capability: warning: `syz.0.208' uses 32-bit capabilities (legacy support in use) [ 186.863008][ T29] audit: type=1800 audit(1843104534.452:6): pid=6825 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.212" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 186.963525][ T29] audit: type=1107 audit(1843104534.542:7): pid=6811 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 187.026965][ T29] audit: type=1107 audit(1843104534.603:8): pid=6811 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 188.567287][ T6863] netlink: 28 bytes leftover after parsing attributes in process `syz.3.216'. [ 188.653190][ T6863] veth0_macvtap: left promiscuous mode [ 188.706952][ T6863] macvtap0: entered promiscuous mode [ 188.717381][ T6863] macvtap0: entered allmulticast mode [ 189.518910][ T6799] Process accounting resumed [ 189.854594][ T6886] netlink: 4 bytes leftover after parsing attributes in process `syz.3.220'. [ 189.855642][ T6886] netlink: 25 bytes leftover after parsing attributes in process `syz.3.220'. [ 192.055661][ T6918] FAULT_INJECTION: forcing a failure. [ 192.055661][ T6918] name failslab, interval 1, probability 0, space 0, times 0 [ 192.099863][ T6918] CPU: 1 UID: 0 PID: 6918 Comm: syz.0.223 Not tainted syzkaller #0 PREEMPT(full) [ 192.099912][ T6918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 192.099931][ T6918] Call Trace: [ 192.099942][ T6918] [ 192.099954][ T6918] dump_stack_lvl+0x100/0x190 [ 192.100014][ T6918] should_fail_ex.cold+0x5/0xa [ 192.100055][ T6918] should_failslab+0xc2/0x120 [ 192.100096][ T6918] __kmalloc_node_noprof+0xe6/0x850 [ 192.100150][ T6918] ? user_buffer_init+0x2a1/0x6d0 [ 192.100198][ T6918] user_buffer_init+0x2a1/0x6d0 [ 192.100255][ T6918] tracing_mark_open+0x272/0x2f0 [ 192.100305][ T6918] do_dentry_open+0x6ab/0x14d0 [ 192.100345][ T6918] ? __pfx_tracing_mark_open+0x10/0x10 [ 192.100400][ T6918] vfs_open+0x82/0x3f0 [ 192.100452][ T6918] path_openat+0x208c/0x31a0 [ 192.100506][ T6918] ? __pfx_path_openat+0x10/0x10 [ 192.100561][ T6918] do_file_open+0x20e/0x430 [ 192.100605][ T6918] ? __pfx_do_file_open+0x10/0x10 [ 192.100673][ T6918] ? alloc_fd+0x476/0x790 [ 192.100715][ T6918] ? do_getname+0x191/0x390 [ 192.100767][ T6918] do_sys_openat2+0x10d/0x1e0 [ 192.100816][ T6918] ? __pfx_do_sys_openat2+0x10/0x10 [ 192.100869][ T6918] ? find_held_lock+0x2b/0x80 [ 192.100920][ T6918] __x64_sys_openat+0x12d/0x210 [ 192.100972][ T6918] ? __pfx___x64_sys_openat+0x10/0x10 [ 192.101031][ T6918] ? rcu_is_watching+0x12/0xc0 [ 192.101073][ T6918] do_syscall_64+0x115/0x840 [ 192.101120][ T6918] ? clear_bhb_loop+0x40/0x90 [ 192.101162][ T6918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.101195][ T6918] RIP: 0033:0x7f20f4f9ce59 [ 192.101230][ T6918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 192.101263][ T6918] RSP: 002b:00007f20f5dd8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 192.101294][ T6918] RAX: ffffffffffffffda RBX: 00007f20f5215fa0 RCX: 00007f20f4f9ce59 [ 192.101314][ T6918] RDX: 0000000000000400 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 192.101334][ T6918] RBP: 00007f20f5032d6f R08: 0000000000000000 R09: 0000000000000000 [ 192.101351][ T6918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.101369][ T6918] R13: 00007f20f5216038 R14: 00007f20f5215fa0 R15: 00007ffc2dcec8a8 [ 192.101409][ T6918] [ 193.826639][ T6939] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 193.923667][ T6941] FAULT_INJECTION: forcing a failure. [ 193.923667][ T6941] name failslab, interval 1, probability 0, space 0, times 0 [ 193.923727][ T6941] CPU: 1 UID: 0 PID: 6941 Comm: syz.3.226 Not tainted syzkaller #0 PREEMPT(full) [ 193.923762][ T6941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 193.923780][ T6941] Call Trace: [ 193.923790][ T6941] [ 193.923801][ T6941] dump_stack_lvl+0x100/0x190 [ 193.923861][ T6941] should_fail_ex.cold+0x5/0xa [ 193.923900][ T6941] ? __list_lru_init+0xd9/0x4b0 [ 193.923949][ T6941] should_failslab+0xc2/0x120 [ 193.923988][ T6941] __kmalloc_noprof+0xe0/0x850 [ 193.924041][ T6941] ? lockdep_init_map_type+0x5c/0x250 [ 193.924117][ T6941] __list_lru_init+0xd9/0x4b0 [ 193.924174][ T6941] alloc_super+0x8d8/0xd20 [ 193.924212][ T6941] ? __pfx_mqueue_fill_super+0x10/0x10 [ 193.924257][ T6941] sget_fc+0x117/0xc70 [ 193.924286][ T6941] ? __pfx_set_anon_super_fc+0x10/0x10 [ 193.924315][ T6941] ? __pfx_mqueue_fill_super+0x10/0x10 [ 193.924359][ T6941] get_tree_nodev+0x28/0x190 [ 193.924391][ T6941] mqueue_get_tree+0xf1/0x130 [ 193.924435][ T6941] vfs_get_tree+0x92/0x320 [ 193.924460][ T6941] fc_mount_longterm+0x1a/0x270 [ 193.924489][ T6941] mq_init_ns+0x482/0x820 [ 193.924521][ T6941] copy_ipcs+0x3dd/0x7e0 [ 193.924559][ T6941] create_new_namespaces+0x20a/0xac0 [ 193.924594][ T6941] ? security_capable+0x80/0x260 [ 193.924627][ T6941] unshare_nsproxy_namespaces+0xf2/0x220 [ 193.924665][ T6941] ksys_unshare+0x438/0xab0 [ 193.924707][ T6941] ? __pfx_ksys_unshare+0x10/0x10 [ 193.924744][ T6941] ? xfd_validate_state+0x129/0x190 [ 193.924781][ T6941] __x64_sys_unshare+0x31/0x40 [ 193.924820][ T6941] do_syscall_64+0x115/0x840 [ 193.924858][ T6941] ? clear_bhb_loop+0x40/0x90 [ 193.924892][ T6941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.924921][ T6941] RIP: 0033:0x7ff2adf9ce59 [ 193.924944][ T6941] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 193.924970][ T6941] RSP: 002b:00007ff2aee82028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 193.924996][ T6941] RAX: ffffffffffffffda RBX: 00007ff2ae216180 RCX: 00007ff2adf9ce59 [ 193.925014][ T6941] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 193.925030][ T6941] RBP: 00007ff2ae032d6f R08: 0000000000000000 R09: 0000000000000000 [ 193.925046][ T6941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.925062][ T6941] R13: 00007ff2ae216218 R14: 00007ff2ae216180 R15: 00007ffd6d4c5778 [ 193.925110][ T6941] [ 194.069021][ T6933] FAULT_INJECTION: forcing a failure. [ 194.069021][ T6933] name failslab, interval 1, probability 0, space 0, times 0 [ 194.069101][ T6933] CPU: 1 UID: 0 PID: 6933 Comm: syz.2.225 Not tainted syzkaller #0 PREEMPT(full) [ 194.069135][ T6933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 194.069153][ T6933] Call Trace: [ 194.069162][ T6933] [ 194.069172][ T6933] dump_stack_lvl+0x100/0x190 [ 194.069229][ T6933] should_fail_ex.cold+0x5/0xa [ 194.069268][ T6933] should_failslab+0xc2/0x120 [ 194.069308][ T6933] __kmalloc_cache_noprof+0x7a/0x6f0 [ 194.069356][ T6933] ? nat_init_net+0x56/0x270 [ 194.069401][ T6933] ? __pfx_nat_init_net+0x10/0x10 [ 194.069441][ T6933] nat_init_net+0x56/0x270 [ 194.069481][ T6933] ops_init+0x1e2/0x5f0 [ 194.069529][ T6933] setup_net+0x118/0x3a0 [ 194.069565][ T6933] ? __pfx_setup_net+0x10/0x10 [ 194.069619][ T6933] ? mutex_init_lockdep+0xf1/0x120 [ 194.069660][ T6933] copy_net_ns+0x46f/0x7c0 [ 194.069705][ T6933] create_new_namespaces+0x3ea/0xac0 [ 194.069756][ T6933] unshare_nsproxy_namespaces+0xf2/0x220 [ 194.069802][ T6933] ksys_unshare+0x438/0xab0 [ 194.069852][ T6933] ? __pfx_ksys_unshare+0x10/0x10 [ 194.069897][ T6933] ? xfd_validate_state+0x129/0x190 [ 194.069928][ T6933] ? exit_to_user_mode_loop+0xf3/0x670 [ 194.069997][ T6933] __x64_sys_unshare+0x31/0x40 [ 194.070043][ T6933] do_syscall_64+0x115/0x840 [ 194.070094][ T6933] ? clear_bhb_loop+0x40/0x90 [ 194.070131][ T6933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.070161][ T6933] RIP: 0033:0x7f8d0a79ce59 [ 194.070184][ T6933] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 194.070212][ T6933] RSP: 002b:00007f8d0b5df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 194.070239][ T6933] RAX: ffffffffffffffda RBX: 00007f8d0aa15fa0 RCX: 00007f8d0a79ce59 [ 194.070259][ T6933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 194.070276][ T6933] RBP: 00007f8d0a832d6f R08: 0000000000000000 R09: 0000000000000000 [ 194.070293][ T6933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 194.070310][ T6933] R13: 00007f8d0aa16038 R14: 00007f8d0aa15fa0 R15: 00007ffda9c1ee08 [ 194.070352][ T6933] [ 194.095479][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.095562][ T1317] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.561180][ T5642] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 197.310911][ T6968] random: crng reseeded on system resumption [ 198.241165][ T6985] FAULT_INJECTION: forcing a failure. [ 198.241165][ T6985] name failslab, interval 1, probability 0, space 0, times 0 [ 198.321845][ T6985] CPU: 0 UID: 0 PID: 6985 Comm: syz.0.236 Not tainted syzkaller #0 PREEMPT(full) [ 198.321878][ T6985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 198.321892][ T6985] Call Trace: [ 198.321900][ T6985] [ 198.321909][ T6985] dump_stack_lvl+0x100/0x190 [ 198.321955][ T6985] should_fail_ex.cold+0x5/0xa [ 198.321986][ T6985] should_failslab+0xc2/0x120 [ 198.322053][ T6985] __kmalloc_cache_noprof+0x7a/0x6f0 [ 198.322089][ T6985] ? nexthop_net_init+0x73/0x140 [ 198.322116][ T6985] ? lockdep_init_map_type+0x5c/0x250 [ 198.322159][ T6985] ? __pfx_nexthop_net_init+0x10/0x10 [ 198.322184][ T6985] nexthop_net_init+0x73/0x140 [ 198.322208][ T6985] ? tcf_net_init+0x55/0x150 [ 198.322234][ T6985] ops_init+0x1e2/0x5f0 [ 198.322263][ T6985] setup_net+0x118/0x3a0 [ 198.322290][ T6985] ? __pfx_setup_net+0x10/0x10 [ 198.322317][ T6985] ? mutex_init_lockdep+0xf1/0x120 [ 198.322345][ T6985] copy_net_ns+0x46f/0x7c0 [ 198.322377][ T6985] create_new_namespaces+0x3ea/0xac0 [ 198.322413][ T6985] unshare_nsproxy_namespaces+0xf2/0x220 [ 198.322446][ T6985] ksys_unshare+0x438/0xab0 [ 198.322483][ T6985] ? __pfx_ksys_unshare+0x10/0x10 [ 198.322516][ T6985] ? xfd_validate_state+0x129/0x190 [ 198.322538][ T6985] ? exit_to_user_mode_loop+0xf3/0x670 [ 198.322587][ T6985] __x64_sys_unshare+0x31/0x40 [ 198.322621][ T6985] do_syscall_64+0x115/0x840 [ 198.322656][ T6985] ? clear_bhb_loop+0x40/0x90 [ 198.322695][ T6985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.322720][ T6985] RIP: 0033:0x7f20f4f9ce59 [ 198.322740][ T6985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 198.322762][ T6985] RSP: 002b:00007f20f5db7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 198.322809][ T6985] RAX: ffffffffffffffda RBX: 00007f20f5216090 RCX: 00007f20f4f9ce59 [ 198.322831][ T6985] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 198.322857][ T6985] RBP: 00007f20f5032d6f R08: 0000000000000000 R09: 0000000000000000 [ 198.322879][ T6985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.322899][ T6985] R13: 00007f20f5216128 R14: 00007f20f5216090 R15: 00007ffc2dcec8a8 [ 198.322935][ T6985] [ 198.632893][ T4951] Bluetooth: hci3: command 0x0c1a tx timeout [ 199.487058][ T6998] netlink: 4 bytes leftover after parsing attributes in process `syz.2.239'. [ 199.524093][ T6998] netlink: 354 bytes leftover after parsing attributes in process `syz.2.239'. [ 199.764918][ T6984] Process accounting resumed [ 200.404796][ T5642] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 200.778959][ T4951] Bluetooth: hci3: command 0x0c1a tx timeout [ 200.903636][ T7016] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 200.916468][ T7016] random: crng reseeded on system resumption [ 201.153521][ T7027] random: crng reseeded on system resumption [ 201.277689][ T7025] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 201.338078][ T7025] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 202.440042][ T5642] Bluetooth: hci2: command 0x0c1a tx timeout [ 202.527800][ T7044] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 203.270033][ T7052] netlink: 342 bytes leftover after parsing attributes in process `syz.2.250'. [ 203.518304][ T7052] input input5: cannot allocate more than FF_MAX_EFFECTS effects [ 204.514089][ T4951] Bluetooth: hci2: command 0x0c1a tx timeout [ 205.435878][ T7076] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 205.466374][ T7076] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 205.494663][ T7076] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 205.532824][ T7076] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 206.307879][ T7097] FAULT_INJECTION: forcing a failure. [ 206.307879][ T7097] name fail_futex, interval 1, probability 0, space 0, times 1 [ 206.321681][ T7097] CPU: 1 UID: 0 PID: 7097 Comm: syz.0.259 Not tainted syzkaller #0 PREEMPT(full) [ 206.321725][ T7097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 206.321745][ T7097] Call Trace: [ 206.321756][ T7097] [ 206.321768][ T7097] dump_stack_lvl+0x100/0x190 [ 206.321858][ T7097] should_fail_ex.cold+0x5/0xa [ 206.321905][ T7097] should_fail_futex+0x4c/0x60 [ 206.321962][ T7097] futex_lock_pi_atomic+0xe7/0xaf0 [ 206.322004][ T7097] ? futex_hash+0x141/0x370 [ 206.322063][ T7097] futex_lock_pi+0x245/0x7a0 [ 206.322109][ T7097] ? __pfx_futex_lock_pi+0x10/0x10 [ 206.322155][ T7097] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 206.322255][ T7097] ? __pfx_futex_wake_mark+0x10/0x10 [ 206.322312][ T7097] ? ksys_write+0x190/0x250 [ 206.322350][ T7097] ? ksys_write+0x190/0x250 [ 206.322395][ T7097] do_futex+0x18a/0x350 [ 206.322427][ T7097] ? __pfx_do_futex+0x10/0x10 [ 206.322473][ T7097] __x64_sys_futex+0x34f/0x4d0 [ 206.322515][ T7097] ? __pfx___x64_sys_futex+0x10/0x10 [ 206.322562][ T7097] ? ksys_write+0x1ac/0x250 [ 206.322602][ T7097] ? rcu_is_watching+0x12/0xc0 [ 206.322651][ T7097] do_syscall_64+0x115/0x840 [ 206.322701][ T7097] ? clear_bhb_loop+0x40/0x90 [ 206.322729][ T7097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.322753][ T7097] RIP: 0033:0x7f20f4f9ce59 [ 206.322771][ T7097] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 206.322793][ T7097] RSP: 002b:00007f20f5dd8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 206.322815][ T7097] RAX: ffffffffffffffda RBX: 00007f20f5215fa0 RCX: 00007f20f4f9ce59 [ 206.322830][ T7097] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 206.322844][ T7097] RBP: 00007f20f5032d6f R08: 0000000000000000 R09: 000000008000fff5 [ 206.322858][ T7097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 206.322871][ T7097] R13: 00007f20f5216038 R14: 00007f20f5215fa0 R15: 00007ffc2dcec8a8 [ 206.322900][ T7097] [ 207.460889][ T5642] Bluetooth: hci0: command 0x0c1a tx timeout [ 207.530531][ T5642] Bluetooth: hci3: command 0x0c1a tx timeout [ 207.536282][ T4951] Bluetooth: hci2: command 0x0c1a tx timeout [ 207.543713][ T5642] Bluetooth: hci1: command 0x2016 tx timeout [ 208.328940][ T29] audit: type=1400 audit(1843104556.022:9): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=7117 comm="syz.1.263" [ 209.246555][ T7135] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 209.253109][ T7135] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 209.384387][ T7137] netlink: 20 bytes leftover after parsing attributes in process `syz.1.267'. [ 209.393255][ T7131] ubi0: attaching mtd0 [ 209.406079][ T7131] ubi0: scanning is finished [ 209.415782][ T7131] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 209.500147][ T7137] hsr_slave_0: left promiscuous mode [ 209.559539][ T7137] hsr_slave_1: left promiscuous mode [ 209.840331][ T7131] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 210.962790][ T7164] netlink: 25 bytes leftover after parsing attributes in process `syz.2.274'. [ 213.421889][ T7204] netlink: 25 bytes leftover after parsing attributes in process `syz.0.281'. [ 213.711426][ T7197] sg_write: data in/out 262108/45 bytes for SCSI command 0x61-- guessing data in; [ 213.711426][ T7197] program syz.2.279 not setting count and/or reply_len properly [ 214.915825][ T7225] openvswitch: netlink: IP tunnel dst address not specified [ 217.457666][ T7246] i2c i2c-0: delete_device: Can't find device in list [ 217.530450][ T7246] netlink: 28 bytes leftover after parsing attributes in process `syz.0.289'. [ 218.176237][ T7259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.292'. [ 218.801931][ T7261] ovs_: entered promiscuous mode [ 218.983562][ T7268] netlink: 350 bytes leftover after parsing attributes in process `syz.0.294'. [ 220.078498][ T7282] netlink: 342 bytes leftover after parsing attributes in process `syz.1.298'. [ 221.561522][ T7293] netlink: 12 bytes leftover after parsing attributes in process `syz.3.301'. [ 221.956712][ T7308] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 222.455032][ T7275] Process accounting paused [ 224.259796][ T7347] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 224.370113][ T7346] netlink: 25 bytes leftover after parsing attributes in process `syz.1.312'. [ 224.626306][ T7354] netlink: 17 bytes leftover after parsing attributes in process `syz.1.314'. [ 225.251788][ T7371] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 226.241446][ T7365] kexec: Could not allocate control_code_buffer [ 226.636595][ T5642] Bluetooth: hci3: unknown advertising packet type: 0xea [ 226.899809][ T7389] netlink: 16 bytes leftover after parsing attributes in process `syz.0.320'. [ 227.886091][ T5642] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 228.524575][ T7415] netlink: 28 bytes leftover after parsing attributes in process `syz.2.325'. [ 228.697273][ T7417] FAULT_INJECTION: forcing a failure. [ 228.697273][ T7417] name failslab, interval 1, probability 0, space 0, times 0 [ 228.720811][ T7417] CPU: 1 UID: 0 PID: 7417 Comm: syz.0.327 Not tainted syzkaller #0 PREEMPT(full) [ 228.720857][ T7417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 228.720877][ T7417] Call Trace: [ 228.720887][ T7417] [ 228.720899][ T7417] dump_stack_lvl+0x100/0x190 [ 228.720976][ T7417] should_fail_ex.cold+0x5/0xa [ 228.721019][ T7417] should_failslab+0xc2/0x120 [ 228.721058][ T7417] __kmalloc_cache_noprof+0x7a/0x6f0 [ 228.721103][ T7417] ? trace_pid_list_alloc+0x9d/0x480 [ 228.721160][ T7417] trace_pid_list_alloc+0x9d/0x480 [ 228.721208][ T7417] trace_pid_write+0x110/0x460 [ 228.721253][ T7417] ? __pfx_trace_pid_write+0x10/0x10 [ 228.721328][ T7417] event_pid_write.isra.0+0x1e4/0x7d0 [ 228.721385][ T7417] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 228.721443][ T7417] vfs_write+0x2aa/0x1070 [ 228.721481][ T7417] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 228.721526][ T7417] ? __pfx_vfs_write+0x10/0x10 [ 228.721557][ T7417] ? __fget_files+0x215/0x3d0 [ 228.721606][ T7417] ? __fget_files+0x21f/0x3d0 [ 228.721651][ T7417] ksys_write+0x12a/0x250 [ 228.721682][ T7417] ? __pfx_ksys_write+0x10/0x10 [ 228.721736][ T7417] ? rcu_is_watching+0x12/0xc0 [ 228.721775][ T7417] do_syscall_64+0x115/0x840 [ 228.721816][ T7417] ? clear_bhb_loop+0x40/0x90 [ 228.721852][ T7417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.721882][ T7417] RIP: 0033:0x7f20f4f9ce59 [ 228.721907][ T7417] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 228.721935][ T7417] RSP: 002b:00007f20f5dd8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 228.721963][ T7417] RAX: ffffffffffffffda RBX: 00007f20f5215fa0 RCX: 00007f20f4f9ce59 [ 228.721982][ T7417] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 228.722000][ T7417] RBP: 00007f20f5032d6f R08: 0000000000000000 R09: 0000000000000000 [ 228.722017][ T7417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 228.722035][ T7417] R13: 00007f20f5216038 R14: 00007f20f5215fa0 R15: 00007ffc2dcec8a8 [ 228.722076][ T7417] [ 229.965171][ T4951] Bluetooth: hci3: command 0x0c1a tx timeout [ 230.489231][ T29] audit: type=1804 audit(1843104578.319:10): pid=7446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.332" name="/newroot/82/file0" dev="tmpfs" ino=450 res=1 errno=0 [ 230.559474][ T29] audit: type=1804 audit(1843104578.369:11): pid=7448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.332" name="/newroot/82/file0" dev="tmpfs" ino=450 res=1 errno=0 [ 231.405517][ T7427] Process accounting paused [ 231.613073][ T7462] netlink: 334 bytes leftover after parsing attributes in process `syz.0.336'. [ 231.765816][ T7467] ubi0: attaching mtd0 [ 231.787543][ T7468] netlink: 28 bytes leftover after parsing attributes in process `syz.2.338'. [ 231.800789][ T7467] ubi0: scanning is finished [ 231.810039][ T7467] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 231.910266][ T7468] bond0: (slave bond_slave_1): Releasing backup interface [ 232.031770][ T4951] Bluetooth: hci3: command 0x0c1a tx timeout [ 232.063297][ T7467] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 233.103692][ T7486] FAULT_INJECTION: forcing a failure. [ 233.103692][ T7486] name failslab, interval 1, probability 0, space 0, times 0 [ 233.144490][ T7486] CPU: 1 UID: 0 PID: 7486 Comm: syz.2.341 Not tainted syzkaller #0 PREEMPT(full) [ 233.144534][ T7486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 233.144558][ T7486] Call Trace: [ 233.144569][ T7486] [ 233.144581][ T7486] dump_stack_lvl+0x100/0x190 [ 233.144646][ T7486] should_fail_ex.cold+0x5/0xa [ 233.144689][ T7486] should_failslab+0xc2/0x120 [ 233.144730][ T7486] __kmalloc_cache_noprof+0x7a/0x6f0 [ 233.144780][ T7486] ? mem_cgroup_css_online+0x155/0xbf0 [ 233.144845][ T7486] mem_cgroup_css_online+0x155/0xbf0 [ 233.144905][ T7486] ? __pfx_mem_cgroup_css_online+0x10/0x10 [ 233.144964][ T7486] online_css+0xb2/0x350 [ 233.145002][ T7486] cgroup_apply_control_enable+0xa8d/0xdd0 [ 233.145073][ T7486] cgroup_mkdir+0x59c/0x1310 [ 233.145128][ T7486] ? __pfx_cgroup_mkdir+0x10/0x10 [ 233.145177][ T7486] kernfs_iop_mkdir+0x111/0x190 [ 233.145219][ T7486] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 233.145270][ T7486] vfs_mkdir+0x361/0x850 [ 233.145331][ T7486] filename_mkdirat+0x48b/0x5e0 [ 233.145382][ T7486] ? __pfx_filename_mkdirat+0x10/0x10 [ 233.145428][ T7486] ? strncpy_from_user+0x19d/0x2d0 [ 233.145482][ T7486] ? do_getname+0x191/0x390 [ 233.145537][ T7486] __x64_sys_mkdir+0x6b/0x90 [ 233.145584][ T7486] do_syscall_64+0x115/0x840 [ 233.145631][ T7486] ? clear_bhb_loop+0x40/0x90 [ 233.145673][ T7486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.145707][ T7486] RIP: 0033:0x7f8d0a79ce59 [ 233.145735][ T7486] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 233.145766][ T7486] RSP: 002b:00007f8d0b5df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 233.145798][ T7486] RAX: ffffffffffffffda RBX: 00007f8d0aa15fa0 RCX: 00007f8d0a79ce59 [ 233.145819][ T7486] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 233.145838][ T7486] RBP: 00007f8d0a832d6f R08: 0000000000000000 R09: 0000000000000000 [ 233.145857][ T7486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 233.145876][ T7486] R13: 00007f8d0aa16038 R14: 00007f8d0aa15fa0 R15: 00007ffda9c1ee08 [ 233.145920][ T7486] [ 233.916097][ T7498] random: crng reseeded on system resumption [ 236.599885][ T7522] bond0: invalid ARP target specified [ 236.665000][ T7522] nbd: socks must be embedded in a SOCK_ITEM attr [ 236.674529][ T7522] block nbd0: shutting down sockets [ 236.741681][ T7522] netlink: 28 bytes leftover after parsing attributes in process `syz.2.347'. [ 236.797494][ T7522] team0 (unregistering): Port device team_slave_0 removed [ 236.846742][ T7522] team0 (unregistering): Port device team_slave_1 removed [ 236.890008][ T7514] kexec: Could not allocate control_code_buffer [ 237.534945][ T7533] zswap: compressor not available [ 238.464456][ T7552] FAULT_INJECTION: forcing a failure. [ 238.464456][ T7552] name failslab, interval 1, probability 0, space 0, times 0 [ 238.508062][ T7552] CPU: 0 UID: 0 PID: 7552 Comm: syz.1.353 Not tainted syzkaller #0 PREEMPT(full) [ 238.508108][ T7552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 238.508128][ T7552] Call Trace: [ 238.508139][ T7552] [ 238.508152][ T7552] dump_stack_lvl+0x100/0x190 [ 238.508216][ T7552] should_fail_ex.cold+0x5/0xa [ 238.508260][ T7552] ? ops_init+0x77/0x5f0 [ 238.508294][ T7552] should_failslab+0xc2/0x120 [ 238.508334][ T7552] __kmalloc_noprof+0xe0/0x850 [ 238.508389][ T7552] ? mutex_init_lockdep+0xf1/0x120 [ 238.508428][ T7552] ops_init+0x77/0x5f0 [ 238.508467][ T7552] setup_net+0x118/0x3a0 [ 238.508506][ T7552] ? __pfx_setup_net+0x10/0x10 [ 238.508542][ T7552] ? mutex_init_lockdep+0xf1/0x120 [ 238.508582][ T7552] copy_net_ns+0x46f/0x7c0 [ 238.508627][ T7552] create_new_namespaces+0x3ea/0xac0 [ 238.508679][ T7552] unshare_nsproxy_namespaces+0xf2/0x220 [ 238.508734][ T7552] ksys_unshare+0x438/0xab0 [ 238.508786][ T7552] ? __pfx_ksys_unshare+0x10/0x10 [ 238.508833][ T7552] ? xfd_validate_state+0x129/0x190 [ 238.508865][ T7552] ? exit_to_user_mode_loop+0xf3/0x670 [ 238.508938][ T7552] __x64_sys_unshare+0x31/0x40 [ 238.508988][ T7552] do_syscall_64+0x115/0x840 [ 238.509036][ T7552] ? clear_bhb_loop+0x40/0x90 [ 238.509077][ T7552] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.509113][ T7552] RIP: 0033:0x7f288b79ce59 [ 238.509142][ T7552] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 238.509174][ T7552] RSP: 002b:00007f288c6bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 238.509206][ T7552] RAX: ffffffffffffffda RBX: 00007f288ba16090 RCX: 00007f288b79ce59 [ 238.509227][ T7552] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 238.509247][ T7552] RBP: 00007f288b832d6f R08: 0000000000000000 R09: 0000000000000000 [ 238.509265][ T7552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 238.509284][ T7552] R13: 00007f288ba16128 R14: 00007f288ba16090 R15: 00007ffdda9161c8 [ 238.509327][ T7552] [ 239.770115][ T7567] FAULT_INJECTION: forcing a failure. [ 239.770115][ T7567] name failslab, interval 1, probability 0, space 0, times 0 [ 239.810899][ T7567] CPU: 0 UID: 0 PID: 7567 Comm: syz.2.357 Not tainted syzkaller #0 PREEMPT(full) [ 239.810930][ T7567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 239.810944][ T7567] Call Trace: [ 239.810951][ T7567] [ 239.810960][ T7567] dump_stack_lvl+0x100/0x190 [ 239.811004][ T7567] should_fail_ex.cold+0x5/0xa [ 239.811034][ T7567] should_failslab+0xc2/0x120 [ 239.811063][ T7567] __kmalloc_cache_noprof+0x7a/0x6f0 [ 239.811097][ T7567] ? dummy_hrtimer_create+0x45/0x170 [ 239.811139][ T7567] dummy_hrtimer_create+0x45/0x170 [ 239.811174][ T7567] ? __pfx_dummy_hrtimer_create+0x10/0x10 [ 239.811231][ T7567] dummy_pcm_open+0xc1/0x5b0 [ 239.811267][ T7567] snd_pcm_open_substream+0xa76/0x1850 [ 239.811293][ T7567] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 239.811316][ T7567] ? lockdep_init_map_type+0x5c/0x250 [ 239.811357][ T7567] ? lockdep_init_map_type+0x5c/0x250 [ 239.811401][ T7567] snd_pcm_oss_open+0x735/0x1390 [ 239.811452][ T7567] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 239.811486][ T7567] ? __lock_acquire+0x4a5/0x2630 [ 239.811524][ T7567] ? __pfx_default_wake_function+0x10/0x10 [ 239.811558][ T7567] ? __lock_acquire+0x4a5/0x2630 [ 239.811602][ T7567] ? do_raw_spin_lock+0x128/0x260 [ 239.811630][ T7567] ? soundcore_open+0x231/0x5a0 [ 239.811662][ T7567] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 239.811699][ T7567] soundcore_open+0x2e3/0x5a0 [ 239.811731][ T7567] ? __pfx_soundcore_open+0x10/0x10 [ 239.811761][ T7567] chrdev_open+0x234/0x6a0 [ 239.811790][ T7567] ? __pfx_apparmor_file_open+0x10/0x10 [ 239.811817][ T7567] ? __pfx_chrdev_open+0x10/0x10 [ 239.811849][ T7567] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 239.811888][ T7567] do_dentry_open+0x6ab/0x14d0 [ 239.811917][ T7567] ? __pfx_chrdev_open+0x10/0x10 [ 239.811953][ T7567] vfs_open+0x82/0x3f0 [ 239.811992][ T7567] path_openat+0x208c/0x31a0 [ 239.812032][ T7567] ? __pfx_path_openat+0x10/0x10 [ 239.812115][ T7567] do_file_open+0x20e/0x430 [ 239.812158][ T7567] ? __pfx_do_file_open+0x10/0x10 [ 239.812209][ T7567] ? alloc_fd+0x476/0x790 [ 239.812242][ T7567] ? do_getname+0x191/0x390 [ 239.812281][ T7567] do_sys_openat2+0x10d/0x1e0 [ 239.812319][ T7567] ? __pfx_do_sys_openat2+0x10/0x10 [ 239.812367][ T7567] __x64_sys_openat+0x12d/0x210 [ 239.812405][ T7567] ? __pfx___x64_sys_openat+0x10/0x10 [ 239.812448][ T7567] ? __task_pid_nr_ns+0x1ca/0x510 [ 239.812488][ T7567] ? rcu_is_watching+0x12/0xc0 [ 239.812520][ T7567] do_syscall_64+0x115/0x840 [ 239.812554][ T7567] ? clear_bhb_loop+0x40/0x90 [ 239.812583][ T7567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.812608][ T7567] RIP: 0033:0x7f8d0a79ce59 [ 239.812627][ T7567] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 239.812663][ T7567] RSP: 002b:00007f8d0b5df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 239.812685][ T7567] RAX: ffffffffffffffda RBX: 00007f8d0aa15fa0 RCX: 00007f8d0a79ce59 [ 239.812700][ T7567] RDX: 0000000000020342 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 239.812715][ T7567] RBP: 00007f8d0a832d6f R08: 0000000000000000 R09: 0000000000000000 [ 239.812729][ T7567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 239.812742][ T7567] R13: 00007f8d0aa16038 R14: 00007f8d0aa15fa0 R15: 00007ffda9c1ee08 [ 239.812771][ T7567] [ 240.231711][ T5642] Bluetooth: hci0: unexpected event 0x12 length: 19 > 8 [ 240.861109][ T7585] netlink: 504 bytes leftover after parsing attributes in process `syz.3.362'. [ 241.119140][ T7580] ================================================================== [ 241.119158][ T7580] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 241.119209][ T7580] Write of size 8 at addr ffffc90004d61000 by task syz.1.360/7580 [ 241.119235][ T7580] [ 241.119248][ T7580] CPU: 1 UID: 0 PID: 7580 Comm: syz.1.360 Not tainted syzkaller #0 PREEMPT(full) [ 241.119283][ T7580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 241.119302][ T7580] Call Trace: [ 241.119312][ T7580] [ 241.119331][ T7580] dump_stack_lvl+0x100/0x190 [ 241.119386][ T7580] print_report+0x13d/0x4b0 [ 241.119430][ T7580] ? _raw_spin_lock_irqsave+0x52/0x60 [ 241.119476][ T7580] ? sys_imageblit+0x19fb/0x1d60 [ 241.119516][ T7580] kasan_report+0xdf/0x1d0 [ 241.119554][ T7580] ? sys_imageblit+0x19fb/0x1d60 [ 241.119598][ T7580] sys_imageblit+0x19fb/0x1d60 [ 241.119650][ T7580] ? printk_get_next_message+0x30a/0x6c0 [ 241.119688][ T7580] ? __pfx_sys_imageblit+0x10/0x10 [ 241.119728][ T7580] ? desc_read+0x2e2/0x380 [ 241.119776][ T7580] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 241.119830][ T7580] soft_cursor+0x524/0xa10 [ 241.119864][ T7580] ? fb_get_color_depth+0x120/0x250 [ 241.119914][ T7580] bit_cursor+0xca1/0x1490 [ 241.119949][ T7580] ? __pfx_bit_cursor+0x10/0x10 [ 241.119985][ T7580] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 241.120027][ T7580] ? get_color+0x1da/0x450 [ 241.120071][ T7580] ? __pfx_bit_cursor+0x10/0x10 [ 241.120128][ T7580] fbcon_cursor+0x43c/0x5e0 [ 241.120190][ T7580] ? gcd+0x9a/0x270 [ 241.120225][ T7580] fbcon_scroll+0x21f/0x650 [ 241.120276][ T7580] con_scroll+0x464/0x690 [ 241.120331][ T7580] lf+0x26e/0x2c0 [ 241.120367][ T7580] ? __pfx_lf+0x10/0x10 [ 241.120405][ T7580] do_con_write+0xcdd/0x4a10 [ 241.120439][ T7580] ? trace_contention_end+0x122/0x170 [ 241.120475][ T7580] ? __pfx_do_con_write+0x10/0x10 [ 241.120510][ T7580] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 241.120559][ T7580] con_write+0x23/0xb0 [ 241.120593][ T7580] n_tty_write+0x431/0x11c0 [ 241.120644][ T7580] ? __pfx_n_tty_write+0x10/0x10 [ 241.120685][ T7580] ? trace_kmalloc+0xe3/0x110 [ 241.120717][ T7580] ? __pfx_woken_wake_function+0x10/0x10 [ 241.120749][ T7580] ? rcu_is_watching+0x12/0xc0 [ 241.120778][ T7580] ? file_tty_write.isra.0+0x694/0x890 [ 241.120812][ T7580] ? kfree+0x1dd/0x6c0 [ 241.120849][ T7580] ? __pfx_n_tty_write+0x10/0x10 [ 241.120911][ T7580] file_tty_write.isra.0+0x4d2/0x890 [ 241.120958][ T7580] redirected_tty_write+0xd4/0x120 [ 241.120994][ T7580] vfs_write+0x6ac/0x1070 [ 241.121025][ T7580] ? __pfx_redirected_tty_write+0x10/0x10 [ 241.121065][ T7580] ? __pfx_vfs_write+0x10/0x10 [ 241.121094][ T7580] ? find_held_lock+0x2b/0x80 [ 241.121139][ T7580] ksys_write+0x12a/0x250 [ 241.121170][ T7580] ? __pfx_ksys_write+0x10/0x10 [ 241.121203][ T7580] ? rcu_is_watching+0x12/0xc0 [ 241.121236][ T7580] do_syscall_64+0x115/0x840 [ 241.121274][ T7580] ? clear_bhb_loop+0x40/0x90 [ 241.121307][ T7580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.121354][ T7580] RIP: 0033:0x7f288b79ce59 [ 241.121375][ T7580] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 241.121402][ T7580] RSP: 002b:00007f288c6bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 241.121428][ T7580] RAX: ffffffffffffffda RBX: 00007f288ba16090 RCX: 00007f288b79ce59 [ 241.121447][ T7580] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 000000000000000a [ 241.121464][ T7580] RBP: 00007f288b832d6f R08: 0000000000000000 R09: 0000000000000000 [ 241.121481][ T7580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.121497][ T7580] R13: 00007f288ba16128 R14: 00007f288ba16090 R15: 00007ffdda9161c8 [ 241.121524][ T7580] [ 241.121534][ T7580] [ 241.121541][ T7580] The buggy address belongs to a vmalloc virtual mapping [ 241.121559][ T7580] Memory state around the buggy address: [ 241.121574][ T7580] ffffc90004d60f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 241.121607][ T7580] ffffc90004d60f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 241.121627][ T7580] >ffffc90004d61000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 241.121642][ T7580] ^ [ 241.121656][ T7580] ffffc90004d61080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 241.121675][ T7580] ffffc90004d61100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 241.121695][ T7580] ================================================================== [ 241.155011][ T7580] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 241.155043][ T7580] CPU: 1 UID: 0 PID: 7580 Comm: syz.1.360 Not tainted syzkaller #0 PREEMPT(full) [ 241.155072][ T7580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 241.155087][ T7580] Call Trace: [ 241.155094][ T7580] [ 241.155103][ T7580] dump_stack_lvl+0x100/0x190 [ 241.155148][ T7580] vpanic+0x552/0x970 [ 241.155170][ T7580] ? __pfx_vpanic+0x10/0x10 [ 241.155214][ T7580] ? sys_imageblit+0x19fb/0x1d60 [ 241.155244][ T7580] panic+0xd1/0xe0 [ 241.155265][ T7580] ? __pfx_panic+0x10/0x10 [ 241.155289][ T7580] ? sys_imageblit+0x19fb/0x1d60 [ 241.155320][ T7580] ? preempt_schedule_common+0x42/0xc0 [ 241.155357][ T7580] check_panic_on_warn.cold+0x19/0x34 [ 241.155382][ T7580] end_report.part.0+0x3a/0x90 [ 241.155417][ T7580] kasan_report.cold+0xe/0x18 [ 241.155452][ T7580] ? sys_imageblit+0x19fb/0x1d60 [ 241.155486][ T7580] sys_imageblit+0x19fb/0x1d60 [ 241.155517][ T7580] ? printk_get_next_message+0x30a/0x6c0 [ 241.155548][ T7580] ? __pfx_sys_imageblit+0x10/0x10 [ 241.155586][ T7580] ? desc_read+0x2e2/0x380 [ 241.155625][ T7580] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 241.155667][ T7580] soft_cursor+0x524/0xa10 [ 241.155694][ T7580] ? fb_get_color_depth+0x120/0x250 [ 241.155734][ T7580] bit_cursor+0xca1/0x1490 [ 241.155761][ T7580] ? __pfx_bit_cursor+0x10/0x10 [ 241.155790][ T7580] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 241.155825][ T7580] ? get_color+0x1da/0x450 [ 241.155860][ T7580] ? __pfx_bit_cursor+0x10/0x10 [ 241.155883][ T7580] fbcon_cursor+0x43c/0x5e0 [ 241.155920][ T7580] ? gcd+0x9a/0x270 [ 241.155944][ T7580] fbcon_scroll+0x21f/0x650 [ 241.155983][ T7580] con_scroll+0x464/0x690 [ 241.156014][ T7580] lf+0x26e/0x2c0 [ 241.156039][ T7580] ? __pfx_lf+0x10/0x10 [ 241.156071][ T7580] do_con_write+0xcdd/0x4a10 [ 241.156103][ T7580] ? trace_contention_end+0x122/0x170 [ 241.156134][ T7580] ? __pfx_do_con_write+0x10/0x10 [ 241.156166][ T7580] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 241.156209][ T7580] con_write+0x23/0xb0 [ 241.156240][ T7580] n_tty_write+0x431/0x11c0 [ 241.156283][ T7580] ? __pfx_n_tty_write+0x10/0x10 [ 241.156321][ T7580] ? trace_kmalloc+0xe3/0x110 [ 241.156349][ T7580] ? __pfx_woken_wake_function+0x10/0x10 [ 241.156377][ T7580] ? rcu_is_watching+0x12/0xc0 [ 241.156419][ T7580] ? file_tty_write.isra.0+0x694/0x890 [ 241.156447][ T7580] ? kfree+0x1dd/0x6c0 [ 241.156477][ T7580] ? __pfx_n_tty_write+0x10/0x10 [ 241.156511][ T7580] file_tty_write.isra.0+0x4d2/0x890 [ 241.156543][ T7580] redirected_tty_write+0xd4/0x120 [ 241.156575][ T7580] vfs_write+0x6ac/0x1070 [ 241.156601][ T7580] ? __pfx_redirected_tty_write+0x10/0x10 [ 241.156631][ T7580] ? __pfx_vfs_write+0x10/0x10 [ 241.156654][ T7580] ? find_held_lock+0x2b/0x80 [ 241.156689][ T7580] ksys_write+0x12a/0x250 [ 241.156713][ T7580] ? __pfx_ksys_write+0x10/0x10 [ 241.156739][ T7580] ? rcu_is_watching+0x12/0xc0 [ 241.156765][ T7580] do_syscall_64+0x115/0x840 [ 241.156795][ T7580] ? clear_bhb_loop+0x40/0x90 [ 241.156820][ T7580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.156842][ T7580] RIP: 0033:0x7f288b79ce59 [ 241.156860][ T7580] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 241.156881][ T7580] RSP: 002b:00007f288c6bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 241.156902][ T7580] RAX: ffffffffffffffda RBX: 00007f288ba16090 RCX: 00007f288b79ce59 [ 241.156918][ T7580] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 000000000000000a [ 241.156931][ T7580] RBP: 00007f288b832d6f R08: 0000000000000000 R09: 0000000000000000 [ 241.156945][ T7580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.156958][ T7580] R13: 00007f288ba16128 R14: 00007f288ba16090 R15: 00007ffdda9161c8 [ 241.156979][ T7580] [ 241.157600][ T7580] Kernel Offset: disabled