last executing test programs: 8.282703035s ago: executing program 1 (id=677): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x1, 0x0) (async) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r0) (async) msgctl$auto(0x0, 0x28, &(0x7f0000000140)={{0x9, 0xee00, 0x0, 0xe, 0x8, 0x200}, &(0x7f00000000c0)=0x4, &(0x7f0000000100), 0x5, 0xfffffffffffeffff, 0x1, 0x7, 0x1, 0x24, 0x1, 0x7, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff}) sendmsg$auto_NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000001c0)={0x1f0, r2, 0x2, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x4}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5}, @NL802154_ATTR_SCAN_DONE_REASON={0x5, 0x25, 0x10}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0xe3}, @NL802154_ATTR_COORDINATOR={0x1b4, 0x1e, 0x0, 0x1, [@typed={0x14, 0x102, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @typed={0x8, 0x92, 0x0, 0x0, @uid=r3}, @generic="aa0596cd226816c33708446f3f8d4c208665a72dd9cbf38b88c9d48c5886bb170d576dbf0e17382bd5e83642cd569963e80513d53c039da6e313c3f48aa240383d760840904547440e588ce7bf0526e4bbc9d79acbdcfe0250765c7efb88c21544823149e10f0877fc4a23d0e0eed1f1b73fedd3f19fb86f1188294bf2c78054eba5b094e1acaa1a0dfb8ce0c9d3e577fdf6264caee51c0c772c1ff5027955c410610aca23db5618f84c8ed0d6111e2a4eff0c", @nested={0xbd, 0xc3, 0x0, 0x1, [@generic="f2d62ea2eb8a9398e1c64c60ec494ce1b152e9dd2e6fb4907fafe3620d7fb8c59ad8cd9bd5be3bd196185539609dafad3c173729d3e2c23afac07ed38dca1bb0ed4f918f562057c8cb3d40fb32bd354d48efebac36384b6fcb84adea5780bab0cf005e7d2f6f70f4e2e4ff50e749a3aad32df815e105dffb8435d39397e522d2de85b5016fd43e03461e6a6c47bf5862009f39c9fd9e6235e15aed96032f6de2df2bbc697c572133a974c2ae01b0e70fd81e3813815fd6c826"]}, @generic="857dcc5d2a5bbefbb3485fb26ee3e58736d97f4cd857498ae24c6620ad3bb49dba"]}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5, 0x1a, 0xa}]}, 0x1f0}, 0x1, 0x0, 0x0, 0x4}, 0x40850) pwrite64$auto(r0, &(0x7f0000000000)='\x00', 0x3, 0x800) get_robust_list$auto(0x0, 0x0, 0x0) (async) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) (async) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) (async) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 7.605366542s ago: executing program 3 (id=680): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r1) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0xa, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_PEER_REMOVE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}, 0x1, 0x0, 0x0, 0x48891}, 0x20) (async) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) (async) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r3) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GROUP(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000200)={0x38, r2, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x1}]}, @NET_SHAPER_A_LEAVES={0x10, 0xa, 0x0, 0x1, [@NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x2}]}]}, @NET_SHAPER_A_IFINDEX={0x8, 0x8, r4}]}, 0x38}, 0x1, 0x0, 0x0, 0x44000}, 0x14) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) (async) timer_create$auto(0x9, 0x0, 0x0) (async) read$auto(0x3, 0x0, 0x8080) (async) socket(0xa, 0x1, 0x100) (async) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) (async) fsconfig$auto(r0, 0x800, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_abort_count\x00', 0x0, 0x0) (async) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, &(0x7f00000001c0), 0x0) (async) process_mrelease$auto(0xffffffffffffffff, 0xa) (async) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$auto_BCH_IOCTL_DISK_GET_IDX(r5, 0x4008bc0d, &(0x7f0000000240)={0x8}) (async) write$auto(r5, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) (async) mkdir$auto(&(0x7f0000000100)='./file0\x00', 0xff) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0x802, 0x0) (async) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) 7.55627007s ago: executing program 1 (id=681): socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x1000000000000e, 0x6, 0x1a) madvise$auto(0x0, 0x2003f2, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40851}, 0x24008845) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/pagemap\x00', 0x309801, 0x0) r2 = getpid() waitid$auto_P_PID(0x1, r2, &(0x7f0000000200)={@siginfo_0_0={0x87f, 0xff, 0x8, @_sigsys={&(0x7f0000000180), 0xffffffff, 0x7}}}, 0x1, &(0x7f0000000340)={{0x1, 0x8}, {0x8000000, 0x9}, 0x8, 0x6, 0x8, 0x1, 0x9, 0x6, 0x69, 0x3, 0x6, 0x0, 0x2, 0x37, 0x4, 0x6}) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/nbd2/mq/0/nr_reserved_tags\x00', 0x8200, 0x0) read$auto(r3, 0x0, 0x20) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f0000001480)=@enable_stats={0x8}, 0x2) r4 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r4, &(0x7f0000000480)=""/4083, 0xff3) 6.595615617s ago: executing program 0 (id=685): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000100)=""/4096, 0x1000) setsockopt$auto_SO_CNX_ADVICE(r0, 0xfff, 0x35, &(0x7f0000001500)='\x00', 0x9) mmap$auto(0x0, 0x400, 0x9f, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000001ac0), r1) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001180), r1) sendmsg$auto_NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000005}, 0x40011) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_RTC_ALM_READ(r1, 0x80247008, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = socket(0x15, 0x5, 0x0) connect$auto(r2, &(0x7f0000000000)=@llc={0x1a, 0x201, 0xdf, 0x0, 0xe2, 0x2, @link_local}, 0x2) ioctl$auto_SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x1e, 0x1, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001580), r0) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) execveat$auto(0xffffffffffffffff, 0x0, &(0x7f0000001480)=&(0x7f0000001200)='[\x00', 0x0, 0x80) statx$auto(0xffffffffffffff9c, &(0x7f0000001240)=':,\x00', 0x0, 0x9000000, &(0x7f0000001280)={0x4, 0xac, 0xfffffffffffffffb, 0x1, 0xee00, 0x0, 0x7, 0x100, 0xa, 0x8001, 0x2, 0x0, {0x4, 0x7}, {0x3, 0x3274925}, {0x1, 0x4}, {0x180000000000000, 0x400}, 0x10001, 0x3, 0x8, 0x727, 0x33, 0x8, 0xfffffffd, 0xfffffffffffffffd, 0xfffffffe, 0x401, 0x3, 0xc58, [0x5, 0xa71d, 0x7df5, 0x6, 0x9, 0x0, 0x8000, 0x6, 0x81]}) r5 = wait4$auto(0x0, &(0x7f0000001380)=0x7, 0x6, &(0x7f00000013c0)={{0xc000000, 0x4}, {0x80000048, 0x7}, 0x55f, 0xa4ac, 0x12, 0x1, 0x2, 0x1, 0x100, 0x9, 0x45, 0x7, 0x6, 0xfffffffffffffeff, 0x81, 0x1b}) shmctl$auto_IPC_INFO(0x2, 0x3, &(0x7f0000001580)={{0x8, 0x0, r4, 0x7bf, 0x19, 0x7ff, 0x8001}, 0x3, 0x1, 0x3, 0x4, @inferred=r5, @raw=0x101, 0xe641, 0x0, 0x0, &(0x7f0000001540)="65c8e2dc93f86ac11fb36326c1fbced2a465fc8969"}) sendmsg$auto_ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x1000) r6 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x208040, 0x0) pread64$auto(r6, &(0x7f0000000080)='nl80211\x00', 0x1, 0x7291) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi0\x00', 0x80382, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 6.315804832s ago: executing program 3 (id=687): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) syz_clone(0x1800, &(0x7f0000000000)="9ef017faf840ab3cf46864dc2b077f450bc001b1eaf7816ec526b715dcc95c81f2a6c5c216891d7e4bcd751a2030309d7055a32c18a77dc4cf4c326076ae36a1c73bc82501a9b47be115b35141d89167600d76e913c9", 0x56, 0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x24008895}, 0x20000800) (async, rerun: 32) unshare$auto(0x40000080) (async, rerun: 32) set_mempolicy$auto(0x2, 0x0, 0x4) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fdfffff, 0xf0ee, 0x40020009, 0x3, "790eaa833e6fc65b6b3cf705001900ffff8eac2cdafc1f64010043eeb0b0530300000000000e00", @raw=0x4}, 0x4, 0x966, 0x3, @raw=0x4, @integer={0x100000000, 0x2000000b752, 0x1}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) (async, rerun: 64) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (rerun: 64) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 32) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 32) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64) prctl$auto(0x8, 0x1, 0x0, 0x5, 0x97a) (rerun: 64) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) socket(0x2, 0x1, 0x0) prctl$auto(0x29, 0x0, 0x0, 0x0, 0x0) (async) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x80302, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x9) (async, rerun: 64) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) (rerun: 64) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='l\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) (async, rerun: 32) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x200000000000, 0x9}, 0x7}, 0x3, 0x0) 5.634466397s ago: executing program 1 (id=690): mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x27ff) (async) msgsnd$auto(0x0, &(0x7f0000000000)={0x1, 0x5}, 0x8, 0x9) msgrcv$auto(0x0, 0x0, 0xff9, 0xfffffffffffffffc, 0xb4) (async) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) eventfd$auto(0x8e) (async) r0 = socket(0x2, 0x2, 0x0) getsockopt$auto_SO_BPF_EXTENSIONS(r0, 0x70000, 0x30, 0x0, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/rose8/carrier_changes\x00', 0x40, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000340)=""/200, 0xc8) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r3, 0x4040ae79, r4) close_range$auto(0x2, 0x8, 0x0) (async) r5 = pipe$auto(&(0x7f0000000040)=0xffffffffffffffff) tee$auto(r6, r5, 0x5, 0x8) (async) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x100, 0x4000000000df, 0x80000000eb1, 0x401, 0x8000) (async) socket(0x10, 0x2, 0x0) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x408, 0x3, 0x1, 0x3, 0x8a, 0x4, r2, [0x100, 0x7, 0x7f], {0x2, 0x7, 0x2, 0xe, 0x8f, 0x5, 0x5, 0xfffffff9, 0x6}, {0x4, 0x6, 0x0, 0xbffff000, 0x8, 0x20b85, 0x5, 0x837, 0x8}}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='_\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5.611648646s ago: executing program 0 (id=691): r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/dri/vkms/name\x00', 0x2b900, 0x0) lseek$auto(r0, 0x9, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd0\x00', 0x0, 0x0) (async, rerun: 64) open(&(0x7f00000001c0)='./file0\x00', 0x60142, 0x130) (async, rerun: 64) mmap$auto(0x0, 0x2000d, 0x4000000000e3, 0xeb1, 0x401, 0x8000) (rerun: 64) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async) r2 = open(0x0, 0x261c2, 0x84) (async) openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, 0x0, 0x40aa2, 0x0) (async) r3 = userfaultfd$auto(0x1) statx$auto(r3, 0x0, 0x1000, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0xa, 0x2, 0x88) (async, rerun: 32) bpf$auto(0x0, &(0x7f0000000340)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x8, 0x5, 0xffffffffffffffff, @relative_fd=r1, 0xe600}, 0xf) (async, rerun: 32) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, r2, 0x0, 0x2}, 0xc) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r4 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='\\\x00\x00', @ANYBLOB="01002dbd7000f9dbdf2501000000060002000100000005000700570000000800090108000000050004000300000014001f00fe88000000000000000000000000000114002000ff010000000000000000000000000001"], 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) sendmsg$auto_MAC802154_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, 0x0, 0x20000080) setrlimit$auto(0x1000000007, 0x0) (async) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) (async) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async) write$auto(r4, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587) ioctl$auto_SG_GET_PACK_ID(r4, 0x227c, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7fff) (async) r5 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x280, 0x0) ioctl$auto_SNDCTL_SEQ_TESTMIDI(r5, 0x40045108, &(0x7f00000000c0)) 5.180275571s ago: executing program 0 (id=693): read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/247, 0xf7) 4.739456959s ago: executing program 0 (id=696): mmap$auto(0xffffffffffffffff, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x20040884) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/free_hugepages\x00', 0x22040, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) close_range$auto(0x2, 0x8, 0xfffffd) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x802, &(0x7f00000001c0)={0x0, 0x4da}, 0xa, 0x0, 0x10001, 0x801}, 0xff9}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x20000) sendmmsg$auto(0x3, &(0x7f0000000180)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x6}, 0x8}, 0xffffffff, 0x1) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r4, 0xaf01, 0x5) r5 = getpgid$auto(0x0) rt_sigqueueinfo$auto(r5, 0x101, &(0x7f0000000080)={@siginfo_0_0={0x7ff, 0x4, 0xee1, @_timer={r5, 0xff800000, @sival_ptr=&(0x7f0000000280)="a42e0959935b813b984b8afe4fa28f4bff16e9326a37ac", 0x4}}}) mmap$auto(0x0, 0x7ffffffffffffffb, 0xffffffffffffffff, 0xeb5, 0xfffffffffffffffa, 0x4008003) madvise$auto(0x0, 0xffffffffffff0005, 0x17) getsockopt$auto_SO_RCVMARK(r3, 0x2, 0x4b, &(0x7f0000000000)='#.\x00', &(0x7f0000000140)=0xd650) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000040), 0xb3f79ab193b54bfe, 0x0) mmap$auto(0x0, 0x750a, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(r4, r0, 0x0) clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8000002) close_range$auto(0xffffffffffffffff, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') 4.633611273s ago: executing program 3 (id=697): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unlinkat$auto(r0, 0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) bpf$auto_BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)=@batch={0xc0cb, 0x5, 0xd3f, 0x80000000, 0x2, 0xffffffffffffffff, 0xe5a6, 0xff}, 0x4) r3 = io_uring_setup$auto(0x5, 0x0) mknod$auto(&(0x7f0000000580)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_', 0x1081, 0x9) acct$auto(&(0x7f0000000480)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e') open(&(0x7f0000000100)='./cgroup.cpu/cgroup.procs\x00', 0x880c2, 0x95) close_range$auto(0x2, r3, 0x0) acct$auto(&(0x7f0000000280)='/sys/devices/virtual/mtd/mtd0/size\x00') socket(0x2, 0x80000, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r4) sendmsg$auto_TIPC_NL_NET_SET(r4, &(0x7f00000079c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x2) r5 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r5, 0x10f, 0x87, 0x0, 0x14) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r1, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000340)={0x18, r2, 0x1, 0x70bd2a, 0x25dfdc01, {}, [@ETHTOOL_A_RINGS_HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x90}, 0x80000) 4.116426447s ago: executing program 0 (id=698): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0xcb4, 0x6) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) fchdir$auto(0xffffffffffffffff) mmap$auto(0x2, 0x202000d, 0x20003, 0xebe, 0xfffffffffffffffa, 0x8001) msgctl$auto_IPC_RMID(0x4000005, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x80011, 0x0) r3 = openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/max_vfs\x00', 0x2042, 0x0) write$auto(r3, 0x0, 0xffffff7f) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/fib_multipath_hash_policy\x00', 0x202, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) capset$auto(&(0x7f0000000240)={0x10000}, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r4 = socket(0x18, 0x1, 0xb) setsockopt$auto(r4, 0x104000000000010e, 0x1, 0x0, 0x16) write$auto_seq_oss_f_ops_seq_oss(r2, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000280)='/dev/radio7\x00', 0x3c1583, 0x0) unshare$auto(0xfff) poll$auto(&(0x7f0000000080)={0x3, 0x1, 0x83e7}, 0x5, 0xb) write$auto(0xffffffffffffffff, 0x0, 0x81) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x200, &(0x7f0000000180)="1f6f030240a4c5c7fa6f60f851282e52d0279825f96c4d226c0888165b3d7562142601b71a8503d5ffc911b0ae3b718d1a3dd58c0db05e27a3a3bbfbb8d4827a756d24075ff724bd26b1ab312c686e26beece04b183131ba16a7478360e74a4f9a37556537c590db8336a7dea8371f647d191fa7373b7425ab96f50a9ffaa425d55a8bc629") close_range$auto(0x2, 0xa, 0x0) 2.918390467s ago: executing program 2 (id=700): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x1, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYBLOB='^\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) getsockopt$auto(r0, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x18) 2.595281797s ago: executing program 2 (id=701): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/erspan0/queues/tx-0/byte_queue_limits/inflight\x00', 0x88040, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) (async) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) (async) socket(0x1e, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) (async) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) mmap$auto(0x0, 0x8, 0x1000000016, 0x13, 0x3, 0x400180000000) ftruncate$auto(0x3, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4106, 0x100a) 2.383629209s ago: executing program 2 (id=702): mmap$auto(0x0, 0x1, 0xdf, 0x9b72, 0x2, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x7f0) chroot$auto(&(0x7f0000000080)='}[,&*}\x00') r0 = openat$auto_fuse_dir_operations_dir(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x40000, 0x0) mount$auto(&(0x7f0000000000)='caif0\x00', &(0x7f00000001c0)='}[,&*}\x00', &(0x7f0000000200)=']+]%\x00', 0x6, &(0x7f0000000240)="60fd6b6d4224557fc5d7fdf198d275faac015fadb45c90b0abfc14ca55c08e98b1b512c0897468be0ca9657ddd090121accbabd290ba72ee663210f77bd458d0ee119a0b2519f6d5b1dd09feb63782e54b9c4bdbb2a22b049cb754b2fede6b638ac0432528694fa87ae70fab59c6f7f7f65838a4b25c076050acab108c3f09ff6fa58d517185f7738eee01815c3eb7c5664b9a4e89446e7302e2c7350320f967c3cde41fea3de627609af7605cbf632653b450ff46958e468256f13bd52da011f893ad202f06") getsockopt$auto_SO_RCVTIMEO_OLD(r0, 0x8, 0x14, &(0x7f00000000c0)='!P@\x19\x00', &(0x7f0000000140)=0x4) chmod$auto(&(0x7f0000000180)='}[,&*}\x00', 0x4) 2.344234865s ago: executing program 1 (id=703): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x4) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010337bd7000ffdbdf25100000000c00018008"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x80000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/021/001\x00', 0x200, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1800", @ANYRES8=r2, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef) 2.135385643s ago: executing program 3 (id=704): read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/247, 0xf7) 2.120428123s ago: executing program 2 (id=705): unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f00000002c0)={0x0, 0x8}, 0x6, 0x3, 0xc3, 0x2f) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendto$auto(r1, 0x0, 0x200, 0xacf8, &(0x7f0000000040)=@generic={0xa, "e2db22544f514edb3a9aa40b2800"}, 0x1c) capset$auto(0x0, &(0x7f0000000000)={0xb213, 0x2c, 0x800}) listen$auto(r0, 0x0) setreuid$auto(0x4, 0x8) keyctl$auto_KEY_REQKEY_DEFL_SESSION_KEYRING(0x7, 0x3, 0x0, 0x0, 0x4) fcntl$auto_F_OFD_SETLK(r0, 0x25, 0x1) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) close_range$auto(0xffffffffffffffff, 0xa, 0x3) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRESHEX, @ANYRESHEX, @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4008010}, 0x0) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) setsockopt$auto(0x3, 0x0, 0x19, 0x0, 0x28) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r3, 0x1269, 0x0) ioctl$auto_MEMGETINFO(r3, 0x80204d01, 0x0) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x440a80, 0x0) mmap$auto(0x0, 0x402000b, 0x4af, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x1bfffe, 0x800097, 0x1, 0x0, 0x3, 0x1) ioctl$auto_TIOCSTI2(r2, 0x5412, 0x0) 1.935723241s ago: executing program 3 (id=706): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x2c, r2, 0x13, 0x70bd2c, 0x25dfdbdd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x1}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'pim6reg\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, r1, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xffff}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x80000001}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4004}, 0xc1) r7 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000b40), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_GET(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000b80)={0x20, r7, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@SMC_PNETID_NAME={0x9, 0x1, '-,]\'\x00'}]}, 0x20}}, 0x20000040) 1.473482091s ago: executing program 2 (id=707): unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000180), r0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/run_estimation\x00', 0x0, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r1, 0x0, 0x0) io_uring_setup$auto(0x89, 0x0) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/034/001\x00', 0x20882, 0x0) ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000240)={0x23, 0x1, 0x8, 0x5, 0x7ff, 0x7fb, 0x0}) close_range$auto(0x0, 0x5, 0x0) openat$auto_random_fops_random(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) epoll_create$auto(0x8) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) r3 = socket(0x2b, 0x1, 0x1) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) socket(0x10, 0x2, 0xc) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x200, 0x1) 1.191080755s ago: executing program 3 (id=708): r0 = prctl$auto(0x5, 0x80000000, 0x0, 0x78, 0x8) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_wakeup_sources_stats_fops_wakeup(0xffffffffffffff9c, 0x0, 0x40002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) sendmsg$auto_NL80211_CMD_SET_CQM(r0, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000c80)=ANY=[@ANYBLOB="1c0a00e83c45968da5b005de762500063250c3423e8c2f091dc8d23e1987be4554e40de74b6381b12b6dfcdfe4ad6dcc76", @ANYRES16=0x0, @ANYBLOB="00022abd7000fddbdf253f0000000800dc00ff0f00003904238014007000fe8000000000000000000000000000aad6012d80b149ec73aafd2a4dfef9ee8d082f6d516f06e690cc649474dae903b48233b65f8ea67d255b205305a4488b08004600", @ANYBLOB="485f191661f214be5f6bf967a8f1949392b6beec5170a4f98304fb015f880afc1b0a4c717e2552cc5744868d23659954a613090a6e0a233e15d3f5f039d7b2e85ba3011e0c82e014dd566ce3aa4644eb34ee88628937d48d67c2cfe208a28cdddb238c7841fa8d299d4b876c05dcb55380a6749c30dc3948cc3aa46b5143777894", @ANYBLOB="cc848679553b7dc65e8aced6a88e464668674476ee0094c8699f390a55698546b816040e17279e29f937ce6dc16467353e3e4557a95fdc37ebf8bd50d1afab3839b428b3cf28bf8a5add161ebd94353799a3b263ccaa259f3920e14824ded5eb970c8701cb5a84ed31e7550ca8f88d58a21c7ab9275d5b6acf52f062e6cb756af8ac4d2031473a5b2baf73ca81bed46c377dc20ff2523b4f2e239810ec0e1bfe84e3f30fa67fe2d4e31a8c963296fb35e8b7a16757e1d0f3011bee300cd12a0a5b780830970b4a12958667e04b91b28005b4ce9bb4eab4ff4222f84c096a8c6f7e8e318c7995bf019948db73ad5a0160895f8584e36a508de95b1ef038f79a29b6229310b98682d867c4c77be8b959c0f57d17bdb810ad18c80347c4fb35efe4f84b8e6c6fe332ea638e0d3a37f8e50e83c6523b01a2aba0248590ae1547e04e2a793f7a46d433e091d6ddb4b665f381d2c77168615f2f14c109daa502a1f6bb259822be9bb5e7503f0400178004000980242ea83bdb0fed86e7992c3013144da6fde48ddaca15bfb27f5d20235002efdbef0d9e165e99d626560f040057800000381569b1d8c6558ca68b675044aaa51c9b9fa12453019ee88f26220e2e96795f3eca31ff4ec2cdb4d8980b3daa8177a9dc5ec35f2ec46fed6f8709e3ae86534eced8a537572f53abe16145ed2926056ceaefdec5daff0f07bbb6b1cfd761b354831726ab30fb63a8891ca421f2b206fb472fec4e729ec8b3c88f37378fac1936b450fb5942f3b2970c4ede9e5e6c5db2887937533446a784aaf612074c5d5b632d0ba1704831523f3f0aee755a2a711e1cf1a28b838e375cc8f01e6c96f83a9631cbe446d931b8dddd1695b79e49e7ca7d611026658cadbe98bf214e54e4e33c0c3158c2a4f887a9f5ea1901d2861cac157a282e805f8377ac12ee1cfa7f228226eea32f41bd5d793bc800515f6b559022d92400d9002f70726f632f61736f756e642f63617264312f74696d65725f736f7572", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRESHEX, @ANYRES32=0x0, @ANYBLOB="1700f0003d4bc1fd6b9ecd85aca0c1d532aede345319f300c66db93f6fc97b1d2caa9146942c40b1822fc63b33dfa574fea547265378b3cbdf7c5a87566fc8907598ec94e32bfbc5e0c42a3c961a9be3ae2a84eef81e4e7b2d323f37d3099c3cd11bb94ddb8bd12ede3720e57c5009106c68b8ca1002cc8008004d0064010101149d41ffdab38ec0005a783e2a2d333ab1185e97aed3df1ba141067161a8f2a95695c1c88bf4fd6d80bde71f65a40a06bcb4f50cf99d4f45dd8eee3ed80ba30adbec42c3864f496b9503961330fa6b6425da9c97c2e5db8752c3a9135add66c7c80b64f00400878004008c8098010480f0", @ANYRES32=0x0, @ANYBLOB="950033006e055db177499c8c993bf41993878b3193cba4948e585a5e2ab08b34b84926646feafd74fad55f2de6a3a1dc145ff0765fadb5d0fd9655dc2a788cc0a373805cdcf89005bfb5fc49783f02de5301e4fcc53ae924c11c4049e9f16c17e743652d2e82952436630973c1a8c29b82c733ca2f44a85309b0744c1769bed085cff866296a3c925d838cf1d2a1601f0e2bfa5ba40000000400380000000400980004005580a9215c49373363bf65ac176f8e21caa4b263f84531fc9fa9dd8155df041aea807cb2e32f249c12e0bfa71dd3d304a60eb4cf3357f3e7dbccd6e8b33be2c2eb7c9ac55879009b01aa5aaeac49ae3c9a877848d2a9314bed5c0c22346fba5ba093158c7683344e78d0868df527021a864431a85a45f007eee626b1464a4c663dc605c19b4877117304731060d59f51a37f5286d30b513ee64f913cf30fbd93dbd1812b96443142d5e5896c2ce2027167502f50dc284cbd610f175a630408005f00ac1414aa0c000c00ff030000000000000400f380370052805ff10487131abcf0c257070387edfe428c68a2c22cd50e3da455732e7a34c2167d4d478d2b6a40a956d449d301742d4a72b24b0008004f00", @ANYRESOCT=r0, @ANYBLOB="200013801a0068002f707200002f6275732f7063692f30302f30312e33000000f4ca976516d7af97ea7e30e275582a9553daa8146eb339dc87e93468afd1fd8d5660cbf1bdd5a391e903737fd7c08e628cdb9084bc26fddbdd625db9d52b6da6c405154fd3d82ce438c8a559cffa7c8f33adf09d3ded830786075e9e99eff7a23cb35ee660ec4860cb97c25e925f0f74fea33dd9fc1b224f4ed142082d03a5e85fbb86005c80040051800800f300ac1414aa1400da00fe880000000000000000000000000001701dc6c79ca420ad0c3476b651a854100bcc58daada08aec6f99e4a33ab5959b2d116321e102966ccd0708992ab68a16e903b7628f2540355b9e32c357819f9695266ea1024b406a6a9af1f6461acea429390400268008005c00ec1414bb04006d8000000c001080080073005e925b00000049c9d774fd04542590e5a9bf2eec12c0c908582cfa32e8cf8dcb7c15"], 0xa1c}, 0x1, 0x0, 0x0, 0x80c0}, 0x4041) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000002f80), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1_vlan\x00', 0x0}) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r1, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)={0x2c, r2, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NETDEV_A_QUEUE_TYPE={0x8, 0x3, 0x1}, @NETDEV_A_QUEUE_ID={0x8}, @NETDEV_A_QUEUE_IFINDEX={0x8, 0x2, r3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x48001}, 0x4000800) syz_genetlink_get_family_id$auto_net_shaper(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x7) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) getrandom$auto(0x0, 0x3, 0x80000001) statmount$auto(0x0, &(0x7f0000000180)={0x9, 0xfffffffe, 0x44f, 0xa, 0x10, 0x1007181, 0x0, 0x62, 0x7, 0x800, 0x0, 0x26, 0x4, 0x200003fffffe, 0xfffffffffffffff5, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x862, 0xf, 0x22002, 0x200, 0x0, 0x62f, 0x6, 0x0, 0x0, 0x0, 0xb626, [0xfffffffffffffffe, 0xffffffffffff04ef, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e, 0x0, 0xa7, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x40, 0x81, 0x8a0, 0xb, 0x81, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100002, 0x0, 0x3ff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}, 0x800000000000b, 0xbc) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r4, 0x4b72, r5) ioctl$auto_MON_IOCG_STATS(r5, 0x80089203, &(0x7f00000003c0)={0xa71b, 0x10000}) r6 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r6, 0xfffffff7effffd0c, &(0x7f00000001c0)) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 1.149195175s ago: executing program 1 (id=709): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) mmap$auto(0x4, 0x20009, 0x804000000000df, 0xeb1, 0x401, 0x0) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mprotect$auto(0x80000000, 0x806121, 0x8) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSCOMPRESS(r0, 0x4010744d, &(0x7f0000000040)={0x0, 0xffff8000, 0x84}) r1 = prctl$auto(0x2, 0x7, 0x0, 0x2, 0x1) r2 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/fuse\x00', 0x1c1041, 0x0) sendfile$auto(r2, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0x10007}, {0x0, 0x800}}, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000280), 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000180), r1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioperm$auto(0x7, 0x6, 0x7fff) syz_clone3(&(0x7f00000000c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1adf82, 0x0) ioctl$auto(0x3, 0x80286f4e, r4) 476.598701ms ago: executing program 0 (id=710): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x80000001, 0x43d, 0x6, 0x8011, 0xffffffffffffffff, 0x4b) (async) mmap$auto(0x80000001, 0x43d, 0x6, 0x8011, 0xffffffffffffffff, 0x4b) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x4, r0, 0x1, 0x80) (async) prctl$auto(0x3e, 0x4, r0, 0x1, 0x80) write$auto(0xffffffffffffffff, 0x0, 0xfff) (async) write$auto(0xffffffffffffffff, 0x0, 0xfff) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r2, &(0x7f0000000040)='MAC80\x00154_HWSIM\x00', 0xfdef) r3 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder1\x00', 0x0, 0x0) socket(0xa, 0x3, 0x3a) getsockopt$auto(0x3, 0x0, 0xe, 0x0, 0x0) ioctl$auto_BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) (async) ioctl$auto_BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x106) (async) socket(0x2, 0x801, 0x106) openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/tracing_on\x00', 0x8001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/transparent_hugepage/khugepaged/max_ptes_none\x00', 0x183042, 0x0) socket(0x2c, 0x3, 0x0) (async) socket(0x2c, 0x3, 0x0) socket(0x2c, 0x3, 0x0) (async) socket(0x2c, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) (async) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r4, 0x541c, r5) syz_genetlink_get_family_id$auto_netdev(0x0, r2) (async) syz_genetlink_get_family_id$auto_netdev(0x0, r2) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) socket(0xa, 0x1, 0x84) 270.297184ms ago: executing program 2 (id=711): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x15, 0x5, 0x0) getsockopt$auto(r0, 0x114, 0x2714, 0xfffffffffffffffc, 0x0) io_uring_setup$auto(0x6, 0x0) mprotect$auto(0x0, 0x8, 0x9) r1 = socket(0x1d, 0x2, 0x7) getsockopt$auto(r1, 0x6b, 0x2, 0xfffffffffffffffe, 0x0) unshare$auto(0x40000080) mmap$auto(0xc8, 0xe2, 0x200000000000000d, 0xeb1, 0xffffffffffffffff, 0x8003) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000000100), 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x20004800) io_uring_setup$auto(0x6, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0) gettid() sendmmsg$auto(r2, &(0x7f0000000180)={{&(0x7f0000000040), 0xb8, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x9}, 0x1, 0x8008) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x101202, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r3, 0x4c01, 0x0) ioctl$auto_IOC_PR_RELEASE(r3, 0x401070ca, &(0x7f0000000000)={0x3, 0x6, 0x6}) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 1 (id=712): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000540)='/sys/kernel/reboot/force\x00', 0x143001, 0x0) write$auto(r0, &(0x7f0000000280)='\xff\xff\xff\xff\xff\xff\xff\x7f\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc4\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd9\xa7\x14\fp\x05q\x81\xc6\xac\x96\x13\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C\xcd\xa9R\xad\xb5', 0x4) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async, rerun: 32) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001140), 0xffffffffffffffff) (async, rerun: 32) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async, rerun: 64) unshare$auto(0x40000080) (async, rerun: 64) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) (async) madvise$auto(0x0, 0x20499a, 0x4009) (async) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) (async, rerun: 32) r7 = socket(0x29, 0x2, 0x0) (async, rerun: 32) r8 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) write$auto(r8, 0x0, 0x5) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x10001, 0x810006, 0x8, 0x8000000008011, 0x3, 0x0) (async) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r7, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000380)={&(0x7f0000000180)={0xc8, 0x0, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @ETHTOOL_A_CHANNELS_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}]}, @ETHTOOL_A_CHANNELS_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}]}, @ETHTOOL_A_CHANNELS_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async) r9 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, 0x0, 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r9, &(0x7f00000002c0)=""/190, 0xfffffe39) (async) write$auto(0x3, 0x0, 0x8) read$auto(0x3, 0x0, 0x7fffffff) (async) sendmsg$auto_NL80211_CMD_SET_WIPHY(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x24, r4, 0x1, 0x70bd29, 0x25dfdbfb, {0x2, 0x0, 0x14}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x1}]}, 0x24}, 0x1, 0x1400, 0x0, 0x80}, 0x20000084) sendmsg$auto_NL80211_CMD_JOIN_IBSS(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="00046839000008e3ca000300003cdc9935bec95e3f9fe49d630006af"], 0x1c}, 0x1, 0x0, 0x0, 0x44090}, 0x4000) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r10 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/error_log\x00', 0x83, 0x0) (async) sendfile$auto(r10, r10, 0x0, 0x3) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts. [ 92.072822][ T5811] cgroup: Unknown subsys name 'net' [ 92.213146][ T5811] cgroup: Unknown subsys name 'cpuset' [ 92.223854][ T5811] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 93.983921][ T5811] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.097796][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.118373][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 96.126297][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 96.135382][ T5835] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.144146][ T5835] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 96.153085][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 96.161063][ T5835] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 96.161783][ T5841] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.172128][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 96.184167][ T5835] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 96.186133][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 96.193285][ T5835] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 96.202608][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 96.210514][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 96.216107][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 96.227242][ T5838] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 96.234970][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 96.243334][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 96.243602][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 96.257970][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 96.841404][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 96.919414][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 97.040413][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 97.058972][ T9] cfg80211: failed to load regulatory.db [ 97.152339][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.159658][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.167022][ T5827] bridge_slave_0: entered allmulticast mode [ 97.174553][ T5827] bridge_slave_0: entered promiscuous mode [ 97.191951][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.199220][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.206508][ T5827] bridge_slave_1: entered allmulticast mode [ 97.214573][ T5827] bridge_slave_1: entered promiscuous mode [ 97.241005][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 97.309143][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.316329][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.324575][ T5826] bridge_slave_0: entered allmulticast mode [ 97.333317][ T5826] bridge_slave_0: entered promiscuous mode [ 97.359818][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.381513][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.388808][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.396046][ T5826] bridge_slave_1: entered allmulticast mode [ 97.403802][ T5826] bridge_slave_1: entered promiscuous mode [ 97.425322][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.475633][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.483553][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.491114][ T5829] bridge_slave_0: entered allmulticast mode [ 97.498769][ T5829] bridge_slave_0: entered promiscuous mode [ 97.536124][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.543538][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.551232][ T5829] bridge_slave_1: entered allmulticast mode [ 97.558709][ T5829] bridge_slave_1: entered promiscuous mode [ 97.568966][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.587494][ T5827] team0: Port device team_slave_0 added [ 97.607763][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.631197][ T5827] team0: Port device team_slave_1 added [ 97.699335][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.712309][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.732354][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.739782][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.747124][ T5828] bridge_slave_0: entered allmulticast mode [ 97.754853][ T5828] bridge_slave_0: entered promiscuous mode [ 97.764091][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.771217][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.797477][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.822940][ T5826] team0: Port device team_slave_0 added [ 97.833580][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.840788][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.848246][ T5828] bridge_slave_1: entered allmulticast mode [ 97.855875][ T5828] bridge_slave_1: entered promiscuous mode [ 97.863781][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.871150][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.897225][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.922568][ T5826] team0: Port device team_slave_1 added [ 97.952228][ T5829] team0: Port device team_slave_0 added [ 97.986347][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.999877][ T5829] team0: Port device team_slave_1 added [ 98.031481][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.064850][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.071963][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.098005][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.141915][ T5827] hsr_slave_0: entered promiscuous mode [ 98.148932][ T5827] hsr_slave_1: entered promiscuous mode [ 98.167417][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.174414][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.200671][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.214031][ T5828] team0: Port device team_slave_0 added [ 98.223240][ T5828] team0: Port device team_slave_1 added [ 98.229652][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.236966][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.263205][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.283050][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.290099][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.316152][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.327558][ T5145] Bluetooth: hci1: command tx timeout [ 98.333337][ T5145] Bluetooth: hci0: command tx timeout [ 98.339591][ T51] Bluetooth: hci3: command tx timeout [ 98.345389][ T5832] Bluetooth: hci2: command tx timeout [ 98.393703][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.401237][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.427279][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.469817][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.477155][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.503426][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.570197][ T5826] hsr_slave_0: entered promiscuous mode [ 98.577346][ T5826] hsr_slave_1: entered promiscuous mode [ 98.583696][ T5826] debugfs: 'hsr0' already exists in 'hsr' [ 98.589583][ T5826] Cannot create hsr debugfs directory [ 98.638988][ T5829] hsr_slave_0: entered promiscuous mode [ 98.645963][ T5829] hsr_slave_1: entered promiscuous mode [ 98.652497][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 98.658428][ T5829] Cannot create hsr debugfs directory [ 98.787084][ T5828] hsr_slave_0: entered promiscuous mode [ 98.793545][ T5828] hsr_slave_1: entered promiscuous mode [ 98.800473][ T5828] debugfs: 'hsr0' already exists in 'hsr' [ 98.806329][ T5828] Cannot create hsr debugfs directory [ 99.142960][ T5827] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 99.157879][ T5827] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 99.178251][ T5827] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 99.208109][ T5827] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 99.288839][ T5826] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 99.310287][ T5826] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 99.322865][ T5826] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 99.334967][ T5826] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 99.453596][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.481403][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.493511][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 99.519697][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.601741][ T5828] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 99.615980][ T5828] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 99.638670][ T5828] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 99.658501][ T5828] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 99.672978][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.722786][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.762545][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.769849][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.783843][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.803994][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.811217][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.898447][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.939509][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.946740][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.964662][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.971882][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.006108][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.092342][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.115484][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.142302][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.149546][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.169341][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.177036][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.195826][ T5826] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 100.269279][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.320004][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.327272][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.364578][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.371847][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.397882][ T5832] Bluetooth: hci2: command tx timeout [ 100.403474][ T5832] Bluetooth: hci0: command tx timeout [ 100.405707][ T5145] Bluetooth: hci1: command tx timeout [ 100.414981][ T5832] Bluetooth: hci3: command tx timeout [ 100.571275][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.677306][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.721165][ T5827] veth0_vlan: entered promiscuous mode [ 100.765735][ T5827] veth1_vlan: entered promiscuous mode [ 100.840056][ T5826] veth0_vlan: entered promiscuous mode [ 100.880017][ T5826] veth1_vlan: entered promiscuous mode [ 100.887965][ T5827] veth0_macvtap: entered promiscuous mode [ 100.922262][ T5827] veth1_macvtap: entered promiscuous mode [ 100.987914][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.013495][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.029539][ T5826] veth0_macvtap: entered promiscuous mode [ 101.045579][ T1153] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.067501][ T1153] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.076384][ T1153] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.097245][ T5826] veth1_macvtap: entered promiscuous mode [ 101.115647][ T1153] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.203625][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.216231][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.248888][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.263182][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.310929][ T1153] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.332294][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.350193][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.358996][ T1153] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.369872][ T58] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.391963][ T58] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.444459][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.453781][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.478810][ T5828] veth0_vlan: entered promiscuous mode [ 101.563851][ T5828] veth1_vlan: entered promiscuous mode [ 101.581538][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 101.595395][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.626179][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.655865][ T5829] veth0_vlan: entered promiscuous mode [ 101.744852][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.765629][ T5829] veth1_vlan: entered promiscuous mode [ 101.774313][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.831463][ T5828] veth0_macvtap: entered promiscuous mode [ 101.870655][ T5828] veth1_macvtap: entered promiscuous mode [ 101.934959][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.001451][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.038294][ T5829] veth0_macvtap: entered promiscuous mode [ 102.068782][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.084918][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.099879][ T5829] veth1_macvtap: entered promiscuous mode [ 102.119558][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.129291][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.140302][ T5924] vhci_hcd vhci_hcd.2: invalid port number 16 [ 102.146404][ T5924] vhci_hcd vhci_hcd.2: invalid port number 16 [ 102.164507][ T5919] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 102.279600][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.332057][ T5928] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 102.349737][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.449074][ T58] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.483063][ T5832] Bluetooth: hci1: command tx timeout [ 102.488859][ T5842] Bluetooth: hci0: command tx timeout [ 102.494300][ T5842] Bluetooth: hci2: command tx timeout [ 102.500371][ T5145] Bluetooth: hci3: command tx timeout [ 102.519598][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.536630][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.555195][ T58] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.594636][ T58] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.630612][ T58] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.718771][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.746172][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.808256][ T5935] futex_wake_op: syz.1.8 tries to shift op by -2048; fix this program [ 102.824695][ T5937] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 102.900330][ T5935] futex_wake_op: syz.1.8 tries to shift op by -2048; fix this program [ 102.913077][ T5935] 0x000000000001-0x000000020000 : "" [ 102.970474][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.988054][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.996872][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 103.005168][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 103.024564][ T5935] ftl_cs: FTL header corrupt! [ 103.030395][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.076638][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 103.338214][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.349441][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.497006][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.537357][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.648787][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.043039][ T5950] mmap: syz.2.10 (5950) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 104.557189][ T51] Bluetooth: hci3: command tx timeout [ 104.562718][ T5145] Bluetooth: hci2: command tx timeout [ 104.568307][ T5145] Bluetooth: hci1: command tx timeout [ 104.573750][ T5145] Bluetooth: hci0: command tx timeout [ 104.949475][ T5976] Zero length message leads to an empty skb [ 105.827829][ T5993] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 106.582844][ T6008] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 106.616986][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 106.640342][ T6009] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 107.010743][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.020079][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.145730][ T6030] netlink: 330 bytes leftover after parsing attributes in process `syz.2.27'. [ 107.904433][ T6042] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 107.966904][ T6042] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) syzkaller syzkaller login: [ 113.361880][ T6143] tipc: Started in network mode [ 113.387638][ T6143] tipc: Node identity ee00, cluster identity 4711 [ 113.426710][ T6143] tipc: Node number set to 60928 [ 115.272986][ T6179] ima: policy update failed [ 115.287295][ T30] audit: type=1802 audit(1773766278.360:2): pid=6179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.53" res=0 errno=0 [ 116.247944][ T6197] process 'syz.1.57' launched './file0' with NULL argv: empty string added [ 118.609534][ T30] audit: type=1800 audit(1773766281.690:3): pid=6238 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.63" name="lu_gp_id" dev="configfs" ino=10274 res=0 errno=0 [ 120.092941][ T6259] tipc: Started in network mode [ 120.097941][ T6259] tipc: Node identity ee00, cluster identity 4711 [ 120.104451][ T6259] tipc: Node number set to 60928 [ 122.221241][ T6293] FAULT_INJECTION: forcing a failure. [ 122.221241][ T6293] name failslab, interval 1, probability 0, space 0, times 1 [ 122.303955][ T6293] CPU: 1 UID: 0 PID: 6293 Comm: syz.1.75 Not tainted syzkaller #0 PREEMPT(full) [ 122.303988][ T6293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 122.304010][ T6293] Call Trace: [ 122.304018][ T6293] [ 122.304027][ T6293] dump_stack_lvl+0x100/0x190 [ 122.304077][ T6293] should_fail_ex.cold+0x5/0xa [ 122.304104][ T6293] ? cache_create_net+0xa2/0x1f0 [ 122.304140][ T6293] should_failslab+0xc2/0x120 [ 122.304166][ T6293] __kmalloc_noprof+0xe0/0x850 [ 122.304216][ T6293] cache_create_net+0xa2/0x1f0 [ 122.304251][ T6293] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 122.304286][ T6293] gss_svc_init_net+0x69/0x640 [ 122.304317][ T6293] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 122.304356][ T6293] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 122.304390][ T6293] ops_init+0x1e2/0x5f0 [ 122.304430][ T6293] setup_net+0x118/0x3a0 [ 122.304468][ T6293] ? __pfx_setup_net+0x10/0x10 [ 122.304503][ T6293] ? lockdep_init_map_type+0x5c/0x250 [ 122.304538][ T6293] ? mutex_init_lockep+0x110/0x150 [ 122.304575][ T6293] copy_net_ns+0x46f/0x7c0 [ 122.304600][ T6293] create_new_namespaces+0x3ea/0xac0 [ 122.304633][ T6293] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 122.304662][ T6293] ksys_unshare+0x473/0xad0 [ 122.304695][ T6293] ? __pfx_ksys_unshare+0x10/0x10 [ 122.304737][ T6293] __x64_sys_unshare+0x31/0x40 [ 122.304768][ T6293] do_syscall_64+0x106/0xf80 [ 122.304803][ T6293] ? clear_bhb_loop+0x40/0x90 [ 122.304832][ T6293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.304857][ T6293] RIP: 0033:0x7fc25379c799 [ 122.304885][ T6293] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.304909][ T6293] RSP: 002b:00007fc254639028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 122.304932][ T6293] RAX: ffffffffffffffda RBX: 00007fc253a15fa0 RCX: 00007fc25379c799 [ 122.304948][ T6293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 122.304963][ T6293] RBP: 00007fc253832c99 R08: 0000000000000000 R09: 0000000000000000 [ 122.304978][ T6293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.304992][ T6293] R13: 00007fc253a16038 R14: 00007fc253a15fa0 R15: 00007ffebf1936b8 [ 122.305023][ T6293] [ 122.972281][ T6305] block2mtd: illegal erase size [ 123.896881][ T6323] tipc: Started in network mode [ 123.901836][ T6323] tipc: Node identity ee00, cluster identity 4711 [ 123.951316][ T6323] tipc: Node number set to 60928 [ 125.967489][ T6336] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 125.974739][ T6336] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 126.019233][ T6336] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 126.073391][ T6336] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 126.088712][ T6336] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 126.151277][ T6336] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 126.174772][ T6336] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 126.205478][ T6336] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 126.234340][ T6336] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 126.286455][ T6336] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 126.310712][ T6336] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 126.352045][ T6336] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 126.796848][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 128.027196][ T6382] tipc: Started in network mode [ 128.039502][ T6382] tipc: Node identity ee00, cluster identity 4711 [ 128.077180][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 128.097919][ T6382] tipc: Node number set to 60928 [ 128.239876][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 128.319914][ T5145] Bluetooth: hci3: command 0x0c1a tx timeout [ 128.887307][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 129.668427][ T6419] nbd: socks must be embedded in a SOCK_ITEM attr [ 129.715434][ T6419] block nbd0: shutting down sockets [ 129.789393][ T6422] .^: entered promiscuous mode [ 129.894240][ T6424] netlink: 8 bytes leftover after parsing attributes in process `syz.1.100'. [ 130.156954][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 130.320592][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 130.396845][ T5145] Bluetooth: hci3: command 0x0c1a tx timeout [ 130.962709][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 132.243273][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 132.396689][ T5145] Bluetooth: hci2: command 0x0c1a tx timeout [ 132.491853][ T5145] Bluetooth: hci3: command 0x0c1a tx timeout [ 132.882882][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.905792][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.173459][ T6497] block2mtd: illegal erase size [ 133.397056][ T6502] vivid-007: ================= START STATUS ================= [ 133.437937][ T6502] vivid-007: Generate PTS: true [ 133.474533][ T6502] vivid-007: Generate SCR: true [ 133.505126][ T6502] tpg source WxH: 320x240 (Y'CbCr) [ 133.562929][ T6502] tpg field: 1 [ 133.581830][ T6502] tpg crop: (0,0)/320x240 [ 133.596204][ T6502] tpg compose: (0,0)/320x240 [ 133.616171][ T6502] tpg colorspace: 8 [ 133.633473][ T6502] tpg transfer function: 0/0 [ 133.649479][ T6502] tpg Y'CbCr encoding: 0/0 [ 133.662124][ T6502] tpg quantization: 0/0 [ 133.679030][ T6502] tpg RGB range: 0/2 [ 133.695026][ T6502] vivid-007: ================== END STATUS ================== [ 134.342442][ T6514] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 134.457376][ T6511] FAULT_INJECTION: forcing a failure. [ 134.457376][ T6511] name failslab, interval 1, probability 0, space 0, times 0 [ 134.482593][ T6511] CPU: 1 UID: 0 PID: 6511 Comm: syz.1.120 Not tainted syzkaller #0 PREEMPT(full) [ 134.482641][ T6511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 134.482656][ T6511] Call Trace: [ 134.482664][ T6511] [ 134.482674][ T6511] dump_stack_lvl+0x100/0x190 [ 134.482716][ T6511] should_fail_ex.cold+0x5/0xa [ 134.482744][ T6511] should_failslab+0xc2/0x120 [ 134.482770][ T6511] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 134.482808][ T6511] ? __d_alloc+0x34/0xa80 [ 134.482841][ T6511] __d_alloc+0x34/0xa80 [ 134.482871][ T6511] d_alloc_pseudo+0x1c/0xc0 [ 134.482907][ T6511] alloc_file_pseudo+0xcf/0x230 [ 134.482940][ T6511] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 134.482980][ T6511] __shmem_file_setup+0x221/0x490 [ 134.483015][ T6511] ? __pfx___shmem_file_setup+0x10/0x10 [ 134.483060][ T6511] ? vm_area_alloc+0x1f/0x160 [ 134.483097][ T6511] shmem_zero_setup+0x96/0x1b0 [ 134.483139][ T6511] __mmap_region+0x2198/0x29e0 [ 134.483181][ T6511] ? __pfx___mmap_region+0x10/0x10 [ 134.483214][ T6511] ? process_measurement+0x1f4/0x2350 [ 134.483271][ T6511] ? __lock_acquire+0x4a5/0x2630 [ 134.483315][ T6511] ? lock_acquire+0x1cf/0x380 [ 134.483345][ T6511] ? find_held_lock+0x2b/0x80 [ 134.483382][ T6511] ? trace_sched_exit_tp+0x13a/0x180 [ 134.483451][ T6511] ? rcu_is_watching+0x12/0xc0 [ 134.483489][ T6511] ? cap_capable+0x107/0x460 [ 134.483534][ T6511] mmap_region+0x180/0x3e0 [ 134.483577][ T6511] do_mmap+0xc63/0x12f0 [ 134.483610][ T6511] ? __pfx_do_mmap+0x10/0x10 [ 134.483637][ T6511] ? __pfx_down_write_killable+0x10/0x10 [ 134.483684][ T6511] vm_mmap_pgoff+0x29e/0x470 [ 134.483717][ T6511] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 134.483747][ T6511] ? do_futex+0x192/0x350 [ 134.483780][ T6511] ? __pfx_do_futex+0x10/0x10 [ 134.483818][ T6511] ksys_mmap_pgoff+0xe1/0x650 [ 134.483847][ T6511] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 134.483873][ T6511] ? xfd_validate_state+0x129/0x190 [ 134.483914][ T6511] __x64_sys_mmap+0x125/0x190 [ 134.483955][ T6511] do_syscall_64+0x106/0xf80 [ 134.483989][ T6511] ? clear_bhb_loop+0x40/0x90 [ 134.484018][ T6511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.484050][ T6511] RIP: 0033:0x7fc25379c799 [ 134.484070][ T6511] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 134.484094][ T6511] RSP: 002b:00007fc254639028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 134.484118][ T6511] RAX: ffffffffffffffda RBX: 00007fc253a15fa0 RCX: 00007fc25379c799 [ 134.484134][ T6511] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 134.484149][ T6511] RBP: 00007fc253832c99 R08: fffffffffffffffa R09: 0000000000008000 [ 134.484164][ T6511] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 134.484179][ T6511] R13: 00007fc253a16038 R14: 00007fc253a15fa0 R15: 00007ffebf1936b8 [ 134.484210][ T6511] [ 136.543496][ T6565] netlink: 4 bytes leftover after parsing attributes in process `syz.3.131'. [ 136.603907][ T6565] netlink: 'syz.3.131': attribute type 1 has an invalid length. [ 136.686702][ T6565] netlink: 13 bytes leftover after parsing attributes in process `syz.3.131'. [ 136.745600][ T6563] can: request_module (can-proto-0) failed. [ 137.587089][ T5880] usb usb40-port2: attempt power cycle [ 138.147894][ T5880] usb usb40-port2: unable to enumerate USB device [ 140.752279][ T6582] .^: entered promiscuous mode [ 141.737182][ T6602] sp0: Synchronizing with TNC [ 143.354959][ T6627] netlink: 16 bytes leftover after parsing attributes in process `syz.0.145'. [ 143.539602][ T6631] FAULT_INJECTION: forcing a failure. [ 143.539602][ T6631] name failslab, interval 1, probability 0, space 0, times 0 [ 143.568980][ T6631] CPU: 1 UID: 0 PID: 6631 Comm: syz.3.147 Not tainted syzkaller #0 PREEMPT(full) [ 143.569020][ T6631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 143.569038][ T6631] Call Trace: [ 143.569048][ T6631] [ 143.569060][ T6631] dump_stack_lvl+0x100/0x190 [ 143.569109][ T6631] should_fail_ex.cold+0x5/0xa [ 143.569136][ T6631] should_failslab+0xc2/0x120 [ 143.569160][ T6631] __kmalloc_cache_node_noprof+0x7d/0x770 [ 143.569200][ T6631] ? __get_vm_area_node+0x101/0x330 [ 143.569231][ T6631] __get_vm_area_node+0x101/0x330 [ 143.569262][ T6631] __vmalloc_node_range_noprof+0x213/0x1530 [ 143.569292][ T6631] ? __do_sys_listmount+0x289/0xee0 [ 143.569336][ T6631] ? __do_sys_listmount+0x289/0xee0 [ 143.569381][ T6631] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 143.569416][ T6631] ? rcu_is_watching+0x12/0xc0 [ 143.569466][ T6631] __kvmalloc_node_noprof+0x3de/0xa00 [ 143.569503][ T6631] ? __do_sys_listmount+0x289/0xee0 [ 143.569537][ T6631] ? __do_sys_listmount+0x289/0xee0 [ 143.569571][ T6631] ? _copy_from_user+0x59/0xd0 [ 143.569607][ T6631] ? copy_mnt_id_req+0x1b1/0x350 [ 143.569640][ T6631] __do_sys_listmount+0x289/0xee0 [ 143.569681][ T6631] ? __fget_files+0x21f/0x3d0 [ 143.569702][ T6631] ? __pfx___do_sys_listmount+0x10/0x10 [ 143.569741][ T6631] ? fput+0x79/0x100 [ 143.569779][ T6631] do_syscall_64+0x106/0xf80 [ 143.569811][ T6631] ? clear_bhb_loop+0x40/0x90 [ 143.569839][ T6631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.569862][ T6631] RIP: 0033:0x7f2b3539c799 [ 143.569881][ T6631] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 143.569902][ T6631] RSP: 002b:00007f2b36178028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 143.569924][ T6631] RAX: ffffffffffffffda RBX: 00007f2b35616090 RCX: 00007f2b3539c799 [ 143.569939][ T6631] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 143.569953][ T6631] RBP: 00007f2b36178090 R08: 0000000000000000 R09: 0000000000000000 [ 143.569968][ T6631] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 143.569981][ T6631] R13: 00007f2b35616128 R14: 00007f2b35616090 R15: 00007ffd266a5158 [ 143.570011][ T6631] [ 143.570162][ T6631] syz.3.147: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 143.934401][ T6631] CPU: 0 UID: 0 PID: 6631 Comm: syz.3.147 Not tainted syzkaller #0 PREEMPT(full) [ 143.934443][ T6631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 143.934461][ T6631] Call Trace: [ 143.934471][ T6631] [ 143.934483][ T6631] dump_stack_lvl+0x100/0x190 [ 143.934536][ T6631] warn_alloc.cold+0x95/0x1c1 [ 143.934591][ T6631] ? __pfx_warn_alloc+0x10/0x10 [ 143.934637][ T6631] ? trace_kmalloc+0x101/0x130 [ 143.934674][ T6631] ? __kmalloc_cache_node_noprof+0x2d9/0x770 [ 143.934733][ T6631] ? __kasan_kmalloc+0x8a/0xb0 [ 143.934785][ T6631] ? __get_vm_area_node+0x208/0x330 [ 143.934833][ T6631] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 143.934877][ T6631] ? __do_sys_listmount+0x289/0xee0 [ 143.934922][ T6631] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 143.934957][ T6631] ? rcu_is_watching+0x12/0xc0 [ 143.935000][ T6631] __kvmalloc_node_noprof+0x3de/0xa00 [ 143.935038][ T6631] ? __do_sys_listmount+0x289/0xee0 [ 143.935072][ T6631] ? __do_sys_listmount+0x289/0xee0 [ 143.935107][ T6631] ? _copy_from_user+0x59/0xd0 [ 143.935134][ T6631] ? copy_mnt_id_req+0x1b1/0x350 [ 143.935167][ T6631] __do_sys_listmount+0x289/0xee0 [ 143.935209][ T6631] ? __fget_files+0x21f/0x3d0 [ 143.935229][ T6631] ? __pfx___do_sys_listmount+0x10/0x10 [ 143.935270][ T6631] ? fput+0x79/0x100 [ 143.935309][ T6631] do_syscall_64+0x106/0xf80 [ 143.935343][ T6631] ? clear_bhb_loop+0x40/0x90 [ 143.935372][ T6631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.935396][ T6631] RIP: 0033:0x7f2b3539c799 [ 143.935415][ T6631] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 143.935436][ T6631] RSP: 002b:00007f2b36178028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 143.935457][ T6631] RAX: ffffffffffffffda RBX: 00007f2b35616090 RCX: 00007f2b3539c799 [ 143.935472][ T6631] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 143.935486][ T6631] RBP: 00007f2b36178090 R08: 0000000000000000 R09: 0000000000000000 [ 143.935500][ T6631] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 143.935513][ T6631] R13: 00007f2b35616128 R14: 00007f2b35616090 R15: 00007ffd266a5158 [ 143.935542][ T6631] [ 144.155693][ T6631] Mem-Info: [ 144.159107][ T6631] active_anon:15006 inactive_anon:0 isolated_anon:0 [ 144.159107][ T6631] active_file:16079 inactive_file:43271 isolated_file:0 [ 144.159107][ T6631] unevictable:768 dirty:1038 writeback:0 [ 144.159107][ T6631] slab_reclaimable:11036 slab_unreclaimable:90716 [ 144.159107][ T6631] mapped:25553 shmem:6142 pagetables:1098 [ 144.159107][ T6631] sec_pagetables:0 bounce:0 [ 144.159107][ T6631] kernel_misc_reclaimable:0 [ 144.159107][ T6631] free:1300486 free_pcp:26872 free_cma:0 [ 144.204901][ T6631] Node 0 active_anon:56424kB inactive_anon:0kB active_file:64316kB inactive_file:172884kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102212kB dirty:4152kB writeback:0kB shmem:23032kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11808kB pagetables:4236kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 144.245935][ T6631] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 144.276008][ T6631] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 144.305965][ T6631] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 144.311804][ T6631] Node 0 DMA32 free:1237780kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:55024kB inactive_anon:0kB active_file:64316kB inactive_file:171884kB unevictable:4336kB writepending:4152kB zspages:0kB present:3129332kB managed:2537384kB mlocked:2800kB bounce:0kB free_pcp:110680kB local_pcp:81656kB free_cma:0kB [ 144.345887][ T6631] lowmem_reserve[]: 0 0 1 1 1 [ 144.350731][ T6631] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 144.381041][ T6631] lowmem_reserve[]: 0 0 0 0 0 [ 144.385948][ T6631] Node 1 Normal free:3948804kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 144.459107][ T6631] lowmem_reserve[]: 0 0 0 0 0 [ 144.493237][ T6631] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 144.577786][ T6631] Node 0 DMA32: 3001*4kB (UM) 1675*8kB (UME) 881*16kB (UME) 523*32kB (UME) 305*64kB (UM) 184*128kB (ME) 60*256kB (UME) 20*512kB (UME) 12*1024kB (UM) 2*2048kB (UE) 268*4096kB (M) = 1239020kB [ 144.732339][ T6631] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 144.970208][ T6631] Node 1 Normal: 11*4kB (UM) 15*8kB (UM) 19*16kB (UM) 11*32kB (UM) 10*64kB (UM) 5*128kB (UM) 5*256kB (UM) 2*512kB (UM) 2*1024kB (UM) 3*2048kB (UM) 961*4096kB (M) = 3948852kB [ 145.045057][ T6631] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 145.132110][ T6631] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 145.246661][ T6631] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 145.268131][ T6631] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 145.278742][ T6631] 61339 total pagecache pages [ 145.283935][ T6631] 0 pages in swap cache [ 145.296705][ T6631] Free swap = 124996kB [ 145.371054][ T6631] Total swap = 124996kB [ 145.375294][ T6631] 2097051 pages RAM [ 145.474151][ T6631] 0 pages HighMem/MovableOnly [ 145.496796][ T6631] 430825 pages reserved [ 145.509367][ T6631] 0 pages cma reserved Ijn9_UVQ8j@:Un M%Ux[ 148.962354][ T6717] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 149.389976][ T6729] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 149.407114][ T6729] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 149.465702][ T6729] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 149.506882][ T6729] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 150.173947][ T30] audit: type=1800 audit(1773774113.250:4): pid=6762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.169" name="dbroot" dev="configfs" ino=12780 res=0 errno=0 [ 151.122549][ T5145] Bluetooth: hci0: command 0x0c1a tx timeout [ 151.436766][ T5145] Bluetooth: hci1: command 0x0c1a tx timeout [ 151.436812][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 151.521790][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 154.638060][ T6841] futex_wake_op: syz.1.187 tries to shift op by -2048; fix this program [ 154.748738][ T6841] futex_wake_op: syz.1.187 tries to shift op by -2048; fix this program [ 154.756142][ T6842] random: crng reseeded on system resumption [ 155.565378][ T6851] netlink: 114 bytes leftover after parsing attributes in process `syz.3.190'. [ 156.034004][ T6867] netlink: 338 bytes leftover after parsing attributes in process `syz.1.193'. [ 156.044707][ T6867] netlink: 338 bytes leftover after parsing attributes in process `syz.1.193'. [ 157.101336][ T6893] ptp ptp0: only physical clock in use now [ 158.622468][ T6908] zswap: compressor not available [ 158.663182][ T6927] FAULT_INJECTION: forcing a failure. [ 158.663182][ T6927] name failslab, interval 1, probability 0, space 0, times 0 [ 158.705950][ T6927] CPU: 1 UID: 0 PID: 6927 Comm: syz.3.205 Tainted: G L syzkaller #0 PREEMPT(full) [ 158.705999][ T6927] Tainted: [L]=SOFTLOCKUP [ 158.706010][ T6927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 158.706029][ T6927] Call Trace: [ 158.706039][ T6927] [ 158.706050][ T6927] dump_stack_lvl+0x100/0x190 [ 158.706105][ T6927] should_fail_ex.cold+0x5/0xa [ 158.706152][ T6927] ? tomoyo_realpath_from_path+0xb6/0x690 [ 158.706195][ T6927] should_failslab+0xc2/0x120 [ 158.706230][ T6927] __kmalloc_noprof+0xe0/0x850 [ 158.706292][ T6927] tomoyo_realpath_from_path+0xb6/0x690 [ 158.706345][ T6927] tomoyo_path_number_perm+0x23c/0x580 [ 158.706379][ T6927] ? tomoyo_path_number_perm+0x22e/0x580 [ 158.706418][ T6927] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 158.706497][ T6927] ? find_held_lock+0x2b/0x80 [ 158.706528][ T6927] ? __fget_files+0x215/0x3d0 [ 158.706554][ T6927] ? hook_file_ioctl_common+0x146/0x410 [ 158.706598][ T6927] ? __fget_files+0x21f/0x3d0 [ 158.706634][ T6927] security_file_ioctl+0xd3/0x230 [ 158.706673][ T6927] __x64_sys_ioctl+0xb7/0x210 [ 158.706722][ T6927] do_syscall_64+0x106/0xf80 [ 158.706766][ T6927] ? clear_bhb_loop+0x40/0x90 [ 158.706808][ T6927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.706842][ T6927] RIP: 0033:0x7f2b3539c799 [ 158.706870][ T6927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 158.706901][ T6927] RSP: 002b:00007f2b36178028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 158.706932][ T6927] RAX: ffffffffffffffda RBX: 00007f2b35616090 RCX: 00007f2b3539c799 [ 158.706953][ T6927] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 000000000000000f [ 158.706969][ T6927] RBP: 00007f2b36178090 R08: 0000000000000000 R09: 0000000000000000 [ 158.706986][ T6927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.707004][ T6927] R13: 00007f2b35616128 R14: 00007f2b35616090 R15: 00007ffd266a5158 [ 158.707044][ T6927] [ 159.186777][ T6927] ERROR: Out of memory at tomoyo_realpath_from_path. Ijn9_UVQ8j@:Un M%Ux[ 161.357000][ T5145] Bluetooth: hci4: command 0xfc11 tx timeout [ 161.364762][ T51] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 162.930635][ T6995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.220'. [ 162.947741][ T6995] netlink: 'syz.0.220': attribute type 1 has an invalid length. [ 162.961548][ T6995] netlink: 13 bytes leftover after parsing attributes in process `syz.0.220'. [ 163.251353][ T7000] netlink: 342 bytes leftover after parsing attributes in process `syz.0.222'. [ 163.729675][ T51] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 164.314736][ T7022] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 165.951486][ T7037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.230'. [ 166.001377][ T7037] netlink: 25 bytes leftover after parsing attributes in process `syz.3.230'. [ 166.478148][ T7047] nfs: Unknown parameter 'nl802154' [ 167.099384][ T7047] nfs: Unknown parameter 'nl802154' [ 171.167557][ T6765] Bluetooth: hci4: Frame reassembly failed (-84) [ 172.214611][ T7119] FAULT_INJECTION: forcing a failure. [ 172.214611][ T7119] name failslab, interval 1, probability 0, space 0, times 0 [ 172.279812][ T7119] CPU: 0 UID: 0 PID: 7119 Comm: syz.0.248 Tainted: G L syzkaller #0 PREEMPT(full) [ 172.279868][ T7119] Tainted: [L]=SOFTLOCKUP [ 172.279880][ T7119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 172.279899][ T7119] Call Trace: [ 172.279910][ T7119] [ 172.279924][ T7119] dump_stack_lvl+0x100/0x190 [ 172.279984][ T7119] should_fail_ex.cold+0x5/0xa [ 172.280022][ T7119] ? ops_init+0x77/0x5f0 [ 172.280070][ T7119] should_failslab+0xc2/0x120 [ 172.280107][ T7119] __kmalloc_noprof+0xe0/0x850 [ 172.280157][ T7119] ? __raw_spin_lock_init+0x3a/0x110 [ 172.280216][ T7119] ops_init+0x77/0x5f0 [ 172.280271][ T7119] setup_net+0x118/0x3a0 [ 172.280324][ T7119] ? __pfx_setup_net+0x10/0x10 [ 172.280373][ T7119] ? lockdep_init_map_type+0x5c/0x250 [ 172.280420][ T7119] ? mutex_init_lockep+0x110/0x150 [ 172.280482][ T7119] copy_net_ns+0x46f/0x7c0 [ 172.280518][ T7119] create_new_namespaces+0x3ea/0xac0 [ 172.280565][ T7119] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 172.280608][ T7119] ksys_unshare+0x473/0xad0 [ 172.280654][ T7119] ? __pfx_ksys_unshare+0x10/0x10 [ 172.280712][ T7119] __x64_sys_unshare+0x31/0x40 [ 172.280756][ T7119] do_syscall_64+0x106/0xf80 [ 172.280804][ T7119] ? clear_bhb_loop+0x40/0x90 [ 172.280847][ T7119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.280883][ T7119] RIP: 0033:0x7f77e359c799 [ 172.280912][ T7119] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 172.280945][ T7119] RSP: 002b:00007f77e43c1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 172.280979][ T7119] RAX: ffffffffffffffda RBX: 00007f77e3815fa0 RCX: 00007f77e359c799 [ 172.281001][ T7119] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 172.281021][ T7119] RBP: 00007f77e3632c99 R08: 0000000000000000 R09: 0000000000000000 [ 172.281041][ T7119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 172.281060][ T7119] R13: 00007f77e3816038 R14: 00007f77e3815fa0 R15: 00007fff3c8bb558 [ 172.281105][ T7119] [ 172.983560][ T7124] FAULT_INJECTION: forcing a failure. [ 172.983560][ T7124] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 173.006613][ T7124] CPU: 0 UID: 0 PID: 7124 Comm: syz.0.248 Tainted: G L syzkaller #0 PREEMPT(full) [ 173.006667][ T7124] Tainted: [L]=SOFTLOCKUP [ 173.006680][ T7124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 173.006707][ T7124] Call Trace: [ 173.006719][ T7124] [ 173.006731][ T7124] dump_stack_lvl+0x100/0x190 [ 173.006790][ T7124] should_fail_ex.cold+0x5/0xa [ 173.006824][ T7124] ? prepare_alloc_pages+0x16d/0x5f0 [ 173.006867][ T7124] should_fail_alloc_page+0xeb/0x140 [ 173.006907][ T7124] prepare_alloc_pages+0x1f0/0x5f0 [ 173.006955][ T7124] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 173.007023][ T7124] ? rcu_is_watching+0x12/0xc0 [ 173.007077][ T7124] ? mod_memcg_lruvec_state+0x1a6/0x630 [ 173.007132][ T7124] ? __mod_zone_page_state+0xe2/0x190 [ 173.007180][ T7124] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 173.007235][ T7124] ? lru_gen_add_folio+0x20f/0x13e0 [ 173.007300][ T7124] ? folios_put_refs+0x66d/0x840 [ 173.007361][ T7124] ? __pfx_folios_put_refs+0x10/0x10 [ 173.007429][ T7124] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 173.007492][ T7124] ? policy_nodemask+0xed/0x4f0 [ 173.007533][ T7124] alloc_pages_mpol+0x1fb/0x550 [ 173.007573][ T7124] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 173.007610][ T7124] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 173.007666][ T7124] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 173.007730][ T7124] folio_alloc_mpol_noprof+0x36/0x340 [ 173.007777][ T7124] shmem_alloc_folio+0x135/0x160 [ 173.007824][ T7124] shmem_alloc_and_add_folio+0x371/0xd40 [ 173.007888][ T7124] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 173.007946][ T7124] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 173.008010][ T7124] shmem_get_folio_gfp+0x6ab/0x1900 [ 173.008073][ T7124] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 173.008130][ T7124] ? filemap_map_pages+0xe69/0x2020 [ 173.008190][ T7124] shmem_fault+0x1f9/0xa20 [ 173.008242][ T7124] ? __lock_acquire+0x4a5/0x2630 [ 173.008287][ T7124] ? __pfx_shmem_fault+0x10/0x10 [ 173.008348][ T7124] ? __pfx_filemap_map_pages+0x10/0x10 [ 173.008418][ T7124] __do_fault+0x10d/0x550 [ 173.008457][ T7124] do_fault+0xabb/0x1990 [ 173.008502][ T7124] __handle_mm_fault+0x180f/0x2b60 [ 173.008556][ T7124] ? mt_find+0x45e/0x8e0 [ 173.008608][ T7124] ? __pfx___handle_mm_fault+0x10/0x10 [ 173.008652][ T7124] ? __pfx_mt_find+0x10/0x10 [ 173.008723][ T7124] ? find_vma+0xbf/0x140 [ 173.008750][ T7124] ? __pfx_find_vma+0x10/0x10 [ 173.008780][ T7124] handle_mm_fault+0x36d/0xa20 [ 173.008826][ T7124] do_user_addr_fault+0x74c/0x12f0 [ 173.008883][ T7124] exc_page_fault+0x6f/0xd0 [ 173.008924][ T7124] asm_exc_page_fault+0x26/0x30 [ 173.008951][ T7124] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 173.008983][ T7124] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 cf 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 173.009009][ T7124] RSP: 0018:ffffc900043a7428 EFLAGS: 00050202 [ 173.009032][ T7124] RAX: 0000000000000001 RBX: 000000000000ff04 RCX: 0000000000003f04 [ 173.009049][ T7124] RDX: 0000000000000001 RSI: 000000000000c000 RDI: ffff88804f84c010 [ 173.009066][ T7124] RBP: ffffc900043a7b40 R08: 0000000000000001 R09: ffffed1009f09fe2 [ 173.009083][ T7124] R10: ffff88804f84ff13 R11: 0000000000000000 R12: 0000000000000000 [ 173.009100][ T7124] R13: 0000000000000000 R14: 000000000000ff04 R15: ffffc900043a7b48 [ 173.009134][ T7124] _copy_from_iter+0x498/0x1690 [ 173.009175][ T7124] ? __pfx__copy_from_iter+0x10/0x10 [ 173.009207][ T7124] ? sctp_addto_chunk+0xfa/0x2a0 [ 173.009244][ T7124] ? __asan_memcpy+0x3c/0x60 [ 173.009285][ T7124] ? sctp_make_datafrag_empty+0x1a4/0x230 [ 173.009325][ T7124] ? __pfx_sctp_make_datafrag_empty+0x10/0x10 [ 173.009368][ T7124] sctp_user_addto_chunk+0x84/0x240 [ 173.009421][ T7124] sctp_datamsg_from_user+0x60b/0x1360 [ 173.009478][ T7124] sctp_sendmsg_to_asoc+0xb1c/0x1c50 [ 173.009523][ T7124] ? __asan_memcpy+0x40/0x60 [ 173.009563][ T7124] ? sctp_assoc_set_primary+0x276/0x310 [ 173.009609][ T7124] ? sctp_assoc_add_peer+0x252/0x14f0 [ 173.009662][ T7124] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 173.009704][ T7124] ? sctp_connect_new_asoc+0x41e/0x770 [ 173.009735][ T7124] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 173.009771][ T7124] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 173.009823][ T7124] sctp_sendmsg+0x1185/0x22b0 [ 173.009860][ T7124] ? __pfx_sctp_sendmsg+0x10/0x10 [ 173.009887][ T7124] ? __lock_acquire+0x4a5/0x2630 [ 173.009929][ T7124] ? aa_sk_perm+0x309/0xaa0 [ 173.009965][ T7124] ? __pfx_aa_sk_perm+0x10/0x10 [ 173.010006][ T7124] ? __pfx_sctp_sendmsg+0x10/0x10 [ 173.010036][ T7124] inet_sendmsg+0x11c/0x140 [ 173.010068][ T7124] ____sys_sendmsg+0x98d/0xb70 [ 173.010095][ T7124] ? __pfx_inet_sendmsg+0x10/0x10 [ 173.010127][ T7124] ? __pfx_____sys_sendmsg+0x10/0x10 [ 173.010182][ T7124] ? __pfx___schedule+0x10/0x10 [ 173.010226][ T7124] ___sys_sendmsg+0x190/0x1e0 [ 173.010260][ T7124] ? __pfx____sys_sendmsg+0x10/0x10 [ 173.010307][ T7124] ? find_held_lock+0x2b/0x80 [ 173.010355][ T7124] __sys_sendmmsg+0x205/0x430 [ 173.010426][ T7124] ? __pfx___sys_sendmmsg+0x10/0x10 [ 173.010478][ T7124] ? __pfx_do_futex+0x10/0x10 [ 173.010532][ T7124] ? xfd_validate_state+0x129/0x190 [ 173.010582][ T7124] __x64_sys_sendmmsg+0x9c/0x100 [ 173.010623][ T7124] ? lockdep_hardirqs_on+0x78/0x100 [ 173.010662][ T7124] do_syscall_64+0x106/0xf80 [ 173.010701][ T7124] ? clear_bhb_loop+0x40/0x90 [ 173.010735][ T7124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.010763][ T7124] RIP: 0033:0x7f77e359c799 [ 173.010786][ T7124] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 173.010813][ T7124] RSP: 002b:00007f77e43a0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 173.010839][ T7124] RAX: ffffffffffffffda RBX: 00007f77e3816090 RCX: 00007f77e359c799 [ 173.010857][ T7124] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000005 [ 173.010875][ T7124] RBP: 00007f77e3632c99 R08: 0000000000000000 R09: 0000000000000000 [ 173.010892][ T7124] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 173.010910][ T7124] R13: 00007f77e3816128 R14: 00007f77e3816090 R15: 00007fff3c8bb558 [ 173.010946][ T7124] [ 173.696603][ T51] Bluetooth: hci4: Entering manufacturer mode failed (-110) Ijn9_UVQ8j@:Un M%Ux[ 174.455877][ T6768] Bluetooth: hci4: Frame reassembly failed (-84) [ 175.268218][ T51] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 176.338041][ T30] audit: type=1800 audit(1773774139.420:5): pid=7168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.258" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 176.496247][ T51] Bluetooth: hci4: command 0xfc11 tx timeout [ 176.504487][ T5145] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 176.577321][ T7170] cougar: G6 mapped to space [ 176.582054][ T7170] cougar: G6 mapped to space [ 176.686737][ T7170] cougar: G6 mapped to space [ 176.691469][ T7170] cougar: G6 mapped to space [ 176.768277][ T7170] cougar: G6 mapped to space [ 176.773124][ T7170] cougar: G6 mapped to space [ 176.990937][ T7170] cougar: G6 mapped to space [ 176.998930][ T7170] cougar: G6 mapped to space [ 177.010173][ T7170] cougar: G6 mapped to space [ 177.020346][ T7170] cougar: G6 mapped to space [ 177.030932][ T7170] cougar: G6 mapped to space [ 177.053316][ T7170] cougar: G6 mapped to space [ 177.100111][ T7170] cougar: G6 mapped to space [ 177.166579][ T7170] cougar: G6 mapped to space [ 177.192905][ T7170] cougar: G6 mapped to space [ 177.328913][ T7170] cougar: G6 mapped to space [ 177.333707][ T7170] cougar: G6 mapped to space [ 183.290827][ T7262] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 190.527476][ T7376] netlink: 28 bytes leftover after parsing attributes in process `syz.2.299'. [ 193.369377][ T7434] netlink: 4 bytes leftover after parsing attributes in process `syz.2.305'. [ 193.407648][ T7434] netlink: 25 bytes leftover after parsing attributes in process `syz.2.305'. [ 193.636939][ T7452] capability: warning: `syz.2.307' uses 32-bit capabilities (legacy support in use) [ 194.321484][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.328188][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.522722][ T7494] virtio-pci 0000:00:04.0: [Firmware Bug]: Overriding NUMA node to -1. Contact your vendor for updates. [ 196.187576][ T7501] FAULT_INJECTION: forcing a failure. [ 196.187576][ T7501] name failslab, interval 1, probability 0, space 0, times 0 [ 196.362470][ T7501] CPU: 1 UID: 0 PID: 7501 Comm: syz.0.319 Tainted: G I L syzkaller #0 PREEMPT(full) [ 196.362513][ T7501] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 196.362524][ T7501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 196.362538][ T7501] Call Trace: [ 196.362546][ T7501] [ 196.362556][ T7501] dump_stack_lvl+0x100/0x190 [ 196.362598][ T7501] should_fail_ex.cold+0x5/0xa [ 196.362626][ T7501] should_failslab+0xc2/0x120 [ 196.362652][ T7501] __kmalloc_cache_noprof+0x7a/0x6f0 [ 196.362685][ T7501] ? snd_seq_prioq_new+0x3f/0x110 [ 196.362750][ T7501] ? lockdep_init_map_type+0x5c/0x250 [ 196.362803][ T7501] snd_seq_prioq_new+0x3f/0x110 [ 196.362846][ T7501] snd_seq_queue_alloc+0x153/0x590 [ 196.362888][ T7501] snd_seq_ioctl_create_queue+0xa9/0x370 [ 196.362931][ T7501] call_seq_client_ctl+0xa3/0x130 [ 196.362973][ T7501] snd_seq_kernel_client_ctl+0x77/0xd0 [ 196.363016][ T7501] alloc_seq_queue+0xdb/0x180 [ 196.363041][ T7501] ? __pfx_alloc_seq_queue+0x10/0x10 [ 196.363081][ T7501] ? mark_held_locks+0x40/0x70 [ 196.363111][ T7501] ? _raw_spin_unlock_irq+0x23/0x50 [ 196.363142][ T7501] ? lockdep_hardirqs_on+0x78/0x100 [ 196.363180][ T7501] snd_seq_oss_open+0x2b2/0xa10 [ 196.363210][ T7501] odev_open+0x79/0xc0 [ 196.363230][ T7501] ? __pfx_odev_open+0x10/0x10 [ 196.363252][ T7501] soundcore_open+0x2e3/0x5a0 [ 196.363278][ T7501] ? __pfx_soundcore_open+0x10/0x10 [ 196.363302][ T7501] chrdev_open+0x234/0x6a0 [ 196.363326][ T7501] ? __pfx_apparmor_file_open+0x10/0x10 [ 196.363369][ T7501] ? __pfx_chrdev_open+0x10/0x10 [ 196.363398][ T7501] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 196.363431][ T7501] do_dentry_open+0x6d8/0x1660 [ 196.363455][ T7501] ? __pfx_chrdev_open+0x10/0x10 [ 196.363487][ T7501] vfs_open+0x82/0x3f0 [ 196.363521][ T7501] path_openat+0x208c/0x31a0 [ 196.363556][ T7501] ? __pfx_path_openat+0x10/0x10 [ 196.363592][ T7501] do_file_open+0x20e/0x430 [ 196.363620][ T7501] ? __pfx_do_file_open+0x10/0x10 [ 196.363666][ T7501] ? alloc_fd+0x476/0x790 [ 196.363692][ T7501] ? do_getname+0x191/0x390 [ 196.363726][ T7501] do_sys_openat2+0x10d/0x1e0 [ 196.363758][ T7501] ? __pfx_do_sys_openat2+0x10/0x10 [ 196.363793][ T7501] ? find_held_lock+0x2b/0x80 [ 196.363822][ T7501] __x64_sys_openat+0x12d/0x210 [ 196.363890][ T7501] ? __pfx___x64_sys_openat+0x10/0x10 [ 196.363954][ T7501] do_syscall_64+0x106/0xf80 [ 196.363990][ T7501] ? clear_bhb_loop+0x40/0x90 [ 196.364020][ T7501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.364045][ T7501] RIP: 0033:0x7f77e359c799 [ 196.364065][ T7501] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 196.364088][ T7501] RSP: 002b:00007f77e43c1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 196.364111][ T7501] RAX: ffffffffffffffda RBX: 00007f77e3815fa0 RCX: 00007f77e359c799 [ 196.364127][ T7501] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 196.364143][ T7501] RBP: 00007f77e3632c99 R08: 0000000000000000 R09: 0000000000000000 [ 196.364158][ T7501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 196.364173][ T7501] R13: 00007f77e3816038 R14: 00007f77e3815fa0 R15: 00007fff3c8bb558 [ 196.364220][ T7501] [ 197.611937][ T7518] netlink: 28 bytes leftover after parsing attributes in process `syz.3.322'. [ 199.892690][ T7551] Invalid ELF header magic: != ELF [ 200.219281][ T7552] netlink: 'syz.3.325': attribute type 2 has an invalid length. [ 200.487642][ T7563] : Can't lookup blockdev [ 201.946200][ T7591] netlink: 342 bytes leftover after parsing attributes in process `syz.3.332'. [ 202.279876][ T7595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.334'. [ 202.333592][ T7596] netlink: 25 bytes leftover after parsing attributes in process `syz.1.334'. [ 202.961187][ T7612] cgroup: fork rejected by pids controller in /syz2 [ 203.417922][ T7667] nfs4: Unknown parameter '' [ 203.830509][ T7650] Bluetooth: hci4: Frame reassembly failed (-84) [ 204.118798][ T7795] netlink: 4 bytes leftover after parsing attributes in process `syz.0.345'. [ 204.160030][ T7795] netlink: 25 bytes leftover after parsing attributes in process `syz.0.345'. [ 204.409390][ T7803] sctp: [Deprecated]: syz.2.347 (pid 7803) Use of struct sctp_assoc_value in delayed_ack socket option. [ 204.409390][ T7803] Use struct sctp_sack_info instead [ 205.837050][ T7559] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 207.100924][ T7843] netlink: 4 bytes leftover after parsing attributes in process `syz.2.357'. [ 207.131906][ T7843] netlink: 25 bytes leftover after parsing attributes in process `syz.2.357'. [ 208.230193][ T7793] Bluetooth: hci1: unexpected event 0x34 length: 11 > 6 [ 208.923071][ T7870] FAULT_INJECTION: forcing a failure. [ 208.923071][ T7870] name failslab, interval 1, probability 0, space 0, times 0 [ 209.043604][ T7870] CPU: 1 UID: 0 PID: 7870 Comm: syz.1.365 Tainted: G I L syzkaller #0 PREEMPT(full) [ 209.043664][ T7870] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 209.043678][ T7870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 209.043698][ T7870] Call Trace: [ 209.043708][ T7870] [ 209.043720][ T7870] dump_stack_lvl+0x100/0x190 [ 209.043778][ T7870] should_fail_ex.cold+0x5/0xa [ 209.043819][ T7870] should_failslab+0xc2/0x120 [ 209.043854][ T7870] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 209.043911][ T7870] ? kstrdup_const+0x63/0x80 [ 209.043951][ T7870] kstrdup+0x51/0xe0 [ 209.044007][ T7870] kstrdup_const+0x63/0x80 [ 209.044038][ T7870] alloc_vfsmnt+0xe5/0x6a0 [ 209.044087][ T7870] ? __pfx___might_resched+0x10/0x10 [ 209.044140][ T7870] clone_mnt+0x4b/0x930 [ 209.044195][ T7870] copy_tree+0xfc/0xbf0 [ 209.044226][ T7870] ? __pfx_down_write+0x10/0x10 [ 209.044299][ T7870] copy_mnt_ns+0x2bd/0xc30 [ 209.044340][ T7870] ? create_new_namespaces+0x30/0xac0 [ 209.044376][ T7870] ? rcu_is_watching+0x12/0xc0 [ 209.044431][ T7870] create_new_namespaces+0xd3/0xac0 [ 209.044464][ T7870] ? bpf_lsm_capable+0x9/0x10 [ 209.044496][ T7870] ? security_capable+0x80/0x260 [ 209.044554][ T7870] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 209.044595][ T7870] ksys_unshare+0x473/0xad0 [ 209.044638][ T7870] ? __pfx_ksys_unshare+0x10/0x10 [ 209.044697][ T7870] __x64_sys_unshare+0x31/0x40 [ 209.044739][ T7870] do_syscall_64+0x106/0xf80 [ 209.044785][ T7870] ? clear_bhb_loop+0x40/0x90 [ 209.044825][ T7870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.044859][ T7870] RIP: 0033:0x7fc25379c799 [ 209.044888][ T7870] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 209.044920][ T7870] RSP: 002b:00007fc254639028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 209.044953][ T7870] RAX: ffffffffffffffda RBX: 00007fc253a15fa0 RCX: 00007fc25379c799 [ 209.044975][ T7870] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 209.044995][ T7870] RBP: 00007fc253832c99 R08: 0000000000000000 R09: 0000000000000000 [ 209.045015][ T7870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.045034][ T7870] R13: 00007fc253a16038 R14: 00007fc253a15fa0 R15: 00007ffebf1936b8 [ 209.045090][ T7870] [ 209.655995][ T7880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.367'. [ 209.666725][ T7882] netlink: 16 bytes leftover after parsing attributes in process `syz.1.368'. [ 209.994354][ T7891] netlink: 4 bytes leftover after parsing attributes in process `syz.0.377'. [ 209.995068][ T7891] netlink: 'syz.0.377': attribute type 1 has an invalid length. [ 209.995095][ T7891] netlink: 13 bytes leftover after parsing attributes in process `syz.0.377'. [ 209.995363][ T7891] netlink: 'syz.0.377': attribute type 1 has an invalid length. [ 210.032527][ T7858] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 210.032575][ T7858] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 210.585820][ T7898] FAULT_INJECTION: forcing a failure. [ 210.585820][ T7898] name fail_futex, interval 1, probability 0, space 0, times 1 [ 210.646037][ T7898] CPU: 1 UID: 0 PID: 7898 Comm: syz.0.370 Tainted: G I L syzkaller #0 PREEMPT(full) [ 210.646101][ T7898] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 210.646115][ T7898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 210.646143][ T7898] Call Trace: [ 210.646153][ T7898] [ 210.646166][ T7898] dump_stack_lvl+0x100/0x190 [ 210.646224][ T7898] should_fail_ex.cold+0x5/0xa [ 210.646264][ T7898] get_futex_key+0x1d2/0x1620 [ 210.646309][ T7898] ? __pfx_get_futex_key+0x10/0x10 [ 210.646366][ T7898] futex_wait_setup+0x83/0x510 [ 210.646429][ T7898] __futex_wait+0x19f/0x300 [ 210.646485][ T7898] ? __pfx___futex_wait+0x10/0x10 [ 210.646548][ T7898] ? __pfx_futex_wake_mark+0x10/0x10 [ 210.646604][ T7898] ? find_held_lock+0x2b/0x80 [ 210.646634][ T7898] ? futex_wake+0x456/0x530 [ 210.646693][ T7898] futex_wait+0xed/0x380 [ 210.646746][ T7898] ? __pfx_futex_wait+0x10/0x10 [ 210.646807][ T7898] ? putname+0xb1/0x110 [ 210.646841][ T7898] ? kmem_cache_free+0x124/0x6a0 [ 210.646911][ T7898] do_futex+0x1ef/0x350 [ 210.646957][ T7898] ? __pfx_do_futex+0x10/0x10 [ 210.646998][ T7898] ? __pfx_do_sys_openat2+0x10/0x10 [ 210.647053][ T7898] __x64_sys_futex+0x34f/0x4d0 [ 210.647098][ T7898] ? __x64_sys_openat+0x12d/0x210 [ 210.647153][ T7898] ? __pfx___x64_sys_futex+0x10/0x10 [ 210.647216][ T7898] do_syscall_64+0x106/0xf80 [ 210.647264][ T7898] ? clear_bhb_loop+0x40/0x90 [ 210.647307][ T7898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.647342][ T7898] RIP: 0033:0x7f77e359c799 [ 210.647371][ T7898] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 210.647403][ T7898] RSP: 002b:00007f77e43a00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 210.647435][ T7898] RAX: ffffffffffffffda RBX: 00007f77e3816098 RCX: 00007f77e359c799 [ 210.647458][ T7898] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f77e3816098 [ 210.647479][ T7898] RBP: 00007f77e3816090 R08: 0000000000000000 R09: 0000000000000000 [ 210.647498][ T7898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 210.647518][ T7898] R13: 00007f77e3816128 R14: 00007fff3c8bb470 R15: 00007fff3c8bb558 [ 210.647563][ T7898] [ 211.627038][ T7923] sd 0:0:1:0: PR command failed: 1026 [ 211.671076][ T7923] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 211.874732][ T7923] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 212.226018][ T7932] netlink: 338 bytes leftover after parsing attributes in process `syz.2.378'. [ 214.470743][ T7962] Invalid ELF header magic: != ELF [ 214.885046][ T7962] FAULT_INJECTION: forcing a failure. [ 214.885046][ T7962] name fail_futex, interval 1, probability 0, space 0, times 0 [ 214.899883][ T7962] CPU: 0 UID: 0 PID: 7962 Comm: syz.3.384 Tainted: G I L syzkaller #0 PREEMPT(full) [ 214.899938][ T7962] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 214.899951][ T7962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 214.899970][ T7962] Call Trace: [ 214.899979][ T7962] [ 214.899991][ T7962] dump_stack_lvl+0x100/0x190 [ 214.900042][ T7962] should_fail_ex.cold+0x5/0xa [ 214.900079][ T7962] get_futex_key+0x107c/0x1620 [ 214.900124][ T7962] ? __pfx_get_futex_key+0x10/0x10 [ 214.900159][ T7962] ? lock_acquire+0x1cf/0x380 [ 214.900213][ T7962] futex_wake+0xea/0x530 [ 214.900279][ T7962] ? __pfx_futex_wake+0x10/0x10 [ 214.900326][ T7962] ? exit_mm_release+0x19/0x30 [ 214.900375][ T7962] do_futex+0x32b/0x350 [ 214.900415][ T7962] ? __pfx_do_futex+0x10/0x10 [ 214.900453][ T7962] ? __might_fault+0xc5/0x140 [ 214.900510][ T7962] mm_release+0x24a/0x2f0 [ 214.900544][ T7962] do_exit+0x704/0x2b60 [ 214.900594][ T7962] ? __pfx_do_exit+0x10/0x10 [ 214.900636][ T7962] ? do_raw_spin_lock+0x128/0x260 [ 214.900683][ T7962] ? find_held_lock+0x2b/0x80 [ 214.900712][ T7962] ? get_signal+0x7e0/0x21e0 [ 214.900750][ T7962] do_group_exit+0xd5/0x2a0 [ 214.900797][ T7962] get_signal+0x1ec7/0x21e0 [ 214.900841][ T7962] ? ksys_write+0x190/0x250 [ 214.900874][ T7962] ? __pfx_get_signal+0x10/0x10 [ 214.900910][ T7962] ? do_futex+0x192/0x350 [ 214.900957][ T7962] arch_do_signal_or_restart+0x91/0x770 [ 214.900999][ T7962] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 214.901052][ T7962] ? __pfx___x64_sys_futex+0x10/0x10 [ 214.901103][ T7962] exit_to_user_mode_loop+0x86/0x4a0 [ 214.901148][ T7962] do_syscall_64+0x668/0xf80 [ 214.901191][ T7962] ? clear_bhb_loop+0x40/0x90 [ 214.901230][ T7962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.901270][ T7962] RIP: 0033:0x7f2b3539c799 [ 214.901297][ T7962] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 214.901324][ T7962] RSP: 002b:00007f2b361780e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 214.901355][ T7962] RAX: fffffffffffffe00 RBX: 00007f2b35616098 RCX: 00007f2b3539c799 [ 214.901376][ T7962] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2b35616098 [ 214.901395][ T7962] RBP: 00007f2b35616090 R08: 0000000000000000 R09: 0000000000000000 [ 214.901412][ T7962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 214.901430][ T7962] R13: 00007f2b35616128 R14: 00007ffd266a5070 R15: 00007ffd266a5158 [ 214.901473][ T7962] [ 215.998212][ T8000] FAULT_INJECTION: forcing a failure. [ 215.998212][ T8000] name failslab, interval 1, probability 0, space 0, times 0 [ 216.082177][ T8000] CPU: 1 UID: 0 PID: 8000 Comm: syz.1.387 Tainted: G I L syzkaller #0 PREEMPT(full) [ 216.082220][ T8000] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 216.082231][ T8000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 216.082245][ T8000] Call Trace: [ 216.082253][ T8000] [ 216.082262][ T8000] dump_stack_lvl+0x100/0x190 [ 216.082302][ T8000] should_fail_ex.cold+0x5/0xa [ 216.082331][ T8000] should_failslab+0xc2/0x120 [ 216.082357][ T8000] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 216.082396][ T8000] ? alloc_inode+0x183/0x250 [ 216.082433][ T8000] ? alloc_fd+0x476/0x790 [ 216.082462][ T8000] alloc_inode+0x183/0x250 [ 216.082495][ T8000] alloc_anon_inode+0x2a/0x3e0 [ 216.082522][ T8000] anon_inode_make_secure_inode+0x2f/0x140 [ 216.082556][ T8000] __do_sys_memfd_secret+0xd7/0x3d0 [ 216.082584][ T8000] do_syscall_64+0x106/0xf80 [ 216.082618][ T8000] ? clear_bhb_loop+0x40/0x90 [ 216.082647][ T8000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.082673][ T8000] RIP: 0033:0x7fc25379c799 [ 216.082694][ T8000] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 216.082718][ T8000] RSP: 002b:00007fc2545d6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 216.082740][ T8000] RAX: ffffffffffffffda RBX: 00007fc253a16270 RCX: 00007fc25379c799 [ 216.082756][ T8000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 216.082770][ T8000] RBP: 00007fc253832c99 R08: 0000000000000000 R09: 0000000000000000 [ 216.082785][ T8000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 216.082799][ T8000] R13: 00007fc253a16308 R14: 00007fc253a16270 R15: 00007ffebf1936b8 [ 216.082830][ T8000] [ 217.677425][ T8026] [U] [ 217.680505][ T8026] [U] [ 217.683269][ T8026] [U] [ 217.686117][ T8026] [U] [ 217.689869][ T8026] [U] [ 217.692653][ T8026] [U] [ 217.695415][ T8026] [U] [ 217.698179][ T8026] [U] [ 217.727108][ T8026] [U] [ 217.729907][ T8026] [U] [ 217.732669][ T8026] [U] [ 217.735433][ T8026] [U] [ 217.856948][ T8026] [U] [ 217.859708][ T8026] [U] [ 217.862459][ T8026] [U] [ 217.865168][ T8026] [U] [ 217.911679][ T8026] [U] [ 217.914481][ T8026] [U] [ 217.917230][ T8026] [U] [ 217.919983][ T8026] [U] [ 217.986036][ T8026] [U] [ 217.988829][ T8026] [U] [ 217.991583][ T8026] [U] [ 217.994335][ T8026] [U] [ 218.092827][ T8026] [U] [ 219.387826][ T8068] netlink: 'syz.2.395': attribute type 1 has an invalid length. [ 219.846354][ T8050] nfs4: Unknown parameter '' [ 222.449830][ T8104] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 222.483871][ T8104] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 222.497215][ T8104] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 222.537945][ T8104] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 223.160976][ T8108] program syz.3.396 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 223.198449][ T8146] cgroup: fork rejected by pids controller in /syz1 [ 223.478690][ T8182] FAULT_INJECTION: forcing a failure. [ 223.478690][ T8182] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 223.529497][ T7793] Bluetooth: hci0: command 0x0c1a tx timeout [ 223.653250][ T8182] CPU: 0 UID: 0 PID: 8182 Comm: syz.2.406 Tainted: G I L syzkaller #0 PREEMPT(full) [ 223.653317][ T8182] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 223.653331][ T8182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 223.653350][ T8182] Call Trace: [ 223.653359][ T8182] [ 223.653370][ T8182] dump_stack_lvl+0x100/0x190 [ 223.653424][ T8182] should_fail_ex.cold+0x5/0xa [ 223.653462][ T8182] _copy_from_user+0x2e/0xd0 [ 223.653501][ T8182] get_timespec64+0x8b/0x1b0 [ 223.653537][ T8182] ? __pfx_get_timespec64+0x10/0x10 [ 223.653570][ T8182] ? ktime_get+0x200/0x300 [ 223.653614][ T8182] __x64_sys_futex+0x21a/0x4d0 [ 223.653662][ T8182] ? __pfx___x64_sys_futex+0x10/0x10 [ 223.653721][ T8182] do_syscall_64+0x106/0xf80 [ 223.653766][ T8182] ? clear_bhb_loop+0x40/0x90 [ 223.653805][ T8182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.653838][ T8182] RIP: 0033:0x7efcfe79c799 [ 223.653864][ T8182] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 223.653894][ T8182] RSP: 002b:00007ffc6debc0d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 223.653923][ T8182] RAX: ffffffffffffffda RBX: 00000000000368d2 RCX: 00007efcfe79c799 [ 223.653944][ T8182] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007efcfea15fac [ 223.653963][ T8182] RBP: 0000000000000032 R08: 0000000000000000 R09: 0000000000000000 [ 223.653980][ T8182] R10: 00007ffc6debc1e0 R11: 0000000000000246 R12: 00007ffc6debc200 [ 223.653999][ T8182] R13: 00007efcfea15fac R14: 0000000000036904 R15: 00007ffc6debc1e0 [ 223.654040][ T8182] [ 224.560973][ T7793] Bluetooth: hci3: command 0x0c1a tx timeout [ 224.567615][ T7793] Bluetooth: hci2: command 0x0c1a tx timeout [ 224.573773][ T7793] Bluetooth: hci1: command 0x0c1a tx timeout [ 225.687023][ T8318] futex_wake_op: syz.1.410 tries to shift op by -2048; fix this program [ 225.695601][ T8318] futex_wake_op: syz.1.410 tries to shift op by -2048; fix this program [ 225.777221][ T8327] 0x000000000001-0x000000020000 : "" [ 225.792149][ T8327] ftl_cs: FTL header corrupt! [ 225.978514][ T8318] misc userio: No port type given on /dev/userio [ 227.768284][ T8355] Invalid ELF header magic: != ELF [ 227.916459][ T8343] syz.1.414 (8343) used greatest stack depth: 19264 bytes left [ 228.470336][ T8363] zswap: compressor not available [ 229.736353][ T8387] vivid-007: ================= START STATUS ================= [ 229.760758][ T8387] vivid-007: Generate PTS: true [ 229.781109][ T8387] vivid-007: Generate SCR: true [ 229.803054][ T8387] tpg source WxH: 320x240 (Y'CbCr) [ 229.836764][ T8387] tpg field: 1 [ 229.936733][ T8387] tpg crop: (0,0)/320x240 [ 229.949918][ T8387] tpg compose: (0,0)/320x240 [ 229.980050][ T8387] tpg colorspace: 8 [ 230.012570][ T8387] tpg transfer function: 0/0 [ 230.065532][ T8402] netlink: 4 bytes leftover after parsing attributes in process `syz.2.425'. [ 230.103144][ T8387] tpg Y'CbCr encoding: 0/0 [ 230.122484][ T8387] tpg quantization: 0/0 [ 230.176289][ T8387] tpg RGB range: 0/2 [ 230.506646][ T8387] vivid-007: ================== END STATUS ================== [ 231.360460][ T8411] delete_channel: no stack [ 231.546335][ T8420] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967104 (549755789312 ns) > initial count (26496 ns). Using initial count to start timer. [ 232.993673][ T8438] netlink: 4 bytes leftover after parsing attributes in process `syz.2.436'. [ 233.215082][ T8441] cifs: Unknown parameter ') Up̢{V ]762']Ψ!gʮ79fM<*ysEh' [ 233.990474][ T8459] zswap: compressor not available [ 234.113356][ T8468] FAULT_INJECTION: forcing a failure. [ 234.113356][ T8468] name failslab, interval 1, probability 0, space 0, times 0 [ 234.127666][ T8468] CPU: 1 UID: 0 PID: 8468 Comm: syz.3.443 Tainted: G I L syzkaller #0 PREEMPT(full) [ 234.127720][ T8468] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 234.127733][ T8468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 234.127760][ T8468] Call Trace: [ 234.127771][ T8468] [ 234.127782][ T8468] dump_stack_lvl+0x100/0x190 [ 234.127836][ T8468] should_fail_ex.cold+0x5/0xa [ 234.127873][ T8468] should_failslab+0xc2/0x120 [ 234.127915][ T8468] __kmalloc_cache_noprof+0x7a/0x6f0 [ 234.127959][ T8468] ? handle_policy_update+0xd0/0xf00 [ 234.128014][ T8468] handle_policy_update+0xd0/0xf00 [ 234.128059][ T8468] ? __pfx___might_resched+0x10/0x10 [ 234.128105][ T8468] ? lock_acquire+0x1cf/0x380 [ 234.128148][ T8468] ? __pfx_handle_policy_update+0x10/0x10 [ 234.128191][ T8468] ? apparmor_capable+0x1d7/0x4d0 [ 234.128226][ T8468] ? bpf_lsm_capable+0x9/0x10 [ 234.128260][ T8468] ? security_capable+0x80/0x260 [ 234.128315][ T8468] safesetid_gid_file_write+0x87/0xc0 [ 234.128366][ T8468] vfs_write+0x2aa/0x1070 [ 234.128396][ T8468] ? __pfx_safesetid_gid_file_write+0x10/0x10 [ 234.128449][ T8468] ? __pfx_vfs_write+0x10/0x10 [ 234.128500][ T8468] ? __fget_files+0x215/0x3d0 [ 234.128539][ T8468] ? __fget_files+0x21f/0x3d0 [ 234.128582][ T8468] ksys_write+0x12a/0x250 [ 234.128612][ T8468] ? __pfx_ksys_write+0x10/0x10 [ 234.128654][ T8468] do_syscall_64+0x106/0xf80 [ 234.128699][ T8468] ? clear_bhb_loop+0x40/0x90 [ 234.128740][ T8468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.128774][ T8468] RIP: 0033:0x7f2b3539c799 [ 234.128800][ T8468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 234.128830][ T8468] RSP: 002b:00007f2b36199028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 234.128872][ T8468] RAX: ffffffffffffffda RBX: 00007f2b35615fa0 RCX: 00007f2b3539c799 [ 234.128899][ T8468] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 234.128918][ T8468] RBP: 00007f2b35432c99 R08: 0000000000000000 R09: 0000000000000000 [ 234.128937][ T8468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 234.128956][ T8468] R13: 00007f2b35616038 R14: 00007f2b35615fa0 R15: 00007ffd266a5158 [ 234.128999][ T8468] [ 235.270361][ T8477] netlink: 4 bytes leftover after parsing attributes in process `syz.0.446'. [ 235.306821][ T8479] netlink: 4 bytes leftover after parsing attributes in process `syz.1.445'. [ 237.770628][ T8525] FAULT_INJECTION: forcing a failure. [ 237.770628][ T8525] name fail_futex, interval 1, probability 0, space 0, times 0 [ 237.895446][ T8525] CPU: 1 UID: 0 PID: 8525 Comm: syz.2.454 Tainted: G I L syzkaller #0 PREEMPT(full) [ 237.895498][ T8525] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 237.895511][ T8525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 237.895529][ T8525] Call Trace: [ 237.895539][ T8525] [ 237.895551][ T8525] dump_stack_lvl+0x100/0x190 [ 237.895604][ T8525] should_fail_ex.cold+0x5/0xa [ 237.895643][ T8525] get_futex_key+0x1d2/0x1620 [ 237.895695][ T8525] ? __pfx_get_futex_key+0x10/0x10 [ 237.895732][ T8525] ? futex_hash+0x2c5/0x380 [ 237.895784][ T8525] futex_wake+0xea/0x530 [ 237.895834][ T8525] ? __pfx_futex_wait+0x10/0x10 [ 237.895883][ T8525] ? __pfx_futex_wake+0x10/0x10 [ 237.895950][ T8525] do_futex+0x32b/0x350 [ 237.895995][ T8525] ? __pfx_do_futex+0x10/0x10 [ 237.896037][ T8525] ? find_held_lock+0x2b/0x80 [ 237.896067][ T8525] ? __fget_files+0x215/0x3d0 [ 237.896097][ T8525] ? __fget_files+0x215/0x3d0 [ 237.896132][ T8525] __x64_sys_futex+0x34f/0x4d0 [ 237.896182][ T8525] ? __pfx___x64_sys_futex+0x10/0x10 [ 237.896227][ T8525] ? fput+0x79/0x100 [ 237.896275][ T8525] do_syscall_64+0x106/0xf80 [ 237.896320][ T8525] ? clear_bhb_loop+0x40/0x90 [ 237.896360][ T8525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.896393][ T8525] RIP: 0033:0x7efcfe79c799 [ 237.896419][ T8525] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 237.896449][ T8525] RSP: 002b:00007efcfc9f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 237.896479][ T8525] RAX: ffffffffffffffda RBX: 00007efcfea16188 RCX: 00007efcfe79c799 [ 237.896500][ T8525] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007efcfea1618c [ 237.896517][ T8525] RBP: 00007efcfea16180 R08: 0000000000000000 R09: 0000000000000000 [ 237.896536][ T8525] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 237.896555][ T8525] R13: 00007efcfea16218 R14: 00007ffc6debbe90 R15: 00007ffc6debbf78 [ 237.896594][ T8525] [ 238.456327][ T8538] FAULT_INJECTION: forcing a failure. [ 238.456327][ T8538] name failslab, interval 1, probability 0, space 0, times 0 [ 238.470833][ T8538] CPU: 0 UID: 0 PID: 8538 Comm: syz.3.458 Tainted: G I L syzkaller #0 PREEMPT(full) [ 238.470893][ T8538] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 238.470908][ T8538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 238.470929][ T8538] Call Trace: [ 238.470940][ T8538] [ 238.470953][ T8538] dump_stack_lvl+0x100/0x190 [ 238.471010][ T8538] should_fail_ex.cold+0x5/0xa [ 238.471052][ T8538] should_failslab+0xc2/0x120 [ 238.471088][ T8538] __kmalloc_node_noprof+0xe6/0x850 [ 238.471138][ T8538] ? qdisc_alloc+0xbb/0xb30 [ 238.471191][ T8538] qdisc_alloc+0xbb/0xb30 [ 238.471251][ T8538] qdisc_create_dflt+0x93/0x4c0 [ 238.471299][ T8538] dev_activate+0x64f/0xce0 [ 238.471352][ T8538] ? __pfx_dev_activate+0x10/0x10 [ 238.471402][ T8538] ? __local_bh_enable_ip+0x9e/0x120 [ 238.471445][ T8538] __dev_open+0x4f1/0x960 [ 238.471490][ T8538] ? __pfx___dev_open+0x10/0x10 [ 238.471538][ T8538] ? __local_bh_enable_ip+0x9e/0x120 [ 238.471579][ T8538] __dev_change_flags+0x558/0x6f0 [ 238.471629][ T8538] ? __pfx___dev_change_flags+0x10/0x10 [ 238.471690][ T8538] netif_change_flags+0x8d/0x160 [ 238.471742][ T8538] dev_change_flags+0xba/0x250 [ 238.471799][ T8538] flags_store+0x187/0x1e0 [ 238.471842][ T8538] ? __pfx_flags_store+0x10/0x10 [ 238.471886][ T8538] ? find_held_lock+0x2b/0x80 [ 238.471917][ T8538] ? sysfs_file_kobj+0xe4/0x290 [ 238.471957][ T8538] ? sysfs_file_kobj+0xe4/0x290 [ 238.472000][ T8538] ? __pfx_flags_store+0x10/0x10 [ 238.472041][ T8538] dev_attr_store+0x58/0x80 [ 238.472079][ T8538] ? __pfx_dev_attr_store+0x10/0x10 [ 238.472117][ T8538] sysfs_kf_write+0xf2/0x150 [ 238.472163][ T8538] kernfs_fop_write_iter+0x3e0/0x5f0 [ 238.472197][ T8538] ? __pfx_sysfs_kf_write+0x10/0x10 [ 238.472250][ T8538] vfs_write+0x6ac/0x1070 [ 238.472283][ T8538] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 238.472325][ T8538] ? __pfx_vfs_write+0x10/0x10 [ 238.472409][ T8538] ksys_write+0x12a/0x250 [ 238.472441][ T8538] ? __pfx_ksys_write+0x10/0x10 [ 238.472486][ T8538] do_syscall_64+0x106/0xf80 [ 238.472533][ T8538] ? clear_bhb_loop+0x40/0x90 [ 238.472575][ T8538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.472610][ T8538] RIP: 0033:0x7f2b3539c799 [ 238.472638][ T8538] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 238.472671][ T8538] RSP: 002b:00007f2b36199028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 238.472703][ T8538] RAX: ffffffffffffffda RBX: 00007f2b35615fa0 RCX: 00007f2b3539c799 [ 238.472725][ T8538] RDX: 0000000000000081 RSI: 0000200000000140 RDI: 0000000000000002 [ 238.472745][ T8538] RBP: 00007f2b35432c99 R08: 0000000000000000 R09: 0000000000000000 [ 238.472765][ T8538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 238.472784][ T8538] R13: 00007f2b35616038 R14: 00007f2b35615fa0 R15: 00007ffd266a5158 [ 238.472830][ T8538] [ 238.472864][ T8538] rose7: default qdisc (pfifo_fast) fail, fallback to noqueue [ 240.957773][ T7793] Bluetooth: hci0: command 0x0c1a tx timeout [ 241.004716][ T8542] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 241.149582][ T8542] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 241.158583][ T8542] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 241.165009][ T8542] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 241.173214][ T8547] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 241.692237][ T30] audit: type=1804 audit(1773775227.771:6): pid=8580 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.468" name="/newroot/sys/kernel/tracing/README" dev="tracefs" ino=3564 res=1 errno=0 [ 241.694240][ T8585] futex_wake_op: syz.3.469 tries to shift op by -2048; fix this program [ 241.841386][ T8584] zero sized request [ 241.922658][ T8585] futex_wake_op: syz.3.469 tries to shift op by -2048; fix this program [ 242.579990][ T8603] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off [ 242.589301][ T8603] pci 0000:00:01.3: PCI INT A: no GSI [ 243.121985][ T7793] Bluetooth: hci1: command 0x0c1a tx timeout [ 243.198815][ T7793] Bluetooth: hci3: command 0x0c1a tx timeout [ 243.204967][ T7528] Bluetooth: hci2: command 0x0c1a tx timeout [ 244.838708][ T8644] netlink: 'syz.1.483': attribute type 3 has an invalid length. [ 245.114134][ T8646] : Can't lookup blockdev [ 245.892717][ T8648] : Can't lookup blockdev [ 247.406064][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c2df400: rx timeout, send abort [ 247.915947][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c2df400: abort rx timeout. Force session deactivation [ 248.487679][ T8673] device-mapper: ioctl: Unable to rename non-existent device, to uuid sequencer2 [ 248.622257][ T8678] kAFS: Invalid Command on /proc/fs/afs/cells file [ 249.035104][ T8689] FAULT_INJECTION: forcing a failure. [ 249.035104][ T8689] name failslab, interval 1, probability 0, space 0, times 0 [ 249.085027][ T8689] CPU: 1 UID: 0 PID: 8689 Comm: syz.1.492 Tainted: G I L syzkaller #0 PREEMPT(full) [ 249.085086][ T8689] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 249.085100][ T8689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 249.085120][ T8689] Call Trace: [ 249.085130][ T8689] [ 249.085143][ T8689] dump_stack_lvl+0x100/0x190 [ 249.085199][ T8689] should_fail_ex.cold+0x5/0xa [ 249.085240][ T8689] should_failslab+0xc2/0x120 [ 249.085276][ T8689] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 249.085328][ T8689] ? sk_prot_alloc+0x60/0x2a0 [ 249.085369][ T8689] sk_prot_alloc+0x60/0x2a0 [ 249.085406][ T8689] sk_alloc+0x36/0xe80 [ 249.085452][ T8689] tipc_sk_create+0xf9/0x2420 [ 249.085503][ T8689] ? find_held_lock+0x2b/0x80 [ 249.085534][ T8689] ? __sock_create+0x2f3/0x860 [ 249.085568][ T8689] ? __sock_create+0x2f3/0x860 [ 249.085609][ T8689] __sock_create+0x339/0x860 [ 249.085652][ T8689] __sys_socket+0x14d/0x260 [ 249.085700][ T8689] ? __pfx___sys_socket+0x10/0x10 [ 249.085751][ T8689] __x64_sys_socket+0x72/0xb0 [ 249.085787][ T8689] ? lockdep_hardirqs_on+0x78/0x100 [ 249.085834][ T8689] do_syscall_64+0x106/0xf80 [ 249.085886][ T8689] ? clear_bhb_loop+0x40/0x90 [ 249.085917][ T8689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.085942][ T8689] RIP: 0033:0x7fc25379c799 [ 249.085962][ T8689] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 249.085986][ T8689] RSP: 002b:00007fc254639028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 249.086008][ T8689] RAX: ffffffffffffffda RBX: 00007fc253a15fa0 RCX: 00007fc25379c799 [ 249.086024][ T8689] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 000000000000001e [ 249.086039][ T8689] RBP: 00007fc253832c99 R08: 0000000000000000 R09: 0000000000000000 [ 249.086054][ T8689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 249.086068][ T8689] R13: 00007fc253a16038 R14: 00007fc253a15fa0 R15: 00007ffebf1936b8 [ 249.086099][ T8689] [ 249.876601][ T7793] Bluetooth: hci3: unknown advertising packet type: 0xea [ 250.067084][ T8703] netlink: 334 bytes leftover after parsing attributes in process `syz.0.497'. [ 250.111165][ T8703] netlink: 28 bytes leftover after parsing attributes in process `syz.0.497'. [ 252.167875][ T8738] netlink: 20 bytes leftover after parsing attributes in process `syz.0.505'. [ 252.220052][ T8738] netlink: 20 bytes leftover after parsing attributes in process `syz.0.505'. [ 252.621787][ T8748] FAULT_INJECTION: forcing a failure. [ 252.621787][ T8748] name failslab, interval 1, probability 0, space 0, times 0 [ 252.636345][ T8748] CPU: 1 UID: 0 PID: 8748 Comm: syz.2.507 Tainted: G I L syzkaller #0 PREEMPT(full) [ 252.636400][ T8748] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 252.636413][ T8748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 252.636432][ T8748] Call Trace: [ 252.636442][ T8748] [ 252.636454][ T8748] dump_stack_lvl+0x100/0x190 [ 252.636510][ T8748] should_fail_ex.cold+0x5/0xa [ 252.636549][ T8748] ? iter_file_splice_write+0x1d8/0x10a0 [ 252.636583][ T8748] should_failslab+0xc2/0x120 [ 252.636616][ T8748] __kmalloc_noprof+0xe0/0x850 [ 252.636666][ T8748] ? __pfx___might_resched+0x10/0x10 [ 252.636722][ T8748] iter_file_splice_write+0x1d8/0x10a0 [ 252.636775][ T8748] ? __pfx_iter_file_splice_write+0x10/0x10 [ 252.636811][ T8748] ? __lock_acquire+0x4a5/0x2630 [ 252.636856][ T8748] ? shmem_file_splice_read+0x724/0xdd0 [ 252.636937][ T8748] ? __pfx_iter_file_splice_write+0x10/0x10 [ 252.636976][ T8748] direct_splice_actor+0x192/0x6c0 [ 252.637013][ T8748] splice_direct_to_actor+0x345/0xa30 [ 252.637051][ T8748] ? __pfx_direct_splice_actor+0x10/0x10 [ 252.637116][ T8748] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 252.637168][ T8748] do_splice_direct+0x174/0x240 [ 252.637203][ T8748] ? __pfx_do_splice_direct+0x10/0x10 [ 252.637239][ T8748] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 252.637299][ T8748] ? rw_verify_area+0xce/0x6d0 [ 252.637363][ T8748] do_sendfile+0xadc/0xe20 [ 252.637423][ T8748] ? __pfx_do_sendfile+0x10/0x10 [ 252.637492][ T8748] __x64_sys_sendfile64+0x154/0x220 [ 252.637542][ T8748] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 252.637600][ T8748] do_syscall_64+0x106/0xf80 [ 252.637649][ T8748] ? clear_bhb_loop+0x40/0x90 [ 252.637691][ T8748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.637727][ T8748] RIP: 0033:0x7efcfe79c799 [ 252.637754][ T8748] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 252.637784][ T8748] RSP: 002b:00007efcfc9f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 252.637815][ T8748] RAX: ffffffffffffffda RBX: 00007efcfea16180 RCX: 00007efcfe79c799 [ 252.637836][ T8748] RDX: 0000200000000000 RSI: 000000000000000a RDI: 000000000000000a [ 252.637855][ T8748] RBP: 00007efcfe832c99 R08: 0000000000000000 R09: 0000000000000000 [ 252.637875][ T8748] R10: 0000000000000b5d R11: 0000000000000246 R12: 0000000000000000 [ 252.637894][ T8748] R13: 00007efcfea16218 R14: 00007efcfea16180 R15: 00007ffc6debbf78 [ 252.637939][ T8748] [ 253.614309][ T8770] ima: policy update failed [ 253.619847][ T30] audit: type=1802 audit(1773775239.695:7): pid=8770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.512" res=0 errno=0 [ 255.350282][ T8828] openvswitch: netlink: Key type 200 is out of range max 32 [ 255.770237][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.783065][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.485496][ T8840] workqueue: Failed to create a rescuer kthread for wq "nfc16_nci_cmd_wq": -EINTR [ 257.359763][ T8920] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 257.670215][ T8919] netlink: 'syz.2.531': attribute type 3 has an invalid length. [ 257.686013][ T8919] netlink: 8 bytes leftover after parsing attributes in process `syz.2.531'. [ 258.340398][ T8937] syz.0.534 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 259.289549][ T8936] FAULT_INJECTION: forcing a failure. [ 259.289549][ T8936] name failslab, interval 1, probability 0, space 0, times 0 [ 259.340250][ T8936] CPU: 0 UID: 0 PID: 8936 Comm: syz.2.535 Tainted: G I L syzkaller #0 PREEMPT(full) [ 259.340318][ T8936] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 259.340333][ T8936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 259.340352][ T8936] Call Trace: [ 259.340363][ T8936] [ 259.340375][ T8936] dump_stack_lvl+0x100/0x190 [ 259.340433][ T8936] should_fail_ex.cold+0x5/0xa [ 259.340473][ T8936] should_failslab+0xc2/0x120 [ 259.340509][ T8936] __kmalloc_cache_noprof+0x7a/0x6f0 [ 259.340554][ T8936] ? newseg+0x269/0xed0 [ 259.340601][ T8936] newseg+0x269/0xed0 [ 259.340641][ T8936] ? __pfx_futex_wait+0x10/0x10 [ 259.340695][ T8936] ? __pfx_newseg+0x10/0x10 [ 259.340734][ T8936] ? down_write+0x146/0x1f0 [ 259.340786][ T8936] ? __sched_setaffinity+0x17c/0x280 [ 259.340822][ T8936] ? __pfx___sched_setaffinity+0x10/0x10 [ 259.340861][ T8936] ipcget+0xee/0xf50 [ 259.340901][ T8936] ? do_futex+0x192/0x350 [ 259.340943][ T8936] ? __pfx_do_futex+0x10/0x10 [ 259.340988][ T8936] ? sched_setaffinity+0xe0/0x400 [ 259.341019][ T8936] ? __might_fault+0xc5/0x140 [ 259.341068][ T8936] ? __pfx_ipcget+0x10/0x10 [ 259.341113][ T8936] ? __x64_sys_futex+0x34f/0x4d0 [ 259.341156][ T8936] ? __x64_sys_futex+0x358/0x4d0 [ 259.341204][ T8936] __x64_sys_shmget+0x13b/0x1b0 [ 259.341249][ T8936] ? __pfx___x64_sys_shmget+0x10/0x10 [ 259.341315][ T8936] do_syscall_64+0x106/0xf80 [ 259.341361][ T8936] ? clear_bhb_loop+0x40/0x90 [ 259.341403][ T8936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.341438][ T8936] RIP: 0033:0x7efcfe79c799 [ 259.341465][ T8936] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 259.341497][ T8936] RSP: 002b:00007efcff5af028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 259.341529][ T8936] RAX: ffffffffffffffda RBX: 00007efcfea15fa0 RCX: 00007efcfe79c799 [ 259.341550][ T8936] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 259.341570][ T8936] RBP: 00007efcfe832c99 R08: 0000000000000000 R09: 0000000000000000 [ 259.341590][ T8936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 259.341610][ T8936] R13: 00007efcfea16038 R14: 00007efcfea15fa0 R15: 00007ffc6debbf78 [ 259.341654][ T8936] [ 260.094927][ T8963] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 262.701300][ T9007] FAULT_INJECTION: forcing a failure. [ 262.701300][ T9007] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 262.730810][ T9007] CPU: 1 UID: 0 PID: 9007 Comm: syz.0.551 Tainted: G I L syzkaller #0 PREEMPT(full) [ 262.730860][ T9007] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 262.730874][ T9007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 262.730890][ T9007] Call Trace: [ 262.730900][ T9007] [ 262.730912][ T9007] dump_stack_lvl+0x100/0x190 [ 262.730976][ T9007] should_fail_ex.cold+0x5/0xa [ 262.731006][ T9007] ? prepare_alloc_pages+0x16d/0x5f0 [ 262.731046][ T9007] should_fail_alloc_page+0xeb/0x140 [ 262.731083][ T9007] prepare_alloc_pages+0x1f0/0x5f0 [ 262.731119][ T9007] ? bpf_ksym_find+0x124/0x1c0 [ 262.731161][ T9007] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 262.731214][ T9007] ? __kernel_text_address+0xd/0x30 [ 262.731263][ T9007] ? unwind_get_return_address+0x59/0xa0 [ 262.731299][ T9007] ? arch_stack_walk+0xa6/0xf0 [ 262.731344][ T9007] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 262.731395][ T9007] ? stack_trace_save+0x8e/0xc0 [ 262.731427][ T9007] ? __pfx_stack_trace_save+0x10/0x10 [ 262.731460][ T9007] ? stack_depot_save_flags+0x27/0x9d0 [ 262.731510][ T9007] ? kasan_save_stack+0x30/0x50 [ 262.731559][ T9007] ? kasan_save_track+0x14/0x30 [ 262.731607][ T9007] ? __kasan_slab_alloc+0x89/0x90 [ 262.731636][ T9007] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 262.731682][ T9007] ? __pmd_alloc+0xbf/0x950 [ 262.731716][ T9007] ? __handle_mm_fault+0xa99/0x2b60 [ 262.731760][ T9007] ? handle_mm_fault+0x36d/0xa20 [ 262.731802][ T9007] ? __get_user_pages+0xf9c/0x34d0 [ 262.731835][ T9007] ? populate_vma_page_range+0x267/0x3f0 [ 262.731872][ T9007] ? __mm_populate+0x107/0x3a0 [ 262.731907][ T9007] ? vm_mmap_pgoff+0x37f/0x470 [ 262.731948][ T9007] ? ksys_mmap_pgoff+0xe1/0x650 [ 262.731979][ T9007] ? __x64_sys_mmap+0x125/0x190 [ 262.732025][ T9007] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 262.732082][ T9007] ? policy_nodemask+0xed/0x4f0 [ 262.732120][ T9007] alloc_pages_mpol+0x1fb/0x550 [ 262.732156][ T9007] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 262.732203][ T9007] alloc_pages_noprof+0x131/0x390 [ 262.732240][ T9007] pte_alloc_one+0x1c/0x3d0 [ 262.732277][ T9007] __pte_alloc+0x6d/0x3e0 [ 262.732310][ T9007] ? __pfx___pte_alloc+0x10/0x10 [ 262.732346][ T9007] ? do_raw_spin_lock+0x128/0x260 [ 262.732394][ T9007] ? find_held_lock+0x2b/0x80 [ 262.732428][ T9007] do_anonymous_page+0x13cc/0x1fb0 [ 262.732473][ T9007] ? do_raw_spin_unlock+0x145/0x1e0 [ 262.732523][ T9007] ? _raw_spin_unlock+0x28/0x50 [ 262.732563][ T9007] ? __pmd_alloc+0x3fb/0x950 [ 262.732605][ T9007] __handle_mm_fault+0x1d42/0x2b60 [ 262.732657][ T9007] ? mt_find+0x45e/0x8e0 [ 262.732708][ T9007] ? __pfx___handle_mm_fault+0x10/0x10 [ 262.732751][ T9007] ? __pfx_mt_find+0x10/0x10 [ 262.732834][ T9007] handle_mm_fault+0x36d/0xa20 [ 262.732887][ T9007] __get_user_pages+0xf9c/0x34d0 [ 262.732947][ T9007] ? __pfx___get_user_pages+0x10/0x10 [ 262.732996][ T9007] populate_vma_page_range+0x267/0x3f0 [ 262.733039][ T9007] ? __pfx_populate_vma_page_range+0x10/0x10 [ 262.733078][ T9007] ? __pfx_find_vma_intersection+0x10/0x10 [ 262.733115][ T9007] ? do_mmap+0x93f/0x12f0 [ 262.733156][ T9007] __mm_populate+0x107/0x3a0 [ 262.733197][ T9007] ? __pfx___mm_populate+0x10/0x10 [ 262.733239][ T9007] ? up_write+0x290/0x4f0 [ 262.733290][ T9007] vm_mmap_pgoff+0x37f/0x470 [ 262.733332][ T9007] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 262.733373][ T9007] ? do_futex+0x192/0x350 [ 262.733417][ T9007] ? __pfx_do_futex+0x10/0x10 [ 262.733467][ T9007] ksys_mmap_pgoff+0xe1/0x650 [ 262.733503][ T9007] ? __x64_sys_futex+0x34f/0x4d0 [ 262.733544][ T9007] ? __x64_sys_futex+0x358/0x4d0 [ 262.733586][ T9007] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 262.733621][ T9007] ? xfd_validate_state+0x129/0x190 [ 262.733677][ T9007] __x64_sys_mmap+0x125/0x190 [ 262.733731][ T9007] do_syscall_64+0x106/0xf80 [ 262.733776][ T9007] ? clear_bhb_loop+0x40/0x90 [ 262.733817][ T9007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.733851][ T9007] RIP: 0033:0x7f77e359c799 [ 262.733878][ T9007] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 262.733908][ T9007] RSP: 002b:00007f77e43a0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 262.733943][ T9007] RAX: ffffffffffffffda RBX: 00007f77e3816090 RCX: 00007f77e359c799 [ 262.733965][ T9007] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 262.733984][ T9007] RBP: 00007f77e3632c99 R08: 0000000000000002 R09: 0000000000008000 [ 262.734004][ T9007] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 262.734023][ T9007] R13: 00007f77e3816128 R14: 00007f77e3816090 R15: 00007fff3c8bb558 [ 262.734066][ T9007] [ 266.153070][ T9046] binder: 9045:9046 ioctl c0306201 0 returned -14 [ 266.188828][ T9046] netlink: 32 bytes leftover after parsing attributes in process `syz.0.556'. [ 266.358256][ T9048] openvswitch: netlink: Message has 4632 unknown bytes. [ 266.862699][ T9061] mkiss: ax0: crc mode is auto. [ 270.796024][ T9134] ICMPv6: process `syz.0.574' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 273.611158][ T9165] FAULT_INJECTION: forcing a failure. [ 273.611158][ T9165] name failslab, interval 1, probability 0, space 0, times 0 [ 273.623886][ T9165] CPU: 1 UID: 0 PID: 9165 Comm: syz.0.577 Tainted: G I L syzkaller #0 PREEMPT(full) [ 273.623927][ T9165] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 273.623938][ T9165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 273.623953][ T9165] Call Trace: [ 273.623961][ T9165] [ 273.623970][ T9165] dump_stack_lvl+0x100/0x190 [ 273.624013][ T9165] should_fail_ex.cold+0x5/0xa [ 273.624041][ T9165] should_failslab+0xc2/0x120 [ 273.624073][ T9165] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 273.624111][ T9165] ? __kernfs_new_node+0xd2/0x960 [ 273.624153][ T9165] __kernfs_new_node+0xd2/0x960 [ 273.624193][ T9165] ? __pfx___kernfs_new_node+0x10/0x10 [ 273.624238][ T9165] ? find_held_lock+0x2b/0x80 [ 273.624260][ T9165] ? kernfs_root+0xee/0x2a0 [ 273.624294][ T9165] ? kernfs_root+0xee/0x2a0 [ 273.624335][ T9165] kernfs_new_node+0x11b/0x1a0 [ 273.624379][ T9165] __kernfs_create_file+0x53/0x350 [ 273.624411][ T9165] sysfs_add_file_mode_ns+0x207/0x3c0 [ 273.624451][ T9165] internal_create_group+0x593/0xf40 [ 273.624495][ T9165] ? __pfx_internal_create_group+0x10/0x10 [ 273.624536][ T9165] ? kernfs_create_link+0x1bd/0x240 [ 273.624569][ T9165] internal_create_groups+0x9d/0x150 [ 273.624609][ T9165] device_add+0x71a/0x1950 [ 273.624639][ T9165] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 273.624681][ T9165] ? __pfx_device_add+0x10/0x10 [ 273.624709][ T9165] ? lockdep_init_map_type+0x5c/0x250 [ 273.624742][ T9165] ? __init_waitqueue_head+0xca/0x150 [ 273.624787][ T9165] netdev_register_kobject+0x1a9/0x3d0 [ 273.624832][ T9165] register_netdevice+0x12e0/0x2210 [ 273.624876][ T9165] ? __pfx_register_netdevice+0x10/0x10 [ 273.624923][ T9165] internal_dev_create+0x2d3/0x520 [ 273.624963][ T9165] ovs_vport_add+0x147/0x4d0 [ 273.624999][ T9165] new_vport+0x16/0x1d0 [ 273.625024][ T9165] ovs_dp_cmd_new+0x65d/0xdf0 [ 273.625067][ T9165] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 273.625102][ T9165] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 273.625131][ T9165] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 273.625164][ T9165] genl_family_rcv_msg_doit+0x214/0x300 [ 273.625193][ T9165] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 273.625219][ T9165] ? genl_get_cmd+0x3ef/0x720 [ 273.625248][ T9165] ? bpf_lsm_capable+0x9/0x10 [ 273.625273][ T9165] ? security_capable+0x80/0x260 [ 273.625314][ T9165] ? ns_capable+0xd2/0xf0 [ 273.625339][ T9165] genl_rcv_msg+0x560/0x800 [ 273.625368][ T9165] ? __pfx_genl_rcv_msg+0x10/0x10 [ 273.625394][ T9165] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 273.625433][ T9165] netlink_rcv_skb+0x159/0x420 [ 273.625471][ T9165] ? __pfx_genl_rcv_msg+0x10/0x10 [ 273.625498][ T9165] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 273.625549][ T9165] ? netlink_deliver_tap+0x1ae/0xcc0 [ 273.625590][ T9165] genl_rcv+0x28/0x40 [ 273.625610][ T9165] netlink_unicast+0x5aa/0x870 [ 273.625654][ T9165] ? __pfx_netlink_unicast+0x10/0x10 [ 273.625704][ T9165] netlink_sendmsg+0x8b0/0xda0 [ 273.625748][ T9165] ? __pfx_netlink_sendmsg+0x10/0x10 [ 273.625785][ T9165] ? __import_iovec+0x1d2/0x640 [ 273.625817][ T9165] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 273.625862][ T9165] ____sys_sendmsg+0x9e1/0xb70 [ 273.625885][ T9165] ? __pfx_netlink_sendmsg+0x10/0x10 [ 273.625927][ T9165] ? __pfx_____sys_sendmsg+0x10/0x10 [ 273.625959][ T9165] ? __pfx_futex_wake_mark+0x10/0x10 [ 273.626002][ T9165] ___sys_sendmsg+0x190/0x1e0 [ 273.626031][ T9165] ? __pfx____sys_sendmsg+0x10/0x10 [ 273.626116][ T9165] __sys_sendmsg+0x170/0x220 [ 273.626153][ T9165] ? __pfx___sys_sendmsg+0x10/0x10 [ 273.626188][ T9165] ? __x64_sys_futex+0x34f/0x4d0 [ 273.626238][ T9165] do_syscall_64+0x106/0xf80 [ 273.626273][ T9165] ? clear_bhb_loop+0x40/0x90 [ 273.626303][ T9165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.626328][ T9165] RIP: 0033:0x7f77e359c799 [ 273.626349][ T9165] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 273.626373][ T9165] RSP: 002b:00007f77e43c1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 273.626396][ T9165] RAX: ffffffffffffffda RBX: 00007f77e3815fa0 RCX: 00007f77e359c799 [ 273.626412][ T9165] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000006 [ 273.626427][ T9165] RBP: 00007f77e3632c99 R08: 0000000000000000 R09: 0000000000000000 [ 273.626442][ T9165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 273.626456][ T9165] R13: 00007f77e3816038 R14: 00007f77e3815fa0 R15: 00007fff3c8bb558 [ 273.626487][ T9165] [ 277.383171][ T9219] Invalid ELF header magic: != ELF [ 279.999547][ T9249] input: f as /devices/virtual/input/input9 [ 280.140774][ T9247] FAULT_INJECTION: forcing a failure. [ 280.140774][ T9247] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 280.156197][ T9247] CPU: 0 UID: 0 PID: 9247 Comm: syz.3.597 Tainted: G I L syzkaller #0 PREEMPT(full) [ 280.156256][ T9247] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 280.156270][ T9247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 280.156290][ T9247] Call Trace: [ 280.156301][ T9247] [ 280.156314][ T9247] dump_stack_lvl+0x100/0x190 [ 280.156372][ T9247] should_fail_ex.cold+0x5/0xa [ 280.156412][ T9247] _copy_from_user+0x2e/0xd0 [ 280.156484][ T9247] memdup_user+0x6b/0xe0 [ 280.156517][ T9247] msr_io+0xea/0x480 [ 280.156550][ T9247] ? __pfx_do_get_feature_msr+0x10/0x10 [ 280.156597][ T9247] ? __pfx_msr_io+0x10/0x10 [ 280.156643][ T9247] kvm_arch_dev_ioctl+0x487/0x770 [ 280.156681][ T9247] ? __pfx_kvm_arch_dev_ioctl+0x10/0x10 [ 280.156728][ T9247] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 280.156788][ T9247] ? do_vfs_ioctl+0x226/0x13e0 [ 280.156843][ T9247] kvm_dev_ioctl+0x73a/0x1a50 [ 280.156888][ T9247] ? find_held_lock+0x2b/0x80 [ 280.156919][ T9247] ? __fget_files+0x215/0x3d0 [ 280.156948][ T9247] ? hook_file_ioctl_common+0x146/0x410 [ 280.156988][ T9247] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 280.157031][ T9247] ? __fget_files+0x21f/0x3d0 [ 280.157067][ T9247] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 280.157108][ T9247] __x64_sys_ioctl+0x18e/0x210 [ 280.157160][ T9247] do_syscall_64+0x106/0xf80 [ 280.157207][ T9247] ? clear_bhb_loop+0x40/0x90 [ 280.157250][ T9247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.157285][ T9247] RIP: 0033:0x7f2b3539c799 [ 280.157313][ T9247] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 280.157345][ T9247] RSP: 002b:00007f2b36199028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 280.157378][ T9247] RAX: ffffffffffffffda RBX: 00007f2b35615fa0 RCX: 00007f2b3539c799 [ 280.157400][ T9247] RDX: 0000200000000040 RSI: 00000000c008ae88 RDI: 0000000000000007 [ 280.157421][ T9247] RBP: 00007f2b35432c99 R08: 0000000000000000 R09: 0000000000000000 [ 280.157451][ T9247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.157472][ T9247] R13: 00007f2b35616038 R14: 00007f2b35615fa0 R15: 00007ffd266a5158 [ 280.157516][ T9247] [ 284.363962][ T9339] sysfs_service_op_store: Client not running :-5: [ 284.496266][ T9334] netlink: 12 bytes leftover after parsing attributes in process `syz.1.615'. [ 284.892024][ T9345] random: crng reseeded on system resumption [ 284.980274][ T9345] hub 1-0:1.0: USB hub found [ 285.004696][ T9345] hub 1-0:1.0: 1 port detected [ 285.554307][ T9348] binder: 9347:9348 ioctl c018620c 0 returned -1 [ 288.589505][ T7793] Bluetooth: hci2: unexpected event 0x34 length: 11 > 6 [ 289.917757][ T9455] vhci_hcd vhci_hcd.2: invalid port number 16 [ 289.955475][ T9455] vhci_hcd vhci_hcd.2: invalid port number 16 [ 290.827226][ T9475] netlink: 12 bytes leftover after parsing attributes in process `syz.0.629'. [ 291.932780][ T7793] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 292.763243][ T9526] netlink: 8 bytes leftover after parsing attributes in process `syz.0.638'. [ 292.900269][ T9526] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input10 [ 293.955293][ T9535] block loop4: the capability attribute has been deprecated. [ 296.706667][ T9586] random: crng reseeded on system resumption [ 296.938088][ T9586] hub 1-0:1.0: USB hub found [ 296.979926][ T9586] hub 1-0:1.0: 1 port detected [ 298.151946][ T7793] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 299.703645][ T9639] syz.0.656 uses obsolete (PF_INET,SOCK_PACKET) [ 300.102316][ T9643] random: crng reseeded on system resumption [ 300.357447][ T9650] hub 1-0:1.0: USB hub found [ 300.405029][ T9650] hub 1-0:1.0: 1 port detected [ 300.973670][ T9660] netlink: 16 bytes leftover after parsing attributes in process `syz.2.659'. [ 306.932887][ T9737] netlink: 206 bytes leftover after parsing attributes in process `syz.0.671'. [ 308.852863][ T9755] input: f as /devices/virtual/input/input11 [ 309.466306][ T9774] netlink: 8 bytes leftover after parsing attributes in process `syz.2.678'. [ 309.481504][ T9773] netlink: 8 bytes leftover after parsing attributes in process `syz.2.678'. [ 309.716221][ T9776] FAULT_INJECTION: forcing a failure. [ 309.716221][ T9776] name failslab, interval 1, probability 0, space 0, times 0 [ 309.776506][ T9776] CPU: 1 UID: 0 PID: 9776 Comm: syz.0.679 Tainted: G I L syzkaller #0 PREEMPT(full) [ 309.776563][ T9776] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 309.776578][ T9776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 309.776598][ T9776] Call Trace: [ 309.776609][ T9776] [ 309.776621][ T9776] dump_stack_lvl+0x100/0x190 [ 309.776678][ T9776] should_fail_ex.cold+0x5/0xa [ 309.776718][ T9776] should_failslab+0xc2/0x120 [ 309.776754][ T9776] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 309.776814][ T9776] ? __d_alloc+0x34/0xa80 [ 309.776852][ T9776] ? security_inode_alloc+0xcf/0x2c0 [ 309.776892][ T9776] __d_alloc+0x34/0xa80 [ 309.776928][ T9776] ? __ns_ref_active_get+0x9f/0x1b0 [ 309.776975][ T9776] path_from_stashed+0x427/0x750 [ 309.777011][ T9776] ? do_raw_spin_unlock+0x145/0x1e0 [ 309.777071][ T9776] ns_get_path+0x60/0x80 [ 309.777106][ T9776] proc_ns_get_link+0x121/0x230 [ 309.777153][ T9776] ? __pfx_proc_ns_get_link+0x10/0x10 [ 309.777206][ T9776] ? atime_needs_update+0x8b/0x6b0 [ 309.777259][ T9776] pick_link+0xd17/0x13c0 [ 309.777308][ T9776] ? __pfx_proc_ns_get_link+0x10/0x10 [ 309.777361][ T9776] step_into_slowpath+0x9ba/0xf90 [ 309.777421][ T9776] ? __pfx_step_into_slowpath+0x10/0x10 [ 309.777472][ T9776] ? find_held_lock+0x2b/0x80 [ 309.777523][ T9776] path_openat+0xf95/0x31a0 [ 309.777572][ T9776] ? __pfx_path_openat+0x10/0x10 [ 309.777623][ T9776] do_file_open+0x20e/0x430 [ 309.777661][ T9776] ? __pfx_do_file_open+0x10/0x10 [ 309.777722][ T9776] ? alloc_fd+0x476/0x790 [ 309.777757][ T9776] ? do_getname+0x191/0x390 [ 309.777809][ T9776] do_sys_openat2+0x10d/0x1e0 [ 309.777853][ T9776] ? __pfx_do_sys_openat2+0x10/0x10 [ 309.777900][ T9776] ? __fget_files+0x21f/0x3d0 [ 309.777942][ T9776] __x64_sys_openat+0x12d/0x210 [ 309.777989][ T9776] ? __pfx___x64_sys_openat+0x10/0x10 [ 309.778052][ T9776] do_syscall_64+0x106/0xf80 [ 309.778100][ T9776] ? clear_bhb_loop+0x40/0x90 [ 309.778143][ T9776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.778179][ T9776] RIP: 0033:0x7f77e355cfce [ 309.778207][ T9776] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 309.778241][ T9776] RSP: 002b:00007f77e43c0ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 309.778291][ T9776] RAX: ffffffffffffffda RBX: 00007f77e43c16c0 RCX: 00007f77e355cfce [ 309.778313][ T9776] RDX: 0000000000000002 RSI: 00007f77e43c0f90 RDI: ffffffffffffff9c [ 309.778334][ T9776] RBP: 00007f77e3632c99 R08: 0000000000000000 R09: 0000000000000000 [ 309.778354][ T9776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 309.778374][ T9776] R13: 00007f77e3816038 R14: 00007f77e3815fa0 R15: 00007fff3c8bb558 [ 309.778418][ T9776] [ 312.632178][ T9846] netlink: 210 bytes leftover after parsing attributes in process `syz.2.695'. [ 312.782652][ T9846] veth0_macvtap: left promiscuous mode [ 312.821588][ T9846] macvtap0: entered promiscuous mode [ 312.827016][ T9846] macvtap0: entered allmulticast mode [ 313.076784][ T9848] Process accounting resumed [ 315.390926][ T9890] futex_wake_op: syz.2.705 tries to shift op by -2048; fix this program [ 317.216315][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.223583][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.768966][ T9940] ================================================================== [ 317.768984][ T9940] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 317.769023][ T9940] Write of size 8 at addr ffffc90004159400 by task syz.1.712/9940 [ 317.769042][ T9940] [ 317.769054][ T9940] CPU: 1 UID: 0 PID: 9940 Comm: syz.1.712 Tainted: G I L syzkaller #0 PREEMPT(full) [ 317.769094][ T9940] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 317.769104][ T9940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 317.769118][ T9940] Call Trace: [ 317.769125][ T9940] [ 317.769133][ T9940] dump_stack_lvl+0x100/0x190 [ 317.769168][ T9940] print_report+0x156/0x4c9 [ 317.769200][ T9940] ? _raw_spin_lock_irqsave+0x52/0x60 [ 317.769230][ T9940] ? __virt_addr_valid+0x81/0x620 [ 317.769262][ T9940] ? sys_imageblit+0x19fb/0x1d60 [ 317.769294][ T9940] kasan_report+0xdf/0x1e0 [ 317.769318][ T9940] ? sys_imageblit+0x19fb/0x1d60 [ 317.769353][ T9940] sys_imageblit+0x19fb/0x1d60 [ 317.769390][ T9940] ? __pfx_sys_imageblit+0x10/0x10 [ 317.769428][ T9940] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 317.769469][ T9940] soft_cursor+0x524/0xa10 [ 317.769501][ T9940] bit_cursor+0xe58/0x16f0 [ 317.769530][ T9940] ? __pfx_bit_cursor+0x10/0x10 [ 317.769561][ T9940] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 317.769603][ T9940] ? get_color+0x1da/0x450 [ 317.769641][ T9940] ? __pfx_bit_cursor+0x10/0x10 [ 317.769666][ T9940] fbcon_cursor+0x43c/0x5e0 [ 317.769690][ T9940] hide_cursor+0x87/0x230 [ 317.769718][ T9940] putconsxy+0x1f/0x3c0 [ 317.769751][ T9940] vcs_write+0xba9/0xd60 [ 317.769777][ T9940] ? __bpf_trace_sched_exit_tp+0x90/0xc0 [ 317.769816][ T9940] ? __pfx_vcs_write+0x10/0x10 [ 317.769841][ T9940] ? apparmor_file_permission+0x13f/0x1c0 [ 317.769866][ T9940] ? bpf_lsm_file_permission+0x9/0x10 [ 317.769905][ T9940] ? security_file_permission+0x76/0x210 [ 317.769933][ T9940] ? rw_verify_area+0xce/0x6d0 [ 317.769968][ T9940] vfs_write+0x2aa/0x1070 [ 317.769988][ T9940] ? __pfx_vcs_write+0x10/0x10 [ 317.770015][ T9940] ? __pfx_vfs_write+0x10/0x10 [ 317.770051][ T9940] ? find_held_lock+0x2b/0x80 [ 317.770071][ T9940] ? __fget_files+0x215/0x3d0 [ 317.770098][ T9940] ? __fget_files+0x215/0x3d0 [ 317.770121][ T9940] ? __fget_files+0x21f/0x3d0 [ 317.770145][ T9940] ksys_write+0x12a/0x250 [ 317.770164][ T9940] ? __pfx_ksys_write+0x10/0x10 [ 317.770189][ T9940] do_syscall_64+0x106/0xf80 [ 317.770220][ T9940] ? clear_bhb_loop+0x40/0x90 [ 317.770246][ T9940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.770269][ T9940] RIP: 0033:0x7fc25379c799 [ 317.770286][ T9940] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 317.770308][ T9940] RSP: 002b:00007fc254573028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 317.770329][ T9940] RAX: ffffffffffffffda RBX: 00007fc253a16540 RCX: 00007fc25379c799 [ 317.770344][ T9940] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000029 [ 317.770358][ T9940] RBP: 00007fc253832c99 R08: 0000000000000000 R09: 0000000000000000 [ 317.770372][ T9940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 317.770386][ T9940] R13: 00007fc253a165d8 R14: 00007fc253a16540 R15: 00007ffebf1936b8 [ 317.770408][ T9940] [ 317.770416][ T9940] [ 317.770421][ T9940] The buggy address belongs to a vmalloc virtual mapping [ 317.770438][ T9940] Memory state around the buggy address: [ 317.770453][ T9940] ffffc90004159300: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 317.770472][ T9940] ffffc90004159380: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 317.770488][ T9940] >ffffc90004159400: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 317.770500][ T9940] ^ [ 317.770512][ T9940] ffffc90004159480: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 317.770527][ T9940] ffffc90004159500: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 317.770540][ T9940] ================================================================== [ 317.770555][ T9940] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 317.770571][ T9940] CPU: 1 UID: 0 PID: 9940 Comm: syz.1.712 Tainted: G I L syzkaller #0 PREEMPT(full) [ 317.770605][ T9940] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 317.770615][ T9940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 317.770628][ T9940] Call Trace: [ 317.770635][ T9940] [ 317.770643][ T9940] dump_stack_lvl+0x100/0x190 [ 317.770675][ T9940] vpanic+0x552/0x970 [ 317.770696][ T9940] ? __pfx_vpanic+0x10/0x10 [ 317.770719][ T9940] ? __pfx_vprintk_emit+0x10/0x10 [ 317.770744][ T9940] ? sys_imageblit+0x19fb/0x1d60 [ 317.770775][ T9940] panic+0xd1/0xe0 [ 317.770796][ T9940] ? __pfx_panic+0x10/0x10 [ 317.770822][ T9940] ? sys_imageblit+0x19fb/0x1d60 [ 317.770854][ T9940] ? check_panic_on_warn+0x1f/0x90 [ 317.770887][ T9940] check_panic_on_warn.cold+0x19/0x34 [ 317.770912][ T9940] end_report.part.0+0x3a/0x90 [ 317.770944][ T9940] kasan_report.cold+0xe/0x18 [ 317.770978][ T9940] ? sys_imageblit+0x19fb/0x1d60 [ 317.771013][ T9940] sys_imageblit+0x19fb/0x1d60 [ 317.771049][ T9940] ? __pfx_sys_imageblit+0x10/0x10 [ 317.771092][ T9940] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 317.771132][ T9940] soft_cursor+0x524/0xa10 [ 317.771163][ T9940] bit_cursor+0xe58/0x16f0 [ 317.771192][ T9940] ? __pfx_bit_cursor+0x10/0x10 [ 317.771222][ T9940] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 317.771261][ T9940] ? get_color+0x1da/0x450 [ 317.771334][ T9940] ? __pfx_bit_cursor+0x10/0x10 [ 317.771366][ T9940] fbcon_cursor+0x43c/0x5e0 [ 317.771400][ T9940] hide_cursor+0x87/0x230 [ 317.771437][ T9940] putconsxy+0x1f/0x3c0 [ 317.771480][ T9940] vcs_write+0xba9/0xd60 [ 317.771516][ T9940] ? __bpf_trace_sched_exit_tp+0x90/0xc0 [ 317.771568][ T9940] ? __pfx_vcs_write+0x10/0x10 [ 317.771603][ T9940] ? apparmor_file_permission+0x13f/0x1c0 [ 317.771637][ T9940] ? bpf_lsm_file_permission+0x9/0x10 [ 317.771685][ T9940] ? security_file_permission+0x76/0x210 [ 317.771721][ T9940] ? rw_verify_area+0xce/0x6d0 [ 317.771766][ T9940] vfs_write+0x2aa/0x1070 [ 317.771796][ T9940] ? __pfx_vcs_write+0x10/0x10 [ 317.771835][ T9940] ? __pfx_vfs_write+0x10/0x10 [ 317.771885][ T9940] ? find_held_lock+0x2b/0x80 [ 317.771915][ T9940] ? __fget_files+0x215/0x3d0 [ 317.771945][ T9940] ? __fget_files+0x215/0x3d0 [ 317.771978][ T9940] ? __fget_files+0x21f/0x3d0 [ 317.772013][ T9940] ksys_write+0x12a/0x250 [ 317.772042][ T9940] ? __pfx_ksys_write+0x10/0x10 [ 317.772086][ T9940] do_syscall_64+0x106/0xf80 [ 317.772132][ T9940] ? clear_bhb_loop+0x40/0x90 [ 317.772170][ T9940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.772203][ T9940] RIP: 0033:0x7fc25379c799 [ 317.772227][ T9940] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 317.772259][ T9940] RSP: 002b:00007fc254573028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 317.772290][ T9940] RAX: ffffffffffffffda RBX: 00007fc253a16540 RCX: 00007fc25379c799 [ 317.772311][ T9940] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000029 [ 317.772332][ T9940] RBP: 00007fc253832c99 R08: 0000000000000000 R09: 0000000000000000 [ 317.772352][ T9940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 317.772372][ T9940] R13: 00007fc253a165d8 R14: 00007fc253a16540 R15: 00007ffebf1936b8 [ 317.772405][ T9940] [ 317.773013][ T9940] Kernel Offset: disabled